Accueil Explorer Aide
Connexion
miti
/
linux-sgx-trts-modified
1
0
Fork 0
Fichiers Tickets 0 Pull Requests 0 Wiki
Aborescence: 646b2d37ba
Branches Tags
linux-sgx-tr...
/
psw
/
ae
/
aesm_service
/
source
/
epid_provision
/
epid_provision_msg2.cpp

epid_provision_msg2.cpp 28 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597 
  1. /*
    2. 

  2.  * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  *
    8. 

  8.  *   * Redistributions of source code must retain the above copyright
    9. 

  9.  *     notice, this list of conditions and the following disclaimer.
    10. 

  10.  *   * Redistributions in binary form must reproduce the above copyright
    11. 

  11.  *     notice, this list of conditions and the following disclaimer in
    12. 

  12.  *     the documentation and/or other materials provided with the
    13. 

  13.  *     distribution.
    14. 

  14.  *   * Neither the name of Intel Corporation nor the names of its
    15. 

  15.  *     contributors may be used to endorse or promote products derived
    16. 

  16.  *     from this software without specific prior written permission.
    17. 

  17.  *
    18. 

  18.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    19. 

  19.  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    20. 

  20.  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    21. 

  21.  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    22. 

  22.  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    23. 

  23.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    24. 

  24.  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    25. 

  25.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    26. 

  26.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    27. 

  27.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    28. 

  28.  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    29. 

  29.  *
    30. 

  30.  */
    31. 

  31. 

  32. #include "type_length_value.h"
    33. 

  33. #include "epid_utility.h"
    34. 

  34. #include "aesm_xegd_blob.h"
    35. 

  35. #include "aeerror.h"
    36. 

  36. #include "PVEClass.h"
    37. 

  37. #include "PCEClass.h"
    38. 

  38. #include "aesm_rand.h"
    39. 

  39. 

  40. /**
    41. 

  41. * File: epid_provision_msg2.cpp
    42. 

  42. * Description: Provide the untrusted implementation of code to process ProvMsg2
    43. 

  43. *
    44. 

  44. * Untrusted Code for EPID Provision
    45. 

  45. */
    46. 

  46. #define MSG2_TOP_FIELDS_COUNT_WITH_SIGRL    4
    47. 

  47. #define MSG2_TOP_FIELDS_COUNT_WITHOUT_SIGRL 3
    48. 

  48. #define MSG2_TOP_FIELD_NONCE tlvs_msg2[0]
    49. 

  49. #define MSG2_TOP_FIELD_DATA  tlvs_msg2[1]
    50. 

  50. #define MSG2_TOP_FIELD_MAC   tlvs_msg2[2]
    51. 

  51. #define MSG2_TOP_FIELD_SIGRL tlvs_msg2[3]
    52. 

  52. #define MSG2_FIELD1_MAX_COUNT   6
    53. 

  53. #define MSG2_FIELD1_MIN_COUNT   4
    54. 

  54. #define MSG2_FIELD1_GROUP_CERT  tlvs_field1[0]
    55. 

  55. #define MSG2_FIELD1_NONCE       tlvs_field1[2]
    56. 

  56. #define MSG2_FIELD1_PSID        tlvs_field1[1]
    57. 

  57. #define MSG2_FIELD1_PREV_PI     tlvs_field1[alt_index+1]
    58. 

  58. #define PREV_GID_INDEX          (alt_index+2)
    59. 

  59. #define MSG2_FIELD1_PREV_GID    tlvs_field1[PREV_GID_INDEX]
    60. 

  60. #define MSG2_FIELD1_PLAT_INFO   tlvs_field1[alt_index+3]
    61. 

  61. 

  62. 

  63. //Function to verify that EPID SigRl type and version is correct for sigrl
    64. 

  64. static ae_error_t verify_sigrl_cert_type_version(const se_sig_rl_t *sigrl_cert)
    65. 

  65. {
    66. 

  66.     if(sigrl_cert->epid_identifier!=SE_EPID_SIG_RL_ID||
    67. 

  67.         sigrl_cert->protocol_version!=SE_EPID_SIG_RL_VERSION)
    68. 

  68.         return PVE_INTEGRITY_CHECK_ERROR;
    69. 

  69.     return AE_SUCCESS;
    70. 

  70. }
    71. 

  71. 

  72. static ae_error_t msg2_integrity_checking(const TLVsMsg& tlvs_msg2)
    73. 

  73. {
    74. 

  74.     uint32_t tlv_count = tlvs_msg2.get_tlv_count();
    75. 

  75.     if(tlv_count != MSG2_TOP_FIELDS_COUNT_WITH_SIGRL && tlv_count != MSG2_TOP_FIELDS_COUNT_WITHOUT_SIGRL)
    76. 

  76.         return PVE_INTEGRITY_CHECK_ERROR;
    77. 

  77.     if(MSG2_TOP_FIELD_NONCE.type != TLV_NONCE || MSG2_TOP_FIELD_NONCE.size != NONCE_SIZE || MSG2_TOP_FIELD_NONCE.version != TLV_VERSION_1)
    78. 

  78.         return PVE_INTEGRITY_CHECK_ERROR;
    79. 

  79.     if(MSG2_TOP_FIELD_NONCE.header_size != SMALL_TLV_HEADER_SIZE)//Requires NONCE to be small header size
    80. 

  80.         return PVE_INTEGRITY_CHECK_ERROR;
    81. 

  81.     if(MSG2_TOP_FIELD_DATA.type != TLV_BLOCK_CIPHER_TEXT || MSG2_TOP_FIELD_DATA.version != TLV_VERSION_1)
    82. 

  82.         return PVE_INTEGRITY_CHECK_ERROR;
    83. 

  83.     if(MSG2_TOP_FIELD_MAC.type != TLV_MESSAGE_AUTHENTICATION_CODE || MSG2_TOP_FIELD_MAC.version != TLV_VERSION_1 || MSG2_TOP_FIELD_MAC.size != MAC_SIZE)
    84. 

  84.         return PVE_INTEGRITY_CHECK_ERROR;
    85. 

  85.     if(MSG2_TOP_FIELD_MAC.header_size != SMALL_TLV_HEADER_SIZE)
    86. 

  86.         return PVE_INTEGRITY_CHECK_ERROR;
    87. 

  87.     if(tlv_count == MSG2_TOP_FIELDS_COUNT_WITH_SIGRL){
    88. 

  88.         if(MSG2_TOP_FIELD_SIGRL.type != TLV_EPID_SIG_RL || MSG2_TOP_FIELD_SIGRL.version != TLV_VERSION_1)
    89. 

  89.             return PVE_INTEGRITY_CHECK_ERROR;
    90. 

  90.         if(MSG2_TOP_FIELD_SIGRL.size < 2*SE_ECDSA_SIGN_SIZE + sizeof(se_sig_rl_t))
    91. 

  91.             return PVE_INTEGRITY_CHECK_ERROR;
    92. 

  92.         if(MSG2_TOP_FIELD_SIGRL.header_size != LARGE_TLV_HEADER_SIZE)
    93. 

  93.             return PVE_INTEGRITY_CHECK_ERROR;
    94. 

  94.         return verify_sigrl_cert_type_version(reinterpret_cast<const se_sig_rl_t *>(MSG2_TOP_FIELD_SIGRL.payload));
    95. 

  95.     }
    96. 

  96.     return AE_SUCCESS;
    97. 

  97. }
    98. 

  98. 

  99. //check the format of msg2_field1 and copy correspondent data to msg2_blob_input
    100. 

  100. static ae_error_t msg2_field1_msg_check_copy(const TLVsMsg& tlvs_field1, proc_prov_msg2_blob_input_t& msg2_blob_input, const signed_pek_t& pek)
    101. 

  101. {
    102. 

  102.     uint32_t tlv_count = tlvs_field1.get_tlv_count();
    103. 

  103.     uint32_t alt_index = 2;
    104. 

  104.     msg2_blob_input.is_previous_pi_provided = false;
    105. 

  105. 

  106.     if(tlv_count == MSG2_FIELD1_MAX_COUNT){//EPID_PSVN TLV is available
    107. 

  107.         msg2_blob_input.is_previous_pi_provided = true;
    108. 

  108.         if(MSG2_FIELD1_PREV_PI.type != TLV_PLATFORM_INFO ||
    109. 

  109.             MSG2_FIELD1_PREV_PI.size != sizeof(bk_platform_info_t)){
    110. 

  110.             return PVE_MSG_ERROR;
    111. 

  111.         }
    112. 

  112.         if(MSG2_FIELD1_PREV_PI.version != TLV_VERSION_1){
    113. 

  113.             return PVE_MSG_ERROR;
    114. 

  114.         }
    115. 

  115.         if(MSG2_FIELD1_PREV_PI.header_size != SMALL_TLV_HEADER_SIZE){
    116. 

  116.             return PVE_MSG_ERROR;
    117. 

  117.         }
    118. 

  118.         if(MSG2_FIELD1_PREV_GID.type != TLV_EPID_GID ||
    119. 

  119.             MSG2_FIELD1_PREV_GID.size != sizeof(GroupId)){
    120. 

  120.             return PVE_MSG_ERROR;
    121. 

  121.         }
    122. 

  122.         if(MSG2_FIELD1_PREV_GID.version != TLV_VERSION_1){
    123. 

  123.             return PVE_MSG_ERROR;
    124. 

  124.         }
    125. 

  125.         if(MSG2_FIELD1_PREV_GID.header_size != SMALL_TLV_HEADER_SIZE){
    126. 

  126.             return PVE_MSG_ERROR;
    127. 

  127.         }
    128. 

  128.         if(0!=memcpy_s(&msg2_blob_input.previous_gid, sizeof(msg2_blob_input.previous_gid), MSG2_FIELD1_PREV_GID.payload, MSG2_FIELD1_PREV_GID.size)){
    129. 

  129.             return PVE_UNEXPECTED_ERROR;
    130. 

  130.         }
    131. 

  131.         if(0!=memcpy_s(&msg2_blob_input.previous_pi, sizeof(msg2_blob_input.previous_pi), MSG2_FIELD1_PREV_PI.payload, MSG2_FIELD1_PREV_PI.size)){
    132. 

  132.             return PVE_UNEXPECTED_ERROR;
    133. 

  133.         }
    134. 

  134.     }else if(tlv_count!=MSG2_FIELD1_MIN_COUNT){
    135. 

  135.         return PVE_MSG_ERROR;//make sure number of TLVs are correct
    136. 

  136.     }else{
    137. 

  137.         alt_index=0;
    138. 

  138.     }
    139. 

  139. 

  140.     if(MSG2_FIELD1_GROUP_CERT.type != TLV_EPID_GROUP_CERT||
    141. 

  141.         MSG2_FIELD1_GROUP_CERT.version != TLV_VERSION_1 ||
    142. 

  142.         MSG2_FIELD1_GROUP_CERT.size != sizeof(signed_epid_group_cert_t)||
    143. 

  143.         MSG2_FIELD1_GROUP_CERT.header_size != SMALL_TLV_HEADER_SIZE)
    144. 

  144.         return PVE_MSG_ERROR;
    145. 

  145.     if(MSG2_FIELD1_PSID.type != TLV_PS_ID ||
    146. 

  146.         MSG2_FIELD1_PSID.version != TLV_VERSION_1 ||
    147. 

  147.         MSG2_FIELD1_PSID.size != sizeof(psid_t)||
    148. 

  148.         MSG2_FIELD1_PSID.header_size != SMALL_TLV_HEADER_SIZE)
    149. 

  149.         return PVE_MSG_ERROR;
    150. 

  150.     if(MSG2_FIELD1_NONCE.type != TLV_NONCE||
    151. 

  151.         MSG2_FIELD1_NONCE.version != TLV_VERSION_1 ||
    152. 

  152.         MSG2_FIELD1_NONCE.size != CHALLENGE_NONCE_SIZE||
    153. 

  153.         MSG2_FIELD1_NONCE.header_size != SMALL_TLV_HEADER_SIZE)
    154. 

  154.         return PVE_MSG_ERROR;
    155. 

  155.     if(MSG2_FIELD1_PLAT_INFO.type != TLV_PLATFORM_INFO ||
    156. 

  156.         MSG2_FIELD1_PLAT_INFO.version != TLV_VERSION_1 ||
    157. 

  157.         MSG2_FIELD1_PLAT_INFO.size != sizeof(bk_platform_info_t)||
    158. 

  158.         MSG2_FIELD1_PLAT_INFO.header_size != SMALL_TLV_HEADER_SIZE)
    159. 

  159.         return PVE_MSG_ERROR;
    160. 

  160.     sgx_sha256_hash_t psid_hash;
    161. 

  161.     ae_error_t ret = sgx_error_to_ae_error(sgx_sha256_msg(reinterpret_cast<const uint8_t *>(&pek.n), static_cast<uint32_t>(sizeof(pek.n)+sizeof(pek.e)), &psid_hash));
    162. 

  162.     if(AE_SUCCESS != ret)
    163. 

  163.         return ret;
    164. 

  164.     if(0!=memcmp(&psid_hash, MSG2_FIELD1_PSID.payload, sizeof(psid_hash)))//PSID does not match
    165. 

  165.         return PVE_MSG_ERROR;
    166. 

  166.     bk_platform_info_t *d2 = (bk_platform_info_t *)MSG2_FIELD1_PLAT_INFO.payload;
    167. 

  167. 

  168.     if(0!=memcpy_s(&msg2_blob_input.group_cert, sizeof(msg2_blob_input.group_cert), MSG2_FIELD1_GROUP_CERT.payload, MSG2_FIELD1_GROUP_CERT.size)||
    169. 

  169.         0!=memcpy_s(&msg2_blob_input.challenge_nonce, sizeof(msg2_blob_input.challenge_nonce), MSG2_FIELD1_NONCE.payload, MSG2_FIELD1_NONCE.size)||
    170. 

  170.         0!=memcpy_s(&msg2_blob_input.equiv_pi, sizeof(msg2_blob_input.equiv_pi), d2,sizeof(*d2))){
    171. 

  171.             return PVE_UNEXPECTED_ERROR;
    172. 

  172.     }
    173. 

  173.     return AE_SUCCESS;
    174. 

  174. }
    175. 

  175. 

  176. //Function to check message header of ProvMsg2 to determine whether it is valid
    177. 

  177. //@msg2_header, input the message header of ProvMsg2
    178. 

  178. //@msg2_size, size of ProvMsg2, in bytes
    179. 

  179. //@return AE_SUCCESS if the message header is valid ProvMsg2 or error code if there're any problems
    180. 

  180. static ae_error_t check_prov_msg2_header(const provision_response_header_t *msg2_header, uint32_t msg2_size)
    181. 

  181. {
    182. 

  182.     if(msg2_header->protocol != SE_EPID_PROVISIONING || msg2_header->type != TYPE_PROV_MSG2 ||
    183. 

  183.         msg2_header->version != TLV_VERSION_2){
    184. 

  184.             return PVE_INTEGRITY_CHECK_ERROR;
    185. 

  185.     }
    186. 

  186.     uint32_t size_in_header = lv_ntohl(msg2_header->size);
    187. 

  187.     if(size_in_header + PROVISION_RESPONSE_HEADER_SIZE != msg2_size)
    188. 

  188.         return PVE_INTEGRITY_CHECK_ERROR;
    189. 

  189.     return AE_SUCCESS;
    190. 

  190. }
    191. 

  191. 

  192. static uint32_t estimate_epid_sig_size(uint32_t sigrl_size)
    193. 

  193. {
    194. 

  194.     uint32_t sigrl_body_size = 0;
    195. 

  195.     uint32_t sigrl_extra_size = static_cast<uint32_t>(sizeof(se_sig_rl_t)-sizeof(SigRlEntry)+2*ECDSA_SIGN_SIZE);
    196. 

  196.     if(sigrl_size ==sigrl_extra_size || sigrl_size == 0){//sigrl_size==0 is special cases that no sigrl provided
    197. 

  197.         //Add the TLV Header size
    198. 

  198.         return static_cast<uint32_t>(sizeof(EpidSignature)-sizeof(NrProof)+MAX_TLV_HEADER_SIZE);
    199. 

  199.     }else if (sigrl_size < sigrl_extra_size){
    200. 

  200.         //Invalid sigrl size
    201. 

  201.         return 0;
    202. 

  202.     }else{
    203. 

  203.         sigrl_body_size = sigrl_size - sigrl_extra_size;
    204. 

  204.         uint64_t entry_count = sigrl_body_size/sizeof(SigRlEntry);
    205. 

  205.         uint64_t total_size = sizeof(EpidSignature)-sizeof(NrProof)+sizeof(NrProof)*entry_count+MAX_TLV_HEADER_SIZE;
    206. 

  206.         if(total_size > UINT32_MAX){
    207. 

  207.             return 0;
    208. 

  208.         }
    209. 

  209.         return static_cast<uint32_t>(total_size);
    210. 

  210.     }
    211. 

  211. }
    212. 

  212. 

  213. static ae_error_t gen_msg3_header(const gen_prov_msg3_output_t& msg3_output, const uint8_t xid[XID_SIZE], provision_request_header_t *msg3_header, uint32_t& msg3_size)
    214. 

  214. {
    215. 

  215.     msg3_header->protocol = SE_EPID_PROVISIONING;
    216. 

  216.     msg3_header->version = TLV_VERSION_2;
    217. 

  217.     msg3_header->type = TYPE_PROV_MSG3;
    218. 

  218.     size_t field1_size = 0;
    219. 

  219.     if(msg3_output.is_join_proof_generated){
    220. 

  220.         field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE)+MAC_TLV_SIZE(MAC_SIZE);
    221. 

  221.     }else{
    222. 

  222.         // BLOCK_CIPHER_TEXT_TLV_SIZE(0) is needed because IV need to be included for the following MAC tlv
    223. 

  223.         field1_size = BLOCK_CIPHER_TEXT_TLV_SIZE(0)+MAC_TLV_SIZE(MAC_SIZE);
    224. 

  224.     }
    225. 

  225.     field1_size+=NONCE_TLV_SIZE(NONCE_2_SIZE)+CIPHER_TEXT_TLV_SIZE(RSA_3072_KEY_BYTES)+SE_REPORT_TLV_SIZE();
    226. 

  226.     size_t total_body_size = NONCE_TLV_SIZE(NONCE_SIZE) + BLOCK_CIPHER_TEXT_TLV_SIZE(field1_size)+MAC_TLV_SIZE(MAC_SIZE);
    227. 

  227.     if(msg3_output.is_epid_sig_generated){
    228. 

  228.         total_body_size += BLOCK_CIPHER_TEXT_TLV_SIZE(msg3_output.epid_sig_output_size)+MAC_TLV_SIZE(MAC_SIZE);
    229. 

  229.     }
    230. 

  230.     uint32_t size_in_net = _htonl(total_body_size);
    231. 

  231.     if(0!=memcpy_s(&msg3_header->size, sizeof(msg3_header->size), &size_in_net, sizeof(size_in_net)))
    232. 

  232.         return PVE_UNEXPECTED_ERROR;//size in Big Endian in message header of ProvMsg3
    233. 

  233.     if(total_body_size>msg3_size - PROVISION_REQUEST_HEADER_SIZE ){//make sure buffer size provided by user is large enough
    234. 

  234.         return PVE_INSUFFICIENT_MEMORY_ERROR;
    235. 

  235.     }
    236. 

  236.     if(0!=memcpy_s(msg3_header->xid, sizeof(msg3_header->xid), xid, XID_SIZE))
    237. 

  237.         return PVE_UNEXPECTED_ERROR; //copy transaction id of ProvMsg2
    238. 

  238.     msg3_size = static_cast<uint32_t>(total_body_size + PROVISION_REQUEST_HEADER_SIZE);
    239. 

  239.     return AE_SUCCESS;
    240. 

  240. }
    241. 

  241. 

  242. //Function to decode ProvMsg2 and generate ProvMsg3
    243. 

  243. //@data: global structure used to store pve relative data
    244. 

  244. //@msg2: ProvMsg2
    245. 

  245. //@msg2_size: size of ProvMsg2
    246. 

  246. //@epid_blob: input an optional old epid data blob used to generate non-revoke proof if required
    247. 

  247. //@blob_size: size of the epid blob
    248. 

  248. //@msg3: output buffer for ProvMsg3
    249. 

  249. //@msg3_size: input the size of buffer msg3, in byte
    250. 

  250. //@return AE_SUCCESS on success and error code on failure
    251. 

  251. uint32_t CPVEClass::proc_prov_msg2(
    252. 

  252.         pve_data_t &data,
    253. 

  253.         const uint8_t *msg2,
    254. 

  254.         uint32_t msg2_size,
    255. 

  255.         const uint8_t *epid_blob,
    256. 

  256.         uint32_t blob_size,
    257. 

  257.         uint8_t *msg3,
    258. 

  258.         uint32_t msg3_size)
    259. 

  259. {
    260. 

  260.     ae_error_t ret = AE_SUCCESS;
    261. 

  261.     const se_sig_rl_t *sigrl = NULL;
    262. 

  262.     uint32_t sigrl_size = 0;
    263. 

  263.     uint8_t *epid_sig = NULL;
    264. 

  264.     uint8_t *decoded_msg2 = NULL;
    265. 

  265.     uint8_t *encrypted_field1 = NULL;
    266. 

  266.     sgx_status_t sgx_status;
    267. 

  267.     uint8_t aad[PROVISION_RESPONSE_HEADER_SIZE+sizeof(RLver_t)+sizeof(GroupId)];
    268. 

  268.     size_t aad_size = PROVISION_RESPONSE_HEADER_SIZE;
    269. 

  269.     const provision_response_header_t *msg2_header = reinterpret_cast<const provision_response_header_t *>(msg2);
    270. 

  270.     provision_request_header_t *msg3_header = reinterpret_cast<provision_request_header_t *>(msg3);
    271. 

  271.     if(msg2_size < PROVISION_RESPONSE_HEADER_SIZE){
    272. 

  272.         AESM_DBG_ERROR("ProvMsg2 size too small");
    273. 

  273.         return PVE_MSG_ERROR;
    274. 

  274.     }
    275. 

  275.     if (epid_blob != NULL && blob_size != SGX_TRUSTED_EPID_BLOB_SIZE_SDK){
    276. 

  276.         AESM_DBG_FATAL("epid blob size error");
    277. 

  277.         return PVE_UNEXPECTED_ERROR;
    278. 

  278.     }
    279. 

  279.     if(msg3_size <PROVISION_REQUEST_HEADER_SIZE){
    280. 

  280.         AESM_DBG_ERROR("Input ProvMsg3 buffer too small");
    281. 

  281.         return PVE_INSUFFICIENT_MEMORY_ERROR;
    282. 

  282.     }
    283. 

  283. 

  284.     ret = check_prov_msg2_header(msg2_header, msg2_size);//process message header
    285. 

  285.     if( AE_SUCCESS != ret){
    286. 

  286.         AESM_DBG_ERROR("Fail to decode ProvMsg2:(ae%d)",ret);
    287. 

  287.         return ret;
    288. 

  288.     }
    289. 

  289.     if ( 0!=memcmp(msg2_header->xid, data.xid, XID_SIZE) ){
    290. 

  290.         AESM_DBG_ERROR("unmatched xid in ProvMsg2 header");
    291. 

  291.         return AE_FAILURE;
    292. 

  292.     }
    293. 

  293.     ret = check_epid_pve_pg_status_before_mac_verification(msg2_header);
    294. 

  294.     if( AE_SUCCESS != ret){
    295. 

  295.         AESM_DBG_ERROR("Backend server reported error in ProvMsg2:(ae%d)",ret);
    296. 

  296.         return ret;
    297. 

  297.     }
    298. 

  298. 

  299.     if( 0!=memcpy_s(aad, sizeof(aad), msg2_header, PROVISION_RESPONSE_HEADER_SIZE)){
    300. 

  300.         AESM_DBG_FATAL("memcpy error");
    301. 

  301.         return PVE_UNEXPECTED_ERROR;
    302. 

  302.     }
    303. 

  303. 

  304.     do{
    305. 

  305.         TLVsMsg tlvs_msg2;
    306. 

  306.         tlv_status_t tlv_status;
    307. 

  307.         //decode TLV structure of message body
    308. 

  308.         tlv_status= tlvs_msg2.init_from_buffer(msg2+static_cast<uint32_t>(PROVISION_RESPONSE_HEADER_SIZE), msg2_size - static_cast<uint32_t>(PROVISION_RESPONSE_HEADER_SIZE));
    309. 

  309.         ret = tlv_error_2_pve_error(tlv_status);
    310. 

  310.         if(AE_SUCCESS!=ret){
    311. 

  311.             AESM_DBG_ERROR("Fail to decode ProvMsg2:(ae%d)",ret);
    312. 

  312.             break;
    313. 

  313.         }
    314. 

  314.         ret = msg2_integrity_checking(tlvs_msg2);//checking and verifying that TLV structure is correct and version is supported
    315. 

  315.         if(AE_SUCCESS!=ret){
    316. 

  316.             AESM_DBG_ERROR("ProvMsg2 integrity checking error:(ae%d)",ret);
    317. 

  317.             break;
    318. 

  318.         }
    319. 

  319.         sgx_aes_gcm_128bit_key_t ek2;
    320. 

  320.         uint8_t temp[NONCE_SIZE+XID_SIZE];
    321. 

  321.         if(0!=memcpy_s(temp, sizeof(temp), data.xid, sizeof(data.xid))||
    322. 

  322.             0!=memcpy_s(temp+XID_SIZE, sizeof(temp)-XID_SIZE, MSG2_TOP_FIELD_NONCE.payload, MSG2_TOP_FIELD_NONCE.size)){
    323. 

  323.                 AESM_DBG_ERROR("memcpy error");
    324. 

  324.                 ret = AE_FAILURE;
    325. 

  325.                 break;
    326. 

  326.         }
    327. 

  327.         se_static_assert(sizeof(sgx_cmac_128bit_key_t)==SK_SIZE);
    328. 

  328.         if((sgx_status=sgx_rijndael128_cmac_msg(reinterpret_cast<const sgx_cmac_128bit_key_t *>(data.sk),
    329. 

  329.             temp, XID_SIZE+NONCE_SIZE, &ek2))!=SGX_SUCCESS){
    330. 

  330.                 AESM_DBG_ERROR("Fail to generate ek2:(sgx 0x%x)",sgx_status);
    331. 

  331.                 ret = AE_FAILURE;
    332. 

  332.                 break;
    333. 

  333.         }
    334. 

  334. 

  335.         if(tlvs_msg2.get_tlv_count() == MSG2_TOP_FIELDS_COUNT_WITH_SIGRL){//sigrl version and gid is added as part of AAD if available
    336. 

  336.             sigrl = reinterpret_cast<const se_sig_rl_t *>(MSG2_TOP_FIELD_SIGRL.payload);
    337. 

  337.             if(0!=memcpy_s(aad+PROVISION_RESPONSE_HEADER_SIZE, sizeof(RLver_t), &sigrl->sig_rl.version, sizeof(RLver_t))){
    338. 

  338.                 AESM_DBG_FATAL("memcpy error");
    339. 

  339.                 ret = PVE_UNEXPECTED_ERROR;
    340. 

  340.                 break;
    341. 

  341.             }
    342. 

  342.             if(0!=memcpy_s(aad+PROVISION_RESPONSE_HEADER_SIZE+sizeof(RLver_t), sizeof(aad)- PROVISION_RESPONSE_HEADER_SIZE-sizeof(RLver_t), &sigrl->sig_rl.gid, sizeof(sigrl->sig_rl.gid))){
    343. 

  343.                 AESM_DBG_FATAL("memcpy error");
    344. 

  344.                 ret = PVE_UNEXPECTED_ERROR;
    345. 

  345.                 break;
    346. 

  346.             }
    347. 

  347.             aad_size += sizeof(RLver_t)+sizeof(GroupId);
    348. 

  348.             sigrl_size = MSG2_TOP_FIELD_SIGRL.size;
    349. 

  349.         }
    350. 

  350.         se_static_assert(SK_SIZE==sizeof(sgx_aes_gcm_128bit_key_t));
    351. 

  351.         tlv_msg_t field1 = block_cipher_tlv_get_encrypted_text(MSG2_TOP_FIELD_DATA);
    352. 

  352.         decoded_msg2 = static_cast<uint8_t *>(malloc(field1.msg_size));
    353. 

  353.         if(NULL == decoded_msg2){
    354. 

  354.             AESM_DBG_ERROR("malloc error");
    355. 

  355.             ret= AE_OUT_OF_MEMORY_ERROR;
    356. 

  356.             break;
    357. 

  357.         }
    358. 

  358.         //decrypt ProvMsg2 by EK2
    359. 

  359.         sgx_status = sgx_rijndael128GCM_decrypt(&ek2,
    360. 

  360.             field1.msg_buf, field1.msg_size, decoded_msg2,
    361. 

  361.             reinterpret_cast<uint8_t *>(block_cipher_tlv_get_iv(MSG2_TOP_FIELD_DATA)), IV_SIZE,
    362. 

  362.             aad, static_cast<uint32_t>(aad_size), reinterpret_cast<const sgx_aes_gcm_128bit_tag_t *>(MSG2_TOP_FIELD_MAC.payload));
    363. 

  363.         if(SGX_ERROR_MAC_MISMATCH == sgx_status){
    364. 

  364.             AESM_DBG_ERROR("Fail to decrypt ProvMsg2 body by EK2 (sgx0x%x)",sgx_status);
    365. 

  365.             ret = PVE_INTEGRITY_CHECK_ERROR;
    366. 

  366.             break;
    367. 

  367.         }
    368. 

  368.         if( AE_SUCCESS != (ret = sgx_error_to_ae_error(sgx_status))){
    369. 

  369.             AESM_DBG_ERROR("error in decrypting ProvMsg2 body:(sgx0x%x)",sgx_status);
    370. 

  370.             break;
    371. 

  371.         }
    372. 

  372. 

  373.         ret = check_epid_pve_pg_status_after_mac_verification(msg2_header);
    374. 

  374.         if(AE_SUCCESS != ret){
    375. 

  375.             AESM_DBG_ERROR("Backend server reported error in ProvMsg2 passed MAC verification:(ae%d)",ret);
    376. 

  376.             break;
    377. 

  377.         }
    378. 

  378.         TLVsMsg tlvs_field1;
    379. 

  379.         tlv_status = tlvs_field1.init_from_buffer(decoded_msg2, field1.msg_size);//decode TLV structure of field1 of ProvMsg2
    380. 

  380.         ret = tlv_error_2_pve_error(tlv_status);
    381. 

  381.         if(AE_SUCCESS!=ret){
    382. 

  382.             AESM_DBG_ERROR("Fail to decode field1 of ProvMsg2:(ae%d)",ret);
    383. 

  383.             break;
    384. 

  384.         }
    385. 

  385.         proc_prov_msg2_blob_input_t msg2_blob_input;
    386. 

  386.         memset(&msg2_blob_input, 0, sizeof(msg2_blob_input));
    387. 

  387.         ret = CPCEClass::instance().load_enclave();//Load PCE enclave now
    388. 

  388.         if( ret != AE_SUCCESS){
    389. 

  389.             AESM_DBG_ERROR("Fail to load PCE enclave:(ae%d)\n",ret);
    390. 

  390.             break;
    391. 

  391.         }
    392. 

  392.         ret = (ae_error_t)CPCEClass::instance().get_pce_target(&msg2_blob_input.pce_target_info);
    393. 

  393.         if(AE_SUCCESS != ret){
    394. 

  394.             AESM_DBG_ERROR("fail to get PCE target info:(ae%d)\n",ret);
    395. 

  395.             break;
    396. 

  396.         }
    397. 

  397.         ret = msg2_field1_msg_check_copy(tlvs_field1, msg2_blob_input, data.pek);//version/type checking to verify message format
    398. 

  398.         if( AE_SUCCESS != ret){
    399. 

  399.             AESM_DBG_ERROR("field1 of ProvMsg2 checking error:( ae%d)",ret);
    400. 

  400.             break;
    401. 

  401.         }
    402. 

  402.         gen_prov_msg3_output_t msg3_fixed_output;
    403. 

  403.         memset(&msg3_fixed_output, 0, sizeof(msg3_fixed_output));
    404. 

  404.         //collect old epid blob
    405. 

  405.         if(epid_blob==NULL){
    406. 

  406.             memset(msg2_blob_input.old_epid_data_blob, 0, SGX_TRUSTED_EPID_BLOB_SIZE_SDK);
    407. 

  407.         }else{
    408. 

  408. #ifdef DBG_LOG
    409. 

  409.             {
    410. 

  410.                 char dbg_str[256];
    411. 

  411.                 aesm_dbg_format_hex(epid_blob, blob_size, dbg_str, 256);
    412. 

  412.                 AESM_DBG_TRACE("old epid blob=%s",dbg_str);
    413. 

  413.             }
    414. 

  414. #endif
    415. 

  415.             if (0 != memcpy_s(msg2_blob_input.old_epid_data_blob, sizeof(msg2_blob_input.old_epid_data_blob), epid_blob, blob_size)){
    416. 

  416.                 AESM_DBG_FATAL("memcpy error");
    417. 

  417.                 ret = PVE_UNEXPECTED_ERROR;
    418. 

  418.                 break;
    419. 

  419.             }
    420. 

  420.         }
    421. 

  421.         if(0!=memcpy_s(&msg2_blob_input.pek,sizeof(msg2_blob_input.pek), &data.pek, sizeof(data.pek))){
    422. 

  422.             AESM_DBG_ERROR("memcpy error");
    423. 

  423.             ret = AE_FAILURE;
    424. 

  424.             break;
    425. 

  425.         }
    426. 

  426.         if (AE_SUCCESS != (ret = XEGDBlob::instance().read(msg2_blob_input.xegb))){
    427. 

  427.             AESM_DBG_ERROR("Fail to read extend epid group blob info ");
    428. 

  428.             return ret;
    429. 

  429.         }
    430. 

  430. 

  431.         uint32_t epid_sig_output_size = estimate_epid_sig_size(sigrl_size);
    432. 

  432.         //estimate_epid_sig_size(sigrl_size)=0, which means the sigrl is invalid.
    433. 

  433.         if(epid_sig_output_size == 0){
    434. 

  434.             AESM_DBG_ERROR("Invalid SIGRL size %d", sigrl_size);
    435. 

  435.             ret = PVE_MSG_ERROR;
    436. 

  436.             break;
    437. 

  437.         }
    438. 

  438.         epid_sig = static_cast<uint8_t *>(malloc(epid_sig_output_size));
    439. 

  439.         if(NULL == epid_sig){
    440. 

  440.             AESM_DBG_ERROR("malloc error");
    441. 

  441.             ret = AE_OUT_OF_MEMORY_ERROR;
    442. 

  442.             break;
    443. 

  443.         }
    444. 

  444.         ret = CPVEClass::instance().load_enclave();//Load PvE enclave now
    445. 

  445.         if( ret != AE_SUCCESS){
    446. 

  446.             AESM_DBG_ERROR("Fail to load PvE enclave:(ae%d)\n",ret);
    447. 

  447.             break;
    448. 

  448.         }
    449. 

  449.         ret = (ae_error_t)proc_prov_msg2_data(&msg2_blob_input, data.is_performance_rekey, reinterpret_cast<const uint8_t *>(sigrl), sigrl_size,
    450. 

  450.             &msg3_fixed_output, epid_sig, epid_sig_output_size);//ecall to process msg2 data and generate msg3 data in PvE
    451. 

  451.         if( PVE_EPIDBLOB_ERROR == ret){
    452. 

  452.             if(0!=memcpy_s(&data.bpi, sizeof(data.bpi), &msg2_blob_input.previous_pi, sizeof(msg2_blob_input.previous_pi))){
    453. 

  453.                 AESM_DBG_FATAL("memcpy error");
    454. 

  454.                 ret = PVE_UNEXPECTED_ERROR;
    455. 

  455.                 break;
    456. 

  456. 

  457.             }
    458. 

  458.         }
    459. 

  459.         if(AE_SUCCESS != ret){
    460. 

  460.             AESM_DBG_ERROR("PvE report error (ae%d) in processing ProvMsg2",ret);
    461. 

  461.             break;
    462. 

  462.         }
    463. 

  463.         uint8_t ecdsa_sign[64];
    464. 

  464.         psvn_t psvn;
    465. 

  465.         memset(&psvn, 0, sizeof(psvn));
    466. 

  466.         if(0!=memcpy_s(&psvn.cpu_svn,sizeof(psvn.cpu_svn), &msg2_blob_input.equiv_pi.cpu_svn, sizeof(msg2_blob_input.equiv_pi.cpu_svn))||
    467. 

  467.             0!=memcpy_s(&psvn.isv_svn, sizeof(psvn.isv_svn), &msg2_blob_input.equiv_pi.pce_svn, sizeof(msg2_blob_input.equiv_pi.pce_svn))){
    468. 

  468.                 ret = PVE_UNEXPECTED_ERROR;
    469. 

  469.                 break;
    470. 

  470.         }
    471. 

  471.         ret = CPCEClass::instance().load_enclave();//Load PCE enclave now
    472. 

  472.         if( ret != AE_SUCCESS){
    473. 

  473.             AESM_DBG_ERROR("Fail to load PCE enclave:(ae%d)\n",ret);
    474. 

  474.             break;
    475. 

  475.         }
    476. 

  476.         ret = (ae_error_t)CPCEClass::instance().sign_report(psvn, msg3_fixed_output.pwk2_report, ecdsa_sign);
    477. 

  477.         if(AE_SUCCESS != ret){
    478. 

  478.             AESM_DBG_ERROR("PCE report error (ae%d) in sign report",ret);
    479. 

  479.             break;
    480. 

  480.         }
    481. 

  481.         CPCEClass::instance().unload_enclave();
    482. 

  482.         uint8_t iv[IV_SIZE];
    483. 

  483.         uint8_t mac[MAC_SIZE];
    484. 

  484.         uint8_t *payload_data=NULL;
    485. 

  485.         uint32_t payload_size = 0;
    486. 

  486.         ret = aesm_read_rand(iv, IV_SIZE);
    487. 

  487.         if(AE_SUCCESS != ret){
    488. 

  488. 

  489.             AESM_DBG_ERROR("fail to generate random number:(ae%d)",ret);
    490. 

  490.             break;
    491. 

  491.         }
    492. 

  492.         //Now start to generate ProvMsg3
    493. 

  493.         ret = gen_msg3_header(msg3_fixed_output, data.xid, msg3_header,msg3_size);//first generate header
    494. 

  494.         if( AE_SUCCESS != ret){
    495. 

  495.             AESM_DBG_ERROR("Fail to generate ProvMsg3 Header:(ae%d)",ret);
    496. 

  496.             break;
    497. 

  497.         }
    498. 

  498.         TLVsMsg tlvs_msg3;
    499. 

  499.         tlv_status = tlvs_msg3.add_nonce(MSG2_TOP_FIELD_NONCE.payload, NONCE_SIZE);
    500. 

  500.         ret = tlv_error_2_pve_error(tlv_status);
    501. 

  501.         if(AE_SUCCESS!=ret){
    502. 

  502.             AESM_DBG_ERROR("Fail to generate Nonce TLV in ProvMsg3:(ae%d)",ret);
    503. 

  503.             break;
    504. 

  504.         }
    505. 

  505.         if(msg3_fixed_output.is_join_proof_generated){
    506. 

  506.             payload_data = msg3_fixed_output.field1_data;
    507. 

  507.             payload_size = static_cast<uint32_t>(HARD_CODED_JOIN_PROOF_WITH_ESCROW_TLV_SIZE);
    508. 

  508.         }
    509. 

  509.         TLVsMsg tlvs_m3field1;
    510. 

  510.         tlv_status = tlvs_m3field1.add_block_cipher_text(msg3_fixed_output.field1_iv, payload_data, payload_size);
    511. 

  511.         ret = tlv_error_2_pve_error(tlv_status);
    512. 

  512.         if(AE_SUCCESS != ret){
    513. 

  513.             AESM_DBG_ERROR("Fail to generate Field3.1 TLV in ProvMsg3:(ae%d)", ret);
    514. 

  514.             break;
    515. 

  515.         }
    516. 

  516.         tlv_status = tlvs_m3field1.add_mac(msg3_fixed_output.field1_mac);
    517. 

  517.         ret = tlv_error_2_pve_error(tlv_status);
    518. 

  518.         if(AE_SUCCESS != ret){
    519. 

  519.             AESM_DBG_ERROR("Fail to generate Field3.2 TLV in ProvMsg3:(ae%d)",ret);
    520. 

  520.             break;
    521. 

  521.         }
    522. 

  522.         tlv_status = tlvs_m3field1.add_nonce(msg3_fixed_output.n2, NONCE_2_SIZE);
    523. 

  523.         ret = tlv_error_2_pve_error(tlv_status);
    524. 

  524.         if(AE_SUCCESS != ret){
    525. 

  525.             AESM_DBG_ERROR("Fail to generate Field3.3 NONCE TLV  N2 in ProvMsg3:(ae %d)",ret);
    526. 

  526.             break;
    527. 

  527.         }
    528. 

  528.         tlv_status = tlvs_m3field1.add_cipher_text(msg3_fixed_output.encrypted_pwk2, RSA_3072_KEY_BYTES, PEK_3072_PUB);
    529. 

  529.         ret = tlv_error_2_pve_error(tlv_status);
    530. 

  530.         if(AE_SUCCESS != ret){
    531. 

  531.             AESM_DBG_ERROR("Fail to generate Field3.4 SE Report TLV  in ProvMsg3:(ae %d)",ret);
    532. 

  532.             break;
    533. 

  533.         }
    534. 

  534.         tlv_status = tlvs_m3field1.add_pce_report_sign(msg3_fixed_output.pwk2_report.body, ecdsa_sign);
    535. 

  535.         ret = tlv_error_2_pve_error(tlv_status);
    536. 

  536.         if(AE_SUCCESS != ret){
    537. 

  537.             AESM_DBG_ERROR("Fail to generate Field3.5 PCE Report Sign TLV  in ProvMsg3:(ae %d)",ret);
    538. 

  538.             break;
    539. 

  539.         }
    540. 

  540.         encrypted_field1 = static_cast<uint8_t *>(malloc(tlvs_m3field1.get_tlv_msg_size()));
    541. 

  541.         if( NULL == encrypted_field1){
    542. 

  542.             AESM_DBG_ERROR("malloc error");
    543. 

  543.             ret = AE_OUT_OF_MEMORY_ERROR;
    544. 

  544.             break;
    545. 

  545.         }
    546. 

  546.         //encrypt field1 using ek2 as key
    547. 

  547. 

  548.         sgx_status = sgx_rijndael128GCM_encrypt(&ek2,
    549. 

  549.             tlvs_m3field1.get_tlv_msg(), tlvs_m3field1.get_tlv_msg_size(), encrypted_field1,
    550. 

  550.             iv, IV_SIZE, reinterpret_cast<uint8_t *>(msg3_header), PROVISION_REQUEST_HEADER_SIZE,
    551. 

  551.             reinterpret_cast<sgx_aes_gcm_128bit_tag_t *>(mac));
    552. 

  552.         if(AE_SUCCESS != (ret = sgx_error_to_ae_error(sgx_status))){
    553. 

  553.             AESM_DBG_ERROR("fail to encrypt ProvMsg3 body by ek2:(sgx0x%x)",sgx_status);
    554. 

  554.             break;
    555. 

  555.         }
    556. 

  556.         tlv_status = tlvs_msg3.add_block_cipher_text(iv, encrypted_field1, tlvs_m3field1.get_tlv_msg_size());
    557. 

  557.         ret = tlv_error_2_pve_error(tlv_status);
    558. 

  558.         if(AE_SUCCESS != ret){
    559. 

  559.             AESM_DBG_ERROR("Fail to create Field1 TLV of ProvMsg3:(ae%d)",ret);
    560. 

  560.             break;
    561. 

  561.         }
    562. 

  562.         ret = tlv_error_2_pve_error(tlvs_msg3.add_mac(mac));
    563. 

  563.         if(AE_SUCCESS != ret){
    564. 

  564.             AESM_DBG_ERROR("Fail to create Field2 TLV of ProvMsg3:(ae%d)",ret);
    565. 

  565.             break;
    566. 

  566.         }
    567. 

  567.         if(msg3_fixed_output.is_epid_sig_generated){
    568. 

  568.             tlv_status = tlvs_msg3.add_block_cipher_text(msg3_fixed_output.epid_sig_iv, epid_sig, msg3_fixed_output.epid_sig_output_size);
    569. 

  569.             ret = tlv_error_2_pve_error(tlv_status);
    570. 

  570.             if(AE_SUCCESS != ret){
    571. 

  571.                 AESM_DBG_ERROR("Fail to create Field3 TLV of ProvMsg3:(ae%d)",ret);
    572. 

  572.                 break;
    573. 

  573.             }
    574. 

  574.             tlv_status = tlvs_msg3.add_mac(msg3_fixed_output.epid_sig_mac);
    575. 

  575.             ret = tlv_error_2_pve_error(tlv_status);
    576. 

  576.             if(AE_SUCCESS != ret){
    577. 

  577.                 AESM_DBG_ERROR("Fail to create Field4 TLV of ProvMsg3:(ae%d)",ret);
    578. 

  578.                 break;
    579. 

  579.             }
    580. 

  580.         }
    581. 

  581. 

  582.         assert( tlvs_msg3.get_tlv_msg_size() <= msg3_size - PROVISION_REQUEST_HEADER_SIZE);//The checking should have been done in header generation
    583. 

  583. 

  584.         if(0!=memcpy_s(msg3+PROVISION_REQUEST_HEADER_SIZE, msg3_size-PROVISION_REQUEST_HEADER_SIZE,
    585. 

  585.             tlvs_msg3.get_tlv_msg(), tlvs_msg3.get_tlv_msg_size())){
    586. 

  586.                 AESM_DBG_FATAL("memcpy error");
    587. 

  587.                 ret = PVE_UNEXPECTED_ERROR;
    588. 

  588.                 break;
    589. 

  589.         }
    590. 

  590.         AESM_DBG_TRACE("ProvMsg3 generated successfully");
    591. 

  591.         ret = AE_SUCCESS;
    592. 

  592.     }while(0);
    593. 

  593.     if(decoded_msg2)free(decoded_msg2);
    594. 

  594.     if(encrypted_field1) free(encrypted_field1);
    595. 

  595.     if(epid_sig)free(epid_sig);
    596. 

  596.     return ret;
    597. 

  597. }
    598.