Merge pull request #60 from registreerocks/he-local-attestation

Add local attestation support

Cargo.toml

@@ -8,6 +8,7 @@ members = [
     "rtc_uenclave/data-sys",
     "rtc_uenclave/auth-sys",
     "rtc_uenclave/rtc-ecalls",
+    "rtc_udh",
 ]
 # TODO: Look at creating a seperate workspace for enclave code to share lockfile?
 exclude = [

HACKING.md

@@ -29,3 +29,33 @@ However, also note that Cargo currently has this limitation:
 
 This prevents patching a repository reference to a different revision in the same repository,
 which makes some SGX-patched packages (such as `serde-sgx` and `serde-json-sgx`) tricky to deal with.
+
+
+## Aligned memory allocation for secret values
+
+In enclave code, all memory allocations for sensitive secret values (such as cryptographic keys)
+must be padded and aligned to protect against certain cache timing side-channel attacks,
+as detailed in the Intel's INTEL-SA-00219  Developer Guidance.
+
+The Rust SGX SDK [provides primitives] (`AlignBox` and `sgx_align_*`) to help implement this guidance,
+but other enclave secrets must also be allocated similarly.
+
+[provides primitives]: https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX#rust-sgx-provided-primitive
+
+In particular, care must be taken to allocate aligned memory _before_ initialising secrets in it,
+rather than initialising secrets in unaligned memory and then moving them to aligned memory.
+
+In this codebase, also see the `AlignedKey` type in the `rtc_tenclave::dh::types` module.
+
+Background:
+
+* [CVE-2019-0117](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0117)
+* [Intel SGX SDK Developer Guidance INTEL-SA-00219](https://software.intel.com/content/www/us/en/develop/download/intel-sgx-sdk-developer-guidance-intel-sa-00219.html)
+  ([PDF](https://software.intel.com/content/dam/develop/public/us/en/documents/intel-sgx-sdk-developer-guidance-intel-sa-00219.pdf))
+
+
+Rust SGX SDK:
+
+* [v1.1.0 release notes](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/v1.1.0/release_notes.md#rust-sgx-sdk-v110)
+* [Mitigation of Intel SA 00219 in Rust SGX](https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX)
+

buildenv.mk

@@ -166,4 +166,7 @@ ENCLAVE_LDFLAGS  = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefi
 ENCLAVE_CFLAGS += $(MITIGATION_CFLAGS)
 ENCLAVE_ASFLAGS = $(MITIGATION_ASFLAGS)
 
+# RTC SPECIFIC
+RTC_EDL_PATH = /root/rtc-data/edl
+
 

codegen/auth_enclave/bindings.h

@@ -12,6 +12,50 @@
  */
 #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16))
 
+/**
+ * FFI safe result type that can be converted to and from a rust result.
+ */
+typedef enum EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag {
+  Ok_sgx_dh_msg1_t__sgx_status_t,
+  Err_sgx_dh_msg1_t__sgx_status_t,
+} EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag;
+
+typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t {
+  EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag tag;
+  union {
+    struct {
+      sgx_dh_msg1_t ok;
+    };
+    struct {
+      sgx_status_t err;
+    };
+  };
+} EcallResult_sgx_dh_msg1_t__sgx_status_t;
+
+typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t SessionRequestResult;
+
+/**
+ * FFI safe result type that can be converted to and from a rust result.
+ */
+typedef enum EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag {
+  Ok_sgx_dh_msg3_t__sgx_status_t,
+  Err_sgx_dh_msg3_t__sgx_status_t,
+} EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag;
+
+typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t {
+  EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag tag;
+  union {
+    struct {
+      sgx_dh_msg3_t ok;
+    };
+    struct {
+      sgx_status_t err;
+    };
+  };
+} EcallResult_sgx_dh_msg3_t__sgx_status_t;
+
+typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t ExchangeReportResult;
+
 typedef enum CreateReportResult_Tag {
   Success,
   Sgx,