14 changed files with 21 additions and 365 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,9 +6,3 @@ build/
 .DS_Store
 src/libos/target/
 tools/toolchains/dcap_lib/target/
 # Added by DeTEE
 **/target
 **/Cargo.lock
 .idea
--- a/README.md
+++ b/README.md
@ -64,27 +64,3 @@ Thanks go to [all these wonderful contributors to this project](CONTRIBUTORS.md)
 ## License
 Occlum is released under BSD License. See the copyright information [here](LICENSE).
 ## DeTEE
 Occlum is a part of the DeTEE project. DeTEE is a research project that aims to provide a secure and efficient computing environment for data-intensive applications.
 ```bash
 # Run the occlum ubuntu 20.04 docker container
 docker run --device /dev/sgx/enclave --device /dev/sgx/provision --rm --name valytest -it -v /home/vfaychuk:/root/vfaychuk occlum/occlum:latest-ubuntu20.04
 # inside the container run the following commands
 apt update && apt install -y ssh-client
 mkdir -p /root/.ssh && vim /root/.ssh/config
 #Host gitea.detee.cloud
 #     IdentityFile ~/.ssh/gitea_ed25519
 vim /root/.ssh/gitea_ed25519
 # put the server private key to download the repo
 chown -R root:root /root/.ssh
 chmod 600 /root/.ssh/gitea_ed25519
 ssh-keyscan -H gitea.detee.cloud > ~/.ssh/known_hosts
 git clone git@gitea.detee.cloud:SGX/occlum.git
 cd occlum && make submodule
 cd tools/toolchains/utils_lib/
 # following command installs the utils library which can derive sealing key of the enclave
 ./build.sh
 ```
--- a/tools/toolchains/dcap_lib/inc/occlum_dcap.h
+++ b/tools/toolchains/dcap_lib/inc/occlum_dcap.h
@ -8,8 +8,7 @@
 #include "sgx_qve_header.h"
 #ifdef __cplusplus
-extern "C"
+extern "C" {
 {
 #endif
 void *dcap_quote_open(void);
@ -28,7 +27,6 @@ extern "C"
                          uint32_t supplemental_data_size,
                          uint8_t *supplemental_data);
  // int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
 void dcap_quote_close(void *handle);
@ -37,3 +35,4 @@ extern "C"
 #endif
 #endif
--- a/tools/toolchains/dcap_lib/src/lib.rs
+++ b/tools/toolchains/dcap_lib/src/lib.rs
@ -67,39 +67,17 @@ pub extern "C" fn dcap_verify_quote(
    let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
    let mut verify_arg = IoctlVerDCAPQuoteArg {
-        quote_buf,
+        quote_buf: quote_buf,
-        quote_size,
+        quote_size: quote_size,
-        collateral_expiration_status,
+        collateral_expiration_status: collateral_expiration_status,
-        quote_verification_result,
+        quote_verification_result: quote_verification_result,
-        supplemental_data_size,
+        supplemental_data_size: supplemental_data_size,
-        supplemental_data,
+        supplemental_data: supplemental_data,
    };
    dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
 }
 /*
 #[no_mangle]
 pub extern "C" fn dcap_generate_key(
    handle: *mut c_void,
    key: *mut sgx_key_128bit_t,
    key_request: *const sgx_key_request_t,
 ) -> i32 {
    if handle.is_null() {
        return -1;
    }
    let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
    let mut key_arg = IoctlGetKeyArg {
        key_request,
        key
    };
    dcap.generate_key(&mut key_arg).unwrap_or(-1)
 }
 */
 #[no_mangle]
 pub extern "C" fn dcap_quote_close(handle: *mut c_void) {
    if handle.is_null() {
--- a/tools/toolchains/dcap_lib/src/occlum_dcap.rs
+++ b/tools/toolchains/dcap_lib/src/occlum_dcap.rs
@ -5,7 +5,6 @@ const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307;
 const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
 const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
 const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
 // const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
 cfg_if::cfg_if! {
    if #[cfg(target_env = "musl")] {
@ -13,13 +12,11 @@ cfg_if::cfg_if! {
        const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
        const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
        const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
        // const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
    } else {
        const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
        const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
        const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
        const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
        // const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
    }
 }
@ -44,16 +41,6 @@ pub struct IoctlVerDCAPQuoteArg {
    pub supplemental_data: *mut u8,                         // Output (optional)
 }
 /*
 // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
 //#[allow(dead_code)]
 #[repr(C)]
 pub struct IoctlGetKeyArg {
    pub key_request: *const sgx_key_request_t, // Input
    pub key: *mut sgx_key_128bit_t,            // Output
 }
 */
 pub struct DcapQuote {
    fd: c_int,
    quote_size: u32,
@ -135,19 +122,6 @@ impl DcapQuote {
        }
    }
    /*
    pub fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
        if ret < 0 {
            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
            Ok(0)
        }
    }
     */
    pub fn close(&mut self) {
        unsafe { libc::close(self.fd) };
    }
--- a/tools/toolchains/dcap_lib/src/prelude.rs
+++ b/tools/toolchains/dcap_lib/src/prelude.rs
@ -4,9 +4,5 @@ pub use std::io::Error;
 // Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
 pub use sgx_types::{
-    sgx_ql_qv_result_t,
+    sgx_ql_qv_result_t, sgx_quote3_t, sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t,
    sgx_quote3_t,
    sgx_quote_header_t,
    sgx_report_body_t,
    sgx_report_data_t, // sgx_key_request_t, sgx_key_128bit_t,
 };
--- a/tools/toolchains/utils_lib/Cargo.toml
+++ b/tools/toolchains/utils_lib/Cargo.toml
@ -1,22 +0,0 @@
 [package]
 name = "occlum_utils"
 version = "0.1.0"
 authors = ["Zheng, Qi <huaiqing.zq@antgroup.com>"]
 edition = "2021"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [dependencies]
 sgx_types = { path = "../../../deps/rust-sgx-sdk/sgx_types" }
 libc = "0.2"
 cfg-if = "1.0.0"
 [lib]
 crate-type = ["cdylib", "rlib", "staticlib"]
 [[example]]
 name = "generate_key"
 [dev-dependencies]
 occlum_dcap = { path = "../dcap_lib" }
--- a/tools/toolchains/utils_lib/build.sh
+++ b/tools/toolchains/utils_lib/build.sh
@ -1,42 +0,0 @@
 #!/bin/bash
 set -e
 INSTALL_DIR=/opt/occlum/toolchains/utils_lib
 SONAME=libocclum_utils.so.0.1.0
 function build_lib() {
    if [[ $1 == "musl" ]]; then
        echo "*** Build and install musl-libc utils ***"
        CARGO=occlum-cargo
        TARGET_PATH=target/x86_64-unknown-linux-musl/release
        LIB_PATH=${INSTALL_DIR}/musl/
    else
        echo "*** Build and install glibc utils ***"
        CARGO=cargo
        TARGET_PATH=target/release
        LIB_PATH=${INSTALL_DIR}/glibc/
    fi
    # cargo build libs and rust example
    $CARGO clean
    $CARGO rustc --release  -- -Clink-arg=-Wl,-soname,$SONAME
    $CARGO build --release  --examples
    # Copy files
    mkdir -p ${LIB_PATH}
    cp ${TARGET_PATH}/libocclum_utils.a ${LIB_PATH}
    # cp ${TARGET_PATH}/examples/generate_key ${LIB_PATH}  # Not used as library
    # Create SO links
    pushd ${TARGET_PATH}
    strip libocclum_utils.so
    mv libocclum_utils.so $SONAME
    ln -s $SONAME libocclum_utils.so
    popd
    cp -Pf ${TARGET_PATH}/libocclum_utils.so* ${LIB_PATH}
 }
 build_lib musl
 build_lib glibc
 cp -r inc ${INSTALL_DIR}/
--- a/tools/toolchains/utils_lib/examples/generate_key.rs
+++ b/tools/toolchains/utils_lib/examples/generate_key.rs
@ -1,64 +0,0 @@
 use occlum_utils::*;
 use sgx_types::{
    sgx_attributes_t, sgx_key_id_t, sgx_misc_select_t, SGX_KEYPOLICY_MRSIGNER, SGX_KEYSELECT_SEAL,
    SGX_KEY_REQUEST_RESERVED2_BYTES, TSEAL_DEFAULT_FLAGSMASK, TSEAL_DEFAULT_MISCMASK,
 };
 use occlum_dcap::{sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, DcapQuote};
 fn main() {
    let handle = utils_ioctl_open();
    let dcap_handle = unsafe { &mut *(handle as *mut DcapQuote) };
    let quote_size = dcap_handle.get_quote_size().unwrap_or_default();
    let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
    let report_str = "utils demo sample";
    let mut report_data = sgx_report_data_t::default();
    report_data.d[..report_str.len()].copy_from_slice(report_str.as_bytes());
    let report_data = report_data as sgx_report_data_t;
    let _ = dcap_handle
        .generate_quote(quote_buf.as_mut_ptr(), &report_data)
        .unwrap();
    println!("===============================");
    dbg!(&quote_buf);
    let report_body_offset = std::mem::size_of::<sgx_quote_header_t>();
    let report_body: *const sgx_report_body_t = (quote_buf[report_body_offset..]).as_ptr() as _;
    let report_body: sgx_report_body_t = unsafe { *report_body };
    let key_policy = SGX_KEYPOLICY_MRSIGNER;
    let attribute_mask = sgx_attributes_t {
        flags: TSEAL_DEFAULT_FLAGSMASK,
        xfrm: 0,
    };
    let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK;
    let key_id = sgx_key_id_t::default();
    let mut key = sgx_key_128bit_t::default();
    let key_request = sgx_key_request_t {
        key_name: SGX_KEYSELECT_SEAL,
        key_policy,
        isv_svn: report_body.isv_svn,
        reserved1: 0_u16,
        cpu_svn: report_body.cpu_svn,
        attribute_mask,
        key_id,
        misc_mask,
        config_svn: report_body.config_svn,
        reserved2: [0_u8; SGX_KEY_REQUEST_RESERVED2_BYTES],
    };
    utils_gen_key(handle, &mut key, &key_request);
    dbg!(&key);
 }
--- a/tools/toolchains/utils_lib/inc/occlum_utils.h
+++ b/tools/toolchains/utils_lib/inc/occlum_utils.h
@ -1,25 +0,0 @@
 #ifndef _OCCLUM_UTILS_H
 #define _OCCLUM_UTILS_H
 #include <stdint.h>
 #include <stdlib.h>
 #include "sgx_report.h"
 #include "sgx_qve_header.h"
 #ifdef __cplusplus
 extern "C"
 {
 #endif
  void *utils_ioctl_open(void);
  int32_t utils_gen_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
  void utils_ioctl_close(void *handle);
 #ifdef __cplusplus
 }
 #endif
 #endif
--- a/tools/toolchains/utils_lib/rust-toolchain
+++ b/tools/toolchains/utils_lib/rust-toolchain
@ -1 +0,0 @@
 nightly-2022-10-22
--- a/tools/toolchains/utils_lib/src/lib.rs
+++ b/tools/toolchains/utils_lib/src/lib.rs
@ -1,42 +0,0 @@
 mod occlum_utils;
 mod prelude;
 pub use crate::occlum_utils::*;
 pub use crate::prelude::*;
 #[no_mangle]
 pub extern "C" fn utils_ioctl_open() -> *mut c_void {
    if let Ok(fd) = UtilsIoctl::new() {
        Box::into_raw(Box::new(fd)) as *mut c_void
    } else {
        std::ptr::null_mut::<u8>() as *mut c_void
    }
 }
 #[no_mangle]
 pub extern "C" fn utils_gen_key(
    handle: *mut c_void,
    key: *mut sgx_key_128bit_t,
    key_request: *const sgx_key_request_t,
 ) -> i32 {
    if handle.is_null() {
        return -1;
    }
    let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
    let mut key_arg = IoctlGetKeyArg { key_request, key };
    ioctl_dev.generate_key(&mut key_arg).unwrap_or(-1)
 }
 #[no_mangle]
 pub extern "C" fn utils_ioctl_close(handle: *mut c_void) {
    if handle.is_null() {
        return;
    }
    let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
    ioctl_dev.close();
 }
--- a/tools/toolchains/utils_lib/src/occlum_utils.rs
+++ b/tools/toolchains/utils_lib/src/occlum_utils.rs
@ -1,59 +0,0 @@
 use crate::prelude::*;
 use std::ffi::CString;
 const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
 cfg_if::cfg_if! {
    if #[cfg(target_env = "musl")] {
        const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
    } else {
        const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
    }
 }
 // Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
 #[repr(C)]
 pub struct IoctlGetKeyArg {
    pub key_request: *const sgx_key_request_t, // Input
    pub key: *mut sgx_key_128bit_t,            // Output
 }
 pub struct UtilsIoctl {
    fd: c_int,
    // for backward compatibility with DcapQuote
    _quote_size: u32,
    _supplemental_size: u32,
 }
 impl UtilsIoctl {
    pub fn new() -> Result<Self, Error> {
        let path = CString::new("/dev/sgx").unwrap();
        let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) };
        if fd > 0 {
            Ok(Self {
                fd,
                _quote_size: 0,
                _supplemental_size: 0,
            })
        } else {
            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        }
    }
    pub(crate) fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
        let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
        if ret < 0 {
            let os_err = Error::last_os_error();
            println!("OS error: {os_err:?}");
            Err(os_err)
        } else {
            Ok(0)
        }
    }
    pub fn close(&mut self) {
        unsafe { libc::close(self.fd) };
    }
 }
--- a/tools/toolchains/utils_lib/src/prelude.rs
+++ b/tools/toolchains/utils_lib/src/prelude.rs
@ -1,6 +0,0 @@
 pub use libc::{c_int, c_void, close, ioctl, open, O_RDONLY};
 pub use std::boxed::Box;
 pub use std::io::Error;
 // Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
 pub use sgx_types::{sgx_key_128bit_t, sgx_key_request_t};