protected_fs_nodes.h 5.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #pragma once
  32. #ifndef _PROTECTED_FS_NODES_H_
  33. #define _PROTECTED_FS_NODES_H_
  34. #include <stdint.h>
  35. #include <sgx_report.h>
  36. #include <sgx_tcrypto.h>
  37. #include <sgx_tae_service.h>
  38. #pragma pack(push, 1)
  39. #define NODE_SIZE 4096
  40. // the rest of the 'defines' are relative to node size, so we can decrease node size in tests and have deeper tree
  41. // compile time checks
  42. #define COMPILE_TIME_ASSERT(compile_time_assert_name,compile_time_assert_condition) \
  43. typedef unsigned char compile_time_assert_name[(compile_time_assert_condition) ? 1 : -1]
  44. typedef uint8_t sgx_iv_t[SGX_AESGCM_IV_SIZE];
  45. #define SGX_FILE_ID 0x5347585F46494C45 // SGX_FILE
  46. #define SGX_FILE_MAJOR_VERSION 0x01
  47. #define SGX_FILE_MINOR_VERSION 0x00
  48. typedef struct _meta_data_plain
  49. {
  50. uint64_t file_id;
  51. uint8_t major_version;
  52. uint8_t minor_version;
  53. sgx_key_id_t meta_data_key_id;
  54. sgx_cpu_svn_t cpu_svn;
  55. sgx_isv_svn_t isv_svn;
  56. uint8_t use_user_kdk_key;
  57. sgx_attributes_t attribute_mask;
  58. sgx_aes_gcm_128bit_tag_t meta_data_gmac;
  59. uint8_t update_flag;
  60. } meta_data_plain_t;
  61. // these are all defined as relative to node size, so we can decrease node size in tests and have deeper tree
  62. #define FILENAME_MAX_LEN 260
  63. #define MD_USER_DATA_SIZE (NODE_SIZE*3/4) // 3072
  64. COMPILE_TIME_ASSERT(md_user_data_size, MD_USER_DATA_SIZE == 3072);
  65. typedef struct _meta_data_encrypted
  66. {
  67. char clean_filename[FILENAME_MAX_LEN];
  68. int64_t size;
  69. sgx_mc_uuid_t mc_uuid; // not used
  70. uint32_t mc_value; // not used
  71. sgx_aes_gcm_128bit_key_t mht_key;
  72. sgx_aes_gcm_128bit_tag_t mht_gmac;
  73. uint8_t data[MD_USER_DATA_SIZE];
  74. } meta_data_encrypted_t;
  75. typedef uint8_t meta_data_encrypted_blob_t[sizeof(meta_data_encrypted_t)];
  76. #define META_DATA_NODE_SIZE NODE_SIZE
  77. typedef uint8_t meta_data_padding_t[META_DATA_NODE_SIZE - (sizeof(meta_data_plain_t) + sizeof(meta_data_encrypted_blob_t))];
  78. typedef struct _meta_data_node
  79. {
  80. meta_data_plain_t plain_part;
  81. meta_data_encrypted_blob_t encrypted_part;
  82. meta_data_padding_t padding;
  83. } meta_data_node_t;
  84. COMPILE_TIME_ASSERT(sizeof_meta_data_node_t, sizeof(meta_data_node_t) == 4096);
  85. typedef struct _data_node_crypto
  86. {
  87. sgx_aes_gcm_128bit_key_t key;
  88. sgx_aes_gcm_128bit_tag_t gmac;
  89. } gcm_crypto_data_t;
  90. // for NODE_SIZE == 4096, we have 96 attached data nodes and 32 mht child nodes
  91. // for NODE_SIZE == 2048, we have 48 attached data nodes and 16 mht child nodes
  92. // for NODE_SIZE == 1024, we have 24 attached data nodes and 8 mht child nodes
  93. #define ATTACHED_DATA_NODES_COUNT ((NODE_SIZE/sizeof(gcm_crypto_data_t))*3/4) // 3/4 of the node size is dedicated to data nodes
  94. COMPILE_TIME_ASSERT(attached_data_nodes_count, ATTACHED_DATA_NODES_COUNT == 96);
  95. #define CHILD_MHT_NODES_COUNT ((NODE_SIZE/sizeof(gcm_crypto_data_t))*1/4) // 1/4 of the node size is dedicated to child mht nodes
  96. COMPILE_TIME_ASSERT(child_mht_nodes_count, CHILD_MHT_NODES_COUNT == 32);
  97. typedef struct _mht_node
  98. {
  99. gcm_crypto_data_t data_nodes_crypto[ATTACHED_DATA_NODES_COUNT];
  100. gcm_crypto_data_t mht_nodes_crypto[CHILD_MHT_NODES_COUNT];
  101. } mht_node_t;
  102. COMPILE_TIME_ASSERT(sizeof_mht_node_t, sizeof(mht_node_t) == 4096);
  103. typedef struct _data_node
  104. {
  105. uint8_t data[NODE_SIZE];
  106. } data_node_t;
  107. COMPILE_TIME_ASSERT(sizeof_data_node_t, sizeof(data_node_t) == 4096);
  108. typedef struct _encrypted_node
  109. {
  110. uint8_t cipher[NODE_SIZE];
  111. } encrypted_node_t;
  112. COMPILE_TIME_ASSERT(sizeof_encrypted_node_t, sizeof(encrypted_node_t) == 4096);
  113. typedef struct _recovery_node
  114. {
  115. uint64_t physical_node_number;
  116. uint8_t node_data[NODE_SIZE];
  117. } recovery_node_t;
  118. #pragma pack(pop)
  119. #endif // _PROTECTED_FS_NODES_H_