Re: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpe

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpe

From:	Daniel P . Berrangé
Subject:	Re: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers
Date:	Wed, 28 Aug 2024 16:42:57 +0100
User-agent:	Mutt/2.2.12 (2023-09-09)

On Thu, Aug 22, 2024 at 09:08:47PM +0600, Dorjoy Chowdhury wrote:
> An EIF (Enclave Image Format)[1] file is used to boot an AWS nitro
> enclave[2] virtual machine. The EIF file contains the necessary kernel,
> cmdline, ramdisk(s) sections to boot.
> 
> Some helper functions have been introduced for extracting the necessary
> sections from an EIF file and then writing them to temporary files as
> well as computing SHA384 hashes from the section data. These will be
> used in the following commit to add support for nitro-enclave machine
> type in QEMU.
> 
> [1] https://github.com/aws/aws-nitro-enclaves-image-format
> [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
> 
> Signed-off-by: Dorjoy Chowdhury <dorjoychy111@gmail.com>
> ---
>  hw/core/eif.c | 719 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  hw/core/eif.h |  22 ++
>  2 files changed, 741 insertions(+)
>  create mode 100644 hw/core/eif.c
>  create mode 100644 hw/core/eif.h
> 
> diff --git a/hw/core/eif.c b/hw/core/eif.c
> new file mode 100644
> index 0000000000..2cfd5c911e
> --- /dev/null
> +++ b/hw/core/eif.c
> +static bool get_SHA384_digest(GList *list, uint8_t *digest, Error **errp)
> +{
> +    size_t digest_len = QCRYPTO_HASH_DIGEST_LEN_SHA384;
> +    size_t list_len = g_list_length(list);
> +    struct iovec *iovec_list = g_malloc(list_len * sizeof(struct iovec));

Even if probably harmless in this case, it is best practice to use

   g_new0(struct iovec, list_len)

because glib then checks for integer overflow when doing the
"count * sizeof()" multiplication on your behalf.

> +    bool ret = true;
> +    GList *l;
> +    int i;
> +
> +    for (i = 0, l = list; l != NULL; l = l->next, i++) {
> +        iovec_list[i] = *(struct iovec *) l->data;
> +    }
> +
> +    if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA384, iovec_list, list_len,
> +                            &digest, &digest_len, errp) < 0) {
> +        ret = false;
> +    }
> +
> +    g_free(iovec_list);
> +    return ret;
> +}
> +

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [PATCH v5 1/8] crypto: Define macros for hash algorithm digest lengths, (continued)
- [PATCH v5 2/8] crypto: Support SHA384 hash when using glib, Dorjoy Chowdhury, 2024/08/22
- [PATCH v5 3/8] crypto: Introduce x509 utils, Dorjoy Chowdhury, 2024/08/22
- [PATCH v5 4/8] tests/lcitool: Update libvirt-ci and add libcbor dependency, Dorjoy Chowdhury, 2024/08/22
  - Re: [PATCH v5 4/8] tests/lcitool: Update libvirt-ci and add libcbor dependency, Daniel P . Berrangé, 2024/08/28
- [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device, Dorjoy Chowdhury, 2024/08/22
  - Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device, Michael S. Tsirkin, 2024/08/28
    - Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device, Dorjoy Chowdhury, 2024/08/28
    - Re: [PATCH v5 5/8] device/virtio-nsm: Support for Nitro Secure Module device, Michael S. Tsirkin, 2024/08/28
- [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers, Dorjoy Chowdhury, 2024/08/22
  - Re: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers, Daniel P . Berrangé <=
- [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves, Dorjoy Chowdhury, 2024/08/22
  - Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves, Daniel P . Berrangé, 2024/08/28
    - Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves, Dorjoy Chowdhury, 2024/08/28
    - Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves, Daniel P . Berrangé, 2024/08/29
- [PATCH v5 8/8] docs/nitro-enclave: Documentation for nitro-enclave machine type, Dorjoy Chowdhury, 2024/08/22

Prev by Date: Re: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves
Next by Date: Re: [PATCH 1/2] chardev: Fix record/replay error path NULL deref in device creation
Previous by thread: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers
Next by thread: [PATCH v5 7/8] machine/nitro-enclave: New machine type for AWS Nitro Enclaves
Index(es):
- Date
- Thread