licensing_sim.cpp 6.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "se_memcpy.h"
  32. #include "util.h"
  33. #include "uae_service_internal.h"
  34. #include "crypto_wrapper.h"
  35. /* This hard code depends on enclaveSinger private key of PvE, an Intel Generic
  36. Enclave Signing Key currently:
  37. trunk/psw/ae/common/sgx_qe_pve_private_key.pem */
  38. static const uint8_t PVE_PUBLIC_KEY[] = {
  39. 0XAB, 0X93, 0XBB, 0XF7, 0X4A, 0XA2, 0XDF, 0X51,
  40. 0X91, 0X46, 0X57, 0X93, 0X1D, 0XB0, 0XC, 0XDB,
  41. 0X24, 0X1E, 0XF4, 0X91, 0X38, 0X3F, 0X83, 0X4D,
  42. 0X71, 0XB7, 0X3D, 0X2F, 0X4E, 0X8F, 0X1D, 0X7C,
  43. 0X68, 0X4C, 0X75, 0XEF, 0X4D, 0XFE, 0X72, 0XE3,
  44. 0X42, 0X5, 0X99, 0X8D, 0X66, 0X94, 0X1D, 0XC3,
  45. 0X16, 0X24, 0XB8, 0XA6, 0XC8, 0XBB, 0X3E, 0XB7,
  46. 0X14, 0XC7, 0X9E, 0X5E, 0X50, 0X1F, 0X1, 0X34,
  47. 0X2, 0X17, 0XD7, 0X12, 0XBE, 0XA6, 0XCD, 0XD2,
  48. 0XF8, 0X58, 0XE4, 0X9B, 0XEB, 0XDC, 0X96, 0XE,
  49. 0XF1, 0XAB, 0X83, 0XD1, 0XF1, 0X43, 0XB4, 0X67,
  50. 0XC6, 0XDF, 0XC1, 0X94, 0X9F, 0X88, 0X21, 0XE7,
  51. 0X55, 0XA5, 0X18, 0X9D, 0XC3, 0X79, 0X7C, 0X26,
  52. 0XA0, 0X3B, 0X46, 0X15, 0XCF, 0X2E, 0X69, 0X81,
  53. 0X8F, 0XCD, 0XD0, 0X98, 0X37, 0X2A, 0X27, 0X1,
  54. 0XEC, 0X95, 0X2A, 0X7F, 0XE8, 0XC6, 0XCA, 0X8D,
  55. 0XCA, 0XA2, 0XCB, 0X6A, 0X37, 0XD4, 0XDC, 0X7E,
  56. 0X4F, 0XC6, 0X2A, 0XAF, 0X7B, 0X52, 0XEF, 0X93,
  57. 0X58, 0X72, 0X2A, 0XFA, 0X2, 0XEE, 0XBA, 0XC4,
  58. 0XFA, 0X52, 0XD8, 0XA2, 0XFA, 0X1, 0X83, 0XE3,
  59. 0XA6, 0X5D, 0X87, 0X60, 0XCD, 0XA, 0X62, 0X9D,
  60. 0X28, 0X8, 0X2C, 0X72, 0X36, 0XC9, 0X2E, 0XF6,
  61. 0X9F, 0X96, 0X84, 0X60, 0XE9, 0X8E, 0X72, 0XE9,
  62. 0X83, 0XD8, 0X25, 0XDD, 0X27, 0X74, 0X32, 0X26,
  63. 0XAD, 0X98, 0XB7, 0X8B, 0X6, 0X45, 0X9C, 0X75,
  64. 0X10, 0XA6, 0X2C, 0XFF, 0X60, 0X83, 0XFF, 0XE,
  65. 0XB4, 0X88, 0X20, 0X4E, 0XB2, 0X59, 0XE7, 0XEC,
  66. 0XA1, 0X5F, 0X10, 0XBF, 0X94, 0X2C, 0XF9, 0X26,
  67. 0X80, 0X64, 0X7E, 0X1F, 0XAA, 0X6E, 0X28, 0X7B,
  68. 0XC, 0XD7, 0X7E, 0XA, 0X89, 0X9D, 0X4E, 0XDB,
  69. 0XED, 0X60, 0XFF, 0X2, 0XE, 0XA7, 0XD0, 0X7C,
  70. 0X5D, 0X2, 0XDA, 0X15, 0X72, 0XD6, 0X95, 0X97,
  71. 0XF, 0X49, 0X58, 0XCA, 0XBC, 0X6D, 0X94, 0XED,
  72. 0X6, 0XE1, 0XD8, 0XC8, 0X3, 0XD3, 0X4C, 0XB5,
  73. 0X72, 0X28, 0X5E, 0X10, 0XB4, 0X6E, 0XAF, 0X4A,
  74. 0X6E, 0X81, 0X66, 0XF6, 0XED, 0XE9, 0X1E, 0X69,
  75. 0XDE, 0X9B, 0XDC, 0X33, 0X62, 0X9D, 0X2F, 0X5,
  76. 0X6A, 0X74, 0X2B, 0XCF, 0X1E, 0XDE, 0XDB, 0X32,
  77. 0X63, 0X4C, 0XE7, 0XC5, 0XDC, 0XCD, 0X31, 0X21,
  78. 0X5A, 0X5D, 0XFD, 0XDD, 0XA1, 0XBC, 0X3C, 0X40,
  79. 0X6E, 0X37, 0X51, 0XBC, 0X1, 0X5B, 0X49, 0XCA,
  80. 0XAE, 0X9B, 0X38, 0XF4, 0X74, 0X8D, 0X6B, 0X58,
  81. 0XDC, 0XDF, 0XE1, 0X68, 0X8A, 0X43, 0XB4, 0XFE,
  82. 0X98, 0X7F, 0X1D, 0X4A, 0XB0, 0X4D, 0XF5, 0X28,
  83. 0X6F, 0XBE, 0XE4, 0X93, 0X30, 0XC8, 0XDB, 0X6A,
  84. 0X1C, 0X84, 0X44, 0X18, 0X8D, 0X3F, 0XC, 0XCE,
  85. 0X50, 0X4E, 0XBE, 0XF0, 0X75, 0XE1, 0X7F, 0XBC,
  86. 0X4F, 0X4E, 0X9, 0X60, 0XF4, 0XC3, 0XFC, 0XC2
  87. };
  88. static sgx_status_t get_launch_token_internal(
  89. const enclave_css_t *p_signature,
  90. const sgx_attributes_t *p_attributes,
  91. token_t *p_token)
  92. {
  93. memset(p_token, 0xEE, sizeof(token_t));
  94. memset(&(p_token->body.reserved1), 0,
  95. sizeof(p_token->body.reserved1));
  96. memset(&(p_token->reserved2), 0,
  97. sizeof(p_token->reserved2));
  98. p_token->body.valid = 1;
  99. // In spec, lic_token.cpu_svn = 1, which 1 should be the least significate one.
  100. memset(&p_token->cpu_svn_le, 0, sizeof(p_token->cpu_svn_le));
  101. memset(&p_token->cpu_svn_le, 1, 1);
  102. p_token->isv_svn_le = 1;
  103. if(memcpy_s(&(p_token->body.attributes),
  104. sizeof(p_token->body.attributes),
  105. p_attributes,
  106. sizeof(sgx_attributes_t))){
  107. return SGX_ERROR_UNEXPECTED;
  108. }
  109. if(memcpy_s(&(p_token->body.mr_enclave),
  110. sizeof(p_token->body.mr_enclave),
  111. &(p_signature->body.enclave_hash),
  112. sizeof(p_signature->body.enclave_hash))){
  113. return SGX_ERROR_UNEXPECTED;
  114. }
  115. p_token->attributes_le.flags = SGX_FLAGS_INITTED;
  116. p_token->attributes_le.xfrm = SGX_XFRM_LEGACY;
  117. unsigned int signer_len = sizeof(p_token->body.mr_signer);
  118. sgx_status_t ret = sgx_EVP_Digest(EVP_sha256(), (const uint8_t *)&(p_signature->key.modulus),
  119. sizeof(p_signature->key.modulus),
  120. (uint8_t *)&(p_token->body.mr_signer),
  121. &signer_len);
  122. if(ret != SGX_SUCCESS && ret != SGX_ERROR_OUT_OF_MEMORY)
  123. {
  124. return SGX_ERROR_UNEXPECTED;
  125. }
  126. return ret;
  127. }
  128. sgx_status_t get_launch_token(
  129. const enclave_css_t *p_signature,
  130. const sgx_attributes_t *p_attribute,
  131. sgx_launch_token_t *p_launch_token)
  132. {
  133. if(!p_signature || !p_attribute || !p_launch_token){
  134. return SGX_ERROR_INVALID_PARAMETER;
  135. }
  136. if(((p_attribute->flags) & SGX_FLAGS_PROVISION_KEY) &&
  137. memcmp(PVE_PUBLIC_KEY, &p_signature->key.modulus,
  138. sizeof(PVE_PUBLIC_KEY)))
  139. return SGX_ERROR_SERVICE_INVALID_PRIVILEGE;
  140. return get_launch_token_internal(p_signature,
  141. p_attribute,
  142. (token_t *)p_launch_token);
  143. }