Asylo
enclave_manager.h
Go to the documentation of this file.
1 /*
2  *
3  * Copyright 2018 Asylo authors
4  *
5  * Licensed under the Apache License, Version 2.0 (the "License");
6  * you may not use this file except in compliance with the License.
7  * You may obtain a copy of the License at
8  *
9  * http://www.apache.org/licenses/LICENSE-2.0
10  *
11  * Unless required by applicable law or agreed to in writing, software
12  * distributed under the License is distributed on an "AS IS" BASIS,
13  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  * See the License for the specific language governing permissions and
15  * limitations under the License.
16  *
17  */
18 
19 #ifndef ASYLO_PLATFORM_CORE_ENCLAVE_MANAGER_H_
20 #define ASYLO_PLATFORM_CORE_ENCLAVE_MANAGER_H_
21 
22 // Declares the enclave client API, providing types and methods for loading,
23 // accessing, and finalizing enclaves.
24 
25 #include <string>
26 #include <utility>
27 
28 #include "absl/container/flat_hash_map.h"
29 #include "absl/memory/memory.h"
30 #include "absl/strings/string_view.h"
31 #include "absl/synchronization/mutex.h"
32 #include "absl/time/time.h"
33 #include "absl/types/variant.h"
34 #include "asylo/enclave.pb.h" // IWYU pragma: export
35 #include "asylo/platform/core/enclave_client.h"
36 #include "asylo/platform/core/enclave_config_util.h"
37 #include "asylo/platform/core/shared_resource_manager.h"
38 #include "asylo/util/status.h" // IWYU pragma: export
39 #include "asylo/util/statusor.h"
40 
41 namespace asylo {
42 class EnclaveLoader;
43 
44 /// Enclave Manager configuration.
46  public:
47  /// Configuration server connection attributes.
48  ///
49  /// A part of an enclave's configuration is expected to be the same across all
50  /// enclaves running under a single instance of an OS. An Enclave manager can
51  /// obtain such configuration from the Asylo daemon running on the system.
52  /// Alternately, the creator of the enclave manager can directly provide such
53  /// configuration to the enclave manager. To this end, an
54  /// EnclaveManagerOptions instance either holds the information necessary for
55  /// connecting to the config server, or holds a HostConfig proto. If the
56  /// enclave manager is configured with an options object containing the
57  /// server-connection information, the enclave manager obtains the necessary
58  /// information by contacting the Asylo daemon. Else, the enclave manager
59  /// directly uses the HostConfig info stored within the options structure.
60  ///
61  /// The ConfigServerConnectionAttributes struct holds information necessary
62  /// for contacting the config server running inside the Asylo daemon.
64  ConfigServerConnectionAttributes(std::string address, absl::Duration timeout)
67 
68  std::string server_address;
70  };
71 
72  /// Constructs a default EnclaveManagerOptions object.
74 
75  /// Configures a connection to the config server.
76  ///
77  /// Sets the information necessary for contacting the config server within the
78  /// Asylo daemon.
79  ///
80  /// \return A reference to this EnclaveManagerOptions object.
82  std::string address, absl::Duration timeout);
83 
84  /// Sets the HostConfig proto within this object.
85  ///
86  /// \return A reference to this EnclaveManagerOptions object.
87  EnclaveManagerOptions &set_host_config(HostConfig config);
88 
89  /// Returns the address of the configuration server.
90  ///
91  /// \return The address of the server from which the HostConfig information
92  /// can be obtained. Returns an error if
93  /// ConfigServerConnectionAttributes are not set.
95 
96  /// Returns the configuration server connection timeout.
97  ///
98  /// \return The connection timeout for the server from which the HostConfig
99  /// information can be obtained, or an error if
100  /// ConfigServerConnectionAttributes are not set.
102 
103  /// Returns the embedded HostConfig object.
104  ///
105  /// \return The HostConfig information embedded within this object, or an
106  /// error if such information is not embedded within the object.
108 
109  /// Returns true if a HostConfig instance is embedded in this object.
110  bool holds_host_config() const;
111 
112  private:
113  // A variant that either holds information necessary for connecting to the
114  // config server or a HostConfig proto.
115  absl::variant<ConfigServerConnectionAttributes, HostConfig> host_config_info_;
116 };
117 
118 /// A manager object responsible for creating and managing enclave instances.
119 ///
120 /// EnclaveManager is a singleton class that tracks the status of enclaves
121 /// within a process. Users of this class first supply a configuration using the
122 /// static Configure() method, and then get a pointer to the singleton instance
123 /// as specified by this configuration by calling the static Instance() method.
124 /// Note that the EnclaveManager class must be configured before the instance
125 /// pointer can be obtained.
126 ///
127 /// The EnclaveManager::Configure() method takes an instance of the
128 /// EnclaveManagerOptions as its only input. This instance can be configured by
129 /// calling its public setter methods. Note that these setter methods return an
130 /// instance of the EnclaveManagerOptions() by reference so that the various
131 /// setters could be chained together.
132 ///
133 /// Example Usage:
134 /// ```
135 /// EnclaveManager::Configure(
136 /// EnclaveManagerOptions()
137 /// .set_config_server_connection_attributes(
138 /// "[::]:8000",
139 /// absl::Milliseconds(100)));
140 /// auto manager_result = EnclaveManager::Instance();
141 /// if (!manager_result.ok()) {
142 /// LOG(QFATAL) << manager_result.status();
143 /// }
144 /// EnclaveManager *manager = manager_result.ValueOrDie();
145 /// ...
146 /// ```
147 ///
148 /// One of the responsibilities of the EnclaveManager class is to provide sane
149 /// initial configuration to the enclaves it launches. The contents of the
150 /// EnclaveManagerOptions instance control how the default values for the
151 /// configuration are chosen.
152 class EnclaveManager {
153  public:
154  /// Fetches the EnclaveManager singleton instance.
155  ///
156  /// \return A StatusOr containing either the global EnclaveManager instance or
157  /// an error describing why it could not be returned.
158  static StatusOr<EnclaveManager *> Instance();
159 
160  /// Configures the enclave manager.
161  ///
162  /// \param options Configuration options as described in
163  /// EnclaveManagerOptions.
165 
166  /// Loads an enclave.
167  ///
168  /// Loads a new enclave with default enclave config settings and binds it to a
169  /// name. The actual work of opening the enclave is delegated to the passed
170  /// loader object.
171  ///
172  /// It is an error to specify a name which is already bound to an enclave.
173  ///
174  /// Example:
175  /// ```
176  /// LoadEnclave("/EchoEnclave", SgxLoader("echoService.so"));
177  /// ```
178  ///
179  /// \param name Name to bind the loaded enclave under.
180  /// \param loader Configured enclave loader to load from.
181  /// \param base_address Start address to load enclave(optional).
182  /// \param enclave_size The size of the enclave in memory(only needed if
183  /// |base_address| is specified).
185  void *base_address = nullptr,
186  const size_t enclave_size = 0);
187 
188  /// Loads an enclave.
189  ///
190  /// Loads a new enclave with custom enclave config settings and binds it to a
191  /// name. The actual work of opening the enclave is delegated to the passed
192  /// loader object.
193  ///
194  /// It is an error to specify a name which is already bound to an enclave.
195  ///
196  /// Example:
197  ///
198  /// ```
199  /// EnclaveConfig config;
200  /// ... // populate config proto.
201  /// LoadEnclave("/EchoEnclave", SgxLoader("echoService.so"), config);
202  /// ```
203  ///
204  /// \param name Name to bind the loaded enclave under.
205  /// \param loader Configured enclave loader to load from.
206  /// \param config Enclave configuration to launch the enclave with.
207  /// \param base_address Start address to load enclave(optional).
208  /// \param enclave_size The size of the enclave in memory(only needed if
209  /// |base_address| is specified).
211  EnclaveConfig config, void *base_address = nullptr,
212  const size_t enclave_size = 0);
213 
214  /// Fetches a client to a loaded enclave.
215  ///
216  /// \param name The name of an EnclaveClient that may be registered in the
217  /// EnclaveManager.
218  /// \return A mutable pointer to the EnclaveClient if the name is
219  /// registered. Otherwise returns nullptr.
220  EnclaveClient *GetClient(const std::string &name) const
221  LOCKS_EXCLUDED(client_table_lock_);
222 
223  /// Returns the name of an enclave client.
224  ///
225  /// \param client A pointer to a client that may be registered in the
226  /// EnclaveManager.
227  /// \return The name of an enclave client. If no enclave matches `client` the
228  /// empty string will be returned.
229  const std::string GetName(const EnclaveClient *client) const
230  LOCKS_EXCLUDED(client_table_lock_);
231 
232  /// Destroys an enclave.
233  ///
234  /// Destroys an enclave. This method calls `client's` EnterAndFinalize entry
235  /// point with final_input unless `skip_finalize` is true, then calls
236  /// `client's` DestroyEnclave method, and then removes client's name from the
237  /// EnclaveManager client registry. The manager owns the client, so removing
238  /// it calls client's destructor and frees its memory.
239  ///
240  /// \param client A client attached to the enclave to destroy.
241  /// \param final_input Input to pass the enclave's finalizer.
242  /// \param skip_finalize If true, the enclave is destroyed without invoking
243  /// its Finalize method.
245  bool skip_finalize = false)
246  LOCKS_EXCLUDED(client_table_lock_);
247 
248  /// Enters an enclave and takes a snapshot of its memory. This method calls
249  /// `client's` EnterAndTakeSnapshot entry point, with snapshot layout (in
250  /// untrusted memory) stored in |snapshot_layout|.
251  ///
252  /// \param client A client attached to the enclave to enter.
253  /// \param snapshot_layout The snapshot layout in untrusted memory to be
254  /// filled up by snapshotting.
257 
258  /// Enters an enclave and restores it from an untrusted snapshot. This method
259  /// calls `client's` EnterAndRestore entry point, with snapshot layout (in
260  /// untrusted memory) passed in |snapshot_layout|.
261  ///
262  /// \param client A client attached to the enclave to enter.
263  /// \param snapshot_layout The snapshot layout in untrusted memory used to
264  /// restore enclave states.
267 
268  /// Fetches the shared resource manager object.
269  ///
270  /// \return The SharedResourceManager instance.
272  return &shared_resource_manager_;
273  }
274 
275  /// Fetches the shared resource manager object.
276  ///
277  /// \return The SharedResourceManager instance.
279  return &shared_resource_manager_;
280  }
281 
282  /// Get the loader of an enclave. This should only be used during fork in
283  /// order to load an enclave with the same loader as the parent.
284  EnclaveLoader *GetLoaderFromClient(EnclaveClient *client)
285  LOCKS_EXCLUDED(client_table_lock_);
286 
287  private:
288  EnclaveManager() EXCLUSIVE_LOCKS_REQUIRED(mu_);
289  EnclaveManager(EnclaveManager const &) = delete;
290  EnclaveManager &operator=(EnclaveManager const &) = delete;
291 
292  // Retrieves and returns a HostConfig proto as specified by the
293  // EnclaveManagerOptions which the EnclaveManager was configured when its
294  // sngleton instance was created.
295  HostConfig GetHostConfig() EXCLUSIVE_LOCKS_REQUIRED(mu_);
296 
297  // Loads a new enclave with custom enclave config settings and binds it to a
298  // name. The actual work of opening the enclave is delegated to the passed
299  // loader object.
300  Status LoadEnclaveInternal(const std::string &name, const EnclaveLoader &loader,
301  const EnclaveConfig &config,
302  void *base_address = nullptr,
303  const size_t enclave_size = 0)
304  LOCKS_EXCLUDED(client_table_lock_);
305 
306  // Deletes an enclave client reference that points to an enclave that no
307  // longer exists. This should only happen during fork.
308  void RemoveEnclaveReference(const std::string &name)
309  LOCKS_EXCLUDED(client_table_lock_);
310 
311  // Create a thread to periodically update logic.
312  void SpawnWorkerThread();
313 
314  // Top level loop run by the background worker thread.
315  void WorkerLoop();
316 
317  // Execute a single iteration of the work loop.
318  void Tick();
319 
320  // Manager object for untrusted resources shared with enclaves.
321  SharedResourceManager shared_resource_manager_;
322 
323  // Value synchronized to CLOCK_MONOTONIC by the worker loop.
324  std::atomic<int64_t> clock_monotonic_;
325 
326  // Value synchronized to CLOCK_REALTIME by the worker loop.
327  std::atomic<int64_t> clock_realtime_;
328 
329  // A mutex guarding |client_by_name_|, |name_by_client_|, and
330  // |loader_by_client_| tables.
331  mutable absl::Mutex client_table_lock_;
332 
333  absl::flat_hash_map<std::string, std::unique_ptr<EnclaveClient>> client_by_name_
334  GUARDED_BY(client_table_lock_);
335  absl::flat_hash_map<const EnclaveClient *, std::string> name_by_client_
336  GUARDED_BY(client_table_lock_);
337 
338  absl::flat_hash_map<const EnclaveClient *, std::unique_ptr<EnclaveLoader>>
339  loader_by_client_ GUARDED_BY(client_table_lock_);
340 
341  // A part of the configuration for enclaves launched by the enclave manager
342  // comes from the Asylo daemon. This member caches such configuration.
343  HostConfig host_config_;
344 
345  // Mutex guarding the static state of this class.
346  static absl::Mutex mu_;
347 
348  // Indication whether the class has been configured so that an instance could
349  // be created.
350  static bool configured_ GUARDED_BY(mu_);
351 
352  // Configuration options for this class.
353  static EnclaveManagerOptions *options_ GUARDED_BY(mu_);
354 
355  // Singleton instance of this class.
356  static EnclaveManager *instance_ GUARDED_BY(mu_);
357 };
358 
359 /// An abstract enclave loader.
360 ///
361 /// Host applications must load an enclave before using it. This is accomplished
362 /// via an architecture specific implementation of the EnclaveLoader interface.
364  public:
365  virtual ~EnclaveLoader() = default;
366 
367  protected:
368  // Only allow the enclave loading via the manager object.
369  friend class EnclaveManager;
370 
371  // Loads an enclave, returning a pointer to a client on success and a non-ok
372  // status on failure.
374  const std::string &name) const {
376  return LoadEnclave(name, /*base_address=*/nullptr, /*enclave_size=*/0,
377  config);
378  }
379 
380  // Loads an enclave at the specified address, returning a pointer to a client
381  // on success and a non-ok status on failure.
383  const std::string &name, void *base_address, const size_t enclave_size,
384  const EnclaveConfig &config) const = 0;
385 
386  // Gets a copy of the loader that loaded a previous enclave. This is only used
387  // by fork to load a child enclave with the same loader as the parent.
388  virtual StatusOr<std::unique_ptr<EnclaveLoader>> Copy() const = 0;
389 };
390 
391 // Stores the mapping between signals and the enclave with a handler installed
392 // for that signal.
393 class EnclaveSignalDispatcher {
394  public:
395  static EnclaveSignalDispatcher *GetInstance();
396 
397  // Associates a signal with an enclave which registers a handler for it.
398  // It's not supported for multiple enclaves to register the same signal. In
399  // that case, the latter will overwrite the former.
400  //
401  // Returns the enclave client that previous registered |signum|, or nullptr if
402  // no enclave has registered |signum| yet.
404  LOCKS_EXCLUDED(signal_enclave_map_lock_);
405 
406  // Gets the enclave that registered a handler for |signum|.
408  LOCKS_EXCLUDED(signal_enclave_map_lock_);
409 
410  // Deregisters all the signals registered by |client|.
412  LOCKS_EXCLUDED(signal_enclave_map_lock_);
413 
414  // Looks for the enclave client that registered |signum|, and calls
415  // EnterAndHandleSignal() with that enclave client. |signum|, |info| and
416  // |ucontext| are passed into the enclave.
418  void *ucontext);
419 
420  private:
421  EnclaveSignalDispatcher() = default; // Private to enforce singleton.
422  EnclaveSignalDispatcher(EnclaveSignalDispatcher const &) = delete;
423  void operator=(EnclaveSignalDispatcher const &) = delete;
424 
425  // Mapping of signal number to the enclave client that registered it.
426  absl::flat_hash_map<int, EnclaveClient *> signal_to_client_map_
427  GUARDED_BY(signal_enclave_map_lock_);
428 
429  // A mutex that guards signal_to_client_map_ and client_to_signal_map_.
430  mutable absl::Mutex signal_enclave_map_lock_;
431 };
432 
433 } // namespace asylo
434 
435 #endif // ASYLO_PLATFORM_CORE_ENCLAVE_MANAGER_H_
Status EnterEnclaveAndHandleSignal(int signum, siginfo_t *info, void *ucontext)
virtual StatusOr< std::unique_ptr< EnclaveLoader > > Copy() const =0
ConfigServerConnectionAttributes(std::string address, absl::Duration timeout)
Definition: enclave_manager.h:64
static StatusOr< EnclaveManager * > Instance()
Fetches the EnclaveManager singleton instance.
Configuration server connection attributes.
Definition: enclave_manager.h:63
EnclaveManagerOptions & set_host_config(HostConfig config)
Sets the HostConfig proto within this object.
bool holds_host_config() const
Returns true if a HostConfig instance is embedded in this object.
EnclaveClient * GetClient(const std::string &name) const LOCKS_EXCLUDED(client_table_lock_)
Fetches a client to a loaded enclave.
StatusOr< absl::Duration > get_config_server_connection_timeout() const
Returns the configuration server connection timeout.
Status LoadEnclave(const std::string &name, const EnclaveLoader &loader, EnclaveConfig config, void *base_address=nullptr, const size_t enclave_size=0)
Loads an enclave.
StatusOr< EnclaveClient * > GetClientForSignal(int signum) const LOCKS_EXCLUDED(signal_enclave_map_lock_)
StatusOr< std::string > get_config_server_address() const
Returns the address of the configuration server.
Status LoadEnclave(const std::string &name, const EnclaveLoader &loader, void *base_address=nullptr, const size_t enclave_size=0)
Loads an enclave.
static Status Configure(const EnclaveManagerOptions &options)
Configures the enclave manager.
virtual ~EnclaveLoader()=default
static EnclaveSignalDispatcher * GetInstance()
SharedResourceManager * shared_resources()
Fetches the shared resource manager object.
Definition: enclave_manager.h:271
Status EnterAndTakeSnapshot(EnclaveClient *client, SnapshotLayout *snapshot_layout)
Enters an enclave and takes a snapshot of its memory.
EnclaveManagerOptions & set_config_server_connection_attributes(std::string address, absl::Duration timeout)
Configures a connection to the config server.
const EnclaveClient * RegisterSignal(int signum, EnclaveClient *client) LOCKS_EXCLUDED(signal_enclave_map_lock_)
absl::Duration connection_timeout
Definition: enclave_manager.h:69
Enclave Manager configuration.
Definition: enclave_manager.h:45
const SharedResourceManager * shared_resources() const
Fetches the shared resource manager object.
Definition: enclave_manager.h:278
Status EnterAndRestore(EnclaveClient *client, const SnapshotLayout &snapshot_layout)
Enters an enclave and restores it from an untrusted snapshot.
EnclaveManagerOptions()
Constructs a default EnclaveManagerOptions object.
Definition: aes_gcm_siv.h:37
Status DeregisterAllSignalsForClient(EnclaveClient *client) LOCKS_EXCLUDED(signal_enclave_map_lock_)
Status DestroyEnclave(EnclaveClient *client, const EnclaveFinal &final_input, bool skip_finalize=false) LOCKS_EXCLUDED(client_table_lock_)
Destroys an enclave.
EnclaveLoader * GetLoaderFromClient(EnclaveClient *client) LOCKS_EXCLUDED(client_table_lock_)
Get the loader of an enclave.
const std::string GetName(const EnclaveClient *client) const LOCKS_EXCLUDED(client_table_lock_)
Returns the name of an enclave client.
StatusOr< HostConfig > get_host_config() const
Returns the embedded HostConfig object.
std::string server_address
Definition: enclave_manager.h:68