Update README

fixed occlum_utils library installation scripts
correct repository clone URL

.gitignore

@@ -6,3 +6,9 @@ build/
 .DS_Store
 src/libos/target/
 tools/toolchains/dcap_lib/target/
+
+# Added by DeTEE
+**/target
+**/Cargo.lock
+.idea
+

README.md

@@ -64,3 +64,27 @@ Thanks go to [all these wonderful contributors to this project](CONTRIBUTORS.md)
 ## License
 
 Occlum is released under BSD License. See the copyright information [here](LICENSE).
+
+## DeTEE
+
+Occlum is a part of the DeTEE project. DeTEE is a research project that aims to provide a secure and efficient computing environment for data-intensive applications.
+
+```bash
+# Run the occlum ubuntu 20.04 docker container
+docker run --device /dev/sgx/enclave --device /dev/sgx/provision --rm --name valytest -it -v /home/vfaychuk:/root/vfaychuk occlum/occlum:latest-ubuntu20.04
+# inside the container run the following commands
+apt update && apt install -y ssh-client
+mkdir -p /root/.ssh && vim /root/.ssh/config
+#Host gitea.detee.cloud
+#     IdentityFile ~/.ssh/gitea_ed25519
+vim /root/.ssh/gitea_ed25519
+# put the server private key to download the repo
+chown -R root:root /root/.ssh
+chmod 600 /root/.ssh/gitea_ed25519
+ssh-keyscan -H gitea.detee.cloud > ~/.ssh/known_hosts
+git clone git@gitea.detee.cloud:SGX/occlum.git
+cd occlum && make submodule
+cd tools/toolchains/utils_lib/
+# following command installs the utils library which can derive sealing key of the enclave
+./build.sh
+```

tools/toolchains/dcap_lib/inc/occlum_dcap.h

@@ -8,18 +8,19 @@
 #include "sgx_qve_header.h"
 
 #ifdef __cplusplus
-extern "C" {
+extern "C"
+{
 #endif
 
-void *dcap_quote_open(void);
+  void *dcap_quote_open(void);
 
-uint32_t dcap_get_quote_size(void *handle);
+  uint32_t dcap_get_quote_size(void *handle);
 
-int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
+  int32_t dcap_generate_quote(void *handle, uint8_t *quote_buf, const sgx_report_data_t *report_data);
 
-uint32_t dcap_get_supplemental_data_size(void *handle);
+  uint32_t dcap_get_supplemental_data_size(void *handle);
 
-int32_t dcap_verify_quote(void *handle,
+  int32_t dcap_verify_quote(void *handle,
                             const uint8_t *quote_buf,
                             uint32_t quote_size,
                             uint32_t *collateral_expiration_status,
@@ -27,12 +28,12 @@ int32_t dcap_verify_quote(void *handle,
                             uint32_t supplemental_data_size,
                             uint8_t *supplemental_data);
 
+  // int32_t dcap_generate_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
 
-void dcap_quote_close(void *handle);
+  void dcap_quote_close(void *handle);
 
 #ifdef __cplusplus
 }
 #endif
 
 #endif
-

tools/toolchains/dcap_lib/src/lib.rs

@@ -67,17 +67,39 @@ pub extern "C" fn dcap_verify_quote(
     let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
 
     let mut verify_arg = IoctlVerDCAPQuoteArg {
-        quote_buf: quote_buf,
+        quote_buf,
-        quote_size: quote_size,
+        quote_size,
-        collateral_expiration_status: collateral_expiration_status,
+        collateral_expiration_status,
-        quote_verification_result: quote_verification_result,
+        quote_verification_result,
-        supplemental_data_size: supplemental_data_size,
+        supplemental_data_size,
-        supplemental_data: supplemental_data,
+        supplemental_data,
     };
 
     dcap.verify_quote(&mut verify_arg).unwrap_or(-1)
 }
 
+/*
+#[no_mangle]
+pub extern "C" fn dcap_generate_key(
+    handle: *mut c_void,
+    key: *mut sgx_key_128bit_t,
+    key_request: *const sgx_key_request_t,
+) -> i32 {
+    if handle.is_null() {
+        return -1;
+    }
+
+    let dcap = unsafe { &mut *(handle as *mut DcapQuote) };
+
+    let mut key_arg = IoctlGetKeyArg {
+        key_request,
+        key
+    };
+
+    dcap.generate_key(&mut key_arg).unwrap_or(-1)
+}
+ */
+
 #[no_mangle]
 pub extern "C" fn dcap_quote_close(handle: *mut c_void) {
     if handle.is_null() {

tools/toolchains/dcap_lib/src/occlum_dcap.rs

@@ -5,6 +5,7 @@ const SGXIOC_GET_DCAP_QUOTE_SIZE: u64 = 0x80047307;
 const SGXIOC_GEN_DCAP_QUOTE: u64 = 0xc0187308;
 const SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = 0x80047309;
 const SGXIOC_VER_DCAP_QUOTE: u64 = 0xc030730a;
+// const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
 
 cfg_if::cfg_if! {
     if #[cfg(target_env = "musl")] {
@@ -12,11 +13,13 @@ cfg_if::cfg_if! {
         const IOCTL_GEN_DCAP_QUOTE: i32 = SGXIOC_GEN_DCAP_QUOTE as i32;
         const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: i32 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE as i32;
         const IOCTL_VER_DCAP_QUOTE: i32 = SGXIOC_VER_DCAP_QUOTE as i32;
+        // const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
     } else {
         const IOCTL_GET_DCAP_QUOTE_SIZE: u64 = SGXIOC_GET_DCAP_QUOTE_SIZE;
         const IOCTL_GEN_DCAP_QUOTE: u64 = SGXIOC_GEN_DCAP_QUOTE;
         const IOCTL_GET_DCAP_SUPPLEMENTAL_SIZE: u64 = SGXIOC_GET_DCAP_SUPPLEMENTAL_SIZE;
         const IOCTL_VER_DCAP_QUOTE: u64 = SGXIOC_VER_DCAP_QUOTE;
+        // const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
     }
 }
 
@@ -41,6 +44,16 @@ pub struct IoctlVerDCAPQuoteArg {
     pub supplemental_data: *mut u8,                         // Output (optional)
 }
 
+/*
+// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
+//#[allow(dead_code)]
+#[repr(C)]
+pub struct IoctlGetKeyArg {
+    pub key_request: *const sgx_key_request_t, // Input
+    pub key: *mut sgx_key_128bit_t,            // Output
+}
+ */
+
 pub struct DcapQuote {
     fd: c_int,
     quote_size: u32,
@@ -122,6 +135,19 @@ impl DcapQuote {
         }
     }
 
+    /*
+    pub fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
+        let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
+        if ret < 0 {
+            let os_err = Error::last_os_error();
+            println!("OS error: {os_err:?}");
+            Err(os_err)
+        } else {
+            Ok(0)
+        }
+    }
+     */
+
     pub fn close(&mut self) {
         unsafe { libc::close(self.fd) };
     }

tools/toolchains/dcap_lib/src/prelude.rs

@@ -4,5 +4,9 @@ pub use std::io::Error;
 
 // Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
 pub use sgx_types::{
-    sgx_ql_qv_result_t, sgx_quote3_t, sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t,
+    sgx_ql_qv_result_t,
+    sgx_quote3_t,
+    sgx_quote_header_t,
+    sgx_report_body_t,
+    sgx_report_data_t, // sgx_key_request_t, sgx_key_128bit_t,
 };

tools/toolchains/utils_lib/Cargo.toml

@@ -0,0 +1,22 @@
+[package]
+name = "occlum_utils"
+version = "0.1.0"
+authors = ["Zheng, Qi <huaiqing.zq@antgroup.com>"]
+edition = "2021"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[dependencies]
+sgx_types = { path = "../../../deps/rust-sgx-sdk/sgx_types" }
+libc = "0.2"
+cfg-if = "1.0.0"
+
+[lib]
+crate-type = ["cdylib", "rlib", "staticlib"]
+
+
+[[example]]
+name = "generate_key"
+
+[dev-dependencies]
+occlum_dcap = { path = "../dcap_lib" }

tools/toolchains/utils_lib/build.sh

@@ -0,0 +1,42 @@
+#!/bin/bash
+set -e
+
+INSTALL_DIR=/opt/occlum/toolchains/utils_lib
+SONAME=libocclum_utils.so.0.1.0
+
+function build_lib() {
+    if [[ $1 == "musl" ]]; then
+        echo "*** Build and install musl-libc utils ***"
+        CARGO=occlum-cargo
+        TARGET_PATH=target/x86_64-unknown-linux-musl/release
+        LIB_PATH=${INSTALL_DIR}/musl/
+    else
+        echo "*** Build and install glibc utils ***"
+        CARGO=cargo
+        TARGET_PATH=target/release
+        LIB_PATH=${INSTALL_DIR}/glibc/
+    fi
+
+    # cargo build libs and rust example
+    $CARGO clean
+    $CARGO rustc --release  -- -Clink-arg=-Wl,-soname,$SONAME
+    $CARGO build --release  --examples
+
+    # Copy files
+    mkdir -p ${LIB_PATH}
+    cp ${TARGET_PATH}/libocclum_utils.a ${LIB_PATH}
+    # cp ${TARGET_PATH}/examples/generate_key ${LIB_PATH}  # Not used as library
+
+    # Create SO links
+    pushd ${TARGET_PATH}
+    strip libocclum_utils.so
+    mv libocclum_utils.so $SONAME
+    ln -s $SONAME libocclum_utils.so
+    popd
+    cp -Pf ${TARGET_PATH}/libocclum_utils.so* ${LIB_PATH}
+}
+
+build_lib musl
+build_lib glibc
+
+cp -r inc ${INSTALL_DIR}/

tools/toolchains/utils_lib/examples/generate_key.rs

@@ -0,0 +1,64 @@
+use occlum_utils::*;
+use sgx_types::{
+    sgx_attributes_t, sgx_key_id_t, sgx_misc_select_t, SGX_KEYPOLICY_MRSIGNER, SGX_KEYSELECT_SEAL,
+    SGX_KEY_REQUEST_RESERVED2_BYTES, TSEAL_DEFAULT_FLAGSMASK, TSEAL_DEFAULT_MISCMASK,
+};
+
+use occlum_dcap::{sgx_quote_header_t, sgx_report_body_t, sgx_report_data_t, DcapQuote};
+
+fn main() {
+    let handle = utils_ioctl_open();
+
+    let dcap_handle = unsafe { &mut *(handle as *mut DcapQuote) };
+
+    let quote_size = dcap_handle.get_quote_size().unwrap_or_default();
+
+    let mut quote_buf: Vec<u8> = vec![0; quote_size as usize];
+    let report_str = "utils demo sample";
+
+    let mut report_data = sgx_report_data_t::default();
+    report_data.d[..report_str.len()].copy_from_slice(report_str.as_bytes());
+
+    let report_data = report_data as sgx_report_data_t;
+
+    let _ = dcap_handle
+        .generate_quote(quote_buf.as_mut_ptr(), &report_data)
+        .unwrap();
+
+    println!("===============================");
+
+    dbg!(&quote_buf);
+
+    let report_body_offset = std::mem::size_of::<sgx_quote_header_t>();
+    let report_body: *const sgx_report_body_t = (quote_buf[report_body_offset..]).as_ptr() as _;
+    let report_body: sgx_report_body_t = unsafe { *report_body };
+
+    let key_policy = SGX_KEYPOLICY_MRSIGNER;
+
+    let attribute_mask = sgx_attributes_t {
+        flags: TSEAL_DEFAULT_FLAGSMASK,
+        xfrm: 0,
+    };
+
+    let misc_mask: sgx_misc_select_t = TSEAL_DEFAULT_MISCMASK;
+
+    let key_id = sgx_key_id_t::default();
+
+    let mut key = sgx_key_128bit_t::default();
+    let key_request = sgx_key_request_t {
+        key_name: SGX_KEYSELECT_SEAL,
+        key_policy,
+        isv_svn: report_body.isv_svn,
+        reserved1: 0_u16,
+        cpu_svn: report_body.cpu_svn,
+        attribute_mask,
+        key_id,
+        misc_mask,
+        config_svn: report_body.config_svn,
+        reserved2: [0_u8; SGX_KEY_REQUEST_RESERVED2_BYTES],
+    };
+
+    utils_gen_key(handle, &mut key, &key_request);
+
+    dbg!(&key);
+}

tools/toolchains/utils_lib/inc/occlum_utils.h

@@ -0,0 +1,25 @@
+#ifndef _OCCLUM_UTILS_H
+#define _OCCLUM_UTILS_H
+
+#include <stdint.h>
+#include <stdlib.h>
+
+#include "sgx_report.h"
+#include "sgx_qve_header.h"
+
+#ifdef __cplusplus
+extern "C"
+{
+#endif
+
+  void *utils_ioctl_open(void);
+
+  int32_t utils_gen_key(void *handle, sgx_key_128bit_t *key, const sgx_key_request_t *key_request);
+
+  void utils_ioctl_close(void *handle);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif

tools/toolchains/utils_lib/rust-toolchain

@@ -0,0 +1 @@
+nightly-2022-10-22

tools/toolchains/utils_lib/src/lib.rs

@@ -0,0 +1,42 @@
+mod occlum_utils;
+mod prelude;
+
+pub use crate::occlum_utils::*;
+pub use crate::prelude::*;
+
+#[no_mangle]
+pub extern "C" fn utils_ioctl_open() -> *mut c_void {
+    if let Ok(fd) = UtilsIoctl::new() {
+        Box::into_raw(Box::new(fd)) as *mut c_void
+    } else {
+        std::ptr::null_mut::<u8>() as *mut c_void
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn utils_gen_key(
+    handle: *mut c_void,
+    key: *mut sgx_key_128bit_t,
+    key_request: *const sgx_key_request_t,
+) -> i32 {
+    if handle.is_null() {
+        return -1;
+    }
+
+    let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
+
+    let mut key_arg = IoctlGetKeyArg { key_request, key };
+
+    ioctl_dev.generate_key(&mut key_arg).unwrap_or(-1)
+}
+
+#[no_mangle]
+pub extern "C" fn utils_ioctl_close(handle: *mut c_void) {
+    if handle.is_null() {
+        return;
+    }
+
+    let ioctl_dev = unsafe { &mut *(handle as *mut UtilsIoctl) };
+
+    ioctl_dev.close();
+}

tools/toolchains/utils_lib/src/occlum_utils.rs

@@ -0,0 +1,59 @@
+use crate::prelude::*;
+use std::ffi::CString;
+
+const SGXIOC_CMD_NUM_KEY: u64 = 0xc010730b;
+
+cfg_if::cfg_if! {
+    if #[cfg(target_env = "musl")] {
+        const IOCTL_CMD_NUM_KEY: i32 = SGXIOC_CMD_NUM_KEY as i32;
+    } else {
+        const IOCTL_CMD_NUM_KEY: u64 = SGXIOC_CMD_NUM_KEY;
+    }
+}
+
+// Copy from occlum/src/libos/src/fs/dev_fs/dev_sgx/mod.rs
+#[repr(C)]
+pub struct IoctlGetKeyArg {
+    pub key_request: *const sgx_key_request_t, // Input
+    pub key: *mut sgx_key_128bit_t,            // Output
+}
+
+pub struct UtilsIoctl {
+    fd: c_int,
+    // for backward compatibility with DcapQuote
+    _quote_size: u32,
+    _supplemental_size: u32,
+}
+
+impl UtilsIoctl {
+    pub fn new() -> Result<Self, Error> {
+        let path = CString::new("/dev/sgx").unwrap();
+        let fd = unsafe { libc::open(path.as_ptr(), O_RDONLY) };
+        if fd > 0 {
+            Ok(Self {
+                fd,
+                _quote_size: 0,
+                _supplemental_size: 0,
+            })
+        } else {
+            let os_err = Error::last_os_error();
+            println!("OS error: {os_err:?}");
+            Err(os_err)
+        }
+    }
+
+    pub(crate) fn generate_key(&mut self, key_arg: *mut IoctlGetKeyArg) -> Result<i32, Error> {
+        let ret = unsafe { libc::ioctl(self.fd, IOCTL_CMD_NUM_KEY, key_arg) };
+        if ret < 0 {
+            let os_err = Error::last_os_error();
+            println!("OS error: {os_err:?}");
+            Err(os_err)
+        } else {
+            Ok(0)
+        }
+    }
+
+    pub fn close(&mut self) {
+        unsafe { libc::close(self.fd) };
+    }
+}

tools/toolchains/utils_lib/src/prelude.rs

@@ -0,0 +1,6 @@
+pub use libc::{c_int, c_void, close, ioctl, open, O_RDONLY};
+pub use std::boxed::Box;
+pub use std::io::Error;
+
+// Defined in "occlum/deps/rust-sgx-sdk/sgx_types"
+pub use sgx_types::{sgx_key_128bit_t, sgx_key_request_t};