in services/execution/enclave/src/task_file_manager.rs [118:164]
fn to_staged_file_entry(&self) -> Result<(String, StagedFileInfo)> {
let src = &self.download_path;
let dst = &self.staged_path;
let staged_file_info = match self.file.crypto_info {
FileCrypto::TeaclaveFile128(crypto) => {
std::os::unix::fs::symlink(src, dst)?;
StagedFileInfo::new(src, crypto, self.file.cmac)
}
FileCrypto::AesGcm128(crypto) => {
let mut bytes = read_all_bytes(src)?;
let n = bytes.len();
anyhow::ensure!(
n > FILE_AUTH_TAG_LENGTH,
"AesGcm128 File, invalid length: {:?}",
src
);
anyhow::ensure!(
self.file.cmac == bytes[n - FILE_AUTH_TAG_LENGTH..],
"AesGcm128 File, invalid tag: {:?}",
src
);
crypto.decrypt(&mut bytes)?;
StagedFileInfo::create_with_bytes(dst, &bytes)?
}
FileCrypto::AesGcm256(crypto) => {
let mut bytes = read_all_bytes(src)?;
let n = bytes.len();
anyhow::ensure!(
n > FILE_AUTH_TAG_LENGTH,
"AesGcm256 File, invalid length: {:?}",
src
);
anyhow::ensure!(
self.file.cmac == bytes[n - FILE_AUTH_TAG_LENGTH..],
"AesGcm256 File, invalid tag: {:?}",
src
);
crypto.decrypt(&mut bytes)?;
StagedFileInfo::create_with_bytes(dst, &bytes)?
}
FileCrypto::Raw => {
let bytes = read_all_bytes(src)?;
StagedFileInfo::create_with_bytes(dst, &bytes)?
}
};
Ok((self.funiq_key.clone(), staged_file_info))
}