This repository has been archived by the owner on Jan 20, 2022. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 261
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[Pal/Linux-SGX] Add
sgx.protected_mr{enclave,signer}_files
manifest…
… options Previously, only `sgx.protected_files` were available in the manifest. This kind of protected files needs a provisioned master (wrap) key. But sometimes it is enough to seal files on the same platform for later usage by the same enclave or by enclaves of the same signer: this is the SGX sealing feature. This commit adds two more options to support SGX sealing: `sgx.protected_mrenclave_files` and `sgx.protected_mrsigner_files`. Similarly to `sgx.protected_files`, these new options specify lists of files that are encrypted by the SGX key generated via SGX instruction `EGETKEY(SEAL_KEY)`, bound to the MRENCLAVE/MRSIGNER enclave measurement (so that only instances of the same enclave/only enclaves with the same signer may decrypt protected files). A corresponding LibOS test is added and documentation is updated to reflect this. Signed-off-by: Dmitrii Kuvaiskii <[email protected]>
- Loading branch information
Dmitrii Kuvaiskii
committed
Jun 29, 2021
1 parent
d9304f5
commit c8e152d
Showing
10 changed files
with
270 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
#include <assert.h> | ||
#include <err.h> | ||
#include <errno.h> | ||
#include <stdbool.h> | ||
#include <stdio.h> | ||
#include <stdlib.h> | ||
#include <string.h> | ||
#include <unistd.h> | ||
|
||
#define SECRETSTRING "Secret string\n" | ||
|
||
static ssize_t rw_file(const char* path, char* buf, size_t bytes, bool do_write) { | ||
size_t rv = 0; | ||
size_t ret = 0; | ||
|
||
FILE* f = fopen(path, do_write ? "w" : "r"); | ||
if (!f) { | ||
fprintf(stderr, "opening %s failed\n", path); | ||
return -1; | ||
} | ||
|
||
while (bytes > rv) { | ||
if (do_write) | ||
ret = fwrite(buf + rv, /*size=*/1, /*nmemb=*/bytes - rv, f); | ||
else | ||
ret = fread(buf + rv, /*size=*/1, /*nmemb=*/bytes - rv, f); | ||
|
||
if (ret > 0) { | ||
rv += ret; | ||
} else { | ||
if (feof(f)) { | ||
if (rv) { | ||
/* read some bytes from file, success */ | ||
break; | ||
} | ||
assert(rv == 0); | ||
fprintf(stderr, "%s failed: unexpected end of file\n", do_write ? "write" : "read"); | ||
fclose(f); | ||
return -1; | ||
} | ||
|
||
assert(ferror(f)); | ||
|
||
if (errno == EAGAIN || errno == EINTR) { | ||
continue; | ||
} | ||
|
||
fprintf(stderr, "%s failed: %s\n", do_write ? "write" : "read", strerror(errno)); | ||
fclose(f); | ||
return -1; | ||
} | ||
} | ||
|
||
int close_ret = fclose(f); | ||
if (close_ret) { | ||
fprintf(stderr, "closing %s failed\n", path); | ||
return -1; | ||
} | ||
return rv; | ||
} | ||
|
||
|
||
int main(int argc, char** argv) { | ||
int ret; | ||
ssize_t bytes; | ||
|
||
if (argc != 2) | ||
errx(EXIT_FAILURE, "Usage: %s <protected file to create/validate>", argv[0]); | ||
|
||
ret = access(argv[1], F_OK); | ||
if (ret < 0) { | ||
if (errno == ENOENT) { | ||
/* file is not yet created, create with secret string */ | ||
bytes = rw_file(argv[1], SECRETSTRING, sizeof(SECRETSTRING), /*do_write=*/true); | ||
if (bytes != sizeof(SECRETSTRING)) { | ||
/* error is already printed by rw_file_f() */ | ||
return EXIT_FAILURE; | ||
} | ||
printf("CREATION OK\n"); | ||
return 0; | ||
} | ||
err(EXIT_FAILURE, "access failed"); | ||
} | ||
|
||
char buf[128]; | ||
bytes = rw_file(argv[1], buf, sizeof(buf), /*do_write=*/false); | ||
if (bytes <= 0) { | ||
/* error is already printed by rw_file_f() */ | ||
return EXIT_FAILURE; | ||
} | ||
buf[bytes - 1] = '\0'; | ||
|
||
size_t size_to_cmp = sizeof(SECRETSTRING) < bytes ? sizeof(SECRETSTRING) : bytes; | ||
if (strncmp(SECRETSTRING, buf, size_to_cmp)) | ||
errx(EXIT_FAILURE, "Expected '%s' but read '%s'\n", SECRETSTRING, buf); | ||
|
||
printf("TEST OK\n"); | ||
return 0; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.