From eacb25eb32f5fc30bc66cb5469a7a4e760115c58 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Sun, 8 Sep 2024 15:37:12 +0900 Subject: [PATCH 01/30] remove rust-sgx-sdk dir Signed-off-by: Jun Kimura --- ImportRustSGXSDK.mk | 22 - Makefile | 15 +- rust-sgx-sdk/buildenv.mk => buildenv.mk | 0 enclave/Enclave.edl | 13 - rust-sgx-sdk/Readme.md | 5 - rust-sgx-sdk/common/inc/assert.h | 63 --- rust-sgx-sdk/common/inc/complex.h | 134 ------ rust-sgx-sdk/common/inc/ctype.h | 65 --- rust-sgx-sdk/common/inc/dirent.h | 48 -- rust-sgx-sdk/common/inc/endian.h | 33 -- rust-sgx-sdk/common/inc/errno.h | 187 -------- rust-sgx-sdk/common/inc/float.h | 84 ---- rust-sgx-sdk/common/inc/inttypes.h | 330 -------------- rust-sgx-sdk/common/inc/iso646.h | 26 -- rust-sgx-sdk/common/inc/limits.h | 41 -- rust-sgx-sdk/common/inc/math.h | 430 ------------------ rust-sgx-sdk/common/inc/mbusafecrt.h | 85 ---- rust-sgx-sdk/common/inc/netdb.h | 41 -- rust-sgx-sdk/common/inc/poll.h | 38 -- rust-sgx-sdk/common/inc/pthread.h | 34 -- rust-sgx-sdk/common/inc/pwd.h | 40 -- rust-sgx-sdk/common/inc/sched.h | 62 --- rust-sgx-sdk/common/inc/setjmp.h | 65 --- rust-sgx-sdk/common/inc/signal.h | 104 ----- rust-sgx-sdk/common/inc/stdarg.h | 48 -- rust-sgx-sdk/common/inc/stdbool.h | 44 -- rust-sgx-sdk/common/inc/stddef.h | 70 --- rust-sgx-sdk/common/inc/stdint.h | 24 - rust-sgx-sdk/common/inc/stdio.h | 95 ---- rust-sgx-sdk/common/inc/stdlib.h | 153 ------- rust-sgx-sdk/common/inc/string.h | 130 ------ rust-sgx-sdk/common/inc/sys/_types.h | 168 ------- rust-sgx-sdk/common/inc/sys/cdefs.h | 132 ------ rust-sgx-sdk/common/inc/sys/endian.h | 54 --- rust-sgx-sdk/common/inc/sys/epoll.h | 42 -- rust-sgx-sdk/common/inc/sys/ieee.h | 145 ------ rust-sgx-sdk/common/inc/sys/limits.h | 77 ---- rust-sgx-sdk/common/inc/sys/sockaddr.h | 32 -- rust-sgx-sdk/common/inc/sys/socket.h | 54 --- rust-sgx-sdk/common/inc/sys/stat.h | 127 ------ rust-sgx-sdk/common/inc/sys/stdint.h | 260 ----------- rust-sgx-sdk/common/inc/sys/struct_timespec.h | 37 -- rust-sgx-sdk/common/inc/sys/types.h | 129 ------ rust-sgx-sdk/common/inc/sys/uio.h | 35 -- rust-sgx-sdk/common/inc/time.h | 105 ----- rust-sgx-sdk/common/inc/unistd.h | 59 --- rust-sgx-sdk/common/inc/wchar.h | 143 ------ rust-sgx-sdk/common/inc/wctype.h | 80 ---- rust-sgx-sdk/dockerfile/02_binutils.sh | 19 - rust-sgx-sdk/dockerfile/03_sdk.sh | 20 - rust-sgx-sdk/dockerfile/04_psw.sh | 32 -- rust-sgx-sdk/dockerfile/04_psw_rpm.sh | 9 - rust-sgx-sdk/dockerfile/05_rust.sh | 8 - .../dockerfile/Dockerfile.1804.nightly | 42 -- .../dockerfile/Dockerfile.2004.nightly | 45 -- .../dockerfile/Dockerfile.centos8.nightly | 34 -- rust-sgx-sdk/dockerfile/build.sh | 19 - rust-sgx-sdk/dockerfile/push.sh | 22 - rust-sgx-sdk/edl/inc/dirent.h | 39 -- rust-sgx-sdk/edl/inc/stat.h | 65 --- rust-sgx-sdk/edl/intel/sgx_dcap_tvl.edl | 73 --- rust-sgx-sdk/edl/intel/sgx_pthread.edl | 38 -- rust-sgx-sdk/edl/intel/sgx_tkey_exchange.edl | 49 -- rust-sgx-sdk/edl/intel/sgx_tprotected_fs.edl | 47 -- rust-sgx-sdk/edl/intel/sgx_tstdc.edl | 48 -- rust-sgx-sdk/edl/intel/sgx_tswitchless.edl | 39 -- rust-sgx-sdk/edl/intel/sgx_ttls.edl | 62 --- rust-sgx-sdk/edl/sgx_asyncio.edl | 33 -- rust-sgx-sdk/edl/sgx_backtrace.edl | 31 -- rust-sgx-sdk/edl/sgx_env.edl | 40 -- rust-sgx-sdk/edl/sgx_fd.edl | 57 --- rust-sgx-sdk/edl/sgx_file.edl | 66 --- rust-sgx-sdk/edl/sgx_fs.edl | 31 -- rust-sgx-sdk/edl/sgx_mem.edl | 40 -- rust-sgx-sdk/edl/sgx_net.edl | 41 -- rust-sgx-sdk/edl/sgx_net_switchless.edl | 92 ---- rust-sgx-sdk/edl/sgx_pipe.edl | 31 -- rust-sgx-sdk/edl/sgx_process.edl | 28 -- rust-sgx-sdk/edl/sgx_signal.edl | 43 -- rust-sgx-sdk/edl/sgx_socket.edl | 111 ----- rust-sgx-sdk/edl/sgx_stdio.edl | 29 -- rust-sgx-sdk/edl/sgx_sys.edl | 32 -- rust-sgx-sdk/edl/sgx_thread.edl | 32 -- rust-sgx-sdk/edl/sgx_time.edl | 29 -- rust-sgx-sdk/edl/sgx_tstd.edl | 38 -- rust-sgx-sdk/version | 1 - rust-toolchain | 2 +- 87 files changed, 6 insertions(+), 5719 deletions(-) delete mode 100755 ImportRustSGXSDK.mk rename rust-sgx-sdk/buildenv.mk => buildenv.mk (100%) delete mode 100644 rust-sgx-sdk/Readme.md delete mode 100644 rust-sgx-sdk/common/inc/assert.h delete mode 100644 rust-sgx-sdk/common/inc/complex.h delete mode 100644 rust-sgx-sdk/common/inc/ctype.h delete mode 100644 rust-sgx-sdk/common/inc/dirent.h delete mode 100644 rust-sgx-sdk/common/inc/endian.h delete mode 100644 rust-sgx-sdk/common/inc/errno.h delete mode 100644 rust-sgx-sdk/common/inc/float.h delete mode 100644 rust-sgx-sdk/common/inc/inttypes.h delete mode 100644 rust-sgx-sdk/common/inc/iso646.h delete mode 100644 rust-sgx-sdk/common/inc/limits.h delete mode 100644 rust-sgx-sdk/common/inc/math.h delete mode 100644 rust-sgx-sdk/common/inc/mbusafecrt.h delete mode 100644 rust-sgx-sdk/common/inc/netdb.h delete mode 100644 rust-sgx-sdk/common/inc/poll.h delete mode 100644 rust-sgx-sdk/common/inc/pthread.h delete mode 100644 rust-sgx-sdk/common/inc/pwd.h delete mode 100644 rust-sgx-sdk/common/inc/sched.h delete mode 100644 rust-sgx-sdk/common/inc/setjmp.h delete mode 100644 rust-sgx-sdk/common/inc/signal.h delete mode 100644 rust-sgx-sdk/common/inc/stdarg.h delete mode 100644 rust-sgx-sdk/common/inc/stdbool.h delete mode 100644 rust-sgx-sdk/common/inc/stddef.h delete mode 100644 rust-sgx-sdk/common/inc/stdint.h delete mode 100644 rust-sgx-sdk/common/inc/stdio.h delete mode 100644 rust-sgx-sdk/common/inc/stdlib.h delete mode 100644 rust-sgx-sdk/common/inc/string.h delete mode 100644 rust-sgx-sdk/common/inc/sys/_types.h delete mode 100644 rust-sgx-sdk/common/inc/sys/cdefs.h delete mode 100644 rust-sgx-sdk/common/inc/sys/endian.h delete mode 100644 rust-sgx-sdk/common/inc/sys/epoll.h delete mode 100644 rust-sgx-sdk/common/inc/sys/ieee.h delete mode 100644 rust-sgx-sdk/common/inc/sys/limits.h delete mode 100644 rust-sgx-sdk/common/inc/sys/sockaddr.h delete mode 100644 rust-sgx-sdk/common/inc/sys/socket.h delete mode 100644 rust-sgx-sdk/common/inc/sys/stat.h delete mode 100644 rust-sgx-sdk/common/inc/sys/stdint.h delete mode 100644 rust-sgx-sdk/common/inc/sys/struct_timespec.h delete mode 100644 rust-sgx-sdk/common/inc/sys/types.h delete mode 100644 rust-sgx-sdk/common/inc/sys/uio.h delete mode 100644 rust-sgx-sdk/common/inc/time.h delete mode 100644 rust-sgx-sdk/common/inc/unistd.h delete mode 100644 rust-sgx-sdk/common/inc/wchar.h delete mode 100644 rust-sgx-sdk/common/inc/wctype.h delete mode 100644 rust-sgx-sdk/dockerfile/02_binutils.sh delete mode 100644 rust-sgx-sdk/dockerfile/03_sdk.sh delete mode 100644 rust-sgx-sdk/dockerfile/04_psw.sh delete mode 100644 rust-sgx-sdk/dockerfile/04_psw_rpm.sh delete mode 100644 rust-sgx-sdk/dockerfile/05_rust.sh delete mode 100644 rust-sgx-sdk/dockerfile/Dockerfile.1804.nightly delete mode 100644 rust-sgx-sdk/dockerfile/Dockerfile.2004.nightly delete mode 100644 rust-sgx-sdk/dockerfile/Dockerfile.centos8.nightly delete mode 100755 rust-sgx-sdk/dockerfile/build.sh delete mode 100755 rust-sgx-sdk/dockerfile/push.sh delete mode 100644 rust-sgx-sdk/edl/inc/dirent.h delete mode 100644 rust-sgx-sdk/edl/inc/stat.h delete mode 100644 rust-sgx-sdk/edl/intel/sgx_dcap_tvl.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_pthread.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_tkey_exchange.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_tprotected_fs.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_tstdc.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_tswitchless.edl delete mode 100644 rust-sgx-sdk/edl/intel/sgx_ttls.edl delete mode 100644 rust-sgx-sdk/edl/sgx_asyncio.edl delete mode 100644 rust-sgx-sdk/edl/sgx_backtrace.edl delete mode 100644 rust-sgx-sdk/edl/sgx_env.edl delete mode 100644 rust-sgx-sdk/edl/sgx_fd.edl delete mode 100644 rust-sgx-sdk/edl/sgx_file.edl delete mode 100644 rust-sgx-sdk/edl/sgx_fs.edl delete mode 100644 rust-sgx-sdk/edl/sgx_mem.edl delete mode 100644 rust-sgx-sdk/edl/sgx_net.edl delete mode 100644 rust-sgx-sdk/edl/sgx_net_switchless.edl delete mode 100644 rust-sgx-sdk/edl/sgx_pipe.edl delete mode 100644 rust-sgx-sdk/edl/sgx_process.edl delete mode 100644 rust-sgx-sdk/edl/sgx_signal.edl delete mode 100644 rust-sgx-sdk/edl/sgx_socket.edl delete mode 100644 rust-sgx-sdk/edl/sgx_stdio.edl delete mode 100644 rust-sgx-sdk/edl/sgx_sys.edl delete mode 100644 rust-sgx-sdk/edl/sgx_thread.edl delete mode 100644 rust-sgx-sdk/edl/sgx_time.edl delete mode 100644 rust-sgx-sdk/edl/sgx_tstd.edl delete mode 100644 rust-sgx-sdk/version diff --git a/ImportRustSGXSDK.mk b/ImportRustSGXSDK.mk deleted file mode 100755 index 6cc39108..00000000 --- a/ImportRustSGXSDK.mk +++ /dev/null @@ -1,22 +0,0 @@ -# helper script to fetch the files in rust-sgx-sdk to the target version - -GIT = git -CP = cp - -REPO = https://github.com/apache/incubator-teaclave-sgx-sdk -SDK_PATH_GIT = rust-sgx-sdk-github -SDK_PATH = rust-sgx-sdk -VERSION_FILE = rust-sgx-sdk/version -TARGET_VERSION = $(shell cat $(VERSION_FILE)) -COMMAND = git ls-remote $(REPO) HEAD | awk '{ print $$1 }' - -updatesdk: - @echo Target version = $(TARGET_VERSION) - - @rm -rf $(SDK_PATH_GIT) - @$(GIT) clone $(REPO) $(SDK_PATH_GIT) - @cd $(SDK_PATH_GIT) && $(GIT) checkout $(TARGET_VERSION) && cd .. - rsync -a $(SDK_PATH_GIT)/edl $(SDK_PATH) - rsync -a $(SDK_PATH_GIT)/common $(SDK_PATH) - rsync -a $(SDK_PATH_GIT)/dockerfile $(SDK_PATH) - rm -rf $(SDK_PATH_GIT) diff --git a/Makefile b/Makefile index 5705ee3f..3c05d862 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,3 @@ -######## Import SGX SDK ######## -include ImportRustSGXSDK.mk - ######## SGX SDK Settings ######## SGX_SDK ?= /opt/sgxsdk SGX_MODE ?= HW @@ -9,7 +6,7 @@ SGX_DEBUG ?= 0 SGX_PRERELEASE ?= 0 SGX_PRODUCTION ?= 0 -include rust-sgx-sdk/buildenv.mk +include buildenv.mk ifeq ($(shell getconf LONG_BIT), 32) SGX_ARCH := x86 @@ -73,8 +70,6 @@ endif CUSTOM_LIBRARY_PATH := ./lib CUSTOM_BIN_PATH := ./bin -CUSTOM_EDL_PATH := ./rust-sgx-sdk/edl -CUSTOM_COMMON_PATH := ./rust-sgx-sdk/common ######## EDL Settings ######## @@ -84,7 +79,7 @@ Enclave_EDL_Files := enclave/Enclave_t.c enclave/Enclave_t.h app/Enclave_u.c app App_Rust_Flags := $(CARGO_TARGET) $(APP_CARGO_FEATURES) App_SRC_Files := $(shell find app/ -type f -name '*.rs') $(shell find app/ -type f -name 'Cargo.toml') -App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) +App_Include_Paths := -I ./app -I./include -I$(SGX_SDK)/include App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) App_Rust_Path := ./target/$(OUTPUT_PATH) @@ -108,7 +103,7 @@ ProtectedFs_Library_Name := sgx_tprotected_fs RustEnclave_C_Files := $(wildcard ./enclave/*.c) RustEnclave_C_Objects := $(RustEnclave_C_Files:.c=.o) -RustEnclave_Include_Paths := -I$(CUSTOM_COMMON_PATH)/inc -I$(CUSTOM_EDL_PATH) -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include +RustEnclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/epid -I ./enclave -I./include RustEnclave_Link_Libs := -L$(CUSTOM_LIBRARY_PATH) -lenclave RustEnclave_Compile_Flags := $(SGX_COMMON_CFLAGS) $(ENCLAVE_CFLAGS) $(RustEnclave_Include_Paths) @@ -142,8 +137,8 @@ clean: ######## EDL Objects ######## $(Enclave_EDL_Files): $(SGX_EDGER8R) enclave/Enclave.edl - $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --trusted-dir enclave - $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --search-path $(CUSTOM_EDL_PATH) --untrusted-dir app + $(SGX_EDGER8R) --trusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --trusted-dir enclave + $(SGX_EDGER8R) --untrusted enclave/Enclave.edl --search-path $(SGX_SDK)/include --untrusted-dir app @echo "GEN => $(Enclave_EDL_Files)" ######## App Objects ######## diff --git a/rust-sgx-sdk/buildenv.mk b/buildenv.mk similarity index 100% rename from rust-sgx-sdk/buildenv.mk rename to buildenv.mk diff --git a/enclave/Enclave.edl b/enclave/Enclave.edl index 5df7db7c..ac799ddd 100644 --- a/enclave/Enclave.edl +++ b/enclave/Enclave.edl @@ -1,18 +1,5 @@ enclave { - from "sgx_backtrace.edl" import *; - from "sgx_tstd.edl" import *; - from "sgx_stdio.edl" import *; - from "sgx_backtrace.edl" import *; - from "sgx_tstdc.edl" import *; - from "sgx_tprotected_fs.edl" import *; - from "sgx_fs.edl" import *; - from "sgx_net.edl" import *; - from "sgx_time.edl" import *; - from "sgx_env.edl" import *; - from "sgx_thread.edl" import *; - from "sgx_pipe.edl" import *; - include "sgx_quote.h" trusted diff --git a/rust-sgx-sdk/Readme.md b/rust-sgx-sdk/Readme.md deleted file mode 100644 index 4c71699c..00000000 --- a/rust-sgx-sdk/Readme.md +++ /dev/null @@ -1,5 +0,0 @@ -# RUST-SGX-SDK - -This folder contains only the neccessary parts from the [RUST-SGX-SDK](https://github.com/baidu/rust-sgx-sdk). - -All the crates are directly fetched from github. \ No newline at end of file diff --git a/rust-sgx-sdk/common/inc/assert.h b/rust-sgx-sdk/common/inc/assert.h deleted file mode 100644 index a1539954..00000000 --- a/rust-sgx-sdk/common/inc/assert.h +++ /dev/null @@ -1,63 +0,0 @@ -/* $OpenBSD: assert.h,v 1.12 2006/01/31 10:53:51 hshoexer Exp $ */ -/* $NetBSD: assert.h,v 1.6 1994/10/26 00:55:44 cgd Exp $ */ - -/*- - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)assert.h 8.2 (Berkeley) 1/21/94 - */ - -/* - * Unlike other ANSI header files, may usefully be included - * multiple times, with and without NDEBUG defined. - */ - -#include - -#undef assert - -#ifdef NDEBUG -# define assert(e) ((void)0) -#else -# define assert(e) ((e) ? (void)0 : __assert(__FILE__, __LINE__, __func__, #e)) -#endif - -#ifndef _ASSERT_H_DECLS -#define _ASSERT_H_DECLS -__BEGIN_DECLS - -void _TLIBC_CDECL_ __assert(const char *, int, const char *, const char *); - -__END_DECLS -#endif /* Not _ASSERT_H_DECLS */ - diff --git a/rust-sgx-sdk/common/inc/complex.h b/rust-sgx-sdk/common/inc/complex.h deleted file mode 100644 index 904cb31f..00000000 --- a/rust-sgx-sdk/common/inc/complex.h +++ /dev/null @@ -1,134 +0,0 @@ -/* $OpenBSD: complex.h,v 1.3 2010/07/24 22:17:03 guenther Exp $ */ -/* - * Copyright (c) 2008 Martynas Venckus - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _COMPLEX_H_ -#define _COMPLEX_H_ - -#include - -/* - * C99 - */ -#ifdef __GNUC__ -#if __STDC_VERSION__ < 199901 -#define _Complex __complex__ -#endif -#define _Complex_I 1.0fi -#elif defined(lint) -#define _Complex_I 1.0fi -#endif - -#define complex _Complex - -/* XXX switch to _Imaginary_I */ -#undef I -#define I _Complex_I - -__BEGIN_DECLS -/* - * Double versions of C99 functions - */ -double complex cacos(double complex); -double complex casin(double complex); -double complex catan(double complex); -double complex ccos(double complex); -double complex csin(double complex); -double complex ctan(double complex); -double complex cacosh(double complex); -double complex casinh(double complex); -double complex catanh(double complex); -double complex ccosh(double complex); -double complex csinh(double complex); -double complex ctanh(double complex); -double complex cexp(double complex); -double complex clog(double complex); -double cabs(double complex); -double complex cpow(double complex, double complex); -double complex csqrt(double complex); -double carg(double complex); -double cimag(double complex); -double complex conj(double complex); -double complex cproj(double complex); -double creal(double complex); -/* - * C99 reserved - */ -double complex clog10(double complex); - -/* - * Float versions of C99 functions - */ -float complex cacosf(float complex); -float complex casinf(float complex); -float complex catanf(float complex); -float complex ccosf(float complex); -float complex csinf(float complex); -float complex ctanf(float complex); -float complex cacoshf(float complex); -float complex casinhf(float complex); -float complex catanhf(float complex); -float complex ccoshf(float complex); -float complex csinhf(float complex); -float complex ctanhf(float complex); -float complex cexpf(float complex); -float complex clogf(float complex); -float cabsf(float complex); -float complex cpowf(float complex, float complex); -float complex csqrtf(float complex); -float cargf(float complex); -float cimagf(float complex); -float complex conjf(float complex); -float complex cprojf(float complex); -float crealf(float complex); -/* - * C99 reserved - */ -float complex clog10f(float complex); - -/* - * Long double versions of C99 functions - */ -long double complex cacosl(long double complex); -long double complex casinl(long double complex); -long double complex catanl(long double complex); -long double complex ccosl(long double complex); -long double complex csinl(long double complex); -long double complex ctanl(long double complex); -long double complex cacoshl(long double complex); -long double complex casinhl(long double complex); -long double complex catanhl(long double complex); -long double complex ccoshl(long double complex); -long double complex csinhl(long double complex); -long double complex ctanhl(long double complex); -long double complex cexpl(long double complex); -long double complex clogl(long double complex); -long double cabsl(long double complex); -long double complex cpowl(long double complex, long double complex); -long double complex csqrtl(long double complex); -long double cargl(long double complex); -long double cimagl(long double complex); -long double complex conjl(long double complex); -long double complex cprojl(long double complex); -long double creall(long double complex); -/* - * C99 reserved - */ -long double complex clog10l(long double complex); - -__END_DECLS - -#endif /* !_COMPLEX_H_ */ diff --git a/rust-sgx-sdk/common/inc/ctype.h b/rust-sgx-sdk/common/inc/ctype.h deleted file mode 100644 index 57ac70ff..00000000 --- a/rust-sgx-sdk/common/inc/ctype.h +++ /dev/null @@ -1,65 +0,0 @@ -/* $OpenBSD: ctype.h,v 1.22 2010/10/01 20:10:24 guenther Exp $ */ -/* $NetBSD: ctype.h,v 1.14 1994/10/26 00:55:47 cgd Exp $ */ - -/* - * Copyright (c) 1989 The Regents of the University of California. - * All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)ctype.h 5.3 (Berkeley) 4/3/91 - */ - -#ifndef _CTYPE_H_ -#define _CTYPE_H_ - -#include - -__BEGIN_DECLS - -int _TLIBC_CDECL_ isalnum(int); -int _TLIBC_CDECL_ isalpha(int); -int _TLIBC_CDECL_ iscntrl(int); -int _TLIBC_CDECL_ isdigit(int); -int _TLIBC_CDECL_ isgraph(int); -int _TLIBC_CDECL_ islower(int); -int _TLIBC_CDECL_ isprint(int); -int _TLIBC_CDECL_ ispunct(int); -int _TLIBC_CDECL_ isspace(int); -int _TLIBC_CDECL_ isupper(int); -int _TLIBC_CDECL_ isxdigit(int); -int _TLIBC_CDECL_ tolower(int); -int _TLIBC_CDECL_ toupper(int); -int _TLIBC_CDECL_ isblank(int); -int _TLIBC_CDECL_ isascii(int); - -__END_DECLS - -#endif /* _CTYPE_H_ */ diff --git a/rust-sgx-sdk/common/inc/dirent.h b/rust-sgx-sdk/common/inc/dirent.h deleted file mode 100644 index a0ede037..00000000 --- a/rust-sgx-sdk/common/inc/dirent.h +++ /dev/null @@ -1,48 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license.s -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _DIRENT_H_ -#define _DIRENT_H_ - -struct dirent { - __ino_t d_ino; - __off_t d_off; - unsigned short d_reclen; - unsigned char d_type; - char d_name[256]; -}; - -struct dirent64 { - __ino64_t d_ino; - __off64_t d_off; - unsigned short d_reclen; - unsigned char d_type; - char d_name[256]; -}; - -#define d_fileno d_ino - -#endif /* _DIRENT_H_ */ diff --git a/rust-sgx-sdk/common/inc/endian.h b/rust-sgx-sdk/common/inc/endian.h deleted file mode 100644 index 2620c589..00000000 --- a/rust-sgx-sdk/common/inc/endian.h +++ /dev/null @@ -1,33 +0,0 @@ -/* $OpenBSD: endian.h,v 1.18 2006/03/27 07:09:24 otto Exp $ */ - -/*- - * Copyright (c) 1997 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _ENDIAN_H_ -#define _ENDIAN_H_ - -#include - -#endif /* _ENDIAN_H_ */ - diff --git a/rust-sgx-sdk/common/inc/errno.h b/rust-sgx-sdk/common/inc/errno.h deleted file mode 100644 index dbe293cb..00000000 --- a/rust-sgx-sdk/common/inc/errno.h +++ /dev/null @@ -1,187 +0,0 @@ -/* $OpenBSD: errno.h,v 1.1 2005/12/28 16:33:56 millert Exp $ */ - -/* - * Copyright (c) 1982, 1986, 1989, 1993 - * The Regents of the University of California. All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)errno.h 8.5 (Berkeley) 1/21/94 - */ - -#ifndef _ERRNO_H_ -#define _ERRNO_H_ - -#include - -#define EPERM 1 -#define ENOENT 2 -#define ESRCH 3 -#define EINTR 4 -#define EIO 5 -#define ENXIO 6 -#define E2BIG 7 -#define ENOEXEC 8 -#define EBADF 9 -#define ECHILD 10 -#define EAGAIN 11 -#define ENOMEM 12 -#define EACCES 13 -#define EFAULT 14 -#define ENOTBLK 15 -#define EBUSY 16 -#define EEXIST 17 -#define EXDEV 18 -#define ENODEV 19 -#define ENOTDIR 20 -#define EISDIR 21 -#define EINVAL 22 -#define ENFILE 23 -#define EMFILE 24 -#define ENOTTY 25 -#define ETXTBSY 26 -#define EFBIG 27 -#define ENOSPC 28 -#define ESPIPE 29 -#define EROFS 30 -#define EMLINK 31 -#define EPIPE 32 -#define EDOM 33 -#define ERANGE 34 -#define EDEADLK 35 -#define ENAMETOOLONG 36 -#define ENOLCK 37 -#define ENOSYS 38 -#define ENOTEMPTY 39 -#define ELOOP 40 -#define EWOULDBLOCK EAGAIN -#define ENOMSG 42 -#define EIDRM 43 -#define ECHRNG 44 -#define EL2NSYNC 45 -#define EL3HLT 46 -#define EL3RST 47 -#define ELNRNG 48 -#define EUNATCH 49 -#define ENOCSI 50 -#define EL2HLT 51 -#define EBADE 52 -#define EBADR 53 -#define EXFULL 54 -#define ENOANO 55 -#define EBADRQC 56 -#define EBADSLT 57 -#define EDEADLOCK EDEADLK -#define EBFONT 59 -#define ENOSTR 60 -#define ENODATA 61 -#define ETIME 62 -#define ENOSR 63 -#define ENONET 64 -#define ENOPKG 65 -#define EREMOTE 66 -#define ENOLINK 67 -#define EADV 68 -#define ESRMNT 69 -#define ECOMM 70 -#define EPROTO 71 -#define EMULTIHOP 72 -#define EDOTDOT 73 -#define EBADMSG 74 -#define EOVERFLOW 75 -#define ENOTUNIQ 76 -#define EBADFD 77 -#define EREMCHG 78 -#define ELIBACC 79 -#define ELIBBAD 80 -#define ELIBSCN 81 -#define ELIBMAX 82 -#define ELIBEXEC 83 -#define EILSEQ 84 -#define ERESTART 85 -#define ESTRPIPE 86 -#define EUSERS 87 -#define ENOTSOCK 88 -#define EDESTADDRREQ 89 -#define EMSGSIZE 90 -#define EPROTOTYPE 91 -#define ENOPROTOOPT 92 -#define EPROTONOSUPPORT 93 -#define ESOCKTNOSUPPORT 94 -#define EOPNOTSUPP 95 -#define EPFNOSUPPORT 96 -#define EAFNOSUPPORT 97 -#define EADDRINUSE 98 -#define EADDRNOTAVAIL 99 -#define ENETDOWN 100 -#define ENETUNREACH 101 -#define ENETRESET 102 -#define ECONNABORTED 103 -#define ECONNRESET 104 -#define ENOBUFS 105 -#define EISCONN 106 -#define ENOTCONN 107 -#define ESHUTDOWN 108 -#define ETOOMANYREFS 109 -#define ETIMEDOUT 110 -#define ECONNREFUSED 111 -#define EHOSTDOWN 112 -#define EHOSTUNREACH 113 -#define EALREADY 114 -#define EINPROGRESS 115 -#define ESTALE 116 -#define EUCLEAN 117 -#define ENOTNAM 118 -#define ENAVAIL 119 -#define EISNAM 120 -#define EREMOTEIO 121 -#define EDQUOT 122 -#define ENOMEDIUM 123 -#define EMEDIUMTYPE 124 -#define ECANCELED 125 -#define ENOKEY 126 -#define EKEYEXPIRED 127 -#define EKEYREVOKED 128 -#define EKEYREJECTED 129 -#define EOWNERDEAD 130 -#define ENOTRECOVERABLE 131 -#define ERFKILL 132 -#define EHWPOISON 133 -#define ENOTSUP EOPNOTSUPP - -__BEGIN_DECLS - -#ifndef errno -int * _TLIBC_CDECL_ __errno(void); -#define errno (*__errno()) -#endif /* errno */ -__END_DECLS - -#endif /* _ERRNO_H_ */ diff --git a/rust-sgx-sdk/common/inc/float.h b/rust-sgx-sdk/common/inc/float.h deleted file mode 100644 index e38a7c6a..00000000 --- a/rust-sgx-sdk/common/inc/float.h +++ /dev/null @@ -1,84 +0,0 @@ -/* $OpenBSD: float.h,v 1.3 2008/07/21 20:50:54 martynas Exp $ */ -/* $NetBSD: float.h,v 1.8 1995/06/20 20:45:37 jtc Exp $ */ - -/* - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)float.h 7.1 (Berkeley) 5/8/90 - */ - -#ifndef _FLOAT_H_ -#define _FLOAT_H_ - -#include - -#define FLT_RADIX 2 /* b */ - -// The rounding direction can be specified by fesetround() in -#define FLT_ROUNDS 1 /* addition rounding: near */ -#define DECIMAL_DIG 21 /* max precision in decimal digits */ - -// NOTE: FLT_EVAL_METHOD is -1 under FREEBSD x86. -#ifdef __i386__ -#define FLT_EVAL_METHOD 2 /* long double */ -#else -#define FLT_EVAL_METHOD 0 /* no promotions */ -#endif - -#define DBL_MANT_DIG 53 -#define DBL_EPSILON 2.2204460492503131E-16 -#define DBL_DIG 15 -#define DBL_MIN_EXP (-1021) -#define DBL_MIN 2.2250738585072014E-308 -#define DBL_MIN_10_EXP (-307) -#define DBL_MAX_EXP 1024 -#define DBL_MAX_10_EXP 308 - -#define FLT_MANT_DIG 24 /* p */ -#define FLT_DIG 6 /* floor((p-1)*log10(b))+(b == 10) */ -#define FLT_MIN_EXP (-125) /* emin */ -#define FLT_MIN_10_EXP (-37) /* ceil(log10(b**(emin-1))) */ -#define FLT_MAX_EXP 128 /* emax */ -#define FLT_MAX_10_EXP 38 /* floor(log10((1-b**(-p))*b**emax)) */ - -#define DBL_MAX 1.7976931348623157E+308 -#define FLT_EPSILON 1.19209290E-07F /* b**(1-p) */ -#define FLT_MIN 1.17549435E-38F /* b**(emin-1) */ -#define FLT_MAX 3.40282347E+38F /* (1-b**(-p))*b**emax */ - -#define LDBL_MANT_DIG 64 -#define LDBL_EPSILON 1.08420217248550443401e-19L -#define LDBL_DIG 18 -#define LDBL_MIN_EXP (-16381) -#define LDBL_MIN 3.36210314311209350626e-4932L -#define LDBL_MIN_10_EXP (-4931) -#define LDBL_MAX_EXP 16384 -#define LDBL_MAX 1.18973149535723176502e+4932L -#define LDBL_MAX_10_EXP 4932 - -#endif /* _FLOAT_H_ */ diff --git a/rust-sgx-sdk/common/inc/inttypes.h b/rust-sgx-sdk/common/inc/inttypes.h deleted file mode 100644 index fbc009c9..00000000 --- a/rust-sgx-sdk/common/inc/inttypes.h +++ /dev/null @@ -1,330 +0,0 @@ -/* $OpenBSD: inttypes.h,v 1.10 2009/01/13 18:13:51 kettenis Exp $ */ - -/* - * Copyright (c) 1997, 2005 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _INTTYPES_H_ -#define _INTTYPES_H_ - -#include - -/* - * 7.8.1 Macros for format specifiers - * - * Each of the following object-like macros expands to a string - * literal containing a conversion specifier, possibly modified by - * a prefix such as hh, h, l, or ll, suitable for use within the - * format argument of a formatted input/output function when - * converting the corresponding integer type. These macro names - * have the general form of PRI (character string literals for the - * fprintf family) or SCN (character string literals for the fscanf - * family), followed by the conversion specifier, followed by a - * name corresponding to a similar typedef name. For example, - * PRIdFAST32 can be used in a format string to print the value of - * an integer of type int_fast32_t. - */ - -/* fprintf macros for signed integers */ -#define PRId8 "d" /* int8_t */ -#define PRId16 "d" /* int16_t */ -#define PRId32 "d" /* int32_t */ -#ifdef __x86_64__ -#define PRId64 "ld" /* int64_t */ -#else -#define PRId64 "lld" /* int64_t */ -#endif - -#define PRIdLEAST8 "d" /* int_least8_t */ -#define PRIdLEAST16 "d" /* int_least16_t */ -#define PRIdLEAST32 "d" /* int_least32_t */ -#ifdef __x86_64__ -#define PRIdLEAST64 "ld" /* int_least64_t */ -#else -#define PRIdLEAST64 "lld" /* int_least64_t */ -#endif - -#define PRIdFAST8 "d" /* int_fast8_t */ -#ifdef __x86_64__ -#define PRIdFAST16 "ld" /* int_fast16_t */ -#define PRIdFAST32 "ld" /* int_fast32_t */ -#define PRIdFAST64 "ld" /* int_fast64_t */ -#else -#define PRIdFAST16 "d" /* int_fast16_t */ -#define PRIdFAST32 "d" /* int_fast32_t */ -#define PRIdFAST64 "lld" /* int_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIdMAX "ld" /* intmax_t */ -#else -#if defined(__i386__) -#define PRIdMAX "lld" /* intmax_t */ -#else -#define PRIdMAX "jd" /* intmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIdPTR "d" /* intptr_t */ -#else -#define PRIdPTR "ld" /* intptr_t */ -#endif - -#define PRIi8 "i" /* int8_t */ -#define PRIi16 "i" /* int16_t */ -#define PRIi32 "i" /* int32_t */ -#ifdef __x86_64__ -#define PRIi64 "li" /* int64_t */ -#else -#define PRIi64 "lli" /* int64_t */ -#endif - -#define PRIiLEAST8 "i" /* int_least8_t */ -#define PRIiLEAST16 "i" /* int_least16_t */ -#define PRIiLEAST32 "i" /* int_least32_t */ -#ifdef __x86_64__ -#define PRIiLEAST64 "li" /* int_least64_t */ -#else -#define PRIiLEAST64 "lli" /* int_least64_t */ -#endif - -#define PRIiFAST8 "i" /* int_fast8_t */ -#ifdef __x86_64__ -#define PRIiFAST16 "li" /* int_fast16_t */ -#define PRIiFAST32 "li" /* int_fast32_t */ -#define PRIiFAST64 "li" /* int_fast64_t */ -#else -#define PRIiFAST16 "i" /* int_fast16_t */ -#define PRIiFAST32 "i" /* int_fast32_t */ -#define PRIiFAST64 "lli" /* int_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIiMAX "li" /* intmax_t */ -#else -#if defined(__i386__) -#define PRIiMAX "lli" /* intmax_t */ -#else -#define PRIiMAX "ji" /* intmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIiPTR "i" /* intptr_t */ -#else -#define PRIiPTR "li" /* intptr_t */ -#endif - -/* fprintf macros for unsigned integers */ -#define PRIo8 "o" /* int8_t */ -#define PRIo16 "o" /* int16_t */ -#define PRIo32 "o" /* int32_t */ -#ifdef __x86_64__ -#define PRIo64 "lo" /* int64_t */ -#else -#define PRIo64 "llo" /* int64_t */ -#endif - -#define PRIoLEAST8 "o" /* int_least8_t */ -#define PRIoLEAST16 "o" /* int_least16_t */ -#define PRIoLEAST32 "o" /* int_least32_t */ -#ifdef __x86_64__ -#define PRIoLEAST64 "lo" /* int_least64_t */ -#else -#define PRIoLEAST64 "llo" /* int_least64_t */ -#endif - -#define PRIoFAST8 "o" /* int_fast8_t */ -#ifdef __x86_64__ -#define PRIoFAST16 "lo" /* int_fast16_t */ -#define PRIoFAST32 "lo" /* int_fast32_t */ -#define PRIoFAST64 "lo" /* int_fast64_t */ -#else -#define PRIoFAST16 "o" /* int_fast16_t */ -#define PRIoFAST32 "o" /* int_fast32_t */ -#define PRIoFAST64 "llo" /* int_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIoMAX "lo" /* intmax_t */ -#else -#if defined(__i386__) -#define PRIoMAX "llo" /* intmax_t */ -#else -#define PRIoMAX "jo" /* intmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIoPTR "o" /* intptr_t */ -#else -#define PRIoPTR "lo" /* intptr_t */ -#endif - -#define PRIu8 "u" /* uint8_t */ -#define PRIu16 "u" /* uint16_t */ -#define PRIu32 "u" /* uint32_t */ - -#ifdef __x86_64__ -#define PRIu64 "lu" /* uint64_t */ -#else -#define PRIu64 "llu" /* uint64_t */ -#endif - -#define PRIuLEAST8 "u" /* uint_least8_t */ -#define PRIuLEAST16 "u" /* uint_least16_t */ -#define PRIuLEAST32 "u" /* uint_least32_t */ - -#ifdef __x86_64__ -#define PRIuLEAST64 "lu" /* uint_least64_t */ -#else -#define PRIuLEAST64 "llu" /* uint_least64_t */ -#endif - -#define PRIuFAST8 "u" /* uint_fast8_t */ - -#ifdef __x86_64__ -#define PRIuFAST16 "lu" /* uint_fast16_t */ -#define PRIuFAST32 "lu" /* uint_fast32_t */ -#define PRIuFAST64 "lu" /* uint_fast64_t */ -#else -#define PRIuFAST16 "u" /* uint_fast16_t */ -#define PRIuFAST32 "u" /* uint_fast32_t */ -#define PRIuFAST64 "llu" /* uint_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIuMAX "lu" /* uintmax_t */ -#else -#if defined(__i386__) -#define PRIuMAX "llu" /* uintmax_t */ -#else -#define PRIuMAX "ju" /* uintmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIuPTR "u" /* uintptr_t */ -#else -#define PRIuPTR "lu" /* uintptr_t */ -#endif - -#define PRIx8 "x" /* uint8_t */ -#define PRIx16 "x" /* uint16_t */ -#define PRIx32 "x" /* uint32_t */ -#ifdef __x86_64__ -#define PRIx64 "lx" /* uint64_t */ -#else -#define PRIx64 "llx" /* uint64_t */ -#endif - -#define PRIxLEAST8 "x" /* uint_least8_t */ -#define PRIxLEAST16 "x" /* uint_least16_t */ -#define PRIxLEAST32 "x" /* uint_least32_t */ -#ifdef __x86_64__ -#define PRIxLEAST64 "lx" /* uint_least64_t */ -#else -#define PRIxLEAST64 "llx" /* uint_least64_t */ -#endif - -#define PRIxFAST8 "x" /* uint_fast8_t */ -#ifdef __x86_64__ -#define PRIxFAST16 "lx" /* uint_fast16_t */ -#define PRIxFAST32 "lx" /* uint_fast32_t */ -#define PRIxFAST64 "lx" /* uint_fast64_t */ -#else -#define PRIxFAST16 "x" /* uint_fast16_t */ -#define PRIxFAST32 "x" /* uint_fast32_t */ -#define PRIxFAST64 "llx" /* uint_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIxMAX "lx" /* uintmax_t */ -#else -#if defined(__i386__) -#define PRIxMAX "llx" /* uintmax_t */ -#else -#define PRIxMAX "jx" /* uintmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIxPTR "x" /* uintptr_t */ -#else -#define PRIxPTR "lx" /* uintptr_t */ -#endif - -#define PRIX8 "X" /* uint8_t */ -#define PRIX16 "X" /* uint16_t */ -#define PRIX32 "X" /* uint32_t */ - -#ifdef __x86_64__ -#define PRIX64 "lX" /* uint64_t */ -#else -#define PRIX64 "llX" /* uint64_t */ -#endif - -#define PRIXLEAST8 "X" /* uint_least8_t */ -#define PRIXLEAST16 "X" /* uint_least16_t */ -#define PRIXLEAST32 "X" /* uint_least32_t */ -#ifdef __x86_64__ -#define PRIXLEAST64 "lX" /* uint_least64_t */ -#else -#define PRIXLEAST64 "llX" /* uint_least64_t */ -#endif - -#define PRIXFAST8 "X" /* uint_fast8_t */ -#ifdef __x86_64__ -#define PRIXFAST16 "lX" /* uint_fast16_t */ -#define PRIXFAST32 "lX" /* uint_fast32_t */ -#define PRIXFAST64 "lX" /* uint_fast64_t */ -#else -#define PRIXFAST16 "X" /* uint_fast16_t */ -#define PRIXFAST32 "X" /* uint_fast32_t */ -#define PRIXFAST64 "llX" /* uint_fast64_t */ -#endif - -#ifdef __x86_64__ -#define PRIXMAX "lX" /* uintmax_t */ -#else -#if defined(__i386__) -#define PRIXMAX "llX" /* uintmax_t */ -#else -#define PRIXMAX "jX" /* uintmax_t */ -#endif -#endif - -#ifdef __i386__ -#define PRIXPTR "X" /* uintptr_t */ -#else -#define PRIXPTR "lX" /* uintptr_t */ -#endif - -typedef struct { - intmax_t quot; /* quotient */ - intmax_t rem; /* remainder */ -} imaxdiv_t; - -__BEGIN_DECLS - -intmax_t _TLIBC_CDECL_ imaxabs(intmax_t); -imaxdiv_t _TLIBC_CDECL_ imaxdiv(intmax_t, intmax_t); -intmax_t _TLIBC_CDECL_ strtoimax(const char *, char **, int); -uintmax_t _TLIBC_CDECL_ strtoumax(const char *, char **, int); - -__END_DECLS - -#endif /* _INTTYPES_H_ */ diff --git a/rust-sgx-sdk/common/inc/iso646.h b/rust-sgx-sdk/common/inc/iso646.h deleted file mode 100644 index a0c341b6..00000000 --- a/rust-sgx-sdk/common/inc/iso646.h +++ /dev/null @@ -1,26 +0,0 @@ -/* $OpenBSD: iso646.h,v 1.3 2001/10/11 00:05:21 espie Exp $ */ -/* $NetBSD: iso646.h,v 1.1 1995/02/17 09:08:10 jtc Exp $ */ - -/* - * Written by J.T. Conklin 02/16/95. - * Public domain. - */ - -#ifndef _ISO646_H_ -#define _ISO646_H_ - -#ifndef __cplusplus -#define and && -#define and_eq &= -#define bitand & -#define bitor | -#define compl ~ -#define not ! -#define not_eq != -#define or || -#define or_eq |= -#define xor ^ -#define xor_eq ^= -#endif - -#endif /* !_ISO646_H_ */ diff --git a/rust-sgx-sdk/common/inc/limits.h b/rust-sgx-sdk/common/inc/limits.h deleted file mode 100644 index 9d42cb54..00000000 --- a/rust-sgx-sdk/common/inc/limits.h +++ /dev/null @@ -1,41 +0,0 @@ -/* $OpenBSD: limits.h,v 1.15 2008/02/10 09:59:54 kettenis Exp $ */ -/* $NetBSD: limits.h,v 1.7 1994/10/26 00:56:00 cgd Exp $ */ - -/* - * Copyright (c) 1988 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)limits.h 5.9 (Berkeley) 4/3/91 - */ - - -#ifndef _LIMITS_H_ -#define _LIMITS_H_ - -#include - -#endif /* !_LIMITS_H_ */ diff --git a/rust-sgx-sdk/common/inc/math.h b/rust-sgx-sdk/common/inc/math.h deleted file mode 100644 index 6ea425b8..00000000 --- a/rust-sgx-sdk/common/inc/math.h +++ /dev/null @@ -1,430 +0,0 @@ -/* $OpenBSD: math.h,v 1.27 2010/12/14 11:16:15 martynas Exp $ */ -/* - * ==================================================== - * Copyright (C) 1993 by Sun Microsystems, Inc. All rights reserved. - * - * Developed at SunPro, a Sun Microsystems, Inc. business. - * Permission to use, copy, modify, and distribute this - * software is freely granted, provided that this notice - * is preserved. - * ==================================================== - */ - -/* - * from: @(#)fdlibm.h 5.1 93/09/24 - */ - -#ifndef _MATH_H_ -#define _MATH_H_ - -#include -#include -#include - -#include - -typedef __float_t float_t; -typedef __double_t double_t; - -#define FP_NAN 0x00 -#define FP_INFINITE 0x01 -#define FP_ZERO 0x02 -#define FP_SUBNORMAL 0x03 -#define FP_NORMAL 0x04 - -#define FP_ILOGB0 (-INT_MAX - 1) -#define FP_ILOGBNAN (-INT_MAX - 1) - -#define fpclassify(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __fpclassifyf(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __fpclassify(x) \ - : __fpclassifyl(x)) -#define isfinite(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __isfinitef(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __isfinite(x) \ - : __isfinitel(x)) -#define isnormal(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __isnormalf(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __isnormal(x) \ - : __isnormall(x)) -#define signbit(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __signbitf(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __signbit(x) \ - : __signbitl(x)) -#define isinf(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __isinff(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __isinf(x) \ - : __isinfl(x)) -#define isnan(x) \ - ((sizeof (x) == sizeof (float)) ? \ - __isnanf(x) \ - : (sizeof (x) == sizeof (double)) ? \ - __isnan(x) \ - : __isnanl(x)) - -#define isgreater(x, y) (!isunordered((x), (y)) && (x) > (y)) -#define isgreaterequal(x, y) (!isunordered((x), (y)) && (x) >= (y)) -#define isless(x, y) (!isunordered((x), (y)) && (x) < (y)) -#define islessequal(x, y) (!isunordered((x), (y)) && (x) <= (y)) -#define islessgreater(x, y) (!isunordered((x), (y)) && ((x) > (y) || (y) > (x))) -#define isunordered(x, y) (isnan(x) || isnan(y)) - -__BEGIN_DECLS - -extern char __infinity[]; -#define HUGE_VAL (*(double *)(void *)__infinity) -#define HUGE_VALF ((float)HUGE_VAL) -#define HUGE_VALL ((long double)HUGE_VAL) -#define INFINITY HUGE_VALF -extern char __nan[]; -#define NAN (*(float *)(void *)__nan) - -/* - * ANSI/POSIX - */ -double _TLIBC_CDECL_ acos(double); -double _TLIBC_CDECL_ asin(double); -double _TLIBC_CDECL_ atan(double); -double _TLIBC_CDECL_ atan2(double, double); -double _TLIBC_CDECL_ cos(double); -double _TLIBC_CDECL_ sin(double); -double _TLIBC_CDECL_ tan(double); - -double _TLIBC_CDECL_ cosh(double); -double _TLIBC_CDECL_ sinh(double); -double _TLIBC_CDECL_ tanh(double); - -double _TLIBC_CDECL_ exp(double); -double _TLIBC_CDECL_ frexp(double, int *); -double _TLIBC_CDECL_ ldexp(double, int); -double _TLIBC_CDECL_ log(double); -double _TLIBC_CDECL_ log10(double); -double _TLIBC_CDECL_ modf(double, double *); - -double _TLIBC_CDECL_ pow(double, double); -double _TLIBC_CDECL_ sqrt(double); - -double _TLIBC_CDECL_ ceil(double); -double _TLIBC_CDECL_ fabs(double); -double _TLIBC_CDECL_ floor(double); -double _TLIBC_CDECL_ fmod(double, double); - -/* - * C99 - */ -double _TLIBC_CDECL_ acosh(double); -double _TLIBC_CDECL_ asinh(double); -double _TLIBC_CDECL_ atanh(double); - -double _TLIBC_CDECL_ exp2(double); -double _TLIBC_CDECL_ expm1(double); -int _TLIBC_CDECL_ ilogb(double); -double _TLIBC_CDECL_ log1p(double); -double _TLIBC_CDECL_ log2(double); -double _TLIBC_CDECL_ logb(double); -double _TLIBC_CDECL_ scalbn(double, int); -double _TLIBC_CDECL_ scalbln(double, long int); - -double _TLIBC_CDECL_ cbrt(double); -double _TLIBC_CDECL_ hypot(double, double); - -double _TLIBC_CDECL_ erf(double); -double _TLIBC_CDECL_ erfc(double); -double _TLIBC_CDECL_ lgamma(double); -double _TLIBC_CDECL_ tgamma(double); - -double _TLIBC_CDECL_ nearbyint(double); -double _TLIBC_CDECL_ rint(double); -long int _TLIBC_CDECL_ lrint(double); -long long int _TLIBC_CDECL_ llrint(double); -double _TLIBC_CDECL_ round(double); -long int _TLIBC_CDECL_ lround(double); -long long int _TLIBC_CDECL_ llround(double); -double _TLIBC_CDECL_ trunc(double); - -double _TLIBC_CDECL_ remainder(double, double); -double _TLIBC_CDECL_ remquo(double, double, int *); - -double _TLIBC_CDECL_ copysign(double, double); -double _TLIBC_CDECL_ nan(const char *); -double _TLIBC_CDECL_ nextafter(double, double); - -double _TLIBC_CDECL_ fdim(double, double); -double _TLIBC_CDECL_ fmax(double, double); -double _TLIBC_CDECL_ fmin(double, double); - -double _TLIBC_CDECL_ fma(double, double, double); - -/* - * Float versions of C99 functions - */ - -float _TLIBC_CDECL_ acosf(float); -float _TLIBC_CDECL_ asinf(float); -float _TLIBC_CDECL_ atanf(float); -float _TLIBC_CDECL_ atan2f(float, float); -float _TLIBC_CDECL_ cosf(float); -float _TLIBC_CDECL_ sinf(float); -float _TLIBC_CDECL_ tanf(float); - -float _TLIBC_CDECL_ acoshf(float); -float _TLIBC_CDECL_ asinhf(float); -float _TLIBC_CDECL_ atanhf(float); -float _TLIBC_CDECL_ coshf(float); -float _TLIBC_CDECL_ sinhf(float); -float _TLIBC_CDECL_ tanhf(float); - -float _TLIBC_CDECL_ expf(float); -float _TLIBC_CDECL_ exp2f(float); -float _TLIBC_CDECL_ expm1f(float); -float _TLIBC_CDECL_ frexpf(float, int *); -int _TLIBC_CDECL_ ilogbf(float); -float _TLIBC_CDECL_ ldexpf(float, int); -float _TLIBC_CDECL_ logf(float); -float _TLIBC_CDECL_ log10f(float); -float _TLIBC_CDECL_ log1pf(float); -float _TLIBC_CDECL_ log2f(float); -float _TLIBC_CDECL_ logbf(float); -float _TLIBC_CDECL_ modff(float, float *); -float _TLIBC_CDECL_ scalbnf(float, int); -float _TLIBC_CDECL_ scalblnf(float, long int); - -float _TLIBC_CDECL_ cbrtf(float); -float _TLIBC_CDECL_ fabsf(float); -float _TLIBC_CDECL_ hypotf(float, float); -float _TLIBC_CDECL_ powf(float, float); -float _TLIBC_CDECL_ sqrtf(float); - -float _TLIBC_CDECL_ erff(float); -float _TLIBC_CDECL_ erfcf(float); -float _TLIBC_CDECL_ lgammaf(float); -float _TLIBC_CDECL_ tgammaf(float); - -float _TLIBC_CDECL_ ceilf(float); -float _TLIBC_CDECL_ floorf(float); -float _TLIBC_CDECL_ nearbyintf(float); - -float _TLIBC_CDECL_ rintf(float); -long int _TLIBC_CDECL_ lrintf(float); -long long int _TLIBC_CDECL_ llrintf(float); -float _TLIBC_CDECL_ roundf(float); -long int _TLIBC_CDECL_ lroundf(float); -long long int _TLIBC_CDECL_ llroundf(float); -float _TLIBC_CDECL_ truncf(float); - -float _TLIBC_CDECL_ fmodf(float, float); -float _TLIBC_CDECL_ remainderf(float, float); -float _TLIBC_CDECL_ remquof(float, float, int *); - -float _TLIBC_CDECL_ copysignf(float, float); -float _TLIBC_CDECL_ nanf(const char *); -float _TLIBC_CDECL_ nextafterf(float, float); - -float _TLIBC_CDECL_ fdimf(float, float); -float _TLIBC_CDECL_ fmaxf(float, float); -float _TLIBC_CDECL_ fminf(float, float); - -float _TLIBC_CDECL_ fmaf(float, float, float); - -/* - * Long double versions of C99 functions - */ - -/* Macros defining long double functions to be their double counterparts - * (long double is synonymous with double in this implementation). - */ - -long double _TLIBC_CDECL_ acosl(long double); -long double _TLIBC_CDECL_ asinl(long double); -long double _TLIBC_CDECL_ atanl(long double); -long double _TLIBC_CDECL_ atan2l(long double, long double); -long double _TLIBC_CDECL_ cosl(long double); -long double _TLIBC_CDECL_ sinl(long double); -long double _TLIBC_CDECL_ tanl(long double); - -long double _TLIBC_CDECL_ acoshl(long double); -long double _TLIBC_CDECL_ asinhl(long double); -long double _TLIBC_CDECL_ atanhl(long double); -long double _TLIBC_CDECL_ coshl(long double); -long double _TLIBC_CDECL_ sinhl(long double); -long double _TLIBC_CDECL_ tanhl(long double); - -long double _TLIBC_CDECL_ expl(long double); -long double _TLIBC_CDECL_ exp2l(long double); -long double _TLIBC_CDECL_ expm1l(long double); -long double _TLIBC_CDECL_ frexpl(long double, int *); -int _TLIBC_CDECL_ ilogbl(long double); -long double _TLIBC_CDECL_ ldexpl(long double, int); -long double _TLIBC_CDECL_ logl(long double); -long double _TLIBC_CDECL_ log10l(long double); -long double _TLIBC_CDECL_ log1pl(long double); -long double _TLIBC_CDECL_ log2l(long double); -long double _TLIBC_CDECL_ logbl(long double); -long double _TLIBC_CDECL_ modfl(long double, long double *); -long double _TLIBC_CDECL_ scalbnl(long double, int); -long double _TLIBC_CDECL_ scalblnl(long double, long int); - -long double _TLIBC_CDECL_ cbrtl(long double); -long double _TLIBC_CDECL_ fabsl(long double); -long double _TLIBC_CDECL_ hypotl(long double, long double); -long double _TLIBC_CDECL_ powl(long double, long double); -long double _TLIBC_CDECL_ sqrtl(long double); - -long double _TLIBC_CDECL_ erfl(long double); -long double _TLIBC_CDECL_ erfcl(long double); -long double _TLIBC_CDECL_ lgammal(long double); -long double _TLIBC_CDECL_ tgammal(long double); - -long double _TLIBC_CDECL_ ceill(long double); -long double _TLIBC_CDECL_ floorl(long double); -long double _TLIBC_CDECL_ nearbyintl(long double); -long double _TLIBC_CDECL_ rintl(long double); -long int _TLIBC_CDECL_ lrintl(long double); -long long int _TLIBC_CDECL_ llrintl(long double); -long double _TLIBC_CDECL_ roundl(long double); -long int _TLIBC_CDECL_ lroundl(long double); -long long int _TLIBC_CDECL_ llroundl(long double); -long double _TLIBC_CDECL_ truncl(long double); - -long double _TLIBC_CDECL_ fmodl(long double, long double); -long double _TLIBC_CDECL_ remainderl(long double, long double); -long double _TLIBC_CDECL_ remquol(long double, long double, int *); - -long double _TLIBC_CDECL_ copysignl(long double, long double); -long double _TLIBC_CDECL_ nanl(const char *); -long double _TLIBC_CDECL_ nextafterl(long double, long double); - -long double _TLIBC_CDECL_ fdiml(long double, long double); -long double _TLIBC_CDECL_ fmaxl(long double, long double); -long double _TLIBC_CDECL_ fminl(long double, long double); -long double _TLIBC_CDECL_ fmal(long double, long double, long double); - -/* nexttoward(): -* The implementation in Intel math library is incompatible with MSVC. -* Because sizeof(long double) is 8bytes with MSVC, -* but the expected long double size is 10bytes. -* And by default, MSVC doesn't provide nexttoward(). -* So we only provide Linux version here. -*/ -double _TLIBC_CDECL_ nexttoward(double, long double); -float _TLIBC_CDECL_ nexttowardf(float, long double); - -long double _TLIBC_CDECL_ nexttowardl(long double, long double); - -/* - * Library implementation - */ -int _TLIBC_CDECL_ __fpclassify(double); -int _TLIBC_CDECL_ __fpclassifyf(float); -int _TLIBC_CDECL_ __isfinite(double); -int _TLIBC_CDECL_ __isfinitef(float); -int _TLIBC_CDECL_ __isinf(double); -int _TLIBC_CDECL_ __isinff(float); -int _TLIBC_CDECL_ __isnan(double); -int _TLIBC_CDECL_ __isnanf(float); -int _TLIBC_CDECL_ __isnormal(double); -int _TLIBC_CDECL_ __isnormalf(float); -int _TLIBC_CDECL_ __signbit(double); -int _TLIBC_CDECL_ __signbitf(float); - -int _TLIBC_CDECL_ __fpclassifyl(long double); -int _TLIBC_CDECL_ __isfinitel(long double); -int _TLIBC_CDECL_ __isinfl(long double); -int _TLIBC_CDECL_ __isnanl(long double); -int _TLIBC_CDECL_ __isnormall(long double); -int _TLIBC_CDECL_ __signbitl(long double); - -/* - * Non-C99 functions. - */ -double _TLIBC_CDECL_ drem(double, double); -double _TLIBC_CDECL_ exp10(double); -double _TLIBC_CDECL_ gamma(double); -double _TLIBC_CDECL_ gamma_r(double, int *); -double _TLIBC_CDECL_ j0(double); -double _TLIBC_CDECL_ j1(double); -double _TLIBC_CDECL_ jn(int, double); -double _TLIBC_CDECL_ lgamma_r(double, int *); -double _TLIBC_CDECL_ pow10(double); -double _TLIBC_CDECL_ scalb(double, double); -/* C99 Macro signbit.*/ -double _TLIBC_CDECL_ significand(double); -void _TLIBC_CDECL_ sincos(double, double *, double *); -double _TLIBC_CDECL_ y0(double); -double _TLIBC_CDECL_ y1(double); -double _TLIBC_CDECL_ yn(int, double); -/* C99 Macro isinf.*/ -/* C99 Macro isnan.*/ -int _TLIBC_CDECL_ finite(double); - -float _TLIBC_CDECL_ dremf(float, float); -float _TLIBC_CDECL_ exp10f(float); -float _TLIBC_CDECL_ gammaf(float); -float _TLIBC_CDECL_ gammaf_r(float, int *); -float _TLIBC_CDECL_ j0f(float); -float _TLIBC_CDECL_ j1f(float); -float _TLIBC_CDECL_ jnf(int, float); -float _TLIBC_CDECL_ lgammaf_r(float, int *); -float _TLIBC_CDECL_ pow10f(float); -float _TLIBC_CDECL_ scalbf(float, float); -int _TLIBC_CDECL_ signbitf(float); -float _TLIBC_CDECL_ significandf(float); -void _TLIBC_CDECL_ sincosf(float, float *, float *); -float _TLIBC_CDECL_ y0f(float); -float _TLIBC_CDECL_ y1f(float); -float _TLIBC_CDECL_ ynf(int, float); -int _TLIBC_CDECL_ finitef(float); -int _TLIBC_CDECL_ isinff(float); -int _TLIBC_CDECL_ isnanf(float); - -long double _TLIBC_CDECL_ dreml(long double, long double); -long double _TLIBC_CDECL_ exp10l(long double); -long double _TLIBC_CDECL_ gammal(long double); -long double _TLIBC_CDECL_ gammal_r(long double, int *); -long double _TLIBC_CDECL_ j0l(long double); -long double _TLIBC_CDECL_ j1l(long double); -long double _TLIBC_CDECL_ jnl(int, long double); -long double _TLIBC_CDECL_ lgammal_r(long double, int *); -long double _TLIBC_CDECL_ pow10l(long double); -long double _TLIBC_CDECL_ scalbl(long double, long double); -int _TLIBC_CDECL_ signbitl(long double); -long double _TLIBC_CDECL_ significandl(long double); -void _TLIBC_CDECL_ sincosl(long double, long double *, long double *); -long double _TLIBC_CDECL_ y1l(long double); -long double _TLIBC_CDECL_ y0l(long double); -long double _TLIBC_CDECL_ ynl(int, long double); -int _TLIBC_CDECL_ finitel(long double); -int _TLIBC_CDECL_ isinfl(long double); -int _TLIBC_CDECL_ isnanl(long double); - -/* - * TODO: From Intel Decimal Floating-Point Math Library - * signbitd32/signbitd64/signbitd128, finited32/finited64/finited128 - * isinfd32/isinfd64/isinfd128, isnand32/isnand64/isnand128 - */ -#if defined(__cplusplus) -/* Clang does not support decimal floating point types. - * - * c.f.: - * http://clang.llvm.org/docs/UsersManual.html#gcc-extensions-not-implemented-yet - */ -#if !defined(__clang__) -typedef float _Decimal32 __attribute__((mode(SD))); -typedef float _Decimal64 __attribute__((mode(DD))); -typedef float _Decimal128 __attribute__((mode(TD))); -#endif -#endif - -__END_DECLS - -#endif /* !_MATH_H_ */ diff --git a/rust-sgx-sdk/common/inc/mbusafecrt.h b/rust-sgx-sdk/common/inc/mbusafecrt.h deleted file mode 100644 index 91d888b3..00000000 --- a/rust-sgx-sdk/common/inc/mbusafecrt.h +++ /dev/null @@ -1,85 +0,0 @@ -// -// Copyright (c) Microsoft. All rights reserved. -// Licensed under the MIT license. See LICENSE file in the project root for full license information. -// - -/*** -* mbusafecrt.h - public declarations for SafeCRT lib -* - -* -* Purpose: -* This file contains the public declarations SafeCRT -* functions ported to MacOS. These are the safe versions of -* functions standard functions banned by SWI -* - -****/ - -/* shields! */ - -#ifndef MBUSAFECRT_H -#define MBUSAFECRT_H -#include -#include -#include -typedef wchar_t WCHAR; - -#ifdef __cplusplus - extern "C" { -#endif - -extern errno_t strcat_s( char* ioDest, size_t inDestBufferSize, const char* inSrc ); -extern errno_t wcscat_s( WCHAR* ioDest, size_t inDestBufferSize, const WCHAR* inSrc ); - -extern errno_t strncat_s( char* ioDest, size_t inDestBufferSize, const char* inSrc, size_t inCount ); -extern errno_t wcsncat_s( WCHAR* ioDest, size_t inDestBufferSize, const WCHAR* inSrc, size_t inCount ); - -extern errno_t strcpy_s( char* outDest, size_t inDestBufferSize, const char* inSrc ); -extern errno_t wcscpy_s( WCHAR* outDest, size_t inDestBufferSize, const WCHAR* inSrc ); - -extern errno_t strncpy_s( char* outDest, size_t inDestBufferSize, const char* inSrc, size_t inCount ); -extern errno_t wcsncpy_s( WCHAR* outDest, size_t inDestBufferSize, const WCHAR* inSrc, size_t inCount ); - -extern char* strtok_s( char* inString, const char* inControl, char** ioContext ); -extern WCHAR* wcstok_s( WCHAR* inString, const WCHAR* inControl, WCHAR** ioContext ); - -extern size_t wcsnlen( const WCHAR* inString, size_t inMaxSize ); - -extern errno_t _itoa_s( int inValue, char* outBuffer, size_t inDestBufferSize, int inRadix ); -extern errno_t _itow_s( int inValue, WCHAR* outBuffer, size_t inDestBufferSize, int inRadix ); - -extern errno_t _ltoa_s( long inValue, char* outBuffer, size_t inDestBufferSize, int inRadix ); -extern errno_t _ltow_s( long inValue, WCHAR* outBuffer, size_t inDestBufferSize, int inRadix ); - -extern errno_t _ultoa_s( unsigned long inValue, char* outBuffer, size_t inDestBufferSize, int inRadix ); -extern errno_t _ultow_s( unsigned long inValue, WCHAR* outBuffer, size_t inDestBufferSize, int inRadix ); - -extern errno_t _i64toa_s( long long inValue, char* outBuffer, size_t inDestBufferSize, int inRadix ); -extern errno_t _i64tow_s( long long inValue, WCHAR* outBuffer, size_t inDestBufferSize, int inRadix ); - -extern errno_t _ui64toa_s( unsigned long long inValue, char* outBuffer, size_t inDestBufferSize, int inRadix ); -extern errno_t _ui64tow_s( unsigned long long inValue, WCHAR* outBuffer, size_t inDestBufferSize, int inRadix ); - -extern int sprintf_s( char *string, size_t sizeInBytes, const char *format, ... ); -extern int swprintf_s( WCHAR *string, size_t sizeInWords, const WCHAR *format, ... ); - -extern int _snprintf_s( char *string, size_t sizeInBytes, size_t count, const char *format, ... ); -extern int _snwprintf_s( WCHAR *string, size_t sizeInWords, size_t count, const WCHAR *format, ... ); - -extern int _vsprintf_s( char* string, size_t sizeInBytes, const char* format, va_list arglist ); -extern int _vsnprintf_s( char* string, size_t sizeInBytes, size_t count, const char* format, va_list arglist ); - -extern int _vswprintf_s( WCHAR* string, size_t sizeInWords, const WCHAR* format, va_list arglist ); -extern int _vsnwprintf_s( WCHAR* string, size_t sizeInWords, size_t count, const WCHAR* format, va_list arglist ); - -extern errno_t memcpy_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); -extern errno_t memcpy_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); -extern errno_t memmove_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); -extern errno_t memmove_verw_s( void * dst, size_t sizeInBytes, const void * src, size_t count ); - -#ifdef __cplusplus - } -#endif - -#endif /* MBUSAFECRT_H */ diff --git a/rust-sgx-sdk/common/inc/netdb.h b/rust-sgx-sdk/common/inc/netdb.h deleted file mode 100644 index 264f90ff..00000000 --- a/rust-sgx-sdk/common/inc/netdb.h +++ /dev/null @@ -1,41 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license.s -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _NETDB_H -#define _NETDB_H - -struct addrinfo { - int ai_flags; - int ai_family; - int ai_socktype; - int ai_protocol; - socklen_t ai_addrlen; - struct sockaddr *ai_addr; - char *ai_canonname; - struct addrinfo *ai_next; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/poll.h b/rust-sgx-sdk/common/inc/poll.h deleted file mode 100644 index fc786fc2..00000000 --- a/rust-sgx-sdk/common/inc/poll.h +++ /dev/null @@ -1,38 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _POLL_H_ -#define _POLL_H_ - -typedef unsigned long nfds_t; - -struct pollfd { - int fd; - short int events; - short int revents; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/pthread.h b/rust-sgx-sdk/common/inc/pthread.h deleted file mode 100644 index e79668ff..00000000 --- a/rust-sgx-sdk/common/inc/pthread.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _SYS_THREAD_H_ -#define _SYS_THREAD_H_ - -/* Thread identifiers. The structure of the attribute type is not - exposed on purpose. */ -typedef unsigned long int pthread_t; - -#if defined __x86_64__ && !defined __ILP32__ -# define __WORDSIZE 64 -#else -# define __WORDSIZE 32 -#define __WORDSIZE32_SIZE_ULONG 0 -#define __WORDSIZE32_PTRDIFF_LONG 0 -#endif - -#ifdef __x86_64__ -# if __WORDSIZE == 64 -# define __SIZEOF_PTHREAD_ATTR_T 56 -# else -# define __SIZEOF_PTHREAD_ATTR_T 32 -#endif - -union pthread_attr_t -{ - char __size[__SIZEOF_PTHREAD_ATTR_T]; - long int __align; -}; -#ifndef __have_pthread_attr_t -typedef union pthread_attr_t pthread_attr_t; -# define __have_pthread_attr_t 1 -#endif - -#endif -#endif diff --git a/rust-sgx-sdk/common/inc/pwd.h b/rust-sgx-sdk/common/inc/pwd.h deleted file mode 100644 index a45b145a..00000000 --- a/rust-sgx-sdk/common/inc/pwd.h +++ /dev/null @@ -1,40 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _PWD_H -#define _PWD_H - -struct passwd { - char *pw_name; - char *pw_passwd; - __uid_t pw_uid; - __gid_t pw_gid; - char *pw_gecos; - char *pw_dir; - char *pw_shell; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/sched.h b/rust-sgx-sdk/common/inc/sched.h deleted file mode 100644 index 4d237c40..00000000 --- a/rust-sgx-sdk/common/inc/sched.h +++ /dev/null @@ -1,62 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license.s -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SCHED_H -#define _SCHED_H -#include - -typedef struct { - unsigned long __bits[128/sizeof(long)]; -} cpu_set_t; - -#define __CPU_op_S(i, size, set, op) ( (i)/8U >= (size) ? 0 : \ - (((unsigned long *)(set))[(i)/8/sizeof(long)] op (1UL<<((i)%(8*sizeof(long))))) ) - -#define CPU_SET_S(i, size, set) __CPU_op_S(i, size, set, |=) -#define CPU_CLR_S(i, size, set) __CPU_op_S(i, size, set, &=~) -#define CPU_ISSET_S(i, size, set) __CPU_op_S(i, size, set, &) - -#define __CPU_op_func_S(func, op) \ -static __inline void __CPU_##func##_S(size_t __size, cpu_set_t *__dest, \ - const cpu_set_t *__src1, const cpu_set_t *__src2) \ -{ \ - size_t __i; \ - for (__i=0; __i<__size/sizeof(long); __i++) \ - ((unsigned long *)__dest)[__i] = ((unsigned long *)__src1)[__i] \ - op ((unsigned long *)__src2)[__i] ; \ -} - -__CPU_op_func_S(AND, &) -__CPU_op_func_S(OR, |) -__CPU_op_func_S(XOR, ^) - -#define CPU_AND_S(a,b,c,d) __CPU_AND_S(a,b,c,d) -#define CPU_OR_S(a,b,c,d) __CPU_OR_S(a,b,c,d) -#define CPU_XOR_S(a,b,c,d) __CPU_XOR_S(a,b,c,d) - -typedef __pid_t pid_t; - -#endif diff --git a/rust-sgx-sdk/common/inc/setjmp.h b/rust-sgx-sdk/common/inc/setjmp.h deleted file mode 100644 index 752f0cf7..00000000 --- a/rust-sgx-sdk/common/inc/setjmp.h +++ /dev/null @@ -1,65 +0,0 @@ -/* $NetBSD: setjmp.h,v 1.26 2011/11/05 09:27:06 joerg Exp $ */ - -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)setjmp.h 8.2 (Berkeley) 1/21/94 - */ - -#ifndef _SETJMP_H_ -#define _SETJMP_H_ - -#ifndef _JB_ATTRIBUTES -#define _JB_ATTRIBUTES /**/ -#else -#endif -#ifndef _BSD_JBSLOT_T_ -#define _BSD_JBSLOT_T_ long -#endif - -#define _JBLEN 8 - -typedef _BSD_JBSLOT_T_ jmp_buf[_JBLEN] _JB_ATTRIBUTES; - -#include -#define __returns_twice __attribute__((__returns_twice__)) -#define __dead - - -__BEGIN_DECLS -int setjmp(jmp_buf) __returns_twice; -void longjmp(jmp_buf, int) __dead; -__END_DECLS - -#endif /* !_SETJMP_H_ */ - diff --git a/rust-sgx-sdk/common/inc/signal.h b/rust-sgx-sdk/common/inc/signal.h deleted file mode 100644 index c0da74f4..00000000 --- a/rust-sgx-sdk/common/inc/signal.h +++ /dev/null @@ -1,104 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license.s -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SIGNAL_H -#define _SIGNAL_H - -#include - -typedef struct { - unsigned long _bits[128/sizeof(long)]; -} __sigset_t; - -typedef __sigset_t sigset_t; - -union sigval { - int sival_int; - void *sival_ptr; -}; - -typedef struct { - int si_signo; - int si_errno; - int si_code; - union { - char __pad[128 - 2*sizeof(int) - sizeof(long)]; - struct { - union { - struct { - __pid_t si_pid; - __uid_t si_uid; - } __piduid; - struct { - int si_timerid; - int si_overrun; - } __timer; - } __first; - union { - union sigval si_value; - struct { - int si_status; - __clock_t si_utime, si_stime; - } __sigchld; - } __second; - } __si_common; - struct { - void *si_addr; - short si_addr_lsb; - union { - struct { - void *si_lower; - void *si_upper; - } __addr_bnd; - unsigned si_pkey; - } __first; - } __sigfault; - struct { - long si_band; - int si_fd; - } __sigpoll; - struct { - void *si_call_addr; - int si_syscall; - unsigned si_arch; - } __sigsys; - } __si_fields; -} siginfo_t; - -struct sigaction { - union { - void (*sa_handler) (int); - void (*sa_sigaction) (int, siginfo_t *, void *); - } __sa_handler; - __sigset_t sa_mask; - int sa_flags; - void (*sa_restorer) (void); -}; - -#define sa_handler __sa_handler.sa_handler -#define sa_sigaction __sa_handler.sa_sigaction - -#endif diff --git a/rust-sgx-sdk/common/inc/stdarg.h b/rust-sgx-sdk/common/inc/stdarg.h deleted file mode 100644 index b2a5d36e..00000000 --- a/rust-sgx-sdk/common/inc/stdarg.h +++ /dev/null @@ -1,48 +0,0 @@ -/* $OpenBSD: stdarg.h,v 1.14 2010/12/30 05:01:36 tedu Exp $ */ -/* $NetBSD: stdarg.h,v 1.12 1995/12/25 23:15:31 mycroft Exp $ */ - -/*- - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)stdarg.h 8.1 (Berkeley) 6/10/93 - */ - -#ifndef _STDARG_H_ -#define _STDARG_H_ - -#include -#include - -typedef __va_list va_list; - -#define va_start(ap, last) __builtin_va_start((ap), last) -#define va_end __builtin_va_end -#define va_arg __builtin_va_arg -#define va_copy(dst, src) __builtin_va_copy((dst),(src)) - -#endif /* !_STDARG_H_ */ diff --git a/rust-sgx-sdk/common/inc/stdbool.h b/rust-sgx-sdk/common/inc/stdbool.h deleted file mode 100644 index 86b866d5..00000000 --- a/rust-sgx-sdk/common/inc/stdbool.h +++ /dev/null @@ -1,44 +0,0 @@ -/* $OpenBSD: stdbool.h,v 1.5 2010/07/24 22:17:03 guenther Exp $ */ - -/* - * Written by Marc Espie, September 25, 1999 - * Public domain. - */ - -#ifndef _STDBOOL_H_ -#define _STDBOOL_H_ - -#ifndef __cplusplus - -#ifndef __GNUC__ -/* Support for _C99: type _Bool is already built-in. */ -/* `_Bool' type must promote to `int' or `unsigned int'. */ -typedef enum { - false = 0, - true = 1 -} _Bool; - -/* And those constants must also be available as macros. */ -# define false false -# define true true -#else /* __GNUC__ */ -# define false 0 -# define true 1 -#endif - -/* User visible type `bool' is provided as a macro which may be redefined */ -#define bool _Bool - -#else /* __cplusplus */ - -# define _Bool bool -# define bool bool -# define false false -# define true true - -#endif - -/* Inform that everything is fine */ -#define __bool_true_false_are_defined 1 - -#endif /* _STDBOOL_H_ */ diff --git a/rust-sgx-sdk/common/inc/stddef.h b/rust-sgx-sdk/common/inc/stddef.h deleted file mode 100644 index c1328824..00000000 --- a/rust-sgx-sdk/common/inc/stddef.h +++ /dev/null @@ -1,70 +0,0 @@ -/* $OpenBSD: stddef.h,v 1.10 2009/09/22 21:40:02 jsg Exp $ */ -/* $NetBSD: stddef.h,v 1.4 1994/10/26 00:56:26 cgd Exp $ */ - -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)stddef.h 5.5 (Berkeley) 4/3/91 - */ - -#ifndef _STDDEF_H_ -#define _STDDEF_H_ - -#include -#include - -#ifndef _PTRDIFF_T_DEFINED_ -#define _PTRDIFF_T_DEFINED_ -typedef __ptrdiff_t ptrdiff_t; -#endif - -#ifndef _SIZE_T_DEFINED_ -#define _SIZE_T_DEFINED_ -typedef __size_t size_t; -#endif - -#if !defined(_WCHAR_T_DEFINED_) && !defined(__cplusplus) -#define _WCHAR_T_DEFINED_ -#ifndef __WCHAR_TYPE__ -#define __WCHAR_TYPE__ int -#endif -typedef __WCHAR_TYPE__ wchar_t; -#endif - -#ifndef NULL -#ifdef __cplusplus -#define NULL 0 -#else -#define NULL ((void *)0) -#endif -#endif - -#define offsetof(type, member) ((size_t)(&((type *)0)->member)) - -#endif /* _STDDEF_H_ */ - diff --git a/rust-sgx-sdk/common/inc/stdint.h b/rust-sgx-sdk/common/inc/stdint.h deleted file mode 100644 index e5744840..00000000 --- a/rust-sgx-sdk/common/inc/stdint.h +++ /dev/null @@ -1,24 +0,0 @@ -/* $OpenBSD: stdint.h,v 1.4 2006/12/10 22:17:55 deraadt Exp $ */ - -/* - * Copyright (c) 1997, 2005 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _STDINT_H_ -#define _STDINT_H_ - -#include - -#endif /* _STDINT_H_ */ diff --git a/rust-sgx-sdk/common/inc/stdio.h b/rust-sgx-sdk/common/inc/stdio.h deleted file mode 100644 index 92d01a0d..00000000 --- a/rust-sgx-sdk/common/inc/stdio.h +++ /dev/null @@ -1,95 +0,0 @@ -/* $OpenBSD: stdio.h,v 1.38 2009/11/09 00:18:27 kurt Exp $ */ -/* $NetBSD: stdio.h,v 1.18 1996/04/25 18:29:21 jtc Exp $ */ - -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Chris Torek. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)stdio.h 5.17 (Berkeley) 6/3/91 - */ - -#ifndef _STDIO_H_ -#define _STDIO_H_ - -#include -#include - -#include - -#ifndef _SIZE_T_DEFINED_ -typedef __size_t size_t; -#define _SIZE_T_DEFINED_ -#endif - -#ifndef NULL -# ifdef __cplusplus -# define NULL 0 -# else -# define NULL ((void *)0) -# endif -#endif - -# define BUFSIZ 8192 - -#define EOF (-1) - -__BEGIN_DECLS - -int _TLIBC_CDECL_ snprintf(char *, size_t, const char *, ...) _GCC_PRINTF_FORMAT_(3, 4); -int _TLIBC_CDECL_ vsnprintf(char *, size_t, const char *, __va_list) _GCC_PRINTF_FORMAT_(3, 0); - -/* - * Deprecated definitions. - */ -#if 0 /* No FILE */ -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, fprintf, FILE *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, putc, int, FILE *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, fputc, int, FILE *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, fputs, const char *, FILE *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, fscanf, FILE *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(size_t _TLIBC_CDECL_, fwrite, const void *, size_t, size_t, FILE *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, printf, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, putchar, int); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, puts, const char *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, scanf, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, sprintf, char *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, sscanf, const char *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vfprintf, FILE *, const char *, __va_list); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vfscanf, FILE *, const char *, __va_list); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vprintf, const char *, __va_list); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vscanf, const char *, __va_list); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vsprintf, char *, const char *, __va_list); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, vsscanf, const char *, const char *, __va_list); -#endif - -__END_DECLS - - -#endif /* !_STDIO_H_ */ diff --git a/rust-sgx-sdk/common/inc/stdlib.h b/rust-sgx-sdk/common/inc/stdlib.h deleted file mode 100644 index e5b63653..00000000 --- a/rust-sgx-sdk/common/inc/stdlib.h +++ /dev/null @@ -1,153 +0,0 @@ -/* $OpenBSD: stdlib.h,v 1.47 2010/05/18 22:24:55 tedu Exp $ */ -/* $NetBSD: stdlib.h,v 1.25 1995/12/27 21:19:08 jtc Exp $ */ - -/*- -* Copyright (c) 1990 The Regents of the University of California. -* All rights reserved. -* -* Redistribution and use in source and binary forms, with or without -* modification, are permitted provided that the following conditions -* are met: -* 1. Redistributions of source code must retain the above copyright -* notice, this list of conditions and the following disclaimer. -* 2. Redistributions in binary form must reproduce the above copyright -* notice, this list of conditions and the following disclaimer in the -* documentation and/or other materials provided with the distribution. -* 3. Neither the name of the University nor the names of its contributors -* may be used to endorse or promote products derived from this software -* without specific prior written permission. -* -* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND -* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE -* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL -* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS -* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) -* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT -* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY -* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF -* SUCH DAMAGE. -* -* @(#)stdlib.h 5.13 (Berkeley) 6/4/91 -*/ - -#ifndef _STDLIB_H_ -#define _STDLIB_H_ - -#include -#include - -#ifndef _SIZE_T_DEFINED_ -#define _SIZE_T_DEFINED_ -typedef __size_t size_t; -#endif - -#if !defined(_WCHAR_T_DEFINED_) && !defined(__cplusplus) -#define _WCHAR_T_DEFINED_ -#ifndef __WCHAR_TYPE__ -#define __WCHAR_TYPE__ int -#endif -typedef __WCHAR_TYPE__ wchar_t; -#endif - -#ifndef _DIV_T_DEFINED -typedef struct { - int quot; /* quotient */ - int rem; /* remainder */ -} div_t; - -typedef struct { - long quot; /* quotient */ - long rem; /* remainder */ -} ldiv_t; - -typedef struct { - long long quot; /* quotient */ - long long rem; /* remainder */ -} lldiv_t; -#define _DIV_T_DEFINED -#endif - -#ifndef NULL -#ifdef __cplusplus -#define NULL 0 -#else -#define NULL ((void *)0) -#endif -#endif - -#define EXIT_FAILURE 1 -#define EXIT_SUCCESS 0 - -#define RAND_MAX 0x7fffffff -#define MB_CUR_MAX 1 - -__BEGIN_DECLS - -_TLIBC_NORETURN_ void _TLIBC_CDECL_ abort(void); -int _TLIBC_CDECL_ atexit(void (*)(void)); -int _TLIBC_CDECL_ abs(int); -double _TLIBC_CDECL_ atof(const char *); -int _TLIBC_CDECL_ atoi(const char *); -long _TLIBC_CDECL_ atol(const char *); -void * _TLIBC_CDECL_ bsearch(const void *, const void *, size_t, size_t, int (*)(const void *, const void *)); -void * _TLIBC_CDECL_ calloc(size_t, size_t); -div_t _TLIBC_CDECL_ div(int, int); -void _TLIBC_CDECL_ free(void *); -long _TLIBC_CDECL_ labs(long); -ldiv_t _TLIBC_CDECL_ ldiv(long, long); -void * _TLIBC_CDECL_ malloc(size_t); -void * _TLIBC_CDECL_ memalign(size_t, size_t); -void _TLIBC_CDECL_ qsort(void *, size_t, size_t, int (*)(const void *, const void *)); -void * _TLIBC_CDECL_ realloc(void *, size_t); -double _TLIBC_CDECL_ strtod(const char *, char **); -long _TLIBC_CDECL_ strtol(const char *, char **, int); -float _TLIBC_CDECL_ strtof(const char *, char **); - -long long - _TLIBC_CDECL_ atoll(const char *); -long long - _TLIBC_CDECL_ llabs(long long); -lldiv_t - _TLIBC_CDECL_ lldiv(long long, long long); -long long - _TLIBC_CDECL_ strtoll(const char *, char **, int); -unsigned long - _TLIBC_CDECL_ strtoul(const char *, char **, int); -long double - _TLIBC_CDECL_ strtold(const char *, char **); -unsigned long long - _TLIBC_CDECL_ strtoull(const char *, char **, int); - -int _TLIBC_CDECL_ mblen(const char *, size_t); -size_t _TLIBC_CDECL_ mbstowcs(wchar_t *, const char *, size_t); -int _TLIBC_CDECL_ wctomb(char *, wchar_t); -int _TLIBC_CDECL_ mbtowc(wchar_t *, const char *, size_t); -size_t _TLIBC_CDECL_ wcstombs(char *, const wchar_t *, size_t); - - -/* - * Deprecated C99. - */ -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, atexit, void (_TLIBC_CDECL_ *)(void)); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, rand, void); -_TLIBC_DEPRECATED_FUNCTION_(void _TLIBC_CDECL_, srand, unsigned); -_TLIBC_DEPRECATED_FUNCTION_(void _TLIBC_CDECL_, exit, int); -_TLIBC_DEPRECATED_FUNCTION_(void _TLIBC_CDECL_, _Exit, int); -_TLIBC_DEPRECATED_FUNCTION_(char * _TLIBC_CDECL_, getenv, const char *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, system, const char *); - -/* - * Non-C99 Functions. - */ -void * _TLIBC_CDECL_ alloca(size_t); - -/* - * Deprecated Non-C99. - */ -//_TLIBC_DEPRECATED_FUNCTION_(void _TLIBC_CDECL_, _exit, int); - -__END_DECLS - -#endif /* !_STDLIB_H_ */ diff --git a/rust-sgx-sdk/common/inc/string.h b/rust-sgx-sdk/common/inc/string.h deleted file mode 100644 index 00a89fde..00000000 --- a/rust-sgx-sdk/common/inc/string.h +++ /dev/null @@ -1,130 +0,0 @@ -/* $OpenBSD: string.h,v 1.20 2010/09/24 13:33:00 matthew Exp $ */ -/* $NetBSD: string.h,v 1.6 1994/10/26 00:56:30 cgd Exp $ */ - -/*- - * Copyright (c) 1990 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)string.h 5.10 (Berkeley) 3/9/91 - */ - -#ifndef _STRING_H_ -#define _STRING_H_ - -#include -#include - -#ifndef _SIZE_T_DEFINED_ -typedef __size_t size_t; -#define _SIZE_T_DEFINED_ -#endif - -#ifndef _ERRNO_T_DEFINED -#define _ERRNO_T_DEFINED -typedef int errno_t; -#endif - -#ifndef NULL -#ifdef __cplusplus -#define NULL 0 -#else -#define NULL ((void *)0) -#endif -#endif - -__BEGIN_DECLS - -void * _TLIBC_CDECL_ memchr(const void *, int, size_t); -int _TLIBC_CDECL_ memcmp(const void *, const void *, size_t); -void * _TLIBC_CDECL_ memcpy_nochecks(void *, const void *, size_t); -void * _TLIBC_CDECL_ memcpy(void *, const void *, size_t); -void * _TLIBC_CDECL_ memcpy_verw(void *, const void *, size_t); -void * _TLIBC_CDECL_ memmove(void *, const void *, size_t); -void * _TLIBC_CDECL_ memmove_verw(void *, const void *, size_t); -void * _TLIBC_CDECL_ memset(void *, int, size_t); -void * _TLIBC_CDECL_ memset_verw(void *, int, size_t); -char * _TLIBC_CDECL_ strchr(const char *, int); -int _TLIBC_CDECL_ strcmp(const char *, const char *); -int _TLIBC_CDECL_ strcoll(const char *, const char *); -size_t _TLIBC_CDECL_ strcspn(const char *, const char *); -char * _TLIBC_CDECL_ strerror(int); -size_t _TLIBC_CDECL_ strlen(const char *); -char * _TLIBC_CDECL_ strncat(char *, const char *, size_t); -int _TLIBC_CDECL_ strncmp(const char *, const char *, size_t); -char * _TLIBC_CDECL_ strncpy(char *, const char *, size_t); -char * _TLIBC_CDECL_ strpbrk(const char *, const char *); -char * _TLIBC_CDECL_ strrchr(const char *, int); -size_t _TLIBC_CDECL_ strspn(const char *, const char *); -char * _TLIBC_CDECL_ strstr(const char *, const char *); -char * _TLIBC_CDECL_ strtok(char *, const char *); -size_t _TLIBC_CDECL_ strxfrm(char *, const char *, size_t); -size_t _TLIBC_CDECL_ strlcpy(char *, const char *, size_t); -errno_t _TLIBC_CDECL_ memset_s(void *s, size_t smax, int c, size_t n); -errno_t _TLIBC_CDECL_ memset_verw_s(void *s, size_t smax, int c, size_t n); - -/* - * Deprecated C99. - */ -_TLIBC_DEPRECATED_FUNCTION_(char * _TLIBC_CDECL_, strcat, char *, const char *); -_TLIBC_DEPRECATED_FUNCTION_(char * _TLIBC_CDECL_, strcpy, char *, const char *); - -/* - * Common used non-C99 functions. - */ -char * _TLIBC_CDECL_ strndup(const char *, size_t); -size_t _TLIBC_CDECL_ strnlen(const char *, size_t); -int _TLIBC_CDECL_ consttime_memequal(const void *b1, const void *b2, size_t len); - -/* - * Non-C99 - */ -int _TLIBC_CDECL_ bcmp(const void *, const void *, size_t); -void _TLIBC_CDECL_ bcopy(const void *, void *, size_t); -void _TLIBC_CDECL_ bzero(void *, size_t); -char * _TLIBC_CDECL_ index(const char *, int); -void * _TLIBC_CDECL_ mempcpy(void *, const void *, size_t); -char * _TLIBC_CDECL_ rindex(const char *, int); -char * _TLIBC_CDECL_ stpncpy(char *dest, const char *src, size_t n); -int _TLIBC_CDECL_ strcasecmp(const char *, const char *); -int _TLIBC_CDECL_ strncasecmp(const char *, const char *, size_t); - -int _TLIBC_CDECL_ ffs(int); -int _TLIBC_CDECL_ ffsl(long int); -int _TLIBC_CDECL_ ffsll(long long int); - -char * _TLIBC_CDECL_ strtok_r(char *, const char *, char **); -int _TLIBC_CDECL_ strerror_r(int, char *, size_t); - -/* - * Deprecated Non-C99. - */ -_TLIBC_DEPRECATED_FUNCTION_(char * _TLIBC_CDECL_, strdup, const char *); -_TLIBC_DEPRECATED_FUNCTION_(char * _TLIBC_CDECL_, stpcpy, char *dest, const char *src); - -__END_DECLS - -#endif /* _STRING_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/_types.h b/rust-sgx-sdk/common/inc/sys/_types.h deleted file mode 100644 index 5dc6d5bb..00000000 --- a/rust-sgx-sdk/common/inc/sys/_types.h +++ /dev/null @@ -1,168 +0,0 @@ -/* $OpenBSD: _types.h,v 1.2 2008/03/16 19:42:57 otto Exp $ */ - -/*- - * Copyright (c) 1990, 1993 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)types.h 8.3 (Berkeley) 1/5/94 - */ - -#ifndef _SYS__TYPES_H_ -#define _SYS__TYPES_H_ - -#include -/* 7.18.1.1 Exact-width integer types */ -typedef signed char __int8_t; -typedef unsigned char __uint8_t; -typedef short __int16_t; -typedef unsigned short __uint16_t; -typedef int __int32_t; -typedef unsigned int __uint32_t; -#ifdef __x86_64__ -typedef long __int64_t; -typedef unsigned long __uint64_t; -#else -typedef long long __int64_t; -typedef unsigned long long __uint64_t; -#endif - -/* 7.18.1.2 Minimum-width integer types */ -typedef __int8_t __int_least8_t; -typedef __uint8_t __uint_least8_t; -typedef __int16_t __int_least16_t; -typedef __uint16_t __uint_least16_t; -typedef __int32_t __int_least32_t; -typedef __uint32_t __uint_least32_t; -typedef __int64_t __int_least64_t; -typedef __uint64_t __uint_least64_t; - -/* 7.18.1.3 Fastest minimum-width integer types */ -typedef __int8_t __int_fast8_t; -typedef __uint8_t __uint_fast8_t; -#ifdef __x86_64__ -/* Linux x86_64, from stdint.h */ -typedef long int __int_fast16_t; -typedef unsigned long int __uint_fast16_t; -typedef long int __int_fast32_t; -typedef unsigned long int __uint_fast32_t; -typedef long int __int_fast64_t; -typedef unsigned long int __uint_fast64_t; -#else -/* Android x86, and Linux x86 */ -typedef __int32_t __int_fast16_t; -typedef __uint32_t __uint_fast16_t; -typedef __int32_t __int_fast32_t; -typedef __uint32_t __uint_fast32_t; -typedef __int64_t __int_fast64_t; -typedef __uint64_t __uint_fast64_t; -#endif - -typedef long __off_t; -#ifdef __x86_64__ -typedef long int __off64_t; -#else -typedef long long int __off64_t; -#endif - -/* 7.18.1.4 Integer types capable of holding object pointers */ -#ifdef __i386__ -typedef __int32_t __intptr_t; -typedef __uint32_t __uintptr_t; -typedef __int32_t __ptrdiff_t; -/* Standard system types */ -typedef __uint32_t __size_t; -typedef __int32_t __ssize_t; -typedef long double __double_t; -typedef long double __float_t; -#else -typedef __int64_t __intptr_t; -typedef __uint64_t __uintptr_t; -typedef __int64_t __ptrdiff_t; - -/* Standard system types */ -typedef unsigned long __size_t; -typedef long __ssize_t; -typedef double __double_t; -typedef float __float_t; - -#endif /* !__i386__ */ - -typedef long __clock_t; - -typedef long __time_t; -typedef __builtin_va_list __va_list; -typedef unsigned int __wint_t; -/* wctype_t and wctrans_t are defined in wchar.h */ -typedef unsigned long int __wctype_t; -typedef int * __wctrans_t; - -/* - * mbstate_t is an opaque object to keep conversion state, during multibyte - * stream conversions. The content must not be referenced by user programs. - */ -/* For Linux, __mbstate_t is defined in wchar.h */ -typedef struct { - int __c; - union { - __wint_t __wc; - char __wcb[4]; - } __v; -} __mbstate_t; - -/* 7.18.1.5 Greatest-width integer types */ -typedef __int64_t __intmax_t; -typedef __uint64_t __uintmax_t; - - -typedef unsigned long int __ino_t; -typedef unsigned int __mode_t; -typedef unsigned int __uid_t; -typedef unsigned int __gid_t; -typedef long int __blksize_t; -typedef long int __blkcnt_t; - -#ifdef __x86_64__ -typedef unsigned long int __dev_t; -typedef long int __off64_t; -typedef unsigned long int __nlink_t; -typedef long int __blkcnt64_t; -typedef unsigned long int __ino64_t; -#else -typedef unsigned long long int __dev_t; -typedef long long int __off64_t; -typedef unsigned int __nlink_t; -typedef long long int __blkcnt64_t; -typedef unsigned long long int __ino64_t; -#endif - -typedef unsigned int __socklen_t; -typedef int __pid_t; -typedef long __cpu_mask; -#endif /* !_SYS__TYPES_H_ */ - - - diff --git a/rust-sgx-sdk/common/inc/sys/cdefs.h b/rust-sgx-sdk/common/inc/sys/cdefs.h deleted file mode 100644 index 71c3c1ce..00000000 --- a/rust-sgx-sdk/common/inc/sys/cdefs.h +++ /dev/null @@ -1,132 +0,0 @@ -/* $OpenBSD: cdefs.h,v 1.34 2012/08/14 20:11:37 matthew Exp $ */ -/* $NetBSD: cdefs.h,v 1.16 1996/04/03 20:46:39 christos Exp $ */ - -/* - * Copyright (c) 1991, 1993 - * The Regents of the University of California. All rights reserved. - * - * This code is derived from software contributed to Berkeley by - * Berkeley Software Design, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)cdefs.h 8.7 (Berkeley) 1/21/94 - */ - -#ifndef _SYS_CDEFS_H_ -#define _SYS_CDEFS_H_ - -/* Declaration field in C/C++ headers */ -#if defined(__cplusplus) -# define __BEGIN_DECLS extern "C" { -# define __END_DECLS } -#else -# define __BEGIN_DECLS -# define __END_DECLS -#endif - -#if defined(__STDC__) || defined(__cplusplus) -# define __CONCAT(x,y) x ## y -# define __STRING(x) #x -#else -# define __CONCAT(x,y) x/**/y -# define __STRING(x) "x" -#endif -/* - * Macro to test if we're using a specific version of gcc or later. - */ -#if defined __GNUC__ && defined __GNUC_MINOR_ -# define __GNUC_PREREQ__(ma, mi) \ - ((__GNUC__ > (ma)) || (__GNUC__ == (ma) && __GNUC_MINOR__ >= (mi))) -#else -# define __GNUC_PREREQ__(ma, mi) 0 -#endif - -/* Calling Convention: cdecl */ -#define _TLIBC_CDECL_ - -/* Thread Directive */ -#define _TLIBC_THREAD_ /* __thread */ - -/* Deprecated Warnings */ -#define _TLIBC_DEPRECATED_MSG(x) __STRING(x)" is deprecated in tlibc." -#define _TLIBC_DEPRECATED_(x) __attribute__((deprecated(_TLIBC_DEPRECATED_MSG(x)))) - -#ifndef _TLIBC_WARN_DEPRECATED_FUNCTIONS_ -# define _TLIBC_DEPRECATED_FUNCTION_(__ret, __func, ...) -#else -# define _TLIBC_DEPRECATED_FUNCTION_(__ret, __func, ...) \ - _TLIBC_DEPRECATED_(__func) \ - __ret __func(__VA_ARGS__) -#endif - -/* Static analysis for printf format strings. - * _MSC_PRINTF_FORMAT_: MSVC SAL annotation for specifying format strings. - * _GCC_PRINTF_FORMAT_(x, y): GCC declaring attribute for checking format strings. - * x - index of the format string. In C++ non-static method, index 1 is reseved for 'this'. - * y - index of first variadic agrument in '...'. - */ -#define _GCC_PRINTF_FORMAT_(x, y) __attribute__((__format__ (printf, x, y))) - -/* Attribute - noreturn */ -#define _TLIBC_NORETURN_ __attribute__ ((__noreturn__)) - -/* - * GNU C version 2.96 adds explicit branch prediction so that - * the CPU back-end can hint the processor and also so that - * code blocks can be reordered such that the predicted path - * sees a more linear flow, thus improving cache behavior, etc. - * - * The following two macros provide us with a way to utilize this - * compiler feature. Use __predict_true() if you expect the expression - * to evaluate to true, and __predict_false() if you expect the - * expression to evaluate to false. - * - * A few notes about usage: - * - * * Generally, __predict_false() error condition checks (unless - * you have some _strong_ reason to do otherwise, in which case - * document it), and/or __predict_true() `no-error' condition - * checks, assuming you want to optimize for the no-error case. - * - * * Other than that, if you don't know the likelihood of a test - * succeeding from empirical or other `hard' evidence, don't - * make predictions. - * - * * These are meant to be used in places that are run `a lot'. - * It is wasteful to make predictions in code that is run - * seldomly (e.g. at subsystem initialization time) as the - * basic block reordering that this affects can often generate - * larger code. - */ -#if defined(__GNUC__) && __GNUC_PREREQ__(2, 96) -#define __predict_true(exp) __builtin_expect(((exp) != 0), 1) -#define __predict_false(exp) __builtin_expect(((exp) != 0), 0) -#else -#define __predict_true(exp) ((exp) != 0) -#define __predict_false(exp) ((exp) != 0) -#endif - -#endif /* !_SYS_CDEFS_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/endian.h b/rust-sgx-sdk/common/inc/sys/endian.h deleted file mode 100644 index 1cd7b810..00000000 --- a/rust-sgx-sdk/common/inc/sys/endian.h +++ /dev/null @@ -1,54 +0,0 @@ -/* $OpenBSD: endian.h,v 1.18 2006/03/27 07:09:24 otto Exp $ */ - -/*- - * Copyright (c) 1997 Niklas Hallqvist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - -/* - * Generic definitions for little- and big-endian systems. Other endianesses - * has to be dealt with in the specific machine/endian.h file for that port. - * - * This file is meant to be included from a little- or big-endian port's - * machine/endian.h after setting _BYTE_ORDER to either 1234 for little endian - * or 4321 for big.. - */ - -#ifndef _SYS_ENDIAN_H_ -#define _SYS_ENDIAN_H_ - -#define _LITTLE_ENDIAN 1234 -#define _BIG_ENDIAN 4321 -#define _PDP_ENDIAN 3412 -#define _BYTE_ORDER _LITTLE_ENDIAN - -#define LITTLE_ENDIAN _LITTLE_ENDIAN -#define BIG_ENDIAN _BIG_ENDIAN -#define PDP_ENDIAN _PDP_ENDIAN -#define BYTE_ORDER _BYTE_ORDER - -#define __BYTE_ORDER _BYTE_ORDER -#define __BIG_ENDIAN _BIG_ENDIAN -#define __LITTLE_ENDIAN _LITTLE_ENDIAN - -#endif /* _SYS_ENDIAN_H_ */ - diff --git a/rust-sgx-sdk/common/inc/sys/epoll.h b/rust-sgx-sdk/common/inc/sys/epoll.h deleted file mode 100644 index 958a4c4f..00000000 --- a/rust-sgx-sdk/common/inc/sys/epoll.h +++ /dev/null @@ -1,42 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SYS_EPOLL_H -#define _SYS_EPOLL_H - -typedef union epoll_data { - void *ptr; - int fd; - uint32_t u32; - uint64_t u64; -} epoll_data_t; - -struct epoll_event { - uint32_t events; - epoll_data_t data; -} __attribute__ ((__packed__)); - -#endif diff --git a/rust-sgx-sdk/common/inc/sys/ieee.h b/rust-sgx-sdk/common/inc/sys/ieee.h deleted file mode 100644 index eab3b975..00000000 --- a/rust-sgx-sdk/common/inc/sys/ieee.h +++ /dev/null @@ -1,145 +0,0 @@ -/* $OpenBSD: ieee.h,v 1.2 2008/09/07 20:36:06 martynas Exp $ */ -/* $NetBSD: ieee.h,v 1.1 1996/09/30 16:34:25 ws Exp $ */ - -/* - * Copyright (c) 1992, 1993 - * The Regents of the University of California. All rights reserved. - * - * This software was developed by the Computer Systems Engineering group - * at Lawrence Berkeley Laboratory under DARPA contract BG 91-66 and - * contributed to Berkeley. - * - * All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Lawrence Berkeley Laboratory. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)ieee.h 8.1 (Berkeley) 6/11/93 - */ - -/* - * ieee.h defines the machine-dependent layout of the machine's IEEE - * floating point. It does *not* define (yet?) any of the rounding - * mode bits, exceptions, and so forth. - */ - -/* - * Define the number of bits in each fraction and exponent. - * - * k k+1 - * Note that 1.0 x 2 == 0.1 x 2 and that denorms are represented - * - * (-exp_bias+1) - * as fractions that look like 0.fffff x 2 . This means that - * - * -126 - * the number 0.10000 x 2 , for instance, is the same as the normalized - * - * -127 -128 - * float 1.0 x 2 . Thus, to represent 2 , we need one leading zero - * - * -129 - * in the fraction; to represent 2 , we need two, and so on. This - * - * (-exp_bias-fracbits+1) - * implies that the smallest denormalized number is 2 - * - * for whichever format we are talking about: for single precision, for - * - * -126 -149 - * instance, we get .00000000000000000000001 x 2 , or 1.0 x 2 , and - * - * -149 == -127 - 23 + 1. - */ - -#include - -#define SNG_EXPBITS 8 -#define SNG_FRACBITS 23 - -#define DBL_EXPBITS 11 -#define DBL_FRACHBITS 20 -#define DBL_FRACLBITS 32 -#define DBL_FRACBITS 52 - -#define EXT_EXPBITS 15 -#define EXT_FRACHBITS 32 -#define EXT_FRACLBITS 32 -#define EXT_FRACBITS 64 - -#define EXT_TO_ARRAY32(p, a) do { \ - (a)[0] = (uint32_t)(p)->ext_fracl; \ - (a)[1] = (uint32_t)(p)->ext_frach; \ -} while(0) - -struct ieee_single { - u_int sng_frac:23; - u_int sng_exp:8; - u_int sng_sign:1; -}; - -struct ieee_double { - u_int dbl_fracl; - u_int dbl_frach:20; - u_int dbl_exp:11; - u_int dbl_sign:1; -}; - -struct ieee_ext { - u_int ext_fracl; - u_int ext_frach; - u_int ext_exp:15; - u_int ext_sign:1; - u_int ext_padl:16; - u_int ext_padh; -}; - -/* - * Floats whose exponent is in [1..INFNAN) (of whatever type) are - * `normal'. Floats whose exponent is INFNAN are either Inf or NaN. - * Floats whose exponent is zero are either zero (iff all fraction - * bits are zero) or subnormal values. - * - * A NaN is a `signalling NaN' if its QUIETNAN bit is clear in its - * high fraction; if the bit is set, it is a `quiet NaN'. - */ -#define SNG_EXP_INFNAN 255 -#define DBL_EXP_INFNAN 2047 -#define EXT_EXP_INFNAN 32767 - -#if 0 -#define SNG_QUIETNAN (1 << 22) -#define DBL_QUIETNAN (1 << 19) -#define EXT_QUIETNAN (1 << 15) -#endif - -/* - * Exponent biases. - */ -#define SNG_EXP_BIAS 127 -#define DBL_EXP_BIAS 1023 -#define EXT_EXP_BIAS 16383 diff --git a/rust-sgx-sdk/common/inc/sys/limits.h b/rust-sgx-sdk/common/inc/sys/limits.h deleted file mode 100644 index 3d1f9673..00000000 --- a/rust-sgx-sdk/common/inc/sys/limits.h +++ /dev/null @@ -1,77 +0,0 @@ -/* $OpenBSD: limits.h,v 1.8 2009/11/27 19:54:35 guenther Exp $ */ -/* - * Copyright (c) 2002 Marc Espie. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE OPENBSD PROJECT AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OPENBSD - * PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ -#ifndef _SYS_LIMITS_H_ -#define _SYS_LIMITS_H_ - -#include - -/* Common definitions for limits.h. */ - -#define CHAR_BIT 8 /* number of bits in a char */ - -#define SCHAR_MAX 0x7f /* max value for a signed char */ -#define SCHAR_MIN (-0x7f - 1) /* min value for a signed char */ - -#define UCHAR_MAX 0xff /* max value for an unsigned char */ -#ifdef __CHAR_UNSIGNED__ -# define CHAR_MIN 0 /* min value for a char */ -# define CHAR_MAX 0xff /* max value for a char */ -#else -# define CHAR_MAX 0x7f -# define CHAR_MIN (-0x7f-1) -#endif - -#define MB_LEN_MAX 1 /* Allow UTF-8 (RFC 3629) */ - -#define USHRT_MAX 0xffff /* max value for an unsigned short */ -#define SHRT_MAX 0x7fff /* max value for a short */ -#define SHRT_MIN (-0x7fff-1) /* min value for a short */ - -#define UINT_MAX 0xffffffffU /* max value for an unsigned int */ -#define INT_MAX 0x7fffffff /* max value for an int */ -#define INT_MIN (-0x7fffffff-1) /* min value for an int */ - -#ifdef __x86_64__ -# define ULONG_MAX 0xffffffffffffffffUL /* max value for unsigned long */ -# define LONG_MAX 0x7fffffffffffffffL /* max value for a signed long */ -# define LONG_MIN (-0x7fffffffffffffffL-1) /* min value for a signed long */ -#else -# define ULONG_MAX 0xffffffffUL /* max value for an unsigned long */ -# define LONG_MAX 0x7fffffffL /* max value for a long */ -# define LONG_MIN (-0x7fffffffL-1) /* min value for a long */ -#endif - -#define ULLONG_MAX 0xffffffffffffffffULL /* max value for unsigned long long */ -#define LLONG_MAX 0x7fffffffffffffffLL /* max value for a signed long long */ -#define LLONG_MIN (-0x7fffffffffffffffLL-1) /* min value for a signed long long */ - -#ifdef __x86_64__ -# define LONG_BIT 64 -#else -# define LONG_BIT 32 -#endif - -#endif /* !_SYS_LIMITS_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/sockaddr.h b/rust-sgx-sdk/common/inc/sys/sockaddr.h deleted file mode 100644 index ba6811cb..00000000 --- a/rust-sgx-sdk/common/inc/sys/sockaddr.h +++ /dev/null @@ -1,32 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SYS_SOCKADDR_H_ -#define _SYS_SOCKADDR_H_ - -typedef unsigned short int sa_family_t; - -#endif diff --git a/rust-sgx-sdk/common/inc/sys/socket.h b/rust-sgx-sdk/common/inc/sys/socket.h deleted file mode 100644 index 0b16699c..00000000 --- a/rust-sgx-sdk/common/inc/sys/socket.h +++ /dev/null @@ -1,54 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SYS_SOCKET_H_ -#define _SYS_SOCKET_H_ - -#include -#include -#include - -typedef __socklen_t socklen_t; - -struct sockaddr { - sa_family_t sa_family; - char sa_data[14]; -}; - -struct msghdr { - void *msg_name; - socklen_t msg_namelen; - - struct iovec *msg_iov; - size_t msg_iovlen; - - void *msg_control; - size_t msg_controllen; - - int msg_flags; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/sys/stat.h b/rust-sgx-sdk/common/inc/sys/stat.h deleted file mode 100644 index 1cf090a7..00000000 --- a/rust-sgx-sdk/common/inc/sys/stat.h +++ /dev/null @@ -1,127 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - - -#ifndef _SYS_STAT_H_ -#define _SYS_STAT_H_ - -#include -#include -#include - -typedef __dev_t dev_t; -typedef __ino_t ino_t; -typedef __ino64_t ino64_t; -typedef __mode_t mode_t; -typedef __nlink_t nlink_t; -typedef __uid_t uid_t; -typedef __gid_t gid_t; -typedef __blksize_t blksize_t; -typedef __blkcnt_t blkcnt_t; -typedef __blkcnt64_t blkcnt64_t; - -struct stat { - dev_t st_dev; - ino_t st_ino; - nlink_t st_nlink; - - mode_t st_mode; - uid_t st_uid; - gid_t st_gid; - unsigned int __pad0; - dev_t st_rdev; - off_t st_size; - blksize_t st_blksize; - blkcnt_t st_blocks; - - struct timespec st_atim; - struct timespec st_mtim; - struct timespec st_ctim; - long __unused[3]; -}; - -struct stat64 { - dev_t st_dev; - ino64_t st_ino; - nlink_t st_nlink; - - mode_t st_mode; - uid_t st_uid; - gid_t st_gid; - unsigned int __pad0; - dev_t st_rdev; - off_t st_size; - blksize_t st_blksize; - blkcnt64_t st_blocks; - - struct timespec st_atim; - struct timespec st_mtim; - struct timespec st_ctim; - long __unused[3]; -}; - -#define S_IFMT 0170000 - -#define S_IFDIR 0040000 -#define S_IFCHR 0020000 -#define S_IFBLK 0060000 -#define S_IFREG 0100000 -#define S_IFIFO 0010000 -#define S_IFLNK 0120000 -#define S_IFSOCK 0140000 - -#define S_TYPEISMQ(buf) 0 -#define S_TYPEISSEM(buf) 0 -#define S_TYPEISSHM(buf) 0 -#define S_TYPEISTMO(buf) 0 - -#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR) -#define S_ISCHR(mode) (((mode) & S_IFMT) == S_IFCHR) -#define S_ISBLK(mode) (((mode) & S_IFMT) == S_IFBLK) -#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG) -#define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO) -#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK) -#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK) - -#ifndef S_IRUSR -#define S_ISUID 04000 -#define S_ISGID 02000 -#define S_ISVTX 01000 -#define S_IRUSR 0400 -#define S_IWUSR 0200 -#define S_IXUSR 0100 -#define S_IRWXU 0700 -#define S_IRGRP 0040 -#define S_IWGRP 0020 -#define S_IXGRP 0010 -#define S_IRWXG 0070 -#define S_IROTH 0004 -#define S_IWOTH 0002 -#define S_IXOTH 0001 -#define S_IRWXO 0007 -#endif - -#endif /* _SYS_STAT_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/stdint.h b/rust-sgx-sdk/common/inc/sys/stdint.h deleted file mode 100644 index 51599456..00000000 --- a/rust-sgx-sdk/common/inc/sys/stdint.h +++ /dev/null @@ -1,260 +0,0 @@ -/* $OpenBSD: stdint.h,v 1.4 2006/12/10 22:17:55 deraadt Exp $ */ - -/* - * Copyright (c) 1997, 2005 Todd C. Miller - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _SYS_STDINT_H_ -#define _SYS_STDINT_H_ - -#include -#include - -/* 7.18.1.1 Exact-width integer types (also in sys/types.h) */ -#ifndef _INT8_T_DEFINED_ -#define _INT8_T_DEFINED_ -typedef __int8_t int8_t; -#endif - -#ifndef _UINT8_T_DEFINED_ -#define _UINT8_T_DEFINED_ -typedef __uint8_t uint8_t; -#endif - -#ifndef _INT16_T_DEFINED_ -#define _INT16_T_DEFINED_ -typedef __int16_t int16_t; -#endif - -#ifndef _UINT16_T_DEFINED_ -#define _UINT16_T_DEFINED_ -typedef __uint16_t uint16_t; -#endif - -#ifndef _INT32_T_DEFINED_ -#define _INT32_T_DEFINED_ -typedef __int32_t int32_t; -#endif - -#ifndef _UINT32_T_DEFINED_ -#define _UINT32_T_DEFINED_ -typedef __uint32_t uint32_t; -#endif - -#ifndef _INT64_T_DEFINED_ -#define _INT64_T_DEFINED_ -typedef __int64_t int64_t; -#endif - -#ifndef _UINT64_T_DEFINED_ -#define _UINT64_T_DEFINED_ -typedef __uint64_t uint64_t; -#endif - -/* 7.18.1.2 Minimum-width integer types */ -typedef __int_least8_t int_least8_t; -typedef __uint_least8_t uint_least8_t; -typedef __int_least16_t int_least16_t; -typedef __uint_least16_t uint_least16_t; -typedef __int_least32_t int_least32_t; -typedef __uint_least32_t uint_least32_t; -typedef __int_least64_t int_least64_t; -typedef __uint_least64_t uint_least64_t; - -/* 7.18.1.3 Fastest minimum-width integer types */ -typedef __int_fast8_t int_fast8_t; -typedef __uint_fast8_t uint_fast8_t; -typedef __int_fast16_t int_fast16_t; -typedef __uint_fast16_t uint_fast16_t; -typedef __int_fast32_t int_fast32_t; -typedef __uint_fast32_t uint_fast32_t; -typedef __int_fast64_t int_fast64_t; -typedef __uint_fast64_t uint_fast64_t; - -/* 7.18.1.4 Integer types capable of holding object pointers */ -#ifndef _INTPTR_T_DEFINED_ -#define _INTPTR_T_DEFINED_ -typedef __intptr_t intptr_t; -#endif - -#ifndef _UINTPTR_T_DEFINED_ -#define _UINTPTR_T_DEFINED_ -typedef __uintptr_t uintptr_t; -#endif - -/* 7.18.1.5 Greatest-width integer types */ -typedef __intmax_t intmax_t; -typedef __uintmax_t uintmax_t; - -//#if !defined(__cplusplus) || defined(__STDC_LIMIT_MACROS) -/* - * 7.18.2 Limits of specified-width integer types. - * - * The following object-like macros specify the minimum and maximum limits - * of integer types corresponding to the typedef names defined above. - */ - -/* 7.18.2.1 Limits of exact-width integer types */ -#define INT8_MIN (-0x7f - 1) -#define INT16_MIN (-0x7fff - 1) -#define INT32_MIN (-0x7fffffff - 1) -#ifdef __x86_64__ -#define INT64_MIN (-0x7fffffffffffffffL - 1) -#else -#define INT64_MIN (-0x7fffffffffffffffLL - 1) -#endif - -#define INT8_MAX 0x7f -#define INT16_MAX 0x7fff -#define INT32_MAX 0x7fffffff -#ifdef __x86_64__ -#define INT64_MAX 0x7fffffffffffffffL -#else -#define INT64_MAX 0x7fffffffffffffffLL -#endif - -#define UINT8_MAX 0xff -#define UINT16_MAX 0xffff -#define UINT32_MAX 0xffffffffU -#ifdef __x86_64__ -#define UINT64_MAX 0xffffffffffffffffUL -#else -#define UINT64_MAX 0xffffffffffffffffULL -#endif - -/* 7.18.2.2 Limits of minimum-width integer types */ -#define INT_LEAST8_MIN INT8_MIN -#define INT_LEAST16_MIN INT16_MIN -#define INT_LEAST32_MIN INT32_MIN -#define INT_LEAST64_MIN INT64_MIN - -#define INT_LEAST8_MAX INT8_MAX -#define INT_LEAST16_MAX INT16_MAX -#define INT_LEAST32_MAX INT32_MAX -#define INT_LEAST64_MAX INT64_MAX - -#define UINT_LEAST8_MAX UINT8_MAX -#define UINT_LEAST16_MAX UINT16_MAX -#define UINT_LEAST32_MAX UINT32_MAX -#define UINT_LEAST64_MAX UINT64_MAX - -/* 7.18.2.3 Limits of fastest minimum-width integer types */ -#define INT_FAST8_MIN INT8_MIN -#define INT_FAST16_MIN INT16_MIN -#define INT_FAST32_MIN INT32_MIN -#define INT_FAST64_MIN INT64_MIN - -#define INT_FAST8_MAX INT8_MAX -#ifdef __x86_64__ -#define INT_FAST16_MAX INT64_MAX -#define INT_FAST32_MAX INT64_MAX -#else -#define INT_FAST16_MAX INT32_MAX -#define INT_FAST32_MAX INT32_MAX -#endif -#define INT_FAST64_MAX INT64_MAX - -#define UINT_FAST8_MAX UINT8_MAX -#ifdef __x86_64__ -#define UINT_FAST16_MAX UINT64_MAX -#define UINT_FAST32_MAX UINT64_MAX -#else -#define UINT_FAST16_MAX UINT32_MAX -#define UINT_FAST32_MAX UINT32_MAX -#endif -#define UINT_FAST64_MAX UINT64_MAX - -/* 7.18.2.4 Limits of integer types capable of holding object pointers */ -#ifdef __x86_64__ -#define INTPTR_MIN INT64_MIN -#define INTPTR_MAX INT64_MAX -#define UINTPTR_MAX UINT64_MAX -#else -#define INTPTR_MIN INT32_MIN -#define INTPTR_MAX INT32_MAX -#define UINTPTR_MAX UINT32_MAX -#endif - -/* 7.18.2.5 Limits of greatest-width integer types */ -#define INTMAX_MIN INT64_MIN -#define INTMAX_MAX INT64_MAX -#define UINTMAX_MAX UINT64_MAX - -/* - * 7.18.3 Limits of other integer types. - * - * The following object-like macros specify the minimum and maximum limits - * of integer types corresponding to types specified in other standard - * header files. - */ - -/* Limits of ptrdiff_t */ -#define PTRDIFF_MIN INTPTR_MIN -#define PTRDIFF_MAX INTPTR_MAX - -/* Limits of size_t (also in limits.h) */ -#ifndef SIZE_MAX -#define SIZE_MAX UINTPTR_MAX -#endif - -/* Limits of wchar_t */ -# ifdef __WCHAR_MAX__ -# define WCHAR_MAX __WCHAR_MAX__ -# else -# define WCHAR_MAX (2147483647) -# endif -# ifdef __WCHAR_MIN__ -# define WCHAR_MIN __WCHAR_MIN__ -# elif L'\0' - 1 > 0 -# define WCHAR_MIN L'\0' -# else -# define WCHAR_MIN (-WCHAR_MAX - 1) -# endif - -/* Limits of wint_t */ -# define WINT_MIN (0u) -# define WINT_MAX (4294967295u) - -//#endif /* __cplusplus || __STDC_LIMIT_MACROS */ - -//#if !defined(__cplusplus) || defined(__STDC_CONSTANT_MACROS) -/* - * 7.18.4 Macros for integer constants. - * - * The following function-like macros expand to integer constants - * suitable for initializing objects that have integer types corresponding - * to types defined in . The argument in any instance of - * these macros shall be a decimal, octal, or hexadecimal constant with - * a value that does not exceed the limits for the corresponding type. - */ - -/* 7.18.4.1 Macros for minimum-width integer constants. */ -#define INT8_C(_c) (_c) -#define INT16_C(_c) (_c) -#define INT32_C(_c) (_c) -#define INT64_C(_c) __CONCAT(_c, LL) - -#define UINT8_C(_c) (_c) -#define UINT16_C(_c) (_c) -#define UINT32_C(_c) __CONCAT(_c, U) -#define UINT64_C(_c) __CONCAT(_c, ULL) - -/* 7.18.4.2 Macros for greatest-width integer constants. */ -#define INTMAX_C(_c) __CONCAT(_c, LL) -#define UINTMAX_C(_c) __CONCAT(_c, ULL) - -//#endif /* __cplusplus || __STDC_CONSTANT_MACROS */ - -#endif /* _SYS_STDINT_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/struct_timespec.h b/rust-sgx-sdk/common/inc/sys/struct_timespec.h deleted file mode 100644 index bca02c88..00000000 --- a/rust-sgx-sdk/common/inc/sys/struct_timespec.h +++ /dev/null @@ -1,37 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SYS_TIMESPEC_H_ -#define _SYS_TIMESPEC_H_ - -#include - -struct timespec { - __time_t tv_sec; - long tv_nsec; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/sys/types.h b/rust-sgx-sdk/common/inc/sys/types.h deleted file mode 100644 index b64f89df..00000000 --- a/rust-sgx-sdk/common/inc/sys/types.h +++ /dev/null @@ -1,129 +0,0 @@ -/* $OpenBSD: types.h,v 1.31 2008/03/16 19:42:57 otto Exp $ */ -/* $NetBSD: types.h,v 1.29 1996/11/15 22:48:25 jtc Exp $ */ - -/*- - * Copyright (c) 1982, 1986, 1991, 1993 - * The Regents of the University of California. All rights reserved. - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)types.h 8.4 (Berkeley) 1/21/94 - */ - -#ifndef _SYS_TYPES_H_ -#define _SYS_TYPES_H_ - -#include -#include - -typedef unsigned char u_char; -typedef unsigned short u_short; -typedef unsigned int u_int; -typedef unsigned long u_long; - -typedef unsigned char unchar; /* Sys V compatibility */ -typedef unsigned short ushort; /* Sys V compatibility */ -typedef unsigned int uint; /* Sys V compatibility */ -typedef unsigned long ulong; /* Sys V compatibility */ - -#ifndef _INT8_T_DEFINED_ -#define _INT8_T_DEFINED_ -typedef __int8_t int8_t; -#endif - -#ifndef _UINT8_T_DEFINED_ -#define _UINT8_T_DEFINED_ -typedef __uint8_t uint8_t; -#endif - -#ifndef _INT16_T_DEFINED_ -#define _INT16_T_DEFINED_ -typedef __int16_t int16_t; -#endif - -#ifndef _UINT16_T_DEFINED_ -#define _UINT16_T_DEFINED_ -typedef __uint16_t uint16_t; -#endif - -#ifndef _INT32_T_DEFINED_ -#define _INT32_T_DEFINED_ -typedef __int32_t int32_t; -#endif - -#ifndef _UINT32_T_DEFINED_ -#define _UINT32_T_DEFINED_ -typedef __uint32_t uint32_t; -#endif - -#ifndef _INT64_T_DEFINED_ -#define _INT64_T_DEFINED_ -typedef __int64_t int64_t; -#endif - -#ifndef _UINT64_T_DEFINED_ -#define _UINT64_T_DEFINED_ -typedef __uint64_t uint64_t; -#endif - -#ifndef _INTPTR_T_DEFINED_ -#define _INTPTR_T_DEFINED_ -typedef __intptr_t intptr_t; -#endif - -#ifndef _UINTPTR_T_DEFINED_ -#define _UINTPTR_T_DEFINED_ -typedef __uintptr_t uintptr_t; -#endif - -/* BSD-style unsigned bits types */ -typedef __uint8_t u_int8_t; -typedef __uint16_t u_int16_t; -typedef __uint32_t u_int32_t; -typedef __uint64_t u_int64_t; - - -#ifndef _SIZE_T_DEFINED_ -#define _SIZE_T_DEFINED_ -typedef __size_t size_t; -#endif - -#ifndef _SSIZE_T_DEFINED_ -#define _SSIZE_T_DEFINED_ -typedef __ssize_t ssize_t; -#endif - -#ifndef _OFF_T_DEFINED_ -#define _OFF_T_DEFINED_ -typedef __off_t off_t; -typedef __off64_t off64_t; -#endif - -#endif /* !_SYS_TYPES_H_ */ diff --git a/rust-sgx-sdk/common/inc/sys/uio.h b/rust-sgx-sdk/common/inc/sys/uio.h deleted file mode 100644 index 2544f06a..00000000 --- a/rust-sgx-sdk/common/inc/sys/uio.h +++ /dev/null @@ -1,35 +0,0 @@ -// -// Copyright © 2005-2020 Rich Felker, et al. -// Licensed under the MIT license. -// - -/* Copyright © 2005-2020 Rich Felker, et al. - -Permission is hereby granted, free of charge, to any person obtaining -a copy of this software and associated documentation files (the -"Software"), to deal in the Software without restriction, including -without limitation the rights to use, copy, modify, merge, publish, -distribute, sublicense, and/or sell copies of the Software, and to -permit persons to whom the Software is furnished to do so, subject to -the following conditions: - -The above copyright notice and this permission notice shall be -included in all copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, -EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF -MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. -IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY -CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, -TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE -SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ - -#ifndef _SYS_UIO_H_ -#define _SYS_UIO_H_ - -struct iovec { - void *iov_base; - size_t iov_len; -}; - -#endif diff --git a/rust-sgx-sdk/common/inc/time.h b/rust-sgx-sdk/common/inc/time.h deleted file mode 100644 index 01cfd6e4..00000000 --- a/rust-sgx-sdk/common/inc/time.h +++ /dev/null @@ -1,105 +0,0 @@ -/* $OpenBSD: time.h,v 1.18 2006/01/06 18:53:04 millert Exp $ */ -/* $NetBSD: time.h,v 1.9 1994/10/26 00:56:35 cgd Exp $ */ - -/* - * Copyright (c) 1989 The Regents of the University of California. - * All rights reserved. - * - * (c) UNIX System Laboratories, Inc. - * All or some portions of this file are derived from material licensed - * to the University of California by American Telephone and Telegraph - * Co. or Unix System Laboratories, Inc. and are reproduced herein with - * the permission of UNIX System Laboratories, Inc. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)time.h 5.12 (Berkeley) 3/9/91 - */ - -#ifndef _TIME_H_ -#define _TIME_H_ - -#include -#include -#include - -#ifndef NULL -#ifdef __cplusplus -#define NULL 0 -#else -#define NULL ((void *)0) -#endif -#endif - -#if !defined (_CLOCK_T_DEFINED_) && !defined (_CLOCK_T_DEFINED) -#define _CLOCK_T_DEFINED_ -#define _CLOCK_T_DEFINED -typedef __clock_t clock_t; -#endif - -#if !defined (_TIME_T_DEFINED_) && !defined (_TIME_T_DEFINED) -#define _TIME_T_DEFINED_ -#define _TIME_T_DEFINED -typedef __time_t time_t; -#endif - -#if !defined (_SIZE_T_DEFINED_) && !defined (_SIZE_T_DEFINED) -#define _SIZE_T_DEFINED_ -#define _SIZE_T_DEFINED -typedef __size_t size_t; -#endif - -#if !defined (_TM_DEFINED) -#define _TM_DEFINED -struct tm { - int tm_sec; /* seconds after the minute [0-60] */ - int tm_min; /* minutes after the hour [0-59] */ - int tm_hour; /* hours since midnight [0-23] */ - int tm_mday; /* day of the month [1-31] */ - int tm_mon; /* months since January [0-11] */ - int tm_year; /* years since 1900 */ - int tm_wday; /* days since Sunday [0-6] */ - int tm_yday; /* days since January 1 [0-365] */ - int tm_isdst; /* Daylight Saving Time flag */ - /* FIXME: naming issue exists on Fedora/Ubuntu */ - long tm_gmtoff; /* offset from UTC in seconds */ - char *tm_zone; /* timezone abbreviation */ -}; -#endif - -__BEGIN_DECLS - -double _TLIBC_CDECL_ difftime(time_t, time_t); -char * _TLIBC_CDECL_ asctime(const struct tm *); -size_t _TLIBC_CDECL_ strftime(char *, size_t, const char *, const struct tm *); - -/* - * Non-C99 - */ -char * _TLIBC_CDECL_ asctime_r(const struct tm *, char *); - -__END_DECLS - -#endif /* !_TIME_H_ */ diff --git a/rust-sgx-sdk/common/inc/unistd.h b/rust-sgx-sdk/common/inc/unistd.h deleted file mode 100644 index 2ab3a9a0..00000000 --- a/rust-sgx-sdk/common/inc/unistd.h +++ /dev/null @@ -1,59 +0,0 @@ -/* $OpenBSD: unistd.h,v 1.62 2008/06/25 14:58:54 millert Exp $ */ -/* $NetBSD: unistd.h,v 1.26.4.1 1996/05/28 02:31:51 mrg Exp $ */ - -/*- - * Copyright (c) 1991 The Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * @(#)unistd.h 5.13 (Berkeley) 6/17/91 - */ - -#ifndef _UNISTD_H_ -#define _UNISTD_H_ - -#include -#include - -__BEGIN_DECLS - -void * _TLIBC_CDECL_ sbrk(intptr_t); - -/* - * Deprecated Non-C99. - */ -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execl, const char *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execlp, const char *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execle, const char *, const char *, ...); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execv, const char *, char * const *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execve, const char *, char * const *, char * const *); -_TLIBC_DEPRECATED_FUNCTION_(int _TLIBC_CDECL_, execvp, const char *, char * const *); - -//_TLIBC_DEPRECATED_FUNCTION_(pid_t _TLIBC_CDECL_, fork, void); /* no pid_t */ - -__END_DECLS - -#endif /* !_UNISTD_H_ */ diff --git a/rust-sgx-sdk/common/inc/wchar.h b/rust-sgx-sdk/common/inc/wchar.h deleted file mode 100644 index 2db86f28..00000000 --- a/rust-sgx-sdk/common/inc/wchar.h +++ /dev/null @@ -1,143 +0,0 @@ -/* $OpenBSD: wchar.h,v 1.11 2010/07/24 09:58:39 guenther Exp $ */ -/* $NetBSD: wchar.h,v 1.16 2003/03/07 07:11:35 tshiozak Exp $ */ - -/*- - * Copyright (c)1999 Citrus Project, - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/*- - * Copyright (c) 1999, 2000 The NetBSD Foundation, Inc. - * All rights reserved. - * - * This code is derived from software contributed to The NetBSD Foundation - * by Julian Coleman. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS - * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED - * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS - * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -#ifndef _WCHAR_H_ -#define _WCHAR_H_ - -#include -#include -#include /* WCHAR_MAX/WCHAR_MIN */ - -#ifndef NULL -#ifdef __cplusplus -#define NULL 0 -#else -#define NULL ((void *)0) -#endif -#endif - -#if !defined(_WCHAR_T_DEFINED_) && !defined(__cplusplus) -#define _WCHAR_T_DEFINED_ -#ifndef __WCHAR_TYPE__ -#define __WCHAR_TYPE__ int -#endif -typedef __WCHAR_TYPE__ wchar_t; -#endif - -#ifndef _MBSTATE_T_DEFINED_ -#define _MBSTATE_T_DEFINED_ -typedef __mbstate_t mbstate_t; -#endif - -#ifndef _WINT_T_DEFINED_ -#define _WINT_T_DEFINED_ -typedef __wint_t wint_t; -#endif - -#ifndef _SIZE_T_DEFINED_ -#define _SIZE_T_DEFINED_ -typedef __size_t size_t; -#endif - -#ifndef WEOF -#define WEOF ((wint_t)-1) -#endif - -__BEGIN_DECLS - -wint_t _TLIBC_CDECL_ btowc(int); -int _TLIBC_CDECL_ wctob(wint_t); -size_t _TLIBC_CDECL_ mbrlen(const char *, size_t, mbstate_t *); -size_t _TLIBC_CDECL_ mbrtowc(wchar_t *, const char *, size_t, mbstate_t *); -int _TLIBC_CDECL_ mbsinit(const mbstate_t *); -size_t _TLIBC_CDECL_ mbsrtowcs(wchar_t *, const char **, size_t, mbstate_t *); -size_t _TLIBC_CDECL_ wcrtomb(char *, wchar_t, mbstate_t *); -wchar_t * _TLIBC_CDECL_ wcschr(const wchar_t *, wchar_t); -int _TLIBC_CDECL_ wcscmp(const wchar_t *, const wchar_t *); -int _TLIBC_CDECL_ wcscoll(const wchar_t *, const wchar_t *); -size_t _TLIBC_CDECL_ wcscspn(const wchar_t *, const wchar_t *); -size_t _TLIBC_CDECL_ wcslen(const wchar_t *); -wchar_t * _TLIBC_CDECL_ wcsncat(wchar_t *, const wchar_t *, size_t); -int _TLIBC_CDECL_ wcsncmp(const wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wcsncpy(wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wcspbrk(const wchar_t *, const wchar_t *); -wchar_t * _TLIBC_CDECL_ wcsrchr(const wchar_t *, wchar_t); -size_t _TLIBC_CDECL_ wcsrtombs(char *, const wchar_t **, size_t, mbstate_t *); -size_t _TLIBC_CDECL_ wcsspn(const wchar_t *, const wchar_t *); -wchar_t * _TLIBC_CDECL_ wcsstr(const wchar_t *, const wchar_t *); -wchar_t * _TLIBC_CDECL_ wcstok(wchar_t *, const wchar_t *, wchar_t **); -size_t _TLIBC_CDECL_ wcsxfrm(wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wmemchr(const wchar_t *, wchar_t, size_t); -int _TLIBC_CDECL_ wmemcmp(const wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wmemcpy(wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wmemmove(wchar_t *, const wchar_t *, size_t); -wchar_t * _TLIBC_CDECL_ wmemset(wchar_t *, wchar_t, size_t); - -int _TLIBC_CDECL_ swprintf(wchar_t *, size_t, const wchar_t *, ...); -int _TLIBC_CDECL_ vswprintf(wchar_t *, size_t, const wchar_t *, __va_list); - -long double _TLIBC_CDECL_ wcstold (const wchar_t *, wchar_t **); -long long _TLIBC_CDECL_ wcstoll (const wchar_t *, wchar_t **, int); -unsigned long long _TLIBC_CDECL_ wcstoull (const wchar_t *, wchar_t **, int); - -/* leagcy version of wcsstr */ -wchar_t * _TLIBC_CDECL_ wcswcs(const wchar_t *, const wchar_t *); - -__END_DECLS - -#endif /* !_WCHAR_H_ */ diff --git a/rust-sgx-sdk/common/inc/wctype.h b/rust-sgx-sdk/common/inc/wctype.h deleted file mode 100644 index 0ab9497d..00000000 --- a/rust-sgx-sdk/common/inc/wctype.h +++ /dev/null @@ -1,80 +0,0 @@ -/* $OpenBSD: wctype.h,v 1.5 2006/01/06 18:53:04 millert Exp $ */ -/* $NetBSD: wctype.h,v 1.5 2003/03/02 22:18:11 tshiozak Exp $ */ - -/*- - * Copyright (c)1999 Citrus Project, - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * citrus Id: wctype.h,v 1.4 2000/12/21 01:50:21 itojun Exp - */ - -#ifndef _WCTYPE_H_ -#define _WCTYPE_H_ - -#include -#include - -#ifndef _WINT_T_DEFINED_ -#define _WINT_T_DEFINED_ -typedef __wint_t wint_t; -#endif - -#ifndef _WCTRANS_T_DEFINED_ -#define _WCTRANS_T_DEFINED_ -typedef __wctrans_t wctrans_t; -#endif - -#ifndef _WCTYPE_T_DEFINED_ -#define _WCTYPE_T_DEFINED_ -typedef __wctype_t wctype_t; -#endif - -#ifndef WEOF -#define WEOF ((wint_t)-1) -#endif - -__BEGIN_DECLS - -int _TLIBC_CDECL_ iswalnum(wint_t); -int _TLIBC_CDECL_ iswalpha(wint_t); -int _TLIBC_CDECL_ iswblank(wint_t); -int _TLIBC_CDECL_ iswcntrl(wint_t); -int _TLIBC_CDECL_ iswdigit(wint_t); -int _TLIBC_CDECL_ iswgraph(wint_t); -int _TLIBC_CDECL_ iswlower(wint_t); -int _TLIBC_CDECL_ iswprint(wint_t); -int _TLIBC_CDECL_ iswpunct(wint_t); -int _TLIBC_CDECL_ iswspace(wint_t); -int _TLIBC_CDECL_ iswupper(wint_t); -int _TLIBC_CDECL_ iswxdigit(wint_t); -int _TLIBC_CDECL_ iswctype(wint_t, wctype_t); -wint_t _TLIBC_CDECL_ towctrans(wint_t, wctrans_t); -wint_t _TLIBC_CDECL_ towlower(wint_t); -wint_t _TLIBC_CDECL_ towupper(wint_t); -wctrans_t _TLIBC_CDECL_ wctrans(const char *); -wctype_t _TLIBC_CDECL_ wctype(const char *); - -__END_DECLS - -#endif /* _WCTYPE_H_ */ diff --git a/rust-sgx-sdk/dockerfile/02_binutils.sh b/rust-sgx-sdk/dockerfile/02_binutils.sh deleted file mode 100644 index bf52603c..00000000 --- a/rust-sgx-sdk/dockerfile/02_binutils.sh +++ /dev/null @@ -1,19 +0,0 @@ -if [ $BINUTILS_DIST != "SELF_BUILT" ] -then - cd /root && \ - wget https://download.01.org/intel-sgx/sgx-linux/2.17/as.ld.objdump.r4.tar.gz && \ - tar xzf as.ld.objdump.r4.tar.gz && \ - cp -r external/toolset/$BINUTILS_DIST/* /usr/bin/ && \ - rm -rf ./external ./as.ld.objdump.r4.tar.gz -else - curl -o binutils.tar.xz https://ftp.gnu.org/gnu/binutils/binutils-2.36.1.tar.xz && \ - tar xf binutils.tar.xz && \ - cd binutils-2.36.1 && \ - mkdir build && \ - cd build && \ - ../configure --prefix=/usr/local --enable-gold --enable-ld=default --enable-plugins --enable-shared --disable-werror --enable-64-bit-bfd --with-system-zlib && \ - make -j "$(nproc)" && \ - make install && \ - cd /root && \ - rm -rf binutils-gdb -fi diff --git a/rust-sgx-sdk/dockerfile/03_sdk.sh b/rust-sgx-sdk/dockerfile/03_sdk.sh deleted file mode 100644 index eb5d0152..00000000 --- a/rust-sgx-sdk/dockerfile/03_sdk.sh +++ /dev/null @@ -1,20 +0,0 @@ -if [ $SDK_DIST != "SELF_BUILT" ]; then - cd /root && \ - curl -o sdk.sh $SDK_URL && \ - chmod a+x /root/sdk.sh && \ - echo -e 'no\n/opt' | ./sdk.sh && \ - echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \ - cd /root && \ - rm ./sdk.sh -else - cd /root && \ - git clone --recursive https://github.com/intel/linux-sgx && \ - cd linux-sgx && \ - git checkout sgx_2.17.1 && \ - ./download_prebuilt.sh && \ - make -j "$(nproc)" sdk_install_pkg && \ - echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.17.101.1.bin && \ - echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \ - cd /root && \ - rm -rf /root/linux-sgx -fi diff --git a/rust-sgx-sdk/dockerfile/04_psw.sh b/rust-sgx-sdk/dockerfile/04_psw.sh deleted file mode 100644 index 2b89a326..00000000 --- a/rust-sgx-sdk/dockerfile/04_psw.sh +++ /dev/null @@ -1,32 +0,0 @@ -curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \ - add-apt-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu $CODENAME main" && \ - apt-get update && \ - apt-get install -y \ - libsgx-headers=$VERSION \ - libsgx-ae-epid=$VERSION \ - libsgx-ae-le=$VERSION \ - libsgx-ae-pce=$VERSION \ - libsgx-aesm-ecdsa-plugin=$VERSION \ - libsgx-aesm-epid-plugin=$VERSION \ - libsgx-aesm-launch-plugin=$VERSION \ - libsgx-aesm-pce-plugin=$VERSION \ - libsgx-aesm-quote-ex-plugin=$VERSION \ - libsgx-enclave-common=$VERSION \ - libsgx-enclave-common-dev=$VERSION \ - libsgx-epid=$VERSION \ - libsgx-epid-dev=$VERSION \ - libsgx-launch=$VERSION \ - libsgx-launch-dev=$VERSION \ - libsgx-quote-ex=$VERSION \ - libsgx-quote-ex-dev=$VERSION \ - libsgx-uae-service=$VERSION \ - libsgx-urts=$VERSION \ - sgx-aesm-service=$VERSION \ - libsgx-ae-qe3=$DCAP_VERSION \ - libsgx-pce-logic=$DCAP_VERSION \ - libsgx-qe3-logic=$DCAP_VERSION \ - libsgx-ra-network=$DCAP_VERSION \ - libsgx-ra-uefi=$DCAP_VERSION && \ - mkdir /var/run/aesmd && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /var/cache/apt/archives/* diff --git a/rust-sgx-sdk/dockerfile/04_psw_rpm.sh b/rust-sgx-sdk/dockerfile/04_psw_rpm.sh deleted file mode 100644 index 384dc329..00000000 --- a/rust-sgx-sdk/dockerfile/04_psw_rpm.sh +++ /dev/null @@ -1,9 +0,0 @@ -cd /root && \ -curl --output /root/repo.tgz $PSW_REPO && \ -cd /root && \ -tar xzf repo.tgz && \ -cd sgx_rpm_local_repo && \ -rpm -ivh ./*.rpm && \ -cd /root && \ -mkdir /var/run/aesmd && \ -rm -rf sgx_rpm_local_repo repo.tgz diff --git a/rust-sgx-sdk/dockerfile/05_rust.sh b/rust-sgx-sdk/dockerfile/05_rust.sh deleted file mode 100644 index 2467b9d2..00000000 --- a/rust-sgx-sdk/dockerfile/05_rust.sh +++ /dev/null @@ -1,8 +0,0 @@ -cd /root && \ -curl 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' --output /root/rustup-init && \ -chmod +x /root/rustup-init && \ -echo '1' | /root/rustup-init --default-toolchain ${rust_toolchain} && \ -echo 'source /root/.cargo/env' >> /root/.bashrc && \ -/root/.cargo/bin/rustup component add rust-src rls rust-analysis clippy rustfmt && \ -/root/.cargo/bin/cargo install xargo && \ -rm /root/rustup-init && rm -rf /root/.cargo/registry && rm -rf /root/.cargo/git diff --git a/rust-sgx-sdk/dockerfile/Dockerfile.1804.nightly b/rust-sgx-sdk/dockerfile/Dockerfile.1804.nightly deleted file mode 100644 index cda69142..00000000 --- a/rust-sgx-sdk/dockerfile/Dockerfile.1804.nightly +++ /dev/null @@ -1,42 +0,0 @@ -FROM ubuntu:18.04 - -ENV DEBIAN_FRONTEND=noninteractive - -RUN apt update && apt install -y autoconf automake bison build-essential cmake curl dpkg-dev expect flex gcc-8 gdb git git-core gnupg kmod libboost-system-dev libboost-thread-dev libcurl4-openssl-dev libiptcdata0-dev libjsoncpp-dev liblog4cpp5-dev libprotobuf-c0-dev libprotobuf-dev libssl-dev libtool libxml2-dev ocaml ocamlbuild pkg-config protobuf-compiler python texinfo uuid-dev vim wget dkms gnupg2 apt-transport-https software-properties-common && \ - rm -rf /var/lib/apt/lists/* && \ - rm -rf /var/cache/apt/archives/* - -ENV BINUTILS_DIST="ubuntu18.04" -#ENV BINUTILS_DIST="SELF_BUILT" -ENV LD_LIBRARY_PATH=/usr/lib:/usr/local/lib -ENV LD_RUN_PATH=/usr/lib:/usr/local/lib - -ADD 02_binutils.sh /root -RUN bash /root/02_binutils.sh - -ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.17.101.1.bin" -#ENV SDK_DIST="SELF_BUILT" -ADD 03_sdk.sh /root -RUN bash /root/03_sdk.sh - -# Sixth, PSW - -ENV CODENAME bionic -ENV VERSION 2.17.100.3-bionic1 -ENV DCAP_VERSION 1.14.100.3-bionic1 - -ADD 04_psw.sh /root -RUN bash /root/04_psw.sh - -# Seventh, Rust - -ENV rust_toolchain nightly-2022-02-23 -ADD 05_rust.sh /root -RUN bash /root/05_rust.sh - -ENV DEBIAN_FRONTEND= -ENV CODENAME= -ENV VERSION= - -WORKDIR /root diff --git a/rust-sgx-sdk/dockerfile/Dockerfile.2004.nightly b/rust-sgx-sdk/dockerfile/Dockerfile.2004.nightly deleted file mode 100644 index ab393aa6..00000000 --- a/rust-sgx-sdk/dockerfile/Dockerfile.2004.nightly +++ /dev/null @@ -1,45 +0,0 @@ -FROM ubuntu:20.04 - -ENV DEBIAN_FRONTEND=noninteractive - -RUN apt update && apt install -y unzip lsb-release debhelper cmake reprepro autoconf automake bison build-essential curl dpkg-dev expect flex gcc-8 gdb git git-core gnupg kmod libboost-system-dev libboost-thread-dev libcurl4-openssl-dev libiptcdata0-dev libjsoncpp-dev liblog4cpp5-dev libprotobuf-dev libssl-dev libtool libxml2-dev ocaml ocamlbuild pkg-config protobuf-compiler python texinfo uuid-dev vim wget software-properties-common && \ - rm -rf /var/lib/apt/lists/* - -#20.04 does have gcc-9 -#ADD 01_gcc_8.sh /root -#RUN bash /root/01_gcc_8.sh - -ENV BINUTILS_DIST="ubuntu20.04" -#ENV BINUTILS_DIST="SELF_BUILT" -ENV LD_LIBRARY_PATH=/usr/lib:/usr/local/lib -ENV LD_RUN_PATH=/usr/lib:/usr/local/lib - -ADD 02_binutils.sh /root -RUN bash /root/02_binutils.sh - -#ENV SDK_DIST="SELF_BUILT" -ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.17.101.1.bin" -ADD 03_sdk.sh /root -RUN bash /root/03_sdk.sh - -# Sixth, PSW - -ENV CODENAME focal -ENV VERSION 2.17.100.3-focal1 -ENV DCAP_VERSION 1.14.100.3-focal1 - -ADD 04_psw.sh /root -RUN bash /root/04_psw.sh - -# Seventh, Rust - -ENV rust_toolchain nightly-2022-02-23 -ADD 05_rust.sh /root -RUN bash /root/05_rust.sh - -ENV DEBIAN_FRONTEND= -ENV CODENAME= -ENV VERSION= - -WORKDIR /root diff --git a/rust-sgx-sdk/dockerfile/Dockerfile.centos8.nightly b/rust-sgx-sdk/dockerfile/Dockerfile.centos8.nightly deleted file mode 100644 index aeada924..00000000 --- a/rust-sgx-sdk/dockerfile/Dockerfile.centos8.nightly +++ /dev/null @@ -1,34 +0,0 @@ -FROM centos:8 - -RUN dnf group install -y 'Development Tools' && \ - dnf --enablerepo=powertools install -y ocaml ocaml-ocamlbuild redhat-rpm-config openssl-devel wget rpm-build git cmake perl python2 libcurl-devel protobuf-devel && \ - alternatives --set python /usr/bin/python2 - -#ADD 01_gcc_8.sh /root -#RUN bash /root/01_gcc_8.sh - -ENV BINUTILS_DIST="centos8" - -ADD 02_binutils.sh /root -RUN bash /root/02_binutils.sh - -ENV SDK_DIST="INTEL_BUILT" -ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/centos-stream/sgx_linux_x64_sdk_2.17.101.1.bin" -#ENV SDK_DIST="SELF_BUILT" -ADD 03_sdk.sh /root -RUN bash /root/03_sdk.sh - -ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.17/distro/centos-stream/sgx_rpm_local_repo.tgz" -ADD 04_psw_rpm.sh /root -RUN bash /root/04_psw_rpm.sh - -ENV rust_toolchain nightly-2022-02-23 -ADD 05_rust.sh /root -RUN bash /root/05_rust.sh - -ENV rust_toolchain= -ENV CODENAME= -ENV VERSION= -ENV PSW_REPO= - -WORKDIR /root diff --git a/rust-sgx-sdk/dockerfile/build.sh b/rust-sgx-sdk/dockerfile/build.sh deleted file mode 100755 index c42e1ee9..00000000 --- a/rust-sgx-sdk/dockerfile/build.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env bash - -set -e - -DOCKERFILE_1804_NIGHTLY=Dockerfile.1804.nightly -DOCKERFILE_2004_NIGHTLY=Dockerfile.2004.nightly -DOCKERFILE_centos8_NIGHTLY=Dockerfile.centos8.nightly - -IMAGE_1804_NIGHTLY=baiduxlab/sgx-rust:1804-1.1.5 -IMAGE_2004_NIGHTLY=baiduxlab/sgx-rust:2004-1.1.5 -IMAGE_centos8_NIGHTLY=baiduxlab/sgx-rust:centos8-1.1.5 - -build_one() { - docker build --no-cache -t $1 -f $2 . -} - -build_one ${IMAGE_1804_NIGHTLY} ${DOCKERFILE_1804_NIGHTLY} -build_one ${IMAGE_2004_NIGHTLY} ${DOCKERFILE_2004_NIGHTLY} -build_one ${IMAGE_centos8_NIGHTLY} ${DOCKERFILE_centos8_NIGHTLY} diff --git a/rust-sgx-sdk/dockerfile/push.sh b/rust-sgx-sdk/dockerfile/push.sh deleted file mode 100755 index 583d0b09..00000000 --- a/rust-sgx-sdk/dockerfile/push.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env bash - -set -e - -DOCKERFILE_1804_NIGHTLY=Dockerfile.1804.nightly -DOCKERFILE_2004_NIGHTLY=Dockerfile.2004.nightly -DOCKERFILE_centos8_NIGHTLY=Dockerfile.centos8.nightly - -IMAGE_1804_NIGHTLY=baiduxlab/sgx-rust:1804-1.1.5 -IMAGE_2004_NIGHTLY=baiduxlab/sgx-rust:2004-1.1.5 -IMAGE_centos8_NIGHTLY=baiduxlab/sgx-rust:centos8-1.1.5 - -push_one() { - docker push $1 -} - -push_one ${IMAGE_1804_NIGHTLY} -push_one ${IMAGE_2004_NIGHTLY} -push_one ${IMAGE_centos8_NIGHTLY} - -docker tag ${IMAGE_1804_NIGHTLY} baiduxlab/sgx-rust:latest -push_one baiduxlab/sgx-rust:latest diff --git a/rust-sgx-sdk/edl/inc/dirent.h b/rust-sgx-sdk/edl/inc/dirent.h deleted file mode 100644 index be63f833..00000000 --- a/rust-sgx-sdk/edl/inc/dirent.h +++ /dev/null @@ -1,39 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License.. - -#ifndef _EDL_DIRENT_H -#define _EDL_DIRENT_H - -struct dirent_t -{ - uint64_t d_ino; - int64_t d_off; - unsigned short int d_reclen; - unsigned char d_type; - char d_name[256]; -}; - -struct dirent64_t -{ - uint64_t d_ino; - int64_t d_off; - unsigned short int d_reclen; - unsigned char d_type; - char d_name[256]; -}; - -#endif diff --git a/rust-sgx-sdk/edl/inc/stat.h b/rust-sgx-sdk/edl/inc/stat.h deleted file mode 100644 index 7f04c3ce..00000000 --- a/rust-sgx-sdk/edl/inc/stat.h +++ /dev/null @@ -1,65 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License.. - -#ifndef _EDL_STAT_H -#define _EDL_STAT_H - -struct stat_t -{ - uint64_t st_dev; - uint64_t st_ino; - uint64_t st_nlink; - uint32_t st_mode; - uint32_t st_uid; - uint32_t st_gid; - int __pad0; - uint64_t st_rdev; - uint64_t st_size; - int64_t st_blksize; - int64_t st_blocks; - int64_t st_atime; - int64_t st_atime_nsec; - int64_t st_mtime; - int64_t st_mtime_nsec; - int64_t st_ctime; - int64_t st_ctime_nsec; - int64_t __reserved[3]; -}; - -struct stat64_t -{ - uint64_t st_dev; - uint64_t st_ino; - uint64_t st_nlink; - uint32_t st_mode; - uint32_t st_uid; - uint32_t st_gid; - int __pad0; - uint64_t st_rdev; - uint64_t st_size; - int64_t st_blksize; - int64_t st_blocks; - int64_t st_atime; - int64_t st_atime_nsec; - int64_t st_mtime; - int64_t st_mtime_nsec; - int64_t st_ctime; - int64_t st_ctime_nsec; - int64_t __reserved[3]; -}; - -#endif diff --git a/rust-sgx-sdk/edl/intel/sgx_dcap_tvl.edl b/rust-sgx-sdk/edl/intel/sgx_dcap_tvl.edl deleted file mode 100644 index 7c5c0d8c..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_dcap_tvl.edl +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Copyright (C) 2011-2020 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - - include "sgx_qve_header.h" - include "sgx_ql_quote.h" - - - trusted { - - /** - * Verify QvE Report and Identity - * - * @param p_quote[IN] - Pointer to SGX Quote. - * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). - * @param p_qve_report_info[IN] - The output of API "sgx_qv_verify_quote", it should contain QvE report and nonce - * @param expiration_check_date[IN] - This is the date to verify QvE report data, you should use same value for this API and "sgx_qv_verify_quote" - * @param collateral_expiration_status[IN] - The output of API "sgx_qv_verify_quote" about quote verification collateral's expiration status - * @param quote_verification_result[IN] - The output of API "sgx_qv_verify_quote" about quote verification result - * @param p_supplemental_data[IN] - The output of API "sgx_qv_verify_quote", the pointer to supplemental data - * @param supplemental_data_size[IN] - Size of the buffer pointed to by p_quote (in bytes) - * @param qve_isvsvn_threshold [IN] - The threshold of QvE ISVSVN, the ISVSVN of QvE used to verify quote must be greater or equal to this threshold. You can get latest QvE ISVSVN in QvE Identity (JSON) from Intel PCS. - * - * @return Status code of the operation, one of: - * - SGX_QL_SUCCESS - * - SGX_QL_ERROR_INVALID_PARAMETER - * - SGX_QL_ERROR_REPORT // Error when verifying QvE report - * - SGX_QL_ERROR_UNEXPECTED // Error when comparing QvE report data - * - SGX_QL_QVEIDENTITY_MISMATCH // Error when comparing QvE identity - * - SGX_QL_QVE_OUT_OF_DATE // QvE ISVSVN is smaller than input QvE ISV SVN threshold - **/ - - public quote3_error_t sgx_tvl_verify_qve_report_and_identity( - [in, size=quote_size] const uint8_t *p_quote, - uint32_t quote_size, - [in, count=1] const sgx_ql_qe_report_info_t *p_qve_report_info, - time_t expiration_check_date, - uint32_t collateral_expiration_status, - sgx_ql_qv_result_t quote_verification_result, - [in, size=supplemental_data_size] const uint8_t *p_supplemental_data, - uint32_t supplemental_data_size, - sgx_isv_svn_t qve_isvsvn_threshold); - }; -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_pthread.edl b/rust-sgx-sdk/edl/intel/sgx_pthread.edl deleted file mode 100644 index 7a097a73..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_pthread.edl +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - untrusted { - [cdecl] int pthread_wait_timeout_ocall (unsigned long long waiter, unsigned long long timeout); - [cdecl] int pthread_create_ocall(unsigned long long self); - [cdecl] int pthread_wakeup_ocall(unsigned long long waiter); - }; -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_tkey_exchange.edl b/rust-sgx-sdk/edl/intel/sgx_tkey_exchange.edl deleted file mode 100644 index 3e18c895..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_tkey_exchange.edl +++ /dev/null @@ -1,49 +0,0 @@ -/* - * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - trusted { - public sgx_status_t sgx_ra_get_ga(sgx_ra_context_t context, - [out] sgx_ec256_public_t *g_a); - - public sgx_status_t sgx_ra_proc_msg2_trusted(sgx_ra_context_t context, - [in]const sgx_ra_msg2_t *p_msg2, /*copy msg2 except quote into enclave */ - [in] const sgx_target_info_t *p_qe_target, - [out] sgx_report_t *p_report, - [out] sgx_quote_nonce_t *p_nonce); - - public sgx_status_t sgx_ra_get_msg3_trusted(sgx_ra_context_t context, - uint32_t quote_size, - [in]sgx_report_t* qe_report, - [user_check]sgx_ra_msg3_t *p_msg3, - uint32_t msg3_size); - }; -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_tprotected_fs.edl b/rust-sgx-sdk/edl/intel/sgx_tprotected_fs.edl deleted file mode 100644 index 2dfad370..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_tprotected_fs.edl +++ /dev/null @@ -1,47 +0,0 @@ -/* - * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - from "sgx_tstdc.edl" import *; - untrusted { - void* u_sgxprotectedfs_exclusive_file_open([in, string] const char* filename, uint8_t read_only, [out] int64_t* file_size, [out] int32_t* error_code); - uint8_t u_sgxprotectedfs_check_if_file_exists([in, string] const char* filename); - int32_t u_sgxprotectedfs_fread_node([user_check] void* f, uint64_t node_number, [out, size=node_size] uint8_t* buffer, uint32_t node_size); - int32_t u_sgxprotectedfs_fwrite_node([user_check] void* f, uint64_t node_number, [in, size=node_size] uint8_t* buffer, uint32_t node_size); - int32_t u_sgxprotectedfs_fclose([user_check] void* f); - uint8_t u_sgxprotectedfs_fflush([user_check] void* f); - int32_t u_sgxprotectedfs_remove([in, string] const char* filename); - - void* u_sgxprotectedfs_recovery_file_open([in, string] const char* filename); - uint8_t u_sgxprotectedfs_fwrite_recovery_node([user_check] void* f, [in, count=data_length] uint8_t* data, uint32_t data_length); - int32_t u_sgxprotectedfs_do_file_recovery([in, string] const char* filename, [in, string] const char* recovery_filename, uint32_t node_size); - }; -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_tstdc.edl b/rust-sgx-sdk/edl/intel/sgx_tstdc.edl deleted file mode 100644 index 4124debc..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_tstdc.edl +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - untrusted { - [cdecl] void sgx_oc_cpuidex([out] int cpuinfo[4], int leaf, int subleaf); - - /* Go outside and wait on my untrusted event */ - [cdecl] int sgx_thread_wait_untrusted_event_ocall([user_check] const void *self); - - /* Wake a thread waiting on its untrusted event */ - [cdecl] int sgx_thread_set_untrusted_event_ocall([user_check] const void *waiter); - - /* Wake a thread waiting on its untrusted event, and wait on my untrusted event */ - [cdecl] int sgx_thread_setwait_untrusted_events_ocall([user_check] const void *waiter, [user_check] const void *self); - - /* Wake multiple threads waiting on their untrusted events */ - [cdecl] int sgx_thread_set_multiple_untrusted_events_ocall([in, count = total] const void **waiters, size_t total); - }; -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_tswitchless.edl b/rust-sgx-sdk/edl/intel/sgx_tswitchless.edl deleted file mode 100644 index a20669ab..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_tswitchless.edl +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave { - - trusted { - public sgx_status_t sl_init_switchless([user_check]void* sl_data); - public sgx_status_t sl_run_switchless_tworker(); - }; - -}; diff --git a/rust-sgx-sdk/edl/intel/sgx_ttls.edl b/rust-sgx-sdk/edl/intel/sgx_ttls.edl deleted file mode 100644 index ca0906f5..00000000 --- a/rust-sgx-sdk/edl/intel/sgx_ttls.edl +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name of Intel Corporation nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - * - */ - -enclave{ - include "sgx_report.h" - include "sgx_qve_header.h" - include "sgx_ql_lib_common.h" - include "sgx_ql_quote.h" - - untrusted { - quote3_error_t sgx_tls_get_qe_target_info_ocall([size = target_info_size, out] sgx_target_info_t *p_target_info, - size_t target_info_size); - - quote3_error_t sgx_tls_get_quote_size_ocall([out] uint32_t *p_quote_size); - - quote3_error_t sgx_tls_get_quote_ocall([size = report_size, in] sgx_report_t* p_report, - size_t report_size, - [size = quote_size, out] uint8_t *p_quote, - uint32_t quote_size); - - quote3_error_t sgx_tls_get_supplemental_data_size_ocall([out] uint32_t *p_supplemental_data_size); - - quote3_error_t sgx_tls_verify_quote_ocall( - [size = quote_size, in] const uint8_t *p_quote, - uint32_t quote_size, - time_t expiration_check_date, - [out] sgx_ql_qv_result_t *p_quote_verification_result, - [size = qve_report_info_size, in, out] sgx_ql_qe_report_info_t *p_qve_report_info, - size_t qve_report_info_size, - [size = supplemental_data_size, out] uint8_t *p_supplemental_data, - uint32_t supplemental_data_size); - - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_asyncio.edl b/rust-sgx-sdk/edl/sgx_asyncio.edl deleted file mode 100644 index f4637389..00000000 --- a/rust-sgx-sdk/edl/sgx_asyncio.edl +++ /dev/null @@ -1,33 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "sys/epoll.h" - include "poll.h" - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_poll_ocall([out] int *error, [in, out, count=nfds] struct pollfd *fds, nfds_t nfds, int timeout); - int u_epoll_create1_ocall([out] int *error, int flags); - int u_epoll_ctl_ocall([out] int *error, int epfd, int op, int fd, [in] struct epoll_event *event); - int u_epoll_wait_ocall([out] int *error, int epfd, [out, count=maxevents] struct epoll_event *events, int maxevents, int timeout); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_backtrace.edl b/rust-sgx-sdk/edl/sgx_backtrace.edl deleted file mode 100644 index 4a9e7ef8..00000000 --- a/rust-sgx-sdk/edl/sgx_backtrace.edl +++ /dev/null @@ -1,31 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - from "sgx_fd.edl" import *; - from "sgx_file.edl" import *; - from "sgx_mem.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - /* define OCALLs here. */ - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_env.edl b/rust-sgx-sdk/edl/sgx_env.edl deleted file mode 100644 index d4a77cc8..00000000 --- a/rust-sgx-sdk/edl/sgx_env.edl +++ /dev/null @@ -1,40 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "pwd.h" - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - char **u_environ_ocall(); - char *u_getenv_ocall([in, string] const char *name); - int u_setenv_ocall([out] int *error, [in, string] const char *name, [in, string] const char *value, int overwrite); - int u_unsetenv_ocall([out] int *error, [in, string] const char *name); - int u_chdir_ocall([out] int *error, [in, string] const char *dir); - char *u_getcwd_ocall([out] int *error, [out, size=buflen] char *buf, size_t buflen); - int u_getpwuid_r_ocall(unsigned int uid, - [out] struct passwd *pwd, - [out, size=buflen] char *buf, - size_t buflen, - [out] struct passwd **passwd_result); - unsigned int u_getuid_ocall(); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_fd.edl b/rust-sgx-sdk/edl/sgx_fd.edl deleted file mode 100644 index cd668b71..00000000 --- a/rust-sgx-sdk/edl/sgx_fd.edl +++ /dev/null @@ -1,57 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "inc/stat.h" - include "sys/uio.h" - include "time.h" - - from "sgx_mem.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - size_t u_read_ocall([out] int *error, int fd, [user_check] void *buf, size_t count); - size_t u_pread64_ocall([out] int *error, int fd, [user_check] void *buf, size_t count, int64_t offset); - size_t u_readv_ocall([out] int *error, int fd, [in, count=iovcnt] const struct iovec *iov, int iovcnt); - size_t u_preadv64_ocall([out] int *error, int fd, [in, count=iovcnt] const struct iovec *iov, int iovcnt, int64_t offset); - - size_t u_write_ocall([out] int *error, int fd, [user_check] const void *buf, size_t count); - size_t u_pwrite64_ocall([out] int *error, int fd, [user_check] const void *buf, size_t count, int64_t offset); - size_t u_writev_ocall([out] int *error, int fd, [in, count=iovcnt] const struct iovec *iov, int iovcnt); - size_t u_pwritev64_ocall([out] int *error, int fd, [in, count=iovcnt] const struct iovec *iov, int iovcnt, int64_t offset); - - size_t u_sendfile_ocall([out] int *error, int out_fd, int in_fd, [in, out] int64_t *offset, size_t count); - size_t u_copy_file_range_ocall([out] int *error, int fd_in, [in, out] int64_t *off_in, int fd_out, [in, out] int64_t *off_out, size_t len, unsigned int flags); - size_t u_splice_ocall([out] int *error, int fd_in, [in, out] int64_t *off_in, int fd_out, [in, out] int64_t *off_out, size_t len, unsigned int flags); - - int u_fcntl_arg0_ocall([out] int *error, int fd, int cmd); - int u_fcntl_arg1_ocall([out] int *error, int fd, int cmd, int arg); - int u_ioctl_arg0_ocall([out] int *error, int fd, int request); - int u_ioctl_arg1_ocall([out] int *error, int fd, int request, [in, out] int *arg); - - int u_close_ocall([out] int *error, int fd); - int u_isatty_ocall([out] int *error, int fd); - int u_dup_ocall([out] int *error, int oldfd); - int u_eventfd_ocall([out] int *error, unsigned int initval, int flags); - - int u_futimens_ocall([out] int *error, int fd, [in, count=2] const struct timespec *times); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_file.edl b/rust-sgx-sdk/edl/sgx_file.edl deleted file mode 100644 index c70ec599..00000000 --- a/rust-sgx-sdk/edl/sgx_file.edl +++ /dev/null @@ -1,66 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "inc/stat.h" - include "inc/dirent.h" - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_open_ocall([out] int *error, [in, string] const char *pathname, int flags); - int u_open64_ocall([out] int *error, [in, string] const char *path, int oflag, int mode); - int u_openat_ocall([out] int *error, int dirfd, [in, string] const char *pathname, int flags); - - int u_fstat_ocall([out] int *error, int fd, [out] struct stat_t *buf); - int u_fstat64_ocall([out] int *error, int fd, [out] struct stat64_t *buf); - int u_stat_ocall([out] int *error, [in, string] const char *path, [out] struct stat_t *buf); - int u_stat64_ocall([out] int *error, [in, string] const char *path, [out] struct stat64_t *buf); - int u_lstat_ocall([out] int *error, [in, string] const char *path, [out] struct stat_t *buf); - int u_lstat64_ocall([out] int *error, [in, string] const char *path, [out] struct stat64_t *buf); - uint64_t u_lseek_ocall([out] int *error, int fd, int64_t offset, int whence); - int64_t u_lseek64_ocall([out] int *error, int fd, int64_t offset, int whence); - int u_ftruncate_ocall([out] int *error, int fd, int64_t length); - int u_ftruncate64_ocall([out] int *error, int fd, int64_t length); - int u_truncate_ocall([out] int *error, [in, string] const char *path, int64_t length); - int u_truncate64_ocall([out] int *error, [in, string] const char *path, int64_t length); - - int u_fsync_ocall([out] int *error, int fd); - int u_fdatasync_ocall([out] int *error, int fd); - int u_fchmod_ocall([out] int *error, int fd, uint32_t mode); - int u_unlink_ocall([out] int *error, [in, string] const char *pathname); - int u_link_ocall([out] int *error, [in, string] const char *oldpath, [in, string] const char *newpath); - int u_unlinkat_ocall([out] int *error, int dirfd, [in, string] const char *pathname, int flags); - int u_linkat_ocall([out] int *error, int olddirfd, [in, string] const char *oldpath, int newdirfd, [in, string] const char *newpath, int flags); - int u_rename_ocall([out] int *error, [in, string] const char *oldpath, [in, string] const char *newpath); - int u_chmod_ocall([out] int *error, [in, string] const char *path, uint32_t mode); - size_t u_readlink_ocall([out] int *error, [in, string] const char *path, [out, size=bufsz] char *buf, size_t bufsz); - int u_symlink_ocall([out] int *error, [in, string] const char *path1, [in, string] const char *path2); - char *u_realpath_ocall([out] int *error, [in, string] const char *pathname); - int u_mkdir_ocall([out] int *error, [in, string] const char *pathname, uint32_t mode); - int u_rmdir_ocall([out] int *error, [in, string] const char *pathname); - void *u_fdopendir_ocall([out] int *error, int fd); - void *u_opendir_ocall([out] int *error, [in, string] const char *pathname); - int u_readdir64_r_ocall([user_check] void *dirp, [in, out] struct dirent64_t *entry, [out] struct dirent64_t **result); - int u_closedir_ocall([out] int *error, [user_check] void *dirp); - int u_dirfd_ocall([out] int *error, [user_check] void *dirp); - int u_fstatat64_ocall([out] int *error, int dirfd, [in, string] const char *pathname, [out] struct stat64_t *buf, int flags); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_fs.edl b/rust-sgx-sdk/edl/sgx_fs.edl deleted file mode 100644 index 2618be93..00000000 --- a/rust-sgx-sdk/edl/sgx_fs.edl +++ /dev/null @@ -1,31 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - from "sgx_mem.edl" import *; - from "sgx_fd.edl" import *; - from "sgx_file.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - /* define OCALLs here. */ - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_mem.edl b/rust-sgx-sdk/edl/sgx_mem.edl deleted file mode 100644 index db558027..00000000 --- a/rust-sgx-sdk/edl/sgx_mem.edl +++ /dev/null @@ -1,40 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - void *u_malloc_ocall([out] int *error, size_t size); - void u_free_ocall([user_check] void *p); - - void *u_mmap_ocall([out] int *error, - [user_check] void *start, - size_t length, - int prot, - int flags, - int fd, - int64_t offset); - int u_munmap_ocall([out] int *error, [user_check] void *start, size_t length); - - int u_msync_ocall([out] int *error, [user_check] void *addr, size_t length, int flags); - int u_mprotect_ocall([out] int *error, [user_check] void *addr, size_t length, int prot); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_net.edl b/rust-sgx-sdk/edl/sgx_net.edl deleted file mode 100644 index a803b53a..00000000 --- a/rust-sgx-sdk/edl/sgx_net.edl +++ /dev/null @@ -1,41 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "sys/socket.h" - include "netdb.h" - - from "sgx_socket.edl" import *; - from "sgx_asyncio.edl" import *; - from "sgx_fd.edl" import *; - from "sgx_time.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_getaddrinfo_ocall([out] int *error, - [in, string] const char *node, - [in, string] const char *service, - [in] const struct addrinfo *hints, - [out] struct addrinfo **res); - void u_freeaddrinfo_ocall([user_check] struct addrinfo *res); - char *u_gai_strerror_ocall(int errcode); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_net_switchless.edl b/rust-sgx-sdk/edl/sgx_net_switchless.edl deleted file mode 100644 index ec5c500c..00000000 --- a/rust-sgx-sdk/edl/sgx_net_switchless.edl +++ /dev/null @@ -1,92 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "sys/socket.h" - include "poll.h" - from "sgx_fs.edl" import *; - from "sgx_time.edl" import *; - from "sgx_mem.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - - int u_net_socket_ocall([out] int *error, int domain, int ty, int protocol) transition_using_threads; - int u_net_socketpair_ocall([out] int *error, int domain, int ty, int protocol, [out] int sv[2]) transition_using_threads; - int u_net_bind_ocall([out] int *error, int sockfd, [in, size=addrlen] const struct sockaddr *addr, socklen_t addrlen) transition_using_threads; - int u_net_listen_ocall([out] int *error, int sockfd, int backlog) transition_using_threads; - int u_net_accept4_ocall([out] int *error, - int sockfd, - [in, out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out, - int flags) transition_using_threads; - int u_net_connect_ocall([out] int *error, - int sockfd, - [in, size=addrlen] const struct sockaddr *addr, - socklen_t addrlen) transition_using_threads; - size_t u_net_recv_ocall([out] int *error, int sockfd, [out, size=len] void *buf, size_t len, int flags) transition_using_threads; - size_t u_net_recvfrom_ocall([out] int *error, - int sockfd, - [out, size=len] void *buf, - size_t len, - int flags, - [out, size=addrlen_in] struct sockaddr *src_addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out) transition_using_threads; - size_t u_net_recvmsg_ocall([out] int *error, int sockfd, [in, out] struct msghdr *msg, int flags) transition_using_threads; - size_t u_net_send_ocall([out] int *error, int sockfd, [in, size=len] const void *buf, size_t len, int flags) transition_using_threads; - size_t u_net_sendto_ocall([out] int *error, - int sockfd, - [in, size=len] const void *buf, - size_t len, - int flags, - [in, size=addrlen] const struct sockaddr *dest_addr, - socklen_t addrlen) transition_using_threads; - size_t u_sendmsg_ocall([out] int *error, int sockfd, [in] const struct msghdr *msg, int flags) transition_using_threads; - int u_net_getsockopt_ocall([out] int *error, - int sockfd, - int level, - int optname, - [out, size=optlen_in] void *optval, - socklen_t optlen_in, - [out] socklen_t *optlen_out) transition_using_threads; - int u_net_setsockopt_ocall([out] int *error, - int sockfd, - int level, - int optname, - [in, size=optlen] const void *optval, - socklen_t optlen) transition_using_threads; - int u_net_getsockname_ocall([out] int *error, - int sockfd, - [out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out) transition_using_threads; - int u_net_getpeername_ocall([out] int *error, - int sockfd, - [out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out) transition_using_threads; - int u_net_shutdown_ocall([out] int *error, int sockfd, int how) transition_using_threads; - int u_net_ioctl_ocall([out] int *error, int fd, int request, [in, out] int *arg) transition_using_threads; - int u_net_poll_ocall([out] int *error, [in, out, count=nfds] struct pollfd *fds, nfds_t nfds, int timeout) transition_using_threads; - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_pipe.edl b/rust-sgx-sdk/edl/sgx_pipe.edl deleted file mode 100644 index 00c12f5e..00000000 --- a/rust-sgx-sdk/edl/sgx_pipe.edl +++ /dev/null @@ -1,31 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - from "sgx_fd.edl" import *; - from "sgx_asyncio.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_pipe_ocall([out] int *error, [out, count=2] int *pipefd); - int u_pipe2_ocall([out] int *error, [out, count=2] int *pipefd, int flags); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_process.edl b/rust-sgx-sdk/edl/sgx_process.edl deleted file mode 100644 index 69123df5..00000000 --- a/rust-sgx-sdk/edl/sgx_process.edl +++ /dev/null @@ -1,28 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - trusted { - /* define ECALLs here. */ - - }; - - untrusted { - int u_getpid_ocall(); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_signal.edl b/rust-sgx-sdk/edl/sgx_signal.edl deleted file mode 100644 index fd9b0f0d..00000000 --- a/rust-sgx-sdk/edl/sgx_signal.edl +++ /dev/null @@ -1,43 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - include "signal.h" - - trusted { - /* define ECALLs here. */ - public int t_signal_handler_ecall([in]const siginfo_t *info); - }; - - untrusted { - int u_sigaction_ocall([out]int *error, - int signum, - [in] const struct sigaction *act, - [out] struct sigaction *oldact, - uint64_t enclave_id); - - int u_sigprocmask_ocall([out]int *error, - int signum, - [in] const sigset_t *set, - [out] sigset_t *oldset); - - int u_raise_ocall(int signum) allow(t_signal_handler_ecall); - - void u_signal_clear_ocall(uint64_t enclave_id); - }; -}; - diff --git a/rust-sgx-sdk/edl/sgx_socket.edl b/rust-sgx-sdk/edl/sgx_socket.edl deleted file mode 100644 index 6fc8ff7c..00000000 --- a/rust-sgx-sdk/edl/sgx_socket.edl +++ /dev/null @@ -1,111 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "sys/socket.h" - - from "sgx_mem.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_socket_ocall([out] int *error, int domain, int ty, int protocol); - int u_socketpair_ocall([out] int *error, int domain, int ty, int protocol, [out] int sv[2]); - int u_bind_ocall([out] int *error, int sockfd, [in, size=addrlen] const struct sockaddr *addr, socklen_t addrlen); - int u_listen_ocall([out] int *error, int sockfd, int backlog); - int u_accept_ocall([out] int *error, - int sockfd, - [in, out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out); - int u_accept4_ocall([out] int *error, - int sockfd, - [in, out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out, - int flags); - int u_connect_ocall([out] int *error, - int sockfd, - [in, size=addrlen] const struct sockaddr *addr, - socklen_t addrlen); - size_t u_recv_ocall([out] int *error, int sockfd,[user_check] void *buf, size_t len, int flags); - size_t u_recvfrom_ocall([out] int *error, - int sockfd, - [user_check] void *buf, - size_t len, - int flags, - [out, size=addrlen_in] struct sockaddr *src_addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out); - size_t u_recvmsg_ocall([out] int *error, - int sockfd, - [out, size=msg_namelen] void *msg_name, - socklen_t msg_namelen, - [out] socklen_t* msg_namelen_out, - [in, count=msg_iovlen] struct iovec* msg_iov, - size_t msg_iovlen, - [out, size=msg_controllen] void *msg_control, - size_t msg_controllen, - [out] size_t* msg_controllen_out, - [out] int* msg_flags, - int flags); - size_t u_send_ocall([out] int *error, int sockfd, [user_check] const void *buf, size_t len, int flags); - size_t u_sendto_ocall([out] int *error, - int sockfd, - [user_check] const void *buf, - size_t len, - int flags, - [in, size=addrlen] const struct sockaddr *dest_addr, - socklen_t addrlen); - size_t u_sendmsg_ocall([out] int *error, - int sockfd, - [in, size=msg_namelen] const void* msg_name, - socklen_t msg_namelen, - [in, count=msg_iovlen] const struct iovec* msg_iov, - size_t msg_iovlen, - [in, size=msg_controllen] const void* msg_control, - size_t msg_controllen, - int flags); - int u_getsockopt_ocall([out] int *error, - int sockfd, - int level, - int optname, - [out, size=optlen_in] void *optval, - socklen_t optlen_in, - [out] socklen_t *optlen_out); - int u_setsockopt_ocall([out] int *error, - int sockfd, - int level, - int optname, - [in, size=optlen] const void *optval, - socklen_t optlen); - int u_getsockname_ocall([out] int *error, - int sockfd, - [out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out); - int u_getpeername_ocall([out] int *error, - int sockfd, - [out, size=addrlen_in] struct sockaddr *addr, - socklen_t addrlen_in, - [out] socklen_t *addrlen_out); - int u_shutdown_ocall([out] int *error, int sockfd, int how); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_stdio.edl b/rust-sgx-sdk/edl/sgx_stdio.edl deleted file mode 100644 index 5367d9ab..00000000 --- a/rust-sgx-sdk/edl/sgx_stdio.edl +++ /dev/null @@ -1,29 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - from "sgx_fd.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - /* define OCALLs here. */ - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_sys.edl b/rust-sgx-sdk/edl/sgx_sys.edl deleted file mode 100644 index bc74b968..00000000 --- a/rust-sgx-sdk/edl/sgx_sys.edl +++ /dev/null @@ -1,32 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "sched.h" - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - long u_sysconf_ocall([out] int *error, int name); - int u_prctl_ocall([out] int *error, int option, unsigned long arg2, unsigned long arg3, unsigned long arg4, unsigned long arg5); - int u_sched_setaffinity_ocall([out] int *error, pid_t pid, size_t cpusetsize, [in, size=cpusetsize] cpu_set_t *mask); - int u_sched_getaffinity_ocall([out] int *error, pid_t pid, size_t cpusetsize, [out, size=cpusetsize] cpu_set_t *mask); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_thread.edl b/rust-sgx-sdk/edl/sgx_thread.edl deleted file mode 100644 index 71512f0e..00000000 --- a/rust-sgx-sdk/edl/sgx_thread.edl +++ /dev/null @@ -1,32 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. -enclave { - - include "time.h" - - from "intel/sgx_pthread.edl" import *; - from "sgx_sys.edl" import *; - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_sched_yield_ocall([out]int *error); - int u_nanosleep_ocall([out]int *error, [in]const struct timespec *req, [out]struct timespec *rem); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_time.edl b/rust-sgx-sdk/edl/sgx_time.edl deleted file mode 100644 index adeeeccf..00000000 --- a/rust-sgx-sdk/edl/sgx_time.edl +++ /dev/null @@ -1,29 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - include "time.h" - - trusted { - /* define ECALLs here. */ - }; - - untrusted { - int u_clock_gettime_ocall([out] int *error, int clk_id, [out] struct timespec *tp); - }; -}; diff --git a/rust-sgx-sdk/edl/sgx_tstd.edl b/rust-sgx-sdk/edl/sgx_tstd.edl deleted file mode 100644 index 9b74272f..00000000 --- a/rust-sgx-sdk/edl/sgx_tstd.edl +++ /dev/null @@ -1,38 +0,0 @@ -// Licensed to the Apache Software Foundation (ASF) under one -// or more contributor license agreements. See the NOTICE file -// distributed with this work for additional information -// regarding copyright ownership. The ASF licenses this file -// to you under the Apache License, Version 2.0 (the -// "License"); you may not use this file except in compliance -// with the License. You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, -// software distributed under the License is distributed on an -// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -// KIND, either express or implied. See the License for the -// specific language governing permissions and limitations -// under the License. - -enclave { - - from "sgx_time.edl" import *; - - trusted { - /* define ECALLs here. */ - public void t_global_init_ecall(uint64_t id, [in, size=len] const uint8_t *path, size_t len); - public void t_global_exit_ecall(); - }; - - untrusted { - /* define OCALLs here. */ - int u_thread_set_event_ocall([out] int *error, [user_check] const void *tcs); - int u_thread_wait_event_ocall([out] int *error, [user_check] const void *tcs, [in] const struct timespec *timeout); - int u_thread_set_multiple_events_ocall([out] int *error, [in, count=total] const void **tcss, int total); - int u_thread_setwait_events_ocall([out] int *error, - [user_check] const void *waiter_tcs, - [user_check] const void *self_tcs, - [in] const struct timespec *timeout); - }; -}; diff --git a/rust-sgx-sdk/version b/rust-sgx-sdk/version deleted file mode 100644 index 34d7b1ba..00000000 --- a/rust-sgx-sdk/version +++ /dev/null @@ -1 +0,0 @@ -c3d82372dff81e5bafb07f71bc8ad532d06b504e diff --git a/rust-toolchain b/rust-toolchain index cd5e8eb2..75a4f2e3 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1 +1 @@ -nightly-2022-10-22 +nightly-2024-09-05 From f5324530d8c978d749e84c8d1cb7636ab604ffe8 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Sun, 8 Sep 2024 15:45:37 +0900 Subject: [PATCH 02/30] remove unnecessary function Signed-off-by: Jun Kimura --- modules/crypto/Cargo.toml | 2 -- modules/crypto/src/sgx/rand.rs | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/modules/crypto/Cargo.toml b/modules/crypto/Cargo.toml index 7c704c27..d07926e3 100644 --- a/modules/crypto/Cargo.toml +++ b/modules/crypto/Cargo.toml @@ -6,7 +6,6 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_trts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", optional = true } -sgx_rand = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", optional = true } sgx_tseal = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", optional = true } rand = { version = "0.8", default-features = false, optional = true } @@ -25,6 +24,5 @@ std = [ ] sgx = [ "sgx_trts", - "sgx_rand", "sgx_tseal" ] diff --git a/modules/crypto/src/sgx/rand.rs b/modules/crypto/src/sgx/rand.rs index 0213a271..892eb2c5 100644 --- a/modules/crypto/src/sgx/rand.rs +++ b/modules/crypto/src/sgx/rand.rs @@ -1,17 +1,7 @@ use crate::errors::Error; -use sgx_rand::Rng; use sgx_trts::trts::rsgx_read_rand; use sgx_types::sgx_status_t; pub fn rand_slice(rand: &mut [u8]) -> Result<(), Error> { rsgx_read_rand(rand).map_err(Error::sgx_error) } - -pub fn fill_bytes(bytes: &mut [u8]) -> Result<(), sgx_status_t> { - let mut os_rng = match sgx_rand::SgxRng::new() { - Ok(r) => r, - Err(_) => return Err(sgx_status_t::SGX_ERROR_UNEXPECTED), - }; - os_rng.fill_bytes(bytes); - Ok(()) -} From 16bbf2df1375f64927c8d93976cea2637814d7a1 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Sun, 8 Sep 2024 15:46:29 +0900 Subject: [PATCH 03/30] use sgx_no_tstd instead of sgx_tstd Signed-off-by: Jun Kimura --- enclave-modules/runtime/Cargo.toml | 3 ++- enclave-modules/runtime/src/lib.rs | 8 +++++--- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/enclave-modules/runtime/Cargo.toml b/enclave-modules/runtime/Cargo.toml index 2fd952bb..05008216 100644 --- a/enclave-modules/runtime/Cargo.toml +++ b/enclave-modules/runtime/Cargo.toml @@ -5,7 +5,8 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +sgx_no_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +sgx_trts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } log = { version = "0.4.8", default-features = false } bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde", "alloc"] } flex-error = { version = "0.4.4", default-features = false } diff --git a/enclave-modules/runtime/src/lib.rs b/enclave-modules/runtime/src/lib.rs index 608b4f67..c026ee55 100644 --- a/enclave-modules/runtime/src/lib.rs +++ b/enclave-modules/runtime/src/lib.rs @@ -21,7 +21,9 @@ mod prelude { pub use ecalls::{ecall_execute_command, set_environment}; pub use enclave_environment::{Environment, MapLightClientRegistry}; /// re-export -pub use sgx_tstd; +pub use sgx_no_tstd; +pub use sgx_trts; +pub use sgx_types; mod ecalls; mod errors; @@ -29,9 +31,9 @@ mod errors; #[macro_export] macro_rules! setup_runtime { ($func:block) => { - use $crate::sgx_tstd::cfg_if; + use $crate::sgx_types::cfg_if; - $crate::sgx_tstd::global_ctors_object! {_init, _init_func = { + $crate::sgx_trts::global_ctors_object! {_init, _init_func = { $crate::set_environment((|| { $func })()).unwrap() }} From 74a71a8b686af77fcc847dfdde206500a4526bef Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Sun, 8 Sep 2024 18:05:49 +0900 Subject: [PATCH 04/30] move ra process into enclave outside Signed-off-by: Jun Kimura --- Cargo.lock | 488 +++++++++--------- Cargo.toml | 1 + Makefile | 2 +- app/Cargo.toml | 2 +- app/src/commands/attestation.rs | 42 +- enclave-modules/ecall-handler/Cargo.toml | 2 +- .../src/enclave_manage/errors.rs | 3 +- .../ecall-handler/src/enclave_manage/mod.rs | 2 +- .../src/enclave_manage/report.rs | 23 + .../src/enclave_manage/router.rs | 17 +- enclave-modules/host-api/src/lib.rs | 1 - .../host-api/src/remote_attestation.rs | 54 -- enclave-modules/remote-attestation/Cargo.toml | 7 +- .../remote-attestation/src/attestation.rs | 454 ++++++++-------- enclave-modules/remote-attestation/src/lib.rs | 16 - .../remote-attestation/src/report.rs | 152 +++--- enclave-modules/runtime/Cargo.toml | 3 +- enclave/Cargo.lock | 266 ++-------- enclave/Cargo.toml | 5 +- enclave/src/lib.rs | 8 +- modules/attestation-report/Cargo.toml | 7 +- modules/attestation-report/src/lib.rs | 4 +- modules/ecall-commands/Cargo.toml | 3 +- modules/ecall-commands/src/enclave_manage.rs | 69 +-- modules/ecall-commands/src/lib.rs | 9 +- modules/ecall-commands/src/transmuter.rs | 42 ++ modules/enclave-api/Cargo.toml | 3 +- modules/enclave-api/src/api/command.rs | 109 ++-- modules/ocall-commands/src/lib.rs | 8 - modules/ocall-handler/src/lib.rs | 2 +- modules/ocall-handler/src/router.rs | 5 +- modules/remote-attestation/Cargo.toml | 26 + modules/remote-attestation/src/errors.rs | 46 ++ modules/remote-attestation/src/ias.rs | 36 ++ .../remote-attestation/src/ias_simulation.rs | 74 +++ modules/remote-attestation/src/ias_utils.rs | 379 ++++++++++++++ modules/remote-attestation/src/lib.rs | 6 + tests/integration/Cargo.toml | 3 +- tests/integration/src/lib.rs | 148 +++--- 39 files changed, 1440 insertions(+), 1087 deletions(-) create mode 100644 enclave-modules/ecall-handler/src/enclave_manage/report.rs delete mode 100644 enclave-modules/host-api/src/remote_attestation.rs create mode 100644 modules/ecall-commands/src/transmuter.rs create mode 100644 modules/remote-attestation/Cargo.toml create mode 100644 modules/remote-attestation/src/errors.rs create mode 100644 modules/remote-attestation/src/ias.rs create mode 100644 modules/remote-attestation/src/ias_simulation.rs create mode 100644 modules/remote-attestation/src/ias_utils.rs create mode 100644 modules/remote-attestation/src/lib.rs diff --git a/Cargo.lock b/Cargo.lock index 1858d066..d393a82c 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -64,20 +64,20 @@ checksum = "aae1277d39aeec15cb388266ecc24b11c80469deae6067e17a1a7aa9e5c1f234" [[package]] name = "ahash" -version = "0.7.6" +version = "0.7.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" +checksum = "891477e0c6a8957309ee5c45a6368af3ae14bb510732d2684ffa19af310920f9" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.15", "once_cell", "version_check", ] [[package]] name = "ahash" -version = "0.8.6" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if 1.0.0", "once_cell", @@ -166,6 +166,12 @@ dependencies = [ "const-hex", ] +[[package]] +name = "android-tzdata" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" + [[package]] name = "android_system_properties" version = "0.1.5" @@ -245,7 +251,7 @@ checksum = "a1b71b31561643aa8e7df3effe284fa83ab1a840e52294c5f4bd7bfd8b2becbb" dependencies = [ "futures-io", "futures-util", - "log 0.4.17", + "log", "pin-project-lite", "rustls-native-certs 0.6.2", "tokio", @@ -264,14 +270,12 @@ dependencies = [ "hex", "lcp-types", "pem", - "rustls 0.19.0", "rustls 0.19.1", "serde", "serde_json", "sgx_types", "tendermint 0.29.0", - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", - "webpki 0.21.4 (git+https://github.com/mesalock-linux/webpki?branch=mesalock_sgx)", + "webpki 0.21.4", ] [[package]] @@ -363,14 +367,6 @@ version = "0.13.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" -[[package]] -name = "base64" -version = "0.13.0" -source = "git+https://github.com/mesalock-linux/rust-base64-sgx#dc7389e10817b078f289386b3b6a852ab6c4c021" -dependencies = [ - "sgx_tstd", -] - [[package]] name = "base64" version = "0.20.0-alpha.1" @@ -468,9 +464,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a" [[package]] name = "bitflags" -version = "2.3.3" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "630be753d4e58660abd17930c71b647fe46c27ea6b63cc59e1e3851406972e42" +checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de" [[package]] name = "bitvec" @@ -667,11 +663,12 @@ dependencies = [ [[package]] name = "cc" -version = "1.0.73" +version = "1.1.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fff2a6927b3bb87f9595d67196a70493f627687a71d87a0d692242c33f58c11" +checksum = "e9e8aabfac534be767c909e0690571677d49f41bd8465ae876fe043d52ba5292" dependencies = [ "jobserver", + "libc", ] [[package]] @@ -697,15 +694,17 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.22" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bfd4d1b31faaa3a89d7934dbded3111da0d2ef28e3ebccdb4f0179f5929d1ef1" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ + "android-tzdata", "iana-time-zone", - "num-integer", + "js-sys", "num-traits", "serde", - "winapi", + "wasm-bindgen", + "windows-targets 0.52.6", ] [[package]] @@ -988,7 +987,6 @@ dependencies = [ "rand 0.8.5", "serde", "serde-big-array", - "sgx_rand", "sgx_trts", "sgx_tseal", "sgx_types", @@ -1226,9 +1224,9 @@ dependencies = [ [[package]] name = "digest" -version = "0.10.6" +version = "0.10.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8168378f4e5023e7218c89c891c0fd8ecdb5e5e4f18cb78f38cf245dd021e76f" +checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292" dependencies = [ "block-buffer 0.10.2", "const-oid", @@ -1310,6 +1308,8 @@ dependencies = [ "flex-error", "lcp-types", "serde", + "serde_with", + "sgx_types", "store", ] @@ -1390,7 +1390,7 @@ dependencies = [ "base16ct", "crypto-bigint", "der 0.6.1", - "digest 0.10.6", + "digest 0.10.7", "ff", "generic-array", "group", @@ -1413,7 +1413,7 @@ dependencies = [ "keymanager", "lcp-proto", "lcp-types", - "log 0.4.17", + "log", "rsa", "sgx_types", "sgx_urts", @@ -1444,7 +1444,7 @@ checksum = "0b2cf0344971ee6c64c31be0d530793fba457d322dfec2810c453d0ef228f9c3" dependencies = [ "atty", "humantime", - "log 0.4.17", + "log", "regex", "termcolor", ] @@ -1730,9 +1730,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.7" +version = "0.2.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4eb1a864a501629691edf6c15a593b7a51eebaa1e8468e9ddc623de7c9b58ec6" +checksum = "c4567c8db10ae91089c99af84c68c38da3ec2f087c3f82960bcdbf3656b6f4d7" dependencies = [ "cfg-if 1.0.0", "js-sys", @@ -1756,7 +1756,7 @@ dependencies = [ "bitflags 1.3.2", "libc", "libgit2-sys", - "log 0.4.17", + "log", "openssl-probe", "openssl-sys", "url", @@ -1839,7 +1839,7 @@ version = "0.12.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8a9ee70c43aaf417c914396645a0fa852624801b24ebb7ae78fe8272889ac888" dependencies = [ - "ahash 0.7.6", + "ahash 0.7.8", ] [[package]] @@ -1848,15 +1848,10 @@ version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" dependencies = [ - "ahash 0.8.6", + "ahash 0.8.11", "allocator-api2", ] -[[package]] -name = "hashbrown_tstd" -version = "0.12.0" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - [[package]] name = "hashlink" version = "0.8.3" @@ -1881,7 +1876,7 @@ version = "0.3.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4cff78e5788be1e0ab65b04d306b2ed5092c815ec97ec70f4ebd5aee158aa55d" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "bitflags 1.3.2", "bytes", "headers-core", @@ -1949,7 +1944,7 @@ version = "0.12.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6c49c37c09c17a53d937dfbb742eb3a961d65a994e6bcdcf37e7399d0cc8ab5e" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -1969,7 +1964,7 @@ version = "0.1.0" dependencies = [ "bincode", "host-environment", - "log 0.4.17", + "log", "ocall-commands", "ocall-handler", "once_cell", @@ -2080,7 +2075,7 @@ dependencies = [ "tokio", "tokio-rustls 0.22.0", "tower-service", - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", + "webpki 0.21.4", ] [[package]] @@ -2092,12 +2087,12 @@ dependencies = [ "ct-logs", "futures-util", "hyper", - "log 0.4.17", + "log", "rustls 0.19.1", "rustls-native-certs 0.5.0", "tokio", "tokio-rustls 0.22.0", - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", + "webpki 0.21.4", "webpki-roots 0.21.1", ] @@ -2207,7 +2202,7 @@ version = "0.24.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "30b46bcc4540116870cfb184f338b45174a7560ad46dd74e4cb4e81e005e2056" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "bytes", "flex-error", "prost", @@ -2223,7 +2218,7 @@ version = "0.26.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c9303a1308c886aea769ef0667c5caa422a78b01e9f8177fea8b91b08a4ff50c" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "borsh", "bytes", "flex-error", @@ -2248,7 +2243,7 @@ dependencies = [ "bs58", "bytes", "crossbeam-channel 0.5.8", - "digest 0.10.6", + "digest 0.10.7", "dirs-next", "ed25519", "ed25519-dalek", @@ -2552,7 +2547,7 @@ dependencies = [ "keymanager", "lcp-proto", "lcp-types", - "log 0.4.17", + "log", "ocall-handler", "once_cell", "prost-types", @@ -2597,9 +2592,9 @@ checksum = "112c678d4050afce233f4f2852bb2eb519230b3cf12f33585275537d7e41578d" [[package]] name = "jobserver" -version = "0.1.25" +version = "0.1.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "068b1ee6743e4d11fb9c6a1e6064b3693a1b600e7f5f5988047d98b3dc9fb90b" +checksum = "48d1dbcbbeb6a7fec7e059840aa538bd62aaccf972c7346c4d9d2059312853d0" dependencies = [ "libc", ] @@ -2640,7 +2635,7 @@ dependencies = [ "crypto", "flex-error", "lcp-types", - "log 0.4.17", + "log", "rand 0.8.5", "rusqlite", "serde", @@ -2653,7 +2648,7 @@ version = "1.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e2abad23fbc42b3700f2f279844dc832adb2b2eb069b2df918f455c4e18cc646" dependencies = [ - "spin", + "spin 0.5.2", ] [[package]] @@ -2679,7 +2674,8 @@ dependencies = [ "host-environment", "keymanager", "lcp-types", - "log 0.4.17", + "log", + "remote-attestation", "serde", "serde_json", "service", @@ -2739,9 +2735,9 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.146" +version = "0.2.158" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f92be4933c13fd498862a9e02a3055f8a8d9c039ce33db97306fd5a6caa7f29b" +checksum = "d8adc4bb1803a324070e64a98ae98f38934d91957a99cfb3a43dcbc01bc56439" [[package]] name = "libgit2-sys" @@ -2796,7 +2792,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95b09eff1b35ed3b33b877ced3a691fc7a481919c7e29c53c906226fcf55e2a1" dependencies = [ "arrayref", - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "digest 0.9.0", "hmac-drbg", "libsecp256k1-core", @@ -2913,15 +2909,6 @@ dependencies = [ "scopeguard", ] -[[package]] -name = "log" -version = "0.4.14" -source = "git+https://github.com/mesalock-linux/log-sgx#2ca9039a9ebba0ed90ed2ad57425917d4b3a2a24" -dependencies = [ - "cfg-if 1.0.0", - "sgx_tstd", -] - [[package]] name = "log" version = "0.4.17" @@ -3030,7 +3017,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "57ee1c23c7c63b0c9250c339ffdc69255f110b298b901b9f6c82547b7b87caaf" dependencies = [ "libc", - "log 0.4.17", + "log", "wasi 0.11.0+wasi-snapshot-preview1", "windows-sys 0.36.1", ] @@ -3076,7 +3063,7 @@ checksum = "00dec633863867f29cb39df64a397cdf4a6354708ddd7759f70c7fb51c5f9182" dependencies = [ "buf_redux", "httparse", - "log 0.4.17", + "log", "mime", "mime_guess", "quick-error", @@ -3251,7 +3238,7 @@ version = "0.1.0" dependencies = [ "flex-error", "host-environment", - "log 0.4.17", + "log", "ocall-commands", "sgx_types", "store", @@ -3446,9 +3433,9 @@ dependencies = [ [[package]] name = "paste" -version = "1.0.7" +version = "1.0.15" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c520e05135d6e763148b6426a837e239041653ba7becd2e538c076c738025fc" +checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a" [[package]] name = "pbkdf2" @@ -3456,7 +3443,7 @@ version = "0.11.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83a0692ec44e4cf1ef28ca317f14f8f07da2d95ec3fa01f86e4467b725e60917" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -3678,7 +3665,7 @@ checksum = "31b476131c3c86cb68032fdc5cb6d5a1045e3e42d96b69fa599fd77701e1f5bf" dependencies = [ "bit-set", "bit-vec", - "bitflags 2.3.3", + "bitflags 2.6.0", "lazy_static", "num-traits", "rand 0.8.5", @@ -3836,7 +3823,7 @@ version = "0.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.15", ] [[package]] @@ -3890,7 +3877,7 @@ version = "0.4.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b033d837a7cf162d7993aded9304e30a83213c648b6e389db233191f891e5c2b" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.15", "redox_syscall 0.2.13", "thiserror", ] @@ -3927,6 +3914,31 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f" +[[package]] +name = "remote-attestation" +version = "0.1.0" +dependencies = [ + "attestation-report", + "base64 0.20.0-alpha.1", + "chrono", + "crypto", + "ecall-commands", + "enclave-api", + "flex-error", + "hex", + "httparse", + "lcp-types", + "log", + "rand 0.8.5", + "rsa", + "rustls 0.19.1", + "sgx_types", + "sha2 0.10.6", + "store", + "webpki 0.21.4", + "webpki-roots 0.17.0", +] + [[package]] name = "reqwest" version = "0.11.14" @@ -3945,7 +3957,7 @@ dependencies = [ "hyper-rustls 0.23.2", "ipnet", "js-sys", - "log 0.4.17", + "log", "mime", "once_cell", "percent-encoding", @@ -3985,28 +3997,32 @@ dependencies = [ [[package]] name = "ring" -version = "0.16.19" -source = "git+https://github.com/mesalock-linux/ring-sgx?tag=v0.16.5#844efe271ed78a399d803b2579f5f2424d543c9f" +version = "0.16.20" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" dependencies = [ "cc", - "sgx_tstd", - "spin", - "untrusted", + "libc", + "once_cell", + "spin 0.5.2", + "untrusted 0.7.1", + "web-sys", + "winapi", ] [[package]] name = "ring" -version = "0.16.20" +version = "0.17.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" +checksum = "c17fa4cb658e3583423e915b9f3acc01cceaee1860e33d59ebae66adc3a2dc0d" dependencies = [ "cc", + "cfg-if 1.0.0", + "getrandom 0.2.15", "libc", - "once_cell", - "spin", - "untrusted", - "web-sys", - "winapi", + "spin 0.9.8", + "untrusted 0.9.0", + "windows-sys 0.52.0", ] [[package]] @@ -4015,7 +4031,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bd124222d17ad93a644ed9d011a40f4fb64aa54275c08cc216524a9ea82fb09f" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -4045,7 +4061,7 @@ version = "3.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4f86e4c51a773f953f02bbab5fd049f004bfd384341d62da2a079aff812ab176" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "brotli", "chrono", "deflate", @@ -4072,7 +4088,7 @@ checksum = "6ab43bb47d23c1a631b4b680199a45255dce26fa9ab2fa902581f624ff13e6a8" dependencies = [ "byteorder", "const-oid", - "digest 0.10.6", + "digest 0.10.7", "num-bigint-dig", "num-integer", "num-iter", @@ -4112,7 +4128,7 @@ version = "0.29.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "549b9d036d571d42e6e85d1c1425e2ac83491075078ca9a15be021c56b1641f2" dependencies = [ - "bitflags 2.3.3", + "bitflags 2.6.0", "fallible-iterator", "fallible-streaming-iterator", "hashlink", @@ -4161,30 +4177,17 @@ dependencies = [ "windows-sys 0.48.0", ] -[[package]] -name = "rustls" -version = "0.19.0" -source = "git+https://github.com/mesalock-linux/rustls?branch=mesalock_sgx#95b5e79dc24b02f3ce424437eb9698509d0baf58" -dependencies = [ - "base64 0.13.0 (git+https://github.com/mesalock-linux/rust-base64-sgx)", - "log 0.4.14", - "ring 0.16.19", - "sct 0.6.0", - "sgx_tstd", - "webpki 0.21.4 (git+https://github.com/mesalock-linux/webpki?branch=mesalock_sgx)", -] - [[package]] name = "rustls" version = "0.19.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "35edb675feee39aec9c99fa5ff985081995a06d594114ae14cbe797ad7b7a6d7" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", - "log 0.4.17", + "base64 0.13.0", + "log", "ring 0.16.20", "sct 0.6.1", - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", + "webpki 0.21.4", ] [[package]] @@ -4193,10 +4196,10 @@ version = "0.20.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5aab8ee6c7097ed6057f43c187a62418d0c05a4bd5f18b3571db50ee0f9ce033" dependencies = [ - "log 0.4.17", + "log", "ring 0.16.20", "sct 0.7.0", - "webpki 0.22.0", + "webpki 0.22.4", ] [[package]] @@ -4229,7 +4232,7 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7522c9de787ff061458fe9a829dc790a3f5b22dc571694fc5883f448b94d9a9" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", ] [[package]] @@ -4397,16 +4400,6 @@ version = "1.0.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ddccb15bcce173023b3fedd9436f882a0739b8dfb45e4f6b6002bee5929f61b2" -[[package]] -name = "sct" -version = "0.6.0" -source = "git+https://github.com/mesalock-linux/sct.rs?branch=mesalock_sgx#c4d859cca232e6c9d88ca12048df3bc26e1ed4ad" -dependencies = [ - "ring 0.16.19", - "sgx_tstd", - "untrusted", -] - [[package]] name = "sct" version = "0.6.1" @@ -4414,7 +4407,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b362b83898e0e69f38515b82ee15aa80636befe47c3b6d3d89a911e78fc228ce" dependencies = [ "ring 0.16.20", - "untrusted", + "untrusted 0.7.1", ] [[package]] @@ -4424,7 +4417,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d53dcdb7c9f8158937a7981b48accfd39a43af418591a5d008c7b22b5e1b7ca4" dependencies = [ "ring 0.16.20", - "untrusted", + "untrusted 0.7.1", ] [[package]] @@ -4603,7 +4596,7 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "368f2d60d049ea019a84dcd6687b0d1e0030fe663ae105039bdf967ed5e6a9a7" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "chrono", "hex", "serde", @@ -4652,31 +4645,6 @@ dependencies = [ "tonic-reflection", ] -[[package]] -name = "sgx_alloc" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[package]] -name = "sgx_backtrace_sys" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "cc", - "sgx_build_helper", - "sgx_libc", -] - -[[package]] -name = "sgx_build_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[package]] -name = "sgx_demangle" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - [[package]] name = "sgx_libc" version = "1.1.6" @@ -4685,16 +4653,6 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_rand" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_trts", - "sgx_tstd", - "sgx_types", -] - [[package]] name = "sgx_tcrypto" version = "1.1.6" @@ -4703,15 +4661,6 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_tprotected_fs" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_trts", - "sgx_types", -] - [[package]] name = "sgx_trts" version = "1.1.6" @@ -4740,35 +4689,11 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_tstd" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "hashbrown_tstd", - "sgx_alloc", - "sgx_backtrace_sys", - "sgx_demangle", - "sgx_libc", - "sgx_tprotected_fs", - "sgx_trts", - "sgx_types", - "sgx_unwind", -] - [[package]] name = "sgx_types" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -[[package]] -name = "sgx_unwind" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_build_helper", -] - [[package]] name = "sgx_urts" version = "1.1.6" @@ -4786,7 +4711,7 @@ checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -4797,7 +4722,7 @@ checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -4821,7 +4746,7 @@ checksum = "82e6b795fe2e3b1e845bafcb27aa35405c4d47cdfc92af5fc8d3002f76cebdc0" dependencies = [ "cfg-if 1.0.0", "cpufeatures", - "digest 0.10.6", + "digest 0.10.7", ] [[package]] @@ -4830,7 +4755,7 @@ version = "0.10.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bdf0c33fae925bdc080598b84bc15c55e7b9a4a43b3c704da051f977469691c9" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", "keccak", ] @@ -4880,7 +4805,7 @@ version = "1.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", "rand_core 0.6.4", ] @@ -4890,7 +4815,7 @@ version = "2.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "5e1788eed21689f9cf370582dfc467ef36ed9c707f073528ddafa8d83e3b8500" dependencies = [ - "digest 0.10.6", + "digest 0.10.7", "rand_core 0.6.4", ] @@ -4943,6 +4868,12 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" +[[package]] +name = "spin" +version = "0.9.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67" + [[package]] name = "spki" version = "0.7.2" @@ -4965,7 +4896,7 @@ version = "0.1.0" dependencies = [ "env_logger", "flex-error", - "log 0.4.17", + "log", "ouroboros", "rocksdb", "serde", @@ -5002,9 +4933,9 @@ dependencies = [ [[package]] name = "subtle" -version = "2.4.1" +version = "2.6.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6bdef32e8150c2a081110b42772ffe7d7c9032b606bc226c8260fd97e0976601" +checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292" [[package]] name = "subtle-encoding" @@ -5136,7 +5067,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "0bb661ab5325af3741b7c37e81ce4bddbf9fdd4e2fb602357843becc8f235041" dependencies = [ "bytes", - "digest 0.10.6", + "digest 0.10.7", "ed25519", "ed25519-consensus", "flex-error", @@ -5181,7 +5112,7 @@ dependencies = [ "ibc", "lcp-proto", "light-client", - "log 0.4.17", + "log", "serde", "tendermint-light-client-verifier 0.29.0", ] @@ -5281,7 +5212,7 @@ dependencies = [ "bytes", "flex-error", "futures", - "getrandom 0.2.7", + "getrandom 0.2.15", "http", "hyper", "hyper-proxy", @@ -5448,7 +5379,7 @@ dependencies = [ "ascii", "chunked_transfer", "httpdate", - "log 0.4.17", + "log", ] [[package]] @@ -5515,7 +5446,7 @@ checksum = "bc6844de72e57df1980054b38be3a9f4702aba4858be64dd700181a8a6d0e1b6" dependencies = [ "rustls 0.19.1", "tokio", - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", + "webpki 0.21.4", ] [[package]] @@ -5526,7 +5457,7 @@ checksum = "c43ee83903113e03984cb9e5cebe6c04a5116269e900e3ddba8f068a62adda59" dependencies = [ "rustls 0.20.6", "tokio", - "webpki 0.22.0", + "webpki 0.22.4", ] [[package]] @@ -5589,7 +5520,7 @@ dependencies = [ "async-stream", "async-trait", "axum", - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "bytes", "futures-core", "futures-util", @@ -5687,7 +5618,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8ce8c33a8d48bd45d624a6e523445fd21ec13d3653cd51f681abf67418f54eb8" dependencies = [ "cfg-if 1.0.0", - "log 0.4.17", + "log", "pin-project-lite", "tracing-attributes", "tracing-core", @@ -5741,7 +5672,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "78ddad33d2d10b1ed7eb9d1f518a5674713876e97e5bb9b7345a7984fbb4f922" dependencies = [ "lazy_static", - "log 0.4.17", + "log", "tracing-core", ] @@ -5794,19 +5725,19 @@ version = "0.17.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e27992fd6a8c29ee7eef28fc78349aa244134e10ad447ce3b9f0ac0ed0fa4ce0" dependencies = [ - "base64 0.13.0 (registry+https://github.com/rust-lang/crates.io-index)", + "base64 0.13.0", "byteorder", "bytes", "http", "httparse", - "log 0.4.17", + "log", "rand 0.8.5", "rustls 0.20.6", "sha-1", "thiserror", "url", "utf-8", - "webpki 0.22.0", + "webpki 0.22.4", ] [[package]] @@ -5896,6 +5827,12 @@ version = "0.7.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" +[[package]] +name = "untrusted" +version = "0.9.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1" + [[package]] name = "url" version = "2.2.2" @@ -5926,7 +5863,7 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1674845326ee10d37ca60470760d4288a6f80f304007d92e5c53bab78c9cfd79" dependencies = [ - "getrandom 0.2.7", + "getrandom 0.2.15", ] [[package]] @@ -5973,7 +5910,7 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1ce8a968cb1cd110d136ff8b819a556d6fb6d919363c61534f6860c7eb172ba0" dependencies = [ - "log 0.4.17", + "log", "try-lock", ] @@ -6013,7 +5950,7 @@ checksum = "5491a68ab4500fa6b4d726bd67408630c3dbe9c4fe7bda16d5c82a1fd8c7340a" dependencies = [ "bumpalo", "lazy_static", - "log 0.4.17", + "log", "proc-macro2", "quote", "syn 1.0.108", @@ -6078,27 +6015,26 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b8e38c0608262c46d4a56202ebabdeb094cef7e560ca7a226c6bf055188aa4ea" dependencies = [ "ring 0.16.20", - "untrusted", + "untrusted 0.7.1", ] [[package]] name = "webpki" -version = "0.21.4" -source = "git+https://github.com/mesalock-linux/webpki?branch=mesalock_sgx#8dbe6fbeefadf05582ae47c7fa818b04db49c61e" +version = "0.22.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ed63aea5ce73d0ff405984102c42de94fc55a6b75765d621c65262469b3c9b53" dependencies = [ - "ring 0.16.19", - "sgx_tstd", - "untrusted", + "ring 0.17.8", + "untrusted 0.9.0", ] [[package]] -name = "webpki" -version = "0.22.0" +name = "webpki-roots" +version = "0.17.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f095d78192e208183081cc07bc5515ef55216397af48b873e5edcd72637fa1bd" +checksum = "a262ae37dd9d60f60dd473d1158f9fbebf110ba7b6a5051c8160460f6043718b" dependencies = [ - "ring 0.16.20", - "untrusted", + "webpki 0.21.4", ] [[package]] @@ -6107,7 +6043,7 @@ version = "0.21.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "aabe153544e473b775453675851ecc86863d2a81d786d741f6b76778f2a48940" dependencies = [ - "webpki 0.21.4 (registry+https://github.com/rust-lang/crates.io-index)", + "webpki 0.21.4", ] [[package]] @@ -6116,7 +6052,7 @@ version = "0.22.6" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b6c71e40d7d2c34a5106301fb632274ca37242cd0c9d3e64dbece371a40a2d87" dependencies = [ - "webpki 0.22.0", + "webpki 0.22.4", ] [[package]] @@ -6184,7 +6120,16 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "677d2418bec65e3338edb076e806bc1ec15693c5d0104683f2efe857f61056a9" dependencies = [ - "windows-targets", + "windows-targets 0.48.0", +] + +[[package]] +name = "windows-sys" +version = "0.52.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d" +dependencies = [ + "windows-targets 0.52.6", ] [[package]] @@ -6202,6 +6147,22 @@ dependencies = [ "windows_x86_64_msvc 0.48.0", ] +[[package]] +name = "windows-targets" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973" +dependencies = [ + "windows_aarch64_gnullvm 0.52.6", + "windows_aarch64_msvc 0.52.6", + "windows_i686_gnu 0.52.6", + "windows_i686_gnullvm", + "windows_i686_msvc 0.52.6", + "windows_x86_64_gnu 0.52.6", + "windows_x86_64_gnullvm 0.52.6", + "windows_x86_64_msvc 0.52.6", +] + [[package]] name = "windows_aarch64_gnullvm" version = "0.42.0" @@ -6214,6 +6175,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "91ae572e1b79dba883e0d315474df7305d12f569b400fcf90581b06062f7e1bc" +[[package]] +name = "windows_aarch64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3" + [[package]] name = "windows_aarch64_msvc" version = "0.36.1" @@ -6232,6 +6199,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b2ef27e0d7bdfcfc7b868b317c1d32c641a6fe4629c171b8928c7b08d98d7cf3" +[[package]] +name = "windows_aarch64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469" + [[package]] name = "windows_i686_gnu" version = "0.36.1" @@ -6250,6 +6223,18 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "622a1962a7db830d6fd0a69683c80a18fda201879f0f447f065a3b7467daa241" +[[package]] +name = "windows_i686_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b" + +[[package]] +name = "windows_i686_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66" + [[package]] name = "windows_i686_msvc" version = "0.36.1" @@ -6268,6 +6253,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "4542c6e364ce21bf45d69fdd2a8e455fa38d316158cfd43b3ac1c5b1b19f8e00" +[[package]] +name = "windows_i686_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66" + [[package]] name = "windows_x86_64_gnu" version = "0.36.1" @@ -6286,6 +6277,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ca2b8a661f7628cbd23440e50b05d705db3686f894fc9580820623656af974b1" +[[package]] +name = "windows_x86_64_gnu" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78" + [[package]] name = "windows_x86_64_gnullvm" version = "0.42.0" @@ -6298,6 +6295,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7896dbc1f41e08872e9d5e8f8baa8fdd2677f29468c4e156210174edc7f7b953" +[[package]] +name = "windows_x86_64_gnullvm" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d" + [[package]] name = "windows_x86_64_msvc" version = "0.36.1" @@ -6316,6 +6319,12 @@ version = "0.48.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1a515f5799fe4961cb532f983ce2b23082366b898e52ffbce459c86f67c8378a" +[[package]] +name = "windows_x86_64_msvc" +version = "0.52.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec" + [[package]] name = "winreg" version = "0.10.1" @@ -6385,11 +6394,21 @@ dependencies = [ "libc", ] +[[patch.unused]] +name = "sgx_alloc" +version = "1.1.6" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" + [[patch.unused]] name = "sgx_crypto_helper" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" +[[patch.unused]] +name = "sgx_rand" +version = "1.1.6" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" + [[patch.unused]] name = "sgx_serialize" version = "1.1.6" @@ -6409,3 +6428,8 @@ source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3 name = "sgx_tcrypto_helper" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" + +[[patch.unused]] +name = "sgx_tstd" +version = "1.1.6" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" diff --git a/Cargo.toml b/Cargo.toml index d78b895b..2d784232 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -7,6 +7,7 @@ members = [ "modules/types", "modules/ocall-handler", "modules/attestation-report", + "modules/remote-attestation", "modules/enclave-api", "modules/ecall-commands", "modules/ocall-commands", diff --git a/Makefile b/Makefile index 3c05d862..0405b080 100644 --- a/Makefile +++ b/Makefile @@ -218,7 +218,7 @@ test: .PHONY: integration-test integration-test: $(Signed_RustEnclave_Name) bin/gaiad - @PATH=${PATH}:$(CURDIR)/bin cargo test $(CARGO_TARGET) --package integration-test $(APP_CARGO_FEATURES) + cargo test $(CARGO_TARGET) --package integration-test $(APP_CARGO_FEATURES) .PHONY: test-nodes test-setup-nodes: bin/gaiad diff --git a/app/Cargo.toml b/app/Cargo.toml index 722b55c8..08548438 100644 --- a/app/Cargo.toml +++ b/app/Cargo.toml @@ -27,6 +27,7 @@ ecall-commands = { path = "../modules/ecall-commands" } crypto = { path = "../modules/crypto" } store = { path = "../modules/store", features = ["rocksdbstore"] } keymanager = { path = "../modules/keymanager" } +remote-attestation = { path = "../modules/remote-attestation" } [build-dependencies] git2 = "0.17" @@ -35,6 +36,5 @@ git2 = "0.17" default = [] sgx-sw = [ "enclave-api/sgx-sw", - "ecall-commands/sgx-sw", "service/sgx-sw" ] diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index c37a9128..85591339 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -5,9 +5,9 @@ use crate::{ use anyhow::{bail, Result}; use clap::Parser; use crypto::Address; -use ecall_commands::IASRemoteAttestationInput; use enclave_api::{Enclave, EnclaveCommandAPI, EnclaveProtoAPI}; use log::info; +use remote_attestation::{ias, ias_simulation, IASMode}; use store::transaction::CommitStore; /// `attestation` subcommand @@ -89,18 +89,23 @@ fn run_ias_remote_attestation, S: CommitStore>( let spid = std::env::var("SPID")?; let ias_key = std::env::var("IAS_KEY")?; let target_enclave_key = Address::from_hex_string(&cmd.enclave_key)?; - match enclave.ias_remote_attestation(IASRemoteAttestationInput { + match ias::run_ias_ra( + &enclave, target_enclave_key, - operator: cmd.get_operator()?, - spid: spid.as_bytes().to_vec(), - ias_key: ias_key.as_bytes().to_vec(), - }) { + cmd.get_operator()?, + IASMode::Development, + spid, + ias_key, + ) { Ok(res) => { - info!("AVR: {:?}", res.report.avr); + info!("AVR: {:?}", res.avr); info!( "report_data: {}", - res.report.get_avr()?.parse_quote()?.report_data() + res.get_avr()?.parse_quote()?.report_data() ); + enclave + .get_key_manager() + .save_avr(target_enclave_key, res)?; Ok(()) } Err(e) => bail!("failed to perform IAS Remote Attestation: {:?}!", e), @@ -227,19 +232,24 @@ fn run_simulate_remote_attestation, S: CommitStore>( } let target_enclave_key = Address::from_hex_string(&cmd.enclave_key)?; - match enclave.simulate_remote_attestation( - ecall_commands::SimulateRemoteAttestationInput { - target_enclave_key, - operator: cmd.get_operator()?, - advisory_ids: cmd.advisory_ids.clone(), - isv_enclave_quote_status: cmd.isv_enclave_quote_status.clone(), - }, + match ias_simulation::run_ias_ra_simulation( + &enclave, + target_enclave_key, + cmd.get_operator()?, + cmd.advisory_ids.clone(), + cmd.isv_enclave_quote_status.clone(), signing_key, signing_cert, ) { Ok(res) => { info!("AVR: {:?}", res.avr); - info!("report_data: {}", res.avr.parse_quote()?.report_data()); + info!( + "report_data: {}", + res.get_avr()?.parse_quote()?.report_data() + ); + enclave + .get_key_manager() + .save_avr(target_enclave_key, res)?; Ok(()) } Err(e) => bail!("failed to simulate Remote Attestation: {:?}!", e), diff --git a/enclave-modules/ecall-handler/Cargo.toml b/enclave-modules/ecall-handler/Cargo.toml index 92dbb962..f1c3de9f 100644 --- a/enclave-modules/ecall-handler/Cargo.toml +++ b/enclave-modules/ecall-handler/Cargo.toml @@ -5,6 +5,7 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } hex = { version = "0.4", default-features = false, features = ["alloc"] } flex-error = { version = "0.4.4", default-features = false } @@ -21,7 +22,6 @@ store = { path = "../../modules/store", default-features = false } [features] sgx-sw = [ - "ecall-commands/sgx-sw", "enclave-remote-attestation/sgx-sw" ] production = [ diff --git a/enclave-modules/ecall-handler/src/enclave_manage/errors.rs b/enclave-modules/ecall-handler/src/enclave_manage/errors.rs index 3aec026a..0871ea14 100644 --- a/enclave-modules/ecall-handler/src/enclave_manage/errors.rs +++ b/enclave-modules/ecall-handler/src/enclave_manage/errors.rs @@ -8,9 +8,10 @@ define_error! { SgxError { status: sgx_status_t, + descr: String } |e| { - format_args!("SGX error: status={:?}", e.status) + format_args!("SGX error: status={:?}, descr={}", e.status, e.descr) }, EnclaveKeyNotFound diff --git a/enclave-modules/ecall-handler/src/enclave_manage/mod.rs b/enclave-modules/ecall-handler/src/enclave_manage/mod.rs index ce65cb36..b9f16a9d 100644 --- a/enclave-modules/ecall-handler/src/enclave_manage/mod.rs +++ b/enclave-modules/ecall-handler/src/enclave_manage/mod.rs @@ -1,7 +1,7 @@ pub use errors::Error; pub use router::dispatch; -mod attestation; mod enclave; mod errors; +mod report; mod router; diff --git a/enclave-modules/ecall-handler/src/enclave_manage/report.rs b/enclave-modules/ecall-handler/src/enclave_manage/report.rs new file mode 100644 index 00000000..ee9d8b26 --- /dev/null +++ b/enclave-modules/ecall-handler/src/enclave_manage/report.rs @@ -0,0 +1,23 @@ +use crate::enclave_manage::Error; +use crate::prelude::*; +use attestation_report::ReportData; +use crypto::{EnclaveKey, SealingKey}; +use ecall_commands::{CommandContext, CreateReportInput, CreateReportResponse}; +use sgx_tse::rsgx_create_report; + +pub fn create_report( + cctx: CommandContext, + input: CreateReportInput, +) -> Result { + let pub_key = + EnclaveKey::unseal(&cctx.sealed_ek.ok_or(Error::enclave_key_not_found())?)?.get_pubkey(); + let report_data = ReportData::new(pub_key.as_address(), input.operator); + + let report = match rsgx_create_report(&input.target_info, &report_data.into()) { + Ok(r) => r, + Err(e) => { + return Err(Error::sgx_error(e, "Report creation => failed".to_string())); + } + }; + Ok(CreateReportResponse { report }) +} diff --git a/enclave-modules/ecall-handler/src/enclave_manage/router.rs b/enclave-modules/ecall-handler/src/enclave_manage/router.rs index de645263..2dc235d3 100644 --- a/enclave-modules/ecall-handler/src/enclave_manage/router.rs +++ b/enclave-modules/ecall-handler/src/enclave_manage/router.rs @@ -1,6 +1,5 @@ -use crate::enclave_manage::{ - attestation::ias_remote_attestation, enclave::generate_enclave_key, Error, -}; +use crate::enclave_manage::report::create_report; +use crate::enclave_manage::{enclave::generate_enclave_key, Error}; use crate::prelude::*; use ecall_commands::{ CommandContext, CommandResponse, EnclaveManageCommand, EnclaveManageResponse, @@ -16,15 +15,9 @@ pub fn dispatch( GenerateEnclaveKey(input) => CommandResponse::EnclaveManage( EnclaveManageResponse::GenerateEnclaveKey(generate_enclave_key(input)?), ), - IASRemoteAttestation(input) => CommandResponse::EnclaveManage( - EnclaveManageResponse::IASRemoteAttestation(ias_remote_attestation(cctx, input)?), - ), - #[cfg(feature = "sgx-sw")] - SimulateRemoteAttestation(input) => { - CommandResponse::EnclaveManage(EnclaveManageResponse::SimulateRemoteAttestation( - crate::enclave_manage::attestation::simulate_remote_attestation(cctx, input)?, - )) - } + CreateReport(input) => CommandResponse::EnclaveManage(EnclaveManageResponse::CreateReport( + create_report(cctx, input)?, + )), }; Ok(res) } diff --git a/enclave-modules/host-api/src/lib.rs b/enclave-modules/host-api/src/lib.rs index b4f5d5fc..4c96cbee 100644 --- a/enclave-modules/host-api/src/lib.rs +++ b/enclave-modules/host-api/src/lib.rs @@ -23,5 +23,4 @@ pub use errors::Error; pub mod api; mod errors; mod ffi; -pub mod remote_attestation; pub mod store; diff --git a/enclave-modules/host-api/src/remote_attestation.rs b/enclave-modules/host-api/src/remote_attestation.rs deleted file mode 100644 index 42470881..00000000 --- a/enclave-modules/host-api/src/remote_attestation.rs +++ /dev/null @@ -1,54 +0,0 @@ -use crate::{api::execute_command, Error}; -use ocall_commands::{ - Command, CommandResult, GetIASSocketResult, GetQuoteInput, GetQuoteResult, - GetReportAttestationStatusInput, GetReportAttestationStatusResult, InitQuoteResult, - RemoteAttestationCommand, RemoteAttestationResult, -}; - -pub fn init_quote() -> Result { - let cmd = Command::RemoteAttestation(RemoteAttestationCommand::InitQuote); - if let CommandResult::RemoteAttestation(RemoteAttestationResult::InitQuote(res)) = - execute_command(cmd)? - { - Ok(res) - } else { - unreachable!() - } -} - -pub fn get_ias_socket() -> Result { - let cmd = Command::RemoteAttestation(RemoteAttestationCommand::GetIASSocket); - if let CommandResult::RemoteAttestation(RemoteAttestationResult::GetIASSocket(res)) = - execute_command(cmd)? - { - Ok(res) - } else { - unreachable!() - } -} - -pub fn get_quote(input: GetQuoteInput) -> Result { - let cmd = Command::RemoteAttestation(RemoteAttestationCommand::GetQuote(input)); - if let CommandResult::RemoteAttestation(RemoteAttestationResult::GetQuote(res)) = - execute_command(cmd)? - { - Ok(res) - } else { - unreachable!() - } -} - -pub fn get_report_attestation_status( - input: GetReportAttestationStatusInput, -) -> Result { - let cmd = - Command::RemoteAttestation(RemoteAttestationCommand::GetReportAttestationStatus(input)); - if let CommandResult::RemoteAttestation(RemoteAttestationResult::GetReportAttestationStatus( - res, - )) = execute_command(cmd)? - { - Ok(res) - } else { - unreachable!() - } -} diff --git a/enclave-modules/remote-attestation/Cargo.toml b/enclave-modules/remote-attestation/Cargo.toml index f7f38a06..c05c4b40 100644 --- a/enclave-modules/remote-attestation/Cargo.toml +++ b/enclave-modules/remote-attestation/Cargo.toml @@ -5,7 +5,6 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["net"] } sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_tcrypto = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } @@ -16,10 +15,6 @@ httparse = { version = "1.3", default-features = false } chrono = { version = "0.4", default-features = false, features = ["alloc"]} flex-error = { version = "0.4.4", default-features = false } -webpki = { git = "https://github.com/mesalock-linux/webpki", branch = "mesalock_sgx" } -webpki-roots = { git = "https://github.com/mesalock-linux/webpki-roots", rev = "6ff3be547ac13ccd46ae55605ad6506ce30688ef" } -rustls = { git = "https://github.com/mesalock-linux/rustls", branch = "mesalock_sgx" } - host-api = { path = "../host-api" } lcp-types = { path = "../../modules/types", default-features = false } @@ -30,5 +25,5 @@ ocall-commands = { path = "../../modules/ocall-commands", default-features = fal [features] production = [] sgx-sw = [ - "sgx_tstd/untrusted_time" + # "sgx_tstd/untrusted_time" ] diff --git a/enclave-modules/remote-attestation/src/attestation.rs b/enclave-modules/remote-attestation/src/attestation.rs index e745bc04..c3892fb4 100644 --- a/enclave-modules/remote-attestation/src/attestation.rs +++ b/enclave-modules/remote-attestation/src/attestation.rs @@ -150,230 +150,230 @@ pub fn create_attestation_report( }) } -pub fn get_sigrl_from_intel(fd: c_int, gid: u32, ias_key: &[u8]) -> Vec { - trace!("get_sigrl_from_intel fd = {:?}", fd); - let config = make_ias_client_config(); - let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); - - let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", - SIGRL_SUFFIX, - gid, - IAS_HOSTNAME, - ias_key); - - trace!("get_sigrl_from_intel: {}", req); - - let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); - let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); - let mut sock = TcpStream::new(fd).unwrap(); - let mut tls = rustls::Stream::new(&mut sess, &mut sock); - - let _result = tls.write(req.as_bytes()); - let mut plaintext = Vec::new(); - - info!("write complete"); - - match tls.read_to_end(&mut plaintext) { - Ok(_) => (), - Err(e) => { - warn!("get_sigrl_from_intel tls.read_to_end: {:?}", e); - panic!("Communication error with IAS"); - } - } - info!("read_to_end complete"); - let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - - trace!("{}", resp_string); - - // resp_string - - parse_response_sigrl(&plaintext) -} - -// TODO: support pse -pub fn get_report_from_intel( - fd: c_int, - quote: Vec, - ias_key: &[u8], -) -> (String, Vec, Vec) { - trace!("get_report_from_intel fd = {:?}", fd); - let config = make_ias_client_config(); - let encoded_quote = base64::encode("e[..]); - let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); - let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); - - let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key:{}\r\nContent-Length:{}\r\nContent-Type: application/json\r\nConnection: close\r\n\r\n{}", - REPORT_SUFFIX, - IAS_HOSTNAME, - ias_key, - encoded_json.len(), - encoded_json); - - trace!("{}", req); - let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); - let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); - let mut sock = TcpStream::new(fd).unwrap(); - let mut tls = rustls::Stream::new(&mut sess, &mut sock); - - let _result = tls.write(req.as_bytes()); - let mut plaintext = Vec::new(); - - info!("write complete"); - - tls.read_to_end(&mut plaintext).unwrap(); - info!("read_to_end complete"); - let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - - trace!("resp_string = {}", resp_string); - - let (attn_report, sig, cert) = parse_response_attn_report(&plaintext); - - (attn_report, sig, cert) -} - -fn parse_response_attn_report(resp: &[u8]) -> (String, Vec, Vec) { - trace!("parse_response_attn_report"); - let mut headers = [httparse::EMPTY_HEADER; 16]; - let mut respp = httparse::Response::new(&mut headers); - let result = respp.parse(resp); - trace!("parse result {:?}", result); - - let msg: &'static str; - - match respp.code { - Some(200) => msg = "OK Operation Successful", - Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", - Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => msg = "Internal error occurred", - Some(503) => { - msg = "Service is currently not able to process the request (due to - a temporary overloading or maintenance). This is a - temporary state – the same request can be repeated after - some time. " - } - _ => { - warn!("DBG:{}", respp.code.unwrap()); - msg = "Unknown error occured" - } - } - - info!("{}", msg); - let mut len_num: u32 = 0; - - let mut sig = String::new(); - let mut cert = String::new(); - let mut attn_report = String::new(); - - for i in 0..respp.headers.len() { - let h = respp.headers[i]; - match h.name { - "Content-Length" => { - let len_str = String::from_utf8(h.value.to_vec()).unwrap(); - len_num = len_str.parse::().unwrap(); - trace!("content length = {}", len_num); - } - "X-IASReport-Signature" => sig = str::from_utf8(h.value).unwrap().to_string(), - "X-IASReport-Signing-Certificate" => { - cert = str::from_utf8(h.value).unwrap().to_string() - } - _ => (), - } - } - - // Remove %0A from cert, and only obtain the signing cert - cert = cert.replace("%0A", ""); - cert = percent_decode(cert); - - let v: Vec<&str> = cert.split("-----").collect(); - let sig_cert = v[2].to_string(); - - if len_num != 0 { - let header_len = result.unwrap().unwrap(); - let resp_body = &resp[header_len..]; - attn_report = str::from_utf8(resp_body).unwrap().to_string(); - info!("Attestation report: {}", attn_report); - } - - let sig_bytes = base64::decode(&sig).unwrap(); - let sig_cert_bytes = base64::decode(&sig_cert).unwrap(); - // len_num == 0 - (attn_report, sig_bytes, sig_cert_bytes) -} - -fn parse_response_sigrl(resp: &[u8]) -> Vec { - trace!("parse_response_sigrl"); - let mut headers = [httparse::EMPTY_HEADER; 16]; - let mut respp = httparse::Response::new(&mut headers); - let result = respp.parse(resp); - trace!("parse result {:?}", result); - trace!("parse response{:?}", respp); - - let msg: &'static str; - - match respp.code { - Some(200) => msg = "OK Operation Successful", - Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", - Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => msg = "Internal error occurred", - Some(503) => { - msg = "Service is currently not able to process the request (due to - a temporary overloading or maintenance). This is a - temporary state – the same request can be repeated after - some time. " - } - _ => msg = "Unknown error occured", - } - - info!("{}", msg); - let mut len_num: u32 = 0; - - for i in 0..respp.headers.len() { - let h = respp.headers[i]; - if h.name == "content-length" { - let len_str = String::from_utf8(h.value.to_vec()).unwrap(); - len_num = len_str.parse::().unwrap(); - trace!("content length = {}", len_num); - } - } - - if len_num != 0 { - let header_len = result.unwrap().unwrap(); - let resp_body = &resp[header_len..]; - trace!("Base64-encoded SigRL: {:?}", resp_body); - - return base64::decode(str::from_utf8(resp_body).unwrap()).unwrap(); - } - - // len_num == 0 - Vec::new() -} - -pub fn make_ias_client_config() -> rustls::ClientConfig { - let mut config = rustls::ClientConfig::new(); - - config - .root_store - .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); - - config -} - -pub(crate) fn as_u32_le(array: &[u8; 4]) -> u32 { - ((array[0] as u32) << 0) - + ((array[1] as u32) << 8) - + ((array[2] as u32) << 16) - + ((array[3] as u32) << 24) -} - -fn percent_decode(orig: String) -> String { - let v: Vec<&str> = orig.split("%").collect(); - let mut ret = String::new(); - ret.push_str(v[0]); - if v.len() > 1 { - for s in v[1..].iter() { - ret.push(u8::from_str_radix(&s[0..2], 16).unwrap() as char); - ret.push_str(&s[2..]); - } - } - ret -} +// pub fn get_sigrl_from_intel(fd: c_int, gid: u32, ias_key: &[u8]) -> Vec { +// trace!("get_sigrl_from_intel fd = {:?}", fd); +// let config = make_ias_client_config(); +// let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); + +// let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", +// SIGRL_SUFFIX, +// gid, +// IAS_HOSTNAME, +// ias_key); + +// trace!("get_sigrl_from_intel: {}", req); + +// let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); +// let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); +// let mut sock = TcpStream::new(fd).unwrap(); +// let mut tls = rustls::Stream::new(&mut sess, &mut sock); + +// let _result = tls.write(req.as_bytes()); +// let mut plaintext = Vec::new(); + +// info!("write complete"); + +// match tls.read_to_end(&mut plaintext) { +// Ok(_) => (), +// Err(e) => { +// warn!("get_sigrl_from_intel tls.read_to_end: {:?}", e); +// panic!("Communication error with IAS"); +// } +// } +// info!("read_to_end complete"); +// let resp_string = String::from_utf8(plaintext.clone()).unwrap(); + +// trace!("{}", resp_string); + +// // resp_string + +// parse_response_sigrl(&plaintext) +// } + +// // TODO: support pse +// pub fn get_report_from_intel( +// fd: c_int, +// quote: Vec, +// ias_key: &[u8], +// ) -> (String, Vec, Vec) { +// trace!("get_report_from_intel fd = {:?}", fd); +// let config = make_ias_client_config(); +// let encoded_quote = base64::encode("e[..]); +// let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); +// let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); + +// let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key:{}\r\nContent-Length:{}\r\nContent-Type: application/json\r\nConnection: close\r\n\r\n{}", +// REPORT_SUFFIX, +// IAS_HOSTNAME, +// ias_key, +// encoded_json.len(), +// encoded_json); + +// trace!("{}", req); +// let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); +// let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); +// let mut sock = TcpStream::new(fd).unwrap(); +// let mut tls = rustls::Stream::new(&mut sess, &mut sock); + +// let _result = tls.write(req.as_bytes()); +// let mut plaintext = Vec::new(); + +// info!("write complete"); + +// tls.read_to_end(&mut plaintext).unwrap(); +// info!("read_to_end complete"); +// let resp_string = String::from_utf8(plaintext.clone()).unwrap(); + +// trace!("resp_string = {}", resp_string); + +// let (attn_report, sig, cert) = parse_response_attn_report(&plaintext); + +// (attn_report, sig, cert) +// } + +// fn parse_response_attn_report(resp: &[u8]) -> (String, Vec, Vec) { +// trace!("parse_response_attn_report"); +// let mut headers = [httparse::EMPTY_HEADER; 16]; +// let mut respp = httparse::Response::new(&mut headers); +// let result = respp.parse(resp); +// trace!("parse result {:?}", result); + +// let msg: &'static str; + +// match respp.code { +// Some(200) => msg = "OK Operation Successful", +// Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", +// Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", +// Some(500) => msg = "Internal error occurred", +// Some(503) => { +// msg = "Service is currently not able to process the request (due to +// a temporary overloading or maintenance). This is a +// temporary state – the same request can be repeated after +// some time. " +// } +// _ => { +// warn!("DBG:{}", respp.code.unwrap()); +// msg = "Unknown error occured" +// } +// } + +// info!("{}", msg); +// let mut len_num: u32 = 0; + +// let mut sig = String::new(); +// let mut cert = String::new(); +// let mut attn_report = String::new(); + +// for i in 0..respp.headers.len() { +// let h = respp.headers[i]; +// match h.name { +// "Content-Length" => { +// let len_str = String::from_utf8(h.value.to_vec()).unwrap(); +// len_num = len_str.parse::().unwrap(); +// trace!("content length = {}", len_num); +// } +// "X-IASReport-Signature" => sig = str::from_utf8(h.value).unwrap().to_string(), +// "X-IASReport-Signing-Certificate" => { +// cert = str::from_utf8(h.value).unwrap().to_string() +// } +// _ => (), +// } +// } + +// // Remove %0A from cert, and only obtain the signing cert +// cert = cert.replace("%0A", ""); +// cert = percent_decode(cert); + +// let v: Vec<&str> = cert.split("-----").collect(); +// let sig_cert = v[2].to_string(); + +// if len_num != 0 { +// let header_len = result.unwrap().unwrap(); +// let resp_body = &resp[header_len..]; +// attn_report = str::from_utf8(resp_body).unwrap().to_string(); +// info!("Attestation report: {}", attn_report); +// } + +// let sig_bytes = base64::decode(&sig).unwrap(); +// let sig_cert_bytes = base64::decode(&sig_cert).unwrap(); +// // len_num == 0 +// (attn_report, sig_bytes, sig_cert_bytes) +// } + +// fn parse_response_sigrl(resp: &[u8]) -> Vec { +// trace!("parse_response_sigrl"); +// let mut headers = [httparse::EMPTY_HEADER; 16]; +// let mut respp = httparse::Response::new(&mut headers); +// let result = respp.parse(resp); +// trace!("parse result {:?}", result); +// trace!("parse response{:?}", respp); + +// let msg: &'static str; + +// match respp.code { +// Some(200) => msg = "OK Operation Successful", +// Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", +// Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", +// Some(500) => msg = "Internal error occurred", +// Some(503) => { +// msg = "Service is currently not able to process the request (due to +// a temporary overloading or maintenance). This is a +// temporary state – the same request can be repeated after +// some time. " +// } +// _ => msg = "Unknown error occured", +// } + +// info!("{}", msg); +// let mut len_num: u32 = 0; + +// for i in 0..respp.headers.len() { +// let h = respp.headers[i]; +// if h.name == "content-length" { +// let len_str = String::from_utf8(h.value.to_vec()).unwrap(); +// len_num = len_str.parse::().unwrap(); +// trace!("content length = {}", len_num); +// } +// } + +// if len_num != 0 { +// let header_len = result.unwrap().unwrap(); +// let resp_body = &resp[header_len..]; +// trace!("Base64-encoded SigRL: {:?}", resp_body); + +// return base64::decode(str::from_utf8(resp_body).unwrap()).unwrap(); +// } + +// // len_num == 0 +// Vec::new() +// } + +// pub fn make_ias_client_config() -> rustls::ClientConfig { +// let mut config = rustls::ClientConfig::new(); + +// config +// .root_store +// .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + +// config +// } + +// pub(crate) fn as_u32_le(array: &[u8; 4]) -> u32 { +// ((array[0] as u32) << 0) +// + ((array[1] as u32) << 8) +// + ((array[2] as u32) << 16) +// + ((array[3] as u32) << 24) +// } + +// fn percent_decode(orig: String) -> String { +// let v: Vec<&str> = orig.split("%").collect(); +// let mut ret = String::new(); +// ret.push_str(v[0]); +// if v.len() > 1 { +// for s in v[1..].iter() { +// ret.push(u8::from_str_radix(&s[0..2], 16).unwrap() as char); +// ret.push_str(&s[2..]); +// } +// } +// ret +// } diff --git a/enclave-modules/remote-attestation/src/lib.rs b/enclave-modules/remote-attestation/src/lib.rs index d8df913e..f165aa7a 100644 --- a/enclave-modules/remote-attestation/src/lib.rs +++ b/enclave-modules/remote-attestation/src/lib.rs @@ -21,21 +21,5 @@ mod prelude { pub use errors::Error; -pub mod attestation; mod errors; pub mod report; - -#[cfg(feature = "sgx-sw")] -pub mod simulate; - -pub const IAS_HOSTNAME: &str = "api.trustedservices.intel.com"; - -#[cfg(feature = "production")] -pub const SIGRL_SUFFIX: &str = "/sgx/attestation/v4/sigrl/"; -#[cfg(not(feature = "production"))] -pub const SIGRL_SUFFIX: &str = "/sgx/dev/attestation/v4/sigrl/"; - -#[cfg(feature = "production")] -pub const REPORT_SUFFIX: &str = "/sgx/attestation/v4/report"; -#[cfg(not(feature = "production"))] -pub const REPORT_SUFFIX: &str = "/sgx/dev/attestation/v4/report"; diff --git a/enclave-modules/remote-attestation/src/report.rs b/enclave-modules/remote-attestation/src/report.rs index 9b493679..bce0fbd3 100644 --- a/enclave-modules/remote-attestation/src/report.rs +++ b/enclave-modules/remote-attestation/src/report.rs @@ -1,84 +1,84 @@ -use crate::errors::Error; -use crate::prelude::*; -use attestation_report::{AttestationVerificationReport, Quote}; -use core::time::Duration; -use host_api::remote_attestation::get_report_attestation_status; -use lcp_types::Time; -use log::*; -use ocall_commands::{GetReportAttestationStatusInput, GetReportAttestationStatusResult}; -use sgx_types::{sgx_platform_info_t, sgx_status_t}; +// use crate::errors::Error; +// use crate::prelude::*; +// use attestation_report::{AttestationVerificationReport, Quote}; +// use core::time::Duration; +// use host_api::remote_attestation::get_report_attestation_status; +// use lcp_types::Time; +// use log::*; +// use ocall_commands::{GetReportAttestationStatusInput, GetReportAttestationStatusResult}; +// use sgx_types::{sgx_platform_info_t, sgx_status_t}; -pub fn validate_quote_status( - current_timestamp: Time, - avr: &AttestationVerificationReport, -) -> Result { - // 1. Verify quote body - let quote = avr.parse_quote().map_err(Error::attestation_report)?; +// pub fn validate_quote_status( +// current_timestamp: Time, +// avr: &AttestationVerificationReport, +// ) -> Result { +// // 1. Verify quote body +// let quote = avr.parse_quote().map_err(Error::attestation_report)?; - // 2. Check quote's timestamp is within 24H - info!( - "Time: current_timestamp={:?} quote_timestamp={:?}", - current_timestamp, quote.attestation_time - ); +// // 2. Check quote's timestamp is within 24H +// info!( +// "Time: current_timestamp={:?} quote_timestamp={:?}", +// current_timestamp, quote.attestation_time +// ); - if current_timestamp - >= (quote.attestation_time + Duration::from_secs(60 * 60 * 24)).map_err(Error::time)? - { - return Err(Error::too_old_report_timestamp( - current_timestamp, - quote.attestation_time, - )); - } +// if current_timestamp +// >= (quote.attestation_time + Duration::from_secs(60 * 60 * 24)).map_err(Error::time)? +// { +// return Err(Error::too_old_report_timestamp( +// current_timestamp, +// quote.attestation_time, +// )); +// } - // 3. Verify quote status (mandatory field) - match quote.status.as_ref() { - "OK" => (), - "GROUP_OUT_OF_DATE" - | "GROUP_REVOKED" - | "SW_HARDENING_NEEDED" - | "CONFIGURATION_NEEDED" - | "CONFIGURATION_AND_SW_HARDENING_NEEDED" => { - // Verify platformInfoBlob for further info if status not OK - // https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf - // This field is optional, it will only be present if one the following conditions is met: - // - isvEnclaveQuoteStatus is equal to GROUP_REVOKED, GROUP_OUT_OF_DATE, CONFIGURATION_NEEDED or CONFIGURATION_AND_SW_HARDENING_NEEDED. - // - pseManifestStatus is equal to one of the following values: OUT_OF_DATE, REVOKED or RL_VERSION_MISMATCH. - if let Some(pib) = avr.platform_info_blob.as_ref() { - let mut buf = Vec::new(); +// // 3. Verify quote status (mandatory field) +// match quote.status.as_ref() { +// "OK" => (), +// "GROUP_OUT_OF_DATE" +// | "GROUP_REVOKED" +// | "SW_HARDENING_NEEDED" +// | "CONFIGURATION_NEEDED" +// | "CONFIGURATION_AND_SW_HARDENING_NEEDED" => { +// // Verify platformInfoBlob for further info if status not OK +// // https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf +// // This field is optional, it will only be present if one the following conditions is met: +// // - isvEnclaveQuoteStatus is equal to GROUP_REVOKED, GROUP_OUT_OF_DATE, CONFIGURATION_NEEDED or CONFIGURATION_AND_SW_HARDENING_NEEDED. +// // - pseManifestStatus is equal to one of the following values: OUT_OF_DATE, REVOKED or RL_VERSION_MISMATCH. +// if let Some(pib) = avr.platform_info_blob.as_ref() { +// let mut buf = Vec::new(); - // the TLV Header (4 bytes/8 hexes) should be skipped - let n = (pib.len() - 8) / 2; - for i in 0..n { - buf.push(u8::from_str_radix(&pib[(i * 2 + 8)..(i * 2 + 10)], 16).unwrap()); - } - let mut platform_info = sgx_platform_info_t::default(); - platform_info.platform_info.copy_from_slice(buf.as_slice()); +// // the TLV Header (4 bytes/8 hexes) should be skipped +// let n = (pib.len() - 8) / 2; +// for i in 0..n { +// buf.push(u8::from_str_radix(&pib[(i * 2 + 8)..(i * 2 + 10)], 16).unwrap()); +// } +// let mut platform_info = sgx_platform_info_t::default(); +// platform_info.platform_info.copy_from_slice(buf.as_slice()); - let GetReportAttestationStatusResult { ret, update_info } = - get_report_attestation_status(GetReportAttestationStatusInput { - platform_blob: platform_info, - enclave_trusted: 1, - }) - .map_err(Error::host_api)?; +// let GetReportAttestationStatusResult { ret, update_info } = +// get_report_attestation_status(GetReportAttestationStatusInput { +// platform_blob: platform_info, +// enclave_trusted: 1, +// }) +// .map_err(Error::host_api)?; - if ret != sgx_status_t::SGX_SUCCESS { - // Borrow of packed field is unsafe in future Rust releases - info!("update_info.pswUpdate: {}", update_info.pswUpdate as i32); - info!( - "update_info.csmeFwUpdate: {}", - update_info.csmeFwUpdate as i32 - ); - info!( - "update_info.ucodeUpdate: {}", - update_info.ucodeUpdate as i32 - ); - } - } else { - info!("attestation report doesn't contain platformInfoBlob"); - } - } - _ => unreachable!("isv_enclave_quote_status must not be empty"), - } +// if ret != sgx_status_t::SGX_SUCCESS { +// // Borrow of packed field is unsafe in future Rust releases +// info!("update_info.pswUpdate: {}", update_info.pswUpdate as i32); +// info!( +// "update_info.csmeFwUpdate: {}", +// update_info.csmeFwUpdate as i32 +// ); +// info!( +// "update_info.ucodeUpdate: {}", +// update_info.ucodeUpdate as i32 +// ); +// } +// } else { +// info!("attestation report doesn't contain platformInfoBlob"); +// } +// } +// _ => unreachable!("isv_enclave_quote_status must not be empty"), +// } - Ok(quote) -} +// Ok(quote) +// } diff --git a/enclave-modules/runtime/Cargo.toml b/enclave-modules/runtime/Cargo.toml index 05008216..584af153 100644 --- a/enclave-modules/runtime/Cargo.toml +++ b/enclave-modules/runtime/Cargo.toml @@ -19,8 +19,7 @@ ecall-commands = { path = "../../modules/ecall-commands", default-features = fal [features] sgx-sw = [ - "ecall-handler/sgx-sw", - "ecall-commands/sgx-sw" + "ecall-handler/sgx-sw" ] production = [ "ecall-handler/production" diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index d65df866..54e264a9 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -4,9 +4,9 @@ version = 3 [[package]] name = "ahash" -version = "0.8.6" +version = "0.8.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "91429305e9f0a25f6205c5b8e0d2db09e0708a7a6df0f42212bb56c32c8ac97a" +checksum = "e89da841a80418a9b391ebaea17f5c112ffaaa96f621d2c285b5174da76b9011" dependencies = [ "cfg-if", "once_cell", @@ -94,23 +94,10 @@ dependencies = [ "hex", "lcp-types", "pem", - "rustls", "serde", "serde_json", "sgx_types", "tendermint", - "webpki", -] - -[[package]] -name = "atty" -version = "0.2.14" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d9b39be18770d11421cdb1b9947a45dd3f37e93092cbf377614828a319d5fee8" -dependencies = [ - "hermit-abi", - "libc", - "winapi", ] [[package]] @@ -119,14 +106,6 @@ version = "1.1.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa" -[[package]] -name = "base64" -version = "0.13.0" -source = "git+https://github.com/mesalock-linux/rust-base64-sgx#dc7389e10817b078f289386b3b6a852ab6c4c021" -dependencies = [ - "sgx_tstd", -] - [[package]] name = "base64" version = "0.13.1" @@ -243,12 +222,6 @@ dependencies = [ "serde", ] -[[package]] -name = "cc" -version = "1.0.76" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "76a284da2e6fe2092f2353e51713435363112dfd60030e22add80be333fb928f" - [[package]] name = "cfg-if" version = "1.0.0" @@ -333,7 +306,6 @@ dependencies = [ "libsecp256k1", "serde", "serde-big-array", - "sgx_rand", "sgx_trts", "sgx_tseal", "sgx_types", @@ -473,6 +445,8 @@ dependencies = [ "flex-error", "lcp-types", "serde", + "serde_with", + "sgx_types", "store", ] @@ -490,6 +464,7 @@ dependencies = [ "hex", "lcp-types", "light-client", + "sgx_tse", "sgx_types", "store", ] @@ -512,7 +487,7 @@ dependencies = [ "curve25519-dalek-ng", "hex", "rand_core", - "sha2 0.9.8", + "sha2 0.9.9", "zeroize", ] @@ -527,8 +502,7 @@ name = "enclave" version = "0.1.0" dependencies = [ "enclave-runtime", - "log 0.4.17", - "simple_logger", + "log", "tendermint-lc", ] @@ -554,15 +528,11 @@ dependencies = [ "httparse", "itertools 0.8.2", "lcp-types", - "log 0.4.17", + "log", "ocall-commands", - "rustls", "sgx_tcrypto", "sgx_tse", - "sgx_tstd", "sgx_types", - "webpki", - "webpki-roots", ] [[package]] @@ -575,9 +545,10 @@ dependencies = [ "enclave-environment", "enclave-utils", "flex-error", - "log 0.4.17", + "log", "once_cell", - "sgx_tstd", + "sgx_no_tstd", + "sgx_trts", "sgx_types", ] @@ -585,7 +556,7 @@ dependencies = [ name = "enclave-utils" version = "0.1.0" dependencies = [ - "log 0.4.17", + "log", "sgx_trts", "sgx_types", ] @@ -721,26 +692,12 @@ version = "0.14.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "290f1a1d9242c78d09ce40a5e87e7554ee637af1351968159f4952f028f75604" -[[package]] -name = "hashbrown_tstd" -version = "0.12.0" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - [[package]] name = "heck" version = "0.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "95505c38b4572b2d910cecb0281560f54b440a19336cbbcb27bf6ce6adc6f5a8" -[[package]] -name = "hermit-abi" -version = "0.1.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "62b467343b94ba476dcb2500d242dadbb39557df889310ac77c5d99100aaac33" -dependencies = [ - "libc", -] - [[package]] name = "hex" version = "0.4.3" @@ -984,7 +941,7 @@ dependencies = [ "libsecp256k1-gen-genmult", "rand", "serde", - "sha2 0.9.8", + "sha2 0.9.9", "typenum", ] @@ -1031,15 +988,6 @@ dependencies = [ "store", ] -[[package]] -name = "log" -version = "0.4.14" -source = "git+https://github.com/mesalock-linux/log-sgx#2ca9039a9ebba0ed90ed2ad57425917d4b3a2a24" -dependencies = [ - "cfg-if", - "sgx_tstd", -] - [[package]] name = "log" version = "0.4.17" @@ -1097,9 +1045,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.16.0" +version = "1.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "86f0b0d4bf799edbc74508c1e8bf170ff5f41238e5f8225603ca7caaae2b7860" +checksum = "3fdb12b2476b595f9358c5161aa467c2438859caa136dec86c26fdd2efe17b92" [[package]] name = "opaque-debug" @@ -1317,17 +1265,6 @@ dependencies = [ "rand_core", ] -[[package]] -name = "ring" -version = "0.16.19" -source = "git+https://github.com/mesalock-linux/ring-sgx?tag=v0.16.5#844efe271ed78a399d803b2579f5f2424d543c9f" -dependencies = [ - "cc", - "sgx_tstd", - "spin", - "untrusted", -] - [[package]] name = "ripemd" version = "0.1.3" @@ -1366,19 +1303,6 @@ dependencies = [ "semver", ] -[[package]] -name = "rustls" -version = "0.19.0" -source = "git+https://github.com/mesalock-linux/rustls?branch=mesalock_sgx#95b5e79dc24b02f3ce424437eb9698509d0baf58" -dependencies = [ - "base64 0.13.0", - "log 0.4.14", - "ring", - "sct", - "sgx_tstd", - "webpki", -] - [[package]] name = "ryu" version = "1.0.11" @@ -1456,16 +1380,6 @@ dependencies = [ "syn 1.0.103", ] -[[package]] -name = "sct" -version = "0.6.0" -source = "git+https://github.com/mesalock-linux/sct.rs?branch=mesalock_sgx#c4d859cca232e6c9d88ca12048df3bc26e1ed4ad" -dependencies = [ - "ring", - "sgx_tstd", - "untrusted", -] - [[package]] name = "semver" version = "1.0.21" @@ -1564,26 +1478,11 @@ name = "sgx_alloc" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -[[package]] -name = "sgx_backtrace_sys" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "cc", - "sgx_build_helper", - "sgx_libc", -] - [[package]] name = "sgx_build_helper" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -[[package]] -name = "sgx_demangle" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - [[package]] name = "sgx_libc" version = "1.1.6" @@ -1593,13 +1492,12 @@ dependencies = [ ] [[package]] -name = "sgx_rand" +name = "sgx_no_tstd" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" dependencies = [ - "sgx_trts", - "sgx_tstd", - "sgx_types", + "sgx_alloc", + "sgx_build_helper", ] [[package]] @@ -1610,15 +1508,6 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_tprotected_fs" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_trts", - "sgx_types", -] - [[package]] name = "sgx_trts" version = "1.1.6" @@ -1647,39 +1536,15 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_tstd" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "hashbrown_tstd", - "sgx_alloc", - "sgx_backtrace_sys", - "sgx_demangle", - "sgx_libc", - "sgx_tprotected_fs", - "sgx_trts", - "sgx_types", - "sgx_unwind", -] - [[package]] name = "sgx_types" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -[[package]] -name = "sgx_unwind" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_build_helper", -] - [[package]] name = "sha2" -version = "0.9.8" -source = "git+https://github.com/bluele/hashes?branch=0.9.8-sha256-hwa-disabled#e2eca6bba23623a3534636c127cc3b448a0237e1" +version = "0.9.9" +source = "git+https://github.com/bluele/hashes?branch=0.9.9-sha256-hwa-disabled#2119233e1f4a24e1bd3d815055d452951c5881ac" dependencies = [ "block-buffer 0.9.0", "cfg-if", @@ -1714,24 +1579,6 @@ version = "1.6.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "74233d3b3b2f6d4b006dc19dee745e73e2a6bfb6f93607cd3b02bd5b00797d7c" -[[package]] -name = "simple_logger" -version = "2.3.0" -source = "git+https://github.com/bluele/rust-simple_logger?branch=sgx#9cf5a3234be461e294fa5f5bc8d999c43e7a0211" -dependencies = [ - "atty", - "log 0.4.17", - "once_cell", - "sgx_tstd", - "winapi", -] - -[[package]] -name = "spin" -version = "0.5.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d" - [[package]] name = "static_assertions" version = "1.1.0" @@ -1743,7 +1590,7 @@ name = "store" version = "0.1.0" dependencies = [ "flex-error", - "log 0.4.17", + "log", "serde", ] @@ -1822,9 +1669,9 @@ dependencies = [ [[package]] name = "tendermint" -version = "0.29.0" +version = "0.29.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0bb661ab5325af3741b7c37e81ce4bddbf9fdd4e2fb602357843becc8f235041" +checksum = "cda53c85447577769cdfc94c10a56f34afef2c00e4108badb57fce6b1a0c75eb" dependencies = [ "bytes", "digest 0.10.5", @@ -1858,16 +1705,16 @@ dependencies = [ "ibc", "lcp-proto", "light-client", - "log 0.4.17", + "log", "serde", "tendermint-light-client-verifier", ] [[package]] name = "tendermint-light-client-verifier" -version = "0.29.0" +version = "0.29.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d4f6b770b0ca7b68fcf29aef2100c2462444d3ced71fc68f6545cab66930cd6f" +checksum = "11c3dc3c75f7a5708ac0bf98374b2b1a2cf17b3a45ddfd5faab3c111aff7fc0e" dependencies = [ "derive_more", "flex-error", @@ -1878,9 +1725,9 @@ dependencies = [ [[package]] name = "tendermint-proto" -version = "0.29.0" +version = "0.29.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8c2e8dc89de3ab71cf63adcc71eb76200fae5a9ba7afd659fee54e0810beac8f" +checksum = "c943f78c929cdf14553842f705f2c30324bc35b9179caaa5c9b80620f60652e6" dependencies = [ "bytes", "flex-error", @@ -2017,12 +1864,6 @@ version = "0.2.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c" -[[package]] -name = "untrusted" -version = "0.7.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a156c684c91ea7d62626509bce3cb4e1d9ed5c4d978f7b4352658f96a4c26b4a" - [[package]] name = "valuable" version = "0.1.0" @@ -2035,47 +1876,6 @@ version = "0.9.4" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f" -[[package]] -name = "webpki" -version = "0.21.4" -source = "git+https://github.com/mesalock-linux/webpki?branch=mesalock_sgx#8dbe6fbeefadf05582ae47c7fa818b04db49c61e" -dependencies = [ - "ring", - "sgx_tstd", - "untrusted", -] - -[[package]] -name = "webpki-roots" -version = "0.21.0" -source = "git+https://github.com/mesalock-linux/webpki-roots?rev=6ff3be547ac13ccd46ae55605ad6506ce30688ef#6ff3be547ac13ccd46ae55605ad6506ce30688ef" -dependencies = [ - "sgx_tstd", - "webpki", -] - -[[package]] -name = "winapi" -version = "0.3.9" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419" -dependencies = [ - "winapi-i686-pc-windows-gnu", - "winapi-x86_64-pc-windows-gnu", -] - -[[package]] -name = "winapi-i686-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" - -[[package]] -name = "winapi-x86_64-pc-windows-gnu" -version = "0.4.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" - [[package]] name = "zerocopy" version = "0.7.32" @@ -2122,6 +1922,11 @@ name = "sgx_crypto_helper" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" +[[patch.unused]] +name = "sgx_rand" +version = "1.1.6" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" + [[patch.unused]] name = "sgx_serialize" version = "1.1.6" @@ -2142,6 +1947,11 @@ name = "sgx_tcrypto_helper" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" +[[patch.unused]] +name = "sgx_tstd" +version = "1.1.6" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" + [[patch.unused]] name = "sgx_urts" version = "1.1.6" diff --git a/enclave/Cargo.toml b/enclave/Cargo.toml index 1dd1609f..36c0ddea 100644 --- a/enclave/Cargo.toml +++ b/enclave/Cargo.toml @@ -20,11 +20,12 @@ sgx-sw = [ [dependencies] log = { version = "0.4.8", default-features = false } enclave-runtime = { path = "../enclave-modules/runtime" } -simple_logger = { git = "https://github.com/bluele/rust-simple_logger", branch = "sgx", default-features = false, features = ["sgx"] } +# simple_logger = { git = "https://github.com/bluele/rust-simple_logger", branch = "sgx", default-features = false, features = ["sgx"] } tendermint-lc = { path = "../modules/tendermint-lc", default-features = false } [patch."https://github.com/apache/teaclave-sgx-sdk.git"] sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +sgx_no_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_urts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_alloc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } @@ -43,7 +44,7 @@ sgx_tseal = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclav [patch."crates-io"] # TODO these patches would be better as optional sha2-0106 = { git = "https://github.com/bluele/hashes", branch = "0.10.6-sha256-hwa-disabled", package = "sha2" } -sha2-098 = { git = "https://github.com/bluele/hashes", branch = "0.9.8-sha256-hwa-disabled", package = "sha2" } +sha2-099 = { git = "https://github.com/bluele/hashes", branch = "0.9.9-sha256-hwa-disabled", package = "sha2" } [profile.release] opt-level = 3 diff --git a/enclave/src/lib.rs b/enclave/src/lib.rs index ed7616b5..6692b87e 100644 --- a/enclave/src/lib.rs +++ b/enclave/src/lib.rs @@ -3,10 +3,10 @@ extern crate alloc; use enclave_runtime::{setup_runtime, Environment, MapLightClientRegistry}; setup_runtime!({ - simple_logger::SimpleLogger::new() - .with_level(log::LevelFilter::Info) - .init() - .unwrap(); + // simple_logger::SimpleLogger::new() + // .with_level(log::LevelFilter::Info) + // .init() + // .unwrap(); Environment::new(build_lc_registry()) }); diff --git a/modules/attestation-report/Cargo.toml b/modules/attestation-report/Cargo.toml index 8d74c6b4..94781714 100644 --- a/modules/attestation-report/Cargo.toml +++ b/modules/attestation-report/Cargo.toml @@ -16,9 +16,7 @@ hex = { version = "0.4", default-features = false, features = ["alloc"] } base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } pem = { version = "2.0", default-features = false } -rustls_sgx = { package = "rustls", git = "https://github.com/mesalock-linux/rustls", branch = "mesalock_sgx", optional = true } rustls = { version = "0.19", optional = true } -webpki_sgx = { package = "webpki", git = "https://github.com/mesalock-linux/webpki", branch = "mesalock_sgx", optional = true } webpki = { version = "0.21", optional = true } [features] @@ -29,7 +27,4 @@ std = [ "flex-error/std", "serde_json/preserve_order" ] -sgx = [ - "rustls_sgx", - "webpki_sgx" -] +sgx = [] diff --git a/modules/attestation-report/src/lib.rs b/modules/attestation-report/src/lib.rs index a3d7501d..c6b0c53a 100644 --- a/modules/attestation-report/src/lib.rs +++ b/modules/attestation-report/src/lib.rs @@ -27,7 +27,7 @@ pub use report::{ }; mod report; -#[cfg(any(feature = "std", feature = "sgx"))] +#[cfg(feature = "std")] pub use verification::verify_report; -#[cfg(any(feature = "std", feature = "sgx"))] +#[cfg(feature = "std")] mod verification; diff --git a/modules/ecall-commands/Cargo.toml b/modules/ecall-commands/Cargo.toml index 53ac9744..c7485201 100644 --- a/modules/ecall-commands/Cargo.toml +++ b/modules/ecall-commands/Cargo.toml @@ -4,7 +4,9 @@ version = "0.1.0" edition = "2021" [dependencies] +sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["extra_traits"] } serde = { version = "1.0.184", default-features = false, features = ["alloc", "derive"] } +serde_with = { version = "2.0.1", default-features = false, features = ["alloc", "macros"] } flex-error = { version = "0.4.4", default-features = false } commitments = { path = "../commitments", default-features = false } @@ -19,4 +21,3 @@ std = [ "flex-error/std", "lcp-types/std" ] -sgx-sw = [] diff --git a/modules/ecall-commands/src/enclave_manage.rs b/modules/ecall-commands/src/enclave_manage.rs index d5108256..a8d39477 100644 --- a/modules/ecall-commands/src/enclave_manage.rs +++ b/modules/ecall-commands/src/enclave_manage.rs @@ -1,23 +1,21 @@ -use crate::{prelude::*, EnclaveKeySelector, InputValidationError as Error}; -use attestation_report::EndorsedAttestationVerificationReport; +use crate::transmuter::BytesTransmuter; +use crate::{prelude::*, EnclaveKeySelector}; use crypto::{Address, EnclavePublicKey, SealedEnclaveKey}; use serde::{Deserialize, Serialize}; +use serde_with::serde_as; +use sgx_types::{sgx_report_t, sgx_target_info_t}; #[derive(Serialize, Deserialize, Debug)] pub enum EnclaveManageCommand { GenerateEnclaveKey(GenerateEnclaveKeyInput), - IASRemoteAttestation(IASRemoteAttestationInput), - #[cfg(feature = "sgx-sw")] - SimulateRemoteAttestation(SimulateRemoteAttestationInput), + CreateReport(CreateReportInput), } impl EnclaveKeySelector for EnclaveManageCommand { fn get_enclave_key(&self) -> Option
{ match self { Self::GenerateEnclaveKey(_) => None, - Self::IASRemoteAttestation(input) => Some(input.target_enclave_key), - #[cfg(feature = "sgx-sw")] - Self::SimulateRemoteAttestation(input) => Some(input.target_enclave_key), + Self::CreateReport(input) => Some(input.target_enclave_key), } } } @@ -25,48 +23,19 @@ impl EnclaveKeySelector for EnclaveManageCommand { #[derive(Serialize, Deserialize, Debug, Default)] pub struct GenerateEnclaveKeyInput; -#[derive(Serialize, Deserialize, Debug)] -pub struct IASRemoteAttestationInput { - pub target_enclave_key: Address, - pub operator: Option
, - pub spid: Vec, - pub ias_key: Vec, -} - -impl IASRemoteAttestationInput { - pub fn validate(&self) -> Result<(), Error> { - if self.spid.len() == 32 && self.ias_key.len() == 32 { - Ok(()) - } else { - Err(Error::invalid_argument( - "either or both of SPID and IAS_KEY are invalid".to_string(), - )) - } - } -} - -#[cfg(feature = "sgx-sw")] -#[derive(Serialize, Deserialize, Debug)] -pub struct SimulateRemoteAttestationInput { +#[serde_as] +#[derive(Serialize, Deserialize, Debug, Default)] +pub struct CreateReportInput { + #[serde_as(as = "BytesTransmuter")] + pub target_info: sgx_target_info_t, pub target_enclave_key: Address, pub operator: Option
, - pub advisory_ids: Vec, - pub isv_enclave_quote_status: String, -} - -#[cfg(feature = "sgx-sw")] -impl SimulateRemoteAttestationInput { - pub fn validate(&self) -> Result<(), Error> { - Ok(()) - } } #[derive(Serialize, Deserialize, Debug)] pub enum EnclaveManageResponse { GenerateEnclaveKey(GenerateEnclaveKeyResponse), - IASRemoteAttestation(IASRemoteAttestationResponse), - #[cfg(feature = "sgx-sw")] - SimulateRemoteAttestation(SimulateRemoteAttestationResponse), + CreateReport(CreateReportResponse), } #[derive(Serialize, Deserialize, Debug)] @@ -75,13 +44,9 @@ pub struct GenerateEnclaveKeyResponse { pub sealed_ek: SealedEnclaveKey, } -#[derive(Serialize, Deserialize, Debug, Default)] -pub struct IASRemoteAttestationResponse { - pub report: EndorsedAttestationVerificationReport, -} - -#[cfg(feature = "sgx-sw")] -#[derive(Serialize, Deserialize, Debug, Default)] -pub struct SimulateRemoteAttestationResponse { - pub avr: attestation_report::AttestationVerificationReport, +#[serde_as] +#[derive(Serialize, Deserialize, Debug)] +pub struct CreateReportResponse { + #[serde_as(as = "BytesTransmuter")] + pub report: sgx_report_t, } diff --git a/modules/ecall-commands/src/lib.rs b/modules/ecall-commands/src/lib.rs index 59cf411e..b68485d2 100644 --- a/modules/ecall-commands/src/lib.rs +++ b/modules/ecall-commands/src/lib.rs @@ -1,3 +1,4 @@ +#![feature(generic_const_exprs)] #![allow(clippy::large_enum_variant)] #![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; @@ -23,11 +24,9 @@ mod prelude { pub use commands::{Command, CommandContext, CommandResponse, ECallCommand}; use crypto::Address; pub use enclave_manage::{ - EnclaveManageCommand, EnclaveManageResponse, GenerateEnclaveKeyInput, - GenerateEnclaveKeyResponse, IASRemoteAttestationInput, IASRemoteAttestationResponse, + CreateReportInput, CreateReportResponse, EnclaveManageCommand, EnclaveManageResponse, + GenerateEnclaveKeyInput, GenerateEnclaveKeyResponse, }; -#[cfg(feature = "sgx-sw")] -pub use enclave_manage::{SimulateRemoteAttestationInput, SimulateRemoteAttestationResponse}; pub use errors::InputValidationError; pub use light_client::{ AggregateMessagesInput, AggregateMessagesResponse, CommitmentProofPair, InitClientInput, @@ -41,6 +40,8 @@ mod commands; mod enclave_manage; mod errors; mod light_client; +mod transmuter; + #[cfg(feature = "std")] pub mod msgs; diff --git a/modules/ecall-commands/src/transmuter.rs b/modules/ecall-commands/src/transmuter.rs new file mode 100644 index 00000000..d829c6ac --- /dev/null +++ b/modules/ecall-commands/src/transmuter.rs @@ -0,0 +1,42 @@ +use alloc::string::ToString; +use core::marker::PhantomData; +use serde::Deserialize; +use serde_with::{DeserializeAs, SerializeAs}; + +pub(crate) struct BytesTransmuter(PhantomData); + +impl SerializeAs for BytesTransmuter +where + [(); core::mem::size_of::()]:, +{ + fn serialize_as(source: &T, serializer: S) -> Result + where + S: serde::Serializer, + { + serializer.serialize_bytes(&unsafe { + core::mem::transmute_copy::<_, [u8; core::mem::size_of::()]>(source) + }) + } +} + +impl<'de, T> DeserializeAs<'de, T> for BytesTransmuter +where + [(); core::mem::size_of::()]:, +{ + fn deserialize_as(deserializer: D) -> Result + where + D: serde::Deserializer<'de>, + { + let bz = <&[u8]>::deserialize(deserializer).map_err(serde::de::Error::custom)?; + let mut array = [0; core::mem::size_of::()]; + if bz.len() == array.len() { + array.copy_from_slice(bz); + Ok(unsafe { core::mem::transmute_copy(&array) }) + } else { + Err(serde::de::Error::invalid_length( + bz.len(), + &array.len().to_string().as_str(), + )) + } + } +} diff --git a/modules/enclave-api/Cargo.toml b/modules/enclave-api/Cargo.toml index 18b4c572..41f1a98a 100644 --- a/modules/enclave-api/Cargo.toml +++ b/modules/enclave-api/Cargo.toml @@ -29,6 +29,5 @@ std = [ rocksdb = ["store/rocksdbstore"] sgx-sw = [ "rsa", - "sha2", - "ecall-commands/sgx-sw" + "sha2" ] diff --git a/modules/enclave-api/src/api/command.rs b/modules/enclave-api/src/api/command.rs index 0f11634b..ea674a07 100644 --- a/modules/enclave-api/src/api/command.rs +++ b/modules/enclave-api/src/api/command.rs @@ -1,12 +1,11 @@ use crate::{EnclavePrimitiveAPI, Result}; use ecall_commands::{ - AggregateMessagesInput, AggregateMessagesResponse, Command, CommandResponse, - EnclaveManageCommand, EnclaveManageResponse, GenerateEnclaveKeyInput, - GenerateEnclaveKeyResponse, IASRemoteAttestationInput, IASRemoteAttestationResponse, - InitClientInput, InitClientResponse, LightClientCommand, LightClientExecuteCommand, - LightClientQueryCommand, LightClientResponse, QueryClientInput, QueryClientResponse, - UpdateClientInput, UpdateClientResponse, VerifyMembershipInput, VerifyMembershipResponse, - VerifyNonMembershipInput, VerifyNonMembershipResponse, + AggregateMessagesInput, AggregateMessagesResponse, Command, CommandResponse, CreateReportInput, + CreateReportResponse, EnclaveManageCommand, EnclaveManageResponse, GenerateEnclaveKeyInput, + GenerateEnclaveKeyResponse, InitClientInput, InitClientResponse, LightClientCommand, + LightClientExecuteCommand, LightClientQueryCommand, LightClientResponse, QueryClientInput, + QueryClientResponse, UpdateClientInput, UpdateClientResponse, VerifyMembershipInput, + VerifyMembershipResponse, VerifyNonMembershipInput, VerifyNonMembershipResponse, }; use store::transaction::CommitStore; @@ -32,55 +31,65 @@ pub trait EnclaveCommandAPI: EnclavePrimitiveAPI { Ok(res) } - /// ias_remote_attestation performs Remote Attestation with IAS(Intel Attestation Service) - fn ias_remote_attestation( - &self, - input: IASRemoteAttestationInput, - ) -> Result { - let target_enclave_key = input.target_enclave_key; - let res = match self.execute_command( - Command::EnclaveManage(EnclaveManageCommand::IASRemoteAttestation(input)), + fn create_report(&self, input: CreateReportInput) -> Result { + match self.execute_command( + Command::EnclaveManage(EnclaveManageCommand::CreateReport(input)), None, )? { - CommandResponse::EnclaveManage(EnclaveManageResponse::IASRemoteAttestation(res)) => res, + CommandResponse::EnclaveManage(EnclaveManageResponse::CreateReport(res)) => Ok(res), _ => unreachable!(), - }; - self.get_key_manager() - .save_avr(target_enclave_key, res.report.clone())?; - Ok(res) + } } - /// simulate_remote_attestation simulates Remote Attestation - #[cfg(feature = "sgx-sw")] - fn simulate_remote_attestation( - &self, - input: ecall_commands::SimulateRemoteAttestationInput, - signing_key: rsa::pkcs1v15::SigningKey, - signing_cert: Vec, - ) -> Result { - use attestation_report::EndorsedAttestationVerificationReport; - use rsa::signature::{SignatureEncoding, Signer}; + // /// ias_remote_attestation performs Remote Attestation with IAS(Intel Attestation Service) + // fn ias_remote_attestation( + // &self, + // input: IASRemoteAttestationInput, + // ) -> Result { + // let target_enclave_key = input.target_enclave_key; + // let res = match self.execute_command( + // Command::EnclaveManage(EnclaveManageCommand::IASRemoteAttestation(input)), + // None, + // )? { + // CommandResponse::EnclaveManage(EnclaveManageResponse::IASRemoteAttestation(res)) => res, + // _ => unreachable!(), + // }; + // self.get_key_manager() + // .save_avr(target_enclave_key, res.report.clone())?; + // Ok(res) + // } - let target_enclave_key = input.target_enclave_key; - let res = match self.execute_command( - Command::EnclaveManage(EnclaveManageCommand::SimulateRemoteAttestation(input)), - None, - )? { - CommandResponse::EnclaveManage(EnclaveManageResponse::SimulateRemoteAttestation( - res, - )) => res, - _ => unreachable!(), - }; - let avr_json = res.avr.to_canonical_json().unwrap(); - let signature = signing_key.sign(avr_json.as_bytes()).to_vec(); - let eavr = EndorsedAttestationVerificationReport { - avr: avr_json, - signature, - signing_cert, - }; - self.get_key_manager().save_avr(target_enclave_key, eavr)?; - Ok(res) - } + // /// simulate_remote_attestation simulates Remote Attestation + // #[cfg(feature = "sgx-sw")] + // fn simulate_remote_attestation( + // &self, + // input: ecall_commands::SimulateRemoteAttestationInput, + // signing_key: rsa::pkcs1v15::SigningKey, + // signing_cert: Vec, + // ) -> Result { + // use attestation_report::EndorsedAttestationVerificationReport; + // use rsa::signature::{SignatureEncoding, Signer}; + + // let target_enclave_key = input.target_enclave_key; + // let res = match self.execute_command( + // Command::EnclaveManage(EnclaveManageCommand::SimulateRemoteAttestation(input)), + // None, + // )? { + // CommandResponse::EnclaveManage(EnclaveManageResponse::SimulateRemoteAttestation( + // res, + // )) => res, + // _ => unreachable!(), + // }; + // let avr_json = res.avr.to_canonical_json().unwrap(); + // let signature = signing_key.sign(avr_json.as_bytes()).to_vec(); + // let eavr = EndorsedAttestationVerificationReport { + // avr: avr_json, + // signature, + // signing_cert, + // }; + // self.get_key_manager().save_avr(target_enclave_key, eavr)?; + // Ok(res) + // } /// init_client initializes an ELC instance with given states fn init_client(&self, input: InitClientInput) -> Result { diff --git a/modules/ocall-commands/src/lib.rs b/modules/ocall-commands/src/lib.rs index 1e77b92d..6a8d71f3 100644 --- a/modules/ocall-commands/src/lib.rs +++ b/modules/ocall-commands/src/lib.rs @@ -4,13 +4,7 @@ #![feature(generic_const_exprs)] extern crate alloc; pub use crate::store::{StoreCommand, StoreResult}; -pub use remote_attestation::{ - GetIASSocketResult, GetQuoteInput, GetQuoteResult, GetReportAttestationStatusInput, - GetReportAttestationStatusResult, InitQuoteResult, RemoteAttestationCommand, - RemoteAttestationResult, -}; -mod remote_attestation; mod store; mod transmuter; @@ -23,13 +17,11 @@ pub struct OCallCommand { #[derive(Serialize, Deserialize, Debug)] pub enum Command { - RemoteAttestation(RemoteAttestationCommand), Store(StoreCommand), } #[derive(Serialize, Deserialize, Debug)] pub enum CommandResult { - RemoteAttestation(RemoteAttestationResult), Store(StoreResult), CommandError(alloc::string::String), } diff --git a/modules/ocall-handler/src/lib.rs b/modules/ocall-handler/src/lib.rs index 0f738100..d29dbab3 100644 --- a/modules/ocall-handler/src/lib.rs +++ b/modules/ocall-handler/src/lib.rs @@ -1,6 +1,6 @@ pub use router::dispatch; mod errors; -mod remote_attestation; +// mod remote_attestation; mod router; mod store; diff --git a/modules/ocall-handler/src/router.rs b/modules/ocall-handler/src/router.rs index 2794568f..cd2317b6 100644 --- a/modules/ocall-handler/src/router.rs +++ b/modules/ocall-handler/src/router.rs @@ -1,12 +1,9 @@ -use crate::{errors::Result, remote_attestation, store}; +use crate::{errors::Result, store}; use host_environment::Environment; use ocall_commands::{Command, CommandResult, OCallCommand}; pub fn dispatch(env: &Environment, command: OCallCommand) -> Result { match command.cmd { - Command::RemoteAttestation(cmd) => Ok(CommandResult::RemoteAttestation( - remote_attestation::dispatch(cmd)?, - )), Command::Store(cmd) => Ok(CommandResult::Store(store::dispatch(env, cmd)?)), } } diff --git a/modules/remote-attestation/Cargo.toml b/modules/remote-attestation/Cargo.toml new file mode 100644 index 00000000..7f2023ae --- /dev/null +++ b/modules/remote-attestation/Cargo.toml @@ -0,0 +1,26 @@ +[package] +name = "remote-attestation" +version = "0.1.0" +edition = "2021" + +[dependencies] +sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +log = "0.4.8" +rand = "0.8" +hex = { version = "0.4", default-features = false, features = ["alloc"] } +base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } +httparse = { version = "1.3", default-features = false } +rustls = "0.19" +webpki = "0.21" +webpki-roots = "0.17" +flex-error = { version = "0.4.4" } +sha2 = { version = "0.10.6" } +rsa = { version = "0.9.2", features = ["pem"] } +chrono = { version = "0.4.38", features = ["now"] } + +lcp-types = { path = "../types" } +crypto = { path = "../crypto", default-features = false } +attestation-report = { path = "../attestation-report" } +ecall-commands = { path = "../ecall-commands" } +enclave-api = { path = "../enclave-api" } +store = { path = "../store", features = ["rocksdbstore"] } diff --git a/modules/remote-attestation/src/errors.rs b/modules/remote-attestation/src/errors.rs new file mode 100644 index 00000000..d89f0e33 --- /dev/null +++ b/modules/remote-attestation/src/errors.rs @@ -0,0 +1,46 @@ +use flex_error::*; +use lcp_types::Time; +use sgx_types::sgx_status_t; + +define_error! { + #[derive(Debug, Clone, PartialEq, Eq)] + Error { + TooOldReportTimestamp { + now: Time, + timestamp: Time + } + |e| { + format_args!("TooOldReportTimestamp: the timestamp of the report is too old: now={:?} attestation_time={:?}", e.now, e.timestamp) + }, + + AttestationReport + [attestation_report::Error] + |_| { "AttestationReport error" }, + + UnexpectedReport { + descr: String + } + |e| { + format_args!("UnexpectedReport error: {}", e.descr) + }, + + UnexpectedQuote { + descr: String + } + |e| { + format_args!("UnexpectedQuoteError: {}", e.descr) + }, + + SgxError { + status: sgx_status_t, + descr: String + } + |e| { + format_args!("SGXError: status={:?} descr={}", e.status, e.descr) + }, + + Time + [lcp_types::TimeError] + |_| { "Time error" }, + } +} diff --git a/modules/remote-attestation/src/ias.rs b/modules/remote-attestation/src/ias.rs new file mode 100644 index 00000000..f190eeb1 --- /dev/null +++ b/modules/remote-attestation/src/ias.rs @@ -0,0 +1,36 @@ +use crate::errors::Error; +use crate::ias_utils::{ + decode_spid, get_quote, get_report_from_intel, get_sigrl_from_intel, init_quote, + validate_qe_report, IASMode, SGX_QUOTE_SIGN_TYPE, +}; +use attestation_report::EndorsedAttestationVerificationReport; +use crypto::Address; +use ecall_commands::{CreateReportInput, CreateReportResponse}; +use enclave_api::EnclaveCommandAPI; +use store::transaction::CommitStore; + +pub fn run_ias_ra, S: CommitStore>( + enclave: &E, + target_enclave_key: Address, + operator: Option
, + mode: IASMode, + spid: String, + ias_key: String, +) -> Result { + let spid = decode_spid(&spid); + let (target_info, epid_group_id) = init_quote()?; + let CreateReportResponse { report } = enclave + .create_report(CreateReportInput { + target_info, + target_enclave_key, + operator, + }) + .unwrap(); + + // Now sigrl is the revocation list, a vec + let sigrl = get_sigrl_from_intel(mode, epid_group_id, &ias_key); + let (quote, qe_report) = get_quote(sigrl, report, SGX_QUOTE_SIGN_TYPE, spid)?; + validate_qe_report(&target_info, &qe_report)?; + + get_report_from_intel(mode, quote, &ias_key) +} diff --git a/modules/remote-attestation/src/ias_simulation.rs b/modules/remote-attestation/src/ias_simulation.rs new file mode 100644 index 00000000..d05a0618 --- /dev/null +++ b/modules/remote-attestation/src/ias_simulation.rs @@ -0,0 +1,74 @@ +use crate::errors::Error; +use crate::ias_utils::{get_quote, init_quote, validate_qe_report, SGX_QUOTE_SIGN_TYPE}; +use attestation_report::{AttestationVerificationReport, EndorsedAttestationVerificationReport}; +use crypto::Address; +use ecall_commands::{CreateReportInput, CreateReportResponse}; +use enclave_api::EnclaveCommandAPI; +use rsa::signature::{SignatureEncoding, Signer}; +use store::transaction::CommitStore; + +pub fn run_ias_ra_simulation, S: CommitStore>( + enclave: &E, + target_enclave_key: Address, + operator: Option
, + advisory_ids: Vec, + isv_enclave_quote_status: String, + signing_key: rsa::pkcs1v15::SigningKey, + signing_cert: Vec, +) -> Result { + let (target_info, _) = init_quote()?; + let CreateReportResponse { report } = enclave + .create_report(CreateReportInput { + target_info, + target_enclave_key, + operator, + }) + .unwrap(); + + let (quote, qe_report) = get_quote(vec![], report, SGX_QUOTE_SIGN_TYPE, Default::default())?; + validate_qe_report(&target_info, &qe_report)?; + create_simulate_avr( + quote, + advisory_ids, + isv_enclave_quote_status, + signing_key, + signing_cert, + ) +} + +fn create_simulate_avr( + quote: Vec, + advisory_ids: Vec, + isv_enclave_quote_status: String, + signing_key: rsa::pkcs1v15::SigningKey, + signing_cert: Vec, +) -> Result { + let now = chrono::Utc::now(); + // TODO more configurable via simulation command + let avr = AttestationVerificationReport { + id: "23856791181030202675484781740313693463".to_string(), + // TODO refactoring + timestamp: format!( + "{}000", + now.format("%Y-%m-%dT%H:%M:%S%.f%z") + .to_string() + .strip_suffix("+0000") + .unwrap() + .to_string() + ), + version: 4, + advisory_url: "https://security-center.intel.com".to_string(), + advisory_ids, + isv_enclave_quote_status, + platform_info_blob: None, + isv_enclave_quote_body: base64::encode("e.as_slice()[..432]), + ..Default::default() + }; + let avr_json = avr.to_canonical_json().unwrap(); + let signature = signing_key.sign(avr_json.as_bytes()).to_vec(); + Ok(EndorsedAttestationVerificationReport { + avr: avr_json, + signature, + signing_cert, + }) +} diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs new file mode 100644 index 00000000..f3a52c3b --- /dev/null +++ b/modules/remote-attestation/src/ias_utils.rs @@ -0,0 +1,379 @@ +use crate::errors::Error; +use attestation_report::EndorsedAttestationVerificationReport; +use log::*; +use rand::RngCore; +use sgx_types::{ + sgx_calc_quote_size, sgx_epid_group_id_t, sgx_get_quote, sgx_init_quote, sgx_quote_nonce_t, + sgx_quote_sign_type_t, sgx_quote_t, sgx_report_t, sgx_spid_t, sgx_status_t, sgx_target_info_t, +}; +use sha2::{Digest, Sha256}; +use std::io::{Read, Write}; +use std::net::{SocketAddr, TcpStream}; +use std::ptr; +use std::str; +use std::sync::Arc; + +pub const IAS_HOSTNAME: &str = "api.trustedservices.intel.com"; +pub const SGX_QUOTE_SIGN_TYPE: sgx_quote_sign_type_t = + sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE; + +#[derive(Debug, Clone, Copy)] +pub enum IASMode { + Development, + Production, +} + +impl IASMode { + pub const fn get_sigrl_suffix(&self) -> &'static str { + match self { + IASMode::Development => "/sgx/dev/attestation/v4/sigrl/", + IASMode::Production => "/sgx/attestation/v4/sigrl/", + } + } + + pub const fn get_report_suffix(&self) -> &'static str { + match self { + IASMode::Development => "/sgx/dev/attestation/v4/report", + IASMode::Production => "/sgx/attestation/v4/report", + } + } +} + +pub(crate) fn init_quote() -> Result<(sgx_target_info_t, sgx_epid_group_id_t), Error> { + let mut target_info = sgx_target_info_t::default(); + let mut epid_group_id = sgx_epid_group_id_t::default(); + match unsafe { sgx_init_quote(&mut target_info, &mut epid_group_id) } { + sgx_status_t::SGX_SUCCESS => Ok((target_info, epid_group_id)), + s => Err(Error::sgx_error(s, "failed to sgx_init_quote".into())), + } +} + +pub(crate) fn get_quote( + sigrl: Vec, + report: sgx_report_t, + quote_type: sgx_quote_sign_type_t, + spid: sgx_spid_t, +) -> Result<(Vec, sgx_report_t), Error> { + let mut quote_nonce = sgx_quote_nonce_t { rand: [0; 16] }; + rand::thread_rng().fill_bytes(&mut quote_nonce.rand); + + let (p_sigrl, sigrl_size) = if sigrl.is_empty() { + (ptr::null(), 0) + } else { + (sigrl.as_ptr(), sigrl.len() as u32) + }; + + let (quote, qe_report) = { + let mut quote_size: u32 = 0; + let ret = unsafe { sgx_calc_quote_size(p_sigrl, sigrl_size, &mut quote_size as *mut u32) }; + if ret != sgx_status_t::SGX_SUCCESS { + return Err(Error::sgx_error( + ret, + "failed to sgx_calc_quote_size".into(), + )); + } + info!("quote size = {}", quote_size); + + let mut qe_report = sgx_report_t::default(); + let quote = [0u8; 2048]; + let p_quote = quote.as_ptr(); + let ret = unsafe { + sgx_get_quote( + &report, + quote_type, + &spid, + "e_nonce, + p_sigrl, + sigrl_size, + &mut qe_report, + p_quote as *mut sgx_quote_t, + quote_size, + ) + }; + if ret != sgx_status_t::SGX_SUCCESS { + return Err(Error::sgx_error(ret, "failed to sgx_get_quote".into())); + } + (quote[..quote_size as usize].to_vec(), qe_report) + }; + + // Check qe_report to defend against replay attack + // The purpose of p_qe_report is for the ISV enclave to confirm the QUOTE + // it received is not modified by the untrusted SW stack, and not a replay. + // The implementation in QE is to generate a REPORT targeting the ISV + // enclave (target info from p_report) , with the lower 32Bytes in + // report.data = SHA256(p_nonce||p_quote). The ISV enclave can verify the + // p_qe_report and report.data to confirm the QUOTE has not be modified and + // is not a replay. It is optional. + + let mut rhs_vec: Vec = quote_nonce.rand.to_vec(); + rhs_vec.extend("e); + let mut hasher = Sha256::new(); + hasher.update(&rhs_vec); + let h = hasher.finalize(); + let rhs_hash = h.as_slice(); + let lhs_hash = &qe_report.body.report_data.d[..32]; + + trace!("Report rhs hash = {}", hex::encode(rhs_hash)); + trace!("Report lhs hash = {}", hex::encode(lhs_hash)); + + if rhs_hash != lhs_hash { + return Err(Error::unexpected_quote( + format!("Quote is tampered!: {:?} != {:?}", rhs_hash, lhs_hash).to_string(), + )); + } + + Ok((quote, qe_report)) +} + +pub(crate) fn get_sigrl_from_intel(mode: IASMode, gid: [u8; 4], ias_key: &str) -> Vec { + let config = make_ias_client_config(); + let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", + mode.get_sigrl_suffix(), + u32::from_le_bytes(gid), + IAS_HOSTNAME, + ias_key); + + trace!("get_sigrl_from_intel: {}", req); + + let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); + let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); + let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, 443)).unwrap(); + let mut tls = rustls::Stream::new(&mut sess, &mut sock); + + let _result = tls.write(req.as_bytes()); + let mut plaintext = Vec::new(); + + info!("write complete"); + + match tls.read_to_end(&mut plaintext) { + Ok(_) => (), + Err(e) => { + warn!("get_sigrl_from_intel tls.read_to_end: {:?}", e); + panic!("Communication error with IAS"); + } + } + info!("read_to_end complete"); + let resp_string = String::from_utf8(plaintext.clone()).unwrap(); + + trace!("{}", resp_string); + + parse_response_sigrl(&plaintext) +} + +pub(crate) fn get_report_from_intel( + mode: IASMode, + quote: Vec, + ias_key: &str, +) -> Result { + let config = make_ias_client_config(); + let encoded_quote = base64::encode("e[..]); + let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); + + let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key:{}\r\nContent-Length:{}\r\nContent-Type: application/json\r\nConnection: close\r\n\r\n{}", + mode.get_report_suffix(), + IAS_HOSTNAME, + ias_key, + encoded_json.len(), + encoded_json); + + trace!("{}", req); + let dns_name = webpki::DNSNameRef::try_from_ascii_str(&IAS_HOSTNAME).unwrap(); + let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); + let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, 443)).unwrap(); + let mut tls = rustls::Stream::new(&mut sess, &mut sock); + + let _result = tls.write(req.as_bytes()); + let mut plaintext = Vec::new(); + + info!("write complete"); + + tls.read_to_end(&mut plaintext).unwrap(); + info!("read_to_end complete"); + let resp_string = String::from_utf8(plaintext.clone()).unwrap(); + + trace!("resp_string = {}", resp_string); + + parse_response_attn_report(&plaintext) +} + +pub(crate) fn validate_qe_report( + target_info: &sgx_target_info_t, + qe_report: &sgx_report_t, +) -> Result<(), Error> { + // Check if the qe_report is produced on the same platform + if target_info.mr_enclave.m != qe_report.body.mr_enclave.m + || target_info.attributes.flags != qe_report.body.attributes.flags + || target_info.attributes.xfrm != qe_report.body.attributes.xfrm + { + return Err(Error::unexpected_report( + "qe_report does not match current target_info!".to_string(), + )); + } + Ok(()) +} + +fn parse_response_attn_report(resp: &[u8]) -> Result { + trace!("parse_response_attn_report"); + let mut headers = [httparse::EMPTY_HEADER; 16]; + let mut respp = httparse::Response::new(&mut headers); + let result = respp.parse(resp); + trace!("parse result {:?}", result); + + let msg: &'static str; + + match respp.code { + Some(200) => msg = "OK Operation Successful", + Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", + Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", + Some(500) => msg = "Internal error occurred", + Some(503) => { + msg = "Service is currently not able to process the request (due to + a temporary overloading or maintenance). This is a + temporary state – the same request can be repeated after + some time. " + } + _ => { + warn!("DBG:{}", respp.code.unwrap()); + msg = "Unknown error occured" + } + } + + info!("{}", msg); + let mut len_num: u32 = 0; + + let mut sig = String::new(); + let mut cert = String::new(); + let mut attn_report = String::new(); + + for i in 0..respp.headers.len() { + let h = respp.headers[i]; + match h.name { + "Content-Length" => { + let len_str = String::from_utf8(h.value.to_vec()).unwrap(); + len_num = len_str.parse::().unwrap(); + trace!("content length = {}", len_num); + } + "X-IASReport-Signature" => sig = str::from_utf8(h.value).unwrap().to_string(), + "X-IASReport-Signing-Certificate" => { + cert = str::from_utf8(h.value).unwrap().to_string() + } + _ => (), + } + } + + // Remove %0A from cert, and only obtain the signing cert + cert = cert.replace("%0A", ""); + cert = percent_decode(cert); + + let v: Vec<&str> = cert.split("-----").collect(); + let sig_cert = v[2].to_string(); + + if len_num != 0 { + let header_len = result.unwrap().unwrap(); + let resp_body = &resp[header_len..]; + attn_report = str::from_utf8(resp_body).unwrap().to_string(); + info!("Attestation report: {}", attn_report); + } + + let signature = base64::decode(&sig).unwrap(); + let signing_cert = base64::decode(&sig_cert).unwrap(); + Ok(EndorsedAttestationVerificationReport { + avr: attn_report, + signature, + signing_cert, + }) +} + +fn parse_response_sigrl(resp: &[u8]) -> Vec { + trace!("parse_response_sigrl"); + let mut headers = [httparse::EMPTY_HEADER; 16]; + let mut respp = httparse::Response::new(&mut headers); + let result = respp.parse(resp); + trace!("parse result {:?}", result); + trace!("parse response{:?}", respp); + + let msg: &'static str; + + match respp.code { + Some(200) => msg = "OK Operation Successful", + Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", + Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", + Some(500) => msg = "Internal error occurred", + Some(503) => { + msg = "Service is currently not able to process the request (due to + a temporary overloading or maintenance). This is a + temporary state – the same request can be repeated after + some time. " + } + _ => msg = "Unknown error occured", + } + + info!("{}", msg); + let mut len_num: u32 = 0; + + for i in 0..respp.headers.len() { + let h = respp.headers[i]; + if h.name == "content-length" { + let len_str = String::from_utf8(h.value.to_vec()).unwrap(); + len_num = len_str.parse::().unwrap(); + trace!("content length = {}", len_num); + } + } + + if len_num != 0 { + let header_len = result.unwrap().unwrap(); + let resp_body = &resp[header_len..]; + trace!("Base64-encoded SigRL: {:?}", resp_body); + + return base64::decode(resp_body).unwrap(); + } + + // len_num == 0 + Vec::new() +} + +fn make_ias_client_config() -> rustls::ClientConfig { + let mut config = rustls::ClientConfig::new(); + + config + .root_store + .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); + + config +} + +fn percent_decode(orig: String) -> String { + let v: Vec<&str> = orig.split("%").collect(); + let mut ret = String::new(); + ret.push_str(v[0]); + if v.len() > 1 { + for s in v[1..].iter() { + ret.push(u8::from_str_radix(&s[0..2], 16).unwrap() as char); + ret.push_str(&s[2..]); + } + } + ret +} + +fn lookup_ipv4(host: &str, port: u16) -> SocketAddr { + use std::net::ToSocketAddrs; + + let addrs = (host, port).to_socket_addrs().unwrap(); + for addr in addrs { + if let SocketAddr::V4(_) = addr { + return addr; + } + } + + unreachable!("Cannot lookup address"); +} + +// CONTRACT: `hex` length must be 32 +pub(crate) fn decode_spid(hex: &str) -> sgx_spid_t { + let mut spid = sgx_spid_t::default(); + let hex = &hex.trim(); + assert!(hex.len() == 32); + let decoded_vec = hex::decode(hex).unwrap(); + spid.id.copy_from_slice(&decoded_vec[..16]); + spid +} diff --git a/modules/remote-attestation/src/lib.rs b/modules/remote-attestation/src/lib.rs new file mode 100644 index 00000000..62dc744a --- /dev/null +++ b/modules/remote-attestation/src/lib.rs @@ -0,0 +1,6 @@ +pub mod errors; +pub mod ias; +pub mod ias_simulation; +mod ias_utils; + +pub use ias_utils::{IASMode, IAS_HOSTNAME}; diff --git a/tests/integration/Cargo.toml b/tests/integration/Cargo.toml index e87c248f..86601379 100644 --- a/tests/integration/Cargo.toml +++ b/tests/integration/Cargo.toml @@ -38,6 +38,5 @@ keymanager = { path = "../../modules/keymanager" } [features] default = [] sgx-sw = [ - "enclave-api/sgx-sw", - "ecall-commands/sgx-sw" + "enclave-api/sgx-sw" ] diff --git a/tests/integration/src/lib.rs b/tests/integration/src/lib.rs index c2c8627c..d94fd007 100644 --- a/tests/integration/src/lib.rs +++ b/tests/integration/src/lib.rs @@ -115,80 +115,80 @@ mod tests { }; let operator = Address::from_hex_string("0x396e1ccc2f11cd6d2114c2449dad7751357e413e")?; - #[cfg(not(feature = "sgx-sw"))] - { - let res = - match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { - target_enclave_key: signer, - operator: Some(operator), - spid: std::env::var("SPID")?.as_bytes().to_vec(), - ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), - }) { - Ok(res) => res.report, - Err(e) => { - bail!("IAS Remote Attestation Failed {:?}!", e); - } - }; - let report_data = res.get_avr()?.parse_quote()?.report_data(); - assert_eq!(report_data.enclave_key(), signer); - assert_eq!(report_data.operator(), operator); - let res = - match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { - target_enclave_key: signer, - operator: None, - spid: std::env::var("SPID")?.as_bytes().to_vec(), - ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), - }) { - Ok(res) => res.report, - Err(e) => { - bail!("IAS Remote Attestation Failed {:?}!", e); - } - }; - let report_data = res.get_avr()?.parse_quote()?.report_data(); - assert_eq!(report_data.enclave_key(), signer); - assert!(report_data.operator().is_zero()); - } - #[cfg(feature = "sgx-sw")] - { - use enclave_api::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; - use enclave_api::sha2::Sha256; - let res = match enclave.simulate_remote_attestation( - ecall_commands::SimulateRemoteAttestationInput { - target_enclave_key: signer, - operator: Some(operator), - advisory_ids: vec![], - isv_enclave_quote_status: "OK".to_string(), - }, - SigningKey::::random(&mut OsRng, 3072)?, - Default::default(), // TODO set valid certificate - ) { - Ok(res) => res.avr, - Err(e) => { - bail!("Simulate Remote Attestation Failed {:?}!", e); - } - }; - let report_data = res.parse_quote()?.report_data(); - assert_eq!(report_data.enclave_key(), signer); - assert_eq!(report_data.operator(), operator); - let res = match enclave.simulate_remote_attestation( - ecall_commands::SimulateRemoteAttestationInput { - target_enclave_key: signer, - operator: None, - advisory_ids: vec![], - isv_enclave_quote_status: "OK".to_string(), - }, - SigningKey::::random(&mut OsRng, 3072)?, - Default::default(), // TODO set valid certificate - ) { - Ok(res) => res.avr, - Err(e) => { - bail!("Simulate Remote Attestation Failed {:?}!", e); - } - }; - let report_data = res.parse_quote()?.report_data(); - assert_eq!(report_data.enclave_key(), signer); - assert!(report_data.operator().is_zero()); - } + // #[cfg(not(feature = "sgx-sw"))] + // { + // let res = + // match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { + // target_enclave_key: signer, + // operator: Some(operator), + // spid: std::env::var("SPID")?.as_bytes().to_vec(), + // ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), + // }) { + // Ok(res) => res.report, + // Err(e) => { + // bail!("IAS Remote Attestation Failed {:?}!", e); + // } + // }; + // let report_data = res.get_avr()?.parse_quote()?.report_data(); + // assert_eq!(report_data.enclave_key(), signer); + // assert_eq!(report_data.operator(), operator); + // let res = + // match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { + // target_enclave_key: signer, + // operator: None, + // spid: std::env::var("SPID")?.as_bytes().to_vec(), + // ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), + // }) { + // Ok(res) => res.report, + // Err(e) => { + // bail!("IAS Remote Attestation Failed {:?}!", e); + // } + // }; + // let report_data = res.get_avr()?.parse_quote()?.report_data(); + // assert_eq!(report_data.enclave_key(), signer); + // assert!(report_data.operator().is_zero()); + // } + // #[cfg(feature = "sgx-sw")] + // { + // use enclave_api::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; + // use enclave_api::sha2::Sha256; + // let res = match enclave.simulate_remote_attestation( + // ecall_commands::SimulateRemoteAttestationInput { + // target_enclave_key: signer, + // operator: Some(operator), + // advisory_ids: vec![], + // isv_enclave_quote_status: "OK".to_string(), + // }, + // SigningKey::::random(&mut OsRng, 3072)?, + // Default::default(), // TODO set valid certificate + // ) { + // Ok(res) => res.avr, + // Err(e) => { + // bail!("Simulate Remote Attestation Failed {:?}!", e); + // } + // }; + // let report_data = res.parse_quote()?.report_data(); + // assert_eq!(report_data.enclave_key(), signer); + // assert_eq!(report_data.operator(), operator); + // let res = match enclave.simulate_remote_attestation( + // ecall_commands::SimulateRemoteAttestationInput { + // target_enclave_key: signer, + // operator: None, + // advisory_ids: vec![], + // isv_enclave_quote_status: "OK".to_string(), + // }, + // SigningKey::::random(&mut OsRng, 3072)?, + // Default::default(), // TODO set valid certificate + // ) { + // Ok(res) => res.avr, + // Err(e) => { + // bail!("Simulate Remote Attestation Failed {:?}!", e); + // } + // }; + // let report_data = res.parse_quote()?.report_data(); + // assert_eq!(report_data.enclave_key(), signer); + // assert!(report_data.operator().is_zero()); + // } let (client_id, last_height) = { // XXX use non-latest height here From 992ecbbefe631732f4e5534cb0b1b8980b77affc Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 13:36:59 +0900 Subject: [PATCH 05/30] remove enclave-remote-attestation crate Signed-off-by: Jun Kimura --- Cargo.toml | 1 - Makefile | 2 +- app/Cargo.toml | 3 +- app/src/commands/attestation.rs | 4 +- enclave-modules/ecall-handler/Cargo.toml | 9 - .../src/enclave_manage/attestation.rs | 61 --- .../src/enclave_manage/errors.rs | 10 - enclave-modules/remote-attestation/Cargo.toml | 29 -- .../remote-attestation/src/attestation.rs | 379 ------------------ .../remote-attestation/src/errors.rs | 51 --- enclave-modules/remote-attestation/src/lib.rs | 25 -- .../remote-attestation/src/report.rs | 84 ---- .../remote-attestation/src/simulate.rs | 160 -------- enclave-modules/runtime/Cargo.toml | 8 - enclave/Cargo.lock | 93 ++--- enclave/Cargo.toml | 6 - modules/enclave-api/src/api/command.rs | 52 +-- modules/remote-attestation/Cargo.toml | 11 +- modules/remote-attestation/src/lib.rs | 1 + 19 files changed, 42 insertions(+), 947 deletions(-) delete mode 100644 enclave-modules/ecall-handler/src/enclave_manage/attestation.rs delete mode 100644 enclave-modules/remote-attestation/Cargo.toml delete mode 100644 enclave-modules/remote-attestation/src/attestation.rs delete mode 100644 enclave-modules/remote-attestation/src/errors.rs delete mode 100644 enclave-modules/remote-attestation/src/lib.rs delete mode 100644 enclave-modules/remote-attestation/src/report.rs delete mode 100644 enclave-modules/remote-attestation/src/simulate.rs diff --git a/Cargo.toml b/Cargo.toml index 2d784232..dc4c7398 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -31,7 +31,6 @@ exclude = [ "enclave-modules/environment", "enclave-modules/store", "enclave-modules/utils", - "enclave-modules/remote-attestation", "enclave-modules/host-api", "enclave-modules/ecall-handler", "proto-compiler" diff --git a/Makefile b/Makefile index 0405b080..71424b10 100644 --- a/Makefile +++ b/Makefile @@ -61,7 +61,7 @@ else SGX_ENCLAVE_CONFIG = "enclave/Enclave.config.xml" SGX_SIGN_KEY = "enclave/Enclave_private.pem" ifneq ($(SGX_MODE), HW) - ENCLAVE_CARGO_FEATURES = --features=default,sgx-sw + ENCLAVE_CARGO_FEATURES = --features=default APP_CARGO_FEATURES = --features=default,sgx-sw endif endif diff --git a/app/Cargo.toml b/app/Cargo.toml index 08548438..2834165b 100644 --- a/app/Cargo.toml +++ b/app/Cargo.toml @@ -36,5 +36,6 @@ git2 = "0.17" default = [] sgx-sw = [ "enclave-api/sgx-sw", - "service/sgx-sw" + "service/sgx-sw", + "remote-attestation/sgx-sw" ] diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index 85591339..18ef0548 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -7,7 +7,7 @@ use clap::Parser; use crypto::Address; use enclave_api::{Enclave, EnclaveCommandAPI, EnclaveProtoAPI}; use log::info; -use remote_attestation::{ias, ias_simulation, IASMode}; +use remote_attestation::{ias, IASMode}; use store::transaction::CommitStore; /// `attestation` subcommand @@ -232,7 +232,7 @@ fn run_simulate_remote_attestation, S: CommitStore>( } let target_enclave_key = Address::from_hex_string(&cmd.enclave_key)?; - match ias_simulation::run_ias_ra_simulation( + match remote_attestation::ias_simulation::run_ias_ra_simulation( &enclave, target_enclave_key, cmd.get_operator()?, diff --git a/enclave-modules/ecall-handler/Cargo.toml b/enclave-modules/ecall-handler/Cargo.toml index f1c3de9f..ae27a492 100644 --- a/enclave-modules/ecall-handler/Cargo.toml +++ b/enclave-modules/ecall-handler/Cargo.toml @@ -9,7 +9,6 @@ sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave- hex = { version = "0.4", default-features = false, features = ["alloc"] } flex-error = { version = "0.4.4", default-features = false } -enclave-remote-attestation = { path = "../remote-attestation" } crypto = { path = "../../modules/crypto", default-features = false, features = ["sgx"] } attestation-report = { path = "../../modules/attestation-report", default-features = false, features = ["sgx"] } context = { path = "../../modules/context", default-features = false } @@ -19,11 +18,3 @@ lcp-types = { path = "../../modules/types", default-features = false } ecall-commands = { path = "../../modules/ecall-commands", default-features = false } light-client = { path = "../../modules/light-client", default-features = false } store = { path = "../../modules/store", default-features = false } - -[features] -sgx-sw = [ - "enclave-remote-attestation/sgx-sw" -] -production = [ - "enclave-remote-attestation/production" -] diff --git a/enclave-modules/ecall-handler/src/enclave_manage/attestation.rs b/enclave-modules/ecall-handler/src/enclave_manage/attestation.rs deleted file mode 100644 index 6848a0e4..00000000 --- a/enclave-modules/ecall-handler/src/enclave_manage/attestation.rs +++ /dev/null @@ -1,61 +0,0 @@ -use crate::enclave_manage::errors::Error; -use crate::prelude::*; -use attestation_report::{verify_report, ReportData}; -use crypto::{EnclaveKey, SealingKey}; -use ecall_commands::{CommandContext, IASRemoteAttestationInput, IASRemoteAttestationResponse}; -use enclave_remote_attestation::{ - attestation::create_attestation_report, report::validate_quote_status, -}; -use sgx_types::{sgx_quote_sign_type_t, sgx_spid_t}; - -pub(crate) fn ias_remote_attestation( - cctx: CommandContext, - input: IASRemoteAttestationInput, -) -> Result { - input.validate()?; - let pub_key = - EnclaveKey::unseal(&cctx.sealed_ek.ok_or(Error::enclave_key_not_found())?)?.get_pubkey(); - let report = { - let spid = decode_spid(&input.spid); - let report = create_attestation_report( - ReportData::new(pub_key.as_address(), input.operator).into(), - sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE, - spid, - &input.ias_key, - )?; - verify_report(cctx.current_timestamp, &report)?; - report - }; - validate_quote_status(cctx.current_timestamp, &report.get_avr()?)?; - Ok(IASRemoteAttestationResponse { report }) -} - -#[cfg(feature = "sgx-sw")] -pub(crate) fn simulate_remote_attestation( - cctx: CommandContext, - input: ecall_commands::SimulateRemoteAttestationInput, -) -> Result { - input.validate()?; - let pub_key = - EnclaveKey::unseal(&cctx.sealed_ek.ok_or(Error::enclave_key_not_found())?)?.get_pubkey(); - let avr = enclave_remote_attestation::simulate::create_attestation_report( - ReportData::new(pub_key.as_address(), input.operator).into(), - sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE, - input.advisory_ids, - input.isv_enclave_quote_status, - )?; - validate_quote_status(cctx.current_timestamp, &avr)?; - Ok(ecall_commands::SimulateRemoteAttestationResponse { avr }) -} - -// CONTRACT: `hex` length must be 32 -fn decode_spid(hex: &[u8]) -> sgx_spid_t { - assert!(hex.len() == 32); - let mut spid = sgx_spid_t::default(); - let hex = String::from_utf8_lossy(hex); - let hex = &hex.trim(); - - let decoded_vec = hex::decode(hex).unwrap(); - spid.id.copy_from_slice(&decoded_vec[..16]); - spid -} diff --git a/enclave-modules/ecall-handler/src/enclave_manage/errors.rs b/enclave-modules/ecall-handler/src/enclave_manage/errors.rs index 0871ea14..160a043b 100644 --- a/enclave-modules/ecall-handler/src/enclave_manage/errors.rs +++ b/enclave-modules/ecall-handler/src/enclave_manage/errors.rs @@ -25,10 +25,6 @@ define_error! { [attestation_report::Error] |_| { "AttestationReport error" }, - RemoteAttestation - [enclave_remote_attestation::Error] - |_| { "RemoteAttestation error" }, - EcallCommand [ecall_commands::InputValidationError] |_| { "EcallCommand input validation error" }, @@ -39,12 +35,6 @@ define_error! { } } -impl From for Error { - fn from(err: enclave_remote_attestation::Error) -> Self { - Error::remote_attestation(err) - } -} - impl From for Error { fn from(err: attestation_report::Error) -> Self { Error::attestation_report(err) diff --git a/enclave-modules/remote-attestation/Cargo.toml b/enclave-modules/remote-attestation/Cargo.toml deleted file mode 100644 index c05c4b40..00000000 --- a/enclave-modules/remote-attestation/Cargo.toml +++ /dev/null @@ -1,29 +0,0 @@ -[package] -name = "enclave-remote-attestation" -version = "0.1.0" -edition = "2021" - -[dependencies] -sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tcrypto = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } - -itertools = { version = "0.8", default-features = false, features = [] } -log = { version = "0.4.8", default-features = false } -base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } -httparse = { version = "1.3", default-features = false } -chrono = { version = "0.4", default-features = false, features = ["alloc"]} -flex-error = { version = "0.4.4", default-features = false } - -host-api = { path = "../host-api" } - -lcp-types = { path = "../../modules/types", default-features = false } -crypto = { path = "../../modules/crypto", default-features = false } -attestation-report = { path = "../../modules/attestation-report", default-features = false } -ocall-commands = { path = "../../modules/ocall-commands", default-features = false } - -[features] -production = [] -sgx-sw = [ - # "sgx_tstd/untrusted_time" -] diff --git a/enclave-modules/remote-attestation/src/attestation.rs b/enclave-modules/remote-attestation/src/attestation.rs deleted file mode 100644 index c3892fb4..00000000 --- a/enclave-modules/remote-attestation/src/attestation.rs +++ /dev/null @@ -1,379 +0,0 @@ -use crate::errors::Error; -use crate::prelude::*; -use crate::{IAS_HOSTNAME, REPORT_SUFFIX, SIGRL_SUFFIX}; -use alloc::str; -use attestation_report::EndorsedAttestationVerificationReport; -use crypto::sgx::rand::fill_bytes; -use host_api::remote_attestation::{get_ias_socket, get_quote, init_quote}; -use itertools::Itertools; -use log::*; -use ocall_commands::{GetIASSocketResult, GetQuoteInput, GetQuoteResult, InitQuoteResult}; -use sgx_tcrypto::rsgx_sha256_slice; -use sgx_tse::{rsgx_create_report, rsgx_verify_report}; -use sgx_tstd::{ - io::{Read, Write}, - net::TcpStream, - sync::Arc, -}; -use sgx_types::{c_int, sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_report_data_t, sgx_spid_t}; - -pub const REPORT_DATA_SIZE: usize = 32; - -//input: pub_k: &sgx_ec256_public_t, todo: make this the pubkey of the node -pub fn create_attestation_report( - report_data: sgx_report_data_t, - sign_type: sgx_quote_sign_type_t, - spid: sgx_spid_t, - api_hex_str_bytes: &[u8], -) -> Result { - // Workflow: - // (1) ocall to get the target_info structure and epid_group_id - // (1.5) get sigrl - // (2) call sgx_create_report with target_info+data, produce an sgx_report_t - // (3) ocall to sgx_get_quote to generate (*mut sgx-quote_t, uint32_t) - - // (1) get target_info + epid_group_id - - let InitQuoteResult { - target_info, - epid_group_id, - } = init_quote().map_err(Error::host_api)?; - - trace!("EPID group = {:?}", epid_group_id); - - let eg_num = as_u32_le(&epid_group_id); - - // (1.5) get sigrl - let GetIASSocketResult { fd } = get_ias_socket().map_err(Error::host_api)?; - - trace!("Got ias_sock successfully = {}", fd); - - // Now sigrl_vec is the revocation list, a vec - let sigrl_vec: Vec = get_sigrl_from_intel(fd, eg_num, api_hex_str_bytes); - - // (2) Generate the report - // Fill secp256k1 public key into report_data - // this is given as a parameter - - let report = match rsgx_create_report(&target_info, &report_data) { - Ok(r) => { - trace!( - "Report creation => success. Got MR_ENCLAVE {:?}", - r.body.mr_enclave.m - ); - r - } - Err(e) => { - return Err(Error::sgx_error(e, "Report creation => failed".to_string())); - } - }; - - let mut quote_nonce = sgx_quote_nonce_t { rand: [0; 16] }; - fill_bytes(&mut quote_nonce.rand) - .map_err(|e| Error::sgx_error(e, "failed to fill_bytes".to_string()))?; - trace!("Nonce generated successfully"); - - // (3) Generate the quote - // Args: - // 1. sigrl: ptr + len - // 2. report: ptr 432bytes - // 3. linkable: u32, unlinkable=0, linkable=1 - // 4. spid: sgx_spid_t ptr 16bytes - // 5. sgx_quote_nonce_t ptr 16bytes - // 6. p_sig_rl + sigrl size ( same to sigrl) - // 7. [out]p_qe_report need further check - // 8. [out]p_quote - // 9. quote_size - - let GetQuoteResult { qe_report, quote } = get_quote(GetQuoteInput { - sigrl: sigrl_vec, - report, - quote_type: sign_type, - spid, - nonce: quote_nonce, - }) - .map_err(Error::host_api)?; - - // Added 09-28-2018 - // Perform a check on qe_report to verify if the qe_report is valid - match rsgx_verify_report(&qe_report) { - Ok(()) => trace!("rsgx_verify_report passed!"), - Err(e) => { - return Err(Error::sgx_error(e, "rsgx_verify_report failed".to_string())); - } - } - - // Check if the qe_report is produced on the same platform - if target_info.mr_enclave.m != qe_report.body.mr_enclave.m - || target_info.attributes.flags != qe_report.body.attributes.flags - || target_info.attributes.xfrm != qe_report.body.attributes.xfrm - { - return Err(Error::unexpected_report( - "qe_report does not match current target_info!".to_string(), - )); - } - - trace!("QE report check passed"); - - // Check qe_report to defend against replay attack - // The purpose of p_qe_report is for the ISV enclave to confirm the QUOTE - // it received is not modified by the untrusted SW stack, and not a replay. - // The implementation in QE is to generate a REPORT targeting the ISV - // enclave (target info from p_report) , with the lower 32Bytes in - // report.data = SHA256(p_nonce||p_quote). The ISV enclave can verify the - // p_qe_report and report.data to confirm the QUOTE has not be modified and - // is not a replay. It is optional. - - let mut rhs_vec: Vec = quote_nonce.rand.to_vec(); - rhs_vec.extend("e); - let rhs_hash = rsgx_sha256_slice(&rhs_vec[..]).unwrap(); - let lhs_hash = &qe_report.body.report_data.d[..REPORT_DATA_SIZE]; - - trace!("Report rhs hash = {:02X}", rhs_hash.iter().format("")); - trace!("Report lhs hash = {:02X}", lhs_hash.iter().format("")); - - if rhs_hash != lhs_hash { - return Err(Error::unexpected_quote( - format!("Quote is tampered!: {:?} != {:?}", rhs_hash, lhs_hash).to_string(), - )); - } - - let GetIASSocketResult { fd } = get_ias_socket().map_err(Error::host_api)?; - - let (attn_report, signature, signing_cert) = - get_report_from_intel(fd, quote, api_hex_str_bytes); - - Ok(EndorsedAttestationVerificationReport { - avr: attn_report, - signature, - signing_cert, - }) -} - -// pub fn get_sigrl_from_intel(fd: c_int, gid: u32, ias_key: &[u8]) -> Vec { -// trace!("get_sigrl_from_intel fd = {:?}", fd); -// let config = make_ias_client_config(); -// let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); - -// let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", -// SIGRL_SUFFIX, -// gid, -// IAS_HOSTNAME, -// ias_key); - -// trace!("get_sigrl_from_intel: {}", req); - -// let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); -// let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); -// let mut sock = TcpStream::new(fd).unwrap(); -// let mut tls = rustls::Stream::new(&mut sess, &mut sock); - -// let _result = tls.write(req.as_bytes()); -// let mut plaintext = Vec::new(); - -// info!("write complete"); - -// match tls.read_to_end(&mut plaintext) { -// Ok(_) => (), -// Err(e) => { -// warn!("get_sigrl_from_intel tls.read_to_end: {:?}", e); -// panic!("Communication error with IAS"); -// } -// } -// info!("read_to_end complete"); -// let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - -// trace!("{}", resp_string); - -// // resp_string - -// parse_response_sigrl(&plaintext) -// } - -// // TODO: support pse -// pub fn get_report_from_intel( -// fd: c_int, -// quote: Vec, -// ias_key: &[u8], -// ) -> (String, Vec, Vec) { -// trace!("get_report_from_intel fd = {:?}", fd); -// let config = make_ias_client_config(); -// let encoded_quote = base64::encode("e[..]); -// let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); -// let ias_key = String::from_utf8_lossy(ias_key).trim_end().to_owned(); - -// let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key:{}\r\nContent-Length:{}\r\nContent-Type: application/json\r\nConnection: close\r\n\r\n{}", -// REPORT_SUFFIX, -// IAS_HOSTNAME, -// ias_key, -// encoded_json.len(), -// encoded_json); - -// trace!("{}", req); -// let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); -// let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); -// let mut sock = TcpStream::new(fd).unwrap(); -// let mut tls = rustls::Stream::new(&mut sess, &mut sock); - -// let _result = tls.write(req.as_bytes()); -// let mut plaintext = Vec::new(); - -// info!("write complete"); - -// tls.read_to_end(&mut plaintext).unwrap(); -// info!("read_to_end complete"); -// let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - -// trace!("resp_string = {}", resp_string); - -// let (attn_report, sig, cert) = parse_response_attn_report(&plaintext); - -// (attn_report, sig, cert) -// } - -// fn parse_response_attn_report(resp: &[u8]) -> (String, Vec, Vec) { -// trace!("parse_response_attn_report"); -// let mut headers = [httparse::EMPTY_HEADER; 16]; -// let mut respp = httparse::Response::new(&mut headers); -// let result = respp.parse(resp); -// trace!("parse result {:?}", result); - -// let msg: &'static str; - -// match respp.code { -// Some(200) => msg = "OK Operation Successful", -// Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", -// Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", -// Some(500) => msg = "Internal error occurred", -// Some(503) => { -// msg = "Service is currently not able to process the request (due to -// a temporary overloading or maintenance). This is a -// temporary state – the same request can be repeated after -// some time. " -// } -// _ => { -// warn!("DBG:{}", respp.code.unwrap()); -// msg = "Unknown error occured" -// } -// } - -// info!("{}", msg); -// let mut len_num: u32 = 0; - -// let mut sig = String::new(); -// let mut cert = String::new(); -// let mut attn_report = String::new(); - -// for i in 0..respp.headers.len() { -// let h = respp.headers[i]; -// match h.name { -// "Content-Length" => { -// let len_str = String::from_utf8(h.value.to_vec()).unwrap(); -// len_num = len_str.parse::().unwrap(); -// trace!("content length = {}", len_num); -// } -// "X-IASReport-Signature" => sig = str::from_utf8(h.value).unwrap().to_string(), -// "X-IASReport-Signing-Certificate" => { -// cert = str::from_utf8(h.value).unwrap().to_string() -// } -// _ => (), -// } -// } - -// // Remove %0A from cert, and only obtain the signing cert -// cert = cert.replace("%0A", ""); -// cert = percent_decode(cert); - -// let v: Vec<&str> = cert.split("-----").collect(); -// let sig_cert = v[2].to_string(); - -// if len_num != 0 { -// let header_len = result.unwrap().unwrap(); -// let resp_body = &resp[header_len..]; -// attn_report = str::from_utf8(resp_body).unwrap().to_string(); -// info!("Attestation report: {}", attn_report); -// } - -// let sig_bytes = base64::decode(&sig).unwrap(); -// let sig_cert_bytes = base64::decode(&sig_cert).unwrap(); -// // len_num == 0 -// (attn_report, sig_bytes, sig_cert_bytes) -// } - -// fn parse_response_sigrl(resp: &[u8]) -> Vec { -// trace!("parse_response_sigrl"); -// let mut headers = [httparse::EMPTY_HEADER; 16]; -// let mut respp = httparse::Response::new(&mut headers); -// let result = respp.parse(resp); -// trace!("parse result {:?}", result); -// trace!("parse response{:?}", respp); - -// let msg: &'static str; - -// match respp.code { -// Some(200) => msg = "OK Operation Successful", -// Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", -// Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", -// Some(500) => msg = "Internal error occurred", -// Some(503) => { -// msg = "Service is currently not able to process the request (due to -// a temporary overloading or maintenance). This is a -// temporary state – the same request can be repeated after -// some time. " -// } -// _ => msg = "Unknown error occured", -// } - -// info!("{}", msg); -// let mut len_num: u32 = 0; - -// for i in 0..respp.headers.len() { -// let h = respp.headers[i]; -// if h.name == "content-length" { -// let len_str = String::from_utf8(h.value.to_vec()).unwrap(); -// len_num = len_str.parse::().unwrap(); -// trace!("content length = {}", len_num); -// } -// } - -// if len_num != 0 { -// let header_len = result.unwrap().unwrap(); -// let resp_body = &resp[header_len..]; -// trace!("Base64-encoded SigRL: {:?}", resp_body); - -// return base64::decode(str::from_utf8(resp_body).unwrap()).unwrap(); -// } - -// // len_num == 0 -// Vec::new() -// } - -// pub fn make_ias_client_config() -> rustls::ClientConfig { -// let mut config = rustls::ClientConfig::new(); - -// config -// .root_store -// .add_server_trust_anchors(&webpki_roots::TLS_SERVER_ROOTS); - -// config -// } - -// pub(crate) fn as_u32_le(array: &[u8; 4]) -> u32 { -// ((array[0] as u32) << 0) -// + ((array[1] as u32) << 8) -// + ((array[2] as u32) << 16) -// + ((array[3] as u32) << 24) -// } - -// fn percent_decode(orig: String) -> String { -// let v: Vec<&str> = orig.split("%").collect(); -// let mut ret = String::new(); -// ret.push_str(v[0]); -// if v.len() > 1 { -// for s in v[1..].iter() { -// ret.push(u8::from_str_radix(&s[0..2], 16).unwrap() as char); -// ret.push_str(&s[2..]); -// } -// } -// ret -// } diff --git a/enclave-modules/remote-attestation/src/errors.rs b/enclave-modules/remote-attestation/src/errors.rs deleted file mode 100644 index 6d575956..00000000 --- a/enclave-modules/remote-attestation/src/errors.rs +++ /dev/null @@ -1,51 +0,0 @@ -use crate::prelude::*; -use flex_error::*; -use lcp_types::Time; -use sgx_types::sgx_status_t; - -define_error! { - #[derive(Debug, Clone, PartialEq, Eq)] - Error { - TooOldReportTimestamp { - now: Time, - timestamp: Time - } - |e| { - format_args!("TooOldReportTimestamp: the timestamp of the report is too old: now={:?} attestation_time={:?}", e.now, e.timestamp) - }, - - AttestationReport - [attestation_report::Error] - |_| { "AttestationReport error" }, - - UnexpectedReport { - descr: String - } - |e| { - format_args!("UnexpectedReport error: {}", e.descr) - }, - - UnexpectedQuote { - descr: String - } - |e| { - format_args!("UnexpectedQuoteError: {}", e.descr) - }, - - SgxError { - status: sgx_status_t, - descr: String - } - |e| { - format_args!("SGXError: status={:?} descr={}", e.status, e.descr) - }, - - Time - [lcp_types::TimeError] - |_| { "Time error" }, - - HostApi - [host_api::Error] - |_| { "HostApi error" } - } -} diff --git a/enclave-modules/remote-attestation/src/lib.rs b/enclave-modules/remote-attestation/src/lib.rs deleted file mode 100644 index f165aa7a..00000000 --- a/enclave-modules/remote-attestation/src/lib.rs +++ /dev/null @@ -1,25 +0,0 @@ -#![no_std] -extern crate alloc; - -mod prelude { - pub use core::prelude::v1::*; - - // Re-export according to alloc::prelude::v1 because it is not yet stabilized - // https://doc.rust-lang.org/src/alloc/prelude/v1.rs.html - pub use alloc::borrow::ToOwned; - pub use alloc::boxed::Box; - pub use alloc::string::{String, ToString}; - pub use alloc::vec::Vec; - - pub use alloc::format; - pub use alloc::vec; - - // Those are exported by default in the std prelude in Rust 2021 - pub use core::convert::{TryFrom, TryInto}; - pub use core::iter::FromIterator; -} - -pub use errors::Error; - -mod errors; -pub mod report; diff --git a/enclave-modules/remote-attestation/src/report.rs b/enclave-modules/remote-attestation/src/report.rs deleted file mode 100644 index bce0fbd3..00000000 --- a/enclave-modules/remote-attestation/src/report.rs +++ /dev/null @@ -1,84 +0,0 @@ -// use crate::errors::Error; -// use crate::prelude::*; -// use attestation_report::{AttestationVerificationReport, Quote}; -// use core::time::Duration; -// use host_api::remote_attestation::get_report_attestation_status; -// use lcp_types::Time; -// use log::*; -// use ocall_commands::{GetReportAttestationStatusInput, GetReportAttestationStatusResult}; -// use sgx_types::{sgx_platform_info_t, sgx_status_t}; - -// pub fn validate_quote_status( -// current_timestamp: Time, -// avr: &AttestationVerificationReport, -// ) -> Result { -// // 1. Verify quote body -// let quote = avr.parse_quote().map_err(Error::attestation_report)?; - -// // 2. Check quote's timestamp is within 24H -// info!( -// "Time: current_timestamp={:?} quote_timestamp={:?}", -// current_timestamp, quote.attestation_time -// ); - -// if current_timestamp -// >= (quote.attestation_time + Duration::from_secs(60 * 60 * 24)).map_err(Error::time)? -// { -// return Err(Error::too_old_report_timestamp( -// current_timestamp, -// quote.attestation_time, -// )); -// } - -// // 3. Verify quote status (mandatory field) -// match quote.status.as_ref() { -// "OK" => (), -// "GROUP_OUT_OF_DATE" -// | "GROUP_REVOKED" -// | "SW_HARDENING_NEEDED" -// | "CONFIGURATION_NEEDED" -// | "CONFIGURATION_AND_SW_HARDENING_NEEDED" => { -// // Verify platformInfoBlob for further info if status not OK -// // https://api.trustedservices.intel.com/documents/sgx-attestation-api-spec.pdf -// // This field is optional, it will only be present if one the following conditions is met: -// // - isvEnclaveQuoteStatus is equal to GROUP_REVOKED, GROUP_OUT_OF_DATE, CONFIGURATION_NEEDED or CONFIGURATION_AND_SW_HARDENING_NEEDED. -// // - pseManifestStatus is equal to one of the following values: OUT_OF_DATE, REVOKED or RL_VERSION_MISMATCH. -// if let Some(pib) = avr.platform_info_blob.as_ref() { -// let mut buf = Vec::new(); - -// // the TLV Header (4 bytes/8 hexes) should be skipped -// let n = (pib.len() - 8) / 2; -// for i in 0..n { -// buf.push(u8::from_str_radix(&pib[(i * 2 + 8)..(i * 2 + 10)], 16).unwrap()); -// } -// let mut platform_info = sgx_platform_info_t::default(); -// platform_info.platform_info.copy_from_slice(buf.as_slice()); - -// let GetReportAttestationStatusResult { ret, update_info } = -// get_report_attestation_status(GetReportAttestationStatusInput { -// platform_blob: platform_info, -// enclave_trusted: 1, -// }) -// .map_err(Error::host_api)?; - -// if ret != sgx_status_t::SGX_SUCCESS { -// // Borrow of packed field is unsafe in future Rust releases -// info!("update_info.pswUpdate: {}", update_info.pswUpdate as i32); -// info!( -// "update_info.csmeFwUpdate: {}", -// update_info.csmeFwUpdate as i32 -// ); -// info!( -// "update_info.ucodeUpdate: {}", -// update_info.ucodeUpdate as i32 -// ); -// } -// } else { -// info!("attestation report doesn't contain platformInfoBlob"); -// } -// } -// _ => unreachable!("isv_enclave_quote_status must not be empty"), -// } - -// Ok(quote) -// } diff --git a/enclave-modules/remote-attestation/src/simulate.rs b/enclave-modules/remote-attestation/src/simulate.rs deleted file mode 100644 index ad8878a7..00000000 --- a/enclave-modules/remote-attestation/src/simulate.rs +++ /dev/null @@ -1,160 +0,0 @@ -use crate::attestation::REPORT_DATA_SIZE; -use crate::errors::Error; -use crate::prelude::*; -use attestation_report::AttestationVerificationReport; -use crypto::sgx::rand::fill_bytes; -use host_api::remote_attestation::{get_quote, init_quote}; -use itertools::Itertools; -use log::*; -use ocall_commands::{GetQuoteInput, GetQuoteResult, InitQuoteResult}; -use sgx_tcrypto::rsgx_sha256_slice; -use sgx_tse::{rsgx_create_report, rsgx_verify_report}; -use sgx_types::{sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_report_data_t}; - -pub fn create_attestation_report( - report_data: sgx_report_data_t, - sign_type: sgx_quote_sign_type_t, - advisory_ids: Vec, - isv_enclave_quote_status: String, -) -> Result { - // Workflow: - // (1) ocall to get the target_info structure and epid_group_id - // (1.5) get sigrl - // (2) call sgx_create_report with target_info+data, produce an sgx_report_t - // (3) ocall to sgx_get_quote to generate (*mut sgx-quote_t, uint32_t) - - // (1) get target_info + epid_group_id - - let InitQuoteResult { - target_info, - epid_group_id, - } = init_quote().map_err(Error::host_api)?; - - trace!("EPID group = {:?}", epid_group_id); - - // (2) Generate the report - // Fill secp256k1 public key into report_data - // this is given as a parameter - - let report = match rsgx_create_report(&target_info, &report_data) { - Ok(r) => { - trace!( - "Report creation => success. Got MR_ENCLAVE {:?}", - r.body.mr_enclave.m - ); - r - } - Err(e) => { - return Err(Error::sgx_error(e, "Report creation => failed".to_string())); - } - }; - - let mut quote_nonce = sgx_quote_nonce_t { rand: [0; 16] }; - fill_bytes(&mut quote_nonce.rand) - .map_err(|e| Error::sgx_error(e, "failed to fill_bytes".to_string()))?; - trace!("Nonce generated successfully"); - - // (3) Generate the quote - // Args: - // 1. sigrl: ptr + len - // 2. report: ptr 432bytes - // 3. linkable: u32, unlinkable=0, linkable=1 - // 4. spid: sgx_spid_t ptr 16bytes - // 5. sgx_quote_nonce_t ptr 16bytes - // 6. p_sig_rl + sigrl size ( same to sigrl) - // 7. [out]p_qe_report need further check - // 8. [out]p_quote - // 9. quote_size - - let GetQuoteResult { qe_report, quote } = get_quote(GetQuoteInput { - sigrl: vec![], - report, - quote_type: sign_type, - spid: Default::default(), - nonce: quote_nonce, - }) - .map_err(Error::host_api)?; - - // Added 09-28-2018 - // Perform a check on qe_report to verify if the qe_report is valid - match rsgx_verify_report(&qe_report) { - Ok(()) => trace!("rsgx_verify_report passed!"), - Err(e) => { - return Err(Error::sgx_error(e, "rsgx_verify_report failed".to_string())); - } - } - - // Check if the qe_report is produced on the same platform - if target_info.mr_enclave.m != qe_report.body.mr_enclave.m - || target_info.attributes.flags != qe_report.body.attributes.flags - || target_info.attributes.xfrm != qe_report.body.attributes.xfrm - { - return Err(Error::unexpected_report( - "qe_report does not match current target_info!".to_string(), - )); - } - - trace!("QE report check passed"); - - // Check qe_report to defend against replay attack - // The purpose of p_qe_report is for the ISV enclave to confirm the QUOTE - // it received is not modified by the untrusted SW stack, and not a replay. - // The implementation in QE is to generate a REPORT targeting the ISV - // enclave (target info from p_report) , with the lower 32Bytes in - // report.data = SHA256(p_nonce||p_quote). The ISV enclave can verify the - // p_qe_report and report.data to confirm the QUOTE has not be modified and - // is not a replay. It is optional. - - let mut rhs_vec: Vec = quote_nonce.rand.to_vec(); - rhs_vec.extend("e); - let rhs_hash = rsgx_sha256_slice(&rhs_vec[..]).unwrap(); - let lhs_hash = &qe_report.body.report_data.d[..REPORT_DATA_SIZE]; - - trace!("Report rhs hash = {:02X}", rhs_hash.iter().format("")); - trace!("Report lhs hash = {:02X}", lhs_hash.iter().format("")); - - if rhs_hash != lhs_hash { - return Err(Error::unexpected_quote( - format!("Quote is tampered!: {:?} != {:?}", rhs_hash, lhs_hash).to_string(), - )); - } - - create_simulate_avr(quote, advisory_ids, isv_enclave_quote_status) -} - -fn create_simulate_avr( - quote: Vec, - advisory_ids: Vec, - isv_enclave_quote_status: String, -) -> Result { - use chrono::{DateTime, NaiveDateTime, Utc}; - use sgx_tstd::time::SystemTime; - - let now = { - let now = SystemTime::now() - .duration_since(SystemTime::UNIX_EPOCH) - .unwrap(); - let now = NaiveDateTime::from_timestamp_millis(now.as_millis() as i64).unwrap(); - DateTime::::from_utc(now, Utc) - }; - // TODO more configurable via simulation command - Ok(AttestationVerificationReport { - id: "23856791181030202675484781740313693463".to_string(), - // TODO refactoring - timestamp: format!( - "{}000", - now.format("%Y-%m-%dT%H:%M:%S%.f%z") - .to_string() - .strip_suffix("+0000") - .unwrap() - .to_string() - ), - version: 4, - advisory_url: "https://security-center.intel.com".to_string(), - advisory_ids, - isv_enclave_quote_status, - platform_info_blob: None, - isv_enclave_quote_body: base64::encode("e.as_slice()[..432]), - ..Default::default() - }) -} diff --git a/enclave-modules/runtime/Cargo.toml b/enclave-modules/runtime/Cargo.toml index 584af153..42b93ae3 100644 --- a/enclave-modules/runtime/Cargo.toml +++ b/enclave-modules/runtime/Cargo.toml @@ -16,11 +16,3 @@ enclave-utils = { path = "../utils" } ecall-handler = { path = "../ecall-handler" } enclave-environment = { path = "../environment" } ecall-commands = { path = "../../modules/ecall-commands", default-features = false } - -[features] -sgx-sw = [ - "ecall-handler/sgx-sw" -] -production = [ - "ecall-handler/production" -] diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index 54e264a9..747e1539 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -59,12 +59,6 @@ dependencies = [ "const-hex", ] -[[package]] -name = "android-tzdata" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e999941b234f3131b00bc13c22d06e8c5ff726d1b6318ac7eb276997bbb4fef0" - [[package]] name = "anyhow" version = "1.0.66" @@ -87,7 +81,7 @@ checksum = "8da52d66c7071e2e3fa2a1e5c6d088fec47b593032b254f5e980de8ea54454d6" name = "attestation-report" version = "0.1.0" dependencies = [ - "base64 0.20.0-alpha.1", + "base64 0.22.1", "chrono", "crypto", "flex-error", @@ -114,14 +108,14 @@ checksum = "9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8" [[package]] name = "base64" -version = "0.20.0-alpha.1" -source = "git+https://github.com/marshallpierce/rust-base64#7fa4339da21d0eeeab22cd07cbac27e15ce549be" +version = "0.21.7" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64" -version = "0.21.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "604178f6c5c21f02dc555784810edfb88d34ac2c73b2eae109655649ee73ce3d" +version = "0.22.1" +source = "git+https://github.com/marshallpierce/rust-base64#77e5251a281c3c1381f878ec3ad5cf3c71126e2c" [[package]] name = "bincode" @@ -230,11 +224,10 @@ checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" [[package]] name = "chrono" -version = "0.4.26" +version = "0.4.38" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ec837a71355b28f6556dbd569b37b3f363091c0bd4b2e735674521b4c5fd9bc5" +checksum = "a21f936df1771bf62b77f047b726c4625ff2e8aa607c01ec06e5a05bd8463401" dependencies = [ - "android-tzdata", "num-traits", "serde", ] @@ -347,9 +340,9 @@ dependencies = [ [[package]] name = "darling" -version = "0.14.2" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b0dd3cd20dc6b5a876612a6e5accfe7f3dd883db6d07acfbf14c128f61550dfa" +checksum = "6f63b86c8a8826a49b8c21f08a2d07338eec8d900540f8630dc76284be802989" dependencies = [ "darling_core", "darling_macro", @@ -357,27 +350,27 @@ dependencies = [ [[package]] name = "darling_core" -version = "0.14.2" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a784d2ccaf7c98501746bf0be29b2022ba41fd62a2e622af997a03e9f972859f" +checksum = "95133861a8032aaea082871032f5815eb9e98cef03fa916ab4500513994df9e5" dependencies = [ "fnv", "ident_case", "proc-macro2", "quote", "strsim", - "syn 1.0.103", + "syn 2.0.32", ] [[package]] name = "darling_macro" -version = "0.14.2" +version = "0.20.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7618812407e9402654622dd402b0a89dff9ba93badd6540781526117b92aab7e" +checksum = "d336a2a514f6ccccaa3e09b02d41d35330c07ddf03a62165fcec10bb561c7806" dependencies = [ "darling_core", "quote", - "syn 1.0.103", + "syn 2.0.32", ] [[package]] @@ -459,7 +452,6 @@ dependencies = [ "crypto", "ecall-commands", "enclave-environment", - "enclave-remote-attestation", "flex-error", "hex", "lcp-types", @@ -515,26 +507,6 @@ dependencies = [ "store", ] -[[package]] -name = "enclave-remote-attestation" -version = "0.1.0" -dependencies = [ - "attestation-report", - "base64 0.20.0-alpha.1", - "chrono", - "crypto", - "flex-error", - "host-api", - "httparse", - "itertools 0.8.2", - "lcp-types", - "log", - "ocall-commands", - "sgx_tcrypto", - "sgx_tse", - "sgx_types", -] - [[package]] name = "enclave-runtime" version = "0.1.0" @@ -742,12 +714,6 @@ dependencies = [ "store", ] -[[package]] -name = "httparse" -version = "1.8.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d897f394bad6a705d5f4104762e116a75639e470d80901eed05a860a95cb1904" - [[package]] name = "ibc" version = "0.29.0" @@ -857,15 +823,6 @@ dependencies = [ "hashbrown 0.14.3", ] -[[package]] -name = "itertools" -version = "0.8.2" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f56a2d0bc861f9165be4eb3442afd3c236d8a98afd426f65d92324ae1091a484" -dependencies = [ - "either", -] - [[package]] name = "itertools" version = "0.10.5" @@ -1091,7 +1048,7 @@ version = "2.0.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "6b13fe415cdf3c8e44518e18a7c95a13431d9bdf6d15367d82b23c377fdd441a" dependencies = [ - "base64 0.21.2", + "base64 0.21.7", ] [[package]] @@ -1206,7 +1163,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8bda8c0881ea9f722eb9629376db3d0b903b462477c1aafcb0566610ac28ac5d" dependencies = [ "anyhow", - "itertools 0.10.5", + "itertools", "proc-macro2", "quote", "syn 1.0.103", @@ -1448,9 +1405,9 @@ dependencies = [ [[package]] name = "serde_with" -version = "2.0.1" +version = "2.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "368f2d60d049ea019a84dcd6687b0d1e0030fe663ae105039bdf967ed5e6a9a7" +checksum = "07ff71d2c147a7b57362cead5e22f772cd52f6ab31cfcd9edcd7f6aeb2a0afbe" dependencies = [ "base64 0.13.1", "chrono", @@ -1463,14 +1420,14 @@ dependencies = [ [[package]] name = "serde_with_macros" -version = "2.0.1" +version = "2.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1ccadfacf6cf10faad22bbadf55986bdd0856edfb5d9210aa1dcf1f516e84e93" +checksum = "881b6f881b17d13214e5d494c939ebab463d01264ce1811e9d4ac3a882e7695f" dependencies = [ "darling", "proc-macro2", "quote", - "syn 1.0.103", + "syn 2.0.32", ] [[package]] @@ -1596,9 +1553,9 @@ dependencies = [ [[package]] name = "strsim" -version = "0.10.0" +version = "0.11.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "73473c0e59e6d5812c5dfe2a064a6444949f089e20eec9a2e5506596494e4623" +checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f" [[package]] name = "subtle" diff --git a/enclave/Cargo.toml b/enclave/Cargo.toml index 36c0ddea..94e19bec 100644 --- a/enclave/Cargo.toml +++ b/enclave/Cargo.toml @@ -10,12 +10,6 @@ crate-type = ["staticlib"] [features] default = [] -production = [ - "enclave-runtime/production" -] -sgx-sw = [ - "enclave-runtime/sgx-sw" -] [dependencies] log = { version = "0.4.8", default-features = false } diff --git a/modules/enclave-api/src/api/command.rs b/modules/enclave-api/src/api/command.rs index ea674a07..c4a5e52e 100644 --- a/modules/enclave-api/src/api/command.rs +++ b/modules/enclave-api/src/api/command.rs @@ -31,6 +31,7 @@ pub trait EnclaveCommandAPI: EnclavePrimitiveAPI { Ok(res) } + /// create_report creates a report for the given target_info fn create_report(&self, input: CreateReportInput) -> Result { match self.execute_command( Command::EnclaveManage(EnclaveManageCommand::CreateReport(input)), @@ -41,56 +42,6 @@ pub trait EnclaveCommandAPI: EnclavePrimitiveAPI { } } - // /// ias_remote_attestation performs Remote Attestation with IAS(Intel Attestation Service) - // fn ias_remote_attestation( - // &self, - // input: IASRemoteAttestationInput, - // ) -> Result { - // let target_enclave_key = input.target_enclave_key; - // let res = match self.execute_command( - // Command::EnclaveManage(EnclaveManageCommand::IASRemoteAttestation(input)), - // None, - // )? { - // CommandResponse::EnclaveManage(EnclaveManageResponse::IASRemoteAttestation(res)) => res, - // _ => unreachable!(), - // }; - // self.get_key_manager() - // .save_avr(target_enclave_key, res.report.clone())?; - // Ok(res) - // } - - // /// simulate_remote_attestation simulates Remote Attestation - // #[cfg(feature = "sgx-sw")] - // fn simulate_remote_attestation( - // &self, - // input: ecall_commands::SimulateRemoteAttestationInput, - // signing_key: rsa::pkcs1v15::SigningKey, - // signing_cert: Vec, - // ) -> Result { - // use attestation_report::EndorsedAttestationVerificationReport; - // use rsa::signature::{SignatureEncoding, Signer}; - - // let target_enclave_key = input.target_enclave_key; - // let res = match self.execute_command( - // Command::EnclaveManage(EnclaveManageCommand::SimulateRemoteAttestation(input)), - // None, - // )? { - // CommandResponse::EnclaveManage(EnclaveManageResponse::SimulateRemoteAttestation( - // res, - // )) => res, - // _ => unreachable!(), - // }; - // let avr_json = res.avr.to_canonical_json().unwrap(); - // let signature = signing_key.sign(avr_json.as_bytes()).to_vec(); - // let eavr = EndorsedAttestationVerificationReport { - // avr: avr_json, - // signature, - // signing_cert, - // }; - // self.get_key_manager().save_avr(target_enclave_key, eavr)?; - // Ok(res) - // } - /// init_client initializes an ELC instance with given states fn init_client(&self, input: InitClientInput) -> Result { let update_key = Some(input.any_client_state.type_url.clone()); @@ -119,6 +70,7 @@ pub trait EnclaveCommandAPI: EnclavePrimitiveAPI { } } + /// aggregate_messages aggregates the messages and proofs into a single message and proof fn aggregate_messages( &self, input: AggregateMessagesInput, diff --git a/modules/remote-attestation/Cargo.toml b/modules/remote-attestation/Cargo.toml index 7f2023ae..fe9e1c07 100644 --- a/modules/remote-attestation/Cargo.toml +++ b/modules/remote-attestation/Cargo.toml @@ -15,8 +15,8 @@ webpki = "0.21" webpki-roots = "0.17" flex-error = { version = "0.4.4" } sha2 = { version = "0.10.6" } -rsa = { version = "0.9.2", features = ["pem"] } -chrono = { version = "0.4.38", features = ["now"] } +rsa = { version = "0.9.2", features = ["pem"], optional = true } +chrono = { version = "0.4.38", features = ["now"], optional = true } lcp-types = { path = "../types" } crypto = { path = "../crypto", default-features = false } @@ -24,3 +24,10 @@ attestation-report = { path = "../attestation-report" } ecall-commands = { path = "../ecall-commands" } enclave-api = { path = "../enclave-api" } store = { path = "../store", features = ["rocksdbstore"] } + +[features] +default = [] +sgx-sw = [ + "rsa", + "chrono" +] \ No newline at end of file diff --git a/modules/remote-attestation/src/lib.rs b/modules/remote-attestation/src/lib.rs index 62dc744a..b59c902b 100644 --- a/modules/remote-attestation/src/lib.rs +++ b/modules/remote-attestation/src/lib.rs @@ -1,5 +1,6 @@ pub mod errors; pub mod ias; +#[cfg(feature = "sgx-sw")] pub mod ias_simulation; mod ias_utils; From d16e15af43b9f7f0479c0f3a03d5f80ead5be591 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 13:58:59 +0900 Subject: [PATCH 06/30] fix integration test Signed-off-by: Jun Kimura --- Cargo.lock | 1 + tests/integration/Cargo.toml | 4 +- tests/integration/src/lib.rs | 152 ++++++++++++++++++----------------- 3 files changed, 82 insertions(+), 75 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d393a82c..6b1fb069 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2551,6 +2551,7 @@ dependencies = [ "ocall-handler", "once_cell", "prost-types", + "remote-attestation", "store", "tempfile", "tendermint-light-client-verifier 0.28.0", diff --git a/tests/integration/Cargo.toml b/tests/integration/Cargo.toml index 86601379..6a399271 100644 --- a/tests/integration/Cargo.toml +++ b/tests/integration/Cargo.toml @@ -34,9 +34,11 @@ enclave-api = { path = "../../modules/enclave-api" } ecall-commands = { path = "../../modules/ecall-commands" } attestation-report = { path = "../../modules/attestation-report" } keymanager = { path = "../../modules/keymanager" } +remote-attestation = { path = "../../modules/remote-attestation" } [features] default = [] sgx-sw = [ - "enclave-api/sgx-sw" + "enclave-api/sgx-sw", + "remote-attestation/sgx-sw" ] diff --git a/tests/integration/src/lib.rs b/tests/integration/src/lib.rs index d94fd007..ac2d9638 100644 --- a/tests/integration/src/lib.rs +++ b/tests/integration/src/lib.rs @@ -115,80 +115,84 @@ mod tests { }; let operator = Address::from_hex_string("0x396e1ccc2f11cd6d2114c2449dad7751357e413e")?; - // #[cfg(not(feature = "sgx-sw"))] - // { - // let res = - // match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { - // target_enclave_key: signer, - // operator: Some(operator), - // spid: std::env::var("SPID")?.as_bytes().to_vec(), - // ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), - // }) { - // Ok(res) => res.report, - // Err(e) => { - // bail!("IAS Remote Attestation Failed {:?}!", e); - // } - // }; - // let report_data = res.get_avr()?.parse_quote()?.report_data(); - // assert_eq!(report_data.enclave_key(), signer); - // assert_eq!(report_data.operator(), operator); - // let res = - // match enclave.ias_remote_attestation(ecall_commands::IASRemoteAttestationInput { - // target_enclave_key: signer, - // operator: None, - // spid: std::env::var("SPID")?.as_bytes().to_vec(), - // ias_key: std::env::var("IAS_KEY")?.as_bytes().to_vec(), - // }) { - // Ok(res) => res.report, - // Err(e) => { - // bail!("IAS Remote Attestation Failed {:?}!", e); - // } - // }; - // let report_data = res.get_avr()?.parse_quote()?.report_data(); - // assert_eq!(report_data.enclave_key(), signer); - // assert!(report_data.operator().is_zero()); - // } - // #[cfg(feature = "sgx-sw")] - // { - // use enclave_api::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; - // use enclave_api::sha2::Sha256; - // let res = match enclave.simulate_remote_attestation( - // ecall_commands::SimulateRemoteAttestationInput { - // target_enclave_key: signer, - // operator: Some(operator), - // advisory_ids: vec![], - // isv_enclave_quote_status: "OK".to_string(), - // }, - // SigningKey::::random(&mut OsRng, 3072)?, - // Default::default(), // TODO set valid certificate - // ) { - // Ok(res) => res.avr, - // Err(e) => { - // bail!("Simulate Remote Attestation Failed {:?}!", e); - // } - // }; - // let report_data = res.parse_quote()?.report_data(); - // assert_eq!(report_data.enclave_key(), signer); - // assert_eq!(report_data.operator(), operator); - // let res = match enclave.simulate_remote_attestation( - // ecall_commands::SimulateRemoteAttestationInput { - // target_enclave_key: signer, - // operator: None, - // advisory_ids: vec![], - // isv_enclave_quote_status: "OK".to_string(), - // }, - // SigningKey::::random(&mut OsRng, 3072)?, - // Default::default(), // TODO set valid certificate - // ) { - // Ok(res) => res.avr, - // Err(e) => { - // bail!("Simulate Remote Attestation Failed {:?}!", e); - // } - // }; - // let report_data = res.parse_quote()?.report_data(); - // assert_eq!(report_data.enclave_key(), signer); - // assert!(report_data.operator().is_zero()); - // } + #[cfg(not(feature = "sgx-sw"))] + { + use remote_attestation::ias::run_ias_ra; + let res = match run_ias_ra( + enclave, + signer, + Some(operator), + remote_attestation::ias_utils::IASMode::Development, + std::env::var("SPID")?, + std::env::var("IAS_KEY")?, + ) { + Ok(res) => res, + Err(e) => { + bail!("IAS Remote Attestation Failed {:?}!", e); + } + }; + let report_data = res.get_avr()?.parse_quote()?.report_data(); + assert_eq!(report_data.enclave_key(), signer); + assert_eq!(report_data.operator(), operator); + + let res = match run_ias_ra( + enclave, + signer, + None, + remote_attestation::ias_utils::IASMode::Development, + std::env::var("SPID")?, + std::env::var("IAS_KEY")?, + ) { + Ok(res) => res, + Err(e) => { + bail!("IAS Remote Attestation Failed {:?}!", e); + } + }; + let report_data = res.get_avr()?.parse_quote()?.report_data(); + assert_eq!(report_data.enclave_key(), signer); + assert!(report_data.operator().is_zero()); + } + #[cfg(feature = "sgx-sw")] + { + use enclave_api::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; + use enclave_api::sha2::Sha256; + use remote_attestation::ias_simulation::run_ias_ra_simulation; + let res = match run_ias_ra_simulation( + enclave, + signer, + Some(operator), + vec![], + "OK".to_string(), + SigningKey::::random(&mut OsRng, 3072)?, + Default::default(), // TODO set valid certificate + ) { + Ok(res) => res.get_avr()?, + Err(e) => { + bail!("IAS Remote Attestation Failed {:?}!", e); + } + }; + let report_data = res.parse_quote()?.report_data(); + assert_eq!(report_data.enclave_key(), signer); + assert_eq!(report_data.operator(), operator); + + let res = match run_ias_ra_simulation( + enclave, + signer, + None, + vec![], + "OK".to_string(), + SigningKey::::random(&mut OsRng, 3072)?, + Default::default(), // TODO set valid certificate + ) { + Ok(res) => res.get_avr()?, + Err(e) => { + bail!("IAS Remote Attestation Failed {:?}!", e); + } + }; + let report_data = res.parse_quote()?.report_data(); + assert_eq!(report_data.enclave_key(), signer); + assert!(report_data.operator().is_zero()); + } let (client_id, last_height) = { // XXX use non-latest height here From 73879b8fdf065872f6e9339a96003b50f1f7c0ed Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 14:20:47 +0900 Subject: [PATCH 07/30] remove unused code and fix compiler warnings Signed-off-by: Jun Kimura --- Cargo.lock | 2 - app/Cargo.toml | 2 - app/src/commands/attestation.rs | 4 +- enclave-modules/ecall-handler/src/lib.rs | 1 + enclave-modules/environment/src/lib.rs | 1 + enclave-modules/host-api/src/lib.rs | 2 + enclave-modules/runtime/src/lib.rs | 2 + modules/attestation-report/src/lib.rs | 1 + modules/commitments/src/lib.rs | 1 + modules/context/src/lib.rs | 3 +- modules/crypto/src/lib.rs | 1 + modules/ecall-commands/src/lib.rs | 4 +- modules/enclave-api/Cargo.toml | 6 -- modules/enclave-api/src/lib.rs | 4 - modules/lcp-client/src/lib.rs | 1 + modules/light-client/src/lib.rs | 2 + modules/mock-lc/src/lib.rs | 1 + modules/ocall-commands/src/lib.rs | 6 +- .../ocall-commands/src/remote_attestation.rs | 73 ------------------- modules/ocall-commands/src/transmuter.rs | 42 ----------- modules/remote-attestation/Cargo.toml | 2 +- modules/remote-attestation/src/lib.rs | 3 + modules/service/Cargo.toml | 5 -- modules/store/src/lib.rs | 1 + modules/tendermint-lc/src/lib.rs | 1 + modules/types/src/lib.rs | 1 + modules/types/src/time.rs | 2 +- tests/integration/Cargo.toml | 1 - tests/integration/src/lib.rs | 4 +- 29 files changed, 31 insertions(+), 148 deletions(-) delete mode 100644 modules/ocall-commands/src/remote_attestation.rs delete mode 100644 modules/ocall-commands/src/transmuter.rs diff --git a/Cargo.lock b/Cargo.lock index 6b1fb069..c63faa14 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1414,10 +1414,8 @@ dependencies = [ "lcp-proto", "lcp-types", "log", - "rsa", "sgx_types", "sgx_urts", - "sha2 0.10.6", "store", ] diff --git a/app/Cargo.toml b/app/Cargo.toml index 2834165b..cb148a81 100644 --- a/app/Cargo.toml +++ b/app/Cargo.toml @@ -35,7 +35,5 @@ git2 = "0.17" [features] default = [] sgx-sw = [ - "enclave-api/sgx-sw", - "service/sgx-sw", "remote-attestation/sgx-sw" ] diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index 18ef0548..8e19771d 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -188,10 +188,10 @@ fn run_simulate_remote_attestation, S: CommitStore>( enclave: E, cmd: &SimulateRemoteAttestation, ) -> Result<()> { - use enclave_api::rsa::{ + use remote_attestation::rsa::{ pkcs1v15::SigningKey, pkcs8::DecodePrivateKey, traits::PublicKeyParts, RsaPrivateKey, }; - use enclave_api::sha2::Sha256; + use remote_attestation::sha2::Sha256; use std::fs; let pk = RsaPrivateKey::read_pkcs8_pem_file(&cmd.signing_key_path)?; diff --git a/enclave-modules/ecall-handler/src/lib.rs b/enclave-modules/ecall-handler/src/lib.rs index 69497f58..12a2328c 100644 --- a/enclave-modules/ecall-handler/src/lib.rs +++ b/enclave-modules/ecall-handler/src/lib.rs @@ -1,6 +1,7 @@ #![no_std] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/enclave-modules/environment/src/lib.rs b/enclave-modules/environment/src/lib.rs index 81bde985..c2234b64 100644 --- a/enclave-modules/environment/src/lib.rs +++ b/enclave-modules/environment/src/lib.rs @@ -1,6 +1,7 @@ #![no_std] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/enclave-modules/host-api/src/lib.rs b/enclave-modules/host-api/src/lib.rs index 4c96cbee..4af8da86 100644 --- a/enclave-modules/host-api/src/lib.rs +++ b/enclave-modules/host-api/src/lib.rs @@ -1,5 +1,7 @@ #![no_std] extern crate alloc; + +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/enclave-modules/runtime/src/lib.rs b/enclave-modules/runtime/src/lib.rs index c026ee55..482d78dc 100644 --- a/enclave-modules/runtime/src/lib.rs +++ b/enclave-modules/runtime/src/lib.rs @@ -1,5 +1,7 @@ #![no_std] extern crate alloc; + +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/attestation-report/src/lib.rs b/modules/attestation-report/src/lib.rs index c6b0c53a..949b27df 100644 --- a/modules/attestation-report/src/lib.rs +++ b/modules/attestation-report/src/lib.rs @@ -1,6 +1,7 @@ #![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/commitments/src/lib.rs b/modules/commitments/src/lib.rs index b86e5350..627aa935 100644 --- a/modules/commitments/src/lib.rs +++ b/modules/commitments/src/lib.rs @@ -1,6 +1,7 @@ #![cfg_attr(not(test), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/context/src/lib.rs b/modules/context/src/lib.rs index 7c7effe1..1ae74753 100644 --- a/modules/context/src/lib.rs +++ b/modules/context/src/lib.rs @@ -1,6 +1,7 @@ -#![cfg_attr(not(feature = "std"), no_std)] +#![no_std] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/crypto/src/lib.rs b/modules/crypto/src/lib.rs index 5debe1d0..6c969537 100644 --- a/modules/crypto/src/lib.rs +++ b/modules/crypto/src/lib.rs @@ -1,6 +1,7 @@ #![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/ecall-commands/src/lib.rs b/modules/ecall-commands/src/lib.rs index b68485d2..22637ddb 100644 --- a/modules/ecall-commands/src/lib.rs +++ b/modules/ecall-commands/src/lib.rs @@ -1,8 +1,10 @@ +#![cfg_attr(not(feature = "std"), no_std)] #![feature(generic_const_exprs)] +#![allow(incomplete_features)] #![allow(clippy::large_enum_variant)] -#![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/enclave-api/Cargo.toml b/modules/enclave-api/Cargo.toml index 41f1a98a..926574f9 100644 --- a/modules/enclave-api/Cargo.toml +++ b/modules/enclave-api/Cargo.toml @@ -9,8 +9,6 @@ sgx_urts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde", "alloc"] } log = "0.4.8" flex-error = { version = "0.4.4" } -rsa = { version = "0.9.2", features = ["pem"], optional = true } -sha2 = { version = "0.10.6", default-features = false, features = ["oid"], optional = true } lcp-types = { path = "../types" } commitments = { path = "../commitments" } @@ -27,7 +25,3 @@ std = [ "flex-error/std" ] rocksdb = ["store/rocksdbstore"] -sgx-sw = [ - "rsa", - "sha2" -] diff --git a/modules/enclave-api/src/lib.rs b/modules/enclave-api/src/lib.rs index 8de9bae8..a2d183bc 100644 --- a/modules/enclave-api/src/lib.rs +++ b/modules/enclave-api/src/lib.rs @@ -1,10 +1,6 @@ pub use api::{EnclaveCommandAPI, EnclavePrimitiveAPI, EnclaveProtoAPI}; pub use enclave::{Enclave, EnclaveInfo}; use errors::{Error, Result}; -#[cfg(feature = "sgx-sw")] -pub use rsa; -#[cfg(feature = "sgx-sw")] -pub use sha2; mod api; mod enclave; diff --git a/modules/lcp-client/src/lib.rs b/modules/lcp-client/src/lib.rs index 3026920f..71307da2 100644 --- a/modules/lcp-client/src/lib.rs +++ b/modules/lcp-client/src/lib.rs @@ -2,6 +2,7 @@ #![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/light-client/src/lib.rs b/modules/light-client/src/lib.rs index 0ac3b736..aca593a2 100644 --- a/modules/light-client/src/lib.rs +++ b/modules/light-client/src/lib.rs @@ -1,6 +1,8 @@ #![no_std] extern crate alloc; +#[allow(unused_imports)] + mod prelude { pub use core::prelude::v1::*; diff --git a/modules/mock-lc/src/lib.rs b/modules/mock-lc/src/lib.rs index 62f37867..76fb59ac 100644 --- a/modules/mock-lc/src/lib.rs +++ b/modules/mock-lc/src/lib.rs @@ -1,6 +1,7 @@ #![no_std] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/ocall-commands/src/lib.rs b/modules/ocall-commands/src/lib.rs index 6a8d71f3..ce4ee60d 100644 --- a/modules/ocall-commands/src/lib.rs +++ b/modules/ocall-commands/src/lib.rs @@ -1,14 +1,10 @@ #![no_std] -#![allow(incomplete_features)] #![allow(clippy::large_enum_variant)] -#![feature(generic_const_exprs)] extern crate alloc; pub use crate::store::{StoreCommand, StoreResult}; +use serde::{Deserialize, Serialize}; mod store; -mod transmuter; - -use serde::{Deserialize, Serialize}; #[derive(Serialize, Deserialize, Debug)] pub struct OCallCommand { diff --git a/modules/ocall-commands/src/remote_attestation.rs b/modules/ocall-commands/src/remote_attestation.rs deleted file mode 100644 index 782a0f02..00000000 --- a/modules/ocall-commands/src/remote_attestation.rs +++ /dev/null @@ -1,73 +0,0 @@ -use crate::transmuter::BytesTransmuter; -use alloc::vec::Vec; -use serde::{Deserialize, Serialize}; -use serde_with::serde_as; -use sgx_types::*; - -#[derive(Serialize, Deserialize, Debug)] -pub enum RemoteAttestationCommand { - InitQuote, - GetIASSocket, - GetQuote(GetQuoteInput), - GetReportAttestationStatus(GetReportAttestationStatusInput), -} - -#[derive(Serialize, Deserialize, Debug)] -pub enum RemoteAttestationResult { - InitQuote(InitQuoteResult), - GetIASSocket(GetIASSocketResult), - GetQuote(GetQuoteResult), - GetReportAttestationStatus(GetReportAttestationStatusResult), -} - -#[serde_as] -#[derive(Serialize, Deserialize, Debug)] -pub struct InitQuoteResult { - #[serde_as(as = "BytesTransmuter")] - pub target_info: sgx_target_info_t, - pub epid_group_id: sgx_epid_group_id_t, -} - -#[derive(Serialize, Deserialize, Debug)] -pub struct GetIASSocketResult { - pub fd: c_int, -} - -#[serde_as] -#[derive(Serialize, Deserialize, Debug)] -pub struct GetQuoteInput { - pub sigrl: Vec, - #[serde_as(as = "BytesTransmuter")] - pub report: sgx_report_t, - #[serde_as(as = "BytesTransmuter")] - pub quote_type: sgx_quote_sign_type_t, - #[serde_as(as = "BytesTransmuter")] - pub spid: sgx_spid_t, - #[serde_as(as = "BytesTransmuter")] - pub nonce: sgx_quote_nonce_t, -} - -#[serde_as] -#[derive(Serialize, Deserialize, Debug)] -pub struct GetQuoteResult { - #[serde_as(as = "BytesTransmuter")] - pub qe_report: sgx_report_t, - pub quote: Vec, -} - -#[serde_as] -#[derive(Serialize, Deserialize, Debug)] -pub struct GetReportAttestationStatusInput { - #[serde_as(as = "BytesTransmuter")] - pub platform_blob: sgx_platform_info_t, - pub enclave_trusted: i32, -} - -#[serde_as] -#[derive(Serialize, Deserialize, Debug)] -pub struct GetReportAttestationStatusResult { - #[serde_as(as = "BytesTransmuter")] - pub ret: sgx_status_t, - #[serde_as(as = "BytesTransmuter")] - pub update_info: sgx_update_info_bit_t, -} diff --git a/modules/ocall-commands/src/transmuter.rs b/modules/ocall-commands/src/transmuter.rs deleted file mode 100644 index d829c6ac..00000000 --- a/modules/ocall-commands/src/transmuter.rs +++ /dev/null @@ -1,42 +0,0 @@ -use alloc::string::ToString; -use core::marker::PhantomData; -use serde::Deserialize; -use serde_with::{DeserializeAs, SerializeAs}; - -pub(crate) struct BytesTransmuter(PhantomData); - -impl SerializeAs for BytesTransmuter -where - [(); core::mem::size_of::()]:, -{ - fn serialize_as(source: &T, serializer: S) -> Result - where - S: serde::Serializer, - { - serializer.serialize_bytes(&unsafe { - core::mem::transmute_copy::<_, [u8; core::mem::size_of::()]>(source) - }) - } -} - -impl<'de, T> DeserializeAs<'de, T> for BytesTransmuter -where - [(); core::mem::size_of::()]:, -{ - fn deserialize_as(deserializer: D) -> Result - where - D: serde::Deserializer<'de>, - { - let bz = <&[u8]>::deserialize(deserializer).map_err(serde::de::Error::custom)?; - let mut array = [0; core::mem::size_of::()]; - if bz.len() == array.len() { - array.copy_from_slice(bz); - Ok(unsafe { core::mem::transmute_copy(&array) }) - } else { - Err(serde::de::Error::invalid_length( - bz.len(), - &array.len().to_string().as_str(), - )) - } - } -} diff --git a/modules/remote-attestation/Cargo.toml b/modules/remote-attestation/Cargo.toml index fe9e1c07..ce3ade32 100644 --- a/modules/remote-attestation/Cargo.toml +++ b/modules/remote-attestation/Cargo.toml @@ -14,7 +14,7 @@ rustls = "0.19" webpki = "0.21" webpki-roots = "0.17" flex-error = { version = "0.4.4" } -sha2 = { version = "0.10.6" } +sha2 = { version = "0.10.6", features = ["oid"] } rsa = { version = "0.9.2", features = ["pem"], optional = true } chrono = { version = "0.4.38", features = ["now"], optional = true } diff --git a/modules/remote-attestation/src/lib.rs b/modules/remote-attestation/src/lib.rs index b59c902b..b79ab6a7 100644 --- a/modules/remote-attestation/src/lib.rs +++ b/modules/remote-attestation/src/lib.rs @@ -5,3 +5,6 @@ pub mod ias_simulation; mod ias_utils; pub use ias_utils::{IASMode, IAS_HOSTNAME}; +#[cfg(feature = "sgx-sw")] +pub use rsa; +pub use sha2; diff --git a/modules/service/Cargo.toml b/modules/service/Cargo.toml index 3cb2da6b..87042395 100644 --- a/modules/service/Cargo.toml +++ b/modules/service/Cargo.toml @@ -14,8 +14,3 @@ crypto = { path = "../crypto" } enclave-api = { path = "../enclave-api" } lcp-proto = { path = "../../proto", default-features = false, features = ["server"] } store = { path = "../store", default-features = false } - -[features] -sgx-sw = [ - "enclave-api/sgx-sw" -] diff --git a/modules/store/src/lib.rs b/modules/store/src/lib.rs index e6217bd4..9ec79085 100644 --- a/modules/store/src/lib.rs +++ b/modules/store/src/lib.rs @@ -1,6 +1,7 @@ #![cfg_attr(not(feature = "std"), no_std)] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/tendermint-lc/src/lib.rs b/modules/tendermint-lc/src/lib.rs index 9391e809..4e176a22 100644 --- a/modules/tendermint-lc/src/lib.rs +++ b/modules/tendermint-lc/src/lib.rs @@ -2,6 +2,7 @@ #![no_std] extern crate alloc; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/types/src/lib.rs b/modules/types/src/lib.rs index b038429a..e6eef337 100644 --- a/modules/types/src/lib.rs +++ b/modules/types/src/lib.rs @@ -17,6 +17,7 @@ mod host; mod sgx; mod time; +#[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; diff --git a/modules/types/src/time.rs b/modules/types/src/time.rs index c336681e..447b7be9 100644 --- a/modules/types/src/time.rs +++ b/modules/types/src/time.rs @@ -16,7 +16,7 @@ pub const MAX_UNIX_TIMESTAMP_NANOS: u128 = 253_402_300_799_999_999_999; pub struct Time(TmTime); impl Time { - #[cfg(all(feature = "std", not(feature = "sgx")))] + #[cfg(feature = "std")] pub fn now() -> Self { use std::time::{SystemTime, UNIX_EPOCH}; let now = SystemTime::now().duration_since(UNIX_EPOCH).unwrap(); diff --git a/tests/integration/Cargo.toml b/tests/integration/Cargo.toml index 6a399271..1498dc0b 100644 --- a/tests/integration/Cargo.toml +++ b/tests/integration/Cargo.toml @@ -39,6 +39,5 @@ remote-attestation = { path = "../../modules/remote-attestation" } [features] default = [] sgx-sw = [ - "enclave-api/sgx-sw", "remote-attestation/sgx-sw" ] diff --git a/tests/integration/src/lib.rs b/tests/integration/src/lib.rs index ac2d9638..f5cee5d5 100644 --- a/tests/integration/src/lib.rs +++ b/tests/integration/src/lib.rs @@ -154,8 +154,8 @@ mod tests { } #[cfg(feature = "sgx-sw")] { - use enclave_api::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; - use enclave_api::sha2::Sha256; + use remote_attestation::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; + use remote_attestation::sha2::Sha256; use remote_attestation::ias_simulation::run_ias_ra_simulation; let res = match run_ias_ra_simulation( enclave, From 199aee74c43fbe5a7d994cdb449a3866053790a5 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 15:19:37 +0900 Subject: [PATCH 08/30] fix clippy warnings Signed-off-by: Jun Kimura --- Cargo.lock | 3 -- app/src/commands/enclave.rs | 2 +- enclave-modules/ecall-handler/Cargo.toml | 1 - enclave/Cargo.lock | 5 --- enclave/Cargo.toml | 2 - enclave/src/lib.rs | 8 +--- modules/commitments/src/context.rs | 9 +---- modules/crypto/src/sgx/rand.rs | 1 - modules/ecall-commands/Cargo.toml | 1 - modules/enclave-api/src/enclave.rs | 2 +- modules/keymanager/src/lib.rs | 2 +- modules/lcp-client/src/client_def.rs | 33 ++++++++-------- modules/lcp-client/src/client_state.rs | 2 +- modules/lcp-client/src/consensus_state.rs | 3 +- modules/light-client/src/ibc.rs | 1 + modules/mock-lc/src/client.rs | 6 +-- modules/mock-lc/src/state.rs | 4 +- modules/ocall-commands/Cargo.toml | 2 - modules/remote-attestation/src/ias_utils.rs | 39 ++++++++----------- modules/store/src/rocksdb.rs | 4 ++ modules/tendermint-lc/src/state.rs | 6 +-- modules/tendermint-lc/src/verifier.rs | 2 +- tests/integration/src/lib.rs | 15 +++---- .../src/bin/test_setup_with_binary_channel.rs | 2 +- 24 files changed, 63 insertions(+), 92 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index c63faa14..459a28c2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1302,7 +1302,6 @@ checksum = "4f94fa09c2aeea5b8839e414b7b841bf429fd25b9c522116ac97ee87856d88b2" name = "ecall-commands" version = "0.1.0" dependencies = [ - "attestation-report", "commitments", "crypto", "flex-error", @@ -3226,8 +3225,6 @@ name = "ocall-commands" version = "0.1.0" dependencies = [ "serde", - "serde_with", - "sgx_types", "store", ] diff --git a/app/src/commands/enclave.rs b/app/src/commands/enclave.rs index d032d729..22e58a6a 100644 --- a/app/src/commands/enclave.rs +++ b/app/src/commands/enclave.rs @@ -66,7 +66,7 @@ fn run_generate_key, S: CommitStore>( _: &GenerateKey, ) -> Result<()> { let res = enclave - .generate_enclave_key(GenerateEnclaveKeyInput::default()) + .generate_enclave_key(GenerateEnclaveKeyInput) .map_err(|e| anyhow!("failed to generate an enclave key: {:?}", e))?; println!("{}", res.pub_key.as_address()); Ok(()) diff --git a/enclave-modules/ecall-handler/Cargo.toml b/enclave-modules/ecall-handler/Cargo.toml index ae27a492..2520583c 100644 --- a/enclave-modules/ecall-handler/Cargo.toml +++ b/enclave-modules/ecall-handler/Cargo.toml @@ -6,7 +6,6 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -hex = { version = "0.4", default-features = false, features = ["alloc"] } flex-error = { version = "0.4.4", default-features = false } crypto = { path = "../../modules/crypto", default-features = false, features = ["sgx"] } diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index 747e1539..839dbd3d 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -432,7 +432,6 @@ checksum = "c9b0705efd4599c15a38151f4721f7bc388306f61084d3bfd50bd07fbca5cb60" name = "ecall-commands" version = "0.1.0" dependencies = [ - "attestation-report", "commitments", "crypto", "flex-error", @@ -453,7 +452,6 @@ dependencies = [ "ecall-commands", "enclave-environment", "flex-error", - "hex", "lcp-types", "light-client", "sgx_tse", @@ -494,7 +492,6 @@ name = "enclave" version = "0.1.0" dependencies = [ "enclave-runtime", - "log", "tendermint-lc", ] @@ -995,8 +992,6 @@ name = "ocall-commands" version = "0.1.0" dependencies = [ "serde", - "serde_with", - "sgx_types", "store", ] diff --git a/enclave/Cargo.toml b/enclave/Cargo.toml index 94e19bec..06fb384c 100644 --- a/enclave/Cargo.toml +++ b/enclave/Cargo.toml @@ -12,9 +12,7 @@ crate-type = ["staticlib"] default = [] [dependencies] -log = { version = "0.4.8", default-features = false } enclave-runtime = { path = "../enclave-modules/runtime" } -# simple_logger = { git = "https://github.com/bluele/rust-simple_logger", branch = "sgx", default-features = false, features = ["sgx"] } tendermint-lc = { path = "../modules/tendermint-lc", default-features = false } [patch."https://github.com/apache/teaclave-sgx-sdk.git"] diff --git a/enclave/src/lib.rs b/enclave/src/lib.rs index 6692b87e..cf5d49b3 100644 --- a/enclave/src/lib.rs +++ b/enclave/src/lib.rs @@ -2,13 +2,7 @@ extern crate alloc; use enclave_runtime::{setup_runtime, Environment, MapLightClientRegistry}; -setup_runtime!({ - // simple_logger::SimpleLogger::new() - // .with_level(log::LevelFilter::Info) - // .init() - // .unwrap(); - Environment::new(build_lc_registry()) -}); +setup_runtime!({ Environment::new(build_lc_registry()) }); fn build_lc_registry() -> MapLightClientRegistry { let mut registry = MapLightClientRegistry::new(); diff --git a/modules/commitments/src/context.rs b/modules/commitments/src/context.rs index ca5b6eaf..d6be3dfe 100644 --- a/modules/commitments/src/context.rs +++ b/modules/commitments/src/context.rs @@ -9,8 +9,9 @@ pub const VALIDATION_CONTEXT_TYPE_EMPTY_EMPTY: u16 = 0; pub const VALIDATION_CONTEXT_TYPE_EMPTY_WITHIN_TRUSTING_PERIOD: u16 = 1; pub const VALIDATION_CONTEXT_HEADER_SIZE: usize = 32; -#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] +#[derive(Debug, Default, Clone, PartialEq, Eq, Serialize, Deserialize)] pub enum ValidationContext { + #[default] Empty, TrustingPeriod(TrustingPeriodContext), } @@ -115,12 +116,6 @@ sol! { } } -impl Default for ValidationContext { - fn default() -> Self { - ValidationContext::Empty - } -} - impl Display for ValidationContext { fn fmt(&self, f: &mut core::fmt::Formatter<'_>) -> core::fmt::Result { match self { diff --git a/modules/crypto/src/sgx/rand.rs b/modules/crypto/src/sgx/rand.rs index 892eb2c5..fdec2df9 100644 --- a/modules/crypto/src/sgx/rand.rs +++ b/modules/crypto/src/sgx/rand.rs @@ -1,6 +1,5 @@ use crate::errors::Error; use sgx_trts::trts::rsgx_read_rand; -use sgx_types::sgx_status_t; pub fn rand_slice(rand: &mut [u8]) -> Result<(), Error> { rsgx_read_rand(rand).map_err(Error::sgx_error) diff --git a/modules/ecall-commands/Cargo.toml b/modules/ecall-commands/Cargo.toml index c7485201..26b472e2 100644 --- a/modules/ecall-commands/Cargo.toml +++ b/modules/ecall-commands/Cargo.toml @@ -11,7 +11,6 @@ flex-error = { version = "0.4.4", default-features = false } commitments = { path = "../commitments", default-features = false } lcp-types = { path = "../types", default-features = false } -attestation-report = { path = "../attestation-report", default-features = false } store = { path = "../store", default-features = false } crypto = { path = "../crypto", default-features = false } diff --git a/modules/enclave-api/src/enclave.rs b/modules/enclave-api/src/enclave.rs index 3e3999fb..d52478fe 100644 --- a/modules/enclave-api/src/enclave.rs +++ b/modules/enclave-api/src/enclave.rs @@ -29,7 +29,7 @@ impl Enclave { key_manager, store, sgx_enclave, - _marker: PhantomData::default(), + _marker: PhantomData, } } diff --git a/modules/keymanager/src/lib.rs b/modules/keymanager/src/lib.rs index 020c345b..af4ffb03 100644 --- a/modules/keymanager/src/lib.rs +++ b/modules/keymanager/src/lib.rs @@ -303,7 +303,7 @@ mod tests { assert_eq!( km.available_keys(mrenclave) .unwrap() - .get(0) + .first() .unwrap() .address, address_0 diff --git a/modules/lcp-client/src/client_def.rs b/modules/lcp-client/src/client_def.rs index f8384090..79dfd9ed 100644 --- a/modules/lcp-client/src/client_def.rs +++ b/modules/lcp-client/src/client_def.rs @@ -18,6 +18,8 @@ use tiny_keccak::Keccak; pub const LCP_CLIENT_TYPE: &str = "0000-lcp"; +/// EIP712 domain separator for LCPClient +/// /// keccak256( /// abi.encode( /// keccak256("EIP712Domain(string name,string version,uint256 chainId,address verifyingContract,bytes32 salt)"), @@ -445,8 +447,8 @@ pub fn compute_eip712_register_enclave_key(avr: &str) -> Vec { }; [0x19, 0x01] .into_iter() - .chain(LCP_CLIENT_DOMAIN_SEPARATOR.into_iter()) - .chain(type_hash.into_iter()) + .chain(LCP_CLIENT_DOMAIN_SEPARATOR) + .chain(type_hash) .collect() } @@ -498,8 +500,8 @@ pub fn compute_eip712_update_operators( }; [0x19, 0x01] .into_iter() - .chain(LCP_CLIENT_DOMAIN_SEPARATOR.into_iter()) - .chain(type_hash.into_iter()) + .chain(LCP_CLIENT_DOMAIN_SEPARATOR) + .chain(type_hash) .collect() } @@ -637,8 +639,6 @@ mod tests { let op_key = OperatorKey::new().unwrap(); let registry = build_lc_registry(); - let lcp_client = LCPClient::default(); - let mock_client = MockLightClient::default(); // 1. initializes Light Client for LCP on the downstream side let lcp_client_id = { @@ -658,9 +658,9 @@ mod tests { let mut ctx = Context::new(registry.clone(), ibc_store.clone(), &ek); ctx.set_timestamp(Time::now()); - let client_id = ClientId::from_str(&format!("{}-0", lcp_client.client_type())).unwrap(); + let client_id = ClientId::from_str(&format!("{}-0", LCPClient.client_type())).unwrap(); - let res = lcp_client.initialise( + let res = LCPClient.initialise( &mut ctx, client_id.clone(), initial_client_state, @@ -682,7 +682,7 @@ mod tests { report, operator_signature: Some(operator_signature), }); - let res = lcp_client.update_client(&mut ctx, lcp_client_id.clone(), header); + let res = LCPClient.update_client(&mut ctx, lcp_client_id.clone(), header); assert!(res.is_ok(), "res={:?}", res); } @@ -694,7 +694,7 @@ mod tests { let mut ctx = Context::new(registry.clone(), lcp_store.clone(), &ek); ctx.set_timestamp(Time::now()); - let res = mock_client.create_client( + let res = MockLightClient.create_client( &ctx, client_state.clone().into(), consensus_state.clone().into(), @@ -702,8 +702,8 @@ mod tests { assert!(res.is_ok(), "res={:?}", res); let client_id = - ClientId::from_str(&format!("{}-0", mock_client.client_type())).unwrap(); - ctx.store_client_type(client_id.clone(), mock_client.client_type()) + ClientId::from_str(&format!("{}-0", MockLightClient.client_type())).unwrap(); + ctx.store_client_type(client_id.clone(), MockLightClient.client_type()) .unwrap(); ctx.store_any_client_state(client_id.clone(), client_state.into()) .unwrap(); @@ -722,7 +722,7 @@ mod tests { let mut ctx = Context::new(registry.clone(), lcp_store.clone(), &ek); ctx.set_timestamp(Time::now()); - let res = mock_client.update_client( + let res = MockLightClient.update_client( &ctx, upstream_client_id.clone(), mock_lc::Header::from(header).into(), @@ -760,7 +760,7 @@ mod tests { let mut ctx = Context::new(registry.clone(), ibc_store.clone(), &ek); ctx.set_timestamp((Time::now() + Duration::from_secs(60)).unwrap()); - let res = lcp_client.update_client(&mut ctx, lcp_client_id.clone(), header); + let res = LCPClient.update_client(&mut ctx, lcp_client_id.clone(), header); assert!(res.is_ok(), "res={:?}", res); } @@ -774,7 +774,7 @@ mod tests { header1: MockHeader::new(ICS02Height::new(0, 3).unwrap()), header2: MockHeader::new(ICS02Height::new(0, 3).unwrap()), }; - let res = mock_client + let res = MockLightClient .update_client( &ctx, upstream_client_id, @@ -799,11 +799,12 @@ mod tests { let mut ctx = Context::new(registry, ibc_store, &ek); ctx.set_timestamp((Time::now() + Duration::from_secs(60)).unwrap()); - let res = lcp_client.update_client(&mut ctx, lcp_client_id, header); + let res = LCPClient.update_client(&mut ctx, lcp_client_id, header); assert!(res.is_ok(), "res={:?}", res); } } + #[allow(clippy::arc_with_non_send_sync)] fn build_lc_registry() -> Arc { let registry = MapLightClientRegistry::new(); Arc::new(registry) diff --git a/modules/lcp-client/src/client_state.rs b/modules/lcp-client/src/client_state.rs index e4f25837..1a5f9bd3 100644 --- a/modules/lcp-client/src/client_state.rs +++ b/modules/lcp-client/src/client_state.rs @@ -102,7 +102,7 @@ impl Protobuf for ClientState {} impl From for Any { fn from(value: ClientState) -> Self { - let value = RawClientState::try_from(value).expect("encoding to `Any` from `ClientState`"); + let value = RawClientState::from(value); Any::new(LCP_CLIENT_STATE_TYPE_URL.to_string(), value.encode_to_vec()) } } diff --git a/modules/lcp-client/src/consensus_state.rs b/modules/lcp-client/src/consensus_state.rs index 5aa44800..20a243a8 100644 --- a/modules/lcp-client/src/consensus_state.rs +++ b/modules/lcp-client/src/consensus_state.rs @@ -47,8 +47,7 @@ impl Protobuf for ConsensusState {} impl From for Any { fn from(value: ConsensusState) -> Self { - let value = - RawConsensusState::try_from(value).expect("encoding to `Any` from `ConsensusState`"); + let value = RawConsensusState::from(value); Any::new( LCP_CONSENSUS_STATE_TYPE_URL.to_string(), value.encode_to_vec(), diff --git a/modules/light-client/src/ibc.rs b/modules/light-client/src/ibc.rs index ab555b42..4b5a31c9 100644 --- a/modules/light-client/src/ibc.rs +++ b/modules/light-client/src/ibc.rs @@ -12,6 +12,7 @@ use ibc::core::{ use lcp_types::proto::google::protobuf::Any as ProtoAny; /// IBCContext is a context that implements ValidationContext from ibc-rs over elc's context +/// /// NOTE: Since elc provides only 02-client equivalent functions, it implements only a very limited functions of ValidationContext trait. pub struct IBCContext<'a, ClientState: Ics02ClientState, ConsensusState: Ics02ConsensusState> { parent: &'a dyn HostClientReader, diff --git a/modules/mock-lc/src/client.rs b/modules/mock-lc/src/client.rs index 78942819..5404944f 100644 --- a/modules/mock-lc/src/client.rs +++ b/modules/mock-lc/src/client.rs @@ -172,11 +172,11 @@ impl MockLightClient { let prev_state_id = gen_state_id(client_state, latest_consensus_state)?; let post_state_id = gen_state_id(new_client_state.clone(), new_consensus_state.clone())?; - let new_any_client_state = Any::try_from(new_client_state).unwrap(); + let new_any_client_state = Any::from(new_client_state); Ok(UpdateStateData { new_any_client_state: new_any_client_state.clone(), - new_any_consensus_state: Any::try_from(new_consensus_state).unwrap(), + new_any_consensus_state: Any::from(new_consensus_state), height, message: UpdateStateProxyMessage { prev_height: Some(latest_height.into()), @@ -234,7 +234,7 @@ impl MockLightClient { ); Ok(MisbehaviourData { - new_any_client_state: Any::try_from(new_client_state).unwrap(), + new_any_client_state: Any::from(new_client_state), message: MisbehaviourProxyMessage { prev_states: vec![PrevState { height: latest_height.into(), diff --git a/modules/mock-lc/src/state.rs b/modules/mock-lc/src/state.rs index c13fc7d5..f0768748 100644 --- a/modules/mock-lc/src/state.rs +++ b/modules/mock-lc/src/state.rs @@ -85,7 +85,7 @@ pub fn gen_state_id( consensus_state: ConsensusState, ) -> Result { Ok(gen_state_id_from_any( - &client_state.try_into().unwrap(), - &consensus_state.try_into().unwrap(), + &client_state.into(), + &consensus_state.into(), )?) } diff --git a/modules/ocall-commands/Cargo.toml b/modules/ocall-commands/Cargo.toml index a849cef9..63dcb976 100644 --- a/modules/ocall-commands/Cargo.toml +++ b/modules/ocall-commands/Cargo.toml @@ -4,7 +4,5 @@ version = "0.1.0" edition = "2021" [dependencies] -sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["extra_traits"] } serde = { version = "1.0.184", default-features = false, features = ["alloc", "derive"] } -serde_with = { version = "2.0.1", default-features = false, features = ["alloc", "macros"] } store = { path = "../store", default-features = false } diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs index f3a52c3b..490ce596 100644 --- a/modules/remote-attestation/src/ias_utils.rs +++ b/modules/remote-attestation/src/ias_utils.rs @@ -177,7 +177,7 @@ pub(crate) fn get_report_from_intel( encoded_json); trace!("{}", req); - let dns_name = webpki::DNSNameRef::try_from_ascii_str(&IAS_HOSTNAME).unwrap(); + let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, 443)).unwrap(); let mut tls = rustls::Stream::new(&mut sess, &mut sock); @@ -218,25 +218,22 @@ fn parse_response_attn_report(resp: &[u8]) -> Result msg = "OK Operation Successful", - Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", - Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => msg = "Internal error occurred", + let msg = match respp.code { + Some(200) => "OK Operation Successful", + Some(401) => "Unauthorized Failed to authenticate or authorize request.", + Some(404) => "Not Found GID does not refer to a valid EPID group ID.", + Some(500) => "Internal error occurred", Some(503) => { - msg = "Service is currently not able to process the request (due to + "Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time. " } _ => { warn!("DBG:{}", respp.code.unwrap()); - msg = "Unknown error occured" + "Unknown error occured" } - } + }; info!("{}", msg); let mut len_num: u32 = 0; @@ -292,21 +289,19 @@ fn parse_response_sigrl(resp: &[u8]) -> Vec { trace!("parse result {:?}", result); trace!("parse response{:?}", respp); - let msg: &'static str; - - match respp.code { - Some(200) => msg = "OK Operation Successful", - Some(401) => msg = "Unauthorized Failed to authenticate or authorize request.", - Some(404) => msg = "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => msg = "Internal error occurred", + let msg = match respp.code { + Some(200) => "OK Operation Successful", + Some(401) => "Unauthorized Failed to authenticate or authorize request.", + Some(404) => "Not Found GID does not refer to a valid EPID group ID.", + Some(500) => "Internal error occurred", Some(503) => { - msg = "Service is currently not able to process the request (due to + "Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time. " } - _ => msg = "Unknown error occured", - } + _ => "Unknown error occured", + }; info!("{}", msg); let mut len_num: u32 = 0; diff --git a/modules/store/src/rocksdb.rs b/modules/store/src/rocksdb.rs index b387f7b0..7b9e57b6 100644 --- a/modules/store/src/rocksdb.rs +++ b/modules/store/src/rocksdb.rs @@ -286,6 +286,7 @@ impl<'a> KVStore for StoreTransaction<'a> { } /// ReadTransaction is a `read-only` transaction. +/// /// All read operations are performed based on a specific version of snapshot. /// All write operations are applied to the transaction's buffer, but they are never committed to the DB. pub struct ReadTransaction<'a> { @@ -312,6 +313,7 @@ impl<'a> KVStore for ReadTransaction<'a> { } /// UpdateTransaction is a `writable` transaction +/// /// All read operations are performed based on a specific version of snapshot. /// All write operations are applied to the corresponding RocksDB's transaction #[self_referencing] @@ -350,6 +352,7 @@ impl<'a> KVStore for UpdateTransaction<'a> { } /// ReadSnapshot is a `read-only` transaction. +/// /// All read operations are performed based on a specific version of snapshot. /// All write operations are applied to the transaction's buffer, but they are never committed to the DB. pub struct ReadSnapshot<'a> { @@ -814,6 +817,7 @@ mod tests { } let ptr = &mut arr as *mut _ as *mut [TxRunner; S]; let res = unsafe { ptr.read() }; + #[allow(clippy::forget_non_drop)] core::mem::forget(arr); res }; diff --git a/modules/tendermint-lc/src/state.rs b/modules/tendermint-lc/src/state.rs index 8e152266..1b03a933 100644 --- a/modules/tendermint-lc/src/state.rs +++ b/modules/tendermint-lc/src/state.rs @@ -80,7 +80,7 @@ impl From for Any { // canonicalize_state canonicalizes some fields of specified client state // target fields: latest_height, frozen_height pub fn canonicalize_state(client_state: &ClientState) -> ClientState { - let raw_state: RawTmClientState = client_state.0.clone().try_into().unwrap(); + let raw_state: RawTmClientState = client_state.0.clone().into(); let opt = client_state.as_light_client_options().unwrap(); #[allow(deprecated)] let tm = TendermintClientState::new( @@ -109,7 +109,7 @@ pub fn gen_state_id( consensus_state: ConsensusState, ) -> Result { Ok(gen_state_id_from_any( - &client_state.try_into().unwrap(), - &consensus_state.try_into().unwrap(), + &client_state.into(), + &consensus_state.into(), )?) } diff --git a/modules/tendermint-lc/src/verifier.rs b/modules/tendermint-lc/src/verifier.rs index 49ad560a..03bc2aea 100644 --- a/modules/tendermint-lc/src/verifier.rs +++ b/modules/tendermint-lc/src/verifier.rs @@ -116,5 +116,5 @@ fn downcast_tm_consensus_state(cs: &dyn ConsensusState) -> Result res.pub_key.as_address(), Err(e) => { bail!("failed to generate an enclave key: {:?}!", e); @@ -122,7 +122,7 @@ mod tests { enclave, signer, Some(operator), - remote_attestation::ias_utils::IASMode::Development, + remote_attestation::IASMode::Development, std::env::var("SPID")?, std::env::var("IAS_KEY")?, ) { @@ -139,7 +139,7 @@ mod tests { enclave, signer, None, - remote_attestation::ias_utils::IASMode::Development, + remote_attestation::IASMode::Development, std::env::var("SPID")?, std::env::var("IAS_KEY")?, ) { @@ -154,9 +154,9 @@ mod tests { } #[cfg(feature = "sgx-sw")] { + use remote_attestation::ias_simulation::run_ias_ra_simulation; use remote_attestation::rsa::{pkcs1v15::SigningKey, rand_core::OsRng}; use remote_attestation::sha2::Sha256; - use remote_attestation::ias_simulation::run_ias_ra_simulation; let res = match run_ias_ra_simulation( enclave, signer, @@ -254,10 +254,7 @@ mod tests { prefix: "ibc".into(), path: Path::ChannelEnd(ChannelEndPath(port_id, channel_id)).to_string(), value: res.0.encode_vec()?, - proof: CommitmentProofPair( - res.2.try_into().map_err(|e| anyhow!("{:?}", e))?, - merkle_proof_to_bytes(res.1)?, - ), + proof: CommitmentProofPair(res.2.into(), merkle_proof_to_bytes(res.1)?), signer, })?; } diff --git a/tools/nodes-runner/src/bin/test_setup_with_binary_channel.rs b/tools/nodes-runner/src/bin/test_setup_with_binary_channel.rs index 547423ab..502fe215 100644 --- a/tools/nodes-runner/src/bin/test_setup_with_binary_channel.rs +++ b/tools/nodes-runner/src/bin/test_setup_with_binary_channel.rs @@ -45,7 +45,7 @@ impl TestOverrides for Test { } fn modify_relayer_config(&self, config: &mut Config) { - for mut chain in config.chains.iter_mut() { + for chain in config.chains.iter_mut() { // Modify the key store type to `Store::Test` so that the wallet // keys are stored to ~/.hermes/keys so that we can use them // with external relayer commands. From 7082a1e8a36ad7b6f8e27c8a59371e7414e60a96 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 15:32:16 +0900 Subject: [PATCH 09/30] update base64 crate Signed-off-by: Jun Kimura --- Cargo.lock | 15 ++++++++------- enclave/Cargo.lock | 3 ++- modules/attestation-report/Cargo.toml | 2 +- modules/attestation-report/src/report.rs | 11 ++++++++--- modules/lcp-client/Cargo.toml | 2 +- modules/lcp-client/src/client_def.rs | 3 ++- modules/remote-attestation/Cargo.toml | 17 +++++++---------- .../remote-attestation/src/ias_simulation.rs | 3 ++- modules/remote-attestation/src/ias_utils.rs | 9 +++++---- 9 files changed, 36 insertions(+), 29 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 459a28c2..ff679cf0 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -263,7 +263,7 @@ dependencies = [ name = "attestation-report" version = "0.1.0" dependencies = [ - "base64 0.20.0-alpha.1", + "base64 0.22.1", "chrono", "crypto", "flex-error", @@ -369,14 +369,15 @@ checksum = "904dfeac50f3cdaba28fc6f57fdcddb75f49ed61346676a78c4ffe55877802fd" [[package]] name = "base64" -version = "0.20.0-alpha.1" -source = "git+https://github.com/marshallpierce/rust-base64#a675443d327e175f735a37f574de803d6a332591" +version = "0.21.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" [[package]] name = "base64" -version = "0.21.0" +version = "0.22.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a4a4ddaa51a5bc52a6948f74c06d20aaaddb71924eab79b8c97a8c556e942d6a" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "base64ct" @@ -2687,7 +2688,7 @@ version = "0.1.0" dependencies = [ "alloy-sol-types", "attestation-report", - "base64 0.20.0-alpha.1", + "base64 0.22.1", "chrono", "context", "crypto", @@ -3915,7 +3916,7 @@ name = "remote-attestation" version = "0.1.0" dependencies = [ "attestation-report", - "base64 0.20.0-alpha.1", + "base64 0.22.1", "chrono", "crypto", "ecall-commands", diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index 839dbd3d..3a215047 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -115,7 +115,8 @@ checksum = "9d297deb1925b89f2ccc13d7635fa0714f12c87adce1c75356b39ca9b7178567" [[package]] name = "base64" version = "0.22.1" -source = "git+https://github.com/marshallpierce/rust-base64#77e5251a281c3c1381f878ec3ad5cf3c71126e2c" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6" [[package]] name = "bincode" diff --git a/modules/attestation-report/Cargo.toml b/modules/attestation-report/Cargo.toml index 94781714..fd47394e 100644 --- a/modules/attestation-report/Cargo.toml +++ b/modules/attestation-report/Cargo.toml @@ -13,7 +13,7 @@ crypto = { path = "../crypto", default-features = false } lcp-types = { path = "../types", default-features = false } flex-error = { version = "0.4.4", default-features = false } hex = { version = "0.4", default-features = false, features = ["alloc"] } -base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } +base64 = { version = "0.22.1", default-features = false, features = ["alloc"] } pem = { version = "2.0", default-features = false } rustls = { version = "0.19", optional = true } diff --git a/modules/attestation-report/src/report.rs b/modules/attestation-report/src/report.rs index d422fdba..09cc18a4 100644 --- a/modules/attestation-report/src/report.rs +++ b/modules/attestation-report/src/report.rs @@ -1,5 +1,6 @@ use crate::errors::Error; use crate::prelude::*; +use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use chrono::prelude::DateTime; use core::fmt::{Debug, Display, Error as FmtError}; use crypto::Address; @@ -141,7 +142,9 @@ impl AttestationVerificationReport { )); } - let quote = base64::decode(&self.isv_enclave_quote_body).map_err(Error::base64)?; + let quote = Base64Std + .decode(&self.isv_enclave_quote_body) + .map_err(Error::base64)?; let sgx_quote: sgx_quote_t = unsafe { core::ptr::read(quote.as_ptr() as *const _) }; Ok(Quote { raw: sgx_quote, @@ -207,12 +210,14 @@ mod serde_base64 { use serde::{Deserialize, Deserializer, Serialize, Serializer}; pub fn serialize(v: &Vec, s: S) -> Result { - let base64 = base64::encode(v); + let base64 = Base64Std.encode(v); String::serialize(&base64, s) } pub fn deserialize<'de, D: Deserializer<'de>>(d: D) -> Result, D::Error> { let base64 = String::deserialize(d)?; - base64::decode(base64.as_bytes()).map_err(serde::de::Error::custom) + Base64Std + .decode(base64.as_bytes()) + .map_err(serde::de::Error::custom) } } diff --git a/modules/lcp-client/Cargo.toml b/modules/lcp-client/Cargo.toml index f896ab1d..18a4ee17 100644 --- a/modules/lcp-client/Cargo.toml +++ b/modules/lcp-client/Cargo.toml @@ -20,7 +20,7 @@ crypto = { path = "../crypto", default-features = false } sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["extra_traits"] } ibc = { version = "0.29.0", default-features = false, features = ["serde", "std"] } chrono = { version = "0.4", default-features = false, features = ["alloc", "clock"]} -base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } +base64 = { version = "0.22.1", default-features = false, features = ["alloc"] } mock-lc = { path = "../mock-lc" } store = { path = "../store" } diff --git a/modules/lcp-client/src/client_def.rs b/modules/lcp-client/src/client_def.rs index 79dfd9ed..d7e590af 100644 --- a/modules/lcp-client/src/client_def.rs +++ b/modules/lcp-client/src/client_def.rs @@ -6,6 +6,7 @@ use crate::message::{ }; use alloy_sol_types::{sol, SolValue}; use attestation_report::{EndorsedAttestationVerificationReport, ReportData}; +use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use crypto::{verify_signature_address, Address, Keccak256}; use hex_literal::hex; use light_client::commitments::{ @@ -841,7 +842,7 @@ mod tests { // advisory_ids, // isv_enclave_quote_status, platform_info_blob: None, - isv_enclave_quote_body: base64::encode("e.as_slice()[..432]), + isv_enclave_quote_body: Base64Std.encode("e.as_slice()[..432]), ..Default::default() }; diff --git a/modules/remote-attestation/Cargo.toml b/modules/remote-attestation/Cargo.toml index ce3ade32..138e458b 100644 --- a/modules/remote-attestation/Cargo.toml +++ b/modules/remote-attestation/Cargo.toml @@ -5,14 +5,14 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -log = "0.4.8" -rand = "0.8" +log = { version = "0.4.8" } +rand = { version = "0.8" } hex = { version = "0.4", default-features = false, features = ["alloc"] } -base64 = { git = "https://github.com/marshallpierce/rust-base64", default-features = false, features = ["alloc"] } +base64 = { version = "0.22.1", default-features = false, features = ["alloc"] } httparse = { version = "1.3", default-features = false } -rustls = "0.19" -webpki = "0.21" -webpki-roots = "0.17" +rustls = { version = "0.19" } +webpki = { version = "0.21" } +webpki-roots = { version = "0.17" } flex-error = { version = "0.4.4" } sha2 = { version = "0.10.6", features = ["oid"] } rsa = { version = "0.9.2", features = ["pem"], optional = true } @@ -27,7 +27,4 @@ store = { path = "../store", features = ["rocksdbstore"] } [features] default = [] -sgx-sw = [ - "rsa", - "chrono" -] \ No newline at end of file +sgx-sw = ["rsa", "chrono"] diff --git a/modules/remote-attestation/src/ias_simulation.rs b/modules/remote-attestation/src/ias_simulation.rs index d05a0618..07f2369a 100644 --- a/modules/remote-attestation/src/ias_simulation.rs +++ b/modules/remote-attestation/src/ias_simulation.rs @@ -1,6 +1,7 @@ use crate::errors::Error; use crate::ias_utils::{get_quote, init_quote, validate_qe_report, SGX_QUOTE_SIGN_TYPE}; use attestation_report::{AttestationVerificationReport, EndorsedAttestationVerificationReport}; +use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use crypto::Address; use ecall_commands::{CreateReportInput, CreateReportResponse}; use enclave_api::EnclaveCommandAPI; @@ -61,7 +62,7 @@ fn create_simulate_avr( advisory_ids, isv_enclave_quote_status, platform_info_blob: None, - isv_enclave_quote_body: base64::encode("e.as_slice()[..432]), + isv_enclave_quote_body: Base64Std.encode("e.as_slice()[..432]), ..Default::default() }; let avr_json = avr.to_canonical_json().unwrap(); diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs index 490ce596..7dd0a709 100644 --- a/modules/remote-attestation/src/ias_utils.rs +++ b/modules/remote-attestation/src/ias_utils.rs @@ -1,5 +1,6 @@ use crate::errors::Error; use attestation_report::EndorsedAttestationVerificationReport; +use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use log::*; use rand::RngCore; use sgx_types::{ @@ -166,7 +167,7 @@ pub(crate) fn get_report_from_intel( ias_key: &str, ) -> Result { let config = make_ias_client_config(); - let encoded_quote = base64::encode("e[..]); + let encoded_quote = Base64Std.encode("e[..]); let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); let req = format!("POST {} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key:{}\r\nContent-Length:{}\r\nContent-Type: application/json\r\nConnection: close\r\n\r\n{}", @@ -272,8 +273,8 @@ fn parse_response_attn_report(resp: &[u8]) -> Result Vec { let resp_body = &resp[header_len..]; trace!("Base64-encoded SigRL: {:?}", resp_body); - return base64::decode(resp_body).unwrap(); + return Base64Std.decode(resp_body).unwrap(); } // len_num == 0 From c1d8cd2724a75e2b2249680f8ae79d6abca13d84 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 16:41:14 +0900 Subject: [PATCH 10/30] add `development` flag to ias attestation command Signed-off-by: Jun Kimura --- app/src/commands/attestation.rs | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index 8e19771d..c2426b7c 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -70,6 +70,13 @@ pub struct IASRemoteAttestation { help = "An operator address to perform `registerEnclaveKey` transaction on-chain" )] pub operator: Option, + /// IAS mode + #[clap( + long = "development", + default_value = "false", + help = "Use IAS development mode(default: false)" + )] + pub is_dev: bool, } impl IASRemoteAttestation { @@ -93,7 +100,11 @@ fn run_ias_remote_attestation, S: CommitStore>( &enclave, target_enclave_key, cmd.get_operator()?, - IASMode::Development, + if cmd.is_dev { + IASMode::Development + } else { + IASMode::Production + }, spid, ias_key, ) { From 494f62a9bef0a29d64bbc03c6fad8dea293d13d7 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 17:42:44 +0900 Subject: [PATCH 11/30] remove production feature flag Signed-off-by: Jun Kimura --- Makefile | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile b/Makefile index 71424b10..c3881f3e 100644 --- a/Makefile +++ b/Makefile @@ -55,7 +55,6 @@ ifeq ($(SGX_PRODUCTION), 1) SGX_ENCLAVE_MODE = "Production Mode" SGX_ENCLAVE_CONFIG = $(SGX_ENCLAVE_CONFIG) SGX_SIGN_KEY = $(SGX_COMMERCIAL_KEY) - ENCLAVE_CARGO_FEATURES = --features=production else SGX_ENCLAVE_MODE = "Development Mode" SGX_ENCLAVE_CONFIG = "enclave/Enclave.config.xml" From 20b6b6090c5da4851c1e392045cc74753b7f77a8 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 17:57:58 +0900 Subject: [PATCH 12/30] fix development flag Signed-off-by: Jun Kimura --- app/src/commands/attestation.rs | 6 +----- modules/remote-attestation/src/ias_utils.rs | 12 ++++++++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index c2426b7c..814521da 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -71,11 +71,7 @@ pub struct IASRemoteAttestation { )] pub operator: Option, /// IAS mode - #[clap( - long = "development", - default_value = "false", - help = "Use IAS development mode(default: false)" - )] + #[clap(long = "development", help = "Use IAS development mode")] pub is_dev: bool, } diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs index 7dd0a709..23b39854 100644 --- a/modules/remote-attestation/src/ias_utils.rs +++ b/modules/remote-attestation/src/ias_utils.rs @@ -8,6 +8,7 @@ use sgx_types::{ sgx_quote_sign_type_t, sgx_quote_t, sgx_report_t, sgx_spid_t, sgx_status_t, sgx_target_info_t, }; use sha2::{Digest, Sha256}; +use std::fmt::Display; use std::io::{Read, Write}; use std::net::{SocketAddr, TcpStream}; use std::ptr; @@ -24,6 +25,15 @@ pub enum IASMode { Production, } +impl Display for IASMode { + fn fmt(&self, f: &mut std::fmt::Formatter) -> std::fmt::Result { + match self { + IASMode::Development => write!(f, "Development"), + IASMode::Production => write!(f, "Production"), + } + } +} + impl IASMode { pub const fn get_sigrl_suffix(&self) -> &'static str { match self { @@ -127,6 +137,7 @@ pub(crate) fn get_quote( } pub(crate) fn get_sigrl_from_intel(mode: IASMode, gid: [u8; 4], ias_key: &str) -> Vec { + info!("using IAS mode: {}", mode); let config = make_ias_client_config(); let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", mode.get_sigrl_suffix(), @@ -166,6 +177,7 @@ pub(crate) fn get_report_from_intel( quote: Vec, ias_key: &str, ) -> Result { + info!("using IAS mode: {}", mode); let config = make_ias_client_config(); let encoded_quote = Base64Std.encode("e[..]); let encoded_json = format!("{{\"isvEnclaveQuote\":\"{}\"}}\r\n", encoded_quote); From 4b049b1c8fb1c79ce24af0702010325377495913 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 18:19:00 +0900 Subject: [PATCH 13/30] improve error handling of ias response Signed-off-by: Jun Kimura --- modules/remote-attestation/src/errors.rs | 21 +++++++ modules/remote-attestation/src/ias.rs | 2 +- modules/remote-attestation/src/ias_utils.rs | 70 +++++++++------------ 3 files changed, 52 insertions(+), 41 deletions(-) diff --git a/modules/remote-attestation/src/errors.rs b/modules/remote-attestation/src/errors.rs index d89f0e33..11f01206 100644 --- a/modules/remote-attestation/src/errors.rs +++ b/modules/remote-attestation/src/errors.rs @@ -17,6 +17,27 @@ define_error! { [attestation_report::Error] |_| { "AttestationReport error" }, + UnexpectedIasReportResponse { + descr: String + } + |e| { + format_args!("UnexpectedIASReportResponse error: {}", e.descr) + }, + + UnexpectedSigrlResponse { + descr: String + } + |e| { + format_args!("UnexpectedSigrlResponse error: {}", e.descr) + }, + + UnexpectedIasReportCertificateResponse { + descr: String + } + |e| { + format_args!("UnexpectedIASReportCertificateResponse error: {}", e.descr) + }, + UnexpectedReport { descr: String } diff --git a/modules/remote-attestation/src/ias.rs b/modules/remote-attestation/src/ias.rs index f190eeb1..197db922 100644 --- a/modules/remote-attestation/src/ias.rs +++ b/modules/remote-attestation/src/ias.rs @@ -28,7 +28,7 @@ pub fn run_ias_ra, S: CommitStore>( .unwrap(); // Now sigrl is the revocation list, a vec - let sigrl = get_sigrl_from_intel(mode, epid_group_id, &ias_key); + let sigrl = get_sigrl_from_intel(mode, epid_group_id, &ias_key)?; let (quote, qe_report) = get_quote(sigrl, report, SGX_QUOTE_SIGN_TYPE, spid)?; validate_qe_report(&target_info, &qe_report)?; diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs index 23b39854..195090b0 100644 --- a/modules/remote-attestation/src/ias_utils.rs +++ b/modules/remote-attestation/src/ias_utils.rs @@ -136,7 +136,11 @@ pub(crate) fn get_quote( Ok((quote, qe_report)) } -pub(crate) fn get_sigrl_from_intel(mode: IASMode, gid: [u8; 4], ias_key: &str) -> Vec { +pub(crate) fn get_sigrl_from_intel( + mode: IASMode, + gid: [u8; 4], + ias_key: &str, +) -> Result, Error> { info!("using IAS mode: {}", mode); let config = make_ias_client_config(); let req = format!("GET {}{:08x} HTTP/1.1\r\nHOST: {}\r\nOcp-Apim-Subscription-Key: {}\r\nConnection: Close\r\n\r\n", @@ -231,30 +235,19 @@ fn parse_response_attn_report(resp: &[u8]) -> Result "OK Operation Successful", - Some(401) => "Unauthorized Failed to authenticate or authorize request.", - Some(404) => "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => "Internal error occurred", - Some(503) => { - "Service is currently not able to process the request (due to - a temporary overloading or maintenance). This is a - temporary state – the same request can be repeated after - some time. " - } - _ => { - warn!("DBG:{}", respp.code.unwrap()); - "Unknown error occured" - } - }; + match respp.code { + Some(200) => info!("OK Operation Successful"), + Some(401) => return Err(Error::unexpected_ias_report_response("Unauthorized Failed to authenticate or authorize request".to_string())), + Some(404) => return Err(Error::unexpected_ias_report_response("Not Found GID does not refer to a valid EPID group ID".to_string())), + Some(500) => return Err(Error::unexpected_ias_report_response("Internal error occurred".to_string())), + Some(503) => return Err(Error::unexpected_ias_report_response("Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), + _ => return Err(Error::unexpected_ias_report_response(format!("Unknown error occured: {:?}", respp.code))), + } - info!("{}", msg); let mut len_num: u32 = 0; - let mut sig = String::new(); let mut cert = String::new(); let mut attn_report = String::new(); - for i in 0..respp.headers.len() { let h = respp.headers[i]; match h.name { @@ -276,6 +269,11 @@ fn parse_response_attn_report(resp: &[u8]) -> Result = cert.split("-----").collect(); + if v.len() < 3 { + return Err(Error::unexpected_ias_report_certificate_response( + "Invalid signing certificate".to_string(), + )); + } let sig_cert = v[2].to_string(); if len_num != 0 { @@ -294,7 +292,7 @@ fn parse_response_attn_report(resp: &[u8]) -> Result Vec { +fn parse_response_sigrl(resp: &[u8]) -> Result, Error> { trace!("parse_response_sigrl"); let mut headers = [httparse::EMPTY_HEADER; 16]; let mut respp = httparse::Response::new(&mut headers); @@ -302,23 +300,16 @@ fn parse_response_sigrl(resp: &[u8]) -> Vec { trace!("parse result {:?}", result); trace!("parse response{:?}", respp); - let msg = match respp.code { - Some(200) => "OK Operation Successful", - Some(401) => "Unauthorized Failed to authenticate or authorize request.", - Some(404) => "Not Found GID does not refer to a valid EPID group ID.", - Some(500) => "Internal error occurred", - Some(503) => { - "Service is currently not able to process the request (due to - a temporary overloading or maintenance). This is a - temporary state – the same request can be repeated after - some time. " - } - _ => "Unknown error occured", - }; + match respp.code { + Some(200) => info!("OK Operation Successful"), + Some(401) => return Err(Error::unexpected_sigrl_response("Unauthorized Failed to authenticate or authorize request".to_string())), + Some(404) => return Err(Error::unexpected_sigrl_response("Not Found GID does not refer to a valid EPID group ID".to_string())), + Some(500) => return Err(Error::unexpected_sigrl_response("Internal error occurred".to_string())), + Some(503) => return Err(Error::unexpected_sigrl_response("Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), + _ => return Err(Error::unexpected_sigrl_response(format!("Unknown error occured: {:?}", respp.code))), + } - info!("{}", msg); let mut len_num: u32 = 0; - for i in 0..respp.headers.len() { let h = respp.headers[i]; if h.name == "content-length" { @@ -333,11 +324,10 @@ fn parse_response_sigrl(resp: &[u8]) -> Vec { let resp_body = &resp[header_len..]; trace!("Base64-encoded SigRL: {:?}", resp_body); - return Base64Std.decode(resp_body).unwrap(); + Ok(Base64Std.decode(resp_body).unwrap()) + } else { + Ok(Vec::new()) } - - // len_num == 0 - Vec::new() } fn make_ias_client_config() -> rustls::ClientConfig { From ab4975da0b6c6937e188d8efe0d8e991d6cf940d Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 19:38:55 +0900 Subject: [PATCH 14/30] fix to import base64 in `test` Signed-off-by: Jun Kimura --- modules/lcp-client/Cargo.toml | 4 ++-- modules/lcp-client/src/client_def.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/lcp-client/Cargo.toml b/modules/lcp-client/Cargo.toml index 18a4ee17..6204b073 100644 --- a/modules/lcp-client/Cargo.toml +++ b/modules/lcp-client/Cargo.toml @@ -8,8 +8,8 @@ prost = { version = "0.11", default-features = false } serde = { version = "1.0.184", default-features = false, features = ["alloc", "derive"] } serde_json = { version = "1.0", default-features = false } flex-error = { version = "0.4.4", default-features = false } -tiny-keccak = "1.4" -hex-literal = "0.4.1" +tiny-keccak = { version = "1.4" } +hex-literal = { version = "0.4.1" } alloy-sol-types = { version = "0.6.0", default-features = false } attestation-report = { path = "../attestation-report", default-features = false } diff --git a/modules/lcp-client/src/client_def.rs b/modules/lcp-client/src/client_def.rs index d7e590af..e89fdce1 100644 --- a/modules/lcp-client/src/client_def.rs +++ b/modules/lcp-client/src/client_def.rs @@ -6,7 +6,6 @@ use crate::message::{ }; use alloy_sol_types::{sol, SolValue}; use attestation_report::{EndorsedAttestationVerificationReport, ReportData}; -use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use crypto::{verify_signature_address, Address, Keccak256}; use hex_literal::hex; use light_client::commitments::{ @@ -581,6 +580,7 @@ mod tests { use alloc::rc::Rc; use alloc::sync::Arc; use attestation_report::{AttestationVerificationReport, ReportData}; + use base64::{engine::general_purpose::STANDARD as Base64Std, Engine}; use context::Context; use core::cell::RefCell; use core::str::FromStr; From 60fa5e848af70e0dd6bf5ef4a51660dbf264c1bf Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 19:45:57 +0900 Subject: [PATCH 15/30] remove unused header Signed-off-by: Jun Kimura --- enclave/Enclave.edl | 2 -- 1 file changed, 2 deletions(-) diff --git a/enclave/Enclave.edl b/enclave/Enclave.edl index ac799ddd..4e46f119 100644 --- a/enclave/Enclave.edl +++ b/enclave/Enclave.edl @@ -1,7 +1,5 @@ enclave { - include "sgx_quote.h" - trusted { public sgx_status_t ecall_execute_command( From 56bd34f039edad0b2366da5082b7ee0d92818b1e Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 20:18:31 +0900 Subject: [PATCH 16/30] remove unnecessary links Signed-off-by: Jun Kimura --- app/build.rs | 2 -- modules/enclave-api/build.rs | 2 -- tests/integration/build.rs | 2 -- 3 files changed, 6 deletions(-) diff --git a/app/build.rs b/app/build.rs index 9ae4f065..d96baec3 100644 --- a/app/build.rs +++ b/app/build.rs @@ -11,8 +11,6 @@ fn main() -> Result<(), Box> { println!("cargo:rustc-link-search=native=./lib"); println!("cargo:rustc-link-lib=static=Enclave_u"); println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); - println!("cargo:rustc-link-lib=static=sgx_uprotected_fs"); - println!("cargo:rustc-link-lib=static=sgx_ukey_exchange"); match sgx_mode.as_ref() { "SW" => { diff --git a/modules/enclave-api/build.rs b/modules/enclave-api/build.rs index 3f4a65bd..a7b69feb 100644 --- a/modules/enclave-api/build.rs +++ b/modules/enclave-api/build.rs @@ -7,8 +7,6 @@ fn main() { println!("cargo:rustc-link-search=native=./lib"); println!("cargo:rustc-link-lib=static=Enclave_u"); println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); - println!("cargo:rustc-link-lib=static=sgx_uprotected_fs"); - println!("cargo:rustc-link-lib=static=sgx_ukey_exchange"); match sgx_mode.as_ref() { "SW" => { diff --git a/tests/integration/build.rs b/tests/integration/build.rs index 3f4a65bd..a7b69feb 100644 --- a/tests/integration/build.rs +++ b/tests/integration/build.rs @@ -7,8 +7,6 @@ fn main() { println!("cargo:rustc-link-search=native=./lib"); println!("cargo:rustc-link-lib=static=Enclave_u"); println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); - println!("cargo:rustc-link-lib=static=sgx_uprotected_fs"); - println!("cargo:rustc-link-lib=static=sgx_ukey_exchange"); match sgx_mode.as_ref() { "SW" => { From 1a903b24cca251199de3fcb5fd0bae34773f1766 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 20:24:17 +0900 Subject: [PATCH 17/30] remove unused variable Signed-off-by: Jun Kimura --- Makefile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c3881f3e..33b5f013 100644 --- a/Makefile +++ b/Makefile @@ -97,7 +97,6 @@ else Service_Library_Name := sgx_tservice endif Crypto_Library_Name := sgx_tcrypto -KeyExchange_Library_Name := sgx_tkey_exchange ProtectedFs_Library_Name := sgx_tprotected_fs RustEnclave_C_Files := $(wildcard ./enclave/*.c) @@ -217,7 +216,7 @@ test: .PHONY: integration-test integration-test: $(Signed_RustEnclave_Name) bin/gaiad - cargo test $(CARGO_TARGET) --package integration-test $(APP_CARGO_FEATURES) + @PATH=${PATH}:$(CURDIR)/bin cargo test $(CARGO_TARGET) --package integration-test $(APP_CARGO_FEATURES) .PHONY: test-nodes test-setup-nodes: bin/gaiad From 89386acaa380031f755999e7100782a8dbe86c97 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 22:58:54 +0900 Subject: [PATCH 18/30] remove unused build.rs Signed-off-by: Jun Kimura --- modules/enclave-api/build.rs | 25 ------------------------- 1 file changed, 25 deletions(-) delete mode 100644 modules/enclave-api/build.rs diff --git a/modules/enclave-api/build.rs b/modules/enclave-api/build.rs deleted file mode 100644 index a7b69feb..00000000 --- a/modules/enclave-api/build.rs +++ /dev/null @@ -1,25 +0,0 @@ -use std::env; - -fn main() { - let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/sgxsdk".to_string()); - let sgx_mode = env::var("SGX_MODE").unwrap_or_else(|_| "HW".to_string()); - - println!("cargo:rustc-link-search=native=./lib"); - println!("cargo:rustc-link-lib=static=Enclave_u"); - println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); - - match sgx_mode.as_ref() { - "SW" => { - println!("cargo:rustc-link-lib=dylib=sgx_urts_sim"); - println!("cargo:rustc-link-lib=dylib=sgx_uae_service_sim"); - } - "HW" => { - println!("cargo:rustc-link-lib=dylib=sgx_urts"); - println!("cargo:rustc-link-lib=dylib=sgx_uae_service"); - } - _ => { - println!("cargo:rustc-link-lib=dylib=sgx_urts"); - println!("cargo:rustc-link-lib=dylib=sgx_uae_service"); - } - } -} From bd15bdc8035c5802eec9c6900c61c7cd87e6d063 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 00:21:19 +0900 Subject: [PATCH 19/30] remove unwraps Signed-off-by: Jun Kimura --- modules/remote-attestation/src/errors.rs | 69 +++++++- modules/remote-attestation/src/ias.rs | 2 +- modules/remote-attestation/src/ias_utils.rs | 165 ++++++++++++-------- 3 files changed, 173 insertions(+), 63 deletions(-) diff --git a/modules/remote-attestation/src/errors.rs b/modules/remote-attestation/src/errors.rs index 11f01206..7c84a323 100644 --- a/modules/remote-attestation/src/errors.rs +++ b/modules/remote-attestation/src/errors.rs @@ -3,8 +3,75 @@ use lcp_types::Time; use sgx_types::sgx_status_t; define_error! { - #[derive(Debug, Clone, PartialEq, Eq)] + #[derive(Debug)] Error { + InvalidSpid { + descr: String + } + |e| { + format_args!("Invalid SPID: {}", e.descr) + }, + + InvalidUtf8Bytes { + bytes: Vec, + error: std::str::Utf8Error, + descr: String, + } + |e| { + format_args!("InvalidUtf8: bytes={:?} descr={}", e.bytes, e.descr) + }, + + InvalidU32String { + string: String, + error: std::num::ParseIntError, + descr: String, + } + |e| { + format_args!("InvalidU32String: string={} descr={}", e.string, e.descr) + }, + + Base64Decode { + error: base64::DecodeError, + descr: String, + } + |e| { + format_args!("Base64Decode: descr={}", e.descr) + }, + + InvalidPercentDecode { + value: String, + } + |e| { + format_args!("InvalidPercentDecode: value={}", e.value) + }, + + IoError { + error: std::io::Error, + descr: String, + } + |e| { + format_args!("IOError: descr={}", e.descr) + }, + + InvalidDnsNameError + [TraceError] + |_| { "InvalidDnsNameError" }, + + HttpParseError + [TraceError] + |_| { "HttpParseError" }, + + HttpParsePartialStatus + |_| { "HttpParsePartialStatus" }, + + CannotLookupAddress { + host: String, + port: u16, + } + |e| { + format_args!("CannotLookupAddress: host={} port={}", e.host, e.port) + }, + TooOldReportTimestamp { now: Time, timestamp: Time diff --git a/modules/remote-attestation/src/ias.rs b/modules/remote-attestation/src/ias.rs index 197db922..4c0b17b9 100644 --- a/modules/remote-attestation/src/ias.rs +++ b/modules/remote-attestation/src/ias.rs @@ -17,7 +17,7 @@ pub fn run_ias_ra, S: CommitStore>( spid: String, ias_key: String, ) -> Result { - let spid = decode_spid(&spid); + let spid = decode_spid(&spid)?; let (target_info, epid_group_id) = init_quote()?; let CreateReportResponse { report } = enclave .create_report(CreateReportInput { diff --git a/modules/remote-attestation/src/ias_utils.rs b/modules/remote-attestation/src/ias_utils.rs index 195090b0..97e1e35c 100644 --- a/modules/remote-attestation/src/ias_utils.rs +++ b/modules/remote-attestation/src/ias_utils.rs @@ -10,12 +10,13 @@ use sgx_types::{ use sha2::{Digest, Sha256}; use std::fmt::Display; use std::io::{Read, Write}; -use std::net::{SocketAddr, TcpStream}; +use std::net::{SocketAddr, TcpStream, ToSocketAddrs}; use std::ptr; use std::str; use std::sync::Arc; pub const IAS_HOSTNAME: &str = "api.trustedservices.intel.com"; +pub const IAS_HTTPS_PORT: u16 = 443; pub const SGX_QUOTE_SIGN_TYPE: sgx_quote_sign_type_t = sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE; @@ -151,9 +152,11 @@ pub(crate) fn get_sigrl_from_intel( trace!("get_sigrl_from_intel: {}", req); - let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); + let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME) + .map_err(Error::invalid_dns_name_error)?; let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); - let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, 443)).unwrap(); + let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, IAS_HTTPS_PORT)?) + .map_err(|e| Error::io_error(e, "failed to connect to IAS server".to_string()))?; let mut tls = rustls::Stream::new(&mut sess, &mut sock); let _result = tls.write(req.as_bytes()); @@ -161,18 +164,9 @@ pub(crate) fn get_sigrl_from_intel( info!("write complete"); - match tls.read_to_end(&mut plaintext) { - Ok(_) => (), - Err(e) => { - warn!("get_sigrl_from_intel tls.read_to_end: {:?}", e); - panic!("Communication error with IAS"); - } - } + tls.read_to_end(&mut plaintext) + .map_err(|e| Error::io_error(e, "failed to read response from IAS server".to_string()))?; info!("read_to_end complete"); - let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - - trace!("{}", resp_string); - parse_response_sigrl(&plaintext) } @@ -194,9 +188,11 @@ pub(crate) fn get_report_from_intel( encoded_json); trace!("{}", req); - let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME).unwrap(); + let dns_name = webpki::DNSNameRef::try_from_ascii_str(IAS_HOSTNAME) + .map_err(Error::invalid_dns_name_error)?; let mut sess = rustls::ClientSession::new(&Arc::new(config), dns_name); - let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, 443)).unwrap(); + let mut sock = TcpStream::connect(lookup_ipv4(IAS_HOSTNAME, IAS_HTTPS_PORT)?) + .map_err(|e| Error::io_error(e, "Failed to connect to IAS server".to_string()))?; let mut tls = rustls::Stream::new(&mut sess, &mut sock); let _result = tls.write(req.as_bytes()); @@ -204,11 +200,9 @@ pub(crate) fn get_report_from_intel( info!("write complete"); - tls.read_to_end(&mut plaintext).unwrap(); + tls.read_to_end(&mut plaintext) + .map_err(|e| Error::io_error(e, "failed to read response from IAS server".to_string()))?; info!("read_to_end complete"); - let resp_string = String::from_utf8(plaintext.clone()).unwrap(); - - trace!("resp_string = {}", resp_string); parse_response_attn_report(&plaintext) } @@ -237,11 +231,11 @@ fn parse_response_attn_report(resp: &[u8]) -> Result info!("OK Operation Successful"), - Some(401) => return Err(Error::unexpected_ias_report_response("Unauthorized Failed to authenticate or authorize request".to_string())), - Some(404) => return Err(Error::unexpected_ias_report_response("Not Found GID does not refer to a valid EPID group ID".to_string())), - Some(500) => return Err(Error::unexpected_ias_report_response("Internal error occurred".to_string())), - Some(503) => return Err(Error::unexpected_ias_report_response("Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), - _ => return Err(Error::unexpected_ias_report_response(format!("Unknown error occured: {:?}", respp.code))), + Some(401) => return Err(Error::unexpected_ias_report_response("unauthorized Failed to authenticate or authorize request".to_string())), + Some(404) => return Err(Error::unexpected_ias_report_response("not Found GID does not refer to a valid EPID group ID".to_string())), + Some(500) => return Err(Error::unexpected_ias_report_response("internal error occurred".to_string())), + Some(503) => return Err(Error::unexpected_ias_report_response("service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), + _ => return Err(Error::unexpected_ias_report_response(format!("unknown error occured: {:?}", respp.code))), } let mut len_num: u32 = 0; @@ -252,39 +246,65 @@ fn parse_response_attn_report(resp: &[u8]) -> Result { - let len_str = String::from_utf8(h.value.to_vec()).unwrap(); - len_num = len_str.parse::().unwrap(); + let len_str = str::from_utf8(h.value).map_err(|e| { + Error::invalid_utf8_bytes(h.value.to_vec(), e, h.name.to_string()) + })?; + len_num = len_str.parse::().map_err(|e| { + Error::invalid_u32_string(len_str.to_string(), e, h.name.to_string()) + })?; trace!("content length = {}", len_num); } - "X-IASReport-Signature" => sig = str::from_utf8(h.value).unwrap().to_string(), + "X-IASReport-Signature" => { + sig = str::from_utf8(h.value) + .map_err(|e| { + Error::invalid_utf8_bytes(h.value.to_vec(), e, h.name.to_string()) + })? + .to_string() + } "X-IASReport-Signing-Certificate" => { - cert = str::from_utf8(h.value).unwrap().to_string() + cert = str::from_utf8(h.value) + .map_err(|e| { + Error::invalid_utf8_bytes(h.value.to_vec(), e, h.name.to_string()) + })? + .to_string() } _ => (), } } // Remove %0A from cert, and only obtain the signing cert - cert = cert.replace("%0A", ""); - cert = percent_decode(cert); + cert = percent_decode(cert.replace("%0A", ""))?; let v: Vec<&str> = cert.split("-----").collect(); if v.len() < 3 { return Err(Error::unexpected_ias_report_certificate_response( - "Invalid signing certificate".to_string(), + "invalid signing certificate".to_string(), )); } let sig_cert = v[2].to_string(); if len_num != 0 { - let header_len = result.unwrap().unwrap(); + let status = result.map_err(Error::http_parse_error)?; + let header_len = if status.is_complete() { + status.unwrap() + } else { + return Err(Error::http_parse_partial_status()); + }; let resp_body = &resp[header_len..]; - attn_report = str::from_utf8(resp_body).unwrap().to_string(); + attn_report = str::from_utf8(resp_body) + .map_err(|e| { + Error::invalid_utf8_bytes(resp_body.to_vec(), e, "Attestation Report".to_string()) + })? + .to_string(); info!("Attestation report: {}", attn_report); } - let signature = Base64Std.decode(&sig).unwrap(); - let signing_cert = Base64Std.decode(&sig_cert).unwrap(); + let signature = Base64Std + .decode(&sig) + .map_err(|e| Error::base64_decode(e, "Signature".to_string()))?; + let signing_cert = Base64Std + .decode(&sig_cert) + .map_err(|e| Error::base64_decode(e, "Signing Certificate".to_string()))?; Ok(EndorsedAttestationVerificationReport { avr: attn_report, signature, @@ -302,29 +322,40 @@ fn parse_response_sigrl(resp: &[u8]) -> Result, Error> { match respp.code { Some(200) => info!("OK Operation Successful"), - Some(401) => return Err(Error::unexpected_sigrl_response("Unauthorized Failed to authenticate or authorize request".to_string())), - Some(404) => return Err(Error::unexpected_sigrl_response("Not Found GID does not refer to a valid EPID group ID".to_string())), - Some(500) => return Err(Error::unexpected_sigrl_response("Internal error occurred".to_string())), - Some(503) => return Err(Error::unexpected_sigrl_response("Service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), - _ => return Err(Error::unexpected_sigrl_response(format!("Unknown error occured: {:?}", respp.code))), + Some(401) => return Err(Error::unexpected_sigrl_response("unauthorized Failed to authenticate or authorize request".to_string())), + Some(404) => return Err(Error::unexpected_sigrl_response("not Found GID does not refer to a valid EPID group ID".to_string())), + Some(500) => return Err(Error::unexpected_sigrl_response("internal error occurred".to_string())), + Some(503) => return Err(Error::unexpected_sigrl_response("service is currently not able to process the request (due to a temporary overloading or maintenance). This is a temporary state – the same request can be repeated after some time.".to_string())), + _ => return Err(Error::unexpected_sigrl_response(format!("unknown error occured: {:?}", respp.code))), } let mut len_num: u32 = 0; for i in 0..respp.headers.len() { let h = respp.headers[i]; if h.name == "content-length" { - let len_str = String::from_utf8(h.value.to_vec()).unwrap(); - len_num = len_str.parse::().unwrap(); + let len_str = str::from_utf8(h.value).map_err(|e| { + Error::invalid_utf8_bytes(h.value.to_vec(), e, "Content-Length".to_string()) + })?; + len_num = len_str.parse::().map_err(|e| { + Error::invalid_u32_string(len_str.to_string(), e, "Content-Length".to_string()) + })?; trace!("content length = {}", len_num); } } if len_num != 0 { - let header_len = result.unwrap().unwrap(); + let status = result.map_err(Error::http_parse_error)?; + let header_len = if status.is_complete() { + status.unwrap() + } else { + return Err(Error::http_parse_partial_status()); + }; let resp_body = &resp[header_len..]; trace!("Base64-encoded SigRL: {:?}", resp_body); - Ok(Base64Std.decode(resp_body).unwrap()) + Ok(Base64Std + .decode(resp_body) + .map_err(|e| Error::base64_decode(e, "SigRL".to_string()))?) } else { Ok(Vec::new()) } @@ -340,38 +371,50 @@ fn make_ias_client_config() -> rustls::ClientConfig { config } -fn percent_decode(orig: String) -> String { +fn percent_decode(orig: String) -> Result { let v: Vec<&str> = orig.split("%").collect(); let mut ret = String::new(); ret.push_str(v[0]); if v.len() > 1 { for s in v[1..].iter() { - ret.push(u8::from_str_radix(&s[0..2], 16).unwrap() as char); + ret.push( + u8::from_str_radix(&s[0..2], 16).map_err(|e| { + Error::invalid_percent_decode(format!("failed to decode: {}", e)) + })? as char, + ); ret.push_str(&s[2..]); } } - ret + Ok(ret) } -fn lookup_ipv4(host: &str, port: u16) -> SocketAddr { - use std::net::ToSocketAddrs; - - let addrs = (host, port).to_socket_addrs().unwrap(); +fn lookup_ipv4(host: &str, port: u16) -> Result { + let addrs = (host, port) + .to_socket_addrs() + .map_err(|_| Error::cannot_lookup_address(host.to_string(), port))?; for addr in addrs { if let SocketAddr::V4(_) = addr { - return addr; + return Ok(addr); } } - - unreachable!("Cannot lookup address"); + Err(Error::cannot_lookup_address(host.to_string(), port)) } -// CONTRACT: `hex` length must be 32 -pub(crate) fn decode_spid(hex: &str) -> sgx_spid_t { +pub(crate) fn decode_spid(spid_str: &str) -> Result { + let spid_str = spid_str.trim(); + if spid_str.len() != 32 { + return Err(Error::invalid_spid(format!( + "invalid length: {}", + spid_str.len() + ))); + } + let decoded_vec = match hex::decode(spid_str) { + Ok(v) => v, + Err(_) => { + return Err(Error::invalid_spid("failed to decode".to_string())); + } + }; let mut spid = sgx_spid_t::default(); - let hex = &hex.trim(); - assert!(hex.len() == 32); - let decoded_vec = hex::decode(hex).unwrap(); spid.id.copy_from_slice(&decoded_vec[..16]); - spid + Ok(spid) } From 46cbcf28152c7294c67b5efd982c0b36c87da7b2 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 20:14:09 +0900 Subject: [PATCH 20/30] fix to remove unnecessary tendermint crate Signed-off-by: Jun Kimura --- Cargo.lock | 1 - enclave/Cargo.lock | 1 - modules/attestation-report/Cargo.toml | 1 - modules/attestation-report/src/errors.rs | 16 ++++++++++++++++ modules/attestation-report/src/report.rs | 14 +++++--------- modules/attestation-report/src/verification.rs | 17 +++++------------ modules/types/src/time.rs | 9 ++++++--- 7 files changed, 32 insertions(+), 27 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index ff679cf0..90733109 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -274,7 +274,6 @@ dependencies = [ "serde", "serde_json", "sgx_types", - "tendermint 0.29.0", "webpki 0.21.4", ] diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index 3a215047..6d628afd 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -91,7 +91,6 @@ dependencies = [ "serde", "serde_json", "sgx_types", - "tendermint", ] [[package]] diff --git a/modules/attestation-report/Cargo.toml b/modules/attestation-report/Cargo.toml index fd47394e..f666c623 100644 --- a/modules/attestation-report/Cargo.toml +++ b/modules/attestation-report/Cargo.toml @@ -5,7 +5,6 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk", features = ["extra_traits"] } -tendermint = { version = "0.29", default-features = false } chrono = { version = "0.4", default-features = false, features = ["alloc"]} serde = { version = "1.0.184", default-features = false, features = ["alloc"] } serde_json = { version = "1.0", default-features = false, features = ["alloc"] } diff --git a/modules/attestation-report/src/errors.rs b/modules/attestation-report/src/errors.rs index 27029501..3c58c98b 100644 --- a/modules/attestation-report/src/errors.rs +++ b/modules/attestation-report/src/errors.rs @@ -56,6 +56,10 @@ define_error! { [TraceError] |_| { "base64 error" }, + ChronoParse + [TraceError] + |_| { "chrono parse error" }, + TimeError [lcp_types::TimeError] |_| { "Time error" }, @@ -66,8 +70,20 @@ define_error! { } } +impl From for Error { + fn from(value: chrono::ParseError) -> Self { + Self::chrono_parse(value) + } +} + impl From for Error { fn from(value: crypto::Error) -> Self { Self::crypto_error(value) } } + +impl From for Error { + fn from(value: lcp_types::TimeError) -> Self { + Self::time_error(value) + } +} diff --git a/modules/attestation-report/src/report.rs b/modules/attestation-report/src/report.rs index 09cc18a4..d3a93331 100644 --- a/modules/attestation-report/src/report.rs +++ b/modules/attestation-report/src/report.rs @@ -7,7 +7,6 @@ use crypto::Address; use lcp_types::Time; use serde::{Deserialize, Serialize}; use sgx_types::{metadata::metadata_t, sgx_measurement_t, sgx_quote_t, sgx_report_data_t}; -use tendermint::Time as TmTime; pub const REPORT_DATA_V1: u8 = 1; @@ -124,14 +123,11 @@ pub struct AttestationVerificationReport { impl AttestationVerificationReport { pub fn attestation_time(&self) -> Result { let time_fixed = self.timestamp.clone() + "+0000"; - let dt = DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z").unwrap(); - - Ok( - TmTime::from_unix_timestamp(dt.timestamp(), dt.timestamp_subsec_nanos()) - .map_err(lcp_types::TimeError::tendermint) - .map_err(Error::time_error)? - .into(), - ) + let dt = DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z")?; + Ok(Time::from_unix_timestamp( + dt.timestamp(), + dt.timestamp_subsec_nanos(), + )?) } pub fn parse_quote(&self) -> Result { diff --git a/modules/attestation-report/src/verification.rs b/modules/attestation-report/src/verification.rs index 84485a77..db14c267 100644 --- a/modules/attestation-report/src/verification.rs +++ b/modules/attestation-report/src/verification.rs @@ -1,11 +1,6 @@ use crate::prelude::*; use crate::{errors::Error, EndorsedAttestationVerificationReport}; -use lcp_types::Time; -#[cfg(feature = "sgx")] -use rustls_sgx as rustls; -use tendermint::Time as TmTime; -#[cfg(feature = "sgx")] -use webpki_sgx as webpki; +use lcp_types::{nanos_to_duration, Time}; pub const IAS_REPORT_CA: &[u8] = include_bytes!("../../../enclave/Intel_SGX_Attestation_RootCA.pem"); @@ -29,15 +24,13 @@ pub fn verify_report( current_timestamp: Time, report: &EndorsedAttestationVerificationReport, ) -> Result<(), Error> { - let current_unix_timestamp = current_timestamp - .duration_since(TmTime::unix_epoch()) - .unwrap(); // NOTE: Currently, webpki::Time's constructor only accepts seconds as unix timestamp. // Therefore, the current time are rounded up conservatively. - let secs = if current_unix_timestamp.subsec_nanos() > 0 { - current_unix_timestamp.as_secs() + let duration = nanos_to_duration(current_timestamp.as_unix_timestamp_nanos())?; + let secs = if duration.subsec_nanos() > 0 { + duration.as_secs() + 1 } else { - current_unix_timestamp.as_secs() + 1 + duration.as_secs() }; let now = webpki::Time::from_seconds_since_unix_epoch(secs); let root_ca_pem = pem::parse(IAS_REPORT_CA).expect("failed to parse pem bytes"); diff --git a/modules/types/src/time.rs b/modules/types/src/time.rs index 447b7be9..fc3cb5bb 100644 --- a/modules/types/src/time.rs +++ b/modules/types/src/time.rs @@ -27,11 +27,14 @@ impl Time { Time(TmTime::unix_epoch()) } + pub fn from_unix_timestamp(secs: i64, nanos: u32) -> Result { + let ut = TmTime::from_unix_timestamp(secs, nanos).map_err(TimeError::tendermint)?; + Ok(Time(ut)) + } + pub fn from_unix_timestamp_nanos(timestamp: u128) -> Result { let d = nanos_to_duration(timestamp)?; - let ut = TmTime::from_unix_timestamp(d.as_secs().try_into()?, d.subsec_nanos()) - .map_err(TimeError::tendermint)?; - Ok(Time(ut)) + Self::from_unix_timestamp(d.as_secs().try_into()?, d.subsec_nanos()) } pub fn as_unix_timestamp_secs(&self) -> u64 { From 3fdd4e602cc90cc898847f38144ba7c4f3475e96 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 20:21:05 +0900 Subject: [PATCH 21/30] remove unused code Signed-off-by: Jun Kimura --- modules/ocall-handler/src/lib.rs | 1 - .../ocall-handler/src/remote_attestation.rs | 125 ------------------ 2 files changed, 126 deletions(-) delete mode 100644 modules/ocall-handler/src/remote_attestation.rs diff --git a/modules/ocall-handler/src/lib.rs b/modules/ocall-handler/src/lib.rs index d29dbab3..452e9e92 100644 --- a/modules/ocall-handler/src/lib.rs +++ b/modules/ocall-handler/src/lib.rs @@ -1,6 +1,5 @@ pub use router::dispatch; mod errors; -// mod remote_attestation; mod router; mod store; diff --git a/modules/ocall-handler/src/remote_attestation.rs b/modules/ocall-handler/src/remote_attestation.rs deleted file mode 100644 index 3d04bb87..00000000 --- a/modules/ocall-handler/src/remote_attestation.rs +++ /dev/null @@ -1,125 +0,0 @@ -use log::*; -use std::net::{SocketAddr, TcpStream}; -use std::os::unix::io::IntoRawFd; -use std::ptr; - -use crate::errors::{Error, Result}; -use ocall_commands::{ - GetIASSocketResult, GetQuoteInput, GetQuoteResult, GetReportAttestationStatusInput, - GetReportAttestationStatusResult, InitQuoteResult, RemoteAttestationCommand, - RemoteAttestationResult, -}; -use sgx_types::*; - -pub fn dispatch(command: RemoteAttestationCommand) -> Result { - use RemoteAttestationCommand::*; - - let res = match command { - InitQuote => RemoteAttestationResult::InitQuote(init_quote()?), - GetIASSocket => RemoteAttestationResult::GetIASSocket(get_ias_socket()?), - GetQuote(input) => RemoteAttestationResult::GetQuote(get_quote(input)?), - GetReportAttestationStatus(input) => RemoteAttestationResult::GetReportAttestationStatus( - get_report_attestation_status(input)?, - ), - }; - Ok(res) -} - -fn init_quote() -> Result { - let mut target_info = sgx_target_info_t::default(); - let mut epid_group_id = sgx_epid_group_id_t::default(); - match unsafe { sgx_init_quote(&mut target_info, &mut epid_group_id) } { - sgx_status_t::SGX_SUCCESS => {} - s => return Err(Error::sgx_error(s, "failed to sgx_init_quote".into())), - } - Ok(InitQuoteResult { - target_info, - epid_group_id, - }) -} - -fn get_ias_socket() -> Result { - let port = 443; - let hostname = "api.trustedservices.intel.com"; - let addr = lookup_ipv4(hostname, port); - let sock = TcpStream::connect(addr).expect("[-] Connect tls server failed!"); - - Ok(GetIASSocketResult { - fd: sock.into_raw_fd(), - }) -} - -fn get_quote(input: GetQuoteInput) -> Result { - let mut quote_size: u32 = 0; - - let (p_sigrl, sigrl_len) = if input.sigrl.is_empty() { - (ptr::null(), 0) - } else { - (input.sigrl.as_ptr(), input.sigrl.len() as u32) - }; - - let ret = unsafe { sgx_calc_quote_size(p_sigrl, sigrl_len, &mut quote_size as *mut u32) }; - - if ret != sgx_status_t::SGX_SUCCESS { - return Err(Error::sgx_error( - ret, - "failed to sgx_calc_quote_size".into(), - )); - } - - info!("quote size = {}", quote_size); - let mut qe_report = sgx_report_t::default(); - let quote = [0u8; 2048]; - let p_quote = quote.as_ptr(); - - let ret = unsafe { - sgx_get_quote( - &input.report, - input.quote_type, - &input.spid, - &input.nonce, - p_sigrl, - sigrl_len, - &mut qe_report, - p_quote as *mut sgx_quote_t, - quote_size, - ) - }; - - if ret != sgx_status_t::SGX_SUCCESS { - return Err(Error::sgx_error(ret, "failed to sgx_get_quote".into())); - } - - Ok(GetQuoteResult { - qe_report, - quote: quote[..quote_size as usize].to_vec(), - }) -} - -fn get_report_attestation_status( - input: GetReportAttestationStatusInput, -) -> Result { - let mut update_info = sgx_update_info_bit_t::default(); - let ret = unsafe { - sgx_report_attestation_status( - &input.platform_blob, - input.enclave_trusted, - &mut update_info, - ) - }; - // TODO validate `ret` - Ok(GetReportAttestationStatusResult { ret, update_info }) -} - -fn lookup_ipv4(host: &str, port: u16) -> SocketAddr { - use std::net::ToSocketAddrs; - - let addrs = (host, port).to_socket_addrs().unwrap(); - for addr in addrs { - if let SocketAddr::V4(_) = addr { - return addr; - } - } - - unreachable!("Cannot lookup address"); -} From 26eaae75f8ec088c3a5bdb901177b59a37d20c14 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 20:35:31 +0900 Subject: [PATCH 22/30] remove unused feature Signed-off-by: Jun Kimura --- enclave-modules/ecall-handler/Cargo.toml | 2 +- modules/attestation-report/Cargo.toml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/enclave-modules/ecall-handler/Cargo.toml b/enclave-modules/ecall-handler/Cargo.toml index 2520583c..1917d38a 100644 --- a/enclave-modules/ecall-handler/Cargo.toml +++ b/enclave-modules/ecall-handler/Cargo.toml @@ -9,7 +9,7 @@ sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave- flex-error = { version = "0.4.4", default-features = false } crypto = { path = "../../modules/crypto", default-features = false, features = ["sgx"] } -attestation-report = { path = "../../modules/attestation-report", default-features = false, features = ["sgx"] } +attestation-report = { path = "../../modules/attestation-report", default-features = false } context = { path = "../../modules/context", default-features = false } enclave-environment = { path = "../environment", default-features = false } diff --git a/modules/attestation-report/Cargo.toml b/modules/attestation-report/Cargo.toml index f666c623..9d02997d 100644 --- a/modules/attestation-report/Cargo.toml +++ b/modules/attestation-report/Cargo.toml @@ -26,4 +26,3 @@ std = [ "flex-error/std", "serde_json/preserve_order" ] -sgx = [] From db842a6e5368e2e30b319e1f62a5d88dbf35e2f3 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 23:05:30 +0900 Subject: [PATCH 23/30] fix error handling Signed-off-by: Jun Kimura --- modules/enclave-api/src/lib.rs | 3 ++- modules/remote-attestation/src/errors.rs | 4 ++++ modules/remote-attestation/src/ias.rs | 2 +- modules/remote-attestation/src/ias_simulation.rs | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/modules/enclave-api/src/lib.rs b/modules/enclave-api/src/lib.rs index a2d183bc..d9fceb07 100644 --- a/modules/enclave-api/src/lib.rs +++ b/modules/enclave-api/src/lib.rs @@ -1,6 +1,7 @@ pub use api::{EnclaveCommandAPI, EnclavePrimitiveAPI, EnclaveProtoAPI}; pub use enclave::{Enclave, EnclaveInfo}; -use errors::{Error, Result}; +pub use errors::Error; +use errors::Result; mod api; mod enclave; diff --git a/modules/remote-attestation/src/errors.rs b/modules/remote-attestation/src/errors.rs index 7c84a323..a59ab549 100644 --- a/modules/remote-attestation/src/errors.rs +++ b/modules/remote-attestation/src/errors.rs @@ -130,5 +130,9 @@ define_error! { Time [lcp_types::TimeError] |_| { "Time error" }, + + EnclaveApi + [enclave_api::Error] + |_| { "EnclaveAPI error" }, } } diff --git a/modules/remote-attestation/src/ias.rs b/modules/remote-attestation/src/ias.rs index 4c0b17b9..51053aa2 100644 --- a/modules/remote-attestation/src/ias.rs +++ b/modules/remote-attestation/src/ias.rs @@ -25,7 +25,7 @@ pub fn run_ias_ra, S: CommitStore>( target_enclave_key, operator, }) - .unwrap(); + .map_err(Error::enclave_api)?; // Now sigrl is the revocation list, a vec let sigrl = get_sigrl_from_intel(mode, epid_group_id, &ias_key)?; diff --git a/modules/remote-attestation/src/ias_simulation.rs b/modules/remote-attestation/src/ias_simulation.rs index 07f2369a..43822933 100644 --- a/modules/remote-attestation/src/ias_simulation.rs +++ b/modules/remote-attestation/src/ias_simulation.rs @@ -24,7 +24,7 @@ pub fn run_ias_ra_simulation, S: CommitStore>( target_enclave_key, operator, }) - .unwrap(); + .map_err(Error::enclave_api)?; let (quote, qe_report) = get_quote(vec![], report, SGX_QUOTE_SIGN_TYPE, Default::default())?; validate_qe_report(&target_info, &qe_report)?; From 34faab9895a7f6f448141935dd6dbf2b5a828bb2 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 23:13:38 +0900 Subject: [PATCH 24/30] crypto: improve error messages Signed-off-by: Jun Kimura --- app/src/commands/attestation.rs | 4 ++-- modules/crypto/src/errors.rs | 9 ++------- modules/crypto/src/sgx/rand.rs | 3 ++- modules/crypto/src/sgx/sealing.rs | 8 ++++++-- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/app/src/commands/attestation.rs b/app/src/commands/attestation.rs index 814521da..c2357bf1 100644 --- a/app/src/commands/attestation.rs +++ b/app/src/commands/attestation.rs @@ -115,7 +115,7 @@ fn run_ias_remote_attestation, S: CommitStore>( .save_avr(target_enclave_key, res)?; Ok(()) } - Err(e) => bail!("failed to perform IAS Remote Attestation: {:?}!", e), + Err(e) => bail!("failed to perform IAS Remote Attestation: {}", e), } } @@ -259,6 +259,6 @@ fn run_simulate_remote_attestation, S: CommitStore>( .save_avr(target_enclave_key, res)?; Ok(()) } - Err(e) => bail!("failed to simulate Remote Attestation: {:?}!", e), + Err(e) => bail!("failed to simulate Remote Attestation: {}", e), } } diff --git a/modules/crypto/src/errors.rs b/modules/crypto/src/errors.rs index 579e64d1..2687ec8c 100644 --- a/modules/crypto/src/errors.rs +++ b/modules/crypto/src/errors.rs @@ -9,9 +9,10 @@ define_error! { SgxError { status: sgx_status_t, + descr: String } |e| { - format_args!("SGX error: {:?}", e.status) + format_args!("SGX error: status={:?} descr={}", e.status, e.descr) }, FailedSeal @@ -78,12 +79,6 @@ define_error! { } } -impl From for Error { - fn from(value: sgx_status_t) -> Self { - Self::sgx_error(value) - } -} - impl From for Error { fn from(value: libsecp256k1::Error) -> Self { Self::secp256k1(value) diff --git a/modules/crypto/src/sgx/rand.rs b/modules/crypto/src/sgx/rand.rs index fdec2df9..7b5bfcb6 100644 --- a/modules/crypto/src/sgx/rand.rs +++ b/modules/crypto/src/sgx/rand.rs @@ -1,6 +1,7 @@ use crate::errors::Error; +use crate::prelude::*; use sgx_trts::trts::rsgx_read_rand; pub fn rand_slice(rand: &mut [u8]) -> Result<(), Error> { - rsgx_read_rand(rand).map_err(Error::sgx_error) + rsgx_read_rand(rand).map_err(|e| Error::sgx_error(e, "failed to read random data".to_string())) } diff --git a/modules/crypto/src/sgx/sealing.rs b/modules/crypto/src/sgx/sealing.rs index e6cfa239..11f924d7 100644 --- a/modules/crypto/src/sgx/sealing.rs +++ b/modules/crypto/src/sgx/sealing.rs @@ -26,7 +26,8 @@ impl SealingKey for EnclaveKey { } fn seal_enclave_key(data: UnsealedEnclaveKey) -> Result { - let sealed_data = SgxSealedData::::seal_data(Default::default(), &data)?; + let sealed_data = SgxSealedData::::seal_data(Default::default(), &data) + .map_err(|e| Error::sgx_error(e, "failed to seal enclave key".to_string()))?; let mut sek = SealedEnclaveKey([0; SEALED_DATA_32_USIZE]); let _ = unsafe { sealed_data.to_raw_sealed_data_t( @@ -46,7 +47,10 @@ fn unseal_enclave_key(sek: &SealedEnclaveKey) -> Result Date: Tue, 10 Sep 2024 23:23:18 +0900 Subject: [PATCH 25/30] remove unused patches Signed-off-by: Jun Kimura --- Cargo.lock | 40 ---------------------------------------- Cargo.toml | 17 ----------------- enclave/Cargo.lock | 40 ---------------------------------------- enclave/Cargo.toml | 18 ------------------ 4 files changed, 115 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 90733109..2bf72420 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -6389,43 +6389,3 @@ dependencies = [ "cc", "libc", ] - -[[patch.unused]] -name = "sgx_alloc" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_crypto_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_rand" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize_derive" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize_derive_internals" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_tcrypto_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_tstd" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" diff --git a/Cargo.toml b/Cargo.toml index dc4c7398..91989729 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -35,20 +35,3 @@ exclude = [ "enclave-modules/ecall-handler", "proto-compiler" ] - -[patch."https://github.com/apache/teaclave-sgx-sdk.git"] -sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_urts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_alloc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_libc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize_derive = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize_derive_internals = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_trts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tcrypto = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tcrypto_helper = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_crypto_helper = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_rand = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tseal = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index 6d628afd..aef2d11c 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -1868,43 +1868,3 @@ dependencies = [ "syn 1.0.103", "synstructure", ] - -[[patch.unused]] -name = "sgx_crypto_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_rand" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize_derive" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_serialize_derive_internals" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_tcrypto_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_tstd" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - -[[patch.unused]] -name = "sgx_urts" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" diff --git a/enclave/Cargo.toml b/enclave/Cargo.toml index 06fb384c..d7b4893d 100644 --- a/enclave/Cargo.toml +++ b/enclave/Cargo.toml @@ -15,24 +15,6 @@ default = [] enclave-runtime = { path = "../enclave-modules/runtime" } tendermint-lc = { path = "../modules/tendermint-lc", default-features = false } -[patch."https://github.com/apache/teaclave-sgx-sdk.git"] -sgx_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_no_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_urts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tse = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_alloc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_libc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize_derive = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_serialize_derive_internals = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_trts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tcrypto = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tcrypto_helper = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_crypto_helper = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_rand = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_tseal = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } - [patch."crates-io"] # TODO these patches would be better as optional sha2-0106 = { git = "https://github.com/bluele/hashes", branch = "0.10.6-sha256-hwa-disabled", package = "sha2" } From 3fe3071db045e086fade3a6665d0869424785a4d Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Tue, 10 Sep 2024 23:43:38 +0900 Subject: [PATCH 26/30] remove unused targets Signed-off-by: Jun Kimura --- Makefile | 6 ------ 1 file changed, 6 deletions(-) diff --git a/Makefile b/Makefile index 33b5f013..0aade39d 100644 --- a/Makefile +++ b/Makefile @@ -117,8 +117,6 @@ Signed_RustEnclave_Name := bin/enclave.signed.so ######## Test Settings ######## -DOCKER ?= docker -DOCKER_BUILD ?= $(DOCKER) build --rm --no-cache --pull GAIAD_VERSION ?= v7.0.3 ######## Targets ######## @@ -224,7 +222,3 @@ test-setup-nodes: bin/gaiad bin/gaiad: curl -o ./bin/gaiad -LO https://github.com/cosmos/gaia/releases/download/$(GAIAD_VERSION)/gaiad-$(GAIAD_VERSION)-linux-amd64 && chmod +x ./bin/gaiad - -.PHONY: docker -sgx-docker: - @cd rust-sgx-sdk/dockerfile && docker build --no-cache -t datachainlab/sgx-rust:2004-1.1.6 -f Dockerfile.2004.nightly . From f9c9afa6c0e25de6da24cb28da8ec3108266c5e1 Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Mon, 9 Sep 2024 19:20:01 +0900 Subject: [PATCH 27/30] fix sealing policy Signed-off-by: Jun Kimura --- modules/crypto/src/sgx/sealing.rs | 27 +++++++++++++++++++++------ 1 file changed, 21 insertions(+), 6 deletions(-) diff --git a/modules/crypto/src/sgx/sealing.rs b/modules/crypto/src/sgx/sealing.rs index 11f924d7..969f766f 100644 --- a/modules/crypto/src/sgx/sealing.rs +++ b/modules/crypto/src/sgx/sealing.rs @@ -7,6 +7,7 @@ use crate::{prelude::*, EnclavePublicKey}; use libsecp256k1::{util::SECRET_KEY_SIZE, SecretKey}; use sgx_tseal::SgxSealedData; use sgx_types::{marker::ContiguousMemory, sgx_sealed_data_t}; +use sgx_types::{sgx_attributes_t, SGX_KEYPOLICY_MRENCLAVE, TSEAL_DEFAULT_MISCMASK}; #[derive(Clone, Copy)] struct UnsealedEnclaveKey([u8; SECRET_KEY_SIZE]); @@ -26,16 +27,30 @@ impl SealingKey for EnclaveKey { } fn seal_enclave_key(data: UnsealedEnclaveKey) -> Result { - let sealed_data = SgxSealedData::::seal_data(Default::default(), &data) - .map_err(|e| Error::sgx_error(e, "failed to seal enclave key".to_string()))?; + let attribute_mask = sgx_attributes_t { + flags: 0xffff_ffff_ffff_fff3, + xfrm: 0, + }; + let sealed_data = SgxSealedData::::seal_data_ex( + SGX_KEYPOLICY_MRENCLAVE, + attribute_mask, + TSEAL_DEFAULT_MISCMASK, + Default::default(), + &data, + ) + .map_err(|e| Error::sgx_error(e, "failed to seal enclave key".to_string()))?; let mut sek = SealedEnclaveKey([0; SEALED_DATA_32_USIZE]); - let _ = unsafe { + match unsafe { sealed_data.to_raw_sealed_data_t( sek.0.as_mut_ptr() as *mut sgx_sealed_data_t, SEALED_DATA_32_SIZE, ) - }; - Ok(sek) + } { + Some(_) => Ok(sek), + None => Err(Error::failed_seal( + "failed to convert to raw sealed data".to_owned(), + )), + } } fn unseal_enclave_key(sek: &SealedEnclaveKey) -> Result { @@ -46,7 +61,7 @@ fn unseal_enclave_key(sek: &SealedEnclaveKey) -> Result Date: Wed, 11 Sep 2024 16:40:11 +0900 Subject: [PATCH 28/30] implement allocator and panic_handler for enclave Signed-off-by: Jun Kimura --- enclave-modules/host-api/src/lib.rs | 2 + enclave-modules/runtime/Cargo.toml | 3 +- enclave-modules/runtime/src/lib.rs | 107 +++++++++++++++++++++++++--- enclave/Cargo.lock | 17 +---- modules/ocall-commands/src/lib.rs | 4 ++ modules/ocall-commands/src/log.rs | 7 ++ modules/ocall-handler/src/errors.rs | 12 +++- modules/ocall-handler/src/lib.rs | 1 + modules/ocall-handler/src/log.rs | 9 +++ modules/ocall-handler/src/router.rs | 4 ++ 10 files changed, 139 insertions(+), 27 deletions(-) create mode 100644 modules/ocall-commands/src/log.rs create mode 100644 modules/ocall-handler/src/log.rs diff --git a/enclave-modules/host-api/src/lib.rs b/enclave-modules/host-api/src/lib.rs index 4af8da86..00daa3f2 100644 --- a/enclave-modules/host-api/src/lib.rs +++ b/enclave-modules/host-api/src/lib.rs @@ -21,6 +21,8 @@ mod prelude { } pub use errors::Error; +/// re-export +pub use ocall_commands; pub mod api; mod errors; diff --git a/enclave-modules/runtime/Cargo.toml b/enclave-modules/runtime/Cargo.toml index 42b93ae3..0a251ceb 100644 --- a/enclave-modules/runtime/Cargo.toml +++ b/enclave-modules/runtime/Cargo.toml @@ -5,14 +5,15 @@ edition = "2021" [dependencies] sgx_types = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } -sgx_no_tstd = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } sgx_trts = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } +sgx_alloc = { rev = "v1.1.6", git = "https://github.com/apache/incubator-teaclave-sgx-sdk" } log = { version = "0.4.8", default-features = false } bincode = { version = "2.0.0-rc.3", default-features = false, features = ["serde", "alloc"] } flex-error = { version = "0.4.4", default-features = false } once_cell = { version = "1.15.0", default-features = false, features = ["alloc"] } enclave-utils = { path = "../utils" } +host-api = { path = "../host-api" } ecall-handler = { path = "../ecall-handler" } enclave-environment = { path = "../environment" } ecall-commands = { path = "../../modules/ecall-commands", default-features = false } diff --git a/enclave-modules/runtime/src/lib.rs b/enclave-modules/runtime/src/lib.rs index 482d78dc..d34f1930 100644 --- a/enclave-modules/runtime/src/lib.rs +++ b/enclave-modules/runtime/src/lib.rs @@ -1,6 +1,103 @@ #![no_std] +#![allow(internal_features)] +#![feature(rustc_private)] +#![feature(lang_items)] +#![feature(alloc_error_handler)] + extern crate alloc; +use core::panic::PanicInfo; +use core::sync::atomic::{AtomicPtr, Ordering}; +use core::{mem, ptr}; + +pub use alloc::alloc::*; +pub use sgx_alloc::System; + +pub use ecalls::{ecall_execute_command, set_environment}; +pub use enclave_environment::{Environment, MapLightClientRegistry}; +/// re-export +pub use sgx_trts; +pub use sgx_types; + +mod ecalls; +mod errors; + +/// global allocator and panic handler for enclave +/// +/// This is a fork of the `sgx_no_tstd` crate, with the following change: +/// - The `begin_panic_handler` function is added to logging the panic message before aborting. + +#[global_allocator] +static ALLOC: sgx_alloc::System = sgx_alloc::System; + +#[panic_handler] +fn begin_panic_handler(info: &PanicInfo<'_>) -> ! { + let _ = host_api::api::execute_command(host_api::ocall_commands::Command::Log( + host_api::ocall_commands::LogCommand { + msg: alloc::format!("[enclave] panic: {:?}\n", info).into_bytes(), + }, + )); + sgx_abort(); +} + +#[lang = "eh_personality"] +#[no_mangle] +unsafe extern "C" fn rust_eh_personality() {} + +static HOOK: AtomicPtr<()> = AtomicPtr::new(ptr::null_mut()); + +/// Registers a custom allocation error hook, replacing any that was previously registered. +/// +/// The allocation error hook is invoked when an infallible memory allocation fails, before +/// the runtime aborts. The default hook prints a message to standard error, +/// but this behavior can be customized with the [`set_alloc_error_hook`] and +/// [`take_alloc_error_hook`] functions. +/// +/// The hook is provided with a `Layout` struct which contains information +/// about the allocation that failed. +/// +/// The allocation error hook is a global resource. +pub fn set_alloc_error_hook(hook: fn(Layout)) { + HOOK.store(hook as *mut (), Ordering::SeqCst); +} + +/// Unregisters the current allocation error hook, returning it. +/// +/// *See also the function [`set_alloc_error_hook`].* +/// +/// If no custom hook is registered, the default hook will be returned. +pub fn take_alloc_error_hook() -> fn(Layout) { + let hook = HOOK.swap(ptr::null_mut(), Ordering::SeqCst); + if hook.is_null() { + default_alloc_error_hook + } else { + unsafe { mem::transmute(hook) } + } +} + +fn default_alloc_error_hook(_layout: Layout) {} + +#[alloc_error_handler] +pub fn rust_oom(layout: Layout) -> ! { + let hook = HOOK.load(Ordering::SeqCst); + let hook: fn(Layout) = if hook.is_null() { + default_alloc_error_hook + } else { + unsafe { mem::transmute(hook) } + }; + hook(layout); + sgx_abort(); +} + +#[link(name = "sgx_trts")] +extern "C" { + pub fn abort() -> !; +} + +fn sgx_abort() -> ! { + unsafe { abort() } +} + #[allow(unused_imports)] mod prelude { pub use core::prelude::v1::*; @@ -20,16 +117,6 @@ mod prelude { pub use core::iter::FromIterator; } -pub use ecalls::{ecall_execute_command, set_environment}; -pub use enclave_environment::{Environment, MapLightClientRegistry}; -/// re-export -pub use sgx_no_tstd; -pub use sgx_trts; -pub use sgx_types; - -mod ecalls; -mod errors; - #[macro_export] macro_rules! setup_runtime { ($func:block) => { diff --git a/enclave/Cargo.lock b/enclave/Cargo.lock index aef2d11c..0bd41645 100644 --- a/enclave/Cargo.lock +++ b/enclave/Cargo.lock @@ -514,9 +514,10 @@ dependencies = [ "enclave-environment", "enclave-utils", "flex-error", + "host-api", "log", "once_cell", - "sgx_no_tstd", + "sgx_alloc", "sgx_trts", "sgx_types", ] @@ -1430,11 +1431,6 @@ name = "sgx_alloc" version = "1.1.6" source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -[[package]] -name = "sgx_build_helper" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" - [[package]] name = "sgx_libc" version = "1.1.6" @@ -1443,15 +1439,6 @@ dependencies = [ "sgx_types", ] -[[package]] -name = "sgx_no_tstd" -version = "1.1.6" -source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk?rev=v1.1.6#c3d82372dff81e5bafb07f71bc8ad532d06b504e" -dependencies = [ - "sgx_alloc", - "sgx_build_helper", -] - [[package]] name = "sgx_tcrypto" version = "1.1.6" diff --git a/modules/ocall-commands/src/lib.rs b/modules/ocall-commands/src/lib.rs index ce4ee60d..84e88124 100644 --- a/modules/ocall-commands/src/lib.rs +++ b/modules/ocall-commands/src/lib.rs @@ -1,9 +1,11 @@ #![no_std] #![allow(clippy::large_enum_variant)] extern crate alloc; +pub use crate::log::LogCommand; pub use crate::store::{StoreCommand, StoreResult}; use serde::{Deserialize, Serialize}; +mod log; mod store; #[derive(Serialize, Deserialize, Debug)] @@ -13,11 +15,13 @@ pub struct OCallCommand { #[derive(Serialize, Deserialize, Debug)] pub enum Command { + Log(LogCommand), Store(StoreCommand), } #[derive(Serialize, Deserialize, Debug)] pub enum CommandResult { + Log, Store(StoreResult), CommandError(alloc::string::String), } diff --git a/modules/ocall-commands/src/log.rs b/modules/ocall-commands/src/log.rs new file mode 100644 index 00000000..8fd9d1c4 --- /dev/null +++ b/modules/ocall-commands/src/log.rs @@ -0,0 +1,7 @@ +use alloc::vec::Vec; +use serde::{Deserialize, Serialize}; + +#[derive(Serialize, Deserialize, Debug)] +pub struct LogCommand { + pub msg: Vec, +} diff --git a/modules/ocall-handler/src/errors.rs b/modules/ocall-handler/src/errors.rs index 29ec00ab..dda3c567 100644 --- a/modules/ocall-handler/src/errors.rs +++ b/modules/ocall-handler/src/errors.rs @@ -16,7 +16,11 @@ define_error! { Store [store::Error] - |_| { "Store error" } + |_| { "Store error" }, + + Io + [TraceError] + |_| { "I/O error" }, } } @@ -25,3 +29,9 @@ impl From for Error { Error::store(err) } } + +impl From for Error { + fn from(err: std::io::Error) -> Self { + Error::io(err) + } +} diff --git a/modules/ocall-handler/src/lib.rs b/modules/ocall-handler/src/lib.rs index 452e9e92..76af9762 100644 --- a/modules/ocall-handler/src/lib.rs +++ b/modules/ocall-handler/src/lib.rs @@ -1,5 +1,6 @@ pub use router::dispatch; mod errors; +mod log; mod router; mod store; diff --git a/modules/ocall-handler/src/log.rs b/modules/ocall-handler/src/log.rs new file mode 100644 index 00000000..cd535ca1 --- /dev/null +++ b/modules/ocall-handler/src/log.rs @@ -0,0 +1,9 @@ +use crate::errors::Error; +use ocall_commands::LogCommand; +use std::io::{stdout, Write}; + +pub fn dispatch(command: LogCommand) -> Result<(), Error> { + stdout().write_all(&command.msg)?; + stdout().flush()?; + Ok(()) +} diff --git a/modules/ocall-handler/src/router.rs b/modules/ocall-handler/src/router.rs index cd2317b6..3910cb22 100644 --- a/modules/ocall-handler/src/router.rs +++ b/modules/ocall-handler/src/router.rs @@ -4,6 +4,10 @@ use ocall_commands::{Command, CommandResult, OCallCommand}; pub fn dispatch(env: &Environment, command: OCallCommand) -> Result { match command.cmd { + Command::Log(cmd) => { + crate::log::dispatch(cmd)?; + Ok(CommandResult::Log) + } Command::Store(cmd) => Ok(CommandResult::Store(store::dispatch(env, cmd)?)), } } From 27ed398ec29b9178a22d6e7c4fead9368fb3337c Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Wed, 11 Sep 2024 19:28:32 +0900 Subject: [PATCH 29/30] tests: use IASMode::Production as default Signed-off-by: Jun Kimura --- tests/integration/src/lib.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/integration/src/lib.rs b/tests/integration/src/lib.rs index 0e0d0406..d288af86 100644 --- a/tests/integration/src/lib.rs +++ b/tests/integration/src/lib.rs @@ -122,7 +122,7 @@ mod tests { enclave, signer, Some(operator), - remote_attestation::IASMode::Development, + remote_attestation::IASMode::Production, std::env::var("SPID")?, std::env::var("IAS_KEY")?, ) { @@ -139,7 +139,7 @@ mod tests { enclave, signer, None, - remote_attestation::IASMode::Development, + remote_attestation::IASMode::Production, std::env::var("SPID")?, std::env::var("IAS_KEY")?, ) { @@ -168,7 +168,7 @@ mod tests { ) { Ok(res) => res.get_avr()?, Err(e) => { - bail!("IAS Remote Attestation Failed {:?}!", e); + bail!("Remote Attestation Simulation Failed {:?}!", e); } }; let report_data = res.parse_quote()?.report_data(); @@ -186,7 +186,7 @@ mod tests { ) { Ok(res) => res.get_avr()?, Err(e) => { - bail!("IAS Remote Attestation Failed {:?}!", e); + bail!("Remote Attestation Simulation Failed {:?}!", e); } }; let report_data = res.parse_quote()?.report_data(); From 330cc2b7619e8cb8db4fc6a6de298980de63c97f Mon Sep 17 00:00:00 2001 From: Jun Kimura Date: Wed, 11 Sep 2024 21:18:24 +0900 Subject: [PATCH 30/30] remove `ibc/std` from std feature Signed-off-by: Jun Kimura --- modules/light-client/Cargo.toml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/light-client/Cargo.toml b/modules/light-client/Cargo.toml index ccbea928..59bd454b 100644 --- a/modules/light-client/Cargo.toml +++ b/modules/light-client/Cargo.toml @@ -21,8 +21,7 @@ std = [ "flex-error/std", "lcp-types/std", "commitments/std", - "store/std", - "ibc?/std", + "store/std" ] ibc = [ "dep:ibc",