LocalAttestationTrusted.cpp 5.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. // #include <stdint.h>
  32. #include "LocalAttestationTrusted.h"
  33. #include "Decryptor.h"
  34. #include "error_codes.h"
  35. #include "datatypes.h"
  36. #include "sgx_tcrypto.h"
  37. #include "sgx_dh.h"
  38. dh_session_t LocalAttestationTrusted::global_session_info;
  39. uint32_t LocalAttestationTrusted::one_successful_la_done=0;
  40. uint32_t LocalAttestationTrusted::get_one_successful_la_done()
  41. {
  42. return one_successful_la_done;
  43. }
  44. //Handle the request from Source Enclave for a session
  45. uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
  46. {
  47. sgx_dh_session_t sgx_dh_session;
  48. sgx_status_t status = SGX_SUCCESS;
  49. if(!session_id || !dh_msg1)
  50. {
  51. return INVALID_PARAMETER_ERROR;
  52. }
  53. //Intialize the session as a session responder
  54. status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
  55. if(SGX_SUCCESS != status)
  56. {
  57. return status;
  58. }
  59. *session_id=1;
  60. global_session_info.status = IN_PROGRESS;
  61. //Generate Message1 that will be returned to Source Enclave
  62. status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
  63. if(SGX_SUCCESS != status)
  64. return status;
  65. memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
  66. return 0;
  67. }
  68. // TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
  69. //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
  70. uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
  71. {
  72. sgx_key_128bit_t dh_aek;
  73. uint32_t status = 0;
  74. sgx_dh_session_t sgx_dh_session;
  75. sgx_dh_session_enclave_identity_t initiator_identity;
  76. uint32_t verify_return;
  77. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  78. if(!dh_msg2 || !dh_msg3)
  79. return INVALID_PARAMETER_ERROR;
  80. if(global_session_info.status != IN_PROGRESS)
  81. return INVALID_SESSION; // end_session(); // TODO: DA FUQ RETURN STH HERE.
  82. memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));
  83. dh_msg3->msg3_body.additional_prop_length = 0;
  84. //Process message 2 from source enclave and obtain message 3
  85. status = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, &dh_aek, &initiator_identity);
  86. if(SGX_SUCCESS != status)
  87. return status;
  88. //Verify source enclave's trust
  89. verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
  90. if(verify_return != 0)
  91. return verify_return;
  92. else
  93. one_successful_la_done++;
  94. /*
  95. //save the session ID, status and initialize the session nonce
  96. global_session_info.session_id = *session_id;
  97. global_session_info.status = ACTIVE; // This means that you can't keep calling exchange_report over and over again.
  98. global_session_info.active.counter = 0;
  99. memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
  100. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  101. */
  102. return status;
  103. }
  104. /*
  105. void LocalAttestationTrusted::get_verifier_mr_enclave(uint8_t* op_mr_enclave)
  106. {
  107. uint32_t counter;
  108. for(counter=0; counter<32; counter++)
  109. op_mr_enclave[counter] = verifier_mr_enclave[counter];
  110. }
  111. void LocalAttestationTrusted::set_apache_mr_signer(uint8_t* ip_mr_signer)
  112. {
  113. uint32_t counter;
  114. for(counter=0; counter<32; counter++)
  115. apache_mr_signer[counter] = ip_mr_signer[counter];
  116. }
  117. */