Rust SGX SDK v0.1.0

Readme.md

@@ -0,0 +1,106 @@
+# Rust SGX SDK
+This Rust SGX SDK helps developers write Intel SGX enclaves in Rust programming language. 
+
+## Requirement
+Ubuntu 16.04
+
+[Intel SGX SDK 1.8 for Linux](https://01.org/zh/intel-softwareguard-extensions) installed
+
+Docker (Recommended)
+
+## Configuration
+
+### Using docker (Recommended)
+First, make sure Intel SGX Driver 1.8 is installed and functions well. `/dev/isgx` should be appeared.
+
+Second, pull the docker image
+
+`$ docker pull baiduxlab/sgx-rust`
+
+Third, start a docker with sgx device support and the Rust SGX SDK.
+
+`$ docker run -v /your/path/to/rust-sgx:/root/sgx -ti --device /dev/isgx baiduxlab/sgx-rust`
+
+Next, start the aesm service inside the docker
+
+`root@docker:/# /opt/intel/sgxpsw/aesm/aesm_service &`
+
+Finally, check if the sample code works
+
+`root@docker:~/sgx/samplecode/helloworld# make`
+
+`root@docker:~/sgx/samplecode/helloworld# cd bin`
+
+`root@docker:~/sgx/samplecode/helloworld/bin# ./app`
+
+### Native without docker (Not recommended)
+
+Install Intel SGX driver and SDK first. And refer to Dockerfile for detail. 
+
+## Build the docker image by yourself
+
+Make sure Intel SGX SDK is properly installed and service started on the host
+OS. Then `cd dockerfile` and run `docker build -t rust-sgx-docker` to build.
+
+# Sample Codes
+
+We provide five sample codes to help developers understand how to write Enclave
+codes in Rust. These codes are located at `samplecode` directory.
+
+* `helloworld` is a very simple app. It shows some basic usages of argument
+passing, Rust string and ECALL/OCALLs.
+
+* `crypto` shows the usage of crypto APIs provided by Intel SGX libraries. It
+does some crypto calculations inside the enclave, which is recommended in most
+circumstances.
+
+* `localattestation` is a sample ported from the original Intel SGX SDK. It
+shows how to do local attestation in Rust programming language.
+
+* `sealeddata` sample shows how to seal secret data in an enclave and how to
+verify the sealed data. 
+
+* `thread` sample is a sample ported from the original Intel SGX SDK, showing
+some basic usages of threading APIs. 
+
+# Tips for writing enclaves in Rust
+
+## Writing EDL
+
+* For fixed-length array in ECALL/OCALL definition, declare it as an array.  For
+dynamic-length array, use the keyword `size=` to let the Intel SGX knows how
+many bytes should be copied.
+
+## ECALL Function Naming
+
+* Add `#[no_mangle]` for every ECALL function.
+
+## Passing/returning arrays
+
+* For dynamic-length array, the only way is to use raw pointers in Rust. There
+are several functions to get/set data using raw pointers such as
+[`offset`](https://doc.rust-lang.org/1.9.0/std/primitive.pointer.html#method.offset)
+method. One can also use
+[`slice::from_raw_parts`](https://doc.rust-lang.org/std/slice/fn.from_raw_parts.html)
+to convert the array to a slice.
+
+* For Fixed-length array, the above method is acceptable. And according to
+discussions in [issue 30382](https://github.com/rust-lang/rust/issues/30382)
+and [issue 31227](https://github.com/rust-lang/rust/issues/31227),
+thin-pointers (such as fixed-length array) are FFI-safe for now, but
+undocumented. In the sample codes, we use fixed-length arrays for passing and
+returning some fixed-length data.
+
+# License
+
+Baidu Rust-SGX SDK is provided under the BSD license. Please refer to the [License file](LICENSE)
+for details.
+
+# Authors
+
+Ran Duan, Long Li, Yu Ding, Lenx Wei, Tanghui Chen
+
+# Contacts
+
+Yu Ding, [email protected]
+

buildenv.mk

@@ -0,0 +1,130 @@
+#
+# Copyright (c) 2017 Baidu, Inc. All Rights Reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+#  * Redistributions of source code must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#  * Redistributions in binary form must reproduce the above copyright
+#    notice, this list of conditions and the following disclaimer in
+#    the documentation and/or other materials provided with the
+#    distribution.
+#  * Neither the name of Baidu, Inc., nor the names of its
+#    contributors may be used to endorse or promote products derived
+#    from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+#
+#
+
+CP    := /bin/cp -f
+MKDIR := mkdir -p
+STRIP := strip
+OBJCOPY := objcopy
+
+# clean the content of 'INCLUDE' - this variable will be set by vcvars32.bat
+# thus it will cause build error when this variable is used by our Makefile,
+# when compiling the code under Cygwin tainted by MSVC environment settings.
+INCLUDE :=
+
+# turn on stack protector for SDK
+COMMON_FLAGS += -fstack-protector
+
+ifdef DEBUG
+    COMMON_FLAGS += -ggdb -DDEBUG -UNDEBUG
+    COMMON_FLAGS += -DSE_DEBUG_LEVEL=SE_TRACE_DEBUG
+else
+    COMMON_FLAGS += -O2   -UDEBUG -DNDEBUG
+endif
+
+ifdef SE_SIM
+    COMMON_FLAGS += -DSE_SIM
+endif
+
+# turn on compiler warnings as much as possible
+COMMON_FLAGS += -Wall -Wextra -Winit-self -Wpointer-arith -Wreturn-type \
+		-Waddress -Wsequence-point -Wformat-security \
+		-Wmissing-include-dirs -Wfloat-equal -Wundef -Wshadow \
+		-Wcast-align -Wconversion -Wredundant-decls
+
+# additional warnings flags for C
+CFLAGS += -Wjump-misses-init -Wstrict-prototypes -Wunsuffixed-float-constants
+
+# additional warnings flags for C++
+CXXFLAGS += -Wnon-virtual-dtor
+
+# for static_assert()
+CXXFLAGS += -std=c++0x
+
+.DEFAULT_GOAL := all
+# this turns off the RCS / SCCS implicit rules of GNU Make
+% : RCS/%,v
+% : RCS/%
+% : %,v
+% : s.%
+% : SCCS/s.%
+
+# If a rule fails, delete $@.
+.DELETE_ON_ERROR:
+
+HOST_FILE_PROGRAM := file
+
+UNAME := $(shell uname -m)
+ifneq (,$(findstring 86,$(UNAME)))
+    HOST_ARCH := x86
+    ifneq (,$(shell $(HOST_FILE_PROGRAM) -L $(SHELL) | grep 'x86[_-]64'))
+        HOST_ARCH := x86_64
+    endif
+else
+    $(info Unknown host CPU arhitecture $(UNAME))
+    $(error Aborting)
+endif
+
+
+ifeq "$(findstring __INTEL_COMPILER, $(shell $(CC) -E -dM -xc /dev/null))" "__INTEL_COMPILER"
+  ifeq ($(shell test -f /usr/bin/dpkg; echo $$?), 0)
+    ADDED_INC := -I /usr/include/$(shell dpkg-architecture -qDEB_BUILD_MULTIARCH)
+  endif
+endif
+
+ARCH := $(HOST_ARCH)
+ifeq "$(findstring -m32, $(CXXFLAGS))" "-m32"
+  ARCH := x86
+endif
+
+ifeq ($(ARCH), x86)
+COMMON_FLAGS += -DITT_ARCH_IA32
+else
+COMMON_FLAGS += -DITT_ARCH_IA64
+endif
+
+CFLAGS   += $(COMMON_FLAGS)
+CXXFLAGS += $(COMMON_FLAGS)
+
+# Compiler and linker options for an Enclave
+#
+# We are using '--export-dynamic' so that `g_global_data_sim' etc.
+# will be exported to dynamic symbol table.
+#
+# When `pie' is enabled, the linker (both BFD and Gold) under Ubuntu 14.04
+# will hide all symbols from dynamic symbol table even if they are marked
+# as `global' in the LD version script.
+ENCLAVE_CFLAGS   = -ffreestanding -nostdinc -fvisibility=hidden -fpie
+ENCLAVE_CXXFLAGS = $(ENCLAVE_CFLAGS) -nostdinc++
+ENCLAVE_LDFLAGS  = -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+                   -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+                   -Wl,--gc-sections \
+                   -Wl,--defsym,__ImageBase=0
+

common/inc/assert.h

@@ -0,0 +1,63 @@
+/*	$OpenBSD: assert.h,v 1.12 2006/01/31 10:53:51 hshoexer Exp $	*/
+/*	$NetBSD: assert.h,v 1.6 1994/10/26 00:55:44 cgd Exp $	*/
+
+/*-
+ * Copyright (c) 1992, 1993
+ *	The Regents of the University of California.  All rights reserved.
+ * (c) UNIX System Laboratories, Inc.
+ * All or some portions of this file are derived from material licensed
+ * to the University of California by American Telephone and Telegraph
+ * Co. or Unix System Laboratories, Inc. and are reproduced herein with
+ * the permission of UNIX System Laboratories, Inc.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of the University nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ *	@(#)assert.h	8.2 (Berkeley) 1/21/94
+ */
+
+/*
+ * Unlike other ANSI header files, <assert.h> may usefully be included
+ * multiple times, with and without NDEBUG defined.
+ */
+
+#include <sys/cdefs.h>
+
+#undef assert
+
+#ifdef NDEBUG
+# define assert(e) ((void)0)
+#else
+# define assert(e) ((e) ? (void)0 : __assert(__FILE__, __LINE__, __func__, #e))
+#endif
+
+#ifndef _ASSERT_H_DECLS
+#define _ASSERT_H_DECLS
+__BEGIN_DECLS
+
+void _TLIBC_CDECL_ __assert(const char *, int, const char *, const char *);
+
+__END_DECLS
+#endif /* Not _ASSERT_H_DECLS */
+