forked from keystone-enclave/sm
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathenclave.h
135 lines (117 loc) · 3.91 KB
/
enclave.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
//******************************************************************************
// Copyright (c) 2018, The Regents of the University of California (Regents).
// All Rights Reserved. See LICENSE for license details.
//------------------------------------------------------------------------------
#ifndef _ENCLAVE_H_
#define _ENCLAVE_H_
#ifndef TARGET_PLATFORM_HEADER
#error "SM requires a defined platform to build"
#endif
#include "sm.h"
#include "pmp.h"
#include "thread.h"
#include "crypto.h"
// Special target platform header, set by configure script
#include TARGET_PLATFORM_HEADER
#define ATTEST_DATA_MAXLEN 1024
#define ENCLAVE_REGIONS_MAX 8
/* TODO: does not support multithreaded enclave yet */
#define MAX_ENCL_THREADS 1
typedef enum {
INVALID = -1,
DESTROYING = 0,
ALLOCATED,
FRESH,
STOPPED,
RUNNING,
} enclave_state;
/* Enclave stop reasons requested */
#define STOP_TIMER_INTERRUPT 0
#define STOP_EDGE_CALL_HOST 1
#define STOP_EXIT_ENCLAVE 2
/* For now, eid's are a simple unsigned int */
typedef unsigned int enclave_id;
/* Metadata around memory regions associate with this enclave
* EPM is the 'home' for the enclave, contains runtime code/etc
* UTM is the untrusted shared pages
* OTHER is managed by some other component (e.g. platform_)
* INVALID is an unused index
*/
enum enclave_region_type{
REGION_INVALID,
REGION_EPM,
REGION_UTM,
REGION_OTHER,
};
struct enclave_region
{
region_id pmp_rid;
enum enclave_region_type type;
};
/* enclave metadata */
struct enclave
{
//spinlock_t lock; //local enclave lock. we don't need this until we have multithreaded enclave
enclave_id eid; //enclave id
unsigned long encl_satp; // enclave's page table base
enclave_state state; // global state of the enclave
/* Physical memory regions associate with this enclave */
struct enclave_region regions[ENCLAVE_REGIONS_MAX];
/* measurement */
byte hash[MDSIZE];
byte sign[SIGNATURE_SIZE];
/* parameters */
struct runtime_va_params_t params;
struct runtime_pa_params pa_params;
/* enclave execution context */
unsigned int n_thread;
struct thread_state threads[MAX_ENCL_THREADS];
struct platform_enclave_data ped;
};
/* attestation reports */
struct enclave_report
{
byte hash[MDSIZE];
uint64_t data_len;
byte data[ATTEST_DATA_MAXLEN];
byte signature[SIGNATURE_SIZE];
};
struct sm_report
{
byte hash[MDSIZE];
byte public_key[PUBLIC_KEY_SIZE];
byte signature[SIGNATURE_SIZE];
};
struct report
{
struct enclave_report enclave;
struct sm_report sm;
byte dev_public_key[PUBLIC_KEY_SIZE];
};
/* sealing key structure */
#define SEALING_KEY_SIZE 128
struct sealing_key
{
uint8_t key[SEALING_KEY_SIZE];
uint8_t signature[SIGNATURE_SIZE];
};
/*** SBI functions & external functions ***/
// callables from the host
unsigned long create_enclave(unsigned long *eid, struct keystone_sbi_create create_args);
unsigned long destroy_enclave(enclave_id eid);
unsigned long run_enclave(struct sbi_trap_regs *regs, enclave_id eid);
unsigned long resume_enclave(struct sbi_trap_regs *regs, enclave_id eid);
// callables from the enclave
unsigned long exit_enclave(struct sbi_trap_regs *regs, enclave_id eid);
unsigned long stop_enclave(struct sbi_trap_regs *regs, uint64_t request, enclave_id eid);
unsigned long attest_enclave(uintptr_t report, uintptr_t data, uintptr_t size, enclave_id eid);
/* attestation and virtual mapping validation */
unsigned long validate_and_hash_enclave(struct enclave* enclave);
// TODO: These functions are supposed to be internal functions.
void enclave_init_metadata();
unsigned long copy_enclave_create_args(uintptr_t src, struct keystone_sbi_create* dest);
int get_enclave_region_index(enclave_id eid, enum enclave_region_type type);
uintptr_t get_enclave_region_base(enclave_id eid, int memid);
uintptr_t get_enclave_region_size(enclave_id eid, int memid);
unsigned long get_sealing_key(uintptr_t seal_key, uintptr_t key_ident, size_t key_ident_size, enclave_id eid);
#endif