-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes in stubs and linker.py for Authentic Execution #36
Merged
jovanbulck
merged 27 commits into
sancus-tee:master
from
AuthenticExecution:rearrange-commits
Oct 26, 2021
Merged
Changes from 20 commits
Commits
Show all changes
27 commits
Select commit
Hold shift + click to select a range
d58d972
linker.py: add KEEP to input_callbacks to preserve input symbols
gianlu33 ec7dbee
changes in stubs and linker.py for Authentic Execution
gianlu33 c05544c
add assertion for the Connection struct, add global var in linker.py
gianlu33 62d2bf3
fix sancus_is_outside_sm
gianlu33 1b1f009
sm_input: O(1) lookup of conn using index returned by set_key
gianlu33 967f06a
sancus_is_outside_sm: check for int overflow
jovanbulck 588605d
Fix brackets sancus_is_outside_sm
jovanbulck 2fc4ce6
declare extern vars for the public/secret regions, sanitize sm_attest()
gianlu33 7d29fb2
sanitize inputs of __sm_set_key and __sm_handle_input
gianlu33 0554693
reactive: declare symbols for the public/secret regions
jovanbulck bb6edf2
fix declaration of symbols for public/secret regions
gianlu33 09f2bfd
__sm_handle_input: return a value to indicate success/error
gianlu33 6152f0e
__sm_attest: return a value to indicate success/error
gianlu33 6f8cb87
simplify __sm_handle_input
gianlu33 e8f5890
small fix return value in __sm_handle_input
gianlu33 3ae4774
use config file for `num_connections` parameter
gianlu33 ce71396
add num_connections property in SmConfig
gianlu33 5621e27
add comments in linker.py to explain the connection array
gianlu33 16ae05c
add num_connections parameter in sm-config-example.yaml
gianlu33 b50bb02
move io_id check from set_key to handle_input
gianlu33 0a81ca0
fix sm_{}_io_connections buffer allocation if num_connections is zero
gianlu33 7ee6635
return values of stubs as ResultCode values
gianlu33 e5cb9ce
handle_output: check if allocated buffer is outside SM
gianlu33 e760cea
remove unused include
gianlu33 537c3a0
return a value from `output` functions
gianlu33 b27b130
use uintptr_t type instead of void* in is_buffer_outside_region
gianlu33 d57b76d
fix: cast from void* to uintptr_t inside is_buffer_outside_region
gianlu33 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
#include "reactive_stubs_support.h" | ||
|
||
uint16_t SM_ENTRY(SM_NAME) __sm_attest(const uint8_t* challenge, size_t len, | ||
uint8_t *result) | ||
{ | ||
if( !sancus_is_outside_sm(SM_NAME, (void *) challenge, len) || | ||
!sancus_is_outside_sm(SM_NAME, (void *) result, SANCUS_TAG_SIZE) ) { | ||
return 1; | ||
jovanbulck marked this conversation as resolved.
Show resolved
Hide resolved
|
||
} | ||
|
||
sancus_tag(challenge, len, result); | ||
jovanbulck marked this conversation as resolved.
Show resolved
Hide resolved
gianlu33 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
return 0; | ||
} |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we still have an issue here with overflow(!)
void*
pointers is illegal in C (while silently allowed in gcc)unsigned
data types in the C standard (even gcc might simply compile/optimize away the check we added as it's undefined behavior)There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what we should probably do here is to cast all the
void*
inputs touintptr_t
firstthanks @mtvec !
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok done, by changing the signature of the function the cast should be implicit right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks! I think it is fine now, but we might get compiler warnings if every argument is not explicitly casted in the function call. Not sure how that is for the
sancus_is_outside_sm
macro.Maybe cleaner to keep the
void*
pointers in the function arguments and cast them as local variables instead if that's possible easily?sorry for the overhead!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I had the same thought but actually I did not get any warnings when compiling the library
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sure, will existing applications not get a warning? eg
https://github.com/sancus-tee/sancus-examples/blob/master/sensor-reader/reader.c#L15
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, you are totally right, sorry! I did not
make clean
before rebuilding the library, so this is why I was not getting any warnings.I fixed it, now everything should be fine!