add memory sizes to attest hash

keystone-enclave · Mar 27, 2024 · b49b3be · b49b3be
1 parent 4566253
commit b49b3be
Show file tree

Hide file tree

Showing 5 changed files with 41 additions and 14 deletions.
diff --git a/examples/attestation/host/verifier.cpp b/examples/attestation/host/verifier.cpp
@@ -78,7 +78,7 @@ Verifier::verify_data(Report& report, const std::string& nonce) {
 
 void
 Verifier::compute_expected_enclave_hash(byte* expected_enclave_hash) {
-  Keystone::Enclave::measure((char*) expected_enclave_hash, eapp_file_.c_str(), rt_file_.c_str(), ld_file_.c_str());
+  Keystone::Enclave::measure((char*) expected_enclave_hash, eapp_file_.c_str(), rt_file_.c_str(), ld_file_.c_str(), params_);
 }
 
 void

diff --git a/sdk/include/host/Enclave.hpp b/sdk/include/host/Enclave.hpp
@@ -66,7 +66,7 @@ class Enclave {
   Enclave();
   ~Enclave();
   Error measureSelf(char* hash);
-  static Error measure(char* hash, const char* eapppath, const char* runtimepath, const char* loaderpath);
+  static Error measure(char* hash, const char* eapppath, const char* runtimepath, const char* loaderpath, Params params);
   // shared buffer is utm
   void* getSharedBuffer();
   size_t getSharedBufferSize();

diff --git a/sdk/include/shared/sm_call.h b/sdk/include/shared/sm_call.h
@@ -68,6 +68,8 @@ struct keystone_sbi_create_t {
 #define MSR_START_FILENAME "__0start"
 #define MSR_RUNTIME_FILENAME "__1runtime"
 #define MSR_EAPP_FILENAME "__2eapp"
+#define MSR_FREE_MEM "free_mem"
+#define MSR_UT_MEM "ut_mem"
 typedef struct {
   char name[MSR_NAME_LEN];
   uintptr_t type;
@@ -89,7 +91,7 @@ typedef struct {
 // TODO(Evgeny): a way to make this more convenient? should I make the pointers typed?
 typedef struct {
   uintptr_t runtime_arr, id_res_arr,
-    id_abs_arr, res_arr, abs_arr, data;
+    id_abs_arr, res_arr, abs_arr, pad_start;
   // resource_value_t runtime_values[];
   // resource_ptr_t identity_resident[];
   // resource_hash_t identity_absent[];

diff --git a/sdk/src/host/Enclave.cpp b/sdk/src/host/Enclave.cpp
@@ -76,6 +76,12 @@ Enclave::measureSelf(char* hash) {
   hash_ctx_t hash_ctx;
   hash_init(&hash_ctx);
 
+  // runtime vals
+  runtime_val_t runtime_val = {.name = MSR_FREE_MEM, .val = params.getFreeMemSize()};
+  hash_extend(&hash_ctx, &runtime_val, sizeof(runtime_val));
+  runtime_val = {.name = MSR_UT_MEM, .val = params.getUntrustedSize()};
+  hash_extend(&hash_ctx, &runtime_val, sizeof(runtime_val));
+
   measureResidentArr(hash_ctx, identityResident);
   for (resource_hash_t& rHash : identityAbsent) {
     hash_extend(&hash_ctx, &rHash, sizeof(rHash));
@@ -91,8 +97,9 @@ Enclave::measureSelf(char* hash) {
 }
 
 Error
-Enclave::measure(char* hash, const char* eapppath, const char* runtimepath, const char* loaderpath) {
+Enclave::measure(char* hash, const char* eapppath, const char* runtimepath, const char* loaderpath, Params params) {
   Enclave enclave;
+  enclave.params = params;
   Error err = enclave.addStandard(eapppath, runtimepath, loaderpath);
   if (err != Error::Success) {
     return err;
@@ -235,19 +242,22 @@ Enclave::finalize() {
 
   // space out the arrays
   ebundle_h->runtime_arr = (uintptr_t) sizeof(enclave_bundle_header_t);
-  ebundle_h->id_res_arr = ebundle_h->runtime_arr + 0; // TODO(Evgeny)
+  ebundle_h->id_res_arr = ebundle_h->runtime_arr
+    + (uintptr_t) (sizeof(runtime_val_t) * 2);
   ebundle_h->id_abs_arr = ebundle_h->id_res_arr 
     + (uintptr_t) (sizeof(resource_ptr_t) * identityResident.size());
   ebundle_h->res_arr = ebundle_h->id_abs_arr 
     + (uintptr_t) (sizeof(resource_hash_t) * identityAbsent.size());
   ebundle_h->abs_arr = ebundle_h->res_arr 
     + (uintptr_t) (sizeof(resource_ptr_t) * resident.size());
-  ebundle_h->data = ebundle_h->abs_arr 
+  ebundle_h->pad_start = ebundle_h->abs_arr 
     + (uintptr_t) (sizeof(resource_hash_t) * absent.size());
-  useEpm(0, ebundle_h->data); // contiguous ebundle_h and arrays, then page padding
+  useEpm(0, ebundle_h->pad_start); // contiguous ebundle_h and arrays, then page padding
 
   // fill in the arrays & data
-  // TODO(Evgeny): runtime values
+  runtime_val_t* runtime_arr = (runtime_val_t*) (ebase + ebundle_h->runtime_arr);
+  runtime_arr[0] = {.name = MSR_FREE_MEM, .val = params.getFreeMemSize()};
+  runtime_arr[1] = {.name = MSR_UT_MEM, .val = params.getUntrustedSize()};
   memcpy((void*) (ebase + ebundle_h->id_abs_arr), &identityAbsent[0], sizeof(resource_hash_t) * identityAbsent.size());
   memcpy((void*) (ebase + ebundle_h->abs_arr), &absent[0], sizeof(resource_hash_t) * absent.size());
   materializeResourceInfo((resource_ptr_t*) (ebase + ebundle_h->id_res_arr), &allElfFiles[0], identityResident);

diff --git a/sm/src/attest.c b/sm/src/attest.c
@@ -88,8 +88,6 @@ unsigned long validate_and_hash_enclave(struct enclave* enclave){
   enclave_bundle_header_t* ebundle_h = (enclave_bundle_header_t*) ebase;
   uintptr_t efilled_size = enclave->params.free_base - ebase;
 
-  // TODO(Evgeny): ensure untrusted and free sizes
-
   // hash the epm contents
   hash_ctx ctx;
   hash_init(&ctx);
@@ -98,16 +96,30 @@ unsigned long validate_and_hash_enclave(struct enclave* enclave){
   fail_state |= measure_resident_arr(ebase, efilled_size, ebundle_h->id_res_arr, ebundle_h->id_abs_arr, &ctx);
   fail_state |= measure_absent_arr(ebase, efilled_size, ebundle_h->id_abs_arr, ebundle_h->res_arr, &ctx);
   hash_ctx ctx_copy = ctx;
-  hash_finalize(enclave->identity, &ctx_copy);
   fail_state |= measure_resident_arr(ebase, efilled_size, ebundle_h->res_arr, ebundle_h->abs_arr, &ctx);
-  fail_state |= measure_absent_arr(ebase, efilled_size, ebundle_h->abs_arr, ebundle_h->data, &ctx);
+  fail_state |= measure_absent_arr(ebase, efilled_size, ebundle_h->abs_arr, ebundle_h->pad_start, &ctx);
   if (fail_state) {
       return SBI_ERR_SM_ENCLAVE_ILLEGAL_ARGUMENT;
   }
-  hash_finalize(enclave->hash, &ctx);
 
-  // TODO(Evgeny): move discovery into enclave
+  // confirm the runtime value claims
+  runtime_val_t* runtime_val = (runtime_val_t*) (ebase + ebundle_h->runtime_arr);
   resource_ptr_t* id_res_resource = (resource_ptr_t*) (ebase + ebundle_h->id_res_arr);
+  for (; runtime_val < (runtime_val_t*) id_res_resource; runtime_val++) {
+    if (strcmp(runtime_val->name, MSR_FREE_MEM) == 0) {
+      if (runtime_val->val > enclave->params.dram_size - enclave->params.free_base) {
+        return SBI_ERR_SM_ENCLAVE_ILLEGAL_ARGUMENT;
+      }
+    } else if (strcmp(runtime_val->name, MSR_UT_MEM) == 0) {
+      if (runtime_val->val != enclave->params.untrusted_size) {
+        return SBI_ERR_SM_ENCLAVE_ILLEGAL_ARGUMENT;
+      }
+    } else {
+      // claim unsupported by platform
+      return SBI_ERR_SM_ENCLAVE_ILLEGAL_ARGUMENT;
+    }
+  }
+
   resource_ptr_t* id_abs_arr = (resource_ptr_t*) (ebase + ebundle_h->id_abs_arr);
   // note: no overflow/ out of bounds possible because measure_resident_arr would have failed
   for (; id_res_resource < id_abs_arr; id_res_resource++) {
@@ -120,5 +132,8 @@ unsigned long validate_and_hash_enclave(struct enclave* enclave){
     return SBI_ERR_SM_ENCLAVE_ILLEGAL_ARGUMENT;
   }
 
+  hash_finalize(enclave->identity, &ctx_copy); // TODO(Evgeny): use identity for sealing key derivation
+  hash_finalize(enclave->hash, &ctx);
+
   return SBI_ERR_SM_ENCLAVE_SUCCESS;
 }