From f3ed1acfe0fdec512d4e75122cc4f03afd1714c2 Mon Sep 17 00:00:00 2001 From: WangRunji Date: Wed, 13 Feb 2019 20:03:24 +0800 Subject: [PATCH] add Rust SGX sample --- hello-rust/Makefile | 174 ++++++++++++++++++ hello-rust/app/Cargo.toml | 10 + hello-rust/app/build.rs | 55 ++++++ hello-rust/app/src/main.rs | 151 +++++++++++++++ hello-rust/bin/readme.txt | 1 + hello-rust/enclave/Cargo.toml | 15 ++ hello-rust/enclave/Enclave.config.xml | 12 ++ hello-rust/enclave/Enclave.edl | 44 +++++ hello-rust/enclave/Enclave.lds | 9 + hello-rust/enclave/Enclave_private.pem | 39 ++++ hello-rust/enclave/Makefile | 44 +++++ hello-rust/enclave/_Xargo.toml | 20 ++ hello-rust/enclave/src/lib.rs | 57 ++++++ .../enclave/x86_64-unknown-linux-sgx.json | 31 ++++ hello-rust/lib/readme.txt | 1 + 15 files changed, 663 insertions(+) create mode 100644 hello-rust/Makefile create mode 100644 hello-rust/app/Cargo.toml create mode 100644 hello-rust/app/build.rs create mode 100644 hello-rust/app/src/main.rs create mode 100644 hello-rust/bin/readme.txt create mode 100644 hello-rust/enclave/Cargo.toml create mode 100644 hello-rust/enclave/Enclave.config.xml create mode 100644 hello-rust/enclave/Enclave.edl create mode 100644 hello-rust/enclave/Enclave.lds create mode 100644 hello-rust/enclave/Enclave_private.pem create mode 100644 hello-rust/enclave/Makefile create mode 100644 hello-rust/enclave/_Xargo.toml create mode 100644 hello-rust/enclave/src/lib.rs create mode 100644 hello-rust/enclave/x86_64-unknown-linux-sgx.json create mode 100644 hello-rust/lib/readme.txt diff --git a/hello-rust/Makefile b/hello-rust/Makefile new file mode 100644 index 0000000..c0a28dd --- /dev/null +++ b/hello-rust/Makefile @@ -0,0 +1,174 @@ +# Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Baidu, Inc., nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= HW +SGX_ARCH ?= x64 +RUST_SGX_SDK ?= ../../rust-sgx-sdk + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## CUSTOM Settings ######## + +CUSTOM_LIBRARY_PATH := ./lib +CUSTOM_BIN_PATH := ./bin +CUSTOM_EDL_PATH := $(RUST_SGX_SDK)/edl +CUSTOM_COMMON_PATH := $(RUST_SGX_SDK)/common + +######## EDL Settings ######## + +Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app/Enclave_u.h + +######## APP Settings ######## + +App_Rust_Flags := --release +App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml') +App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +App_Rust_Path := ./app/target/release +App_Enclave_u_Object :=app/libEnclave_u.a +App_Name := bin/app + +######## Enclave Settings ######## + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto +KeyExchange_Library_Name := sgx_tkey_exchange +ProtectedFs_Library_Name := sgx_tprotected_fs + +RustEnclave_C_Files := $(wildcard ./enclave/*.c) +RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o) +RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include + +RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lcompiler-rt-patch -lenclave +RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(RustEnclave_Include_Paths) +RustEnclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -l$(Service_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(ProtectedFs_Library_Name) $(RustEnclave_Link_Libs) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 \ + -Wl,--gc-sections \ + -Wl,--version-script=enclave/Enclave.lds + +RustEnclave_Name := enclave/enclave.so +Signed_RustEnclave_Name := bin/enclave.signed.so + +.PHONY: all +all: $(App_Name) $(Signed_RustEnclave_Name) + +######## EDL Objects ######## + +$(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl + $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK)/edl --trusted-dir enclave + $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_SGX_SDK)/edl --untrusted-dir app + @echo "GEN => $(Enclave_EDL_Files)" + +######## App Objects ######## + +app/Enclave_u.o: $(Enclave_EDL_Files) + @$(CC) $(App_C_Flags) -c app/Enclave_u.c -o $@ + @echo "CC <= $<" + +$(App_Enclave_u_Object): app/Enclave_u.o + $(AR) rcsD $@ $^ + cp $(App_Enclave_u_Object) ./lib + +$(App_Name): $(App_Enclave_u_Object) $(App_SRC_Files) + @cd app && SGX_SDK=$(SGX_SDK) cargo build $(App_Rust_Flags) + @echo "Cargo => $@" + cp $(App_Rust_Path)/app ./bin + +######## Enclave Objects ######## + +enclave/Enclave_t.o: $(Enclave_EDL_Files) + @$(CC) $(RustEnclave_Compile_Flags) -c enclave/Enclave_t.c -o $@ + @echo "CC <= $<" + +$(RustEnclave_Name): enclave compiler-rt enclave/Enclave_t.o + cp $(RUST_SGX_SDK)/compiler-rt/libcompiler-rt-patch.a ./lib + @$(CXX) enclave/Enclave_t.o -o $@ $(RustEnclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_RustEnclave_Name): $(RustEnclave_Name) + @$(SGX_ENCLAVE_SIGNER) sign -key enclave/Enclave_private.pem -enclave $(RustEnclave_Name) -out $@ -config enclave/Enclave.config.xml + @echo "SIGN => $@" + +.PHONY: enclave +enclave: + $(MAKE) -C ./enclave/ + +.PHONY: compiler-rt +compiler-rt: + $(MAKE) -C $(RUST_SGX_SDK)/compiler-rt/ 2> /dev/null + +.PHONY: clean +clean: + @rm -f $(App_Name) $(RustEnclave_Name) $(Signed_RustEnclave_Name) enclave/*_t.* app/*_u.* lib/*.a + @cd enclave && cargo clean && rm -f Cargo.lock + @cd app && cargo clean && rm -f Cargo.lock + diff --git a/hello-rust/app/Cargo.toml b/hello-rust/app/Cargo.toml new file mode 100644 index 0000000..c81d33d --- /dev/null +++ b/hello-rust/app/Cargo.toml @@ -0,0 +1,10 @@ +[package] +name = "app" +version = "1.0.0" +authors = ["Baidu"] +build = "build.rs" + +[dependencies] +sgx_types = "1.0.6" +sgx_urts = "1.0.6" +dirs = "1.0.2" diff --git a/hello-rust/app/build.rs b/hello-rust/app/build.rs new file mode 100644 index 0000000..36c9e08 --- /dev/null +++ b/hello-rust/app/build.rs @@ -0,0 +1,55 @@ +// Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in +// the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Baidu, Inc., nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +use std::env; + +fn main () { + + let sdk_dir = env::var("SGX_SDK") + .unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string()); + let is_sim = env::var("SGX_MODE") + .unwrap_or_else(|_| "HW".to_string()); + + println!("cargo:rustc-link-search=native=../lib"); + println!("cargo:rustc-link-lib=static=Enclave_u"); + + println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); + match is_sim.as_ref() { + "SW" => println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"), + "HW" => println!("cargo:rustc-link-lib=dylib=sgx_urts"), + _ => println!("cargo:rustc-link-lib=dylib=sgx_urts"), // Treat undefined as HW + } + + // for sgx_tprotected_fs + match is_sim.as_ref() { + "SW" => println!("cargo:rustc-link-lib=dylib=sgx_uae_service_sim"), + "HW" => println!("cargo:rustc-link-lib=dylib=sgx_uae_service"), + _ => println!("cargo:rustc-link-lib=dylib=sgx_uae_service"), // Treat undefined as HW + } + println!("cargo:rustc-link-lib=dylib=sgx_uprotected_fs"); +} diff --git a/hello-rust/app/src/main.rs b/hello-rust/app/src/main.rs new file mode 100644 index 0000000..ec521ef --- /dev/null +++ b/hello-rust/app/src/main.rs @@ -0,0 +1,151 @@ +// Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in +// the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Baidu, Inc., nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +extern crate sgx_types; +extern crate sgx_urts; +extern crate dirs; + +use sgx_types::*; +use sgx_urts::SgxEnclave; + +use std::io::{Read, Write}; +use std::fs; +use std::path; + +static ENCLAVE_FILE: &'static str = "enclave.signed.so"; +static ENCLAVE_TOKEN: &'static str = "enclave.token"; + +extern { + fn say_something(eid: sgx_enclave_id_t, retval: *mut sgx_status_t, + some_string: *const u8, len: usize) -> sgx_status_t; +} + +fn init_enclave() -> SgxResult { + + let mut launch_token: sgx_launch_token_t = [0; 1024]; + let mut launch_token_updated: i32 = 0; + // Step 1: try to retrieve the launch token saved by last transaction + // if there is no token, then create a new one. + // + // try to get the token saved in $HOME */ + let mut home_dir = path::PathBuf::new(); + let use_token = match dirs::home_dir() { + Some(path) => { + println!("[+] Home dir is {}", path.display()); + home_dir = path; + true + }, + None => { + println!("[-] Cannot get home dir"); + false + } + }; + + let token_file: path::PathBuf = home_dir.join(ENCLAVE_TOKEN);; + if use_token == true { + match fs::File::open(&token_file) { + Err(_) => { + println!("[-] Open token file {} error! Will create one.", token_file.as_path().to_str().unwrap()); + }, + Ok(mut f) => { + println!("[+] Open token file success! "); + match f.read(&mut launch_token) { + Ok(1024) => { + println!("[+] Token file valid!"); + }, + _ => println!("[+] Token file invalid, will create new token file"), + } + } + } + } + + // Step 2: call sgx_create_enclave to initialize an enclave instance + // Debug Support: set 2nd parameter to 1 + let debug = 1; + let mut misc_attr = sgx_misc_attribute_t {secs_attr: sgx_attributes_t { flags:0, xfrm:0}, misc_select:0}; + let enclave = try!(SgxEnclave::create(ENCLAVE_FILE, + debug, + &mut launch_token, + &mut launch_token_updated, + &mut misc_attr)); + + // Step 3: save the launch token if it is updated + if use_token == true && launch_token_updated != 0 { + // reopen the file with write capablity + match fs::File::create(&token_file) { + Ok(mut f) => { + match f.write_all(&launch_token) { + Ok(()) => println!("[+] Saved updated launch token!"), + Err(_) => println!("[-] Failed to save updated launch token!"), + } + }, + Err(_) => { + println!("[-] Failed to save updated enclave token, but doesn't matter"); + }, + } + } + + Ok(enclave) +} + +fn main() { + + let enclave = match init_enclave() { + Ok(r) => { + println!("[+] Init Enclave Successful {}!", r.geteid()); + r + }, + Err(x) => { + println!("[-] Init Enclave Failed {}!", x.as_str()); + return; + }, + }; + + let input_string = String::from("This is a normal world string passed into Enclave!\n"); + + let mut retval = sgx_status_t::SGX_SUCCESS; + + let result = unsafe { + say_something(enclave.geteid(), + &mut retval, + input_string.as_ptr() as * const u8, + input_string.len()) + }; + + match result { + sgx_status_t::SGX_SUCCESS => {}, + _ => { + println!("[-] ECALL Enclave Failed {}!", result.as_str()); + return; + } + } + + println!("[+] say_something success..."); + + enclave.destroy(); +} diff --git a/hello-rust/bin/readme.txt b/hello-rust/bin/readme.txt new file mode 100644 index 0000000..c5e82d7 --- /dev/null +++ b/hello-rust/bin/readme.txt @@ -0,0 +1 @@ +bin \ No newline at end of file diff --git a/hello-rust/enclave/Cargo.toml b/hello-rust/enclave/Cargo.toml new file mode 100644 index 0000000..a601af1 --- /dev/null +++ b/hello-rust/enclave/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "Helloworldsampleenclave" +version = "1.0.0" +authors = ["Baidu"] + +[lib] +name = "helloworldsampleenclave" +crate-type = ["staticlib"] + +[features] +default = [] + +[target.'cfg(not(target_env = "sgx"))'.dependencies] +sgx_types = { path = "../../../rust-sgx-sdk/sgx_types" } +sgx_tstd = { path = "../../../rust-sgx-sdk/sgx_tstd" } diff --git a/hello-rust/enclave/Enclave.config.xml b/hello-rust/enclave/Enclave.config.xml new file mode 100644 index 0000000..ee4c3f7 --- /dev/null +++ b/hello-rust/enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + 0 + 0 + 0xFFFFFFFF + diff --git a/hello-rust/enclave/Enclave.edl b/hello-rust/enclave/Enclave.edl new file mode 100644 index 0000000..5130813 --- /dev/null +++ b/hello-rust/enclave/Enclave.edl @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Baidu, Inc., nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + from "sgx_tstd.edl" import *; + from "sgx_stdio.edl" import *; + from "sgx_backtrace.edl" import *; + from "sgx_tstdc.edl" import *; + from "sgx_tprotected_fs.edl" import *; + + trusted { + /* define ECALLs here. */ + + public sgx_status_t say_something([in, size=len] const uint8_t* some_string, size_t len); + }; +}; diff --git a/hello-rust/enclave/Enclave.lds b/hello-rust/enclave/Enclave.lds new file mode 100644 index 0000000..e3d9d0e --- /dev/null +++ b/hello-rust/enclave/Enclave.lds @@ -0,0 +1,9 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + local: + *; +}; diff --git a/hello-rust/enclave/Enclave_private.pem b/hello-rust/enclave/Enclave_private.pem new file mode 100644 index 0000000..529d07b --- /dev/null +++ b/hello-rust/enclave/Enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/hello-rust/enclave/Makefile b/hello-rust/enclave/Makefile new file mode 100644 index 0000000..e463f02 --- /dev/null +++ b/hello-rust/enclave/Makefile @@ -0,0 +1,44 @@ +# Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Baidu, Inc., nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +Rust_Enclave_Name := libenclave.a +Rust_Enclave_Files := $(wildcard src/*.rs) +Rust_Target_Path := $(CURDIR)/../../../xargo + +.PHONY: all + +all: $(Rust_Enclave_Name) + +$(Rust_Enclave_Name): $(Rust_Enclave_Files) +ifeq ($(XARGO_SGX), 1) + RUST_TARGET_PATH=$(Rust_Target_Path) xargo build --target x86_64-unknown-linux-sgx --release + cp ./target/x86_64-unknown-linux-sgx/release/libhelloworldsampleenclave.a ../lib/libenclave.a +else + cargo build --release + cp ./target/release/libhelloworldsampleenclave.a ../lib/libenclave.a +endif \ No newline at end of file diff --git a/hello-rust/enclave/_Xargo.toml b/hello-rust/enclave/_Xargo.toml new file mode 100644 index 0000000..57ad5b8 --- /dev/null +++ b/hello-rust/enclave/_Xargo.toml @@ -0,0 +1,20 @@ +[dependencies] +alloc = {} +panic_unwind = {} +panic_abort = {} + +[dependencies.std] +path = "../../../xargo/sgx_tstd" +stage = 1 + +[dependencies.sgx_rand] +path = "../../../xargo/sgx_rand" +stage = 2 + +[dependencies.sgx_serialize] +path = "../../../xargo/sgx_serialize" +stage = 2 + +[dependencies.sgx_tunittest] +path = "../../../xargo/sgx_tunittest" +stage = 2 \ No newline at end of file diff --git a/hello-rust/enclave/src/lib.rs b/hello-rust/enclave/src/lib.rs new file mode 100644 index 0000000..b6ef130 --- /dev/null +++ b/hello-rust/enclave/src/lib.rs @@ -0,0 +1,57 @@ +// Copyright (C) 2017-2018 Baidu, Inc. All Rights Reserved. +// +// Redistribution and use in source and binary forms, with or without +// modification, are permitted provided that the following conditions +// are met: +// +// * Redistributions of source code must retain the above copyright +// notice, this list of conditions and the following disclaimer. +// * Redistributions in binary form must reproduce the above copyright +// notice, this list of conditions and the following disclaimer in +// the documentation and/or other materials provided with the +// distribution. +// * Neither the name of Baidu, Inc., nor the names of its +// contributors may be used to endorse or promote products derived +// from this software without specific prior written permission. +// +// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +#![crate_name = "helloworldsampleenclave"] +#![crate_type = "staticlib"] + +#![cfg_attr(not(target_env = "sgx"), no_std)] +#![cfg_attr(target_env = "sgx", feature(rustc_private))] + +extern crate sgx_types; +#[cfg(not(target_env = "sgx"))] +#[macro_use] +extern crate sgx_tstd as std; + +use sgx_types::*; +use std::string::String; +use std::vec::Vec; +use std::io::{self, Write}; +use std::slice; +use std::sgxfs::SgxFile; + +#[no_mangle] +pub extern "C" fn say_something(some_string: *const u8, some_len: usize) -> sgx_status_t { + + let mut file = SgxFile::create("test").unwrap(); + file.write(b"hello").unwrap(); + + // Ocall to normal world for output + println!("{}", "hello"); + + sgx_status_t::SGX_SUCCESS +} \ No newline at end of file diff --git a/hello-rust/enclave/x86_64-unknown-linux-sgx.json b/hello-rust/enclave/x86_64-unknown-linux-sgx.json new file mode 100644 index 0000000..10d37a7 --- /dev/null +++ b/hello-rust/enclave/x86_64-unknown-linux-sgx.json @@ -0,0 +1,31 @@ +{ + "arch": "x86_64", + "cpu": "x86-64", + "data-layout": "e-m:e-i64:64-f80:128-n8:16:32:64-S128", + "dynamic-linking": true, + "env": "sgx", + "exe-allocation-crate": "alloc_system", + "executables": true, + "has-elf-tls": true, + "has-rpath": true, + "linker-flavor": "gcc", + "linker-is-gnu": true, + "llvm-target": "x86_64-unknown-linux-gnu", + "max-atomic-width": 64, + "os": "linux", + "position-independent-executables": true, + "pre-link-args": { + "gcc": [ + "-Wl,--as-needed", + "-Wl,-z,noexecstack", + "-m64" + ] + }, + "relro-level": "full", + "stack-probes": true, + "target-c-int-width": "32", + "target-endian": "little", + "target-family": "unix", + "target-pointer-width": "64", + "vendor": "mesalock" +} diff --git a/hello-rust/lib/readme.txt b/hello-rust/lib/readme.txt new file mode 100644 index 0000000..7951405 --- /dev/null +++ b/hello-rust/lib/readme.txt @@ -0,0 +1 @@ +lib \ No newline at end of file