Home Explore Help
Sign In
miti
/
linux-sgx-trts-modified
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
linux-sgx-tr...
/
sdk
/
protected_fs
/
sgx_tprotected_fs
/
file_read_write.cpp

file_read_write.cpp 20 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657 
  1. /*
    2. 

  2.  * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  *
    8. 

  8.  *   * Redistributions of source code must retain the above copyright
    9. 

  9.  *     notice, this list of conditions and the following disclaimer.
    10. 

  10.  *   * Redistributions in binary form must reproduce the above copyright
    11. 

  11.  *     notice, this list of conditions and the following disclaimer in
    12. 

  12.  *     the documentation and/or other materials provided with the
    13. 

  13.  *     distribution.
    14. 

  14.  *   * Neither the name of Intel Corporation nor the names of its
    15. 

  15.  *     contributors may be used to endorse or promote products derived
    16. 

  16.  *     from this software without specific prior written permission.
    17. 

  17.  *
    18. 

  18.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    19. 

  19.  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    20. 

  20.  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    21. 

  21.  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    22. 

  22.  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    23. 

  23.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    24. 

  24.  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    25. 

  25.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    26. 

  26.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    27. 

  27.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    28. 

  28.  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    29. 

  29.  *
    30. 

  30.  */
    31. 

  31. 

  32. #include "sgx_tprotected_fs_t.h"
    33. 

  33. #include "protected_fs_file.h"
    34. 

  34. 

  35. #include <sgx_trts.h>
    36. 

  36. 

  37. size_t protected_fs_file::write(const void* ptr, size_t size, size_t count)
    38. 

  38. {
    39. 

  39. 	if (ptr == NULL || size == 0 || count == 0)
    40. 

  40. 		return 0;
    41. 

  41. 

  42. 	int32_t result32 = sgx_thread_mutex_lock(&mutex);
    43. 

  43. 	if (result32 != 0)
    44. 

  44. 	{
    45. 

  45. 		last_error = result32;
    46. 

  46. 		file_status = SGX_FILE_STATUS_MEMORY_CORRUPTED;
    47. 

  47. 		return 0;
    48. 

  48. 	}
    49. 

  49. 

  50. 	size_t data_left_to_write = size * count;
    51. 

  51. 

  52. 	// prevent overlap...
    53. 

  53. #if defined(_WIN64) || defined(__x86_64__)
    54. 

  54. 	if (size > UINT32_MAX || count > UINT32_MAX)
    55. 

  55. 	{
    56. 

  56. 		last_error = EINVAL;
    57. 

  57. 		sgx_thread_mutex_unlock(&mutex);
    58. 

  58. 		return 0;
    59. 

  59. 	}
    60. 

  60. #else
    61. 

  61. 	if (((uint64_t)((uint64_t)size * (uint64_t)count)) != (uint64_t)data_left_to_write)
    62. 

  62. 	{
    63. 

  63. 		last_error = EINVAL;
    64. 

  64. 		sgx_thread_mutex_unlock(&mutex);
    65. 

  65. 		return 0;
    66. 

  66. 	}
    67. 

  67. #endif
    68. 

  68. 

  69. 	if (sgx_is_outside_enclave(ptr, data_left_to_write))
    70. 

  70. 	{
    71. 

  71. 		last_error = SGX_ERROR_INVALID_PARAMETER;
    72. 

  72. 		sgx_thread_mutex_unlock(&mutex);
    73. 

  73. 		return 0;
    74. 

  74. 	}
    75. 

  75. 

  76. 	if (file_status != SGX_FILE_STATUS_OK)
    77. 

  77. 	{
    78. 

  78. 		last_error = SGX_ERROR_FILE_BAD_STATUS;
    79. 

  79. 		sgx_thread_mutex_unlock(&mutex);
    80. 

  80. 		return 0;
    81. 

  81. 	}
    82. 

  82. 

  83. 	if (open_mode.append == 0 && open_mode.update == 0 && open_mode.write == 0)
    84. 

  84. 	{
    85. 

  85. 		last_error = EACCES;
    86. 

  86. 		sgx_thread_mutex_unlock(&mutex);
    87. 

  87. 		return 0;
    88. 

  88. 	}
    89. 

  89. 

  90. 	if (open_mode.append == 1)
    91. 

  91. 		offset = encrypted_part_plain.size; // add at the end of the file
    92. 

  92. 

  93. 	const unsigned char* data_to_write = (const unsigned char*)ptr;
    94. 

  94. 

  95. 	// the first block of user data is written in the meta-data encrypted part
    96. 

  96. 	if (offset < MD_USER_DATA_SIZE)
    97. 

  97. 	{
    98. 

  98. 		size_t empty_place_left_in_md = MD_USER_DATA_SIZE - (size_t)offset; // offset is smaller than MD_USER_DATA_SIZE
    99. 

  99. 		if (data_left_to_write <= empty_place_left_in_md)
    100. 

  100. 		{
    101. 

  101. 			memcpy(&encrypted_part_plain.data[offset], data_to_write, data_left_to_write);
    102. 

  102. 			offset += data_left_to_write;
    103. 

  103. 			data_to_write += data_left_to_write; // not needed, to prevent future errors
    104. 

  104. 			data_left_to_write = 0;
    105. 

  105. 		}
    106. 

  106. 		else
    107. 

  107. 		{
    108. 

  108. 			memcpy(&encrypted_part_plain.data[offset], data_to_write, empty_place_left_in_md);
    109. 

  109. 			offset += empty_place_left_in_md;
    110. 

  110. 			data_to_write += empty_place_left_in_md;
    111. 

  111. 			data_left_to_write -= empty_place_left_in_md;
    112. 

  112. 		}
    113. 

  113. 		
    114. 

  114. 		if (offset > encrypted_part_plain.size)
    115. 

  115. 			encrypted_part_plain.size = offset; // file grew, update the new file size
    116. 

  116. 

  117. 		need_writing = true;
    118. 

  118. 	}
    119. 

  119. 

  120. 	while (data_left_to_write > 0)
    121. 

  121. 	{
    122. 

  122. 		file_data_node_t* file_data_node = NULL;
    123. 

  123. 		file_data_node = get_data_node(); // return the data node of the current offset, will read it from disk or create new one if needed (and also the mht node if needed)
    124. 

  124. 		if (file_data_node == NULL)
    125. 

  125. 			break;
    126. 

  126. 

  127. 		size_t offset_in_node = (size_t)((offset - MD_USER_DATA_SIZE) % NODE_SIZE);
    128. 

  128. 		size_t empty_place_left_in_node = NODE_SIZE - offset_in_node;
    129. 

  129. 		
    130. 

  130. 		if (data_left_to_write <= empty_place_left_in_node)
    131. 

  131. 		{ // this will be the last write
    132. 

  132. 			memcpy(&file_data_node->plain.data[offset_in_node], data_to_write, data_left_to_write);
    133. 

  133. 			offset += data_left_to_write;
    134. 

  134. 			data_to_write += data_left_to_write; // not needed, to prevent future errors
    135. 

  135. 			data_left_to_write = 0;
    136. 

  136. 		}
    137. 

  137. 		else
    138. 

  138. 		{
    139. 

  139. 			memcpy(&file_data_node->plain.data[offset_in_node], data_to_write, empty_place_left_in_node);
    140. 

  140. 			offset += empty_place_left_in_node;
    141. 

  141. 			data_to_write += empty_place_left_in_node;
    142. 

  142. 			data_left_to_write -= empty_place_left_in_node;
    143. 

  143. 

  144. 		}
    145. 

  145. 

  146. 		if (offset > encrypted_part_plain.size)
    147. 

  147. 			encrypted_part_plain.size = offset; // file grew, update the new file size
    148. 

  148. 

  149. 		if (file_data_node->need_writing == false)
    150. 

  150. 		{
    151. 

  151. 			file_data_node->need_writing = true;
    152. 

  152. 			file_mht_node_t* file_mht_node = file_data_node->parent;
    153. 

  153. 			while (file_mht_node->mht_node_number != 0) // set all the mht parent nodes as 'need writing'
    154. 

  154. 			{
    155. 

  155. 				file_mht_node->need_writing = true;
    156. 

  156. 				file_mht_node = file_mht_node->parent;
    157. 

  157. 			}
    158. 

  158. 			root_mht.need_writing = true;
    159. 

  159. 			need_writing = true;
    160. 

  160. 		}
    161. 

  161. 	}
    162. 

  162. 

  163. 	sgx_thread_mutex_unlock(&mutex);
    164. 

  164. 

  165. 	size_t ret_count = ((size * count) - data_left_to_write) / size;
    166. 

  166. 	return ret_count;
    167. 

  167. }
    168. 

  168. 

  169. 

  170. size_t protected_fs_file::read(void* ptr, size_t size, size_t count)
    171. 

  171. {
    172. 

  172. 	if (ptr == NULL || size == 0 || count == 0)
    173. 

  173. 		return 0;
    174. 

  174. 

  175. 	int32_t result32 = sgx_thread_mutex_lock(&mutex);
    176. 

  176. 	if (result32 != 0)
    177. 

  177. 	{
    178. 

  178. 		last_error = result32;
    179. 

  179. 		file_status = SGX_FILE_STATUS_MEMORY_CORRUPTED;
    180. 

  180. 		return 0;
    181. 

  181. 	}
    182. 

  182. 

  183. 	size_t data_left_to_read = size * count;
    184. 

  184. 

  185. 	// prevent overlap...
    186. 

  186. #if defined(_WIN64) || defined(__x86_64__)
    187. 

  187. 	if (size > UINT32_MAX || count > UINT32_MAX)
    188. 

  188. 	{
    189. 

  189. 		last_error = EINVAL;
    190. 

  190. 		sgx_thread_mutex_unlock(&mutex);
    191. 

  191. 		return 0;
    192. 

  192. 	}
    193. 

  193. #else
    194. 

  194. 	if (((uint64_t)((uint64_t)size * (uint64_t)count)) != (uint64_t)data_left_to_read)
    195. 

  195. 	{
    196. 

  196. 		last_error = EINVAL;
    197. 

  197. 		sgx_thread_mutex_unlock(&mutex);
    198. 

  198. 		return 0;
    199. 

  199. 	}
    200. 

  200. #endif
    201. 

  201. 

  202. 

  203. 	if (sgx_is_outside_enclave(ptr, data_left_to_read))
    204. 

  204. 	{
    205. 

  205. 		last_error = EINVAL;
    206. 

  206. 		sgx_thread_mutex_unlock(&mutex);
    207. 

  207. 		return 0;
    208. 

  208. 	}
    209. 

  209. 

  210. 	if (file_status != SGX_FILE_STATUS_OK)
    211. 

  211. 	{
    212. 

  212. 		last_error = SGX_ERROR_FILE_BAD_STATUS;
    213. 

  213. 		sgx_thread_mutex_unlock(&mutex);
    214. 

  214. 		return 0;
    215. 

  215. 	}
    216. 

  216. 

  217. 	if (open_mode.read == 0 && open_mode.update == 0)
    218. 

  218. 	{
    219. 

  219. 		last_error = EACCES;
    220. 

  220. 		sgx_thread_mutex_unlock(&mutex);
    221. 

  221. 		return 0;
    222. 

  222. 	}
    223. 

  223. 

  224. 	if (end_of_file == true)
    225. 

  225. 	{// not an error
    226. 

  226. 		sgx_thread_mutex_unlock(&mutex);
    227. 

  227. 		return 0;
    228. 

  228. 	}
    229. 

  229. 

  230. 	// this check is not really needed, can go on with the code and it will do nothing until the end, but it's more 'right' to check it here
    231. 

  231. 	if (offset == encrypted_part_plain.size)
    232. 

  232. 	{
    233. 

  233. 		end_of_file = true;
    234. 

  234. 		sgx_thread_mutex_unlock(&mutex);
    235. 

  235. 		return 0;
    236. 

  236. 	}
    237. 

  237. 

  238. 	if (((uint64_t)data_left_to_read) > (uint64_t)(encrypted_part_plain.size - offset)) // the request is bigger than what's left in the file
    239. 

  239. 	{
    240. 

  240. 		data_left_to_read = (size_t)(encrypted_part_plain.size - offset);
    241. 

  241. 	}
    242. 

  242. 	size_t data_attempted_to_read = data_left_to_read; // used at the end to return how much we actually read
    243. 

  243. 

  244. 	unsigned char* out_buffer = (unsigned char*)ptr;
    245. 

  245. 

  246. 	// the first block of user data is read from the meta-data encrypted part
    247. 

  247. 	if (offset < MD_USER_DATA_SIZE)
    248. 

  248. 	{
    249. 

  249. 		size_t data_left_in_md = MD_USER_DATA_SIZE - (size_t)offset; // offset is smaller than MD_USER_DATA_SIZE
    250. 

  250. 		if (data_left_to_read <= data_left_in_md)
    251. 

  251. 		{
    252. 

  252. 			memcpy(out_buffer, &encrypted_part_plain.data[offset], data_left_to_read);
    253. 

  253. 			offset += data_left_to_read;
    254. 

  254. 			out_buffer += data_left_to_read; // not needed, to prevent future errors
    255. 

  255. 			data_left_to_read = 0;
    256. 

  256. 		}
    257. 

  257. 		else
    258. 

  258. 		{
    259. 

  259. 			memcpy(out_buffer, &encrypted_part_plain.data[offset], data_left_in_md);
    260. 

  260. 			offset += data_left_in_md;
    261. 

  261. 			out_buffer += data_left_in_md;
    262. 

  262. 			data_left_to_read -= data_left_in_md;
    263. 

  263. 		}
    264. 

  264. 	}
    265. 

  265. 

  266. 	while (data_left_to_read > 0)
    267. 

  267. 	{
    268. 

  268. 		file_data_node_t* file_data_node = NULL;
    269. 

  269. 		file_data_node = get_data_node(); // return the data node of the current offset, will read it from disk if needed (and also the mht node if needed)
    270. 

  270. 		if (file_data_node == NULL)
    271. 

  271. 			break;
    272. 

  272. 

  273. 		size_t offset_in_node = (offset - MD_USER_DATA_SIZE) % NODE_SIZE;
    274. 

  274. 		size_t data_left_in_node = NODE_SIZE - offset_in_node;
    275. 

  275. 		
    276. 

  276. 		if (data_left_to_read <= data_left_in_node)
    277. 

  277. 		{
    278. 

  278. 			memcpy(out_buffer, &file_data_node->plain.data[offset_in_node], data_left_to_read);
    279. 

  279. 			offset += data_left_to_read;
    280. 

  280. 			out_buffer += data_left_to_read; // not needed, to prevent future errors
    281. 

  281. 			data_left_to_read = 0;
    282. 

  282. 		}
    283. 

  283. 		else
    284. 

  284. 		{
    285. 

  285. 			memcpy(out_buffer, &file_data_node->plain.data[offset_in_node], data_left_in_node);
    286. 

  286. 			offset += data_left_in_node;
    287. 

  287. 			out_buffer += data_left_in_node;
    288. 

  288. 			data_left_to_read -= data_left_in_node;
    289. 

  289. 

  290. 		}
    291. 

  291. 	}
    292. 

  292. 

  293. 	sgx_thread_mutex_unlock(&mutex);
    294. 

  294. 

  295. 	if (data_left_to_read == 0 &&
    296. 

  296. 		data_attempted_to_read != (size * count)) // user wanted to read more and we had to shrink the request
    297. 

  297. 	{
    298. 

  298. 		assert(offset == encrypted_part_plain.size);
    299. 

  299. 		end_of_file = true;
    300. 

  300. 	}
    301. 

  301. 

  302. 	size_t ret_count = (data_attempted_to_read - data_left_to_read) / size;
    303. 

  303. 	return ret_count;
    304. 

  304. }
    305. 

  305. 

  306. 

  307. // this is a very 'specific' function, tied to the architecture of the file layout, returning the node numbers according to the offset in the file 
    308. 

  308. void get_node_numbers(uint64_t offset, uint64_t* mht_node_number, uint64_t* data_node_number, 
    309. 

  309. 					 uint64_t* physical_mht_node_number, uint64_t* physical_data_node_number)
    310. 

  310. {
    311. 

  311. 	// node 0 - meta data node
    312. 

  312. 	// node 1 - mht
    313. 

  313. 	// nodes 2-97 - data (ATTACHED_DATA_NODES_COUNT == 96)
    314. 

  314. 	// node 98 - mht
    315. 

  315. 	// node 99-195 - data
    316. 

  316. 	// etc.
    317. 

  317. 	uint64_t _mht_node_number;
    318. 

  318. 	uint64_t _data_node_number;
    319. 

  319. 	uint64_t _physical_mht_node_number;
    320. 

  320. 	uint64_t _physical_data_node_number;
    321. 

  321. 

  322. 	assert(offset >= MD_USER_DATA_SIZE);
    323. 

  323. 

  324. 	_data_node_number = (offset - MD_USER_DATA_SIZE) / NODE_SIZE;
    325. 

  325. 	_mht_node_number = _data_node_number / ATTACHED_DATA_NODES_COUNT;
    326. 

  326. 	_physical_data_node_number = _data_node_number
    327. 

  327. 								+ 1 // meta data node
    328. 

  328. 								+ 1 // mht root
    329. 

  329. 								+ _mht_node_number; // number of mht nodes in the middle (the root mht mht_node_number is 0)
    330. 

  330. 	_physical_mht_node_number = _physical_data_node_number
    331. 

  331. 								- _data_node_number % ATTACHED_DATA_NODES_COUNT // now we are at the first data node attached to this mht node
    332. 

  332. 								- 1; // and now at the mht node itself!
    333. 

  333. 

  334. 	if (mht_node_number != NULL) *mht_node_number = _mht_node_number;
    335. 

  335. 	if (data_node_number != NULL) *data_node_number = _data_node_number;
    336. 

  336. 	if (physical_mht_node_number != NULL) *physical_mht_node_number = _physical_mht_node_number;
    337. 

  337. 	if (physical_data_node_number != NULL) *physical_data_node_number = _physical_data_node_number;
    338. 

  338. }
    339. 

  339. 

  340. 

  341. file_data_node_t* protected_fs_file::get_data_node()
    342. 

  342. {
    343. 

  343. 	file_data_node_t* file_data_node = NULL;
    344. 

  344. 

  345. 	if (offset < MD_USER_DATA_SIZE)
    346. 

  346. 	{
    347. 

  347. 		last_error = SGX_ERROR_UNEXPECTED;
    348. 

  348. 		return NULL;
    349. 

  349. 	}
    350. 

  350. 

  351. 	if ((offset - MD_USER_DATA_SIZE) % NODE_SIZE == 0 && 
    352. 

  352. 		offset == encrypted_part_plain.size)
    353. 

  353. 	{// new node
    354. 

  354. 		file_data_node = append_data_node();
    355. 

  355. 	}
    356. 

  356. 	else
    357. 

  357. 	{// existing node
    358. 

  358. 		file_data_node = read_data_node();
    359. 

  359. 	}
    360. 

  360. 

  361. 	// bump all the parents mht to reside before the data node in the cache
    362. 

  362. 	if (file_data_node != NULL)
    363. 

  363. 	{
    364. 

  364. 		file_mht_node_t* file_mht_node = file_data_node->parent;
    365. 

  365. 		while (file_mht_node->mht_node_number != 0)
    366. 

  366. 		{
    367. 

  367. 			cache.get(file_mht_node->physical_node_number); // bump the mht node to the head of the lru
    368. 

  368. 			file_mht_node = file_mht_node->parent;
    369. 

  369. 		}
    370. 

  370. 	}
    371. 

  371. 

  372. 	// even if we didn't get the required data_node, we might have read other nodes in the process
    373. 

  373. 	while (cache.size() > MAX_PAGES_IN_CACHE)
    374. 

  374. 	{
    375. 

  375. 		void* data = cache.get_last();
    376. 

  376. 		assert(data != NULL);
    377. 

  377. 		// for production - 
    378. 

  378. 		if (data == NULL)
    379. 

  379. 		{
    380. 

  380. 			last_error = SGX_ERROR_UNEXPECTED;
    381. 

  381. 			return NULL;
    382. 

  382. 		}
    383. 

  383. 		if (((file_data_node_t*)data)->need_writing == false) // need_writing is in the same offset in both node types
    384. 

  384. 		{
    385. 

  385. 			cache.remove_last();
    386. 

  386. 

  387. 			// before deleting the memory, need to scrub the plain secrets
    388. 

  388. 			if (((file_data_node_t*)data)->type == FILE_DATA_NODE_TYPE) // type is in the same offset in both node types
    389. 

  389. 			{
    390. 

  390. 				file_data_node_t* file_data_node1 = (file_data_node_t*)data;
    391. 

  391. 				memset_s(&file_data_node1->plain, sizeof(data_node_t), 0, sizeof(data_node_t));
    392. 

  392. 				delete file_data_node1;
    393. 

  393. 			}
    394. 

  394. 			else
    395. 

  395. 			{
    396. 

  396. 				file_mht_node_t* file_mht_node = (file_mht_node_t*)data;
    397. 

  397. 				memset_s(&file_mht_node->plain, sizeof(mht_node_t), 0, sizeof(mht_node_t));
    398. 

  398. 				delete file_mht_node;
    399. 

  399. 			}
    400. 

  400. 		}
    401. 

  401. 		else
    402. 

  402. 		{
    403. 

  403. 			if (internal_flush(/*false,*/ false) == false) // error, can't flush cache, file status changed to error
    404. 

  404. 			{
    405. 

  405. 				assert(file_status != SGX_FILE_STATUS_OK);
    406. 

  406. 				if (file_status == SGX_FILE_STATUS_OK)
    407. 

  407. 					file_status = SGX_FILE_STATUS_FLUSH_ERROR; // for release set this anyway
    408. 

  408. 				return NULL; // even if we got the data_node!
    409. 

  409. 			}
    410. 

  410. 		}
    411. 

  411. 	}
    412. 

  412. 	
    413. 

  413. 	return file_data_node;
    414. 

  414. }
    415. 

  415. 

  416. 

  417. file_data_node_t* protected_fs_file::append_data_node()
    418. 

  418. {
    419. 

  419. 	file_mht_node_t* file_mht_node = get_mht_node();
    420. 

  420. 	if (file_mht_node == NULL) // some error happened
    421. 

  421. 		return NULL;
    422. 

  422. 

  423. 	file_data_node_t* new_file_data_node = NULL;
    424. 

  424. 

  425. 	try {
    426. 

  426. 		new_file_data_node = new file_data_node_t;
    427. 

  427. 	}
    428. 

  428. 	catch (std::bad_alloc& e) {
    429. 

  429. 		(void)e; // remove warning
    430. 

  430. 		last_error = ENOMEM;
    431. 

  431. 		return NULL;
    432. 

  432. 	}
    433. 

  433. 	memset(new_file_data_node, 0, sizeof(file_data_node_t));
    434. 

  434. 

  435. 	new_file_data_node->type = FILE_DATA_NODE_TYPE;
    436. 

  436. 	new_file_data_node->new_node = true;
    437. 

  437. 	new_file_data_node->parent = file_mht_node;
    438. 

  438. 	get_node_numbers(offset, NULL, &new_file_data_node->data_node_number, NULL, &new_file_data_node->physical_node_number);
    439. 

  439. 

  440. 	if (cache.add(new_file_data_node->physical_node_number, new_file_data_node) == false)
    441. 

  441. 	{
    442. 

  442. 		delete new_file_data_node;
    443. 

  443. 		last_error = ENOMEM;
    444. 

  444. 		return NULL;
    445. 

  445. 	}
    446. 

  446. 

  447. 	return new_file_data_node;
    448. 

  448. }
    449. 

  449. 

  450. 

  451. file_data_node_t* protected_fs_file::read_data_node()
    452. 

  452. {
    453. 

  453. 	uint64_t data_node_number;
    454. 

  454. 	uint64_t physical_node_number;
    455. 

  455. 	file_mht_node_t* file_mht_node;
    456. 

  456. 	int32_t result32;
    457. 

  457. 	sgx_status_t status;
    458. 

  458. 

  459. 	get_node_numbers(offset, NULL, &data_node_number, NULL, &physical_node_number);
    460. 

  460. 

  461. 	file_data_node_t* file_data_node = (file_data_node_t*)cache.get(physical_node_number);
    462. 

  462. 	if (file_data_node != NULL)
    463. 

  463. 		return file_data_node;
    464. 

  464. 	
    465. 

  465. 	// need to read the data node from the disk
    466. 

  466. 

  467. 	file_mht_node = get_mht_node();
    468. 

  468. 	if (file_mht_node == NULL) // some error happened
    469. 

  469. 		return NULL;
    470. 

  470. 

  471. 	try {
    472. 

  472. 		file_data_node = new file_data_node_t;
    473. 

  473. 	}
    474. 

  474. 	catch (std::bad_alloc& e) {
    475. 

  475. 		(void)e; // remove warning
    476. 

  476. 		last_error = ENOMEM;
    477. 

  477. 		return NULL;
    478. 

  478. 	}
    479. 

  479. 	memset(file_data_node, 0, sizeof(file_data_node_t));
    480. 

  480. 	file_data_node->type = FILE_DATA_NODE_TYPE;
    481. 

  481. 	file_data_node->data_node_number = data_node_number;
    482. 

  482. 	file_data_node->physical_node_number = physical_node_number;
    483. 

  483. 	file_data_node->parent = file_mht_node;
    484. 

  484. 		
    485. 

  485. 	status = u_sgxprotectedfs_fread_node(&result32, file, file_data_node->physical_node_number, file_data_node->encrypted.cipher, NODE_SIZE);
    486. 

  486. 	if (status != SGX_SUCCESS || result32 != 0)
    487. 

  487. 	{
    488. 

  488. 		delete file_data_node;
    489. 

  489. 		last_error = (status != SGX_SUCCESS) ? status : 
    490. 

  490. 					 (result32 != -1) ? result32 : EIO;
    491. 

  491. 		return NULL;
    492. 

  492. 	}
    493. 

  493. 

  494. 	gcm_crypto_data_t* gcm_crypto_data = &file_data_node->parent->plain.data_nodes_crypto[file_data_node->data_node_number % ATTACHED_DATA_NODES_COUNT];
    495. 

  495. 

  496. 	// this function decrypt the data _and_ checks the integrity of the data against the gmac
    497. 

  497. 	status = sgx_rijndael128GCM_decrypt(&gcm_crypto_data->key, file_data_node->encrypted.cipher, NODE_SIZE, file_data_node->plain.data, empty_iv, SGX_AESGCM_IV_SIZE, NULL, 0, &gcm_crypto_data->gmac);
    498. 

  498. 	if (status != SGX_SUCCESS)
    499. 

  499. 	{
    500. 

  500. 		delete file_data_node;
    501. 

  501. 		last_error = status;
    502. 

  502. 		if (status == SGX_ERROR_MAC_MISMATCH)
    503. 

  503. 		{
    504. 

  504. 			file_status = SGX_FILE_STATUS_CORRUPTED;
    505. 

  505. 		}
    506. 

  506. 		return NULL;
    507. 

  507. 	}
    508. 

  508. 		
    509. 

  509. 	if (cache.add(file_data_node->physical_node_number, file_data_node) == false)
    510. 

  510. 	{
    511. 

  511. 		memset_s(&file_data_node->plain, sizeof(data_node_t), 0, sizeof(data_node_t)); // scrub the plaintext data
    512. 

  512. 		delete file_data_node;
    513. 

  513. 		last_error = ENOMEM;
    514. 

  514. 		return NULL;
    515. 

  515. 	}
    516. 

  516. 

  517. 	return file_data_node;
    518. 

  518. }
    519. 

  519. 

  520. 

  521. file_mht_node_t* protected_fs_file::get_mht_node()
    522. 

  522. {
    523. 

  523. 	file_mht_node_t* file_mht_node;
    524. 

  524. 	uint64_t mht_node_number;
    525. 

  525. 	uint64_t physical_mht_node_number;
    526. 

  526. 

  527. 	if (offset < MD_USER_DATA_SIZE)
    528. 

  528. 	{
    529. 

  529. 		last_error = SGX_ERROR_UNEXPECTED;
    530. 

  530. 		return NULL;
    531. 

  531. 	}
    532. 

  532. 

  533. 	get_node_numbers(offset, &mht_node_number, NULL, &physical_mht_node_number, NULL);
    534. 

  534. 

  535. 	if (mht_node_number == 0)
    536. 

  536. 		return &root_mht;
    537. 

  537. 

  538. 	// file is constructed from 128*4KB = 512KB per MHT node.
    539. 

  539. 	if ((offset - MD_USER_DATA_SIZE) % (ATTACHED_DATA_NODES_COUNT * NODE_SIZE) == 0 && 
    540. 

  540. 		 offset == encrypted_part_plain.size)
    541. 

  541. 	{
    542. 

  542. 		file_mht_node = append_mht_node(mht_node_number);
    543. 

  543. 	}
    544. 

  544. 	else
    545. 

  545. 	{
    546. 

  546. 		file_mht_node = read_mht_node(mht_node_number);
    547. 

  547. 	}
    548. 

  548. 

  549. 	return file_mht_node;
    550. 

  550. }
    551. 

  551. 

  552. 

  553. file_mht_node_t* protected_fs_file::append_mht_node(uint64_t mht_node_number)
    554. 

  554. {
    555. 

  555. 	file_mht_node_t* parent_file_mht_node = read_mht_node((mht_node_number - 1) / CHILD_MHT_NODES_COUNT);
    556. 

  556. 	if (parent_file_mht_node == NULL) // some error happened
    557. 

  557. 		return NULL;
    558. 

  558. 

  559. 	uint64_t physical_node_number = 1 + // meta data node
    560. 

  560. 										mht_node_number * (1 + ATTACHED_DATA_NODES_COUNT); // the '1' is for the mht node preceding every 96 data nodes
    561. 

  561. 

  562. 	file_mht_node_t* new_file_mht_node = NULL;
    563. 

  563. 	try {
    564. 

  564. 		new_file_mht_node = new file_mht_node_t;
    565. 

  565. 	}
    566. 

  566. 	catch (std::bad_alloc& e) {
    567. 

  567. 		(void)e; // remove warning
    568. 

  568. 		last_error = ENOMEM;
    569. 

  569. 		return NULL;
    570. 

  570. 	}
    571. 

  571. 	memset(new_file_mht_node, 0, sizeof(file_mht_node_t));
    572. 

  572. 

  573. 	new_file_mht_node->type = FILE_MHT_NODE_TYPE;
    574. 

  574. 	new_file_mht_node->new_node = true;
    575. 

  575. 	new_file_mht_node->parent = parent_file_mht_node;
    576. 

  576. 	new_file_mht_node->mht_node_number = mht_node_number;
    577. 

  577. 	new_file_mht_node->physical_node_number = physical_node_number;
    578. 

  578. 

  579. 	if (cache.add(new_file_mht_node->physical_node_number, new_file_mht_node) == false)
    580. 

  580. 	{
    581. 

  581. 		delete new_file_mht_node;
    582. 

  582. 		last_error = ENOMEM;
    583. 

  583. 		return NULL;
    584. 

  584. 	}
    585. 

  585. 	
    586. 

  586. 	return new_file_mht_node;
    587. 

  587. }
    588. 

  588. 

  589. 

  590. file_mht_node_t* protected_fs_file::read_mht_node(uint64_t mht_node_number)
    591. 

  591. {
    592. 

  592. 	int32_t result32;
    593. 

  593. 	sgx_status_t status;
    594. 

  594. 

  595. 	if (mht_node_number == 0)
    596. 

  596. 		return &root_mht;
    597. 

  597. 

  598. 	uint64_t physical_node_number = 1 + // meta data node
    599. 

  599. 										mht_node_number * (1 + ATTACHED_DATA_NODES_COUNT); // the '1' is for the mht node preceding every 96 data nodes
    600. 

  600. 

  601. 	file_mht_node_t* file_mht_node = (file_mht_node_t*)cache.find(physical_node_number);
    602. 

  602. 	if (file_mht_node != NULL)
    603. 

  603. 		return file_mht_node;
    604. 

  604. 

  605. 	file_mht_node_t* parent_file_mht_node = read_mht_node((mht_node_number - 1) / CHILD_MHT_NODES_COUNT);
    606. 

  606. 	if (parent_file_mht_node == NULL) // some error happened
    607. 

  607. 		return NULL;
    608. 

  608. 

  609. 	try {
    610. 

  610. 		file_mht_node = new file_mht_node_t;
    611. 

  611. 	}
    612. 

  612. 	catch (std::bad_alloc& e) {
    613. 

  613. 		(void)e; // remove warning
    614. 

  614. 		last_error = ENOMEM;
    615. 

  615. 		return NULL;
    616. 

  616. 	}
    617. 

  617. 	memset(file_mht_node, 0, sizeof(file_mht_node_t));
    618. 

  618. 	file_mht_node->type = FILE_MHT_NODE_TYPE;
    619. 

  619. 	file_mht_node->mht_node_number = mht_node_number;
    620. 

  620. 	file_mht_node->physical_node_number = physical_node_number;
    621. 

  621. 	file_mht_node->parent = parent_file_mht_node;
    622. 

  622. 		
    623. 

  623. 	status = u_sgxprotectedfs_fread_node(&result32, file, file_mht_node->physical_node_number, file_mht_node->encrypted.cipher, NODE_SIZE);
    624. 

  624. 	if (status != SGX_SUCCESS || result32 != 0)
    625. 

  625. 	{
    626. 

  626. 		delete file_mht_node;
    627. 

  627. 		last_error = (status != SGX_SUCCESS) ? status : 
    628. 

  628. 					 (result32 != -1) ? result32 : EIO;
    629. 

  629. 		return NULL;
    630. 

  630. 	}
    631. 

  631. 	
    632. 

  632. 	gcm_crypto_data_t* gcm_crypto_data = &file_mht_node->parent->plain.mht_nodes_crypto[(file_mht_node->mht_node_number - 1) % CHILD_MHT_NODES_COUNT];
    633. 

  633. 

  634. 	// this function decrypt the data _and_ checks the integrity of the data against the gmac
    635. 

  635. 	status = sgx_rijndael128GCM_decrypt(&gcm_crypto_data->key, file_mht_node->encrypted.cipher, NODE_SIZE, (uint8_t*)&file_mht_node->plain, empty_iv, SGX_AESGCM_IV_SIZE, NULL, 0, &gcm_crypto_data->gmac);
    636. 

  636. 	if (status != SGX_SUCCESS)
    637. 

  637. 	{
    638. 

  638. 		delete file_mht_node;
    639. 

  639. 		last_error = status;
    640. 

  640. 		if (status == SGX_ERROR_MAC_MISMATCH)
    641. 

  641. 		{
    642. 

  642. 			file_status = SGX_FILE_STATUS_CORRUPTED;
    643. 

  643. 		}
    644. 

  644. 		return NULL;
    645. 

  645. 	}
    646. 

  646. 

  647. 	if (cache.add(file_mht_node->physical_node_number, file_mht_node) == false)
    648. 

  648. 	{
    649. 

  649. 		memset_s(&file_mht_node->plain, sizeof(mht_node_t), 0, sizeof(mht_node_t));
    650. 

  650. 		delete file_mht_node;
    651. 

  651. 		last_error = ENOMEM;
    652. 

  652. 		return NULL;
    653. 

  653. 	}
    654. 

  654. 

  655. 	return file_mht_node;
    656. 

  656. }
    657. 

  657.