mesatee-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ms...@apache.org
Subject [incubator-mesatee] branch master updated: [mesatee_utils] Update protected_fs_rs (#92)
Date Mon, 25 Nov 2019 23:55:22 GMT
This is an automated email from the ASF dual-hosted git repository.

mssun pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-mesatee.git


The following commit(s) were added to refs/heads/master by this push:
     new b024b80  [mesatee_utils] Update protected_fs_rs (#92)
b024b80 is described below

commit b024b800e9f52441d3c3c2f1b982b223087d511d
Author: Zhaofeng Chen <chenzhaofeng.pku@gmail.com>
AuthorDate: Mon Nov 25 15:55:14 2019 -0800

    [mesatee_utils] Update protected_fs_rs (#92)
    
    Update the protected_fs_rs module with the following changes:
    - Both the trusted part and untrusted part are completely decoupled from the Intel SGX
SDK.
    - Use CMake to compile the decoupled C code.
    - Use one build script `protected_c/build.sh` to build the C code in different modes.
    - Add and export  `get_current_meta_gmac` interface for ProtectedFile.
---
 mesatee_utils/protected_fs_rs/Cargo.toml           | 19 +++--
 mesatee_utils/protected_fs_rs/README.md            | 10 +++
 mesatee_utils/protected_fs_rs/build.rs             | 87 ++++++++++-----------
 .../protected_fs_rs/protected_fs_c/CMakeLists.txt  | 47 ++++++++++++
 .../protected_fs_rs/protected_fs_c/Makefile        | 89 ----------------------
 .../protected_fs_rs/protected_fs_c/build.sh        | 45 +++++++++++
 .../protected_fs_c/inc/sgx_tprotected_fs_u.h       | 44 +++++++++++
 .../protected_fs_c/inc/tseal_migration_attr.h      | 53 +++++++++++++
 ...tected_fs_config.h => protected_fs_config.h.in} |  5 +-
 .../protected_fs_c/sgx_tprotected_fs.edl           | 49 ++++++++++++
 .../protected_fs_c/sgx_tprotected_fs.h             |  8 ++
 .../sgx_tprotected_fs/CMakeLists.txt               | 22 ++++++
 .../protected_fs_c/sgx_tprotected_fs/Readme.md     |  3 -
 .../sgx_tprotected_fs/file_other.cpp               | 11 +++
 .../sgx_tprotected_fs/non_sgx_protected_fs.cpp     |  8 +-
 .../sgx_tprotected_fs/protected_fs_file.h          |  3 +
 .../sgx_tprotected_fs/sgx_tprotected_fs.cpp        |  8 ++
 .../sgx_uprotected_fs/CMakeLists.txt               | 11 +++
 .../sgx_uprotected_fs/sgx_uprotected_fs.cpp        |  2 +-
 mesatee_utils/protected_fs_rs/src/deps.rs          |  2 +
 mesatee_utils/protected_fs_rs/src/lib.rs           |  7 +-
 mesatee_utils/protected_fs_rs/src/protected_fs.rs  | 16 ++--
 mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs  | 17 ++++-
 .../protected_fs_rs/src/sgx_tprotected_fs.rs       | 28 ++++++-
 mesatee_utils/protected_fs_rs/tests/large_file.rs  | 35 ++++++++-
 25 files changed, 465 insertions(+), 164 deletions(-)

diff --git a/mesatee_utils/protected_fs_rs/Cargo.toml b/mesatee_utils/protected_fs_rs/Cargo.toml
index 30402fc..12d4ceb 100644
--- a/mesatee_utils/protected_fs_rs/Cargo.toml
+++ b/mesatee_utils/protected_fs_rs/Cargo.toml
@@ -8,19 +8,22 @@ edition = "2018"
 
 [lib]
 name = "protected_fs"
-crate-type = ["rlib"]
 
 [features]
-default = ["libc", "rand"]
+default = ["libc"]
 mesalock_sgx = ["sgx_tstd", "sgx_types", "sgx_trts"]
 
 [dependencies]
-libc        = { version = "0.2", optional = true }
-rand        = { version = "0.7.0", optional = true }
 cfg-if      = { version = "0.1.9" }
-sgx_tstd    = { version = "1.0.9", optional = true }
-sgx_types   = { version = "1.0.9", optional = true }
-sgx_trts    = { version = "1.0.9", optional = true }
+rdrand      = { version = "0.6", default-features = false }
+rand_core   = { version = "0.4", default-features = false }
+
+libc        = { version = "0.2", optional = true }
+
+sgx_types = { version = "1.0.9", optional = true }
+sgx_tstd = { version = "1.0.9",  optional = true }
+sgx_trts = { version = "1.0.9", optional = true }
+
 
 [build-dependencies]
-cfg-if      = { version = "0.1.9" }
+cfg-if      = { version = "0.1.9" }
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/README.md b/mesatee_utils/protected_fs_rs/README.md
new file mode 100644
index 0000000..97b5828
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/README.md
@@ -0,0 +1,10 @@
+# Rust bindings for ProtectedFS
+`protected_fs_rs` is a rust binding for 
+[protected_fs](https://github.com/intel/linux-sgx/tree/master/sdk/protected_fs) 
+from the Intel SGX Linux SDK.
+
+Beyond the original SGX-only implementations, `protected_fs_rs` now supports 
+***running in both SGX and Non-SGX environment***. We ported the [original C 
+implementations](https://github.com/intel/linux-sgx/tree/master/sdk/protected_fs
+) in  `protected_fs_c` subdirectory and replaced the compile toolchains with 
+CMake. Please refer to `build.rs` for more information.
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/build.rs b/mesatee_utils/protected_fs_rs/build.rs
index 7c1127c..f9c765a 100644
--- a/mesatee_utils/protected_fs_rs/build.rs
+++ b/mesatee_utils/protected_fs_rs/build.rs
@@ -14,65 +14,60 @@
 
 use cfg_if::cfg_if;
 use std::env;
-
-cfg_if! {
-    if #[cfg(feature = "mesalock_sgx")]  {
-        const LIB_T_PROTECTED_FS_NAME: &'static str = "sgx_tprotected_fs";
-    } else {
-        use std::path::PathBuf;
-        use std::process::Command;
-        const LIBPROTECTED_FS_NAME: &'static str = "protected_fs";
-        const PROTECTED_FS_C_NAME: &'static str = "protected_fs_c";
-    }
-}
+use std::path::PathBuf;
+use std::process::Command;
 
 #[cfg(not(feature = "mesalock_sgx"))]
-fn build_protected_fs_c() {
-    Command::new("make")
-        .arg("--version")
-        .output()
-        .expect("make not found");
+fn build_non_sgx_protected_fs_c_with_cmake() {
+    let build_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()).join("build");
+    let script = PathBuf::from("protected_fs_c").join("build.sh");
+    let target_dir = build_dir.join("target");
 
-    let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap());
-    let source_dir = manifest_dir.join(PROTECTED_FS_C_NAME);
-    let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap());
-    let build_dir = out_dir.join(PROTECTED_FS_C_NAME);
+    let status = Command::new("bash")
+        .arg(&script)
+        .arg("--build")
+        .arg(&build_dir)
+        .arg("--mode")
+        .arg("non_sgx")
+        .status()
+        .expect("bash command failed to start");
+    assert!(status.success());
 
-    let output = Command::new("make")
-        .current_dir(&source_dir)
-        .env("CXXFLAGS", "")
-        .env("PROTECTED_FS_OUT_DIR", &build_dir)
-        .output()
-        .expect("failed to compile protected_fs_c");
-    if !output.status.success() {
-        panic!("failed to compile protected_fs_c");
-    }
+    println!("cargo:rustc-link-search=native={}", target_dir.display());
+    println!("cargo:rustc-link-lib=static=tprotected_fs");
+    println!("cargo:rustc-link-lib=static=uprotected_fs");
+}
+
+#[cfg(feature = "mesalock_sgx")]
+fn build_sgx_protected_fs_c_with_cmake() {
+    let sdk_dir = env::var("SGX_SDK").unwrap_or("/opt/intel/sgxsdk".into());
+    let build_dir = PathBuf::from(env::var_os("OUT_DIR").unwrap()).join("build");
+    let script = PathBuf::from("protected_fs_c").join("build.sh");
+    let target_dir = build_dir.join("target");
 
-    env::set_var("PROTECTED_FS_LIB_DIR", &build_dir);
-    env::set_var("PROTECTED_FS_STATIC", "true");
+    let status = Command::new("bash")
+        .env("SGX_SDK", &sdk_dir)
+        .arg(&script)
+        .arg("--build")
+        .arg(&build_dir)
+        .arg("--mode")
+        .arg("sgx")
+        .status()
+        .expect("bash command failed to start");
+    assert!(status.success());
+
+    println!("cargo:rustc-link-search=native={}", target_dir.display());
+    println!("cargo:rustc-link-lib=static=tprotected_fs");
 }
 
 cfg_if! {
     if #[cfg(feature = "mesalock_sgx")] {
         fn build() {
-            let sdk_dir = env::var("SGX_SDK").unwrap_or("/opt/intel/sgxsdk".into());
-            println!("cargo:rustc-link-search=native={}/lib64", sdk_dir);
-            println!("cargo:rustc-link-lib=static={}", LIB_T_PROTECTED_FS_NAME);
+            build_sgx_protected_fs_c_with_cmake();
         }
     } else {
         fn build() {
-            build_protected_fs_c();
-
-            if let Ok(lib_dir) = env::var("PROTECTED_FS_LIB_DIR") {
-                println!("cargo:rustc-link-search=native={}", lib_dir);
-                let mode = match env::var_os("PROTECTED_FS_STATIC") {
-                    Some(_) => "static",
-                    None => panic!("Not supported dylib."),
-                };
-                println!("cargo:rustc-link-lib={}={}", mode, LIBPROTECTED_FS_NAME);
-            } else {
-                panic!("Env var {} not set", "PROTECTED_FS_LIB_DIR");
-            }
+            build_non_sgx_protected_fs_c_with_cmake();
             println!("cargo:rustc-link-lib=crypto");
             println!("cargo:rustc-link-lib=stdc++");
         }
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt b/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt
new file mode 100644
index 0000000..825ed24
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/CMakeLists.txt
@@ -0,0 +1,47 @@
+cmake_minimum_required (VERSION 2.6)
+project(protected_fs_c)
+set (PROTECTED_FS_VERSION_MAJOR 0)
+set (PROTECTED_FS_VERSION_MINOR 1)
+
+set(CMAKE_ARCHIVE_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target)
+set(CMAKE_LIBRARY_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target)
+set(CMAKE_RUNTIME_OUTPUT_DIRECTORY ${CMAKE_BINARY_DIR}/target)
+
+configure_file(
+    "protected_fs_config.h.in"
+    "${PROJECT_BINARY_DIR}/protected_fs_config.h"
+)
+include_directories("${PROJECT_BINARY_DIR}")
+include_directories("inc")
+
+option (NON_SGX_PROTECTED_FS
+        "Use PROTECTED_FS NON SGX VERSION" ON)
+
+set (SGX_SDK $ENV{SGX_SDK})
+
+if (NON_SGX_PROTECTED_FS)
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Werror -U__STRICT_ANSI__ -std=c++11 -lpthread
-fPIC")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers
-Wno-unused-parameter")
+elseif (NOT EXISTS ${SGX_SDK})
+    message(FATAL_ERROR "$SGX_SDK directory must exist")
+else ()
+    message("SGX_SDK=${SGX_SDK}")
+
+    set(SGX_LIBRARY_PATH  ${SGX_SDK}/lib64)
+    set(SGX_COMMON_CFLAGS  -m64 -O2)
+    set(SGX_UNTRUSTED_CFLAGS  ${SGX_COMMON_CFLAGS} -fPIC -Wno-attributes
+        -I${SGX_SDK}/include)
+    set(SGX_TRUSTED_CFLAGS  ${SGX_COMMON_CFLAGS} -nostdinc -fvisibility=hidden
+        -fpie -fstack-protector
+        -I${SGX_SDK}/include -I${SGX_SDK}/include/tlibc
+        -I${SGX_SDK}/include/stdc++ -I${SGX_SDK}/include/libcxx 
+        -I${SGX_SDK}/include/stlport -I${SGX_SDK}/include/epid)
+
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -U__STRICT_ANSI__ -Werror")
+    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers
-Wno-unused-parameter")
+    set(${PROJECT_NAME}_sgx_tprotected_fs_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_TRUSTED_CFLAGS}")
+    set(${PROJECT_NAME}_sgx_uprotected_fs_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${SGX_UNTRUSTED_CFLAGS}")
+endif (NON_SGX_PROTECTED_FS)
+
+add_subdirectory (sgx_tprotected_fs)
+add_subdirectory (sgx_uprotected_fs)
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile b/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile
deleted file mode 100644
index e92f7eb..0000000
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/Makefile
+++ /dev/null
@@ -1,89 +0,0 @@
-#
-# Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-#   * Redistributions of source code must retain the above copyright
-#     notice, this list of conditions and the following disclaimer.
-#   * Redistributions in binary form must reproduce the above copyright
-#     notice, this list of conditions and the following disclaimer in
-#     the documentation and/or other materials provided with the
-#     distribution.
-#   * Neither the name of Intel Corporation nor the names of its
-#     contributors may be used to endorse or promote products derived
-#     from this software without specific prior written permission.
-#
-# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
-# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
-# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-#
-
-PROTECTED_FS_PROJECT_ROOT ?= $(CURDIR)
-PROTECTED_FS_OUT_DIR ?= /tmp/protected_fs
-PROTECTED_FS_LIB_NAME ?= libprotected_fs.a
-TSGX_DIR := sgx_tprotected_fs
-USGX_DIR := sgx_uprotected_fs
-
-PROJECT_ROOT := $(PROTECTED_FS_PROJECT_ROOT)
-OUT_DIR := $(PROTECTED_FS_OUT_DIR)
-
-INCLUDE += -I$(PROJECT_ROOT) -I$(PROJECT_ROOT)/inc
-CXXFLAGS += -Werror -U__STRICT_ANSI__ -std=c++11 -lpthread -fPIC
-CXXFLAGS += -Wno-unused-local-typedefs -Wno-shadow -Wno-missing-field-initializers -Wno-unused-parameter
-
-
-ABS_SRC := $(wildcard $(PROJECT_ROOT)/$(TSGX_DIR)/*.cpp) $(wildcard $(PROJECT_ROOT)/$(USGX_DIR)/*.cpp)
-SORTED_ABS_SRC := $(sort $(ABS_SRC))
-SORTED_ABS_OBJ := $(SORTED_ABS_SRC:.cpp=.o)
-
-ABS_OBJ := $(patsubst $(PROTECTED_FS_PROJECT_ROOT)/%,$(OUT_DIR)/%,$(SORTED_ABS_OBJ))
-SRC := $(ABS_SRC)
-OBJ := $(ABS_OBJ)
-
-EXAMPLE_DIR := $(PROTECTED_FS_PROJECT_ROOT)/example
-EXAMPLE_SRC := $(EXAMPLE_DIR)/example.c
-EXAMPLE_EXE := $(EXAMPLE_DIR)/example
-EXAMPLE_OUTPUT := $(EXAMPLE_DIR)/data_file
-EXAMPLE_DEP_OPTION := -lcrypto
-
-TARGET:= $(OUT_DIR)/$(PROTECTED_FS_LIB_NAME)
-
-.PHONY: all
-all: $(TARGET)
-
-.PHONY: example
-example: $(EXAMPLE_EXE)
-
-$(TARGET): $(OBJ)
-	$(AR) rcsD $@ $(OBJ)
-	
-$(OUT_DIR)/%.o: $(PROTECTED_FS_PROJECT_ROOT)/%.cpp
-	mkdir -p $(OUT_DIR)/$(TSGX_DIR)
-	mkdir -p $(OUT_DIR)/$(USGX_DIR)
-	$(CXX) $(CXXFLAGS) $(INCLUDE)  -c $< -o $@
-
-$(EXAMPLE_EXE): $(TARGET)
-	$(CXX) -m64 -O2 $(INCLUDE) $(EXAMPLE_SRC) $(TARGET) $(EXAMPLE_DEP_OPTION) -o $(EXAMPLE_EXE)

-
-.PHONY: clean
-clean:
-	@$(RM) $(OBJ)
-	@$(RM) $(TARGET) 
-	@$(RM) $(EXAMPLE_EXE) 
-	@$(RM) $(EXAMPLE_OUTPUT) 
-
-.PHONY: rebuild
-rebuild: 
-	$(MAKE) clean 
-	$(MAKE) all
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh b/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh
new file mode 100644
index 0000000..0a64e7c
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/build.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e 
+
+display_usage() { 
+	printf "Usage:\n  %s --build <dir> --mode {sgx|non_sgx} \n"  "$(basename "$0")"
+} 
+
+OPTS=`getopt -o b:m: --long build:,mode: -n 'parse-options' -- "$@"`
+
+if [ $? != 0 ]
+then 
+    display_usage
+    exit 1
+fi
+
+while true; do
+  case "$1" in
+    -b | --build ) BUILD_DIR="$2"; shift; shift ;;
+    -m | --mode) 
+        case "$2" in 
+            sgx) MODE="-DNON_SGX_PROTECTED_FS=OFF";;
+            non_sgx) MODE="-DNON_SGX_PROTECTED_FS=ON";;
+            *) echo "Invalid mode provided!";;
+        esac
+        shift; shift ;;
+    -- ) shift; break ;;
+    * ) break ;;
+  esac
+done
+
+if [ -z "$BUILD_DIR" ] || [ -z "$MODE" ]
+then 
+    display_usage
+    exit 1
+fi
+
+SOURCE_DIR="$( cd "$(dirname "$0")" ; pwd -P )"
+
+mkdir -p "${BUILD_DIR}"
+cd "${BUILD_DIR}"
+cmake "${MODE}" "${SOURCE_DIR}"
+cmake --build .
+
+# Final libraries will be installed to $BUILD_DIR/target
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h
new file mode 100644
index 0000000..f14c45a
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/sgx_tprotected_fs_u.h
@@ -0,0 +1,44 @@
+#ifndef SGX_TPROTECTED_FS_U_H__
+#define SGX_TPROTECTED_FS_U_H__
+
+#include <stdint.h>
+#include <wchar.h>
+#include <stddef.h>
+#include <string.h>
+#include "sgx_edger8r.h" /* for sgx_satus_t etc. */
+
+
+#include <stdlib.h> /* for size_t */
+
+#define SGX_CAST(type, item) ((type)(item))
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+void* SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_exclusive_file_open, (const char* filename,
uint8_t read_only, int64_t* file_size, int32_t* error_code));
+uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_check_if_file_exists, (const char*
filename));
+int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fread_node, (void* f, uint64_t node_number,
uint8_t* buffer, uint32_t node_size));
+int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fwrite_node, (void* f, uint64_t node_number,
uint8_t* buffer, uint32_t node_size));
+int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fclose, (void* f));
+uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fflush, (void* f));
+int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_remove, (const char* filename));
+void* SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_recovery_file_open, (const char* filename));
+uint8_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_fwrite_recovery_node, (void* f, uint8_t*
data, uint32_t data_length));
+int32_t SGX_UBRIDGE(SGX_NOCONVENTION, u_sgxprotectedfs_do_file_recovery, (const char* filename,
const char* recovery_filename, uint32_t node_size));
+sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, create_session_ocall, (uint32_t* sid, uint8_t*
dh_msg1, uint32_t dh_msg1_size, uint32_t timeout));
+sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, exchange_report_ocall, (uint32_t sid, uint8_t*
dh_msg2, uint32_t dh_msg2_size, uint8_t* dh_msg3, uint32_t dh_msg3_size, uint32_t timeout));
+sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, close_session_ocall, (uint32_t sid, uint32_t timeout));
+sgx_status_t SGX_UBRIDGE(SGX_NOCONVENTION, invoke_service_ocall, (uint8_t* pse_message_req,
uint32_t pse_message_req_size, uint8_t* pse_message_resp, uint32_t pse_message_resp_size,
uint32_t timeout));
+void SGX_UBRIDGE(SGX_CDECL, sgx_oc_cpuidex, (int cpuinfo[4], int leaf, int subleaf));
+int SGX_UBRIDGE(SGX_CDECL, sgx_thread_wait_untrusted_event_ocall, (const void* self));
+int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_untrusted_event_ocall, (const void* waiter));
+int SGX_UBRIDGE(SGX_CDECL, sgx_thread_setwait_untrusted_events_ocall, (const void* waiter,
const void* self));
+int SGX_UBRIDGE(SGX_CDECL, sgx_thread_set_multiple_untrusted_events_ocall, (const void**
waiters, size_t total));
+
+
+#ifdef __cplusplus
+}
+#endif /* __cplusplus */
+
+#endif
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h
new file mode 100644
index 0000000..1fe81f0
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/inc/tseal_migration_attr.h
@@ -0,0 +1,53 @@
+/*
+ * Copyright (C) 2011-2019 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+ 
+#ifndef TSEAL_MIGRATION_ATTR_H_
+#define TSEAL_MIGRATION_ATTR_H_
+
+#include "sgx_attributes.h"
+ 
+/* Set the bits which have no security implications to 0 for sealed data migration */
+/* Bits which have no security implications in attributes.flags:
+ *    Reserved bit[55:6]  - 0xFFFFFFFFFFFFC0ULL
+ *    SGX_FLAGS_MODE64BIT
+ *    SGX_FLAGS_PROVISION_KEY
+ *    SGX_FLAGS_EINITTOKEN_KEY */
+#define FLAGS_NON_SECURITY_BITS     (0xFFFFFFFFFFFFC0ULL | SGX_FLAGS_MODE64BIT | SGX_FLAGS_PROVISION_KEY|
SGX_FLAGS_EINITTOKEN_KEY)
+#define TSEAL_DEFAULT_FLAGSMASK     (~FLAGS_NON_SECURITY_BITS)
+
+#define FLAGS_SECURITY_BITS_RESERVED (~(FLAGS_NON_SECURITY_BITS | SGX_FLAGS_INITTED | SGX_FLAGS_DEBUG
| SGX_FLAGS_KSS))
+
+
+#define MISC_NON_SECURITY_BITS      0x0FFFFFFF  /* bit[27:0]: have no security implications
*/
+#define TSEAL_DEFAULT_MISCMASK      (~MISC_NON_SECURITY_BITS)
+ 
+#endif
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h b/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in
similarity index 78%
rename from mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h
rename to mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in
index 89ae62b..4c8a42d 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/protected_fs_config.h.in
@@ -11,5 +11,6 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-
-#define NON_SGX_PROTECTED_FS
\ No newline at end of file
+#define PROTECTED_FS_VERSION_MAJOR @PROTECTED_FS_VERSION_MAJOR@
+#define PROTECTED_FS_VERSION_MINOR @PROTECTED_FS_VERSION_MINOR@
+#cmakedefine NON_SGX_PROTECTED_FS
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl
new file mode 100644
index 0000000..59e8e66
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.edl
@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+enclave {
+
+from "sgx_tae_service.edl" import *;
+
+    untrusted {
+		void*   u_sgxprotectedfs_exclusive_file_open([in, string] const char* filename, uint8_t
read_only, [out] int64_t* file_size, [out] int32_t* error_code);
+		uint8_t u_sgxprotectedfs_check_if_file_exists([in, string] const char* filename);
+		int32_t u_sgxprotectedfs_fread_node([user_check] void* f, uint64_t node_number, [out, size=node_size]
uint8_t* buffer, uint32_t node_size);
+		int32_t u_sgxprotectedfs_fwrite_node([user_check] void* f, uint64_t node_number, [in, size=node_size]
uint8_t* buffer, uint32_t node_size);
+		int32_t u_sgxprotectedfs_fclose([user_check] void* f);
+		uint8_t u_sgxprotectedfs_fflush([user_check] void* f);
+		int32_t u_sgxprotectedfs_remove([in, string] const char* filename);
+
+		void*   u_sgxprotectedfs_recovery_file_open([in, string] const char* filename);
+		uint8_t u_sgxprotectedfs_fwrite_recovery_node([user_check] void* f, [in, count=data_length]
uint8_t* data, uint32_t data_length);
+		int32_t u_sgxprotectedfs_do_file_recovery([in, string] const char* filename, [in, string]
const char* recovery_filename, uint32_t node_size);
+    };
+};
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h
index 6c81f54..56c27f0 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs.h
@@ -259,6 +259,14 @@ int32_t SGXAPI sgx_fimport_auto_key(const char* filename, const sgx_key_128bit_t
 */
 int32_t SGXAPI sgx_fclear_cache(SGX_FILE* stream);
 
+/*
+*
+*
+*/
+#define SGX_AESGCM_MAC_SIZE             16
+typedef uint8_t aead_128bit_tag_t[SGX_AESGCM_MAC_SIZE];
+typedef aead_128bit_tag_t sgx_aes_gcm_128bit_tag_t;
+int32_t SGXAPI sgx_get_current_meta_gmac(SGX_FILE* stream, sgx_aes_gcm_128bit_tag_t out_gmac);
 
 #ifdef __cplusplus
 }
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt
new file mode 100644
index 0000000..7daef15
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/CMakeLists.txt
@@ -0,0 +1,22 @@
+# for common header sgx_tprotected_fs.h
+include_directories("${PROJECT_SOURCE_DIR}")
+
+if (NOT NON_SGX_PROTECTED_FS)
+include_directories("${SGX_SDK}/include")
+include_directories("${SGX_SDK}/include/tlibc")
+include_directories("${SGX_SDK}/include/libcxx")
+endif()
+
+add_library(tprotected_fs STATIC 
+    file_crypto.cpp
+    file_flush.cpp
+    file_init.cpp
+    file_other.cpp
+    file_read_write.cpp
+    file_version.cpp
+    lru_cache.cpp
+    sgx_tprotected_fs.cpp 
+    non_sgx_protected_fs.cpp
+)
+
+install (TARGETS tprotected_fs DESTINATION bin)
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md
deleted file mode 100644
index 3d5259f..0000000
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/Readme.md
+++ /dev/null
@@ -1,3 +0,0 @@
-# Note
-
-Please visit our [homepage](https://github.com/baidu/rust-sgx-sdk) for usage. Thanks!
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp
index 55c59f0..1947ba2 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/file_other.cpp
@@ -387,3 +387,14 @@ int32_t protected_fs_file::clear_cache()
 	return 0;
 }
 
+
+int32_t protected_fs_file::get_current_meta_gmac(sgx_aes_gcm_128bit_tag_t out_gmac) {
+	if (out_gmac == NULL) {
+		return 1;
+	}
+
+	sgx_thread_mutex_lock(&mutex);
+	memcpy(out_gmac, file_meta_data.plain_part.meta_data_gmac, sizeof(sgx_aes_gcm_128bit_tag_t));
+	sgx_thread_mutex_unlock(&mutex);
+	return 0;
+}
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp
index 34e3232..6f931a9 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/non_sgx_protected_fs.cpp
@@ -12,6 +12,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+#include "protected_fs_config.h"
+
+#ifdef NON_SGX_PROTECTED_FS
+
 #include "non_sgx_protected_fs.h"
 #include "openssl/cmac.h"
 #include "openssl/err.h"
@@ -306,4 +310,6 @@ consttime_memequal(const void *b1, const void *b2, size_t len)
 	 * certain CPUs for `!res'.
 	 */
 	return (1 & ((res - 1) >> 8));
-}
\ No newline at end of file
+}
+
+#endif
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h
index d7fe52a..5aae06f 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/protected_fs_file.h
@@ -226,6 +226,9 @@ public:
 	bool flush(/*bool mc*/);
 	bool pre_close(sgx_key_128bit_t* key, bool import);
 	static int32_t remove(const char* filename);
+
+	// Add for MesaTEE
+	int32_t get_current_meta_gmac(sgx_aes_gcm_128bit_tag_t out_gmac);
 };
 
 #pragma pack(pop)
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp
index c431aa5..60f7a35 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_tprotected_fs/sgx_tprotected_fs.cpp
@@ -234,4 +234,12 @@ int32_t sgx_fclear_cache(SGX_FILE* stream)
 }
 
 
+// Add for MesaTEE
+int32_t sgx_get_current_meta_gmac(SGX_FILE* stream, sgx_aes_gcm_128bit_tag_t out_gmac)
+{
+	if (stream == NULL)
+		return 1;
+	protected_fs_file* file = (protected_fs_file*)stream;
+	return file->get_current_meta_gmac(out_gmac);
+}
 
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt
new file mode 100644
index 0000000..5f197bf
--- /dev/null
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/CMakeLists.txt
@@ -0,0 +1,11 @@
+
+if (NOT NON_SGX_PROTECTED_FS)
+include_directories("${SGX_SDK}/include")
+endif()
+
+
+add_library(uprotected_fs STATIC 
+    sgx_uprotected_fs.cpp 
+)
+
+install (TARGETS uprotected_fs DESTINATION bin)
\ No newline at end of file
diff --git a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp
b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp
index f8b603d..34478bd 100644
--- a/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp
+++ b/mesatee_utils/protected_fs_rs/protected_fs_c/sgx_uprotected_fs/sgx_uprotected_fs.cpp
@@ -29,7 +29,7 @@
 #include <stdint.h>
 #else
 #include "sgx_tprotected_fs_u.h"
-#include <uprotected_fs.h>
+#include "uprotected_fs.h"
 #endif
 
 
diff --git a/mesatee_utils/protected_fs_rs/src/deps.rs b/mesatee_utils/protected_fs_rs/src/deps.rs
index 975a56c..68ca842 100644
--- a/mesatee_utils/protected_fs_rs/src/deps.rs
+++ b/mesatee_utils/protected_fs_rs/src/deps.rs
@@ -22,6 +22,7 @@ cfg_if! {
 
         pub(crate) use sgx_types::size_t;
         pub(crate) use sgx_types::sgx_key_128bit_t;
+        pub(crate) use sgx_types::sgx_aes_gcm_128bit_tag_t;
 
         pub(crate) use sgx_types::{c_char, c_int};
         pub(crate) use sgx_types::{int32_t, int64_t};
@@ -36,6 +37,7 @@ cfg_if! {
 
         pub(crate) use libc::size_t;
         pub(crate) type sgx_key_128bit_t = [u8; 16];
+        pub(crate) type sgx_aes_gcm_128bit_tag_t = [u8; 16];
 
         pub(crate) use std::os::raw::{c_char, c_int};
         pub(crate) type int32_t = i32;
diff --git a/mesatee_utils/protected_fs_rs/src/lib.rs b/mesatee_utils/protected_fs_rs/src/lib.rs
index 7cd730c..2e82525 100644
--- a/mesatee_utils/protected_fs_rs/src/lib.rs
+++ b/mesatee_utils/protected_fs_rs/src/lib.rs
@@ -11,10 +11,15 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-
 #![cfg_attr(feature = "mesalock_sgx", no_std)]
+
 #[cfg(feature = "mesalock_sgx")]
+#[macro_use]
 extern crate sgx_tstd as std;
+#[cfg(feature = "mesalock_sgx")]
+extern crate sgx_trts;
+#[cfg(feature = "mesalock_sgx")]
+extern crate sgx_types;
 
 mod deps;
 mod protected_fs;
diff --git a/mesatee_utils/protected_fs_rs/src/protected_fs.rs b/mesatee_utils/protected_fs_rs/src/protected_fs.rs
index d63da23..d3d1409 100644
--- a/mesatee_utils/protected_fs_rs/src/protected_fs.rs
+++ b/mesatee_utils/protected_fs_rs/src/protected_fs.rs
@@ -17,6 +17,7 @@
 #[cfg(feature = "mesalock_sgx")]
 use std::prelude::v1::*;
 
+use crate::deps::sgx_aes_gcm_128bit_tag_t;
 use crate::deps::sgx_key_128bit_t;
 use crate::sgx_fs_inner as fs_imp;
 use std::io::{self, Read, Seek, SeekFrom, Write};
@@ -77,6 +78,13 @@ impl ProtectedFile {
     pub fn clear_cache(&self) -> io::Result<()> {
         self.inner.clear_cache()
     }
+
+    pub fn get_current_meta_gmac(
+        &self,
+        meta_gmac: &mut sgx_aes_gcm_128bit_tag_t,
+    ) -> io::Result<()> {
+        self.inner.get_current_meta_gmac(meta_gmac)
+    }
 }
 
 impl Read for ProtectedFile {
@@ -231,7 +239,7 @@ pub fn import_auto_key<P: AsRef<Path>>(path: P, key: &sgx_key_128bit_t)
-> io::R
 mod tests {
     use crate::remove_protected_file;
     use crate::ProtectedFile;
-    use rand::prelude::RngCore;
+    use rand_core::RngCore;
     use std::io::{Read, Write};
 
     #[test]
@@ -243,7 +251,7 @@ mod tests {
         let write_size;
         let read_size;
         {
-            let mut rng = rand::thread_rng();
+            let mut rng = rdrand::RdRand::new().unwrap();
             rng.fill_bytes(&mut write_data);
 
             let opt = ProtectedFile::create_ex("sgx_file", &key);
@@ -282,10 +290,6 @@ mod tests {
             assert_eq!(opt.is_err(), true);
         }
         {
-            let opt = ProtectedFile::open_ex("/dev/isgx", &key);
-            assert_eq!(opt.is_ok(), true);
-        }
-        {
             let opt = ProtectedFile::create_ex("/", &key);
             assert_eq!(opt.is_err(), true);
         }
diff --git a/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs b/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs
index 45cf388..43767c4 100644
--- a/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs
+++ b/mesatee_utils/protected_fs_rs/src/sgx_fs_inner.rs
@@ -20,6 +20,7 @@ use std::io::{self, Error, SeekFrom};
 use std::path::Path;
 
 use crate::deps::libc;
+use crate::deps::sgx_aes_gcm_128bit_tag_t;
 use crate::deps::sgx_key_128bit_t;
 
 use crate::sgx_tprotected_fs::{self, SgxFileStream};
@@ -130,11 +131,12 @@ impl SgxFile {
             SeekFrom::Current(off) => (sgx_tprotected_fs::SeekFrom::Current, off),
         };
 
-        self.0
+        r#try!(self
+            .0
             .seek(offset, whence)
-            .map_err(Error::from_raw_os_error)?;
+            .map_err(|err| { Error::from_raw_os_error(err) }));
 
-        let offset = self.tell()?;
+        let offset = r#try!(self.tell());
         Ok(offset as u64)
     }
 
@@ -153,6 +155,15 @@ impl SgxFile {
     pub fn clear_cache(&self) -> io::Result<()> {
         self.0.clear_cache().map_err(Error::from_raw_os_error)
     }
+
+    pub fn get_current_meta_gmac(
+        &self,
+        meta_gmac: &mut sgx_aes_gcm_128bit_tag_t,
+    ) -> io::Result<()> {
+        self.0
+            .get_current_meta_gmac(meta_gmac)
+            .map_err(Error::from_raw_os_error)
+    }
 }
 
 pub fn remove(path: &Path) -> io::Result<()> {
diff --git a/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs b/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs
index 830a6b4..95937d3 100644
--- a/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs
+++ b/mesatee_utils/protected_fs_rs/src/sgx_tprotected_fs.rs
@@ -20,6 +20,7 @@ use crate::deps::c_void;
 use crate::deps::cmp;
 use crate::deps::errno;
 use crate::deps::libc;
+use crate::deps::sgx_aes_gcm_128bit_tag_t;
 use crate::deps::sgx_key_128bit_t;
 use crate::deps::size_t;
 use crate::deps::CStr;
@@ -68,6 +69,11 @@ extern "C" {
     pub fn sgx_fimport_auto_key(filename: *const c_char, key: *const sgx_key_128bit_t) ->
int32_t;
 
     pub fn sgx_fclear_cache(stream: SGX_FILE) -> int32_t;
+
+    pub fn sgx_get_current_meta_gmac(
+        stream: SGX_FILE,
+        out_gmac: *mut sgx_aes_gcm_128bit_tag_t,
+    ) -> int32_t;
 }
 
 fn max_len() -> usize {
@@ -119,7 +125,7 @@ unsafe fn rsgx_fread(stream: SGX_FILE, buf: &mut [u8]) -> SysResult<usize>
{
     let ret_size = sgx_fread(buf.as_mut_ptr() as *mut c_void, 1, read_size, stream);
 
     if ret_size != read_size {
-        let is_eof = rsgx_feof(stream)?;
+        let is_eof = r#try!(rsgx_feof(stream));
         if is_eof {
             Ok(ret_size)
         } else {
@@ -217,6 +223,22 @@ unsafe fn rsgx_fclear_cache(stream: SGX_FILE) -> SysError {
     }
 }
 
+unsafe fn rsgx_get_current_meta_gmac(
+    stream: SGX_FILE,
+    out_gmac: &mut sgx_aes_gcm_128bit_tag_t,
+) -> SysError {
+    if stream.is_null() {
+        return Err(libc::EINVAL);
+    }
+
+    let ret = sgx_get_current_meta_gmac(stream, out_gmac as *mut sgx_aes_gcm_128bit_tag_t);
+    if ret == 0 {
+        Ok(())
+    } else {
+        Err(rsgx_ferror(stream))
+    }
+}
+
 unsafe fn rsgx_remove(filename: &CStr) -> SysError {
     let ret = sgx_remove(filename.as_ptr());
     if ret == 0 {
@@ -567,6 +589,10 @@ impl SgxFileStream {
     pub fn clear_cache(&self) -> SysError {
         unsafe { rsgx_fclear_cache(self.stream) }
     }
+
+    pub fn get_current_meta_gmac(&self, meta_gmac: &mut sgx_aes_gcm_128bit_tag_t)
-> SysError {
+        unsafe { rsgx_get_current_meta_gmac(self.stream, meta_gmac) }
+    }
 }
 
 ///
diff --git a/mesatee_utils/protected_fs_rs/tests/large_file.rs b/mesatee_utils/protected_fs_rs/tests/large_file.rs
index fec2c64..f136415 100644
--- a/mesatee_utils/protected_fs_rs/tests/large_file.rs
+++ b/mesatee_utils/protected_fs_rs/tests/large_file.rs
@@ -1,21 +1,36 @@
+// Copyright 2019 MesaTEE Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
 extern crate protected_fs;
 use protected_fs::{remove_protected_file, ProtectedFile};
-use rand::prelude::RngCore;
+use rand_core::RngCore;
 use std::io::{Read, Write};
 
 #[test]
 fn test_large_file() {
     const BLOCK_SIZE: usize = 2048;
-    const NBLOCKS: usize = 0x100000;
+    const NBLOCKS: usize = 0x0010_0000;
 
     let key = [90u8; 16];
+    let mut auth_tag = [0u8; 16];
 
     let mut write_data = [0u8; BLOCK_SIZE];
     let mut read_data = [0u8; BLOCK_SIZE];
+
     let mut write_size;
     let mut read_size;
 
-    let mut rng = rand::thread_rng();
+    let mut rng = rdrand::RdRand::new().unwrap();
     rng.fill_bytes(&mut write_data);
     let fname = "large_file";
 
@@ -29,12 +44,26 @@ fn test_large_file() {
             write_size = result.unwrap();
             assert_eq!(write_size, write_data.len());
         }
+
+        // Flush before we get the final auth_tag
+        let result = file.flush();
+        assert_eq!(result.is_ok(), true);
+
+        let result = file.get_current_meta_gmac(&mut auth_tag);
+        assert_eq!(result.is_ok(), true);
     }
 
     {
+        let mut auth_tag_in_file = [0xffu8; 16];
         let opt = ProtectedFile::open_ex(fname, &key);
         assert_eq!(opt.is_ok(), true);
         let mut file = opt.unwrap();
+
+        let result = file.get_current_meta_gmac(&mut auth_tag_in_file);
+        assert_eq!(result.is_ok(), true);
+
+        assert_eq!(auth_tag_in_file, auth_tag);
+
         for _i in 0..NBLOCKS {
             let result = file.read(&mut read_data);
             assert_eq!(result.is_ok(), true);


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@mesatee.apache.org
For additional commands, e-mail: commits-help@mesatee.apache.org


Mime
View raw message