github.com/epfl-dcsl/gotee@v0.0.0-20200909122901-014b35f5e5e9/src/gosec/isgx.go

github.com/epfl-dcsl/gotee@v0.0.0-20200909122901-014b35f5e5e9/src/gosec/isgx.go (about)

     1  package gosec
     2  
     3  import (
     4  	"debug/elf"
     5  	"fmt"
     6  	"runtime"
     7  )
     8  
     9  //Not really used, just here for documentation.
    10  const (
    11  	SGX_ENCLU_EENTER  = 0x02
    12  	SGX_ENCLU_ERESUME = 0x03
    13  	SGX_ENCLU_EXIT    = 0x04
    14  )
    15  
    16  const (
    17  	PAGE_READ     = 0x1
    18  	PAGE_WRITE    = 0x2
    19  	PAGE_EXEC     = 0x4
    20  	PAGE_TCS      = 0x8
    21  	PAGE_NOEXTEND = 0x10
    22  )
    23  
    24  const (
    25  	SGX_SECINFO_R = 0x01
    26  	SGX_SECINFO_W = 0x02
    27  	SGX_SECINFO_X = 0x04
    28  )
    29  
    30  const (
    31  	SGX_SECINFO_SECS = 0x000
    32  	SGX_SECINFO_TCS  = 0x100
    33  	SGX_SECINFO_REG  = 0x200
    34  )
    35  
    36  const (
    37  	SGX_FS_LIMIT = 0xffffffff
    38  	SGX_GS_LIMIT = 0xffffffff
    39  )
    40  
    41  const (
    42  	TCS_N_SSA = 2
    43  )
    44  
    45  // Sizes for the different elements
    46  const (
    47  	STACK_SIZE  = 0x8000
    48  	TCS_SIZE    = PSIZE
    49  	SSA_SIZE    = PSIZE
    50  	MSGX_SIZE   = PSIZE
    51  	TLS_SIZE    = PSIZE
    52  	MEMBUF_SIZE = runtime.MEMBUF_SIZE //(PSIZE * 300)
    53  )
    54  
    55  // Offsets are of the form FROM_TO_OFF = VALUE
    56  const (
    57  	STACK_TCS_OFF   = PSIZE
    58  	TCS_SSA_OFF     = 0
    59  	SSA_MSGX_OFF    = PSIZE
    60  	MSGX_TLS_OFF    = 0
    61  	TLS_MHSTART_OFF = PSIZE
    62  )
    63  
    64  // Elf.Symbol.Name to find addresses
    65  const (
    66  	mtlsArrayName = "runtime.enclaveMsgxTlsArr"
    67  )
    68  
    69  var (
    70  	RT_M0 = uintptr(0)
    71  )
    72  
    73  type sgx_enclave_create struct {
    74  	src uint64
    75  }
    76  
    77  type sgx_enclave_init struct {
    78  	addr       uint64
    79  	sigstruct  uint64
    80  	einittoken uint64
    81  }
    82  
    83  type sgx_enclave_add_page struct {
    84  	addr    uint64
    85  	src     uint64
    86  	secinfo uint64
    87  	mrmask  uint16 //bitmask for the 256 byte chunks that are to be measured
    88  }
    89  
    90  type isgx_secinfo struct {
    91  	flags    uint64
    92  	reserved [7]uint64
    93  }
    94  
    95  type sgx_wrapper struct {
    96  	base    uintptr
    97  	siz     uintptr
    98  	tcss    []sgx_tcs_info
    99  	mhstart uintptr // 0x1000
   100  	mhsize  uintptr // 0x108000
   101  	membuf  uintptr // To satisfy map(nil) requests
   102  	alloc   []byte
   103  	secs    *secs_t
   104  	isSim   bool
   105  	entry   uintptr // where to jump (asm_eenter or file.Entry)
   106  	mtlsarr uintptr
   107  }
   108  
   109  type sgx_tcs_info = runtime.SgxTCSInfo
   110  
   111  func (s *sgx_wrapper) DumpDebugInfo() {
   112  	if runtime.Cooprt != nil {
   113  		fmt.Printf("Cooprt at %p\n", runtime.Cooprt)
   114  		fmt.Printf("Cooprt.Ecall %p, Cooprt.Ocall %p\n", runtime.Cooprt.EcallSrv, runtime.Cooprt.Ocall)
   115  		fmt.Printf("Unsafe allocation: %x, size: %x\n", runtime.Cooprt.StartUnsafe, runtime.Cooprt.SizeUnsafe)
   116  	}
   117  	fmt.Printf("[DEBUG-INFO] wrapper at %p\n", s)
   118  	fmt.Printf("{base: %x, siz: %x, mhstart: %x, mhsize: %x}\n", s.base, s.siz, s.mhstart, s.mhsize)
   119  	for _, tcs := range s.tcss {
   120  		fmt.Printf("stack: %x, ssiz: %x, tcs: %x, msgx: %x, tls: %x\n", tcs.Stack,
   121  			tcs.Ssiz, tcs.Tcs, tcs.Msgx, tcs.Tls)
   122  	}
   123  }
   124  
   125  func (s *sgx_wrapper) defaultTcs() *sgx_tcs_info {
   126  	if s.tcss == nil || len(s.tcss) == 0 {
   127  		panic("Early call to get defaulttcs")
   128  	}
   129  	return &s.tcss[0]
   130  }
   131  
   132  func transposeOutWrapper(wrap *sgx_wrapper) *sgx_wrapper {
   133  	trans := &sgx_wrapper{
   134  		transposeOut(wrap.base), wrap.siz, nil,
   135  		transposeOut(wrap.mhstart), wrap.mhsize,
   136  		transposeOut(wrap.membuf), nil, wrap.secs, wrap.isSim,
   137  		wrap.entry, transposeOut(wrap.mtlsarr)}
   138  
   139  	trans.tcss = make([]sgx_tcs_info, len(wrap.tcss))
   140  	for i := 0; i < len(wrap.tcss); i++ {
   141  		trans.tcss[i] = transposeOutTCS(wrap.tcss[i])
   142  	}
   143  	return trans
   144  }
   145  
   146  func transposeOutTCS(orig sgx_tcs_info) sgx_tcs_info {
   147  	return sgx_tcs_info{
   148  		transposeOut(orig.Stack), orig.Ssiz, transposeOut(orig.Tcs),
   149  		transposeOut(orig.Ssa), transposeOut(orig.Msgx), transposeOut(orig.Tls),
   150  		orig.Rdi, orig.Rsi,
   151  		transposeOut(orig.Entry), orig.Used}
   152  }
   153  
   154  // getMtlsArr finds the address of the array that we leverage to put MSGX | TLS
   155  // pages in the enclave as part of the bss segment.
   156  func getMtlsArr(file *elf.File) uintptr {
   157  	syms, err := file.Symbols()
   158  	check(err)
   159  	for _, s := range syms {
   160  		if s.Name == mtlsArrayName {
   161  			return uintptr(palign(s.Value, false))
   162  		}
   163  	}
   164  	//Unable to find the symbol.
   165  	panic("isgx was unable to find the enclaveMsgxTlsArr symbol address.")
   166  	return uintptr(0)
   167  }