Home Explore Help
Sign In
miti
/
graphene
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: bf2a41a301
Branches Tags
graphene
/
Pal
/
src
/
host
/
Linux-SGX
/
signer
/
pal-sgx-get-token

pal-sgx-get-token 4.7 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169 
  1. #!/usr/bin/env python
    2. 

  2. 

  3. import os
    4. 

  4. import sys
    5. 

  5. import struct
    6. 

  6. import socket
    7. 

  7. from google.protobuf import message as _message
    8. 

  8. from Crypto.PublicKey import RSA
    9. 

  9. import aesm_pb2
    10. 

  10. 

  11. """ Utilities """
    12. 

  12. 

  13. def int_to_bytes(i):
    14. 

  14.     b = ""
    15. 

  15.     l = 0
    16. 

  16.     while i > 0:
    17. 

  17.         b = b + chr(i % 256)
    18. 

  18.         i = i // 256
    19. 

  19.         l = l + 1
    20. 

  20.     return b
    21. 

  21. 

  22. def bytes_to_int(b):
    23. 

  23.     i = 0
    24. 

  24.     for c in b:
    25. 

  25.         i = i * 256 + ord(c)
    26. 

  26.     return i
    27. 

  27. 

  28. 

  29. """ Reading Sigstruct """
    30. 

  30. 

  31. def read_sigstruct(sig):
    32. 

  32.     # field format: (offset, type, value)
    33. 

  33.     fields = dict()
    34. 

  34. 

  35.     fields['date']      = (  20, "<HBB", 'year', 'month', 'day')
    36. 

  36. 

  37.     fields['modulus']   = ( 128, "384s", 'modulus')
    38. 

  38.     fields['exponent']  = ( 512, "<L",   'exponent')
    39. 

  39.     fields['signature'] = ( 516, "384s", 'signature')
    40. 

  40. 

  41.     fields['miscs']     = ( 900, "4s",   'miscs')
    42. 

  42.     fields['miscmask']  = ( 904, "4s",   'miscmask')
    43. 

  43.     fields['attrs']     = ( 928, "8s8s", 'flags', 'xfrms')
    44. 

  44.     fields['attrmask']  = ( 944, "8s8s", 'flagmask', 'xfrmmask')
    45. 

  45.     fields['mrencalve'] = ( 960, "32s",  'mrenclave')
    46. 

  46.     fields['isvprodid'] = (1024, "<H",   'isvprodid')
    47. 

  47.     fields['isvsvn']    = (1026, "<H",   'isvsvn')
    48. 

  48. 

  49.     attr = dict()
    50. 

  50.     for key, field in fields.items():
    51. 

  51.         values = struct.unpack_from(field[1], sig, field[0])
    52. 

  52. 

  53.         for i in range(len(values)):
    54. 

  54.             attr[field[i + 2]] = values[i]
    55. 

  55. 

  56.     return attr
    57. 

  57. 

  58. """ Connect with AESMD """
    59. 

  59. 

  60. def connect_aesmd(attr):
    61. 

  61.     req_msg = aesm_pb2.GetTokenReq()
    62. 

  62.     req_msg.req.signature = attr['mrenclave']
    63. 

  63.     req_msg.req.key = attr['modulus']
    64. 

  64.     req_msg.req.attributes = attr['flags'] + attr['xfrms']
    65. 

  65.     req_msg.req.timeout = 10000
    66. 

  66. 

  67.     req_msg_raw = req_msg.SerializeToString()
    68. 

  68. 

  69.     aesm_service = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
    70. 

  70.     aesm_service.connect("\0sgx_aesm_socket_base" + "\0" * 87)
    71. 

  71. 

  72.     aesm_service.send(struct.pack("<I", len(req_msg_raw)))
    73. 

  73.     aesm_service.send(req_msg_raw)
    74. 

  74. 

  75.     ret_msg_size = struct.unpack("<I", aesm_service.recv(4))[0]
    76. 

  76.     ret_msg = aesm_pb2.GetTokenRet()
    77. 

  77.     ret_msg_raw = aesm_service.recv(ret_msg_size)
    78. 

  78.     ret_msg.ParseFromString(ret_msg_raw)
    79. 

  79. 

  80.     if ret_msg.ret.error != 0:
    81. 

  81.         raise Exception("Failed. (Error Code = %d)" % (ret_msg.ret.error))
    82. 

  82. 

  83.     return ret_msg.ret.token
    84. 

  84. 

  85. """ Main Program """
    86. 

  86. 

  87. options = {
    88. 

  88. #       Option name : (Required  Value)
    89. 

  89.         'output':    (True,    'output'),
    90. 

  90.         'sig':       (True,    'sigstruct file'),
    91. 

  91.     }
    92. 

  92. 

  93. def usage():
    94. 

  94.     usage_message = 'USAGE: ' + sys.argv[0] + ' -help|-h'
    95. 

  95. 

  96.     for opt, optval in options.items():
    97. 

  97.         if not optval[0]:
    98. 

  98.             usage_message += '['
    99. 

  99.         usage_message += '|-' + opt
    100. 

  100.         if optval[1]:
    101. 

  101.             usage_message += ' <' + optval[1] + '>'
    102. 

  102.         if not optval[0]:
    103. 

  103.             usage_message += ']'
    104. 

  104. 

  105.     print >> sys.stderr, usage_message
    106. 

  106.     os._exit(-1)
    107. 

  107. 

  108. def parse_args():
    109. 

  109.     args = dict()
    110. 

  110.     for opt, optval in options.items():
    111. 

  111.         if optval[1] is None:
    112. 

  112.             args[opt] = False
    113. 

  113. 

  114.     i = 1
    115. 

  115.     while i < len(sys.argv):
    116. 

  116.         got = sys.argv[i]
    117. 

  117. 

  118.         if got == '-help' or got == '-h':
    119. 

  119.             usage()
    120. 

  120. 

  121.         invalid = True
    122. 

  122.         for opt, optval in options.items():
    123. 

  123.             if got != '-' + opt:
    124. 

  124.                 continue
    125. 

  125. 

  126.             if optval[1] is not None:
    127. 

  127.                 i += 1
    128. 

  128.                 if i == len(sys.argv):
    129. 

  129.                     print >>sys.stderr, "Option %s needs a value." % (opt)
    130. 

  130.                     usage()
    131. 

  131.                 args[opt] = sys.argv[i]
    132. 

  132.             else:
    133. 

  133.                 args[opt] = True
    134. 

  134. 

  135.             invalid = False
    136. 

  136.             break
    137. 

  137. 

  138.         if invalid:
    139. 

  139.             print >>sys.stderr, "Unknown option: %s." % (got[1:])
    140. 

  140.             usage()
    141. 

  141.         i += 1
    142. 

  142. 

  143.     for opt, optval in options.items():
    144. 

  144.         if optval[0] and opt not in args:
    145. 

  145.             print >>sys.stderr, "Must specify %s <%s>." % (opt, optval[1])
    146. 

  146.             usage()
    147. 

  147. 

  148.     return args
    149. 

  149. 

  150. if __name__ == "__main__":
    151. 

  151. 

  152.     # Parse arguments
    153. 

  153.     args = parse_args()
    154. 

  154. 

  155.     attr = read_sigstruct(open(args['sig'], 'rb').read())
    156. 

  156. 

  157.     print >>sys.stderr, "Attributes:"
    158. 

  158.     print >>sys.stderr, "    mrenclave: %s" % (attr['mrenclave'].encode('hex'))
    159. 

  159.     print >>sys.stderr, "    isvprodid: %d" % (attr['isvprodid'])
    160. 

  160.     print >>sys.stderr, "    isvsvn:    %d" % (attr['isvsvn'])
    161. 

  161.     print >>sys.stderr, "    flags:     %016x" % (bytes_to_int(attr['flags']))
    162. 

  162.     print >>sys.stderr, "    xfrms:     %016x" % (bytes_to_int(attr['xfrms']))
    163. 

  163.     print >>sys.stderr, "    miscs:     %08x"  % (bytes_to_int(attr['miscs']))
    164. 

  164.     print >>sys.stderr, "    modulus:   %s..." % (attr['modulus'].encode('hex')[:32])
    165. 

  165.     print >>sys.stderr, "    exponent:  %d" % (attr['exponent'])
    166. 

  166.     print >>sys.stderr, "    signature: %s..." % (attr['signature'].encode('hex')[:32])
    167. 

  167. 

  168.     token = connect_aesmd(attr)
    169. 

  169.     open(args['output'], 'wb').write(token)
    170.