working enclave example

Cargo.toml

@@ -15,7 +15,21 @@ rand_core = "0.6.3"
 rand_hc = "0.3.1"
 mc-fog-ocall-oram-storage-trusted = { path = "mobilecoin/fog/ocall_oram_storage/trusted" }
 mc-fog-ocall-oram-storage-untrusted = { path = "mobilecoin/fog/ocall_oram_storage/untrusted" }
+mc-fog-ledger-enclave = { path = "ledgerenclave" }
+mc-fog-ledger-enclave-impl = { path = "ledgerenclave/impl" }
+mc-fog-ledger-enclave-api = { path = "ledgerenclave/api" }
+mc-transaction-core = { path = "mobilecoin/transaction/core" }
+mc-common = { path = "mobilecoin/common", features = ["log", "loggers"]}
 
 [patch.crates-io]
 schnorrkel-og = { git = "https://github.com/mobilecoinfoundation/schnorrkel.git", rev = "9b48418556b0af476be2313309bc5a23fb8b351d" }
-ed25519-dalek = { git = "https://github.com/mobilecoinfoundation/ed25519-dalek.git", rev = "78bdc2a0b0af852cb4e47a0ca9be74bdf77c57b6" }
+ed25519-dalek = { git = "https://github.com/mobilecoinfoundation/ed25519-dalek.git", rev = "78bdc2a0b0af852cb4e47a0ca9be74bdf77c57b6" }
+
+bulletproofs-og = { git = "https://github.com/mobilecoinfoundation/bulletproofs.git", rev = "675330c754f28876dbf94fc303fe73666cf8f8f4" }
+
+mbedtls = { git = "https://github.com/mobilecoinofficial/rust-mbedtls.git", rev = "ce4cf3e4814e92734434c7deaa59d649d43f442d" }
+mbedtls-sys-auto = { git = "https://github.com/mobilecoinofficial/rust-mbedtls.git", rev = "ce4cf3e4814e92734434c7deaa59d649d43f442d" }
+
+cmake = { git = "https://github.com/alexcrichton/cmake-rs", rev = "5f89f90ee5d7789832963bffdb2dcb5939e6199c" }
+
+packed_simd_2 = { git = "https://github.com/rust-lang/packed_simd.git", rev = "f60e900f4ceb71303baa37ff8b41ee7d490c01bf" }

Dockerfile

@@ -1,8 +1,20 @@
 FROM baiduxlab/sgx-rust
 
-ENV rust_toolchain=nightly-2021-09-27
+ENV SDK_URL=https://download.01.org/intel-sgx/sgx-linux/2.15/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.15.100.3.bin
+
+RUN bash /root/03_sdk.sh
+
+ENV rust_toolchain=nightly-2021-08-01
 
 RUN bash /root/05_rust.sh
 
+RUN apt-get update && \
+  apt-get install -y clang \
+  libclang-dev
+
+#this is necessary to get mobilecoin to compile
+RUN ln -s /opt/sgxsdk /opt/intel/sgxsdk
+
 WORKDIR /usr/src/oram
 
+#SGX_MODE=SW IAS_MODE=DEV cargo run

ledgerenclave/Cargo.toml

@@ -0,0 +1,36 @@
+[package]
+name = "mc-fog-ledger-enclave"
+version = "1.2.0-pre0"
+authors = ["MobileCoin"]
+edition = "2018"
+license = "GPL-3.0"
+
+[dependencies]
+# mobilecoin
+mc-attest-core = { path = "../mobilecoin/attest/core" }
+mc-attest-enclave-api = { path = "../mobilecoin/attest/enclave-api" }
+mc-common = { path = "../mobilecoin/common" }
+mc-crypto-keys = { path = "../mobilecoin/crypto/keys" }
+mc-enclave-boundary = { path = "../mobilecoin/enclave-boundary" }
+mc-sgx-debug-edl = { path = "../mobilecoin/sgx/debug-edl" }
+mc-sgx-panic-edl = { path = "../mobilecoin/sgx/panic-edl" }
+mc-sgx-report-cache-api = { path = "../mobilecoin/sgx/report-cache/api" }
+mc-sgx-slog-edl = { path = "../mobilecoin/sgx/slog-edl" }
+mc-sgx-types = { path = "../mobilecoin/sgx/types" }
+mc-sgx-urts = { path = "../mobilecoin/sgx/urts" }
+mc-util-serial = { path = "../mobilecoin/util/serial" }
+
+# fog
+mc-fog-types = { path = "../mobilecoin/fog/types" }
+mc-fog-ledger-enclave-api = { path = "./api" }
+mc-fog-ledger-enclave-edl = { path = "./edl" }
+mc-fog-ledger-enclave-measurement = { path = "./measurement" }
+mc-fog-ocall-oram-storage-edl = { path = "../mobilecoin/fog/ocall_oram_storage/edl" }
+mc-fog-ocall-oram-storage-untrusted = { path = "../mobilecoin/fog/ocall_oram_storage/untrusted" }
+
+[build-dependencies]
+mc-util-build-sgx = { path = "../mobilecoin/util/build/sgx" }
+mc-util-build-script = { path = "../mobilecoin/util/build/script" }
+
+cargo-emit = "0.2.1"
+pkg-config = "0.3"

ledgerenclave/README.md

@@ -0,0 +1,21 @@
+# Enclave Interface Definition for the MobileCoin Ledger Node
+
+This crate defines the interface of the SGX enclave used by a ledger node. This interface is comprised of ECALLs that help the ledger node to securely communicate with clients, to securely (and eventually obliviously) gather mixins and check whether key images have been spent.
+
+
+This crate contains several files for configuring and building an enclave:
+
+- `Enclave.edl` - Defines the ECALLs and OCALLs of the enclave interface.
+- `Enclave.lds` - A custom linker script, used to hide unnecessary symbols.
+- `Enclave.config.xml` - Config file, e.g. maximum number of threads inside the enclave, max heap size, etc.
+
+During the build process, the Edger8r tool generates several C wrapper files from `Enclave.edl`:
+
+- `Enclave_t.h` - Prototype declarations for trusted proxies and bridges.
+- `Enclave_t.c` - Function definitions for trusted proxies and bridges.
+- `Enclave_u.h` - Prototype declarations for untrusted proxies and bridges.
+- `Enclave_u.c` - Function definitions for untrusted proxies and bridges.
+
+# References
+
+- [Enclave Definition Language (EDL) syntax](https://download.01.org/intel-sgx/linux-2.5/docs/Intel_SGX_Developer_Reference_Linux_2.5_Open_Source.pdf#page=39)

ledgerenclave/api/Cargo.toml

@@ -0,0 +1,28 @@
+[package]
+name = "mc-fog-ledger-enclave-api"
+version = "1.2.0-pre0"
+authors = ["MobileCoin"]
+edition = "2018"
+description = """
+The ECALL API declarations and API for operating a ledger enclave.
+"""
+license = "GPL-3.0"
+
+[dependencies]
+# mobilecoin
+mc-attest-core = { path = "../../mobilecoin/attest/core", default-features = false }
+mc-attest-enclave-api = { path = "../../mobilecoin/attest/enclave-api", default-features = false }
+mc-common = { path = "../../mobilecoin/common", default-features = false }
+mc-crypto-keys = { path = "../../mobilecoin/crypto/keys", default-features = false }
+mc-sgx-compat = { path = "../../mobilecoin/sgx/compat" }
+mc-sgx-report-cache-api = { path = "../../mobilecoin/sgx/report-cache/api" }
+mc-transaction-core = { path = "../../mobilecoin/transaction/core" }
+mc-util-encodings = { path = "../../mobilecoin/util/encodings" }
+mc-util-serial = { path = "../../mobilecoin/util/serial", default-features = false }
+
+# fog
+mc-fog-types = { path = "../../mobilecoin/fog/types" }
+
+# third-party
+displaydoc = { version = "0.2", default-features = false }
+serde = { version = "1.0", default-features = false, features = ["alloc", "derive"] }