libsodiumでenclave.soのビルドができない③

libsodiumでenclave.soのビルドができない②

code:sh

root@d693341101b2:~/anonify/build# nm -o /lib/* /usr/lib/* /usr/lib/*/* \

/usr/local/lib/* 2> /dev/null | grep 'crypto_scalarmult_base$'

/usr/lib/x86_64-linux-gnu/libzmq.a:src_libzmq_la-zmq_utils.o: U crypto_scalarmult_base

/usr/local/lib/libsodium.a:libsodium_la-crypto_kx.o: U crypto_scalarmult_base

/usr/local/lib/libsodium.a:libsodium_la-crypto_scalarmult.o:0000000000000010 T crypto_scalarmult_base

/usr/local/lib/libsodium.so:0000000000021150 T crypto_scalarmult_base

/usr/local/lib/libsodium.so.23:0000000000021150 T crypto_scalarmult_base

/usr/local/lib/libsodium.so.23.3.0:0000000000021150 T crypto_scalarmult_base

code:sh

root@d693341101b2:~/anonify/build# echo $SGX_SDK

/opt/sgxsdk

code:sh

root@d693341101b2:~/anonify/build# /opt/sgxsdk/bin/x64/sgx_sign -help

Usage: sgx_sign <commands> options file...

Commands:

sign Sign the enclave using the private key

gendata Generate enclave signing material to be signed

catsig Generate the signed enclave with the input signature file, the

public key and the enclave signing material

dump Dump metadata information for a signed enclave file

Options:

-enclave Specify the enclave file to be signed or already signed

It is a required option for the four commands

-key Specify the key file

It is a required option for "sign" and "catsig"

-config Specify the configuration for the enclave

-out Specify the output file

It is a required option for "sign", "gendata" and "catsig"

-sig Specify the signature file for the enclave signing material

It is a required option for "catsig"

-unsigned Specify the enclave signing material generated by "gendata"

It is a required option for "catsig"

-dumpfile Specify a file to dump metadata information (text format)

It is a required option for "dump"

-cssfile Specify a file to dump the enclave SIGSTRUCT information (binary format)

-ignore-rel-error By default, sgx_sign provides an error for enclaves with

text relocations. You can ignore the error and continue signing

by providing this option. But it is recommended you eliminate the

text relocations instead of bypassing the error with this option.

-ignore-init-sec-error By default, sgx_sign provides an error for enclaves with .init section.

You can ignore the error and continue signing by providing this option.

But it is recommended you eliminate the section instead of bypassing

the error with this option.

-resign By default, sgx_sign reports an error if an input enclave has already been signed.

You can force sgx_sign to resign the enclave by providing this option.

Run "sgx_sign -help" to get this help and exit.

Run "sgx_sign -version" to output version information and exit.

code:sh

@$(SGX_ENCLAVE_SIGNER) sign -key $(CONFIG_DIR)/Test_Enclave_private.pem -enclave $(RustEnclave_Name) -enclave /usr/local/lib/libsodium.a -out $@ -config $(CONFIG_DIR)/Enclave.config.xml

↓

code:sh

LINK => ../build/enclave.so

mkdir -p ../.anonify

Repeatly specified "-enclave" option.

Usage: sgx_sign <commands> options file...

code:sh

export SODIUM_USE_PKG_CONFIG=1

code:sh

error: failed to run custom build command for libsodium-sys v0.2.6

Caused by:

process didn't exit successfully: /root/anonify/target/debug/build/libsodium-sys-5e926fe820cfaf9d/build-script-build (exit code: 101)

--- stdout

cargo:rerun-if-env-changed=SODIUM_LIB_DIR

cargo:rerun-if-env-changed=SODIUM_SHARED

cargo:rerun-if-env-changed=SODIUM_USE_PKG_CONFIG

cargo:rerun-if-env-changed=SODIUM_DISABLE_PIE

--- stderr

thread 'main' panicked at 'SODIUM_LIB_DIR is incompatible with SODIUM_USE_PKG_CONFIG. Set the only one env variable', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/libsodium-sys-0.2.6/build.rs:38:9

note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

code:sh

unset SODIUM_LIB_DIR

export SODIUM_USE_PKG_CONFIG=1

うーん。これでも同じ...

code:sh

check_symbol_table elfparser.cpp:253 symbol 'crypto_scalarmult_base' is undefined

Symbol table incorrect

The input enclave file is not correct.

Error happened while signing the enclave.

Makefile:150: recipe for target '../.anonify/enclave.signed.so' failed

make: *** ../.anonify/enclave.signed.so Error 255

改めてg++の指定

code:sh

-m64

-O0

-g

-Wl,--no-undefined

-nostdlib

-nodefaultlibs

-nostartfiles

-L/opt/sgxsdk/lib64

-Wl,--whole-archive

-lsgx_trts

-Wl,--no-whole-archive

-Wl,--start-group

-lsgx_tstdc

-lsgx_tservice

-lsgx_tcrypto

-lsodium

-L../build/lib

-lenclave

-Wl,--end-group

-Wl,-Bstatic

-Wl,-Bsymbolic

-Wl,--no-undefined

-Wl,-pie,-eenclave_entry

-Wl,--export-dynamic

-Wl,--defsym,__ImageBase=0

-Wl,--gc-sections

-Wl,--version-script=../config/Enclave.lds

-L/usr/local/lib

code:sh

root@d693341101b2:~/anonify/scripts# nm libenclave.a | grep ocall_

U ocall_get_ias_socket

U ocall_get_quote

U ocall_get_update_info

U ocall_import_path_secret

U ocall_sgx_init_quote

code:sh

root@d693341101b2:~/anonify/scripts# nm -o /lib/* /usr/lib/* /usr/lib/*/* /usr/local/lib/* /opt/sgxsdk/lib* ../build/lib/ 2> /dev/null | grep 'ocall_get_ias_socket$'

root@d693341101b2:~/anonify/scripts# nm -o /lib/* /usr/lib/* /usr/lib/*/* /usr/local/lib/* /opt/sgxsdk/lib* ../build/lib/* 2> /dev/null | grep 'ocall_get_ias_socket$'

../build/lib/libenclave.a:frame_enclave-90729249b06bef9f.1pmpgka0h8nkr0v0.rcgu.o: U ocall_get_ias_socket

code:sh

❯ rg -i ocall_get_ias_socket

edl/Anonify_common.edl

54: UntrustedStatus ocall_get_ias_socket(

frame/enclave/src/ocalls.rs

41: pub fn ocall_get_ias_socket(

99: unsafe { ocall_get_ias_socket(&mut rt as *mut UntrustedStatus, &mut ias_sock as *mut i32) };

107: function: "ocall_get_ias_socket",

frame/host/src/ocalls.rs

103:pub extern "C" fn ocall_get_ias_socket(ret_fd: *mut c_int) -> UntrustedStatus {

うーん。これでTなのか。

code:sh

❯ nm Anonify_common_t.o | grep ocall_get_ias_socket

0000000000001082 T ocall_get_ias_socket

code:sh

@$(CXX) $(ANONIFY_BUILD_DIR)/$(T_O_FILE) /usr/local/lib/libsodium.so -o $@ $(RustEnclave_Link_Flags)

→変わらず

ソースのヘッダぶちこむか？

code:sh

-l/root/libsodium-stable/src/libsodium/include

code:sh

@$(CXX) -o $@ $(RustEnclave_Link_Flags) -l/root/libsodium-stable/src/libsodium/include/sodium /root/libsodium-stable/src/libsodium/crypto_scalarmult/crypto_scalarmult.c $(ANONIFY_BUILD_DIR)/$(T_O_FILE)

code:sh

ImageBase=0 -Wl,--gc-sections -Wl,--version-script=../config/Enclave.lds

/root/libsodium-stable/src/libsodium/crypto_scalarmult/crypto_scalarmult.c:2:10: fatal error: crypto_scalarmult.h: No such file or directory

#include "crypto_scalarmult.h"

^~~~~~~~~~~~~~~~~~~~~

compilation terminated.

Makefile:144: recipe for target '../build/enclave.so' failed

make: *** ../build/enclave.so Error 1

code:sh

/root/libsodium-stable/src/libsodium/crypto_scalarmult/crypto_scalarmult.c

個別にcrypto_scalarmult.cをコンパイル

code:sh

@$(CC) $(RustEnclave_Compile_Flags) -c /root/libsodium-stable/src/libsodium/crypto_scalarmult/crypto_scalarmult.c -o $(ANONIFY_BUILD_DIR)/crypto_scalarmult.o

生成したオブジェクトファイルをリンクさせればいけそう

code:sh

@$(CXX) $(ANONIFY_BUILD_DIR)/crypto_scalarmult.o $(ANONIFY_BUILD_DIR)/$(T_O_FILE) -o $@ $(RustEnclave_Link_Flags)

エラーが変わった

code:sh

check_symbol_table elfparser.cpp:253 symbol 'crypto_scalarmult_curve25519' is undefined

Symbol table incorrect

The input enclave file is not correct.

Error happened while signing the enclave.

Makefile:153: recipe for target '../.anonify/enclave.signed.so' failed