u_certificate_provisioning.cpp 31 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "u_certificate_provisioning.h"
  32. #include "helper.h"
  33. #include "CertificateProvisioningProtocol.h"
  34. #include "sgx_quote.h"
  35. #include <Buffer.h>
  36. #include <cstddef>
  37. #include <assert.h>
  38. #include <string.h>
  39. #include "uecall_bridge.h"
  40. #include "aeerror.h"
  41. #include "epid/common/types.h"
  42. #include "provision_msg.h"
  43. #include "qe_logic.h"
  44. #include "aesm_logic.h"
  45. #include "endpoint_select_info.h"
  46. #include "pve_logic.h"
  47. #include "sgx_tseal.h"
  48. #include "pairing_blob.h"
  49. #include "helper.h"
  50. #include "PSEPRClass.h"
  51. #include "platform_info_blob.h"
  52. #include "oal/oal.h"
  53. #include "se_sig_rl.h"
  54. #include "le2be_macros.h"
  55. #include "pibsk_pub.hh"
  56. #include "aesm_long_lived_thread.h"
  57. #include "sgx_sha256_128.h"
  58. #define PSEPR_LOST_ENCLAVE_RETRY_COUNT 3
  59. //#define FAKE_QUOTE
  60. #ifndef FAKE_QUOTE
  61. uint8_t GID_TO_USE[4] = { 0x00, 0x00, 0x14, 0x01 };
  62. #else
  63. uint8_t GID_TO_USE[4] = { 0x00, 0x00, 0x00, 0x06 };
  64. #endif
  65. /* hardcoded "Public" PSE Certificate */
  66. /*
  67. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  68. *
  69. * Redistribution and use in source and binary forms, with or without
  70. * modification, are permitted provided that the following conditions
  71. * are met:
  72. *
  73. * * Redistributions of source code must retain the above copyright
  74. * notice, this list of conditions and the following disclaimer.
  75. * * Redistributions in binary form must reproduce the above copyright
  76. * notice, this list of conditions and the following disclaimer in
  77. * the documentation and/or other materials provided with the
  78. * distribution.
  79. * * Neither the name of Intel Corporation nor the names of its
  80. * contributors may be used to endorse or promote products derived
  81. * from this software without specific prior written permission.
  82. *
  83. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  84. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  85. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  86. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  87. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  88. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  89. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  90. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  91. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  92. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  93. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  94. *
  95. */
  96. #if defined(NO_PROVISIONING_SERVER)
  97. #define PUBLIC_PSE_CERT_LEN 770
  98. static const uint8_t PUBLIC_PSE_CERT[PUBLIC_PSE_CERT_LEN] =
  99. {
  100. 0x30, 0x82, 0x02, 0xFE, 0x30, 0x82, 0x02, 0xA3, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x77,
  101. 0xAC, 0xBD, 0xE3, 0xC4, 0xE3, 0x00, 0xC1, 0x19, 0x14, 0x70, 0xBF, 0x23, 0x76, 0x83, 0x90, 0x91,
  102. 0x42, 0x3B, 0xEA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
  103. 0x81, 0x8A, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
  104. 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x14, 0x30, 0x12,
  105. 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x0B, 0x53, 0x61, 0x6E, 0x74, 0x61, 0x20, 0x43, 0x6C, 0x61,
  106. 0x72, 0x61, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x49, 0x6E, 0x74,
  107. 0x65, 0x6C, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x24,
  108. 0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x1B, 0x45, 0x50, 0x49, 0x44, 0x20, 0x61, 0x6E,
  109. 0x64, 0x20, 0x53, 0x49, 0x47, 0x4D, 0x41, 0x20, 0x72, 0x6F, 0x6F, 0x74, 0x20, 0x73, 0x69, 0x67,
  110. 0x6E, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77,
  111. 0x77, 0x77, 0x2E, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D,
  112. 0x31, 0x33, 0x30, 0x38, 0x31, 0x35, 0x31, 0x35, 0x34, 0x32, 0x33, 0x32, 0x5A, 0x17, 0x0D, 0x34,
  113. 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, 0xB7, 0x31,
  114. 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x0C, 0x02, 0x55, 0x53, 0x31, 0x0B, 0x30, 0x09,
  115. 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
  116. 0x04, 0x07, 0x0C, 0x0B, 0x53, 0x61, 0x6E, 0x74, 0x61, 0x20, 0x43, 0x6C, 0x61, 0x72, 0x61, 0x31,
  117. 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x49, 0x6E, 0x74, 0x65, 0x6C, 0x20,
  118. 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x37, 0x30, 0x35, 0x06,
  119. 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x2E, 0x49, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x50, 0x53, 0x45, 0x20,
  120. 0x44, 0x37, 0x33, 0x33, 0x45, 0x35, 0x32, 0x46, 0x2D, 0x43, 0x34, 0x43, 0x34, 0x2D, 0x41, 0x43,
  121. 0x36, 0x39, 0x2D, 0x41, 0x44, 0x41, 0x46, 0x2D, 0x31, 0x42, 0x31, 0x36, 0x45, 0x32, 0x42, 0x32,
  122. 0x31, 0x45, 0x32, 0x36, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77,
  123. 0x77, 0x77, 0x2E, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x18, 0x30, 0x16,
  124. 0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x08, 0x46, 0x46,
  125. 0x46, 0x46, 0x46, 0x46, 0x46, 0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
  126. 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
  127. 0x04, 0x73, 0x27, 0xB9, 0x51, 0x38, 0x9A, 0x03, 0x23, 0xEC, 0xFF, 0xCA, 0xCE, 0x84, 0x51, 0x6B,
  128. 0xB1, 0x10, 0xC1, 0x19, 0xF5, 0x11, 0xB4, 0x38, 0xAD, 0xE0, 0xAA, 0xC2, 0xFF, 0x77, 0x84, 0x49,
  129. 0x32, 0x85, 0x9B, 0xFB, 0x21, 0x97, 0xBF, 0xA1, 0x34, 0xF7, 0x07, 0x00, 0xD3, 0xA9, 0xF5, 0x3C,
  130. 0x8C, 0xE9, 0x9D, 0xF8, 0x62, 0xA1, 0x69, 0xA4, 0xB4, 0x06, 0xFA, 0x49, 0x91, 0x89, 0xC8, 0x6C,
  131. 0x1C, 0xA3, 0x81, 0xB7, 0x30, 0x81, 0xB4, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
  132. 0xFF, 0x04, 0x04, 0x03, 0x02, 0x06, 0xC0, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01,
  133. 0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x13, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF8, 0x4D, 0x01,
  134. 0x09, 0x02, 0x01, 0x01, 0xFF, 0x04, 0x03, 0x0A, 0x01, 0x02, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D,
  135. 0x0E, 0x04, 0x16, 0x04, 0x14, 0xA1, 0xFF, 0x7A, 0xE1, 0xF5, 0x9D, 0x68, 0x4D, 0x84, 0x0C, 0x5A,
  136. 0x69, 0xDA, 0xD5, 0xC2, 0x96, 0x9C, 0x32, 0x87, 0x29, 0x30, 0x3F, 0x06, 0x03, 0x55, 0x1D, 0x1F,
  137. 0x04, 0x38, 0x30, 0x36, 0x30, 0x34, 0xA0, 0x32, 0xA0, 0x30, 0x86, 0x2E, 0x68, 0x74, 0x74, 0x70,
  138. 0x3A, 0x2F, 0x2F, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x73, 0x2E, 0x69, 0x6E, 0x74, 0x65,
  139. 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x63, 0x6F, 0x6E, 0x74, 0x65, 0x6E, 0x74, 0x2F, 0x43, 0x52,
  140. 0x4C, 0x2F, 0x45, 0x50, 0x49, 0x44, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D,
  141. 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x66, 0xE0, 0x68, 0x4F, 0x57, 0x61, 0x49, 0x9B, 0x1F,
  142. 0x7D, 0xFE, 0x55, 0x87, 0xE5, 0x54, 0xAB, 0xF8, 0x1B, 0x5B, 0xD9, 0x30, 0x0A, 0x06, 0x08, 0x2A,
  143. 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xCA,
  144. 0x40, 0xA4, 0x60, 0xDA, 0xAD, 0x4E, 0x9E, 0xAE, 0xE9, 0x5D, 0xEB, 0x0D, 0x17, 0xD9, 0xE1, 0xFF,
  145. 0xA3, 0xB4, 0x0F, 0x3D, 0xF2, 0x14, 0x1B, 0x89, 0x8F, 0x52, 0x2C, 0x4E, 0xEE, 0xFB, 0xE7, 0x02,
  146. 0x21, 0x00, 0x9D, 0x7D, 0xEB, 0x47, 0xE9, 0xFA, 0xAF, 0x00, 0xA3, 0x68, 0xBC, 0xDF, 0x1C, 0x9E,
  147. 0xB1, 0xA9, 0xA8, 0x7A, 0x0D, 0x90, 0xB2, 0xCC, 0x96, 0x2C, 0x31, 0x9B, 0x74, 0xE9, 0xBA, 0x17,
  148. 0x28, 0xB6
  149. };
  150. #endif
  151. //*********************************************************************
  152. // Prototypes of static functions
  153. //*********************************************************************
  154. static ae_error_t do_quote_initialization
  155. (
  156. /*out */ upse::Buffer& targetInfo,
  157. /*out */ GroupId* pGID
  158. );
  159. static ae_error_t do_get_quote
  160. (
  161. /*in */ upse::Buffer& report,
  162. /*in */ upse::Buffer& sigRL,
  163. /*out*/ upse::Buffer& quote
  164. );
  165. static ae_error_t do_certificate_chain_provisioning
  166. (
  167. /*in */ const endpoint_selection_infos_t& es_info,
  168. /*out*/ platform_info_blob_wrapper_t* pib_wrapper
  169. );
  170. ae_error_t ConvertBackendStatus(CertificateProvisioningProtocol& cpp, ae_error_t status)
  171. {
  172. if (AE_FAILED(status))
  173. {
  174. if (PSE_PRS_OK != cpp.GetProtocolResponseStatus())
  175. {
  176. SGX_DBGPRINT_ONE_STRING_ONE_INT("Backend ProtocolResponseStatus", cpp.GetProtocolResponseStatus());
  177. switch (cpp.GetProtocolResponseStatus())
  178. {
  179. case PSE_PRS_INVALID_GID: status = AESM_PSE_PR_BACKEND_INVALID_GID; break;
  180. case PSE_PRS_GID_REVOKED: status = AESM_PSE_PR_BACKEND_GID_REVOKED; break;
  181. case PSE_PRS_INVALID_QUOTE: status = AESM_PSE_PR_BACKEND_INVALID_QUOTE; break;
  182. case PSE_PRS_INVALID_REQUEST: status = AESM_PSE_PR_BACKEND_INVALID_REQUEST; break;
  183. default: status = AESM_PSE_PR_BACKEND_UNKNOWN_PROTOCOL_RESPONSE; break;
  184. }
  185. AESM_DBG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE], status);
  186. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE], status);
  187. }
  188. else if (GRS_OK != cpp.GetGeneralResponseStatus())
  189. {
  190. SGX_DBGPRINT_ONE_STRING_ONE_INT("Backend GeneralResponseStatus", cpp.GetGeneralResponseStatus());
  191. switch (cpp.GetGeneralResponseStatus())
  192. {
  193. case GRS_SERVER_BUSY: status = AESM_PSE_PR_BACKEND_SERVER_BUSY; break;
  194. case GRS_INTEGRITY_CHECK_FAIL: status = AESM_PSE_PR_BACKEND_INTEGRITY_CHECK_FAIL; break;
  195. case GRS_INCORRECT_SYNTAX: status = AESM_PSE_PR_BACKEND_INCORRECT_SYNTAX; break;
  196. case GRS_INCOMPATIBLE_VERSION: status = PSW_UPDATE_REQUIRED; break;
  197. case GRS_TRANSACTION_STATE_LOST: status = AESM_PSE_PR_BACKEND_TRANSACTION_STATE_LOST; break;
  198. case GRS_PROTOCOL_ERROR: status = AESM_PSE_PR_BACKEND_PROTOCOL_ERROR; break;
  199. case GRS_INTERNAL_ERROR: status = AESM_PSE_PR_BACKEND_INTERNAL_ERROR; break;
  200. default: status = AESM_PSE_PR_BACKEND_UNKNOWN_PROTOCOL_RESPONSE; break;
  201. }
  202. AESM_DBG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_GENERAL_RESPONSE_FAILURE], status);
  203. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_GENERAL_RESPONSE_FAILURE], status);
  204. }
  205. else
  206. {
  207. switch (status)
  208. {
  209. case OAL_NETWORK_UNAVAILABLE_ERROR:
  210. {
  211. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_FAILURE]);
  212. break;
  213. }
  214. case PSE_PAIRING_BLOB_UNSEALING_ERROR:
  215. {
  216. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_LTP_BLOB_INTEGRITY_ERROR]);
  217. break;
  218. }
  219. case PSE_PAIRING_BLOB_INVALID_ERROR:
  220. {
  221. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_LTP_BLOB_INVALID_ERROR]);
  222. break;
  223. }
  224. case AESM_PSE_PR_BACKEND_MSG4_PLATFORM_INFO_BLOB_SIZE:
  225. {
  226. //
  227. // happens if pib returned is not the right size
  228. //
  229. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE]);
  230. break;
  231. }
  232. case AE_FAILURE:
  233. {
  234. //
  235. // happens if problem with proxy setting
  236. //
  237. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_FAILURE]);
  238. break;
  239. }
  240. case AESM_CP_ATTESTATION_FAILURE:
  241. {
  242. AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_ATTESTATION_ERROR]);
  243. break;
  244. }
  245. default:
  246. {
  247. AESM_DBG_ERROR("Error in ConvertBackendStatus(status) : status = %d (%xh)", status, status);
  248. break;
  249. }
  250. }
  251. }
  252. }
  253. return status;
  254. }
  255. //*********************************************************************
  256. // Main engine routine for Certificate Chain Provisioning
  257. //*********************************************************************
  258. ae_error_t certificate_chain_provisioning(const endpoint_selection_infos_t& es_info, platform_info_blob_wrapper_t* pib_wrapper)
  259. {
  260. ae_error_t status = AE_FAILURE;
  261. AESM_DBG_TRACE("enter fun");
  262. try
  263. {
  264. do
  265. {
  266. status = do_certificate_chain_provisioning(es_info, pib_wrapper);
  267. if (status == PSE_PR_ENCLAVE_LOST_ERROR)
  268. {
  269. //
  270. // went to sleep while in enclave
  271. // in this case (beginning of flow), we should just retry, after first destroying and then reloading
  272. // note that this code gets significantly more complicated if the PSE-pr ever becomes multi-threaded
  273. //
  274. for (unsigned rcount = 0; rcount < PSEPR_LOST_ENCLAVE_RETRY_COUNT; rcount++)
  275. {
  276. CPSEPRClass::instance().unload_enclave();
  277. if (0 != CPSEPRClass::instance().load_enclave())
  278. {
  279. status = AE_FAILURE;
  280. break;
  281. }
  282. SaveEnclaveID(CPSEPRClass::instance().GetEID());
  283. status = do_certificate_chain_provisioning(es_info, pib_wrapper);
  284. if (status != PSE_PR_ENCLAVE_LOST_ERROR)
  285. break;
  286. }
  287. }
  288. BREAK_IF_FAILED(status);
  289. status = AE_SUCCESS;
  290. } while (0);
  291. }
  292. catch (...)
  293. {
  294. status = AESM_PSE_PR_EXCEPTION;
  295. }
  296. SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
  297. SGX_DBGPRINT_PRINT_ANSI_STRING("End Certificate Chain Provisioning");
  298. return status;
  299. }
  300. //*********************************************************************
  301. // Do the certificate chain provisioning logic
  302. //*********************************************************************
  303. static ae_error_t do_certificate_chain_provisioning
  304. (
  305. /*in */ const endpoint_selection_infos_t& es_info,
  306. /*out*/ platform_info_blob_wrapper_t* pib_wrapper
  307. )
  308. {
  309. if (NULL == pib_wrapper)
  310. return AESM_PSE_PR_BAD_POINTER_ERROR;
  311. ae_error_t status = AE_FAILURE;
  312. upse::Buffer target_info;
  313. uint32_t gid = 0;
  314. // GroupId gid = {0}; // Send to Server in M1
  315. upse::Buffer nonce; // Receive from Server in M2
  316. upse::Buffer sig_rl; // Receive from Server in M2
  317. upse::Buffer csr_pse; // Send to Server in M3
  318. upse::Buffer quote; // Send to Server in M3
  319. std::list<upse::Buffer> certChain; // Receive from Server in M4
  320. upse::Buffer report; // Received from PSE_pr
  321. upse::Buffer pairing_blob; // Received from PSE_pr
  322. upse::Buffer ocsp_req; // Created here from cert chain
  323. const char *szURL = EndpointSelectionInfo::instance().get_pse_provisioning_url(es_info);
  324. memset(pib_wrapper, 0, sizeof(platform_info_blob_wrapper_t)); // Receive from Server in M4
  325. CertificateProvisioningProtocol cpp;
  326. SGX_DBGPRINT_PRINT_ANSI_STRING("Begin Certificate (PSE) Provisioning");
  327. do
  328. {
  329. Helper::RemoveCertificateChain();
  330. Helper::delete_ocsp_response_vlr();
  331. #if defined(NO_PROVISIONING_SERVER)
  332. {
  333. //*********************************************************************
  334. // Use hardcoded Cert.
  335. //*********************************************************************
  336. SGX_DBGPRINT_PRINT_ANSI_STRING("Using Hard Coded Cert");
  337. status = tPrepareForCertificateProvisioning_hardcoded_privatekey(pairing_blob);
  338. BREAK_IF_FAILED(status);
  339. /* Use the hardcoded "Public" Cert */
  340. upse::Buffer Cert;
  341. Cert.Alloc(PUBLIC_PSE_CERT_LEN);
  342. upse::BufferWriter bwCert(Cert);
  343. uint8_t* pCert;
  344. status = bwCert.reserve(PUBLIC_PSE_CERT_LEN, &pCert);
  345. BREAK_IF_FAILED(status);
  346. memcpy_s(pCert, PUBLIC_PSE_CERT_LEN, PUBLIC_PSE_CERT, PUBLIC_PSE_CERT_LEN);
  347. certChain.push_back(Cert);
  348. }
  349. #else
  350. {
  351. status = cpp.init(szURL, es_info.pek);
  352. BREAK_IF_FAILED(status);
  353. //=====================================================================
  354. // Start: CERTIFICATE CHAIN PROVISIONING (3.6.7.1.1.2.1)
  355. //=====================================================================
  356. //*********************************************************************
  357. // Retrieve GID_SE from the QE
  358. SGX_DBGPRINT_PRINT_ANSI_STRING("quote init?");
  359. //*********************************************************************
  360. status = do_quote_initialization(target_info, (GroupId*)&gid);
  361. BREAK_IF_FAILED(status);//keep reason for quoting failure including UPDATE required
  362. SGX_DBGPRINT_PRINT_ANSI_STRING("quote init success");
  363. //*********************************************************************
  364. // Retrieve SIG_RL and Nonce from Intel Server.
  365. //*********************************************************************
  366. status = cpp.SendM1_ReceiveM2(*(uint32_t*)&gid, nonce, sig_rl);
  367. BREAK_IF_FAILED(status);
  368. SGX_DBGPRINT_PRINT_ANSI_STRING("send m1, receive m2 success");
  369. Helper::read_ltp_blob(pairing_blob);
  370. // Note: failure during read_ltp_blob is okay, pairing_blob will be empty and get filled in by enclave
  371. //*********************************************************************
  372. // Generate ECDSA key pair, CSR_pse, and REPORT in enclave (PSE_Pr).
  373. //*********************************************************************
  374. status = tPrepareForCertificateProvisioning(nonce, target_info, csr_pse,
  375. report, pairing_blob);
  376. BREAK_IF_FAILED(status);
  377. SGX_DBGPRINT_PRINT_ANSI_STRING("prepare for cert pv success");
  378. //*********************************************************************
  379. // Call QE to convert REPORT to name-based QUOTE using SIG_RL
  380. //*********************************************************************
  381. status = do_get_quote(report, sig_rl, quote);
  382. BREAK_IF_TRUE((AESM_AE_OUT_OF_EPC == status), status, AESM_AE_OUT_OF_EPC);
  383. BREAK_IF_FAILED_ERR(status, AESM_CP_ATTESTATION_FAILURE);
  384. SGX_DBGPRINT_PRINT_ANSI_STRING("get quote success");
  385. //*********************************************************************
  386. // Retrieve the Certificate Chain from Intel Server.
  387. //*********************************************************************
  388. status = cpp.SendM3_ReceiveM4(csr_pse, quote, certChain, *pib_wrapper);
  389. BREAK_IF_TRUE((PSE_PRS_OK != cpp.GetProtocolResponseStatus()), status, AESM_CP_ATTESTATION_FAILURE);
  390. BREAK_IF_FAILED(status);
  391. SGX_DBGPRINT_PRINT_ANSI_STRING("send m3, receive m4 success");
  392. }
  393. #endif
  394. //*********************************************************************
  395. // Save the Certificate Chain to persistent storage.
  396. //*********************************************************************
  397. status = Helper::SaveCertificateChain(certChain);
  398. BREAK_IF_FAILED(status);
  399. SGX_DBGPRINT_PRINT_ANSI_STRING("save cert success");
  400. //*********************************************************************
  401. // Save the sealed pairing blob to persistent storage.
  402. //*********************************************************************
  403. status = Helper::write_ltp_blob(pairing_blob);
  404. BREAK_IF_FAILED(status);
  405. SGX_DBGPRINT_PRINT_ANSI_STRING("write blob success");
  406. status = AE_SUCCESS;
  407. SGX_DBGPRINT_PRINT_ANSI_STRING("End of Certificate (PSE) Provisioning");
  408. } while (0);
  409. status = ConvertBackendStatus(cpp, status);
  410. return status;
  411. }
  412. //*********************************************************************
  413. // Call quoting enclave to get target info
  414. //*********************************************************************
  415. static ae_error_t do_quote_initialization
  416. (
  417. /*out */ upse::Buffer& targetInfo,
  418. /*out */ GroupId* pGID
  419. )
  420. {
  421. ae_error_t status = AE_FAILURE;
  422. do
  423. {
  424. BREAK_IF_TRUE( (NULL == pGID), status, PSE_PR_BAD_POINTER_ERROR);
  425. #ifndef FAKE_QUOTE
  426. if (AE_FAILED(targetInfo.Alloc(sizeof(sgx_target_info_t))))
  427. break;
  428. upse::BufferWriter bwTargetInfo(targetInfo);
  429. uint8_t* p;
  430. status = bwTargetInfo.reserve(sizeof(sgx_target_info_t), &p);
  431. if (AE_FAILED(status))
  432. break;
  433. sgx_target_info_t* pTargetInfo = (sgx_target_info_t*)p;
  434. aesm_error_t result;
  435. SGX_DBGPRINT_PRINT_ANSI_STRING("aesmLogic.init_quote?");
  436. result = AESMLogic::init_quote(
  437. (uint8_t*)pTargetInfo, sizeof(sgx_target_info_t),
  438. (uint8_t*)pGID, sizeof(*pGID));
  439. if (result == AESM_BUSY)
  440. {
  441. //EPID_PROVISION triggered, make sure previous EPID provision has finished
  442. ae_error_t temp_ret = wait_pve_thread();
  443. BREAK_IF_TRUE(AE_SUCCESS != temp_ret , status, PSE_PR_PCH_EPID_UNKNOWN_ERROR);
  444. //redo init_quote
  445. result = AESMLogic::init_quote(
  446. (uint8_t*)pTargetInfo, sizeof(sgx_target_info_t),
  447. (uint8_t*)pGID, sizeof(*pGID));
  448. }
  449. BREAK_IF_TRUE(AESM_UPDATE_AVAILABLE == result, status, PSW_UPDATE_REQUIRED);
  450. BREAK_IF_TRUE(AESM_OUT_OF_EPC == result, status, AESM_AE_OUT_OF_EPC);
  451. BREAK_IF_TRUE(AESM_SUCCESS != result, status, AESM_PSE_PR_INIT_QUOTE_ERROR);
  452. #else
  453. //NRG: m_tmpGID = 0;
  454. upse::Buffer m_tmpGID;
  455. if (AE_FAILED(m_tmpGID.Alloc(GID_TO_USE, sizeof(GID_TO_USE))))
  456. break;
  457. // m_tmpGID = 1244;
  458. // upse::BufferWriter(m_tmpGID).writeRaw(GID_TO_USE, sizeof(GID_TO_USE));
  459. SigmaData::SetGID(m_tmpGID);
  460. memcpy_s(pGID, sizeof(GroupId), m_tmpGID.getData(), sizeof(GroupId));
  461. if (AE_FAILED(targetInfo.Alloc(sizeof(sgx_target_info_t))))
  462. break;
  463. #endif
  464. SGX_DBGPRINT_PRINT_ANSI_STRING("aesmLogic.init_quote success");
  465. status = AE_SUCCESS;
  466. } while (0);
  467. SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
  468. return status;
  469. }
  470. //*********************************************************************
  471. // Call quoting enclave to convert report to name-based quote
  472. //*********************************************************************
  473. static ae_error_t do_get_quote
  474. (
  475. /*in */ upse::Buffer& reportBuffer,
  476. /*in */ upse::Buffer& sigRLBuffer,
  477. /*out*/ upse::Buffer& quoteBuffer
  478. )
  479. {
  480. // Call QE to convert REPORT to a name-based QUOTE
  481. ae_error_t status = AE_FAILURE;
  482. ae_error_t tmp_status = AE_SUCCESS;
  483. do
  484. {
  485. #ifndef FAKE_QUOTE
  486. uint32_t nQuote; // in - Quote buffer size
  487. sgx_report_t enclaveReport; // in
  488. sgx_quote_sign_type_t quote_type; // in
  489. sgx_spid_t spid = {{0}}; // in
  490. uint8_t* pSigRL = NULL; // in
  491. uint32_t nSigRL = 0; // in - Sig RL buffer size
  492. memset(&enclaveReport, 0, sizeof(enclaveReport));
  493. nSigRL = sigRLBuffer.getSize();
  494. if (0 != nSigRL)
  495. pSigRL = const_cast<uint8_t*>(sigRLBuffer.getData());
  496. if (SGX_SUCCESS != sgx_calc_quote_size(pSigRL, nSigRL, &nQuote))
  497. break;
  498. tmp_status = quoteBuffer.Alloc(nQuote);
  499. if (AE_FAILED(tmp_status))
  500. break;
  501. upse::BufferWriter bwQuote(quoteBuffer);
  502. uint8_t* pQuote;
  503. tmp_status = bwQuote.reserve(nQuote, &pQuote); // out
  504. if (AE_FAILED(tmp_status))
  505. break;
  506. quote_type = SGX_UNLINKABLE_SIGNATURE; // or SGX_LINKABLE_SIGNATURE
  507. // LSB16(SHA256("SGX PSE PROVISIONING SERVER"))
  508. // const char* SPID_VALUE = "SGX PSE PROVISIONING SERVER";
  509. // sgx_sha256_hash_t spid_hash;
  510. // sgx_sha256_msg((const uint8_t*)SPID_VALUE, strlen(SPID_VALUE), &spid_hash);
  511. // memcpy_s(spid.id, sizeof(spid.id), &spid_hash[0], 16);
  512. static uint8_t spid_hash[] = { 0x32, 0x81, 0xE5, 0x9E, 0xB1, 0x23, 0xFA, 0xCD,
  513. 0x56, 0xDB, 0x62, 0x1E, 0x3B, 0x37, 0xFB, 0xE2 };
  514. memcpy_s(spid.id, sizeof(spid.id), spid_hash, sizeof(spid_hash));
  515. if (reportBuffer.getSize() != sizeof(enclaveReport))
  516. break;
  517. memcpy_s(&enclaveReport, reportBuffer.getSize(), reportBuffer.getData(), reportBuffer.getSize());
  518. aesm_error_t result;
  519. result = AESMLogic::get_quote(
  520. (uint8_t*)&enclaveReport, sizeof(enclaveReport),
  521. quote_type,
  522. (uint8_t*)&spid, sizeof(spid),
  523. NULL, 0,
  524. pSigRL, nSigRL,
  525. NULL, 0,
  526. (uint8_t*)pQuote, nQuote);
  527. if (result == AESM_BUSY)
  528. {
  529. //EPID_PROVISION triggered, make sure previous EPID provision has finished
  530. ae_error_t temp_ret = wait_pve_thread();
  531. BREAK_IF_TRUE(AE_SUCCESS != temp_ret , status, PSE_PR_PCH_EPID_UNKNOWN_ERROR);
  532. //redo get_quote
  533. result = AESMLogic::get_quote(
  534. (uint8_t*)&enclaveReport, sizeof(enclaveReport),
  535. quote_type,
  536. (uint8_t*)&spid, sizeof(spid),
  537. NULL, 0,
  538. pSigRL, nSigRL,
  539. NULL, 0,
  540. (uint8_t*)pQuote, nQuote);
  541. }
  542. BREAK_IF_TRUE(AESM_OUT_OF_EPC == result, status, AESM_AE_OUT_OF_EPC);
  543. BREAK_IF_TRUE(AESM_SUCCESS != result, status, AESM_PSE_PR_GET_QUOTE_ERROR);
  544. #else
  545. const uint16_t SIGNATURE_LENGTH = 32;
  546. tmp_status = quoteBuffer.Alloc(sizeof(sgx_quote_t) + SIGNATURE_LENGTH);
  547. if (AE_FAILED(tmp_status))
  548. break;
  549. sgx_quote_t* pQuote;
  550. tmp_status = upse::BufferWriter(quoteBuffer).reserve(quoteBuffer.getSize(), (uint8_t**)&pQuote);
  551. if (AE_FAILED(tmp_status))
  552. break;
  553. uint16_t CPUSVN = 1;
  554. pQuote->version = 1;
  555. memcpy_s(pQuote->epid_group_id, sizeof(pQuote->epid_group_id), &GID_TO_USE, sizeof(GID_TO_USE));
  556. pQuote->report_body.isv_prod_id = 0x0002; //0x8086;
  557. pQuote->report_body.isv_svn = 1;
  558. memcpy_s(pQuote->report_body.cpu_svn, sizeof(pQuote->report_body.cpu_svn), &CPUSVN, sizeof(CPUSVN));
  559. const sgx_report_t* pReport = (sgx_report_t*)reportBuffer.getData();
  560. memcpy_s(pQuote->report_body.report_data, sizeof(pQuote->report_body.report_data), pReport->body.report_data, sizeof(pQuote->report_body.report_data));
  561. pQuote->signature_len = SIGNATURE_LENGTH;
  562. //NOTE: The signature is not valid when doing a FAKE_QUOTE
  563. #endif
  564. status = AE_SUCCESS;
  565. } while (0);
  566. if ((AE_FAILURE == status) && AE_FAILED(tmp_status))
  567. status = tmp_status;
  568. SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
  569. return status;
  570. }
  571. //
  572. // fwiw
  573. // hex-encoded private part
  574. //
  575. //std::string prvPibSK = "942BCC166737FCF62CBF39668C6980F42A69A6828BEAB912362FEC0E21A2A61D";
  576. ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper)
  577. {
  578. ae_error_t ae_err = AE_FAILURE;
  579. sgx_ecc_state_handle_t ecc_handle = NULL;
  580. uint8_t result = SGX_EC_INVALID_SIGNATURE;
  581. const uint32_t data_size = static_cast<uint32_t>(sizeof(piBlobWrapper.platform_info_blob) - sizeof(piBlobWrapper.platform_info_blob.signature));
  582. piBlobWrapper.valid_info_blob = false;
  583. do
  584. {
  585. sgx_ec256_public_t publicKey;
  586. sgx_ec256_signature_t signature;
  587. sgx_status_t sgx_status;
  588. //BREAK_IF_TRUE((sizeof(publicKey) != sizeof(s_pib_pub_key_big_endian)), ae_err, AE_FAILURE);
  589. //BREAK_IF_TRUE((sizeof(signature) != sizeof(piBlobWrapper.platform_info_blob.signature)), ae_err, AE_FAILURE);
  590. // convert the public key to little endian
  591. if(0!=memcpy_s(&publicKey, sizeof(publicKey), s_pib_pub_key_big_endian, sizeof(s_pib_pub_key_big_endian))){
  592. ae_err = AE_FAILURE;
  593. break;
  594. }
  595. SwapEndian_32B(((uint8_t*)&publicKey) + 0);
  596. SwapEndian_32B(((uint8_t*)&publicKey) + 32);
  597. // convert the signature to little endian
  598. if(0!=memcpy_s(&signature, sizeof(signature), &piBlobWrapper.platform_info_blob.signature, sizeof(piBlobWrapper.platform_info_blob.signature))){
  599. ae_err = AE_FAILURE;
  600. break;
  601. }
  602. SwapEndian_32B(((uint8_t*)&signature) + 0);
  603. SwapEndian_32B(((uint8_t*)&signature) + 32);
  604. sgx_status = sgx_ecc256_open_context(&ecc_handle);
  605. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);
  606. sgx_status = sgx_ecdsa_verify((uint8_t*)&piBlobWrapper.platform_info_blob, data_size, &publicKey, &signature, &result, ecc_handle);
  607. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);
  608. if (SGX_EC_VALID != result)
  609. {
  610. AESM_LOG_WARN(g_event_string_table[SGX_EVENT_PID_SIGNATURE_FAILURE]);
  611. break;
  612. }
  613. piBlobWrapper.valid_info_blob = true;
  614. ae_err = AE_SUCCESS;
  615. } while (0);
  616. if (ecc_handle != NULL) {
  617. sgx_ecc256_close_context(ecc_handle);
  618. }
  619. return ae_err;
  620. }
  621. ae_error_t generate_pse_instance_id(uint8_t* instance_id)
  622. {
  623. memset(instance_id, 0, 16);
  624. return AE_SUCCESS;
  625. }