void destroy_Enclave(){ sgx_status_t ret = SGX_SUCCESS; ret=sgx_destroy_enclave(global_eid); if(ret!=SGX_SUCCESS){ printf("App: error %#x, failed to destroy enclave.\n", ret); } }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { (void)(argc); (void)(argv); /* Initialize the enclave */ if ( initialize_enclave ( ENCLAVE_FILENAME, &global_eid ) < 0 ){ return -1; } /* Utilize edger8r attributes */ edger8r_array_attributes(); edger8r_pointer_attributes(); edger8r_type_attributes(); edger8r_function_attributes(); /* Utilize trusted libraries */ ecall_libc_functions(); ecall_libcxx_functions(); ecall_thread_functions(); /* Destroy the enclave */ sgx_destroy_enclave(global_eid); printf("Info: SampleEnclavePCL successfully returned.\n"); return 0; }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { (void)(argc); (void)(argv); /* Initialize the enclave */ if(initialize_enclave() < 0){ printf("Enter a character before exit ...\n"); getchar(); return -1; } /* Utilize trusted libraries */ ecall_libcxx_functions(); /* Destroy the enclave */ sgx_destroy_enclave(global_eid); printf("Info: Cxx11DemoEnclave successfully returned.\n"); //printf("Enter a character before exit ...\n"); //getchar(); return 0; }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { /* Initialize the enclave */ if(initialize_enclave() < 0){ printf("Enter a character before exit ...\n"); getchar(); return -1; } app_main(argc, argv); /* Destroy the enclave */ sgx_destroy_enclave(global_eid); printf("Info: SampleEnclave successfully returned.\n"); return 0; }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { sgx_status_t sgx_ret = SGX_SUCCESS; sgx_status_t enclave_ret = SGX_SUCCESS; uint32_t sealed_log_size = 1024; uint8_t sealed_log[1024] = {0}; sgx_sealed_data_t * sealed_data = 0; (void)(argc); (void)(argv); /* Initialize the enclave */ if(initialize_enclave() < 0){ printf("Enter a character before exit ...\n"); getchar(); return -1; } const char* str = "This is c str passed into enclave!"; size_t len = strlen(str); sgx_ret = say_something(global_eid, &enclave_ret, (const uint8_t *) str, len); if(sgx_ret != SGX_SUCCESS) { print_error_message(sgx_ret); return -1; } if(enclave_ret != SGX_SUCCESS) { print_error_message(enclave_ret); return -1; } printf("[+] say_something success ...\n"); /* Destroy the enclave */ sgx_destroy_enclave(global_eid); return 0; }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { (void)(argc); (void)(argv); /* Changing dir to where the executable is.*/ char absolutePath [MAX_PATH]; char *ptr = NULL; ptr = realpath(dirname(argv[0]),absolutePath); if( chdir(absolutePath) != 0) abort(); /* Initialize the enclave */ if(initialize_enclave() < 0){ return -1; } sgx_status_t ret = SGX_ERROR_UNEXPECTED; int ecall_return = 0; ret = ecall_$(enclaveName)_sample(global_eid, &ecall_return); if (ret != SGX_SUCCESS) abort(); if (ecall_return == 0) { printf("Application ran with success\n"); } else { printf("Application failed %d \n", ecall_return); } sgx_destroy_enclave(global_eid); return ecall_return; }
int _tmain(int argc, _TCHAR* argv[]) { uint32_t ret_status; sgx_status_t status; UNUSED(argc); UNUSED(argv); if(load_enclaves() != SGX_SUCCESS) { printf("\nLoad Enclave Failure"); } printf("\nAvaliable Enclaves"); printf("\nEnclave1 - EnclaveID %llx",e1_enclave_id); printf("\nEnclave2 - EnclaveID %llx",e2_enclave_id); printf("\nEnclave3 - EnclaveID %llx",e3_enclave_id); do { //Test Create session between Enclave1(Source) and Enclave2(Destination) status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_create_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nSecure Channel Establishment between Source (E1) and Destination (E2) Enclaves successful !!!"); } else { printf("\nSession establishment and key exchange failure between Source (E1) and Destination (E2): Error code is %x", ret_status); break; } } //Test Enclave to Enclave call between Enclave1(Source) and Enclave2(Destination) status = Enclave1_test_enclave_to_enclave_call(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_enclave_to_enclave_call Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nEnclave to Enclave Call between Source (E1) and Destination (E2) Enclaves successful !!!"); } else { printf("\n\nEnclave to Enclave Call failure between Source (E1) and Destination (E2): Error code is %x", ret_status); break; } } //Test message exchange between Enclave1(Source) and Enclave2(Destination) status = Enclave1_test_message_exchange(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_message_exchange Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nMessage Exchange between Source (E1) and Destination (E2) Enclaves successful !!!"); } else { printf("\n\nMessage Exchange failure between Source (E1) and Destination (E2): Error code is %x", ret_status); break; } } //Test Create session between Enclave1(Source) and Enclave3(Destination) status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_create_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nSecure Channel Establishment between Source (E1) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nSession establishment and key exchange failure between Source (E1) and Destination (E3): Error code is %x", ret_status); break; } } //Test Enclave to Enclave call between Enclave1(Source) and Enclave3(Destination) status = Enclave1_test_enclave_to_enclave_call(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_enclave_to_enclave_call Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nEnclave to Enclave Call between Source (E1) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nEnclave to Enclave Call failure between Source (E1) and Destination (E3): Error code is %x", ret_status); break; } } //Test message exchange between Enclave1(Source) and Enclave3(Destination) status = Enclave1_test_message_exchange(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_message_exchange Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nMessage Exchange between Source (E1) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nMessage Exchange failure between Source (E1) and Destination (E3): Error code is %x", ret_status); break; } } //Test Create session between Enclave2(Source) and Enclave3(Destination) status = Enclave2_test_create_session(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave2_test_create_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nSecure Channel Establishment between Source (E2) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nSession establishment and key exchange failure between Source (E2) and Destination (E3): Error code is %x", ret_status); break; } } //Test Enclave to Enclave call between Enclave2(Source) and Enclave3(Destination) status = Enclave2_test_enclave_to_enclave_call(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave2_test_enclave_to_enclave_call Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nEnclave to Enclave Call between Source (E2) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nEnclave to Enclave Call failure between Source (E2) and Destination (E3): Error code is %x", ret_status); break; } } //Test message exchange between Enclave2(Source) and Enclave3(Destination) status = Enclave2_test_message_exchange(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave2_test_message_exchange Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nMessage Exchange between Source (E2) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nMessage Exchange failure between Source (E2) and Destination (E3): Error code is %x", ret_status); break; } } //Test Create session between Enclave3(Source) and Enclave1(Destination) status = Enclave3_test_create_session(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave3_test_create_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nSecure Channel Establishment between Source (E3) and Destination (E1) Enclaves successful !!!"); } else { printf("\n\nSession establishment and key exchange failure between Source (E3) and Destination (E1): Error code is %x", ret_status); break; } } //Test Enclave to Enclave call between Enclave3(Source) and Enclave1(Destination) status = Enclave3_test_enclave_to_enclave_call(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave3_test_enclave_to_enclave_call Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nEnclave to Enclave Call between Source (E3) and Destination (E1) Enclaves successful !!!"); } else { printf("\n\nEnclave to Enclave Call failure between Source (E3) and Destination (E1): Error code is %x", ret_status); break; } } //Test message exchange between Enclave3(Source) and Enclave1(Destination) status = Enclave3_test_message_exchange(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave3_test_message_exchange Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nMessage Exchange between Source (E3) and Destination (E1) Enclaves successful !!!"); } else { printf("\n\nMessage Exchange failure between Source (E3) and Destination (E1): Error code is %x", ret_status); break; } } //Test Closing Session between Enclave1(Source) and Enclave2(Destination) status = Enclave1_test_close_session(e1_enclave_id, &ret_status, e1_enclave_id, e2_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_close_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nClose Session between Source (E1) and Destination (E2) Enclaves successful !!!"); } else { printf("\n\nClose session failure between Source (E1) and Destination (E2): Error code is %x", ret_status); break; } } //Test Closing Session between Enclave1(Source) and Enclave3(Destination) status = Enclave1_test_close_session(e1_enclave_id, &ret_status, e1_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave1_test_close_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nClose Session between Source (E1) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nClose session failure between Source (E1) and Destination (E3): Error code is %x", ret_status); break; } } //Test Closing Session between Enclave2(Source) and Enclave3(Destination) status = Enclave2_test_close_session(e2_enclave_id, &ret_status, e2_enclave_id, e3_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave2_test_close_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nClose Session between Source (E2) and Destination (E3) Enclaves successful !!!"); } else { printf("\n\nClose session failure between Source (E2) and Destination (E3): Error code is %x", ret_status); break; } } //Test Closing Session between Enclave3(Source) and Enclave1(Destination) status = Enclave3_test_close_session(e3_enclave_id, &ret_status, e3_enclave_id, e1_enclave_id); if (status!=SGX_SUCCESS) { printf("Enclave3_test_close_session Ecall failed: Error code is %x", status); break; } else { if(ret_status==0) { printf("\n\nClose Session between Source (E3) and Destination (E1) Enclaves successful !!!"); } else { printf("\n\nClose session failure between Source (E3) and Destination (E1): Error code is %x", ret_status); break; } } #pragma warning (push) #pragma warning (disable : 4127) }while(0); #pragma warning (pop) sgx_destroy_enclave(e1_enclave_id); sgx_destroy_enclave(e2_enclave_id); sgx_destroy_enclave(e3_enclave_id); waitForKeyPress(); return 0; }
sgx_status_t destroy_enclave(sgx_enclave_id_t eid) { return check(sgx_destroy_enclave(eid), "Failed to destroy enclave"); }
/* Application entry */ int SGX_CDECL main(int argc, char *argv[]) { sgx_status_t sgx_ret = SGX_SUCCESS; sgx_status_t enclave_ret = SGX_SUCCESS; uint32_t sealed_log_size = 1024; uint8_t sealed_log[1024] = {0}; sgx_sealed_data_t * sealed_data = 0; (void)(argc); (void)(argv); /* Initialize the enclave */ if(initialize_enclave() < 0){ printf("Enter a character before exit ...\n"); getchar(); return -1; } // SHA-256 test case comes from // https://tools.ietf.org/html/rfc4634 // TEST1 const char* str = "abc"; size_t len = strlen(str); uint8_t * output_hash = (uint8_t *) malloc (32 + 1); printf("[+] sha256 input string is %s\n", str); printf("[+] Expected SHA256 hash: %s\n", "ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad"); sgx_ret = calc_sha256(global_eid, &enclave_ret, (const uint8_t *) str, len, output_hash); if(sgx_ret != SGX_SUCCESS) { print_error_message(sgx_ret); return -1; } if(enclave_ret != SGX_SUCCESS) { print_error_message(enclave_ret); return -1; } printf("[+] SHA256 result is "); int i; for(i = 0; i < 32; i ++) { printf("%02x", output_hash[i]); } printf("\n"); printf("[+] calc_sha256 success ...\n"); // AES-GCM-128 test case comes from // http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf // Test case 2 printf("[+] Starting aes-gcm-128 encrypt calculation\n"); uint8_t aes_gcm_plaintext[16] = {0}; uint8_t aes_gcm_key[16] = {0}; uint8_t aes_gcm_iv[12] = {0}; uint8_t aes_gcm_ciphertext[16] = {0}; uint8_t aes_gcm_mac[16] = {0}; printf("[+] aes-gcm-128 args prepared!\n"); printf("[+] aes-gcm-128 expected ciphertext: %s\n", "0388dace60b6a392f328c2b971b2fe78"); sgx_ret = aes_gcm_128_encrypt(global_eid, &enclave_ret, aes_gcm_key, aes_gcm_plaintext, 16, aes_gcm_iv, aes_gcm_ciphertext, aes_gcm_mac); printf("[+] aes-gcm-128 returned from enclave!\n"); if(sgx_ret != SGX_SUCCESS) { print_error_message(sgx_ret); return -1; } if(enclave_ret != SGX_SUCCESS) { print_error_message(enclave_ret); return -1; } printf("[+] aes-gcm-128 ciphertext is: "); for(i = 0; i < 16; i ++) { printf("%02x", aes_gcm_ciphertext[i]); } printf("\n"); printf("[+] aes-gcm-128 result mac is: "); for(i = 0; i < 16; i ++) { printf("%02x", aes_gcm_mac[i]); } printf("\n"); printf("[+] Starting aes-gcm-128 decrypt calculation\n"); printf("[+] aes-gcm-128 expected plaintext: %s", aes_gcm_plaintext); uint8_t aes_gcm_decrypted_text[16] = {0}; sgx_ret = aes_gcm_128_decrypt(global_eid, &enclave_ret, aes_gcm_key, aes_gcm_ciphertext, 16, aes_gcm_iv, aes_gcm_mac, aes_gcm_decrypted_text); if(sgx_ret != SGX_SUCCESS) { print_error_message(sgx_ret); return -1; } if(enclave_ret != SGX_SUCCESS) { print_error_message(enclave_ret); return -1; } printf("[+] aes-gcm-128 decrypted plaintext is: "); for(i = 0; i < 16; i ++) { printf("%02x", aes_gcm_decrypted_text[i]); } printf("\n"); printf("[+] aes-gcm-128 decrypt complete \n"); // AES-CMAC test case comes from // https://tools.ietf.org/html/rfc4493 // Example 3 printf("[+] Starting aes-cmac test \n"); printf("[+] aes-cmac expected digest: %s\n", "51f0bebf7e3b9d92fc49741779363cfe"); uint8_t cmac_key[] = { 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c }; uint8_t cmac_msg[] = { 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 }; uint8_t cmac_result[16] = {0}; sgx_ret = aes_cmac(global_eid, &enclave_ret, cmac_msg, sizeof(cmac_msg), cmac_key, cmac_result); if(sgx_ret != SGX_SUCCESS) { print_error_message(sgx_ret); return -1; } if(enclave_ret != SGX_SUCCESS) { print_error_message(enclave_ret); return -1; } printf("[+] aes-cmac result is: "); for(i = 0; i < 16; i ++){ printf("%02x", cmac_result[i]); } printf("\n"); /* Destroy the enclave */ sgx_destroy_enclave(global_eid); return 0; }
/* Initialize the enclave: * Call sgx_create_enclave to initialize an enclave instance */ sgx_status_t initialize_enclave ( const char *file_name, sgx_enclave_id_t* eid ) { sgx_status_t ret = SGX_ERROR_UNEXPECTED; size_t read_num = 0; /* Call sgx_create_enclave to initialize an enclave instance */ /* Debug Support: set 2nd parameter to 1 */ #ifdef SGX_USE_PCL bool open_seal_enclave = true; uint8_t* sealed_blob = NULL; FILE *fsealp = fopen(SEALED_KEY_FILE_NAME, "rb"); size_t sealed_blob_size = 0; if(NULL != fsealp) { // Read file size: fseek(fsealp, 0L, SEEK_END); sealed_blob_size = ftell(fsealp); fseek(fsealp, 0L, SEEK_SET); // Read file into buffer: sealed_blob = new uint8_t[sealed_blob_size]; read_num = fread(sealed_blob, 1, sealed_blob_size, fsealp); if ( read_num != sealed_blob_size ) { printf ( "Warning: Failed to read sealed blob.\n" ); } else { open_seal_enclave = false; } fclose(fsealp); } if (true == open_seal_enclave) { printf ("Open Seal Enclave: %s\n", SEAL_FILENAME ); sgx_enclave_id_t seal_eid = 0; ret = sgx_create_enclave( SEAL_FILENAME, SGX_DEBUG_FLAG, NULL, NULL, &seal_eid, NULL); if (SGX_SUCCESS != ret) { print_error_message(ret); return ret; } ret = ecall_get_sealed_blob_size(seal_eid, &sealed_blob_size); if (ret != SGX_SUCCESS || UINT32_MAX == sealed_blob_size) { printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size); sgx_destroy_enclave(seal_eid); return ret; } //printf("ecall_get_sealed_blob_size: ret = %d, sealed_blob_size = %ld\n", ret, sealed_blob_size); sealed_blob = new uint8_t[sealed_blob_size]; sgx_status_t gret = SGX_ERROR_UNEXPECTED; ret = ecall_generate_sealed_blob(seal_eid, &gret, sealed_blob, sealed_blob_size); if ((SGX_SUCCESS != ret) || (SGX_SUCCESS != gret)) { printf("ecall_generate_sealed_blob: ret = %d, gret = 0x%x\n", ret, gret); sgx_destroy_enclave(seal_eid); delete sealed_blob; return ret; } sgx_destroy_enclave(seal_eid); fsealp = fopen(SEALED_KEY_FILE_NAME, "wb"); if(NULL != fsealp) { fwrite(sealed_blob, 1, sealed_blob_size, fsealp); fclose(fsealp); } } // Load the PCL protected Enclave: ret = sgx_create_encrypted_enclave(file_name, SGX_DEBUG_FLAG, NULL, NULL, eid, NULL, sealed_blob); delete sealed_blob; #else // SGX_USE_PCL ret = sgx_create_enclave(file_name, SGX_DEBUG_FLAG, NULL, NULL, eid, NULL); #endif // SGX_USE_PCL if (ret != SGX_SUCCESS) { print_error_message(ret); return ret; } return SGX_SUCCESS; }