ias_ra.cpp 9.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "service_provider.h"
  32. #include "sample_libcrypto.h"
  33. #include "ecp.h"
  34. #include <stdio.h>
  35. #include <stdlib.h>
  36. #include <stddef.h>
  37. #include <time.h>
  38. #include <string.h>
  39. #include "ias_ra.h"
  40. //This whole file is used as simulation of the interfaces to be
  41. // delivered an attestation server.
  42. #define UNUSED(expr) do { (void)(expr); } while (0)
  43. #if !defined(SWAP_ENDIAN_DW)
  44. #define SWAP_ENDIAN_DW(dw) ((((dw) & 0x000000ff) << 24) \
  45. | (((dw) & 0x0000ff00) << 8) \
  46. | (((dw) & 0x00ff0000) >> 8) \
  47. | (((dw) & 0xff000000) >> 24))
  48. #endif
  49. #if !defined(SWAP_ENDIAN_32B)
  50. #define SWAP_ENDIAN_32B(ptr) \
  51. {\
  52. unsigned int temp = 0; \
  53. temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[0]); \
  54. ((unsigned int*)(ptr))[0] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[7]); \
  55. ((unsigned int*)(ptr))[7] = temp; \
  56. temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[1]); \
  57. ((unsigned int*)(ptr))[1] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[6]); \
  58. ((unsigned int*)(ptr))[6] = temp; \
  59. temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[2]); \
  60. ((unsigned int*)(ptr))[2] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[5]); \
  61. ((unsigned int*)(ptr))[5] = temp; \
  62. temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[3]); \
  63. ((unsigned int*)(ptr))[3] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[4]); \
  64. ((unsigned int*)(ptr))[4] = temp; \
  65. }
  66. #endif
  67. // This is the ECDSA NIST P-256 private key used to sign platform_info_blob.
  68. // This private
  69. // key and the public key in SDK untrusted KElibrary should be a temporary key
  70. // pair. For production parts an attestation server will sign the platform_info_blob with the
  71. // production private key and the SDK untrusted KE library will have the public
  72. // key for verifcation.
  73. static const sample_ec256_private_t g_rk_priv_key =
  74. {{
  75. 0x63,0x2c,0xd4,0x02,0x7a,0xdc,0x56,0xa5,
  76. 0x59,0x6c,0x44,0x3e,0x43,0xca,0x4e,0x0b,
  77. 0x58,0xcd,0x78,0xcb,0x3c,0x7e,0xd5,0xb9,
  78. 0xf2,0x91,0x5b,0x39,0x0d,0xb3,0xb5,0xfb
  79. }};
  80. static sample_spid_t g_sim_spid = {"Service X"};
  81. // Simulates the attestation server function for verifying the quote produce by
  82. // the ISV enclave. It doesn't decrypt or verify the quote in
  83. // the simulation. Just produces the attestaion verification
  84. // report with the platform info blob.
  85. //
  86. // @param p_isv_quote Pointer to the quote generated by the ISV
  87. // enclave.
  88. // @param pse_manifest Pointer to the PSE manifest if used.
  89. // @param p_attestation_verification_report Pointer the outputed
  90. // verification report.
  91. //
  92. // @return int
  93. int ias_verify_attestation_evidence(
  94. sample_quote_t *p_isv_quote,
  95. uint8_t* pse_manifest,
  96. ias_att_report_t* p_attestation_verification_report)
  97. {
  98. int ret = 0;
  99. sample_ecc_state_handle_t ecc_state = NULL;
  100. //unused parameters
  101. UNUSED(pse_manifest);
  102. if((NULL == p_isv_quote) ||
  103. (NULL == p_attestation_verification_report))
  104. {
  105. return -1;
  106. }
  107. //Decrypt the Quote signature and verify.
  108. p_attestation_verification_report->id = 0x12345678;
  109. p_attestation_verification_report->status = IAS_QUOTE_OK;
  110. p_attestation_verification_report->revocation_reason =
  111. IAS_REVOC_REASON_NONE;
  112. p_attestation_verification_report->info_blob.sample_epid_group_status =
  113. 0 << IAS_EPID_GROUP_STATUS_REVOKED_BIT_POS
  114. | 0 << IAS_EPID_GROUP_STATUS_REKEY_AVAILABLE_BIT_POS;
  115. p_attestation_verification_report->info_blob.sample_tcb_evaluation_status =
  116. 0 << IAS_TCB_EVAL_STATUS_CPUSVN_OUT_OF_DATE_BIT_POS
  117. | 0 << IAS_TCB_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS;
  118. p_attestation_verification_report->info_blob.pse_evaluation_status =
  119. 0 << IAS_PSE_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS
  120. | 0 << IAS_PSE_EVAL_STATUS_EPID_GROUP_REVOKED_BIT_POS
  121. | 0 << IAS_PSE_EVAL_STATUS_PSDASVN_OUT_OF_DATE_BIT_POS
  122. | 0 << IAS_PSE_EVAL_STATUS_SIGRL_OUT_OF_DATE_BIT_POS
  123. | 0 << IAS_PSE_EVAL_STATUS_PRIVRL_OUT_OF_DATE_BIT_POS;
  124. memset(p_attestation_verification_report->
  125. info_blob.latest_equivalent_tcb_psvn, 0, PSVN_SIZE);
  126. memset(p_attestation_verification_report->info_blob.latest_pse_isvsvn,
  127. 0, ISVSVN_SIZE);
  128. memset(p_attestation_verification_report->info_blob.latest_psda_svn,
  129. 0, PSDA_SVN_SIZE);
  130. memset(p_attestation_verification_report->info_blob.performance_rekey_gid,
  131. 0, GID_SIZE);
  132. // @TODO: Product signing algorithm still TBD. May be RSA2048 signing.
  133. // Generate the Service providers ECCDH key pair.
  134. do {
  135. ret = sample_ecc256_open_context(&ecc_state);
  136. if (SAMPLE_SUCCESS != ret) {
  137. fprintf(stderr, "\nError, cannot get ECC cotext in [%s].",
  138. __FUNCTION__);
  139. ret = -1;
  140. break;
  141. }
  142. // Sign
  143. ret = sample_ecdsa_sign(
  144. (uint8_t *)&p_attestation_verification_report->
  145. info_blob.sample_epid_group_status,
  146. sizeof(ias_platform_info_blob_t) - sizeof(sample_ec_sign256_t),
  147. (sample_ec256_private_t *)&g_rk_priv_key,
  148. (sample_ec256_signature_t *)&p_attestation_verification_report->
  149. info_blob.signature,
  150. ecc_state);
  151. if (SAMPLE_SUCCESS != ret) {
  152. fprintf(stderr, "\nError, sign ga_gb fail in [%s].", __FUNCTION__);
  153. ret = SP_INTERNAL_ERROR;
  154. break;
  155. }
  156. SWAP_ENDIAN_32B(p_attestation_verification_report->
  157. info_blob.signature.x);
  158. SWAP_ENDIAN_32B(p_attestation_verification_report->
  159. info_blob.signature.y);
  160. }while (0);
  161. if (ecc_state) {
  162. sample_ecc256_close_context(ecc_state);
  163. }
  164. p_attestation_verification_report->pse_status = IAS_PSE_OK;
  165. // For now, don't simulate the policy reports.
  166. p_attestation_verification_report->policy_report_size = 0;
  167. return(ret);
  168. }
  169. // Simulates retrieving the SIGRL for upon the SP request.
  170. //
  171. // @param gid Group ID for the EPID key.
  172. // @param p_sig_rl_size Pointer to the output value of the full
  173. // SIGRL size in bytes. (including the
  174. // signature).
  175. // @param p_sig_rl Pointer to the output of the SIGRL.
  176. //
  177. // @return int
  178. int ias_get_sigrl(
  179. const sample_epid_group_id_t gid,
  180. uint32_t *p_sig_rl_size,
  181. uint8_t **p_sig_rl)
  182. {
  183. int ret = 0;
  184. UNUSED(gid);
  185. do {
  186. if (NULL == p_sig_rl || NULL == p_sig_rl_size) {
  187. ret = -1;
  188. break;
  189. }
  190. *p_sig_rl_size = 0;
  191. *p_sig_rl = NULL;
  192. // we should try to get sig_rl from an attestation server
  193. break;
  194. }while (0);
  195. return(ret);
  196. }
  197. // Used to simulate the enrollment function of an attestation server. It only
  198. // gives back the SPID right now. In production, the enrollment
  199. // occurs out of context from an attestation attempt and only
  200. // occurs once.
  201. //
  202. //
  203. // @param sp_credentials
  204. // @param p_spid
  205. // @param p_authentication_token
  206. //
  207. // @return int
  208. int ias_enroll(
  209. int sp_credentials,
  210. sample_spid_t *p_spid,
  211. int *p_authentication_token)
  212. {
  213. UNUSED(sp_credentials);
  214. UNUSED(p_authentication_token);
  215. if (NULL != p_spid) {
  216. memcpy_s(p_spid, sizeof(sample_spid_t), &g_sim_spid,
  217. sizeof(sample_spid_t));
  218. } else {
  219. return(1);
  220. }
  221. return(0);
  222. }