Struct sgx_tprotected_fs::SgxFileStream

pub struct SgxFileStream { /* fields omitted */ }

Methods

impl SgxFileStream

pub fn open(     filename: &CStr,     mode: &CStr,     key: &sgx_key_128bit_t ) -> SysResult<SgxFileStream>

The open function creates or opens a protected file.

Description

open is similar to the C file API fopen. It creates a new Protected File or opens an existing Protected File created with a previous call to open. Regular files cannot be opened with this API.

Parameters

filename

The name of the file to be created or opened.

mode

The file open mode string. Allowed values are any combination of ‘r’, ‘w’ or ‘a’, with possible ‘+’ and possible ‘b’ (since string functions are currently not sup- ported, ‘b’ is meaningless).

key

The encryption key of the file. This key is used as a key derivation key, used for deriving encryption keys for the file. If the file is created with open, you should protect this key and provide it as input every time the file is opened.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function succeeds, it returns a valid file pointer, which can be used by all the other functions in the Protected FS API, otherwise, error code is returned.

pub fn open_auto_key(filename: &CStr, mode: &CStr) -> SysResult<SgxFileStream>

The open_auto_key function creates or opens a protected file.

Description

open_auto_key is similar to the C file API fopen. It creates a new Protected File or opens an existing Protected File created with a previous call to open_auto_key. Regular files cannot be opened with this API.

Parameters

filename

The name of the file to be created or opened.

mode

The file open mode string. Allowed values are any combination of ‘r’, ‘w’ or ‘a’, with possible ‘+’ and possible ‘b’ (since string functions are currently not sup- ported, ‘b’ is meaningless).

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function succeeds, it returns a valid file pointer, which can be used by all the other functions in the Protected FS API, otherwise, error code is returned.

pub fn read(&self, buf: &mut [u8]) -> SysResult<usize>

The read function reads the requested amount of data from the file, and extends the file pointer by that amount.

Description

read is similar to the file API fread. In case of an error, error can be called to get the error code.

Parameters

buf

A pointer to a buffer to receive the data read from the file.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function succeeds, the number of bytes read is returned (zero indicates end of file). otherwise, error code is returned.

pub fn write(&self, buf: &[u8]) -> SysResult<usize>

The write function writes the given amount of data to the file, and extends the file pointer by that amount.

Description

write is similar to the file API fwrite. In case of an error, error can be called to get the error code.

Parameters

buf

A pointer to a buffer, that contains the data to write to the file.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function succeeds, the number of bytes written is returned (zero indicates nothing was written). otherwise, error code is returned.

pub fn tell(&self) -> SysResult<i64>

The tell function obtains the current value of the file position indicator for the stream pointed to by stream.

Description

tell is similar to the C file API ftell.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function succeeds, it returns the current value of the position indicator of the file. otherwise, error code is returned.

pub fn seek(&self, offset: i64, origin: SeekFrom) -> SysError

The seek function sets the current value of the position indicator of the file.

Description

seek is similar to the C file API fseek.

Parameters

offset

The new required value, relative to the origin parameter.

origin

The origin from which to calculate the offset (Start, ENd or Current).

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function failed, error code is returned.

pub fn flush(&self) -> SysError

The flush function forces a cache flush, and if it returns successfully, it is guaranteed that your changes are committed to a file on the disk.

Description

flush is similar to the C file API fflush. This function flushes all the modified data from the cache and writes it to a file on the disk. In case of an error, error can be called to get the error code. Note that this function does not clear the cache, but only flushes the changes to the actual file on the disk. Flushing also happens automatically when the cache is full and page eviction is required.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function failed, error code is returned.

pub fn error(&self) -> i32

The error function returns the latest operation error code.

Description

error is similar to the C file API ferror. In case the latest operation failed because the file is in a bad state, SGX_ERROR_FILE_BAD_STATUS will be returned.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

The latest operation error code is returned. 0 indicates that no errors occurred.

pub fn is_eof(&self) -> bool

The is_eof function tells the caller if the file's position indicator hit the end of the file in a previous read operation.

Description

is_eof is similar to the C file API feof.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

true - End of file was not reached. false - End of file was reached.

pub fn clearerr(&self)

The clearerr function attempts to repair a bad file status, and also clears the end-of-file flag.

Description

clearerr is similar to the C file API clearerr. This function attempts to repair errors resulted from the underlying file system, like write errors to the disk (resulting in a full cache thats cannot be emptied). Call error or is_eof after a call to this function to learn if it was successful or not.

clearerr does not repair errors resulting from a corrupted file, like decryption errors, or from memory corruption, etc.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

None

pub fn clear_cache(&self) -> SysError

The clear_cache function is used for clearing the internal file cache. The function scrubs all the data from the cache, and releases all the allocated cache memory.

Description

clear_cache is used to scrub all the data from the cache and release all the allocated cache memory. If modified data is found in the cache, it will be written to the file on disk before being scrubbed.

This function is especially useful if you do not trust parts of your own enclave (for example, external libraries you linked against, etc.) and want to make sure there is as little sensitive data in the memory as possible before transferring control to the code they do not trust. Note, however, that the SGX_FILE structure itself still holds sensitive data. To remove all such data related to the file from memory completely, you should close the file handle.

Requirements

Header: sgx_tprotected_fs.edl

Library: libsgx_tprotected_fs.a

Return value

If the function failed, error code is returned.

Trait Implementations

impl Drop for SgxFileStream

fn drop(&mut self)

Executes the destructor for this type.