Chris Rankin c545a58c1d
Remote Attestation Phase 2 (#235)
* Initial host server skeleton.
* Create IASProxy project, and skeleton for attestation host.
* Fix up tests
* Extend attestation host skeleton, and make test ports configurable.
* Enhance MockIAS to make pseManifestStatus optional.
* Make IASProxy endpoints asynchronous.
* Add sub-modules for challenger and for common code.
* Create integration test for host's provisioning endpoint.
* Flesh out attestation challenger WAR.
* Package refactoring, to be more Java9 friendly.
* Refactor more messages into attestation-common.
* Remove our private key from the repository.
* Declare an empty PSE Manifest to be invalid.
* Fix basic integration test issues for challenger and host.
* Integrate keystore scripts into the build properly.
* Name keystore targets explicitly for Gradle.
* Allow HTTP conversation between Challenger, Host and ISV using session ID.
* Add MockHost for challenger's integration tests.
* Reconcile HTTP port numbers between Phase1 and Phase2 components.
* Remove elements that can be inherited from root project.
* Add placeholder README.
* Add convenient extension functions to ObjectMapper.
* Extend integration test coverage for challenger/host/isv.
* Catch IOException from HttpClient for challenger.
* Integrate host sub-module with remote-attestation project.
* Begin integrating host/enclave code from Phase I.
* Rename challenger's HTTP endpoint.
* Generate keystore for challenger "on the fly".
* Add native JNI code for accessing the SGX enclave.
* Point Gradle to the correct enclave object.
* Fixes for generating a Quote for this enclave.
* Return the IAS report to the challenger for verification.
* Begin populating the challenger's AttestationResponse message.
* Enable the challenger to pass encrypted secrets into the enclave.
* Align challenger, host and isv ports.
* Refactor challenger as a fat-jar application.
* AttestationResponse is not shared, so refactor into challenger.
* Move HttpClientContext objects into HttpClient blocks.
* Remove unused Message2 and Message3 objects.
* Add realistic dummy value for reportID from IAS.
* Small tidy-up on attestation host.
* First set of review comments.
* Add missing exception message.
* Update location of environment file.
* Use empty mock revocation lists by default.
* Improve logging and add "happy path" test for provisioning secrets.
* Update Gradle files so that we can run attestation-host from IntelliJ.
* The platformInfo field from IAS can be null, so allow this.
Also protect other JNI pointer parameters from NPE.
* Allow Gradle to build hardware enclave.
2017-12-22 14:42:42 +00:00

105 lines
4.1 KiB
Plaintext

enclave {
from "sgx_tkey_exchange.edl" import *;
include "sgx_key_exchange.h"
include "sgx_tseal.h"
trusted {
/**
* Initialize the remote attestation process.
*
* @param usePlatformServices If true, the enclave establishes a
* session with the PSE before initializing the attestation context.
* This provides additional nonce replay protection and a reliable
* monotonic counter.
* @param challengerKey ECDSA public key of the challenger with the 8
* magic bytes removed, and X and Y components changed to little
* endian.
* @param context The variable receiving the context constructed during
* initialization.
*
* @return Status code indicative of the outcome of the operation.
*/
public sgx_status_t initializeRemoteAttestation(
bool usePlatformServices,
[in] const sgx_ec256_public_t *challengerKey,
[out] sgx_ra_context_t *context
);
/**
* Clean up and finalize the remote attestation process.
*
* @param context The context constructed during initialization.
*
* @return SGX_SUCCESS if successful, or SGX_ERROR_INVALID_PARAMETER if
* an invalid context is provided.
*/
public sgx_status_t finalizeRemoteAttestation(
sgx_ra_context_t context
);
/**
* Verify CMAC of attestation result from challenger using the MK key.
*
* @param context The context constructed during initialization.
* @param message The status obtained from the challenger as part of
* the attestation result.
* @param messageSize The size of the attestation status payload.
* @param cmac The CMAC received from the challenger.
* @param cmacSize The size of the CMAC received.
*
* @return Status code indicative of the outcome of the operation.
*/
public sgx_status_t verifyCMAC(
sgx_ra_context_t context,
[in,size=messageSize] const uint8_t *message,
size_t messageSize,
[in,size=cmacSize] const uint8_t *cmac,
size_t cmacSize
);
/**
* Verify an attestation response from the service provider.
*
* @param context The context constructed during initialization.
* @param secret Message containing the secret.
* @param secretSize Size of the secret message, in bytes.
* @param gcmIV The initialization vector used in the decryption.
* @param gcmMac Pointer to the AES-GCM MAC for the secret message.
* @param gcmMacSize Size of the AES-GCM MAC.
* @param sealedSecret Pre-allocated buffer receiving the sealed
* secret. If NULL, the sealed secret will not be returned.
* @param maxSealedSecretSize The maximum size of the sealed secret.
* This must be less than or equal to the size of the pre-allocated
* buffer above, and no larger than the upper limit of 128 bytes.
*
* @return Status code indicative of the outcome of the operation.
*/
public sgx_status_t verifyAttestationResponse(
sgx_ra_context_t context,
[in,size=secretSize] const uint8_t *secret,
size_t secretSize,
[in,count=12] const uint8_t *gcmIV,
[in,size=gcmMacSize] const uint8_t *gcmMac,
size_t gcmMacSize,
[out,size=maxSealedSecretSize] uint8_t *sealedSecret,
size_t maxSealedSecretSize
);
/**
* Check whether the application enclave is able to unseal a secret.
*
* @param sealedSecret The previously sealed secret.
* @param sealedSecretSize The size of the sealed secret.
*
* @return Status code indicative of the outcome of the operation.
*/
public sgx_status_t unsealSecret(
[in,size=sealedSecretSize] uint8_t *sealedSecret,
size_t sealedSecretSize
);
};
};