sgx_get_key.cpp 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. /**
  32. * File: sgx_get_key.cpp
  33. * Description:
  34. * Wrapper for EGETKEY instruction
  35. */
  36. #include "sgx_utils.h"
  37. #include "util.h"
  38. #include <stdlib.h>
  39. #include <string.h>
  40. #include "se_memcpy.h"
  41. #include "trts_inst.h"
  42. #include "sgx_trts.h"
  43. #include "se_cdefs.h"
  44. // add a version to tservice.
  45. SGX_ACCESS_VERSION(tservice, 2)
  46. sgx_status_t sgx_get_key(const sgx_key_request_t *key_request, sgx_key_128bit_t *key)
  47. {
  48. sgx_status_t err = SGX_ERROR_UNEXPECTED;
  49. void *buffer = NULL;
  50. size_t size = 0, buf_ptr =0;
  51. sgx_key_request_t *tmp_key_request = NULL;
  52. sgx_key_128bit_t *tmp_key = NULL;
  53. egetkey_status_t egetkey_status = EGETKEY_SUCCESS;
  54. int i = 0;
  55. // check parameters
  56. //
  57. // key_request must be within the enclave
  58. if(!key_request || !sgx_is_within_enclave(key_request, sizeof(*key_request)))
  59. {
  60. err = SGX_ERROR_INVALID_PARAMETER;
  61. goto CLEANUP;
  62. }
  63. if (key_request->reserved1 != 0)
  64. {
  65. err = SGX_ERROR_INVALID_PARAMETER;
  66. goto CLEANUP;
  67. }
  68. for (i=0; i<SGX_KEY_REQUEST_RESERVED2_BYTES; ++i)
  69. {
  70. if (key_request->reserved2[i] != 0)
  71. {
  72. err = SGX_ERROR_INVALID_PARAMETER;
  73. goto CLEANUP;
  74. }
  75. }
  76. // key must be within the enclave
  77. if(!key || !sgx_is_within_enclave(key, sizeof(*key)))
  78. {
  79. err = SGX_ERROR_INVALID_PARAMETER;
  80. goto CLEANUP;
  81. }
  82. // check key_request->key_policy reserved bits
  83. if(key_request->key_policy & ~(SGX_KEYPOLICY_MRENCLAVE | SGX_KEYPOLICY_MRSIGNER))
  84. {
  85. err = SGX_ERROR_INVALID_PARAMETER;
  86. goto CLEANUP;
  87. }
  88. // allocate memory
  89. //
  90. // To minimize the effort of memory management, the two elements allocation
  91. // are combined in a single malloc. The calculation for the required size has
  92. // an assumption, that
  93. // the elements should be allocated in descending order of the alignment size.
  94. //
  95. // If the alignment requirements are changed, the allocation order needs to
  96. // change accordingly.
  97. //
  98. // Current allocation order is:
  99. // key_request -> key
  100. //
  101. // key_request: 512-byte aligned, 512-byte length
  102. // key: 16-byte aligned, 16-byte length
  103. size = ROUND_TO(sizeof(*key_request), KEY_REQUEST_ALIGN_SIZE) + ROUND_TO(sizeof(*key), KEY_ALIGN_SIZE);
  104. size += MAX(KEY_REQUEST_ALIGN_SIZE, KEY_ALIGN_SIZE) - 1;
  105. buffer = malloc(size);
  106. if(buffer == NULL)
  107. {
  108. err = SGX_ERROR_OUT_OF_MEMORY;
  109. goto CLEANUP;
  110. }
  111. memset(buffer, 0, size);
  112. buf_ptr = reinterpret_cast<size_t>(buffer);
  113. buf_ptr = ROUND_TO(buf_ptr, KEY_REQUEST_ALIGN_SIZE);
  114. tmp_key_request = reinterpret_cast<sgx_key_request_t *>(buf_ptr);
  115. buf_ptr += sizeof(*tmp_key_request);
  116. buf_ptr = ROUND_TO(buf_ptr, KEY_ALIGN_SIZE);
  117. tmp_key = reinterpret_cast<sgx_key_128bit_t *>(buf_ptr);
  118. // Copy data from user buffer to the aligned memory
  119. memcpy_s(tmp_key_request, sizeof(*tmp_key_request), key_request, sizeof(*key_request));
  120. // Do EGETKEY
  121. egetkey_status = (egetkey_status_t) do_egetkey(tmp_key_request, tmp_key);
  122. switch(egetkey_status)
  123. {
  124. case EGETKEY_SUCCESS:
  125. err = SGX_SUCCESS;
  126. break;
  127. case EGETKEY_INVALID_ATTRIBUTE:
  128. err = SGX_ERROR_INVALID_ATTRIBUTE;
  129. break;
  130. case EGETKEY_INVALID_CPUSVN:
  131. err = SGX_ERROR_INVALID_CPUSVN;
  132. break;
  133. case EGETKEY_INVALID_ISVSVN:
  134. err = SGX_ERROR_INVALID_ISVSVN;
  135. break;
  136. case EGETKEY_INVALID_KEYNAME:
  137. err = SGX_ERROR_INVALID_KEYNAME;
  138. break;
  139. default:
  140. err = SGX_ERROR_UNEXPECTED;
  141. break;
  142. }
  143. CLEANUP:
  144. if((SGX_SUCCESS != err) && (NULL != key))
  145. {
  146. // The key buffer should be filled with random number.
  147. // If sgx_read_rand returns failure, let the key buffer untouched
  148. sgx_read_rand(reinterpret_cast<uint8_t *>(key), sizeof(*key));
  149. }
  150. else if(NULL != key)
  151. {
  152. // Copy data to the user buffer
  153. memcpy_s(key, sizeof(*key), tmp_key, sizeof(*tmp_key));
  154. }
  155. // cleanup
  156. if(buffer)
  157. {
  158. memset_s(buffer, size, 0, size);
  159. free(buffer);
  160. }
  161. return err;
  162. }