use sgx_types::*;
use sgx_types::marker::ContiguousMemory;
use core::ops::{Drop, DerefMut};
use core::ptr;
use core::mem;
use core::cell::{Cell, RefCell};
pub fn rsgx_sha256_msg<T>(src: &T) -> SgxResult<sgx_sha256_hash_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut hash = sgx_sha256_hash_t::default();
let ret = unsafe { sgx_sha256_msg(src as * const _ as * const u8, size as u32, &mut hash as * mut sgx_sha256_hash_t) };
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn rsgx_sha256_slice<T>(src: &[T]) -> SgxResult<sgx_sha256_hash_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut hash = sgx_sha256_hash_t::default();
let ret = unsafe { sgx_sha256_msg(src.as_ptr() as * const u8, size as u32, &mut hash as * mut sgx_sha256_hash_t) };
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
fn rsgx_sha256_init(sha_handle: &mut sgx_sha_state_handle_t) -> sgx_status_t {
unsafe {
sgx_sha256_init(sha_handle as * mut sgx_sha_state_handle_t)
}
}
fn rsgx_sha256_update_msg<T>(src: &T, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_sha256_update(src as * const _ as * const u8, size as u32, sha_handle)
}
}
fn rsgx_sha256_update_slice<T>(src: &[T], sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_sha256_update(src.as_ptr() as * const u8, size as u32, sha_handle)
}
}
fn rsgx_sha256_get_hash(sha_handle: sgx_sha_state_handle_t, hash: &mut sgx_sha256_hash_t) -> sgx_status_t {
unsafe { sgx_sha256_get_hash(sha_handle, hash as * mut sgx_sha256_hash_t) }
}
fn rsgx_sha256_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t {
unsafe { sgx_sha256_close(sha_handle) }
}
pub fn rsgx_sha1_msg<T>(src: &T) -> SgxResult<sgx_sha1_hash_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut hash = sgx_sha1_hash_t::default();
let ret = unsafe { sgx_sha1_msg(src as * const _ as * const u8, size as u32, &mut hash as * mut sgx_sha1_hash_t) };
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn rsgx_sha1_slice<T>(src: &[T]) -> SgxResult<sgx_sha1_hash_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut hash = sgx_sha1_hash_t::default();
let ret = unsafe { sgx_sha1_msg(src.as_ptr() as * const u8, size as u32, &mut hash as * mut sgx_sha1_hash_t) };
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
fn rsgx_sha1_init(sha_handle: &mut sgx_sha_state_handle_t) -> sgx_status_t {
unsafe {
sgx_sha1_init(sha_handle as * mut sgx_sha_state_handle_t)
}
}
fn rsgx_sha1_update_msg<T>(src: &T, sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_sha1_update(src as * const _ as * const u8, size as u32, sha_handle)
}
}
fn rsgx_sha1_update_slice<T>(src: &[T], sha_handle: sgx_sha_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_sha1_update(src.as_ptr() as * const u8, size as u32, sha_handle)
}
}
fn rsgx_sha1_get_hash(sha_handle: sgx_sha_state_handle_t, hash: &mut sgx_sha1_hash_t) -> sgx_status_t {
unsafe { sgx_sha1_get_hash(sha_handle, hash as * mut sgx_sha1_hash_t) }
}
fn rsgx_sha1_close(sha_handle: sgx_sha_state_handle_t) -> sgx_status_t {
unsafe { sgx_sha1_close(sha_handle) }
}
pub struct SgxShaHandle {
handle: RefCell<sgx_sha_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxShaHandle {
pub fn new() -> Self {
SgxShaHandle{
handle: RefCell::new(ptr::null_mut() as sgx_sha_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn init(&self) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_sha256_init(self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn update_msg<T>(&self, src: &T) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_sha256_update_msg(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn update_slice<T>(&self, src: &[T]) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_sha256_update_slice(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn get_hash(&self) -> SgxResult<sgx_sha256_hash_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut hash = sgx_sha256_hash_t::default();
let ret = rsgx_sha256_get_hash(*self.handle.borrow(), &mut hash);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_sha256_close(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxShaHandle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxShaHandle {
fn drop(&mut self) {
let _ = self.close();
}
}
pub struct SgxSha1Handle {
handle: RefCell<sgx_sha_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxSha1Handle {
pub fn new() -> Self {
SgxSha1Handle{
handle: RefCell::new(ptr::null_mut() as sgx_sha_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn init(&self) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_sha1_init(self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn update_msg<T>(&self, src: &T) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_sha1_update_msg(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn update_slice<T>(&self, src: &[T]) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_sha1_update_slice(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn get_hash(&self) -> SgxResult<sgx_sha1_hash_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut hash = sgx_sha1_hash_t::default();
let ret = rsgx_sha1_get_hash(*self.handle.borrow(), &mut hash);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_sha1_close(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxSha1Handle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxSha1Handle {
fn drop(&mut self) {
let _ = self.close();
}
}
pub fn rsgx_rijndael128GCM_encrypt(key: &sgx_aes_gcm_128bit_key_t,
src: &[u8],
iv: &[u8],
aad: &[u8],
dst: &mut [u8],
mac: &mut sgx_aes_gcm_128bit_tag_t) -> SgxError {
let src_len = src.len();
if src_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let iv_len = iv.len();
if iv_len != SGX_AESGCM_IV_SIZE {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let aad_len = aad.len();
if aad_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let dst_len = dst.len();
if dst_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if dst_len < src_len {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
let p_aad = if aad_len != 0 { aad.as_ptr() } else { ptr::null() };
let (p_src, p_dst) = if src_len != 0 {
(src.as_ptr(), dst.as_mut_ptr())
} else {
(ptr::null(), ptr::null_mut())
};
sgx_rijndael128GCM_encrypt(key as * const sgx_aes_gcm_128bit_key_t,
p_src,
src_len as u32,
p_dst,
iv.as_ptr(),
iv_len as u32,
p_aad,
aad_len as u32,
mac as * mut sgx_aes_gcm_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn rsgx_rijndael128GCM_decrypt(key: &sgx_aes_gcm_128bit_key_t,
src: &[u8],
iv: &[u8],
aad: &[u8],
mac: &sgx_aes_gcm_128bit_tag_t,
dst: &mut [u8]) -> SgxError {
let src_len = src.len();
if src_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let iv_len = iv.len();
if iv_len != SGX_AESGCM_IV_SIZE {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let aad_len = aad.len();
if aad_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let dst_len = dst.len();
if dst_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if dst_len < src_len {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
let p_aad = if !aad.is_empty() { aad.as_ptr() } else { ptr::null() };
let (p_src, p_dst) = if src_len != 0 {
(src.as_ptr(), dst.as_mut_ptr())
} else {
(ptr::null(), ptr::null_mut())
};
sgx_rijndael128GCM_decrypt(key as * const sgx_aes_gcm_128bit_key_t,
p_src,
src_len as u32,
p_dst,
iv.as_ptr(),
iv_len as u32,
p_aad,
aad_len as u32,
mac as * const sgx_aes_gcm_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn rsgx_rijndael128_cmac_msg<T>(key: &sgx_cmac_128bit_key_t, src: &T) -> SgxResult<sgx_cmac_128bit_tag_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut mac = sgx_cmac_128bit_tag_t::default();
let ret = unsafe {
sgx_rijndael128_cmac_msg(key as * const sgx_cmac_128bit_key_t,
src as * const _ as * const u8,
size as u32,
&mut mac as * mut sgx_cmac_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(mac),
_ => Err(ret),
}
}
pub fn rsgx_rijndael128_align_cmac_msg<T>(key: &sgx_cmac_128bit_key_t, src: &T) -> SgxResult<sgx_align_mac_128bit_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut align_mac = sgx_align_mac_128bit_t::default();
let ret = unsafe {
sgx_rijndael128_cmac_msg(key as * const sgx_cmac_128bit_key_t,
src as * const _ as * const u8,
size as u32,
&mut align_mac.mac as * mut sgx_cmac_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_mac),
_ => Err(ret),
}
}
pub fn rsgx_rijndael128_cmac_slice<T>(key: &sgx_cmac_128bit_key_t, src: &[T]) -> SgxResult<sgx_cmac_128bit_tag_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut mac = sgx_cmac_128bit_tag_t::default();
let ret = unsafe {
sgx_rijndael128_cmac_msg(key as * const sgx_cmac_128bit_key_t,
src.as_ptr() as * const u8,
size as u32,
&mut mac as * mut sgx_cmac_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(mac),
_ => Err(ret),
}
}
pub fn rsgx_rijndael128_align_cmac_slice<T>(key: &sgx_cmac_128bit_key_t, src: &[T]) -> SgxResult<sgx_align_mac_128bit_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut align_mac = sgx_align_mac_128bit_t::default();
let ret = unsafe {
sgx_rijndael128_cmac_msg(key as * const sgx_cmac_128bit_key_t,
src.as_ptr() as * const u8,
size as u32,
&mut align_mac.mac as * mut sgx_cmac_128bit_tag_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_mac),
_ => Err(ret),
}
}
fn rsgx_cmac128_init(key: &sgx_cmac_128bit_key_t, cmac_handle: &mut sgx_cmac_state_handle_t) -> sgx_status_t {
unsafe {
sgx_cmac128_init(key as * const sgx_cmac_128bit_key_t,
cmac_handle as * mut sgx_cmac_state_handle_t)
}
}
fn rsgx_cmac128_update_msg<T>(src: &T, cmac_handle: sgx_cmac_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_cmac128_update(src as * const _ as * const u8, size as u32, cmac_handle)
}
}
fn rsgx_cmac128_update_slice<T>(src: &[T], cmac_handle: sgx_cmac_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_cmac128_update(src.as_ptr() as * const _ as * const u8, size as u32, cmac_handle)
}
}
fn rsgx_cmac128_final(cmac_handle: sgx_cmac_state_handle_t, hash: &mut sgx_cmac_128bit_tag_t) -> sgx_status_t {
unsafe { sgx_cmac128_final(cmac_handle, hash as * mut sgx_cmac_128bit_tag_t) }
}
fn rsgx_cmac128_close(cmac_handle: sgx_cmac_state_handle_t) -> sgx_status_t {
unsafe { sgx_cmac128_close(cmac_handle) }
}
pub struct SgxCmacHandle {
handle: RefCell<sgx_cmac_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxCmacHandle {
pub fn new() -> Self {
SgxCmacHandle{
handle: RefCell::new(ptr::null_mut() as sgx_cmac_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn init(&self, key: &sgx_cmac_128bit_key_t) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_cmac128_init(key, self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn update_msg<T>(&self, src: &T) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_cmac128_update_msg(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn update_slice<T>(&self, src: &[T]) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_cmac128_update_slice(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn get_hash(&self) -> SgxResult<sgx_cmac_128bit_tag_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut hash = sgx_cmac_128bit_tag_t::default();
let ret = rsgx_cmac128_final(*self.handle.borrow(), &mut hash);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn get_align_hash(&self) -> SgxResult<sgx_align_mac_128bit_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut align_hash = sgx_align_mac_128bit_t::default();
let ret = rsgx_cmac128_final(*self.handle.borrow(), &mut align_hash.mac);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_hash),
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_cmac128_close(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxCmacHandle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxCmacHandle {
fn drop(&mut self) {
let _ = self.close();
}
}
pub fn rsgx_hmac_sha256_msg<T>(key: &sgx_hmac_256bit_key_t, src: &T) -> SgxResult<sgx_hmac_256bit_tag_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut mac = sgx_hmac_256bit_tag_t::default();
let ret = unsafe {
sgx_hmac_sha256_msg(src as * const _ as * const u8,
size as i32,
key as * const u8,
SGX_HMAC256_KEY_SIZE as i32,
&mut mac as * mut sgx_hmac_256bit_tag_t as * mut u8,
SGX_HMAC256_MAC_SIZE as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(mac),
_ => Err(ret),
}
}
pub fn rsgx_align_hmac_sha256_msg<T>(key: &sgx_hmac_256bit_key_t, src: &T) -> SgxResult<sgx_align_mac_256bit_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut align_mac = sgx_align_mac_256bit_t::default();
let ret = unsafe {
sgx_hmac_sha256_msg(src as * const _ as * const u8,
size as i32,
key as * const u8,
SGX_HMAC256_KEY_SIZE as i32,
&mut align_mac.mac as * mut sgx_hmac_256bit_tag_t as * mut u8,
SGX_HMAC256_MAC_SIZE as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_mac),
_ => Err(ret),
}
}
pub fn rsgx_hmac_sha256_slice<T>(key: &sgx_hmac_256bit_key_t, src: &[T]) -> SgxResult<sgx_hmac_256bit_tag_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut mac = sgx_hmac_256bit_tag_t::default();
let ret = unsafe {
sgx_hmac_sha256_msg(src.as_ptr() as * const u8,
size as i32,
key as * const u8,
SGX_HMAC256_KEY_SIZE as i32,
&mut mac as * mut sgx_hmac_256bit_tag_t as * mut u8,
SGX_HMAC256_MAC_SIZE as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(mac),
_ => Err(ret),
}
}
pub fn rsgx_align_hmac_sha256_slice<T>(key: &sgx_hmac_256bit_key_t, src: &[T]) -> SgxResult<sgx_align_mac_256bit_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut align_mac = sgx_align_mac_256bit_t::default();
let ret = unsafe {
sgx_hmac_sha256_msg(src.as_ptr() as * const u8,
size as i32,
key as * const u8,
SGX_HMAC256_KEY_SIZE as i32,
&mut align_mac.mac as * mut sgx_hmac_256bit_tag_t as * mut u8,
SGX_HMAC256_MAC_SIZE as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_mac),
_ => Err(ret),
}
}
fn rsgx_hmac256_init(key: &sgx_hmac_256bit_key_t, hmac_handle: &mut sgx_hmac_state_handle_t) -> sgx_status_t {
unsafe {
sgx_hmac256_init(key as * const sgx_hmac_256bit_key_t as * const u8,
SGX_HMAC256_KEY_SIZE as i32,
hmac_handle as * mut sgx_hmac_state_handle_t)
}
}
fn rsgx_hmac256_update_msg<T>(src: &T, hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_hmac256_update(src as * const _ as * const u8, size as i32, hmac_handle)
}
}
fn rsgx_hmac256_update_slice<T>(src: &[T], hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(src);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_hmac256_update(src.as_ptr() as * const _ as * const u8, size as i32, hmac_handle)
}
}
fn rsgx_hmac256_final(hmac_handle: sgx_hmac_state_handle_t, hash: &mut sgx_hmac_256bit_tag_t) -> sgx_status_t {
unsafe {
sgx_hmac256_final(hash as * mut sgx_hmac_256bit_tag_t as * mut u8,
SGX_HMAC256_MAC_SIZE as i32,
hmac_handle)
}
}
fn rsgx_hmac256_close(hmac_handle: sgx_hmac_state_handle_t) -> sgx_status_t {
unsafe { sgx_hmac256_close(hmac_handle) }
}
pub struct SgxHmacHandle {
handle: RefCell<sgx_hmac_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxHmacHandle {
pub fn new() -> Self {
SgxHmacHandle{
handle: RefCell::new(ptr::null_mut() as sgx_hmac_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn init(&self, key: &sgx_hmac_256bit_key_t) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_hmac256_init(key, self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn update_msg<T>(&self, src: &T) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_hmac256_update_msg(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn update_slice<T>(&self, src: &[T]) -> SgxError
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_hmac256_update_slice(src, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn get_hash(&self) -> SgxResult<sgx_hmac_256bit_tag_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut hash = sgx_hmac_256bit_tag_t::default();
let ret = rsgx_hmac256_final(*self.handle.borrow(), &mut hash);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(hash),
_ => Err(ret),
}
}
pub fn get_align_hash(&self) -> SgxResult<sgx_align_mac_256bit_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut align_hash = sgx_align_mac_256bit_t::default();
let ret = rsgx_hmac256_final(*self.handle.borrow(), &mut align_hash.mac);
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_hash),
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_hmac256_close(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxHmacHandle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxHmacHandle {
fn drop(&mut self) {
let _ = self.close();
}
}
pub const SGX_AESCTR_CTR_SIZE: size_t = 16;
pub type sgx_aes_ctr_128bit_ctr_t = [uint8_t; SGX_AESCTR_CTR_SIZE];
pub fn rsgx_aes_ctr_encrypt(key: &sgx_aes_ctr_128bit_key_t,
src: &[u8],
ctr: &sgx_aes_ctr_128bit_ctr_t,
ctr_inc_bits: u32,
dst: &mut [u8]) -> SgxError {
let src_len = src.len();
if src_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if src_len < 1 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let dst_len = dst.len();
if dst_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if dst_len < src_len {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
sgx_aes_ctr_encrypt(key as * const sgx_aes_ctr_128bit_key_t,
src.as_ptr(),
src_len as u32,
ctr as * const sgx_aes_ctr_128bit_ctr_t as * const u8,
ctr_inc_bits,
dst.as_mut_ptr())
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn rsgx_aes_ctr_decrypt(key: &sgx_aes_ctr_128bit_key_t,
src: &[u8],
ctr: &sgx_aes_ctr_128bit_ctr_t,
ctr_inc_bits: u32,
dst: &mut [u8]) -> SgxError {
let src_len = src.len();
if src_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if src_len < 1 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let dst_len = dst.len();
if dst_len > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if dst_len < src_len {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
sgx_aes_ctr_decrypt(key as * const sgx_aes_ctr_128bit_key_t,
src.as_ptr(),
src.len() as u32,
ctr as * const sgx_aes_ctr_128bit_ctr_t as * const u8,
ctr_inc_bits,
dst.as_mut_ptr())
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
fn rsgx_ecc256_open_context(ecc_handle: &mut sgx_ecc_state_handle_t) -> sgx_status_t {
unsafe { sgx_ecc256_open_context(ecc_handle as * mut _ as * mut sgx_ecc_state_handle_t) }
}
fn rsgx_ecc256_close_context(ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t {
unsafe { sgx_ecc256_close_context(ecc_handle) }
}
fn rsgx_ecc256_create_key_pair(private: &mut sgx_ec256_private_t,
public: &mut sgx_ec256_public_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t {
unsafe {
sgx_ecc256_create_key_pair(private as * mut sgx_ec256_private_t,
public as * mut sgx_ec256_public_t,
ecc_handle)
}
}
fn rsgx_ecc256_check_point(point: &sgx_ec256_public_t, ecc_handle: sgx_ecc_state_handle_t, valid: &mut i32) -> sgx_status_t {
unsafe { sgx_ecc256_check_point(point as * const sgx_ec256_public_t, ecc_handle, valid as * mut i32) }
}
fn rsgx_ecc256_compute_shared_dhkey(private_b: &sgx_ec256_private_t,
public_ga: &sgx_ec256_public_t,
shared_key: &mut sgx_ec256_dh_shared_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t {
unsafe {
sgx_ecc256_compute_shared_dhkey(private_b as * const _ as * mut sgx_ec256_private_t,
public_ga as * const _ as * mut sgx_ec256_public_t,
shared_key as * mut sgx_ec256_dh_shared_t,
ecc_handle)
}
}
fn rsgx_ecdsa_sign_msg<T>(data: &T,
private: &sgx_ec256_private_t,
signature: &mut sgx_ec256_signature_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_ecdsa_sign(data as * const _ as * const u8,
size as u32,
private as * const _ as * mut sgx_ec256_private_t,
signature as * mut sgx_ec256_signature_t,
ecc_handle)
}
}
fn rsgx_ecdsa_sign_slice<T>(data: &[T],
private: &sgx_ec256_private_t,
signature: &mut sgx_ec256_signature_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(data);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_ecdsa_sign(data.as_ptr() as * const _ as * const u8,
size as u32,
private as * const _ as * mut sgx_ec256_private_t,
signature as * mut sgx_ec256_signature_t,
ecc_handle)
}
}
fn rsgx_ecdsa_verify_msg<T>(data: &T,
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t,
result: &mut sgx_generic_ecresult_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
let mut verify: u8 = 0;
let ret = sgx_ecdsa_verify(data as * const _ as * const u8,
size as u32,
public as * const sgx_ec256_public_t,
signature as * const _ as * mut sgx_ec256_signature_t,
&mut verify as * mut u8,
ecc_handle);
match ret {
sgx_status_t::SGX_SUCCESS => {
let ecresult = sgx_generic_ecresult_t::from_repr(u32::from(verify));
*result = ecresult.unwrap_or(sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE);
},
_ => { *result = sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE; },
};
ret
}
}
fn rsgx_ecdsa_verify_slice<T>(data: &[T],
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t,
result: &mut sgx_generic_ecresult_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(data);
if size == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if size > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
let mut verify: u8 = 0;
let ret = sgx_ecdsa_verify(data.as_ptr() as * const _ as * const u8,
size as u32,
public as * const sgx_ec256_public_t,
signature as * const _ as * mut sgx_ec256_signature_t,
&mut verify as * mut u8,
ecc_handle);
match ret {
sgx_status_t::SGX_SUCCESS => {
let ecresult = sgx_generic_ecresult_t::from_repr(u32::from(verify));
*result = ecresult.unwrap_or(sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE);
},
_ => { *result = sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE; },
};
ret
}
}
fn rsgx_ecdsa_verify_hash(hash: &sgx_sha256_hash_t,
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t,
result: &mut sgx_generic_ecresult_t,
ecc_handle: sgx_ecc_state_handle_t) -> sgx_status_t {
unsafe {
let mut verify: u8 = 0;
let ret = sgx_ecdsa_verify_hash(hash as * const sgx_sha256_hash_t as * const u8,
public as * const sgx_ec256_public_t,
signature as * const _ as * mut sgx_ec256_signature_t,
&mut verify as * mut u8,
ecc_handle);
match ret {
sgx_status_t::SGX_SUCCESS => {
let ecresult = sgx_generic_ecresult_t::from_repr(u32::from(verify));
*result = ecresult.unwrap_or(sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE);
},
_ => { *result = sgx_generic_ecresult_t::SGX_EC_INVALID_SIGNATURE; },
};
ret
}
}
pub struct SgxEccHandle{
handle: RefCell<sgx_ecc_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxEccHandle {
pub fn new() -> Self {
SgxEccHandle{
handle: RefCell::new(ptr::null_mut() as sgx_ecc_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn open(&self) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_ecc256_open_context(self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn create_key_pair(&self) -> SgxResult<(sgx_ec256_private_t, sgx_ec256_public_t)> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut private = sgx_ec256_private_t::default();
let mut public = sgx_ec256_public_t::default();
let ret = rsgx_ecc256_create_key_pair(&mut private, &mut public, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok((private, public)),
_ => Err(ret),
}
}
pub fn create_align_key_pair(&self) -> SgxResult<(sgx_align_ec256_private_t, sgx_ec256_public_t)> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut private = sgx_align_ec256_private_t::default();
let mut public = sgx_ec256_public_t::default();
let ret = rsgx_ecc256_create_key_pair(&mut private.key, &mut public, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok((private, public)),
_ => Err(ret),
}
}
pub fn check_point(&self, point: &sgx_ec256_public_t) -> SgxResult<bool> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut valid: i32 = 0;
let ret = rsgx_ecc256_check_point(point, *self.handle.borrow(), &mut valid);
match ret {
sgx_status_t::SGX_SUCCESS => {
if valid > 0 {
Ok(true)
} else {
Ok(false)
}
},
_ => Err(ret),
}
}
pub fn compute_shared_dhkey(&self, private_b: &sgx_ec256_private_t, public_ga: &sgx_ec256_public_t) -> SgxResult<sgx_ec256_dh_shared_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut shared_key = sgx_ec256_dh_shared_t::default();
let ret = rsgx_ecc256_compute_shared_dhkey(private_b, public_ga, &mut shared_key, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(shared_key),
_ => Err(ret),
}
}
pub fn compute_align_shared_dhkey(&self, private_b: &sgx_ec256_private_t, public_ga: &sgx_ec256_public_t) -> SgxResult<sgx_align_ec256_dh_shared_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut shared_key = sgx_align_ec256_dh_shared_t::default();
let ret = rsgx_ecc256_compute_shared_dhkey(private_b, public_ga, &mut shared_key.key, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(shared_key),
_ => Err(ret),
}
}
pub fn ecdsa_sign_msg<T>(&self, data: &T, private: &sgx_ec256_private_t) -> SgxResult<sgx_ec256_signature_t>
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut signature = sgx_ec256_signature_t::default();
let ret = rsgx_ecdsa_sign_msg(data, private, &mut signature, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(signature),
_ => Err(ret),
}
}
pub fn ecdsa_sign_slice<T>(&self, data: &[T], private: &sgx_ec256_private_t) -> SgxResult<sgx_ec256_signature_t>
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut signature = sgx_ec256_signature_t::default();
let ret = rsgx_ecdsa_sign_slice(data, private, &mut signature, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(signature),
_ => Err(ret),
}
}
pub fn ecdsa_verify_msg<T>(&self,
data: &T,
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t) -> SgxResult<bool>
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut result = sgx_generic_ecresult_t::default();
let ret = rsgx_ecdsa_verify_msg(data, public, signature, &mut result, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => {
match result {
sgx_generic_ecresult_t::SGX_EC_VALID => Ok(true),
_ => Ok(false),
}
},
_ => Err(ret),
}
}
pub fn ecdsa_verify_slice<T>(&self,
data: &[T],
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t) -> SgxResult<bool>
where T: Copy + ContiguousMemory {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut result = sgx_generic_ecresult_t::default();
let ret = rsgx_ecdsa_verify_slice(data, public, signature, &mut result, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => {
match result {
sgx_generic_ecresult_t::SGX_EC_VALID => Ok(true),
_ => Ok(false),
}
},
_ => Err(ret),
}
}
pub fn ecdsa_verify_hash(&self,
hash: &sgx_sha256_hash_t,
public: &sgx_ec256_public_t,
signature: &sgx_ec256_signature_t) -> SgxResult<bool> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut result = sgx_generic_ecresult_t::default();
let ret = rsgx_ecdsa_verify_hash(hash, public, signature, &mut result, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => {
match result {
sgx_generic_ecresult_t::SGX_EC_VALID => Ok(true),
_ => Ok(false),
}
},
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_ecc256_close_context(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxEccHandle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxEccHandle {
fn drop(&mut self) {
let _ = self.close();
}
}
pub fn rsgx_rsa3072_sign_msg<T>(data: &T, key: &sgx_rsa3072_key_t) -> SgxResult<sgx_rsa3072_signature_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut sign = sgx_rsa3072_signature_t::default();
let ret = unsafe {
sgx_rsa3072_sign(data as * const _ as * const u8,
size as u32,
key as * const sgx_rsa3072_key_t,
&mut sign as * mut sgx_rsa3072_signature_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(sign),
_ => Err(ret),
}
}
pub fn rsgx_rsa3072_sign_slice<T>(data: &[T], key: &sgx_rsa3072_key_t) -> SgxResult<sgx_rsa3072_signature_t>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(data);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut sign = sgx_rsa3072_signature_t::default();
let ret = unsafe {
sgx_rsa3072_sign(data.as_ptr() as * const _ as * const u8,
size as u32,
key as * const sgx_rsa3072_key_t,
&mut sign as * mut sgx_rsa3072_signature_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(sign),
_ => Err(ret),
}
}
pub fn rsgx_rsa3072_verify_msg<T>(data: &T,
public: &sgx_rsa3072_public_key_t,
signature: &sgx_rsa3072_signature_t) -> SgxResult<bool>
where T: Copy + ContiguousMemory {
let size = mem::size_of::<T>();
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
unsafe {
let mut verify = sgx_rsa_result_t::SGX_RSA_INVALID_SIGNATURE;
let ret = sgx_rsa3072_verify(data as * const _ as * const u8,
size as u32,
public as * const sgx_rsa3072_public_key_t,
signature as * const sgx_rsa3072_signature_t,
&mut verify as * mut sgx_rsa_result_t);
match ret {
sgx_status_t::SGX_SUCCESS => {
match verify {
sgx_rsa_result_t::SGX_RSA_VALID => Ok(true),
_ => Ok(false),
}
},
_ => Err(ret),
}
}
}
pub fn rsgx_rsa3072_verify_slice<T>(data: &[T],
public: &sgx_rsa3072_public_key_t,
signature: &sgx_rsa3072_signature_t) -> SgxResult<bool>
where T: Copy + ContiguousMemory {
let size = mem::size_of_val(data);
if size == 0 {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if size > u32::max_value() as usize {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
unsafe {
let mut verify = sgx_rsa_result_t::SGX_RSA_INVALID_SIGNATURE;
let ret = sgx_rsa3072_verify(data.as_ptr() as * const _ as * const u8,
size as u32,
public as * const sgx_rsa3072_public_key_t,
signature as * const sgx_rsa3072_signature_t,
&mut verify as * mut sgx_rsa_result_t);
match ret {
sgx_status_t::SGX_SUCCESS => {
match verify {
sgx_rsa_result_t::SGX_RSA_VALID => Ok(true),
_ => Ok(false),
}
},
_ => Err(ret),
}
}
}
#[allow(clippy::many_single_char_names)]
pub fn rsgx_create_rsa_key_pair(n_byte_size: i32,
e_byte_size: i32,
n: &mut [u8],
d: &mut [u8],
e: &mut [u8],
p: &mut [u8],
q: &mut [u8],
dmp1: &mut [u8],
dmq1: &mut [u8],
iqmp: &mut [u8]) -> SgxError {
if (n_byte_size <= 0) || (e_byte_size <= 0) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (n.is_empty()) || (n.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (d.is_empty()) || (d.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (e.is_empty()) || (e.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (p.is_empty()) || (p.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (q.is_empty()) || (q.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (dmp1.is_empty()) || (dmp1.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (dmq1.is_empty()) || (dmq1.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (iqmp.is_empty()) || (iqmp.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
sgx_create_rsa_key_pair(n_byte_size,
e_byte_size,
n.as_mut_ptr(),
d.as_mut_ptr(),
e.as_mut_ptr(),
p.as_mut_ptr(),
q.as_mut_ptr(),
dmp1.as_mut_ptr(),
dmq1.as_mut_ptr(),
iqmp.as_mut_ptr())
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
fn rsgx_create_rsa_priv2_key(mod_size: i32,
exp_size: i32,
e: &[u8],
p: &[u8],
q: &[u8],
dmp1: &[u8],
dmq1: &[u8],
iqmp: &[u8],
new_pri_key: &mut sgx_rsa_key_t) -> sgx_status_t {
if (mod_size <= 0) || (exp_size <= 0) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (e.is_empty()) || (e.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (p.is_empty()) || (p.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (q.is_empty()) || (q.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (dmp1.is_empty()) || (dmp1.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (dmq1.is_empty()) || (dmq1.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (iqmp.is_empty()) || (iqmp.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_create_rsa_priv2_key(mod_size,
exp_size,
e.as_ptr(),
p.as_ptr(),
q.as_ptr(),
dmp1.as_ptr(),
dmq1.as_ptr(),
iqmp.as_ptr(),
new_pri_key as * mut sgx_rsa_key_t)
}
}
fn rsgx_create_rsa_priv1_key(n_size: i32,
e_size: i32,
d_size: i32,
n: &[u8],
e: &[u8],
d: &[u8],
new_pri_key: &mut sgx_rsa_key_t) -> sgx_status_t {
if (n_size <= 0) || (e_size <= 0) || (d_size <= 0) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (n.is_empty()) || (n.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (e.is_empty()) || (e.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (d.is_empty()) || (d.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_create_rsa_priv1_key(n_size,
e_size,
d_size,
n.as_ptr(),
e.as_ptr(),
d.as_ptr(),
new_pri_key as * mut sgx_rsa_key_t)
}
}
fn rsgx_create_rsa_pub1_key(mod_size: i32,
exp_size: i32,
n: &[u8],
e: &[u8],
new_pub_key: &mut sgx_rsa_key_t) -> sgx_status_t {
if (mod_size <= 0) || (exp_size <= 0) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (n.is_empty()) || (n.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if (e.is_empty()) || (e.len() > i32::max_value() as usize) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_create_rsa_pub1_key(mod_size,
exp_size,
n.as_ptr(),
e.as_ptr(),
new_pub_key as * mut sgx_rsa_key_t)
}
}
fn rsgx_free_rsa_key(rsa_key: sgx_rsa_key_t,
key_type: sgx_rsa_key_type_t,
mod_size: i32,
exp_size: i32) -> sgx_status_t {
if (mod_size <= 0) || (exp_size <= 0) {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_free_rsa_key(rsa_key, key_type, mod_size, exp_size)
}
}
fn rsgx_rsa_priv_decrypt_sha256(rsa_key: sgx_rsa_key_t,
out_data: &mut [u8],
out_len: &mut usize,
in_data: &[u8]) -> sgx_status_t {
if in_data.is_empty() {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if * out_len != 0 && out_data.len() != * out_len {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
let p_out_data: * mut u8 = if *out_len != 0 {
out_data.as_mut_ptr()
} else {
ptr::null_mut()
};
sgx_rsa_priv_decrypt_sha256(rsa_key,
p_out_data,
out_len as * mut usize,
in_data.as_ptr(),
in_data.len())
}
}
fn rsgx_rsa_pub_encrypt_sha256(rsa_key: sgx_rsa_key_t,
out_data: &mut [u8],
out_len: &mut usize,
in_data: &[u8]) -> sgx_status_t {
if in_data.is_empty() {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if * out_len != 0 && out_data.len() != * out_len {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
let p_out_data: * mut u8 = if *out_len != 0 {
out_data.as_mut_ptr()
} else {
ptr::null_mut()
};
sgx_rsa_pub_encrypt_sha256(rsa_key,
p_out_data,
out_len as * mut usize,
in_data.as_ptr(),
in_data.len())
}
}
pub struct SgxRsaPrivKey {
key: RefCell<sgx_rsa_key_t>,
mod_size: Cell<i32>,
exp_size: Cell<i32>,
createflag: Cell<bool>,
}
impl SgxRsaPrivKey {
pub fn new() -> Self {
SgxRsaPrivKey {
key: RefCell::new(ptr::null_mut() as sgx_rsa_key_t),
mod_size: Cell::new(0),
exp_size: Cell::new(0),
createflag: Cell::new(false),
}
}
#[inline]
pub fn create(&self,
mod_size: i32,
exp_size: i32,
e: &[u8],
p: &[u8],
q: &[u8],
dmp1: &[u8],
dmq1: &[u8],
iqmp: &[u8]) -> SgxError {
self.create2(mod_size, exp_size, e, p, q, dmp1, dmq1, iqmp)
}
pub fn create2(&self,
mod_size: i32,
exp_size: i32,
e: &[u8],
p: &[u8],
q: &[u8],
dmp1: &[u8],
dmq1: &[u8],
iqmp: &[u8]) -> SgxError {
if self.createflag.get() {
return Ok(());
}
let ret = rsgx_create_rsa_priv2_key(mod_size,
exp_size,
e,
p,
q,
dmp1,
dmq1,
iqmp,
self.key.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.mod_size.set(mod_size);
self.exp_size.set(exp_size);
self.createflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn create1(&self,
mod_size: i32,
exp_size: i32,
priv_exp_size: i32,
n: &[u8],
e: &[u8],
d: &[u8]) -> SgxError {
if self.createflag.get() {
return Ok(());
}
let ret = rsgx_create_rsa_priv1_key(mod_size,
exp_size,
priv_exp_size,
n,
e,
d,
self.key.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.mod_size.set(mod_size);
self.exp_size.set(exp_size);
self.createflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn decrypt_sha256(&self,
out_data: &mut [u8],
out_len: &mut usize,
in_data: &[u8]) -> SgxError {
if !self.createflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_rsa_priv_decrypt_sha256(*self.key.borrow(),
out_data,
out_len,
in_data);
match ret {
sgx_status_t::SGX_SUCCESS => {
Ok(())
},
_ => Err(ret),
}
}
pub fn free(&self) -> SgxError {
if !self.createflag.get() {
return Ok(());
}
let ret = {
let key = *self.key.borrow();
if key.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_free_rsa_key(key,
sgx_rsa_key_type_t::SGX_RSA_PRIVATE_KEY,
self.mod_size.get(),
self.exp_size.get())
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.createflag.set(false);
*self.key.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxRsaPrivKey {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxRsaPrivKey {
fn drop(&mut self) {
let _ = self.free();
}
}
pub struct SgxRsaPubKey {
key: RefCell<sgx_rsa_key_t>,
mod_size: Cell<i32>,
exp_size: Cell<i32>,
createflag: Cell<bool>,
}
impl SgxRsaPubKey {
pub fn new() -> Self {
SgxRsaPubKey {
key: RefCell::new(ptr::null_mut() as sgx_rsa_key_t),
mod_size: Cell::new(0),
exp_size: Cell::new(0),
createflag: Cell::new(false),
}
}
pub fn create(&self,
mod_size: i32,
exp_size: i32,
n: &[u8],
e: &[u8]) -> SgxError {
if self.createflag.get() {
return Ok(());
}
let ret = rsgx_create_rsa_pub1_key(mod_size,
exp_size,
n,
e,
self.key.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => {
self.mod_size.set(mod_size);
self.exp_size.set(exp_size);
self.createflag.set(true);
Ok(())
},
_ => Err(ret),
}
}
pub fn encrypt_sha256(&self,
out_data: &mut [u8],
out_len: &mut usize,
in_data: &[u8]) -> SgxError {
if !self.createflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_rsa_pub_encrypt_sha256(*self.key.borrow(),
out_data,
out_len,
in_data);
match ret {
sgx_status_t::SGX_SUCCESS => {
Ok(())
},
_ => Err(ret),
}
}
pub fn free(&self) -> SgxError {
if !self.createflag.get() {
return Ok(());
}
let ret = {
let key = *self.key.borrow();
if key.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_free_rsa_key(key,
sgx_rsa_key_type_t::SGX_RSA_PUBLIC_KEY,
self.mod_size.get(),
self.exp_size.get())
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.createflag.set(false);
*self.key.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxRsaPubKey {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxRsaPubKey {
fn drop(&mut self) {
let _ = self.free();
}
}
pub fn rsgx_calculate_ecdsa_priv_key(hash_drg: &[u8],
sgx_nistp256_r_m1: &[u8],
out_key: &mut [u8]) -> SgxError {
if (hash_drg.is_empty()) || (hash_drg.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (sgx_nistp256_r_m1.is_empty()) || (sgx_nistp256_r_m1.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (out_key.is_empty()) || (out_key.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let ret = unsafe {
sgx_calculate_ecdsa_priv_key(hash_drg.as_ptr(),
hash_drg.len() as i32,
sgx_nistp256_r_m1.as_ptr(),
sgx_nistp256_r_m1.len() as i32,
out_key.as_mut_ptr(),
out_key.len() as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn rsgx_ecc256_calculate_pub_from_priv(priv_key: &sgx_ec256_private_t,
pub_key: &mut sgx_ec256_public_t) -> SgxError {
let ret = unsafe {
sgx_ecc256_calculate_pub_from_priv(priv_key as * const sgx_ec256_private_t,
pub_key as * mut sgx_ec256_public_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn rsgx_ecc256_priv_key(hash_drg: &[u8], sgx_nistp256_r_m1: &[u8]) -> SgxResult<sgx_ec256_private_t> {
if (hash_drg.is_empty()) || (hash_drg.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (sgx_nistp256_r_m1.is_empty()) || (sgx_nistp256_r_m1.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut priv_key = sgx_ec256_private_t::default();
let ret = unsafe {
sgx_calculate_ecdsa_priv_key(hash_drg.as_ptr(),
hash_drg.len() as i32,
sgx_nistp256_r_m1.as_ptr(),
sgx_nistp256_r_m1.len() as i32,
&mut priv_key as * mut sgx_ec256_private_t as * mut u8,
mem::size_of::<sgx_ec256_private_t>() as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(priv_key),
_ => Err(ret),
}
}
pub fn rsgx_align_ecc256_priv_key(hash_drg: &[u8], sgx_nistp256_r_m1: &[u8]) -> SgxResult<sgx_align_ec256_private_t> {
if (hash_drg.is_empty()) || (hash_drg.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
if (sgx_nistp256_r_m1.is_empty()) || (sgx_nistp256_r_m1.len() > i32::max_value() as usize) {
return Err(sgx_status_t::SGX_ERROR_INVALID_PARAMETER);
}
let mut align_priv_key = sgx_align_ec256_private_t::default();
let ret = unsafe {
sgx_calculate_ecdsa_priv_key(hash_drg.as_ptr(),
hash_drg.len() as i32,
sgx_nistp256_r_m1.as_ptr(),
sgx_nistp256_r_m1.len() as i32,
&mut align_priv_key.key as * mut sgx_ec256_private_t as * mut u8,
mem::size_of::<sgx_ec256_private_t>() as i32)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_priv_key),
_ => Err(ret),
}
}
pub fn rsgx_ecc256_pub_from_priv(priv_key: &sgx_ec256_private_t) -> SgxResult<sgx_ec256_public_t> {
let mut pub_key = sgx_ec256_public_t::default();
let ret = unsafe {
sgx_ecc256_calculate_pub_from_priv(priv_key as * const sgx_ec256_private_t,
&mut pub_key as * mut sgx_ec256_public_t)
};
match ret {
sgx_status_t::SGX_SUCCESS => Ok(pub_key),
_ => Err(ret),
}
}
fn rsgx_aes_gcm128_enc_init(key: &sgx_aes_gcm_128bit_key_t,
iv: &[u8],
aad: &[u8],
aes_gcm_state: &mut sgx_aes_state_handle_t) -> sgx_status_t {
let iv_len = iv.len();
if iv_len != SGX_AESGCM_IV_SIZE {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
let aad_len = aad.len();
if aad_len > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
let p_aad = if !aad.is_empty() { aad.as_ptr() } else { ptr::null() };
sgx_aes_gcm128_enc_init(key as * const sgx_aes_gcm_128bit_key_t as * const u8,
iv.as_ptr(),
iv_len as u32,
p_aad,
aad_len as u32,
aes_gcm_state as * mut sgx_aes_state_handle_t)
}
}
fn rsgx_aes_gcm128_enc_update(src: &[u8],
dst: &mut [u8],
aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t {
let src_len = src.len();
if src_len > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if src_len == 0 {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
let dst_len = dst.len();
if dst_len > u32::max_value() as usize {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
if dst_len == 0 || dst_len < src_len {
return sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
}
unsafe {
sgx_aes_gcm128_enc_update(src.as_ptr(),
src_len as u32,
dst.as_mut_ptr(),
aes_gcm_state)
}
}
fn rsgx_aes_gcm128_enc_get_mac(mac: &mut sgx_aes_gcm_128bit_tag_t,
aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t {
unsafe {
sgx_aes_gcm128_enc_get_mac(mac as * mut sgx_aes_gcm_128bit_tag_t as * mut u8, aes_gcm_state)
}
}
fn rsgx_aes_gcm_close(aes_gcm_state: sgx_aes_state_handle_t) -> sgx_status_t {
unsafe { sgx_aes_gcm_close(aes_gcm_state) }
}
pub struct SgxAesHandle {
handle: RefCell<sgx_aes_state_handle_t>,
initflag: Cell<bool>,
}
impl SgxAesHandle {
pub fn new() -> Self {
SgxAesHandle{
handle: RefCell::new(ptr::null_mut() as sgx_aes_state_handle_t),
initflag: Cell::new(false),
}
}
pub fn init(&self, key: &sgx_aes_gcm_128bit_key_t, iv: &[u8], aad: &[u8]) -> SgxError {
if self.initflag.get() {
return Ok(());
}
let ret = rsgx_aes_gcm128_enc_init(key, iv, aad, self.handle.borrow_mut().deref_mut());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn update(&self, src: &[u8], dst: &mut [u8]) -> SgxError {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let ret = rsgx_aes_gcm128_enc_update(src, dst, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(()),
_ => Err(ret),
}
}
pub fn get_mac(&self) -> SgxResult<sgx_aes_gcm_128bit_tag_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut mac = sgx_aes_gcm_128bit_tag_t::default();
let ret = rsgx_aes_gcm128_enc_get_mac(&mut mac, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(mac),
_ => Err(ret),
}
}
pub fn get_align_mac(&self) -> SgxResult<sgx_align_mac_128bit_t> {
if !self.initflag.get() {
return Err(sgx_status_t::SGX_ERROR_INVALID_STATE);
}
let mut align_mac = sgx_align_mac_128bit_t::default();
let ret = rsgx_aes_gcm128_enc_get_mac(&mut align_mac.mac, *self.handle.borrow());
match ret {
sgx_status_t::SGX_SUCCESS => Ok(align_mac),
_ => Err(ret),
}
}
pub fn close(&self) -> SgxError {
if !self.initflag.get() {
return Ok(());
}
let ret = {
let handle = *self.handle.borrow();
if handle.is_null() {
sgx_status_t::SGX_SUCCESS
} else {
rsgx_aes_gcm_close(handle)
}
};
match ret {
sgx_status_t::SGX_SUCCESS => {
self.initflag.set(false);
*self.handle.borrow_mut() = ptr::null_mut();
Ok(())
},
_ => Err(ret),
}
}
}
impl Default for SgxAesHandle {
fn default() -> Self {
Self::new()
}
}
impl Drop for SgxAesHandle {
fn drop(&mut self) {
let _ = self.close();
}
}