Merge pull request #962 from NickolasLapp/linux-sgx

Add LINUX SGX Support for building of wolfSSL static library. See README

.gitignore

@@ -213,5 +213,8 @@ IDE/INTIME-RTOS/Debug_*
 # Hexiwear
 IDE/HEXIWEAR/wolfSSL_HW/Debug
 
+# Linux-SGX
+IDE/LINUX-SGX/*.a
+
 # Binaries
 wolfcrypt/src/port/intel/qat_test

IDE/LINUX-SGX/README.md

@@ -0,0 +1,17 @@
+# Static Library: Building libwolfssl.sgx.static.lib.a for use with SGX Enclaves
+
+### Requirements:
+This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necesary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familure with simiulation software being used in place of hardware.
+
+### Overview and Build:
+This project creates a static library to then link with Enclaves. A simple example of an Enclave linking to the created wolfSSL library can be found in wolfssl-examples on github. This project has been tested with gcc 5.4.0 on Ubuntu 16.04.
+
+To create the static library, simply call make:
+
+`make -f sgx_t_static.mk all`
+
+This will create a local static library, libwolfssl.sgx.static.lib.a, that can be linked with SGX enclaves to access wolfSSL APIs using SGX hardware.
+
+Limitations:
+    Single Threaded (multiple threaded applications have not been tested)
+    AES-NI use with SGX has not been added in yet

IDE/LINUX-SGX/sgx_t_static.mk

@@ -0,0 +1,138 @@
+######## Intel(R) SGX SDK Settings ########
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= SIM
+SGX_ARCH ?= x64
+WOLFSSL_ROOT ?= $(shell readlink -f ../..)
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+	SGX_COMMON_CFLAGS := -m32
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+else
+	SGX_COMMON_CFLAGS := -m64
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+        SGX_COMMON_CFLAGS += -O0 -g
+else
+        SGX_COMMON_CFLAGS += -O2
+endif
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+
+Crypto_Library_Name := sgx_tcrypto
+
+Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/coding.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c\
+					$(WOLFSSL_ROOT)/src/crl.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/des3.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/dh.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/tfm.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/ecc.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/error.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/hash.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/hc128.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/hmac.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/integer.c\
+					$(WOLFSSL_ROOT)/src/internal.c\
+					$(WOLFSSL_ROOT)/src/io.c\
+					$(WOLFSSL_ROOT)/src/keys.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/logging.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/md4.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/md5.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/memory.c\
+					$(WOLFSSL_ROOT)/src/ocsp.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/rabbit.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/random.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/dsa.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
+					$(WOLFSSL_ROOT)/src/ssl.c\
+					$(WOLFSSL_ROOT)/src/tls.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/test/test.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.c
+
+Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
+						 -I$(WOLFSSL_ROOT)/wolfcrypt/ \
+						 -I$(WOLFSSL_ROOT)/wolfcrypt/test/ \
+						 -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/ \
+						 -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
+
+
+Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
+Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Include_Paths) -fno-builtin-printf -I.
+Wolfssl_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags)
+
+Wolfssl_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--defsym,__ImageBase=0 \
+	-Wl,--version-script=trusted/wolfcrypt.lds
+
+Wolfssl_C_Objects := $(Wolfssl_C_Files:.c=.o)
+
+ifeq ($(SGX_MODE), HW)
+ifneq ($(SGX_DEBUG), 1)
+ifneq ($(SGX_PRERELEASE), 1)
+Build_Mode = HW_RELEASE
+endif
+endif
+endif
+
+override CFLAGS += $(Wolfssl_C_Flags)
+
+.PHONY: all run
+
+all: libwolfssl.sgx.static.lib.a
+
+######## WolfSSL Objects ########
+
+libwolfssl.sgx.static.lib.a: $(Wolfssl_C_Objects)
+	ar rcs libwolfssl.sgx.static.lib.a $(Wolfssl_C_Objects)
+	@echo "LINK =>  $@"
+
+clean:
+	@rm -f wolfcrypt.* static_trusted/wolfssl_t.* libwolfssl.sgx.static.lib.a  $(Wolfssl_C_Objects)

src/ssl.c

@@ -929,6 +929,16 @@ int wolfSSL_GetObjectSize(void)
 
     return sizeof(WOLFSSL);
 }
+
+int wolfSSL_CTX_GetObjectSize(void)
+{
+    return sizeof(WOLFSSL_CTX);
+}
+
+int wolfSSL_METHOD_GetObjectSize(void)
+{
+    return sizeof(WOLFSSL_METHOD);
+}
 #endif
 
 

wolfcrypt/benchmark/benchmark.c

@@ -123,7 +123,7 @@
     #define fopen wolfSSL_fopen
 #endif
 
-#if defined(__GNUC__) && defined(__x86_64__) && !defined(NO_ASM)
+#if defined(__GNUC__) && defined(__x86_64__) && !defined(NO_ASM) && !defined(WOLFSSL_SGX)
     #define HAVE_GET_CYCLES
     static INLINE word64 get_intel_cycles(void);
     static THREAD_LS_T word64 total_cycles;
@@ -3724,6 +3724,8 @@ exit_ed_verify:
 
         return time_now;
     }
+#elif defined(WOLFSSL_SGX)
+    double current_time(int reset);
 
 #else
 

wolfcrypt/src/logging.c

@@ -117,6 +117,9 @@ void wolfSSL_Debugging_OFF(void)
     #else
         #include <nio.h>
     #endif
+#elif defined(WOLFSSL_SGX)
+    /* Declare sprintf for ocall */
+    int sprintf(char* buf, const char *fmt, ...);
 #else
     #include <stdio.h>   /* for default printf stuff */
 #endif

wolfssl/io.h

@@ -101,6 +101,8 @@
         #include <fcntl.h>
         #include <netdb.h>
         #include <sys/ioctl.h>
+    #elif defined(WOLFSSL_SGX)
+        #include <errno.h>
     #elif !defined(WOLFSSL_NO_SOCK)
         #include <sys/types.h>
         #include <errno.h>

wolfssl/ssl.h

@@ -1375,6 +1375,8 @@ WOLFSSL_API WC_RNG* wolfSSL_GetRNG(WOLFSSL*);
 WOLFSSL_API int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version);
 WOLFSSL_API int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version);
 WOLFSSL_API int wolfSSL_GetObjectSize(void);  /* object size based on build */
+WOLFSSL_API int wolfSSL_CTX_GetObjectSize(void); 
+WOLFSSL_API int wolfSSL_METHOD_GetObjectSize(void);
 WOLFSSL_API int wolfSSL_GetOutputSize(WOLFSSL*, int);
 WOLFSSL_API int wolfSSL_GetMaxOutputSize(WOLFSSL*);
 WOLFSSL_API int wolfSSL_SetVersion(WOLFSSL* ssl, int version);

wolfssl/wolfcrypt/settings.h

@@ -1252,18 +1252,27 @@ extern void uITRON4_free(void *p) ;
 #endif
 
 #ifdef WOLFSSL_SGX
-    #define WOLFCRYPT_ONLY   /* limitation until IO resolved */
+    #ifdef _MSC_VER
+        #define WOLFCRYPT_ONLY
+        #define NO_RC4
+        #define NO_DES3
+        #define NO_SHA
+        #define NO_MD5
+    #else
+        #define HAVE_ECC
+        #define TFM_TIMING_RESISTANT
+        #define NO_FILESYSTEM
+        #define NO_WRITEV
+        #define NO_MAIN_DRIVER
+        #define USER_TICKS
+        #define WOLFSSL_LOG_PRINTF
+        #define WOLFSSL_DH_CONST
+    #endif /* _MSC_VER */
     #define SINGLE_THREADED
     #define NO_ASN_TIME /* can not use headers such as windows.h */
-
-    /* options used in created example */
     #define HAVE_AESGCM
     #define USE_CERT_BUFFERS_2048
     #define USE_FAST_MATH
-    #define NO_RC4
-    #define NO_DES3
-    #define NO_SHA
-    #define NO_MD5
 #endif /* WOLFSSL_SGX */
 
 /* FreeScale MMCAU hardware crypto has 4 byte alignment.