├── .gitignore ├── CMakeLists.txt ├── License ├── LICENSE └── Third_Party_Open_Source_Software_Notice.md ├── README.en.md ├── README.md ├── changelog.md ├── component ├── CMakeLists.txt ├── local_attest │ ├── CMakeLists.txt │ ├── gp_local_attest.c │ ├── local_attest_agent.h │ ├── sg_local_attest.c │ ├── sg_local_attest.h │ └── sgx_local_attest.c ├── ra_tls │ ├── CMakeLists.txt │ ├── LICENSE │ ├── README.md │ ├── openssl_imp.c │ ├── ra_tls.c │ ├── ra_tls.h │ └── ra_tls_imp.h ├── remote_attest │ ├── CMakeLists.txt │ ├── ra_report │ │ ├── CMakeLists.txt │ │ ├── gp_ra_report.c │ │ ├── gp_report_helper.c │ │ ├── gp_report_helper.h │ │ ├── sg_ra_report.c │ │ ├── sg_ra_report.h │ │ ├── sgx_ra_report.c │ │ └── uni_ra_agent.h │ ├── ra_verify │ │ ├── CMakeLists.txt │ │ ├── gp_ra_report_verify.c │ │ ├── sg_ra_report_verify.c │ │ ├── sg_ra_report_verify.h │ │ ├── sgx_ra_report_verify.c │ │ └── uni_ra_verify_agent.h │ └── sg_report_st.h └── secure_channel │ ├── CMakeLists.txt │ ├── Readme.md │ ├── client │ ├── CMakeLists.txt │ ├── secure_channel_client.c │ └── secure_channel_client.h │ ├── enclave │ ├── CMakeLists.txt │ ├── Enclave.lds │ ├── secure_channel_enclave.c │ └── secure_channel_enclave.h │ ├── host │ ├── CMakeLists.txt │ ├── secure_channel_host.c │ └── secure_channel_host.h │ ├── secure_channel.edl │ ├── secure_channel.h │ ├── secure_channel_common.c │ └── secure_channel_common.h ├── conf ├── logrotate.d │ └── secgear └── rsyslog.d │ └── secgear.conf ├── docs ├── HelloWorld开发流程和特性使用指南.md ├── build_install.md ├── codegener.md ├── disclaimer.md ├── itrustee_libc_support.md ├── logo.png ├── riscv_tee.md ├── secGear_RISC-V_Penglai_demo.jpeg └── sign_tool.md ├── environment ├── examples ├── CMakeLists.txt ├── helloworld │ ├── CMakeLists.txt │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── hello.c │ │ └── manifest.txt │ ├── helloworld.edl │ └── host │ │ ├── CMakeLists.txt │ │ └── main.c ├── local_attest │ ├── CMakeLists.txt │ ├── Readme.md │ ├── basevalue.txt │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── enclave.c │ │ └── manifest.txt │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.c │ └── la_demo.edl ├── lrt │ ├── CMakeLists.txt │ ├── Dockerfile │ ├── device_plugin.yaml │ ├── enclave.yaml │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── lrt.c │ │ └── manifest.txt.in │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.c │ └── lrt.edl ├── ra_tls │ ├── CMakeLists.txt │ ├── client.c │ └── server.c ├── remote_attest │ ├── CMakeLists.txt │ ├── Readme.md │ ├── basevalue.txt │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── enclave.c │ │ └── manifest.txt │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.c │ └── ra_demo.edl ├── seal_data │ ├── CMakeLists.txt │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── manifest.txt │ │ └── seal_data.c │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.c │ └── seal_data.edl ├── secgear_ds │ ├── CMakeLists.txt │ ├── README.md │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── manifest.txt │ │ └── secgear_ds.cpp │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.cpp │ └── secgear_ds.edl ├── secgear_kms │ ├── CMakeLists.txt │ ├── README.md │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── enclave_kms.cpp │ │ └── manifest.txt │ ├── host │ │ ├── CMakeLists.txt │ │ └── kms.cpp │ ├── include │ │ ├── base64.h │ │ ├── common.h │ │ ├── error_code.h │ │ └── secgear_kms.h │ ├── kms.edl │ └── test │ │ ├── CMakeLists.txt │ │ └── test.cpp ├── secure_channel │ ├── CMakeLists.txt │ ├── Readme.md │ ├── basevalue.txt │ ├── client │ │ ├── CMakeLists.txt │ │ └── client.c │ ├── client_with_recv_thread │ │ ├── CMakeLists.txt │ │ └── client.c │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── enclave.c │ │ └── manifest.txt │ ├── host │ │ ├── CMakeLists.txt │ │ └── server.c │ ├── sc_demo.edl │ └── usr_msg.h ├── switchless │ ├── CMakeLists.txt │ ├── README.md │ ├── enclave │ │ ├── CMakeLists.txt │ │ ├── Enclave.config.xml │ │ ├── Enclave.lds │ │ ├── config_cloud.ini │ │ ├── enclave.c │ │ └── manifest.txt │ ├── host │ │ ├── CMakeLists.txt │ │ └── main.c │ └── switchless.edl └── switchless_performance │ ├── CMakeLists.txt │ ├── README.md │ ├── enclave │ ├── CMakeLists.txt │ ├── Enclave.config.xml │ ├── Enclave.lds │ ├── config_cloud.ini │ ├── enclave.c │ └── manifest.txt │ ├── host │ ├── CMakeLists.txt │ └── main.c │ └── switchless.edl ├── inc ├── common_inc │ ├── bit_operation.h │ ├── gp │ │ └── gp_shared_memory_defs.h │ ├── secgear_list.h │ └── switchless_defs.h ├── enclave_inc │ ├── gp │ │ ├── caller.h │ │ ├── gp.h │ │ ├── gp_ocall.h │ │ └── itrustee │ │ │ ├── bottom_memory_check.h │ │ │ ├── cc_securec.h │ │ │ ├── dataseal_internal.h │ │ │ ├── error_conversion.h │ │ │ ├── random_internal.h │ │ │ ├── secgear_log.h │ │ │ ├── tee_agent.h │ │ │ └── tee_trusted_storage.h │ ├── memory_check.h │ ├── penglai │ │ ├── bottom_memory_check.h │ │ ├── cc_securec.h │ │ ├── dataseal_internal.h │ │ ├── error_conversion.h │ │ ├── penglai.h │ │ ├── penglai_ocall.h │ │ ├── random_internal.h │ │ └── secgear_log.h │ ├── secgear_dataseal.h │ ├── secgear_random.h │ └── sgx │ │ ├── bottom_memory_check.h │ │ ├── cc_securec.h │ │ ├── dataseal_internal.h │ │ ├── error_conversion.h │ │ ├── random_internal.h │ │ └── secgear_log.h └── host_inc │ ├── enclave.h │ ├── enclave_internal.h │ ├── enclave_log.h │ ├── gp │ ├── secgear_pthread.edl │ ├── secgear_tkey_exchange.edl │ ├── secgear_tprotected_fs.edl │ ├── secgear_tssl.edl │ ├── secgear_tstdc.edl │ ├── secgear_tswitchless.edl │ └── secgear_urts.h │ ├── ocall_log.h │ ├── penglai │ ├── secgear_pthread.edl │ ├── secgear_tkey_exchange.edl │ ├── secgear_tprotected_fs.edl │ ├── secgear_tssl.edl │ ├── secgear_tstdc.edl │ ├── secgear_tswitchless.edl │ └── secgear_urts.h │ ├── secgear_defs.h │ ├── secgear_shared_memory.h │ ├── secgear_uswitchless.h │ ├── sgx │ ├── secgear_pthread.edl │ ├── secgear_tkey_exchange.edl │ ├── secgear_tprotected_fs.edl │ ├── secgear_tssl.edl │ ├── secgear_tstdc.edl │ ├── secgear_tswitchless.edl │ ├── secgear_urts.h │ └── sgx_enclave.h │ └── status.h ├── install_manifest.txt ├── service └── attestation │ ├── .gitignore │ ├── README.md │ ├── attestation-agent │ ├── Cargo.lock │ ├── Cargo.toml │ ├── README.md │ ├── agent │ │ ├── Cargo.toml │ │ ├── attestation-agent.conf │ │ └── src │ │ │ ├── bin │ │ │ ├── aa-test │ │ │ │ └── main.rs │ │ │ └── generate-headers │ │ │ │ └── main.rs │ │ │ ├── lib.rs │ │ │ ├── main.rs │ │ │ ├── restapi │ │ │ └── mod.rs │ │ │ ├── result │ │ │ └── mod.rs │ │ │ └── session.rs │ ├── attester │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── itrustee │ │ │ ├── itrustee.rs │ │ │ └── mod.rs │ │ │ ├── lib.rs │ │ │ └── virtcca │ │ │ ├── mod.rs │ │ │ └── virtcca.rs │ ├── c_header │ │ ├── example.c │ │ └── rust_attestation_agent.h │ └── token │ │ ├── Cargo.toml │ │ └── src │ │ └── lib.rs │ ├── attestation-client │ ├── Cargo.toml │ └── src │ │ ├── client.rs │ │ ├── common.rs │ │ ├── error.rs │ │ ├── main.rs │ │ ├── resource │ │ ├── client.rs │ │ └── mod.rs │ │ └── resource_policy │ │ ├── client.rs │ │ └── mod.rs │ ├── attestation-service │ ├── Cargo.lock │ ├── Cargo.toml │ ├── README.md │ ├── as_startup.sh │ ├── policy │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── lib.rs │ │ │ ├── opa │ │ │ ├── default_itrustee.rego │ │ │ ├── default_vcca.rego │ │ │ └── mod.rs │ │ │ └── policy_engine.rs │ ├── reference │ │ ├── Cargo.toml │ │ └── src │ │ │ ├── extractor │ │ │ └── mod.rs │ │ │ ├── lib.rs │ │ │ ├── local_fs │ │ │ └── mod.rs │ │ │ ├── reference │ │ │ └── mod.rs │ │ │ └── store │ │ │ └── mod.rs │ ├── service │ │ ├── Cargo.toml │ │ ├── attestation-service.conf │ │ └── src │ │ │ ├── lib.rs │ │ │ ├── main.rs │ │ │ ├── restapi │ │ │ ├── mod.rs │ │ │ └── resource │ │ │ │ ├── mod.rs │ │ │ │ ├── policy.rs │ │ │ │ └── storage.rs │ │ │ ├── result │ │ │ └── mod.rs │ │ │ └── session.rs │ ├── tests │ │ ├── Cargo.toml │ │ └── src │ │ │ └── lib.rs │ ├── token │ │ ├── Cargo.toml │ │ └── src │ │ │ └── lib.rs │ └── verifier │ │ ├── Cargo.toml │ │ ├── src │ │ ├── itrustee │ │ │ ├── itrustee.rs │ │ │ └── mod.rs │ │ ├── lib.rs │ │ ├── rustcca │ │ │ ├── LICENSE │ │ │ └── mod.rs │ │ └── virtcca │ │ │ ├── ima.rs │ │ │ └── mod.rs │ │ └── test_data │ │ ├── cca-token-01.cbor │ │ ├── cca-token-02.cbor │ │ ├── cpak.json │ │ ├── virtcca.cbor │ │ └── virtcca_aik_cert.der │ ├── attestation-types │ ├── Cargo.toml │ └── src │ │ ├── lib.rs │ │ ├── resource │ │ ├── admin │ │ │ ├── mod.rs │ │ │ └── simple.rs │ │ ├── error.rs │ │ ├── mod.rs │ │ ├── policy │ │ │ ├── mod.rs │ │ │ └── opa │ │ │ │ ├── mod.rs │ │ │ │ └── virtcca.rego │ │ ├── storage │ │ │ ├── mod.rs │ │ │ └── simple.rs │ │ └── utils.rs │ │ └── service.rs │ └── oeas │ ├── README.md │ ├── docs │ ├── oeas_api.md │ ├── oeas_web.md │ ├── policy.md │ ├── templates │ │ ├── your_policy_name.rego │ │ ├── your_ref_name.json │ │ └── your_res_policy_name.rego │ └── tools_get_attestation.md │ ├── service │ ├── Dockerfile_aarch64 │ ├── Dockerfile_x86_64 │ ├── build.sh │ └── conf │ │ ├── Huawei Equipment Root CA.pem │ │ ├── Huawei IT Product CA.pem │ │ ├── attestation-agent.conf │ │ ├── attestation-service.conf │ │ ├── oeas.toml │ │ ├── oeas_authentication.py │ │ ├── start.sh │ │ ├── supervisord-https.conf │ │ └── supervisord.conf │ ├── tools │ └── get_attestation.sh │ └── website │ ├── .env.development │ ├── .env.production │ ├── .gitignore │ ├── .prettierrc.json │ ├── Dockerfile │ ├── README.md │ ├── deploy │ ├── entrypoint.sh │ ├── monitor.sh │ └── nginx │ │ └── nginx.conf │ ├── index.html │ ├── package.json │ ├── pnpm-lock.yaml │ ├── public │ └── favicon.ico │ ├── src │ ├── @types │ │ ├── type-components.ts │ │ └── type-user.ts │ ├── App.vue │ ├── api │ │ ├── api-management.ts │ │ └── api-user.ts │ ├── assets │ │ ├── category │ │ │ ├── footer │ │ │ │ ├── atom-logo.png │ │ │ │ ├── atom-logo.svg │ │ │ │ ├── bilibili.png │ │ │ │ ├── bilibili_hover.png │ │ │ │ ├── code-xzs.png │ │ │ │ ├── code-zgz-2.png │ │ │ │ ├── code-zgz.jpg │ │ │ │ ├── code-zgz.png │ │ │ │ ├── csdn.png │ │ │ │ ├── csdn_hover.png │ │ │ │ ├── footer-bg-mo.png │ │ │ │ ├── footer-bg.png │ │ │ │ ├── footer-bg1.png │ │ │ │ ├── footer-logo1.png │ │ │ │ ├── footer-logo2.png │ │ │ │ ├── img-gzh.png │ │ │ │ ├── img-xzs.png │ │ │ │ ├── infoq.png │ │ │ │ ├── juejin.png │ │ │ │ ├── juejin_hover.png │ │ │ │ ├── linkdin.png │ │ │ │ ├── linkdin_hover.png │ │ │ │ ├── oschina.png │ │ │ │ ├── oschina_hover.png │ │ │ │ ├── reddit-square.png │ │ │ │ ├── reddit-square_hover.png │ │ │ │ ├── toutiao.png │ │ │ │ ├── toutiao_hover.png │ │ │ │ ├── x.png │ │ │ │ ├── x_hover.png │ │ │ │ ├── youtube.png │ │ │ │ └── youtube_hover.png │ │ │ ├── header │ │ │ │ └── logo.svg │ │ │ ├── illustrations │ │ │ │ └── 404.png │ │ │ ├── management │ │ │ │ ├── banner-illustration.png │ │ │ │ ├── banner.jpg │ │ │ │ ├── empty.png │ │ │ │ ├── home-desc.png │ │ │ │ ├── home-feature-bg.png │ │ │ │ └── not-found.png │ │ │ └── svg-icons │ │ │ │ ├── icon-home-feature.svg │ │ │ │ ├── icon-info.svg │ │ │ │ ├── icon-outlink.svg │ │ │ │ └── icon-user.svg │ │ ├── style │ │ │ ├── base.scss │ │ │ ├── mixin │ │ │ │ ├── common.scss │ │ │ │ ├── font.scss │ │ │ │ └── screen.scss │ │ │ └── theme │ │ │ │ ├── anchor.scss │ │ │ │ ├── button.scss │ │ │ │ ├── card.scss │ │ │ │ ├── dark.token.css │ │ │ │ ├── default-light.token.css │ │ │ │ ├── dialog.scss │ │ │ │ ├── dropdown.scss │ │ │ │ ├── icon.scss │ │ │ │ ├── index.scss │ │ │ │ ├── input.scss │ │ │ │ ├── link.scss │ │ │ │ ├── media.token.scss │ │ │ │ ├── message.scss │ │ │ │ ├── pagination.scss │ │ │ │ ├── popup.scss │ │ │ │ ├── rate.scss │ │ │ │ ├── result.scss │ │ │ │ ├── select.scss │ │ │ │ ├── tab.scss │ │ │ │ ├── table.scss │ │ │ │ ├── tag.scss │ │ │ │ ├── textarea.scss │ │ │ │ └── toggle.scss │ │ └── vue.svg │ ├── components │ │ ├── AppFooter.vue │ │ ├── BannerLevel2.vue │ │ ├── ContentWrapper.vue │ │ ├── MailExample.vue │ │ ├── easy-dialog │ │ │ ├── EasyDialog.vue │ │ │ ├── types.ts │ │ │ └── use-dialog.ts │ │ └── header │ │ │ ├── AppHeader.vue │ │ │ ├── HeaderNav.vue │ │ │ └── HeaderUser.vue │ ├── config │ │ ├── common.ts │ │ ├── footer.ts │ │ ├── management.ts │ │ ├── navs.ts │ │ └── query.ts │ ├── main.ts │ ├── routes │ │ ├── index.ts │ │ └── management.ts │ ├── shared │ │ ├── axios │ │ │ ├── index.ts │ │ │ └── setConfig.ts │ │ └── login.ts │ ├── stores │ │ └── user.ts │ ├── utils │ │ └── cookie.ts │ ├── views │ │ ├── NotFound.vue │ │ ├── TheHome.vue │ │ └── management │ │ │ ├── TheManagement.vue │ │ │ ├── TheManagementBaseline.vue │ │ │ ├── TheManagementPolicy.vue │ │ │ ├── TheManagementResource.vue │ │ │ └── components │ │ │ ├── ManagementCreateBaselineDialog.vue │ │ │ ├── ManagementCreatePolicyDialog.vue │ │ │ ├── ManagementCreateResourceDialog.vue │ │ │ ├── ManagementViewPolicyDialog.vue │ │ │ └── UploadFormItem.vue │ └── vite-env.d.ts │ ├── tsconfig.app.json │ ├── tsconfig.json │ ├── tsconfig.node.json │ └── vite.config.ts ├── src ├── CMakeLists.txt ├── enclave_src │ ├── CMakeLists.txt │ ├── gp │ │ ├── gp.c │ │ ├── gp_ocall.c │ │ └── itrustee │ │ │ ├── CMakeLists.txt │ │ │ ├── bottom_memory_check.c │ │ │ ├── error_conversion.c │ │ │ ├── itrustee_random.c │ │ │ ├── itrustee_seal_data.c │ │ │ ├── itrustee_shared_memory.c │ │ │ ├── itrustee_shared_memory.h │ │ │ ├── itrustee_tswitchless.c │ │ │ └── itrustee_tswitchless.h │ ├── memory_check.c │ ├── penglai │ │ ├── CMakeLists.txt │ │ ├── bottom_memory_check.c │ │ ├── error_conversion.c │ │ ├── penglai_ocall.c │ │ ├── penglai_random.c │ │ └── penglai_seal_data.c │ ├── secgear_random.c │ ├── secgear_seal_data.c │ └── sgx │ │ ├── CMakeLists.txt │ │ ├── bottom_memory_check.c │ │ ├── error_conversion.c │ │ ├── sgx_random.c │ │ └── sgx_seal_data.c └── host_src │ ├── CMakeLists.txt │ ├── enclave.c │ ├── enclave_internal.c │ ├── enclave_ocall.c │ ├── gp │ ├── CMakeLists.txt │ ├── gp_enclave.c │ ├── gp_enclave.h │ ├── gp_shared_memory.c │ ├── gp_shared_memory.h │ ├── gp_uswitchless.c │ └── gp_uswitchless.h │ ├── ocall_log.c │ ├── penglai │ ├── CMakeLists.txt │ ├── penglai_enclave.c │ └── penglai_enclave.h │ ├── secgear_shared_memory.c │ └── sgx │ ├── CMakeLists.txt │ ├── sgx_enclave.c │ ├── sgx_enclave.h │ ├── sgx_shared_memory.c │ └── sgx_shared_memory.h ├── test ├── CMakeLists.txt └── llt.sh ├── thirdparty ├── base64url │ ├── b64 │ │ ├── LICENSE │ │ ├── README.md │ │ ├── b64.h │ │ ├── buffer.c │ │ ├── decode.c │ │ ├── encode.c │ │ └── notes.md │ ├── base64url.c │ └── base64url.h ├── cjson │ ├── cJSON.c │ └── cJSON.h ├── kunpengsecl │ └── verifier │ │ └── teeverifier.h └── libqca │ └── ra_client_api.h └── tools ├── codegener ├── CMakeLists.txt ├── Codegener.ml ├── Commonfunc.ml ├── Genheader.ml ├── Gentrust.ml ├── Genuntrust.ml ├── dune ├── dune-project ├── intel │ ├── Ast.ml │ ├── CodeGen.ml │ ├── Edger8r.ml │ ├── Lexer.mll │ ├── Makefile │ ├── Parser.mly │ ├── Plugin.ml │ ├── Preprocessor.ml │ ├── SimpleStack.ml │ ├── Util.ml │ └── dune ├── main.ml └── penglai │ ├── CodeGenPL.ml │ ├── CommonfuncPL.ml │ ├── GenheaderPL.ml │ ├── GentrustPL.ml │ ├── GenuntrustPL.ml │ └── dune └── sign_tool └── sign_tool.sh /.gitignore: -------------------------------------------------------------------------------- 1 | *vscode* -------------------------------------------------------------------------------- /changelog.md: -------------------------------------------------------------------------------- 1 | ## release v1.0.0 2 | 1. 支持远程证明统一框架,支持快速集成、部署远程证明服务 3 | 2. 新增通过openSession注册共享内存机制,相对ecall方式减少CPU占用率 4 | 3. switchless机制支持配置TA线程绑核,降低频繁调度切换开销,优化REE和TEE业务线程性能 5 | 5. 安全通道支持使用远程证明身份验证 6 | 6. 问题修改/优化: 7 | - 修改switchless样例编译方式 8 | - 添加__attribute__((optimize("O0")))来忽略编译优化 9 | - 使用memset代替explicit_bzero 10 | - 添加检查内存访问权限来适配ccos 11 | - 新增配置鲲鹏TA开发者证书方法 12 | - 解密失败时清除解密数据 13 | - 优化安全通道验证报告逻辑 14 | - 签名工具添加无效参数验证 15 | - 签名工具添加API_LEVEL 16 | - 修改itrustee_sdk中openssl文件路径 17 | 18 | ## release v0.2.0 19 | 1. support switchless 20 | 2. support secure channel 21 | 3. some bugfix 22 | 23 | ## release v0.1.0 24 | Initialize secGear: support Intel sgx and Arm trustzone(iTrustee OS) 25 | Libraries: enclave unified lifecycle management APIs, enclave seal data APIs. 26 | Tools: support codegener/signtools 27 | 28 | -------------------------------------------------------------------------------- /component/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | set(LIBRARY_INSTALL ${LOCAL_ROOT_PATH_INSTALL}/usr/lib64) 12 | 13 | ADD_SUBDIRECTORY(secure_channel) 14 | 15 | ADD_SUBDIRECTORY(remote_attest) 16 | ADD_SUBDIRECTORY(local_attest) 17 | ADD_SUBDIRECTORY(ra_tls) 18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /component/local_attest/local_attest_agent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_LOCAL_ATTEST_AGENT_H 14 | #define SECGEAR_LOCAL_ATTEST_AGENT_H 15 | 16 | #include "status.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | cc_enclave_result_t agent_local_attest(char *taid, char *img_hash, char *mem_hash); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | 28 | #endif 29 | -------------------------------------------------------------------------------- /component/local_attest/sg_local_attest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "sg_local_attest.h" 13 | #include "local_attest_agent.h" 14 | 15 | cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash) 16 | { 17 | if (taid == NULL || img_hash == NULL || mem_hash == NULL) { 18 | return CC_ERROR_BAD_PARAMETERS; 19 | } 20 | 21 | return agent_local_attest(taid, img_hash, mem_hash); 22 | } 23 | -------------------------------------------------------------------------------- /component/local_attest/sg_local_attest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_LOCAL_ATTESTATION_H 14 | #define SECGEAR_LOCAL_ATTESTATION_H 15 | 16 | #include "status.h" 17 | #include "secgear_defs.h" 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | /** 24 | * [host TEE API] get and verify local attestation report by TA 25 | * [NOTICE] before calling cc_local_attest, the attestation service 26 | * need to be initialized by cc_prepare_ra_env, otherwise get report error 27 | * 28 | * @param[in] taid, the unique ID string of target TA 29 | * 30 | * @param[in] img_hash, the static image measure of target TA 31 | * 32 | * @param[in] mem_hash, the static memory measure of target TA 33 | * 34 | * @retval, On success, return 0. 35 | * On error, cc_enclave_result_t errorno is returned. 36 | */ 37 | CC_API_SPEC cc_enclave_result_t cc_local_attest(char *taid, char *img_hash, char *mem_hash); 38 | 39 | #ifdef __cplusplus 40 | } 41 | #endif 42 | 43 | #endif 44 | -------------------------------------------------------------------------------- /component/local_attest/sgx_local_attest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "local_attest_agent.h" 13 | 14 | cc_enclave_result_t agent_local_attest(char *taid, char *img_hash, char *mem_hash) 15 | { 16 | (void)taid; 17 | (void)img_hash; 18 | (void)mem_hash; 19 | return CC_SUCCESS; 20 | } 21 | -------------------------------------------------------------------------------- /component/ra_tls/README.md: -------------------------------------------------------------------------------- 1 | # ra-tls 2 | 3 | secGear支持ra-tls,基于远程证明服务,在机密环境与数据提供方之间建立TLS连接,确保数据可靠传输。 4 | 5 | # 依赖环境 6 | 远程证明服务AS,AA服务,服务配置参考service/attestation/README.md 7 | 8 | # 编译和安装 9 | 执行如下指令编译 10 | cd component/ra_tls 11 | mkdir build 12 | cmake ../ 13 | //也可以指定默认的TLS库,并开启Debug模式 14 | cmake ../ -DCMAKE_BUILD_TYPE=Debug -DTLS_LIB=OPENSSL 15 | make 16 | make install 17 | 18 | # 运行示例 19 | 在 examples/ra_tls 目录下执行 20 | mkdir build 21 | cd build 22 | cmake ../ 23 | make 24 | ./server 25 | ./client -------------------------------------------------------------------------------- /component/remote_attest/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | ADD_SUBDIRECTORY(ra_report) 12 | ADD_SUBDIRECTORY(ra_verify) 13 | 14 | 15 | file(GLOB RA_HEADERS ${CMAKE_CURRENT_SOURCE_DIR}/sg_report_st.h 16 | ${CMAKE_CURRENT_SOURCE_DIR}/ra_report/sg_ra_report.h 17 | ${CMAKE_CURRENT_SOURCE_DIR}/ra_verify/sg_ra_report_verify.h) 18 | 19 | install(FILES ${RA_HEADERS} 20 | DESTINATION /usr/include/secGear 21 | PERMISSIONS OWNER_WRITE OWNER_READ GROUP_READ WORLD_READ) 22 | -------------------------------------------------------------------------------- /component/remote_attest/ra_report/gp_report_helper.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_GP_REPORT_HELPER_H 14 | #define SECGEAR_GP_REPORT_HELPER_H 15 | 16 | #include "status.h" 17 | #include "sg_report_st.h" 18 | 19 | cc_enclave_result_t gen_provision_no_as_in_buff(cc_ra_buf_t **in); 20 | cc_enclave_result_t gen_ra_report_in_buff(cc_get_ra_report_input_t *param, cc_ra_buf_t **json_buf); 21 | void free_cc_ra_buf(cc_ra_buf_t *ra_buf); 22 | 23 | #endif 24 | 25 | -------------------------------------------------------------------------------- /component/remote_attest/ra_report/sg_ra_report.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "sg_ra_report.h" 13 | #include "uni_ra_agent.h" 14 | 15 | static uni_ra_agent_t *g_ra_agent = NULL; 16 | cc_enclave_result_t cc_prepare_ra_env(cc_ra_scenario_t scenario) 17 | { 18 | if (g_ra_agent == NULL) { 19 | return CC_ERROR_RA_AGENT_NOT_INIT; 20 | } 21 | return g_ra_agent->prepare_ra_env(scenario); 22 | } 23 | 24 | cc_enclave_result_t cc_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report) 25 | { 26 | if (in == NULL || in->taid == NULL || report == NULL || report->buf == NULL) { 27 | return CC_ERROR_BAD_PARAMETERS; 28 | } 29 | if (g_ra_agent == NULL) { 30 | return CC_ERROR_RA_AGENT_NOT_INIT; 31 | } 32 | return g_ra_agent->get_ra_report(in, report); 33 | } 34 | 35 | void cc_register_ra_agent(uni_ra_agent_t *agent) 36 | { 37 | g_ra_agent = agent; 38 | } 39 | -------------------------------------------------------------------------------- /component/remote_attest/ra_report/sgx_ra_report.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "uni_ra_agent.h" 13 | 14 | static cc_enclave_result_t sgx_prepare_ra_env(cc_ra_scenario_t scenario) 15 | { 16 | (void)scenario; 17 | return CC_SUCCESS; 18 | } 19 | 20 | static cc_enclave_result_t sgx_get_ra_report(cc_get_ra_report_input_t *in, cc_ra_buf_t *report) 21 | { 22 | (void)in; 23 | (void)report; 24 | 25 | return CC_SUCCESS; 26 | } 27 | 28 | static uni_ra_agent_t g_sgx_agent = { 29 | .tee_type = CC_TEE_TYPE_SGX, 30 | .prepare_ra_env = sgx_prepare_ra_env, 31 | .get_ra_report = sgx_get_ra_report, 32 | }; 33 | static __attribute__((constructor)) void sgx_register_ra_agent(void) 34 | { 35 | cc_register_ra_agent(&g_sgx_agent); 36 | } -------------------------------------------------------------------------------- /component/remote_attest/ra_report/uni_ra_agent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_UNI_RA_AGENT_H 14 | #define SECGEAR_UNI_RA_AGENT_H 15 | 16 | #include 17 | #include "status.h" 18 | #include "sg_report_st.h" 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | typedef cc_enclave_result_t (*uni_prepare_ra_env_proc_t)(cc_ra_scenario_t scenario); 25 | typedef cc_enclave_result_t (*uni_get_ra_report_proc_t)(cc_get_ra_report_input_t *in, cc_ra_buf_t *report); 26 | 27 | typedef enum { 28 | CC_TEE_TYPE_GP, 29 | CC_TEE_TYPE_SGX, 30 | } cc_tee_type_t; 31 | 32 | typedef struct { 33 | cc_tee_type_t tee_type; 34 | uni_prepare_ra_env_proc_t prepare_ra_env; 35 | uni_get_ra_report_proc_t get_ra_report; 36 | } uni_ra_agent_t; 37 | 38 | void cc_register_ra_agent(uni_ra_agent_t *agent); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /component/remote_attest/ra_verify/sg_ra_report_verify.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "sg_ra_report_verify.h" 14 | #include "uni_ra_verify_agent.h" 15 | 16 | static uni_ra_verify_agent_t *g_ra_agent = NULL; 17 | 18 | cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, cc_ra_verify_type_t type, char *basevalue) 19 | { 20 | if (report == NULL || report->buf == NULL || nonce == NULL || nonce->buf == NULL || basevalue == NULL) { 21 | return CC_ERROR_BAD_PARAMETERS; 22 | } 23 | if (g_ra_agent == NULL) { 24 | return CC_ERROR_RA_VERIFY_AGENT_NOT_INIT; 25 | } 26 | return g_ra_agent->verify_ra_report(report, nonce, type, basevalue); 27 | } 28 | 29 | void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent) 30 | { 31 | g_ra_agent = agent; 32 | } -------------------------------------------------------------------------------- /component/remote_attest/ra_verify/sg_ra_report_verify.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_RA_VERIFY_REPORT_H 14 | #define SECGEAR_RA_VERIFY_REPORT_H 15 | 16 | #include "status.h" 17 | #include "secgear_defs.h" 18 | #include "sg_report_st.h" 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | /** 24 | * [verifier API] verify remote attestation report by verifier 25 | * 26 | * @param[in] report, the report of target TA 27 | * 28 | * @param[in] nonce, the nonce generated when get report 29 | * 30 | * @param[in] type, the mode of verify report 31 | * 32 | * @param[in] basevalue, the basevalue file path of target TA, 33 | * 34 | * @retval, On success, return 0. 35 | * On error, cc_enclave_result_t errorno is returned. 36 | */ 37 | CC_API_SPEC cc_enclave_result_t cc_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, 38 | cc_ra_verify_type_t type, char *basevalue); 39 | 40 | #ifdef __cplusplus 41 | } 42 | #endif 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /component/remote_attest/ra_verify/sgx_ra_report_verify.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "uni_ra_verify_agent.h" 13 | 14 | static cc_enclave_result_t sgx_verify_report(cc_ra_buf_t *report, cc_ra_buf_t *nonce, 15 | cc_ra_verify_type_t type, char *basevalue) 16 | { 17 | (void)report; 18 | (void)nonce; 19 | (void)type; 20 | (void)basevalue; 21 | return CC_SUCCESS; 22 | } 23 | 24 | static uni_ra_verify_agent_t g_sgx_ra_verify_agent = { 25 | .verify_ra_report = sgx_verify_report, 26 | }; 27 | static __attribute__((constructor)) void gp_register_ra_agent(void) 28 | { 29 | cc_register_ra_verify_agent(&g_sgx_ra_verify_agent); 30 | } -------------------------------------------------------------------------------- /component/remote_attest/ra_verify/uni_ra_verify_agent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_UNI_RA_VERIFY_AGENT_H 14 | #define SECGEAR_UNI_RA_VERIFY_AGENT_H 15 | 16 | #include 17 | #include "status.h" 18 | #include "sg_report_st.h" 19 | 20 | #ifdef __cplusplus 21 | extern "C" { 22 | #endif 23 | 24 | typedef cc_enclave_result_t (*uni_ra_report_verify_proc_t)(cc_ra_buf_t *report, cc_ra_buf_t *nonce, 25 | cc_ra_verify_type_t type, char *basevalue); 26 | 27 | typedef struct { 28 | uni_ra_report_verify_proc_t verify_ra_report; 29 | } uni_ra_verify_agent_t; 30 | 31 | void cc_register_ra_verify_agent(uni_ra_verify_agent_t *agent); 32 | 33 | #ifdef __cplusplus 34 | } 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /component/remote_attest/sg_report_st.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_REPORT_STRUCT_H 14 | #define SECGEAR_REPORT_STRUCT_H 15 | 16 | #include 17 | #include 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | typedef struct { 24 | uint32_t len; 25 | uint8_t *buf; 26 | } cc_ra_buf_t; 27 | 28 | typedef enum { 29 | CC_RA_SCENARIO_NO_AS, 30 | } cc_ra_scenario_t; 31 | 32 | typedef enum { 33 | CC_RA_VERIFY_TYPE_LOOSE, 34 | CC_RA_VERIFY_TYPE_STRICT, 35 | CC_RA_VERIFY_TYPE_MAX 36 | } cc_ra_verify_type_t; 37 | 38 | #define MAX_NONCE_BUF_LEN 64 39 | typedef struct { 40 | uint8_t *taid; 41 | uint32_t nonce_len; 42 | uint8_t nonce[MAX_NONCE_BUF_LEN]; 43 | bool with_tcb; 44 | bool req_key; 45 | } cc_get_ra_report_input_t; 46 | 47 | #ifdef __cplusplus 48 | } 49 | #endif 50 | 51 | #endif 52 | -------------------------------------------------------------------------------- /component/secure_channel/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /conf/logrotate.d/secgear: -------------------------------------------------------------------------------- 1 | /var/log/secgear/secgear.log { 2 | missingok 3 | rotate 20 4 | notifempty 5 | nocompress 6 | copytruncate 7 | size 2048k 8 | lastaction 9 | chmod 0400 /var/log/secgear/secgear.log.* 10 | endscript 11 | } 12 | -------------------------------------------------------------------------------- /conf/rsyslog.d/secgear.conf: -------------------------------------------------------------------------------- 1 | #Do not modify this file 2 | if ($msg contains '[secGear]') then { 3 | action(type="omfile" fileCreateMode="0600" file="/var/log/secgear/secgear.log") 4 | stop 5 | } 6 | -------------------------------------------------------------------------------- /docs/codegener.md: -------------------------------------------------------------------------------- 1 | # Getting started with the codegen 2 | 3 | The codegen helps to define these special functions through the `edl` files and assist user to using enclave. 4 | 5 | ## The codegen 6 | 7 | The codegen is based on the 'edger8r' tool in SGX SDK. 8 | - For example 9 | ``` 10 | $ codegen_arm64 --trustzone test.edl 11 | ``` 12 | **Note**: using the `codegen --help` to get more details. 13 | 14 | ## EDL format 15 | - For SGX(x86) 16 | ``` 17 | enclave { 18 | trusted { 19 | public void enclave_helloworld( 20 | int idata, 21 | [in, size=data_in_size]unsigned char* data_in, 22 | size_t data_in_size, 23 | [out, size=data_out_size]unsigned char** data_out, 24 | size_t data_out_size, 25 | [in, out]unsigned char** data_in_out); 26 | }; 27 | 28 | untrusted { 29 | void host_helloworld(); 30 | }; 31 | }; 32 | ``` 33 | - For trustzone(arm) 34 | ``` 35 | enclave { 36 | trusted { 37 | public void enclave_helloworld( 38 | int idata, 39 | [in, size=data_in_size]unsigned char* data_in, 40 | size_t data_in_size, 41 | [out, size=data_out_size]unsigned char** data_out, 42 | size_t data_out_size, 43 | [in, out]unsigned char** data_in_out); 44 | }; 45 | }; 46 | ``` 47 | **Note**: so far, we don`t support ocall for trustzone.And we also don`t support usercheck for trustzone. 48 | -------------------------------------------------------------------------------- /docs/disclaimer.md: -------------------------------------------------------------------------------- 1 | # Disclaimer 2 | 3 | The correctness and security of code generated by the code generation tool (codegen_arm64 and codegen_x86_64) need to be checked by users. 4 | -------------------------------------------------------------------------------- /docs/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/docs/logo.png -------------------------------------------------------------------------------- /docs/riscv_tee.md: -------------------------------------------------------------------------------- 1 | ## secGear for RISC-V TEE 2 | 3 | 目前secGear支持基于蓬莱TEE的RISC-V可信执行环境 4 | 5 | ### Helloworld Demo 6 | 下面说明如何运行helloworld demo 7 | 8 | 9 | #### 1. 准备openEuler RISC-V环境 10 | 11 | 相关openEuler RISC-V镜像、内核、以及支持最新的蓬莱monitor可以通过[github](https://github.com/penglai-enclave/penglai-enclave-sPMP) 12 | 获得 13 | 14 | 在RISC-V下编译secGear需要Ocaml等依赖环境。 15 | 目前我们已经准备预编译的Ocaml包来简化这个过程,用户可以直接从 16 | https://ipads.se.sjtu.edu.cn:1313/d/6a464e02cd3d4c1bafb0/ 17 | 下载下面指令中所需的包。 18 | 19 | #### 2. 配置环境 20 | 21 | 启动一个RISC-V openEuler环境。 22 | 23 | 拷贝二进制和设置环境变量: 24 | 25 | 1) 将opam(ocaml包管理器)软件压缩包从主机复制到RISCV qemu: 26 | 27 | scp -P 12055 -r opam.tar.gz root@localhost:~/ 28 | 29 | 2) 在根目录(~/)下解压 30 | 31 | tar -zxvf opam.tar.gz 32 | 33 | 3) 在~/.bashrc中添加如下环境变量并使其生效: 34 | 35 | export PATH=/root/.opam/4.12.0/bin:$PATH 36 | 37 | 4) 安装cmake 38 | 39 | yum install cmake 40 | 41 | #### 3. 编译 secGear 项目 42 | 43 | 1. 在根目录(~/)下创建dev文件夹 44 | 45 | 2. 拷贝secGear到dev文件夹: 46 | 47 | scp -P 12055 -r secGear root@localhost:~/dev 48 | 49 | 3. 拷贝蓬莱sdk到dev文件夹,该路径与下文cmake时指定的蓬莱sdk路径参数相关,不建议修改 50 | 51 | scp -P 12055 -r sdk root@localhost:~/dev 52 | 53 | 4. 进入secGear目录并在debug目录中编译: 54 | 55 | cd secGear 56 | source environment && mkdir debug && cd debug 57 | cmake -DENCLAVE=PL .. && make && make install 58 | 59 | #### 4. 运行 helloworld 程序 60 | 61 | 此时debug目录的bin目录下已经有secgear_helloworld可执行文件了。在此目录下运行程序: 62 | 63 | ./bin/secgear_helloworld 64 | 65 | 别忘了在此之前insmod penglai.ko 66 | 67 | 运行结果 68 | --------- 69 | secGear-Penglai 70 | -------------------------------------------------------------------------------- /docs/secGear_RISC-V_Penglai_demo.jpeg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/docs/secGear_RISC-V_Penglai_demo.jpeg -------------------------------------------------------------------------------- /environment: -------------------------------------------------------------------------------- 1 | file_dir=`readlink -f ${BASH_SOURCE[0]}` 2 | export CC_SDK=`dirname $file_dir` 3 | export PATH=$PATH:$CC_SDK/bin/ 4 | -------------------------------------------------------------------------------- /examples/helloworld/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/helloworld/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/helloworld/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/TA_cert/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/TA_cert/config 61 | -------------------------------------------------------------------------------- /examples/helloworld/enclave/hello.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include 14 | #include 15 | #include "helloworld_t.h" 16 | 17 | #define TA_HELLO_WORLD "secgear hello world!" 18 | #define BUF_MAX 32 19 | int get_string(char *buf) 20 | { 21 | strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /examples/helloworld/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 2 | gpd.ta.service_name: rsa-demo 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: false 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 67928064 7 | gpd.ta.stackSize: 40960 8 | -------------------------------------------------------------------------------- /examples/helloworld/helloworld.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | include "secgear_urts.h" 15 | from "secgear_tstdc.edl" import *; 16 | trusted { 17 | public int get_string([out, size=32]char *buf); 18 | }; 19 | }; 20 | -------------------------------------------------------------------------------- /examples/local_attest/basevalue.txt: -------------------------------------------------------------------------------- 1 | 7763a15a-0a9e-4e86-90cd-e4262583948a 3422f5d1291b101c164847cf398cd0aadfaf21280005249d9ae79254275ad0d9 de4cf46a26d45c0504cdbcaee7b39be211fb4d1087c5bf40b544b324293b8036 2 | -------------------------------------------------------------------------------- /examples/local_attest/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/local_attest/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/local_attest/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/TA_cert/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/TA_cert/secgear-app1/config 61 | -------------------------------------------------------------------------------- /examples/local_attest/enclave/enclave.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * CloudEnclave is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "secgear_log.h" 13 | #include "sg_local_attest.h" 14 | #include "status.h" 15 | #include "la_demo_t.h" 16 | 17 | int local_attest_test(char* taid, char* img_hash, char* mem_hash) 18 | { 19 | cc_enclave_result_t ret = cc_local_attest(taid, img_hash, mem_hash); 20 | if (ret != CC_SUCCESS) { 21 | PrintInfo(PRINT_ERROR, "local attest failed ret:%u\n", ret); 22 | return ret; 23 | } 24 | 25 | return CC_SUCCESS; 26 | } 27 | -------------------------------------------------------------------------------- /examples/local_attest/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 7763a15a-0a9e-4e86-90cd-e4262583948a 2 | gpd.ta.service_name: secgear-app1 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: true 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 802816 7 | gpd.ta.stackSize: 1792 8 | gpd.ta.mem_page_align: true -------------------------------------------------------------------------------- /examples/local_attest/la_demo.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * CloudEnclave is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | trusted { 15 | public int local_attest_test([in, size = 37] char* taid, [in, size = 65] char* img_hash, [in, size = 65] char* mem_hash); 16 | }; 17 | }; 18 | -------------------------------------------------------------------------------- /examples/lrt/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | project(HelloWorldLRT C) 12 | 13 | set(CMAKE_C_STANDARD 99) 14 | 15 | set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) 16 | 17 | #set edl name 18 | set(EDL_FILE lrt.edl) 19 | set(CODEGEN codegen) 20 | 21 | if(CC_GP) 22 | set(CODETYPE trustzone) 23 | # execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID) 24 | #string(REPLACE "\n" "" UUID ${UUID}) 25 | set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0) 26 | add_definitions(-DPATH="/data/${UUID}.sec") 27 | endif() 28 | 29 | if(CC_SGX) 30 | set(CODETYPE sgx) 31 | add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/enclave.signed.so") 32 | endif() 33 | 34 | add_subdirectory(${CURRENT_ROOT_PATH}/enclave) 35 | add_subdirectory(${CURRENT_ROOT_PATH}/host) 36 | -------------------------------------------------------------------------------- /examples/lrt/Dockerfile: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | # steps to build example image: 12 | # 1. build the secGear project at host 13 | # # cd secGear/ 14 | # # source environment 15 | # # source /opt/intel/sgxsdk/environment 16 | # # mkdir debug && cd debug 17 | # # cmake -DCMAKE_BUILD_TYPE=Debug -DCC_SGX=ON -DSGXSDK=/opt/intel/sgxsdk .. 18 | # # make 19 | # 2. build the example image 20 | # # cd ../examples/lrt/ 21 | # # docker build -t secgear_hello -f ./Dockerfile ../../ 22 | 23 | 24 | FROM hub.oepkgs.net/lifeng2221dd1/sgx_base_hw:latest 25 | 26 | COPY debug/lib/sgx/libsgx_0.so /lib64/ 27 | COPY debug/lib/libsecgear.so /usr/lib/ 28 | COPY debug/examples/lrt/host/secgear_lrt /home/ 29 | COPY debug/examples/lrt/enclave/enclave.signed.so /home/ 30 | 31 | WORKDIR /home 32 | 33 | ENTRYPOINT ["/home/secgear_lrt"] 34 | -------------------------------------------------------------------------------- /examples/lrt/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/lrt/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/lrt/enclave/lrt.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include 14 | #include 15 | #include "lrt_t.h" 16 | 17 | #define TA_HELLO_WORLD "Secgear Long Running Task!" 18 | #define BUF_MAX 32 19 | int get_string(char *buf) 20 | { 21 | strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); 22 | return 0; 23 | } 24 | -------------------------------------------------------------------------------- /examples/lrt/enclave/manifest.txt.in: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: @UUID@ 2 | gpd.ta.service_name: test0108 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: false 5 | gpd.ta.multiCommand: false 6 | gpd.ta.instanceKeepAlive: false 7 | gpd.ta.dataSize: 16384 8 | gpd.ta.stackSize: 20480 9 | -------------------------------------------------------------------------------- /examples/lrt/lrt.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | include "secgear_urts.h" 15 | from "secgear_tstdc.edl" import *; 16 | trusted { 17 | public int get_string([out, size=32]char *buf); 18 | }; 19 | }; 20 | -------------------------------------------------------------------------------- /examples/ra_tls/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright 2024 Huawei Technologies Co., Ltd. 2024. All rights reserved. 2 | # ra_tls is licensed under Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan 4 | # PSL v2. 5 | # You may obtain a copy of Mulan PSL v2 at: 6 | # http://license.coscl.org.cn/MulanPSL2 7 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY 8 | # KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO 9 | # NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE. 10 | # See the Mulan PSL v2 for more details. 11 | 12 | cmake_minimum_required(VERSION 3.10 FATAL_ERROR) 13 | project(ra_tls_ex VERSION 0.1) 14 | 15 | set(SERVER_NAME server) 16 | set(SERVER_SRC ${CMAKE_CURRENT_SOURCE_DIR}/server.c) 17 | set(CLIENT_NAME client) 18 | set(CLIENT_SRC ${CMAKE_CURRENT_SOURCE_DIR}/client.c) 19 | 20 | set(LD_SO crypto ssl ra_tls) 21 | add_definitions(-DUSE_OPENSSL) 22 | #uncomment below when client use certificate 23 | add_definitions(-DCLIENT_WITH_CERT) 24 | set(CMAKE_LIBRARY_PATH ${CMAKE_LIBRARY_PATH} "${CMAKE_INSTALL_PREFIX}/lib64") 25 | find_library(DEP_LIBS_PATH NAMES ${LD_SO} PATH ${CMAKE_LIBRARY_PATH}) 26 | 27 | add_executable(${SERVER_NAME} ${SERVER_SRC}) 28 | add_executable(${CLIENT_NAME} ${CLIENT_SRC}) 29 | 30 | include_directories(${SERVER_NAME} /usr/include/secGear) 31 | include_directories(${CLIENT_NAME} /usr/include/secGear) 32 | 33 | target_link_libraries(${SERVER_NAME} ${LD_SO}) 34 | target_link_libraries(${CLIENT_NAME} ${LD_SO}) -------------------------------------------------------------------------------- /examples/remote_attest/basevalue.txt: -------------------------------------------------------------------------------- 1 | 7763a15a-0a9e-4e86-90cd-e4262583948a ced134f41cfae3a630ce22ab304ab381b81c466689891a50cf77c8d8c0780337 3b6f574cef482c969b5ae9a779336870018975c6c793f61798c81d236311b5a3 2 | -------------------------------------------------------------------------------- /examples/remote_attest/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/remote_attest/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/remote_attest/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/TA_cert/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/TA_cert/secgear-app1/config 61 | -------------------------------------------------------------------------------- /examples/remote_attest/enclave/enclave.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * CloudEnclave is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "secgear_log.h" 13 | #include "status.h" 14 | #include "ra_demo_t.h" 15 | 16 | int remote_attest_test(void) 17 | { 18 | PrintInfo(PRINT_STRACE, "target ta is running\n"); 19 | 20 | return CC_SUCCESS; 21 | } 22 | -------------------------------------------------------------------------------- /examples/remote_attest/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 7763a15a-0a9e-4e86-90cd-e4262583948a 2 | gpd.ta.service_name: secgear-app1 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: true 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 802816 7 | gpd.ta.stackSize: 1792 8 | gpd.ta.mem_page_align: true -------------------------------------------------------------------------------- /examples/remote_attest/ra_demo.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * CloudEnclave is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | trusted { 15 | public int remote_attest_test(); 16 | }; 17 | }; 18 | -------------------------------------------------------------------------------- /examples/seal_data/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | cmake_minimum_required(VERSION 3.10) 12 | 13 | project(SealData C) 14 | 15 | set(CMAKE_C_STANDARD 99) 16 | 17 | set(CURRENT_ROOT_PATH ${CMAKE_CURRENT_SOURCE_DIR}) 18 | 19 | set(EDL_FILE seal_data.edl) 20 | set(CODEGEN codegen) 21 | 22 | if(CC_GP) 23 | set(CODETYPE trustzone) 24 | set(UUID 9cb38838-2766-42be-8b7b-0d184a996066) 25 | add_definitions(-DPATH="/data/${UUID}.sec") 26 | endif() 27 | 28 | if(CC_SGX) 29 | set(CODETYPE sgx) 30 | add_definitions(-DPATH="${CMAKE_CURRENT_BINARY_DIR}/enclave/seal_data.signed.so") 31 | endif() 32 | 33 | 34 | ADD_SUBDIRECTORY(${CURRENT_ROOT_PATH}/enclave) 35 | ADD_SUBDIRECTORY(${CURRENT_ROOT_PATH}/host) 36 | -------------------------------------------------------------------------------- /examples/seal_data/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/seal_data/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/seal_data/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [config] 2 | ;0 means debug 3 | ;1 means release 4 | ;[fixed value] 5 | releaseType = 1 6 | ;;; 7 | ;0 means TA not installed by OTRP 8 | ;1 means TA installed by OTRP 9 | otrpFlag = 0 10 | ;;; 11 | ;server address for signing TA 12 | serverIp= 13 | ;;; 14 | ;public key for encrypt TA 15 | ;[fixed value] 16 | encryptKey = cloud/rsa_public_key_cloud.pem 17 | ;;; 18 | ;public key length 19 | ;[fixed value] 20 | encryptKeyLen = 3072 21 | ;;; 22 | ;0 means not sign 23 | ;1 means signed by local private 24 | ;2 means signed using native sign tool; 25 | ;3 means signed by CI 26 | ;[fixed value] 27 | signType = 1 28 | ;;; 29 | ;private key for signing TA 30 | ;this private key is only for the debug mode so plaintext private key does exist in the production environment 31 | ;[private key owned by yourself] 32 | signKey = ../../examples/seal_data/enclave/cert/private_key.pem 33 | ;;; 34 | ;private key length for signing TA 35 | ;[key length should be 4096 for security enhance] 36 | signKeyLen = 4096 37 | ;;; 38 | ;0 means SHA256 hash type 39 | ;1 means SHA512 hash type 40 | ;[set value to 0 by default] 41 | hashType = 0 42 | ;;; 43 | ;0 means padding type is pkcs1v15 44 | ;1 means padding type is PSS 45 | ;[set value to 0 by default] 46 | paddingType = 0 47 | ;;; 48 | ;config file 49 | ;[signed config file by Huawei] 50 | configPath= ../../examples/seal_data/enclave/signed_config/config 51 | -------------------------------------------------------------------------------- /examples/seal_data/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 9cb38838-2766-42be-8b7b-0d184a996066 2 | gpd.ta.service_name: secstorage-demo 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: false 5 | gpd.ta.instanceKeepAlive: False 6 | gpd.ta.dataSize: 819200 7 | gpd.ta.stackSize: 40960 8 | -------------------------------------------------------------------------------- /examples/seal_data/host/main.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include 14 | #include "enclave.h" 15 | #include "seal_data_u.h" 16 | 17 | #define BUF_LEN 32 18 | 19 | int main() 20 | { 21 | int retval = 0; 22 | char *path = PATH; 23 | char buf[BUF_LEN]; 24 | cc_enclave_result_t res; 25 | cc_enclave_t context = {0}; 26 | printf("Create secgear enclave\n"); 27 | res = cc_enclave_create(path, AUTO_ENCLAVE_TYPE, 0, SECGEAR_DEBUG_FLAG, NULL, 0, &context); 28 | if (res != CC_SUCCESS) { 29 | printf("Create enclave error\n"); 30 | return res; 31 | } 32 | 33 | res = seal_data_test_func(&context, &retval, buf, BUF_LEN); 34 | if (res != CC_SUCCESS || retval != (int)CC_SUCCESS) { 35 | printf("Ecall enclave error\n"); 36 | } else { 37 | printf("%s\n", buf); 38 | } 39 | 40 | res = cc_enclave_destroy(&context); 41 | if(res != CC_SUCCESS) { 42 | printf("Destroy enclave error\n"); 43 | } 44 | return res; 45 | } 46 | -------------------------------------------------------------------------------- /examples/seal_data/seal_data.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | include "secgear_urts.h" 15 | from "secgear_tstdc.edl" import *; 16 | trusted { 17 | public int seal_data_test_func([out, size=32]char *buf, uint32_t buf_len); 18 | }; 19 | }; 20 | -------------------------------------------------------------------------------- /examples/secgear_ds/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x10000000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/secgear_ds/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/secgear_ds/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [config] 2 | ;0 means debug 3 | ;1 means release 4 | ;[fixed value] 5 | releaseType = 1 6 | ;;; 7 | ;0 means TA not installed by OTRP 8 | ;1 means TA installed by OTRP 9 | otrpFlag = 0 10 | ;;; 11 | ;server address for signing TA 12 | serverIp= 13 | ;;; 14 | ;public key for encrypt TA 15 | ;[fixed value] 16 | encryptKey = cloud/rsa_public_key_cloud.pem 17 | ;;; 18 | ;public key length 19 | ;[fixed value] 20 | encryptKeyLen = 3072 21 | ;;; 22 | ;0 means not sign 23 | ;1 means signed by local private 24 | ;2 means signed using native sign tool; 25 | ;3 means signed by CI 26 | ;[fixed value] 27 | signType = 1 28 | ;;; 29 | ;private key for signing TA 30 | ;this private key is only for the debug mode so plaintext private key does exist in the production environment 31 | ;[private key owned by yourself] 32 | signKey = ../../examples/seal_data/enclave/cert/private_key.pem 33 | ;;; 34 | ;private key length for signing TA 35 | ;[key length should be 4096 for security enhance] 36 | signKeyLen = 4096 37 | ;;; 38 | ;0 means SHA256 hash type 39 | ;1 means SHA512 hash type 40 | ;[set value to 0 by default] 41 | hashType = 0 42 | ;;; 43 | ;0 means padding type is pkcs1v15 44 | ;1 means padding type is PSS 45 | ;[set value to 0 by default] 46 | paddingType = 0 47 | ;;; 48 | ;config file 49 | ;[signed config file by Huawei] 50 | configPath= ../../examples/seal_data/enclave/signed_config/config 51 | -------------------------------------------------------------------------------- /examples/secgear_ds/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 9cb38838-2766-42be-8b7b-0d184a996066 2 | gpd.ta.service_name: secstorage-demo 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: false 5 | gpd.ta.instanceKeepAlive: False 6 | gpd.ta.dataSize: 819200 7 | gpd.ta.stackSize: 40960 8 | -------------------------------------------------------------------------------- /examples/secgear_kms/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/secgear_kms/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/secgear_kms/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/TA_cert/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/TA_cert/secgear-app1/config 61 | -------------------------------------------------------------------------------- /examples/secgear_kms/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: f68fd704-6eb1-4d14-b218-722850eb3ef0 2 | gpd.ta.service_name: rsa-demo 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: false 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 819200 7 | gpd.ta.stackSize: 40960 8 | -------------------------------------------------------------------------------- /examples/secgear_kms/include/common.h: -------------------------------------------------------------------------------- 1 | #ifndef SECGEAR_KMS_COMMON_H 2 | #define SECGEAR_KMS_COMMON_H 3 | 4 | #include 5 | #include 6 | 7 | #ifdef __cplusplus 8 | extern "C" { 9 | #endif 10 | 11 | // 设备管理 12 | #define DEFAULT_STORAGE_FILE_PATH "/tmp/secgear_kms_storage" 13 | 14 | // 对称加密 15 | 16 | #define SGD_SM4_ECB 0x00000101 17 | #define SGD_SM4_CBC 0x00000102 18 | #define SGD_SM4_CFB 0x00000104 19 | #define SGD_SM4_OFB 0x00000108 20 | 21 | #define SDF_SM4_GROUP_LENGTH 16 22 | #define SDF_SM4_IV_LENGTH SDF_SM4_GROUP_LENGTH 23 | 24 | // 非对称加密 25 | #define SGD_SM2 0x00020100 26 | 27 | // 杂凑算法 28 | #define SGD_SM3 0x00000001 29 | #define SGD_SM3_SM2 0x00020101 30 | #define SGD_SHA1 0x00000002 31 | 32 | #define SGD_MAX_MD_SIZE 64 33 | 34 | const static size_t SESSION_KEY_LEN = 32; 35 | 36 | #ifdef __cplusplus 37 | } 38 | #endif 39 | 40 | #endif // SECGEAR_KMS_COMMON_H -------------------------------------------------------------------------------- /examples/secure_channel/basevalue.txt: -------------------------------------------------------------------------------- 1 | 7763a15a-0a9e-4e86-90cd-e4262583948a 8b7373be89840534eafc2836110b31c7fee5b96ebbab09a1db87c34be393afee 52bc57fb201ebd00fcc66059084dfb38e98c0e4d11d7131d29448bc6f7cb5939 2 | -------------------------------------------------------------------------------- /examples/secure_channel/client/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #set host exec name 2 | set(OUTPUT sc_client) 3 | #set host src code 4 | set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/client.c) 5 | 6 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-maybe-uninitialized -fPIE") 7 | 8 | if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 9 | link_directories(/usr/lib64 /usr/local/lib) 10 | endif() 11 | add_executable(${OUTPUT} ${SOURCE_FILE}) 12 | target_include_directories(${OUTPUT} PRIVATE 13 | ${CMAKE_CURRENT_SOURCE_DIR}/.. 14 | ${SECGEAR_INSTALL_DIR}) 15 | if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 16 | target_link_directories(${OUTPUT} PRIVATE /usr/lib64 /usr/local/lib) 17 | endif() 18 | if (CC_GP) 19 | set(THIRDPARTY_VERIFY teeverifier) 20 | endif() 21 | 22 | target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY}) 23 | 24 | set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) 25 | 26 | install(TARGETS ${OUTPUT} 27 | RUNTIME 28 | DESTINATION ${CMAKE_BINARY_DIR}/bin/ 29 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) 30 | -------------------------------------------------------------------------------- /examples/secure_channel/client_with_recv_thread/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | #set host exec name 2 | set(OUTPUT sc_client_with_recv_thread) 3 | #set host src code 4 | set(SOURCE_FILE ${CMAKE_CURRENT_SOURCE_DIR}/client.c) 5 | 6 | set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-maybe-uninitialized -fPIE") 7 | 8 | if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 9 | link_directories(${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) 10 | endif() 11 | add_executable(${OUTPUT} ${SOURCE_FILE}) 12 | target_include_directories(${OUTPUT} PRIVATE 13 | ${CMAKE_CURRENT_SOURCE_DIR}/.. 14 | ${SECGEAR_INSTALL_DIR}) 15 | if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 16 | target_link_directories(${OUTPUT} PRIVATE ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}) 17 | endif() 18 | if (CC_GP) 19 | set(THIRDPARTY_VERIFY teeverifier) 20 | endif() 21 | target_link_libraries(${OUTPUT} pthread csecure_channel ${THIRDPARTY_VERIFY}) 22 | 23 | set_target_properties(${OUTPUT} PROPERTIES SKIP_BUILD_RPATH TRUE) 24 | 25 | install(TARGETS ${OUTPUT} 26 | RUNTIME 27 | DESTINATION ${CMAKE_BINARY_DIR}/bin/ 28 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) 29 | 30 | -------------------------------------------------------------------------------- /examples/secure_channel/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | -------------------------------------------------------------------------------- /examples/secure_channel/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /examples/secure_channel/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/TA_cert/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/TA_cert/secgear-app1/config 61 | -------------------------------------------------------------------------------- /examples/secure_channel/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 7763a15a-0a9e-4e86-90cd-e4262583948a 2 | gpd.ta.service_name: secgear-app1 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: true 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 802816 7 | gpd.ta.stackSize: 1792 8 | gpd.ta.mem_page_align: true -------------------------------------------------------------------------------- /examples/secure_channel/sc_demo.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * CloudEnclave is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | include "stdbool.h" 15 | from "secure_channel.edl" import *; 16 | trusted { 17 | public int sec_chl_recv_client_data(size_t session_id, [in, size = data_len] uint8_t* data, size_t data_len); 18 | public int sec_chl_get_client_data_handle_result(size_t session_id, [out, size = 1024] uint8_t* data, 19 | [in, out] size_t *data_len); 20 | }; 21 | }; 22 | -------------------------------------------------------------------------------- /examples/secure_channel/usr_msg.h: -------------------------------------------------------------------------------- 1 | #ifndef USR_MSG_H 2 | #define USR_MSG_H 3 | 4 | #include 5 | 6 | typedef enum { 7 | MSG_TYPE_TEST, // 业务自己的消息 8 | MSG_TYPE_SEC_CHL_ESTABLISH, // 安全通道消息 9 | } usr_msg_type_t; 10 | 11 | typedef struct { 12 | usr_msg_type_t type; 13 | size_t session; 14 | size_t len; 15 | uint8_t data[0]; 16 | } usr_msg_t; 17 | 18 | int socket_write_adpt(void *conn, void *buf, size_t count) 19 | { 20 | int fd = *(int *)conn; 21 | size_t msg_len = sizeof(usr_msg_t) + count; 22 | usr_msg_t *msg = calloc(1, msg_len); 23 | if (msg == NULL) { 24 | return -1; 25 | } 26 | msg->type = MSG_TYPE_SEC_CHL_ESTABLISH; 27 | msg->len = count; 28 | memcpy(msg->data, buf, count); 29 | 30 | int ret = write(fd, (void *)msg, msg_len); 31 | free(msg); 32 | return ret; 33 | } 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /examples/switchless/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | 14 | -------------------------------------------------------------------------------- /examples/switchless/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | 13 | -------------------------------------------------------------------------------- /examples/switchless/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [signSecPrivateCfg] 2 | ;;; 3 | ;private key length for signing TA: 4 | ;[fixed value] 5 | ;256 ECDSA Alg 6 | ;2048/4096 RSA Alg 7 | secSignKeyLen = 4096 8 | ;;; 9 | ;[fixed value] 10 | ;0 means SHA256 hash type 11 | ;1 means SHA512 hash type 12 | secHashType = 0 13 | ;;; 14 | ; [fixed value] 15 | ;0 means padding type is pkcs1v15 16 | ;1 means padding type is PSS 17 | ;[fixed value] 18 | secPaddingType = 1 19 | ;;; 20 | ;[fixed value] 21 | ;RSA alg 22 | ;ECDSA alg 23 | ;SM2 alg 24 | secSignAlg = RSA 25 | ;;; 26 | ;public key for encrypt TA 27 | secEncryptKey = rsa_public_key_cloud.pem 28 | ;;; 29 | ;public key length 30 | secEncryptKeyLen = 3072 31 | 32 | [signSecPublicCfg] 33 | ;;; 34 | ;[fixed value] 35 | ; sec sign key type 36 | ;0 means debug 37 | ;1 means release 38 | secReleaseType = 1 39 | ;;; 40 | ;0 means TA not installed by OTRP 41 | ;1 means TA installed by OTRP 42 | secOtrpFlag = 0 43 | ;;; 44 | ;0 means not sign 45 | ;1 means signed by local private 46 | ;2 means signed using native sign tool; 47 | ;3 means signed by CI 48 | ;[fixed value] 49 | secSignType = 1 50 | ;;; 51 | ;server address for signing TA 52 | secSignServerIp = 53 | ;;; 54 | ;private key for signing TA 55 | ;[private key owned by yourself] 56 | secSignKey = /home/smliu/TA_cert/1225/private_key.pem 57 | ;;; 58 | ;config file 59 | ;[signed config file by Huawei] 60 | configPath = /home/smliu/TA_cert/1225/config 61 | -------------------------------------------------------------------------------- /examples/switchless/enclave/enclave.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include 14 | #include 15 | #include "switchless_t.h" 16 | 17 | #define TA_HELLO_WORLD "secgear hello world!" 18 | #define BUF_MAX 32 19 | int get_string(char *buf) 20 | { 21 | strncpy(buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); 22 | return 0; 23 | } 24 | 25 | int get_string_switchless(char *shared_buf) 26 | { 27 | strncpy(shared_buf, TA_HELLO_WORLD, strlen(TA_HELLO_WORLD) + 1); 28 | return 0; 29 | } 30 | 31 | -------------------------------------------------------------------------------- /examples/switchless/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: 92b56ae2-d3e2-4322-87ac-6a51f1824347 2 | gpd.ta.service_name: liusiming-icbc1 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: true 5 | gpd.ta.instanceKeepAlive: false 6 | gpd.ta.dataSize: 802816 7 | gpd.ta.stackSize: 1792 8 | gpd.ta.mem_page_align: true -------------------------------------------------------------------------------- /examples/switchless/switchless.edl: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | enclave { 14 | include "secgear_urts.h" 15 | from "secgear_tstdc.edl" import *; 16 | from "secgear_tswitchless.edl" import *; 17 | trusted { 18 | public int get_string([out, size=32]char *buf); 19 | public int get_string_switchless([out, size=32]char *buf) transition_using_threads; 20 | }; 21 | }; 22 | 23 | -------------------------------------------------------------------------------- /examples/switchless_performance/enclave/Enclave.config.xml: -------------------------------------------------------------------------------- 1 | 2 | 0 3 | 0 4 | 0x40000 5 | 0x100000 6 | 10 7 | 1 8 | 9 | 0 10 | 0 11 | 0xFFFFFFFF 12 | 13 | 14 | -------------------------------------------------------------------------------- /examples/switchless_performance/enclave/Enclave.lds: -------------------------------------------------------------------------------- 1 | enclave.so 2 | { 3 | global: 4 | g_global_data_sim; 5 | g_global_data; 6 | enclave_entry; 7 | g_peak_heap_used; 8 | local: 9 | *; 10 | }; 11 | 12 | 13 | -------------------------------------------------------------------------------- /examples/switchless_performance/enclave/config_cloud.ini: -------------------------------------------------------------------------------- 1 | [config] 2 | ;0 means debug 3 | ;1 means release 4 | ;[fixed value] 5 | releaseType = 1 6 | ;;; 7 | ;0 means TA not installed by OTRP 8 | ;1 means TA installed by OTRP 9 | otrpFlag = 0 10 | ;;; 11 | ;server address for signing TA 12 | serverIp= 13 | ;;; 14 | ;public key for encrypt TA 15 | ;[fixed value] 16 | encryptKey = rsa_public_key_cloud.pem 17 | ;;; 18 | ;public key length 19 | ;[fixed value] 20 | encryptKeyLen = 3072 21 | ;;; 22 | ;0 means not sign 23 | ;1 means signed by local private 24 | ;2 means signed using native sign tool; 25 | ;3 means signed by CI 26 | ;[fixed value] 27 | signType = 1 28 | ;;; 29 | ;private key for signing TA 30 | ;[private key owned by yourself] 31 | signKey = private_key.pem 32 | ;;; 33 | ;private key length for signing TA 34 | ;[key length should be 4096 for security enhance] 35 | signKeyLen = 4096 36 | ;;; 37 | ;0 means SHA256 hash type 38 | ;1 means SHA512 hash type 39 | ;[set value to 0 by default] 40 | hashType = 0 41 | ;;; 42 | ;0 means padding type is pkcs1v15 43 | ;1 means padding type is PSS 44 | ;[set value to 0 by default] 45 | paddingType = 0 46 | ;;; 47 | ;config file 48 | ;[signed config file by Huawei] 49 | configPath= config 50 | 51 | -------------------------------------------------------------------------------- /examples/switchless_performance/enclave/manifest.txt: -------------------------------------------------------------------------------- 1 | gpd.ta.appID: ebc87fc2-05dc-41b3-85b9-f9f0ef481bad 2 | gpd.ta.service_name:multi-core-ta 3 | gpd.ta.singleInstance: true 4 | gpd.ta.multiSession: true 5 | gpd.ta.instanceKeepAlive:false 6 | gpd.ta.dataSize: 8192000 7 | gpd.ta.stackSize: 7340032 8 | 9 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/caller.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _CALLER_H 14 | #define _CALLER_H 15 | void set_caller_ca_owner(); 16 | #endif 17 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/gp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef GP_H 14 | #define GP_H 15 | 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | 22 | #define CC_BUFFER_ALIGNMENT (2 * sizeof(void*)) 23 | #define TA_TEMPLATE_VERSION "SECGEAR_001" 24 | #define OE_UINT32_MAX (0xffffffffu) 25 | #define COUNT(ARR) (sizeof(ARR) / sizeof((ARR)[0])) 26 | enum 27 | { 28 | SECGEAR_ECALL_FUNCTION = 0, 29 | }; 30 | 31 | typedef cc_enclave_result_t (*cc_ecall_func_t)( 32 | const uint8_t *input_buffer, 33 | size_t input_buffer_size, 34 | uint8_t *output_buffer, 35 | size_t output_buffer_size, 36 | uint8_t *shared_buffer, 37 | size_t *output_bytes_written); 38 | 39 | typedef struct _ecall_table 40 | { 41 | const cc_ecall_func_t *ecalls; 42 | size_t num; 43 | } enclave_table_t; 44 | 45 | 46 | //extern const enclave_table_t ecalls_table[]; 47 | //extern const size_t ecalls_table_size; 48 | bool cc_is_within_enclave(const void *ptr, size_t sz); 49 | #endif 50 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/gp_ocall.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef GP_OCALL_H 14 | #define GP_OCALL_H 15 | 16 | #include 17 | #include 18 | #include "tee_agent.h" 19 | #include "status.h" 20 | #include "enclave.h" 21 | 22 | #ifndef TEE_SECE_AGENT_ID 23 | #define TEE_SECE_AGENT_ID 0x53656345 24 | #endif 25 | cc_enclave_result_t cc_ocall_enclave( 26 | size_t func_id, 27 | const void *in_buf, 28 | size_t in_buf_size, 29 | void *out_buf, 30 | size_t out_buf_size); 31 | #endif 32 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/bottom_memory_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _ITRUSTEE_MEMORY_CHECK_ 14 | #define _ITRUSTEE_MEMORY_CHECK_ 15 | #include 16 | #include 17 | #include 18 | #define MEMORY_CHECK_IN_FN(buffer, size) itrustee_memory_in_enclave(buffer, size) 19 | #define MEMORY_CHECK_OUT_FN(buffer, size) itrustee_memory_out_enclave(buffer, size) 20 | 21 | bool itrustee_memory_in_enclave(const void *buffer, uint32_t size); 22 | bool itrustee_memory_out_enclave(const void *buffer, uint32_t size); 23 | 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/cc_securec.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_CC_SECURE_H 14 | #define SECGEAR_CC_SECURE_H 15 | 16 | #include 17 | 18 | 19 | #endif //SECGEAR_CC_SECURE_H 20 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/error_conversion.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _ERROR_CONVERSION_ 14 | #define _ERROR_CONVERSION_ 15 | 16 | #include 17 | #include "status.h" 18 | 19 | 20 | cc_enclave_result_t conversion_res_status(uint32_t enclave_res); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/random_internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __SECGEAR_CEGENERATE_API_H 14 | #define __SECGEAR_CEGENERATE_API_H 15 | #include 16 | 17 | int _cc_generate_random(void * buffer, size_t size); 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/tee_agent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | /* to do itrustee support */ 14 | #ifndef TEE_AGENT_H 15 | #define TEE_AGENT_H 16 | #include 17 | #include "tee_defines.h" 18 | TEE_Result tee_agent_lock(uint32_t agent_id); 19 | TEE_Result tee_agent_unlock(uint32_t agent_id); 20 | TEE_Result tee_send_agent_cmd(uint32_t agent_id); 21 | TEE_Result tee_get_agent_buffer(uint32_t agent_id, void **buffer, uint32_t *length); 22 | 23 | #endif 24 | 25 | -------------------------------------------------------------------------------- /inc/enclave_inc/gp/itrustee/tee_trusted_storage.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | /* to do itrustee support */ 14 | 15 | #ifndef __TEE_TRUSTED_STORAGE_API_H 16 | #define __TEE_TRUSTED_STORAGE_API_H 17 | 18 | #include "tee_defines.h" 19 | TEE_Result TEE_AllocateTransientObject(uint32_t objectType, uint32_t maxObjectSize, TEE_ObjectHandle *object); 20 | 21 | void TEE_FreeTransientObject(TEE_ObjectHandle object); 22 | 23 | void TEE_ResetTransientObject(TEE_ObjectHandle object); 24 | 25 | TEE_Result TEE_PopulateTransientObject(TEE_ObjectHandle object, TEE_Attribute *attrs, uint32_t attrCount); 26 | 27 | void TEE_InitRefAttribute(TEE_Attribute *attr, uint32_t attributeID, void *buffer, size_t length); 28 | 29 | TEE_Result TEE_EXT_DeriveTARootKey(const uint8_t *salt, uint32_t size, uint8_t *key, uint32_t key_size); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /inc/enclave_inc/memory_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _SECGEAR_MEMORY_CHECK_ 14 | #define _SECGEAR_MEMORY_CHECK_ 15 | 16 | #include 17 | #include 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | 23 | bool cc_enclave_memory_in_enclave(const void *addr, size_t size); 24 | bool cc_enclave_memory_out_enclave(const void *addr, size_t size); 25 | 26 | #ifdef __cplusplus 27 | } 28 | #endif 29 | #endif 30 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/bottom_memory_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _PENGLAI_MEMORY_CHECK_ 14 | #define _PENGLAI_MEMORY_CHECK_ 15 | 16 | #include 17 | #include 18 | #include 19 | 20 | #define MEMORY_CHECK_IN_FN(buffer, size) penglai_memory_in_enclave(buffer, size) 21 | #define MEMORY_CHECK_OUT_FN(buffer, size) penglai_memory_out_enclave(buffer, size) 22 | 23 | bool penglai_memory_in_enclave(const void *buffer, size_t size); 24 | bool penglai_memory_out_enclave(const void *buffer, size_t size); 25 | 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/cc_securec.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_CC_SECURE_H 14 | #define SECGEAR_CC_SECURE_H 15 | 16 | //penglai not surport now 17 | 18 | #endif //SECGEAR_CC_SECURE_H 19 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/dataseal_internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _PENGLAI_SEAL_H_ 14 | #define _PENGLAI_SEAL_H_ 15 | 16 | #include 17 | #include 18 | 19 | #define SEAL_DATA_FN(in, inl, out, outl, aad, aadl) penglai_seal_data(in, inl, out, outl, aad, aadl) 20 | #define UNSEAL_DATA_FN(in, out, outl, aad, aadl) penglai_unseal_data(in, out, outl, aad, aadl) 21 | 22 | uint32_t get_sealed_data_size_ex(uint32_t seal_data_len, uint32_t aad_len); 23 | uint32_t get_encrypted_text_size_ex(const void *sealed_data); 24 | uint32_t get_add_text_size_ex(const void *sealed_data); 25 | 26 | uint32_t penglai_seal_data(uint8_t *seal_data, uint32_t seal_data_len, void *sealed_data, 27 | uint32_t sealed_data_len, uint8_t *mac_data, uint32_t mac_data_len); 28 | uint32_t penglai_unseal_data(void *sealed_data, uint8_t *decrypted_data, uint32_t *decrypted_data_len, 29 | uint8_t *mac_data, uint32_t *mac_data_len); 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/error_conversion.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __PENGLAI_ERROR_CONVERSION_ 14 | #define __PENGLAI_ERROR_CONVERSION_ 15 | 16 | #include 17 | #include "status.h" 18 | 19 | 20 | cc_enclave_result_t conversion_res_status(uint32_t enclave_res); 21 | 22 | #endif 23 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/penglai.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. Modification to support Penglai (RISC-V TEE) 3 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 4 | * secGear is licensed under the Mulan PSL v2. 5 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 6 | * You may obtain a copy of Mulan PSL v2 at: 7 | * http://license.coscl.org.cn/MulanPSL2 8 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 9 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 10 | * PURPOSE. 11 | * See the Mulan PSL v2 for more details. 12 | */ 13 | 14 | #ifndef PENGLAI_H 15 | #define PENGLAI_H 16 | 17 | #include 18 | 19 | typedef cc_enclave_result_t (*cc_ecall_func_t)( 20 | const uint8_t *input_buffer, 21 | size_t input_buffer_size, 22 | uint8_t *output_buffer, 23 | size_t output_buffer_size, 24 | size_t *output_bytes_written); 25 | 26 | typedef struct _ecall_table 27 | { 28 | const cc_ecall_func_t *ecalls; 29 | size_t num; 30 | } enclave_table_t; 31 | 32 | #endif -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/penglai_ocall.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef PENGLAI_OCALL_H 14 | #define PENGLAI_OCALL_H 15 | 16 | #include 17 | #include 18 | #include "status.h" 19 | #include "enclave.h" 20 | 21 | #define OCALL_USER_DEFINED 4 22 | 23 | /* New struct used to hint the in | out buf size. */ 24 | typedef struct _untrusted_mem_info_t 25 | { 26 | uint8_t fid; 27 | size_t in_buf_size; 28 | size_t out_buf_size; 29 | } untrusted_mem_info_t; 30 | 31 | cc_enclave_result_t cc_ocall_enclave( 32 | size_t func_id, 33 | const void *in_buf, 34 | size_t in_buf_size, 35 | void *out_buf, 36 | size_t out_buf_size); 37 | #endif 38 | -------------------------------------------------------------------------------- /inc/enclave_inc/penglai/random_internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __PENGLAI_CEGENERATE_API_H 14 | #define __PENGLAI_CEGENERATE_API_H 15 | #include 16 | #include 17 | 18 | int _cc_generate_random(void * buffer, size_t size); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /inc/enclave_inc/secgear_random.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __SECGEAR_GENERATE_API_H 14 | #define __SECGEAR_GENERATE_API_H 15 | 16 | #include 17 | #include 18 | #include "status.h" 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | cc_enclave_result_t cc_enclave_generate_random(void * buffer, size_t size); 23 | 24 | #ifdef __cplusplus 25 | } 26 | #endif 27 | #endif 28 | -------------------------------------------------------------------------------- /inc/enclave_inc/sgx/bottom_memory_check.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef _BOTTOM_MEMORY_CHECK_ 14 | #define _BOTTOM_MEMORY_CHECK_ 15 | 16 | #include "sgx_trts.h" 17 | #include 18 | #include 19 | 20 | #define MEMORY_CHECK_IN_FN(buffer, size) sgx_memory_in_enclave(buffer, size) 21 | #define MEMORY_CHECK_OUT_FN(buffer, size) sgx_memory_out_enclave(buffer, size) 22 | 23 | bool sgx_memory_in_enclave(const void *buffer, size_t size); 24 | bool sgx_memory_out_enclave(const void *buffer, size_t size); 25 | 26 | 27 | #endif 28 | -------------------------------------------------------------------------------- /inc/enclave_inc/sgx/cc_securec.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_CC_SECURE_H 14 | #define SECGEAR_CC_SECURE_H 15 | 16 | #include 17 | 18 | 19 | #endif //SECGEAR_CC_SECURE_H 20 | -------------------------------------------------------------------------------- /inc/enclave_inc/sgx/error_conversion.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #ifndef __SGX_ERROR_CONVERSION_ 13 | #define __SGX_ERROR_CONVERSION_ 14 | #include "status.h" 15 | #include 16 | #include "sgx_error.h" 17 | 18 | 19 | cc_enclave_result_t conversion_res_status(uint32_t enclave_res); 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /inc/enclave_inc/sgx/random_internal.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __SGX_CEGENERATE_API_H 14 | #define __SGX_CEGENERATE_API_H 15 | #include 16 | #include 17 | 18 | int _cc_generate_random(void * buffer, size_t size); 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /inc/enclave_inc/sgx/secgear_log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_SECGEAR_LOG_H 14 | #define SECGEAR_SECGEAR_LOG_H 15 | 16 | #endif //SECGEAR_SECGEAR_LOG_H 17 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_pthread.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_tkey_exchange.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_tprotected_fs.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_tssl.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_tstdc.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_tswitchless.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/gp/secgear_urts.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 14 | 15 | #ifndef _SECGEAR_URTS_H_ 16 | #define _SECGEAR_URTS_H_ 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /inc/host_inc/ocall_log.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SGX_LOG_H_ 14 | #define SGX_LOG_H_ 15 | 16 | # ifdef __cplusplus 17 | extern "C" { 18 | # endif 19 | 20 | void cc_enclave_PrintInfo(const char *str); 21 | 22 | # ifdef __cplusplus 23 | } 24 | # endif 25 | 26 | #endif 27 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_pthread.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_tkey_exchange.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_tprotected_fs.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_tssl.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_tstdc.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_tswitchless.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 2 | enclave { 3 | }; 4 | -------------------------------------------------------------------------------- /inc/host_inc/penglai/secgear_urts.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | // To do: develop key libraries of secGear version, to be compatible with Penglai. 14 | 15 | #ifndef _SECGEAR_URTS_H_ 16 | #define _SECGEAR_URTS_H_ 17 | 18 | #endif 19 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_pthread.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | from "sgx_pthread.edl" import *; 4 | }; 5 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_tkey_exchange.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | from "sgx_tkey_exchange.edl" import *; 4 | }; 5 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_tprotected_fs.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | from "sgx_tprotected_fs.edl" import *; 4 | }; 5 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_tssl.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | from "sgx_tsgxssl.edl" import *; 4 | }; 5 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_tstdc.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | from "sgx_tstdc.edl" import *; 4 | }; 5 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_tswitchless.edl: -------------------------------------------------------------------------------- 1 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 2 | enclave { 3 | include "sgx_error.h" 4 | include "sgx_edger8r.h" 5 | from "sgx_tswitchless.edl" import *; 6 | }; 7 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/secgear_urts.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | // To do: develop key libraries of secGear version, to be compatible with SGX and GP. 14 | 15 | #ifndef _SECGEAR_URTS_H_ 16 | #define _SECGEAR_URTS_H_ 17 | 18 | #define SGX_CDECL 19 | 20 | #endif 21 | -------------------------------------------------------------------------------- /inc/host_inc/sgx/sgx_enclave.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef FINAL_SECGEAR_SGX_ENCALVE_H 14 | #define FINAL_SECGEAR_SGX_ENCALVE_H 15 | 16 | #define _CESGX_SWITCHLESS_FEATURES 0x00000001u 17 | #define _CESGX_PROTECTED_CODE_LOADER_FEATURES 0x00000002u 18 | 19 | /* This header file is placed in inc/sgx to allow users to 20 | * invoke features supported by specific enclave, such as 21 | * plc switchless, which are only meaningful for sgx. 22 | */ 23 | 24 | 25 | typedef struct _sgx_plc_config { 26 | uint32_t len; 27 | char *path; 28 | } cesgx_plc_config_t; 29 | 30 | typedef struct _sgx_switch_config { 31 | uint32_t host_worker; 32 | uint32_t enclave_worker; 33 | } cesgx_switch_config_t; 34 | 35 | #endif //FINAL_SECGEAR_SGX_ENCALVE_H 36 | -------------------------------------------------------------------------------- /install_manifest.txt: -------------------------------------------------------------------------------- 1 | /etc/logrotate.d/secgear 2 | /etc/rsyslog.d/secgear.conf 3 | /lib/secGear 4 | /usr/bin/sign_tool.sh 5 | /usr/bin/codegen 6 | /usr/include/secGear 7 | /usr/lib64/libsecgear_tee.a 8 | /usr/lib64/libsecgear.so 9 | /usr/lib64/libsecgearsim.so 10 | /usr/lib64/libgp_0.so 11 | /usr/lib64/libtsecure_channel.a 12 | /usr/lib64/libusecure_channel.so 13 | /usr/lib64/libcsecure_channel.so 14 | -------------------------------------------------------------------------------- /service/attestation/.gitignore: -------------------------------------------------------------------------------- 1 | .vscode 2 | target 3 | -------------------------------------------------------------------------------- /service/attestation/attestation-agent/Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | resolver = "2" 3 | members = ["agent", "attester", "token"] 4 | 5 | [workspace.dependencies] 6 | anyhow = "1.0" 7 | config = "0.14.0" 8 | serde = { version = "1.0", features = ["derive"] } 9 | serde_json = "1.0" 10 | rand = "0.8.5" 11 | base64-url = "3.0.0" 12 | async-trait = "0.1.78" 13 | tokio = { version = "1.0", features = ["rt"] } 14 | log = "0.4.14" 15 | env_logger = "0.9" 16 | safer-ffi = { version = "0.1.8", features = ["alloc"] } 17 | futures = "0.3.30" 18 | reqwest = { version = "0.12", features = ["cookies", "json"] } 19 | jsonwebtoken = "9.3.0" 20 | thiserror = "1.0" 21 | actix-web = "4.5" 22 | clap = { version = "4.5.7", features = ["derive"] } 23 | scc = "2.1" 24 | 25 | verifier = { path = "../attestation-service/verifier", default-features = false } 26 | attestation-types = { path = "../attestation-types" } 27 | -------------------------------------------------------------------------------- /service/attestation/attestation-agent/README.md: -------------------------------------------------------------------------------- 1 | # Attestation Agent 2 | The Attestation Agent is deployed on the TEE node, provide get_evidence, get_token, verify_evidece interface, etc. 3 | 4 | # Overview 5 | TODO 6 | -------------------------------------------------------------------------------- /service/attestation/attestation-agent/agent/attestation-agent.conf: -------------------------------------------------------------------------------- 1 | { 2 | "svr_url": "http://127.0.0.1:8080", 3 | "token_cfg": { 4 | "cert": "/etc/attestation/attestation-agent/as_cert.pem", 5 | "iss": "oeas" 6 | }, 7 | "protocal": { 8 | "Http": { 9 | "protocal": "http" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /service/attestation/attestation-agent/agent/src/bin/generate-headers/main.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | fn main() -> ::std::io::Result<()> { 13 | attestation_agent::generate_headers() 14 | } 15 | -------------------------------------------------------------------------------- /service/attestation/attestation-agent/attester/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attester" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [features] 7 | itrustee-attester = ["base64-url", "rand"] 8 | virtcca-attester = ["base64-url"] 9 | 10 | [dependencies] 11 | anyhow.workspace = true 12 | serde.workspace = true 13 | serde_json.workspace = true 14 | rand = { workspace = true, optional = true } 15 | base64-url = { workspace = true, optional = true } 16 | async-trait.workspace = true 17 | log.workspace = true 18 | attestation-types.workspace = true 19 | -------------------------------------------------------------------------------- /service/attestation/attestation-agent/token/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "token_verifier" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | jsonwebtoken.workspace = true 10 | serde.workspace = true 11 | serde_json.workspace = true 12 | anyhow.workspace = true 13 | attestation-types.workspace = true 14 | thiserror.workspace = true 15 | -------------------------------------------------------------------------------- /service/attestation/attestation-client/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attestation-client" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | async-trait = "0.1.85" 10 | clap = { version = "4.5.24", features = ["derive", "std"] } 11 | reqwest = { version = "0.12.5", features = ["blocking", "cookies", "json"] } 12 | thiserror = "2.0.10" 13 | http = "1.2.0" 14 | tokio = { version = "1.43.0", features = ["full"] } 15 | attestation-types = { path = "../attestation-types" } 16 | serde_json = "1.0.135" 17 | -------------------------------------------------------------------------------- /service/attestation/attestation-client/src/common.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | use reqwest::Response; 14 | 15 | pub(crate) async fn response_display(resp: Response) { 16 | if !resp.status().is_success() { 17 | println!("{:?}", resp); 18 | } 19 | let txt = resp.text().await.unwrap(); 20 | if !txt.is_empty() { 21 | println!("{}", txt); 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /service/attestation/attestation-client/src/error.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | use thiserror::Error; 13 | 14 | pub type Result = std::result::Result; 15 | 16 | #[derive(Error, Debug)] 17 | #[non_exhaustive] 18 | pub enum ClientError { 19 | #[error("reqwest error: {0}")] 20 | ReqwestError(#[from] reqwest::Error), 21 | } 22 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | resolver = "2" 3 | members = ["service", "verifier", "token", "reference", "policy", "tests"] 4 | 5 | [workspace.dependencies] 6 | anyhow = "1.0.80" 7 | serde = "1.0" 8 | serde_json = "1.0" 9 | async-trait = "0.1.78" 10 | async-recursion = "1.1.1" 11 | cose-rust = "0.1.7" 12 | ciborium = "0.2.2" 13 | hex = "0.4" 14 | openssl = "0.10.64" 15 | log = "0.4.14" 16 | futures = "0.3.30" 17 | rand = "0.8.5" 18 | ima-measurements = "0.2.0" 19 | fallible-iterator = "0.2.0" 20 | 21 | actix-web = { version = "4.5.0", features = ["openssl"] } 22 | actix-web-httpauth = "0.8.2" 23 | env_logger = "0.9" 24 | tokio = { version = "1", features = ["full"] } 25 | strum = { version = "0.25", features = ["derive"] } 26 | thiserror = "1.0" 27 | base64-url = "3.0.0" 28 | base64 = "0.22.0" 29 | jsonwebtoken = "9.3.0" 30 | clap = { version = "4.5.7", features = ["derive"] } 31 | regorus = "0.2.2" 32 | sled = "0.34.7" 33 | lazy_static = "1.5.0" 34 | uuid = { version = "1.2.2", features = ["serde", "v4"] } 35 | scc = "2.1" 36 | 37 | attestation-types = { path = "../attestation-types" } 38 | ear = "0.1.1" 39 | ccatoken = "0.1.0" 40 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/README.md: -------------------------------------------------------------------------------- 1 | # Attestation Service 2 | The Attestation Service verifies hardware TEE evidence. 3 | The first phase aims to support Kunpeng Trustzone, virtCCA and QingTian Enclave. In the future, it will support ARM CCA, Intel TDX, Hygon CSV etc. 4 | 5 | # Quick Start 6 | ## Start Attestation Service quickly 7 | update repository source config 8 | ``` 9 | vim /etc/yum.repos.d/openEuler.repo 10 | [everything] 11 | name=everything 12 | baseurl=https://repo.openeuler.org/openEuler-24.09/everything/aarch64/ 13 | enabled=1 14 | gpgcheck=0 15 | 16 | //run service in current host like this, initialize environment automatically 17 | ./as_startup.sh 18 | 19 | //or in docker and specified ip:port 20 | ./as_startup.sh -t docker -l 127.0.0.1:8080 21 | ``` 22 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/policy/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "policy" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | regorus.workspace = true 10 | base64.workspace = true 11 | tokio.workspace = true 12 | futures.workspace = true 13 | async-trait.workspace = true 14 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/policy/src/opa/default_itrustee.rego: -------------------------------------------------------------------------------- 1 | # if create a new rego file, "output" should exist, 2 | # package name should be "attestation" 3 | package attestation 4 | import rego.v1 5 | expect_keys := ["itrustee.ta_img", "itrustee.ta_mem"] 6 | input_keys := object.keys(input) 7 | output[exist] := input[exist] if { 8 | some exist in expect_keys 9 | exist in input_keys 10 | } 11 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/policy/src/opa/default_vcca.rego: -------------------------------------------------------------------------------- 1 | # if create a new rego file, "output" should exist, 2 | # package name should be "attestation" 3 | package attestation 4 | import rego.v1 5 | expect_keys := ["vcca.cvm.rim"] 6 | input_keys := object.keys(input) 7 | output[exist] := input[exist] if { 8 | some exist in expect_keys 9 | exist in input_keys 10 | } 11 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/reference/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "reference" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | serde.workspace = true 10 | serde_json.workspace = true 11 | rand.workspace = true 12 | base64.workspace = true 13 | sled.workspace = true 14 | openssl.workspace = true 15 | hex.workspace = true 16 | lazy_static.workspace = true 17 | thiserror.workspace = true 18 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/reference/src/extractor/mod.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | use crate::reference::Ref; 13 | use serde_json::Value; 14 | pub struct Extractor {} 15 | impl Extractor { 16 | pub fn split(ref_set: &String) -> Option> { 17 | // expect ref_set as a json string, like follow: 18 | // {"refname1":xx,"refname2":yy} 19 | let mut ret: Vec = vec![]; 20 | let refs: Value = serde_json::from_str(ref_set.as_str()).ok()?; 21 | for (key, val) in refs.as_object().unwrap() { 22 | let ref_obj = Ref { 23 | name: key.clone(), 24 | value: val.clone(), 25 | }; 26 | ret.push(ref_obj); 27 | } 28 | Some(ret) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/reference/src/store/mod.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #[derive(Debug, PartialEq)] 13 | pub enum KvError { 14 | Err(String), 15 | } 16 | impl std::fmt::Display for KvError { 17 | fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { 18 | match self { 19 | KvError::Err(msg) => write!(f, "kv store error:{}", msg), 20 | } 21 | } 22 | } 23 | impl std::error::Error for KvError {} 24 | pub trait KvStore { 25 | fn write(&mut self, key: &str, value: &[u8]) -> Result<(), KvError>; 26 | fn read(&mut self, key: &str) -> Option>; 27 | fn delete(&mut self, key: &str) -> Result<(), KvError>; 28 | } 29 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/service/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attestation-service" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | anyhow.workspace = true 8 | serde.workspace = true 9 | hex.workspace = true 10 | serde_json.workspace = true 11 | 12 | actix-web.workspace = true 13 | actix-web-httpauth.workspace = true 14 | env_logger.workspace = true 15 | tokio.workspace = true 16 | log.workspace = true 17 | base64-url.workspace = true 18 | base64.workspace = true 19 | 20 | verifier = { path = "../verifier" } 21 | token_signer = { path = "../token" } 22 | reference = { path = "../reference" } 23 | policy = { path = "../policy" } 24 | strum.workspace = true 25 | thiserror.workspace = true 26 | clap.workspace = true 27 | uuid.workspace = true 28 | rand.workspace = true 29 | scc.workspace = true 30 | attestation-types.workspace = true 31 | openssl.workspace = true 32 | futures.workspace = true 33 | 34 | [features] 35 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/service/attestation-service.conf: -------------------------------------------------------------------------------- 1 | { 2 | "token_cfg": { 3 | "key": "/etc/attestation/attestation-service/token/private.pem", 4 | "iss": "oeas", 5 | "nbf": 0, 6 | "valid_duration": 300, 7 | "alg": "PS256" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/service/src/restapi/resource/mod.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | pub mod policy; 14 | pub mod storage; 15 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/tests/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "tests" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | serde_json = "1.0.116" 8 | reqwest = { version = "0.12.5", features = ["blocking"] } 9 | rand = "0.8.5" 10 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/token/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "token_signer" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | jsonwebtoken.workspace = true 10 | serde.workspace = true 11 | serde_json.workspace = true 12 | anyhow.workspace = true 13 | attestation-types.workspace = true 14 | thiserror.workspace = true 15 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/verifier/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verifier" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | anyhow.workspace = true 8 | serde.workspace = true 9 | serde_json.workspace = true 10 | async-trait.workspace = true 11 | cose-rust.workspace = true 12 | ciborium.workspace = true 13 | hex.workspace = true 14 | openssl.workspace = true 15 | log.workspace = true 16 | ima-measurements.workspace = true 17 | rand.workspace = true 18 | fallible-iterator.workspace = true 19 | attestation-types.workspace = true 20 | ccatoken.workspace = true 21 | ear.workspace = true 22 | base64-url.workspace = true 23 | 24 | [dev-dependencies] 25 | 26 | [features] 27 | default = ["itrustee-verifier", "virtcca-verifier"] 28 | itrustee-verifier = [] 29 | virtcca-verifier = [] 30 | rustcca-verifier = [] 31 | no_as = [] 32 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/verifier/test_data/cca-token-01.cbor: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/attestation-service/verifier/test_data/cca-token-01.cbor -------------------------------------------------------------------------------- /service/attestation/attestation-service/verifier/test_data/cca-token-02.cbor: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/attestation-service/verifier/test_data/cca-token-02.cbor -------------------------------------------------------------------------------- /service/attestation/attestation-service/verifier/test_data/cpak.json: -------------------------------------------------------------------------------- 1 | { 2 | "crv": "P-384", 3 | "kty": "EC", 4 | "x": "IShnxS4rlQiwpCCpBWDzlNLfqiG911FP8akBr-fh94uxHU5m-Kijivp2r2oxxN6M", 5 | "y": "hM4tr8mWQli1P61xh3T0ViDREbF26DGOEYfbAjWjGNN7pZf-6A4OTHYqEryz6m7U" 6 | } 7 | -------------------------------------------------------------------------------- /service/attestation/attestation-service/verifier/test_data/virtcca_aik_cert.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/attestation-service/verifier/test_data/virtcca_aik_cert.der -------------------------------------------------------------------------------- /service/attestation/attestation-types/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "attestation-types" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | serde = { version = "1.0", features = ["derive"] } 8 | serde_json = "1.0" 9 | regorus = "0.2.8" 10 | base64 = "0.22.1" 11 | tokio = { version = "1.43.0", features = ["full"] } 12 | futures = "0.3.31" 13 | async-trait = "0.1.85" 14 | async-recursion = "1.1.1" 15 | anyhow = "1.0.95" 16 | thiserror = "2.0.10" 17 | log = "0.4.22" 18 | -------------------------------------------------------------------------------- /service/attestation/attestation-types/src/resource/policy/opa/virtcca.rego: -------------------------------------------------------------------------------- 1 | # The naming scheme of package is ".". 2 | # 3 | # The policy location of the corresponding policy file should be "/.rego". 4 | # 5 | 6 | package oeas.virtcca 7 | 8 | default allow = false 9 | 10 | allow { 11 | input["tee"] == "vcca" 12 | } -------------------------------------------------------------------------------- /service/attestation/attestation-types/src/resource/utils.rs: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2024. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | use crate::resource::error::Result; 14 | use async_recursion::async_recursion; 15 | use std::path::PathBuf; 16 | 17 | #[async_recursion(Sync)] 18 | pub(crate) async fn traverse_regular_file(base: &PathBuf) -> Result> { 19 | let mut entries = tokio::fs::read_dir(base).await?; 20 | let mut ret: Vec = vec![]; 21 | while let Some(entry) = entries.next_entry().await? { 22 | let path = entry.path(); 23 | if path.is_dir() { 24 | let mut parts = traverse_regular_file(&path).await?; 25 | ret.append(&mut parts); 26 | } else if path.is_file() { 27 | ret.push(path); 28 | } 29 | } 30 | 31 | Ok(ret) 32 | } 33 | -------------------------------------------------------------------------------- /service/attestation/oeas/README.md: -------------------------------------------------------------------------------- 1 | # openEuler Attestation Service(OEAS) 2 | openEuler Attestation Service(OEAS) Documents and Tools 3 | 4 | ## Web Document 5 | 6 | [Web Document](./docs/oeas_web.md) 7 | 8 | ## API Document 9 | 10 | [API Document](./docs/oeas_api.md) 11 | 12 | ## Tools 13 | 14 | > 工具均在tools目录下 15 | 16 | [get_attestation](./docs/tools_get_attestation.md): 脚本能够一键获取OEAS的证书、Attestation Token、资源内容。 17 | 18 | -------------------------------------------------------------------------------- /service/attestation/oeas/docs/policy.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/docs/policy.md -------------------------------------------------------------------------------- /service/attestation/oeas/docs/templates/your_policy_name.rego: -------------------------------------------------------------------------------- 1 | package attestation 2 | import rego.v1 3 | 4 | expect_keys := ["vcca.cvm.rim"] 5 | input_keys := object.keys(input) 6 | 7 | output[exist] := input[exist] if { 8 | some exist in expect_keys 9 | exist in input_keys 10 | } 11 | -------------------------------------------------------------------------------- /service/attestation/oeas/docs/templates/your_ref_name.json: -------------------------------------------------------------------------------- 1 | { 2 | "ref_name1":"ref_content1", 3 | "ref_name2":"ref_content2", 4 | "ref_name3":"ref_content3", 5 | "ref_name4":"ref_content4", 6 | "ref_name5":"ref_content5" 7 | } -------------------------------------------------------------------------------- /service/attestation/oeas/docs/templates/your_res_policy_name.rego: -------------------------------------------------------------------------------- 1 | package oeas.virtcca 2 | 3 | default allow = false 4 | 5 | allow { 6 | input["tee"] == "vcca" 7 | } -------------------------------------------------------------------------------- /service/attestation/oeas/service/Dockerfile_aarch64: -------------------------------------------------------------------------------- 1 | ARG BASE_IMAGE 2 | FROM ${BASE_IMAGE} 3 | 4 | WORKDIR /opt/attestation 5 | 6 | RUN dnf install -y python3-pip openssl shadow kunpengsecl-attester \ 7 | secGear-as virtCCA_sdk virtCCA_sdk-devel itrustee_sdk itrustee_sdk-devel \ 8 | rust cargo rust-packaging kunpengsecl-attester && \ 9 | pip3 config set global.index-url https://mirrors.huaweicloud.com/repository/pypi/simple && \ 10 | pip3 install supervisor pyjwt requests flask gunicorn gunicorn[gevent] toml && \ 11 | cp -r /etc/attestation/* ./ && \ 12 | mkdir -p /opt/attestation/attestation-service/verifier/virtcca && \ 13 | mkdir -p /opt/attestation/attestation-service/token && \ 14 | mkdir -p /opt/attestation/conf && \ 15 | mkdir -p /opt/attestation/logs && \ 16 | dnf clean all && \ 17 | rm -rf /var/cache/yum/* && \ 18 | rm -rf /root/.cache/pip/* 19 | 20 | COPY ./conf ./conf 21 | 22 | RUN mv ./conf/Huawei* /opt/attestation/attestation-service/verifier/virtcca/ && \ 23 | groupadd -g 1000 oeas && \ 24 | useradd -m -u 1000 -g 1000 oeas && \ 25 | chmod +x /opt/attestation/start.sh && \ 26 | chmod +x /usr/local/bin/attestation-service && \ 27 | yes | cp -r /opt/attestation /etc && \ 28 | chown -R oeas:oeas /opt/attestation && \ 29 | chown -R oeas:oeas /etc/attestation 30 | 31 | # 最终切换用户 32 | USER oeas 33 | WORKDIR /etc/attestation 34 | 35 | ENTRYPOINT ["/opt/attestation/start.sh"] -------------------------------------------------------------------------------- /service/attestation/oeas/service/conf/attestation-agent.conf: -------------------------------------------------------------------------------- 1 | { 2 | "svr_url": "https://www.openeuler.org/api/v1/oeas", 3 | "token_cfg": { 4 | "cert": "/etc/attestation/attestation-agent/as_cert.pem", 5 | "iss": "oeas" 6 | }, 7 | "protocal": { 8 | "Http": { 9 | "protocal":"https" 10 | } 11 | } 12 | } -------------------------------------------------------------------------------- /service/attestation/oeas/service/conf/attestation-service.conf: -------------------------------------------------------------------------------- 1 | { 2 | "token_cfg": { 3 | "key": "/etc/attestation/attestation-service/token/private.pem", 4 | "iss": "oeas", 5 | "nbf": 0, 6 | "valid_duration": 300, 7 | "alg": "PS256" 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /service/attestation/oeas/service/conf/oeas.toml: -------------------------------------------------------------------------------- 1 | # oeas config 2 | # 如需自定义配置,请将自定义文件挂载至目录/vault/secrets/oeas.toml 3 | # 如需使用https启动,请将证书文件挂载至目录/vault/secrets/server.key 和 /vault/secrets/server.crt 4 | 5 | # 正式地址 6 | [openeuler] 7 | auth_url = "https://omapi.osinfra.cn/oneid/user/checkPermission" 8 | token_url = "https://oneid-workbench-service.openeuler-oneid-workbench.svc.cluster.local:8080/oneid-workbench/openapi/token/check" 9 | 10 | # secgear地址 11 | [secgear] 12 | secgear_as_url = "http://127.0.0.1:8080" 13 | -------------------------------------------------------------------------------- /service/attestation/oeas/service/conf/supervisord-https.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=true 3 | user=oeas 4 | logfile=/etc/attestation/logs/supervisord.log 5 | 6 | [inet_http_server] 7 | port=127.0.0.1:9001 8 | 9 | [supervisorctl] 10 | serverurl=http://127.0.0.1:9001 11 | 12 | [rpcinterface:supervisor] 13 | supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface 14 | 15 | [program:attestation-service] 16 | command=attestation-service -s 0.0.0.0:8080 17 | user=oeas 18 | directory=/etc/attestation/conf 19 | stdout_logfile=/etc/attestation/logs/attestation-service.out.log 20 | stderr_logfile=/etc/attestation/logs/attestation-service.err.log 21 | 22 | [program:authentication-module] 23 | command=gunicorn -k gevent -w 4 -b 0.0.0.0:5000 --keyfile=/etc/attestation/attestation-service/token/private.pem --certfile=/etc/attestation/attestation-service/token/as_cert.pem oeas_authentication:app 24 | user=oeas 25 | directory=/etc/attestation/conf 26 | stdout_logfile=/etc/attestation/logs/authentication-module.out.log 27 | stderr_logfile=/etc/attestation/logs/authentication-module.err.log 28 | -------------------------------------------------------------------------------- /service/attestation/oeas/service/conf/supervisord.conf: -------------------------------------------------------------------------------- 1 | [supervisord] 2 | nodaemon=true 3 | user=oeas 4 | logfile=/etc/attestation/logs/supervisord.log 5 | 6 | [inet_http_server] 7 | port=127.0.0.1:9001 8 | 9 | [supervisorctl] 10 | serverurl=http://127.0.0.1:9001 11 | 12 | [rpcinterface:supervisor] 13 | supervisor.rpcinterface_factory=supervisor.rpcinterface:make_main_rpcinterface 14 | 15 | [program:attestation-service] 16 | command=attestation-service -s 0.0.0.0:8080 17 | user=oeas 18 | directory=/etc/attestation/conf 19 | stdout_logfile=/etc/attestation/logs/attestation-service.out.log 20 | stderr_logfile=/etc/attestation/logs/attestation-service.err.log 21 | 22 | [program:authentication-module] 23 | command=gunicorn -k gevent -w 4 -b 0.0.0.0:5000 oeas_authentication:app 24 | user=oeas 25 | directory=/etc/attestation/conf 26 | stdout_logfile=/etc/attestation/logs/authentication-module.out.log 27 | stderr_logfile=/etc/attestation/logs/authentication-module.err.log 28 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/.env.development: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/.env.development -------------------------------------------------------------------------------- /service/attestation/oeas/website/.env.production: -------------------------------------------------------------------------------- 1 | VITE_COOKIE_DOMAIN = .openeuler.org 2 | 3 | VITE_LOGIN_ORIGIN = https://id.openeuler.org 4 | VITE_MESSAGE_CENTER_URL = https://message-center.openeuler.org 5 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | pnpm-debug.log* 8 | lerna-debug.log* 9 | 10 | node_modules 11 | dist 12 | dist-ssr 13 | *.local 14 | 15 | # Editor directories and files 16 | .vscode/* 17 | !.vscode/extensions.json 18 | .idea 19 | .DS_Store 20 | *.suo 21 | *.ntvs* 22 | *.njsproj 23 | *.sln 24 | *.sw? 25 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "printWidth": 160, 3 | "useTabs": false, 4 | "singleQuote": true, 5 | "tabWidth": 2, 6 | "semi": true, 7 | "trailingComma": "es5", 8 | "arrowParens": "always", 9 | "jsxBracketSameLine": false 10 | } 11 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/README.md: -------------------------------------------------------------------------------- 1 | # Vue 3 + TypeScript + Vite 2 | 3 | This template should help get you started developing with Vue 3 and TypeScript in Vite. The template uses Vue 3 ` 12 | 13 | 14 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "openeuler-sec-gear", 3 | "private": true, 4 | "version": "0.0.1", 5 | "type": "module", 6 | "scripts": { 7 | "dev": "vite", 8 | "build": "vue-tsc -b && vite build", 9 | "preview": "vite preview" 10 | }, 11 | "pnpm": { 12 | "overrides": { 13 | "@babel/runtime": "7.26.10" 14 | } 15 | }, 16 | "dependencies": { 17 | "@opensig/opendesign": "0.0.68", 18 | "@vueuse/core": "12.5.0", 19 | "axios": "1.8.2", 20 | "pinia": "2.3.1", 21 | "vue": "3.5.13", 22 | "vue-router": "4.5.0" 23 | }, 24 | "devDependencies": { 25 | "@types/node": "22.13.1", 26 | "@vitejs/plugin-vue": "5.2.1", 27 | "@vue/tsconfig": "0.7.0", 28 | "sass": "1.84.0", 29 | "typescript": "5.7.2", 30 | "unplugin-icons": "22.0.0", 31 | "vite": "6.1.0", 32 | "vue-tsc": "2.2.0" 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/public/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/public/favicon.ico -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/@types/type-components.ts: -------------------------------------------------------------------------------- 1 | // nav 项 2 | export interface NavOptionT { 3 | id: string; 4 | label: T; 5 | path: T; 6 | children?: NavOptionT[]; 7 | } 8 | 9 | // tab 项 10 | export interface TabOptionT { 11 | label: LabelT; 12 | value: ValueT; 13 | } 14 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/@types/type-user.ts: -------------------------------------------------------------------------------- 1 | export interface UserInfoT { 2 | aigcPrivacyAccepted: string; // 接受aigc隐私政策时间 3 | email?: string; // 邮箱 4 | photo: string; // 头像 5 | username: string; // 用户名 6 | } 7 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/atom-logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/atom-logo.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/bilibili.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/bilibili.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/bilibili_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/bilibili_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/code-xzs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/code-xzs.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/code-zgz-2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/code-zgz-2.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/code-zgz.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/code-zgz.jpg -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/code-zgz.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/code-zgz.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/csdn.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/csdn.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/csdn_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/csdn_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/footer-bg-mo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/footer-bg-mo.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/footer-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/footer-bg.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/footer-bg1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/footer-bg1.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/footer-logo1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/footer-logo1.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/footer-logo2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/footer-logo2.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/img-gzh.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/img-gzh.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/img-xzs.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/img-xzs.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/infoq.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/infoq.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/juejin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/juejin.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/juejin_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/juejin_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/linkdin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/linkdin.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/linkdin_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/linkdin_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/oschina.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/oschina.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/oschina_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/oschina_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/reddit-square.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/reddit-square.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/reddit-square_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/reddit-square_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/toutiao.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/toutiao.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/toutiao_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/toutiao_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/x.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/x_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/x_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/youtube.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/youtube.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/footer/youtube_hover.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/footer/youtube_hover.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/illustrations/404.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/illustrations/404.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/banner-illustration.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/banner-illustration.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/banner.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/banner.jpg -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/empty.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/empty.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/home-desc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/home-desc.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/home-feature-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/home-feature-bg.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/management/not-found.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/assets/category/management/not-found.png -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/svg-icons/icon-outlink.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/category/svg-icons/icon-user.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/mixin/screen.scss: -------------------------------------------------------------------------------- 1 | @use "sass:list"; 2 | @use "sass:map"; 3 | @use "sass:meta"; 4 | // 断点定义 5 | $breakpoints: ( 6 | // phone 7 | 'phone': (0, 600px), 8 | '>phone': 601px, 9 | // pad 10 | 'pad': (601px, 1200px), 11 | '<=pad': (0, 1200px), 12 | '>pad': 1201px, 13 | // pad-v 14 | 'pad_v': (601px, 840px), 15 | '<=pad_v': (0, 840px), 16 | '>pad_v': 841px, 17 | // pad-h 18 | 'pad_h': (841px, 1200px), 19 | // laptop 20 | 'laptop': (1201px, 1440px), 21 | '<=laptop': (0, 1440px), 22 | '>laptop': 1441px, 23 | 'pad-laptop': (601px, 1440px), 24 | 'pad_v-laptop': (841px, 1440px) 25 | ); 26 | 27 | @mixin respond-to($breakname) { 28 | $bp: map.get($breakpoints, $breakname); 29 | @if meta.type-of($bp) == 'list' { 30 | $min: list.nth($bp, 1); 31 | $max: list.nth($bp, 2); 32 | @if $min == 0 { 33 | @media (max-width: $max) { 34 | @content; 35 | } 36 | } @else { 37 | @media (min-width: $min) and (max-width: $max) { 38 | @content; 39 | } 40 | } 41 | } @else { 42 | @media (min-width: $bp) { 43 | @content; 44 | } 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/anchor.scss: -------------------------------------------------------------------------------- 1 | .o-anchor { 2 | --anchor-indicator-height: 100%; 3 | .o-anchor-item-link { 4 | &:hover { 5 | --anchor-item-link-bg-color-hover: none; 6 | } 7 | &.is-active { 8 | --anchor-item-link-bg-color-active: none; 9 | } 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/card.scss: -------------------------------------------------------------------------------- 1 | @use '../mixin/common.scss' as *; 2 | 3 | .o-card { 4 | --card-cover-radius: 4px !important; 5 | --card-radius: 4px !important; 6 | 7 | --card-title-word-break: normal; 8 | --card-detail-word-break: normal; 9 | --card-main-padding: 24px 24px; 10 | height: 100%; 11 | 12 | // svg图标滑过变色 13 | .path-fill { 14 | fill: var(--o-color-info1); 15 | transition: all var (--o-easing-standard) var(--o-duration-m2); 16 | } 17 | 18 | .o-card-icon { 19 | svg { 20 | width: 1em; 21 | height: 1em; 22 | } 23 | } 24 | 25 | &:hover { 26 | .path-fill { 27 | fill: var(--o-color-primary1); 28 | } 29 | } 30 | } 31 | 32 | .o-card-cover-h, 33 | .o-card-cover-v { 34 | --card-cover-padding: 0 !important; 35 | } 36 | 37 | .o-card-cover-v { 38 | --card-cover-radius: 4px 4px 0 0 !important; 39 | } 40 | 41 | .o-card-cursor-pointer { 42 | @include hover { 43 | .o-card-title { 44 | color: var(--o-color-primary1); 45 | } 46 | } 47 | } 48 | 49 | // @include in-dark { 50 | // .o-figure img { 51 | // @include img-in-dark; 52 | // } 53 | // } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/dialog.scss: -------------------------------------------------------------------------------- 1 | @use '../mixin/screen.scss' as *; 2 | @use '../mixin/font.scss' as *; 3 | 4 | // 屏蔽loading 遮罩 5 | .o-layer { 6 | .o-dlg-header { 7 | color: var(--o-color-info1); 8 | } 9 | 10 | &.o-loading { 11 | --loading-mask-icon-color: var(--o-color-info1); 12 | --layer-align: top; 13 | --layer-origin: top; 14 | --loading-mask-color: var(--o-color-info1); 15 | --layer-mask: var(--o-color-info4-inverse); 16 | transition: none; 17 | padding-top: 23%; 18 | 19 | .o-loading-main { 20 | flex-direction: column; 21 | justify-content: flex-start; 22 | @include text1; 23 | 24 | .o-loading-icon { 25 | font-size: 24px; 26 | margin-bottom: 12px; 27 | } 28 | 29 | .o-rotating { 30 | width: 24px; 31 | height: 24px; 32 | margin-bottom: 12px; 33 | } 34 | } 35 | } 36 | } 37 | 38 | .o-dialog { 39 | --dlg-radius: var(--o-radius-xs); 40 | 41 | .o-dlg-footer { 42 | margin-top: 32px; 43 | } 44 | } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/dropdown.scss: -------------------------------------------------------------------------------- 1 | .o-dropdown-list { 2 | --dropdown-list-radius: 4px; 3 | } 4 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/icon.scss: -------------------------------------------------------------------------------- 1 | .o-icon { 2 | svg { 3 | width: 1em; 4 | height: 1em; 5 | } 6 | } 7 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/index.scss: -------------------------------------------------------------------------------- 1 | @use './anchor.scss' as *; 2 | @use './button.scss' as *; 3 | @use './card.scss' as *; 4 | @use './dialog.scss' as *; 5 | @use './dropdown.scss' as *; 6 | @use './icon.scss' as *; 7 | @use './input.scss' as *; 8 | @use './link.scss' as *; 9 | @use './message.scss' as *; 10 | @use './select.scss' as *; 11 | @use './table.scss' as *; 12 | @use './tag.scss' as *; 13 | @use './popup.scss' as *; 14 | @use './tab.scss' as *; 15 | @use './rate.scss' as *; 16 | @use './result.scss' as *; 17 | @use './toggle.scss' as *; 18 | @use './pagination.scss' as *; 19 | @use './textarea.scss' as *; -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/input.scss: -------------------------------------------------------------------------------- 1 | .o-input { 2 | --input-radius: var(--o-radius_control-xs); 3 | } 4 | 5 | .o-input-clear { 6 | font-size: 20px; 7 | } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/link.scss: -------------------------------------------------------------------------------- 1 | @use '../mixin/common.scss' as *; 2 | 3 | .o-link-normal { 4 | --link-color-hover: var(--o-color-link1); 5 | } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/message.scss: -------------------------------------------------------------------------------- 1 | .o-message-list { 2 | z-index: 1008; 3 | --app-header-height: 64px; 4 | --app-footer-height: 300px; 5 | 6 | --message-list-top-offset: calc(var(--app-header-height) + 32px); 7 | --message-list-bottom-offset: calc(var(--app-footer-height) + 32px); 8 | } 9 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/pagination.scss: -------------------------------------------------------------------------------- 1 | .o-pagination { 2 | --pagination-item-bg-color-current: var(--o-color-primary1); 3 | --pagination-radius: var(--o-radius-xs); 4 | .o-pagination-item.active { 5 | color: var(--o-color-white); 6 | } 7 | } 8 | .o_box-main { 9 | --box-radius: var(--o-radius_control-xs); 10 | } 11 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/popup.scss: -------------------------------------------------------------------------------- 1 | .o-popup { 2 | --popup-radius: var(--o-radius_control-xs); 3 | 4 | .o-popup-body { 5 | border-radius: var(--popup-radius); 6 | } 7 | } 8 | 9 | .o-options-popup { 10 | --popup-radius: var(--o-radius_control-xs); 11 | } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/rate.scss: -------------------------------------------------------------------------------- 1 | .o-rate { 2 | --rate-color: var(--o-color-info4); 3 | --rate-size: 24px; 4 | } 5 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/result.scss: -------------------------------------------------------------------------------- 1 | .o-result-content { 2 | color: var(--o-color-info1); 3 | } 4 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/select.scss: -------------------------------------------------------------------------------- 1 | .o-select { 2 | --select-icon-size: 20px; 3 | --select-radius: 4px; 4 | } 5 | .o-option { 6 | --option-radius: var(--o-radius_control-xs); 7 | } 8 | 9 | .o-option-list { 10 | --option-list-padding: 8px 6px; 11 | } 12 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/tag.scss: -------------------------------------------------------------------------------- 1 | .o-tag { 2 | &.o-tag-small { 3 | --tag-padding: 0 4px; 4 | } 5 | } 6 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/textarea.scss: -------------------------------------------------------------------------------- 1 | .o-textarea { 2 | --textarea-radius: var(--o-radius_control-xs); 3 | --textarea-color: var(--o-color-info1); 4 | 5 | .o_textarea-textarea::placeholder { 6 | color: var(--o-color-info4); 7 | } 8 | } -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/style/theme/toggle.scss: -------------------------------------------------------------------------------- 1 | .o-toggle { 2 | --toggle-radius: var(--o-radius_control-xs); 3 | border: 1px solid transparent; 4 | } 5 | 6 | .o-toggle-checked { 7 | border: 1px solid var(--toggle-bd-color-checked); 8 | } 9 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/assets/vue.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/components/MailExample.vue: -------------------------------------------------------------------------------- 1 | 16 | 17 | 29 | 30 | 49 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/components/easy-dialog/EasyDialog.vue: -------------------------------------------------------------------------------- 1 | 23 | 24 | 40 | 41 | 56 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/components/easy-dialog/types.ts: -------------------------------------------------------------------------------- 1 | import type { DialogActionT } from '@opensig/opendesign/lib/dialog/types'; 2 | import type { ExtractPropTypes, PropType } from 'vue'; 3 | 4 | type EasyDialogAlignT = 'left' | 'center' | 'right'; 5 | 6 | export const EasyDialogProps = { 7 | wrapClass: { 8 | type: String, 9 | }, 10 | header: { 11 | type: String, 12 | default: '', 13 | }, 14 | headerAlign: { 15 | type: String as PropType, 16 | default: 'center', 17 | }, 18 | content: { 19 | type: String, 20 | default: '', 21 | }, 22 | contentAlign: { 23 | type: String as PropType, 24 | default: 'center', 25 | }, 26 | width: { 27 | type: String, 28 | default: 'auto', 29 | }, 30 | actions: { 31 | type: Array as PropType, 32 | default: () => [], 33 | }, 34 | }; 35 | 36 | export type EasyDialogPropsT = ExtractPropTypes; 37 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/components/easy-dialog/use-dialog.ts: -------------------------------------------------------------------------------- 1 | import { createVNode, ref, render } from 'vue'; 2 | import EasyDialog from './EasyDialog.vue'; 3 | import type { EasyDialogPropsT } from './types'; 4 | 5 | const initDialog = (opt: EasyDialogPropsT) => { 6 | const el = document.querySelector('body'); 7 | const vnode = createVNode(EasyDialog, Object.assign(opt || {}, { wrapper: el })); 8 | if (el) { 9 | render(vnode, el); 10 | } 11 | 12 | return vnode.component; 13 | }; 14 | 15 | const instance = ref(); 16 | 17 | const useDialog = () => { 18 | const open = (option: EasyDialogPropsT) => { 19 | instance.value = initDialog(option); 20 | instance.value.exposed.open(); 21 | }; 22 | 23 | const close = () => { 24 | instance.value.exposed.close(); 25 | instance.value = null; 26 | }; 27 | 28 | return { 29 | open, 30 | close, 31 | }; 32 | }; 33 | 34 | export default useDialog; 35 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/config/common.ts: -------------------------------------------------------------------------------- 1 | export const OPEN_EULER_LINK = 'https://www.openeuler.org/'; // 欧拉官网地址 2 | 3 | export const MANAGEMENT_BASELINE_FILE_TYPE = 'application/json'; // 基线管理-新增基线-基线内容文件类型 4 | export const MANAGEMENT_BASELINE_FILE_SUFFIX = '.json'; // 策略管理-新增策略-策略内容文件类型 5 | export const MANAGEMENT_BASELINE_FILE_SIZE = 1024 * 1024 * 100; // 基线管理-新增基线-基线内容文件大小 6 | export const MANAGEMENT_BASELINE_FILE_NAME_REGEXP = /^[a-zA-Z0-9-_]+$/; // 基线管理-新增基线-基线内容文件名正则匹配 7 | 8 | export const MANAGEMENT_POLICY_FILE_SUFFIX = '.rego'; // 策略管理-新增策略-策略内容文件类型 9 | export const MANAGEMENT_POLICY_FILE_SIZE = 1024 * 1024 * 100; // 策略管理-新增策略-策略内容文件大小 10 | export const MANAGEMENT_POLICY_FILE_NAME_REGEXP = /^[a-zA-Z0-9]+$/; // 策略管理-新增策略-策略内容文件名正则匹配 11 | 12 | export const MANAGEMENT_RESOURCE_NAME_MIN_LEN = 1; // 资源管理-新增资源-资源文件名最小长度 13 | export const MANAGEMENT_RESOURCE_NAME_MAX_LEN = 30; // 资源管理-新增资源-资源文件名最大长度 14 | export const MANAGEMENT_RESOURCE_NAME_REGEXP = /^[a-zA-Z0-9_-]+$/; // 资源管理-新增资源-资源文件名正则匹配 15 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/config/management.ts: -------------------------------------------------------------------------------- 1 | export const POLICY_TYPE = new Map([ 2 | [ 3 | 0, 4 | { 5 | value: 0, 6 | label: '证明策略', 7 | desc: '用于控制远程证明中的报告检查过程', 8 | }, 9 | ], 10 | [ 11 | 1, 12 | { 13 | value: 1, 14 | label: '资源策略', 15 | desc: '用于检查用户获取资源时请求的合法性', 16 | }, 17 | ], 18 | ]); 19 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/config/navs.ts: -------------------------------------------------------------------------------- 1 | import type { NavOptionT } from '@/@types/type-components'; 2 | 3 | export default [ 4 | { 5 | id: 'home', 6 | label: '主页', 7 | path: '/management/home', 8 | }, 9 | { 10 | id: 'management', 11 | label: 'OEAS管理', 12 | path: '/management', 13 | }, 14 | ] as NavOptionT[]; 15 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/config/query.ts: -------------------------------------------------------------------------------- 1 | export const COUNT_PER_PAGE = [10, 20, 50]; 2 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/main.ts: -------------------------------------------------------------------------------- 1 | import { createApp } from 'vue'; 2 | import { createPinia } from 'pinia'; 3 | 4 | import '@/assets/style/base.scss'; 5 | import '@opensig/opendesign/es/index.css'; 6 | import '@/assets/style/theme/default-light.token.css'; 7 | import '@/assets/style/theme/index.scss'; 8 | 9 | import App from './App.vue'; 10 | import router from './routes'; 11 | 12 | const app = createApp(App); 13 | app.use(createPinia()); 14 | app.use(router); 15 | app.mount('#app'); 16 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/routes/management.ts: -------------------------------------------------------------------------------- 1 | export default [ 2 | { 3 | path: '/management', 4 | name: 'management', 5 | component: () => { 6 | return import('@/views/management/TheManagement.vue'); 7 | }, 8 | redirect() { 9 | return { name: 'baselineManagement' }; 10 | }, 11 | children: [ 12 | { 13 | path: 'home', 14 | name: 'home', 15 | component: () => { 16 | return import('@/views/TheHome.vue'); 17 | }, 18 | }, 19 | { 20 | path: 'baseline', 21 | name: 'baselineManagement', 22 | component: () => { 23 | return import('@/views/management/TheManagementBaseline.vue'); 24 | }, 25 | }, 26 | { 27 | path: 'policy', 28 | name: 'policyManagement', 29 | component: () => { 30 | return import('@/views/management/TheManagementPolicy.vue'); 31 | }, 32 | }, 33 | { 34 | path: 'resource', 35 | name: 'resourceManagement', 36 | component: () => { 37 | return import('@/views/management/TheManagementResource.vue'); 38 | }, 39 | }, 40 | ], 41 | }, 42 | ]; 43 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/shared/axios/setConfig.ts: -------------------------------------------------------------------------------- 1 | import { getCookie, setCookie } from '@/utils/cookie'; 2 | import type { AxiosStatic } from 'axios'; 3 | 4 | /** 5 | * 设置 axios 实例的配置项 6 | * @param {axios} axios实例 7 | * @param {config} 自定义配置对象,可覆盖掉默认的自定义配置 8 | */ 9 | export default (axios: AxiosStatic, config = {}) => { 10 | const headers: Record = { 11 | 'Content-Type': 'application/json;charset=UTF-8', 12 | }; 13 | 14 | const defaultConfig = { 15 | timeout: 20000, 16 | headers, 17 | xsrfCookieName: '_U_T_', 18 | xsrfHeaderName: "Token", 19 | }; 20 | Object.assign(axios.defaults, defaultConfig, config); 21 | return axios; 22 | }; 23 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/stores/user.ts: -------------------------------------------------------------------------------- 1 | import { ref } from 'vue'; 2 | import { defineStore } from 'pinia'; 3 | import { isObject } from '@opensig/opendesign'; 4 | import type { UserInfoT } from '@/@types/type-user'; 5 | 6 | export type LoginStatus = 'NOT_LOGIN' | 'LOGINING' | 'LOGINED'; 7 | 8 | export const useUserInfo = defineStore('login', () => { 9 | // 登录信息 10 | const guardAuthClient = ref({ 11 | aigcPrivacyAccepted: '', 12 | email: '', 13 | photo: '', 14 | username: '', 15 | }); 16 | const hasPermission = ref(false); 17 | 18 | // 设置登录信息 19 | const setGuardAuthClient = (data: UserInfoT) => { 20 | if (isObject(data)) { 21 | Object.keys(guardAuthClient.value).forEach((key) => { 22 | guardAuthClient.value[key as keyof UserInfoT] = data[key as keyof UserInfoT] || ''; 23 | }); 24 | } else { 25 | clearGuardAuthClient(); 26 | } 27 | }; 28 | 29 | // 清除登录状态 30 | const clearGuardAuthClient = () => { 31 | setLoginStatus('NOT_LOGIN'); 32 | setGuardAuthClient({ 33 | aigcPrivacyAccepted: '', 34 | email: '', 35 | photo: '', 36 | username: '', 37 | }); 38 | }; 39 | 40 | // 登录状态 41 | const loginStatus = ref('NOT_LOGIN'); 42 | const setLoginStatus = (status: LoginStatus) => { 43 | loginStatus.value = status; 44 | }; 45 | 46 | return { 47 | guardAuthClient, 48 | setGuardAuthClient, 49 | clearGuardAuthClient, 50 | loginStatus, 51 | setLoginStatus, 52 | hasPermission, 53 | }; 54 | }); 55 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/utils/cookie.ts: -------------------------------------------------------------------------------- 1 | import { isString } from '@opensig/opendesign'; 2 | 3 | /** 4 | * 设置 cookie 5 | * @param {string} cname cookie 名 6 | * @param {string} cvalue cookie 值 7 | * @param {boolean} isDelete 是否为删除 8 | */ 9 | export function setCookie(cname: string, cvalue: string, isDelete?: boolean) { 10 | const deleteStr = isDelete ? 'max-age=0; ' : ''; 11 | try { 12 | const domain = import.meta.env.VITE_COOKIE_DOMAIN; 13 | const expires = `${deleteStr}path=/; domain=${domain}`; 14 | document.cookie = `${cname}=${cvalue}; ${expires}`; 15 | } catch {} 16 | } 17 | 18 | /** 19 | * 获取 cookie 20 | * @param {string} cname cookie 名 21 | * @return 有返回对应的value,无返回空字符串 22 | */ 23 | export function getCookie(cname: string) { 24 | const name = `${cname}=`; 25 | const ca: any = isString(document.cookie) ? document.cookie.split(';') : []; 26 | 27 | for (let i = 0; i < ca.length; i++) { 28 | const c = ca[i].trim(); 29 | if (c.indexOf(name) === 0) { 30 | return c.substring(name.length, c.length); 31 | } 32 | } 33 | 34 | return ''; 35 | } 36 | 37 | /** 38 | * 删除 cookie 39 | * @param {string} cname cookie 名 40 | */ 41 | export function deleteCookie(cname: string) { 42 | setCookie(cname, 'null', true); 43 | } 44 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/views/NotFound.vue: -------------------------------------------------------------------------------- 1 | 5 | 6 | 14 | 15 | 34 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/views/management/components/UploadFormItem.vue: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/openeuler-mirror/secGear/63fec1691fc6760185ee9f844c8d7d9bf2f2291d/service/attestation/oeas/website/src/views/management/components/UploadFormItem.vue -------------------------------------------------------------------------------- /service/attestation/oeas/website/src/vite-env.d.ts: -------------------------------------------------------------------------------- 1 | /// 2 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/tsconfig.app.json: -------------------------------------------------------------------------------- 1 | { 2 | "extends": "@vue/tsconfig/tsconfig.dom.json", 3 | "include": ["env.d.ts", "src/**/*"], 4 | "exclude": ["src/**/__tests__/*"], 5 | "compilerOptions": { 6 | "composite": true, 7 | "moduleResolution": "node", 8 | "baseUrl": ".", 9 | "paths": { 10 | "@/*": ["./src/*"] 11 | } 12 | } 13 | } 14 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "files": [], 3 | "references": [ 4 | { "path": "./tsconfig.app.json" }, 5 | { "path": "./tsconfig.node.json" } 6 | ] 7 | } 8 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/tsconfig.node.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo", 4 | "target": "ES2022", 5 | "lib": ["ES2023"], 6 | "module": "ESNext", 7 | "skipLibCheck": true, 8 | 9 | /* Bundler mode */ 10 | "moduleResolution": "bundler", 11 | "allowImportingTsExtensions": true, 12 | "isolatedModules": true, 13 | "moduleDetection": "force", 14 | "noEmit": true, 15 | 16 | /* Linting */ 17 | "strict": true, 18 | "noUnusedLocals": true, 19 | "noUnusedParameters": true, 20 | "noFallthroughCasesInSwitch": true, 21 | "noUncheckedSideEffectImports": true 22 | }, 23 | "include": ["vite.config.ts"] 24 | } 25 | -------------------------------------------------------------------------------- /service/attestation/oeas/website/vite.config.ts: -------------------------------------------------------------------------------- 1 | import { fileURLToPath, URL } from 'node:url'; 2 | import { defineConfig } from 'vite'; 3 | 4 | import vue from '@vitejs/plugin-vue'; 5 | import Icons from 'unplugin-icons/vite'; 6 | import { FileSystemIconLoader } from 'unplugin-icons/loaders'; 7 | 8 | export default defineConfig({ 9 | plugins: [ 10 | vue(), 11 | Icons({ 12 | compiler: 'vue3', 13 | customCollections: { 14 | app: FileSystemIconLoader('./src/assets/category/svg-icons'), 15 | }, 16 | }), 17 | ], 18 | resolve: { 19 | alias: { 20 | '@': fileURLToPath(new URL('./src', import.meta.url)), 21 | }, 22 | }, 23 | css: { 24 | preprocessorOptions: { 25 | scss: { 26 | api: 'modern-compiler', 27 | additionalData: ` 28 | @use "@/assets/style/mixin/screen.scss" as *; 29 | @use "@/assets/style/mixin/font.scss" as *; 30 | @use "@/assets/style/mixin/common.scss" as *; 31 | `, 32 | }, 33 | }, 34 | }, 35 | server: {}, 36 | }); 37 | -------------------------------------------------------------------------------- /src/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | set(CMAKE_SHARED_LINKER_FLAGS "-Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack") 12 | set(CMAKE_STATIC_LINKER_FLAGS "") 13 | 14 | add_subdirectory(enclave_src) 15 | add_subdirectory(host_src) 16 | -------------------------------------------------------------------------------- /src/enclave_src/gp/itrustee/itrustee_random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "random_internal.h" 14 | #include "tee_crypto_api.h" 15 | 16 | int _cc_generate_random(void *buffer, size_t size) 17 | { 18 | TEE_GenerateRandom(buffer, size); 19 | return 0; 20 | } 21 | -------------------------------------------------------------------------------- /src/enclave_src/gp/itrustee/itrustee_shared_memory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef __ITRUSTEE_SHARED_MEMORY_H__ 14 | #define __ITRUSTEE_SHARED_MEMORY_H__ 15 | 16 | #include "status.h" 17 | 18 | #ifdef __cplusplus 19 | extern "C" { 20 | #endif 21 | 22 | cc_enclave_result_t register_shared_memory_by_session(uint8_t *in_buf, uint8_t *registered_buf, void **sessionContext); 23 | void open_session_unregister_shared_memory(void *sessionContext); 24 | 25 | #ifdef __cplusplus 26 | } 27 | #endif 28 | #endif 29 | -------------------------------------------------------------------------------- /src/enclave_src/penglai/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) IPADS@SJTU 2021. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | set(SOURCE_FILES ${SOURCE_FILES} penglai_seal_data.c bottom_memory_check.c error_conversion.c penglai_random.c penglai_ocall.c) 12 | 13 | set(PENGLAI_MUSL ${SDK_PATH}/musl) 14 | set(SDK_LIB_DIR ${SDK_PATH}/lib) 15 | set(SDK_INCLUDE_DIR ${SDK_LIB_DIR}/app/include) 16 | 17 | set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -fPIC") 18 | set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}") 19 | 20 | add_library(${target_lib} STATIC ${SOURCE_FILES}) 21 | 22 | target_include_directories(${target_lib} PRIVATE 23 | ${PENGLAI_MUSL}/include 24 | ${PENGLAI_MUSL}/arch/riscv64 25 | ${PENGLAI_MUSL}/obj/include 26 | ${SDK_INCLUDE_DIR} 27 | ${LOCAL_ROOT_PATH}/inc/enclave_inc/penglai) 28 | 29 | install(TARGETS ${target_lib} 30 | ARCHIVE 31 | DESTINATION ${LIBRARY_INSTALL} 32 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) 33 | 34 | -------------------------------------------------------------------------------- /src/enclave_src/penglai/error_conversion.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "error_conversion.h" 14 | 15 | cc_enclave_result_t conversion_res_status(uint32_t enclave_res) 16 | { 17 | switch (enclave_res) { 18 | case 0: 19 | return CC_SUCCESS; 20 | case 1: 21 | return CC_FAIL; 22 | default: 23 | return CC_ERROR_UNEXPECTED; 24 | } 25 | } 26 | 27 | -------------------------------------------------------------------------------- /src/enclave_src/penglai/penglai_random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "status.h" 14 | #include "random_internal.h" 15 | 16 | 17 | int _cc_generate_random(void *buffer, size_t size) 18 | { 19 | /* Penglai doesn't support generate_random now */ 20 | return CC_ERROR_NOT_SUPPORTED; 21 | } 22 | -------------------------------------------------------------------------------- /src/enclave_src/secgear_random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "secgear_random.h" 14 | #include "random_internal.h" 15 | 16 | cc_enclave_result_t cc_enclave_generate_random(void *buffer, size_t size) 17 | { 18 | cc_enclave_result_t res; 19 | if (buffer == NULL || size == 0) { 20 | return CC_ERROR_BAD_PARAMETERS; 21 | } 22 | res = _cc_generate_random(buffer, size); 23 | switch (res) { 24 | case 0: 25 | res = CC_SUCCESS; 26 | break; 27 | case 1: 28 | res = CC_FAIL; 29 | break; 30 | case CC_ERROR_NOT_SUPPORTED: 31 | res = CC_ERROR_NOT_SUPPORTED; 32 | break; 33 | default: 34 | res = CC_ERROR_UNEXPECTED; 35 | break; 36 | } 37 | return res; 38 | } 39 | -------------------------------------------------------------------------------- /src/enclave_src/sgx/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | set(SOURCE_FILES ${SOURCE_FILES} sgx_seal_data.c bottom_memory_check.c error_conversion.c sgx_random.c) 12 | 13 | set(SGX_DIR ${SDK_PATH}) 14 | 15 | set(CMAKE_C_FLAGS "${COMMON_C_FLAGS} -m64 -fPIC") 16 | set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}") 17 | 18 | add_library(${target_lib} STATIC ${SOURCE_FILES}) 19 | 20 | target_include_directories(${target_lib} PRIVATE 21 | ${SGX_DIR}/include/tlibc 22 | ${SGX_DIR}/include 23 | ${LOCAL_ROOT_PATH}/inc/enclave_inc/sgx) 24 | 25 | install(TARGETS ${target_lib} 26 | ARCHIVE 27 | DESTINATION ${LIBRARY_INSTALL} 28 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) 29 | 30 | -------------------------------------------------------------------------------- /src/enclave_src/sgx/bottom_memory_check.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "bottom_memory_check.h" 14 | 15 | /* 16 | * param buffer [IN] point to buffer address 17 | * param size [IN] buffer size to be checked 18 | * 19 | * retval true target buffer is within enclave 20 | * retval false target buffer is outside of enclave 21 | */ 22 | bool sgx_memory_in_enclave(const void *buffer, size_t size) 23 | { 24 | return sgx_is_within_enclave(buffer, size); 25 | } 26 | 27 | /* 28 | * param buffer [IN] point to buffer address 29 | * param size [IN] buffer size to be checked 30 | * 31 | * retval false target buffer is within enclave 32 | * retval true target buffer is outside of enclave 33 | */ 34 | bool sgx_memory_out_enclave(const void *buffer, size_t size) 35 | { 36 | return sgx_is_outside_enclave(buffer, size); 37 | } 38 | -------------------------------------------------------------------------------- /src/enclave_src/sgx/sgx_random.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include "random_internal.h" 13 | #include "sgx_trts.h" 14 | #include "sgx_error.h" 15 | 16 | int _cc_generate_random(void *buffer, size_t size) 17 | { 18 | sgx_status_t err; 19 | err = sgx_read_rand(buffer, size); 20 | return err; 21 | } 22 | -------------------------------------------------------------------------------- /src/host_src/ocall_log.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGEAR is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #include 13 | #include 14 | 15 | __attribute__((visibility("default"))) void cc_enclave_PrintInfo(const char *str) 16 | { 17 | openlog("secGear", LOG_CONS | LOG_PID, 0); 18 | syslog(LOG_INFO, "%s\n", str); 19 | closelog(); 20 | return; 21 | } 22 | -------------------------------------------------------------------------------- /src/host_src/penglai/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) IPADS@SJTU 2021. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | set(penglai_engine penglai_0) 12 | 13 | set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/lib/penglai) 14 | 15 | if(${CMAKE_VERSION} VERSION_LESS "3.13.0") 16 | link_directories(${CMAKE_BINARY_DIR}/lib) 17 | endif() 18 | 19 | add_library(${penglai_engine} SHARED penglai_enclave.c penglai_enclave.h ) 20 | 21 | 22 | target_include_directories(${penglai_engine} PRIVATE 23 | ${SDK_PATH}/lib/host/include) 24 | 25 | 26 | if(${CMAKE_VERSION} VERSION_GREATER_EQUAL "3.13.0") 27 | target_link_directories(${penglai_engine} PRIVATE 28 | ${CMAKE_BINARY_DIR}/lib) 29 | endif() 30 | 31 | 32 | target_link_libraries(${penglai_engine} pthread secgear ${SDK_PATH}/lib/libpenglai-enclave-host.a) 33 | 34 | set_target_properties(${penglai_engine} PROPERTIES SKIP_BUILD_RPATH TRUE) 35 | 36 | install(TARGETS ${penglai_engine} 37 | LIBRARY 38 | DESTINATION ${LIBRARY_INSTALL} 39 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) 40 | -------------------------------------------------------------------------------- /src/host_src/penglai/penglai_enclave.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) IPADS@SJTU 2021. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef FINAL_SECGEAR_PENGLAI_ENCALVE_H 14 | #define FINAL_SECGEAR_PENGLAI_ENCALVE_H 15 | 16 | /* New struct used to hint the in | out buf size. */ 17 | typedef struct _untrusted_mem_info_t 18 | { 19 | uint8_t fid; 20 | size_t in_buf_size; 21 | size_t out_buf_size; 22 | } untrusted_mem_info_t; 23 | 24 | #endif // FINAL_SECGEAR_PENGLAI_ENCALVE_H 25 | -------------------------------------------------------------------------------- /src/host_src/sgx/sgx_enclave.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef FINAL_SECGEAR_SGX_ENCALVE_H 14 | #define FINAL_SECGEAR_SGX_ENCALVE_H 15 | 16 | #define _CESGX_SWITCHLESS_FEATURES 0x00000001u 17 | #define _CESGX_PROTECTED_CODE_LOADER_FEATURES 0x00000002u 18 | 19 | /* This header file is placed in inc/sgx to allow users to 20 | * invoke features supported by specific enclave, such as 21 | * plc swichless, which are only meaningful for sgx. 22 | */ 23 | 24 | typedef struct _sgx_plc_config { 25 | uint32_t len; 26 | char *path; 27 | } cesgx_plc_config_t; 28 | 29 | typedef struct _sgx_switch_config { 30 | uint32_t host_worker; 31 | uint32_t enclave_worker; 32 | } cesgx_switch_config_t; 33 | 34 | 35 | #endif // FINAL_SECGEAR_SGX_ENCALVE_H 36 | -------------------------------------------------------------------------------- /src/host_src/sgx/sgx_shared_memory.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #include "sgx_shared_memory.h" 14 | 15 | #include 16 | #include "secgear_defs.h" 17 | 18 | void *sgx_malloc_shared_memory(cc_enclave_t *enclave, size_t size, bool is_control_buf, int try_cnt) 19 | { 20 | CC_IGNORE(enclave); 21 | CC_IGNORE(is_control_buf); 22 | CC_IGNORE(try_cnt); 23 | 24 | return malloc(size); 25 | } 26 | 27 | cc_enclave_result_t sgx_free_shared_memory(cc_enclave_t *enclave, void *ptr) 28 | { 29 | CC_IGNORE(enclave); 30 | 31 | free(ptr); 32 | return CC_SUCCESS; 33 | } 34 | 35 | cc_enclave_result_t sgx_register_shared_memory(cc_enclave_t *enclave, void *ptr) 36 | { 37 | CC_IGNORE(enclave); 38 | CC_IGNORE(ptr); 39 | 40 | return CC_SUCCESS; 41 | } 42 | 43 | cc_enclave_result_t sgx_unregister_shared_memory(cc_enclave_t *enclave, void *ptr) 44 | { 45 | CC_IGNORE(enclave); 46 | CC_IGNORE(ptr); 47 | 48 | return CC_SUCCESS; 49 | } 50 | -------------------------------------------------------------------------------- /test/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | project(secGear) 2 | 3 | set(CMAKE_C_FLAGS "-fPIC -fstack-protector-strong -D_FORTIFY_SOURCE=2 -O2 -Wall -Werror") 4 | -------------------------------------------------------------------------------- /thirdparty/base64url/b64/LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2014 Little Star Media, Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. -------------------------------------------------------------------------------- /thirdparty/base64url/b64/buffer.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "b64.h" 4 | 5 | #ifdef b64_USE_CUSTOM_MALLOC 6 | extern void* b64_malloc(size_t); 7 | #endif 8 | 9 | #ifdef b64_USE_CUSTOM_REALLOC 10 | extern void* b64_realloc(void*, size_t); 11 | #endif 12 | 13 | int b64_buf_malloc(b64_buffer_t * buf) 14 | { 15 | buf->ptr = b64_malloc(B64_BUFFER_SIZE); 16 | if(!buf->ptr) return -1; 17 | 18 | buf->bufc = 1; 19 | 20 | return 0; 21 | } 22 | 23 | int b64_buf_realloc(b64_buffer_t* buf, size_t size) 24 | { 25 | if (size > (size_t)buf->bufc * B64_BUFFER_SIZE) 26 | { 27 | while (size > (size_t)buf->bufc * B64_BUFFER_SIZE) buf->bufc++; 28 | buf->ptr = b64_realloc(buf->ptr, B64_BUFFER_SIZE * buf->bufc); 29 | if (!buf->ptr) return -1; 30 | } 31 | 32 | return 0; 33 | } 34 | -------------------------------------------------------------------------------- /thirdparty/base64url/b64/notes.md: -------------------------------------------------------------------------------- 1 | ## b64.c 2 | 3 | ### Download 4 | 5 | This library can be downloaded from address https://github.com/jwerle/b64.c. 6 | 7 | ### Version 8 | 9 | The version of this library is **tag 0.1.0**. 10 | 11 | -------------------------------------------------------------------------------- /thirdparty/base64url/base64url.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | 13 | #ifndef SECGEAR_BASE64URL_H 14 | #define SECGEAR_BASE64URL_H 15 | 16 | #include 17 | #include 18 | 19 | #ifdef __cplusplus 20 | extern "C" { 21 | #endif 22 | // warning, caller need free return ptr 23 | char* kpsecl_base64urlencode(const uint8_t *source, size_t source_len, size_t *dest_len); 24 | 25 | // warning, caller need free return ptr 26 | uint8_t* kpsecl_base64urldecode(const char *source, size_t source_len, size_t *dest_len); 27 | 28 | #ifdef __cplusplus 29 | } 30 | #endif 31 | 32 | #endif 33 | -------------------------------------------------------------------------------- /thirdparty/libqca/ra_client_api.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2022-2023. All rights reserved. 3 | * Licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | */ 12 | #ifndef LIBQCA_H 13 | #define LIBQCA_H 14 | #include 15 | 16 | struct ra_buffer_data { 17 | uint32_t size; 18 | uint8_t *buf; 19 | }; 20 | 21 | TEEC_Result RemoteAttest(struct ra_buffer_data *in, struct ra_buffer_data *out); 22 | #endif 23 | -------------------------------------------------------------------------------- /tools/codegener/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | # secGear is licensed under the Mulan PSL v2. 3 | # You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | # You may obtain a copy of Mulan PSL v2 at: 5 | # http://license.coscl.org.cn/MulanPSL2 6 | # THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | # IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | # PURPOSE. 9 | # See the Mulan PSL v2 for more details. 10 | 11 | include(ExternalProject) 12 | 13 | project(CodeGen C) 14 | 15 | find_program(DUNE dune) 16 | 17 | if(NOT DUNE) 18 | message(FATAL_ERROR "Please check your dune installation") 19 | endif() 20 | 21 | set(code codegen) 22 | 23 | ExternalProject_Add(codegen 24 | SOURCE_DIR ${LOCAL_ROOT_PATH}/tools/codegener 25 | CONFIGURE_COMMAND "" 26 | BUILD_COMMAND dune build 27 | BUILD_IN_SOURCE TRUE 28 | INSTALL_COMMAND mv ${CMAKE_CURRENT_SOURCE_DIR}/_build/default/main.exe ${LOCAL_ROOT_PATH}/bin/${code} 29 | ) 30 | 31 | install(FILES ${LOCAL_ROOT_PATH}/bin/${code} 32 | DESTINATION /usr/bin/ 33 | PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE 34 | ) 35 | -------------------------------------------------------------------------------- /tools/codegener/dune: -------------------------------------------------------------------------------- 1 | ; Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 2 | ; secGear is licensed under the Mulan PSL v2. 3 | ; You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | ; You may obtain a copy of Mulan PSL v2 at: 5 | ; http://license.coscl.org.cn/MulanPSL2 6 | ; THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | ; IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | ; PURPOSE. 9 | ; See the Mulan PSL v2 for more details. 10 | 11 | (env 12 | (dev 13 | (flags (:standard -w -11 -w -14 -w -26..27 -w -32 -w -33))) 14 | (release 15 | (flags (:standard -O3 -w -11 -w -14 -w -26..27 -w -32 -w -33)))) 16 | 17 | (executable 18 | (name main) 19 | (public_name cc_gencoder) 20 | (libraries intel penglai)) 21 | -------------------------------------------------------------------------------- /tools/codegener/dune-project: -------------------------------------------------------------------------------- 1 | (lang dune 2.4) 2 | 3 | (name cc_gencoder) 4 | (license MIT) 5 | (version 0.7.0) 6 | (authors "secGear SDK") 7 | (maintainers "secGear SDK") 8 | (source (github secGear/secGear)) 9 | 10 | (package 11 | (name cc_gencoder) 12 | (synopsis "An OCaml tool for processing Enclave Definition Language files") 13 | (description "Generates code for Enclave SDK")) 14 | 15 | -------------------------------------------------------------------------------- /tools/codegener/intel/dune: -------------------------------------------------------------------------------- 1 | (library 2 | (name intel) 3 | (synopsis "Upstream Intel edger8r") 4 | (libraries str unix)) 5 | 6 | (ocamllex Lexer) 7 | 8 | (ocamlyacc Parser) 9 | 10 | ; TODO: Upstream code has a lot of warnings still. 11 | 12 | (env 13 | (dev 14 | (flags 15 | (:standard -warn-error -A)))) 16 | -------------------------------------------------------------------------------- /tools/codegener/main.ml: -------------------------------------------------------------------------------- 1 | (* 2 | * Copyright (c) Huawei Technologies Co., Ltd. 2020. All rights reserved. 3 | * secGear is licensed under the Mulan PSL v2. 4 | * You can use this software according to the terms and conditions of the Mulan PSL v2. 5 | * You may obtain a copy of Mulan PSL v2 at: 6 | * http://license.coscl.org.cn/MulanPSL2 7 | * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 8 | * IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 9 | * PURPOSE. 10 | * See the Mulan PSL v2 for more details. 11 | *) 12 | 13 | (*open Emitter*) 14 | open Codegener 15 | 16 | let _ = 17 | Printf.printf "Generate code for secGear SDK.\n"; 18 | Intel.Plugin.instance.available <- true; 19 | Intel.Plugin.instance.gen_edge_routines <- generate_enclave_code 20 | 21 | let main = 22 | let progname = Sys.argv.(0) in 23 | let argc = Array.length Sys.argv in 24 | let args = if argc = 1 then [||] else Array.sub Sys.argv 1 (argc-1) in 25 | let cmd_params = Intel.Util.parse_cmdline progname (Array.to_list args) in 26 | 27 | let real_ast_handler fname = 28 | try 29 | Intel.CodeGen.gen_enclave_code (Intel.CodeGen.start_parsing fname) cmd_params 30 | with 31 | Failure s -> (Printf.eprintf "error: %s\n" s; exit (-1)) 32 | in 33 | if cmd_params.input_files = [] then Intel.Util.usage progname 34 | else List.iter real_ast_handler cmd_params.input_files 35 | 36 | -------------------------------------------------------------------------------- /tools/codegener/penglai/dune: -------------------------------------------------------------------------------- 1 | ; Copyright (c) IPADS@SJTU 2021. All rights reserved. 2 | ; secGear is licensed under the Mulan PSL v2. 3 | ; You can use this software according to the terms and conditions of the Mulan PSL v2. 4 | ; You may obtain a copy of Mulan PSL v2 at: 5 | ; http://license.coscl.org.cn/MulanPSL2 6 | ; THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR 7 | ; IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR 8 | ; PURPOSE. 9 | ; See the Mulan PSL v2 for more details. 10 | 11 | (library 12 | (name penglai) 13 | (synopsis "penglai codegen") 14 | (libraries str unix intel)) 15 | 16 | (env 17 | (dev 18 | (flags 19 | (:standard -warn-error -A)))) 20 | --------------------------------------------------------------------------------