sgx_ukey_exchange.h 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #ifndef _SGX_UKEY_EXCHANGE_H_
  32. #define _SGX_UKEY_EXCHANGE_H_
  33. #include "sgx_eid.h"
  34. #include "sgx_defs.h"
  35. #include "sgx_key_exchange.h"
  36. #ifdef __cplusplus
  37. extern "C" {
  38. #endif
  39. typedef sgx_status_t (* sgx_ecall_get_ga_trusted_t)(
  40. sgx_enclave_id_t eid,
  41. sgx_status_t* retval,
  42. sgx_ra_context_t context,
  43. sgx_ec256_public_t *g_a);
  44. typedef sgx_status_t (* sgx_ecall_proc_msg2_trusted_t)(
  45. sgx_enclave_id_t eid,
  46. sgx_status_t* retval,
  47. sgx_ra_context_t context,
  48. const sgx_ra_msg2_t *p_msg2,
  49. const sgx_target_info_t *p_qe_target,
  50. sgx_report_t *p_report,
  51. sgx_quote_nonce_t* nonce);
  52. typedef sgx_status_t (* sgx_ecall_get_msg3_trusted_t)(
  53. sgx_enclave_id_t eid,
  54. sgx_status_t* retval,
  55. sgx_ra_context_t context,
  56. uint32_t quote_size,
  57. sgx_report_t* qe_report,
  58. sgx_ra_msg3_t *p_msg3,
  59. uint32_t msg3_size);
  60. /*
  61. * sgx_ra_get_msg1 is used to get the remote attestation and key exchange
  62. * protocol message 1 to send to a service provider. The application enclave
  63. * should use sgx_ra_init function to create the remote attestation and key
  64. * exchange process context and return to the untrusted code, before the
  65. * untrusted code can invoke this function.
  66. *
  67. * @param context Context returned by the sgx_ra_init function inside the
  68. * application enclave.
  69. * @param eid ID of the application enclave which is going to be
  70. * attested.
  71. * @param p_get_ga Function pointer of the ECALL proxy sgx_ra_get_ga
  72. * generated by sgx_edger8r. The application enclave should
  73. * link with sgx_tkey_exchange library and import
  74. * sgx_tkey_exchange.edl in the enclave's EDL file to
  75. * expose the ECALL proxy for sgx_ra_get_ga.
  76. * @param p_msg1 Message 1 used by the remote attestation and key
  77. * exchange protocol.
  78. * @return sgx_status_t SGX_SUCCESS Indicates success.
  79. * SGX_ERROR_INVALID_PARAMETER Invalid input parameters
  80. * detected.
  81. * SGX_ERROR_AE_INVALID_EPIDBLOB The EPID blob is
  82. * corrupted.
  83. * SGX_ERROR_INVALID_STATE SGX API is invoked in
  84. * incorrect order or
  85. * state.
  86. * SGX_ERROR_EPID_MEMBER_REVOKED The EPID group
  87. * membership revoked.
  88. * SGX_ERROR_BUSY The requested service is
  89. * temporarily not
  90. * available.
  91. * SGX_ERROR_UPDATE_NEEDED SGX needs to be updated.
  92. * SGX_ERROR_SERVICE_UNAVAILABLE The AE service did not
  93. * respond.
  94. * SGX_ERROR_SERVICE_TIMEOUT A request to the AE
  95. * service timed out.
  96. * SGX_ERROR_NETWORK_FAILURE Network connecting or
  97. * proxy setting issue was
  98. * encountered.
  99. * SGX_ERROR_OUT_OF_MEMORY There is not enough
  100. * memory available to
  101. * complete this operation.
  102. * SGX_ERROR_UNEXPECTED Indicates an unexpected
  103. * error occurs.
  104. * And other possible return code from sgx_ecall.
  105. */
  106. sgx_status_t SGXAPI sgx_ra_get_msg1(
  107. sgx_ra_context_t context,
  108. sgx_enclave_id_t eid,
  109. sgx_ecall_get_ga_trusted_t p_get_ga,
  110. sgx_ra_msg1_t *p_msg1);
  111. /*
  112. * sgx_ra_get_msg2 is used to process the remote attestation and key exchange
  113. * protocol message 2 from the service provider and generate message 3 to send
  114. * to the service provider. If the service provider accepts message 3,
  115. * negotiated session keys between the application enclave and the service
  116. * provider are ready for use. The application enclave can use sgx_ra_get_keys
  117. * function to retrieve the negotiated keys and use sgx_ra_close function to
  118. * release the context of the remote attestation and key exchange process.
  119. *
  120. * @param context Context returned by the sgx_ra_init function inside the
  121. * application enclave.
  122. * @param eid ID of the application enclave which is going to be
  123. * attested.
  124. * @param p_proc_msg2 Function pointer of the ECALL proxy sgx_ra_proc_msg2_trusted
  125. * generated by sgx_edger8r. The application enclave should
  126. * link with sgx_tkey_exchange library and import the
  127. * sgx_tkey_exchange.edl in the application enclave's EDL
  128. * file to expose the ECALL proxy for sgx_ra_get_msg2.
  129. * @param p_get_msg3 Function pointer of the ECALL proxy sgx_ra_get_msg3_trusted
  130. * generated by sgx_edger8r. The application enclave should
  131. * link with sgx_tkey_exchange library and import the
  132. * sgx_tkey_exchange.edl in the application enclave's EDL
  133. * file to expose the ECALL proxy for sgx_ra_get_msg3.
  134. * @param p_msg2 sgx_ra_msg2_t message 2 from the service provider
  135. * received by application.
  136. * @param msg2_size The length of msg2 (in bytes).
  137. * @param pp_msg3 sgx_ra_msg3_t message 3 to be sent to the service
  138. * provider. The message buffer is allocated by the
  139. * sgx_ukey_exchange library. The caller should free the
  140. * buffer after use.
  141. * @param p_msg3_size The length of msg3 (in bytes).
  142. * @return sgx_status_t SGX_SUCCESS Indicates success.
  143. * SGX_ERROR_INVALID_PARAMETER Invalid input parameters
  144. * detected.
  145. * SGX_ERROR_AE_INVALID_EPIDBLOB The EPID blob is
  146. * corrupted.
  147. * SGX_ERROR_INVALID_STATE SGX API is invoked in
  148. * incorrect order or
  149. * state.
  150. * SGX_ERROR_EPID_MEMBER_REVOKED The EPID group
  151. * membership revoked.
  152. * SGX_ERROR_INVALID_SIGNATURE The signature is invalid.
  153. * SGX_ERROR_MAC_MISMATCH Indicates verification
  154. * error for reports, sealed
  155. * data, etc.
  156. * SGX_ERROR_KDF_MISMATCH Indicates key derivation
  157. * function doesn't match.
  158. * SGX_ERROR_BUSY The requested service is
  159. * temporarily not
  160. * available.
  161. * SGX_ERROR_UPDATE_NEEDED SGX needs to be updated.
  162. * SGX_ERROR_SERVICE_UNAVAILABLE The AE service did not
  163. * respond.
  164. * SGX_ERROR_SERVICE_TIMEOUT A request to the AE
  165. * service timed out.
  166. * SGX_ERROR_NETWORK_FAILURE Network connecting or
  167. * proxy setting issue was
  168. * encountered.
  169. * SGX_ERROR_OUT_OF_MEMORY There is not enough
  170. * memory available to
  171. * complete this operation.
  172. * SGX_ERROR_UNEXPECTED Indicates an unexpected
  173. * error occurs.
  174. * And other possible return code from sgx_ecall.
  175. */
  176. sgx_status_t SGXAPI sgx_ra_proc_msg2(
  177. sgx_ra_context_t context,
  178. sgx_enclave_id_t eid,
  179. sgx_ecall_proc_msg2_trusted_t p_proc_msg2,
  180. sgx_ecall_get_msg3_trusted_t p_get_msg3,
  181. const sgx_ra_msg2_t *p_msg2,
  182. uint32_t msg2_size,
  183. sgx_ra_msg3_t **pp_msg3,
  184. uint32_t *p_msg3_size);
  185. #ifdef __cplusplus
  186. }
  187. #endif
  188. #endif