aesm_ecdsa.cpp 3.4 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx_memset_s.h"
  32. #include "sgx_tcrypto.h"
  33. #include "aeerror.h"
  34. #include "tlv_common.h"
  35. #include "pek_pub_key.h"
  36. #include "peksk_pub.hh"
  37. ae_error_t aesm_check_pek_signature(const signed_pek_t& signed_pek, const extended_epid_group_blob_t& xegb)
  38. {
  39. uint8_t result = SGX_EC_INVALID_SIGNATURE;
  40. uint32_t i;
  41. sgx_status_t sgx_code;
  42. const uint8_t *p = (const uint8_t *)&xegb;
  43. for (i = 0; i < sizeof(xegb); i++){
  44. if (p[i] != 0){
  45. break;
  46. }
  47. }
  48. if (i == sizeof(xegb)){//if all bytes of xegb is 0, using hardcoded PEKSK public key
  49. sgx_code = check_pek_signature(signed_pek, (const sgx_ec256_public_t*)&g_pek_pub_key_little_endian, &result);
  50. }
  51. else{
  52. sgx_code = check_pek_signature(signed_pek, reinterpret_cast<const sgx_ec256_public_t*>(xegb.pek_sk), &result);
  53. }
  54. if(sgx_code == SGX_ERROR_OUT_OF_MEMORY)
  55. return AE_OUT_OF_MEMORY_ERROR;
  56. else if(sgx_code != SGX_SUCCESS)
  57. return AE_FAILURE; //unknown error code
  58. else if(result != SGX_EC_VALID)//sgx_code is SGX_SUCCESS
  59. return PVE_MSG_ERROR; //signature verification failed
  60. else
  61. return AE_SUCCESS;//PEK Singatue verified successfully
  62. }
  63. ae_error_t aesm_verify_xegb(const extended_epid_group_blob_t& signed_xegb)
  64. {
  65. uint8_t result = SGX_EC_INVALID_SIGNATURE;
  66. sgx_status_t sgx_code = verify_xegb(signed_xegb, &result);
  67. if (sgx_code == SGX_ERROR_INVALID_PARAMETER)
  68. return AE_INVALID_PARAMETER;
  69. else if(sgx_code == SGX_ERROR_OUT_OF_MEMORY)
  70. return AE_OUT_OF_MEMORY_ERROR;
  71. else if (sgx_code != SGX_SUCCESS)
  72. return AE_FAILURE; //unknown error code
  73. else if (result != SGX_EC_VALID)//sgx_code is SGX_SUCCESS
  74. return AE_INVALID_PARAMETER; //signature verification failed
  75. else
  76. return AE_SUCCESS;//XEGB Signature verified successfully
  77. }