!48 backport some patches from openeuler secGear

From: @whzhe
Reviewed-by: @chenmaodong
Signed-off-by: @chenmaodong

0033-modify-the-error-information-when-missing-c-and-m.patch

@@ -0,0 +1,34 @@
+From 909a866a5023c8f23b504ce1307283df834d2b55 Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Wed, 26 May 2021 11:49:49 +0800
+Subject: [PATCH 1/6] modify the error information when missing -c and -m
+
+---
+ tools/sign_tool/sign_tool.sh | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tools/sign_tool/sign_tool.sh b/tools/sign_tool/sign_tool.sh
+index 5469f80..0435a67 100755
+--- a/tools/sign_tool/sign_tool.sh
++++ b/tools/sign_tool/sign_tool.sh
+@@ -129,7 +129,7 @@ fi
+ itrustee_start_sign(){
+ #    check_native_sign
+     if [ -z $A_CONFIG_FILE ]; then
+-        echo "Error: missing config file for signing iTrustee enclave"
++        echo "Error: missing additional config_cloud.ini file for signing iTrustee enclave"
+         exit -1
+     fi
+ 
+@@ -137,7 +137,7 @@ itrustee_start_sign(){
+         if [ -z $SIGNATURE ]; then
+             ONE_STEP_MODE=1
+             if [ -z $CONFIG_FILE ]; then
+-                echo "Error: missing config file for signing iTrustee enclave"
++                echo "Error: missing basic config file for signing iTrustee enclave"
+                 exit -1
+             fi
+             if [ -z $IN_ENCLAVE ]; then
+-- 
+2.27.0
+

0034-normalize-the-log-printed-by-PrintInfo.patch

@@ -0,0 +1,55 @@
+From 5a34d5f560f1b35b4ae8892e07ff852af1a7a38a Mon Sep 17 00:00:00 2001
+From: chenmaodong <chenmaodong@huawei.com>
+Date: Mon, 31 May 2021 14:26:34 +0800
+Subject: [PATCH 2/6] normalize the log printed by PrintInfo
+
+Signed-off-by: chenmaodong <chenmaodong@huawei.com>
+---
+ inc/enclave_inc/gp/itrustee/secgear_log.h | 31 +++++++++++------------
+ 1 file changed, 15 insertions(+), 16 deletions(-)
+
+diff --git a/inc/enclave_inc/gp/itrustee/secgear_log.h b/inc/enclave_inc/gp/itrustee/secgear_log.h
+index 2e27b05..819fa86 100644
+--- a/inc/enclave_inc/gp/itrustee/secgear_log.h
++++ b/inc/enclave_inc/gp/itrustee/secgear_log.h
+@@ -24,22 +24,21 @@
+ #define PRINT_STRACE 2
+ #define PRINT_DEBUG 3
+ 
+-#define PrintInfo(level, fmt, args...)                                                      \
+-    if (level <= PRINT_LEVEL) {                                                             \
+-        switch (level) {                                                                    \
+-            case 0:                                                                         \
+-                SLog("%s %s: " fmt "\n", "[secGear][ERROR]", __FUNCTION__, ## args);   \
+-                break;                                                                      \
+-            case 1:                                                                         \
+-                SLog("%s %s: " fmt "\n", "[secGear][WARNING]", __FUNCTION__, ## args); \
+-                break;                                                                      \
+-            case 2:                                                                         \
+-                SLog("%s %s: " fmt "\n", "[secGear][STRACE]", __FUNCTION__, ## args);  \
+-                break;                                                                      \
+-            default:                                                                        \
+-                SLog("%s %s: " fmt "\n", "[secGear][DEBUG]", __FUNCTION__, ## args);   \
+-        }                                                                                   \
++#define PrintInfo(level, fmt, args...)                               \
++    if (level <= PRINT_LEVEL) {                                      \
++        switch (level) {                                             \
++            case 0:                                                  \
++                SLog("%s " fmt "\n", "[secGear][ERROR]", ## args);   \
++                break;                                               \
++            case 1:                                                  \
++                SLog("%s " fmt "\n", "[secGear][WARNING]", ## args); \
++                break;                                               \
++            case 2:                                                  \
++                SLog("%s " fmt "\n", "[secGear][STRACE]", ## args);  \
++                break;                                               \
++            default:                                                 \
++                SLog("%s " fmt "\n", "[secGear][DEBUG]", ## args);   \
++        }                                                            \
+     }
+ 
+-
+ #endif
+-- 
+2.27.0
+

0035-itrustee-add-lrt-support-itrustee.patch

@@ -0,0 +1,99 @@
+From 7fceb33ffd6e4f09faa6ba717f80ba6a51591f36 Mon Sep 17 00:00:00 2001
+From: LiFeng <lifeng68@huawei.com>
+Date: Tue, 1 Jun 2021 16:38:18 +0800
+Subject: [PATCH 3/6] itrustee: add lrt support itrustee
+
+Signed-off-by: LiFeng <lifeng68@huawei.com>
+---
+ examples/CMakeLists.txt             |  1 +
+ examples/lrt/CMakeLists.txt         |  5 +++--
+ examples/lrt/enclave/CMakeLists.txt | 17 ++++++++++++-----
+ examples/lrt/host/main.c            |  1 +
+ 4 files changed, 17 insertions(+), 7 deletions(-)
+
+diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt
+index cfd0171..07fc0fb 100644
+--- a/examples/CMakeLists.txt
++++ b/examples/CMakeLists.txt
+@@ -12,6 +12,7 @@ if(CC_GP)
+ 		COMMAND cp ${LOCAL_ROOT_PATH}/inc/enclave_inc/gp/itrustee/*.h ${CMAKE_BINARY_DIR}/inc/secGear/)
+ 	add_subdirectory(seal_data)
+ 	add_subdirectory(helloworld)
++	#add_subdirectory(lrt)
+ endif()
+ 
+ if(CC_SGX)
+diff --git a/examples/lrt/CMakeLists.txt b/examples/lrt/CMakeLists.txt
+index 9059590..45283a3 100644
+--- a/examples/lrt/CMakeLists.txt
++++ b/examples/lrt/CMakeLists.txt
+@@ -20,8 +20,9 @@ set(CODEGEN codegen)
+ 
+ if(CC_GP)
+     set(CODETYPE trustzone)
+-    execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
+-    string(REPLACE "\n" "" UUID ${UUID})
++    #    execute_process(COMMAND uuidgen -r OUTPUT_VARIABLE UUID)
++    #string(REPLACE "\n" "" UUID ${UUID})
++    set(UUID f68fd704-6eb1-4d14-b218-722850eb3ef0)
+     add_definitions(-DPATH="/data/${UUID}.sec")
+ endif()
+ 
+diff --git a/examples/lrt/enclave/CMakeLists.txt b/examples/lrt/enclave/CMakeLists.txt
+index 64494cc..acd1607 100644
+--- a/examples/lrt/enclave/CMakeLists.txt
++++ b/examples/lrt/enclave/CMakeLists.txt
+@@ -28,9 +28,9 @@ if(CC_GP)
+     #set signed output
+     set(OUTPUT ${UUID}.sec)
+     #set whilelist. default: /vendor/bin/teec_hello
+-    set(WHITE_LIST_0 /vendor/bin/helloworld)
++    set(WHITE_LIST_0 /vendor/bin/lrt)
+     set(WHITE_LIST_OWNER root)
+-    set(WHITE_LIST_1 /vendor/bin/secgear_helloworld)
++    set(WHITE_LIST_1 /vendor/bin/secgear_lrt)
+     set(WHITELIST WHITE_LIST_0 WHITE_LIST_1)
+ 
+     set(AUTO_FILES  ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.h ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_t.c ${CMAKE_CURRENT_BINARY_DIR}/${PREFIX}_args.h)
+@@ -55,7 +55,7 @@ set(COMMON_C_FLAGS "-W -Wall -Werror  -fno-short-enums  -fno-omit-frame-pointer
+ set(COMMON_C_LINK_FLAGS "-Wl,-z,now -Wl,-z,relro -Wl,-z,noexecstack -Wl,-nostdlib -nodefaultlibs -nostartfiles")
+ 
+ if(CC_GP)
+-    configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt")
++	#   configure_file("${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt.in" "${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt")
+ 
+     set(CMAKE_C_FLAGS "${COMMON_C_FLAGS}  -march=armv8-a ")
+     set(CMAKE_C_FLAGS_RELEASE "${CMAKE_C_FLAGS}  -s -fPIC")
+@@ -99,8 +99,15 @@ if(CC_GP)
+ 
+     add_custom_command(TARGET ${PREFIX}
+ 	      POST_BUILD
+-              COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt 
+-	      		-o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT})
++	      # COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}
++	      COMMAND bash ${SIGN_TOOL} -d digest -x trustzone -i ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/lib${PREFIX}.so -c ${CMAKE_CURRENT_SOURCE_DIR}/manifest.txt
++	      -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_hash
++	      COMMAND openssl rsautl -sign -inkey ${CMAKE_CURRENT_SOURCE_DIR}/cert/private_key.pem  -in ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_hash -out ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_signature
++	      COMMAND bash ${SIGN_TOOL} -d sign -x trustzone -s ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_signature -m ${CMAKE_CURRENT_SOURCE_DIR}/config_cloud.ini -o ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}
++	      # COMMAND rm -rf  ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_hash
++	      #COMMAND rm -rf ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/temp_signature
++	      )
++
+ 
+     install(FILES ${CMAKE_LIBRARY_OUTPUT_DIRECTORY}/${OUTPUT}  
+         DESTINATION /data
+diff --git a/examples/lrt/host/main.c b/examples/lrt/host/main.c
+index ba078c7..92ff47a 100644
+--- a/examples/lrt/host/main.c
++++ b/examples/lrt/host/main.c
+@@ -13,6 +13,7 @@
+ #include <stdio.h>
+ #include <unistd.h>
+ #include <linux/limits.h>
++#include <string.h>
+ #include "enclave.h"
+ #include "lrt_u.h"
+ 
+-- 
+2.27.0
+

0036-enclave-use-the-can-pull-image-from-hub.oepkgs.net.patch

@@ -0,0 +1,26 @@
+From 764886f9baa739d9688cb1875692b4687434153b Mon Sep 17 00:00:00 2001
+From: LiFeng <lifeng68@huawei.com>
+Date: Tue, 1 Jun 2021 18:48:30 +0800
+Subject: [PATCH 4/6] enclave: use the can-pull image from hub.oepkgs.net
+
+Signed-off-by: LiFeng <lifeng68@huawei.com>
+---
+ examples/lrt/enclave.yaml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/examples/lrt/enclave.yaml b/examples/lrt/enclave.yaml
+index b1bc19b..7734a24 100644
+--- a/examples/lrt/enclave.yaml
++++ b/examples/lrt/enclave.yaml
+@@ -28,7 +28,7 @@ spec:
+     spec:
+       containers:
+       - name: hell_lifeng
+-        image: secgear_hello
++        image: hub.oepkgs.net/lifeng2221dd1/hello_secgear:v1.0
+         imagePullPolicy: IfNotPresent
+         name: helloworld
+         resources:
+-- 
+2.27.0
+

0037-add-description-about-file-parameter-path-for-sign_t.patch

@@ -0,0 +1,26 @@
+From ac2ccfb69c60dba6eb472d2d62da53f5890a07ce Mon Sep 17 00:00:00 2001
+From: yanlu <yanlu14@huawei.com>
+Date: Wed, 2 Jun 2021 15:04:34 +0800
+Subject: [PATCH 5/6] add description about file parameter path for
+ sign_tool.sh
+
+---
+ docs/sign_tool.md | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/sign_tool.md b/docs/sign_tool.md
+index e6c6e3b..a092f19 100644
+--- a/docs/sign_tool.md
++++ b/docs/sign_tool.md
+@@ -4,7 +4,7 @@ The sign_tool.sh helps to sign the enclave.
+ 
+ ## The sign_tool.sh
+ 
+-The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'signtool_v3.py' for signing the trustzone enclave.
++The sign_tool.sh uses the 'sgx_sign' tool in SGX SDK for signing the sgx enclave and the 'signtool_v3.py' for signing the trustzone enclave. When signing the trustzone enclave, it is recommended that use the absolute path to specify the file parameters, if provide a relative path, is should be a path relative to 'signtool_v3.py'.
+ 
+ The tool supports the following two modes:
+ 
+-- 
+2.27.0
+

0038-fix-use-after-free-in-cc_enclave_create.patch

@@ -1,10 +1,10 @@
 From f82ae0a78901c62644a53257d72fbc932d350ed7 Mon Sep 17 00:00:00 2001
 From: chenmaodong <chenmaodong@huawei.com>
 Date: Wed, 2 Jun 2021 17:16:56 +0800
-Subject: [PATCH] fix use-after-free in cc_enclave_create The last parameter
+Subject: [PATCH 6/6] fix use-after-free in cc_enclave_create The last
- 'enclave' of cc_enclave_create will not be a double pointer, it'll be a
+ parameter 'enclave' of cc_enclave_create will not be a double pointer, it'll
- single pointer now. Besides, the memory of parameter 'enclave' will malloc
+ be a single pointer now. Besides, the memory of parameter 'enclave' will
- and free by users, you can check the example to find how to use it.
+ malloc and free by users, you can check the example to find how to use it.
 
 Signed-off-by: chenmaodong <chenmaodong@huawei.com>
 ---

secGear.spec

@@ -1,6 +1,6 @@
 Name:		secGear
 Version:	0.1.0
-Release:	15%{?dist}
+Release:	16%{?dist}
 Summary:	secGear is an SDK to develop confidential computing apps based on hardware enclave features
 
 
@@ -41,7 +41,12 @@ Patch28:	0029-some-adaptations-for-trustzone.patch
 Patch29:	0030-fix-sgx-two-step-mode-bug-add-dump-command.patch
 Patch30:	0031-set-signtool_v3.py-path.patch
 Patch31:	0032-del-size_to_aligned_size.patch
-Patch32:	0033-fix-use-after-free-in-cc_enclave_create.patch
+Patch32:	0033-modify-the-error-information-when-missing-c-and-m.patch
+Patch33:	0034-normalize-the-log-printed-by-PrintInfo.patch
+Patch34:	0035-itrustee-add-lrt-support-itrustee.patch
+Patch35:	0036-enclave-use-the-can-pull-image-from-hub.oepkgs.net.patch
+Patch36:	0037-add-description-about-file-parameter-path-for-sign_t.patch
+Patch37:	0038-fix-use-after-free-in-cc_enclave_create.patch
 
 BuildRequires:	gcc python automake autoconf libtool
 BUildRequires:	glibc glibc-devel cmake ocaml-dune
@@ -154,6 +159,9 @@ popd
 %endif
 
 %changelog
+* Thu June 3 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-16
+- DESC: backport some patches from openeuler secGear
+
 * Wed June 2 2021 chenmaodong<chenmaodong@huawei.com> - 0.1.0-15
 - DESC: fix uaf in cc_enclave_create