This is an automated email from the ASF dual-hosted git repository.
rduan pushed a commit to branch v2.0.0-preview
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
The following commit(s) were added to refs/heads/v2.0.0-preview by this push:
new 13c8b899 Support KSS in simulation mode
13c8b899 is described below
commit 13c8b89910be14065349a6048563e39ec09344ac
Author: volcano <[email protected]>
AuthorDate: Thu Sep 29 11:09:34 2022 +0800
Support KSS in simulation mode
---
sgx_serialize/src/types.rs | 27 ++++-
sgx_trts/src/inst/sim/derive.rs | 136 ++++++++---------------
sgx_trts/src/inst/sim/inst.rs | 238 +++++++++++++++++++++++++++-------------
sgx_trts/src/inst/sim/mod.rs | 19 +++-
sgx_trts/src/se/key.rs | 10 +-
sgx_trts/src/se/report.rs | 8 +-
sgx_types/src/types/mod.rs | 29 ++++-
7 files changed, 282 insertions(+), 185 deletions(-)
diff --git a/sgx_serialize/src/types.rs b/sgx_serialize/src/types.rs
index b226ad68..1d35ef6d 100644
--- a/sgx_serialize/src/types.rs
+++ b/sgx_serialize/src/types.rs
@@ -22,10 +22,10 @@ use sgx_types::types::{
AlignMac256bit, Key128bit, Key256bit, Mac128bit, Mac256bit,
};
use sgx_types::types::{
- Attributes, AttributesFlags, CpuSvn, KeyId, KeyName, KeyPolicy,
KeyRequest, Measurement,
- MiscAttribute, MiscSelect, Report, Report2, Report2Body, Report2Mac,
ReportBody, ReportData,
- TargetInfo, TeeAttributes, TeeCpuSvn, TeeInfo, TeeMeasurement,
TeeReportData, TeeReportType,
- TeeTcbInfo, TeeTcbSvn,
+ Attributes, AttributesFlags, ConfigId, CpuSvn, KeyId, KeyName, KeyPolicy,
KeyRequest,
+ Measurement, MiscAttribute, MiscSelect, Report, Report2, Report2Body,
Report2Mac, ReportBody,
+ ReportData, TargetInfo, TeeAttributes, TeeCpuSvn, TeeInfo, TeeMeasurement,
TeeReportData,
+ TeeReportType, TeeTcbInfo, TeeTcbSvn,
};
use sgx_types::types::{BaseName, PsSecPropDesc, QuoteNonce, Spid};
use sgx_types::types::{Ec256PrivateKey, Ec256PublicKey, Ec256SharedKey,
Ec256Signature};
@@ -782,6 +782,25 @@ impl Decodable for CpuSvn {
}
}
+impl Encodable for ConfigId {
+ fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
+ let ConfigId { id: ref _id } = *self;
+ e.emit_struct("ConfigId", 1usize, |e| -> _ {
+ e.emit_struct_field("id", 0usize, |e| -> _ {
Encodable::encode(&*_id, e) })
+ })
+ }
+}
+
+impl Decodable for ConfigId {
+ fn decode<D: Decoder>(d: &mut D) -> Result<ConfigId, D::Error> {
+ d.read_struct("ConfigId", 1usize, |d| -> _ {
+ Ok(ConfigId {
+ id: d.read_struct_field("id", 0usize, Decodable::decode)?,
+ })
+ })
+ }
+}
+
impl Encodable for TeeAttributes {
fn encode<S: Encoder>(&self, e: &mut S) -> Result<(), S::Error> {
let TeeAttributes { a: ref _a } = *self;
diff --git a/sgx_trts/src/inst/sim/derive.rs b/sgx_trts/src/inst/sim/derive.rs
index 8f3ab009..fdf027a6 100644
--- a/sgx_trts/src/inst/sim/derive.rs
+++ b/sgx_trts/src/inst/sim/derive.rs
@@ -19,7 +19,10 @@ use crate::arch::Align16;
use crate::error::abort;
use crate::se::AlignKey;
use sgx_crypto_sys::sgx_rijndael128_cmac_msg;
-use sgx_types::types::{Attributes, CpuSvn, Key128bit, KeyId, KeyName, Mac,
Measurement};
+use sgx_types::types::{
+ Attributes, ConfigId, CpuSvn, IsvExtProdId, IsvFamilyId, Key128bit, KeyId,
KeyName, KeyPolicy,
+ Mac, Measurement, MiscSelect,
+};
pub const OWNEREPOCH_SIZE: usize = 16;
@@ -27,70 +30,61 @@ pub type SeOwnerEpoch = [u8; OWNEREPOCH_SIZE];
impl_struct! {
#[repr(C)]
- #[derive(Debug, Eq, PartialEq)]
- pub struct DerivSealKey {
+ #[derive(Debug)]
+ pub struct DeriveData {
pub key_name: KeyName,
- pub _pad1: [u8; 6],
+ pub isv_svn: u16,
+ pub isv_prod_id: u16,
+ pub config_svn: u16,
pub attributes: Attributes,
pub attribute_mask: Attributes,
+ pub misc_select: MiscSelect,
+ pub misc_mask: u32,
pub csr_owner_epoch: SeOwnerEpoch,
pub cpu_svn: CpuSvn,
- pub isv_svn: u16,
- pub isv_prod_id: u16,
pub mr_enclave: Measurement,
pub mr_signer: Measurement,
+ pub isv_family_id: IsvFamilyId,
+ pub isv_ext_prod_id: IsvExtProdId,
+ pub config_id: ConfigId,
pub key_id: KeyId,
- pub _pad2: [u8; 4],
+ pub key_policy: KeyPolicy,
+ pub _pad: [u8; 6],
}
+}
- #[repr(C)]
- #[derive(Debug, Eq, PartialEq)]
- pub struct DerivReportKey {
- pub key_name: KeyName,
- pub _pad1: [u8; 6],
- pub attributes: Attributes,
- pub csr_owner_epoch: SeOwnerEpoch,
- pub mr_enclave: Measurement,
- pub cpu_svn: CpuSvn,
- pub key_id: KeyId,
- }
+impl_asref_array! {
+ DeriveData;
+}
- #[repr(C)]
- #[derive(Debug, Eq, PartialEq)]
- pub struct DerivLicenseKey {
- pub key_name: KeyName,
- pub _pad1: [u8; 6],
- pub attributes: Attributes,
- pub csr_owner_epoch: SeOwnerEpoch,
- pub cpu_svn: CpuSvn,
- pub isv_svn: u16,
- pub isv_prod_id: u16,
- pub key_id: KeyId,
- pub _pad2: [u8; 4],
+impl DeriveData {
+ pub fn derive_key(&self) -> AlignKey {
+ let mut key = AlignKey::default();
+ let status = unsafe {
+ sgx_rijndael128_cmac_msg(
+ &self.base_key().0 as *const Key128bit,
+ self.as_ref().as_ptr(),
+ self.as_ref().len() as u32,
+ &mut key.0 as *mut _,
+ )
+ };
+ if !status.is_success() {
+ abort();
+ }
+ key
}
- #[repr(C)]
- #[derive(Debug, Eq, PartialEq)]
- pub struct DerivProvisionKey {
- pub key_name: KeyName,
- pub _pad1: [u8; 6],
- pub attributes: Attributes,
- pub attribute_mask: Attributes,
- pub cpu_svn: CpuSvn,
- pub isv_svn: u16,
- pub isv_prod_id: u16,
- pub mr_signer: Measurement,
- pub _pad2: [u8; 4],
+ pub fn base_key(&self) -> AlignKey {
+ match self.key_name {
+ KeyName::EInitToken => BASE_EINITTOKEN_KEY,
+ KeyName::Provision => BASE_PROVISION_KEY,
+ KeyName::ProvisionSeal => BASE_PROV_SEAL_KEY,
+ KeyName::Report => BASE_REPORT_KEY,
+ KeyName::Seal => BASE_SEAL_KEY,
+ }
}
}
-impl_asref_array! {
- DerivSealKey;
- DerivReportKey;
- DerivLicenseKey;
- DerivProvisionKey;
-}
-
// The built-in seal key in simulation mode
const BASE_SEAL_KEY: AlignKey = Align16([
0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xaa, 0xbb,
0xcc, 0xdd, 0xee, 0xff,
@@ -116,50 +110,6 @@ const BASE_PROV_SEAL_KEY: AlignKey = Align16([
0x50, 0x52, 0x4f, 0x56, 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x53, 0x45, 0x41,
0x4c, 0x4b, 0x45, 0x59,
]);
-pub trait DeriveKey {
- fn derive_key(&self) -> AlignKey;
- fn base_key(&self) -> AlignKey;
-}
-
-macro_rules! impl_derive_key {
- ($($t:ty;)*) => {$(
- impl DeriveKey for $t {
- fn derive_key(&self) -> AlignKey {
- let mut key = AlignKey::default();
- let status = unsafe {
- sgx_rijndael128_cmac_msg(
- &self.base_key().0 as *const Key128bit,
- self.as_ref().as_ptr(),
- self.as_ref().len() as u32,
- &mut key.0 as *mut _,
- )
- };
- if !status.is_success() {
- abort();
- }
- key
- }
-
- fn base_key(&self) -> AlignKey {
- match self.key_name {
- KeyName::EInitToken => BASE_EINITTOKEN_KEY,
- KeyName::Provision => BASE_PROVISION_KEY,
- KeyName::ProvisionSeal => BASE_PROV_SEAL_KEY,
- KeyName::Report => BASE_REPORT_KEY,
- KeyName::Seal => BASE_SEAL_KEY,
- }
- }
- }
- )*}
-}
-
-impl_derive_key! {
- DerivSealKey;
- DerivReportKey;
- DerivLicenseKey;
- DerivProvisionKey;
-}
-
pub fn cmac(key: &AlignKey, buf: &[u8]) -> Mac {
let mut mac = Mac::default();
let status = unsafe {
diff --git a/sgx_trts/src/inst/sim/inst.rs b/sgx_trts/src/inst/sim/inst.rs
index 69464dd8..dc8fb43d 100644
--- a/sgx_trts/src/inst/sim/inst.rs
+++ b/sgx_trts/src/inst/sim/inst.rs
@@ -18,10 +18,8 @@
use crate::arch::{Secinfo, Tcs};
use crate::enclave::EnclaveRange;
use crate::error::abort as gp;
-use crate::inst::sim::derive::{
- self, DerivLicenseKey, DerivProvisionKey, DerivReportKey, DerivSealKey,
DeriveKey, SeOwnerEpoch,
-};
-use crate::inst::sim::{TcsSim, TcsState};
+use crate::inst::sim::derive::{self, DeriveData, SeOwnerEpoch};
+use crate::inst::sim::{GlobalSim, IsvExtId, TcsSim, TcsState};
use crate::inst::{INVALID_ATTRIBUTE, INVALID_CPUSVN, INVALID_ISVSVN,
INVALID_LEAF};
use crate::se::{
AlignKey, AlignKeyRequest, AlignReport, AlignReport2Mac, AlignReportData,
AlignTargetInfo,
@@ -30,7 +28,8 @@ use core::mem;
use core::sync::atomic::Ordering;
use sgx_types::types::KEY_REQUEST_RESERVED2_BYTES;
use sgx_types::types::{
- Attributes, AttributesFlags, CpuSvn, KeyName, KeyPolicy, KeyRequest,
Report, ReportBody,
+ Attributes, AttributesFlags, CpuSvn, KeyName, KeyPolicy, KeyRequest,
MiscSelect, Report,
+ ReportBody,
};
macro_rules! gp_on {
@@ -104,7 +103,7 @@ impl EncluInst {
gp_on!(tcs.is_null());
let tcs = unsafe { &mut *tcs };
- let tcs_sim = TcsSim::get(tcs);
+ let tcs_sim = TcsSim::get_mut(tcs);
// restore the used _tls_array
tcs_sim.restore_td();
@@ -140,15 +139,22 @@ impl EncluInst {
));
gp_on!(!kr.is_enclave_range());
gp_on!(!kr.0.key_policy.is_valid());
- gp_on!(kr
- .0
- .key_policy
- .intersects(!(KeyPolicy::MRENCLAVE | KeyPolicy::MRSIGNER)));
gp_on!(kr.0.reserved1 != 0);
gp_on!(kr.0.reserved2 != [0; KEY_REQUEST_RESERVED2_BYTES]);
- let secs = unsafe { &*(super::GlobalSim::get().secs) };
- let cpu_svn_sim = super::GlobalSim::get().cpu_svn;
+ let secs = unsafe { &*(GlobalSim::get().secs) };
+ let isv_ext_id = IsvExtId::get(secs);
+ let cpu_svn_sim = GlobalSim::get().cpu_svn;
+
+ gp_on!(
+ !secs.attributes.flags.intersects(AttributesFlags::KSS)
+ && (kr
+ .0
+ .key_policy
+ .intersects(KeyPolicy::KSS | KeyPolicy::NOISVPRODID)
+ || kr.0.config_svn > 0)
+ );
+
// Determine which enclave attributes that must be included in the key.
// Attributes that must always be included INIT & DEBUG.
let attributes = Attributes {
@@ -156,6 +162,7 @@ impl EncluInst {
& secs.attributes.flags,
xfrm: kr.0.attribute_mask.xfrm & secs.attributes.xfrm,
};
+ let misc_select =
MiscSelect::from_bits_truncate(secs.misc_select.bits() & kr.0.misc_mask);
// HW supports CPUSVN to be set as 0.
// To be consistent with HW behaviour, we replace the cpusvn as
DEFAULT_CPUSVN if the input cpusvn is 0.
@@ -165,23 +172,33 @@ impl EncluInst {
kr.0.cpu_svn
};
- let key = match kr.0.key_name {
+ let derive_data = match kr.0.key_name {
KeyName::Seal => {
- if kr.0.isv_svn > secs.isv_svn {
- return Err(INVALID_ISVSVN);
- }
- if !Self::check_cpusvn(&kr.0, cpu_svn_sim) {
- return Err(INVALID_CPUSVN);
- }
+ ensure!(
+ secs.isv_svn >= kr.0.isv_svn && secs.config_svn >=
kr.0.config_svn,
+ INVALID_ISVSVN
+ );
+ ensure!(Self::check_cpusvn(&kr.0, cpu_svn_sim),
INVALID_CPUSVN);
- let derive = DerivSealKey {
+ DeriveData {
key_name: kr.0.key_name,
+ config_svn: if
kr.0.key_policy.contains(KeyPolicy::CONFIGID) {
+ kr.0.config_svn
+ } else {
+ Default::default()
+ },
+ isv_svn: kr.0.isv_svn,
+ isv_prod_id: if
kr.0.key_policy.contains(KeyPolicy::NOISVPRODID) {
+ Default::default()
+ } else {
+ secs.isv_prod_id
+ },
attributes,
attribute_mask: kr.0.attribute_mask,
+ misc_select,
+ misc_mask: !kr.0.misc_mask,
csr_owner_epoch: SIMU_OWNER_EPOCH_MSR,
cpu_svn,
- isv_svn: kr.0.isv_svn,
- isv_prod_id: secs.isv_prod_id,
mr_enclave: if
kr.0.key_policy.contains(KeyPolicy::MRENCLAVE) {
secs.mr_enclave
} else {
@@ -192,79 +209,137 @@ impl EncluInst {
} else {
Default::default()
},
+ isv_family_id: if
kr.0.key_policy.contains(KeyPolicy::ISVFAMILYID) {
+ isv_ext_id.isv_family_id
+ } else {
+ Default::default()
+ },
+ isv_ext_prod_id: if
kr.0.key_policy.contains(KeyPolicy::ISVEXTPRODID) {
+ isv_ext_id.isv_ext_prod_id
+ } else {
+ Default::default()
+ },
+ config_id: if
kr.0.key_policy.contains(KeyPolicy::CONFIGID) {
+ secs.config_id
+ } else {
+ Default::default()
+ },
key_id: kr.0.key_id,
+ key_policy: kr.0.key_policy,
..Default::default()
- };
- derive.derive_key()
+ }
}
- KeyName::Report => {
- let derive = DerivReportKey {
+ KeyName::Report => DeriveData {
+ key_name: kr.0.key_name,
+ config_svn: secs.config_svn,
+ attributes: secs.attributes,
+ misc_select: secs.misc_select,
+ csr_owner_epoch: SIMU_OWNER_EPOCH_MSR,
+ mr_enclave: secs.mr_enclave,
+ cpu_svn: cpu_svn_sim,
+ config_id: secs.config_id,
+ key_id: kr.0.key_id,
+ ..Default::default()
+ },
+ KeyName::EInitToken => {
+ ensure!(
+ secs.attributes
+ .flags
+ .contains(AttributesFlags::EINITTOKENKEY),
+ INVALID_ATTRIBUTE
+ );
+ ensure!(secs.isv_svn >= kr.0.isv_svn, INVALID_ISVSVN);
+ ensure!(Self::check_cpusvn(&kr.0, cpu_svn_sim),
INVALID_CPUSVN);
+
+ DeriveData {
key_name: kr.0.key_name,
- attributes: secs.attributes,
+ isv_svn: kr.0.isv_svn,
+ isv_prod_id: secs.isv_prod_id,
+ attributes,
+ misc_select,
csr_owner_epoch: SIMU_OWNER_EPOCH_MSR,
- mr_enclave: secs.mr_enclave,
- cpu_svn: cpu_svn_sim,
+ cpu_svn,
+ mr_signer: secs.mr_signer,
key_id: kr.0.key_id,
..Default::default()
- };
- derive.derive_key()
- }
- KeyName::EInitToken => {
- if !secs
- .attributes
- .flags
- .contains(AttributesFlags::EINITTOKENKEY)
- {
- return Err(INVALID_ATTRIBUTE);
- }
- if kr.0.isv_svn > secs.isv_svn {
- return Err(INVALID_ISVSVN);
- }
- if !Self::check_cpusvn(&kr.0, cpu_svn_sim) {
- return Err(INVALID_CPUSVN);
}
-
- let derive = DerivLicenseKey {
+ }
+ KeyName::Provision => {
+ ensure!(
+ secs.attributes
+ .flags
+ .contains(AttributesFlags::PROVISIONKEY),
+ INVALID_ATTRIBUTE
+ );
+ ensure!(secs.isv_svn >= kr.0.isv_svn, INVALID_ISVSVN);
+ ensure!(Self::check_cpusvn(&kr.0, cpu_svn_sim),
INVALID_CPUSVN);
+
+ DeriveData {
key_name: kr.0.key_name,
- attributes: secs.attributes,
- csr_owner_epoch: SIMU_OWNER_EPOCH_MSR,
- cpu_svn,
isv_svn: kr.0.isv_svn,
isv_prod_id: secs.isv_prod_id,
- key_id: kr.0.key_id,
+ attributes,
+ attribute_mask: kr.0.attribute_mask,
+ misc_select,
+ misc_mask: !kr.0.misc_mask,
+ cpu_svn,
+ mr_signer: secs.mr_signer,
..Default::default()
- };
- derive.derive_key()
- }
- KeyName::Provision | KeyName::ProvisionSeal => {
- if !secs
- .attributes
- .flags
- .contains(AttributesFlags::PROVISIONKEY)
- {
- return Err(INVALID_ATTRIBUTE);
- }
- if kr.0.isv_svn > secs.isv_svn {
- return Err(INVALID_ISVSVN);
}
- if !Self::check_cpusvn(&kr.0, cpu_svn_sim) {
- return Err(INVALID_CPUSVN);
- }
-
- let derive = DerivProvisionKey {
+ }
+ KeyName::ProvisionSeal => {
+ ensure!(
+ secs.attributes
+ .flags
+ .contains(AttributesFlags::PROVISIONKEY),
+ INVALID_ATTRIBUTE
+ );
+ ensure!(
+ secs.isv_svn >= kr.0.isv_svn && secs.config_svn >=
kr.0.config_svn,
+ INVALID_ISVSVN
+ );
+ ensure!(Self::check_cpusvn(&kr.0, cpu_svn_sim),
INVALID_CPUSVN);
+
+ DeriveData {
key_name: kr.0.key_name,
+ config_svn: if
kr.0.key_policy.contains(KeyPolicy::CONFIGID) {
+ kr.0.config_svn
+ } else {
+ Default::default()
+ },
+ isv_svn: kr.0.isv_svn,
+ isv_prod_id: if
kr.0.key_policy.contains(KeyPolicy::NOISVPRODID) {
+ Default::default()
+ } else {
+ secs.isv_prod_id
+ },
attributes,
attribute_mask: kr.0.attribute_mask,
+ misc_select,
+ misc_mask: !kr.0.misc_mask,
cpu_svn,
- isv_svn: kr.0.isv_svn,
- isv_prod_id: secs.isv_prod_id,
mr_signer: secs.mr_signer,
+ isv_family_id: if
kr.0.key_policy.contains(KeyPolicy::ISVFAMILYID) {
+ isv_ext_id.isv_family_id
+ } else {
+ Default::default()
+ },
+ isv_ext_prod_id: if
kr.0.key_policy.contains(KeyPolicy::ISVEXTPRODID) {
+ isv_ext_id.isv_ext_prod_id
+ } else {
+ Default::default()
+ },
+ config_id: if
kr.0.key_policy.contains(KeyPolicy::CONFIGID) {
+ secs.config_id
+ } else {
+ Default::default()
+ },
+ key_policy: kr.0.key_policy,
..Default::default()
- };
- derive.derive_key()
+ }
}
};
- Ok(key)
+ Ok(derive_data.derive_key())
}
pub fn ereport(ti: &AlignTargetInfo, rd: &AlignReportData) ->
Result<AlignReport, u32> {
@@ -279,15 +354,19 @@ impl EncluInst {
gp_on!(!ti.is_enclave_range());
gp_on!(!rd.is_enclave_range());
- let secs = unsafe { &*(super::GlobalSim::get().secs) };
- let cpu_svn_sim = super::GlobalSim::get().cpu_svn;
+ let secs = unsafe { &*(GlobalSim::get().secs) };
+ let isv_ext_id = IsvExtId::get(secs);
+ let cpu_svn_sim = GlobalSim::get().cpu_svn;
- let mut derive = DerivReportKey {
+ let mut derive = DeriveData {
key_name: KeyName::Report,
+ config_svn: ti.0.config_svn,
attributes: ti.0.attributes,
+ misc_select: ti.0.misc_select,
csr_owner_epoch: SIMU_OWNER_EPOCH_MSR,
mr_enclave: secs.mr_enclave,
cpu_svn: cpu_svn_sim,
+ config_id: ti.0.config_id,
..Default::default()
};
let base_key = derive.base_key();
@@ -297,11 +376,16 @@ impl EncluInst {
let mut report = AlignReport(Report {
body: ReportBody {
cpu_svn: cpu_svn_sim,
+ misc_select: secs.misc_select,
+ isv_ext_prod_id: isv_ext_id.isv_ext_prod_id,
attributes: secs.attributes,
mr_enclave: secs.mr_enclave,
mr_signer: secs.mr_signer,
+ config_id: secs.config_id,
isv_prod_id: secs.isv_prod_id,
isv_svn: secs.isv_svn,
+ config_svn: secs.config_svn,
+ isv_family_id: isv_ext_id.isv_family_id,
report_data: rd.0,
..Default::default()
},
diff --git a/sgx_trts/src/inst/sim/mod.rs b/sgx_trts/src/inst/sim/mod.rs
index 6c87832f..e89942b1 100644
--- a/sgx_trts/src/inst/sim/mod.rs
+++ b/sgx_trts/src/inst/sim/mod.rs
@@ -23,7 +23,7 @@ use core::ptr;
use core::sync::atomic::AtomicUsize;
use inst::EncluInst;
use sgx_types::marker::ContiguousMemory;
-use sgx_types::types::CpuSvn;
+use sgx_types::types::{CpuSvn, IsvExtProdId, IsvFamilyId};
pub mod derive;
pub mod inst;
@@ -116,6 +116,21 @@ impl GlobalSim {
}
}
+#[repr(C)]
+#[derive(Debug, Default)]
+pub struct IsvExtId {
+ pub isv_family_id: IsvFamilyId,
+ pub isv_ext_prod_id: IsvExtProdId,
+}
+
+impl IsvExtId {
+ pub fn get(secs: &Secs) -> &IsvExtId {
+ unsafe { &*(&secs.reserved4 as *const _ as *const IsvExtId) }
+ }
+}
+
+unsafe impl ContiguousMemory for IsvExtId {}
+
#[repr(C)]
#[derive(Debug, Default)]
pub struct TcsSim {
@@ -128,7 +143,7 @@ pub struct TcsSim {
impl TcsSim {
#[link_section = ".nipx"]
- pub fn get(tcs: &mut Tcs) -> &mut TcsSim {
+ pub fn get_mut(tcs: &mut Tcs) -> &mut TcsSim {
unsafe { &mut *(&mut tcs.reserved as *mut _ as *mut TcsSim) }
}
}
diff --git a/sgx_trts/src/se/key.rs b/sgx_trts/src/se/key.rs
index 22278cf6..3d56b8c8 100644
--- a/sgx_trts/src/se/key.rs
+++ b/sgx_trts/src/se/key.rs
@@ -47,17 +47,17 @@ impl AlignKeyRequest {
// check if KSS flag is disabled but KSS related policy or config_svn
is set
let report = AlignReport::get_self();
- if (!(report
+ if !report
.0
.body
.attributes
.flags
- .intersects(AttributesFlags::KSS)))
- && ((self
+ .intersects(AttributesFlags::KSS)
+ && (self
.0
.key_policy
- .intersects(KeyPolicy::KSS | KeyPolicy::NOISVPRODID))
- || (self.0.config_svn > 0))
+ .intersects(KeyPolicy::KSS | KeyPolicy::NOISVPRODID)
+ || self.0.config_svn > 0)
{
bail!(SgxStatus::InvalidParameter);
}
diff --git a/sgx_trts/src/se/report.rs b/sgx_trts/src/se/report.rs
index 6ff461e5..04b3f5fd 100644
--- a/sgx_trts/src/se/report.rs
+++ b/sgx_trts/src/se/report.rs
@@ -26,8 +26,8 @@ use core::ptr;
use sgx_types::error::{SgxResult, SgxStatus};
use sgx_types::marker::ContiguousMemory;
use sgx_types::types::{
- Attributes, AttributesFlags, CpuSvn, Key128bit, KeyId, KeyName,
KeyRequest, Mac, Measurement,
- MiscSelect, Report, Report2Mac, ReportBody, ReportData, TargetInfo,
+ Attributes, AttributesFlags, ConfigId, CpuSvn, Key128bit, KeyId, KeyName,
KeyRequest, Mac,
+ Measurement, MiscSelect, Report, Report2Mac, ReportBody, ReportData,
TargetInfo,
};
use sgx_types::types::{
CONFIGID_SIZE, CPUSVN_SIZE, HASH_SIZE, ISVEXT_PROD_ID_SIZE,
ISV_FAMILY_ID_SIZE, KEYID_SIZE,
@@ -73,7 +73,9 @@ static mut REPORT: AlignReport = AlignReport(Report {
reserved2: [0; REPORT_BODY_RESERVED2_BYTES],
mr_signer: Measurement { m: [0; HASH_SIZE] },
reserved3: [0; REPORT_BODY_RESERVED3_BYTES],
- config_id: [0; CONFIGID_SIZE],
+ config_id: ConfigId {
+ id: [0; CONFIGID_SIZE],
+ },
isv_prod_id: 0,
isv_svn: 0,
config_svn: 0,
diff --git a/sgx_types/src/types/mod.rs b/sgx_types/src/types/mod.rs
index 5b14aacc..da37b136 100644
--- a/sgx_types/src/types/mod.rs
+++ b/sgx_types/src/types/mod.rs
@@ -121,7 +121,34 @@ impl_asref_array! {
pub const CPUSVN_SIZE: usize = 16;
pub const CONFIGID_SIZE: usize = 64;
-pub type ConfigId = [u8; CONFIGID_SIZE];
+impl_copy_clone! {
+ #[repr(C)]
+ #[derive(Debug)]
+ pub struct ConfigId {
+ pub id: [u8; CONFIGID_SIZE],
+ }
+}
+
+impl_struct_default! {
+ ConfigId; //64
+}
+impl_struct_ContiguousMemory! {
+ ConfigId;
+}
+
+impl_asref_array! {
+ ConfigId;
+}
+impl_asmut_array! {
+ ConfigId;
+}
+impl_from_array! {
+ ConfigId;
+}
+impl_unsafe_marker_for! {
+ BytewiseEquality,
+ ConfigId
+}
impl_struct! {
#[repr(C)]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
