ExternalVendorCode/corda
1
0
Fork 0
mirror of https://github.com/corda/corda.git synced 2024-12-29 09:18:58 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
da1afd9c55
corda/sgx-jvm/remote-attestation/attestation-host/native/enclave-manager.cpp
Chris Rankin c545a58c1d
Remote Attestation Phase 2 (#235) 
* Initial host server skeleton.
* Create IASProxy project, and skeleton for attestation host.
* Fix up tests
* Extend attestation host skeleton, and make test ports configurable.
* Enhance MockIAS to make pseManifestStatus optional.
* Make IASProxy endpoints asynchronous.
* Add sub-modules for challenger and for common code.
* Create integration test for host's provisioning endpoint.
* Flesh out attestation challenger WAR.
* Package refactoring, to be more Java9 friendly.
* Refactor more messages into attestation-common.
* Remove our private key from the repository.
* Declare an empty PSE Manifest to be invalid.
* Fix basic integration test issues for challenger and host.
* Integrate keystore scripts into the build properly.
* Name keystore targets explicitly for Gradle.
* Allow HTTP conversation between Challenger, Host and ISV using session ID.
* Add MockHost for challenger's integration tests.
* Reconcile HTTP port numbers between Phase1 and Phase2 components.
* Remove elements that can be inherited from root project.
* Add placeholder README.
* Add convenient extension functions to ObjectMapper.
* Extend integration test coverage for challenger/host/isv.
* Catch IOException from HttpClient for challenger.
* Integrate host sub-module with remote-attestation project.
* Begin integrating host/enclave code from Phase I.
* Rename challenger's HTTP endpoint.
* Generate keystore for challenger "on the fly".
* Add native JNI code for accessing the SGX enclave.
* Point Gradle to the correct enclave object.
* Fixes for generating a Quote for this enclave.
* Return the IAS report to the challenger for verification.
* Begin populating the challenger's AttestationResponse message.
* Enable the challenger to pass encrypted secrets into the enclave.
* Align challenger, host and isv ports.
* Refactor challenger as a fat-jar application.
* AttestationResponse is not shared, so refactor into challenger.
* Move HttpClientContext objects into HttpClient blocks.
* Remove unused Message2 and Message3 objects.
* Add realistic dummy value for reportID from IAS.
* Small tidy-up on attestation host.
* First set of review comments.
* Add missing exception message.
* Update location of environment file.
* Use empty mock revocation lists by default.
* Improve logging and add "happy path" test for provisioning secrets.
* Update Gradle files so that we can run attestation-host from IntelliJ.
* The platformInfo field from IAS can be null, so allow this.
Also protect other JNI pointer parameters from NPE.
* Allow Gradle to build hardware enclave.
2017-12-22 14:42:42 +00:00

96 lines
3.0 KiB
C++
Raw Blame History

#include <cstddef>
#include <sgx.h>
#include <sgx_key_exchange.h>
#include <sgx_uae_service.h>
#include "enclave-manager.hpp"
#include "logging.hpp"
// Instantiate a new enclave from a signed enclave binary, and return the
// identifier of the instance.
sgx_enclave_id_t create_enclave(
const char *path,
bool use_platform_services,
sgx_status_t *result,
sgx_launch_token_t *token
) {
int updated = 0; // Indication of whether the launch token was updated.
sgx_enclave_id_t enclave_id = 0; // The identifier of the created enclave.
// If the launch token is empty, then create a new enclave. Otherwise, try
// to re-activate the existing enclave. `SGX_DEBUG_FLAG` is automatically
// set to 1 in debug mode, and 0 in release mode.
sgx_status_t status = sgx_create_enclave(
path, SGX_DEBUG_FLAG, token, &updated, &enclave_id, NULL
);
LOG(enclave_id, status, 0, "sgx_create_enclave()");
// Store the return value of the operation.
if (NULL != result) {
*result = status;
}
// Return the identifier of the created enclave. Remember that if `status`
// is `SGX_ERROR_ENCLAVE_LOST`, the enclave should be destroyed and then
// re-created.
return (SGX_SUCCESS == status) ? enclave_id : 0;
}
// Destroy enclave if currently loaded.
bool destroy_enclave(sgx_enclave_id_t enclave_id) {
if (enclave_id != 0){
// Attempt to destroy the enclave if we are provided with a valid
// enclave identifier.
sgx_status_t status = sgx_destroy_enclave(enclave_id);
LOG(enclave_id, status, 0, "sgx_destroy_enclave()");
return SGX_SUCCESS == status;
}
return false;
}
// Check the status of the SGX device on the current machine.
sgx_device_status_t get_device_status(void) {
#if SGX_SIM == 1
#pragma message "get_device_status() is being simulated"
// If in simulation mode, simulate device capabilities.
return SGX_ENABLED;
#endif
// Try to retrieve the current status of the SGX device.
sgx_device_status_t status;
sgx_status_t ret = sgx_cap_enable_device(&status);
LOG(0, ret, 0, "sgx_cap_enable_device() = { status = %x }", status);
if (SGX_SUCCESS != ret) {
return SGX_DISABLED;
}
return status;
}
// Report which extended Intel EPID Group the client uses by default.
uint32_t get_extended_group_id(sgx_status_t *result) {
uint32_t egid;
// The extended EPID group identifier is indicative of which attestation
// service the client is supposed to be communicating with. Currently, only
// a value of zero is supported, which is referring to Intel. The user
// should verify the retrieved extended group identifier, as any other
// value than zero will be disregarded by the service provider.
sgx_status_t status = sgx_get_extended_epid_group_id(&egid);
LOG(0, status, 0, "sgx_get_extended_epid_group_id() = %u", egid);
// Store the return value of the operation.
if (NULL != result) {
*result = status;
}
return egid;
}
Reference in New Issue View Git Blame Copy Permalink