Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
miti
/
linux-sgx-trts-modified
1
0
Fork 0
Súbory Issues 0 Pull requesty 0 Wiki
Strom: 85947caa12
Branche Tagy
linux-sgx-tr...
/
sdk
/
ec_dh_lib
/
ec_dh.cpp

ec_dh.cpp 28 KB
História Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821 
  1. /*
    2. 

  2.  * Copyright (C) 2011-2016 Intel Corporation. All rights reserved.
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that the following conditions
    6. 

  6.  * are met:
    7. 

  7.  *
    8. 

  8.  *   * Redistributions of source code must retain the above copyright
    9. 

  9.  *     notice, this list of conditions and the following disclaimer.
    10. 

  10.  *   * Redistributions in binary form must reproduce the above copyright
    11. 

  11.  *     notice, this list of conditions and the following disclaimer in
    12. 

  12.  *     the documentation and/or other materials provided with the
    13. 

  13.  *     distribution.
    14. 

  14.  *   * Neither the name of Intel Corporation nor the names of its
    15. 

  15.  *     contributors may be used to endorse or promote products derived
    16. 

  16.  *     from this software without specific prior written permission.
    17. 

  17.  *
    18. 

  18.  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
    19. 

  19.  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
    20. 

  20.  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
    21. 

  21.  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
    22. 

  22.  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
    23. 

  23.  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
    24. 

  24.  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
    25. 

  25.  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
    26. 

  26.  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
    27. 

  27.  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
    28. 

  28.  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    29. 

  29.  *
    30. 

  30.  */
    31. 

  31. 

  32. #include <limits.h>
    33. 

  33. #include "stdlib.h"
    34. 

  34. #include "string.h"
    35. 

  35. #include "sgx.h"
    36. 

  36. #include "sgx_defs.h"
    37. 

  37. #include "sgx_utils.h"
    38. 

  38. #include "sgx_ecp_types.h"
    39. 

  39. #include "sgx_key.h"
    40. 

  40. #include "sgx_report.h"
    41. 

  41. #include "sgx_attributes.h"
    42. 

  42. #include "sgx_trts.h"
    43. 

  43. #include "ecp_interface.h"
    44. 

  44. #include "sgx_dh_internal.h"
    45. 

  45. 

  46. #define NONCE_SIZE              16
    47. 

  47. #define MSG_BUF_LEN             (static_cast<uint32_t>(sizeof(sgx_ec256_public_t)*2))
    48. 

  48. #define MSG_HASH_SZ             32
    49. 

  49. 

  50. #ifndef SAFE_FREE
    51. 

  51. #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
    52. 

  52. #endif
    53. 

  53. 

  54. static sgx_status_t verify_cmac128(
    55. 

  55.     const sgx_ec_key_128bit_t mac_key,
    56. 

  56.     const uint8_t* data_buf,
    57. 

  57.     uint32_t buf_size,
    58. 

  58.     const uint8_t* mac_buf)
    59. 

  59. {
    60. 

  60.     uint8_t data_mac[SGX_CMAC_MAC_SIZE];
    61. 

  61.     sgx_status_t se_ret = SGX_SUCCESS;
    62. 

  62. 

  63.     if(!data_buf || !mac_buf || !mac_key)
    64. 

  64.     {
    65. 

  65.         return SGX_ERROR_INVALID_PARAMETER;
    66. 

  66.     }
    67. 

  67. 

  68.     se_ret = sgx_rijndael128_cmac_msg((const sgx_cmac_128bit_key_t*)mac_key,
    69. 

  69.                                       data_buf,
    70. 

  70.                                       buf_size,
    71. 

  71.                                       (sgx_cmac_128bit_tag_t *)data_mac);
    72. 

  72.     if(SGX_SUCCESS != se_ret)
    73. 

  73.     {
    74. 

  74.         return se_ret;
    75. 

  75.     }
    76. 

  76.     if(consttime_memequal(mac_buf, data_mac, SGX_CMAC_MAC_SIZE) == 0)
    77. 

  77.     {
    78. 

  78.         return SGX_ERROR_MAC_MISMATCH;
    79. 

  79.     }
    80. 

  80. 

  81.     return se_ret;
    82. 

  82. }
    83. 

  83. 

  84. static sgx_status_t dh_generate_message1(sgx_dh_msg1_t *msg1, sgx_internal_dh_session_t *context)
    85. 

  85. {
    86. 

  86.     sgx_report_t temp_report;
    87. 

  87.     sgx_report_data_t report_data = {{0}};
    88. 

  88.     sgx_target_info_t target;
    89. 

  89.     sgx_status_t se_ret;
    90. 

  90.     sgx_ecc_state_handle_t ecc_state = NULL;
    91. 

  91. 

  92.     if(!msg1 || !context)
    93. 

  93.     {
    94. 

  94.         return SGX_ERROR_INVALID_PARAMETER;
    95. 

  95.     }
    96. 

  96. 

  97.     memset(&temp_report, 0, sizeof(temp_report));
    98. 

  98.     memset(&target,      0, sizeof(target));
    99. 

  99. 

  100.     //Create Report to get target info which targeted towards the initiator of the session
    101. 

  101.     se_ret = sgx_create_report(&target, &report_data,&temp_report);
    102. 

  102.     if(se_ret != SGX_SUCCESS)
    103. 

  103.     {
    104. 

  104.         return se_ret;
    105. 

  105.     }
    106. 

  106. 

  107.     memcpy(&msg1->target.mr_enclave, 
    108. 

  108.            &temp_report.body.mr_enclave, 
    109. 

  109.            sizeof(sgx_measurement_t)); 
    110. 

  110.     memcpy(&msg1->target.attributes, 
    111. 

  111.            &temp_report.body.attributes, 
    112. 

  112.            sizeof(sgx_attributes_t));
    113. 

  113.     msg1->target.misc_select = temp_report.body.misc_select;
    114. 

  114. 

  115.     //Initialize ECC context to prepare for creating key pair
    116. 

  116.     se_ret = sgx_ecc256_open_context(&ecc_state);
    117. 

  117.     if(se_ret != SGX_SUCCESS)
    118. 

  118.     {
    119. 

  119.         return se_ret;
    120. 

  120.     }
    121. 

  121.     //Generate the public key private key pair for Session Responder
    122. 

  122.     se_ret = sgx_ecc256_create_key_pair((sgx_ec256_private_t*)&context->responder.prv_key, 
    123. 

  123.                                        (sgx_ec256_public_t*)&context->responder.pub_key, 
    124. 

  124.                                        ecc_state);
    125. 

  125.     if(se_ret != SGX_SUCCESS)
    126. 

  126.     {
    127. 

  127.          sgx_ecc256_close_context(ecc_state);
    128. 

  128.          return se_ret;
    129. 

  129.     }
    130. 

  130. 

  131.     //Copying public key to g^a
    132. 

  132.     memcpy(&msg1->g_a, 
    133. 

  133.            &context->responder.pub_key, 
    134. 

  134.            sizeof(sgx_ec256_public_t));
    135. 

  135. 

  136.     se_ret = sgx_ecc256_close_context(ecc_state);
    137. 

  137.     if(SGX_SUCCESS != se_ret)
    138. 

  138.     {
    139. 

  139.         return se_ret;
    140. 

  140.     }
    141. 

  141. 

  142.     return SGX_SUCCESS;
    143. 

  143. }
    144. 

  144. 

  145. static sgx_status_t dh_generate_message2(const sgx_dh_msg1_t *msg1,
    146. 

  146.                                       const sgx_ec256_public_t *g_b, 
    147. 

  147.                                       const sgx_key_128bit_t *dh_smk,
    148. 

  148.                                       sgx_dh_msg2_t *msg2)
    149. 

  149. {
    150. 

  150.     sgx_report_t temp_report; 
    151. 

  151.     sgx_report_data_t report_data; 
    152. 

  152. 

  153.     sgx_status_t se_ret;
    154. 

  154. 

  155.     uint8_t msg_buf[MSG_BUF_LEN] = {0};
    156. 

  156.     uint8_t msg_hash[MSG_HASH_SZ] = {0};
    157. 

  157. 

  158.     if(!msg1 || !g_b || !dh_smk || !msg2)
    159. 

  159.     {
    160. 

  160.         return SGX_ERROR_INVALID_PARAMETER;
    161. 

  161.     }
    162. 

  162. 

  163.     memset(msg2, 0, sizeof(sgx_dh_msg2_t));
    164. 

  164.     memcpy(&msg2->g_b, g_b, sizeof(sgx_ec256_public_t));
    165. 

  165. 

  166.     memcpy(msg_buf, 
    167. 

  167.            &msg1->g_a, 
    168. 

  168.            sizeof(sgx_ec256_public_t));
    169. 

  169.     memcpy(msg_buf + sizeof(sgx_ec256_public_t), 
    170. 

  170.            &msg2->g_b, 
    171. 

  171.            sizeof(sgx_ec256_public_t));
    172. 

  172. 

  173.     se_ret = sgx_sha256_msg(msg_buf, 
    174. 

  174.                             MSG_BUF_LEN, 
    175. 

  175.                             (sgx_sha256_hash_t *)msg_hash);
    176. 

  176.     if(SGX_SUCCESS != se_ret)
    177. 

  177.     {
    178. 

  178.         return se_ret;
    179. 

  179.     }
    180. 

  180. 

  181.     // Get REPORT with sha256(msg1->g_a | msg2->g_b) || kdf_id as user data
    182. 

  182.     // 2-byte little-endian KDF-ID: 0x0001 AES-CMAC Entropy Extraction and Key Derivation 
    183. 

  183.     memset(&report_data, 0, sizeof(sgx_report_data_t));
    184. 

  184.     memcpy(&report_data, &msg_hash, sizeof(msg_hash)); 
    185. 

  185. 

  186.     uint16_t *kdf_id = (uint16_t *)&report_data.d[sizeof(msg_hash)];
    187. 

  187.     *kdf_id = AES_CMAC_KDF_ID;
    188. 

  188. 

  189.     // Generate Report targeted towards Session Responder
    190. 

  190.     se_ret = sgx_create_report(&msg1->target, &report_data, &temp_report); 
    191. 

  191.     if(SGX_SUCCESS != se_ret)
    192. 

  192.     {
    193. 

  193.         return se_ret;
    194. 

  194.     }
    195. 

  195. 

  196.     memcpy(&msg2->report, &temp_report, sizeof(sgx_report_t));
    197. 

  197. 

  198.     //Calculate the MAC for Message 2
    199. 

  199.     se_ret = sgx_rijndael128_cmac_msg(dh_smk, 
    200. 

  200.                                       (uint8_t *)(&msg2->report), 
    201. 

  201.                                       sizeof(sgx_report_t), 
    202. 

  202.                                       (sgx_cmac_128bit_tag_t *)msg2->cmac);
    203. 

  203.     if(SGX_SUCCESS != se_ret)
    204. 

  204.     {
    205. 

  205.         return se_ret;
    206. 

  206.     }
    207. 

  207. 

  208.     return SGX_SUCCESS;
    209. 

  209. }
    210. 

  210. 

  211. static sgx_status_t dh_verify_message2(const sgx_dh_msg2_t *msg2, 
    212. 

  212.                                     const sgx_ec256_public_t *g_a, 
    213. 

  213.                                     const sgx_key_128bit_t *dh_smk)
    214. 

  214. {
    215. 

  215.     sgx_report_t temp_report;
    216. 

  216.     sgx_status_t se_ret;
    217. 

  217. 

  218.     uint8_t msg_buf[MSG_BUF_LEN] = {0};
    219. 

  219.     uint8_t msg_hash[MSG_HASH_SZ] = {0};
    220. 

  220. 

  221.     if(!msg2 || !g_a || !dh_smk)
    222. 

  222.     {
    223. 

  223.         return SGX_ERROR_INVALID_PARAMETER;
    224. 

  224.     }
    225. 

  225. 

  226.     /* report_data = SHA256(g_a || g_b) || kdf_id
    227. 

  227.      * Verify kdf_id first.
    228. 

  228.      * 2-byte little-endian KDF-ID: 0x0001 AES-CMAC Entropy Extraction and Key Derivation
    229. 

  229.      */
    230. 

  230.     uint16_t *kdf_id = (uint16_t *)&msg2->report.body.report_data.d[sizeof(msg_hash)];
    231. 

  231.     if (*kdf_id != AES_CMAC_KDF_ID)
    232. 

  232.     {
    233. 

  233.         return SGX_ERROR_KDF_MISMATCH;
    234. 

  234.     }
    235. 

  235. 

  236.     //Verify the MAC of message 2 obtained from the Session Initiator
    237. 

  237.     se_ret = verify_cmac128((const uint8_t*)dh_smk, (const uint8_t*)(&msg2->report), sizeof(sgx_report_t), msg2->cmac);
    238. 

  238.     if(SGX_SUCCESS != se_ret) 
    239. 

  239.     {
    240. 

  240.         return se_ret;
    241. 

  241.     }
    242. 

  242. 

  243.     memcpy(&temp_report,&msg2->report,sizeof(sgx_report_t));
    244. 

  244. 

  245.     // Verify message 2 report obtained from the Session Initiator
    246. 

  246.     se_ret = sgx_verify_report(&temp_report);
    247. 

  247.     if(SGX_SUCCESS != se_ret)
    248. 

  248.     {
    249. 

  249.         return se_ret;
    250. 

  250.     }
    251. 

  251. 

  252.     memcpy(msg_buf, g_a, sizeof(sgx_ec256_public_t));
    253. 

  253.     memcpy(msg_buf + sizeof(sgx_ec256_public_t), &msg2->g_b, sizeof(sgx_ec256_public_t));
    254. 

  254. 

  255.     se_ret = sgx_sha256_msg(msg_buf, 
    256. 

  256.                             MSG_BUF_LEN, 
    257. 

  257.                            (sgx_sha256_hash_t *)msg_hash);
    258. 

  258.     if(SGX_SUCCESS != se_ret)
    259. 

  259.     {
    260. 

  260.         return se_ret;
    261. 

  261.     }
    262. 

  262. 

  263.     // report_data = SHA256(g_a || g_b) || kdf_id
    264. 

  264.     // Verify SHA256(g_a || g_b)
    265. 

  265.     if (0 != memcmp(msg_hash, 
    266. 

  266.                     &msg2->report.body.report_data, 
    267. 

  267.                     sizeof(msg_hash)))
    268. 

  268.     {
    269. 

  269.         return SGX_ERROR_MAC_MISMATCH; 
    270. 

  270.     }
    271. 

  271. 

  272.     return SGX_SUCCESS;
    273. 

  273. }
    274. 

  274. 

  275. static sgx_status_t dh_generate_message3(const sgx_dh_msg2_t *msg2,
    276. 

  276.                                       const sgx_ec256_public_t *g_a,
    277. 

  277.                                       const sgx_key_128bit_t *dh_smk,
    278. 

  278.                                       sgx_dh_msg3_t *msg3,
    279. 

  279.                                       uint32_t msg3_additional_prop_len)
    280. 

  280. {
    281. 

  281.     sgx_report_t temp_report; 
    282. 

  282.     sgx_report_data_t report_data;
    283. 

  283.     sgx_status_t se_ret = SGX_SUCCESS;
    284. 

  284.     uint32_t maced_size;
    285. 

  285. 

  286.     uint8_t msg_buf[MSG_BUF_LEN] = {0};
    287. 

  287.     uint8_t msg_hash[MSG_HASH_SZ] = {0};
    288. 

  288. 

  289.     sgx_target_info_t target;
    290. 

  290. 

  291.     if(!msg2 || !g_a || !dh_smk || !msg3)
    292. 

  292.     {
    293. 

  293.         return SGX_ERROR_INVALID_PARAMETER;
    294. 

  294.     }
    295. 

  295. 

  296.     maced_size = static_cast<uint32_t>(sizeof(sgx_dh_msg3_body_t)) + msg3_additional_prop_len;
    297. 

  297. 

  298.     memset(msg3, 0, sizeof(sgx_dh_msg3_t)); // Don't clear the additional property since the content of the property is provided by caller.
    299. 

  299. 

  300.     memcpy(msg_buf, &msg2->g_b, sizeof(sgx_ec256_public_t));
    301. 

  301.     memcpy(msg_buf + sizeof(sgx_ec256_public_t), g_a, sizeof(sgx_ec256_public_t));
    302. 

  302. 

  303.     se_ret = sgx_sha256_msg(msg_buf, 
    304. 

  304.                             MSG_BUF_LEN, 
    305. 

  305.                             (sgx_sha256_hash_t *)msg_hash);
    306. 

  306.     if(se_ret != SGX_SUCCESS)
    307. 

  307.     {
    308. 

  308.         return se_ret;
    309. 

  309.     }
    310. 

  310. 

  311.     memset(&target, 0, sizeof(sgx_target_info_t));
    312. 

  312. 

  313.     // Get REPORT with SHA256(g_b||g_a) as user data
    314. 

  314.     memset(&report_data, 0, sizeof(sgx_report_data_t)); 
    315. 

  315.     memcpy(&report_data, &msg_hash, sizeof(msg_hash));  
    316. 

  316. 

  317.     memcpy(&target.attributes,
    318. 

  318.            &msg2->report.body.attributes,
    319. 

  319.            sizeof(sgx_attributes_t));
    320. 

  320.     memcpy(&target.mr_enclave,
    321. 

  321.            &msg2->report.body.mr_enclave,
    322. 

  322.            sizeof(sgx_measurement_t));
    323. 

  323.     target.misc_select = msg2->report.body.misc_select;
    324. 

  324. 

  325.     // Generate Report targeted towards Session Initiator
    326. 

  326.     se_ret = sgx_create_report(&target, &report_data, &temp_report); 
    327. 

  327.     if(se_ret != SGX_SUCCESS)
    328. 

  328.     {
    329. 

  329.         return se_ret;
    330. 

  330.     }
    331. 

  331. 

  332.     memcpy(&msg3->msg3_body.report, 
    333. 

  333.            &temp_report, 
    334. 

  334.            sizeof(sgx_report_t)); 
    335. 

  335. 

  336.     msg3->msg3_body.additional_prop_length = msg3_additional_prop_len;
    337. 

  337. 

  338.     //Calculate the MAC for Message 3
    339. 

  339.     se_ret = sgx_rijndael128_cmac_msg(dh_smk, 
    340. 

  340.                                       (uint8_t *)&msg3->msg3_body, 
    341. 

  341.                                       maced_size, 
    342. 

  342.                                       (sgx_cmac_128bit_tag_t *)msg3->cmac);
    343. 

  343.     if(se_ret != SGX_SUCCESS)
    344. 

  344.     {
    345. 

  345.         return se_ret;
    346. 

  346.     }
    347. 

  347. 

  348.     return SGX_SUCCESS;
    349. 

  349. }
    350. 

  350. 

  351. static sgx_status_t dh_verify_message3(const sgx_dh_msg3_t *msg3,
    352. 

  352.                                     const sgx_ec256_public_t *g_a,
    353. 

  353.                                     const sgx_ec256_public_t *g_b,
    354. 

  354.                                     const sgx_key_128bit_t *dh_smk)
    355. 

  355. {
    356. 

  356.     sgx_report_t temp_report;
    357. 

  357.     uint32_t maced_size;
    358. 

  358.     sgx_status_t se_ret;
    359. 

  359. 

  360.     uint8_t msg_buf[MSG_BUF_LEN] = {0};
    361. 

  361.     uint8_t msg_hash[MSG_HASH_SZ] = {0};
    362. 

  362. 

  363.     if(!msg3 || !g_a || !g_b || !dh_smk)
    364. 

  364.     {
    365. 

  365.         return SGX_ERROR_INVALID_PARAMETER;
    366. 

  366.     }
    367. 

  367. 

  368.     maced_size = static_cast<uint32_t>(sizeof(sgx_dh_msg3_body_t)) + msg3->msg3_body.additional_prop_length;
    369. 

  369. 

  370.     //Verify the MAC of message 3 obtained from the Session Responder
    371. 

  371.     se_ret = verify_cmac128((const uint8_t*)dh_smk, (const uint8_t*)&msg3->msg3_body, maced_size, msg3->cmac);
    372. 

  372.     if(SGX_SUCCESS != se_ret)
    373. 

  373.     {
    374. 

  374.         return se_ret;
    375. 

  375.     }
    376. 

  376. 

  377.     memcpy(&temp_report, &msg3->msg3_body.report, sizeof(sgx_report_t));
    378. 

  378. 

  379.     // Verify message 3 report
    380. 

  380.     se_ret = sgx_verify_report(&temp_report);
    381. 

  381.     if(SGX_SUCCESS != se_ret)
    382. 

  382.     {
    383. 

  383.         return se_ret;
    384. 

  384.     }
    385. 

  385. 

  386.     memcpy(msg_buf, 
    387. 

  387.            g_b, 
    388. 

  388.            sizeof(sgx_ec256_public_t));
    389. 

  389.     memcpy(msg_buf + sizeof(sgx_ec256_public_t), 
    390. 

  390.            g_a, 
    391. 

  391.            sizeof(sgx_ec256_public_t));
    392. 

  392. 

  393.     se_ret = sgx_sha256_msg(msg_buf, 
    394. 

  394.                             MSG_BUF_LEN, 
    395. 

  395.                             (sgx_sha256_hash_t *)msg_hash);
    396. 

  396.     if(SGX_SUCCESS != se_ret)
    397. 

  397.     {
    398. 

  398.         return se_ret;
    399. 

  399.     }
    400. 

  400. 

  401.     // Verify message 3 report data
    402. 

  402.     if (0 != memcmp(msg_hash, 
    403. 

  403.                     &msg3->msg3_body.report.body.report_data, 
    404. 

  404.                     sizeof(msg_hash)))
    405. 

  405.     {
    406. 

  406.         return SGX_ERROR_MAC_MISMATCH; 
    407. 

  407.     }
    408. 

  408. 

  409.     return SGX_SUCCESS;
    410. 

  410. }
    411. 

  411. 

  412. // sgx_status_t sgx_dh_init_session()
    413. 

  413. // @role indicates whether the caller is a Initiator (starting the session negotiation) or a Responder (responding to the intial session negotiation request). 
    414. 

  414. // @sgx_dh_session is the context of the session.
    415. 

  415. sgx_status_t sgx_dh_init_session(sgx_dh_session_role_t role, sgx_dh_session_t* sgx_dh_session)
    416. 

  416. {
    417. 

  417.     sgx_internal_dh_session_t* session = (sgx_internal_dh_session_t*)sgx_dh_session;
    418. 

  418. 

  419.     if(!session || 0 == sgx_is_within_enclave(session, sizeof(sgx_internal_dh_session_t)))
    420. 

  420.     {
    421. 

  421.         return SGX_ERROR_INVALID_PARAMETER;
    422. 

  422.     }
    423. 

  423. 

  424.     if(SGX_DH_SESSION_INITIATOR != role && SGX_DH_SESSION_RESPONDER != role)
    425. 

  425.     {
    426. 

  426.         return SGX_ERROR_INVALID_PARAMETER;
    427. 

  427.     }
    428. 

  428. 

  429.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    430. 

  430. 

  431.     if(SGX_DH_SESSION_INITIATOR == role)
    432. 

  432.     {
    433. 

  433.         session->initiator.state = SGX_DH_SESSION_INITIATOR_WAIT_M1;
    434. 

  434.     }
    435. 

  435.     else
    436. 

  436.     {
    437. 

  437.         session->responder.state = SGX_DH_SESSION_STATE_RESET;
    438. 

  438.     }
    439. 

  439. 

  440.     session->role = role;
    441. 

  441. 

  442.     return SGX_SUCCESS;
    443. 

  443. }
    444. 

  444. 

  445. 

  446. // Function sgx_dh_responder_gen_msg1 generates M1 message and makes update to the context of the session.
    447. 

  447. sgx_status_t sgx_dh_responder_gen_msg1(sgx_dh_msg1_t* msg1, sgx_dh_session_t* sgx_dh_session)
    448. 

  448. {
    449. 

  449.     sgx_status_t se_ret;
    450. 

  450.     sgx_internal_dh_session_t* session = (sgx_internal_dh_session_t*)sgx_dh_session;
    451. 

  451. 

  452.     // validate session
    453. 

  453.     if(!session || 
    454. 

  454.         0 == sgx_is_within_enclave(session, sizeof(sgx_internal_dh_session_t))) // session must be in enclave
    455. 

  455.     {
    456. 

  456.         return SGX_ERROR_INVALID_PARAMETER;
    457. 

  457.     }
    458. 

  458. 

  459.     if(!msg1 ||
    460. 

  460.        0 == sgx_is_within_enclave(msg1, sizeof(sgx_dh_msg1_t)) ||
    461. 

  461.        SGX_DH_SESSION_RESPONDER != session->role)
    462. 

  462.     {
    463. 

  463.         se_ret = SGX_ERROR_INVALID_PARAMETER;
    464. 

  464.         goto error;
    465. 

  465.     }
    466. 

  466. 

  467.     if(SGX_DH_SESSION_STATE_RESET != session->responder.state)
    468. 

  468.     {
    469. 

  469.         se_ret = SGX_ERROR_INVALID_STATE;
    470. 

  470.         goto error;
    471. 

  471.     }
    472. 

  472. 

  473.     se_ret = dh_generate_message1(msg1, session);
    474. 

  474.     if(SGX_SUCCESS != se_ret)
    475. 

  475.     {
    476. 

  476.         // return selected error to upper layer
    477. 

  477.         INTERNAL_SGX_ERROR_CODE_CONVERTOR(se_ret)
    478. 

  478.         goto error;
    479. 

  479.     }
    480. 

  480. 

  481.     session->responder.state = SGX_DH_SESSION_RESPONDER_WAIT_M2;
    482. 

  482. 

  483.     return SGX_SUCCESS;
    484. 

  484. error:
    485. 

  485.     // clear session
    486. 

  486.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    487. 

  487.     session->responder.state = SGX_DH_SESSION_STATE_ERROR;
    488. 

  488.     return se_ret;
    489. 

  489. }
    490. 

  490. 

  491. //sgx_dh_initiator_proc_msg1 processes M1 message, generates M2 message and makes update to the context of the session.
    492. 

  492. sgx_status_t sgx_dh_initiator_proc_msg1(const sgx_dh_msg1_t* msg1, sgx_dh_msg2_t* msg2, sgx_dh_session_t* sgx_dh_session)
    493. 

  493. {
    494. 

  494.     sgx_status_t se_ret;
    495. 

  495. 

  496.     sgx_ec256_public_t pub_key;
    497. 

  497.     sgx_ec256_private_t priv_key;
    498. 

  498.     sgx_ec256_dh_shared_t shared_key;
    499. 

  499.     sgx_key_128bit_t dh_smk;
    500. 

  500. 

  501.     sgx_internal_dh_session_t* session = (sgx_internal_dh_session_t*) sgx_dh_session;
    502. 

  502. 

  503.     // validate session
    504. 

  504.     if(!session || 
    505. 

  505.         0 == sgx_is_within_enclave(session, sizeof(sgx_internal_dh_session_t))) // session must be in enclave
    506. 

  506.     {
    507. 

  507.         return SGX_ERROR_INVALID_PARAMETER;
    508. 

  508.     }
    509. 

  509. 

  510.     if( !msg1 || 
    511. 

  511.         !msg2 || 
    512. 

  512.         0 == sgx_is_within_enclave(msg1, sizeof(sgx_dh_msg1_t)) ||
    513. 

  513.         0 == sgx_is_within_enclave(msg2, sizeof(sgx_dh_msg2_t)) ||
    514. 

  514.         SGX_DH_SESSION_INITIATOR != session->role)
    515. 

  515.     {
    516. 

  516.         // clear secret when encounter error
    517. 

  517.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    518. 

  518.         session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    519. 

  519.         return SGX_ERROR_INVALID_PARAMETER;
    520. 

  520.     }
    521. 

  521. 

  522.     if(SGX_DH_SESSION_INITIATOR_WAIT_M1 != session->initiator.state)
    523. 

  523.     {
    524. 

  524.         // clear secret
    525. 

  525.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    526. 

  526.         session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    527. 

  527.         return SGX_ERROR_INVALID_STATE;
    528. 

  528.     }
    529. 

  529. 

  530.     //create ECC context
    531. 

  531.     sgx_ecc_state_handle_t ecc_state = NULL;
    532. 

  532.     se_ret = sgx_ecc256_open_context(&ecc_state);
    533. 

  533.     if(SGX_SUCCESS != se_ret)
    534. 

  534.     {
    535. 

  535.         goto error;
    536. 

  536.     }
    537. 

  537.     // generate private key and public key
    538. 

  538.     se_ret = sgx_ecc256_create_key_pair((sgx_ec256_private_t*)&priv_key, 
    539. 

  539.                                        (sgx_ec256_public_t*)&pub_key, 
    540. 

  540.                                         ecc_state);
    541. 

  541.     if(SGX_SUCCESS != se_ret)
    542. 

  542.     {
    543. 

  543.         goto error;
    544. 

  544.     }
    545. 

  545. 

  546.     //generate shared_key
    547. 

  547.     se_ret = sgx_ecc256_compute_shared_dhkey(
    548. 

  548.                                             (sgx_ec256_private_t *)const_cast<sgx_ec256_private_t*>(&priv_key), 
    549. 

  549.                                             (sgx_ec256_public_t *)const_cast<sgx_ec256_public_t*>(&msg1->g_a), 
    550. 

  550.                                             (sgx_ec256_dh_shared_t *)&shared_key, 
    551. 

  551.                                              ecc_state);
    552. 

  552. 

  553.     // clear private key for defense in depth
    554. 

  554.     memset_s(&priv_key, sizeof(sgx_ec256_private_t), 0, sizeof(sgx_ec256_private_t));
    555. 

  555. 

  556.     if(SGX_SUCCESS != se_ret)
    557. 

  557.     {
    558. 

  558.         goto error;
    559. 

  559.     }
    560. 

  560. 

  561.     se_ret = derive_key(&shared_key, "SMK", (uint32_t)(sizeof("SMK") -1), &dh_smk);
    562. 

  562.     if(SGX_SUCCESS != se_ret)
    563. 

  563.     {
    564. 

  564.         goto error;
    565. 

  565.     }
    566. 

  566. 

  567.     se_ret = dh_generate_message2(msg1, &pub_key, &dh_smk, msg2);
    568. 

  568.     if(SGX_SUCCESS != se_ret)
    569. 

  569.     {
    570. 

  570.         goto error;
    571. 

  571.     }
    572. 

  572. 

  573.     memcpy(&session->initiator.pub_key, &pub_key, sizeof(sgx_ec256_public_t));
    574. 

  574.     memcpy(&session->initiator.peer_pub_key, &msg1->g_a, sizeof(sgx_ec256_public_t));
    575. 

  575.     memcpy(&session->initiator.smk_aek, &dh_smk, sizeof(sgx_key_128bit_t));
    576. 

  576.     memcpy(&session->initiator.shared_key, &shared_key, sizeof(sgx_ec256_dh_shared_t));
    577. 

  577.     // clear shared key and SMK
    578. 

  578.     memset_s(&shared_key, sizeof(sgx_ec256_dh_shared_t), 0, sizeof(sgx_ec256_dh_shared_t));
    579. 

  579.     memset_s(&dh_smk, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
    580. 

  580. 

  581.     if(SGX_SUCCESS != sgx_ecc256_close_context(ecc_state))
    582. 

  582.     {
    583. 

  583.         // clear session 
    584. 

  584.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    585. 

  585.         // set error state
    586. 

  586.         session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    587. 

  587.         return SGX_ERROR_UNEXPECTED;
    588. 

  588.     }
    589. 

  589. 

  590.     session->initiator.state = SGX_DH_SESSION_INITIATOR_WAIT_M3;
    591. 

  591.     return SGX_SUCCESS;
    592. 

  592. 

  593. error:
    594. 

  594.     sgx_ecc256_close_context(ecc_state);
    595. 

  595. 

  596.     // clear shared key and SMK
    597. 

  597.     memset_s(&shared_key, sizeof(sgx_ec256_dh_shared_t), 0, sizeof(sgx_ec256_dh_shared_t));
    598. 

  598.     memset_s(&dh_smk, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
    599. 

  599. 

  600.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    601. 

  601.     session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    602. 

  602. 

  603.     // return selected error to upper layer
    604. 

  604.     INTERNAL_SGX_ERROR_CODE_CONVERTOR(se_ret)
    605. 

  605. 

  606.     return se_ret;
    607. 

  607. }
    608. 

  608. 

  609. //sgx_dh_responder_proc_msg2 processes M2 message, generates M3 message, and returns the session key AEK.
    610. 

  610. sgx_status_t sgx_dh_responder_proc_msg2(const sgx_dh_msg2_t* msg2, 
    611. 

  611.                                            sgx_dh_msg3_t* msg3, 
    612. 

  612.                                            sgx_dh_session_t* sgx_dh_session, 
    613. 

  613.                                            sgx_key_128bit_t* aek,
    614. 

  614.                                            sgx_dh_session_enclave_identity_t* initiator_identity)
    615. 

  615. {
    616. 

  616.     sgx_status_t se_ret;
    617. 

  617. 

  618.     sgx_ec256_dh_shared_t shared_key;
    619. 

  619.     sgx_key_128bit_t dh_smk;
    620. 

  620. 

  621.     sgx_internal_dh_session_t* session = (sgx_internal_dh_session_t*)sgx_dh_session;
    622. 

  622. 

  623.     // validate session
    624. 

  624.     if(!session || 
    625. 

  625.         0 == sgx_is_within_enclave(session, sizeof(sgx_internal_dh_session_t))) // session must be in enclave
    626. 

  626.     {
    627. 

  627.         return SGX_ERROR_INVALID_PARAMETER;
    628. 

  628.     }
    629. 

  629. 

  630.     if(!msg3 || 
    631. 

  631.         msg3->msg3_body.additional_prop_length > (UINT_MAX - sizeof(sgx_dh_msg3_t)) || // check msg3 length overflow
    632. 

  632.         0 == sgx_is_within_enclave(msg3, (sizeof(sgx_dh_msg3_t)+msg3->msg3_body.additional_prop_length)) || // must be in enclave
    633. 

  633.         !msg2 || 
    634. 

  634.         0 == sgx_is_within_enclave(msg2, sizeof(sgx_dh_msg2_t)) || // must be in enclave
    635. 

  635.         !aek || 
    636. 

  636.         0 == sgx_is_within_enclave(aek, sizeof(sgx_key_128bit_t)) || // must be in enclave
    637. 

  637.         !initiator_identity ||
    638. 

  638.         0 == sgx_is_within_enclave(initiator_identity, sizeof(sgx_dh_session_enclave_identity_t)) || // must be in enclave
    639. 

  639.         SGX_DH_SESSION_RESPONDER != session->role)
    640. 

  640.     {
    641. 

  641.         // clear secret when encounter error
    642. 

  642.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    643. 

  643.         session->responder.state = SGX_DH_SESSION_STATE_ERROR;
    644. 

  644.         return SGX_ERROR_INVALID_PARAMETER;
    645. 

  645.     }
    646. 

  646. 

  647.     if(SGX_DH_SESSION_RESPONDER_WAIT_M2 != session->responder.state) // protocol state must be SGX_DH_SESSION_RESPONDER_WAIT_M2
    648. 

  648.     {
    649. 

  649.         // clear secret
    650. 

  650.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    651. 

  651.         session->responder.state = SGX_DH_SESSION_STATE_ERROR;
    652. 

  652.         return SGX_ERROR_INVALID_STATE;
    653. 

  653.     }
    654. 

  654. 

  655.     //create ECC context, and the ECC parameter is
    656. 

  656.     //NIST standard P-256 elliptic curve.
    657. 

  657.     sgx_ecc_state_handle_t ecc_state = NULL;
    658. 

  658.     se_ret = sgx_ecc256_open_context(&ecc_state);
    659. 

  659.     if(SGX_SUCCESS != se_ret)
    660. 

  660.     {
    661. 

  661.         goto error;
    662. 

  662.     }
    663. 

  663.     
    664. 

  664.     //generate shared key, which should be identical with enclave side,
    665. 

  665.     //from PSE private key and enclave public key
    666. 

  666.     se_ret = sgx_ecc256_compute_shared_dhkey((sgx_ec256_private_t *)&session->responder.prv_key, 
    667. 

  667.                                             (sgx_ec256_public_t *)const_cast<sgx_ec256_public_t*>(&msg2->g_b), 
    668. 

  668.                                             (sgx_ec256_dh_shared_t *)&shared_key, 
    669. 

  669.                                              ecc_state);
    670. 

  670. 

  671.     // For defense-in-depth purpose, responder clears its private key from its enclave memory, as it's not needed anymore.
    672. 

  672.     memset_s(&session->responder.prv_key, sizeof(sgx_ec256_private_t), 0, sizeof(sgx_ec256_private_t));
    673. 

  673. 

  674.     if(se_ret != SGX_SUCCESS)
    675. 

  675.     {
    676. 

  676.         goto error;
    677. 

  677.     }
    678. 

  678. 

  679. 

  680.     //derive keys from session shared key
    681. 

  681.     se_ret = derive_key(&shared_key, "SMK", (uint32_t)(sizeof("SMK") -1), &dh_smk);
    682. 

  682.     if(se_ret != SGX_SUCCESS)
    683. 

  683.     {
    684. 

  684.         goto error;
    685. 

  685.     }
    686. 

  686.     // Verify message 2 from Session Initiator and also Session Initiator's identity
    687. 

  687.     se_ret = dh_verify_message2(msg2, &session->responder.pub_key, &dh_smk);
    688. 

  688.     if(SGX_SUCCESS != se_ret)
    689. 

  689.     {
    690. 

  690.         goto error;
    691. 

  691.     }
    692. 

  692. 

  693.     initiator_identity->isv_svn = msg2->report.body.isv_svn;
    694. 

  694.     initiator_identity->isv_prod_id = msg2->report.body.isv_prod_id;
    695. 

  695.     memcpy(&initiator_identity->attributes, &msg2->report.body.attributes, sizeof(sgx_attributes_t));
    696. 

  696.     memcpy(&initiator_identity->mr_signer, &msg2->report.body.mr_signer, sizeof(sgx_measurement_t));
    697. 

  697.     memcpy(&initiator_identity->mr_enclave, &msg2->report.body.mr_enclave, sizeof(sgx_measurement_t));
    698. 

  698. 

  699.     // Generate message 3 to send back to initiator
    700. 

  700.     se_ret = dh_generate_message3(msg2, 
    701. 

  701.                                &session->responder.pub_key, 
    702. 

  702.                                &dh_smk, 
    703. 

  703.                                msg3, 
    704. 

  704.                                msg3->msg3_body.additional_prop_length);
    705. 

  705.     if(SGX_SUCCESS != se_ret)
    706. 

  706.     {
    707. 

  707.         goto error;
    708. 

  708.     }
    709. 

  709. 

  710.     // derive session key
    711. 

  711.     se_ret = derive_key(&shared_key, "AEK", (uint32_t)(sizeof("AEK") -1), aek);
    712. 

  712.     if(se_ret != SGX_SUCCESS)
    713. 

  713.     {
    714. 

  714.         goto error;
    715. 

  715.     }
    716. 

  716. 

  717.     // clear secret
    718. 

  718.     memset_s(&shared_key, sizeof(sgx_ec256_dh_shared_t), 0, sizeof(sgx_ec256_dh_shared_t)); 
    719. 

  719.     memset_s(&dh_smk, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
    720. 

  720.     // clear session
    721. 

  721.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    722. 

  722. 

  723.     se_ret = sgx_ecc256_close_context(ecc_state);
    724. 

  724.     if(SGX_SUCCESS != se_ret)
    725. 

  725.     {
    726. 

  726.         // set error state
    727. 

  727.         session->responder.state = SGX_DH_SESSION_STATE_ERROR;
    728. 

  728.         return SGX_ERROR_UNEXPECTED;
    729. 

  729.     }
    730. 

  730. 

  731.     // set state
    732. 

  732.     session->responder.state = SGX_DH_SESSION_ACTIVE;
    733. 

  733. 

  734.     return SGX_SUCCESS;
    735. 

  735. 

  736. error:
    737. 

  737.     sgx_ecc256_close_context(ecc_state);
    738. 

  738.     // clear secret 
    739. 

  739.     memset_s(&shared_key, sizeof(sgx_ec256_dh_shared_t), 0, sizeof(sgx_ec256_dh_shared_t)); 
    740. 

  740.     memset_s(&dh_smk, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
    741. 

  741.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    742. 

  742.     // set error state
    743. 

  743.     session->responder.state = SGX_DH_SESSION_STATE_ERROR;
    744. 

  744.     // return selected error to upper layer
    745. 

  745.     if (se_ret != SGX_ERROR_OUT_OF_MEMORY &&
    746. 

  746.         se_ret != SGX_ERROR_KDF_MISMATCH)
    747. 

  747.     {
    748. 

  748.         se_ret = SGX_ERROR_UNEXPECTED;
    749. 

  749.     }
    750. 

  750.     return se_ret;
    751. 

  751. }
    752. 

  752. 

  753. //sgx_dh_initiator_proc_msg3 processes M3 message, and returns the session key AEK.
    754. 

  754. sgx_status_t sgx_dh_initiator_proc_msg3(const sgx_dh_msg3_t* msg3, 
    755. 

  755.                                        sgx_dh_session_t* sgx_dh_session, 
    756. 

  756.                                        sgx_key_128bit_t* aek,
    757. 

  757.                                        sgx_dh_session_enclave_identity_t* responder_identity)
    758. 

  758. {
    759. 

  759.     sgx_status_t se_ret;
    760. 

  760.     sgx_internal_dh_session_t* session = (sgx_internal_dh_session_t*)sgx_dh_session;
    761. 

  761. 

  762.     // validate session
    763. 

  763.     if(!session || 
    764. 

  764.         0 == sgx_is_within_enclave(session, sizeof(sgx_internal_dh_session_t))) // session must be in enclave
    765. 

  765.     {
    766. 

  766.         return SGX_ERROR_INVALID_PARAMETER;
    767. 

  767.     }
    768. 

  768. 

  769.     if(!msg3 || 
    770. 

  770.         msg3->msg3_body.additional_prop_length > (UINT_MAX - sizeof(sgx_dh_msg3_t)) || // check msg3 length overflow
    771. 

  771.         0 == sgx_is_within_enclave(msg3, (sizeof(sgx_dh_msg3_t)+msg3->msg3_body.additional_prop_length)) || // msg3 buffer must be in enclave
    772. 

  772.         !aek || 
    773. 

  773.         0 == sgx_is_within_enclave(aek, sizeof(sgx_key_128bit_t)) || // aek buffer must be in enclave 
    774. 

  774.         !responder_identity ||
    775. 

  775.         0 == sgx_is_within_enclave(responder_identity, sizeof(sgx_dh_session_enclave_identity_t)) || // responder_identity buffer must be in enclave 
    776. 

  776.         SGX_DH_SESSION_INITIATOR != session->role) // role must be SGX_DH_SESSION_INITIATOR
    777. 

  777.     {
    778. 

  778.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    779. 

  779.         session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    780. 

  780.         return SGX_ERROR_INVALID_PARAMETER;
    781. 

  781.     }
    782. 

  782. 

  783.     if(SGX_DH_SESSION_INITIATOR_WAIT_M3 != session->initiator.state) // protocol state must be SGX_DH_SESSION_INITIATOR_WAIT_M3
    784. 

  784.     {
    785. 

  785.         memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    786. 

  786.         session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    787. 

  787.         return SGX_ERROR_INVALID_STATE;
    788. 

  788.     }
    789. 

  789. 

  790.     se_ret = dh_verify_message3(msg3, 
    791. 

  791.                              &session->initiator.peer_pub_key, 
    792. 

  792.                              &session->initiator.pub_key, 
    793. 

  793.                              &session->initiator.smk_aek);
    794. 

  794.     if(SGX_SUCCESS != se_ret)
    795. 

  795.     {
    796. 

  796.         goto error;
    797. 

  797.     }
    798. 

  798. 

  799.     // derive AEK
    800. 

  800.     se_ret = derive_key(&session->initiator.shared_key, "AEK", (uint32_t)(sizeof("AEK") -1), aek);
    801. 

  801.     if(SGX_SUCCESS != se_ret)
    802. 

  802.     {
    803. 

  803.         goto error;
    804. 

  804.     }
    805. 

  805. 

  806.     // clear session
    807. 

  807.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    808. 

  808.     session->initiator.state = SGX_DH_SESSION_ACTIVE;
    809. 

  809. 

  810.     // copy the common fields between REPORT and the responder enclave identity
    811. 

  811.     memcpy(responder_identity, &msg3->msg3_body.report.body, sizeof(sgx_dh_session_enclave_identity_t));
    812. 

  812. 

  813.     return SGX_SUCCESS;
    814. 

  814. 

  815. error:
    816. 

  816.     memset_s(session, sizeof(sgx_internal_dh_session_t), 0, sizeof(sgx_internal_dh_session_t));
    817. 

  817.     session->initiator.state = SGX_DH_SESSION_STATE_ERROR;
    818. 

  818.     INTERNAL_SGX_ERROR_CODE_CONVERTOR(se_ret)
    819. 

  819.     return se_ret;
    820. 

  820. }
    821. 

  821.