v1.0.1 release

apache · Jul 17, 2018 · aa6708c · aa6708c
1 parent 7f14232
commit aa6708c
Show file tree

Hide file tree

Showing 273 changed files with 63,196 additions and 1,732 deletions.
diff --git a/Readme.md b/Readme.md
@@ -3,6 +3,9 @@ Rust SGX SDK helps developers write Intel SGX applications in Rust programming l
 
 To achieve better security, we recommend developers to apply [Non-bypassable Security Paradigm (NbSP)](https://github.com/baidu/rust-sgx-sdk/blob/master/documents/nbsp.pdf) to the system design and implementation.
 
+## v1.0.1 Release
+This version supports the Rust nightly build (nightly-2018-07-16) in master branch and the most recent Rust stable build (stable-2018-07-10). And it supports the latest Intel SGX SDK **v2.2**. New third party libraries include: bytes, http, iovec, rust-crypto, rust-fnv and rust-threshold-secret-sharing. New code sample 'secretsharing' and 'rust-threshold-secret-sharing' is provided by @davidp94. Please refer to [release_notes](release_notes.md) for further details.
+
 ## v1.0.0 Release
 We proudly announce v1.0.0 of rust-sgx-sdk! We port Parity's [Webassembly Interpreter](https://github.com/paritytech/wasmi) to Intel SGX and provide a full functional in-enclave [wasmi sample](samplecode/wasmi), and a [sample solution](samplecode/psi) of two-party private-set-intersection resisting side-channel attacks! From this version, we start to support most recent stable branch of Rust instead of nightly for better stability and future production use. Thus, the [stable branch](https://github.com/baidu/rust-sgx-sdk/tree/rust-stable) of v1.0.0 supports the most recent Rust stable toolchain (1.26.0 stable-2018-05-07), while the master only supports Rust nightly toolchain of nightly-2018-04-11. Please refer to [release_notes](release_notes.md) for further details.
 
@@ -19,7 +22,7 @@ This version provides a new namespace: `sgx_tstd::untrusted`, including `sgx_tst
 
 Ubuntu 16.04
 
-[Intel SGX SDK 2.1.3 for Linux](https://01.org/intel-software-guard-extensions/downloads) installed
+[Intel SGX SDK 2.2 for Linux](https://01.org/intel-software-guard-extensions/downloads) installed
 
 Docker (Recommended)
 
@@ -34,7 +37,7 @@ Install Intel SGX driver and SDK first. And refer to [Dockerfile](https://github
 
 ### Using docker (Recommended) without ME support
 
-First, make sure Intel SGX Driver 2.1.3 is installed and functions well. `/dev/isgx` should be appeared.
+First, make sure Intel SGX Driver 2.2 is installed and functions well. `/dev/isgx` should be appeared.
 
 Second, pull the docker image. If you'd like to work on stable branch of Rust and `rust-stable` branch of this SDK, please pull `baiduxlab/sgx-rust-stable` instead.
 
@@ -138,6 +141,8 @@ We provide eighteen sample codes to help developers understand how to write Encl
 
 * `psi` is a prototype solution of the Private-Set-Intersection problem.
 
+* `secretsharing` shows the usage of Shamir sharing in Rust-SGX environment (provided by @davidp94).
+
 # Samples of ported third-party libraries
 
 As of v0.9.5, we provide 25 ported third-party libraries. All of them could be compiled using xargo (`XARGO_SGX=1` make) or cargo (`make`).

diff --git a/dockerfile/Dockerfile b/dockerfile/Dockerfile
@@ -46,8 +46,8 @@ RUN apt-get update && apt-get install -y build-essential ocaml automake autoconf
 #    systemctl enable jhi
 
 RUN mkdir /root/sgx && \
-    wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_psw_2.1.103.44322.bin && \
-    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_sdk_2.1.103.44322.bin && \
+    wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_psw_2.2.100.45311.bin && \
+    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_sdk_2.2.100.45311.bin && \
     cd /root/sgx && \
     chmod +x /root/sgx/psw.bin && \
     /root/sgx/psw.bin && \
@@ -57,16 +57,16 @@ RUN mkdir /root/sgx && \
 
 ADD patch /root/
 
-RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.1.3.tar.gz && \
+RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.2.tar.gz && \
     cd /root && tar xzf src.tar.gz && \
-    cd /root/linux-sgx-sgx_2.1.3 && git apply ../patch && \
-    /root/linux-sgx-sgx_2.1.3/download_prebuilt.sh && \
-    cd /root/linux-sgx-sgx_2.1.3 && make -j && \
-    cp /root/linux-sgx-sgx_2.1.3/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a
+    cd /root/linux-sgx-sgx_2.2 && git apply ../patch && \
+    /root/linux-sgx-sgx_2.2/download_prebuilt.sh && \
+    cd /root/linux-sgx-sgx_2.2 && make -j && \
+    cp /root/linux-sgx-sgx_2.2/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-04-12 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-07-16 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     /root/.cargo/bin/cargo install xargo && \

diff --git a/dockerfile/experimental/Dockerfile b/dockerfile/experimental/Dockerfile
@@ -9,7 +9,8 @@
 #   * Redistributions of source code must retain the above copyright
 #     notice, this list of conditions and the following disclaimer.
 #   * Redistributions in binary form must reproduce the above copyright
-#     notice, this list of conditions and the following disclaimer in #     the documentation and/or other materials provided with the
+#     notice, this list of conditions and the following disclaimer in
+#     the documentation and/or other materials provided with the
 #     distribution.
 #   * Neither the name of Baidu, Inc., nor the names of its
 #     contributors may be used to endorse or promote products derived
@@ -54,8 +55,8 @@ RUN mkdir /root/sgx && \
 #    cd jhi && mkdir build && cd build && cmake .. && make && make install && \
 #    systemctl enable jhi
 
-RUN wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_psw_2.1.103.44322.bin && \
-    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_sdk_2.1.103.44322.bin && \
+RUN wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_psw_2.2.100.45311.bin && \
+    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_sdk_2.2.100.45311.bin && \
     cd /root/sgx && \
     chmod +x /root/sgx/psw.bin && \
     /root/sgx/psw.bin && \
@@ -65,18 +66,18 @@ RUN wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.1.3/ubun
 
 ADD all.patch /root/
 
-RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.1.3.tar.gz && \
-    cd /root && tar xzf src.tar.gz && \
-    cd /root/linux-sgx-sgx_2.1.3 && patch -t -p1 < ../all.patch && \
-    /root/linux-sgx-sgx_2.1.3/download_prebuilt.sh && \
-    cd /root/linux-sgx-sgx_2.1.3 && make -j && \
-    cp /root/linux-sgx-sgx_2.1.3/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a && \
-    cp /root/linux-sgx-sgx_2.1.3/build/linux/aesm_service /opt/intel/sgxpsw/aesm/aesm_service && \
-    cp /root/linux-sgx-sgx_2.1.3/build/linux/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so
+RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.2.tar.gz && \
+     cd /root && tar xzf src.tar.gz && \
+     cd /root/linux-sgx-sgx_2.2 && patch -t -p1 < ../all.patch && \
+     /root/linux-sgx-sgx_2.2/download_prebuilt.sh && \
+     cd /root/linux-sgx-sgx_2.2 && make -j && \
+     cp /root/linux-sgx-sgx_2.2/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a && \
+     cp /root/linux-sgx-sgx_2.2/build/linux/aesm_service /opt/intel/sgxpsw/aesm/aesm_service && \
+     cp /root/linux-sgx-sgx_2.2/build/linux/libsgx_uae_service.so /usr/lib/libsgx_uae_service.so
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain nightly-2018-04-12 && \
+    echo '1' | /root/rustup-init --default-toolchain nightly-2018-07-16 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     /root/.cargo/bin/cargo install xargo && \

diff --git a/dockerfile/rust-stable/Dockerfile b/dockerfile/rust-stable/Dockerfile
@@ -46,8 +46,8 @@ RUN apt-get update && apt-get install -y build-essential ocaml automake autoconf
 #    systemctl enable jhi
 
 RUN mkdir /root/sgx && \
-    wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_psw_2.1.103.44322.bin && \
-    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.1.3/ubuntu64-desktop/sgx_linux_x64_sdk_2.1.103.44322.bin && \
+    wget -O /root/sgx/psw.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_psw_2.2.100.45311.bin && \
+    wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.2/ubuntu64-desktop/sgx_linux_x64_sdk_2.2.100.45311.bin && \
     cd /root/sgx && \
     chmod +x /root/sgx/psw.bin && \
     /root/sgx/psw.bin && \
@@ -57,16 +57,16 @@ RUN mkdir /root/sgx && \
 
 ADD patch /root/
 
-RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.1.3.tar.gz && \
+RUN wget -O /root/src.tar.gz https://github.com/intel/linux-sgx/archive/sgx_2.2.tar.gz && \
     cd /root && tar xzf src.tar.gz && \
-    cd /root/linux-sgx-sgx_2.1.3 && git apply ../patch && \
-    /root/linux-sgx-sgx_2.1.3/download_prebuilt.sh && \
-    cd /root/linux-sgx-sgx_2.1.3 && make -j && \
-    cp /root/linux-sgx-sgx_2.1.3/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a
+    cd /root/linux-sgx-sgx_2.2 && git apply ../patch && \
+    /root/linux-sgx-sgx_2.2/download_prebuilt.sh && \
+    cd /root/linux-sgx-sgx_2.2 && make -j && \
+    cp /root/linux-sgx-sgx_2.2/build/linux/libsgx_tstdc.a /opt/sgxsdk/lib64/libsgx_tstdc.a
 
 RUN wget 'https://static.rust-lang.org/rustup/dist/x86_64-unknown-linux-gnu/rustup-init' -O /root/rustup-init && \
     chmod +x /root/rustup-init && \
-    echo '1' | /root/rustup-init --default-toolchain stable-2018-05-10 && \
+    echo '1' | /root/rustup-init --default-toolchain stable-2018-07-10 && \
     echo 'source /root/.cargo/env' >> /root/.bashrc && \
     /root/.cargo/bin/rustup component add rust-src && \
     /root/.cargo/bin/cargo install xargo && \

diff --git a/release_notes.md b/release_notes.md
@@ -1,3 +1,16 @@
+# Rust SGX SDK v1.0.1 Release Notes
+
+**Support Intel SGX SDK v2.2**
+
+**Support Rust nightly-2018-07-16**
+
+**Support Rust stable-2018-07-10**
+
+**New third party libraries** bytes, http, iovec, rust-crypto, rust-fnv and rust-threshold-secret-sharing.
+
+**New code sample** Thanks to @davidp94 for the secretsharing code sample.
+
+
 # Rust SGX SDK v1.0.0 Release Notes
 
 Baidu X-Lab provides Rust SGX SDK that is a bundle of basic libraries, scripts and ported libraries for developing Intel SGX programs in Rust programming language. Based on this SDK, developers could easily build up their SGX programs in Rust. Rust SGX SDK provides the strongest defence and helps protect the secret data reside in an enclave effectively even when the OS is compromised. It is important to real world data privacy and cloud security. Since the first day of open source, we have recevied many recommendations and supports from both academic and industry. Today, we are proudly releasing the 1.0.0 version of Rust SGX SDK, indicating that Rust SGX SDK is becoming stable and ready for production.

diff --git a/samplecode/crypto/app/app.c b/samplecode/crypto/app/app.c
@@ -318,7 +318,11 @@ int SGX_CDECL main(int argc, char *argv[])
     printf("\n");
 
     printf("[+] Starting aes-gcm-128 decrypt calculation\n");
-    printf("[+] aes-gcm-128 expected plaintext: %s", aes_gcm_plaintext);
+    printf("[+] aes-gcm-128 expected plaintext:");
+    for(i = 0; i < 16; i ++) {
+        printf("%02x", aes_gcm_plaintext[i]);
+    }
+    printf("\n");
 
     uint8_t aes_gcm_decrypted_text[16] = {0};
     sgx_ret = aes_gcm_128_decrypt(global_eid,
@@ -395,6 +399,40 @@ int SGX_CDECL main(int argc, char *argv[])
     }
     printf("\n");
 
+    uint8_t rsa_msg[] = {
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+        0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+        0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+        0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+        0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+        0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+        0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
+        0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
+        0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
+        0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
+        0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
+        0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
+        0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
+        0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
+        0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
+    };
+
+    sgx_ret = rsa_key(global_eid,
+                      &enclave_ret,
+                      rsa_msg,
+                      sizeof(rsa_msg));
+
+    if(sgx_ret != SGX_SUCCESS) {
+        print_error_message(sgx_ret);
+        return -1;
+    }
+    if(enclave_ret != SGX_SUCCESS) {
+        print_error_message(enclave_ret);
+        return -1;
+    }
+    printf("rsa_key success. \n");
+
     /* Destroy the enclave */
     sgx_destroy_enclave(global_eid);
 

diff --git a/samplecode/crypto/enclave/Cargo.toml b/samplecode/crypto/enclave/Cargo.toml
@@ -12,5 +12,6 @@ default = []
 
 [target.'cfg(not(target_env = "sgx"))'.dependencies]
 sgx_types = { path = "../../../sgx_types" }
+sgx_trts = { path = "../../../sgx_trts" }
 sgx_tstd = { path = "../../../sgx_tstd" }
-sgx_tcrypto = { path = "../../../sgx_tcrypto" }
+sgx_tcrypto = { path = "../../../sgx_tcrypto" }
diff --git a/samplecode/crypto/enclave/Enclave.config.xml b/samplecode/crypto/enclave/Enclave.config.xml
@@ -2,8 +2,8 @@
 <EnclaveConfiguration>
   <ProdID>0</ProdID>
   <ISVSVN>0</ISVSVN>
-  <StackMaxSize>0x40000</StackMaxSize>
-  <HeapMaxSize>0x100000</HeapMaxSize>
+  <StackMaxSize>0x80000</StackMaxSize>
+  <HeapMaxSize>0x10000000</HeapMaxSize>
   <TCSNum>1</TCSNum>
   <TCSPolicy>1</TCSPolicy>
   <DisableDebug>0</DisableDebug>

diff --git a/samplecode/crypto/enclave/Enclave.edl b/samplecode/crypto/enclave/Enclave.edl
@@ -60,6 +60,8 @@ enclave {
                                      [in] uint8_t key[16],
                                      [out] uint8_t cmac[16]);
 
+        public sgx_status_t rsa_key([in, size=len] const uint8_t* text, size_t len);
+
     };
 
     untrusted {

diff --git a/samplecode/crypto/enclave/src/lib.rs b/samplecode/crypto/enclave/src/lib.rs
@@ -34,12 +34,14 @@
 
 extern crate sgx_types;
 extern crate sgx_tcrypto;
+extern crate sgx_trts;
 #[cfg(not(target_env = "sgx"))]
 #[macro_use]
 extern crate sgx_tstd as std;
 
 use sgx_types::*;
 use sgx_tcrypto::*;
+use sgx_trts::memeq::ConsttimeMemEq;
 use std::vec::Vec;
 use std::slice;
 use std::ptr;
@@ -354,3 +356,102 @@ pub extern "C" fn aes_cmac(text: *const u8,
 
     sgx_status_t::SGX_SUCCESS
 }
+
+
+#[no_mangle]
+pub extern "C" fn rsa_key(text: * const u8, text_len: usize) -> sgx_status_t {
+
+    let text_slice = unsafe { slice::from_raw_parts(text, text_len) };
+
+    if text_slice.len() != text_len {
+        return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+    }
+
+    let mod_size: i32 = 256;
+    let exp_size: i32 = 4;
+    let mut n: Vec<u8> = vec![0_u8; mod_size as usize];
+    let mut d: Vec<u8> = vec![0_u8; mod_size as usize];
+    let mut e: Vec<u8> = vec![1, 0, 1, 0];
+    let mut p: Vec<u8> = vec![0_u8; mod_size as usize / 2];
+    let mut q: Vec<u8> = vec![0_u8; mod_size as usize / 2];
+    let mut dmp1: Vec<u8> = vec![0_u8; mod_size as usize / 2];
+    let mut dmq1: Vec<u8> = vec![0_u8; mod_size as usize / 2];
+    let mut iqmp: Vec<u8> = vec![0_u8; mod_size as usize / 2];
+
+    let result = rsgx_create_rsa_key_pair(mod_size, 
+                                          exp_size, 
+                                          n.as_mut_slice(),
+                                          d.as_mut_slice(),
+                                          e.as_mut_slice(),
+                                          p.as_mut_slice(),
+                                          q.as_mut_slice(),
+                                          dmp1.as_mut_slice(),
+                                          dmq1.as_mut_slice(),
+                                          iqmp.as_mut_slice());
+
+    match result {
+        Err(x) => {
+            return x;
+        },
+        Ok(()) => {},
+    }
+
+    let privkey = SgxRsaPrivKey::new();
+    let pubkey = SgxRsaPubKey::new();
+
+    let result = pubkey.create(mod_size,
+                               exp_size,
+                               n.as_slice(),
+                               e.as_slice());
+    match result {
+        Err(x) => return x,
+        Ok(()) => {},
+    };
+
+    let result = privkey.create(mod_size,
+                                exp_size,
+                                e.as_slice(),
+                                p.as_slice(),
+                                q.as_slice(),
+                                dmp1.as_slice(),
+                                dmq1.as_slice(),
+                                iqmp.as_slice());
+    match result {
+        Err(x) => return x,
+        Ok(()) => {},
+    };
+
+    let mut ciphertext: Vec<u8> = vec![0_u8; 256];
+    let mut chipertext_len: usize = ciphertext.len();
+    let ret = pubkey.encrypt_sha256(ciphertext.as_mut_slice(),
+                                    &mut chipertext_len,
+                                    text_slice);
+    match ret {
+        Err(x) => {
+            return x;
+        },
+        Ok(()) => {
+            println!("rsa chipertext_len: {:?}", chipertext_len);
+        },
+    };
+
+    let mut plaintext: Vec<u8> = vec![0_u8; 256];
+    let mut plaintext_len: usize = plaintext.len();
+    let ret = privkey.decrypt_sha256(plaintext.as_mut_slice(),
+                                     &mut plaintext_len,
+                                     ciphertext.as_slice());
+    match ret {
+        Err(x) => {
+            return x;
+        },
+        Ok(()) => {
+            println!("rsa plaintext_len: {:?}", plaintext_len);
+        },
+    };
+
+    if plaintext[..plaintext_len].consttime_memeq(text_slice) == false {
+        return sgx_status_t::SGX_ERROR_UNEXPECTED;
+    }
+
+    sgx_status_t::SGX_SUCCESS
+}
diff --git a/samplecode/hello-rust/app/Cargo.toml b/samplecode/hello-rust/app/Cargo.toml
@@ -7,3 +7,4 @@ build = "build.rs"
 [dependencies]
 sgx_types = { path = "../../../sgx_types" }
 sgx_urts = { path = "../../../sgx_urts" }
+dirs = "1.0.2"