pal_linux.h 6.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225
  1. /* -*- mode:c; c-file-style:"k&r"; c-basic-offset: 4; tab-width:4; indent-tabs-mode:nil; mode:auto-fill; fill-column:78; -*- */
  2. /* vim: set ts=4 sw=4 et tw=78 fo=cqt wm=0: */
  3. /* Copyright (C) 2014 Stony Brook University
  4. This file is part of Graphene Library OS.
  5. Graphene Library OS is free software: you can redistribute it and/or
  6. modify it under the terms of the GNU Lesser General Public License
  7. as published by the Free Software Foundation, either version 3 of the
  8. License, or (at your option) any later version.
  9. Graphene Library OS is distributed in the hope that it will be useful,
  10. but WITHOUT ANY WARRANTY; without even the implied warranty of
  11. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  12. GNU Lesser General Public License for more details.
  13. You should have received a copy of the GNU Lesser General Public License
  14. along with this program. If not, see <http://www.gnu.org/licenses/>. */
  15. #ifndef PAL_LINUX_H
  16. #define PAL_LINUX_H
  17. #include "pal_defs.h"
  18. #include "pal_linux_defs.h"
  19. #include "pal.h"
  20. #include "api.h"
  21. #include "linux_types.h"
  22. #include "sgx_arch.h"
  23. #include "sgx_tls.h"
  24. #include "sgx_api.h"
  25. #include "enclave_ocalls.h"
  26. #ifdef __x86_64__
  27. # include "sysdep-x86_64.h"
  28. #endif
  29. #define IS_ERR INTERNAL_SYSCALL_ERROR
  30. #define IS_ERR_P INTERNAL_SYSCALL_ERROR_P
  31. #define ERRNO INTERNAL_SYSCALL_ERRNO
  32. #define ERRNO_P INTERNAL_SYSCALL_ERRNO_P
  33. extern struct pal_linux_state {
  34. PAL_NUM parent_process_id;
  35. PAL_NUM process_id;
  36. const char ** environ;
  37. /* credentials */
  38. unsigned int uid, gid;
  39. /* currently enabled signals */
  40. __sigset_t sigset;
  41. __sigset_t blocked_signals;
  42. /* enclave */
  43. const char * runtime_dir;
  44. } linux_state;
  45. #include <asm/mman.h>
  46. #define PRESET_PAGESIZE (1 << 12)
  47. #define DEFAULT_BACKLOG 2048
  48. static inline int HOST_FLAGS (int alloc_type, int prot)
  49. {
  50. return ((alloc_type & PAL_ALLOC_RESERVE) ? MAP_NORESERVE|MAP_UNINITIALIZED : 0) |
  51. ((prot & PAL_PROT_WRITECOPY) ? MAP_PRIVATE : MAP_SHARED);
  52. }
  53. static inline int HOST_PROT (int prot)
  54. {
  55. return prot & (PAL_PROT_READ|PAL_PROT_WRITE|PAL_PROT_EXEC);
  56. }
  57. #define ACCESS_R 4
  58. #define ACCESS_W 2
  59. #define ACCESS_X 1
  60. struct stat;
  61. bool stataccess (struct stat * stats, int acc);
  62. #ifdef IN_ENCLAVE
  63. /* Locking and unlocking of Mutexes */
  64. int __DkMutexCreate (struct mutex_handle * mut);
  65. int _DkMutexAtomicCreate (struct mutex_handle * mut);
  66. int __DkMutexDestroy (struct mutex_handle * mut);
  67. int _DkMutexLock (struct mutex_handle * mut);
  68. int _DkMutexLockTimeout (struct mutex_handle * mut, uint64_t timeout);
  69. int _DkMutexUnlock (struct mutex_handle * mut);
  70. int * get_futex (void);
  71. void free_futex (int * futex);
  72. extern char __text_start, __text_end, __data_start, __data_end;
  73. #define TEXT_START (void *) (&__text_start)
  74. #define TEXT_END (void *) (&__text_end)
  75. #define DATA_START (void *) (&__text_start)
  76. #define DATA_END (void *) (&__text_end)
  77. typedef struct { char bytes[32]; } sgx_checksum_t;
  78. typedef struct { char bytes[16]; } sgx_stub_t;
  79. int init_trusted_files (void);
  80. int load_trusted_file
  81. (PAL_HANDLE file, sgx_stub_t ** stubptr, uint64_t * sizeptr);
  82. int verify_trusted_file
  83. (const char * uri, void * mem, unsigned int offset, unsigned int size,
  84. sgx_stub_t * stubs, unsigned int total_size);
  85. int init_trusted_children (void);
  86. int register_trusted_child (const char * uri, const char * mrenclave_str);
  87. /* if a stream is encrypted, its key is 256 bit */
  88. typedef uint8_t PAL_SESSION_KEY [32];
  89. typedef uint8_t PAL_MAC_KEY [16];
  90. static inline
  91. void session_key_to_mac_key (PAL_SESSION_KEY * session_key,
  92. PAL_MAC_KEY * mac_key)
  93. {
  94. uint8_t * s = (void *) session_key;
  95. uint8_t * m = (void *) mac_key;
  96. for (int i = 0 ; i < 16 ; i++)
  97. m[i] = s[i] ^ s[16 + i];
  98. }
  99. /* exchange and establish a 256-bit session key */
  100. int _DkStreamKeyExchange (PAL_HANDLE stream, PAL_SESSION_KEY * key);
  101. /* request and respond for remote attestation */
  102. int _DkStreamAttestationRequest (PAL_HANDLE stream, void * data,
  103. int (*check_mrenclave) (sgx_arch_hash_t *,
  104. void *, void *),
  105. void * check_param);
  106. int _DkStreamAttestationRespond (PAL_HANDLE stream, void * data,
  107. int (*check_mrenclave) (sgx_arch_hash_t *,
  108. void *, void *),
  109. void * check_param);
  110. /* enclave state used for generating report */
  111. #define PAL_ATTESTATION_DATA_SIZE 24
  112. extern struct pal_enclave_state {
  113. uint64_t enclave_flags; /* flags to specify the state of the
  114. enclave */
  115. uint8_t data[PAL_ATTESTATION_DATA_SIZE];
  116. /* reserved for filling other data */
  117. uint8_t enclave_keyhash[32]; /* SHA256 digest of enclave's public key
  118. can also be used as an identifier of the
  119. enclave */
  120. } __attribute__((packed, aligned (128))) pal_enclave_state;
  121. #include "sgx_arch.h"
  122. #define PAL_ENCLAVE_INITIALIZED 0x0001ULL
  123. extern struct pal_enclave_config {
  124. sgx_arch_hash_t mrenclave;
  125. sgx_arch_attributes_t enclave_attributes;
  126. void * enclave_key;
  127. } pal_enclave_config;
  128. static inline __attribute__((always_inline))
  129. char * __hex2str(void * hex, int size)
  130. {
  131. static char * ch = "0123456789abcdef";
  132. char * str = __alloca(size * 2 + 1);
  133. for (int i = 0 ; i < size ; i++) {
  134. unsigned char h = ((unsigned char *) hex)[i];
  135. str[i * 2] = ch[h / 16];
  136. str[i * 2 + 1] = ch[h % 16];
  137. }
  138. str[size * 2] = 0;
  139. return str;
  140. }
  141. #define hex2str(array) __hex2str(array, sizeof(array))
  142. #else
  143. #ifdef DEBUG
  144. # ifndef SIGCHLD
  145. # define SIGCHLD 17
  146. # endif
  147. # define ARCH_VFORK() \
  148. (current_enclave->pal_sec.in_gdb ? \
  149. INLINE_SYSCALL(clone, 4, CLONE_VM|CLONE_VFORK|SIGCHLD, 0, NULL, NULL) :\
  150. INLINE_SYSCALL(clone, 4, CLONE_VM|CLONE_VFORK, 0, NULL, NULL))
  151. #else
  152. # define ARCH_VFORK() \
  153. (INLINE_SYSCALL(clone, 4, CLONE_VM|CLONE_VFORK, 0, NULL, NULL))
  154. #endif
  155. #endif /* IN_ENCLAVE */
  156. #define DBG_E 0x01
  157. #define DBG_I 0x02
  158. #define DBG_D 0x04
  159. #define DBG_S 0x08
  160. #define DBG_P 0x10
  161. #define DBG_M 0x20
  162. #ifdef DEBUG
  163. # define DBG_LEVEL (DBG_E|DBG_I|DBG_D|DBG_S)
  164. #else
  165. # define DBG_LEVEL (DBG_E)
  166. #endif
  167. #ifdef IN_ENCLAVE
  168. #define SGX_DBG(class, fmt...) \
  169. do { if ((class) & DBG_LEVEL) printf(fmt); } while (0)
  170. #else
  171. int pal_printf(const char * fmt, ...);
  172. #define SGX_DBG(class, fmt...) \
  173. do { if ((class) & DBG_LEVEL) pal_printf(fmt); } while (0)
  174. #endif
  175. #endif /* PAL_LINUX_H */