Support intel sgx sdk 2.16
diff --git a/dockerfile/02_binutils.sh b/dockerfile/02_binutils.sh
index a75640a..eb4ed9c 100644
--- a/dockerfile/02_binutils.sh
+++ b/dockerfile/02_binutils.sh
@@ -1,7 +1,7 @@
if [ $BINUTILS_DIST != "SELF_BUILT" ]
then
cd /root && \
- wget https://download.01.org/intel-sgx/sgx-linux/2.15.1/as.ld.objdump.r4.tar.gz && \
+ wget https://download.01.org/intel-sgx/sgx-linux/2.16/as.ld.objdump.r4.tar.gz && \
tar xzf as.ld.objdump.r4.tar.gz && \
cp -r external/toolset/$BINUTILS_DIST/* /usr/bin/ && \
rm -rf ./external ./as.ld.objdump.r4.tar.gz
diff --git a/dockerfile/03_sdk.sh b/dockerfile/03_sdk.sh
index 657b306..bc4e5a2 100644
--- a/dockerfile/03_sdk.sh
+++ b/dockerfile/03_sdk.sh
@@ -10,10 +10,10 @@
cd /root && \
git clone --recursive https://github.com/intel/linux-sgx && \
cd linux-sgx && \
- git checkout sgx_2.15.1 && \
+ git checkout sgx_2.16 && \
./download_prebuilt.sh && \
make -j "$(nproc)" sdk_install_pkg && \
- echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.15.101.1.bin && \
+ echo -e 'no\n/opt' | ./linux/installer/bin/sgx_linux_x64_sdk_2.16.100.4.bin && \
echo 'source /opt/sgxsdk/environment' >> /root/.bashrc && \
cd /root && \
rm -rf /root/linux-sgx
diff --git a/dockerfile/Dockerfile.1804.nightly b/dockerfile/Dockerfile.1804.nightly
index 2b6b5c5..e3ea188 100644
--- a/dockerfile/Dockerfile.1804.nightly
+++ b/dockerfile/Dockerfile.1804.nightly
@@ -15,7 +15,7 @@
RUN bash /root/02_binutils.sh
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.15.1/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.15.101.1.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu18.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"
#ENV SDK_DIST="SELF_BUILT"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
@@ -23,8 +23,8 @@
# Sixth, PSW
ENV CODENAME bionic
-ENV VERSION 2.15.101.1-bionic1
-ENV DCAP_VERSION 1.12.101.1-bionic1
+ENV VERSION 2.16.100.4-bionic1
+ENV DCAP_VERSION 1.13.100.4-bionic1
ADD 04_psw.sh /root
RUN bash /root/04_psw.sh
diff --git a/dockerfile/Dockerfile.2004.nightly b/dockerfile/Dockerfile.2004.nightly
index b54b501..2ffc20b 100644
--- a/dockerfile/Dockerfile.2004.nightly
+++ b/dockerfile/Dockerfile.2004.nightly
@@ -19,15 +19,15 @@
#ENV SDK_DIST="SELF_BUILT"
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.15.1/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.15.101.1.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/ubuntu20.04-server/sgx_linux_x64_sdk_2.16.100.4.bin"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
# Sixth, PSW
ENV CODENAME focal
-ENV VERSION 2.15.101.1-focal1
-ENV DCAP_VERSION 1.12.101.1-focal1
+ENV VERSION 2.16.100.4-focal1
+ENV DCAP_VERSION 1.13.100.4-focal1
ADD 04_psw.sh /root
RUN bash /root/04_psw.sh
diff --git a/dockerfile/Dockerfile.centos8.nightly b/dockerfile/Dockerfile.centos8.nightly
index 8897210..bd107c2 100644
--- a/dockerfile/Dockerfile.centos8.nightly
+++ b/dockerfile/Dockerfile.centos8.nightly
@@ -7,18 +7,18 @@
#ADD 01_gcc_8.sh /root
#RUN bash /root/01_gcc_8.sh
-ENV BINUTILS_DIST="centos8.2"
+ENV BINUTILS_DIST="centos8"
ADD 02_binutils.sh /root
RUN bash /root/02_binutils.sh
ENV SDK_DIST="INTEL_BUILT"
-ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.15.1/distro/centos8.2-server/sgx_linux_x64_sdk_2.15.101.1.bin"
+ENV SDK_URL="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_linux_x64_sdk_2.16.100.4.bin"
#ENV SDK_DIST="SELF_BUILT"
ADD 03_sdk.sh /root
RUN bash /root/03_sdk.sh
-ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.15.1/distro/centos8.2-server/sgx_rpm_local_repo.tgz"
+ENV PSW_REPO="https://download.01.org/intel-sgx/sgx-linux/2.16/distro/centos-stream/sgx_rpm_local_repo.tgz"
ADD 04_psw_rpm.sh /root
RUN bash /root/04_psw_rpm.sh
diff --git a/edl/intel/sgx_ttls.edl b/edl/intel/sgx_ttls.edl
new file mode 100644
index 0000000..ca0906f
--- /dev/null
+++ b/edl/intel/sgx_ttls.edl
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+enclave{
+ include "sgx_report.h"
+ include "sgx_qve_header.h"
+ include "sgx_ql_lib_common.h"
+ include "sgx_ql_quote.h"
+
+ untrusted {
+ quote3_error_t sgx_tls_get_qe_target_info_ocall([size = target_info_size, out] sgx_target_info_t *p_target_info,
+ size_t target_info_size);
+
+ quote3_error_t sgx_tls_get_quote_size_ocall([out] uint32_t *p_quote_size);
+
+ quote3_error_t sgx_tls_get_quote_ocall([size = report_size, in] sgx_report_t* p_report,
+ size_t report_size,
+ [size = quote_size, out] uint8_t *p_quote,
+ uint32_t quote_size);
+
+ quote3_error_t sgx_tls_get_supplemental_data_size_ocall([out] uint32_t *p_supplemental_data_size);
+
+ quote3_error_t sgx_tls_verify_quote_ocall(
+ [size = quote_size, in] const uint8_t *p_quote,
+ uint32_t quote_size,
+ time_t expiration_check_date,
+ [out] sgx_ql_qv_result_t *p_quote_verification_result,
+ [size = qve_report_info_size, in, out] sgx_ql_qe_report_info_t *p_qve_report_info,
+ size_t qve_report_info_size,
+ [size = supplemental_data_size, out] uint8_t *p_supplemental_data,
+ uint32_t supplemental_data_size);
+
+ };
+};
diff --git a/sgx_edl/edl/intel/sgx_ttls.edl b/sgx_edl/edl/intel/sgx_ttls.edl
new file mode 100644
index 0000000..ca0906f
--- /dev/null
+++ b/sgx_edl/edl/intel/sgx_ttls.edl
@@ -0,0 +1,62 @@
+/*
+ * Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ * * Neither the name of Intel Corporation nor the names of its
+ * contributors may be used to endorse or promote products derived
+ * from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+enclave{
+ include "sgx_report.h"
+ include "sgx_qve_header.h"
+ include "sgx_ql_lib_common.h"
+ include "sgx_ql_quote.h"
+
+ untrusted {
+ quote3_error_t sgx_tls_get_qe_target_info_ocall([size = target_info_size, out] sgx_target_info_t *p_target_info,
+ size_t target_info_size);
+
+ quote3_error_t sgx_tls_get_quote_size_ocall([out] uint32_t *p_quote_size);
+
+ quote3_error_t sgx_tls_get_quote_ocall([size = report_size, in] sgx_report_t* p_report,
+ size_t report_size,
+ [size = quote_size, out] uint8_t *p_quote,
+ uint32_t quote_size);
+
+ quote3_error_t sgx_tls_get_supplemental_data_size_ocall([out] uint32_t *p_supplemental_data_size);
+
+ quote3_error_t sgx_tls_verify_quote_ocall(
+ [size = quote_size, in] const uint8_t *p_quote,
+ uint32_t quote_size,
+ time_t expiration_check_date,
+ [out] sgx_ql_qv_result_t *p_quote_verification_result,
+ [size = qve_report_info_size, in, out] sgx_ql_qe_report_info_t *p_qve_report_info,
+ size_t qve_report_info_size,
+ [size = supplemental_data_size, out] uint8_t *p_supplemental_data,
+ uint32_t supplemental_data_size);
+
+ };
+};
diff --git a/sgx_no_tstd/build.rs b/sgx_no_tstd/build.rs
index 97deabc..e1d22fa 100644
--- a/sgx_no_tstd/build.rs
+++ b/sgx_no_tstd/build.rs
@@ -15,11 +15,14 @@
// specific language governing permissions and limitations
// under the License.
+#![feature(available_parallelism)]
+
extern crate sgx_build_helper as build_helper;
+use build_helper::{native_lib_boilerplate, run};
use std::env;
use std::process::Command;
-use build_helper::{run, native_lib_boilerplate};
+use std::thread;
fn main() {
println!("cargo:rerun-if-changed=build.rs");
@@ -39,13 +42,15 @@
"config.h.in~",
"configure",
"aclocal.m4",
- "INSTALL"];
+ "INSTALL",
+ ];
let native = native_lib_boilerplate(
- "sgx_unwind/libunwind",
- "libunwind",
- "unwind",
- "src/.libs",
- &filter)?;
+ "sgx_unwind/libunwind",
+ "libunwind",
+ "unwind",
+ "src/.libs",
+ &filter,
+ )?;
let mut cflags = String::new();
cflags += " -fstack-protector -ffreestanding -nostdinc -fvisibility=hidden -fpie -fno-strict-overflow -fno-delete-null-pointer-checks";
@@ -54,32 +59,38 @@
let mitigation_cflags = " -mindirect-branch-register -mfunction-return=thunk-extern";
let mitigation_asflags = " -fno-plt";
let mitigation_loadflags = " -Wa,-mlfence-after-load=yes -Wa,-mlfence-before-ret=not";
- let mitigation_cfflags = " -Wa,-mlfence-before-indirect-branch=register -Wa,-mlfence-before-ret=not";
+ let mitigation_cfflags =
+ " -Wa,-mlfence-before-indirect-branch=register -Wa,-mlfence-before-ret=not";
let mitigation = env::var("MITIGATION_CVE_2020_0551").unwrap_or_default();
match mitigation.as_ref() {
"LOAD" => {
cflags += mitigation_cflags;
cflags += mitigation_asflags;
cflags += mitigation_loadflags;
- },
+ }
"CF" => {
cflags += mitigation_cflags;
cflags += mitigation_asflags;
cflags += mitigation_cfflags;
- },
- _ => {},
+ }
+ _ => {}
}
run(Command::new("sh")
- .current_dir(&native.out_dir)
- .arg(native.src_dir.join("autogen.sh").to_str().unwrap())
- .arg(format!("--host={}", build_helper::gnu_target(target)))
- .arg(format!("--build={}", build_helper::gnu_target(host)))
- .env("CFLAGS", cflags));
+ .current_dir(&native.out_dir)
+ .arg(native.src_dir.join("autogen.sh").to_str().unwrap())
+ .arg(format!("--host={}", build_helper::gnu_target(target)))
+ .arg(format!("--build={}", build_helper::gnu_target(host)))
+ .env("CFLAGS", cflags));
run(Command::new(build_helper::make(host))
- .current_dir(&native.out_dir)
- .arg(format!("INCDIR={}", native.src_dir.display()))
- .arg("-j5"));
+ .current_dir(&native.out_dir)
+ .arg(format!("INCDIR={}", native.src_dir.display()))
+ .arg(format!(
+ "-j{}",
+ thread::available_parallelism()
+ .map(|n| n.get())
+ .unwrap_or(5)
+ )));
Ok(())
-}
\ No newline at end of file
+}
diff --git a/sgx_no_tstd/src/lib.rs b/sgx_no_tstd/src/lib.rs
index c70955d..8df6fa6 100644
--- a/sgx_no_tstd/src/lib.rs
+++ b/sgx_no_tstd/src/lib.rs
@@ -17,7 +17,6 @@
#![no_std]
#![cfg_attr(target_env = "sgx", feature(rustc_private))]
-
#![feature(lang_items)]
#![feature(alloc_error_handler)]
diff --git a/sgx_tcrypto/src/crypto.rs b/sgx_tcrypto/src/crypto.rs
index 96c09b8..58aaa00 100644
--- a/sgx_tcrypto/src/crypto.rs
+++ b/sgx_tcrypto/src/crypto.rs
@@ -165,6 +165,108 @@
unsafe { sgx_sha256_close(sha_handle) }
}
+///
+/// The rsgx_sha384_msg function performs a standard SHA384 hash over the input data buffer.
+///
+pub fn rsgx_sha384_msg<T>(src: &T) -> SgxResult<sgx_sha384_hash_t>
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of::<T>();
+ if size == 0 {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+ if size > u32::MAX as usize {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = unsafe {
+ sgx_sha384_msg(
+ src as *const _ as *const u8,
+ size as u32,
+ &mut hash as *mut sgx_sha384_hash_t,
+ )
+ };
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+}
+
+///
+/// The rsgx_sha384_slice function performs a standard SHA384 hash over the input data buffer.
+///
+pub fn rsgx_sha384_slice<T>(src: &[T]) -> SgxResult<sgx_sha384_hash_t>
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of_val(src);
+ if size == 0 {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+ if size > u32::MAX as usize {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = unsafe {
+ sgx_sha384_msg(
+ src.as_ptr() as *const u8,
+ size as u32,
+ &mut hash as *mut sgx_sha384_hash_t,
+ )
+ };
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+}
+
+fn rsgx_sha384_init(sha_handle: &mut sgx_sha_state_handle_t) -> sgx_status_t {
+ unsafe { sgx_sha384_init(sha_handle as *mut sgx_sha_state_handle_t) }
+}
+
+fn rsgx_sha384_update_msg<T>(src: &T, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of::<T>();
+ if size == 0 {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ if size > u32::MAX as usize {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+
+ unsafe { sgx_sha384_update(src as *const _ as *const u8, size as u32, sha_handle) }
+}
+
+fn rsgx_sha384_update_slice<T>(src: &[T], sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of_val(src);
+ if size == 0 {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ if size > u32::MAX as usize {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ unsafe { sgx_sha384_update(src.as_ptr() as *const u8, size as u32, sha_handle) }
+}
+
+fn rsgx_sha384_get_hash(
+ sha_handle: sgx_sha_state_handle_t,
+ hash: &mut sgx_sha384_hash_t,
+) -> sgx_status_t {
+ unsafe { sgx_sha384_get_hash(sha_handle, hash as *mut sgx_sha384_hash_t) }
+}
+
+fn rsgx_sha384_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t {
+ unsafe { sgx_sha384_close(sha_handle) }
+}
+
pub fn rsgx_sha1_msg<T>(src: &T) -> SgxResult<sgx_sha1_hash_t>
where
T: Copy + ContiguousMemory,
@@ -262,7 +364,7 @@
}
///
-/// SHA algorithm context state.
+/// SHA256 algorithm context state.
///
/// This is a handle to the context state used by the cryptography library to perform an iterative SHA256 hash.
/// The algorithm stores the intermediate results of performing the hash calculation over data sets.
@@ -504,6 +606,141 @@
}
}
+///
+/// SHA384 algorithm context state.
+///
+/// This is a handle to the context state used by the cryptography library to perform an iterative SHA384 hash.
+/// The algorithm stores the intermediate results of performing the hash calculation over data sets.
+///
+pub struct SgxSha384Handle {
+ handle: RefCell<sgx_sha_state_handle_t>,
+ initflag: Cell<bool>,
+}
+
+impl SgxSha384Handle {
+ ///
+ /// Constructs a new, empty SgxShaHandle.
+ ///
+ pub fn new() -> SgxSha384Handle {
+ SgxSha384Handle {
+ handle: RefCell::new(ptr::null_mut() as sgx_sha_state_handle_t),
+ initflag: Cell::new(false),
+ }
+ }
+
+ ///
+ /// init returns an allocated and initialized SHA384 algorithm context state.
+ ///
+ pub fn init(&self) -> SgxError {
+ if self.initflag.get() {
+ return Ok(());
+ }
+
+ let ret = rsgx_sha384_init(self.handle.borrow_mut().deref_mut());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => {
+ self.initflag.set(true);
+ Ok(())
+ }
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// update_msg performs a SHA384 hash over the input dataset provided.
+ ///
+ pub fn update_msg<T>(&self, src: &T) -> SgxError
+ where
+ T: Copy + ContiguousMemory,
+ {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let ret = rsgx_sha384_update_msg(src, *self.handle.borrow());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(()),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// update_slice performs a SHA384 hash over the input dataset provided.
+ ///
+ pub fn update_slice<T>(&self, src: &[T]) -> SgxError
+ where
+ T: Copy + ContiguousMemory,
+ {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let ret = rsgx_sha384_update_slice(src, *self.handle.borrow());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(()),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// get_hash obtains the SHA384 hash after the final dataset has been processed.
+ ///
+ pub fn get_hash(&self) -> SgxResult<sgx_sha384_hash_t> {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = rsgx_sha384_get_hash(*self.handle.borrow(), &mut hash);
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// close cleans up and deallocates the SHA384 state that was allocated in function init.
+ ///
+ pub fn close(&self) -> SgxError {
+ if !self.initflag.get() {
+ return Ok(());
+ }
+
+ let ret = {
+ let handle = *self.handle.borrow();
+ if handle.is_null() {
+ sgx_status_t::SGX_SUCCESS
+ } else {
+ rsgx_sha384_close(handle)
+ }
+ };
+
+ match ret {
+ sgx_status_t::SGX_SUCCESS => {
+ self.initflag.set(false);
+ *self.handle.borrow_mut() = ptr::null_mut();
+ Ok(())
+ }
+ _ => Err(ret),
+ }
+ }
+}
+
+impl Default for SgxSha384Handle {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+impl Drop for SgxSha384Handle {
+ ///
+ /// drop cleans up and deallocates the SHA384 state that was allocated in function init.
+ ///
+ fn drop(&mut self) {
+ let _ = self.close();
+ }
+}
+
pub struct SgxSha1Handle {
handle: RefCell<sgx_sha_state_handle_t>,
initflag: Cell<bool>,
@@ -608,7 +845,7 @@
impl Drop for SgxSha1Handle {
///
- /// drop cleans up and deallocates the SHA256 state that was allocated in function init.
+ /// drop cleans up and deallocates the SHA1 state that was allocated in function init.
///
fn drop(&mut self) {
let _ = self.close();
diff --git a/sgx_trts/src/lib.rs b/sgx_trts/src/lib.rs
index af78272..15be2d4 100644
--- a/sgx_trts/src/lib.rs
+++ b/sgx_trts/src/lib.rs
@@ -64,7 +64,6 @@
#![no_std]
#![cfg_attr(target_env = "sgx", feature(rustc_private))]
-
#![allow(incomplete_features)]
#![feature(allocator_api)]
#![feature(asm)]
diff --git a/sgx_trts/src/memchr.rs b/sgx_trts/src/memchr.rs
index d876a36..6ac9d97 100644
--- a/sgx_trts/src/memchr.rs
+++ b/sgx_trts/src/memchr.rs
@@ -21,13 +21,7 @@
/// `haystack`, or `None` if one is not found.
///
pub fn memchr(needle: u8, haystack: &[u8]) -> Option<usize> {
- let p = unsafe {
- sgx_libc::memchr(
- haystack.as_ptr(),
- needle,
- haystack.len(),
- )
- };
+ let p = unsafe { sgx_libc::memchr(haystack.as_ptr(), needle, haystack.len()) };
if p.is_null() {
None
} else {
@@ -41,13 +35,7 @@
if haystack.is_empty() {
return None;
}
- let p = unsafe {
- sgx_libc::memrchr(
- haystack.as_ptr(),
- needle,
- haystack.len(),
- )
- };
+ let p = unsafe { sgx_libc::memrchr(haystack.as_ptr(), needle, haystack.len()) };
if p.is_null() {
None
} else {
@@ -56,4 +44,4 @@
}
memrchr_specific(needle, haystack)
-}
\ No newline at end of file
+}
diff --git a/sgx_trts/src/trts.rs b/sgx_trts/src/trts.rs
index 78147f7..aca5c02 100644
--- a/sgx_trts/src/trts.rs
+++ b/sgx_trts/src/trts.rs
@@ -210,3 +210,20 @@
asm! {"mfence"};
}
}
+
+#[inline]
+pub fn rsgx_rdpkru() -> Option<u32> {
+ let mut val = 0_u32;
+ let ret = unsafe { sgx_rdpkru(&mut val as *mut u32) };
+
+ if ret == 1 {
+ Some(val)
+ } else {
+ None
+ }
+}
+
+#[inline]
+pub fn rsgx_wrpkru(val: u32) -> bool {
+ unsafe { sgx_wrpkru(val) == 1 }
+}
diff --git a/sgx_tse/src/se.rs b/sgx_tse/src/se.rs
index cf46fda..e3c3aa3 100644
--- a/sgx_tse/src/se.rs
+++ b/sgx_tse/src/se.rs
@@ -135,6 +135,14 @@
}
}
+pub fn rsgx_verify_report2(report_mac_struct: &sgx_report2_mac_struct_t) -> SgxError {
+ let ret = unsafe { sgx_verify_report2(report_mac_struct as *const sgx_report2_mac_struct_t) };
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(()),
+ _ => Err(ret),
+ }
+}
+
///
/// The rsgx_get_key function generates a 128-bit secret key using the input information.
///
diff --git a/sgx_tstd/src/sys_common/wtf8.rs b/sgx_tstd/src/sys_common/wtf8.rs
index dca7415..d37342a 100644
--- a/sgx_tstd/src/sys_common/wtf8.rs
+++ b/sgx_tstd/src/sys_common/wtf8.rs
@@ -825,9 +825,7 @@
#[inline]
fn next(&mut self) -> Option<CodePoint> {
- unsafe {
- next_code_point(&mut self.bytes).map(|c| CodePoint { value: c })
- }
+ next_code_point(&mut self.bytes).map(|c| CodePoint { value: c })
}
#[inline]
diff --git a/sgx_types/src/error.rs b/sgx_types/src/error.rs
index f9ea425..9abef28 100644
--- a/sgx_types/src/error.rs
+++ b/sgx_types/src/error.rs
@@ -122,7 +122,7 @@
}
impl sgx_status_t {
- pub fn __description(&self) -> &str {
+ pub fn __description(&self) -> &'static str {
match *self {
sgx_status_t::SGX_SUCCESS => "Success.",
sgx_status_t::SGX_ERROR_UNEXPECTED => "Unexpected error occurred.",
@@ -215,7 +215,7 @@
}
}
- pub fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &'static str {
match *self {
sgx_status_t::SGX_SUCCESS => "SGX_SUCCESS.",
sgx_status_t::SGX_ERROR_UNEXPECTED => "SGX_ERROR_UNEXPECTED",
@@ -259,7 +259,9 @@
sgx_status_t::SGX_ERROR_SERVICE_UNAVAILABLE => "SGX_ERROR_SERVICE_UNAVAILABLE",
sgx_status_t::SGX_ERROR_SERVICE_TIMEOUT => "SGX_ERROR_SERVICE_TIMEOUT",
sgx_status_t::SGX_ERROR_AE_INVALID_EPIDBLOB => "SGX_ERROR_AE_INVALID_EPIDBLOB",
- sgx_status_t::SGX_ERROR_SERVICE_INVALID_PRIVILEGE => "SGX_ERROR_SERVICE_INVALID_PRIVILEGE",
+ sgx_status_t::SGX_ERROR_SERVICE_INVALID_PRIVILEGE => {
+ "SGX_ERROR_SERVICE_INVALID_PRIVILEGE"
+ }
sgx_status_t::SGX_ERROR_EPID_MEMBER_REVOKED => "SGX_ERROR_EPID_MEMBER_REVOKED",
sgx_status_t::SGX_ERROR_UPDATE_NEEDED => "SGX_ERROR_UPDATE_NEEDED",
sgx_status_t::SGX_ERROR_NETWORK_FAILURE => "SGX_ERROR_NETWORK_FAILURE",
@@ -284,19 +286,31 @@
sgx_status_t::SGX_ERROR_FILE_NO_KEY_ID => "SGX_ERROR_FILE_NO_KEY_ID",
sgx_status_t::SGX_ERROR_FILE_NAME_MISMATCH => "SGX_ERROR_FILE_NAME_MISMATCH",
sgx_status_t::SGX_ERROR_FILE_NOT_SGX_FILE => "SGX_ERROR_FILE_NOT_SGX_FILE",
- sgx_status_t::SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE => "SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE",
- sgx_status_t::SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE => "SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE",
+ sgx_status_t::SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE => {
+ "SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE"
+ }
+ sgx_status_t::SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE => {
+ "SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE"
+ }
sgx_status_t::SGX_ERROR_FILE_RECOVERY_NEEDED => "SGX_ERROR_FILE_RECOVERY_NEEDED",
sgx_status_t::SGX_ERROR_FILE_FLUSH_FAILED => "SGX_ERROR_FILE_FLUSH_FAILED",
sgx_status_t::SGX_ERROR_FILE_CLOSE_FAILED => "SGX_ERROR_FILE_CLOSE_FAILED",
sgx_status_t::SGX_ERROR_UNSUPPORTED_ATT_KEY_ID => "SGX_ERROR_UNSUPPORTED_ATT_KEY_ID",
- sgx_status_t::SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE => "SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE",
+ sgx_status_t::SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE => {
+ "SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE"
+ }
sgx_status_t::SGX_ERROR_ATT_KEY_UNINITIALIZED => "SGX_ERROR_ATT_KEY_UNINITIALIZED",
- sgx_status_t::SGX_ERROR_INVALID_ATT_KEY_CERT_DATA => "SGX_ERROR_INVALID_ATT_KEY_CERT_DATA",
- sgx_status_t::SGX_ERROR_PLATFORM_CERT_UNAVAILABLE => "SGX_ERROR_PLATFORM_CERT_UNAVAILABLE",
+ sgx_status_t::SGX_ERROR_INVALID_ATT_KEY_CERT_DATA => {
+ "SGX_ERROR_INVALID_ATT_KEY_CERT_DATA"
+ }
+ sgx_status_t::SGX_ERROR_PLATFORM_CERT_UNAVAILABLE => {
+ "SGX_ERROR_PLATFORM_CERT_UNAVAILABLE"
+ }
- sgx_status_t::SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED => "SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED",
+ sgx_status_t::SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED => {
+ "SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED"
+ }
sgx_status_t::SGX_ERROR_WASM_BUFFER_TOO_SHORT => "SGX_ERROR_WASM_BUFFER_TOO_SHORT",
sgx_status_t::SGX_ERROR_WASM_INTERPRETER_ERROR => "SGX_ERROR_WASM_INTERPRETER_ERROR",
@@ -332,21 +346,25 @@
}
impl sgx_pce_error_t {
- pub fn __description(&self) -> &str {
+ pub fn __description(&self) -> &'static str {
match *self {
sgx_pce_error_t::SGX_PCE_SUCCESS => "Success.",
sgx_pce_error_t::SGX_PCE_UNEXPECTED => "Unexpected error.",
sgx_pce_error_t::SGX_PCE_INVALID_PARAMETER => "The parameter is incorrect.",
- sgx_pce_error_t::SGX_PCE_OUT_OF_EPC => "Not enough memory is available to complete this operation.",
+ sgx_pce_error_t::SGX_PCE_OUT_OF_EPC => {
+ "Not enough memory is available to complete this operation."
+ }
sgx_pce_error_t::SGX_PCE_INTERFACE_UNAVAILABLE => "SGX API is unavailable.",
sgx_pce_error_t::SGX_PCE_INVALID_REPORT => "The report cannot be verified.",
sgx_pce_error_t::SGX_PCE_CRYPTO_ERROR => "Cannot decrypt or verify ciphertext.",
- sgx_pce_error_t::SGX_PCE_INVALID_PRIVILEGE => "Not enough privilege to perform the operation.",
+ sgx_pce_error_t::SGX_PCE_INVALID_PRIVILEGE => {
+ "Not enough privilege to perform the operation."
+ }
sgx_pce_error_t::SGX_PCE_INVALID_TCB => "PCE could not sign at the requested TCB.",
}
}
- pub fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &'static str {
match *self {
sgx_pce_error_t::SGX_PCE_SUCCESS => "SGX_PCE_SUCCESS.",
sgx_pce_error_t::SGX_PCE_UNEXPECTED => "SGX_PCE_UNEXPECTED",
@@ -450,42 +468,79 @@
SGX_QL_QVE_OUT_OF_DATE = 0x0000_E051,
SGX_QL_PSW_NOT_AVAILABLE = 0x0000_E052,
SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED = 0x0000_E053,
+ SGX_QL_TDX_MODULE_MISMATCH = 0x0000_E060,
SGX_QL_ERROR_MAX = 0x0000_E0FF,
}
}
impl sgx_quote3_error_t {
- pub fn __description(&self) -> &str {
+ pub fn __description(&self) -> &'static str {
match *self {
sgx_quote3_error_t::SGX_QL_SUCCESS => "Success.",
-// sgx_quote3_error_t::SGX_QL_ERROR_MIN => "Indicate min error to allow better translation.",
+ // sgx_quote3_error_t::SGX_QL_ERROR_MIN => "Indicate min error to allow better translation.",
sgx_quote3_error_t::SGX_QL_ERROR_UNEXPECTED => "Unexpected error.",
sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PARAMETER => "The parameter is incorrect",
- sgx_quote3_error_t::SGX_QL_ERROR_OUT_OF_MEMORY => "Not enough memory is available to complete this operation.",
- sgx_quote3_error_t::SGX_QL_ERROR_ECDSA_ID_MISMATCH => "Expected ECDSA_ID does not match the value stored in the ECDSA Blob.",
- sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => "The ECDSA blob pathname is too large.",
+ sgx_quote3_error_t::SGX_QL_ERROR_OUT_OF_MEMORY => {
+ "Not enough memory is available to complete this operation."
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_ECDSA_ID_MISMATCH => {
+ "Expected ECDSA_ID does not match the value stored in the ECDSA Blob."
+ }
+ sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => {
+ "The ECDSA blob pathname is too large."
+ }
sgx_quote3_error_t::SGX_QL_FILE_ACCESS_ERROR => "Error accessing ECDSA blob.",
sgx_quote3_error_t::SGX_QL_ERROR_STORED_KEY => "Cached ECDSA key is invalid.",
- sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => "Cached ECDSA key does not match requested key.",
- sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => "PCE use the incorrect signature scheme.",
- sgx_quote3_error_t::SGX_QL_ATT_KEY_BLOB_ERROR => "There is a problem with the attestation key blob.",
+ sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => {
+ "Cached ECDSA key does not match requested key."
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => {
+ "PCE use the incorrect signature scheme."
+ }
+ sgx_quote3_error_t::SGX_QL_ATT_KEY_BLOB_ERROR => {
+ "There is a problem with the attestation key blob."
+ }
sgx_quote3_error_t::SGX_QL_UNSUPPORTED_ATT_KEY_ID => "Unsupported attestation key ID.",
- sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => "Unsupported enclave loading policy.",
+ sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => {
+ "Unsupported enclave loading policy."
+ }
sgx_quote3_error_t::SGX_QL_INTERFACE_UNAVAILABLE => "Unable to load the QE enclave.",
- sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => "Unable to find the platform library with the dependent APIs.",
- sgx_quote3_error_t::SGX_QL_ATT_KEY_NOT_INITIALIZED => "The attestation key doesn't exist or has not been certified.",
- sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => "The certification data retrieved from the platform library is invalid.",
- sgx_quote3_error_t::SGX_QL_NO_PLATFORM_CERT_DATA => "The platform library doesn't have any platfrom cert data.",
- sgx_quote3_error_t::SGX_QL_OUT_OF_EPC => "Not enough memory in the EPC to load the enclave.",
- sgx_quote3_error_t::SGX_QL_ERROR_REPORT => "There was a problem verifying an SGX REPORT.",
- sgx_quote3_error_t::SGX_QL_ENCLAVE_LOST => "Interfacing to the enclave failed due to a power transition.",
- sgx_quote3_error_t::SGX_QL_INVALID_REPORT => "Error verifying the application enclave's report.",
+ sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => {
+ "Unable to find the platform library with the dependent APIs."
+ }
+ sgx_quote3_error_t::SGX_QL_ATT_KEY_NOT_INITIALIZED => {
+ "The attestation key doesn't exist or has not been certified."
+ }
+ sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => {
+ "The certification data retrieved from the platform library is invalid."
+ }
+ sgx_quote3_error_t::SGX_QL_NO_PLATFORM_CERT_DATA => {
+ "The platform library doesn't have any platfrom cert data."
+ }
+ sgx_quote3_error_t::SGX_QL_OUT_OF_EPC => {
+ "Not enough memory in the EPC to load the enclave."
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_REPORT => {
+ "There was a problem verifying an SGX REPORT."
+ }
+ sgx_quote3_error_t::SGX_QL_ENCLAVE_LOST => {
+ "Interfacing to the enclave failed due to a power transition."
+ }
+ sgx_quote3_error_t::SGX_QL_INVALID_REPORT => {
+ "Error verifying the application enclave's report."
+ }
sgx_quote3_error_t::SGX_QL_ENCLAVE_LOAD_ERROR => "Unable to load the enclaves.",
- sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => "The QE was unable to generate its own report targeting the application enclave.",
- sgx_quote3_error_t::SGX_QL_KEY_CERTIFCATION_ERROR => "Caused when the provider library returns an invalid TCB.",
+ sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => {
+ "The QE was unable to generate its own report targeting the application enclave."
+ }
+ sgx_quote3_error_t::SGX_QL_KEY_CERTIFCATION_ERROR => {
+ "Caused when the provider library returns an invalid TCB."
+ }
sgx_quote3_error_t::SGX_QL_NETWORK_ERROR => "Network error when retrieving PCK certs.",
sgx_quote3_error_t::SGX_QL_MESSAGE_ERROR => "Message error when retrieving PCK certs.",
- sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => "The platform does not have the quote verification collateral data available.",
+ sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => {
+ "The platform does not have the quote verification collateral data available."
+ }
sgx_quote3_error_t::SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => "",
sgx_quote3_error_t::SGX_QL_QUOTE_FORMAT_UNSUPPORTED => "",
sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_REPORT => "",
@@ -511,90 +566,169 @@
sgx_quote3_error_t::SGX_QL_TCB_REVOKED => "",
sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_NEEDED => "",
sgx_quote3_error_t::SGX_QL_UNABLE_TO_GET_COLLATERAL => "",
- sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PRIVILEGE => "No enough privilege to perform the operation.",
- sgx_quote3_error_t::SGX_QL_NO_QVE_IDENTITY_DATA => "The platform does not have the QVE identity data available.",
+ sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PRIVILEGE => {
+ "No enough privilege to perform the operation."
+ }
+ sgx_quote3_error_t::SGX_QL_NO_QVE_IDENTITY_DATA => {
+ "The platform does not have the QVE identity data available."
+ }
sgx_quote3_error_t::SGX_QL_CRL_UNSUPPORTED_FORMAT => "",
sgx_quote3_error_t::SGX_QL_QEIDENTITY_CHAIN_ERROR => "",
sgx_quote3_error_t::SGX_QL_TCBINFO_CHAIN_ERROR => "",
- sgx_quote3_error_t::SGX_QL_ERROR_QVL_QVE_MISMATCH => "QvE returned supplemental data version mismatched between QVL and QvE.",
- sgx_quote3_error_t::SGX_QL_TCB_SW_HARDENING_NEEDED => "TCB up to date but SW Hardening needed.",
- sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => "TCB up to date but Configuration and SW Hardening needed.",
+ sgx_quote3_error_t::SGX_QL_ERROR_QVL_QVE_MISMATCH => {
+ "QvE returned supplemental data version mismatched between QVL and QvE."
+ }
+ sgx_quote3_error_t::SGX_QL_TCB_SW_HARDENING_NEEDED => {
+ "TCB up to date but SW Hardening needed."
+ }
+ sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => {
+ "TCB up to date but Configuration and SW Hardening needed."
+ }
sgx_quote3_error_t::SGX_QL_UNSUPPORTED_MODE => "",
sgx_quote3_error_t::SGX_QL_NO_DEVICE => "",
sgx_quote3_error_t::SGX_QL_SERVICE_UNAVAILABLE => "",
sgx_quote3_error_t::SGX_QL_NETWORK_FAILURE => "",
sgx_quote3_error_t::SGX_QL_SERVICE_TIMEOUT => "",
sgx_quote3_error_t::SGX_QL_ERROR_BUSY => "",
- sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => "Unexpected error from the cache service.",
- sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => "Error storing the retrieved cached data in persistent memory.",
+ sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => {
+ "Unexpected error from the cache service."
+ }
+ sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => {
+ "Error storing the retrieved cached data in persistent memory."
+ }
sgx_quote3_error_t::SGX_QL_ERROR_MESSAGE_PARSING_ERROR => "Message parsing error.",
sgx_quote3_error_t::SGX_QL_PLATFORM_UNKNOWN => "Platform was not found in the cache",
- sgx_quote3_error_t::SGX_QL_UNKNOWN_API_VERSION => "The current PCS API version configured is unknown.",
- sgx_quote3_error_t::SGX_QL_CERTS_UNAVAILABLE => "Certificates are not available for this platform",
- sgx_quote3_error_t::SGX_QL_QVEIDENTITY_MISMATCH => "QvE Identity is NOT match to Intel signed QvE identity.",
- sgx_quote3_error_t::SGX_QL_QVE_OUT_OF_DATE => "QvE ISVSVN is smaller then the ISVSVN threshold.",
- sgx_quote3_error_t::SGX_QL_PSW_NOT_AVAILABLE => "SGX PSW library cannot be loaded, could be due to file I/O error.",
- sgx_quote3_error_t::SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED => "SGX quote verification collateral version not supported by QVL/QvE",
- sgx_quote3_error_t::SGX_QL_ERROR_MAX => "Indicate max error to allow better translation.",
+ sgx_quote3_error_t::SGX_QL_UNKNOWN_API_VERSION => {
+ "The current PCS API version configured is unknown."
+ }
+ sgx_quote3_error_t::SGX_QL_CERTS_UNAVAILABLE => {
+ "Certificates are not available for this platform"
+ }
+ sgx_quote3_error_t::SGX_QL_QVEIDENTITY_MISMATCH => {
+ "QvE Identity is NOT match to Intel signed QvE identity."
+ }
+ sgx_quote3_error_t::SGX_QL_QVE_OUT_OF_DATE => {
+ "QvE ISVSVN is smaller then the ISVSVN threshold."
+ }
+ sgx_quote3_error_t::SGX_QL_PSW_NOT_AVAILABLE => {
+ "SGX PSW library cannot be loaded, could be due to file I/O error."
+ }
+ sgx_quote3_error_t::SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED => {
+ "SGX quote verification collateral version not supported by QVL/QvE"
+ }
+ sgx_quote3_error_t::SGX_QL_TDX_MODULE_MISMATCH => {
+ "TDX SEAM module identity is NOT match to Intel signed TDX SEAM module"
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_MAX => {
+ "Indicate max error to allow better translation."
+ }
}
}
- pub fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &'static str {
match *self {
sgx_quote3_error_t::SGX_QL_SUCCESS => "SGX_QL_SUCCESS",
-// sgx_quote3_error_t::SGX_QL_ERROR_MIN => "SGX_QL_ERROR_MIN",
+ // sgx_quote3_error_t::SGX_QL_ERROR_MIN => "SGX_QL_ERROR_MIN",
sgx_quote3_error_t::SGX_QL_ERROR_UNEXPECTED => "SGX_QL_ERROR_UNEXPECTED",
sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PARAMETER => "SGX_QL_ERROR_INVALID_PARAMETER",
sgx_quote3_error_t::SGX_QL_ERROR_OUT_OF_MEMORY => "SGX_QL_ERROR_OUT_OF_MEMORY",
sgx_quote3_error_t::SGX_QL_ERROR_ECDSA_ID_MISMATCH => "SGX_QL_ERROR_ECDSA_ID_MISMATCH",
- sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => "SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR",
+ sgx_quote3_error_t::SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR => {
+ "SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR"
+ }
sgx_quote3_error_t::SGX_QL_FILE_ACCESS_ERROR => "SGX_QL_FILE_ACCESS_ERROR",
sgx_quote3_error_t::SGX_QL_ERROR_STORED_KEY => "SGX_QL_ERROR_STORED_KEY",
- sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => "SGX_QL_ERROR_PUB_KEY_ID_MISMATCH",
- sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => "SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME",
+ sgx_quote3_error_t::SGX_QL_ERROR_PUB_KEY_ID_MISMATCH => {
+ "SGX_QL_ERROR_PUB_KEY_ID_MISMATCH"
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME => {
+ "SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME"
+ }
sgx_quote3_error_t::SGX_QL_ATT_KEY_BLOB_ERROR => "SGX_QL_ATT_KEY_BLOB_ERROR",
sgx_quote3_error_t::SGX_QL_UNSUPPORTED_ATT_KEY_ID => "SGX_QL_UNSUPPORTED_ATT_KEY_ID",
- sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => "SGX_QL_UNSUPPORTED_LOADING_POLICY",
+ sgx_quote3_error_t::SGX_QL_UNSUPPORTED_LOADING_POLICY => {
+ "SGX_QL_UNSUPPORTED_LOADING_POLICY"
+ }
sgx_quote3_error_t::SGX_QL_INTERFACE_UNAVAILABLE => "SGX_QL_INTERFACE_UNAVAILABLE",
- sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => "SGX_QL_PLATFORM_LIB_UNAVAILABLE",
+ sgx_quote3_error_t::SGX_QL_PLATFORM_LIB_UNAVAILABLE => {
+ "SGX_QL_PLATFORM_LIB_UNAVAILABLE"
+ }
sgx_quote3_error_t::SGX_QL_ATT_KEY_NOT_INITIALIZED => "SGX_QL_ATT_KEY_NOT_INITIALIZED",
- sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => "SGX_QL_ATT_KEY_CERT_DATA_INVALID",
+ sgx_quote3_error_t::SGX_QL_ATT_KEY_CERT_DATA_INVALID => {
+ "SGX_QL_ATT_KEY_CERT_DATA_INVALID"
+ }
sgx_quote3_error_t::SGX_QL_NO_PLATFORM_CERT_DATA => "SGX_QL_NO_PLATFORM_CERT_DATA",
sgx_quote3_error_t::SGX_QL_OUT_OF_EPC => "SGX_QL_OUT_OF_EPC",
sgx_quote3_error_t::SGX_QL_ERROR_REPORT => "SGX_QL_ERROR_REPORT",
sgx_quote3_error_t::SGX_QL_ENCLAVE_LOST => "SGX_QL_ENCLAVE_LOST",
sgx_quote3_error_t::SGX_QL_INVALID_REPORT => "SGX_QL_INVALID_REPORT",
sgx_quote3_error_t::SGX_QL_ENCLAVE_LOAD_ERROR => "SGX_QL_ENCLAVE_LOAD_ERROR",
- sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => "SGX_QL_UNABLE_TO_GENERATE_QE_REPORT",
+ sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_QE_REPORT => {
+ "SGX_QL_UNABLE_TO_GENERATE_QE_REPORT"
+ }
sgx_quote3_error_t::SGX_QL_KEY_CERTIFCATION_ERROR => "SGX_QL_KEY_CERTIFCATION_ERROR",
sgx_quote3_error_t::SGX_QL_NETWORK_ERROR => "SGX_QL_NETWORK_ERROR",
sgx_quote3_error_t::SGX_QL_MESSAGE_ERROR => "SGX_QL_MESSAGE_ERROR",
- sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => "SGX_QL_NO_QUOTE_COLLATERAL_DATA",
- sgx_quote3_error_t::SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => "SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED",
- sgx_quote3_error_t::SGX_QL_QUOTE_FORMAT_UNSUPPORTED => "SGX_QL_QUOTE_FORMAT_UNSUPPORTED",
- sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_REPORT => "SGX_QL_UNABLE_TO_GENERATE_REPORT",
- sgx_quote3_error_t::SGX_QL_QE_REPORT_INVALID_SIGNATURE => "SGX_QL_QE_REPORT_INVALID_SIGNATURE",
- sgx_quote3_error_t::SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT => "SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT",
- sgx_quote3_error_t::SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT => "SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT",
+ sgx_quote3_error_t::SGX_QL_NO_QUOTE_COLLATERAL_DATA => {
+ "SGX_QL_NO_QUOTE_COLLATERAL_DATA"
+ }
+ sgx_quote3_error_t::SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED => {
+ "SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED"
+ }
+ sgx_quote3_error_t::SGX_QL_QUOTE_FORMAT_UNSUPPORTED => {
+ "SGX_QL_QUOTE_FORMAT_UNSUPPORTED"
+ }
+ sgx_quote3_error_t::SGX_QL_UNABLE_TO_GENERATE_REPORT => {
+ "SGX_QL_UNABLE_TO_GENERATE_REPORT"
+ }
+ sgx_quote3_error_t::SGX_QL_QE_REPORT_INVALID_SIGNATURE => {
+ "SGX_QL_QE_REPORT_INVALID_SIGNATURE"
+ }
+ sgx_quote3_error_t::SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT => {
+ "SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT"
+ }
+ sgx_quote3_error_t::SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT => {
+ "SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT"
+ }
sgx_quote3_error_t::SGX_QL_PCK_CERT_CHAIN_ERROR => "SGX_QL_PCK_CERT_CHAIN_ERROR",
- sgx_quote3_error_t::SGX_QL_TCBINFO_UNSUPPORTED_FORMAT => "SGX_QL_TCBINFO_UNSUPPORTED_FORMAT",
+ sgx_quote3_error_t::SGX_QL_TCBINFO_UNSUPPORTED_FORMAT => {
+ "SGX_QL_TCBINFO_UNSUPPORTED_FORMAT"
+ }
sgx_quote3_error_t::SGX_QL_TCBINFO_MISMATCH => "SGX_QL_TCBINFO_MISMATCH",
- sgx_quote3_error_t::SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT => "SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT",
+ sgx_quote3_error_t::SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT => {
+ "SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT"
+ }
sgx_quote3_error_t::SGX_QL_QEIDENTITY_MISMATCH => "SGX_QL_QEIDENTITY_MISMATCH",
sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE => "SGX_QL_TCB_OUT_OF_DATE",
- sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED => "SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED",
- sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE => "SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE",
- sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE => "SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE",
+ sgx_quote3_error_t::SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED => {
+ "SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED"
+ }
+ sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE => {
+ "SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE"
+ }
+ sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE => {
+ "SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE"
+ }
sgx_quote3_error_t::SGX_QL_QE_IDENTITY_OUT_OF_DATE => "SGX_QL_QE_IDENTITY_OUT_OF_DATE",
sgx_quote3_error_t::SGX_QL_SGX_TCB_INFO_EXPIRED => "SGX_QL_SGX_TCB_INFO_EXPIRED",
- sgx_quote3_error_t::SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED => "SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED",
+ sgx_quote3_error_t::SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED => {
+ "SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED"
+ }
sgx_quote3_error_t::SGX_QL_SGX_CRL_EXPIRED => "SGX_QL_SGX_CRL_EXPIRED",
- sgx_quote3_error_t::SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED => "SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED",
- sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED => "SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED",
+ sgx_quote3_error_t::SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED => {
+ "SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED"
+ }
+ sgx_quote3_error_t::SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED => {
+ "SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED"
+ }
sgx_quote3_error_t::SGX_QL_PCK_REVOKED => "SGX_QL_PCK_REVOKED",
sgx_quote3_error_t::SGX_QL_TCB_REVOKED => "SGX_QL_TCB_REVOKED",
- sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_NEEDED => "SGX_QL_TCB_CONFIGURATION_NEEDED",
- sgx_quote3_error_t::SGX_QL_UNABLE_TO_GET_COLLATERAL => "SGX_QL_UNABLE_TO_GET_COLLATERAL",
+ sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_NEEDED => {
+ "SGX_QL_TCB_CONFIGURATION_NEEDED"
+ }
+ sgx_quote3_error_t::SGX_QL_UNABLE_TO_GET_COLLATERAL => {
+ "SGX_QL_UNABLE_TO_GET_COLLATERAL"
+ }
sgx_quote3_error_t::SGX_QL_ERROR_INVALID_PRIVILEGE => "SGX_QL_ERROR_INVALID_PRIVILEGE",
sgx_quote3_error_t::SGX_QL_NO_QVE_IDENTITY_DATA => "SGX_QL_NO_QVE_IDENTITY_DATA",
sgx_quote3_error_t::SGX_QL_CRL_UNSUPPORTED_FORMAT => "SGX_QL_CRL_UNSUPPORTED_FORMAT",
@@ -602,23 +736,34 @@
sgx_quote3_error_t::SGX_QL_TCBINFO_CHAIN_ERROR => "SGX_QL_TCBINFO_CHAIN_ERROR",
sgx_quote3_error_t::SGX_QL_ERROR_QVL_QVE_MISMATCH => "SGX_QL_ERROR_QVL_QVE_MISMATCH",
sgx_quote3_error_t::SGX_QL_TCB_SW_HARDENING_NEEDED => "SGX_QL_TCB_SW_HARDENING_NEEDED",
- sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => "SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED",
+ sgx_quote3_error_t::SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED => {
+ "SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED"
+ }
sgx_quote3_error_t::SGX_QL_UNSUPPORTED_MODE => "SGX_QL_UNSUPPORTED_MODE",
sgx_quote3_error_t::SGX_QL_NO_DEVICE => "SGX_QL_NO_DEVICE",
sgx_quote3_error_t::SGX_QL_SERVICE_UNAVAILABLE => "SGX_QL_SERVICE_UNAVAILABLE",
sgx_quote3_error_t::SGX_QL_NETWORK_FAILURE => "SGX_QL_NETWORK_FAILURE",
sgx_quote3_error_t::SGX_QL_SERVICE_TIMEOUT => "SGX_QL_SERVICE_TIMEOUT",
sgx_quote3_error_t::SGX_QL_ERROR_BUSY => "SGX_QL_ERROR_BUSY",
- sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => "SGX_QL_UNKNOWN_MESSAGE_RESPONSE",
- sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => "SGX_QL_PERSISTENT_STORAGE_ERROR",
- sgx_quote3_error_t::SGX_QL_ERROR_MESSAGE_PARSING_ERROR => "SGX_QL_ERROR_MESSAGE_PARSING_ERROR",
+ sgx_quote3_error_t::SGX_QL_UNKNOWN_MESSAGE_RESPONSE => {
+ "SGX_QL_UNKNOWN_MESSAGE_RESPONSE"
+ }
+ sgx_quote3_error_t::SGX_QL_PERSISTENT_STORAGE_ERROR => {
+ "SGX_QL_PERSISTENT_STORAGE_ERROR"
+ }
+ sgx_quote3_error_t::SGX_QL_ERROR_MESSAGE_PARSING_ERROR => {
+ "SGX_QL_ERROR_MESSAGE_PARSING_ERROR"
+ }
sgx_quote3_error_t::SGX_QL_PLATFORM_UNKNOWN => "SGX_QL_PLATFORM_UNKNOWN",
sgx_quote3_error_t::SGX_QL_UNKNOWN_API_VERSION => "SGX_QL_UNKNOWN_API_VERSION",
sgx_quote3_error_t::SGX_QL_CERTS_UNAVAILABLE => "SGX_QL_CERTS_UNAVAILABLE",
sgx_quote3_error_t::SGX_QL_QVEIDENTITY_MISMATCH => "SGX_QL_QVEIDENTITY_MISMATCH",
sgx_quote3_error_t::SGX_QL_QVE_OUT_OF_DATE => "SGX_QL_QVE_OUT_OF_DATE",
sgx_quote3_error_t::SGX_QL_PSW_NOT_AVAILABLE => "SGX_QL_PSW_NOT_AVAILABLE",
- sgx_quote3_error_t::SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED => "SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED",
+ sgx_quote3_error_t::SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED => {
+ "SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED"
+ }
+ sgx_quote3_error_t::SGX_QL_TDX_MODULE_MISMATCH => "SGX_QL_TDX_MODULE_MISMATCH",
sgx_quote3_error_t::SGX_QL_ERROR_MAX => "SGX_QL_ERROR_MAX",
}
}
@@ -659,20 +804,36 @@
}
impl sgx_qcnl_error_t {
- pub fn __description(&self) -> &str {
+ pub fn __description(&self) -> &'static str {
match *self {
sgx_qcnl_error_t::SGX_QCNL_SUCCESS => "Success.",
sgx_qcnl_error_t::SGX_QCNL_UNEXPECTED_ERROR => "Unexpected error.",
sgx_qcnl_error_t::SGX_QCNL_INVALID_PARAMETER => "The parameter is incorrect.",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_ERROR => "Network error.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_PROXY_FAIL => "Network error : Couldn't resolve proxy.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_HOST_FAIL => "Network error : Couldn't resolve host.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => "Network error : Failed to connect() to host or proxy.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTP2_ERROR => "Network error : A problem was detected in the HTTP2 framing layer.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_WRITE_ERROR => "Network error : an error was returned to libcurl from a write callback.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => "Network error : Operation timeout.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTPS_ERROR => "Network error : A problem occurred somewhere in the SSL/TLS handshake.",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_UNKNOWN_OPTION => "Network error : An option passed to libcurl is not recognized/known.",
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_PROXY_FAIL => {
+ "Network error : Couldn't resolve proxy."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_HOST_FAIL => {
+ "Network error : Couldn't resolve host."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => {
+ "Network error : Failed to connect() to host or proxy."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTP2_ERROR => {
+ "Network error : A problem was detected in the HTTP2 framing layer."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_WRITE_ERROR => {
+ "Network error : an error was returned to libcurl from a write callback."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => {
+ "Network error : Operation timeout."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTPS_ERROR => {
+ "Network error : A problem occurred somewhere in the SSL/TLS handshake."
+ }
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_UNKNOWN_OPTION => {
+ "Network error : An option passed to libcurl is not recognized/known."
+ }
sgx_qcnl_error_t::SGX_QCNL_NETWORK_INIT_ERROR => "Failed to initialize CURL library.",
sgx_qcnl_error_t::SGX_QCNL_MSG_ERROR => "HTTP message error.",
sgx_qcnl_error_t::SGX_QCNL_OUT_OF_MEMORY => "Out of memory error.",
@@ -680,12 +841,14 @@
sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN => "Platform unknown.",
sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_UNEXPECTED => "Unexpected cache error",
sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE => "Certs not available",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE => "Service is currently not available",
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE => {
+ "Service is currently not available"
+ }
sgx_qcnl_error_t::SGX_QCNL_INVALID_CONFIG => "Error in configuration file",
}
}
- pub fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &'static str {
match *self {
sgx_qcnl_error_t::SGX_QCNL_SUCCESS => "SGX_QCNL_SUCCESS.",
sgx_qcnl_error_t::SGX_QCNL_UNEXPECTED_ERROR => "SGX_QCNL_UNEXPECTED_ERROR",
@@ -693,20 +856,34 @@
sgx_qcnl_error_t::SGX_QCNL_NETWORK_ERROR => "SGX_QCNL_NETWORK_ERROR",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_PROXY_FAIL => "SGX_QCNL_NETWORK_PROXY_FAIL",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_HOST_FAIL => "SGX_QCNL_NETWORK_HOST_FAIL",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => "SGX_QCNL_NETWORK_COULDNT_CONNECT",
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_COULDNT_CONNECT => {
+ "SGX_QCNL_NETWORK_COULDNT_CONNECT"
+ }
sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTP2_ERROR => "SGX_QCNL_NETWORK_HTTP2_ERROR",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_WRITE_ERROR => "SGX_QCNL_NETWORK_WRITE_ERROR",
- sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => "SGX_QCNL_NETWORK_OPERATION_TIMEDOUT",
+ sgx_qcnl_error_t::SGX_QCNL_NETWORK_OPERATION_TIMEDOUT => {
+ "SGX_QCNL_NETWORK_OPERATION_TIMEDOUT"
+ }
sgx_qcnl_error_t::SGX_QCNL_NETWORK_HTTPS_ERROR => "SGX_QCNL_NETWORK_HTTPS_ERROR",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_UNKNOWN_OPTION => "SGX_QCNL_NETWORK_UNKNOWN_OPTION",
sgx_qcnl_error_t::SGX_QCNL_NETWORK_INIT_ERROR => "SGX_QCNL_NETWORK_INIT_ERROR",
sgx_qcnl_error_t::SGX_QCNL_MSG_ERROR => "SGX_QCNL_MSG_ERROR",
sgx_qcnl_error_t::SGX_QCNL_OUT_OF_MEMORY => "SGX_QCNL_OUT_OF_MEMORY",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA => "SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN => "SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_UNEXPECTED => "SGX_QCNL_ERROR_STATUS_UNEXPECTED",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE => "SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE",
- sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE => "SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE",
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA => {
+ "SGX_QCNL_ERROR_STATUS_NO_CACHE_DATA"
+ }
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN => {
+ "SGX_QCNL_ERROR_STATUS_PLATFORM_UNKNOWN"
+ }
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_UNEXPECTED => {
+ "SGX_QCNL_ERROR_STATUS_UNEXPECTED"
+ }
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE => {
+ "SGX_QCNL_ERROR_STATUS_CERTS_UNAVAILABLE"
+ }
+ sgx_qcnl_error_t::SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE => {
+ "SGX_QCNL_ERROR_STATUS_SERVICE_UNAVAILABLE"
+ }
sgx_qcnl_error_t::SGX_QCNL_INVALID_CONFIG => "SGX_QCNL_INVALID_CONFIG",
}
}
@@ -737,7 +914,7 @@
}
impl sgx_ql_qv_result_t {
- pub fn __description(&self) -> &str {
+ pub fn __description(&self) -> &'static str {
match *self {
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => "The Quote verification passed and is at the latest TCB level.",
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_NEEDED => "The Quote verification passed and the platform is patched to the latest TCB level but additional configuration of the SGX platform may be needed.",
@@ -752,17 +929,25 @@
}
}
- pub fn as_str(&self) -> &str {
+ pub fn as_str(&self) -> &'static str {
match *self {
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => "SGX_QL_QV_RESULT_OK",
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_NEEDED => "SGX_QL_QV_RESULT_CONFIG_NEEDED",
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE => "SGX_QL_QV_RESULT_OUT_OF_DATE",
- sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED => "SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED",
- sgx_ql_qv_result_t::SGX_QL_QV_RESULT_INVALID_SIGNATURE => "SGX_QL_QV_RESULT_INVALID_SIGNATURE",
+ sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED => {
+ "SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED"
+ }
+ sgx_ql_qv_result_t::SGX_QL_QV_RESULT_INVALID_SIGNATURE => {
+ "SGX_QL_QV_RESULT_INVALID_SIGNATURE"
+ }
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_REVOKED => "SGX_QL_QV_RESULT_REVOKED",
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_UNSPECIFIED => "SGX_QL_QV_RESULT_UNSPECIFIED",
- sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED => "SGX_QL_QV_RESULT_SW_HARDENING_NEEDED",
- sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED => "SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED",
+ sgx_ql_qv_result_t::SGX_QL_QV_RESULT_SW_HARDENING_NEEDED => {
+ "SGX_QL_QV_RESULT_SW_HARDENING_NEEDED"
+ }
+ sgx_ql_qv_result_t::SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED => {
+ "SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED"
+ }
sgx_ql_qv_result_t::SGX_QL_QV_RESULT_MAX => "SGX_QL_QV_RESULT_MAX",
}
}
diff --git a/sgx_types/src/function.rs b/sgx_types/src/function.rs
index b4739f6..900e64d 100644
--- a/sgx_types/src/function.rs
+++ b/sgx_types/src/function.rs
@@ -25,7 +25,8 @@
// sgx_cpuid.h
//
pub fn sgx_cpuid(cpuinfo: *mut [int32_t; 4], leaf: int32_t) -> sgx_status_t;
- pub fn sgx_cpuidex(cpuinfo: *mut [int32_t; 4], leaf: int32_t, subleaf: int32_t) -> sgx_status_t;
+ pub fn sgx_cpuidex(cpuinfo: *mut [int32_t; 4], leaf: int32_t, subleaf: int32_t)
+ -> sgx_status_t;
//
// sgx_spinlock.h
@@ -36,17 +37,26 @@
//
// sgx_thread.h
//
- pub fn sgx_thread_mutex_init(mutex: *mut sgx_thread_mutex_t, unused: *const sgx_thread_mutex_attr_t) -> int32_t;
+ pub fn sgx_thread_mutex_init(
+ mutex: *mut sgx_thread_mutex_t,
+ unused: *const sgx_thread_mutex_attr_t,
+ ) -> int32_t;
pub fn sgx_thread_mutex_destroy(mutex: *mut sgx_thread_mutex_t) -> int32_t;
pub fn sgx_thread_mutex_lock(mutex: *mut sgx_thread_mutex_t) -> int32_t;
pub fn sgx_thread_mutex_trylock(mutex: *mut sgx_thread_mutex_t) -> int32_t;
pub fn sgx_thread_mutex_unlock(mutex: *mut sgx_thread_mutex_t) -> int32_t;
- pub fn sgx_thread_cond_init(cond: *mut sgx_thread_cond_t, unused: *const sgx_thread_cond_attr_t) -> int32_t;
+ pub fn sgx_thread_cond_init(
+ cond: *mut sgx_thread_cond_t,
+ unused: *const sgx_thread_cond_attr_t,
+ ) -> int32_t;
pub fn sgx_thread_cond_destroy(cond: *mut sgx_thread_cond_t) -> int32_t;
- pub fn sgx_thread_cond_wait(cond: *mut sgx_thread_cond_t, mutex: *mut sgx_thread_mutex_t) -> int32_t;
+ pub fn sgx_thread_cond_wait(
+ cond: *mut sgx_thread_cond_t,
+ mutex: *mut sgx_thread_mutex_t,
+ ) -> int32_t;
pub fn sgx_thread_cond_signal(cond: *mut sgx_thread_cond_t) -> int32_t;
pub fn sgx_thread_cond_broadcast(cond: *mut sgx_thread_cond_t) -> int32_t;
@@ -54,7 +64,10 @@
pub fn sgx_thread_equal(a: sgx_thread_t, b: sgx_thread_t) -> int32_t;
/* intel sgx sdk 2.11 */
- pub fn sgx_thread_rwlock_init(rwlock: *mut sgx_thread_rwlock_t, unused: *const sgx_thread_rwlockattr_t) -> int32_t;
+ pub fn sgx_thread_rwlock_init(
+ rwlock: *mut sgx_thread_rwlock_t,
+ unused: *const sgx_thread_rwlockattr_t,
+ ) -> int32_t;
pub fn sgx_thread_rwlock_destroy(rwlock: *mut sgx_thread_rwlock_t) -> int32_t;
pub fn sgx_thread_rwlock_rdlock(rwlock: *mut sgx_thread_rwlock_t) -> int32_t;
pub fn sgx_thread_rwlock_tryrdlock(rwlock: *mut sgx_thread_rwlock_t) -> int32_t;
@@ -70,10 +83,17 @@
//
pub fn sgx_alloc_rsrv_mem(length: size_t) -> *mut c_void;
pub fn sgx_free_rsrv_mem(addr: *const c_void, length: size_t) -> int32_t;
- pub fn sgx_tprotect_rsrv_mem(addr: *const c_void, length: size_t, prot: int32_t) -> sgx_status_t;
+ pub fn sgx_tprotect_rsrv_mem(
+ addr: *const c_void,
+ length: size_t,
+ prot: int32_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.11 */
- pub fn sgx_get_rsrv_mem_info(start_addr: *mut *mut c_void, max_size: *mut size_t) -> sgx_status_t;
+ pub fn sgx_get_rsrv_mem_info(
+ start_addr: *mut *mut c_void,
+ max_size: *mut size_t,
+ ) -> sgx_status_t;
pub fn sgx_alloc_rsrv_mem_ex(desired_addr: *const c_void, length: size_t) -> *mut c_void;
}
@@ -82,25 +102,36 @@
//
// sgx_dh.h
//
- pub fn sgx_dh_init_session(role: sgx_dh_session_role_t, session: *mut sgx_dh_session_t) -> sgx_status_t;
+ pub fn sgx_dh_init_session(
+ role: sgx_dh_session_role_t,
+ session: *mut sgx_dh_session_t,
+ ) -> sgx_status_t;
- pub fn sgx_dh_responder_gen_msg1(msg1: *mut sgx_dh_msg1_t,
- dh_session: *mut sgx_dh_session_t) -> sgx_status_t;
+ pub fn sgx_dh_responder_gen_msg1(
+ msg1: *mut sgx_dh_msg1_t,
+ dh_session: *mut sgx_dh_session_t,
+ ) -> sgx_status_t;
- pub fn sgx_dh_initiator_proc_msg1(msg1: *const sgx_dh_msg1_t,
- msg2: *mut sgx_dh_msg2_t,
- dh_session: *mut sgx_dh_session_t) -> sgx_status_t;
+ pub fn sgx_dh_initiator_proc_msg1(
+ msg1: *const sgx_dh_msg1_t,
+ msg2: *mut sgx_dh_msg2_t,
+ dh_session: *mut sgx_dh_session_t,
+ ) -> sgx_status_t;
- pub fn sgx_dh_responder_proc_msg2(msg2: *const sgx_dh_msg2_t,
- msg3: *mut sgx_dh_msg3_t,
- dh_session: *mut sgx_dh_session_t,
- aek: *mut sgx_key_128bit_t,
- initiator_identity: *mut sgx_dh_session_enclave_identity_t) -> sgx_status_t;
+ pub fn sgx_dh_responder_proc_msg2(
+ msg2: *const sgx_dh_msg2_t,
+ msg3: *mut sgx_dh_msg3_t,
+ dh_session: *mut sgx_dh_session_t,
+ aek: *mut sgx_key_128bit_t,
+ initiator_identity: *mut sgx_dh_session_enclave_identity_t,
+ ) -> sgx_status_t;
- pub fn sgx_dh_initiator_proc_msg3(msg3: *const sgx_dh_msg3_t,
- dh_session: *mut sgx_dh_session_t,
- aek: *mut sgx_key_128bit_t,
- responder_identity: *mut sgx_dh_session_enclave_identity_t) -> sgx_status_t;
+ pub fn sgx_dh_initiator_proc_msg3(
+ msg3: *const sgx_dh_msg3_t,
+ dh_session: *mut sgx_dh_session_t,
+ aek: *mut sgx_key_128bit_t,
+ responder_identity: *mut sgx_dh_session_enclave_identity_t,
+ ) -> sgx_status_t;
//
// sgx_tae_service.h
@@ -110,7 +141,7 @@
pub fn sgx_create_pse_session() -> sgx_status_t;
pub fn sgx_close_pse_session() -> sgx_status_t;
pub fn sgx_get_ps_sec_prop(security_property: *mut sgx_ps_sec_prop_desc_t) -> sgx_status_t;
- // intel sgx sdk 1.8
+ // intel sgx sdk 1.8
pub fn sgx_get_ps_sec_prop_ex(security_property: *mut sgx_ps_sec_prop_desc_ex_t) -> sgx_status_t;
pub fn sgx_get_trusted_time(current_time: *mut sgx_time_t, time_source_nonce: *mut sgx_time_source_nonce_t) -> sgx_status_t;
@@ -128,71 +159,105 @@
//
// sgx_tseal.h
//
- pub fn sgx_calc_sealed_data_size(add_mac_txt_size: uint32_t, txt_encrypt_size: uint32_t) -> uint32_t;
+ pub fn sgx_calc_sealed_data_size(
+ add_mac_txt_size: uint32_t,
+ txt_encrypt_size: uint32_t,
+ ) -> uint32_t;
pub fn sgx_get_add_mac_txt_len(p_sealed_data: *const sgx_sealed_data_t) -> uint32_t;
pub fn sgx_get_encrypt_txt_len(p_sealed_data: *const sgx_sealed_data_t) -> uint32_t;
- pub fn sgx_seal_data(additional_MACtext_length: uint32_t,
- p_additional_MACtext: *const uint8_t,
- text2encrypt_length: uint32_t,
- p_text2encrypt: *const uint8_t,
- sealed_data_size: uint32_t,
- p_sealed_data: *mut sgx_sealed_data_t) -> sgx_status_t;
+ pub fn sgx_seal_data(
+ additional_MACtext_length: uint32_t,
+ p_additional_MACtext: *const uint8_t,
+ text2encrypt_length: uint32_t,
+ p_text2encrypt: *const uint8_t,
+ sealed_data_size: uint32_t,
+ p_sealed_data: *mut sgx_sealed_data_t,
+ ) -> sgx_status_t;
- pub fn sgx_seal_data_ex(key_policy: uint16_t,
- attribute_mask: sgx_attributes_t,
- misc_mask: sgx_misc_select_t,
- additional_MACtext_length: uint32_t,
- p_additional_MACtext: *const uint8_t,
- text2encrypt_length: uint32_t,
- p_text2encrypt: *const uint8_t,
- sealed_data_size: uint32_t,
- p_sealed_data: *mut sgx_sealed_data_t) -> sgx_status_t;
+ pub fn sgx_seal_data_ex(
+ key_policy: uint16_t,
+ attribute_mask: sgx_attributes_t,
+ misc_mask: sgx_misc_select_t,
+ additional_MACtext_length: uint32_t,
+ p_additional_MACtext: *const uint8_t,
+ text2encrypt_length: uint32_t,
+ p_text2encrypt: *const uint8_t,
+ sealed_data_size: uint32_t,
+ p_sealed_data: *mut sgx_sealed_data_t,
+ ) -> sgx_status_t;
- pub fn sgx_unseal_data(p_sealed_data: *const sgx_sealed_data_t,
- p_additional_MACtext: *mut uint8_t,
- p_additional_MACtext_length: *mut uint32_t,
- p_decrypted_text: *mut uint8_t,
- p_decrypted_text_length: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_unseal_data(
+ p_sealed_data: *const sgx_sealed_data_t,
+ p_additional_MACtext: *mut uint8_t,
+ p_additional_MACtext_length: *mut uint32_t,
+ p_decrypted_text: *mut uint8_t,
+ p_decrypted_text_length: *mut uint32_t,
+ ) -> sgx_status_t;
- pub fn sgx_mac_aadata(additional_MACtext_length: uint32_t,
- p_additional_MACtext: *const uint8_t,
- sealed_data_size: uint32_t,
- p_sealed_data: *mut sgx_sealed_data_t) -> sgx_status_t;
+ pub fn sgx_mac_aadata(
+ additional_MACtext_length: uint32_t,
+ p_additional_MACtext: *const uint8_t,
+ sealed_data_size: uint32_t,
+ p_sealed_data: *mut sgx_sealed_data_t,
+ ) -> sgx_status_t;
- pub fn sgx_mac_aadata_ex(key_policy: uint16_t,
- attribute_mask: sgx_attributes_t,
- misc_mask: sgx_misc_select_t,
- additional_MACtext_length: uint32_t,
- p_additional_MACtext: *const uint8_t,
- sealed_data_size: uint32_t,
- p_sealed_data: *mut sgx_sealed_data_t) -> sgx_status_t;
+ pub fn sgx_mac_aadata_ex(
+ key_policy: uint16_t,
+ attribute_mask: sgx_attributes_t,
+ misc_mask: sgx_misc_select_t,
+ additional_MACtext_length: uint32_t,
+ p_additional_MACtext: *const uint8_t,
+ sealed_data_size: uint32_t,
+ p_sealed_data: *mut sgx_sealed_data_t,
+ ) -> sgx_status_t;
- pub fn sgx_unmac_aadata(p_sealed_data: *const sgx_sealed_data_t,
- p_additional_MACtext: *mut uint8_t,
- p_additional_MACtext_length: *mut uint32_t) -> sgx_status_t;
-
+ pub fn sgx_unmac_aadata(
+ p_sealed_data: *const sgx_sealed_data_t,
+ p_additional_MACtext: *mut uint8_t,
+ p_additional_MACtext_length: *mut uint32_t,
+ ) -> sgx_status_t;
//
// sgx_utils.h
//
- pub fn sgx_create_report(target_info : *const sgx_target_info_t,
- report_data: *const sgx_report_data_t,
- report: *mut sgx_report_t) -> sgx_status_t;
+ pub fn sgx_create_report(
+ target_info: *const sgx_target_info_t,
+ report_data: *const sgx_report_data_t,
+ report: *mut sgx_report_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.4 */
pub fn sgx_self_report() -> *const sgx_report_t;
pub fn sgx_self_target(target_info: *mut sgx_target_info_t) -> sgx_status_t;
pub fn sgx_verify_report(report: *const sgx_report_t) -> sgx_status_t;
- pub fn sgx_get_key(key_request: *const sgx_key_request_t, key: *mut sgx_key_128bit_t) -> sgx_status_t;
+ pub fn sgx_get_key(
+ key_request: *const sgx_key_request_t,
+ key: *mut sgx_key_128bit_t,
+ ) -> sgx_status_t;
+
+ /* intel sgx sdk 2.16 */
+ pub fn sgx_verify_report2(report_mac_struct: *const sgx_report2_mac_struct_t) -> sgx_status_t;
/* intel sgx sdk 2.7.1 */
//
// sgx_secure_align_api.h
//
- pub fn sgx_aligned_malloc(size: size_t, alignment: size_t, data: *const align_req_t, count: size_t) -> *mut c_void;
+ pub fn sgx_aligned_malloc(
+ size: size_t,
+ alignment: size_t,
+ data: *const align_req_t,
+ count: size_t,
+ ) -> *mut c_void;
pub fn sgx_aligned_free(ptr: *mut c_void);
- pub fn sgx_get_aligned_ptr(raw: *mut c_void, raw_size: size_t, allocate_size: size_t, alignment: size_t, data: *const align_req_t, count: size_t) -> *mut c_void;
+ pub fn sgx_get_aligned_ptr(
+ raw: *mut c_void,
+ raw_size: size_t,
+ allocate_size: size_t,
+ alignment: size_t,
+ data: *const align_req_t,
+ count: size_t,
+ ) -> *mut c_void;
}
//#[link(name = "sgx_tcrypto")]
@@ -200,82 +265,169 @@
//
// sgx_tcrypto.h
//
- pub fn sgx_sha256_msg(p_src: *const uint8_t, src_len: uint32_t, p_hash: *mut sgx_sha256_hash_t) -> sgx_status_t;
+ /* instel sgx sdk 2.16 */
+ pub fn sgx_sha384_msg(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_hash: *mut sgx_sha384_hash_t,
+ ) -> sgx_status_t;
+ pub fn sgx_sha384_init(p_sha_handle: *mut sgx_sha_state_handle_t) -> sgx_status_t;
+ pub fn sgx_sha384_update(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ sha_handle: sgx_sha_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_sha384_get_hash(
+ sha_handle: sgx_sha_state_handle_t,
+ p_hash: *mut sgx_sha384_hash_t,
+ ) -> sgx_status_t;
+ pub fn sgx_sha384_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t;
+
+ pub fn sgx_sha256_msg(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_hash: *mut sgx_sha256_hash_t,
+ ) -> sgx_status_t;
pub fn sgx_sha256_init(p_sha_handle: *mut sgx_sha_state_handle_t) -> sgx_status_t;
- pub fn sgx_sha256_update(p_src: *const uint8_t, src_len: uint32_t, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t;
- pub fn sgx_sha256_get_hash(sha_handle: sgx_sha_state_handle_t, p_hash: *mut sgx_sha256_hash_t) -> sgx_status_t;
+ pub fn sgx_sha256_update(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ sha_handle: sgx_sha_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_sha256_get_hash(
+ sha_handle: sgx_sha_state_handle_t,
+ p_hash: *mut sgx_sha256_hash_t,
+ ) -> sgx_status_t;
pub fn sgx_sha256_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t;
/* instel sgx sdk 2.4 */
- pub fn sgx_sha1_msg(p_src: *const uint8_t, src_len: uint32_t, p_hash: *mut sgx_sha1_hash_t) -> sgx_status_t;
+ pub fn sgx_sha1_msg(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_hash: *mut sgx_sha1_hash_t,
+ ) -> sgx_status_t;
pub fn sgx_sha1_init(p_sha_handle: *mut sgx_sha_state_handle_t) -> sgx_status_t;
- pub fn sgx_sha1_update(p_src: *const uint8_t, src_len: uint32_t, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t;
- pub fn sgx_sha1_get_hash(sha_handle: sgx_sha_state_handle_t, p_hash: *mut sgx_sha1_hash_t) -> sgx_status_t;
+ pub fn sgx_sha1_update(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ sha_handle: sgx_sha_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_sha1_get_hash(
+ sha_handle: sgx_sha_state_handle_t,
+ p_hash: *mut sgx_sha1_hash_t,
+ ) -> sgx_status_t;
pub fn sgx_sha1_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t;
- pub fn sgx_rijndael128GCM_encrypt(p_key: *const sgx_aes_gcm_128bit_key_t,
- p_src: *const uint8_t,
- src_len: uint32_t,
- p_dst: *mut uint8_t,
- p_iv: *const uint8_t,
- iv_len: uint32_t,
- p_aad: *const uint8_t,
- aad_len: uint32_t,
- p_out_mac: *mut sgx_aes_gcm_128bit_tag_t) -> sgx_status_t;
+ pub fn sgx_rijndael128GCM_encrypt(
+ p_key: *const sgx_aes_gcm_128bit_key_t,
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_dst: *mut uint8_t,
+ p_iv: *const uint8_t,
+ iv_len: uint32_t,
+ p_aad: *const uint8_t,
+ aad_len: uint32_t,
+ p_out_mac: *mut sgx_aes_gcm_128bit_tag_t,
+ ) -> sgx_status_t;
- pub fn sgx_rijndael128GCM_decrypt(p_key: *const sgx_aes_gcm_128bit_key_t,
- p_src: *const uint8_t,
- src_len: uint32_t,
- p_dst: *mut uint8_t,
- p_iv: *const uint8_t,
- iv_len: uint32_t,
- p_aad: *const uint8_t,
- aad_len: uint32_t,
- p_in_mac: *const sgx_aes_gcm_128bit_tag_t) -> sgx_status_t;
+ pub fn sgx_rijndael128GCM_decrypt(
+ p_key: *const sgx_aes_gcm_128bit_key_t,
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_dst: *mut uint8_t,
+ p_iv: *const uint8_t,
+ iv_len: uint32_t,
+ p_aad: *const uint8_t,
+ aad_len: uint32_t,
+ p_in_mac: *const sgx_aes_gcm_128bit_tag_t,
+ ) -> sgx_status_t;
- pub fn sgx_rijndael128_cmac_msg(p_key: *const sgx_cmac_128bit_key_t, p_src: *const uint8_t, src_len: uint32_t, p_mac: *mut sgx_cmac_128bit_tag_t) -> sgx_status_t;
- pub fn sgx_cmac128_init(p_key: *const sgx_cmac_128bit_key_t, p_cmac_handle: *mut sgx_cmac_state_handle_t) -> sgx_status_t;
- pub fn sgx_cmac128_update(p_src: *const uint8_t, src_len: uint32_t, cmac_handle: sgx_cmac_state_handle_t) -> sgx_status_t;
- pub fn sgx_cmac128_final(cmac_handle: sgx_cmac_state_handle_t, p_hash: *mut sgx_cmac_128bit_tag_t) -> sgx_status_t;
+ pub fn sgx_rijndael128_cmac_msg(
+ p_key: *const sgx_cmac_128bit_key_t,
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_mac: *mut sgx_cmac_128bit_tag_t,
+ ) -> sgx_status_t;
+ pub fn sgx_cmac128_init(
+ p_key: *const sgx_cmac_128bit_key_t,
+ p_cmac_handle: *mut sgx_cmac_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_cmac128_update(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ cmac_handle: sgx_cmac_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_cmac128_final(
+ cmac_handle: sgx_cmac_state_handle_t,
+ p_hash: *mut sgx_cmac_128bit_tag_t,
+ ) -> sgx_status_t;
pub fn sgx_cmac128_close(cmac_handle: sgx_cmac_state_handle_t) -> sgx_status_t;
/* intel sgx sdk 2.4 */
- pub fn sgx_hmac_sha256_msg(p_src: *const uint8_t,
- src_len: int32_t,
- p_key: *const uint8_t,
- key_len: int32_t,
- p_mac: *mut uint8_t,
- mac_len: int32_t) -> sgx_status_t;
+ pub fn sgx_hmac_sha256_msg(
+ p_src: *const uint8_t,
+ src_len: int32_t,
+ p_key: *const uint8_t,
+ key_len: int32_t,
+ p_mac: *mut uint8_t,
+ mac_len: int32_t,
+ ) -> sgx_status_t;
- pub fn sgx_hmac256_init(p_key: *const uint8_t, key_len: int32_t, p_hmac_handle: *mut sgx_hmac_state_handle_t) -> sgx_status_t;
- pub fn sgx_hmac256_update(p_src: *const uint8_t, src_len: int32_t, hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t;
- pub fn sgx_hmac256_final(p_hash: *mut uint8_t, hash_len: int32_t, hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t;
+ pub fn sgx_hmac256_init(
+ p_key: *const uint8_t,
+ key_len: int32_t,
+ p_hmac_handle: *mut sgx_hmac_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_hmac256_update(
+ p_src: *const uint8_t,
+ src_len: int32_t,
+ hmac_handle: sgx_hmac_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_hmac256_final(
+ p_hash: *mut uint8_t,
+ hash_len: int32_t,
+ hmac_handle: sgx_hmac_state_handle_t,
+ ) -> sgx_status_t;
pub fn sgx_hmac256_close(hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t;
- pub fn sgx_aes_ctr_encrypt(p_key: *const sgx_aes_ctr_128bit_key_t,
- p_src: *const uint8_t,
- src_len: uint32_t,
- p_ctr: *mut uint8_t,
- ctr_inc_bits: uint32_t,
- p_dst: *mut uint8_t) -> sgx_status_t;
+ pub fn sgx_aes_ctr_encrypt(
+ p_key: *const sgx_aes_ctr_128bit_key_t,
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_ctr: *mut uint8_t,
+ ctr_inc_bits: uint32_t,
+ p_dst: *mut uint8_t,
+ ) -> sgx_status_t;
- pub fn sgx_aes_ctr_decrypt(p_key: *const sgx_aes_ctr_128bit_key_t,
- p_src: *const uint8_t,
- src_len: uint32_t,
- p_ctr: *mut uint8_t,
- ctr_inc_bits: uint32_t,
- p_dst: *mut uint8_t) -> sgx_status_t;
+ pub fn sgx_aes_ctr_decrypt(
+ p_key: *const sgx_aes_ctr_128bit_key_t,
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_ctr: *mut uint8_t,
+ ctr_inc_bits: uint32_t,
+ p_dst: *mut uint8_t,
+ ) -> sgx_status_t;
pub fn sgx_ecc256_open_context(p_ecc_handle: *mut sgx_ecc_state_handle_t) -> sgx_status_t;
pub fn sgx_ecc256_close_context(ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
- pub fn sgx_ecc256_create_key_pair(p_private: *mut sgx_ec256_private_t, p_public: *mut sgx_ec256_public_t, ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
- pub fn sgx_ecc256_check_point(p_point: *const sgx_ec256_public_t, ecc_handle: sgx_ecc_state_handle_t, p_valid: *mut int32_t) -> sgx_status_t;
+ pub fn sgx_ecc256_create_key_pair(
+ p_private: *mut sgx_ec256_private_t,
+ p_public: *mut sgx_ec256_public_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_ecc256_check_point(
+ p_point: *const sgx_ec256_public_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ p_valid: *mut int32_t,
+ ) -> sgx_status_t;
- pub fn sgx_ecc256_compute_shared_dhkey(p_private_b: *const sgx_ec256_private_t,
- p_public_ga: *const sgx_ec256_public_t,
- p_shared_key: *mut sgx_ec256_dh_shared_t,
- ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
+ pub fn sgx_ecc256_compute_shared_dhkey(
+ p_private_b: *const sgx_ec256_private_t,
+ p_public_ga: *const sgx_ec256_public_t,
+ p_shared_key: *mut sgx_ec256_dh_shared_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 1.8 */
/* delete (intel sgx sdk 2.0)
pub fn sgx_ecc256_compute_shared_dhkey512(p_private_b: *mut sgx_ec256_private_t,
@@ -284,25 +436,31 @@
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
*/
- pub fn sgx_ecdsa_sign(p_data: *const uint8_t,
- data_size: uint32_t,
- p_private: *const sgx_ec256_private_t,
- p_signature: *mut sgx_ec256_signature_t,
- ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
+ pub fn sgx_ecdsa_sign(
+ p_data: *const uint8_t,
+ data_size: uint32_t,
+ p_private: *const sgx_ec256_private_t,
+ p_signature: *mut sgx_ec256_signature_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ ) -> sgx_status_t;
- pub fn sgx_ecdsa_verify(p_data: *const uint8_t,
- data_size: uint32_t,
- p_public: *const sgx_ec256_public_t,
- p_signature: *const sgx_ec256_signature_t,
- p_result: *mut uint8_t,
- ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
+ pub fn sgx_ecdsa_verify(
+ p_data: *const uint8_t,
+ data_size: uint32_t,
+ p_public: *const sgx_ec256_public_t,
+ p_signature: *const sgx_ec256_signature_t,
+ p_result: *mut uint8_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.4 */
- pub fn sgx_ecdsa_verify_hash(hash: *const uint8_t,
- p_public: *const sgx_ec256_public_t,
- p_signature: *const sgx_ec256_signature_t,
- p_result: *mut uint8_t,
- ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t;
+ pub fn sgx_ecdsa_verify_hash(
+ hash: *const uint8_t,
+ p_public: *const sgx_ec256_public_t,
+ p_signature: *const sgx_ec256_signature_t,
+ p_result: *mut uint8_t,
+ ecc_handle: sgx_ecc_state_handle_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 1.9 */
/*
@@ -313,104 +471,133 @@
*/
/* intel sgx sdk 2.0 */
- pub fn sgx_rsa3072_sign(p_data: *const uint8_t,
- data_size: uint32_t,
- p_key: *const sgx_rsa3072_key_t,
- p_signature: *mut sgx_rsa3072_signature_t) -> sgx_status_t;
+ pub fn sgx_rsa3072_sign(
+ p_data: *const uint8_t,
+ data_size: uint32_t,
+ p_key: *const sgx_rsa3072_key_t,
+ p_signature: *mut sgx_rsa3072_signature_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.15 */
- pub fn sgx_rsa3072_sign_ex(p_data: *const uint8_t,
- data_size: uint32_t,
- p_key: *const sgx_rsa3072_key_t,
- p_public: *const sgx_rsa3072_public_key_t,
- p_signature: *mut sgx_rsa3072_signature_t) -> sgx_status_t;
+ pub fn sgx_rsa3072_sign_ex(
+ p_data: *const uint8_t,
+ data_size: uint32_t,
+ p_key: *const sgx_rsa3072_key_t,
+ p_public: *const sgx_rsa3072_public_key_t,
+ p_signature: *mut sgx_rsa3072_signature_t,
+ ) -> sgx_status_t;
- pub fn sgx_rsa3072_verify(p_data: *const uint8_t,
- data_size: uint32_t,
- p_public: *const sgx_rsa3072_public_key_t,
- p_signature: *const sgx_rsa3072_signature_t,
- p_result: *mut sgx_rsa_result_t) -> sgx_status_t;
+ pub fn sgx_rsa3072_verify(
+ p_data: *const uint8_t,
+ data_size: uint32_t,
+ p_public: *const sgx_rsa3072_public_key_t,
+ p_signature: *const sgx_rsa3072_signature_t,
+ p_result: *mut sgx_rsa_result_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.1.3 */
- pub fn sgx_create_rsa_key_pair(n_byte_size: int32_t,
- e_byte_size: int32_t,
- p_n: *mut uint8_t,
- p_d: *mut uint8_t,
- p_e: *mut uint8_t,
- p_p: *mut uint8_t,
- p_q: *mut uint8_t,
- p_dmp1: *mut uint8_t,
- p_dmq1: *mut uint8_t,
- p_iqmp: *mut uint8_t) -> sgx_status_t;
+ pub fn sgx_create_rsa_key_pair(
+ n_byte_size: int32_t,
+ e_byte_size: int32_t,
+ p_n: *mut uint8_t,
+ p_d: *mut uint8_t,
+ p_e: *mut uint8_t,
+ p_p: *mut uint8_t,
+ p_q: *mut uint8_t,
+ p_dmp1: *mut uint8_t,
+ p_dmq1: *mut uint8_t,
+ p_iqmp: *mut uint8_t,
+ ) -> sgx_status_t;
- pub fn sgx_rsa_priv_decrypt_sha256(rsa_key: *const c_void,
- pout_data: *mut uint8_t,
- pout_len: *mut size_t,
- pin_data: *const uint8_t,
- pin_len: size_t) -> sgx_status_t;
+ pub fn sgx_rsa_priv_decrypt_sha256(
+ rsa_key: *const c_void,
+ pout_data: *mut uint8_t,
+ pout_len: *mut size_t,
+ pin_data: *const uint8_t,
+ pin_len: size_t,
+ ) -> sgx_status_t;
- pub fn sgx_rsa_pub_encrypt_sha256(rsa_key: *const c_void,
- pout_data: *mut uint8_t,
- pout_len: *mut size_t,
- pin_data: *const uint8_t,
- pin_len: size_t) -> sgx_status_t;
+ pub fn sgx_rsa_pub_encrypt_sha256(
+ rsa_key: *const c_void,
+ pout_data: *mut uint8_t,
+ pout_len: *mut size_t,
+ pin_data: *const uint8_t,
+ pin_len: size_t,
+ ) -> sgx_status_t;
- pub fn sgx_create_rsa_priv2_key(mod_size: int32_t,
- exp_size: int32_t,
- p_rsa_key_e: *const uint8_t,
- p_rsa_key_p: *const uint8_t,
- p_rsa_key_q: *const uint8_t,
- p_rsa_key_dmp1: *const uint8_t,
- p_rsa_key_dmq1: *const uint8_t,
- p_rsa_key_iqmp: *const uint8_t,
- new_pri_key2: *mut *mut c_void) -> sgx_status_t;
-
+ pub fn sgx_create_rsa_priv2_key(
+ mod_size: int32_t,
+ exp_size: int32_t,
+ p_rsa_key_e: *const uint8_t,
+ p_rsa_key_p: *const uint8_t,
+ p_rsa_key_q: *const uint8_t,
+ p_rsa_key_dmp1: *const uint8_t,
+ p_rsa_key_dmq1: *const uint8_t,
+ p_rsa_key_iqmp: *const uint8_t,
+ new_pri_key2: *mut *mut c_void,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.6 */
- pub fn sgx_create_rsa_priv1_key(n_byte_size: int32_t,
- e_byte_size: int32_t,
- d_byte_size: int32_t,
- le_n: *const uint8_t,
- le_e: *const uint8_t,
- le_d: *const uint8_t,
- new_pri_key1: *mut *mut c_void) -> sgx_status_t;
+ pub fn sgx_create_rsa_priv1_key(
+ n_byte_size: int32_t,
+ e_byte_size: int32_t,
+ d_byte_size: int32_t,
+ le_n: *const uint8_t,
+ le_e: *const uint8_t,
+ le_d: *const uint8_t,
+ new_pri_key1: *mut *mut c_void,
+ ) -> sgx_status_t;
- pub fn sgx_create_rsa_pub1_key(mod_size: int32_t,
- exp_size: int32_t,
- le_n: *const uint8_t,
- le_e: *const uint8_t,
- new_pub_key1: *mut *mut c_void) -> sgx_status_t;
+ pub fn sgx_create_rsa_pub1_key(
+ mod_size: int32_t,
+ exp_size: int32_t,
+ le_n: *const uint8_t,
+ le_e: *const uint8_t,
+ new_pub_key1: *mut *mut c_void,
+ ) -> sgx_status_t;
- pub fn sgx_free_rsa_key(p_rsa_key: *const c_void,
- key_type: sgx_rsa_key_type_t,
- mod_size: int32_t,
- exp_size: int32_t) -> sgx_status_t;
+ pub fn sgx_free_rsa_key(
+ p_rsa_key: *const c_void,
+ key_type: sgx_rsa_key_type_t,
+ mod_size: int32_t,
+ exp_size: int32_t,
+ ) -> sgx_status_t;
- pub fn sgx_calculate_ecdsa_priv_key(hash_drg: *const uint8_t,
- hash_drg_len: int32_t,
- sgx_nistp256_r_m1: *const uint8_t,
- sgx_nistp256_r_m1_len: int32_t,
- out_key: *mut uint8_t,
- out_key_len: int32_t) -> sgx_status_t;
+ pub fn sgx_calculate_ecdsa_priv_key(
+ hash_drg: *const uint8_t,
+ hash_drg_len: int32_t,
+ sgx_nistp256_r_m1: *const uint8_t,
+ sgx_nistp256_r_m1_len: int32_t,
+ out_key: *mut uint8_t,
+ out_key_len: int32_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.3 */
- pub fn sgx_ecc256_calculate_pub_from_priv(p_att_priv_key: *const sgx_ec256_private_t,
- p_att_pub_key: *mut sgx_ec256_public_t) -> sgx_status_t;
-
+ pub fn sgx_ecc256_calculate_pub_from_priv(
+ p_att_priv_key: *const sgx_ec256_private_t,
+ p_att_pub_key: *mut sgx_ec256_public_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.4 */
- pub fn sgx_aes_gcm128_enc_init(p_key: *const uint8_t,
- p_iv: *const uint8_t,
- iv_len: uint32_t,
- p_aad: *const uint8_t,
- aad_len: uint32_t,
- aes_gcm_state: *mut sgx_aes_state_handle_t) -> sgx_status_t;
- pub fn sgx_aes_gcm128_enc_get_mac(mac: *mut uint8_t, aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t;
+ pub fn sgx_aes_gcm128_enc_init(
+ p_key: *const uint8_t,
+ p_iv: *const uint8_t,
+ iv_len: uint32_t,
+ p_aad: *const uint8_t,
+ aad_len: uint32_t,
+ aes_gcm_state: *mut sgx_aes_state_handle_t,
+ ) -> sgx_status_t;
+ pub fn sgx_aes_gcm128_enc_get_mac(
+ mac: *mut uint8_t,
+ aes_gcm_state: sgx_aes_state_handle_t,
+ ) -> sgx_status_t;
pub fn sgx_aes_gcm_close(aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t;
- pub fn sgx_aes_gcm128_enc_update(p_src: *const uint8_t,
- src_len: uint32_t,
- p_dst: *mut uint8_t,
- aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t;
+ pub fn sgx_aes_gcm128_enc_update(
+ p_src: *const uint8_t,
+ src_len: uint32_t,
+ p_dst: *mut uint8_t,
+ aes_gcm_state: sgx_aes_state_handle_t,
+ ) -> sgx_status_t;
}
//#[link(name = "sgx_tkey_exchange")]
@@ -418,17 +605,29 @@
//
// sgx_tkey_exchange.h
//
- pub fn sgx_ra_init(p_pub_key: *const sgx_ec256_public_t, b_pse: int32_t, p_context: *mut sgx_ra_context_t) -> sgx_status_t;
- pub fn sgx_ra_init_ex(p_pub_key: *const sgx_ec256_public_t,
- b_pse: int32_t,
- derive_key_cb: sgx_ra_derive_secret_keys_t,
- p_context: *mut sgx_ra_context_t) -> sgx_status_t;
- pub fn sgx_ra_get_keys(context: sgx_ra_context_t,
- keytype: sgx_ra_key_type_t,
- p_key: *mut sgx_ra_key_128_t) -> sgx_status_t;
+ pub fn sgx_ra_init(
+ p_pub_key: *const sgx_ec256_public_t,
+ b_pse: int32_t,
+ p_context: *mut sgx_ra_context_t,
+ ) -> sgx_status_t;
+ pub fn sgx_ra_init_ex(
+ p_pub_key: *const sgx_ec256_public_t,
+ b_pse: int32_t,
+ derive_key_cb: sgx_ra_derive_secret_keys_t,
+ p_context: *mut sgx_ra_context_t,
+ ) -> sgx_status_t;
+ pub fn sgx_ra_get_keys(
+ context: sgx_ra_context_t,
+ keytype: sgx_ra_key_type_t,
+ p_key: *mut sgx_ra_key_128_t,
+ ) -> sgx_status_t;
pub fn sgx_ra_close(context: sgx_ra_context_t) -> sgx_status_t;
- pub fn sgx_ra_get_ga(eid: sgx_enclave_id_t, retval: *mut sgx_status_t,
- context: sgx_ra_context_t, g_a: *mut sgx_ec256_public_t) -> sgx_status_t;
+ pub fn sgx_ra_get_ga(
+ eid: sgx_enclave_id_t,
+ retval: *mut sgx_status_t,
+ context: sgx_ra_context_t,
+ g_a: *mut sgx_ec256_public_t,
+ ) -> sgx_status_t;
}
//#[link(name = "sgx_trts")]
@@ -442,11 +641,17 @@
/* intel sgx sdk 2.1.2 */
pub fn sgx_is_enclave_crashed() -> int32_t;
+ /* intel sgx sdk 2.16 */
+ pub fn sgx_rdpkru(val: *mut uint32_t) -> int32_t;
+ pub fn sgx_wrpkru(val: uint32_t) -> int32_t;
+
//
// sgx_trts_exception.h
//
- pub fn sgx_register_exception_handler(is_first_handler: uint32_t,
- exception_handler: sgx_exception_handler_t) -> *const c_void;
+ pub fn sgx_register_exception_handler(
+ is_first_handler: uint32_t,
+ exception_handler: sgx_exception_handler_t,
+ ) -> *const c_void;
pub fn sgx_unregister_exception_handler(handler: *const c_void) -> uint32_t;
//
@@ -461,32 +666,48 @@
//
// sgx_uae_epid.h
//
- pub fn sgx_init_quote(p_target_info: *mut sgx_target_info_t, p_gid: *mut sgx_epid_group_id_t) -> sgx_status_t;
+ pub fn sgx_init_quote(
+ p_target_info: *mut sgx_target_info_t,
+ p_gid: *mut sgx_epid_group_id_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 1.9 */
- pub fn sgx_calc_quote_size(p_sig_rl: *const uint8_t, sig_rl_size: uint32_t, p_quote_size: *mut uint32_t) -> sgx_status_t;
- pub fn sgx_get_quote_size(p_sig_rl: *const uint8_t, p_quote_size: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_calc_quote_size(
+ p_sig_rl: *const uint8_t,
+ sig_rl_size: uint32_t,
+ p_quote_size: *mut uint32_t,
+ ) -> sgx_status_t;
+ pub fn sgx_get_quote_size(
+ p_sig_rl: *const uint8_t,
+ p_quote_size: *mut uint32_t,
+ ) -> sgx_status_t;
- pub fn sgx_get_quote(p_report: *const sgx_report_t,
- quote_type: sgx_quote_sign_type_t,
- p_spid: *const sgx_spid_t,
- p_nonce: *const sgx_quote_nonce_t,
- p_sig_rl: *const uint8_t,
- sig_rl_size: uint32_t,
- p_qe_report: *mut sgx_report_t,
- p_quote: *mut sgx_quote_t,
- quote_size: uint32_t) -> sgx_status_t;
+ pub fn sgx_get_quote(
+ p_report: *const sgx_report_t,
+ quote_type: sgx_quote_sign_type_t,
+ p_spid: *const sgx_spid_t,
+ p_nonce: *const sgx_quote_nonce_t,
+ p_sig_rl: *const uint8_t,
+ sig_rl_size: uint32_t,
+ p_qe_report: *mut sgx_report_t,
+ p_quote: *mut sgx_quote_t,
+ quote_size: uint32_t,
+ ) -> sgx_status_t;
pub fn sgx_get_extended_epid_group_id(p_extended_epid_group_id: *mut uint32_t) -> sgx_status_t;
- pub fn sgx_report_attestation_status(p_platform_info: *const sgx_platform_info_t,
- attestation_status: int32_t,
- p_update_info: *mut sgx_update_info_bit_t) -> sgx_status_t;
+ pub fn sgx_report_attestation_status(
+ p_platform_info: *const sgx_platform_info_t,
+ attestation_status: int32_t,
+ p_update_info: *mut sgx_update_info_bit_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.6 */
- pub fn sgx_check_update_status(p_platform_info: *const sgx_platform_info_t,
- p_update_info: *mut sgx_update_info_bit_t,
- config: uint32_t,
- p_status: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_check_update_status(
+ p_platform_info: *const sgx_platform_info_t,
+ p_update_info: *mut sgx_update_info_bit_t,
+ config: uint32_t,
+ p_status: *mut uint32_t,
+ ) -> sgx_status_t;
}
//#[link(name = "sgx_launch")]
@@ -499,8 +720,10 @@
pub fn sgx_get_whitelist(p_whitelist: *mut uint8_t, whitelist_size: uint32_t) -> sgx_status_t;
/* intel sgx sdk 2.1 */
- pub fn sgx_register_wl_cert_chain(p_wl_cert_chain: *const uint8_t,
- wl_cert_chain_size: uint32_t) -> sgx_status_t;
+ pub fn sgx_register_wl_cert_chain(
+ p_wl_cert_chain: *const uint8_t,
+ wl_cert_chain_size: uint32_t,
+ ) -> sgx_status_t;
}
//#[link(name = "sgx_platform")]
@@ -518,27 +741,38 @@
//
/* intel sgx sdk 2.5 */
- pub fn sgx_select_att_key_id(p_att_key_id_list: *const uint8_t,
- att_key_id_list_size: uint32_t,
- pp_selected_key_id: *mut sgx_att_key_id_t) -> sgx_status_t;
+ pub fn sgx_select_att_key_id(
+ p_att_key_id_list: *const uint8_t,
+ att_key_id_list_size: uint32_t,
+ pp_selected_key_id: *mut sgx_att_key_id_t,
+ ) -> sgx_status_t;
- pub fn sgx_init_quote_ex(p_att_key_id: *const sgx_att_key_id_t,
- p_qe_target_info: *mut sgx_target_info_t,
- p_pub_key_id_size: *mut size_t,
- p_pub_key_id: *mut uint8_t) -> sgx_status_t;
+ pub fn sgx_init_quote_ex(
+ p_att_key_id: *const sgx_att_key_id_t,
+ p_qe_target_info: *mut sgx_target_info_t,
+ p_pub_key_id_size: *mut size_t,
+ p_pub_key_id: *mut uint8_t,
+ ) -> sgx_status_t;
- pub fn sgx_get_quote_size_ex(p_att_key_id: *const sgx_att_key_id_t, p_quote_size: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_get_quote_size_ex(
+ p_att_key_id: *const sgx_att_key_id_t,
+ p_quote_size: *mut uint32_t,
+ ) -> sgx_status_t;
- pub fn sgx_get_quote_ex(p_app_report: *const sgx_report_t,
- p_att_key_id: *const sgx_att_key_id_t,
- p_qe_report_info: *mut sgx_qe_report_info_t,
- p_quote: *mut uint8_t,
- quote_size: uint32_t) -> sgx_status_t;
+ pub fn sgx_get_quote_ex(
+ p_app_report: *const sgx_report_t,
+ p_att_key_id: *const sgx_att_key_id_t,
+ p_qe_report_info: *mut sgx_qe_report_info_t,
+ p_quote: *mut uint8_t,
+ quote_size: uint32_t,
+ ) -> sgx_status_t;
- /* intel sgx sdk 2.9.1 */
- pub fn sgx_get_supported_att_key_id_num(p_att_key_id_num: *mut uint32_t) -> sgx_status_t;
- pub fn sgx_get_supported_att_key_ids(p_att_key_id_list: *mut sgx_att_key_id_ext_t,
- att_key_id_num: uint32_t) -> sgx_status_t;
+ /* intel sgx sdk 2.9.1 */
+ pub fn sgx_get_supported_att_key_id_num(p_att_key_id_num: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_get_supported_att_key_ids(
+ p_att_key_id_list: *mut sgx_att_key_id_ext_t,
+ att_key_id_num: uint32_t,
+ ) -> sgx_status_t;
}
//#[link(name = "sgx_uae_service")]
@@ -557,86 +791,105 @@
//
// sgx_ukey_exchange.h
//
- pub fn sgx_ra_get_msg1(context: sgx_ra_context_t,
- eid: sgx_enclave_id_t,
- p_get_ga: sgx_ecall_get_ga_trusted_t,
- p_msg1: *mut sgx_ra_msg1_t) -> sgx_status_t;
+ pub fn sgx_ra_get_msg1(
+ context: sgx_ra_context_t,
+ eid: sgx_enclave_id_t,
+ p_get_ga: sgx_ecall_get_ga_trusted_t,
+ p_msg1: *mut sgx_ra_msg1_t,
+ ) -> sgx_status_t;
- pub fn sgx_ra_proc_msg2(context: sgx_ra_context_t,
- eid: sgx_enclave_id_t,
- p_proc_msg2: sgx_ecall_proc_msg2_trusted_t,
- p_get_msg3: sgx_ecall_get_msg3_trusted_t,
- p_msg2: *const sgx_ra_msg2_t,
- msg2_size: uint32_t,
- pp_msg3: *mut *mut sgx_ra_msg3_t,
- p_msg3_size: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_ra_proc_msg2(
+ context: sgx_ra_context_t,
+ eid: sgx_enclave_id_t,
+ p_proc_msg2: sgx_ecall_proc_msg2_trusted_t,
+ p_get_msg3: sgx_ecall_get_msg3_trusted_t,
+ p_msg2: *const sgx_ra_msg2_t,
+ msg2_size: uint32_t,
+ pp_msg3: *mut *mut sgx_ra_msg3_t,
+ p_msg3_size: *mut uint32_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.5 */
- pub fn sgx_ra_get_msg1_ex(p_att_key_id: *const sgx_att_key_id_t,
- context: sgx_ra_context_t,
- eid: sgx_enclave_id_t,
- p_get_ga: sgx_ecall_get_ga_trusted_t,
- p_msg1: *mut sgx_ra_msg1_t) -> sgx_status_t;
+ pub fn sgx_ra_get_msg1_ex(
+ p_att_key_id: *const sgx_att_key_id_t,
+ context: sgx_ra_context_t,
+ eid: sgx_enclave_id_t,
+ p_get_ga: sgx_ecall_get_ga_trusted_t,
+ p_msg1: *mut sgx_ra_msg1_t,
+ ) -> sgx_status_t;
- pub fn sgx_ra_proc_msg2_ex(p_att_key_id: *const sgx_att_key_id_t,
- context: sgx_ra_context_t,
- eid: sgx_enclave_id_t,
- p_proc_msg2: sgx_ecall_proc_msg2_trusted_t,
- p_get_msg3: sgx_ecall_get_msg3_trusted_t,
- p_msg2: *const sgx_ra_msg2_t,
- msg2_size: uint32_t,
- pp_msg3: *mut *mut sgx_ra_msg3_t,
- p_msg3_size: *mut uint32_t) -> sgx_status_t;
+ pub fn sgx_ra_proc_msg2_ex(
+ p_att_key_id: *const sgx_att_key_id_t,
+ context: sgx_ra_context_t,
+ eid: sgx_enclave_id_t,
+ p_proc_msg2: sgx_ecall_proc_msg2_trusted_t,
+ p_get_msg3: sgx_ecall_get_msg3_trusted_t,
+ p_msg2: *const sgx_ra_msg2_t,
+ msg2_size: uint32_t,
+ pp_msg3: *mut *mut sgx_ra_msg3_t,
+ p_msg3_size: *mut uint32_t,
+ ) -> sgx_status_t;
}
-
//#[link(name = "sgx_urts")]
extern "C" {
//
// sgx_urts.h
//
- pub fn sgx_create_enclave(file_name: *const c_char,
- debug: int32_t,
- launch_token: *mut sgx_launch_token_t,
- launch_token_updated: *mut int32_t,
- enclave_id: *mut sgx_enclave_id_t,
- misc_attr: *mut sgx_misc_attribute_t) -> sgx_status_t;
+ pub fn sgx_create_enclave(
+ file_name: *const c_char,
+ debug: int32_t,
+ launch_token: *mut sgx_launch_token_t,
+ launch_token_updated: *mut int32_t,
+ enclave_id: *mut sgx_enclave_id_t,
+ misc_attr: *mut sgx_misc_attribute_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.1.3 */
- pub fn sgx_create_encrypted_enclave(file_name: *const c_char,
- debug: int32_t,
- launch_token: *mut sgx_launch_token_t,
- launch_token_updated: *mut int32_t,
- enclave_id: *mut sgx_enclave_id_t,
- misc_attr: *mut sgx_misc_attribute_t,
- sealed_key: *const uint8_t) -> sgx_status_t;
+ pub fn sgx_create_encrypted_enclave(
+ file_name: *const c_char,
+ debug: int32_t,
+ launch_token: *mut sgx_launch_token_t,
+ launch_token_updated: *mut int32_t,
+ enclave_id: *mut sgx_enclave_id_t,
+ misc_attr: *mut sgx_misc_attribute_t,
+ sealed_key: *const uint8_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.2 */
- pub fn sgx_create_enclave_ex(file_name: *const c_char,
- debug: int32_t,
- launch_token: *mut sgx_launch_token_t,
- launch_token_updated: *mut int32_t,
- enclave_id: *mut sgx_enclave_id_t,
- misc_attr: *mut sgx_misc_attribute_t,
- ex_features: uint32_t,
- ex_features_p: *const [*const c_void; 32]) -> sgx_status_t;
+ pub fn sgx_create_enclave_ex(
+ file_name: *const c_char,
+ debug: int32_t,
+ launch_token: *mut sgx_launch_token_t,
+ launch_token_updated: *mut int32_t,
+ enclave_id: *mut sgx_enclave_id_t,
+ misc_attr: *mut sgx_misc_attribute_t,
+ ex_features: uint32_t,
+ ex_features_p: *const [*const c_void; 32],
+ ) -> sgx_status_t;
/* intel sgx sdk 2.4 */
- pub fn sgx_create_enclave_from_buffer_ex(buffer: *const uint8_t,
- buffer_size: size_t,
- debug: int32_t,
- enclave_id: *mut sgx_enclave_id_t,
- misc_attr: *mut sgx_misc_attribute_t,
- ex_features: uint32_t,
- ex_features_p: *const [*const c_void; 32]) -> sgx_status_t;
+ pub fn sgx_create_enclave_from_buffer_ex(
+ buffer: *const uint8_t,
+ buffer_size: size_t,
+ debug: int32_t,
+ enclave_id: *mut sgx_enclave_id_t,
+ misc_attr: *mut sgx_misc_attribute_t,
+ ex_features: uint32_t,
+ ex_features_p: *const [*const c_void; 32],
+ ) -> sgx_status_t;
pub fn sgx_destroy_enclave(enclave_id: sgx_enclave_id_t) -> sgx_status_t;
/* intel sgx sdk 2.4 */
- pub fn sgx_get_target_info(enclave_id: sgx_enclave_id_t, target_info: *mut sgx_target_info_t) -> sgx_status_t;
+ pub fn sgx_get_target_info(
+ enclave_id: sgx_enclave_id_t,
+ target_info: *mut sgx_target_info_t,
+ ) -> sgx_status_t;
/* intel sgx sdk 2.9.1 */
- pub fn sgx_get_metadata(enclave_file: *const c_char, metadata: *mut metadata_t) -> sgx_status_t;
+ pub fn sgx_get_metadata(enclave_file: *const c_char, metadata: *mut metadata_t)
+ -> sgx_status_t;
}
/* intel sgx sdk 1.9 */
@@ -645,21 +898,17 @@
//
// sgx_tprotected_fs.h
//
- pub fn sgx_fopen(filename: *const c_char,
- mode: *const c_char,
- key: *const sgx_key_128bit_t) -> SGX_FILE;
+ pub fn sgx_fopen(
+ filename: *const c_char,
+ mode: *const c_char,
+ key: *const sgx_key_128bit_t,
+ ) -> SGX_FILE;
pub fn sgx_fopen_auto_key(filename: *const c_char, mode: *const c_char) -> SGX_FILE;
- pub fn sgx_fwrite(ptr: *const c_void,
- size: size_t,
- count: size_t,
- stream: SGX_FILE) -> size_t;
+ pub fn sgx_fwrite(ptr: *const c_void, size: size_t, count: size_t, stream: SGX_FILE) -> size_t;
- pub fn sgx_fread(ptr: *mut c_void,
- size: size_t,
- count: size_t,
- stream: SGX_FILE) -> size_t;
+ pub fn sgx_fread(ptr: *mut c_void, size: size_t, count: size_t, stream: SGX_FILE) -> size_t;
pub fn sgx_ftell(stream: SGX_FILE) -> int64_t;
pub fn sgx_fseek(stream: SGX_FILE, offset: int64_t, origin: int32_t) -> int32_t;
@@ -691,27 +940,36 @@
// sgx_pce.h
//
pub fn sgx_set_pce_enclave_load_policy(policy: sgx_ql_request_policy_t) -> sgx_pce_error_t;
- pub fn sgx_pce_get_target(p_pce_target: *mut sgx_target_info_t, p_pce_isv_svn: *mut sgx_isv_svn_t) -> sgx_pce_error_t;
- pub fn sgx_get_pce_info(p_report: *const sgx_report_t,
- p_public_key: *const uint8_t,
- key_size: uint32_t,
- crypto_suite: uint8_t,
- p_encrypted_ppid: *mut uint8_t,
- encrypted_ppid_buf_size: uint32_t,
- p_encrypted_ppid_out_size: *mut uint32_t,
- p_pce_isv_svn: *mut sgx_isv_svn_t,
- p_pce_id: *mut uint16_t,
- p_signature_scheme: *mut uint8_t) -> sgx_pce_error_t;
- pub fn sgx_pce_sign_report(isv_svn: *const sgx_isv_svn_t,
- cpu_svn: *const sgx_cpu_svn_t,
- p_report: *const sgx_report_t,
- p_signature: *mut uint8_t,
- signature_buf_size: uint32_t,
- p_signature_out_size: *mut uint32_t) -> sgx_pce_error_t;
+ pub fn sgx_pce_get_target(
+ p_pce_target: *mut sgx_target_info_t,
+ p_pce_isv_svn: *mut sgx_isv_svn_t,
+ ) -> sgx_pce_error_t;
+ pub fn sgx_get_pce_info(
+ p_report: *const sgx_report_t,
+ p_public_key: *const uint8_t,
+ key_size: uint32_t,
+ crypto_suite: uint8_t,
+ p_encrypted_ppid: *mut uint8_t,
+ encrypted_ppid_buf_size: uint32_t,
+ p_encrypted_ppid_out_size: *mut uint32_t,
+ p_pce_isv_svn: *mut sgx_isv_svn_t,
+ p_pce_id: *mut uint16_t,
+ p_signature_scheme: *mut uint8_t,
+ ) -> sgx_pce_error_t;
+ pub fn sgx_pce_sign_report(
+ isv_svn: *const sgx_isv_svn_t,
+ cpu_svn: *const sgx_cpu_svn_t,
+ p_report: *const sgx_report_t,
+ p_signature: *mut uint8_t,
+ signature_buf_size: uint32_t,
+ p_signature_out_size: *mut uint32_t,
+ ) -> sgx_pce_error_t;
/* intel DCAP 1.5 */
- pub fn sgx_get_pce_info_without_ppid(p_pce_isvsvn: *mut sgx_isv_svn_t,
- p_pce_id: *mut uint16_t) -> sgx_pce_error_t;
+ pub fn sgx_get_pce_info_without_ppid(
+ p_pce_isvsvn: *mut sgx_isv_svn_t,
+ p_pce_id: *mut uint16_t,
+ ) -> sgx_pce_error_t;
}
//#[link(name = "sgx_dcap_ql")]
@@ -722,11 +980,18 @@
pub fn sgx_qe_set_enclave_load_policy(policy: sgx_ql_request_policy_t) -> sgx_quote3_error_t;
pub fn sgx_qe_get_target_info(p_qe_target_info: *mut sgx_target_info_t) -> sgx_quote3_error_t;
pub fn sgx_qe_get_quote_size(p_quote_size: *mut uint32_t) -> sgx_quote3_error_t;
- pub fn sgx_qe_get_quote(p_app_report: *const sgx_report_t, quote_size: uint32_t, p_quote: *mut uint8_t) -> sgx_quote3_error_t;
+ pub fn sgx_qe_get_quote(
+ p_app_report: *const sgx_report_t,
+ quote_size: uint32_t,
+ p_quote: *mut uint8_t,
+ ) -> sgx_quote3_error_t;
pub fn sgx_qe_cleanup_by_policy() -> sgx_quote3_error_t;
/* intel DCAP 1.6 */
- pub fn sgx_ql_set_path(path_type: sgx_ql_path_type_t, p_path: *const c_char) -> sgx_quote3_error_t;
+ pub fn sgx_ql_set_path(
+ path_type: sgx_ql_path_type_t,
+ p_path: *const c_char,
+ ) -> sgx_quote3_error_t;
}
//#[link(name = "dcap_quoteprov")]
@@ -734,21 +999,45 @@
//
// sgx_default_quote_provider.h
//
- pub fn sgx_ql_get_quote_config(p_pck_cert_id: *const sgx_ql_pck_cert_id_t, pp_quote_config: *mut *mut sgx_ql_config_t) -> sgx_quote3_error_t;
+ pub fn sgx_ql_get_quote_config(
+ p_pck_cert_id: *const sgx_ql_pck_cert_id_t,
+ pp_quote_config: *mut *mut sgx_ql_config_t,
+ ) -> sgx_quote3_error_t;
pub fn sgx_ql_free_quote_config(p_quote_config: *const sgx_ql_config_t) -> sgx_quote3_error_t;
- pub fn sgx_ql_get_quote_verification_collateral(fmspc: *const uint8_t,
- fmspc_size: uint16_t,
- pck_ra: *const c_char,
- pp_quote_collateral: *mut *mut sgx_ql_qve_collateral_t) -> sgx_quote3_error_t;
- pub fn sgx_ql_free_quote_verification_collateral(p_quote_collateral: *const sgx_ql_qve_collateral_t) -> sgx_quote3_error_t;
- pub fn sgx_ql_get_qve_identity(pp_qve_identity: *mut *mut c_char,
- p_qve_identity_size: *mut uint32_t,
- pp_qve_identity_issuer_chain: *mut *mut c_char,
- p_qve_identity_issuer_chain_size: *mut uint32_t) -> sgx_quote3_error_t;
- pub fn sgx_ql_free_qve_identity(p_qve_identity: *const c_char, p_qve_identity_issuer_chain: *const c_char) -> sgx_quote3_error_t;
+ pub fn sgx_ql_get_quote_verification_collateral(
+ fmspc: *const uint8_t,
+ fmspc_size: uint16_t,
+ pck_ra: *const c_char,
+ pp_quote_collateral: *mut *mut sgx_ql_qve_collateral_t,
+ ) -> sgx_quote3_error_t;
+ /* intel DCAP 1.13 */
+ pub fn sgx_ql_get_quote_verification_collateral_with_params(
+ fmspc: *const uint8_t,
+ fmspc_size: u16,
+ pck_ra: *const c_char,
+ custom_param: *const c_void,
+ custom_param_length: uint16_t,
+ pp_quote_collateral: *mut *mut sgx_ql_qve_collateral_t,
+ ) -> sgx_quote3_error_t;
+ pub fn sgx_ql_free_quote_verification_collateral(
+ p_quote_collateral: *const sgx_ql_qve_collateral_t,
+ ) -> sgx_quote3_error_t;
+ pub fn sgx_ql_get_qve_identity(
+ pp_qve_identity: *mut *mut c_char,
+ p_qve_identity_size: *mut uint32_t,
+ pp_qve_identity_issuer_chain: *mut *mut c_char,
+ p_qve_identity_issuer_chain_size: *mut uint32_t,
+ ) -> sgx_quote3_error_t;
+ pub fn sgx_ql_free_qve_identity(
+ p_qve_identity: *const c_char,
+ p_qve_identity_issuer_chain: *const c_char,
+ ) -> sgx_quote3_error_t;
/* intel DCAP 1.4 */
- pub fn sgx_ql_get_root_ca_crl(pp_root_ca_crl: *mut *mut uint8_t, p_root_ca_crl_size: *mut uint16_t) -> sgx_quote3_error_t;
+ pub fn sgx_ql_get_root_ca_crl(
+ pp_root_ca_crl: *mut *mut uint8_t,
+ p_root_ca_crl_size: *mut uint16_t,
+ ) -> sgx_quote3_error_t;
pub fn sgx_ql_free_root_ca_crl(p_root_ca_crl: *const uint8_t) -> sgx_quote3_error_t;
/* intel DCAP 2.14 */
pub fn sgx_ql_set_logging_callback(logger: sgx_ql_logging_callback_t) -> sgx_quote3_error_t;
@@ -759,27 +1048,65 @@
//
// sgx_default_qcnl_wrapper.h
//
- pub fn sgx_qcnl_get_pck_cert_chain(p_pck_cert_id: *const sgx_ql_pck_cert_id_t, pp_quote_config: *mut *mut sgx_ql_config_t) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_get_pck_cert_chain(
+ p_pck_cert_id: *const sgx_ql_pck_cert_id_t,
+ pp_quote_config: *mut *mut sgx_ql_config_t,
+ ) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_pck_cert_chain(p_quote_config: *const sgx_ql_config_t);
- pub fn sgx_qcnl_get_pck_crl_chain(ca: *const c_char, ca_size: uint16_t, p_crl_chain: *mut *mut uint8_t, p_crl_chain_size: *mut uint16_t) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_get_pck_crl_chain(
+ ca: *const c_char,
+ ca_size: uint16_t,
+ custom_param_b64_string: *const c_char,
+ p_crl_chain: *mut *mut uint8_t,
+ p_crl_chain_size: *mut uint16_t,
+ ) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_pck_crl_chain(p_crl_chain: *const uint8_t);
- pub fn sgx_qcnl_get_tcbinfo(fmspc: *const c_char, fmspc_size: uint16_t, p_tcbinfo: *mut *mut uint8_t, p_tcbinfo_size: *mut uint16_t) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_get_tcbinfo(
+ fmspc: *const c_char,
+ fmspc_size: uint16_t,
+ custom_param_b64_string: *const c_char,
+ p_tcbinfo: *mut *mut uint8_t,
+ p_tcbinfo_size: *mut uint16_t,
+ ) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_tcbinfo(p_tcbinfo: *const uint8_t);
- pub fn sgx_qcnl_get_qe_identity(qe_type: uint8_t, p_qe_identity: *mut *mut uint8_t, p_qe_identity_size: *mut uint16_t) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_get_qe_identity(
+ qe_type: uint8_t,
+ custom_param_b64_string: *const c_char,
+ p_qe_identity: *mut *mut uint8_t,
+ p_qe_identity_size: *mut uint16_t,
+ ) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_qe_identity(p_qe_identity: *const uint8_t);
- pub fn sgx_qcnl_get_qve_identity(pp_qve_identity: *mut *mut c_char,
- p_qve_identity_size: *mut uint32_t,
- pp_qve_identity_issuer_chain: *mut *mut c_char,
- p_qve_identity_issuer_chain_size: *mut uint32_t) -> sgx_qcnl_error_t;
- pub fn sgx_qcnl_free_qve_identity(p_qve_identity: *const c_char, p_qve_identity_issuer_chain: *const c_char);
- pub fn sgx_qcnl_get_root_ca_crl(root_ca_cdp_url: *const c_char, p_root_ca_crl: *mut *mut uint8_t, p_root_ca_cal_size: *mut uint16_t) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_get_qve_identity(
+ custom_param_b64_string: *const c_char,
+ pp_qve_identity: *mut *mut c_char,
+ p_qve_identity_size: *mut uint32_t,
+ pp_qve_identity_issuer_chain: *mut *mut c_char,
+ p_qve_identity_issuer_chain_size: *mut uint32_t,
+ ) -> sgx_qcnl_error_t;
+ pub fn sgx_qcnl_free_qve_identity(
+ p_qve_identity: *const c_char,
+ p_qve_identity_issuer_chain: *const c_char,
+ );
+ pub fn sgx_qcnl_get_root_ca_crl(
+ root_ca_cdp_url: *const c_char,
+ custom_param_b64_string: *const c_char,
+ p_root_ca_crl: *mut *mut uint8_t,
+ p_root_ca_cal_size: *mut uint16_t,
+ ) -> sgx_qcnl_error_t;
pub fn sgx_qcnl_free_root_ca_crl(p_root_ca_crl: *const uint8_t);
- pub fn sgx_qcnl_register_platform(p_pck_cert_id: *const sgx_ql_pck_cert_id_t,
- platform_manifest: *const uint8_t,
- platform_manifest_size: uint16_t,
- user_token: *const uint8_t,
- user_token_size: uint16_t) -> sgx_qcnl_error_t;
- pub fn sgx_qcnl_get_api_version() -> uint32_t;
+ /* intel DCAP 1.13 */
+ pub fn sgx_qcnl_get_api_version(p_major_ver: *mut uint16_t, p_minor_ver: *mut uint16_t)
+ -> bool;
+ pub fn sgx_qcnl_set_logging_callback(logger: sgx_ql_logging_callback_t) -> sgx_qcnl_error_t;
+
+ /* intel DCAP 1.13 delete */
+ // pub fn sgx_qcnl_register_platform(
+ // p_pck_cert_id: *const sgx_ql_pck_cert_id_t,
+ // platform_manifest: *const uint8_t,
+ // platform_manifest_size: uint16_t,
+ // user_token: *const uint8_t,
+ // user_token_size: uint16_t,
+ // ) -> sgx_qcnl_error_t;
}
//#[link(name = "dcap_quoteverify")]
@@ -787,32 +1114,59 @@
//
// sgx_dcap_quoteverify.h
//
- pub fn sgx_qv_verify_quote(p_quote: *const uint8_t,
- quote_size: uint32_t,
- p_quote_collateral: *const sgx_ql_qve_collateral_t,
- expiration_check_date: time_t,
- p_collateral_expiration_status: *mut uint32_t,
- p_quote_verification_result: *mut sgx_ql_qv_result_t,
- p_qve_report_info: *mut sgx_ql_qe_report_info_t,
- supplemental_data_size: uint32_t,
- p_supplemental_data: *mut uint8_t) -> sgx_quote3_error_t;
- pub fn sgx_qv_get_quote_supplemental_data_size(p_data_size: *mut uint32_t) -> sgx_quote3_error_t;
+ pub fn sgx_qv_verify_quote(
+ p_quote: *const uint8_t,
+ quote_size: uint32_t,
+ p_quote_collateral: *const sgx_ql_qve_collateral_t,
+ expiration_check_date: time_t,
+ p_collateral_expiration_status: *mut uint32_t,
+ p_quote_verification_result: *mut sgx_ql_qv_result_t,
+ p_qve_report_info: *mut sgx_ql_qe_report_info_t,
+ supplemental_data_size: uint32_t,
+ p_supplemental_data: *mut uint8_t,
+ ) -> sgx_quote3_error_t;
+ pub fn sgx_qv_get_quote_supplemental_data_size(
+ p_data_size: *mut uint32_t,
+ ) -> sgx_quote3_error_t;
pub fn sgx_qv_set_enclave_load_policy(policy: sgx_ql_request_policy_t) -> sgx_quote3_error_t;
/* intel DCAP 1.5 */
- pub fn sgx_qv_get_qve_identity(pp_qveid: *mut *mut uint8_t,
- p_qveid_size: *mut uint32_t,
- pp_qveid_issue_chain: *mut *mut uint8_t,
- p_qveid_issue_chain_size: *mut uint32_t,
- pp_root_ca_crl: *mut *mut uint8_t,
- p_root_ca_crl_size: *mut uint16_t) -> sgx_quote3_error_t;
+ pub fn sgx_qv_get_qve_identity(
+ pp_qveid: *mut *mut uint8_t,
+ p_qveid_size: *mut uint32_t,
+ pp_qveid_issue_chain: *mut *mut uint8_t,
+ p_qveid_issue_chain_size: *mut uint32_t,
+ pp_root_ca_crl: *mut *mut uint8_t,
+ p_root_ca_crl_size: *mut uint16_t,
+ ) -> sgx_quote3_error_t;
- pub fn sgx_qv_free_qve_identity(p_qveid: *const uint8_t,
- p_qveid_issue_chain: *const uint8_t,
- p_root_ca_crl: *const uint8_t) -> sgx_quote3_error_t;
+ pub fn sgx_qv_free_qve_identity(
+ p_qveid: *const uint8_t,
+ p_qveid_issue_chain: *const uint8_t,
+ p_root_ca_crl: *const uint8_t,
+ ) -> sgx_quote3_error_t;
/* intel DCAP 1.6 */
- pub fn sgx_qv_set_path(path_type: sgx_qv_path_type_t, p_path: *const c_char) -> sgx_quote3_error_t;
+ pub fn sgx_qv_set_path(
+ path_type: sgx_qv_path_type_t,
+ p_path: *const c_char,
+ ) -> sgx_quote3_error_t;
+
+ /* intel DCAP 1.13 */
+ pub fn tdx_qv_get_quote_supplemental_data_size(
+ p_data_size: *mut uint32_t,
+ ) -> sgx_quote3_error_t;
+ pub fn tdx_qv_verify_quote(
+ p_quote: *const uint8_t,
+ quote_size: uint32_t,
+ p_quote_collateral: *const tdx_ql_qve_collateral_t,
+ expiration_check_date: time_t,
+ p_collateral_expiration_status: *mut uint32_t,
+ p_quote_verification_result: *mut sgx_ql_qv_result_t,
+ p_qve_report_info: *mut sgx_ql_qe_report_info_t,
+ supplemental_data_size: uint32_t,
+ p_supplemental_data: *mut uint8_t,
+ ) -> sgx_quote3_error_t;
}
/* intel DCAP 1.7 */
@@ -821,13 +1175,61 @@
//
// sgx_dcap_tvl.h
//
- pub fn sgx_tvl_verify_qve_report_and_identity(p_quote: *const uint8_t,
- quote_size: uint32_t,
- p_qve_report_info: *const sgx_ql_qe_report_info_t,
- expiration_check_date: time_t,
- collateral_expiration_status: uint32_t,
- quote_verification_result: sgx_ql_qv_result_t,
- p_supplemental_data: *const uint8_t,
- supplemental_data_size: uint32_t,
- qve_isvsvn_threshold: sgx_isv_svn_t) -> sgx_quote3_error_t;
+ pub fn sgx_tvl_verify_qve_report_and_identity(
+ p_quote: *const uint8_t,
+ quote_size: uint32_t,
+ p_qve_report_info: *const sgx_ql_qe_report_info_t,
+ expiration_check_date: time_t,
+ collateral_expiration_status: uint32_t,
+ quote_verification_result: sgx_ql_qv_result_t,
+ p_supplemental_data: *const uint8_t,
+ supplemental_data_size: uint32_t,
+ qve_isvsvn_threshold: sgx_isv_svn_t,
+ ) -> sgx_quote3_error_t;
+}
+
+/* intel sgx sdk 2.16 */
+//#[link(name = "sgx_ttls")]
+extern "C" {
+ //
+ // sgx_ttls.h
+ //
+ pub fn tee_get_certificate_with_evidence(
+ p_subject_name: *const c_uchar,
+ p_prv_key: *const uint8_t,
+ private_key_size: size_t,
+ p_pub_key: *const uint8_t,
+ public_key_size: size_t,
+ pp_output_cert: *mut *mut uint8_t,
+ p_output_cert_size: *mut size_t,
+ ) -> sgx_quote3_error_t;
+
+ pub fn tee_free_certificate(p_certificate: *mut uint8_t) -> sgx_quote3_error_t;
+
+ pub fn tee_verify_certificate_with_evidence(
+ p_cert_in_der: *const uint8_t,
+ cert_in_der_len: size_t,
+ expiration_check_date: time_t,
+ p_qv_result: *mut sgx_ql_qv_result_t,
+ pp_supplemental_data: *mut *mut uint8_t,
+ p_supplemental_data_size: *mut uint32_t,
+ ) -> sgx_quote3_error_t;
+}
+
+/* intel sgx sdk 2.16 */
+//#[link(name = "sgx_utls")]
+extern "C" {
+ //
+ // sgx_utls.h
+ //
+ pub fn tee_verify_certificate_with_evidence_host(
+ cert_in_der_len: size_t,
+ expiration_check_date: time_t,
+ p_qv_result: *mut sgx_ql_qv_result_t,
+ pp_supplemental_data: *mut *mut uint8_t,
+ p_supplemental_data_size: *mut uint32_t,
+ ) -> sgx_quote3_error_t;
+
+ pub fn tee_free_supplemental_data_host(p_supplemental_data: *mut uint8_t)
+ -> sgx_quote3_error_t;
}
diff --git a/sgx_types/src/metadata.rs b/sgx_types/src/metadata.rs
index 7358359..873cdbb 100644
--- a/sgx_types/src/metadata.rs
+++ b/sgx_types/src/metadata.rs
@@ -76,6 +76,11 @@
/* based on 2.9.1 */
pub const MAJOR_VERSION: u32 = 2;
pub const MINOR_VERSION: u32 = 4;
+
+pub const SGX_2_ELRANGE_MAJOR_VERSION: u32 = 12;
+pub const SGX_1_ELRANGE_MAJOR_VERSION: u32 = 11;
+pub const SGX_MAJOR_VERSION_GAP: u32 = 10;
+
pub const SGX_2_1_MAJOR_VERSION: u32 = 2; //MAJOR_VERSION should not larger than 0ffffffff
pub const SGX_2_1_MINOR_VERSION: u32 = 2; //MINOR_VERSION should not larger than 0ffffffff
pub const SGX_2_0_MAJOR_VERSION: u32 = 2; //MAJOR_VERSION should not larger than 0ffffffff
@@ -99,10 +104,10 @@
pub const SSA_FRAME_SIZE_MAX: u32 = 2;
pub const STACK_SIZE_MIN: u32 = 0x0000_2000; /* 8 KB */
pub const STACK_SIZE_MAX: u32 = 0x0004_0000; /* 256 KB */
-pub const HEAP_SIZE_MIN: u32 = 0x0000_1000; /* 4 KB */
-pub const HEAP_SIZE_MAX: u32 = 0x0100_0000; /* 16 MB */
-pub const RSRV_SIZE_MIN: u32 = 0x0000_0000; /* 0 KB */
-pub const RSRV_SIZE_MAX: u32 = 0x0000_0000; /* 0 KB */
+pub const HEAP_SIZE_MIN: u32 = 0x0000_1000; /* 4 KB */
+pub const HEAP_SIZE_MAX: u32 = 0x0100_0000; /* 16 MB */
+pub const RSRV_SIZE_MIN: u32 = 0x0000_0000; /* 0 KB */
+pub const RSRV_SIZE_MAX: u32 = 0x0000_0000; /* 0 KB */
pub const DEFAULT_MISC_SELECT: u32 = 0;
pub const DEFAULT_MISC_MASK: u32 = 0xFFFF_FFFF;
pub const ISVFAMILYID_MAX: u64 = 0xFFFF_FFFF_FFFF_FFFF;
@@ -235,15 +240,15 @@
/* based on 2.9.1 */
/* arch.h */
pub const SI_FLAG_NONE: u64 = 0x0;
-pub const SI_FLAG_R: u64 = 0x1; /* Read Access */
-pub const SI_FLAG_W: u64 = 0x2; /* Write Access */
-pub const SI_FLAG_X: u64 = 0x4; /* Execute Access */
-pub const SI_FLAG_PT_LOW_BIT: u64 = 0x8; /* PT low bit */
-pub const SI_FLAG_PT_MASK: u64 = 0xFF << SI_FLAG_PT_LOW_BIT; /* Page Type Mask [15:8] */
-pub const SI_FLAG_SECS: u64 = 0x00 << SI_FLAG_PT_LOW_BIT; /* SECS */
-pub const SI_FLAG_TCS: u64 = 0x01 << SI_FLAG_PT_LOW_BIT; /* TCS */
-pub const SI_FLAG_REG: u64 = 0x02 << SI_FLAG_PT_LOW_BIT; /* Regular Page */
-pub const SI_FLAG_TRIM: u64 = 0x04 << SI_FLAG_PT_LOW_BIT; /* Trim Page */
+pub const SI_FLAG_R: u64 = 0x1; /* Read Access */
+pub const SI_FLAG_W: u64 = 0x2; /* Write Access */
+pub const SI_FLAG_X: u64 = 0x4; /* Execute Access */
+pub const SI_FLAG_PT_LOW_BIT: u64 = 0x8; /* PT low bit */
+pub const SI_FLAG_PT_MASK: u64 = 0xFF << SI_FLAG_PT_LOW_BIT; /* Page Type Mask [15:8] */
+pub const SI_FLAG_SECS: u64 = 0x00 << SI_FLAG_PT_LOW_BIT; /* SECS */
+pub const SI_FLAG_TCS: u64 = 0x01 << SI_FLAG_PT_LOW_BIT; /* TCS */
+pub const SI_FLAG_REG: u64 = 0x02 << SI_FLAG_PT_LOW_BIT; /* Regular Page */
+pub const SI_FLAG_TRIM: u64 = 0x04 << SI_FLAG_PT_LOW_BIT; /* Trim Page */
pub const SI_FLAG_PENDING: u64 = 0x8;
pub const SI_FLAG_MODIFIED: u64 = 0x10;
pub const SI_FLAG_PR: u64 = 0x20;
diff --git a/sgx_types/src/types.rs b/sgx_types/src/types.rs
index 78d218f..2f865fb 100644
--- a/sgx_types/src/types.rs
+++ b/sgx_types/src/types.rs
@@ -26,26 +26,28 @@
pub type sgx_misc_select_t = uint32_t;
// Enclave Flags Bit Masks
-pub const SGX_FLAGS_INITTED: uint64_t = 0x0000_0000_0000_0001; //If set, then the enclave is initialized
-pub const SGX_FLAGS_DEBUG: uint64_t = 0x0000_0000_0000_0002; //If set, then the enclave is debug
-pub const SGX_FLAGS_MODE64BIT: uint64_t = 0x0000_0000_0000_0004; //If set, then the enclave is 64 bit
-pub const SGX_FLAGS_PROVISION_KEY: uint64_t = 0x0000_0000_0000_0010; //If set, then the enclave has access to provision key
-pub const SGX_FLAGS_EINITTOKEN_KEY: uint64_t = 0x0000_0000_0000_0020; //If set, then the enclave has access to EINITTOKEN key
-pub const SGX_FLAGS_KSS: uint64_t = 0x0000_0000_0000_0080; //If set enclave uses KSS
-pub const SGX_FLAGS_RESERVED: uint64_t = !(SGX_FLAGS_INITTED
- | SGX_FLAGS_DEBUG
- | SGX_FLAGS_MODE64BIT
- | SGX_FLAGS_PROVISION_KEY
- | SGX_FLAGS_EINITTOKEN_KEY
- | SGX_FLAGS_KSS);
+pub const SGX_FLAGS_INITTED: uint64_t = 0x0000_0000_0000_0001; //If set, then the enclave is initialized
+pub const SGX_FLAGS_DEBUG: uint64_t = 0x0000_0000_0000_0002; //If set, then the enclave is debug
+pub const SGX_FLAGS_MODE64BIT: uint64_t = 0x0000_0000_0000_0004; //If set, then the enclave is 64 bit
+pub const SGX_FLAGS_PROVISION_KEY: uint64_t = 0x0000_0000_0000_0010; //If set, then the enclave has access to provision key
+pub const SGX_FLAGS_EINITTOKEN_KEY: uint64_t = 0x0000_0000_0000_0020; //If set, then the enclave has access to EINITTOKEN key
+pub const SGX_FLAGS_KSS: uint64_t = 0x0000_0000_0000_0080; //If set enclave uses KSS
+pub const SGX_FLAGS_RESERVED: uint64_t = !(SGX_FLAGS_INITTED
+ | SGX_FLAGS_DEBUG
+ | SGX_FLAGS_MODE64BIT
+ | SGX_FLAGS_PROVISION_KEY
+ | SGX_FLAGS_EINITTOKEN_KEY
+ | SGX_FLAGS_KSS);
// XSAVE Feature Request Mask
-pub const SGX_XFRM_LEGACY: uint64_t = 0x0000_0000_0000_0003; //Legacy XFRM
-pub const SGX_XFRM_AVX: uint64_t = 0x0000_0000_0000_0006; // AVX
-pub const SGX_XFRM_AVX512: uint64_t = 0x0000_0000_0000_00E6; // AVX-512 - not supported
-pub const SGX_XFRM_MPX: uint64_t = 0x0000_0000_0000_0018; // MPX - not supported
+pub const SGX_XFRM_LEGACY: uint64_t = 0x0000_0000_0000_0003; //Legacy XFRM
+pub const SGX_XFRM_AVX: uint64_t = 0x0000_0000_0000_0006; // AVX
+pub const SGX_XFRM_AVX512: uint64_t = 0x0000_0000_0000_00E6; // AVX-512 - not supported
+pub const SGX_XFRM_MPX: uint64_t = 0x0000_0000_0000_0018; // MPX - not supported
+pub const SGX_XFRM_PKRU: uint64_t = 0x0000_0000_0000_0200; // PKRU state
-pub const SGX_XFRM_RESERVED: uint64_t = !(SGX_XFRM_LEGACY | SGX_XFRM_AVX);
+pub const SGX_XFRM_RESERVED: uint64_t =
+ !(SGX_XFRM_LEGACY | SGX_XFRM_AVX | SGX_XFRM_AVX512 | SGX_XFRM_PKRU);
impl_struct! {
pub struct sgx_attributes_t {
@@ -62,24 +64,21 @@
//
// tseal_migration_attr.h
//
-pub const FLAGS_NON_SECURITY_BITS: uint64_t = 0x00FF_FFFF_FFFF_FFC0
- | SGX_FLAGS_MODE64BIT
- | SGX_FLAGS_PROVISION_KEY
- | SGX_FLAGS_EINITTOKEN_KEY;
-pub const TSEAL_DEFAULT_FLAGSMASK: uint64_t = !FLAGS_NON_SECURITY_BITS;
-pub const FLAGS_SECURITY_BITS_RESERVED: uint64_t = !(FLAGS_NON_SECURITY_BITS
- | SGX_FLAGS_INITTED
- | SGX_FLAGS_DEBUG
- | SGX_FLAGS_KSS);
-pub const MISC_NON_SECURITY_BITS: uint32_t = 0x0FFF_FFFF;
-pub const TSEAL_DEFAULT_MISCMASK: uint32_t = !MISC_NON_SECURITY_BITS;
-
+pub const FLAGS_NON_SECURITY_BITS: uint64_t = 0x00FF_FFFF_FFFF_FFC0
+ | SGX_FLAGS_MODE64BIT
+ | SGX_FLAGS_PROVISION_KEY
+ | SGX_FLAGS_EINITTOKEN_KEY;
+pub const TSEAL_DEFAULT_FLAGSMASK: uint64_t = !FLAGS_NON_SECURITY_BITS;
+pub const FLAGS_SECURITY_BITS_RESERVED: uint64_t =
+ !(FLAGS_NON_SECURITY_BITS | SGX_FLAGS_INITTED | SGX_FLAGS_DEBUG | SGX_FLAGS_KSS);
+pub const MISC_NON_SECURITY_BITS: uint32_t = 0x0FFF_FFFF;
+pub const TSEAL_DEFAULT_MISCMASK: uint32_t = !MISC_NON_SECURITY_BITS;
//
// sgx_dh.h
//
-pub const SGX_DH_MAC_SIZE: size_t = 16;
-pub const SGX_DH_SESSION_DATA_SIZE: size_t = 200;
+pub const SGX_DH_MAC_SIZE: size_t = 16;
+pub const SGX_DH_SESSION_DATA_SIZE: size_t = 200;
impl_packed_copy_clone! {
pub struct sgx_dh_msg1_t {
@@ -175,24 +174,24 @@
// sgx_key.h
//
// Key Name
-pub const SGX_KEYSELECT_LICENSE: uint16_t = 0x0000;
-pub const SGX_KEYSELECT_PROVISION: uint16_t = 0x0001;
-pub const SGX_KEYSELECT_PROVISION_SEAL: uint16_t = 0x0002;
-pub const SGX_KEYSELECT_REPORT: uint16_t = 0x0003;
-pub const SGX_KEYSELECT_SEAL: uint16_t = 0x0004;
+pub const SGX_KEYSELECT_LICENSE: uint16_t = 0x0000;
+pub const SGX_KEYSELECT_PROVISION: uint16_t = 0x0001;
+pub const SGX_KEYSELECT_PROVISION_SEAL: uint16_t = 0x0002;
+pub const SGX_KEYSELECT_REPORT: uint16_t = 0x0003;
+pub const SGX_KEYSELECT_SEAL: uint16_t = 0x0004;
// Key Policy
-pub const SGX_KEYPOLICY_MRENCLAVE: uint16_t = 0x0001; /* Derive key using the enclave's ENCLAVE measurement register */
-pub const SGX_KEYPOLICY_MRSIGNER: uint16_t = 0x0002; /* Derive key using the enclave's SINGER measurement register */
-pub const SGX_KEYPOLICY_NOISVPRODID: uint16_t = 0x0004; /* Derive key without the enclave's ISVPRODID */
-pub const SGX_KEYPOLICY_CONFIGID: uint16_t = 0x0008; /* Derive key with the enclave's CONFIGID */
-pub const SGX_KEYPOLICY_ISVFAMILYID: uint16_t = 0x0010; /* Derive key with the enclave's ISVFAMILYID */
-pub const SGX_KEYPOLICY_ISVEXTPRODID: uint16_t = 0x0020; /* Derive key with the enclave's ISVEXTPRODID */
+pub const SGX_KEYPOLICY_MRENCLAVE: uint16_t = 0x0001; /* Derive key using the enclave's ENCLAVE measurement register */
+pub const SGX_KEYPOLICY_MRSIGNER: uint16_t = 0x0002; /* Derive key using the enclave's SINGER measurement register */
+pub const SGX_KEYPOLICY_NOISVPRODID: uint16_t = 0x0004; /* Derive key without the enclave's ISVPRODID */
+pub const SGX_KEYPOLICY_CONFIGID: uint16_t = 0x0008; /* Derive key with the enclave's CONFIGID */
+pub const SGX_KEYPOLICY_ISVFAMILYID: uint16_t = 0x0010; /* Derive key with the enclave's ISVFAMILYID */
+pub const SGX_KEYPOLICY_ISVEXTPRODID: uint16_t = 0x0020; /* Derive key with the enclave's ISVEXTPRODID */
-pub const SGX_KEYID_SIZE: size_t = 32;
-pub const SGX_CPUSVN_SIZE: size_t = 16;
-pub const SGX_CONFIGID_SIZE: size_t = 64;
-pub const SGX_KEY_REQUEST_RESERVED2_BYTES: size_t = 434;
+pub const SGX_KEYID_SIZE: size_t = 32;
+pub const SGX_CPUSVN_SIZE: size_t = 16;
+pub const SGX_CONFIGID_SIZE: size_t = 64;
+pub const SGX_KEY_REQUEST_RESERVED2_BYTES: size_t = 434;
pub type sgx_key_128bit_t = [uint8_t; 16];
pub type sgx_isv_svn_t = uint16_t;
@@ -408,7 +407,7 @@
pub const SGX_REPORT_DATA_SIZE: size_t = 64;
pub const SGX_ISVEXT_PROD_ID_SIZE: size_t = 16;
-pub const SGX_ISV_FAMILY_ID_SIZE: size_t = 16;
+pub const SGX_ISV_FAMILY_ID_SIZE: size_t = 16;
pub type sgx_isvext_prod_id_t = [uint8_t; SGX_ISVEXT_PROD_ID_SIZE];
pub type sgx_isvfamily_id_t = [uint8_t; SGX_ISV_FAMILY_ID_SIZE];
@@ -496,6 +495,97 @@
sgx_report_t;
}
+/* intel sgx sdk 2.16 */
+//
+// sgx_report2.h
+//
+pub const TEE_HASH_384_SIZE: size_t = 48; // SHA384
+pub const TEE_MAC_SIZE: size_t = 32; // Message SHA 256 HASH Code - 32 bytes
+
+pub const SGX_REPORT2_DATA_SIZE: size_t = 64;
+pub const TEE_CPU_SVN_SIZE: size_t = 16;
+
+pub type tee_mac_t = [uint8_t; TEE_MAC_SIZE];
+
+impl_struct! {
+ pub struct tee_cpu_svn_t {
+ pub svn: [uint8_t; TEE_CPU_SVN_SIZE],
+ }
+
+ pub struct tee_attributes_t {
+ pub a: [uint32_t; 2],
+ }
+
+ pub struct tee_report_type_t {
+ pub report_type: uint8_t,
+ pub subtype: uint8_t,
+ pub version: uint8_t,
+ pub reserved: uint8_t,
+ }
+}
+
+impl_copy_clone! {
+ pub struct tee_measurement_t {
+ pub m: [uint8_t; TEE_HASH_384_SIZE],
+ }
+
+ pub struct tee_report_data_t {
+ pub d: [uint8_t; SGX_REPORT2_DATA_SIZE],
+ }
+}
+
+impl_struct_default! {
+ tee_measurement_t; //48
+ tee_report_data_t; //64
+}
+
+impl_struct_ContiguousMemory! {
+ tee_measurement_t;
+ tee_report_data_t;
+}
+
+pub const SGX_LEGACY_REPORT_TYPE: uint8_t = 0x0; // SGX Legacy Report Type
+pub const TEE_REPORT2_TYPE: uint8_t = 0x81; // TEE Report Type2
+pub const TEE_REPORT2_SUBTYPE: uint8_t = 0x0; // SUBTYPE for Report Type2 is 0
+pub const TEE_REPORT2_VERSION: uint8_t = 0x0; // VERSION for Report Type2 is 0
+
+pub const SGX_REPORT2_MAC_RESERVED1_BYTES: size_t = 12;
+pub const SGX_REPORT2_MAC_RESERVED2_BYTES: size_t = 32;
+
+pub const TEE_TCB_INFO_SIZE: size_t = 239;
+pub const SGX_REPORT2_RESERVED_BYTES: size_t = 17;
+pub const TEE_INFO_SIZE: size_t = 512;
+
+impl_copy_clone! {
+ pub struct sgx_report2_mac_struct_t {
+ pub report_type: tee_report_type_t,
+ pub reserved1: [uint8_t; SGX_REPORT2_MAC_RESERVED1_BYTES],
+ pub cpu_svn: tee_cpu_svn_t,
+ pub tee_tcb_info_hash: tee_measurement_t,
+ pub tee_info_hash: tee_measurement_t,
+ pub report_data: tee_report_data_t,
+ pub reserved2: [uint8_t; SGX_REPORT2_MAC_RESERVED2_BYTES],
+ pub mac: tee_mac_t,
+ }
+
+ pub struct sgx_report2_t {
+ pub report_mac_struct: sgx_report2_mac_struct_t,
+ pub tee_tcb_info: [uint8_t; TEE_TCB_INFO_SIZE],
+ pub reserved: [uint8_t; SGX_REPORT2_RESERVED_BYTES],
+ pub tee_info: [uint8_t; TEE_INFO_SIZE],
+ }
+}
+
+impl_struct_default! {
+ sgx_report2_mac_struct_t; //256
+ sgx_report2_t; //1024
+}
+
+impl_struct_ContiguousMemory! {
+ sgx_report2_mac_struct_t;
+ sgx_report2_t;
+}
+
//
// sgx_spinlock.h
//
@@ -554,21 +644,22 @@
//
// sgx_tcrypto.h
//
-pub const SGX_SHA1_HASH_SIZE: size_t = 20;
-pub const SGX_SHA256_HASH_SIZE: size_t = 32;
-pub const SGX_ECP256_KEY_SIZE: size_t = 32;
-pub const SGX_NISTP_ECP256_KEY_SIZE: size_t = SGX_ECP256_KEY_SIZE / 4;
-pub const SGX_AESGCM_IV_SIZE: size_t = 12;
-pub const SGX_AESGCM_KEY_SIZE: size_t = 16;
-pub const SGX_AESGCM_MAC_SIZE: size_t = 16;
-pub const SGX_HMAC256_KEY_SIZE: size_t = 32;
-pub const SGX_HMAC256_MAC_SIZE: size_t = 32;
-pub const SGX_CMAC_KEY_SIZE: size_t = 16;
-pub const SGX_CMAC_MAC_SIZE: size_t = 16;
-pub const SGX_AESCTR_KEY_SIZE: size_t = 16;
-pub const SGX_RSA3072_KEY_SIZE: size_t = 384;
-pub const SGX_RSA3072_PRI_EXP_SIZE: size_t = 384;
-pub const SGX_RSA3072_PUB_EXP_SIZE: size_t = 4;
+pub const SGX_SHA1_HASH_SIZE: size_t = 20;
+pub const SGX_SHA256_HASH_SIZE: size_t = 32;
+pub const SGX_SHA384_HASH_SIZE: size_t = 48;
+pub const SGX_ECP256_KEY_SIZE: size_t = 32;
+pub const SGX_NISTP_ECP256_KEY_SIZE: size_t = SGX_ECP256_KEY_SIZE / 4;
+pub const SGX_AESGCM_IV_SIZE: size_t = 12;
+pub const SGX_AESGCM_KEY_SIZE: size_t = 16;
+pub const SGX_AESGCM_MAC_SIZE: size_t = 16;
+pub const SGX_HMAC256_KEY_SIZE: size_t = 32;
+pub const SGX_HMAC256_MAC_SIZE: size_t = 32;
+pub const SGX_CMAC_KEY_SIZE: size_t = 16;
+pub const SGX_CMAC_MAC_SIZE: size_t = 16;
+pub const SGX_AESCTR_KEY_SIZE: size_t = 16;
+pub const SGX_RSA3072_KEY_SIZE: size_t = 384;
+pub const SGX_RSA3072_PRI_EXP_SIZE: size_t = 384;
+pub const SGX_RSA3072_PUB_EXP_SIZE: size_t = 4;
impl_struct! {
pub struct sgx_ec256_dh_shared_t {
@@ -637,14 +728,15 @@
//pub type sgx_rsa3072_signature_t = [uint8_t; SGX_RSA3072_KEY_SIZE];
-pub type sgx_sha_state_handle_t = *mut c_void;
-pub type sgx_hmac_state_handle_t = *mut c_void;
-pub type sgx_cmac_state_handle_t = *mut c_void;
-pub type sgx_ecc_state_handle_t = *mut c_void;
-pub type sgx_aes_state_handle_t = *mut c_void;
+pub type sgx_sha_state_handle_t = *mut c_void;
+pub type sgx_hmac_state_handle_t = *mut c_void;
+pub type sgx_cmac_state_handle_t = *mut c_void;
+pub type sgx_ecc_state_handle_t = *mut c_void;
+pub type sgx_aes_state_handle_t = *mut c_void;
pub type sgx_sha1_hash_t = [uint8_t; SGX_SHA1_HASH_SIZE];
pub type sgx_sha256_hash_t = [uint8_t; SGX_SHA256_HASH_SIZE];
+pub type sgx_sha384_hash_t = [uint8_t; SGX_SHA384_HASH_SIZE];
pub type sgx_aes_gcm_128bit_key_t = [uint8_t; SGX_AESGCM_KEY_SIZE];
pub type sgx_aes_gcm_128bit_tag_t = [uint8_t; SGX_AESGCM_MAC_SIZE];
@@ -1240,9 +1332,29 @@
pub p_cert_data: *mut uint8_t,
}
+/* intel DCAP 1.13 */
+pub const MAX_PARAM_STRING_SIZE: usize = 256;
+
+impl_copy_clone! {
+ pub struct sgx_ql_qve_collateral_param_t {
+ key: [uint8_t; MAX_PARAM_STRING_SIZE + 1],
+ value: [uint8_t; MAX_PARAM_STRING_SIZE + 1],
+ }
+}
+
+impl_struct_default! {
+ sgx_ql_qve_collateral_param_t; //514
+}
+
+impl_struct_ContiguousMemory! {
+ sgx_ql_qve_collateral_param_t;
+}
+
#[repr(C)]
pub struct sgx_ql_qve_collateral_t {
pub version: uint32_t, // version = 1. PCK Cert chain is in the Quote.
+ /* intel DCAP 1.13 */
+ pub tee_type: u32, // 0x00000000: SGX or 0x00000081: TDX
pub pck_crl_issuer_chain: *mut c_char,
pub pck_crl_issuer_chain_size: uint32_t,
pub root_ca_crl: *mut c_char, // Root CA CRL
@@ -1259,6 +1371,8 @@
pub qe_identity_size: uint32_t,
}
+pub type tdx_ql_qve_collateral_t = sgx_ql_qve_collateral_t;
+
/* intel DCAP 2.14 */
impl_enum! {
#[repr(u32)]
@@ -1269,7 +1383,8 @@
}
}
-pub type sgx_ql_logging_callback_t = extern "C" fn(level: sgx_ql_log_level_t, message: *const c_char);
+pub type sgx_ql_logging_callback_t =
+ extern "C" fn(level: sgx_ql_log_level_t, message: *const c_char);
//
// sgx_quote_3.h
@@ -1408,6 +1523,8 @@
SGX_QL_QE3_PATH = 0,
SGX_QL_PCE_PATH = 1,
SGX_QL_QPL_PATH = 2,
+ /* intel DCAP 1.13 */
+ SGX_QL_IDE_PATH = 3,
}
}
@@ -1444,6 +1561,8 @@
pub tcb_cpusvn: sgx_cpu_svn_t,
pub tcb_pce_isvsvn: sgx_isv_svn_t,
pub pce_id: uint16_t,
+ /* intel DCAP 1.13 */
+ pub tee_type: uint32_t,
/* intel DCAP 1.7 */
pub sgx_type: uint8_t,
@@ -1455,7 +1574,7 @@
}
impl_struct_default! {
- sgx_ql_qv_supplemental_t; //168
+ sgx_ql_qv_supplemental_t; //176
}
impl_struct_ContiguousMemory! {
@@ -1571,7 +1690,6 @@
}
}
-
#[repr(C, align(64))]
#[derive(Copy, Clone, Default)]
pub struct sgx_align_mac_256bit_t {
@@ -1607,7 +1725,7 @@
}
#[cfg(feature = "extra_traits")]
-impl PartialEq for sgx_align_ec256_dh_shared_t {
+impl PartialEq for sgx_align_ec256_dh_shared_t {
#[inline]
fn eq(&self, other: &sgx_align_ec256_dh_shared_t) -> bool {
self.key.eq(&other.key)
@@ -1634,7 +1752,7 @@
}
#[cfg(feature = "extra_traits")]
-impl PartialEq for sgx_align_ec256_private_t {
+impl PartialEq for sgx_align_ec256_private_t {
#[inline]
fn eq(&self, other: &sgx_align_ec256_private_t) -> bool {
self.key.eq(&other.key)
diff --git a/sgx_ucrypto/src/crypto.rs b/sgx_ucrypto/src/crypto.rs
index 47eebc5..9a7a5d9 100644
--- a/sgx_ucrypto/src/crypto.rs
+++ b/sgx_ucrypto/src/crypto.rs
@@ -165,6 +165,108 @@
unsafe { sgx_sha256_close(sha_handle) }
}
+///
+/// The rsgx_sha384_msg function performs a standard SHA384 hash over the input data buffer.
+///
+pub fn rsgx_sha384_msg<T>(src: &T) -> SgxResult<sgx_sha384_hash_t>
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of::<T>();
+ if size == 0 {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+ if size > u32::MAX as usize {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = unsafe {
+ sgx_sha384_msg(
+ src as *const _ as *const u8,
+ size as u32,
+ &mut hash as *mut sgx_sha384_hash_t,
+ )
+ };
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+}
+
+///
+/// The rsgx_sha384_slice function performs a standard SHA384 hash over the input data buffer.
+///
+pub fn rsgx_sha384_slice<T>(src: &[T]) -> SgxResult<sgx_sha384_hash_t>
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of_val(src);
+ if size == 0 {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+ if size > u32::MAX as usize {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = unsafe {
+ sgx_sha384_msg(
+ src.as_ptr() as *const u8,
+ size as u32,
+ &mut hash as *mut sgx_sha384_hash_t,
+ )
+ };
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+}
+
+fn rsgx_sha384_init(sha_handle: &mut sgx_sha_state_handle_t) -> sgx_status_t {
+ unsafe { sgx_sha384_init(sha_handle as *mut sgx_sha_state_handle_t) }
+}
+
+fn rsgx_sha384_update_msg<T>(src: &T, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of::<T>();
+ if size == 0 {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ if size > u32::MAX as usize {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+
+ unsafe { sgx_sha384_update(src as *const _ as *const u8, size as u32, sha_handle) }
+}
+
+fn rsgx_sha384_update_slice<T>(src: &[T], sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
+where
+ T: Copy + ContiguousMemory,
+{
+ let size = mem::size_of_val(src);
+ if size == 0 {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ if size > u32::MAX as usize {
+ return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
+ }
+ unsafe { sgx_sha384_update(src.as_ptr() as *const u8, size as u32, sha_handle) }
+}
+
+fn rsgx_sha384_get_hash(
+ sha_handle: sgx_sha_state_handle_t,
+ hash: &mut sgx_sha384_hash_t,
+) -> sgx_status_t {
+ unsafe { sgx_sha384_get_hash(sha_handle, hash as *mut sgx_sha384_hash_t) }
+}
+
+fn rsgx_sha384_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t {
+ unsafe { sgx_sha384_close(sha_handle) }
+}
+
pub fn rsgx_sha1_msg<T>(src: &T) -> SgxResult<sgx_sha1_hash_t>
where
T: Copy + ContiguousMemory,
@@ -262,7 +364,7 @@
}
///
-/// SHA algorithm context state.
+/// SHA256 algorithm context state.
///
/// This is a handle to the context state used by the cryptography library to perform an iterative SHA256 hash.
/// The algorithm stores the intermediate results of performing the hash calculation over data sets.
@@ -504,6 +606,141 @@
}
}
+///
+/// SHA384 algorithm context state.
+///
+/// This is a handle to the context state used by the cryptography library to perform an iterative SHA384 hash.
+/// The algorithm stores the intermediate results of performing the hash calculation over data sets.
+///
+pub struct SgxSha384Handle {
+ handle: RefCell<sgx_sha_state_handle_t>,
+ initflag: Cell<bool>,
+}
+
+impl SgxSha384Handle {
+ ///
+ /// Constructs a new, empty SgxShaHandle.
+ ///
+ pub fn new() -> SgxSha384Handle {
+ SgxSha384Handle {
+ handle: RefCell::new(ptr::null_mut() as sgx_sha_state_handle_t),
+ initflag: Cell::new(false),
+ }
+ }
+
+ ///
+ /// init returns an allocated and initialized SHA384 algorithm context state.
+ ///
+ pub fn init(&self) -> SgxError {
+ if self.initflag.get() {
+ return Ok(());
+ }
+
+ let ret = rsgx_sha384_init(self.handle.borrow_mut().deref_mut());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => {
+ self.initflag.set(true);
+ Ok(())
+ }
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// update_msg performs a SHA384 hash over the input dataset provided.
+ ///
+ pub fn update_msg<T>(&self, src: &T) -> SgxError
+ where
+ T: Copy + ContiguousMemory,
+ {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let ret = rsgx_sha384_update_msg(src, *self.handle.borrow());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(()),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// update_slice performs a SHA384 hash over the input dataset provided.
+ ///
+ pub fn update_slice<T>(&self, src: &[T]) -> SgxError
+ where
+ T: Copy + ContiguousMemory,
+ {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let ret = rsgx_sha384_update_slice(src, *self.handle.borrow());
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(()),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// get_hash obtains the SHA384 hash after the final dataset has been processed.
+ ///
+ pub fn get_hash(&self) -> SgxResult<sgx_sha384_hash_t> {
+ if !self.initflag.get() {
+ return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
+ }
+
+ let mut hash: sgx_sha384_hash_t = [0_u8; SGX_SHA384_HASH_SIZE];
+ let ret = rsgx_sha384_get_hash(*self.handle.borrow(), &mut hash);
+ match ret {
+ sgx_status_t::SGX_SUCCESS => Ok(hash),
+ _ => Err(ret),
+ }
+ }
+
+ ///
+ /// close cleans up and deallocates the SHA384 state that was allocated in function init.
+ ///
+ pub fn close(&self) -> SgxError {
+ if !self.initflag.get() {
+ return Ok(());
+ }
+
+ let ret = {
+ let handle = *self.handle.borrow();
+ if handle.is_null() {
+ sgx_status_t::SGX_SUCCESS
+ } else {
+ rsgx_sha384_close(handle)
+ }
+ };
+
+ match ret {
+ sgx_status_t::SGX_SUCCESS => {
+ self.initflag.set(false);
+ *self.handle.borrow_mut() = ptr::null_mut();
+ Ok(())
+ }
+ _ => Err(ret),
+ }
+ }
+}
+
+impl Default for SgxSha384Handle {
+ fn default() -> Self {
+ Self::new()
+ }
+}
+
+impl Drop for SgxSha384Handle {
+ ///
+ /// drop cleans up and deallocates the SHA384 state that was allocated in function init.
+ ///
+ fn drop(&mut self) {
+ let _ = self.close();
+ }
+}
+
pub struct SgxSha1Handle {
handle: RefCell<sgx_sha_state_handle_t>,
initflag: Cell<bool>,
@@ -608,7 +845,7 @@
impl Drop for SgxSha1Handle {
///
- /// drop cleans up and deallocates the SHA256 state that was allocated in function init.
+ /// drop cleans up and deallocates the SHA1 state that was allocated in function init.
///
fn drop(&mut self) {
let _ = self.close();
diff --git a/sgx_unwind/build.rs b/sgx_unwind/build.rs
index d76899d..dada8f6 100644
--- a/sgx_unwind/build.rs
+++ b/sgx_unwind/build.rs
@@ -15,11 +15,14 @@
// specific language governing permissions and limitations
// under the License..
+#![feature(available_parallelism)]
+
extern crate sgx_build_helper as build_helper;
use build_helper::{native_lib_boilerplate, run};
use std::env;
use std::process::Command;
+use std::thread;
fn main() {
println!("cargo:rerun-if-changed=build.rs");
@@ -86,6 +89,11 @@
run(Command::new(build_helper::make(host))
.current_dir(&native.out_dir)
.arg(format!("INCDIR={}", native.src_dir.display()))
- .arg("-j5"));
+ .arg(format!(
+ "-j{}",
+ thread::available_parallelism()
+ .map(|n| n.get())
+ .unwrap_or(5)
+ )));
Ok(())
}
diff --git a/sgx_unwind/libunwind/src/se-iterate-phdr.c b/sgx_unwind/libunwind/src/se-iterate-phdr.c
index 7af9ee4..85f08f2 100644
--- a/sgx_unwind/libunwind/src/se-iterate-phdr.c
+++ b/sgx_unwind/libunwind/src/se-iterate-phdr.c
@@ -37,7 +37,7 @@
#endif
#include <link.h>
-extern uint8_t __ImageBase;
+extern void *get_enclave_base(void);
/**
* This function is commonly provided by glibc for application to walk
@@ -53,7 +53,7 @@
ElfW(Ehdr) *ehdr;
memset(&info, 0, sizeof(info));
- ehdr = (ElfW(Ehdr) *) &__ImageBase;
+ ehdr = (ElfW(Ehdr) *)get_enclave_base();
info.dlpi_addr = (ElfW(Addr)) ehdr;
info.dlpi_name = "";
