manage_metadata.cpp 38 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /**
  32. * File:
  33. * manage_metadata.cpp
  34. * Description:
  35. * Parse the xml file to get the metadata and generate the output DLL
  36. * with metadata.
  37. */
  38. #include "metadata.h"
  39. #include "tinyxml2.h"
  40. #include "manage_metadata.h"
  41. #include "se_trace.h"
  42. #include "util_st.h"
  43. #include "section.h"
  44. #include "se_page_attr.h"
  45. #include "elf_util.h"
  46. #include "crypto_wrapper.h"
  47. #include <stdio.h>
  48. #include <stdlib.h>
  49. #include <errno.h>
  50. #include <assert.h>
  51. #include <iostream>
  52. #include <iomanip>
  53. #include <fstream>
  54. using namespace tinyxml2;
  55. #define ALIGN_SIZE 0x1000
  56. static bool traverser_parameter(const char *temp_name, const char *temp_text, xml_parameter_t *parameter, int parameter_count)
  57. {
  58. assert(temp_name != NULL && parameter != NULL);
  59. uint64_t temp_value=0;
  60. if(temp_text == NULL)
  61. {
  62. se_trace(SE_TRACE_ERROR, LACK_VALUE_FOR_ELEMENT_ERROR, temp_name);
  63. return false;
  64. }
  65. else
  66. {
  67. if(strchr(temp_text, '-'))
  68. {
  69. se_trace(SE_TRACE_ERROR, INVALID_VALUE_FOR_ELEMENT_ERROR, temp_name);
  70. return false;
  71. }
  72. errno = 0;
  73. char* endptr = NULL;
  74. temp_value = (uint64_t)strtoull(temp_text, &endptr, 0);
  75. if(*endptr!='\0'||errno!=0) //Invalid value or valid value but out of the representable range
  76. {
  77. se_trace(SE_TRACE_ERROR, INVALID_VALUE_FOR_ELEMENT_ERROR, temp_name);
  78. return false;
  79. }
  80. }
  81. //Look for the matched one
  82. int i=0;
  83. for(; i<parameter_count&&STRCMP(temp_name,parameter[i].name); i++);
  84. if(i>=parameter_count) //no matched, return false
  85. {
  86. se_trace(SE_TRACE_ERROR, UNREC_ELEMENT_ERROR, temp_name);
  87. return false;
  88. }
  89. //found one matched
  90. if(parameter[i].flag==1) //repeated definition of XML element, return false
  91. {
  92. se_trace(SE_TRACE_ERROR, REPEATED_DEFINE_ERROR, temp_name);
  93. return false;
  94. }
  95. parameter[i].flag = 1;
  96. if((temp_value<parameter[i].min_value)||
  97. (temp_value>parameter[i].max_value)) // the value is invalid, return false
  98. {
  99. se_trace(SE_TRACE_ERROR, VALUE_OUT_OF_RANGE_ERROR, temp_name);
  100. return false;
  101. }
  102. parameter[i].value = temp_value;
  103. return true;
  104. }
  105. bool parse_metadata_file(const char *xmlpath, xml_parameter_t *parameter, int parameter_count)
  106. {
  107. const char* temp_name=NULL;
  108. assert(parameter != NULL);
  109. if(xmlpath == NULL) // user didn't define the metadata xml file.
  110. {
  111. se_trace(SE_TRACE_NOTICE, "Use default metadata...\n");
  112. return true;
  113. }
  114. //use the metadata file that user gives us. parse xml file
  115. tinyxml2::XMLDocument doc;
  116. XMLError loadOkay = doc.LoadFile(xmlpath);
  117. if(loadOkay != XML_SUCCESS)
  118. {
  119. if(doc.ErrorID() == XML_ERROR_FILE_COULD_NOT_BE_OPENED)
  120. {
  121. se_trace(SE_TRACE_ERROR, OPEN_FILE_ERROR, xmlpath);
  122. }
  123. else if(doc.ErrorID() == XML_ERROR_FILE_NOT_FOUND)
  124. {
  125. se_trace(SE_TRACE_ERROR, XML_NOT_FOUND_ERROR, xmlpath);
  126. }
  127. else
  128. {
  129. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  130. }
  131. return false;
  132. }
  133. doc.Print();//Write the document to standard out using formatted printing ("pretty print").
  134. XMLElement *pmetadata_element = doc.FirstChildElement("EnclaveConfiguration");
  135. if(!pmetadata_element || pmetadata_element->GetText() != NULL)
  136. {
  137. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  138. return false;
  139. }
  140. XMLElement *sub_element = NULL;
  141. sub_element = pmetadata_element->FirstChildElement();
  142. const char *temp_text = NULL;
  143. while(sub_element)//parse xml node
  144. {
  145. if(sub_element->FirstAttribute() != NULL)
  146. {
  147. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  148. return false;
  149. }
  150. temp_name = sub_element->Value();
  151. temp_text = sub_element->GetText();
  152. //traverse every node. Compare with the default value.
  153. if(traverser_parameter(temp_name, temp_text, parameter, parameter_count) == false)
  154. {
  155. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  156. return false;
  157. }
  158. sub_element= sub_element->NextSiblingElement();
  159. }
  160. return true;
  161. }
  162. CMetadata::CMetadata(metadata_t *metadata, BinParser *parser)
  163. : m_metadata(metadata)
  164. , m_parser(parser), m_rva(0), m_gd_size(0), m_gd_template(NULL)
  165. {
  166. memset(m_metadata, 0, sizeof(metadata_t));
  167. memset(&m_create_param, 0, sizeof(m_create_param));
  168. }
  169. CMetadata::~CMetadata()
  170. {
  171. }
  172. bool CMetadata::build_metadata(const xml_parameter_t *parameter)
  173. {
  174. if(!modify_metadata(parameter))
  175. {
  176. return false;
  177. }
  178. // layout table
  179. if(!build_layout_table())
  180. {
  181. return false;
  182. }
  183. // patch table
  184. if(!build_patch_table())
  185. {
  186. return false;
  187. }
  188. if(!build_layout_entries())
  189. {
  190. return false;
  191. }
  192. if(!build_gd_template(m_gd_template, &m_gd_size))
  193. {
  194. return false;
  195. }
  196. return true;
  197. }
  198. #include <sstream>
  199. #include <time.h>
  200. bool CMetadata::get_time(uint32_t *date)
  201. {
  202. assert(date != NULL);
  203. time_t rawtime = 0;
  204. if(time( &rawtime) == -1)
  205. return false;
  206. struct tm *timeinfo = gmtime(&rawtime);
  207. if(timeinfo == NULL)
  208. return false;
  209. uint32_t tmp_date = (timeinfo->tm_year+1900)*10000 + (timeinfo->tm_mon+1)*100 + timeinfo->tm_mday;
  210. stringstream ss;
  211. ss<<"0x"<<tmp_date;
  212. ss>>hex>>tmp_date;
  213. *date = tmp_date;
  214. return true;
  215. }
  216. bool CMetadata::fill_enclave_css(const xml_parameter_t *para)
  217. {
  218. assert(para != NULL);
  219. uint32_t date = 0;
  220. if(false == get_time(&date))
  221. return false;
  222. //*****fill the header*******************
  223. uint8_t header[12] = {6, 0, 0, 0, 0xE1, 0, 0, 0, 0, 0, 1, 0};
  224. uint8_t header2[16] = {1, 1, 0, 0, 0x60, 0, 0, 0, 0x60, 0, 0, 0, 1, 0, 0, 0};
  225. memcpy_s(&m_metadata->enclave_css.header.header, sizeof(m_metadata->enclave_css.header.header), &header, sizeof(header));
  226. memcpy_s(&m_metadata->enclave_css.header.header2, sizeof(m_metadata->enclave_css.header.header2), &header2, sizeof(header2));
  227. // For 'type', signing tool clears the bit 31 for product enclaves
  228. // and set the bit 31 for debug enclaves
  229. m_metadata->enclave_css.header.type = (para[RELEASETYPE].value & 0x01) ? (1<<31) : 0;
  230. m_metadata->enclave_css.header.module_vendor = (para[INTELSIGNED].value&0x01) ? 0x8086 : 0;
  231. m_metadata->enclave_css.header.date = date;
  232. //hardware version
  233. m_metadata->enclave_css.header.hw_version = (uint32_t)para[HW].value;
  234. // Misc_select/Misc_mask
  235. m_metadata->enclave_css.body.misc_select = (uint32_t)para[MISCSELECT].value;
  236. m_metadata->enclave_css.body.misc_mask = (uint32_t)para[MISCMASK].value;
  237. //low 64 bit
  238. m_metadata->enclave_css.body.attributes.flags = 0;
  239. m_metadata->enclave_css.body.attribute_mask.flags = ~SGX_FLAGS_DEBUG;
  240. if(para[DISABLEDEBUG].value == 1)
  241. {
  242. m_metadata->enclave_css.body.attributes.flags &= ~SGX_FLAGS_DEBUG;
  243. m_metadata->enclave_css.body.attribute_mask.flags |= SGX_FLAGS_DEBUG;
  244. }
  245. if(para[PROVISIONKEY].value == 1)
  246. {
  247. m_metadata->enclave_css.body.attributes.flags |= SGX_FLAGS_PROVISION_KEY;
  248. m_metadata->enclave_css.body.attribute_mask.flags |= SGX_FLAGS_PROVISION_KEY;
  249. }
  250. if(para[LAUNCHKEY].value == 1)
  251. {
  252. m_metadata->enclave_css.body.attributes.flags |= SGX_FLAGS_EINITTOKEN_KEY;
  253. m_metadata->enclave_css.body.attribute_mask.flags |= SGX_FLAGS_EINITTOKEN_KEY;
  254. }
  255. bin_fmt_t bf = m_parser->get_bin_format();
  256. if(bf == BF_PE64 || bf == BF_ELF64)
  257. {
  258. m_metadata->enclave_css.body.attributes.flags |= SGX_FLAGS_MODE64BIT;
  259. m_metadata->enclave_css.body.attribute_mask.flags |= SGX_FLAGS_MODE64BIT;
  260. }
  261. // high 64 bit
  262. //default setting
  263. m_metadata->enclave_css.body.attributes.xfrm = SGX_XFRM_LEGACY;
  264. m_metadata->enclave_css.body.attribute_mask.xfrm = SGX_XFRM_LEGACY | SGX_XFRM_RESERVED; // LEGACY and reservied bits would be checked.
  265. m_metadata->enclave_css.body.isv_prod_id = (uint16_t)para[PRODID].value;
  266. m_metadata->enclave_css.body.isv_svn = (uint16_t)para[ISVSVN].value;
  267. return true;
  268. }
  269. bool CMetadata::modify_metadata(const xml_parameter_t *parameter)
  270. {
  271. assert(parameter != NULL);
  272. if(!check_xml_parameter(parameter))
  273. return false;
  274. if(!fill_enclave_css(parameter))
  275. return false;
  276. m_metadata->version = META_DATA_MAKE_VERSION(MAJOR_VERSION,MINOR_VERSION );
  277. m_metadata->size = offsetof(metadata_t, data);
  278. m_metadata->tcs_policy = (uint32_t)parameter[TCSPOLICY].value;
  279. m_metadata->ssa_frame_size = SSA_FRAME_SIZE;
  280. m_metadata->max_save_buffer_size = MAX_SAVE_BUF_SIZE;
  281. m_metadata->magic_num = METADATA_MAGIC;
  282. m_metadata->desired_misc_select = 0;
  283. m_metadata->tcs_min_pool = (uint32_t)parameter[TCSMINPOOL].value;
  284. m_metadata->enclave_css.body.misc_select = (uint32_t)parameter[MISCSELECT].value;
  285. m_metadata->enclave_css.body.misc_mask = (uint32_t)parameter[MISCMASK].value;
  286. //set metadata.attributes
  287. //low 64 bit: it's the same as enclave_css
  288. memset(&m_metadata->attributes, 0, sizeof(sgx_attributes_t));
  289. m_metadata->attributes.flags = m_metadata->enclave_css.body.attributes.flags;
  290. //high 64 bit
  291. //set bits that will not be checked
  292. m_metadata->attributes.xfrm = ~m_metadata->enclave_css.body.attribute_mask.xfrm;
  293. //set bits that have been set '1' and need to be checked
  294. m_metadata->attributes.xfrm |= (m_metadata->enclave_css.body.attributes.xfrm & m_metadata->enclave_css.body.attribute_mask.xfrm);
  295. return true;
  296. }
  297. bool CMetadata::check_xml_parameter(const xml_parameter_t *parameter)
  298. {
  299. //stack/heap must be page-align
  300. if( (parameter[STACKMAXSIZE].value % ALIGN_SIZE)
  301. || (parameter[STACKMINSIZE].value % ALIGN_SIZE) )
  302. {
  303. se_trace(SE_TRACE_ERROR, SET_STACK_SIZE_ERROR);
  304. return false;
  305. }
  306. if(parameter[STACKMINSIZE].value > parameter[STACKMAXSIZE].value)
  307. {
  308. se_trace(SE_TRACE_ERROR, SET_STACK_SIZE_ERROR);
  309. return false;
  310. }
  311. if( (parameter[HEAPMAXSIZE].value % ALIGN_SIZE)
  312. || (parameter[HEAPMINSIZE].value % ALIGN_SIZE)
  313. || (parameter[HEAPINITSIZE].value % ALIGN_SIZE) )
  314. {
  315. se_trace(SE_TRACE_ERROR, SET_HEAP_SIZE_ALIGN_ERROR);
  316. return false;
  317. }
  318. if (parameter[HEAPINITSIZE].flag != 0)
  319. {
  320. if (parameter[HEAPINITSIZE].value > parameter[HEAPMAXSIZE].value)
  321. {
  322. se_trace(SE_TRACE_ERROR, SET_HEAP_SIZE_INIT_MAX_ERROR);
  323. return false;
  324. }
  325. if (parameter[HEAPMINSIZE].value > parameter[HEAPINITSIZE].value)
  326. {
  327. se_trace(SE_TRACE_ERROR, SET_HEAP_SIZE_INIT_MIN_ERROR);
  328. return false;
  329. }
  330. }
  331. else
  332. {
  333. if (parameter[HEAPMINSIZE].value > parameter[HEAPMAXSIZE].value)
  334. {
  335. se_trace(SE_TRACE_ERROR, SET_HEAP_SIZE_MAX_MIN_ERROR);
  336. return false;
  337. }
  338. }
  339. // LE setting: HW != 0, Licensekey = 1
  340. // Other enclave setting: HW = 0, Licensekey = 0
  341. if((parameter[HW].value == 0 && parameter[LAUNCHKEY].value != 0) ||
  342. (parameter[HW].value != 0 && parameter[LAUNCHKEY].value == 0))
  343. {
  344. se_trace(SE_TRACE_ERROR, SET_HW_LE_ERROR);
  345. return false;
  346. }
  347. if (parameter[TCSMAXNUM].flag != 0)
  348. {
  349. if (parameter[TCSMAXNUM].value < parameter[TCSNUM].value)
  350. {
  351. se_trace(SE_TRACE_ERROR, SET_TCS_MAX_NUM_ERROR);
  352. return false;
  353. }
  354. if ((parameter[TCSMINPOOL].flag != 0)
  355. && (parameter[TCSMINPOOL].value > parameter[TCSMAXNUM].value))
  356. {
  357. se_trace(SE_TRACE_ERROR, SET_TCS_MIN_POOL_ERROR);
  358. return false;
  359. }
  360. }
  361. else if ((parameter[TCSMINPOOL].flag != 0)
  362. && (parameter[TCSMINPOOL].value > parameter[TCSNUM].value))
  363. {
  364. se_trace(SE_TRACE_ERROR, SET_TCS_MIN_POOL_ERROR);
  365. return false;
  366. }
  367. m_create_param.heap_init_size = parameter[HEAPINITSIZE].flag ? parameter[HEAPINITSIZE].value : parameter[HEAPMAXSIZE].value;
  368. m_create_param.heap_min_size = parameter[HEAPMINSIZE].value;
  369. m_create_param.heap_max_size = parameter[HEAPMAXSIZE].value;
  370. m_create_param.stack_max_size = parameter[STACKMAXSIZE].value;
  371. m_create_param.stack_min_size = parameter[STACKMINSIZE].value;
  372. m_create_param.tcs_num = (uint32_t)parameter[TCSNUM].value;
  373. m_create_param.tcs_max_num = (uint32_t)(parameter[TCSMAXNUM].flag ? parameter[TCSMAXNUM].value : parameter[TCSNUM].value);
  374. m_create_param.tcs_min_pool = (uint32_t)parameter[TCSMINPOOL].value;
  375. m_create_param.tcs_policy = (uint32_t)parameter[TCSPOLICY].value;
  376. se_trace(SE_TRACE_ERROR, "tcs_num %d, tcs_max_num %d, tcs_min_pool %d\n", m_create_param.tcs_num, m_create_param.tcs_max_num, m_create_param.tcs_min_pool);
  377. return true;
  378. }
  379. void *CMetadata::alloc_buffer_from_metadata(uint32_t size)
  380. {
  381. void *addr = GET_PTR(void, m_metadata, m_metadata->size);
  382. m_metadata->size += size;
  383. if((m_metadata->size < size) || (m_metadata->size > METADATA_SIZE))
  384. {
  385. return NULL;
  386. }
  387. return addr;
  388. }
  389. /*
  390. * Called within build_layout_table(), used to assign the rva to entry layout
  391. * and load_step to group layout.
  392. */
  393. bool CMetadata::update_layout_entries()
  394. {
  395. m_rva = calculate_sections_size();
  396. if(m_rva == 0)
  397. {
  398. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  399. return false;
  400. }
  401. for(uint32_t i = 0; i < m_layouts.size(); i++)
  402. {
  403. if(!IS_GROUP_ID(m_layouts[i].entry.id))
  404. {
  405. m_layouts[i].entry.rva = m_rva;
  406. m_rva += (((uint64_t)m_layouts[i].entry.page_count) << SE_PAGE_SHIFT);
  407. }
  408. else
  409. {
  410. for (uint32_t j = 0; j < m_layouts[i].group.entry_count; j++)
  411. {
  412. m_layouts[i].group.load_step += ((uint64_t)(m_layouts[i-j-1].entry.page_count)) << SE_PAGE_SHIFT;
  413. }
  414. m_rva += m_layouts[i].group.load_times * m_layouts[i].group.load_step;
  415. }
  416. }
  417. return true;
  418. }
  419. bool CMetadata::build_layout_entries()
  420. {
  421. uint32_t size = (uint32_t)(m_layouts.size() * sizeof(layout_t));
  422. layout_t *layout_table = (layout_t *) alloc_buffer_from_metadata(size);
  423. if(layout_table == NULL)
  424. {
  425. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  426. return false;
  427. }
  428. m_metadata->dirs[DIR_LAYOUT].offset = (uint32_t)PTR_DIFF(layout_table, m_metadata);
  429. m_metadata->dirs[DIR_LAYOUT].size = size;
  430. for(uint32_t i = 0; i < m_layouts.size(); i++, layout_table++)
  431. {
  432. memcpy_s(layout_table, sizeof(layout_t), &m_layouts[i], sizeof(layout_t));
  433. }
  434. // enclave virtual size
  435. m_metadata->enclave_size = calculate_enclave_size(m_rva);
  436. if(m_metadata->enclave_size == (uint64_t)-1)
  437. {
  438. se_trace(SE_TRACE_ERROR, OUT_OF_EPC_ERROR);
  439. return false;
  440. }
  441. // the last guard page entry to round the enclave size to power of 2
  442. if(m_metadata->enclave_size - m_rva > 0)
  443. {
  444. layout_table = (layout_t *)alloc_buffer_from_metadata(sizeof(layout_t));
  445. if(layout_table == NULL)
  446. {
  447. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  448. return false;
  449. }
  450. layout_table->entry.id = LAYOUT_ID_GUARD;
  451. layout_table->entry.rva = m_rva;
  452. layout_table->entry.page_count = (uint32_t)((m_metadata->enclave_size - m_rva) >> SE_PAGE_SHIFT);
  453. m_metadata->dirs[DIR_LAYOUT].size += (uint32_t)sizeof(layout_t);
  454. }
  455. return true;
  456. }
  457. bool CMetadata::build_layout_table()
  458. {
  459. layout_t layout;
  460. memset(&layout, 0, sizeof(layout));
  461. layout_t guard_page;
  462. memset(&guard_page, 0, sizeof(guard_page));
  463. guard_page.entry.id = LAYOUT_ID_GUARD;
  464. guard_page.entry.page_count = SE_GUARD_PAGE_SIZE >> SE_PAGE_SHIFT;
  465. vector<layout_t> thread_layouts;
  466. // heap
  467. layout.entry.id = LAYOUT_ID_HEAP_MIN;
  468. layout.entry.page_count = (uint32_t)(m_create_param.heap_min_size >> SE_PAGE_SHIFT);
  469. layout.entry.attributes = PAGE_ATTR_EADD;
  470. layout.entry.si_flags = SI_FLAGS_RW;
  471. m_layouts.push_back(layout);
  472. if(m_create_param.heap_init_size > m_create_param.heap_min_size)
  473. {
  474. layout.entry.id = LAYOUT_ID_HEAP_INIT;
  475. layout.entry.page_count = (uint32_t)((m_create_param.heap_init_size - m_create_param.heap_min_size) >> SE_PAGE_SHIFT);
  476. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_POST_REMOVE | PAGE_ATTR_POST_ADD;
  477. layout.entry.si_flags = SI_FLAGS_RW;
  478. m_layouts.push_back(layout);
  479. }
  480. if(m_create_param.heap_max_size > m_create_param.heap_init_size)
  481. {
  482. layout.entry.id = LAYOUT_ID_HEAP_MAX;
  483. layout.entry.page_count = (uint32_t)((m_create_param.heap_max_size - m_create_param.heap_init_size) >> SE_PAGE_SHIFT);
  484. layout.entry.attributes = PAGE_ATTR_POST_ADD;
  485. layout.entry.si_flags = SI_FLAGS_RW;
  486. m_layouts.push_back(layout);
  487. }
  488. // thread context memory layout
  489. // guard page | stack | guard page | TCS | SSA | guard page | TLS
  490. // vector 'thread_layouts' serves as a template for thread context
  491. // guard page
  492. thread_layouts.push_back(guard_page);
  493. // stack
  494. if(m_create_param.stack_max_size > m_create_param.stack_min_size)
  495. {
  496. layout.entry.id = LAYOUT_ID_STACK_MAX;
  497. layout.entry.page_count = (uint32_t)((m_create_param.stack_max_size - m_create_param.stack_min_size) >> SE_PAGE_SHIFT);
  498. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_EEXTEND | PAGE_DIR_GROW_DOWN;
  499. layout.entry.si_flags = SI_FLAGS_RW;
  500. layout.entry.content_size = 0xCCCCCCCC;
  501. thread_layouts.push_back(layout);
  502. }
  503. layout.entry.id = LAYOUT_ID_STACK_MIN;
  504. layout.entry.page_count = (uint32_t)(m_create_param.stack_min_size >> SE_PAGE_SHIFT);
  505. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_EEXTEND;
  506. layout.entry.si_flags = SI_FLAGS_RW;
  507. layout.entry.content_size = 0xCCCCCCCC;
  508. thread_layouts.push_back(layout);
  509. // guard page
  510. thread_layouts.push_back(guard_page);
  511. // tcs
  512. layout.entry.id = LAYOUT_ID_TCS;
  513. layout.entry.page_count = TCS_SIZE >> SE_PAGE_SHIFT;
  514. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_EEXTEND;
  515. layout.entry.si_flags = SI_FLAGS_TCS;
  516. tcs_t *tcs_template = (tcs_t *) alloc_buffer_from_metadata(TCS_TEMPLATE_SIZE);
  517. if(tcs_template == NULL)
  518. {
  519. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  520. return false;
  521. }
  522. layout.entry.content_offset = (uint32_t)PTR_DIFF(tcs_template, m_metadata),
  523. layout.entry.content_size = TCS_TEMPLATE_SIZE;
  524. thread_layouts.push_back(layout);
  525. memset(&layout, 0, sizeof(layout));
  526. // ssa
  527. layout.entry.id = LAYOUT_ID_SSA;
  528. layout.entry.page_count = SSA_FRAME_SIZE * SSA_NUM;
  529. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_EEXTEND;
  530. layout.entry.si_flags = SI_FLAGS_RW;
  531. thread_layouts.push_back(layout);
  532. // guard page
  533. thread_layouts.push_back(guard_page);
  534. // td
  535. layout.entry.id = LAYOUT_ID_TD;
  536. layout.entry.page_count = 1;
  537. const Section *section = m_parser->get_tls_section();
  538. if(section)
  539. {
  540. layout.entry.page_count += (uint32_t)(ROUND_TO_PAGE(section->virtual_size()) >> SE_PAGE_SHIFT);
  541. }
  542. layout.entry.attributes = PAGE_ATTR_EADD | PAGE_ATTR_EEXTEND;
  543. layout.entry.si_flags = SI_FLAGS_RW;
  544. thread_layouts.push_back(layout);
  545. // adding utility thread context, part of its stack can be added and removed dynamically
  546. for (auto l : thread_layouts)
  547. {
  548. if (l.entry.id == LAYOUT_ID_STACK_MAX)
  549. l.entry.attributes |= PAGE_ATTR_POST_ADD | PAGE_ATTR_POST_REMOVE;
  550. m_layouts.push_back(l);
  551. }
  552. uint32_t tcs_min_pool = 0;
  553. uint32_t tcs_eremove = 0;
  554. if(m_create_param.tcs_min_pool > m_create_param.tcs_num - 1)
  555. {
  556. tcs_min_pool = m_create_param.tcs_num - 1;
  557. tcs_eremove = 0;
  558. }
  559. else
  560. {
  561. tcs_min_pool = m_create_param.tcs_min_pool;
  562. tcs_eremove = m_create_param.tcs_num -1 - m_create_param.tcs_min_pool;
  563. }
  564. // adding thread contexts corresponding to tcs_min_pool
  565. if (tcs_min_pool > 0)
  566. {
  567. auto end = m_layouts.end();
  568. m_layouts.insert(end, thread_layouts.begin(), thread_layouts.end());
  569. if (tcs_min_pool > 1)
  570. {
  571. // group for tcs min pool
  572. memset(&layout, 0, sizeof(layout));
  573. layout.group.id = LAYOUT_ID_THREAD_GROUP;
  574. layout.group.entry_count = (uint16_t)(thread_layouts.size());
  575. layout.group.load_times = tcs_min_pool - 1;
  576. m_layouts.push_back(layout);
  577. }
  578. }
  579. // adding thread contexts corresponding to tcs_eremove
  580. if (tcs_eremove > 0)
  581. {
  582. for(auto l : thread_layouts)
  583. {
  584. if(l.entry.id != LAYOUT_ID_GUARD)
  585. {
  586. l.entry.attributes |= PAGE_ATTR_EREMOVE;
  587. }
  588. m_layouts.push_back(l);
  589. }
  590. if (tcs_eremove > 1)
  591. {
  592. memset(&layout, 0, sizeof(layout));
  593. layout.group.id = LAYOUT_ID_THREAD_GROUP;
  594. layout.group.entry_count = (uint16_t)(thread_layouts.size());
  595. layout.group.load_times = tcs_eremove - 1;
  596. m_layouts.push_back(layout);
  597. }
  598. }
  599. // dynamic thread contexts
  600. if (m_create_param.tcs_max_num > tcs_min_pool + 1)
  601. {
  602. for(auto l : thread_layouts)
  603. {
  604. if(l.entry.id == LAYOUT_ID_STACK_MAX)
  605. {
  606. l.entry.id = (uint16_t)(LAYOUT_ID_HEAP_DYN_MIN - LAYOUT_ID_HEAP_MIN + l.entry.id);
  607. l.entry.attributes = PAGE_ATTR_POST_ADD | PAGE_DIR_GROW_DOWN;
  608. }
  609. else if(l.entry.id != LAYOUT_ID_GUARD)
  610. {
  611. l.entry.id = (uint16_t)(LAYOUT_ID_HEAP_DYN_MIN - LAYOUT_ID_HEAP_MIN + l.entry.id);
  612. l.entry.attributes = PAGE_ATTR_POST_ADD | PAGE_ATTR_DYN_THREAD;
  613. }
  614. m_layouts.push_back(l);
  615. }
  616. // dynamic thread group
  617. memset(&layout, 0, sizeof(layout));
  618. layout.group.id = LAYOUT_ID_THREAD_GROUP_DYN;
  619. layout.group.entry_count = (uint16_t)(thread_layouts.size());
  620. layout.group.load_times = m_create_param.tcs_max_num - tcs_min_pool - 1;
  621. m_layouts.push_back(layout);
  622. }
  623. // update layout entries
  624. if(false == update_layout_entries())
  625. {
  626. return false;
  627. }
  628. // tcs template
  629. if(false == build_tcs_template(tcs_template))
  630. {
  631. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  632. return false;
  633. }
  634. return true;
  635. }
  636. bool CMetadata::build_patch_entries(vector<patch_entry_t> &patches)
  637. {
  638. uint32_t size = (uint32_t)(patches.size() * sizeof(patch_entry_t));
  639. patch_entry_t *patch_table = (patch_entry_t *) alloc_buffer_from_metadata(size);
  640. if(patch_table == NULL)
  641. {
  642. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  643. return false;
  644. }
  645. m_metadata->dirs[DIR_PATCH].offset = (uint32_t)PTR_DIFF(patch_table, m_metadata);
  646. m_metadata->dirs[DIR_PATCH].size = size;
  647. for(uint32_t i = 0; i < patches.size(); i++)
  648. {
  649. memcpy_s(patch_table, sizeof(patch_entry_t), &patches[i], sizeof(patch_entry_t));
  650. patch_table++;
  651. }
  652. return true;
  653. }
  654. bool CMetadata::build_patch_table()
  655. {
  656. const uint8_t *base_addr = (const uint8_t *)m_parser->get_start_addr();
  657. vector<patch_entry_t> patches;
  658. patch_entry_t patch;
  659. memset(&patch, 0, sizeof(patch));
  660. // td template
  661. m_gd_size = m_parser->get_global_data_size();
  662. m_gd_template = (uint8_t *)alloc_buffer_from_metadata(m_gd_size);
  663. if(m_gd_template == NULL)
  664. {
  665. return false;
  666. }
  667. uint64_t rva = m_parser->get_symbol_rva("g_global_data");
  668. if(0 == rva)
  669. {
  670. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  671. return false;
  672. }
  673. patch.dst = (uint64_t)PTR_DIFF(get_rawdata_by_rva(rva), base_addr);
  674. patch.src = (uint32_t)PTR_DIFF(m_gd_template, m_metadata);
  675. patch.size = m_gd_size;
  676. patches.push_back(patch);
  677. // patch the image header
  678. uint64_t *zero = (uint64_t *)alloc_buffer_from_metadata(sizeof(*zero));
  679. if(zero == NULL)
  680. {
  681. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  682. return false;
  683. }
  684. *zero = 0;
  685. bin_fmt_t bf = m_parser->get_bin_format();
  686. if(bf == BF_ELF32)
  687. {
  688. Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *)base_addr;
  689. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shnum, base_addr);
  690. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  691. patch.size = (uint32_t)sizeof(elf_hdr->e_shnum);
  692. patches.push_back(patch);
  693. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shoff, base_addr);
  694. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  695. patch.size = (uint32_t)sizeof(elf_hdr->e_shoff);
  696. patches.push_back(patch);
  697. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shstrndx, base_addr);
  698. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  699. patch.size = (uint32_t)sizeof(elf_hdr->e_shstrndx);
  700. patches.push_back(patch);
  701. // Modify GNU_RELRO info to eliminate the impact of enclave measurement.
  702. Elf32_Phdr *prg_hdr = GET_PTR(Elf32_Phdr, base_addr, elf_hdr->e_phoff);
  703. for (unsigned idx = 0; idx < elf_hdr->e_phnum; ++idx, ++prg_hdr)
  704. {
  705. if(prg_hdr->p_type == PT_GNU_RELRO)
  706. {
  707. patch.dst = (uint64_t)PTR_DIFF(prg_hdr, base_addr);
  708. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  709. patch.size = (uint32_t)sizeof(Elf32_Phdr);
  710. patches.push_back(patch);
  711. break;
  712. }
  713. }
  714. }
  715. else if(bf == BF_ELF64)
  716. {
  717. Elf64_Ehdr *elf_hdr = (Elf64_Ehdr *)base_addr;
  718. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shnum, base_addr);
  719. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  720. patch.size = (uint32_t)sizeof(elf_hdr->e_shnum);
  721. patches.push_back(patch);
  722. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shoff, base_addr);
  723. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  724. patch.size = (uint32_t)sizeof(elf_hdr->e_shoff);
  725. patches.push_back(patch);
  726. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shstrndx, base_addr);
  727. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  728. patch.size = (uint32_t)sizeof(elf_hdr->e_shstrndx);
  729. patches.push_back(patch);
  730. }
  731. if(false == build_patch_entries(patches))
  732. {
  733. se_trace(SE_TRACE_ERROR, NO_MEMORY_ERROR);
  734. return false;
  735. }
  736. return true;
  737. }
  738. layout_entry_t *CMetadata::get_entry_by_id(uint16_t id)
  739. {
  740. for (uint32_t i = 0; i < m_layouts.size(); i++)
  741. {
  742. if(m_layouts[i].entry.id == id)
  743. return (layout_entry_t *)&m_layouts[i];
  744. }
  745. assert(false);
  746. return NULL;
  747. }
  748. bool CMetadata::get_xsave_size(uint64_t xfrm, uint32_t *xsave_size)
  749. {
  750. assert (xsave_size != NULL);
  751. struct {
  752. uint64_t bits;
  753. uint32_t size;
  754. } xsave_size_table[] = { // Note that the xsave_size should be in ascending order
  755. {SGX_XFRM_LEGACY, 512 + 64}, // 512 for legacy features, 64 for xsave header
  756. {SGX_XFRM_AVX, 512 + 64 + 256}, // 256 for YMM0_H - YMM15_H registers
  757. {SGX_XFRM_MPX, 512 + 64 + 256 + 256}, // 256 for MPX
  758. {SGX_XFRM_AVX512, 512 + 64 + 256 + 256 + 1600}, // 1600 for k0 - k7, ZMM0_H - ZMM15_H, ZMM16 - ZMM31
  759. // PT, PKRU ...
  760. };
  761. bool ret = true;
  762. *xsave_size = 0;
  763. if(!xfrm || (xfrm & SGX_XFRM_RESERVED))
  764. {
  765. return false;
  766. }
  767. for(size_t i = 0; i < sizeof(xsave_size_table)/sizeof(xsave_size_table[0]); i++)
  768. {
  769. if((xfrm & xsave_size_table[i].bits) == xsave_size_table[i].bits)
  770. {
  771. *xsave_size = xsave_size_table[i].size;
  772. }
  773. }
  774. return ret;
  775. }
  776. bool CMetadata::build_gd_template(uint8_t *data, uint32_t *data_size)
  777. {
  778. if(false == get_xsave_size(m_metadata->attributes.xfrm, &m_create_param.xsave_size))
  779. {
  780. return false;
  781. }
  782. m_create_param.stack_base_addr = (size_t)(get_entry_by_id(LAYOUT_ID_STACK_MIN)->rva + m_create_param.stack_min_size - get_entry_by_id(LAYOUT_ID_TCS)->rva);
  783. m_create_param.stack_limit_addr = (size_t)(m_create_param.stack_base_addr - m_create_param.stack_max_size);
  784. m_create_param.ssa_base_addr = (size_t)(get_entry_by_id(LAYOUT_ID_SSA)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva);
  785. m_create_param.enclave_size = m_metadata->enclave_size;
  786. m_create_param.heap_offset = (size_t)get_entry_by_id(LAYOUT_ID_HEAP_MIN)->rva;
  787. size_t tmp_tls_addr = (size_t)(get_entry_by_id(LAYOUT_ID_TD)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva);
  788. m_create_param.td_addr = tmp_tls_addr + (size_t)((get_entry_by_id(LAYOUT_ID_TD)->page_count - 1) << SE_PAGE_SHIFT);
  789. const Section *section = m_parser->get_tls_section();
  790. if(section)
  791. {
  792. /* adjust the tls_addr to be the pointer to the actual TLS data area */
  793. m_create_param.tls_addr = (size_t)(m_create_param.td_addr - section->virtual_size());
  794. assert(TRIM_TO_PAGE(m_create_param.tls_addr) == tmp_tls_addr);
  795. }
  796. else
  797. m_create_param.tls_addr = tmp_tls_addr;
  798. if(false == m_parser->update_global_data(m_metadata, &m_create_param, data, data_size))
  799. {
  800. se_trace(SE_TRACE_ERROR, NO_MEMORY_ERROR); // metadata structure doesnot have enough memory for global_data template
  801. return false;
  802. }
  803. return true;
  804. }
  805. bool CMetadata::build_tcs_template(tcs_t *tcs)
  806. {
  807. tcs->oentry = m_parser->get_symbol_rva("enclave_entry");
  808. if(tcs->oentry == 0)
  809. {
  810. return false;
  811. }
  812. tcs->nssa = SSA_NUM;
  813. tcs->cssa = 0;
  814. tcs->ossa = get_entry_by_id(LAYOUT_ID_SSA)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva;
  815. //fs/gs pointer at TLS/TD
  816. tcs->ofs_base = tcs->ogs_base = get_entry_by_id(LAYOUT_ID_TD)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva + (((uint64_t)get_entry_by_id(LAYOUT_ID_TD)->page_count - 1) << SE_PAGE_SHIFT);
  817. tcs->ofs_limit = tcs->ogs_limit = (uint32_t)-1;
  818. return true;
  819. }
  820. void* CMetadata::get_rawdata_by_rva(uint64_t rva)
  821. {
  822. std::vector<Section*> sections = m_parser->get_sections();
  823. for(unsigned int i = 0; i < sections.size() ; i++)
  824. {
  825. uint64_t start_rva = TRIM_TO_PAGE(sections[i]->get_rva());
  826. uint64_t end_rva = ROUND_TO_PAGE(sections[i]->get_rva() + sections[i]->virtual_size());
  827. if(start_rva <= rva && rva < end_rva)
  828. {
  829. uint64_t offset = rva - sections[i]->get_rva();
  830. if (offset > sections[i]->raw_data_size())
  831. {
  832. return 0;
  833. }
  834. return GET_PTR(void, sections[i]->raw_data(), offset);
  835. }
  836. }
  837. return 0;
  838. }
  839. uint64_t CMetadata::calculate_sections_size()
  840. {
  841. std::vector<Section*> sections = m_parser->get_sections();
  842. uint64_t max_rva = 0;
  843. Section *last_section = NULL;
  844. for(unsigned int i = 0; i < sections.size() ; i++)
  845. {
  846. if(sections[i]->get_rva() > max_rva) {
  847. max_rva = sections[i]->get_rva();
  848. last_section = sections[i];
  849. }
  850. }
  851. uint64_t size = (NULL == last_section) ? (0) : (last_section->get_rva() + last_section->virtual_size());
  852. size = ROUND_TO_PAGE(size);
  853. return size;
  854. }
  855. uint64_t CMetadata::calculate_enclave_size(uint64_t size)
  856. {
  857. uint64_t enclave_max_size = m_parser->get_enclave_max_size();
  858. if(size > enclave_max_size)
  859. return (uint64_t)-1;
  860. uint64_t round_size = 1;
  861. while (round_size < size)
  862. {
  863. round_size <<=1;
  864. if(!round_size)
  865. return (uint64_t)-1;
  866. }
  867. if(round_size > enclave_max_size)
  868. return (uint64_t)-1;
  869. return round_size;
  870. }
  871. bool update_metadata(const char *path, const metadata_t *metadata, uint64_t meta_offset)
  872. {
  873. assert(path != NULL && metadata != NULL);
  874. return write_data_to_file(path, std::ios::in | std::ios::binary| std::ios::out,
  875. reinterpret_cast<uint8_t *>(const_cast<metadata_t *>( metadata)), METADATA_SIZE, (long)meta_offset);
  876. }
  877. #define PRINT_ELEMENT(stream, structure, element) \
  878. do { \
  879. (stream) << #structure << "->" << #element << ": " << std::hex << "0x" << structure->element << std::endl; \
  880. }while(0)
  881. #define PRINT_ARRAY(stream, structure, array, size) \
  882. do{ \
  883. (stream) << #structure << "->" << #array << ":" << std::hex; \
  884. for(size_t i = 0; i < size; i++) \
  885. { \
  886. if (i % 16 == 0) (stream) << std::endl; \
  887. (stream) << "0x" << std::setfill('0') << std::setw(2) << (uint32_t)(structure)->array[i] << " "; \
  888. } \
  889. (stream) << std::endl; \
  890. }while(0)
  891. #define CONCAT(name, num) name##num
  892. #define A(num) CONCAT(metadata, num)
  893. static void print_metadata_internal(std::ofstream &meta_ofs, const metadata_t *metadata)
  894. {
  895. assert(metadata != NULL);
  896. PRINT_ELEMENT(meta_ofs, metadata, magic_num);
  897. PRINT_ELEMENT(meta_ofs, metadata, version);
  898. PRINT_ELEMENT(meta_ofs, metadata, size);
  899. PRINT_ELEMENT(meta_ofs, metadata, tcs_policy);
  900. PRINT_ELEMENT(meta_ofs, metadata, ssa_frame_size);
  901. PRINT_ELEMENT(meta_ofs, metadata, max_save_buffer_size);
  902. PRINT_ELEMENT(meta_ofs, metadata, desired_misc_select);
  903. PRINT_ELEMENT(meta_ofs, metadata, enclave_size);
  904. PRINT_ELEMENT(meta_ofs, metadata, attributes.flags);
  905. PRINT_ELEMENT(meta_ofs, metadata, attributes.xfrm);
  906. // css.header
  907. PRINT_ARRAY(meta_ofs, metadata, enclave_css.header.header, 12);
  908. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.type);
  909. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.module_vendor);
  910. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.date);
  911. PRINT_ARRAY(meta_ofs, metadata, enclave_css.header.header2, 16);
  912. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.hw_version);
  913. // css.key
  914. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.modulus, SE_KEY_SIZE);
  915. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.exponent, SE_EXPONENT_SIZE);
  916. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.signature, SE_KEY_SIZE);
  917. // css.body
  918. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.misc_select);
  919. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.misc_mask);
  920. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attributes.flags);
  921. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attributes.xfrm);
  922. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attribute_mask.flags);
  923. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attribute_mask.xfrm);
  924. PRINT_ARRAY(meta_ofs, metadata, enclave_css.body.enclave_hash.m, SGX_HASH_SIZE);
  925. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.isv_prod_id);
  926. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.isv_svn);
  927. // css.buffer
  928. PRINT_ARRAY(meta_ofs, metadata, enclave_css.buffer.q1, SE_KEY_SIZE);
  929. PRINT_ARRAY(meta_ofs, metadata, enclave_css.buffer.q2, SE_KEY_SIZE);
  930. }
  931. bool print_metadata(const char *path, const metadata_t *metadata)
  932. {
  933. assert(path != NULL && metadata != NULL);
  934. std::ofstream meta_ofs(path, std::ofstream::out | std::ofstream::trunc);
  935. if (!meta_ofs.good())
  936. {
  937. se_trace(SE_TRACE_ERROR, OPEN_FILE_ERROR, path);
  938. return false;
  939. }
  940. meta_ofs << "=============================" << std::endl
  941. << "The metadata information:" << std::endl
  942. << "=============================" << std::endl;
  943. print_metadata_internal(meta_ofs, metadata);
  944. // Print the compatible metadata info
  945. size_t compat_meta_count = 0;
  946. do {
  947. metadata_t *compatible_metadata = GET_PTR(metadata_t, metadata, metadata->size);
  948. if(compatible_metadata == NULL || (compatible_metadata->magic_num == METADATA_MAGIC && compatible_metadata->size == 0))
  949. {
  950. meta_ofs.close();
  951. return false;
  952. }
  953. if(compatible_metadata->magic_num != METADATA_MAGIC)
  954. break;
  955. compat_meta_count++;
  956. if(compat_meta_count == 1)
  957. {
  958. meta_ofs << std::endl << std::endl << std::endl
  959. << "====================================" << std::endl
  960. << "The compatible metadata information: " << std::endl
  961. << "====================================" << std::endl;
  962. }
  963. meta_ofs << std::endl << "Compatible metadata number "
  964. << compat_meta_count << ":" << std::endl
  965. << "------------------------------" << std::endl;
  966. print_metadata_internal(meta_ofs, compatible_metadata);
  967. metadata = compatible_metadata;
  968. }while(1);
  969. typedef struct _mrsigner_t
  970. {
  971. uint8_t value[SGX_HASH_SIZE];
  972. } mrsigner_t;
  973. mrsigner_t ms;
  974. memset(&ms, 0, sizeof(mrsigner_t));
  975. mrsigner_t *mrsigner = &ms;
  976. unsigned int signer_len = SGX_HASH_SIZE;
  977. if(sgx_EVP_Digest(EVP_sha256(), metadata->enclave_css.key.modulus, SE_KEY_SIZE, ms.value, &signer_len) != SGX_SUCCESS)
  978. {
  979. se_trace(SE_TRACE_ERROR, "ERROR: failed to calculate the mrsigner.\n");
  980. meta_ofs.close();
  981. return false;
  982. }
  983. meta_ofs << std::endl << std::endl
  984. << "===================" << std::endl
  985. << "The mrsigner value:" << std::endl
  986. << "===================" << std::endl;
  987. PRINT_ARRAY(meta_ofs, mrsigner, value, SGX_HASH_SIZE);
  988. meta_ofs.close();
  989. return true;
  990. }