Почетна Преглед Помоћ
Пријавите се
miti
/
linux-sgx-trts-modified
1
0
Креирај огранак 0
Датотеке Дискусије 0 Захтеви за спајање 0 Вики
Дрво: 1571085155
Гране Ознаке
linux-sgx-tr...
/
psw
/
ae
/
aesm_service
/
source
/
pse_op
/
PSEClass.cpp

PSEClass.cpp 26 KB
Историја Датотека

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709 
  1. /*
    2. 

  2.  * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  *
    8. 

  8.  *   * Redistributions of source code must retain the above copyright
    9. 

  9.  *     notice, this list of conditions and the following disclaimer.
    10. 

  10.  *   * Redistributions in binary form must reproduce the above copyright
    11. 

  11.  *     notice, this list of conditions and the following disclaimer in
    12. 

  12.  *     the documentation and/or other materials provided with the
    13. 

  13.  *     distribution.
    14. 

  14.  *   * Neither the name of Intel Corporation nor the names of its
    15. 

  15.  *     contributors may be used to endorse or promote products derived
    16. 

  16.  *     from this software without specific prior written permission.
    17. 

  17.  *
    18. 

  18.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    19. 

  19.  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    20. 

  20.  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    21. 

  21.  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    22. 

  22.  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    23. 

  23.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    24. 

  24.  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    25. 

  25.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    26. 

  26.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    27. 

  27.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    28. 

  28.  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    29. 

  29.  *
    30. 

  30.  */
    31. 

  31. 

  32. 

  33. #include "arch.h"
    34. 

  34. #include "PSEClass.h"
    35. 

  35. #include "pse_op_u.h"
    36. 

  36. #include "pse_op_u.c"
    37. 

  37. 

  38. #include "pse_op_psda_ocall.cpp"
    39. 

  39. #include "pse_op_vmc_sqlite_ocall.cpp"
    40. 

  40. #include "sgx_tseal.h"
    41. 

  41. #include "pairing_blob.h"
    42. 

  42. #include "oal/oal.h"
    43. 

  43. #include "byte_order.h"
    44. 

  44. 

  45. #include "LEClass.h"
    46. 

  46. #include "ae_ipp.h"
    47. 

  47. #include "PSDAService.h"
    48. 

  48. #include "se_wrapper.h"
    49. 

  49. #include "PSEPRClass.h"
    50. 

  50. 

  51. #include "sgx_profile.h"
    52. 

  52. #include "sgx_uae_service.h"
    53. 

  53. #include "aesm_pse_status.h"
    54. 

  54. #include "interface_psda.h"
    55. 

  55. 

  56. #define PSDA_CAP_PRTC               0x1
    57. 

  57. #define PSDA_CAP_PROTECTED_OUTPUT   0x4
    58. 

  58. #define PSDA_CAP_RPDATA             0x8
    59. 

  59. 

  60. #define PS_CAP_PROTECTED_OUTPUT     0x4
    61. 

  61. 

  62. #define CHECK_ECALL_RET(status,ret)            \
    63. 

  63.             if((status) == SGX_ERROR_ENCLAVE_LOST)  \
    64. 

  64.             {retry++;continue;}                     \
    65. 

  65.             else if ((status) == SGX_ERROR_OUT_OF_MEMORY) { \
    66. 

  66.             (ret) = AE_OUT_OF_MEMORY_ERROR; break; } \
    67. 

  67.             else if ((status) != SGX_SUCCESS) {     \
    68. 

  68.             (ret) = AE_FAILURE; break; }              \
    69. 

  69.             else if ((ret) != 0) { break; }
    70. 

  70. 

  71. extern uint32_t upse_iclsInit();
    72. 

  72. 

  73. ae_error_t CPSEClass::init_ps(void)
    74. 

  74. {
    75. 

  75.     // Try to establish PSDA session during startup
    76. 

  76.     PROFILE_START("PSDAService::start_service()");
    77. 

  77.     bool psda_started = PSDAService::instance().start_service();
    78. 

  78.     PROFILE_END("PSDAService::start_service()");
    79. 

  79.     if (!psda_started)
    80. 

  80.     {
    81. 

  81.         AESM_DBG_ERROR("Psda not available");
    82. 

  82.         AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_START]);
    83. 

  83.         // This is logged as a WARNING here, since the system may not require PS capability
    84. 

  84.         AESM_LOG_WARN_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_FAIL_DAL]);
    85. 

  85.         // Set state to UNAVAILABLE
    86. 

  86.         m_status = PSE_STATUS_UNAVAILABLE;
    87. 

  87.         PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_NOT_AVAILABLE);
    88. 

  88.         return AESM_PSDA_NOT_AVAILABLE;
    89. 

  89.     }
    90. 

  90. 

  91.     //Logic here is that ME FW mode is used(Emulator is not running)
    92. 

  92.     //provisioning is attempted using iclsclient and the return code is not verified
    93. 

  93.     //In case of emulator the emulator provisioning tool is used to provision for epid 1.1 and if not long term pairing will return not provisioned error.
    94. 

  94.     pse_pr_interface_psda* pPSDA = new(std::nothrow) pse_pr_interface_psda();
    95. 

  95.     if (pPSDA == NULL) {
    96. 

  96.         return AE_OUT_OF_MEMORY_ERROR;
    97. 

  97.     }
    98. 

  98.     // Probe CSME provisiong status first by calling get_csme_gid()
    99. 

  99.     ae_error_t ret = pPSDA->get_csme_gid(&PSDAService::instance().csme_gid);
    100. 

  100.     if (ret != AE_SUCCESS)
    101. 

  101.     {
    102. 

  102.         // As long as get_csme_gid fails, call iclsInit to trigger provisioning
    103. 

  103.         uint32_t status_provision = upse_iclsInit();
    104. 

  104.         if (status_provision != 0)
    105. 

  105.         {
    106. 

  106.             // Provisioning failed , maybe caused by missing of iCls client, etc.
    107. 

  107.             AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_START]);
    108. 

  108.             // This is logged as a WARNING here, since the system may not require PS capability
    109. 

  109.             AESM_LOG_WARN_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_FAIL_DAL]);
    110. 

  110.             delete pPSDA;
    111. 

  111.             pPSDA = NULL;
    112. 

  112.             return AESM_PSE_PR_PSDA_PROVISION_ERROR;
    113. 

  113.         }
    114. 

  114.         else
    115. 

  115.         {
    116. 

  116.             // try to get CSME GID again
    117. 

  117.             ret = pPSDA->get_csme_gid(&PSDAService::instance().csme_gid);
    118. 

  118.             if (ret != AE_SUCCESS)
    119. 

  119.             {
    120. 

  120.                 // Failed to get CSME GID
    121. 

  121.                 AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_START]);
    122. 

  122.                 // This is logged as a WARNING here, since the system may not require PS capability
    123. 

  123.                 AESM_LOG_WARN_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_FAIL_DAL]);
    124. 

  124.                 delete pPSDA;
    125. 

  125.                 pPSDA = NULL;
    126. 

  126.                 return ret;
    127. 

  127.             }
    128. 

  128.         }
    129. 

  129.     }
    130. 

  130.     delete pPSDA;
    131. 

  131.     pPSDA = NULL;
    132. 

  132. 

  133.     // Set state to PROVISIONED
    134. 

  134.     m_status = PSE_STATUS_CSE_PROVISIONED;
    135. 

  135. 

  136.     // Get platform service capbility
    137. 

  137.     PROFILE_START("get_ps_cap");
    138. 

  138.     ret = get_ps_cap(&m_ps_cap);
    139. 

  139.     PROFILE_END("get_ps_cap");
    140. 

  140.     if (ret != AE_SUCCESS){
    141. 

  141.         AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_START]);
    142. 

  142.         // This is logged as a WARNING here, since the system may not require PS capability
    143. 

  143.         AESM_LOG_WARN_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_FAIL_DAL]);
    144. 

  144.         AESM_DBG_ERROR("get_ps_cap failed:%d",ret);
    145. 

  145.         return ret;
    146. 

  146.     }
    147. 

  147. 

  148.     // Try to establish ephemeral session
    149. 

  149.     PROFILE_START("create_ephemeral_session_pse_cse");
    150. 

  150.     ret = create_ephemeral_session_pse_cse(false, false);
    151. 

  151.     PROFILE_END("create_ephemeral_session_pse_cse");
    152. 

  152.     if(ret != AE_SUCCESS)
    153. 

  153.     {
    154. 

  154.         AESM_DBG_ERROR("creatfe_ephemeral_session_pse_cse failed:%d", ret);
    155. 

  155.         if (ret == PSE_OP_LTPB_SEALING_OUT_OF_DATE) 
    156. 

  156.         {
    157. 

  157.             AESM_DBG_ERROR("TCB update casued ephemeral session failure, reseal LTP blob now");
    158. 

  158.             // Try to reseal LTP blob
    159. 

  159.             bool is_new_pairing = false;
    160. 

  160.             ae_error_t ltpStatus = CPSEPRClass::instance().long_term_pairing(&is_new_pairing);
    161. 

  161.             if (ltpStatus == AE_SUCCESS)
    162. 

  162.             {
    163. 

  163.                 AESM_DBG_INFO("Reseal LTP blob succeeded. Try ephermeal session again.");
    164. 

  164.                 ret = create_ephemeral_session_pse_cse(is_new_pairing, false);
    165. 

  165.                 if (ret != AE_SUCCESS){
    166. 

  166.                     AESM_DBG_ERROR("creatfe_ephemeral_session_pse_cse after ltp blob resealing failed:%d", ret);
    167. 

  167.                 }
    168. 

  168.             }
    169. 

  169.         }
    170. 

  170.     }
    171. 

  171. 	else {
    172. 

  172.         // If this succeeds we should log PS Init start/success, simply because it won't be repeated and
    173. 

  173.         // logged later. We don't log the error flows here, because we don't consider this the "real" 
    174. 

  174.         // PS Init. That will happen the first time create_session(), etc is invoked.
    175. 

  175.         AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_START]);
    176. 

  176.         AESM_LOG_INFO_ADMIN("%s", g_admin_event_string_table[SGX_ADMIN_EVENT_PS_INIT_SUCCESS]);
    177. 

  177. 	}
    178. 

  178. 

  179.     return ret;
    180. 

  180. }
    181. 

  181. 

  182. void CPSEClass::before_enclave_load() {
    183. 

  183.     // always unload pse_pr enclave before loading pse_op enclave
    184. 

  184.     CPSEPRClass::instance().unload_enclave();
    185. 

  185. }
    186. 

  186. 

  187. ae_error_t CPSEClass::create_session(
    188. 

  188.     uint32_t* session_id,
    189. 

  189.     uint8_t* se_dh_msg1, uint32_t se_dh_msg1_size
    190. 

  190.     )
    191. 

  191. {
    192. 

  192.     sgx_status_t status = SGX_SUCCESS;
    193. 

  193.     ae_error_t ret = AE_SUCCESS;
    194. 

  194.     ae_error_t ret2 = AE_SUCCESS;
    195. 

  195. 

  196.     // check enclave ID
    197. 

  197.     if(!m_enclave_id)
    198. 

  198.         return AE_FAILURE;
    199. 

  199. 

  200.     if(sizeof(pse_dh_msg1_t) != se_dh_msg1_size)
    201. 

  201.         return PSE_OP_PARAMETER_ERROR;
    202. 

  202. 

  203.     uint64_t milliseconds = (uint64_t)(se_get_tick_count() * 1000.0 / m_freq+0.5);
    204. 

  204.     status = create_session_wrapper(m_enclave_id,&ret,milliseconds,session_id,(pse_dh_msg1_t*)se_dh_msg1);
    205. 

  205.     if (status == SGX_ERROR_ENCLAVE_LOST)
    206. 

  206.     {
    207. 

  207.         // unload pse-op enclave
    208. 

  208.         unload_enclave();
    209. 

  209.         // Return PSE_OP_EPHEMERAL_SESSION_INVALID to trigger ephemeral session re-establishment
    210. 

  210.         return PSE_OP_EPHEMERAL_SESSION_INVALID;
    211. 

  211.     }
    212. 

  212.     if(AE_SUCCESS != (ret2=sgx_error_to_ae_error(status)))
    213. 

  213.         return ret2;
    214. 

  214.     return ret;
    215. 

  215. }
    216. 

  216. 

  217. //if ok return 0
    218. 

  218. ae_error_t CPSEClass::exchange_report(
    219. 

  219.     uint32_t session_id,
    220. 

  220.     uint8_t* se_dh_msg2, uint32_t se_dh_msg2_size,
    221. 

  221.     uint8_t* se_dh_msg3, uint32_t se_dh_msg3_size
    222. 

  222.     )
    223. 

  223. {
    224. 

  224.     sgx_status_t status = SGX_SUCCESS;
    225. 

  225.     ae_error_t ret = AE_SUCCESS;
    226. 

  226.     ae_error_t ret2 = AE_SUCCESS;
    227. 

  227. 

  228.     if(!m_enclave_id)
    229. 

  229.         return AE_FAILURE;
    230. 

  230. 

  231.     if(sizeof(sgx_dh_msg2_t) != se_dh_msg2_size)
    232. 

  232.         return PSE_OP_PARAMETER_ERROR;
    233. 

  233.     if(sizeof(pse_dh_msg3_t) != se_dh_msg3_size)
    234. 

  234.         return PSE_OP_PARAMETER_ERROR;
    235. 

  235. 

  236.     uint64_t sys_tick = se_get_tick_count();
    237. 

  237.     uint64_t milliseconds = (uint64_t)(sys_tick * 1000.0 / m_freq +0.5);
    238. 

  238.     //ECall
    239. 

  239.     status = exchange_report_wrapper(m_enclave_id, &ret,
    240. 

  240.         milliseconds,
    241. 

  241.         session_id,
    242. 

  242.         (sgx_dh_msg2_t*)se_dh_msg2,
    243. 

  243.         (pse_dh_msg3_t*)se_dh_msg3);
    244. 

  244.     if (status == SGX_ERROR_ENCLAVE_LOST)
    245. 

  245.     {
    246. 

  246.         // unload pse-op enclave
    247. 

  247.         unload_enclave();
    248. 

  248.         // Return PSE_OP_EPHEMERAL_SESSION_INVALID to trigger ephemeral session re-establishment
    249. 

  249.         return PSE_OP_EPHEMERAL_SESSION_INVALID;
    250. 

  250.     }
    251. 

  251.     if(AE_SUCCESS != (ret2 = sgx_error_to_ae_error(status)))
    252. 

  252.         return ret2;
    253. 

  253.     return ret;
    254. 

  254. }
    255. 

  255. 

  256. //if ok return 0
    257. 

  257. ae_error_t CPSEClass::close_session(uint32_t session_id)
    258. 

  258. {
    259. 

  259.     sgx_status_t status = SGX_SUCCESS;
    260. 

  260.     ae_error_t ret = AE_SUCCESS;
    261. 

  261.     ae_error_t ret2 = AE_SUCCESS;
    262. 

  262. 

  263.     if(!m_enclave_id)
    264. 

  264.         return AE_FAILURE;
    265. 

  265. 

  266.     // ECall
    267. 

  267.     status = close_session_wrapper(m_enclave_id,&ret,session_id);
    268. 

  268.     if (status == SGX_ERROR_ENCLAVE_LOST)
    269. 

  269.     {
    270. 

  270.         // unload pse-op enclave
    271. 

  271.         unload_enclave();
    272. 

  272.         // Return PSE_OP_EPHEMERAL_SESSION_INVALID to trigger ephemeral session re-establishment
    273. 

  273.         return PSE_OP_EPHEMERAL_SESSION_INVALID;
    274. 

  274.     }
    275. 

  275.     if(AE_SUCCESS != (ret2=sgx_error_to_ae_error(status)))
    276. 

  276.         return ret2;
    277. 

  277.     return ret;
    278. 

  278. }
    279. 

  279. 

  280. //if ok return 0
    281. 

  281. ae_error_t CPSEClass::invoke_service(
    282. 

  282.     uint8_t* pse_message_req, size_t pse_message_req_size,
    283. 

  283.     uint8_t* pse_message_resp, size_t pse_message_resp_size)
    284. 

  284. {
    285. 

  285.     sgx_status_t status = SGX_SUCCESS;
    286. 

  286.     ae_error_t ret = AE_SUCCESS;
    287. 

  287.     ae_error_t ret2= AE_SUCCESS;
    288. 

  288. 

  289.     if(!m_enclave_id)
    290. 

  290.         return AE_FAILURE;
    291. 

  291. 

  292.     uint64_t sys_tick = se_get_tick_count();
    293. 

  293.     uint64_t milliseconds = (uint64_t)(sys_tick * 1000.0 / m_freq + 0.5);
    294. 

  294.     // ECall
    295. 

  295.     PROFILE_START("invoke_service_wrapper");
    296. 

  296.     status = invoke_service_wrapper(m_enclave_id,
    297. 

  297.                                     &ret,
    298. 

  298.                                     milliseconds,
    299. 

  299.                                     pse_message_req,
    300. 

  300.                                     (uint32_t)pse_message_req_size,
    301. 

  301.                                     pse_message_resp,
    302. 

  302.                                     (uint32_t)pse_message_resp_size);
    303. 

  303.     if (status == SGX_ERROR_ENCLAVE_LOST)
    304. 

  304.     {
    305. 

  305.         // unload pse-op enclave
    306. 

  306.         unload_enclave();
    307. 

  307.         // Return PSE_OP_EPHEMERAL_SESSION_INVALID to trigger ephemeral session re-establishment
    308. 

  308.         return PSE_OP_EPHEMERAL_SESSION_INVALID;
    309. 

  309.     }
    310. 

  310.     PROFILE_END("invoke_service_wrapper");
    311. 

  311.     if(AE_SUCCESS != (ret2=sgx_error_to_ae_error(status)))
    312. 

  312.         return ret2;
    313. 

  313.     return ret;
    314. 

  314. }
    315. 

  315. 

  316. ae_error_t CPSEClass::get_ps_cap(uint64_t* ps_cap)
    317. 

  317. {
    318. 

  318.     if (ps_cap == NULL)
    319. 

  319.     {
    320. 

  320.         AESM_DBG_ERROR("input ps_cap is NULL");
    321. 

  321.         return AE_FAILURE;
    322. 

  322.     }
    323. 

  323. 

  324.     if (m_ps_cap != PS_CAP_NOT_AVAILABLE)
    325. 

  325.     {
    326. 

  326.         AESM_DBG_TRACE("ps_cap is available:%llu", m_ps_cap);
    327. 

  327.         *ps_cap = m_ps_cap;
    328. 

  328.         return AE_SUCCESS;
    329. 

  329.     }
    330. 

  330. 

  331.     psda_info_query_msg_t psda_cap_query_msg;
    332. 

  332.     psda_cap_query_msg.msg_hdr.msg_type = _htonl(PSDA_MSG_TYPE_CAP_QUERY);
    333. 

  333.     psda_cap_query_msg.msg_hdr.msg_len = 0;
    334. 

  334. 

  335.     psda_cap_result_msg_t psda_cap_result_msg;
    336. 

  336.     memset(&psda_cap_result_msg, 0, sizeof(psda_cap_result_msg_t));
    337. 

  337. 

  338.     JVM_COMM_BUFFER commBuf;
    339. 

  339.     commBuf.TxBuf->buffer = &psda_cap_query_msg;
    340. 

  340.     commBuf.TxBuf->length = sizeof(psda_info_query_msg_t);
    341. 

  341.     commBuf.RxBuf->buffer = &psda_cap_result_msg;
    342. 

  342.     commBuf.RxBuf->length = sizeof(psda_cap_result_msg_t);
    343. 

  343.     int response_code;
    344. 

  344. 

  345.     ae_error_t ret;
    346. 

  346.     ret = PSDAService::instance().send_and_recv(
    347. 

  347.                                 PSDA_COMMAND_INFO,
    348. 

  348.                                 &commBuf,
    349. 

  349.                                 &response_code,
    350. 

  350.                                 AUTO_RETRY_ON_SESSION_LOSS);
    351. 

  351.     if (ret != AE_SUCCESS)
    352. 

  352.     {
    353. 

  353.         AESM_DBG_ERROR("JHI_SendAndRecv2 returned (ae%d)",ret);
    354. 

  354.         AESM_LOG_ERROR_UNICODE("%s", g_event_string_table[SGX_EVENT_DAL_COMM_FAILURE]);
    355. 

  355.         return ret;
    356. 

  356.     }
    357. 

  357. 

  358.     if (response_code != PSDA_SUCCESS)
    359. 

  359.     {
    360. 

  360.         AESM_DBG_ERROR("JHI_SendAndRecv2 response_code is %d", response_code);
    361. 

  361.         return AE_FAILURE;
    362. 

  362.     }
    363. 

  363. 

  364.     if (_ntohl(psda_cap_result_msg.msg_hdr.msg_type) != PSDA_MSG_TYPE_CAP_RESULT
    365. 

  365.         || _ntohl(psda_cap_result_msg.msg_hdr.msg_len) != PSDA_CAP_RESULT_MSG_LEN) {
    366. 

  366.         AESM_DBG_ERROR("msg_type %d, msg_len %d while expected value type %d, len %d",
    367. 

  367.         _ntohl(psda_cap_result_msg.msg_hdr.msg_type), _ntohl(psda_cap_result_msg.msg_hdr.msg_len),
    368. 

  368.         PSDA_MSG_TYPE_CAP_RESULT, PSDA_CAP_RESULT_MSG_LEN);
    369. 

  369.         return AE_FAILURE;
    370. 

  370.     }
    371. 

  371. 

  372.     if (_ntohl(psda_cap_result_msg.cap_descriptor_version) != 1)
    373. 

  373.     {
    374. 

  374.         return AE_FAILURE;
    375. 

  375.     }
    376. 

  376. 

  377.     m_ps_cap = 0;
    378. 

  378.     uint32_t psda_cap0 = _ntohl(psda_cap_result_msg.cap_descriptor0);
    379. 

  379.     if (psda_cap0 & PSDA_CAP_PRTC)
    380. 

  380.         m_ps_cap |= PS_CAP_TRUSTED_TIME;        // Trusted time service
    381. 

  381.     if (psda_cap0 & PSDA_CAP_PROTECTED_OUTPUT)
    382. 

  382.         m_ps_cap |= PS_CAP_PROTECTED_OUTPUT;        // Trusted display key exchange
    383. 

  383.     if (psda_cap0 & PSDA_CAP_RPDATA)        // RPDATA capbility is available
    384. 

  384.         m_ps_cap |= PS_CAP_MONOTONIC_COUNTER;        // Monotonic counter service
    385. 

  385. 

  386.     *ps_cap = m_ps_cap;
    387. 

  387. 

  388.     return AE_SUCCESS;
    389. 

  389. }
    390. 

  390. 

  391. /**
    392. 

  392.  * @brief Establish an ephemeral session between PSE and CSE if not established yet.
    393. 

  393.  *
    394. 

  394.  * @param is_new_pairing
    395. 

  395.  * @param redo
    396. 

  396.  *
    397. 

  397.  * @return SGX_SUCCESS for success. Other values indicate an error.
    398. 

  398.  */
    399. 

  399. ae_error_t CPSEClass::create_ephemeral_session_pse_cse(bool is_new_pairing, bool redo)
    400. 

  400. {
    401. 

  401.     ae_error_t ret = AE_FAILURE;
    402. 

  402.     pse_cse_msg2_t msg2;
    403. 

  403.     pse_cse_msg3_t msg3;
    404. 

  404.     pse_cse_msg4_t msg4;
    405. 

  405.     uint32_t blob_size;
    406. 

  406.     uint8_t* p_sealed_buffer = NULL;
    407. 

  407.     sgx_status_t status = SGX_SUCCESS;
    408. 

  408.     sgx_status_t stat_initdb = SGX_SUCCESS;
    409. 

  409.     int retry = 0;
    410. 

  410. 

  411.     if (m_status == PSE_STATUS_INIT ||
    412. 

  412.         m_status == PSE_STATUS_UNAVAILABLE)
    413. 

  413.     {
    414. 

  414.         // CSE provisioning failed during initialization.
    415. 

  415.         PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_NOT_AVAILABLE);
    416. 

  416.         return AE_FAILURE;
    417. 

  417.     }
    418. 

  418. 

  419.     if (!redo)
    420. 

  420.     {
    421. 

  421.         if (m_status == PSE_STATUS_SERVICE_READY) {
    422. 

  422.             PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_READY);
    423. 

  423.             return AE_SUCCESS;
    424. 

  424.         }
    425. 

  425.     }
    426. 

  426.     else
    427. 

  427.     {
    428. 

  428.         // invalidate current session
    429. 

  429.         m_status = PSE_STATUS_CSE_PROVISIONED;
    430. 

  430.     }
    431. 

  431.     // Set to NOT_READY at the beginning.
    432. 

  432.     PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_NOT_READY);
    433. 

  433. 

  434.     do
    435. 

  435.     {
    436. 

  436.         AESM_DBG_INFO("PSDA started");
    437. 

  437.         // Check LT pairing blob first
    438. 

  438.         blob_size = sizeof(pairing_blob_t);
    439. 

  439.         p_sealed_buffer = (uint8_t*)malloc(blob_size);
    440. 

  440.         if (p_sealed_buffer == NULL)
    441. 

  441.         {
    442. 

  442.             return AE_FAILURE;
    443. 

  443.         }
    444. 

  444. 

  445.         PROFILE_START("aesm_read_data");
    446. 

  446.         // read sealed blob from persistent storage
    447. 

  447.         ret = aesm_read_data(FT_PERSISTENT_STORAGE, PSE_PR_LT_PAIRING_FID, p_sealed_buffer, &blob_size);
    448. 

  448.         PROFILE_END("aesm_read_data");
    449. 

  449.         if (ret != AE_SUCCESS||blob_size!=sizeof(pairing_blob_t))
    450. 

  450.         {
    451. 

  451.             // Failed to load LT sealed blob
    452. 

  452.             ret = PSE_PAIRING_BLOB_INVALID_ERROR;
    453. 

  453. 

  454.             // unload pse_op enclave
    455. 

  455.             unload_enclave();
    456. 

  456. 

  457.             // load pse_pr enclave
    458. 

  458.             CPSEPRClass::instance().load_enclave();
    459. 

  459.             break;
    460. 

  460.         }
    461. 

  461. 

  462.         AESM_DBG_INFO("LT Paring Blob read");
    463. 

  463. 

  464.         // load pse-op enclave if it's not loaded yet
    465. 

  465.         if ((ret = load_enclave()) != AE_SUCCESS)
    466. 

  466.             break;
    467. 

  467. 

  468.         do
    469. 

  469.         {
    470. 

  470.             // create PSDA session if not available
    471. 

  471.             if (!PSDAService::instance().start_service()) {
    472. 

  472.                 PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_NOT_AVAILABLE);
    473. 

  473.                 ret = AE_FAILURE;
    474. 

  474.                 break;
    475. 

  475.             }
    476. 

  476. 

  477.             if(status == SGX_ERROR_ENCLAVE_LOST)
    478. 

  478.             {
    479. 

  479.                 unload_enclave();
    480. 

  480.                 // Reload an AE will not fail because of out of EPC, so AESM_AE_OUT_OF_EPC is not checked here
    481. 

  481.                 if(AE_SUCCESS != load_enclave())
    482. 

  482.                 {
    483. 

  483.                     ret = AE_FAILURE;
    484. 

  484.                     break;
    485. 

  485.                 }
    486. 

  486.             }
    487. 

  487.             AESM_DBG_INFO("PSDA Start Ephemral Session");
    488. 

  488.             // PSE --- M1:StartSession ---> CSE
    489. 

  489.             memset(&msg2, 0, sizeof(msg2));
    490. 

  490.             PROFILE_START("psda_start_ephemeral_session");
    491. 

  491.             ret = psda_start_ephemeral_session(((pairing_blob_t*)p_sealed_buffer)->plaintext.pse_instance_id, &msg2);
    492. 

  492.             PROFILE_END("psda_start_ephemeral_session");
    493. 

  493.             if (ret != AE_SUCCESS) 
    494. 

  494.                 break;
    495. 

  495. 

  496.             AESM_DBG_INFO("Ephemral Session M2/M3");
    497. 

  497.             // PSE <--- M2 --- CSE
    498. 

  498.             memset(&msg3, 0, sizeof(msg3));
    499. 

  499.             PROFILE_START("ephemeral_session_m2m3_wrapper");
    500. 

  500.             status = ephemeral_session_m2m3_wrapper(m_enclave_id, &ret, (pairing_blob_t*)p_sealed_buffer, &msg2, &msg3);
    501. 

  501.             PROFILE_END("ephemeral_session_m2m3_wrapper");
    502. 

  502.             CHECK_ECALL_RET(status, ret)
    503. 

  503. 

  504.             AESM_DBG_INFO("PSDA Finalize Session");
    505. 

  505.             // PSE --- M3 ---> CSE
    506. 

  506.             memset(&msg4, 0, sizeof(msg4));
    507. 

  507.             PROFILE_START("psda_finalize_session");
    508. 

  508.             ret = psda_finalize_session(((pairing_blob_t*)p_sealed_buffer)->plaintext.pse_instance_id, &msg3, &msg4);
    509. 

  509.             PROFILE_END("psda_finalize_session");
    510. 

  510.             if (ret == AESM_PSDA_SESSION_LOST)
    511. 

  511.             {
    512. 

  512.                 retry++;
    513. 

  513.                 continue;
    514. 

  514.             }
    515. 

  515.             BREAK_IF_FAILED(ret);
    516. 

  516. 

  517.             AESM_DBG_INFO("Ephemeral Session M4");
    518. 

  518.             // PSE <--- M4 --- CSE
    519. 

  519.             PROFILE_START("ephemeral_session_m4_wrapper");
    520. 

  520.             status = ephemeral_session_m4_wrapper(m_enclave_id, &ret, &msg4);
    521. 

  521.             PROFILE_END("ephemeral_session_m4_wrapper");
    522. 

  522.             CHECK_ECALL_RET(status, ret)
    523. 

  523. 

  524.             /* the return value of initialize_sqlite_database_file_wrapper is ignored unless it's SGX_ERROR_ENCLAVE_LOST */
    525. 

  525.             AESM_DBG_INFO("initialize vmc database");
    526. 

  526.             PROFILE_START("initialize_sqlite_database_file_wrapper");
    527. 

  527.             ae_error_t ret2;
    528. 

  528.             stat_initdb = initialize_sqlite_database_file_wrapper(m_enclave_id, &ret2, is_new_pairing);
    529. 

  529.             PROFILE_END("initialize_sqlite_database_file_wrapper");
    530. 

  530.             if (stat_initdb == SGX_ERROR_ENCLAVE_LOST) 
    531. 

  531.             {
    532. 

  532.                 retry++;
    533. 

  533.                 continue;
    534. 

  534.             }
    535. 

  535.             else break;
    536. 

  536. 

  537.         }while(retry < AESM_RETRY_COUNT);
    538. 

  538. 

  539.         if (status == SGX_ERROR_ENCLAVE_LOST)
    540. 

  540.         {
    541. 

  541.             AESM_DBG_INFO("Enclave Lost");
    542. 

  542.             // maximum retry times reached
    543. 

  543.             ret = AE_FAILURE;
    544. 

  544.             break;
    545. 

  545.         }
    546. 

  546.         else if(ret == AE_SUCCESS)
    547. 

  547.         {
    548. 

  548.             // Set status to READY
    549. 

  549.             m_status = PSE_STATUS_SERVICE_READY;
    550. 

  550.             // Successfully build the ephemeral session
    551. 

  551.             PlatformServiceStatus::instance().set_platform_service_status(PLATFORM_SERVICE_READY);
    552. 

  552.         }
    553. 

  553. 

  554.     } while(0);
    555. 

  555. 

  556.     free(p_sealed_buffer);
    557. 

  557.     return ret;
    558. 

  558. }
    559. 

  559. 

  560. ae_error_t CPSEClass::psda_start_ephemeral_session(const uint8_t* pse_instance_id, 
    561. 

  561.                                                    pse_cse_msg2_t* cse_msg2)
    562. 

  562. {
    563. 

  563.     assert(cse_msg2 != NULL);
    564. 

  564.     AESM_DBG_INFO("Enter psda_start_ephemeral_session ...");
    565. 

  565. 

  566.     eph_session_m1_t eph_session_m1;
    567. 

  567.     memcpy_s(eph_session_m1.msg_hdr.pse_instance_id, SW_INSTANCE_ID_SIZE, pse_instance_id, SW_INSTANCE_ID_SIZE);
    568. 

  568.     eph_session_m1.msg_hdr.msg_type = _htonl(PSDA_MSG_TYPE_EP_M1);
    569. 

  569.     eph_session_m1.msg_hdr.msg_len = 0;
    570. 

  570. 

  571.     eph_session_m2_t eph_session_m2;
    572. 

  572.     memset(&eph_session_m2, 0, sizeof(eph_session_m2));
    573. 

  573. 

  574.     JVM_COMM_BUFFER commBuf;
    575. 

  575.     commBuf.TxBuf->buffer = &eph_session_m1;
    576. 

  576.     commBuf.TxBuf->length = sizeof(eph_session_m1_t);
    577. 

  577.     commBuf.RxBuf->buffer = &eph_session_m2;
    578. 

  578.     commBuf.RxBuf->length = sizeof(eph_session_m2_t);
    579. 

  579.     int response_code;
    580. 

  580.     ae_error_t ret;
    581. 

  581. 

  582.     ret = PSDAService::instance().send_and_recv(
    583. 

  583.                         PSDA_COMMAND_EP,
    584. 

  584.                         &commBuf,
    585. 

  585.                         &response_code,
    586. 

  586.                         AUTO_RETRY_ON_SESSION_LOSS);
    587. 

  587.     if (ret != AE_SUCCESS ) {
    588. 

  588.         AESM_LOG_ERROR_UNICODE("%s", g_event_string_table[SGX_EVENT_DAL_COMM_FAILURE]);
    589. 

  589.         return ret;
    590. 

  590.     }
    591. 

  591. 

  592.     if (response_code == PSDA_LT_PAIRING_NOT_EXIST
    593. 

  593.         || response_code == PSDA_INTEGRITY_ERROR)
    594. 

  594.     {
    595. 

  595.         return AESM_PSDA_NEED_REPAIRING;
    596. 

  596.     }
    597. 

  597.     else if (response_code != PSDA_SUCCESS
    598. 

  598.         || _ntohl(eph_session_m2.msg_hdr.msg_type) != PSDA_MSG_TYPE_EP_M2
    599. 

  599.         || _ntohl(eph_session_m2.msg_hdr.msg_len) != sizeof(pse_cse_msg2_t)) {
    600. 

  600.         AESM_DBG_ERROR("JHI_SendAndRecv2 response_code is %d", response_code);
    601. 

  601.         return AE_FAILURE;
    602. 

  602.     }
    603. 

  603. 

  604.     memcpy_s(cse_msg2, sizeof(pse_cse_msg2_t), &eph_session_m2.msg2, sizeof(pse_cse_msg2_t));
    605. 

  605. 

  606.     return AE_SUCCESS;
    607. 

  607. }
    608. 

  608. 

  609. ae_error_t CPSEClass::psda_finalize_session(const uint8_t* pse_instance_id, 
    610. 

  610.                                             const pse_cse_msg3_t* cse_msg3, 
    611. 

  611.                                             pse_cse_msg4_t* cse_msg4)
    612. 

  612. {
    613. 

  613.     assert(cse_msg3 != NULL && cse_msg4 != NULL);
    614. 

  614.     AESM_DBG_INFO("Enter psda_finalize_session ...");
    615. 

  615. 

  616.     eph_session_m3_t eph_session_m3;
    617. 

  617.     memcpy_s(eph_session_m3.msg_hdr.pse_instance_id, SW_INSTANCE_ID_SIZE, pse_instance_id, SW_INSTANCE_ID_SIZE);
    618. 

  618.     eph_session_m3.msg_hdr.msg_type = _htonl(PSDA_MSG_TYPE_EP_M3);
    619. 

  619.     eph_session_m3.msg_hdr.msg_len = _htonl(sizeof(pse_cse_msg3_t));
    620. 

  620.     memcpy_s(&eph_session_m3.msg3, sizeof(eph_session_m3.msg3), cse_msg3, sizeof(pse_cse_msg3_t));
    621. 

  621. 

  622.     eph_session_m4_t eph_session_m4;
    623. 

  623.     memset(&eph_session_m4, 0, sizeof(eph_session_m4));
    624. 

  624. 

  625.     JVM_COMM_BUFFER commBuf;
    626. 

  626.     commBuf.TxBuf->buffer = &eph_session_m3;
    627. 

  627.     commBuf.TxBuf->length = sizeof(eph_session_m3_t);
    628. 

  628.     commBuf.RxBuf->buffer = &eph_session_m4;
    629. 

  629.     commBuf.RxBuf->length = sizeof(eph_session_m4_t);
    630. 

  630.     int response_code;
    631. 

  631.     ae_error_t ret;
    632. 

  632. 

  633.     ret = PSDAService::instance().send_and_recv(
    634. 

  634.                         PSDA_COMMAND_EP,
    635. 

  635.                         &commBuf,
    636. 

  636.                         &response_code,
    637. 

  637.                         NO_RETRY_ON_SESSION_LOSS);
    638. 

  638.     if (ret != AE_SUCCESS)
    639. 

  639.     {
    640. 

  640.         AESM_LOG_ERROR_UNICODE("%s", g_event_string_table[SGX_EVENT_DAL_COMM_FAILURE]);
    641. 

  641.         return ret;
    642. 

  642.     }
    643. 

  643. 

  644.     if (response_code == PSDA_INTEGRITY_ERROR)
    645. 

  645.     {
    646. 

  646.         return AESM_PSDA_NEED_REPAIRING;
    647. 

  647.     }
    648. 

  648.     else if (response_code != PSDA_SUCCESS
    649. 

  649.         || _ntohl(eph_session_m4.msg_hdr.msg_type) != PSDA_MSG_TYPE_EP_M4
    650. 

  650.         || _ntohl(eph_session_m4.msg_hdr.msg_len) != sizeof(pse_cse_msg4_t)) {
    651. 

  651.         AESM_DBG_ERROR("JHI_SendAndRecv2 response_code is %d", response_code);
    652. 

  652.         return AE_FAILURE;
    653. 

  653.     }
    654. 

  654. 

  655.     memcpy_s(cse_msg4, sizeof(pse_cse_msg4_t), &eph_session_m4.msg4, sizeof(pse_cse_msg4_t));
    656. 

  656. 

  657.     return AE_SUCCESS;
    658. 

  658. }
    659. 

  659. 

  660. ae_error_t CPSEClass::psda_invoke_service(uint8_t* psda_req_msg, uint32_t psda_req_msg_size,
    661. 

  661.                         uint8_t* psda_resp_msg, uint32_t psda_resp_msg_size)
    662. 

  662. {
    663. 

  663.     AESM_DBG_INFO("Enter psda_invoke_service ...");
    664. 

  664. 

  665.     JVM_COMM_BUFFER commBuf;
    666. 

  666.     commBuf.TxBuf->buffer = psda_req_msg;
    667. 

  667.     commBuf.TxBuf->length = psda_req_msg_size;
    668. 

  668.     commBuf.RxBuf->buffer = psda_resp_msg;
    669. 

  669.     commBuf.RxBuf->length = psda_resp_msg_size;
    670. 

  670.     int response_code;
    671. 

  671.     ae_error_t ret;
    672. 

  672. 

  673.     PROFILE_START("JHI_SendAndRecv2");
    674. 

  674.     ret = PSDAService::instance().send_and_recv(
    675. 

  675.                         PSDA_COMMAND_SERVICE,
    676. 

  676.                         &commBuf,
    677. 

  677.                         &response_code,
    678. 

  678.                         NO_RETRY_ON_SESSION_LOSS);
    679. 

  679.     PROFILE_END("JHI_SendAndRecv2");
    680. 

  680.     if (ret != AE_SUCCESS) {
    681. 

  681.         AESM_LOG_ERROR_UNICODE("%s", g_event_string_table[SGX_EVENT_DAL_COMM_FAILURE]);
    682. 

  682.         return ret;
    683. 

  683.     }
    684. 

  684.     if (PSDA_SUCCESS != response_code) {
    685. 

  685.         AESM_LOG_ERROR_UNICODE("%s", g_event_string_table[SGX_EVENT_DAL_SERVICE_ERROR]);
    686. 

  686.     }
    687. 

  687. 

  688.     AESM_DBG_INFO("JHI_SendAndRecv2 response_code is %d", response_code);
    689. 

  689. 

  690.     switch (response_code)
    691. 

  691.     {
    692. 

  692.     case PSDA_SUCCESS:                // SGX Platform Service Message form PSE processed successfully
    693. 

  693.         return AE_SUCCESS;
    694. 

  694. 

  695.     case PSDA_INTERNAL_ERROR:         // Internal error, possibly due to unexpected error of the system
    696. 

  696.         return AESM_PSDA_INTERNAL_ERROR;
    697. 

  697. 

  698.     case PSDA_INVALID_SESSION_STATE:  // SGX Platform Service ephemeral session state is invalid
    699. 

  699.     case PSDA_SEQNO_CHECK_FAIL:       // SGX Platform Service secure channel message sequence number check failure
    700. 

  700.     case PSDA_INTEGRITY_ERROR:        // SGX Platform Service message crypto verification failure
    701. 

  701.     case PSDA_LT_PAIRING_NOT_EXIST:   // SGX Platform Service long  term pairing session doesn't exist
    702. 

  702.         return AESM_PSDA_NEED_REPAIRING;
    703. 

  703. 

  704.     case PSDA_INVALID_COMMAND:        // SGX Platform Service PS_COMMAND_ID provided by the transport layer is not recognized
    705. 

  705.     case PSDA_BAD_PARAMETER:          // SGX Platform Service Message format error detected
    706. 

  706.     default:
    707. 

  707.         return AE_FAILURE;
    708. 

  708.     }
    709. 

  709. }
    710.