Added command in oesign to dump oeinfo and signature information #564

openenclave · Nov 22, 2018 · 68f4ee0 · 68f4ee0
1 parent 15dd1d9
commit 68f4ee0
Show file tree

Hide file tree

Showing 13 changed files with 516 additions and 33 deletions.
diff --git a/cmake/add_enclave_executable.cmake b/cmake/add_enclave_executable.cmake
@@ -28,7 +28,7 @@ function(add_enclave_executable BIN SIGNCONF)
 
 	# custom rule to sign the binary
 	add_custom_command(OUTPUT ${BIN}.signed.so
-		COMMAND oesign $<TARGET_FILE:${BIN}> ${SIGNCONF} ${CMAKE_CURRENT_BINARY_DIR}/${BIN}-private.pem
+		COMMAND oesign "sign" $<TARGET_FILE:${BIN}> ${SIGNCONF} ${CMAKE_CURRENT_BINARY_DIR}/${BIN}-private.pem
 		DEPENDS oesign ${BIN} ${SIGNCONF} ${BIN}-private.pem
 		WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}
 		)

diff --git a/samples/data-sealing/enc1/Makefile b/samples/data-sealing/enc1/Makefile
@@ -33,7 +33,7 @@ build:
 	$(CXX) -o enclave_a_v1.so ecalls.o dispatcher.o keys.o datasealing_t.o $(LDFLAGS)
 
 sign:
-	oesign enclave_a_v1.so data-sealing.conf private.pem
+	oesign sign enclave_a_v1.so data-sealing.conf private.pem
 
 clean:
 	rm -f *.so *.o *.pem ../common/datasealing_t.* ../common/datasealing_args.h

diff --git a/samples/data-sealing/enc2/Makefile b/samples/data-sealing/enc2/Makefile
@@ -32,7 +32,7 @@ build:
 	$(CXX) -o enclave_a_v2.so ecalls.o dispatcher.o keys.o datasealing_t.o $(LDFLAGS)
 
 sign:
-	oesign enclave_a_v2.so data-sealing.conf private.pem
+	oesign sign enclave_a_v2.so data-sealing.conf private.pem
 
 clean:
 	rm -f *.so *.o *.pem
diff --git a/samples/data-sealing/enc3/Makefile b/samples/data-sealing/enc3/Makefile
@@ -32,7 +32,7 @@ build:
 	$(CXX) -o enclave_b.so ecalls.o dispatcher.o keys.o datasealing_t.o $(LDFLAGS)	
 
 sign:
-	oesign enclave_b.so data-sealing.conf private.pem
+	oesign sign enclave_b.so data-sealing.conf private.pem
 
 clean:
 	rm -f *.so *.o *.pem 

diff --git a/samples/file-encryptor/enc/Makefile b/samples/file-encryptor/enc/Makefile
@@ -33,7 +33,7 @@ build:
 	$(CXX) -o file-encryptorenc.so ecalls.o encryptor.o keys.o fileencryptor_t.o $(LDFLAGS)
 
 sign:
-	oesign file-encryptorenc.so file-encryptor.conf private.pem
+	oesign sign file-encryptorenc.so file-encryptor.conf private.pem
 
 clean:
 	rm -f *.so *.o fileencryptor_t.* fileencryptor_args.h private.pem public.pem

diff --git a/samples/helloworld/enc/Makefile b/samples/helloworld/enc/Makefile
@@ -30,7 +30,7 @@ build:
 	$(CC) -o helloworldenc.so helloworld_t.o enc.o $(LDFLAGS)
 
 sign:
-	oesign helloworldenc.so helloworld.conf private.pem
+	oesign sign helloworldenc.so helloworld.conf private.pem
 
 clean:
 	rm -f enc.o helloworldenc.so helloworldenc.signed.so private.pem public.pem helloworld_t.o helloworld_t.h helloworld_t.c helloworld_args.h

diff --git a/samples/local_attestation/enc1/Makefile b/samples/local_attestation/enc1/Makefile
@@ -52,7 +52,7 @@ build:
 	$(CXX) -o enclave1.so attestation.o crypto.o ecalls.o dispatcher.o localattestation_t.o $(LDFLAGS)
 
 sign:
-	oesign enclave1.so enc.conf private.pem
+	oesign sign enclave1.so enc.conf private.pem
 
 clean:
 	rm -f *.o *.so ../common/localattestation_t.* ../common/localattestation_args.h *.pem enc2_pubkey.h
diff --git a/samples/local_attestation/enc2/Makefile b/samples/local_attestation/enc2/Makefile
@@ -52,7 +52,7 @@ build:
 	$(CXX) -o enclave2.so attestation.o crypto.o ecalls.o dispatcher.o localattestation_t.o $(LDFLAGS)
 
 sign:
-	oesign enclave2.so enc.conf private.pem
+	oesign sign enclave2.so enc.conf private.pem
 
 clean:
 	rm -f *.o *.so ../common/localattestation_t.* ../common/remoteattestation_args.h *.pem enc1_pubkey.h
diff --git a/samples/remote_attestation/enc1/Makefile b/samples/remote_attestation/enc1/Makefile
@@ -52,7 +52,7 @@ build:
 	$(CXX) -o enclave1.so attestation.o crypto.o ecalls.o dispatcher.o remoteattestation_t.o $(LDFLAGS)
 
 sign:
-	oesign enclave1.so enc.conf private.pem
+	oesign sign enclave1.so enc.conf private.pem
 
 clean:
 	rm -f *.o *.so ../common/remoteattestation_t.* ../common/remoteattestation_args.h *.pem enc2_pubkey.h
diff --git a/samples/remote_attestation/enc2/Makefile b/samples/remote_attestation/enc2/Makefile
@@ -51,7 +51,7 @@ build:
 	$(CXX) -o enclave2.so attestation.o crypto.o ecalls.o dispatcher.o remoteattestation_t.o $(LDFLAGS) 
 
 sign:
-	oesign enclave2.so enc.conf private.pem
+	oesign sign enclave2.so enc.conf private.pem
 
 clean:
 	rm -f *.o *.so remoteattestation_t.* *.pem enc1_pubkey.h

diff --git a/tools/oesign/CMakeLists.txt b/tools/oesign/CMakeLists.txt
@@ -1,7 +1,7 @@
 # Copyright (c) Microsoft Corporation. All rights reserved.
 # Licensed under the MIT License.
 
-add_executable(oesign main.c)
+add_executable(oesign main.c oedump.c)
 
 target_link_libraries(oesign oehost)
 

diff --git a/tools/oesign/main.c b/tools/oesign/main.c
@@ -13,6 +13,8 @@
 #include "../host/enclave.h"
 
 static const char* arg0;
+int oedump(const char*);
+int oesign(const char*, const char*, const char*);
 
 OE_PRINTF_FORMAT(1, 2)
 void Err(const char* format, ...)
@@ -456,13 +458,23 @@ void _merge_config_file_options(
         properties->header.size_settings.num_tcs = options->num_tcs;
 }
 
-static const char _usage[] =
-    "Usage: %s EnclaveImage ConfigFile KeyFile\n"
+static const char _usage_gen[] =
+    "Usage: %s <command> [options]\n"
+    "\n"
+    "Commands:\n"
+    "    sign  -  Sign the specified enclave.\n"
+    "    dump  -  Print out the Open Enclave metadata for the specified "
+    "enclave.\n"
+    "\n"
+    "For help with a specific command, enter \"%s <command> -?\"\n";
+
+static const char _usage_sign[] =
+    "Usage: %s enclave_image sign config_file key_file\n"
     "\n"
     "Where:\n"
-    "    EnclaveImage -- path of an enclave image file\n"
-    "    ConfigFile -- configuration file containing enclave properties\n"
-    "    KeyFile -- private key file used to digitally sign the image\n"
+    "    enclave_image -- path of an enclave image file\n"
+    "    config_file -- configuration file containing enclave properties\n"
+    "    key_file -- private key file used to digitally sign the image\n"
     "\n"
     "Description:\n"
     "    This utility (1) injects runtime properties into an enclave image "
@@ -497,33 +509,28 @@ static const char _usage[] =
     "    The resulting image is written to <EnclaveImage>.signed.so.\n"
     "\n";
 
-int main(int argc, const char* argv[])
+static const char _usage_dump[] =
+    "\n"
+    "Usage: %s dump enclave_image\n"
+    "\n"
+    "Where:\n"
+    "    enclave_image -- path of an enclave image file\n"
+    "\n"
+    "Description:\n"
+    "    This option dumps the oeinfo and signature information of an "
+    "enclave\n";
+
+int oesign(const char* enclave, const char* conffile, const char* keyfile)
 {
-    arg0 = argv[0];
     int ret = 1;
     oe_result_t result;
-    const char* enclave;
-    const char* conffile;
-    const char* keyfile;
     oe_enclave_t enc;
     void* pem_data = NULL;
     size_t pem_size;
     ConfigFileOptions options = CONFIG_FILE_OPTIONS_INITIALIZER;
     oe_sgx_enclave_properties_t props;
     oe_sgx_load_context_t context;
 
-    /* Check arguments */
-    if (argc != 4)
-    {
-        fprintf(stderr, _usage, arg0);
-        exit(1);
-    }
-
-    /* Collect arguments */
-    enclave = argv[1];
-    conffile = argv[2];
-    keyfile = argv[3];
-
     /* Load the configuration file */
     if (_load_config_file(conffile, &options) != 0)
     {
@@ -628,3 +635,155 @@ int main(int argc, const char* argv[])
 
     return ret;
 }
+
+int dump_parser(const char* argv[])
+{
+    int ret = 1;
+    const char* enclave;
+
+    if (strcmp(argv[2], "-?") == 0)
+    {
+        fprintf(stderr, _usage_dump, argv[0]);
+        exit(1);
+    }
+    else
+    {
+        if (strstr(argv[2], "_enc") != NULL)
+        {
+            enclave = argv[2];
+            /* dump oeinfo and signature information */
+            ret = oedump(enclave);
+        }
+        else
+        {
+            fprintf(stderr, _usage_gen, argv[0], argv[0]);
+            exit(1);
+        }
+    }
+
+    return ret;
+}
+
+int sign_parser(int argc, const char* argv[])
+{
+    int ret = 1;
+    const char* enclave;
+    const char* conffile;
+    const char* keyfile;
+
+    if (strcmp(argv[2], "-?") == 0)
+    {
+        fprintf(stderr, _usage_sign, argv[0]);
+        exit(1);
+    }
+    else if (argc == 5)
+    {
+        if (strstr(argv[2], "enc") != NULL)
+        {
+            enclave = argv[2];
+            if (strstr(argv[3], "conf") != NULL)
+            {
+                /* Collect arguments for signing*/
+                conffile = argv[3];
+                keyfile = argv[4];
+            }
+            else if (strstr(argv[3], "pem") != NULL)
+            {
+                /* Collect arguments for signing*/
+                keyfile = argv[3];
+                conffile = argv[4];
+            }
+            else
+            {
+                fprintf(stderr, _usage_gen, argv[0], argv[0]);
+                exit(1);
+            }
+        }
+        else if (strstr(argv[3], "enc") != NULL)
+        {
+            enclave = argv[3];
+            if (strstr(argv[2], "conf") != NULL)
+            {
+                /* Collect arguments for signing*/
+                conffile = argv[2];
+                keyfile = argv[4];
+            }
+            else if (strstr(argv[2], "pem") != NULL)
+            {
+                /* Collect arguments for signing*/
+                keyfile = argv[2];
+                conffile = argv[4];
+            }
+            else
+            {
+                fprintf(stderr, _usage_gen, argv[0], argv[0]);
+                exit(1);
+            }
+        }
+        else if (strstr(argv[4], "enc") != NULL)
+        {
+            enclave = argv[4];
+            if (strstr(argv[2], "conf") != NULL)
+            {
+                /* Collect arguments for signing*/
+                conffile = argv[2];
+                keyfile = argv[3];
+            }
+            else if (strstr(argv[2], "pem") != NULL)
+            {
+                /* Collect arguments for signing*/
+                keyfile = argv[2];
+                conffile = argv[3];
+            }
+            else
+            {
+                fprintf(stderr, _usage_gen, argv[0], argv[0]);
+                exit(1);
+            }
+        }
+        else
+        {
+            fprintf(stderr, _usage_gen, argv[0], argv[0]);
+            exit(1);
+        }
+    }
+    else
+    {
+        fprintf(stderr, _usage_gen, argv[0], argv[0]);
+        exit(1);
+    }
+
+    ret = oesign(enclave, conffile, keyfile);
+
+    return ret;
+}
+
+int arg_handler(int argc, const char* argv[])
+{
+    int ret = 1;
+    if ((strcmp(argv[1], "dump") == 0))
+        ret = dump_parser(argv);
+    else if ((strcmp(argv[1], "sign") == 0))
+        ret = sign_parser(argc, argv);
+    else
+    {
+        fprintf(stderr, _usage_gen, argv[0], argv[0]);
+        exit(1);
+    }
+    return ret;
+}
+
+int main(int argc, const char* argv[])
+{
+    arg0 = argv[0];
+    int ret = 1;
+
+    if (argc <= 2)
+    {
+        fprintf(stderr, _usage_gen, argv[0], argv[0]);
+        exit(1);
+    }
+
+    ret = arg_handler(argc, argv);
+    return ret;
+}