diff --git a/examples/tests/CMakeLists.txt b/examples/tests/CMakeLists.txt index 97af1eca..a48fc38a 100644 --- a/examples/tests/CMakeLists.txt +++ b/examples/tests/CMakeLists.txt @@ -19,6 +19,15 @@ set(all_test_bins untrusted data-sealing) +set(complex_test_bins + message + granter +) +set(support_test_bins + receiver + grantee +) + # and (2) define the recipe of the test below: # stack @@ -58,6 +67,20 @@ target_link_libraries(attestation ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) add_executable(untrusted untrusted/untrusted.c untrusted/edge_wrapper.c) target_link_libraries(untrusted ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) +# mailbox +add_executable(message message/message.c message/edge_wrapper.c) +target_link_libraries(message ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) + +add_executable(receiver receiver/receiver.c receiver/edge_wrapper.c) +target_link_libraries(receiver ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) + +# memshare +add_executable(granter granter/granter granter/edge_wrapper.c) +target_link_libraries(granter ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) + +add_executable(grantee grantee/grantee grantee/edge_wrapper.c) +target_link_libraries(grantee ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) + # data-sealing add_executable(data-sealing data-sealing/data-sealing.c) target_link_libraries(data-sealing ${KEYSTONE_LIB_EAPP} ${KEYSTONE_LIB_EDGE}) @@ -72,6 +95,16 @@ foreach (test IN ITEMS ${all_test_bins}) file(APPEND ${test_script_tmp} "echo 'testing ${test}'\n") file(APPEND ${test_script_tmp} "./${host_bin} ${test} eyrie-rt\n") endforeach(test) + +list(LENGTH complex_test_bins len1) +math(EXPR len2 "${len1} - 1") +foreach(val RANGE ${len2}) + list(GET complex_test_bins ${val} val1) + list(GET support_test_bins ${val} val2) + file(APPEND ${test_script_tmp} "echo 'testing ${val1}'\n") + file(APPEND ${test_script_tmp} "./${host_bin} ${val1} eyrie-rt --eapp_two ${val2}\n") +endforeach() + file(COPY ${test_script_tmp} DESTINATION ${CMAKE_CURRENT_BINARY_DIR} FILE_PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ) file(REMOVE_RECURSE ${CMAKE_CURRENT_BINARY_DIR}/tmp) @@ -79,6 +112,12 @@ file(REMOVE_RECURSE ${CMAKE_CURRENT_BINARY_DIR}/tmp) # linker flags for all tests set_target_properties(${all_test_bins} PROPERTIES LINK_FLAGS "-nostdlib -static -T ${CMAKE_CURRENT_SOURCE_DIR}/app.lds") + +set_target_properties(${complex_test_bins} + PROPERTIES LINK_FLAGS "-nostdlib -static -T ${CMAKE_CURRENT_SOURCE_DIR}/app.lds") + +set_target_properties(${support_test_bins} + PROPERTIES LINK_FLAGS "-nostdlib -static -T ${CMAKE_CURRENT_SOURCE_DIR}/app.lds") ############################################### # host @@ -90,7 +129,7 @@ target_link_libraries(${host_bin} ${KEYSTONE_LIB_HOST} ${KEYSTONE_LIB_EDGE} ${KE set(eyrie_files_to_copy .options_log eyrie-rt) add_eyrie_runtime(test-eyrie - "origin/master" + "origin/dev-mem-share" ${eyrie_plugins} ${eyrie_files_to_copy}) @@ -99,7 +138,7 @@ add_eyrie_runtime(test-eyrie add_keystone_package(test-package ${package_name} ${package_script} - ${test_script} ${eyrie_files_to_copy} ${all_test_bins} ${host_bin} + ${test_script} ${eyrie_files_to_copy} ${all_test_bins} ${host_bin} ${complex_test_bins} ${support_test_bins} ) add_dependencies(test-package test-eyrie) diff --git a/examples/tests/grantee/edge_wrapper.c b/examples/tests/grantee/edge_wrapper.c new file mode 100644 index 00000000..02213aca --- /dev/null +++ b/examples/tests/grantee/edge_wrapper.c @@ -0,0 +1,38 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#include "app/eapp_utils.h" +#include "app/string.h" +#include "app/syscall.h" +#include "edge_wrapper.h" + +void edge_init(){ + /* Nothing for now, will probably register buffers/callsites + later */ +} + +#define OCALL_PRINT_BUFFER 1 +#define OCALL_PRINT_VALUE 2 +#define OCALL_GET_STRING 4 + +void ocall_print_value(unsigned long val){ + + unsigned long val_ = val; + ocall(OCALL_PRINT_VALUE, &val_, sizeof(unsigned long), 0, 0); + + return; +} + +unsigned long ocall_print_buffer(char* data, size_t data_len){ + + unsigned long retval; + ocall(OCALL_PRINT_BUFFER, data, data_len, &retval ,sizeof(unsigned long)); + + return retval; +} + +void ocall_get_string(struct edge_data* retdata){ + ocall(OCALL_GET_STRING, NULL, 0, retdata, sizeof(struct edge_data)); + return; +} diff --git a/examples/tests/grantee/edge_wrapper.h b/examples/tests/grantee/edge_wrapper.h new file mode 100644 index 00000000..e959f022 --- /dev/null +++ b/examples/tests/grantee/edge_wrapper.h @@ -0,0 +1,14 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#ifndef _EDGE_WRAPPER_H_ +#define _EDGE_WRAPPER_H_ +#include "edge/edge_call.h" + +void edge_init(); + +unsigned long ocall_print_buffer(char* data, size_t data_len); +void ocall_print_value(unsigned long val); +void ocall_get_string(struct edge_data* retdata); +#endif /* _EDGE_WRAPPER_H_ */ diff --git a/examples/tests/grantee/grantee.c b/examples/tests/grantee/grantee.c new file mode 100644 index 00000000..769a8ea2 --- /dev/null +++ b/examples/tests/grantee/grantee.c @@ -0,0 +1,51 @@ +#include "app/eapp_utils.h" +#include "app/syscall.h" +#include "edge_wrapper.h" +#include + +#define BUF_SIZE 256 +#define EYRIE_LOAD_START 0xffffffff00000000 + +struct mem_share_req{ + uintptr_t base_addr; + size_t enclave_size; + size_t offset; +}; + +void EAPP_ENTRY eapp_entry(){ + char buf[BUF_SIZE]; + size_t uid; + struct mem_share_req req; + + get_uid(&uid); + + char *ack_msg = "ACK!\n"; + char *done_msg = "DONE!\n"; + uintptr_t ptr = 0x700000000; + size_t *target_ptr; + + edge_init(); + + //Listen for MEMSHARE START request from granter + while(recv_msg(uid - 1, buf, BUF_SIZE)); + + ocall_print_buffer("[GRANTEE] RECEIVED MEM_SHARE REQUEST\n", strlen("[GRANTEE] RECEIVED MEM_SHARE REQUEST\n") + 1); + + //Sends ACK to granter + while(send_msg(uid - 1, ack_msg, strlen(ack_msg) + 1)); + + //Reads request from client + while(recv_msg(uid - 1, &req, sizeof(struct mem_share_req))); + + //mmap req.base_addr + ptr = (uintptr_t) map(req.base_addr, req.enclave_size, ptr); + + target_ptr = (size_t *) (ptr + req.offset); + *target_ptr = 1337; + + mem_stop(uid - 1); + + while(send_msg(uid - 1, done_msg, strlen(done_msg) + 1)); + + EAPP_RETURN(0); +} diff --git a/examples/tests/granter/edge_wrapper.c b/examples/tests/granter/edge_wrapper.c new file mode 100644 index 00000000..02213aca --- /dev/null +++ b/examples/tests/granter/edge_wrapper.c @@ -0,0 +1,38 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#include "app/eapp_utils.h" +#include "app/string.h" +#include "app/syscall.h" +#include "edge_wrapper.h" + +void edge_init(){ + /* Nothing for now, will probably register buffers/callsites + later */ +} + +#define OCALL_PRINT_BUFFER 1 +#define OCALL_PRINT_VALUE 2 +#define OCALL_GET_STRING 4 + +void ocall_print_value(unsigned long val){ + + unsigned long val_ = val; + ocall(OCALL_PRINT_VALUE, &val_, sizeof(unsigned long), 0, 0); + + return; +} + +unsigned long ocall_print_buffer(char* data, size_t data_len){ + + unsigned long retval; + ocall(OCALL_PRINT_BUFFER, data, data_len, &retval ,sizeof(unsigned long)); + + return retval; +} + +void ocall_get_string(struct edge_data* retdata){ + ocall(OCALL_GET_STRING, NULL, 0, retdata, sizeof(struct edge_data)); + return; +} diff --git a/examples/tests/granter/edge_wrapper.h b/examples/tests/granter/edge_wrapper.h new file mode 100644 index 00000000..1fdb31b0 --- /dev/null +++ b/examples/tests/granter/edge_wrapper.h @@ -0,0 +1,15 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#ifndef _EDGE_WRAPPER_H_ +#define _EDGE_WRAPPER_H_ + +#include "edge/edge_call.h" + +void edge_init(); + +unsigned long ocall_print_buffer(char* data, size_t data_len); +void ocall_print_value(unsigned long val); +void ocall_get_string(struct edge_data* retdata); +#endif /* _EDGE_WRAPPER_H_ */ diff --git a/examples/tests/granter/granter.c b/examples/tests/granter/granter.c new file mode 100644 index 00000000..8ad64468 --- /dev/null +++ b/examples/tests/granter/granter.c @@ -0,0 +1,56 @@ +#include "app/eapp_utils.h" +#include "app/syscall.h" +#include "edge_wrapper.h" +#include + +#define BUF_SIZE 256 + +struct mem_share_req{ + uintptr_t base_addr; + size_t enclave_size; + uintptr_t offset; +}; + +void EAPP_ENTRY eapp_entry(){ + char buf[BUF_SIZE]; + size_t uid; + size_t dummy_value = 5; + + uintptr_t base_addr; + size_t enclave_size; + + struct mem_share_req req; + req.offset = translate((uintptr_t) &dummy_value); + + get_uid(&uid); + + char *start_msg = "START MEMSHARE\n"; + + edge_init(); + + //Send start MEMSHARE to grantee + while(send_msg(uid + 1, start_msg, strlen(start_msg) + 1)); + + ocall_print_buffer("[GRANTER] MEMSHARE START\n", strlen("[GRANTER] MEMSHARE START\n") + 1); + + //Receive ACK from grantee + while(recv_msg(uid + 1, buf, BUF_SIZE)); + + ocall_print_buffer("[GRANTER] ACK RECEIVED\n", strlen("[GRANTER] ACK RECEIVED\n")); + + //Begin MEMSHARE process + mem_share(uid + 1, &base_addr, &enclave_size); + + req.base_addr = base_addr; + req.enclave_size = enclave_size; + req.offset = req.offset - base_addr; + + while(send_msg(uid + 1, &req, sizeof(struct mem_share_req))); + + //Busy wait until grantee is finished + while(recv_msg(uid + 1, buf, BUF_SIZE)); + + ocall_print_value(dummy_value); + + EAPP_RETURN(0); +} diff --git a/examples/tests/message/edge_wrapper.c b/examples/tests/message/edge_wrapper.c new file mode 100644 index 00000000..9f902691 --- /dev/null +++ b/examples/tests/message/edge_wrapper.c @@ -0,0 +1,39 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#include "app/eapp_utils.h" +#include "string.h" +#include "app/syscall.h" +#include "edge_wrapper.h" +#include "edge/edge_call.h" + +void edge_init(){ + /* Nothing for now, will probably register buffers/callsites + later */ +} + +#define OCALL_PRINT_BUFFER 1 +#define OCALL_PRINT_VALUE 2 +#define OCALL_GET_STRING 4 + +void ocall_print_value(unsigned long val){ + + unsigned long val_ = val; + ocall(OCALL_PRINT_VALUE, &val_, sizeof(unsigned long), 0, 0); + + return; +} + +unsigned long ocall_print_buffer(char* data, size_t data_len){ + + unsigned long retval; + ocall(OCALL_PRINT_BUFFER, data, data_len, &retval ,sizeof(unsigned long)); + + return retval; +} + +void ocall_get_string(struct edge_data* retdata){ + ocall(OCALL_GET_STRING, NULL, 0, retdata, sizeof(struct edge_data)); + return; +} diff --git a/examples/tests/message/edge_wrapper.h b/examples/tests/message/edge_wrapper.h new file mode 100644 index 00000000..e959f022 --- /dev/null +++ b/examples/tests/message/edge_wrapper.h @@ -0,0 +1,14 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#ifndef _EDGE_WRAPPER_H_ +#define _EDGE_WRAPPER_H_ +#include "edge/edge_call.h" + +void edge_init(); + +unsigned long ocall_print_buffer(char* data, size_t data_len); +void ocall_print_value(unsigned long val); +void ocall_get_string(struct edge_data* retdata); +#endif /* _EDGE_WRAPPER_H_ */ diff --git a/examples/tests/message/message.c b/examples/tests/message/message.c new file mode 100644 index 00000000..542ff207 --- /dev/null +++ b/examples/tests/message/message.c @@ -0,0 +1,43 @@ +#include "app/eapp_utils.h" +#include "app/syscall.h" +#include "edge_wrapper.h" +#include + +#define BUF_SIZE 256 + +void EAPP_ENTRY eapp_entry(){ + char* msg1 = "MESSAGE 1!\n"; + char *msg2 = "MESSAGE 2!\n"; + char *msg3 = "MESSAGE 3!\n"; + char *msg4 = "Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.\n"; + char *error1 = "Oversized message detected successfully!\n"; + char *error2 = "Empty mailbox detected successfully!\n"; + + char buf[256]; + size_t uid; + unsigned long ret; + + get_uid(&uid); + edge_init(); + + while(send_msg(uid + 1, msg1, strlen(msg1) + 1)); + while(send_msg(uid + 1, msg2, strlen(msg2) + 1)); + while(send_msg(uid + 1, msg3, strlen(msg3) + 1)); + + while(recv_msg(uid + 1, buf, BUF_SIZE)); + ocall_print_buffer(buf, strlen("DONE!\n") + 1); + + //This should fail because the message is too big. + ret = send_msg(uid + 1, msg4, strlen(msg4) + 1); + if(ret){ + ocall_print_buffer(error1, strlen(error1) + 1); + } + + //This should fail because no message is in the mailbox + ret = recv_msg(uid + 1, buf, BUF_SIZE); + if(ret){ + ocall_print_buffer(error2, strlen(error2) + 1); + } + + EAPP_RETURN(0); +} diff --git a/examples/tests/receiver/edge_wrapper.c b/examples/tests/receiver/edge_wrapper.c new file mode 100644 index 00000000..b2af5c64 --- /dev/null +++ b/examples/tests/receiver/edge_wrapper.c @@ -0,0 +1,39 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#include "app/eapp_utils.h" +#include +#include "app/syscall.h" +#include "edge_wrapper.h" +#include "edge/edge_call.h" + +void edge_init(){ + /* Nothing for now, will probably register buffers/callsites + later */ +} + +#define OCALL_PRINT_BUFFER 1 +#define OCALL_PRINT_VALUE 2 +#define OCALL_GET_STRING 4 + +void ocall_print_value(unsigned long val){ + + unsigned long val_ = val; + ocall(OCALL_PRINT_VALUE, &val_, sizeof(unsigned long), 0, 0); + + return; +} + +unsigned long ocall_print_buffer(char* data, size_t data_len){ + + unsigned long retval; + ocall(OCALL_PRINT_BUFFER, data, data_len, &retval ,sizeof(unsigned long)); + + return retval; +} + +void ocall_get_string(struct edge_data* retdata){ + ocall(OCALL_GET_STRING, NULL, 0, retdata, sizeof(struct edge_data)); + return; +} diff --git a/examples/tests/receiver/edge_wrapper.h b/examples/tests/receiver/edge_wrapper.h new file mode 100644 index 00000000..b8369acf --- /dev/null +++ b/examples/tests/receiver/edge_wrapper.h @@ -0,0 +1,12 @@ +//****************************************************************************** +// Copyright (c) 2018, The Regents of the University of California (Regents). +// All Rights Reserved. See LICENSE for license details. +//------------------------------------------------------------------------------ +#ifndef _EDGE_WRAPPER_H_ +#define _EDGE_WRAPPER_H_ + +void edge_init(); + +unsigned long ocall_print_buffer(char* data, size_t data_len); +void ocall_print_value(unsigned long val); +#endif /* _EDGE_WRAPPER_H_ */ diff --git a/examples/tests/receiver/receiver.c b/examples/tests/receiver/receiver.c new file mode 100644 index 00000000..ee5dde32 --- /dev/null +++ b/examples/tests/receiver/receiver.c @@ -0,0 +1,28 @@ +#include "app/eapp_utils.h" +#include "app/syscall.h" +#include "edge_wrapper.h" +#include "app/syscall.h" +#include + +#define BUF_SIZE 256 + +void EAPP_ENTRY eapp_entry(){ + char buf[BUF_SIZE]; + size_t uid; + get_uid(&uid); + + edge_init(); + + while(recv_msg(uid - 1, buf, BUF_SIZE)); + ocall_print_buffer(buf, BUF_SIZE); + + while(recv_msg(uid - 1, buf, BUF_SIZE)); + ocall_print_buffer(buf, BUF_SIZE); + + while(recv_msg(uid - 1, buf, BUF_SIZE)); + ocall_print_buffer(buf, BUF_SIZE); + + while(send_msg(uid - 1, "DONE!\n", strlen("DONE!\n") + 1)); + + EAPP_RETURN(0); +} diff --git a/examples/tests/test-runner.cpp b/examples/tests/test-runner.cpp index 351d9413..ca935180 100644 --- a/examples/tests/test-runner.cpp +++ b/examples/tests/test-runner.cpp @@ -76,15 +76,17 @@ main(int argc, char** argv) { {"utm-size", required_argument, 0, 'u'}, {"utm-ptr", required_argument, 0, 'p'}, {"freemem-size", required_argument, 0, 'f'}, + {"eapp_two", required_argument, 0, 'o'}, {0, 0, 0, 0}}; char* eapp_file = argv[1]; char* rt_file = argv[2]; + char* eapp2_file = (char *) 0; int c; int opt_index = 3; while (1) { - c = getopt_long(argc, argv, "u:p:f:", long_options, &opt_index); + c = getopt_long(argc, argv, "u:p:f:o:", long_options, &opt_index); if (c == -1) break; @@ -100,11 +102,28 @@ main(int argc, char** argv) { case 'f': freemem_size = atoi(optarg) * 1024; break; + case 'o': + eapp2_file = optarg; + } + } + + /* Second enclave required for some eapps */ + if(eapp2_file){ + if(!fork()){ + Keystone::Enclave enclave_1; + Keystone::Params params_1; + params_1.setFreeMemSize(freemem_size); + params_1.setUntrustedMem(utm_ptr, untrusted_size); + enclave_1.init(eapp2_file, rt_file, params_1); + edge_init(&enclave_1); + enclave_1.run(); + return 0; } } Keystone::Enclave enclave; Keystone::Params params; + unsigned long cycles1, cycles2, cycles3, cycles4; params.setFreeMemSize(freemem_size); @@ -133,6 +152,5 @@ main(int argc, char** argv) { printf("[keystone-test] Init: %lu cycles\r\n", cycles2 - cycles1); printf("[keystone-test] Runtime: %lu cycles\r\n", cycles4 - cycles3); } - return 0; } diff --git a/include/app/syscall.h b/include/app/syscall.h index e610a93c..ea236bb3 100644 --- a/include/app/syscall.h +++ b/include/app/syscall.h @@ -14,6 +14,13 @@ #define SYSCALL_SHAREDCOPY 1002 #define SYSCALL_ATTEST_ENCLAVE 1003 #define SYSCALL_GET_SEALING_KEY 1004 +#define RUNTIME_SYSCALL_SEND 1005 +#define RUNTIME_SYSCALL_RCV 1006 +#define RUNTIME_SYSCALL_UID 1007 +#define RUNTIME_MEM_SHARE 1008 +#define RUNTIME_MEM_STOP 1009 +#define RUNTIME_SYSCALL_MAP 1010 +#define RUNTIME_SYSCALL_TRANSLATE 1011 #define SYSCALL_EXIT 1101 #define SYSCALL(which, arg0, arg1, arg2, arg3, arg4) \ @@ -54,6 +61,15 @@ untrusted_mmap(); int attest_enclave(void* report, void* data, size_t size); +int attest_enclave(void* report, void* data, size_t size); +int send_msg(size_t uid, void *buf, size_t msg_size); +int recv_msg(size_t uid, void *buf, size_t buf_size); +int get_uid(size_t *uid); +int mem_share(size_t uid, void *enclave_addr, void *enclave_size); +int mem_stop(size_t uid); +void *map(uintptr_t base_addr, size_t base_size, uintptr_t ptr); +uintptr_t translate(uintptr_t vaddr); + int get_sealing_key( struct sealing_key* sealing_key_struct, size_t sealing_key_struct_size, diff --git a/src/app/syscall.c b/src/app/syscall.c index e6ee40a8..f4136c34 100644 --- a/src/app/syscall.c +++ b/src/app/syscall.c @@ -24,6 +24,35 @@ attest_enclave(void* report, void* data, size_t size) { return SYSCALL_3(SYSCALL_ATTEST_ENCLAVE, report, data, size); } +int send_msg(size_t uid, void *buf, size_t msg_size){ + return SYSCALL_3(RUNTIME_SYSCALL_SEND, uid, buf, msg_size); +} + +int recv_msg(size_t uid, void *buf, size_t buf_size){ + return SYSCALL_3(RUNTIME_SYSCALL_RCV, uid, buf, buf_size); +} + +int get_uid(size_t *uid){ + return SYSCALL_1(RUNTIME_SYSCALL_UID, uid); +} + +int mem_share(size_t uid, void *enclave_addr, void *enclave_size){ + return SYSCALL_3(RUNTIME_MEM_SHARE, uid, enclave_addr, enclave_size); +} + +int mem_stop(size_t uid){ + return SYSCALL_1(RUNTIME_MEM_STOP, uid); +} + +void *map(uintptr_t base_addr, size_t base_size, uintptr_t ptr){ + + return (void *) SYSCALL_3(RUNTIME_SYSCALL_MAP, base_addr, base_size, ptr); +} + +uintptr_t translate(uintptr_t vaddr){ + return (uintptr_t) SYSCALL_1(RUNTIME_SYSCALL_TRANSLATE, vaddr); +} + /* returns sealing key */ int get_sealing_key(