Merge pull request #31 from beviko/dev-secure-storage

Adds sealing feature similar to Intel SGX
keystone-enclave · May 6, 2020 · 61bc32f · 61bc32f
2 parents 80b23a9 + 4a2184f
commit 61bc32f
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 5 deletions.
diff --git a/sbi.h b/sbi.h
@@ -14,6 +14,7 @@
 #define SBI_SM_CREATE_ENCLAVE    101
 #define SBI_SM_DESTROY_ENCLAVE   102
 #define SBI_SM_ATTEST_ENCLAVE    103
+#define SBI_SM_GET_SEALING_KEY   104
 #define SBI_SM_RUN_ENCLAVE       105
 #define SBI_SM_STOP_ENCLAVE      106
 #define SBI_SM_RESUME_ENCLAVE    107

diff --git a/syscall.c b/syscall.c
@@ -181,6 +181,31 @@ void handle_syscall(struct encl_ctx* ctx)
     copy_to_user((void*)arg0, (void*)rt_copy_buffer_1, 2048);
     //print_strace("[ATTEST] p1 0x%p->0x%p p2 0x%p->0x%p sz %lx = %lu\r\n",arg0,arg0_trans,arg1,arg1_trans,arg2,ret);
     break;
+  case(RUNTIME_SYSCALL_GET_SEALING_KEY):;
+    /* Stores the key receive structure */
+    uintptr_t buffer_1_pa = kernel_va_to_pa(rt_copy_buffer_1);
+
+    /* Stores the key identifier */
+    uintptr_t buffer_2_pa = kernel_va_to_pa(rt_copy_buffer_2);
+
+    if (arg1 > sizeof(rt_copy_buffer_1) ||
+        arg3 > sizeof(rt_copy_buffer_2)) {
+      ret = -1;
+      break;
+    }
+
+    copy_from_user(rt_copy_buffer_2, (void *)arg2, arg3);
+
+    ret = SBI_CALL_3(SBI_SM_GET_SEALING_KEY, buffer_1_pa, buffer_2_pa, arg3);
+
+    if (!ret) {
+      copy_to_user((void *)arg0, (void *)rt_copy_buffer_1, arg1);
+    }
+
+    /* Delete key from copy buffer */
+    memset(rt_copy_buffer_1, 0x00, sizeof(rt_copy_buffer_1));
+
+    break;
 
 
 #ifdef LINUX_SYSCALL_WRAPPING

diff --git a/syscall.h b/syscall.h
@@ -10,11 +10,12 @@
 #include "edge_syscall.h"
 #include "vm.h"
 
-#define RUNTIME_SYSCALL_UNKNOWN         1000
-#define RUNTIME_SYSCALL_OCALL           1001
-#define RUNTIME_SYSCALL_SHAREDCOPY      1002
-#define RUNTIME_SYSCALL_ATTEST_ENCLAVE  1003
-#define RUNTIME_SYSCALL_EXIT            1101
+#define RUNTIME_SYSCALL_UNKNOWN             1000
+#define RUNTIME_SYSCALL_OCALL               1001
+#define RUNTIME_SYSCALL_SHAREDCOPY          1002
+#define RUNTIME_SYSCALL_ATTEST_ENCLAVE      1003
+#define RUNTIME_SYSCALL_GET_SEALING_KEY     1004
+#define RUNTIME_SYSCALL_EXIT                1101
 
 void handle_syscall(struct encl_ctx* ctx);
 void init_edge_internals(void);