manage_metadata.cpp 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /**
  32. * File:
  33. * manage_metadata.cpp
  34. * Description:
  35. * Parse the xml file to get the metadata and generate the output DLL
  36. * with metadata.
  37. */
  38. #include "metadata.h"
  39. #include "tinyxml2.h"
  40. #include "manage_metadata.h"
  41. #include "se_trace.h"
  42. #include "util_st.h"
  43. #include "section.h"
  44. #include "se_page_attr.h"
  45. #include "elf_util.h"
  46. #include <stdio.h>
  47. #include <stdlib.h>
  48. #include <errno.h>
  49. #include <assert.h>
  50. #include <iostream>
  51. #include <iomanip>
  52. #include <fstream>
  53. using namespace tinyxml2;
  54. #define ALIGN_SIZE 0x1000
  55. static bool traverser_parameter(const char *temp_name, const char *temp_text, xml_parameter_t *parameter, int parameter_count)
  56. {
  57. assert(temp_name != NULL && parameter != NULL);
  58. uint64_t temp_value=0;
  59. if(temp_text == NULL)
  60. {
  61. se_trace(SE_TRACE_ERROR, LACK_VALUE_FOR_ELEMENT_ERROR, temp_name);
  62. return false;
  63. }
  64. else
  65. {
  66. if(strchr(temp_text, '-'))
  67. {
  68. se_trace(SE_TRACE_ERROR, INVALID_VALUE_FOR_ELEMENT_ERROR, temp_name);
  69. return false;
  70. }
  71. errno = 0;
  72. char* endptr = NULL;
  73. temp_value = (uint64_t)strtoull(temp_text, &endptr, 0);
  74. if(*endptr!='\0'||errno!=0) //Invalid value or valid value but out of the representable range
  75. {
  76. se_trace(SE_TRACE_ERROR, INVALID_VALUE_FOR_ELEMENT_ERROR, temp_name);
  77. return false;
  78. }
  79. }
  80. //Look for the matched one
  81. int i=0;
  82. for(; i<parameter_count&&STRCMP(temp_name,parameter[i].name); i++);
  83. if(i>=parameter_count) //no matched, return false
  84. {
  85. se_trace(SE_TRACE_ERROR, UNREC_ELEMENT_ERROR, temp_name);
  86. return false;
  87. }
  88. //found one matched
  89. if(parameter[i].flag==1) //repeated definition of XML element, return false
  90. {
  91. se_trace(SE_TRACE_ERROR, REPEATED_DEFINE_ERROR, temp_name);
  92. return false;
  93. }
  94. parameter[i].flag = 1;
  95. if((temp_value<parameter[i].min_value)||
  96. (temp_value>parameter[i].max_value)) // the value is invalid, return false
  97. {
  98. se_trace(SE_TRACE_ERROR, VALUE_OUT_OF_RANGE_ERROR, temp_name);
  99. return false;
  100. }
  101. parameter[i].value = temp_value;
  102. return true;
  103. }
  104. bool parse_metadata_file(const char *xmlpath, xml_parameter_t *parameter, int parameter_count)
  105. {
  106. const char* temp_name=NULL;
  107. assert(parameter != NULL);
  108. if(xmlpath == NULL) // user didn't define the metadata xml file.
  109. {
  110. se_trace(SE_TRACE_NOTICE, "Use default metadata...\n");
  111. return true;
  112. }
  113. //use the metadata file that user gives us. parse xml file
  114. tinyxml2::XMLDocument doc;
  115. XMLError loadOkay = doc.LoadFile(xmlpath);
  116. if(loadOkay != XML_SUCCESS)
  117. {
  118. if(doc.ErrorID() == XML_ERROR_FILE_COULD_NOT_BE_OPENED)
  119. {
  120. se_trace(SE_TRACE_ERROR, OPEN_FILE_ERROR, xmlpath);
  121. }
  122. else if(doc.ErrorID() == XML_ERROR_FILE_NOT_FOUND)
  123. {
  124. se_trace(SE_TRACE_ERROR, XML_NOT_FOUND_ERROR, xmlpath);
  125. }
  126. else
  127. {
  128. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  129. }
  130. return false;
  131. }
  132. doc.Print();//Write the document to standard out using formatted printing ("pretty print").
  133. XMLElement *pmetadata_element = doc.FirstChildElement("EnclaveConfiguration");
  134. if(!pmetadata_element || pmetadata_element->GetText() != NULL)
  135. {
  136. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  137. return false;
  138. }
  139. XMLElement *sub_element = NULL;
  140. sub_element = pmetadata_element->FirstChildElement();
  141. const char *temp_text = NULL;
  142. while(sub_element)//parse xml node
  143. {
  144. if(sub_element->FirstAttribute() != NULL)
  145. {
  146. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  147. return false;
  148. }
  149. temp_name = sub_element->Value();
  150. temp_text = sub_element->GetText();
  151. //traverse every node. Compare with the default value.
  152. if(traverser_parameter(temp_name, temp_text, parameter, parameter_count) == false)
  153. {
  154. se_trace(SE_TRACE_ERROR, XML_FORMAT_ERROR);
  155. return false;
  156. }
  157. sub_element= sub_element->NextSiblingElement();
  158. }
  159. return true;
  160. }
  161. CMetadata::CMetadata(metadata_t *metadata, BinParser *parser)
  162. : m_metadata(metadata)
  163. , m_parser(parser)
  164. {
  165. memset(m_metadata, 0, sizeof(metadata_t));
  166. memset(&m_create_param, 0, sizeof(m_create_param));
  167. }
  168. CMetadata::~CMetadata()
  169. {
  170. }
  171. bool CMetadata::build_metadata(const xml_parameter_t *parameter)
  172. {
  173. if(!modify_metadata(parameter))
  174. {
  175. return false;
  176. }
  177. // layout table
  178. if(!build_layout_table())
  179. {
  180. return false;
  181. }
  182. // patch table
  183. if(!build_patch_table())
  184. {
  185. return false;
  186. }
  187. return true;
  188. }
  189. bool CMetadata::modify_metadata(const xml_parameter_t *parameter)
  190. {
  191. assert(parameter != NULL);
  192. m_metadata->version = META_DATA_MAKE_VERSION(MAJOR_VERSION,MINOR_VERSION );
  193. m_metadata->size = offsetof(metadata_t, data);
  194. m_metadata->tcs_policy = (uint32_t)parameter[TCSPOLICY].value;
  195. m_metadata->ssa_frame_size = SSA_FRAME_SIZE;
  196. //stack/heap must be page-align
  197. if(parameter[STACKMAXSIZE].value % ALIGN_SIZE)
  198. {
  199. se_trace(SE_TRACE_ERROR, SET_STACK_SIZE_ERROR);
  200. return false;
  201. }
  202. if(parameter[HEAPMAXSIZE].value % ALIGN_SIZE)
  203. {
  204. se_trace(SE_TRACE_ERROR, SET_HEAP_SIZE_ERROR);
  205. return false;
  206. }
  207. // LE setting: HW != 0, Licensekey = 1
  208. // Other enclave setting: HW = 0, Licensekey = 0
  209. if((parameter[HW].value == 0 && parameter[LAUNCHKEY].value != 0) ||
  210. (parameter[HW].value != 0 && parameter[LAUNCHKEY].value == 0))
  211. {
  212. se_trace(SE_TRACE_ERROR, SET_HW_LE_ERROR);
  213. return false;
  214. }
  215. m_metadata->max_save_buffer_size = MAX_SAVE_BUF_SIZE;
  216. m_metadata->magic_num = METADATA_MAGIC;
  217. m_metadata->desired_misc_select = 0;
  218. m_metadata->enclave_css.body.misc_select = (uint32_t)parameter[MISCSELECT].value;
  219. m_metadata->enclave_css.body.misc_mask = (uint32_t)parameter[MISCMASK].value;
  220. m_create_param.heap_max_size = parameter[HEAPMAXSIZE].value;
  221. m_create_param.ssa_frame_size = SSA_FRAME_SIZE;
  222. m_create_param.stack_max_size = parameter[STACKMAXSIZE].value;
  223. m_create_param.tcs_max_num = (uint32_t)parameter[TCSNUM].value;
  224. m_create_param.tcs_policy = m_metadata->tcs_policy;
  225. return true;
  226. }
  227. void *CMetadata::alloc_buffer_from_metadata(uint32_t size)
  228. {
  229. void *addr = GET_PTR(void, m_metadata, m_metadata->size);
  230. m_metadata->size += size;
  231. if((m_metadata->size < size) || (m_metadata->size > METADATA_SIZE))
  232. {
  233. return NULL;
  234. }
  235. return addr;
  236. }
  237. bool CMetadata::build_layout_entries(vector<layout_t> &layouts)
  238. {
  239. uint32_t size = (uint32_t)(layouts.size() * sizeof(layout_t));
  240. layout_t *layout_table = (layout_t *) alloc_buffer_from_metadata(size);
  241. if(layout_table == NULL)
  242. {
  243. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  244. return false;
  245. }
  246. m_metadata->dirs[DIR_LAYOUT].offset = (uint32_t)PTR_DIFF(layout_table, m_metadata);
  247. m_metadata->dirs[DIR_LAYOUT].size = size;
  248. uint64_t rva = calculate_sections_size();
  249. if(rva == 0)
  250. {
  251. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  252. return false;
  253. }
  254. for(uint32_t i = 0; i < layouts.size(); i++)
  255. {
  256. memcpy_s(layout_table, sizeof(layout_t), &layouts[i], sizeof(layout_t));
  257. if(!IS_GROUP_ID(layouts[i].entry.id))
  258. {
  259. layout_table->entry.rva = rva;
  260. rva += (uint64_t)layouts[i].entry.page_count << SE_PAGE_SHIFT;
  261. }
  262. else
  263. {
  264. for (uint32_t j = 0; j < layouts[i].group.entry_count; j++)
  265. {
  266. layout_table->group.load_step += (uint64_t)layouts[i-j-1].entry.page_count << SE_PAGE_SHIFT;
  267. }
  268. rva += layouts[i].group.load_times * layout_table->group.load_step;
  269. }
  270. layout_table++;
  271. }
  272. // enclave virtual size
  273. m_metadata->enclave_size = calculate_enclave_size(rva);
  274. if(m_metadata->enclave_size == (uint64_t)-1)
  275. {
  276. se_trace(SE_TRACE_ERROR, OUT_OF_EPC_ERROR);
  277. return false;
  278. }
  279. // the last guard page entry to round the enclave size to power of 2
  280. if(m_metadata->enclave_size - rva > 0)
  281. {
  282. layout_table = (layout_t *)alloc_buffer_from_metadata(sizeof(layout_t));
  283. if(layout_table == NULL)
  284. {
  285. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  286. return false;
  287. }
  288. layout_table->entry.id = LAYOUT_ID_GUARD;
  289. layout_table->entry.rva = rva;
  290. layout_table->entry.page_count = (uint32_t)((m_metadata->enclave_size - rva) >> SE_PAGE_SHIFT);
  291. m_metadata->dirs[DIR_LAYOUT].size += (uint32_t)sizeof(layout_t);
  292. }
  293. return true;
  294. }
  295. bool CMetadata::build_layout_table()
  296. {
  297. vector <layout_t> layouts;
  298. layout_t layout;
  299. memset(&layout, 0, sizeof(layout));
  300. layout_t guard_page;
  301. memset(&guard_page, 0, sizeof(guard_page));
  302. guard_page.entry.id = LAYOUT_ID_GUARD;
  303. guard_page.entry.page_count = SE_GUARD_PAGE_SIZE >> SE_PAGE_SHIFT;
  304. // heap
  305. layout.entry.id = LAYOUT_ID_HEAP;
  306. layout.entry.page_count = (uint32_t)(m_create_param.heap_max_size >> SE_PAGE_SHIFT);
  307. layout.entry.attributes = ADD_PAGE_ONLY;
  308. layout.entry.si_flags = SI_FLAGS_RW;
  309. layouts.push_back(layout);
  310. // thread context memory layout
  311. // guard page | stack | TCS | SSA | guard page | TLS
  312. // guard page
  313. layouts.push_back(guard_page);
  314. // stack
  315. layout.entry.id = LAYOUT_ID_STACK;
  316. layout.entry.page_count = (uint32_t)(m_create_param.stack_max_size >> SE_PAGE_SHIFT);
  317. layout.entry.attributes = ADD_EXTEND_PAGE;
  318. layout.entry.si_flags = SI_FLAGS_RW;
  319. layout.entry.content_size = 0xCCCCCCCC;
  320. layouts.push_back(layout);
  321. // guard page
  322. layouts.push_back(guard_page);
  323. // tcs
  324. layout.entry.id = LAYOUT_ID_TCS;
  325. layout.entry.page_count = TCS_SIZE >> SE_PAGE_SHIFT;
  326. layout.entry.attributes = ADD_EXTEND_PAGE;
  327. layout.entry.si_flags = SI_FLAGS_TCS;
  328. tcs_t *tcs_template = (tcs_t *) alloc_buffer_from_metadata(TCS_TEMPLATE_SIZE);
  329. if(tcs_template == NULL)
  330. {
  331. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  332. return false;
  333. }
  334. layout.entry.content_offset = (uint32_t)PTR_DIFF(tcs_template, m_metadata),
  335. layout.entry.content_size = TCS_TEMPLATE_SIZE;
  336. layouts.push_back(layout);
  337. memset(&layout, 0, sizeof(layout));
  338. // ssa
  339. layout.entry.id = LAYOUT_ID_SSA;
  340. layout.entry.page_count = SSA_FRAME_SIZE * SSA_NUM;
  341. layout.entry.attributes = ADD_EXTEND_PAGE;
  342. layout.entry.si_flags = SI_FLAGS_RW;
  343. layouts.push_back(layout);
  344. // guard page
  345. layouts.push_back(guard_page);
  346. // td
  347. layout.entry.id = LAYOUT_ID_TD;
  348. layout.entry.page_count = 1;
  349. const Section *section = m_parser->get_tls_section();
  350. if(section)
  351. {
  352. layout.entry.page_count += (uint32_t)(ROUND_TO_PAGE(section->virtual_size()) >> SE_PAGE_SHIFT);
  353. }
  354. layout.entry.attributes = ADD_EXTEND_PAGE;
  355. layout.entry.si_flags = SI_FLAGS_RW;
  356. layouts.push_back(layout);
  357. // group for thread context
  358. if (m_create_param.tcs_max_num > 1)
  359. {
  360. memset(&layout, 0, sizeof(layout));
  361. layout.group.id = LAYOUT_ID_THREAD_GROUP;
  362. layout.group.entry_count = (uint16_t) (layouts.size() - 1);
  363. layout.group.load_times = m_create_param.tcs_max_num-1;
  364. layouts.push_back(layout);
  365. }
  366. // build layout table
  367. if(false == build_layout_entries(layouts))
  368. {
  369. return false;
  370. }
  371. // tcs template
  372. if(false == build_tcs_template(tcs_template))
  373. {
  374. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  375. return false;
  376. }
  377. return true;
  378. }
  379. bool CMetadata::build_patch_entries(vector<patch_entry_t> &patches)
  380. {
  381. uint32_t size = (uint32_t)(patches.size() * sizeof(patch_entry_t));
  382. patch_entry_t *patch_table = (patch_entry_t *) alloc_buffer_from_metadata(size);
  383. if(patch_table == NULL)
  384. {
  385. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  386. return false;
  387. }
  388. m_metadata->dirs[DIR_PATCH].offset = (uint32_t)PTR_DIFF(patch_table, m_metadata);
  389. m_metadata->dirs[DIR_PATCH].size = size;
  390. for(uint32_t i = 0; i < patches.size(); i++)
  391. {
  392. memcpy_s(patch_table, sizeof(patch_entry_t), &patches[i], sizeof(patch_entry_t));
  393. patch_table++;
  394. }
  395. return true;
  396. }
  397. bool CMetadata::build_patch_table()
  398. {
  399. const uint8_t *base_addr = (const uint8_t *)m_parser->get_start_addr();
  400. vector<patch_entry_t> patches;
  401. patch_entry_t patch;
  402. memset(&patch, 0, sizeof(patch));
  403. // td template
  404. uint8_t buf[200];
  405. uint32_t size = 200;
  406. memset(buf, 0, size);
  407. if(false == build_gd_template(buf, &size))
  408. {
  409. return false;
  410. }
  411. uint8_t *gd_template = (uint8_t *)alloc_buffer_from_metadata(size);
  412. if(gd_template == NULL)
  413. {
  414. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  415. return false;
  416. }
  417. memcpy_s(gd_template, size, buf, size);
  418. uint64_t rva = m_parser->get_symbol_rva("g_global_data");
  419. if(0 == rva)
  420. {
  421. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  422. return false;
  423. }
  424. patch.dst = (uint64_t)PTR_DIFF(get_rawdata_by_rva(rva), base_addr);
  425. patch.src = (uint32_t)PTR_DIFF(gd_template, m_metadata);
  426. patch.size = size;
  427. patches.push_back(patch);
  428. // patch the image header
  429. uint64_t *zero = (uint64_t *)alloc_buffer_from_metadata(sizeof(*zero));
  430. if(zero == NULL)
  431. {
  432. se_trace(SE_TRACE_ERROR, INVALID_ENCLAVE_ERROR);
  433. return false;
  434. }
  435. *zero = 0;
  436. bin_fmt_t bf = m_parser->get_bin_format();
  437. if(bf == BF_ELF32)
  438. {
  439. Elf32_Ehdr *elf_hdr = (Elf32_Ehdr *)base_addr;
  440. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shnum, base_addr);
  441. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  442. patch.size = (uint32_t)sizeof(elf_hdr->e_shnum);
  443. patches.push_back(patch);
  444. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shoff, base_addr);
  445. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  446. patch.size = (uint32_t)sizeof(elf_hdr->e_shoff);
  447. patches.push_back(patch);
  448. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shstrndx, base_addr);
  449. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  450. patch.size = (uint32_t)sizeof(elf_hdr->e_shstrndx);
  451. patches.push_back(patch);
  452. // Modify GNU_RELRO info to eliminate the impact of enclave measurement.
  453. Elf32_Phdr *prg_hdr = GET_PTR(Elf32_Phdr, base_addr, elf_hdr->e_phoff);
  454. for (unsigned idx = 0; idx < elf_hdr->e_phnum; ++idx, ++prg_hdr)
  455. {
  456. if(prg_hdr->p_type == PT_GNU_RELRO)
  457. {
  458. patch.dst = (uint64_t)PTR_DIFF(prg_hdr, base_addr);
  459. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  460. patch.size = (uint32_t)sizeof(Elf32_Phdr);
  461. patches.push_back(patch);
  462. break;
  463. }
  464. }
  465. }
  466. else if(bf == BF_ELF64)
  467. {
  468. Elf64_Ehdr *elf_hdr = (Elf64_Ehdr *)base_addr;
  469. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shnum, base_addr);
  470. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  471. patch.size = (uint32_t)sizeof(elf_hdr->e_shnum);
  472. patches.push_back(patch);
  473. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shoff, base_addr);
  474. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  475. patch.size = (uint32_t)sizeof(elf_hdr->e_shoff);
  476. patches.push_back(patch);
  477. patch.dst = (uint64_t)PTR_DIFF(&elf_hdr->e_shstrndx, base_addr);
  478. patch.src = (uint32_t)PTR_DIFF(zero, m_metadata);
  479. patch.size = (uint32_t)sizeof(elf_hdr->e_shstrndx);
  480. patches.push_back(patch);
  481. }
  482. if(false == build_patch_entries(patches))
  483. {
  484. return false;
  485. }
  486. return true;
  487. }
  488. layout_entry_t *CMetadata::get_entry_by_id(uint16_t id)
  489. {
  490. layout_entry_t *layout_start = GET_PTR(layout_entry_t, m_metadata, m_metadata->dirs[DIR_LAYOUT].offset);
  491. layout_entry_t *layout_end = GET_PTR(layout_entry_t, m_metadata, m_metadata->dirs[DIR_LAYOUT].offset + m_metadata->dirs[DIR_LAYOUT].size);
  492. for (layout_entry_t *layout = layout_start; layout < layout_end; layout++)
  493. {
  494. if(layout->id == id)
  495. return layout;
  496. }
  497. assert(false);
  498. return NULL;
  499. }
  500. bool CMetadata::build_gd_template(uint8_t *data, uint32_t *data_size)
  501. {
  502. m_create_param.stack_limit_addr = get_entry_by_id(LAYOUT_ID_STACK)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva;
  503. m_create_param.stack_base_addr = ((uint64_t)get_entry_by_id(LAYOUT_ID_STACK)->page_count << SE_PAGE_SHIFT) + m_create_param.stack_limit_addr;
  504. m_create_param.first_ssa_gpr = get_entry_by_id(LAYOUT_ID_SSA)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva
  505. + SSA_FRAME_SIZE * SE_PAGE_SIZE - (uint64_t)sizeof(ssa_gpr_t);
  506. m_create_param.enclave_size = m_metadata->enclave_size;
  507. m_create_param.heap_offset = get_entry_by_id(LAYOUT_ID_HEAP)->rva;
  508. uint64_t tmp_tls_addr = get_entry_by_id(LAYOUT_ID_TD)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva;
  509. m_create_param.td_addr = tmp_tls_addr + (((uint64_t)get_entry_by_id(LAYOUT_ID_TD)->page_count - 1) << SE_PAGE_SHIFT);
  510. const Section *section = m_parser->get_tls_section();
  511. if(section)
  512. {
  513. /* adjust the tls_addr to be the pointer to the actual TLS data area */
  514. m_create_param.tls_addr = m_create_param.td_addr - section->virtual_size();
  515. assert(TRIM_TO_PAGE(m_create_param.tls_addr) == tmp_tls_addr);
  516. }
  517. else
  518. m_create_param.tls_addr = tmp_tls_addr;
  519. if(false == m_parser->update_global_data(&m_create_param, data, data_size))
  520. {
  521. se_trace(SE_TRACE_ERROR, NO_MEMORY_ERROR); // metadata structure doesnot have enough memory for global_data template
  522. return false;
  523. }
  524. return true;
  525. }
  526. bool CMetadata::build_tcs_template(tcs_t *tcs)
  527. {
  528. tcs->oentry = m_parser->get_symbol_rva("enclave_entry");
  529. if(tcs->oentry == 0)
  530. {
  531. return false;
  532. }
  533. tcs->nssa = SSA_NUM;
  534. tcs->cssa = 0;
  535. tcs->ossa = get_entry_by_id(LAYOUT_ID_SSA)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva;
  536. //fs/gs pointer at TLS/TD
  537. tcs->ofs_base = tcs->ogs_base = get_entry_by_id(LAYOUT_ID_TD)->rva - get_entry_by_id(LAYOUT_ID_TCS)->rva + (((uint64_t)get_entry_by_id(LAYOUT_ID_TD)->page_count - 1) << SE_PAGE_SHIFT);
  538. tcs->ofs_limit = tcs->ogs_limit = (uint32_t)-1;
  539. return true;
  540. }
  541. void* CMetadata::get_rawdata_by_rva(uint64_t rva)
  542. {
  543. std::vector<Section*> sections = m_parser->get_sections();
  544. for(unsigned int i = 0; i < sections.size() ; i++)
  545. {
  546. uint64_t start_rva = TRIM_TO_PAGE(sections[i]->get_rva());
  547. uint64_t end_rva = ROUND_TO_PAGE(sections[i]->get_rva() + sections[i]->virtual_size());
  548. if(start_rva <= rva && rva < end_rva)
  549. {
  550. uint64_t offset = rva - sections[i]->get_rva();
  551. if (offset > sections[i]->raw_data_size())
  552. {
  553. return 0;
  554. }
  555. return GET_PTR(void, sections[i]->raw_data(), offset);
  556. }
  557. }
  558. return 0;
  559. }
  560. uint64_t CMetadata::calculate_sections_size()
  561. {
  562. std::vector<Section*> sections = m_parser->get_sections();
  563. uint64_t max_rva = 0;
  564. Section *last_section = NULL;
  565. for(unsigned int i = 0; i < sections.size() ; i++)
  566. {
  567. if(sections[i]->get_rva() > max_rva) {
  568. max_rva = sections[i]->get_rva();
  569. last_section = sections[i];
  570. }
  571. }
  572. uint64_t size = (NULL == last_section) ? (0) : (last_section->get_rva() + last_section->virtual_size());
  573. size = ROUND_TO_PAGE(size);
  574. return size;
  575. }
  576. uint64_t CMetadata::calculate_enclave_size(uint64_t size)
  577. {
  578. uint64_t enclave_max_size = m_parser->get_enclave_max_size();
  579. if(size > enclave_max_size)
  580. return (uint64_t)-1;
  581. uint64_t round_size = 1;
  582. while (round_size < size)
  583. {
  584. round_size <<=1;
  585. if(!round_size)
  586. return (uint64_t)-1;
  587. }
  588. if(round_size > enclave_max_size)
  589. return (uint64_t)-1;
  590. return round_size;
  591. }
  592. bool update_metadata(const char *path, const metadata_t *metadata, uint64_t meta_offset)
  593. {
  594. assert(path != NULL && metadata != NULL);
  595. return write_data_to_file(path, std::ios::in | std::ios::binary| std::ios::out,
  596. reinterpret_cast<uint8_t *>(const_cast<metadata_t *>( metadata)), metadata->size, (long)meta_offset);
  597. }
  598. #define PRINT_ELEMENT(stream, structure, element) \
  599. do { \
  600. (stream) << #structure << "->" << #element << ": " << std::hex << "0x" << structure->element << std::endl; \
  601. }while(0)
  602. #define PRINT_ARRAY(stream, structure, array, size) \
  603. do{ \
  604. (stream) << #structure << "->" << #array << ":" << std::hex; \
  605. for(size_t i = 0; i < size; i++) \
  606. { \
  607. if (i % 16 == 0) (stream) << std::endl; \
  608. (stream) << "0x" << std::setfill('0') << std::setw(2) << (uint32_t)(structure)->array[i] << " "; \
  609. } \
  610. (stream) << std::endl; \
  611. }while(0)
  612. bool print_metadata(const char *path, const metadata_t *metadata)
  613. {
  614. assert(path != NULL && metadata != NULL);
  615. std::ofstream meta_ofs(path, std::ofstream::out | std::ofstream::trunc);
  616. if (!meta_ofs.good())
  617. {
  618. se_trace(SE_TRACE_ERROR, OPEN_FILE_ERROR, path);
  619. return false;
  620. }
  621. PRINT_ELEMENT(meta_ofs, metadata, magic_num);
  622. PRINT_ELEMENT(meta_ofs, metadata, version);
  623. PRINT_ELEMENT(meta_ofs, metadata, size);
  624. PRINT_ELEMENT(meta_ofs, metadata, tcs_policy);
  625. PRINT_ELEMENT(meta_ofs, metadata, ssa_frame_size);
  626. PRINT_ELEMENT(meta_ofs, metadata, max_save_buffer_size);
  627. PRINT_ELEMENT(meta_ofs, metadata, desired_misc_select);
  628. PRINT_ELEMENT(meta_ofs, metadata, enclave_size);
  629. PRINT_ELEMENT(meta_ofs, metadata, attributes.flags);
  630. PRINT_ELEMENT(meta_ofs, metadata, attributes.xfrm);
  631. // css.header
  632. PRINT_ARRAY(meta_ofs, metadata, enclave_css.header.header, 12);
  633. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.type);
  634. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.module_vendor);
  635. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.date);
  636. PRINT_ARRAY(meta_ofs, metadata, enclave_css.header.header2, 16);
  637. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.header.hw_version);
  638. // css.key
  639. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.modulus, SE_KEY_SIZE);
  640. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.exponent, SE_EXPONENT_SIZE);
  641. PRINT_ARRAY(meta_ofs, metadata, enclave_css.key.signature, SE_KEY_SIZE);
  642. // css.body
  643. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.misc_select);
  644. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.misc_mask);
  645. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attributes.flags);
  646. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attributes.xfrm);
  647. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attribute_mask.flags);
  648. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.attribute_mask.xfrm);
  649. PRINT_ARRAY(meta_ofs, metadata, enclave_css.body.enclave_hash.m, SGX_HASH_SIZE);
  650. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.isv_prod_id);
  651. PRINT_ELEMENT(meta_ofs, metadata, enclave_css.body.isv_svn);
  652. // css.buffer
  653. PRINT_ARRAY(meta_ofs, metadata, enclave_css.buffer.q1, SE_KEY_SIZE);
  654. PRINT_ARRAY(meta_ofs, metadata, enclave_css.buffer.q2, SE_KEY_SIZE);
  655. meta_ofs.close();
  656. return true;
  657. }