linux-sgx-trts-modified/psw/ae/aesm_service/source/upse/u_certificate_provisioning.cpp

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "u_certificate_provisioning.h"
#include "helper.h"

#include "CertificateProvisioningProtocol.h"

#include "sgx_quote.h"

#include <Buffer.h>
#include <cstddef>
#include <assert.h>
#include <string.h>

#include "uecall_bridge.h"

#include "aeerror.h"

#include "epid/common/types.h"

#include "provision_msg.h"
#include "qe_logic.h"
#include "aesm_logic.h"
#include "endpoint_select_info.h"
#include "pve_logic.h"

#include "sgx_tseal.h"
#include "pairing_blob.h"
#include "helper.h"
#include "PSEPRClass.h"
#include "platform_info_blob.h"

#include "oal/oal.h"
#include "se_sig_rl.h"

#include "le2be_macros.h"
#include "pibsk_pub.hh"
#include "aesm_long_lived_thread.h"
#include "sgx_sha256_128.h"

#define PSEPR_LOST_ENCLAVE_RETRY_COUNT      3

//#define FAKE_QUOTE

#ifndef FAKE_QUOTE
uint8_t GID_TO_USE[4] = { 0x00, 0x00, 0x14, 0x01 };
#else
uint8_t GID_TO_USE[4] = { 0x00, 0x00, 0x00, 0x06 };
#endif


/* hardcoded "Public" PSE Certificate */

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#if defined(NO_PROVISIONING_SERVER)

#define PUBLIC_PSE_CERT_LEN 770
static const uint8_t PUBLIC_PSE_CERT[PUBLIC_PSE_CERT_LEN] =
{
    0x30, 0x82, 0x02, 0xFE, 0x30, 0x82, 0x02, 0xA3, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x77,
    0xAC, 0xBD, 0xE3, 0xC4, 0xE3, 0x00, 0xC1, 0x19, 0x14, 0x70, 0xBF, 0x23, 0x76, 0x83, 0x90, 0x91,
    0x42, 0x3B, 0xEA, 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30,
    0x81, 0x8A, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
    0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x14, 0x30, 0x12,
    0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x0B, 0x53, 0x61, 0x6E, 0x74, 0x61, 0x20, 0x43, 0x6C, 0x61,
    0x72, 0x61, 0x31, 0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x49, 0x6E, 0x74,
    0x65, 0x6C, 0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x24,
    0x30, 0x22, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x1B, 0x45, 0x50, 0x49, 0x44, 0x20, 0x61, 0x6E,
    0x64, 0x20, 0x53, 0x49, 0x47, 0x4D, 0x41, 0x20, 0x72, 0x6F, 0x6F, 0x74, 0x20, 0x73, 0x69, 0x67,
    0x6E, 0x69, 0x6E, 0x67, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77,
    0x77, 0x77, 0x2E, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, 0x0D,
    0x31, 0x33, 0x30, 0x38, 0x31, 0x35, 0x31, 0x35, 0x34, 0x32, 0x33, 0x32, 0x5A, 0x17, 0x0D, 0x34,
    0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, 0x35, 0x39, 0x5A, 0x30, 0x81, 0xB7, 0x31,
    0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x0C, 0x02, 0x55, 0x53, 0x31, 0x0B, 0x30, 0x09,
    0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x02, 0x43, 0x41, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55,
    0x04, 0x07, 0x0C, 0x0B, 0x53, 0x61, 0x6E, 0x74, 0x61, 0x20, 0x43, 0x6C, 0x61, 0x72, 0x61, 0x31,
    0x1A, 0x30, 0x18, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x11, 0x49, 0x6E, 0x74, 0x65, 0x6C, 0x20,
    0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x37, 0x30, 0x35, 0x06,
    0x03, 0x55, 0x04, 0x0B, 0x0C, 0x2E, 0x49, 0x6E, 0x74, 0x65, 0x6C, 0x20, 0x50, 0x53, 0x45, 0x20,
    0x44, 0x37, 0x33, 0x33, 0x45, 0x35, 0x32, 0x46, 0x2D, 0x43, 0x34, 0x43, 0x34, 0x2D, 0x41, 0x43,
    0x36, 0x39, 0x2D, 0x41, 0x44, 0x41, 0x46, 0x2D, 0x31, 0x42, 0x31, 0x36, 0x45, 0x32, 0x42, 0x32,
    0x31, 0x45, 0x32, 0x36, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0D, 0x77,
    0x77, 0x77, 0x2E, 0x69, 0x6E, 0x74, 0x65, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x18, 0x30, 0x16,
    0x06, 0x0A, 0x09, 0x92, 0x26, 0x89, 0x93, 0xF2, 0x2C, 0x64, 0x01, 0x01, 0x0C, 0x08, 0x46, 0x46,
    0x46, 0x46, 0x46, 0x46, 0x46, 0x46, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE,
    0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00,
    0x04, 0x73, 0x27, 0xB9, 0x51, 0x38, 0x9A, 0x03, 0x23, 0xEC, 0xFF, 0xCA, 0xCE, 0x84, 0x51, 0x6B,
    0xB1, 0x10, 0xC1, 0x19, 0xF5, 0x11, 0xB4, 0x38, 0xAD, 0xE0, 0xAA, 0xC2, 0xFF, 0x77, 0x84, 0x49,
    0x32, 0x85, 0x9B, 0xFB, 0x21, 0x97, 0xBF, 0xA1, 0x34, 0xF7, 0x07, 0x00, 0xD3, 0xA9, 0xF5, 0x3C,
    0x8C, 0xE9, 0x9D, 0xF8, 0x62, 0xA1, 0x69, 0xA4, 0xB4, 0x06, 0xFA, 0x49, 0x91, 0x89, 0xC8, 0x6C,
    0x1C, 0xA3, 0x81, 0xB7, 0x30, 0x81, 0xB4, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01,
    0xFF, 0x04, 0x04, 0x03, 0x02, 0x06, 0xC0, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01,
    0xFF, 0x04, 0x02, 0x30, 0x00, 0x30, 0x13, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF8, 0x4D, 0x01,
    0x09, 0x02, 0x01, 0x01, 0xFF, 0x04, 0x03, 0x0A, 0x01, 0x02, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D,
    0x0E, 0x04, 0x16, 0x04, 0x14, 0xA1, 0xFF, 0x7A, 0xE1, 0xF5, 0x9D, 0x68, 0x4D, 0x84, 0x0C, 0x5A,
    0x69, 0xDA, 0xD5, 0xC2, 0x96, 0x9C, 0x32, 0x87, 0x29, 0x30, 0x3F, 0x06, 0x03, 0x55, 0x1D, 0x1F,
    0x04, 0x38, 0x30, 0x36, 0x30, 0x34, 0xA0, 0x32, 0xA0, 0x30, 0x86, 0x2E, 0x68, 0x74, 0x74, 0x70,
    0x3A, 0x2F, 0x2F, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x73, 0x2E, 0x69, 0x6E, 0x74, 0x65,
    0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x2F, 0x63, 0x6F, 0x6E, 0x74, 0x65, 0x6E, 0x74, 0x2F, 0x43, 0x52,
    0x4C, 0x2F, 0x45, 0x50, 0x49, 0x44, 0x2E, 0x63, 0x72, 0x6C, 0x30, 0x1F, 0x06, 0x03, 0x55, 0x1D,
    0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x66, 0xE0, 0x68, 0x4F, 0x57, 0x61, 0x49, 0x9B, 0x1F,
    0x7D, 0xFE, 0x55, 0x87, 0xE5, 0x54, 0xAB, 0xF8, 0x1B, 0x5B, 0xD9, 0x30, 0x0A, 0x06, 0x08, 0x2A,
    0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xCA,
    0x40, 0xA4, 0x60, 0xDA, 0xAD, 0x4E, 0x9E, 0xAE, 0xE9, 0x5D, 0xEB, 0x0D, 0x17, 0xD9, 0xE1, 0xFF,
    0xA3, 0xB4, 0x0F, 0x3D, 0xF2, 0x14, 0x1B, 0x89, 0x8F, 0x52, 0x2C, 0x4E, 0xEE, 0xFB, 0xE7, 0x02,
    0x21, 0x00, 0x9D, 0x7D, 0xEB, 0x47, 0xE9, 0xFA, 0xAF, 0x00, 0xA3, 0x68, 0xBC, 0xDF, 0x1C, 0x9E,
    0xB1, 0xA9, 0xA8, 0x7A, 0x0D, 0x90, 0xB2, 0xCC, 0x96, 0x2C, 0x31, 0x9B, 0x74, 0xE9, 0xBA, 0x17,
    0x28, 0xB6
};

#endif

//*********************************************************************
// Prototypes of static functions
//*********************************************************************

static ae_error_t do_quote_initialization
    (
    /*out */ upse::Buffer& targetInfo,
    /*out */ GroupId* pGID
    );
static ae_error_t do_get_quote
    (
    /*in */ upse::Buffer& report,
    /*in */ upse::Buffer& sigRL,
    /*out*/ upse::Buffer& quote
    );

static ae_error_t do_certificate_chain_provisioning
    (
    /*in */ const endpoint_selection_infos_t& es_info,
    /*out*/ platform_info_blob_wrapper_t* pib_wrapper
    );


ae_error_t ConvertBackendStatus(CertificateProvisioningProtocol& cpp, ae_error_t status)
{
    if (AE_FAILED(status))
    {
        if (PSE_PRS_OK != cpp.GetProtocolResponseStatus())
        {
            SGX_DBGPRINT_ONE_STRING_ONE_INT("Backend ProtocolResponseStatus", cpp.GetProtocolResponseStatus());
            switch (cpp.GetProtocolResponseStatus())
            {
            case PSE_PRS_INVALID_GID:       status = AESM_PSE_PR_BACKEND_INVALID_GID;               break;
            case PSE_PRS_GID_REVOKED:       status = AESM_PSE_PR_BACKEND_GID_REVOKED;               break;
            case PSE_PRS_INVALID_QUOTE:     status = AESM_PSE_PR_BACKEND_INVALID_QUOTE;             break;
            case PSE_PRS_INVALID_REQUEST:   status = AESM_PSE_PR_BACKEND_INVALID_REQUEST;           break;
            default:                        status = AESM_PSE_PR_BACKEND_UNKNOWN_PROTOCOL_RESPONSE; break;
            }
            AESM_DBG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE], status);
            AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE], status);
        }
        else if (GRS_OK != cpp.GetGeneralResponseStatus())
        {
            SGX_DBGPRINT_ONE_STRING_ONE_INT("Backend GeneralResponseStatus", cpp.GetGeneralResponseStatus());
            switch (cpp.GetGeneralResponseStatus())
            {
            case GRS_SERVER_BUSY:               status = AESM_PSE_PR_BACKEND_SERVER_BUSY;               break;
            case GRS_INTEGRITY_CHECK_FAIL:      status = AESM_PSE_PR_BACKEND_INTEGRITY_CHECK_FAIL;      break;
            case GRS_INCORRECT_SYNTAX:          status = AESM_PSE_PR_BACKEND_INCORRECT_SYNTAX;          break;
            case GRS_INCOMPATIBLE_VERSION:      status = PSW_UPDATE_REQUIRED;                           break;
            case GRS_TRANSACTION_STATE_LOST:    status = AESM_PSE_PR_BACKEND_TRANSACTION_STATE_LOST;    break;
            case GRS_PROTOCOL_ERROR:            status = AESM_PSE_PR_BACKEND_PROTOCOL_ERROR;            break;
            case GRS_INTERNAL_ERROR:            status = AESM_PSE_PR_BACKEND_INTERNAL_ERROR;            break;
            default:                            status = AESM_PSE_PR_BACKEND_UNKNOWN_PROTOCOL_RESPONSE; break;
            }
            AESM_DBG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_GENERAL_RESPONSE_FAILURE], status);
            AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_GENERAL_RESPONSE_FAILURE], status);
        }
        else
        {
            switch (status)
            {
            case OAL_NETWORK_UNAVAILABLE_ERROR:
                {
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_FAILURE]);
                    break;
                }
            case PSE_PAIRING_BLOB_UNSEALING_ERROR:
                {
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_LTP_BLOB_INTEGRITY_ERROR]);
                    break;
                }
            case PSE_PAIRING_BLOB_INVALID_ERROR:
                {
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_LTP_BLOB_INVALID_ERROR]);
                    break;
                }
            case AESM_PSE_PR_BACKEND_MSG4_PLATFORM_INFO_BLOB_SIZE:
                {
                    //
                    // happens if pib returned is not the right size
                    //
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_PROTOCOL_RESPONSE_FAILURE]);
                    break;
                }
            case AE_FAILURE:
                {
                    //
                    // happens if problem with proxy setting
                    //
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_CERT_PROV_FAILURE]);
                    break;
                }
            case AESM_CP_ATTESTATION_FAILURE:
                {
                    AESM_LOG_ERROR(g_event_string_table[SGX_EVENT_PSE_ATTESTATION_ERROR]);
                    break;
                }
            default:
                {
                    AESM_DBG_ERROR("Error in ConvertBackendStatus(status) : status = %d (%xh)", status, status);
                    break;
                }
            }
        }
    }

    return status;
}


//*********************************************************************
// Main engine routine for Certificate Chain Provisioning
//*********************************************************************
ae_error_t certificate_chain_provisioning(const endpoint_selection_infos_t& es_info, platform_info_blob_wrapper_t* pib_wrapper)
{
    ae_error_t status = AE_FAILURE;
    AESM_DBG_TRACE("enter fun");

    try
    {
        do
        {

            status = do_certificate_chain_provisioning(es_info, pib_wrapper);

            if (status == PSE_PR_ENCLAVE_LOST_ERROR)
            {
                //
                // went to sleep while in enclave
                // in this case (beginning of flow), we should just retry, after first destroying and then reloading
                // note that this code gets significantly more complicated if the PSE-pr ever becomes multi-threaded
                //
                for (unsigned rcount = 0; rcount < PSEPR_LOST_ENCLAVE_RETRY_COUNT; rcount++)
                {
                    CPSEPRClass::instance().unload_enclave();
                    if (0 != CPSEPRClass::instance().load_enclave())
                    {
                        status = AE_FAILURE;
                        break;
                    }
                    SaveEnclaveID(CPSEPRClass::instance().GetEID());

                    status = do_certificate_chain_provisioning(es_info, pib_wrapper);
                    if (status != PSE_PR_ENCLAVE_LOST_ERROR)
                        break;
                }
            }

            BREAK_IF_FAILED(status);

            status = AE_SUCCESS;

        } while (0);
    }
    catch (...)
    {
        status = AESM_PSE_PR_EXCEPTION;
    }

    SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);
    SGX_DBGPRINT_PRINT_ANSI_STRING("End Certificate Chain Provisioning");
    return status;
}


//*********************************************************************
// Do the certificate chain provisioning logic
//*********************************************************************
static ae_error_t do_certificate_chain_provisioning
    (
    /*in */ const endpoint_selection_infos_t& es_info,
    /*out*/ platform_info_blob_wrapper_t* pib_wrapper
    )
{
    if (NULL == pib_wrapper)
        return AESM_PSE_PR_BAD_POINTER_ERROR;

    ae_error_t status = AE_FAILURE;
    upse::Buffer target_info;

    uint32_t gid = 0;
    //    GroupId gid = {0};                  // Send to Server in M1

    upse::Buffer nonce;                 // Receive from Server in M2
    upse::Buffer sig_rl;                // Receive from Server in M2
    upse::Buffer csr_pse;               // Send to Server in M3
    upse::Buffer quote;                 // Send to Server in M3
    std::list<upse::Buffer> certChain;  // Receive from Server in M4

    upse::Buffer report;                // Received from PSE_pr
    upse::Buffer pairing_blob;          // Received from PSE_pr
    upse::Buffer ocsp_req;              // Created here from cert chain

    const char *szURL = EndpointSelectionInfo::instance().get_pse_provisioning_url(es_info);

    memset(pib_wrapper, 0, sizeof(platform_info_blob_wrapper_t));   // Receive from Server in M4

    CertificateProvisioningProtocol cpp;

    SGX_DBGPRINT_PRINT_ANSI_STRING("Begin Certificate (PSE) Provisioning");
    do
    {
        Helper::RemoveCertificateChain();
        Helper::delete_ocsp_response_vlr();

#if defined(NO_PROVISIONING_SERVER)

        {
            //*********************************************************************
            // Use hardcoded Cert.
            //*********************************************************************
            SGX_DBGPRINT_PRINT_ANSI_STRING("Using Hard Coded Cert");
            status = tPrepareForCertificateProvisioning_hardcoded_privatekey(pairing_blob);
            BREAK_IF_FAILED(status);

            /* Use the hardcoded "Public" Cert */
            upse::Buffer Cert;
            Cert.Alloc(PUBLIC_PSE_CERT_LEN);
            upse::BufferWriter bwCert(Cert);
            uint8_t* pCert;
            status = bwCert.reserve(PUBLIC_PSE_CERT_LEN, &pCert);
            BREAK_IF_FAILED(status);
            memcpy_s(pCert, PUBLIC_PSE_CERT_LEN, PUBLIC_PSE_CERT, PUBLIC_PSE_CERT_LEN);
            certChain.push_back(Cert);

        }

#else

        {

            status = cpp.init(szURL, es_info.pek);
            BREAK_IF_FAILED(status);

            //=====================================================================
            // Start: CERTIFICATE CHAIN PROVISIONING  (3.6.7.1.1.2.1)
            //=====================================================================

            //*********************************************************************
            // Retrieve GID_SE from the QE
            SGX_DBGPRINT_PRINT_ANSI_STRING("quote init?");
            //*********************************************************************
            status = do_quote_initialization(target_info, (GroupId*)&gid);
            BREAK_IF_FAILED(status);//keep reason for quoting failure including UPDATE required
            SGX_DBGPRINT_PRINT_ANSI_STRING("quote init success");

            //*********************************************************************
            // Retrieve SIG_RL and Nonce from Intel Server.
            //*********************************************************************
            status = cpp.SendM1_ReceiveM2(*(uint32_t*)&gid, nonce, sig_rl);
            BREAK_IF_FAILED(status);
            SGX_DBGPRINT_PRINT_ANSI_STRING("send m1, receive m2 success");

            Helper::read_ltp_blob(pairing_blob);
            // Note: failure during read_ltp_blob is okay, pairing_blob will be empty and get filled in by enclave

            //*********************************************************************
            // Generate ECDSA key pair, CSR_pse, and REPORT in enclave (PSE_Pr).
            //*********************************************************************
            status = tPrepareForCertificateProvisioning(nonce, target_info, csr_pse,
                report, pairing_blob);
            BREAK_IF_FAILED(status);
            SGX_DBGPRINT_PRINT_ANSI_STRING("prepare for cert pv success");

            //*********************************************************************
            // Call QE to convert REPORT to name-based QUOTE using SIG_RL
            //*********************************************************************
            status = do_get_quote(report, sig_rl, quote);
            BREAK_IF_TRUE((AESM_AE_OUT_OF_EPC == status), status, AESM_AE_OUT_OF_EPC);
            BREAK_IF_FAILED_ERR(status, AESM_CP_ATTESTATION_FAILURE);
            SGX_DBGPRINT_PRINT_ANSI_STRING("get quote success");

            //*********************************************************************
            // Retrieve the Certificate Chain from Intel Server.
            //*********************************************************************
            status = cpp.SendM3_ReceiveM4(csr_pse, quote, certChain, *pib_wrapper);
            BREAK_IF_TRUE((PSE_PRS_OK != cpp.GetProtocolResponseStatus()), status, AESM_CP_ATTESTATION_FAILURE);
            BREAK_IF_FAILED(status);
            SGX_DBGPRINT_PRINT_ANSI_STRING("send m3, receive m4 success");
        }

#endif

        //*********************************************************************
        // Save the Certificate Chain to persistent storage.
        //*********************************************************************
        status = Helper::SaveCertificateChain(certChain);
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("save cert success");

        //*********************************************************************
        // Save the sealed pairing blob to persistent storage.
        //*********************************************************************
        status = Helper::write_ltp_blob(pairing_blob);
        BREAK_IF_FAILED(status);
        SGX_DBGPRINT_PRINT_ANSI_STRING("write blob success");

        status = AE_SUCCESS;

        SGX_DBGPRINT_PRINT_ANSI_STRING("End of Certificate (PSE) Provisioning");
    } while (0);

    status = ConvertBackendStatus(cpp, status);
    return status;
}


//*********************************************************************
// Call quoting enclave to get target info
//*********************************************************************
static ae_error_t do_quote_initialization
    (
    /*out */ upse::Buffer& targetInfo,
    /*out */ GroupId* pGID
    )
{
    ae_error_t status = AE_FAILURE;


    do
    {
        BREAK_IF_TRUE( (NULL == pGID), status, PSE_PR_BAD_POINTER_ERROR);

#ifndef FAKE_QUOTE
        if (AE_FAILED(targetInfo.Alloc(sizeof(sgx_target_info_t))))
            break;
        upse::BufferWriter bwTargetInfo(targetInfo);
        uint8_t* p;
        status = bwTargetInfo.reserve(sizeof(sgx_target_info_t), &p);
        if (AE_FAILED(status))
            break;
        sgx_target_info_t* pTargetInfo = (sgx_target_info_t*)p;

        aesm_error_t result;
        SGX_DBGPRINT_PRINT_ANSI_STRING("aesmLogic.init_quote?");

        result = AESMLogic::init_quote(
            (uint8_t*)pTargetInfo, sizeof(sgx_target_info_t),
            (uint8_t*)pGID, sizeof(*pGID));
        if (result == AESM_BUSY)
        {
            //EPID_PROVISION triggered, make sure previous EPID provision has finished
            ae_error_t temp_ret = wait_pve_thread();
            BREAK_IF_TRUE(AE_SUCCESS != temp_ret , status, PSE_PR_PCH_EPID_UNKNOWN_ERROR);
            //redo init_quote
            result = AESMLogic::init_quote(
                (uint8_t*)pTargetInfo, sizeof(sgx_target_info_t),
                (uint8_t*)pGID, sizeof(*pGID));
        }
        BREAK_IF_TRUE(AESM_UPDATE_AVAILABLE == result, status, PSW_UPDATE_REQUIRED);
        BREAK_IF_TRUE(AESM_OUT_OF_EPC == result, status, AESM_AE_OUT_OF_EPC);
        BREAK_IF_TRUE(AESM_SUCCESS != result, status, AESM_PSE_PR_INIT_QUOTE_ERROR);
#else

        //NRG: m_tmpGID = 0;
        upse::Buffer m_tmpGID;
        if (AE_FAILED(m_tmpGID.Alloc(GID_TO_USE, sizeof(GID_TO_USE))))
            break;

        //      m_tmpGID = 1244;
        //      upse::BufferWriter(m_tmpGID).writeRaw(GID_TO_USE, sizeof(GID_TO_USE));
        SigmaData::SetGID(m_tmpGID);
        memcpy_s(pGID, sizeof(GroupId), m_tmpGID.getData(), sizeof(GroupId));
        if (AE_FAILED(targetInfo.Alloc(sizeof(sgx_target_info_t))))
            break;
#endif

        SGX_DBGPRINT_PRINT_ANSI_STRING("aesmLogic.init_quote success");
        status = AE_SUCCESS;

    } while (0);

    SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);

    return status;
}


//*********************************************************************
// Call quoting enclave to convert report to name-based quote
//*********************************************************************
static ae_error_t do_get_quote
    (
    /*in */ upse::Buffer& reportBuffer,
    /*in */ upse::Buffer& sigRLBuffer,
    /*out*/ upse::Buffer& quoteBuffer
    )
{
    // Call QE to convert REPORT to a name-based QUOTE
    ae_error_t status = AE_FAILURE;
    ae_error_t tmp_status = AE_SUCCESS;

    do
    {
#ifndef FAKE_QUOTE
        uint32_t nQuote;                                 // in     - Quote buffer size

        sgx_report_t enclaveReport;                      // in
        sgx_quote_sign_type_t quote_type;                // in
        sgx_spid_t spid = {{0}};                           // in
        uint8_t* pSigRL = NULL;                          // in
        uint32_t nSigRL = 0;                               // in     - Sig RL buffer size

        memset(&enclaveReport, 0, sizeof(enclaveReport));

        nSigRL = sigRLBuffer.getSize();

        if (0 != nSigRL)
            pSigRL = const_cast<uint8_t*>(sigRLBuffer.getData());

        if (SGX_SUCCESS != sgx_calc_quote_size(pSigRL, nSigRL, &nQuote))
            break;

        tmp_status = quoteBuffer.Alloc(nQuote);
        if (AE_FAILED(tmp_status))
            break;
        upse::BufferWriter bwQuote(quoteBuffer);
        uint8_t* pQuote;
        tmp_status = bwQuote.reserve(nQuote, &pQuote);      // out
        if (AE_FAILED(tmp_status))
            break;

        quote_type = SGX_UNLINKABLE_SIGNATURE; // or SGX_LINKABLE_SIGNATURE

        // LSB16(SHA256("SGX PSE PROVISIONING SERVER"))
        // const char* SPID_VALUE = "SGX PSE PROVISIONING SERVER";
        // sgx_sha256_hash_t spid_hash;
        // sgx_sha256_msg((const uint8_t*)SPID_VALUE, strlen(SPID_VALUE), &spid_hash);
        // memcpy_s(spid.id, sizeof(spid.id), &spid_hash[0], 16);
        static uint8_t spid_hash[] = { 0x32, 0x81, 0xE5, 0x9E, 0xB1, 0x23, 0xFA, 0xCD,
            0x56, 0xDB, 0x62, 0x1E, 0x3B, 0x37, 0xFB, 0xE2 };
        memcpy_s(spid.id, sizeof(spid.id), spid_hash, sizeof(spid_hash));

        if (reportBuffer.getSize() != sizeof(enclaveReport))
            break;

        memcpy_s(&enclaveReport, reportBuffer.getSize(), reportBuffer.getData(), reportBuffer.getSize());
        aesm_error_t result;
        result = AESMLogic::get_quote(
            (uint8_t*)&enclaveReport, sizeof(enclaveReport),
            quote_type,
            (uint8_t*)&spid, sizeof(spid),
            NULL, 0,
            pSigRL, nSigRL,
            NULL, 0,
            (uint8_t*)pQuote, nQuote);
        if (result == AESM_BUSY)
        {
            //EPID_PROVISION triggered, make sure previous EPID provision has finished
            ae_error_t temp_ret = wait_pve_thread();
            BREAK_IF_TRUE(AE_SUCCESS != temp_ret , status, PSE_PR_PCH_EPID_UNKNOWN_ERROR);
            //redo get_quote
            result = AESMLogic::get_quote(
                (uint8_t*)&enclaveReport, sizeof(enclaveReport),
                quote_type,
                (uint8_t*)&spid, sizeof(spid),
                NULL, 0,
                pSigRL, nSigRL,
                NULL, 0,
                (uint8_t*)pQuote, nQuote);
        }
        BREAK_IF_TRUE(AESM_OUT_OF_EPC == result, status, AESM_AE_OUT_OF_EPC);
        BREAK_IF_TRUE(AESM_SUCCESS != result, status, AESM_PSE_PR_GET_QUOTE_ERROR);
#else
        const uint16_t SIGNATURE_LENGTH = 32;

        tmp_status = quoteBuffer.Alloc(sizeof(sgx_quote_t) + SIGNATURE_LENGTH);
        if (AE_FAILED(tmp_status))
            break;

        sgx_quote_t* pQuote;
        tmp_status = upse::BufferWriter(quoteBuffer).reserve(quoteBuffer.getSize(), (uint8_t**)&pQuote);
        if (AE_FAILED(tmp_status))
            break;

        uint16_t CPUSVN = 1;
        pQuote->version = 1;
        memcpy_s(pQuote->epid_group_id, sizeof(pQuote->epid_group_id), &GID_TO_USE, sizeof(GID_TO_USE));
        pQuote->report_body.isv_prod_id = 0x0002; //0x8086;
        pQuote->report_body.isv_svn = 1;
        memcpy_s(pQuote->report_body.cpu_svn, sizeof(pQuote->report_body.cpu_svn), &CPUSVN, sizeof(CPUSVN));

        const sgx_report_t* pReport = (sgx_report_t*)reportBuffer.getData();

        memcpy_s(pQuote->report_body.report_data, sizeof(pQuote->report_body.report_data), pReport->body.report_data, sizeof(pQuote->report_body.report_data));

        pQuote->signature_len = SIGNATURE_LENGTH;

        //NOTE: The signature is not valid when doing a FAKE_QUOTE
#endif

        status = AE_SUCCESS;

    } while (0);

    if ((AE_FAILURE == status) && AE_FAILED(tmp_status))
        status = tmp_status;

    SGX_DBGPRINT_PRINT_FUNCTION_AND_RETURNVAL(__FUNCTION__, status);

    return status;
}


//
// fwiw
// hex-encoded private part
//
//std::string prvPibSK = "942BCC166737FCF62CBF39668C6980F42A69A6828BEAB912362FEC0E21A2A61D";

ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper)
{
    ae_error_t ae_err = AE_FAILURE;
    sgx_ecc_state_handle_t ecc_handle = NULL;

    uint8_t result = SGX_EC_INVALID_SIGNATURE;

    const uint32_t data_size = static_cast<uint32_t>(sizeof(piBlobWrapper.platform_info_blob) - sizeof(piBlobWrapper.platform_info_blob.signature));


    piBlobWrapper.valid_info_blob = false;
    do
    {
        sgx_ec256_public_t publicKey;
        sgx_ec256_signature_t signature;
        sgx_status_t sgx_status;

        //BREAK_IF_TRUE((sizeof(publicKey) != sizeof(s_pib_pub_key_big_endian)), ae_err, AE_FAILURE);
        //BREAK_IF_TRUE((sizeof(signature) != sizeof(piBlobWrapper.platform_info_blob.signature)), ae_err, AE_FAILURE);

        // convert the public key to little endian
        if(0!=memcpy_s(&publicKey, sizeof(publicKey), s_pib_pub_key_big_endian, sizeof(s_pib_pub_key_big_endian))){
            ae_err = AE_FAILURE;
            break;
        }
        SwapEndian_32B(((uint8_t*)&publicKey) +  0);
        SwapEndian_32B(((uint8_t*)&publicKey) + 32);

        // convert the signature to little endian
        if(0!=memcpy_s(&signature, sizeof(signature), &piBlobWrapper.platform_info_blob.signature, sizeof(piBlobWrapper.platform_info_blob.signature))){
            ae_err = AE_FAILURE;
            break;
        }
        SwapEndian_32B(((uint8_t*)&signature) +  0);
        SwapEndian_32B(((uint8_t*)&signature) + 32);

        sgx_status = sgx_ecc256_open_context(&ecc_handle);
        BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);

        sgx_status = sgx_ecdsa_verify((uint8_t*)&piBlobWrapper.platform_info_blob, data_size, &publicKey, &signature, &result, ecc_handle);
        BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);

        if (SGX_EC_VALID != result)
        {
            AESM_LOG_WARN(g_event_string_table[SGX_EVENT_PID_SIGNATURE_FAILURE]);
            break;
        }

        piBlobWrapper.valid_info_blob = true;

        ae_err = AE_SUCCESS;

    } while (0);
    if (ecc_handle != NULL) {
        sgx_ecc256_close_context(ecc_handle);
    }

    return ae_err;
}

ae_error_t generate_pse_instance_id(uint8_t* instance_id)
{
    memset(instance_id, 0, 16);
    return AE_SUCCESS;
}