From ff9219a8d608fe46870604132eb25f0d7d68ee83 Mon Sep 17 00:00:00 2001 From: Jon Chambers Date: Fri, 17 Jun 2022 10:10:35 -0400 Subject: [PATCH] Update the Intel SGX SDK (libsgx-enclave-common) to 2.17.100.3 and DCAP to 1.14 --- README.md | 10 +- .../kbupd_enclave/src/ffi/bindgen_wrapper.rs | 180 +++++- enclave/patches/linux-sgx-rep-bcmp.patch | 27 + enclave/sgx_enclave.mk | 8 +- enclave/sgx_ffi/src/bindgen_wrapper.rs | 525 +++++++++++++++++- enclave/sgxsd_ffi/src/bindgen_wrapper.rs | 177 +++++- service/docker/Dockerfile | 33 +- service/docker/linux-sgx.tar.gz.sha256 | 2 +- 8 files changed, 917 insertions(+), 45 deletions(-) create mode 100644 enclave/patches/linux-sgx-rep-bcmp.patch diff --git a/README.md b/README.md index dd4d471..eff2fd4 100644 --- a/README.md +++ b/README.md @@ -51,7 +51,7 @@ production, provide the Intel-whitelisted signing key as - git - devscripts/debhelper/fakeroot - rust 1.37.0 toolchain from rustup -- [Intel SGX SDK v2.7.1 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.7.1) build dependencies +- [Intel SGX SDK v2.17 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.17) build dependencies ````` $ make -C /enclave debuild install @@ -64,7 +64,7 @@ Builds](https://wiki.debian.org/ReproducibleBuilds) project. While building a de package, `debuild` will record the names and versions of all detected build dependencies into a *.buildinfo file, for future reproducibility debugging. -The `debuild` target also builds parts needed from the Intel SGX SDK v2.7.1 after cloning it +The `debuild` target also builds parts needed from the Intel SGX SDK v2.17 after cloning it from github. The `install` target copies the enclave to `service/kbupd/res/enclave/`, which should @@ -92,7 +92,7 @@ Docker](#building-reproducibly-with-docker) to produce a release-mode enclave. - clang - git - rust 1.37.0 toolchain from rustup -- [Intel SGX SDK v2.7.1 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.7.1) build dependencies +- [Intel SGX SDK v2.17 SDK](https://github.com/intel/linux-sgx/tree/sgx_2.17) build dependencies ````` $ make -C /enclave all install @@ -136,8 +136,8 @@ $ make -C /service all ## Running the service ### Runtime requirements: -- libsgx-enclave-common >= 2.7.101 [from source](https://github.com/intel/linux-sgx/tree/master#install-the-intelr-sgx-psw) or [prebuilt](https://download.01.org/intel-sgx/sgx_repo/ubuntu/pool/main/libs/libsgx-enclave-common/) -- linux-sgx-driver >= 2.6.0 [from source](https://github.com/intel/linux-sgx-driver) or [prebuilt](https://download.01.org/intel-sgx/sgx-linux/2.7.1/distro/ubuntu18.04-server/) +- libsgx-enclave-common >= 2.17.100.3 [from source](https://github.com/intel/linux-sgx/tree/master#install-the-intelr-sgx-psw) or [prebuilt](https://download.01.org/intel-sgx/sgx_repo/ubuntu/pool/main/libs/libsgx-enclave-common/) +- linux-sgx-driver >= 2.17 [from source](https://github.com/intel/linux-sgx-driver) or [prebuilt](https://download.01.org/intel-sgx/sgx-linux/2.17/distro/ubuntu18.04-server/) - libssl1.1 (OpenSSL) - libseccomp2 - libprotobuf10 diff --git a/enclave/kbupd_enclave/src/ffi/bindgen_wrapper.rs b/enclave/kbupd_enclave/src/ffi/bindgen_wrapper.rs index ea518a5..3e5d47c 100644 --- a/enclave/kbupd_enclave/src/ffi/bindgen_wrapper.rs +++ b/enclave/kbupd_enclave/src/ffi/bindgen_wrapper.rs @@ -96,7 +96,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3; pub const SGX_XFRM_AVX: u32 = 6; pub const SGX_XFRM_AVX512: u32 = 230; pub const SGX_XFRM_MPX: u32 = 24; -pub const SGX_XFRM_RESERVED: i32 = -232; +pub const SGX_XFRM_PKRU: u32 = 512; +pub const SGX_XFRM_RESERVED: i32 = -744; pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0; pub const SGX_KEYSELECT_PROVISION: u32 = 1; pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2; @@ -469,6 +470,15 @@ extern "C" { extern "C" { pub fn vswprintf(arg1: *mut wchar_t, arg2: usize, arg3: *const wchar_t, arg4: *mut __va_list_tag) -> libc::c_int; } +extern "C" { + pub fn wcstold(arg1: *const wchar_t, arg2: *mut *mut wchar_t) -> u128; +} +extern "C" { + pub fn wcstoll(arg1: *const wchar_t, arg2: *mut *mut wchar_t, arg3: libc::c_int) -> libc::c_longlong; +} +extern "C" { + pub fn wcstoull(arg1: *const wchar_t, arg2: *mut *mut wchar_t, arg3: libc::c_int) -> libc::c_ulonglong; +} extern "C" { pub fn wcswcs(arg1: *const wchar_t, arg2: *const wchar_t) -> *mut wchar_t; } @@ -479,6 +489,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3; pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4; pub const SGX_ERROR_INVALID_STATE: _status_t = 5; pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8; +pub const SGX_PTHREAD_EXIT: _status_t = 9; +pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10; pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097; pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099; pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102; @@ -548,15 +560,9 @@ pub type sgx_enclave_id_t = u64; extern "C" { pub fn sgx_ocalloc(size: usize) -> *mut libc::c_void; } -extern "C" { - pub fn sgx_ocalloc_switchless(size: usize) -> *mut libc::c_void; -} extern "C" { pub fn sgx_ocfree(); } -extern "C" { - pub fn sgx_ocfree_switchless(); -} extern "C" { pub fn sgx_ecall(eid: sgx_enclave_id_t, index: libc::c_int, ocall_table: *const libc::c_void, ms: *mut libc::c_void) -> sgx_status_t; } @@ -1265,6 +1271,166 @@ impl Default for _att_key_id_t { } } pub type sgx_att_key_id_t = _att_key_id_t; +#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_ql_att_key_id_t { + #[doc = "< Structure ID"] + pub id: u16, + #[doc = "< Structure version"] + pub version: u16, + #[doc = "< Number of valid bytes in MRSIGNER."] + pub mrsigner_length: u16, + #[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."] + #[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"] + pub mrsigner: [u8; 48usize], + #[doc = "< Legacy Product ID of the QE"] + pub prod_id: u32, + #[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."] + pub extended_prod_id: [u8; 16usize], + #[doc = "< Config ID of the QE."] + pub config_id: [u8; 64usize], + #[doc = "< Family ID of the QE."] + pub family_id: [u8; 16usize], + #[doc = "< Identity of the attestation key algorithm."] + pub algorithm_id: u32, +} +#[test] +fn bindgen_test_layout__sgx_ql_att_key_id_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_ql_att_key_id_t>(), + 158usize, + concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_ql_att_key_id_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize }, + 2usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(mrsigner_length) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize }, + 6usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize }, + 54usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize }, + 58usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(extended_prod_id) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize }, + 74usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize }, + 138usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize }, + 154usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(algorithm_id) + ) + ); +} +impl Default for _sgx_ql_att_key_id_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t; +#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_att_key_id_ext_t { + pub base: sgx_ql_att_key_id_t, + #[doc = "< Service Provider ID, should be 0s for ECDSA quote"] + pub spid: [u8; 16usize], + #[doc = "< For non-EPID quote, it should be 0"] + #[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"] + pub att_key_type: u16, + #[doc = "< It should have the same size of sgx_att_key_id_t"] + pub reserved: [u8; 80usize], +} +#[test] +fn bindgen_test_layout__sgx_att_key_id_ext_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_att_key_id_ext_t>(), + 256usize, + concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_att_key_id_ext_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize }, + 158usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize }, + 174usize, + concat!( + "Offset of field: ", + stringify!(_sgx_att_key_id_ext_t), + "::", + stringify!(att_key_type) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize }, + 176usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved)) + ); +} +impl Default for _sgx_att_key_id_ext_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t; #[repr(C, packed)] #[derive(Copy, Clone)] pub struct _qe_report_info_t { diff --git a/enclave/patches/linux-sgx-rep-bcmp.patch b/enclave/patches/linux-sgx-rep-bcmp.patch new file mode 100644 index 0000000..79a4de4 --- /dev/null +++ b/enclave/patches/linux-sgx-rep-bcmp.patch @@ -0,0 +1,27 @@ +--- a/sdk/tlibc/string/bcmp.c 2022-06-14 19:34:27.000000000 -0600 ++++ b/sdk/tlibc/string/bcmp.c 2019-11-11 22:55:35.000000000 -0700 +@@ -31,13 +31,21 @@ + + #include + +-extern int _bcmp(const void *b1, const void *b2, size_t length); + /* + * bcmp -- vax cmpc3 instruction + */ + int + bcmp(const void *b1, const void *b2, size_t length) + { +- return _bcmp(b1, b2, length); +-} ++ char *p1, *p2; + ++ if (length == 0) ++ return (0); ++ p1 = (char *)b1; ++ p2 = (char *)b2; ++ do ++ if (*p1++ != *p2++) ++ return (1); ++ while (--length); ++ return (0); ++} diff --git a/enclave/sgx_enclave.mk b/enclave/sgx_enclave.mk index fa37367..55b1134 100644 --- a/enclave/sgx_enclave.mk +++ b/enclave/sgx_enclave.mk @@ -7,8 +7,11 @@ export USE_OPT_LIBS ## linux sdk ## -SGX_SDK_SOURCE_GIT_REV ?= d166ff0c808e2f78d37eebf1ab614d944437eea3 -SGX_DCAP_SOURCE_GIT_REV ?= 1ac77919552d5409c28cc0cd8e88398851418ba6 +# https://github.com/intel/linux-sgx/releases/tag/sgx_2.17 +SGX_SDK_SOURCE_GIT_REV ?= effae6280234302a12169f89c561b96e54d80723 + +# https://github.com/intel/SGXDataCenterAttestationPrimitives/releases/tag/DCAP_1.14 +SGX_DCAP_SOURCE_GIT_REV ?= 68a77a852cd911a44a97733aec870e9bd93a3b86 export SGX_SDK_SOURCE_DIR = $(builddir)/linux-sgx/linux-sgx-$(SGX_SDK_SOURCE_GIT_REV) export SGX_SDK_SOURCE_INCLUDEDIR = $(SGX_SDK_SOURCE_DIR)/common/inc @@ -65,6 +68,7 @@ $(builddir)/linux-sgx/linux-sgx-$(SGX_SDK_SOURCE_GIT_REV): | tar -xzf - -C $(builddir)/linux-sgx/unpack/ mv $(SGX_DCAP_SOURCE_UNPACK_DIR) $(SGX_SDK_SOURCE_UNPACK_DIR)/external/dcap_sources patch -d $(SGX_SDK_SOURCE_UNPACK_DIR) -p 1 -T < $(patchdir)/linux-sgx-rep-stringops.patch + patch -d $(SGX_SDK_SOURCE_UNPACK_DIR) -p 1 -T < $(patchdir)/linux-sgx-rep-bcmp.patch mv $(SGX_SDK_SOURCE_UNPACK_DIR) $@ ## diff --git a/enclave/sgx_ffi/src/bindgen_wrapper.rs b/enclave/sgx_ffi/src/bindgen_wrapper.rs index 8ed753b..bd6dc0c 100644 --- a/enclave/sgx_ffi/src/bindgen_wrapper.rs +++ b/enclave/sgx_ffi/src/bindgen_wrapper.rs @@ -93,7 +93,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3; pub const SGX_XFRM_AVX: u32 = 6; pub const SGX_XFRM_AVX512: u32 = 230; pub const SGX_XFRM_MPX: u32 = 24; -pub const SGX_XFRM_RESERVED: i32 = -232; +pub const SGX_XFRM_PKRU: u32 = 512; +pub const SGX_XFRM_RESERVED: i32 = -744; pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0; pub const SGX_KEYSELECT_PROVISION: u32 = 1; pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2; @@ -122,6 +123,19 @@ pub const SGX_REPORT_BODY_RESERVED2_BYTES: u32 = 32; pub const SGX_REPORT_BODY_RESERVED3_BYTES: u32 = 32; pub const SGX_REPORT_BODY_RESERVED4_BYTES: u32 = 42; pub const SGX_PLATFORM_INFO_SIZE: u32 = 101; +pub const TEE_HASH_384_SIZE: u32 = 48; +pub const TEE_MAC_SIZE: u32 = 32; +pub const SGX_REPORT2_DATA_SIZE: u32 = 64; +pub const TEE_CPU_SVN_SIZE: u32 = 16; +pub const SGX_LEGACY_REPORT_TYPE: u32 = 0; +pub const TEE_REPORT2_TYPE: u32 = 129; +pub const TEE_REPORT2_SUBTYPE: u32 = 0; +pub const TEE_REPORT2_VERSION: u32 = 0; +pub const SGX_REPORT2_MAC_STRUCT_RESERVED1_BYTES: u32 = 12; +pub const SGX_REPORT2_MAC_STRUCT_RESERVED2_BYTES: u32 = 32; +pub const TEE_TCB_INFO_SIZE: u32 = 239; +pub const SGX_REPORT2_RESERVED_BYTES: u32 = 17; +pub const TEE_INFO_SIZE: u32 = 512; pub const EXIT_FAILURE: u32 = 1; pub const EXIT_SUCCESS: u32 = 0; pub const RAND_MAX: u32 = 2147483647; @@ -133,6 +147,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3; pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4; pub const SGX_ERROR_INVALID_STATE: _status_t = 5; pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8; +pub const SGX_PTHREAD_EXIT: _status_t = 9; +pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10; pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097; pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099; pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102; @@ -308,18 +324,6 @@ impl Default for __mbstate_t { pub type __intmax_t = __int64_t; pub type __uintmax_t = __uint64_t; pub type wchar_t = libc::c_int; -extern "C" { - pub fn sgx_is_within_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int; -} -extern "C" { - pub fn sgx_is_outside_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int; -} -extern "C" { - pub fn sgx_is_enclave_crashed() -> libc::c_int; -} -extern "C" { - pub fn sgx_read_rand(rand: *mut libc::c_uchar, length_in_bytes: usize) -> sgx_status_t; -} pub type int_least8_t = __int_least8_t; pub type uint_least8_t = __uint_least8_t; pub type int_least16_t = __int_least16_t; @@ -338,6 +342,24 @@ pub type int_fast64_t = __int_fast64_t; pub type uint_fast64_t = __uint_fast64_t; pub type intmax_t = __intmax_t; pub type uintmax_t = __uintmax_t; +extern "C" { + pub fn sgx_is_within_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int; +} +extern "C" { + pub fn sgx_is_outside_enclave(addr: *const libc::c_void, size: usize) -> libc::c_int; +} +extern "C" { + pub fn sgx_is_enclave_crashed() -> libc::c_int; +} +extern "C" { + pub fn sgx_read_rand(rand: *mut libc::c_uchar, length_in_bytes: usize) -> sgx_status_t; +} +extern "C" { + pub fn sgx_rdpkru(val: *mut u32) -> libc::c_int; +} +extern "C" { + pub fn sgx_wrpkru(val: u32) -> libc::c_int; +} #[repr(C)] #[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] pub struct _attributes_t { @@ -1029,6 +1051,166 @@ impl Default for _att_key_id_t { } } pub type sgx_att_key_id_t = _att_key_id_t; +#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_ql_att_key_id_t { + #[doc = "< Structure ID"] + pub id: u16, + #[doc = "< Structure version"] + pub version: u16, + #[doc = "< Number of valid bytes in MRSIGNER."] + pub mrsigner_length: u16, + #[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."] + #[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"] + pub mrsigner: [u8; 48usize], + #[doc = "< Legacy Product ID of the QE"] + pub prod_id: u32, + #[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."] + pub extended_prod_id: [u8; 16usize], + #[doc = "< Config ID of the QE."] + pub config_id: [u8; 64usize], + #[doc = "< Family ID of the QE."] + pub family_id: [u8; 16usize], + #[doc = "< Identity of the attestation key algorithm."] + pub algorithm_id: u32, +} +#[test] +fn bindgen_test_layout__sgx_ql_att_key_id_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_ql_att_key_id_t>(), + 158usize, + concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_ql_att_key_id_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize }, + 2usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(mrsigner_length) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize }, + 6usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize }, + 54usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize }, + 58usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(extended_prod_id) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize }, + 74usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize }, + 138usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize }, + 154usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(algorithm_id) + ) + ); +} +impl Default for _sgx_ql_att_key_id_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t; +#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_att_key_id_ext_t { + pub base: sgx_ql_att_key_id_t, + #[doc = "< Service Provider ID, should be 0s for ECDSA quote"] + pub spid: [u8; 16usize], + #[doc = "< For non-EPID quote, it should be 0"] + #[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"] + pub att_key_type: u16, + #[doc = "< It should have the same size of sgx_att_key_id_t"] + pub reserved: [u8; 80usize], +} +#[test] +fn bindgen_test_layout__sgx_att_key_id_ext_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_att_key_id_ext_t>(), + 256usize, + concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_att_key_id_ext_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize }, + 158usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize }, + 174usize, + concat!( + "Offset of field: ", + stringify!(_sgx_att_key_id_ext_t), + "::", + stringify!(att_key_type) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize }, + 176usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved)) + ); +} +impl Default for _sgx_att_key_id_ext_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t; #[repr(C, packed)] #[derive(Copy, Clone)] pub struct _qe_report_info_t { @@ -1075,6 +1257,308 @@ impl Default for _qe_report_info_t { } } pub type sgx_qe_report_info_t = _qe_report_info_t; +pub type tee_mac_t = [u8; 32usize]; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] +pub struct _tee_cpu_svn_t { + pub svn: [u8; 16usize], +} +#[test] +fn bindgen_test_layout__tee_cpu_svn_t() { + assert_eq!( + ::core::mem::size_of::<_tee_cpu_svn_t>(), + 16usize, + concat!("Size of: ", stringify!(_tee_cpu_svn_t)) + ); + assert_eq!( + ::core::mem::align_of::<_tee_cpu_svn_t>(), + 1usize, + concat!("Alignment of ", stringify!(_tee_cpu_svn_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_cpu_svn_t>())).svn as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_tee_cpu_svn_t), "::", stringify!(svn)) + ); +} +pub type tee_cpu_svn_t = _tee_cpu_svn_t; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _tee_measurement_t { + pub m: [u8; 48usize], +} +#[test] +fn bindgen_test_layout__tee_measurement_t() { + assert_eq!( + ::core::mem::size_of::<_tee_measurement_t>(), + 48usize, + concat!("Size of: ", stringify!(_tee_measurement_t)) + ); + assert_eq!( + ::core::mem::align_of::<_tee_measurement_t>(), + 1usize, + concat!("Alignment of ", stringify!(_tee_measurement_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_measurement_t>())).m as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_tee_measurement_t), "::", stringify!(m)) + ); +} +impl Default for _tee_measurement_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type tee_measurement_t = _tee_measurement_t; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _tee_report_data_t { + pub d: [u8; 64usize], +} +#[test] +fn bindgen_test_layout__tee_report_data_t() { + assert_eq!( + ::core::mem::size_of::<_tee_report_data_t>(), + 64usize, + concat!("Size of: ", stringify!(_tee_report_data_t)) + ); + assert_eq!( + ::core::mem::align_of::<_tee_report_data_t>(), + 1usize, + concat!("Alignment of ", stringify!(_tee_report_data_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_report_data_t>())).d as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_tee_report_data_t), "::", stringify!(d)) + ); +} +impl Default for _tee_report_data_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type tee_report_data_t = _tee_report_data_t; +#[repr(C, packed)] +#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] +pub struct _tee_attributes_t { + pub a: [u32; 2usize], +} +#[test] +fn bindgen_test_layout__tee_attributes_t() { + assert_eq!( + ::core::mem::size_of::<_tee_attributes_t>(), + 8usize, + concat!("Size of: ", stringify!(_tee_attributes_t)) + ); + assert_eq!( + ::core::mem::align_of::<_tee_attributes_t>(), + 1usize, + concat!("Alignment of ", stringify!(_tee_attributes_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_attributes_t>())).a as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_tee_attributes_t), "::", stringify!(a)) + ); +} +pub type tee_attributes_t = _tee_attributes_t; +#[repr(C)] +#[derive(Debug, Default, Copy, Clone, PartialEq, Eq)] +pub struct _tee_report_type_t { + pub type_: u8, + pub subtype: u8, + pub version: u8, + pub reserved: u8, +} +#[test] +fn bindgen_test_layout__tee_report_type_t() { + assert_eq!( + ::core::mem::size_of::<_tee_report_type_t>(), + 4usize, + concat!("Size of: ", stringify!(_tee_report_type_t)) + ); + assert_eq!( + ::core::mem::align_of::<_tee_report_type_t>(), + 1usize, + concat!("Alignment of ", stringify!(_tee_report_type_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).type_ as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(type_)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).subtype as *const _ as usize }, + 1usize, + concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(subtype)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).version as *const _ as usize }, + 2usize, + concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(version)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_tee_report_type_t>())).reserved as *const _ as usize }, + 3usize, + concat!("Offset of field: ", stringify!(_tee_report_type_t), "::", stringify!(reserved)) + ); +} +pub type tee_report_type_t = _tee_report_type_t; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _sgx_report2_mac_struct_t { + pub report_type: tee_report_type_t, + pub reserved1: [u8; 12usize], + pub cpu_svn: tee_cpu_svn_t, + pub tee_tcb_info_hash: tee_measurement_t, + pub tee_info_hash: tee_measurement_t, + pub report_data: tee_report_data_t, + pub reserved2: [u8; 32usize], + pub mac: tee_mac_t, +} +#[test] +fn bindgen_test_layout__sgx_report2_mac_struct_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_report2_mac_struct_t>(), + 256usize, + concat!("Size of: ", stringify!(_sgx_report2_mac_struct_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_report2_mac_struct_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_report2_mac_struct_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).report_type as *const _ as usize }, + 0usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(report_type) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).reserved1 as *const _ as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(reserved1) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).cpu_svn as *const _ as usize }, + 16usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(cpu_svn) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).tee_tcb_info_hash as *const _ as usize }, + 32usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(tee_tcb_info_hash) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).tee_info_hash as *const _ as usize }, + 80usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(tee_info_hash) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).report_data as *const _ as usize }, + 128usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(report_data) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).reserved2 as *const _ as usize }, + 192usize, + concat!( + "Offset of field: ", + stringify!(_sgx_report2_mac_struct_t), + "::", + stringify!(reserved2) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_mac_struct_t>())).mac as *const _ as usize }, + 224usize, + concat!("Offset of field: ", stringify!(_sgx_report2_mac_struct_t), "::", stringify!(mac)) + ); +} +impl Default for _sgx_report2_mac_struct_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_report2_mac_struct_t = _sgx_report2_mac_struct_t; +#[repr(C)] +#[derive(Copy, Clone)] +pub struct _sgx_report2_t { + pub report_mac_struct: sgx_report2_mac_struct_t, + pub tee_tcb_info: [u8; 239usize], + pub reserved: [u8; 17usize], + pub tee_info: [u8; 512usize], +} +#[test] +fn bindgen_test_layout__sgx_report2_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_report2_t>(), + 1024usize, + concat!("Size of: ", stringify!(_sgx_report2_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_report2_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_report2_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).report_mac_struct as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(report_mac_struct)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).tee_tcb_info as *const _ as usize }, + 256usize, + concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(tee_tcb_info)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).reserved as *const _ as usize }, + 495usize, + concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(reserved)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_report2_t>())).tee_info as *const _ as usize }, + 512usize, + concat!("Offset of field: ", stringify!(_sgx_report2_t), "::", stringify!(tee_info)) + ); +} +impl Default for _sgx_report2_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_report2_t = _sgx_report2_t; extern "C" { pub fn sgx_create_report( target_info: *const sgx_target_info_t, @@ -1091,6 +1575,9 @@ extern "C" { extern "C" { pub fn sgx_verify_report(report: *const sgx_report_t) -> sgx_status_t; } +extern "C" { + pub fn sgx_verify_report2(report_mac_struct: *const sgx_report2_mac_struct_t) -> sgx_status_t; +} extern "C" { pub fn sgx_get_key(key_request: *const sgx_key_request_t, key: *mut sgx_key_128bit_t) -> sgx_status_t; } @@ -1104,12 +1591,21 @@ extern "C" { extern "C" { pub fn memcpy(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memcpy_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn memmove(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memmove_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn memset(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memset_verw(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn strchr(arg1: *const libc::c_char, arg2: libc::c_int) -> *mut libc::c_char; } @@ -1161,6 +1657,9 @@ extern "C" { extern "C" { pub fn memset_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t; } +extern "C" { + pub fn memset_verw_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t; +} extern "C" { pub fn strndup(arg1: *const libc::c_char, arg2: usize) -> *mut libc::c_char; } diff --git a/enclave/sgxsd_ffi/src/bindgen_wrapper.rs b/enclave/sgxsd_ffi/src/bindgen_wrapper.rs index 3a956de..267b63b 100644 --- a/enclave/sgxsd_ffi/src/bindgen_wrapper.rs +++ b/enclave/sgxsd_ffi/src/bindgen_wrapper.rs @@ -100,7 +100,8 @@ pub const SGX_XFRM_LEGACY: u32 = 3; pub const SGX_XFRM_AVX: u32 = 6; pub const SGX_XFRM_AVX512: u32 = 230; pub const SGX_XFRM_MPX: u32 = 24; -pub const SGX_XFRM_RESERVED: i32 = -232; +pub const SGX_XFRM_PKRU: u32 = 512; +pub const SGX_XFRM_RESERVED: i32 = -744; pub const SGX_KEYSELECT_EINITTOKEN: u32 = 0; pub const SGX_KEYSELECT_PROVISION: u32 = 1; pub const SGX_KEYSELECT_PROVISION_SEAL: u32 = 2; @@ -172,6 +173,8 @@ pub const SGX_ERROR_OUT_OF_MEMORY: _status_t = 3; pub const SGX_ERROR_ENCLAVE_LOST: _status_t = 4; pub const SGX_ERROR_INVALID_STATE: _status_t = 5; pub const SGX_ERROR_FEATURE_NOT_SUPPORTED: _status_t = 8; +pub const SGX_PTHREAD_EXIT: _status_t = 9; +pub const SGX_ERROR_MEMORY_MAP_FAILURE: _status_t = 10; pub const SGX_ERROR_INVALID_FUNCTION: _status_t = 4097; pub const SGX_ERROR_OUT_OF_TCS: _status_t = 4099; pub const SGX_ERROR_ENCLAVE_CRASHED: _status_t = 4102; @@ -1330,6 +1333,166 @@ impl Default for _att_key_id_t { } } pub type sgx_att_key_id_t = _att_key_id_t; +#[doc = " Describes a single attestation key. Contains both QE identity and the attestation algorithm ID."] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_ql_att_key_id_t { + #[doc = "< Structure ID"] + pub id: u16, + #[doc = "< Structure version"] + pub version: u16, + #[doc = "< Number of valid bytes in MRSIGNER."] + pub mrsigner_length: u16, + #[doc = "< SHA256 or SHA384 hash of the Public key that signed the QE."] + #[doc = "< The lower bytes contain MRSIGNER. Bytes beyond mrsigner_length '0'"] + pub mrsigner: [u8; 48usize], + #[doc = "< Legacy Product ID of the QE"] + pub prod_id: u32, + #[doc = "< Extended Product ID or the QE. All 0's for legacy format enclaves."] + pub extended_prod_id: [u8; 16usize], + #[doc = "< Config ID of the QE."] + pub config_id: [u8; 64usize], + #[doc = "< Family ID of the QE."] + pub family_id: [u8; 16usize], + #[doc = "< Identity of the attestation key algorithm."] + pub algorithm_id: u32, +} +#[test] +fn bindgen_test_layout__sgx_ql_att_key_id_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_ql_att_key_id_t>(), + 158usize, + concat!("Size of: ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_ql_att_key_id_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_ql_att_key_id_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).id as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).version as *const _ as usize }, + 2usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(version)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner_length as *const _ as usize }, + 4usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(mrsigner_length) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).mrsigner as *const _ as usize }, + 6usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(mrsigner)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).prod_id as *const _ as usize }, + 54usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(prod_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).extended_prod_id as *const _ as usize }, + 58usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(extended_prod_id) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).config_id as *const _ as usize }, + 74usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(config_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).family_id as *const _ as usize }, + 138usize, + concat!("Offset of field: ", stringify!(_sgx_ql_att_key_id_t), "::", stringify!(family_id)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_ql_att_key_id_t>())).algorithm_id as *const _ as usize }, + 154usize, + concat!( + "Offset of field: ", + stringify!(_sgx_ql_att_key_id_t), + "::", + stringify!(algorithm_id) + ) + ); +} +impl Default for _sgx_ql_att_key_id_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_ql_att_key_id_t = _sgx_ql_att_key_id_t; +#[doc = " Describes an extended attestation key. Contains sgx_ql_att_key_id_t, spid and quote_type"] +#[repr(C, packed)] +#[derive(Copy, Clone)] +pub struct _sgx_att_key_id_ext_t { + pub base: sgx_ql_att_key_id_t, + #[doc = "< Service Provider ID, should be 0s for ECDSA quote"] + pub spid: [u8; 16usize], + #[doc = "< For non-EPID quote, it should be 0"] + #[doc = "< For EPID quote, it equals to sgx_quote_sign_type_t"] + pub att_key_type: u16, + #[doc = "< It should have the same size of sgx_att_key_id_t"] + pub reserved: [u8; 80usize], +} +#[test] +fn bindgen_test_layout__sgx_att_key_id_ext_t() { + assert_eq!( + ::core::mem::size_of::<_sgx_att_key_id_ext_t>(), + 256usize, + concat!("Size of: ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + ::core::mem::align_of::<_sgx_att_key_id_ext_t>(), + 1usize, + concat!("Alignment of ", stringify!(_sgx_att_key_id_ext_t)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).base as *const _ as usize }, + 0usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(base)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).spid as *const _ as usize }, + 158usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(spid)) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).att_key_type as *const _ as usize }, + 174usize, + concat!( + "Offset of field: ", + stringify!(_sgx_att_key_id_ext_t), + "::", + stringify!(att_key_type) + ) + ); + assert_eq!( + unsafe { &(*(::core::ptr::null::<_sgx_att_key_id_ext_t>())).reserved as *const _ as usize }, + 176usize, + concat!("Offset of field: ", stringify!(_sgx_att_key_id_ext_t), "::", stringify!(reserved)) + ); +} +impl Default for _sgx_att_key_id_ext_t { + fn default() -> Self { + unsafe { ::core::mem::zeroed() } + } +} +pub type sgx_att_key_id_ext_t = _sgx_att_key_id_ext_t; #[repr(C, packed)] #[derive(Copy, Clone)] pub struct _qe_report_info_t { @@ -2143,12 +2306,21 @@ extern "C" { extern "C" { pub fn memcpy(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memcpy_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn memmove(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memmove_verw(arg1: *mut libc::c_void, arg2: *const libc::c_void, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn memset(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void; } +extern "C" { + pub fn memset_verw(arg1: *mut libc::c_void, arg2: libc::c_int, arg3: usize) -> *mut libc::c_void; +} extern "C" { pub fn strchr(arg1: *const libc::c_char, arg2: libc::c_int) -> *mut libc::c_char; } @@ -2200,6 +2372,9 @@ extern "C" { extern "C" { pub fn memset_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t; } +extern "C" { + pub fn memset_verw_s(s: *mut libc::c_void, smax: usize, c: libc::c_int, n: usize) -> errno_t; +} extern "C" { pub fn strndup(arg1: *const libc::c_char, arg2: usize) -> *mut libc::c_char; } diff --git a/service/docker/Dockerfile b/service/docker/Dockerfile index 6dee6f8..496284c 100644 --- a/service/docker/Dockerfile +++ b/service/docker/Dockerfile @@ -2,23 +2,24 @@ FROM ubuntu:bionic COPY linux-sgx.gpg /tmp/docker/ -RUN apt-get update \ - && apt-get install -y --no-install-recommends \ - apt-transport-https \ - build-essential \ - curl \ - gpg-agent \ - libseccomp2 \ - libseccomp-dev \ - libssl-dev \ - pkg-config \ - protobuf-compiler \ - software-properties-common \ +RUN apt update \ + && apt install -y --no-install-recommends \ + apt-transport-https \ + build-essential \ + curl \ + gpg-agent \ + libseccomp2 \ + libseccomp-dev \ + libssl-dev \ + pkg-config \ + protobuf-compiler \ + software-properties-common \ && apt-key add /tmp/docker/linux-sgx.gpg \ && apt-add-repository "deb https://download.01.org/intel-sgx/sgx_repo/ubuntu bionic main" \ - && apt-get install -y --download-only libsgx-enclave-common=2.7.101.3-bionic1 libsgx-enclave-common-dev=2.7.101.3-bionic1 \ - && dpkg --unpack /var/cache/apt/archives/libsgx-enclave-common_*.deb \ - && dpkg --install --ignore-depends=libsgx-enclave-common /var/cache/apt/archives/libsgx-enclave-common-dev_*.deb \ + && apt install -y \ + libsgx-enclave-common-dev=2.17.100.3-bionic1 \ + libsgx-uae-service=2.17.100.3-bionic1 \ + libsgx-urts=2.17.100.3-bionic1 \ && rm -rf /var/lib/apt/lists/* ARG UID=0 @@ -46,7 +47,7 @@ RUN curl -f https://static.rust-lang.org/rustup/archive/1.20.2/x86_64-unknown && /tmp/rustup-init -y --profile minimal --component rustfmt --default-toolchain "${TOOLCHAIN}" \ && rm -rf /tmp/rustup-init /tmp/docker -ARG SGX_SDK_VERSION=2.7.1 +ARG SGX_SDK_VERSION=2.17 COPY linux-sgx.tar.gz.sha256 /tmp/docker/ diff --git a/service/docker/linux-sgx.tar.gz.sha256 b/service/docker/linux-sgx.tar.gz.sha256 index 7536791..9728546 100644 --- a/service/docker/linux-sgx.tar.gz.sha256 +++ b/service/docker/linux-sgx.tar.gz.sha256 @@ -1 +1 @@ -68d26293c8ea1c80266e1d897824d5fae021e6d988437ec8b6561a15352af789 linux-sgx.tar.gz +36143fc805cde77ec43e279e676cae6c31313b1760a03984e48b51cf4f1bea5b linux-sgx.tar.gz