Re: [PATCH v5 6/8] hw/core: Add Enclave Image Format (EIF) related helpers

Wed, 28 Aug 2024 08:43:47 -0700 

On Thu, Aug 22, 2024 at 09:08:47PM +0600, Dorjoy Chowdhury wrote:
> An EIF (Enclave Image Format)[1] file is used to boot an AWS nitro
> enclave[2] virtual machine. The EIF file contains the necessary kernel,
> cmdline, ramdisk(s) sections to boot.
> 
> Some helper functions have been introduced for extracting the necessary
> sections from an EIF file and then writing them to temporary files as
> well as computing SHA384 hashes from the section data. These will be
> used in the following commit to add support for nitro-enclave machine
> type in QEMU.
> 
> [1] https://github.com/aws/aws-nitro-enclaves-image-format
> [2] https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave.html
> 
> Signed-off-by: Dorjoy Chowdhury <dorjoychy...@gmail.com>
> ---
>  hw/core/eif.c | 719 ++++++++++++++++++++++++++++++++++++++++++++++++++
>  hw/core/eif.h |  22 ++
>  2 files changed, 741 insertions(+)
>  create mode 100644 hw/core/eif.c
>  create mode 100644 hw/core/eif.h
> 
> diff --git a/hw/core/eif.c b/hw/core/eif.c
> new file mode 100644
> index 0000000000..2cfd5c911e
> --- /dev/null
> +++ b/hw/core/eif.c
> +static bool get_SHA384_digest(GList *list, uint8_t *digest, Error **errp)
> +{
> +    size_t digest_len = QCRYPTO_HASH_DIGEST_LEN_SHA384;
> +    size_t list_len = g_list_length(list);
> +    struct iovec *iovec_list = g_malloc(list_len * sizeof(struct iovec));

Even if probably harmless in this case, it is best practice to use

   g_new0(struct iovec, list_len)

because glib then checks for integer overflow when doing the
"count * sizeof()" multiplication on your behalf.

> +    bool ret = true;
> +    GList *l;
> +    int i;
> +
> +    for (i = 0, l = list; l != NULL; l = l->next, i++) {
> +        iovec_list[i] = *(struct iovec *) l->data;
> +    }
> +
> +    if (qcrypto_hash_bytesv(QCRYPTO_HASH_ALG_SHA384, iovec_list, list_len,
> +                            &digest, &digest_len, errp) < 0) {
> +        ret = false;
> +    }
> +
> +    g_free(iovec_list);
> +    return ret;
> +}
> +

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to