#6025

Committed 07 May 2025 08:53PM UTC coverage: 47.67% (+0.1%) from 47.522%

Build # #6025

Build Type

Committed by

Commit Message

go/storage/mkvs/checkpoint: Remove unused depth parameter

Pull Request Pull Request #6184: go/storage/mkvs/db: Merge Subtree and Batch interface

Run Details

4563 of 9572 relevant lines covered (47.67%)

1.09 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/runtime/src/common/sgx/mod.rs

//! SGX-specific functionality.

pub mod egetkey;
pub mod ias;
pub mod pcs;
pub mod seal;

use anyhow::Result;
use chrono::prelude::*;

use crate::common::time::{insecure_posix_time, update_insecure_posix_time};

/// Maximum age of a quote from the viewpoint of the enclave.
pub const MAX_QUOTE_AGE: i64 = 24 * 60 * 60; // 24 hours

impl_bytes!(MrEnclave, 32, "Enclave hash (MRENCLAVE).");
impl_bytes!(MrSigner, 32, "Enclave signer hash (MRSIGNER).");

/// Enclave identity.
#[derive(Debug, Default, Clone, Hash, Eq, PartialEq, cbor::Encode, cbor::Decode)]
pub struct EnclaveIdentity {
    pub mr_enclave: MrEnclave,
    pub mr_signer: MrSigner,
}

impl EnclaveIdentity {
    /// Enclave identity for the current enclave (when available).
    pub fn current() -> Option<Self> {
        cfg_if::cfg_if! {
            if #[cfg(target_env = "sgx")] {
                // SGX builds, generate actual report.
                let report = sgx_isa::Report::for_self();
                Some(EnclaveIdentity {
                    mr_enclave: MrEnclave(report.mrenclave),
                    mr_signer: MrSigner(report.mrsigner),
                })
            } else if #[cfg(feature = "tdx")] {
                // TDX builds, generate TD report.
                let report = crate::common::tdx::report::get_report(&[0; 64]).expect("failed to get report");
                Some(report.as_enclave_identity())
            } else if #[cfg(feature = "debug-mock-sgx")] {
                // Non-SGX builds, mock SGX enabled, generate mock report. The mock MRENCLAVE is
                // expected to be passed in by the mock SGX runner.
                Some(Self::fortanix_test(std::env::var("OASIS_MOCK_MRENCLAVE").unwrap().parse().unwrap()))
            } else {
                // Non-SGX builds, mock SGX disabled, no enclave identity.
                None
            }
        }
    }

    /// Enclave identity using a test MRSIGNER from Fortanix with a well-known private key.
    pub fn fortanix_test(mr_enclave: MrEnclave) -> Self {
        Self {
            mr_enclave,
            mr_signer: MrSigner::from(
                "9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a",
            ),
        }
    }
}

/// An unverified SGX remote attestation quote, depending on the attestation scheme.
#[derive(Clone, Debug, PartialEq, Eq, cbor::Encode, cbor::Decode)]
pub enum Quote {
    #[cbor(rename = "ias")]
    Ias(ias::AVR),

    #[cbor(rename = "pcs")]
    Pcs(pcs::QuoteBundle),
}

impl Quote {
    /// Verify the remote attestation quote.
    pub fn verify(&self, policy: &QuotePolicy) -> Result<VerifiedQuote> {
        let mut verified_quote = match self {
            Quote::Ias(avr) => ias::verify(avr, &policy.ias.clone().unwrap_or_default()),
            Quote::Pcs(qb) => {
                let now = Utc.timestamp_opt(insecure_posix_time(), 0).unwrap();
                Ok(qb.verify(&policy.pcs.clone().unwrap_or_default(), now)?)
            }
        }?;

        // Force-ratchet the clock forward, to at least the time in the verified quote.
        update_insecure_posix_time(verified_quote.timestamp);
        verified_quote.timestamp = insecure_posix_time();

        Ok(verified_quote)
    }

    /// Whether the quote should be considered fresh.
    pub fn is_fresh(&self, now: i64, ts: i64, policy: &QuotePolicy) -> bool {
        // Check general freshness requirement.
        if (now - ts).abs() > MAX_QUOTE_AGE {
            return false;
        }

        // Check quote-specific expiration policy.
        match self {
            Quote::Ias(_) => true, // No additional checks for IAS quotes.
            Quote::Pcs(_) => !policy.pcs.clone().unwrap_or_default().is_expired(now, ts),
        }
    }
}

/// Quote validity policy.
#[derive(Clone, Debug, Default, PartialEq, Eq, cbor::Encode, cbor::Decode)]
pub struct QuotePolicy {
    #[cbor(rename = "ias")]
    pub ias: Option<ias::QuotePolicy>,

    #[cbor(rename = "pcs")]
    pub pcs: Option<pcs::QuotePolicy>,
}

/// A remote attestation quote that has undergone verification.
#[derive(Debug, Default, Clone)]
pub struct VerifiedQuote {
    pub report_data: Vec<u8>,
    pub identity: EnclaveIdentity,
    pub timestamp: i64,
}

/// Generate a report for the given target enclave.
#[cfg(target_env = "sgx")]
pub fn report_for(target_info: &sgx_isa::Targetinfo, report_data: &[u8; 64]) -> sgx_isa::Report {
    sgx_isa::Report::for_target(target_info, report_data)
}

/// Generate a report for the given target enclave.
#[cfg(not(target_env = "sgx"))]
pub fn report_for(_target_info: &sgx_isa::Targetinfo, report_data: &[u8; 64]) -> sgx_isa::Report {
    let ei = EnclaveIdentity::current().expect("mock enclave identity not available");

    // In non-SGX mode, reports are mocked.
    sgx_isa::Report {
        mrenclave: ei.mr_enclave.into(),
        mrsigner: ei.mr_signer.into(),
        cpusvn: [8, 9, 14, 13, 255, 255, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0],
        attributes: sgx_isa::Attributes {
            flags: sgx_isa::AttributesFlags::INIT
                | sgx_isa::AttributesFlags::DEBUG
                | sgx_isa::AttributesFlags::MODE64BIT,
            xfrm: 3,
        },
        reportdata: *report_data,
        ..Default::default()
    }
}

1	//! SGX-specific functionality.
2
3	pub mod egetkey;
4	pub mod ias;
5	pub mod pcs;
6	pub mod seal;
7
8	use anyhow::Result;
9	use chrono::prelude::*;
10
11	use crate::common::time::{insecure_posix_time, update_insecure_posix_time};
12
13	/// Maximum age of a quote from the viewpoint of the enclave.
14	pub const MAX_QUOTE_AGE: i64 = 24 * 60 * 60; // 24 hours
15
16	impl_bytes!(MrEnclave, 32, "Enclave hash (MRENCLAVE).");
17	impl_bytes!(MrSigner, 32, "Enclave signer hash (MRSIGNER).");
18
19	/// Enclave identity.
20	#[derive(Debug, Default, Clone, Hash, Eq, PartialEq, cbor::Encode, cbor::Decode)]
21	pub struct EnclaveIdentity {
22	pub mr_enclave: MrEnclave,
23	pub mr_signer: MrSigner,
24	}
25
26	impl EnclaveIdentity {
27	/// Enclave identity for the current enclave (when available).
28	pub fn current() -> Option<Self> {	×
29	cfg_if::cfg_if! {	×
30	if #[cfg(target_env = "sgx")] {
31	// SGX builds, generate actual report.
32	let report = sgx_isa::Report::for_self();
33	Some(EnclaveIdentity {
34	mr_enclave: MrEnclave(report.mrenclave),
35	mr_signer: MrSigner(report.mrsigner),
36	})
37	} else if #[cfg(feature = "tdx")] {
38	// TDX builds, generate TD report.
39	let report = crate::common::tdx::report::get_report(&[0; 64]).expect("failed to get report");
40	Some(report.as_enclave_identity())
41	} else if #[cfg(feature = "debug-mock-sgx")] {
42	// Non-SGX builds, mock SGX enabled, generate mock report. The mock MRENCLAVE is
43	// expected to be passed in by the mock SGX runner.
44	Some(Self::fortanix_test(std::env::var("OASIS_MOCK_MRENCLAVE").unwrap().parse().unwrap()))
45	} else {
46	// Non-SGX builds, mock SGX disabled, no enclave identity.
47	None
48	}
49	}
50	}
51
52	/// Enclave identity using a test MRSIGNER from Fortanix with a well-known private key.
53	pub fn fortanix_test(mr_enclave: MrEnclave) -> Self {	×
54	Self {
55	mr_enclave,
56	mr_signer: MrSigner::from(	×
57	"9affcfae47b848ec2caf1c49b4b283531e1cc425f93582b36806e52a43d78d1a",
58	),
59	}
60	}
61	}
62
63	/// An unverified SGX remote attestation quote, depending on the attestation scheme.
64	#[derive(Clone, Debug, PartialEq, Eq, cbor::Encode, cbor::Decode)]
65	pub enum Quote {
66	#[cbor(rename = "ias")]
67	Ias(ias::AVR),
68
69	#[cbor(rename = "pcs")]
70	Pcs(pcs::QuoteBundle),
71	}
72
73	impl Quote {
74	/// Verify the remote attestation quote.
75	pub fn verify(&self, policy: &QuotePolicy) -> Result<VerifiedQuote> {	×
76	let mut verified_quote = match self {	×
77	Quote::Ias(avr) => ias::verify(avr, &policy.ias.clone().unwrap_or_default()),	×
78	Quote::Pcs(qb) => {	×
79	let now = Utc.timestamp_opt(insecure_posix_time(), 0).unwrap();	×
80	Ok(qb.verify(&policy.pcs.clone().unwrap_or_default(), now)?)	×
81	}
82	}?;
83
84	// Force-ratchet the clock forward, to at least the time in the verified quote.
85	update_insecure_posix_time(verified_quote.timestamp);	×
86	verified_quote.timestamp = insecure_posix_time();	×
87
88	Ok(verified_quote)	×
89	}
90
91	/// Whether the quote should be considered fresh.
92	pub fn is_fresh(&self, now: i64, ts: i64, policy: &QuotePolicy) -> bool {	×
93	// Check general freshness requirement.
94	if (now - ts).abs() > MAX_QUOTE_AGE {	×
95	return false;	×
96	}
97
98	// Check quote-specific expiration policy.
99	match self {	×
100	Quote::Ias(_) => true, // No additional checks for IAS quotes.	×
101	Quote::Pcs(_) => !policy.pcs.clone().unwrap_or_default().is_expired(now, ts),	×
102	}
103	}
104	}
105
106	/// Quote validity policy.
107	#[derive(Clone, Debug, Default, PartialEq, Eq, cbor::Encode, cbor::Decode)]
108	pub struct QuotePolicy {
109	#[cbor(rename = "ias")]
110	pub ias: Option<ias::QuotePolicy>,
111
112	#[cbor(rename = "pcs")]
113	pub pcs: Option<pcs::QuotePolicy>,
114	}
115
116	/// A remote attestation quote that has undergone verification.
117	#[derive(Debug, Default, Clone)]
118	pub struct VerifiedQuote {
119	pub report_data: Vec<u8>,
120	pub identity: EnclaveIdentity,
121	pub timestamp: i64,
122	}
123
124	/// Generate a report for the given target enclave.
125	#[cfg(target_env = "sgx")]
126	pub fn report_for(target_info: &sgx_isa::Targetinfo, report_data: &[u8; 64]) -> sgx_isa::Report {
127	sgx_isa::Report::for_target(target_info, report_data)
128	}
129
130	/// Generate a report for the given target enclave.
131	#[cfg(not(target_env = "sgx"))]
132	pub fn report_for(_target_info: &sgx_isa::Targetinfo, report_data: &[u8; 64]) -> sgx_isa::Report {	×
133	let ei = EnclaveIdentity::current().expect("mock enclave identity not available");	×
134
135	// In non-SGX mode, reports are mocked.
136	sgx_isa::Report {
137	mrenclave: ei.mr_enclave.into(),	×
138	mrsigner: ei.mr_signer.into(),	×
139	cpusvn: [8, 9, 14, 13, 255, 255, 1, 0, 0, 0, 0, 0, 0, 0, 0, 0],	×
140	attributes: sgx_isa::Attributes {	×
141	flags: sgx_isa::AttributesFlags::INIT
142	\| sgx_isa::AttributesFlags::DEBUG
143	\| sgx_isa::AttributesFlags::MODE64BIT,
144	xfrm: 3,
145	},
146	reportdata: *report_data,	×
147	..Default::default()
148	}
149	}

oasisprotocol / oasis-core / #6025

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous