diff --git a/.gitignore b/.gitignore index aa2eb5d3cc..89a3585dc9 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,7 @@ *_u.h *_t.c *_t.h + +#output files +/build/ +/linux/installer/bin/*.bin diff --git a/License.txt b/License.txt index 8e1d1f882e..ea9d767559 100644 --- a/License.txt +++ b/License.txt @@ -37,7 +37,7 @@ http://www.eclipse.org/legal/epl-v10.html ============================================================== -libsgx_le.signed.so, libsgx_pve.signed.so and libsgx_qe.signed.so are licensed as Intel redistributable binary firmware and other blobs. +libsgx_le.signed.so, libsgx_pce.signed.so, libsgx_pve.signed.so and libsgx_qe.signed.so are licensed as Intel redistributable binary firmware and other blobs. Copyright (c) Intel Corporation. diff --git a/Linux_SGXEclipsePlugin/build.sh b/Linux_SGXEclipsePlugin/build.sh index 9c36296fd6..ba6e8a28a9 100755 --- a/Linux_SGXEclipsePlugin/build.sh +++ b/Linux_SGXEclipsePlugin/build.sh @@ -11,7 +11,7 @@ TRUNK_HOME=$(cd $(pwd)/../../ ; pwd) [ -n "${ECLIPSE_HOME}" ] || { echo "using default ECLIPSE_HOME=${TRUNK_HOME}/eclipse"; ECLIPSE_HOME=${TRUNK_HOME}/eclipse; } -BUILD_RELEASE_ID_PREFIX=Linux_SGX_1.5 +BUILD_RELEASE_ID_PREFIX=Linux_SGX_1.6 if [ "$RELEASE_ID" != "${RELEASE_ID%$BUILD_RELEASE_ID_PREFIX*}" ]; then echo "$BUILD_RELEASE_ID_PREFIX IS in $RELEASE_ID, so it is an triggered build. Change the RELEASE_ID to an accepted form." @@ -126,6 +126,51 @@ ${ECLIPSE_HOME}/eclipse -nosplash \ -installIU org.eclipse.pde.feature.group } +function preBuild() { + local BUILDDIR="$1" + local BUILDDIRWORK="$2" + + local SITEFILE="$BUILDDIRWORK/sites/site.xml" + local FEATUREDIR="$BUILDDIRWORK/features" + local FEATUREFILE="feature.xml" + local PLUGINDIR="$BUILDDIRWORK/plugins" + local PLUGINFILE="META-INF/MANIFEST.MF" + + local ROOTDIR=$(dirname "$0")"/.." + local VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOTDIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') + VERSION=$(echo "$VERSION" | awk -F'.' '{for(i=1; i<=NF&&i<=3; i++) if(i==1){version=$i} else{version=version"."$i}}; END{print version}') + + if [[ "$VERSION" =~ ^[0-9]{1,}(.[0-9]{1,}){2}$ ]]; then + rm -fr "$BUILDDIRWORK" + cp -fr "$BUILDDIR" "$BUILDDIRWORK" + + #site.xml + sed -i "s#[0-9]\{1,\}\(\.[0-9]\{1,\}\)\{0,2\}\.qualifier#$VERSION\.qualifier#g" "$SITEFILE" + + #feature + for DIR in $(ls "$FEATUREDIR"); do + sed -i "s#[0-9]\{1,\}\(\.[0-9]\{1,\}\)\{0,2\}\.qualifier#$VERSION\.qualifier#g" "$FEATUREDIR/$DIR/$FEATUREFILE" + done + + #plugin + for DIR in $(ls "$PLUGINDIR"); do + sed -i "s#[0-9]\{1,\}\(\.[0-9]\{1,\}\)\{0,2\}\.qualifier#$VERSION\.qualifier#g" "$PLUGINDIR/$DIR/$PLUGINFILE" + done + fi +} + +function postBuild() { + local BUILDDIR="$1" + local BUILDDIRWORK="$2" + local UPDATESITEDIR="updatesite" + + if [[ -d "$BUILDDIRWORK" ]] && [[ -d "$BUILDDIRWORK/$UPDATESITEDIR" ]]; then + rm -fr "$BUILDDIR/$UPDATESITEDIR" + cp -fr "$BUILDDIRWORK/$UPDATESITEDIR" "$BUILDDIR/$UPDATESITEDIR" + rm -fr "$BUILDDIRWORK" + fi +} + function buildPlugin() { pwd @@ -136,6 +181,7 @@ function buildPlugin() { BASELOCATION="$ECLIPSE_HOME" BUILDVERSION="$RELEASE_ID" BUILDDIR="$PWD/build_directory" + BUILDDIRWORK="$PWD/.build_directory" BUILDCONFIG="$PWD/build_config" LAUNCHER=`findFirst "$ECLIPSE_HOME"/plugins/org.eclipse.equinox.launcher_*.jar` BUILDFILE=`findFirst "$ECLIPSE_HOME"/plugins/org.eclipse.pde.build_*/scripts/build.xml` @@ -151,7 +197,9 @@ function buildPlugin() { "not detected. Found '$BUILDFILE'. Aborting." exit 1 fi - + + preBuild "$BUILDDIR" "$BUILDDIRWORK" + # # -- Print configuration used and actually execute the build -- # @@ -161,7 +209,7 @@ function buildPlugin() { echo " Build File: $BUILDFILE" echo " Build Config: $BUILDCONFIG" echo " Base Location: $BASELOCATION" - echo " Build Directory: $BUILDDIR" + echo " Build Directory: $BUILDDIRWORK" echo " Build Version: $BUILDVERSION" echo " Java: " $(which java) java -version @@ -174,12 +222,13 @@ function buildPlugin() { -jar $LAUNCHER \ -application org.eclipse.ant.core.antRunner \ -buildfile $BUILDFILE \ - -DbuildDirectory=$BUILDDIR \ + -DbuildDirectory=$BUILDDIRWORK \ -DbaseLocation=$BASELOCATION \ -Dbuilder=$BUILDCONFIG \ -DforceContextQualifier=$BUILDVERSION \ -v -v -v -v + postBuild "$BUILDDIR" "$BUILDDIRWORK" } function findFirst() { diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_Project.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_Project.htm deleted file mode 100644 index ca61b8308c..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_Project.htm +++ /dev/null @@ -1,22 +0,0 @@ - - - - - - - - - - - - - - Adding SGX Nature to a Project - - - -

Adding SGX Nature to a Project

-

The nature of an Eclipse project is a concept defined by an Eclipse Platform which allows a plug-in to tag a project as a specific kind of project. Intel(R) Software Guard Extensions uses an SGX nature to add SGX-specific behavior to projects. Project natures are defined by plug-ins, and are typically added or removed per-project when the user performs some action defined by the plug-in.

-

To use Intel(R) Software Guard Extensions Eclipse Plug-in in your project, you need to add SGX nature to it. You may either add SGX nature to a pre-existing C/C++ project or create a project with SGX nature from start. See Adding SGX Nature to a non-SGX project and Creating a New C/C++ Project with SGX Nature for how to complete these tasks.

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_non_SGX_project.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_non_SGX_project.htm deleted file mode 100644 index 19e6eaa3f4..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_SGX_Nature_to_a_non_SGX_project.htm +++ /dev/null @@ -1,55 +0,0 @@ - - - - - - - - - - - - - - Adding SGX Nature to a non-SGX project - - - -

Adding SGX Nature to a non-SGX project

-

When you have a C/C++ project created without Intel SGX, you cannot use Intel SGX support. In this case, you need to add SGX nature to this project to use Intel SGX support:

-
    -
  1. Right-click on the project root
    2. -
  2. -

    Select Software Guard Extension Tools → Add SGX Nature

    -

    - -

    -

    Add SGX Nature

    -
    3. -
-

After you add the SGX nature to your project, you should see:

- - - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Enclave.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Enclave.htm deleted file mode 100644 index fac206c107..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Enclave.htm +++ /dev/null @@ -1,54 +0,0 @@ - - - - - - - - - - - - - - Adding an SGX Enclave - - - -

Adding an SGX Enclave

-

After you add the SGX nature to a project, you can start creating a minimal but complete skeleton for a new enclave:

-
    -
  1. Right-click on the project root in Project Explorer.
    2. -
  2. -

    Open the dialog Add New SGX Enclave by selecting Software Guard Extensions Tools → Add SGX Enclave from the contextual menu.

    -

    - -

    -

    Add New Intel® SGX Enclave Dialog

    -
    3. -
  3. -

    Choose a name for the enclave in Enclave name field. This name is used in the process of generation of the skeleton to give unicity to the source files and the name of the resulting executable, so you can add more than one enclave to the same project.

    - -
    4. -
-
-

NOTE:

-

If you select the Generate sample untrusted application checkbox, ecalls from the untrusted part are not be resolved by Eclipse C/C++ indexer. These functions are marked with a red line. The declaration of these ecalls resides in the unstrusted stub header which is generated during the build proces and is not indexed by Eclipse. To resolve this problem, right-click on project root and select Index → Freshen All Files.

-
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Trusted_Library.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Trusted_Library.htm deleted file mode 100644 index fb0d63b836..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Trusted_Library.htm +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - - Adding an SGX Trusted Library - - - -

Adding an SGX Trusted Library

-

Trusted Static Libraries helps enclave author have libraries of shared code to be reused by enclaves, in exactly the same manner as usual static libxxx.a libraries are used to share code between regular non-SGX applications. The plugin adds a command to generate the skeleton of a trusted shared library.

-

To add a new SGX Trusted Library:

-
    -
  1. -

    Open Add New SGX Static Trusted Library dialog by right-click on the root of the project and select the appropriate command from Software Guard Extensions Tools menu:

    -

    - -

    -

    Add New SGX Static Trusted Library Dialog

    -
    2. -
  2. -

    Choose a name for the library and click OK. A skeleton for a trusted library is generated in directory <root>/sgx/trustedlib_<name>:

    -

    - -

    -

    A Generated Trusted Library

    -
    3. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Untrusted_Module.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Untrusted_Module.htm deleted file mode 100644 index c2d90ce205..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Adding_an_SGX_Untrusted_Module.htm +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - - Adding an SGX Untrusted Module - - - -

Adding an SGX Untrusted Module

-

Add an untrusted module to generate the untrusted stubs so you use an enclave, provided you have access to its .edl file. The enclave might have been built in the current project or in a different project.

-

To use trusted functionality of an enclave for which its *.edl is known, use the command Add SGX Untrusted Module:

-
    -
  1. -

    Open dialog Add Sgx Untrusted Module by right-click-ing the project root in Package Explorer and chose the command from Software Guard Extension Tools.

    -

    - -

    -

    Add SGX Untrusted Module

    -
    2. -
  2. -

    Use the Browse button to navigate the file system using a file dialog, and click OK. The untrusted module is copied to <root>/sgx/untrusted_<edl file name>. The selected *.edl is copied to the project.

    -

    - -

    -

    Copying the Untrusted Module to a Project

    -
    3. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Building_and_Running_SGX_Code.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Building_and_Running_SGX_Code.htm deleted file mode 100644 index 1f57f2335c..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Building_and_Running_SGX_Code.htm +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - - - - - - - - Building and Running SGX Code - - - -

Building and Running SGX Code

-

This section describes the following topics about building and running SGX code:

-   - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Command_Reference.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Command_Reference.htm deleted file mode 100644 index 03f9ab1eae..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Command_Reference.htm +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - Command Reference - - - -

Command Reference

-

This topic provides the command reference for the following scenarios of using Intel(R) Software Guard Extensions Eclipse* Plug-in:

- -

All commands brought by Intel(R) Software Guard Extensions Eclipse Plug-in are available by right-clicking on the Project root in Project explorer view in menu Software Guard Extension Tools:

 

Project Explorer

  - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Configuring_Intel_Software_Guard_Extensions_Eclipse_Plug-in.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Configuring_Intel_Software_Guard_Extensions_Eclipse_Plug-in.htm deleted file mode 100644 index 4c8bc41c4a..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Configuring_Intel_Software_Guard_Extensions_Eclipse_Plug-in.htm +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - - Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in - - - -

Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

-

If you do not install Intel(R) SGX SDK for Linux* OS in the default location, you need to specify the path for Intel SGX SDK using the following steps:

-
    -
  1. -

    Go to Window menu ->Preferences. Enter SGX in the filter text field to quickly locate the SGX Preferences page.

    -

    - -

    -

    SGX Preference Page

    -
    2. -
  2. Enter the path for Intel SGX SDK for Linux OS in the SGX SDK Directory field.
    3. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Creating_a_New_C_C_Project_with_SGX_Nature.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Creating_a_New_C_C_Project_with_SGX_Nature.htm deleted file mode 100644 index f3db754ab1..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Creating_a_New_C_C_Project_with_SGX_Nature.htm +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - Creating a New C/C++ Project with SGX Nature - - - -

Creating a New C/C++ Project with SGX Nature

-

You can create a new project with SGX nature. To create such a project, follow these steps:

-
    -
  1. -

    Open a standard Eclipse new project: File menu → Project... . If you have installed Intel® Software Guard Extensions Eclipse Plug-in, you can see the category C/C++ with SGX Enabled in the New Project dialog.

    -

    - -

    -

    New Project

    -

    This category has 2 sub-categories, SGX C project and SGX C++ project. These sub-categories are similar to the sub-categories C Project and C++ Project of standard C/C++ category.

    -
    2. -
  2. Select one of the 2 sub-categories, SGX C project or SGX C++ project, and click Next.
    3. -
  3. Complete creating the project using the regular process of creating a standard C or C++ project.
    4. -
-
-

NOTE:

-

Projects created following the subcategories under C/C++ with SGX Enabled are identical with their standard counterparts, except that they have SGX Nature added. There is no difference between creating a C or C++ project with SGX enabled, or creating a standard C/C++ project and launch Add SGX nature from it, as described in precedent paragraph.

-
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Hash.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Hash.htm deleted file mode 100644 index 83326534d3..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Hash.htm +++ /dev/null @@ -1,45 +0,0 @@ - - - - - - - - - - - - - - Generate Hash - - - -

Generate Hash

-

Generating hash is the first step in the 2-Steps signing process.To generate hash, use the following steps:

-
    -
  1. -

    Right-click on project root, go to Software Guard Extensions Tools menu → Two StepSigne Enclave → Generate Hash

    -

    - -

    -

    Two StepSigne Enclave - Generate Hash

    -
    2. -
  2. In the Generate Hash dialog, enter the required inputs to the corresponding fields:
    3. -
  3. -

    Click OK after you fill in all the fields. The Intel(R) SGX SDK is launched under the hood with the provided parameters and the hash file is generated. A dialog box appears to confirm the completion:

    -

    - -

    -

    Generating Hash Completion Dialog

    -
    4. -
-

You complete the first step, generating hash, in the two step signing enclave. The *.hex file may be signed with the external facility, which generates a signature for it and a public verification key.

-

If you click OK, the Generate Signed Enclave dialog appears. The required fileds in this dialog have been pre-configured with the paths of the unsigned enclave, the configuration file and of the *.hex file. To generated the final signed enclave ready for production immediately, click OK.

-

- -

-

Generate Signed Enclave Dialog with Pre-configurations

-

If you click Cancel in the Generate Signed Enclave dialog, you can continue the signing process later using the Generate Signed Enclave command.

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Signed_Enclaves.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Signed_Enclaves.htm deleted file mode 100644 index f0427d7d28..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Generate_Signed_Enclaves.htm +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - - Generate Signed Enclaves - - - -

Generate Signed Enclaves

-

Generating signed enclave is the second step in the 2-Steps signing process. You should have the following files to complete this step:

- -

To generate signed encalves, use the following steps:

-
    -
  1. -

    Right-click on the project root, and go to Software Guard Extensions Tools menu → Two Step Sign Enclave → Generate Signed Enclave.

    -

    - -

    -

    Generate Signed Enclave Dialog

    -
    2. -
  2. Enter the inputs to all the fields and click OK.
    3. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Getting_Started.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Getting_Started.htm deleted file mode 100644 index 64c4de51c9..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Getting_Started.htm +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - Getting Started with Intel(R) Software Guard Extensions Eclipse* Plugin - - - -

Getting Started with Intel(R) Software Guard Extensions Eclipse* Plugin

-

This section contains steps to set up your Intel(R) Software Guard Extensions Eclipse* Plugin on a Linux* system, including necessary softwares, steps to install the product, and steps to configure your preferred product directory.

-

• Pre-requisites

-

• Installation Intel(R) Software Guard Extensions Eclipse* Plug-in

-

• Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

  - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Installing_Intel_Software_Guard_Extensions_Eclipse_Plugin.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Installing_Intel_Software_Guard_Extensions_Eclipse_Plugin.htm deleted file mode 100644 index ab27b83cd9..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Installing_Intel_Software_Guard_Extensions_Eclipse_Plugin.htm +++ /dev/null @@ -1,40 +0,0 @@ - - - - - - - - - - - - - - Installing Intel(R) Software Guard Extensions Eclipse* Plug-in - - - -

Installing Intel(R) Software Guard Extensions Eclipse* Plug-in

-

Install Intel(R) Software Guard Extensions Eclipse* Plug-in as a regular Eclipse Plugin:

-
    -
  1. Download the zip archive of Intel(R) Software Guard Extensions Eclipse Plug-in from Intel Site
    2. -
  2. -

    Go to Help menu -> Install New Software. Click the Add button for the Work with field to open the Add Repository dialog as shown in the following graphic:

    -

    - -

    -

    Add Repository Dialog

    -
    3. -
  3. -

    Enter SGX Archive in the Name field . Click the Archive... button and select the location of the downloaded archive as shown in the following graphic:

    -

    - -

    -

    The Location of the Plugin zip Archive

    -
    4. -
  4. Press OK to add the archive as a repository.
    5. -
  5. In the Install dialog, select the Software Guard Extensions Plugin check-box and proceed with the usual steps.
    6. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard _Extensions_Eclipse_Plugin.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard _Extensions_Eclipse_Plugin.htm deleted file mode 100644 index 8d58e09d73..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard _Extensions_Eclipse_Plugin.htm +++ /dev/null @@ -1,42 +0,0 @@ - - - - - - - - - - - - - - - What is Intel(R) Software Guard Extensions? - - - -

Introducing Intel(R) Software Guard Extensions

-

Intel(R) Software Guard Extensions is a new Intel technology, whose objective is to enable a high level of protection of secrets. It operates by allocating hardware-protected memory where code and data reside. The protected memory area within an application process is called an enclave. Data within the enclave memory can only be accessed by code that resides within that enclave. Enclave code can be invoked by special instructions.

-

An enclave can be built and loaded as a shared object.

-

Throughout this document, Intel(R) SGX refers to Intel(R) Software Guard Extensions.

-

An Intel(R) SGX application design is different from the design of non- Intel(R) SGX application as it specifies dividing the application into two logical parts:

- -

The trusted components and untrusted components are developed as separate modules.

-

The trusted part or the enclave is implemented in C or C++. It is supplied as a collection of functions and data packaged in the form of a dynamically loaded library, a DLL in Windows* OS and a shared object in Linux* OS. It may be supplied either as a pre-built signed library or as a signed shared library built during compilation of the untrusted component.

-

Enclave functions within an enclave library are wrapped by auto-generated proxy and bridge functions that simplify the mechanism of using the Intel(R) SGX technology by developers.

-

The role of these functions is to handle the following tasks:

- -

The proxy and bridge functions are generated by the sgx_edger8r tool provided by Intel(R) SGX SDK. It reads an edl file (Enclave Descriptor Language) which describes the functions that form the trusted and untrusted component boundaries within the application.

-

After the enclave is built, a signed version of it is created using the tool sgx_sign also provided by Intel(R) SGX SDK. It is this signed version may be loaded and executed in the encrypted memory.

-

Enclaves may have some specific properties which are added as meta-information during the signing process. The meta-information is stored in one configuration xml file per enclave, whose details may be seen in Intel(R) Software Guard Extensions Evaluation SDK for Linux* OS.

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard_Extensions.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard_Extensions.htm deleted file mode 100644 index e65c2fbaa1..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introducing_Intel_Software_Guard_Extensions.htm +++ /dev/null @@ -1,23 +0,0 @@ - - - - - - - - - - - - - - What can be done with Linux SGX Eclipse Plugin? - - - -

Introducing Intel(R) Software Guard Extensions Eclipse* Plugin

-

The Intel(R) Software Guard Extensions Eclipse* Plug-in helps the enclave developer to maintain enclaves and untrusted related code inside Eclipse* C/C++ projects. To use this support, add SGX nature to the C/C++ project. See Adding SGX Nature to a Project for details.

-

Once the SGX nature is added to a project, you will have access to the SGX commands. SGX nature adds also a folder called sgx to the root of the project, and a Makefile inside it. All resources of the project managed by Intel(R) Software Guard Extensions Eclipse Plug-inare located inside this directory. You can build and run enclaves related code using GNU* Make tool through the Makefile.

-

The plugin is generating minimal but ready-to-work code skeletons, complete with their own Makefile having all the required make targets as to call sgx_edger8r tool to generate the proxies and bridges, compile these source, generate a shared object and finally, to sign the enclave with the sgx_sign tool. This provide a starting point you may build upon.

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introduction.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introduction.htm deleted file mode 100644 index ae45b4eaf4..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Introduction.htm +++ /dev/null @@ -1,21 +0,0 @@ - - - - - - - - - - - - - - Introduction - - - -

Introduction

-

This Developer Guide is intended for use by Independent Service Vendors who wish to harden their Linux* applications using Intel(R) SGX Technology, code named Intel(R) Software Guard Extensions. The guide describes the procedure for installation of Intel(R) SGX Plugin for Eclipse* IDE and development of Intel(R) SGX components using the plugin. The Intel(R) SGX Plugin for Eclipse leverages on the Intel(R) Software Guard Extensions Evaluation SDK, which is a collection of APIs, libraries and tools that enable you to develop, build and debug Intel(R) SGX applications in C/C++.

-

To learn more about the Intel(R) Software Guard Extensions Evaluation SDK, see the Intel(R) Software Guard Extensions Evaluation SDK for Linux* OS.

  - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Legal_Information.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Legal_Information.htm deleted file mode 100644 index fd43d5c6e7..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Legal_Information.htm +++ /dev/null @@ -1,70 +0,0 @@ - - - - - - - - - - - - - - - Legal Information - - - - -

Legal Information

-

No license (express or implied, by estoppel or otherwise) to any intellectual - property rights is granted by this document.

-

Intel disclaims all express and implied warranties, including without - limitation, the implied warranties of merchantability, fitness for a particular - purpose, and non-infringement, as well as any warranty arising from course - of performance, course of dealing, or usage in trade.

-

This document contains information on products, services and/or processes - in development.  All information provided here is subject to change - without notice. Contact your Intel representative to obtain the latest - forecast, schedule, specifications and roadmaps.

-

The products and services described may contain defects or errors known - as errata which may cause deviations from published specifications. Current - characterized errata are available on request.

-

Intel technologies features and benefits depend on system configuration - and may require enabled hardware, software or service activation. Learn - more at Intel.com, or from the OEM or retailer.

-

Copies of documents which have an order number and are referenced in - this document may be obtained by calling 1-800-548-4725 or by visiting - www.intel.com/design/literature.htm.

-

Intel, the Intel logo, Xeon, and Xeon Phi are trademarks of Intel Corporation - in the U.S. and/or other countries.

- - - - - - - - -
-

Optimization Notice

-
-

Intel's compilers may or may not optimize to the same degree - for non-Intel microprocessors for optimizations that are not unique - to Intel microprocessors. These optimizations include SSE2, SSE3, - and SSSE3 instruction sets and other optimizations. Intel does - not guarantee the availability, functionality, or effectiveness - of any optimization on microprocessors not manufactured by Intel. - Microprocessor-dependent optimizations in this product are intended - for use with Intel microprocessors. Certain optimizations not - specific to Intel microarchitecture are reserved for Intel microprocessors. - Please refer to the applicable product User and Reference Guides - for more information regarding the specific instruction sets covered - by this notice.

-

Notice revision #20110804

-
-

* Other names and brands may be claimed as the property of others.

-

© 2016 Intel Corporation.

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Prerequisites.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Prerequisites.htm deleted file mode 100644 index 462873fae3..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Prerequisites.htm +++ /dev/null @@ -1,27 +0,0 @@ - - - - - - - - - - - - - - Pre-requisites - - - -

Pre-requisites

-

To use Intel(R) Software Guard Extensions Eclipse Plug-in, install the following softwares:

- - - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Stylesheets/intel_css_styles.css b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Stylesheets/intel_css_styles.css index 6c2190cf4c..859063f2e1 100644 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Stylesheets/intel_css_styles.css +++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Resources/Stylesheets/intel_css_styles.css @@ -18,17 +18,16 @@ body color: #333333; background-color: #ffffff; font-family: "Intel Clear", Verdana, Arial, sans-serif; - font-size: 12pt; margin-left: 30px; margin-right: 30px; margin-bottom: 7%; color: #333333; background-color: #ffffff; font-family: "Intel Clear", Verdana, Arial, sans-serif; - font-size: 12pt; margin-left: 30px; margin-right: 30px; margin-bottom: 7%; + font-size: 12pt; } .RevUpdate @@ -126,43 +125,43 @@ h3 h4 { color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; } h5 { color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; } h6 { color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; color: #0071c5; - margin-top: 12pt; + margin-top: 10pt; margin-bottom: 5pt; padding-left: 0px; - font-size: 12pt; + font-size: 10pt; } .relinfo @@ -178,22 +177,21 @@ h6 caption { - font-size: 12pt; + font-weight: bold; + text-align: left; font-weight: bold; text-align: left; font-size: 12pt; - font-weight: bold; - text-align: left; } .figcap { margin-left: 24px; - font-size: 12pt; + font-size: 10pt; font-weight: bold; text-align: center; margin-left: 24px; - font-size: 12pt; + font-size: 10pt; font-weight: bold; text-align: center; } @@ -278,16 +276,15 @@ a.underlined p { - font-size: inherit; margin-left: 0px; line-height: 120%; margin-top: 0; margin-bottom: 10px; - font-size: inherit; margin-left: 0px; line-height: 120%; margin-top: 0; margin-bottom: 10px; + font-size: 12pt; } .p @@ -312,12 +309,12 @@ table border-collapse: collapse; margin-left: 0px; margin-top: 0.3em; - font-size: 12pt; + font-size: 10pt; margin-bottom: 5pt; border-collapse: collapse; margin-left: 0px; margin-top: 0.3em; - font-size: 12pt; + font-size: 10pt; } tr @@ -336,6 +333,7 @@ DIV.Note border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 1px; + font-size: 10pt; } p.NoteTipHead @@ -347,9 +345,9 @@ p.NoteTipHead line-height: 15pt; margin-left: 0.202cm; font-family: "Verdana", "sans-serif"; - font-size: 9pt; text-transform: uppercase; text-align: justify; + font-size: 12pt; } MadCap|xref @@ -357,6 +355,7 @@ MadCap|xref color: #0860a8; mc-format: '{paratext}'; text-decoration: none; + font-size: 12pt; } div.NoteCont @@ -365,16 +364,44 @@ div.NoteCont border-bottom-width: 1px; border-top-style: solid; border-top-width: 1px; + font-size: 10pt; } p.figcap { text-align: left; + font-size: 12pt; } th { text-align: left; + font-size: 12pt; +} + +ul +{ + font-size: 12pt; +} + +ol +{ + font-size: 12pt; +} + +li +{ + font-size: 12pt; +} + +b +{ + font-size: 12pt; +} + +code +{ + font-size: 12pt; } a:link diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Running_Samples_Generated_for_Enclaves.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Running_Samples_Generated_for_Enclaves.htm deleted file mode 100644 index 1fc481290d..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Running_Samples_Generated_for_Enclaves.htm +++ /dev/null @@ -1,31 +0,0 @@ - - - - - - - - - - - - - - - Running Samples Generated for Enclaves - - - -

Running Samples Generated for Enclaves

-

Intel(R) Software Guard Extensions Eclipse* Plugin provides an option to generate a sample application together with the enclave code when the enclave is created. After the project is build, the sample application is built also and ready to run. You can see the sample application named sample in the enclave directory in Project Explorer. You can run this sample as a local C/C++ application as shown in the following figure:

-

- -

-

Sample Application

-

See the result of the execution in Eclipse console window as shown below:

-

- -

-

The Result of Running Samples Generated for Enclaves

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_Build_Configurations.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_Build_Configurations.htm deleted file mode 100644 index c41301eea7..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_Build_Configurations.htm +++ /dev/null @@ -1,97 +0,0 @@ - - - - - - - - - - - - - - SGX Build Configurations - - - -

SGX Build Configurations

-

There are usually two types of builds that a regular non-SGX project defines:

- -

SGX-enabled projects add to this picture support to build and test SGX-enabled application on non-SGX platforms (or emulator) using simulation libraries. This approach doubles the set of build types, creating four possible combinations. For these combinations, you need to use different sets of compilation and linking flags and link different libraries.

-

The non-debug hardware build is meant to give production code, so it requires the maximum attention when signed. The Two Steps Sign schema is required for production enclaves, which involves an external signing facility, not part of Intel SGX SDK. The other configurations are not meant for production but they have to be signed too. The simplest and more convenient Single Step schema is used for them.

-

Again for testing purpose, you might want to experiment with a non-production enclave built with release compilation and linking flags, on a real hardware SGX-enabled platform. That would be an enclave built exactly as a production enclave, except for the sign process which would be Single Step. To support the construction of such enclave, there is a hardware non-debug build configuration dubbed Prerelease.

-

So there are five SGX related configurations when SGX Nature is added to a project:

-

- -

-

Intel(R) SGX Configurations

-

The following table resumes the existing SGX configurations and relate them with compilation/linking flags (debug/non-debug) and signing scheme (single vs. two steps):

-

Intel(R) SGX Configurations

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Configuration NameSimulation?Debug?Signing Schema
SGX Hardware DebugHardwareDebugSingle Step
SGX Hardware Pre-releaseHardwareNon-debugSingle Step
SGX Hardware ReleaseHardwareNon-debugTwo Step
SGX SimulationSimulationNon-debugSingle Step
SGX SimulationDebug SimulationDebugSingle step
-

Intel® Software Guard Extensions Eclipse Plug-in uses standard GNU* make tool to build the trusted and the untrusted code, using the generated file sgx/Makefile.

-

This fact does not impose any restriction on the build tool chosen for the hosting project. Intel® Software Guard Extensions Eclipse* Plug-in uses its own build configurations which do not interfere with the configurations that you might have in your project.

-

When SGX configurations are selected, by default only code under <root>/sgx directory get built.

-

You can customize SGX configurations as any other Eclipse build configurations from the project properties dialog. For example:

-
    -
  1. Right-click in Project Explorer Properties → C/C++ Build
    2. -
  2. Uncheck the Use default build command checkbox.
    3. -
-

Then you can customize and integrate SGX build process. You can use Makefile instead of sgx/Makefile in the example shown in the following figure:

-

- -

-

Customization of SGX Build Command

-

The build process is done using standard Eclipse interface for build, by example from the main Project menu:

-

- -

-

Project Menu

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_title.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_title.htm deleted file mode 100644 index bbf44bea76..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/SGX_title.htm +++ /dev/null @@ -1,30 +0,0 @@ - - - - - - - - - - - - - - Intel(R) Software Guard Extensions - - - - -

Intel(R) Software Guard Extensions

-

Developer Reference

-

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for a -pplication developers seeking to protect select code and data from disclosure or -modification. Intel(R) SGX makes such protections possible through the use of -enclaves. Enclaves are protected areas of execution. Application code can be put -into an enclave through special instructions and software made available to -developers by the Intel(R) SGX SDK.

-

Legal Information -

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Two_Steps_Sign_Enclave.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Two_Steps_Sign_Enclave.htm deleted file mode 100644 index 6201863d5c..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Two_Steps_Sign_Enclave.htm +++ /dev/null @@ -1,59 +0,0 @@ - - - - - - - - - - - - - - - Two Steps Sign Enclave - - - -

Two Steps Sign Enclave

-

To help you develop enclaves, Intel(R) Software Guard Extensions Eclipse Plug-in generates all required structure including:

- -

While these structure might be appropriate for development and debugging, you need a 2-step process to integrate your own signing schema for generating production enclaves.

-
    -
  1. Generate hash: the signer tool generates signing material from the unsigned compiled enclave and from the configuration file for the enclave. The signed material comes as an opaque sequence of bytes which are put in a file with extension .hex. This file is used with the external signing facility. You come back with a signature for the .hex file plus the public key of your signing facility, and proceed to Step 2.
    2. -
  2. Generate signed enclaves : the signer tool generates the final signed enclave.
    3. -
-

To complete this task, provide the following input parameters:

- -

If the parameters are consistenet, the production signed enclave is produced.

-
-

NOTE:

-

If you generate signed enclave right after generating hash, you can only enter the parameters specific for generating signed enclave.

-
-

To use the two-step signing function, activate the configuration SGX Hardware Release mode. When this configuration is active, the compilation does not produce a signed enclave, as in the other SGX configurations; the process only produces unsigned enclaves.

-

- -

-

Configure SGX Hardware Release Mode

-

When you configure the plugin in the SGX Hardware Release Mode, you can see the Generate Hash and Generate Signed Enclave options through Software Guard Extension Tools->Two Step Sign Enclave.

-

- -

-

Two Step Sign Enclave Menu

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_Enclave_Configuration_Files.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_Enclave_Configuration_Files.htm deleted file mode 100644 index d416791d27..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_Enclave_Configuration_Files.htm +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - - - Updating Enclave Configuration Files - - - -

Updating Enclave Configuration Files

-

A configuration file is an important part in the definition of an enclave. Intel(R) SGX SDK signer tool requires such *.xml configuration file as necessary input.

-

To update this configuration file, use the Update Config command:

-
    -
  1. -

    Right-click on the root project, Software Extension Guards Tools->Select Config File.

    -

    - -

    -

    Select Configuration File

    -
    2. -
  2. -

    Click OK or double-click the selected configuration file to open the Enclave Configuration Settings dialog.

    -

    - -

    -

    Enclave Configuration Settings

    -

    For details on the meaning of the fields, see Intel(R) Software Guard Extensions Developer Guide.

    -
    3. -
- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_SGX_Enclave_Signing_Key.htm b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_SGX_Enclave_Signing_Key.htm deleted file mode 100644 index d536de1c6d..0000000000 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/Updating_SGX_Enclave_Signing_Key.htm +++ /dev/null @@ -1,37 +0,0 @@ - - - - - - - - - - - - - - Updating SGX Enclave Signing Key - - - -

Updating SGX Enclave Signing Key

-

All skeletons enclave samples produced by the plugin contain a sample signing key. You might want to import another sign key that you already have, or generate a new one. Use the command Update SGX Enclave Signing Key to complete this task.

-
    -
  1. Choose Update SGX Enclave Signing Key by right-click on the project in Project Explorer -> Software Guard Extension Tools menu. The Import or (Re)Generate Enclave Signing Key dialog appears.
    2. -
  2. In the Import or (Re)Generate Enclave Signing Key dialog, click Select to open a file dialog to select the output key.
    3. -
  3. -

    Click Improt Key to update a selected signing key by copying another existing key or click Generate Key to update the selected signing key by generating a new key. In both cases, the new signature key is put into the file in text field Enclave Signing Key.

    -

    - -

    -

    Import or (Re)Generate Enclave Signing Key

    -
    4. -
  4. Click OK to update the enclave signing key.
    5. -
-

Under the hood, a new key is generated using openssl*, which needs to be installed on the machine:

-

openssl genrsa -out ../../../encl1_private.pem.key.pem -3 3072 -

-

- - diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html index 40f03550f3..b2a5bad637 100644 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html +++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/html/content.html @@ -1,35 +1,34 @@ - - - - - - - - - - - + + + + + + + + +
+

Intel(R) Software Guard Extensions Plug-in for Eclipse*

Developer Guide

-

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for a -pplication developers seeking to protect select code and data from disclosure or +

Intel(R) Software Guard Extensions (Intel(R) SGX) is an Intel technology for application developers seeking to protect select code and data from disclosure or modification. Intel(R) SGX makes such protections possible through the use of enclaves. Enclaves are protected areas of execution. Application code can be put into an enclave through special instructions and software made available to developers by the Intel(R) SGX SDK.

-

Legal Information +

Legal Information

- - -

Legal Information

+
+ +
+

Introduction

+

This Developer Guide is intended for use by Independent Service Vendors who wish to harden their Linux* applications using Intel(R) SGX Technology, code named Intel(R) Software Guard Extensions. The guide describes the procedure for installation of Intel(R) SGX Plugin for Eclipse* IDE and development of Intel(R) SGX components using the plugin. The Intel(R) SGX Plugin for Eclipse leverages on the Intel(R) Software Guard Extensions SDK, which is a collection of APIs, libraries and tools that enable you to develop, build and debug Intel(R) SGX applications in C/C++.

+

To learn more about the Intel(R) Software Guard Extensions SDK, see the Intel(R) Software Guard Extensions SDK for Linux* OS Developer Reference.

 
+
+

Introducing Intel(R) Software Guard Extensions

Intel(R) Software Guard Extensions is a new Intel technology, whose objective is to enable a high level of protection of secrets. It operates by allocating hardware-protected memory where code and data reside. The protected memory area within an application process is called an enclave. Data within the enclave memory can only be accessed by code that resides within that enclave. Enclave code can be invoked by special instructions.

An enclave can be built and loaded as a shared object.

Throughout this document, Intel(R) SGX refers to Intel(R) Software Guard Extensions.

@@ -105,22 +104,22 @@ developers by the Intel(R) SGX SDK.

The proxy and bridge functions are generated by the sgx_edger8r tool provided by Intel(R) SGX SDK. It reads an edl file (Enclave Descriptor Language) which describes the functions that form the trusted and untrusted component boundaries within the application.

After the enclave is built, a signed version of it is created using the tool sgx_sign also provided by Intel(R) SGX SDK. It is this signed version may be loaded and executed in the encrypted memory.

-

Enclaves may have some specific properties which are added as meta-information during the signing process. The meta-information is stored in one configuration xml file per enclave, whose details may be seen in Intel(R) Software Guard Extensions Evaluation SDK for Linux* OS.

- - -

Introducing Intel(R) Software Guard Extensions Eclipse* Plug-in

-

The Intel(R) Software Guard Extensions Eclipse* Plug-in helps the enclave developer to maintain enclaves and untrusted related code inside Eclipse* C/C++ projects. To use this support, add SGX nature to the C/C++ project. See Adding SGX Nature to a Project for details.

+

Enclaves may have some specific properties which are added as meta-information during the signing process. The meta-information is stored in one configuration xml file per enclave, whose details may be seen in Intel(R) Software Guard Extensions SDK for Linux* OS.

+
+
+

Introducing Intel(R) Software Guard Extensions Eclipse* Plug-in

+

The Intel(R) Software Guard Extensions Eclipse* Plug-in helps the enclave developer to maintain enclaves and untrusted related code inside Eclipse* C/C++ projects. To use this support, add SGX nature to the C/C++ project. See Adding SGX Nature to a Project for details.

Once the SGX nature is added to a project, you will have access to the SGX commands. SGX nature adds also a folder called sgx to the root of the project, and a Makefile inside it. All resources of the project managed by Intel(R) Software Guard Extensions Eclipse Plug-inare located inside this directory. You can build and run enclaves related code using GNU* Make tool through the Makefile.

The plugin is generating minimal but ready-to-work code skeletons, complete with their own Makefile having all the required make targets as to call sgx_edger8r tool to generate the proxies and bridges, compile these source, generate a shared object and finally, to sign the enclave with the sgx_sign tool. This provide a starting point you may build upon.

- - -

Getting Started with Intel(R) Software Guard Extensions Eclipse* Plug-in

+
+
+

Getting Started with Intel(R) Software Guard Extensions Eclipse* Plug-in

This section contains steps to set up your Intel(R) Software Guard Extensions Eclipse* Plug-in on a Linux* system, including necessary softwares, steps to install the product, and steps to configure your preferred product directory.

• Pre-requisites

• Installing Intel(R) Software Guard Extensions Eclipse* Plug-in

-

• Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

  - -

Pre-requisites

+

• Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

 
+
+

Pre-requisites

To use Intel(R) Software Guard Extensions Eclipse Plug-in, install the following softwares:

- - -

Installing Intel(R) Software Guard Extensions Eclipse* Plug-in

+
+
+

Installing Intel(R) Software Guard Extensions Eclipse* Plug-in

Install Intel(R) Software Guard Extensions Eclipse* Plug-in as a regular Eclipse Plugin:

  1. Download the zip archive of Intel(R) Software Guard Extensions Eclipse Plug-in from Intel Site
    2. @@ -151,9 +150,9 @@ developers by the Intel(R) SGX SDK.

  2. Press OK to add the archive as a repository.
  3. In the Install dialog, select the Software Guard Extensions Plugin check-box and proceed with the usual steps.
- - -

Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

+
+
+

Configuring Intel(R) Software Guard Extensions Eclipse* Plug-in

If you do not install Intel(R) SGX SDK for Linux* OS in the default location, you need to specify the path for Intel SGX SDK using the following steps:

  1. @@ -165,9 +164,9 @@ developers by the Intel(R) SGX SDK.

  2. Enter the path for Intel SGX SDK for Linux OS in the SGX SDK Directory field.
- - -

Command Reference

+
+
+

Command Reference

This topic provides the command reference for the following scenarios of using Intel(R) Software Guard Extensions Eclipse* Plug-in:

-

All commands brought by Intel(R) Software Guard Extensions Eclipse Plug-in are available by right-clicking on the Project root in Project explorer view in menu Software Guard Extension Tools:

 

Project Explorer

  - -

Adding SGX Nature to a Project

+

All commands brought by Intel(R) Software Guard Extensions Eclipse Plug-in are available by right-clicking on the Project root in Project explorer view in menu Software Guard Extension Tools:

 

Project Explorer

 
+
+

Adding SGX Nature to a Project

The nature of an Eclipse project is a concept defined by an Eclipse Platform which allows a plug-in to tag a project as a specific kind of project. Intel(R) Software Guard Extensions uses an SGX nature to add SGX-specific behavior to projects. Project natures are defined by plug-ins, and are typically added or removed per-project when the user performs some action defined by the plug-in.

-

To use Intel(R) Software Guard Extensions Eclipse Plug-in in your project, you need to add SGX nature to it. You may either add SGX nature to a pre-existing C/C++ project or create a project with SGX nature from start. See Adding SGX Nature to a non-SGX project and Creating a New C/C++ Project with SGX Nature for how to complete these tasks.

- - -

Adding SGX Nature to a non-SGX project

+

To use Intel(R) Software Guard Extensions Eclipse Plug-in in your project, you need to add SGX nature to it. You may either add SGX nature to a pre-existing C/C++ project or create a project with SGX nature from start. See Adding SGX Nature to a non-SGX project and Creating a New C/C++ Project with SGX Nature for how to complete these tasks.

+
+
+

Adding SGX Nature to a non-SGX project

When you have a C/C++ project created without Intel SGX, you cannot use Intel SGX support. In this case, you need to add SGX nature to this project to use Intel SGX support:

  1. Right-click on the project root
    2. @@ -221,9 +220,9 @@ developers by the Intel(R) SGX SDK.

    Configurations Specific to Intel(R) SGX Technology

    - - -

    Creating a New C/C++ Project with SGX Nature

    +
+
+

Creating a New C/C++ Project with SGX Nature

You can create a new project with SGX nature. To create such a project, follow these steps:

  1. @@ -241,9 +240,9 @@ developers by the Intel(R) SGX SDK.

    NOTE:

    Projects created following the subcategories under C/C++ with SGX Enabled are identical with their standard counterparts, except that they have SGX Nature added. There is no difference between creating a C or C++ project with SGX enabled, or creating a standard C/C++ project and launch Add SGX nature from it, as described in precedent paragraph.

- - -

Adding an SGX Enclave

+ +
+

Adding an SGX Enclave

After you add the SGX nature to a project, you can start creating a minimal but complete skeleton for a new enclave:

  1. Right-click on the project root in Project Explorer.
    2. @@ -278,9 +277,9 @@ developers by the Intel(R) SGX SDK.

    NOTE:

    If you select the Generate sample untrusted application checkbox, ecalls from the untrusted part are not be resolved by Eclipse C/C++ indexer. These functions are marked with a red line. The declaration of these ecalls resides in the unstrusted stub header which is generated during the build proces and is not indexed by Eclipse. To resolve this problem, right-click on project root and select Index → Freshen All Files.

- - -

Adding an SGX Trusted Library

+ +
+

Adding an SGX Trusted Library

Trusted Static Libraries helps enclave author have libraries of shared code to be reused by enclaves, in exactly the same manner as usual static libxxx.a libraries are used to share code between regular non-SGX applications. The plugin adds a command to generate the skeleton of a trusted shared library.

To add a new SGX Trusted Library:

    @@ -299,9 +298,9 @@ developers by the Intel(R) SGX SDK.

    A Generated Trusted Library

- - -

Adding an SGX Untrusted Module

+
+
+

Adding an SGX Untrusted Module

Add an untrusted module to generate the untrusted stubs so you use an enclave, provided you have access to its .edl file. The enclave might have been built in the current project or in a different project.

To use trusted functionality of an enclave for which its *.edl is known, use the command Add SGX Untrusted Module:

    @@ -320,9 +319,9 @@ developers by the Intel(R) SGX SDK.

    Copying the Untrusted Module to a Project

- - -

Updating SGX Enclave Signing Key

+
+
+

Updating SGX Enclave Signing Key

All skeletons enclave samples produced by the plugin contain a sample signing key. You might want to import another sign key that you already have, or generate a new one. Use the command Update SGX Enclave Signing Key to complete this task.

  1. Choose Update SGX Enclave Signing Key by right-click on the project in Project Explorer -> Software Guard Extension Tools menu. The Import or (Re)Generate Enclave Signing Key dialog appears.
    2. @@ -340,9 +339,9 @@ developers by the Intel(R) SGX SDK.

    openssl genrsa -out ../../../encl1_private.pem.key.pem -3 3072

    - - -

    Updating Enclave Configuration Files

    +
+
+

Updating Enclave Configuration Files

A configuration file is an important part in the definition of an enclave. Intel(R) SGX SDK signer tool requires such *.xml configuration file as necessary input.

To update this configuration file, use the Update Config command:

    @@ -362,9 +361,9 @@ developers by the Intel(R) SGX SDK.

    For details on the meaning of the fields, see Intel(R) Software Guard Extensions Developer Guide.

- - -

Two Steps Sign Enclave

+
+
+

Two Steps Sign Enclave

To help you develop enclaves, Intel(R) Software Guard Extensions Eclipse Plug-in generates all required structure including:

+
+

Generate Hash

Generating hash is the first step in the 2-Steps signing process.To generate hash, use the following steps:

  1. @@ -431,9 +430,9 @@ developers by the Intel(R) SGX SDK.

    Generate Signed Enclave Dialog with Pre-configurations

    If you click Cancel in the Generate Signed Enclave dialog, you can continue the signing process later using the Generate Signed Enclave command.

    - - -

    Generate Signed Enclaves

    +
+
+

Generate Signed Enclaves

Generating signed enclave is the second step in the 2-Steps signing process. You should have the following files to complete this step:

+
+

Building and Running SGX Code

This section describes the following topics about building and running SGX code:

  - -

SGX Build Configurations

+  
+
+

SGX Build Configurations

There are usually two types of builds that a regular non-SGX project defines:

+
+

Running Samples Generated for Enclaves

Intel(R) Software Guard Extensions Eclipse* Plugin provides an option to generate a sample application together with the enclave code when the enclave is created. After the project is build, the sample application is built also and ready to run. You can see the sample application named sample in the enclave directory in Project Explorer. You can run this sample as a local C/C++ application as shown in the following figure:

@@ -552,6 +551,6 @@ developers by the Intel(R) SGX SDK.

The Result of Running Samples Generated for Enclaves

- - +
+ diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/toc.xml b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/toc.xml index 85c36da39e..9a4a908de0 100644 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/toc.xml +++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx.userguide/toc.xml @@ -1,90 +1,44 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/trusted/Enclave1.config.xml b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/trusted/Enclave1.config.xml index a957526f95..1b2f224567 100644 --- a/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/trusted/Enclave1.config.xml +++ b/Linux_SGXEclipsePlugin/build_directory/plugins/com.intel.sgx/templates/sgx/SGXEnclave/trusted/Enclave1.config.xml @@ -1,4 +1,3 @@ - 0 0 diff --git a/Linux_SGXEclipsePlugin/build_directory/sites/site.xml b/Linux_SGXEclipsePlugin/build_directory/sites/site.xml index a0a475351b..3c3d422d7b 100644 --- a/Linux_SGXEclipsePlugin/build_directory/sites/site.xml +++ b/Linux_SGXEclipsePlugin/build_directory/sites/site.xml @@ -17,5 +17,7 @@ - + + SGX Eclipse Plugin 1.0.1.qualifier + diff --git a/Linux_SGXEclipsePlugin/clean.sh b/Linux_SGXEclipsePlugin/clean.sh index 0b3edca3d7..ba0f7bc78a 100755 --- a/Linux_SGXEclipsePlugin/clean.sh +++ b/Linux_SGXEclipsePlugin/clean.sh @@ -13,7 +13,7 @@ rm -fv build_directory/features/com.intel.sgx.feature/build.xml rm -fv build_directory/features/com.intel.sgx.feature/*.zip rm -rfv build_directory/nestedJars rm -rfv build_directory/updatesite/sgx-eclipse-plugin -find . -name "*.zip" | xargs rm -rfv +find . -name "*.zip" ! -name "eclipse_mars.v4.5.1_x64.zip" | xargs rm -rfv find . -name "javaCompiler*" | xargs rm -rfv find . -name "@*" | xargs rm -rfv find build_directory -maxdepth 1 -mindepth 1 | grep -v "features" | grep -v "plugins" | grep -v "sites" | grep -v "updatesite" | xargs rm -frv diff --git a/Linux_SGXEclipsePlugin/readme.txt b/Linux_SGXEclipsePlugin/readme.txt index 53b7c6241a..1430d35772 100644 --- a/Linux_SGXEclipsePlugin/readme.txt +++ b/Linux_SGXEclipsePlugin/readme.txt @@ -1,21 +1,22 @@ -The eclipse plugin build from commandline requires the following variables to be set +The eclipse plugin build from command line requires the following variables to be set. $ECLIPSE_HOME - Path to eclipse home. In order to build the plugin eclipse needs to be installed. -$RELEASE_ID - The release id for the plugin. - -The plugin has been tested with the following Eclipse ADT version - -Build: v22.3.0-887826 +$RELEASE_ID - The release id for the plugin. The release id should be changed for each source codes updates. +$DELETE_CURRENT_ECLIPSE - Delete current eclipse or not. Generally this variable is set to false. The following plugins are pre-requisites to be installed in Eclipse before trying to build the plugin. 1. Eclipse IDE for C/C++ Developers 4.5.1.20150917-1200 (tested_version) 2. Eclipse PDE Plug-in Developer Resources 3.11.1.v20150904-0345 (tested_version) +run ./build.sh from command line under current directory. +Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation. If the sgx eclipse plugin is already installed to eclipse and to build and install a newer version, uninstall the old version and start eclipse with the -clean option. Then try to build the new version of the plugin and install it in eclipse. http://wiki.eclipse.org/FAQ_How_do_I_remove_a_plug-in%3F -Once the build script is run, the folder build_directory/updatesite/sgx-eclipse-plugin contains the update site. This is the path that needs to be provided to the eclipse while doing installation. +The plugin has been tested with the following Eclipse ADT version + +Build: v22.3.0-887826 diff --git a/Linux_SGXEclipsePlugin/src/main/groovy/preprocessHtml.groovy b/Linux_SGXEclipsePlugin/src/main/groovy/preprocessHtml.groovy deleted file mode 100644 index 99c0aa1168..0000000000 --- a/Linux_SGXEclipsePlugin/src/main/groovy/preprocessHtml.groovy +++ /dev/null @@ -1,34 +0,0 @@ -import groovy.xml.MarkupBuilder -import groovy.xml.StreamingMarkupBuilder - - -println "Hello, Script!!!" - - - -def fragments = new XmlParser(false, true).parseText("") - -def resultFile = new File('/home/mlutescu/0_WORK/SGXUserGuide/developer_guide_eclipse_plugin/Output/WebHelp/Content/test.html') - -if (resultFile.exists()) { - resultFile.delete() -} - -def fltoc = new File('/home/mlutescu/0_WORK/SGXUserGuide/developer_guide_eclipse_plugin/Project/TOCs/Master.fltoc') -def toc = (new XmlParser()).parse(fltoc) -def contentDir = new File(fltoc, '../../../').canonicalPath - -def PrintWriter pw = new PrintWriter(new FileWriter(resultFile)) - - -toc.TocEntry['**'].each { tocEntry -> - def htmlFile = new File(contentDir, "${tocEntry.'@Link'}") - - - println htmlFile.text -} - - - -println groovy.xml.XmlUtil.serialize( fragments) - diff --git a/README.md b/README.md index a2e80a18e9..5dba72abc8 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ See CONTRIBUTING.md for details. Documentation ------------- -- [Intel(R) SGX for Linux\* OS][1] project home page on [01.org](http://01.org) +- [Intel(R) SGX for Linux\* OS][1] project home page on [01.org](https://01.org) - [Intel(R) SGX Programming Reference][2] [1]: https://01.org/intel-softwareguard-extensions [2]: https://software.intel.com/sites/default/files/managed/48/88/329298-002.pdf @@ -44,7 +44,7 @@ Build the Intel(R) SGX SDK and Intel(R) SGX PSW Package $ sudo apt-get install libcurl4-openssl-dev protobuf-compiler protobuf-c-compiler libprotobuf-dev libprotobuf-c0-dev ``` - Use the script `download_prebuilt.sh` inside source code package to download prebuilt binaries to prebuilt folder - You may need set http proxy for wget tool used by the script (such as `export http_proxy=http://test-proxy:test-port`) + You may need set https proxy for wget tool used by the script (such as `export https_proxy=http://test-proxy:test-port`) ``` $ ./download_prebuilt.sh ``` @@ -92,16 +92,12 @@ Install Intel(R) SGX SDK ``` ###Install Intel(R) SGX SDK -To install Intel(R) SGX SDK, execute the installer with root privilege: +To install Intel(R) SGX SDK, enter the following commands: ``` $ cd linux/installer/bin -$ sudo ./sgx_linux_x64_sdk_${version}.bin +$ ./sgx_linux_x64_sdk_${version}.bin ``` ###Test Intel(R) SGX SDK Package with the Sample Codes -- Copy the sample codes installed by Intel(R) SGX SDK package into your work folder, such as -``` - $ cp -r /opt/intel/sgxsdk/SampleCode ~ -``` - Compile and run each sample codes in the simulation mode to make sure the package works well. ``` $ cd SampleCode/LocalAttestation @@ -114,10 +110,6 @@ $ sudo ./sgx_linux_x64_sdk_${version}.bin If you use an SGX hardware enabled machine, you need to run the sample codes in the hardware mode. Ensure that you install SGX driver and Intel(R) SGX PSW installer on the machine. See the topic, Install Intel(R) SGX PSW, on how to install the PSW package. -- Copy the sample codes installed by the Intel(R) SGX SDK package into your work folder, such as -``` - $ cp -r /opt/intel/sgxsdk/SampleCode ~ -``` - Compile and run each sample codes in the debug mode. ``` $ cd SampleCode/LocalAttestation diff --git a/SampleCode/LocalAttestation/Makefile b/SampleCode/LocalAttestation/Makefile index eaacfc8ffe..119fa78f7f 100644 --- a/SampleCode/LocalAttestation/Makefile +++ b/SampleCode/LocalAttestation/Makefile @@ -131,6 +131,14 @@ Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp) Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I./LocalAttestationCode -I./Include Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \ @@ -162,7 +170,7 @@ all: $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $( @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml" @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml" @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml" - @echo "You can also sign the enclaves using an external signing tool. See User's Guide for more details." + @echo "You can also sign the enclaves using an external signing tool." @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." else all: $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name) diff --git a/SampleCode/PowerTransition/Makefile b/SampleCode/PowerTransition/Makefile index 5c03d8aaa6..32b9d2f3fc 100644 --- a/SampleCode/PowerTransition/Makefile +++ b/SampleCode/PowerTransition/Makefile @@ -124,6 +124,14 @@ Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX Enclave_Compile_CFlags := -nostdinc -ffreestanding -fvisibility=hidden -fpie \ $(Enclave_Include_Paths) Enclave_Compile_CXXFlags := -nostdinc++ -std=c++03 $(Enclave_Compile_CFlags) + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. Enclave_Link_Flags := -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ @@ -154,7 +162,7 @@ all: $(App_Name) $(Enclave_Name) @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." @echo "To sign the enclave use the command:" @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" - @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." + @echo "You can also sign the enclave using an external signing tool." @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." else all: $(App_Name) $(Signed_Enclave_Name) diff --git a/SampleCode/RemoteAttestation/Makefile b/SampleCode/RemoteAttestation/Makefile index 7335b486c9..541fad85c3 100644 --- a/SampleCode/RemoteAttestation/Makefile +++ b/SampleCode/RemoteAttestation/Makefile @@ -65,6 +65,9 @@ else SGX_COMMON_CFLAGS += -O2 endif +ifeq ($(SUPPLIED_KEY_DERIVATION), 1) + SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION +endif ######## App Settings ######## ifneq ($(SGX_MODE), HW) @@ -130,6 +133,14 @@ Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ @@ -161,7 +172,7 @@ all: libservice_provider.so $(App_Name) $(Enclave_Name) @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." @echo "To sign the enclave use the command:" @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" - @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." + @echo "You can also sign the enclave using an external signing tool." @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." else all: libservice_provider.so $(App_Name) $(Signed_Enclave_Name) diff --git a/SampleCode/RemoteAttestation/isv_app/isv_app.cpp b/SampleCode/RemoteAttestation/isv_app/isv_app.cpp index 472e81902f..0fb3590acb 100644 --- a/SampleCode/RemoteAttestation/isv_app/isv_app.cpp +++ b/SampleCode/RemoteAttestation/isv_app/isv_app.cpp @@ -29,10 +29,14 @@ * */ +// This sample is confined to the communication between a SGX client platform +// and an ISV Application Server. + #include #include +#include // Needed for definition of remote attestation messages. #include "remote_attestation_result.h" @@ -48,6 +52,9 @@ // Needed to create enclave and do ecall. #include "sgx_urts.h" +// Needed to query extended epid group id. +#include "sgx_uae_service.h" + #include "service_provider.h" #ifndef SAFE_FREE @@ -116,6 +123,10 @@ void PRINT_ATTESTATION_SERVICE_RESPONSE( fprintf(file, "MSG2 spid - "); PRINT_BYTE_ARRAY(file, &(p_msg2_body->spid), sizeof(p_msg2_body->spid)); + fprintf(file, "MSG2 quote_type : %hx\n", p_msg2_body->quote_type); + + fprintf(file, "MSG2 kdf_id : %hx\n", p_msg2_body->kdf_id); + fprintf(file, "MSG2 sign_gb_ga - "); PRINT_BYTE_ARRAY(file, &(p_msg2_body->sign_gb_ga), sizeof(p_msg2_body->sign_gb_ga)); @@ -154,19 +165,21 @@ void PRINT_ATTESTATION_SERVICE_RESPONSE( // This sample code doesn't have any recovery/retry mechanisms for the remote // attestation. Since the enclave can be lost due S3 transitions, apps -// susceptible to S3 transtions should have logic to restart attestation in -// these scenenarios. +// susceptible to S3 transitions should have logic to restart attestation in +// these scenarios. #define _T(x) x int main(int argc, char* argv[]) { int ret = 0; + ra_samp_request_header_t *p_msg0_full = NULL; + ra_samp_response_header_t *p_msg0_resp_full = NULL; ra_samp_request_header_t *p_msg1_full = NULL; ra_samp_response_header_t *p_msg2_full = NULL; sgx_ra_msg3_t *p_msg3 = NULL; ra_samp_response_header_t* p_att_result_msg_full = NULL; sgx_enclave_id_t enclave_id = 0; int enclave_lost_retry_time = 1; - int busy_retry_time = 2; + int busy_retry_time = 4; sgx_ra_context_t context = INT_MAX; sgx_status_t status = SGX_SUCCESS; ra_samp_request_header_t* p_msg3_full = NULL; @@ -204,7 +217,54 @@ int main(int argc, char* argv[]) } } - // Remote attestaton will be initiated the ISV server challenges the ISV + // Preparation for remote attestation by configuring extended epid group id. + { + uint32_t extended_epid_group_id = 0; + ret = sgx_get_extended_epid_group_id(&extended_epid_group_id); + if (SGX_SUCCESS != ret) + { + ret = -1; + fprintf(OUTPUT, "\nError, call sgx_get_extended_epid_group_id fail [%s].", + __FUNCTION__); + return ret; + } + fprintf(OUTPUT, "\nCall sgx_get_extended_epid_group_id success."); + + p_msg0_full = (ra_samp_request_header_t*) + malloc(sizeof(ra_samp_request_header_t) + +sizeof(uint32_t)); + if (NULL == p_msg0_full) + { + ret = -1; + goto CLEANUP; + } + p_msg0_full->type = TYPE_RA_MSG0; + p_msg0_full->size = sizeof(uint32_t); + + *(uint32_t*)((uint8_t*)p_msg0_full + sizeof(ra_samp_request_header_t)) = extended_epid_group_id; + { + + fprintf(OUTPUT, "\nMSG0 body generated -\n"); + + PRINT_BYTE_ARRAY(OUTPUT, p_msg0_full->body, p_msg0_full->size); + + } + // The ISV application sends msg0 to the SP. + // The ISV decides whether to support this extended epid group id. + fprintf(OUTPUT, "\nSending msg0 to remote attestation service provider.\n"); + + ret = ra_network_send_receive("http://SampleServiceProvider.intel.com/", + p_msg0_full, + &p_msg0_resp_full); + if (ret != 0) + { + fprintf(OUTPUT, "\nError, ra_network_send_receive for msg0 failed " + "[%s].", __FUNCTION__); + goto CLEANUP; + } + fprintf(OUTPUT, "\nSent MSG0 to remote attestation service.\n"); + } + // Remote attestation will be initiated the ISV server challenges the ISV // app or if the ISV app detects it doesn't have the credentials // (shared secret) from a previous attestation required for secure // communication with the server. @@ -225,7 +285,7 @@ int main(int argc, char* argv[]) ret = -1; fprintf(OUTPUT, "\nError, call sgx_create_enclave fail [%s].", __FUNCTION__); - return ret; + goto CLEANUP; } fprintf(OUTPUT, "\nCall sgx_create_enclave success."); @@ -261,6 +321,7 @@ int main(int argc, char* argv[]) ret = sgx_ra_get_msg1(context, enclave_id, sgx_ra_get_ga, (sgx_ra_msg1_t*)((uint8_t*)p_msg1_full + sizeof(ra_samp_request_header_t))); + sleep(3); // Wait 3s between retries } while (SGX_ERROR_BUSY == ret && busy_retry_time--); if(SGX_SUCCESS != ret) { @@ -566,7 +627,9 @@ int main(int argc, char* argv[]) bool attestation_passed = true; // Check the attestation result for pass or fail. - // @TODO: Check the status. This is ISV defined. + // Whether attestation passes or fails is a decision made by the ISV Server. + // When the ISV server decides to trust the enclave, then it will return success. + // When the ISV server decided to not trust the enclave, then it will return failure. if(0 != p_att_result_msg_full->status[0] || 0 != p_att_result_msg_full->status[1]) { @@ -575,13 +638,20 @@ int main(int argc, char* argv[]) attestation_passed = false; } - // the SGX blob analysis API. The ISV will take action based on the - // update_info. (upgrade PSW or uCode), the second param should be 1 if - // the attestation failed, otherwise should be 0. + // The attestation result message should contain a field for the Platform + // Info Blob (PIB). The PIB is returned by attestation server in the attestation report. + // It is not returned in all cases, but when it is, the ISV app + // should pass it to the blob analysis API called sgx_report_attestation_status() + // along with the trust decision from the ISV server. + // The ISV application will take action based on the update_info. + // returned in update_info by the API. + // This call is stubbed out for the sample. + // // sgx_update_info_bit_t update_info; // ret = sgx_report_attestation_status( // &p_att_result_msg_body->platform_info_blob, // attestation_passed ? 0 : 1, &update_info); + // Get the shared secret sent by the server using SK (if attestation // passed) if(attestation_passed) @@ -630,13 +700,15 @@ CLEANUP: sgx_destroy_enclave(enclave_id); + ra_free_network_response_buffer(p_msg0_resp_full); ra_free_network_response_buffer(p_msg2_full); ra_free_network_response_buffer(p_att_result_msg_full); - // p_msg3 is malloc'd by the untrused KE library. App needs to free. + // p_msg3 is malloc'd by the untrusted KE library. App needs to free. SAFE_FREE(p_msg3); SAFE_FREE(p_msg3_full); SAFE_FREE(p_msg1_full); + SAFE_FREE(p_msg0_full); printf("\nEnter a character before exit ...\n"); getchar(); return ret; diff --git a/SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp b/SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp index 1d8182e3a0..980de0c8db 100644 --- a/SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp +++ b/SampleCode/RemoteAttestation/isv_enclave/isv_enclave.cpp @@ -30,7 +30,7 @@ */ - +#include #include "isv_enclave_t.h" #include "sgx_tkey_exchange.h" #include "sgx_tcrypto.h" @@ -69,6 +69,134 @@ static const sgx_ec256_public_t g_sp_pub_key = { uint8_t g_secret[8] = {0}; +#ifdef SUPPLIED_KEY_DERIVATION + +#pragma message ("Supplied key derivation function is used.") + +typedef struct _hash_buffer_t +{ + uint8_t counter[4]; + sgx_ec256_dh_shared_t shared_secret; + uint8_t algorithm_id[4]; +} hash_buffer_t; + +const char ID_U[] = "SGXRAENCLAVE"; +const char ID_V[] = "SGXRASERVER"; + +// Derive two keys from shared key and key id. +bool derive_key( + const sgx_ec256_dh_shared_t *p_shared_key, + uint8_t key_id, + sgx_ec_key_128bit_t *first_derived_key, + sgx_ec_key_128bit_t *second_derived_key) +{ + sgx_status_t sgx_ret = SGX_SUCCESS; + hash_buffer_t hash_buffer; + sgx_sha_state_handle_t sha_context; + sgx_sha256_hash_t key_material; + + memset(&hash_buffer, 0, sizeof(hash_buffer_t)); + /* counter in big endian */ + hash_buffer.counter[3] = key_id; + + /*convert from little endian to big endian */ + for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) + { + hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i]; + } + + sgx_ret = sgx_sha256_init(&sha_context); + if (sgx_ret != SGX_SUCCESS) + { + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context); + if (sgx_ret != SGX_SUCCESS) + { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context); + if (sgx_ret != SGX_SUCCESS) + { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context); + if (sgx_ret != SGX_SUCCESS) + { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_get_hash(sha_context, &key_material); + if (sgx_ret != SGX_SUCCESS) + { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_close(sha_context); + + assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t)); + memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t)); + memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t)); + + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_material, 0, sizeof(sgx_sha256_hash_t)); + + return true; +} + +//isv defined key derivation function id +#define ISV_KDF_ID 2 + +typedef enum _derive_key_type_t +{ + DERIVE_KEY_SMK_SK = 0, + DERIVE_KEY_MK_VK, +} derive_key_type_t; + +sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key, + uint16_t kdf_id, + sgx_ec_key_128bit_t* smk_key, + sgx_ec_key_128bit_t* sk_key, + sgx_ec_key_128bit_t* mk_key, + sgx_ec_key_128bit_t* vk_key) +{ + bool derive_ret = false; + + if (NULL == shared_key) + { + return SGX_ERROR_INVALID_PARAMETER; + } + + if (ISV_KDF_ID != kdf_id) + { + //fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__); + return SGX_ERROR_KDF_MISMATCH; + } + + derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK, + smk_key, sk_key); + if (derive_ret != true) + { + //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + return SGX_ERROR_UNEXPECTED; + } + + derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK, + mk_key, vk_key); + if (derive_ret != true) + { + //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + return SGX_ERROR_UNEXPECTED; + } + return SGX_SUCCESS; +} +#else +#pragma message ("Default key derivation function is used.") +#endif + // This ecall is a wrapper of sgx_ra_init to create the trusted // KE exchange key context needed for the remote attestation // SIGMA API's. Input pointers aren't checked since the trusted stubs @@ -99,7 +227,11 @@ sgx_status_t enclave_init_ra( if (ret != SGX_SUCCESS) return ret; } +#ifdef SUPPLIED_KEY_DERIVATION + ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context); +#else ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context); +#endif if(b_pse) { sgx_close_pse_session(); diff --git a/SampleCode/RemoteAttestation/service_provider/ecp.cpp b/SampleCode/RemoteAttestation/service_provider/ecp.cpp index 3b0ed32b98..192d20fb8c 100644 --- a/SampleCode/RemoteAttestation/service_provider/ecp.cpp +++ b/SampleCode/RemoteAttestation/service_provider/ecp.cpp @@ -74,6 +74,90 @@ bool verify_cmac128( return false; } + +#ifdef SUPPLIED_KEY_DERIVATION + +#pragma message ("Supplied key derivation function is used.") + +typedef struct _hash_buffer_t +{ + uint8_t counter[4]; + sample_ec_dh_shared_t shared_secret; + uint8_t algorithm_id[4]; +} hash_buffer_t; + +const char ID_U[] = "SGXRAENCLAVE"; +const char ID_V[] = "SGXRASERVER"; + +// Derive two keys from shared key and key id. +bool derive_key( + const sample_ec_dh_shared_t *p_shared_key, + uint8_t key_id, + sample_ec_key_128bit_t *first_derived_key, + sample_ec_key_128bit_t *second_derived_key) +{ + sample_status_t sample_ret = SAMPLE_SUCCESS; + hash_buffer_t hash_buffer; + sample_sha_state_handle_t sha_context; + sample_sha256_hash_t key_material; + + memset(&hash_buffer, 0, sizeof(hash_buffer_t)); + + /* counter in big endian */ + hash_buffer.counter[3] = key_id; + + /*convert from little endian to big endian */ + for (size_t i = 0; i < sizeof(sample_ec_dh_shared_t) ; i++) + { + hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s) - 1 - i]; + } + + sample_ret = sample_sha256_init(&sha_context); + if (sample_ret != SAMPLE_SUCCESS) + { + return false; + } + sample_ret = sample_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context); + if (sample_ret != SAMPLE_SUCCESS) + { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_update((uint8_t*)ID_U, sizeof(ID_U), sha_context); + if (sample_ret != SAMPLE_SUCCESS) + { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_update((uint8_t*)ID_V, sizeof(ID_V), sha_context); + if (sample_ret != SAMPLE_SUCCESS) + { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_get_hash(sha_context, &key_material); + if (sample_ret != SAMPLE_SUCCESS) + { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_close(sha_context); + + static_assert(sizeof(sample_ec_key_128bit_t)* 2 == sizeof(sample_sha256_hash_t), "structure size mismatch."); + memcpy(first_derived_key, &key_material, sizeof(sample_ec_key_128bit_t)); + memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sample_ec_key_128bit_t), sizeof(sample_ec_key_128bit_t)); + + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_material, 0, sizeof(sample_sha256_hash_t)); + + return true; +} + +#else + +#pragma message ("Default key derivation function is used.") + #define EC_DERIVATION_BUFFER_SIZE(label_length) ((label_length) +4) const char str_SMK[] = "SMK"; @@ -170,3 +254,4 @@ bool derive_key( } return true; } +#endif \ No newline at end of file diff --git a/SampleCode/RemoteAttestation/service_provider/ecp.h b/SampleCode/RemoteAttestation/service_provider/ecp.h index 1cda156476..0a562b05f0 100644 --- a/SampleCode/RemoteAttestation/service_provider/ecp.h +++ b/SampleCode/RemoteAttestation/service_provider/ecp.h @@ -38,10 +38,10 @@ #include "remote_attestation_result.h" #ifndef SAMPLE_FEBITSIZE -#define SAMPLE_FEBITSIZE 256 + #define SAMPLE_FEBITSIZE 256 #endif -#define SAMPLE_ECP_KEY_SIZE (SAMPLE_FEBITSIZE/8) +#define SAMPLE_ECP_KEY_SIZE (SAMPLE_FEBITSIZE/8) typedef struct sample_ec_priv_t { @@ -70,6 +70,22 @@ errno_t memcpy_s(void *dest, size_t numberOfElements, const void *src, size_t count); +#ifdef SUPPLIED_KEY_DERIVATION + +typedef enum _sample_derive_key_type_t +{ + SAMPLE_DERIVE_KEY_SMK_SK = 0, + SAMPLE_DERIVE_KEY_MK_VK, +} sample_derive_key_type_t; + +bool derive_key( + const sample_ec_dh_shared_t *p_shared_key, + uint8_t key_id, + sample_ec_key_128bit_t *first_derived_key, + sample_ec_key_128bit_t *second_derived_key); + +#else + typedef enum _sample_derive_key_type_t { SAMPLE_DERIVE_KEY_SMK = 0, @@ -83,6 +99,8 @@ bool derive_key( uint8_t key_id, sample_ec_key_128bit_t *derived_key); +#endif + bool verify_cmac128( sample_ec_key_128bit_t mac_key, const uint8_t *p_data_buf, diff --git a/SampleCode/RemoteAttestation/service_provider/ias_ra.cpp b/SampleCode/RemoteAttestation/service_provider/ias_ra.cpp index e39d1b1942..ec6f52f769 100644 --- a/SampleCode/RemoteAttestation/service_provider/ias_ra.cpp +++ b/SampleCode/RemoteAttestation/service_provider/ias_ra.cpp @@ -41,9 +41,9 @@ #include #include "ias_ra.h" -// @TODO: This whole file is used as simulation of the interfaces to be -// delivered the IAS. Once the interface definitions are made available by the -// IAS, this file should be changed accordingly. +//This whole file is used as simulation of the interfaces to be +// delivered an attestation server. + #define UNUSED(expr) do { (void)(expr); } while (0) @@ -75,12 +75,10 @@ // This is the ECDSA NIST P-256 private key used to sign platform_info_blob. // This private // key and the public key in SDK untrusted KElibrary should be a temporary key -// pair. For production parts the IAS will sign the platform_info_blob with the +// pair. For production parts an attestation server will sign the platform_info_blob with the // production private key and the SDK untrusted KE library will have the public // key for verifcation. -// @TODO: This key will will not be available when the production backend -// is avaialbe. The remote attestation sample will need to change to use the -// real backend. This will likely be an RSA2048 type of key. + static const sample_ec256_private_t g_rk_priv_key = {{ 0x63,0x2c,0xd4,0x02,0x7a,0xdc,0x56,0xa5, @@ -92,7 +90,7 @@ static const sample_ec256_private_t g_rk_priv_key = static sample_spid_t g_sim_spid = {"Service X"}; -// Simulates the IAS function for verifying the quote produce by +// Simulates the attestation server function for verifying the quote produce by // the ISV enclave. It doesn't decrypt or verify the quote in // the simulation. Just produces the attestaion verification // report with the platform info blob. @@ -189,8 +187,7 @@ int ias_verify_attestation_evidence( } -// Simulates retrieving the SIGRL for upon the SP request. Becaue the IAS -// backend is not ready right now, we will return NULL. +// Simulates retrieving the SIGRL for upon the SP request. // // @param gid Group ID for the EPID key. // @param p_sig_rl_size Pointer to the output value of the full @@ -217,8 +214,7 @@ int ias_get_sigrl( } *p_sig_rl_size = 0; *p_sig_rl = NULL; - // we should try to get sig_rl from IAS, but right now we will just - // skip it until the IAS backend is ready. + // we should try to get sig_rl from an attestation server break; }while (0); @@ -226,7 +222,7 @@ int ias_get_sigrl( } -// Used to simulate the enrollment function of the IAS. It only +// Used to simulate the enrollment function of an attestation server. It only // gives back the SPID right now. In production, the enrollment // occurs out of context from an attestation attempt and only // occurs once. diff --git a/SampleCode/RemoteAttestation/service_provider/ias_ra.h b/SampleCode/RemoteAttestation/service_provider/ias_ra.h index 6230eb4e53..a984d0f06e 100644 --- a/SampleCode/RemoteAttestation/service_provider/ias_ra.h +++ b/SampleCode/RemoteAttestation/service_provider/ias_ra.h @@ -36,7 +36,6 @@ #include "ecp.h" -// These status should align with the definition in IAS API spec(rev 0.6) typedef enum { IAS_QUOTE_OK, IAS_QUOTE_SIGNATURE_INVALID, diff --git a/SampleCode/RemoteAttestation/service_provider/network_ra.cpp b/SampleCode/RemoteAttestation/service_provider/network_ra.cpp index 3db2be3973..f8ab863720 100644 --- a/SampleCode/RemoteAttestation/service_provider/network_ra.cpp +++ b/SampleCode/RemoteAttestation/service_provider/network_ra.cpp @@ -66,7 +66,18 @@ int ra_network_send_receive(const char *server_url, switch(p_req->type) { - case TYPE_RA_MSG1: + case TYPE_RA_MSG0: + ret = sp_ra_proc_msg0_req((const sample_ra_msg0_t*)((uint8_t*)p_req + + sizeof(ra_samp_request_header_t)), + p_req->size); + if (0 != ret) + { + fprintf(stderr, "\nError, call sp_ra_proc_msg1_req fail [%s].", + __FUNCTION__); + } + break; + + case TYPE_RA_MSG1: ret = sp_ra_proc_msg1_req((const sample_ra_msg1_t*)((uint8_t*)p_req + sizeof(ra_samp_request_header_t)), p_req->size, @@ -82,7 +93,7 @@ int ra_network_send_receive(const char *server_url, } break; - case TYPE_RA_MSG3: + case TYPE_RA_MSG3: ret =sp_ra_proc_msg3_req((const sample_ra_msg3_t*)((uint8_t*)p_req + sizeof(ra_samp_request_header_t)), p_req->size, @@ -98,7 +109,7 @@ int ra_network_send_receive(const char *server_url, } break; - default: + default: ret = -1; fprintf(stderr, "\nError, unknown ra message type. Type = %d [%s].", p_req->type, __FUNCTION__); diff --git a/SampleCode/RemoteAttestation/service_provider/network_ra.h b/SampleCode/RemoteAttestation/service_provider/network_ra.h index bd7fdb7108..9091bfb67c 100644 --- a/SampleCode/RemoteAttestation/service_provider/network_ra.h +++ b/SampleCode/RemoteAttestation/service_provider/network_ra.h @@ -35,20 +35,23 @@ #define _NETWORK_RA_H -// Enum for all possible message types between the ISV app and -// the ISV SP. Requests and responses in hte remote attestation -// sample. +/* Enum for all possible message types between the ISV app and + * the ISV SP. Requests and responses in the remote attestation + * sample. + */ typedef enum _ra_msg_type_t { - TYPE_RA_MSG1 = 1, + TYPE_RA_MSG0, + TYPE_RA_MSG1, TYPE_RA_MSG2, TYPE_RA_MSG3, TYPE_RA_ATT_RESULT, }ra_msg_type_t; -// Enum for all possible message types between the SP and IAS. -// Network communication is not simulated in the remote -// attestation sample. Currently these aren't used. +/* Enum for all possible message types between the SP and IAS. + * Network communication is not simulated in the remote + * attestation sample. Currently these aren't used. + */ typedef enum _ias_msg_type_t { TYPE_IAS_ENROLL, @@ -60,18 +63,18 @@ typedef enum _ias_msg_type_t #pragma pack(1) typedef struct _ra_samp_request_header_t{ - uint8_t type; // set to one of ra_msg_type_t - uint32_t size; //size of request body, - uint8_t align[3]; + uint8_t type; /* set to one of ra_msg_type_t*/ + uint32_t size; /*size of request body*/ + uint8_t align[3]; uint8_t body[]; }ra_samp_request_header_t; typedef struct _ra_samp_response_header_t{ - uint8_t type; // set to one of ra_msg_type_t - uint8_t status[2]; - uint32_t size; //size of the response body - uint8_t align[1]; - uint8_t body[]; + uint8_t type; /* set to one of ra_msg_type_t*/ + uint8_t status[2]; + uint32_t size; /*size of the response body*/ + uint8_t align[1]; + uint8_t body[]; }ra_samp_response_header_t; #pragma pack() diff --git a/SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h b/SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h index 5e6121cd11..86d1532b6d 100644 --- a/SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h +++ b/SampleCode/RemoteAttestation/service_provider/remote_attestation_result.h @@ -38,8 +38,8 @@ extern "C" { #endif -#define SAMPLE_MAC_SIZE 16 // Message Authentication Code - // - 16 bytes +#define SAMPLE_MAC_SIZE 16 /* Message Authentication Code*/ + /* - 16 bytes*/ typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE]; #ifndef SAMPLE_FEBITSIZE @@ -59,14 +59,14 @@ typedef struct sample_ec_sign256_t #define SAMPLE_SP_TAG_SIZE 16 typedef struct sp_aes_gcm_data_t { - uint32_t payload_size; // 0: Size of the payload which is - // encrypted - uint8_t reserved[12]; // 4: Reserved bits - uint8_t payload_tag[SAMPLE_SP_TAG_SIZE]; - // 16: AES-GMAC of the plain text, - // payload, and the sizes - uint8_t payload[]; // 32: Ciphertext of the payload - // followed by the plain text + uint32_t payload_size; /* 0: Size of the payload which is*/ + /* encrypted*/ + uint8_t reserved[12]; /* 4: Reserved bits*/ + uint8_t payload_tag[SAMPLE_SP_TAG_SIZE]; + /* 16: AES-GMAC of the plain text,*/ + /* payload, and the sizes*/ + uint8_t payload[]; /* 32: Ciphertext of the payload*/ + /* followed by the plain text*/ } sp_aes_gcm_data_t; @@ -75,8 +75,8 @@ typedef struct sp_aes_gcm_data_t { #define GID_SIZE 4 #define PSVN_SIZE 18 -// @TODO: Modify at production to use the values specified by the Production -// IAS API +/* @TODO: Modify at production to use the values specified by an Production*/ +/* attestation server API*/ typedef struct ias_platform_info_blob_t { uint8_t sample_epid_group_status; @@ -92,7 +92,7 @@ typedef struct ias_platform_info_blob_t typedef struct sample_ra_att_result_msg_t { ias_platform_info_blob_t platform_info_blob; - sample_mac_t mac; // mac_smk(attestation_status) + sample_mac_t mac; /* mac_smk(attestation_status)*/ sp_aes_gcm_data_t secret; } sample_ra_att_result_msg_t; diff --git a/SampleCode/RemoteAttestation/service_provider/service_provider.cpp b/SampleCode/RemoteAttestation/service_provider/service_provider.cpp index 3736951d03..1db44c0a96 100644 --- a/SampleCode/RemoteAttestation/service_provider/service_provider.cpp +++ b/SampleCode/RemoteAttestation/service_provider/service_provider.cpp @@ -48,6 +48,17 @@ #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr) = NULL;}} #endif +// This is supported extended epid group of SP. SP can support more than one +// extended epid group with different extended epid group id and credentials. +static const sample_extended_epid_group g_extended_epid_groups[] = { + { + 0, + ias_enroll, + ias_get_sigrl, + ias_verify_attestation_evidence + } +}; + // This is the private EC key of SP, the corresponding public EC key is // hard coded in isv_enclave. It is based on NIST P-256 curve. static const sample_ec256_private_t g_sp_priv_key = { @@ -90,6 +101,7 @@ typedef struct _sp_db_item_t }sp_db_item_t; static sp_db_item_t g_sp_db; +static const sample_extended_epid_group* g_sp_extended_epid_group_id= NULL; static bool g_is_sp_registered = false; static int g_sp_credentials = 0; static int g_authentication_token = 0; @@ -98,6 +110,60 @@ uint8_t g_secret[8] = {0,1,2,3,4,5,6,7}; sample_spid_t g_spid; + +// Verify message 0 then configure extended epid group. +int sp_ra_proc_msg0_req(const sample_ra_msg0_t *p_msg0, + uint32_t msg0_size) +{ + int ret = -1; + + if (!p_msg0 || + (msg0_size != sizeof(sample_ra_msg0_t))) + { + return -1; + } + uint32_t extended_epid_group_id = p_msg0->extended_epid_group_id; + + // Check to see if we have registered with the attestation server yet? + if (!g_is_sp_registered || + (g_sp_extended_epid_group_id != NULL && g_sp_extended_epid_group_id->extended_epid_group_id != extended_epid_group_id)) + { + // Check to see if the extended_epid_group_id is supported? + ret = SP_UNSUPPORTED_EXTENDED_EPID_GROUP; + for (size_t i = 0; i < sizeof(g_extended_epid_groups) / sizeof(sample_extended_epid_group); i++) + { + if (g_extended_epid_groups[i].extended_epid_group_id == extended_epid_group_id) + { + g_sp_extended_epid_group_id = &(g_extended_epid_groups[i]); + // In the product, the SP will establish a mutually + // authenticated SSL channel. During the enrollment process, the ISV + // registers it exchanges TLS certs with attestation server and obtains an SPID and + // Report Key from the attestation server. + // For a product attestation server, enrollment is an offline process. See the 'on-boarding' + // documentation to get the information required. The enrollment process is + // simulated by a call in this sample. + ret = g_sp_extended_epid_group_id->enroll(g_sp_credentials, &g_spid, + &g_authentication_token); + if (0 != ret) + { + ret = SP_IAS_FAILED; + break; + } + + g_is_sp_registered = true; + ret = SP_OK; + break; + } + } + } + else + { + ret = SP_OK; + } + + return ret; +} + // Verify message 1 then generate and return message 2 to isv. int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, uint32_t msg1_size, @@ -117,56 +183,24 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, return -1; } + // Check to see if we have registered? + if (!g_is_sp_registered) + { + return SP_UNSUPPORTED_EXTENDED_EPID_GROUP; + } + do { - // Check to see if we have registered with the IAS yet? - if(!g_is_sp_registered) - { - do - { - // @IAS_Q: What are the sp credentials? - // @IAS_Q: What is in the authentication token - // In the product, the SP will establish a mutually - // authenticated SSL channel. The authentication token is - // based on this channel. - // @TODO: Convert this call to a 'network' send/receive - // once the IAS server is a vaialable. - ret = ias_enroll(g_sp_credentials, &g_spid, - &g_authentication_token); - if(0 != ret) - { - ret = SP_IAS_FAILED; - break; - } - - // IAS may support registering the Enclave Trust Policy. - // Just leave a place holder here - // @IAS_Q: What needs to be sent to the IAS with the policy - // that identifies the SP? - // ret = ias_register_enclave_policy(g_enclave_policy, - // g_authentication_token); - // if(0 != ret) - // { - // break; - // } - - g_is_sp_registered = true; - break; - } while(0); - } - - // Get the sig_rl from IAS using GID. + // Get the sig_rl from attestation server using GID. // GID is Base-16 encoded of EPID GID in little-endian format. - // @IAS_Q: Does the SP need to supply any authentication info to the - // IAS? SPID? - // In the product, the SP and IAS will use an established channel for + // In the product, the SP and attesation server uses an established channel for // communication. uint8_t* sig_rl; uint32_t sig_rl_size = 0; - // @TODO: Convert this call to a 'network' send/receive - // once the IAS server is a vaialable. - ret = ias_get_sigrl(p_msg1->gid, &sig_rl_size, &sig_rl); + // The product interface uses a REST based message to get the SigRL. + + ret = g_sp_extended_epid_group_id->get_sigrl(p_msg1->gid, &sig_rl_size, &sig_rl); if(0 != ret) { fprintf(stderr, "\nError, ias_get_sigrl [%s].", __FUNCTION__); @@ -187,7 +221,7 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, sample_ret = sample_ecc256_open_context(&ecc_state); if(SAMPLE_SUCCESS != sample_ret) { - fprintf(stderr, "\nError, cannot get ECC cotext in [%s].", + fprintf(stderr, "\nError, cannot get ECC context in [%s].", __FUNCTION__); ret = -1; break; @@ -228,6 +262,28 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, break; } +#ifdef SUPPLIED_KEY_DERIVATION + + // smk is only needed for msg2 generation. + derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_SMK_SK, + &g_sp_db.smk_key, &g_sp_db.sk_key); + if(derive_ret != true) + { + fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + ret = SP_INTERNAL_ERROR; + break; + } + + // The rest of the keys are the shared secrets for future communication. + derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_MK_VK, + &g_sp_db.mk_key, &g_sp_db.vk_key); + if(derive_ret != true) + { + fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + ret = SP_INTERNAL_ERROR; + break; + } +#else // smk is only needed for msg2 generation. derive_ret = derive_key(&dh_key, SAMPLE_DERIVE_KEY_SMK, &g_sp_db.smk_key); @@ -265,6 +321,7 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, ret = SP_INTERNAL_ERROR; break; } +#endif uint32_t msg2_size = sizeof(sample_ra_msg2_t) + sig_rl_size; p_msg2_full = (ra_samp_response_header_t*)malloc(msg2_size @@ -278,7 +335,8 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, memset(p_msg2_full, 0, msg2_size + sizeof(ra_samp_response_header_t)); p_msg2_full->type = TYPE_RA_MSG2; p_msg2_full->size = msg2_size; - // @TODO: Set the status properly based on real protocol communication. + // The simulated message2 always passes. This would need to be set + // accordingly in a real service provider implementation. p_msg2_full->status[0] = 0; p_msg2_full->status[1] = 0; p_msg2 = (sample_ra_msg2_t *)p_msg2_full->body; @@ -298,9 +356,13 @@ int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, // signature type and to understand the implications of the choice! p_msg2->quote_type = SAMPLE_QUOTE_LINKABLE_SIGNATURE; - +#ifdef SUPPLIED_KEY_DERIVATION +//isv defined key derivation function id +#define ISV_KDF_ID 2 + p_msg2->kdf_id = ISV_KDF_ID; +#else p_msg2->kdf_id = SAMPLE_AES_CMAC_KDF_ID; - +#endif // Create gb_ga sample_ec_pub_t gb_ga[2]; if(memcpy_s(&gb_ga[0], sizeof(gb_ga[0]), &g_sp_db.g_b, @@ -394,6 +456,11 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, return SP_INTERNAL_ERROR; } + // Check to see if we have registered? + if (!g_is_sp_registered) + { + return SP_UNSUPPORTED_EXTENDED_EPID_GROUP; + } do { // Compare g_a in message 3 with local g_a. @@ -441,7 +508,17 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, p_quote = (sample_quote_t *)p_msg3->quote; - // Verify the the report_data in the Quote matches the expected value. + // Check the quote version if needed. Only check the Quote.version field if the enclave + // identity fields have changed or the size of the quote has changed. The version may + // change without affecting the legacy fields or size of the quote structure. + //if(p_quote->version < ACCEPTED_QUOTE_VERSION) + //{ + // fprintf(stderr,"\nError, quote version is too old.", __FUNCTION__); + // ret = SP_QUOTE_VERSION_ERROR; + // break; + //} + + // Verify the report_data in the Quote matches the expected value. // The first 32 bytes of report_data are SHA256 HASH of {ga|gb|vk}. // The second 32 bytes of report_data are set to zero. sample_ret = sample_sha256_init(&sha_handle); @@ -496,15 +573,14 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, break; } - // Verify Enclave policy (IAS may provide an API for this if we + // Verify Enclave policy (an attestation server may provide an API for this if we // registered an Enclave policy) - // Verify quote with IAS. - // @IAS_Q: What is the proper JSON format for attestation evidence? - ias_att_report_t attestation_report; - // @TODO: Convert this call to a 'network' send/receive - // once the IAS server is a vaialable. - ret = ias_verify_attestation_evidence(p_quote, NULL, + // Verify quote with attestation server. + // In the product, an attestation server could use a REST message and JSON formatting to request + // attestation Quote verification. The sample only simulates this interface. + ias_att_report_t attestation_report = {0}; + ret = g_sp_extended_epid_group_id->verify_attestation_evidence(p_quote, NULL, &attestation_report); if(0 != ret) { @@ -519,14 +595,13 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, attestation_report.revocation_reason); // attestation_report.info_blob; fprintf(OUTPUT, "\n\tpse_status: %d.", attestation_report.pse_status); - // Check if Platform_Info_Blob is available. - // @TODO: Currenlty, the IAS spec says this will not be available if - // no info blob status flags are set. For now, assume it is always - // there until we have the full message format definition. + // Note: This sample always assumes the PIB is sent by attestation server. In the product + // implementation, the attestation server could only send the PIB for certain attestation + // report statuses. A product SP implementation needs to handle cases + // where the PIB is zero length. // Respond the client with the results of the attestation. - uint32_t att_result_msg_size = sizeof(sample_ra_att_result_msg_t) - + attestation_report.policy_report_size; + uint32_t att_result_msg_size = sizeof(sample_ra_att_result_msg_t); p_att_result_msg_full = (ra_samp_response_header_t*)malloc(att_result_msg_size + sizeof(ra_samp_response_header_t) + sizeof(g_secret)); @@ -552,15 +627,13 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, p_att_result_msg = (sample_ra_att_result_msg_t *)p_att_result_msg_full->body; - // @TODO: In the product, the HTTP response header itself will have + // In a product implementation of attestation server, the HTTP response header itself could have // an RK based signature that the service provider needs to check here. // The platform_info_blob signature will be verified by the client - // if needed. No need to have the Service Provider to check it. + // when sent. No need to have the Service Provider to check it. The SP + // should pass it down to the application for further analysis. - // @TODO: Verify the enlcave policy report if they are to be supported - // by IAS. Otherwise, the SP will need to check the ISV enclave report - // itself. fprintf(OUTPUT, "\n\n\tEnclave Report:"); fprintf(OUTPUT, "\n\tSignature Type: 0x%x", p_quote->sign_type); fprintf(OUTPUT, "\n\tSignature Basename: "); @@ -602,7 +675,12 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, p_quote->report_body.isv_prod_id); fprintf(OUTPUT, "\n\tisv_svn: 0x%0x",p_quote->report_body.isv_svn); fprintf(OUTPUT, "\n"); - // @TODO do a real check here. + + // A product service provider needs to verify that its enclave properties + // match what is expected. The SP needs to check these values before + // trusting the enclave. For the sample, we always pass the policy check. + // Attestation server only verifies the quote structure and signature. It does not + // check the identity of the enclave. bool isv_policy_passed = true; // Assemble Attestation Result Message diff --git a/SampleCode/RemoteAttestation/service_provider/service_provider.h b/SampleCode/RemoteAttestation/service_provider/service_provider.h index 820e39072a..83a7522e07 100644 --- a/SampleCode/RemoteAttestation/service_provider/service_provider.h +++ b/SampleCode/RemoteAttestation/service_provider/service_provider.h @@ -44,11 +44,13 @@ extern "C" { typedef enum { SP_OK, + SP_UNSUPPORTED_EXTENDED_EPID_GROUP, SP_INTEGRITY_FAILED, SP_QUOTE_VERIFICATION_FAILED, SP_IAS_FAILED, SP_INTERNAL_ERROR, SP_PROTOCOL_ERROR, + SP_QUOTE_VERSION_ERROR, } sp_ra_msg_status_t; #pragma pack(push,1) @@ -62,7 +64,7 @@ typedef struct sample_ec_pub_t uint8_t gy[SAMPLE_ECP_KEY_SIZE]; } sample_ec_pub_t; -//fixed length to align with internal structure +/*fixed length to align with internal structure*/ typedef struct sample_ps_sec_prop_desc_t { uint8_t sample_ps_sec_prop_desc[256]; @@ -76,41 +78,49 @@ typedef uint8_t sample_key_128bit_t[16]; typedef sample_key_128bit_t sample_ra_key_128_t; +typedef struct sample_ra_msg0_t +{ + uint32_t extended_epid_group_id; +} sample_ra_msg0_t; + + typedef struct sample_ra_msg1_t { - sample_ec_pub_t g_a; // the Endian-ness of Ga is - // Little-Endian - sample_epid_group_id_t gid; // the Endian-ness of GID is - // Little-Endian + sample_ec_pub_t g_a; /* the Endian-ness of Ga is + Little-Endian*/ + sample_epid_group_id_t gid; /* the Endian-ness of GID is + Little-Endian*/ } sample_ra_msg1_t; -//Key Derivation Function ID : 0x0001 AES-CMAC Entropy Extraction and Key Expansion +/*Key Derivation Function ID : 0x0001 AES-CMAC Entropy Extraction and Key Expansion*/ const uint16_t SAMPLE_AES_CMAC_KDF_ID = 0x0001; typedef struct sample_ra_msg2_t { - sample_ec_pub_t g_b; // the Endian-ness of Gb is - // Little-Endian - sample_spid_t spid; - uint16_t quote_type; /* unlinkable Quote(0) or linkable Quote(0) in little endian*/ - uint16_t kdf_id; /* key derivation function id in little endian. + sample_ec_pub_t g_b; /* the Endian-ness of Gb is + Little-Endian*/ + sample_spid_t spid; /* In little endian*/ + uint16_t quote_type; /* unlinkable Quote(0) or linkable Quote(0) in little endian*/ + uint16_t kdf_id; /* key derivation function id in little endian. 0x0001 for AES-CMAC Entropy Extraction and Key Derivation */ - sample_ec_sign256_t sign_gb_ga; // In little endian - sample_mac_t mac; // mac_smk(g_b||spid||quote_type|| - // sign_gb_ga) + sample_ec_sign256_t sign_gb_ga; /* In little endian*/ + sample_mac_t mac; /* mac_smk(g_b||spid||quote_type|| + sign_gb_ga)*/ uint32_t sig_rl_size; - uint8_t sig_rl[]; + uint8_t sig_rl[]; } sample_ra_msg2_t; typedef struct sample_ra_msg3_t { - sample_mac_t mac; // mac_smk(g_a||ps_sec_prop||quote) - sample_ec_pub_t g_a; // the Endian-ness of Ga is - // Little-Endian + sample_mac_t mac; /* mac_smk(g_a||ps_sec_prop||quote)*/ + sample_ec_pub_t g_a; /* the Endian-ness of Ga is*/ + /* Little-Endian*/ sample_ps_sec_prop_desc_t ps_sec_prop; - uint8_t quote[]; + uint8_t quote[]; } sample_ra_msg3_t; +int sp_ra_proc_msg0_req(const sample_ra_msg0_t *p_msg0, + uint32_t msg0_size); int sp_ra_proc_msg1_req(const sample_ra_msg1_t *p_msg1, uint32_t msg1_size, @@ -123,6 +133,27 @@ int sp_ra_proc_msg3_req(const sample_ra_msg3_t *p_msg3, int sp_ra_free_msg2( sample_ra_msg2_t *p_msg2); + + +typedef int (*sample_enroll)(int sp_credentials, sample_spid_t* spid, + int* authentication_token); + +typedef int(*sample_get_sigrl)(const sample_epid_group_id_t gid, uint32_t* p_sig_rl_size, + uint8_t** p_sig_rl); + +typedef int(*sample_verify_attestation_evidence)(sample_quote_t* p_isv_quote, + uint8_t* pse_manifest, + ias_att_report_t* attestation_verification_report); + + +typedef struct sample_extended_epid_group +{ + uint32_t extended_epid_group_id; + sample_enroll enroll; + sample_get_sigrl get_sigrl; + sample_verify_attestation_evidence verify_attestation_evidence; +} sample_extended_epid_group; + #ifdef __cplusplus } #endif diff --git a/SampleCode/SampleEnclave/Enclave/Enclave.config.xml b/SampleCode/SampleEnclave/Enclave/Enclave.config.xml index a94d12f001..c9533851cf 100644 --- a/SampleCode/SampleEnclave/Enclave/Enclave.config.xml +++ b/SampleCode/SampleEnclave/Enclave/Enclave.config.xml @@ -1,4 +1,3 @@ - 0 0 diff --git a/SampleCode/SampleEnclave/Makefile b/SampleCode/SampleEnclave/Makefile index 3885ed8b58..dc4fa2c84a 100644 --- a/SampleCode/SampleEnclave/Makefile +++ b/SampleCode/SampleEnclave/Makefile @@ -119,6 +119,14 @@ Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/i Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ @@ -150,7 +158,7 @@ all: $(App_Name) $(Enclave_Name) @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." @echo "To sign the enclave use the command:" @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" - @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." + @echo "You can also sign the enclave using an external signing tool." @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." else all: $(App_Name) $(Signed_Enclave_Name) diff --git a/common/inc/internal/arch.h b/common/inc/internal/arch.h index 876e2aad50..2486e01795 100644 --- a/common/inc/internal/arch.h +++ b/common/inc/internal/arch.h @@ -269,9 +269,9 @@ se_static_assert(sizeof(token_t) == 304); typedef struct _wl_cert_t /* All fields except the mr_signer_list fields, are big-endian integer format */ { - uint16_t version; /* ( 0) White List Cert format version. For 2015, only valid version is 1 */ + uint16_t version; /* ( 0) White List Cert format version. Currently, only valid version is 1 */ uint16_t cert_type; /* ( 2) White List Cert Type. For Enclave Signing Key White List Cert, must be 1 */ - uint16_t provider_id; /* ( 4) Enclave Signing Key White List Provider ID to identify the key used to sign this Enclave signing Key White List Certificate. For 2015, only one White List Provider is approved: WLProviderID-ISecG = 0 */ + uint16_t provider_id; /* ( 4) Enclave Signing Key White List Provider ID to identify the key used to sign this Enclave signing Key White List Certificate. Currently, only one White List Provider is approved: WLProviderID-ISecG = 0 */ uint16_t le_prod_id; /* ( 6) Launch Enclave ProdID the White List Cert applies to. Linux LE-ProdID = 0x20 */ uint32_t wl_version; /* ( 8) Version of the Enclave Signing Key White List. For a specific LE-ProdID, should increase on every WL Cert signing request */ uint32_t entry_number; /* (12) Number of MRSIGNER entries in the Cert. If the White List Certificate allows enclave signed by any key to launch, the White List Cert must only contain one all-0 MRSIGNER entry. */ @@ -279,10 +279,10 @@ typedef struct _wl_cert_t /* All fields except the mr_ }wl_cert_t; typedef struct _wl_provider_cert_t /* All fields are big endian */ { - uint16_t version; /* ( 0) White List Cert format version. For 2015, only valid version is 1 */ + uint16_t version; /* ( 0) White List Cert format version. Currently, only valid version is 1 */ uint16_t cert_type; /* ( 2) White List Cert Type, For Enclave Signing Key White List Signer Cert, must be 0 */ - uint16_t provider_id; /* ( 4) Enclave Signing Key White List Signer ID assigned by the White List Root CA. For 2015, only one White List Provider is approved: WLProviderID-ISecG = 0 */ - uint16_t root_id; /* ( 6) Identify the White List Root CA key used to sign the Cert. For 2015, only one WLRootID is valid: WLRootID-iKGF-Key-0 = 0 */ + uint16_t provider_id; /* ( 4) Enclave Signing Key White List Signer ID assigned by the White List Root CA. Currently, only one White List Provider is approved: WLProviderID-ISecG = 0 */ + uint16_t root_id; /* ( 6) Identify the White List Root CA key used to sign the Cert. Currently, only one WLRootID is valid: WLRootID-iKGF-Key-0 = 0 */ sgx_ec256_public_t pub_key; /* ( 8) ECDSA public key of the Enclave Signing Key White List Provider identified by WLProviderID */ sgx_ec256_signature_t signature; /* (72) ECDSA Signature by WL Root CA identified by WLRootID */ }wl_provider_cert_t; diff --git a/common/inc/internal/linux/xsave_gnu.h b/common/inc/internal/linux/xsave_gnu.h index 960398faaf..5466ba5de6 100644 --- a/common/inc/internal/linux/xsave_gnu.h +++ b/common/inc/internal/linux/xsave_gnu.h @@ -37,12 +37,12 @@ #ifdef __x86_64__ # define ASM_FXSAVE "rex64/fxsave" # define ASM_FXRSTR "rex64/fxrstor" -# define ASM_XSAVE "rex64/xsave" +# define ASM_XSAVE ".byte 0x48,0x0f,0xae,0x21" # define ASM_XRSTR ".byte 0x48,0x0f,0xae,0x2f" #else # define ASM_FXSAVE "fxsave" # define ASM_FXRSTR "fxrstor" -# define ASM_XSAVE "xsave" +# define ASM_XSAVE ".byte 0x0f,0xae,0x21" # define ASM_XRSTR ".byte 0x0f,0xae,0x2f" #endif diff --git a/common/inc/internal/oal/uae_oal_api.h b/common/inc/internal/oal/uae_oal_api.h index 2666fd662b..42c917dddb 100644 --- a/common/inc/internal/oal/uae_oal_api.h +++ b/common/inc/internal/oal/uae_oal_api.h @@ -118,6 +118,27 @@ uae_oal_status_t oal_invoke_service( uint32_t timeout_usec, aesm_error_t *response); +uae_oal_status_t oal_get_whitelist_size( + uint32_t* p_whitelist_size, + uint32_t timeout_usec, + aesm_error_t* result); + +uae_oal_status_t oal_get_whitelist( + uint8_t* p_whitelist, + uint32_t whitelist_size, + uint32_t timeout_usec, + aesm_error_t *result); + +uae_oal_status_t oal_get_extended_epid_group_id( + uint32_t* extended_group_id, + uint32_t timeout_usec, + aesm_error_t *result); + +uae_oal_status_t oal_switch_extended_epid_group( + uint32_t x_group_id, + uint32_t timeout_usec, + aesm_error_t *result); + sgx_status_t oal_map_status(uae_oal_status_t status); sgx_status_t oal_map_result(aesm_error_t result); diff --git a/common/inc/internal/se_version.h b/common/inc/internal/se_version.h index b7bf1bb4a0..74491662f5 100644 --- a/common/inc/internal/se_version.h +++ b/common/inc/internal/se_version.h @@ -28,5 +28,5 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ -#define STRFILEVER "1.5.80.33399" +#define STRFILEVER "1.6.100.34922" diff --git a/common/inc/sgx_quote.h b/common/inc/sgx_quote.h index 06a6ae6c60..aec125e893 100644 --- a/common/inc/sgx_quote.h +++ b/common/inc/sgx_quote.h @@ -78,7 +78,8 @@ typedef struct _quote_t uint16_t sign_type; /* 2 */ sgx_epid_group_id_t epid_group_id; /* 4 */ sgx_isv_svn_t qe_svn; /* 8 */ - uint8_t reserved[6]; /* 10 */ + sgx_isv_svn_t pce_svn; /* 10 */ + uint32_t xeid; /* 12 */ sgx_basename_t basename; /* 16 */ sgx_report_body_t report_body; /* 48 */ uint32_t signature_len; /* 432 */ diff --git a/common/inc/sgx_thread.h b/common/inc/sgx_thread.h index 88af98372e..ee0274c9e3 100644 --- a/common/inc/sgx_thread.h +++ b/common/inc/sgx_thread.h @@ -105,6 +105,7 @@ int SGXAPI sgx_thread_cond_signal(sgx_thread_cond_t *cond); int SGXAPI sgx_thread_cond_broadcast(sgx_thread_cond_t *cond); sgx_thread_t SGXAPI sgx_thread_self(void); +int sgx_thread_equal(sgx_thread_t a, sgx_thread_t b); #ifdef __cplusplus } diff --git a/common/inc/sgx_tkey_exchange.h b/common/inc/sgx_tkey_exchange.h index f2fb9d0f75..eb8e27f6e3 100644 --- a/common/inc/sgx_tkey_exchange.h +++ b/common/inc/sgx_tkey_exchange.h @@ -58,8 +58,6 @@ extern "C" { * SGX_ERROR_INVALID_PARAMETER Indicates an error that * the input parameters are * invalid. - * SGX_ERROR_KDF_MISMATCH Indicates key derivation - * function doesn't match. * SGX_ERROR_OUT_OF_MEMORY There is not enough * memory available to * complete this operation. @@ -73,6 +71,75 @@ sgx_status_t SGXAPI sgx_ra_init( int b_pse, sgx_ra_context_t *p_context); +/* + * The sgx_ra_derive_secret_keys_t function should takes the Diffie-Hellman + * shared secret as input to allow the ISV enclave to generate their own derived + * shared keys (SMK, SK, MK and VK). + * + * @param p_shared_key The the Diffie-Hellman shared secret. + * @param kdf_id, Key Derivation Function ID + * @param p_smk_key The output SMK. + * @param p_sk_key The output SK. + * @param p_mk_key The output MK. + * @param p_vk_key The output VK. + * @return sgx_status_t SGX_SUCCESS Indicates success. + * SGX_ERROR_INVALID_PARAMETER Indicates an error that + * the input parameters are + * invalid. + * SGX_ERROR_KDF_MISMATCH Indicates key derivation + * function doesn't match. + * SGX_ERROR_OUT_OF_MEMORY There is not enough + * memory available to + * complete this operation. + * SGX_ERROR_UNEXPECTED Indicates an unexpected + * error occurs. + */ + +typedef sgx_status_t(*sgx_ra_derive_secret_keys_t)( + const sgx_ec256_dh_shared_t* p_shared_key, + uint16_t kdf_id, + sgx_ec_key_128bit_t* p_smk_key, + sgx_ec_key_128bit_t* p_sk_key, + sgx_ec_key_128bit_t* p_mk_key, + sgx_ec_key_128bit_t* p_vk_key); + +/* + * The sgx_ra_init_ex function creates a context for the remote attestation and + * key exchange process asociated with a key derive function. + * + * @param p_pub_key The EC public key of the service provider based on the NIST + * P-256 elliptic curve. + * @param b_pse If true, platform service information is needed in message + * 3. The caller should make sure a PSE session has been + * established using sgx_create_pse_session before attempting + * to establish a remote attestation and key exchange session + * involving platform service information. + * @param derive_key_cb A pointer to a call back routine matching the + * function prototype of sgx_ra_derive_secret_keys_t. This + * function takes the Diffie-Hellman shared secret as input + * to allow the ISV enclave to generate their own derived + * shared keys (SMK, SK, MK and VK). + * @param p_context The output context for the subsequent remote attestation + * and key exchange process, to be used in sgx_ra_get_msg1 and + * sgx_ra_get_msg2. + * @return sgx_status_t SGX_SUCCESS Indicates success. + * SGX_ERROR_INVALID_PARAMETER Indicates an error that + * the input parameters are + * invalid. + * SGX_ERROR_OUT_OF_MEMORY There is not enough + * memory available to + * complete this operation. + * SGX_ERROR_AE_SESSION_INVALID Session is invalid or + * ended by server. + * SGX_ERROR_UNEXPECTED Indicates an unexpected + * error occurs. + */ + +sgx_status_t SGXAPI sgx_ra_init_ex( + const sgx_ec256_public_t *p_pub_key, + int b_pse, + sgx_ra_derive_secret_keys_t derive_key_cb, + sgx_ra_context_t *p_context); /* * The sgx_ra_get_keys function is used to get the negotiated keys of a remote * attestation and key exchange session. This function should only be called diff --git a/common/inc/sgx_uae_service.h b/common/inc/sgx_uae_service.h index 5380c59a57..ff668b131b 100644 --- a/common/inc/sgx_uae_service.h +++ b/common/inc/sgx_uae_service.h @@ -121,6 +121,31 @@ sgx_status_t SGXAPI sgx_get_quote( */ sgx_status_t SGXAPI sgx_get_ps_cap(sgx_ps_cap_t* p_sgx_ps_cap); +/** + * Get the white list's size + * + * @param p_whitelist_size Save the size of the white list. + * @return if OK, return SGX_SUCCESS + */ +sgx_status_t SGXAPI sgx_get_whitelist_size(uint32_t* p_whitelist_size); + +/** + * Get the white list value + * + * @param p_whitelist Save the white list value + * @param whitelist_size The size of the white list and the read data size is whitelist_size + * @return if OK, return SGX_SUCCESS + */ +sgx_status_t SGXAPI sgx_get_whitelist(uint8_t* p_whitelist, uint32_t whitelist_size); + +/** + * Get the extended epid group id + * + * @param p_extended_epid_group_id Save the extended epid group id. + * @return if OK, return SGX_SUCCESS + */ +sgx_status_t SGXAPI sgx_get_extended_epid_group_id(uint32_t* p_extended_epid_group_id); + #define SGX_IS_TRUSTED_TIME_AVAILABLE(cap) ((((uint32_t)PS_CAP_TRUSTED_TIME)&((cap).ps_cap0))!=0) #define SGX_IS_MONOTONIC_COUNTER_AVAILABLE(cap) ((((uint32_t)PS_CAP_MONOTONIC_COUNTER)&((cap).ps_cap0))!=0) diff --git a/common/inc/tlibc/setjmp.h b/common/inc/tlibc/setjmp.h new file mode 100644 index 0000000000..ac5627f7ea --- /dev/null +++ b/common/inc/tlibc/setjmp.h @@ -0,0 +1,64 @@ +/* $NetBSD: setjmp.h,v 1.26 2011/11/05 09:27:06 joerg Exp $ */ + +/*- + * Copyright (c) 1990, 1993 + * The Regents of the University of California. All rights reserved. + * (c) UNIX System Laboratories, Inc. + * All or some portions of this file are derived from material licensed + * to the University of California by American Telephone and Telegraph + * Co. or Unix System Laboratories, Inc. and are reproduced herein with + * the permission of UNIX System Laboratories, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * @(#)setjmp.h 8.2 (Berkeley) 1/21/94 + */ + +#ifndef _SETJMP_H_ +#define _SETJMP_H_ + +#ifndef _JB_ATTRIBUTES +#define _JB_ATTRIBUTES /**/ +#else +#endif +#ifndef _BSD_JBSLOT_T_ +#define _BSD_JBSLOT_T_ long +#endif + +#define _JBLEN 8 + +typedef _BSD_JBSLOT_T_ jmp_buf[_JBLEN] _JB_ATTRIBUTES; + +#include +#define __returns_twice __attribute__((__returns_twice__)) +#define __dead + +__BEGIN_DECLS +int _setjmp(jmp_buf) __returns_twice; +void _longjmp(jmp_buf, int) __dead; +__END_DECLS + +#endif /* !_SETJMP_H_ */ + diff --git a/download_prebuilt.sh b/download_prebuilt.sh index 84533dd102..f106f41c95 100755 --- a/download_prebuilt.sh +++ b/download_prebuilt.sh @@ -33,10 +33,11 @@ top_dir=`dirname $0` out_dir=$top_dir/psw/ae/data/prebuilt -server_url=https://01.org/sites/default/files/downloads/intelr-software-guard-extensions-linux-os/sgxprebuilt-1.5.80.27216.tar +file_name=sgxprebuilt-1.6.100.34040.tar +server_url=https://download.01.org/intel-sgx/linux-1.6/$file_name wget $server_url -P $out_dir if [ $? -ne 0 ]; then echo "Fail to download file $server_url" exit -1 fi -pushd $out_dir;tar -xf sgxprebuilt-1.5.80.27216.tar;rm -rf sgxprebuilt-1.5.80.27216.tar;popd +pushd $out_dir;tar -xf $file_name;rm -rf $file_name;popd diff --git a/external/epid/inc/epid_types.h b/external/epid/inc/epid_types.h index eb4b9d873f..ea42c8a623 100644 --- a/external/epid/inc/epid_types.h +++ b/external/epid/inc/epid_types.h @@ -92,9 +92,9 @@ typedef struct G2ElemStr { } G2ElemStr; /// Serialized GT element -typedef struct GtElemStr { +typedef struct GTElemStr { FqElemStr x[12]; ///< an integer between [0, q-1] -} GtElemStr; +} GTElemStr; typedef FpElemStr PElemStr; typedef OctStr32 RLver_t; @@ -282,6 +282,32 @@ typedef struct VerifierRl { G1ElemStr K[1]; ///< elements in G1 (flexible array) } VerifierRl; +/*! +* \brief +* member pre-computation blob +* +* \note e12 = 0 implies that this blob is not valid +*/ +typedef struct _MemberPrecomp { + GTElemStr e12; ///< an element in GT + GTElemStr e22; ///< an element in GT + GTElemStr e2w; ///< an element in GT + GTElemStr ea2; ///< an element in GT +} MemberPrecomp; + +/*! + * \brief + * verifier pre-computation blob + * + * \note e12 = 0 implies that this blob is not valid +*/ +typedef struct _VerifierPrecomp { + GTElemStr e12; ///< an element in GT + GTElemStr e22; ///< an element in GT + GTElemStr e2w; ///< an element in GT + GTElemStr eg12; ///< an element in GT +} VerifierPrecomp; + /// element to store seed values for later rekey typedef G1ElemStr ReKeySeed; diff --git a/external/rdrand/rdrand.h b/external/rdrand/rdrand.h index ee25cf5986..9a9cbd32df 100644 --- a/external/rdrand/rdrand.h +++ b/external/rdrand/rdrand.h @@ -1,4 +1,4 @@ -/* Copyright © 2012, Intel Corporation. All rights reserved. +/* Copyright © 2012, Intel Corporation. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: diff --git a/linux/installer/bin/install-sgx-psw.bin.tmpl b/linux/installer/bin/install-sgx-psw.bin.tmpl index 4c36e367ff..6b05b4f849 100755 --- a/linux/installer/bin/install-sgx-psw.bin.tmpl +++ b/linux/installer/bin/install-sgx-psw.bin.tmpl @@ -32,8 +32,14 @@ modinfo isgx &> /dev/null if [[ $? != "0" ]]; then - echo "Please install the driver package before the PSW package" - exit 4 + lsmod | grep isgx &> /dev/null + if [[ $? = "0" ]]; then + echo "Warning: You did not follow the document to install the driver package" + echo + else + echo "Please install the driver package before the PSW package" + exit 4 + fi fi set -e @@ -58,6 +64,12 @@ if [[ $ARCH != $PKG_ARCH ]]; then exit 4 fi +INSTALL_PATH=/opt/intel/sgxpsw +if [ -d "$INSTALL_PATH" ]; then + echo "$PKG_NAME already exists in $INSTALL_PATH, please uninstall it first!" + exit 4 +fi + PATH=/usr/bin:/bin umask 022 diff --git a/linux/installer/bin/install-sgx-sdk.bin.tmpl b/linux/installer/bin/install-sgx-sdk.bin.tmpl index 71457ba804..da55ba4db3 100755 --- a/linux/installer/bin/install-sgx-sdk.bin.tmpl +++ b/linux/installer/bin/install-sgx-sdk.bin.tmpl @@ -34,10 +34,43 @@ set -e PKG_NAME="Intel SGX SDK" -if test $(id -u) -ne 0; then - echo "Root privilege is required to install $PKG_NAME." - exit 4 -fi +select_install_path() +{ + USER_INPUT_PATH=$(pwd) + echo + echo -n "Do you want to install in current directory? [yes/no] : " + read ANSWER + + if [ "$ANSWER" == "yes" ]; then + if [ ! -d "$USER_INPUT_PATH" ] || [ ! -w "$USER_INPUT_PATH" ]; then + echo "Can not install in $USER_INPUT_PATH, please check the permission!" + exit 4 + fi + else + echo + echo -n "Please input the directory which you want to install in : " + read USER_INPUT_PATH + + eval USER_INPUT_PATH="$USER_INPUT_PATH" + + if [ -d "$USER_INPUT_PATH" ]; then + if [ ! -w "$USER_INPUT_PATH" ]; then + echo "Can not install in $USER_INPUT_PATH, please check the permission!" + exit 4 + fi + else + mkdir -p "$USER_INPUT_PATH" + if [ "$?" != "0" ]; then + echo "Can not install in $USER_INPUT_PATH, please check the permission!" + exit 4 + fi + fi + fi + + USER_INPUT_PATH=$(cd "$USER_INPUT_PATH"; pwd -P) +} + +select_install_path PATH=/usr/bin:/bin umask 022 @@ -79,13 +112,49 @@ echo " done." pushd ${SDK_TEMP_FOLDER} +sed -i "s#\(SGX_PACKAGES_PATH=\).*#\1$USER_INPUT_PATH#" scripts/installConfig source scripts/installConfig -make install +make install INSTALLER_FORM=BIN popd -${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/scripts/install.sh +${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/scripts/install.sh BIN rm -fr ${SDK_TEMP_FOLDER} +export_the_simulation() +{ + if [ ! -d ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs ]; then + mkdir ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs + else + rm -f ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs/libsgx_urts_sim.so + rm -f ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs/libsgx_uae_service_sim.so + fi + ln -s ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/${LIB_DIR}/libsgx_urts_sim.so ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs/ + ln -s ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/${LIB_DIR}/libsgx_uae_service_sim.so ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/sdk_libs/ +} + +generate_environment_script() +{ + cat > ${SGX_PACKAGES_PATH}/${SDK_PKG_NAME}/environment </build/linux/libsgx_le.signed.so /package/aesm/libsgx_le.signed.so 0 main STP /build/linux/libsgx_pve.signed.so /package/aesm/libsgx_pve.signed.so 0 main STP /build/linux/libsgx_qe.signed.so /package/aesm/libsgx_qe.signed.so 0 main STP +/build/linux/libsgx_pce.signed.so /package/aesm/libsgx_pce.signed.so 0 main STP /linux/installer/common/psw/install.sh /scripts/install.sh 0 main STP /linux/installer/common/psw/Makefile /Makefile 0 main STP /psw/ae/aesm_service/config/network/aesmd.conf /package/aesm/conf/aesmd.conf 0 main STP diff --git a/linux/installer/common/psw/Makefile b/linux/installer/common/psw/Makefile index 648f6ee7b0..cabc076516 100644 --- a/linux/installer/common/psw/Makefile +++ b/linux/installer/common/psw/Makefile @@ -34,7 +34,7 @@ include scripts/installConfig SOURCE_FOLDER=package SCRIPTS_FOLDER=scripts -INSTALL_PATH=$(DESTDIR)/$(SGX_PACKAGES_PATH)/$(PSW_PKG_NAME) +INSTALL_PATH=$(shell readlink -m $(DESTDIR)/$(SGX_PACKAGES_PATH)/$(PSW_PKG_NAME)) SOURCE_INSTALL_PATH=$(INSTALL_PATH) SCRIPTS_INSTALL_PATH=$(INSTALL_PATH)/$(SCRIPTS_FOLDER) PSW_LIB_PATH=$(SOURCE_INSTALL_PATH)/$(LIB_DIR) diff --git a/linux/installer/common/psw/createTarball.sh b/linux/installer/common/psw/createTarball.sh index 79d1df3506..aa89c97c75 100755 --- a/linux/installer/common/psw/createTarball.sh +++ b/linux/installer/common/psw/createTarball.sh @@ -53,6 +53,9 @@ get_arch() ARCH=$(get_arch) +# Get the configuration for this package +source ${SCRIPT_DIR}/installConfig.${ARCH} + # Fetch the gen_source script cp ${LINUX_INSTALLER_COMMON_DIR}/gen_source/gen_source.py ${SCRIPT_DIR} @@ -62,8 +65,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/psw_${ARCH}.txt --cleanup=false python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false # Create the tarball -source ${SCRIPT_DIR}/installConfig.${ARCH} - pushd ${INSTALL_PATH} &> /dev/null tar -zcvf ${TARBALL_NAME} * popd &> /dev/null diff --git a/linux/installer/common/psw/install.sh b/linux/installer/common/psw/install.sh index 5e38a9b449..8b5be3c5dd 100755 --- a/linux/installer/common/psw/install.sh +++ b/linux/installer/common/psw/install.sh @@ -122,6 +122,8 @@ rm -f /usr/lib/libsgx_urts.so # Removing AESM folder rm -fr $PSW_DST_PATH +# Removing AESM user and group +/usr/sbin/userdel aesmd EOF chmod +x $PSW_DST_PATH/uninstall.sh @@ -135,7 +137,7 @@ fi echo -e "\nuninstall.sh script generated in $PSW_DST_PATH\n" -echo -e "Installation successful!" +echo -e "Installation is successful!" rm -fr $PSW_DST_PATH/scripts diff --git a/linux/installer/common/sdk/BOMs/sdk_base.txt b/linux/installer/common/sdk/BOMs/sdk_base.txt index 2c74e5a803..4cb36ef406 100644 --- a/linux/installer/common/sdk/BOMs/sdk_base.txt +++ b/linux/installer/common/sdk/BOMs/sdk_base.txt @@ -60,6 +60,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /common/inc/tlibc/unistd.h /package/include/tlibc/unistd.h 0 main STP /common/inc/tlibc/wchar.h /package/include/tlibc/wchar.h 0 main STP /common/inc/tlibc/wctype.h /package/include/tlibc/wctype.h 0 main STP +/common/inc/tlibc/setjmp.h /package/include/tlibc/setjmp.h 0 main STP /common/src/se_memory.c /package/ptrace/se_memory.c 0 main STP /common/src/se_trace.c /package/ptrace/se_trace.c 0 main STP /linux/installer/common/sdk/install.sh /scripts/install.sh 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_x64.txt b/linux/installer/common/sdk/BOMs/sdk_x64.txt index 0d8926c423..c11decedc5 100644 --- a/linux/installer/common/sdk/BOMs/sdk_x64.txt +++ b/linux/installer/common/sdk/BOMs/sdk_x64.txt @@ -13,6 +13,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/libsgx_tservice_sim.a /package/lib64/libsgx_tservice_sim.a 0 main STP /build/linux/libsgx_tstdc.a /package/lib64/libsgx_tstdc.a 0 main STP /build/linux/libsgx_tstdcxx.a /package/lib64/libsgx_tstdcxx.a 0 main STP +/build/linux/libsgx_tsetjmp.a /package/lib64/libsgx_tsetjmp.a 0 main STP /build/linux/libsgx_uae_service_deploy.so /package/lib64/libsgx_uae_service.so 0 main STP /build/linux/libsgx_uae_service_sim.so /package/lib64/libsgx_uae_service_sim.so 0 main STP /build/linux/libsgx_ukey_exchange.a /package/lib64/libsgx_ukey_exchange.a 0 main STP @@ -23,3 +24,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/sgx_edger8r /package/bin/x64/sgx_edger8r 0 main STP /build/linux/sgx_sign /package/bin/x64/sgx_sign 0 main STP /linux/installer/common/sdk/installConfig.x64 /scripts/installConfig 0 main STP +/linux/installer/common/sdk/pkgconfig/x64/libsgx_uae_service_sim.pc /package/pkgconfig/libsgx_uae_service_sim.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x64/libsgx_urts_sim.pc /package/pkgconfig/libsgx_urts_sim.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x64/libsgx_uae_service.pc /package/pkgconfig/libsgx_uae_service.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x64/libsgx_urts.pc /package/pkgconfig/libsgx_urts.pc 0 main STP diff --git a/linux/installer/common/sdk/BOMs/sdk_x86.txt b/linux/installer/common/sdk/BOMs/sdk_x86.txt index 23f3b47a2b..6555739e2a 100644 --- a/linux/installer/common/sdk/BOMs/sdk_x86.txt +++ b/linux/installer/common/sdk/BOMs/sdk_x86.txt @@ -13,6 +13,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/libsgx_tservice_sim.a /package/lib/libsgx_tservice_sim.a 0 main STP /build/linux/libsgx_tstdc.a /package/lib/libsgx_tstdc.a 0 main STP /build/linux/libsgx_tstdcxx.a /package/lib/libsgx_tstdcxx.a 0 main STP +/build/linux/libsgx_tsetjmp.a /package/lib/libsgx_tsetjmp.a 0 main STP /build/linux/libsgx_uae_service_deploy.so /package/lib/libsgx_uae_service.so 0 main STP /build/linux/libsgx_uae_service_sim.so /package/lib/libsgx_uae_service_sim.so 0 main STP /build/linux/libsgx_ukey_exchange.a /package/lib/libsgx_ukey_exchange.a 0 main STP @@ -23,3 +24,7 @@ DeliveryName InstallName FileCheckSum FileFeature FileOwner /build/linux/sgx_edger8r /package/bin/x86/sgx_edger8r 0 main STP /build/linux/sgx_sign /package/bin/x86/sgx_sign 0 main STP /linux/installer/common/sdk/installConfig.x86 /scripts/installConfig 0 main STP +/linux/installer/common/sdk/pkgconfig/x86/libsgx_uae_service_sim.pc /package/pkgconfig/libsgx_uae_service_sim.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x86/libsgx_urts_sim.pc /package/pkgconfig/libsgx_urts_sim.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x86/libsgx_uae_service.pc /package/pkgconfig/libsgx_uae_service.pc 0 main STP +/linux/installer/common/sdk/pkgconfig/x86/libsgx_urts.pc /package/pkgconfig/libsgx_urts.pc 0 main STP diff --git a/linux/installer/common/sdk/Makefile b/linux/installer/common/sdk/Makefile index 68363821d5..33f71323bb 100644 --- a/linux/installer/common/sdk/Makefile +++ b/linux/installer/common/sdk/Makefile @@ -34,7 +34,7 @@ include scripts/installConfig SOURCE_FOLDER=package SCRIPTS_FOLDER=scripts -INSTALL_PATH=$(DESTDIR)/$(SGX_PACKAGES_PATH)/$(SDK_PKG_NAME) +INSTALL_PATH=$(shell readlink -m $(DESTDIR)/$(SGX_PACKAGES_PATH)/$(SDK_PKG_NAME)) SOURCE_INSTALL_PATH=$(INSTALL_PATH) SCRIPTS_INSTALL_PATH=$(INSTALL_PATH)/$(SCRIPTS_FOLDER) SDK_LIB_PATH=$(SOURCE_INSTALL_PATH)/$(LIB_DIR) @@ -44,8 +44,27 @@ default: install: install -d $(SOURCE_INSTALL_PATH) install -d $(SCRIPTS_INSTALL_PATH) + +ifneq ($(INSTALLER_FORM),BIN) install -d $(DESTDIR)/usr/lib + install -d $(DESTDIR)/usr/lib/pkgconfig +endif + cp -r $(SOURCE_FOLDER)/* $(SOURCE_INSTALL_PATH) install $(SCRIPTS_FOLDER)/* $(SCRIPTS_INSTALL_PATH) + +ifeq ($(INSTALLER_FORM),BIN) + @sed -i "s#\(prefix=\).*#\1$(INSTALL_PATH)#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_uae_service_sim.pc + @sed -i "s#\(prefix=\).*#\1$(INSTALL_PATH)#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_urts_sim.pc + @sed -i "s#\(prefix=\).*#\1$(INSTALL_PATH)#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_uae_service.pc + @sed -i "s#\(prefix=\).*#\1$(INSTALL_PATH)#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_urts.pc +else + @sed -i "s#\(libdir=\).*#\1/usr/lib#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_uae_service_sim.pc + @sed -i "s#\(libdir=\).*#\1/usr/lib#" $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_urts_sim.pc mv $(SDK_LIB_PATH)/libsgx_uae_service_sim.so $(DESTDIR)/usr/lib mv $(SDK_LIB_PATH)/libsgx_urts_sim.so $(DESTDIR)/usr/lib + mv $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_uae_service_sim.pc $(DESTDIR)/usr/lib/pkgconfig + mv $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_urts_sim.pc $(DESTDIR)/usr/lib/pkgconfig + mv $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_uae_service.pc $(DESTDIR)/usr/lib/pkgconfig + mv $(SOURCE_INSTALL_PATH)/pkgconfig/libsgx_urts.pc $(DESTDIR)/usr/lib/pkgconfig +endif \ No newline at end of file diff --git a/linux/installer/common/sdk/createTarball.sh b/linux/installer/common/sdk/createTarball.sh index cda3c29a07..69f5253b0e 100755 --- a/linux/installer/common/sdk/createTarball.sh +++ b/linux/installer/common/sdk/createTarball.sh @@ -53,6 +53,32 @@ get_arch() ARCH=$(get_arch) +# Get the configuration for this package +source ${SCRIPT_DIR}/installConfig.${ARCH} + +generate_pkgconfig_files() { + local TEMPLATE_FOLDER=${SCRIPT_DIR}/pkgconfig/template + local TARGET_FOLDER=${SCRIPT_DIR}/pkgconfig/${ARCH} + local VERSION="$1" + + # Create pkgconfig folder for this architecture + rm -fr ${TARGET_FOLDER} + mkdir -p ${TARGET_FOLDER} + + # Copy the template files into the folder + for pkgconfig_file in $(ls -1 ${TEMPLATE_FOLDER}); do + sed -e "s:@LIB_FOLDER_NAME@:$LIB_DIR:" \ + -e "s:@SGX_VERSION@:$VERSION:" \ + ${TEMPLATE_FOLDER}/$pkgconfig_file > ${TARGET_FOLDER}/$pkgconfig_file + done +} + +# Get SGX version +SGX_VERSION=$(awk '/STRFILEVER/ {print $3}' ${ROOT_DIR}/common/inc/internal/se_version.h|sed 's/^\"\(.*\)\"$/\1/') + +# Generate pkgconfig files +generate_pkgconfig_files $SGX_VERSION + # Fetch the gen_source script cp ${LINUX_INSTALLER_COMMON_DIR}/gen_source/gen_source.py ${SCRIPT_DIR} @@ -62,8 +88,6 @@ python ${SCRIPT_DIR}/gen_source.py --bom=BOMs/sdk_${ARCH}.txt --cleanup=false python ${SCRIPT_DIR}/gen_source.py --bom=../licenses/BOM_license.txt --cleanup=false # Create the tarball -source ${SCRIPT_DIR}/installConfig.${ARCH} - pushd ${INSTALL_PATH} &> /dev/null tar -zcvf ${TARBALL_NAME} * popd &> /dev/null diff --git a/linux/installer/common/sdk/install.sh b/linux/installer/common/sdk/install.sh index cea3366a1f..2dde89a988 100755 --- a/linux/installer/common/sdk/install.sh +++ b/linux/installer/common/sdk/install.sh @@ -38,9 +38,14 @@ source ${SCRIPT_DIR}/installConfig # Generate the script to preload SGX ptrace library for gdb SDK_DST_PATH=${SGX_PACKAGES_PATH}/${SDK_PKG_NAME} -GDB_SCRIPT=/usr/bin/sgx-gdb SDK_LIB_PATH=${SDK_DST_PATH}/${LIB_DIR} +if [ "$1" == "BIN" ]; then + GDB_SCRIPT=${SDK_DST_PATH}/bin/sgx-gdb +else + GDB_SCRIPT=/usr/bin/sgx-gdb +fi + generate_gdb_script() { cat > $GDB_SCRIPT < $SDK_DST_PATH/uninstall.sh < $SDK_DST_PATH/uninstall.sh < $SDK_DST_PATH/uninstall.sh < /dev/null + +if [ \$? -ne 0 ]; then + echo "Superuser privilege is required." + exit 1 +fi + +EOF +} + +if [ "$1" == "BIN" ]; then + generate_uninstall_script_for_bin +else + generate_uninstall_script +fi chmod +x $SDK_DST_PATH/uninstall.sh echo -e "uninstall.sh script generated in $SDK_DST_PATH\n" -echo -e "Installation successful! The SDK package can be found in $SDK_DST_PATH" +echo -e "Installation is successful! The SDK package can be found in $SDK_DST_PATH" rm -fr $SDK_DST_PATH/scripts diff --git a/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service.pc b/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service.pc new file mode 100644 index 0000000000..c730204ee2 --- /dev/null +++ b/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service.pc @@ -0,0 +1,10 @@ +prefix=/opt/intel/sgxsdk +includedir=${prefix}/include +libdir=${prefix}/@LIB_FOLDER_NAME@ + +Name: libsgx_uae_service +Description: SGX uAE service library +Version: @SGX_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsgx_uae_service +Libs.private: -lsgx_urts diff --git a/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service_sim.pc b/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service_sim.pc new file mode 100644 index 0000000000..0b470bd588 --- /dev/null +++ b/linux/installer/common/sdk/pkgconfig/template/libsgx_uae_service_sim.pc @@ -0,0 +1,10 @@ +prefix=/opt/intel/sgxsdk +includedir=${prefix}/include +libdir=${prefix}/@LIB_FOLDER_NAME@ + +Name: libsgx_uae_service_sim +Description: SGX uAE service simulation library +Version: @SGX_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsgx_uae_service_sim +Libs.private: -lsgx_urts_sim diff --git a/linux/installer/common/sdk/pkgconfig/template/libsgx_urts.pc b/linux/installer/common/sdk/pkgconfig/template/libsgx_urts.pc new file mode 100644 index 0000000000..4d865487cd --- /dev/null +++ b/linux/installer/common/sdk/pkgconfig/template/libsgx_urts.pc @@ -0,0 +1,10 @@ +prefix=/opt/intel/sgxsdk +includedir=${prefix}/include +libdir=${prefix}/@LIB_FOLDER_NAME@ + +Name: libsgx_urts +Description: SGX uRTS library +Version: @SGX_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsgx_urts +Libs.private: -lsgx_uae_service diff --git a/linux/installer/common/sdk/pkgconfig/template/libsgx_urts_sim.pc b/linux/installer/common/sdk/pkgconfig/template/libsgx_urts_sim.pc new file mode 100644 index 0000000000..f5d18ef37b --- /dev/null +++ b/linux/installer/common/sdk/pkgconfig/template/libsgx_urts_sim.pc @@ -0,0 +1,10 @@ +prefix=/opt/intel/sgxsdk +includedir=${prefix}/include +libdir=${prefix}/@LIB_FOLDER_NAME@ + +Name: libsgx_urts_sim +Description: SGX uRTS simulation library +Version: @SGX_VERSION@ +Cflags: -I${includedir} +Libs: -L${libdir} -lsgx_urts_sim +Libs.private: -lsgx_uae_service_sim diff --git a/psw/ae/Makefile b/psw/ae/Makefile index a9cd1ee544..6f5d4cd851 100644 --- a/psw/ae/Makefile +++ b/psw/ae/Makefile @@ -40,10 +40,10 @@ else endif .PHONY: all -all: $(CURL_RESULT) LE AESM COPY_PVE_QE| $(BUILD_DIR) +all: $(CURL_RESULT) LE AESM COPY_PVE_QE_PCE| $(BUILD_DIR) -.PHONY: COPY_PVE_QE -COPY_PVE_QE: | $(BUILD_DIR) +.PHONY: COPY_PVE_QE_PCE +COPY_PVE_QE_PCE: | $(BUILD_DIR) $(CP) data/prebuilt/* $(BUILD_DIR) .PHONY: AESM diff --git a/psw/ae/aesm_service/Makefile b/psw/ae/aesm_service/Makefile index 0d071dad5f..cb543c73e2 100644 --- a/psw/ae/aesm_service/Makefile +++ b/psw/ae/aesm_service/Makefile @@ -60,6 +60,7 @@ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/oal/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/protobuf/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pve/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/qe/ +INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/pce/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/storage/ INCLUDE += -I$(LINUX_PSW_DIR)/ae/data/constants/linux @@ -72,7 +73,6 @@ INCLUDE += -I$(LINUX_PSW_DIR)/ae/aesm_service/source/epid_provision INCLUDE += -I$(LINUX_EXTERNAL_DIR)/epid/inc INCLUDE += -I$(LINUX_EXTERNAL_DIR)/crypto_px/include/ \ - -I$(LINUX_EXTERNAL_DIR)/tinyxml/ \ -I$(LINUX_EXTERNAL_DIR)/ \ -I$(LINUX_EXTERNAL_DIR)/rdrand \ -I$(IPC_COMMON_INC_DIR) \ @@ -113,13 +113,12 @@ TRTSLIB := -lsgx_trts WHITE_LIST_FILE := $(LINUX_PSW_DIR)/ae/data/prebuilt/white_list_cert_to_be_verify.bin TCRYPTO_LIBDIR := $(LINUX_SDK_DIR)/tlibcrypto -PROTOBUF_LIBDIR := $(LINUX_PROTOBUF)/intel64 VTUNE_LIBDIR := $(LINUX_EXTERNAL_DIR)/vtune/linux/sdk/src/ittnotify RDRAND_LIBDIR :=$(LINUX_EXTERNAL_DIR)/rdrand/src RDRAND_MAKEFILE := $(RDRAND_LIBDIR)/Makefile ifeq ($(ARCH), x86) - PROTOBUF_LIBDIR = $(LINUX_PROTOBUF)/ia32 + VTUNE_LIBDIR = $(LINUX_EXTERNAL_DIR)/vtune/linux/lib32 endif @@ -131,15 +130,11 @@ EXTERNAL_LIB += -L$(LINUX_SE_WRAPPER) -lwrapper -lrt EXTERNAL_LIB += -L$(RDRAND_LIBDIR) -lrdrand EXTERNAL_LIB += -L$(VTUNE_LIBDIR) -littnotify -vpath %.cpp $(COMMON_DIR)/src $(LINUX_EXTERNAL_DIR)/tinyxml ./source/epid_provision $(LINUX_PSW_DIR)/ae/common $(AESM_APPLICATION) $(AESM_EXTENSION) $(AESM_SRC_DIR) $(IPC_COMMON_PROTO_DIR) $(COMMON_DIR)/src $(TOP_DIR)/sdk/tseal +vpath %.cpp $(COMMON_DIR)/src ./source/epid_provision $(LINUX_PSW_DIR)/ae/common $(AESM_APPLICATION) $(AESM_EXTENSION) $(AESM_SRC_DIR) $(IPC_COMMON_PROTO_DIR) $(COMMON_DIR)/src $(TOP_DIR)/sdk/tseal vpath %.cc $(IPC_COMMON_PROTO_DIR) vpath %.c $(TOP_DIR)/sdk/tlibc/string -COMMON_SRC := tinyxmlparser.cpp \ - tinyxmlerror.cpp \ - tinyxml.cpp \ - tinystr.cpp \ - ./source/le/LEClass.cpp \ +COMMON_SRC := ./source/le/LEClass.cpp \ ./source/oal/aesm_util.cpp \ ./source/storage/persistent_storage_table.cpp \ aesm_logic.cpp \ @@ -158,8 +153,10 @@ COMMON_SRC := tinyxmlparser.cpp \ COMMON_SRC += ./source/qe/QEClass.cpp \ ./source/pve/PVEClass.cpp \ + ./source/pce/PCEClass.cpp \ aesm_encode.cpp \ aesm_epid_blob.cpp \ + aesm_xegd_blob.cpp \ epid_provision_msg1.cpp \ epid_provision_msg2.cpp \ epid_provision_msg4.cpp \ @@ -169,6 +166,7 @@ COMMON_SRC += ./source/qe/QEClass.cpp \ ./source/qe/qe_logic.cpp \ ./source/pve/pve_logic.cpp \ platform_info_logic.cpp \ + platform_info_facility.cpp \ pve_pub_key.cpp \ pek_pub_key.cpp \ ./source/network/network_encoding_wrapper.cpp \ @@ -194,6 +192,14 @@ IPC_SRC := $(IPC_COMMON_SRC_DIR)/AECloseSessionRequest.cpp \ $(IPC_COMMON_SRC_DIR)/AEGetLaunchTokenRequest.cpp \ $(IPC_COMMON_SRC_DIR)/AEGetPsCapRequest.cpp \ $(IPC_COMMON_SRC_DIR)/AEGetPsCapResponse.cpp \ + $(IPC_COMMON_SRC_DIR)/AEGetWhiteListSizeRequest.cpp \ + $(IPC_COMMON_SRC_DIR)/AEGetWhiteListSizeResponse.cpp \ + $(IPC_COMMON_SRC_DIR)/AEGetWhiteListRequest.cpp \ + $(IPC_COMMON_SRC_DIR)/AEGetWhiteListResponse.cpp \ + $(IPC_COMMON_SRC_DIR)/AESGXGetExtendedEpidGroupIdRequest.cpp \ + $(IPC_COMMON_SRC_DIR)/AESGXGetExtendedEpidGroupIdResponse.cpp \ + $(IPC_COMMON_SRC_DIR)/AESGXSwitchExtendedEpidGroupRequest.cpp \ + $(IPC_COMMON_SRC_DIR)/AESGXSwitchExtendedEpidGroupResponse.cpp \ $(IPC_COMMON_SRC_DIR)/AEReportAttestationRequest.cpp \ $(IPC_COMMON_SRC_DIR)/AEReportAttestationResponse.cpp \ $(IPC_COMMON_SRC_DIR)/SocketTransporter.cpp \ @@ -257,13 +263,14 @@ $(LIBNAME): $(COMMON_OBJ) consttime_memequal.o :consttime_memequal.c $(CC) $(filter-out -O2,$(CFLAGS)) -fPIC -O1 $(INCLUDE) -c $< -o $@ -$(APPNAME): $(OBJ) $(LIBNAME) sgx_tcrypto -lrdrand +$(APPNAME): $(OBJ) $(LIBNAME) sgx_tcrypto -lrdrand urts $(CXX) $(CXXFLAGS) $(OBJ) $(LIBNAME) $(LDUFLAGS) $(EXTERNAL_LIB) -o $@ -ldl $(IPC_SRC): PROTPBUF ./source/le/LEClass.o: ${AESM_EXTENSION}/launch_enclave_u.c ./source/pve/PVEClass.o: ${AESM_EXTENSION}/provision_enclave_u.c ./source/qe/QEClass.o: ${AESM_EXTENSION}/quoting_enclave_u.c +./source/pce/PCEClass.o: ${AESM_EXTENSION}/pce_u.c uecall_bridge.o: ${AESM_EXTENSION}/pse_pr_u.c -lrdrand: $(RDRAND_MAKEFILE) @@ -288,6 +295,8 @@ ${AESM_EXTENSION}/quoting_enclave_u.c: ${LINUX_PSW_DIR}/ae/qe/quoting_enclave.ed ${AESM_EXTENSION}/pse_pr_u.c: ${LINUX_PSW_DIR}/ae/pse/pse_pr/pse_pr.edl @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< +${AESM_EXTENSION}/pce_u.c: ${LINUX_PSW_DIR}/ae/pce/pce.edl + @$(EDGER8R) --untrusted --untrusted-dir ${AESM_EXTENSION} $< .PHONY: PROTPBUF PROTPBUF: $(MAKE) -C $(IPC_COMMON_PROTO_DIR) @@ -307,13 +316,13 @@ clean: @$(RM) $(APPNAME) @$(RM) $(LIBNAME) $(MAKE) -C $(IPC_COMMON_PROTO_DIR) clean + $(MAKE) -C $(LINUX_PSW_DIR)/urts/linux clean @$(RM) source/le/*.o @$(RM) source/pve/*.o - @$(RM) source/pve/*.o + @$(RM) source/pce/*.o @$(RM) source/network/*.o @$(RM) source/oal/*.o @$(RM) source/qe/*.o - @$(RM) source/qe/*.o @$(RM) source/storage/*.o @$(RM) $(AESM_EXTENSION)/*_u.c $(AESM_EXTENSION)/*_u.h ifeq ($(RDRAND_MAKEFILE), $(wildcard $(RDRAND_MAKEFILE))) diff --git a/psw/ae/aesm_service/config/network/aesmd.conf b/psw/ae/aesm_service/config/network/aesmd.conf index 971052accf..c2f32e5ef3 100644 --- a/psw/ae/aesm_service/config/network/aesmd.conf +++ b/psw/ae/aesm_service/config/network/aesmd.conf @@ -1,10 +1,8 @@ #Line with comments only #empty line with comment -#proxy type = direct #direct type means no proxy used -#proxy type = default #system default proxy -#proxy type = manual #aesm proxy should be specified for manual proxy type -#aesm proxy = http://proxyuser:passwd@proxy_url:proxy_port -#endpoint url = http://sample_endpoint_url:8080 -#pse rl url = http://sample_pse_rl_url/rl -#pse ocsp url = https://sample_ocsp_url/ocsp +#proxy type = direct #direct type means no proxy used +#proxy type = default #system default proxy +#proxy type = manual #aesm proxy should be specified for manual proxy type +#aesm proxy = http://proxyuser:passwd@proxy_url:proxy_port +#whitelist url = http://sample_while_list_url/ diff --git a/psw/ae/aesm_service/include/oal/aesm_persistent_storage.h b/psw/ae/aesm_service/include/oal/aesm_persistent_storage.h index 3c9744588d..d975a4a6ba 100644 --- a/psw/ae/aesm_service/include/oal/aesm_persistent_storage.h +++ b/psw/ae/aesm_service/include/oal/aesm_persistent_storage.h @@ -54,8 +54,11 @@ typedef enum _aesm_data_id_t{ PVE_ENCLAVE_FID, PSE_OP_ENCLAVE_FID, PSE_PR_ENCLAVE_FID, + PCE_ENCLAVE_FID, LE_PROD_SIG_STRUCT_FID, /*some normal persistent storages*/ + EXTENDED_EPID_GROUP_ID_FID, + EXTENDED_EPID_GROUP_BLOB_INFO_FID, PROVISION_PEK_BLOB_FID, EPID_DATA_BLOB_FID, AESM_SERVER_URL_FID, @@ -92,43 +95,61 @@ typedef enum _aesm_data_id_t{ aesm_data_id_t operator++(aesm_data_id_t& id, int); typedef aesm_data_id_t aesm_enclave_id_t; - -/*Function to get pathname of a file object such as vmc database, aesm_get_cpathname is alias of function aesm_get_pathname +#define DEFAULT_EGID 0 +#define INVALID_EGID 0xFFFFFFFF +/*Function to get pathname of a file object such as vmc database *@type: input for the type of the storage *@data_id: id of persistent storage *@buf: start address of the buffer to receive the zero terminated path file name of the data *@buf_size: size in char of the buffer 'buf' - *@return AESM_SUCCESS on success or error code if faileda + *@xgid: extended epid group id associated with the file if the file location info is AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + * the xgid must be INVALID_EGID if the file location info is not AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + *@return AESM_SUCCESS on success or error code if failed */ -ae_error_t aesm_get_pathname(aesm_data_type_t type, aesm_data_id_t data_id, char *buf, uint32_t buf_size); -ae_error_t aesm_get_cpathname(aesm_data_type_t type, aesm_data_id_t data_id, char *buf, uint32_t buf_size); +ae_error_t aesm_get_pathname(aesm_data_type_t type, aesm_data_id_t data_id, char *buf, uint32_t buf_size, uint32_t xgid = INVALID_EGID); +ae_error_t aesm_get_cpathname(aesm_data_type_t type, aesm_data_id_t data_id, char *buf, uint32_t buf_size, uint32_t xgid = INVALID_EGID); /*Function to query size of data in persistent storage *@type: input for the type of storage *@data_id: id of persistent storage *@p_size: output parameter to return size of the data blob + *@xgid: extended epid group id associated with the file if the file location info is AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + * the xgid must be INVALID_EGID if the file location info is not AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA *@return AESM_SUCCESS on success or error code if failed */ -ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t *p_size); +ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t *p_size, uint32_t xgid = INVALID_EGID); /*Function to read data from persistent storage *@type: input type of the storage *@data_id: id of persistent storage *@buf: start address of the buffer to receive data from persistent storage *@p_size: the input value *p_size is size of the buffer and output the size in bytes of data read + *@xgid: extended epid group id associated with the file if the file location info is AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + * the xgid must be INVALID_EGID if the file location info is not AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA *@return AESM_SUCCESS on success or error code if failed * The functin will not check whether there're too much data in the persistent storage to be read */ -ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t *buf, uint32_t *p_size); +ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t *buf, uint32_t *p_size, uint32_t xgid = INVALID_EGID); -/*Function to write data to persistent storage +/*Function to write data tp persistent storage *@type: input type of the storage *@data_id: id of persistent storage *@buf: start address of the buffer where the data is to be saved to persistent storage - *@size: size in bytes of the input data in buf + *@size: size in bytes of the ti be saved + *@xgid: extended epid group id associated with the file if the file location info is AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + * the xgid must be INVALID_EGID if the file location info is not AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA *@return AESM_SUCCESS on success or error code if failed + * The functin will not check whether there're too much data in the persistent storage to be read */ -ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const uint8_t *buf, uint32_t size); +ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const uint8_t *buf, uint32_t size, uint32_t xgid = INVALID_EGID); +/*Function to remove data persistent storage + *@type: input type of the storage + *@data_id: id of persistent storage + *@xgid: extended epid group id associated with the file if the file location info is AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + * the xgid must be INVALID_EGID if the file location info is not AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA + *@return AESM_SUCCESS on success or error code if failed + */ +ae_error_t aesm_remove_data(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t xgid = INVALID_EGID); #endif diff --git a/psw/ae/aesm_service/include/oal/error_report.h b/psw/ae/aesm_service/include/oal/error_report.h index 5e05334c26..fa11c6da12 100644 --- a/psw/ae/aesm_service/include/oal/error_report.h +++ b/psw/ae/aesm_service/include/oal/error_report.h @@ -50,6 +50,7 @@ extern "C" { #define AESM_LOG_WARN(format, args...) aesm_log_report(AESM_LOG_REPORT_WARNING, format, ## args) #define AESM_LOG_INIT() aesm_log_init() #define AESM_LOG_FINI() aesm_log_fini() +#define AESM_LOG_ERROR_UNICODE AESM_LOG_ERROR #endif/*__OAL_ERROR_REPORT_H__*/ diff --git a/psw/ae/aesm_service/include/oal/internal_log.h b/psw/ae/aesm_service/include/oal/internal_log.h index 93ce70df43..95e0599d13 100644 --- a/psw/ae/aesm_service/include/oal/internal_log.h +++ b/psw/ae/aesm_service/include/oal/internal_log.h @@ -75,6 +75,8 @@ extern "C" { #define SGX_DBGPRINT_PRINT_TWO_STRINGS(x,y) AESM_DBG_WARN("%s %s",x, y) #define SGX_DBGPRINT_PRINT_TWO_STRINGS_ONE_INT(x,y,z) AESM_DBG_WARN("%s %s %d", x,y,z) #define SGX_DBGPRINT_PRINT_FIVE_STRINGS(a,b,c,d,e) AESM_DBG_WARN("%s %s %s %s %s",a,b,c,d,e) +#define SGX_DBGPRINT_PRINT_UNICODE_STRING_LTP(x) AESM_DBG_WARN("%s", x) +#define SGX_DBGPRINT_PRINT_ANSI_STRING(x) AESM_DBG_WARN("%s",x) #define SGX_DBGPRINT_PRINT_STRING_LTP(x) AESM_DBG_WARN("%s",x) #define SGX_DBGPRINT_PRINT_STRING(x) AESM_DBG_WARN("%s",x) diff --git a/psw/ae/aesm_service/source/aesm/application/AEClass.h b/psw/ae/aesm_service/source/aesm/application/AEClass.h index 0fe1b5d87b..a6fed7bf2f 100644 --- a/psw/ae/aesm_service/source/aesm/application/AEClass.h +++ b/psw/ae/aesm_service/source/aesm/application/AEClass.h @@ -28,7 +28,6 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ - #ifndef _AE_CLASS_H_ #define _AE_CLASS_H_ #include "sgx_eid.h" @@ -125,9 +124,13 @@ ae_error_t SingletonEnclave::load_enclave() AESM_DBG_ERROR("AE SERVER NOT AVAILABLE in load enclave: %s",enclave_path); return AE_SERVER_NOT_AVAILABLE; } + if(ret == SGX_ERROR_OUT_OF_EPC){ + AESM_DBG_ERROR("No enough EPC to load AE: %s",enclave_path); + return AESM_AE_OUT_OF_EPC; + } if (ret != SGX_SUCCESS){ AESM_DBG_ERROR("Create Enclave failed:%d",ret); - return AE_FAILURE; + return AE_SERVER_NOT_AVAILABLE; } AESM_DBG_INFO("enclave %d loaded with id 0X%llX",aesm_enclave_id,m_enclave_id); diff --git a/psw/ae/aesm_service/source/aesm/application/aesm_config.cpp b/psw/ae/aesm_service/source/aesm/application/aesm_config.cpp index c651501f0c..3b9780a4b2 100644 --- a/psw/ae/aesm_service/source/aesm/application/aesm_config.cpp +++ b/psw/ae/aesm_service/source/aesm/application/aesm_config.cpp @@ -33,6 +33,7 @@ #include "aesm_config.h" #include "aesm_proxy_type.h" #include "oal.h" +#include "default_url_info.hh" #include #include #include @@ -45,9 +46,7 @@ enum _config_value_t{ config_comment, config_space, - config_endpoint_url, - config_pse_rl_url, - config_pse_ocsp_url, + config_white_list_url, config_aesm_proxy_url, config_aesm_proxy_type, config_value_nums @@ -59,9 +58,7 @@ struct _config_patterns_t{ }config_patterns[]={ {config_comment, "^[[:blank:]]*#"}, //matching a line with comments only (It is started by #) {config_space, "^[[:blank:]]*$"}, //matching empty line - {config_endpoint_url, "^[[:blank:]]*endpoint[[:blank:]]*url[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: endpoint url = .... - {config_pse_rl_url, "^[[:blank:]]*pse[[:blank:]]*rl[[:blank:]]*url[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: pse rl url = ... - {config_pse_ocsp_url, "^[[:blank:]]*pse[[:blank:]]*ocsp[[:blank:]]*url[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: pse ocsp url = ... + {config_white_list_url, "^[[:blank:]]*whitelist[[:blank:]]*url[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: whilelist url = .... {config_aesm_proxy_url,"^[[:blank:]]*aesm[[:blank:]]*proxy[[:blank:]]*=" URL_PATTERN OPTION_COMMENT "$"}, //matching line in format: aesm proxy = ... {config_aesm_proxy_type, "^[[:blank:]]*proxy[[:blank:]]*type[[:blank:]]*=[[:blank:]]([^[:blank:]]+)[[:blank:]]*" OPTION_COMMENT "$"}//matching line in format: proxy type = [direct|default|manual] }; @@ -143,28 +140,12 @@ static bool config_process_one_line(const char *line, config_entry_t entries[], case config_space: //ignore comment and space only line break; - case config_endpoint_url://Matching Endpoint URL setting + case config_white_list_url://Matching White List URL setting if(matches[1].rm_eo-matches[1].rm_so>=MAX_PATH){ - AESM_DBG_ERROR("too long endpoint url in config file"); + AESM_DBG_ERROR("too long white list url in config file"); }else{ - memcpy(infos.endpoint_url, line+matches[1].rm_so,matches[1].rm_eo-matches[1].rm_so); - infos.endpoint_url[matches[1].rm_eo-matches[1].rm_so]='\0'; - } - break; - case config_pse_rl_url: - if(matches[1].rm_eo-matches[1].rm_so>=MAX_PATH){ - AESM_DBG_ERROR("too long pse pr url in config file"); - }else{ - memcpy(infos.pse_rl_url, line+matches[1].rm_so,matches[1].rm_eo-matches[1].rm_so); - infos.pse_rl_url[matches[1].rm_eo-matches[1].rm_so]='\0'; - } - break; - case config_pse_ocsp_url: - if(matches[1].rm_eo-matches[1].rm_so>=MAX_PATH){ - AESM_DBG_ERROR("too long pse ocsp url in config file"); - }else{ - memcpy(infos.pse_ocsp_url, line+matches[1].rm_so,matches[1].rm_eo-matches[1].rm_so); - infos.pse_ocsp_url[matches[1].rm_eo-matches[1].rm_so]='\0'; + memcpy(infos.white_list_url, line+matches[1].rm_so,matches[1].rm_eo-matches[1].rm_so); + infos.white_list_url[matches[1].rm_eo-matches[1].rm_so]='\0'; } break; case config_aesm_proxy_url: @@ -200,9 +181,7 @@ bool read_aesm_config(aesm_config_infos_t& infos) config_entry_t entries[config_value_nums]; memset(&entries,0,sizeof(entries)); memset(&infos, 0, sizeof(aesm_config_infos_t)); - strcpy(infos.endpoint_url, DEFAULT_URL); - strcpy(infos.pse_rl_url, DEFAULT_PSE_RL_URL); - strcpy(infos.pse_ocsp_url, DEFAULT_PSE_OCSP_URL); + strcpy(infos.white_list_url, DEFAULT_WHITE_LIST_URL); infos.proxy_type = AESM_PROXY_TYPE_DEFAULT_PROXY; FILE *f =fopen(AESM_CONFIG_FILE, "r"); diff --git a/psw/ae/aesm_service/source/aesm/application/aesm_config.h b/psw/ae/aesm_service/source/aesm/application/aesm_config.h index 0dc5b5f24f..b8baf3d510 100644 --- a/psw/ae/aesm_service/source/aesm/application/aesm_config.h +++ b/psw/ae/aesm_service/source/aesm/application/aesm_config.h @@ -35,9 +35,7 @@ #include "aesm_logic.h" typedef struct _aesm_config_infos_t{ uint32_t proxy_type; - char endpoint_url[MAX_PATH]; - char pse_rl_url[MAX_PATH]; - char pse_ocsp_url[MAX_PATH]; + char white_list_url[MAX_PATH]; char aesm_proxy[MAX_PATH]; }aesm_config_infos_t; #endif diff --git a/psw/ae/aesm_service/source/aesm/application/aesm_logic.cpp b/psw/ae/aesm_service/source/aesm/application/aesm_logic.cpp index 84b124a0b9..909fde2209 100644 --- a/psw/ae/aesm_service/source/aesm/application/aesm_logic.cpp +++ b/psw/ae/aesm_service/source/aesm/application/aesm_logic.cpp @@ -34,6 +34,7 @@ #include "QEClass.h" #include "LEClass.h" #include "PVEClass.h" +#include "PCEClass.h" #include "arch.h" #include "sgx_report.h" @@ -46,6 +47,7 @@ #include "oal/aesm_thread.h" #include "aesm_encode.h" #include "aesm_epid_blob.h" +#include "aesm_xegd_blob.h" #include "aesm_logic.h" #include "pve_logic.h" #include "qe_logic.h" @@ -64,6 +66,7 @@ #include "prof_fun.h" #include "aesm_long_lived_thread.h" #include "sgx_profile.h" +#include "service_enclave_mrsigner.hh" #define CHECK_SERVICE_STATUS if (!is_service_running()) return AESM_SERVICE_STOPPED; #define CHECK_SGX_STATUS if (g_sgx_device_status != SGX_ENABLED) return AESM_SGX_DEVICE_NOT_AVAILABLE; @@ -74,13 +77,60 @@ AESMLogicMutex AESMLogic::_le_mutex; bool AESMLogic::_is_qe_psvn_set; bool AESMLogic::_is_pse_psvn_set; +bool AESMLogic::_is_pce_psvn_set; psvn_t AESMLogic::_qe_psvn; +psvn_t AESMLogic::_pce_psvn; psvn_t AESMLogic::_pse_psvn; +uint32_t AESMLogic::active_extended_epid_group_id; + +static ae_error_t read_global_extended_epid_group_id(uint32_t *xeg_id) +{ + char path_name[MAX_PATH]; + ae_error_t ae_ret = aesm_get_pathname(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_ID_FID, path_name, MAX_PATH); + if(AE_SUCCESS != ae_ret){ + return ae_ret; + } + FILE * f = fopen(path_name, "r"); + if( f == NULL){ + return OAL_CONFIG_FILE_ERROR; + } + ae_ret = OAL_CONFIG_FILE_ERROR; + if(fscanf(f, "%u", xeg_id)==1){ + ae_ret = AE_SUCCESS; + } + fclose(f); + return ae_ret; +} +static ae_error_t set_global_extended_epid_group_id(uint32_t xeg_id) +{ + char path_name[MAX_PATH]; + ae_error_t ae_ret = aesm_get_pathname(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_ID_FID, path_name, MAX_PATH); + if(AE_SUCCESS != ae_ret){ + return ae_ret; + } + FILE *f = fopen(path_name, "w"); + if(f == NULL){ + return OAL_CONFIG_FILE_ERROR; + } + ae_ret = OAL_CONFIG_FILE_ERROR; + if(fprintf(f, "%u", xeg_id)>0){ + ae_ret = AE_SUCCESS; + } + fclose(f); + return ae_ret; +} + +uint32_t AESMLogic::get_active_extended_epid_group_id() +{ + return active_extended_epid_group_id; +} + static ae_error_t thread_to_load_qe(aesm_thread_arg_type_t arg) { epid_blob_with_cur_psvn_t epid_data; ae_error_t ae_ret = AE_FAILURE; + uint32_t epid_xeid = 0; UNUSED(arg); AESM_DBG_TRACE("start to load qe"); memset(&epid_data, 0, sizeof(epid_data)); @@ -94,7 +144,50 @@ static ae_error_t thread_to_load_qe(aesm_thread_arg_type_t arg) AESM_DBG_WARN("fail to load QE: %d", ae_ret); }else{ AESM_DBG_TRACE("QE loaded successfully"); + bool resealed = false; + // Just take this chance to reseal EPID blob in case TCB is + // upgraded, return value is ignored and no provisioning is + // triggered. + ae_ret = static_cast(CQEClass::instance().verify_blob( + epid_data.trusted_epid_blob, + SGX_TRUSTED_EPID_BLOB_SIZE_PAK, + &resealed)); + if(AE_SUCCESS != ae_ret) + { + AESM_DBG_WARN("Failed to verify EPID blob: %d", ae_ret); + // The EPID blob is invalid. + EPIDBlob::instance().remove(); + }else{ + // Check whether EPID blob XEGDID is aligned with active extended group id if it exists. + if ((EPIDBlob::instance().get_extended_epid_group_id(&epid_xeid) == AE_SUCCESS) && (epid_xeid == AESMLogic::get_active_extended_epid_group_id())) { + AESM_DBG_TRACE("EPID blob Verified"); + // XEGDID is aligned + if (true == resealed) + { + AESM_DBG_TRACE("EPID blob is resealed"); + if ((ae_ret = EPIDBlob::instance().write(epid_data)) + != AE_SUCCESS) + { + AESM_DBG_WARN("Failed to update epid blob: %d", ae_ret); + } + } + } + else { // XEGDID is NOT aligned + AESM_DBG_TRACE("XEGDID mismatch in EPIDBlob, loading PCE ..."); + EPIDBlob::instance().remove(); + ae_ret = CPCEClass::instance().load_enclave(); + if (AE_SUCCESS != ae_ret) + { + AESM_DBG_WARN("fail to load PCE: %d", ae_ret); + } + else{ + AESM_DBG_TRACE("PCE loaded successfully"); + } + } + } } + }else{ + AESM_DBG_TRACE("Fail to read EPID Blob"); } AESM_DBG_TRACE("QE Thread finished succ"); return AE_SUCCESS; @@ -110,6 +203,24 @@ ae_error_t AESMLogic::service_start() //ippInit();//no ippInit available for c version ipp AESM_DBG_INFO("aesm service is starting"); + + //Try to read current active extended epid group id + ae_ret = read_global_extended_epid_group_id(&AESMLogic::active_extended_epid_group_id); + if (AE_SUCCESS != ae_ret){ + AESM_DBG_INFO("Fail to read extended epid group id, default extended epid group used"); + AESMLogic::active_extended_epid_group_id = DEFAULT_EGID; //use default extended epid group id 0 if it is not available from data file + + } + else{ + AESM_DBG_INFO("active extended group id %d used", AESMLogic::active_extended_epid_group_id); + } + extended_epid_group_blob_t xegb; + aesm_server_url_infos_t urls; + if (AE_SUCCESS != (XEGDBlob::verify_xegd_by_xgid(active_extended_epid_group_id)) || + AE_SUCCESS != (EndpointSelectionInfo::verify_file_by_xgid(active_extended_epid_group_id))){//try to load XEGD and URL file to make sure it is valid + AESMLogic::active_extended_epid_group_id = DEFAULT_EGID;//If the active extended epid group id read from data file is not valid, switch to default extended epid group id + } + ae_ret = CLEClass::instance().load_enclave(); if(AE_SUCCESS != ae_ret) { @@ -126,7 +237,8 @@ ae_error_t AESMLogic::service_start() }else{ (void)aesm_free_thread(qe_thread);//release thread handle to free memory } - + + start_white_list_thread(); AESM_DBG_TRACE("aesm service is started"); return AE_SUCCESS; @@ -134,7 +246,9 @@ ae_error_t AESMLogic::service_start() void AESMLogic::service_stop() { + stop_all_long_lived_threads();//waiting for pending threads util timeout CPVEClass::instance().unload_enclave(); + CPCEClass::instance().unload_enclave(); CQEClass::instance().unload_enclave(); CLEClass::instance().unload_enclave(); stop_all_long_lived_threads(); @@ -234,16 +348,21 @@ aesm_error_t AESMLogic::get_launch_token( return AESM_PARAMETER_ERROR; } ae_error_t ae_ret = CLEClass::instance().load_enclave(); - if(ae_ret == AE_SERVER_NOT_AVAILABLE) + if(ae_ret == AESM_AE_NO_DEVICE) { AESM_LOG_ERROR("%s", g_event_string_table[SGX_EVENT_SERVICE_UNAVAILABLE]); AESM_DBG_FATAL("LE not loaded due to AE_SERVER_NOT_AVAILABLE, possible SGX Env Not Ready"); return AESM_NO_DEVICE_ERROR; } + else if(ae_ret == AESM_AE_OUT_OF_EPC) + { + AESM_DBG_WARN("LE not loaded due to out of EPC", ae_ret); + return AESM_OUT_OF_EPC; + } else if(AE_FAILED(ae_ret)) { AESM_DBG_ERROR("LE not loaded:%d", ae_ret); - return AESM_UNEXPECTED_ERROR; + return AESM_SERVICE_UNAVAILABLE; } ret_le = static_cast(CLEClass::instance().get_launch_token( const_cast(mrenclave), mrenclave_size, @@ -297,6 +416,24 @@ ae_error_t AESMLogic::get_qe_isv_svn(uint16_t& isv_svn) return AE_SUCCESS; } + +ae_error_t AESMLogic::get_pce_isv_svn(uint16_t& isv_svn) +{ + if(!_is_pce_psvn_set){ + ae_error_t ae_err = CPCEClass::instance().load_enclave(); + if(AE_SUCCESS != ae_err){ + AESM_DBG_ERROR("Fail to load PCE Enclave:%d",ae_err); + return ae_err; + } + } + assert(_is_pce_psvn_set); + if(0!=memcpy_s(&isv_svn, sizeof(isv_svn), &_pce_psvn.isv_svn, sizeof(_pce_psvn.isv_svn))){ + AESM_DBG_ERROR("memcpy failed"); + return AE_FAILURE; + } + return AE_SUCCESS; +} + ae_error_t AESMLogic::get_pse_isv_svn(uint16_t& isv_svn) { return AE_FAILURE; @@ -321,41 +458,62 @@ ae_error_t AESMLogic::get_qe_cpu_svn(sgx_cpu_svn_t& cpu_svn) -ae_error_t AESMLogic::set_psvn(uint16_t prod_id, uint16_t isv_svn, sgx_cpu_svn_t cpu_svn) +ae_error_t AESMLogic::set_psvn(uint16_t prod_id, uint16_t isv_svn, sgx_cpu_svn_t cpu_svn, uint32_t mrsigner_index) { if(prod_id == QE_PROD_ID){ - if(_is_qe_psvn_set){ - if(0!=memcmp(&_qe_psvn.isv_svn, &isv_svn, sizeof(isv_svn))|| - 0!=memcmp(&_qe_psvn.cpu_svn, &cpu_svn, sizeof(sgx_cpu_svn_t))){ - AESM_DBG_ERROR("PSVN unmatched for QE/PVE"); - return AE_PSVN_UNMATCHED_ERROR; + if(mrsigner_index == AE_MR_SIGNER){ + if(_is_qe_psvn_set){ + if(0!=memcmp(&_qe_psvn.isv_svn, &isv_svn, sizeof(isv_svn))|| + 0!=memcmp(&_qe_psvn.cpu_svn, &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("PSVN unmatched for QE/PVE"); + return AE_PSVN_UNMATCHED_ERROR; + } + }else{ + if(0!=memcpy_s(&_qe_psvn.isv_svn, sizeof(_qe_psvn.isv_svn), &isv_svn, sizeof(isv_svn))|| + 0!=memcpy_s(&_qe_psvn.cpu_svn, sizeof(_qe_psvn.cpu_svn), &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("memcpy failed"); + return AE_FAILURE; + } + AESM_DBG_TRACE("get QE or PvE isv_svn=%d",(int)isv_svn); + _is_qe_psvn_set = true; + return AE_SUCCESS; } - }else{ - if(0!=memcpy_s(&_qe_psvn.isv_svn, sizeof(_qe_psvn.isv_svn), &isv_svn, sizeof(isv_svn))|| - 0!=memcpy_s(&_qe_psvn.cpu_svn, sizeof(_qe_psvn.cpu_svn), &cpu_svn, sizeof(sgx_cpu_svn_t))){ - AESM_DBG_ERROR("memcpy failed"); - return AE_FAILURE; + }else if(mrsigner_index==PCE_MR_SIGNER){ + if(_is_pce_psvn_set){ + if(0!=memcmp(&_pce_psvn.isv_svn, &isv_svn, sizeof(isv_svn))|| + 0!=memcmp(&_pce_psvn.cpu_svn, &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("PSVN unmatched for PCE"); + return AE_PSVN_UNMATCHED_ERROR; + } + }else{ + if(0!=memcpy_s(&_pce_psvn.isv_svn, sizeof(_pce_psvn.isv_svn), &isv_svn, sizeof(isv_svn))|| + 0!=memcpy_s(&_pce_psvn.cpu_svn, sizeof(_pce_psvn.cpu_svn), &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("memcpy failed"); + return AE_FAILURE; + } + AESM_DBG_TRACE("get PCE isv_svn=%d", (int)isv_svn); + _is_pce_psvn_set = true; + return AE_SUCCESS; } - AESM_DBG_TRACE("get QE or PvE isv_svn=%d",(int)isv_svn); - _is_qe_psvn_set = true; - return AE_SUCCESS; } }else if(prod_id == PSE_PROD_ID){ - if(_is_pse_psvn_set){ - if(0!=memcmp(&_pse_psvn.isv_svn, &isv_svn, sizeof(isv_svn))|| - 0!=memcmp(&_pse_psvn.cpu_svn, &cpu_svn, sizeof(sgx_cpu_svn_t))){ - AESM_DBG_ERROR("PSVN unmatched for PSE"); - return AE_PSVN_UNMATCHED_ERROR; + if(mrsigner_index == AE_MR_SIGNER){ + if(_is_pse_psvn_set){ + if(0!=memcmp(&_pse_psvn.isv_svn, &isv_svn, sizeof(isv_svn))|| + 0!=memcmp(&_pse_psvn.cpu_svn, &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("PSVN unmatched for PSE"); + return AE_PSVN_UNMATCHED_ERROR; + } + }else{ + if(0!=memcpy_s(&_pse_psvn.isv_svn, sizeof(_pse_psvn.isv_svn), &isv_svn, sizeof(isv_svn))|| + 0!=memcpy_s(&_pse_psvn.cpu_svn, sizeof(_pse_psvn.cpu_svn), &cpu_svn, sizeof(sgx_cpu_svn_t))){ + AESM_DBG_ERROR("memcpy failed"); + return AE_FAILURE; + } + AESM_DBG_TRACE("get PSE isv_svn=%d", (int)isv_svn); + _is_pse_psvn_set = true; + return AE_SUCCESS; } - }else{ - if(0!=memcpy_s(&_pse_psvn.isv_svn, sizeof(_pse_psvn.isv_svn), &isv_svn, sizeof(isv_svn))|| - 0!=memcpy_s(&_pse_psvn.cpu_svn, sizeof(_pse_psvn.cpu_svn), &cpu_svn, sizeof(sgx_cpu_svn_t))){ - AESM_DBG_ERROR("memcpy failed"); - return AE_FAILURE; - } - AESM_DBG_TRACE("get PSE isv_svn=%d", (int)isv_svn); - _is_pse_psvn_set = true; - return AE_SUCCESS; } } return AE_SUCCESS; @@ -369,16 +527,25 @@ sgx_status_t AESMLogic::get_launch_token(const enclave_css_t* signature, AESMLogicLock lock(_le_mutex); ae_error_t ret_le = AE_SUCCESS; + uint32_t mrsigner_index = UINT32_MAX; // load LE to get launch token if((ret_le=CLEClass::instance().load_enclave()) != AE_SUCCESS) { - if(ret_le == AE_SERVER_NOT_AVAILABLE) + if(ret_le == AESM_AE_NO_DEVICE) { - AESM_DBG_FATAL("LE not loaded due to AE_SERVER_NOT_AVAILABLE, possible SGX Env Not Ready"); + AESM_DBG_FATAL("LE not loaded due to no SGX device available, possible SGX Env Not Ready"); return SGX_ERROR_NO_DEVICE; } - AESM_DBG_FATAL("fail to load LE:%d",ret_le); - return SGX_ERROR_UNEXPECTED; + else if(ret_le == AESM_AE_OUT_OF_EPC) + { + AESM_DBG_FATAL("LE not loaded due to out of EPC"); + return SGX_ERROR_OUT_OF_EPC; + } + else + { + AESM_DBG_FATAL("fail to load LE:%d",ret_le); + return SGX_ERROR_SERVICE_UNAVAILABLE; + } } @@ -390,7 +557,8 @@ sgx_status_t AESMLogic::get_launch_token(const enclave_css_t* signature, const_cast(reinterpret_cast(attribute)), sizeof(sgx_attributes_t), reinterpret_cast(launch_token), - sizeof(token_t))); + sizeof(token_t), + &mrsigner_index)); switch (ret_le) { case AE_SUCCESS: @@ -411,7 +579,7 @@ sgx_status_t AESMLogic::get_launch_token(const enclave_css_t* signature, } token_t *lt = reinterpret_cast(launch_token); - ret_le = set_psvn(signature->body.isv_prod_id, signature->body.isv_svn, lt->cpu_svn_le); + ret_le = set_psvn(signature->body.isv_prod_id, signature->body.isv_svn, lt->cpu_svn_le, mrsigner_index); if(AE_PSVN_UNMATCHED_ERROR == ret_le) { //QE or PSE has been changed, but AESM doesn't restart. Will not provide service. @@ -428,7 +596,7 @@ aesm_error_t AESMLogic::create_session( uint32_t* session_id, uint8_t* se_dh_msg1, uint32_t se_dh_msg1_size) { - return AESM_SERVICE_NOT_AVAILABLE; + return AESM_SERVICE_UNAVAILABLE; } aesm_error_t AESMLogic::exchange_report( @@ -436,20 +604,20 @@ aesm_error_t AESMLogic::exchange_report( const uint8_t* se_dh_msg2, uint32_t se_dh_msg2_size, uint8_t* se_dh_msg3, uint32_t se_dh_msg3_size) { - return AESM_SERVICE_NOT_AVAILABLE; + return AESM_SERVICE_UNAVAILABLE; } aesm_error_t AESMLogic::close_session( uint32_t session_id) { - return AESM_SERVICE_NOT_AVAILABLE; + return AESM_SERVICE_UNAVAILABLE; } aesm_error_t AESMLogic::invoke_service( const uint8_t* pse_message_req, uint32_t pse_message_req_size, uint8_t* pse_message_resp, uint32_t pse_message_resp_size) { - return AESM_SERVICE_NOT_AVAILABLE;; + return AESM_SERVICE_UNAVAILABLE;; } aesm_error_t AESMLogic::get_ps_cap( @@ -469,6 +637,7 @@ aesm_error_t AESMLogic::init_quote( { ae_error_t ret = AE_SUCCESS; uint16_t qe_isv_svn = 0xFFFF; + uint16_t pce_isv_svn = 0xFFFF; sgx_cpu_svn_t qe_cpu_svn; memset(&qe_cpu_svn, 0, sizeof(qe_cpu_svn)); AESM_DBG_INFO("init_quote"); @@ -479,19 +648,42 @@ aesm_error_t AESMLogic::init_quote( } AESMLogicLock lock(_qe_pve_mutex); CHECK_EPID_PROVISIONG_STATUS; + ret = get_pce_isv_svn(pce_isv_svn); + if(AE_SUCCESS != ret) + { + if(AESM_AE_OUT_OF_EPC == ret) + return AESM_OUT_OF_EPC; + else if(AESM_AE_NO_DEVICE == ret) + return AESM_NO_DEVICE_ERROR; + else if(AE_SERVER_NOT_AVAILABLE == ret) + return AESM_SERVICE_UNAVAILABLE; + return AESM_UNEXPECTED_ERROR; + } ret = get_qe_cpu_svn(qe_cpu_svn); if(AE_SUCCESS != ret) { + if(AESM_AE_OUT_OF_EPC == ret) + return AESM_OUT_OF_EPC; + else if(AESM_AE_NO_DEVICE == ret) + return AESM_NO_DEVICE_ERROR; + else if(AE_SERVER_NOT_AVAILABLE == ret) + return AESM_SERVICE_UNAVAILABLE; return AESM_UNEXPECTED_ERROR; } ret = get_qe_isv_svn(qe_isv_svn); if(AE_SUCCESS != ret) { + if(AESM_AE_OUT_OF_EPC == ret) + return AESM_OUT_OF_EPC; + else if(AESM_AE_NO_DEVICE == ret) + return AESM_NO_DEVICE_ERROR; + else if(AE_SERVER_NOT_AVAILABLE == ret) + return AESM_SERVICE_UNAVAILABLE; return AESM_UNEXPECTED_ERROR; } return QEAESMLogic::init_quote( reinterpret_cast(target_info), - gid, gid_size, qe_isv_svn, qe_cpu_svn); + gid, gid_size, pce_isv_svn, qe_isv_svn, qe_cpu_svn); } aesm_error_t AESMLogic::get_quote(const uint8_t *report, uint32_t report_size, @@ -502,6 +694,8 @@ aesm_error_t AESMLogic::get_quote(const uint8_t *report, uint32_t report_size, uint8_t *qe_report, uint32_t qe_report_size, uint8_t *quote, uint32_t buf_size) { + ae_error_t ret = AE_SUCCESS; + uint16_t pce_isv_svn = 0xFFFF; AESM_DBG_INFO("get_quote"); if(sizeof(sgx_report_t) != report_size || sizeof(sgx_spid_t) != spid_size) @@ -516,8 +710,19 @@ aesm_error_t AESMLogic::get_quote(const uint8_t *report, uint32_t report_size, } AESMLogicLock lock(_qe_pve_mutex); CHECK_EPID_PROVISIONG_STATUS; + ret = get_pce_isv_svn(pce_isv_svn); + if(AE_SUCCESS != ret) + { + if(AESM_AE_OUT_OF_EPC == ret) + return AESM_OUT_OF_EPC; + else if(AESM_AE_NO_DEVICE == ret) + return AESM_NO_DEVICE_ERROR; + else if(AE_SERVER_NOT_AVAILABLE == ret) + return AESM_SERVICE_UNAVAILABLE; + return AESM_UNEXPECTED_ERROR; + } return QEAESMLogic::get_quote(report, quote_type, spid, nonce, sigrl, - sigrl_size, qe_report, quote, buf_size); + sigrl_size, qe_report, quote, buf_size, pce_isv_svn); } uint32_t AESMLogic::endpoint_selection(endpoint_selection_infos_t& es_info) @@ -538,6 +743,84 @@ aesm_error_t AESMLogic::report_attestation_status( return PlatformInfoLogic::report_attestation_status(platform_info, platform_info_size, attestation_status, update_info, update_info_size); } +uint32_t AESMLogic::is_gid_matching_result_in_epid_blob(const GroupID& gid) +{ + AESMLogicLock lock(_qe_pve_mutex); + EPIDBlob& epid_blob = EPIDBlob::instance(); + uint32_t le_gid; + if(epid_blob.get_sgx_gid(&le_gid)!=AE_SUCCESS){//get littlen endian gid + return GIDMT_UNEXPECTED_ERROR; + } + le_gid=_htonl(le_gid);//use bigendian gid + se_static_assert(sizeof(le_gid)==sizeof(gid)); + if(memcmp(&le_gid,&gid,sizeof(gid))!=0){ + return GIDMT_UNMATCHED; + } + return GIDMT_MATCHED; +} + +ae_error_t AESMLogic::get_white_list_size_without_lock(uint32_t *white_list_cert_size) +{ + uint32_t white_cert_size = 0; + ae_error_t ae_ret = aesm_query_data_size(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_FID, &white_cert_size); + if (AE_SUCCESS == ae_ret) + { + if (white_cert_size != 0){//file existing and not 0 size + *white_list_cert_size = white_cert_size; + return AE_SUCCESS; + } + else + return AE_FAILURE; + } + else + { + return ae_ret; + } +} + +aesm_error_t AESMLogic::get_white_list_size( + uint32_t* white_list_cert_size) +{ + if (NULL == white_list_cert_size){ + return AESM_PARAMETER_ERROR; + } + CHECK_SERVICE_STATUS; + AESMLogicLock lock(_le_mutex); + CHECK_SERVICE_STATUS; + ae_error_t ae_ret = get_white_list_size_without_lock(white_list_cert_size); + if (AE_SUCCESS == ae_ret) + return AESM_SUCCESS; + else + return AESM_UNEXPECTED_ERROR; +} + + +aesm_error_t AESMLogic::get_white_list( + uint8_t *white_list_cert, uint32_t buf_size) +{ + uint32_t white_cert_size=0; + if (NULL == white_list_cert){ + return AESM_PARAMETER_ERROR; + } + CHECK_SERVICE_STATUS; + AESMLogicLock lock(_le_mutex); + CHECK_SERVICE_STATUS; + ae_error_t ae_ret = get_white_list_size_without_lock(&white_cert_size); + if (AE_SUCCESS != ae_ret) + return AESM_UNEXPECTED_ERROR; + if (white_cert_size != buf_size) + { + return AESM_PARAMETER_ERROR; + } + + ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_FID, white_list_cert, &white_cert_size); + if (AE_SUCCESS != ae_ret){ + AESM_DBG_WARN("Fail to read white cert list file"); + return AESM_UNEXPECTED_ERROR; + } + return AESM_SUCCESS; +} + ae_error_t sgx_error_to_ae_error(sgx_status_t status) { if(SGX_ERROR_OUT_OF_MEMORY == status) @@ -547,3 +830,37 @@ ae_error_t sgx_error_to_ae_error(sgx_status_t status) return AE_FAILURE; } +aesm_error_t AESMLogic::switch_extended_epid_group( + uint32_t extended_epid_group_id + ) +{ + AESM_DBG_INFO("AESMLogic::switch_extended_epid_group"); + ae_error_t ae_ret; + extended_epid_group_blob_t xegb; + aesm_server_url_infos_t urls; + if ((ae_ret = XEGDBlob::verify_xegd_by_xgid(extended_epid_group_id)) != AE_SUCCESS || + (ae_ret = EndpointSelectionInfo::verify_file_by_xgid(extended_epid_group_id)) != AE_SUCCESS){ + AESM_DBG_INFO("Fail to switch to extended epid group to %d due to XEGD blob for URL blob not available", extended_epid_group_id); + return AESM_PARAMETER_ERROR; + } + ae_ret = set_global_extended_epid_group_id(extended_epid_group_id); + if (ae_ret != AE_SUCCESS){ + AESM_DBG_INFO("Fail to switch to extended epid group %d", extended_epid_group_id); + return AESM_UNEXPECTED_ERROR; + } + + AESM_DBG_INFO("Succ to switch to extended epid group %d in data file, restart aesm required to use it", extended_epid_group_id); + return AESM_SUCCESS; +} +aesm_error_t AESMLogic::get_extended_epid_group_id( + uint32_t* extended_epid_group_id) +{ + AESM_DBG_INFO("AESMLogic::get_extended_epid_group"); + if (NULL == extended_epid_group_id) + { + return AESM_PARAMETER_ERROR; + } + *extended_epid_group_id = get_active_extended_epid_group_id(); + return AESM_SUCCESS; +} + diff --git a/psw/ae/aesm_service/source/aesm/application/aesm_logic.h b/psw/ae/aesm_service/source/aesm/application/aesm_logic.h index 48ef7fc527..0cbd654bf5 100644 --- a/psw/ae/aesm_service/source/aesm/application/aesm_logic.h +++ b/psw/ae/aesm_service/source/aesm/application/aesm_logic.h @@ -49,7 +49,7 @@ #include "default_url_info.hh" -/*File to declare AESMLogic Class */ +/*File to declare AESMLogic Class and facility class(Mutex/Lock) for it*/ const uint32_t THREAD_TIMEOUT = 5000; @@ -82,15 +82,19 @@ class AESMLogic{ public: static AESMLogicMutex _qe_pve_mutex, _pse_mutex, _le_mutex; /*mutex to lock external interface*/ private: - static psvn_t _qe_psvn, _pse_psvn; /*two different cpu svn used although they're same. We should only access qe_psvn when qe_pve_mutex is acquired and only access pse_psvn when pse_mutext is acquired*/ - static bool _is_qe_psvn_set, _is_pse_psvn_set; - static ae_error_t set_psvn(uint16_t prod_id, uint16_t isv_svn, sgx_cpu_svn_t cpu_svn); + static psvn_t _qe_psvn, _pse_psvn, _pce_psvn; /*different cpu svn used although they're same. We should only access _qe_psvn/_pce_svn when qe_pve_mutex is acquired and only access _pse_psvn when pse_mutext is acquired*/ + static bool _is_qe_psvn_set, _is_pse_psvn_set, _is_pce_psvn_set; + static uint32_t active_extended_epid_group_id; + static ae_error_t set_psvn(uint16_t prod_id, uint16_t isv_svn, sgx_cpu_svn_t cpu_svn, uint32_t mrsigner_index); static ae_error_t save_unverified_white_list(const uint8_t *white_list_cert, uint32_t white_list_cert_size); + static ae_error_t get_white_list_size_without_lock(uint32_t *white_list_cert_size); public: - static ae_error_t get_qe_isv_svn(uint16_t& isv_svn);/*This function should only be called when _qe_pve_mutex is acquired*/ + static ae_error_t get_qe_isv_svn(uint16_t& isv_svn); /*This function should only be called when _qe_pve_mutex is acquired*/ static ae_error_t get_qe_cpu_svn(sgx_cpu_svn_t& cpu_svn);/*This function should only be called when _qe_pve_mutex is acquired*/ - static ae_error_t get_pse_isv_svn(uint16_t& isv_svn); /*This function should only be called when _pse_mutex is acquired*/ + static ae_error_t get_pse_isv_svn(uint16_t& isv_svn); /*This function should only be called when _pse_mutex is acquired*/ static ae_error_t get_pse_cpu_svn(sgx_cpu_svn_t& cpu_svn);/*This function should only be called when _pse_mutex is acquired*/ + static ae_error_t get_pce_isv_svn(uint16_t& isv_svn); + static uint32_t get_active_extended_epid_group_id(void); static ae_error_t service_start(); static void service_stop(); @@ -138,6 +142,8 @@ public: uint64_t* ps_cap); static uint32_t endpoint_selection(endpoint_selection_infos_t& es_info); + enum {GIDMT_UNMATCHED, GIDMT_NOT_AVAILABLE, GIDMT_MATCHED,GIDMT_UNEXPECTED_ERROR}; + static uint32_t is_gid_matching_result_in_epid_blob(const GroupID& gid); static aesm_error_t report_attestation_status( uint8_t* platform_info, uint32_t platform_info_size, @@ -147,6 +153,17 @@ public: static aesm_error_t white_list_register( const uint8_t *white_list_cert, uint32_t white_list_cert_size); + static aesm_error_t get_white_list_size( + uint32_t* white_list_cert_size); + + static aesm_error_t get_white_list( + uint8_t *white_list_cert, uint32_t buf_size); + + static aesm_error_t get_extended_epid_group_id( + uint32_t* extended_epid_group_id); + + static aesm_error_t switch_extended_epid_group( + uint32_t extended_epid_group_id ); }; #endif diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_ecdsa.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_ecdsa.cpp index 92832a0469..2b86a50486 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_ecdsa.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_ecdsa.cpp @@ -32,12 +32,26 @@ #include "sgx_tcrypto.h" #include "aeerror.h" #include "tlv_common.h" -#include "cipher.h" +#include "pek_pub_key.h" +#include "peksk_pub.hh" -ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek) +ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek, const extended_epid_group_blob_t& xegb) { uint8_t result = SGX_EC_INVALID_SIGNATURE; - sgx_status_t sgx_code = check_pek_signature(signed_pek, &result); + uint32_t i; + sgx_status_t sgx_code; + const uint8_t *p = (const uint8_t *)&xegb; + for (i = 0; i < sizeof(xegb); i++){ + if (p[i] != 0){ + break; + } + } + if (i == sizeof(xegb)){//if all bytes of xegb is 0, using hardcoded PEKSK public key + sgx_code = check_pek_signature(signed_pek, (const sgx_ec256_public_t*)&g_pek_pub_key_little_endian, &result); + } + else{ + sgx_code = check_pek_signature(signed_pek, (const sgx_ec256_public_t*)xegb.pek_sk, &result); + } if(sgx_code == SGX_ERROR_OUT_OF_MEMORY) return AE_OUT_OF_MEMORY_ERROR; else if(sgx_code != SGX_SUCCESS) @@ -48,3 +62,19 @@ ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek) return AE_SUCCESS;//PEK Singatue verified successfully } +ae_error_t aesm_verify_xegb(const extended_epid_group_blob_t& signed_xegb) +{ + uint8_t result = SGX_EC_INVALID_SIGNATURE; + sgx_status_t sgx_code = verify_xegb(signed_xegb, &result); + if (sgx_code == SGX_ERROR_INVALID_PARAMETER) + return AE_INVALID_PARAMETER; + else if(sgx_code == SGX_ERROR_OUT_OF_MEMORY) + return AE_OUT_OF_MEMORY_ERROR; + else if (sgx_code != SGX_SUCCESS) + return AE_FAILURE; //unknown error code + else if (result != SGX_EC_VALID)//sgx_code is SGX_SUCCESS + return AE_INVALID_PARAMETER; //signature verification failed + else + return AE_SUCCESS;//XEGB Signature verified successfully +} + diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_encode.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_encode.cpp index bebc4a7e95..f5f3f0f8ae 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_encode.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_encode.cpp @@ -40,7 +40,6 @@ #include #include #include - /** * Method converts byte containing value from 0x00-0x0F into its corresponding ASCII code, * e.g. converts 0x00 to '0', 0x0A to 'A'. @@ -69,7 +68,7 @@ static uint8_t convert_value_to_ascii(uint8_t in) * e.g. converts '0' to 0x00, 'A' to 0x0A. * * @param in char containing ASCII code (allowed values: '0-9', 'a-f', 'A-F') -* @param val output parameter containing converted value, if method suceeds. +* @param val output parameter containing converted value, if method succeeds. * * @return true if conversion succeeds, false otherwise */ @@ -102,6 +101,7 @@ static bool convert_ascii_to_value(uint8_t in, uint8_t& val) //The out_size must always be 2*in_size since each byte into encoded by 2 characters static bool byte_array_to_hex_string(const uint8_t *in_buf, uint32_t in_size, uint8_t *out_buf, uint32_t out_size) { + if(in_size>UINT32_MAX/2)return false; if(in_buf==NULL||out_buf==NULL|| out_size!=in_size*2 )return false; for(uint32_t i=0; i< in_size; i++) @@ -120,6 +120,7 @@ static bool byte_array_to_hex_string(const uint8_t *in_buf, uint32_t in_size, ui //The in_size must be even number and equals 2*out_size static bool hex_string_to_byte_array(const uint8_t *in_buf, uint32_t in_size, uint8_t *out_buf, uint32_t out_size) { + if(out_size>UINT32_MAX/2)return false; if(in_buf==NULL||out_buf==NULL||out_size*2!=in_size)return false; for(uint32_t i=0;i 0) ? 1 : 0 ); } -//Function to give an upbound of size of data after BASR64 encoding +//Function to give an upper bound of size of data after BASR64 encoding //@param length: the length in bytes of data to be encoded -//@return an upbound of length in bytes of data after encoding +//@return an upper bound of length in bytes of data after encoding static uint32_t get_base_64_length_upbound(uint32_t length) { uint32_t extra = (length+9)/10+50;//using enough extra memory @@ -274,3 +275,4 @@ bool decode_response(const uint8_t *input_buf, uint32_t input_len, uint8_t *resp return false; return true; } + diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_encode.h b/psw/ae/aesm_service/source/aesm/extension/aesm_encode.h index 3b35f281e0..e221d408ed 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_encode.h +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_encode.h @@ -37,17 +37,16 @@ extern "C"{ #endif -uint32_t certPseSvn(); -/*Function to provide an upbound of buffer size of encoded message for an input request +/*Function to provide an upper bound of buffer size of encoded message for an input request *@param req, the header for the input request such as ProvMsg1 or ProvMsg3 - *@return an upbound of the required buffer size for the encoded message - */ + *@return an upper bound of the required buffer size for the encoded message +*/ uint32_t get_request_encoding_length(const uint8_t *req); -/*Function to provide an upbound of the response body size given the length of encoded response message +/*Function to provide an upper bound of the response body size given the length of encoded response message *@param buf_len, the length of the encoded message for an response message - *@return an upbound of the length in bytes of decoded response message body such as ProvMsg2 or ProvMsg4 + *@return an upper bound of the length in bytes of decoded response message body such as ProvMsg2 or ProvMsg4 */ uint32_t get_response_decoding_length(uint32_t buf_len); diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.cpp index cbfa1cd6fa..a268e6a69d 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.cpp @@ -45,8 +45,7 @@ ae_error_t EPIDBlob::read(epid_blob_with_cur_psvn_t& blob) goto CLEANUP_READ_FILE; } - if( data_size != sizeof(blob_cache) ) - { + if (data_size != sizeof(blob_cache)){ ae_ret = QE_EPIDBLOB_ERROR; goto CLEANUP_READ_FILE; } @@ -107,22 +106,26 @@ ae_error_t EPIDBlob::get_sgx_gid(uint32_t* pgid) epid_blob_with_cur_psvn_t epid_blob; sgx_sealed_data_t *sealed_epid = reinterpret_cast(epid_blob.trusted_epid_blob); - if (NULL != pgid) { + if (NULL == pgid) + return AE_INVALID_PARAMETER; + // + // get the epid blob + // + aesm_result = this->read(epid_blob); + if (AE_SUCCESS == aesm_result) { // - // get the epid blob + // get the gid // - aesm_result = this->read(epid_blob); - if (AE_SUCCESS == aesm_result) { - // - // get the gid - // - uint32_t plain_text_offset = sealed_epid->plain_text_offset; - se_plaintext_epid_data_t* plain_text = reinterpret_cast(epid_blob.trusted_epid_blob + sizeof(sgx_sealed_data_t) + plain_text_offset); - if(memcpy_s(pgid, sizeof(*pgid), &plain_text->epid_group_cert.gid, sizeof(plain_text->epid_group_cert.gid))) //read gid from EPID Data blob - { - AESM_DBG_ERROR("memcpy_s failed"); - aesm_result = AE_FAILURE; - } + uint32_t plain_text_offset = sealed_epid->plain_text_offset; + se_plaintext_epid_data_pak_t* plain_text = reinterpret_cast(epid_blob.trusted_epid_blob + sizeof(sgx_sealed_data_t) + plain_text_offset); + + if(memcpy_s(pgid, sizeof(*pgid), &plain_text->epid_group_cert.gid, sizeof(plain_text->epid_group_cert.gid))) //read gid from EPID Data blob + { + AESM_DBG_ERROR("memcpy_s failed"); + aesm_result = AE_FAILURE; + } + else + { // // return little-endian // @@ -135,5 +138,64 @@ ae_error_t EPIDBlob::get_sgx_gid(uint32_t* pgid) } return aesm_result; +} + + +ae_error_t EPIDBlob::get_extended_epid_group_id(uint32_t* pxeid) +{ + ae_error_t aesm_result = AE_SUCCESS; + epid_blob_with_cur_psvn_t epid_blob; + sgx_sealed_data_t *sealed_epid = reinterpret_cast(epid_blob.trusted_epid_blob); + + if (NULL == pxeid) + return AE_INVALID_PARAMETER; + // + // get the epid blob + // + aesm_result = this->read(epid_blob); + if (AE_SUCCESS == aesm_result) { + // + // get the xeid + // + uint32_t plain_text_offset = sealed_epid->plain_text_offset; + se_plaintext_epid_data_pak_t* plain_text_new = reinterpret_cast(epid_blob.trusted_epid_blob + sizeof(sgx_sealed_data_t)+plain_text_offset); + switch (plain_text_new->epid_key_version) + { + case EPID_KEY_BLOB_VERSION_PAK: + + if (memcpy_s(pxeid, sizeof(*pxeid), &plain_text_new->xeid, sizeof(plain_text_new->xeid))) //read extended_epid_group_id from EPID Data blob + { + AESM_DBG_ERROR("memcpy_s failed"); + aesm_result = AE_FAILURE; + } + else + { + // + // return little-endian + // + AESM_DBG_TRACE(": get gid %d from epid blob", *pxeid); + aesm_result = AE_SUCCESS; + } + break; + default: + AESM_DBG_ERROR("unexpected epid_key_version"); + aesm_result = AE_FAILURE; + break; + } + } + return aesm_result; } + + +ae_error_t EPIDBlob::remove(void) +{ + ae_error_t ae_ret = AE_FAILURE; + status = not_available; + if ((ae_ret = aesm_remove_data(FT_PERSISTENT_STORAGE, EPID_DATA_BLOB_FID)) != AE_SUCCESS){ + status = not_initialized; + return ae_ret; + } + status = not_initialized; + return AE_SUCCESS; +} diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.h b/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.h index 16b49e20d6..b0fec667a8 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.h +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_epid_blob.h @@ -44,10 +44,11 @@ #include "internal/se_rwlock.h" typedef struct _epid_blob_with_cur_psvn_t{ - uint8_t trusted_epid_blob[HARD_CODED_EPID_BLOB_SIZE]; - psvn_t cur_psvn; + uint8_t trusted_epid_blob[SGX_TRUSTED_EPID_BLOB_SIZE_PAK]; + bk_platform_info_t cur_pi; }epid_blob_with_cur_psvn_t; + #define SGX_EPID_BLOB_SIZE sizeof(epid_blob_with_cur_psvn_t) class EPIDBlob: public Singleton{ @@ -60,6 +61,8 @@ public: ae_error_t read(epid_blob_with_cur_psvn_t& blob); ae_error_t write(const epid_blob_with_cur_psvn_t& blob); ae_error_t get_sgx_gid(uint32_t* pgid);/*get little endian gid from epid data blob*/ + ae_error_t get_extended_epid_group_id(uint32_t* pxeid);//get little endian extended_epid_group_id from epid data blob + ae_error_t remove(void); }; #endif/*_AESM_EPID_BLOB_H_*/ diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_http_msg.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_http_msg.cpp index 0f7ffbc682..fbe8c5afe9 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_http_msg.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_http_msg.cpp @@ -59,6 +59,9 @@ static size_t write_callback(void *ptr, size_t size, size_t nmemb, void *stream) network_malloc_info_t* s=reinterpret_cast(stream); uint32_t start=0; if(s->base==NULL){ + if(UINT32_MAX/sizebase = reinterpret_cast(malloc(size*nmemb)); s->size = static_cast(size*nmemb); if(s->base==NULL){ @@ -67,6 +70,9 @@ static size_t write_callback(void *ptr, size_t size, size_t nmemb, void *stream) } }else{ uint32_t newsize = s->size+static_cast(size*nmemb); + if((UINT32_MAX-s->size)/size(malloc(newsize)); if(p == NULL){ free(s->base); @@ -105,6 +111,7 @@ static ae_error_t http_network_init(CURL **curl, const char *url, bool is_ocsp) } if((cc=curl_easy_setopt(*curl, CURLOPT_URL, url_path.c_str()))!=CURLE_OK){ AESM_DBG_ERROR("fail error code %d in set url %s",(int)cc, url_path.c_str()); + curl_easy_cleanup(*curl); return AE_FAILURE; } (void)curl_easy_setopt(*curl, CURLOPT_REDIR_PROTOCOLS, CURLPROTO_HTTP | CURLPROTO_HTTPS); @@ -123,44 +130,62 @@ static ae_error_t http_network_send_data(CURL *curl, const char *req_msg, uint32 { AESM_DBG_TRACE("send data method=%d",method); struct curl_slist *headers=NULL; + struct curl_slist *tmp=NULL; + ae_error_t ae_ret = AE_SUCCESS; CURLcode cc=CURLE_OK; + int num_bytes = 0; if(is_ocsp){ - headers = curl_slist_append(headers, "Accept: application/ocsp-response"); - if(headers==NULL){ + tmp = curl_slist_append(headers, "Accept: application/ocsp-response"); + if(tmp==NULL){ AESM_DBG_ERROR("fail in add accept ocsp-response header"); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } - headers = curl_slist_append(headers, "Content-Type: application/ocsp-request"); - if(headers == NULL){ + headers = tmp; + tmp = curl_slist_append(headers, "Content-Type: application/ocsp-request"); + if(tmp == NULL){ AESM_DBG_ERROR("fail in add content type ocsp-request"); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } + headers=tmp; AESM_DBG_TRACE("ocsp request"); } char buf[50]; - sprintf(buf, "Content-Length: %u", (unsigned int)msg_size); - headers = curl_slist_append(headers, buf); - if(headers == NULL){ - AESM_DBG_ERROR("fail to add content-length header"); - return AE_FAILURE; + num_bytes = snprintf(buf,sizeof(buf), "Content-Length: %u", (unsigned int)msg_size); + if(num_bytes<0 || num_bytes>=sizeof(buf)){ + AESM_DBG_ERROR("fail to prepare string Content-Length"); + ae_ret = AE_FAILURE; + goto fini; } + tmp = curl_slist_append(headers, buf); + if(tmp == NULL){ + AESM_DBG_ERROR("fail to add content-length header"); + ae_ret = AE_FAILURE; + goto fini; + } + headers=tmp; if((cc=curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers))!=CURLE_OK){ AESM_DBG_ERROR("fail to set http header:%d",(int)cc); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } if(method == POST){ if((cc=curl_easy_setopt(curl, CURLOPT_POSTFIELDS, req_msg))!=CURLE_OK){ AESM_DBG_ERROR("fail to set POST fields:%d",(int)cc); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } if((cc=curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE, msg_size))!=CURLE_OK){ AESM_DBG_ERROR("fail to set POST fields size:%d",(int)cc); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } } if((cc=curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_callback))!=CURLE_OK){ AESM_DBG_ERROR("Fail to set callback function:%d",(int)cc); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } network_malloc_info_t malloc_info; @@ -168,19 +193,26 @@ static ae_error_t http_network_send_data(CURL *curl, const char *req_msg, uint32 malloc_info.size = 0; if((cc=curl_easy_setopt(curl, CURLOPT_WRITEDATA, reinterpret_cast(&malloc_info)))!=CURLE_OK){ AESM_DBG_ERROR("fail to set write back function parameter:%d",(int)cc); - return AE_FAILURE; + ae_ret = AE_FAILURE; + goto fini; } if((cc=curl_easy_perform(curl))!=CURLE_OK){ if(malloc_info.base){ free(malloc_info.base); } AESM_DBG_ERROR("fail in connect:%d",(int)cc); - return OAL_NETWORK_UNAVAILABLE_ERROR; + ae_ret = OAL_NETWORK_UNAVAILABLE_ERROR; + goto fini; } *resp_msg = malloc_info.base; resp_size = malloc_info.size; AESM_DBG_TRACE("get response size=%d",resp_size); - return AE_SUCCESS; + ae_ret = AE_SUCCESS; +fini: + if(headers!=NULL){ + curl_slist_free_all(headers); + } + return ae_ret; } static void http_network_fini(CURL *curl) diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.cpp index 1395c8438d..0fced729df 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.cpp @@ -30,7 +30,6 @@ */ - #include "aesm_long_lived_thread.h" #include "pve_logic.h" #include "platform_info_logic.h" @@ -40,6 +39,7 @@ #include #include #include +#include "LEClass.h" enum _thread_state { @@ -56,6 +56,7 @@ enum _io_cache_state }; #define MAX_OUTPUT_CACHE 50 +#define THREAD_INFINITE_TICK_COUNT 0xFFFFFFFFFFFFFFFFLL class ThreadStatus; class BaseThreadIOCache; typedef ae_error_t (*long_lived_thread_func_t)(BaseThreadIOCache *cache); @@ -176,18 +177,18 @@ public: } void set_status_finish(BaseThreadIOCache* ioc);//only called at the end of aesm_long_lived_thread_entry void deref(BaseThreadIOCache* iocache); - ae_error_t wait_iocache(BaseThreadIOCache* ioc); + ae_error_t wait_iocache_timeout(BaseThreadIOCache* ioc, uint64_t stop_tick_count); //create thread and wait at most 'timeout' for the thread to be finished // It will first look up whether there is a previous run with same input before starting the thread // we should not delete ioc after calling to this function ae_error_t set_thread_start(BaseThreadIOCache* ioc, BaseThreadIOCache *&out_ioc, uint32_t timeout=THREAD_TIMEOUT); - void stop_thread();//We need wait for thread to be terminated and all thread_handle in list to be closed + void stop_thread(uint64_t stop_milli_second);//We need wait for thread to be terminated and all thread_handle in list to be closed - ~ThreadStatus(){stop_thread();}//ThreadStatus instance should be global object. Otherwise, it is possible that the object is destroyed before a thread waiting for and IOCache got notified and causing exception + ~ThreadStatus(){stop_thread(THREAD_INFINITE_TICK_COUNT);}//ThreadStatus instance should be global object. Otherwise, it is possible that the object is destroyed before a thread waiting for and IOCache got notified and causing exception - ae_error_t wait_for_cur_thread(void); + ae_error_t wait_for_cur_thread(uint64_t millisecond); //function to query whether current thread is idle, //if it is idle, return true and reset clock to current clock value @@ -218,7 +219,7 @@ static ae_error_t aesm_long_lived_thread_entry(aesm_thread_arg_type_t arg) return ae_err; } -void ThreadStatus::stop_thread() +void ThreadStatus::stop_thread(uint64_t stop_tick_count) { //change state to stop thread_mutex.lock(); @@ -237,7 +238,7 @@ void ThreadStatus::stop_thread() BaseThreadIOCache *p=*it; p->ref_count++; thread_mutex.unlock(); - wait_iocache(p); + wait_iocache_timeout(p, stop_tick_count); thread_mutex.lock(); }else{ break; @@ -249,9 +250,15 @@ void ThreadStatus::stop_thread() //Leave memory leak here is OK and all pointer to BaseThreadIOCache will not be released } -ae_error_t ThreadStatus::wait_for_cur_thread(void) +ae_error_t ThreadStatus::wait_for_cur_thread(uint64_t millisecond) { BaseThreadIOCache *ioc=NULL; + uint64_t stop_tick_count; + if(millisecond == AESM_THREAD_INFINITE){ + stop_tick_count = THREAD_INFINITE_TICK_COUNT; + }else{ + stop_tick_count = se_get_tick_count() + (millisecond*se_get_tick_count_freq()+500)/1000; + } thread_mutex.lock(); if(cur_iocache!=NULL){ ioc = cur_iocache; @@ -259,25 +266,34 @@ ae_error_t ThreadStatus::wait_for_cur_thread(void) } thread_mutex.unlock(); if(ioc!=NULL){ - return wait_iocache(ioc); + return wait_iocache_timeout(ioc, stop_tick_count); } return AE_SUCCESS; } -ae_error_t ThreadStatus::wait_iocache(BaseThreadIOCache* ioc) +ae_error_t ThreadStatus::wait_iocache_timeout(BaseThreadIOCache* ioc, uint64_t stop_tick_count) { ae_error_t ae_ret=AE_SUCCESS; + uint64_t cur_tick_count = se_get_tick_count(); + uint64_t freq = se_get_tick_count_freq(); bool need_wait=false; aesm_thread_t handle=NULL; thread_mutex.lock(); - if(ioc->thread_handle!=NULL){ + if(ioc->thread_handle!=NULL&&(cur_tick_countref_count); need_wait = true; handle = ioc->thread_handle; } thread_mutex.unlock(); if(need_wait){ - ae_ret= aesm_wait_thread(handle, &ae_ret, AESM_THREAD_INFINITE); + unsigned long diff_time; + if(stop_tick_count == THREAD_INFINITE_TICK_COUNT){ + diff_time = AESM_THREAD_INFINITE; + }else{ + double wtime=(double)(stop_tick_count-cur_tick_count)*1000.0/(double)freq; + diff_time = (unsigned long)(wtime+0.5); + } + ae_ret= aesm_wait_thread(handle, &ae_ret, diff_time); } deref(ioc); return ae_ret; @@ -384,10 +400,10 @@ static time_t get_timeout_via_ae_error(ae_error_t ae) case PVE_REVOKED_ERROR: case PVE_MSG_ERROR: case PVE_PERFORMANCE_REKEY_NOT_SUPPORTED: - case PSW_UPDATED_REQUIRED: + case PSW_UPDATE_REQUIRED: return cur+TIMEOUT_LONG_TIME; default: - return cur+TIMEOUT_FOR_A_WHILE;//not retry too quickly for unknown error + return cur+TIMEOUT_SHORT_TIME;//retry quicky for unknown error } } @@ -432,6 +448,9 @@ bool ThreadStatus::query_status_and_reset_clock(void) static ThreadStatus epid_thread; +static ThreadStatus white_list_thread; + + class EpidProvIOCache:public BaseThreadIOCache{ bool performance_rekey;//input protected: @@ -449,17 +468,40 @@ public: } }; +class WhiteListIOCache :public BaseThreadIOCache{ +//no input to be cached for white list pulling +protected: + WhiteListIOCache(void){ + } + virtual ae_error_t entry(void); + virtual ThreadStatus& get_thread(); + friend ae_error_t start_white_list_thread(unsigned long timeout); +public: + virtual bool operator==(const BaseThreadIOCache& oc)const{ + const WhiteListIOCache *p = dynamic_cast(&oc); + if (p == NULL) return false; + return true; + } +}; ThreadStatus& EpidProvIOCache::get_thread() { return epid_thread; } +ThreadStatus& WhiteListIOCache::get_thread() +{ + return white_list_thread; +} ae_error_t EpidProvIOCache::entry() { return ae_ret = PvEAESMLogic::epid_provision_thread_func(performance_rekey); } +ae_error_t WhiteListIOCache::entry() +{ + return ae_ret = CLEClass::update_white_list_by_url(); +} //start implementation of external functions @@ -494,17 +536,25 @@ ae_error_t start_epid_provision_thread(bool performance_rekey, unsigned long tim FINI_THREAD() } +ae_error_t start_white_list_thread(unsigned long timeout) +{ + INIT_THREAD(WhiteListIOCache, timeout, ()) + FINI_THREAD() +} bool query_pve_thread_status(void) { return epid_thread.query_status_and_reset_clock(); } - -ae_error_t wait_pve_thread(void) +ae_error_t wait_pve_thread(uint64_t time_out_milliseconds) { - return epid_thread.wait_for_cur_thread(); + return epid_thread.wait_for_cur_thread(time_out_milliseconds); } -void stop_all_long_lived_threads(void) +void stop_all_long_lived_threads(uint64_t time_out_milliseconds) { - epid_thread.stop_thread(); + uint64_t freq = se_get_tick_count_freq(); + uint64_t stop_tick_count = se_get_tick_count()+(time_out_milliseconds*freq+500)/1000; + epid_thread.stop_thread(stop_tick_count); + white_list_thread.stop_thread(stop_tick_count); } + diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.h b/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.h index 1685b80078..32006928ac 100644 --- a/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.h +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_long_lived_thread.h @@ -33,9 +33,11 @@ #define _AESM_LONG_LIVED_THREAD_H_ #include "aesm_logic.h" +#define AESM_STOP_TIMEOUT (60*1000) /*waiting for 1 minute at most*/ extern ae_error_t start_epid_provision_thread(bool performance_rekey, unsigned long timeout=THREAD_TIMEOUT); +extern ae_error_t start_white_list_thread(unsigned long timeout=THREAD_TIMEOUT); extern bool query_pve_thread_status(void);/*return true if idle and reset clock for thread*/ -extern ae_error_t wait_pve_thread(void); -extern void stop_all_long_lived_threads(void); +extern ae_error_t wait_pve_thread(uint64_t time_out_milliseconds=AESM_THREAD_INFINITE); +extern void stop_all_long_lived_threads(uint64_t time_out_milliseconds=AESM_STOP_TIMEOUT); #endif diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.cpp b/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.cpp new file mode 100644 index 0000000000..c596f493e3 --- /dev/null +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.cpp @@ -0,0 +1,109 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include "aesm_xegd_blob.h" +#include "endpoint_select_info.h" +#include "internal/se_memcpy.h" +#include "oal/oal.h" +#include "byte_order.h" +#include "aesm_epid_blob.h" + +ae_error_t XEGDBlob::verify_xegd_by_xgid(uint32_t xgid) +{ + extended_epid_group_blob_t blob; + if (xgid == DEFAULT_EGID){//always return success for default xgid + return AE_SUCCESS; + } + uint32_t data_size = sizeof(blob); + ae_error_t ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast(&blob), &data_size, xgid); + if (AE_SUCCESS != ae_ret){ + return ae_ret; + } + if (data_size != sizeof(blob)){ + return OAL_CONFIG_FILE_ERROR; + } + ae_ret = verify(blob); + return ae_ret; +} + +ae_error_t XEGDBlob::read(extended_epid_group_blob_t& blob) +{ + ae_error_t ae_ret = AE_FAILURE; + if(status == not_initialized){ + uint32_t data_size = sizeof(blob_cache); + if ((ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast(&blob_cache), &data_size, AESMLogic::get_active_extended_epid_group_id())) != AE_SUCCESS){ + goto CLEANUP_READ_FILE; + } + if (data_size != sizeof(blob_cache)){ + ae_ret = OAL_CONFIG_FILE_ERROR; + goto CLEANUP_READ_FILE; + } + ae_ret = verify(blob_cache); + if (AE_SUCCESS != ae_ret){ + AESM_DBG_ERROR("signature error in XEGD file"); + goto CLEANUP_READ_FILE; + } + status = update_to_date; +CLEANUP_READ_FILE: + if (status != update_to_date){ + if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){ + memset(&blob_cache, 0, sizeof(blob_cache));//indicate other part to use default data + status = update_to_date; + } + else{ + status = not_available;//xegd blob lost + } + } + } + if(status == update_to_date){ + if(memcpy_s(&blob, sizeof(blob), &blob_cache, sizeof(blob_cache))!=0){ + status = not_available; //invalid + ae_ret = AE_FAILURE; + }else{ + ae_ret = AE_SUCCESS; + } + } + return ae_ret; +} + +ae_error_t aesm_verify_xegb(const extended_epid_group_blob_t& signed_xegb); + +ae_error_t XEGDBlob::verify(const extended_epid_group_blob_t& signed_xegb) +{ + ae_error_t aesm_result = aesm_verify_xegb(signed_xegb); + if (AE_SUCCESS != aesm_result) + { + AESM_DBG_ERROR("Extended EPID Group Blob Signature verifcation not passed:%d", aesm_result); + return aesm_result; + } + return aesm_result; +} + diff --git a/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.h b/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.h new file mode 100644 index 0000000000..8f206d7402 --- /dev/null +++ b/psw/ae/aesm_service/source/aesm/extension/aesm_xegd_blob.h @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#pragma once +/*File to declare class for extended_epid_group_blob*/ +#include "se_types.h" +#include "sgx_tseal.h" +#include "oal/oal.h" +#include "AEClass.h" +#include "epid_pve_type.h" +#include "assert.h" +#include "aeerror.h" +#include "se_thread.h" +#include "provision_msg.h" +#include "internal/se_rwlock.h" +#include "aesm_error.h" + +class XEGDBlob: public Singleton{ + CLASS_UNCOPYABLE(XEGDBlob) + extended_epid_group_blob_t blob_cache; + friend class Singleton; + enum XEGDBlobStatus {not_initialized=0, update_to_date=1, not_available=2} status; + XEGDBlob(){ memset(&blob_cache, 0, sizeof(blob_cache)); status = not_initialized; } + static ae_error_t verify(const extended_epid_group_blob_t& signed_xegb); +public: + ae_error_t read(extended_epid_group_blob_t& blob); + static ae_error_t verify_xegd_by_xgid(uint32_t xgid); +}; + diff --git a/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.cpp b/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.cpp index 0c0f8754cd..607a6e0420 100644 --- a/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.cpp @@ -38,8 +38,9 @@ #include "sgx_tcrypto.h" #include "ippcp.h" #include "ippcore.h" +#include "aesm_xegd_blob.h" +#include "peksk_pub.hh" #include "sgx_read_rand.h" -#include "se_wrapper.h" #include @@ -89,9 +90,98 @@ static ae_error_t ipp_error_to_ae_error(IppStatus ipp_status) else return AE_FAILURE;//unknown or unexpected ipp error } -ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek); -IppStatus get_provision_server_rsa_pub_key_in_ipp_format(const signed_pek_t& pek, IppsRSAPublicKeyState **rsa_pub_key); +static bool is_valid_server_url_infos(const aesm_server_url_infos_t& server_urls) +{ + if(server_urls.aesm_data_type!=AESM_DATA_SERVER_URL_INFOS|| + server_urls.aesm_data_version!=AESM_DATA_SERVER_URL_VERSION&& + server_urls.aesm_data_version != AESM_DATA_SERVER_URL_VERSION_1)//still support version 1 since the first 3 urls in version 1 is still same as the urls in version 2 + return false; + if(strnlen(server_urls.endpoint_url,MAX_PATH)>=MAX_PATH) + return false; + if (strnlen(server_urls.pse_rl_url, MAX_PATH) >= MAX_PATH) + return false; + if (strnlen(server_urls.pse_ocsp_url, MAX_PATH) >= MAX_PATH) + return false; + return true; +} +ae_error_t EndpointSelectionInfo::verify_file_by_xgid(uint32_t xgid) +{ + if (xgid == DEFAULT_EGID){//always return true for DEFAULT_EGID + return AE_SUCCESS; + } + aesm_server_url_infos_t urls; + uint32_t server_urls_size = sizeof(urls); + ae_error_t ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast(&urls), &server_urls_size, xgid); + if (AE_SUCCESS != ae_err || + server_urls_size != sizeof(urls) || + !is_valid_server_url_infos(urls)){ + return OAL_CONFIG_FILE_ERROR; + } + return AE_SUCCESS; +} + +//Function to read urls from configure files +ae_error_t EndpointSelectionInfo::get_url_info() +{ + ae_error_t ae_err=AE_SUCCESS; + uint32_t server_urls_size = sizeof(_server_urls); + + ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast(&_server_urls), &server_urls_size, AESMLogic::get_active_extended_epid_group_id()); + + if(AE_SUCCESS != ae_err || + server_urls_size != sizeof(_server_urls)|| + !is_valid_server_url_infos(_server_urls)){ //If fail to read or data format error, use default value + _is_server_url_valid = false; + if(AE_SUCCESS == ae_err){//File available but format error, report ERROR LOG + AESM_LOG_WARN("Server URL Blob file format error"); + AESM_DBG_INFO("fail to read server url info from persistent storage, error code (%d), size %d, expected size %d", + ae_err, server_urls_size, sizeof(_server_urls)); + ae_err = OAL_CONFIG_FILE_ERROR; + }else{ + AESM_DBG_INFO("server url blob file not available in persistent storage"); + } + if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){ + if (strcpy_s(_server_urls.endpoint_url, MAX_PATH, DEFAULT_URL) != 0) + return AE_FAILURE; + if (strcpy_s(_server_urls.pse_rl_url, MAX_PATH, DEFAULT_PSE_RL_URL) != 0) + return AE_FAILURE; + if (strcpy_s(_server_urls.pse_ocsp_url, MAX_PATH, DEFAULT_PSE_OCSP_URL) != 0) + return AE_FAILURE; + _is_server_url_valid = true; + return AE_SUCCESS; + } + else{ + return ae_err; + } + } + + _is_server_url_valid = true; + return AE_SUCCESS; +} + +ae_error_t EndpointSelectionInfo::get_url_info(aesm_server_url_infos_t& server_url) +{ + AESMLogicLock lock(_es_lock); + if (!_is_server_url_valid){ + (void)get_url_info(); + } + if (_is_server_url_valid) + { + if (memcpy_s(&server_url, sizeof(server_url), &_server_urls, sizeof(_server_urls)) != 0){ + return AE_FAILURE; + } + } + else + { + return AE_FAILURE; + } + return AE_SUCCESS; + +} + +ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek, const extended_epid_group_blob_t& xegb); +IppStatus get_provision_server_rsa_pub_key_in_ipp_format(const signed_pek_t& pek, IppsRSAPublicKeyState **rsa_pub_key); //The function is to verify the PEK ECDSA Signature and RSA Signature for ES Msg2 // When PvE uses PEK, it will re-check the ECDSA Signature //The function will only be called after ES protocol is completed. But it will not be called when reading data back from persitent storage @@ -113,14 +203,19 @@ ae_error_t EndpointSelectionInfo::verify_signature(const endpoint_selection_info IppStatus ipp_status = ippStsNoErr; uint8_t msg_buf[XID_SIZE + sizeof(ttl) + MAX_PATH]; uint32_t buf_size = 0; + extended_epid_group_blob_t xegb={0}; - ae_err = aesm_check_pek_signature(es_info.pek); + if (AE_SUCCESS != (ae_err=XEGDBlob::instance().read(xegb))){ + return ae_err; + } + + ae_err = aesm_check_pek_signature(es_info.pek, xegb); if(AE_SUCCESS != ae_err){ AESM_DBG_ERROR("PEK Signature verifcation not passed:%d",ae_err); goto ret_point; } AESM_DBG_INFO("PEK signature verified successfully"); - buf_size = XID_SIZE +static_cast(sizeof(ttl) + strnlen_s(es_info.provision_url, MAX_PATH)); + buf_size = XID_SIZE +static_cast(sizeof(ttl) + strnlen(es_info.provision_url, MAX_PATH)); if(0!=memcpy_s(msg_buf,sizeof(msg_buf), xid, XID_SIZE)|| 0!=memcpy_s(msg_buf+XID_SIZE, sizeof(ttl) + MAX_PATH, &ttl, sizeof(ttl))|| 0!=memcpy_s(msg_buf+XID_SIZE+sizeof(ttl), MAX_PATH, es_info.provision_url, buf_size-XID_SIZE-sizeof(ttl))){ @@ -192,9 +287,12 @@ ae_error_t EndpointSelectionInfo::start_protocol(endpoint_selection_infos_t& es_ AESM_DBG_DEBUG("enter fun"); memset(&es_info, 0, sizeof(es_info)); memset(&enclave_output, 0, sizeof(enclave_output)); - if(!_is_server_url_loaded){ - (void) read_aesm_config(_server_urls); - _is_server_url_loaded = true; + if(!_is_server_url_valid){ + ae_ret = get_url_info(); + if(AE_SUCCESS != ae_ret){//It is not likely happen, only fail when memcpy_s failed + AESM_DBG_ERROR("Fail to initialize server URL information"); + goto final_point; + } } do{ @@ -277,14 +375,42 @@ final_point: return ae_ret; } +const char *EndpointSelectionInfo::get_server_url(aesm_network_server_enum_type_t type) +{ + AESMLogicLock lock(_es_lock); + if (type == SGX_WHITE_LIST_FILE){ + if (!_is_white_list_url_valid){ + (void)read_aesm_config(_config_urls); + _is_white_list_url_valid = true; + } + return _config_urls.white_list_url; + } + if(!_is_server_url_valid){ + (void)get_url_info(); + } + if(!_is_server_url_valid){ + return NULL; + } + switch(type){ + case ENDPOINT_SELECTION: + return _server_urls.endpoint_url; + case REVOCATION_LIST_RETRIEVAL: + return _server_urls.pse_rl_url; + case PSE_OCSP: + return _server_urls.pse_ocsp_url; + default://invalid case + assert(0); + return NULL; + } +} + void EndpointSelectionInfo::get_proxy(uint32_t& proxy_type, char proxy_url[MAX_PATH]) { AESMLogicLock lock(_es_lock); - if(!_is_server_url_loaded){ - (void)read_aesm_config(_server_urls); - _is_server_url_loaded=true; + if(!_is_white_list_url_valid){ + (void)read_aesm_config(_config_urls); + _is_white_list_url_valid=true; } - proxy_type = _server_urls.proxy_type; - strcpy(proxy_url, _server_urls.aesm_proxy); + proxy_type = _config_urls.proxy_type; + strcpy(proxy_url, _config_urls.aesm_proxy); } - diff --git a/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.h b/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.h index 39c38a0ebb..7b37c55116 100644 --- a/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.h +++ b/psw/ae/aesm_service/source/aesm/extension/endpoint_select_info.h @@ -34,21 +34,33 @@ #include "se_types.h" #include "sgx_tseal.h" #include "aeerror.h" -#include "tlv_common.h" #include "se_thread.h" #include "internal/se_rwlock.h" #include "oal/oal.h" #include "se_wrapper.h" #include #include +#include "tlv_common.h" #include "AEClass.h" #include "aesm_logic.h" +#define AESM_DATA_SERVER_URL_INFOS 'A' #define AESM_DATA_ENDPOINT_SELECTION_INFOS 'B' +#define AESM_DATA_SERVER_URL_VERSION_1 1 +#define AESM_DATA_SERVER_URL_VERSION 2 #define AESM_DATA_ENDPOINT_SELECTION_VERSION 1 #pragma pack(1) #include "aesm_config.h" +/*Struct for PCE based url information which will be installed by PSW Installer*/ +typedef struct _aesm_server_url_infos_t{ + uint8_t aesm_data_type; + uint8_t aesm_data_version; + char endpoint_url[MAX_PATH]; /*URL for endpoint selection protocol server*/ + char pse_rl_url[MAX_PATH]; /*URL to retrieve PSE rovocation List*/ + char pse_ocsp_url[MAX_PATH]; +}aesm_server_url_infos_t; + /*Struct for data to save endpoint selection protocol result into persistent data storage*/ typedef struct _endpoint_selection_infos_t{ uint8_t aesm_data_type; @@ -61,26 +73,32 @@ typedef struct _endpoint_selection_infos_t{ /*An interface to provide the endpoint selection protocol and also provide some URLs (result of ES protocol or some static url) *Singleton class used to provide a singleton instance in memory and lock used so that it could be shared by PvE/PSEPR *EndpointSelectionInfo::instance().start_protocol(...) could be used to get endpoint selection result - * It will restart the ES protocol to get updated data. If the protocol fails, it may resue existing endpoint selection protocol result in persistent storage + * It will restart the ES protocol to get updated data. If the protocol fails, it may reuse existing endpoint selection protocol result in persistent storage */ class EndpointSelectionInfo: public Singleton{ CLASS_UNCOPYABLE(EndpointSelectionInfo); friend class Singleton; private: - AESMLogicMutex _es_lock; /*lock used since the data will be accessed by two different components: PSEPR and PVE*/ - aesm_config_infos_t _server_urls; /*some readonly urls */ - bool _is_server_url_valid; /*Set it to true when field _server_urls is valid*/ - bool _is_server_url_loaded;/*Set it to true after trying to read _server_urls from persistent storage. If _is_server_url_valid is false but this field is true, it means there're problem in persistent storage access*/ + AESMLogicMutex _es_lock; /*lock used since the data will be accessed by two different components: PSEPR and PVE*/ + aesm_config_infos_t _config_urls; /*some readonly urls not related to XEGD*/ + aesm_server_url_infos_t _server_urls; /*XEGD based readonly url*/ + bool _is_server_url_valid; /*Set it to true when field _server_urls is valid*/ + bool _is_white_list_url_valid; /*Set it to true after reading _config_urls*/ static ae_error_t read_pek(endpoint_selection_infos_t& es_info); /*read _es_info from persistent storage*/ static ae_error_t write_pek(const endpoint_selection_infos_t& es_info); /*save _es_info to persistent storage*/ ae_error_t verify_signature(const endpoint_selection_infos_t& es_info, uint8_t xid[XID_SIZE], uint8_t rsa_signature[PVE_RSA_KEY_BYTES], uint16_t ttl); /*verify rsa signature in ES protocol result*/ public: EndpointSelectionInfo(){ memset(&_server_urls, 0, sizeof(_server_urls)); - _is_server_url_loaded=false; + memset(&_config_urls, 0, sizeof(_config_urls)); + _is_white_list_url_valid=false; _is_server_url_valid=false; } public: + static ae_error_t verify_file_by_xgid(uint32_t xgid); + ae_error_t get_url_info(); + ae_error_t get_url_info(aesm_server_url_infos_t& server_url); + const char *get_server_url(aesm_network_server_enum_type_t type); void get_proxy(uint32_t& proxy_type, char proxy_url[MAX_PATH]); /*Function to get result of Endpoint Selection Protocol from Backend Server*/ ae_error_t start_protocol(endpoint_selection_infos_t& es_info); diff --git a/psw/ae/aesm_service/source/aesm/extension/platform_info_facility.cpp b/psw/ae/aesm_service/source/aesm/extension/platform_info_facility.cpp new file mode 100644 index 0000000000..2fd994bd54 --- /dev/null +++ b/psw/ae/aesm_service/source/aesm/extension/platform_info_facility.cpp @@ -0,0 +1,144 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "platform_info_logic.h" +#include "byte_order.h" +#include +#include "sgx_profile.h" + +ae_error_t PlatformInfoLogic::get_sgx_epid_group_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint8_t* pflags) +{ + ae_error_t retval = AE_SUCCESS; + if (NULL != pflags && NULL != p_platform_info_blob && p_platform_info_blob->valid_info_blob) { + *pflags = p_platform_info_blob->platform_info_blob.sgx_epid_group_flags; + } + else { + retval = AE_INVALID_PARAMETER; + } + return retval; +} + +ae_error_t PlatformInfoLogic::get_sgx_tcb_evaluation_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint16_t* pflags) +{ + ae_error_t retval = AE_SUCCESS; + if (NULL != pflags && NULL != p_platform_info_blob && p_platform_info_blob->valid_info_blob) { + const uint16_t* p = reinterpret_cast(p_platform_info_blob->platform_info_blob.sgx_tcb_evaluation_flags); + *pflags = lv_ntohs(*p); + } + else { + retval = AE_INVALID_PARAMETER; + } + return retval; +} + +bool PlatformInfoLogic::sgx_gid_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + uint8_t flags = 0; + bool retVal = false; + ae_error_t getflagsError = get_sgx_epid_group_flags(p_platform_info_blob, &flags); + if (AE_SUCCESS == getflagsError) { + retVal = (0 != (QE_EPID_GROUP_OUT_OF_DATE & flags)); + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); + + return retVal; +} + +bool PlatformInfoLogic::performance_rekey_available(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + // + // return whether platform info blob says PR is available + // the group associated with PR that's returned corresponds to the group + // that we'll be in **after** executing PR + // + bool retVal = false; + uint8_t flags; + ae_error_t getflagsError = get_sgx_epid_group_flags(p_platform_info_blob, &flags); + if (AE_SUCCESS == getflagsError) { + retVal = static_cast(flags & PERF_REKEY_FOR_QE_EPID_GROUP_AVAILABLE); + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); + return retVal; +} +bool PlatformInfoLogic::qe_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + uint16_t flags = 0; + bool retVal = true; + ae_error_t getflagsError = get_sgx_tcb_evaluation_flags(p_platform_info_blob, &flags); + if (AE_SUCCESS == getflagsError) { + retVal = (0 != (QUOTE_ISVSVN_QE_OUT_OF_DATE & flags)); + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); + return retVal; +} + +bool PlatformInfoLogic::pce_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + uint16_t flags = 0; + bool retVal = true; + ae_error_t getflagsError = get_sgx_tcb_evaluation_flags(p_platform_info_blob, &flags); + if (AE_SUCCESS == getflagsError) { + retVal = (0 != (QUOTE_ISVSVN_PCE_OUT_OF_DATE & flags)); + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); + return retVal; +} + +bool PlatformInfoLogic::cpu_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + uint16_t flags = 0; + bool retVal = false; + ae_error_t getflagsError = get_sgx_tcb_evaluation_flags(p_platform_info_blob, &flags); + if (AE_SUCCESS == getflagsError) { + retVal = (0 != (QUOTE_CPUSVN_OUT_OF_DATE & flags)); + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); + + return retVal; +} +ae_error_t PlatformInfoLogic::need_epid_provisioning(const platform_info_blob_wrapper_t* p_platform_info_blob) +{ + ae_error_t status = AESM_NEP_DONT_NEED_EPID_PROVISIONING; + if (sgx_gid_out_of_date(p_platform_info_blob) && + !qe_svn_out_of_date(p_platform_info_blob) && + !cpu_svn_out_of_date(p_platform_info_blob) && + !pce_svn_out_of_date(p_platform_info_blob)) + { + status = AESM_NEP_DONT_NEED_UPDATE_PVEQE; // don't need update, but need epid provisioning + } + else if (!sgx_gid_out_of_date(p_platform_info_blob) && performance_rekey_available(p_platform_info_blob)) + { + status = AESM_NEP_PERFORMANCE_REKEY; + } + SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", status, status); + return status; +} + diff --git a/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.cpp b/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.cpp index 40ed197950..4fb783c37e 100644 --- a/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.cpp @@ -29,75 +29,19 @@ * */ - #include "util.h" #include "platform_info_logic.h" #include "sgx_quote.h" #include "aesm_encode.h" #include "pve_logic.h" #include "aesm_logic.h" -#include -#include "sgx_profile.h" #include "le2be_macros.h" #include "pibsk_pub.hh" #include "sgx_sha256_128.h" +#include +#include "sgx_profile.h" #include "aesm_long_lived_thread.h" -ae_error_t PlatformInfoLogic::get_sgx_epid_group_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint8_t* pflags) -{ - ae_error_t retval = AE_SUCCESS; - if (NULL != pflags && NULL != p_platform_info_blob && p_platform_info_blob->valid_info_blob){ - *pflags = p_platform_info_blob->platform_info_blob.sgx_epid_group_flags; - } - else { - retval = AE_INVALID_PARAMETER; - } - return retval; -} - -ae_error_t PlatformInfoLogic::get_sgx_tcb_evaluation_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint16_t* pflags) -{ - ae_error_t retval = AE_SUCCESS; - if (NULL != pflags && NULL != p_platform_info_blob && p_platform_info_blob->valid_info_blob) { - const uint16_t* p = reinterpret_cast(p_platform_info_blob->platform_info_blob.sgx_tcb_evaluation_flags); - *pflags = lv_ntohs(*p); - } - else { - retval = AE_INVALID_PARAMETER; - } - return retval; -} - -bool PlatformInfoLogic::sgx_gid_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) -{ - uint8_t flags = 0; - bool retVal = false; - ae_error_t getflagsError = get_sgx_epid_group_flags(p_platform_info_blob, &flags); - if (AE_SUCCESS == getflagsError) { - retVal = (0 != (QE_EPID_GROUP_OUT_OF_DATE & flags)); - } - SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); - - return retVal; -} - -ae_error_t PlatformInfoLogic::need_epid_provisioning(const platform_info_blob_wrapper_t* p_platform_info_blob) -{ - ae_error_t status = AESM_NEP_DONT_NEED_EPID_PROVISIONING; - if (sgx_gid_out_of_date(p_platform_info_blob) && - !qe_svn_out_of_date(p_platform_info_blob) && - !cpu_svn_out_of_date(p_platform_info_blob)) - { - status = AESM_NEP_DONT_NEED_UPDATE_PVEQE; // don't need update, but need epid provisioning - } - else if (!sgx_gid_out_of_date(p_platform_info_blob) && performance_rekey_available(p_platform_info_blob)) - { - status = AESM_NEP_PERFORMANCE_REKEY; - } - SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", status, status); - return status; -} - ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper) { @@ -116,8 +60,8 @@ ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper) sgx_ec256_signature_t signature; sgx_status_t sgx_status; - //BREAK_IF_TRUE((sizeof(publicKey) != sizeof(s_pib_pub_key_big_endian)), ae_err, AE_FAILURE); - //BREAK_IF_TRUE((sizeof(signature) != sizeof(piBlobWrapper.platform_info_blob.signature)), ae_err, AE_FAILURE); + se_static_assert(sizeof(publicKey) == sizeof(s_pib_pub_key_big_endian)); + se_static_assert(sizeof(signature) == sizeof(piBlobWrapper.platform_info_blob.signature)); // convert the public key to little endian if(0!=memcpy_s(&publicKey, sizeof(publicKey), s_pib_pub_key_big_endian, sizeof(s_pib_pub_key_big_endian))){ @@ -164,6 +108,7 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( uint32_t attestation_status, uint8_t* update_info, uint32_t update_info_size) { + AESM_DBG_TRACE("enter fun"); // // we don't do anything without platform info @@ -174,6 +119,7 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( platform_info_blob_wrapper_t pibw; + // // presence of platform info is conditional, on whether we're up to date // if we're up to date, no platform info and no need for update info @@ -200,6 +146,17 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( AESM_DBG_ERROR("pib verify signature failed"); return AESM_PLATFORM_INFO_BLOB_INVALID_SIG; } + if(pibw.platform_info_blob.xeid != AESMLogic::get_active_extended_epid_group_id()){ + return AESM_UNEXPECTED_ERROR; + } + uint32_t gid_mt_result = AESMLogic::is_gid_matching_result_in_epid_blob( pibw.platform_info_blob.gid); + if(AESMLogic::GIDMT_UNMATCHED == gid_mt_result|| + AESMLogic::GIDMT_UNEXPECTED_ERROR == gid_mt_result){ + return AESM_UNEXPECTED_ERROR; + } + else if (AESMLogic::GIDMT_NOT_AVAILABLE == gid_mt_result) { + return AESM_EPIDBLOB_ERROR; + } ae_error_t nepStatus = need_epid_provisioning(&pibw); AESM_DBG_TRACE("need_epid_provisioning return %d",nepStatus); @@ -220,7 +177,8 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( status = PvEAESMLogic::provision(perfRekey, THREAD_TIMEOUT); if (AESM_BUSY == status || //thread timeout AESM_PROXY_SETTING_ASSIST == status || //uae service need to set up proxy info and retry - AESM_UPDATE_AVAILABLE == status) //PSW need be updated + AESM_UPDATE_AVAILABLE == status || //PSW need be updated + AESM_OUT_OF_EPC == status) // out of EPC { return status;//We should return to uae serivce directly } @@ -247,7 +205,8 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( status = PvEAESMLogic::provision(perfRekey, THREAD_TIMEOUT); if (AESM_BUSY == status ||//thread timeout AESM_PROXY_SETTING_ASSIST == status ||//uae service need to set up proxy info and retry - AESM_UPDATE_AVAILABLE == status) + AESM_UPDATE_AVAILABLE == status || + AESM_OUT_OF_EPC == status) { return status;//We should return to uae serivce directly } @@ -278,68 +237,28 @@ aesm_error_t PlatformInfoLogic::report_attestation_status( memset(p_update_info, 0, sizeof(*p_update_info)); // - // here, we treat values that get reported live - cpusvn, qe.isvsvn + // here, we treat values that get reported live - cpusvn, qe.isvsvn, // in normal flow, live values reported to attestation server will be the same as current values now so // we just look at out-of-date bits corresponding to these values. // the alternative would be to compare current with latest as reported by IAS. this // isn't an option for cpusvn since what we get from IAS is equivalent cpusvn. // + + if (cpu_svn_out_of_date(&pibw)) { p_update_info->ucodeUpdate = 1; status = AESM_UPDATE_AVAILABLE; } - if (qe_svn_out_of_date(&pibw)) + if (qe_svn_out_of_date(&pibw) || + pce_svn_out_of_date(&pibw) + ) { p_update_info->pswUpdate = 1; status = AESM_UPDATE_AVAILABLE; } - } return status; } -bool PlatformInfoLogic::cpu_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) -{ - uint16_t flags = 0; - bool retVal = false; - ae_error_t getflagsError = get_sgx_tcb_evaluation_flags(p_platform_info_blob, &flags); - if (AE_SUCCESS == getflagsError) { - retVal = ( 0 !=(QUOTE_CPUSVN_OUT_OF_DATE & flags)); - } - SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); - return retVal; -} - -bool PlatformInfoLogic::qe_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob) -{ - uint16_t flags = 0; - // - // default to true since easy to update QE/PvE - // - bool retVal = true; - ae_error_t getflagsError = get_sgx_tcb_evaluation_flags(p_platform_info_blob, &flags); - if (AE_SUCCESS == getflagsError) { - retVal = ( 0 !=(QUOTE_ISVSVN_QE_OUT_OF_DATE & flags)); - } - SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); - return retVal; -} - -bool PlatformInfoLogic::performance_rekey_available(const platform_info_blob_wrapper_t* p_platform_info_blob) -{ - // - // return whether platform info blob says PR is available - // the group associated with PR that's returned corresponds to the group - // that we'll be in **after** executing PR - // - bool retVal = false; - uint8_t flags; - ae_error_t getflagsError = get_sgx_epid_group_flags(p_platform_info_blob, &flags); - if (AE_SUCCESS == getflagsError) { - retVal = static_cast(flags & PERF_REKEY_FOR_QE_EPID_GROUP_AVAILABLE); - } - SGX_DBGPRINT_ONE_STRING_TWO_INTS_CREATE_SESSION(__FUNCTION__" returning ", retVal, retVal); - return retVal; -} diff --git a/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.h b/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.h index d77a713496..7a307807f9 100644 --- a/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.h +++ b/psw/ae/aesm_service/source/aesm/extension/platform_info_logic.h @@ -46,15 +46,12 @@ public: uint8_t* platform_info, uint32_t platform_info_size, uint32_t attestation_status, uint8_t* update_info, uint32_t update_info_size); - - static ae_error_t need_epid_provisioning(const platform_info_blob_wrapper_t* p_platform_info_blob); - static bool sgx_gid_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob); static bool cpu_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob); static bool qe_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob); + static bool pce_svn_out_of_date(const platform_info_blob_wrapper_t* p_platform_info_blob); static bool performance_rekey_available(const platform_info_blob_wrapper_t* p_platform_info_blob); - private: static ae_error_t get_sgx_epid_group_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint8_t* flags); static ae_error_t get_sgx_tcb_evaluation_flags(const platform_info_blob_wrapper_t* p_platform_info_blob, uint16_t* flags); diff --git a/psw/ae/aesm_service/source/aesm/extension/type_length_value.cpp b/psw/ae/aesm_service/source/aesm/extension/type_length_value.cpp index 301026fb57..e15661787b 100644 --- a/psw/ae/aesm_service/source/aesm/extension/type_length_value.cpp +++ b/psw/ae/aesm_service/source/aesm/extension/type_length_value.cpp @@ -41,38 +41,6 @@ #include "oal/oal.h" #include -#ifdef DBG_LOG -#define CASE_ENUM_RET_STRING(x) case x: return #x; -const char *get_tlv_enum_type_t_string(uint8_t type){ - switch(type){ - CASE_ENUM_RET_STRING(TLV_CIPHER_TEXT) - CASE_ENUM_RET_STRING(TLV_BLOCK_CIPHER_TEXT) - CASE_ENUM_RET_STRING(TLV_BLOCK_CIPHER_INFO) - CASE_ENUM_RET_STRING(TLV_MESSAGE_AUTHENTICATION_CODE) - CASE_ENUM_RET_STRING(TLV_NONCE) - CASE_ENUM_RET_STRING(TLV_EPID_GID) - CASE_ENUM_RET_STRING(TLV_EPID_SIG_RL) - CASE_ENUM_RET_STRING(TLV_EPID_GROUP_CERT) - CASE_ENUM_RET_STRING(TLV_DEVICE_ID) - CASE_ENUM_RET_STRING(TLV_PS_ID) - CASE_ENUM_RET_STRING(TLV_EPID_JOIN_PROOF) - CASE_ENUM_RET_STRING(TLV_EPID_SIG) - CASE_ENUM_RET_STRING(TLV_EPID_MEMBERSHIP_CREDENTIAL) - CASE_ENUM_RET_STRING(TLV_EPID_PSVN) - CASE_ENUM_RET_STRING(TLV_QUOTE) - CASE_ENUM_RET_STRING(TLV_X509_CERT_TLV) - CASE_ENUM_RET_STRING(TLV_X509_CSR_TLV) - CASE_ENUM_RET_STRING(TLV_ES_SELECTOR) - CASE_ENUM_RET_STRING(TLV_ES_INFORMATION) - CASE_ENUM_RET_STRING(TLV_FLAGS) - CASE_ENUM_RET_STRING(TLV_QUOTE_SIG) - CASE_ENUM_RET_STRING(TLV_PEK) - CASE_ENUM_RET_STRING(TLV_SIGNATURE) - default: - return "Unknown TLV"; - } -} -#endif //Function to write tlv header into a msg according to tlv info, the input buffer size should be at least MAX_TLV_HEADER_SIZE static tlv_status_t write_tlv_header(uint8_t *msg, const tlv_info_t *info) { @@ -228,19 +196,18 @@ tlv_msg_t block_cipher_tlv_get_encrypted_text(const tlv_info_t& info) return tlv_msg; } - -fmsp_t *device_id_tlv_get_fmsp(const tlv_info_t& info) +fmsp_t *platform_info_tlv_get_fmsp(const tlv_info_t& info) { - assert(info.type == TLV_DEVICE_ID && info.size == DEVICE_ID_TLV_PAYLOAD_SIZE()); + assert(info.type == TLV_PLATFORM_INFO && info.size == PLATFORM_INFO_TLV_PAYLOAD_SIZE()); assert(info.payload!=NULL); - return reinterpret_cast(info.payload+sizeof(psvn_t)+sizeof(ppid_t)); + return reinterpret_cast(info.payload+sizeof(psvn_t)+sizeof(sgx_isv_svn_t)+sizeof(CUR_PCE_ID)); } -psvn_t *device_id_tlv_get_psvn(const tlv_info_t& info) +psvn_t *platform_info_tlv_get_psvn(const tlv_info_t& info) { - assert(info.type == TLV_DEVICE_ID && info.size == DEVICE_ID_TLV_PAYLOAD_SIZE()); + assert(info.type == TLV_PLATFORM_INFO && info.size == PLATFORM_INFO_TLV_PAYLOAD_SIZE()); assert(info.payload!=NULL); - return reinterpret_cast(info.payload+sizeof(ppid_t)); + return reinterpret_cast(info.payload); } @@ -272,7 +239,7 @@ tlv_status_t TLVsMsg::init_from_tlv_msg(const tlv_msg_t& tlv_msg) #ifdef DBG_LOG char dbg_str[256]; aesm_dbg_format_hex(new_info->payload, new_info->size, dbg_str, 256); - AESM_DBG_TRACE("Decode One TLV: type %s, size %u, version %d, payload:%s",get_tlv_enum_type_t_string(new_info->type), new_info->size, (int)new_info->version,dbg_str); + AESM_DBG_TRACE("Decode One TLV: type (tlv %d), size %u, version %d, payload:%s",new_info->type, new_info->size, (int)new_info->version,dbg_str); #endif }else{ return TLV_INVALID_MSG_ERROR; @@ -327,7 +294,7 @@ tlv_status_t TLVsMsg::alloc_more_buffer(uint32_t new_size, tlv_msg_t& new_buf) {\ char dbg_str[256]; \ aesm_dbg_format_hex(new_info->payload, new_info->size, dbg_str, 256);\ - AESM_DBG_INFO("create TLV: type %s, size %u, version %d, payload %s", get_tlv_enum_type_t_string(new_info->type), new_info->size, (int)new_info->version, dbg_str);\ + AESM_DBG_INFO("create TLV: type (tlv %d), size %u, version %d, payload %s", new_info->type, new_info->size, (int)new_info->version, dbg_str);\ } #else #define ADD_TLV_DBG_INFO @@ -516,7 +483,6 @@ tlv_status_t TLVsMsg::add_quote_signature(const uint8_t *quote_signature, uint32 return TLV_SUCCESS; } - tlv_status_t TLVsMsg::add_es_selector(uint8_t protocol, uint8_t selector_id) { uint8_t buf[2]; @@ -524,3 +490,52 @@ tlv_status_t TLVsMsg::add_es_selector(uint8_t protocol, uint8_t selector_id) buf[1]=selector_id; ADD_TLV_BY_DATA_SIZE(TLV_ES_SELECTOR, buf, static_cast(2*sizeof(uint8_t))) } + +tlv_status_t TLVsMsg::add_psid(const psid_t *psid) +{ + ADD_TLV_BY_DATA_SIZE(TLV_PS_ID, psid, sizeof(psid_t)) +} + +tlv_status_t TLVsMsg::add_platform_info(const bk_platform_info_t& pi) +{ + ADD_TLV_BY_DATA_SIZE(TLV_PLATFORM_INFO, &pi, sizeof(pi)) +} + +tlv_status_t TLVsMsg::add_flags(const flags_t *flags) +{ + ADD_TLV_BY_DATA_SIZE(TLV_FLAGS, flags, sizeof(flags_t)) +} + +tlv_status_t TLVsMsg::add_pce_report_sign(const sgx_report_body_t& report, const uint8_t ecdsa_sign[64]) +{ + tlv_info_t one_info; + one_info.header_size = LARGE_TLV_HEADER_SIZE; + one_info.payload = NULL; + one_info.size = sizeof(report)+64; + one_info.type = TLV_SE_REPORT; + one_info.version = TLV_VERSION_1; + uint32_t size = ::calc_one_tlv_size(one_info); + tlv_msg_t new_buf; + tlv_info_t *new_info = NULL; + tlv_status_t ret = alloc_more_buffer(size, new_buf); + if(ret!=TLV_SUCCESS){ + return ret; + } + ret = create_new_info(new_info); + if(ret != TLV_SUCCESS) + return ret; + if((ret=::tlv_msg_init_one_tlv(&one_info, new_buf))!=TLV_SUCCESS){ + return ret; + } + if(memcpy_s(one_info.payload, one_info.size, &report, sizeof(report))!=0){ + return (TLV_UNKNOWN_ERROR); + } + if(memcpy_s(one_info.payload+sizeof(report), one_info.size-sizeof(report), ecdsa_sign, 64)!=0){ + return (TLV_UNKNOWN_ERROR); + } + if(memcpy_s(new_info, sizeof(*new_info), &one_info, sizeof(one_info))!=0) + return TLV_UNKNOWN_ERROR; + ADD_TLV_DBG_INFO + return TLV_SUCCESS; +} + diff --git a/psw/ae/aesm_service/source/aesm/extension/type_length_value.h b/psw/ae/aesm_service/source/aesm/extension/type_length_value.h index 047538148b..f63c12774a 100644 --- a/psw/ae/aesm_service/source/aesm/extension/type_length_value.h +++ b/psw/ae/aesm_service/source/aesm/extension/type_length_value.h @@ -29,13 +29,15 @@ * */ - /** * File: type_length_value.h * Description: Header file for data structure and macro definition of the TLV, the type length value encoding format of Provision Message * - * Unaligned data will be used and for TLV, no data structure but some macros are used to extract information from TLV (due to var size of some fields) + * Unaligned data will be used and for TLV, no data structure but some macros to extract information from TLV(due to var size of some fields) * A tlv_info_t structure is defined for decoded TLV header information + * special macro to begin with upper case letter and end with lower case letter to indicate it will extract one field from the msg, such as + * EPID_GID_TLV_gid + * to extract the gid field from and EPID_GID_TLV * *To encoding TLV: * i) declare array of tlv_info_t and filling type/version/size of each TLV @@ -43,20 +45,23 @@ * iii) prepare the output buffer in tlv_msg_t (set both msg_buf and msg_size) * iv) call tlv_msg_init to initialize tlv headers of all sub-tlv * v) use function like cipher_text_tlv_get_encrypted_text(...) to get pointer to each payload component - * vi) copy corresponding data into each payload + * vi) copy correspondent data into each payload *To decoding TLV: * i) initialize tlv_msg_t to input buffer (msg_buf and msg_size) * ii) call read_tlv_info to get correpondent tlv_info_t array * iii) use function like cipher_text_tlv_get_encrypted_text(...) to get pointer to each payload component * or access size field of tlv_info_t directly to get size of payload - *Usually, there're multiple level of TLVs. + *Usually, there're multiple level of TLVs. To save memory which is critical inside enclave + * we need reuse the memory buffer for all levels of TLV. * So in encoding TLV, we need * go through step i) and ii) from inner-most level TLV to out-most level of TLV to define - * tlv_info_t of all level of TLVs and get msg size for them + * tlv_info_t of all level of TLVs and get msg size for them * Usually, the tlv_info_t of outer level is dependent on size of inner level * After that, we could prepare the output buffer which is step iii) according to size of outmost level TLVs * call tlv_msg_init to initialize TLV headers and get start address of payload (where inner TLV will share the memory) * from outmost level to innermost level which is step iv) and v) + * Now we could copy-in correpondent data from innermost level to outermost level and do correpondent encryption if required + * inplace encryption function provided so that no new memory required * In decoding TLV, it is simpler, just decode from outmost-level to innermost-level and do decryption if required */ @@ -70,15 +75,16 @@ #include "oal/oal.h" #include "tlv_common.h" #include "se_sig_rl.h" -#include "se_wrapper.h" +#include "pce_cert.h" +#include "sgx_report.h" -#define FOUR_BYTES_SIZE_TYPE 128 /*mask used in type of TLV to indicate that 'size' field uses 4 bytes*/ +#define FOUR_BYTES_SIZE_TYPE 128 /*mask used in type of TLV to indicate that 'size' field uses 4 bytes*/ #ifndef UINT16_MAX -#define UINT16_MAX 0xFFFF +#define UINT16_MAX 0xFFFF #endif #ifndef UINT32_MAX -#define UINT32_MAX 0xFFFFFFFFU +#define UINT32_MAX 0xFFFFFFFFU #endif #define IS_FOUR_BYTES_SIZE_TYPE(x) (((x)&FOUR_BYTES_SIZE_TYPE)!=0) @@ -90,28 +96,30 @@ typedef enum _tlv_status_t { TLV_INVALID_PARAMETER_ERROR, TLV_INVALID_MSG_ERROR, TLV_UNKNOWN_ERROR, - TLV_MORE_TLVS, /*There're more TLVs in the encoded buffer than user's expectation*/ - TLV_INSUFFICIENT_MEMORY, /*There'ld be more data in the TLV buffer according to the partially decoded data*/ - TLV_INVALID_FORMAT, /*Invalid data format in the TLV buffer to be decoded*/ - TLV_UNSUPPORTED /*the feature has not been supported such as version is later than supported version*/ + TLV_MORE_TLVS, /*There're more TLVs in the encoded buffer than user's expectation*/ + TLV_INSUFFICIENT_MEMORY, /*There'ld be more data in the TLV buffer according to the partially decoded data*/ + TLV_INVALID_FORMAT, /*Invalid data format in the TLV buffer to be decoded*/ + TLV_UNSUPPORTED /*the feature has not been supported such as version is later than supported version*/ }tlv_status_t; /*usually, we could initialize header_size by UNKOWN_TLV_HEADER_SIZE - *but sometimes, we could initialize it by LARGE_TLV_HEADER_SIZE if we want to always use 4 bytes for size even though it is small such as in EPIDSignature TLV*/ -#define UNKNOWN_TLV_HEADER_SIZE 0 -#define TLV_HEADER_SIZE_OFFSET 2 -#define SMALL_TLV_HEADER_SIZE 4 -#define LARGE_TLV_HEADER_SIZE 6 -#define MAX_TLV_HEADER_SIZE 6 /*an upper bound for TLV header size*/ -#define SHORT_TLV_MAX_SIZE UINT16_MAX + * but sometimes, we could initialize it by LARGE_TLV_HEADER_SIZE if we want to always use 4 bytes for size even though it is small such as in EPIDSignature TLV + */ +#define UNKNOWN_TLV_HEADER_SIZE 0 +#define TLV_HEADER_SIZE_OFFSET 2 +#define SMALL_TLV_HEADER_SIZE 4 +#define LARGE_TLV_HEADER_SIZE 6 +#define MAX_TLV_HEADER_SIZE 6 /*an upper bound for TLV header size*/ +#define SHORT_TLV_MAX_SIZE UINT16_MAX /*It defines a TLV information - *All those information is encoded inside a TLV but not in this structure*/ + *All those information is encoded inside a TLV but not in this structure + */ typedef struct _tlv_info_t{ - uint8_t type; /*type of tlv must be between 0 and 127 before encoding*/ - uint8_t version; - uint16_t header_size; /*header_size used to easy query begin and end address of TLV*/ - uint32_t size; /* 2 or 4 bytes size after encoding but always 4 bytes in this structure*/ - uint8_t *payload; /*pointer to payload of the TLV*/ + uint8_t type; /*type of tlv must be between 0 and 127 before encoding*/ + uint8_t version; + uint16_t header_size; /*header_size used to easy query begin and end address of TLV*/ + uint32_t size; /*2 or 4 bytes size after encoding but always 4 bytes in this structure*/ + uint8_t *payload; /*pointer to payload of the TLV*/ }tlv_info_t; typedef struct _tlv_msg_t{ @@ -119,10 +127,10 @@ typedef struct _tlv_msg_t{ uint32_t msg_size; }tlv_msg_t; -#define SIGRL_CERT_PREFIX_SIZE (sizeof(se_sig_rl_t)-sizeof(SigRL)) /*size for version and type*/ -#define SIGRL_CERT_HEADER_SIZE (sizeof(se_sig_rl_t)-sizeof(SigRLEntry)) -#define SIGRL_CERT_SIZE(sigrl_count) (sizeof(se_sig_rl_t)+((sigrl_count)-1)*sizeof(SigRLEntry)+2*SE_ECDSA_SIGN_SIZE) -#define EPID_SIGNATURE_HEADER_SIZE (sizeof(EPIDSignature)-sizeof(NRProof)) +#define SIGRL_CERT_PREFIX_SIZE (sizeof(se_sig_rl_t)-sizeof(SigRL)) /*size for version and type*/ +#define SIGRL_CERT_HEADER_SIZE (sizeof(se_sig_rl_t)-sizeof(SigRLEntry)) +#define SIGRL_CERT_SIZE(sigrl_count) (sizeof(se_sig_rl_t)+((sigrl_count)-1)*sizeof(SigRLEntry)+2*SE_ECDSA_SIGN_SIZE) +#define EPID_SIGNATURE_HEADER_SIZE (sizeof(EPIDSignature)-sizeof(NRProof)) #define EPID_SIGNATURE_SIZE(sign_count) (sizeof(EPIDSignature)+((sign_count)-1)*sizeof(NRProof)) @@ -140,13 +148,13 @@ tlv_status_t read_tlv_infos(const tlv_msg_t& msg, uint32_t *tlvs_count, tlv_info /*Function to return the header size in encoded TLV buffer*/ uint32_t get_tlv_header_size(const tlv_info_t *info); -/*Function to return the estimated upper bound of length of TLV in bytes given length in bytes of payload. +/*Function to return the estimated upper bound of length of TLV in bytes given length in bytes of payload. * Currently, it returns the exact value for TLV encoding, it should not be used for TLV decoding *return 0 if there's any error */ inline static uint32_t get_tlv_total_size(size_t payload_size) { - if(payload_size>UINT16_MAX){/*6 bytes TLV header*/ + if(payload_size>UINT16_MAX){ /*6 bytes TLV header*/ if(payload_size>UINT32_MAX-LARGE_TLV_HEADER_SIZE)/*overflow of uint32_t, return 0 to indicate error*/ return 0; return static_cast(payload_size+LARGE_TLV_HEADER_SIZE); @@ -157,7 +165,8 @@ inline static uint32_t get_tlv_total_size(size_t payload_size) /*Function to return number in bytes of a msg with some encoded TLVs - *tlvs_count gives number of TLVs in the msg and infos[i] gives info of the i'th TLV*/ + *tlvs_count gives number of TLVs in the msg and infos[i] gives info of the i'th TLV + */ uint32_t get_tlv_msg_size(uint32_t tlvs_count, const tlv_info_t infos[]); /*Function to initialize a msg of some encoded TLVs @@ -180,15 +189,16 @@ tlv_status_t tlv_msg_init(uint32_t tlvs_count, tlv_info_t infos[], const tlv_msg */ uint32_t tlv_msg_init_one_header(uint8_t msg[MAX_TLV_HEADER_SIZE], tlv_info_t& info); -/*Macro used to crack tlv structure, the pointer type of payload must be uint8_t * +/*Macro used to crach tlv structure, the pointer type of payload must be uint8_t * *The alignment of all types used inside payload should be 1 (which means no alignment) - *cipher text TLV*/ + *cipher text TLV + */ #define CIPHER_TEXT_TLV_PAYLOAD_SIZE(text_size) ((text_size)+1) /*size of payload*/ #define CIPHER_TEXT_TLV_SIZE(text_size) get_tlv_total_size(CIPHER_TEXT_TLV_PAYLOAD_SIZE(text_size)) /*size of TLV*/ -uint8_t *cipher_text_tlv_get_key_id(const tlv_info_t& info); /*given tlv_info_t, return pointer to key_id*/ -tlv_msg_t cipher_text_tlv_get_encrypted_text(const tlv_info_t& info); /*given tlv_info_t return tlv_msg for encrypted text so that we could restart decode*/ +uint8_t *cipher_text_tlv_get_key_id(const tlv_info_t& info); /*given tlv_info_t, return pointer to key_id*/ +tlv_msg_t cipher_text_tlv_get_encrypted_text(const tlv_info_t& info); /*given tlv_info_t return tlv_msg for encrypted text so that we could restart decode*/ /*block cipher text TLV*/ -#define BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(text_size) ((text_size)+IV_SIZE) /*size of payload*/ +#define BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(text_size) ((text_size)+IV_SIZE) /*size of payload*/ #define BLOCK_CIPHER_TEXT_TLV_SIZE(text_size) get_tlv_total_size(BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(text_size)) /*size of TLV*/ struct _tlv_iv_t;/*an incomplete type for iv only*/ typedef struct _tlv_iv_t tlv_iv_t; @@ -240,8 +250,24 @@ psvn_t *epid_sigrl_psvn_tlv_get_psvn(const tlv_info_t& info); #define DEVICE_ID_TLV_PAYLOAD_SIZE() (sizeof(ppid_t)+sizeof(fmsp_t)+sizeof(psvn_t)) #define DEVICE_ID_TLV_SIZE() get_tlv_total_size(DEVICE_ID_TLV_PAYLOAD_SIZE()) ppid_t *device_id_tlv_get_ppid(const tlv_info_t& info); -fmsp_t *device_id_tlv_get_fmsp(const tlv_info_t& info); -psvn_t *device_id_tlv_get_psvn(const tlv_info_t& info); + +/*PPID TLV*/ +#define PPID_TLV_PAYLOAD_SIZE() (sizeof(ppid_t)) +#define PPID_TLV_SIZE() get_tlv_total_size(PPID_TLV_PAYLOAD_SIZE()) + +/*PWK2 TLV*/ +#define PWK2_TLV_PAYLOAD_SIZE() (SK_SIZE) +#define PWK2_TLV_SIZE() get_tlv_total_size(PWK2_TLV_PAYLOAD_SIZE()) + +/*PlatfromInfo TLV*/ +#define PLATFORM_INFO_TLV_PAYLOAD_SIZE() (sizeof(bk_platform_info_t)) +#define PLATFORM_INFO_TLV_SIZE() get_tlv_total_size(PLATFORM_INFO_TLV_PAYLOAD_SIZE()) +fmsp_t *platform_info_tlv_get_fmsp(const tlv_info_t& info); +psvn_t *platform_info_tlv_get_psvn(const tlv_info_t& info); + +/*SE_REPORT_TLV*/ +#define SE_REPORT_TLV_PAYLOAD_SIZE() (sizeof(sgx_report_body_t)+2*ECDSA_SIGN_SIZE) +#define SE_REPORT_TLV_SIZE() (LARGE_TLV_HEADER_SIZE+SE_REPORT_TLV_PAYLOAD_SIZE()) /*PSID TLV*/ #define PSID_TLV_PAYLOAD_SIZE() (sizeof(psid_t)) @@ -257,7 +283,7 @@ psid_t *psid_tlv_get_psid(const tlv_info_t& info); #define EPID_SIGNATURE_TLV_SIZE(sign_count) (LARGE_TLV_HEADER_SIZE+EPID_SIGNATURE_TLV_PAYLOAD_SIZE(sign_count)) /*always use large header size for Signature TLV*/ /*EPID Membership Credential TLV*/ -#define MEMBERSHIP_CREDENTIAL_TLV_PAYLOAD_SIZE() (sizeof(membertship_credential_with_escrow_t)) +#define MEMBERSHIP_CREDENTIAL_TLV_PAYLOAD_SIZE() (sizeof(membership_credential_with_escrow_t)) #define MEMBERSHIP_CREDENTIAL_TLV_SIZE() get_tlv_total_size(MEMBERSHIP_CREDENTIAL_TLV_PAYLOAD_SIZE()) PElemStr *membership_credential_tlv_get_x(const tlv_info_t& info); G1ElemStr *membership_credential_tlv_get_A(const tlv_info_t& info); @@ -271,6 +297,12 @@ G1ElemStr *membership_credential_tlv_get_A(const tlv_info_t& info); uint8_t *es_selector_tlv_get_es_type(const tlv_info_t& info); uint8_t *es_selector_tlv_get_selector_id(const tlv_info_t& info); +#define PCE_CERT_TLV_PAYLOAD_SIZE() sizeof(pce_tcb_cert_t) +#define PCE_CERT_TLV_SIZE() get_tlv_total_size(PCE_CERT_TLV_PAYLOAD_SIZE()) + +#define PCE_SIGNATURE_TLV_PAYLOAD_SIZE() (2*SE_ECDSA_SIGN_SIZE+sizeof(sgx_report_t)) +#define PCE_SIGNATURE_TLV_SIZE() get_tlv_total_size(PCE_SIGNATURE_TLV_PAYLOAD_SIZE()) + class TLVsMsg{ uint32_t num_infos; tlv_info_t* infos; @@ -294,10 +326,7 @@ protected: if(p==NULL){ return TLV_OUT_OF_MEMORY_ERROR; } - if(0!=memcpy_s(p, sizeof(tlv_info_t)*(num_infos+1), infos, sizeof(tlv_info_t)*num_infos)){ - free(p); - return TLV_UNKNOWN_ERROR; - } + memcpy(p, infos, sizeof(tlv_info_t)*num_infos); free(infos); infos = p; new_info = infos + (num_infos); @@ -335,6 +364,10 @@ public: tlv_status_t add_mac(const uint8_t mac[MAC_SIZE]); tlv_status_t add_nonce(const uint8_t *nonce, uint32_t nonce_size); tlv_status_t add_epid_gid(const GroupID& gid); + tlv_status_t add_platform_info(const bk_platform_info_t& pi); + tlv_status_t add_pce_report_sign(const sgx_report_body_t& report, const uint8_t ecdsa_sign[64]); + tlv_status_t add_psid(const psid_t *psid); + tlv_status_t add_flags(const flags_t *flags); tlv_status_t add_es_selector(uint8_t protocol, uint8_t selector_id); tlv_status_t add_quote(const uint8_t *quote_data, uint32_t quote_size); tlv_status_t add_quote_signature(const uint8_t *quote_signature, uint32_t sign_size); diff --git a/psw/ae/aesm_service/source/aesm_wrapper/inc/AESMLogicWrapper.h b/psw/ae/aesm_service/source/aesm_wrapper/inc/AESMLogicWrapper.h index 1b3ec418ab..e0b8d5bc55 100644 --- a/psw/ae/aesm_service/source/aesm_wrapper/inc/AESMLogicWrapper.h +++ b/psw/ae/aesm_service/source/aesm_wrapper/inc/AESMLogicWrapper.h @@ -90,6 +90,10 @@ class AESMLogicWrapper :public IAESMLogic { virtual aesm_error_t reportAttestationStatus(uint8_t* platform_info, uint32_t platform_info_size, uint32_t attestation_error_code, uint8_t* update_info, uint32_t update_info_size); + virtual aesm_error_t getWhiteListSize(uint32_t* white_list_size); + virtual aesm_error_t getWhiteList(uint8_t* white_list, uint32_t mWhiteListSize); + virtual aesm_error_t sgxGetExtendedEpidGroupId(uint32_t* x_group_id); + virtual aesm_error_t sgxSwitchExtendedEpidGroup(uint32_t x_group_id); private: AESMLogicWrapper& operator=(const AESMLogicWrapper&); diff --git a/psw/ae/aesm_service/source/aesm_wrapper/src/AESMLogicWrapper.cpp b/psw/ae/aesm_service/source/aesm_wrapper/src/AESMLogicWrapper.cpp index 9ff970e0e7..1e3c8fdb3b 100644 --- a/psw/ae/aesm_service/source/aesm_wrapper/src/AESMLogicWrapper.cpp +++ b/psw/ae/aesm_service/source/aesm_wrapper/src/AESMLogicWrapper.cpp @@ -139,6 +139,27 @@ aesm_error_t AESMLogicWrapper::reportAttestationStatus(uint8_t* platform_info, u update_info, update_info_size); } +aesm_error_t AESMLogicWrapper::getWhiteListSize(uint32_t* white_list_size) +{ + return AESMLogic::get_white_list_size(white_list_size); +} + +aesm_error_t AESMLogicWrapper::getWhiteList(uint8_t *white_list, + uint32_t white_list_size) +{ + return AESMLogic::get_white_list(white_list, white_list_size); +} + +aesm_error_t AESMLogicWrapper::sgxGetExtendedEpidGroupId(uint32_t* x_group_id) +{ + return AESMLogic::get_extended_epid_group_id(x_group_id); +} + +aesm_error_t AESMLogicWrapper::sgxSwitchExtendedEpidGroup(uint32_t x_group_id) +{ + return AESMLogic::switch_extended_epid_group(x_group_id); +} + void AESMLogicWrapper::service_stop() { AESMLogic::service_stop(); diff --git a/psw/ae/aesm_service/source/epid_provision/epid_endpoint_selection.cpp b/psw/ae/aesm_service/source/epid_provision/epid_endpoint_selection.cpp index 26f1beedb5..2c2c5ae9b4 100644 --- a/psw/ae/aesm_service/source/epid_provision/epid_endpoint_selection.cpp +++ b/psw/ae/aesm_service/source/epid_provision/epid_endpoint_selection.cpp @@ -57,7 +57,7 @@ static ae_error_t prov_es_gen_header(provision_request_header_t *es_header, return PVE_UNEXPECTED_ERROR; } uint32_t size_in; - size_in = _htonl(total_size);//big endian size required in msg header + size_in = _htonl(total_size);//use as a tmp size, big endian required in msg header if(0!=memcpy_s(&es_header->size,sizeof(es_header->size), &size_in, sizeof(size_in))){ AESM_DBG_FATAL("memcpy error"); return PVE_UNEXPECTED_ERROR; @@ -82,7 +82,7 @@ uint32_t CPVEClass::gen_es_msg1( ret = prov_es_gen_header(es_header, es_output.xid, msg_size); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to generate Endpoint Selection Msg1 Header:%d",ret); + AESM_DBG_ERROR("Fail to generate Endpoint Selection Msg1 Header:(ae%d)",ret); return ret; } @@ -91,7 +91,7 @@ uint32_t CPVEClass::gen_es_msg1( tlv_status_t tlv_status = tlvs_msg.add_es_selector(SE_EPID_PROVISIONING, es_output.selector_id); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("fail to create ES Selector TLV:%d",ret); + AESM_DBG_ERROR("fail to create ES Selector TLV:(ae%d)",ret); return ret; } assert(tlvs_msg.get_tlv_msg_size()<=msg_size - PROVISION_REQUEST_HEADER_SIZE); //The checking should have been done in prov_es_gen_header @@ -133,7 +133,7 @@ uint32_t CPVEClass::proc_es_msg2( } ae_ret = check_endpoint_pg_stauts(resp_header); if(AE_SUCCESS != ae_ret){ - AESM_DBG_ERROR("Backend report error in ES Msg2 Header:%d",ae_ret); + AESM_DBG_ERROR("Backend report error in ES Msg2 Header:(ae%d)",ae_ret); goto final_point; } if(0!=memcmp(xid, resp_header->xid, XID_SIZE)){ @@ -150,7 +150,7 @@ uint32_t CPVEClass::proc_es_msg2( tlv_status = tlvs_msg.init_from_buffer(resp_body, msg_size - static_cast(PROVISION_RESPONSE_HEADER_SIZE)); ae_ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ae_ret){ - AESM_DBG_ERROR("Fail to decode ES Msg2:%d",ae_ret); + AESM_DBG_ERROR("Fail to decode ES Msg2:(ae%d)",ae_ret); goto final_point; } if(tlvs_msg.get_tlv_count() != ES_MSG2_FIELD_COUNT){//three TLVs @@ -173,7 +173,7 @@ uint32_t CPVEClass::proc_es_msg2( tlvs_msg[1].header_size!=SMALL_TLV_HEADER_SIZE||tlvs_msg[1].size != PVE_RSA_KEY_BYTES+1 || tlvs_msg[1].payload[0] != PEK_PRIV){ ae_ret = PVE_MSG_ERROR; - AESM_DBG_ERROR("Invalid Signature TLV: type %d, version %d, size %d while expected value is %d, %d, %d", + AESM_DBG_ERROR("Invalid Signature TLV: type (tlv%d), version %d, size %d while expected value is (tlv%d,) %d, %d", tlvs_msg[1].type, tlvs_msg[1].version, tlvs_msg[1].size, TLV_SIGNATURE, TLV_VERSION_1, PVE_RSA_KEY_BYTES); goto final_point; @@ -181,7 +181,7 @@ uint32_t CPVEClass::proc_es_msg2( if(tlvs_msg[2].type != TLV_PEK || tlvs_msg[2].version != TLV_VERSION_1 || tlvs_msg[2].header_size!=SMALL_TLV_HEADER_SIZE||tlvs_msg[2].size != sizeof(signed_pek_t)){ ae_ret = PVE_MSG_ERROR; - AESM_DBG_ERROR("Invalid PEK TLV: type %d, version %d, size %d while expected value is %d, %d, %d", + AESM_DBG_ERROR("Invalid PEK TLV: type (tlv%d), version %d, size %d while expected value is (tlv%d), %d, %d", tlvs_msg[2].type, tlvs_msg[2].version, tlvs_msg[2].size, TLV_PEK, TLV_VERSION_1, sizeof(signed_pek_t)); goto final_point; diff --git a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg1.cpp b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg1.cpp index ac0b03bd62..5a0015d252 100644 --- a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg1.cpp +++ b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg1.cpp @@ -31,129 +31,360 @@ #include "type_length_value.h" -#include "sgx_tcrypto_internal.h" #include "epid_utility.h" #include "oal/oal.h" #include "aeerror.h" #include "PVEClass.h" -#include "se_wrapper.h" +#include "PCEClass.h" +#include "aesm_rand.h" +#include "epid_pve_type.h" +#include "ipp_wrapper.h" /** - * File: epid_provision_msg1.cpp + * File: epid_provision_msg1.cpp * Description: Provide the untrusted implementation of code to generate ProvMsg1 - */ + */ -//For each ProvMsg, the first field is msg header (which including XID) +//For each ProvMsg,the first field is msg header (which including XID) //But in the code here, XID is not counted as a TLV field(since it is part of msg header) -// and the index of TLV field is started from 0. +//and the index of TLV field is started from 0. //Msg1 Top TLVs: TLV_CIPHER_TEXT(rsa_oaep_result),E+MAC(encrypted_and_mac_data) -#define MSG1_TOP_FIELDS_COUNT 3 -#define MSG1_TOP_FIELD_RSA_OAEP_DATA msg1_fields[0] -#define MSG1_TOP_FIELD_GCM_DATA msg1_fields[1] -#define MSG1_TOP_FIELD_GCM_MAC msg1_fields[2] +//#define MSG1_TOP_FIELDS_COUNT 3 +//#define MSG1_TOP_FIELD_RSA_OAEP_DATA msg1_fields[0] +//#define MSG1_TOP_FIELD_GCM_DATA msg1_fields[1] +//#define MSG1_TOP_FIELD_GCM_MAC msg1_fields[2] + +//Function to transform the RSA public key(big endian) into ipp format, the function is defined in pve_pub_key.cpp +//the key is from Provision Server which is used for rsa-oaep in ProvMsg1 +//free_rsa_key should be called to release the memory on successfully returned rsa_pub_key +//return PVEC_SUCCESS on success +IppStatus get_provision_server_rsa_pub_key_in_ipp_format(const signed_pek_t& pek, IppsRSAPublicKeyState **rsa_pub_key); - -//Function to initialize TLV Header for ProvMsg1 and check whether input buffer for ProvMsg1 is large enough -//field1_data_size[in]: size of field1_data which varies according to whether performance rekey used. -//msg1_buffer_size[in]: size of buffer used to hold generated ProvMsg1, it is used by the function to verify whether size of buffer is large enough -//xid[in]: Transaction ID used in protocol -//msg1_header[out]: request header for ProvMsg1 to fill in +//Function to initialize reqeust header for ProvMsg1 +//msg1_header: request header for ProvMsg1 to fill in +//use_flags: whether the flag tlv is included +//xid: transaction ID +//msg1_buffer_size: buffer size for ProvMsg1, in bytes static ae_error_t prov_msg1_gen_header(provision_request_header_t *msg1_header, - uint32_t field1_data_size, + bool use_flags, const uint8_t *xid, uint32_t msg1_buffer_size) { uint32_t total_size = 0; + //platform info tlv size + uint32_t field1_data_size = PLATFORM_INFO_TLV_SIZE(); + field1_data_size += CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES); + //add flag tlv if needed + if(use_flags){ + field1_data_size += FLAGS_TLV_SIZE(); + } if(sizeof(*msg1_header)>msg1_buffer_size){ AESM_DBG_ERROR("Too small ProvMsg1 buffer size"); return PVE_INSUFFICIENT_MEMORY_ERROR; } total_size = CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES) + BLOCK_CIPHER_TEXT_TLV_SIZE(field1_data_size) +MAC_TLV_SIZE(MAC_SIZE); - //initialize field in Msg1 Header + //initialize Msg1 Header msg1_header->protocol = SE_EPID_PROVISIONING; msg1_header->type = TYPE_PROV_MSG1; - msg1_header->version = TLV_VERSION_1; + msg1_header->version = TLV_VERSION_2; if(0!=memcpy_s(msg1_header->xid, XID_SIZE, xid, XID_SIZE)){ - AESM_DBG_FATAL("fail in memcpy"); + AESM_DBG_FATAL("fail in memcpy_s"); return PVE_UNEXPECTED_ERROR; } uint32_t size_in; - size_in = _htonl(total_size);//big endian size required in msg header + //use as a tmp size, big endian required in msg header + size_in = _htonl(total_size); + //copy big endian msg body size into header if(0!=memcpy_s(&msg1_header->size, sizeof(msg1_header->size),&size_in, sizeof(size_in))){ - AESM_DBG_FATAL("fail in memcpy"); + AESM_DBG_FATAL("fail in memcpy_s"); return PVE_UNEXPECTED_ERROR; } - if(total_size +sizeof(*msg1_header) >msg1_buffer_size){//the input msg body size is not large enough + if(total_size +sizeof(*msg1_header) >msg1_buffer_size){ + //the input msg body size is not large enough AESM_DBG_ERROR("Too small ProvMsg1 buffer size"); return PVE_INSUFFICIENT_MEMORY_ERROR; } return AE_SUCCESS; } -//Function to generate ProvMsg1 -//Input psvn could be NULL to use the current psvn, or input the previous_psvn from preivous ProvMsg2 -//The function will generate a random transaction id which is used by msg header of msg1 +//This function will do the rsa oaep encrypt with input src[0:src_len] and put the output to buffer dst +//The function will assume that buffer src_len is no more than PVE_RSAOAEP_ENCRYPT_MAXLEN and the buffer size is at least PVE_RSA_KEY_BITS +static ae_error_t aesm_rsa_oaep_encrypt(const uint8_t *src, uint32_t src_len, const IppsRSAPublicKeyState *rsa, uint8_t dst[PVE_RSA_KEY_BYTES]) +{ + const int hashsize = SHA_SIZE_BIT; + Ipp8u seeds[hashsize]; + IppStatus status = ippStsNoErr; + ae_error_t ret = AE_SUCCESS; + uint8_t* pub_key_buffer = NULL; + int pub_key_size; + + ret = aesm_read_rand(seeds, hashsize); + if(AE_SUCCESS!=ret){ + goto ret_point; + } + + if((status = ippsRSA_GetBufferSizePublicKey(&pub_key_size, rsa)) != ippStsNoErr) + { + ret = AE_FAILURE; + goto ret_point; + } + + //allocate temporary buffer + pub_key_buffer = (uint8_t*)malloc(pub_key_size); + if(pub_key_buffer == NULL) + { + ret = AE_OUT_OF_MEMORY_ERROR; + goto ret_point; + } + + if((status = ippsRSA_OAEPEncrypt_SHA256(src, src_len, + NULL, 0, seeds, + dst, rsa, pub_key_buffer)) != ippStsNoErr) + { + ret = AE_FAILURE; + goto ret_point; + } + +ret_point: + if(pub_key_buffer) + free(pub_key_buffer); + return ret; +} + + +//generate ProvMsg1 +//The function will generate a random transaction id which is used by msg header of msg1 and saved in global memory too //The function return AE_SUCCESS on success and other to indicate error -//Format of ProvMsg1: RSA-OAEP(SK,PSID),E+MAC(DeviceID[:Flags]) -//@psvn: the input psvn or NULL -//@pek: the input PEK got from endpoint selection -//@performance_rekey_used: true for performance rekey and false for first provisioning, backup retrieval or TCB upgrade +//@pve_data: global structure used to store pve relative data //@msg1: buffer to receive ProvMsg1 (including both header and body) -//@msg1_size: size of buffer for generating ProvMsg1 +//@msg1_size: size of buffer msg1 //@return AE_SUCCESS on success -uint32_t CPVEClass::gen_prov_msg1(const psvn_t *psvn, - const signed_pek_t& pek, - bool performance_rekey_used, - uint8_t *msg1, - uint32_t msg1_size) + + uint32_t CPVEClass::gen_prov_msg1( + pve_data_t &pve_data, + uint8_t *msg1, + uint32_t msg1_size) { uint32_t ret = AE_SUCCESS; - prov_msg1_output_t msg1_output; - //ProvMsg1 header will be in the beginning part of the output msg + uint16_t pce_id = 0; + uint16_t pce_isv_svn = 0; + sgx_report_t pek_report; + uint8_t *field2 = NULL; + uint8_t field2_iv[IV_SIZE]; + uint8_t field2_mac[MAC_SIZE]; + uint8_t encrypted_pcid[PVE_RSA_KEY_BYTES]; + //msg1 header will be in the beginning part of the output msg provision_request_header_t *msg1_header = reinterpret_cast(msg1); - memset(&msg1_output, 0, sizeof(msg1_output)); + memset(&pek_report, 0, sizeof(pek_report)); + sgx_target_info_t pce_target_info; + sgx_status_t sgx_status; - ret = gen_prov_msg1_data(psvn, &pek, performance_rekey_used, &msg1_output); - if(AE_SUCCESS !=ret ){ - AESM_DBG_ERROR("Gen ProvMsg1 in trusted code failed:%d",ret); + //Load PCE Enclave required + ret = CPCEClass::instance().load_enclave(); + if(ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PCE enclave:( ae%d)\n",ret); + return ret; + } + ret = CPCEClass::instance().get_pce_target(&pce_target_info); + if(ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to get PCE target info:( ae %d)\n",ret); return ret; } - ret = prov_msg1_gen_header(msg1_header, msg1_output.field1_data_size, msg1_output.xid, msg1_size); + //Load PvE enclave now + ret = CPVEClass::instance().load_enclave(); + if( ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PvE enclave:(ae%d)\n",ret); + return ret; + } + //The code will generate a report on PEK by PvE + ret = gen_prov_msg1_data(&pve_data.pek, &pce_target_info, &pek_report); + if(AE_SUCCESS != ret ){ + AESM_DBG_ERROR("Gen ProvMsg1 in trusted code failed:( ae %d)",ret); + return ret; + } + se_static_assert(sizeof(encrypted_pcid)==PEK_MOD_SIZE); + //Load PCE Enclave required + ret = CPCEClass::instance().load_enclave(); + if(ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PCE enclave:( ae %d)\n",ret); + return ret; + } + ret = CPCEClass::instance().get_pce_info(pek_report, pve_data.pek, pce_id, + pce_isv_svn, encrypted_pcid); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("fail to generate ProvMsg1 Header:%d",ret); + AESM_DBG_ERROR("Fail to generate pc_info:(ae%d)",ret); + return ret; + } + + //randomly generate XID + ret = aesm_read_rand(pve_data.xid, XID_SIZE); + if(AE_SUCCESS != ret ){ + AESM_DBG_ERROR("Fail to generate random XID (ae%d)",ret); + return ret; + } + //randomly generate SK + ret = aesm_read_rand(pve_data.sk, SK_SIZE); + if(AE_SUCCESS != ret ){ + AESM_DBG_ERROR("Fail to generate random SK (ae%d)",ret); + return ret; + } + CPCEClass::instance().unload_enclave(); + ret = prov_msg1_gen_header(msg1_header, pve_data.is_performance_rekey, pve_data.xid, msg1_size); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("fail to generate ProvMsg1 Header:(ae %d)",ret); return ret; } { - TLVsMsg tlvs_msg1; + TLVsMsg tlvs_msg1_sub; tlv_status_t tlv_status; - tlv_status= tlvs_msg1.add_cipher_text(msg1_output.field0, PVE_RSA_KEY_BYTES, PEK_PUB); + + sgx_sha256_hash_t psid; + tlv_status = tlvs_msg1_sub.add_block_cipher_info(pve_data.sk); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to generate field0 TLV of ProvMsg1:%d",ret); + + AESM_DBG_ERROR("Fail to generate SK TLV of ProvMsg1 (ae %d)",ret); return ret; } - tlv_status = tlvs_msg1.add_block_cipher_text(msg1_output.field1_iv, msg1_output.field1_data, msg1_output.field1_data_size); + sgx_status = sgx_sha256_msg(reinterpret_cast(&pve_data.pek.n), + static_cast(sizeof(pve_data.pek.n) + sizeof(pve_data.pek.e)), &psid); + if(SGX_SUCCESS != sgx_status){ + AESM_DBG_ERROR("Fail to generate PSID, (sgx0x%x)",sgx_status); + return AE_FAILURE; + } + se_static_assert(sizeof(sgx_sha256_hash_t)==sizeof(psid_t)); + tlv_status = tlvs_msg1_sub.add_psid(reinterpret_cast(&psid)); ret = tlv_error_2_pve_error(tlv_status); - if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to generate field1 TLV of ProvMsg1:%d",ret); + if(SGX_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to add PSID TLV ae(%d)",ret); return ret; } - tlv_status = tlvs_msg1.add_mac(msg1_output.field1_mac); + //transform rsa format PEK public key of Provision Server into IPP library format + IppsRSAPublicKeyState *rsa_pub_key = NULL; + IppStatus ippStatus = get_provision_server_rsa_pub_key_in_ipp_format(pve_data.pek, &rsa_pub_key); + if( ippStsNoErr != ippStatus){ + AESM_DBG_ERROR("Fail to decode PEK:%d",ippStatus); + return AE_FAILURE; + } + uint8_t field0[PVE_RSA_KEY_BYTES]; + ret = aesm_rsa_oaep_encrypt(tlvs_msg1_sub.get_tlv_msg(), tlvs_msg1_sub.get_tlv_msg_size(), rsa_pub_key, field0); + secure_free_rsa_pub_key(PVE_RSA_KEY_BYTES, sizeof(uint32_t), rsa_pub_key); + if(AE_SUCCESS!=ret){ + AESM_DBG_ERROR("Fail to in RSA_OAEP for ProvMsg1:(ae%d)",ret); + return ret; + } + TLVsMsg tlvs_msg1; + tlv_status= tlvs_msg1.add_cipher_text(field0, PVE_RSA_KEY_BYTES, PEK_PUB); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to create field2 TLV of ProvMsg1:%d",ret); + AESM_DBG_ERROR("Fail to generate field0 TLV of ProvMsg1( ae%d)",ret); + return ret; + } + + TLVsMsg tlvs_msg2_sub; + tlv_status = tlvs_msg2_sub.add_cipher_text(encrypted_pcid, PVE_RSA_KEY_BYTES, PEK_PUB); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS!=ret){ + return ret; + } + + if(!pve_data.is_backup_retrieval){ + if(0!=memcpy_s(&pve_data.bpi.cpu_svn, sizeof(pve_data.bpi.cpu_svn), + &pek_report.body.cpu_svn, sizeof(pek_report.body.cpu_svn))){ + AESM_DBG_FATAL("fail in memcpy_s"); + return PVE_UNEXPECTED_ERROR; + } + if(0!=memcpy_s(&pve_data.bpi.pve_svn, sizeof(pve_data.bpi.pve_svn), + &pek_report.body.isv_svn, sizeof(pek_report.body.isv_svn))){ + AESM_DBG_FATAL("fail in memcpy_s"); + return PVE_UNEXPECTED_ERROR; + } + if(0!=memcpy_s(&pve_data.bpi.pce_svn, sizeof(pve_data.bpi.pce_svn), + &pce_isv_svn, sizeof(pce_isv_svn))){ + AESM_DBG_FATAL("fail in memcpy_s"); + return PVE_UNEXPECTED_ERROR; + } + } + //always use pce_id from PCE enclave + pve_data.bpi.pce_id = pce_id; + memset(&pve_data.bpi.fmsp, 0, sizeof(pve_data.bpi.fmsp)); + tlv_status = tlvs_msg2_sub.add_platform_info(pve_data.bpi); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to generate Platform Info TLV of ProvMsg1 (ae%d)",ret); + return ret; + } + if(pve_data.is_performance_rekey){ + //ignore performance rekey in backup retrieval + flags_t flags; + memset(&flags,0,sizeof(flags)); + //set performance rekey flags + flags.flags[FLAGS_SIZE-1]=1; + tlv_status = tlvs_msg2_sub.add_flags(&flags); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to generate FLAGS TLV of ProvMsg1, (ae %d)",ret); + return ret; + } + } + + ret = aesm_read_rand(field2_iv, IV_SIZE); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to read rand:(ae%d)",ret); + return ret; + } + sgx_cmac_128bit_tag_t ek1; + se_static_assert(SK_SIZE==sizeof(sgx_cmac_128bit_key_t)); + if((sgx_status = sgx_rijndael128_cmac_msg(reinterpret_cast(pve_data.sk), + pve_data.xid, XID_SIZE, &ek1))!=SGX_SUCCESS){ + AESM_DBG_ERROR("Fail to generate ek1:(sgx%d)",sgx_status); + return AE_FAILURE; + } + + field2 = (uint8_t *)malloc(tlvs_msg2_sub.get_tlv_msg_size()); + if(NULL == field2){ + AESM_DBG_ERROR("Out of memory"); + return AE_OUT_OF_MEMORY_ERROR; + } + + + sgx_status = sgx_rijndael128GCM_encrypt(&ek1, + tlvs_msg2_sub.get_tlv_msg(), tlvs_msg2_sub.get_tlv_msg_size(), + field2,field2_iv, IV_SIZE, (const uint8_t *)msg1_header, sizeof(provision_request_header_t), + (sgx_aes_gcm_128bit_tag_t *)field2_mac); + if(SGX_SUCCESS != sgx_status){ + ret = sgx_error_to_ae_error(sgx_status); + AESM_DBG_ERROR("Fail to do AES encrypt (sgx %d)", sgx_status); + free(field2); + return ret; + } + + tlv_status = tlvs_msg1.add_block_cipher_text(field2_iv, field2, tlvs_msg2_sub.get_tlv_msg_size()); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS!=ret){ + free(field2); + AESM_DBG_ERROR("Fail to generate field1 TLV of ProvMsg1(ae%d)",ret); + return ret; + } + + free(field2); + tlv_status = tlvs_msg1.add_mac(field2_mac); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS!=ret){ + AESM_DBG_ERROR("Fail to create field2 TLV of ProvMsg1:(ae %d)",ret); return ret; } uint32_t size = tlvs_msg1.get_tlv_msg_size(); - if(memcpy_s(msg1+PROVISION_REQUEST_HEADER_SIZE, msg1_size - PROVISION_REQUEST_HEADER_SIZE, + if(memcpy_s(msg1+PROVISION_REQUEST_HEADER_SIZE, msg1_size - PROVISION_REQUEST_HEADER_SIZE, tlvs_msg1.get_tlv_msg(), size)!=0){ - AESM_DBG_FATAL("memcpy error"); - return PVE_UNEXPECTED_ERROR;//The size overflow has been checked in header generation + //The size overflow has been checked in header generation + AESM_DBG_FATAL("fail in memcpy_s"); + return PVE_UNEXPECTED_ERROR; } } return AE_SUCCESS; diff --git a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg2.cpp b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg2.cpp index c688b00511..175f51dce7 100644 --- a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg2.cpp +++ b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg2.cpp @@ -30,16 +30,15 @@ */ #include "type_length_value.h" -#include "sgx_tcrypto_internal.h" #include "epid_utility.h" +#include "aesm_xegd_blob.h" #include "aeerror.h" #include "PVEClass.h" +#include "PCEClass.h" #include "aesm_rand.h" -#include "se_wrapper.h" -#include /** -* File: epid_provision_msg2.cpp +* File: epid_provision_msg2.cpp * Description: Provide the untrusted implementation of code to process ProvMsg2 * * Untrusted Code for EPID Provision @@ -50,17 +49,15 @@ #define MSG2_TOP_FIELD_DATA tlvs_msg2[1] #define MSG2_TOP_FIELD_MAC tlvs_msg2[2] #define MSG2_TOP_FIELD_SIGRL tlvs_msg2[3] -#define MSG2_FIELD1_MAX_COUNT 8 -#define MSG2_FIELD1_MIN_COUNT 6 +#define MSG2_FIELD1_MAX_COUNT 6 +#define MSG2_FIELD1_MIN_COUNT 4 #define MSG2_FIELD1_GROUP_CERT tlvs_field1[0] -#define MSG2_FIELD1_NONCE tlvs_field1[1] -#define MSG2_FIELD1_PREV_PSVN tlvs_field1[2]//optional field -#define MSG2_FIELD1_PSID tlvs_field1[psid_index]//psid_index is 2 if optional PREV_PSVN is not present or 3 if it is present -#define MSG2_FIELD1_ENC_TCB tlvs_field1[psid_index+1] -#define MSG2_FIELD1_MAC_TCB tlvs_field1[psid_index+2] -#define MSG2_FIELD1_DEVICE_ID tlvs_field1[psid_index+3] -#define PREV_GID_INDEX (psid_index+4) +#define MSG2_FIELD1_NONCE tlvs_field1[2] +#define MSG2_FIELD1_PSID tlvs_field1[1] +#define MSG2_FIELD1_PREV_PI tlvs_field1[alt_index+1] +#define PREV_GID_INDEX (alt_index+2) #define MSG2_FIELD1_PREV_GID tlvs_field1[PREV_GID_INDEX] +#define MSG2_FIELD1_PLAT_INFO tlvs_field1[alt_index+3] //Function to verify that EPID SigRL type and version is correct for sigrl @@ -79,7 +76,7 @@ static ae_error_t msg2_integrity_checking(const TLVsMsg& tlvs_msg2) return PVE_INTEGRITY_CHECK_ERROR; if(MSG2_TOP_FIELD_NONCE.type != TLV_NONCE || MSG2_TOP_FIELD_NONCE.size != NONCE_SIZE || MSG2_TOP_FIELD_NONCE.version != TLV_VERSION_1) return PVE_INTEGRITY_CHECK_ERROR; - if(MSG2_TOP_FIELD_NONCE.header_size != SMALL_TLV_HEADER_SIZE)//NONCE TLV has small header size + if(MSG2_TOP_FIELD_NONCE.header_size != SMALL_TLV_HEADER_SIZE)//Requires NONCE to be small header size return PVE_INTEGRITY_CHECK_ERROR; if(MSG2_TOP_FIELD_DATA.type != TLV_BLOCK_CIPHER_TEXT || MSG2_TOP_FIELD_DATA.version != TLV_VERSION_1) return PVE_INTEGRITY_CHECK_ERROR; @@ -103,67 +100,62 @@ static ae_error_t msg2_integrity_checking(const TLVsMsg& tlvs_msg2) static ae_error_t msg2_field1_msg_check_copy(const TLVsMsg& tlvs_field1, proc_prov_msg2_blob_input_t& msg2_blob_input, const signed_pek_t& pek) { uint32_t tlv_count = tlvs_field1.get_tlv_count(); - uint32_t psid_index = 2; - msg2_blob_input.is_previous_psvn_provided = false; - if(tlv_countMSG2_FIELD1_MAX_COUNT){ - return PVE_MSG_ERROR; - } - uint32_t i; - for(i=0;i(&pek.n), static_cast(sizeof(pek.n)+sizeof(pek.e)), &psid_hash)); @@ -171,15 +163,11 @@ static ae_error_t msg2_field1_msg_check_copy(const TLVsMsg& tlvs_field1, proc_pr return ret; if(0!=memcmp(&psid_hash, MSG2_FIELD1_PSID.payload, sizeof(psid_hash)))//PSID does not match return PVE_MSG_ERROR; + bk_platform_info_t *d2 = (bk_platform_info_t *)MSG2_FIELD1_PLAT_INFO.payload; - tlv_msg_t tcb_data = block_cipher_tlv_get_encrypted_text(MSG2_FIELD1_ENC_TCB); if(0!=memcpy_s(&msg2_blob_input.group_cert, sizeof(msg2_blob_input.group_cert), MSG2_FIELD1_GROUP_CERT.payload, MSG2_FIELD1_GROUP_CERT.size)|| 0!=memcpy_s(&msg2_blob_input.challenge_nonce, CHALLENGE_NONCE_SIZE, MSG2_FIELD1_NONCE.payload, MSG2_FIELD1_NONCE.size)|| - 0!=memcpy_s(&msg2_blob_input.equivalent_psvn, sizeof(psvn_t), device_id_tlv_get_psvn(MSG2_FIELD1_DEVICE_ID),sizeof(psvn_t))|| - 0!=memcpy_s(&msg2_blob_input.fmsp, sizeof(fmsp_t), device_id_tlv_get_fmsp(MSG2_FIELD1_DEVICE_ID), sizeof(fmsp_t))|| - 0!=memcpy_s(&msg2_blob_input.tcb_iv, IV_SIZE, block_cipher_tlv_get_iv(MSG2_FIELD1_ENC_TCB), IV_SIZE)|| - 0!=memcpy_s(&msg2_blob_input.encrypted_tcb, SK_SIZE, tcb_data.msg_buf, tcb_data.msg_size)|| - 0!=memcpy_s(&msg2_blob_input.tcb_mac, MAC_SIZE, MSG2_FIELD1_MAC_TCB.payload, MSG2_FIELD1_MAC_TCB.size)){ + 0!=memcpy_s(&msg2_blob_input.equiv_pi, sizeof(bk_platform_info_t), d2,sizeof(bk_platform_info_t))){ return PVE_UNEXPECTED_ERROR; } return AE_SUCCESS; @@ -187,11 +175,12 @@ static ae_error_t msg2_field1_msg_check_copy(const TLVsMsg& tlvs_field1, proc_pr //Function to check message header of ProvMsg2 to determine whether it is valid //@msg2_header, input the message header of ProvMsg2 +//@msg2_size, size of ProvMsg2, in bytes //@return AE_SUCCESS if the message header is valid ProvMsg2 or error code if there're any problems static ae_error_t check_prov_msg2_header(const provision_response_header_t *msg2_header, uint32_t msg2_size) { if(msg2_header->protocol != SE_EPID_PROVISIONING || msg2_header->type != TYPE_PROV_MSG2 || - msg2_header->version != TLV_VERSION_1){ + msg2_header->version != TLV_VERSION_2){ return PVE_INTEGRITY_CHECK_ERROR; } uint32_t size_in_header = lv_ntohl(msg2_header->size); @@ -204,26 +193,36 @@ static uint32_t estimate_epid_sig_size(uint32_t sigrl_size) { uint32_t sigrl_body_size = 0; uint32_t sigrl_extra_size = static_cast(sizeof(se_sig_rl_t)-sizeof(SigRLEntry)+2*ECDSA_SIGN_SIZE); - if(sigrl_size<=sigrl_extra_size){ - return static_cast(sizeof(EPIDSignature)-sizeof(NRProof)); + if(sigrl_size ==sigrl_extra_size || sigrl_size == 0){//sigrl_size==0 is special cases that no sigrl provided + //Add the TLV Header size + return static_cast(sizeof(EPIDSignature)-sizeof(NRProof)+MAX_TLV_HEADER_SIZE); + }else if (sigrl_size < sigrl_extra_size){ + //Invalid sigrl size + return 0; }else{ sigrl_body_size = sigrl_size - sigrl_extra_size; - size_t entry_count = sigrl_body_size/sizeof(SigRLEntry); - return static_cast(sizeof(EPIDSignature)-sizeof(NRProof)+sizeof(NRProof)*entry_count); + uint64_t entry_count = sigrl_body_size/sizeof(SigRLEntry); + uint64_t total_size = sizeof(EPIDSignature)-sizeof(NRProof)+sizeof(NRProof)*entry_count+MAX_TLV_HEADER_SIZE; + if(total_size > UINT32_MAX){ + return 0; + } + return static_cast(total_size); } } static ae_error_t gen_msg3_header(const gen_prov_msg3_output_t& msg3_output, const uint8_t xid[XID_SIZE], provision_request_header_t *msg3_header, uint32_t& msg3_size) { msg3_header->protocol = SE_EPID_PROVISIONING; - msg3_header->version = TLV_VERSION_1; + msg3_header->version = TLV_VERSION_2; msg3_header->type = TYPE_PROV_MSG3; size_t field1_size = 0; if(msg3_output.is_join_proof_generated){ field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE)+MAC_TLV_SIZE(MAC_SIZE); }else{ + // BLOCK_CIPHER_TEXT_TLV_SIZE(0) is needed because IV need to be included for the following MAC tlv field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(0)+MAC_TLV_SIZE(MAC_SIZE); } + field1_size+=NONCE_TLV_SIZE(NONCE_2_SIZE)+CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES)+SE_REPORT_TLV_SIZE(); size_t total_body_size = NONCE_TLV_SIZE(NONCE_SIZE) + BLOCK_CIPHER_TEXT_TLV_SIZE(field1_size)+MAC_TLV_SIZE(MAC_SIZE); if(msg3_output.is_epid_sig_generated){ total_body_size += BLOCK_CIPHER_TEXT_TLV_SIZE(msg3_output.epid_sig_output_size)+MAC_TLV_SIZE(MAC_SIZE); @@ -241,30 +240,21 @@ static ae_error_t gen_msg3_header(const gen_prov_msg3_output_t& msg3_output, con } //Function to decode ProvMsg2 and generate ProvMsg3 on success -//ProvMsg2 Format: -//R, E+MAC(**), [SigRL with ECDSA Sig] -//@msg2, the input buffer for ProvMsg2 in TLV encoded format -//@msg2_size, size of buffer msg2 -//@pek, the input pek got from endpoint selection protocol -//@epid_blob, input an optional old epid data blob used to generate non-revoke proof if required -//@blob_size, the buffer size of epid_blob -//@ek2, an output parameter for EK2 used in provision protocol which could be reused in proc_prov_msg4 -//@previous_psvn, an optional output buffer for Previous SigRL PSVN if old epid blob is missing or invalid -// so that caller could repeat ProvMsg1 and ProvMsg4 to retrieve backuped old epid data blob -//@msg3, output the ProvMsg3 in TLV encoded format -//@msg3_size: input the size of buffer msg3 +//@data: global structure used to store pve relative data +//@msg2: ProvMsg2 +//@msg2_size: size of ProvMsg2 +//@epid_blob: input an optional old epid data blob used to generate non-revoke proof if required +//@blob_size: size of the epid blob +//@msg3: output buffer for ProvMsg3 +//@msg3_size: input the size of buffer ProvMsg3, in byte //@return AE_SUCCESS on success and error code on failure -// PVE_EPID_BLOB_ERROR is returned if old_epid_blob is required but it is invalid or not provided and -// previous_psvn will be filled in by a Previous SigRL PSVN uint32_t CPVEClass::proc_prov_msg2( - const uint8_t* msg2, + pve_data_t &data, + const uint8_t *msg2, uint32_t msg2_size, - const signed_pek_t& pek, - const uint8_t* epid_blob, - uint32_t blob_size, - uint8_t ek2[SK_SIZE], - psvn_t* previous_psvn, - uint8_t* msg3, + const uint8_t *epid_blob, + uint32_t blob_size, + uint8_t *msg3, uint32_t msg3_size) { ae_error_t ret = AE_SUCCESS; @@ -273,6 +263,7 @@ uint32_t CPVEClass::proc_prov_msg2( uint8_t *epid_sig = NULL; uint8_t *decoded_msg2 = NULL; uint8_t *encrypted_field1 = NULL; + sgx_status_t sgx_status; uint8_t aad[PROVISION_RESPONSE_HEADER_SIZE+sizeof(RLver_t)+sizeof(GroupID)]; size_t aad_size = PROVISION_RESPONSE_HEADER_SIZE; const provision_response_header_t *msg2_header = reinterpret_cast(msg2); @@ -281,6 +272,10 @@ uint32_t CPVEClass::proc_prov_msg2( AESM_DBG_ERROR("ProvMsg2 size too small"); return PVE_MSG_ERROR; } + if (epid_blob != NULL && blob_size != SGX_TRUSTED_EPID_BLOB_SIZE_PAK){ + AESM_DBG_FATAL("epid blob size error"); + return PVE_UNEXPECTED_ERROR; + } if(msg3_size xid, data.xid, XID_SIZE) ){ + AESM_DBG_ERROR("unmatched xid in ProvMsg2 header"); + return AE_FAILURE; + } ret = check_epid_pve_pg_status_before_mac_verification(msg2_header); if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("Backend server reported error in ProvMsg2:%d",ret); + AESM_DBG_ERROR("Backend server reported error in ProvMsg2:(ae%d)",ret); return ret; } @@ -309,32 +308,30 @@ uint32_t CPVEClass::proc_prov_msg2( tlv_status= tlvs_msg2.init_from_buffer(msg2+static_cast(PROVISION_RESPONSE_HEADER_SIZE), msg2_size - static_cast(PROVISION_RESPONSE_HEADER_SIZE)); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to decode ProvMsg2:%d",ret); + AESM_DBG_ERROR("Fail to decode ProvMsg2:(ae%d)",ret); break; } ret = msg2_integrity_checking(tlvs_msg2);//checking and verifying that TLV structure is correct and version is supported if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("ProvMsg2 integrity checking error:%d",ret); + AESM_DBG_ERROR("ProvMsg2 integrity checking error:(ae%d)",ret); break; } - prov_get_ek2_input_t ek2_input; - if(memcpy_s(ek2_input.nonce, NONCE_SIZE, MSG2_TOP_FIELD_NONCE.payload, NONCE_SIZE)!=0){ - AESM_DBG_FATAL("memcpy error"); - ret = PVE_UNEXPECTED_ERROR; - break; + sgx_aes_gcm_128bit_key_t ek2; + uint8_t temp[NONCE_SIZE+XID_SIZE]; + if(0!=memcpy_s(temp, sizeof(temp), data.xid, XID_SIZE)|| + 0!=memcpy_s(temp+XID_SIZE, sizeof(temp)-XID_SIZE, MSG2_TOP_FIELD_NONCE.payload, NONCE_SIZE)){ + AESM_DBG_ERROR("memcpy error"); + ret = AE_FAILURE; + break; } - if(memcpy_s(ek2_input.xid, XID_SIZE, msg2_header->xid, XID_SIZE)!=0){ - AESM_DBG_FATAL("memcpy error"); - ret = PVE_UNEXPECTED_ERROR; - break; - } - //call PvE to get EK2 - se_static_assert(SK_SIZE == sizeof(prov_get_ek2_output_t)); - ret = static_cast(get_ek2(&ek2_input, reinterpret_cast(ek2))); - if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to get EK2:%d",ret); - break; + se_static_assert(sizeof(sgx_cmac_128bit_key_t)==SK_SIZE); + if((sgx_status=sgx_rijndael128_cmac_msg(reinterpret_cast(data.sk), + temp, XID_SIZE+NONCE_SIZE, &ek2))!=SGX_SUCCESS){ + AESM_DBG_ERROR("Fail to generate ek2:(sgx 0x%x)",sgx_status); + ret = AE_FAILURE; + break; } + if(tlvs_msg2.get_tlv_count() == MSG2_TOP_FIELDS_COUNT_WITH_SIGRL){//RLver and gid is added as part of AAD if available sigrl = reinterpret_cast(MSG2_TOP_FIELD_SIGRL.payload); if(0!=memcpy_s(aad+PROVISION_RESPONSE_HEADER_SIZE, sizeof(RLver_t), &sigrl->sig_rl.RLver, sizeof(RLver_t))){ @@ -359,47 +356,53 @@ uint32_t CPVEClass::proc_prov_msg2( break; } //decrypt ProvMsg2 by EK2 - sgx_status_t sgx_status = sgx_rijndael128GCM_decrypt(reinterpret_cast(ek2), - field1.msg_buf, field1.msg_size, decoded_msg2, - reinterpret_cast(block_cipher_tlv_get_iv(MSG2_TOP_FIELD_DATA)), IV_SIZE, + sgx_status_t sgx_status = sgx_rijndael128GCM_decrypt(&ek2, + field1.msg_buf, field1.msg_size, decoded_msg2, + reinterpret_cast(block_cipher_tlv_get_iv(MSG2_TOP_FIELD_DATA)), IV_SIZE, aad, static_cast(aad_size), reinterpret_cast(MSG2_TOP_FIELD_MAC.payload)); if(SGX_ERROR_MAC_MISMATCH == sgx_status){ - AESM_DBG_ERROR("Fail to decrypt ProvMsg2 body by EK2"); + AESM_DBG_ERROR("Fail to decrypt ProvMsg2 body by EK2 (sgx0x%x)",sgx_status); ret = PVE_INTEGRITY_CHECK_ERROR; break; } if( AE_SUCCESS != (ret = sgx_error_to_ae_error(sgx_status))){ - AESM_DBG_ERROR("error in decrypting ProvMsg2 body:%d",sgx_status); + AESM_DBG_ERROR("error in decrypting ProvMsg2 body:(sgx0x%x)",sgx_status); break; } ret = check_epid_pve_pg_status_after_mac_verification(msg2_header); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Backend server reported error in ProvMsg2 passed MAC verification:%d",ret); + AESM_DBG_ERROR("Backend server reported error in ProvMsg2 passed MAC verification:(ae%d)",ret); break; } TLVsMsg tlvs_field1; tlv_status = tlvs_field1.init_from_buffer(decoded_msg2, field1.msg_size);//decode TLV structure of field1 of ProvMsg2 ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to decode field1 of ProvMsg2:%d",tlv_status); + AESM_DBG_ERROR("Fail to decode field1 of ProvMsg2:(ae%d)",ret); break; } - proc_prov_msg2_blob_input_t msg2_blob_input; - ret = msg2_field1_msg_check_copy(tlvs_field1, msg2_blob_input, pek);//version/type checking to verify message format + proc_prov_msg2_blob_input_t msg2_blob_input={0}; + ret = CPCEClass::instance().load_enclave();//Load PCE enclave now + if( ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PCE enclave:(ae%d)\n",ret); + break; + } + ret = (ae_error_t)CPCEClass::instance().get_pce_target(&msg2_blob_input.pce_target_info); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("fail to get PCE target info:(ae%d)\n",ret); + break; + } + ret = msg2_field1_msg_check_copy(tlvs_field1, msg2_blob_input, data.pek);//version/type checking to verify message format if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("field1 of ProvMsg2 checking error:%d",ret); + AESM_DBG_ERROR("field1 of ProvMsg2 checking error:( ae%d)",ret); break; } gen_prov_msg3_output_t msg3_fixed_output; memset(&msg3_fixed_output, 0, sizeof(msg3_fixed_output)); //collect old epid blob if(epid_blob==NULL){ - memset(msg2_blob_input.old_epid_data_blob, 0, HARD_CODED_EPID_BLOB_SIZE); - }else if(blob_size!=HARD_CODED_EPID_BLOB_SIZE){ - AESM_DBG_FATAL("epid blob internal size error"); - ret = PVE_UNEXPECTED_ERROR; - break; + memset(msg2_blob_input.old_epid_data_blob, 0, SGX_TRUSTED_EPID_BLOB_SIZE_PAK); }else{ #ifdef DBG_LOG { @@ -408,58 +411,93 @@ uint32_t CPVEClass::proc_prov_msg2( AESM_DBG_TRACE("old epid blob=%s",dbg_str); } #endif - if(0!=memcpy_s(msg2_blob_input.old_epid_data_blob, HARD_CODED_EPID_BLOB_SIZE, epid_blob, blob_size)){ + if (0 != memcpy_s(msg2_blob_input.old_epid_data_blob, SGX_TRUSTED_EPID_BLOB_SIZE_PAK, epid_blob, blob_size)){ AESM_DBG_FATAL("memcpy error"); ret = PVE_UNEXPECTED_ERROR; break; } } - uint32_t epid_sig_output_size = estimate_epid_sig_size(sigrl_size) + MAX_TLV_HEADER_SIZE; + if(0!=memcpy_s(&msg2_blob_input.pek,sizeof(data.pek), &data.pek, sizeof(data.pek))){ + AESM_DBG_ERROR("memcpy error"); + ret = AE_FAILURE; + break; + } + if (AE_SUCCESS != (ret = XEGDBlob::instance().read(msg2_blob_input.xegb))){ + AESM_DBG_ERROR("Fail to read extend epid group blob info "); + return ret; + } + + uint32_t epid_sig_output_size = estimate_epid_sig_size(sigrl_size); + //estimate_epid_sig_size(sigrl_size)=0, which means the sigrl is invalid. + if(epid_sig_output_size == 0){ + AESM_DBG_ERROR("Invalid SIGRL size %d", sigrl_size); + ret = PVE_MSG_ERROR; + break; + } epid_sig = reinterpret_cast(malloc(epid_sig_output_size)); if(NULL == epid_sig){ AESM_DBG_ERROR("malloc error"); ret = AE_OUT_OF_MEMORY_ERROR; break; } - ret = (ae_error_t)proc_prov_msg2_data(&msg2_blob_input, reinterpret_cast(sigrl), sigrl_size, + ret = CPVEClass::instance().load_enclave();//Load PvE enclave now + if( ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PvE enclave:(ae%d)\n",ret); + break; + } + ret = (ae_error_t)proc_prov_msg2_data(&msg2_blob_input, data.is_performance_rekey, reinterpret_cast(sigrl), sigrl_size, &msg3_fixed_output, epid_sig, epid_sig_output_size);//ecall to process msg2 data and generate msg3 data in PvE if( PVE_EPIDBLOB_ERROR == ret){ - if(previous_psvn == NULL){ - AESM_DBG_ERROR("PvE requires previous PSVN but it is not provided"); - ret = PVE_PARAMETER_ERROR; + if(0!=memcpy_s(&data.bpi, sizeof(bk_platform_info_t), &msg2_blob_input.previous_pi, sizeof(bk_platform_info_t))){ + AESM_DBG_FATAL("memcpy error"); + ret = PVE_UNEXPECTED_ERROR; break; - }else{//output previous svn in correspondent to sigrl in epid blob error - if(0!=memcpy_s(previous_psvn, sizeof(psvn_t), &msg2_blob_input.previous_psvn, sizeof(psvn_t))){ - AESM_DBG_FATAL("memcpy error"); - ret = PVE_UNEXPECTED_ERROR; - break; - } + } } if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("PvE report error %d in processing ProvMsg2",ret); + AESM_DBG_ERROR("PvE report error (ae%d) in processing ProvMsg2",ret); break; } + uint8_t ecdsa_sign[64]; + psvn_t psvn={0}; + if(0!=memcpy_s(&psvn.cpu_svn,sizeof(sgx_cpu_svn_t), &msg2_blob_input.equiv_pi.cpu_svn, sizeof(sgx_cpu_svn_t))|| + 0!=memcpy_s(&psvn.isv_svn, sizeof(sgx_isv_svn_t), &msg2_blob_input.equiv_pi.pce_svn, sizeof(sgx_isv_svn_t))){ + ret = PVE_UNEXPECTED_ERROR; + break; + } + ret = CPCEClass::instance().load_enclave();//Load PCE enclave now + if( ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PCE enclave:(ae%d)\n",ret); + break; + } + ret = (ae_error_t)CPCEClass::instance().sign_report(psvn, msg3_fixed_output.pwk2_report, ecdsa_sign); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("PCE report error (ae%d) in sign report",ret); + break; + } + CPCEClass::instance().unload_enclave(); uint8_t iv[IV_SIZE]; uint8_t mac[MAC_SIZE]; uint8_t *payload_data=NULL; uint32_t payload_size = 0; ret = aesm_read_rand(iv, IV_SIZE); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("fail to generate random number:%d",ret); + + AESM_DBG_ERROR("fail to generate random number:(ae%d)",ret); break; } //Now start to generate ProvMsg3 - ret = gen_msg3_header(msg3_fixed_output, ek2_input.xid, msg3_header,msg3_size);//first generate header + ret = gen_msg3_header(msg3_fixed_output, data.xid, msg3_header,msg3_size);//first generate header if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to generate ProvMsg3 Header:%d",ret); + AESM_DBG_ERROR("Fail to generate ProvMsg3 Header:(ae%d)",ret); break; } TLVsMsg tlvs_msg3; - tlv_status = tlvs_msg3.add_nonce(ek2_input.nonce, NONCE_SIZE); + tlv_status = tlvs_msg3.add_nonce(MSG2_TOP_FIELD_NONCE.payload, NONCE_SIZE); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("Fail to generate Nonce TLV in ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to generate Nonce TLV in ProvMsg3:(ae%d)",ret); break; } if(msg3_fixed_output.is_join_proof_generated){ @@ -470,13 +508,31 @@ uint32_t CPVEClass::proc_prov_msg2( tlv_status = tlvs_m3field1.add_block_cipher_text(msg3_fixed_output.field1_iv, payload_data, payload_size); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to generate Field3.1 TLV in ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to generate Field3.1 TLV in ProvMsg3:(ae%d)", ret); break; } tlv_status = tlvs_m3field1.add_mac(msg3_fixed_output.field1_mac); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to generate Field3.2 TLV in ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to generate Field3.2 TLV in ProvMsg3:(ae%d)",ret); + break; + } + tlv_status = tlvs_m3field1.add_nonce(msg3_fixed_output.n2, NONCE_2_SIZE); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to generate Field3.3 NONCE TLV N2 in ProvMsg3:(ae %d)",ret); + break; + } + tlv_status = tlvs_m3field1.add_cipher_text(msg3_fixed_output.encrypted_pwk2, PVE_RSA_KEY_BYTES, PEK_PUB); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to generate Field3.4 SE Report TLV in ProvMsg3:(ae %d)",ret); + break; + } + tlv_status = tlvs_m3field1.add_pce_report_sign(msg3_fixed_output.pwk2_report.body, ecdsa_sign); + ret = tlv_error_2_pve_error(tlv_status); + if(AE_SUCCESS != ret){ + AESM_DBG_ERROR("Fail to generate Field3.5 PCE Report Sign TLV in ProvMsg3:(ae %d)",ret); break; } encrypted_field1 = reinterpret_cast(malloc(tlvs_m3field1.get_tlv_msg_size())); @@ -486,39 +542,41 @@ uint32_t CPVEClass::proc_prov_msg2( break; } //encrypt field1 using ek2 as key - sgx_status = sgx_rijndael128GCM_encrypt(reinterpret_cast(ek2), - tlvs_m3field1.get_tlv_msg(), tlvs_m3field1.get_tlv_msg_size(), encrypted_field1, + + sgx_status = sgx_rijndael128GCM_encrypt(&ek2, + tlvs_m3field1.get_tlv_msg(), tlvs_m3field1.get_tlv_msg_size(), encrypted_field1, iv, IV_SIZE, reinterpret_cast(msg3_header), PROVISION_REQUEST_HEADER_SIZE, reinterpret_cast(mac)); if(AE_SUCCESS != (ret = sgx_error_to_ae_error(sgx_status))){ - AESM_DBG_ERROR("fail to encrypting ProvMsg3 body by ek2:%d",sgx_status); + AESM_DBG_ERROR("fail to encrypting ProvMsg3 body by ek2:(sgx0x%x)",sgx_status); break; } tlv_status = tlvs_msg3.add_block_cipher_text(iv, encrypted_field1, tlvs_m3field1.get_tlv_msg_size()); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to create Field1 TLV of ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to create Field1 TLV of ProvMsg3:(ae%d)",ret); break; } ret = tlv_error_2_pve_error(tlvs_msg3.add_mac(mac)); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to create Field2 TLV of ProvMsg3:%d",ret); + AESM_DBG_ERROR("Fail to create Field2 TLV of ProvMsg3:(ae%d)",ret); break; } if(msg3_fixed_output.is_epid_sig_generated){ tlv_status = tlvs_msg3.add_block_cipher_text(msg3_fixed_output.epid_sig_iv, epid_sig, msg3_fixed_output.epid_sig_output_size); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to create Field3 TLV of ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to create Field3 TLV of ProvMsg3:(ae%d)",ret); break; } tlv_status = tlvs_msg3.add_mac(msg3_fixed_output.epid_sig_mac); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Fail to create Field4 TLV of ProvMsg3:%d",tlv_status); + AESM_DBG_ERROR("Fail to create Field4 TLV of ProvMsg3:(ae%d)",ret); break; } } + assert( tlvs_msg3.get_tlv_msg_size() <= msg3_size - PROVISION_REQUEST_HEADER_SIZE);//The checking should have been done in header generation if(0!=memcpy_s(msg3+PROVISION_REQUEST_HEADER_SIZE, msg3_size-PROVISION_REQUEST_HEADER_SIZE, diff --git a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg4.cpp b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg4.cpp index 18cccf91e0..289edc0e9f 100644 --- a/psw/ae/aesm_service/source/epid_provision/epid_provision_msg4.cpp +++ b/psw/ae/aesm_service/source/epid_provision/epid_provision_msg4.cpp @@ -29,17 +29,15 @@ * */ - #include "type_length_value.h" -#include "sgx_tcrypto_internal.h" #include #include "epid_utility.h" +#include "aesm_xegd_blob.h" #include "aeerror.h" #include "PVEClass.h" -#include "se_wrapper.h" -#include "oal/internal_log.h" + /** -* File: epid_provision_msg4.cpp +* File: epid_provision_msg4.cpp * Description: Provide the untrusted implementation of code to process ProvMsg4 * * Untrusted Code for EPID Provision @@ -49,13 +47,12 @@ #define MSG4_TOP_FIELD_DATA tlvs_msg4[1] #define MSG4_TOP_FIELD_MAC tlvs_msg4[2] -#define MSG4_FIELD1_COUNT 6 -#define MSG4_FIELD1_DEVICE_ID tlvs_field1[5] -#define MSG4_FIELD1_ENC_TCB tlvs_field1[0] -#define MSG4_FIELD1_MAC_TCB tlvs_field1[1] -#define MSG4_FIELD1_ENC_Axf tlvs_field1[2] -#define MSG4_FIELD1_MAC_Axf tlvs_field1[3] -#define MSG4_FIELD1_GROUP_CERT tlvs_field1[4] +#define MSG4_FIELD1_COUNT 5 +#define MSG4_FIELD1_PLATFORM_INFO tlvs_field1[4] +#define MSG4_FIELD1_Nonce2 tlvs_field1[0] +#define MSG4_FIELD1_ENC_Axf tlvs_field1[1] +#define MSG4_FIELD1_MAC_Axf tlvs_field1[2] +#define MSG4_FIELD1_GROUP_CERT tlvs_field1[3] static ae_error_t msg4_integrity_checking(const TLVsMsg& tlvs_msg4) @@ -63,8 +60,8 @@ static ae_error_t msg4_integrity_checking(const TLVsMsg& tlvs_msg4) uint32_t tlv_count = tlvs_msg4.get_tlv_count(); if(tlv_count != MSG4_TOP_FIELDS_COUNT) return PVE_INTEGRITY_CHECK_ERROR; - if(MSG4_TOP_FIELD_NONCE.type != TLV_NONCE || MSG4_TOP_FIELD_NONCE.size != NONCE_SIZE || - MSG4_TOP_FIELD_NONCE.version != TLV_VERSION_1 || MSG4_TOP_FIELD_NONCE.header_size != SMALL_TLV_HEADER_SIZE) + if(MSG4_TOP_FIELD_NONCE.type != TLV_NONCE || MSG4_TOP_FIELD_NONCE.version != TLV_VERSION_1 || + MSG4_TOP_FIELD_NONCE.size != NONCE_SIZE || MSG4_TOP_FIELD_NONCE.header_size != SMALL_TLV_HEADER_SIZE) return PVE_INTEGRITY_CHECK_ERROR; if(MSG4_TOP_FIELD_DATA.type != TLV_BLOCK_CIPHER_TEXT || MSG4_TOP_FIELD_DATA.version != TLV_VERSION_1) return PVE_INTEGRITY_CHECK_ERROR; @@ -85,22 +82,9 @@ static ae_error_t msg4_field1_msg_checking(const TLVsMsg& tlvs_field1) if(tlvs_field1[i].version != TLV_VERSION_1) return PVE_MSG_ERROR; - - if(MSG4_FIELD1_GROUP_CERT.type != TLV_EPID_GROUP_CERT|| - MSG4_FIELD1_GROUP_CERT.size != sizeof(signed_epid_group_cert_t)|| - MSG4_FIELD1_GROUP_CERT.header_size != SMALL_TLV_HEADER_SIZE) - return PVE_MSG_ERROR; - - if(MSG4_FIELD1_DEVICE_ID.type != TLV_DEVICE_ID || - MSG4_FIELD1_DEVICE_ID.size != sizeof(device_id_t)|| - MSG4_FIELD1_DEVICE_ID.header_size != SMALL_TLV_HEADER_SIZE) - return PVE_MSG_ERROR; - if(MSG4_FIELD1_ENC_TCB.type != TLV_BLOCK_CIPHER_TEXT|| - MSG4_FIELD1_ENC_TCB.size != BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(SK_SIZE)) - return PVE_MSG_ERROR; - if(MSG4_FIELD1_MAC_TCB.type != TLV_MESSAGE_AUTHENTICATION_CODE|| - MSG4_FIELD1_MAC_TCB.size != MAC_SIZE || - MSG4_FIELD1_MAC_TCB.header_size != SMALL_TLV_HEADER_SIZE) + if(MSG4_FIELD1_Nonce2.type != TLV_NONCE || + MSG4_FIELD1_Nonce2.size != NONCE_2_SIZE || + MSG4_FIELD1_Nonce2.header_size != SMALL_TLV_HEADER_SIZE) return PVE_MSG_ERROR; if(MSG4_FIELD1_ENC_Axf.type != TLV_BLOCK_CIPHER_TEXT|| MSG4_FIELD1_ENC_Axf.size != BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE)) @@ -109,16 +93,24 @@ static ae_error_t msg4_field1_msg_checking(const TLVsMsg& tlvs_field1) MSG4_FIELD1_MAC_Axf.size != MAC_SIZE|| MSG4_FIELD1_MAC_Axf.header_size != SMALL_TLV_HEADER_SIZE) return PVE_MSG_ERROR; + if(MSG4_FIELD1_GROUP_CERT.type != TLV_EPID_GROUP_CERT|| + MSG4_FIELD1_GROUP_CERT.size != sizeof(signed_epid_group_cert_t)|| + MSG4_FIELD1_GROUP_CERT.header_size != SMALL_TLV_HEADER_SIZE) + return PVE_MSG_ERROR; + if (MSG4_FIELD1_PLATFORM_INFO.type != TLV_PLATFORM_INFO || + MSG4_FIELD1_PLATFORM_INFO.size != sizeof(bk_platform_info_t) || + MSG4_FIELD1_PLATFORM_INFO.header_size != SMALL_TLV_HEADER_SIZE) + return PVE_MSG_ERROR; return AE_SUCCESS; } //Function to check message header of ProvMsg4 to determine whether it is valid //@msg4_header, input the message header of ProvMsg4 -//@return AE_SUCCESS if the message header is valid ProvMsg4 or error code if there're any problems +//@return PVEC_SUCCESS if the message header is valid ProvMsg4 or error code if there're any problems static ae_error_t check_prov_msg4_header(const provision_response_header_t *msg4_header, uint32_t msg4_size) { if(msg4_header->protocol != SE_EPID_PROVISIONING || msg4_header->type != TYPE_PROV_MSG4 || - msg4_header->version != TLV_VERSION_1){ + msg4_header->version != TLV_VERSION_2){ return PVE_INTEGRITY_CHECK_ERROR; } uint32_t size_in_header = lv_ntohl(msg4_header->size); @@ -130,78 +122,71 @@ static ae_error_t check_prov_msg4_header(const provision_response_header_t *msg4 //Function to decode ProvMsg4 and generate epid data blob uint32_t CPVEClass::proc_prov_msg4( - bool use_ek2_in_input, - const uint8_t ek2[SK_SIZE], - const uint8_t* msg4, + const pve_data_t &data, + const uint8_t *msg4, uint32_t msg4_size, - uint8_t* data_blob, + uint8_t *data_blob, uint32_t blob_size) { ae_error_t ret = AE_SUCCESS; uint8_t local_ek2[SK_SIZE]; uint8_t *decoded_msg4 = NULL; + uint8_t temp[XID_SIZE+NONCE_SIZE]; + sgx_status_t sgx_status; const provision_response_header_t *msg4_header = reinterpret_cast(msg4); if(msg4_size < PROVISION_RESPONSE_HEADER_SIZE){ AESM_DBG_ERROR("invalid msg4 size"); return PVE_MSG_ERROR; } - if(blob_size != HARD_CODED_EPID_BLOB_SIZE){ + if (blob_size != SGX_TRUSTED_EPID_BLOB_SIZE_PAK){ AESM_DBG_FATAL("invalid input epid blob size"); return PVE_PARAMETER_ERROR; } ret = check_prov_msg4_header(msg4_header, msg4_size); if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("Invalid ProvMsg4 Header:%d",ret); + AESM_DBG_ERROR("Invalid ProvMsg4 Header:(ae%d)",ret); return ret; } + if(0!=memcmp(msg4_header->xid, data.xid, XID_SIZE)){ + AESM_DBG_ERROR("Invalid XID in msg4 header"); + return PVE_MSG_ERROR; + } ret = check_epid_pve_pg_status_before_mac_verification(msg4_header); if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("Backend return failure in ProvMsg4 Header:%d",ret); + AESM_DBG_ERROR("Backend return failure in ProvMsg4 Header:(ae%d)",ret); return ret; } do{ TLVsMsg tlvs_msg4; + uint8_t aad[PROVISION_RESPONSE_HEADER_SIZE+NONCE_SIZE]; tlv_status_t tlv_status; tlv_status = tlvs_msg4.init_from_buffer(msg4+static_cast(PROVISION_RESPONSE_HEADER_SIZE), msg4_size - static_cast(PROVISION_RESPONSE_HEADER_SIZE)); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS!=ret){ - AESM_DBG_ERROR("fail to decode ProvMsg4:%d",tlv_status); + AESM_DBG_ERROR("fail to decode ProvMsg4:(ae%d)",ret); break; } ret = msg4_integrity_checking(tlvs_msg4); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("ProvMsg4 integrity checking error:%d",ret); + AESM_DBG_ERROR("ProvMsg4 integrity checking error:(ae%d)",ret); break; } AESM_DBG_TRACE("ProvMsg4 decoded"); - if(!use_ek2_in_input){ //we need generate ek2 - prov_get_ek2_input_t ek2_input; - if(memcpy_s(ek2_input.nonce, NONCE_SIZE, MSG4_TOP_FIELD_NONCE.payload, NONCE_SIZE)!=0){ - AESM_DBG_ERROR("fail in memcpy"); - ret = PVE_UNEXPECTED_ERROR; + se_static_assert(sizeof(sgx_cmac_128bit_key_t)==SK_SIZE); + if(0!=memcpy_s(temp,sizeof(temp), data.xid, XID_SIZE)|| + 0!=memcpy_s(temp+XID_SIZE, sizeof(temp)-XID_SIZE, MSG4_TOP_FIELD_NONCE.payload, NONCE_SIZE)){ + AESM_DBG_ERROR("Fail in memcpy"); + ret = AE_FAILURE; break; - } - if(memcpy_s(ek2_input.xid, XID_SIZE, msg4_header->xid, XID_SIZE)!=0){ - AESM_DBG_ERROR("fail in memcpy"); - ret = PVE_UNEXPECTED_ERROR; + } + if((sgx_status=sgx_rijndael128_cmac_msg(reinterpret_cast(data.sk), + temp, XID_SIZE+NONCE_SIZE, reinterpret_cast(local_ek2)))!=SGX_SUCCESS){ + AESM_DBG_ERROR("Fail to generate ek2:(sgx0x%x)",sgx_status); + ret = AE_FAILURE; break; - } - //call PvE to get EK2 - se_static_assert(SK_SIZE == sizeof(prov_get_ek2_output_t)); - ret = (ae_error_t)get_ek2(&ek2_input, reinterpret_cast(local_ek2)); - if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("fail to get EK2:%d",ret); - break; - } - }else{//reuse ek2 generated in processing ProvMsg2 - if(0!=memcpy_s(local_ek2, sizeof(local_ek2), ek2, SK_SIZE)){ - AESM_DBG_ERROR("fail in memcpy"); - ret = PVE_UNEXPECTED_ERROR; - break; - } } se_static_assert(SK_SIZE==sizeof(sgx_aes_gcm_128bit_key_t)); tlv_msg_t field1 = block_cipher_tlv_get_encrypted_text(MSG4_TOP_FIELD_DATA); @@ -211,52 +196,51 @@ uint32_t CPVEClass::proc_prov_msg4( ret = AE_OUT_OF_MEMORY_ERROR; break; } + if (memcpy_s(aad, sizeof(aad), msg4_header, PROVISION_RESPONSE_HEADER_SIZE) != 0 || + memcpy_s(aad + PROVISION_RESPONSE_HEADER_SIZE, sizeof(aad)-PROVISION_RESPONSE_HEADER_SIZE, + MSG4_TOP_FIELD_NONCE.payload, MSG4_TOP_FIELD_NONCE.size) != 0){ + AESM_DBG_ERROR("memcpy failure"); + ret = AE_FAILURE; + break; + } sgx_status_t sgx_status = sgx_rijndael128GCM_decrypt(reinterpret_cast(local_ek2), - field1.msg_buf, field1.msg_size, decoded_msg4, - reinterpret_cast(block_cipher_tlv_get_iv(MSG4_TOP_FIELD_DATA)), IV_SIZE, - reinterpret_cast(msg4_header), PROVISION_RESPONSE_HEADER_SIZE, + field1.msg_buf, field1.msg_size, decoded_msg4, + reinterpret_cast(block_cipher_tlv_get_iv(MSG4_TOP_FIELD_DATA)), IV_SIZE, + aad, sizeof(aad), reinterpret_cast(MSG4_TOP_FIELD_MAC.payload)); if(SGX_ERROR_MAC_MISMATCH == sgx_status){ - AESM_DBG_ERROR("fail to decrypt ProvMsg4 by EK2"); + AESM_DBG_ERROR("fail to decrypt ProvMsg4 by EK2 (sgx0x%x)",sgx_status); ret = PVE_INTEGRITY_CHECK_ERROR; break; } if( AE_SUCCESS != (ret = sgx_error_to_ae_error(sgx_status))){ - AESM_DBG_ERROR("error in decrypting ProvMsg4:%d",sgx_status); + AESM_DBG_ERROR("error in decrypting ProvMsg4:(sgx0x%x)",sgx_status); break; } AESM_DBG_TRACE("ProvMsg4 decrypted by EK2 successfully"); ret = check_epid_pve_pg_status_after_mac_verification(msg4_header); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("Backend reported error passed MAC verification:%d",ret); + AESM_DBG_ERROR("Backend reported error passed MAC verification:(ae%d)",ret); break; } TLVsMsg tlvs_field1; tlv_status = tlvs_field1.init_from_buffer(decoded_msg4, field1.msg_size); ret = tlv_error_2_pve_error(tlv_status); if(AE_SUCCESS != ret){ - AESM_DBG_ERROR("ProvMsg4 Field2.1 decoding failed:%d",tlv_status); + AESM_DBG_ERROR("ProvMsg4 Field2.1 decoding failed:(ae%d)",ret); break; } ret = msg4_field1_msg_checking(tlvs_field1); if( AE_SUCCESS != ret){ - AESM_DBG_ERROR("ProvMsg4 Field2.1 invalid:%d",ret); + AESM_DBG_ERROR("ProvMsg4 Field2.1 invalid:(ae%d)",ret); break; } proc_prov_msg4_input_t msg4_input; - if(sizeof(proc_prov_msg4_output_t)!=SGX_TRUSTED_EPID_BLOB_SIZE){ - AESM_DBG_FATAL("Trusted ProvMsg4 output buffer size error"); - ret = PVE_UNEXPECTED_ERROR; - break; - } - tlv_msg_t tcb_data = block_cipher_tlv_get_encrypted_text(MSG4_FIELD1_ENC_TCB); tlv_msg_t Axf_data = block_cipher_tlv_get_encrypted_text(MSG4_FIELD1_ENC_Axf); if(0!=memcpy_s(&msg4_input.group_cert, sizeof(msg4_input.group_cert), MSG4_FIELD1_GROUP_CERT.payload, MSG4_FIELD1_GROUP_CERT.size)|| - 0!=memcpy_s(&msg4_input.equivalent_psvn, sizeof(psvn_t), device_id_tlv_get_psvn(MSG4_FIELD1_DEVICE_ID), sizeof(psvn_t))|| - 0!=memcpy_s(&msg4_input.fmsp, sizeof(fmsp_t), device_id_tlv_get_fmsp(MSG4_FIELD1_DEVICE_ID), sizeof(fmsp_t))|| - 0!=memcpy_s(&msg4_input.tcb_iv, IV_SIZE, block_cipher_tlv_get_iv(MSG4_FIELD1_ENC_TCB), IV_SIZE)|| - 0!=memcpy_s(&msg4_input.encrypted_tcb, SK_SIZE, tcb_data.msg_buf, tcb_data.msg_size)|| - 0!=memcpy_s(&msg4_input.tcb_mac, MAC_SIZE, MSG4_FIELD1_MAC_TCB.payload, MSG4_FIELD1_MAC_TCB.size)|| + 0!=memcpy_s(&msg4_input.n2, NONCE_2_SIZE, MSG4_FIELD1_Nonce2.payload, MSG4_FIELD1_Nonce2.size) || + 0!=memcpy_s(&msg4_input.equivalent_psvn, sizeof(psvn_t), platform_info_tlv_get_psvn(MSG4_FIELD1_PLATFORM_INFO), sizeof(psvn_t))|| + 0!=memcpy_s(&msg4_input.fmsp, sizeof(fmsp_t), platform_info_tlv_get_fmsp(MSG4_FIELD1_PLATFORM_INFO), sizeof(fmsp_t))|| 0!=memcpy_s(&msg4_input.member_credential_iv, IV_SIZE, block_cipher_tlv_get_iv(MSG4_FIELD1_ENC_Axf), IV_SIZE)|| 0!=memcpy_s(&msg4_input.encrypted_member_credential, HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE, Axf_data.msg_buf, Axf_data.msg_size)|| 0!=memcpy_s(&msg4_input.member_credential_mac, MAC_SIZE, MSG4_FIELD1_MAC_Axf.payload, MSG4_FIELD1_MAC_Axf.size)){ @@ -264,8 +248,18 @@ uint32_t CPVEClass::proc_prov_msg4( ret = PVE_UNEXPECTED_ERROR; break; } + if (AE_SUCCESS != (ret =XEGDBlob::instance().read(msg4_input.xegb))){ + AESM_DBG_ERROR("Fail to read extend epid blob info (ae%d)",ret); + return ret; + } + + ret = CPVEClass::instance().load_enclave();//Load PvE enclave now + if( ret != AE_SUCCESS){ + AESM_DBG_ERROR("Fail to load PvE enclave:(ae%d)\n",ret); + break; + } ret = (ae_error_t)proc_prov_msg4_data(&msg4_input, reinterpret_cast(data_blob)); - AESM_DBG_TRACE("PvE return %d in Process ProvMsg4",ret); + AESM_DBG_TRACE("PvE return (ae%d) in Process ProvMsg4",ret); }while(0); if(decoded_msg4)free(decoded_msg4); return ret; diff --git a/psw/ae/aesm_service/source/epid_provision/epid_utility.cpp b/psw/ae/aesm_service/source/epid_provision/epid_utility.cpp index 7e39e0cb79..6719638b17 100644 --- a/psw/ae/aesm_service/source/epid_provision/epid_utility.cpp +++ b/psw/ae/aesm_service/source/epid_provision/epid_utility.cpp @@ -63,7 +63,7 @@ ae_error_t check_endpoint_pg_stauts(const provision_response_header_t *msg_heade case GRS_INTEGRITY_CHECK_FAIL: return PVE_INTEGRITY_CHECK_ERROR; case GRS_INCOMPATIBLE_VERSION://Backend report that PSW has used too old protocol, we need update PSW software - return PSW_UPDATED_REQUIRED; + return PSW_UPDATE_REQUIRED; case GRS_INCORRECT_SYNTAX: return PVE_MSG_ERROR; case GRS_OK: @@ -83,7 +83,7 @@ ae_error_t check_epid_pve_pg_status_before_mac_verification(const provision_res case GRS_INTEGRITY_CHECK_FAIL: return PVE_INTEGRITY_CHECK_ERROR; case GRS_INCOMPATIBLE_VERSION://Backend report that PSW has used too old protocol, we need update PSW software, no MAC provided - return PSW_UPDATED_REQUIRED; + return PSW_UPDATE_REQUIRED; case GRS_INCORRECT_SYNTAX: return PVE_MSG_ERROR; case GRS_OK: @@ -114,6 +114,10 @@ ae_error_t check_epid_pve_pg_status_after_mac_verification(const provision_resp return PVE_REVOKED_ERROR; case SE_PRS_PERFORMANCE_REKEY_NOT_SUPPORTED: return PVE_PERFORMANCE_REKEY_NOT_SUPPORTED; + case SE_PRS_PROV_ATTEST_KEY_NOT_FOUND: + return PVE_PROV_ATTEST_KEY_NOT_FOUND; + case SE_PRS_INVALID_REPORT: + return PVE_INVALID_REPORT; default: return PVE_SERVER_REPORTED_ERROR; } diff --git a/psw/ae/aesm_service/source/le/LEClass.cpp b/psw/ae/aesm_service/source/le/LEClass.cpp index 3412fc3943..bdcbaef698 100644 --- a/psw/ae/aesm_service/source/le/LEClass.cpp +++ b/psw/ae/aesm_service/source/le/LEClass.cpp @@ -36,6 +36,8 @@ #include "arch.h" #include "ae_ipp.h" #include "util.h" +#include "service_enclave_mrsigner.hh" +#include "aesm_long_lived_thread.h" extern "C" sgx_status_t sgx_create_le(const char *file_name, const char *prd_css_file_name, const int debug, sgx_launch_token_t *launch_token, int *launch_token_updated, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr, int *production_loaded); @@ -50,6 +52,7 @@ int CLEClass::white_list_register( sgx_status_t ret = SGX_SUCCESS; int retry = 0; uint32_t status = 0; + AESMLogicLock locker(AESMLogic::_le_mutex); assert(m_enclave_id); @@ -83,6 +86,50 @@ void CLEClass::load_white_cert_list() load_verified_white_cert_list(); load_white_cert_list_to_be_verify();//If this version is older than previous one, it will not be loaded } +#include +#include "endpoint_select_info.h" +#include "stdint.h" + +#define UPDATE_DURATION (24*3600) +ae_error_t CLEClass::update_white_list_by_url() +{ + static time_t last_updated_time = 0; + int i = 0; + ae_error_t ret = AE_FAILURE; + time_t cur_time = time(NULL); + if (last_updated_time + UPDATE_DURATION > cur_time){ + return LE_WHITE_LIST_QUERY_BUSY; + } + for (i = 0; i < 2; i++){//at most retry once if network error + uint8_t *resp_buf = NULL; + uint32_t resp_size = 0; + const char *url = EndpointSelectionInfo::instance().get_server_url(SGX_WHITE_LIST_FILE); + if (NULL == url){ + return OAL_CONFIG_FILE_ERROR; + } + ret = aesm_network_send_receive(url, + NULL, 0, &resp_buf, &resp_size,GET, false); + if (ret == OAL_NETWORK_UNAVAILABLE_ERROR){ + AESM_DBG_WARN("Network failure in getting white list..."); + continue; + } + if (ret == AE_SUCCESS){ + if (resp_buf != NULL && resp_size > 0){ + ret = (ae_error_t)instance().white_list_register(resp_buf, resp_size, true); + if (AE_SUCCESS == ret&&resp_size >= sizeof(wl_cert_chain_t)){ + const wl_cert_chain_t* wl = reinterpret_cast(resp_buf); + } + else{ + ret = AE_FAILURE;//Internal error, maybe LE not consistent with AESM? + } + } + last_updated_time = cur_time; + aesm_free_network_response_buffer(resp_buf); + } + break; + } + return ret; +} ae_error_t CLEClass::load_verified_white_cert_list() { @@ -189,11 +236,16 @@ ae_error_t CLEClass::load_enclave_only() &m_attributes, &production_le_loaded); if (ret == SGX_ERROR_NO_DEVICE){ AESM_DBG_ERROR("AE SERVER NOT AVAILABLE in load non-production signed LE: %s",enclave_path); - return AE_SERVER_NOT_AVAILABLE; + return AESM_AE_NO_DEVICE; + } + if(ret == SGX_ERROR_OUT_OF_EPC) + { + AESM_DBG_ERROR("Loading LE failed due to out of epc"); + return AESM_AE_OUT_OF_EPC; } if (ret != SGX_SUCCESS){ AESM_DBG_ERROR("Loading LE failed:%d",ret); - return AE_FAILURE; + return AE_SERVER_NOT_AVAILABLE; }else if(production_le_loaded!=0){//production signed LE loaded AESM_DBG_INFO("Production signed LE loaded, try loading white list now"); }else{ @@ -219,7 +271,8 @@ int CLEClass::get_launch_token( uint8_t * mrenclave, uint32_t mrenclave_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *se_attributes, uint32_t se_attributes_size, - uint8_t * lictoken, uint32_t lictoken_size + uint8_t * lictoken, uint32_t lictoken_size, + uint32_t *ae_mrsigner_index ) { sgx_status_t ret = SGX_SUCCESS; @@ -240,11 +293,21 @@ int CLEClass::get_launch_token( if( ipperrorCode != ippStsNoErr){ return AE_FAILURE; } + if(ae_mrsigner_index!=NULL){ + *ae_mrsigner_index = UINT32_MAX; + for(uint32_t i=0;iflags, attr->xfrm); #endif //get launch token by ecall into LE @@ -267,5 +330,8 @@ int CLEClass::get_launch_token( if(SGX_SUCCESS!=ret) return sgx_error_to_ae_error(ret); + if (status == LE_WHITELIST_UNINITIALIZED_ERROR || status == LE_INVALID_PRIVILEGE_ERROR){ + start_white_list_thread(0);//try to query white list unblocking + } return status; } diff --git a/psw/ae/aesm_service/source/le/LEClass.h b/psw/ae/aesm_service/source/le/LEClass.h index c69a6461c4..0b71bbd691 100644 --- a/psw/ae/aesm_service/source/le/LEClass.h +++ b/psw/ae/aesm_service/source/le/LEClass.h @@ -54,12 +54,14 @@ public: uint8_t * mrenclave, uint32_t mrenclave_size, uint8_t *mrsigner, uint32_t mrsigner_size, uint8_t *se_attributes, uint32_t se_attributes_size, - uint8_t * lictoken, uint32_t lictoken_size + uint8_t * lictoken, uint32_t lictoken_size, + uint32_t *ae_mrsigner_value=NULL ); int white_list_register( const uint8_t *white_list_cert, uint32_t white_list_cert_size, bool save_to_persistent_storage=true); + static ae_error_t update_white_list_by_url(void); }; #endif diff --git a/psw/ae/aesm_service/source/network/network_encoding_wrapper.h b/psw/ae/aesm_service/source/network/network_encoding_wrapper.h index 0fc68064b8..1075574c18 100644 --- a/psw/ae/aesm_service/source/network/network_encoding_wrapper.h +++ b/psw/ae/aesm_service/source/network/network_encoding_wrapper.h @@ -39,7 +39,6 @@ #include "se_thread.h" #include "oal/oal.h" #include "se_wrapper.h" -#include "endpoint_select_info.h" /*Class for network interface inside AESM*/ class AESMNetworkEncoding{ diff --git a/psw/ae/aesm_service/source/oal/aesm_thread.cpp b/psw/ae/aesm_service/source/oal/aesm_thread.cpp index 85a6d110ac..7d3b2111fc 100644 --- a/psw/ae/aesm_service/source/oal/aesm_thread.cpp +++ b/psw/ae/aesm_service/source/oal/aesm_thread.cpp @@ -95,7 +95,11 @@ void* aesm_thread_proc(void* param) AESM_DBG_TRACE("thread parameters of thread %p copied",param); ae_error_t err = fun_entry(arg); AESM_DBG_TRACE("returned from user defined thread code for thread %p",param); - pthread_mutex_lock(&p->mutex); + if(pthread_mutex_lock(&p->mutex)!=0){ + p->status = AESM_THREAD_INVALID; + AESM_DBG_ERROR("fail to lock the thread mutex of thread %p",param); + return reinterpret_cast(static_cast(AE_FAILURE)); + } p->ae_ret = err; if(p->status == AESM_THREAD_RUNNING){ p->status = AESM_THREAD_PENDING; @@ -244,7 +248,10 @@ ae_error_t aesm_free_thread(aesm_thread_t h) ae_error_t aesm_wait_thread(aesm_thread_t h, ae_error_t *thread_ret, unsigned long milisecond) { AESM_DBG_TRACE("start to wait thread %p for %d ms",h,milisecond); - pthread_mutex_lock(&h->mutex); + if(pthread_mutex_lock(&h->mutex)!=0){ + AESM_DBG_TRACE("Fail to hold lock of thread %p",h); + return OAL_THREAD_ERROR; + } if(h->status==AESM_THREAD_PENDING||h->status==AESM_THREAD_DETACHED){//if the thread has been finished pthread_mutex_unlock(&h->mutex); AESM_DBG_TRACE("thread %p is pending",h); diff --git a/psw/ae/aesm_service/source/oal/aesm_util.cpp b/psw/ae/aesm_service/source/oal/aesm_util.cpp index d50b6ffb36..f863ceb3ef 100644 --- a/psw/ae/aesm_service/source/oal/aesm_util.cpp +++ b/psw/ae/aesm_service/source/oal/aesm_util.cpp @@ -37,6 +37,8 @@ #include #include #include +#include +#include #include @@ -52,9 +54,9 @@ static ae_error_t aesm_get_path( if(0==dladdr(__builtin_return_address(0), &dl_info)|| NULL==dl_info.dli_fname) return AE_FAILURE; - if(strlen(dl_info.dli_fname)>buf_size-1) + if(strnlen(dl_info.dli_fname,buf_size)>=buf_size) return OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; - strncpy(p_file_path,dl_info.dli_fname,buf_size); + (void)strncpy(p_file_path,dl_info.dli_fname,buf_size); char* p_last_slash = strrchr(p_file_path, '/' ); if ( p_last_slash != NULL ) { @@ -62,9 +64,9 @@ static ae_error_t aesm_get_path( *p_last_slash = '\0'; //null terminate the string } else p_file_path[0] = '\0'; - if(strlen(p_file_path)+strlen(p_file_name)+sizeof(char)>buf_size) + if(strnlen(p_file_path,buf_size)+strnlen(p_file_name,buf_size)+sizeof(char)>buf_size) return OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; - strncat(p_file_path,p_file_name, strlen(p_file_name)); + (void)strncat(p_file_path,p_file_name, strnlen(p_file_name,buf_size)); return AE_SUCCESS; } @@ -77,10 +79,10 @@ static ae_error_t aesm_get_data_path( if(!p_file_name || !p_file_path) return OAL_PARAMETER_ERROR; - if(strlen(AESM_DATA_FOLDER)+strlen(p_file_name)+sizeof(char)>buf_size) + if(strlen(AESM_DATA_FOLDER)+strnlen(p_file_name,buf_size)+sizeof(char)>buf_size) return OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; - strcpy(p_file_path, AESM_DATA_FOLDER); - strncat(p_file_path,p_file_name, strlen(p_file_name)); + (void)strcpy(p_file_path, AESM_DATA_FOLDER); + (void)strncat(p_file_path,p_file_name, strnlen(p_file_name,buf_size)); return AE_SUCCESS; } @@ -95,11 +97,11 @@ static ae_error_t aesm_write_file( FILE* p_file = NULL; char p_full_path[MAX_PATH]= {0}; if(is_full_path){ - if(strlen(p_file_name)>MAX_PATH-1){ + if(strnlen(p_file_name,MAX_PATH)>=MAX_PATH){ ret = OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; goto CLEANUP; } - strcpy(p_full_path, p_file_name); + (void)strcpy(p_full_path, p_file_name); }else{ if((ret=aesm_get_data_path(p_file_name, p_full_path, MAX_PATH)) != AE_SUCCESS) goto CLEANUP; @@ -132,11 +134,11 @@ static ae_error_t aesm_read_file( FILE* p_file = NULL; char p_full_path[MAX_PATH]= {0}; if(is_full_path){ - if(strlen(p_file_name)>MAX_PATH-1){ + if(strnlen(p_file_name,MAX_PATH)>=MAX_PATH){ ret = OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; goto CLEANUP; } - strcpy(p_full_path, p_file_name); + (void)strcpy(p_full_path, p_file_name); }else{ if((ret=aesm_get_data_path(p_file_name, p_full_path, MAX_PATH)) != AE_SUCCESS) goto CLEANUP; @@ -155,31 +157,95 @@ CLEANUP: return ret; } -ae_error_t aesm_get_pathname(aesm_data_type_t type, aesm_data_id_t id, char *buf, uint32_t buf_size) +static ae_error_t aesm_remove_file( + const char *p_file_name, + bool is_full_path) +{ + ae_error_t ae_err = AE_FAILURE; + char p_full_path[MAX_PATH] = { 0 }; + if (is_full_path){ + if(strnlen(p_file_name,MAX_PATH)>=MAX_PATH){ + ae_err = OAL_PATHNAME_BUFFER_OVERFLOW_ERROR; + goto CLEANUP; + } + (void)strcpy(p_full_path, p_file_name); + } + else{ + if ((ae_err = aesm_get_data_path(p_file_name, p_full_path, MAX_PATH)) != AE_SUCCESS) + goto CLEANUP; + } + if (remove(p_full_path)){ + if (errno == ENOENT) + ae_err = AE_SUCCESS; + else + ae_err = OAL_FILE_ACCESS_ERROR; + goto CLEANUP; + } + ae_err = AE_SUCCESS; + +CLEANUP: + return ae_err; +} + +#define UPBOUND_OF_FORMAT 40 +ae_error_t aesm_get_pathname(aesm_data_type_t type, aesm_data_id_t id, char *buf, uint32_t buf_size, uint32_t xgid) { const persistent_storage_info_t *info = get_persistent_storage_info(id); + int num_bytes = 0; if(info == NULL) return OAL_PARAMETER_ERROR; if(info->type != type) return OAL_PARAMETER_ERROR; if(info->type == FT_ENCLAVE_NAME){ char local_info_name[MAX_PATH]; - sprintf(local_info_name,"libsgx_%s.signed.so",info->name); + if (xgid != INVALID_EGID){ + return AE_FAILURE; + } + if(strnlen(info->name, MAX_PATH)>=MAX_PATH-UPBOUND_OF_FORMAT){ + return AE_FAILURE;//info->name is a constant string and the length of it should not be too long so that the defense in depth codition here should never be triggered. + } + num_bytes = snprintf(local_info_name,MAX_PATH, "libsgx_%s.signed.so",info->name); + if(num_bytes<0||num_bytes>=MAX_PATH){ + return AE_FAILURE; + } return aesm_get_path(local_info_name, buf, buf_size); }else if(info->loc == AESM_LOCATION_DATA){ + if (xgid != INVALID_EGID){ + return AE_FAILURE; + } return aesm_get_data_path(info->name, buf, buf_size); + } + else if (info->loc == AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA){ + char name[MAX_PATH]; + int num_bytes = 0; + ae_error_t ae_err; + if (xgid == INVALID_EGID){//INVALID_EGID should not be used for file to support multi extended_epid_group + return AE_FAILURE; + } + if(strnlen(info->name,MAX_PATH)>=MAX_PATH-UPBOUND_OF_FORMAT){ + return AE_FAILURE;//defense in depth. info->name is a constant string and its size should be small + } + if ((num_bytes=snprintf(name, MAX_PATH, "%s.%08X", info->name, xgid)) < 0|| num_bytes>=MAX_PATH){ + return AE_FAILURE; + } + if ((ae_err = aesm_get_data_path(name, buf, buf_size)) != AE_SUCCESS) + return ae_err; + return AE_SUCCESS; }else{//info->loc == AESM_LOCATION_EXE_FOLDER + if (xgid != INVALID_EGID){ + return AE_FAILURE; + } return aesm_get_path(info->name, buf, buf_size); } } //alias function for aesm_get_pathname -ae_error_t aesm_get_cpathname(aesm_data_type_t type, aesm_data_id_t id, char *buf, uint32_t buf_size) +ae_error_t aesm_get_cpathname(aesm_data_type_t type, aesm_data_id_t id, char *buf, uint32_t buf_size, uint32_t xgid) { - return aesm_get_pathname(type, id, buf, buf_size); + return aesm_get_pathname(type, id, buf, buf_size, xgid); } -ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t *p_size) +ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t *p_size, uint32_t xgid) { char pathname[MAX_PATH]; ae_error_t ret = AE_SUCCESS; @@ -190,7 +256,7 @@ ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, u if(info->access == AESM_FILE_ACCESS_PATH_ONLY) return OAL_PARAMETER_ERROR; - ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH); + ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH, xgid);//currently all in file if(ret != AE_SUCCESS) return ret; @@ -204,7 +270,7 @@ ae_error_t aesm_query_data_size(aesm_data_type_t type, aesm_data_id_t data_id, u return AE_SUCCESS; } -ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t *buf, uint32_t *p_size) +ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t *buf, uint32_t *p_size, uint32_t xgid) { char pathname[MAX_PATH]; ae_error_t ret = AE_SUCCESS; @@ -213,7 +279,7 @@ ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t return OAL_PARAMETER_ERROR; if(info->access == AESM_FILE_ACCESS_PATH_ONLY) return OAL_PARAMETER_ERROR; - ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH); + ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH, xgid);//currently all in file if(ret != AE_SUCCESS) return ret; @@ -222,7 +288,7 @@ ae_error_t aesm_read_data(aesm_data_type_t type, aesm_data_id_t data_id, uint8_t return AE_SUCCESS; } -ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const uint8_t *buf, uint32_t size) +ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const uint8_t *buf, uint32_t size, uint32_t xgid) { char pathname[MAX_PATH]; ae_error_t ret = AE_SUCCESS; @@ -233,7 +299,7 @@ ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const if(info->access != AESM_FILE_ACCESS_ALL) return OAL_PARAMETER_ERROR; - ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH); + ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH, xgid);//currently all in file if(ret != AE_SUCCESS) return ret; if((ret=aesm_write_file(buf, size, pathname, true))!=AE_SUCCESS) @@ -241,3 +307,22 @@ ae_error_t aesm_write_data(aesm_data_type_t type, aesm_data_id_t data_id, const return AE_SUCCESS; } +ae_error_t aesm_remove_data(aesm_data_type_t type, aesm_data_id_t data_id, uint32_t xgid) +{ + char pathname[MAX_PATH]; + ae_error_t ret = AE_SUCCESS; + + const persistent_storage_info_t *info = get_persistent_storage_info(data_id); + if (info == NULL) + return OAL_PARAMETER_ERROR; + if (info->access != AESM_FILE_ACCESS_ALL) + return OAL_PARAMETER_ERROR; + + ret = aesm_get_pathname(type, data_id, pathname, MAX_PATH, xgid);//currently all in file + if (ret != AE_SUCCESS){ + return ret; + } + if ((ret = aesm_remove_file(pathname, true)) != AE_SUCCESS) + return ret; + return AE_SUCCESS; +} diff --git a/psw/ae/aesm_service/source/oal/internal_log.cpp b/psw/ae/aesm_service/source/oal/internal_log.cpp index 4a692e3352..8c4c5d74ca 100644 --- a/psw/ae/aesm_service/source/oal/internal_log.cpp +++ b/psw/ae/aesm_service/source/oal/internal_log.cpp @@ -32,17 +32,22 @@ #ifdef DBG_LOG #include "oal/oal.h" -#include "se_wrapper.h" -#include "se_stdio.h" #include #include #include #include +#include +#include +#include #include "se_thread.h" +#include "type_length_value.h" +#include "aeerror.h" +#include "aesm_error.h" +#include "sgx_error.h" + static int aesm_trace_level = TRACE_LOG_LEVEL; static int at_start=1; -ae_error_t load_log_config(void); se_mutex_t cs; static ae_error_t init_log_file(void) { @@ -50,10 +55,94 @@ static ae_error_t init_log_file(void) ae_error_t err = aesm_get_pathname(FT_PERSISTENT_STORAGE, AESM_DBG_LOG_FID, filename, MAX_PATH); if(err != AE_SUCCESS) return err; - (void)load_log_config(); return AE_SUCCESS; } +#include +using namespace std; + +static const char *get_sgx_status_t_string(sgx_status_t status); +static const char *get_ae_error_t_string(ae_error_t ae_error); +static const char *get_aesm_error_t_string(aesm_error_t aesm_error); +static const char *get_tlv_enum_type_t_string(uint8_t type); + +const char *support_tags[] = { + "sgx", + "aesm",//matching longer tag before shorter one so aesm should be arranged before ae + "ae", + "tlv" +}; +#define COUNT_TAGS (sizeof(support_tags)/sizeof(support_tags[0])) +#define TAG_SGX 0 +#define TAG_AESM 1 +#define TAG_AE 2 +#define TAG_TLV 3 + +#define MAX_BUF_SIZE 4096 +std::string internal_log_msg_trans(const std::string& s) +{ + std::string output; + size_t i; + const char *p = s.c_str(); + for (i = 0; i < s.length(); ++i){ + if (p[i] == '('){//begin of tag + size_t start = i + 1; + while (isspace(p[start]))start++;//skip all space + int j; + for (j = 0; j < COUNT_TAGS; ++j){ + int tag_len = strlen(support_tags[j]); + if (strncmp(p + start, support_tags[j], tag_len) == 0){ + start += tag_len; + break; + } + } + if (j < COUNT_TAGS){//found a potential tag + while (isspace(p[start]))start++;//skip all space after tag + if ((p[start] == '-' || p[start] == '+') && isdigit(p[start + 1]) || + isdigit(p[start])){ + int number = strtol(p + start,NULL, 0); + switch (j){ + case TAG_SGX: + output += "(sgx_status_t:"; + output += get_sgx_status_t_string((sgx_status_t)number); + output += ":"; + break; + case TAG_AESM: + output += "(aesm_error_t:"; + output += get_aesm_error_t_string((aesm_error_t)number); + output += ":"; + break; + case TAG_AE: + output += "(ae_error_t:"; + output += get_ae_error_t_string((ae_error_t)number); + output += ":"; + break; + case TAG_TLV: + output += "(TLV:"; + output += get_tlv_enum_type_t_string((uint8_t)number); + output += ":"; + break; + default: + output += "(Unknown type:"; + break; + } + i = start-1; + } + else{ + output += p[i]; + } + } + else{//not found, keep original flags + output += p[i]; + } + } + else{ + output += p[i]; + } + } + return output; +} + #define TIME_BUF_SIZE 100 void aesm_internal_log(const char *file_name, int line_no, const char *funname, int level, const char *format, ...) { @@ -69,8 +158,8 @@ void aesm_internal_log(const char *file_name, int line_no, const char *funname, return; FILE *logfile = NULL; se_mutex_lock(&cs); - errno_t err_code = fopen_s(&logfile, filename, "a+"); - if(err_code!=0){ + logfile = fopen(filename, "a+"); + if(logfile == NULL){ se_mutex_unlock(&cs); return; } @@ -88,9 +177,12 @@ void aesm_internal_log(const char *file_name, int line_no, const char *funname, fprintf(logfile, "[%s|%d|%s]",file_name, line_no, funname); } va_start(varg, format); - vfprintf(logfile, format, varg); + char message_buf[MAX_BUF_SIZE]; + vsnprintf(message_buf, MAX_BUF_SIZE-1, format, varg); va_end(varg); - fprintf(logfile, "\n"); + std::string input_message = message_buf; + std::string output_message = internal_log_msg_trans(input_message); + fprintf(logfile, "%s\n", output_message.c_str()); fflush(logfile); fclose(logfile); se_mutex_unlock(&cs); @@ -160,72 +252,230 @@ void aesm_dbg_format_hex(const uint8_t *data, uint32_t data_len, char *out_buf, } } -#include "tinyxml.h" -static const char *xml_get_child_text(TiXmlNode *parent, const char *name) +#define CASE_ENUM_RET_STRING(x) case x: return #x; + +//(tlv%d) +static const char *get_tlv_enum_type_t_string(uint8_t type) { - if(parent == NULL) return NULL; - TiXmlNode *sub_node = parent->FirstChild(name); - if(sub_node == NULL) return NULL; - TiXmlElement *elem = sub_node->ToElement(); - if(elem == NULL) return NULL; - return elem->GetText(); + switch (type){ + CASE_ENUM_RET_STRING(TLV_CIPHER_TEXT) + CASE_ENUM_RET_STRING(TLV_BLOCK_CIPHER_TEXT) + CASE_ENUM_RET_STRING(TLV_BLOCK_CIPHER_INFO) + CASE_ENUM_RET_STRING(TLV_MESSAGE_AUTHENTICATION_CODE) + CASE_ENUM_RET_STRING(TLV_NONCE) + CASE_ENUM_RET_STRING(TLV_EPID_GID) + CASE_ENUM_RET_STRING(TLV_EPID_SIG_RL) + CASE_ENUM_RET_STRING(TLV_EPID_GROUP_CERT) + CASE_ENUM_RET_STRING(TLV_DEVICE_ID) + CASE_ENUM_RET_STRING(TLV_PS_ID) + CASE_ENUM_RET_STRING(TLV_EPID_JOIN_PROOF) + CASE_ENUM_RET_STRING(TLV_EPID_SIG) + CASE_ENUM_RET_STRING(TLV_EPID_MEMBERSHIP_CREDENTIAL) + CASE_ENUM_RET_STRING(TLV_EPID_PSVN) + CASE_ENUM_RET_STRING(TLV_QUOTE) + CASE_ENUM_RET_STRING(TLV_X509_CERT_TLV) + CASE_ENUM_RET_STRING(TLV_X509_CSR_TLV) + CASE_ENUM_RET_STRING(TLV_ES_SELECTOR) + CASE_ENUM_RET_STRING(TLV_ES_INFORMATION) + CASE_ENUM_RET_STRING(TLV_FLAGS) + CASE_ENUM_RET_STRING(TLV_QUOTE_SIG) + CASE_ENUM_RET_STRING(TLV_PEK) + CASE_ENUM_RET_STRING(TLV_SIGNATURE) + CASE_ENUM_RET_STRING(TLV_PLATFORM_INFO) + CASE_ENUM_RET_STRING(TLV_PWK2) + CASE_ENUM_RET_STRING(TLV_SE_REPORT) + default: + return "Unknown TLV"; + } } -static const char *dbg_level_str[]={ - "fatal", - "error", - "warning", - "info", - "debug", - "trace" -}; -#define DBG_LEVEL_COUNT (sizeof(dbg_level_str)/sizeof(dbg_level_str[0])) -static int find_dbg_level_str(const char *text_level) +//(ae%d) +static const char *get_ae_error_t_string(ae_error_t ae_error) { - uint32_t i; - size_t text_level_len = strlen(text_level); - for(i=0;itext_level_len)cur_len=text_level_len; - if(_strnicmp(text_level, dbg_level_str[i], cur_len)==0){ - return (int)i; - } + switch (ae_error){ + CASE_ENUM_RET_STRING(AE_SUCCESS) + CASE_ENUM_RET_STRING(AE_FAILURE) + CASE_ENUM_RET_STRING(AE_ENCLAVE_LOST) + CASE_ENUM_RET_STRING(OAL_PARAMETER_ERROR) + CASE_ENUM_RET_STRING(OAL_PATHNAME_BUFFER_OVERFLOW_ERROR) + CASE_ENUM_RET_STRING(OAL_FILE_ACCESS_ERROR) + CASE_ENUM_RET_STRING(OAL_CONFIG_FILE_ERROR) + CASE_ENUM_RET_STRING(OAL_NETWORK_UNAVAILABLE_ERROR) + CASE_ENUM_RET_STRING(OAL_NETWORK_BUSY) + CASE_ENUM_RET_STRING(OAL_NETWORK_RESEND_REQUIRED) + CASE_ENUM_RET_STRING(OAL_PROXY_SETTING_ASSIST) + CASE_ENUM_RET_STRING(OAL_THREAD_ERROR) + CASE_ENUM_RET_STRING(OAL_THREAD_TIMEOUT_ERROR) + CASE_ENUM_RET_STRING(AE_PSVN_UNMATCHED_ERROR) + CASE_ENUM_RET_STRING(AE_SERVER_NOT_AVAILABLE) + CASE_ENUM_RET_STRING(AE_INVALID_PARAMETER) + CASE_ENUM_RET_STRING(AE_READ_RAND_ERROR) + CASE_ENUM_RET_STRING(AE_OUT_OF_MEMORY_ERROR) + CASE_ENUM_RET_STRING(AE_INSUFFICIENT_DATA_IN_BUFFER) + CASE_ENUM_RET_STRING(QE_UNEXPECTED_ERROR) + CASE_ENUM_RET_STRING(QE_PARAMETER_ERROR) + CASE_ENUM_RET_STRING(QE_EPIDBLOB_ERROR) + CASE_ENUM_RET_STRING(QE_REVOKED_ERROR) + CASE_ENUM_RET_STRING(QE_SIGRL_ERROR) + CASE_ENUM_RET_STRING(PVE_UNEXPECTED_ERROR) + CASE_ENUM_RET_STRING(PVE_PARAMETER_ERROR) + CASE_ENUM_RET_STRING(PVE_EPIDBLOB_ERROR) + CASE_ENUM_RET_STRING(PVE_INSUFFICIENT_MEMORY_ERROR) + CASE_ENUM_RET_STRING(PVE_INTEGRITY_CHECK_ERROR) + CASE_ENUM_RET_STRING(PVE_SIGRL_INTEGRITY_CHECK_ERROR) + CASE_ENUM_RET_STRING(PVE_SERVER_REPORTED_ERROR) + CASE_ENUM_RET_STRING(PVE_PEK_SIGN_ERROR) + CASE_ENUM_RET_STRING(PVE_MSG_ERROR) + CASE_ENUM_RET_STRING(PVE_REVOKED_ERROR) + CASE_ENUM_RET_STRING(PVE_SESSION_OUT_OF_ORDER_ERROR) + CASE_ENUM_RET_STRING(PVE_SERVER_BUSY_ERROR) + CASE_ENUM_RET_STRING(PVE_PERFORMANCE_REKEY_NOT_SUPPORTED) + CASE_ENUM_RET_STRING(LE_UNEXPECTED_ERROR) + CASE_ENUM_RET_STRING(LE_INVALID_PARAMETER) + CASE_ENUM_RET_STRING(LE_GET_LICENSE_KEY_ERROR) + CASE_ENUM_RET_STRING(LE_INVALID_ATTRIBUTE) + CASE_ENUM_RET_STRING(LE_INVALID_PRIVILEGE_ERROR) + CASE_ENUM_RET_STRING(LE_WHITELIST_UNINITIALIZED_ERROR) + CASE_ENUM_RET_STRING(LE_CALC_LIC_TOKEN_ERROR) + CASE_ENUM_RET_STRING(AESM_NLTP_NO_LTP_BLOB) + CASE_ENUM_RET_STRING(AESM_NLTP_DONT_NEED_UPDATE_PAIR_LTP) + CASE_ENUM_RET_STRING(AESM_NLTP_MAY_NEED_UPDATE_LTP) + CASE_ENUM_RET_STRING(AESM_NLTP_OLD_EPID11_RLS) + CASE_ENUM_RET_STRING(AESM_PCP_NEED_PSE_UPDATE) + CASE_ENUM_RET_STRING(AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_NEED_EPID_UPDATE) + CASE_ENUM_RET_STRING(AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_MIGHT_NEED_EPID_UPDATE) + CASE_ENUM_RET_STRING(AESM_PCP_SIMPLE_PSE_CERT_PROVISIONING_ERROR) + CASE_ENUM_RET_STRING(AESM_PCP_SIMPLE_EPID_PROVISION_ERROR) + CASE_ENUM_RET_STRING(AESM_NPC_DONT_NEED_PSEP) + CASE_ENUM_RET_STRING(AESM_NPC_NO_PSE_CERT) + CASE_ENUM_RET_STRING(AESM_NPC_DONT_NEED_UPDATE_PSEP) + CASE_ENUM_RET_STRING(AESM_NPC_MAY_NEED_UPDATE_PSEP) + CASE_ENUM_RET_STRING(AESM_NEP_DONT_NEED_EPID_PROVISIONING) + CASE_ENUM_RET_STRING(AESM_NEP_DONT_NEED_UPDATE_PVEQE) + CASE_ENUM_RET_STRING(AESM_NEP_PERFORMANCE_REKEY) + CASE_ENUM_RET_STRING(AESM_NEP_MAY_NEED_UPDATE) + CASE_ENUM_RET_STRING(AESM_CP_ATTESTATION_FAILURE) + CASE_ENUM_RET_STRING(AESM_LTP_PSE_CERT_REVOKED) + CASE_ENUM_RET_STRING(AESM_LTP_SIMPLE_LTP_ERROR) + CASE_ENUM_RET_STRING(AESM_PSE_PR_GET_PRIVRL_ERROR) + CASE_ENUM_RET_STRING(AESM_NETWORK_TIMEOUT) + + CASE_ENUM_RET_STRING(PSW_UPDATE_REQUIRED) + CASE_ENUM_RET_STRING(PSE_OP_ERROR_KDF_MISMATCH) + CASE_ENUM_RET_STRING(AESM_AE_OUT_OF_EPC) + + CASE_ENUM_RET_STRING(PVE_PROV_ATTEST_KEY_NOT_FOUND) + CASE_ENUM_RET_STRING(PVE_INVALID_REPORT) + CASE_ENUM_RET_STRING(PVE_XEGDSK_SIGN_ERROR) + + // PCE ERROR CODES + CASE_ENUM_RET_STRING(PCE_UNEXPECTED_ERROR) + CASE_ENUM_RET_STRING(PCE_INVALID_PRIVILEGE) + CASE_ENUM_RET_STRING(PCE_INVALID_REPORT) + + CASE_ENUM_RET_STRING(LE_WHITE_LIST_QUERY_BUSY) + CASE_ENUM_RET_STRING(AESM_AE_NO_DEVICE) + CASE_ENUM_RET_STRING(EXTENDED_GROUP_NOT_AVAILABLE) + default: + return "Unknown ae_error_t"; } - AESM_DBG_ERROR("unkown level %s",text_level); - return -1; } -ae_error_t load_log_config(void) +//(aesm%d) +static const char *get_aesm_error_t_string(aesm_error_t aesm_error) { - char path_name[MAX_PATH]; - ae_error_t ae_err = AE_SUCCESS; - if((ae_err=aesm_get_cpathname(FT_PERSISTENT_STORAGE, AESM_DBG_LOG_CFG_FID, path_name, MAX_PATH))!=AE_SUCCESS){ - AESM_DBG_ERROR("fail to read config path"); - return ae_err; + switch (aesm_error){ + CASE_ENUM_RET_STRING(AESM_SUCCESS) + CASE_ENUM_RET_STRING(AESM_UNEXPECTED_ERROR) + CASE_ENUM_RET_STRING(AESM_NO_DEVICE_ERROR) + CASE_ENUM_RET_STRING(AESM_PARAMETER_ERROR) + CASE_ENUM_RET_STRING(AESM_EPIDBLOB_ERROR) + CASE_ENUM_RET_STRING(AESM_EPID_REVOKED_ERROR) + CASE_ENUM_RET_STRING(AESM_GET_LICENSETOKEN_ERROR) + CASE_ENUM_RET_STRING(AESM_SESSION_INVALID) + CASE_ENUM_RET_STRING(AESM_MAX_NUM_SESSION_REACHED) + CASE_ENUM_RET_STRING(AESM_PSDA_UNAVAILABLE) + CASE_ENUM_RET_STRING(AESM_KDF_MISMATCH) + CASE_ENUM_RET_STRING(AESM_EPH_SESSION_FAILED) + CASE_ENUM_RET_STRING(AESM_LONG_TERM_PAIRING_FAILED) + CASE_ENUM_RET_STRING(AESM_NETWORK_ERROR) + CASE_ENUM_RET_STRING(AESM_NETWORK_BUSY_ERROR) + CASE_ENUM_RET_STRING(AESM_PROXY_SETTING_ASSIST) + CASE_ENUM_RET_STRING(AESM_FILE_ACCESS_ERROR) + CASE_ENUM_RET_STRING(AESM_SGX_PROVISION_FAILED) + CASE_ENUM_RET_STRING(AESM_SERVICE_STOPPED) + CASE_ENUM_RET_STRING(AESM_BUSY) + CASE_ENUM_RET_STRING(AESM_BACKEND_SERVER_BUSY) + CASE_ENUM_RET_STRING(AESM_UPDATE_AVAILABLE) + CASE_ENUM_RET_STRING(AESM_OUT_OF_MEMORY_ERROR) + CASE_ENUM_RET_STRING(AESM_MSG_ERROR) + CASE_ENUM_RET_STRING(AESM_ENABLE_SGX_DEVICE_FAILED) + CASE_ENUM_RET_STRING(AESM_PLATFORM_INFO_BLOB_INVALID_SIG) + CASE_ENUM_RET_STRING(AESM_OUT_OF_EPC) + CASE_ENUM_RET_STRING(AESM_SERVICE_UNAVAILABLE) + default: + return "Unknow aesm_error_t"; } +} - TiXmlDocument doc(path_name); - bool load_ok = doc.LoadFile(); - if(!load_ok){ - AESM_DBG_ERROR("fail to load config file %s", path_name); - return OAL_FILE_ACCESS_ERROR; +//(sgx) +static const char *get_sgx_status_t_string(sgx_status_t status) +{ + switch (status){ + CASE_ENUM_RET_STRING(SGX_SUCCESS) + + CASE_ENUM_RET_STRING(SGX_ERROR_UNEXPECTED) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_PARAMETER) + CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_MEMORY) + CASE_ENUM_RET_STRING(SGX_ERROR_ENCLAVE_LOST) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_STATE) + + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_FUNCTION) + CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_TCS) + CASE_ENUM_RET_STRING(SGX_ERROR_ENCLAVE_CRASHED ) + CASE_ENUM_RET_STRING(SGX_ERROR_ECALL_NOT_ALLOWED) + CASE_ENUM_RET_STRING(SGX_ERROR_OCALL_NOT_ALLOWED) + + CASE_ENUM_RET_STRING(SGX_ERROR_UNDEFINED_SYMBOL) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_ENCLAVE) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_ENCLAVE_ID) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_SIGNATURE) + CASE_ENUM_RET_STRING(SGX_ERROR_NDEBUG_ENCLAVE) + CASE_ENUM_RET_STRING(SGX_ERROR_OUT_OF_EPC) + CASE_ENUM_RET_STRING(SGX_ERROR_NO_DEVICE) + CASE_ENUM_RET_STRING(SGX_ERROR_MEMORY_MAP_CONFLICT) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_METADATA) + CASE_ENUM_RET_STRING(SGX_ERROR_DEVICE_BUSY) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_VERSION) + CASE_ENUM_RET_STRING(SGX_ERROR_MODE_INCOMPATIBLE) + CASE_ENUM_RET_STRING(SGX_ERROR_ENCLAVE_FILE_ACCESS) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_MISC) + + CASE_ENUM_RET_STRING(SGX_ERROR_MAC_MISMATCH) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_ATTRIBUTE) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_CPUSVN) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_ISVSVN) + CASE_ENUM_RET_STRING(SGX_ERROR_INVALID_KEYNAME) + + CASE_ENUM_RET_STRING(SGX_ERROR_SERVICE_UNAVAILABLE) + CASE_ENUM_RET_STRING(SGX_ERROR_SERVICE_TIMEOUT) + CASE_ENUM_RET_STRING(SGX_ERROR_AE_INVALID_EPIDBLOB) + CASE_ENUM_RET_STRING(SGX_ERROR_SERVICE_INVALID_PRIVILEGE) + CASE_ENUM_RET_STRING(SGX_ERROR_EPID_MEMBER_REVOKED) + CASE_ENUM_RET_STRING(SGX_ERROR_UPDATE_NEEDED) + CASE_ENUM_RET_STRING(SGX_ERROR_NETWORK_FAILURE) + CASE_ENUM_RET_STRING(SGX_ERROR_AE_SESSION_INVALID) + CASE_ENUM_RET_STRING(SGX_ERROR_BUSY) + CASE_ENUM_RET_STRING(SGX_ERROR_MC_NOT_FOUND) + CASE_ENUM_RET_STRING(SGX_ERROR_MC_NO_ACCESS_RIGHT) + CASE_ENUM_RET_STRING(SGX_ERROR_MC_USED_UP) + CASE_ENUM_RET_STRING(SGX_ERROR_MC_OVER_QUOTA) + CASE_ENUM_RET_STRING(SGX_ERROR_KDF_MISMATCH) + + default: + return "Unknown sgx_status_t"; } - TiXmlNode *pmetadata_node = doc.FirstChild("DbgLog"); - const char *temp_text = xml_get_child_text(pmetadata_node, "level"); - if(temp_text!=NULL){ - if(isdigit(temp_text[0])){ - AESM_SET_DBG_LEVEL(atoi(temp_text)); - }else{ - int level = find_dbg_level_str(temp_text); - if(level>=0){ - AESM_SET_DBG_LEVEL(level); - } - } - }else{ - AESM_DBG_ERROR("fail to find level"); - } - return AE_SUCCESS; } #endif diff --git a/psw/ae/aesm_service/source/pce/PCEClass.cpp b/psw/ae/aesm_service/source/pce/PCEClass.cpp new file mode 100644 index 0000000000..5c7c69c4fc --- /dev/null +++ b/psw/ae/aesm_service/source/pce/PCEClass.cpp @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef __GNUC__ +#include "StdAfx.h" +#include +#endif +#include +#include "PCEClass.h" +#include "QEClass.h" +#include "PVEClass.h" +#include "util.h" +#include "prof_fun.h" +#include "sgx_report.h" +#include "sgx_tseal.h" +#include "epid_pve_type.h" +#include "pce_u.h" +#include "pce_u.c" + +void CPCEClass::before_enclave_load() { + // always unload qe/pve enclave before loading pce enclave + CQEClass::instance().unload_enclave(); + CPVEClass::instance().unload_enclave(); +} + +uint32_t CPCEClass::get_pce_target( + sgx_target_info_t *p_pce_target) +{ + token_t *p_token = + reinterpret_cast(&m_launch_token); + + /* We need to make sure the PCE is successfully loaded and then we can use + the cached attributes and launch token. */ + assert(m_enclave_id); + memset(p_pce_target, 0, sizeof(sgx_target_info_t)); + memcpy_s(&p_pce_target->attributes, sizeof(p_pce_target->attributes), + &m_attributes.secs_attr, sizeof(m_attributes.secs_attr)); + memcpy_s(&p_pce_target->misc_select, sizeof(p_pce_target->misc_select), + &m_attributes.misc_select, sizeof(m_attributes.misc_select)); + memcpy_s(&p_pce_target->mr_enclave, sizeof(p_pce_target->mr_enclave), + &p_token->body.mr_enclave, + sizeof(p_token->body.mr_enclave)); + return AE_SUCCESS; +} + +uint32_t CPCEClass::get_pce_info(const sgx_report_t& report, const signed_pek_t& pek, uint16_t& pce_id, uint16_t& isv_svn, uint8_t encrypted_ppid[PEK_MOD_SIZE]) +{ + sgx_status_t status = SGX_SUCCESS; + uint32_t ret_val = 0; + uint32_t ret_size = PEK_MOD_SIZE; + int retry = 0; + pce_info_t pce_info; + uint8_t signature_scheme; + AESM_PROFILE_FUN; + if (m_enclave_id == 0){ + AESM_DBG_ERROR("call get_pc_info without loading PCE"); + return AE_FAILURE; + } + + status = ::get_pc_info(m_enclave_id, &ret_val, &report, (uint8_t*)&pek, PEK_MOD_SIZE + sizeof(pek.e), ALG_RSA_OAEP_2048, encrypted_ppid, PEK_MOD_SIZE, &ret_size, &pce_info, &signature_scheme); + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = ::get_pc_info(m_enclave_id, &ret_val, &report, (uint8_t*)&pek, PEK_MOD_SIZE + sizeof(pek.e), ALG_RSA_OAEP_2048, encrypted_ppid, PEK_MOD_SIZE, &ret_size, &pce_info, &signature_scheme); + } + if(status != SGX_SUCCESS) + return AE_FAILURE; + if (ret_val != AE_SUCCESS) + return ret_val; + if(signature_scheme != NIST_P256_ECDSA_SHA256){ + return AE_FAILURE; + } + if(ret_size != PEK_MOD_SIZE){ + return AE_FAILURE; + } + pce_id = pce_info.pce_id; + isv_svn = pce_info.pce_isvn; + return AE_SUCCESS; +} + +uint32_t CPCEClass::sign_report(const psvn_t& cert_psvn, const sgx_report_t& report, uint8_t signed_sign[2*SE_ECDSA_SIGN_SIZE]) +{ + sgx_status_t status = SGX_SUCCESS; + uint32_t ret_val = 0; + uint32_t ret_size = 2*SE_ECDSA_SIGN_SIZE; + int retry = 0; + AESM_PROFILE_FUN; + if (m_enclave_id == 0){ + AESM_DBG_ERROR("call certify_enclave without loading PCE"); + return AE_FAILURE; + } + + status = ::certify_enclave(m_enclave_id, &ret_val, &cert_psvn, &report, signed_sign, 2*SE_ECDSA_SIGN_SIZE, &ret_size); + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = ::certify_enclave(m_enclave_id, &ret_val, &cert_psvn, &report, signed_sign, 2*SE_ECDSA_SIGN_SIZE, &ret_size); + } + if(status != SGX_SUCCESS) + return AE_FAILURE; + if(ret_val != AE_SUCCESS){ + return ret_val; + } + if(ret_size != 2*SE_ECDSA_SIGN_SIZE) + return AE_FAILURE; + return AE_SUCCESS; +} diff --git a/psw/ae/aesm_service/source/pce/PCEClass.h b/psw/ae/aesm_service/source/pce/PCEClass.h new file mode 100644 index 0000000000..94c75bfd31 --- /dev/null +++ b/psw/ae/aesm_service/source/pce/PCEClass.h @@ -0,0 +1,63 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#pragma once + +#include "AEClass.h" +#include "aeerror.h" +#include "provision_msg.h" +#include "pce_cert.h" +#include "sgx_report.h" +#include "epid_pve_type.h" +#include "se_sig_rl.h" + +class CPCEClass: public SingletonEnclave +{ + friend class Singleton; + friend class SingletonEnclave; + static aesm_enclave_id_t get_enclave_fid(){return PCE_ENCLAVE_FID;} +protected: + CPCEClass(){}; + ~CPCEClass(){}; + virtual void before_enclave_load(); + virtual int get_debug_flag() { return 0;} + +public: + uint32_t get_pce_target(sgx_target_info_t *p_pce_target); + uint32_t get_pce_info(const sgx_report_t& report, + const signed_pek_t& pek, + uint16_t& pce_id, + uint16_t& isv_svn, + uint8_t encrypted_ppid[PEK_MOD_SIZE]); + uint32_t sign_report(const psvn_t& cert_psvn, + const sgx_report_t& report, + uint8_t signed_sign[2*SE_ECDSA_SIGN_SIZE]); +}; + diff --git a/psw/ae/aesm_service/source/pve/PVEClass.cpp b/psw/ae/aesm_service/source/pve/PVEClass.cpp index 4ba432e15b..128ecd37bd 100644 --- a/psw/ae/aesm_service/source/pve/PVEClass.cpp +++ b/psw/ae/aesm_service/source/pve/PVEClass.cpp @@ -33,71 +33,72 @@ #include #include "PVEClass.h" #include "QEClass.h" +#include "PCEClass.h" #include "util.h" #include "prof_fun.h" #include "sgx_report.h" #include "sgx_tseal.h" #include "epid_pve_type.h" +#include "aesm_xegd_blob.h" #include "provision_enclave_u.h" #include "provision_enclave_u.c" void CPVEClass::before_enclave_load() { // always unload qe enclave before loading pve enclave CQEClass::instance().unload_enclave(); + CPCEClass::instance().unload_enclave(); } uint32_t CPVEClass::gen_prov_msg1_data( - const psvn_t* psvn, const signed_pek_t *pek, - bool performance_rekey_used, - prov_msg1_output_t* output) + const sgx_target_info_t *pce_target_info, + sgx_report_t *pek_report) { uint32_t ret = AE_SUCCESS; sgx_status_t status = SGX_SUCCESS; + extended_epid_group_blob_t xegb={0}; + int retry = 0; AESM_PROFILE_FUN; if(m_enclave_id==0){ AESM_DBG_ERROR("call gen_prov_msg1_data without loading PvE"); return AE_FAILURE; } - - status = gen_prov_msg1_data_wrapper( - m_enclave_id, &ret, - psvn, - pek, - performance_rekey_used?1:0, - output); - if(status == SGX_ERROR_ENCLAVE_LOST) - ret = AE_ENCLAVE_LOST; - else if(status != SGX_SUCCESS) - ret = AE_FAILURE; - return ret; -} - -uint32_t CPVEClass::get_ek2( - const prov_get_ek2_input_t* input, - prov_get_ek2_output_t* ek2) -{ - uint32_t ret = AE_SUCCESS; - sgx_status_t status = SGX_SUCCESS; - AESM_PROFILE_FUN; - if(m_enclave_id==0){ - AESM_DBG_ERROR("call get_ek2 without loading PvE"); - return AE_FAILURE; + if (AE_SUCCESS != (ret = XEGDBlob::instance().read(xegb))){ + return ret; } - status = get_ek2_wrapper( - m_enclave_id, &ret, - input, - ek2); - if(status == SGX_ERROR_ENCLAVE_LOST) - ret = AE_ENCLAVE_LOST; - else if(status != SGX_SUCCESS) + status = gen_prov_msg1_data_wrapper( + m_enclave_id, &ret, + &xegb, + pek, + pce_target_info, + pek_report); + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = gen_prov_msg1_data_wrapper( + m_enclave_id, &ret, + &xegb, + pek, + pce_target_info, + pek_report); + } + if (PVE_XEGDSK_SIGN_ERROR == ret) { + AESM_DBG_ERROR("XEGD signature mismatch in gen_prov_msg1_data"); + } + + if(status != SGX_SUCCESS) ret = AE_FAILURE; return ret; } + uint32_t CPVEClass::proc_prov_msg2_data( const proc_prov_msg2_blob_input_t* input, + bool performance_rekey_used, const uint8_t* sigrl, uint32_t sigrl_size, gen_prov_msg3_output_t* msg3_fixed_output, @@ -105,7 +106,9 @@ uint32_t CPVEClass::proc_prov_msg2_data( uint32_t epid_sig_buffer_size) { uint32_t ret = AE_SUCCESS; + int retry = 0; sgx_status_t status = SGX_SUCCESS; + uint8_t b_performance_rekey_used = performance_rekey_used?1:0; AESM_PROFILE_FUN; if(m_enclave_id==0){ AESM_DBG_ERROR("call proc_prov_msg2_data without loading PvE"); @@ -113,14 +116,31 @@ uint32_t CPVEClass::proc_prov_msg2_data( } status = proc_prov_msg2_data_wrapper( - m_enclave_id, &ret, + m_enclave_id, &ret, input, + b_performance_rekey_used, sigrl, sigrl_size, msg3_fixed_output, epid_sig, epid_sig_buffer_size); - if(status == SGX_ERROR_ENCLAVE_LOST) - ret = AE_ENCLAVE_LOST; - else if(status != SGX_SUCCESS) + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = proc_prov_msg2_data_wrapper( + m_enclave_id, &ret, + input, + b_performance_rekey_used, + sigrl, sigrl_size, + msg3_fixed_output, + epid_sig, epid_sig_buffer_size); + } + if (PVE_XEGDSK_SIGN_ERROR == ret) { + AESM_DBG_ERROR("XEGD signature mismatch in proc_prov_msg2_data"); + } + + if(status != SGX_SUCCESS) ret = AE_FAILURE; return ret; } @@ -131,6 +151,7 @@ uint32_t CPVEClass::proc_prov_msg4_data( { uint32_t ret = AE_SUCCESS; sgx_status_t status = SGX_SUCCESS; + int retry = 0; AESM_PROFILE_FUN; if(m_enclave_id==0){ AESM_DBG_ERROR("call proc_prov_msg4_data without loading PvE"); @@ -138,12 +159,25 @@ uint32_t CPVEClass::proc_prov_msg4_data( } status = proc_prov_msg4_data_wrapper( - m_enclave_id, &ret, + m_enclave_id, &ret, msg4_input, data_blob); - if(status == SGX_ERROR_ENCLAVE_LOST) - ret = AE_ENCLAVE_LOST; - else if(status != SGX_SUCCESS) + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = proc_prov_msg4_data_wrapper( + m_enclave_id, &ret, + msg4_input, + data_blob); + } + if (PVE_XEGDSK_SIGN_ERROR == ret) { + AESM_DBG_ERROR("XEGD signature mismatch in proc_prov_msg4_data"); + } + + if(status != SGX_SUCCESS) ret = AE_FAILURE; return ret; } @@ -153,6 +187,7 @@ uint32_t CPVEClass::gen_es_msg1_data( { uint32_t ret = AE_SUCCESS; sgx_status_t status = SGX_SUCCESS; + int retry = 0; AESM_PROFILE_FUN; if(m_enclave_id==0){ AESM_DBG_ERROR("call gen_es_msg1_data without loading PvE"); @@ -160,11 +195,20 @@ uint32_t CPVEClass::gen_es_msg1_data( } status = gen_es_msg1_data_wrapper( - m_enclave_id, &ret, + m_enclave_id, &ret, es_output); - if(status == SGX_ERROR_ENCLAVE_LOST) - ret = AE_ENCLAVE_LOST; - else if(status != SGX_SUCCESS) + for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) + { + unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here + if(AE_SUCCESS != load_enclave()) + return AE_FAILURE; + status = gen_es_msg1_data_wrapper( + m_enclave_id, &ret, + es_output); + } + + if(status != SGX_SUCCESS) ret = AE_FAILURE; return ret; } diff --git a/psw/ae/aesm_service/source/pve/PVEClass.h b/psw/ae/aesm_service/source/pve/PVEClass.h index 3ea1a828c9..b3537e56bf 100644 --- a/psw/ae/aesm_service/source/pve/PVEClass.h +++ b/psw/ae/aesm_service/source/pve/PVEClass.h @@ -32,8 +32,8 @@ #ifndef _PVE_CLASS_H_ #define _PVE_CLASS_H_ #include "AEClass.h" -#include "aeerror.h" #include "provision_msg.h" +#include "pve_logic.h" #include "ae_debug_flag.hh" class CPVEClass: public SingletonEnclave @@ -48,17 +48,13 @@ protected: virtual int get_debug_flag() { return AE_DEBUG_FLAG;} uint32_t gen_prov_msg1_data( - const psvn_t* psvn, const signed_pek_t *pek, - bool performance_rekey_used, - prov_msg1_output_t* output); - - uint32_t get_ek2( - const prov_get_ek2_input_t* input, - prov_get_ek2_output_t* ek2); + const sgx_target_info_t *pce_target_info, + sgx_report_t *pek_report); uint32_t proc_prov_msg2_data( const proc_prov_msg2_blob_input_t* input, + bool performance_rekey_used, const uint8_t* sigrl, uint32_t sigrl_size, gen_prov_msg3_output_t* msg3_fixed_output, @@ -73,27 +69,21 @@ public: uint32_t gen_es_msg1_data( gen_endpoint_selection_output_t* es_output); - uint32_t gen_prov_msg1( - const psvn_t* psvn, - const signed_pek_t& pek, - bool performance_rekey_used, + uint32_t gen_prov_msg1(pve_data_t& pve_data, uint8_t* msg1, - uint32_t msg1_size); + uint32_t msg1_size);//input output parameter, input for back_retrieval and output only for other cases uint32_t proc_prov_msg2( + pve_data_t& data, const uint8_t* msg2, uint32_t msg2_size, - const signed_pek_t& pek, const uint8_t* epid_blob, uint32_t blob_size, - uint8_t ek2[SK_SIZE], - psvn_t* sigrl_svn, uint8_t* msg3, uint32_t msg3_size); uint32_t proc_prov_msg4( - bool use_ek2_in_input, - const uint8_t ek2[SK_SIZE], + const pve_data_t& data, const uint8_t* msg4, uint32_t msg4_size, uint8_t* data_blob, diff --git a/psw/ae/aesm_service/source/pve/prov_msg_size.h b/psw/ae/aesm_service/source/pve/prov_msg_size.h index ebf7a737e1..1d3d266193 100644 --- a/psw/ae/aesm_service/source/pve/prov_msg_size.h +++ b/psw/ae/aesm_service/source/pve/prov_msg_size.h @@ -38,26 +38,30 @@ /*Inline functions to estimate size of ProvMsg1, ProvMsg3 etc*/ /*Function to estimate the size of ProvMsg1 - TLV_CIPHER_TEXT(SK, PSID): E+MAC(Device_ID_TLV[:FLAG_TLV])*/ + TLV_CIPHER_TEXT(SK, PSID): E+MAC(CIPHER_TLV:PLATFORM_INFO_TLV[:FLAG_TLV])*/ inline uint32_t estimate_msg1_size(bool performance_rekey) { size_t field0_size = CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES); - size_t field1_0_size = DEVICE_ID_TLV_SIZE(); - size_t field1_1_size = performance_rekey? FLAGS_TLV_SIZE():0; - size_t field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field1_0_size+field1_1_size); + size_t field1_0_size = CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES); + size_t field1_1_size = PLATFORM_INFO_TLV_SIZE(); + size_t field1_2_size = performance_rekey? FLAGS_TLV_SIZE():0; + size_t field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field1_0_size+field1_1_size+field1_2_size); size_t field2_size = MAC_TLV_SIZE(MAC_SIZE); return static_cast(PROVISION_REQUEST_HEADER_SIZE+field0_size+field1_size+field2_size); /*no checking for integer overflow since the size of msg1 is fixed and small*/ } /*Function to estimate the size of ProvMsg3 - NONCE_TLV(NONCE_SIZE):E+MAC(E+MAC(EPID_JOIN_PROOF_TLV):E+MAC(EPID_SIGNATURE_TLV))*/ + NONCE_TLV(NONCE_SIZE):E+MAC(E+MAC(EPID_JOIN_PROOF_TLV):NONCE_TLV(NONCE_2):CIPHER_TLV:SE_REPRT_TLV):E+MAC(EPID_SIGNATURE_TLV)*/ inline uint32_t calc_msg3_size_by_sigrl_count(uint32_t sigrl_count) { size_t field0_size = NONCE_TLV_SIZE(NONCE_SIZE); size_t field1_0_size = BLOCK_CIPHER_TEXT_TLV_SIZE(EPID_JOIN_PROOF_TLV_SIZE()); size_t field1_1_size = MAC_TLV_SIZE(MAC_SIZE); + size_t field1_2_size = NONCE_TLV_SIZE(NONCE_2_SIZE); + size_t field1_3_size = CIPHER_TEXT_TLV_SIZE(PVE_RSA_KEY_BYTES); + size_t field1_4_size = SE_REPORT_TLV_SIZE(); size_t field3_0_size = EPID_SIGNATURE_TLV_SIZE(sigrl_count); - size_t field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field1_0_size+field1_1_size); + size_t field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field1_0_size+field1_1_size+field1_2_size+field1_3_size+field1_4_size); size_t field2_size = MAC_TLV_SIZE(MAC_SIZE); size_t field3_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field3_0_size); size_t field4_size = MAC_TLV_SIZE(MAC_SIZE); @@ -65,19 +69,18 @@ inline uint32_t calc_msg3_size_by_sigrl_count(uint32_t sigrl_count) } /*Function to estimate the count of SigRL Entry inside a ProvMsg2 - Nonce_TLV(NONCE_SIZE):E+MAC(PubGroupCert:ChallengeNonce[:SigrlPSVN]:PSID:E+MAC(TCB_KEY):deviceID)[:signed SigRL]*/ + Nonce_TLV(NONCE_SIZE):E+MAC(PubGroupCert:ChallengeNonce[:PlatformInfoPSVN]:PSID:EPID_GID:PlatformInfo)[:signed SigRL]*/ inline uint32_t estimate_sigrl_count_by_msg2_size(uint32_t msg2_size) { size_t field_0_size = NONCE_TLV_SIZE(NONCE_SIZE); size_t field_1_0_size = EPID_GROUP_CERT_TLV_SIZE(); size_t field_1_1_size = NONCE_TLV_SIZE(CHALLENGE_NONCE_SIZE); - size_t field_1_2_size = EPID_SIGRL_PSVN_TLV_SIZE(); /*It is always present if sigrl entry count is nonzero*/ + size_t field_1_2_size = PLATFORM_INFO_TLV_SIZE(); //It is always present if sigrl entry count is nonzero size_t field_1_3_size = PSID_TLV_SIZE(); - size_t field_1_4_size = BLOCK_CIPHER_TEXT_TLV_SIZE(SK_SIZE); - size_t field_1_5_size = MAC_TLV_SIZE(MAC_SIZE); - size_t field_1_6_size = DEVICE_ID_TLV_SIZE(); + size_t field_1_4_size = EPID_GID_TLV_SIZE(); + size_t field_1_5_size = PLATFORM_INFO_TLV_SIZE(); size_t field_1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(field_1_0_size+field_1_1_size+field_1_2_size - + field_1_3_size + field_1_4_size + field_1_5_size + field_1_6_size); + + field_1_3_size + field_1_4_size + field_1_5_size ); size_t field_2_size = MAC_TLV_SIZE(MAC_SIZE); size_t field_3_size = 0; if(PROVISION_RESPONSE_HEADER_SIZE+field_0_size+field_1_size+field_2_size>=msg2_size) diff --git a/psw/ae/aesm_service/source/pve/pve_logic.cpp b/psw/ae/aesm_service/source/pve/pve_logic.cpp index 8853118e60..136c833717 100644 --- a/psw/ae/aesm_service/source/pve/pve_logic.cpp +++ b/psw/ae/aesm_service/source/pve/pve_logic.cpp @@ -34,6 +34,7 @@ #include "aesm_logic.h" #include "PVEClass.h" #include "QEClass.h" +#include "PCEClass.h" #include "oal/oal.h" #include "aesm_epid_blob.h" #include "se_wrapper.h" @@ -41,12 +42,13 @@ #include "network_encoding_wrapper.h" #include "prof_fun.h" #include "aesm_long_lived_thread.h" +#include "endpoint_select_info.h" #include #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}} //Function to continue process Provisioning logic when the response of ProvMsg1 is ProvMsg2 -ae_error_t PvEAESMLogic::process_pve_msg2(psvn_t& sigrl_psvn, const uint8_t* msg2, uint32_t msg2_size, const endpoint_selection_infos_t& es_info) +ae_error_t PvEAESMLogic::process_pve_msg2(pve_data_t& data, const uint8_t* msg2, uint32_t msg2_size, const endpoint_selection_infos_t& es_info) { uint32_t msg_size = 0; uint8_t *msg = NULL; @@ -82,8 +84,9 @@ ae_error_t PvEAESMLogic::process_pve_msg2(psvn_t& sigrl_psvn, const uint8_t* msg } memset(msg, 0, msg_size); AESM_DBG_TRACE("start processing msg2 and gen msg3"); - ret = static_cast(CPVEClass::instance().proc_prov_msg2(msg2, msg2_size, es_info.pek, epid_data.trusted_epid_blob, SGX_TRUSTED_EPID_BLOB_SIZE,//discard curpsvn in epid blob which is used in untrusted code only - ek2, &sigrl_psvn, msg, msg_size));//with help of PvE, process ProvMsg2 and generate ProvMsg3 + ret = static_cast(CPVEClass::instance().proc_prov_msg2(data, msg2, msg2_size, + epid_data.trusted_epid_blob, SGX_TRUSTED_EPID_BLOB_SIZE_PAK,//discard curpsvn in epid blob + msg, msg_size));//with help of PvE, process ProvMsg2 and generate ProvMsg3 if(ret == AE_SUCCESS){ if(GET_SIZE_FROM_PROVISION_REQUEST(msg)>msg_size){ @@ -102,7 +105,7 @@ ae_error_t PvEAESMLogic::process_pve_msg2(psvn_t& sigrl_psvn, const uint8_t* msg } assert(resp_msg!=NULL); AESM_DBG_TRACE("Start to proc msg4"); - ret = process_pve_msg4(resp_msg, resp_size, NULL, true, ek2);//The response msg must be ProvMsg4, process it to generate EPIDBlob + ret = process_pve_msg4(data, resp_msg, resp_size);//The response msg must be ProvMsg4, process it to generate EPIDBlob if(ret != AE_SUCCESS){ AESM_DBG_TRACE("processing msg4 failed:%d",ret); goto CLEANUP; @@ -120,7 +123,7 @@ CLEANUP: } //Function to finish the Provisioning Logic when a ProvMsg4 is expected or encountered -ae_error_t PvEAESMLogic::process_pve_msg4(const uint8_t* msg4, uint32_t msg4_size, const psvn_t* old_psvn, bool use_ek2, const uint8_t ek2[SK_SIZE]) +ae_error_t PvEAESMLogic::process_pve_msg4(const pve_data_t& data, const uint8_t* msg4, uint32_t msg4_size) { AESM_PROFILE_FUN; epid_blob_with_cur_psvn_t epid_data; @@ -131,34 +134,22 @@ ae_error_t PvEAESMLogic::process_pve_msg4(const uint8_t* msg4, uint32_t msg4_siz memset(&epid_data, 0, sizeof(epid_data)); //with the help of PvE to process ProvMsg4 and generate EPIDDataBlob - if((ret = static_cast(CPVEClass::instance().proc_prov_msg4(use_ek2, ek2, msg4, msg4_size, - epid_data.trusted_epid_blob, SGX_TRUSTED_EPID_BLOB_SIZE )))!=AE_SUCCESS){ + if((ret = static_cast(CPVEClass::instance().proc_prov_msg4(data, msg4, msg4_size, + epid_data.trusted_epid_blob, SGX_TRUSTED_EPID_BLOB_SIZE_PAK)))!=AE_SUCCESS){ AESM_DBG_WARN("proc prov msg4 fail:%d",ret); goto fini; } - if(NULL != old_psvn){ - if(0!=memcpy_s(&epid_data.cur_psvn, sizeof(epid_data.cur_psvn), - old_psvn, sizeof(psvn_t))){ - AESM_DBG_ERROR("memcpy failed"); - ret = PVE_UNEXPECTED_ERROR; - goto fini; - } - }else{//using current QE/PvE PSVN - uint16_t isv_svn; - ret = AESMLogic::get_qe_cpu_svn(epid_data.cur_psvn.cpu_svn); - if(AE_SUCCESS != ret){ - goto fini; - } - ret = AESMLogic::get_qe_isv_svn(isv_svn); - if(AE_SUCCESS != ret){ - goto fini; - } - if(0!=memcpy_s(&epid_data.cur_psvn.isv_svn, sizeof(epid_data.cur_psvn.isv_svn), &isv_svn, sizeof(isv_svn))){ + if(0!=memcpy_s(&epid_data.cur_pi, sizeof(epid_data.cur_pi), + &data.bpi, sizeof(data.bpi))){ AESM_DBG_ERROR("memcpy failed"); ret = PVE_UNEXPECTED_ERROR; goto fini; - } } +#ifdef DBG_LOG + char dbg_str[256]; + aesm_dbg_format_hex(reinterpret_cast(&epid_data), sizeof(epid_data), dbg_str, 256); + AESM_DBG_TRACE("write epid_data=%s",dbg_str); +#endif ret=EPIDBlob::instance().write(epid_data);//save the data into persistent data storage if(AE_SUCCESS!=ret){ AESM_DBG_WARN("fail to write epid_data:%d",ret); @@ -169,7 +160,7 @@ fini: //Function to process the Provisioning Logic for backup retrieval of old epid data blob //The function assumes that the PvE state has been IDLE -ae_error_t PvEAESMLogic::update_old_blob(const psvn_t& psvn, const endpoint_selection_infos_t& es_info) +ae_error_t PvEAESMLogic::update_old_blob(pve_data_t& data, const endpoint_selection_infos_t& es_info) { uint32_t msg_size = 0; uint8_t *msg = NULL; @@ -191,9 +182,10 @@ ae_error_t PvEAESMLogic::update_old_blob(const psvn_t& psvn, const endpoint_sele } memset(msg, 0, msg_size); - AESM_DBG_TRACE("start to gen prov msg1, estimated size %d", msg_size); - ae_ret = CPVEClass::instance().gen_prov_msg1(&psvn, es_info.pek, - false, msg, msg_size);//generate ProvMsg1 + AESM_DBG_TRACE("start to gen prov msg1, estimate size %d", msg_size); + data.is_backup_retrieval = true; + data.is_performance_rekey = false; + ae_ret = CPVEClass::instance().gen_prov_msg1(data, msg, msg_size);//generate ProvMsg1 if (ae_ret != AE_SUCCESS) { AESM_DBG_WARN("gen prov msg1 failed:%d",ae_ret); @@ -216,10 +208,10 @@ ae_error_t PvEAESMLogic::update_old_blob(const psvn_t& psvn, const endpoint_sele goto ret_point; } - AESM_DBG_TRACE("start to proc msg4"); + AESM_DBG_TRACE("start to send msg4 to server"); if(GET_TYPE_FROM_PROVISION_RESPONSE(resp_msg) == TYPE_PROV_MSG4){ - ae_ret = process_pve_msg4(resp_msg, resp_size, &psvn, false, NULL);//process ProvMsg4 and generated/save EPID Data Blob + ae_ret = process_pve_msg4(data, resp_msg, resp_size);//process ProvMsg4 and generated/save EPID Data Blob AESM_DBG_TRACE("msg4 processing finished, status %d",ae_ret); }else{ AESM_DBG_WARN("response message is not prov msg4"); @@ -280,8 +272,10 @@ aesm_error_t PvEAESMLogic::pve_error_postprocess(ae_error_t ae_error) return AESM_BACKEND_SERVER_BUSY; case AE_OUT_OF_MEMORY_ERROR: return AESM_OUT_OF_MEMORY_ERROR; - case PSW_UPDATED_REQUIRED: + case PSW_UPDATE_REQUIRED: return AESM_UPDATE_AVAILABLE; + case AESM_AE_OUT_OF_EPC: + return AESM_OUT_OF_EPC; default: return AESM_UNEXPECTED_ERROR; } @@ -292,12 +286,17 @@ aesm_error_t PvEAESMLogic::provision(bool performance_rekey_used, uint32_t timeo ae_error_t ae_ret = AE_SUCCESS; AESM_PROFILE_FUN; AESM_DBG_DEBUG("enter fun"); + AESM_DBG_TRACE("start end point selection"); ae_ret = start_epid_provision_thread(performance_rekey_used, timeout_usec); return pve_error_postprocess(ae_ret); } +static void log_provision_result(ae_error_t ae_ret) +{ + // Log provisioning results to the Admin Log +} ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) { @@ -307,32 +306,27 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) uint32_t resp_size = 0; ae_error_t ae_ret = AE_SUCCESS; uint32_t repeat = 0; - int retry = 0; endpoint_selection_infos_t es_info; + pve_data_t pve_data; + memset(&pve_data, 0, sizeof(pve_data)); if(AE_SUCCESS!=(ae_ret=aesm_start_request_wake_execution())){ AESM_DBG_ERROR("fail to request wake execution:%d", ae_ret); + log_provision_result(ae_ret); return ae_ret; } + AESM_DBG_TRACE("start end point selection"); if((ae_ret = EndpointSelectionInfo::instance().start_protocol(es_info))!=AE_SUCCESS){//EndPoint Selection Protocol to setup Provisioning URL (void)aesm_stop_request_wake_execution(); AESM_DBG_WARN("end point selection failed:%d",ae_ret); + log_provision_result(ae_ret); return ae_ret; } //If enclave_lost encountered(such as S3/S4 reached, the retry will be increased by 1, for other kinds of exception like network error, repeat is increased by 1) - while((ae_ret!=AE_ENCLAVE_LOST&&repeat < AESM_RETRY_COUNT) || (ae_ret == AE_ENCLAVE_LOST && retry < AESM_RETRY_COUNT)){ - if(ae_ret == AE_ENCLAVE_LOST){ - AESM_DBG_TRACE("enclave lost inside SGX Provisioning and reload PvE required"); - CPVEClass::instance().unload_enclave();//force PVE to be reloaded later - } - if((ae_ret = CPVEClass::instance().load_enclave())!=AE_SUCCESS) - { - AESM_DBG_ERROR("load pve failed:%d",ae_ret); - break; - } - //estimate upbound size of ProvMsg1 and alloc memory for it + while(repeat < AESM_RETRY_COUNT){ + //estimate upbound of ProvMsg1 and alloc memory for it msg_size = estimate_msg1_size(performance_rekey_used); AESM_DBG_TRACE("estimate msg1 size :%d",msg_size); assert(msg_size > 0); @@ -346,14 +340,16 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) memset(msg, 0, msg_size); //Generate ProvMsg1 - ae_ret = static_cast(CPVEClass::instance().gen_prov_msg1(NULL, es_info.pek, performance_rekey_used, msg, msg_size));//Generate ProvMsg1 + pve_data.is_backup_retrieval = false; + pve_data.is_performance_rekey = performance_rekey_used; + if(0!=memcpy_s(&pve_data.pek, sizeof(pve_data.pek), &es_info.pek, sizeof(es_info.pek))){ + AESM_DBG_ERROR("memcpy error"); + ae_ret = AE_FAILURE; + break; + } + ae_ret = static_cast(CPVEClass::instance().gen_prov_msg1(pve_data, msg, msg_size));//Generate ProvMsg1 if (ae_ret != AE_SUCCESS) { - if(ae_ret == AE_ENCLAVE_LOST){ - AESM_DBG_TRACE("Enclave lost after gen_prov_msg1"); - retry++; - continue; - } AESM_DBG_WARN("fail to generate prov msg1:%d",ae_ret); break; } @@ -378,16 +374,11 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) if(GET_TYPE_FROM_PROVISION_RESPONSE(resp_msg) == TYPE_PROV_MSG2){//If responsed msg is ProvMsg2 psvn_t sigrl_svn; AESM_DBG_TRACE("start to process prov msg2, size %d", resp_size); - ae_ret = process_pve_msg2(sigrl_svn, resp_msg, resp_size, es_info); + ae_ret = process_pve_msg2(pve_data, resp_msg, resp_size, es_info);//processing following flow if response message is ProvMsg2 if(ae_ret != AE_SUCCESS){ if(ae_ret == PVE_EPIDBLOB_ERROR){//If it reports old EPID Blob Error AESM_DBG_TRACE("retrieve old epid blob"); - if((ae_ret = update_old_blob(sigrl_svn, es_info))!=AE_SUCCESS){//try to retrieve old EPID blob from backend server - if(ae_ret == AE_ENCLAVE_LOST){ - AESM_DBG_TRACE("PvE Enclave lost in update_old_blob"); - retry++; - continue; - } + if((ae_ret = update_old_blob(pve_data, es_info))!=AE_SUCCESS){//try to retrieve old EPID blob from backend server AESM_DBG_WARN("fail to retrieve old epid blob:%d",ae_ret); break; }else{ @@ -396,10 +387,6 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) repeat++;//only retry after update old epid blob continue; } - }else if(ae_ret == AE_ENCLAVE_LOST){ - AESM_DBG_TRACE("PvE enclave lost in process_pve_msg2"); - retry++; - continue; }else{ AESM_DBG_WARN("processing prov msg2 failed:%d",ae_ret); break; @@ -407,12 +394,7 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) } }else if(GET_TYPE_FROM_PROVISION_RESPONSE(resp_msg) == TYPE_PROV_MSG4){ AESM_DBG_TRACE("start to process prov msg4 for current psvn"); - if((ae_ret = process_pve_msg4(resp_msg,resp_size, NULL, false, NULL))!=AE_SUCCESS){//process ProvMsg4 to generate EPID blob if resp is Msg4 - if(ae_ret == AE_ENCLAVE_LOST){ - AESM_DBG_TRACE("PvE Enclave lost in process_pve_msg4"); - retry++; - continue; - } + if((ae_ret = process_pve_msg4(pve_data, resp_msg,resp_size))!=AE_SUCCESS){//process ProvMsg4 to generate EPID blob if resp is Msg4 AESM_DBG_WARN("fail to process prov msg4:%d",ae_ret); break; } @@ -431,6 +413,7 @@ ae_error_t PvEAESMLogic::epid_provision_thread_func(bool performance_rekey_used) AESMNetworkEncoding::aesm_free_response_msg(resp_msg); } (void)aesm_stop_request_wake_execution(); + log_provision_result(ae_ret); return ae_ret; } diff --git a/psw/ae/aesm_service/source/pve/pve_logic.h b/psw/ae/aesm_service/source/pve/pve_logic.h index c07a1495f8..1032d83de5 100644 --- a/psw/ae/aesm_service/source/pve/pve_logic.h +++ b/psw/ae/aesm_service/source/pve/pve_logic.h @@ -39,20 +39,29 @@ #include "se_thread.h" #include "oal/oal.h" #include "se_wrapper.h" +#include "epid_pve_type.h" #include #include typedef struct _endpoint_selection_infos_t endpoint_selection_infos_t; +typedef struct _pve_data_t{ + uint8_t sk[SK_SIZE]; + uint8_t xid[XID_SIZE]; + signed_pek_t pek; + bool is_performance_rekey; + bool is_backup_retrieval; + bk_platform_info_t bpi; +}pve_data_t; class PvEAESMLogic{ public: static aesm_error_t provision(bool performance_rekey_used, uint32_t timeout_usec); static aesm_error_t pve_error_postprocess(ae_error_t ae_error); static ae_error_t epid_provision_thread_func(bool performance_rekey_used); /*call get_epid_provision_thread_status().start(performance_rekey_used) to invoke this function with timeout*/ private: - static ae_error_t update_old_blob(const psvn_t& psvn, const endpoint_selection_infos_t& es_info); - static ae_error_t process_pve_msg2(psvn_t& sigrl_psvn, const uint8_t *msg2, uint32_t msg2_size, const endpoint_selection_infos_t& es_info); - static ae_error_t process_pve_msg4(const uint8_t *msg4, uint32_t msg4_size, const psvn_t* old_psvn, bool use_ek2, const uint8_t ek2[SK_SIZE]); + static ae_error_t update_old_blob(pve_data_t& pve_data, const endpoint_selection_infos_t& es_info); + static ae_error_t process_pve_msg2(pve_data_t& pve_data, const uint8_t *msg2, uint32_t msg2_size, const endpoint_selection_infos_t& es_info); + static ae_error_t process_pve_msg4(const pve_data_t& pve_data, const uint8_t *msg4, uint32_t msg4_size); }; #endif diff --git a/psw/ae/aesm_service/source/qe/QEClass.cpp b/psw/ae/aesm_service/source/qe/QEClass.cpp index 7e41bdaf76..8fca2a1dfd 100644 --- a/psw/ae/aesm_service/source/qe/QEClass.cpp +++ b/psw/ae/aesm_service/source/qe/QEClass.cpp @@ -34,6 +34,7 @@ #include "arch.h" #include "QEClass.h" #include "PVEClass.h" +#include "PCEClass.h" #include "se_memcpy.h" #include "prof_fun.h" #include "quoting_enclave_u.h" @@ -42,6 +43,7 @@ void CQEClass::before_enclave_load() { // always unload qe enclave before loading pve enclave CPVEClass::instance().unload_enclave(); + CPCEClass::instance().unload_enclave(); } uint32_t CQEClass::get_qe_target( @@ -81,6 +83,7 @@ uint32_t CQEClass::verify_blob( for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) { unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here if(AE_SUCCESS != load_enclave()) return AE_FAILURE; status = ::verify_blob(m_enclave_id, &ret, p_epid_blob, blob_size, @@ -110,7 +113,8 @@ uint32_t CQEClass::get_quote( uint32_t sigrl_size, sgx_report_t *p_qe_report, uint8_t *p_quote, - uint32_t quote_size) + uint32_t quote_size, + uint16_t pce_isv_svn) { uint32_t ret = AE_SUCCESS; sgx_status_t status = SGX_SUCCESS; @@ -131,10 +135,12 @@ uint32_t CQEClass::get_quote( sigrl_size, p_qe_report, p_quote, - quote_size); + quote_size, + pce_isv_svn); for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++) { unload_enclave(); + // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here if(AE_SUCCESS != load_enclave()) return AE_FAILURE; status = ::get_quote( @@ -150,7 +156,8 @@ uint32_t CQEClass::get_quote( sigrl_size, p_qe_report, p_quote, - quote_size); + quote_size, + pce_isv_svn); } if(status != SGX_SUCCESS) return AE_FAILURE; diff --git a/psw/ae/aesm_service/source/qe/QEClass.h b/psw/ae/aesm_service/source/qe/QEClass.h index e1e83ea4d4..8c6acb467b 100644 --- a/psw/ae/aesm_service/source/qe/QEClass.h +++ b/psw/ae/aesm_service/source/qe/QEClass.h @@ -66,7 +66,8 @@ public: uint32_t sigrl_size, sgx_report_t *p_qe_report, uint8_t *p_quote, - uint32_t quote_size); + uint32_t quote_size, + uint16_t pce_isv_svn); }; #endif diff --git a/psw/ae/aesm_service/source/qe/qe_logic.cpp b/psw/ae/aesm_service/source/qe/qe_logic.cpp index 66d8e567b2..bf43681247 100644 --- a/psw/ae/aesm_service/source/qe/qe_logic.cpp +++ b/psw/ae/aesm_service/source/qe/qe_logic.cpp @@ -31,6 +31,7 @@ #include "aesm_epid_blob.h" +#include "aesm_xegd_blob.h" #include "qe_logic.h" #include "pve_logic.h" #include "aesm_logic.h" @@ -92,7 +93,7 @@ static aesm_error_t try_reprovision_if_not(bool& updated, epid_blob_with_cur_psv // the qe_isv_svn or cpu_svn don't match that in Epid Data Blob aesm_error_t QEAESMLogic::init_quote( sgx_target_info_t *target, - uint8_t *gid, uint32_t gid_size, + uint8_t *gid, uint32_t gid_size, uint16_t pce_isv_svn, uint16_t qe_isv_svn, const sgx_cpu_svn_t qe_cpu_svn) { ae_error_t ae_ret = AE_SUCCESS; @@ -107,9 +108,21 @@ aesm_error_t QEAESMLogic::init_quote( bool updated = false; memset(&epid_data,0,sizeof(epid_data)); + uint32_t xegd_xeid = AESMLogic::get_active_extended_epid_group_id(); AESM_DBG_TRACE("start read and verify old epid blob"); - if((ae_ret = epid_blob.read(epid_data))!=AE_SUCCESS){ - if(AESM_SUCCESS!=(aesm_result = try_reprovision_if_not(updated, epid_data))){ + uint32_t epid_xeid = 0; + //EPID BLOB not exist + if ((ae_ret = epid_blob.read(epid_data)) != AE_SUCCESS ){ + if (AESM_SUCCESS != (aesm_result = try_reprovision_if_not(updated, epid_data))){ + goto ret_point; + } + } + //ExtEPIDGroupID not match + else if ((ae_ret = epid_blob.get_extended_epid_group_id(&epid_xeid)) == AE_SUCCESS && + xegd_xeid != epid_xeid) + { + (void)epid_blob.remove(); + if (AESM_SUCCESS != (aesm_result = try_reprovision_if_not(updated, epid_data))){ goto ret_point; } } @@ -117,17 +130,26 @@ aesm_error_t QEAESMLogic::init_quote( if((ae_ret = CQEClass::instance().load_enclave())!=AE_SUCCESS) { AESM_DBG_ERROR("Fail to load QE:%d", ae_ret); - aesm_result = AESM_UNEXPECTED_ERROR; + if(ae_ret == AESM_AE_OUT_OF_EPC) + aesm_result = AESM_OUT_OF_EPC; + else + aesm_result = AESM_UNEXPECTED_ERROR; goto ret_point; } ae_ret = static_cast(CQEClass::instance().verify_blob(epid_data.trusted_epid_blob, - SGX_TRUSTED_EPID_BLOB_SIZE, + SGX_TRUSTED_EPID_BLOB_SIZE_PAK, &resealed)); if(ae_ret == QE_EPIDBLOB_ERROR){ + (void)epid_blob.remove(); if(AESM_SUCCESS!=(aesm_result = try_reprovision_if_not(updated, epid_data))){ goto ret_point; } } + else if(ae_ret == AESM_AE_OUT_OF_EPC) + { + aesm_result = AESM_OUT_OF_EPC; + goto ret_point; + } else if(ae_ret != AE_SUCCESS) { aesm_result = AESM_UNEXPECTED_ERROR; @@ -145,22 +167,26 @@ aesm_error_t QEAESMLogic::init_quote( AESM_DBG_TRACE("get gid %d from epid blob (little-endian)", *(uint32_t*) gid); - - if(get_qe_target(target)!=AE_SUCCESS){ + ae_ret = get_qe_target(target); + if(ae_ret!=AE_SUCCESS){ AESM_DBG_ERROR("get qe target failed"); + if(ae_ret==AESM_AE_OUT_OF_EPC) + aesm_result = AESM_OUT_OF_EPC; + else aesm_result = AESM_UNEXPECTED_ERROR; goto ret_point; } AESM_DBG_TRACE("get qe_target flags:%llx xfrm:%llx", target->attributes.flags, target->attributes.xfrm); //Any Quoting enclave related code must be before this section to avoid QE/PvE unloading each other - //Do the upgrade reprovision if required - AESM_DBG_TRACE("qe_isv_svn %d, epid_isv_svn %df",qe_isv_svn, epid_data.cur_psvn.isv_svn); - if((qe_isv_svn > epid_data.cur_psvn.isv_svn) - || (0!=memcmp(&qe_cpu_svn, &epid_data.cur_psvn.cpu_svn, + //do the upgrade reprovision after all Quoting Enclave works + AESM_DBG_TRACE("qe_isv_svn %d, epid_isv_svn %d",qe_isv_svn, epid_data.cur_pi.pve_svn); + if((qe_isv_svn > epid_data.cur_pi.pve_svn) + || (pce_isv_svn > epid_data.cur_pi.pce_svn) + || (0!=memcmp(&qe_cpu_svn, &epid_data.cur_pi.cpu_svn, sizeof(sgx_cpu_svn_t)))) { - //We will ignore all provision failure when there is a working EPID blob and leave the decision to attestation server + if(AESM_SUCCESS == (aesm_result = try_reprovision_if_not(updated, epid_data))){ resealed = false; }else if(AESM_PROXY_SETTING_ASSIST == aesm_result || @@ -189,7 +215,7 @@ aesm_error_t QEAESMLogic::get_quote(const uint8_t *report, const uint8_t *nonce, const uint8_t *sigrl, uint32_t sigrl_size, uint8_t *qe_report, - uint8_t *quote, uint32_t buf_size) + uint8_t *quote, uint32_t buf_size, uint16_t pce_isv_svn) { epid_blob_with_cur_psvn_t epid_data; uint32_t ae_ret = AE_SUCCESS; @@ -209,15 +235,18 @@ aesm_error_t QEAESMLogic::get_quote(const uint8_t *report, } } - if(CQEClass::instance().load_enclave()) + if((ae_ret = CQEClass::instance().load_enclave())!=AE_SUCCESS) { AESM_DBG_ERROR("load QE failed"); - aesm_result = AESM_UNEXPECTED_ERROR; + if(ae_ret == AESM_AE_OUT_OF_EPC) + aesm_result = AESM_OUT_OF_EPC; + else + aesm_result = AESM_UNEXPECTED_ERROR; goto CLEANUP; } AESM_DBG_TRACE("start to get quote"); ae_ret = CQEClass::instance().get_quote(epid_data.trusted_epid_blob, - SGX_TRUSTED_EPID_BLOB_SIZE, + SGX_TRUSTED_EPID_BLOB_SIZE_PAK, reinterpret_cast(report), static_cast(quote_type), reinterpret_cast(spid), @@ -226,7 +255,7 @@ aesm_error_t QEAESMLogic::get_quote(const uint8_t *report, sigrl_size, reinterpret_cast(qe_report), quote, - buf_size); + buf_size, pce_isv_svn); if(ae_ret != AE_SUCCESS) { AESM_DBG_TRACE("get_quote failed:%d",ae_ret); diff --git a/psw/ae/aesm_service/source/qe/qe_logic.h b/psw/ae/aesm_service/source/qe/qe_logic.h index 22227bd103..48501cf862 100644 --- a/psw/ae/aesm_service/source/qe/qe_logic.h +++ b/psw/ae/aesm_service/source/qe/qe_logic.h @@ -45,8 +45,8 @@ class QEAESMLogic{ public: static aesm_error_t init_quote(sgx_target_info_t *target_info, - uint8_t *gid, uint32_t gid_size, uint16_t qe_isv_svn, - const sgx_cpu_svn_t qe_cpu_svn); + uint8_t *gid, uint32_t gid_size, uint16_t pce_isv_svn, + uint16_t qe_isv_svn, const sgx_cpu_svn_t qe_cpu_svn); static aesm_error_t get_quote(const uint8_t *report, uint32_t quote_type, @@ -54,7 +54,7 @@ public: const uint8_t *nonce, const uint8_t *sigrl, uint32_t sigrl_size, uint8_t *qe_report, - uint8_t *quote, uint32_t buf_size); + uint8_t *quote, uint32_t buf_size, uint16_t pce_isv_svn); }; #endif diff --git a/psw/ae/aesm_service/source/storage/persistent_storage_info.h b/psw/ae/aesm_service/source/storage/persistent_storage_info.h index 1f9e4e5b2e..fd5e2f203d 100644 --- a/psw/ae/aesm_service/source/storage/persistent_storage_info.h +++ b/psw/ae/aesm_service/source/storage/persistent_storage_info.h @@ -33,7 +33,7 @@ #define _PERSISTENT_STORAGE_INFO_H_ #include "oal/aesm_persistent_storage.h" -typedef enum _aesm_location_info_t {AESM_LOCATION_EXE_FOLDER, AESM_LOCATION_DATA} aesm_location_info_t; +typedef enum _aesm_location_info_t {AESM_LOCATION_EXE_FOLDER, AESM_LOCATION_DATA, AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA} aesm_location_info_t; typedef enum _aesm_file_access_type_t { AESM_FILE_ACCESS_PATH_ONLY, /*We will only get pathname of the file obj via oal interface but AESM could still access the file via other APIs*/ AESM_FILE_ACCESS_READ_ONLY, /*Only read the data*/ diff --git a/psw/ae/aesm_service/source/storage/persistent_storage_table.cpp b/psw/ae/aesm_service/source/storage/persistent_storage_table.cpp index 076056a8d2..b419935d55 100644 --- a/psw/ae/aesm_service/source/storage/persistent_storage_table.cpp +++ b/psw/ae/aesm_service/source/storage/persistent_storage_table.cpp @@ -40,10 +40,13 @@ static const persistent_storage_info_t psinfos[]={ {FT_ENCLAVE_NAME, AESM_LOCATION_EXE_FOLDER, AESM_FILE_ACCESS_PATH_ONLY, "pve"},//PVE_ENCLAVE_FID {FT_ENCLAVE_NAME, AESM_LOCATION_EXE_FOLDER, AESM_FILE_ACCESS_PATH_ONLY, "pse_op"},//PSE_OP_ENCLAVE_FID {FT_ENCLAVE_NAME, AESM_LOCATION_EXE_FOLDER, AESM_FILE_ACCESS_PATH_ONLY, "pse_pr"},//PSE_PR_ENCLAVE_FID + {FT_ENCLAVE_NAME, AESM_LOCATION_EXE_FOLDER, AESM_FILE_ACCESS_PATH_ONLY, "pce"}, //PCE_ENCLAVE_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_EXE_FOLDER, AESM_FILE_ACCESS_PATH_ONLY, "le_prod_css.bin"},//LE_PROD_SIG_STRUCT_FID + { FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_ALL, "active_extended_epid_group_id" }, // EXTENDED_EPID_GROUP_ID_FID + { FT_PERSISTENT_STORAGE, AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA, AESM_FILE_ACCESS_READ_ONLY, "extended_epid_group.blob" }, //EXTENDED_EPID_GROUP_BLOB_INFO_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_ALL, "endpoint_selection_info.blob"},//PROVISION_PEK_BLOB_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_ALL, "epid_data.blob"},//EPID_DATA_BLOB_FID - {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_READ_ONLY, "aesm_server_url.blob"},//AESM_SERVER_URL_FID + { FT_PERSISTENT_STORAGE, AESM_LOCATION_MULTI_EXTENDED_EPID_GROUP_DATA, AESM_FILE_ACCESS_READ_ONLY, "aesm_server_url.blob" },//AESM_SERVER_URL_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_PATH_ONLY, "pse_vmc.db"},//VMC_DATABASE_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_PATH_ONLY, "backup_pse_vmc.db"},//VMC_DATABASE_BK_FID {FT_PERSISTENT_STORAGE, AESM_LOCATION_DATA, AESM_FILE_ACCESS_PATH_ONLY, "prebuild_pse_vmc.db"},//VMC_DATABASE_PREBUILD_FID diff --git a/psw/ae/aesm_service/source/upse/platform_info_blob.h b/psw/ae/aesm_service/source/upse/platform_info_blob.h index f24a566f99..aaee47a4d7 100644 --- a/psw/ae/aesm_service/source/upse/platform_info_blob.h +++ b/psw/ae/aesm_service/source/upse/platform_info_blob.h @@ -55,6 +55,7 @@ const uint8_t QE_EPID_GROUP_OUT_OF_DATE = 0x04; /* Masks for sgx_tcb_evaluation_flags*/ const uint16_t QUOTE_CPUSVN_OUT_OF_DATE = 0x0001; const uint16_t QUOTE_ISVSVN_QE_OUT_OF_DATE = 0x0002; +const uint16_t QUOTE_ISVSVN_PCE_OUT_OF_DATE = 0x0004; /* Masks for sgx_pse_evaluation_flags PS_SEC_PROP_DESC.PSE_ISVSVN is out of date*/ @@ -81,7 +82,7 @@ typedef struct _platform_info_blob_wrapper_t tcb_psvn_t latest_equivalent_tcb_psvn; pse_isvsvn_t latest_pse_isvsvn; psda_svn_t latest_psda_svn; - GroupID performance_rekey_gid; + uint32_t xeid; GroupID gid; sgx_ec256_signature_t signature; } platform_info_blob; diff --git a/psw/ae/common/inc/AEGetWhiteListRequest.h b/psw/ae/common/inc/AEGetWhiteListRequest.h new file mode 100644 index 0000000000..03caae525c --- /dev/null +++ b/psw/ae/common/inc/AEGetWhiteListRequest.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef _AE_GET_WHITE_LIST_REQUEST_H +#define _AE_GET_WHITE_LIST_REQUEST_H + +#include + +class AEGetWhiteListRequest : public IAERequest +{ + public: + AEGetWhiteListRequest(); + AEGetWhiteListRequest(uint32_t whiteListSize, uint32_t timeout); + AEGetWhiteListRequest(const AEGetWhiteListRequest& other); + ~AEGetWhiteListRequest(); + + AEMessage* serialize(ISerializer* serializer); + void inflateValues(uint32_t whiteListSize, uint32_t timeout); + + //getters + int GetWhiteListSize() const { return mWhiteListSize; } + + //operators + bool operator==(const AEGetWhiteListRequest& other) const; + AEGetWhiteListRequest& operator=(const AEGetWhiteListRequest& request); + + //checks + bool check(); + void visit(IAERequestVisitor& visitor); + + //hooks + IAEResponse* execute(IAESMLogic* aesmLogic); + + //used to determin in which queue to be placed + virtual RequestClass getRequestClass(); + + protected: + void ReleaseMemory(); + void CopyFields(uint32_t whiteListSize, uint32_t timeout); + + uint32_t mWhiteListSize; +}; + +#endif diff --git a/psw/ae/common/inc/AEGetWhiteListResponse.h b/psw/ae/common/inc/AEGetWhiteListResponse.h new file mode 100644 index 0000000000..33d3ef4907 --- /dev/null +++ b/psw/ae/common/inc/AEGetWhiteListResponse.h @@ -0,0 +1,78 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef __AE_GET_WHITE_LIST_RESPONSE_H +#define __AE_GET_WHITE_LIST_RESPONSE_H + +#include +#include + +class ISerializer; + +class AEGetWhiteListResponse : public IAEResponse +{ + public: + AEGetWhiteListResponse(); //default ... will prepare a response that will later be inflated + + AEGetWhiteListResponse(int errorCode, uint32_t whiteListLength, const uint8_t * whiteList); + AEGetWhiteListResponse(const AEGetWhiteListResponse& other); + + ~AEGetWhiteListResponse(); + + //inflater + bool inflateWithMessage(AEMessage* message, ISerializer* serializer); + + //getters + inline uint32_t GetWhiteListLength() const { return mWhiteListLength; } + inline const uint8_t* GetWhiteList() const { return mWhiteList; } + + AEMessage* serialize(ISerializer* serializer); + + //this is used to inflate values from a serializer, instead of creating the object directly + void inflateValues(int errorCode, uint32_t whiteListLength, const uint8_t * whiteList); + + //operators + virtual bool operator==(const AEGetWhiteListResponse &other) const; + AEGetWhiteListResponse& operator=(const AEGetWhiteListResponse &other); + + void visit(IAEResponseVisitor& visitor); + + //checks + bool check(); + + protected: + void ReleaseMemory(); + void CopyFields(int errorCode, uint32_t whiteListLength, const uint8_t * whiteList); + + uint32_t mWhiteListLength; + uint8_t * mWhiteList; +}; + +#endif diff --git a/psw/ae/common/inc/AEGetWhiteListSizeRequest.h b/psw/ae/common/inc/AEGetWhiteListSizeRequest.h new file mode 100644 index 0000000000..6767c330e3 --- /dev/null +++ b/psw/ae/common/inc/AEGetWhiteListSizeRequest.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef __AE_GET_WHITE_LIST_SIZE_REQUEST_H +#define __AE_GET_WHITE_LIST_SIZE_REQUEST_H + +#include +class IAESMLogic; + +class AEGetWhiteListSizeRequest : public IAERequest{ + public: + AEGetWhiteListSizeRequest(uint32_t timeout = 0); + AEGetWhiteListSizeRequest(const AEGetWhiteListSizeRequest& other); + ~AEGetWhiteListSizeRequest(); + + void ReleaseMemory(); + + AEMessage* serialize(ISerializer* serializer); + + //inflater -> empty for now ... but soon + void inflateValues(uint32_t timeout = 0); + + //checks + bool check() {return true;} // no special check for this object. Maybe later + virtual IAEResponse* execute(IAESMLogic*); + + //used to determin in which queue to be placed + virtual RequestClass getRequestClass(); + bool operator==(const AEGetWhiteListSizeRequest& other) const; + AEGetWhiteListSizeRequest& operator=(const AEGetWhiteListSizeRequest& other); + void visit(IAERequestVisitor& visitor); + void CopyFields(uint32_t timeout); +}; + +#endif diff --git a/psw/ae/common/inc/AEGetWhiteListSizeResponse.h b/psw/ae/common/inc/AEGetWhiteListSizeResponse.h new file mode 100644 index 0000000000..ff61b98980 --- /dev/null +++ b/psw/ae/common/inc/AEGetWhiteListSizeResponse.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef __AE_GET_WHITE_LIST_SIZE_RESPONSE_H +#define __AE_GET_WHITE_LIST_SIZE_RESPONSE_H + +#include +#include + +class ISerializer; + +class AEGetWhiteListSizeResponse : public IAEResponse +{ + public: + AEGetWhiteListSizeResponse(); //default ... will prepare a response that will later be inflated + + AEGetWhiteListSizeResponse(int errorCode, uint32_t white_list_size); + AEGetWhiteListSizeResponse(const AEGetWhiteListSizeResponse& other); + + ~AEGetWhiteListSizeResponse(); + + //inflater + bool inflateWithMessage(AEMessage* message, ISerializer* serializer); + + inline uint32_t GetWhiteListSize() const { return mWhiteListSize;} + + AEMessage* serialize(ISerializer* serializer); + + //this is used to inflate values from a serializer, instead of creating the object directly + void inflateValues(int errorCode, uint32_t white_list_size); + + //operators + virtual bool operator==(const AEGetWhiteListSizeResponse &other) const; + AEGetWhiteListSizeResponse& operator=(const AEGetWhiteListSizeResponse &other); + + void visit(IAEResponseVisitor& visitor); + + //checks + bool check(); + + protected: + void ReleaseMemory(); + void CopyFields(int errorCode, uint32_t white_list_size); + + uint32_t mWhiteListSize; +}; + +#endif diff --git a/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdRequest.h b/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdRequest.h new file mode 100644 index 0000000000..8aafdb1bfb --- /dev/null +++ b/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdRequest.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef __AE_SGX_GET_EXTENDED_GROUP_ID_REQUEST_H +#define __AE_SGX_GET_EXTENDED_GROUP_ID_REQUEST_H + +#include +class IAESMLogic; + +class AESGXGetExtendedEpidGroupIdRequest : public IAERequest{ + public: + AESGXGetExtendedEpidGroupIdRequest(uint32_t timeout = 0); + AESGXGetExtendedEpidGroupIdRequest(const AESGXGetExtendedEpidGroupIdRequest& other); + ~AESGXGetExtendedEpidGroupIdRequest(); + + void ReleaseMemory(); + + AEMessage* serialize(ISerializer* serializer); + + //inflater -> empty for now ... but soon + void inflateValues(uint32_t timeout = 0); + + //checks + bool check() {return true;} // no special check for this object. Maybe later + virtual IAEResponse* execute(IAESMLogic*); + + //used to determin in which queue to be placed + virtual RequestClass getRequestClass(); + bool operator==(const AESGXGetExtendedEpidGroupIdRequest& other) const; + AESGXGetExtendedEpidGroupIdRequest& operator=(const AESGXGetExtendedEpidGroupIdRequest& other); + void visit(IAERequestVisitor& visitor); + void CopyFields(uint32_t timeout); +}; + +#endif diff --git a/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdResponse.h b/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdResponse.h new file mode 100644 index 0000000000..d6f709b2ca --- /dev/null +++ b/psw/ae/common/inc/AESGXGetExtendedEpidGroupIdResponse.h @@ -0,0 +1,75 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef __AE_SGX_GET_EXTENDED_GROUP_ID_RESPONSE_H +#define __AE_SGX_GET_EXTENDED_GROUP_ID_RESPONSE_H + +#include +#include + +class ISerializer; + +class AESGXGetExtendedEpidGroupIdResponse : public IAEResponse +{ + public: + AESGXGetExtendedEpidGroupIdResponse(); //default ... will prepare a response that will later be inflated + + AESGXGetExtendedEpidGroupIdResponse(int errorCode, uint32_t x_group_id); + AESGXGetExtendedEpidGroupIdResponse(const AESGXGetExtendedEpidGroupIdResponse& other); + + ~AESGXGetExtendedEpidGroupIdResponse(); + + //inflater + bool inflateWithMessage(AEMessage* message, ISerializer* serializer); + + inline uint32_t GetExtendedEpidGroupId() const { return mExtendedEpidGroupId;} + + AEMessage* serialize(ISerializer* serializer); + + //this is used to inflate values from a serializer, instead of creating the object directly + void inflateValues(int errorCode, uint32_t x_group_id); + + //operators + virtual bool operator==(const AESGXGetExtendedEpidGroupIdResponse &other) const; + AESGXGetExtendedEpidGroupIdResponse& operator=(const AESGXGetExtendedEpidGroupIdResponse &other); + + void visit(IAEResponseVisitor& visitor); + + //checks + bool check(); + + protected: + void ReleaseMemory(); + void CopyFields(int errorCode, uint32_t x_group_id); + + uint32_t mExtendedEpidGroupId; +}; + +#endif diff --git a/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupRequest.h b/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupRequest.h new file mode 100644 index 0000000000..da59a8ecf8 --- /dev/null +++ b/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupRequest.h @@ -0,0 +1,71 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef _AE_SGX_SWITCH_EXTENDED_GROUP_REQUEST_H +#define _AE_SGX_SWITCH_EXTENDED_GROUP_REQUEST_H + +#include + +class AESGXSwitchExtendedEpidGroupRequest : public IAERequest +{ + public: + AESGXSwitchExtendedEpidGroupRequest(); + AESGXSwitchExtendedEpidGroupRequest(uint32_t extendedGroupId, uint32_t timeout); + AESGXSwitchExtendedEpidGroupRequest(const AESGXSwitchExtendedEpidGroupRequest& other); + ~AESGXSwitchExtendedEpidGroupRequest(); + + AEMessage* serialize(ISerializer* serializer); + void inflateValues(uint32_t extendedGroupId, uint32_t timeout); + + //getters + int GetExtendedEpidGroupId() const { return mExtendedEpidGroupId; } + + //operators + bool operator==(const AESGXSwitchExtendedEpidGroupRequest& other) const; + AESGXSwitchExtendedEpidGroupRequest& operator=(const AESGXSwitchExtendedEpidGroupRequest& request); + + //checks + bool check(); + void visit(IAERequestVisitor& visitor); + + //hooks + IAEResponse* execute(IAESMLogic* aesmLogic); + + //used to determin in which queue to be placed + virtual RequestClass getRequestClass(); + + protected: + void ReleaseMemory(); + void CopyFields(uint32_t extendedGroupId, uint32_t timeout); + + uint32_t mExtendedEpidGroupId; +}; + +#endif diff --git a/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupResponse.h b/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupResponse.h new file mode 100644 index 0000000000..32f5f3eaa5 --- /dev/null +++ b/psw/ae/common/inc/AESGXSwitchExtendedEpidGroupResponse.h @@ -0,0 +1,62 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#ifndef _AE_SGX_SWITCH_EXTENDED_GROUP_RESPONSE_H +#define _AE_SGX_SWITCH_EXTENDED_GROUP_RESPONSE_H + +#include + +class AESGXSwitchExtendedEpidGroupResponse : public IAEResponse +{ + public: + AESGXSwitchExtendedEpidGroupResponse(); + AESGXSwitchExtendedEpidGroupResponse(int errorCode); + AESGXSwitchExtendedEpidGroupResponse(const AESGXSwitchExtendedEpidGroupResponse& other); + ~AESGXSwitchExtendedEpidGroupResponse(); + + AEMessage* serialize(ISerializer* serializer); + bool inflateWithMessage(AEMessage* message, ISerializer* serializer); + void inflateValues(int errorCode); + + //operators + bool operator==(const AESGXSwitchExtendedEpidGroupResponse& other) const; + AESGXSwitchExtendedEpidGroupResponse& operator=(const AESGXSwitchExtendedEpidGroupResponse& other); + + //checks + bool check(); + virtual void visit(IAEResponseVisitor& visitor); + + protected: + void ReleaseMemory(); + void CopyFields(int errorCode); + +}; + +#endif diff --git a/psw/ae/common/inc/IAERequest.h b/psw/ae/common/inc/IAERequest.h index 9254c0b3d4..85bd123a28 100644 --- a/psw/ae/common/inc/IAERequest.h +++ b/psw/ae/common/inc/IAERequest.h @@ -105,6 +105,10 @@ class AEGetLaunchTokenRequest; class AEGetQuoteRequest; class AEInitQuoteRequest; class AEGetPsCapRequest; +class AEGetWhiteListSizeRequest; +class AEGetWhiteListRequest; +class AESGXGetExtendedEpidGroupIdRequest; +class AESGXSwitchExtendedEpidGroupRequest; class IAERequestVisitor { @@ -118,6 +122,10 @@ class IAERequestVisitor virtual void visitExchangeReportRequest(AEExchangeReportRequest&) = 0; virtual void visitCloseSessionRequest(AECloseSessionRequest&) = 0; virtual void visitGetPsCapRequest(AEGetPsCapRequest&) = 0; + virtual void visitGetWhiteListSizeRequest(AEGetWhiteListSizeRequest&) = 0; + virtual void visitGetWhiteListRequest(AEGetWhiteListRequest&) = 0; + virtual void visitSGXGetExtendedEpidGroupIdRequest(AESGXGetExtendedEpidGroupIdRequest&) = 0; + virtual void visitSGXSwitchExtendedEpidGroupRequest(AESGXSwitchExtendedEpidGroupRequest&) = 0; virtual ~IAERequestVisitor() = 0; }; diff --git a/psw/ae/common/inc/IAEResponse.h b/psw/ae/common/inc/IAEResponse.h index 0fb9719b99..9b4f21bf93 100644 --- a/psw/ae/common/inc/IAEResponse.h +++ b/psw/ae/common/inc/IAEResponse.h @@ -49,6 +49,10 @@ class AEGetLaunchTokenResponse; class AEGetQuoteResponse; class AEInitQuoteResponse; class AEGetPsCapResponse; +class AEGetWhiteListSizeResponse; +class AEGetWhiteListResponse; +class AESGXGetExtendedEpidGroupIdResponse; +class AESGXSwitchExtendedEpidGroupResponse; #include @@ -64,6 +68,10 @@ class IAEResponseVisitor virtual void visitExchangeReportResponse(AEExchangeReportResponse&) = 0; virtual void visitCloseSessionResponse(AECloseSessionResponse&) = 0; virtual void visitGetPsCapResponse(AEGetPsCapResponse&) = 0; + virtual void visitGetWhiteListSizeResponse(AEGetWhiteListSizeResponse&) = 0; + virtual void visitGetWhiteListResponse(AEGetWhiteListResponse&) = 0; + virtual void visitSGXGetExtendedEpidGroupIdResponse(AESGXGetExtendedEpidGroupIdResponse&) = 0; + virtual void visitSGXSwitchExtendedEpidGroupResponse(AESGXSwitchExtendedEpidGroupResponse&) = 0; virtual ~IAEResponseVisitor() {}; }; diff --git a/psw/ae/common/inc/IAESMLogic.h b/psw/ae/common/inc/IAESMLogic.h index 95d685b9ab..82e43909b5 100644 --- a/psw/ae/common/inc/IAESMLogic.h +++ b/psw/ae/common/inc/IAESMLogic.h @@ -77,6 +77,10 @@ class IAESMLogic { virtual aesm_error_t reportAttestationStatus(uint8_t* platform_info, uint32_t platform_info_size, uint32_t attestation_error_code, uint8_t* update_info, uint32_t update_info_size) = 0; + virtual aesm_error_t getWhiteListSize(uint32_t* white_list_size) = 0; + virtual aesm_error_t getWhiteList(uint8_t* white_list, uint32_t mWhiteListSize) = 0; + virtual aesm_error_t sgxGetExtendedEpidGroupId(uint32_t* x_group_id) = 0; + virtual aesm_error_t sgxSwitchExtendedEpidGroup(uint32_t x_group_id) = 0; virtual void service_stop() = 0; virtual ~IAESMLogic(){}; }; diff --git a/psw/ae/common/inc/ISerializer.h b/psw/ae/common/inc/ISerializer.h index 6da6d931ec..ede1a56170 100644 --- a/psw/ae/common/inc/ISerializer.h +++ b/psw/ae/common/inc/ISerializer.h @@ -60,6 +60,18 @@ class AEGetPsCapResponse; class AEReportAttestationRequest; class AEReportAttestationResponse; +class AEGetWhiteListSizeRequest; +class AEGetWhiteListSizeResponse; + +class AEGetWhiteListRequest; +class AEGetWhiteListResponse; + +class AESGXGetExtendedEpidGroupIdRequest; +class AESGXGetExtendedEpidGroupIdResponse; + +class AESGXSwitchExtendedEpidGroupRequest; +class AESGXSwitchExtendedEpidGroupResponse; + class IAERequest; class IAEResponse; @@ -76,6 +88,10 @@ class ISerializer{ virtual AEMessage* serialize(AECloseSessionRequest* request) = 0; virtual AEMessage* serialize(AEGetPsCapRequest* request) = 0; virtual AEMessage* serialize(AEReportAttestationRequest* request) = 0; + virtual AEMessage* serialize(AEGetWhiteListRequest* request) = 0; + virtual AEMessage* serialize(AEGetWhiteListSizeRequest* request) = 0; + virtual AEMessage* serialize(AESGXGetExtendedEpidGroupIdRequest* request) = 0; + virtual AEMessage* serialize(AESGXSwitchExtendedEpidGroupRequest* request) = 0; //response serializers virtual AEMessage* serialize(AEInitQuoteResponse* response) = 0; @@ -87,6 +103,10 @@ class ISerializer{ virtual AEMessage* serialize(AECloseSessionResponse* response) = 0; virtual AEMessage* serialize(AEGetPsCapResponse* response) = 0; virtual AEMessage* serialize(AEReportAttestationResponse* response) = 0; + virtual AEMessage* serialize(AEGetWhiteListSizeResponse* response) = 0; + virtual AEMessage* serialize(AEGetWhiteListResponse* response) = 0; + virtual AEMessage* serialize(AESGXGetExtendedEpidGroupIdResponse* response) = 0; + virtual AEMessage* serialize(AESGXSwitchExtendedEpidGroupResponse* response) = 0; //request inflater -> will inflate request objects by unmarshaling communication level data (this will be used by server) virtual IAERequest* inflateRequest(AEMessage* message) = 0; @@ -101,7 +121,10 @@ class ISerializer{ virtual bool inflateResponse(AEMessage* message, AECloseSessionResponse* response) = 0; virtual bool inflateResponse(AEMessage* message, AEGetPsCapResponse* response) = 0; virtual bool inflateResponse(AEMessage* message, AEReportAttestationResponse* response) = 0; - + virtual bool inflateResponse(AEMessage* message, AEGetWhiteListSizeResponse* response) = 0; + virtual bool inflateResponse(AEMessage* message, AEGetWhiteListResponse* response) = 0; + virtual bool inflateResponse(AEMessage* message, AESGXGetExtendedEpidGroupIdResponse* response) = 0; + virtual bool inflateResponse(AEMessage* message, AESGXSwitchExtendedEpidGroupResponse* response) = 0; virtual ~ISerializer() {} }; diff --git a/psw/ae/common/inc/ProtobufSerializer.h b/psw/ae/common/inc/ProtobufSerializer.h index b2e694334b..c7d60f9e4c 100644 --- a/psw/ae/common/inc/ProtobufSerializer.h +++ b/psw/ae/common/inc/ProtobufSerializer.h @@ -57,6 +57,10 @@ class ProtobufSerializer : public ISerializer{ AEMessage* serialize(AECloseSessionRequest* request); AEMessage* serialize(AEGetPsCapRequest* request); AEMessage* serialize(AEReportAttestationRequest* request); + AEMessage* serialize(AEGetWhiteListSizeRequest* request); + AEMessage* serialize(AEGetWhiteListRequest* request); + AEMessage* serialize(AESGXGetExtendedEpidGroupIdRequest* request); + AEMessage* serialize(AESGXSwitchExtendedEpidGroupRequest* request); //response serializers AEMessage* serialize(AEInitQuoteResponse* response); @@ -68,6 +72,10 @@ class ProtobufSerializer : public ISerializer{ AEMessage* serialize(AECloseSessionResponse* response); AEMessage* serialize(AEGetPsCapResponse* response); AEMessage* serialize(AEReportAttestationResponse* response); + AEMessage* serialize(AEGetWhiteListSizeResponse* response); + AEMessage* serialize(AEGetWhiteListResponse* response); + AEMessage* serialize(AESGXGetExtendedEpidGroupIdResponse* response); + AEMessage* serialize(AESGXSwitchExtendedEpidGroupResponse* response); //base inflate request IAERequest* inflateRequest(AEMessage* message); @@ -82,6 +90,10 @@ class ProtobufSerializer : public ISerializer{ bool inflateResponse(AEMessage* message, AECloseSessionResponse* response); bool inflateResponse(AEMessage* message, AEGetPsCapResponse* response); bool inflateResponse(AEMessage* message, AEReportAttestationResponse* response); + bool inflateResponse(AEMessage* message, AEGetWhiteListSizeResponse* response); + bool inflateResponse(AEMessage* message, AEGetWhiteListResponse *response); + bool inflateResponse(AEMessage* message, AESGXGetExtendedEpidGroupIdResponse* response); + bool inflateResponse(AEMessage* message, AESGXSwitchExtendedEpidGroupResponse* response); private: //request inflaters @@ -94,6 +106,10 @@ class ProtobufSerializer : public ISerializer{ IAERequest* inflateInvokeServiceRequest(aesm::message::Request* reqMsg); IAERequest* inflateGetPsCapRequest(aesm::message::Request* reqMsg); IAERequest* inflateReportAttestationErrorRequest(aesm::message::Request* reqMsg); + IAERequest* inflateGetWhiteListSizeRequest(aesm::message::Request* reqMsg); + IAERequest* inflateGetWhiteListRequest(aesm::message::Request* reqMsg); + IAERequest* inflateSGXGetExtendedEpidGroupIdRequest(aesm::message::Request* reqMsg); + IAERequest* inflateSGXSwitchExtendedEpidGroupRequest(aesm::message::Request* reqMsg); }; #endif diff --git a/sdk/tlibc/math/w_pow10l.c b/psw/ae/common/inc/debug_log.h similarity index 79% rename from sdk/tlibc/math/w_pow10l.c rename to psw/ae/common/inc/debug_log.h index f191c5155f..7b55b98367 100644 --- a/sdk/tlibc/math/w_pow10l.c +++ b/psw/ae/common/inc/debug_log.h @@ -28,15 +28,19 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ +#ifndef __DEBUG_LOG_H_ +#define __DEBUG_LOG_H_ -#include -#include +#ifdef DEBUG +#include -#if (LDBL_MANT_DIG > DBL_MANT_DIG) - -long double pow10l(long double x) -{ - return powl(10, x); -} +#define LOGD(...) __android_log_print(ANDROID_LOG_DEBUG, __FILE__, __VA_ARGS__) +#define LOGE(...) __android_log_print(ANDROID_LOG_ERROR, __FILE__, __VA_ARGS__) +#define LOGI(...) __android_log_print(ANDROID_LOG_INFO, __FILE__, __VA_ARGS__) +#else +#define LOGD(...) +#define LOGE(...) +#define LOGI(...) +#endif #endif diff --git a/psw/ae/common/pek_pub_key.cpp b/psw/ae/common/pek_pub_key.cpp index 59940d5b1c..aeaa47a713 100644 --- a/psw/ae/common/pek_pub_key.cpp +++ b/psw/ae/common/pek_pub_key.cpp @@ -34,12 +34,16 @@ #include "pek_pub_key.h" #include "pve_qe_common.h" #include +#include "xegdsk_pub.hh" #include "peksk_pub.hh" +#include "qsdk_pub.hh" +#include "isk_pub.hh" +#include "byte_order.h" //Function to verify the ECDSA signature of a PEK -//SHA1 value for integrity checking is not verified since the ECDSA verification could make sure the integrity at the sametime. -sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, uint8_t *result) +//SHA1 value for integrity checking is not verified since the ECDSA verification could make sure the integrity at the same time. +sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, const sgx_ec256_public_t* pek_sk, uint8_t *result) { sgx_status_t status = SGX_SUCCESS; sgx_ecc_state_handle_t handle= 0; @@ -54,10 +58,65 @@ sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, uint8_t *result SWAP_ENDIAN_32B(ec_signature.y); status = sgx_ecdsa_verify(reinterpret_cast(&signed_pek), static_cast(sizeof(signed_pek.n)+sizeof(signed_pek.e)), - const_cast(&g_pek_pub_key_little_endian), + pek_sk, &ec_signature, result, handle); (void)sgx_ecc256_close_context(handle); return status; } + +//Function to verify that ECDSA signature of XEGB is correct +sgx_status_t verify_xegb(const extended_epid_group_blob_t& xegb, uint8_t *result){ + if (lv_htons(xegb.data_length) != EXTENDED_EPID_GROUP_BLOB_DATA_LEN + || xegb.format_id != XEGB_FORMAT_ID){ + return SGX_ERROR_INVALID_PARAMETER; + } + + sgx_status_t status = SGX_SUCCESS; + sgx_ecc_state_handle_t handle= 0; + sgx_ec256_signature_t ec_signature; + status = sgx_ecc256_open_context(&handle); + if(SGX_SUCCESS!=status){ + return status; + } + se_static_assert(sizeof(ec_signature)==sizeof(xegb.signature)); + memcpy(&ec_signature, xegb.signature, sizeof(xegb.signature)); + SWAP_ENDIAN_32B(ec_signature.x); + SWAP_ENDIAN_32B(ec_signature.y); + status = sgx_ecdsa_verify(reinterpret_cast(&xegb), + static_cast(sizeof(xegb)-sizeof(xegb.signature)), + const_cast(&g_sdsk_pub_key_little_endian), + &ec_signature, + result, + handle); + (void)sgx_ecc256_close_context(handle); + if(SGX_SUCCESS!=status){ + return status; + } + return SGX_SUCCESS; +} + +sgx_status_t verify_xegb_with_default(const extended_epid_group_blob_t& xegb, uint8_t *result, extended_epid_group_blob_t& out_xegb) +{ + const uint8_t *pxegb = reinterpret_cast(&xegb); + uint32_t i; + //check whether all bytes of xegb is 0, if so we should use default xegb + for (i = 0; i < sizeof(xegb); i++){ + if (pxegb[i] != 0){ + break; + } + } + if (i == sizeof(xegb)){//using default xegb value if all bytes are 0, for hardcoded xegb, no ecdsa signature is available so that no ecdsa verification requried too. + out_xegb.xeid = 0; + out_xegb.format_id = XEGB_FORMAT_ID; + memcpy(out_xegb.epid_sk, &g_sgx_isk_pubkey, 2*ECDSA_SIGN_SIZE); + memcpy(out_xegb.pek_sk, &g_pek_pub_key_little_endian, 2 * ECDSA_SIGN_SIZE); + memcpy(out_xegb.qsdk_exp, g_qsdk_pub_key_e, sizeof(g_qsdk_pub_key_e)); + memcpy(out_xegb.qsdk_mod, g_qsdk_pub_key_n, PVE_RSA_KEY_BYTES); + *result = SGX_EC_VALID; + return SGX_SUCCESS; + } + memcpy(&out_xegb, &xegb, sizeof(xegb));//use the input xegb if any bytes in it is non-zero + return verify_xegb(out_xegb, result); +} diff --git a/psw/ae/common/proto/messages.proto b/psw/ae/common/proto/messages.proto index 3fdc784019..f16d19775c 100644 --- a/psw/ae/common/proto/messages.proto +++ b/psw/ae/common/proto/messages.proto @@ -59,6 +59,23 @@ message Request{ optional uint32 timeout = 9; } + message GetWhiteListSizeRequest{ + optional uint32 timeout = 9; + } + + message GetWhiteListRequest{ + optional uint32 white_list_size= 1; + optional uint32 timeout = 9; + } + + message SGXGetExtendedEpidGroupIdRequest{ + optional uint32 timeout = 9; + } + + message SGXSwitchExtendedEpidGroupRequest{ + optional uint32 x_group_id = 1; + optional uint32 timeout = 9; + } optional InitQuoteRequest initQuoteReq = 1; optional GetQuoteRequest getQuoteReq = 2; optional GetLaunchTokenRequest getLicTokenReq = 3; @@ -68,6 +85,10 @@ message Request{ optional ExchangeReportRequest exchangeReportReq = 7; optional CloseSessionRequest closeSessionReq = 8; optional GetPsCapRequest getPsCapReq = 9; + optional GetWhiteListSizeRequest getWhiteListSizeReq = 10; + optional GetWhiteListRequest getWhiteListReq = 11; + optional SGXGetExtendedEpidGroupIdRequest sgxGetExtendedEpidGroupIdReq = 12; + optional SGXSwitchExtendedEpidGroupRequest sgxSwitchExtendedEpidGroupReq = 13; } message Response{ @@ -119,6 +140,24 @@ message Response{ required uint32 errorCode = 1 [default = 1]; optional uint64 ps_cap = 2; } + message GetWhiteListSizeResponse{ + required uint32 errorCode = 1 [default = 1]; + optional uint32 white_list_size = 2; + } + + message GetWhiteListResponse{ + required uint32 errorCode = 1 [default = 1]; + optional bytes white_list = 2; + } + + message SGXGetExtendedEpidGroupIdResponse{ + required uint32 errorCode = 1 [default = 1]; + optional uint32 x_group_id = 2; + } + + message SGXSwitchExtendedEpidGroupResponse{ + required uint32 errorCode = 1 [ default = 1]; + } optional InitQuoteResponse initQuoteRes = 1; optional GetQuoteResponse getQuoteRes = 2; optional GetLaunchTokenResponse getLicTokenRes = 3; @@ -128,4 +167,8 @@ message Response{ optional ExchangeReportResponse exchangeReportRes = 7; optional CloseSessionResponse closeSessionRes = 8; optional GetPsCapResponse getPsCapRes = 9; + optional GetWhiteListSizeResponse getWhiteListSizeRes = 10; + optional GetWhiteListResponse getWhiteListRes = 11; + optional SGXGetExtendedEpidGroupIdResponse sgxGetExtendedEpidGroupIdRes = 12; + optional SGXSwitchExtendedEpidGroupResponse sgxSwitchExtendedEpidGroupRes = 13; } diff --git a/psw/ae/common/pve_pub_key.cpp b/psw/ae/common/pve_pub_key.cpp index 19dc02cbfc..273013f24c 100644 --- a/psw/ae/common/pve_pub_key.cpp +++ b/psw/ae/common/pve_pub_key.cpp @@ -54,13 +54,9 @@ IppStatus get_provision_server_rsa_pub_key_in_ipp_format(const signed_pek_t& pek { signed_pek_t little_endian_key; get_provision_server_rsa_key_little_endian_order(pek, little_endian_key); - IppStatus status = create_rsa_pub_key(PVE_RSA_KEY_BYTES, + return create_rsa_pub_key(PVE_RSA_KEY_BYTES, sizeof(little_endian_key.e), reinterpret_cast(little_endian_key.n), reinterpret_cast(&little_endian_key.e), rsa_pub_key); - if(status != ippStsNoErr){ - return status; - } - return ippStsNoErr; } diff --git a/psw/ae/common/src/AEGetWhiteListRequest.cpp b/psw/ae/common/src/AEGetWhiteListRequest.cpp new file mode 100644 index 0000000000..3d28e1d8b6 --- /dev/null +++ b/psw/ae/common/src/AEGetWhiteListRequest.cpp @@ -0,0 +1,131 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include +#include +#include + +#include +#include + +AEGetWhiteListRequest::AEGetWhiteListRequest() +:mWhiteListSize(0) +{ +} + +AEGetWhiteListRequest::AEGetWhiteListRequest(uint32_t whiteListSize, uint32_t timeout) +:mWhiteListSize(0) + +{ + CopyFields(whiteListSize, timeout); +} + +AEGetWhiteListRequest::AEGetWhiteListRequest(const AEGetWhiteListRequest& other) +:IAERequest(other), mWhiteListSize(0) +{ + CopyFields(other.mWhiteListSize, other.mTimeout); +} + +AEGetWhiteListRequest::~AEGetWhiteListRequest() +{ + ReleaseMemory(); +} + +void AEGetWhiteListRequest::ReleaseMemory() +{ + mWhiteListSize = 0; +} + +void AEGetWhiteListRequest::CopyFields(uint32_t whiteListSize, uint32_t timeout) +{ + mWhiteListSize = whiteListSize; + mTimeout = timeout; +} + +AEMessage* AEGetWhiteListRequest::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +void AEGetWhiteListRequest::inflateValues(uint32_t whiteListSize, uint32_t timeout) +{ + ReleaseMemory(); + + CopyFields(whiteListSize, timeout); +} + +bool AEGetWhiteListRequest::operator==(const AEGetWhiteListRequest& other) const +{ + if (this == &other) + return true; + + if (mWhiteListSize != other.mWhiteListSize || + mTimeout != other.mTimeout) + return false; + + return true; +} + +AEGetWhiteListRequest& AEGetWhiteListRequest::operator=(const AEGetWhiteListRequest& other) +{ + if (this == &other) + return *this; + + inflateValues(other.mWhiteListSize, other.mTimeout); + + return *this; +} + +bool AEGetWhiteListRequest::check() +{ + return true; +} + +IAERequest::RequestClass AEGetWhiteListRequest::getRequestClass() +{ + return PLATFORM_CLASS; +} + +IAEResponse* AEGetWhiteListRequest::execute(IAESMLogic* aesmLogic) +{ + uint8_t* white_list = new uint8_t[mWhiteListSize]; + + aesm_error_t result = aesmLogic->getWhiteList(white_list, mWhiteListSize); + + AEGetWhiteListResponse* getWhiteListResponse = new AEGetWhiteListResponse(result, mWhiteListSize, white_list); + delete [] white_list; + return getWhiteListResponse; +} + +void AEGetWhiteListRequest::visit(IAERequestVisitor& visitor) +{ + visitor.visitGetWhiteListRequest(*this); +} diff --git a/psw/ae/common/src/AEGetWhiteListResponse.cpp b/psw/ae/common/src/AEGetWhiteListResponse.cpp new file mode 100644 index 0000000000..70ed7e4bf4 --- /dev/null +++ b/psw/ae/common/src/AEGetWhiteListResponse.cpp @@ -0,0 +1,155 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include +#include +#include + +AEGetWhiteListResponse::AEGetWhiteListResponse() +:mWhiteListLength(0), mWhiteList(NULL) +{ +} + +AEGetWhiteListResponse::AEGetWhiteListResponse(int errorCode, uint32_t whiteListLength, const uint8_t* whiteList) +:mWhiteListLength(0), mWhiteList(NULL) +{ + CopyFields(errorCode, whiteListLength, whiteList); +} + +AEGetWhiteListResponse::AEGetWhiteListResponse(const AEGetWhiteListResponse& other) +:mWhiteListLength(0), mWhiteList(NULL) +{ + CopyFields(other.mErrorCode, other.mWhiteListLength, other.mWhiteList); +} + +AEGetWhiteListResponse::~AEGetWhiteListResponse() +{ + ReleaseMemory(); +} + +void AEGetWhiteListResponse::ReleaseMemory() +{ + if (mWhiteList != NULL) + { + if (mWhiteListLength > 0) + memset(mWhiteList, 0, mWhiteListLength); + delete [] mWhiteList; + mWhiteList = NULL; + } + mErrorCode = SGX_ERROR_UNEXPECTED; + mWhiteListLength = 0; +} + +void AEGetWhiteListResponse::CopyFields(int errorCode, uint32_t whiteListLength,const uint8_t* whiteList) +{ + if(whiteListLength <= MAX_MEMORY_ALLOCATION ) + { + mValidSizeCheck = true; + } + else + { + mValidSizeCheck = false; + return; + } + + mErrorCode = errorCode; + mWhiteListLength = whiteListLength; + if (whiteList != NULL && whiteListLength > 0) { + mWhiteList = new uint8_t[whiteListLength]; + memcpy(mWhiteList, whiteList, whiteListLength); + } +} + +AEMessage* AEGetWhiteListResponse::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +bool AEGetWhiteListResponse::inflateWithMessage(AEMessage* message, ISerializer* serializer) +{ + return serializer->inflateResponse(message, this); +} + +void AEGetWhiteListResponse::inflateValues(int errorCode, uint32_t whiteListLength,const uint8_t* whiteList) +{ + ReleaseMemory(); + + CopyFields(errorCode, whiteListLength, whiteList); +} + +bool AEGetWhiteListResponse::operator==(const AEGetWhiteListResponse& other) const +{ + if (this == &other) + return true; + + if (mErrorCode != other.mErrorCode || + mWhiteListLength != other.mWhiteListLength) + return false; + + if ((mWhiteList != other.mWhiteList) && + (mWhiteList == NULL || other.mWhiteList == NULL)) + return false; + + if (mWhiteList != NULL && other.mWhiteList != NULL && + memcmp(mWhiteList, other.mWhiteList, other.mWhiteListLength) != 0) + return false; + + return true; +} + +AEGetWhiteListResponse& AEGetWhiteListResponse::operator=(const AEGetWhiteListResponse& other) +{ + if (this == &other) + return * this; + + inflateValues(other.mErrorCode, other.mWhiteListLength, other.mWhiteList); + + return *this; +} + +bool AEGetWhiteListResponse::check() +{ + if (mErrorCode != SGX_SUCCESS) + return false; + + if (mValidSizeCheck == false) + return false; + + if (mWhiteList == NULL) + return false; + + return true; +} + +void AEGetWhiteListResponse::visit(IAEResponseVisitor& visitor) +{ + visitor.visitGetWhiteListResponse(*this); +} diff --git a/psw/ae/common/src/AEGetWhiteListSizeRequest.cpp b/psw/ae/common/src/AEGetWhiteListSizeRequest.cpp new file mode 100644 index 0000000000..0be8a5063a --- /dev/null +++ b/psw/ae/common/src/AEGetWhiteListSizeRequest.cpp @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include +#include +#include +#include +#include + +AEGetWhiteListSizeRequest::AEGetWhiteListSizeRequest(uint32_t timeout) : IAERequest(timeout) { +} + +AEGetWhiteListSizeRequest::AEGetWhiteListSizeRequest(const AEGetWhiteListSizeRequest& other) +: IAERequest(other) +{ + CopyFields(other.mTimeout); +} + +AEGetWhiteListSizeRequest::~AEGetWhiteListSizeRequest() +{ + ReleaseMemory(); +} + +void AEGetWhiteListSizeRequest::ReleaseMemory() +{ + //empty for now +} + + +void AEGetWhiteListSizeRequest::CopyFields(uint32_t timeout) +{ + mTimeout = timeout; +} + +AEMessage* AEGetWhiteListSizeRequest::serialize(ISerializer* serializer){ + return serializer->serialize(this); +} + +IAERequest::RequestClass AEGetWhiteListSizeRequest::getRequestClass() { + return PLATFORM_CLASS; +} + +void AEGetWhiteListSizeRequest::inflateValues(uint32_t timeout) +{ + ReleaseMemory(); + + CopyFields(timeout); +} + +bool AEGetWhiteListSizeRequest::operator==(const AEGetWhiteListSizeRequest& other) const +{ + if (this == &other) + return true; + + if (mTimeout != other.mTimeout) + return false; + + return true; //no members , default to true +} + +AEGetWhiteListSizeRequest& AEGetWhiteListSizeRequest::operator=(const AEGetWhiteListSizeRequest& other) +{ + if (this == &other) + return *this; + + inflateValues(other.mTimeout); + + //do nothing - no members + return *this; +} + +void AEGetWhiteListSizeRequest::visit(IAERequestVisitor& visitor) +{ + visitor.visitGetWhiteListSizeRequest(*this); +} + + +IAEResponse* AEGetWhiteListSizeRequest::execute(IAESMLogic* aesmLogic) +{ + uint32_t white_list_size; + + aesm_error_t result = aesmLogic->getWhiteListSize(&white_list_size); + + AEGetWhiteListSizeResponse * response = new AEGetWhiteListSizeResponse((uint32_t)result, white_list_size); + + return response; +} diff --git a/psw/ae/common/src/AEGetWhiteListSizeResponse.cpp b/psw/ae/common/src/AEGetWhiteListSizeResponse.cpp new file mode 100644 index 0000000000..efeec6d84e --- /dev/null +++ b/psw/ae/common/src/AEGetWhiteListSizeResponse.cpp @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include + +#include +#include + +AEGetWhiteListSizeResponse::AEGetWhiteListSizeResponse() : + mWhiteListSize(-1) +{ +} + +AEGetWhiteListSizeResponse::AEGetWhiteListSizeResponse(int errorCode, uint32_t white_list_size) : + mWhiteListSize(-1) +{ + CopyFields(errorCode, white_list_size); +} + +AEGetWhiteListSizeResponse::AEGetWhiteListSizeResponse(const AEGetWhiteListSizeResponse& other) : + mWhiteListSize(-1) +{ + CopyFields(other.mErrorCode, other.mWhiteListSize); +} + +AEGetWhiteListSizeResponse::~AEGetWhiteListSizeResponse() +{ + ReleaseMemory(); +} + +void AEGetWhiteListSizeResponse::ReleaseMemory() +{ + mErrorCode = SGX_ERROR_UNEXPECTED; +} + +void AEGetWhiteListSizeResponse::CopyFields(int errorCode, uint32_t white_list_size) +{ + mErrorCode = errorCode; + mWhiteListSize = white_list_size; +} + + +AEMessage* AEGetWhiteListSizeResponse::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +bool AEGetWhiteListSizeResponse::inflateWithMessage(AEMessage* message, ISerializer *serializer) +{ + return serializer->inflateResponse(message, this); +} + +void AEGetWhiteListSizeResponse::inflateValues(int errorCode, uint32_t white_list_size) +{ + ReleaseMemory(); + + CopyFields(errorCode, white_list_size); +} + +bool AEGetWhiteListSizeResponse::operator==(const AEGetWhiteListSizeResponse &other) const +{ + if (this == &other) + return true; + + if (mWhiteListSize!= other.mWhiteListSize) + return false; + return true; +} + +AEGetWhiteListSizeResponse & AEGetWhiteListSizeResponse::operator=(const AEGetWhiteListSizeResponse &other) +{ + if (this == &other) + return *this; + + inflateValues(other.mErrorCode, other.mWhiteListSize); + + return *this; +} + +bool AEGetWhiteListSizeResponse::check() +{ + // no MAC to check at this point, but do some generic parameter check + + //impose a limit of 1MB for these messages. If larger then a transmission, or unmarshalling error may have occured + //also a big value here might be an attack + + //first, fail if errorCode is not 0 + if (mErrorCode != SGX_SUCCESS) + return false; + + return true; +} + +void AEGetWhiteListSizeResponse::visit(IAEResponseVisitor& visitor) +{ + visitor.visitGetWhiteListSizeResponse(*this); +} + diff --git a/psw/ae/common/src/AEReportAttestationRequest.cpp b/psw/ae/common/src/AEReportAttestationRequest.cpp index bc90db810c..e900dbbd71 100644 --- a/psw/ae/common/src/AEReportAttestationRequest.cpp +++ b/psw/ae/common/src/AEReportAttestationRequest.cpp @@ -176,6 +176,7 @@ IAEResponse* AEReportAttestationRequest::execute(IAESMLogic* aesmLogic) { aesm_error_t result; uint8_t* update_info = new uint8_t[mUpdateInfoLength]; + memset(update_info,0, mUpdateInfoLength); result = aesmLogic->reportAttestationStatus(mPlatformInfo, mPlatformInfoLength, mAttestationErrorCode, update_info, mUpdateInfoLength); diff --git a/psw/ae/common/src/AEReportAttestationResponse.cpp b/psw/ae/common/src/AEReportAttestationResponse.cpp index cf95e70d63..2cec9539a1 100644 --- a/psw/ae/common/src/AEReportAttestationResponse.cpp +++ b/psw/ae/common/src/AEReportAttestationResponse.cpp @@ -137,9 +137,6 @@ AEReportAttestationResponse& AEReportAttestationResponse::operator=(const AERepo //checks bool AEReportAttestationResponse::check() { - if (mErrorCode != SGX_SUCCESS) - return false; - if (mValidSizeCheck == false) return false; diff --git a/psw/ae/common/src/AESGXGetExtendedEpidGroupIdRequest.cpp b/psw/ae/common/src/AESGXGetExtendedEpidGroupIdRequest.cpp new file mode 100644 index 0000000000..2133bc305f --- /dev/null +++ b/psw/ae/common/src/AESGXGetExtendedEpidGroupIdRequest.cpp @@ -0,0 +1,115 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include +#include +#include +#include +#include + +AESGXGetExtendedEpidGroupIdRequest::AESGXGetExtendedEpidGroupIdRequest(uint32_t timeout) : IAERequest(timeout) { +} + +AESGXGetExtendedEpidGroupIdRequest::AESGXGetExtendedEpidGroupIdRequest(const AESGXGetExtendedEpidGroupIdRequest& other) +: IAERequest(other) +{ + CopyFields(other.mTimeout); +} + +AESGXGetExtendedEpidGroupIdRequest::~AESGXGetExtendedEpidGroupIdRequest() +{ + ReleaseMemory(); +} + +void AESGXGetExtendedEpidGroupIdRequest::ReleaseMemory() +{ + //empty for now +} + + +void AESGXGetExtendedEpidGroupIdRequest::CopyFields(uint32_t timeout) +{ + mTimeout = timeout; +} + +AEMessage* AESGXGetExtendedEpidGroupIdRequest::serialize(ISerializer* serializer){ + return serializer->serialize(this); +} + +IAERequest::RequestClass AESGXGetExtendedEpidGroupIdRequest::getRequestClass() { + return PLATFORM_CLASS; +} + +void AESGXGetExtendedEpidGroupIdRequest::inflateValues(uint32_t timeout) +{ + ReleaseMemory(); + + CopyFields(timeout); +} + +bool AESGXGetExtendedEpidGroupIdRequest::operator==(const AESGXGetExtendedEpidGroupIdRequest& other) const +{ + if (this == &other) + return true; + + if (mTimeout != other.mTimeout) + return false; + + return true; //no members , default to true +} + +AESGXGetExtendedEpidGroupIdRequest& AESGXGetExtendedEpidGroupIdRequest::operator=(const AESGXGetExtendedEpidGroupIdRequest& other) +{ + if (this == &other) + return *this; + + inflateValues(other.mTimeout); + + //do nothing - no members + return *this; +} + +void AESGXGetExtendedEpidGroupIdRequest::visit(IAERequestVisitor& visitor) +{ + visitor.visitSGXGetExtendedEpidGroupIdRequest(*this); +} + + +IAEResponse* AESGXGetExtendedEpidGroupIdRequest::execute(IAESMLogic* aesmLogic) +{ + uint32_t extended_group_id; + + aesm_error_t result = aesmLogic->sgxGetExtendedEpidGroupId(&extended_group_id); + + AESGXGetExtendedEpidGroupIdResponse * response = new AESGXGetExtendedEpidGroupIdResponse((uint32_t)result, extended_group_id); + + return response; +} diff --git a/psw/ae/common/src/AESGXGetExtendedEpidGroupIdResponse.cpp b/psw/ae/common/src/AESGXGetExtendedEpidGroupIdResponse.cpp new file mode 100644 index 0000000000..86daf53b36 --- /dev/null +++ b/psw/ae/common/src/AESGXGetExtendedEpidGroupIdResponse.cpp @@ -0,0 +1,126 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include + +#include +#include + +AESGXGetExtendedEpidGroupIdResponse::AESGXGetExtendedEpidGroupIdResponse() : + mExtendedEpidGroupId(-1) +{ +} + +AESGXGetExtendedEpidGroupIdResponse::AESGXGetExtendedEpidGroupIdResponse(int errorCode, uint32_t extendedGroupId) : + mExtendedEpidGroupId(-1) +{ + CopyFields(errorCode, extendedGroupId); +} + +AESGXGetExtendedEpidGroupIdResponse::AESGXGetExtendedEpidGroupIdResponse(const AESGXGetExtendedEpidGroupIdResponse& other) : + mExtendedEpidGroupId(-1) +{ + CopyFields(other.mErrorCode, other.mExtendedEpidGroupId); +} + +AESGXGetExtendedEpidGroupIdResponse::~AESGXGetExtendedEpidGroupIdResponse() +{ + ReleaseMemory(); +} + +void AESGXGetExtendedEpidGroupIdResponse::ReleaseMemory() +{ + mErrorCode = SGX_ERROR_UNEXPECTED; +} + +void AESGXGetExtendedEpidGroupIdResponse::CopyFields(int errorCode, uint32_t extendedGroupId) +{ + mErrorCode = errorCode; + mExtendedEpidGroupId = extendedGroupId; +} + + +AEMessage* AESGXGetExtendedEpidGroupIdResponse::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +bool AESGXGetExtendedEpidGroupIdResponse::inflateWithMessage(AEMessage* message, ISerializer *serializer) +{ + return serializer->inflateResponse(message, this); +} + +void AESGXGetExtendedEpidGroupIdResponse::inflateValues(int errorCode, uint32_t extendedGroupId) +{ + ReleaseMemory(); + + CopyFields(errorCode, extendedGroupId); +} + +bool AESGXGetExtendedEpidGroupIdResponse::operator==(const AESGXGetExtendedEpidGroupIdResponse &other) const +{ + if (this == &other) + return true; + + if (mExtendedEpidGroupId!= other.mExtendedEpidGroupId) + return false; + return true; +} + +AESGXGetExtendedEpidGroupIdResponse & AESGXGetExtendedEpidGroupIdResponse::operator=(const AESGXGetExtendedEpidGroupIdResponse &other) +{ + if (this == &other) + return *this; + + inflateValues(other.mErrorCode, other.mExtendedEpidGroupId); + + return *this; +} + +bool AESGXGetExtendedEpidGroupIdResponse::check() +{ + // no MAC to check at this point, but do some generic parameter check + + //impose a limit of 1MB for these messages. If larger then a transmission, or unmarshalling error may have occured + //also a big value here might be an attack + + //first, fail if errorCode is not 0 + if (mErrorCode != SGX_SUCCESS) + return false; + + return true; +} + +void AESGXGetExtendedEpidGroupIdResponse::visit(IAEResponseVisitor& visitor) +{ + visitor.visitSGXGetExtendedEpidGroupIdResponse(*this); +} + diff --git a/psw/ae/common/src/AESGXSwitchExtendedEpidGroupRequest.cpp b/psw/ae/common/src/AESGXSwitchExtendedEpidGroupRequest.cpp new file mode 100644 index 0000000000..5728205435 --- /dev/null +++ b/psw/ae/common/src/AESGXSwitchExtendedEpidGroupRequest.cpp @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include +#include +#include + +#include +#include + +AESGXSwitchExtendedEpidGroupRequest::AESGXSwitchExtendedEpidGroupRequest() +:mExtendedEpidGroupId(0) +{ +} + +AESGXSwitchExtendedEpidGroupRequest::AESGXSwitchExtendedEpidGroupRequest(uint32_t extendedGroupId, uint32_t timeout) +:mExtendedEpidGroupId(0) + +{ + CopyFields(extendedGroupId, timeout); +} + +AESGXSwitchExtendedEpidGroupRequest::AESGXSwitchExtendedEpidGroupRequest(const AESGXSwitchExtendedEpidGroupRequest& other) +:IAERequest(other), mExtendedEpidGroupId(0) +{ + CopyFields(other.mExtendedEpidGroupId, other.mTimeout); +} + +AESGXSwitchExtendedEpidGroupRequest::~AESGXSwitchExtendedEpidGroupRequest() +{ + ReleaseMemory(); +} + +void AESGXSwitchExtendedEpidGroupRequest::ReleaseMemory() +{ + mExtendedEpidGroupId = 0; +} + +void AESGXSwitchExtendedEpidGroupRequest::CopyFields(uint32_t extendedGroupId, uint32_t timeout) +{ + mExtendedEpidGroupId = extendedGroupId; + mTimeout = timeout; +} + +AEMessage* AESGXSwitchExtendedEpidGroupRequest::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +void AESGXSwitchExtendedEpidGroupRequest::inflateValues(uint32_t extendedGroupId, uint32_t timeout) +{ + ReleaseMemory(); + + CopyFields(extendedGroupId, timeout); +} + +bool AESGXSwitchExtendedEpidGroupRequest::operator==(const AESGXSwitchExtendedEpidGroupRequest& other) const +{ + if (this == &other) + return true; + + if (mExtendedEpidGroupId != other.mExtendedEpidGroupId || + mTimeout != other.mTimeout) + return false; + + return true; +} + +AESGXSwitchExtendedEpidGroupRequest& AESGXSwitchExtendedEpidGroupRequest::operator=(const AESGXSwitchExtendedEpidGroupRequest& other) +{ + if (this == &other) + return *this; + + inflateValues(other.mExtendedEpidGroupId, other.mTimeout); + + return *this; +} + +bool AESGXSwitchExtendedEpidGroupRequest::check() +{ + return true; +} + +IAERequest::RequestClass AESGXSwitchExtendedEpidGroupRequest::getRequestClass() +{ + return PLATFORM_CLASS; +} + +IAEResponse* AESGXSwitchExtendedEpidGroupRequest::execute(IAESMLogic* aesmLogic) +{ + aesm_error_t result; + result = aesmLogic->sgxSwitchExtendedEpidGroup(mExtendedEpidGroupId); + + return new AESGXSwitchExtendedEpidGroupResponse(result); +} + +void AESGXSwitchExtendedEpidGroupRequest::visit(IAERequestVisitor& visitor) +{ + visitor.visitSGXSwitchExtendedEpidGroupRequest(*this); +} diff --git a/psw/ae/common/src/AESGXSwitchExtendedEpidGroupResponse.cpp b/psw/ae/common/src/AESGXSwitchExtendedEpidGroupResponse.cpp new file mode 100644 index 0000000000..55ba1692d2 --- /dev/null +++ b/psw/ae/common/src/AESGXSwitchExtendedEpidGroupResponse.cpp @@ -0,0 +1,113 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +#include +#include + +#include +#include + +AESGXSwitchExtendedEpidGroupResponse::AESGXSwitchExtendedEpidGroupResponse() +{ +} + +AESGXSwitchExtendedEpidGroupResponse::AESGXSwitchExtendedEpidGroupResponse(int errorCode) +{ + CopyFields(errorCode); +} + +AESGXSwitchExtendedEpidGroupResponse::AESGXSwitchExtendedEpidGroupResponse(const AESGXSwitchExtendedEpidGroupResponse& other) +{ + CopyFields(other.mErrorCode); +} + +AESGXSwitchExtendedEpidGroupResponse::~AESGXSwitchExtendedEpidGroupResponse() +{ + ReleaseMemory(); +} + +void AESGXSwitchExtendedEpidGroupResponse::ReleaseMemory() +{ +} + +void AESGXSwitchExtendedEpidGroupResponse::CopyFields(int errorCode) +{ + mErrorCode = errorCode; +} + +AEMessage* AESGXSwitchExtendedEpidGroupResponse::serialize(ISerializer* serializer) +{ + return serializer->serialize(this); +} + +bool AESGXSwitchExtendedEpidGroupResponse::inflateWithMessage(AEMessage* message, ISerializer* serializer) +{ + return serializer->inflateResponse(message, this); +} + +void AESGXSwitchExtendedEpidGroupResponse::inflateValues(int errorCode) +{ + ReleaseMemory(); + + CopyFields(errorCode); +} + +bool AESGXSwitchExtendedEpidGroupResponse::operator==(const AESGXSwitchExtendedEpidGroupResponse& other) const +{ + if (this == &other) + return true; + + if (mErrorCode != other.mErrorCode) + return false; + + return true; +} + +AESGXSwitchExtendedEpidGroupResponse& AESGXSwitchExtendedEpidGroupResponse::operator=(const AESGXSwitchExtendedEpidGroupResponse& other) +{ + if (this == &other) + return *this; + + inflateValues(other.mErrorCode); + + return *this; +} + +bool AESGXSwitchExtendedEpidGroupResponse::check() +{ + if (mErrorCode != SGX_SUCCESS) + return false; + return true; +} + +void AESGXSwitchExtendedEpidGroupResponse::visit(IAEResponseVisitor& visitor) +{ + visitor.visitSGXSwitchExtendedEpidGroupResponse(*this); +} diff --git a/psw/ae/common/src/ProtobufSerializer.cpp b/psw/ae/common/src/ProtobufSerializer.cpp index aec29bc3b8..97a95fa10a 100644 --- a/psw/ae/common/src/ProtobufSerializer.cpp +++ b/psw/ae/common/src/ProtobufSerializer.cpp @@ -66,6 +66,18 @@ #include #include +#include +#include + +#include +#include + +#include +#include + +#include +#include + #include #include #include @@ -397,6 +409,14 @@ IAERequest* ProtobufSerializer::inflateRequest(AEMessage* message) { request = inflateGetPsCapRequest(reqMsg); if (reqMsg->has_reporterrreq() == true) request = inflateReportAttestationErrorRequest(reqMsg); + if(reqMsg->has_getwhitelistsizereq() == true) + request = inflateGetWhiteListSizeRequest(reqMsg); + if(reqMsg->has_getwhitelistreq() == true) + request = inflateGetWhiteListRequest(reqMsg); + if(reqMsg->has_sgxgetextendedepidgroupidreq() == true) + request = inflateSGXGetExtendedEpidGroupIdRequest(reqMsg); + if(reqMsg->has_sgxswitchextendedepidgroupreq() == true) + request = inflateSGXSwitchExtendedEpidGroupRequest(reqMsg); delete reqMsg; return request; } @@ -1287,3 +1307,379 @@ bool ProtobufSerializer::inflateResponse(AEMessage* message, AEReportAttestation return true; } + +/* + Get white list size +*/ +IAERequest* ProtobufSerializer::inflateGetWhiteListSizeRequest(aesm::message::Request* reqMsg) +{ + AEGetWhiteListSizeRequest* request = new AEGetWhiteListSizeRequest(); + aesm::message::Request::GetWhiteListSizeRequest proto_req = reqMsg->getwhitelistsizereq(); + + request->inflateValues(proto_req.timeout()); + return request; +} + +AEMessage* ProtobufSerializer::serialize(AEGetWhiteListSizeRequest* request) +{ + //kill the warning + UNUSED(request); + + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Request msg; + aesm::message::Request::GetWhiteListSizeRequest proto_req; + proto_req.set_timeout(request->GetTimeout()); + + if (proto_req.IsInitialized()) + { + aesm::message::Request::GetWhiteListSizeRequest* mutableReq = msg.mutable_getwhitelistsizereq(); + mutableReq->CopyFrom(proto_req); + msg.SerializeToString(&data); + msg.release_getwhitelistsizereq(); //free the internal object + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.c_str(), ae_msg->size); + } + delete mutableReq; + } + return ae_msg; +} + +AEMessage* ProtobufSerializer::serialize(AEGetWhiteListSizeResponse* response) +{ + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Response msg; + aesm::message::Response::GetWhiteListSizeResponse proto_res; + + proto_res.set_errorcode(response->GetErrorCode()); + proto_res.set_white_list_size(response->GetWhiteListSize()); + + if (proto_res.IsInitialized()) + { + aesm::message::Response::GetWhiteListSizeResponse* mutableRes = msg.mutable_getwhitelistsizeres(); + mutableRes->CopyFrom(proto_res); + msg.SerializeToString(&data); + msg.release_getwhitelistsizeres(); + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.data(), data.size()); + } + delete mutableRes; + } + return ae_msg; +} + +bool ProtobufSerializer::inflateResponse(AEMessage* message, AEGetWhiteListSizeResponse* response) +{ + std::string data((char*)message->data, message->size); + aesm::message::Response msg; + + msg.ParseFromString(data); + if (msg.has_getwhitelistsizeres() == false) + return false; + + aesm::message::Response::GetWhiteListSizeResponse proto_res = msg.getwhitelistsizeres(); + uint32_t errorCode = proto_res.errorcode(); + uint32_t white_list_size = -1; + if (proto_res.has_white_list_size()) + { + white_list_size = proto_res.white_list_size(); + } + response->inflateValues(errorCode, white_list_size); + + return true; +} + +/* + Get white list +*/ +IAERequest* ProtobufSerializer::inflateGetWhiteListRequest(aesm::message::Request* reqMsg) +{ + AEGetWhiteListRequest* request = new AEGetWhiteListRequest(); + aesm::message::Request::GetWhiteListRequest proto_req = reqMsg->getwhitelistreq(); + + request->inflateValues(proto_req.white_list_size(),proto_req.timeout()); + return request; +} + +AEMessage* ProtobufSerializer::serialize(AEGetWhiteListRequest* request) +{ + //kill the warning + UNUSED(request); + + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Request msg; + aesm::message::Request::GetWhiteListRequest proto_req; + proto_req.set_white_list_size(request->GetWhiteListSize()); + proto_req.set_timeout(request->GetTimeout()); + + if (proto_req.IsInitialized()) + { + aesm::message::Request::GetWhiteListRequest* mutableReq = msg.mutable_getwhitelistreq(); + mutableReq->CopyFrom(proto_req); + msg.SerializeToString(&data); + msg.release_getwhitelistreq(); //free the internal object + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.c_str(), ae_msg->size); + } + delete mutableReq; + } + return ae_msg; +} + +AEMessage* ProtobufSerializer::serialize(AEGetWhiteListResponse* response) +{ + std::string data; + AEMessage* ae_msg = NULL; + + aesm::message::Response msg; + aesm::message::Response::GetWhiteListResponse proto_res; + + if (response->GetWhiteList() != NULL) + { + std::string se_white_list((const char*)response->GetWhiteList(), response->GetWhiteListLength()); + proto_res.set_white_list(se_white_list); + } + + proto_res.set_errorcode(response->GetErrorCode()); + + if (proto_res.IsInitialized()) + { + aesm::message::Response::GetWhiteListResponse* mutableRes = msg.mutable_getwhitelistres(); + mutableRes->CopyFrom(proto_res); + msg.SerializeToString(&data); + msg.release_getwhitelistres(); + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.data(), ae_msg->size); + } + delete mutableRes; + } + + return ae_msg; +} + +bool ProtobufSerializer::inflateResponse(AEMessage* message, AEGetWhiteListResponse* response) +{ + std::string data((char*)message->data, message->size); + aesm::message::Response msg; + + msg.ParseFromString(data); + if (msg.has_getwhitelistres() == false) + return false; + + aesm::message::Response::GetWhiteListResponse proto_res = msg.getwhitelistres(); + uint32_t errorCode = proto_res.errorcode(); + uint32_t white_list_length = 0; + uint8_t * white_list = NULL; + + if (proto_res.has_white_list()) + { + if(proto_res.white_list().size() > UINT_MAX) { + return false; + } + white_list_length = (unsigned int)proto_res.white_list().size(); + white_list = (uint8_t*)const_cast(proto_res.white_list().data()); + } + response->inflateValues(errorCode, white_list_length, white_list); + + return true; +} + +/* + SGX Get extended epid group id +*/ +IAERequest* ProtobufSerializer::inflateSGXGetExtendedEpidGroupIdRequest(aesm::message::Request* reqMsg) +{ + AESGXGetExtendedEpidGroupIdRequest* request = new AESGXGetExtendedEpidGroupIdRequest(); + aesm::message::Request::SGXGetExtendedEpidGroupIdRequest proto_req = reqMsg->sgxgetextendedepidgroupidreq(); + + request->inflateValues(proto_req.timeout()); + return request; +} + +AEMessage* ProtobufSerializer::serialize(AESGXGetExtendedEpidGroupIdRequest* request) +{ + //kill the warning + UNUSED(request); + + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Request msg; + aesm::message::Request::SGXGetExtendedEpidGroupIdRequest proto_req; + proto_req.set_timeout(request->GetTimeout()); + + if (proto_req.IsInitialized()) + { + aesm::message::Request::SGXGetExtendedEpidGroupIdRequest* mutableReq = msg.mutable_sgxgetextendedepidgroupidreq(); + mutableReq->CopyFrom(proto_req); + msg.SerializeToString(&data); + msg.release_sgxgetextendedepidgroupidreq(); //free the internal object + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.c_str(), ae_msg->size); + } + delete mutableReq; + } + return ae_msg; +} + +AEMessage* ProtobufSerializer::serialize(AESGXGetExtendedEpidGroupIdResponse* response) +{ + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Response msg; + aesm::message::Response::SGXGetExtendedEpidGroupIdResponse proto_res; + + proto_res.set_errorcode(response->GetErrorCode()); + proto_res.set_x_group_id(response->GetExtendedEpidGroupId()); + + if (proto_res.IsInitialized()) + { + aesm::message::Response::SGXGetExtendedEpidGroupIdResponse* mutableRes = msg.mutable_sgxgetextendedepidgroupidres(); + mutableRes->CopyFrom(proto_res); + msg.SerializeToString(&data); + msg.release_sgxgetextendedepidgroupidres(); + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.data(), data.size()); + } + delete mutableRes; + } + return ae_msg; +} + +bool ProtobufSerializer::inflateResponse(AEMessage* message, AESGXGetExtendedEpidGroupIdResponse* response) +{ + std::string data((char*)message->data, message->size); + aesm::message::Response msg; + + msg.ParseFromString(data); + if (msg.has_sgxgetextendedepidgroupidres() == false) + return false; + + aesm::message::Response::SGXGetExtendedEpidGroupIdResponse proto_res = msg.sgxgetextendedepidgroupidres(); + uint32_t errorCode = proto_res.errorcode(); + uint32_t x_group_id = -1; + if (proto_res.has_x_group_id()) + { + x_group_id = proto_res.x_group_id(); + } + response->inflateValues(errorCode, x_group_id); + + return true; +} + +/* + SGX Switch extended epid group +*/ +IAERequest* ProtobufSerializer::inflateSGXSwitchExtendedEpidGroupRequest(aesm::message::Request* reqMsg) +{ + AESGXSwitchExtendedEpidGroupRequest* request = new AESGXSwitchExtendedEpidGroupRequest(); + aesm::message::Request::SGXSwitchExtendedEpidGroupRequest proto_req = reqMsg->sgxswitchextendedepidgroupreq(); + + request->inflateValues(proto_req.x_group_id(), proto_req.timeout()); + return request; +} + +AEMessage* ProtobufSerializer::serialize(AESGXSwitchExtendedEpidGroupRequest* request) +{ + //kill the warning + UNUSED(request); + + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Request msg; + aesm::message::Request::SGXSwitchExtendedEpidGroupRequest proto_req; + proto_req.set_x_group_id(request->GetExtendedEpidGroupId()); + proto_req.set_timeout(request->GetTimeout()); + + if (proto_req.IsInitialized()) + { + aesm::message::Request::SGXSwitchExtendedEpidGroupRequest* mutableReq = msg.mutable_sgxswitchextendedepidgroupreq(); + mutableReq->CopyFrom(proto_req); + msg.SerializeToString(&data); + msg.release_sgxswitchextendedepidgroupreq(); //free the internal object + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.c_str(), ae_msg->size); + } + delete mutableReq; + } + return ae_msg; +} + +AEMessage* ProtobufSerializer::serialize(AESGXSwitchExtendedEpidGroupResponse* response) +{ + std::string data; + AEMessage *ae_msg = NULL; + + aesm::message::Response msg; + aesm::message::Response::SGXSwitchExtendedEpidGroupResponse proto_res; + + proto_res.set_errorcode(response->GetErrorCode()); + + if (proto_res.IsInitialized()) + { + aesm::message::Response::SGXSwitchExtendedEpidGroupResponse* mutableRes = msg.mutable_sgxswitchextendedepidgroupres(); + mutableRes->CopyFrom(proto_res); + msg.SerializeToString(&data); + msg.release_sgxswitchextendedepidgroupres(); + + if (data.size() <= UINT_MAX) { + ae_msg = new AEMessage; + ae_msg->size = (unsigned int) data.size(); + ae_msg->data = new char[ae_msg->size]; + memcpy(ae_msg->data, data.data(), data.size()); + } + delete mutableRes; + } + return ae_msg; +} + +bool ProtobufSerializer::inflateResponse(AEMessage* message, AESGXSwitchExtendedEpidGroupResponse* response) +{ + std::string data((char*)message->data, message->size); + aesm::message::Response msg; + + msg.ParseFromString(data); + if (msg.has_sgxswitchextendedepidgroupres() == false) + return false; + + aesm::message::Response::SGXSwitchExtendedEpidGroupResponse proto_res = msg.sgxswitchextendedepidgroupres(); + uint32_t errorCode = proto_res.errorcode(); + response->inflateValues(errorCode); + + return true; +} diff --git a/psw/ae/data/constants/linux/default_url_info.hh b/psw/ae/data/constants/linux/default_url_info.hh index 08f6743370..1c11ac94f6 100644 --- a/psw/ae/data/constants/linux/default_url_info.hh +++ b/psw/ae/data/constants/linux/default_url_info.hh @@ -33,5 +33,6 @@ #define DEFAULT_URL "http://ps.sgx.trustedservices.intel.com:8080/" /*production backend server*/ #define DEFAULT_PSE_RL_URL "https://trustedservices.intel.com/content/CRL/" #define DEFAULT_PSE_OCSP_URL "http://trustedservices.intel.com/ocsp" +#define DEFAULT_WHITE_LIST_URL "http://trustedservices.intel.com/LCWL/Linux/white_list_to_be_verify.bin" #endif diff --git a/psw/ae/data/constants/linux/isk_pub.hh b/psw/ae/data/constants/linux/isk_pub.hh index db45bcedea..ff0c248a0b 100644 --- a/psw/ae/data/constants/linux/isk_pub.hh +++ b/psw/ae/data/constants/linux/isk_pub.hh @@ -32,15 +32,11 @@ #ifndef _ISK_PUB_HH_ #define _ISK_PUB_HH_ /* This is the x component of production public key used for EC-DSA verify for EPID Signing key. */ -const uint8_t g_sgx_isk_pubkey_x[] = { +const uint8_t g_sgx_isk_pubkey[] = { 0x26, 0x9c, 0x10, 0x82, 0xe3, 0x5a, 0x78, 0x26, 0xee, 0x2e, 0xcc, 0x0d, 0x29, 0x50, 0xc9, 0xa4, 0x7a, 0x21, 0xdb, 0xcf, 0xa7, 0x6a, 0x95, 0x92, - 0xeb, 0x2f, 0xb9, 0x24, 0x89, 0x88, 0xbd, 0xce -}; - -/* This is the y component of production public key used for EC-DSA verify. Same as upper. */ -const uint8_t g_sgx_isk_pubkey_y[] = { + 0xeb, 0x2f, 0xb9, 0x24, 0x89, 0x88, 0xbd, 0xce, 0xb8, 0xe0, 0xf2, 0x41, 0xc3, 0xe5, 0x35, 0x52, 0xbc, 0xef, 0x9c, 0x04, 0x02, 0x06, 0x48, 0xa5, 0x76, 0x10, 0x1b, 0xa4, 0x28, 0xe4, 0x8e, 0xa9, diff --git a/psw/ae/data/constants/linux/service_enclave_mrsigner.hh b/psw/ae/data/constants/linux/service_enclave_mrsigner.hh index 594b1ada25..00d09294a3 100644 --- a/psw/ae/data/constants/linux/service_enclave_mrsigner.hh +++ b/psw/ae/data/constants/linux/service_enclave_mrsigner.hh @@ -35,13 +35,23 @@ const sgx_measurement_t G_SERVICE_ENCLAVE_MRSIGNER[] = { { - { + {//MR_SIGNER of PvE provided 0xec, 0x15, 0xb1, 0x07, 0x87, 0xd2, 0xf8, 0x46, 0x67, 0xce, 0xb0, 0xb5, 0x98, 0xff, 0xc4, 0x4a, 0x1f, 0x1c, 0xb8, 0x0f, 0x67, 0x0a, 0xae, 0x5d, 0xf9, 0xe8, 0xfa, 0x9f, 0x63, 0x76, 0xe1, 0xf8 } + }, + { + {//MR_SIGNER of PCE provided + 0xC5, 0x4A, 0x62, 0xF2, 0xBE, 0x9E, 0xF7, 0x6E, + 0xFB, 0x1F, 0x39, 0x30, 0xAD, 0x81, 0xEA, 0x7F, + 0x60, 0xDE, 0xFC, 0x1F, 0x5F, 0x25, 0xE0, 0x9B, + 0x7C, 0x06, 0x7A, 0x81, 0x5A, 0xE0, 0xC6, 0xCB + } } }; -#endif +#define AE_MR_SIGNER 0 +#define PCE_MR_SIGNER 1 +#endif diff --git a/sdk/tlibc/math/w_pow10f.c b/psw/ae/data/constants/linux/xegdsk_pub.hh similarity index 72% rename from sdk/tlibc/math/w_pow10f.c rename to psw/ae/data/constants/linux/xegdsk_pub.hh index eb335fefdd..5e7afdaf0e 100644 --- a/sdk/tlibc/math/w_pow10f.c +++ b/psw/ae/data/constants/linux/xegdsk_pub.hh @@ -29,11 +29,18 @@ * */ -#include - -float -pow10f(float x) -{ - return powf(10, x); -} - +/*ECDSA key for Extended EPID Blob signing key in little endian format*/ +const sgx_ec256_public_t g_sdsk_pub_key_little_endian={ + { + 0X21, 0X6D, 0X79, 0X72, 0X46, 0X45, 0XF9, 0X3A, + 0XE3, 0X74, 0XD9, 0X39, 0X6D, 0XDA, 0XFB, 0X61, + 0XDD, 0X87, 0X57, 0X72, 0X55, 0X2C, 0XCF, 0XBF, + 0X58, 0X0D, 0X51, 0X36, 0XC4, 0X27, 0XF0, 0X63 + }, + { + 0X18, 0X68, 0X1C, 0X77, 0X27, 0X2E, 0X9B, 0XE6, + 0X25, 0X7B, 0XAC, 0XA1, 0XB9, 0X2C, 0XBF, 0X2C, + 0X84, 0X95, 0X16, 0XD6, 0XDD, 0X7F, 0XA1, 0X61, + 0XC5, 0X33, 0XBE, 0X9B, 0XFF, 0XED, 0X06, 0XAC + } +}; diff --git a/psw/ae/data/prebuilt/aesm_server_url.blob.00000000 b/psw/ae/data/prebuilt/aesm_server_url.blob.00000000 new file mode 100644 index 0000000000..2380e21c7e Binary files /dev/null and b/psw/ae/data/prebuilt/aesm_server_url.blob.00000000 differ diff --git a/psw/ae/data/prebuilt/le_prod_css.bin b/psw/ae/data/prebuilt/le_prod_css.bin index 76e8543ec6..6576f23ac0 100644 Binary files a/psw/ae/data/prebuilt/le_prod_css.bin and b/psw/ae/data/prebuilt/le_prod_css.bin differ diff --git a/psw/ae/data/prebuilt/white_list_cert_to_be_verify.bin b/psw/ae/data/prebuilt/white_list_cert_to_be_verify.bin index d573b1f47f..b016c56b53 100644 Binary files a/psw/ae/data/prebuilt/white_list_cert_to_be_verify.bin and b/psw/ae/data/prebuilt/white_list_cert_to_be_verify.bin differ diff --git a/psw/ae/inc/aeerror.h b/psw/ae/inc/aeerror.h index 929dcfddd5..b67a96a980 100644 --- a/psw/ae/inc/aeerror.h +++ b/psw/ae/inc/aeerror.h @@ -29,7 +29,6 @@ * */ - #ifndef _AE_ERROR_H_ #define _AE_ERROR_H_ @@ -86,33 +85,49 @@ typedef enum _ae_error_t{ LE_INVALID_PRIVILEGE_ERROR = 41, LE_WHITELIST_UNINITIALIZED_ERROR = 42, LE_CALC_LIC_TOKEN_ERROR = 43, + AESM_NLTP_NO_LTP_BLOB =179, + AESM_NLTP_DONT_NEED_UPDATE_PAIR_LTP =180, + AESM_NLTP_MAY_NEED_UPDATE_LTP =181, + AESM_NLTP_OLD_EPID11_RLS =182, + AESM_PCP_NEED_PSE_UPDATE =183, + AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_NEED_EPID_UPDATE =184, + AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_MIGHT_NEED_EPID_UPDATE =185, + AESM_PCP_SIMPLE_PSE_CERT_PROVISIONING_ERROR =186, + AESM_PCP_SIMPLE_EPID_PROVISION_ERROR =187, + AESM_NPC_DONT_NEED_PSEP =188, + AESM_NPC_NO_PSE_CERT =189, + AESM_NPC_DONT_NEED_UPDATE_PSEP =190, + AESM_NPC_MAY_NEED_UPDATE_PSEP =191, + AESM_NEP_DONT_NEED_EPID_PROVISIONING =192, + AESM_NEP_DONT_NEED_UPDATE_PVEQE =193, + AESM_NEP_PERFORMANCE_REKEY =194, + AESM_NEP_MAY_NEED_UPDATE =195, + AESM_CP_ATTESTATION_FAILURE =196, + AESM_LTP_PSE_CERT_REVOKED =197, + AESM_LTP_SIMPLE_LTP_ERROR =198, + AESM_PSE_PR_GET_PRIVRL_ERROR =199, + AESM_NETWORK_TIMEOUT =200, - AESM_NLTP_NO_LTP_BLOB =178, - AESM_NLTP_DONT_NEED_UPDATE_PAIR_LTP =179, - AESM_NLTP_MAY_NEED_UPDATE_LTP =180, - AESM_NLTP_OLD_EPID11_RLS =181, - AESM_PCP_NEED_PSE_UPDATE =182, - AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_NEED_EPID_UPDATE =183, - AESM_PCP_PSE_CERT_PROVISIONING_ATTESTATION_FAILURE_MIGHT_NEED_EPID_UPDATE =184, - AESM_PCP_SIMPLE_PSE_CERT_PROVISIONING_ERROR =185, - AESM_PCP_SIMPLE_EPID_PROVISION_ERROR =186, - AESM_NPC_DONT_NEED_PSEP =187, - AESM_NPC_NO_PSE_CERT =188, - AESM_NPC_DONT_NEED_UPDATE_PSEP =189, - AESM_NPC_MAY_NEED_UPDATE_PSEP =190, - AESM_NEP_DONT_NEED_EPID_PROVISIONING =191, - AESM_NEP_DONT_NEED_UPDATE_PVEQE =192, - AESM_NEP_PERFORMANCE_REKEY =193, - AESM_NEP_MAY_NEED_UPDATE =194, - AESM_CP_ATTESTATION_FAILURE =195, - AESM_LTP_PSE_CERT_REVOKED =196, - AESM_LTP_SIMPLE_LTP_ERROR =197, - AESM_PSE_PR_GET_PRIVRL_ERROR =198, - AESM_NETWORK_TIMEOUT =199, + PSW_UPDATE_REQUIRED =201, + AESM_AE_OUT_OF_EPC =202, - AE_SERVICE_NOT_AVAILABLE =200, + PVE_PROV_ATTEST_KEY_NOT_FOUND =203, + PVE_INVALID_REPORT =204, + PVE_XEGDSK_SIGN_ERROR =205, - PSW_UPDATED_REQUIRED =201 + // PCE ERROR CODES + PCE_UNEXPECTED_ERROR =206, + PCE_INVALID_PRIVILEGE =207, + PCE_INVALID_REPORT =208, + + LE_WHITE_LIST_QUERY_BUSY =209, + AESM_AE_NO_DEVICE =210, + EXTENDED_GROUP_NOT_AVAILABLE =211, + + // MORE PSE_OP ERROR CASES + PSE_OP_ERROR_KDF_MISMATCH =212, + + LE_WHITE_LIST_HAS_BEEN_UPDATED =213, } ae_error_t; #define AE_FAILED(x) (AE_SUCCESS != (x)) diff --git a/psw/ae/inc/internal/aesm_error.h b/psw/ae/inc/internal/aesm_error.h index 02b87fe485..1b8cedccd7 100644 --- a/psw/ae/inc/internal/aesm_error.h +++ b/psw/ae/inc/internal/aesm_error.h @@ -65,6 +65,8 @@ typedef enum _aesm_error_t AESM_PLATFORM_INFO_BLOB_INVALID_SIG = 26, AESM_SERVICE_NOT_AVAILABLE = 27, AESM_KDF_MISMATCH = 28, + AESM_OUT_OF_EPC = 29, + AESM_SERVICE_UNAVAILABLE = 30 } aesm_error_t; #endif diff --git a/psw/ae/inc/internal/epid_pve_type.h b/psw/ae/inc/internal/epid_pve_type.h index 2d2a4fbeab..136cda0c3b 100644 --- a/psw/ae/inc/internal/epid_pve_type.h +++ b/psw/ae/inc/internal/epid_pve_type.h @@ -51,6 +51,7 @@ #define SK_CMAC_KEY_LEN IppsRijndaelKey128 #define XID_SIZE 8 /*length in bytes of transaction id*/ #define NONCE_SIZE 8 /*length in bytes of Nonce R in ProvMsg*/ +#define NONCE_2_SIZE 16 /*length in bytes of Nonce in ProvMsg3*/ #define CHALLENGE_NONCE_SIZE 32 /*length in bytes of Challenge nonce in ProvMsg2*/ #define PPID_SIZE sizeof(ppid_t) /*16*/ #define PSVN_SIZE sizeof(psvn_t) /*18*/ @@ -60,7 +61,6 @@ #define PSID_SIZE sizeof(psid_t) /*64*/ #define JOIN_PROOF_SIZE sizeof(JoinRequest) #define BLIND_ESCROW_SIZE sizeof(blind_escrow_data_t) -#define EPID_KEY_MEMBER_SIZE 16 /*the length in bytes of X,A,F in private key*/ #define PEK_PUB ((uint8_t)0) #define PEK_PRIV ((uint8_t)1) @@ -68,8 +68,12 @@ #define ECDSA_SIGN_SIZE 32 /*This is the size of biginteger for ECDSA signature appended at the end of SIG-RL and the total signature size is size of two such kind of integer*/ #define PVE_RSA_KEY_BITS 2048 #define PVE_RSA_KEY_BYTES (PVE_RSA_KEY_BITS/8) +#define PVE_RSA_SEED_SIZE 32 -#pragma pack(1) +#define XEGB_SIZE 456 /*hardcoded size of extended_epid_group_blob_t*/ +#define XEGB_FORMAT_ID 0x0100 /*hardcoded format id in extended_epid_group_blob to be 16bits bigendian 1*/ + +#pragma pack(push, 1) /*Define some structure will be used in TLV payload. Make sure the alignment of all of them is 1 since they'll be used in an unaligned buffer type for Platform Provisioning Identifier, it could be calculated inside PvE*/ typedef struct _ppid_t{ @@ -85,10 +89,10 @@ typedef struct _psid_t{ uint8_t psid[32]; }psid_t; -/*type for Platform Security Version Numbers. Data structure without alignment required. */ +/*Data structure without alignment required. */ typedef struct _psvn_t{ sgx_cpu_svn_t cpu_svn; - sgx_isv_svn_t isv_svn; //PvE SVN + sgx_isv_svn_t isv_svn; /*PvE/QE SVN*/ }psvn_t; /*type for the optional Flags in ProvMsg1. Currently only the 1st bit is defined for performance rekey flag*/ @@ -96,6 +100,13 @@ typedef struct _flags_t{ uint8_t flags[16]; }flags_t; +typedef struct _bk_platform_info_t{ + sgx_cpu_svn_t cpu_svn; + sgx_isv_svn_t pve_svn; + sgx_isv_svn_t pce_svn; + uint16_t pce_id; + fmsp_t fmsp; +}bk_platform_info_t; /*type for EpidVersion used in Epid Data which is two bytes big endian integer*/ typedef struct _epid_version_t{ uint8_t data[2]; @@ -106,7 +117,7 @@ typedef struct _epid_type_t{ uint8_t data[2]; }epid_type_t; -/*Type for Epid Group Public Cert*/ +/*Type for signed Epid Group Public Cert*/ typedef struct _signed_epid_group_cert_t{ epid_version_t version; epid_type_t type; @@ -114,35 +125,36 @@ typedef struct _signed_epid_group_cert_t{ uint8_t intel_signature[2*ECDSA_SIGN_SIZE]; }signed_epid_group_cert_t; +#define PEK_MOD_SIZE 256 typedef struct _signed_pek_t{ - uint8_t n[256]; + uint8_t n[PEK_MOD_SIZE]; uint8_t e[4]; uint8_t sha1_ne[20]; uint8_t pek_signature[2*ECDSA_SIGN_SIZE]; uint8_t sha1_sign[20]; }signed_pek_t; -/*Type for an Blind Escrow Data which is used in provisioning message 3 and message 4. +/*Type for Blind Escrow Data which is used in provisioning message 3 and message 4. The data structure is only used by PvE*/ typedef struct _blind_escrow_data_t{ uint32_t version; - uint8_t iv[IV_SIZE]; + uint8_t iv[IV_SIZE]; PElemStr f; - uint8_t mac[MAC_SIZE]; + uint8_t mac[MAC_SIZE]; }blind_escrow_data_t; /*The Join Proof with Escrow data in provisioning message 3*/ typedef struct _join_proof_with_escrow_t{ - JoinRequest jr; + JoinRequest jr; blind_escrow_data_t escrow; }join_proof_with_escrow_t; /*The Membership Credential with Escrow Data used in provisioning message 4*/ -typedef struct _membertship_credential_with_escrow_t{ - PElemStr x; - G1ElemStr A; +typedef struct _membership_credential_with_escrow_t{ + PElemStr x; + G1ElemStr A; blind_escrow_data_t escrow; -}membertship_credential_with_escrow_t; +}membership_credential_with_escrow_t; /*The Device ID structure used in Provisioning message*/ typedef struct _device_id_t{ @@ -151,29 +163,42 @@ typedef struct _device_id_t{ fmsp_t fmsp; }device_id_t; -#define EPID_KEY_BLOB_VERSION 1 -#define PVE_SEAL_EPID_KEY_BLOB 0 +#define EPID_KEY_BLOB_VERSION_PAK 2 +#define PVE_SEAL_EPID_KEY_BLOB 0 -#pragma pack(push, 1) typedef struct _se_secret_epid_data_t { PrivKey epid_private_key; }se_secret_epid_data_t; -typedef struct _se_plaintext_epid_data_t { - uint8_t seal_blob_type; /*Encalve-specific Sealblob Type, for 2015 PvE/QE, only one Sealblob type defined: PVE_SEAL_EPID_KEY_BLOB=0*/ - uint8_t epid_key_version;/*epid key version should be EPID_KEY_BLOB_VERSION=1*/ - sgx_cpu_svn_t equiv_cpu_svn; - sgx_isv_svn_t equiv_isv_svn; - EPID2Params epid_param_cert; - GroupPubKey epid_group_cert; -}se_plaintext_epid_data_t; +/*From beginning to field epid_group_cert, se_plaintext_epid_data_pak_t should has same layout as se_plaintext_epid_data_t*/ +typedef struct _se_plaintext_epid_data_pak_t { + uint8_t seal_blob_type; /*Encalve-specific Sealblob Type, for 2015 PvE/QE, only one Sealblob type defined: PVE_SEAL_EPID_KEY_BLOB=0*/ + uint8_t epid_key_version;/*seal_blob_type specific version number, should be EPID_KEY_BLOB_VERSION_PAK(_NPC). 2 or 3*/ + sgx_cpu_svn_t equiv_cpu_svn; + sgx_isv_svn_t equiv_pve_isv_svn; + EPID2Params epid_param_cert; + GroupPubKey epid_group_cert; + uint8_t qsdk_exp[4]; /*little endian*/ + uint8_t qsdk_mod[PVE_RSA_KEY_BYTES];/*little endian*/ + uint8_t epid_sk[2*ECDSA_SIGN_SIZE]; /*little endian*/ + uint32_t xeid; /*ExtEPIDGroup ID, little endian*/ +}se_plaintext_epid_data_pak_t; + +typedef struct _extended_epid_group_blob_t{ + uint16_t format_id; /*fixed bigendian 1*/ + uint16_t data_length; /*bigendian length for fields after it and not including signature*/ + uint32_t xeid; /*ExtEPIDGroup ID, little endian*/ + uint8_t epid_sk[2*ECDSA_SIGN_SIZE];/*ecdsa public key for EPID sign Key in little endian*/ + uint8_t pek_sk[2*ECDSA_SIGN_SIZE]; /*ecdsa public key for PEKSK in little endian*/ + uint8_t qsdk_exp[4]; /*exponient of RSA key for QSDK, little endian*/ + uint8_t qsdk_mod[PVE_RSA_KEY_BYTES];/*Modulus of RSA key for QSDK. current it is 2048 bits, little endian*/ + uint8_t signature[2*ECDSA_SIGN_SIZE];/*ECDSA signature of the data, big endian*/ +}extended_epid_group_blob_t; + +#define EXTENDED_EPID_GROUP_BLOB_DATA_LEN ((uint32_t)(sizeof(uint32_t)+4*(ECDSA_SIGN_SIZE)+4+(PVE_RSA_KEY_BYTES))) + +#define SGX_TRUSTED_EPID_BLOB_SIZE_PAK (sizeof(sgx_sealed_data_t)+sizeof(se_secret_epid_data_t)+sizeof(se_plaintext_epid_data_pak_t)) #pragma pack(pop) - -#define SGX_TRUSTED_EPID_BLOB_SIZE (sgx_calc_sealed_data_size( \ - sizeof(se_plaintext_epid_data_t), \ - sizeof(se_secret_epid_data_t))) - -#pragma pack() #endif diff --git a/sdk/tlibc/math/w_pow10.c b/psw/ae/inc/internal/pce_cert.h similarity index 79% rename from sdk/tlibc/math/w_pow10.c rename to psw/ae/inc/internal/pce_cert.h index cc63e92e58..b2b6978139 100644 --- a/sdk/tlibc/math/w_pow10.c +++ b/psw/ae/inc/internal/pce_cert.h @@ -28,12 +28,24 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ +#ifndef _PCE_CERT_H_ +#define _PCE_CERT_H_ +#include "se_types.h" +#include "sgx_tcrypto.h" +#include "epid_pve_type.h" +const uint16_t CUR_PCE_ID = 0; -#include +/*crypto_suite*/ +#define ALG_RSA_OAEP_2048 0 -double -pow10(double x) -{ - return pow(10, x); -} +/*signature_scheme*/ +#define NIST_P256_ECDSA_SHA256 0 + +/*type for Platform Certificate Enclave information*/ +typedef struct _pce_info_t{ + sgx_isv_svn_t pce_isvn; /*PCE ISVSVN*/ + uint16_t pce_id; +}pce_info_t; + +#endif diff --git a/psw/ae/inc/internal/pek_pub_key.h b/psw/ae/inc/internal/pek_pub_key.h index 624fd5e869..af2b690f21 100644 --- a/psw/ae/inc/internal/pek_pub_key.h +++ b/psw/ae/inc/internal/pek_pub_key.h @@ -37,6 +37,8 @@ #include "epid_pve_type.h" -sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, uint8_t *result); +sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, const sgx_ec256_public_t* pek_sk, uint8_t *result); +sgx_status_t verify_xegb(const extended_epid_group_blob_t& xegb, uint8_t *result); +sgx_status_t verify_xegb_with_default(const extended_epid_group_blob_t& xegb, uint8_t *result, extended_epid_group_blob_t& out_xegb); #endif diff --git a/psw/ae/inc/internal/provision_msg.h b/psw/ae/inc/internal/provision_msg.h index 33f466d3e8..c3abac8511 100644 --- a/psw/ae/inc/internal/provision_msg.h +++ b/psw/ae/inc/internal/provision_msg.h @@ -42,8 +42,9 @@ #include "epid_pve_type.h" #include "sgx_tseal.h" +#include "sgx_report.h" -//error code definition +/*error code definition*/ typedef enum _pve_status_t { PVEC_SUCCESS = 0, @@ -57,113 +58,92 @@ typedef enum _pve_status_t PVEC_IPP_ERROR, PVEC_MSG_ERROR, PVEC_PEK_SIGN_ERROR, + PVEC_XEGDSK_SIGN_ERROR, PVEC_INTEGER_OVERFLOW_ERROR, PVEC_SEAL_ERROR, PVEC_EPID_ERROR, - PVEC_SESSION_OUT_OF_ORDER_ERROR, PVEC_REVOKED_ERROR, PVEC_UNSUPPORTED_VERSION_ERROR, PVEC_INVALID_CPU_ISV_SVN, PVEC_INVALID_EPID_KEY, - PVEC_UNEXPECTED_ERROR //unknown error which should never happen, it indicates there're internal logical error in PvE's code + PVEC_UNEXPECTED_ERROR /*unknown error which should never happen, it indicates there're internal logical error in PvE's code*/ }pve_status_t; -//State inside PvE +/*State inside PvE*/ typedef enum _prov_stage_t { - PVE_STAGE_IDLE, //waiting for ProvMsg1 - PVE_STAGE_WAIT_FOR_GET_EK2, //waiting for get ek2 after processing msg1 - PVE_STAGE_WAIT_FOR_MSG2_OR_MSG4, //waiting for ProvMsg2 or ProvMsg4 after getting ek2 - PVE_STAGE_WAIT_FOR_MSG4, //waiting for ProvMsg4 only + PVE_STAGE_IDLE, /*waiting for ProvMsg1*/ + PVE_STAGE_WAIT_FOR_GET_EK2, /*waiting for get ek2 after processing msg1*/ + PVE_STAGE_WAIT_FOR_MSG2_OR_MSG4, /*waiting for ProvMsg2 or ProvMsg4 after getting ek2*/ + PVE_STAGE_WAIT_FOR_MSG4, /*waiting for ProvMsg4 only*/ }prov_stage_t; -#define PVE_RSAOAEP_ENCRYPT_MAXLEN (PVE_RSA_KEY_BYTES - 2*SHA_SIZE_BIT/8 - 2) //190 bytes at most +#define PVE_RSAOAEP_ENCRYPT_MAXLEN (PVE_RSA_KEY_BYTES - 2*SHA_SIZE_BIT/8 - 2) /*190 bytes at most*/ -//macro definition for RSA-OAE algorithm -//SHA-256 will be used for the hash generation +/*macro definition for RSA-OAE algorithm + SHA-256 will be used for the hash generation*/ #define SHA_SIZE_BIT 256 -#define MSG1_FIELD1_MAX_PAYLOAD_SIZE (4+PPID_SIZE+FMSP_SIZE+PSVN_SIZE+4+FLAGS_SIZE) -#define HARD_CODED_EPID_BLOB_SIZE (sizeof(sgx_sealed_data_t)+sizeof(se_secret_epid_data_t)+sizeof(se_plaintext_epid_data_t)) #define pointer_diff_u32(p1, p2) static_cast(p1-p2) #pragma pack(1) -//output information from PvE for AESM to generated ProvMsg1 -typedef struct _prov_msg1_output_t{ - uint32_t field1_data_size; //size of field1_data, it will be no more than MSG1_FIELD1_MAX_PAYLOAD_SIZE - uint8_t xid[XID_SIZE]; //The random transaction id which will be generated inside Enclave - uint8_t field0[PVE_RSA_KEY_BYTES]; //field0 of Msg1 generated inside PvE encrypted by RSA-OAEP, that's SK TLV:PSID TLV - uint8_t field1_iv[IV_SIZE]; //The random IV used to encrypt field1 of Msg1 by aes-gcm - //field1 before encryption is DeviceIDTlV[:FlagTLV] - uint8_t field1_data[MSG1_FIELD1_MAX_PAYLOAD_SIZE];//The encrypted field1 of Msg1 by aes-gcm, the size in byte is indicated by field1_data - uint8_t field1_mac[MAC_SIZE]; //The generated mac value of field1 of Msg1 by aes-gcm -}prov_msg1_output_t; -//input information to generate EK2 by PvE -typedef struct _prov_get_ek2_input_t{ - uint8_t xid[XID_SIZE]; //The transaction Id - uint8_t nonce[NONCE_SIZE]; //The nonce_r from ProvMsg2 or ProvMsg4 -}prov_get_ek2_input_t; - -//Ek2 generated by PvE -typedef struct _prov_get_ek2_output_t{ - uint8_t ek2[SK_SIZE]; -}prov_get_ek2_output_t; - -//input information for PvE to decode data from ProvMsg2 +/*input information for PvE to decode data from ProvMsg2*/ typedef struct _proc_prov_msg2_blob_input_t{ - signed_epid_group_cert_t group_cert; //ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg2 - uint8_t challenge_nonce[CHALLENGE_NONCE_SIZE]; //The challenge nonce from ProvMsg2 - psvn_t equivalent_psvn; //The Equivalent PSVN which contains ISVN and Equivalent CPUSVN - psvn_t previous_psvn; //an optional PSVN for Sigrl corresponding to previous EPID (if we upgrade TCB or performance rekey) - fmsp_t fmsp; //fmsp passing in ProvMsg2 from Provisioning Backend server - GroupID previous_gid; //optional previous_gid if previous_psvn is provided - uint8_t old_epid_data_blob[HARD_CODED_EPID_BLOB_SIZE]; //optional old epid data blob corresponding to previous EPID - uint8_t tcb_iv[IV_SIZE]; //The random IV to decode TIK - uint8_t encrypted_tcb[SK_SIZE]; //It's TIK1, the aesm-gcm encrypted TIK by aes-gcm - uint8_t tcb_mac[MAC_SIZE]; //The mac value to check the integrity of TIK1 - uint8_t is_previous_psvn_provided;//both previous_psvn and old_epid_data_blob should be provided if it is true and prev gid must be provided too + signed_epid_group_cert_t group_cert; /*ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg2*/ + extended_epid_group_blob_t xegb; + signed_pek_t pek; + sgx_target_info_t pce_target_info; + uint8_t challenge_nonce[CHALLENGE_NONCE_SIZE]; /*The challenge nonce from ProvMsg2*/ + bk_platform_info_t equiv_pi; /*The Equivalent platform_info*/ + bk_platform_info_t previous_pi; /*an optional platform_info for Sigrl correpondent to previous EPID (if we upgrade TCB or performance rekey)*/ + GroupID previous_gid; /*optional previous_gid if previous_psvn is provided*/ + uint8_t old_epid_data_blob[SGX_TRUSTED_EPID_BLOB_SIZE_PAK]; /*optional old epid data blob correpondent to previous EPID*/ + uint8_t is_previous_pi_provided; /*both previous_platform_info and old_epid_data_blob should be provided if it is true and prev gid must be provided too*/ }proc_prov_msg2_blob_input_t; #define HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE (4+sizeof(join_proof_with_escrow_t)) -#define HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE (4+sizeof(membertship_credential_with_escrow_t)) +#define HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE (4+sizeof(membership_credential_with_escrow_t)) -//output information from PvE for AESM to generate ProvMsg3 +/*output information from PvE for AESM to generate ProvMsg3*/ typedef struct _gen_prov_msg3_output_t{ - uint8_t field1_iv[IV_SIZE]; //The random generated IV for aes-gcm encryption of join proof and escrow data - uint8_t field1_data[HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE]; //The encrypted join proof and escrow data TLV by aes-gcm - uint8_t field1_mac[MAC_SIZE]; //The corresponding mac value of previous encrypted data - uint8_t epid_sig_iv[IV_SIZE]; //The random generated IV for aes-gcm encryption of EPIDSignature if available - uint8_t epid_sig_mac[MAC_SIZE];//The corresponding mac value for encrypted EPIDSignature if available - uint32_t epid_sig_output_size; //The size of EPIDSignature if available - uint8_t is_join_proof_generated; //boolean value to tell whether join proof and escrow data is generated. The first three fields in this structure will be invalid if this field is false - uint8_t is_epid_sig_generated; //boolean value to tell whether EpidSignature is generated - //If it is false, the epid_sig_iv/mac/output_size are all invalid + uint8_t field1_iv[IV_SIZE]; /*The random generated IV for aes-gcm encryption of join proof and escrow data*/ + uint8_t field1_data[HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE]; /*The encrypted join proof and escrow data TLV by aes-gcm*/ + uint8_t field1_mac[MAC_SIZE]; /*The corresponding mac value of previous encrypted data*/ + uint8_t n2[NONCE_2_SIZE]; + uint8_t epid_sig_iv[IV_SIZE]; /*The random generated IV for aes-gcm encryption of EPIDSignature if available*/ + uint8_t epid_sig_mac[MAC_SIZE];/*The corresponding mac value for encrypted EPIDSignature if available*/ + uint8_t encrypted_pwk2[PEK_MOD_SIZE]; + sgx_report_t pwk2_report; + uint32_t epid_sig_output_size; /*The size of EPIDSignature if available*/ + uint8_t is_join_proof_generated;/*boolean value to tell whether join pro[of and escrow data is generated. The first three fields in this structure will be invalid if this field is false*/ + uint8_t is_epid_sig_generated; /*boolean value to tell whether EpidSignature is generated*/ + /*If it is false, the epid_sig_iv/mac/output_size are all invalid*/ }gen_prov_msg3_output_t; -//input information for PvE to decode data from ProvMsg4 and generate EPID Data Blob +/*input information for PvE to decode data from ProvMsg4 and generate EPID Data Blob*/ typedef struct _proc_prov_msg4_input_t{ - uint8_t tcb_iv[IV_SIZE]; //The random IV to decode TIK - uint8_t encrypted_tcb[SK_SIZE]; //It's TIK1, the aes-gcm encrypted TIK by aes-gcm - uint8_t tcb_mac[MAC_SIZE]; //The mac value to check the integrity of TIK1 - uint8_t member_credential_iv[IV_SIZE]; //The random IV to decode member credential and escrow data TLV - uint8_t encrypted_member_credential[HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE]; //The encrypted member credential and escrow data TLV by aes-gcm - uint8_t member_credential_mac[MAC_SIZE]; //The mac value of previous field - psvn_t equivalent_psvn; //An equivalent PSVN including ISVN and equivalent CPUSVN - fmsp_t fmsp; //The fmsp from provisioning backend server - signed_epid_group_cert_t group_cert;//ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg4 + extended_epid_group_blob_t xegb; + uint8_t member_credential_iv[IV_SIZE]; /*The random IV to decode member credential and escrow data TLV*/ + uint8_t encrypted_member_credential[HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE]; /*The encrypted member credential and escrow data TLV by aes-gcm*/ + uint8_t member_credential_mac[MAC_SIZE];/*The mac value of previous field*/ + uint8_t n2[NONCE_2_SIZE]; + psvn_t equivalent_psvn; /*An equivalent PSVN including ISVN and equivalent CPUSVN*/ + fmsp_t fmsp; /*The fmsp from provisioning backend server*/ + signed_epid_group_cert_t group_cert; /*ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg4*/ }proc_prov_msg4_input_t; -//The EPID Data Blob generated by PvE in processing ProvMsg4 data +/*The EPID Data Blob generated by PvE in processing ProvMsg4 data*/ typedef struct _proc_prov_msg4_output_t{ - uint8_t truested_epid_blob[HARD_CODED_EPID_BLOB_SIZE]; + uint8_t truested_epid_blob[SGX_TRUSTED_EPID_BLOB_SIZE_PAK]; }proc_prov_msg4_output_t; -//output data of PvE to generate End Point Selection TLV +/*output data of PvE to generate End Point Selection TLV*/ typedef struct _gen_endpoint_selection_output_t{ uint8_t xid[XID_SIZE]; uint8_t selector_id; }gen_endpoint_selection_output_t; + #pragma pack() #define PSVN_START_IN_DEVICE_ID sizeof(ppid_t) diff --git a/psw/ae/inc/internal/pve_qe_common.h b/psw/ae/inc/internal/pve_qe_common.h index 96d5cb9084..ec72523c92 100644 --- a/psw/ae/inc/internal/pve_qe_common.h +++ b/psw/ae/inc/internal/pve_qe_common.h @@ -41,10 +41,6 @@ extern "C" { #endif -extern const uint8_t g_sgx_isk_pubkey_x[SGX_ECP256_KEY_SIZE]; - -extern const uint8_t g_sgx_isk_pubkey_y[SGX_ECP256_KEY_SIZE]; - IppStatus new_std_256_ecp(IppsECCPState **pp_new_ecp); void secure_free_std_256_ecp(IppsECCPState *p_ecp); diff --git a/psw/ae/inc/internal/tlv_common.h b/psw/ae/inc/internal/tlv_common.h index ccf193de83..4102301677 100644 --- a/psw/ae/inc/internal/tlv_common.h +++ b/psw/ae/inc/internal/tlv_common.h @@ -75,6 +75,9 @@ typedef enum _tlv_enum_type_t{ TLV_SIGNATURE, /* End-point Selection Protocol TLVs*/ TLV_PEK, + TLV_PLATFORM_INFO, + TLV_PWK2, + TLV_SE_REPORT }tlv_enum_type_t; /*here comes general type and macro definition for AESM related Server URL which will be shared by code in other components*/ @@ -83,7 +86,8 @@ typedef enum _aesm_network_server_enum_type_t{ PSE_PROVISIONING, ENDPOINT_SELECTION, REVOCATION_LIST_RETRIEVAL, - PSE_OCSP + PSE_OCSP, + SGX_WHITE_LIST_FILE }aesm_network_server_enum_type_t; typedef enum _pve_msg_type_t @@ -136,7 +140,11 @@ enum _se_protocol_response_status_t SE_PRS_OK, SE_PRS_PLATFORM_REVOKED, SE_PRS_STATUS_INTEGRITY_FAILED, - SE_PRS_PERFORMANCE_REKEY_NOT_SUPPORTED + SE_PRS_PERFORMANCE_REKEY_NOT_SUPPORTED, + SE_PRS_PROVISIONING_ERROR, + SE_PRS_INVALID_REQUEST, + SE_PRS_PROV_ATTEST_KEY_NOT_FOUND, + SE_PRS_INVALID_REPORT }; typedef uint16_t pse_protocol_response_status_t; @@ -182,6 +190,7 @@ typedef struct _provision_response_header_t{ #define GET_TYPE_FROM_PROVISION_RESPONSE(resp) (((const provision_response_header_t *)(resp))->type) #define TLV_VERSION_1 1 +#define TLV_VERSION_2 2 #endif diff --git a/psw/ae/le/config_debug.xml b/psw/ae/le/config_debug.xml deleted file mode 100644 index 7a66a6d111..0000000000 --- a/psw/ae/le/config_debug.xml +++ /dev/null @@ -1,12 +0,0 @@ - - 1 - 0 - 1 - 0x20 - 1 - 1 - 1 - 0x2000 - 0xb000 - 0x1 - diff --git a/psw/ae/pce/pce.edl b/psw/ae/pce/pce.edl new file mode 100644 index 0000000000..426bbc1332 --- /dev/null +++ b/psw/ae/pce/pce.edl @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave{ + include "pce_cert.h" + include "sgx_report.h" + trusted { + public uint32_t get_pc_info([in]const sgx_report_t *report, + [in, size=key_size]const uint8_t *public_key, uint32_t key_size, + uint8_t crypto_suite, + [out, size=encrypted_ppid_buf_size]uint8_t *encrypted_ppid, uint32_t encrypted_ppid_buf_size, + [out]uint32_t *encrypted_ppid_out_size, + [out]pce_info_t *pce_info, + [out] uint8_t *signature_scheme); + + public uint32_t certify_enclave([in]const psvn_t *cert_psvn, + [in]const sgx_report_t *report, + [out, size=signature_buf_size]uint8_t *signature, uint32_t signature_buf_size, + [out]uint32_t *signature_out_size); + }; +}; \ No newline at end of file diff --git a/psw/ae/pve/provision_enclave.edl b/psw/ae/pve/provision_enclave.edl index 356d68888a..87d78ad383 100644 --- a/psw/ae/pve/provision_enclave.edl +++ b/psw/ae/pve/provision_enclave.edl @@ -32,15 +32,13 @@ enclave{ include "provision_msg.h" trusted { - public uint32_t gen_prov_msg1_data_wrapper([in]const psvn_t *psvn, - [in]const signed_pek_t *pek, - uint8_t performance_rekey_flag, - [out] prov_msg1_output_t *msg1_output); - - public uint32_t get_ek2_wrapper([in] const prov_get_ek2_input_t *input, - [out] prov_get_ek2_output_t *ek2); + public uint32_t gen_prov_msg1_data_wrapper([in]const extended_epid_group_blob_t *xegb, + [in]const signed_pek_t *pek, + [in]const sgx_target_info_t *pce_target_info, + [out]sgx_report_t *msg1_output); public uint32_t proc_prov_msg2_data_wrapper([in]const proc_prov_msg2_blob_input_t *msg2_input, + uint8_t performance_rekey_used, [user_check]const uint8_t *sigrl, uint32_t sigrl_size,//optional input sigrl in external memory [out] gen_prov_msg3_output_t *msg3_fixed_output, [user_check]uint8_t *epid_sig, uint32_t epid_sig_buffer_size);//optional output epid signature in external memory directly diff --git a/psw/ae/qe/quoting_enclave.edl b/psw/ae/qe/quoting_enclave.edl index 426736e6ba..a67655b840 100644 --- a/psw/ae/qe/quoting_enclave.edl +++ b/psw/ae/qe/quoting_enclave.edl @@ -48,6 +48,6 @@ include "sgx_quote.h" uint32_t sig_rl_size, [out] sgx_report_t *qe_report, [user_check] uint8_t *p_quote, // Quote is also big, we should output it in piece meal. - uint32_t quote_size); + uint32_t quote_size, sgx_isv_svn_t pce_isvnsvn); }; }; diff --git a/psw/uae_service/linux/Makefile b/psw/uae_service/linux/Makefile index 5771ae8ac9..a3aad4e284 100644 --- a/psw/uae_service/linux/Makefile +++ b/psw/uae_service/linux/Makefile @@ -93,6 +93,14 @@ IPC_SRC := AECloseSessionRequest.cpp \ AEReportAttestationResponse.cpp \ ProtobufSerializer.cpp \ AEGetLaunchTokenRequest.cpp \ + AEGetWhiteListSizeRequest.cpp \ + AEGetWhiteListSizeResponse.cpp \ + AEGetWhiteListRequest.cpp \ + AEGetWhiteListResponse.cpp \ + AESGXGetExtendedEpidGroupIdRequest.cpp \ + AESGXGetExtendedEpidGroupIdResponse.cpp \ + AESGXSwitchExtendedEpidGroupRequest.cpp \ + AESGXSwitchExtendedEpidGroupResponse.cpp \ SocketTransporter.cpp \ AEGetLaunchTokenResponse.cpp \ UnixCommunicationSocket.cpp \ diff --git a/psw/uae_service/sgx_uae_service.cpp b/psw/uae_service/sgx_uae_service.cpp index 89b5304433..b85fab489c 100644 --- a/psw/uae_service/sgx_uae_service.cpp +++ b/psw/uae_service/sgx_uae_service.cpp @@ -53,6 +53,10 @@ #define SE_GET_PS_CAP_TIMEOUT_MSEC (IPC_LATENCY) #define SE_REPORT_REMOTE_ATTESTATION_FAILURE_TIMEOUT_MSEC (IPC_LATENCY) +#define GET_WHITE_LIST_SIZE_MSEC (IPC_LATENCY) +#define GET_WHITE_LIST_MSEC (IPC_LATENCY) +#define SGX_GET_EXTENDED_GROUP_ID_MSEC (IPC_LATENCY) +#define SGX_SWITCH_EXTENDED_GROUP_MSEC (IPC_LATENCY) extern "C" { sgx_status_t get_launch_token( @@ -85,6 +89,9 @@ sgx_status_t get_launch_token( case AESM_GET_LICENSETOKEN_ERROR: mapped = SGX_ERROR_SERVICE_INVALID_PRIVILEGE; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; default: mapped = SGX_ERROR_UNEXPECTED; } @@ -129,6 +136,9 @@ sgx_status_t sgx_init_quote( case AESM_SGX_PROVISION_FAILED: mapped = SGX_ERROR_UNEXPECTED; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; default: mapped = SGX_ERROR_UNEXPECTED; } @@ -186,6 +196,9 @@ sgx_status_t sgx_get_quote( case AESM_SGX_PROVISION_FAILED: mapped = SGX_ERROR_UNEXPECTED; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; default: mapped = SGX_ERROR_UNEXPECTED; } @@ -265,6 +278,12 @@ sgx_status_t sgx_report_attestation_status( case AESM_PLATFORM_INFO_BLOB_INVALID_SIG: mapped = SGX_ERROR_INVALID_PARAMETER; break; + case AESM_EPIDBLOB_ERROR: + mapped = SGX_ERROR_AE_INVALID_EPIDBLOB; + break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; case AESM_SGX_PROVISION_FAILED: default: mapped = SGX_ERROR_UNEXPECTED; @@ -308,6 +327,9 @@ sgx_status_t create_session_ocall( case AESM_SERVICE_NOT_AVAILABLE: mapped = SGX_ERROR_SERVICE_UNAVAILABLE; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; case AESM_MSG_ERROR: default: mapped = SGX_ERROR_UNEXPECTED; @@ -356,6 +378,9 @@ sgx_status_t exchange_report_ocall( case AESM_SERVICE_NOT_AVAILABLE: mapped = SGX_ERROR_SERVICE_UNAVAILABLE; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; default: mapped = SGX_ERROR_UNEXPECTED; } @@ -393,6 +418,9 @@ sgx_status_t close_session_ocall( case AESM_SERVICE_NOT_AVAILABLE: mapped = SGX_ERROR_SERVICE_UNAVAILABLE; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; default: mapped = SGX_ERROR_UNEXPECTED; } @@ -436,6 +464,9 @@ sgx_status_t invoke_service_ocall( case AESM_SERVICE_NOT_AVAILABLE: mapped = SGX_ERROR_SERVICE_UNAVAILABLE; break; + case AESM_OUT_OF_EPC: + mapped = SGX_ERROR_OUT_OF_EPC; + break; case AESM_MSG_ERROR: default: mapped = SGX_ERROR_UNEXPECTED; @@ -446,6 +477,132 @@ sgx_status_t invoke_service_ocall( return mapped; } + +sgx_status_t sgx_get_whitelist_size( + uint32_t* p_whitelist_size) +{ + if (p_whitelist_size == NULL) + return SGX_ERROR_INVALID_PARAMETER; + + aesm_error_t result = AESM_UNEXPECTED_ERROR; + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + ret = oal_get_whitelist_size(p_whitelist_size, GET_WHITE_LIST_SIZE_MSEC*1000, &result); + + //common mappings + sgx_status_t mapped = oal_map_status(ret); + if (mapped != SGX_SUCCESS) + return mapped; + + mapped = oal_map_result(result); + if (mapped != SGX_SUCCESS) + { + //operation specific mapping + if (mapped == SGX_ERROR_UNEXPECTED && result != AESM_UNEXPECTED_ERROR) + { + switch (result) + { + default: + mapped = SGX_ERROR_UNEXPECTED; + } + } + } + + return mapped; +} + + +sgx_status_t sgx_get_whitelist( + uint8_t* p_whitelist, + uint32_t whitelist_size) +{ + if (p_whitelist == NULL || whitelist_size == 0) + return SGX_ERROR_INVALID_PARAMETER; + + aesm_error_t result = AESM_UNEXPECTED_ERROR; + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + + ret = oal_get_whitelist(p_whitelist, whitelist_size, GET_WHITE_LIST_MSEC*1000, &result); + + //common mappings + sgx_status_t mapped = oal_map_status(ret); + if (mapped != SGX_SUCCESS) + return mapped; + + mapped = oal_map_result(result); + if (mapped != SGX_SUCCESS) + { + //operation specific mapping + if (mapped == SGX_ERROR_UNEXPECTED && result != AESM_UNEXPECTED_ERROR) + { + switch (result) + { + default: + mapped = SGX_ERROR_UNEXPECTED; + } + } + } + + return mapped; +} + +sgx_status_t sgx_get_extended_epid_group_id( + uint32_t* p_extended_epid_group_id) +{ + if (p_extended_epid_group_id == NULL) + return SGX_ERROR_INVALID_PARAMETER; + + aesm_error_t result = AESM_UNEXPECTED_ERROR; + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + ret = oal_get_extended_epid_group_id(p_extended_epid_group_id, SGX_GET_EXTENDED_GROUP_ID_MSEC*1000, &result); + + //common mappings + sgx_status_t mapped = oal_map_status(ret); + if (mapped != SGX_SUCCESS) + return mapped; + + mapped = oal_map_result(result); + if (mapped != SGX_SUCCESS) + { + //operation specific mapping + if (mapped == SGX_ERROR_UNEXPECTED && result != AESM_UNEXPECTED_ERROR) + { + switch (result) + { + default: + mapped = SGX_ERROR_UNEXPECTED; + } + } + } + return mapped; +} + +sgx_status_t sgx_switch_extended_epid_group(uint32_t extended_epid_group_id) +{ + aesm_error_t result = AESM_UNEXPECTED_ERROR; + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + ret = oal_switch_extended_epid_group(extended_epid_group_id, SGX_SWITCH_EXTENDED_GROUP_MSEC*1000, &result); + + //common mappings + sgx_status_t mapped = oal_map_status(ret); + if (mapped != SGX_SUCCESS) + return mapped; + + mapped = oal_map_result(result); + if (mapped != SGX_SUCCESS) + { + //operation specific mapping + if (mapped == SGX_ERROR_UNEXPECTED && result != AESM_UNEXPECTED_ERROR) + { + switch (result) + { + default: + mapped = SGX_ERROR_UNEXPECTED; + } + } + } + return mapped; +} + // common mapper function for all OAL specific error codes sgx_status_t oal_map_status(uae_oal_status_t status) @@ -492,6 +649,7 @@ sgx_status_t oal_map_result(aesm_error_t result) retVal = SGX_ERROR_INVALID_PARAMETER; break; case AESM_SERVICE_STOPPED: + case AESM_SERVICE_UNAVAILABLE: retVal = SGX_ERROR_SERVICE_UNAVAILABLE; break; case AESM_OUT_OF_MEMORY_ERROR: @@ -505,6 +663,9 @@ sgx_status_t oal_map_result(aesm_error_t result) case AESM_PROXY_SETTING_ASSIST: retVal = SGX_ERROR_NETWORK_FAILURE; break; + case AESM_NO_DEVICE_ERROR: + retVal = SGX_ERROR_NO_DEVICE; + break; default: retVal = SGX_ERROR_UNEXPECTED; } diff --git a/psw/uae_service/uae_wrapper/inc/AEInternalServices.h b/psw/uae_service/uae_wrapper/inc/AEInternalServices.h index 52329fe220..b8386e66f0 100644 --- a/psw/uae_service/uae_wrapper/inc/AEInternalServices.h +++ b/psw/uae_service/uae_wrapper/inc/AEInternalServices.h @@ -52,6 +52,11 @@ class AEInternalServices : public AEServices virtual PsCap* GetPsCap(uint32_t timeout_msec=0) =0; virtual AttestationStatus* ReportAttestationError(const PlatformInfo* platformInfo, uint32_t attestation_error_code, uint32_t updateInfoLength, uint32_t timeout_msec=0) =0; + + virtual WhiteListSize* GetWhiteListSize(uint32_t timeout_msec=0) =0; + virtual PlainData* GetWhiteList(uint32_t white_list_size, uint32_t timeout = 0) =0; + virtual ExtendedEpidGroupId* SGXGetExtendedEpidGroupId(uint32_t timeout_msec=0) =0; + virtual PlainData* SGXSwitchExtendedEpidGroup(uint32_t x_group_id, uint32_t timeout = 0) =0; }; #endif diff --git a/psw/uae_service/uae_wrapper/inc/AEServices.h b/psw/uae_service/uae_wrapper/inc/AEServices.h index f688428eb2..e36de2f0a5 100644 --- a/psw/uae_service/uae_wrapper/inc/AEServices.h +++ b/psw/uae_service/uae_wrapper/inc/AEServices.h @@ -114,6 +114,8 @@ typedef PlainData Signature; typedef PlainData SEAttributes; typedef PlainData PSEMessage; +typedef PlainData WhiteList; + typedef PlainData PlatformInfo; typedef PlainData UpdateInfo; @@ -218,7 +220,41 @@ struct PsCap } }; +struct WhiteListSize +{ + uint32_t errorCode; + uae_oal_status_t uaeStatus; + uint32_t white_list_size; + WhiteListSize(): errorCode(AESM_UNEXPECTED_ERROR), uaeStatus(UAE_OAL_ERROR_UNEXPECTED), white_list_size(0){} + ~WhiteListSize() + { + } + + bool operator==(const WhiteListSize& other) const + { + if (this == &other) return true; + return white_list_size == other.white_list_size; + } +}; + +struct ExtendedEpidGroupId +{ + uint32_t errorCode; + uae_oal_status_t uaeStatus; + uint32_t x_group_id; + + ExtendedEpidGroupId(): errorCode(AESM_UNEXPECTED_ERROR), uaeStatus(UAE_OAL_ERROR_UNEXPECTED), x_group_id(0){} + ~ExtendedEpidGroupId() + { + } + + bool operator==(const ExtendedEpidGroupId& other) const + { + if (this == &other) return true; + return x_group_id == other.x_group_id; + } +}; struct AttestationStatus { @@ -257,6 +293,10 @@ class AEServices virtual PsCap* GetPsCap(uint32_t timeout_msec=0) = 0; virtual AttestationStatus* ReportAttestationError(const PlatformInfo* platformInfo, uint32_t attestation_error_code, uint32_t updateInfoLength, uint32_t timeout_msec=0) = 0; + virtual WhiteListSize* GetWhiteListSize(uint32_t timeout_msec=0) = 0; + virtual PlainData* GetWhiteList(uint32_t white_list_size, uint32_t timeout = 0) =0; + virtual ExtendedEpidGroupId* SGXGetExtendedEpidGroupId(uint32_t timeout_msec=0) =0; + virtual PlainData* SGXSwitchExtendedEpidGroup(uint32_t x_group_id, uint32_t timeout = 0) =0; }; #endif diff --git a/psw/uae_service/uae_wrapper/inc/AEServicesImpl.h b/psw/uae_service/uae_wrapper/inc/AEServicesImpl.h index 45eac15978..944de67678 100644 --- a/psw/uae_service/uae_wrapper/inc/AEServicesImpl.h +++ b/psw/uae_service/uae_wrapper/inc/AEServicesImpl.h @@ -62,7 +62,12 @@ class AEServicesImpl : public AEInternalServices{ PsCap* GetPsCap(uint32_t timeout_msec=0); AttestationStatus* ReportAttestationError(const PlatformInfo* platformInfo, uint32_t attestation_error_code, uint32_t updateInfoLength,uint32_t timeout_msec=0) ; - + + WhiteListSize* GetWhiteListSize(uint32_t timeout_msec=0); + PlainData* GetWhiteList(uint32_t white_list_size, uint32_t timeout = 0); + ExtendedEpidGroupId* SGXGetExtendedEpidGroupId(uint32_t timeout_msec=0); + PlainData* SGXSwitchExtendedEpidGroup(uint32_t x_group_id, uint32_t timeout = 0); + friend AEServices* AEServicesProvider::GetServicesProvider(); friend AEInternalServices* AEInternalServicesProvider::GetInternalServicesProvider(); diff --git a/psw/uae_service/uae_wrapper/src/AEServicesImpl.cpp b/psw/uae_service/uae_wrapper/src/AEServicesImpl.cpp index 4fa0e378b1..8dffbcaab4 100644 --- a/psw/uae_service/uae_wrapper/src/AEServicesImpl.cpp +++ b/psw/uae_service/uae_wrapper/src/AEServicesImpl.cpp @@ -57,6 +57,18 @@ #include #include +#include +#include + +#include +#include + +#include +#include + +#include +#include + #include #include #include @@ -395,3 +407,103 @@ AttestationStatus* AEServicesImpl::ReportAttestationError(const PlatformInfo* pl return attestationStatus; } + +WhiteListSize* AEServicesImpl::GetWhiteListSize(uint32_t timeout_msec) +{ + AEGetWhiteListSizeRequest* getWhiteListSizeRequest = new AEGetWhiteListSizeRequest(timeout_msec); + AEGetWhiteListSizeResponse* getWhiteListSizeResponse = new AEGetWhiteListSizeResponse(); + + uae_oal_status_t ipc_status = mTransporter->transact(getWhiteListSizeRequest, getWhiteListSizeResponse); + + WhiteListSize* white_list_size = new WhiteListSize(); + white_list_size->uaeStatus = ipc_status; + + if (ipc_status == UAE_OAL_SUCCESS && getWhiteListSizeResponse->check() == true) + white_list_size->white_list_size= getWhiteListSizeResponse->GetWhiteListSize(); + + white_list_size->errorCode = getWhiteListSizeResponse->GetErrorCode(); + + delete getWhiteListSizeRequest; + delete getWhiteListSizeResponse; + + return white_list_size; +} + +PlainData* AEServicesImpl::GetWhiteList(uint32_t white_list_size, uint32_t timeout) +{ + AEGetWhiteListRequest* getWhiteListRequest = new AEGetWhiteListRequest(white_list_size, timeout); + + if(getWhiteListRequest->check() == false) + { + delete getWhiteListRequest; + PlainData* whiteList = new PlainData; + whiteList->uaeStatus = UAE_OAL_ERROR_UNEXPECTED; + return whiteList; + } + + AEGetWhiteListResponse* getWhiteListResponse = new AEGetWhiteListResponse(); + + uae_oal_status_t ipc_status = mTransporter->transact(getWhiteListRequest, getWhiteListResponse); + + PlainData* whiteList = new PlainData; + whiteList->uaeStatus = ipc_status; + + if (ipc_status == UAE_OAL_SUCCESS && getWhiteListResponse->check()) + { + whiteList->length = getWhiteListResponse->GetWhiteListLength(); + + if (whiteList->length > 0) + { + whiteList->data = new uint8_t[whiteList->length]; + memcpy(whiteList->data, getWhiteListResponse->GetWhiteList(), whiteList->length); + } + } + + whiteList->errorCode = getWhiteListResponse->GetErrorCode(); + + delete getWhiteListRequest; + delete getWhiteListResponse; + + return whiteList; +} + +PlainData* AEServicesImpl::SGXSwitchExtendedEpidGroup(uint32_t x_group_id, uint32_t timeout) +{ + AESGXSwitchExtendedEpidGroupRequest* switchExtendedEpidGroupRequest = new AESGXSwitchExtendedEpidGroupRequest(x_group_id, timeout); + AESGXSwitchExtendedEpidGroupResponse* switchExtendedEpidGroupResponse = new AESGXSwitchExtendedEpidGroupResponse(); + + uae_oal_status_t ipc_status = mTransporter->transact(switchExtendedEpidGroupRequest, switchExtendedEpidGroupResponse); + + PlainData* res = new PlainData; + + res->errorCode = switchExtendedEpidGroupResponse->GetErrorCode(); + res->uaeStatus = ipc_status; + + delete switchExtendedEpidGroupRequest; + delete switchExtendedEpidGroupResponse; + + return res; +} + +ExtendedEpidGroupId* AEServicesImpl::SGXGetExtendedEpidGroupId(uint32_t timeout_msec) +{ + AESGXGetExtendedEpidGroupIdRequest* getExtendedEpidGroupIdRequest = new AESGXGetExtendedEpidGroupIdRequest(timeout_msec); + AESGXGetExtendedEpidGroupIdResponse* getExtendedEpidGroupIdResponse = new AESGXGetExtendedEpidGroupIdResponse(); + + uae_oal_status_t ipc_status = mTransporter->transact(getExtendedEpidGroupIdRequest, getExtendedEpidGroupIdResponse); + + ExtendedEpidGroupId* extended_group_id = new ExtendedEpidGroupId(); + extended_group_id->uaeStatus = ipc_status; + + if (ipc_status == UAE_OAL_SUCCESS && getExtendedEpidGroupIdResponse->check() == true) + extended_group_id->x_group_id= getExtendedEpidGroupIdResponse->GetExtendedEpidGroupId(); + + extended_group_id->errorCode = getExtendedEpidGroupIdResponse->GetErrorCode(); + + delete getExtendedEpidGroupIdRequest; + delete getExtendedEpidGroupIdResponse; + + return extended_group_id; +} + + diff --git a/psw/uae_service/uae_wrapper/src/uae_api.cpp b/psw/uae_service/uae_wrapper/src/uae_api.cpp index fa7588c03d..2f76c82b65 100644 --- a/psw/uae_service/uae_wrapper/src/uae_api.cpp +++ b/psw/uae_service/uae_wrapper/src/uae_api.cpp @@ -284,3 +284,93 @@ uae_oal_status_t SGXAPI oal_report_attestation_status( return ret; } +extern "C" +uae_oal_status_t oal_get_whitelist_size(uint32_t* white_list_size, uint32_t timeout_usec, aesm_error_t *result) +{ + AEServices* servicesProvider = AEServicesProvider::GetServicesProvider(); + if (servicesProvider == NULL) + return UAE_OAL_ERROR_UNEXPECTED; + + WhiteListSize* whiteListSize = servicesProvider->GetWhiteListSize(timeout_usec / 1000); + + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + if (whiteListSize != NULL) + { + ret = whiteListSize->uaeStatus; + *result = (aesm_error_t)whiteListSize->errorCode; + + if (*result == AESM_SUCCESS) + { + *white_list_size = whiteListSize->white_list_size; + } + } + delete whiteListSize; + return ret; +} + +extern "C" +uae_oal_status_t oal_get_whitelist(uint8_t *white_list, uint32_t white_list_size, uint32_t timeout_usec, aesm_error_t *result) +{ + AEServices* servicesProvider = AEServicesProvider::GetServicesProvider(); + if (servicesProvider == NULL) + return UAE_OAL_ERROR_UNEXPECTED; + + WhiteList* whiteList = servicesProvider->GetWhiteList(white_list_size, timeout_usec / 1000); + + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + if (whiteList != NULL) + { + ret = whiteList->uaeStatus; + *result = (aesm_error_t)whiteList->errorCode; + + if (*result == AESM_SUCCESS) + { + memcpy(white_list,whiteList->data,whiteList->length); + } + } + delete whiteList; + return ret; +} + +extern "C" +uae_oal_status_t oal_get_extended_epid_group_id(uint32_t* extended_group_id, uint32_t timeout_usec, aesm_error_t *result) +{ + AEServices* servicesProvider = AEServicesProvider::GetServicesProvider(); + if (servicesProvider == NULL) + return UAE_OAL_ERROR_UNEXPECTED; + + ExtendedEpidGroupId* extendedGroupId = servicesProvider->SGXGetExtendedEpidGroupId(timeout_usec / 1000); + + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + if (extendedGroupId != NULL) + { + ret = extendedGroupId->uaeStatus; + *result = (aesm_error_t)extendedGroupId->errorCode; + + if (*result == AESM_SUCCESS) + { + *extended_group_id = extendedGroupId->x_group_id; + } + } + delete extendedGroupId; + return ret; +} + +extern "C" +uae_oal_status_t oal_switch_extended_epid_group(uint32_t x_group_id, uint32_t timeout_usec, aesm_error_t *result) +{ + AEServices* servicesProvider = AEServicesProvider::GetServicesProvider(); + if (servicesProvider == NULL) + return UAE_OAL_ERROR_UNEXPECTED; + + PlainData* plainData = servicesProvider->SGXSwitchExtendedEpidGroup(x_group_id, timeout_usec / 1000); + + uae_oal_status_t ret = UAE_OAL_ERROR_UNEXPECTED; + if (plainData != NULL) + { + ret = plainData->uaeStatus; + *result = (aesm_error_t)plainData->errorCode; + } + delete plainData; + return ret; +} diff --git a/psw/urts/linux/enter_enclave.S b/psw/urts/linux/enter_enclave.S index 3fb35543bc..bca4de6229 100644 --- a/psw/urts/linux/enter_enclave.S +++ b/psw/urts/linux/enter_enclave.S @@ -58,7 +58,7 @@ EENTER_PROLOG /* * at this point, we may have returned due to a normal EEXIT, * or we may have returned due to an OCALL. We differentiate - * by popping the top of the stack. If it is not -1, we have + * by popping the top of the stack. If it is not OCMD_ERET, we have * an untrusted bridge to call at that address. */ diff --git a/psw/urts/loader.cpp b/psw/urts/loader.cpp index 01b61ce238..ba1e2f4f2f 100644 --- a/psw/urts/loader.cpp +++ b/psw/urts/loader.cpp @@ -182,9 +182,32 @@ int CLoader::build_sections(vector *bitmap) { int ret = SGX_SUCCESS; std::vector sections = m_parser.get_sections(); + uint64_t max_rva =0; + Section* last_section = NULL; for(unsigned int i = 0; i < sections.size() ; i++) { + + + + if((last_section != NULL) && + (ROUND_TO_PAGE(last_section->virtual_size() + last_section->get_rva()) < ROUND_TO_PAGE(ROUND_TO_PAGE(last_section->virtual_size()) + last_section->get_rva())) && + (ROUND_TO_PAGE(last_section->get_rva() + last_section->virtual_size()) < (sections[i]->get_rva() & (~(SE_PAGE_SIZE - 1))))) + { + size_t size = SE_PAGE_SIZE; + sec_info_t sinfo; + memset(&sinfo, 0, sizeof(sinfo)); + sinfo.flags = last_section->get_si_flags(); + uint64_t rva = ROUND_TO_PAGE(last_section->get_rva() + last_section->virtual_size()); + if(SGX_SUCCESS != (ret = build_pages(rva, size, 0, sinfo, ADD_EXTEND_PAGE))) + return ret; + } + + if(sections[i]->get_rva() > max_rva) + { + max_rva = sections[i]->get_rva(); + last_section = sections[i]; + } //since build_mem_region require the sec_info.rva be page aligned, we need handle the first page. //build the first page; uint64_t offset = (sections[i]->get_rva() & (SE_PAGE_SIZE -1)); @@ -218,6 +241,22 @@ int CLoader::build_sections(vector *bitmap) return ret; } } + + } + + + + + if((last_section != NULL) && + (ROUND_TO_PAGE(last_section->virtual_size() + last_section->get_rva()) < ROUND_TO_PAGE(ROUND_TO_PAGE(last_section->virtual_size()) + last_section->get_rva()))) + { + size_t size = SE_PAGE_SIZE; + sec_info_t sinfo; + memset(&sinfo, 0, sizeof(sinfo)); + sinfo.flags = last_section->get_si_flags(); + uint64_t rva = ROUND_TO_PAGE(last_section->get_rva() + last_section->virtual_size()); + if(SGX_SUCCESS != (ret = build_pages(rva, size, 0, sinfo, ADD_EXTEND_PAGE))) + return ret; } return SGX_SUCCESS; diff --git a/psw/urts/parser/elfparser.cpp b/psw/urts/parser/elfparser.cpp index aa2f7974fc..ea25b8fecb 100644 --- a/psw/urts/parser/elfparser.cpp +++ b/psw/urts/parser/elfparser.cpp @@ -528,7 +528,7 @@ bool build_regular_sections(const uint8_t* start_addr, { case PT_LOAD: sec = build_section(GET_PTR(uint8_t, start_addr, prg_hdr->p_offset), - (uint64_t)prg_hdr->p_filesz, ROUND_TO_PAGE((uint64_t)prg_hdr->p_memsz), + (uint64_t)prg_hdr->p_filesz, (uint64_t)prg_hdr->p_memsz, (uint64_t)prg_hdr->p_vaddr, (uint32_t) prg_hdr->p_flags); break; diff --git a/sdk/Makefile b/sdk/Makefile index 029026880b..9d1d429561 100644 --- a/sdk/Makefile +++ b/sdk/Makefile @@ -38,6 +38,7 @@ # - trts: libsgx_trts.a # - tcrypto: libsgx_tcrypto.a # - tkey_exchange: libsgx_tkey_exchange.a +# - tsetjmp: libsgx_tsetjmp.a # - Untrtusted libraries # - ukey_exchange: libsgx_ukey_exchange.a # - ptrace: libsgx_ptrace.so, gdb-sgx-plugin @@ -55,7 +56,7 @@ LIBTLIBCXX := $(BUILD_DIR)/libsgx_tstdcxx.a LIBTSE := $(BUILD_DIR)/libsgx_tservice.a .PHONY: all -all: tstdc tstdcxx tservice trts tcrypto tkey_exchange ukey_exchange ptrace sample_crypto simulation signtool edger8r +all: tstdc tstdcxx tservice trts tcrypto tkey_exchange ukey_exchange ptrace sample_crypto simulation signtool edger8r tsetjmp # --------------------------------------------------- # tstdc @@ -161,6 +162,9 @@ tcrypto: tkey_exchange: $(MAKE) -C tkey_exchange +.PHONY: tsetjmp +tsetjmp: + $(MAKE) -C tsetjmp/ # --------------------------------------------------- # Untrusted libraries # --------------------------------------------------- @@ -208,6 +212,7 @@ clean: $(MAKE) -C selib/linux/ clean $(MAKE) -C tae_service/ clean $(MAKE) -C trts/ clean + $(MAKE) -C tsetjmp/ clean $(MAKE) -C tlibcrypto/ clean $(MAKE) -C tkey_exchange/ clean $(MAKE) -C ukey_exchange/ clean diff --git a/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py b/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py index 77f35f3ae5..0fe75649b4 100755 --- a/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py +++ b/sdk/debugger_interface/linux/gdb-sgx-plugin/gdb_sgx_plugin.py @@ -488,9 +488,9 @@ class UpdateOcallFrame(gdb.Breakpoint): if bp_in_urts == True: if SIZE == 4: - base_addr = gdb.parse_and_eval("base") - tcs_addr = gdb.parse_and_eval("tcs") - ocall_frame = gdb.parse_and_eval("of") + base_addr = gdb.parse_and_eval("$eax") + tcs_addr = gdb.parse_and_eval("$edx") + ocall_frame = gdb.parse_and_eval("$ecx") elif SIZE == 8: base_addr = gdb.parse_and_eval("$rdi") tcs_addr = gdb.parse_and_eval("$rsi") diff --git a/sdk/debugger_interface/linux/se_ptrace.c b/sdk/debugger_interface/linux/se_ptrace.c index 6d23bd989c..19e6fa2f59 100644 --- a/sdk/debugger_interface/linux/se_ptrace.c +++ b/sdk/debugger_interface/linux/se_ptrace.c @@ -131,6 +131,7 @@ static int get_exec_class(pid_t pid) return ELFCLASSNONE; if(-1 == read(fd, e_ident, EI_NIDENT)) { + close(fd); return ELFCLASSNONE; } diff --git a/sdk/edger8r/linux/CodeGen.ml b/sdk/edger8r/linux/CodeGen.ml index f7e2074aad..441025302d 100644 --- a/sdk/edger8r/linux/CodeGen.ml +++ b/sdk/edger8r/linux/CodeGen.ml @@ -1393,10 +1393,16 @@ let start_parsing (fname: string) : Ast.enclave = } in try - let chan = - let fullpath = Util.get_file_path fname - in save_file fullpath; open_in fullpath in - let lexbuf = Lexing.from_channel chan in + let fullpath = Util.get_file_path fname in + let preprocessed = + save_file fullpath; Preprocessor.processor_macro(fullpath) in + let lexbuf = + match preprocessed with + | None -> + let chan = open_in fullpath in + Lexing.from_channel chan + | Some(preprocessed_string) -> Lexing.from_string preprocessed_string + in try set_initial_pos lexbuf fname; let e : Ast.enclave = Parser.start_parsing Lexer.tokenize lexbuf in @@ -1407,7 +1413,7 @@ let start_parsing (fname: string) : Ast.enclave = let res = { e with Ast.ename = short_name } in if Util.is_c_identifier short_name then res else (eprintf "warning: %s: file short name `%s' is not a valid C identifier\n" fname short_name; res) - with exn -> close_in chan; + with exn -> begin match exn with | Parsing.Parse_error -> let curr = lexbuf.Lexing.lex_curr_p in diff --git a/sdk/edger8r/linux/Preprocessor.ml b/sdk/edger8r/linux/Preprocessor.ml new file mode 100644 index 0000000000..8eae6f4892 --- /dev/null +++ b/sdk/edger8r/linux/Preprocessor.ml @@ -0,0 +1,71 @@ +(* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + *) + +open Unix +open Printf + +open Util + +(* for compat of OCaml before version 4.02.0 *) +module Bytes = String + +(* Run a command and return its results as a process_status*string. *) +let read_process (command : string) : Unix.process_status * string = + let buffer_size = 2048 in + let buffer = Buffer.create buffer_size in + let str = Bytes.create buffer_size in + let in_channel = Unix.open_process_in command in + let chars_read = ref 1 in + while !chars_read <> 0 do + chars_read := input in_channel str 0 buffer_size; + Buffer.add_substring buffer str 0 !chars_read + done; + let status = Unix.close_process_in in_channel in + let output = Buffer.contents buffer in + ( status, output ) + +(*Return None if gcc not found, caller should handle it*) +let processor_macro ( full_path : string) : string option= + let gcc_path = snd (read_process "which gcc") in + if not (String.contains gcc_path '/' ) then + (eprintf "warning: preprocessor is not found\n"; None) + else + let command = sprintf "gcc -x c -E -P \"%s\" 2>/dev/null" full_path in + let output = read_process command in + match fst output with + | WEXITED exit_status -> + if exit_status < 0 then + failwithf "gcc exited with error code 0x%d\n" exit_status + else if exit_status > 0 then + failwithf "Preprocessor failed\n" + else + Some(snd output) + | _ -> failwithf "Preprocessor stopped by signal\n" diff --git a/sdk/sample_libcrypto/sample_libcrypto.cpp b/sdk/sample_libcrypto/sample_libcrypto.cpp index 4b6b6f18e9..9057e248f4 100644 --- a/sdk/sample_libcrypto/sample_libcrypto.cpp +++ b/sdk/sample_libcrypto/sample_libcrypto.cpp @@ -31,10 +31,13 @@ /* - * This sample cryptopgraphy library was intended to be used in a limited - * manner. Its cryptographic strength is very weak. It should not be - * used by any production code. Its scope is limited to assist in the - * development of the remote attestation sample application. +* Do NOT use this library in your actual product. +* The purpose of this sample library is to aid the debugging of a +* remote attestation service. +* To achieve that goal, the sample remote attestation application +* will use this sample library to generate reproducible messages. +* If you have still not decided on whether you should use this library in a +* released product, please refer to the implementation of __do_get_rand32. **/ #include @@ -105,12 +108,12 @@ extern "C" int memset_s(void *s, size_t smax, int c, size_t n) #endif -// We are using this very non-random definition for reproducibility / debugging purposes. + static uint32_t seed = (uint32_t)(9); +// We are using this very non-random definition for reproducibility / debugging purposes. static inline sample_status_t __do_get_rand32(uint32_t* rand_num) { - // A better source of entropy would be the "time" function or something like that *rand_num = seed; return SAMPLE_SUCCESS; } diff --git a/sdk/sample_libcrypto/sample_libcrypto.h b/sdk/sample_libcrypto/sample_libcrypto.h index bd907cf9b9..4e4de19ce1 100644 --- a/sdk/sample_libcrypto/sample_libcrypto.h +++ b/sdk/sample_libcrypto/sample_libcrypto.h @@ -32,10 +32,12 @@ /** * File: sample_libcrypto.h * Description: -* Interface for generic crypto library APIs. This library does NOT have -* production quality crypto implementations. -* Some methods have been constructed to facilitate reproduceable results to -* aid in the debugging of the sample application. +* Interface for generic crypto library APIs. +* Do NOT use this library in your actual product. +* The purpose of this sample library is to aid the debugging of a +* remote attestation service. +* To achieve that goal, the sample remote attestation application +* will use this sample library to generate reproducible messages. */ #ifndef SAMPLE_LIBCRYPTO_H diff --git a/sdk/sign_tool/SignTool/manage_metadata.cpp b/sdk/sign_tool/SignTool/manage_metadata.cpp index 7ae747d4af..ed92ea9982 100644 --- a/sdk/sign_tool/SignTool/manage_metadata.cpp +++ b/sdk/sign_tool/SignTool/manage_metadata.cpp @@ -627,6 +627,13 @@ uint64_t CMetadata::calculate_sections_size() uint64_t size = (NULL == last_section) ? (0) : (last_section->get_rva() + last_section->virtual_size()); size = ROUND_TO_PAGE(size); + + + + if(size < ROUND_TO_PAGE(last_section->get_rva() + ROUND_TO_PAGE(last_section->virtual_size()))) + { + size += SE_PAGE_SIZE; + } return size; } diff --git a/sdk/sign_tool/SignTool/parse_key_file.cpp b/sdk/sign_tool/SignTool/parse_key_file.cpp index bc8aa45f0b..47a4982e76 100644 --- a/sdk/sign_tool/SignTool/parse_key_file.cpp +++ b/sdk/sign_tool/SignTool/parse_key_file.cpp @@ -46,6 +46,7 @@ #include #include #include +#include #include #include @@ -55,6 +56,11 @@ //N_SIZE+E_SIZE+D_SIZE+P_SIZE+Q_SIZE+DMP1_SIZE+DMQ1_SIZE+sizeof(inverseQ) #define PRI_COMPONENTS_SIZE (N_SIZE_IN_BYTES + E_SIZE_IN_BYTES + D_SIZE_IN_BYTES + P_SIZE_IN_BYTES *5) #define PUB_CONPONENTS_SIZE (N_SIZE_IN_BYTES + E_SIZE_IN_BYTES) //N_SIZE+E_SIZE +#define SEQUENCE_TAG_VALUE 0x30 +#define INTEGER_TAG_VALUE 0x02 +#define BIT_STRING_TAG_VALUE 0x03 +#define NULL_TAG_VALUE 0x05 +#define OID_TAG_VALUE 0x06 #define CHECK_RETRUN(value) {if(0 == (value)) return 0;} @@ -69,7 +75,7 @@ //Return Value // int---The length of the decoded string static int base64_decode(const unsigned char* aSrc, size_t srcLen, unsigned char* result) -{ +{ //two reason will cause the function return 0: 1- The input parameters are wrong, 2- srcLen<4 static char index_64[256] = { 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, @@ -130,6 +136,89 @@ static void convert_string(unsigned char *str, int len) } } +static bool parse_tag_and_length(const unsigned char *begin, const unsigned char *end, uint8_t expect_tag, size_t *len_bytes, size_t *value_bytes) +{ + assert(NULL != begin && NULL != end && NULL != len_bytes && NULL != value_bytes); + if (begin[0] != expect_tag) + return false; + size_t tvb = 0, tlb = 0; // 'temporary value bytes' and 'temporary length bytes' + const unsigned char *lbegin = begin + 1; + if (!(lbegin[0] & 0x80)) + { + // Value bytes <= 127 + tvb = lbegin[0]; + tlb += 1; // length is only one bytes + } + else if (lbegin[0] == 0x81) + { + tlb += (lbegin[0] & 0x7F) + 1; // + 1byte Length + 1byte to contain the value bytes + if (tlb != 2) + return false; + tvb = lbegin[1]; + } + else if (lbegin[0] == 0x82) + { + tlb += (lbegin[0] & 0x7F) + 1; // + 1byte Length + 2bytes to contain the value bytes + if (tlb != 3) + return false; + tvb = (lbegin[1] << 8) + lbegin[2]; + } + else + { + // Only the 3072bits RSA key is acceptable, for which we only need 2bytes to store the value bytes. + // Therefore, return failure if the length of the value bytes is greater than 2bytes. + return false; + } + + if ((tlb < UINT_MAX - tvb) && (size_t)(lbegin + tvb + tlb) > tvb + tlb) + { + // In the input begin/end, the key_header/end has been removed. + // Therefore, we should not check the entire key length. + if (expect_tag != SEQUENCE_TAG_VALUE && lbegin + tvb + tlb > end) + return false; + else + { + *value_bytes = tvb; + *len_bytes = tlb + 1; // + size of tag + return true; + } + } + return false; +} + +static bool parse_tlv_integer(const unsigned char **begin, const unsigned char *end, unsigned int *values, size_t values_length) +{ + assert(NULL != begin && NULL != *begin && NULL != end && NULL != values && values_length > 0); + size_t value_bytes = 0, len_bytes = 0; + const unsigned char *psrc = *begin; + if (parse_tag_and_length(psrc, end, INTEGER_TAG_VALUE, &len_bytes, &value_bytes) == false) + return false; + psrc += len_bytes; + + if (value_bytes < values_length) + return false; + + else if (value_bytes > values_length) + { + for (unsigned int i = 0; i < value_bytes - values_length; i++) + { + if (*(psrc + i) != 0x00) + return false; + } + // There are some padding 0x00s which need to skip + psrc += value_bytes - values_length; + } + + if (values != NULL) + { + memcpy_s(values, values_length, psrc, values_length); + } + psrc += values_length; + *begin = psrc; + + return true; +} + static bool convert_from_pri_key(const unsigned char *psrc, unsigned int slen, rsa_params_t *rsa) { assert(NULL != psrc && NULL != rsa); @@ -138,119 +227,81 @@ static bool convert_from_pri_key(const unsigned char *psrc, unsigned int slen, r return false; } - int index = 0; - if((int)psrc[index]== 0x30 &&(int)psrc[index+1] == 0x82) - index += 4; - else if((int)psrc[index] == 0x30 && (int)psrc[index+1] == 0x81) - index += 3; - else - return false; - - if(!((int)psrc[index] == 0x02 && (int)psrc[index+1] == 0x01))// version number must be 0x0102 + size_t value_bytes = 0, len_bytes = 0; + const unsigned char *end = psrc + slen; + if (parse_tag_and_length(psrc, end, SEQUENCE_TAG_VALUE, &len_bytes, &value_bytes) == false) { return false; } - index += 2; - if((int)psrc[index] != 0x00) + psrc += len_bytes; + // Version + if (parse_tag_and_length(psrc, end, INTEGER_TAG_VALUE, &len_bytes, &value_bytes) == false) + { return false; - index += 6; + } + psrc += len_bytes; + if (value_bytes != 0x01 || *psrc != 0x00) // Version should be 0x00 + { + return false; + } + psrc += value_bytes; memset(rsa, 0, sizeof(rsa_params_t)); - //get the module - memcpy_s(rsa->n, sizeof(rsa->n), psrc+index, N_SIZE_IN_BYTES); + // N + if (parse_tlv_integer(&psrc, end, rsa->n, N_SIZE_IN_BYTES) == false) + { + return false; + } convert_string((unsigned char *)rsa->n, sizeof(rsa->n)); - //get EXPONENT - index += N_SIZE_IN_BYTES; - if(!((unsigned int)psrc[index] == 0x02 &&(unsigned int)psrc[index+1] == 0x01)) //"0x01" indicates the size of e is 1 byte + // E + if (parse_tlv_integer(&psrc, end, rsa->e, E_SIZE_IN_UINT) == false) + { + return false; + } + if (rsa->e[0] != 0x03) { se_trace(SE_TRACE_ERROR, "Only '3' is accepted as the Exponent value.\n"); return false; } - index += 2; - unsigned int temp = *(psrc+index); - if(temp != 0x03) - { - se_trace(SE_TRACE_ERROR, "Key Exponent is %#x. Only '3' is accepted as the Exponent value.\n", temp); - return false; - } - temp = temp&0x0f; - memcpy_s(rsa->e, sizeof(rsa->e), &temp, sizeof(unsigned int)); - //get D - index += 1; - if((unsigned int)psrc[index]!=0x02) + // D + if (parse_tlv_integer(&psrc, end, rsa->d, D_SIZE_IN_BYTES) == false) { return false; } - - index = index+4; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->d, sizeof(rsa->d), psrc+index, D_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->d, sizeof(rsa->d)); - //get P - index += D_SIZE_IN_BYTES; - if((unsigned int)psrc[index]!=0x02) + // P + if (parse_tlv_integer(&psrc, end, rsa->p, P_SIZE_IN_BYTES) == false) { return false; } - index = index+4; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->p, sizeof(rsa->p), psrc+index, P_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->p, sizeof(rsa->p)); - - //get Q - index += P_SIZE_IN_BYTES; - if((unsigned int)psrc[index]!=0x02) + // Q + if (parse_tlv_integer(&psrc, end, rsa->q, Q_SIZE_IN_BYTES) == false) { return false; } - - index = index+4; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->q, sizeof(rsa->q), psrc+index, Q_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->q, sizeof(rsa->q)); - - //get DMP1 - index += Q_SIZE_IN_BYTES; - if((unsigned int)psrc[index]!=0x02) + // DMP1 + if (parse_tlv_integer(&psrc, end, rsa->dmp1, DMP1_SIZE_IN_BYTES) == false) { return false; } - index += 4; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->dmp1, sizeof(rsa->dmp1), psrc+index, DMP1_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->dmp1, sizeof(rsa->dmp1)); - - //get DMQ1 - index += DMP1_SIZE_IN_BYTES; - if((unsigned int)psrc[index]!=0x02) + // DMQ1 + if (parse_tlv_integer(&psrc, end, rsa->dmq1, DMQ1_SIZE_IN_BYTES) == false) { return false; } - index += 4; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->dmq1, sizeof(rsa->dmq1), psrc+index, DMQ1_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->dmq1, sizeof(rsa->dmq1)); - - //get IQMP - index += DMQ1_SIZE_IN_BYTES; - if((unsigned int)psrc[index]!=0x02) + // IQMP + if (parse_tlv_integer(&psrc, end, rsa->iqmp, IQMP_SIZE_IN_BYTES) == false) { return false; } - index += 3; - if((int)psrc[index] == 0) - index += 1; - memcpy_s(rsa->iqmp, sizeof(rsa->iqmp), psrc+index, IQMP_SIZE_IN_BYTES); convert_string((unsigned char *)rsa->iqmp, sizeof(rsa->iqmp)); - return true; } @@ -261,73 +312,58 @@ static bool convert_from_pub_key(const unsigned char *psrc, unsigned int slen, { return false; } - //encoded OID sequence (OBJECT IDENTIFIER = 1.2.840.113549.1.1.1) - unsigned char OID_str[] = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00}; - size_t index = 0; - if((unsigned int)psrc[index]==0x30 && (unsigned int)psrc[index+1] == 0x82) - index += 4; - else if((unsigned int)psrc[index]==0x30 && (unsigned int)psrc[index+1] == 0x81) - index += 3; - else - return false; - unsigned int i=0; - for(; in, sizeof(rsa->n), psrc+index, N_SIZE_IN_BYTES); + // N + if (parse_tlv_integer(&psrc, end, rsa->n, N_SIZE_IN_BYTES) == false) + { + return false; + } convert_string((unsigned char *)rsa->n, sizeof(rsa->n)); - - //get EXPONENT - index += N_SIZE_IN_BYTES; - if(!((unsigned int)psrc[index] == 0x02 &&(unsigned int)psrc[index+1] == 0x01)) //"0x01" indicates the size of e is 1 byte + // E + if (parse_tlv_integer(&psrc, end, rsa->e, E_SIZE_IN_UINT) == false) + { + return false; + } + if (rsa->e[0] != 0x03) { se_trace(SE_TRACE_ERROR, "Only '3' is accepted as the Exponent value.\n"); return false; } - index += 2; - unsigned int temp = *(psrc+index); - if(temp != 0x03) - { - se_trace(SE_TRACE_ERROR, "Key Exponent is %#x. Only '3' is accepted as the Exponent value.\n", temp); - return false; - } - temp = temp&0x0f; - memcpy_s(rsa->e, sizeof(rsa->e), &temp, sizeof(unsigned int)); return true; } diff --git a/sdk/simulation/uae_service_sim/linux/Makefile b/sdk/simulation/uae_service_sim/linux/Makefile index 24d931f4e7..e63bbc6319 100644 --- a/sdk/simulation/uae_service_sim/linux/Makefile +++ b/sdk/simulation/uae_service_sim/linux/Makefile @@ -104,7 +104,7 @@ else endif $(LIBUAE_SERVICE_DEPLOY): ../uae_service_deploy.c - $(CC) -shared -Wl,-soname=libsgx_uae_service.so $< -o $@ + $(CC) -fPIC -shared -Wl,-soname=libsgx_uae_service.so $< -o $@ $(BUILD_DIR): @$(MKDIR) $@ diff --git a/sdk/simulation/uae_service_sim/linux/uae_service_sim.linux.version b/sdk/simulation/uae_service_sim/linux/uae_service_sim.linux.version index c31c0ded9d..a6273130a4 100644 --- a/sdk/simulation/uae_service_sim/linux/uae_service_sim.linux.version +++ b/sdk/simulation/uae_service_sim/linux/uae_service_sim.linux.version @@ -10,6 +10,7 @@ global: exchange_report_ocall; close_session_ocall; invoke_service_ocall; + sgx_get_extended_epid_group_id; local: *; }; diff --git a/sdk/simulation/uae_service_sim/quoting_sim.cpp b/sdk/simulation/uae_service_sim/quoting_sim.cpp index 0a918fefb9..e400988e06 100644 --- a/sdk/simulation/uae_service_sim/quoting_sim.cpp +++ b/sdk/simulation/uae_service_sim/quoting_sim.cpp @@ -460,3 +460,25 @@ sgx_status_t SGXAPI sgx_report_attestation_status( return SGX_SUCCESS; } +sgx_status_t SGXAPI sgx_get_extended_epid_group_id(uint32_t* p_extended_epid_group_id) +{ + *p_extended_epid_group_id = 0; + return SGX_SUCCESS; +} + +sgx_status_t SGXAPI sgx_get_whitelist_size(uint32_t* p_whitelist_size) +{ + *p_whitelist_size = 0; + return SGX_SUCCESS; +} + +sgx_status_t SGXAPI sgx_get_whitelist(uint8_t* p_whitelist, uint32_t whitelist_size) +{ + UNUSED(p_whitelist); + if(whitelist_size!=0){ + return SGX_ERROR_INVALID_PARAMETER; + }else{ + return SGX_SUCCESS; + } +} + diff --git a/sdk/simulation/uae_service_sim/uae_service_deploy.c b/sdk/simulation/uae_service_sim/uae_service_deploy.c index ddb7b05e54..b14e64da80 100644 --- a/sdk/simulation/uae_service_sim/uae_service_deploy.c +++ b/sdk/simulation/uae_service_sim/uae_service_deploy.c @@ -33,10 +33,14 @@ void Java_com_voidel_security_sgx_uae_SGX_1AEServices_initializeNativeAEServices void sgx_get_quote(){} void sgx_get_quote_size(){} void sgx_init_quote(){} +void sgx_get_whitelist_size(){} +void sgx_get_whitelist(){} +void sgx_switch_extended_epid_group(){} +void sgx_get_extended_epid_group_id(){} void get_launch_token(){} void close_session_ocall(){} void create_session_ocall(){} void exchange_report_ocall(){} void invoke_service_ocall(){} -void sgx_report_remote_attestation_failure(){} +void sgx_report_attestation_status(){} void sgx_get_ps_cap(){} diff --git a/sdk/tkey_exchange/tkey_exchange.cpp b/sdk/tkey_exchange/tkey_exchange.cpp index 32681d263d..925e01cb65 100644 --- a/sdk/tkey_exchange/tkey_exchange.cpp +++ b/sdk/tkey_exchange/tkey_exchange.cpp @@ -77,12 +77,16 @@ typedef struct _ra_db_item_t sgx_target_info_t qe_target; //to verify quote report ra_state state; sgx_spinlock_t item_lock; + uintptr_t derive_key_cb; }ra_db_item_t; #pragma pack(pop) static simple_vector g_ra_db = {0, 0, NULL}; -static sgx_spinlock_t g_ra_db_lock; +static sgx_spinlock_t g_ra_db_lock = SGX_SPINLOCK_INITIALIZER; +static uintptr_t g_kdf_cookie = 0; +#define ENC_KDF_POINTER(x) (uintptr_t)(x) ^ g_kdf_cookie +#define DEC_KDF_POINTER(x) (sgx_ra_derive_secret_keys_t)((x) ^ g_kdf_cookie) extern "C" sgx_status_t sgx_ra_get_ga( sgx_ra_context_t context, @@ -166,6 +170,12 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( // Create gb_ga sgx_ec256_public_t gb_ga[2]; sgx_ec256_public_t sp_pubkey; + sgx_ec_key_128bit_t smkey = {0}; + sgx_ec_key_128bit_t skey = {0}; + sgx_ec_key_128bit_t mkey = {0}; + sgx_ec_key_128bit_t vkey = {0}; + sgx_ra_derive_secret_keys_t ra_key_cb = NULL; + memset(&gb_ga[0], 0, sizeof(gb_ga)); sgx_spin_lock(&item->item_lock); //sgx_ra_get_ga must have been called @@ -177,6 +187,7 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( memcpy(&a, &item->a, sizeof(a)); memcpy(&gb_ga[1], &item->g_a, sizeof(gb_ga[1])); memcpy(&sp_pubkey, &item->sp_pubkey, sizeof(sp_pubkey)); + ra_key_cb = DEC_KDF_POINTER(item->derive_key_cb); sgx_spin_unlock(&item->item_lock); memcpy(&gb_ga[0], &p_msg2->g_b, sizeof(gb_ga[0])); @@ -196,7 +207,7 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( sgx_ec256_public_t* p_msg2_g_b = const_cast(&p_msg2->g_b); se_ret = sgx_ecc256_compute_shared_dhkey(&a, (sgx_ec256_public_t*)p_msg2_g_b, - (sgx_ec256_dh_shared_t*)&dh_key, ecc_state); + &dh_key, ecc_state); if(SGX_SUCCESS != se_ret) { if (SGX_ERROR_OUT_OF_MEMORY != se_ret) @@ -223,13 +234,27 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( sgx_ecc256_close_context(ecc_state); return SGX_ERROR_INVALID_SIGNATURE; } - sgx_ec_key_128bit_t smkey = {0}; - sgx_ec_key_128bit_t skey = {0}; - sgx_ec_key_128bit_t mkey = {0}; - sgx_ec_key_128bit_t vkey = {0}; + do { - if (p_msg2->kdf_id == 0x0001) + if(NULL != ra_key_cb) + { + se_ret = ra_key_cb(&dh_key, + p_msg2->kdf_id, + &smkey, + &skey, + &mkey, + &vkey); + if (SGX_SUCCESS != se_ret) + { + if(SGX_ERROR_OUT_OF_MEMORY != se_ret && + SGX_ERROR_INVALID_PARAMETER != se_ret && + SGX_ERROR_KDF_MISMATCH != se_ret) + se_ret = SGX_ERROR_UNEXPECTED; + break; + } + } + else if (p_msg2->kdf_id == 0x0001) { se_ret = derive_key(&dh_key, "SMK", (uint32_t)(sizeof("SMK") -1), &smkey); if (SGX_SUCCESS != se_ret) @@ -238,44 +263,27 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( se_ret = SGX_ERROR_UNEXPECTED; break; } - - sgx_cmac_128bit_tag_t mac; - uint32_t maced_size = offsetof(sgx_ra_msg2_t, mac); - - se_ret = sgx_rijndael128_cmac_msg(&smkey, (const uint8_t *)p_msg2, maced_size, &mac); + se_ret = derive_key(&dh_key, "SK", (uint32_t)(sizeof("SK") -1), &skey); if (SGX_SUCCESS != se_ret) { if(SGX_ERROR_OUT_OF_MEMORY != se_ret) se_ret = SGX_ERROR_UNEXPECTED; break; } - //Check mac - if(0 == consttime_memequal(mac, p_msg2->mac, sizeof(mac))) - { - se_ret = SGX_ERROR_MAC_MISMATCH; - break; - } - se_ret = derive_key((sgx_ec256_dh_shared_t*)&dh_key, "SK", (uint32_t )(sizeof("SK") -1), &skey); - if (SGX_SUCCESS != se_ret) - { - if(SGX_ERROR_OUT_OF_MEMORY != se_ret) - se_ret = SGX_ERROR_UNEXPECTED; - break; - } - - se_ret = derive_key((sgx_ec256_dh_shared_t*)&dh_key, "MK", (uint32_t)(sizeof("MK") -1), &mkey); - if (SGX_SUCCESS != se_ret) - { - if(SGX_ERROR_OUT_OF_MEMORY != se_ret) - se_ret = SGX_ERROR_UNEXPECTED; - break; - } - - se_ret = derive_key((sgx_ec256_dh_shared_t*)&dh_key, "VK", (uint32_t)(sizeof("VK") -1), &vkey); + se_ret = derive_key(&dh_key, "MK", (uint32_t)(sizeof("MK") -1), &mkey); if (SGX_SUCCESS != se_ret) { if(SGX_ERROR_OUT_OF_MEMORY != se_ret) + se_ret = SGX_ERROR_UNEXPECTED; + break; + } + + se_ret = derive_key(&dh_key, "VK", (uint32_t)(sizeof("VK") -1), &vkey); + if (SGX_SUCCESS != se_ret) + { + if(SGX_ERROR_OUT_OF_MEMORY != se_ret) + se_ret = SGX_ERROR_UNEXPECTED; break; } } @@ -285,7 +293,24 @@ extern "C" sgx_status_t sgx_ra_proc_msg2_trusted( break; } - //create a random nonce + sgx_cmac_128bit_tag_t mac; + uint32_t maced_size = offsetof(sgx_ra_msg2_t, mac); + + se_ret = sgx_rijndael128_cmac_msg(&smkey, (const uint8_t *)p_msg2, maced_size, &mac); + if (SGX_SUCCESS != se_ret) + { + if(SGX_ERROR_OUT_OF_MEMORY != se_ret) + se_ret = SGX_ERROR_UNEXPECTED; + break; + } + //Check mac + if(0 == consttime_memequal(mac, p_msg2->mac, sizeof(mac))) + { + se_ret = SGX_ERROR_MAC_MISMATCH; + break; + } + + //create a nonce se_ret =sgx_read_rand((uint8_t*)p_nonce, sizeof(sgx_quote_nonce_t)); if (SGX_SUCCESS != se_ret) { @@ -473,7 +498,7 @@ extern "C" sgx_status_t sgx_ra_get_msg3_trusted( while (emp_quote_piecemeal < emp_msg3->quote + quote_size) { - //caculate size of one piece, the size of them are sizeof(quote_piece) except for the last one. + //calculate size of one piece, the size of them are sizeof(quote_piece) except for the last one. if (static_cast(emp_msg3->quote + quote_size - emp_quote_piecemeal) < quote_piece_size) quote_piece_size = static_cast(emp_msg3->quote - emp_quote_piecemeal) + quote_size ; memcpy(quote_piece, emp_quote_piecemeal, quote_piece_size); @@ -536,21 +561,49 @@ extern "C" sgx_status_t sgx_ra_get_msg3_trusted( } // TKE interface for isv enclaves -sgx_status_t sgx_ra_init( +sgx_status_t sgx_ra_init_ex( const sgx_ec256_public_t *p_pub_key, int b_pse, + sgx_ra_derive_secret_keys_t derive_key_cb, sgx_ra_context_t *p_context) { int valid = 0; sgx_status_t ret = SGX_SUCCESS; sgx_ecc_state_handle_t ecc_state = NULL; + // initialize g_kdf_cookie for the first time sgx_ra_init_ex is called. + if (unlikely(g_kdf_cookie == 0)) + { + uintptr_t rand = 0; + do + { + if (SGX_SUCCESS != sgx_read_rand((unsigned char *)&rand, sizeof(rand))) + { + return SGX_ERROR_UNEXPECTED; + } + } while (rand == 0); + + sgx_spin_lock(&g_ra_db_lock); + if (g_kdf_cookie == 0) + { + g_kdf_cookie = rand; + } + sgx_spin_unlock(&g_ra_db_lock); + } + if(!p_pub_key || !p_context) return SGX_ERROR_INVALID_PARAMETER; if(!sgx_is_within_enclave(p_pub_key, sizeof(sgx_ec256_public_t))) return SGX_ERROR_INVALID_PARAMETER; + //derive_key_cb can be NULL + if (NULL != derive_key_cb && + !sgx_is_within_enclave((const void*)derive_key_cb, 0)) + { + return SGX_ERROR_INVALID_PARAMETER; + } + ret = sgx_ecc256_open_context(&ecc_state); if(SGX_SUCCESS != ret) { @@ -593,6 +646,8 @@ sgx_status_t sgx_ra_init( return ret; } } + + new_item->derive_key_cb = ENC_KDF_POINTER(derive_key_cb); new_item->state = ra_inited; //find first empty slot in g_ra_db @@ -644,6 +699,19 @@ sgx_status_t sgx_ra_init( return SGX_SUCCESS; } +// TKE interface for isv enclaves +sgx_status_t sgx_ra_init( + const sgx_ec256_public_t *p_pub_key, + int b_pse, + sgx_ra_context_t *p_context) +{ + + return sgx_ra_init_ex(p_pub_key, + b_pse, + NULL, + p_context); +} + // TKE interface for isv enclaves sgx_status_t sgx_ra_get_keys( sgx_ra_context_t context, diff --git a/sdk/tlibc/Makefile b/sdk/tlibc/Makefile index bada08a704..e3d2ff0d6b 100644 --- a/sdk/tlibc/Makefile +++ b/sdk/tlibc/Makefile @@ -43,7 +43,7 @@ CPPFLAGS += -I. \ -I$(LINUX_SDK_DIR)/trts \ -I./gdtoa \ -LIBC_C_SRCS := $(wildcard gen/*.c gdtoa/*.c locale/*.c math/*.c stdlib/*.c string/*.c stdio/*.c time/*.c) +LIBC_C_SRCS := $(wildcard gen/*.c gdtoa/*.c locale/*.c stdlib/*.c string/*.c stdio/*.c time/*.c) LIBC_CPP_SRCS := $(wildcard gen/*.cpp) tstdc_version.cpp LIBC_ASM_SRCS := $(wildcard gen/*.S) diff --git a/sdk/tlibc/math/w_drem.c b/sdk/tlibc/math/w_drem.c deleted file mode 100644 index 5038f5c409..0000000000 --- a/sdk/tlibc/math/w_drem.c +++ /dev/null @@ -1,14 +0,0 @@ -/* - * drem() wrapper for remainder(). - * - * Written by J.T. Conklin, - * Placed into the Public Domain, 1994. - */ - -#include - -double -drem(double x, double y) -{ - return remainder(x, y); -} diff --git a/sdk/tlibc/math/w_dremf.c b/sdk/tlibc/math/w_dremf.c deleted file mode 100644 index f14d98f840..0000000000 --- a/sdk/tlibc/math/w_dremf.c +++ /dev/null @@ -1,14 +0,0 @@ -/* - * dremf() wrapper for remainderf(). - * - * Written by J.T. Conklin, - * Placed into the Public Domain, 1994. - */ - -#include "math.h" - -float -dremf(float x, float y) -{ - return remainderf(x, y); -} diff --git a/sdk/tlibc/string/bcopy.c b/sdk/tlibc/string/bcopy.c index d9195c1fdf..406f2c135e 100644 --- a/sdk/tlibc/string/bcopy.c +++ b/sdk/tlibc/string/bcopy.c @@ -42,16 +42,25 @@ typedef long word; /* "word" used for optimal copy speed */ #define wsize sizeof(word) #define wmask (wsize - 1) +#ifdef MEMPCPY +void * +mempcpy(void *dst0, const void *src0, size_t length) +#else /* * Copy a block of memory, handling overlap. */ void bcopy(const void *src0, void *dst0, size_t length) +#endif { - char *dst = dst0; - const char *src = src0; + char *dst = (char *)dst0; + const char *src = (const char *)src0; size_t t; +#ifdef MEMPCPY + size_t len = length; +#endif + if (length == 0 || dst == src) /* nothing to do */ goto done; @@ -108,5 +117,9 @@ bcopy(const void *src0, void *dst0, size_t length) TLOOP(*--dst = *--src); } done: +#if defined(MEMPCPY) + return ((void *)(((char *)dst0) + len)); +#else return; +#endif } diff --git a/sdk/tlibc/string/mempcpy.c b/sdk/tlibc/string/mempcpy.c index 6d2568630f..a51b85af64 100644 --- a/sdk/tlibc/string/mempcpy.c +++ b/sdk/tlibc/string/mempcpy.c @@ -1,2 +1,2 @@ #define MEMPCPY -#include "./memcpy.c" +#include "./bcopy.c" diff --git a/sdk/tlibthread/sethread_utils.cpp b/sdk/tlibthread/sethread_utils.cpp index 7b2d3918c1..644407701c 100644 --- a/sdk/tlibthread/sethread_utils.cpp +++ b/sdk/tlibthread/sethread_utils.cpp @@ -42,3 +42,7 @@ sgx_thread_t sgx_thread_self(void) return (sgx_thread_t)get_thread_data(); } +int sgx_thread_equal(sgx_thread_t a, sgx_thread_t b) +{ + return a == b; +} diff --git a/sdk/trts/linux/trts_pic.S b/sdk/trts/linux/trts_pic.S index af47e443ab..f11e1dbbe8 100644 --- a/sdk/trts/linux/trts_pic.S +++ b/sdk/trts/linux/trts_pic.S @@ -476,14 +476,14 @@ DECLARE_LOCAL_FUNC continue_execution mov SE_WORDSIZE*6(%xcx), %xsi mov SE_WORDSIZE*7(%xcx), %xdi #ifdef LINUX64 - mov SE_WORDSIZE*8(%xcx), %xsi - mov SE_WORDSIZE*9(%xcx), %xsi - mov SE_WORDSIZE*10(%xcx), %xsi - mov SE_WORDSIZE*11(%xcx), %xsi - mov SE_WORDSIZE*12(%xcx), %xsi - mov SE_WORDSIZE*13(%xcx), %xsi - mov SE_WORDSIZE*14(%xcx), %xsi - mov SE_WORDSIZE*15(%xcx), %xsi + mov SE_WORDSIZE*8(%xcx), %r8 + mov SE_WORDSIZE*9(%xcx), %r9 + mov SE_WORDSIZE*10(%xcx), %r10 + mov SE_WORDSIZE*11(%xcx), %r11 + mov SE_WORDSIZE*12(%xcx), %r12 + mov SE_WORDSIZE*13(%xcx), %r13 + mov SE_WORDSIZE*14(%xcx), %r14 + mov SE_WORDSIZE*15(%xcx), %r15 push SE_WORDSIZE*16(%xcx) popf #else diff --git a/sdk/trts/trts_veh.cpp b/sdk/trts/trts_veh.cpp index c338d82c9d..cc5f4fbf07 100644 --- a/sdk/trts/trts_veh.cpp +++ b/sdk/trts/trts_veh.cpp @@ -63,9 +63,9 @@ static bool is_stack_addr(void *address, size_t size) { thread_data_t *thread_data = get_thread_data(); size_t stack_base = thread_data->stack_base_addr; - size_t stack_top = thread_data->stack_limit_addr; + size_t stack_limit = thread_data->stack_limit_addr; size_t addr = (size_t) address; - return (addr <= (addr + size)) && (stack_base >= (addr + size)) && (stack_top <= addr); + return (addr <= (addr + size)) && (stack_base >= (addr + size)) && (stack_limit <= addr); } static bool is_valid_sp(uintptr_t sp) { @@ -219,7 +219,19 @@ extern "C" __attribute__((regparm(1))) void internal_handle_exception(sgx_except node = node->next; } - if (size == 0 || (nhead = (uintptr_t *)malloc(size)) == NULL) + // There's no exception handler registered + if (size == 0) + { + sgx_spin_unlock(&g_handler_lock); + + //exception cannot be handled + thread_data->exception_flag = -1; + + //instruction triggering the exception will be executed again. + continue_execution(info); + } + + if ((nhead = (uintptr_t *)malloc(size)) == NULL) { sgx_spin_unlock(&g_handler_lock); goto failed_end; @@ -324,7 +336,8 @@ extern "C" sgx_status_t trts_handle_exception(void *tcs) size = 0; #ifdef SE_GNU64 - size += 128; // preserve stack for red zone (128 bytes) + size += 128; // x86_64 requires a 128-bytes red zone, which begins directly + // after the return addr and includes func's arguments #endif // decrease the stack to give space for info diff --git a/sdk/tsetjmp/Makefile b/sdk/tsetjmp/Makefile new file mode 100644 index 0000000000..907d7bd2b3 --- /dev/null +++ b/sdk/tsetjmp/Makefile @@ -0,0 +1,69 @@ +# +# Copyright (C) 2011-2016 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +include ../../buildenv.mk + +CFLAGS += $(ENCLAVE_CFLAGS) +ASFLAGS := $(CFLAGS) +CFLAGS += -std=c99 +CXXFLAGS += $(ENCLAVE_CXXFLAGS) -fno-exceptions -fno-rtti -D_TLIBC_USE_INTEL_FAST_STRING_ + +CPPFLAGS += -I. \ + -I$(COMMON_DIR)/inc/internal \ + -I$(COMMON_DIR)/inc/internal/linux \ + +LIBLONGJMP_CPP_SRCS := tlongjmp_version.cpp +LIBLONGJMP_ASM_SRCS := $(wildcard *.S) + +LIBLONGJMP_OBJS := $(LIBLONGJMP_ASM_SRCS:.S=.o) +LIBLONGJMP_OBJS += $(LIBLONGJMP_CPP_SRCS:.cpp=.o) + +LIBLONGJMP_NAME := libsgx_tsetjmp.a + +.PHONY: all +all: $(LIBLONGJMP_NAME) | $(BUILD_DIR) + $(CP) $(LIBLONGJMP_NAME) $| + +$(LIBLONGJMP_NAME): $(LIBLONGJMP_OBJS) + $(AR) rcs $@ $^ + +%.o: %.cpp + $(CXX) $(CXXFLAGS) $(CPPFLAGS) -c $< -o $@ + +%.o: %.S + $(CC) $(ASFLAGS) $(CPPFLAGS) -c $< -o $@ + +$(BUILD_DIR): + @$(MKDIR) $@ + +.PHONY: clean +clean: + @$(RM) $(LIBLONGJMP_NAME) $(LIBLONGJMP_OBJS) $(BUILD_DIR)/$(LIBLONGJMP_NAME) diff --git a/sdk/tsetjmp/_setjmp.S b/sdk/tsetjmp/_setjmp.S new file mode 100644 index 0000000000..09eb712b0d --- /dev/null +++ b/sdk/tsetjmp/_setjmp.S @@ -0,0 +1,131 @@ +/* $NetBSD: _setjmp.S,v 1.9 2014/05/23 02:34:19 uebayasi Exp $ */ + +/*- + * Copyright (c) 1990 The Regents of the University of California. + * All rights reserved. + * + * This code is derived from software contributed to Berkeley by + * William Jolitz. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * from: @(#)_setjmp.s 5.1 (Berkeley) 4/23/90 + */ + +#include "linux-regs.h" +#if defined(LIBC_SCCS) + RCSID("$NetBSD: _setjmp.S,v 1.9 2014/05/23 02:34:19 uebayasi Exp $") +#endif + +/* + * C library -- _setjmp, _longjmp + * + * _longjmp(a,v) + * will generate a "return(v)" from the last call to + * _setjmp(a) + * by restoring registers from the stack. + * The previous signal state is NOT restored. + */ + +#ifdef LINUX32 +#define _JB_EDX 0 +#define _JB_EBX 1 +#define _JB_ESP 2 +#define _JB_EBP 3 +#define _JB_ESI 4 +#define _JB_EDI 5 +#define MOV movl +#endif + +#ifdef LINUX64 +#define _JB_RBX 0 +#define _JB_RBP 1 +#define _JB_R12 2 +#define _JB_R13 3 +#define _JB_R14 4 +#define _JB_R15 5 +#define _JB_RSP 6 +#define _JB_PC 7 +#define MOV movq +#endif + +DECLARE_GLOBAL_FUNC _setjmp +#ifdef LINUX32 + movl 4(%esp),%eax + movl 0(%esp),%edx + movl %edx, (_JB_EDX * 4)(%eax) /* rta */ + movl %ebx, (_JB_EBX * 4)(%eax) + movl %esp, (_JB_ESP * 4)(%eax) + movl %ebp, (_JB_EBP * 4)(%eax) + movl %esi, (_JB_ESI * 4)(%eax) + movl %edi, (_JB_EDI * 4)(%eax) +#endif +#ifdef LINUX64 + movq (%rsp),%r11 + movq %rbx,(_JB_RBX * 8)(%rdi) + movq %rbp,(_JB_RBP * 8)(%rdi) + movq %r12,(_JB_R12 * 8)(%rdi) + movq %r13,(_JB_R13 * 8)(%rdi) + movq %r14,(_JB_R14 * 8)(%rdi) + movq %r15,(_JB_R15 * 8)(%rdi) + movq %rsp,(_JB_RSP * 8)(%rdi) + movq %r11,(_JB_PC * 8)(%rdi) +#endif + xorl %eax,%eax + ret + +DECLARE_GLOBAL_FUNC _longjmp +#ifdef LINUX32 + movl 4(%esp),%edx + movl 8(%esp),%eax + movl (_JB_EDX * 4)(%edx),%ecx + movl (_JB_EBX * 4)(%edx),%ebx + movl (_JB_ESP * 4)(%edx),%esp + movl (_JB_EBP * 4)(%edx),%ebp + movl (_JB_ESI * 4)(%edx),%esi + movl (_JB_EDI * 4)(%edx),%edi +#endif +#ifdef LINUX64 + movl %esi,%eax + movq (_JB_RBX * 8)(%rdi),%rbx + movq (_JB_RBP * 8)(%rdi),%rbp + movq (_JB_R12 * 8)(%rdi),%r12 + movq (_JB_R13 * 8)(%rdi),%r13 + movq (_JB_R14 * 8)(%rdi),%r14 + movq (_JB_R15 * 8)(%rdi),%r15 + movq (_JB_RSP * 8)(%rdi),%rsp + movq (_JB_PC * 8)(%rdi),%rcx + +#endif + testl %eax,%eax + jnz 1f + incl %eax +1: MOV %xcx,0(%xsp) + ret + +DECLARE_GLOBAL_FUNC set_sgx_tlongjmp_version + lea_pic sgx_tsetjmp_version, %xax + ret + diff --git a/sdk/tlibc/math/w_dreml.c b/sdk/tsetjmp/tlongjmp_version.cpp similarity index 84% rename from sdk/tlibc/math/w_dreml.c rename to sdk/tsetjmp/tlongjmp_version.cpp index 5537f164cd..c521781add 100644 --- a/sdk/tlibc/math/w_dreml.c +++ b/sdk/tsetjmp/tlongjmp_version.cpp @@ -29,14 +29,17 @@ * */ -#include -#include +#include "se_version.h" -#if (LDBL_MANT_DIG > DBL_MANT_DIG) +#define __CONCAT(x, y) x/**/y -long double dreml(long double x, long double y) -{ - return remainderl(x, y); -} +#define SGX_TSETJMP_VERSION_STR __CONCAT("SGX_TSETJMP_VERSION_", STRFILEVER) +#ifdef __cplusplus +extern "C" { +#endif +__attribute__((visibility("default"))) +const char * sgx_tsetjmp_version = SGX_TSETJMP_VERSION_STR; +#ifdef __cplusplus +} #endif