general/occlum
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: general:cfed7004a53887cc5938b0893c2c463df8075aaa
Branches Tags
general:main
general:0.30.1
general:0.30.1-dev
..
compare: general:ffe6a750b0e10eda2746cc1e77a829db7fc6b8da
Branches Tags
general:0.30.1
general:0.30.1-dev
general:main

No commits in common. "cfed7004a53887cc5938b0893c2c463df8075aaa" and "ffe6a750b0e10eda2746cc1e77a829db7fc6b8da" have entirely different histories.
cfed7004a5 ... ffe6a750b0

14 changed files with 21 additions and 365 deletions
Show Stats Expand all files Collapse all files

6
.gitignore vendored
View File

@ -6,9 +6,3 @@ build/
.DS_Store
src/libos/target/
tools/toolchains/dcap_lib/target/
# Added by DeTEE
**/target
**/Cargo.lock
.idea

24
README.md
View File

@ -64,27 +64,3 @@ Thanks go to [all these wonderful contributors to this project](CONTRIBUTORS.md)
## License
Occlum is released under BSD License. See the copyright information [here](LICENSE).
## DeTEE
Occlum is a part of the DeTEE project. DeTEE is a research project that aims to provide a secure and efficient computing environment for data-intensive applications.
```bash
# Run the occlum ubuntu 20.04 docker container
docker run --device /dev/sgx/enclave --device /dev/sgx/provision --rm --name valytest -it -v /home/vfaychuk:/root/vfaychuk occlum/occlum:latest-ubuntu20.04
# inside the container run the following commands
apt update && apt install -y ssh-client
mkdir -p /root/.ssh && vim /root/.ssh/config
#Host gitea.detee.cloud
# IdentityFile ~/.ssh/gitea_ed25519
vim /root/.ssh/gitea_ed25519
# put the server private key to download the repo
chown -R root:root /root/.ssh
chmod 600 /root/.ssh/gitea_ed25519
ssh-keyscan -H gitea.detee.cloud > ~/.ssh/known_hosts
git clone git@gitea.detee.cloud:SGX/occlum.git
cd occlum && make submodule
cd tools/toolchains/utils_lib/
# following command installs the utils library which can derive sealing key of the enclave
./build.sh
```

17
tools/toolchains/dcap_lib/inc/occlum_dcap.h
View File

@ -8,19 +8,18 @@
#include "sgx_qve_header.h"
#ifdef __cplusplus
extern "C"
{
extern "C" {
#endif
void *dcap_quote_open(void);
void *dcap_quote_open(void);
uint32_t dcap_get_quote_size(void *handle);
uint32_t dcap_get_quote_size(void *handle);
int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
uint32_t dcap_get_supplemental_data_size(void *handle);
uint32_t dcap_get_supplemental_data_size(void *handle);
int32_t dcap_verify_quote(void *handle,
int32_t dcap_verify_quote(void *handle,
const uint8_t *quote_buf,
uint32_t quote_size,
uint32_t *collateral_expiration_status,
@ -28,12 +27,12 @@ extern "C"
uint32_t supplemental_data_size,
uint8_t *supplemental_data);
// int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
void dcap_quote_close(void *handle);
void dcap_quote_close(void *handle);
#ifdef __cplusplus
}
#endif
#endif

34
tools/toolchains/dcap_lib/src/lib.rs
View File

@ -67,39 +67,17 @@ pub extern "C" fn dcap_verify_quote(
let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
let mut verify_arg = IoctlVerDCAPQuoteArg {
quote_buf,
quote_size,
collateral_expiration_status,
quote_verification_result,
supplemental_data_size,
supplemental_data,
quote_buf: quote_buf,
quote_size: quote_size,
collateral_expiration_status: collateral_expiration_status,
quote_verification_result: quote_verification_result,
supplemental_data_size: supplemental_data_size,
supplemental_data: supplemental_data,
};
dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
}
/*
#[no_mangle]
pub extern "C" fn dcap_generate_key(
handle: *mut c_void,
key: *mut sgx_key_128bit_t,
key_request: *const sgx_key_request_t,
) -> i32 {
if handle.is_null() {
return -1;
}
let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
let mut key_arg = IoctlGetKeyArg {
key_request,
key
};
dcap.generate_key(&mut key_arg).unwrap_or(-1)
}
*/
#[no_mangle]
pub extern "C" fn dcap_quote_close(handle: *mut c_void) {
if handle.is_null() {

26
tools/toolchains/dcap_lib/src/occlum_dcap.rs
View File

@ -5,7 +5,6 @@ const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307;
const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
// const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
cfg_if::cfg_if! {
if #[cfg(target_env = "musl")] {
@ -13,13 +12,11 @@ cfg_if::cfg_if! {
const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
// const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
} else {
const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
// const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
}
}
@ -44,16 +41,6 @@ pub struct IoctlVerDCAPQuoteArg {
pub supplemental_data: *mut u8, // Output (optional)
}
/*
// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
//#[allow(dead_code)]
#[repr(C)]
pub struct IoctlGetKeyArg {
pub key_request: *const sgx_key_request_t, // Input
pub key: *mut sgx_key_128bit_t, // Output
}
*/
pub struct DcapQuote {
fd: c_int,
quote_size: u32,
@ -135,19 +122,6 @@ impl DcapQuote {
}
}
/*
pub fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
if ret < 0 {
let os_err = Error::last_os_error();
println!("OS error: {os_err:?}");
Err(os_err)
} else {
Ok(0)
}
}
*/
pub fn close(&mut self) {
unsafe { libc::close(self.fd) };
}

6
tools/toolchains/dcap_lib/src/prelude.rs
View File

@ -4,9 +4,5 @@ pub use std::io::Error;
// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
pub use sgx_types::{
sgx_ql_qv_result_t,
sgx_quote3_t,
sgx_quote_header_t,
sgx_report_body_t,
sgx_report_data_t, // sgx_key_request_t, sgx_key_128bit_t,
sgx_ql_qv_result_t, sgx_quote3_t, sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t,
};

22
tools/toolchains/utils_lib/Cargo.toml
View File

@ -1,22 +0,0 @@
[package]
name = "occlum_utils"
version = "0.1.0"
authors = ["Zheng, Qi <huaiqing.zq@antgroup.com>"]
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
[dependencies]
sgx_types = { path = "../../../deps/rust-sgx-sdk/sgx_types" }
libc = "0.2"
cfg-if = "1.0.0"
[lib]
crate-type = ["cdylib", "rlib", "staticlib"]
[[example]]
name = "generate_key"
[dev-dependencies]
occlum_dcap = { path = "../dcap_lib" }

42
tools/toolchains/utils_lib/build.sh
View File

@ -1,42 +0,0 @@
#!/bin/bash
set -e
INSTALL_DIR=/opt/occlum/toolchains/utils_lib
SONAME=libocclum_utils.so.0.1.0
function build_lib() {
if [[ $1 == "musl" ]]; then
echo "*** Build and install musl-libc utils ***"
CARGO=occlum-cargo
TARGET_PATH=target/x86_64-unknown-linux-musl/release
LIB_PATH=${INSTALL_DIR}/musl/
else
echo "*** Build and install glibc utils ***"
CARGO=cargo
TARGET_PATH=target/release
LIB_PATH=${INSTALL_DIR}/glibc/
fi
# cargo build libs and rust example
$CARGO clean
$CARGO rustc --release -- -Clink-arg=-Wl,-soname,$SONAME
$CARGO build --release --examples
# Copy files
mkdir -p ${LIB_PATH}
cp ${TARGET_PATH}/libocclum_utils.a ${LIB_PATH}
# cp ${TARGET_PATH}/examples/generate_key ${LIB_PATH} # Not used as library
# Create SO links
pushd ${TARGET_PATH}
strip libocclum_utils.so
mv libocclum_utils.so $SONAME
ln -s $SONAME libocclum_utils.so
popd
cp -Pf ${TARGET_PATH}/libocclum_utils.so* ${LIB_PATH}
}
build_lib musl
build_lib glibc
cp -r inc ${INSTALL_DIR}/

64
tools/toolchains/utils_lib/examples/generate_key.rs
View File

@ -1,64 +0,0 @@
use occlum_utils::*;
use sgx_types::{
sgx_attributes_t, sgx_key_id_t, sgx_misc_select_t, SGX_KEYPOLICY_MRSIGNER, SGX_KEYSELECT_SEAL,
SGX_KEY_REQUEST_RESERVED2_BYTES, TSEAL_DEFAULT_FLAGSMASK, TSEAL_DEFAULT_MISCMASK,
};
use occlum_dcap::{sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, DcapQuote};
fn main() {
let handle = utils_ioctl_open();
let dcap_handle = unsafe { &mut *(handle as *mut DcapQuote) };
let quote_size = dcap_handle.get_quote_size().unwrap_or_default();
let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
let report_str = "utils demo sample";
let mut report_data = sgx_report_data_t::default();
report_data.d[..report_str.len()].copy_from_slice(report_str.as_bytes());
let report_data = report_data as sgx_report_data_t;
let _ = dcap_handle
.generate_quote(quote_buf.as_mut_ptr(), &report_data)
.unwrap();
println!("===============================");
dbg!(&quote_buf);
let report_body_offset = std::mem::size_of::<sgx_quote_header_t>();
let report_body: *const sgx_report_body_t = (quote_buf[report_body_offset..]).as_ptr() as _;
let report_body: sgx_report_body_t = unsafe { *report_body };
let key_policy = SGX_KEYPOLICY_MRSIGNER;
let attribute_mask = sgx_attributes_t {
flags: TSEAL_DEFAULT_FLAGSMASK,
xfrm: 0,
};
let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK;
let key_id = sgx_key_id_t::default();
let mut key = sgx_key_128bit_t::default();
let key_request = sgx_key_request_t {
key_name: SGX_KEYSELECT_SEAL,
key_policy,
isv_svn: report_body.isv_svn,
reserved1: 0_u16,
cpu_svn: report_body.cpu_svn,
attribute_mask,
key_id,
misc_mask,
config_svn: report_body.config_svn,
reserved2: [0_u8; SGX_KEY_REQUEST_RESERVED2_BYTES],
};
utils_gen_key(handle, &mut key, &key_request);
dbg!(&key);
}

25
tools/toolchains/utils_lib/inc/occlum_utils.h
View File

@ -1,25 +0,0 @@
#ifndef _OCCLUM_UTILS_H
#define _OCCLUM_UTILS_H
#include <stdint.h>
#include <stdlib.h>
#include "sgx_report.h"
#include "sgx_qve_header.h"
#ifdef __cplusplus
extern "C"
{
#endif
void *utils_ioctl_open(void);
int32_t utils_gen_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
void utils_ioctl_close(void *handle);
#ifdef __cplusplus
}
#endif
#endif

1
tools/toolchains/utils_lib/rust-toolchain
View File

@ -1 +0,0 @@
nightly-2022-10-22

42
tools/toolchains/utils_lib/src/lib.rs
View File

@ -1,42 +0,0 @@
mod occlum_utils;
mod prelude;
pub use crate::occlum_utils::*;
pub use crate::prelude::*;
#[no_mangle]
pub extern "C" fn utils_ioctl_open() -> *mut c_void {
if let Ok(fd) = UtilsIoctl::new() {
Box::into_raw(Box::new(fd)) as *mut c_void
} else {
std::ptr::null_mut::<u8>() as *mut c_void
}
}
#[no_mangle]
pub extern "C" fn utils_gen_key(
handle: *mut c_void,
key: *mut sgx_key_128bit_t,
key_request: *const sgx_key_request_t,
) -> i32 {
if handle.is_null() {
return -1;
}
let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
let mut key_arg = IoctlGetKeyArg { key_request, key };
ioctl_dev.generate_key(&mut key_arg).unwrap_or(-1)
}
#[no_mangle]
pub extern "C" fn utils_ioctl_close(handle: *mut c_void) {
if handle.is_null() {
return;
}
let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
ioctl_dev.close();
}

59
tools/toolchains/utils_lib/src/occlum_utils.rs
View File

@ -1,59 +0,0 @@
use crate::prelude::*;
use std::ffi::CString;
const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
cfg_if::cfg_if! {
if #[cfg(target_env = "musl")] {
const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
} else {
const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
}
}
// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
#[repr(C)]
pub struct IoctlGetKeyArg {
pub key_request: *const sgx_key_request_t, // Input
pub key: *mut sgx_key_128bit_t, // Output
}
pub struct UtilsIoctl {
fd: c_int,
// for backward compatibility with DcapQuote
_quote_size: u32,
_supplemental_size: u32,
}
impl UtilsIoctl {
pub fn new() -> Result<Self, Error> {
let path = CString::new("/dev/sgx").unwrap();
let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) };
if fd > 0 {
Ok(Self {
fd,
_quote_size: 0,
_supplemental_size: 0,
})
} else {
let os_err = Error::last_os_error();
println!("OS error: {os_err:?}");
Err(os_err)
}
}
pub(crate) fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
if ret < 0 {
let os_err = Error::last_os_error();
println!("OS error: {os_err:?}");
Err(os_err)
} else {
Ok(0)
}
}
pub fn close(&mut self) {
unsafe { libc::close(self.fd) };
}
}

6
tools/toolchains/utils_lib/src/prelude.rs
View File

@ -1,6 +0,0 @@
pub use libc::{c_int, c_void, close, ioctl, open, O_RDONLY};
pub use std::boxed::Box;
pub use std::io::Error;
// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
pub use sgx_types::{sgx_key_128bit_t, sgx_key_request_t};