t_certificate_provisioning.cpp 8.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "t_certificate_provisioning.h"
  32. #include <cstddef>
  33. #include "sgx_trts.h"
  34. #include "sgx_tseal.h"
  35. #include "sgx_report.h"
  36. #include "sgx_utils.h"
  37. #include <string.h>
  38. #include "sign_csr.h"
  39. #include "prepare_hash_sha256.h"
  40. #include "pse_pr_common.h"
  41. #include "t_pairing_blob.h"
  42. #include "sgx_tcrypto.h"
  43. //extern void OutputOctets(const char* pMsg, const void* pData, size_t nData);
  44. static ae_error_t map_error_for_return(ae_error_t status)
  45. {
  46. #if !defined(_DEBUG)
  47. // Switch to limit errors returned when building for RELEASE
  48. switch (status)
  49. {
  50. case AE_SUCCESS: break;
  51. case PSE_PR_INSUFFICIENT_MEMORY_ERROR: break;
  52. default:
  53. status = AE_FAILURE;
  54. break;
  55. }
  56. #endif
  57. return status;
  58. }
  59. ae_error_t prepare_for_certificate_provisioning
  60. (
  61. /*in */ UINT64 nonce64,
  62. /*in */ const sgx_target_info_t* pTargetInfo,
  63. /*in */ UINT16 nMax_CSR_pse,
  64. /*out*/ UINT8* pCSR_pse,
  65. /*out*/ UINT16* pnLen_CSR_pse,
  66. /*out*/ sgx_report_t* pREPORT,
  67. /*i/o*/ pairing_blob_t* pPairingBlob
  68. )
  69. {
  70. // Flow: 1) Check pointers for buffer data sizes
  71. // 2) If buffers are too small, return and tell caller size required
  72. // 3) Validate pointers and ensure buffers are within the enclave
  73. // 4) Generate a new private/public ECDSA key pair
  74. // 5) Request signed CSR template
  75. // 6) Calculate HASH_pse of (CSR_pse || nonce64)
  76. // 7) Generate REPORT with HASH_pse as the REPORTDATA, targeting QE
  77. // 8) Copy private key and public key into unsealed_pairing buffer
  78. // 9) Seal pairing blob
  79. // 10) Return Sealed pairing blob, generated CSR, REPORT, and status
  80. ae_error_t status = AE_FAILURE;
  81. pairing_data_t pairingData;
  82. EcDsaPrivKey privateKey;
  83. EcDsaPubKey publicKey;
  84. uint8_t temp_instance_id[16];
  85. SignCSR CSR;
  86. size_t nMaxSizeCSR = CSR.GetMaxSize();
  87. sgx_ecc_state_handle_t csr_ecc_handle = NULL;
  88. memset(&pairingData, 0, sizeof(pairingData));
  89. /////////////////////////////////////////////////////////////////
  90. do
  91. {
  92. //*********************************************************************
  93. // Validate pointers and sizes
  94. //*********************************************************************
  95. BREAK_IF_TRUE((NULL == pPairingBlob),
  96. status, PSE_PR_BAD_POINTER_ERROR);
  97. // save SW_INSTANCE_ID
  98. memcpy(temp_instance_id, pPairingBlob->plaintext.pse_instance_id, sizeof(temp_instance_id));
  99. {
  100. BREAK_IF_TRUE((NULL == pTargetInfo),
  101. status, PSE_PR_BAD_POINTER_ERROR);
  102. BREAK_IF_TRUE((NULL == pREPORT),
  103. status, PSE_PR_BAD_POINTER_ERROR);
  104. BREAK_IF_TRUE((NULL == pCSR_pse || NULL == pnLen_CSR_pse),
  105. status, PSE_PR_BAD_POINTER_ERROR);
  106. BREAK_IF_TRUE((nMax_CSR_pse < nMaxSizeCSR),
  107. status, PSE_PR_PARAMETER_ERROR);
  108. BREAK_IF_FALSE(sgx_is_within_enclave(pCSR_pse, nMaxSizeCSR), status, PSE_PR_BAD_POINTER_ERROR);
  109. //*********************************************************************
  110. // Generate a new ECDSA Key Pair
  111. //*********************************************************************
  112. sgx_status_t sgx_status = sgx_ecc256_open_context(&csr_ecc_handle);
  113. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  114. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_KEY_PAIR_GENERATION_ERROR);
  115. sgx_status = sgx_ecc256_create_key_pair((sgx_ec256_private_t *)privateKey, (sgx_ec256_public_t*)publicKey, csr_ecc_handle);
  116. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_KEY_PAIR_GENERATION_ERROR);
  117. *pnLen_CSR_pse = (uint16_t)nMaxSizeCSR;
  118. //*********************************************************************
  119. // Get a signed Certificate Signing Request from the template
  120. //*********************************************************************
  121. status = CSR.GetSignedTemplate(&privateKey, &publicKey, csr_ecc_handle, pCSR_pse, pnLen_CSR_pse);
  122. BREAK_IF_FAILED(status);
  123. //*********************************************************************
  124. // Calculate HASH_pse of (CSR_pse || nonce64)
  125. //*********************************************************************
  126. PrepareHashSHA256 hash;
  127. SHA256_HASH computedHash;
  128. status = hash.Update(pCSR_pse, *pnLen_CSR_pse);
  129. BREAK_IF_FAILED(status);
  130. status = hash.Update(&nonce64, sizeof(nonce64));
  131. BREAK_IF_FAILED(status);
  132. status = hash.Finalize(&computedHash);
  133. BREAK_IF_FAILED(status);
  134. //*********************************************************************
  135. // Generate a REPORT with HASH_pse
  136. //*********************************************************************
  137. sgx_report_data_t report_data = {{0}};
  138. memcpy(&report_data, &computedHash, sizeof(computedHash));
  139. if (SGX_SUCCESS != sgx_create_report(const_cast<sgx_target_info_t*>(pTargetInfo),
  140. &report_data, (sgx_report_t*)pREPORT))
  141. {
  142. status = PSE_PR_CREATE_REPORT_ERROR;
  143. break;
  144. }
  145. //*********************************************************************
  146. // Try to unseal the pairing data
  147. //*********************************************************************
  148. status = UnsealPairingBlob(pPairingBlob, &pairingData);
  149. if (AE_FAILED(status))
  150. memset_s(&pairingData, sizeof(pairingData), 0, sizeof(pairingData));
  151. //*********************************************************************
  152. // Seal ECDSA Verifier Private Key into blob
  153. //*********************************************************************
  154. memcpy(pairingData.secret_data.VerifierPrivateKey, &privateKey, sizeof(EcDsaPrivKey));
  155. } // "Public" PSE Cert
  156. // Set pairingData.plaintext.pse_instance_id using saved temp_instance_id
  157. memcpy(pairingData.plaintext.pse_instance_id, temp_instance_id, sizeof(pairingData.plaintext.pse_instance_id));
  158. status = SealPairingBlob(&pairingData, pPairingBlob);
  159. BREAK_IF_FAILED(status);
  160. //*********************************************************************
  161. // WE PASSED ALL BARRIERS TO SUCCESS
  162. //*********************************************************************
  163. status = AE_SUCCESS;
  164. // OutputOctets("::tPrepareForCertificateProvisioning:: New CSR generated", NULL, 0);
  165. } while (false);
  166. // Defense-in-depth: clear the data on stack that contains enclave secret.
  167. memset_s(&pairingData, sizeof(pairingData), 0, sizeof(pairingData));
  168. memset_s(&privateKey, sizeof(privateKey), 0, sizeof(privateKey));
  169. if (csr_ecc_handle != NULL) sgx_ecc256_close_context(csr_ecc_handle);
  170. return map_error_for_return(status);
  171. }