Enclave1.cpp 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. // Enclave1.cpp : Defines the exported functions for the .so application
  32. #include "sgx_eid.h"
  33. #include "Enclave1_t.h"
  34. #include "EnclaveMessageExchange.h"
  35. #include "error_codes.h"
  36. #include "Utility_E1.h"
  37. #include "sgx_thread.h"
  38. #include "sgx_dh.h"
  39. #include <map>
  40. #define UNUSED(val) (void)(val)
  41. std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
  42. static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
  43. //Function pointer table containing the list of functions that the enclave exposes
  44. const struct {
  45. size_t num_funcs;
  46. const void* table[1];
  47. } func_table = {
  48. 1,
  49. {
  50. (const void*)e1_foo1_wrapper,
  51. }
  52. };
  53. //Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector)
  54. uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
  55. sgx_enclave_id_t dest_enclave_id)
  56. {
  57. ATTESTATION_STATUS ke_status = SUCCESS;
  58. dh_session_t dest_session_info;
  59. //Core reference code function for creating a session
  60. ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info);
  61. //Insert the session information into the map under the corresponding destination enclave id
  62. if(ke_status == SUCCESS)
  63. {
  64. g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
  65. }
  66. memset(&dest_session_info, 0, sizeof(dh_session_t));
  67. return ke_status;
  68. }
  69. //Makes use of the sample code function to do an enclave to enclave call (Test Vector)
  70. uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
  71. sgx_enclave_id_t dest_enclave_id)
  72. {
  73. ATTESTATION_STATUS ke_status = SUCCESS;
  74. uint32_t var1,var2;
  75. uint32_t target_fn_id, msg_type;
  76. char* marshalled_inp_buff;
  77. size_t marshalled_inp_buff_len;
  78. char* out_buff;
  79. size_t out_buff_len;
  80. dh_session_t *dest_session_info;
  81. size_t max_out_buff_size;
  82. char* retval;
  83. var1 = 0x4;
  84. var2 = 0x5;
  85. target_fn_id = 0;
  86. msg_type = ENCLAVE_TO_ENCLAVE_CALL;
  87. max_out_buff_size = 50;
  88. //Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer
  89. ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len);
  90. if(ke_status != SUCCESS)
  91. {
  92. return ke_status;
  93. }
  94. //Search the map for the session information associated with the destination enclave id of Enclave2 passed in
  95. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  96. if(it != g_src_session_info_map.end())
  97. {
  98. dest_session_info = &it->second;
  99. }
  100. else
  101. {
  102. SAFE_FREE(marshalled_inp_buff);
  103. return INVALID_SESSION;
  104. }
  105. //Core Reference Code function
  106. ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
  107. marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
  108. if(ke_status != SUCCESS)
  109. {
  110. SAFE_FREE(marshalled_inp_buff);
  111. SAFE_FREE(out_buff);
  112. return ke_status;
  113. }
  114. //Un-marshal the return value and output parameters from foo1 of Enclave 2
  115. ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval);
  116. if(ke_status != SUCCESS)
  117. {
  118. SAFE_FREE(marshalled_inp_buff);
  119. SAFE_FREE(out_buff);
  120. return ke_status;
  121. }
  122. SAFE_FREE(marshalled_inp_buff);
  123. SAFE_FREE(out_buff);
  124. SAFE_FREE(retval);
  125. return SUCCESS;
  126. }
  127. //Makes use of the sample code function to do a generic secret message exchange (Test Vector)
  128. uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
  129. sgx_enclave_id_t dest_enclave_id)
  130. {
  131. ATTESTATION_STATUS ke_status = SUCCESS;
  132. uint32_t target_fn_id, msg_type;
  133. char* marshalled_inp_buff;
  134. size_t marshalled_inp_buff_len;
  135. char* out_buff;
  136. size_t out_buff_len;
  137. dh_session_t *dest_session_info;
  138. size_t max_out_buff_size;
  139. char* secret_response;
  140. uint32_t secret_data;
  141. target_fn_id = 0;
  142. msg_type = MESSAGE_EXCHANGE;
  143. max_out_buff_size = 50;
  144. secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
  145. //Marshals the secret data into a buffer
  146. ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
  147. if(ke_status != SUCCESS)
  148. {
  149. return ke_status;
  150. }
  151. //Search the map for the session information associated with the destination enclave id passed in
  152. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  153. if(it != g_src_session_info_map.end())
  154. {
  155. dest_session_info = &it->second;
  156. }
  157. else
  158. {
  159. SAFE_FREE(marshalled_inp_buff);
  160. return INVALID_SESSION;
  161. }
  162. //Core Reference Code function
  163. ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
  164. marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
  165. if(ke_status != SUCCESS)
  166. {
  167. SAFE_FREE(marshalled_inp_buff);
  168. SAFE_FREE(out_buff);
  169. return ke_status;
  170. }
  171. //Un-marshal the secret response data
  172. ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
  173. if(ke_status != SUCCESS)
  174. {
  175. SAFE_FREE(marshalled_inp_buff);
  176. SAFE_FREE(out_buff);
  177. return ke_status;
  178. }
  179. SAFE_FREE(marshalled_inp_buff);
  180. SAFE_FREE(out_buff);
  181. SAFE_FREE(secret_response);
  182. return SUCCESS;
  183. }
  184. //Makes use of the sample code function to close a current session
  185. uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
  186. sgx_enclave_id_t dest_enclave_id)
  187. {
  188. dh_session_t dest_session_info;
  189. ATTESTATION_STATUS ke_status = SUCCESS;
  190. //Search the map for the session information associated with the destination enclave id passed in
  191. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  192. if(it != g_src_session_info_map.end())
  193. {
  194. dest_session_info = it->second;
  195. }
  196. else
  197. {
  198. return NULL;
  199. }
  200. //Core reference code function for closing a session
  201. ke_status = close_session(src_enclave_id, dest_enclave_id);
  202. //Erase the session information associated with the destination enclave id
  203. g_src_session_info_map.erase(dest_enclave_id);
  204. return ke_status;
  205. }
  206. //Function that is used to verify the trust of the other enclave
  207. //Each enclave can have its own way verifying the peer enclave identity
  208. extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
  209. {
  210. if(!peer_enclave_identity)
  211. {
  212. return INVALID_PARAMETER_ERROR;
  213. }
  214. if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
  215. // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check
  216. {
  217. return ENCLAVE_TRUST_ERROR;
  218. }
  219. else
  220. {
  221. return SUCCESS;
  222. }
  223. }
  224. //Dispatcher function that calls the approriate enclave function based on the function id
  225. //Each enclave can have its own way of dispatching the calls from other enclave
  226. extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
  227. size_t decrypted_data_length,
  228. char** resp_buffer,
  229. size_t* resp_length)
  230. {
  231. ms_in_msg_exchange_t *ms;
  232. uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
  233. if(!decrypted_data || !resp_length)
  234. {
  235. return INVALID_PARAMETER_ERROR;
  236. }
  237. ms = (ms_in_msg_exchange_t *)decrypted_data;
  238. if(ms->target_fn_id >= func_table.num_funcs)
  239. {
  240. return INVALID_PARAMETER_ERROR;
  241. }
  242. fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
  243. return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
  244. }
  245. //Operates on the input secret and generates the output secret
  246. uint32_t get_message_exchange_response(uint32_t inp_secret_data)
  247. {
  248. uint32_t secret_response;
  249. //User should use more complex encryption method to protect their secret, below is just a simple example
  250. secret_response = inp_secret_data & 0x11111111;
  251. return secret_response;
  252. }
  253. //Generates the response from the request message
  254. extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
  255. char** resp_buffer,
  256. size_t* resp_length)
  257. {
  258. ms_in_msg_exchange_t *ms;
  259. uint32_t inp_secret_data;
  260. uint32_t out_secret_data;
  261. if(!decrypted_data || !resp_length)
  262. {
  263. return INVALID_PARAMETER_ERROR;
  264. }
  265. ms = (ms_in_msg_exchange_t *)decrypted_data;
  266. if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
  267. return ATTESTATION_ERROR;
  268. out_secret_data = get_message_exchange_response(inp_secret_data);
  269. if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
  270. return MALLOC_ERROR;
  271. return SUCCESS;
  272. }
  273. static uint32_t e1_foo1(external_param_struct_t *p_struct_var)
  274. {
  275. if(!p_struct_var)
  276. {
  277. return INVALID_PARAMETER_ERROR;
  278. }
  279. (p_struct_var->var1)++;
  280. (p_struct_var->var2)++;
  281. (p_struct_var->p_internal_struct->ivar1)++;
  282. (p_struct_var->p_internal_struct->ivar2)++;
  283. return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2);
  284. }
  285. //Function which is executed on request from the source enclave
  286. static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms,
  287. size_t param_lenth,
  288. char** resp_buffer,
  289. size_t* resp_length)
  290. {
  291. UNUSED(param_lenth);
  292. uint32_t ret;
  293. size_t len_data, len_ptr_data;
  294. external_param_struct_t *p_struct_var;
  295. internal_param_struct_t internal_struct_var;
  296. if(!ms || !resp_length)
  297. {
  298. return INVALID_PARAMETER_ERROR;
  299. }
  300. p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t));
  301. if(!p_struct_var)
  302. return MALLOC_ERROR;
  303. p_struct_var->p_internal_struct = &internal_struct_var;
  304. if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack
  305. {
  306. SAFE_FREE(p_struct_var);
  307. return ATTESTATION_ERROR;
  308. }
  309. ret = e1_foo1(p_struct_var);
  310. len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct);
  311. len_ptr_data = sizeof(internal_struct_var);
  312. if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS)
  313. {
  314. SAFE_FREE(p_struct_var);
  315. return MALLOC_ERROR;
  316. }
  317. SAFE_FREE(p_struct_var);
  318. return SUCCESS;
  319. }