Merge pull request #13 from AliyunContainerService/samples

Add samples: hello_world

.spelling

@@ -5,6 +5,7 @@
 # where filename is relative to this configuration file
 sgx-device-plugin
 Kubernetes
+kubernetes
 Alibaba
 ACK-TEE
 sgx-enabled
@@ -21,3 +22,4 @@ sgx-device-plugin-enable-aesm-socket-attach
 e.g.
 yml
 yaml
+hello_world

samples/hello_world/Dockerfile

@@ -0,0 +1,7 @@
+FROM alibabatee/centos_sgx:7
+
+COPY src/hello_world src/enclave.signed.so /app/
+
+WORKDIR /app
+
+ENTRYPOINT ["/app/hello_world"]

samples/hello_world/Makefile

@@ -0,0 +1,20 @@
+TARGET_IMAGE ?= hello_world
+
+.PHONY: clean
+clean:
+	@echo "PHASE: Cleaning ..."
+	cd src/ && make clean
+
+.PHONY: build
+build:
+	@echo "PHASE: Building hello_world ..."
+	cd src/ && make clean && make
+
+.PHONY: image
+image: build
+	@echo "PHASE: Building image $(TARGET_IMAGE) ..."
+	docker build -t $(TARGET_IMAGE) .
+
+.PHONY:
+lint:
+

samples/hello_world/README.md

@@ -0,0 +1,67 @@
+# hello_world
+
+`hello_world` is a sample application which demonstrates how to develop and run a SGX application inside docker or 
+kubernetes(ACK-TEE), printing messages periodically.
+
+## Build image
+This step will build application and then pack it into an image.
+```bash
+cd sgx-device-plugin/samples/hello_world
+TARGET_IMAGE=sgx_hello_world make image
+```
+
+## Run it in docker
+
+```bash
+docker run -d --name=my_sgx_hello_world --dievice=/dev/isgx -v /var/run/aesmd/aesm.socket:/var/run/aesmd/aesm.socket sgx_hello_world
+docker logs -f my_sgx_hello_world
+```
+
+
+## Run it in Kubernetes(ACK-TEE)
+
+```bash
+cat <<EOF | kubectl --kubeconfig kubeconfig create -f -
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: helloworld
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: helloworld
+  template:
+    metadata:
+      labels:
+        app: helloworld
+    spec:
+      containers:
+      - command:
+        - /app/hello_world
+        image: {{TARGET_IMAGE}}
+        imagePullPolicy: Always
+        name: helloworld
+        resources:
+          limits:
+            cpu: 250m
+            memory: 512Mi
+            alibabacloud.com/sgx_epc_MiB: 2
+        volumeMounts:
+        - mountPath: /var/run/aesmd/aesm.socket
+          name: aesmsocket
+      volumes:
+      - hostPath:
+          path: /var/run/aesmd/aesm.socket
+          type: Socket
+        name: aesmsocket
+EOF
+```
+
+## Clean
+
+```bash
+cd sgx-device-plugin/samples/hello_world
+make clean
+```

samples/hello_world/src/App/App.cpp

@@ -0,0 +1,81 @@
+#include <stdio.h>
+#include <string.h>
+#include <assert.h>
+
+#include <time.h>
+#include <ctime>
+
+# include <unistd.h>
+# include <pwd.h>
+# define MAX_PATH FILENAME_MAX
+
+#include "sgx_urts.h"
+#include "App.h"
+#include "Enclave_u.h"
+
+/* Global EID shared by multiple threads */
+sgx_enclave_id_t global_eid = 0;
+
+int initialize_enclave(void)
+{
+    sgx_status_t ret = SGX_ERROR_UNEXPECTED;
+
+    char enclavefile[256];
+    getcwd(enclavefile, sizeof(enclavefile));
+    strcat(enclavefile, "/enclave.signed.so");
+
+    /* Call sgx_create_enclave to initialize an enclave instance */
+    /* Debug Support: set 2nd parameter to 1 */
+    ret = sgx_create_enclave(enclavefile, SGX_DEBUG_FLAG, NULL, NULL, &global_eid, NULL);
+    if (ret != SGX_SUCCESS) {
+        printf("Failed to create enclave, ret code: %d, enclave file: %s\n", ret, enclavefile);
+        return -1;
+    }
+
+    return 0;
+}
+
+tm* get_time() {
+    time_t rawtime;
+    struct tm * timeinfo;
+    time ( &rawtime );
+    timeinfo = localtime ( &rawtime );
+    return timeinfo;
+}
+
+/* Application entry */
+int SGX_CDECL main(int argc, char *argv[])
+{
+    (void)(argc);
+    (void)(argv);
+
+    const size_t max_buf_len = 100;
+    char buffer[max_buf_len] = {0};
+
+
+    /* Initialize the enclave */
+    if(initialize_enclave() < 0){
+        printf("Enter a character before exit ...\n");
+        getchar();
+        return -1;
+    }
+
+    /* Enclave calls */
+    while(1) {
+        ecall_hello_from_enclave(global_eid, buffer, max_buf_len);
+
+        printf("%s%s\n", asctime(get_time()), buffer);
+        fflush(stdout);
+
+        sleep(1);
+    }
+
+    /* Destroy the enclave */
+    sgx_destroy_enclave(global_eid);
+
+    printf("Info: SampleEnclave successfully returned.\n");
+
+    printf("Enter a character before exit ...\n");
+    getchar();
+    return 0;
+}

samples/hello_world/src/App/App.h

@@ -0,0 +1,34 @@
+#ifndef _APP_H_
+#define _APP_H_
+
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+
+#include "sgx_error.h"       /* sgx_status_t */
+#include "sgx_eid.h"     /* sgx_enclave_id_t */
+
+#ifndef TRUE
+# define TRUE 1
+#endif
+
+#ifndef FALSE
+# define FALSE 0
+#endif
+
+# define TOKEN_FILENAME   "enclave.token"
+# define ENCLAVE_FILENAME "/app/enclave.signed.so"
+
+extern sgx_enclave_id_t global_eid;    /* global enclave id */
+
+#if defined(__cplusplus)
+extern "C" {
+#endif
+
+
+#if defined(__cplusplus)
+}
+#endif
+
+#endif /* !_APP_H_ */

samples/hello_world/src/Enclave/Enclave.config.xml

@@ -0,0 +1,12 @@
+<EnclaveConfiguration>
+  <ProdID>0</ProdID>
+  <ISVSVN>0</ISVSVN>
+  <StackMaxSize>0x40000</StackMaxSize>
+  <HeapMaxSize>0x100000</HeapMaxSize>
+  <TCSNum>10</TCSNum>
+  <TCSPolicy>1</TCSPolicy>
+  <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->
+  <DisableDebug>0</DisableDebug>
+  <MiscSelect>0</MiscSelect>
+  <MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

samples/hello_world/src/Enclave/Enclave.cpp

@@ -0,0 +1,18 @@
+#include "Enclave.h"
+#include "Enclave_t.h" /* print_string */
+#include <string.h>
+
+void ecall_hello_from_enclave(char *buf, size_t len)
+{
+    const char *hello = "Hello world From SGX Enclave!";
+
+    size_t size = len;
+    if(strlen(hello) < len)
+    {
+        size = strlen(hello) + 1;
+    }
+
+    memcpy(buf, hello, size - 1);
+    buf[size-1] = '\0';
+}
+

samples/hello_world/src/Enclave/Enclave.edl

@@ -0,0 +1,7 @@
+enclave {
+
+    trusted {
+        public void ecall_hello_from_enclave([out, size=len] char* buf, size_t len);
+    };
+
+};

samples/hello_world/src/Enclave/Enclave.h

@@ -0,0 +1,3 @@
+#ifndef _ENCLAVE_H_
+#define _ENCLAVE_H_
+#endif

samples/hello_world/src/Enclave/Enclave.lds

@@ -0,0 +1,10 @@
+enclave.so
+{
+    global:
+        g_global_data_sim;
+        g_global_data;
+        enclave_entry;
+        g_peak_heap_used;
+    local:
+        *;
+};

samples/hello_world/src/Enclave/Enclave_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ
+AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ
+ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr
+nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b
+3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H
+ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD
+5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW
+KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC
+1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe
+K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z
+AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q
+ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6
+JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826
+5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02
+wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9
+osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm
+WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i
+Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9
+xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd
+vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD
+Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a
+cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC
+0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ
+gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo
+gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t
+k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz
+Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6
+O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5
+afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom
+e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G
+BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv
+fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN
+t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9
+yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp
+6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg
+WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH
+NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk=
+-----END RSA PRIVATE KEY-----