/* * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ /** * File: provision_msg.h * Description: Definition for data structure and provision protocol * * Definition for data structure and provision protocol */ #ifndef _PVE_MSG_H_ #define _PVE_MSG_H_ #include "epid_pve_type.h" #include "sgx_tseal.h" //error code definition typedef enum _pve_status_t { PVEC_SUCCESS = 0, PVEC_PARAMETER_ERROR, PVEC_INSUFFICIENT_MEMORY_ERROR, PVEC_READ_RAND_ERROR, PVEC_SIGRL_INTEGRITY_CHECK_ERROR, PVEC_MALLOC_ERROR, PVEC_EPID_BLOB_ERROR, PVEC_SE_ERROR, PVEC_IPP_ERROR, PVEC_MSG_ERROR, PVEC_PEK_SIGN_ERROR, PVEC_INTEGER_OVERFLOW_ERROR, PVEC_SEAL_ERROR, PVEC_EPID_ERROR, PVEC_SESSION_OUT_OF_ORDER_ERROR, PVEC_REVOKED_ERROR, PVEC_UNSUPPORTED_VERSION_ERROR, PVEC_INVALID_CPU_ISV_SVN, PVEC_INVALID_EPID_KEY, PVEC_UNEXPECTED_ERROR //unknown error which should never happen, it indicates there're internal logical error in PvE's code }pve_status_t; //State inside PvE typedef enum _prov_stage_t { PVE_STAGE_IDLE, //waiting for ProvMsg1 PVE_STAGE_WAIT_FOR_GET_EK2, //waiting for get ek2 after processing msg1 PVE_STAGE_WAIT_FOR_MSG2_OR_MSG4, //waiting for ProvMsg2 or ProvMsg4 after getting ek2 PVE_STAGE_WAIT_FOR_MSG4, //waiting for ProvMsg4 only }prov_stage_t; #define PVE_RSAOAEP_ENCRYPT_MAXLEN (PVE_RSA_KEY_BYTES - 2*SHA_SIZE_BIT/8 - 2) //190 bytes at most //macro definition for RSA-OAE algorithm //SHA-256 will be used for the hash generation #define SHA_SIZE_BIT 256 #define MSG1_FIELD1_MAX_PAYLOAD_SIZE (4+PPID_SIZE+FMSP_SIZE+PSVN_SIZE+4+FLAGS_SIZE) #define HARD_CODED_EPID_BLOB_SIZE (sizeof(sgx_sealed_data_t)+sizeof(se_secret_epid_data_t)+sizeof(se_plaintext_epid_data_t)) #define pointer_diff_u32(p1, p2) static_cast(p1-p2) #pragma pack(1) //output information from PvE for AESM to generated ProvMsg1 typedef struct _prov_msg1_output_t{ uint32_t field1_data_size; //size of field1_data, it will be no more than MSG1_FIELD1_MAX_PAYLOAD_SIZE uint8_t xid[XID_SIZE]; //The random transaction id which will be generated inside Enclave uint8_t field0[PVE_RSA_KEY_BYTES]; //field0 of Msg1 generated inside PvE encrypted by RSA-OAEP, that's SK TLV:PSID TLV uint8_t field1_iv[IV_SIZE]; //The random IV used to encrypt field1 of Msg1 by aes-gcm //field1 before encryption is DeviceIDTlV[:FlagTLV] uint8_t field1_data[MSG1_FIELD1_MAX_PAYLOAD_SIZE];//The encrypted field1 of Msg1 by aes-gcm, the size in byte is indicated by field1_data uint8_t field1_mac[MAC_SIZE]; //The generated mac value of field1 of Msg1 by aes-gcm }prov_msg1_output_t; //input information to generate EK2 by PvE typedef struct _prov_get_ek2_input_t{ uint8_t xid[XID_SIZE]; //The transaction Id uint8_t nonce[NONCE_SIZE]; //The nonce_r from ProvMsg2 or ProvMsg4 }prov_get_ek2_input_t; //Ek2 generated by PvE typedef struct _prov_get_ek2_output_t{ uint8_t ek2[SK_SIZE]; }prov_get_ek2_output_t; //input information for PvE to decode data from ProvMsg2 typedef struct _proc_prov_msg2_blob_input_t{ signed_epid_group_cert_t group_cert; //ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg2 uint8_t challenge_nonce[CHALLENGE_NONCE_SIZE]; //The challenge nonce from ProvMsg2 psvn_t equivalent_psvn; //The Equivalent PSVN which contains ISVN and Equivalent CPUSVN psvn_t previous_psvn; //an optional PSVN for Sigrl corresponding to previous EPID (if we upgrade TCB or performance rekey) fmsp_t fmsp; //fmsp passing in ProvMsg2 from Provisioning Backend server GroupID previous_gid; //optional previous_gid if previous_psvn is provided uint8_t old_epid_data_blob[HARD_CODED_EPID_BLOB_SIZE]; //optional old epid data blob corresponding to previous EPID uint8_t tcb_iv[IV_SIZE]; //The random IV to decode TIK uint8_t encrypted_tcb[SK_SIZE]; //It's TIK1, the aesm-gcm encrypted TIK by aes-gcm uint8_t tcb_mac[MAC_SIZE]; //The mac value to check the integrity of TIK1 uint8_t is_previous_psvn_provided;//both previous_psvn and old_epid_data_blob should be provided if it is true and prev gid must be provided too }proc_prov_msg2_blob_input_t; #define HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE (4+sizeof(join_proof_with_escrow_t)) #define HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE (4+sizeof(membertship_credential_with_escrow_t)) //output information from PvE for AESM to generate ProvMsg3 typedef struct _gen_prov_msg3_output_t{ uint8_t field1_iv[IV_SIZE]; //The random generated IV for aes-gcm encryption of join proof and escrow data uint8_t field1_data[HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE]; //The encrypted join proof and escrow data TLV by aes-gcm uint8_t field1_mac[MAC_SIZE]; //The corresponding mac value of previous encrypted data uint8_t epid_sig_iv[IV_SIZE]; //The random generated IV for aes-gcm encryption of EPIDSignature if available uint8_t epid_sig_mac[MAC_SIZE];//The corresponding mac value for encrypted EPIDSignature if available uint32_t epid_sig_output_size; //The size of EPIDSignature if available uint8_t is_join_proof_generated; //boolean value to tell whether join proof and escrow data is generated. The first three fields in this structure will be invalid if this field is false uint8_t is_epid_sig_generated; //boolean value to tell whether EpidSignature is generated //If it is false, the epid_sig_iv/mac/output_size are all invalid }gen_prov_msg3_output_t; //input information for PvE to decode data from ProvMsg4 and generate EPID Data Blob typedef struct _proc_prov_msg4_input_t{ uint8_t tcb_iv[IV_SIZE]; //The random IV to decode TIK uint8_t encrypted_tcb[SK_SIZE]; //It's TIK1, the aes-gcm encrypted TIK by aes-gcm uint8_t tcb_mac[MAC_SIZE]; //The mac value to check the integrity of TIK1 uint8_t member_credential_iv[IV_SIZE]; //The random IV to decode member credential and escrow data TLV uint8_t encrypted_member_credential[HARD_CODED_EPID_MEMBER_WITH_ESCROW_TLV_SIZE]; //The encrypted member credential and escrow data TLV by aes-gcm uint8_t member_credential_mac[MAC_SIZE]; //The mac value of previous field psvn_t equivalent_psvn; //An equivalent PSVN including ISVN and equivalent CPUSVN fmsp_t fmsp; //The fmsp from provisioning backend server signed_epid_group_cert_t group_cert;//ECDSA signed EPID Group Public Certificate from Intel decoded from ProvMsg4 }proc_prov_msg4_input_t; //The EPID Data Blob generated by PvE in processing ProvMsg4 data typedef struct _proc_prov_msg4_output_t{ uint8_t truested_epid_blob[HARD_CODED_EPID_BLOB_SIZE]; }proc_prov_msg4_output_t; //output data of PvE to generate End Point Selection TLV typedef struct _gen_endpoint_selection_output_t{ uint8_t xid[XID_SIZE]; uint8_t selector_id; }gen_endpoint_selection_output_t; #pragma pack() #define PSVN_START_IN_DEVICE_ID sizeof(ppid_t) #define PPID_START_IN_DEVICE_ID 0 #define FMSP_START_IN_DEVICE_ID (sizeof(ppid_t)+sizeof(psvn_t)) #endif