diff --git a/Cargo.lock b/Cargo.lock index 6b353e33..2b2c1275 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -319,6 +319,7 @@ dependencies = [ "cc", "rtc-ecalls", "rtc_types", + "rtc_udh", "sgx_types", "sgx_urts", ] @@ -629,6 +630,7 @@ dependencies = [ "data-ocalls", "rtc-ecalls", "rtc_types", + "rtc_udh", "sgx_types", "sgx_urts", ] @@ -1676,6 +1678,16 @@ dependencies = [ "thiserror 1.0.9", ] +[[package]] +name = "rtc_udh" +version = "0.1.0" +dependencies = [ + "mockall", + "once_cell", + "rtc_types", + "sgx_types", +] + [[package]] name = "rtc_uenclave" version = "0.1.0" @@ -1692,6 +1704,7 @@ dependencies = [ "rsa", "rtc-ecalls", "rtc_types", + "rtc_udh", "serde 1.0.125", "serde_json", "sgx_types", diff --git a/Cargo.toml b/Cargo.toml index 29c08f46..6df0048d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,6 +8,7 @@ members = [ "rtc_uenclave/data-sys", "rtc_uenclave/auth-sys", "rtc_uenclave/rtc-ecalls", + "rtc_udh", ] # TODO: Look at creating a seperate workspace for enclave code to share lockfile? exclude = [ diff --git a/HACKING.md b/HACKING.md index 8eeeb2f5..089eab14 100644 --- a/HACKING.md +++ b/HACKING.md @@ -29,3 +29,33 @@ However, also note that Cargo currently has this limitation: This prevents patching a repository reference to a different revision in the same repository, which makes some SGX-patched packages (such as `serde-sgx` and `serde-json-sgx`) tricky to deal with. + + +## Aligned memory allocation for secret values + +In enclave code, all memory allocations for sensitive secret values (such as cryptographic keys) +must be padded and aligned to protect against certain cache timing side-channel attacks, +as detailed in the Intel's INTEL-SA-00219 Developer Guidance. + +The Rust SGX SDK [provides primitives] (`AlignBox` and `sgx_align_*`) to help implement this guidance, +but other enclave secrets must also be allocated similarly. + +[provides primitives]: https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX#rust-sgx-provided-primitive + +In particular, care must be taken to allocate aligned memory _before_ initialising secrets in it, +rather than initialising secrets in unaligned memory and then moving them to aligned memory. + +In this codebase, also see the `AlignedKey` type in the `rtc_tenclave::dh::types` module. + +Background: + +* [CVE-2019-0117](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0117) +* [Intel SGX SDK Developer Guidance INTEL-SA-00219](https://software.intel.com/content/www/us/en/develop/download/intel-sgx-sdk-developer-guidance-intel-sa-00219.html) + ([PDF](https://software.intel.com/content/dam/develop/public/us/en/documents/intel-sgx-sdk-developer-guidance-intel-sa-00219.pdf)) + + +Rust SGX SDK: + +* [v1.1.0 release notes](https://github.com/apache/incubator-teaclave-sgx-sdk/blob/v1.1.0/release_notes.md#rust-sgx-sdk-v110) +* [Mitigation of Intel SA 00219 in Rust SGX](https://github.com/apache/incubator-teaclave-sgx-sdk/wiki/Mitigation-of-Intel-SA-00219-in-Rust-SGX) + diff --git a/buildenv.mk b/buildenv.mk index 9e8d85a5..d3e963e6 100644 --- a/buildenv.mk +++ b/buildenv.mk @@ -166,4 +166,7 @@ ENCLAVE_LDFLAGS = $(COMMON_LDFLAGS) -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefi ENCLAVE_CFLAGS += $(MITIGATION_CFLAGS) ENCLAVE_ASFLAGS = $(MITIGATION_ASFLAGS) +# RTC SPECIFIC +RTC_EDL_PATH = /root/rtc-data/edl + diff --git a/codegen/auth_enclave/bindings.h b/codegen/auth_enclave/bindings.h index ee2b5e93..37c06b97 100644 --- a/codegen/auth_enclave/bindings.h +++ b/codegen/auth_enclave/bindings.h @@ -12,6 +12,50 @@ */ #define DATA_UPLOAD_RESPONSE_LEN (16 + (24 + 16)) +/** + * FFI safe result type that can be converted to and from a rust result. + */ +typedef enum EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag { + Ok_sgx_dh_msg1_t__sgx_status_t, + Err_sgx_dh_msg1_t__sgx_status_t, +} EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag; + +typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t { + EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag tag; + union { + struct { + sgx_dh_msg1_t ok; + }; + struct { + sgx_status_t err; + }; + }; +} EcallResult_sgx_dh_msg1_t__sgx_status_t; + +typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t SessionRequestResult; + +/** + * FFI safe result type that can be converted to and from a rust result. + */ +typedef enum EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag { + Ok_sgx_dh_msg3_t__sgx_status_t, + Err_sgx_dh_msg3_t__sgx_status_t, +} EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag; + +typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t { + EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag tag; + union { + struct { + sgx_dh_msg3_t ok; + }; + struct { + sgx_status_t err; + }; + }; +} EcallResult_sgx_dh_msg3_t__sgx_status_t; + +typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t ExchangeReportResult; + typedef enum CreateReportResult_Tag { Success, Sgx, diff --git a/codegen/auth_enclave/Enclave_t.c b/codegen/auth_enclave/rtc_auth_t.c similarity index 89% rename from codegen/auth_enclave/Enclave_t.c rename to codegen/auth_enclave/rtc_auth_t.c index ad4fcbee..81ff0a4b 100644 --- a/codegen/auth_enclave/Enclave_t.c +++ b/codegen/auth_enclave/rtc_auth_t.c @@ -1,4 +1,4 @@ -#include "Enclave_t.h" +#include "rtc_auth_t.h" #include "sgx_trts.h" /* for sgx_ocalloc, sgx_is_outside_enclave */ #include "sgx_lfence.h" /* for sgx_lfence */ @@ -40,6 +40,22 @@ typedef struct ms_t_global_init_ecall_t { size_t ms_len; } ms_t_global_init_ecall_t; +typedef struct ms_session_request_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_session_request_t; + +typedef struct ms_exchange_report_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + const sgx_dh_msg2_t* ms_dh_msg2; +} ms_exchange_report_t; + +typedef struct ms_end_session_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_end_session_t; + typedef struct ms_u_thread_set_event_ocall_t { int ms_retval; int* ms_error; @@ -438,6 +454,53 @@ typedef struct ms_u_fstatat64_ocall_t { int ms_flags; } ms_u_fstatat64_ocall_t; +typedef struct ms_rtc_session_request_u_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_session_request_u_t; + +typedef struct ms_rtc_exchange_report_u_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; + sgx_dh_msg2_t* ms_dh_msg2; +} ms_rtc_exchange_report_u_t; + +typedef struct ms_rtc_end_session_u_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_end_session_u_t; + +typedef struct ms_sgx_oc_cpuidex_t { + int* ms_cpuinfo; + int ms_leaf; + int ms_subleaf; +} ms_sgx_oc_cpuidex_t; + +typedef struct ms_sgx_thread_wait_untrusted_event_ocall_t { + int ms_retval; + const void* ms_self; +} ms_sgx_thread_wait_untrusted_event_ocall_t; + +typedef struct ms_sgx_thread_set_untrusted_event_ocall_t { + int ms_retval; + const void* ms_waiter; +} ms_sgx_thread_set_untrusted_event_ocall_t; + +typedef struct ms_sgx_thread_setwait_untrusted_events_ocall_t { + int ms_retval; + const void* ms_waiter; + const void* ms_self; +} ms_sgx_thread_setwait_untrusted_events_ocall_t; + +typedef struct ms_sgx_thread_set_multiple_untrusted_events_ocall_t { + int ms_retval; + const void** ms_waiters; + size_t ms_total; +} ms_sgx_thread_set_multiple_untrusted_events_ocall_t; + static sgx_status_t SGX_CDECL sgx_enclave_create_report(void* pms) { CHECK_REF_POINTER(pms, sizeof(ms_enclave_create_report_t)); @@ -572,79 +635,167 @@ static sgx_status_t SGX_CDECL sgx_t_global_exit_ecall(void* pms) return status; } +static sgx_status_t SGX_CDECL sgx_session_request(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_session_request_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_session_request_t* ms = SGX_CAST(ms_session_request_t*, pms); + sgx_status_t status = SGX_SUCCESS; + + + + ms->ms_retval = session_request(ms->ms_src_enclave_id); + + + return status; +} + +static sgx_status_t SGX_CDECL sgx_exchange_report(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_exchange_report_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_exchange_report_t* ms = SGX_CAST(ms_exchange_report_t*, pms); + sgx_status_t status = SGX_SUCCESS; + const sgx_dh_msg2_t* _tmp_dh_msg2 = ms->ms_dh_msg2; + size_t _len_dh_msg2 = sizeof(sgx_dh_msg2_t); + sgx_dh_msg2_t* _in_dh_msg2 = NULL; + + CHECK_UNIQUE_POINTER(_tmp_dh_msg2, _len_dh_msg2); + + // + // fence after pointer checks + // + sgx_lfence(); + + if (_tmp_dh_msg2 != NULL && _len_dh_msg2 != 0) { + _in_dh_msg2 = (sgx_dh_msg2_t*)malloc(_len_dh_msg2); + if (_in_dh_msg2 == NULL) { + status = SGX_ERROR_OUT_OF_MEMORY; + goto err; + } + + if (memcpy_s(_in_dh_msg2, _len_dh_msg2, _tmp_dh_msg2, _len_dh_msg2)) { + status = SGX_ERROR_UNEXPECTED; + goto err; + } + + } + + ms->ms_retval = exchange_report(ms->ms_src_enclave_id, (const sgx_dh_msg2_t*)_in_dh_msg2); + +err: + if (_in_dh_msg2) free(_in_dh_msg2); + return status; +} + +static sgx_status_t SGX_CDECL sgx_end_session(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_end_session_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_end_session_t* ms = SGX_CAST(ms_end_session_t*, pms); + sgx_status_t status = SGX_SUCCESS; + + + + ms->ms_retval = end_session(ms->ms_src_enclave_id); + + + return status; +} + SGX_EXTERNC const struct { size_t nr_ecall; - struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[3]; + struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[6]; } g_ecall_table = { - 3, + 6, { {(void*)(uintptr_t)sgx_enclave_create_report, 0, 0}, {(void*)(uintptr_t)sgx_t_global_init_ecall, 0, 0}, {(void*)(uintptr_t)sgx_t_global_exit_ecall, 0, 0}, + {(void*)(uintptr_t)sgx_session_request, 0, 0}, + {(void*)(uintptr_t)sgx_exchange_report, 0, 0}, + {(void*)(uintptr_t)sgx_end_session, 0, 0}, } }; SGX_EXTERNC const struct { size_t nr_ocall; - uint8_t entry_table[55][3]; + uint8_t entry_table[63][6]; } g_dyn_entry_table = { - 55, + 63, { - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, - {0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, }, } }; @@ -4477,3 +4628,298 @@ sgx_status_t SGX_CDECL u_fstatat64_ocall(int* retval, int* error, int dirfd, con return status; } +sgx_status_t SGX_CDECL rtc_session_request_u(SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_rtc_session_request_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_session_request_u_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_session_request_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_session_request_u_t)); + ocalloc_size -= sizeof(ms_rtc_session_request_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + status = sgx_ocall(55, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL rtc_exchange_report_u(ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2) +{ + sgx_status_t status = SGX_SUCCESS; + size_t _len_dh_msg2 = sizeof(sgx_dh_msg2_t); + + ms_rtc_exchange_report_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_exchange_report_u_t); + void *__tmp = NULL; + + + CHECK_ENCLAVE_POINTER(dh_msg2, _len_dh_msg2); + + if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (dh_msg2 != NULL) ? _len_dh_msg2 : 0)) + return SGX_ERROR_INVALID_PARAMETER; + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_exchange_report_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_exchange_report_u_t)); + ocalloc_size -= sizeof(ms_rtc_exchange_report_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + if (dh_msg2 != NULL) { + ms->ms_dh_msg2 = (sgx_dh_msg2_t*)__tmp; + if (memcpy_s(__tmp, ocalloc_size, dh_msg2, _len_dh_msg2)) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + __tmp = (void *)((size_t)__tmp + _len_dh_msg2); + ocalloc_size -= _len_dh_msg2; + } else { + ms->ms_dh_msg2 = NULL; + } + + status = sgx_ocall(56, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL rtc_end_session_u(sgx_status_t* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_rtc_end_session_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_end_session_u_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_end_session_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_end_session_u_t)); + ocalloc_size -= sizeof(ms_rtc_end_session_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + status = sgx_ocall(57, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL sgx_oc_cpuidex(int cpuinfo[4], int leaf, int subleaf) +{ + sgx_status_t status = SGX_SUCCESS; + size_t _len_cpuinfo = 4 * sizeof(int); + + ms_sgx_oc_cpuidex_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_sgx_oc_cpuidex_t); + void *__tmp = NULL; + + void *__tmp_cpuinfo = NULL; + + CHECK_ENCLAVE_POINTER(cpuinfo, _len_cpuinfo); + + if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (cpuinfo != NULL) ? _len_cpuinfo : 0)) + return SGX_ERROR_INVALID_PARAMETER; + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_sgx_oc_cpuidex_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_oc_cpuidex_t)); + ocalloc_size -= sizeof(ms_sgx_oc_cpuidex_t); + + if (cpuinfo != NULL) { + ms->ms_cpuinfo = (int*)__tmp; + __tmp_cpuinfo = __tmp; + if (_len_cpuinfo % sizeof(*cpuinfo) != 0) { + sgx_ocfree(); + return SGX_ERROR_INVALID_PARAMETER; + } + memset(__tmp_cpuinfo, 0, _len_cpuinfo); + __tmp = (void *)((size_t)__tmp + _len_cpuinfo); + ocalloc_size -= _len_cpuinfo; + } else { + ms->ms_cpuinfo = NULL; + } + + ms->ms_leaf = leaf; + ms->ms_subleaf = subleaf; + status = sgx_ocall(58, ms); + + if (status == SGX_SUCCESS) { + if (cpuinfo) { + if (memcpy_s((void*)cpuinfo, _len_cpuinfo, __tmp_cpuinfo, _len_cpuinfo)) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + } + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL sgx_thread_wait_untrusted_event_ocall(int* retval, const void* self) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_sgx_thread_wait_untrusted_event_ocall_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_sgx_thread_wait_untrusted_event_ocall_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t)); + ocalloc_size -= sizeof(ms_sgx_thread_wait_untrusted_event_ocall_t); + + ms->ms_self = self; + status = sgx_ocall(59, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL sgx_thread_set_untrusted_event_ocall(int* retval, const void* waiter) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_sgx_thread_set_untrusted_event_ocall_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_sgx_thread_set_untrusted_event_ocall_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_sgx_thread_set_untrusted_event_ocall_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_set_untrusted_event_ocall_t)); + ocalloc_size -= sizeof(ms_sgx_thread_set_untrusted_event_ocall_t); + + ms->ms_waiter = waiter; + status = sgx_ocall(60, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL sgx_thread_setwait_untrusted_events_ocall(int* retval, const void* waiter, const void* self) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_sgx_thread_setwait_untrusted_events_ocall_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t)); + ocalloc_size -= sizeof(ms_sgx_thread_setwait_untrusted_events_ocall_t); + + ms->ms_waiter = waiter; + ms->ms_self = self; + status = sgx_ocall(61, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL sgx_thread_set_multiple_untrusted_events_ocall(int* retval, const void** waiters, size_t total) +{ + sgx_status_t status = SGX_SUCCESS; + size_t _len_waiters = total * sizeof(void*); + + ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t); + void *__tmp = NULL; + + + CHECK_ENCLAVE_POINTER(waiters, _len_waiters); + + if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (waiters != NULL) ? _len_waiters : 0)) + return SGX_ERROR_INVALID_PARAMETER; + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_sgx_thread_set_multiple_untrusted_events_ocall_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t)); + ocalloc_size -= sizeof(ms_sgx_thread_set_multiple_untrusted_events_ocall_t); + + if (waiters != NULL) { + ms->ms_waiters = (const void**)__tmp; + if (_len_waiters % sizeof(*waiters) != 0) { + sgx_ocfree(); + return SGX_ERROR_INVALID_PARAMETER; + } + if (memcpy_s(__tmp, ocalloc_size, waiters, _len_waiters)) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + __tmp = (void *)((size_t)__tmp + _len_waiters); + ocalloc_size -= _len_waiters; + } else { + ms->ms_waiters = NULL; + } + + ms->ms_total = total; + status = sgx_ocall(62, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + diff --git a/codegen/auth_enclave/Enclave_t.h b/codegen/auth_enclave/rtc_auth_t.h similarity index 82% rename from codegen/auth_enclave/Enclave_t.h rename to codegen/auth_enclave/rtc_auth_t.h index bbad0429..d69a044b 100644 --- a/codegen/auth_enclave/Enclave_t.h +++ b/codegen/auth_enclave/rtc_auth_t.h @@ -1,5 +1,5 @@ -#ifndef ENCLAVE_T_H__ -#define ENCLAVE_T_H__ +#ifndef RTC_AUTH_T_H__ +#define RTC_AUTH_T_H__ #include #include @@ -7,12 +7,15 @@ #include "sgx_edger8r.h" /* for sgx_ocall etc. */ #include "sgx_report.h" +#include "sgx_dh.h" #include "bindings.h" #include "time.h" #include "inc/stat.h" #include "sys/uio.h" #include "inc/stat.h" #include "inc/dirent.h" +#include "sgx_eid.h" +#include "sgx_dh.h" #include /* for size_t */ @@ -25,6 +28,9 @@ extern "C" { CreateReportResult enclave_create_report(const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); void t_global_init_ecall(uint64_t id, const uint8_t* path, size_t len); void t_global_exit_ecall(void); +SessionRequestResult session_request(sgx_enclave_id_t src_enclave_id); +ExchangeReportResult exchange_report(sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2); +sgx_status_t end_session(sgx_enclave_id_t src_enclave_id); sgx_status_t SGX_CDECL u_thread_set_event_ocall(int* retval, int* error, const void* tcs); sgx_status_t SGX_CDECL u_thread_wait_event_ocall(int* retval, int* error, const void* tcs, const struct timespec* timeout); @@ -81,6 +87,14 @@ sgx_status_t SGX_CDECL u_readdir64_r_ocall(int* retval, void* dirp, struct diren sgx_status_t SGX_CDECL u_closedir_ocall(int* retval, int* error, void* dirp); sgx_status_t SGX_CDECL u_dirfd_ocall(int* retval, int* error, void* dirp); sgx_status_t SGX_CDECL u_fstatat64_ocall(int* retval, int* error, int dirfd, const char* pathname, struct stat64_t* buf, int flags); +sgx_status_t SGX_CDECL rtc_session_request_u(SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); +sgx_status_t SGX_CDECL rtc_exchange_report_u(ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2); +sgx_status_t SGX_CDECL rtc_end_session_u(sgx_status_t* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); +sgx_status_t SGX_CDECL sgx_oc_cpuidex(int cpuinfo[4], int leaf, int subleaf); +sgx_status_t SGX_CDECL sgx_thread_wait_untrusted_event_ocall(int* retval, const void* self); +sgx_status_t SGX_CDECL sgx_thread_set_untrusted_event_ocall(int* retval, const void* waiter); +sgx_status_t SGX_CDECL sgx_thread_setwait_untrusted_events_ocall(int* retval, const void* waiter, const void* self); +sgx_status_t SGX_CDECL sgx_thread_set_multiple_untrusted_events_ocall(int* retval, const void** waiters, size_t total); #ifdef __cplusplus } diff --git a/codegen/auth_enclave/Enclave_u.c b/codegen/auth_enclave/rtc_auth_u.c similarity index 60% rename from codegen/auth_enclave/Enclave_u.c rename to codegen/auth_enclave/rtc_auth_u.c index 991533ef..35caa9bf 100644 --- a/codegen/auth_enclave/Enclave_u.c +++ b/codegen/auth_enclave/rtc_auth_u.c @@ -1,4 +1,4 @@ -#include "Enclave_u.h" +#include "rtc_auth_u.h" #include typedef struct ms_enclave_create_report_t { @@ -14,6 +14,22 @@ typedef struct ms_t_global_init_ecall_t { size_t ms_len; } ms_t_global_init_ecall_t; +typedef struct ms_session_request_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_session_request_t; + +typedef struct ms_exchange_report_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + const sgx_dh_msg2_t* ms_dh_msg2; +} ms_exchange_report_t; + +typedef struct ms_end_session_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_end_session_t; + typedef struct ms_u_thread_set_event_ocall_t { int ms_retval; int* ms_error; @@ -412,7 +428,54 @@ typedef struct ms_u_fstatat64_ocall_t { int ms_flags; } ms_u_fstatat64_ocall_t; -static sgx_status_t SGX_CDECL Enclave_u_thread_set_event_ocall(void* pms) +typedef struct ms_rtc_session_request_u_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_session_request_u_t; + +typedef struct ms_rtc_exchange_report_u_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; + sgx_dh_msg2_t* ms_dh_msg2; +} ms_rtc_exchange_report_u_t; + +typedef struct ms_rtc_end_session_u_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_end_session_u_t; + +typedef struct ms_sgx_oc_cpuidex_t { + int* ms_cpuinfo; + int ms_leaf; + int ms_subleaf; +} ms_sgx_oc_cpuidex_t; + +typedef struct ms_sgx_thread_wait_untrusted_event_ocall_t { + int ms_retval; + const void* ms_self; +} ms_sgx_thread_wait_untrusted_event_ocall_t; + +typedef struct ms_sgx_thread_set_untrusted_event_ocall_t { + int ms_retval; + const void* ms_waiter; +} ms_sgx_thread_set_untrusted_event_ocall_t; + +typedef struct ms_sgx_thread_setwait_untrusted_events_ocall_t { + int ms_retval; + const void* ms_waiter; + const void* ms_self; +} ms_sgx_thread_setwait_untrusted_events_ocall_t; + +typedef struct ms_sgx_thread_set_multiple_untrusted_events_ocall_t { + int ms_retval; + const void** ms_waiters; + size_t ms_total; +} ms_sgx_thread_set_multiple_untrusted_events_ocall_t; + +static sgx_status_t SGX_CDECL rtc_auth_u_thread_set_event_ocall(void* pms) { ms_u_thread_set_event_ocall_t* ms = SGX_CAST(ms_u_thread_set_event_ocall_t*, pms); ms->ms_retval = u_thread_set_event_ocall(ms->ms_error, ms->ms_tcs); @@ -420,7 +483,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_set_event_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_wait_event_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_thread_wait_event_ocall(void* pms) { ms_u_thread_wait_event_ocall_t* ms = SGX_CAST(ms_u_thread_wait_event_ocall_t*, pms); ms->ms_retval = u_thread_wait_event_ocall(ms->ms_error, ms->ms_tcs, ms->ms_timeout); @@ -428,7 +491,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_wait_event_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_set_multiple_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_thread_set_multiple_events_ocall(void* pms) { ms_u_thread_set_multiple_events_ocall_t* ms = SGX_CAST(ms_u_thread_set_multiple_events_ocall_t*, pms); ms->ms_retval = u_thread_set_multiple_events_ocall(ms->ms_error, ms->ms_tcss, ms->ms_total); @@ -436,7 +499,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_set_multiple_events_ocall(void* p return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_setwait_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_thread_setwait_events_ocall(void* pms) { ms_u_thread_setwait_events_ocall_t* ms = SGX_CAST(ms_u_thread_setwait_events_ocall_t*, pms); ms->ms_retval = u_thread_setwait_events_ocall(ms->ms_error, ms->ms_waiter_tcs, ms->ms_self_tcs, ms->ms_timeout); @@ -444,7 +507,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_setwait_events_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_clock_gettime_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_clock_gettime_ocall(void* pms) { ms_u_clock_gettime_ocall_t* ms = SGX_CAST(ms_u_clock_gettime_ocall_t*, pms); ms->ms_retval = u_clock_gettime_ocall(ms->ms_error, ms->ms_clk_id, ms->ms_tp); @@ -452,7 +515,7 @@ static sgx_status_t SGX_CDECL Enclave_u_clock_gettime_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_read_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_read_ocall(void* pms) { ms_u_read_ocall_t* ms = SGX_CAST(ms_u_read_ocall_t*, pms); ms->ms_retval = u_read_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count); @@ -460,7 +523,7 @@ static sgx_status_t SGX_CDECL Enclave_u_read_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pread64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_pread64_ocall(void* pms) { ms_u_pread64_ocall_t* ms = SGX_CAST(ms_u_pread64_ocall_t*, pms); ms->ms_retval = u_pread64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count, ms->ms_offset); @@ -468,7 +531,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pread64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readv_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_readv_ocall(void* pms) { ms_u_readv_ocall_t* ms = SGX_CAST(ms_u_readv_ocall_t*, pms); ms->ms_retval = u_readv_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt); @@ -476,7 +539,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readv_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_preadv64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_preadv64_ocall(void* pms) { ms_u_preadv64_ocall_t* ms = SGX_CAST(ms_u_preadv64_ocall_t*, pms); ms->ms_retval = u_preadv64_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt, ms->ms_offset); @@ -484,7 +547,7 @@ static sgx_status_t SGX_CDECL Enclave_u_preadv64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_write_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_write_ocall(void* pms) { ms_u_write_ocall_t* ms = SGX_CAST(ms_u_write_ocall_t*, pms); ms->ms_retval = u_write_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count); @@ -492,7 +555,7 @@ static sgx_status_t SGX_CDECL Enclave_u_write_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pwrite64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_pwrite64_ocall(void* pms) { ms_u_pwrite64_ocall_t* ms = SGX_CAST(ms_u_pwrite64_ocall_t*, pms); ms->ms_retval = u_pwrite64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count, ms->ms_offset); @@ -500,7 +563,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pwrite64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_writev_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_writev_ocall(void* pms) { ms_u_writev_ocall_t* ms = SGX_CAST(ms_u_writev_ocall_t*, pms); ms->ms_retval = u_writev_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt); @@ -508,7 +571,7 @@ static sgx_status_t SGX_CDECL Enclave_u_writev_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pwritev64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_pwritev64_ocall(void* pms) { ms_u_pwritev64_ocall_t* ms = SGX_CAST(ms_u_pwritev64_ocall_t*, pms); ms->ms_retval = u_pwritev64_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt, ms->ms_offset); @@ -516,7 +579,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pwritev64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg0_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fcntl_arg0_ocall(void* pms) { ms_u_fcntl_arg0_ocall_t* ms = SGX_CAST(ms_u_fcntl_arg0_ocall_t*, pms); ms->ms_retval = u_fcntl_arg0_ocall(ms->ms_error, ms->ms_fd, ms->ms_cmd); @@ -524,7 +587,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg0_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg1_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fcntl_arg1_ocall(void* pms) { ms_u_fcntl_arg1_ocall_t* ms = SGX_CAST(ms_u_fcntl_arg1_ocall_t*, pms); ms->ms_retval = u_fcntl_arg1_ocall(ms->ms_error, ms->ms_fd, ms->ms_cmd, ms->ms_arg); @@ -532,7 +595,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg1_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg0_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_ioctl_arg0_ocall(void* pms) { ms_u_ioctl_arg0_ocall_t* ms = SGX_CAST(ms_u_ioctl_arg0_ocall_t*, pms); ms->ms_retval = u_ioctl_arg0_ocall(ms->ms_error, ms->ms_fd, ms->ms_request); @@ -540,7 +603,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg0_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg1_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_ioctl_arg1_ocall(void* pms) { ms_u_ioctl_arg1_ocall_t* ms = SGX_CAST(ms_u_ioctl_arg1_ocall_t*, pms); ms->ms_retval = u_ioctl_arg1_ocall(ms->ms_error, ms->ms_fd, ms->ms_request, ms->ms_arg); @@ -548,7 +611,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg1_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_close_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_close_ocall(void* pms) { ms_u_close_ocall_t* ms = SGX_CAST(ms_u_close_ocall_t*, pms); ms->ms_retval = u_close_ocall(ms->ms_error, ms->ms_fd); @@ -556,7 +619,7 @@ static sgx_status_t SGX_CDECL Enclave_u_close_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_malloc_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_malloc_ocall(void* pms) { ms_u_malloc_ocall_t* ms = SGX_CAST(ms_u_malloc_ocall_t*, pms); ms->ms_retval = u_malloc_ocall(ms->ms_error, ms->ms_size); @@ -564,7 +627,7 @@ static sgx_status_t SGX_CDECL Enclave_u_malloc_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_free_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_free_ocall(void* pms) { ms_u_free_ocall_t* ms = SGX_CAST(ms_u_free_ocall_t*, pms); u_free_ocall(ms->ms_p); @@ -572,7 +635,7 @@ static sgx_status_t SGX_CDECL Enclave_u_free_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mmap_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_mmap_ocall(void* pms) { ms_u_mmap_ocall_t* ms = SGX_CAST(ms_u_mmap_ocall_t*, pms); ms->ms_retval = u_mmap_ocall(ms->ms_error, ms->ms_start, ms->ms_length, ms->ms_prot, ms->ms_flags, ms->ms_fd, ms->ms_offset); @@ -580,7 +643,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mmap_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_munmap_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_munmap_ocall(void* pms) { ms_u_munmap_ocall_t* ms = SGX_CAST(ms_u_munmap_ocall_t*, pms); ms->ms_retval = u_munmap_ocall(ms->ms_error, ms->ms_start, ms->ms_length); @@ -588,7 +651,7 @@ static sgx_status_t SGX_CDECL Enclave_u_munmap_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_msync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_msync_ocall(void* pms) { ms_u_msync_ocall_t* ms = SGX_CAST(ms_u_msync_ocall_t*, pms); ms->ms_retval = u_msync_ocall(ms->ms_error, ms->ms_addr, ms->ms_length, ms->ms_flags); @@ -596,7 +659,7 @@ static sgx_status_t SGX_CDECL Enclave_u_msync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mprotect_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_mprotect_ocall(void* pms) { ms_u_mprotect_ocall_t* ms = SGX_CAST(ms_u_mprotect_ocall_t*, pms); ms->ms_retval = u_mprotect_ocall(ms->ms_error, ms->ms_addr, ms->ms_length, ms->ms_prot); @@ -604,7 +667,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mprotect_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_open_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_open_ocall(void* pms) { ms_u_open_ocall_t* ms = SGX_CAST(ms_u_open_ocall_t*, pms); ms->ms_retval = u_open_ocall(ms->ms_error, ms->ms_pathname, ms->ms_flags); @@ -612,7 +675,7 @@ static sgx_status_t SGX_CDECL Enclave_u_open_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_open64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_open64_ocall(void* pms) { ms_u_open64_ocall_t* ms = SGX_CAST(ms_u_open64_ocall_t*, pms); ms->ms_retval = u_open64_ocall(ms->ms_error, ms->ms_path, ms->ms_oflag, ms->ms_mode); @@ -620,7 +683,7 @@ static sgx_status_t SGX_CDECL Enclave_u_open64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fstat_ocall(void* pms) { ms_u_fstat_ocall_t* ms = SGX_CAST(ms_u_fstat_ocall_t*, pms); ms->ms_retval = u_fstat_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf); @@ -628,7 +691,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fstat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fstat64_ocall(void* pms) { ms_u_fstat64_ocall_t* ms = SGX_CAST(ms_u_fstat64_ocall_t*, pms); ms->ms_retval = u_fstat64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf); @@ -636,7 +699,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fstat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_stat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_stat_ocall(void* pms) { ms_u_stat_ocall_t* ms = SGX_CAST(ms_u_stat_ocall_t*, pms); ms->ms_retval = u_stat_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -644,7 +707,7 @@ static sgx_status_t SGX_CDECL Enclave_u_stat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_stat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_stat64_ocall(void* pms) { ms_u_stat64_ocall_t* ms = SGX_CAST(ms_u_stat64_ocall_t*, pms); ms->ms_retval = u_stat64_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -652,7 +715,7 @@ static sgx_status_t SGX_CDECL Enclave_u_stat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lstat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_lstat_ocall(void* pms) { ms_u_lstat_ocall_t* ms = SGX_CAST(ms_u_lstat_ocall_t*, pms); ms->ms_retval = u_lstat_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -660,7 +723,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lstat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lstat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_lstat64_ocall(void* pms) { ms_u_lstat64_ocall_t* ms = SGX_CAST(ms_u_lstat64_ocall_t*, pms); ms->ms_retval = u_lstat64_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -668,7 +731,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lstat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lseek_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_lseek_ocall(void* pms) { ms_u_lseek_ocall_t* ms = SGX_CAST(ms_u_lseek_ocall_t*, pms); ms->ms_retval = u_lseek_ocall(ms->ms_error, ms->ms_fd, ms->ms_offset, ms->ms_whence); @@ -676,7 +739,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lseek_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lseek64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_lseek64_ocall(void* pms) { ms_u_lseek64_ocall_t* ms = SGX_CAST(ms_u_lseek64_ocall_t*, pms); ms->ms_retval = u_lseek64_ocall(ms->ms_error, ms->ms_fd, ms->ms_offset, ms->ms_whence); @@ -684,7 +747,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lseek64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ftruncate_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_ftruncate_ocall(void* pms) { ms_u_ftruncate_ocall_t* ms = SGX_CAST(ms_u_ftruncate_ocall_t*, pms); ms->ms_retval = u_ftruncate_ocall(ms->ms_error, ms->ms_fd, ms->ms_length); @@ -692,7 +755,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ftruncate_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ftruncate64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_ftruncate64_ocall(void* pms) { ms_u_ftruncate64_ocall_t* ms = SGX_CAST(ms_u_ftruncate64_ocall_t*, pms); ms->ms_retval = u_ftruncate64_ocall(ms->ms_error, ms->ms_fd, ms->ms_length); @@ -700,7 +763,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ftruncate64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_truncate_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_truncate_ocall(void* pms) { ms_u_truncate_ocall_t* ms = SGX_CAST(ms_u_truncate_ocall_t*, pms); ms->ms_retval = u_truncate_ocall(ms->ms_error, ms->ms_path, ms->ms_length); @@ -708,7 +771,7 @@ static sgx_status_t SGX_CDECL Enclave_u_truncate_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_truncate64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_truncate64_ocall(void* pms) { ms_u_truncate64_ocall_t* ms = SGX_CAST(ms_u_truncate64_ocall_t*, pms); ms->ms_retval = u_truncate64_ocall(ms->ms_error, ms->ms_path, ms->ms_length); @@ -716,7 +779,7 @@ static sgx_status_t SGX_CDECL Enclave_u_truncate64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fsync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fsync_ocall(void* pms) { ms_u_fsync_ocall_t* ms = SGX_CAST(ms_u_fsync_ocall_t*, pms); ms->ms_retval = u_fsync_ocall(ms->ms_error, ms->ms_fd); @@ -724,7 +787,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fsync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fdatasync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fdatasync_ocall(void* pms) { ms_u_fdatasync_ocall_t* ms = SGX_CAST(ms_u_fdatasync_ocall_t*, pms); ms->ms_retval = u_fdatasync_ocall(ms->ms_error, ms->ms_fd); @@ -732,7 +795,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fdatasync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fchmod_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fchmod_ocall(void* pms) { ms_u_fchmod_ocall_t* ms = SGX_CAST(ms_u_fchmod_ocall_t*, pms); ms->ms_retval = u_fchmod_ocall(ms->ms_error, ms->ms_fd, ms->ms_mode); @@ -740,7 +803,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fchmod_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_unlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_unlink_ocall(void* pms) { ms_u_unlink_ocall_t* ms = SGX_CAST(ms_u_unlink_ocall_t*, pms); ms->ms_retval = u_unlink_ocall(ms->ms_error, ms->ms_pathname); @@ -748,7 +811,7 @@ static sgx_status_t SGX_CDECL Enclave_u_unlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_link_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_link_ocall(void* pms) { ms_u_link_ocall_t* ms = SGX_CAST(ms_u_link_ocall_t*, pms); ms->ms_retval = u_link_ocall(ms->ms_error, ms->ms_oldpath, ms->ms_newpath); @@ -756,7 +819,7 @@ static sgx_status_t SGX_CDECL Enclave_u_link_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_rename_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_rename_ocall(void* pms) { ms_u_rename_ocall_t* ms = SGX_CAST(ms_u_rename_ocall_t*, pms); ms->ms_retval = u_rename_ocall(ms->ms_error, ms->ms_oldpath, ms->ms_newpath); @@ -764,7 +827,7 @@ static sgx_status_t SGX_CDECL Enclave_u_rename_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_chmod_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_chmod_ocall(void* pms) { ms_u_chmod_ocall_t* ms = SGX_CAST(ms_u_chmod_ocall_t*, pms); ms->ms_retval = u_chmod_ocall(ms->ms_error, ms->ms_path, ms->ms_mode); @@ -772,7 +835,7 @@ static sgx_status_t SGX_CDECL Enclave_u_chmod_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_readlink_ocall(void* pms) { ms_u_readlink_ocall_t* ms = SGX_CAST(ms_u_readlink_ocall_t*, pms); ms->ms_retval = u_readlink_ocall(ms->ms_error, ms->ms_path, ms->ms_buf, ms->ms_bufsz); @@ -780,7 +843,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_symlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_symlink_ocall(void* pms) { ms_u_symlink_ocall_t* ms = SGX_CAST(ms_u_symlink_ocall_t*, pms); ms->ms_retval = u_symlink_ocall(ms->ms_error, ms->ms_path1, ms->ms_path2); @@ -788,7 +851,7 @@ static sgx_status_t SGX_CDECL Enclave_u_symlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_realpath_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_realpath_ocall(void* pms) { ms_u_realpath_ocall_t* ms = SGX_CAST(ms_u_realpath_ocall_t*, pms); ms->ms_retval = u_realpath_ocall(ms->ms_error, ms->ms_pathname); @@ -796,7 +859,7 @@ static sgx_status_t SGX_CDECL Enclave_u_realpath_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mkdir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_mkdir_ocall(void* pms) { ms_u_mkdir_ocall_t* ms = SGX_CAST(ms_u_mkdir_ocall_t*, pms); ms->ms_retval = u_mkdir_ocall(ms->ms_error, ms->ms_pathname, ms->ms_mode); @@ -804,7 +867,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mkdir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_rmdir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_rmdir_ocall(void* pms) { ms_u_rmdir_ocall_t* ms = SGX_CAST(ms_u_rmdir_ocall_t*, pms); ms->ms_retval = u_rmdir_ocall(ms->ms_error, ms->ms_pathname); @@ -812,7 +875,7 @@ static sgx_status_t SGX_CDECL Enclave_u_rmdir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_opendir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_opendir_ocall(void* pms) { ms_u_opendir_ocall_t* ms = SGX_CAST(ms_u_opendir_ocall_t*, pms); ms->ms_retval = u_opendir_ocall(ms->ms_error, ms->ms_pathname); @@ -820,7 +883,7 @@ static sgx_status_t SGX_CDECL Enclave_u_opendir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readdir64_r_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_readdir64_r_ocall(void* pms) { ms_u_readdir64_r_ocall_t* ms = SGX_CAST(ms_u_readdir64_r_ocall_t*, pms); ms->ms_retval = u_readdir64_r_ocall(ms->ms_dirp, ms->ms_entry, ms->ms_result); @@ -828,7 +891,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readdir64_r_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_closedir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_closedir_ocall(void* pms) { ms_u_closedir_ocall_t* ms = SGX_CAST(ms_u_closedir_ocall_t*, pms); ms->ms_retval = u_closedir_ocall(ms->ms_error, ms->ms_dirp); @@ -836,7 +899,7 @@ static sgx_status_t SGX_CDECL Enclave_u_closedir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_dirfd_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_dirfd_ocall(void* pms) { ms_u_dirfd_ocall_t* ms = SGX_CAST(ms_u_dirfd_ocall_t*, pms); ms->ms_retval = u_dirfd_ocall(ms->ms_error, ms->ms_dirp); @@ -844,7 +907,7 @@ static sgx_status_t SGX_CDECL Enclave_u_dirfd_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstatat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_auth_u_fstatat64_ocall(void* pms) { ms_u_fstatat64_ocall_t* ms = SGX_CAST(ms_u_fstatat64_ocall_t*, pms); ms->ms_retval = u_fstatat64_ocall(ms->ms_error, ms->ms_dirfd, ms->ms_pathname, ms->ms_buf, ms->ms_flags); @@ -852,96 +915,199 @@ static sgx_status_t SGX_CDECL Enclave_u_fstatat64_ocall(void* pms) return SGX_SUCCESS; } +static sgx_status_t SGX_CDECL rtc_auth_rtc_session_request_u(void* pms) +{ + ms_rtc_session_request_u_t* ms = SGX_CAST(ms_rtc_session_request_u_t*, pms); + ms->ms_retval = rtc_session_request_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_rtc_exchange_report_u(void* pms) +{ + ms_rtc_exchange_report_u_t* ms = SGX_CAST(ms_rtc_exchange_report_u_t*, pms); + ms->ms_retval = rtc_exchange_report_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id, ms->ms_dh_msg2); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_rtc_end_session_u(void* pms) +{ + ms_rtc_end_session_u_t* ms = SGX_CAST(ms_rtc_end_session_u_t*, pms); + ms->ms_retval = rtc_end_session_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_sgx_oc_cpuidex(void* pms) +{ + ms_sgx_oc_cpuidex_t* ms = SGX_CAST(ms_sgx_oc_cpuidex_t*, pms); + sgx_oc_cpuidex(ms->ms_cpuinfo, ms->ms_leaf, ms->ms_subleaf); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_sgx_thread_wait_untrusted_event_ocall(void* pms) +{ + ms_sgx_thread_wait_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_wait_untrusted_event_ocall_t*, pms); + ms->ms_retval = sgx_thread_wait_untrusted_event_ocall(ms->ms_self); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_sgx_thread_set_untrusted_event_ocall(void* pms) +{ + ms_sgx_thread_set_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_untrusted_event_ocall_t*, pms); + ms->ms_retval = sgx_thread_set_untrusted_event_ocall(ms->ms_waiter); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_sgx_thread_setwait_untrusted_events_ocall(void* pms) +{ + ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_setwait_untrusted_events_ocall_t*, pms); + ms->ms_retval = sgx_thread_setwait_untrusted_events_ocall(ms->ms_waiter, ms->ms_self); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_auth_sgx_thread_set_multiple_untrusted_events_ocall(void* pms) +{ + ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_multiple_untrusted_events_ocall_t*, pms); + ms->ms_retval = sgx_thread_set_multiple_untrusted_events_ocall(ms->ms_waiters, ms->ms_total); + + return SGX_SUCCESS; +} + static const struct { size_t nr_ocall; - void * table[55]; -} ocall_table_Enclave = { - 55, + void * table[63]; +} ocall_table_rtc_auth = { + 63, { - (void*)Enclave_u_thread_set_event_ocall, - (void*)Enclave_u_thread_wait_event_ocall, - (void*)Enclave_u_thread_set_multiple_events_ocall, - (void*)Enclave_u_thread_setwait_events_ocall, - (void*)Enclave_u_clock_gettime_ocall, - (void*)Enclave_u_read_ocall, - (void*)Enclave_u_pread64_ocall, - (void*)Enclave_u_readv_ocall, - (void*)Enclave_u_preadv64_ocall, - (void*)Enclave_u_write_ocall, - (void*)Enclave_u_pwrite64_ocall, - (void*)Enclave_u_writev_ocall, - (void*)Enclave_u_pwritev64_ocall, - (void*)Enclave_u_fcntl_arg0_ocall, - (void*)Enclave_u_fcntl_arg1_ocall, - (void*)Enclave_u_ioctl_arg0_ocall, - (void*)Enclave_u_ioctl_arg1_ocall, - (void*)Enclave_u_close_ocall, - (void*)Enclave_u_malloc_ocall, - (void*)Enclave_u_free_ocall, - (void*)Enclave_u_mmap_ocall, - (void*)Enclave_u_munmap_ocall, - (void*)Enclave_u_msync_ocall, - (void*)Enclave_u_mprotect_ocall, - (void*)Enclave_u_open_ocall, - (void*)Enclave_u_open64_ocall, - (void*)Enclave_u_fstat_ocall, - (void*)Enclave_u_fstat64_ocall, - (void*)Enclave_u_stat_ocall, - (void*)Enclave_u_stat64_ocall, - (void*)Enclave_u_lstat_ocall, - (void*)Enclave_u_lstat64_ocall, - (void*)Enclave_u_lseek_ocall, - (void*)Enclave_u_lseek64_ocall, - (void*)Enclave_u_ftruncate_ocall, - (void*)Enclave_u_ftruncate64_ocall, - (void*)Enclave_u_truncate_ocall, - (void*)Enclave_u_truncate64_ocall, - (void*)Enclave_u_fsync_ocall, - (void*)Enclave_u_fdatasync_ocall, - (void*)Enclave_u_fchmod_ocall, - (void*)Enclave_u_unlink_ocall, - (void*)Enclave_u_link_ocall, - (void*)Enclave_u_rename_ocall, - (void*)Enclave_u_chmod_ocall, - (void*)Enclave_u_readlink_ocall, - (void*)Enclave_u_symlink_ocall, - (void*)Enclave_u_realpath_ocall, - (void*)Enclave_u_mkdir_ocall, - (void*)Enclave_u_rmdir_ocall, - (void*)Enclave_u_opendir_ocall, - (void*)Enclave_u_readdir64_r_ocall, - (void*)Enclave_u_closedir_ocall, - (void*)Enclave_u_dirfd_ocall, - (void*)Enclave_u_fstatat64_ocall, + (void*)rtc_auth_u_thread_set_event_ocall, + (void*)rtc_auth_u_thread_wait_event_ocall, + (void*)rtc_auth_u_thread_set_multiple_events_ocall, + (void*)rtc_auth_u_thread_setwait_events_ocall, + (void*)rtc_auth_u_clock_gettime_ocall, + (void*)rtc_auth_u_read_ocall, + (void*)rtc_auth_u_pread64_ocall, + (void*)rtc_auth_u_readv_ocall, + (void*)rtc_auth_u_preadv64_ocall, + (void*)rtc_auth_u_write_ocall, + (void*)rtc_auth_u_pwrite64_ocall, + (void*)rtc_auth_u_writev_ocall, + (void*)rtc_auth_u_pwritev64_ocall, + (void*)rtc_auth_u_fcntl_arg0_ocall, + (void*)rtc_auth_u_fcntl_arg1_ocall, + (void*)rtc_auth_u_ioctl_arg0_ocall, + (void*)rtc_auth_u_ioctl_arg1_ocall, + (void*)rtc_auth_u_close_ocall, + (void*)rtc_auth_u_malloc_ocall, + (void*)rtc_auth_u_free_ocall, + (void*)rtc_auth_u_mmap_ocall, + (void*)rtc_auth_u_munmap_ocall, + (void*)rtc_auth_u_msync_ocall, + (void*)rtc_auth_u_mprotect_ocall, + (void*)rtc_auth_u_open_ocall, + (void*)rtc_auth_u_open64_ocall, + (void*)rtc_auth_u_fstat_ocall, + (void*)rtc_auth_u_fstat64_ocall, + (void*)rtc_auth_u_stat_ocall, + (void*)rtc_auth_u_stat64_ocall, + (void*)rtc_auth_u_lstat_ocall, + (void*)rtc_auth_u_lstat64_ocall, + (void*)rtc_auth_u_lseek_ocall, + (void*)rtc_auth_u_lseek64_ocall, + (void*)rtc_auth_u_ftruncate_ocall, + (void*)rtc_auth_u_ftruncate64_ocall, + (void*)rtc_auth_u_truncate_ocall, + (void*)rtc_auth_u_truncate64_ocall, + (void*)rtc_auth_u_fsync_ocall, + (void*)rtc_auth_u_fdatasync_ocall, + (void*)rtc_auth_u_fchmod_ocall, + (void*)rtc_auth_u_unlink_ocall, + (void*)rtc_auth_u_link_ocall, + (void*)rtc_auth_u_rename_ocall, + (void*)rtc_auth_u_chmod_ocall, + (void*)rtc_auth_u_readlink_ocall, + (void*)rtc_auth_u_symlink_ocall, + (void*)rtc_auth_u_realpath_ocall, + (void*)rtc_auth_u_mkdir_ocall, + (void*)rtc_auth_u_rmdir_ocall, + (void*)rtc_auth_u_opendir_ocall, + (void*)rtc_auth_u_readdir64_r_ocall, + (void*)rtc_auth_u_closedir_ocall, + (void*)rtc_auth_u_dirfd_ocall, + (void*)rtc_auth_u_fstatat64_ocall, + (void*)rtc_auth_rtc_session_request_u, + (void*)rtc_auth_rtc_exchange_report_u, + (void*)rtc_auth_rtc_end_session_u, + (void*)rtc_auth_sgx_oc_cpuidex, + (void*)rtc_auth_sgx_thread_wait_untrusted_event_ocall, + (void*)rtc_auth_sgx_thread_set_untrusted_event_ocall, + (void*)rtc_auth_sgx_thread_setwait_untrusted_events_ocall, + (void*)rtc_auth_sgx_thread_set_multiple_untrusted_events_ocall, } }; -sgx_status_t enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report) +sgx_status_t rtc_auth_enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report) { sgx_status_t status; ms_enclave_create_report_t ms; ms.ms_p_qe3_target = p_qe3_target; ms.ms_enclave_data = (EnclaveHeldData *)&enclave_data[0]; ms.ms_p_report = p_report; - status = sgx_ecall(eid, 0, &ocall_table_Enclave, &ms); + status = sgx_ecall(eid, 0, &ocall_table_rtc_auth, &ms); if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } -sgx_status_t t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len) +sgx_status_t rtc_auth_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len) { sgx_status_t status; ms_t_global_init_ecall_t ms; ms.ms_id = id; ms.ms_path = path; ms.ms_len = len; - status = sgx_ecall(eid, 1, &ocall_table_Enclave, &ms); + status = sgx_ecall(eid, 1, &ocall_table_rtc_auth, &ms); + return status; +} + +sgx_status_t rtc_auth_t_global_exit_ecall(sgx_enclave_id_t eid) +{ + sgx_status_t status; + status = sgx_ecall(eid, 2, &ocall_table_rtc_auth, NULL); return status; } -sgx_status_t t_global_exit_ecall(sgx_enclave_id_t eid) +sgx_status_t rtc_auth_session_request(sgx_enclave_id_t eid, SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id) { sgx_status_t status; - status = sgx_ecall(eid, 2, &ocall_table_Enclave, NULL); + ms_session_request_t ms; + ms.ms_src_enclave_id = src_enclave_id; + status = sgx_ecall(eid, 3, &ocall_table_rtc_auth, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; + return status; +} + +sgx_status_t rtc_auth_exchange_report(sgx_enclave_id_t eid, ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2) +{ + sgx_status_t status; + ms_exchange_report_t ms; + ms.ms_src_enclave_id = src_enclave_id; + ms.ms_dh_msg2 = dh_msg2; + status = sgx_ecall(eid, 4, &ocall_table_rtc_auth, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; + return status; +} + +sgx_status_t rtc_auth_end_session(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t src_enclave_id) +{ + sgx_status_t status; + ms_end_session_t ms; + ms.ms_src_enclave_id = src_enclave_id; + status = sgx_ecall(eid, 5, &ocall_table_rtc_auth, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } diff --git a/codegen/auth_enclave/Enclave_u.h b/codegen/auth_enclave/rtc_auth_u.h similarity index 79% rename from codegen/auth_enclave/Enclave_u.h rename to codegen/auth_enclave/rtc_auth_u.h index a72eb278..c3a5bcec 100644 --- a/codegen/auth_enclave/Enclave_u.h +++ b/codegen/auth_enclave/rtc_auth_u.h @@ -1,5 +1,5 @@ -#ifndef ENCLAVE_U_H__ -#define ENCLAVE_U_H__ +#ifndef RTC_AUTH_U_H__ +#define RTC_AUTH_U_H__ #include #include @@ -8,12 +8,15 @@ #include "sgx_edger8r.h" /* for sgx_status_t etc. */ #include "sgx_report.h" +#include "sgx_dh.h" #include "bindings.h" #include "time.h" #include "inc/stat.h" #include "sys/uio.h" #include "inc/stat.h" #include "inc/dirent.h" +#include "sgx_eid.h" +#include "sgx_dh.h" #include /* for size_t */ @@ -243,10 +246,45 @@ int SGX_UBRIDGE(SGX_NOCONVENTION, u_dirfd_ocall, (int* error, void* dirp)); #define U_FSTATAT64_OCALL_DEFINED__ int SGX_UBRIDGE(SGX_NOCONVENTION, u_fstatat64_ocall, (int* error, int dirfd, const char* pathname, struct stat64_t* buf, int flags)); #endif +#ifndef RTC_SESSION_REQUEST_U_DEFINED__ +#define RTC_SESSION_REQUEST_U_DEFINED__ +SessionRequestResult SGX_UBRIDGE(SGX_NOCONVENTION, rtc_session_request_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)); +#endif +#ifndef RTC_EXCHANGE_REPORT_U_DEFINED__ +#define RTC_EXCHANGE_REPORT_U_DEFINED__ +ExchangeReportResult SGX_UBRIDGE(SGX_NOCONVENTION, rtc_exchange_report_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2)); +#endif +#ifndef RTC_END_SESSION_U_DEFINED__ +#define RTC_END_SESSION_U_DEFINED__ +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, rtc_end_session_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)); +#endif +#ifndef SGX_OC_CPUIDEX_DEFINED__ +#define SGX_OC_CPUIDEX_DEFINED__ +void SGX_UBRIDGE(SGX_CDECL, sgx_oc_cpuidex, (int cpuinfo[4], int leaf, int subleaf)); +#endif +#ifndef SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ +#define SGX_THREAD_WAIT_UNTRUSTED_EVENT_OCALL_DEFINED__ +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_wait_untrusted_event_ocall, (const void* self)); +#endif +#ifndef SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ +#define SGX_THREAD_SET_UNTRUSTED_EVENT_OCALL_DEFINED__ +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_untrusted_event_ocall, (const void* waiter)); +#endif +#ifndef SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ +#define SGX_THREAD_SETWAIT_UNTRUSTED_EVENTS_OCALL_DEFINED__ +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_setwait_untrusted_events_ocall, (const void* waiter, const void* self)); +#endif +#ifndef SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ +#define SGX_THREAD_SET_MULTIPLE_UNTRUSTED_EVENTS_OCALL_DEFINED__ +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_multiple_untrusted_events_ocall, (const void** waiters, size_t total)); +#endif -sgx_status_t enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); -sgx_status_t t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len); -sgx_status_t t_global_exit_ecall(sgx_enclave_id_t eid); +sgx_status_t rtc_auth_enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); +sgx_status_t rtc_auth_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len); +sgx_status_t rtc_auth_t_global_exit_ecall(sgx_enclave_id_t eid); +sgx_status_t rtc_auth_session_request(sgx_enclave_id_t eid, SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id); +sgx_status_t rtc_auth_exchange_report(sgx_enclave_id_t eid, ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2); +sgx_status_t rtc_auth_end_session(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t src_enclave_id); #ifdef __cplusplus } diff --git a/codegen/data_enclave/bindings.h b/codegen/data_enclave/bindings.h index 8234ced6..0e25e5dc 100644 --- a/codegen/data_enclave/bindings.h +++ b/codegen/data_enclave/bindings.h @@ -76,6 +76,50 @@ typedef struct UploadMetadata { uint8_t nonce[24]; } UploadMetadata; +/** + * FFI safe result type that can be converted to and from a rust result. + */ +typedef enum EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag { + Ok_sgx_dh_msg1_t__sgx_status_t, + Err_sgx_dh_msg1_t__sgx_status_t, +} EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag; + +typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t { + EcallResult_sgx_dh_msg1_t__sgx_status_t_Tag tag; + union { + struct { + sgx_dh_msg1_t ok; + }; + struct { + sgx_status_t err; + }; + }; +} EcallResult_sgx_dh_msg1_t__sgx_status_t; + +typedef struct EcallResult_sgx_dh_msg1_t__sgx_status_t SessionRequestResult; + +/** + * FFI safe result type that can be converted to and from a rust result. + */ +typedef enum EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag { + Ok_sgx_dh_msg3_t__sgx_status_t, + Err_sgx_dh_msg3_t__sgx_status_t, +} EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag; + +typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t { + EcallResult_sgx_dh_msg3_t__sgx_status_t_Tag tag; + union { + struct { + sgx_dh_msg3_t ok; + }; + struct { + sgx_status_t err; + }; + }; +} EcallResult_sgx_dh_msg3_t__sgx_status_t; + +typedef struct EcallResult_sgx_dh_msg3_t__sgx_status_t ExchangeReportResult; + typedef enum CreateReportResult_Tag { Success, Sgx, diff --git a/codegen/data_enclave/Enclave_t.c b/codegen/data_enclave/rtc_data_t.c similarity index 93% rename from codegen/data_enclave/Enclave_t.c rename to codegen/data_enclave/rtc_data_t.c index 34ae19c8..ed7493cd 100644 --- a/codegen/data_enclave/Enclave_t.c +++ b/codegen/data_enclave/rtc_data_t.c @@ -1,4 +1,4 @@ -#include "Enclave_t.h" +#include "rtc_data_t.h" #include "sgx_trts.h" /* for sgx_ocalloc, sgx_is_outside_enclave */ #include "sgx_lfence.h" /* for sgx_lfence */ @@ -34,12 +34,17 @@ typedef struct ms_enclave_create_report_t { sgx_report_t* ms_p_report; } ms_enclave_create_report_t; -typedef struct ms_rtc_validate_and_save_t { +typedef struct ms_validate_and_save_t { DataUploadResult ms_retval; const uint8_t* ms_payload_ptr; size_t ms_payload_len; UploadMetadata ms_metadata; -} ms_rtc_validate_and_save_t; +} ms_validate_and_save_t; + +typedef struct ms_local_attestation_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_rtc_local_attestation; +} ms_local_attestation_t; typedef struct ms_t_global_init_ecall_t { uint64_t ms_id; @@ -47,6 +52,22 @@ typedef struct ms_t_global_init_ecall_t { size_t ms_len; } ms_t_global_init_ecall_t; +typedef struct ms_session_request_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_session_request_t; + +typedef struct ms_exchange_report_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + const sgx_dh_msg2_t* ms_dh_msg2; +} ms_exchange_report_t; + +typedef struct ms_end_session_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_end_session_t; + typedef struct ms_rtc_save_sealed_blob_u_t { sgx_status_t ms_retval; const uint8_t* ms_blob_ptr; @@ -543,6 +564,25 @@ typedef struct ms_u_sgxprotectedfs_do_file_recovery_t { uint32_t ms_node_size; } ms_u_sgxprotectedfs_do_file_recovery_t; +typedef struct ms_rtc_session_request_u_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_session_request_u_t; + +typedef struct ms_rtc_exchange_report_u_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; + sgx_dh_msg2_t* ms_dh_msg2; +} ms_rtc_exchange_report_u_t; + +typedef struct ms_rtc_end_session_u_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_end_session_u_t; + static sgx_status_t SGX_CDECL sgx_enclave_create_report(void* pms) { CHECK_REF_POINTER(pms, sizeof(ms_enclave_create_report_t)); @@ -622,14 +662,14 @@ static sgx_status_t SGX_CDECL sgx_enclave_create_report(void* pms) return status; } -static sgx_status_t SGX_CDECL sgx_rtc_validate_and_save(void* pms) +static sgx_status_t SGX_CDECL sgx_validate_and_save(void* pms) { - CHECK_REF_POINTER(pms, sizeof(ms_rtc_validate_and_save_t)); + CHECK_REF_POINTER(pms, sizeof(ms_validate_and_save_t)); // // fence after pointer checks // sgx_lfence(); - ms_rtc_validate_and_save_t* ms = SGX_CAST(ms_rtc_validate_and_save_t*, pms); + ms_validate_and_save_t* ms = SGX_CAST(ms_validate_and_save_t*, pms); sgx_status_t status = SGX_SUCCESS; const uint8_t* _tmp_payload_ptr = ms->ms_payload_ptr; size_t _tmp_payload_len = ms->ms_payload_len; @@ -667,13 +707,31 @@ static sgx_status_t SGX_CDECL sgx_rtc_validate_and_save(void* pms) } - ms->ms_retval = rtc_validate_and_save((const uint8_t*)_in_payload_ptr, _tmp_payload_len, ms->ms_metadata); + ms->ms_retval = validate_and_save((const uint8_t*)_in_payload_ptr, _tmp_payload_len, ms->ms_metadata); err: if (_in_payload_ptr) free(_in_payload_ptr); return status; } +static sgx_status_t SGX_CDECL sgx_local_attestation(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_local_attestation_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_local_attestation_t* ms = SGX_CAST(ms_local_attestation_t*, pms); + sgx_status_t status = SGX_SUCCESS; + + + + ms->ms_retval = local_attestation(ms->ms_rtc_local_attestation); + + + return status; +} + static sgx_status_t SGX_CDECL sgx_t_global_init_ecall(void* pms) { CHECK_REF_POINTER(pms, sizeof(ms_t_global_init_ecall_t)); @@ -729,96 +787,180 @@ static sgx_status_t SGX_CDECL sgx_t_global_exit_ecall(void* pms) return status; } +static sgx_status_t SGX_CDECL sgx_session_request(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_session_request_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_session_request_t* ms = SGX_CAST(ms_session_request_t*, pms); + sgx_status_t status = SGX_SUCCESS; + + + + ms->ms_retval = session_request(ms->ms_src_enclave_id); + + + return status; +} + +static sgx_status_t SGX_CDECL sgx_exchange_report(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_exchange_report_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_exchange_report_t* ms = SGX_CAST(ms_exchange_report_t*, pms); + sgx_status_t status = SGX_SUCCESS; + const sgx_dh_msg2_t* _tmp_dh_msg2 = ms->ms_dh_msg2; + size_t _len_dh_msg2 = sizeof(sgx_dh_msg2_t); + sgx_dh_msg2_t* _in_dh_msg2 = NULL; + + CHECK_UNIQUE_POINTER(_tmp_dh_msg2, _len_dh_msg2); + + // + // fence after pointer checks + // + sgx_lfence(); + + if (_tmp_dh_msg2 != NULL && _len_dh_msg2 != 0) { + _in_dh_msg2 = (sgx_dh_msg2_t*)malloc(_len_dh_msg2); + if (_in_dh_msg2 == NULL) { + status = SGX_ERROR_OUT_OF_MEMORY; + goto err; + } + + if (memcpy_s(_in_dh_msg2, _len_dh_msg2, _tmp_dh_msg2, _len_dh_msg2)) { + status = SGX_ERROR_UNEXPECTED; + goto err; + } + + } + + ms->ms_retval = exchange_report(ms->ms_src_enclave_id, (const sgx_dh_msg2_t*)_in_dh_msg2); + +err: + if (_in_dh_msg2) free(_in_dh_msg2); + return status; +} + +static sgx_status_t SGX_CDECL sgx_end_session(void* pms) +{ + CHECK_REF_POINTER(pms, sizeof(ms_end_session_t)); + // + // fence after pointer checks + // + sgx_lfence(); + ms_end_session_t* ms = SGX_CAST(ms_end_session_t*, pms); + sgx_status_t status = SGX_SUCCESS; + + + + ms->ms_retval = end_session(ms->ms_src_enclave_id); + + + return status; +} + SGX_EXTERNC const struct { size_t nr_ecall; - struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[4]; + struct {void* ecall_addr; uint8_t is_priv; uint8_t is_switchless;} ecall_table[8]; } g_ecall_table = { - 4, + 8, { {(void*)(uintptr_t)sgx_enclave_create_report, 0, 0}, - {(void*)(uintptr_t)sgx_rtc_validate_and_save, 0, 0}, + {(void*)(uintptr_t)sgx_validate_and_save, 0, 0}, + {(void*)(uintptr_t)sgx_local_attestation, 0, 0}, {(void*)(uintptr_t)sgx_t_global_init_ecall, 0, 0}, {(void*)(uintptr_t)sgx_t_global_exit_ecall, 0, 0}, + {(void*)(uintptr_t)sgx_session_request, 0, 0}, + {(void*)(uintptr_t)sgx_exchange_report, 0, 0}, + {(void*)(uintptr_t)sgx_end_session, 0, 0}, } }; SGX_EXTERNC const struct { size_t nr_ocall; - uint8_t entry_table[71][4]; + uint8_t entry_table[74][8]; } g_dyn_entry_table = { - 71, + 74, { - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, - {0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, + {0, 0, 0, 0, 0, 0, 0, 0, }, } }; @@ -5444,3 +5586,108 @@ sgx_status_t SGX_CDECL u_sgxprotectedfs_do_file_recovery(int32_t* retval, const return status; } +sgx_status_t SGX_CDECL rtc_session_request_u(SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_rtc_session_request_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_session_request_u_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_session_request_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_session_request_u_t)); + ocalloc_size -= sizeof(ms_rtc_session_request_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + status = sgx_ocall(71, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL rtc_exchange_report_u(ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2) +{ + sgx_status_t status = SGX_SUCCESS; + size_t _len_dh_msg2 = sizeof(sgx_dh_msg2_t); + + ms_rtc_exchange_report_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_exchange_report_u_t); + void *__tmp = NULL; + + + CHECK_ENCLAVE_POINTER(dh_msg2, _len_dh_msg2); + + if (ADD_ASSIGN_OVERFLOW(ocalloc_size, (dh_msg2 != NULL) ? _len_dh_msg2 : 0)) + return SGX_ERROR_INVALID_PARAMETER; + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_exchange_report_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_exchange_report_u_t)); + ocalloc_size -= sizeof(ms_rtc_exchange_report_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + if (dh_msg2 != NULL) { + ms->ms_dh_msg2 = (sgx_dh_msg2_t*)__tmp; + if (memcpy_s(__tmp, ocalloc_size, dh_msg2, _len_dh_msg2)) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + __tmp = (void *)((size_t)__tmp + _len_dh_msg2); + ocalloc_size -= _len_dh_msg2; + } else { + ms->ms_dh_msg2 = NULL; + } + + status = sgx_ocall(72, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + +sgx_status_t SGX_CDECL rtc_end_session_u(sgx_status_t* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status = SGX_SUCCESS; + + ms_rtc_end_session_u_t* ms = NULL; + size_t ocalloc_size = sizeof(ms_rtc_end_session_u_t); + void *__tmp = NULL; + + + __tmp = sgx_ocalloc(ocalloc_size); + if (__tmp == NULL) { + sgx_ocfree(); + return SGX_ERROR_UNEXPECTED; + } + ms = (ms_rtc_end_session_u_t*)__tmp; + __tmp = (void *)((size_t)__tmp + sizeof(ms_rtc_end_session_u_t)); + ocalloc_size -= sizeof(ms_rtc_end_session_u_t); + + ms->ms_src_enclave_id = src_enclave_id; + ms->ms_dest_enclave_id = dest_enclave_id; + status = sgx_ocall(73, ms); + + if (status == SGX_SUCCESS) { + if (retval) *retval = ms->ms_retval; + } + sgx_ocfree(); + return status; +} + diff --git a/codegen/data_enclave/Enclave_t.h b/codegen/data_enclave/rtc_data_t.h similarity index 89% rename from codegen/data_enclave/Enclave_t.h rename to codegen/data_enclave/rtc_data_t.h index 7edb9ff6..775e5bb3 100644 --- a/codegen/data_enclave/Enclave_t.h +++ b/codegen/data_enclave/rtc_data_t.h @@ -1,5 +1,5 @@ -#ifndef ENCLAVE_T_H__ -#define ENCLAVE_T_H__ +#ifndef RTC_DATA_T_H__ +#define RTC_DATA_T_H__ #include #include @@ -8,12 +8,15 @@ #include "sgx_tprotected_fs.h" #include "sgx_report.h" +#include "sgx_dh.h" #include "bindings.h" #include "time.h" #include "inc/stat.h" #include "sys/uio.h" #include "inc/stat.h" #include "inc/dirent.h" +#include "sgx_eid.h" +#include "sgx_dh.h" #include /* for size_t */ @@ -24,9 +27,13 @@ extern "C" { #endif CreateReportResult enclave_create_report(const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); -DataUploadResult rtc_validate_and_save(const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); +DataUploadResult validate_and_save(const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); +sgx_status_t local_attestation(sgx_enclave_id_t rtc_local_attestation); void t_global_init_ecall(uint64_t id, const uint8_t* path, size_t len); void t_global_exit_ecall(void); +SessionRequestResult session_request(sgx_enclave_id_t src_enclave_id); +ExchangeReportResult exchange_report(sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2); +sgx_status_t end_session(sgx_enclave_id_t src_enclave_id); sgx_status_t SGX_CDECL rtc_save_sealed_blob_u(sgx_status_t* retval, const uint8_t* blob_ptr, size_t blob_len, uint8_t uuid[16]); sgx_status_t SGX_CDECL u_thread_set_event_ocall(int* retval, int* error, const void* tcs); @@ -99,6 +106,9 @@ sgx_status_t SGX_CDECL u_sgxprotectedfs_remove(int32_t* retval, const char* file sgx_status_t SGX_CDECL u_sgxprotectedfs_recovery_file_open(void** retval, const char* filename); sgx_status_t SGX_CDECL u_sgxprotectedfs_fwrite_recovery_node(uint8_t* retval, void* f, uint8_t* data, uint32_t data_length); sgx_status_t SGX_CDECL u_sgxprotectedfs_do_file_recovery(int32_t* retval, const char* filename, const char* recovery_filename, uint32_t node_size); +sgx_status_t SGX_CDECL rtc_session_request_u(SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); +sgx_status_t SGX_CDECL rtc_exchange_report_u(ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2); +sgx_status_t SGX_CDECL rtc_end_session_u(sgx_status_t* retval, sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); #ifdef __cplusplus } diff --git a/codegen/data_enclave/Enclave_u.c b/codegen/data_enclave/rtc_data_u.c similarity index 67% rename from codegen/data_enclave/Enclave_u.c rename to codegen/data_enclave/rtc_data_u.c index 98a415eb..17d281bd 100644 --- a/codegen/data_enclave/Enclave_u.c +++ b/codegen/data_enclave/rtc_data_u.c @@ -1,4 +1,4 @@ -#include "Enclave_u.h" +#include "rtc_data_u.h" #include typedef struct ms_enclave_create_report_t { @@ -8,12 +8,17 @@ typedef struct ms_enclave_create_report_t { sgx_report_t* ms_p_report; } ms_enclave_create_report_t; -typedef struct ms_rtc_validate_and_save_t { +typedef struct ms_validate_and_save_t { DataUploadResult ms_retval; const uint8_t* ms_payload_ptr; size_t ms_payload_len; UploadMetadata ms_metadata; -} ms_rtc_validate_and_save_t; +} ms_validate_and_save_t; + +typedef struct ms_local_attestation_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_rtc_local_attestation; +} ms_local_attestation_t; typedef struct ms_t_global_init_ecall_t { uint64_t ms_id; @@ -21,6 +26,22 @@ typedef struct ms_t_global_init_ecall_t { size_t ms_len; } ms_t_global_init_ecall_t; +typedef struct ms_session_request_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_session_request_t; + +typedef struct ms_exchange_report_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + const sgx_dh_msg2_t* ms_dh_msg2; +} ms_exchange_report_t; + +typedef struct ms_end_session_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; +} ms_end_session_t; + typedef struct ms_rtc_save_sealed_blob_u_t { sgx_status_t ms_retval; const uint8_t* ms_blob_ptr; @@ -517,7 +538,26 @@ typedef struct ms_u_sgxprotectedfs_do_file_recovery_t { uint32_t ms_node_size; } ms_u_sgxprotectedfs_do_file_recovery_t; -static sgx_status_t SGX_CDECL Enclave_rtc_save_sealed_blob_u(void* pms) +typedef struct ms_rtc_session_request_u_t { + SessionRequestResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_session_request_u_t; + +typedef struct ms_rtc_exchange_report_u_t { + ExchangeReportResult ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; + sgx_dh_msg2_t* ms_dh_msg2; +} ms_rtc_exchange_report_u_t; + +typedef struct ms_rtc_end_session_u_t { + sgx_status_t ms_retval; + sgx_enclave_id_t ms_src_enclave_id; + sgx_enclave_id_t ms_dest_enclave_id; +} ms_rtc_end_session_u_t; + +static sgx_status_t SGX_CDECL rtc_data_rtc_save_sealed_blob_u(void* pms) { ms_rtc_save_sealed_blob_u_t* ms = SGX_CAST(ms_rtc_save_sealed_blob_u_t*, pms); ms->ms_retval = rtc_save_sealed_blob_u(ms->ms_blob_ptr, ms->ms_blob_len, ms->ms_uuid); @@ -525,7 +565,7 @@ static sgx_status_t SGX_CDECL Enclave_rtc_save_sealed_blob_u(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_set_event_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_thread_set_event_ocall(void* pms) { ms_u_thread_set_event_ocall_t* ms = SGX_CAST(ms_u_thread_set_event_ocall_t*, pms); ms->ms_retval = u_thread_set_event_ocall(ms->ms_error, ms->ms_tcs); @@ -533,7 +573,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_set_event_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_wait_event_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_thread_wait_event_ocall(void* pms) { ms_u_thread_wait_event_ocall_t* ms = SGX_CAST(ms_u_thread_wait_event_ocall_t*, pms); ms->ms_retval = u_thread_wait_event_ocall(ms->ms_error, ms->ms_tcs, ms->ms_timeout); @@ -541,7 +581,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_wait_event_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_set_multiple_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_thread_set_multiple_events_ocall(void* pms) { ms_u_thread_set_multiple_events_ocall_t* ms = SGX_CAST(ms_u_thread_set_multiple_events_ocall_t*, pms); ms->ms_retval = u_thread_set_multiple_events_ocall(ms->ms_error, ms->ms_tcss, ms->ms_total); @@ -549,7 +589,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_set_multiple_events_ocall(void* p return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_thread_setwait_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_thread_setwait_events_ocall(void* pms) { ms_u_thread_setwait_events_ocall_t* ms = SGX_CAST(ms_u_thread_setwait_events_ocall_t*, pms); ms->ms_retval = u_thread_setwait_events_ocall(ms->ms_error, ms->ms_waiter_tcs, ms->ms_self_tcs, ms->ms_timeout); @@ -557,7 +597,7 @@ static sgx_status_t SGX_CDECL Enclave_u_thread_setwait_events_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_clock_gettime_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_clock_gettime_ocall(void* pms) { ms_u_clock_gettime_ocall_t* ms = SGX_CAST(ms_u_clock_gettime_ocall_t*, pms); ms->ms_retval = u_clock_gettime_ocall(ms->ms_error, ms->ms_clk_id, ms->ms_tp); @@ -565,7 +605,7 @@ static sgx_status_t SGX_CDECL Enclave_u_clock_gettime_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_read_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_read_ocall(void* pms) { ms_u_read_ocall_t* ms = SGX_CAST(ms_u_read_ocall_t*, pms); ms->ms_retval = u_read_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count); @@ -573,7 +613,7 @@ static sgx_status_t SGX_CDECL Enclave_u_read_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pread64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_pread64_ocall(void* pms) { ms_u_pread64_ocall_t* ms = SGX_CAST(ms_u_pread64_ocall_t*, pms); ms->ms_retval = u_pread64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count, ms->ms_offset); @@ -581,7 +621,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pread64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readv_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_readv_ocall(void* pms) { ms_u_readv_ocall_t* ms = SGX_CAST(ms_u_readv_ocall_t*, pms); ms->ms_retval = u_readv_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt); @@ -589,7 +629,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readv_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_preadv64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_preadv64_ocall(void* pms) { ms_u_preadv64_ocall_t* ms = SGX_CAST(ms_u_preadv64_ocall_t*, pms); ms->ms_retval = u_preadv64_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt, ms->ms_offset); @@ -597,7 +637,7 @@ static sgx_status_t SGX_CDECL Enclave_u_preadv64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_write_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_write_ocall(void* pms) { ms_u_write_ocall_t* ms = SGX_CAST(ms_u_write_ocall_t*, pms); ms->ms_retval = u_write_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count); @@ -605,7 +645,7 @@ static sgx_status_t SGX_CDECL Enclave_u_write_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pwrite64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_pwrite64_ocall(void* pms) { ms_u_pwrite64_ocall_t* ms = SGX_CAST(ms_u_pwrite64_ocall_t*, pms); ms->ms_retval = u_pwrite64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf, ms->ms_count, ms->ms_offset); @@ -613,7 +653,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pwrite64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_writev_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_writev_ocall(void* pms) { ms_u_writev_ocall_t* ms = SGX_CAST(ms_u_writev_ocall_t*, pms); ms->ms_retval = u_writev_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt); @@ -621,7 +661,7 @@ static sgx_status_t SGX_CDECL Enclave_u_writev_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_pwritev64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_pwritev64_ocall(void* pms) { ms_u_pwritev64_ocall_t* ms = SGX_CAST(ms_u_pwritev64_ocall_t*, pms); ms->ms_retval = u_pwritev64_ocall(ms->ms_error, ms->ms_fd, ms->ms_iov, ms->ms_iovcnt, ms->ms_offset); @@ -629,7 +669,7 @@ static sgx_status_t SGX_CDECL Enclave_u_pwritev64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg0_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fcntl_arg0_ocall(void* pms) { ms_u_fcntl_arg0_ocall_t* ms = SGX_CAST(ms_u_fcntl_arg0_ocall_t*, pms); ms->ms_retval = u_fcntl_arg0_ocall(ms->ms_error, ms->ms_fd, ms->ms_cmd); @@ -637,7 +677,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg0_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg1_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fcntl_arg1_ocall(void* pms) { ms_u_fcntl_arg1_ocall_t* ms = SGX_CAST(ms_u_fcntl_arg1_ocall_t*, pms); ms->ms_retval = u_fcntl_arg1_ocall(ms->ms_error, ms->ms_fd, ms->ms_cmd, ms->ms_arg); @@ -645,7 +685,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fcntl_arg1_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg0_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_ioctl_arg0_ocall(void* pms) { ms_u_ioctl_arg0_ocall_t* ms = SGX_CAST(ms_u_ioctl_arg0_ocall_t*, pms); ms->ms_retval = u_ioctl_arg0_ocall(ms->ms_error, ms->ms_fd, ms->ms_request); @@ -653,7 +693,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg0_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg1_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_ioctl_arg1_ocall(void* pms) { ms_u_ioctl_arg1_ocall_t* ms = SGX_CAST(ms_u_ioctl_arg1_ocall_t*, pms); ms->ms_retval = u_ioctl_arg1_ocall(ms->ms_error, ms->ms_fd, ms->ms_request, ms->ms_arg); @@ -661,7 +701,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ioctl_arg1_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_close_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_close_ocall(void* pms) { ms_u_close_ocall_t* ms = SGX_CAST(ms_u_close_ocall_t*, pms); ms->ms_retval = u_close_ocall(ms->ms_error, ms->ms_fd); @@ -669,7 +709,7 @@ static sgx_status_t SGX_CDECL Enclave_u_close_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_malloc_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_malloc_ocall(void* pms) { ms_u_malloc_ocall_t* ms = SGX_CAST(ms_u_malloc_ocall_t*, pms); ms->ms_retval = u_malloc_ocall(ms->ms_error, ms->ms_size); @@ -677,7 +717,7 @@ static sgx_status_t SGX_CDECL Enclave_u_malloc_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_free_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_free_ocall(void* pms) { ms_u_free_ocall_t* ms = SGX_CAST(ms_u_free_ocall_t*, pms); u_free_ocall(ms->ms_p); @@ -685,7 +725,7 @@ static sgx_status_t SGX_CDECL Enclave_u_free_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mmap_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_mmap_ocall(void* pms) { ms_u_mmap_ocall_t* ms = SGX_CAST(ms_u_mmap_ocall_t*, pms); ms->ms_retval = u_mmap_ocall(ms->ms_error, ms->ms_start, ms->ms_length, ms->ms_prot, ms->ms_flags, ms->ms_fd, ms->ms_offset); @@ -693,7 +733,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mmap_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_munmap_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_munmap_ocall(void* pms) { ms_u_munmap_ocall_t* ms = SGX_CAST(ms_u_munmap_ocall_t*, pms); ms->ms_retval = u_munmap_ocall(ms->ms_error, ms->ms_start, ms->ms_length); @@ -701,7 +741,7 @@ static sgx_status_t SGX_CDECL Enclave_u_munmap_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_msync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_msync_ocall(void* pms) { ms_u_msync_ocall_t* ms = SGX_CAST(ms_u_msync_ocall_t*, pms); ms->ms_retval = u_msync_ocall(ms->ms_error, ms->ms_addr, ms->ms_length, ms->ms_flags); @@ -709,7 +749,7 @@ static sgx_status_t SGX_CDECL Enclave_u_msync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mprotect_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_mprotect_ocall(void* pms) { ms_u_mprotect_ocall_t* ms = SGX_CAST(ms_u_mprotect_ocall_t*, pms); ms->ms_retval = u_mprotect_ocall(ms->ms_error, ms->ms_addr, ms->ms_length, ms->ms_prot); @@ -717,7 +757,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mprotect_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_open_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_open_ocall(void* pms) { ms_u_open_ocall_t* ms = SGX_CAST(ms_u_open_ocall_t*, pms); ms->ms_retval = u_open_ocall(ms->ms_error, ms->ms_pathname, ms->ms_flags); @@ -725,7 +765,7 @@ static sgx_status_t SGX_CDECL Enclave_u_open_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_open64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_open64_ocall(void* pms) { ms_u_open64_ocall_t* ms = SGX_CAST(ms_u_open64_ocall_t*, pms); ms->ms_retval = u_open64_ocall(ms->ms_error, ms->ms_path, ms->ms_oflag, ms->ms_mode); @@ -733,7 +773,7 @@ static sgx_status_t SGX_CDECL Enclave_u_open64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fstat_ocall(void* pms) { ms_u_fstat_ocall_t* ms = SGX_CAST(ms_u_fstat_ocall_t*, pms); ms->ms_retval = u_fstat_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf); @@ -741,7 +781,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fstat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fstat64_ocall(void* pms) { ms_u_fstat64_ocall_t* ms = SGX_CAST(ms_u_fstat64_ocall_t*, pms); ms->ms_retval = u_fstat64_ocall(ms->ms_error, ms->ms_fd, ms->ms_buf); @@ -749,7 +789,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fstat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_stat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_stat_ocall(void* pms) { ms_u_stat_ocall_t* ms = SGX_CAST(ms_u_stat_ocall_t*, pms); ms->ms_retval = u_stat_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -757,7 +797,7 @@ static sgx_status_t SGX_CDECL Enclave_u_stat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_stat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_stat64_ocall(void* pms) { ms_u_stat64_ocall_t* ms = SGX_CAST(ms_u_stat64_ocall_t*, pms); ms->ms_retval = u_stat64_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -765,7 +805,7 @@ static sgx_status_t SGX_CDECL Enclave_u_stat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lstat_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_lstat_ocall(void* pms) { ms_u_lstat_ocall_t* ms = SGX_CAST(ms_u_lstat_ocall_t*, pms); ms->ms_retval = u_lstat_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -773,7 +813,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lstat_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lstat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_lstat64_ocall(void* pms) { ms_u_lstat64_ocall_t* ms = SGX_CAST(ms_u_lstat64_ocall_t*, pms); ms->ms_retval = u_lstat64_ocall(ms->ms_error, ms->ms_path, ms->ms_buf); @@ -781,7 +821,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lstat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lseek_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_lseek_ocall(void* pms) { ms_u_lseek_ocall_t* ms = SGX_CAST(ms_u_lseek_ocall_t*, pms); ms->ms_retval = u_lseek_ocall(ms->ms_error, ms->ms_fd, ms->ms_offset, ms->ms_whence); @@ -789,7 +829,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lseek_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_lseek64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_lseek64_ocall(void* pms) { ms_u_lseek64_ocall_t* ms = SGX_CAST(ms_u_lseek64_ocall_t*, pms); ms->ms_retval = u_lseek64_ocall(ms->ms_error, ms->ms_fd, ms->ms_offset, ms->ms_whence); @@ -797,7 +837,7 @@ static sgx_status_t SGX_CDECL Enclave_u_lseek64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ftruncate_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_ftruncate_ocall(void* pms) { ms_u_ftruncate_ocall_t* ms = SGX_CAST(ms_u_ftruncate_ocall_t*, pms); ms->ms_retval = u_ftruncate_ocall(ms->ms_error, ms->ms_fd, ms->ms_length); @@ -805,7 +845,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ftruncate_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_ftruncate64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_ftruncate64_ocall(void* pms) { ms_u_ftruncate64_ocall_t* ms = SGX_CAST(ms_u_ftruncate64_ocall_t*, pms); ms->ms_retval = u_ftruncate64_ocall(ms->ms_error, ms->ms_fd, ms->ms_length); @@ -813,7 +853,7 @@ static sgx_status_t SGX_CDECL Enclave_u_ftruncate64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_truncate_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_truncate_ocall(void* pms) { ms_u_truncate_ocall_t* ms = SGX_CAST(ms_u_truncate_ocall_t*, pms); ms->ms_retval = u_truncate_ocall(ms->ms_error, ms->ms_path, ms->ms_length); @@ -821,7 +861,7 @@ static sgx_status_t SGX_CDECL Enclave_u_truncate_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_truncate64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_truncate64_ocall(void* pms) { ms_u_truncate64_ocall_t* ms = SGX_CAST(ms_u_truncate64_ocall_t*, pms); ms->ms_retval = u_truncate64_ocall(ms->ms_error, ms->ms_path, ms->ms_length); @@ -829,7 +869,7 @@ static sgx_status_t SGX_CDECL Enclave_u_truncate64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fsync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fsync_ocall(void* pms) { ms_u_fsync_ocall_t* ms = SGX_CAST(ms_u_fsync_ocall_t*, pms); ms->ms_retval = u_fsync_ocall(ms->ms_error, ms->ms_fd); @@ -837,7 +877,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fsync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fdatasync_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fdatasync_ocall(void* pms) { ms_u_fdatasync_ocall_t* ms = SGX_CAST(ms_u_fdatasync_ocall_t*, pms); ms->ms_retval = u_fdatasync_ocall(ms->ms_error, ms->ms_fd); @@ -845,7 +885,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fdatasync_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fchmod_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fchmod_ocall(void* pms) { ms_u_fchmod_ocall_t* ms = SGX_CAST(ms_u_fchmod_ocall_t*, pms); ms->ms_retval = u_fchmod_ocall(ms->ms_error, ms->ms_fd, ms->ms_mode); @@ -853,7 +893,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fchmod_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_unlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_unlink_ocall(void* pms) { ms_u_unlink_ocall_t* ms = SGX_CAST(ms_u_unlink_ocall_t*, pms); ms->ms_retval = u_unlink_ocall(ms->ms_error, ms->ms_pathname); @@ -861,7 +901,7 @@ static sgx_status_t SGX_CDECL Enclave_u_unlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_link_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_link_ocall(void* pms) { ms_u_link_ocall_t* ms = SGX_CAST(ms_u_link_ocall_t*, pms); ms->ms_retval = u_link_ocall(ms->ms_error, ms->ms_oldpath, ms->ms_newpath); @@ -869,7 +909,7 @@ static sgx_status_t SGX_CDECL Enclave_u_link_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_rename_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_rename_ocall(void* pms) { ms_u_rename_ocall_t* ms = SGX_CAST(ms_u_rename_ocall_t*, pms); ms->ms_retval = u_rename_ocall(ms->ms_error, ms->ms_oldpath, ms->ms_newpath); @@ -877,7 +917,7 @@ static sgx_status_t SGX_CDECL Enclave_u_rename_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_chmod_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_chmod_ocall(void* pms) { ms_u_chmod_ocall_t* ms = SGX_CAST(ms_u_chmod_ocall_t*, pms); ms->ms_retval = u_chmod_ocall(ms->ms_error, ms->ms_path, ms->ms_mode); @@ -885,7 +925,7 @@ static sgx_status_t SGX_CDECL Enclave_u_chmod_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_readlink_ocall(void* pms) { ms_u_readlink_ocall_t* ms = SGX_CAST(ms_u_readlink_ocall_t*, pms); ms->ms_retval = u_readlink_ocall(ms->ms_error, ms->ms_path, ms->ms_buf, ms->ms_bufsz); @@ -893,7 +933,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_symlink_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_symlink_ocall(void* pms) { ms_u_symlink_ocall_t* ms = SGX_CAST(ms_u_symlink_ocall_t*, pms); ms->ms_retval = u_symlink_ocall(ms->ms_error, ms->ms_path1, ms->ms_path2); @@ -901,7 +941,7 @@ static sgx_status_t SGX_CDECL Enclave_u_symlink_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_realpath_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_realpath_ocall(void* pms) { ms_u_realpath_ocall_t* ms = SGX_CAST(ms_u_realpath_ocall_t*, pms); ms->ms_retval = u_realpath_ocall(ms->ms_error, ms->ms_pathname); @@ -909,7 +949,7 @@ static sgx_status_t SGX_CDECL Enclave_u_realpath_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_mkdir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_mkdir_ocall(void* pms) { ms_u_mkdir_ocall_t* ms = SGX_CAST(ms_u_mkdir_ocall_t*, pms); ms->ms_retval = u_mkdir_ocall(ms->ms_error, ms->ms_pathname, ms->ms_mode); @@ -917,7 +957,7 @@ static sgx_status_t SGX_CDECL Enclave_u_mkdir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_rmdir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_rmdir_ocall(void* pms) { ms_u_rmdir_ocall_t* ms = SGX_CAST(ms_u_rmdir_ocall_t*, pms); ms->ms_retval = u_rmdir_ocall(ms->ms_error, ms->ms_pathname); @@ -925,7 +965,7 @@ static sgx_status_t SGX_CDECL Enclave_u_rmdir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_opendir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_opendir_ocall(void* pms) { ms_u_opendir_ocall_t* ms = SGX_CAST(ms_u_opendir_ocall_t*, pms); ms->ms_retval = u_opendir_ocall(ms->ms_error, ms->ms_pathname); @@ -933,7 +973,7 @@ static sgx_status_t SGX_CDECL Enclave_u_opendir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_readdir64_r_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_readdir64_r_ocall(void* pms) { ms_u_readdir64_r_ocall_t* ms = SGX_CAST(ms_u_readdir64_r_ocall_t*, pms); ms->ms_retval = u_readdir64_r_ocall(ms->ms_dirp, ms->ms_entry, ms->ms_result); @@ -941,7 +981,7 @@ static sgx_status_t SGX_CDECL Enclave_u_readdir64_r_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_closedir_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_closedir_ocall(void* pms) { ms_u_closedir_ocall_t* ms = SGX_CAST(ms_u_closedir_ocall_t*, pms); ms->ms_retval = u_closedir_ocall(ms->ms_error, ms->ms_dirp); @@ -949,7 +989,7 @@ static sgx_status_t SGX_CDECL Enclave_u_closedir_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_dirfd_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_dirfd_ocall(void* pms) { ms_u_dirfd_ocall_t* ms = SGX_CAST(ms_u_dirfd_ocall_t*, pms); ms->ms_retval = u_dirfd_ocall(ms->ms_error, ms->ms_dirp); @@ -957,7 +997,7 @@ static sgx_status_t SGX_CDECL Enclave_u_dirfd_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_fstatat64_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_fstatat64_ocall(void* pms) { ms_u_fstatat64_ocall_t* ms = SGX_CAST(ms_u_fstatat64_ocall_t*, pms); ms->ms_retval = u_fstatat64_ocall(ms->ms_error, ms->ms_dirfd, ms->ms_pathname, ms->ms_buf, ms->ms_flags); @@ -965,7 +1005,7 @@ static sgx_status_t SGX_CDECL Enclave_u_fstatat64_ocall(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_sgx_oc_cpuidex(void* pms) +static sgx_status_t SGX_CDECL rtc_data_sgx_oc_cpuidex(void* pms) { ms_sgx_oc_cpuidex_t* ms = SGX_CAST(ms_sgx_oc_cpuidex_t*, pms); sgx_oc_cpuidex(ms->ms_cpuinfo, ms->ms_leaf, ms->ms_subleaf); @@ -973,7 +1013,7 @@ static sgx_status_t SGX_CDECL Enclave_sgx_oc_cpuidex(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_sgx_thread_wait_untrusted_event_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_sgx_thread_wait_untrusted_event_ocall(void* pms) { ms_sgx_thread_wait_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_wait_untrusted_event_ocall_t*, pms); ms->ms_retval = sgx_thread_wait_untrusted_event_ocall(ms->ms_self); @@ -981,7 +1021,7 @@ static sgx_status_t SGX_CDECL Enclave_sgx_thread_wait_untrusted_event_ocall(void return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_sgx_thread_set_untrusted_event_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_sgx_thread_set_untrusted_event_ocall(void* pms) { ms_sgx_thread_set_untrusted_event_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_untrusted_event_ocall_t*, pms); ms->ms_retval = sgx_thread_set_untrusted_event_ocall(ms->ms_waiter); @@ -989,7 +1029,7 @@ static sgx_status_t SGX_CDECL Enclave_sgx_thread_set_untrusted_event_ocall(void* return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_sgx_thread_setwait_untrusted_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_sgx_thread_setwait_untrusted_events_ocall(void* pms) { ms_sgx_thread_setwait_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_setwait_untrusted_events_ocall_t*, pms); ms->ms_retval = sgx_thread_setwait_untrusted_events_ocall(ms->ms_waiter, ms->ms_self); @@ -997,7 +1037,7 @@ static sgx_status_t SGX_CDECL Enclave_sgx_thread_setwait_untrusted_events_ocall( return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_sgx_thread_set_multiple_untrusted_events_ocall(void* pms) +static sgx_status_t SGX_CDECL rtc_data_sgx_thread_set_multiple_untrusted_events_ocall(void* pms) { ms_sgx_thread_set_multiple_untrusted_events_ocall_t* ms = SGX_CAST(ms_sgx_thread_set_multiple_untrusted_events_ocall_t*, pms); ms->ms_retval = sgx_thread_set_multiple_untrusted_events_ocall(ms->ms_waiters, ms->ms_total); @@ -1005,7 +1045,7 @@ static sgx_status_t SGX_CDECL Enclave_sgx_thread_set_multiple_untrusted_events_o return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_exclusive_file_open(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_exclusive_file_open(void* pms) { ms_u_sgxprotectedfs_exclusive_file_open_t* ms = SGX_CAST(ms_u_sgxprotectedfs_exclusive_file_open_t*, pms); ms->ms_retval = u_sgxprotectedfs_exclusive_file_open(ms->ms_filename, ms->ms_read_only, ms->ms_file_size, ms->ms_error_code); @@ -1013,7 +1053,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_exclusive_file_open(void* return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_check_if_file_exists(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_check_if_file_exists(void* pms) { ms_u_sgxprotectedfs_check_if_file_exists_t* ms = SGX_CAST(ms_u_sgxprotectedfs_check_if_file_exists_t*, pms); ms->ms_retval = u_sgxprotectedfs_check_if_file_exists(ms->ms_filename); @@ -1021,7 +1061,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_check_if_file_exists(void return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fread_node(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_fread_node(void* pms) { ms_u_sgxprotectedfs_fread_node_t* ms = SGX_CAST(ms_u_sgxprotectedfs_fread_node_t*, pms); ms->ms_retval = u_sgxprotectedfs_fread_node(ms->ms_f, ms->ms_node_number, ms->ms_buffer, ms->ms_node_size); @@ -1029,7 +1069,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fread_node(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fwrite_node(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_fwrite_node(void* pms) { ms_u_sgxprotectedfs_fwrite_node_t* ms = SGX_CAST(ms_u_sgxprotectedfs_fwrite_node_t*, pms); ms->ms_retval = u_sgxprotectedfs_fwrite_node(ms->ms_f, ms->ms_node_number, ms->ms_buffer, ms->ms_node_size); @@ -1037,7 +1077,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fwrite_node(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fclose(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_fclose(void* pms) { ms_u_sgxprotectedfs_fclose_t* ms = SGX_CAST(ms_u_sgxprotectedfs_fclose_t*, pms); ms->ms_retval = u_sgxprotectedfs_fclose(ms->ms_f); @@ -1045,7 +1085,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fclose(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fflush(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_fflush(void* pms) { ms_u_sgxprotectedfs_fflush_t* ms = SGX_CAST(ms_u_sgxprotectedfs_fflush_t*, pms); ms->ms_retval = u_sgxprotectedfs_fflush(ms->ms_f); @@ -1053,7 +1093,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fflush(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_remove(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_remove(void* pms) { ms_u_sgxprotectedfs_remove_t* ms = SGX_CAST(ms_u_sgxprotectedfs_remove_t*, pms); ms->ms_retval = u_sgxprotectedfs_remove(ms->ms_filename); @@ -1061,7 +1101,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_remove(void* pms) return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_recovery_file_open(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_recovery_file_open(void* pms) { ms_u_sgxprotectedfs_recovery_file_open_t* ms = SGX_CAST(ms_u_sgxprotectedfs_recovery_file_open_t*, pms); ms->ms_retval = u_sgxprotectedfs_recovery_file_open(ms->ms_filename); @@ -1069,7 +1109,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_recovery_file_open(void* return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fwrite_recovery_node(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_fwrite_recovery_node(void* pms) { ms_u_sgxprotectedfs_fwrite_recovery_node_t* ms = SGX_CAST(ms_u_sgxprotectedfs_fwrite_recovery_node_t*, pms); ms->ms_retval = u_sgxprotectedfs_fwrite_recovery_node(ms->ms_f, ms->ms_data, ms->ms_data_length); @@ -1077,7 +1117,7 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_fwrite_recovery_node(void return SGX_SUCCESS; } -static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_do_file_recovery(void* pms) +static sgx_status_t SGX_CDECL rtc_data_u_sgxprotectedfs_do_file_recovery(void* pms) { ms_u_sgxprotectedfs_do_file_recovery_t* ms = SGX_CAST(ms_u_sgxprotectedfs_do_file_recovery_t*, pms); ms->ms_retval = u_sgxprotectedfs_do_file_recovery(ms->ms_filename, ms->ms_recovery_filename, ms->ms_node_size); @@ -1085,124 +1125,192 @@ static sgx_status_t SGX_CDECL Enclave_u_sgxprotectedfs_do_file_recovery(void* pm return SGX_SUCCESS; } +static sgx_status_t SGX_CDECL rtc_data_rtc_session_request_u(void* pms) +{ + ms_rtc_session_request_u_t* ms = SGX_CAST(ms_rtc_session_request_u_t*, pms); + ms->ms_retval = rtc_session_request_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_data_rtc_exchange_report_u(void* pms) +{ + ms_rtc_exchange_report_u_t* ms = SGX_CAST(ms_rtc_exchange_report_u_t*, pms); + ms->ms_retval = rtc_exchange_report_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id, ms->ms_dh_msg2); + + return SGX_SUCCESS; +} + +static sgx_status_t SGX_CDECL rtc_data_rtc_end_session_u(void* pms) +{ + ms_rtc_end_session_u_t* ms = SGX_CAST(ms_rtc_end_session_u_t*, pms); + ms->ms_retval = rtc_end_session_u(ms->ms_src_enclave_id, ms->ms_dest_enclave_id); + + return SGX_SUCCESS; +} + static const struct { size_t nr_ocall; - void * table[71]; -} ocall_table_Enclave = { - 71, + void * table[74]; +} ocall_table_rtc_data = { + 74, { - (void*)Enclave_rtc_save_sealed_blob_u, - (void*)Enclave_u_thread_set_event_ocall, - (void*)Enclave_u_thread_wait_event_ocall, - (void*)Enclave_u_thread_set_multiple_events_ocall, - (void*)Enclave_u_thread_setwait_events_ocall, - (void*)Enclave_u_clock_gettime_ocall, - (void*)Enclave_u_read_ocall, - (void*)Enclave_u_pread64_ocall, - (void*)Enclave_u_readv_ocall, - (void*)Enclave_u_preadv64_ocall, - (void*)Enclave_u_write_ocall, - (void*)Enclave_u_pwrite64_ocall, - (void*)Enclave_u_writev_ocall, - (void*)Enclave_u_pwritev64_ocall, - (void*)Enclave_u_fcntl_arg0_ocall, - (void*)Enclave_u_fcntl_arg1_ocall, - (void*)Enclave_u_ioctl_arg0_ocall, - (void*)Enclave_u_ioctl_arg1_ocall, - (void*)Enclave_u_close_ocall, - (void*)Enclave_u_malloc_ocall, - (void*)Enclave_u_free_ocall, - (void*)Enclave_u_mmap_ocall, - (void*)Enclave_u_munmap_ocall, - (void*)Enclave_u_msync_ocall, - (void*)Enclave_u_mprotect_ocall, - (void*)Enclave_u_open_ocall, - (void*)Enclave_u_open64_ocall, - (void*)Enclave_u_fstat_ocall, - (void*)Enclave_u_fstat64_ocall, - (void*)Enclave_u_stat_ocall, - (void*)Enclave_u_stat64_ocall, - (void*)Enclave_u_lstat_ocall, - (void*)Enclave_u_lstat64_ocall, - (void*)Enclave_u_lseek_ocall, - (void*)Enclave_u_lseek64_ocall, - (void*)Enclave_u_ftruncate_ocall, - (void*)Enclave_u_ftruncate64_ocall, - (void*)Enclave_u_truncate_ocall, - (void*)Enclave_u_truncate64_ocall, - (void*)Enclave_u_fsync_ocall, - (void*)Enclave_u_fdatasync_ocall, - (void*)Enclave_u_fchmod_ocall, - (void*)Enclave_u_unlink_ocall, - (void*)Enclave_u_link_ocall, - (void*)Enclave_u_rename_ocall, - (void*)Enclave_u_chmod_ocall, - (void*)Enclave_u_readlink_ocall, - (void*)Enclave_u_symlink_ocall, - (void*)Enclave_u_realpath_ocall, - (void*)Enclave_u_mkdir_ocall, - (void*)Enclave_u_rmdir_ocall, - (void*)Enclave_u_opendir_ocall, - (void*)Enclave_u_readdir64_r_ocall, - (void*)Enclave_u_closedir_ocall, - (void*)Enclave_u_dirfd_ocall, - (void*)Enclave_u_fstatat64_ocall, - (void*)Enclave_sgx_oc_cpuidex, - (void*)Enclave_sgx_thread_wait_untrusted_event_ocall, - (void*)Enclave_sgx_thread_set_untrusted_event_ocall, - (void*)Enclave_sgx_thread_setwait_untrusted_events_ocall, - (void*)Enclave_sgx_thread_set_multiple_untrusted_events_ocall, - (void*)Enclave_u_sgxprotectedfs_exclusive_file_open, - (void*)Enclave_u_sgxprotectedfs_check_if_file_exists, - (void*)Enclave_u_sgxprotectedfs_fread_node, - (void*)Enclave_u_sgxprotectedfs_fwrite_node, - (void*)Enclave_u_sgxprotectedfs_fclose, - (void*)Enclave_u_sgxprotectedfs_fflush, - (void*)Enclave_u_sgxprotectedfs_remove, - (void*)Enclave_u_sgxprotectedfs_recovery_file_open, - (void*)Enclave_u_sgxprotectedfs_fwrite_recovery_node, - (void*)Enclave_u_sgxprotectedfs_do_file_recovery, + (void*)rtc_data_rtc_save_sealed_blob_u, + (void*)rtc_data_u_thread_set_event_ocall, + (void*)rtc_data_u_thread_wait_event_ocall, + (void*)rtc_data_u_thread_set_multiple_events_ocall, + (void*)rtc_data_u_thread_setwait_events_ocall, + (void*)rtc_data_u_clock_gettime_ocall, + (void*)rtc_data_u_read_ocall, + (void*)rtc_data_u_pread64_ocall, + (void*)rtc_data_u_readv_ocall, + (void*)rtc_data_u_preadv64_ocall, + (void*)rtc_data_u_write_ocall, + (void*)rtc_data_u_pwrite64_ocall, + (void*)rtc_data_u_writev_ocall, + (void*)rtc_data_u_pwritev64_ocall, + (void*)rtc_data_u_fcntl_arg0_ocall, + (void*)rtc_data_u_fcntl_arg1_ocall, + (void*)rtc_data_u_ioctl_arg0_ocall, + (void*)rtc_data_u_ioctl_arg1_ocall, + (void*)rtc_data_u_close_ocall, + (void*)rtc_data_u_malloc_ocall, + (void*)rtc_data_u_free_ocall, + (void*)rtc_data_u_mmap_ocall, + (void*)rtc_data_u_munmap_ocall, + (void*)rtc_data_u_msync_ocall, + (void*)rtc_data_u_mprotect_ocall, + (void*)rtc_data_u_open_ocall, + (void*)rtc_data_u_open64_ocall, + (void*)rtc_data_u_fstat_ocall, + (void*)rtc_data_u_fstat64_ocall, + (void*)rtc_data_u_stat_ocall, + (void*)rtc_data_u_stat64_ocall, + (void*)rtc_data_u_lstat_ocall, + (void*)rtc_data_u_lstat64_ocall, + (void*)rtc_data_u_lseek_ocall, + (void*)rtc_data_u_lseek64_ocall, + (void*)rtc_data_u_ftruncate_ocall, + (void*)rtc_data_u_ftruncate64_ocall, + (void*)rtc_data_u_truncate_ocall, + (void*)rtc_data_u_truncate64_ocall, + (void*)rtc_data_u_fsync_ocall, + (void*)rtc_data_u_fdatasync_ocall, + (void*)rtc_data_u_fchmod_ocall, + (void*)rtc_data_u_unlink_ocall, + (void*)rtc_data_u_link_ocall, + (void*)rtc_data_u_rename_ocall, + (void*)rtc_data_u_chmod_ocall, + (void*)rtc_data_u_readlink_ocall, + (void*)rtc_data_u_symlink_ocall, + (void*)rtc_data_u_realpath_ocall, + (void*)rtc_data_u_mkdir_ocall, + (void*)rtc_data_u_rmdir_ocall, + (void*)rtc_data_u_opendir_ocall, + (void*)rtc_data_u_readdir64_r_ocall, + (void*)rtc_data_u_closedir_ocall, + (void*)rtc_data_u_dirfd_ocall, + (void*)rtc_data_u_fstatat64_ocall, + (void*)rtc_data_sgx_oc_cpuidex, + (void*)rtc_data_sgx_thread_wait_untrusted_event_ocall, + (void*)rtc_data_sgx_thread_set_untrusted_event_ocall, + (void*)rtc_data_sgx_thread_setwait_untrusted_events_ocall, + (void*)rtc_data_sgx_thread_set_multiple_untrusted_events_ocall, + (void*)rtc_data_u_sgxprotectedfs_exclusive_file_open, + (void*)rtc_data_u_sgxprotectedfs_check_if_file_exists, + (void*)rtc_data_u_sgxprotectedfs_fread_node, + (void*)rtc_data_u_sgxprotectedfs_fwrite_node, + (void*)rtc_data_u_sgxprotectedfs_fclose, + (void*)rtc_data_u_sgxprotectedfs_fflush, + (void*)rtc_data_u_sgxprotectedfs_remove, + (void*)rtc_data_u_sgxprotectedfs_recovery_file_open, + (void*)rtc_data_u_sgxprotectedfs_fwrite_recovery_node, + (void*)rtc_data_u_sgxprotectedfs_do_file_recovery, + (void*)rtc_data_rtc_session_request_u, + (void*)rtc_data_rtc_exchange_report_u, + (void*)rtc_data_rtc_end_session_u, } }; -sgx_status_t enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report) +sgx_status_t rtc_data_enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report) { sgx_status_t status; ms_enclave_create_report_t ms; ms.ms_p_qe3_target = p_qe3_target; ms.ms_enclave_data = (EnclaveHeldData *)&enclave_data[0]; ms.ms_p_report = p_report; - status = sgx_ecall(eid, 0, &ocall_table_Enclave, &ms); + status = sgx_ecall(eid, 0, &ocall_table_rtc_data, &ms); if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } -sgx_status_t rtc_validate_and_save(sgx_enclave_id_t eid, DataUploadResult* retval, const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata) +sgx_status_t rtc_data_validate_and_save(sgx_enclave_id_t eid, DataUploadResult* retval, const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata) { sgx_status_t status; - ms_rtc_validate_and_save_t ms; + ms_validate_and_save_t ms; ms.ms_payload_ptr = payload_ptr; ms.ms_payload_len = payload_len; ms.ms_metadata = metadata; - status = sgx_ecall(eid, 1, &ocall_table_Enclave, &ms); + status = sgx_ecall(eid, 1, &ocall_table_rtc_data, &ms); if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } -sgx_status_t t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len) +sgx_status_t rtc_data_local_attestation(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t rtc_local_attestation) +{ + sgx_status_t status; + ms_local_attestation_t ms; + ms.ms_rtc_local_attestation = rtc_local_attestation; + status = sgx_ecall(eid, 2, &ocall_table_rtc_data, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; + return status; +} + +sgx_status_t rtc_data_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len) { sgx_status_t status; ms_t_global_init_ecall_t ms; ms.ms_id = id; ms.ms_path = path; ms.ms_len = len; - status = sgx_ecall(eid, 2, &ocall_table_Enclave, &ms); + status = sgx_ecall(eid, 3, &ocall_table_rtc_data, &ms); + return status; +} + +sgx_status_t rtc_data_t_global_exit_ecall(sgx_enclave_id_t eid) +{ + sgx_status_t status; + status = sgx_ecall(eid, 4, &ocall_table_rtc_data, NULL); + return status; +} + +sgx_status_t rtc_data_session_request(sgx_enclave_id_t eid, SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id) +{ + sgx_status_t status; + ms_session_request_t ms; + ms.ms_src_enclave_id = src_enclave_id; + status = sgx_ecall(eid, 5, &ocall_table_rtc_data, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; + return status; +} + +sgx_status_t rtc_data_exchange_report(sgx_enclave_id_t eid, ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2) +{ + sgx_status_t status; + ms_exchange_report_t ms; + ms.ms_src_enclave_id = src_enclave_id; + ms.ms_dh_msg2 = dh_msg2; + status = sgx_ecall(eid, 6, &ocall_table_rtc_data, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } -sgx_status_t t_global_exit_ecall(sgx_enclave_id_t eid) +sgx_status_t rtc_data_end_session(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t src_enclave_id) { sgx_status_t status; - status = sgx_ecall(eid, 3, &ocall_table_Enclave, NULL); + ms_end_session_t ms; + ms.ms_src_enclave_id = src_enclave_id; + status = sgx_ecall(eid, 7, &ocall_table_rtc_data, &ms); + if (status == SGX_SUCCESS && retval) *retval = ms.ms_retval; return status; } diff --git a/codegen/data_enclave/Enclave_u.h b/codegen/data_enclave/rtc_data_u.h similarity index 88% rename from codegen/data_enclave/Enclave_u.h rename to codegen/data_enclave/rtc_data_u.h index 690742f1..5468e32d 100644 --- a/codegen/data_enclave/Enclave_u.h +++ b/codegen/data_enclave/rtc_data_u.h @@ -1,5 +1,5 @@ -#ifndef ENCLAVE_U_H__ -#define ENCLAVE_U_H__ +#ifndef RTC_DATA_U_H__ +#define RTC_DATA_U_H__ #include #include @@ -9,12 +9,15 @@ #include "sgx_tprotected_fs.h" #include "sgx_report.h" +#include "sgx_dh.h" #include "bindings.h" #include "time.h" #include "inc/stat.h" #include "sys/uio.h" #include "inc/stat.h" #include "inc/dirent.h" +#include "sgx_eid.h" +#include "sgx_dh.h" #include /* for size_t */ @@ -308,11 +311,27 @@ uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fwrite_recovery_node, (vo #define U_SGXPROTECTEDFS_DO_FILE_RECOVERY_DEFINED__ int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_do_file_recovery, (const char* filename, const char* recovery_filename, uint32_t node_size)); #endif +#ifndef RTC_SESSION_REQUEST_U_DEFINED__ +#define RTC_SESSION_REQUEST_U_DEFINED__ +SessionRequestResult SGX_UBRIDGE(SGX_NOCONVENTION, rtc_session_request_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)); +#endif +#ifndef RTC_EXCHANGE_REPORT_U_DEFINED__ +#define RTC_EXCHANGE_REPORT_U_DEFINED__ +ExchangeReportResult SGX_UBRIDGE(SGX_NOCONVENTION, rtc_exchange_report_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2)); +#endif +#ifndef RTC_END_SESSION_U_DEFINED__ +#define RTC_END_SESSION_U_DEFINED__ +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, rtc_end_session_u, (sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id)); +#endif -sgx_status_t enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); -sgx_status_t rtc_validate_and_save(sgx_enclave_id_t eid, DataUploadResult* retval, const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); -sgx_status_t t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len); -sgx_status_t t_global_exit_ecall(sgx_enclave_id_t eid); +sgx_status_t rtc_data_enclave_create_report(sgx_enclave_id_t eid, CreateReportResult* retval, const sgx_target_info_t* p_qe3_target, EnclaveHeldData enclave_data, sgx_report_t* p_report); +sgx_status_t rtc_data_validate_and_save(sgx_enclave_id_t eid, DataUploadResult* retval, const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); +sgx_status_t rtc_data_local_attestation(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t rtc_local_attestation); +sgx_status_t rtc_data_t_global_init_ecall(sgx_enclave_id_t eid, uint64_t id, const uint8_t* path, size_t len); +sgx_status_t rtc_data_t_global_exit_ecall(sgx_enclave_id_t eid); +sgx_status_t rtc_data_session_request(sgx_enclave_id_t eid, SessionRequestResult* retval, sgx_enclave_id_t src_enclave_id); +sgx_status_t rtc_data_exchange_report(sgx_enclave_id_t eid, ExchangeReportResult* retval, sgx_enclave_id_t src_enclave_id, const sgx_dh_msg2_t* dh_msg2); +sgx_status_t rtc_data_end_session(sgx_enclave_id_t eid, sgx_status_t* retval, sgx_enclave_id_t src_enclave_id); #ifdef __cplusplus } diff --git a/edl/rtc_tenclave.edl b/edl/rtc_tenclave.edl new file mode 100644 index 00000000..c57d0329 --- /dev/null +++ b/edl/rtc_tenclave.edl @@ -0,0 +1,21 @@ +enclave { + from "sgx_tstd.edl" import *; + from "sgx_stdio.edl" import *; + from "sgx_backtrace.edl" import *; + from "sgx_tstdc.edl" import *; + + include "sgx_eid.h" + include "sgx_dh.h" + + trusted{ + public SessionRequestResult session_request(sgx_enclave_id_t src_enclave_id); + public ExchangeReportResult exchange_report(sgx_enclave_id_t src_enclave_id, [in]const sgx_dh_msg2_t *dh_msg2); + public sgx_status_t end_session(sgx_enclave_id_t src_enclave_id); + }; + + untrusted{ + SessionRequestResult rtc_session_request_u(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + ExchangeReportResult rtc_exchange_report_u(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in]sgx_dh_msg2_t *dh_msg2); + sgx_status_t rtc_end_session_u(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; +}; \ No newline at end of file diff --git a/rtc_auth_enclave/Cargo.lock b/rtc_auth_enclave/Cargo.lock index 93f5811c..25ed8007 100644 --- a/rtc_auth_enclave/Cargo.lock +++ b/rtc_auth_enclave/Cargo.lock @@ -209,6 +209,14 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "once_cell" +version = "1.4.0" +source = "git+https://github.com/mesalock-linux/once_cell-sgx.git?tag=sgx_1.1.3#cefcaa03fed4d85276b3235d875f1b45d399cc3c" +dependencies = [ + "sgx_tstd", +] + [[package]] name = "once_cell" version = "1.7.2" @@ -340,7 +348,7 @@ checksum = "55ae9a4d2975bdd8254d7bcdd2261be62b42b8920f903ec682b08cdc11b87af2" dependencies = [ "cc", "libc", - "once_cell", + "once_cell 1.7.2", "spin", "untrusted", "web-sys", @@ -365,6 +373,7 @@ version = "0.1.0" dependencies = [ "cfg-if 1.0.0", "hex", + "once_cell 1.4.0", "rand 0.7.3", "ring", "rtc_types", @@ -372,6 +381,7 @@ dependencies = [ "serde 1.0.118", "serde_json 1.0.60", "sgx_tcrypto", + "sgx_tdh", "sgx_tse", "sgx_tstd", "sgx_types", @@ -496,6 +506,17 @@ dependencies = [ "sgx_types", ] +[[package]] +name = "sgx_tdh" +version = "1.1.3" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk.git?rev=b9d1bda#b9d1bda674564668f8cf2e1ee202d08533fde46f" +dependencies = [ + "sgx_tcrypto", + "sgx_trts", + "sgx_tse", + "sgx_types", +] + [[package]] name = "sgx_tprotected_fs" version = "1.1.3" diff --git a/rtc_auth_enclave/Makefile b/rtc_auth_enclave/Makefile index 794eb9f0..d583bf39 100644 --- a/rtc_auth_enclave/Makefile +++ b/rtc_auth_enclave/Makefile @@ -24,6 +24,7 @@ else ifeq ($(MITIGATION-CVE-2020-0551), CF) export MITIGATION_CVE_2020_0551=CF endif +ENCLAVE_NAME = rtc_auth CRATE_LIB_NAME := enclave CRATE_BUILD_PATH := ./target/release CODEGEN_PATH = /root/rtc-data/codegen/auth_enclave @@ -36,11 +37,11 @@ Crate_Files := $(wildcard src/*.rs ../rtc_tenclave/src/*.rs) Out_StaticLib := $(CRATE_BUILD_PATH)/lib$(CRATE_LIB_NAME).a Out_Bindings := $(CODEGEN_PATH)/bindings.h -Out_EdgeObject := $(CUSTOM_LIBRARY_PATH)/Enclave_t.o +Out_EdgeObject := $(CUSTOM_LIBRARY_PATH)/$(ENCLAVE_NAME)_t.o Out_Dylib := $(CUSTOM_LIBRARY_PATH)/enclave.so Out_SignedDylib := $(CUSTOM_BIN_PATH)/enclave.signed.so -Out_CodegenFiles := $(CODEGEN_PATH)/Enclave_t.c $(CODEGEN_PATH)/Enclave_t.h $(CODEGEN_PATH)/Enclave_u.c $(CODEGEN_PATH)/Enclave_u.h +Out_CodegenFiles := $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.h $(CODEGEN_PATH)/$(ENCLAVE_NAME)_u.c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_u.h .PHONY: all @@ -97,12 +98,12 @@ $(Out_StaticLib) $(Out_Bindings): $(Crate_Files) @rm -f $(Out_StaticLib) $(Out_Bindings) cargo build --release -$(Out_CodegenFiles): $(SGX_EDGER8R) ./Enclave.edl $(Out_Bindings) | $(CODEGEN_PATH) - $(SGX_EDGER8R) ./Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_EDL_PATH) --trusted-dir $(CODEGEN_PATH) --untrusted-dir $(CODEGEN_PATH) +$(Out_CodegenFiles): $(SGX_EDGER8R) ./$(ENCLAVE_NAME).edl $(Out_Bindings) | $(CODEGEN_PATH) + $(SGX_EDGER8R) --use-prefix ./$(ENCLAVE_NAME).edl --search-path $(SGX_SDK)/include --search-path $(RUST_EDL_PATH) --search-path $(RTC_EDL_PATH) --trusted-dir $(CODEGEN_PATH) --untrusted-dir $(CODEGEN_PATH) @echo "GEN => $(Enclave_EDL_Files)" $(Out_EdgeObject): $(Out_CodegenFiles) | $(CODEGEN_PATH) $(CUSTOM_LIBRARY_PATH) - @$(CC) $(RustEnclave_Compile_Flags) -c $(CODEGEN_PATH)/Enclave_t.c -o $@ + @$(CC) $(RustEnclave_Compile_Flags) -c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.c -o $@ @echo "CC <= $<" $(Out_Dylib): $(Out_StaticLib) $(Out_EdgeObject) | $(CUSTOM_LIBRARY_PATH) diff --git a/rtc_auth_enclave/Enclave.edl b/rtc_auth_enclave/rtc_auth.edl similarity index 87% rename from rtc_auth_enclave/Enclave.edl rename to rtc_auth_enclave/rtc_auth.edl index a8caf4c3..e9b93860 100644 --- a/rtc_auth_enclave/Enclave.edl +++ b/rtc_auth_enclave/rtc_auth.edl @@ -1,8 +1,10 @@ enclave { from "sgx_tstd.edl" import *; from "sgx_backtrace.edl" import *; + from "rtc_tenclave.edl" import *; include "sgx_report.h" + include "sgx_dh.h" include "bindings.h" trusted { diff --git a/rtc_auth_enclave/src/lib.rs b/rtc_auth_enclave/src/lib.rs index 5e7ea09b..39cc52b1 100644 --- a/rtc_auth_enclave/src/lib.rs +++ b/rtc_auth_enclave/src/lib.rs @@ -4,8 +4,9 @@ #![deny(unsafe_op_in_unsafe_fn)] #![deny(clippy::mem_forget)] -use sgx_types::{sgx_report_t, sgx_status_t, sgx_target_info_t}; +#[cfg(not(target_env = "sgx"))] +#[macro_use] +extern crate sgx_tstd as std; -use rtc_types::{CreateReportResult, EnclaveHeldData}; - -use rtc_tenclave::enclave::*; +pub use rtc_tenclave::dh::*; +pub use rtc_tenclave::enclave::*; diff --git a/rtc_data_enclave/Cargo.lock b/rtc_data_enclave/Cargo.lock index 8f95a9f9..5fe94351 100644 --- a/rtc_data_enclave/Cargo.lock +++ b/rtc_data_enclave/Cargo.lock @@ -288,6 +288,14 @@ dependencies = [ "sgx_tstd", ] +[[package]] +name = "once_cell" +version = "1.4.0" +source = "git+https://github.com/mesalock-linux/once_cell-sgx.git?tag=sgx_1.1.3#cefcaa03fed4d85276b3235d875f1b45d399cc3c" +dependencies = [ + "sgx_tstd", +] + [[package]] name = "once_cell" version = "1.7.2" @@ -419,7 +427,7 @@ checksum = "4fd28ff5eda53903a8406cae62b02b29b2bd1b29410221ddc41581933355496d" dependencies = [ "cc", "libc", - "once_cell", + "once_cell 1.7.2", "spin", "untrusted", "web-sys", @@ -462,6 +470,7 @@ version = "0.1.0" dependencies = [ "cfg-if 1.0.0", "hex", + "once_cell 1.4.0", "rand 0.7.3", "ring", "rtc_types", @@ -469,6 +478,7 @@ dependencies = [ "serde 1.0.118", "serde_json 1.0.60", "sgx_tcrypto", + "sgx_tdh", "sgx_tse", "sgx_tstd", "sgx_types", @@ -635,6 +645,17 @@ dependencies = [ "sgx_crypto_helper", ] +[[package]] +name = "sgx_tdh" +version = "1.1.3" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk.git?rev=b9d1bda#b9d1bda674564668f8cf2e1ee202d08533fde46f" +dependencies = [ + "sgx_tcrypto", + "sgx_trts", + "sgx_tse", + "sgx_types", +] + [[package]] name = "sgx_tprotected_fs" version = "1.1.3" diff --git a/rtc_data_enclave/Makefile b/rtc_data_enclave/Makefile index 408764cc..1757a291 100644 --- a/rtc_data_enclave/Makefile +++ b/rtc_data_enclave/Makefile @@ -24,6 +24,7 @@ else ifeq ($(MITIGATION-CVE-2020-0551), CF) export MITIGATION_CVE_2020_0551=CF endif +ENCLAVE_NAME = rtc_data CRATE_LIB_NAME := enclave CRATE_BUILD_PATH := ./target/release CODEGEN_PATH = /root/rtc-data/codegen/data_enclave @@ -36,11 +37,11 @@ Crate_Files := $(wildcard src/*.rs ../rtc_tenclave/src/*.rs) Out_StaticLib := $(CRATE_BUILD_PATH)/lib$(CRATE_LIB_NAME).a Out_Bindings := $(CODEGEN_PATH)/bindings.h -Out_EdgeObject := $(CUSTOM_LIBRARY_PATH)/Enclave_t.o +Out_EdgeObject := $(CUSTOM_LIBRARY_PATH)/$(ENCLAVE_NAME)_t.o Out_Dylib := $(CUSTOM_LIBRARY_PATH)/enclave.so Out_SignedDylib := $(CUSTOM_BIN_PATH)/enclave.signed.so -Out_CodegenFiles := $(CODEGEN_PATH)/Enclave_t.c $(CODEGEN_PATH)/Enclave_t.h $(CODEGEN_PATH)/Enclave_u.c $(CODEGEN_PATH)/Enclave_u.h +Out_CodegenFiles := $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.h $(CODEGEN_PATH)/$(ENCLAVE_NAME)_u.c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_u.h .PHONY: all @@ -97,12 +98,12 @@ $(Out_StaticLib) $(Out_Bindings): $(Crate_Files) @rm -f $(Out_StaticLib) $(Out_Bindings) cargo build --release -$(Out_CodegenFiles): $(SGX_EDGER8R) ./Enclave.edl $(Out_Bindings) | $(CODEGEN_PATH) - $(SGX_EDGER8R) ./Enclave.edl --search-path $(SGX_SDK)/include --search-path $(RUST_EDL_PATH) --trusted-dir $(CODEGEN_PATH) --untrusted-dir $(CODEGEN_PATH) +$(Out_CodegenFiles): $(SGX_EDGER8R) ./$(ENCLAVE_NAME).edl $(Out_Bindings) | $(CODEGEN_PATH) + $(SGX_EDGER8R) --use-prefix ./$(ENCLAVE_NAME).edl --search-path $(SGX_SDK)/include --search-path $(RUST_EDL_PATH) --search-path $(RTC_EDL_PATH) --trusted-dir $(CODEGEN_PATH) --untrusted-dir $(CODEGEN_PATH) @echo "GEN => $(Enclave_EDL_Files)" $(Out_EdgeObject): $(Out_CodegenFiles) | $(CODEGEN_PATH) $(CUSTOM_LIBRARY_PATH) - @$(CC) $(RustEnclave_Compile_Flags) -c $(CODEGEN_PATH)/Enclave_t.c -o $@ + @$(CC) $(RustEnclave_Compile_Flags) -c $(CODEGEN_PATH)/$(ENCLAVE_NAME)_t.c -o $@ @echo "CC <= $<" $(Out_Dylib): $(Out_StaticLib) $(Out_EdgeObject) | $(CUSTOM_LIBRARY_PATH) diff --git a/rtc_data_enclave/Enclave.edl b/rtc_data_enclave/rtc_data.edl similarity index 74% rename from rtc_data_enclave/Enclave.edl rename to rtc_data_enclave/rtc_data.edl index acde7d5a..e1360f4d 100644 --- a/rtc_data_enclave/Enclave.edl +++ b/rtc_data_enclave/rtc_data.edl @@ -6,9 +6,11 @@ enclave { from "sgx_tprotected_fs.edl" import *; from "sgx_fs.edl" import *; from "sgx_file.edl" import *; + from "rtc_tenclave.edl" import *; include "sgx_tprotected_fs.h" include "sgx_report.h" + include "sgx_dh.h" include "bindings.h" trusted { @@ -17,7 +19,8 @@ enclave { [out, isary]EnclaveHeldData enclave_data, [out]sgx_report_t* p_report); - public DataUploadResult rtc_validate_and_save([in, count=payload_len]const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); + public DataUploadResult validate_and_save([in, count=payload_len]const uint8_t* payload_ptr, size_t payload_len, UploadMetadata metadata); + public sgx_status_t local_attestation(sgx_enclave_id_t rtc_local_attestation); }; untrusted { diff --git a/rtc_data_enclave/src/lib.rs b/rtc_data_enclave/src/lib.rs index cae96304..bca13ca9 100644 --- a/rtc_data_enclave/src/lib.rs +++ b/rtc_data_enclave/src/lib.rs @@ -37,7 +37,7 @@ use rtc_tenclave::enclave::*; /// The caller (SGX) should ensure that `payload_ptr` is valid for a slice of /// length `payload_len` #[no_mangle] -pub unsafe extern "C" fn rtc_validate_and_save( +pub unsafe extern "C" fn validate_and_save( payload_ptr: *const u8, payload_len: usize, metadata: UploadMetadata, @@ -55,3 +55,15 @@ pub unsafe extern "C" fn rtc_validate_and_save( (err) => EcallResult::Err(DataUploadError::Sealing(err)), } } + +/// Tries to perform local attestation to an enclave at dest_enclave_id. +/// +/// See: [`DhSessions::establish_new`] +#[no_mangle] +pub unsafe extern "C" fn local_attestation(dest_enclave_id: sgx_enclave_id_t) -> sgx_status_t { + let res = rtc_tenclave::dh::dh_sessions().establish_new(dest_enclave_id); + match res { + Ok(_) => sgx_status_t::SGX_SUCCESS, + Err(err) => err, + } +} diff --git a/rtc_data_service/tests/exec_token.rs b/rtc_data_service/tests/exec_token.rs index bbd60bd0..96c3ce5f 100644 --- a/rtc_data_service/tests/exec_token.rs +++ b/rtc_data_service/tests/exec_token.rs @@ -9,6 +9,8 @@ use actix_web::{http, test}; use rtc_data_service::data_enclave_actor::DataEnclaveActor; use rtc_data_service::exec_token; +use rtc_uenclave::EnclaveConfig; +use sgx_types::sgx_status_t; #[actix_rt::test] async fn data_service_exec_token_ok() { @@ -65,3 +67,25 @@ async fn data_service_exec_token_ok() { }; assert_eq!(expected, actual) } + +#[test] +fn test_local_attestation_success() { + let auth_enclave = rtc_uenclave::RtcAuthEnclave::init(EnclaveConfig { + lib_path: "/root/rtc-data/rtc_auth_enclave/build/bin/enclave.signed.so".to_string(), + ..Default::default() + }) + .unwrap(); + + let data_enclave = rtc_uenclave::RtcDataEnclave::init(EnclaveConfig { + lib_path: "/root/rtc-data/rtc_data_enclave/build/bin/enclave.signed.so".to_string(), + ..Default::default() + }) + .unwrap(); + + let res = data_enclave.local_attestation(auth_enclave.geteid()); + assert_eq!(res, sgx_status_t::SGX_SUCCESS); + + // TODO: Integration test for message sending + // We should consider moving the integration tests for enclave interaction into rtc_uenclave + // since these tests does not need anything from the data_service +} diff --git a/rtc_tenclave/Cargo.lock b/rtc_tenclave/Cargo.lock index 342482de..d0b9fd95 100644 --- a/rtc_tenclave/Cargo.lock +++ b/rtc_tenclave/Cargo.lock @@ -2,6 +2,15 @@ # It is not intended for manual editing. version = 3 +[[package]] +name = "aho-corasick" +version = "0.7.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e37cfd5e7657ada45f742d6e99ca5788580b5c529dc78faf11ece6dc702656f" +dependencies = [ + "memchr", +] + [[package]] name = "autocfg" version = "1.0.1" @@ -59,12 +68,39 @@ version = "1.0.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd" +[[package]] +name = "difference" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "524cbf6897b527295dff137cec09ecf3a05f4fddffd7dfcd1585403449e74198" + +[[package]] +name = "downcast" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4bb454f0228b18c7f4c3b0ebbee346ed9c52e7443b0999cd543ff3571205701d" + +[[package]] +name = "float-cmp" +version = "0.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e1267f4ac4f343772758f7b1bdcbe767c218bbab93bb432acbf5162bbf85a6c4" +dependencies = [ + "num-traits", +] + [[package]] name = "fnv" version = "1.0.7" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1" +[[package]] +name = "fragile" +version = "1.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "69a039c3498dc930fe810151a34ba0c1c70b02b8625035592e74432f678591f2" + [[package]] name = "getrandom" version = "0.1.14" @@ -159,6 +195,45 @@ dependencies = [ "cfg-if 1.0.0", ] +[[package]] +name = "memchr" +version = "2.4.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b16bd47d9e329435e309c58469fe0791c2d0d1ba96ec0954152a5ae2b04387dc" + +[[package]] +name = "mockall" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "18d614ad23f9bb59119b8b5670a85c7ba92c5e9adf4385c81ea00c51c8be33d5" +dependencies = [ + "cfg-if 1.0.0", + "downcast", + "fragile", + "lazy_static", + "mockall_derive", + "predicates", + "predicates-tree", +] + +[[package]] +name = "mockall_derive" +version = "0.9.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5dd4234635bca06fc96c7368d038061e0aae1b00a764dc817e900dc974e3deea" +dependencies = [ + "cfg-if 1.0.0", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "normalize-line-endings" +version = "0.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "61807f77802ff30975e01f4f071c8ba10c022052f98b3294119f3e615d13e5be" + [[package]] name = "num-traits" version = "0.2.14" @@ -168,6 +243,14 @@ dependencies = [ "autocfg", ] +[[package]] +name = "once_cell" +version = "1.4.0" +source = "git+https://github.com/mesalock-linux/once_cell-sgx.git?tag=sgx_1.1.3#cefcaa03fed4d85276b3235d875f1b45d399cc3c" +dependencies = [ + "sgx_tstd", +] + [[package]] name = "once_cell" version = "1.7.2" @@ -185,6 +268,35 @@ version = "0.2.10" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ac74c624d6b2d21f425f752262f42188365d7b8ff1aff74c82e45136510a4857" +[[package]] +name = "predicates" +version = "1.0.8" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f49cfaf7fdaa3bfacc6fa3e7054e65148878354a5cfddcf661df4c851f8021df" +dependencies = [ + "difference", + "float-cmp", + "normalize-line-endings", + "predicates-core", + "regex", +] + +[[package]] +name = "predicates-core" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "57e35a3326b75e49aa85f5dc6ec15b41108cf5aee58eabb1f274dd18b73c2451" + +[[package]] +name = "predicates-tree" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "15f553275e5721409451eb85e15fd9a860a6e5ab4496eb215987502b5f5391f2" +dependencies = [ + "predicates-core", + "treeline", +] + [[package]] name = "proc-macro2" version = "1.0.26" @@ -388,6 +500,17 @@ dependencies = [ "bitflags", ] +[[package]] +name = "regex" +version = "1.5.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d07a8629359eb56f1e2fb1652bb04212c072a87ba68546a04065d525673ac461" +dependencies = [ + "aho-corasick", + "memchr", + "regex-syntax", +] + [[package]] name = "regex-syntax" version = "0.6.25" @@ -411,7 +534,7 @@ checksum = "55ae9a4d2975bdd8254d7bcdd2261be62b42b8920f903ec682b08cdc11b87af2" dependencies = [ "cc", "libc", - "once_cell", + "once_cell 1.7.2", "spin", "untrusted", "web-sys", @@ -424,6 +547,9 @@ version = "0.1.0" dependencies = [ "cfg-if 1.0.0", "hex", + "mockall", + "once_cell 1.4.0", + "once_cell 1.7.2", "proptest", "rand 0.7.3 (git+https://github.com/mesalock-linux/rand-sgx?tag=v0.7.3_sgx1.1.3)", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", @@ -435,6 +561,7 @@ dependencies = [ "serde_json 1.0.60", "serde_json 1.0.64", "sgx_tcrypto", + "sgx_tdh", "sgx_tse", "sgx_tstd", "sgx_types", @@ -560,6 +687,17 @@ dependencies = [ "sgx_types", ] +[[package]] +name = "sgx_tdh" +version = "1.1.3" +source = "git+https://github.com/apache/incubator-teaclave-sgx-sdk.git?rev=b9d1bda#b9d1bda674564668f8cf2e1ee202d08533fde46f" +dependencies = [ + "sgx_tcrypto", + "sgx_trts", + "sgx_tse", + "sgx_types", +] + [[package]] name = "sgx_tprotected_fs" version = "1.1.3" @@ -705,6 +843,12 @@ dependencies = [ "syn", ] +[[package]] +name = "treeline" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a7f741b240f1a48843f9b8e0444fb55fb2a4ff67293b50a9179dfd5ea67f8d41" + [[package]] name = "unicode-xid" version = "0.2.2" diff --git a/rtc_tenclave/Cargo.toml b/rtc_tenclave/Cargo.toml index 8f42450c..cbfa8e4c 100644 --- a/rtc_tenclave/Cargo.toml +++ b/rtc_tenclave/Cargo.toml @@ -11,7 +11,7 @@ doctest = false crate-type = ["lib"] [features] -default = ["sgx_tstd", "sgx_tse", "rtc_types/teaclave_sgx", "rand", "thiserror", "sgx_tcrypto", "serde", "serde_json"] +default = ["sgx_tstd", "sgx_tse", "rtc_types/teaclave_sgx", "rand", "thiserror", "sgx_tcrypto", "sgx_tdh", "once_cell", "serde", "serde_json"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -23,6 +23,8 @@ sgx_tse = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", re rand = { git = "https://github.com/mesalock-linux/rand-sgx", tag = "v0.7.3_sgx1.1.3", optional = true } thiserror = { git = "https://github.com/mesalock-linux/thiserror-sgx.git", optional = true } sgx_tcrypto = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", rev = "b9d1bda", optional = true } +sgx_tdh = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", rev = "b9d1bda", features = ["use_lav2"], optional = true } +once_cell = { git = "https://github.com/mesalock-linux/once_cell-sgx.git", tag = "sgx_1.1.3", optional = true } # XXX: Work around serde-json-sgx / Cargo version handling issue # @@ -62,17 +64,18 @@ sodalite = { version = "0.4.0", default-features = false } cfg-if = "1.0.0" hex = { version = "0.4.3", default-features = false, features = ["alloc"] } - [dev-dependencies] thiserror_std = { package = "thiserror", version = "1.0.9" } rand_std = { package = "rand", version = "0.7.3" } sgx_ucrypto = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", rev = "b9d1bda" } serde_std = { package = "serde", version = "1.0.0" } serde_json_std = { package = "serde_json", version = "1.0.0" } +once_cell_std = { package = "once_cell", version="1.7.2" } # Test-only dependencies proptest = "1.0.0" tempfile = "3.2.0" +mockall = { version = "0.9.1", features = ["nightly"] } [patch."https://github.com/apache/teaclave-sgx-sdk.git"] sgx_tstd = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", rev = "b9d1bda" } diff --git a/rtc_tenclave/src/dh/mod.rs b/rtc_tenclave/src/dh/mod.rs new file mode 100644 index 00000000..5e481e8f --- /dev/null +++ b/rtc_tenclave/src/dh/mod.rs @@ -0,0 +1,18 @@ +//! Support for establishing secure local inter-enclave sessions using [`sgx_tdh`]. + +mod protected_channel; +mod sessions; +mod types; + +pub use sessions::*; + +#[cfg(test)] +mod enclave { + //! Stub [`sgx_tstd::enclave`] for testing. + + use sgx_types::sgx_enclave_id_t; + + pub fn get_enclave_id() -> sgx_enclave_id_t { + 78 + } +} diff --git a/rtc_tenclave/src/dh/protected_channel.rs b/rtc_tenclave/src/dh/protected_channel.rs new file mode 100644 index 00000000..07a264fd --- /dev/null +++ b/rtc_tenclave/src/dh/protected_channel.rs @@ -0,0 +1,122 @@ +//! Secure symmetric communication channels based on [`sgx_tcrypto`]'s AES-GCM. + +use secrecy::{ExposeSecret, Secret}; +use sgx_tcrypto::{rsgx_rijndael128GCM_decrypt, rsgx_rijndael128GCM_encrypt}; +use sgx_types::*; + +use super::types::AlignedKey; +use crate::util::concat_u8; + +#[cfg(test)] +use super::enclave; +#[cfg(not(test))] +use sgx_tstd::enclave; + +// NIST AES-GCM recommended IV size +type RecommendedAesGcmIv = [u8; 12]; + +pub struct ProtectedChannel { + iv_constructor: DeterministicAesGcmIvConstructor, + key: Secret, +} + +impl ProtectedChannel { + pub fn init(key: Secret) -> Self { + Self { + iv_constructor: DeterministicAesGcmIvConstructor::for_current_enclave(), + key, + } + } + + pub fn encrypt_message( + &mut self, + plaintext: [u8; MESSAGE_SIZE], + aad: [u8; AAD_SIZE], + ) -> Result, sgx_status_t> { + let nonce = self.iv_constructor.next(); + let mut dst = [0_u8; MESSAGE_SIZE]; + let mut mac = sgx_aes_gcm_128bit_tag_t::default(); + rsgx_rijndael128GCM_encrypt( + self.key.expose_secret().key(), + &plaintext, + &nonce, + &aad, + &mut dst, + &mut mac, + )?; + + Ok(EncryptedEnclaveMessage { + tag: mac, + ciphertext: dst, + aad, + nonce, + }) + } + + pub fn decrypt_message( + &self, + message: EncryptedEnclaveMessage, + ) -> Result<[u8; MESSAGE_SIZE], sgx_status_t> { + let mut dst = [0_u8; MESSAGE_SIZE]; + rsgx_rijndael128GCM_decrypt( + self.key.expose_secret().key(), + &message.ciphertext, + &message.nonce, + &message.aad, + &message.tag, + &mut dst, + )?; + Ok(dst) + } +} + +pub struct EncryptedEnclaveMessage { + tag: sgx_aes_gcm_128bit_tag_t, + ciphertext: [u8; MESSAGE_SIZE], + aad: [u8; AAD_SIZE], + nonce: RecommendedAesGcmIv, +} + +/// Implement the deterministic construction of AES-GCM IVs, as described in section 8.2.1 of [NIST SP 800-38D], +/// "Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC". +/// +/// In this construction, the IV is the concatenation of two fields: +/// +/// 1. The **fixed** field, unique between each device using a given secret key. +/// This implementation uses a 64-bit enclave identifier. +/// +/// 2. The **invocation** field, unique for each device message. +/// This implementation uses a 32-bit counter. +/// +/// Note that _NIST SP 800-38D_ recommends a 32-bit fixed field and 64-bit invocation field, +/// but this implementation swaps the sizes around, to match the enclave identifier size. +/// +/// [NIST SP 800-38D]: https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf +struct DeterministicAesGcmIvConstructor { + fixed: [u8; 8], + invocation_counter: u32, +} + +impl DeterministicAesGcmIvConstructor { + /// Initialise a new instance based on [`sgx_tstd::enclave::get_enclave_id`]. + fn for_current_enclave() -> Self { + DeterministicAesGcmIvConstructor { + fixed: enclave::get_enclave_id().to_ne_bytes(), + invocation_counter: Default::default(), + } + } + + /// Return the next constructed IV. + /// + /// # Panics + /// + /// This will panic if the 32-bit invocation counter overflows. + /// This should not happen during normal use, as a given secret key should not be used for more than 2^32 invocations. + fn next(&mut self) -> RecommendedAesGcmIv { + self.invocation_counter = self.invocation_counter.checked_add(1).expect( + "DeterministicAesGcmIvConstructor: invocation counter overflow, unsafe to proceed", + ); + + concat_u8(&self.fixed, &self.invocation_counter.to_ne_bytes()) + } +} diff --git a/rtc_tenclave/src/dh/sessions.rs b/rtc_tenclave/src/dh/sessions.rs new file mode 100644 index 00000000..9e23a62d --- /dev/null +++ b/rtc_tenclave/src/dh/sessions.rs @@ -0,0 +1,334 @@ +use std::collections::HashMap; +use std::marker::PhantomData; +use std::prelude::v1::*; +use std::sync::Arc; + +use once_cell::sync::OnceCell; +use rtc_types::dh::{ExchangeReportResult, SessionRequestResult}; +use secrecy::Secret; +use sgx_types::*; + +use super::protected_channel::ProtectedChannel; +use super::types::{AlignedKey, RtcDhInitiator, RtcDhResponder}; + +#[cfg(not(test))] +use sgx_tstd::enclave; +#[cfg(not(test))] +use sgx_tstd::sync::{ + SgxMutex as Mutex, SgxRwLock as RwLock, SgxRwLockWriteGuard as RwLockWriteGuard, +}; + +#[cfg(test)] +use super::enclave; +#[cfg(test)] +use std::sync::{Mutex, RwLock, RwLockWriteGuard}; + +extern "C" { + pub fn rtc_session_request_u( + ret: *mut SessionRequestResult, + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; + pub fn rtc_exchange_report_u( + ret: *mut ExchangeReportResult, + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + dh_msg2: *const sgx_dh_msg2_t, + ) -> sgx_status_t; + pub fn rtc_end_session_u( + ret: *mut sgx_status_t, + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; +} + +enum AtomicSession +where + TResp: RtcDhResponder, +{ + Closed, + InProgress(TResp), + Active(Arc>), +} + +pub struct DhSessions +where + TResp: RtcDhResponder, + TInit: RtcDhInitiator, +{ + sessions: RwLock>>>, + _phantom_init: PhantomData, +} + +impl DhSessions +where + TResp: RtcDhResponder, + TInit: RtcDhInitiator, +{ + fn get(&self, enclave_id: sgx_enclave_id_t) -> Option>> { + self.sessions + .read() + .expect("RwLock poisoned") + .get(&enclave_id) + .map(Clone::clone) + } + + fn lock_write(&self) -> RwLockWriteGuard>>> { + self.sessions.write().expect("RwLock poisoned") + } + + pub fn get_active(&self, enclave_id: sgx_enclave_id_t) -> Option>> { + match self.get(enclave_id)?.as_ref() { + AtomicSession::Active(x) => Some(x.clone()), + _ => None, + } + } + + fn take_in_progress(&self, enclave_id: sgx_enclave_id_t) -> Option { + let mut sessions = self.lock_write(); + + if matches!( + sessions.get(&enclave_id)?.as_ref(), + AtomicSession::InProgress(_) + ) { + match Arc::try_unwrap(sessions.remove(&enclave_id)?) { + Ok(AtomicSession::InProgress(resp)) => Some(resp), + Ok(_) => unreachable!(), + Err(_) => None, + } + } else { + None + } + } + + pub fn close_session(&self, enclave_id: sgx_enclave_id_t) -> () { + let mut sessions = self.lock_write(); + sessions.insert(enclave_id, Arc::new(AtomicSession::Closed)); + () + } + + /// Creates and sets an active session between this enclave and the enclave with `id` using + /// the `key`. + /// + /// # Valid Operations (It is the responsibility of the caller to ensure these hold) + /// None -> Active = Ok + /// Closed -> Active = Ok + /// InProgress -> Active = Err if it is the same session + /// - In progress value needs to be removed from the map before using it to finalize a session + /// Active -> Active = Err + /// - A session should be closed and then recreated to prevent resetting the nonce counter + /// with the same key. + fn set_active( + &self, + enclave_id: sgx_enclave_id_t, + key: Secret, + ) -> Result>, sgx_status_t> { + let channel = Arc::new(Mutex::new(ProtectedChannel::init(key))); + self.lock_write() + .insert(enclave_id, Arc::new(AtomicSession::Active(channel.clone()))); + Ok(channel) + } + + /// Sets an in_progress session for a responding enclave linked to the provided enclave. + /// + /// # Valid Operations (It is the responsibility of the caller to ensure these hold) + /// InProgress -> InProgress = Ok + /// Closed -> InProgress = Ok + /// Active -> In Progress = Ok if keying material differs + fn set_in_progress( + &self, + enclave_id: sgx_enclave_id_t, + responder: TResp, + ) -> Result<(), sgx_status_t> { + let _result = self + .lock_write() + .insert(enclave_id, Arc::new(AtomicSession::InProgress(responder))); + + Ok(()) + } + + /// Attest and establish a new active session between this enclave and `dest_enclave_id`. + /// + /// The responding enclave must be registered using [`rtc_udh::set_responder`]. + pub fn establish_new( + &self, + dest_enclave_id: sgx_enclave_id_t, + ) -> Result>, sgx_status_t> { + let this_enclave_id = enclave::get_enclave_id(); + let mut initiator = TInit::init_session(); + + let dh_msg1 = init_responder_ocall(this_enclave_id, dest_enclave_id)?; + + let dh_msg2 = initiator.proc_msg1(&dh_msg1)?; + let mut dh_msg3 = exchange_report_ocall(this_enclave_id, dest_enclave_id, &dh_msg2)?; + + // TODO: Verify identity + let dh_values = initiator.proc_msg3(&mut dh_msg3)?; + + self.set_active(dest_enclave_id, dh_values.session_key) + } + + pub fn initiate_response( + &self, + src_enclave_id: sgx_enclave_id_t, + ) -> Result { + let mut responder = TResp::init_session(); + + let dh_msg1 = responder.gen_msg1()?; + + self.set_in_progress(src_enclave_id, responder)?; + + Ok(dh_msg1) + } + + pub fn exchange_report( + &self, + src_enclave_id: sgx_enclave_id_t, + dh_msg2: &sgx_dh_msg2_t, + ) -> Result { + let mut responder = self + .take_in_progress(src_enclave_id) + // TODO: custom error + .ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?; + + let (msg3, dh_values) = responder.proc_msg2(dh_msg2)?; + + // TODO: Verify initiator_identity + + self.set_active(src_enclave_id, dh_values.session_key)?; + + Ok(msg3) + } + + pub fn get_or_create_session( + &self, + dest_enclave_id: sgx_enclave_id_t, + ) -> Result>, sgx_status_t> { + if let Some(channel) = self.get_active(dest_enclave_id) { + Ok(channel) + } else { + self.establish_new(dest_enclave_id) + } + } +} + +fn init_responder_ocall( + this_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, +) -> Result { + let mut ret = SessionRequestResult::default(); + + // TODO: Safety + let ocall_res = unsafe { rtc_session_request_u(&mut ret, this_enclave_id, dest_enclave_id) }; + + match ocall_res { + sgx_status_t::SGX_SUCCESS => ret.into(), + err => Err(err), + } +} + +fn exchange_report_ocall( + this_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + dh_msg2: &sgx_dh_msg2_t, +) -> Result { + let mut ret = ExchangeReportResult::default(); + + // TODO: Safety + let ocall_res = + unsafe { rtc_exchange_report_u(&mut ret, this_enclave_id, dest_enclave_id, dh_msg2) }; + + match ocall_res { + sgx_status_t::SGX_SUCCESS => ret.into(), + err => Err(err), + } +} + +#[no_mangle] +pub extern "C" fn session_request(src_enclave_id: sgx_enclave_id_t) -> SessionRequestResult { + dh_sessions().initiate_response(src_enclave_id).into() +} + +#[no_mangle] +pub extern "C" fn end_session(src_enclave_id: sgx_enclave_id_t) -> sgx_status_t { + // TODO: Ensure sessions close on both ends? + dh_sessions().close_session(src_enclave_id); + sgx_status_t::SGX_SUCCESS +} + +#[no_mangle] +pub unsafe extern "C" fn exchange_report( + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, +) -> ExchangeReportResult { + // TODO: Safety + let dh_msg2 = unsafe { &*dh_msg2_ptr }; + + dh_sessions() + .exchange_report(src_enclave_id, dh_msg2) + .into() +} + +// TODO: Integrate using function reference with similar signature or a config obj +fn verify_peer_enclave_trust(peer_identity: &sgx_dh_session_enclave_identity_t) -> Result<(), ()> { + let required_flags = SGX_FLAGS_INITTED; + let denied_flags = SGX_FLAGS_DEBUG; + let expected_mrenclave = [0_u8; SGX_HASH_SIZE]; + let expected_mrsigner = [0_u8; SGX_HASH_SIZE]; + + if peer_identity.attributes.flags & required_flags == required_flags { + return Err(()); + } + if peer_identity.attributes.flags & denied_flags != 0 { + return Err(()); + } + if peer_identity.mr_enclave.m != expected_mrenclave { + return Err(()); + } + if peer_identity.mr_signer.m != expected_mrsigner { + return Err(()); + } + + return Ok(()); +} + +#[cfg(not(test))] +pub use sgx_impl::dh_sessions; + +#[cfg(test)] +pub use test::dh_sessions; + +#[cfg(not(test))] +mod sgx_impl { + use super::*; + use sgx_tdh::{SgxDhInitiator, SgxDhResponder}; + + pub fn dh_sessions() -> &'static DhSessions { + // NOTE: Something similar can be done in the OCALL library + // (by storing pointers to data inside the enclave, outside of the enclave) + // TODO: Figure out session timeouts + static DH_SESSIONS: OnceCell> = OnceCell::new(); + DH_SESSIONS.get_or_init(|| DhSessions { + sessions: RwLock::new(HashMap::new()), + _phantom_init: PhantomData::default(), + }) + } +} + +#[cfg(test)] +mod test { + use super::super::types::*; + use super::*; + + pub fn dh_sessions() -> &'static DhSessions { + // NOTE: Something similar can be done in the OCALL library + // (by storing pointers to data inside the enclave, outside of the enclave) + // TODO: Figure out session timeouts + static DH_SESSIONS: OnceCell> = + OnceCell::new(); + DH_SESSIONS.get_or_init(|| DhSessions { + sessions: RwLock::new(HashMap::new()), + _phantom_init: PhantomData::default(), + }) + } +} diff --git a/rtc_tenclave/src/dh/types.rs b/rtc_tenclave/src/dh/types.rs new file mode 100644 index 00000000..e10fd547 --- /dev/null +++ b/rtc_tenclave/src/dh/types.rs @@ -0,0 +1,145 @@ +use secrecy::{Secret, Zeroize}; +use sgx_types::*; + +#[cfg(test)] +use mockall::automock; + +pub struct AlignedKey(sgx_align_key_128bit_t); + +impl AlignedKey { + pub fn new(key: sgx_align_key_128bit_t) -> Secret { + Secret::new(Self(key)) + } + pub fn key(&self) -> &sgx_key_128bit_t { + &self.0.key + } +} + +impl Zeroize for AlignedKey { + fn zeroize(&mut self) { + self.0.key.zeroize() + } +} + +pub struct DhValues { + pub(crate) session_key: Secret, + pub(crate) peer_identity: sgx_dh_session_enclave_identity_t, +} + +#[cfg_attr(test, automock)] +pub trait RtcDhInitiator { + fn init_session() -> Self; + fn proc_msg1(&mut self, msg1: &sgx_dh_msg1_t) -> Result; + + /// Process msg3 and return the DhValues for the session + /// + /// We currently allow no additional prop data, and will return an error + /// if `msg3.msg3_body.additional_prop_length` is greater than 0. This can be changed + /// to a well known constant size in the future if the additional prop needs to be used. + fn proc_msg3(&mut self, msg3: &mut sgx_dh_msg3_t) -> Result; +} +#[cfg_attr(test, automock)] +pub trait RtcDhResponder { + fn init_session() -> Self; + fn gen_msg1(&mut self) -> Result; + + /// Process msg3 and return the DhValues for the session + fn proc_msg2( + &mut self, + msg2: &sgx_dh_msg2_t, + ) -> Result<(sgx_dh_msg3_t, DhValues), sgx_status_t>; +} + +#[cfg(not(test))] +pub mod impl_sgx { + use super::*; + use sgx_tdh::{SgxDhInitiator, SgxDhMsg3, SgxDhResponder}; + use sgx_tstd::mem; + + impl RtcDhInitiator for SgxDhInitiator { + fn init_session() -> Self { + SgxDhInitiator::init_session() + } + + fn proc_msg1(&mut self, msg1: &sgx_dh_msg1_t) -> Result { + let mut msg2 = sgx_dh_msg2_t::default(); + SgxDhInitiator::proc_msg1(self, msg1, &mut msg2)?; + Ok(msg2) + } + + fn proc_msg3(&mut self, msg3: &mut sgx_dh_msg3_t) -> Result { + // Only allow msg3 values with no additional prop data + if msg3.msg3_body.additional_prop_length > 0 { + return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER); + } + let mut aek = sgx_align_key_128bit_t::default(); + let mut peer_identity = sgx_dh_session_enclave_identity_t::default(); + + // Safety: + // This should be safe since we don't allow additional prop data, so we don't have to + // worry about memory allocations + let msg3_full = unsafe { + SgxDhMsg3::from_raw_dh_msg3_t(msg3, mem::size_of::() as u32) + } + .ok_or(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)?; + + SgxDhInitiator::proc_msg3(self, &msg3_full, &mut aek.key, &mut peer_identity)?; + Ok(DhValues { + session_key: AlignedKey::new(aek), + peer_identity, + }) + } + } + + impl RtcDhResponder for SgxDhResponder { + fn init_session() -> Self { + SgxDhResponder::init_session() + } + + fn gen_msg1(&mut self) -> Result { + let mut msg1 = sgx_dh_msg1_t::default(); + SgxDhResponder::gen_msg1(self, &mut msg1)?; + Ok(msg1) + } + + fn proc_msg2( + &mut self, + msg2: &sgx_dh_msg2_t, + ) -> Result<(sgx_dh_msg3_t, DhValues), sgx_status_t> { + let mut msg3 = SgxDhMsg3::new(); + let mut aek = sgx_align_key_128bit_t::default(); + let mut peer_identity = sgx_dh_session_enclave_identity_t::default(); + + SgxDhResponder::proc_msg2(self, msg2, &mut msg3, &mut aek.key, &mut peer_identity)?; + + let msg3_len = msg3.calc_raw_sealed_data_size(); + + // Only allow messages with 0 additional prop size + if msg3_len == (mem::size_of::() as u32) { + // This branch should never be reached since we don't use additional prop + // -- + // Normally unreachable code should panic but since this will open up a trivial + // way for untrusted code to trigger a panic (and potentially UB if we unwind over + // the ffi boundary) we should return with an `Err` instead. + return Err(sgx_status_t::SGX_ERROR_UNEXPECTED); + } + + let mut msg3_raw = sgx_dh_msg3_t::default(); + + // Safety: + // This function should be safe since we don't allow additional prop data, so we don't have + // to worry about memory allocations. We also guard against cases where this does not uphold + // to prevent UB. + unsafe { msg3.to_raw_dh_msg3_t(&mut msg3_raw, msg3_len) } + .ok_or(sgx_status_t::SGX_ERROR_UNEXPECTED)?; + + Ok(( + msg3_raw, + DhValues { + session_key: AlignedKey::new(aek), + peer_identity, + }, + )) + } + } +} diff --git a/rtc_tenclave/src/lib.rs b/rtc_tenclave/src/lib.rs index 4cfb33f7..ed21c268 100644 --- a/rtc_tenclave/src/lib.rs +++ b/rtc_tenclave/src/lib.rs @@ -18,9 +18,12 @@ cfg_if::cfg_if! { extern crate sgx_ucrypto as sgx_tcrypto; extern crate serde_std as serde; extern crate serde_json_std as serde_json; + extern crate once_cell_std as once_cell; } } +pub mod dh; + pub mod crypto; pub mod enclave; pub mod kv_store; diff --git a/rtc_types/src/dh.rs b/rtc_types/src/dh.rs new file mode 100644 index 00000000..d0890a74 --- /dev/null +++ b/rtc_types/src/dh.rs @@ -0,0 +1,17 @@ +use crate::EcallResult; +use sgx_types::*; + +pub type SessionRequestResult = EcallResult; +pub type ExchangeReportResult = EcallResult; + +impl Default for SessionRequestResult { + fn default() -> Self { + Self::Err(sgx_status_t::SGX_SUCCESS) + } +} + +impl Default for ExchangeReportResult { + fn default() -> Self { + Self::Err(sgx_status_t::SGX_SUCCESS) + } +} diff --git a/rtc_types/src/lib.rs b/rtc_types/src/lib.rs index 50ad8a6b..7a5f7892 100644 --- a/rtc_types/src/lib.rs +++ b/rtc_types/src/lib.rs @@ -16,6 +16,7 @@ use sgx_types::*; use std::boxed::Box; mod data_upload; +pub mod dh; pub use data_upload::*; mod exec_token; diff --git a/rtc_udh/Cargo.toml b/rtc_udh/Cargo.toml new file mode 100644 index 00000000..91d270ec --- /dev/null +++ b/rtc_udh/Cargo.toml @@ -0,0 +1,13 @@ +[package] +name = "rtc_udh" +version = "0.1.0" +authors = ["Herman "] +edition = "2018" + +# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html + +[dependencies] +sgx_types = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", rev = "b9d1bda", features = ["extra_traits"] } +rtc_types = { path = "../rtc_types" } +mockall = { version = "0.9.1", features = ["nightly"] } +once_cell = "1.7.2" diff --git a/rtc_udh/src/lib.rs b/rtc_udh/src/lib.rs new file mode 100644 index 00000000..6bcf5fd2 --- /dev/null +++ b/rtc_udh/src/lib.rs @@ -0,0 +1,99 @@ +mod responder; + +use std::{ + collections::HashMap, + sync::{Arc, Mutex, RwLock}, +}; + +use once_cell::sync::OnceCell; +use responder::Responder; +pub use responder::ResponderSys; +use rtc_types::{ + dh::{ExchangeReportResult, SessionRequestResult}, + EcallResult, +}; +use sgx_types::*; + +type SyncSendResponder = Arc>; + +type DhResponders = HashMap; + +fn dh_responders() -> &'static RwLock { + static DH_RESPONDERS: OnceCell> = OnceCell::new(); + DH_RESPONDERS.get_or_init(|| RwLock::new(HashMap::new())) +} + +/// Register enclave as a DH responder. +pub fn set_responder( + enclave_id: sgx_enclave_id_t, + responder: Box<(dyn ResponderSys + 'static)>, +) -> Result<(), sgx_status_t> { + match dh_responders().write() { + Ok(mut resp_map) => { + resp_map.insert( + enclave_id, + Arc::new(Mutex::new(Responder::new(enclave_id, responder))), + ); + Ok(()) + } + Err(_) => Err(sgx_status_t::SGX_ERROR_UNEXPECTED), + } +} + +/// Retrieve enclave's registered responder. +fn get_responder(enclave_id: sgx_enclave_id_t) -> Result { + dh_responders() + .read() + .or(Err(sgx_status_t::SGX_ERROR_UNEXPECTED))? + .get(&enclave_id) + .ok_or(sgx_status_t::SGX_ERROR_INVALID_ENCLAVE_ID) + .map(Clone::clone) +} + +#[no_mangle] +pub extern "C" fn rtc_session_request_u( + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, +) -> SessionRequestResult { + // TODO: Refactor our duplicated code here, this is tricky because of variable + // scoping when working with locks + match get_responder(dest_enclave_id) { + Ok(res) => res + .lock() + .or(Err(sgx_status_t::SGX_ERROR_UNEXPECTED)) + .and_then(|resp| resp.session_request(src_enclave_id).into()) + .into(), + Err(err) => EcallResult::Err(err), + } +} + +#[no_mangle] +extern "C" fn rtc_exchange_report_u( + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + dh_msg2: *const sgx_dh_msg2_t, +) -> ExchangeReportResult { + match get_responder(dest_enclave_id) { + Ok(res) => res + .lock() + .or(Err(sgx_status_t::SGX_ERROR_UNEXPECTED)) + .and_then(|resp| resp.exchange_report(src_enclave_id, dh_msg2).into()) + .into(), + Err(err) => EcallResult::Err(err), + } +} + +#[no_mangle] +extern "C" fn rtc_end_session_u( + src_enclave_id: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, +) -> sgx_status_t { + match get_responder(dest_enclave_id) { + Ok(res) => res + .lock() + .map_or(sgx_status_t::SGX_ERROR_UNEXPECTED, |resp| { + resp.end_session(src_enclave_id) + }), + Err(err) => err, + } +} diff --git a/rtc_udh/src/responder.rs b/rtc_udh/src/responder.rs new file mode 100644 index 00000000..0629d337 --- /dev/null +++ b/rtc_udh/src/responder.rs @@ -0,0 +1,89 @@ +use rtc_types::{ + dh::{ExchangeReportResult, SessionRequestResult}, + EcallResult, +}; +use sgx_types::*; + +pub trait ResponderSys: Send { + unsafe fn rtc_session_request( + &self, + eid: sgx_enclave_id_t, + retval: *mut SessionRequestResult, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; + + unsafe fn rtc_exchange_report( + &self, + eid: sgx_enclave_id_t, + retval: *mut ExchangeReportResult, + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, + ) -> sgx_status_t; + + unsafe fn rtc_end_session( + &self, + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; +} + +pub(crate) struct Responder { + eid: sgx_enclave_id_t, + sys: Box, +} + +// TODO: Unsafe comments +impl Responder { + pub fn new(eid: sgx_enclave_id_t, sys: Box) -> Self { + Self { eid, sys } + } + + pub fn session_request(&self, src_enclave_id: sgx_enclave_id_t) -> SessionRequestResult { + let mut retval = SessionRequestResult::default(); + let ecall_res = unsafe { + self.sys + .rtc_session_request(self.eid, &mut retval, src_enclave_id) + }; + if ecall_res == sgx_status_t::SGX_SUCCESS { + retval + } else { + println!("Session request ecall failed for enclave: {}", self.eid); + EcallResult::Err(ecall_res) + } + } + + pub fn exchange_report( + &self, + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, + ) -> ExchangeReportResult { + let mut retval = ExchangeReportResult::default(); + let ecall_res = unsafe { + self.sys + .rtc_exchange_report(self.eid, &mut retval, src_enclave_id, dh_msg2_ptr) + }; + + if ecall_res == sgx_status_t::SGX_SUCCESS { + retval + } else { + println!("Exchange report ecall failed for enclave: {}", self.eid); + EcallResult::Err(ecall_res) + } + } + + pub fn end_session(&self, src_enclave_id: sgx_enclave_id_t) -> sgx_status_t { + let mut retval = sgx_status_t::SGX_SUCCESS; + let ecall_res = unsafe { + self.sys + .rtc_end_session(self.eid, &mut retval, src_enclave_id) + }; + + if ecall_res == sgx_status_t::SGX_SUCCESS { + retval + } else { + println!("End session ecall failed for enclave: {}", self.eid); + ecall_res + } + } +} diff --git a/rtc_uenclave/Cargo.toml b/rtc_uenclave/Cargo.toml index 4052350e..0770435c 100644 --- a/rtc_uenclave/Cargo.toml +++ b/rtc_uenclave/Cargo.toml @@ -28,6 +28,7 @@ serde_json = "1.0.64" data-sys = { path = "./data-sys", optional = true } auth-sys = { path = "./auth-sys", optional = true } rtc-ecalls = { path = "./rtc-ecalls" } +rtc_udh = { path = "../rtc_udh" } [dev-dependencies] rand = "0.7.3" diff --git a/rtc_uenclave/auth-sys/Cargo.toml b/rtc_uenclave/auth-sys/Cargo.toml index 2a8a4dc5..6db8cf3d 100644 --- a/rtc_uenclave/auth-sys/Cargo.toml +++ b/rtc_uenclave/auth-sys/Cargo.toml @@ -3,6 +3,10 @@ name = "auth-sys" version = "0.1.0" authors = ["Herman "] edition = "2018" +links = "rtc_auth_u" + +[lib] +crate-type = ["rlib"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -13,6 +17,7 @@ sgx_urts = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", r rtc_types = { path = "../../rtc_types" } rtc-ecalls = { path = "../rtc-ecalls" } +rtc_udh = { path = "../../rtc_udh" } [build-dependencies] cc = "1.0.67" diff --git a/rtc_uenclave/auth-sys/build.rs b/rtc_uenclave/auth-sys/build.rs index bd5f3735..358c1d42 100644 --- a/rtc_uenclave/auth-sys/build.rs +++ b/rtc_uenclave/auth-sys/build.rs @@ -18,7 +18,7 @@ fn main() { println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); let mut base_u = cc::Build::new() - .file(enclave_gen.join("Enclave_u.c")) + .file(enclave_gen.join("rtc_auth_u.c")) .no_default_flags(true) .includes(&includes) .flag("-fstack-protector") @@ -30,9 +30,9 @@ fn main() { .to_owned(); if profile == "release" { - base_u.flag("-O2").compile("Enclave_u"); + base_u.flag("-O2").compile("rtc_auth_u"); } else { - base_u.flag("-O0").flag("-g").compile("Enclave_u"); + base_u.flag("-O0").flag("-g").compile("rtc_auth_u"); } println!("cargo:rerun-if-changed=wrapper.h"); @@ -52,8 +52,7 @@ fn main() { .with_codegen_config(CodegenConfig::FUNCTIONS | CodegenConfig::TYPES) .allowlist_recursively(false) .array_pointers_in_arguments(true) - // TODO: see if there is a way to include functions using globbing - .allowlist_function("enclave_create_report") + .allowlist_function("rtc_auth_.*") .clang_args(&inc_args) .generate() .expect("Unable to generate bindings") diff --git a/rtc_uenclave/auth-sys/src/lib.rs b/rtc_uenclave/auth-sys/src/lib.rs index aa0e073a..1b9ceca6 100644 --- a/rtc_uenclave/auth-sys/src/lib.rs +++ b/rtc_uenclave/auth-sys/src/lib.rs @@ -1,8 +1,10 @@ #[allow(unused_imports)] -use sgx_urts; +pub use sgx_urts; use rtc_ecalls::RtcEnclaveEcalls; +use rtc_types::dh::*; use rtc_types::*; +use rtc_udh; use sgx_types::*; pub mod ffi { @@ -22,6 +24,36 @@ impl RtcEnclaveEcalls for AuthSys { enclave_data: *mut EnclaveHeldData, p_report: *mut sgx_report_t, ) -> sgx_status_t { - ffi::enclave_create_report(eid, retval, p_qe3_target, enclave_data, p_report) + ffi::rtc_auth_enclave_create_report(eid, retval, p_qe3_target, enclave_data, p_report) + } +} + +impl rtc_udh::ResponderSys for AuthSys { + unsafe fn rtc_session_request( + &self, + eid: sgx_enclave_id_t, + retval: *mut SessionRequestResult, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t { + ffi::rtc_auth_session_request(eid, retval, src_enclave_id) + } + + unsafe fn rtc_exchange_report( + &self, + eid: sgx_enclave_id_t, + retval: *mut ExchangeReportResult, + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, + ) -> sgx_status_t { + ffi::rtc_auth_exchange_report(eid, retval, src_enclave_id, dh_msg2_ptr) + } + + unsafe fn rtc_end_session( + &self, + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t { + ffi::rtc_auth_end_session(eid, retval, src_enclave_id) } } diff --git a/rtc_uenclave/auth-sys/wrapper.h b/rtc_uenclave/auth-sys/wrapper.h index b8489bea..2af0cf09 100644 --- a/rtc_uenclave/auth-sys/wrapper.h +++ b/rtc_uenclave/auth-sys/wrapper.h @@ -1 +1 @@ -#include "../../codegen/auth_enclave/Enclave_u.h" +#include "../../codegen/auth_enclave/rtc_auth_u.h" diff --git a/rtc_uenclave/data-sys/Cargo.toml b/rtc_uenclave/data-sys/Cargo.toml index 88211271..ef68cac4 100644 --- a/rtc_uenclave/data-sys/Cargo.toml +++ b/rtc_uenclave/data-sys/Cargo.toml @@ -3,7 +3,10 @@ name = "data-sys" version = "0.1.0" authors = ["Herman "] edition = "2018" -links = "Enclave_u" +links = "Enclave_data_u" + +[lib] +crate-type = ["rlib"] # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html @@ -15,6 +18,7 @@ sgx_urts = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk.git", r rtc_types = { path = "../../rtc_types" } data-ocalls = { path = "../data-ocalls" } rtc-ecalls = { path = "../rtc-ecalls" } +rtc_udh = { path = "../../rtc_udh" } [build-dependencies] cc = "1.0.67" diff --git a/rtc_uenclave/data-sys/build.rs b/rtc_uenclave/data-sys/build.rs index b90edecc..34bef178 100644 --- a/rtc_uenclave/data-sys/build.rs +++ b/rtc_uenclave/data-sys/build.rs @@ -18,7 +18,7 @@ fn main() { println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); let mut base_u = cc::Build::new() - .file(enclave_gen.join("Enclave_u.c")) + .file(enclave_gen.join("rtc_data_u.c")) .no_default_flags(true) .includes(&includes) .flag("-fstack-protector") @@ -30,9 +30,9 @@ fn main() { .to_owned(); if profile == "release" { - base_u.flag("-O2").compile("Enclave_u"); + base_u.flag("-O2").compile("rtc_data_u"); } else { - base_u.flag("-O0").flag("-g").compile("Enclave_u"); + base_u.flag("-O0").flag("-g").compile("rtc_data_u"); } println!("cargo:rerun-if-changed=wrapper.h"); @@ -52,9 +52,7 @@ fn main() { .with_codegen_config(CodegenConfig::FUNCTIONS | CodegenConfig::TYPES) .allowlist_recursively(false) .array_pointers_in_arguments(true) - // TODO: see if there is a way to include functions using globbing - .allowlist_function("enclave_create_report") - .allowlist_function("rtc_validate_and_save") + .allowlist_function("rtc_data_.*") .clang_args(&inc_args) .generate() .expect("Unable to generate bindings") diff --git a/rtc_uenclave/data-sys/src/lib.rs b/rtc_uenclave/data-sys/src/lib.rs index 12c4e1f1..16c7d563 100644 --- a/rtc_uenclave/data-sys/src/lib.rs +++ b/rtc_uenclave/data-sys/src/lib.rs @@ -8,7 +8,9 @@ use data_ocalls; use sgx_urts; use rtc_ecalls::RtcEnclaveEcalls; +use rtc_types::dh::*; use rtc_types::*; +use rtc_udh; use sgx_types::*; pub mod ffi { @@ -28,6 +30,36 @@ impl RtcEnclaveEcalls for DataSys { enclave_data: *mut EnclaveHeldData, p_report: *mut sgx_report_t, ) -> sgx_status_t { - ffi::enclave_create_report(eid, retval, p_qe3_target, enclave_data, p_report) + ffi::rtc_data_enclave_create_report(eid, retval, p_qe3_target, enclave_data, p_report) + } +} + +impl rtc_udh::ResponderSys for DataSys { + unsafe fn rtc_session_request( + &self, + eid: sgx_enclave_id_t, + retval: *mut SessionRequestResult, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t { + ffi::rtc_data_session_request(eid, retval, src_enclave_id) + } + + unsafe fn rtc_exchange_report( + &self, + eid: sgx_enclave_id_t, + retval: *mut ExchangeReportResult, + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, + ) -> sgx_status_t { + ffi::rtc_data_exchange_report(eid, retval, src_enclave_id, dh_msg2_ptr) + } + + unsafe fn rtc_end_session( + &self, + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t { + ffi::rtc_data_end_session(eid, retval, src_enclave_id) } } diff --git a/rtc_uenclave/data-sys/wrapper.h b/rtc_uenclave/data-sys/wrapper.h index d3786b57..0c0a6247 100644 --- a/rtc_uenclave/data-sys/wrapper.h +++ b/rtc_uenclave/data-sys/wrapper.h @@ -1 +1 @@ -#include "../../codegen/data_enclave/Enclave_u.h" +#include "../../codegen/data_enclave/rtc_data_u.h" diff --git a/rtc_uenclave/src/ecalls.rs b/rtc_uenclave/src/ecalls.rs index b86db653..8090d259 100644 --- a/rtc_uenclave/src/ecalls.rs +++ b/rtc_uenclave/src/ecalls.rs @@ -20,7 +20,16 @@ pub struct EnclaveReportResult { /// Error returned when the enclave fails to create a report pub type CreateReportError = EcallError; -pub trait RtcEcalls: RtcEnclaveEcalls { + +pub trait RtcEcalls { + fn create_report( + &self, + eid: sgx_enclave_id_t, + qe_target_info: &sgx_target_info_t, + ) -> Result; +} + +impl RtcEcalls for T { fn create_report( &self, eid: sgx_enclave_id_t, @@ -57,8 +66,6 @@ pub trait RtcEcalls: RtcEnclaveEcalls { } } -impl RtcEcalls for T {} - #[cfg(test)] mod test { use super::*; diff --git a/rtc_uenclave/src/enclaves/rtc_auth.rs b/rtc_uenclave/src/enclaves/rtc_auth.rs index 018cf8c1..8a65ee3d 100644 --- a/rtc_uenclave/src/enclaves/rtc_auth.rs +++ b/rtc_uenclave/src/enclaves/rtc_auth.rs @@ -1,10 +1,9 @@ use std::borrow::Borrow; +use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave}; use auth_sys::AuthSys; use sgx_types::*; -use crate::{AttestationError, EnclaveConfig, EnclaveReportResult, RtcEnclave}; - /// Wraps all the functionality for interacting with the auth enclave pub struct RtcAuthEnclave(RtcEnclave) where @@ -43,4 +42,9 @@ where pub fn is_initialized(&self) -> bool { self.0.is_initialized() } + + /// Get the id of this enclave instance + pub fn geteid(&self) -> sgx_enclave_id_t { + self.0.geteid() + } } diff --git a/rtc_uenclave/src/enclaves/rtc_data.rs b/rtc_uenclave/src/enclaves/rtc_data.rs index 4555ff75..32809e7d 100644 --- a/rtc_uenclave/src/enclaves/rtc_data.rs +++ b/rtc_uenclave/src/enclaves/rtc_data.rs @@ -55,6 +55,11 @@ where }) } + /// Performs local attestation to the destination enclave + pub fn local_attestation(&self, dest_enclave_id: sgx_enclave_id_t) -> sgx_status_t { + ecalls::local_attestation(self.0.geteid(), dest_enclave_id) + } + /// Take ownership of self and drop resources pub fn destroy(self) { // Take ownership of self and drop @@ -64,6 +69,11 @@ where pub fn is_initialized(&self) -> bool { self.0.is_initialized() } + + /// Get the id of this enclave instance + pub fn geteid(&self) -> sgx_enclave_id_t { + self.0.geteid() + } } pub mod ecalls { @@ -79,8 +89,30 @@ pub mod ecalls { let mut retval = DataUploadResult::default(); // TODO: Safety let res = unsafe { - ffi::rtc_validate_and_save(eid, &mut retval, payload.as_ptr(), payload.len(), metadata) + ffi::rtc_data_validate_and_save( + eid, + &mut retval, + payload.as_ptr(), + payload.len(), + metadata, + ) }; retval.to_ecall_err(res).into() } + + pub fn local_attestation( + eid: sgx_enclave_id_t, + dest_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t { + let mut retval = sgx_status_t::SGX_SUCCESS; + let res = unsafe { ffi::rtc_data_local_attestation(eid, &mut retval, dest_enclave_id) }; + + match res { + sgx_status_t::SGX_SUCCESS => res, + err => { + println!("local_attestation err, ecall failed: {:?}", err); + err + } + } + } } diff --git a/rtc_uenclave/src/rtc_enclave.rs b/rtc_uenclave/src/rtc_enclave.rs index 416d4202..4ed6f99d 100644 --- a/rtc_uenclave/src/rtc_enclave.rs +++ b/rtc_uenclave/src/rtc_enclave.rs @@ -9,7 +9,7 @@ use mockall::predicate::*; #[cfg(test)] use mockall::*; use mockall_double::double; -use rtc_types::{ExecTokenError, ExecTokenResponse}; +use rtc_udh::{self, ResponderSys}; use serde::Deserialize; use sgx_types::*; use thiserror::Error; @@ -52,7 +52,11 @@ pub struct EnclaveConfig { /// /// This struct contains the basic functionality required from all RTC enclaves #[cfg_attr(not(test), derive(Debug))] -pub(crate) struct RtcEnclave, TEcalls: RtcEcalls> { +pub(crate) struct RtcEnclave +where + TCfg: Borrow, + TEcalls: RtcEcalls + Default + ResponderSys + 'static, +{ pub(crate) base_enclave: SgxEnclave, pub(crate) quoting_enclave: QuotingEnclave, pub(crate) attestation_client: AzureAttestationClient, @@ -60,13 +64,21 @@ pub(crate) struct RtcEnclave, TEcalls: RtcEcalls> { ecalls: TEcalls, } -impl, TEcalls: RtcEcalls> RtcEnclave { +impl RtcEnclave +where + TCfg: Borrow, + TEcalls: RtcEcalls + Default + ResponderSys + 'static, +{ /// Creates a new enclave instance with the provided configuration pub fn init(cfg: TCfg) -> Result { + let base_enclave = Self::init_base_enclave(cfg.borrow())?; + rtc_udh::set_responder(base_enclave.geteid(), Box::new(TEcalls::default())) + .expect("Failed to register enclave as dh responder"); + Ok(RtcEnclave { attestation_client: Self::init_attestation_client(), quoting_enclave: Self::init_quoting_enclave(), - base_enclave: Self::init_base_enclave(cfg.borrow())?, + base_enclave, config: cfg, ecalls: TEcalls::default(), }) @@ -201,12 +213,49 @@ mod tests { use proptest::collection::size_range; use proptest::prelude::*; use rtc_ecalls::MockRtcEnclaveEcalls; + use rtc_types::dh::{ExchangeReportResult, SessionRequestResult}; use rtc_types::CreateReportResult; use rtc_types::EnclaveHeldData; use rtc_types::{ENCLAVE_HELD_DATA_SIZE, RSA3072_PKCS8_DER_SIZE}; use simple_asn1::{to_der, ASN1Block, BigInt, BigUint, OID}; use std::convert::TryInto; + mock! { + TEcalls {} + + impl RtcEcalls for TEcalls { + fn create_report( + &self, + eid: sgx_enclave_id_t, + qe_target_info: &sgx_target_info_t, + ) -> Result; + } + + impl ResponderSys for TEcalls { + unsafe fn rtc_session_request( + &self, + eid: sgx_enclave_id_t, + retval: *mut SessionRequestResult, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; + + unsafe fn rtc_exchange_report( + &self, + eid: sgx_enclave_id_t, + retval: *mut ExchangeReportResult, + src_enclave_id: sgx_enclave_id_t, + dh_msg2_ptr: *const sgx_dh_msg2_t, + ) -> sgx_status_t; + + unsafe fn rtc_end_session( + &self, + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + src_enclave_id: sgx_enclave_id_t, + ) -> sgx_status_t; + } + } + #[test] fn dcap_azure_attestation_works() { let sut = { @@ -233,24 +282,21 @@ mod tests { let qe_target_info = sgx_target_info_t::default(); let ehd = [2; ENCLAVE_HELD_DATA_SIZE]; let report = sgx_report_t::default(); - let mut sys_mock = MockRtcEnclaveEcalls::default(); - sys_mock - .expect_enclave_create_report() - .returning(move |_, ret, _, key, rep| { - unsafe { - *rep = report; - (*key).copy_from_slice(&ehd); - *ret = CreateReportResult::Success; - } - sgx_status_t::SGX_SUCCESS - }); + + let mut tecalls_mock = MockTEcalls::default(); + tecalls_mock + .expect_create_report() + .return_const(Ok(EnclaveReportResult { + enclave_report: report, + enclave_held_data: ehd, + })); RtcEnclave { base_enclave: mock_be, quoting_enclave: mock_qe, attestation_client: mock_aa_client, config: EnclaveConfig::default(), - ecalls: sys_mock, + ecalls: tecalls_mock, } }; @@ -351,24 +397,21 @@ mod tests { let eid = 12u64; let qe_target_info = sgx_target_info_t::default(); - let mut sys_mock = MockRtcEnclaveEcalls::default(); - sys_mock - .expect_enclave_create_report() - .returning(move |_, ret, _, key, rep| { - unsafe { - *rep = report; - (*key).copy_from_slice(&ehd); - *ret = CreateReportResult::Success; - } - sgx_status_t::SGX_SUCCESS - }); + + let mut tecalls_mock = MockTEcalls::default(); + tecalls_mock + .expect_create_report() + .return_const(Ok(EnclaveReportResult { + enclave_report: report, + enclave_held_data: ehd, + })); let sut = RtcEnclave{ base_enclave: mock, quoting_enclave: QuotingEnclave::default(), attestation_client: AzureAttestationClient::::default(), config: EnclaveConfig::default(), - ecalls: sys_mock, + ecalls: tecalls_mock, }; let res = sut.create_report(&qe_ti).unwrap();