1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
use std::io::{Error, ErrorKind, Result};
use std::{fs, path::Path};
use crate::sgx::{self, SgxTargetInfo};
const GRAPHENE_OWN_TARGET_INFO_PATH: &str = "/dev/attestation/my_target_info";
const GRAPHENE_TARGET_INFO_PATH: &str = "/dev/attestation/target_info";
const GRAPHENE_USER_DATA_PATH: &str = "/dev/attestation/user_report_data";
const GRAPHENE_REPORT_PATH: &str = "/dev/attestation/report";
const GRAPHENE_QUOTE_PATH: &str = "/dev/attestation/quote";
const GRAPHENE_PF_KEY_PATH: &str = "/dev/attestation/protected_files_key";
pub fn is_graphene_enclave() -> bool {
Path::new(GRAPHENE_QUOTE_PATH).exists()
}
pub fn get_target_info() -> Result<Vec<u8>> {
fs::read(GRAPHENE_OWN_TARGET_INFO_PATH)
}
pub fn get_report(target_info_bytes: &[u8], user_data: &[u8]) -> Result<Vec<u8>> {
if target_info_bytes.len() != SgxTargetInfo::size_raw() {
return Err(Error::from(ErrorKind::InvalidInput));
}
fs::write(GRAPHENE_TARGET_INFO_PATH, target_info_bytes)?;
fs::write(
GRAPHENE_USER_DATA_PATH,
sgx::expand_report_data(user_data)?.as_ref(),
)?;
Ok(fs::read(GRAPHENE_REPORT_PATH)?)
}
pub fn get_quote(user_data: &[u8]) -> Result<Vec<u8>> {
fs::write(
GRAPHENE_USER_DATA_PATH,
sgx::expand_report_data(user_data)?.as_ref(),
)?;
Ok(fs::read(GRAPHENE_QUOTE_PATH)?)
}
pub fn set_protected_files_key(key: &str) -> Result<()> {
fs::write(GRAPHENE_PF_KEY_PATH, key.as_bytes())
}