cipher.h 5.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /**
  32. * File: cipher.h
  33. * Description: Header file to wrap cipher related function from IPP for Provision Enclave such as ecdsa signature verification, aes-gcm, EPID private key generation
  34. */
  35. #ifndef _CIPHER_H
  36. #define _CIPHER_H
  37. #if defined(PROVISIONSERVERSIM_EXPORTS) || defined(PvEUT)
  38. #define OUTSIDE_ENCLAVE
  39. #endif
  40. #ifdef OUTSIDE_ENCLAVE
  41. #include "provision_sim.h"
  42. #endif
  43. #include "se_cdefs.h"
  44. #include "ae_ipp.h"
  45. #include "sgx_tseal.h"
  46. #include "epid/common/types.h"
  47. #include "se_types.h"
  48. #include "sgx_key.h"
  49. #include "provision_msg.h"
  50. #include "se_sig_rl.h"
  51. /*Function to generate a random parameter f (0<f<p) for epid private key which will be used in generation of ProvMsg3, where P is number of elements in ECC Group used by EPID library*/
  52. /* return PVEC_SUCCESS on success*/
  53. pve_status_t gen_epid_priv_f(FpElemStr* f); /*output, the generated parameter f of EPID private key in big endian*/
  54. /*function to generate random number of num_bits
  55. return PVEC_SUCCESS on success*/
  56. pve_status_t pve_rng_generate(
  57. int num_bits, /*bits of random info to be generated*/
  58. unsigned char* p_rand_data); /*buffer to hold output, the length of it should be at least (num_bits+7)/8*/
  59. /*Functions for piece meal aes_gcm encryption
  60. aes_gcm encryption init function, 128 bits encryption used
  61. The function will return PVEC_SUCCESS on success
  62. If the function success, we must call pve_aes_gcm_encrypt_fini after the usage of it to free memory
  63. if an error code is returned, no following pve_aes_gcm_encrypt_fini should be called*/
  64. pve_status_t pve_aes_gcm_encrypt_init(
  65. const uint8_t *key, /*16 bytes key*/
  66. const uint8_t *iv, /*input initial vector. randomly generated value and encryption of different msg should use different iv*/
  67. uint32_t iv_len, /*length of initial vector, usually IV_SIZE*/
  68. const uint8_t *aad, /*AAD of AES-GCM, it could be NULL and aad_len must be 0 if it is NULL*/
  69. uint32_t aad_len, /*length of bytes of AAD*/
  70. IppsAES_GCMState **aes_gcm_state, /*state buffer to return, using pve_aes_gcm_encrypt_fini to free it if the function return success*/
  71. uint32_t *state_buffer_size); /*return buffer size here which will be used by fini function*/
  72. /*aes_gcm function to get mac value*/
  73. pve_status_t pve_aes_gcm_get_mac(IppsAES_GCMState *aes_gcm_state,uint8_t *mac);/*output mac value, the length of buffer is MAC_SIZE*/
  74. /*aes_gcm encryption fini function which is used to free memory for the aes_gcm_state*/
  75. void pve_aes_gcm_encrypt_fini(
  76. IppsAES_GCMState *aes_gcm_state, /*the state buffer*/
  77. uint32_t state_buffer_size); /*size of the buffer, the function need it to free the memory*/
  78. /*This function will do aes_gcm encryption update where both data before/after encryption will share same memory 'buf'
  79. return PVEC_SUCCESS on success*/
  80. pve_status_t pve_aes_gcm_encrypt_inplace_update(
  81. IppsAES_GCMState *aes_gcm_state, /*pointer to a state*/
  82. uint8_t *buf, /*start address to data before/after encryption*/
  83. uint32_t buf_len); /*length of data, for aes-gcm, the data before/after encryption has same size*/
  84. /*function defined inside pve_verify_signature.cpp to Verify ECDSA signature by EPID signing key
  85. return PVEC_SUCCESS if the signature verification passed
  86. return PVEC_MSG_ERROR if signature not matched
  87. return other error code for other kinds of error*/
  88. pve_status_t verify_epid_ecdsa_signature(
  89. const uint8_t *p_sig_rl_sign, /*The ecdsa signature of message to be verify, the size of it should be 2*ECDSA_SIGN_SIZE which contains two big integers in big endian*/
  90. const extended_epid_group_blob_t& xegb,
  91. const se_ae_ecdsa_hash_t *p_sig_rl_hash); /*The sha256 hash value of message to be verify*/
  92. /*Function to verify the ECDSA signature of Binary EPID Group Public Cert*/
  93. pve_status_t check_signature_of_group_pub_cert(const signed_epid_group_cert_t *group_cert, const uint8_t* epid_sk);
  94. #endif