Update code to v1.0.14 (10)

2026-05-21 00:45:49 +08:00 · 2024-02-29 19:35:00 +08:00
parent c2ee3b694c
commit a956d26f6d
3188 changed files with 2317293 additions and 146 deletions
--- a/android/extern/wolfssl/IDE/LINUX-SGX/README.md
+++ b/android/extern/wolfssl/IDE/LINUX-SGX/README.md
@@ -0,0 +1,37 @@
+# Static Library: Building libwolfssl.sgx.static.lib.a for use with SGX Enclaves
+
+### Requirements:
+This code was created to use Intel's SGX hardware. It is expected that the user has gone through the steps of both turning on the hardware in bios if needed and has installed the necessary software from Intel to make use of the hardware. (https://software.intel.com/en-us/sgx) If these steps have not been done then it is expected that the user is familiar with simulation software being used in place of hardware.
+
+### Security:
+If not already in use, it is recommended that SP (single precision) RSA and ECC code is used. This will help mitigate potential side channel attacks. To use SP code check that wolfcrypt/src/sp_c32.c and wolfcrypt/src/sp_c64.c are compiled and add HAVE_WOLFSSL_SP=1 to the build command to define the necessary macros.
+
+### Overview and Build:
+This project creates a static library to then link with Enclaves. A simple example of an Enclave linking to the created wolfSSL library can be found in wolfssl-examples on github. This project has been tested with gcc 5.4.0 on Ubuntu 16.04.
+When building with tests the file wolfssl/options.h is expected, in downloaded bundles from wolfssl.com this file exists but when building from a cloned version of wolfSSL from GitHub then the file needs created. This is done either through cd wolfssl && ./autogen.sh && ./configure && ./config.status or by cd wolfssl && touch wolfssl/options.h.
+
+To create the static library, simply call make:
+
+`make -f sgx_t_static.mk all`
+
+To clean the static library and compiled objects use the provided clean script:
+
+`clean.sh`
+
+This will create a local static library, libwolfssl.sgx.static.lib.a, that can be linked with SGX enclaves to access wolfSSL APIs using SGX hardware.
+
+### Customization:
+    To enable wolfssl debug, add CFLAGS=-DDEBUG_WOLFSSL.
+    To enable wolfssl benchmark tests with enclave, specify: HAVE_WOLFSSL_BENCHMARK at build
+    To enable wolfcrypt testsuite with enclave, specify: HAVE_WOLFSSL_TEST at build
+    To enable SP code, specify: HAVE_WOLFSSL_SP at build
+
+For example:
+`make -f sgx_t_static.mk CFLAGS=-DDEBUG_WOLFSSL HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1`
+
+NOTE: This more customized step has been provided for easier execution in the
+      script `build.sh`
+
+### Limitations:
+    Single Threaded (multiple threaded applications have not been tested)
+    AES-NI use with SGX has not been added in yet
--- a/android/extern/wolfssl/IDE/LINUX-SGX/build.sh
+++ b/android/extern/wolfssl/IDE/LINUX-SGX/build.sh
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+
+CFLAGS_NEW="-DDEBUG_WOLFSSL"
+export CFLAGS="${CFLAGS} ${CFLAGS_NEW}"
+echo ${CFLAGS}
+
+make -f sgx_t_static.mk HAVE_WOLFSSL_BENCHMARK=1 HAVE_WOLFSSL_TEST=1 HAVE_WOLFSSL_SP=1
+
--- a/android/extern/wolfssl/IDE/LINUX-SGX/clean.sh
+++ b/android/extern/wolfssl/IDE/LINUX-SGX/clean.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+make -f sgx_t_static.mk clean
--- a/android/extern/wolfssl/IDE/LINUX-SGX/include.am
+++ b/android/extern/wolfssl/IDE/LINUX-SGX/include.am
@@ -0,0 +1,8 @@
+# vim:ft=automake
+# included from Top Level Makefile.am
+# All paths should be given relative to the root
+
+EXTRA_DIST+= IDE/LINUX-SGX/README.md
+EXTRA_DIST+= IDE/LINUX-SGX/sgx_t_static.mk
+EXTRA_DIST+= IDE/LINUX-SGX/build.sh
+EXTRA_DIST+= IDE/LINUX-SGX/clean.sh
--- a/android/extern/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk
+++ b/android/extern/wolfssl/IDE/LINUX-SGX/sgx_t_static.mk
@@ -0,0 +1,152 @@
+######## Intel(R) SGX SDK Settings ########
+SGX_SDK ?= /opt/intel/sgxsdk
+SGX_MODE ?= SIM
+SGX_ARCH ?= x64
+WOLFSSL_ROOT ?= $(shell readlink -f ../..)
+
+ifeq ($(shell getconf LONG_BIT), 32)
+	SGX_ARCH := x86
+else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32)
+	SGX_ARCH := x86
+endif
+
+ifeq ($(SGX_ARCH), x86)
+	SGX_COMMON_CFLAGS := -m32
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r
+else
+	SGX_COMMON_CFLAGS := -m64
+	SGX_LIBRARY_PATH := $(SGX_SDK)/lib64
+	SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign
+	SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+ifeq ($(SGX_PRERELEASE), 1)
+$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!)
+endif
+endif
+
+ifeq ($(SGX_DEBUG), 1)
+        SGX_COMMON_CFLAGS += -O0 -g
+else
+        SGX_COMMON_CFLAGS += -O2
+endif
+
+ifneq ($(SGX_MODE), HW)
+	Trts_Library_Name := sgx_trts_sim
+	Service_Library_Name := sgx_tservice_sim
+else
+	Trts_Library_Name := sgx_trts
+	Service_Library_Name := sgx_tservice
+endif
+
+Crypto_Library_Name := sgx_tcrypto
+
+Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX
+
+Wolfssl_C_Files :=$(WOLFSSL_ROOT)/wolfcrypt/src/aes.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/arc4.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/asn.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/blake2b.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/camellia.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/coding.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/chacha20_poly1305.c\
+					$(WOLFSSL_ROOT)/src/crl.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/des3.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/dh.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/tfm.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/ecc.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/error.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/hash.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/kdf.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/hmac.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/integer.c\
+					$(WOLFSSL_ROOT)/src/internal.c\
+					$(WOLFSSL_ROOT)/src/wolfio.c\
+					$(WOLFSSL_ROOT)/src/keys.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/logging.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/md4.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/md5.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/memory.c\
+					$(WOLFSSL_ROOT)/src/ocsp.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs7.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pkcs12.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/poly1305.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_port.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfmath.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/pwdbased.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/random.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/ripemd.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/rsa.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/dsa.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha256.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sha512.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/signature.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c32.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/sp_c64.c\
+					$(WOLFSSL_ROOT)/src/ssl.c\
+					$(WOLFSSL_ROOT)/src/tls.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wc_encrypt.c\
+					$(WOLFSSL_ROOT)/wolfcrypt/src/wolfevent.c\
+
+Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \
+						 -I$(WOLFSSL_ROOT)/wolfcrypt/ \
+						 -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport
+
+ifeq ($(HAVE_WOLFSSL_TEST), 1)
+	Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/test
+	Wolfssl_C_Files += $(WOLFSSL_ROOT)/wolfcrypt/test/test.c
+endif
+
+ifeq ($(HAVE_WOLFSSL_BENCHMARK), 1)
+	Wolfssl_C_Files += $(WOLFSSL_ROOT)/wolfcrypt/benchmark/benchmark.c
+	Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/
+endif
+
+ifeq ($(HAVE_WOLFSSL_SP), 1)
+    Wolfssl_C_Extra_Flags += -DWOLFSSL_HAVE_SP_RSA \
+                             -DWOLFSSL_HAVE_SP_DH  \
+                             -DWOLFSSL_HAVE_SP_ECC
+endif
+
+
+Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11
+Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Include_Paths) -fno-builtin-printf -I.
+Wolfssl_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags)
+
+Wolfssl_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--defsym,__ImageBase=0 \
+	-Wl,--version-script=trusted/wolfcrypt.lds
+
+Wolfssl_C_Objects := $(Wolfssl_C_Files:.c=.o)
+
+ifeq ($(SGX_MODE), HW)
+ifneq ($(SGX_DEBUG), 1)
+ifneq ($(SGX_PRERELEASE), 1)
+Build_Mode = HW_RELEASE
+endif
+endif
+endif
+
+override CFLAGS += $(Wolfssl_C_Flags)
+
+.PHONY: all run
+
+all: libwolfssl.sgx.static.lib.a
+
+######## WolfSSL Objects ########
+
+libwolfssl.sgx.static.lib.a: $(Wolfssl_C_Objects)
+	ar rcs libwolfssl.sgx.static.lib.a $(Wolfssl_C_Objects)
+	@echo "LINK =>  $@"
+
+clean:
+	@rm -f $(WOLFSSL_ROOT)/wolfcrypt/benchmark/*.o $(WOLFSSL_ROOT)/wolfcrypt/test/*.o static_trusted/wolfssl_t.* libwolfssl.sgx.static.lib.a  $(Wolfssl_C_Objects)