miti
/
linux-sgx-trts-modified


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271
							/*
 * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */


#include <assert.h>
#include "LEClass.h"
#include "aeerror.h"
#include "arch.h"
#include "ae_ipp.h"
#include "util.h"

extern "C" sgx_status_t sgx_create_le(const char *file_name, const char *prd_css_file_name, const int debug, sgx_launch_token_t *launch_token, int *launch_token_updated, sgx_enclave_id_t *enclave_id, sgx_misc_attribute_t *misc_attr, int *production_loaded);

#include "launch_enclave_u.h"
#include "launch_enclave_u.c"

int CLEClass::white_list_register(
    const uint8_t *white_list_cert,
    uint32_t white_list_cert_size,
    bool save_to_persistent_storage)
{
    sgx_status_t ret = SGX_SUCCESS;
    int retry = 0;
    uint32_t status = 0;

    assert(m_enclave_id);

    ret = le_init_white_list_wrapper(m_enclave_id, &status,
                                       const_cast<uint8_t*>(white_list_cert),
                                       white_list_cert_size);
    for(; ret == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++)
    {
        unload_enclave();
        if(AE_SUCCESS != load_enclave_only())
            return AE_FAILURE;
        ret = le_init_white_list_wrapper(m_enclave_id, &status,
                                          const_cast<uint8_t*>(white_list_cert),
                                       white_list_cert_size);
    }

    if(SGX_SUCCESS!=ret)
        return sgx_error_to_ae_error(ret);
    AESM_DBG_TRACE("le_init_white_list_wrapper return %d",status);
    if(AE_SUCCESS == status&&save_to_persistent_storage){//successfully register the white list cert
        if(AE_SUCCESS != aesm_write_data(FT_PERSISTENT_STORAGE,AESM_WHITE_LIST_CERT_FID,white_list_cert, white_list_cert_size)){//ignore error if failed to save in persistent storage
            AESM_DBG_WARN("Fail to save white list cert in persistent storage");
        }
    }
    return status;
}


void CLEClass::load_white_cert_list()
{
    load_verified_white_cert_list();
    load_white_cert_list_to_be_verify();//If this version is older than previous one, it will not be loaded
}

ae_error_t CLEClass::load_verified_white_cert_list()
{
    ae_error_t ae_err;
    uint32_t white_cert_size=0;
    ae_err = aesm_query_data_size(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_FID, &white_cert_size);
    if(AE_SUCCESS == ae_err && white_cert_size ==0){//file not existing or 0 size
        AESM_DBG_TRACE("no white cert list available in persistent storage");
        return AE_SUCCESS;
    }
    if(AE_SUCCESS != ae_err)
        return ae_err;
    uint8_t *p = (uint8_t *)malloc(white_cert_size);
    if(NULL == p){
        AESM_DBG_ERROR("out of memory");
        return AE_OUT_OF_MEMORY_ERROR;
    }
    ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_FID, p, &white_cert_size);
    if(AE_SUCCESS != ae_err){
        AESM_DBG_WARN("Fail to read white cert list file");
        free(p);
        return ae_err;
    }
    ae_err = (ae_error_t)white_list_register(p, white_cert_size,false);//Need not save the data to file again
    if(AE_SUCCESS!=ae_err){
        AESM_DBG_WARN("fail to register white cert list file in persistent storage");
    }
    free(p);
    return ae_err;
}

//This function must be called after white list cert has been verified and the file may overwrite the original one
ae_error_t CLEClass::load_white_cert_list_to_be_verify()
{
    ae_error_t ae_err;
    uint32_t white_cert_size=0;
    ae_err = aesm_query_data_size(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, &white_cert_size);
    if(AE_SUCCESS != ae_err || white_cert_size ==0){//file not existing or 0 size
        AESM_DBG_TRACE("no white cert list to be verify in persistent storage");
        return AE_SUCCESS;
    }
    uint8_t *p = (uint8_t *)malloc(white_cert_size);
    if(NULL == p){
        AESM_DBG_ERROR("out of memory");
        return AE_OUT_OF_MEMORY_ERROR;
    }
    ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, p, &white_cert_size);
    if(AE_SUCCESS != ae_err){
        AESM_DBG_WARN("Fail to read white cert list file");
        free(p);
        return ae_err;
    }
    ae_err = (ae_error_t)white_list_register(p, white_cert_size,true);//We need to overwrite the original white list file if the file is passed
    if(AE_SUCCESS!=ae_err){
        AESM_DBG_WARN("fail to register white cert list file in persistent storage");
    }
    {//Always remove the file now. If it is not verified, the file has problem and remove it; otherwise, it has been saved as the AESM_WHITE_LIST_CERT_FID
        char white_list_to_be_verify_path_name[MAX_PATH];
        ae_err = aesm_get_pathname(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, white_list_to_be_verify_path_name, MAX_PATH);
        if(AE_SUCCESS == ae_err){
            se_delete_tfile(white_list_to_be_verify_path_name);
        }
    }
    free(p);
    return ae_err;
}

ae_error_t CLEClass::load_enclave_only()
{
    before_enclave_load();

    assert(m_enclave_id==0);
    sgx_status_t ret;
    ae_error_t ae_err;
    char prod_css_path[MAX_PATH]={0};
    char enclave_path[MAX_PATH]= {0};
    char *p_prod_css_path = prod_css_path;
    int production_le_loaded = 0;
    if((ae_err = aesm_get_pathname(FT_PERSISTENT_STORAGE, LE_PROD_SIG_STRUCT_FID, prod_css_path, MAX_PATH))!=AE_SUCCESS){
        AESM_DBG_WARN("fail to get production sig struction of LE");
        p_prod_css_path = NULL;
    }
    if((ae_err = aesm_get_pathname(FT_ENCLAVE_NAME, get_enclave_fid(), enclave_path,//get non-production signed LE pathname
        MAX_PATH))
        !=AE_SUCCESS){
        AESM_DBG_ERROR("fail to get LE pathname");
        return ae_err;
    }
    int launch_token_update;
#ifdef AESM_SIM
    UNUSED(p_prod_css_path);
    UNUSED(production_le_loaded);
    ret = sgx_create_enclave(enclave_path, get_debug_flag(), &m_launch_token,
        &launch_token_update, &m_enclave_id,
        &m_attributes);//simulation  mode has no sgx_create_le function. Use sgx_create_enclave 
    if(ret != SGX_SUCCESS){
        AESM_DBG_ERROR("Fail to load LE");
        return AE_FAILURE;
    }
    return AE_SUCCESS;
#else
    ret = sgx_create_le(enclave_path, p_prod_css_path, get_debug_flag(), &m_launch_token,
        &launch_token_update, &m_enclave_id,
        &m_attributes, &production_le_loaded);
    if (ret == SGX_ERROR_NO_DEVICE){
        AESM_DBG_ERROR("AE SERVER NOT AVAILABLE in load non-production signed LE: %s",enclave_path);
        return AE_SERVER_NOT_AVAILABLE;
    }
    if (ret != SGX_SUCCESS){
        AESM_DBG_ERROR("Loading LE failed:%d",ret);
        return AE_FAILURE;
    }else if(production_le_loaded!=0){//production signed LE loaded
        AESM_DBG_INFO("Production signed LE loaded, try loading white list now");
    }else{
        AESM_DBG_INFO("Debug signed LE loaded");
    }
    return AE_SUCCESS;
#endif
}

ae_error_t CLEClass::load_enclave()
{
    if(m_enclave_id){//LE has been loaded before
         return AE_SUCCESS;
    }
    ae_error_t ae_err = load_enclave_only();
    if( AE_SUCCESS == ae_err){
        load_white_cert_list();
    }
    return ae_err;
}

int CLEClass::get_launch_token(
    uint8_t * mrenclave, uint32_t mrenclave_size,
    uint8_t *public_key, uint32_t public_key_size,
    uint8_t *se_attributes, uint32_t se_attributes_size,
    uint8_t * lictoken, uint32_t lictoken_size
    )
{
    sgx_status_t ret = SGX_SUCCESS;
    int retry = 0;
    int status = 0;

    assert(m_enclave_id);
    sgx_measurement_t mrsigner;

    if(mrenclave_size !=sizeof(sgx_measurement_t) ||
        SE_KEY_SIZE != public_key_size ||
        se_attributes_size != sizeof(sgx_attributes_t) ||
        lictoken_size < sizeof(token_t) )
        return LE_INVALID_PARAMETER;
    //set mrsigner based on the hash of isv pub key from enclave signature
    IppStatus ipperrorCode = ippStsNoErr;
    ipperrorCode = ippsHashMessage(reinterpret_cast<const Ipp8u *>(public_key), public_key_size, reinterpret_cast<Ipp8u *>(&mrsigner), IPP_ALG_HASH_SHA256);
    if( ipperrorCode != ippStsNoErr){
        return AE_FAILURE;
    }

#ifdef DBG_LOG
    char mrsigner_info[256];
    aesm_dbg_format_hex((uint8_t *)&mrsigner, sizeof(mrsigner), mrsigner_info, 256);
    AESM_DBG_INFO("try to load Enclave with mrsigner:%s",mrsigner_info);
#endif

    //get launch token by ecall into LE
    ret = le_get_launch_token_wrapper(m_enclave_id, &status,
                                       reinterpret_cast<sgx_measurement_t*>(mrenclave),
                                       &mrsigner,
                                       reinterpret_cast<sgx_attributes_t*>(se_attributes),
                                       reinterpret_cast<token_t*>(lictoken));
    for(; ret == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++)
    {
        unload_enclave();
        if(AE_SUCCESS != load_enclave())
            return AE_FAILURE;
        ret = le_get_launch_token_wrapper(m_enclave_id, &status,
                                          reinterpret_cast<sgx_measurement_t*>(mrenclave),
                                          &mrsigner,
                                          reinterpret_cast<sgx_attributes_t*>(se_attributes),
                                          reinterpret_cast<token_t*>(lictoken));
    }

    if(SGX_SUCCESS!=ret)
        return sgx_error_to_ae_error(ret);
    return status;
}