-
Notifications
You must be signed in to change notification settings - Fork 548
/
protected_fs_nodes.h
148 lines (116 loc) · 5.04 KB
/
protected_fs_nodes.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
/*
* Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Intel Corporation nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#pragma once
#ifndef _PROTECTED_FS_NODES_H_
#define _PROTECTED_FS_NODES_H_
#include <stdint.h>
#include <sgx_report.h>
#include <sgx_tcrypto.h>
#pragma pack(push, 1)
#define NODE_SIZE 4096
// the rest of the 'defines' are relative to node size, so we can decrease node size in tests and have deeper tree
// compile time checks
#define COMPILE_TIME_ASSERT(compile_time_assert_name,compile_time_assert_condition) \
typedef unsigned char compile_time_assert_name[(compile_time_assert_condition) ? 1 : -1]
typedef uint8_t sgx_iv_t[SGX_AESGCM_IV_SIZE];
#define SGX_FILE_ID 0x5347585F46494C45 // SGX_FILE
#define SGX_FILE_MAJOR_VERSION 0x01
#define SGX_FILE_MINOR_VERSION 0x00
typedef struct _meta_data_plain
{
uint64_t file_id;
uint8_t major_version;
uint8_t minor_version;
sgx_key_id_t meta_data_key_id;
sgx_cpu_svn_t cpu_svn;
sgx_isv_svn_t isv_svn;
uint8_t use_user_kdk_key;
sgx_attributes_t attribute_mask;
sgx_aes_gcm_128bit_tag_t meta_data_gmac;
uint8_t update_flag;
} meta_data_plain_t;
// these are all defined as relative to node size, so we can decrease node size in tests and have deeper tree
#define FILENAME_MAX_LEN 260
#define MD_USER_DATA_SIZE (NODE_SIZE*3/4) // 3072
COMPILE_TIME_ASSERT(md_user_data_size, MD_USER_DATA_SIZE == 3072);
typedef struct _meta_data_encrypted
{
char clean_filename[FILENAME_MAX_LEN];
int64_t size;
sgx_aes_gcm_128bit_key_t mht_key;
sgx_aes_gcm_128bit_tag_t mht_gmac;
uint8_t data[MD_USER_DATA_SIZE];
} meta_data_encrypted_t;
typedef uint8_t meta_data_encrypted_blob_t[sizeof(meta_data_encrypted_t)];
#define META_DATA_NODE_SIZE NODE_SIZE
typedef uint8_t meta_data_padding_t[META_DATA_NODE_SIZE - (sizeof(meta_data_plain_t) + sizeof(meta_data_encrypted_blob_t))];
typedef struct _meta_data_node
{
meta_data_plain_t plain_part;
meta_data_encrypted_blob_t encrypted_part;
meta_data_padding_t padding;
} meta_data_node_t;
COMPILE_TIME_ASSERT(sizeof_meta_data_node_t, sizeof(meta_data_node_t) == 4096);
typedef struct _data_node_crypto
{
sgx_aes_gcm_128bit_key_t key;
sgx_aes_gcm_128bit_tag_t gmac;
} gcm_crypto_data_t;
// for NODE_SIZE == 4096, we have 96 attached data nodes and 32 mht child nodes
// for NODE_SIZE == 2048, we have 48 attached data nodes and 16 mht child nodes
// for NODE_SIZE == 1024, we have 24 attached data nodes and 8 mht child nodes
#define ATTACHED_DATA_NODES_COUNT ((NODE_SIZE/sizeof(gcm_crypto_data_t))*3/4) // 3/4 of the node size is dedicated to data nodes
COMPILE_TIME_ASSERT(attached_data_nodes_count, ATTACHED_DATA_NODES_COUNT == 96);
#define CHILD_MHT_NODES_COUNT ((NODE_SIZE/sizeof(gcm_crypto_data_t))*1/4) // 1/4 of the node size is dedicated to child mht nodes
COMPILE_TIME_ASSERT(child_mht_nodes_count, CHILD_MHT_NODES_COUNT == 32);
typedef struct _mht_node
{
gcm_crypto_data_t data_nodes_crypto[ATTACHED_DATA_NODES_COUNT];
gcm_crypto_data_t mht_nodes_crypto[CHILD_MHT_NODES_COUNT];
} mht_node_t;
COMPILE_TIME_ASSERT(sizeof_mht_node_t, sizeof(mht_node_t) == 4096);
typedef struct _data_node
{
uint8_t data[NODE_SIZE];
} data_node_t;
COMPILE_TIME_ASSERT(sizeof_data_node_t, sizeof(data_node_t) == 4096);
typedef struct _encrypted_node
{
uint8_t cipher[NODE_SIZE];
} encrypted_node_t;
COMPILE_TIME_ASSERT(sizeof_encrypted_node_t, sizeof(encrypted_node_t) == 4096);
typedef struct _recovery_node
{
uint64_t physical_node_number;
uint8_t node_data[NODE_SIZE];
} recovery_node_t;
#pragma pack(pop)
#endif // _PROTECTED_FS_NODES_H_