tae_service.cpp 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "se_types.h"
  32. #include "sgx_trts.h"
  33. #include "sgx_utils.h"
  34. #include "arch.h"
  35. #include "sgx_tae_service.h"
  36. #include "tae_service_internal.h"
  37. #include "dh.h"
  38. #include "sgx_dh.h"
  39. #include "sgx_spinlock.h"
  40. #include "sgx_thread.h"
  41. #include "uncopyable.h"
  42. #include "tae_config.h"
  43. #include "sgx_tae_service_t.h"
  44. #define ERROR_BREAK(x) if(SGX_SUCCESS != (x)){break;}
  45. #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
  46. #define INVALID_SESSION_ID (-1U)
  47. typedef struct _session_t
  48. {
  49. uint32_t session_id;
  50. sgx_key_128bit_t authenticated_encryption_key;
  51. se_ps_sec_prop_desc_internal_t ps_security_property;//!ref i205169
  52. uint32_t transaction_number;//valid transaction_number is from 0 to 0x7FFFFFFF
  53. //seq_num in request message is transaction_number*2 and seq_num in response message is expected to be transaction_number*2+1
  54. bool session_inited;
  55. }session_t;
  56. static session_t g_pse_session;
  57. class Mutex :private Uncopyable{
  58. public:
  59. Mutex() {sgx_thread_mutex_init(&m_mutex, NULL);}
  60. ~Mutex() { sgx_thread_mutex_destroy(&m_mutex);}
  61. void lock() { sgx_thread_mutex_lock(&m_mutex); }
  62. void unlock() { sgx_thread_mutex_unlock(&m_mutex); }
  63. private:
  64. sgx_thread_mutex_t m_mutex;
  65. };
  66. //mutex for change g_pse_session, create_pse_session, close_pse_session and crypt_invoke locks it.
  67. static Mutex g_session_mutex;
  68. static sgx_status_t uae_create_session(
  69. uint32_t* session_id,
  70. sgx_dh_msg1_t* se_dh_msg1,
  71. uint32_t timeout
  72. )
  73. {
  74. sgx_status_t status;
  75. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  76. status = create_session_ocall(&ret, session_id, (uint8_t*)se_dh_msg1, sizeof(sgx_dh_msg1_t), timeout);
  77. if (status!=SGX_SUCCESS)
  78. return status;
  79. return ret;
  80. }
  81. static sgx_status_t uae_close_session(
  82. uint32_t session_id,
  83. uint32_t timeout
  84. )
  85. {
  86. sgx_status_t status;
  87. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  88. status = close_session_ocall(&ret, session_id, timeout);
  89. if (status!=SGX_SUCCESS)
  90. return status;
  91. return ret;
  92. }
  93. static sgx_status_t uae_exchange_report(
  94. uint32_t session_id,
  95. sgx_dh_msg2_t* se_dh_msg2,
  96. sgx_dh_msg3_t* se_dh_msg3,
  97. uint32_t timeout
  98. )
  99. {
  100. sgx_status_t status;
  101. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  102. status = exchange_report_ocall(&ret, session_id, (uint8_t*)se_dh_msg2, static_cast<uint32_t>(sizeof(sgx_dh_msg2_t)),
  103. (uint8_t*)se_dh_msg3, static_cast<uint32_t>(sizeof(sgx_dh_msg3_t)+sizeof(cse_sec_prop_t)),timeout);
  104. if (status!=SGX_SUCCESS)
  105. return status;
  106. return ret;
  107. }
  108. static sgx_status_t uae_invoke_service(
  109. uint8_t* pse_message_req, uint32_t pse_message_req_size,
  110. uint8_t* pse_message_resp, uint32_t pse_message_resp_size,
  111. uint32_t timeout
  112. )
  113. {
  114. sgx_status_t status;
  115. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  116. status = invoke_service_ocall(&ret, pse_message_req, pse_message_req_size, pse_message_resp, pse_message_resp_size, timeout);
  117. if (status!=SGX_SUCCESS)
  118. return status;
  119. return ret;
  120. }
  121. static sgx_status_t close_pse_session_within_mutex()
  122. {
  123. sgx_status_t status = SGX_SUCCESS;
  124. if (g_pse_session.session_inited)
  125. {
  126. g_pse_session.session_inited = false;
  127. memset_s(&g_pse_session.authenticated_encryption_key,sizeof(&g_pse_session.authenticated_encryption_key), 0, sizeof(sgx_key_128bit_t));
  128. uint32_t session_id = g_pse_session.session_id;
  129. //Ocall uae_service close_session
  130. status = uae_close_session(session_id, SE_CLOSE_SESSION_TIMEOUT_MSEC);
  131. if (status == SGX_ERROR_AE_SESSION_INVALID)
  132. {
  133. //means session is closed by PSE, it's acceptable
  134. status = SGX_SUCCESS;
  135. }
  136. }
  137. return status;
  138. }
  139. sgx_status_t sgx_close_pse_session()
  140. {
  141. sgx_status_t status = SGX_SUCCESS;
  142. g_session_mutex.lock();
  143. //check session status again after mutex lock got.
  144. status = close_pse_session_within_mutex();
  145. g_session_mutex.unlock();
  146. return status;
  147. }
  148. static sgx_status_t verify_pse(sgx_dh_session_enclave_identity_t* dh_id)
  149. {
  150. //make sure debug flag is not set
  151. if(dh_id->attributes.flags & SGX_FLAGS_DEBUG)
  152. {
  153. return SGX_ERROR_UNEXPECTED;
  154. }
  155. return SGX_SUCCESS;
  156. }
  157. static sgx_status_t create_pse_session_within_mutex()
  158. {
  159. if (g_pse_session.session_inited)
  160. {
  161. return SGX_SUCCESS;
  162. }
  163. sgx_dh_msg3_t* se_dh_msg3 = NULL;
  164. //set invalid session id
  165. uint32_t session_id = INVALID_SESSION_ID;
  166. sgx_status_t status = SGX_ERROR_UNEXPECTED;
  167. //for pse session
  168. sgx_dh_msg1_t se_dh_msg1;
  169. sgx_dh_msg2_t se_dh_msg2;
  170. //for dh session
  171. sgx_dh_session_t dh_session_context;
  172. sgx_key_128bit_t dh_aek;
  173. sgx_dh_session_enclave_identity_t dh_id;
  174. //set start status
  175. status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &dh_session_context);
  176. if (SGX_ERROR_OUT_OF_MEMORY == status)
  177. return SGX_ERROR_OUT_OF_MEMORY;
  178. if(status!=SGX_SUCCESS)
  179. return SGX_ERROR_UNEXPECTED;
  180. se_dh_msg3 = (sgx_dh_msg3_t*)malloc(sizeof(sgx_dh_msg3_t)+sizeof(cse_sec_prop_t));
  181. if(!se_dh_msg3)
  182. return SGX_ERROR_OUT_OF_MEMORY;
  183. do{
  184. //Ocall uae_service create_session, get session_id and se_dh_msg1 from PSE
  185. status = uae_create_session(&session_id,&se_dh_msg1, SE_CREATE_SESSION_TIMEOUT_MSEC);
  186. if (SGX_ERROR_INVALID_PARAMETER == status)
  187. status = SGX_ERROR_UNEXPECTED;
  188. ERROR_BREAK(status);
  189. //process msg1 and generate msg2
  190. status = sgx_dh_initiator_proc_msg1(&se_dh_msg1, &se_dh_msg2, &dh_session_context);
  191. if (SGX_ERROR_OUT_OF_MEMORY == status)
  192. break;
  193. if(status!=SGX_SUCCESS)
  194. {
  195. status = SGX_ERROR_UNEXPECTED;
  196. break;
  197. }
  198. //Ocall uae_service exchange_report, give se_dh_msg2, get se_dh_msg3
  199. status = uae_exchange_report(session_id,&se_dh_msg2, se_dh_msg3, SE_EXCHANGE_REPORT_TIMEOUT_MSEC);
  200. if (SGX_ERROR_INVALID_PARAMETER == status)
  201. status = SGX_ERROR_UNEXPECTED;
  202. ERROR_BREAK(status);
  203. //proc msg3 to get AEK
  204. status = sgx_dh_initiator_proc_msg3(se_dh_msg3, &dh_session_context, &dh_aek, &dh_id);
  205. if (SGX_ERROR_OUT_OF_MEMORY == status)
  206. break;
  207. if(status!=SGX_SUCCESS)
  208. {
  209. status = SGX_ERROR_UNEXPECTED;
  210. break;
  211. }
  212. //verify PSE same as hard-coded attributes
  213. status = verify_pse(&dh_id);
  214. ERROR_BREAK(status);
  215. status = sgx_verify_report(&se_dh_msg3->msg3_body.report);
  216. if (SGX_ERROR_OUT_OF_MEMORY == status)
  217. break;
  218. if(status!=SGX_SUCCESS)
  219. {
  220. status = SGX_ERROR_UNEXPECTED;
  221. break;
  222. }
  223. //fill g_pse_session
  224. g_pse_session.session_id = session_id;
  225. memcpy(&g_pse_session.authenticated_encryption_key , &dh_aek, sizeof(sgx_key_128bit_t));
  226. g_pse_session.ps_security_property.pse_miscselect = dh_id.misc_select;
  227. g_pse_session.ps_security_property.reserved1 = 0;
  228. memset(g_pse_session.ps_security_property.reserved2, 0, sizeof(g_pse_session.ps_security_property.reserved2));
  229. memcpy(&g_pse_session.ps_security_property.pse_attributes, &dh_id.attributes, sizeof(sgx_attributes_t));
  230. memcpy(&g_pse_session.ps_security_property.pse_isvsvn, &dh_id.isv_svn, sizeof(sgx_isv_svn_t));
  231. memcpy(&g_pse_session.ps_security_property.pse_mr_signer, &dh_id.mr_signer, sizeof(sgx_measurement_t));
  232. memcpy(&g_pse_session.ps_security_property.pse_prod_id, &dh_id.isv_prod_id, sizeof(sgx_prod_id_t));
  233. //copy CSE_SEC_PROP of SE_DH_MSG3 to g_pse_session.ps_security_property
  234. pse_dh_msg3_t* pse_dh_msg3 = (pse_dh_msg3_t*)se_dh_msg3;
  235. memcpy(&g_pse_session.ps_security_property.cse_sec_prop, &pse_dh_msg3->cse_sec_prop, sizeof(cse_sec_prop_t));
  236. g_pse_session.session_inited = true;
  237. //reset transaction_number to 0
  238. g_pse_session.transaction_number = 0;
  239. status = SGX_SUCCESS;
  240. break;
  241. }while(0);
  242. SAFE_FREE(se_dh_msg3);
  243. if(status != SGX_SUCCESS && session_id != INVALID_SESSION_ID)
  244. uae_close_session(session_id, SE_CLOSE_SESSION_TIMEOUT_MSEC);//we can do nothing if close_session fails
  245. return status;
  246. }
  247. sgx_status_t sgx_create_pse_session()
  248. {
  249. sgx_status_t status= SGX_ERROR_UNEXPECTED;
  250. //lock mutex, only one thread can create session, others must wait.
  251. g_session_mutex.lock();
  252. status = create_pse_session_within_mutex();
  253. //unlock the session mutex
  254. g_session_mutex.unlock();
  255. return status;
  256. }
  257. sgx_status_t sgx_get_ps_sec_prop(sgx_ps_sec_prop_desc_t* ps_security_property)
  258. {
  259. sgx_status_t ret;
  260. if(!ps_security_property)
  261. return SGX_ERROR_INVALID_PARAMETER;
  262. //lock mutex to read session status
  263. g_session_mutex.lock();
  264. if (g_pse_session.session_inited == true)
  265. {
  266. memcpy(ps_security_property,&g_pse_session.ps_security_property,sizeof(sgx_ps_sec_prop_desc_t));
  267. ret = SGX_SUCCESS;
  268. }
  269. else
  270. ret = SGX_ERROR_AE_SESSION_INVALID;
  271. //unlock the session mutex
  272. g_session_mutex.unlock();
  273. return ret;
  274. }
  275. sgx_status_t sgx_get_ps_sec_prop_ex(sgx_ps_sec_prop_desc_ex_t* ps_security_property_ex)
  276. {
  277. sgx_status_t ret;
  278. if (!ps_security_property_ex)
  279. return SGX_ERROR_INVALID_PARAMETER;
  280. ret = sgx_get_ps_sec_prop(&ps_security_property_ex->ps_sec_prop_desc);
  281. if (ret != SGX_SUCCESS)
  282. {
  283. return ret;
  284. }
  285. se_ps_sec_prop_desc_internal_t* desc_internal =
  286. (se_ps_sec_prop_desc_internal_t*)&ps_security_property_ex->ps_sec_prop_desc;
  287. memcpy(&ps_security_property_ex->pse_mrsigner, &desc_internal->pse_mr_signer, sizeof(sgx_measurement_t));
  288. memcpy(&ps_security_property_ex->pse_prod_id, &desc_internal->pse_prod_id, sizeof(sgx_prod_id_t));
  289. memcpy(&ps_security_property_ex->pse_isv_svn, &desc_internal->pse_isvsvn, sizeof(sgx_isv_svn_t));
  290. return ret;
  291. }
  292. static sgx_status_t verify_msg_hdr(pse_req_hdr_t* req_payload_hdr, pse_resp_hdr_t* resp_payload_hdr)
  293. {
  294. sgx_status_t ret = SGX_SUCCESS;
  295. if(resp_payload_hdr->service_id != req_payload_hdr->service_id ||
  296. resp_payload_hdr->service_cmd != req_payload_hdr->service_cmd ||
  297. //resp seq_num increases one by PSE
  298. resp_payload_hdr->seq_num != req_payload_hdr->seq_num+1||
  299. //transaction_number has increase one after setting seq_num
  300. g_pse_session.transaction_number != resp_payload_hdr->seq_num/2 +1)
  301. {
  302. ret = SGX_ERROR_UNEXPECTED;
  303. }
  304. else if(resp_payload_hdr->status != PSE_SUCCESS)
  305. {
  306. switch (resp_payload_hdr->status)
  307. {
  308. case PSE_ERROR_INTERNAL:
  309. ret = SGX_ERROR_UNEXPECTED;
  310. break;
  311. case PSE_ERROR_BUSY:
  312. ret = SGX_ERROR_BUSY;
  313. break;
  314. case PSE_ERROR_MC_NOT_FOUND:
  315. ret = SGX_ERROR_MC_NOT_FOUND;
  316. break;
  317. case PSE_ERROR_MC_NO_ACCESS_RIGHT:
  318. ret = SGX_ERROR_MC_NO_ACCESS_RIGHT;
  319. break;
  320. case PSE_ERROR_UNKNOWN_REQ:
  321. ret = SGX_ERROR_INVALID_PARAMETER;
  322. break;
  323. case PSE_ERROR_CAP_NOT_AVAILABLE:
  324. ret = SGX_ERROR_SERVICE_UNAVAILABLE;
  325. break;
  326. case PSE_ERROR_MC_USED_UP:
  327. ret = SGX_ERROR_MC_USED_UP;
  328. break;
  329. case PSE_ERROR_MC_OVER_QUOTA:
  330. ret = SGX_ERROR_MC_OVER_QUOTA;
  331. break;
  332. case PSE_ERROR_INVALID_POLICY:
  333. ret = SGX_ERROR_INVALID_PARAMETER;
  334. break;
  335. default:
  336. ret = SGX_ERROR_UNEXPECTED;
  337. break;
  338. }
  339. }
  340. return ret;
  341. }
  342. //increase nonce, build msg, encrypt msg, call invoke_service, decrypt msg, verify msg format
  343. static sgx_status_t crypt_invoke(pse_message_t* req_msg, uint32_t req_msg_size,
  344. pse_req_hdr_t* req_payload_hdr,
  345. uint32_t timeout,
  346. pse_message_t* resp_msg, uint32_t resp_msg_size,
  347. pse_resp_hdr_t* resp_payload_hdr
  348. )
  349. {
  350. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  351. int retry = RETRY_TIMES;
  352. //lock transaction_number
  353. g_session_mutex.lock();
  354. //don't need to lock g_pse_session.sgx_spin_lock, g_pse_session only changes when g_session_mutex is locked.
  355. if (!g_pse_session.session_inited)
  356. {
  357. g_session_mutex.unlock();
  358. return SGX_ERROR_AE_SESSION_INVALID;
  359. }
  360. //retry only when return value of uae_invoke_service is SGX_ERROR_AE_SESSION_INVALID,
  361. //which means that session is closed by PSE or transaction_number is out of order.
  362. //In these situation, session needs to reestablish and retry the invoke_service.
  363. while(retry --)
  364. {
  365. //prevent transaction_number from rolling over. 0x7fffffff and below is valid
  366. if(g_pse_session.transaction_number > 0x7fffffff){
  367. //if unexpected failure of following close_pse_session_within_mutex() and create_pse_session_within_mutex()
  368. //return SGX_ERROR_AE_SESSION_INVALID to user
  369. ret = SGX_ERROR_AE_SESSION_INVALID;
  370. //need to close current session and create a new session
  371. //create_pse_session_within_mutex will reset the g_pse_session.transaction_number
  372. //close_session failure will always return SGX_ERROR_AE_SESSION_INVALID
  373. ERROR_BREAK(close_pse_session_within_mutex());
  374. //create_session failure will return SGX_ERROR_BUSY on SGX_ERROR_BUSY, SGX_ERROR_OUT_OF_MEMORY on SGX_ERROR_OUT_OF_MEMORY,
  375. //and SGX_ERROR_AE_SESSION_INVALID on other error code
  376. sgx_status_t aesm_status = create_pse_session_within_mutex();
  377. switch (aesm_status)
  378. {
  379. case SGX_ERROR_BUSY:
  380. ret = SGX_ERROR_BUSY;
  381. break;
  382. case SGX_ERROR_OUT_OF_MEMORY:
  383. ret = SGX_ERROR_OUT_OF_MEMORY;
  384. break;
  385. default:
  386. break;
  387. }
  388. ERROR_BREAK(aesm_status);
  389. }
  390. //set seq_num
  391. req_payload_hdr->seq_num = g_pse_session.transaction_number*2;
  392. //increase transaction_number
  393. g_pse_session.transaction_number++;
  394. //set request message session id
  395. req_msg->session_id = g_pse_session.session_id;
  396. //encrypt_msg with authenticated_encryption_key of the session
  397. if (!encrypt_msg(req_msg, (uint8_t*)req_payload_hdr, &g_pse_session.authenticated_encryption_key))
  398. {
  399. ret = SGX_ERROR_UNEXPECTED;
  400. break;
  401. }
  402. //ocall invoke_service
  403. ret = uae_invoke_service((uint8_t*)req_msg, (req_msg_size),
  404. (uint8_t*)resp_msg, resp_msg_size, timeout);
  405. if (SGX_ERROR_AE_SESSION_INVALID == ret)
  406. {
  407. //close_session failure will always return SGX_ERROR_AE_SESSION_INVALID
  408. ERROR_BREAK(close_pse_session_within_mutex());
  409. //recreating session
  410. sgx_status_t aesm_status = create_pse_session_within_mutex();
  411. if(SGX_SUCCESS == aesm_status)
  412. continue;
  413. switch (aesm_status)
  414. {
  415. case SGX_ERROR_BUSY:
  416. ret = SGX_ERROR_BUSY;
  417. break;
  418. case SGX_ERROR_OUT_OF_MEMORY:
  419. ret = SGX_ERROR_OUT_OF_MEMORY;
  420. break;
  421. default:
  422. break;
  423. }
  424. }
  425. ERROR_BREAK(ret);
  426. //decrypt_msg with authenticated_encryption_key of the session
  427. if(!decrypt_msg(resp_msg, (uint8_t*)resp_payload_hdr, &g_pse_session.authenticated_encryption_key))
  428. {
  429. ret = SGX_ERROR_UNEXPECTED;
  430. break;
  431. }
  432. ret = verify_msg_hdr(req_payload_hdr,resp_payload_hdr);
  433. break;
  434. }
  435. g_session_mutex.unlock();
  436. return ret;
  437. }
  438. sgx_status_t sgx_get_trusted_time(
  439. sgx_time_t* current_time,
  440. sgx_time_source_nonce_t* time_source_nonce
  441. )
  442. {
  443. if(!current_time || !time_source_nonce)
  444. return SGX_ERROR_INVALID_PARAMETER;
  445. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_TIMER_READ_REQ_SIZE);
  446. if (!req_msg)
  447. return SGX_ERROR_OUT_OF_MEMORY;
  448. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_TIMER_READ_RESP_SIZE);
  449. if (!resp_msg)
  450. {
  451. free(req_msg);
  452. return SGX_ERROR_OUT_OF_MEMORY;
  453. }
  454. memset(req_msg, 0, PSE_TIMER_READ_REQ_SIZE);
  455. memset(resp_msg, 0, PSE_TIMER_READ_RESP_SIZE);
  456. req_msg->exp_resp_size = sizeof(pse_timer_read_resp_t);
  457. req_msg->payload_size = sizeof(pse_timer_read_req_t);
  458. pse_timer_read_req_t timer_req;
  459. timer_req.req_hdr.service_id = PSE_TRUSTED_TIME_SERVICE;
  460. timer_req.req_hdr.service_cmd = PSE_TIMER_READ;
  461. pse_timer_read_resp_t timer_resp;
  462. memset(&timer_resp, 0, sizeof(pse_timer_read_resp_t));
  463. sgx_status_t status;
  464. status = crypt_invoke(req_msg, PSE_TIMER_READ_REQ_SIZE, &timer_req.req_hdr, SE_GET_TRUSTED_TIME_TIMEOUT_MSEC,
  465. resp_msg, PSE_TIMER_READ_RESP_SIZE, &timer_resp.resp_hdr);
  466. if (status==SGX_SUCCESS)
  467. {
  468. memcpy(current_time, &timer_resp.timestamp, sizeof(sgx_time_t));
  469. memcpy(time_source_nonce,timer_resp.time_source_nonce,sizeof(sgx_time_source_nonce_t));
  470. }
  471. //error condition
  472. free(req_msg);
  473. free(resp_msg);
  474. return status;
  475. }
  476. se_static_assert(SGX_MC_POLICY_SIGNER == MC_POLICY_SIGNER);
  477. se_static_assert(SGX_MC_POLICY_ENCLAVE == MC_POLICY_ENCLAVE);
  478. sgx_status_t sgx_create_monotonic_counter_ex(
  479. uint16_t owner_policy,
  480. const sgx_attributes_t* owner_attribute_mask,
  481. sgx_mc_uuid_t* counter_uuid,
  482. uint32_t* counter_value
  483. )
  484. {
  485. if (!counter_value || !counter_uuid || !owner_attribute_mask)
  486. {
  487. return SGX_ERROR_INVALID_PARAMETER;
  488. }
  489. if ( 0!= (~(MC_POLICY_SIGNER | MC_POLICY_ENCLAVE) & owner_policy) ||
  490. 0 == ((MC_POLICY_SIGNER | MC_POLICY_ENCLAVE)& owner_policy))
  491. {
  492. return SGX_ERROR_INVALID_PARAMETER;
  493. }
  494. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_CREATE_MC_REQ_SIZE);
  495. if (!req_msg)
  496. return SGX_ERROR_OUT_OF_MEMORY;
  497. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_CREATE_MC_RESP_SIZE);
  498. if (!resp_msg)
  499. {
  500. free(req_msg);
  501. return SGX_ERROR_OUT_OF_MEMORY;
  502. }
  503. memset(req_msg, 0, PSE_CREATE_MC_REQ_SIZE);
  504. memset(resp_msg, 0, PSE_CREATE_MC_RESP_SIZE);
  505. req_msg->exp_resp_size = sizeof(pse_mc_create_resp_t);
  506. req_msg->payload_size = sizeof(pse_mc_create_req_t);
  507. pse_mc_create_req_t mc_req;
  508. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  509. mc_req.req_hdr.service_cmd = PSE_MC_CREATE;
  510. mc_req.policy = owner_policy;
  511. memcpy(mc_req.attr_mask, owner_attribute_mask, sizeof(mc_req.attr_mask));
  512. pse_mc_create_resp_t mc_resp;
  513. memset(&mc_resp, 0, sizeof(pse_mc_create_resp_t));
  514. sgx_status_t status;
  515. status = crypt_invoke(req_msg, PSE_CREATE_MC_REQ_SIZE, &mc_req.req_hdr, SE_CREATE_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  516. resp_msg, PSE_CREATE_MC_RESP_SIZE, &mc_resp.resp_hdr);
  517. if (status == SGX_SUCCESS)
  518. {
  519. memcpy(counter_uuid->counter_id, &mc_resp.counter_id,sizeof(counter_uuid->counter_id));
  520. memcpy(counter_uuid->nonce, &mc_resp.nonce,sizeof(counter_uuid->nonce));
  521. //align with initial counter_value hard-coded in PSE
  522. *counter_value = 0;
  523. }
  524. //error condition
  525. free(req_msg);
  526. free(resp_msg);
  527. return status;
  528. }
  529. sgx_status_t sgx_create_monotonic_counter(
  530. sgx_mc_uuid_t* counter_uuid,
  531. uint32_t* counter_value
  532. )
  533. {
  534. // Default attribute mask
  535. sgx_attributes_t attr_mask;
  536. attr_mask.flags = DEFAULT_VMC_ATTRIBUTE_MASK;
  537. attr_mask.xfrm = DEFAULT_VMC_XFRM_MASK;
  538. return sgx_create_monotonic_counter_ex(MC_POLICY_SIGNER,
  539. &attr_mask,
  540. counter_uuid,
  541. counter_value
  542. );
  543. }
  544. sgx_status_t sgx_destroy_monotonic_counter(const sgx_mc_uuid_t* counter_uuid)
  545. {
  546. if (!counter_uuid)
  547. {
  548. return SGX_ERROR_INVALID_PARAMETER;
  549. }
  550. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_DEL_MC_REQ_SIZE);
  551. if (!req_msg)
  552. return SGX_ERROR_OUT_OF_MEMORY;
  553. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_DEL_MC_RESP_SIZE);
  554. if (!resp_msg)
  555. {
  556. free(req_msg);
  557. return SGX_ERROR_OUT_OF_MEMORY;
  558. }
  559. memset(req_msg, 0, PSE_DEL_MC_REQ_SIZE);
  560. memset(resp_msg, 0, PSE_DEL_MC_RESP_SIZE);
  561. req_msg->exp_resp_size = sizeof(pse_mc_del_resp_t);
  562. req_msg->payload_size = sizeof(pse_mc_del_req_t);
  563. pse_mc_del_req_t mc_req;
  564. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  565. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  566. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  567. mc_req.req_hdr.service_cmd = PSE_MC_DEL;
  568. pse_mc_del_resp_t mc_resp;
  569. memset(&mc_resp, 0, sizeof(pse_mc_del_resp_t));
  570. sgx_status_t status;
  571. status = crypt_invoke(req_msg, PSE_DEL_MC_REQ_SIZE, &mc_req.req_hdr, SE_DESTROY_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  572. resp_msg, PSE_DEL_MC_RESP_SIZE, &mc_resp.resp_hdr);
  573. //error condition
  574. free(req_msg);
  575. free(resp_msg);
  576. return status;
  577. }
  578. sgx_status_t sgx_increment_monotonic_counter(
  579. const sgx_mc_uuid_t* counter_uuid,
  580. uint32_t* counter_value
  581. )
  582. {
  583. if (!counter_value || !counter_uuid)
  584. {
  585. return SGX_ERROR_INVALID_PARAMETER;
  586. }
  587. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_INC_MC_REQ_SIZE);
  588. if (!req_msg)
  589. return SGX_ERROR_OUT_OF_MEMORY;
  590. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_INC_MC_RESP_SIZE);
  591. if (!resp_msg)
  592. {
  593. free(req_msg);
  594. return SGX_ERROR_OUT_OF_MEMORY;
  595. }
  596. memset(req_msg, 0, PSE_INC_MC_REQ_SIZE);
  597. memset(resp_msg, 0, PSE_INC_MC_RESP_SIZE);
  598. req_msg->exp_resp_size = sizeof(pse_mc_inc_resp_t);
  599. req_msg->payload_size = sizeof(pse_mc_inc_req_t);
  600. pse_mc_inc_req_t mc_req;
  601. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  602. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  603. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  604. mc_req.req_hdr.service_cmd = PSE_MC_INC;
  605. pse_mc_inc_resp_t mc_resp;
  606. memset(&mc_resp, 0, sizeof(pse_mc_inc_resp_t));
  607. sgx_status_t status;
  608. status = crypt_invoke(req_msg, PSE_INC_MC_REQ_SIZE, &mc_req.req_hdr, SE_INCREMENT_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  609. resp_msg, PSE_INC_MC_RESP_SIZE, &mc_resp.resp_hdr);
  610. if (status == SGX_SUCCESS)
  611. {
  612. *counter_value = mc_resp.counter_value;
  613. }
  614. //error condition
  615. free(req_msg);
  616. free(resp_msg);
  617. return status;
  618. }
  619. sgx_status_t sgx_read_monotonic_counter(
  620. const sgx_mc_uuid_t* counter_uuid,
  621. uint32_t* counter_value
  622. )
  623. {
  624. if (!counter_value || !counter_uuid)
  625. {
  626. return SGX_ERROR_INVALID_PARAMETER;
  627. }
  628. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_READ_MC_REQ_SIZE);
  629. if (!req_msg)
  630. return SGX_ERROR_OUT_OF_MEMORY;
  631. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_READ_MC_RESP_SIZE);
  632. if (!resp_msg)
  633. {
  634. free(req_msg);
  635. return SGX_ERROR_OUT_OF_MEMORY;
  636. }
  637. memset(req_msg, 0, PSE_READ_MC_REQ_SIZE);
  638. memset(resp_msg, 0, PSE_READ_MC_RESP_SIZE);
  639. req_msg->exp_resp_size = sizeof(pse_mc_read_resp_t);
  640. req_msg->payload_size = sizeof(pse_mc_read_req_t);
  641. pse_mc_read_req_t mc_req;
  642. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  643. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  644. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  645. mc_req.req_hdr.service_cmd = PSE_MC_READ;
  646. pse_mc_read_resp_t mc_resp;
  647. memset(&mc_resp, 0, sizeof(pse_mc_read_resp_t));
  648. sgx_status_t status;
  649. status = crypt_invoke(req_msg, PSE_READ_MC_REQ_SIZE, &mc_req.req_hdr, SE_READ_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  650. resp_msg, PSE_READ_MC_RESP_SIZE, &mc_resp.resp_hdr);
  651. if (status == SGX_SUCCESS)
  652. {
  653. *counter_value = mc_resp.counter_value;
  654. }
  655. //error condition
  656. free(req_msg);
  657. free(resp_msg);
  658. return status;
  659. }