From 82765354d48ce19059c5ad86f403cf6472d0414a Mon Sep 17 00:00:00 2001
From: Nick Santana <nick@mobilecoin.com>
Date: Mon, 16 May 2022 09:49:25 -0700
Subject: [PATCH 1/3] Add FFI bindings for SGX tcrypto library

---
 .github/workflows/trusted.yaml      | 16 ++++++--
 trusted/Cargo.toml                  |  7 ++--
 trusted/crypto/sys/Cargo.toml       | 16 ++++++++
 trusted/crypto/sys/build.rs         | 33 ++++++++++++++++
 trusted/crypto/sys/src/lib.rs       | 58 +++++++++++++++++++++++++++++
 trusted/crypto/sys/types/Cargo.toml |  8 ++++
 trusted/crypto/sys/types/build.rs   | 49 ++++++++++++++++++++++++
 trusted/crypto/sys/types/src/lib.rs |  7 ++++
 8 files changed, 188 insertions(+), 6 deletions(-)
 create mode 100644 trusted/crypto/sys/Cargo.toml
 create mode 100644 trusted/crypto/sys/build.rs
 create mode 100644 trusted/crypto/sys/src/lib.rs
 create mode 100644 trusted/crypto/sys/types/Cargo.toml
 create mode 100644 trusted/crypto/sys/types/build.rs
 create mode 100644 trusted/crypto/sys/types/src/lib.rs

diff --git a/.github/workflows/trusted.yaml b/.github/workflows/trusted.yaml
index e2c31752..d7aedeb5 100644
--- a/.github/workflows/trusted.yaml
+++ b/.github/workflows/trusted.yaml
@@ -28,6 +28,16 @@ jobs:
       - name: Setup rust toolchain
         run: rustup show
       - run: cargo build --release 
-  # No tests for now.  
-  # `cargo test` needs std, panic is no_std
-  # Also trts needs built with the custom target triple to link 
+  # Only test crypto for now.  
+  # - panic is no_std, `cargo test` needs std
+  # - trts needs built with the custom target triple to link
+  test:
+    runs-on: [self-hosted, Linux, large]
+    container: mobilecoin/rust-sgx-base:latest
+    steps:
+      - uses: actions/checkout@v3
+      # actions-rs/toolchain does not support the newer toml file format
+      # see https://github.com/actions-rs/toolchain/issues/126
+      - name: Setup rust toolchain
+        run: rustup show
+      - run: cargo test --release -p mc-sgx-crypto-sys
diff --git a/trusted/Cargo.toml b/trusted/Cargo.toml
index 00b4c454..9b421097 100644
--- a/trusted/Cargo.toml
+++ b/trusted/Cargo.toml
@@ -1,8 +1,10 @@
 [workspace]
 resolver = "2"
 members = [
-    "trts/sys",
+    "crypto/sys/types",
+    "crypto/sys",
     "panic/abort",
+    "trts/sys",
 ]
 
 [profile.dev]
@@ -19,5 +21,4 @@ overflow-checks = false
 
 # Skip the need for LD_LIBRARY_PATH in `cargo test`
 [profile.test]
-rpath = true
-
+rpath = true
\ No newline at end of file
diff --git a/trusted/crypto/sys/Cargo.toml b/trusted/crypto/sys/Cargo.toml
new file mode 100644
index 00000000..a537938e
--- /dev/null
+++ b/trusted/crypto/sys/Cargo.toml
@@ -0,0 +1,16 @@
+[package]
+name = "mc-sgx-crypto-sys"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+mc-sgx-core-sys-types = { path = "../../../core/sys/types" }
+mc-sgx-crypto-sys-types = { path = "types" }
+
+[dev-dependencies]
+sha2 = "0.10.2"
+
+[build-dependencies]
+bindgen = "0.60.1"
+cargo-emit = "0.2.1"
+mc-sgx-core-build = { path = "../../../core/build" }
diff --git a/trusted/crypto/sys/build.rs b/trusted/crypto/sys/build.rs
new file mode 100644
index 00000000..3c216284
--- /dev/null
+++ b/trusted/crypto/sys/build.rs
@@ -0,0 +1,33 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Builds the FFI function bindings for trts (trusted runtime system) of the
+//! Intel SGX SDK
+
+use bindgen::Builder;
+use cargo_emit::{rustc_link_lib, rustc_link_search};
+
+fn main() {
+    let sgx_library_path = mc_sgx_core_build::sgx_library_path();
+    rustc_link_lib!("sgx_tcrypto");
+    rustc_link_search!(&format!("{}/lib64", sgx_library_path));
+
+    let bindings = Builder::default()
+        .header_contents("crypto.h", "#include <sgx_tcrypto.h>")
+        .clang_arg(&format!("-I{}/include", sgx_library_path))
+        .blocklist_type("*")
+        .allowlist_function("sgx_sha.*")
+        .allowlist_function("sgx_rijndael.*")
+        .allowlist_function("sgx_cmac.*")
+        .allowlist_function("sgx_hmac.*")
+        .allowlist_function("sgx_aes.*")
+        .allowlist_function("sgx_ecc.*")
+        .allowlist_function("sgx_.*ecdsa.*")
+        .allowlist_function("sgx_.*rsa.*")
+        .parse_callbacks(Box::new(bindgen::CargoCallbacks))
+        .generate()
+        .expect("Unable to generate bindings");
+
+    let out_path = mc_sgx_core_build::build_output_path();
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .expect("Couldn't write bindings!");
+}
diff --git a/trusted/crypto/sys/src/lib.rs b/trusted/crypto/sys/src/lib.rs
new file mode 100644
index 00000000..873c61e2
--- /dev/null
+++ b/trusted/crypto/sys/src/lib.rs
@@ -0,0 +1,58 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! FFI functions for the SGX SDK trusted crypto library (tcrypto).
+
+#![feature(core_ffi_c, c_size_t)]
+#![allow(non_upper_case_globals, non_camel_case_types, non_snake_case)]
+
+pub use core::ffi::c_size_t as size_t;
+pub use mc_sgx_core_sys_types::sgx_status_t;
+
+pub use mc_sgx_crypto_sys_types::{
+    sgx_aes_ctr_128bit_key_t, sgx_aes_gcm_128bit_key_t, sgx_aes_gcm_128bit_tag_t,
+    sgx_aes_state_handle_t, sgx_cmac_128bit_key_t, sgx_cmac_128bit_tag_t, sgx_cmac_state_handle_t,
+    sgx_ec256_dh_shared_t, sgx_ec256_private_t, sgx_ec256_public_t, sgx_ec256_signature_t,
+    sgx_ecc_state_handle_t, sgx_hmac_state_handle_t, sgx_rsa3072_key_t, sgx_rsa3072_public_key_t,
+    sgx_rsa3072_signature_t, sgx_rsa_key_type_t, sgx_rsa_result_t, sgx_sha1_hash_t,
+    sgx_sha256_hash_t, sgx_sha384_hash_t, sgx_sha_state_handle_t,
+};
+
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use sha2::{Digest, Sha256};
+    use std::convert::TryInto;
+
+    #[test]
+    fn run_sha256_1337() {
+        let bytes: [u8; 4] = [1, 3, 3, 7];
+        let mut hash: sgx_sha256_hash_t = Default::default();
+        let result =
+            unsafe { sgx_sha256_msg(bytes.as_ptr(), bytes.len().try_into().unwrap(), &mut hash) };
+        assert_eq!(result, sgx_status_t::SGX_SUCCESS);
+
+        let expected = {
+            let mut hasher = Sha256::new();
+            hasher.update(&bytes);
+            hasher.finalize()
+        };
+        assert_eq!(hash, expected[..]);
+    }
+
+    #[test]
+    fn run_sha256_42() {
+        let bytes: [u8; 2] = [4, 2];
+        let mut hash: sgx_sha256_hash_t = Default::default();
+        let result =
+            unsafe { sgx_sha256_msg(bytes.as_ptr(), bytes.len().try_into().unwrap(), &mut hash) };
+        assert_eq!(result, sgx_status_t::SGX_SUCCESS);
+
+        let expected = {
+            let mut hasher = Sha256::new();
+            hasher.update(&bytes);
+            hasher.finalize()
+        };
+        assert_eq!(hash, expected[..]);
+    }
+}
diff --git a/trusted/crypto/sys/types/Cargo.toml b/trusted/crypto/sys/types/Cargo.toml
new file mode 100644
index 00000000..5f075dc8
--- /dev/null
+++ b/trusted/crypto/sys/types/Cargo.toml
@@ -0,0 +1,8 @@
+[package]
+name = "mc-sgx-crypto-sys-types"
+version = "0.1.0"
+edition = "2021"
+
+[build-dependencies]
+bindgen = "0.60.1"
+mc-sgx-core-build = { path = "../../../../core/build" }
diff --git a/trusted/crypto/sys/types/build.rs b/trusted/crypto/sys/types/build.rs
new file mode 100644
index 00000000..a1d58813
--- /dev/null
+++ b/trusted/crypto/sys/types/build.rs
@@ -0,0 +1,49 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Builds the FFI type bindings for the crypto functions, (aes, rsa, etc.),
+//! of the Intel SGX SDK
+
+use bindgen::{callbacks::ParseCallbacks, Builder};
+
+#[derive(Debug)]
+struct Callbacks;
+
+impl ParseCallbacks for Callbacks {
+    fn item_name(&self, name: &str) -> Option<String> {
+        if name.starts_with("_sgx") {
+            Some(name[1..].to_owned())
+        } else {
+            None
+        }
+    }
+}
+
+fn main() {
+    let sgx_library_path = mc_sgx_core_build::sgx_library_path();
+    let bindings = Builder::default()
+        .header_contents("crypto_types.h", "#include <sgx_tcrypto.h>")
+        .clang_arg(&format!("-I{}/include", sgx_library_path))
+        .blocklist_function("*")
+        .newtype_enum("sgx_generic_ecresult_t")
+        .newtype_enum("sgx_rsa_result_t")
+        .newtype_enum("sgx_rsa_key_type_t")
+        .allowlist_type("_sgx_ec256_.*")
+        .allowlist_type("_sgx_rsa3072_.*")
+        .allowlist_type("sgx_rsa3072_signature_t")
+        .allowlist_type("sgx_rsa_result_t")
+        .allowlist_type("sgx_rsa_key_type_t")
+        .allowlist_type("sgx_sha.*")
+        .allowlist_type("sgx_cmac_.*")
+        .allowlist_type("sgx_hmac_.*")
+        .allowlist_type("sgx_aes_.*")
+        .allowlist_type("sgx_ecc_.*")
+        .allowlist_type("sgx_generic_ecresult_t")
+        .parse_callbacks(Box::new(Callbacks))
+        .ctypes_prefix("core::ffi")
+        .generate()
+        .expect("Unable to generate bindings");
+
+    let out_path = mc_sgx_core_build::build_output_path();
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .expect("Couldn't write bindings!");
+}
diff --git a/trusted/crypto/sys/types/src/lib.rs b/trusted/crypto/sys/types/src/lib.rs
new file mode 100644
index 00000000..fcc7230e
--- /dev/null
+++ b/trusted/crypto/sys/types/src/lib.rs
@@ -0,0 +1,7 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Rust FFI types for the SGX SDK trusted crypto library (tcrypto).
+
+#![feature(core_ffi_c)]
+#![allow(non_camel_case_types, non_snake_case, non_upper_case_globals)]
+
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));

From 8b0a6c21bd7af641037ea31e63d1b4d9482f58c7 Mon Sep 17 00:00:00 2001
From: Nick Santana <nick@mobilecoin.com>
Date: Fri, 15 Jul 2022 14:42:07 -0700
Subject: [PATCH 2/3] Add missing newlines

Co-authored-by: Remoun Metyas <remoun.metyas@gmail.com>
---
 trusted/Cargo.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/trusted/Cargo.toml b/trusted/Cargo.toml
index 9b421097..688b2c44 100644
--- a/trusted/Cargo.toml
+++ b/trusted/Cargo.toml
@@ -21,4 +21,4 @@ overflow-checks = false
 
 # Skip the need for LD_LIBRARY_PATH in `cargo test`
 [profile.test]
-rpath = true
\ No newline at end of file
+rpath = true

From c9b82dd66929995c2c4e24f4cd706abdcb465d43 Mon Sep 17 00:00:00 2001
From: Nick Santana <nick@mobilecoin.com>
Date: Fri, 15 Jul 2022 15:01:38 -0700
Subject: [PATCH 3/3] Specify `mc-sgx-crypto-sys*` as `no_std`

---
 trusted/crypto/sys/build.rs         | 1 +
 trusted/crypto/sys/src/lib.rs       | 1 +
 trusted/crypto/sys/types/src/lib.rs | 1 +
 3 files changed, 3 insertions(+)

diff --git a/trusted/crypto/sys/build.rs b/trusted/crypto/sys/build.rs
index 3c216284..65939b80 100644
--- a/trusted/crypto/sys/build.rs
+++ b/trusted/crypto/sys/build.rs
@@ -23,6 +23,7 @@ fn main() {
         .allowlist_function("sgx_.*ecdsa.*")
         .allowlist_function("sgx_.*rsa.*")
         .parse_callbacks(Box::new(bindgen::CargoCallbacks))
+        .ctypes_prefix("core::ffi")
         .generate()
         .expect("Unable to generate bindings");
 
diff --git a/trusted/crypto/sys/src/lib.rs b/trusted/crypto/sys/src/lib.rs
index 873c61e2..919ce063 100644
--- a/trusted/crypto/sys/src/lib.rs
+++ b/trusted/crypto/sys/src/lib.rs
@@ -1,6 +1,7 @@
 // Copyright (c) 2022 The MobileCoin Foundation
 //! FFI functions for the SGX SDK trusted crypto library (tcrypto).
 
+#![cfg_attr(not(test), no_std)]
 #![feature(core_ffi_c, c_size_t)]
 #![allow(non_upper_case_globals, non_camel_case_types, non_snake_case)]
 
diff --git a/trusted/crypto/sys/types/src/lib.rs b/trusted/crypto/sys/types/src/lib.rs
index fcc7230e..0d6f1f9e 100644
--- a/trusted/crypto/sys/types/src/lib.rs
+++ b/trusted/crypto/sys/types/src/lib.rs
@@ -1,6 +1,7 @@
 // Copyright (c) 2022 The MobileCoin Foundation
 //! Rust FFI types for the SGX SDK trusted crypto library (tcrypto).
 
+#![no_std]
 #![feature(core_ffi_c)]
 #![allow(non_camel_case_types, non_snake_case, non_upper_case_globals)]