signalapp/SecureValueRecovery
signalapp/SecureValueRecovery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update the Intel SGX SDK (libsgx-enclave-common) to 2.17.100.3 and DCAP to 1.14

Browse Source
This commit is contained in:
Jon Chambers 2022-06-17 10:10:35 -04:00 committed by Jon Chambers
parent 380d71f6ca
commit ff9219a8d6
8 changed files with 917 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
README.md
View File

@ -51,7 +51,7 @@ production, provide the Intel-whitelisted signing key as
- git
- devscripts/debhelper/fakeroot
- rust 1.37.0 toolchain from rustup
- [Intel SGX SDK v2.7.1 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.7.1) build dependencies
- [Intel SGX SDK v2.17 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.17) build dependencies
`````
$ make -C <repository_root>/enclave debuild install
@ -64,7 +64,7 @@ Builds](https://wiki.debian.org/ReproducibleBuilds) project. While building a de
package, `debuild` will record the names and versions of all detected build dependencies
into a *.buildinfo file, for future reproducibility debugging.
The `debuild` target also builds parts needed from the Intel SGX SDK v2.7.1 after cloning it
The `debuild` target also builds parts needed from the Intel SGX SDK v2.17 after cloning it
from github.
The `install` target copies the enclave to `service/kbupd/res/enclave/`, which should
@ -92,7 +92,7 @@ Docker](#building-reproducibly-with-docker) to produce a release-mode enclave.
- clang
- git
- rust 1.37.0 toolchain from rustup
- [Intel SGX SDK v2.7.1 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.7.1) build dependencies
- [Intel SGX SDK v2.17 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.17) build dependencies
`````
$ make -C <repository_root>/enclave all install
@ -136,8 +136,8 @@ $ make -C <repository_root>/service all
## Running the service
### Runtime requirements:
- libsgx-enclave-common >= 2.7.101 [from source](https://github.com/intel/linux-sgx/tree/master#install-the-intelr-sgx-psw) or [prebuilt](https://download.01.org/intel-sgx/sgx_repo/ubuntu/pool/main/libs/libsgx-enclave-common/)
- linux-sgx-driver >= 2.6.0 [from source](https://github.com/intel/linux-sgx-driver) or [prebuilt](https://download.01.org/intel-sgx/sgx-linux/2.7.1/distro/ubuntu18.04-server/)
- libsgx-enclave-common >= 2.17.100.3 [from source](https://github.com/intel/linux-sgx/tree/master#install-the-intelr-sgx-psw) or [prebuilt](https://download.01.org/intel-sgx/sgx_repo/ubuntu/pool/main/libs/libsgx-enclave-common/)
- linux-sgx-driver >= 2.17 [from source](https://github.com/intel/linux-sgx-driver) or [prebuilt](https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu18.04-server/)
- libssl1.1 (OpenSSL)
- libseccomp2
- libprotobuf10

180
enclave/kbupd_enclave/src/ffi/bindgen_wrapper.rs
View File

@ -96,7 +96,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3;
pub const SGX_XFRM_AVX: u32 = 6;
pub const SGX_XFRM_AVX512: u32 = 230;
pub const SGX_XFRM_MPX: u32 = 24;
pub const SGX_XFRM_RESERVED: i32 = -232;
pub const SGX_XFRM_PKRU: u32 = 512;
pub const SGX_XFRM_RESERVED: i32 = -744;
pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0;
pub const SGX_KEYSELECT_PROVISION: u32 = 1;
pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2;
@ -469,6 +470,15 @@ extern "C" {
extern "C" {
pub fn vswprintf(arg1: *mut wchar_t, arg2: usize, arg3: *const wchar_t, arg4: *mut __va_list_tag) -> libc::c_int;
}
extern "C" {
pub fn wcstold(arg1: *const wchar_t, arg2: *mut *mut wchar_t) -> u128;
}
extern "C" {
pub fn wcstoll(arg1: *const wchar_t, arg2: *mut *mut wchar_t, arg3: libc::c_int) -> libc::c_longlong;
}
extern "C" {
pub fn wcstoull(arg1: *const wchar_t, arg2: *mut *mut wchar_t, arg3: libc::c_int) -> libc::c_ulonglong;
}
extern "C" {
pub fn wcswcs(arg1: *const wchar_t, arg2: *const wchar_t) -> *mut wchar_t;
}
@ -479,6 +489,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3;
pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4;
pub const SGX_ERROR_INVALID_STATE: _status_t = 5;
pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8;
pub const SGX_PTHREAD_EXIT: _status_t = 9;
pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10;
pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097;
pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099;
pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102;
@ -548,15 +560,9 @@ pub type sgx_enclave_id_t = u64;
extern "C" {
pub fn sgx_ocalloc(size: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn sgx_ocalloc_switchless(size: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn sgx_ocfree();
}
extern "C" {
pub fn sgx_ocfree_switchless();
}
extern "C" {
pub fn sgx_ecall(eid: sgx_enclave_id_t, index: libc::c_int, ocall_table: *const libc::c_void, ms: *mut libc::c_void) -> sgx_status_t;
}
@ -1265,6 +1271,166 @@ impl Default for _att_key_id_t {
}
}
pub type sgx_att_key_id_t = _att_key_id_t;
#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_ql_att_key_id_t {
#[doc = "< Structure ID"]
pub id: u16,
#[doc = "< Structure version"]
pub version: u16,
#[doc = "< Number of valid bytes in MRSIGNER."]
pub mrsigner_length: u16,
#[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."]
#[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"]
pub mrsigner: [u8; 48usize],
#[doc = "< Legacy Product ID of the QE"]
pub prod_id: u32,
#[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."]
pub extended_prod_id: [u8; 16usize],
#[doc = "< Config ID of the QE."]
pub config_id: [u8; 64usize],
#[doc = "< Family ID of the QE."]
pub family_id: [u8; 16usize],
#[doc = "< Identity of the attestation key algorithm."]
pub algorithm_id: u32,
}
#[test]
fn bindgen_test_layout__sgx_ql_att_key_id_t() {
assert_eq!(
::core::mem::size_of::<_sgx_ql_att_key_id_t>(),
158usize,
concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_ql_att_key_id_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize },
2usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize },
4usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(mrsigner_length)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize },
6usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize },
54usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize },
58usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(extended_prod_id)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize },
74usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize },
138usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize },
154usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(algorithm_id)
)
);
}
impl Default for _sgx_ql_att_key_id_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t;
#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_att_key_id_ext_t {
pub base: sgx_ql_att_key_id_t,
#[doc = "< Service Provider ID, should be 0s for ECDSA quote"]
pub spid: [u8; 16usize],
#[doc = "< For non-EPID quote, it should be 0"]
#[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"]
pub att_key_type: u16,
#[doc = "< It should have the same size of sgx_att_key_id_t"]
pub reserved: [u8; 80usize],
}
#[test]
fn bindgen_test_layout__sgx_att_key_id_ext_t() {
assert_eq!(
::core::mem::size_of::<_sgx_att_key_id_ext_t>(),
256usize,
concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_att_key_id_ext_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize },
158usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize },
174usize,
concat!(
"Offset of field: ",
stringify!(_sgx_att_key_id_ext_t),
"::",
stringify!(att_key_type)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize },
176usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved))
);
}
impl Default for _sgx_att_key_id_ext_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t;
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _qe_report_info_t {

27
enclave/patches/linux-sgx-rep-bcmp.patch Normal file
View File

@ -0,0 +1,27 @@
--- a/sdk/tlibc/string/bcmp.c 2022-06-14 19:34:27.000000000 -0600
+++ b/sdk/tlibc/string/bcmp.c 2019-11-11 22:55:35.000000000 -0700
@@ -31,13 +31,21 @@
#include <string.h>
-extern int _bcmp(const void *b1, const void *b2, size_t length);
/*
* bcmp -- vax cmpc3 instruction
*/
int
bcmp(const void *b1, const void *b2, size_t length)
{
- return _bcmp(b1, b2, length);
-}
+ char *p1, *p2;
+ if (length == 0)
+ return (0);
+ p1 = (char *)b1;
+ p2 = (char *)b2;
+ do
+ if (*p1++ != *p2++)
+ return (1);
+ while (--length);
+ return (0);
+}

8
enclave/sgx_enclave.mk
View File

@ -7,8 +7,11 @@ export USE_OPT_LIBS
## linux sdk
##
SGX_SDK_SOURCE_GIT_REV ?= d166ff0c808e2f78d37eebf1ab614d944437eea3
SGX_DCAP_SOURCE_GIT_REV ?= 1ac77919552d5409c28cc0cd8e88398851418ba6
# https://github.com/intel/linux-sgx/releases/tag/sgx_2.17
SGX_SDK_SOURCE_GIT_REV ?= effae6280234302a12169f89c561b96e54d80723
# https://github.com/intel/SGXDataCenterAttestationPrimitives/releases/tag/DCAP_1.14
SGX_DCAP_SOURCE_GIT_REV ?= 68a77a852cd911a44a97733aec870e9bd93a3b86
export SGX_SDK_SOURCE_DIR = $(builddir)/linux-sgx/linux-sgx-$(SGX_SDK_SOURCE_GIT_REV)
export SGX_SDK_SOURCE_INCLUDEDIR = $(SGX_SDK_SOURCE_DIR)/common/inc
@ -65,6 +68,7 @@ $(builddir)/linux-sgx/linux-sgx-$(SGX_SDK_SOURCE_GIT_REV):
| tar -xzf - -C $(builddir)/linux-sgx/unpack/
mv $(SGX_DCAP_SOURCE_UNPACK_DIR) $(SGX_SDK_SOURCE_UNPACK_DIR)/external/dcap_sources
patch -d $(SGX_SDK_SOURCE_UNPACK_DIR) -p 1 -T < $(patchdir)/linux-sgx-rep-stringops.patch
patch -d $(SGX_SDK_SOURCE_UNPACK_DIR) -p 1 -T < $(patchdir)/linux-sgx-rep-bcmp.patch
mv $(SGX_SDK_SOURCE_UNPACK_DIR) $@
##

525
enclave/sgx_ffi/src/bindgen_wrapper.rs
View File

@ -93,7 +93,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3;
pub const SGX_XFRM_AVX: u32 = 6;
pub const SGX_XFRM_AVX512: u32 = 230;
pub const SGX_XFRM_MPX: u32 = 24;
pub const SGX_XFRM_RESERVED: i32 = -232;
pub const SGX_XFRM_PKRU: u32 = 512;
pub const SGX_XFRM_RESERVED: i32 = -744;
pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0;
pub const SGX_KEYSELECT_PROVISION: u32 = 1;
pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2;
@ -122,6 +123,19 @@ pub const SGX_REPORT_BODY_RESERVED2_BYTES: u32 = 32;
pub const SGX_REPORT_BODY_RESERVED3_BYTES: u32 = 32;
pub const SGX_REPORT_BODY_RESERVED4_BYTES: u32 = 42;
pub const SGX_PLATFORM_INFO_SIZE: u32 = 101;
pub const TEE_HASH_384_SIZE: u32 = 48;
pub const TEE_MAC_SIZE: u32 = 32;
pub const SGX_REPORT2_DATA_SIZE: u32 = 64;
pub const TEE_CPU_SVN_SIZE: u32 = 16;
pub const SGX_LEGACY_REPORT_TYPE: u32 = 0;
pub const TEE_REPORT2_TYPE: u32 = 129;
pub const TEE_REPORT2_SUBTYPE: u32 = 0;
pub const TEE_REPORT2_VERSION: u32 = 0;
pub const SGX_REPORT2_MAC_STRUCT_RESERVED1_BYTES: u32 = 12;
pub const SGX_REPORT2_MAC_STRUCT_RESERVED2_BYTES: u32 = 32;
pub const TEE_TCB_INFO_SIZE: u32 = 239;
pub const SGX_REPORT2_RESERVED_BYTES: u32 = 17;
pub const TEE_INFO_SIZE: u32 = 512;
pub const EXIT_FAILURE: u32 = 1;
pub const EXIT_SUCCESS: u32 = 0;
pub const RAND_MAX: u32 = 2147483647;
@ -133,6 +147,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3;
pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4;
pub const SGX_ERROR_INVALID_STATE: _status_t = 5;
pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8;
pub const SGX_PTHREAD_EXIT: _status_t = 9;
pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10;
pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097;
pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099;
pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102;
@ -308,18 +324,6 @@ impl Default for __mbstate_t {
pub type __intmax_t = __int64_t;
pub type __uintmax_t = __uint64_t;
pub type wchar_t = libc::c_int;
extern "C" {
pub fn sgx_is_within_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int;
}
extern "C" {
pub fn sgx_is_outside_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int;
}
extern "C" {
pub fn sgx_is_enclave_crashed() -> libc::c_int;
}
extern "C" {
pub fn sgx_read_rand(rand: *mut libc::c_uchar, length_in_bytes: usize) -> sgx_status_t;
}
pub type int_least8_t = __int_least8_t;
pub type uint_least8_t = __uint_least8_t;
pub type int_least16_t = __int_least16_t;
@ -338,6 +342,24 @@ pub type int_fast64_t = __int_fast64_t;
pub type uint_fast64_t = __uint_fast64_t;
pub type intmax_t = __intmax_t;
pub type uintmax_t = __uintmax_t;
extern "C" {
pub fn sgx_is_within_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int;
}
extern "C" {
pub fn sgx_is_outside_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int;
}
extern "C" {
pub fn sgx_is_enclave_crashed() -> libc::c_int;
}
extern "C" {
pub fn sgx_read_rand(rand: *mut libc::c_uchar, length_in_bytes: usize) -> sgx_status_t;
}
extern "C" {
pub fn sgx_rdpkru(val: *mut u32) -> libc::c_int;
}
extern "C" {
pub fn sgx_wrpkru(val: u32) -> libc::c_int;
}
#[repr(C)]
#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
pub struct _attributes_t {
@ -1029,6 +1051,166 @@ impl Default for _att_key_id_t {
}
}
pub type sgx_att_key_id_t = _att_key_id_t;
#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_ql_att_key_id_t {
#[doc = "< Structure ID"]
pub id: u16,
#[doc = "< Structure version"]
pub version: u16,
#[doc = "< Number of valid bytes in MRSIGNER."]
pub mrsigner_length: u16,
#[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."]
#[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"]
pub mrsigner: [u8; 48usize],
#[doc = "< Legacy Product ID of the QE"]
pub prod_id: u32,
#[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."]
pub extended_prod_id: [u8; 16usize],
#[doc = "< Config ID of the QE."]
pub config_id: [u8; 64usize],
#[doc = "< Family ID of the QE."]
pub family_id: [u8; 16usize],
#[doc = "< Identity of the attestation key algorithm."]
pub algorithm_id: u32,
}
#[test]
fn bindgen_test_layout__sgx_ql_att_key_id_t() {
assert_eq!(
::core::mem::size_of::<_sgx_ql_att_key_id_t>(),
158usize,
concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_ql_att_key_id_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize },
2usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize },
4usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(mrsigner_length)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize },
6usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize },
54usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize },
58usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(extended_prod_id)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize },
74usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize },
138usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize },
154usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(algorithm_id)
)
);
}
impl Default for _sgx_ql_att_key_id_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t;
#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_att_key_id_ext_t {
pub base: sgx_ql_att_key_id_t,
#[doc = "< Service Provider ID, should be 0s for ECDSA quote"]
pub spid: [u8; 16usize],
#[doc = "< For non-EPID quote, it should be 0"]
#[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"]
pub att_key_type: u16,
#[doc = "< It should have the same size of sgx_att_key_id_t"]
pub reserved: [u8; 80usize],
}
#[test]
fn bindgen_test_layout__sgx_att_key_id_ext_t() {
assert_eq!(
::core::mem::size_of::<_sgx_att_key_id_ext_t>(),
256usize,
concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_att_key_id_ext_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize },
158usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize },
174usize,
concat!(
"Offset of field: ",
stringify!(_sgx_att_key_id_ext_t),
"::",
stringify!(att_key_type)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize },
176usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved))
);
}
impl Default for _sgx_att_key_id_ext_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t;
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _qe_report_info_t {
@ -1075,6 +1257,308 @@ impl Default for _qe_report_info_t {
}
}
pub type sgx_qe_report_info_t = _qe_report_info_t;
pub type tee_mac_t = [u8; 32usize];
#[repr(C)]
#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
pub struct _tee_cpu_svn_t {
pub svn: [u8; 16usize],
}
#[test]
fn bindgen_test_layout__tee_cpu_svn_t() {
assert_eq!(
::core::mem::size_of::<_tee_cpu_svn_t>(),
16usize,
concat!("Size of: ", stringify!(_tee_cpu_svn_t))
);
assert_eq!(
::core::mem::align_of::<_tee_cpu_svn_t>(),
1usize,
concat!("Alignment of ", stringify!(_tee_cpu_svn_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_cpu_svn_t>())).svn as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_tee_cpu_svn_t), "::", stringify!(svn))
);
}
pub type tee_cpu_svn_t = _tee_cpu_svn_t;
#[repr(C)]
#[derive(Copy, Clone)]
pub struct _tee_measurement_t {
pub m: [u8; 48usize],
}
#[test]
fn bindgen_test_layout__tee_measurement_t() {
assert_eq!(
::core::mem::size_of::<_tee_measurement_t>(),
48usize,
concat!("Size of: ", stringify!(_tee_measurement_t))
);
assert_eq!(
::core::mem::align_of::<_tee_measurement_t>(),
1usize,
concat!("Alignment of ", stringify!(_tee_measurement_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_measurement_t>())).m as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_tee_measurement_t), "::", stringify!(m))
);
}
impl Default for _tee_measurement_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type tee_measurement_t = _tee_measurement_t;
#[repr(C)]
#[derive(Copy, Clone)]
pub struct _tee_report_data_t {
pub d: [u8; 64usize],
}
#[test]
fn bindgen_test_layout__tee_report_data_t() {
assert_eq!(
::core::mem::size_of::<_tee_report_data_t>(),
64usize,
concat!("Size of: ", stringify!(_tee_report_data_t))
);
assert_eq!(
::core::mem::align_of::<_tee_report_data_t>(),
1usize,
concat!("Alignment of ", stringify!(_tee_report_data_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_report_data_t>())).d as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_tee_report_data_t), "::", stringify!(d))
);
}
impl Default for _tee_report_data_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type tee_report_data_t = _tee_report_data_t;
#[repr(C, packed)]
#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
pub struct _tee_attributes_t {
pub a: [u32; 2usize],
}
#[test]
fn bindgen_test_layout__tee_attributes_t() {
assert_eq!(
::core::mem::size_of::<_tee_attributes_t>(),
8usize,
concat!("Size of: ", stringify!(_tee_attributes_t))
);
assert_eq!(
::core::mem::align_of::<_tee_attributes_t>(),
1usize,
concat!("Alignment of ", stringify!(_tee_attributes_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_attributes_t>())).a as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_tee_attributes_t), "::", stringify!(a))
);
}
pub type tee_attributes_t = _tee_attributes_t;
#[repr(C)]
#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)]
pub struct _tee_report_type_t {
pub type_: u8,
pub subtype: u8,
pub version: u8,
pub reserved: u8,
}
#[test]
fn bindgen_test_layout__tee_report_type_t() {
assert_eq!(
::core::mem::size_of::<_tee_report_type_t>(),
4usize,
concat!("Size of: ", stringify!(_tee_report_type_t))
);
assert_eq!(
::core::mem::align_of::<_tee_report_type_t>(),
1usize,
concat!("Alignment of ", stringify!(_tee_report_type_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).type_ as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(type_))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).subtype as *const _ as usize },
1usize,
concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(subtype))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).version as *const _ as usize },
2usize,
concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(version))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).reserved as *const _ as usize },
3usize,
concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(reserved))
);
}
pub type tee_report_type_t = _tee_report_type_t;
#[repr(C)]
#[derive(Copy, Clone)]
pub struct _sgx_report2_mac_struct_t {
pub report_type: tee_report_type_t,
pub reserved1: [u8; 12usize],
pub cpu_svn: tee_cpu_svn_t,
pub tee_tcb_info_hash: tee_measurement_t,
pub tee_info_hash: tee_measurement_t,
pub report_data: tee_report_data_t,
pub reserved2: [u8; 32usize],
pub mac: tee_mac_t,
}
#[test]
fn bindgen_test_layout__sgx_report2_mac_struct_t() {
assert_eq!(
::core::mem::size_of::<_sgx_report2_mac_struct_t>(),
256usize,
concat!("Size of: ", stringify!(_sgx_report2_mac_struct_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_report2_mac_struct_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_report2_mac_struct_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).report_type as *const _ as usize },
0usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(report_type)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).reserved1 as *const _ as usize },
4usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(reserved1)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).cpu_svn as *const _ as usize },
16usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(cpu_svn)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).tee_tcb_info_hash as *const _ as usize },
32usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(tee_tcb_info_hash)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).tee_info_hash as *const _ as usize },
80usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(tee_info_hash)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).report_data as *const _ as usize },
128usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(report_data)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).reserved2 as *const _ as usize },
192usize,
concat!(
"Offset of field: ",
stringify!(_sgx_report2_mac_struct_t),
"::",
stringify!(reserved2)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).mac as *const _ as usize },
224usize,
concat!("Offset of field: ", stringify!(_sgx_report2_mac_struct_t), "::", stringify!(mac))
);
}
impl Default for _sgx_report2_mac_struct_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_report2_mac_struct_t = _sgx_report2_mac_struct_t;
#[repr(C)]
#[derive(Copy, Clone)]
pub struct _sgx_report2_t {
pub report_mac_struct: sgx_report2_mac_struct_t,
pub tee_tcb_info: [u8; 239usize],
pub reserved: [u8; 17usize],
pub tee_info: [u8; 512usize],
}
#[test]
fn bindgen_test_layout__sgx_report2_t() {
assert_eq!(
::core::mem::size_of::<_sgx_report2_t>(),
1024usize,
concat!("Size of: ", stringify!(_sgx_report2_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_report2_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_report2_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).report_mac_struct as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(report_mac_struct))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).tee_tcb_info as *const _ as usize },
256usize,
concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(tee_tcb_info))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).reserved as *const _ as usize },
495usize,
concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(reserved))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).tee_info as *const _ as usize },
512usize,
concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(tee_info))
);
}
impl Default for _sgx_report2_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_report2_t = _sgx_report2_t;
extern "C" {
pub fn sgx_create_report(
target_info: *const sgx_target_info_t,
@ -1091,6 +1575,9 @@ extern "C" {
extern "C" {
pub fn sgx_verify_report(report: *const sgx_report_t) -> sgx_status_t;
}
extern "C" {
pub fn sgx_verify_report2(report_mac_struct: *const sgx_report2_mac_struct_t) -> sgx_status_t;
}
extern "C" {
pub fn sgx_get_key(key_request: *const sgx_key_request_t, key: *mut sgx_key_128bit_t) -> sgx_status_t;
}
@ -1104,12 +1591,21 @@ extern "C" {
extern "C" {
pub fn memcpy(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memcpy_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memmove(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memmove_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memset(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memset_verw(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn strchr(arg1: *const libc::c_char, arg2: libc::c_int) -> *mut libc::c_char;
}
@ -1161,6 +1657,9 @@ extern "C" {
extern "C" {
pub fn memset_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t;
}
extern "C" {
pub fn memset_verw_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t;
}
extern "C" {
pub fn strndup(arg1: *const libc::c_char, arg2: usize) -> *mut libc::c_char;
}

177
enclave/sgxsd_ffi/src/bindgen_wrapper.rs
View File

@ -100,7 +100,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3;
pub const SGX_XFRM_AVX: u32 = 6;
pub const SGX_XFRM_AVX512: u32 = 230;
pub const SGX_XFRM_MPX: u32 = 24;
pub const SGX_XFRM_RESERVED: i32 = -232;
pub const SGX_XFRM_PKRU: u32 = 512;
pub const SGX_XFRM_RESERVED: i32 = -744;
pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0;
pub const SGX_KEYSELECT_PROVISION: u32 = 1;
pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2;
@ -172,6 +173,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3;
pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4;
pub const SGX_ERROR_INVALID_STATE: _status_t = 5;
pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8;
pub const SGX_PTHREAD_EXIT: _status_t = 9;
pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10;
pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097;
pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099;
pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102;
@ -1330,6 +1333,166 @@ impl Default for _att_key_id_t {
}
}
pub type sgx_att_key_id_t = _att_key_id_t;
#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_ql_att_key_id_t {
#[doc = "< Structure ID"]
pub id: u16,
#[doc = "< Structure version"]
pub version: u16,
#[doc = "< Number of valid bytes in MRSIGNER."]
pub mrsigner_length: u16,
#[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."]
#[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"]
pub mrsigner: [u8; 48usize],
#[doc = "< Legacy Product ID of the QE"]
pub prod_id: u32,
#[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."]
pub extended_prod_id: [u8; 16usize],
#[doc = "< Config ID of the QE."]
pub config_id: [u8; 64usize],
#[doc = "< Family ID of the QE."]
pub family_id: [u8; 16usize],
#[doc = "< Identity of the attestation key algorithm."]
pub algorithm_id: u32,
}
#[test]
fn bindgen_test_layout__sgx_ql_att_key_id_t() {
assert_eq!(
::core::mem::size_of::<_sgx_ql_att_key_id_t>(),
158usize,
concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_ql_att_key_id_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize },
2usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize },
4usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(mrsigner_length)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize },
6usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize },
54usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize },
58usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(extended_prod_id)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize },
74usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize },
138usize,
concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize },
154usize,
concat!(
"Offset of field: ",
stringify!(_sgx_ql_att_key_id_t),
"::",
stringify!(algorithm_id)
)
);
}
impl Default for _sgx_ql_att_key_id_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t;
#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"]
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _sgx_att_key_id_ext_t {
pub base: sgx_ql_att_key_id_t,
#[doc = "< Service Provider ID, should be 0s for ECDSA quote"]
pub spid: [u8; 16usize],
#[doc = "< For non-EPID quote, it should be 0"]
#[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"]
pub att_key_type: u16,
#[doc = "< It should have the same size of sgx_att_key_id_t"]
pub reserved: [u8; 80usize],
}
#[test]
fn bindgen_test_layout__sgx_att_key_id_ext_t() {
assert_eq!(
::core::mem::size_of::<_sgx_att_key_id_ext_t>(),
256usize,
concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
::core::mem::align_of::<_sgx_att_key_id_ext_t>(),
1usize,
concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize },
0usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize },
158usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid))
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize },
174usize,
concat!(
"Offset of field: ",
stringify!(_sgx_att_key_id_ext_t),
"::",
stringify!(att_key_type)
)
);
assert_eq!(
unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize },
176usize,
concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved))
);
}
impl Default for _sgx_att_key_id_ext_t {
fn default() -> Self {
unsafe { ::core::mem::zeroed() }
}
}
pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t;
#[repr(C, packed)]
#[derive(Copy, Clone)]
pub struct _qe_report_info_t {
@ -2143,12 +2306,21 @@ extern "C" {
extern "C" {
pub fn memcpy(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memcpy_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memmove(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memmove_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memset(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn memset_verw(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void;
}
extern "C" {
pub fn strchr(arg1: *const libc::c_char, arg2: libc::c_int) -> *mut libc::c_char;
}
@ -2200,6 +2372,9 @@ extern "C" {
extern "C" {
pub fn memset_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t;
}
extern "C" {
pub fn memset_verw_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t;
}
extern "C" {
pub fn strndup(arg1: *const libc::c_char, arg2: usize) -> *mut libc::c_char;
}

33
service/docker/Dockerfile
View File

@ -2,23 +2,24 @@ FROM ubuntu:bionic
COPY linux-sgx.gpg /tmp/docker/
RUN apt-get update \
&& apt-get install -y --no-install-recommends \
apt-transport-https \
build-essential \
curl \
gpg-agent \
libseccomp2 \
libseccomp-dev \
libssl-dev \
pkg-config \
protobuf-compiler \
software-properties-common \
RUN apt update \
&& apt install -y --no-install-recommends \
apt-transport-https \
build-essential \
curl \
gpg-agent \
libseccomp2 \
libseccomp-dev \
libssl-dev \
pkg-config \
protobuf-compiler \
software-properties-common \
&& apt-key add /tmp/docker/linux-sgx.gpg \
&& apt-add-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" \
&& apt-get install -y --download-only libsgx-enclave-common=2.7.101.3-bionic1 libsgx-enclave-common-dev=2.7.101.3-bionic1 \
&& dpkg --unpack /var/cache/apt/archives/libsgx-enclave-common_*.deb \
&& dpkg --install --ignore-depends=libsgx-enclave-common /var/cache/apt/archives/libsgx-enclave-common-dev_*.deb \
&& apt install -y \
libsgx-enclave-common-dev=2.17.100.3-bionic1 \
libsgx-uae-service=2.17.100.3-bionic1 \
libsgx-urts=2.17.100.3-bionic1 \
&& rm -rf /var/lib/apt/lists/*
ARG UID=0
@ -46,7 +47,7 @@ RUN curl -f https://static.rust-lang.org/rustup/archive/1.20.2/x86_64-unknown
&& /tmp/rustup-init -y --profile minimal --component rustfmt --default-toolchain "${TOOLCHAIN}" \
&& rm -rf /tmp/rustup-init /tmp/docker
ARG SGX_SDK_VERSION=2.7.1
ARG SGX_SDK_VERSION=2.17
COPY linux-sgx.tar.gz.sha256 /tmp/docker/

2
service/docker/linux-sgx.tar.gz.sha256
View File

@ -1 +1 @@
68d26293c8ea1c80266e1d897824d5fae021e6d988437ec8b6561a15352af789 linux-sgx.tar.gz
36143fc805cde77ec43e279e676cae6c31313b1760a03984e48b51cf4f1bea5b linux-sgx.tar.gz