miti
/
mitigator


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990
							FROM graphene
ENV SGX_SDK=/opt/intel/sgxsdk/

RUN mkdir source
WORKDIR source
## Setting up prereqs for decryptor - Intel SGX SSL
# Just curling the tar.gz file and then running the build script didn't work as the extracted folder had a different name (dependent on the foldername which was compressed) --- I didnt want to make a new fork of the sgxssl script for that.
RUN git clone https://github.com/openssl/openssl.git OpenSSL_1.1.1d && \
	cd OpenSSL_1.1.1d && git checkout tags/OpenSSL_1_1_1d && \
	cd ../ && tar -cf OpenSSL_1.1.1d.tar.gz OpenSSL_1.1.1d/

#Setting up SGXSSL with the version of OpenSSL that we downloaded in the previous step.
RUN git clone https://github.com/intel/intel-sgx-ssl.git && \
	cd intel-sgx-ssl && git checkout tags/lin_2.5_1.1.1d && \
	cp ../OpenSSL_1.1.1d.tar.gz ./openssl_source/  && \
	cd Linux &&  make && make install

#Setting up protobuf definitions for exchanging LA and post-LA messages between enclaves.
RUN git clone https://git-crysp.uwaterloo.ca/miti/dhmsgs_proto_defs.git && \
	cd dhmsgs_proto_defs/ && protoc --cpp_out=./ ./*.proto

#Setting up the decryptor enclave itself.
RUN git clone https://git-crysp.uwaterloo.ca/miti/Decryptor.git && \
	cd Decryptor/ && make

#Setting up common files used in the verifier, PHP extension for LA/post-LA message processing.
RUN git clone https://git-crysp.uwaterloo.ca/miti/commonVerifierPHPfiles.git

#Setting up a patched version of the linux-sgx repo's SDK for running LA on graphene.
RUN git clone https://git-crysp.uwaterloo.ca/miti/linux-sgx-trts-modified.git && \
	cd linux-sgx-trts-modified && git checkout local_attestation_for_graphene && \
	bash ./download_prebuilt.sh && make USE_OPT_LIBS=0

#Setting up the verifier.
RUN git clone https://git-crysp.uwaterloo.ca/miti/verifier.git && \
	cd verifier/ && git checkout recreating_state_for_teeter && \
	export SGX_SDK_TRTS_MODIFIED=/root/source/linux-sgx-trts-modified/build/linux && make && \
	cp verifier /root/graphene/LibOS/shim/test/native && \
	git checkout master && \
	cp verifier.manifest.template /root/graphene/LibOS/shim/test/native 

#Build the verifier
WORKDIR /root/graphene/LibOS/shim/test/native
RUN sed -i s/ls.manifest/'ls.manifest verifier.manifest'/g Makefile
RUN make SGX=1

RUN apt update && apt install -y php7.0-dev tmux libxml2-dev 

WORKDIR /root/source
RUN git clone --recursive https://github.com/CopernicaMarketingSoftware/PHP-CPP.git && \
	cd PHP-CPP/ && git checkout tags/v2.1.4 &&  make all && \
	cp libphpcpp.so.* /usr/lib/ && make install

RUN git clone https://git-crysp.uwaterloo.ca/miti/Apache_PHP_extension.git && \
	cd Apache_PHP_extension && git checkout recreating_state_for_teeter  && \
	make

WORKDIR /root/graphene/LibOS/shim/test/apps/apache
#Modifying the Makefile to generate the php module.
RUN sed -i s/'LISTEN_HOST ?= 127.0.0.1'/'LISTEN_HOST ?= 0.0.0.0'/g Makefile
RUN sed -i s/'testdata ssldata'/'$(INSTALL_DIR)/modules/libphp7.so  #testdata ssldata'/g Makefile 
RUN sed -i s/"'-'"/"'-' | tr '+' 'p'"/g Makefile #Fix for stdc++ to be named as a key sgx.trusted_files.stdcpp in the autogenerated manifest. 
RUN printf '\nPHP_DIR = php-7.0.7 \n$(PHP_DIR): $(PHP_DIR).tar.gz\n\ttar -xmzf $<\n' >> Makefile 
RUN printf '\n$(INSTALL_DIR)/modules/libphp7.so: $(PHP_DIR) $(INSTALL_DIR)/bin/apxs\n' >> Makefile
RUN printf '\tcd $< && ./configure --prefix=$(abspath $(INSTALL_DIR)) --with-apxs2=$(abspath $(INSTALL_DIR)/bin/apxs) \ \n' >> Makefile
RUN printf '\t--disable-cgi --disable-cli --disable-soap\n\tcd $< && $(MAKE) \n\tcd $< && $(MAKE) install\n' >> Makefile
RUN printf '\nbuild-apache-with-php: $(INSTALL_DIR)/bin/httpd $(INSTALL_DIR)/modules/libphp7.so\n' >> Makefile 
RUN cp /root/source/Apache_PHP_extension/*.tar.gz ./
#Don't make the manifest yet - make the apache/php build first and then the manifest.
RUN make SGX=1 build-apache-with-php

#Add the updated httpd.manifest.template #Todo update manifest. 
RUN cp /root/source/Apache_PHP_extension/httpd.manifest.template ./
#Add the extension to the obj/modules folder. 
RUN cp /root/source/Apache_PHP_extension/localattestation_decryption.so install/modules/
#Add the PHP .ini file from the PHP folder to the location accessed by the PHP setup at runtime
RUN cp ./php-7.0.7/php.ini-development install/lib/php.ini
#Add the extension directory and the extension name to the php.ini 
RUN echo "extension_dir=/root/graphene/LibOS/shim/test/apps/apache/install/modules" >> install/lib/php.ini && \ 
	echo "extension=localattestation_decryption.so" >> install/lib/php.ini
#Add all php source code files to the right place. 
RUN cp /root/source/Apache_PHP_extension/*.php install/htdocs
#Fix the configuration file for Apache
RUN printf '\nAcceptFilter http none\n<IfModule mime_module>\n    AddType application/x-httpd-php .php\n</IfModule>\n' > install/conf/httpd.conf
RUN make SGX=1 

WORKDIR /root 
COPY deploy_enclaves.sh ./
RUN chmod 755 ./deploy_enclaves.sh