samplecode/sealeddata/enclave/src/lib.rs - incubator-teaclave-sgx-sdk - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License..

 #![crate_name = "sealdatasampleenclave"]
 #![crate_type = "staticlib"]

 #![cfg_attr(not(target_env = "sgx"), no_std)]
 #![cfg_attr(target_env = "sgx", feature(rustc_private))]

 extern crate sgx_types;
 extern crate sgx_tseal;
 #[cfg(not(target_env = "sgx"))]
 #[macro_use]
 extern crate sgx_tstd as std;
 extern crate sgx_rand;

 #[macro_use]
 extern crate serde_derive;
 extern crate serde_cbor;

 use sgx_types::{sgx_status_t, sgx_sealed_data_t};
 use sgx_types::marker::ContiguousMemory;
 use sgx_tseal::{SgxSealedData};
 use sgx_rand::{Rng, StdRng};
 use std::vec::Vec;

 // A sample struct to show the usage of serde + seal
 // This struct could not be used in sgx_seal directly because it is
 // **not** continuous in memory. The `vec` is the bad member.
 // However, it is serializable. So we can serialize it first and
 // put convert the Vec<u8> to [u8] then put [u8] to sgx_seal API!
 #[derive(Serialize, Deserialize, Clone, Default, Debug)]
 struct RandDataSerializable {
     key: u32,
     rand: [u8; 16],
     vec: Vec<u8>,
 }

 #[derive(Copy, Clone, Default, Debug)]
 struct RandDataFixed {
     key: u32,
     rand: [u8; 16],
 }

 // We can only impl ContiguousMemory for Fixed
 // For RandDataSerializable, we use serde_cbor (or anything you like)
 // to serialize it to a Vec<u8>. And then use the _slice func to deal
 // with [u8] because [u8] does implemented ContiguousMemory
 unsafe impl ContiguousMemory for RandDataFixed{}

 #[no_mangle]
 pub extern "C" fn create_sealeddata_for_fixed(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

     let mut data = RandDataFixed::default();
     data.key = 0x1234;

     let mut rand = match StdRng::new() {
         Ok(rng) => rng,
         Err(_) => { return sgx_status_t::SGX_ERROR_UNEXPECTED; },
     };
     rand.fill_bytes(&mut data.rand);

     let aad: [u8; 0] = [0_u8; 0];
     let result = SgxSealedData::<RandDataFixed>::seal_data(&aad, &data);
     let sealed_data = match result {
         Ok(x) => x,
         Err(ret) => { return ret; },
     };

     let opt = to_sealed_log_for_fixed(&sealed_data, sealed_log, sealed_log_size);
     if opt.is_none() {
         return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
     }

     println!("{:?}", data);

     sgx_status_t::SGX_SUCCESS
 }

 #[no_mangle]
 pub extern "C" fn verify_sealeddata_for_fixed(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

     let opt = from_sealed_log_for_fixed::<RandDataFixed>(sealed_log, sealed_log_size);
     let sealed_data = match opt {
         Some(x) => x,
         None => {
             return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         },
     };

     let result = sealed_data.unseal_data();
     let unsealed_data = match result {
         Ok(x) => x,
         Err(ret) => {
             return ret;
         },
     };

     let data = unsealed_data.get_decrypt_txt();

     println!("{:?}", data);

     sgx_status_t::SGX_SUCCESS
 }

 #[no_mangle]
 pub extern "C" fn create_sealeddata_for_serializable(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

     let mut data = RandDataSerializable::default();
     data.key = 0x1234;

     let mut rand = match StdRng::new() {
         Ok(rng) => rng,
         Err(_) => { return sgx_status_t::SGX_ERROR_UNEXPECTED; },
     };
     rand.fill_bytes(&mut data.rand);

     data.vec.extend(data.rand.iter());

     let encoded_vec = serde_cbor::to_vec(&data).unwrap();
     let encoded_slice = encoded_vec.as_slice();
     println!("Length of encoded slice: {}", encoded_slice.len());
     println!("Encoded slice: {:?}", encoded_slice);

     let aad: [u8; 0] = [0_u8; 0];
     let result = SgxSealedData::<[u8]>::seal_data(&aad, encoded_slice);
     let sealed_data = match result {
         Ok(x) => x,
         Err(ret) => { return ret; },
     };

     let opt = to_sealed_log_for_slice(&sealed_data, sealed_log, sealed_log_size);
     if opt.is_none() {
         return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
     }

     println!("{:?}", data);

     sgx_status_t::SGX_SUCCESS
 }

 #[no_mangle]
 pub extern "C" fn verify_sealeddata_for_serializable(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

     let opt = from_sealed_log_for_slice::<u8>(sealed_log, sealed_log_size);
     let sealed_data = match opt {
         Some(x) => x,
         None => {
             return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         },
     };

     let result = sealed_data.unseal_data();
     let unsealed_data = match result {
         Ok(x) => x,
         Err(ret) => {
             return ret;
         },
     };

     let encoded_slice = unsealed_data.get_decrypt_txt();
     println!("Length of encoded slice: {}", encoded_slice.len());
     println!("Encoded slice: {:?}", encoded_slice);
     let data: RandDataSerializable = serde_cbor::from_slice(encoded_slice).unwrap();

     println!("{:?}", data);

     sgx_status_t::SGX_SUCCESS
 }

 fn to_sealed_log_for_fixed<T: Copy + ContiguousMemory>(sealed_data: &SgxSealedData<T>, sealed_log: * mut u8, sealed_log_size: u32) -> Option<* mut sgx_sealed_data_t> {
     unsafe {
         sealed_data.to_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
     }
 }

 fn from_sealed_log_for_fixed<'a, T: Copy + ContiguousMemory>(sealed_log: * mut u8, sealed_log_size: u32) -> Option<SgxSealedData<'a, T>> {
     unsafe {
         SgxSealedData::<T>::from_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
     }
 }

 fn to_sealed_log_for_slice<T: Copy + ContiguousMemory>(sealed_data: &SgxSealedData<[T]>, sealed_log: * mut u8, sealed_log_size: u32) -> Option<* mut sgx_sealed_data_t> {
     unsafe {
         sealed_data.to_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
     }
 }

 fn from_sealed_log_for_slice<'a, T: Copy + ContiguousMemory>(sealed_log: * mut u8, sealed_log_size: u32) -> Option<SgxSealedData<'a, [T]>> {
     unsafe {
         SgxSealedData::<[T]>::from_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License..

	#![crate_name = "sealdatasampleenclave"]
	#![crate_type = "staticlib"]

	#![cfg_attr(not(target_env = "sgx"), no_std)]
	#![cfg_attr(target_env = "sgx", feature(rustc_private))]

	extern crate sgx_types;
	extern crate sgx_tseal;
	#[cfg(not(target_env = "sgx"))]
	#[macro_use]
	extern crate sgx_tstd as std;
	extern crate sgx_rand;

	#[macro_use]
	extern crate serde_derive;
	extern crate serde_cbor;

	use sgx_types::{sgx_status_t, sgx_sealed_data_t};
	use sgx_types::marker::ContiguousMemory;
	use sgx_tseal::{SgxSealedData};
	use sgx_rand::{Rng, StdRng};
	use std::vec::Vec;

	// A sample struct to show the usage of serde + seal
	// This struct could not be used in sgx_seal directly because it is
	// not continuous in memory. The `vec` is the bad member.
	// However, it is serializable. So we can serialize it first and
	// put convert the Vec<u8> to [u8] then put [u8] to sgx_seal API!
	#[derive(Serialize, Deserialize, Clone, Default, Debug)]
	struct RandDataSerializable {
	key: u32,
	rand: [u8; 16],
	vec: Vec<u8>,
	}

	#[derive(Copy, Clone, Default, Debug)]
	struct RandDataFixed {
	key: u32,
	rand: [u8; 16],
	}

	// We can only impl ContiguousMemory for Fixed
	// For RandDataSerializable, we use serde_cbor (or anything you like)
	// to serialize it to a Vec<u8>. And then use the _slice func to deal
	// with [u8] because [u8] does implemented ContiguousMemory
	unsafe impl ContiguousMemory for RandDataFixed{}

	#[no_mangle]
	pub extern "C" fn create_sealeddata_for_fixed(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

	let mut data = RandDataFixed::default();
	data.key = 0x1234;

	let mut rand = match StdRng::new() {
	Ok(rng) => rng,
	Err(_) => { return sgx_status_t::SGX_ERROR_UNEXPECTED; },
	};
	rand.fill_bytes(&mut data.rand);

	let aad: [u8; 0] = [0_u8; 0];
	let result = SgxSealedData::<RandDataFixed>::seal_data(&aad, &data);
	let sealed_data = match result {
	Ok(x) => x,
	Err(ret) => { return ret; },
	};

	let opt = to_sealed_log_for_fixed(&sealed_data, sealed_log, sealed_log_size);
	if opt.is_none() {
	return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	}

	println!("{:?}", data);

	sgx_status_t::SGX_SUCCESS
	}

	#[no_mangle]
	pub extern "C" fn verify_sealeddata_for_fixed(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

	let opt = from_sealed_log_for_fixed::<RandDataFixed>(sealed_log, sealed_log_size);
	let sealed_data = match opt {
	Some(x) => x,
	None => {
	return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	},
	};

	let result = sealed_data.unseal_data();
	let unsealed_data = match result {
	Ok(x) => x,
	Err(ret) => {
	return ret;
	},
	};

	let data = unsealed_data.get_decrypt_txt();

	println!("{:?}", data);

	sgx_status_t::SGX_SUCCESS
	}

	#[no_mangle]
	pub extern "C" fn create_sealeddata_for_serializable(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

	let mut data = RandDataSerializable::default();
	data.key = 0x1234;

	let mut rand = match StdRng::new() {
	Ok(rng) => rng,
	Err(_) => { return sgx_status_t::SGX_ERROR_UNEXPECTED; },
	};
	rand.fill_bytes(&mut data.rand);

	data.vec.extend(data.rand.iter());

	let encoded_vec = serde_cbor::to_vec(&data).unwrap();
	let encoded_slice = encoded_vec.as_slice();
	println!("Length of encoded slice: {}", encoded_slice.len());
	println!("Encoded slice: {:?}", encoded_slice);

	let aad: [u8; 0] = [0_u8; 0];
	let result = SgxSealedData::<[u8]>::seal_data(&aad, encoded_slice);
	let sealed_data = match result {
	Ok(x) => x,
	Err(ret) => { return ret; },
	};

	let opt = to_sealed_log_for_slice(&sealed_data, sealed_log, sealed_log_size);
	if opt.is_none() {
	return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	}

	println!("{:?}", data);

	sgx_status_t::SGX_SUCCESS
	}

	#[no_mangle]
	pub extern "C" fn verify_sealeddata_for_serializable(sealed_log: * mut u8, sealed_log_size: u32) -> sgx_status_t {

	let opt = from_sealed_log_for_slice::<u8>(sealed_log, sealed_log_size);
	let sealed_data = match opt {
	Some(x) => x,
	None => {
	return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	},
	};

	let result = sealed_data.unseal_data();
	let unsealed_data = match result {
	Ok(x) => x,
	Err(ret) => {
	return ret;
	},
	};

	let encoded_slice = unsealed_data.get_decrypt_txt();
	println!("Length of encoded slice: {}", encoded_slice.len());
	println!("Encoded slice: {:?}", encoded_slice);
	let data: RandDataSerializable = serde_cbor::from_slice(encoded_slice).unwrap();

	println!("{:?}", data);

	sgx_status_t::SGX_SUCCESS
	}

	fn to_sealed_log_for_fixed<T: Copy + ContiguousMemory>(sealed_data: &SgxSealedData<T>, sealed_log: * mut u8, sealed_log_size: u32) -> Option<* mut sgx_sealed_data_t> {
	unsafe {
	sealed_data.to_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
	}
	}

	fn from_sealed_log_for_fixed<'a, T: Copy + ContiguousMemory>(sealed_log: * mut u8, sealed_log_size: u32) -> Option<SgxSealedData<'a, T>> {
	unsafe {
	SgxSealedData::<T>::from_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
	}
	}

	fn to_sealed_log_for_slice<T: Copy + ContiguousMemory>(sealed_data: &SgxSealedData<[T]>, sealed_log: * mut u8, sealed_log_size: u32) -> Option<* mut sgx_sealed_data_t> {
	unsafe {
	sealed_data.to_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
	}
	}

	fn from_sealed_log_for_slice<'a, T: Copy + ContiguousMemory>(sealed_log: * mut u8, sealed_log_size: u32) -> Option<SgxSealedData<'a, [T]>> {
	unsafe {
	SgxSealedData::<[T]>::from_raw_sealed_data_t(sealed_log as * mut sgx_sealed_data_t, sealed_log_size)
	}
	}