Skip to content

Commit

Permalink
fuzz sgx,exist bugs, just for pr review
Browse files Browse the repository at this point in the history
  • Loading branch information
Ben-cpy committed Oct 17, 2023
1 parent b655a4a commit 897b012
Show file tree
Hide file tree
Showing 18 changed files with 1,055 additions and 24 deletions.
17 changes: 14 additions & 3 deletions cmake/CompilerOptions.cmake
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Normal and occlum mode
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
# set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
set(RATS_TLS_LDFLAGS "-fPIC -Bsymbolic -ldl")

if(OCCLUM)
Expand All @@ -12,6 +12,16 @@ else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2")
endif()

if((BUILD_FUZZ) AND (SGX))
set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wno-implicit-function-declaration")
set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fPIC -Werror=implicit-function-declaration")
elseif()
set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -std=gnu11 -fPIC -Werror=implicit-function-declaration")
endif()

# SGX mode
if(SGX)
if(SGX_HW)
Expand Down Expand Up @@ -56,8 +66,8 @@ if(SGX)
set(ENCLAVE_COMMON_FLAGS "${ENCLAVE_COMMON_FLAGS} -fstack-protector-strong")
endif()

set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")
# set(SGX_COMMON_CFLAGS "${SGX_COMMON_FLAGS} -Wstrict-prototypes -Wunsuffixed-float-constants -Wno-implicit-function-declaration -std=c11")
# set(SGX_COMMON_CXXFLAGS "${SGX_COMMON_FLAGS} -Wnon-virtual-dtor -std=c++11")

set(ENCLAVE_INCLUDES "${SGX_INCLUDE}" "${SGX_TLIBC_INCLUDE}" "${SGX_LIBCXX_INCLUDE}" "/usr/include")
set(ENCLAVE_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${ENCLAVE_COMMON_FLAGS}")
Expand All @@ -67,3 +77,4 @@ if(SGX)
set(APP_C_FLAGS "${CMAKE_C_FLAGS} ${SGX_COMMON_CFLAGS} ${APP_COMMON_FLAGS}")
set(APP_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_COMMON_CXXFLAGS} ${APP_COMMON_FLAGS}")
endif()

13 changes: 10 additions & 3 deletions fuzz/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,11 @@
add_subdirectory(tls_init)
add_subdirectory(tls_negotiate)
if(SGX)
add_subdirectory(tls_sgx_mode)
add_subdirectory(sgx-stub-enclave)
else()
add_subdirectory(tls_init)
add_subdirectory(tls_negotiate)
add_subdirectory(tls_transmit)
endif()
add_subdirectory(tls_server)
add_subdirectory(tls_transmit)


83 changes: 83 additions & 0 deletions fuzz/sgx-stub-enclave/CMakeLists.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# Project name
project(sgx-stub-enclave CXX)

set(CMAKE_CXX_COMPILER "/usr/bin/clang++")
set(CMAKE_CXX_FLAGS "-g ${CMAKE_CXX_FLAGS}")
set(RATS_TLS_INSTALL_FUZZ_PATH /usr/share/rats-tls/fuzz)

if((BUILD_SAMPLES) OR (BUILD_FUZZ))
set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
${CMAKE_CURRENT_SOURCE_DIR}/../../src/external/sgx-ssl/intel-sgx-ssl/src/intel-sgx-ssl/Linux/package/include
)

set(LIBRARY_DIRS ${INTEL_SGXSSL_LIB_PATH}
${LIBCBOR_LIB_PATH}
${CMAKE_BINARY_DIR}/src
${CMAKE_BINARY_DIR}/src/crypto_wrappers/nullcrypto
${CMAKE_BINARY_DIR}/src/crypto_wrappers/openssl
${CMAKE_BINARY_DIR}/src/tls_wrappers/nulltls
${CMAKE_BINARY_DIR}/src/tls_wrappers/openssl
${CMAKE_BINARY_DIR}/src/verifiers/nullverifier
${CMAKE_BINARY_DIR}/src/verifiers/sgx-ecdsa-qve
${CMAKE_BINARY_DIR}/src/verifiers/tdx-ecdsa
${CMAKE_BINARY_DIR}/src/verifiers/sgx-la
${CMAKE_BINARY_DIR}/src/attesters/nullattester
${CMAKE_BINARY_DIR}/src/attesters/sgx-ecdsa
${CMAKE_BINARY_DIR}/src/attesters/sgx-la
)

set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl
)
else()
list(APPEND CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake")
include(CustomInstallDirs)
include(FindRatsTls)
if(NOT RATS_TLS_FOUND)
message(FATAL_ERROR "Failed to find rats_tls!")
endif()
include(FindSGX)
if(NOT SGX_FOUND)
message(FATAL_ERROR "Failed to find sgx!")
endif()
include(CompilerOptions)
include(SGXCommon)

set(INCLUDE_DIRS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/rats-tls
${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)

set(LIBRARY_DIRS ${RATS_TLS_INSTALL_LIB_PATH})

set(EDL_SEARCH_PATHS ${CMAKE_CURRENT_SOURCE_DIR}/../../src/include/edl)
endif()

include_directories(${INCLUDE_DIRS})
link_directories(${LIBRARY_DIRS})

set(E_SRCS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_ecall.c)
set(EDLS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub.edl)
set(LDS ${CMAKE_CURRENT_SOURCE_DIR}/sgx_stub_enclave.lds)
set(DEPEND_TRUSTED_LIBS crypto_wrapper_nullcrypto
crypto_wrapper_openssl
tls_wrapper_nulltls
tls_wrapper_openssl
attester_nullattester
attester_sgx_ecdsa
attester_sgx_la
verifier_nullverifier
verifier_sgx_la
verifier_sgx_ecdsa_qve
verifier_tdx_ecdsa
rats_tls
cbor
)

add_enclave_library(sgx_stub_enclave SRCS ${E_SRCS} EDL ${EDLS} TRUSTED_LIBS ${DEPEND_TRUSTED_LIBS} EDL_SEARCH_PATHS ${EDL_SEARCH_PATHS} LDSCRIPT ${LDS})
enclave_sign(sgx_stub_enclave KEY sgx_stub_enclave.pem CONFIG sgx_stub_enclave.xml)
add_dependencies(sgx_stub_enclave rats_tls)

install(FILES ${CMAKE_CURRENT_BINARY_DIR}/sgx_stub_enclave.signed.so
DESTINATION ${RATS_TLS_INSTALL_FUZZ_PATH})
32 changes: 32 additions & 0 deletions fuzz/sgx-stub-enclave/sgx_stub.edl
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
enclave {
include "rats-tls/api.h"
include "internal/core.h"
include "sgx_eid.h"

from "../../src/include/edl/rtls.edl" import *;
from "sgx_tsgxssl.edl" import *;

trusted {
public int ecall_client_startup(
rats_tls_log_level_t log_level,
[in, out] char *fuzz_conf_bytes,
[in, string] char *attester_type,
[in, string] char *verifier_type,
[in, string] char *tls_type,
[in, string] char *crypto_type,
unsigned long flags,
uint32_t s_ip,
uint16_t s_port
);

public int ecall_server_startup(
rats_tls_log_level_t log_level,
[in, string] char *attester_type,
[in, string] char *verifier_type,
[in, string] char *tls_type,
[in, string] char *crypto_type,
unsigned long flags,
uint32_t s_ip,
uint16_t s_port);
};
};
Loading

0 comments on commit 897b012

Please sign in to comment.