Add rust bindings for SGX crypto library

.github/workflows/trusted.yaml

@@ -28,6 +28,16 @@ jobs:
       - name: Setup rust toolchain
         run: rustup show
       - run: cargo build --release 
-  # No tests for now.  
-  # `cargo test` needs std, panic is no_std
-  # Also trts needs built with the custom target triple to link 
+  # Only test crypto for now.  
+  # - panic is no_std, `cargo test` needs std
+  # - trts needs built with the custom target triple to link
+  test:
+    runs-on: [self-hosted, Linux, large]
+    container: mobilecoin/rust-sgx-base:latest
+    steps:
+      - uses: actions/checkout@v3
+      # actions-rs/toolchain does not support the newer toml file format
+      # see https://github.com/actions-rs/toolchain/issues/126
+      - name: Setup rust toolchain
+        run: rustup show
+      - run: cargo test --release -p mc-sgx-crypto-sys

trusted/Cargo.toml

@@ -1,8 +1,10 @@
 [workspace]
 resolver = "2"
 members = [
-    "trts/sys",
+    "crypto/sys/types",
+    "crypto/sys",
     "panic/abort",
+    "trts/sys",
 ]
 
 [profile.dev]
@@ -20,4 +22,3 @@ overflow-checks = false
 # Skip the need for LD_LIBRARY_PATH in `cargo test`
 [profile.test]
 rpath = true
-

trusted/crypto/sys/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "mc-sgx-crypto-sys"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+mc-sgx-core-sys-types = { path = "../../../core/sys/types" }
+mc-sgx-crypto-sys-types = { path = "types" }
+
+[dev-dependencies]
+sha2 = "0.10.2"
+
+[build-dependencies]
+bindgen = "0.60.1"
+cargo-emit = "0.2.1"
+mc-sgx-core-build = { path = "../../../core/build" }

trusted/crypto/sys/build.rs

@@ -0,0 +1,34 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Builds the FFI function bindings for trts (trusted runtime system) of the
+//! Intel SGX SDK
+
+use bindgen::Builder;
+use cargo_emit::{rustc_link_lib, rustc_link_search};
+
+fn main() {
+    let sgx_library_path = mc_sgx_core_build::sgx_library_path();
+    rustc_link_lib!("sgx_tcrypto");
+    rustc_link_search!(&format!("{}/lib64", sgx_library_path));
+
+    let bindings = Builder::default()
+        .header_contents("crypto.h", "#include <sgx_tcrypto.h>")
+        .clang_arg(&format!("-I{}/include", sgx_library_path))
+        .blocklist_type("*")
+        .allowlist_function("sgx_sha.*")
+        .allowlist_function("sgx_rijndael.*")
+        .allowlist_function("sgx_cmac.*")
+        .allowlist_function("sgx_hmac.*")
+        .allowlist_function("sgx_aes.*")
+        .allowlist_function("sgx_ecc.*")
+        .allowlist_function("sgx_.*ecdsa.*")
+        .allowlist_function("sgx_.*rsa.*")
+        .parse_callbacks(Box::new(bindgen::CargoCallbacks))
+        .ctypes_prefix("core::ffi")
+        .generate()
+        .expect("Unable to generate bindings");
+
+    let out_path = mc_sgx_core_build::build_output_path();
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .expect("Couldn't write bindings!");
+}

trusted/crypto/sys/src/lib.rs

@@ -0,0 +1,59 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! FFI functions for the SGX SDK trusted crypto library (tcrypto).
+
+#![cfg_attr(not(test), no_std)]
+#![feature(core_ffi_c, c_size_t)]
+#![allow(non_upper_case_globals, non_camel_case_types, non_snake_case)]
+
+pub use core::ffi::c_size_t as size_t;
+pub use mc_sgx_core_sys_types::sgx_status_t;
+
+pub use mc_sgx_crypto_sys_types::{
+    sgx_aes_ctr_128bit_key_t, sgx_aes_gcm_128bit_key_t, sgx_aes_gcm_128bit_tag_t,
+    sgx_aes_state_handle_t, sgx_cmac_128bit_key_t, sgx_cmac_128bit_tag_t, sgx_cmac_state_handle_t,
+    sgx_ec256_dh_shared_t, sgx_ec256_private_t, sgx_ec256_public_t, sgx_ec256_signature_t,
+    sgx_ecc_state_handle_t, sgx_hmac_state_handle_t, sgx_rsa3072_key_t, sgx_rsa3072_public_key_t,
+    sgx_rsa3072_signature_t, sgx_rsa_key_type_t, sgx_rsa_result_t, sgx_sha1_hash_t,
+    sgx_sha256_hash_t, sgx_sha384_hash_t, sgx_sha_state_handle_t,
+};
+
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use sha2::{Digest, Sha256};
+    use std::convert::TryInto;
+
+    #[test]
+    fn run_sha256_1337() {
+        let bytes: [u8; 4] = [1, 3, 3, 7];
+        let mut hash: sgx_sha256_hash_t = Default::default();
+        let result =
+            unsafe { sgx_sha256_msg(bytes.as_ptr(), bytes.len().try_into().unwrap(), &mut hash) };
+        assert_eq!(result, sgx_status_t::SGX_SUCCESS);
+
+        let expected = {
+            let mut hasher = Sha256::new();
+            hasher.update(&bytes);
+            hasher.finalize()
+        };
+        assert_eq!(hash, expected[..]);
+    }
+
+    #[test]
+    fn run_sha256_42() {
+        let bytes: [u8; 2] = [4, 2];
+        let mut hash: sgx_sha256_hash_t = Default::default();
+        let result =
+            unsafe { sgx_sha256_msg(bytes.as_ptr(), bytes.len().try_into().unwrap(), &mut hash) };
+        assert_eq!(result, sgx_status_t::SGX_SUCCESS);
+
+        let expected = {
+            let mut hasher = Sha256::new();
+            hasher.update(&bytes);
+            hasher.finalize()
+        };
+        assert_eq!(hash, expected[..]);
+    }
+}

trusted/crypto/sys/types/Cargo.toml

@@ -0,0 +1,8 @@
+[package]
+name = "mc-sgx-crypto-sys-types"
+version = "0.1.0"
+edition = "2021"
+
+[build-dependencies]
+bindgen = "0.60.1"
+mc-sgx-core-build = { path = "../../../../core/build" }

trusted/crypto/sys/types/build.rs

@@ -0,0 +1,49 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Builds the FFI type bindings for the crypto functions, (aes, rsa, etc.),
+//! of the Intel SGX SDK
+
+use bindgen::{callbacks::ParseCallbacks, Builder};
+
+#[derive(Debug)]
+struct Callbacks;
+
+impl ParseCallbacks for Callbacks {
+    fn item_name(&self, name: &str) -> Option<String> {
+        if name.starts_with("_sgx") {
+            Some(name[1..].to_owned())
+        } else {
+            None
+        }
+    }
+}
+
+fn main() {
+    let sgx_library_path = mc_sgx_core_build::sgx_library_path();
+    let bindings = Builder::default()
+        .header_contents("crypto_types.h", "#include <sgx_tcrypto.h>")
+        .clang_arg(&format!("-I{}/include", sgx_library_path))
+        .blocklist_function("*")
+        .newtype_enum("sgx_generic_ecresult_t")
+        .newtype_enum("sgx_rsa_result_t")
+        .newtype_enum("sgx_rsa_key_type_t")
+        .allowlist_type("_sgx_ec256_.*")
+        .allowlist_type("_sgx_rsa3072_.*")
+        .allowlist_type("sgx_rsa3072_signature_t")
+        .allowlist_type("sgx_rsa_result_t")
+        .allowlist_type("sgx_rsa_key_type_t")
+        .allowlist_type("sgx_sha.*")
+        .allowlist_type("sgx_cmac_.*")
+        .allowlist_type("sgx_hmac_.*")
+        .allowlist_type("sgx_aes_.*")
+        .allowlist_type("sgx_ecc_.*")
+        .allowlist_type("sgx_generic_ecresult_t")
+        .parse_callbacks(Box::new(Callbacks))
+        .ctypes_prefix("core::ffi")
+        .generate()
+        .expect("Unable to generate bindings");
+
+    let out_path = mc_sgx_core_build::build_output_path();
+    bindings
+        .write_to_file(out_path.join("bindings.rs"))
+        .expect("Couldn't write bindings!");
+}

trusted/crypto/sys/types/src/lib.rs

@@ -0,0 +1,8 @@
+// Copyright (c) 2022 The MobileCoin Foundation
+//! Rust FFI types for the SGX SDK trusted crypto library (tcrypto).
+
+#![no_std]
+#![feature(core_ffi_c)]
+#![allow(non_camel_case_types, non_snake_case, non_upper_case_globals)]
+
+include!(concat!(env!("OUT_DIR"), "/bindings.rs"));