diff --git a/codegen/data_enclave/bindings.h b/codegen/data_enclave/bindings.h index 96e82960..8234ced6 100644 --- a/codegen/data_enclave/bindings.h +++ b/codegen/data_enclave/bindings.h @@ -12,24 +12,6 @@ */ #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16)) -typedef enum CreateReportResult_Tag { - Success, - Sgx, - FailedToGetPublicKey, - FailedEncodePublicKey, -} CreateReportResult_Tag; - -typedef struct CreateReportResult { - CreateReportResult_Tag tag; - union { - struct { - sgx_status_t sgx; - }; - }; -} CreateReportResult; - -typedef uint8_t EnclaveHeldData[ENCLAVE_HELD_DATA_SIZE]; - typedef struct DataUploadResponse { uint8_t ciphertext[DATA_UPLOAD_RESPONSE_LEN]; uint8_t nonce[24]; @@ -93,3 +75,21 @@ typedef struct UploadMetadata { uint8_t uploader_pub_key[32]; uint8_t nonce[24]; } UploadMetadata; + +typedef enum CreateReportResult_Tag { + Success, + Sgx, + FailedToGetPublicKey, + FailedEncodePublicKey, +} CreateReportResult_Tag; + +typedef struct CreateReportResult { + CreateReportResult_Tag tag; + union { + struct { + sgx_status_t sgx; + }; + }; +} CreateReportResult; + +typedef uint8_t EnclaveHeldData[ENCLAVE_HELD_DATA_SIZE]; diff --git a/rtc_auth_enclave/Cargo.lock b/rtc_auth_enclave/Cargo.lock index ac294f7b..02e76914 100644 --- a/rtc_auth_enclave/Cargo.lock +++ b/rtc_auth_enclave/Cargo.lock @@ -32,6 +32,12 @@ version = "1.2.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "cf1de2fe8c75bc145a2f577add951f8134889b4795d47466a54a5c846d691693" +[[package]] +name = "bumpalo" +version = "3.6.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "63396b8a4b9de3f4fdfb320ab6080762242f66a8ef174c49d8e19b674db4cdbe" + [[package]] name = "cbindgen" version = "0.19.0" @@ -57,6 +63,12 @@ version = "1.0.67" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e3c69b077ad434294d3ce9f1f6143a2a4b89a8a2d54ef813d85003a4fd1137fd" +[[package]] +name = "cfg-if" +version = "0.1.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4785bdd1c96b2a846b2bd7cc02e86b6b3dbf14e7e53446c4f54c92a361040822" + [[package]] name = "cfg-if" version = "1.0.0" @@ -78,13 +90,24 @@ dependencies = [ "vec_map", ] +[[package]] +name = "getrandom" +version = "0.1.14" +source = "git+https://github.com/mesalock-linux/getrandom-sgx#0aa9cc20c7dea713ccaac2c44430d625a395ebae" +dependencies = [ + "cfg-if 0.1.10", + "sgx_libc", + "sgx_trts", + "sgx_tstd", +] + [[package]] name = "getrandom" version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9495705279e7140bf035dde1f6e750c162df8b625267cd52cc44e0b156732c8" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", "wasi", ] @@ -118,6 +141,12 @@ dependencies = [ "libc", ] +[[package]] +name = "index-fixed" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4161ceaf2f41b6cd3f6502f5da085d4ad4393a51e0c70ed2fce1d5698d798fae" + [[package]] name = "indexmap" version = "1.6.2" @@ -134,6 +163,21 @@ version = "0.4.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dd25036021b0de88a0aff6b850051563c6516d0bf53f8638938edbb9de732736" +[[package]] +name = "js-sys" +version = "0.3.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83bdfbace3a0e81a4253f73b49e960b053e396a11012cbd49b9b74d6a2b67062" +dependencies = [ + "wasm-bindgen", +] + +[[package]] +name = "lazy_static" +version = "1.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" + [[package]] name = "libc" version = "0.2.94" @@ -146,9 +190,20 @@ version = "0.4.14" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "51b9bbe6c47d51fc3e1a9b945965946b4c44142ab8792c50835a980d362c2710" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", ] +[[package]] +name = "once_cell" +version = "1.7.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "af8b08b04175473088b46763e51ee54da5f9a164bc162f615b91bc179dbf15a3" + +[[package]] +name = "ppv-lite86" +version = "0.2.6" +source = "git+https://github.com/mesalock-linux/cryptocorrosion-sgx#32d7de50b5f03a10fe5a42167410be2dd3c2e389" + [[package]] name = "ppv-lite86" version = "0.2.10" @@ -173,6 +228,17 @@ dependencies = [ "proc-macro2", ] +[[package]] +name = "rand" +version = "0.7.3" +source = "git+https://github.com/mesalock-linux/rand-sgx?tag=v0.7.3_sgx1.1.3#83583f073de3b4f75c3c3ef5e174d484ed941f85" +dependencies = [ + "getrandom 0.1.14", + "rand_chacha 0.2.2", + "rand_core 0.5.1", + "sgx_tstd", +] + [[package]] name = "rand" version = "0.8.3" @@ -180,19 +246,38 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0ef9e7e66b4468674bfcb0c81af8b7fa0bb154fa9f28eb840da5c447baeb8d7e" dependencies = [ "libc", - "rand_chacha", - "rand_core", + "rand_chacha 0.3.0", + "rand_core 0.6.2", "rand_hc", ] +[[package]] +name = "rand_chacha" +version = "0.2.2" +source = "git+https://github.com/mesalock-linux/rand-sgx?tag=v0.7.3_sgx1.1.3#83583f073de3b4f75c3c3ef5e174d484ed941f85" +dependencies = [ + "ppv-lite86 0.2.6", + "rand_core 0.5.1", + "sgx_tstd", +] + [[package]] name = "rand_chacha" version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e12735cf05c9e10bf21534da50a147b924d555dc7a547c42e6bb2d5b6017ae0d" dependencies = [ - "ppv-lite86", - "rand_core", + "ppv-lite86 0.2.10", + "rand_core 0.6.2", +] + +[[package]] +name = "rand_core" +version = "0.5.1" +source = "git+https://github.com/mesalock-linux/rand-sgx?tag=v0.7.3_sgx1.1.3#83583f073de3b4f75c3c3ef5e174d484ed941f85" +dependencies = [ + "getrandom 0.1.14", + "sgx_tstd", ] [[package]] @@ -201,7 +286,7 @@ version = "0.6.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "34cf66eb183df1c5876e2dcf6b13d57340741e8dc255b48e40a26de954d06ae7" dependencies = [ - "getrandom", + "getrandom 0.2.2", ] [[package]] @@ -210,7 +295,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3190ef7066a446f2e7f42e239d161e905420ccab01eb967c9eb27d21b2322a73" dependencies = [ - "rand_core", + "rand_core 0.6.2", ] [[package]] @@ -231,15 +316,49 @@ dependencies = [ "winapi", ] +[[package]] +name = "ring" +version = "0.17.0-alpha.10" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "55ae9a4d2975bdd8254d7bcdd2261be62b42b8920f903ec682b08cdc11b87af2" +dependencies = [ + "cc", + "libc", + "once_cell", + "spin", + "untrusted", + "web-sys", + "winapi", +] + [[package]] name = "rtc_auth_enclave" version = "0.1.0" dependencies = [ "cbindgen", "cc", + "rtc_tenclave", "rtc_types", "sgx_tstd", - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git)", + "sgx_types", +] + +[[package]] +name = "rtc_tenclave" +version = "0.1.0" +dependencies = [ + "cfg-if 1.0.0", + "rand 0.7.3", + "ring", + "rtc_types", + "secrecy", + "sgx_tcrypto", + "sgx_tse", + "sgx_tstd", + "sgx_types", + "sodalite", + "thiserror 1.0.9", + "zeroize", ] [[package]] @@ -247,7 +366,7 @@ name = "rtc_types" version = "0.1.0" dependencies = [ "sgx_tstd", - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git)", + "sgx_types", "thiserror 1.0.24", "thiserror 1.0.9", ] @@ -258,6 +377,15 @@ version = "1.0.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "71d301d4193d031abdd79ff7e3dd721168a9572ef3fe51a1517aba235bd8f86e" +[[package]] +name = "secrecy" +version = "0.7.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0673d6a6449f5e7d12a1caf424fd9363e2af3a4953023ed455e3c4beef4597c0" +dependencies = [ + "zeroize", +] + [[package]] name = "serde" version = "1.0.125" @@ -319,7 +447,15 @@ name = "sgx_libc" version = "1.1.3" source = "git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3#a6a172e652b4db4eaa17e4faa078fda8922abdd0" dependencies = [ - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3)", + "sgx_types", +] + +[[package]] +name = "sgx_tcrypto" +version = "1.1.3" +source = "git+https://github.com/apache/teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" +dependencies = [ + "sgx_types", ] [[package]] @@ -328,7 +464,7 @@ version = "1.1.3" source = "git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3#a6a172e652b4db4eaa17e4faa078fda8922abdd0" dependencies = [ "sgx_trts", - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3)", + "sgx_types", ] [[package]] @@ -337,7 +473,15 @@ version = "1.1.3" source = "git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3#a6a172e652b4db4eaa17e4faa078fda8922abdd0" dependencies = [ "sgx_libc", - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3)", + "sgx_types", +] + +[[package]] +name = "sgx_tse" +version = "1.1.3" +source = "git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3#a6a172e652b4db4eaa17e4faa078fda8922abdd0" +dependencies = [ + "sgx_types", ] [[package]] @@ -352,19 +496,14 @@ dependencies = [ "sgx_libc", "sgx_tprotected_fs", "sgx_trts", - "sgx_types 1.1.3 (git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3)", + "sgx_types", "sgx_unwind", ] [[package]] name = "sgx_types" version = "1.1.3" -source = "git+https://github.com/apache/teaclave-sgx-sdk.git?rev=v1.1.3#a6a172e652b4db4eaa17e4faa078fda8922abdd0" - -[[package]] -name = "sgx_types" -version = "1.1.3" -source = "git+https://github.com/apache/teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" [[package]] name = "sgx_unwind" @@ -374,6 +513,21 @@ dependencies = [ "sgx_build_helper", ] +[[package]] +name = "sodalite" +version = "0.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41784a359d15c58bba298cccb7f30a847a1a42d0620c9bdaa0aa42fdb3c280e0" +dependencies = [ + "index-fixed", +] + +[[package]] +name = "spin" +version = "0.5.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" + [[package]] name = "strsim" version = "0.8.0" @@ -397,9 +551,9 @@ version = "3.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "dac1c663cfc93810f88aed9b8941d48cabf856a1b111c29a40439018d870eb22" dependencies = [ - "cfg-if", + "cfg-if 1.0.0", "libc", - "rand", + "rand 0.8.3", "redox_syscall", "remove_dir_all", "winapi", @@ -480,6 +634,12 @@ version = "0.2.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ccb82d61f80a663efe1f787a51b16b5a51e3314d6ac365b08639f52387b33f3" +[[package]] +name = "untrusted" +version = "0.7.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" + [[package]] name = "vec_map" version = "0.8.2" @@ -492,6 +652,70 @@ version = "0.10.2+wasi-snapshot-preview1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fd6fbd9a79829dd1ad0cc20627bf1ed606756a7f77edff7b66b7064f9cb327c6" +[[package]] +name = "wasm-bindgen" +version = "0.2.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d54ee1d4ed486f78874278e63e4069fc1ab9f6a18ca492076ffb90c5eb2997fd" +dependencies = [ + "cfg-if 1.0.0", + "wasm-bindgen-macro", +] + +[[package]] +name = "wasm-bindgen-backend" +version = "0.2.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3b33f6a0694ccfea53d94db8b2ed1c3a8a4c86dd936b13b9f0a15ec4a451b900" +dependencies = [ + "bumpalo", + "lazy_static", + "log", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "088169ca61430fe1e58b8096c24975251700e7b1f6fd91cc9d59b04fb9b18bd4" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "be2241542ff3d9f241f5e2cb6dd09b37efe786df8851c54957683a49f0987a97" +dependencies = [ + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-backend", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.74" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7cff876b8f18eed75a66cf49b65e7f967cb354a7aa16003fb55dbfd25b44b4f" + +[[package]] +name = "web-sys" +version = "0.3.51" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e828417b379f3df7111d3a2a9e5753706cae29c41f7c4029ee9fd77f3e09e582" +dependencies = [ + "js-sys", + "wasm-bindgen", +] + [[package]] name = "winapi" version = "0.3.9" @@ -513,3 +737,9 @@ name = "winapi-x86_64-pc-windows-gnu" version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" + +[[package]] +name = "zeroize" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4756f7db3f7b5574938c3eb1c117038b8e07f95ee6718c0efad4ac21508f1efd" diff --git a/rtc_auth_enclave/Cargo.toml b/rtc_auth_enclave/Cargo.toml index 44335e81..00f416e2 100644 --- a/rtc_auth_enclave/Cargo.toml +++ b/rtc_auth_enclave/Cargo.toml @@ -19,3 +19,7 @@ sgx_tstd = { git = "https://github.com/apache/teaclave-sgx-sdk.git", features = rtc_types = { path = "../rtc_types", features = ["teaclave_sgx"]} [dependencies] +rtc_tenclave = { path = "../rtc_tenclave" } + +[patch."https://github.com/apache/teaclave-sgx-sdk.git"] +sgx_types = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git" } diff --git a/rtc_auth_enclave/build.rs b/rtc_auth_enclave/build.rs index b682a43c..e0c23490 100644 --- a/rtc_auth_enclave/build.rs +++ b/rtc_auth_enclave/build.rs @@ -37,8 +37,8 @@ fn main() { .with_language(cbindgen::Language::C) .with_no_includes() .with_parse_deps(true) - .with_parse_include(&["rtc_types"]) - .with_parse_extra_bindings(&["rtc_types"]) + .with_parse_include(&["rtc_types", "rtc_tenclave"]) + .with_parse_extra_bindings(&["rtc_types", "rtc_tenclave"]) .generate() .expect("Unable to generate bindings") .write_to_file("../codegen/auth_enclave/bindings.h"); diff --git a/rtc_auth_enclave/src/lib.rs b/rtc_auth_enclave/src/lib.rs index bbd00c79..5e7ea09b 100644 --- a/rtc_auth_enclave/src/lib.rs +++ b/rtc_auth_enclave/src/lib.rs @@ -8,12 +8,4 @@ use sgx_types::{sgx_report_t, sgx_status_t, sgx_target_info_t}; use rtc_types::{CreateReportResult, EnclaveHeldData}; -/// TODO: Stubbed out, for now. -#[no_mangle] -pub extern "C" fn enclave_create_report( - _p_qe3_target: *const sgx_target_info_t, - _enclave_pubkey: *mut EnclaveHeldData, - _p_report: *mut sgx_report_t, -) -> CreateReportResult { - CreateReportResult::Sgx(sgx_status_t::SGX_ERROR_UNEXPECTED) -} +use rtc_tenclave::enclave::*; diff --git a/rtc_data_enclave/Cargo.lock b/rtc_data_enclave/Cargo.lock index 870f16dd..d53d93de 100644 --- a/rtc_data_enclave/Cargo.lock +++ b/rtc_data_enclave/Cargo.lock @@ -449,6 +449,7 @@ dependencies = [ "ring", "rtc_types", "secrecy", + "sgx_tcrypto", "sgx_tse", "sgx_tstd", "sgx_types", diff --git a/rtc_data_enclave/build.rs b/rtc_data_enclave/build.rs index 6644958f..cb417415 100644 --- a/rtc_data_enclave/build.rs +++ b/rtc_data_enclave/build.rs @@ -37,8 +37,8 @@ fn main() { .with_language(cbindgen::Language::C) .with_no_includes() .with_parse_deps(true) - .with_parse_include(&["rtc_types"]) - .with_parse_extra_bindings(&["rtc_types"]) + .with_parse_include(&["rtc_types", "rtc_tenclave"]) + .with_parse_extra_bindings(&["rtc_types", "rtc_tenclave"]) .generate() .expect("Unable to generate bindings") .write_to_file("../codegen/data_enclave/bindings.h"); diff --git a/rtc_data_enclave/src/lib.rs b/rtc_data_enclave/src/lib.rs index 5a8604b6..cae96304 100644 --- a/rtc_data_enclave/src/lib.rs +++ b/rtc_data_enclave/src/lib.rs @@ -29,65 +29,7 @@ use std::prelude::v1::*; use sgx_tcrypto::rsgx_sha256_slice; use zeroize::Zeroize; -fn create_report_impl( - qe_target_info: &sgx_target_info_t, -) -> Result<([u8; ENCLAVE_HELD_PUB_KEY_SIZE], sgx_report_t), CreateReportResult> { - let crypto = SodaBoxCrypto::new(); - let pubkey = crypto.get_pubkey(); - - let pubkey_hash = match rsgx_sha256_slice(&pubkey) { - Ok(hash) => hash, - Err(err) => return Err(err.into()), - }; - - let mut p_data = sgx_report_data_t::default(); - p_data.d[0..32].copy_from_slice(&pubkey_hash); - - // AFAIK any SGX function with out-variables provide no guarantees on what - // data will be written to those variables in the case of failure. It is - // our responsibility to ensure data does not get leaked in the case - // of function failure. - match rsgx_create_report(qe_target_info, &p_data) { - Ok(report) => Ok((pubkey, report)), - Err(err) => Err(CreateReportResult::Sgx(err)), - } -} - -/// Creates and returns a report for the enclave alongside a public key used to encrypt -/// data sent to the enclave. -/// -/// # Safety -/// The pointers from SGX is expected to be valid, not-null, correctly aligned and of the -/// correct type. Sanity checks are done for null-pointers, but none of the other conditions. -#[no_mangle] -pub unsafe extern "C" fn enclave_create_report( - p_qe3_target: *const sgx_target_info_t, - enclave_pubkey: *mut EnclaveHeldData, - p_report: *mut sgx_report_t, -) -> CreateReportResult { - if p_qe3_target.is_null() || enclave_pubkey.is_null() || p_report.is_null() { - return sgx_status_t::SGX_ERROR_INVALID_PARAMETER.into(); - } - let qe_target_info = unsafe { &*p_qe3_target }; - let (key, report) = match create_report_impl(qe_target_info) { - Ok(res) => res, - Err(x) => { - unsafe { - // TODO: Use secrecy crate instead? This will allow for more - // guarantees and might make the code easier to audit - (*enclave_pubkey).zeroize(); - } - return x.into(); - } - }; - - unsafe { - *p_report = report; - (*enclave_pubkey).copy_from_slice(&key); - } - - CreateReportResult::Success -} +use rtc_tenclave::enclave::*; /// Validates and save a payload encrypted for the enclave /// diff --git a/rtc_tenclave/Cargo.lock b/rtc_tenclave/Cargo.lock index 4b766f79..3dd970af 100644 --- a/rtc_tenclave/Cargo.lock +++ b/rtc_tenclave/Cargo.lock @@ -166,6 +166,21 @@ dependencies = [ "sgx_tstd", ] +[[package]] +name = "rand_core" +version = "0.3.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7a6fdeb83b075e8266dcc8762c22776f6877a63111121f5f8c7411e5be7eed4b" +dependencies = [ + "rand_core 0.4.2", +] + +[[package]] +name = "rand_core" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9c33a3c44ca05fa6f1807d8e6743f3824e8509beca625669633be0acbdf509dc" + [[package]] name = "rand_core" version = "0.5.1" @@ -193,6 +208,15 @@ dependencies = [ "rand_core 0.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ] +[[package]] +name = "rdrand" +version = "0.6.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5014f842b5515f60c15d3bca398477951f785883f73e7f9bc8a9d9c9bb6821c7" +dependencies = [ + "rand_core 0.4.2", +] + [[package]] name = "ring" version = "0.17.0-alpha.10" @@ -218,9 +242,11 @@ dependencies = [ "ring", "rtc_types", "secrecy", + "sgx_tcrypto", "sgx_tse", "sgx_tstd", "sgx_types", + "sgx_ucrypto", "sodalite", "thiserror 1.0.24", "thiserror 1.0.9", @@ -279,6 +305,14 @@ dependencies = [ "sgx_types", ] +[[package]] +name = "sgx_tcrypto" +version = "1.1.3" +source = "git+https://github.com/apache/teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" +dependencies = [ + "sgx_types", +] + [[package]] name = "sgx_tprotected_fs" version = "1.1.3" @@ -326,6 +360,17 @@ name = "sgx_types" version = "1.1.3" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" +[[package]] +name = "sgx_ucrypto" +version = "1.1.3" +source = "git+https://github.com/apache/teaclave-sgx-sdk.git#c2698dc2685f8dcd9550086c62077bceff15ded0" +dependencies = [ + "libc", + "rand_core 0.3.1", + "rdrand", + "sgx_types", +] + [[package]] name = "sgx_unwind" version = "0.1.1" diff --git a/rtc_tenclave/Cargo.toml b/rtc_tenclave/Cargo.toml index 0dca9f5c..d7bc98a0 100644 --- a/rtc_tenclave/Cargo.toml +++ b/rtc_tenclave/Cargo.toml @@ -11,7 +11,7 @@ doctest = false crate-type = ["lib"] [features] -default = ["sgx_tstd", "sgx_tse", "rtc_types/teaclave_sgx", "rand", "thiserror"] +default = ["sgx_tstd", "sgx_tse", "rtc_types/teaclave_sgx", "rand", "thiserror", "sgx_tcrypto"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -21,6 +21,7 @@ sgx_tstd = { git = "https://github.com/apache/teaclave-sgx-sdk.git", features = sgx_tse = { git = "https://github.com/apache/teaclave-sgx-sdk.git" , rev = "v1.1.3", optional = true } rand = { git = "https://github.com/mesalock-linux/rand-sgx", tag = "v0.7.3_sgx1.1.3", optional = true } thiserror = { git = "https://github.com/mesalock-linux/thiserror-sgx.git", optional = true } +sgx_tcrypto = { git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true } rtc_types = { path = "../rtc_types" } sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git", features = ["extra_traits"]} @@ -36,6 +37,7 @@ cfg-if = "1.0.0" [dev-dependencies] thiserror_std = { package = "thiserror", version = "1.0.9" } rand_std = { package = "rand", version = "0.7.3" } +sgx_ucrypto = { git = "https://github.com/apache/teaclave-sgx-sdk.git" } [patch."https://github.com/apache/teaclave-sgx-sdk.git"] diff --git a/rtc_tenclave/src/enclave.rs b/rtc_tenclave/src/enclave.rs new file mode 100644 index 00000000..06e04592 --- /dev/null +++ b/rtc_tenclave/src/enclave.rs @@ -0,0 +1,97 @@ +use crate::crypto::{RtcCrypto, SodaBoxCrypto}; +use rtc_types::{CreateReportResult, EnclaveHeldData, ENCLAVE_HELD_PUB_KEY_SIZE}; +use secrecy::Zeroize; +use sgx_tcrypto::rsgx_sha256_slice; +use sgx_types::*; + +#[cfg(not(test))] +use sgx_tse::rsgx_create_report; + +#[cfg(test)] +use mock::mock_rsgx_create_report as rsgx_create_report; + +fn create_report_impl( + qe_target_info: &sgx_target_info_t, +) -> Result<([u8; ENCLAVE_HELD_PUB_KEY_SIZE], sgx_report_t), CreateReportResult> { + let crypto = SodaBoxCrypto::new(); + let pubkey = crypto.get_pubkey(); + + let pubkey_hash = match rsgx_sha256_slice(&pubkey) { + Ok(hash) => hash, + Err(err) => return Err(err.into()), + }; + + let mut p_data = sgx_report_data_t::default(); + p_data.d[0..32].copy_from_slice(&pubkey_hash); + + // AFAIK any SGX function with out-variables provide no guarantees on what + // data will be written to those variables in the case of failure. It is + // our responsibility to ensure data does not get leaked in the case + // of function failure. + match rsgx_create_report(qe_target_info, &p_data) { + Ok(report) => Ok((pubkey, report)), + Err(err) => Err(CreateReportResult::Sgx(err)), + } +} + +/// Creates and returns a report for the enclave alongside a public key used to encrypt +/// data sent to the enclave. +/// +/// # Safety +/// The pointers from SGX is expected to be valid, not-null, correctly aligned and of the +/// correct type. Sanity checks are done for null-pointers, but none of the other conditions. +#[no_mangle] +pub unsafe extern "C" fn enclave_create_report( + p_qe3_target: *const sgx_target_info_t, + enclave_pubkey: *mut EnclaveHeldData, + p_report: *mut sgx_report_t, +) -> CreateReportResult { + if p_qe3_target.is_null() || enclave_pubkey.is_null() || p_report.is_null() { + return sgx_status_t::SGX_ERROR_INVALID_PARAMETER.into(); + } + let qe_target_info = unsafe { &*p_qe3_target }; + let (key, report) = match create_report_impl(qe_target_info) { + Ok(res) => res, + Err(x) => { + unsafe { + (*enclave_pubkey).zeroize(); + } + return x.into(); + } + }; + + unsafe { + *p_report = report; + (*enclave_pubkey).copy_from_slice(&key); + } + + CreateReportResult::Success +} + +#[cfg(test)] +mod mock { + use sgx_types::*; + + #[allow(unused_variables)] + pub(crate) fn mock_rsgx_create_report( + target_info: &sgx_target_info_t, + report_data: &sgx_report_data_t, + ) -> Result { + Ok(sgx_report_t::default()) + } +} + +#[cfg(test)] +mod test { + use super::*; + #[test] + fn enclave_create_report_ok() { + let qe_ti = sgx_target_info_t::default(); + let mut pubkey_out = EnclaveHeldData::default(); + let mut report_out = sgx_report_t::default(); + + let result = unsafe { enclave_create_report(&qe_ti, &mut pubkey_out, &mut report_out) }; + + assert_eq!(result, CreateReportResult::Success); + } +} diff --git a/rtc_tenclave/src/lib.rs b/rtc_tenclave/src/lib.rs index 61d71bcf..db0d3873 100644 --- a/rtc_tenclave/src/lib.rs +++ b/rtc_tenclave/src/lib.rs @@ -15,8 +15,10 @@ cfg_if::cfg_if! { if #[cfg(test)] { extern crate thiserror_std as thiserror; extern crate rand_std as rand; + extern crate sgx_ucrypto as sgx_tcrypto; } } pub mod crypto; +pub mod enclave; pub mod util;