mesatee-commits mailing list archives

Site index · List index

Message view	« Date » · « Thread »
Top	« Date » · « Thread »
From	ms...@apache.org
Subject	[incubator-mesatee] branch master updated: [mesatee_utils] Update protected_fs_rs (#92)
Date	Mon, 25 Nov 2019 23:55:22 GMT
This is an automated email from the ASF dual-hosted git repository. mssun pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-mesatee.git The following commit(s) were added to refs/heads/master by this push: new b024b80 [mesatee_utils] Update protected_fs_rs (#92) b024b80 is described below commit b024b800e9f52441d3c3c2f1b982b223087d511d Author: Zhaofeng Chen <chenzhaofeng.pku@gmail.com> AuthorDate: Mon Nov 25 15:55:14 2019 -0800 [mesatee_utils] Update protected_fs_rs (#92) Update the protected_fs_rs module with the following changes: - Both the trusted part and untrusted part are completely decoupled from the Intel SGX SDK. - Use CMake to compile the decoupled C code. - Use one build script `protected_c/build.sh` to build the C code in different modes. - Add and export `get_current_meta_gmac` interface for ProtectedFile. --- mesatee_utils/protected_fs_rs/Cargo.toml \| 19 +++-- mesatee_utils/protected_fs_rs/README.md \| 10 +++ mesatee_utils/protected_fs_rs/build.rs \| 87 ++++++++++----------- .../protected_fs_rs/protected_fs_c/CMakeLists.txt \| 47 ++++++++++++ .../protected_fs_rs/protected_fs_c/Makefile \| 89 ---------------------- .../protected_fs_rs/protected_fs_c/build.sh \| 45 +++++++++++ .../protected_fs_c/inc/sgx_tprotected_fs_u.h \| 44 +++++++++++ .../protected_fs_c/inc/tseal_migration_attr.h \| 53 +++++++++++++ ...tected_fs_config.h => protected_fs_config.h.in} \| 5 +- .../protected_fs_c/sgx_tprotected_fs.edl \| 49 ++++++++++++ .../protected_fs_c/sgx_tprotected_fs.h \| 8 ++ .../sgx_tprotected_fs/CMakeLists.txt \| 22 ++++++ .../protected_fs_c/sgx_tprotected_fs/Readme.md \| 3 - .../sgx_tprotected_fs/file_other.cpp \| 11 +++ .../sgx_tprotected_fs/non_sgx_protected_fs.cpp \| 8 +- .../sgx_tprotected_fs/protected_fs_file.h \| 3 + .../sgx_tprotected_fs/sgx_tprotected_fs.cpp \| 8 ++ .../sgx_uprotected_fs/CMakeLists.txt \| 11 +++ .../sgx_uprotected_fs/sgx_uprotected_fs.cpp \| 2 +- mesatee_utils/protected_fs_rs/src/deps.rs \| 2 + mesatee_utils/protected_fs_rs/src/lib.rs \| 7 +- mesatee_utils/protected_fs_rs/src/protected_fs.rs \| 16 ++-- mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs \| 17 ++++- .../protected_fs_rs/src/sgx_tprotected_fs.rs \| 28 ++++++- mesatee_utils/protected_fs_rs/tests/large_file.rs \| 35 ++++++++- 25 files changed, 465 insertions(+), 164 deletions(-) diff --git a/mesatee_utils/protected_fs_rs/Cargo.toml b/mesatee_utils/protected_fs_rs/Cargo.toml index 30402fc..12d4ceb 100644 --- a/mesatee_utils/protected_fs_rs/Cargo.toml +++ b/mesatee_utils/protected_fs_rs/Cargo.toml @@ -8,19 +8,22 @@ edition = "2018" [lib] name = "protected_fs" -crate-type = ["rlib"] [features] -default = ["libc", "rand"] +default = ["libc"] mesalock_sgx = ["sgx_tstd", "sgx_types", "sgx_trts"] [dependencies] -libc = { version = "0.2", optional = true } -rand = { version = "0.7.0", optional = true } cfg-if = { version = "0.1.9" } -sgx_tstd = { version = "1.0.9", optional = true } -sgx_types = { version = "1.0.9", optional = true } -sgx_trts = { version = "1.0.9", optional = true } +rdrand = { version = "0.6", default-features = false } +rand_core = { version = "0.4", default-features = false } + +libc = { version = "0.2", optional = true } + +sgx_types = { version = "1.0.9", optional = true } +sgx_tstd = { version = "1.0.9", optional = true } +sgx_trts = { version = "1.0.9", optional = true } + [build-dependencies] -cfg-if = { version = "0.1.9" } +cfg-if = { version = "0.1.9" } \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/README.md b/mesatee_utils/protected_fs_rs/README.md new file mode 100644 index 0000000..97b5828 --- /dev/null +++ b/mesatee_utils/protected_fs_rs/README.md @@ -0,0 +1,10 @@ +# Rust bindings for ProtectedFS +`protected_fs_rs` is a rust binding for +[protected_fs](https://github.com/intel/linux-sgx/tree/master/sdk/protected_fs) +from the Intel SGX Linux SDK. + +Beyond the original SGX-only implementations, `protected_fs_rs` now supports +*running in both SGX and Non-SGX environment. We ported the [original C +implementations](https://github.com/intel/linux-sgx/tree/master/sdk/protected_fs +) in `protected_fs_c` subdirectory and replaced the compile toolchains with +CMake. Please refer to `build.rs` for more information. \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/build.rs b/mesatee_utils/protected_fs_rs/build.rs index 7c1127c..f9c765a 100644 --- a/mesatee_utils/protected_fs_rs/build.rs +++ b/mesatee_utils/protected_fs_rs/build.rs @@ -14,65 +14,60 @@ use cfg_if::cfg_if; use std::env; - -cfg_if! { - if #[cfg(feature = "mesalock_sgx")] { - const LIB_T_PROTECTED_FS_NAME: &'static str = "sgx_tprotected_fs"; - } else { - use std::path::PathBuf; - use std::process::Command; - const LIBPROTECTED_FS_NAME: &'static str = "protected_fs"; - const PROTECTED_FS_C_NAME: &'static str = "protected_fs_c"; - } -} +use std::path::PathBuf; +use std::process::Command; #[cfg(not(feature = "mesalock_sgx"))] -fn build_protected_fs_c() { - Command::new("make") - .arg("--version") - .output() - .expect("make not found"); +fn build_non_sgx_protected_fs_c_with_cmake() { + let build_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()).join("build"); + let script = PathBuf::from("protected_fs_c").join("build.sh"); + let target_dir = build_dir.join("target"); - let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()); - let source_dir = manifest_dir.join(PROTECTED_FS_C_NAME); - let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); - let build_dir = out_dir.join(PROTECTED_FS_C_NAME); + let status = Command::new("bash") + .arg(&script) + .arg("--build") + .arg(&build_dir) + .arg("--mode") + .arg("non_sgx") + .status() + .expect("bash command failed to start"); + assert!(status.success()); - let output = Command::new("make") - .current_dir(&source_dir) - .env("CXXFLAGS", "") - .env("PROTECTED_FS_OUT_DIR", &build_dir) - .output() - .expect("failed to compile protected_fs_c"); - if !output.status.success() { - panic!("failed to compile protected_fs_c"); - } + println!("cargo:rustc-link-search=native={}", target_dir.display()); + println!("cargo:rustc-link-lib=static=tprotected_fs"); + println!("cargo:rustc-link-lib=static=uprotected_fs"); +} + +#[cfg(feature = "mesalock_sgx")] +fn build_sgx_protected_fs_c_with_cmake() { + let sdk_dir = env::var("SGX_SDK").unwrap_or("/opt/intel/sgxsdk".into()); + let build_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()).join("build"); + let script = PathBuf::from("protected_fs_c").join("build.sh"); + let target_dir = build_dir.join("target"); - env::set_var("PROTECTED_FS_LIB_DIR", &build_dir); - env::set_var("PROTECTED_FS_STATIC", "true"); + let status = Command::new("bash") + .env("SGX_SDK", &sdk_dir) + .arg(&script) + .arg("--build") + .arg(&build_dir) + .arg("--mode") + .arg("sgx") + .status() + .expect("bash command failed to start"); + assert!(status.success()); + + println!("cargo:rustc-link-search=native={}", target_dir.display()); + println!("cargo:rustc-link-lib=static=tprotected_fs"); } cfg_if! { if #[cfg(feature = "mesalock_sgx")] { fn build() { - let sdk_dir = env::var("SGX_SDK").unwrap_or("/opt/intel/sgxsdk".into()); - println!("cargo:rustc-link-search=native={}/lib64", sdk_dir); - println!("cargo:rustc-link-lib=static={}", LIB_T_PROTECTED_FS_NAME); + build_sgx_protected_fs_c_with_cmake(); } } else { fn build() { - build_protected_fs_c(); - - if let Ok(lib_dir) = env::var("PROTECTED_FS_LIB_DIR") { - println!("cargo:rustc-link-search=native={}", lib_dir); - let mode = match env::var_os("PROTECTED_FS_STATIC") { - Some(_) => "static", - None => panic!("Not supported dylib."), - }; - println!("cargo:rustc-link-lib={}={}", mode, LIBPROTECTED_FS_NAME); - } else { - panic!("Env var {} not set", "PROTECTED_FS_LIB_DIR"); - } + build_non_sgx_protected_fs_c_with_cmake(); println!("cargo:rustc-link-lib=crypto"); println!("cargo:rustc-link-lib=stdc++"); } diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt b/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt new file mode 100644 index 0000000..825ed24 --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt @@ -0,0 +1,47 @@ +cmake_minimum_required (VERSION 2.6) +project(protected_fs_c) +set (PROTECTED_FS_VERSION_MAJOR 0) +set (PROTECTED_FS_VERSION_MINOR 1) + +set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target) +set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target) +set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target) + +configure_file( + "protected_fs_config.h.in" + "${PROJECT_BINARY_DIR}/protected_fs_config.h" +) +include_directories("${PROJECT_BINARY_DIR}") +include_directories("inc") + +option (NON_SGX_PROTECTED_FS + "Use PROTECTED_FS NON SGX VERSION" ON) + +set (SGX_SDK $ENV{SGX_SDK}) + +if (NON_SGX_PROTECTED_FS) + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror -U__STRICT_ANSI__ -std=c++11 -lpthread -fPIC") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers -Wno-unused-parameter") +elseif (NOT EXISTS ${SGX_SDK}) + message(FATAL_ERROR "$SGX_SDK directory must exist") +else () + message("SGX_SDK=${SGX_SDK}") + + set(SGX_LIBRARY_PATH ${SGX_SDK}/lib64) + set(SGX_COMMON_CFLAGS -m64 -O2) + set(SGX_UNTRUSTED_CFLAGS ${SGX_COMMON_CFLAGS} -fPIC -Wno-attributes + -I${SGX_SDK}/include) + set(SGX_TRUSTED_CFLAGS ${SGX_COMMON_CFLAGS} -nostdinc -fvisibility=hidden + -fpie -fstack-protector + -I${SGX_SDK}/include -I${SGX_SDK}/include/tlibc + -I${SGX_SDK}/include/stdc++ -I${SGX_SDK}/include/libcxx + -I${SGX_SDK}/include/stlport -I${SGX_SDK}/include/epid) + + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -U__STRICT_ANSI__ -Werror") + set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers -Wno-unused-parameter") + set(${PROJECT_NAME}_sgx_tprotected_fs_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_TRUSTED_CFLAGS}") + set(${PROJECT_NAME}_sgx_uprotected_fs_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_UNTRUSTED_CFLAGS}") +endif (NON_SGX_PROTECTED_FS) + +add_subdirectory (sgx_tprotected_fs) +add_subdirectory (sgx_uprotected_fs) \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile b/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile deleted file mode 100644 index e92f7eb..0000000 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile +++ /dev/null @@ -1,89 +0,0 @@ -# -# Copyright (C) 2011-2019 Intel Corporation. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions -# are met: -# -# Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in -# the documentation and/or other materials provided with the -# distribution. -# * Neither the name of Intel Corporation nor the names of its -# contributors may be used to endorse or promote products derived -# from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT -# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE -# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# - -PROTECTED_FS_PROJECT_ROOT ?= $(CURDIR) -PROTECTED_FS_OUT_DIR ?= /tmp/protected_fs -PROTECTED_FS_LIB_NAME ?= libprotected_fs.a -TSGX_DIR := sgx_tprotected_fs -USGX_DIR := sgx_uprotected_fs - -PROJECT_ROOT := $(PROTECTED_FS_PROJECT_ROOT) -OUT_DIR := $(PROTECTED_FS_OUT_DIR) - -INCLUDE += -I$(PROJECT_ROOT) -I$(PROJECT_ROOT)/inc -CXXFLAGS += -Werror -U__STRICT_ANSI__ -std=c++11 -lpthread -fPIC -CXXFLAGS += -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers -Wno-unused-parameter - - -ABS_SRC := $(wildcard $(PROJECT_ROOT)/$(TSGX_DIR)/.cpp) $(wildcard $(PROJECT_ROOT)/$(USGX_DIR)/.cpp) -SORTED_ABS_SRC := $(sort $(ABS_SRC)) -SORTED_ABS_OBJ := $(SORTED_ABS_SRC:.cpp=.o) - -ABS_OBJ := $(patsubst $(PROTECTED_FS_PROJECT_ROOT)/%,$(OUT_DIR)/%,$(SORTED_ABS_OBJ)) -SRC := $(ABS_SRC) -OBJ := $(ABS_OBJ) - -EXAMPLE_DIR := $(PROTECTED_FS_PROJECT_ROOT)/example -EXAMPLE_SRC := $(EXAMPLE_DIR)/example.c -EXAMPLE_EXE := $(EXAMPLE_DIR)/example -EXAMPLE_OUTPUT := $(EXAMPLE_DIR)/data_file -EXAMPLE_DEP_OPTION := -lcrypto - -TARGET:= $(OUT_DIR)/$(PROTECTED_FS_LIB_NAME) - -.PHONY: all -all: $(TARGET) - -.PHONY: example -example: $(EXAMPLE_EXE) - -$(TARGET): $(OBJ) - $(AR) rcsD $@ $(OBJ) - -$(OUT_DIR)/%.o: $(PROTECTED_FS_PROJECT_ROOT)/%.cpp - mkdir -p $(OUT_DIR)/$(TSGX_DIR) - mkdir -p $(OUT_DIR)/$(USGX_DIR) - $(CXX) $(CXXFLAGS) $(INCLUDE) -c $< -o $@ - -$(EXAMPLE_EXE): $(TARGET) - $(CXX) -m64 -O2 $(INCLUDE) $(EXAMPLE_SRC) $(TARGET) $(EXAMPLE_DEP_OPTION) -o $(EXAMPLE_EXE) - -.PHONY: clean -clean: - @$(RM) $(OBJ) - @$(RM) $(TARGET) - @$(RM) $(EXAMPLE_EXE) - @$(RM) $(EXAMPLE_OUTPUT) - -.PHONY: rebuild -rebuild: - $(MAKE) clean - $(MAKE) all diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh b/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh new file mode 100644 index 0000000..0a64e7c --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +display_usage() { + printf "Usage:\n %s --build <dir> --mode {sgx\|non_sgx} \n" "$(basename "$0")" +} + +OPTS=`getopt -o b:m: --long build:,mode: -n 'parse-options' -- "$@"` + +if [ $? != 0 ] +then + display_usage + exit 1 +fi + +while true; do + case "$1" in + -b \| --build ) BUILD_DIR="$2"; shift; shift ;; + -m \| --mode) + case "$2" in + sgx) MODE="-DNON_SGX_PROTECTED_FS=OFF";; + non_sgx) MODE="-DNON_SGX_PROTECTED_FS=ON";; + ) echo "Invalid mode provided!";; + esac + shift; shift ;; + -- ) shift; break ;; + ) break ;; + esac +done + +if [ -z "$BUILD_DIR" ] \|\| [ -z "$MODE" ] +then + display_usage + exit 1 +fi + +SOURCE_DIR="$( cd "$(dirname "$0")" ; pwd -P )" + +mkdir -p "${BUILD_DIR}" +cd "${BUILD_DIR}" +cmake "${MODE}" "${SOURCE_DIR}" +cmake --build . + +# Final libraries will be installed to $BUILD_DIR/target diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h new file mode 100644 index 0000000..f14c45a --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h @@ -0,0 +1,44 @@ +#ifndef SGX_TPROTECTED_FS_U_H__ +#define SGX_TPROTECTED_FS_U_H__ + +#include <stdint.h> +#include <wchar.h> +#include <stddef.h> +#include <string.h> +#include "sgx_edger8r.h" /* for sgx_satus_t etc. / + + +#include <stdlib.h> / for size_t / + +#define SGX_CAST(type, item) ((type)(item)) + +#ifdef __cplusplus +extern "C" { +#endif + +void SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_exclusive_file_open, (const char* filename, uint8_t read_only, int64_t* file_size, int32_t* error_code)); +uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_check_if_file_exists, (const char* filename)); +int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fread_node, (void* f, uint64_t node_number, uint8_t* buffer, uint32_t node_size)); +int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fwrite_node, (void* f, uint64_t node_number, uint8_t* buffer, uint32_t node_size)); +int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fclose, (void* f)); +uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fflush, (void* f)); +int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_remove, (const char* filename)); +void* SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_recovery_file_open, (const char* filename)); +uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fwrite_recovery_node, (void* f, uint8_t* data, uint32_t data_length)); +int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_do_file_recovery, (const char* filename, const char* recovery_filename, uint32_t node_size)); +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, create_session_ocall, (uint32_t* sid, uint8_t* dh_msg1, uint32_t dh_msg1_size, uint32_t timeout)); +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, exchange_report_ocall, (uint32_t sid, uint8_t* dh_msg2, uint32_t dh_msg2_size, uint8_t* dh_msg3, uint32_t dh_msg3_size, uint32_t timeout)); +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, close_session_ocall, (uint32_t sid, uint32_t timeout)); +sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, invoke_service_ocall, (uint8_t* pse_message_req, uint32_t pse_message_req_size, uint8_t* pse_message_resp, uint32_t pse_message_resp_size, uint32_t timeout)); +void SGX_UBRIDGE(SGX_CDECL, sgx_oc_cpuidex, (int cpuinfo[4], int leaf, int subleaf)); +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_wait_untrusted_event_ocall, (const void* self)); +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_untrusted_event_ocall, (const void* waiter)); +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_setwait_untrusted_events_ocall, (const void* waiter, const void* self)); +int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_multiple_untrusted_events_ocall, (const void** waiters, size_t total)); + + +#ifdef __cplusplus +} +#endif /* __cplusplus / + +#endif diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h new file mode 100644 index 0000000..1fe81f0 --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h @@ -0,0 +1,53 @@ +/ + * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + / + + +#ifndef TSEAL_MIGRATION_ATTR_H_ +#define TSEAL_MIGRATION_ATTR_H_ + +#include "sgx_attributes.h" + +/ Set the bits which have no security implications to 0 for sealed data migration / +/ Bits which have no security implications in attributes.flags: + * Reserved bit[55:6] - 0xFFFFFFFFFFFFC0ULL + * SGX_FLAGS_MODE64BIT + * SGX_FLAGS_PROVISION_KEY + * SGX_FLAGS_EINITTOKEN_KEY / +#define FLAGS_NON_SECURITY_BITS (0xFFFFFFFFFFFFC0ULL \| SGX_FLAGS_MODE64BIT \| SGX_FLAGS_PROVISION_KEY\| SGX_FLAGS_EINITTOKEN_KEY) +#define TSEAL_DEFAULT_FLAGSMASK (~FLAGS_NON_SECURITY_BITS) + +#define FLAGS_SECURITY_BITS_RESERVED (~(FLAGS_NON_SECURITY_BITS \| SGX_FLAGS_INITTED \| SGX_FLAGS_DEBUG \| SGX_FLAGS_KSS)) + + +#define MISC_NON_SECURITY_BITS 0x0FFFFFFF / bit[27:0]: have no security implications / +#define TSEAL_DEFAULT_MISCMASK (~MISC_NON_SECURITY_BITS) + +#endif diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h b/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in similarity index 78% rename from mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h rename to mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in index 89ae62b..4c8a42d 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in @@ -11,5 +11,6 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - -#define NON_SGX_PROTECTED_FS \ No newline at end of file +#define PROTECTED_FS_VERSION_MAJOR @PROTECTED_FS_VERSION_MAJOR@ +#define PROTECTED_FS_VERSION_MINOR @PROTECTED_FS_VERSION_MINOR@ +#cmakedefine NON_SGX_PROTECTED_FS \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl new file mode 100644 index 0000000..59e8e66 --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl @@ -0,0 +1,49 @@ +/ + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + / + +enclave { + +from "sgx_tae_service.edl" import ; + + untrusted { + void* u_sgxprotectedfs_exclusive_file_open([in, string] const char* filename, uint8_t read_only, [out] int64_t* file_size, [out] int32_t* error_code); + uint8_t u_sgxprotectedfs_check_if_file_exists([in, string] const char* filename); + int32_t u_sgxprotectedfs_fread_node([user_check] void* f, uint64_t node_number, [out, size=node_size] uint8_t* buffer, uint32_t node_size); + int32_t u_sgxprotectedfs_fwrite_node([user_check] void* f, uint64_t node_number, [in, size=node_size] uint8_t* buffer, uint32_t node_size); + int32_t u_sgxprotectedfs_fclose([user_check] void* f); + uint8_t u_sgxprotectedfs_fflush([user_check] void* f); + int32_t u_sgxprotectedfs_remove([in, string] const char* filename); + + void* u_sgxprotectedfs_recovery_file_open([in, string] const char* filename); + uint8_t u_sgxprotectedfs_fwrite_recovery_node([user_check] void* f, [in, count=data_length] uint8_t* data, uint32_t data_length); + int32_t u_sgxprotectedfs_do_file_recovery([in, string] const char* filename, [in, string] const char* recovery_filename, uint32_t node_size); + }; +}; diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h index 6c81f54..56c27f0 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h @@ -259,6 +259,14 @@ int32_t SGXAPI sgx_fimport_auto_key(const char* filename, const sgx_key_128bit_t / int32_t SGXAPI sgx_fclear_cache(SGX_FILE stream); +/* +* +* +/ +#define SGX_AESGCM_MAC_SIZE 16 +typedef uint8_t aead_128bit_tag_t[SGX_AESGCM_MAC_SIZE]; +typedef aead_128bit_tag_t sgx_aes_gcm_128bit_tag_t; +int32_t SGXAPI sgx_get_current_meta_gmac(SGX_FILE stream, sgx_aes_gcm_128bit_tag_t out_gmac); #ifdef __cplusplus } diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt new file mode 100644 index 0000000..7daef15 --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt @@ -0,0 +1,22 @@ +# for common header sgx_tprotected_fs.h +include_directories("${PROJECT_SOURCE_DIR}") + +if (NOT NON_SGX_PROTECTED_FS) +include_directories("${SGX_SDK}/include") +include_directories("${SGX_SDK}/include/tlibc") +include_directories("${SGX_SDK}/include/libcxx") +endif() + +add_library(tprotected_fs STATIC + file_crypto.cpp + file_flush.cpp + file_init.cpp + file_other.cpp + file_read_write.cpp + file_version.cpp + lru_cache.cpp + sgx_tprotected_fs.cpp + non_sgx_protected_fs.cpp +) + +install (TARGETS tprotected_fs DESTINATION bin) diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md deleted file mode 100644 index 3d5259f..0000000 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md +++ /dev/null @@ -1,3 +0,0 @@ -# Note - -Please visit our [homepage](https://github.com/baidu/rust-sgx-sdk) for usage. Thanks! diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp index 55c59f0..1947ba2 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp @@ -387,3 +387,14 @@ int32_t protected_fs_file::clear_cache() return 0; } + +int32_t protected_fs_file::get_current_meta_gmac(sgx_aes_gcm_128bit_tag_t out_gmac) { + if (out_gmac == NULL) { + return 1; + } + + sgx_thread_mutex_lock(&mutex); + memcpy(out_gmac, file_meta_data.plain_part.meta_data_gmac, sizeof(sgx_aes_gcm_128bit_tag_t)); + sgx_thread_mutex_unlock(&mutex); + return 0; +} \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp index 34e3232..6f931a9 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp @@ -12,6 +12,10 @@ // See the License for the specific language governing permissions and // limitations under the License. +#include "protected_fs_config.h" + +#ifdef NON_SGX_PROTECTED_FS + #include "non_sgx_protected_fs.h" #include "openssl/cmac.h" #include "openssl/err.h" @@ -306,4 +310,6 @@ consttime_memequal(const void b1, const void b2, size_t len) * certain CPUs for `!res'. / return (1 & ((res - 1) >> 8)); -} \ No newline at end of file +} + +#endif \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h index d7fe52a..5aae06f 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h @@ -226,6 +226,9 @@ public: bool flush(/bool mc/); bool pre_close(sgx_key_128bit_t key, bool import); static int32_t remove(const char* filename); + + // Add for MesaTEE + int32_t get_current_meta_gmac(sgx_aes_gcm_128bit_tag_t out_gmac); }; #pragma pack(pop) diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp index c431aa5..60f7a35 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp @@ -234,4 +234,12 @@ int32_t sgx_fclear_cache(SGX_FILE* stream) } +// Add for MesaTEE +int32_t sgx_get_current_meta_gmac(SGX_FILE* stream, sgx_aes_gcm_128bit_tag_t out_gmac) +{ + if (stream == NULL) + return 1; + protected_fs_file* file = (protected_fs_file)stream; + return file->get_current_meta_gmac(out_gmac); +} diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt new file mode 100644 index 0000000..5f197bf --- /dev/null +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt @@ -0,0 +1,11 @@ + +if (NOT NON_SGX_PROTECTED_FS) +include_directories("${SGX_SDK}/include") +endif() + + +add_library(uprotected_fs STATIC + sgx_uprotected_fs.cpp +) + +install (TARGETS uprotected_fs DESTINATION bin) \ No newline at end of file diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp index f8b603d..34478bd 100644 --- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp +++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp @@ -29,7 +29,7 @@ #include <stdint.h> #else #include "sgx_tprotected_fs_u.h" -#include <uprotected_fs.h> +#include "uprotected_fs.h" #endif diff --git a/mesatee_utils/protected_fs_rs/src/deps.rs b/mesatee_utils/protected_fs_rs/src/deps.rs index 975a56c..68ca842 100644 --- a/mesatee_utils/protected_fs_rs/src/deps.rs +++ b/mesatee_utils/protected_fs_rs/src/deps.rs @@ -22,6 +22,7 @@ cfg_if! { pub(crate) use sgx_types::size_t; pub(crate) use sgx_types::sgx_key_128bit_t; + pub(crate) use sgx_types::sgx_aes_gcm_128bit_tag_t; pub(crate) use sgx_types::{c_char, c_int}; pub(crate) use sgx_types::{int32_t, int64_t}; @@ -36,6 +37,7 @@ cfg_if! { pub(crate) use libc::size_t; pub(crate) type sgx_key_128bit_t = [u8; 16]; + pub(crate) type sgx_aes_gcm_128bit_tag_t = [u8; 16]; pub(crate) use std::os::raw::{c_char, c_int}; pub(crate) type int32_t = i32; diff --git a/mesatee_utils/protected_fs_rs/src/lib.rs b/mesatee_utils/protected_fs_rs/src/lib.rs index 7cd730c..2e82525 100644 --- a/mesatee_utils/protected_fs_rs/src/lib.rs +++ b/mesatee_utils/protected_fs_rs/src/lib.rs @@ -11,10 +11,15 @@ // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. - #![cfg_attr(feature = "mesalock_sgx", no_std)] + #[cfg(feature = "mesalock_sgx")] +#[macro_use] extern crate sgx_tstd as std; +#[cfg(feature = "mesalock_sgx")] +extern crate sgx_trts; +#[cfg(feature = "mesalock_sgx")] +extern crate sgx_types; mod deps; mod protected_fs; diff --git a/mesatee_utils/protected_fs_rs/src/protected_fs.rs b/mesatee_utils/protected_fs_rs/src/protected_fs.rs index d63da23..d3d1409 100644 --- a/mesatee_utils/protected_fs_rs/src/protected_fs.rs +++ b/mesatee_utils/protected_fs_rs/src/protected_fs.rs @@ -17,6 +17,7 @@ #[cfg(feature = "mesalock_sgx")] use std::prelude::v1::; +use crate::deps::sgx_aes_gcm_128bit_tag_t; use crate::deps::sgx_key_128bit_t; use crate::sgx_fs_inner as fs_imp; use std::io::{self, Read, Seek, SeekFrom, Write}; @@ -77,6 +78,13 @@ impl ProtectedFile { pub fn clear_cache(&self) -> io::Result<()> { self.inner.clear_cache() } + + pub fn get_current_meta_gmac( + &self, + meta_gmac: &mut sgx_aes_gcm_128bit_tag_t, + ) -> io::Result<()> { + self.inner.get_current_meta_gmac(meta_gmac) + } } impl Read for ProtectedFile { @@ -231,7 +239,7 @@ pub fn import_auto_key<P: AsRef<Path>>(path: P, key: &sgx_key_128bit_t) -> io::R mod tests { use crate::remove_protected_file; use crate::ProtectedFile; - use rand::prelude::RngCore; + use rand_core::RngCore; use std::io::{Read, Write}; #[test] @@ -243,7 +251,7 @@ mod tests { let write_size; let read_size; { - let mut rng = rand::thread_rng(); + let mut rng = rdrand::RdRand::new().unwrap(); rng.fill_bytes(&mut write_data); let opt = ProtectedFile::create_ex("sgx_file", &key); @@ -282,10 +290,6 @@ mod tests { assert_eq!(opt.is_err(), true); } { - let opt = ProtectedFile::open_ex("/dev/isgx", &key); - assert_eq!(opt.is_ok(), true); - } - { let opt = ProtectedFile::create_ex("/", &key); assert_eq!(opt.is_err(), true); } diff --git a/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs b/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs index 45cf388..43767c4 100644 --- a/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs +++ b/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs @@ -20,6 +20,7 @@ use std::io::{self, Error, SeekFrom}; use std::path::Path; use crate::deps::libc; +use crate::deps::sgx_aes_gcm_128bit_tag_t; use crate::deps::sgx_key_128bit_t; use crate::sgx_tprotected_fs::{self, SgxFileStream}; @@ -130,11 +131,12 @@ impl SgxFile { SeekFrom::Current(off) => (sgx_tprotected_fs::SeekFrom::Current, off), }; - self.0 + r#try!(self + .0 .seek(offset, whence) - .map_err(Error::from_raw_os_error)?; + .map_err(\|err\| { Error::from_raw_os_error(err) })); - let offset = self.tell()?; + let offset = r#try!(self.tell()); Ok(offset as u64) } @@ -153,6 +155,15 @@ impl SgxFile { pub fn clear_cache(&self) -> io::Result<()> { self.0.clear_cache().map_err(Error::from_raw_os_error) } + + pub fn get_current_meta_gmac( + &self, + meta_gmac: &mut sgx_aes_gcm_128bit_tag_t, + ) -> io::Result<()> { + self.0 + .get_current_meta_gmac(meta_gmac) + .map_err(Error::from_raw_os_error) + } } pub fn remove(path: &Path) -> io::Result<()> { diff --git a/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs b/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs index 830a6b4..95937d3 100644 --- a/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs +++ b/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs @@ -20,6 +20,7 @@ use crate::deps::c_void; use crate::deps::cmp; use crate::deps::errno; use crate::deps::libc; +use crate::deps::sgx_aes_gcm_128bit_tag_t; use crate::deps::sgx_key_128bit_t; use crate::deps::size_t; use crate::deps::CStr; @@ -68,6 +69,11 @@ extern "C" { pub fn sgx_fimport_auto_key(filename: const c_char, key: const sgx_key_128bit_t) -> int32_t; pub fn sgx_fclear_cache(stream: SGX_FILE) -> int32_t; + + pub fn sgx_get_current_meta_gmac( + stream: SGX_FILE, + out_gmac: mut sgx_aes_gcm_128bit_tag_t, + ) -> int32_t; } fn max_len() -> usize { @@ -119,7 +125,7 @@ unsafe fn rsgx_fread(stream: SGX_FILE, buf: &mut [u8]) -> SysResult<usize> { let ret_size = sgx_fread(buf.as_mut_ptr() as mut c_void, 1, read_size, stream); if ret_size != read_size { - let is_eof = rsgx_feof(stream)?; + let is_eof = r#try!(rsgx_feof(stream)); if is_eof { Ok(ret_size) } else { @@ -217,6 +223,22 @@ unsafe fn rsgx_fclear_cache(stream: SGX_FILE) -> SysError { } } +unsafe fn rsgx_get_current_meta_gmac( + stream: SGX_FILE, + out_gmac: &mut sgx_aes_gcm_128bit_tag_t, +) -> SysError { + if stream.is_null() { + return Err(libc::EINVAL); + } + + let ret = sgx_get_current_meta_gmac(stream, out_gmac as *mut sgx_aes_gcm_128bit_tag_t); + if ret == 0 { + Ok(()) + } else { + Err(rsgx_ferror(stream)) + } +} + unsafe fn rsgx_remove(filename: &CStr) -> SysError { let ret = sgx_remove(filename.as_ptr()); if ret == 0 { @@ -567,6 +589,10 @@ impl SgxFileStream { pub fn clear_cache(&self) -> SysError { unsafe { rsgx_fclear_cache(self.stream) } } + + pub fn get_current_meta_gmac(&self, meta_gmac: &mut sgx_aes_gcm_128bit_tag_t) -> SysError { + unsafe { rsgx_get_current_meta_gmac(self.stream, meta_gmac) } + } } /// diff --git a/mesatee_utils/protected_fs_rs/tests/large_file.rs b/mesatee_utils/protected_fs_rs/tests/large_file.rs index fec2c64..f136415 100644 --- a/mesatee_utils/protected_fs_rs/tests/large_file.rs +++ b/mesatee_utils/protected_fs_rs/tests/large_file.rs @@ -1,21 +1,36 @@ +// Copyright 2019 MesaTEE Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. extern crate protected_fs; use protected_fs::{remove_protected_file, ProtectedFile}; -use rand::prelude::RngCore; +use rand_core::RngCore; use std::io::{Read, Write}; #[test] fn test_large_file() { const BLOCK_SIZE: usize = 2048; - const NBLOCKS: usize = 0x100000; + const NBLOCKS: usize = 0x0010_0000; let key = [90u8; 16]; + let mut auth_tag = [0u8; 16]; let mut write_data = [0u8; BLOCK_SIZE]; let mut read_data = [0u8; BLOCK_SIZE]; + let mut write_size; let mut read_size; - let mut rng = rand::thread_rng(); + let mut rng = rdrand::RdRand::new().unwrap(); rng.fill_bytes(&mut write_data); let fname = "large_file"; @@ -29,12 +44,26 @@ fn test_large_file() { write_size = result.unwrap(); assert_eq!(write_size, write_data.len()); } + + // Flush before we get the final auth_tag + let result = file.flush(); + assert_eq!(result.is_ok(), true); + + let result = file.get_current_meta_gmac(&mut auth_tag); + assert_eq!(result.is_ok(), true); } { + let mut auth_tag_in_file = [0xffu8; 16]; let opt = ProtectedFile::open_ex(fname, &key); assert_eq!(opt.is_ok(), true); let mut file = opt.unwrap(); + + let result = file.get_current_meta_gmac(&mut auth_tag_in_file); + assert_eq!(result.is_ok(), true); + + assert_eq!(auth_tag_in_file, auth_tag); + for _i in 0..NBLOCKS { let result = file.read(&mut read_data); assert_eq!(result.is_ok(), true); --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscribe@mesatee.apache.org For additional commands, e-mail: commits-help@mesatee.apache.org
Mime	Unnamed text/plain (inline, 8-Bit, 41639 bytes)
	View raw message