信息安全从业人员^_^
一个未入门de情报学胖子(邮箱:tenghm1986@163.com)
Toggle navigation
信息安全从业人员^_^
主页
About Me
归档
标签
SGX实践
2018-03-29 18:26:43
257
0
0
heming
# 1.工程组织结构 ``` project |--------App | |----App.cpp//应用入口 | |----App.h//声明ecall_func的总入口 | |----TrustedLibrary | |----Libcxx.cpp//定义ecall_func的总入口,以及使用的ecall | |--------Enclave | |----Enclave.cpp//定义内部函数,其中使用外部ocall_func include Enclave_t.h包含ocall_func声明 | |----Enclave.h | |----Enclave_debug.lds | |----Enclave_private.pem | |----Enclave.config.xml | |----Enclave.edl | |----Enclave.lds | |----TrustedLibrary |----Libcxx.cpp//定义ecall_func使用的ecall |----Libcxx.edl//对外ecall接口,产生Enclave_t.h ``` # 2.ocall 获取外部参数 > edl 定义 ``` [cdecl] void ocall_get_buf([in,size=len] void* buf1,[in,out,size=len] void* buf,size_t len); ``` > app.cpp定义 ``` void ocall_get_buf(void* buf1,void* buf,size_t len) { // buf=(char*)malloc(10); memcpy(buf,buf1,len); } ``` > enclave调用 ``` sgx_status_t ret = SGX_ERROR_UNEXPECTED; char s1[]="1234567890"; //char s2[]="0987654321"; char *s2=NULL; size_t len=10; ret=ocall_get_buf(s1,s2,len); if (ret != SGX_SUCCESS) abort(); show("!!!!!!!!!!!!ocall!!!!! %s\n",s2); ``` # 3. user_datatype(ocall) > enclave.edl ``` include "user_types.h" /* buffer_t */ include "flk_types.h" untrusted { void ocall_print_string([in, string] const char *str); [cdecl] void ocall_get_buf([in,size=len] void* buf1,[in,out,size=len] void* buf,size_t len); void ocall_get_flk_struct([in,string] const char *name,[out]struct flk_test* ptest ); /* *[cdecl, dllimport] void *memccpy([in, out, size=len] void *dest, [in, size=len] const void *src, int val, size_t len);*/ }; ``` > flk_types.h ``` #include <stdio.h> #include <string.h> struct flk_test { int age; int salary; }; ``` > ocall_get_flk_struct(const char*name,struct flk_test* ptest) definition ``` void ocall_get_flk_struct(const char *name,flk_test* ptest ) { printf("ocall_get_flk_struct is %s\n",name); ptest->age=20; ptest->salary=200; printf("ocall_get_flk_struct ptest.age is %d\n",ptest->age); } ``` # 4. user_data_type(Ecall) # 5.关于time ``` SealedData/DRM_enclave/DRM_enclave.cpp do{ ret = sgx_create_pse_session(); }while(ret ==SGX_ERROR_BUSY && busy_retry_times--); if(ret != SGX_SUCCESS) abort(); sgx_time_source_nonce_t nonce={0}; sgx_time_t current_timestamp; ret=sgx_get_trusted_time(¤t_timestamp,&nonce); if(ret != SGX_SUCCESS) { switch(ret) { case SGX_ERROR_SERVICE_UNAVAILABLE: /* Architecture Enclave Service Manager is not installed or not working properly.*/ break; case SGX_ERROR_SERVICE_TIMEOUT: /* retry the operation*/ break; case SGX_ERROR_BUSY: /* retry the operation later*/ break; default: /*other errors*/ break; } break; } sgx_close_pse_session(); ``` # 6 关于string to int (not atoi) ``` #include <stdio.h> #include <stdlib.h> typedef unsigned char byte; int bytesToInt(byte* bytes,int size) { int addr=0; for(int i=0;i<size;i++){ if(i==0) { printf("i=0\n"); printf("bytes[0] is %d\n",bytes[0]); addr = bytes[0] & 0xFF; printf("i=0,add is %d\n",addr); } if(i==1) { printf("i=1\n"); addr |= ((bytes[1] << 8) & 0xFF00); } if(i==2) { printf("i=2\n"); addr |= ((bytes[2] << 16) & 0xFF0000); } if(i==3) { printf("i=3\n"); addr |= ((bytes[3] << 24) & 0xFF000000); } } return addr; } int main(void) { char * p="zzz"; int t= bytesToInt((byte*) p,4); printf("t is %d\n",t); return 0; } ``` # 7 ocall_get > edl ``` int ocall_flk_getTimeDiffForLocal([in,out,string] char *str); ``` > ocall use in enclave ``` strncpy(str, "0987654321", strlen(str)); int flk_time_diff=0; ocall_flk_getTimeDiffForLocal(&flk_time_diff,str); printf("flk time return code is %d\n",flk_time_diff); printf("flk time ocall str is %s\n",str); ``` >ocall definition ``` int ocall_flk_getTimeDiffForLocal(char *str) { printf("flk_getTimeDiffForLocal is %s\n",str); memcpy(str,"123",strlen(str)); return 1234; } ```
上一篇:
git tips
下一篇:
SGX Developer Guider
0
赞
257 人读过
新浪微博
微信
腾讯微博
QQ空间
人人网
Please enable JavaScript to view the
comments powered by Disqus.
comments powered by
Disqus
文档导航
heming
信息安全从业人员^_^