Added test for signing via SGX enclave (#28)

pgarg66 · web-flow · commit be8949a5d13b · 2018-11-06T13:33:17.000-08:00
* Added test for signing via SGX enclave

* fix compile errors

* address review comments, fix build

* Fix compile error

- also updated docker image
diff --git a/ci/build.sh b/ci/build.sh
@@ -12,7 +12,7 @@ echo --- Build
   make install
 
   ci/docker-run.sh solanalabs/sgxsdk ./src/sgx-ecc-ed25519/build.sh
-  ci/docker-run.sh solanalabs/sgxsdk ./src/sgx/signing/build.sh
+  ci/docker-run.sh solanalabs/sgxsdk ./src/sgx/build.sh
 
   cd dist
   git rev-parse HEAD | tee solana-perf-HEAD.txt
diff --git a/ci/docker-sgx/Dockerfile b/ci/docker-sgx/Dockerfile
@@ -1,13 +1,15 @@
 FROM ubuntu:18.04
 
 ENV DEBIAN_FRONTEND=noninteractive
-
 RUN apt-get update && \
-    apt-get install -y wget build-essential ocaml ocamlbuild automake autoconf
+    apt-get install -y build-essential ocaml ocamlbuild automake autoconf libtool wget python libssl-dev libcurl4-openssl-dev protobuf-compiler libprotobuf-dev sudo kmod vim curl git-core libprotobuf-c0-dev libboost-thread-dev libboost-system-dev liblog4cpp5-dev libjsoncpp-dev alien uuid-dev libxml2-dev cmake pkg-config expect
+
 
-RUN mkdir /root/sgx && \
+RUN mkdir /root/sgx && mkdir /etc/init/ && \
     wget -O /root/sgx/sdk.bin https://download.01.org/intel-sgx/linux-2.3.1/ubuntu18.04/sgx_linux_x64_sdk_2.3.101.46683.bin && \
+    wget -O /root/sgx/psw.deb https://download.01.org/intel-sgx/linux-2.3.1/ubuntu18.04/libsgx-enclave-common_2.3.101.46683-1_amd64.deb && \
     cd /root/sgx && \
+    dpkg -i /root/sgx/psw.deb && \
     chmod +x /root/sgx/sdk.bin && \
     echo -e 'no\n/opt' | /root/sgx/sdk.bin && \
     echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \
diff --git a/src/sgx/build.sh b/src/sgx/build.sh
@@ -1,13 +1,20 @@
 #!/bin/bash -e
 
 pwd=$PWD
-cd "$(dirname "$0")"
 
 echo --- Build
+cd "$(dirname "$0")/signing"
 (
   set -x
   mkdir -p "$pwd"/temp
   openssl genrsa -out "$pwd"/temp/priv_key.pem -3 3072
   openssl rsa -in "$pwd"/temp/priv_key.pem -pubout -out "$pwd"/temp/pub_key.pem
   make LIBS_PATH="$pwd"/libs OUT="$pwd"/dist PRIV_KEY="$pwd"/temp/priv_key.pem PUB_KEY="$pwd"/temp/pub_key.pem
 )
+
+echo --- Build Enclave Test
+cd "../test"
+(
+  set -x
+  make LIBS_PATH="$pwd"/libs OUT="$pwd"/dist
+)
diff --git a/src/sgx/signing/signing_public.h b/src/sgx/signing/signing_public.h
@@ -1,5 +1,6 @@
 #pragma once
 
+#include "sgx_eid.h"
 #include "sgx_error.h"
 
 #define ED25519_PUB_KEY_LEN 32
diff --git a/src/sgx/test/Makefile b/src/sgx/test/Makefile
@@ -0,0 +1,23 @@
+SGX_SDK ?= /opt/sgxsdk
+LIBS_PATH ?= ../../../libs
+OUT ?= ../../../dist
+
+C_Flags := -O2 -fpic -I. -I$(SGX_SDK)/include -I$(OUT) -I../../sgx-ecc-ed25519
+
+C_Files := $(wildcard *.c)
+C_Objects := $(C_Files:%.c=%.o)
+
+.PHONY: all run
+all: $(OUT)/signing_test
+run: all
+
+%.o: %.c
+	@echo "CC  <=  $<"
+	$(CC) $(C_Flags) -c $< -o $@
+
+$(OUT)/signing_test: $(C_Objects)
+	@mkdir -p $(OUT)
+	$(CC) $^ -o $@ -L$(OUT) -L$(LIBS_PATH) -lsigning -led25519.static
+
+clean:
+	@rm -rf $(C_Objects) $(OUT)/signing_test
diff --git a/src/sgx/test/signing_test.c b/src/sgx/test/signing_test.c
@@ -0,0 +1,58 @@
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include "signing_public.h"
+
+#include "ed25519.h"
+
+void print_buffer(const uint8_t* buf, int len) {
+  char str[BUFSIZ] = {'\0'};
+  int offset = 0;
+  for (int i = 0; i < len; i++) {
+    offset += snprintf(&str[offset], BUFSIZ - offset, "0x%02x ", buf[i]);
+    if (!((i + 1) % 8))
+      offset += snprintf(&str[offset], BUFSIZ - offset, "\n");
+  }
+  offset += snprintf(&str[offset], BUFSIZ - offset, "\n");
+  printf("%s", str);
+}
+
+int main(int argc, char* argv[]) {
+  if (argc < 2) {
+    printf("Usage: %s <enclave file path>\n", argv[0]);
+    return -1;
+  }
+
+  ed25519_context_t ctxt;
+  sgx_status_t status = init_ed25519(argv[1], &ctxt);
+  if (SGX_SUCCESS != status) {
+    printf("Failed in init_ed25519. Error %d\n", status);
+    return -1;
+  }
+
+  printf("Loaded the enclave. eid: %d\n", (uint32_t)ctxt.eid);
+
+  uint8_t* data =
+      "This is a test string. We'll sign it using SGX enclave. Hope it works!!";
+  uint8_t signature[64];
+  memset(signature, 0, sizeof(signature));
+  status =
+      sign_ed25519(&ctxt, sizeof(data), data, sizeof(signature), signature);
+  if (SGX_SUCCESS != status) {
+    printf("Failed in sign_ed25519. Error %d\n", status);
+    release_ed25519_context(&ctxt);
+    return -1;
+  }
+
+  printf("Signature:\n");
+  print_buffer(signature, sizeof(signature));
+
+  if (ed25519_verify(signature, data, sizeof(data), ctxt.public_key) == 0) {
+     printf("Failed in verifying the signature\n");
+  } else {
+     printf("Signature verified\n");
+  }
+
+  release_ed25519_context(&ctxt);
+  return 0;
+}
