Merge pull request #128 from SigmaGmbH/fix/sw-mode-build

fix: fix build in simulation mode
SigmaGmbH · Aug 6, 2024 · 41d8431 · 41d8431
2 parents a329a2e + 84981f9
commit 41d8431
Show file tree

Hide file tree

Showing 11 changed files with 221 additions and 80 deletions.
diff --git a/go-sgxvm/Cargo.toml b/go-sgxvm/Cargo.toml
@@ -19,7 +19,9 @@ sgx_types = { git = "https://github.com/apache/teaclave-sgx-sdk.git", rev = "3c9
 sgx_urts = { git = "https://github.com/apache/teaclave-sgx-sdk.git", rev = "3c903bda" }
 
 [features]
-attestation_server = []
+attestation_server = ["hardware_mode"]
+hardware_mode = []
+simulation_mode = []
 
 [build-dependencies]
 cbindgen = "0.24.3"
diff --git a/go-sgxvm/Makefile b/go-sgxvm/Makefile
@@ -18,6 +18,12 @@ ifeq ($(AS_MODE), true)
 	Wrapper_build_feature += attestation_server
 endif
 
+ifeq ($(SGX_MODE), HW) 
+	Wrapper_build_feature += hardware_mode
+else
+	Wrapper_build_feature += simulation_mode
+endif
+
 build:
 	@ENCLAVE_HOME=$(ENCLAVE_HOME) PRODUCTION_MODE=$(PRODUCTION_MODE) SGX_MODE=$(SGX_MODE) AS_MODE=$(AS_MODE) VERSION=$(VERSION) make build -C ../sgxvm/
 	@protoc --rust_out src/protobuf_generated/ proto/node.proto

diff --git a/go-sgxvm/build.rs b/go-sgxvm/build.rs
@@ -15,10 +15,6 @@ fn main () {
 
     println!("cargo:rustc-link-search=native=/opt/intel/sgxsdk/lib64");
     println!("cargo:rustc-link-lib=sgx_uprotected_fs");
-
-    println!("cargo:rustc-link-lib=dylib=sgx_dcap_ql");
-    println!("cargo:rustc-link-lib=dylib=sgx_dcap_quoteverify");
-	println!("cargo:rustc-link-lib=dylib=dcap_quoteprov");
 
     match is_sim.as_ref() {
         "SW" => {
@@ -32,6 +28,9 @@ fn main () {
             println!("cargo:rustc-link-lib=dylib=sgx_epid");
             println!("cargo:rustc-link-lib=dylib=sgx_quote_ex");
             println!("cargo:rustc-link-lib=dylib=sgx_launch");
+            println!("cargo:rustc-link-lib=dylib=sgx_dcap_ql");
+            println!("cargo:rustc-link-lib=dylib=sgx_dcap_quoteverify");
+            println!("cargo:rustc-link-lib=dylib=dcap_quoteprov");
         }
     }
 }
diff --git a/go-sgxvm/src/enclave/attestation/dcap_utils.rs b/go-sgxvm/src/enclave/attestation/dcap_utils.rs
@@ -17,6 +17,7 @@ pub struct QlQveCollateral {
     pub qe_identity_size: u32,
 }
 
+#[cfg(feature = "hardware_mode")]
 /// Returns target info from Quoting Enclave (QE)
 pub fn get_qe_target_info() -> Result<sgx_target_info_t, Error> {
     let mut qe_target_info = sgx_target_info_t::default();
@@ -32,6 +33,7 @@ pub fn get_qe_target_info() -> Result<sgx_target_info_t, Error> {
     Ok(qe_target_info)
 }
 
+#[cfg(feature = "hardware_mode")]
 /// Returns size of buffer to allocate for the quote
 pub fn get_quote_size() -> Result<u32, Error> {
     let mut quote_size = 0u32;
@@ -47,6 +49,7 @@ pub fn get_quote_size() -> Result<u32, Error> {
     Ok(quote_size)
 }
 
+#[cfg(feature = "hardware_mode")]
 /// Returns DCAP quote from QE
 pub fn get_qe_quote(report: sgx_report_t, quote_size: u32, p_quote: *mut u8) -> SgxResult<()> {
     println!("[Enclave Wrapper]: get_qe_quote");
@@ -59,6 +62,7 @@ pub fn get_qe_quote(report: sgx_report_t, quote_size: u32, p_quote: *mut u8) ->
     }
 }
 
+#[cfg(feature = "hardware_mode")]
 /// Generates quote inside the enclave and writes it to the file
 /// Since this function will be used only for test and dev purposes,
 /// we can ignore usages of `unwrap` or `expect`.
@@ -101,6 +105,7 @@ pub fn dump_dcap_quote(eid: sgx_enclave_id_t, filepath: &str) -> Result<(), Erro
     Ok(())
 }
 
+#[cfg(feature = "hardware_mode")]
 pub fn verify_dcap_quote(eid: sgx_enclave_id_t, filepath: &str) -> Result<(), Error> {
     let mut file = std::fs::File::open(filepath).expect("Cannot open quote file");
     let mut quote_buf = Vec::new();
@@ -136,6 +141,7 @@ pub fn verify_dcap_quote(eid: sgx_enclave_id_t, filepath: &str) -> Result<(), Er
     Ok(())
 }
 
+#[cfg(feature = "hardware_mode")]
 pub fn sgx_ql_qve_collateral_serialize(
     p_col: *const u8,
     n_col: u32,
@@ -235,6 +241,7 @@ pub fn sgx_ql_qve_collateral_serialize(
     };
 }
 
+#[cfg(feature = "hardware_mode")]
 pub fn sgx_ql_qve_collateral_deserialize(p_ser: *const u8, n_ser: u32) -> sgx_ql_qve_collateral_t {
     let mut res = sgx_ql_qve_collateral_t {
         version: 0,

diff --git a/go-sgxvm/src/enclave/enclave_api.rs b/go-sgxvm/src/enclave/enclave_api.rs
@@ -40,21 +40,25 @@ impl EnclaveApi {
         }
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn attest_peer(eid: sgx_enclave_id_t, fd: i32, is_dcap: bool) -> Result<(), Error> {
         match is_dcap {
             true => EnclaveApi::attest_peer_dcap(eid, fd),
             false => EnclaveApi::attest_peer_epid(eid, fd),
         }
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn dump_dcap_quote(eid: sgx_enclave_id_t, filepath: &str) -> Result<(), Error> {
         dcap_utils::dump_dcap_quote(eid, filepath)
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn verify_dcap_quote(eid: sgx_enclave_id_t, filepath: &str) -> Result<(), Error> {
         dcap_utils::verify_dcap_quote(eid, filepath)
     }
 
+    #[cfg(feature = "hardware_mode")]
     fn attest_peer_dcap(eid: sgx_enclave_id_t, fd: i32) -> Result<(), Error> {
         let qe_target_info = dcap_utils::get_qe_target_info()?;
         let quote_size = dcap_utils::get_quote_size()?;
@@ -83,6 +87,7 @@ impl EnclaveApi {
         Ok(())
     }
 
+    #[cfg(feature = "hardware_mode")]
     fn attest_peer_epid(eid: sgx_enclave_id_t, fd: i32) -> Result<(), Error> {
         let mut retval = sgx_status_t::SGX_ERROR_UNEXPECTED;
         let res = unsafe { super::ecall_attest_peer_epid(eid, &mut retval, fd) };
@@ -106,6 +111,7 @@ impl EnclaveApi {
         Ok(())
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn request_remote_attestation(
         eid: sgx_enclave_id_t,
         hostname: String,
@@ -118,6 +124,7 @@ impl EnclaveApi {
         }
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn perform_epid_attestation(
         eid: sgx_enclave_id_t,
         hostname: String,
@@ -157,6 +164,7 @@ impl EnclaveApi {
         Ok(())
     }
 
+    #[cfg(feature = "hardware_mode")]
     pub fn perform_dcap_attestation(
         eid: sgx_enclave_id_t,
         hostname: String,

diff --git a/go-sgxvm/src/enclave/mod.rs b/go-sgxvm/src/enclave/mod.rs
@@ -163,12 +163,14 @@ pub unsafe extern "C" fn handle_initialization_request(
                         let response_bytes = response.write_to_bytes()?;
                         Ok(response_bytes)
                     }
+                    #[cfg(feature = "hardware_mode")]
                     node::SetupRequest_oneof_req::peerAttestationRequest(req) => {
                         enclave_api::EnclaveApi::attest_peer(evm_enclave.geteid(), req.fd, req.isDCAP)?;
                         let response = node::PeerAttestationResponse::new();
                         let response_bytes = response.write_to_bytes()?;
                         Ok(response_bytes)
                     }
+                    #[cfg(feature = "hardware_mode")]
                     node::SetupRequest_oneof_req::remoteAttestationRequest(req) => {
                         enclave_api::EnclaveApi::request_remote_attestation(evm_enclave.geteid(), req.hostname, req.fd, req.isDCAP)?;
                         let response = node::RemoteAttestationResponse::new();
@@ -182,12 +184,14 @@ pub unsafe extern "C" fn handle_initialization_request(
                         let response_bytes = response.write_to_bytes()?;
                         Ok(response_bytes)
                     }
+                    #[cfg(feature = "hardware_mode")]
                     node::SetupRequest_oneof_req::dumpQuote(req) => {
                         enclave_api::EnclaveApi::dump_dcap_quote(evm_enclave.geteid(), &req.filepath)?;
                         let response = node::DumpQuoteResponse::new();
                         let response_bytes = response.write_to_bytes()?;
                         Ok(response_bytes)
                     }
+                    #[cfg(feature = "hardware_mode")]
                     node::SetupRequest_oneof_req::verifyQuote(req) => {
                         enclave_api::EnclaveApi::verify_dcap_quote(evm_enclave.geteid(), &req.filepath)?;
                         let response = node::VerifyQuoteResponse::new();
@@ -210,6 +214,7 @@ pub unsafe extern "C" fn handle_initialization_request(
                         let response_bytes = response.write_to_bytes()?;
                         Ok(response_bytes)
                     }
+                    _ => Err(Error::protobuf_decode("Unsupported request"))
                 }
             }
             None => Err(Error::protobuf_decode("Request unwrapping failed")),

diff --git a/go-sgxvm/src/ocall.rs b/go-sgxvm/src/ocall.rs
@@ -1,3 +1,4 @@
+#[cfg(feature = "hardware_mode")]
 use crate::enclave::attestation::dcap_utils::{get_qe_quote, sgx_ql_qve_collateral_serialize};
 use crate::errors::GoError;
 use crate::memory::{U8SliceView, UnmanagedVector};
@@ -8,6 +9,7 @@ use std::net::{SocketAddr, TcpStream};
 use std::os::unix::io::IntoRawFd;
 use std::slice;
 
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_get_ecdsa_quote(
     p_report: *const sgx_report_t,
@@ -24,6 +26,17 @@ pub extern "C" fn ocall_get_ecdsa_quote(
     }
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_get_ecdsa_quote(
+    p_report: *const sgx_report_t,
+    p_quote: *mut u8,
+    quote_size: u32,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_get_quote(
     p_sigrl: *const u8,
@@ -72,6 +85,24 @@ pub extern "C" fn ocall_get_quote(
     ret
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_get_quote(
+    p_sigrl: *const u8,
+    sigrl_len: u32,
+    p_report: *const sgx_report_t,
+    quote_type: sgx_quote_sign_type_t,
+    p_spid: *const sgx_spid_t,
+    p_nonce: *const sgx_quote_nonce_t,
+    p_qe_report: *mut sgx_report_t,
+    p_quote: *mut u8,
+    _maxlen: u32,
+    p_quote_len: *mut u32,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_get_update_info(
     platform_blob: *const sgx_platform_info_t,
@@ -81,6 +112,16 @@ pub extern "C" fn ocall_get_update_info(
     unsafe { sgx_report_attestation_status(platform_blob, enclave_trusted, update_info) }
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_get_update_info(
+    platform_blob: *const sgx_platform_info_t,
+    enclave_trusted: i32,
+    update_info: *mut sgx_update_info_bit_t,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
 #[no_mangle]
 pub extern "C" fn ocall_allocate(data: *const u8, len: usize) -> Allocation {
     let slice = unsafe { slice::from_raw_parts(data, len) };
@@ -96,6 +137,7 @@ pub extern "C" fn ocall_allocate(data: *const u8, len: usize) -> Allocation {
     }
 }
 
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_sgx_init_quote(
     ret_ti: *mut sgx_target_info_t,
@@ -104,6 +146,16 @@ pub extern "C" fn ocall_sgx_init_quote(
     unsafe { sgx_init_quote(ret_ti, ret_gid) }
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_sgx_init_quote(
+    ret_ti: *mut sgx_target_info_t,
+    ret_gid: *mut sgx_epid_group_id_t,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
     let port = 443;
@@ -118,6 +170,13 @@ pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
     sgx_status_t::SGX_SUCCESS
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+#[cfg(feature = "hardware_mode")]
 pub fn lookup_ipv4(host: &str, port: u16) -> SocketAddr {
     use std::net::ToSocketAddrs;
 
@@ -227,6 +286,7 @@ pub extern "C" fn ocall_query_raw(
     };
 }
 
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub unsafe extern "C" fn ocall_get_qve_report(
     p_quote: *const u8,
@@ -303,6 +363,25 @@ pub unsafe extern "C" fn ocall_get_qve_report(
     sgx_status_t::SGX_SUCCESS
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub unsafe extern "C" fn ocall_get_qve_report(
+    p_quote: *const u8,
+    quote_len: u32,
+    timestamp: i64,
+    p_collateral_expiration_status: *mut u32,
+    p_quote_verification_result: *mut sgx_ql_qv_result_t,
+    p_qve_report_info: *mut sgx_ql_qe_report_info_t,
+    p_supplemental_data: *mut u8,
+    supplemental_data_size: u32,
+    p_collateral: *const u8,
+    collateral_len: u32,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub unsafe extern "C" fn ocall_get_supplemental_data_size(
     data_size: *mut u32,
@@ -317,6 +396,13 @@ pub unsafe extern "C" fn ocall_get_supplemental_data_size(
     sgx_status_t::SGX_SUCCESS
 }
 
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub unsafe extern "C" fn ocall_get_supplemental_data_size(_: *mut u32) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
+}
+
+#[cfg(feature = "hardware_mode")]
 #[no_mangle]
 pub extern "C" fn ocall_get_quote_ecdsa_collateral(
     p_quote: *const u8,
@@ -342,4 +428,17 @@ pub extern "C" fn ocall_get_quote_ecdsa_collateral(
     };
 
     sgx_status_t::SGX_SUCCESS
+}
+
+
+#[cfg(feature = "simulation_mode")]
+#[no_mangle]
+pub extern "C" fn ocall_get_quote_ecdsa_collateral(
+    p_quote: *const u8,
+    n_quote: u32,
+    p_col: *mut u8,
+    n_col: u32,
+    p_col_size: *mut u32,
+) -> sgx_status_t {
+    sgx_status_t::SGX_ERROR_UNEXPECTED
 }