binder/src/ipc/app.rs - incubator-teaclave - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License.

 use serde::{Deserialize, Serialize};

 use sgx_types::error::SgxStatus;
 use sgx_types::types::EnclaveId;

 use crate::ipc::IpcError;
 use crate::ipc::IpcSender;
 use log::{debug, error};
 use teaclave_types::ECallStatus;

 // Delaration of ecall for App, the implementation is in TEE
 // This function is automatically generated by the procedure macro #[ecall_entry_point].
 // fn enclave_init(eid: EnclaveId, retval: *mut ECallStatus) -> SgxStatus;

 extern "C" {
     fn ecall_ipc_entry_point(
         eid: EnclaveId,
         retval: *mut ECallStatus,
         cmd: u32,
         in_buf: *const u8,
         in_len: usize,
         out_buf: *mut u8,
         out_max: usize,
         out_len: &mut usize,
     ) -> SgxStatus;
 }

 // Implementation of IPC Sender For App
 // ECallChannel, receiver is implemented in TEE
 pub struct ECallChannel {
     enclave_id: EnclaveId,
     curr_out_buf_size: usize,
 }

 impl ECallChannel {
     pub fn new(enclave_id: EnclaveId) -> ECallChannel {
         ECallChannel {
             enclave_id,
             curr_out_buf_size: 256,
         }
     }

     fn ecall_ipc_app_to_tee(
         &mut self,
         cmd: u32,
         request_payload: Vec<u8>,
     ) -> std::result::Result<Vec<u8>, IpcError> {
         debug! {"ecall_ipc_app_to_tee: {:x}, {:x} bytes", cmd, request_payload.len()};

         let in_ptr: *const u8 = request_payload.as_ptr();
         let in_len: usize = request_payload.len();

         let mut retried = false;
         let out_buf = loop {
             let out_max: usize = self.curr_out_buf_size;
             let mut out_buf: Vec<u8> = Vec::with_capacity(out_max);
             let mut out_len: usize = out_max;
             let out_ptr: *mut u8 = out_buf.as_mut_ptr();

             let mut ecall_ret = ECallStatus::default();

             let sgx_status = unsafe {
                 ecall_ipc_entry_point(
                     self.enclave_id,
                     &mut ecall_ret,
                     cmd,
                     in_ptr,
                     in_len,
                     out_ptr,
                     out_max,
                     &mut out_len,
                 )
             };

             // Check sgx return values
             if sgx_status != SgxStatus::Success {
                 error!("ecall_ipc_entry_point, app sgx_error:{}", sgx_status);
                 return Err(IpcError::SgxError(sgx_status));
             }

             // Check rust logic return values
             // If out_buf is not big enough, realloc based on the returned out_len
             // We only retry once for once invocation.
             if ecall_ret.is_err_ffi_outbuf() && !retried {
                 debug!(
                     "ecall_ipc_entry_point, expand app request buffer size: {:?}",
                     ecall_ret
                 );

                 assert!(out_len > out_max);
                 self.curr_out_buf_size = out_len;
                 retried = true;
                 continue;
             }

             // Check rust logic return values
             // Transparent deliever the errors to outer logic.
             if ecall_ret.is_err() {
                 error!("ecall_ipc_entry_point, app api_error: {:?}", ecall_ret);
                 return Err(IpcError::ECallError(ecall_ret));
             }

             unsafe {
                 out_buf.set_len(out_len);
             }
             debug!("ecall_ipc_entry_point OK. App Received Buf: {:?}", out_buf);

             break out_buf;
         };

         Ok(out_buf)
     }
 }

 impl IpcSender for ECallChannel {
     fn invoke<U, V>(&mut self, cmd: u32, input: U) -> std::result::Result<V, IpcError>
     where
         U: Serialize,
         V: for<'de> Deserialize<'de>,
     {
         let request_payload = serde_json::to_vec(&input)?;
         let result_buf = self.ecall_ipc_app_to_tee(cmd, request_payload)?;
         let response: V = serde_json::from_slice(&result_buf)?;
         Ok(response)
     }
 }

 #[cfg(feature = "app_unit_test")]
 pub mod tests {
     use super::*;

     pub fn run_tests(eid: EnclaveId) -> bool {
         let mut ecall_ret = ECallStatus::default();
         let mut out_buf = vec![0; 128];
         let mut out_len = 0usize;
         let sgx_status = unsafe {
             ecall_ipc_entry_point(
                 eid,
                 &mut ecall_ret,
                 0x0000_1003,      //cmd,
                 std::ptr::null(), //in_ptr,
                 128,              //in_len,
                 out_buf.as_mut_ptr(),
                 128,
                 &mut out_len,
             )
         };
         assert_eq!(sgx_status, SgxStatus::Success);
         assert!(ecall_ret.is_err());

         true
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License.

	use serde::{Deserialize, Serialize};

	use sgx_types::error::SgxStatus;
	use sgx_types::types::EnclaveId;

	use crate::ipc::IpcError;
	use crate::ipc::IpcSender;
	use log::{debug, error};
	use teaclave_types::ECallStatus;

	// Delaration of ecall for App, the implementation is in TEE
	// This function is automatically generated by the procedure macro #[ecall_entry_point].
	// fn enclave_init(eid: EnclaveId, retval: *mut ECallStatus) -> SgxStatus;

	extern "C" {
	fn ecall_ipc_entry_point(
	eid: EnclaveId,
	retval: *mut ECallStatus,
	cmd: u32,
	in_buf: *const u8,
	in_len: usize,
	out_buf: *mut u8,
	out_max: usize,
	out_len: &mut usize,
	) -> SgxStatus;
	}

	// Implementation of IPC Sender For App
	// ECallChannel, receiver is implemented in TEE
	pub struct ECallChannel {
	enclave_id: EnclaveId,
	curr_out_buf_size: usize,
	}

	impl ECallChannel {
	pub fn new(enclave_id: EnclaveId) -> ECallChannel {
	ECallChannel {
	enclave_id,
	curr_out_buf_size: 256,
	}
	}

	fn ecall_ipc_app_to_tee(
	&mut self,
	cmd: u32,
	request_payload: Vec<u8>,
	) -> std::result::Result<Vec<u8>, IpcError> {
	debug! {"ecall_ipc_app_to_tee: {:x}, {:x} bytes", cmd, request_payload.len()};

	let in_ptr: *const u8 = request_payload.as_ptr();
	let in_len: usize = request_payload.len();

	let mut retried = false;
	let out_buf = loop {
	let out_max: usize = self.curr_out_buf_size;
	let mut out_buf: Vec<u8> = Vec::with_capacity(out_max);
	let mut out_len: usize = out_max;
	let out_ptr: *mut u8 = out_buf.as_mut_ptr();

	let mut ecall_ret = ECallStatus::default();

	let sgx_status = unsafe {
	ecall_ipc_entry_point(
	self.enclave_id,
	&mut ecall_ret,
	cmd,
	in_ptr,
	in_len,
	out_ptr,
	out_max,
	&mut out_len,
	)
	};

	// Check sgx return values
	if sgx_status != SgxStatus::Success {
	error!("ecall_ipc_entry_point, app sgx_error:{}", sgx_status);
	return Err(IpcError::SgxError(sgx_status));
	}

	// Check rust logic return values
	// If out_buf is not big enough, realloc based on the returned out_len
	// We only retry once for once invocation.
	if ecall_ret.is_err_ffi_outbuf() && !retried {
	debug!(
	"ecall_ipc_entry_point, expand app request buffer size: {:?}",
	ecall_ret
	);

	assert!(out_len > out_max);
	self.curr_out_buf_size = out_len;
	retried = true;
	continue;
	}

	// Check rust logic return values
	// Transparent deliever the errors to outer logic.
	if ecall_ret.is_err() {
	error!("ecall_ipc_entry_point, app api_error: {:?}", ecall_ret);
	return Err(IpcError::ECallError(ecall_ret));
	}

	unsafe {
	out_buf.set_len(out_len);
	}
	debug!("ecall_ipc_entry_point OK. App Received Buf: {:?}", out_buf);

	break out_buf;
	};

	Ok(out_buf)
	}
	}

	impl IpcSender for ECallChannel {
	fn invoke<U, V>(&mut self, cmd: u32, input: U) -> std::result::Result<V, IpcError>
	where
	U: Serialize,
	V: for<'de> Deserialize<'de>,
	{
	let request_payload = serde_json::to_vec(&input)?;
	let result_buf = self.ecall_ipc_app_to_tee(cmd, request_payload)?;
	let response: V = serde_json::from_slice(&result_buf)?;
	Ok(response)
	}
	}

	#[cfg(feature = "app_unit_test")]
	pub mod tests {
	use super::*;

	pub fn run_tests(eid: EnclaveId) -> bool {
	let mut ecall_ret = ECallStatus::default();
	let mut out_buf = vec![0; 128];
	let mut out_len = 0usize;
	let sgx_status = unsafe {
	ecall_ipc_entry_point(
	eid,
	&mut ecall_ret,
	0x0000_1003, //cmd,
	std::ptr::null(), //in_ptr,
	128, //in_len,
	out_buf.as_mut_ptr(),
	128,
	&mut out_len,
	)
	};
	assert_eq!(sgx_status, SgxStatus::Success);
	assert!(ecall_ret.is_err());

	true
	}
	}