├── lab3 ├── sucess.png ├── lab4 │ ├── sucess.png │ ├── Enclave2 │ │ ├── Enclave2.edl │ │ ├── Enclave2.lds │ │ ├── Enclave2.config.xml │ │ ├── Utility_E2.h │ │ ├── Enclave2_private.pem │ │ ├── Utility_E2.cpp │ │ └── Enclave2.cpp │ ├── Enclave1 │ │ ├── Enclave1.lds │ │ ├── Enclave1.config.xml │ │ ├── Enclave1.edl │ │ ├── Utility_E1.h │ │ ├── Enclave1_private.pem │ │ ├── Utility_E1.cpp │ │ └── Enclave1.cpp │ ├── LocalAttestationCode │ │ ├── EnclaveMessageExchange.h │ │ ├── LocalAttestationCode.edl │ │ ├── error_codes.h │ │ └── datatypes.h │ ├── Untrusted_LocalAttestation │ │ ├── UntrustedEnclaveMessageExchange.h │ │ └── UntrustedEnclaveMessageExchange.cpp │ ├── Include │ │ └── dh_session_protocol.h │ ├── App │ │ └── App.cpp │ ├── README.md │ └── chameleon-tutorial.md ├── Enclave2 │ ├── Enclave2.edl │ ├── Enclave2.lds │ ├── Enclave2.config.xml │ ├── Utility_E2.h │ ├── Enclave2_private.pem │ ├── Utility_E2.cpp │ └── Enclave2.cpp ├── Enclave1 │ ├── Enclave1.lds │ ├── Enclave1.config.xml │ ├── Enclave1.edl │ ├── Utility_E1.h │ ├── Enclave1_private.pem │ ├── Utility_E1.cpp │ └── Enclave1.cpp ├── LocalAttestationCode │ ├── EnclaveMessageExchange.h │ ├── LocalAttestationCode.edl │ ├── error_codes.h │ └── datatypes.h ├── Untrusted_LocalAttestation │ ├── UntrustedEnclaveMessageExchange.h │ └── UntrustedEnclaveMessageExchange.cpp ├── Include │ └── dh_session_protocol.h ├── App │ └── App.cpp ├── README.md └── chameleon-tutorial.md ├── lab2 ├── sorting_side_channel.jpg ├── src │ ├── lib_untrusted.h │ ├── lib_enclave.h │ ├── msort.cpp │ ├── bsort.cpp │ ├── qsort.cpp │ ├── user_sharedargs.h │ ├── user_main_ut.cpp │ ├── lib_enclave_syscall_wrap.c │ ├── lib_enclave.c │ └── lib_untrusted.c ├── README.md ├── Makefile └── README.md.bak ├── intro_lec └── Tutorial on SGX Programming on Linux.pdf ├── lab_extra └── README.md ├── lab1 ├── Enclave │ ├── Enclave.lds │ ├── Enclave.h │ ├── Enclave.config.xml │ ├── Libc.edl │ ├── Enclave.cpp │ ├── Edger8rSyntax │ │ ├── Functions.cpp │ │ └── Functions.edl │ ├── Enclave.edl │ └── Enclave_private.pem ├── App │ ├── Edger8rSyntax │ │ └── Functions.cpp │ ├── sum.h │ └── App.h ├── Include │ └── user_types.h ├── README.md ├── README_newlab.md └── Makefile ├── intro_sample ├── Enclave │ ├── Enclave.lds │ ├── Enclave.h │ ├── Enclave.config.xml │ ├── Libc.edl │ ├── Edger8rSyntax │ │ ├── Functions.cpp │ │ └── Functions.edl │ ├── Enclave.edl │ ├── Enclave.cpp │ └── Enclave_private.pem ├── App │ ├── Edger8rSyntax │ │ └── Functions.cpp │ ├── App.h │ └── App.cpp ├── README.md ├── Include │ └── user_types.h └── Makefile ├── .gitignore └── README.md /lab3/sucess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fs3l/CIS700-sgxlab/HEAD/lab3/sucess.png -------------------------------------------------------------------------------- /lab3/lab4/sucess.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fs3l/CIS700-sgxlab/HEAD/lab3/lab4/sucess.png -------------------------------------------------------------------------------- /lab2/sorting_side_channel.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fs3l/CIS700-sgxlab/HEAD/lab2/sorting_side_channel.jpg -------------------------------------------------------------------------------- /intro_lec/Tutorial on SGX Programming on Linux.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/fs3l/CIS700-sgxlab/HEAD/intro_lec/Tutorial on SGX Programming on Linux.pdf -------------------------------------------------------------------------------- /lab_extra/README.md: -------------------------------------------------------------------------------- 1 | **Updates**: the blockchain labs are migrated to a new [[repo](https://github.com/syracuse-fullstacksecurity/SUBlockchainLabs)] 2 | 3 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | local: 8 | *; 9 | }; 10 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | local: 8 | *; 9 | }; 10 | -------------------------------------------------------------------------------- /lab3/Enclave2/Enclave2.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | from "../LocalAttestationCode/LocalAttestationCode.edl" import *; 4 | from "sgx_tstdc.edl" import *; 5 | trusted{ 6 | }; 7 | }; 8 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Enclave2.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | from "../LocalAttestationCode/LocalAttestationCode.edl" import *; 4 | from "sgx_tstdc.edl" import *; 5 | trusted{ 6 | }; 7 | }; 8 | -------------------------------------------------------------------------------- /lab3/Enclave1/Enclave1.lds: -------------------------------------------------------------------------------- 1 | Enclave1.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | -------------------------------------------------------------------------------- /lab3/Enclave2/Enclave2.lds: -------------------------------------------------------------------------------- 1 | Enclave2.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Enclave1.lds: -------------------------------------------------------------------------------- 1 | Enclave1.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Enclave2.lds: -------------------------------------------------------------------------------- 1 | Enclave2.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENCLAVE_H_ 2 | #define _ENCLAVE_H_ 3 | 4 | #include 5 | #include 6 | 7 | #if defined(__cplusplus) 8 | extern "C" { 9 | #endif 10 | 11 | int bar1(const char *fmt, ...); 12 | 13 | #if defined(__cplusplus) 14 | } 15 | #endif 16 | 17 | #endif /* !_ENCLAVE_H_ */ 18 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Enclave.h: -------------------------------------------------------------------------------- 1 | #ifndef _ENCLAVE_H_ 2 | #define _ENCLAVE_H_ 3 | 4 | #include 5 | #include 6 | 7 | #if defined(__cplusplus) 8 | extern "C" { 9 | #endif 10 | 11 | int bar1(const char *fmt, ...); 12 | 13 | #if defined(__cplusplus) 14 | } 15 | #endif 16 | 17 | #endif /* !_ENCLAVE_H_ */ 18 | -------------------------------------------------------------------------------- /lab2/src/lib_untrusted.h: -------------------------------------------------------------------------------- 1 | #ifndef LIB_UNTRUSTED_H 2 | #define LIB_UNTRUSTED_H 3 | 4 | #include "user_sharedargs.h" 5 | 6 | enclave_mem_image* dload_enclave_so(const char * filename); 7 | void call_enclave(enclave_mem_image* which_enclave, void* args); 8 | void dunload_enclave_so(enclave_mem_image* which_enclave); 9 | 10 | #endif 11 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 0 4 | 0 5 | 0x40000 6 | 0x100000 7 | 10 8 | 1 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | 0 4 | 0 5 | 0x4000000 6 | 0x10000000 7 | 10 8 | 1 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /lab1/App/Edger8rSyntax/Functions.cpp: -------------------------------------------------------------------------------- 1 | #include "../App.h" 2 | #include "Enclave_u.h" 3 | 4 | /* edger8r_function_attributes: 5 | * Invokes ECALL declared with calling convention attributes. 6 | * Invokes ECALL declared with [public]. 7 | */ 8 | void edger8r_function_attributes(void) 9 | { 10 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 11 | 12 | ret = ecall_function_calling_convs(global_eid); 13 | if (ret != SGX_SUCCESS) 14 | abort(); 15 | } 16 | 17 | -------------------------------------------------------------------------------- /intro_sample/App/Edger8rSyntax/Functions.cpp: -------------------------------------------------------------------------------- 1 | #include "../App.h" 2 | #include "Enclave_u.h" 3 | 4 | /* edger8r_function_attributes: 5 | * Invokes ECALL declared with calling convention attributes. 6 | * Invokes ECALL declared with [public]. 7 | */ 8 | void edger8r_function_attributes(void) 9 | { 10 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 11 | 12 | ret = ecall_function_calling_convs(global_eid); 13 | if (ret != SGX_SUCCESS) 14 | abort(); 15 | } 16 | 17 | -------------------------------------------------------------------------------- /lab1/Enclave/Libc.edl: -------------------------------------------------------------------------------- 1 | /* Libc.edl - EDL sample for trusted C library. */ 2 | 3 | enclave { 4 | 5 | from "sgx_tstdc.edl" import sgx_oc_cpuidex; 6 | 7 | /* 8 | * A subset of the C99 standard is supported as well as SGX customized functions: 9 | * sgx_cpuid, etc. 10 | */ 11 | 12 | trusted { 13 | public long ecall_sum([in,count=size] int *list, long size); 14 | public long ecall_sum_nocopy(long list_addr, long size); 15 | }; 16 | }; 17 | -------------------------------------------------------------------------------- /lab3/Enclave2/Enclave2.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 1 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /lab3/Enclave1/Enclave1.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 1 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Enclave2.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 1 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Enclave1.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 1 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Prerequisites 3 | *.d 4 | 5 | # Compiled Object files 6 | *.slo 7 | *.lo 8 | *.o 9 | *.obj 10 | 11 | # Precompiled Headers 12 | *.gch 13 | *.pch 14 | 15 | # Compiled Dynamic libraries 16 | *.so 17 | *.dylib 18 | *.dll 19 | 20 | # Fortran module files 21 | *.mod 22 | *.smod 23 | 24 | # Compiled Static libraries 25 | *.lai 26 | *.la 27 | *.a 28 | *.lib 29 | 30 | # Executables 31 | *.exe 32 | *.out 33 | *.app 34 | 35 | 36 | *.swo 37 | *.swp 38 | *.swn 39 | *.bak 40 | 41 | lab1/app 42 | lab2/app 43 | lab2/bin 44 | -------------------------------------------------------------------------------- /intro_sample/README.md: -------------------------------------------------------------------------------- 1 | real run 2 | --- 3 | 4 | ``` 5 | make 6 | #default opt: SGX_MODE=HW SGX_PRERELEASE=1 7 | # /opt/intel/sgxsdk/bin/x64/sgx_sign sign -key Enclave/Enclave_private.pem -enclave enclave.so -out enclave.signed.so -config Enclave/Enclave.config.xml 8 | 9 | ./app 10 | ``` 11 | 12 | misc 13 | --- 14 | 15 | Purpose of SampleEnclave 16 | 17 | The project demonstrates several fundamental usages: 18 | 19 | 1. Initializing and destroying an enclave 20 | 2. Creating ECALLs or OCALLs 21 | 3. Calling trusted libraries inside the enclave 22 | 23 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include /* vsnprintf */ 3 | 4 | #include 5 | #include 6 | 7 | #include "sgx_trts.h" 8 | #include "Enclave.h" 9 | #include "Enclave_t.h" /* suprint*/ 10 | 11 | #include "../App/sum.h" 12 | 13 | long ecall_sum(int * list, long size){ 14 | //TODO task 12 implement here: 15 | // implementation begin 16 | 17 | // implementation end 18 | } 19 | 20 | long ecall_sum_nocopy(long list, long size){ 21 | //TODO task 13 implement here: 22 | // implementation begin 23 | 24 | // implementation end 25 | } 26 | 27 | 28 | -------------------------------------------------------------------------------- /lab2/src/lib_enclave.h: -------------------------------------------------------------------------------- 1 | #ifndef LIB_ENCLAVE_H 2 | #define LIB_ENCLAVE_H 3 | 4 | //this extern C is needed, because user_entry_point() is called in a C environment (i.e. _entry_point function); if lib_enclave.h is compiled (linked) as a c++ file, then it will be treated as a c++ function, which can not be automatically called in a C function. 5 | #ifdef __cplusplus 6 | extern "C" { 7 | #endif 8 | 9 | //user expected to impl. this function 10 | void user_entry_point(const void*); 11 | 12 | void* lib_malloc(size_t sz) __THROW; 13 | 14 | void lib_free(void *p) __THROW; 15 | 16 | #ifdef __cplusplus 17 | } 18 | #endif 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Libc.edl: -------------------------------------------------------------------------------- 1 | /* Libc.edl - EDL sample for trusted C library. */ 2 | 3 | enclave { 4 | 5 | from "sgx_tstdc.edl" import sgx_oc_cpuidex; 6 | 7 | /* 8 | * A subset of the C99 standard is supported as well as SGX customized functions: 9 | * sgx_cpuid, etc. 10 | */ 11 | 12 | trusted { 13 | /* 14 | * Utilize malloc/free in enclave. 15 | */ 16 | public int ecall_foo(int i, int j); 17 | 18 | /* 19 | * Utilize SGX version __cpuid() in enclave. 20 | */ 21 | public void ecall_sgx_cpuid([in, out] int cpuinfo[4], int leaf); 22 | }; 23 | }; 24 | -------------------------------------------------------------------------------- /lab1/App/sum.h: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | * printf: 4 | * Invokes OCALL to display the enclave buffer to the terminal. 5 | */ 6 | int suprint(const char *fmt, ...) 7 | { 8 | int ret[1]; 9 | char buf[BUFSIZ] = {'\0'}; 10 | va_list ap; 11 | va_start(ap, fmt); 12 | vsnprintf(buf, BUFSIZ, fmt, ap); 13 | va_end(ap); 14 | ocall_suprint(buf, ret); 15 | return ret[0]; 16 | } 17 | 18 | long call_sum(int * list, long size){ 19 | long ret = 0; 20 | for(int j=0;j<16;j++) { 21 | for(int i = j; i < size; i+=16){ 22 | ret += list[i]; 23 | } 24 | } 25 | suprint(" The sum result is %ld \n", ret); 26 | return ret; 27 | } 28 | -------------------------------------------------------------------------------- /lab1/Enclave/Edger8rSyntax/Functions.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "../Enclave.h" 5 | #include "Enclave_t.h" 6 | 7 | /* ecall_function_calling_convs: 8 | * memccpy is defined in system C library. 9 | */ 10 | void ecall_function_calling_convs(void) 11 | { 12 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 13 | 14 | char s1[] = "1234567890"; 15 | char s2[] = "0987654321"; 16 | 17 | char buf[BUFSIZ] = {'\0'}; 18 | memcpy(buf, s1, strlen(s1)); 19 | 20 | ret = memccpy(NULL, s1, s2, '\0', strlen(s1)); 21 | 22 | if (ret != SGX_SUCCESS) 23 | abort(); 24 | assert(memcmp(s1, s2, strlen(s1)) == 0); 25 | 26 | return; 27 | } 28 | 29 | 30 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Edger8rSyntax/Functions.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "../Enclave.h" 5 | #include "Enclave_t.h" 6 | 7 | /* ecall_function_calling_convs: 8 | * memccpy is defined in system C library. 9 | */ 10 | void ecall_function_calling_convs(void) 11 | { 12 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 13 | 14 | char s1[] = "1234567890"; 15 | char s2[] = "0987654321"; 16 | 17 | char buf[BUFSIZ] = {'\0'}; 18 | memcpy(buf, s1, strlen(s1)); 19 | 20 | ret = memccpy(NULL, s1, s2, '\0', strlen(s1)); 21 | 22 | if (ret != SGX_SUCCESS) 23 | abort(); 24 | assert(memcmp(s1, s2, strlen(s1)) == 0); 25 | 26 | return; 27 | } 28 | 29 | 30 | -------------------------------------------------------------------------------- /lab3/Enclave1/Enclave1.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | from "../LocalAttestationCode/LocalAttestationCode.edl" import *; 4 | from "sgx_tstdc.edl" import *; 5 | trusted{ 6 | public uint32_t start_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 7 | public uint32_t enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,uint32_t arg1, uint32_t arg2); 8 | public uint32_t start_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 9 | public uint32_t exchange_message(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 10 | 11 | }; 12 | 13 | }; 14 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Enclave1.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | from "../LocalAttestationCode/LocalAttestationCode.edl" import *; 4 | from "sgx_tstdc.edl" import *; 5 | trusted{ 6 | public uint32_t start_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 7 | public uint32_t enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,uint32_t arg1, uint32_t arg2); 8 | public uint32_t start_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 9 | public uint32_t exchange_message(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 10 | 11 | }; 12 | 13 | }; 14 | -------------------------------------------------------------------------------- /lab2/src/msort.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include"lib_enclave.h" 4 | #include"user_sharedargs.h" 5 | 6 | #define malloc lib_malloc 7 | #define free lib_free 8 | 9 | 10 | void mergeSort(TrackedList list, int l, int r){ 11 | /* TODO: task 1 code here */ 12 | } 13 | 14 | 15 | 16 | void user_entry_point(const void* args){ 17 | printf("\nMERGE SORT\n"); 18 | TrackedList* list = ((struct sort_args_enclave*) args)->plist; 19 | int size = ((struct sort_args_enclave*) args)->size; 20 | printf("Origin TrackedList: [index is show as: (index)]"); 21 | list->printTrackedList(list, size); 22 | 23 | mergeSort(*list, 0, size-1); 24 | 25 | printf("\nSorted TrackedList:"); 26 | list->printTrackedList(list, size); 27 | } 28 | 29 | #undef malloc 30 | #undef free 31 | -------------------------------------------------------------------------------- /lab1/App/App.h: -------------------------------------------------------------------------------- 1 | #ifndef _APP_H_ 2 | #define _APP_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "sgx_error.h" /* sgx_status_t */ 10 | #include "sgx_eid.h" /* sgx_enclave_id_t */ 11 | 12 | #ifndef TRUE 13 | # define TRUE 1 14 | #endif 15 | 16 | #ifndef FALSE 17 | # define FALSE 0 18 | #endif 19 | 20 | //#elif defined(__GNUC__) 21 | # define TOKEN_FILENAME "enclave.token" 22 | # define ENCLAVE_FILENAME "enclave.signed.so" 23 | 24 | extern sgx_enclave_id_t global_eid; /* global enclave id */ 25 | 26 | #if defined(__cplusplus) 27 | extern "C" { 28 | #endif 29 | 30 | void edger8r_function_attributes(void); 31 | 32 | int ecall_bar(int); 33 | 34 | #if defined(__cplusplus) 35 | } 36 | #endif 37 | 38 | #endif /* !_APP_H_ */ 39 | -------------------------------------------------------------------------------- /intro_sample/App/App.h: -------------------------------------------------------------------------------- 1 | #ifndef _APP_H_ 2 | #define _APP_H_ 3 | 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | #include "sgx_error.h" /* sgx_status_t */ 10 | #include "sgx_eid.h" /* sgx_enclave_id_t */ 11 | 12 | #ifndef TRUE 13 | # define TRUE 1 14 | #endif 15 | 16 | #ifndef FALSE 17 | # define FALSE 0 18 | #endif 19 | 20 | //#elif defined(__GNUC__) 21 | # define TOKEN_FILENAME "enclave.token" 22 | # define ENCLAVE_FILENAME "enclave.signed.so" 23 | 24 | extern sgx_enclave_id_t global_eid; /* global enclave id */ 25 | 26 | #if defined(__cplusplus) 27 | extern "C" { 28 | #endif 29 | 30 | void edger8r_function_attributes(void); 31 | 32 | int ecall_bar(int); 33 | 34 | #if defined(__cplusplus) 35 | } 36 | #endif 37 | 38 | #endif /* !_APP_H_ */ 39 | -------------------------------------------------------------------------------- /lab2/src/bsort.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include"lib_enclave.h" 4 | #include"user_sharedargs.h" 5 | 6 | /* This is task 2 for the Lab 2 7 | * This file contains implementation of bubble sort 8 | */ 9 | 10 | void bubbleSort(TrackedList list, int size){ 11 | /* TODO: task 2 code here */ 12 | } 13 | 14 | void user_entry_point(const void* args){ 15 | printf("\nBUBBLE SORT:\n"); 16 | // int* list = ((struct sort_args_enclave*) args)->plist->value; 17 | TrackedList* list = ((struct sort_args_enclave*) args)->plist; 18 | int size = ((struct sort_args_enclave*) args)->size; 19 | printf("Origin TrackedList: [index is show as: (index)]"); 20 | list->printTrackedList(list, size); 21 | 22 | bubbleSort(*list, size); 23 | printf("\nSorted TrackedList:"); 24 | list->printTrackedList(list, size); 25 | } 26 | 27 | -------------------------------------------------------------------------------- /lab2/src/qsort.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include"lib_enclave.h" 5 | #include"user_sharedargs.h" 6 | 7 | /* TODO: task 3: homework lab code here */ 8 | 9 | 10 | void quickSort(TrackedList *list, int left, int right){ 11 | /* TODO: task 3 code here */ 12 | // Remove printf below when you fill your code 13 | printf("Quick sort does not finish\n"); 14 | } 15 | 16 | 17 | void user_entry_point(const void* args){ 18 | printf("\nQUICK SORT\n"); 19 | TrackedList* list = ((struct sort_args_enclave*)args)->plist; 20 | int size = ((struct sort_args_enclave*)args)->size; 21 | 22 | printf("Origin TrackedList: [index is show as: (index)]"); 23 | list->printTrackedList(list, size); 24 | 25 | quickSort(list, 0, size-1); 26 | 27 | printf("\nSorted TrackedList:"); 28 | list->printTrackedList(list, size); 29 | 30 | } 31 | -------------------------------------------------------------------------------- /lab3/LocalAttestationCode/EnclaveMessageExchange.h: -------------------------------------------------------------------------------- 1 | #include "datatypes.h" 2 | #include "sgx_eid.h" 3 | #include "sgx_trts.h" 4 | #include 5 | #include "dh_session_protocol.h" 6 | 7 | #ifndef LOCALATTESTATION_H_ 8 | #define LOCALATTESTATION_H_ 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info); 15 | uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len); 16 | uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /lab3/lab4/LocalAttestationCode/EnclaveMessageExchange.h: -------------------------------------------------------------------------------- 1 | #include "datatypes.h" 2 | #include "sgx_eid.h" 3 | #include "sgx_trts.h" 4 | #include 5 | #include "dh_session_protocol.h" 6 | 7 | #ifndef LOCALATTESTATION_H_ 8 | #define LOCALATTESTATION_H_ 9 | 10 | #ifdef __cplusplus 11 | extern "C" { 12 | #endif 13 | 14 | uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info); 15 | uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len); 16 | uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 17 | 18 | #ifdef __cplusplus 19 | } 20 | #endif 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Enclave.edl: -------------------------------------------------------------------------------- 1 | /* Enclave.edl - Top EDL file. */ 2 | 3 | enclave { 4 | 5 | include "user_types.h" /* buffer_t */ 6 | 7 | /* Import ECALL/OCALL from sub-directory EDLs. 8 | * [from]: specifies the location of EDL file. 9 | * [import]: specifies the functions to import, 10 | * [*]: implies to import all functions. 11 | */ 12 | 13 | from "Edger8rSyntax/Functions.edl" import *; 14 | 15 | from "Libc.edl" import *; 16 | 17 | /* 18 | * ocall_bar - invokes OCALL to display string buffer inside the enclave. 19 | * [in]: copy the string buffer to App outside. 20 | * [string]: specifies 'str' is a NULL terminated buffer. 21 | */ 22 | untrusted { 23 | /*can't use pointer, instead one-element array */ 24 | void ocall_bar([in, string] const char *str, [out] int ret[1]); 25 | }; 26 | 27 | }; 28 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave.edl: -------------------------------------------------------------------------------- 1 | /* Enclave.edl - Top EDL file. */ 2 | 3 | enclave { 4 | 5 | include "user_types.h" /* buffer_t */ 6 | 7 | /* Import ECALL/OCALL from sub-directory EDLs. 8 | * [from]: specifies the location of EDL file. 9 | * [import]: specifies the functions to import, 10 | * [*]: implies to import all functions. 11 | */ 12 | 13 | from "Edger8rSyntax/Functions.edl" import *; 14 | 15 | from "Libc.edl" import *; 16 | 17 | /* 18 | * ocall_suprint - invokes OCALL to display string buffer inside the enclave. 19 | * [in]: copy the string buffer to App outside. 20 | * [string]: specifies 'str' is a NULL terminated buffer. 21 | */ 22 | untrusted { 23 | /*can't use pointer, instead one-element array */ 24 | void ocall_suprint([in, string] const char *str, [out] int ret[1]); 25 | void ocall_gettimenow([out] long sec[1], [out] long usec[1]); 26 | }; 27 | 28 | }; 29 | -------------------------------------------------------------------------------- /lab3/Enclave2/Utility_E2.h: -------------------------------------------------------------------------------- 1 | #ifndef UTILITY_E2_H__ 2 | #define UTILITY_E2_H__ 3 | #include "stdint.h" 4 | 5 | typedef struct _param_struct_t 6 | { 7 | uint32_t var1; 8 | uint32_t var2; 9 | }param_struct_t; 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | uint32_t unmarshal_input_parameters_e2(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms); 16 | uint32_t marshal_retval_and_output_parameters_e2(char** resp_buffer, size_t* resp_length, uint32_t retval); 17 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); 18 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); 19 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); 20 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); 21 | 22 | #ifdef __cplusplus 23 | } 24 | #endif 25 | #endif 26 | 27 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Utility_E2.h: -------------------------------------------------------------------------------- 1 | #ifndef UTILITY_E2_H__ 2 | #define UTILITY_E2_H__ 3 | #include "stdint.h" 4 | 5 | typedef struct _param_struct_t 6 | { 7 | uint32_t var1; 8 | uint32_t var2; 9 | }param_struct_t; 10 | 11 | #ifdef __cplusplus 12 | extern "C" { 13 | #endif 14 | 15 | uint32_t unmarshal_input_parameters_e2(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms); 16 | uint32_t marshal_retval_and_output_parameters_e2(char** resp_buffer, size_t* resp_length, uint32_t retval); 17 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); 18 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); 19 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); 20 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); 21 | 22 | #ifdef __cplusplus 23 | } 24 | #endif 25 | #endif 26 | 27 | -------------------------------------------------------------------------------- /lab2/src/user_sharedargs.h: -------------------------------------------------------------------------------- 1 | #ifndef USER_SHAREDARGS_H 2 | #define USER_SHAREDARGS_H 3 | #include 4 | //shared between untrusted code and enclave code 5 | class TrackedList { 6 | public: 7 | int* array; 8 | int size; 9 | 10 | TrackedList(){ 11 | array = NULL; 12 | 13 | } 14 | 15 | TrackedList(int n){ 16 | array = new int[n]; 17 | size = n; 18 | } 19 | 20 | int& operator[](int k){ 21 | if(k<0 || k>=size) 22 | throw std::out_of_range("invalid index"); 23 | printf("(%d) ",k); 24 | return array[k]; 25 | } 26 | 27 | void printTrackedList(TrackedList* list, int size){ 28 | printf("\n"); 29 | for(int i=0; i 2 | #include /* vsnprintf */ 3 | 4 | #include 5 | #include 6 | 7 | #include "sgx_trts.h" 8 | #include "Enclave.h" 9 | #include "Enclave_t.h" /* bar*/ 10 | 11 | 12 | 13 | /* 14 | * printf: 15 | * Invokes OCALL to display the enclave buffer to the terminal. 16 | */ 17 | int bar1(const char *fmt, ...) 18 | { 19 | int ret[1]; 20 | char buf[BUFSIZ] = {'\0'}; 21 | va_list ap; 22 | va_start(ap, fmt); 23 | vsnprintf(buf, BUFSIZ, fmt, ap); 24 | va_end(ap); 25 | ocall_bar(buf, ret); 26 | return ret[0]; 27 | } 28 | 29 | 30 | /* ecall_foo: 31 | * Uses malloc/free to allocate/free trusted memory. 32 | */ 33 | int ecall_foo(int i, int j) 34 | { 35 | void *ptr = malloc(100); 36 | assert(ptr != NULL); 37 | memset(ptr, 0x0, 100); 38 | free(ptr); 39 | 40 | int ret = bar1("calling ocall_bar with: i=%d,j=%d\n", i,j); 41 | bar1("ocall_bar returns: %d\n", ret); 42 | 43 | return i+1; 44 | } 45 | 46 | /* ecall_sgx_cpuid: 47 | * Uses sgx_cpuid to get CPU features and types. 48 | */ 49 | void ecall_sgx_cpuid(int cpuinfo[4], int leaf) 50 | { 51 | sgx_status_t ret = sgx_cpuid(cpuinfo, leaf); 52 | if (ret != SGX_SUCCESS) 53 | abort(); 54 | } 55 | -------------------------------------------------------------------------------- /lab1/Enclave/Edger8rSyntax/Functions.edl: -------------------------------------------------------------------------------- 1 | /* Functions.edl - Samples for function attributes. */ 2 | 3 | enclave { 4 | 5 | /* 6 | * Following keywords/attributes are supported for untrusted functions: 7 | * cdecl, stdcall, fastcall, dllimport (only for Windows). 8 | * [public] is only supported for the trusted functions. 9 | * Trusted function will be treated as [private] w/o the [public]. 10 | */ 11 | 12 | trusted { 13 | 14 | public void ecall_function_calling_convs(void); 15 | 16 | /* 17 | * [public]: 18 | * public ECALL can be called directly in App. 19 | */ 20 | }; 21 | 22 | untrusted { 23 | 24 | /* 25 | * [cdecl]: 26 | * tells edger8r the calling convention of the OCALLs is 'cdecl'. 27 | * [dllimport]: 28 | * indicats the OCALL is provided in DLLs. 29 | * 30 | * Note: memccpy() is provided by MS system DLL, we don't need to implement it in App side. 31 | */ 32 | 33 | [cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len); 34 | 35 | /* 36 | * [allow]: 37 | * OCALL 'ocall_function_allow' can invoke ECALL 'ecall_function_private' in App side. 38 | * 39 | * Note: No ECALL can be called in OCALL w/o [allow]. 40 | */ 41 | 42 | }; 43 | 44 | }; 45 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Edger8rSyntax/Functions.edl: -------------------------------------------------------------------------------- 1 | /* Functions.edl - Samples for function attributes. */ 2 | 3 | enclave { 4 | 5 | /* 6 | * Following keywords/attributes are supported for untrusted functions: 7 | * cdecl, stdcall, fastcall, dllimport (only for Windows). 8 | * [public] is only supported for the trusted functions. 9 | * Trusted function will be treated as [private] w/o the [public]. 10 | */ 11 | 12 | trusted { 13 | 14 | public void ecall_function_calling_convs(void); 15 | 16 | /* 17 | * [public]: 18 | * public ECALL can be called directly in App. 19 | */ 20 | }; 21 | 22 | untrusted { 23 | 24 | /* 25 | * [cdecl]: 26 | * tells edger8r the calling convention of the OCALLs is 'cdecl'. 27 | * [dllimport]: 28 | * indicats the OCALL is provided in DLLs. 29 | * 30 | * Note: memccpy() is provided by MS system DLL, we don't need to implement it in App side. 31 | */ 32 | 33 | [cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len); 34 | 35 | /* 36 | * [allow]: 37 | * OCALL 'ocall_function_allow' can invoke ECALL 'ecall_function_private' in App side. 38 | * 39 | * Note: No ECALL can be called in OCALL w/o [allow]. 40 | */ 41 | 42 | }; 43 | 44 | }; 45 | -------------------------------------------------------------------------------- /lab1/Include/user_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright(C) 2011-2015 Intel Corporation All Rights Reserved. 3 | * 4 | * The source code, information and material ("Material") contained herein is 5 | * owned by Intel Corporation or its suppliers or licensors, and title to such 6 | * Material remains with Intel Corporation or its suppliers or licensors. The 7 | * Material contains proprietary information of Intel or its suppliers and 8 | * licensors. The Material is protected by worldwide copyright laws and treaty 9 | * provisions. No part of the Material may be used, copied, reproduced, 10 | * modified, published, uploaded, posted, transmitted, distributed or disclosed 11 | * in any way without Intel's prior express written permission. No license 12 | * under any patent, copyright or other intellectual property rights in the 13 | * Material is granted to or conferred upon you, either expressly, by 14 | * implication, inducement, estoppel or otherwise. Any license under such 15 | * intellectual property rights must be express and approved by Intel in 16 | * writing. 17 | * 18 | * *Third Party trademarks are the property of their respective owners. 19 | * 20 | * Unless otherwise agreed by Intel in writing, you may not remove or alter 21 | * this notice or any other notice embedded in Materials by Intel or Intel's 22 | * suppliers or licensors in any way. 23 | */ 24 | 25 | /* User defined types */ 26 | 27 | #ifdef _MSC_VER 28 | #define memccpy _memccpy 29 | #endif 30 | 31 | #define LOOPS_PER_THREAD 500 32 | 33 | typedef void *buffer_t; 34 | typedef int array_t[10]; 35 | 36 | -------------------------------------------------------------------------------- /intro_sample/Include/user_types.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright(C) 2011-2015 Intel Corporation All Rights Reserved. 3 | * 4 | * The source code, information and material ("Material") contained herein is 5 | * owned by Intel Corporation or its suppliers or licensors, and title to such 6 | * Material remains with Intel Corporation or its suppliers or licensors. The 7 | * Material contains proprietary information of Intel or its suppliers and 8 | * licensors. The Material is protected by worldwide copyright laws and treaty 9 | * provisions. No part of the Material may be used, copied, reproduced, 10 | * modified, published, uploaded, posted, transmitted, distributed or disclosed 11 | * in any way without Intel's prior express written permission. No license 12 | * under any patent, copyright or other intellectual property rights in the 13 | * Material is granted to or conferred upon you, either expressly, by 14 | * implication, inducement, estoppel or otherwise. Any license under such 15 | * intellectual property rights must be express and approved by Intel in 16 | * writing. 17 | * 18 | * *Third Party trademarks are the property of their respective owners. 19 | * 20 | * Unless otherwise agreed by Intel in writing, you may not remove or alter 21 | * this notice or any other notice embedded in Materials by Intel or Intel's 22 | * suppliers or licensors in any way. 23 | */ 24 | 25 | /* User defined types */ 26 | 27 | #ifdef _MSC_VER 28 | #define memccpy _memccpy 29 | #endif 30 | 31 | #define LOOPS_PER_THREAD 500 32 | 33 | typedef void *buffer_t; 34 | typedef int array_t[10]; 35 | 36 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | SGX Labs 2 | === 3 | 4 | 39 | 40 | 41 | * Module 1: Understanding SGX Memory Protection [[lab 1](https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab/tree/master/lab1/README.md)] 42 | 43 | * Module 2: Side-channel Vulnerability and Protection [[lab 2](https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab/tree/master/lab2/README.md)] 44 | 45 | * Module 3: Software Attestation with Intel SGX [[lab 3](https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab/tree/master/lab3/README.md)] 46 | 47 | -------------------------------------------------------------------------------- /lab3/LocalAttestationCode/LocalAttestationCode.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | include "datatypes.h" 4 | include "../Include/dh_session_protocol.h" 5 | trusted{ 6 | public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id); 7 | public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); 8 | public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size ); 9 | public uint32_t end_session(sgx_enclave_id_t src_enclave_id); 10 | }; 11 | 12 | untrusted{ 13 | uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id); 14 | uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); 15 | uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size); 16 | uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 17 | 18 | void ocall_suprint([in, string] const char *str, [out] int ret[1]); 19 | 20 | 21 | }; 22 | }; 23 | -------------------------------------------------------------------------------- /lab3/lab4/LocalAttestationCode/LocalAttestationCode.edl: -------------------------------------------------------------------------------- 1 | enclave { 2 | include "sgx_eid.h" 3 | include "datatypes.h" 4 | include "../Include/dh_session_protocol.h" 5 | trusted{ 6 | public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id); 7 | public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); 8 | public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size ); 9 | public uint32_t end_session(sgx_enclave_id_t src_enclave_id); 10 | }; 11 | 12 | untrusted{ 13 | uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id); 14 | uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); 15 | uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size); 16 | uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 17 | 18 | void ocall_suprint([in, string] const char *str, [out] int ret[1]); 19 | 20 | 21 | }; 22 | }; 23 | -------------------------------------------------------------------------------- /lab2/src/user_main_ut.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | #include "lib_untrusted.h" 5 | #include "user_sharedargs.h" 6 | 7 | void bar(int * ptr_int){ 8 | printf("outside enclave: %d\n", *ptr_int); 9 | } 10 | 11 | int main(){ 12 | struct sort_args_enclave args; 13 | 14 | int task=1; 15 | printf("Choose the task to run:\n1 Merge sort\n2 Bubble sort\n3 Quick sort\n"); 16 | scanf("%d",&task); 17 | 18 | /* Lab 2 list input*/ 19 | int list[8]; 20 | printf("\nInput 8 numbers to be sorted:\n"); 21 | for(int i=0;i<8;i++){ 22 | scanf("%d",&list[i]); 23 | } 24 | 25 | TrackedList listc; 26 | listc.array = list; 27 | listc.size = 8; 28 | 29 | if(task == 1){ 30 | /*Merge Sort*/ 31 | args.plist = &listc; 32 | args.size = 8; 33 | 34 | enclave_mem_image* enclave_handle_msort; 35 | enclave_handle_msort = dload_enclave_so("./bin/enclave_msort.so"); 36 | call_enclave(enclave_handle_msort, &args); 37 | dunload_enclave_so(enclave_handle_msort); 38 | } 39 | else if(task == 2){ 40 | /*Bubble Sort*/ 41 | args.plist = &listc; 42 | args.size = 8; 43 | 44 | enclave_mem_image* enclave_handle_bsort; 45 | enclave_handle_bsort = dload_enclave_so("./bin/enclave_bsort.so"); 46 | call_enclave(enclave_handle_bsort, &args); 47 | dunload_enclave_so(enclave_handle_bsort); 48 | } 49 | else if(task == 3){ 50 | /*Quick Sort*/ 51 | 52 | args.plist = &listc; 53 | args.size = 8; 54 | 55 | enclave_mem_image* enclave_handle_qsort; 56 | enclave_handle_qsort = dload_enclave_so("./bin/enclave_qsort.so"); 57 | call_enclave(enclave_handle_qsort, & args); 58 | dunload_enclave_so(enclave_handle_qsort); 59 | 60 | } 61 | } 62 | 63 | 64 | -------------------------------------------------------------------------------- /lab2/src/lib_enclave_syscall_wrap.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | extern "C" { //needed for C style mangling 7 | 8 | /* create pointers for real glibc functions */ 9 | ssize_t __real_write(int fd, const void *buf, size_t count); 10 | ssize_t __wrap_write(int fd, const void *buf, size_t count) 11 | { 12 | /* printing out the number of characters */ 13 | printf(" Hooked! write:chars#:%lu\n", count); 14 | /* call the real glibc function and return the result */ 15 | ssize_t result = __real_write(fd, buf, count); 16 | return result; 17 | } 18 | 19 | //puts is not syscall! 20 | int __real_puts(const char* str); 21 | int __wrap_puts(const char* str) 22 | { 23 | // printing out the number of characters 24 | printf(" Hooked! puts:chars#:%lu\n", strlen(str)); 25 | // call the real glibc function and return the result 26 | int result = __real_puts(str); 27 | return result; 28 | } 29 | /* 30 | */ 31 | 32 | int __real_brk(void *addr); 33 | int __wrap_brk(void *addr){ 34 | printf(" Hooked! brk:addr:%p\n", addr); 35 | return __real_brk(addr); 36 | } 37 | 38 | //e.g: access("/etc/ld.so.nohwcap", F_OK) 39 | int __real_access(const char *pathname, int mode); 40 | int __wrap_access(const char *pathname, int mode){ 41 | printf(" Hooked! access:pathname:%s, mode:%d\n", pathname, mode); 42 | return __real_access(pathname, mode); 43 | } 44 | 45 | //e.g.: mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) 46 | void * __real_mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset); 47 | void * __wrap_mmap(void *start, size_t length, int prot, int flags, int fd, off_t offset){ 48 | printf(" Hooked! mmap:start:%p, length:%lu, prot:%d, flags:%d, fd:%d, offset:%ld\n", start, length, prot, flags, fd, offset); 49 | return __real_mmap(start, length, prot, flags, fd, offset); 50 | } 51 | 52 | 53 | 54 | } 55 | -------------------------------------------------------------------------------- /lab3/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "error_codes.h" 3 | #include "datatypes.h" 4 | #include "sgx_urts.h" 5 | #include "dh_session_protocol.h" 6 | #include "sgx_dh.h" 7 | #include 8 | 9 | 10 | #ifndef ULOCALATTESTATION_H_ 11 | #define ULOCALATTESTATION_H_ 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 18 | sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 19 | sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 20 | sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); 21 | 22 | sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 23 | sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 24 | sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 25 | sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); 26 | 27 | uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 28 | uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 29 | uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 30 | uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /lab3/lab4/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "error_codes.h" 3 | #include "datatypes.h" 4 | #include "sgx_urts.h" 5 | #include "dh_session_protocol.h" 6 | #include "sgx_dh.h" 7 | #include 8 | 9 | 10 | #ifndef ULOCALATTESTATION_H_ 11 | #define ULOCALATTESTATION_H_ 12 | 13 | #ifdef __cplusplus 14 | extern "C" { 15 | #endif 16 | 17 | sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 18 | sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 19 | sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 20 | sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); 21 | 22 | sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 23 | sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 24 | sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 25 | sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); 26 | 27 | uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); 28 | uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); 29 | uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); 30 | uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); 31 | 32 | #ifdef __cplusplus 33 | } 34 | #endif 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /lab1/Enclave/Enclave_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ 3 | AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ 4 | ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr 5 | nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b 6 | 3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H 7 | ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD 8 | 5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW 9 | KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC 10 | 1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe 11 | K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z 12 | AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q 13 | ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 14 | JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 15 | 5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 16 | wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 17 | osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm 18 | WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i 19 | Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 20 | xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd 21 | vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD 22 | Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a 23 | cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC 24 | 0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ 25 | gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo 26 | gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t 27 | k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz 28 | Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 29 | O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 30 | afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom 31 | e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G 32 | BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv 33 | fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN 34 | t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 35 | yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp 36 | 6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg 37 | WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH 38 | NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /lab3/Enclave1/Enclave1_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0 3 | c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf 4 | RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx 5 | YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ 6 | oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni 7 | U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP 8 | RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/ 9 | Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ 10 | 5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa 11 | brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy 12 | d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB 13 | 3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR 14 | YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN 15 | Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy 16 | /c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex 17 | 4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme 18 | KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/ 19 | gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI 20 | 4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i 21 | tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb 22 | 9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux 23 | EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe 24 | bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3 25 | OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde 26 | rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg 27 | OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ 28 | cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw 29 | gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx 30 | E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW 31 | h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi 32 | qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg 33 | 1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P 34 | cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2 35 | Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp 36 | teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx 37 | SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa 38 | mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /lab3/Enclave2/Enclave2_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ 3 | AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ 4 | ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr 5 | nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b 6 | 3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H 7 | ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD 8 | 5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW 9 | KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC 10 | 1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe 11 | K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z 12 | AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q 13 | ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 14 | JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 15 | 5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 16 | wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 17 | osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm 18 | WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i 19 | Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 20 | xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd 21 | vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD 22 | Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a 23 | cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC 24 | 0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ 25 | gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo 26 | gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t 27 | k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz 28 | Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 29 | O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 30 | afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom 31 | e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G 32 | BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv 33 | fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN 34 | t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 35 | yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp 36 | 6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg 37 | WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH 38 | NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /intro_sample/Enclave/Enclave_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ 3 | AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ 4 | ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr 5 | nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b 6 | 3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H 7 | ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD 8 | 5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW 9 | KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC 10 | 1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe 11 | K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z 12 | AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q 13 | ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 14 | JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 15 | 5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 16 | wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 17 | osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm 18 | WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i 19 | Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 20 | xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd 21 | vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD 22 | Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a 23 | cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC 24 | 0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ 25 | gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo 26 | gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t 27 | k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz 28 | Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 29 | O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 30 | afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom 31 | e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G 32 | BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv 33 | fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN 34 | t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 35 | yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp 36 | 6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg 37 | WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH 38 | NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Enclave1_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0 3 | c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf 4 | RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx 5 | YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ 6 | oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni 7 | U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP 8 | RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/ 9 | Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ 10 | 5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa 11 | brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy 12 | d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB 13 | 3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR 14 | YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN 15 | Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy 16 | /c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex 17 | 4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme 18 | KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/ 19 | gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI 20 | 4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i 21 | tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb 22 | 9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux 23 | EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe 24 | bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3 25 | OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde 26 | rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg 27 | OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ 28 | cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw 29 | gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx 30 | E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW 31 | h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi 32 | qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg 33 | 1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P 34 | cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2 35 | Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp 36 | teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx 37 | SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa 38 | mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Enclave2_private.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN RSA PRIVATE KEY----- 2 | MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ 3 | AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ 4 | ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr 5 | nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b 6 | 3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H 7 | ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD 8 | 5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW 9 | KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC 10 | 1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe 11 | K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z 12 | AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q 13 | ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 14 | JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 15 | 5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 16 | wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 17 | osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm 18 | WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i 19 | Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 20 | xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd 21 | vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD 22 | Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a 23 | cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC 24 | 0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ 25 | gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo 26 | gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t 27 | k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz 28 | Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 29 | O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 30 | afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom 31 | e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G 32 | BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv 33 | fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN 34 | t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 35 | yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp 36 | 6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg 37 | WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH 38 | NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= 39 | -----END RSA PRIVATE KEY----- 40 | -------------------------------------------------------------------------------- /lab3/LocalAttestationCode/error_codes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #ifndef ERROR_CODES_H_ 33 | #define ERROR_CODES_H_ 34 | 35 | typedef uint32_t ATTESTATION_STATUS; 36 | 37 | #define SUCCESS 0x00 38 | #define INVALID_PARAMETER 0xE1 39 | #define VALID_SESSION 0xE2 40 | #define INVALID_SESSION 0xE3 41 | #define ATTESTATION_ERROR 0xE4 42 | #define ATTESTATION_SE_ERROR 0xE5 43 | #define IPP_ERROR 0xE6 44 | #define NO_AVAILABLE_SESSION_ERROR 0xE7 45 | #define MALLOC_ERROR 0xE8 46 | #define ERROR_TAG_MISMATCH 0xE9 47 | #define OUT_BUFFER_LENGTH_ERROR 0xEA 48 | #define INVALID_REQUEST_TYPE_ERROR 0xEB 49 | #define INVALID_PARAMETER_ERROR 0xEC 50 | #define ENCLAVE_TRUST_ERROR 0xED 51 | #define ENCRYPT_DECRYPT_ERROR 0xEE 52 | #define DUPLICATE_SESSION 0xEF 53 | #endif 54 | -------------------------------------------------------------------------------- /lab3/lab4/LocalAttestationCode/error_codes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #ifndef ERROR_CODES_H_ 33 | #define ERROR_CODES_H_ 34 | 35 | typedef uint32_t ATTESTATION_STATUS; 36 | 37 | #define SUCCESS 0x00 38 | #define INVALID_PARAMETER 0xE1 39 | #define VALID_SESSION 0xE2 40 | #define INVALID_SESSION 0xE3 41 | #define ATTESTATION_ERROR 0xE4 42 | #define ATTESTATION_SE_ERROR 0xE5 43 | #define IPP_ERROR 0xE6 44 | #define NO_AVAILABLE_SESSION_ERROR 0xE7 45 | #define MALLOC_ERROR 0xE8 46 | #define ERROR_TAG_MISMATCH 0xE9 47 | #define OUT_BUFFER_LENGTH_ERROR 0xEA 48 | #define INVALID_REQUEST_TYPE_ERROR 0xEB 49 | #define INVALID_PARAMETER_ERROR 0xEC 50 | #define ENCLAVE_TRUST_ERROR 0xED 51 | #define ENCRYPT_DECRYPT_ERROR 0xEE 52 | #define DUPLICATE_SESSION 0xEF 53 | #endif 54 | -------------------------------------------------------------------------------- /lab3/Include/dh_session_protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #ifndef _DH_SESSION_PROROCOL_H 33 | #define _DH_SESSION_PROROCOL_H 34 | 35 | #include "sgx_ecp_types.h" 36 | #include "sgx_key.h" 37 | #include "sgx_report.h" 38 | #include "sgx_attributes.h" 39 | 40 | #define NONCE_SIZE 16 41 | #define MAC_SIZE 16 42 | 43 | #define MSG_BUF_LEN sizeof(ec_pub_t)*2 44 | #define MSG_HASH_SZ 32 45 | 46 | 47 | //Session information structure 48 | typedef struct _la_dh_session_t 49 | { 50 | uint32_t session_id; //Identifies the current session 51 | uint32_t status; //Indicates session is in progress, active or closed 52 | union 53 | { 54 | struct 55 | { 56 | sgx_dh_session_t dh_session; 57 | }in_progress; 58 | 59 | struct 60 | { 61 | sgx_key_128bit_t AEK; //Session Key 62 | uint32_t counter; //Used to store Message Sequence Number 63 | }active; 64 | }; 65 | } dh_session_t; 66 | 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /lab3/lab4/Include/dh_session_protocol.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #ifndef _DH_SESSION_PROROCOL_H 33 | #define _DH_SESSION_PROROCOL_H 34 | 35 | #include "sgx_ecp_types.h" 36 | #include "sgx_key.h" 37 | #include "sgx_report.h" 38 | #include "sgx_attributes.h" 39 | 40 | #define NONCE_SIZE 16 41 | #define MAC_SIZE 16 42 | 43 | #define MSG_BUF_LEN sizeof(ec_pub_t)*2 44 | #define MSG_HASH_SZ 32 45 | 46 | 47 | //Session information structure 48 | typedef struct _la_dh_session_t 49 | { 50 | uint32_t session_id; //Identifies the current session 51 | uint32_t status; //Indicates session is in progress, active or closed 52 | union 53 | { 54 | struct 55 | { 56 | sgx_dh_session_t dh_session; 57 | }in_progress; 58 | 59 | struct 60 | { 61 | sgx_key_128bit_t AEK; //Session Key 62 | uint32_t counter; //Used to store Message Sequence Number 63 | }active; 64 | }; 65 | } dh_session_t; 66 | 67 | 68 | #endif 69 | -------------------------------------------------------------------------------- /lab1/README.md: -------------------------------------------------------------------------------- 1 | Module 1: Understanding SGX Memory Protection 2 | --- 3 | 4 | #### Preparation 5 | 6 | 1. C/C++ programming 7 | 2. Linux shell and text editing (e.g. vim or emacs) 8 | 3. SGX SDK sample code (under dir. `intro_sample`) 9 | 10 | #### Machine setup 11 | 12 | This lab requires the use of a real SGX machine. Make sure you can get access to an SGX machine: `ssh 128.230.209.67`. You can contact Dr. Tang (through his email: ytang100@syr.edu) for the username and password to access the machine. 13 | 14 | If you are off campus, you need to use VPN to first get access to the campus LAN before trying to access the machine. 15 | 16 | Once you access the SGX machine, `git clone` this repository to get started on the lab. 17 | 18 | #### Tutorial (1) 19 | 20 | The tutorial in `intro_lec` presents the SGX programming specification related to ECall and OCall. It is based on sample code in dir. `intro_sample`. 21 | 22 | #### In-class Lab (2): Performance Benchmarking 23 | 24 | This lab requires you to write a simple program to compute the sum of an array, execute it inside/outside enclave, and observe the performance difference, as a way to understand the performance overhead caused by SGX memory protection engine. 25 | 26 | File `./lab1/App/sum.h` has implemented function `call_sum(int * list, long size)` which calculates sum of an array with cache misses increased deliberately. 27 | 28 | To compile and execute the provided repository, follow the instructions below. Note when running `./app`, it may take a while to set up the enclave memory; be patient. 29 | 30 | ```bash 31 | make 32 | ./app 33 | ``` 34 | 35 | Write a program to compute the sum outside enclave 36 | 37 | 1. Task 1.1 is about running your `call_sum(int * list, long size)` outside enclave and measuring the execution time with a large array (e.g. 2 million integers). 38 | * Add your implementation in function `task_121(int *list, long size)` in `./lab1/App/App.cpp`: invoke `call_sum()` and add time measurement. 39 | * Hint: measuring time can consult `gettimenow()` in `App.cpp`. 40 | 2. Task 1.2 is about running the sum computation purely inside enclave 41 | * Add your implementation in function `task_122(int *list, long size)` in `./lab1/App/App.cpp`: 42 | 1. write `ecall_sum()` to call into enclave; make sure the array `list` is copied into the enclave upon ecall. 43 | 2. [Bonus] design where to add time measurement. 44 | 3. Run the program of the two tasks, and measure the execution time of two settings. Explain the performance difference. 45 | 46 | #### Homework Lab (3): Performance Benchmarking with Data-Out Code-In Execution 47 | 48 | 4. Task 1.3 is about computing the sum inside enclave, but *with array outside enclave*. 49 | 50 | -------------------------------------------------------------------------------- /lab1/README_newlab.md: -------------------------------------------------------------------------------- 1 | 2 | Setup 3 | --- 4 | 5 | Make sure you can get access to an SGX machine: `ssh 128.230.209.67`. You can contact Dr. Tang (through his email: ytang100@syr.edu) for the username and password to access the machine. 6 | 7 | If you are off campus, you need to use VPN to first get access to the campus LAN before trying to access the machine. 8 | 9 | Once you access the SGX machine, `git clone` this repository to get started on the lab. 10 | 11 | Module 1: Understanding SGX Memory Protection 12 | --- 13 | 14 | #### Preparation 15 | 16 | 1. C/C++ programming 17 | 2. Linux shell and text editing (e.g. vim or emacs) 18 | 3. SGX SDK sample code (under dir. `intro_sample`) 19 | 20 | #### Tutorial (1) 21 | 22 | The tutorial in `intro_lec` presents the SGX programming specification related to ECall and OCall. It is based on sample code in dir. `intro_sample`. 23 | 24 | #### In-class Lab (2): Performance Benchmarking 25 | 26 | This lab requires you to write a simple program to compute the sum of an array, execute it inside/outside enclave, and observe the performance difference, as a way to understand the performance overhead caused by SGX memory protection engine. 27 | 28 | File `./lab1/App/sum.h` has implemented function `call_sum(int * list, long size)` which calculates sum of an array with cache misses increased deliberately. 29 | 30 | To compile and execute the provided repository, follow the instructions below. Note when running `./app`, it may take a while to set up the enclave memory; be patient. 31 | 32 | ```bash 33 | make 34 | ./app 35 | ``` 36 | 37 | Write a program to compute the sum outside enclave 38 | 39 | 1. Task 1.1 is about running your `call_sum(int * list, long size)` outside enclave and measuring the execution time with a large array (e.g. 2 million integers). 40 | * Add your implementation in function `task_121(int *list, long size)` in `./lab1/App/App.cpp`: invoke `call_sum()` and add time measurement. 41 | * Hint: measuring time can consult `gettimenow()` in `App.cpp`. 42 | 2. Task 1.2 is about running the sum computation purely inside enclave 43 | * Add your implementation in function `task_122(int *list, long size)` in `./lab1/App/App.cpp`: 44 | 1. write `ecall_sum()` to call into enclave; make sure the array `list` is copied into the enclave upon ecall. 45 | 2. [Bonus] design where to add time measurement. 46 | 3. Run the program of the two tasks, and measure the execution time of two settings. Explain the performance difference. 47 | 48 | #### Homework Lab (3): Performance Benchmarking with Data-Out Code-In Execution 49 | 50 | 4. Task 1.3 is about computing the sum inside enclave, but *with array outside enclave*. 51 | * Add your implementation in function `task_123(int *list, long size)` in `./lab1/App/App.cpp`: 52 | 1. [Bonus] write `ecall_sum_nocopy()` to call into enclave; make sure the array `list` is *NOT* copied into the enclave upon ecall. 53 | 2. add time measurement. 54 | 5. Run the program of the three tasks, and measure the execution time of three settings. Explain the performance difference. 55 | 56 | 57 | -------------------------------------------------------------------------------- /lab2/src/lib_enclave.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include"lib_enclave.h" 3 | #include"lib_untrusted.h" 4 | #include 5 | #include 6 | #include 7 | #include 8 | 9 | /* 10 | format 11 | use 0fff extension 12 | eeax: op code (operand-1): 13 | EINIT(3), EENTER(4), EEXIT(5), 14 | ebx: start memory address of enclave 15 | ecx: end memory address of enclave 16 | */ 17 | 18 | void resume(void* loaded_so_handle) { 19 | /* 20 | __asm__ __volatile__("movl $0x3, %%eax\n\t" 21 | ".byte 0x0f,0x01,0xd7\n\t" 22 | : //output: put current value in reg-ebx to var-ebx. 23 | : "b"(loaded_so_handle) //input: initialize a random register with pointer to var-data. 24 | : "memory"//what is changed by the assembly code: memory is changed. 25 | ); 26 | */ 27 | } 28 | 29 | void e_return(void* exit_point) { 30 | printf(" \n"); 31 | //printf("TT: inside e_return()\n"); 32 | __asm__ __volatile__ ("mov %0, %%rbx\n\t" 33 | "movl $0x04, %%eax\n\t" // EEXIT 34 | ".byte 0x0f,0x01,0xd7" 35 | : //output: put current value in reg-ebx to var-ebx. 36 | : "r" (exit_point) 37 | //input: initialize a random register with pointer to var-data. 38 | //when no operand, just two ::! the following line needs to be commented out 39 | //: //what is changed by the assembly code: memory is changed. 40 | ); 41 | printf("TT: by end of e_return()\n"); 42 | } 43 | 44 | #ifdef DLL_APP 45 | extern "C" { 46 | #endif 47 | 48 | void _entry_point(void){ 49 | //don't put the following DEBUG statement before user_entry_point(), because that would OVERWRITE the value in RDX...!!! why? 50 | void * ptr_rt_args; 51 | void * ptr_exit; 52 | __asm__ __volatile__ ( 53 | "mov %%rcx, %0\n\t" 54 | "mov %%rdx, %1" //__volatile__ is needed, otherwise, ptr_enclave does not get updated in memory! 55 | : "=r" (ptr_exit), "=m" (ptr_rt_args) //somehow ptr_rt_arg may end up with the same reg with ptr_exit 56 | : 57 | ); 58 | 59 | //#ifdef DEBUG 60 | //printf("TT: inside _entry_point: user_entry_point:%p, exit:%p, rt_args:%p\n", user_entry_point, ptr_exit, ptr_rt_args); 61 | //#endif 62 | //keep in mind at this point of time, malloc is already "resolved" to glibc; a later dlopen() will NOT override malloc symbol. Thus, here, to redirect malloc symbol (away from malloc@glibc) to malloc@lib_enclave.c in user_entry_point(), we need to dlsym and manually override the malloc symbol. 63 | //static void* (*malloc)(size_t) = (void* (*)(size_t)) dlsym(ptr_enclave->handle_so, "malloc"); //again, malloc@lib_enclave.c can not be found in rt symbol table. 64 | //static void (*free)(void *) = (void (*)(void *))dlsym(ptr_enclave->handle_so, "free"); 65 | //free(malloc(10)); 66 | user_entry_point(ptr_rt_args); 67 | //#ifdef DEBUG 68 | //printf("TT: inside _entry_point %d\n", 10); 69 | //#endif 70 | e_return(ptr_exit); 71 | } 72 | 73 | 74 | void* lib_malloc(size_t sz) __THROW 75 | { 76 | //printf("TT: hooked lib_malloc()\n"); 77 | //return glibc_malloc(sz); 78 | } 79 | 80 | void lib_free(void *p) __THROW 81 | { 82 | //printf("TT: hooked lib_free()\n"); 83 | //glibc_free(*p); 84 | } 85 | 86 | 87 | #ifdef DLL_APP 88 | } 89 | #endif 90 | 91 | -------------------------------------------------------------------------------- /lab3/App/App.cpp: -------------------------------------------------------------------------------- 1 | // App.cpp : Defines the entry point for the console application. 2 | #include 3 | #include 4 | #include "../Enclave1/Enclave1_u.h" 5 | #include "../Enclave2/Enclave2_u.h" 6 | #include "sgx_eid.h" 7 | #include "sgx_urts.h" 8 | #define __STDC_FORMAT_MACROS 9 | #include 10 | 11 | 12 | #define UNUSED(val) (void)(val) 13 | #define TCHAR char 14 | #define _TCHAR char 15 | #define _T(str) str 16 | #define scanf_s scanf 17 | #define _tmain main 18 | 19 | extern std::map enclave_id; 20 | 21 | 22 | sgx_enclave_id_t enclave_1_id = 0; 23 | sgx_enclave_id_t enclave_2_id = 0; 24 | 25 | #define ENCLAVE1_PATH "libenclave1.so" 26 | #define ENCLAVE2_PATH "libenclave2.so" 27 | 28 | void ocall_suprint(const char *str, int ret[1]) 29 | { 30 | printf("%s", str); 31 | } 32 | 33 | 34 | uint32_t load_enclaves() 35 | { 36 | uint32_t enclave_temp; 37 | int ret, launch_token_updated; 38 | sgx_launch_token_t launch_token; 39 | 40 | enclave_temp = 0; 41 | 42 | ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_1_id, NULL); 43 | if (ret != SGX_SUCCESS) { 44 | return ret; 45 | } 46 | 47 | enclave_temp++; 48 | enclave_id.insert(std::pair(enclave_1_id, enclave_temp)); 49 | 50 | ret = sgx_create_enclave(ENCLAVE2_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_2_id, NULL); 51 | if (ret != SGX_SUCCESS) { 52 | return ret; 53 | } 54 | 55 | enclave_temp++; 56 | enclave_id.insert(std::pair(enclave_2_id, enclave_temp)); 57 | 58 | 59 | return SGX_SUCCESS; 60 | } 61 | 62 | int _tmain(int argc, _TCHAR* argv[]) 63 | { 64 | uint32_t ret_status; 65 | sgx_status_t status; 66 | uint32_t arg1 = 5, arg2 = 4; 67 | 68 | UNUSED(argc); 69 | UNUSED(argv); 70 | 71 | if(load_enclaves() != SGX_SUCCESS) 72 | { 73 | printf("\nLoad Failure"); 74 | } 75 | 76 | do 77 | { 78 | //Test Create session between Enclave1(Source) and Enclave2(Destination) 79 | status = Enclave1_start_create_session(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 80 | if (status!=SGX_SUCCESS) 81 | { 82 | printf("create session failed: Error code is %x", status); 83 | break; 84 | } 85 | 86 | // in class task 87 | printf("\n\nLab Task\nEnclave 1 will send message 0x12345678 to Enclave 2\n"); 88 | //Test message exchange between Enclave1(Source) and Enclave2(Destination) 89 | status = Enclave1_exchange_message(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 90 | if (status!=SGX_SUCCESS) 91 | { 92 | printf("message exchange failed: Error code is %x", status); 93 | break; 94 | } 95 | 96 | 97 | // homework task 98 | printf("\n\nHomework Task\n"); 99 | printf("Input 2 variables. For example, 5 4 :\n"); 100 | scanf("%u%u",&arg1,&arg2); 101 | 102 | //Test Enclave to Enclave call between Enclave1(Source) and Enclave2(Destination) 103 | status = Enclave1_enclave_to_enclave_call(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id,arg1,arg2); 104 | if (status!=SGX_SUCCESS) 105 | { 106 | printf("enclave_to_enclave_call failed: Error code is %x", status); 107 | break; 108 | } 109 | 110 | //Test Closing Session between Enclave1(Source) and Enclave2(Destination) 111 | status = Enclave1_start_close_session(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 112 | if (status!=SGX_SUCCESS) 113 | { 114 | printf("close session failed: Error code is %x", status); 115 | break; 116 | } 117 | 118 | #pragma warning (push) 119 | #pragma warning (disable : 4127) 120 | }while(0); 121 | #pragma warning (pop) 122 | 123 | sgx_destroy_enclave(enclave_1_id); 124 | sgx_destroy_enclave(enclave_2_id); 125 | 126 | return 0; 127 | } 128 | -------------------------------------------------------------------------------- /lab3/lab4/App/App.cpp: -------------------------------------------------------------------------------- 1 | // App.cpp : Defines the entry point for the console application. 2 | #include 3 | #include 4 | #include "../Enclave1/Enclave1_u.h" 5 | #include "../Enclave2/Enclave2_u.h" 6 | #include "sgx_eid.h" 7 | #include "sgx_urts.h" 8 | #define __STDC_FORMAT_MACROS 9 | #include 10 | 11 | 12 | #define UNUSED(val) (void)(val) 13 | #define TCHAR char 14 | #define _TCHAR char 15 | #define _T(str) str 16 | #define scanf_s scanf 17 | #define _tmain main 18 | 19 | extern std::map enclave_id; 20 | 21 | 22 | sgx_enclave_id_t enclave_1_id = 0; 23 | sgx_enclave_id_t enclave_2_id = 0; 24 | 25 | #define ENCLAVE1_PATH "libenclave1.so" 26 | #define ENCLAVE2_PATH "libenclave2.so" 27 | 28 | void ocall_suprint(const char *str, int ret[1]) 29 | { 30 | printf("%s", str); 31 | } 32 | 33 | 34 | uint32_t load_enclaves() 35 | { 36 | uint32_t enclave_temp; 37 | int ret, launch_token_updated; 38 | sgx_launch_token_t launch_token; 39 | 40 | enclave_temp = 0; 41 | 42 | ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_1_id, NULL); 43 | if (ret != SGX_SUCCESS) { 44 | return ret; 45 | } 46 | 47 | enclave_temp++; 48 | enclave_id.insert(std::pair(enclave_1_id, enclave_temp)); 49 | 50 | ret = sgx_create_enclave(ENCLAVE2_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_2_id, NULL); 51 | if (ret != SGX_SUCCESS) { 52 | return ret; 53 | } 54 | 55 | enclave_temp++; 56 | enclave_id.insert(std::pair(enclave_2_id, enclave_temp)); 57 | 58 | 59 | return SGX_SUCCESS; 60 | } 61 | 62 | int _tmain(int argc, _TCHAR* argv[]) 63 | { 64 | uint32_t ret_status; 65 | sgx_status_t status; 66 | uint32_t arg1 = 5, arg2 = 4; 67 | 68 | UNUSED(argc); 69 | UNUSED(argv); 70 | 71 | if(load_enclaves() != SGX_SUCCESS) 72 | { 73 | printf("\nLoad Failure"); 74 | } 75 | 76 | do 77 | { 78 | //Test Create session between Enclave1(Source) and Enclave2(Destination) 79 | status = Enclave1_start_create_session(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 80 | if (status!=SGX_SUCCESS) 81 | { 82 | printf("create session failed: Error code is %x", status); 83 | break; 84 | } 85 | 86 | // in class task 87 | printf("\n\nLab Task\nEnclave 1 will send message 0x12345678 to Enclave 2\n"); 88 | //Test message exchange between Enclave1(Source) and Enclave2(Destination) 89 | status = Enclave1_exchange_message(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 90 | if (status!=SGX_SUCCESS) 91 | { 92 | printf("message exchange failed: Error code is %x", status); 93 | break; 94 | } 95 | 96 | 97 | // homework task 98 | printf("\n\nHomework Task\n"); 99 | printf("Input 2 variables. For example, 5 4 :\n"); 100 | scanf("%u%u",&arg1,&arg2); 101 | 102 | //Test Enclave to Enclave call between Enclave1(Source) and Enclave2(Destination) 103 | status = Enclave1_enclave_to_enclave_call(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id,arg1,arg2); 104 | if (status!=SGX_SUCCESS) 105 | { 106 | printf("enclave_to_enclave_call failed: Error code is %x", status); 107 | break; 108 | } 109 | 110 | //Test Closing Session between Enclave1(Source) and Enclave2(Destination) 111 | status = Enclave1_start_close_session(enclave_1_id, &ret_status, enclave_1_id, enclave_2_id); 112 | if (status!=SGX_SUCCESS) 113 | { 114 | printf("close session failed: Error code is %x", status); 115 | break; 116 | } 117 | 118 | #pragma warning (push) 119 | #pragma warning (disable : 4127) 120 | }while(0); 121 | #pragma warning (pop) 122 | 123 | sgx_destroy_enclave(enclave_1_id); 124 | sgx_destroy_enclave(enclave_2_id); 125 | 126 | return 0; 127 | } 128 | -------------------------------------------------------------------------------- /lab2/README.md: -------------------------------------------------------------------------------- 1 | Module 2: Side-channel Vulnerability and Protection 2 | --- 3 | 4 | #### Preparation 5 | 6 | 1. C/C++ programming. 7 | 2. Knowledge in sorting algorithms 8 | 9 | #### In-class Lab (1): Leakage of Sorting Algorithms 10 | 11 | In a computation, data obliviousness means the data access from the computation is the same no matter what values the input data takes. 12 | This lab is for you students to understand the data obliviousness of common sorting algorithms, including bubble sort, merge sort, etc. This data-dependency will further make the side-channel attack possible in the enclave computation. 13 | 14 | To be specific, this lab requires you to complete some sorting algorithms on an array, and observe the data access trace in array indices, and more importantly, whether the trace differs when input array changes (that is, obliviousness). 15 | For your convenience, index accessing trace will be automatically printed out when you try to use a Class called `TrackedList`. You can use the class as the similar usage with array. For example, 16 | 17 | ```C++ 18 | TrackedList list; 19 | list[0] = 3; 20 | list[1] = list[2]; 21 | // Indices trace will be printed out 22 | // (0)(2)(1) 23 | 24 | 25 | TrackedList * lptr; 26 | (*lptr)[0] = 0; 27 | (*lptr)[2] = (*lptr)[1]; 28 | // Indices trace will be printed out 29 | // (0)(1)(2) 30 | ``` 31 | 32 | ##### Obliviousness in bubble sort/merge sort 33 | 34 | 1. Task 1: implement a merge sort in the stub function `mergeSort()` (in file `src/msort.cpp`). 35 | - Observe the printed access trace, which is interpreted below: 36 | - The number inside the parenthesis is the index of an array access, and the number outside is the element value of the access. For instance, `(8) 5 (2) 3` are two accesses, with the first on array index `8` of value `5` and second on array index `2` of value `3`. 37 | - Observe whether the access trace changes when you feed different inputs. 38 | - For simplicity, you only need to consider the case of 8 element array in all tasks of this lab. 39 | 40 | 2. Task 2: implement a bubble sort in the stub function `bubbleSort()` (in file `src/bsort.cpp`). 41 | - Observe the printed access trace 42 | - Observe whether the access trace changes when you feed different inputs. 43 | 44 | #### Homework Lab (2): Other algorithms 45 | 46 | In the in-class exercise, we observe the data obliviousness of merge/bubble sort. In this homework, we try to extend the understanding from obliviousness to side-channel attacks. 47 | 48 | A "real" scenario is this: Consider your lecturer uploads your grades to the Amazon cloud to do some computation that requires sorting, say computing the medium or max grade. To protect your privacy (under FERPA), the lecture carefully opts in the "enclave" option in cloud processing, that is, to encrypt all students records and have the plaintext computation only inside the remote enclave. In this setting, an adversary, be it Amazon, can (A1) manipulate the encrypted list of student grades and (A2) may know the roaster (student names). The adversary also has the capability of (A3) monitoring the data-access trace from the in-enclave sorting computation. 49 | 50 | ![Sort and Side Channel](./sorting_side_channel.jpg) 51 | 52 | 53 | 3. Task 3: Follow up on Task 1, 2. 54 | - If you get to see different traces of your merge-sort (Task 1), think of an "attack" strategy that the Amazon adversary can extract the secret (e.g. student grades) from the access trace. 55 | - If you get to see different traces of your bubble-sort (Task 2), think of a "protection" solution by revising your implementation so that the traces under different inputs are the same. 56 | 4. In Task 4, choose one of the two algorithms to implement (randomized quick sort or edit distance), and observe the access trace. 57 | - Observe the printed access trace 58 | - Observe whether the access trace changes when you feed different inputs. 59 | * [Bonus] Describe if your implementation produces data-dependent (or oblivious) traces. If yes, 60 | - [A] think of an "attack" solution that the adversary can extract the secret student records from the trace. 61 | - [B] think of a "protection" solution to make the trace data-independent. 62 | 63 | -------------------------------------------------------------------------------- /lab3/LocalAttestationCode/datatypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #include "sgx_report.h" 33 | #include "sgx_eid.h" 34 | #include "sgx_ecp_types.h" 35 | #include "sgx_dh.h" 36 | #include "sgx_tseal.h" 37 | 38 | #ifndef DATATYPES_H_ 39 | #define DATATYPES_H_ 40 | 41 | #define DH_KEY_SIZE 20 42 | #define NONCE_SIZE 16 43 | #define MAC_SIZE 16 44 | #define MAC_KEY_SIZE 16 45 | #define PADDING_SIZE 16 46 | 47 | #define TAG_SIZE 16 48 | #define IV_SIZE 12 49 | 50 | #define DERIVE_MAC_KEY 0x0 51 | #define DERIVE_SESSION_KEY 0x1 52 | #define DERIVE_VK1_KEY 0x3 53 | #define DERIVE_VK2_KEY 0x4 54 | 55 | #define CLOSED 0x0 56 | #define IN_PROGRESS 0x1 57 | #define ACTIVE 0x2 58 | 59 | #define MESSAGE_EXCHANGE 0x0 60 | #define ENCLAVE_TO_ENCLAVE_CALL 0x1 61 | 62 | #define INVALID_ARGUMENT -2 ///< Invalid function argument 63 | #define LOGIC_ERROR -3 ///< Functional logic error 64 | #define FILE_NOT_FOUND -4 ///< File not found 65 | 66 | #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}} 67 | 68 | #define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB 69 | 70 | typedef uint8_t dh_nonce[NONCE_SIZE]; 71 | typedef uint8_t cmac_128[MAC_SIZE]; 72 | 73 | #pragma pack(push, 1) 74 | 75 | //Format of the AES-GCM message being exchanged between the source and the destination enclaves 76 | typedef struct _secure_message_t 77 | { 78 | uint32_t session_id; //Session ID identifyting the session to which the message belongs 79 | sgx_aes_gcm_data_t message_aes_gcm_data; 80 | }secure_message_t; 81 | 82 | //Format of the input function parameter structure 83 | typedef struct _ms_in_msg_exchange_t { 84 | uint32_t msg_type; //Type of Call E2E or general message exchange 85 | uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL 86 | uint32_t inparam_buff_len; //Length of the serialized input parameters 87 | char inparam_buff[]; //Serialized input parameters 88 | } ms_in_msg_exchange_t; 89 | 90 | //Format of the return value and output function parameter structure 91 | typedef struct _ms_out_msg_exchange_t { 92 | uint32_t retval_len; //Length of the return value 93 | uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters 94 | char ret_outparam_buff[]; //Serialized return value and output parameters 95 | } ms_out_msg_exchange_t; 96 | 97 | //Session Tracker to generate session ids 98 | typedef struct _session_id_tracker_t 99 | { 100 | uint32_t session_id; 101 | }session_id_tracker_t; 102 | 103 | #pragma pack(pop) 104 | 105 | #endif 106 | -------------------------------------------------------------------------------- /lab3/lab4/LocalAttestationCode/datatypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. 3 | * 4 | * Redistribution and use in source and binary forms, with or without 5 | * modification, are permitted provided that the following conditions 6 | * are met: 7 | * 8 | * * Redistributions of source code must retain the above copyright 9 | * notice, this list of conditions and the following disclaimer. 10 | * * Redistributions in binary form must reproduce the above copyright 11 | * notice, this list of conditions and the following disclaimer in 12 | * the documentation and/or other materials provided with the 13 | * distribution. 14 | * * Neither the name of Intel Corporation nor the names of its 15 | * contributors may be used to endorse or promote products derived 16 | * from this software without specific prior written permission. 17 | * 18 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 19 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 20 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 21 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 22 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 23 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 24 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 25 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 26 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 27 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 28 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 29 | * 30 | */ 31 | 32 | #include "sgx_report.h" 33 | #include "sgx_eid.h" 34 | #include "sgx_ecp_types.h" 35 | #include "sgx_dh.h" 36 | #include "sgx_tseal.h" 37 | 38 | #ifndef DATATYPES_H_ 39 | #define DATATYPES_H_ 40 | 41 | #define DH_KEY_SIZE 20 42 | #define NONCE_SIZE 16 43 | #define MAC_SIZE 16 44 | #define MAC_KEY_SIZE 16 45 | #define PADDING_SIZE 16 46 | 47 | #define TAG_SIZE 16 48 | #define IV_SIZE 12 49 | 50 | #define DERIVE_MAC_KEY 0x0 51 | #define DERIVE_SESSION_KEY 0x1 52 | #define DERIVE_VK1_KEY 0x3 53 | #define DERIVE_VK2_KEY 0x4 54 | 55 | #define CLOSED 0x0 56 | #define IN_PROGRESS 0x1 57 | #define ACTIVE 0x2 58 | 59 | #define MESSAGE_EXCHANGE 0x0 60 | #define ENCLAVE_TO_ENCLAVE_CALL 0x1 61 | 62 | #define INVALID_ARGUMENT -2 ///< Invalid function argument 63 | #define LOGIC_ERROR -3 ///< Functional logic error 64 | #define FILE_NOT_FOUND -4 ///< File not found 65 | 66 | #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}} 67 | 68 | #define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB 69 | 70 | typedef uint8_t dh_nonce[NONCE_SIZE]; 71 | typedef uint8_t cmac_128[MAC_SIZE]; 72 | 73 | #pragma pack(push, 1) 74 | 75 | //Format of the AES-GCM message being exchanged between the source and the destination enclaves 76 | typedef struct _secure_message_t 77 | { 78 | uint32_t session_id; //Session ID identifyting the session to which the message belongs 79 | sgx_aes_gcm_data_t message_aes_gcm_data; 80 | }secure_message_t; 81 | 82 | //Format of the input function parameter structure 83 | typedef struct _ms_in_msg_exchange_t { 84 | uint32_t msg_type; //Type of Call E2E or general message exchange 85 | uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL 86 | uint32_t inparam_buff_len; //Length of the serialized input parameters 87 | char inparam_buff[]; //Serialized input parameters 88 | } ms_in_msg_exchange_t; 89 | 90 | //Format of the return value and output function parameter structure 91 | typedef struct _ms_out_msg_exchange_t { 92 | uint32_t retval_len; //Length of the return value 93 | uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters 94 | char ret_outparam_buff[]; //Serialized return value and output parameters 95 | } ms_out_msg_exchange_t; 96 | 97 | //Session Tracker to generate session ids 98 | typedef struct _session_id_tracker_t 99 | { 100 | uint32_t session_id; 101 | }session_id_tracker_t; 102 | 103 | #pragma pack(pop) 104 | 105 | #endif 106 | -------------------------------------------------------------------------------- /lab2/src/lib_untrusted.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include"lib_untrusted.h" 3 | #include 4 | #ifdef DLL_APP 5 | #include 6 | #endif 7 | #include 8 | #include 9 | 10 | #include "../../emulator/emulator/sgx.h" 11 | 12 | void * static_alloc_enclave_mem(){ 13 | void * enclave_heap = malloc(1024); 14 | return enclave_heap; 15 | } 16 | 17 | void einit(){ 18 | //do nothing for now. 19 | } 20 | 21 | #ifdef DLL_APP 22 | 23 | struct enclave_mem_image * dload_enclave_so(const char * filename) { 24 | struct enclave_mem_image * enclave_handle = (struct enclave_mem_image *)malloc(sizeof(struct enclave_mem_image)); 25 | char* error; 26 | 27 | enclave_handle->handle_so = dlopen(filename, RTLD_LAZY); 28 | if (!enclave_handle->handle_so) { 29 | fprintf(stderr, "%s\n", dlerror()); 30 | exit(1); 31 | } 32 | 33 | if ((error = dlerror()) != NULL) { 34 | fprintf(stderr, "%s\n", error); 35 | exit(1); 36 | } 37 | 38 | enclave_handle->heap = static_alloc_enclave_mem(); 39 | // einit() to lock and sign the initialized enclave 40 | einit(); 41 | return enclave_handle; 42 | } 43 | 44 | void dunload_enclave_so(enclave_mem_image* which_enclave) { 45 | if (dlclose(which_enclave->handle_so) < 0) { 46 | fprintf(stderr, "%s\n", dlerror()); 47 | exit(1); 48 | } 49 | } 50 | 51 | #endif 52 | unsigned long old_rsp; 53 | 54 | void e_enter(void (* entry_point)(void*), struct enclave_mem_image * which_enclave) { 55 | //enter enclave 56 | long rip_enter = 0; 57 | which_enclave->tcs = (TCS *)malloc(sizeof(TCS)); 58 | ((TCS*)which_enclave->tcs)->oentry = (long unsigned int)entry_point; 59 | 60 | __asm__ __volatile__ ( 61 | "lea (%%rip), %0" //save current instruction pointer 62 | : "=r" (rip_enter)); 63 | 64 | //printf("TT: begin of e_enter: which_enclave: %p; entry_point: %p, rip_enter:%lx, rt_args: %p\n", which_enclave, entry_point, rip_enter, which_enclave->rt_args); 65 | __asm__ __volatile__ ("mov %%rsp, %0\n\t" 66 | : "=r"(old_rsp) 67 | : 68 | :); 69 | //followed the SGX reference here: chapter 5: software.intel.com/sites/default/files/329298-002.pdf 70 | //wrapping foo 71 | __asm__ __volatile__ ( 72 | "mov %1, %%rbx\n\t" // address of tcs 73 | "mov %2, %%rdx\n\t" // App-level argument to enter Enclave. 74 | "movl $0x02, %%eax\n\t" // EENTER, instruction type 75 | ".byte 0x0f,0x01,0xd7\n\t" // call opcode 01d7 76 | "mov %%rbx, %0" 77 | : "=r" (which_enclave->tcs) //output 78 | : "r" (which_enclave->tcs), "r" (which_enclave->rt_args) //input: initialize a random register with pointer to var-data. 79 | : "eax", "rbx", "rdx"//"memory"//what is changed by the assembly code: memory is changed. 80 | //we need two pass BOTH arguments, because one is visible to kernel, rt_args visible to user-space 81 | ); 82 | //printf("TT: end of e_enter()\n"); 83 | __asm__ __volatile__ ("mov %0, %%rsp\n\t" 84 | : 85 | : "r"(old_rsp) 86 | :); 87 | } 88 | 89 | //which_enclave is handle of loaded shared object 90 | void call_enclave(enclave_mem_image* which_enclave, void* args) { 91 | void (* local_entry_point)(void*) = (void (*)(void*))dlsym(which_enclave->handle_so, "_entry_point"); 92 | 93 | Dl_info info; 94 | dladdr((void *)local_entry_point, &info); //local_entry_point is itself a pointer!!! 95 | void * baseaddr = info.dli_fbase; 96 | long static_address_offset = (long)local_entry_point - (long)baseaddr; 97 | //char a[4]; 98 | 99 | #ifdef DEBUG 100 | // printf("TT: base:%p, _entry_point:%p, diff: %ld, args: %p\n", baseaddr, local_entry_point, (long)local_entry_point - (long)baseaddr, args); 101 | const int LINE_SIZE = 17; 102 | char * aline = (char*)malloc(LINE_SIZE * sizeof(char)); 103 | //the following throws stack_smashing detected 104 | //char aline[LINE_SIZE]; 105 | for(int i = 0; i < LINE_SIZE; i++) aline[i]=0; //needed for heap array. 106 | int fd = open("/proc/self/maps", O_RDONLY); 107 | int bytes_read; 108 | while ( (bytes_read = read(fd, aline, LINE_SIZE - 1)) > 0 ){ 109 | if(bytes_read < LINE_SIZE - 1) { 110 | aline[bytes_read]='\0'; 111 | } 112 | printf("%s", aline); 113 | //printf("||%d||", bytes_read); 114 | } 115 | printf("note: sections in order: .text, .rodata, .bss \n"); 116 | free(aline); 117 | #endif 118 | which_enclave->rt_args = args; 119 | e_enter(local_entry_point, which_enclave); 120 | // printf("end of call_enclave()\n"); 121 | } 122 | 123 | -------------------------------------------------------------------------------- /lab3/Enclave1/Utility_E1.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "EnclaveMessageExchange.h" 3 | #include "error_codes.h" 4 | #include "Utility_E1.h" 5 | #include "stdlib.h" 6 | #include "string.h" 7 | 8 | uint32_t marshal_input_parameters_e2(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len) 9 | { 10 | ms_in_msg_exchange_t *ms; 11 | size_t param_len, ms_len; 12 | char *temp_buff; 13 | 14 | param_len = sizeof(var1)+sizeof(var2); 15 | temp_buff = (char*)malloc(param_len); 16 | if(!temp_buff) 17 | return MALLOC_ERROR; 18 | 19 | memcpy(temp_buff,&var1,sizeof(var1)); 20 | memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2)); 21 | ms_len = sizeof(ms_in_msg_exchange_t) + param_len; 22 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 23 | if(!ms) 24 | { 25 | SAFE_FREE(temp_buff); 26 | return MALLOC_ERROR; 27 | } 28 | ms->msg_type = msg_type; 29 | ms->target_fn_id = target_fn_id; 30 | ms->inparam_buff_len = (uint32_t)param_len; 31 | memcpy(&ms->inparam_buff, temp_buff, param_len); 32 | *marshalled_buff = (char*)ms; 33 | *marshalled_buff_len = ms_len; 34 | SAFE_FREE(temp_buff); 35 | return SUCCESS; 36 | } 37 | 38 | uint32_t unmarshal_retval_and_output_parameters_e2(char* out_buff, char** retval) 39 | { 40 | size_t retval_len; 41 | ms_out_msg_exchange_t *ms; 42 | if(!out_buff) 43 | return INVALID_PARAMETER_ERROR; 44 | ms = (ms_out_msg_exchange_t *)out_buff; 45 | retval_len = ms->retval_len; 46 | *retval = (char*)malloc(retval_len); 47 | if(!*retval) 48 | return MALLOC_ERROR; 49 | 50 | memcpy(*retval, ms->ret_outparam_buff, retval_len); 51 | return SUCCESS; 52 | } 53 | 54 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) 55 | { 56 | ms_in_msg_exchange_t *ms; 57 | size_t secret_data_len, ms_len; 58 | if(!marshalled_buff_len) 59 | return INVALID_PARAMETER_ERROR; 60 | secret_data_len = sizeof(secret_data); 61 | ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; 62 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 63 | if(!ms) 64 | return MALLOC_ERROR; 65 | 66 | ms->msg_type = msg_type; 67 | ms->target_fn_id = target_fn_id; 68 | ms->inparam_buff_len = (uint32_t)secret_data_len; 69 | memcpy(&ms->inparam_buff, &secret_data, secret_data_len); 70 | *marshalled_buff = (char*)ms; 71 | *marshalled_buff_len = ms_len; 72 | return SUCCESS; 73 | } 74 | 75 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) 76 | { 77 | char* buff; 78 | size_t len; 79 | if(!inp_secret_data || !ms) 80 | return INVALID_PARAMETER_ERROR; 81 | buff = ms->inparam_buff; 82 | len = ms->inparam_buff_len; 83 | if(len != sizeof(uint32_t)) 84 | return ATTESTATION_ERROR; 85 | 86 | memcpy(inp_secret_data, buff, sizeof(uint32_t)); 87 | 88 | return SUCCESS; 89 | } 90 | 91 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) 92 | { 93 | ms_out_msg_exchange_t *ms; 94 | size_t secret_response_len, ms_len; 95 | size_t retval_len, ret_param_len; 96 | if(!resp_length) 97 | return INVALID_PARAMETER_ERROR; 98 | secret_response_len = sizeof(secret_response); 99 | retval_len = secret_response_len; 100 | ret_param_len = secret_response_len; 101 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 102 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 103 | if(!ms) 104 | return MALLOC_ERROR; 105 | 106 | ms->retval_len = (uint32_t)retval_len; 107 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 108 | memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); 109 | *resp_buffer = (char*)ms; 110 | *resp_length = ms_len; 111 | return SUCCESS; 112 | } 113 | 114 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) 115 | { 116 | size_t retval_len; 117 | ms_out_msg_exchange_t *ms; 118 | if(!out_buff) 119 | return INVALID_PARAMETER_ERROR; 120 | ms = (ms_out_msg_exchange_t *)out_buff; 121 | retval_len = ms->retval_len; 122 | *secret_response = (char*)malloc(retval_len); 123 | if(!*secret_response) 124 | { 125 | return MALLOC_ERROR; 126 | } 127 | memcpy(*secret_response, ms->ret_outparam_buff, retval_len); 128 | return SUCCESS; 129 | } 130 | 131 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Utility_E1.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "EnclaveMessageExchange.h" 3 | #include "error_codes.h" 4 | #include "Utility_E1.h" 5 | #include "stdlib.h" 6 | #include "string.h" 7 | 8 | uint32_t marshal_input_parameters_e2(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len) 9 | { 10 | ms_in_msg_exchange_t *ms; 11 | size_t param_len, ms_len; 12 | char *temp_buff; 13 | 14 | param_len = sizeof(var1)+sizeof(var2); 15 | temp_buff = (char*)malloc(param_len); 16 | if(!temp_buff) 17 | return MALLOC_ERROR; 18 | 19 | memcpy(temp_buff,&var1,sizeof(var1)); 20 | memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2)); 21 | ms_len = sizeof(ms_in_msg_exchange_t) + param_len; 22 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 23 | if(!ms) 24 | { 25 | SAFE_FREE(temp_buff); 26 | return MALLOC_ERROR; 27 | } 28 | ms->msg_type = msg_type; 29 | ms->target_fn_id = target_fn_id; 30 | ms->inparam_buff_len = (uint32_t)param_len; 31 | memcpy(&ms->inparam_buff, temp_buff, param_len); 32 | *marshalled_buff = (char*)ms; 33 | *marshalled_buff_len = ms_len; 34 | SAFE_FREE(temp_buff); 35 | return SUCCESS; 36 | } 37 | 38 | uint32_t unmarshal_retval_and_output_parameters_e2(char* out_buff, char** retval) 39 | { 40 | size_t retval_len; 41 | ms_out_msg_exchange_t *ms; 42 | if(!out_buff) 43 | return INVALID_PARAMETER_ERROR; 44 | ms = (ms_out_msg_exchange_t *)out_buff; 45 | retval_len = ms->retval_len; 46 | *retval = (char*)malloc(retval_len); 47 | if(!*retval) 48 | return MALLOC_ERROR; 49 | 50 | memcpy(*retval, ms->ret_outparam_buff, retval_len); 51 | return SUCCESS; 52 | } 53 | 54 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) 55 | { 56 | ms_in_msg_exchange_t *ms; 57 | size_t secret_data_len, ms_len; 58 | if(!marshalled_buff_len) 59 | return INVALID_PARAMETER_ERROR; 60 | secret_data_len = sizeof(secret_data); 61 | ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; 62 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 63 | if(!ms) 64 | return MALLOC_ERROR; 65 | 66 | ms->msg_type = msg_type; 67 | ms->target_fn_id = target_fn_id; 68 | ms->inparam_buff_len = (uint32_t)secret_data_len; 69 | memcpy(&ms->inparam_buff, &secret_data, secret_data_len); 70 | *marshalled_buff = (char*)ms; 71 | *marshalled_buff_len = ms_len; 72 | return SUCCESS; 73 | } 74 | 75 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) 76 | { 77 | char* buff; 78 | size_t len; 79 | if(!inp_secret_data || !ms) 80 | return INVALID_PARAMETER_ERROR; 81 | buff = ms->inparam_buff; 82 | len = ms->inparam_buff_len; 83 | if(len != sizeof(uint32_t)) 84 | return ATTESTATION_ERROR; 85 | 86 | memcpy(inp_secret_data, buff, sizeof(uint32_t)); 87 | 88 | return SUCCESS; 89 | } 90 | 91 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) 92 | { 93 | ms_out_msg_exchange_t *ms; 94 | size_t secret_response_len, ms_len; 95 | size_t retval_len, ret_param_len; 96 | if(!resp_length) 97 | return INVALID_PARAMETER_ERROR; 98 | secret_response_len = sizeof(secret_response); 99 | retval_len = secret_response_len; 100 | ret_param_len = secret_response_len; 101 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 102 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 103 | if(!ms) 104 | return MALLOC_ERROR; 105 | 106 | ms->retval_len = (uint32_t)retval_len; 107 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 108 | memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); 109 | *resp_buffer = (char*)ms; 110 | *resp_length = ms_len; 111 | return SUCCESS; 112 | } 113 | 114 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) 115 | { 116 | size_t retval_len; 117 | ms_out_msg_exchange_t *ms; 118 | if(!out_buff) 119 | return INVALID_PARAMETER_ERROR; 120 | ms = (ms_out_msg_exchange_t *)out_buff; 121 | retval_len = ms->retval_len; 122 | *secret_response = (char*)malloc(retval_len); 123 | if(!*secret_response) 124 | { 125 | return MALLOC_ERROR; 126 | } 127 | memcpy(*secret_response, ms->ret_outparam_buff, retval_len); 128 | return SUCCESS; 129 | } 130 | 131 | -------------------------------------------------------------------------------- /lab3/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "error_codes.h" 3 | #include "datatypes.h" 4 | #include "sgx_urts.h" 5 | #include "UntrustedEnclaveMessageExchange.h" 6 | #include "sgx_dh.h" 7 | #include 8 | 9 | std::mapenclave_id; 10 | 11 | //Makes an sgx_ecall to the destination enclave to get session id and message1 12 | ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id) 13 | { 14 | uint32_t status = 0; 15 | sgx_status_t ret = SGX_SUCCESS; 16 | uint32_t temp_enclave_no; 17 | 18 | std::map::iterator it = enclave_id.find(dest_enclave_id); 19 | if(it != enclave_id.end()) 20 | { 21 | temp_enclave_no = it->second; 22 | } 23 | else 24 | { 25 | return INVALID_SESSION; 26 | } 27 | 28 | switch(temp_enclave_no) 29 | { 30 | case 1: 31 | ret = Enclave1_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id); 32 | break; 33 | case 2: 34 | ret = Enclave2_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id); 35 | break; 36 | } 37 | if (ret == SGX_SUCCESS) 38 | return (ATTESTATION_STATUS)status; 39 | else 40 | return INVALID_SESSION; 41 | 42 | } 43 | //Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave 44 | ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id) 45 | { 46 | uint32_t status = 0; 47 | sgx_status_t ret = SGX_SUCCESS; 48 | uint32_t temp_enclave_no; 49 | 50 | std::map::iterator it = enclave_id.find(dest_enclave_id); 51 | if(it != enclave_id.end()) 52 | { 53 | temp_enclave_no = it->second; 54 | } 55 | else 56 | { 57 | return INVALID_SESSION; 58 | } 59 | 60 | switch(temp_enclave_no) 61 | { 62 | case 1: 63 | ret = Enclave1_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id); 64 | break; 65 | case 2: 66 | ret = Enclave2_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id); 67 | break; 68 | } 69 | if (ret == SGX_SUCCESS) 70 | return (ATTESTATION_STATUS)status; 71 | else 72 | return INVALID_SESSION; 73 | 74 | } 75 | 76 | //Make an sgx_ecall to the destination enclave function that generates the actual response 77 | ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size) 78 | { 79 | uint32_t status = 0; 80 | sgx_status_t ret = SGX_SUCCESS; 81 | uint32_t temp_enclave_no; 82 | 83 | std::map::iterator it = enclave_id.find(dest_enclave_id); 84 | if(it != enclave_id.end()) 85 | { 86 | temp_enclave_no = it->second; 87 | } 88 | else 89 | { 90 | return INVALID_SESSION; 91 | } 92 | 93 | switch(temp_enclave_no) 94 | { 95 | case 1: 96 | ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); 97 | break; 98 | case 2: 99 | ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); 100 | break; 101 | } 102 | if (ret == SGX_SUCCESS) 103 | return (ATTESTATION_STATUS)status; 104 | else 105 | return INVALID_SESSION; 106 | 107 | } 108 | 109 | //Make an sgx_ecall to the destination enclave to close the session 110 | ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) 111 | { 112 | uint32_t status = 0; 113 | sgx_status_t ret = SGX_SUCCESS; 114 | uint32_t temp_enclave_no; 115 | 116 | std::map::iterator it = enclave_id.find(dest_enclave_id); 117 | if(it != enclave_id.end()) 118 | { 119 | temp_enclave_no = it->second; 120 | } 121 | else 122 | { 123 | return INVALID_SESSION; 124 | } 125 | 126 | switch(temp_enclave_no) 127 | { 128 | case 1: 129 | ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id); 130 | break; 131 | case 2: 132 | ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id); 133 | break; 134 | } 135 | if (ret == SGX_SUCCESS) 136 | return (ATTESTATION_STATUS)status; 137 | else 138 | return INVALID_SESSION; 139 | 140 | } 141 | -------------------------------------------------------------------------------- /lab3/lab4/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "error_codes.h" 3 | #include "datatypes.h" 4 | #include "sgx_urts.h" 5 | #include "UntrustedEnclaveMessageExchange.h" 6 | #include "sgx_dh.h" 7 | #include 8 | 9 | std::mapenclave_id; 10 | 11 | //Makes an sgx_ecall to the destination enclave to get session id and message1 12 | ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id) 13 | { 14 | uint32_t status = 0; 15 | sgx_status_t ret = SGX_SUCCESS; 16 | uint32_t temp_enclave_no; 17 | 18 | std::map::iterator it = enclave_id.find(dest_enclave_id); 19 | if(it != enclave_id.end()) 20 | { 21 | temp_enclave_no = it->second; 22 | } 23 | else 24 | { 25 | return INVALID_SESSION; 26 | } 27 | 28 | switch(temp_enclave_no) 29 | { 30 | case 1: 31 | ret = Enclave1_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id); 32 | break; 33 | case 2: 34 | ret = Enclave2_session_request(dest_enclave_id, &status, src_enclave_id, dh_msg1, session_id); 35 | break; 36 | } 37 | if (ret == SGX_SUCCESS) 38 | return (ATTESTATION_STATUS)status; 39 | else 40 | return INVALID_SESSION; 41 | 42 | } 43 | //Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave 44 | ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id) 45 | { 46 | uint32_t status = 0; 47 | sgx_status_t ret = SGX_SUCCESS; 48 | uint32_t temp_enclave_no; 49 | 50 | std::map::iterator it = enclave_id.find(dest_enclave_id); 51 | if(it != enclave_id.end()) 52 | { 53 | temp_enclave_no = it->second; 54 | } 55 | else 56 | { 57 | return INVALID_SESSION; 58 | } 59 | 60 | switch(temp_enclave_no) 61 | { 62 | case 1: 63 | ret = Enclave1_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id); 64 | break; 65 | case 2: 66 | ret = Enclave2_exchange_report(dest_enclave_id, &status, src_enclave_id, dh_msg2, dh_msg3, session_id); 67 | break; 68 | } 69 | if (ret == SGX_SUCCESS) 70 | return (ATTESTATION_STATUS)status; 71 | else 72 | return INVALID_SESSION; 73 | 74 | } 75 | 76 | //Make an sgx_ecall to the destination enclave function that generates the actual response 77 | ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size) 78 | { 79 | uint32_t status = 0; 80 | sgx_status_t ret = SGX_SUCCESS; 81 | uint32_t temp_enclave_no; 82 | 83 | std::map::iterator it = enclave_id.find(dest_enclave_id); 84 | if(it != enclave_id.end()) 85 | { 86 | temp_enclave_no = it->second; 87 | } 88 | else 89 | { 90 | return INVALID_SESSION; 91 | } 92 | 93 | switch(temp_enclave_no) 94 | { 95 | case 1: 96 | ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); 97 | break; 98 | case 2: 99 | ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); 100 | break; 101 | } 102 | if (ret == SGX_SUCCESS) 103 | return (ATTESTATION_STATUS)status; 104 | else 105 | return INVALID_SESSION; 106 | 107 | } 108 | 109 | //Make an sgx_ecall to the destination enclave to close the session 110 | ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) 111 | { 112 | uint32_t status = 0; 113 | sgx_status_t ret = SGX_SUCCESS; 114 | uint32_t temp_enclave_no; 115 | 116 | std::map::iterator it = enclave_id.find(dest_enclave_id); 117 | if(it != enclave_id.end()) 118 | { 119 | temp_enclave_no = it->second; 120 | } 121 | else 122 | { 123 | return INVALID_SESSION; 124 | } 125 | 126 | switch(temp_enclave_no) 127 | { 128 | case 1: 129 | ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id); 130 | break; 131 | case 2: 132 | ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id); 133 | break; 134 | } 135 | if (ret == SGX_SUCCESS) 136 | return (ATTESTATION_STATUS)status; 137 | else 138 | return INVALID_SESSION; 139 | 140 | } 141 | -------------------------------------------------------------------------------- /lab3/Enclave2/Utility_E2.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "EnclaveMessageExchange.h" 3 | #include "error_codes.h" 4 | #include "Utility_E2.h" 5 | #include "stdlib.h" 6 | #include "string.h" 7 | 8 | uint32_t unmarshal_input_parameters_e2(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms) 9 | { 10 | char* buff; 11 | size_t len; 12 | if(!var1 || !var2 || !ms) 13 | return INVALID_PARAMETER_ERROR; 14 | 15 | buff = ms->inparam_buff; 16 | len = ms->inparam_buff_len; 17 | 18 | if(len != (sizeof(*var1) + sizeof(*var2))) 19 | return ATTESTATION_ERROR; 20 | 21 | memcpy(var1, buff, sizeof(*var1)); 22 | memcpy(var2, buff + sizeof(*var1), sizeof(*var2)); 23 | 24 | return SUCCESS; 25 | } 26 | 27 | uint32_t marshal_retval_and_output_parameters_e2(char** resp_buffer, size_t* resp_length, uint32_t retval) 28 | { 29 | ms_out_msg_exchange_t *ms; 30 | size_t ret_param_len, ms_len; 31 | char *temp_buff; 32 | size_t retval_len; 33 | if(!resp_length) 34 | return INVALID_PARAMETER_ERROR; 35 | retval_len = sizeof(retval); 36 | ret_param_len = retval_len; //no out parameters 37 | temp_buff = (char*)malloc(ret_param_len); 38 | if(!temp_buff) 39 | return MALLOC_ERROR; 40 | 41 | memcpy(temp_buff, &retval, sizeof(retval)); 42 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 43 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 44 | if(!ms) 45 | { 46 | SAFE_FREE(temp_buff); 47 | return MALLOC_ERROR; 48 | } 49 | ms->retval_len = (uint32_t)retval_len; 50 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 51 | memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); 52 | *resp_buffer = (char*)ms; 53 | *resp_length = ms_len; 54 | SAFE_FREE(temp_buff); 55 | return SUCCESS; 56 | } 57 | 58 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) 59 | { 60 | ms_in_msg_exchange_t *ms; 61 | size_t secret_data_len, ms_len; 62 | if(!marshalled_buff_len) 63 | return INVALID_PARAMETER_ERROR; 64 | secret_data_len = sizeof(secret_data); 65 | ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; 66 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 67 | if(!ms) 68 | return MALLOC_ERROR; 69 | 70 | ms->msg_type = msg_type; 71 | ms->target_fn_id = target_fn_id; 72 | ms->inparam_buff_len = (uint32_t)secret_data_len; 73 | memcpy(&ms->inparam_buff, &secret_data, secret_data_len); 74 | *marshalled_buff = (char*)ms; 75 | *marshalled_buff_len = ms_len; 76 | return SUCCESS; 77 | } 78 | 79 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) 80 | { 81 | char* buff; 82 | size_t len; 83 | if(!inp_secret_data || !ms) 84 | return INVALID_PARAMETER_ERROR; 85 | buff = ms->inparam_buff; 86 | len = ms->inparam_buff_len; 87 | if(len != sizeof(uint32_t)) 88 | return ATTESTATION_ERROR; 89 | 90 | memcpy(inp_secret_data, buff, sizeof(uint32_t)); 91 | 92 | return SUCCESS; 93 | } 94 | 95 | 96 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) 97 | { 98 | ms_out_msg_exchange_t *ms; 99 | size_t secret_response_len, ms_len; 100 | size_t retval_len, ret_param_len; 101 | if(!resp_length) 102 | return INVALID_PARAMETER_ERROR; 103 | secret_response_len = sizeof(secret_response); 104 | retval_len = secret_response_len; 105 | ret_param_len = secret_response_len; 106 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 107 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 108 | if(!ms) 109 | return MALLOC_ERROR; 110 | ms->retval_len = (uint32_t)retval_len; 111 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 112 | memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); 113 | *resp_buffer = (char*)ms; 114 | *resp_length = ms_len; 115 | return SUCCESS; 116 | } 117 | 118 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) 119 | { 120 | size_t retval_len; 121 | ms_out_msg_exchange_t *ms; 122 | if(!out_buff) 123 | return INVALID_PARAMETER_ERROR; 124 | ms = (ms_out_msg_exchange_t *)out_buff; 125 | retval_len = ms->retval_len; 126 | *secret_response = (char*)malloc(retval_len); 127 | if(!*secret_response) 128 | { 129 | return MALLOC_ERROR; 130 | } 131 | memcpy(*secret_response, ms->ret_outparam_buff, retval_len); 132 | return SUCCESS; 133 | } 134 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Utility_E2.cpp: -------------------------------------------------------------------------------- 1 | #include "sgx_eid.h" 2 | #include "EnclaveMessageExchange.h" 3 | #include "error_codes.h" 4 | #include "Utility_E2.h" 5 | #include "stdlib.h" 6 | #include "string.h" 7 | 8 | uint32_t unmarshal_input_parameters_e2(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms) 9 | { 10 | char* buff; 11 | size_t len; 12 | if(!var1 || !var2 || !ms) 13 | return INVALID_PARAMETER_ERROR; 14 | 15 | buff = ms->inparam_buff; 16 | len = ms->inparam_buff_len; 17 | 18 | if(len != (sizeof(*var1) + sizeof(*var2))) 19 | return ATTESTATION_ERROR; 20 | 21 | memcpy(var1, buff, sizeof(*var1)); 22 | memcpy(var2, buff + sizeof(*var1), sizeof(*var2)); 23 | 24 | return SUCCESS; 25 | } 26 | 27 | uint32_t marshal_retval_and_output_parameters_e2(char** resp_buffer, size_t* resp_length, uint32_t retval) 28 | { 29 | ms_out_msg_exchange_t *ms; 30 | size_t ret_param_len, ms_len; 31 | char *temp_buff; 32 | size_t retval_len; 33 | if(!resp_length) 34 | return INVALID_PARAMETER_ERROR; 35 | retval_len = sizeof(retval); 36 | ret_param_len = retval_len; //no out parameters 37 | temp_buff = (char*)malloc(ret_param_len); 38 | if(!temp_buff) 39 | return MALLOC_ERROR; 40 | 41 | memcpy(temp_buff, &retval, sizeof(retval)); 42 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 43 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 44 | if(!ms) 45 | { 46 | SAFE_FREE(temp_buff); 47 | return MALLOC_ERROR; 48 | } 49 | ms->retval_len = (uint32_t)retval_len; 50 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 51 | memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); 52 | *resp_buffer = (char*)ms; 53 | *resp_length = ms_len; 54 | SAFE_FREE(temp_buff); 55 | return SUCCESS; 56 | } 57 | 58 | uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) 59 | { 60 | ms_in_msg_exchange_t *ms; 61 | size_t secret_data_len, ms_len; 62 | if(!marshalled_buff_len) 63 | return INVALID_PARAMETER_ERROR; 64 | secret_data_len = sizeof(secret_data); 65 | ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; 66 | ms = (ms_in_msg_exchange_t *)malloc(ms_len); 67 | if(!ms) 68 | return MALLOC_ERROR; 69 | 70 | ms->msg_type = msg_type; 71 | ms->target_fn_id = target_fn_id; 72 | ms->inparam_buff_len = (uint32_t)secret_data_len; 73 | memcpy(&ms->inparam_buff, &secret_data, secret_data_len); 74 | *marshalled_buff = (char*)ms; 75 | *marshalled_buff_len = ms_len; 76 | return SUCCESS; 77 | } 78 | 79 | uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) 80 | { 81 | char* buff; 82 | size_t len; 83 | if(!inp_secret_data || !ms) 84 | return INVALID_PARAMETER_ERROR; 85 | buff = ms->inparam_buff; 86 | len = ms->inparam_buff_len; 87 | if(len != sizeof(uint32_t)) 88 | return ATTESTATION_ERROR; 89 | 90 | memcpy(inp_secret_data, buff, sizeof(uint32_t)); 91 | 92 | return SUCCESS; 93 | } 94 | 95 | 96 | uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) 97 | { 98 | ms_out_msg_exchange_t *ms; 99 | size_t secret_response_len, ms_len; 100 | size_t retval_len, ret_param_len; 101 | if(!resp_length) 102 | return INVALID_PARAMETER_ERROR; 103 | secret_response_len = sizeof(secret_response); 104 | retval_len = secret_response_len; 105 | ret_param_len = secret_response_len; 106 | ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; 107 | ms = (ms_out_msg_exchange_t *)malloc(ms_len); 108 | if(!ms) 109 | return MALLOC_ERROR; 110 | ms->retval_len = (uint32_t)retval_len; 111 | ms->ret_outparam_buff_len = (uint32_t)ret_param_len; 112 | memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); 113 | *resp_buffer = (char*)ms; 114 | *resp_length = ms_len; 115 | return SUCCESS; 116 | } 117 | 118 | uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) 119 | { 120 | size_t retval_len; 121 | ms_out_msg_exchange_t *ms; 122 | if(!out_buff) 123 | return INVALID_PARAMETER_ERROR; 124 | ms = (ms_out_msg_exchange_t *)out_buff; 125 | retval_len = ms->retval_len; 126 | *secret_response = (char*)malloc(retval_len); 127 | if(!*secret_response) 128 | { 129 | return MALLOC_ERROR; 130 | } 131 | memcpy(*secret_response, ms->ret_outparam_buff, retval_len); 132 | return SUCCESS; 133 | } 134 | -------------------------------------------------------------------------------- /lab2/Makefile: -------------------------------------------------------------------------------- 1 | SRCDIR = src 2 | OBJDIR = bin 3 | DEBUG_FLAG = -O0 -g -D DEBUG=1 4 | UNDEBUG_FLAG = -O2 5 | FLAGS = -m64 -D DLL_APP=1 6 | FLAGS_XX = $(FLAGS) -std=c++11 7 | CXX = g++ 8 | CC = gcc 9 | AR = ar 10 | 11 | LIB_SGX_ENL_1 = ~/sgx-emulator/lib/lib_sgx_enclave.o 12 | LIB_SGX_ENL_2 = ~/sgx-emulator/lib/lib_sgx_enclave_syscallwrap.o 13 | LIB_SGX_ENL = $(LIB_SGX_ENL_1) $(LIB_SGX_ENL_2) 14 | LIB_SGX_UT = ~/sgx-emulator/lib/lib_sgx_untrusted.o 15 | FLAGS_SYSCALL_WRAP= \ 16 | -Wl,-wrap,write \ 17 | -Wl,-wrap,access \ 18 | -Wl,-wrap,brk \ 19 | -Wl,-wrap,mmap 20 | #-Wl,-wrap,puts 21 | 22 | 23 | default : debug 24 | 25 | lc : lib-product 26 | 27 | lib-product : 28 | @mkdir -p lib; rm lib/* || true 29 | @#trusted 30 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_enclave.c -o $(LIB_SGX_ENL_1) 31 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_enclave_syscall_wrap.c -o $(LIB_SGX_ENL_2) 32 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_untrusted.c -o $(LIB_SGX_UT) 33 | @mkdir -p ../app_miniBigTable/lib/ || true 34 | @cp $(LIB_SGX_UT) ../app_miniBigTable/lib/ 35 | @cp $(LIB_SGX_ENL) ../app_miniBigTable/lib/ 36 | @mkdir -p ../app_leveldb/lib/ || true 37 | @cp $(LIB_SGX_UT) ../app_leveldb/lib/ 38 | @cp $(LIB_SGX_ENL) ../app_leveldb/lib/ 39 | 40 | l : lib-debug 41 | 42 | lib-debug : FLAGS_XX += $(DEBUG_FLAG) 43 | lib-debug : 44 | @mkdir -p lib; rm lib/* || true 45 | @#trusted 46 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_enclave.c -o $(LIB_SGX_ENL_1) 47 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_enclave_syscall_wrap.c -o $(LIB_SGX_ENL_2) 48 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/lib_untrusted.c -o $(LIB_SGX_UT) 49 | @mkdir -p ../app_miniBigTable/lib/ || true 50 | @cp $(LIB_SGX_UT) ../app_miniBigTable/lib/ 51 | @cp $(LIB_SGX_ENL) ../app_miniBigTable/lib/ 52 | @mkdir -p ../app_leveldb/lib/ || true 53 | @cp $(LIB_SGX_UT) ../app_leveldb/lib/ 54 | @cp $(LIB_SGX_ENL) ../app_leveldb/lib/ 55 | 56 | debug : FLAGS_XX += $(DEBUG_FLAG) 57 | debug : 58 | @mkdir -p bin; rm bin/* || true 59 | @#trusted 60 | $(CXX) -shared -fPIC -c $(FLAGS_XX) src/msort.cpp -o $(OBJDIR)/enclave_msort.o 61 | $(CXX) -shared -fPIC $(FLAGS_SYSCALL_WRAP) -Wl,--whole-archive $(OBJDIR)/enclave_msort.o $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_msort.so 62 | @#rm $(OBJDIR)/enclave_foo.o 63 | @#If a .so needs to be generated, all relocatable objects file needs to be generated with the same '-shared -fPIC' flag 64 | @#can't combine multiple .so files in Linux, (.so is final); can only combine .o or .a files 65 | $(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/bsort.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_bsort.so 66 | $(CXX) -shared -fPIC $(FLAG_XX) $(FLAGS_SYSCALL_WRAP) src/qsort.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_qsort.so 67 | @#untrusted 68 | $(CXX) -rdynamic $(FLAGS_XX) src/user_main_ut.cpp $(LIB_SGX_UT) -ldl -o $(OBJDIR)/a.out 69 | 70 | c : product-compile 71 | 72 | product-compile : FLAGS_XX += $(UNDEBUG_FLAG) 73 | product-compile : 74 | @mkdir -p bin; rm bin/* || true 75 | @#trusted 76 | $(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/bsort.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_bsort.so 77 | $(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/msort.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_msort.so 78 | $(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/qsort.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_qsort.so 79 | @#$(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/user_enclave_foo.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_foo.so 80 | @#If a .so needs to be generated, all relocatable objects file needs to be generated with the same '-shared -fPIC' flag 81 | @#can't combine multiple .so files in Linux, (.so is final); can only combine .o or .a files 82 | @#$(CXX) -shared -fPIC $(FLAGS_XX) $(FLAGS_SYSCALL_WRAP) src/user_enclave_foo2.cpp -Wl,--whole-archive $(LIB_SGX_ENL) -Wl,--no-whole-archive -o $(OBJDIR)/enclave_foo2.so 83 | @#untrusted 84 | $(CXX) -rdynamic $(FLAGS_XX) src/user_main_ut.cpp $(LIB_SGX_UT) -ldl -o $(OBJDIR)/a.out 85 | 86 | #deprecated 87 | slink : 88 | $(CC) $(FLAG) $(SRC_ALL) -o $(OBJDIR)/a.out 89 | 90 | #deprecated 91 | dll : 92 | $(CC) -shared -fPIC $(FLAG) src/enclave.cpp -o $(OBJDIR)/enclave.so 93 | $(CC) $(FLAG) src/main_ut.cpp $(OBJDIR)/enclave.so -o $(OBJDIR)/a.out 94 | 95 | d : debug-run 96 | 97 | debug-run : 98 | @echo 0 | sudo tee /proc/sys/kernel/randomize_va_space #it is important to turn off ASLR! @ubuntu 99 | @$(MAKE) --no-print-directory run 100 | @echo 2 | sudo tee /proc/sys/kernel/randomize_va_space #it is important to turn back on ASLR! @ubuntu 101 | 102 | r : run 103 | 104 | run : 105 | @./bin/a.out 106 | 107 | s : 108 | @strace ./bin/a.out 2>&1 | view - 109 | 110 | clean : 111 | @rm lib/*; rm bin/* || true 112 | -------------------------------------------------------------------------------- /lab3/README.md: -------------------------------------------------------------------------------- 1 | Lab 1.2 Software Attestation with Intel SGX 2 | === 3 | 4 | Introduction 5 | --- 6 | 7 | Software attestation is a two-party scheme to convince a client that the server runs a container loaded with the software image provided by the client and hosted in a trusted processor. Software attestation is a fundamental service in establishing a trusted execution environment (TEE) in a distributed system. In essence, the software attestation produces a verifiable proof about the binding between software image I and trusted processor C. Internally, the proof is produced by the trusted processor signing the measurement of the software image. Externally, the software attestation can be combined with authenticated key exchange to set up shared secrets and establish a secure channel. 8 | 9 | The learning objective of this lab is the *use* of SGX software attestation for remote applications. Students doing the lab will be able to write programs that call proper functions for enclave attestation in SGX machines. The lab focuses on the interfaces and functions for calling software attestation services in Intel SGX SDK. The lab treats the internal of software attestation as a black box and hides from students the various internal mechanisms (e.g., quoting enclaves for signing and measurement). 10 | 11 | Lab Description 12 | --- 13 | 14 | The lab focuses on the local-attestation setting where the client and server are co-located on the same machine. 15 | 16 | In the given program (the setup is described next), two enclaves, Enclave 1 and Enclave 2, are running respectively as caller and callee. The two enclaves fist establishes a secure channel through software attestation and then Enclave 1 invokes an application-level function defined in Enclave 2. To be a little bit specific, Enclave 2 defines a function table `func_table` that stores the pointers to various application functions and the Enclave 1 calls a fixed procedure in Enclave 2 that dispatches the call though the function table to the target application function. 17 | 18 | This lab includes two main tasks: 1) to implement an argument-encoding scheme when establishing shared secrets and secure channel, 2) to implement new applications functions in the attested enclave. 19 | 20 | Environment Setup 21 | --- 22 | 23 | This lab requires Intel SGX SDK and we provide two options of running SGX; student can choose one of the two for their convenience. The first option is (O1) running SGX SDK in a simulation mode in a virtual-machine (VM). The second option (O2) is running the SGX SDK on a real SGX machine in the Chameleon cloud [[link](https://www.chameleoncloud.org/)]. 24 | 25 | #### Option 1: VM with SGX SDK simulation 26 | 27 | - Install virtualbox on your computer. 28 | - Download the VM image that has SGX SDK pre-installed; [[link](https://drive.google.com/file/d/1f34XLRPsToIHg6Fd6fKqbENQfMY3EkDm/view?usp=sharing)] 29 | - The username of VM is `sgx`, and password is `sgx` 30 | 31 | #### Option 2: Chameleon cloud instance with SGX CPU and SDK 32 | 33 | - Follow the tutorial page [[link](chameleon-tutorial.md)] to 1) allocate an SGX instance in Chameleon cloud, and to 2) install SGX SDK there. 34 | 35 | #### Set up the lab 36 | 37 | 38 | After a SGX SDK is installed and running, you should set up the lab and run the given program on the machine. 39 | 40 | ``` 41 | git clone https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab.git 42 | cd CIS700-sgxlab/lab3 43 | make SGX_MODE=SIM 44 | ./app #this command may take a while to set up the enclave memory; be patient. 45 | ``` 46 | 47 | Task 1: Secure Channel Setup 48 | --- 49 | 50 | **Exercise 1**: When establishing a secure channel, sharing the secrets is an important primitive (recall DH is a key-distribution protocol in TLS for setting up a secure channel). This exercise requires implementing a new secret-encoding scheme when the two Enclaves establish a secure channel after the software attestation. 51 | 52 | To do the exercise, you may want to modify the function `get_message_exchange_response()` in `./Enclave2/Enclave2.cpp`. The task requires computing the XOR of the input secret with a fixed "key",`0x10010011`. 53 | 54 | The exercise will be evaluated by running the program and checking the correctness of the result. 55 | 56 | Task 2: Remote Function Calls 57 | --- 58 | 59 | In the setting of TEE, the purpose of software attestation is for one enclave to call functions defined in the other enclave. In this task you will explore the post-attestation function calls between enclaves. 60 | 61 | **Exercise 2**: Write a sum-of-two-integer function that is called between enclaves. Given two integers provided by enclave 1, the function defined in enclave 2 will calculate the sum of the integers and return the result. 62 | 63 | Hint 1: In this exercise, you can complete the function `e2_task()` in `Enclave2.cpp`. You could consult the implementation of function `e2_sample(uint32_t var1, uint32_t var2)` which compares two integers. 64 | 65 | Hint 2: Modify the function table to register the new `sum` function; see the top of file `Enclave2.cpp`. 66 | 67 | **Exercise 3**: Write a program to integrate the argument marshaling/unmarshaling (in exercise 1) in the setting of post-attestation remote function calls. 68 | 69 | Hint 1: Complete the function `e2_task_wrapper()` in `./Enclave2/Enclave2.cpp` by consulting the implemented function 70 | `e2_sample_wrapper()`. 71 | 72 | -------------------------------------------------------------------------------- /lab3/lab4/README.md: -------------------------------------------------------------------------------- 1 | Lab 1.2 Software Attestation with Intel SGX 2 | === 3 | 4 | Introduction 5 | --- 6 | 7 | Software attestation is a two-party scheme to convince a client that the server runs a container loaded with the software image provided by the client and hosted in a trusted processor. Software attestation is a fundamental service in establishing a trusted execution environment (TEE) in a distributed system. In essence, the software attestation produces a verifiable proof about the binding between software image I and trusted processor C. Internally, the proof is produced by the trusted processor signing the measurement of the software image. Externally, the software attestation can be combined with authenticated key exchange to set up shared secrets and establish a secure channel. 8 | 9 | The learning objective of this lab is the *use* of SGX software attestation for remote applications. Students doing the lab will be able to write programs that call proper functions for enclave attestation in SGX machines. The lab focuses on the interfaces and functions for calling software attestation services in Intel SGX SDK. The lab treats the internal of software attestation as a black box and hides from students the various internal mechanisms (e.g., quoting enclaves for signing and measurement). 10 | 11 | Lab Description 12 | --- 13 | 14 | The lab focuses on the local-attestation setting where the client and server are co-located on the same machine. 15 | 16 | In the given program (the setup is described next), two enclaves, Enclave 1 and Enclave 2, are running respectively as caller and callee. The two enclaves fist establishes a secure channel through software attestation and then Enclave 1 invokes an application-level function defined in Enclave 2. To be a little bit specific, Enclave 2 defines a function table `func_table` that stores the pointers to various application functions and the Enclave 1 calls a fixed procedure in Enclave 2 that dispatches the call though the function table to the target application function. 17 | 18 | This lab includes two main tasks: 1) to implement an argument-encoding scheme when establishing shared secrets and secure channel, 2) to implement new applications functions in the attested enclave. 19 | 20 | Environment Setup 21 | --- 22 | 23 | This lab requires Intel SGX SDK and we provide two options of running SGX; student can choose one of the two for their convenience. The first option is (O1) running SGX SDK in a simulation mode in a virtual-machine (VM). The second option (O2) is running the SGX SDK on a real SGX machine in the Chameleon cloud [[link](https://www.chameleoncloud.org/)]. 24 | 25 | #### Option 1: VM with SGX SDK simulation 26 | 27 | - Install virtualbox on your computer. 28 | - Download the VM image that has SGX SDK pre-installed; [[link](https://drive.google.com/file/d/1f34XLRPsToIHg6Fd6fKqbENQfMY3EkDm/view?usp=sharing)] 29 | - The username of VM is `sgx`, and password is `sgx` 30 | 31 | #### Option 2: Chameleon cloud instance with SGX CPU and SDK 32 | 33 | - Follow the tutorial page [[link](chameleon-tutorial.md)] to 1) allocate an SGX instance in Chameleon cloud, and to 2) install SGX SDK there. 34 | 35 | #### Set up the lab 36 | 37 | After a SGX SDK is installed and running, you should set up the lab and run the given program on the machine. 38 | 39 | ``` 40 | git clone https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab.git 41 | cd CIS700-sgxlab/lab3 42 | make SGX_MODE=SIM 43 | ./app #this command may take a while to set up the enclave memory; be patient. 44 | ``` 45 | 46 | Task 1: Secure Channel Setup 47 | --- 48 | 49 | **Exercise 1**: When establishing a secure channel, sharing the secrets is an important primitive (recall DH is a key-distribution protocol in TLS for setting up a secure channel). This exercise requires implementing a new secret-encoding scheme when the two Enclaves establish a secure channel after the software attestation. 50 | 51 | To do the exercise, you may want to modify the function `get_message_exchange_response()` in `./Enclave2/Enclave2.cpp`. The task requires computing the XOR of the input secret with a fixed "key",`0x10010011`. 52 | 53 | The exercise will be evaluated by running the program and checking the correctness of the result. 54 | 55 | Task 2: Remote Function Calls 56 | --- 57 | 58 | In the setting of TEE, the purpose of software attestation is for one enclave to call functions defined in the other enclave. In this task you will explore the post-attestation function calls between enclaves. 59 | 60 | **Exercise 2**: Write a sum-of-two-integer function that is called between enclaves. Given two integers provided by enclave 1, the function defined in enclave 2 will calculate the sum of the integers and return the result. 61 | 62 | Hint 1: In this exercise, you can complete the function `e2_task()` in `Enclave2.cpp`. You could consult the implementation of function `e2_sample(uint32_t var1, uint32_t var2)` which compares two integers. 63 | 64 | Hint 2: Modify the function table to register the new `sum` function; see the top of file `Enclave2.cpp`. 65 | 66 | **Exercise 3**: Write a program to integrate the argument marshaling/unmarshaling (in exercise 1) in the setting of post-attestation remote function calls. 67 | 68 | Hint 1: Complete the function `e2_task_wrapper()` in `./Enclave2/Enclave2.cpp` by consulting the implemented function 69 | `e2_sample_wrapper()`. 70 | 71 | -------------------------------------------------------------------------------- /lab3/Enclave2/Enclave2.cpp: -------------------------------------------------------------------------------- 1 | // Enclave2.cpp : Defines the exported functions for the DLL application 2 | #include "sgx_eid.h" 3 | #include "Enclave2_t.h" 4 | #include "EnclaveMessageExchange.h" 5 | #include "error_codes.h" 6 | #include "Utility_E2.h" 7 | #include "sgx_thread.h" 8 | #include "sgx_dh.h" 9 | #include 10 | 11 | #define UNUSED(val) (void)(val) 12 | 13 | static uint32_t e2_sample_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); 14 | 15 | static uint32_t e2_task_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); 16 | 17 | 18 | //Function pointer table containing the list of functions that the enclave exposes 19 | const struct { 20 | size_t num_funcs; 21 | const void* table[2]; 22 | } func_table = { 23 | 2, 24 | { 25 | (const void*)e2_sample_wrapper, 26 | (const void*)e2_task_wrapper 27 | } 28 | }; 29 | 30 | //Function is the sample code. It compares two numbers passed from Enclave 1 31 | static uint32_t e2_task(uint32_t var1, uint32_t var2) 32 | { 33 | // TODO: Lab exercise start here 34 | } 35 | 36 | //Function which is executed on request from the source enclave 37 | static uint32_t e2_task_wrapper(ms_in_msg_exchange_t *ms, 38 | size_t param_lenth, 39 | char** resp_buffer, 40 | size_t* resp_length) 41 | { 42 | // TODO: Lab exercise start here 43 | } 44 | 45 | 46 | 47 | //Function is the sample code. It compares two numbers passed from Enclave 1 48 | static uint32_t e2_sample(uint32_t var1, uint32_t var2) 49 | { 50 | if(var1>var2) 51 | return 1; 52 | return 0; 53 | } 54 | 55 | //Function which is executed on request from the source enclave 56 | static uint32_t e2_sample_wrapper(ms_in_msg_exchange_t *ms, 57 | size_t param_lenth, 58 | char** resp_buffer, 59 | size_t* resp_length) 60 | { 61 | UNUSED(param_lenth); 62 | 63 | uint32_t var1,var2,ret; 64 | if(!ms || !resp_length) 65 | { 66 | return INVALID_PARAMETER_ERROR; 67 | } 68 | if(unmarshal_input_parameters_e2(&var1, &var2, ms) != SUCCESS) 69 | return ATTESTATION_ERROR; 70 | 71 | ret = e2_sample(var1, var2); 72 | 73 | if(marshal_retval_and_output_parameters_e2(resp_buffer, resp_length, ret) != SUCCESS ) 74 | return MALLOC_ERROR; //can set resp buffer to null here 75 | 76 | return SUCCESS; 77 | } 78 | 79 | //Function that is used to verify the trust of the other enclave 80 | //Each enclave can have its own way verifying the peer enclave identity 81 | extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) 82 | { 83 | if(!peer_enclave_identity) 84 | { 85 | return INVALID_PARAMETER_ERROR; 86 | } 87 | if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) 88 | { 89 | return ENCLAVE_TRUST_ERROR; 90 | } 91 | else 92 | { 93 | return SUCCESS; 94 | } 95 | } 96 | 97 | //Operates on the input secret and generates the output secret 98 | uint32_t get_message_exchange_response(uint32_t inp_secret_data) 99 | { 100 | //TODO: Lab Task 1 101 | uint32_t secret_response; 102 | 103 | secret_response = inp_secret_data ^ 0x11111111; 104 | 105 | return secret_response; 106 | 107 | } 108 | 109 | //Generates the response from the request message 110 | extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, 111 | char** resp_buffer, 112 | size_t* resp_length) 113 | { 114 | ms_in_msg_exchange_t *ms; 115 | uint32_t inp_secret_data; 116 | uint32_t out_secret_data; 117 | if(!decrypted_data || !resp_length) 118 | { 119 | return INVALID_PARAMETER_ERROR; 120 | } 121 | ms = (ms_in_msg_exchange_t *)decrypted_data; 122 | 123 | if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) 124 | return ATTESTATION_ERROR; 125 | 126 | out_secret_data = get_message_exchange_response(inp_secret_data); 127 | 128 | if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) 129 | return MALLOC_ERROR; 130 | 131 | return SUCCESS; 132 | 133 | } 134 | 135 | //Dispatch function that calls the approriate enclave function based on the function id 136 | //Each enclave can have its own way of dispatching the calls from other enclave 137 | extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, 138 | size_t decrypted_data_length, 139 | char** resp_buffer, 140 | size_t* resp_length) 141 | { 142 | ms_in_msg_exchange_t *ms; 143 | uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); 144 | if(!decrypted_data || !resp_length) 145 | { 146 | return INVALID_PARAMETER_ERROR; 147 | } 148 | ms = (ms_in_msg_exchange_t *)decrypted_data; 149 | if(ms->target_fn_id >= func_table.num_funcs) 150 | { 151 | return INVALID_PARAMETER_ERROR; 152 | } 153 | fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; 154 | return fn1(ms, decrypted_data_length, resp_buffer, resp_length); 155 | } 156 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave2/Enclave2.cpp: -------------------------------------------------------------------------------- 1 | // Enclave2.cpp : Defines the exported functions for the DLL application 2 | #include "sgx_eid.h" 3 | #include "Enclave2_t.h" 4 | #include "EnclaveMessageExchange.h" 5 | #include "error_codes.h" 6 | #include "Utility_E2.h" 7 | #include "sgx_thread.h" 8 | #include "sgx_dh.h" 9 | #include 10 | 11 | #define UNUSED(val) (void)(val) 12 | 13 | static uint32_t e2_sample_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); 14 | 15 | static uint32_t e2_task_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); 16 | 17 | 18 | //Function pointer table containing the list of functions that the enclave exposes 19 | const struct { 20 | size_t num_funcs; 21 | const void* table[2]; 22 | } func_table = { 23 | 2, 24 | { 25 | (const void*)e2_sample_wrapper, 26 | (const void*)e2_task_wrapper 27 | } 28 | }; 29 | 30 | //Function is the sample code. It compares two numbers passed from Enclave 1 31 | static uint32_t e2_task(uint32_t var1, uint32_t var2) 32 | { 33 | // TODO: Lab exercise start here 34 | } 35 | 36 | //Function which is executed on request from the source enclave 37 | static uint32_t e2_task_wrapper(ms_in_msg_exchange_t *ms, 38 | size_t param_lenth, 39 | char** resp_buffer, 40 | size_t* resp_length) 41 | { 42 | // TODO: Lab exercise start here 43 | } 44 | 45 | 46 | 47 | //Function is the sample code. It compares two numbers passed from Enclave 1 48 | static uint32_t e2_sample(uint32_t var1, uint32_t var2) 49 | { 50 | if(var1>var2) 51 | return 1; 52 | return 0; 53 | } 54 | 55 | //Function which is executed on request from the source enclave 56 | static uint32_t e2_sample_wrapper(ms_in_msg_exchange_t *ms, 57 | size_t param_lenth, 58 | char** resp_buffer, 59 | size_t* resp_length) 60 | { 61 | UNUSED(param_lenth); 62 | 63 | uint32_t var1,var2,ret; 64 | if(!ms || !resp_length) 65 | { 66 | return INVALID_PARAMETER_ERROR; 67 | } 68 | if(unmarshal_input_parameters_e2(&var1, &var2, ms) != SUCCESS) 69 | return ATTESTATION_ERROR; 70 | 71 | ret = e2_sample(var1, var2); 72 | 73 | if(marshal_retval_and_output_parameters_e2(resp_buffer, resp_length, ret) != SUCCESS ) 74 | return MALLOC_ERROR; //can set resp buffer to null here 75 | 76 | return SUCCESS; 77 | } 78 | 79 | //Function that is used to verify the trust of the other enclave 80 | //Each enclave can have its own way verifying the peer enclave identity 81 | extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) 82 | { 83 | if(!peer_enclave_identity) 84 | { 85 | return INVALID_PARAMETER_ERROR; 86 | } 87 | if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) 88 | { 89 | return ENCLAVE_TRUST_ERROR; 90 | } 91 | else 92 | { 93 | return SUCCESS; 94 | } 95 | } 96 | 97 | //Operates on the input secret and generates the output secret 98 | uint32_t get_message_exchange_response(uint32_t inp_secret_data) 99 | { 100 | //TODO: Lab Task 1 101 | uint32_t secret_response; 102 | 103 | secret_response = inp_secret_data ^ 0x11111111; 104 | 105 | return secret_response; 106 | 107 | } 108 | 109 | //Generates the response from the request message 110 | extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, 111 | char** resp_buffer, 112 | size_t* resp_length) 113 | { 114 | ms_in_msg_exchange_t *ms; 115 | uint32_t inp_secret_data; 116 | uint32_t out_secret_data; 117 | if(!decrypted_data || !resp_length) 118 | { 119 | return INVALID_PARAMETER_ERROR; 120 | } 121 | ms = (ms_in_msg_exchange_t *)decrypted_data; 122 | 123 | if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) 124 | return ATTESTATION_ERROR; 125 | 126 | out_secret_data = get_message_exchange_response(inp_secret_data); 127 | 128 | if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) 129 | return MALLOC_ERROR; 130 | 131 | return SUCCESS; 132 | 133 | } 134 | 135 | //Dispatch function that calls the approriate enclave function based on the function id 136 | //Each enclave can have its own way of dispatching the calls from other enclave 137 | extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, 138 | size_t decrypted_data_length, 139 | char** resp_buffer, 140 | size_t* resp_length) 141 | { 142 | ms_in_msg_exchange_t *ms; 143 | uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); 144 | if(!decrypted_data || !resp_length) 145 | { 146 | return INVALID_PARAMETER_ERROR; 147 | } 148 | ms = (ms_in_msg_exchange_t *)decrypted_data; 149 | if(ms->target_fn_id >= func_table.num_funcs) 150 | { 151 | return INVALID_PARAMETER_ERROR; 152 | } 153 | fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; 154 | return fn1(ms, decrypted_data_length, resp_buffer, resp_length); 155 | } 156 | -------------------------------------------------------------------------------- /lab2/README.md.bak: -------------------------------------------------------------------------------- 1 | Module 2: Side-channel Vulnerability and Protection 2 | --- 3 | 4 | #### Preparation 5 | 6 | 1. C/C++ programming 7 | 2. Linux shell and text editing (e.g. vim or emacs) 8 | 3. SGX SDK 9 | 4. Sorting Algorithms 10 | 11 | #### SGX Emulator (1) 12 | 13 | 1. Install VirtualBox on your local OS. 14 | 2. Download the prebuilt VirtualBox image: [[Google Drive](https://goo.gl/3wLLic)]. The login username and password are both `sgx`. 15 | - Note our emulator currently only supports the setting of *64-bit `Ubuntu 14.04.3 LTS` guest OS in VirtualBox*. 16 | - Make sure the right Linux version by `uname -r`: `3.19.0-25-generic` 17 | 3. Load the emulator 18 | ```bash 19 | sudo insmod ~/sgx-emulator/sgx.ko 20 | lsmod | grep sgx #help you check whether module insert successfully 21 | ``` 22 | 4. Run sample code 23 | ```bash 24 | cd ~/sgx-emulator 25 | make #compile user code 26 | make r #run user code 27 | ``` 28 | 5. Unload the emulator 29 | ```bash 30 | sudo rmmod sgx 31 | ``` 32 | 33 | #### Download Lab2 34 | 35 | You can try to use shell command to clone lab repository from GitHub. 36 | ```bash 37 | git clone https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab.git 38 | ``` 39 | or you may go to [https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab](https://github.com/syracuse-fullstacksecurity/CIS700-sgxlab), and download the repository. 40 | 41 | After you downloaded the lab2 folder, you can start to finish lab tasks. Each time before compiling your code, you need to **load the emulator first**. Load procedure mentioned above, _3. Load the emulator_ . 42 | 43 | When you confirm emulator loaded, you can use command below to compile and run your code. 44 | ```bash 45 | cd [your lab directory] #you need to navigate to the lab folder 46 | make #compile client code 47 | make r #run client code 48 | ``` 49 | 50 | #### In-class Lab (2): Leakage of Sorting Algorithms 51 | 52 | In a computation, data obliviousness means the data access from the computation is the same no matter what values the input data takes. 53 | This lab is for you students to understand the data obliviousness of common sorting algorithms, including bubble sort, merge sort, etc. This data-dependency will further make the side-channel attack possible in the enclave computation. 54 | 55 | To be specific, this lab requires you to complete some sorting algorithms on an array, and observe the data access trace in array indices, and more importantly, whether the trace differs when input array changes (that is, obliviousness). 56 | For your convinience, index accessing trace will be automatically printed out when you try to use a Class called `TrackedList`. You can use the class as the similar usage with array. For example, 57 | 58 | ```C++ 59 | TrackedList list; 60 | list[0] = 3; 61 | list[1] = list[2]; 62 | // Indices trace will be printed out 63 | // (0)(2)(1) 64 | 65 | 66 | TrackedList * lptr; 67 | (*lptr)[0] = 0; 68 | (*lptr)[2] = (*lptr)[1]; 69 | // Indices trace will be printed out 70 | // (0)(1)(2) 71 | ``` 72 | 73 | ##### Obliviousness in bubble sort/merge sort 74 | 75 | 1. Task 1: implement a merge sort in the stub function `mergeSort()` (in file `src/msort.cpp`). 76 | - Observe the printed access trace, which is interpreted below: 77 | - The number inside the parenthesis is the index of an array access, and the number outside is the element value of the access. For instance, `(8) 5 (2) 3` are two accesses, with the first on array index `8` of value `5` and second on array index `2` of avalue `3`. 78 | - Observe whether the access trace changes when you feed different inputs. 79 | - For simplicity, you only need to consider the case of 8 element array in all tasks of this lab. 80 | 81 | 2. Task 2: implement a bubble sort in the stub function `bubbleSort()` (in file `src/bsort.cpp`). 82 | - Observe the printed access trace 83 | - Observe whether the access trace changes when you feed different inputs. 84 | 85 | #### Homework Lab (3): Other algorithms 86 | 87 | In the in-class exericise, we observe the data obliviousness of merge/bubble sort. In this homework, we try to extend the understanding from obliviousness to side-channel attacks. 88 | 89 | To make things concrete, let's talk with a "real" scenario. Consider your lecturer uploads your grades to the Amazon cloud to do some computation that requires sorting, say computing the medium or max grade. To protect your privacy (under FERPA), the lecture carefully opts in the "enclave" option in cloud processing, that is, to encrypt all students records and have the plaintext computation only inside the remote enclave. In this setting, an adversary, be it Amazon, can (A1) manipulate the encrypted list of student grades and (A2) may know the roaster (student names). The advesary also has the capability of (A3) monitoring the data-access trace from the in-enclave sorting computation. 90 | 91 | ![Sort and Side Channel](./sorting_side_channel.jpg) 92 | 93 | 94 | 3. Task 3: Follow up on Task 1, 2. 95 | - If you get to see different traces of your merge-sort (Task 1), think of an "attack" strategy that the Amazon adversary can extract the secret (e.g. student grades) from the access trace. 96 | - If you get to see different traces of your bubble-sort (Task 2), think of a "protection" solution by revising your implementation so that the traces under different inputs are the same. 97 | 4. In Task 4, choose one of the two algorithms to implement (randomized quick sort or edit distance), and observe the access trace. 98 | - Observe the printed access trace 99 | - Observe whether the access trace changes when you feed different inputs. 100 | * [Bonus] Describe if your implementation produces data-dependent (or oblivious) traces. If yes, 101 | - [A] think of an "attack" solution that the adversary can extract the secret student records from the trace. 102 | - [B] think of a "protection" solution to make the trace data-independent. 103 | 104 | -------------------------------------------------------------------------------- /lab3/chameleon-tutorial.md: -------------------------------------------------------------------------------- 1 | Tutorial: Chameleon Cloud with SGX SDK 2 | === 3 | 4 | Start a Chameleon instance 5 | --- 6 | 7 | - Step 1: Register an account on Chameleon website [[link](https://www.chameleoncloud.org/user/register/)] 8 | - Step 2: Ask your instructor and join a Chameleon project 9 | * Your instructor has already created a project on Chameleon for this lab. Ask your instructor to include you in the project by telling her/him your account name. 10 | * Once your instructor has added you to the project, you should be able to find the project in your Dashboard, which is located in the top right corner of the web page. 11 | - Step 3: Choose the resource site 12 | * Now you can start using Chameleon. You can choose from two available resources sites, one at the University of Chicago and one at the Texas Advanced Computing Center. You can find them by clicking the `Hardware` button in the top navigation bar. Once you logged in one of them, you should find a summary of your project's current resource usage. 13 | - Step 4: Reserve a node 14 | * Click `Reservations` in the sidebar, then click `Leases` 15 | * Click `+Create Lease` button. 16 | * Type in Lease Name, Start Date, Start Time, End Date and End Time. Note that Chameleon allows resevation one week long. 17 | * Find the `Resource Properties` section, in the dropdown menu, select **compute_skylake**. 18 | * Click the create button. 19 | - Step 5: Launch an instance 20 | * In the sidebar, click `Compute`, then click `Instances`. 21 | * Click on the Launch Instance button in the toolbar, and the wizard will load. 22 | * Type in instance name. For the `Reservation` section, select the reservation name you created in the previous step 23 | * Click `Source` in the sidebar. Then select `dtn_ubuntu1604` in the image list by clicking the `Up` arrow. 24 | * Click the `Flavor` in the sidebar, select the `baremetal` flavor. 25 | * Click `Keypair` in the sidebar. Click the `+Create Key Pair` button and enter `mychameleonkey` for the key name. This will automatically start a download for a file named `mychameleonkey.pem`. This is your private key that you will use to access your instance. 26 | * Click the `Launch Instance` button. 27 | - Step 6: Associating an IP address 28 | * Click on `Compute and Instances` in the sidebar to locate your instance. It is probably in the `Spawning State`. 29 | * Click the `Associate Floating IP` button. Click the `+` button next to the dropdown that says select an IP address. A new dialog will open for allocating floating IP. 30 | * Click the `Allocate IP` button. You will return to the previous dialog, and an IP address will be selected for you. 31 | * Click the `Associate` button and make a note of the public IP addresses that have been associated with your instance. 32 | - Step 7: Access your instance. 33 | * Open a terminal window and navigate to where you downloaded the mychameleonkey.pem file. 34 | ``` 35 | chmod 600 mychameleonkey.pem 36 | ``` 37 | * Add the key to your current SSH identity 38 | ``` 39 | ssh-add mychameleonkey.pem 40 | ``` 41 | * Log in to your Chameleon instance using the user account, say "cc" and your floating IP address. 42 | ``` 43 | ssh cc@your_floating_ip 44 | ``` 45 | 46 | - You can find more details in [[here](https://chameleoncloud.readthedocs.io/en/latest/getting-started/)]. 47 | 48 | 49 | Install the Intel SGX Driver 50 | --- 51 | 52 | - To build the SGX driver, run the following commands in a bash terminal 53 | 54 | ``` 55 | $ git clone https://github.com/intel/linux-sgx-driver.git 56 | $ cd linux-sgx-driver 57 | $ sudo apt-get install linux-headers-$(uname -r) 58 | $ make 59 | ``` 60 | You can find the driver *isgx.ko* generated in the same directory. 61 | 62 | - To install, run the below commands one by one 63 | 64 | ``` 65 | $ sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 66 | $ sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 67 | $ sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules" 68 | $ sudo /sbin/depmod 69 | $ sudo /sbin/modprobe isgx 70 | ``` 71 | 72 | Install the Intel SGX SDK and PSW 73 | ---- 74 | 75 | - To build the SGX SDK/PSW, run the following commands in a bash terminal 76 | 77 | ``` 78 | $ git clone https://github.com/intel/linux-sgx.git 79 | $ cd linux-sgx 80 | $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python 81 | $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev 82 | $ ./download_prebuilt.sh 83 | $ make 84 | $ make sdk_install_pkg 85 | ``` 86 | **Important:** Type `no` when it asks `Do you want to install in current directory?`, and then type `~` in the next question. Your Intel SDK will be installed in your home directory which is at `~/sgxsdk`. This directory becomes your SGX SDK installation path and will be used repeatedly. 87 | ``` 88 | $ make psw_install_pkg 89 | ``` 90 | You can find the generated Intel SGX SDK and PSW installers ``sgx_linux_x64_sdk_${version}.bin`` ``sgx_linux_x64_sdk_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number. 91 | 92 | - To install SDK, run the following commands 93 | 94 | ``` 95 | $ sudo apt-get install build-essential python 96 | $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev 97 | $ cd linux/installer/bin 98 | $ ./sgx_linux_x64_sdk_${version}.bin 99 | $ sudo ./sgx_linux_x64_psw_${version}.bin 100 | ``` 101 | 102 | - To test the installation, run the following commands 103 | ``` 104 | $ source ${sgx-sdk-install-path}/environment 105 | ``` 106 | **Important:** Before compiling your code, make sure to run the above command. 107 | ``` 108 | $ cd SampleCode/LocalAttestation 109 | $ make SGX_MODE=SIM 110 | $ ./app 111 | ``` 112 | 113 | ![success](https://github.com/syracuse-fullstacksecurity/security-education/blob/master/lab4/sucess.png) 114 | -------------------------------------------------------------------------------- /lab3/lab4/chameleon-tutorial.md: -------------------------------------------------------------------------------- 1 | Tutorial: Chameleon Cloud with SGX SDK 2 | === 3 | 4 | Start a Chameleon instance 5 | --- 6 | 7 | - Step 1: Register an account on Chameleon website [[link](https://www.chameleoncloud.org/user/register/)] 8 | - Step 2: Ask your instructor and join a Chameleon project 9 | * Your instructor has already created a project on Chameleon for this lab. Ask your instructor to include you in the project by telling her/him your account name. 10 | * Once your instructor has added you to the project, you should be able to find the project in your Dashboard, which is located in the top right corner of the web page. 11 | - Step 3: Choose the resource site 12 | * Now you can start using Chameleon. You can choose from two available resources sites, one at the University of Chicago and one at the Texas Advanced Computing Center. You can find them by clicking the `Hardware` button in the top navigation bar. Once you logged in one of them, you should find a summary of your project's current resource usage. 13 | - Step 4: Reserve a node 14 | * Click `Reservations` in the sidebar, then click `Leases` 15 | * Click `+Create Lease` button. 16 | * Type in Lease Name, Start Date, Start Time, End Date and End Time. Note that Chameleon allows resevation one week long. 17 | * Find the `Resource Properties` section, in the dropdown menu, select **compute_skylake**. 18 | * Click the create button. 19 | - Step 5: Launch an instance 20 | * In the sidebar, click `Compute`, then click `Instances`. 21 | * Click on the Launch Instance button in the toolbar, and the wizard will load. 22 | * Type in instance name. For the `Reservation` section, select the reservation name you created in the previous step 23 | * Click `Source` in the sidebar. Then select `dtn_ubuntu1604` in the image list by clicking the `Up` arrow. 24 | * Click the `Flavor` in the sidebar, select the `baremetal` flavor. 25 | * Click `Keypair` in the sidebar. Click the `+Create Key Pair` button and enter `mychameleonkey` for the key name. This will automatically start a download for a file named `mychameleonkey.pem`. This is your private key that you will use to access your instance. 26 | * Click the `Launch Instance` button. 27 | - Step 6: Associating an IP address 28 | * Click on `Compute and Instances` in the sidebar to locate your instance. It is probably in the `Spawning State`. 29 | * Click the `Associate Floating IP` button. Click the `+` button next to the dropdown that says select an IP address. A new dialog will open for allocating floating IP. 30 | * Click the `Allocate IP` button. You will return to the previous dialog, and an IP address will be selected for you. 31 | * Click the `Associate` button and make a note of the public IP addresses that have been associated with your instance. 32 | - Step 7: Access your instance. 33 | * Open a terminal window and navigate to where you downloaded the mychameleonkey.pem file. 34 | ``` 35 | chmod 600 mychameleonkey.pem 36 | ``` 37 | * Add the key to your current SSH identity 38 | ``` 39 | ssh-add mychameleonkey.pem 40 | ``` 41 | * Log in to your Chameleon instance using the user account, say "cc" and your floating IP address. 42 | ``` 43 | ssh cc@your_floating_ip 44 | ``` 45 | 46 | - You can find more details in [[here](https://chameleoncloud.readthedocs.io/en/latest/getting-started/)]. 47 | 48 | 49 | Install the Intel SGX Driver 50 | --- 51 | 52 | - To build the SGX driver, run the following commands in a bash terminal 53 | 54 | ``` 55 | $ git clone https://github.com/intel/linux-sgx-driver.git 56 | $ cd linux-sgx-driver 57 | $ sudo apt-get install linux-headers-$(uname -r) 58 | $ make 59 | ``` 60 | You can find the driver *isgx.ko* generated in the same directory. 61 | 62 | - To install, run the below commands one by one 63 | 64 | ``` 65 | $ sudo mkdir -p "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 66 | $ sudo cp isgx.ko "/lib/modules/"`uname -r`"/kernel/drivers/intel/sgx" 67 | $ sudo sh -c "cat /etc/modules | grep -Fxq isgx || echo isgx >> /etc/modules" 68 | $ sudo /sbin/depmod 69 | $ sudo /sbin/modprobe isgx 70 | ``` 71 | 72 | Install the Intel SGX SDK and PSW 73 | ---- 74 | 75 | - To build the SGX SDK/PSW, run the following commands in a bash terminal 76 | 77 | ``` 78 | $ git clone https://github.com/intel/linux-sgx.git 79 | $ cd linux-sgx 80 | $ sudo apt-get install build-essential ocaml automake autoconf libtool wget python 81 | $ sudo apt-get install libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev 82 | $ ./download_prebuilt.sh 83 | $ make 84 | $ make sdk_install_pkg 85 | ``` 86 | **Important:** Type `no` when it asks `Do you want to install in current directory?`, and then type `~` in the next question. Your Intel SDK will be installed in your home directory which is at `~/sgxsdk`. This directory becomes your SGX SDK installation path and will be used repeatedly. 87 | ``` 88 | $ make psw_install_pkg 89 | ``` 90 | You can find the generated Intel SGX SDK and PSW installers ``sgx_linux_x64_sdk_${version}.bin`` ``sgx_linux_x64_sdk_${version}.bin`` located under `linux/installer/bin/`, where `${version}` refers to the version number. 91 | 92 | - To install SDK, run the following commands 93 | 94 | ``` 95 | $ sudo apt-get install build-essential python 96 | $ sudo apt-get install libssl-dev libcurl4-openssl-dev libprotobuf-dev 97 | $ cd linux/installer/bin 98 | $ ./sgx_linux_x64_sdk_${version}.bin 99 | $ sudo ./sgx_linux_x64_psw_${version}.bin 100 | ``` 101 | 102 | - To test the installation, run the following commands 103 | ``` 104 | $ source ${sgx-sdk-install-path}/environment 105 | ``` 106 | **Important:** Before compiling your code, make sure to run the above command. 107 | ``` 108 | $ cd SampleCode/LocalAttestation 109 | $ make SGX_MODE=SIM 110 | $ ./app 111 | ``` 112 | 113 | ![success](https://github.com/syracuse-fullstacksecurity/security-education/blob/master/lab4/sucess.png) 114 | -------------------------------------------------------------------------------- /intro_sample/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | # SGX_MODE ?= SIM 5 | 6 | #clang-3.4 7 | 8 | CC = g++ 9 | 10 | SGX_MODE ?= HW 11 | # SGX_PRELEASE ?= 1 12 | 13 | ifneq ($(SGX_DEBUG), 1) 14 | SGX_PRERELEASE ?= 1 15 | endif 16 | SGX_ARCH ?= x64 17 | 18 | ifeq ($(shell getconf LONG_BIT), 32) 19 | SGX_ARCH := x86 20 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 21 | SGX_ARCH := x86 22 | endif 23 | 24 | ifeq ($(SGX_ARCH), x86) 25 | SGX_COMMON_CFLAGS := -m32 26 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 27 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 28 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 29 | else 30 | SGX_COMMON_CFLAGS := -m64 31 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 32 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 33 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 34 | endif 35 | 36 | ifeq ($(SGX_DEBUG), 1) 37 | ifeq ($(SGX_PRERELEASE), 1) 38 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 39 | endif 40 | endif 41 | 42 | ifeq ($(SGX_DEBUG), 1) 43 | SGX_COMMON_CFLAGS += -O0 -g 44 | else 45 | SGX_COMMON_CFLAGS += -O2 46 | endif 47 | 48 | ######## App Settings ######## 49 | 50 | ifneq ($(SGX_MODE), HW) 51 | Urts_Library_Name := sgx_urts_sim 52 | else 53 | Urts_Library_Name := sgx_urts 54 | endif 55 | 56 | App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) 57 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 58 | 59 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 60 | 61 | # Three configuration modes - Debug, prerelease, release 62 | # Debug - Macro DEBUG enabled. 63 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 64 | # Release - Macro NDEBUG enabled. 65 | ifeq ($(SGX_DEBUG), 1) 66 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 67 | else ifeq ($(SGX_PRERELEASE), 1) 68 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 69 | else 70 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 71 | endif 72 | 73 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 74 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 75 | 76 | ifneq ($(SGX_MODE), HW) 77 | App_Link_Flags += -lsgx_uae_service_sim 78 | else 79 | App_Link_Flags += -lsgx_uae_service 80 | endif 81 | 82 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 83 | 84 | App_Name := app 85 | 86 | ######## Enclave Settings ######## 87 | 88 | ifneq ($(SGX_MODE), HW) 89 | Trts_Library_Name := sgx_trts_sim 90 | Service_Library_Name := sgx_tservice_sim 91 | Crypto_Library_Name := sgx_tcrypto 92 | else 93 | Trts_Library_Name := sgx_trts 94 | Service_Library_Name := sgx_tservice 95 | Crypto_Library_Name := sgx_tcrypto 96 | endif 97 | 98 | Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/Edger8rSyntax/*.cpp) $(wildcard Enclave/TrustedLibrary/*.cpp) 99 | Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport 100 | 101 | Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) 102 | Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ 103 | Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ 104 | -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ 105 | -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ 106 | -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ 107 | -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ 108 | -Wl,--defsym,__ImageBase=0 \ 109 | -Wl,--version-script=Enclave/Enclave.lds 110 | 111 | Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) 112 | 113 | Enclave_Name := enclave.so 114 | Signed_Enclave_Name := enclave.signed.so 115 | Enclave_Config_File := Enclave/Enclave.config.xml 116 | 117 | ifeq ($(SGX_MODE), HW) 118 | ifneq ($(SGX_DEBUG), 1) 119 | ifneq ($(SGX_PRERELEASE), 1) 120 | Build_Mode = HW_RELEASE 121 | endif 122 | endif 123 | endif 124 | 125 | 126 | .PHONY: all run 127 | 128 | ifeq ($(Build_Mode), HW_RELEASE) 129 | all: $(App_Name) $(Enclave_Name) 130 | @echo "The project has been built in release hardware mode." 131 | @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." 132 | @echo "To sign the enclave use the command:" 133 | @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" 134 | @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." 135 | @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." 136 | else 137 | all: $(App_Name) $(Signed_Enclave_Name) 138 | endif 139 | 140 | run: all 141 | ifneq ($(Build_Mode), HW_RELEASE) 142 | @$(CURDIR)/$(App_Name) 143 | @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" 144 | endif 145 | 146 | ######## App Objects ######## 147 | 148 | App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl 149 | @cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 150 | @echo "GEN => $@" 151 | 152 | App/Enclave_u.o: App/Enclave_u.c 153 | @$(CC) $(App_C_Flags) -c $< -o $@ 154 | @echo "CC <= $<" 155 | 156 | App/%.o: App/%.cpp 157 | @$(CXX) $(App_Cpp_Flags) -c $< -o $@ 158 | @echo "CXX <= $<" 159 | 160 | $(App_Name): App/Enclave_u.o $(App_Cpp_Objects) 161 | @$(CXX) $^ -o $@ $(App_Link_Flags) 162 | @echo "LINK => $@" 163 | 164 | ######## Enclave Objects ######## 165 | 166 | Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl 167 | @cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 168 | @echo "GEN => $@" 169 | 170 | Enclave/Enclave_t.o: Enclave/Enclave_t.c 171 | @$(CC) $(Enclave_C_Flags) -c $< -o $@ 172 | @echo "CC <= $<" 173 | 174 | Enclave/%.o: Enclave/%.cpp 175 | @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ 176 | @echo "CXX <= $<" 177 | 178 | $(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) 179 | @$(CXX) $^ -o $@ $(Enclave_Link_Flags) 180 | @echo "LINK => $@" 181 | 182 | $(Signed_Enclave_Name): $(Enclave_Name) 183 | @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) 184 | @echo "SIGN => $@" 185 | 186 | .PHONY: clean 187 | 188 | clean: 189 | @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 190 | -------------------------------------------------------------------------------- /lab1/Makefile: -------------------------------------------------------------------------------- 1 | ######## SGX SDK Settings ######## 2 | 3 | SGX_SDK ?= /opt/intel/sgxsdk 4 | # SGX_MODE ?= SIM 5 | 6 | #clang-3.4 7 | 8 | CC = g++ 9 | 10 | SGX_MODE ?= HW 11 | # SGX_PRELEASE ?= 1 12 | SGX_DEBUG ?= 1 13 | 14 | ifneq ($(SGX_DEBUG), 1) 15 | SGX_PRERELEASE ?= 1 16 | endif 17 | SGX_ARCH ?= x64 18 | 19 | ifeq ($(shell getconf LONG_BIT), 32) 20 | SGX_ARCH := x86 21 | else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) 22 | SGX_ARCH := x86 23 | endif 24 | 25 | ifeq ($(SGX_ARCH), x86) 26 | SGX_COMMON_CFLAGS := -m32 27 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib 28 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign 29 | SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r 30 | else 31 | SGX_COMMON_CFLAGS := -m64 32 | SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 33 | SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign 34 | SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r 35 | endif 36 | 37 | ifeq ($(SGX_DEBUG), 1) 38 | ifeq ($(SGX_PRERELEASE), 1) 39 | $(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) 40 | endif 41 | endif 42 | 43 | ifeq ($(SGX_DEBUG), 1) 44 | SGX_COMMON_CFLAGS += -O0 -g 45 | else 46 | SGX_COMMON_CFLAGS += -O2 47 | endif 48 | 49 | ######## App Settings ######## 50 | 51 | ifneq ($(SGX_MODE), HW) 52 | Urts_Library_Name := sgx_urts_sim 53 | else 54 | Urts_Library_Name := sgx_urts 55 | endif 56 | 57 | App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) 58 | App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include 59 | 60 | App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) 61 | 62 | # Three configuration modes - Debug, prerelease, release 63 | # Debug - Macro DEBUG enabled. 64 | # Prerelease - Macro NDEBUG and EDEBUG enabled. 65 | # Release - Macro NDEBUG enabled. 66 | ifeq ($(SGX_DEBUG), 1) 67 | App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG 68 | else ifeq ($(SGX_PRERELEASE), 1) 69 | App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG 70 | else 71 | App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG 72 | endif 73 | 74 | App_Cpp_Flags := $(App_C_Flags) -std=c++11 75 | App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread 76 | 77 | ifneq ($(SGX_MODE), HW) 78 | App_Link_Flags += -lsgx_uae_service_sim 79 | else 80 | App_Link_Flags += -lsgx_uae_service 81 | endif 82 | 83 | App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) 84 | 85 | App_Name := app 86 | 87 | ######## Enclave Settings ######## 88 | 89 | ifneq ($(SGX_MODE), HW) 90 | Trts_Library_Name := sgx_trts_sim 91 | Service_Library_Name := sgx_tservice_sim 92 | Crypto_Library_Name := sgx_tcrypto 93 | else 94 | Trts_Library_Name := sgx_trts 95 | Service_Library_Name := sgx_tservice 96 | Crypto_Library_Name := sgx_tcrypto 97 | endif 98 | 99 | Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/Edger8rSyntax/*.cpp) $(wildcard Enclave/TrustedLibrary/*.cpp) 100 | Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport 101 | 102 | Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) 103 | Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ 104 | Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ 105 | -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ 106 | -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ 107 | -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ 108 | -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ 109 | -Wl,--defsym,__ImageBase=0 \ 110 | -Wl,--version-script=Enclave/Enclave.lds 111 | 112 | Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) 113 | 114 | Enclave_Name := enclave.so 115 | Signed_Enclave_Name := enclave.signed.so 116 | Enclave_Config_File := Enclave/Enclave.config.xml 117 | 118 | ifeq ($(SGX_MODE), HW) 119 | ifneq ($(SGX_DEBUG), 1) 120 | ifneq ($(SGX_PRERELEASE), 1) 121 | Build_Mode = HW_RELEASE 122 | endif 123 | endif 124 | endif 125 | 126 | 127 | .PHONY: all run 128 | 129 | ifeq ($(Build_Mode), HW_RELEASE) 130 | all: $(App_Name) $(Enclave_Name) 131 | @echo "The project has been built in release hardware mode." 132 | @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." 133 | @echo "To sign the enclave use the command:" 134 | @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" 135 | @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." 136 | @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." 137 | else 138 | all: $(App_Name) $(Signed_Enclave_Name) 139 | endif 140 | 141 | run: all 142 | ifneq ($(Build_Mode), HW_RELEASE) 143 | @$(CURDIR)/$(App_Name) 144 | @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" 145 | endif 146 | 147 | ######## App Objects ######## 148 | App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl 149 | @cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 150 | @echo "GEN => $@" 151 | 152 | App/Enclave_u.o: App/Enclave_u.c 153 | @$(CC) $(App_C_Flags) -c $< -o $@ 154 | @echo "CC <= $<" 155 | 156 | App/%.o: App/%.cpp 157 | @$(CXX) $(App_Cpp_Flags) -g -c $< -o $@ 158 | @echo "CXX <= $<" 159 | 160 | $(App_Name): App/Enclave_u.o $(App_Cpp_Objects) 161 | @$(CXX) $^ -g -o $@ $(App_Link_Flags) 162 | @echo "LINK => $@" 163 | 164 | ######## Enclave Objects ######## 165 | 166 | Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl 167 | @cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include 168 | @echo "GEN => $@" 169 | 170 | Enclave/Enclave_t.o: Enclave/Enclave_t.c 171 | @$(CC) $(Enclave_C_Flags) -c $< -o $@ 172 | @echo "CC <= $<" 173 | 174 | Enclave/%.o: Enclave/%.cpp 175 | @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ 176 | @echo "CXX <= $<" 177 | 178 | $(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) 179 | @$(CXX) $^ -o $@ $(Enclave_Link_Flags) 180 | @echo "LINK => $@" 181 | 182 | $(Signed_Enclave_Name): $(Enclave_Name) 183 | @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) 184 | @echo "SIGN => $@" 185 | 186 | .PHONY: clean 187 | 188 | clean: 189 | @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* 190 | -------------------------------------------------------------------------------- /intro_sample/App/App.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | # include 6 | # include 7 | # define MAX_PATH FILENAME_MAX 8 | 9 | #include "sgx_urts.h" 10 | //#include "sgx_status.h" 11 | #include "App.h" 12 | #include "Enclave_u.h" 13 | 14 | int ecall_sgx_cpuid1(int i, int j) 15 | { 16 | int retval; 17 | int cpuid[4] = {0x1, 0x0, 0x0, 0x0}; 18 | int ret = ecall_sgx_cpuid(global_eid, cpuid, 0x0); 19 | if (ret != SGX_SUCCESS) 20 | abort(); 21 | return retval; 22 | } 23 | 24 | /* Global EID shared by multiple threads */ 25 | sgx_enclave_id_t global_eid = 0; 26 | 27 | typedef struct _sgx_errlist_t { 28 | sgx_status_t err; 29 | const char *msg; 30 | const char *sug; /* Suggestion */ 31 | } sgx_errlist_t; 32 | 33 | /* Error code returned by sgx_create_enclave */ 34 | static sgx_errlist_t sgx_errlist[] = { 35 | { 36 | SGX_ERROR_UNEXPECTED, 37 | "Unexpected error occurred.", 38 | NULL 39 | }, 40 | { 41 | SGX_ERROR_INVALID_PARAMETER, 42 | "Invalid parameter.", 43 | NULL 44 | }, 45 | { 46 | SGX_ERROR_OUT_OF_MEMORY, 47 | "Out of memory.", 48 | NULL 49 | }, 50 | { 51 | SGX_ERROR_ENCLAVE_LOST, 52 | "Power transition occurred.", 53 | "Please refer to the sample \"PowerTransition\" for details." 54 | }, 55 | { 56 | SGX_ERROR_INVALID_ENCLAVE, 57 | "Invalid enclave image.", 58 | NULL 59 | }, 60 | { 61 | SGX_ERROR_INVALID_ENCLAVE_ID, 62 | "Invalid enclave identification.", 63 | NULL 64 | }, 65 | { 66 | SGX_ERROR_INVALID_SIGNATURE, 67 | "Invalid enclave signature.", 68 | NULL 69 | }, 70 | { 71 | SGX_ERROR_OUT_OF_EPC, 72 | "Out of EPC memory.", 73 | NULL 74 | }, 75 | { 76 | SGX_ERROR_NO_DEVICE, 77 | "Invalid SGX device.", 78 | "Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards." 79 | }, 80 | { 81 | SGX_ERROR_MEMORY_MAP_CONFLICT, 82 | "Memory map conflicted.", 83 | NULL 84 | }, 85 | { 86 | SGX_ERROR_INVALID_METADATA, 87 | "Invalid enclave metadata.", 88 | NULL 89 | }, 90 | { 91 | SGX_ERROR_DEVICE_BUSY, 92 | "SGX device was busy.", 93 | NULL 94 | }, 95 | { 96 | SGX_ERROR_INVALID_VERSION, 97 | "Enclave version was invalid.", 98 | NULL 99 | }, 100 | { 101 | SGX_ERROR_INVALID_ATTRIBUTE, 102 | "Enclave was not authorized.", 103 | NULL 104 | }, 105 | { 106 | SGX_ERROR_ENCLAVE_FILE_ACCESS, 107 | "Can't open enclave file.", 108 | NULL 109 | }, 110 | }; 111 | 112 | /* Check error conditions for loading enclave */ 113 | void print_error_message(sgx_status_t ret) 114 | { 115 | size_t idx = 0; 116 | size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0]; 117 | 118 | for (idx = 0; idx < ttl; idx++) { 119 | if(ret == sgx_errlist[idx].err) { 120 | if(NULL != sgx_errlist[idx].sug) 121 | printf("Info: %s\n", sgx_errlist[idx].sug); 122 | printf("Error: %s\n", sgx_errlist[idx].msg); 123 | break; 124 | } 125 | } 126 | 127 | if (idx == ttl) 128 | printf("Error: Unexpected error occurred.\n"); 129 | } 130 | 131 | /* Initialize the enclave: 132 | * Step 1: retrive the launch token saved by last transaction 133 | * Step 2: call sgx_create_enclave to initialize an enclave instance 134 | * Step 3: save the launch token if it is updated 135 | */ 136 | int initialize_enclave(void) 137 | { 138 | char token_path[MAX_PATH] = {'\0'}; 139 | sgx_launch_token_t token = {0}; 140 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 141 | int updated = 0; 142 | 143 | /* Step 1: retrive the launch token saved by last transaction */ 144 | 145 | /* __GNUC__ */ 146 | /* try to get the token saved in $HOME */ 147 | const char *home_dir = getpwuid(getuid())->pw_dir; 148 | 149 | if (home_dir != NULL && 150 | (strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) { 151 | /* compose the token path */ 152 | strncpy(token_path, home_dir, strlen(home_dir)); 153 | strncat(token_path, "/", strlen("/")); 154 | strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1); 155 | } else { 156 | /* if token path is too long or $HOME is NULL */ 157 | strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)); 158 | } 159 | 160 | FILE *fp = fopen(token_path, "rb"); 161 | if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) { 162 | printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path); 163 | } 164 | 165 | if (fp != NULL) { 166 | /* read the token from saved file */ 167 | size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp); 168 | if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) { 169 | /* if token is invalid, clear the buffer */ 170 | memset(&token, 0x0, sizeof(sgx_launch_token_t)); 171 | printf("Warning: Invalid launch token read from \"%s\".\n", token_path); 172 | } 173 | } 174 | 175 | /* Step 2: call sgx_create_enclave to initialize an enclave instance */ 176 | /* Debug Support: set 2nd parameter to 1 */ 177 | ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); 178 | if (ret != SGX_SUCCESS) { 179 | print_error_message(ret); 180 | if (fp != NULL) fclose(fp); 181 | return -1; 182 | } 183 | 184 | /* Step 3: save the launch token if it is updated */ 185 | /* __GNUC__ */ 186 | if (updated == FALSE || fp == NULL) { 187 | /* if the token is not updated, or file handler is invalid, do not perform saving */ 188 | if (fp != NULL) fclose(fp); 189 | return 0; 190 | } 191 | 192 | /* reopen the file with write capablity */ 193 | fp = freopen(token_path, "wb", fp); 194 | if (fp == NULL) return 0; 195 | size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp); 196 | if (write_num != sizeof(sgx_launch_token_t)) 197 | printf("Warning: Failed to save launch token to \"%s\".\n", token_path); 198 | fclose(fp); 199 | return 0; 200 | } 201 | 202 | /* OCall functions */ 203 | void ocall_bar(const char *str, int ret[1]) 204 | { 205 | /* Proxy/Bridge will check the length and null-terminate 206 | * the input string to prevent buffer overflow. 207 | */ 208 | printf("%s", str); 209 | ret[0] = 13; 210 | } 211 | 212 | /* Application entry */ 213 | int SGX_CDECL main(int argc, char *argv[]) 214 | { 215 | int i = 3; 216 | int j = 5; 217 | /* Initialize the enclave */ 218 | if(initialize_enclave() < 0){printf("Error enclave and exit\n");return -1;} 219 | /* Utilize edger8r attributes */ 220 | edger8r_function_attributes(); 221 | /* Utilize trusted libraries */ 222 | 223 | //ecall 224 | sgx_status_t ret = SGX_ERROR_UNEXPECTED; 225 | int retval; 226 | ret = ecall_foo(global_eid, &retval, i, j); 227 | if (ret != SGX_SUCCESS) 228 | abort(); 229 | printf("retval: %d\n", retval); 230 | 231 | /* Destroy the enclave */ 232 | sgx_destroy_enclave(global_eid); 233 | printf("Info: SampleEnclave successfully returned.\n"); 234 | return 0; 235 | } 236 | 237 | -------------------------------------------------------------------------------- /lab3/Enclave1/Enclave1.cpp: -------------------------------------------------------------------------------- 1 | // Enclave1.cpp : Defines the exported functions for the .so application 2 | #include "sgx_eid.h" 3 | #include "Enclave1_t.h" 4 | #include "EnclaveMessageExchange.h" 5 | #include "error_codes.h" 6 | #include "Utility_E1.h" 7 | #include "sgx_thread.h" 8 | #include "sgx_dh.h" 9 | #include 10 | #include 11 | #include 12 | 13 | #define UNUSED(val) (void)(val) 14 | 15 | std::mapsession_map; 16 | 17 | // print out function 18 | int suprint(const char *fmt, ...) 19 | { 20 | int ret[1]; 21 | char buf[BUFSIZ] = {'\0'}; 22 | va_list ap; 23 | va_start(ap, fmt); 24 | vsnprintf(buf, BUFSIZ, fmt, ap); 25 | va_end(ap); 26 | ocall_suprint(buf, ret); 27 | return ret[0]; 28 | } 29 | 30 | 31 | uint32_t start_create_session(sgx_enclave_id_t src_enclave_id, 32 | sgx_enclave_id_t dest_enclave_id) 33 | { 34 | ATTESTATION_STATUS ke_status = SUCCESS; 35 | dh_session_t dest_session_info; 36 | 37 | ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info); 38 | 39 | //Insert the session information into the map under the corresponding destination enclave id 40 | if(ke_status == SUCCESS) 41 | { 42 | session_map.insert(std::pair(dest_enclave_id, dest_session_info)); 43 | } 44 | memset(&dest_session_info, 0, sizeof(dh_session_t)); 45 | return ke_status; 46 | } 47 | 48 | uint32_t enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, 49 | sgx_enclave_id_t dest_enclave_id,uint32_t arg1,uint32_t arg2) 50 | { 51 | ATTESTATION_STATUS ke_status = SUCCESS; 52 | uint32_t var1,var2; 53 | uint32_t target_fn_id, msg_type; 54 | char* marshalled_inp_buff; 55 | size_t marshalled_inp_buff_len; 56 | char* out_buff; 57 | size_t out_buff_len; 58 | dh_session_t *dest_session_info; 59 | size_t max_out_buff_size; 60 | char* retval; 61 | 62 | var1 = arg1; 63 | var2 = arg2; 64 | target_fn_id = 1; 65 | msg_type = ENCLAVE_TO_ENCLAVE_CALL; 66 | max_out_buff_size = 50; 67 | 68 | //Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer 69 | ke_status = marshal_input_parameters_e2(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len); 70 | if(ke_status != SUCCESS) 71 | { 72 | return ke_status; 73 | } 74 | 75 | //Search the map for the session information associated with the destination enclave id of Enclave2 passed in 76 | std::map::iterator it = session_map.find(dest_enclave_id); 77 | if(it != session_map.end()) 78 | { 79 | dest_session_info = &it->second; 80 | } 81 | else 82 | { 83 | SAFE_FREE(marshalled_inp_buff); 84 | return INVALID_SESSION; 85 | } 86 | 87 | //Core Reference Code function 88 | ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, 89 | marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); 90 | 91 | if(ke_status != SUCCESS) 92 | { 93 | SAFE_FREE(marshalled_inp_buff); 94 | SAFE_FREE(out_buff); 95 | return ke_status; 96 | } 97 | 98 | //Un-marshal the return value and output parameters from foo1 of Enclave 2 99 | ke_status = unmarshal_retval_and_output_parameters_e2(out_buff, &retval); 100 | if(ke_status != SUCCESS) 101 | { 102 | SAFE_FREE(marshalled_inp_buff); 103 | SAFE_FREE(out_buff); 104 | return ke_status; 105 | } 106 | 107 | suprint("Enclave 2 call returned: %u\n",*((uint32_t*)retval)); 108 | 109 | SAFE_FREE(marshalled_inp_buff); 110 | SAFE_FREE(out_buff); 111 | SAFE_FREE(retval); 112 | return SUCCESS; 113 | } 114 | 115 | uint32_t exchange_message(sgx_enclave_id_t src_enclave_id, 116 | sgx_enclave_id_t dest_enclave_id) 117 | { 118 | ATTESTATION_STATUS ke_status = SUCCESS; 119 | uint32_t target_fn_id, msg_type; 120 | char* marshalled_inp_buff; 121 | size_t marshalled_inp_buff_len; 122 | char* out_buff; 123 | size_t out_buff_len; 124 | dh_session_t *dest_session_info; 125 | size_t max_out_buff_size; 126 | char* secret_response; 127 | uint32_t secret_data; 128 | 129 | target_fn_id = 0; 130 | msg_type = MESSAGE_EXCHANGE; 131 | max_out_buff_size = 50; 132 | 133 | //Secret Data here is sample data 134 | secret_data = 0x12345678; 135 | 136 | //Marshals the secret data into a buffer 137 | ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); 138 | if(ke_status != SUCCESS) 139 | { 140 | return ke_status; 141 | } 142 | //Search the map for the session information associated with the destination enclave id passed in 143 | std::map::iterator it = session_map.find(dest_enclave_id); 144 | if(it != session_map.end()) 145 | { 146 | dest_session_info = &it->second; 147 | } 148 | else 149 | { 150 | SAFE_FREE(marshalled_inp_buff); 151 | return INVALID_SESSION; 152 | } 153 | 154 | //Core Reference Code function 155 | ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, 156 | marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); 157 | if(ke_status != SUCCESS) 158 | { 159 | SAFE_FREE(marshalled_inp_buff); 160 | SAFE_FREE(out_buff); 161 | return ke_status; 162 | } 163 | 164 | //Un-marshal the secret response data 165 | ke_status = umarshal_message_exchange_response(out_buff, &secret_response); 166 | if(ke_status != SUCCESS) 167 | { 168 | SAFE_FREE(marshalled_inp_buff); 169 | SAFE_FREE(out_buff); 170 | return ke_status; 171 | } 172 | 173 | suprint("Enclave 1 received Response: %#x",*((uint32_t*)secret_response)); 174 | 175 | SAFE_FREE(marshalled_inp_buff); 176 | SAFE_FREE(out_buff); 177 | SAFE_FREE(secret_response); 178 | return SUCCESS; 179 | } 180 | 181 | 182 | 183 | uint32_t start_close_session(sgx_enclave_id_t src_enclave_id, 184 | sgx_enclave_id_t dest_enclave_id) 185 | { 186 | dh_session_t dest_session_info; 187 | ATTESTATION_STATUS ke_status = SUCCESS; 188 | //Search the map for the session information associated with the destination enclave id passed in 189 | std::map::iterator it = session_map.find(dest_enclave_id); 190 | if(it != session_map.end()) 191 | { 192 | dest_session_info = it->second; 193 | } 194 | else 195 | { 196 | return NULL; 197 | } 198 | 199 | //Core reference code function for closing a session 200 | ke_status = close_session(src_enclave_id, dest_enclave_id); 201 | 202 | //Erase the session information associated with the destination enclave id 203 | session_map.erase(dest_enclave_id); 204 | return ke_status; 205 | } 206 | 207 | //Function that is used to verify the trust of the other enclave 208 | //Each enclave can have its own way verifying the peer enclave identity 209 | extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) 210 | { 211 | if(!peer_enclave_identity) 212 | { 213 | return INVALID_PARAMETER_ERROR; 214 | } 215 | if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) 216 | { 217 | return ENCLAVE_TRUST_ERROR; 218 | } 219 | else 220 | { 221 | return SUCCESS; 222 | } 223 | } 224 | 225 | //Generates the response from the request message 226 | extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, 227 | char** resp_buffer, 228 | size_t* resp_length) 229 | { 230 | return SUCCESS; 231 | 232 | } 233 | 234 | //Dispatch function that calls the approriate enclave function based on the function id 235 | //Each enclave can have its own way of dispatching the calls from other enclave 236 | extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, 237 | size_t decrypted_data_length, 238 | char** resp_buffer, 239 | size_t* resp_length) 240 | { 241 | return 0; 242 | } 243 | -------------------------------------------------------------------------------- /lab3/lab4/Enclave1/Enclave1.cpp: -------------------------------------------------------------------------------- 1 | // Enclave1.cpp : Defines the exported functions for the .so application 2 | #include "sgx_eid.h" 3 | #include "Enclave1_t.h" 4 | #include "EnclaveMessageExchange.h" 5 | #include "error_codes.h" 6 | #include "Utility_E1.h" 7 | #include "sgx_thread.h" 8 | #include "sgx_dh.h" 9 | #include 10 | #include 11 | #include 12 | 13 | #define UNUSED(val) (void)(val) 14 | 15 | std::mapsession_map; 16 | 17 | // print out function 18 | int suprint(const char *fmt, ...) 19 | { 20 | int ret[1]; 21 | char buf[BUFSIZ] = {'\0'}; 22 | va_list ap; 23 | va_start(ap, fmt); 24 | vsnprintf(buf, BUFSIZ, fmt, ap); 25 | va_end(ap); 26 | ocall_suprint(buf, ret); 27 | return ret[0]; 28 | } 29 | 30 | 31 | uint32_t start_create_session(sgx_enclave_id_t src_enclave_id, 32 | sgx_enclave_id_t dest_enclave_id) 33 | { 34 | ATTESTATION_STATUS ke_status = SUCCESS; 35 | dh_session_t dest_session_info; 36 | 37 | ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info); 38 | 39 | //Insert the session information into the map under the corresponding destination enclave id 40 | if(ke_status == SUCCESS) 41 | { 42 | session_map.insert(std::pair(dest_enclave_id, dest_session_info)); 43 | } 44 | memset(&dest_session_info, 0, sizeof(dh_session_t)); 45 | return ke_status; 46 | } 47 | 48 | uint32_t enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, 49 | sgx_enclave_id_t dest_enclave_id,uint32_t arg1,uint32_t arg2) 50 | { 51 | ATTESTATION_STATUS ke_status = SUCCESS; 52 | uint32_t var1,var2; 53 | uint32_t target_fn_id, msg_type; 54 | char* marshalled_inp_buff; 55 | size_t marshalled_inp_buff_len; 56 | char* out_buff; 57 | size_t out_buff_len; 58 | dh_session_t *dest_session_info; 59 | size_t max_out_buff_size; 60 | char* retval; 61 | 62 | var1 = arg1; 63 | var2 = arg2; 64 | target_fn_id = 1; 65 | msg_type = ENCLAVE_TO_ENCLAVE_CALL; 66 | max_out_buff_size = 50; 67 | 68 | //Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer 69 | ke_status = marshal_input_parameters_e2(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len); 70 | if(ke_status != SUCCESS) 71 | { 72 | return ke_status; 73 | } 74 | 75 | //Search the map for the session information associated with the destination enclave id of Enclave2 passed in 76 | std::map::iterator it = session_map.find(dest_enclave_id); 77 | if(it != session_map.end()) 78 | { 79 | dest_session_info = &it->second; 80 | } 81 | else 82 | { 83 | SAFE_FREE(marshalled_inp_buff); 84 | return INVALID_SESSION; 85 | } 86 | 87 | //Core Reference Code function 88 | ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, 89 | marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); 90 | 91 | if(ke_status != SUCCESS) 92 | { 93 | SAFE_FREE(marshalled_inp_buff); 94 | SAFE_FREE(out_buff); 95 | return ke_status; 96 | } 97 | 98 | //Un-marshal the return value and output parameters from foo1 of Enclave 2 99 | ke_status = unmarshal_retval_and_output_parameters_e2(out_buff, &retval); 100 | if(ke_status != SUCCESS) 101 | { 102 | SAFE_FREE(marshalled_inp_buff); 103 | SAFE_FREE(out_buff); 104 | return ke_status; 105 | } 106 | 107 | suprint("Enclave 2 call returned: %u\n",*((uint32_t*)retval)); 108 | 109 | SAFE_FREE(marshalled_inp_buff); 110 | SAFE_FREE(out_buff); 111 | SAFE_FREE(retval); 112 | return SUCCESS; 113 | } 114 | 115 | uint32_t exchange_message(sgx_enclave_id_t src_enclave_id, 116 | sgx_enclave_id_t dest_enclave_id) 117 | { 118 | ATTESTATION_STATUS ke_status = SUCCESS; 119 | uint32_t target_fn_id, msg_type; 120 | char* marshalled_inp_buff; 121 | size_t marshalled_inp_buff_len; 122 | char* out_buff; 123 | size_t out_buff_len; 124 | dh_session_t *dest_session_info; 125 | size_t max_out_buff_size; 126 | char* secret_response; 127 | uint32_t secret_data; 128 | 129 | target_fn_id = 0; 130 | msg_type = MESSAGE_EXCHANGE; 131 | max_out_buff_size = 50; 132 | 133 | //Secret Data here is sample data 134 | secret_data = 0x12345678; 135 | 136 | //Marshals the secret data into a buffer 137 | ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); 138 | if(ke_status != SUCCESS) 139 | { 140 | return ke_status; 141 | } 142 | //Search the map for the session information associated with the destination enclave id passed in 143 | std::map::iterator it = session_map.find(dest_enclave_id); 144 | if(it != session_map.end()) 145 | { 146 | dest_session_info = &it->second; 147 | } 148 | else 149 | { 150 | SAFE_FREE(marshalled_inp_buff); 151 | return INVALID_SESSION; 152 | } 153 | 154 | //Core Reference Code function 155 | ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, 156 | marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); 157 | if(ke_status != SUCCESS) 158 | { 159 | SAFE_FREE(marshalled_inp_buff); 160 | SAFE_FREE(out_buff); 161 | return ke_status; 162 | } 163 | 164 | //Un-marshal the secret response data 165 | ke_status = umarshal_message_exchange_response(out_buff, &secret_response); 166 | if(ke_status != SUCCESS) 167 | { 168 | SAFE_FREE(marshalled_inp_buff); 169 | SAFE_FREE(out_buff); 170 | return ke_status; 171 | } 172 | 173 | suprint("Enclave 1 received Response: %#x",*((uint32_t*)secret_response)); 174 | 175 | SAFE_FREE(marshalled_inp_buff); 176 | SAFE_FREE(out_buff); 177 | SAFE_FREE(secret_response); 178 | return SUCCESS; 179 | } 180 | 181 | 182 | 183 | uint32_t start_close_session(sgx_enclave_id_t src_enclave_id, 184 | sgx_enclave_id_t dest_enclave_id) 185 | { 186 | dh_session_t dest_session_info; 187 | ATTESTATION_STATUS ke_status = SUCCESS; 188 | //Search the map for the session information associated with the destination enclave id passed in 189 | std::map::iterator it = session_map.find(dest_enclave_id); 190 | if(it != session_map.end()) 191 | { 192 | dest_session_info = it->second; 193 | } 194 | else 195 | { 196 | return NULL; 197 | } 198 | 199 | //Core reference code function for closing a session 200 | ke_status = close_session(src_enclave_id, dest_enclave_id); 201 | 202 | //Erase the session information associated with the destination enclave id 203 | session_map.erase(dest_enclave_id); 204 | return ke_status; 205 | } 206 | 207 | //Function that is used to verify the trust of the other enclave 208 | //Each enclave can have its own way verifying the peer enclave identity 209 | extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) 210 | { 211 | if(!peer_enclave_identity) 212 | { 213 | return INVALID_PARAMETER_ERROR; 214 | } 215 | if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) 216 | { 217 | return ENCLAVE_TRUST_ERROR; 218 | } 219 | else 220 | { 221 | return SUCCESS; 222 | } 223 | } 224 | 225 | //Generates the response from the request message 226 | extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, 227 | char** resp_buffer, 228 | size_t* resp_length) 229 | { 230 | return SUCCESS; 231 | 232 | } 233 | 234 | //Dispatch function that calls the approriate enclave function based on the function id 235 | //Each enclave can have its own way of dispatching the calls from other enclave 236 | extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, 237 | size_t decrypted_data_length, 238 | char** resp_buffer, 239 | size_t* resp_length) 240 | { 241 | return 0; 242 | } 243 | --------------------------------------------------------------------------------