Precompile for secp256r1, ed25519, debug mode build, enable SHA3FIPS …

…precompiles (#69) * feat: start working on dcap attestation * feat: add command for dcap ra + renaming * refactor: rename protobuf messages * feat: generate DCAP cert inside enclave * feat: fix generation of ecc cert for DCAP * refactor: start small code cleanup * refactor: fix compilation issues * refactor: moving ecalls to lib.rs * refactor: migrate all ecalls to lib.rs * feat: set QvE loading policy * feat: quote verification in progress * refactor: simplify handle_initialization_request fn * refactor: change structure of go-sgxvm rust code * chore: add small script * wip: working on sample dcap * wip: fixing SGX_QL_ERROR_REPORT issue * refactor: simplify structure * feat: sample of dcap * try enable rust debug builds * Fix typo * Fix for __assert_fail, typo * Another feature * Another debug stuff * Another debug stuff#2 * Another debug stuff#3 * Fix target deletion * refactor: split into functions * refactor: split into functions * Add build_d to main makefile * Add build_d to main makefile #2 * refactor: intermediate commit * refactor: intermediate commit * feat: add ocall for supplemental data size * refactor: remove unused code * feat: accept only correct attestation result * chore: add comments and todos * refactor: cleanup * refactor: update go part * refactor: update protobuf files * chore: update test * refactor: move creation of client config * refactor: add tls client config for DCAP * refactor: simplify TLS client * chore: add logs in test * refactor: simplify code * refactor: update ecall for master key sharing * refactor: rename ecalls * refactor: rename `ecall_share_seed` -> `ecall_attest_peer_epid` * feat: add ecall for dcap attestation * refactor: move ClientAuth and ServerAuth to separate file * refactor: remove unused code * refactor: remove unused imports * refactor: provide is_dcap param * feat: start verifying received quote * chore: add todos * feat: add validation of attributes and svn * chore: enable debug before mainnet * Add template * init * Added ed25519 verify precompile * Added secp256r1 precompile * Try fix build * Wip * Try enable sgx_tunittest * Revert "Try enable sgx_tunittest" This reverts commit 5f9892f. * Fix secp256r1 impl * Remove unneeded stuff --------- Co-authored-by: MikkySnow <[email protected]>
SigmaGmbH · Mar 18, 2024 · 1c47d5d · 1c47d5d
1 parent ae4f7a5
commit 1c47d5d
Show file tree

Hide file tree

Showing 10 changed files with 685 additions and 494 deletions.
diff --git a/Makefile b/Makefile
@@ -86,6 +86,11 @@ build: go.sum
 	$(MAKE) -C go-sgxvm build
 	go build -mod=mod $(BUILD_FLAGS)  -tags osusergo,netgo -o build/swisstronikd ./cmd/swisstronikd
 
+build_d: go.sum
+	$(MAKE) -C go-sgxvm build_d
+	go build -mod=mod $(BUILD_FLAGS)  -tags osusergo,netgo -o build/swisstronikd ./cmd/swisstronikd
+
+
 ###############################################################################
 ### 		          Build commands for CLI (without SGX support) 			###
 ###############################################################################

diff --git a/go-sgxvm/Makefile b/go-sgxvm/Makefile
@@ -17,3 +17,13 @@ build:
 	@protoc --go_out=types --proto_path=../sgxvm/proto/ ../sgxvm/proto/ffi.proto
 	@protoc --go_out=types --proto_path=proto/ proto/node.proto
 	@cp types/github.com/SigmaGmbH/librustgo/types/* types/ && rm -rf types/github.com
+
+build_d:
+	@ENCLAVE_HOME=$(ENCLAVE_HOME) SGX_MODE=$(SGX_MODE) make build_d -C ../sgxvm/
+	@protoc --rust_out src/protobuf_generated/ proto/node.proto
+	@ENCLAVE_HOME=$(ENCLAVE_HOME) cargo build --release
+	@mkdir -p $(ENCLAVE_HOME) && cp $(CURDIR)/../sgxvm/sgx-artifacts/bin/enclave.signed.so $(ENCLAVE_HOME)/enclave.signed.so
+	@cp $(CURDIR)/target/release/libsgxvm_wrapper.so $(CURDIR)/internal/api/libsgx_wrapper.x86_64.so
+	@protoc --go_out=types --proto_path=../sgxvm/proto/ ../sgxvm/proto/ffi.proto
+	@protoc --go_out=types --proto_path=proto/ proto/node.proto
+	@cp types/github.com/SigmaGmbH/librustgo/types/* types/ && rm -rf types/github.com
diff --git a/sgxvm/Cargo.lock b/sgxvm/Cargo.lock
diff --git a/sgxvm/Cargo.toml b/sgxvm/Cargo.toml
@@ -43,6 +43,7 @@ substrate-bn = { version = "0.6.0", default-features = false }
 tiny-keccak = { version = "2.0.2", features = ["fips202"] }
 ripemd = { version = "0.1.3", default-features = false }
 k256 = { version = "0.11.6", default-features = false, features = ["keccak256", "sha2", "ecdsa"] }
+p256 = { version = "0.13.2",default-features = false, features = ["ecdsa"] }
 sha3 = { version = "0.10", default-features = false }
 rlp = { version = "0.5.1", default-features = false }
 num = { version = "0.4", default-features = false, features = ["alloc"] }

diff --git a/sgxvm/Makefile b/sgxvm/Makefile
@@ -1,7 +1,6 @@
 SHELL := /bin/bash
 COMPILER = rustc
 TARGET = $(shell rustc --version --verbose 2> /dev/null | awk "/host:/ { print \$$2 }")
-TARGET_DIR = target/release/
 DEFAULT = help
 CC=clang
 #CXX=clang++
@@ -37,6 +36,15 @@ define sgx_clean
 	@rm -f $(CURDIR)/enclave.unsigned.so
 endef
 
+define sgx_clean_debug
+	@echo "Cleaning enclave dependencies"
+	@rm -rf $(CURDIR)/sgx-artifacts/bin/*
+	@rm -rf $(CURDIR)/sgx-artifacts/lib/*
+	@rm -f $(CURDIR)/Enclave_u*
+	@rm -f $(CURDIR)/Enclave_t*
+	@rm -f $(CURDIR)/enclave.unsigned.so
+endef
+
 define compile_protobuf
 	@echo "Compiling SGXVM protobuf files"
     protoc --rust_out src/protobuf_generated/ proto/ffi.proto
@@ -48,6 +56,11 @@ define compile_enclave_rust
 	@RUSTFLAGS="-C target-cpu=native" cargo build --release --features $(Enclave_build_feature) --no-default-features
 endef
 
+define compile_enclave_rust_debug
+	@echo "Building enclave rust code"
+	@RUSTFLAGS="-C target-cpu=native -Z threads=4" cargo build --features $(Enclave_build_feature) --no-default-features
+endef
+
 define create_bridge_enclave_rust
 	@echo "Create bridge between enclave and rust"
 	@/opt/intel/sgxsdk/bin/x64/sgx_edger8r --trusted $(CURDIR)/Enclave.edl --search-path /opt/intel/sgxsdk/include --search-path $(CURDIR)/sgx-sdk/edl --trusted-dir $(CURDIR)/
@@ -70,6 +83,11 @@ define copy_compiled_enclave
 	@cp $(CURDIR)/target/release/libenclave.a $(CURDIR)/sgx-artifacts/lib/libenclave.a
 endef
 
+define copy_compiled_enclave_debug
+ 	@echo "Copy compiled enclave files"
+	@cp $(CURDIR)/target/debug/libenclave.a $(CURDIR)/sgx-artifacts/lib/libenclave.a
+endef
+
 define compile_into_enclave_t_o
 	@echo "Compile into Enclave_t.o"
 	@cc -m64 -O2 -fstack-protector -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks -I$(CURDIR)/sgx-sdk/common/inc -I$(CURDIR)/sgx-sdk/edl -I/opt/intel/sgxsdk/include -I/opt/intel/sgxsdk/include/tlibc -I/opt/intel/sgxsdk/include/stlport -I/opt/intel/sgxsdk/include/epid -I $(CURDIR)/ -I$(CURDIR)/include -c $(CURDIR)/Enclave_t.c -o $(CURDIR)/Enclave_t.o
@@ -107,9 +125,26 @@ define sgx_build
 	$(call sign_enclave)
 endef
 
+define sgx_build_debug
+	$(call sgx_clean_debug)
+	$(call compile_protobuf)
+	$(call compile_enclave_rust_debug)
+	$(call create_bridge_enclave_rust)
+	$(call compile_enclave_bridge)
+	$(call create_archive)
+	$(call copy_compiled_enclave_debug)
+	$(call compile_into_enclave_t_o)
+	$(call compile_unsigned_enclave)
+	$(call sign_enclave)
+endef
+
 build:
 	$(call sgx_build)
 	@echo "Intel SGX enclave built and signed"
 
+build_d:
+	$(call sgx_build_debug)
+	@echo "Intel SGX enclave built and signed with debug Rust code"
+
 clean:
 	$(call sgx_clean)