Skip to content

Commit

Permalink
[LibOS,PAL,Docs] Remove deprecated syntax for Protected Files
Browse files Browse the repository at this point in the history 
The following syntax was deprecated in Gramine v1.2:
- `sgx.protected_files`
- `sgx.protected_mrenclave_files`
- `sgx.protected_mrsigner_files`
- `sgx.insecure__protected_files_key`

Now that the next version of Gramine will be v1.5, we can safely remove
this syntax.

Signed-off-by: Dmitrii Kuvaiskii <dmitrii.kuvaiskii@intel.com>
  • Loading branch information
@dimakuv @mkow
dimakuv authored and mkow committed Apr 5, 2023
1 parent ea047eb commit 7865077
Show file tree
Hide file tree
Showing 15 changed files with 35 additions and 489 deletions.
9 changes: 0 additions & 9 deletions Documentation/attestation.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -217,15 +217,6 @@ encryption keys (see also :doc:`manifest-syntax`):
a remote secret provisioning service. The format of the file is a 16-byte raw
binary value.

.. note::
Previously, ``/dev/attestation/protected_files_key`` was used for setting the
default encryption key, and Gramine still supports that file for backward
compatibility.

Note that the old file (``/dev/attestation/protected_files_key``) uses a
32-character hex value, and the new files
(``/dev/attestation/keys/<key_name>``) use a 16-byte raw binary value.

Mid-level RA-TLS interface
--------------------------

Expand Down
37 changes: 0 additions & 37 deletions Documentation/manifest-syntax.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -976,43 +976,6 @@ Experimental sysfs topology support

This feature is now enabled by default and the option was removed.

Protected files (deprecated syntax)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

::

sgx.protected_files = [
"[URI]",
"[URI]",
]

sgx.protected_mrenclave_files = [
"[URI]",
"[URI]",
]

sgx.protected_mrsigner_files = [
"[URI]",
"[URI]",
]

This syntax specified the previous SGX-only protected files. It has been
replaced with ``type = "encrypted"`` mounts (see :ref:`encrypted-files`).

.. warning::
Gramine will attempt to convert this syntax to mounted filesystems, but might
fail to do so correctly in more complicated cases (e.g. when a single host
file belongs to multiple mounts). It is recommended to rewrite all usages of
this syntax to ``type = "encrypted"`` mounts.

::

fs.insecure__protected_files_key = "[32-character hex value]"

This syntax allowed specifying the default encryption key for protected files.
It has been replaced by ``fs.insecure__keys.[KEY_NAME]]``. Note that both old
and new syntax are suitable for debugging purposes only.

Attestation and quotes (deprecated syntax)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Expand Down
3 changes: 0 additions & 3 deletions libos/include/libos_fs_encrypted.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,3 @@ int encrypted_file_get_size(struct libos_encrypted_file* enc, file_off_t* out_si
int encrypted_file_set_size(struct libos_encrypted_file* enc, file_off_t size);

int parse_pf_key(const char* key_str, pf_key_t* pf_key);

/* TODO: This function is used only by a feature deprecated in v1.2, remove two versions later. */
int dump_pf_key(const pf_key_t* pf_key, char* buf, size_t buf_size);
68 changes: 0 additions & 68 deletions libos/src/fs/dev/attestation.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -256,68 +256,6 @@ static int attestation_type_load(struct libos_dentry* dent, char** out_data, siz
return 0;
}

static int deprecated_pfkey_load(struct libos_dentry* dent, char** out_data, size_t* out_size) {
__UNUSED(dent);

int ret;

struct libos_encrypted_files_key* key;
ret = get_or_create_encrypted_files_key("default", &key);
if (ret < 0)
return ret;

pf_key_t pf_key;
bool is_set = read_encrypted_files_key(key, &pf_key);
if (is_set) {
size_t buf_size = sizeof(pf_key) * 2 + 1;
char* buf = malloc(buf_size);
if (!buf)
return -ENOMEM;

ret = dump_pf_key(&pf_key, buf, buf_size);
if (ret < 0) {
free(buf);
return -EACCES;
}

/* NOTE: we disregard the null terminator here, the caller expects raw data */
*out_data = buf;
*out_size = sizeof(pf_key) * 2;
} else {
*out_data = NULL;
*out_size = 0;
}
return 0;
}

static int deprecated_pfkey_save(struct libos_dentry* dent, const char* data, size_t size) {
__UNUSED(dent);

int ret;

struct libos_encrypted_files_key* key;
ret = get_or_create_encrypted_files_key("default", &key);
if (ret < 0)
return ret;

pf_key_t pf_key;
if (size != sizeof(pf_key) * 2) {
log_debug("/dev/attestation/protected_files_key: invalid length");
return -EACCES;
}

char* key_str = alloc_substr(data, size);
if (!key_str)
return -ENOMEM;
ret = parse_pf_key(key_str, &pf_key);
free(key_str);
if (ret < 0)
return -EACCES;

update_encrypted_files_key(key, &pf_key);
return 0;
}

static bool key_name_exists(struct libos_dentry* parent, const char* name) {
__UNUSED(parent);

Expand Down Expand Up @@ -432,11 +370,5 @@ int init_attestation(struct pseudo_node* dev) {
key->perm = PSEUDO_PERM_FILE_RW;
key->str.save = &key_save;

/* TODO: This file is deprecated in v1.2, remove 2 versions later. */
struct pseudo_node* deprecated_pfkey = pseudo_add_str(attestation, "protected_files_key",
&deprecated_pfkey_load);
deprecated_pfkey->perm = PSEUDO_PERM_FILE_RW;
deprecated_pfkey->str.save = &deprecated_pfkey_save;

return 0;
}
154 changes: 0 additions & 154 deletions libos/src/fs/libos_fs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -428,143 +428,6 @@ static int mount_nonroot_from_toml_array(void) {
return 0;
}

/*
* Find where a file with given URI was supposed to be mounted. For instance, if the URI is
* `file:a/b/c/d`, and there is a mount `{ uri = "file:a/b", path = "/x/y" }`, then this function
* will set `*out_file_path` to `/x/y/c/d`. Only "chroot" mounts are considered.
*
* The caller is supposed to free `*out_file_path`.
*
* This function is used for interpreting legacy `sgx.protected_files` syntax as mounts.
*/
static int find_host_file_mount_path(const char* uri, char** out_file_path) {
if (!strstartswith(uri, URI_PREFIX_FILE)) {
log_error("'%s' is invalid file URI", uri);
return -EINVAL;
}

size_t uri_len = strlen(uri);

bool found = false;
char* file_path = NULL;

/* Traverse the mount list in reverse: we want to find the latest mount that applies. */
struct libos_mount* mount;
lock(&g_mount_list_lock);
LISTP_FOR_EACH_ENTRY_REVERSE(mount, &g_mount_list, list) {
if (strcmp(mount->fs->name, "chroot") != 0 || !strstartswith(mount->uri, URI_PREFIX_FILE))
continue;

const char* mount_uri = mount->uri;
size_t mount_uri_len = strlen(mount_uri);

/* Check if `mount_uri` is equal to `uri`, or is an ancestor of `uri` */
if (mount_uri_len <= uri_len && !memcmp(mount_uri, uri, mount_uri_len) &&
(!uri[mount_uri_len] || uri[mount_uri_len] == '/')) {
/* `rest` is either empty, or begins with '/' */
const char* rest = uri + mount_uri_len;
found = true;
file_path = alloc_concat(mount->path, -1, rest, -1);
break;
}

/* Special case: this is the mount of the current directory, and `uri` is not absolute */
if (!strcmp(mount_uri, "file:.") && uri[static_strlen(URI_PREFIX_FILE)] != '/') {
found = true;
file_path = strdup(uri + static_strlen(URI_PREFIX_FILE));
break;
}
}
unlock(&g_mount_list_lock);

if (!found)
return -ENOENT;

if (!file_path)
return -ENOMEM;

*out_file_path = file_path;
return 0;
}

/*
* Parse an array of SGX protected files (`sgx.{array_name}`) and interpret every entry as a `type =
* "encrypted"` mount.
*
* NOTE: This covers only the simplest cases. It will not work correctly if a given file was mounted
* multiple times, or mounted under a path shadowed by another mount.
*/
static int mount_protected_files(const char* array_name, const char* key_name) {
assert(g_manifest_root);
toml_table_t* manifest_sgx = toml_table_in(g_manifest_root, "sgx");
if (!manifest_sgx)
return 0;

toml_array_t* manifest_sgx_protected_files = toml_array_in(manifest_sgx, array_name);
if (!manifest_sgx_protected_files)
return 0;

ssize_t protected_files_cnt = toml_array_nelem(manifest_sgx_protected_files);
if (protected_files_cnt < 0)
return -EINVAL;

if (protected_files_cnt == 0)
return 0;

log_error("Detected deprecated syntax: 'sgx.%s'. Consider converting it to a list "
"of mounts with 'type = \"encrypted\"' and 'key_name = \"%s\"'.",
array_name, key_name);

int ret;
char* uri = NULL;
char* mount_path = NULL;
for (ssize_t i = 0; i < protected_files_cnt; i++) {
toml_raw_t uri_raw = toml_raw_at(manifest_sgx_protected_files, i);
if (!uri_raw) {
log_error("Cannot parse 'sgx.%s[%zd]'", array_name, i);
ret = -EINVAL;
goto out;
}

ret = toml_rtos(uri_raw, &uri);
if (ret < 0) {
log_error("Cannot parse 'sgx.%s[%zd]' (not a string)", array_name, i);
ret = -EINVAL;
goto out;
}

ret = find_host_file_mount_path(uri, &mount_path);
if (ret < 0) {
log_error("Cannot determine mount path for encrypted file '%s'. "
"Consider converting 'sgx.%s' to a list of mounts, as mentioned above.",
uri, array_name);
goto out;
}

struct libos_mount_params params = {
.type = "encrypted",
.path = mount_path,
.uri = uri,
.key_name = key_name,
};
ret = mount_fs(&params);
if (ret < 0) {
ret = -EINVAL;
goto out;
}

free(uri);
uri = NULL;
free(mount_path);
mount_path = NULL;
}
ret = 0;
out:
free(uri);
free(mount_path);
return ret;
}

int init_mount_root(void) {
if (mount_migrated)
return 0;
Expand Down Expand Up @@ -611,23 +474,6 @@ int init_mount(void) {
if (ret < 0)
return ret;

/*
* If we're under SGX PAL, handle old protected files syntax.
*
* TODO: this is deprecated in v1.2, remove two versions later.
*/
if (!strcmp(g_pal_public_state->host_type, "Linux-SGX")) {
ret = mount_protected_files("protected_files", "default");
if (ret < 0)
return ret;
ret = mount_protected_files("protected_mrenclave_files", "_sgx_mrenclave");
if (ret < 0)
return ret;
ret = mount_protected_files("protected_mrsigner_files", "_sgx_mrsigner");
if (ret < 0)
return ret;
}

assert(g_manifest_root);

char* fs_start_dir = NULL;
Expand Down
35 changes: 1 addition & 34 deletions libos/src/fs/libos_fs_encrypted.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,7 +215,7 @@ static int encrypted_file_internal_open(struct libos_encrypted_file* enc, PAL_HA
return ret;
}

/* Used only in debug code / by deprecated options, no need to be side-channel-resistant. */
/* Used only in debug code, no need to be side-channel-resistant. */
int parse_pf_key(const char* key_str, pf_key_t* pf_key) {
size_t len = strlen(key_str);
if (len != sizeof(*pf_key) * 2) {
Expand All @@ -233,14 +233,6 @@ int parse_pf_key(const char* key_str, pf_key_t* pf_key) {
return 0;
}

int dump_pf_key(const pf_key_t* pf_key, char* buf, size_t buf_size) {
if (buf_size < sizeof(*pf_key) * 2 + 1)
return -EINVAL;

bytes2hex(pf_key, sizeof(*pf_key), buf, buf_size);
return 0;
}

static void encrypted_file_internal_close(struct libos_encrypted_file* enc) {
assert(enc->pf);

Expand Down Expand Up @@ -315,31 +307,6 @@ int init_encrypted_files(void) {
}
}

/*
* If we're under SGX PAL, parse `sgx.insecure__protected_files_key` (and interpret it as the
* "default" key).
*
* TODO: this is deprecated in v1.2, remove two versions later.
*/
if (!strcmp(g_pal_public_state->host_type, "Linux-SGX")) {
char* key_str;
ret = toml_string_in(g_manifest_root, "sgx.insecure__protected_files_key", &key_str);
if (ret < 0) {
log_error("Cannot parse 'sgx.insecure__protected_files_key'");
return -EINVAL;
}

if (key_str) {
log_error("Detected deprecated syntax: 'sgx.insecure__protected_files_key'. "
"Consider converting it to 'fs.insecure__keys.default'.");

ret = parse_and_update_key("default", key_str);
free(key_str);
if (ret < 0)
return ret;
}
}

return 0;
}

Expand Down

0 comments on commit 7865077

Please sign in to comment.