tae_service.cpp 26 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "se_types.h"
  32. #include "sgx_trts.h"
  33. #include "sgx_utils.h"
  34. #include "arch.h"
  35. #include "sgx_tae_service.h"
  36. #include "tae_service_internal.h"
  37. #include "dh.h"
  38. #include "sgx_dh.h"
  39. #include "sgx_spinlock.h"
  40. #include "sgx_thread.h"
  41. #include "uncopyable.h"
  42. #include "tae_config.h"
  43. #include "sgx_tae_service_t.h"
  44. #define ERROR_BREAK(x) if(SGX_SUCCESS != (x)){break;}
  45. #define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
  46. #define INVALID_SESSION_ID (-1U)
  47. typedef struct _session_t
  48. {
  49. uint32_t session_id;
  50. sgx_key_128bit_t authenticated_encryption_key;
  51. se_ps_sec_prop_desc_internal_t ps_security_property;
  52. uint32_t transaction_number;//valid transaction_number is from 0 to 0x7FFFFFFF
  53. //seq_num in request message is transaction_number*2 and seq_num in response message is expected to be transaction_number*2+1
  54. bool session_inited;
  55. }session_t;
  56. static session_t g_pse_session;
  57. class Mutex :private Uncopyable{
  58. public:
  59. Mutex() {sgx_thread_mutex_init(&m_mutex, NULL);}
  60. ~Mutex() { sgx_thread_mutex_destroy(&m_mutex);}
  61. void lock() { sgx_thread_mutex_lock(&m_mutex); }
  62. void unlock() { sgx_thread_mutex_unlock(&m_mutex); }
  63. private:
  64. sgx_thread_mutex_t m_mutex;
  65. };
  66. //mutex for change g_pse_session, create_pse_session, close_pse_session and crypt_invoke locks it.
  67. static Mutex g_session_mutex;
  68. static sgx_status_t uae_create_session(
  69. uint32_t* session_id,
  70. sgx_dh_msg1_t* se_dh_msg1,
  71. uint32_t timeout
  72. )
  73. {
  74. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  75. sgx_status_t status = create_session_ocall(&ret, session_id, (uint8_t*)se_dh_msg1, sizeof(sgx_dh_msg1_t), timeout);
  76. if (status!=SGX_SUCCESS)
  77. return status;
  78. return ret;
  79. }
  80. static sgx_status_t uae_close_session(
  81. uint32_t session_id,
  82. uint32_t timeout
  83. )
  84. {
  85. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  86. sgx_status_t status = close_session_ocall(&ret, session_id, timeout);
  87. if (status!=SGX_SUCCESS)
  88. return status;
  89. return ret;
  90. }
  91. static sgx_status_t uae_exchange_report(
  92. uint32_t session_id,
  93. sgx_dh_msg2_t* se_dh_msg2,
  94. sgx_dh_msg3_t* se_dh_msg3,
  95. uint32_t timeout
  96. )
  97. {
  98. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  99. sgx_status_t status = exchange_report_ocall(&ret, session_id, (uint8_t*)se_dh_msg2, static_cast<uint32_t>(sizeof(sgx_dh_msg2_t)),
  100. (uint8_t*)se_dh_msg3, static_cast<uint32_t>(sizeof(sgx_dh_msg3_t)+sizeof(cse_sec_prop_t)),timeout);
  101. if (status!=SGX_SUCCESS)
  102. return status;
  103. return ret;
  104. }
  105. static sgx_status_t uae_invoke_service(
  106. uint8_t* pse_message_req, uint32_t pse_message_req_size,
  107. uint8_t* pse_message_resp, uint32_t pse_message_resp_size,
  108. uint32_t timeout
  109. )
  110. {
  111. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  112. sgx_status_t status = invoke_service_ocall(&ret, pse_message_req, pse_message_req_size, pse_message_resp, pse_message_resp_size, timeout);
  113. if (status!=SGX_SUCCESS)
  114. return status;
  115. return ret;
  116. }
  117. static sgx_status_t close_pse_session_within_mutex()
  118. {
  119. sgx_status_t status = SGX_SUCCESS;
  120. if (g_pse_session.session_inited)
  121. {
  122. g_pse_session.session_inited = false;
  123. memset_s(&g_pse_session.authenticated_encryption_key,sizeof(&g_pse_session.authenticated_encryption_key), 0, sizeof(sgx_key_128bit_t));
  124. uint32_t session_id = g_pse_session.session_id;
  125. //Ocall uae_service close_session
  126. status = uae_close_session(session_id, SE_CLOSE_SESSION_TIMEOUT_MSEC);
  127. if (status == SGX_ERROR_AE_SESSION_INVALID)
  128. {
  129. //means session is closed by PSE, it's acceptable
  130. status = SGX_SUCCESS;
  131. }
  132. }
  133. return status;
  134. }
  135. sgx_status_t sgx_close_pse_session()
  136. {
  137. sgx_status_t status = SGX_SUCCESS;
  138. g_session_mutex.lock();
  139. //check session status again after mutex lock got.
  140. status = close_pse_session_within_mutex();
  141. g_session_mutex.unlock();
  142. return status;
  143. }
  144. static sgx_status_t verify_pse(sgx_dh_session_enclave_identity_t* dh_id)
  145. {
  146. //make sure debug flag is not set
  147. if(dh_id->attributes.flags & SGX_FLAGS_DEBUG)
  148. {
  149. return SGX_ERROR_UNEXPECTED;
  150. }
  151. return SGX_SUCCESS;
  152. }
  153. static sgx_status_t create_pse_session_within_mutex()
  154. {
  155. if (g_pse_session.session_inited)
  156. {
  157. return SGX_SUCCESS;
  158. }
  159. sgx_dh_msg3_t* se_dh_msg3 = NULL;
  160. //set invalid session id
  161. uint32_t session_id = INVALID_SESSION_ID;
  162. sgx_status_t status = SGX_ERROR_UNEXPECTED;
  163. //for pse session
  164. sgx_dh_msg1_t se_dh_msg1;
  165. sgx_dh_msg2_t se_dh_msg2;
  166. //for dh session
  167. sgx_dh_session_t dh_session_context;
  168. sgx_key_128bit_t dh_aek;
  169. sgx_dh_session_enclave_identity_t dh_id;
  170. memset(&se_dh_msg1, 0, sizeof(se_dh_msg1));
  171. memset(&se_dh_msg2, 0, sizeof(se_dh_msg2));
  172. memset(&dh_session_context, 0, sizeof(dh_session_context));
  173. memset(&dh_aek, 0, sizeof(dh_aek));
  174. memset(&dh_id, 0, sizeof(dh_id));
  175. //set start status
  176. status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &dh_session_context);
  177. if (SGX_ERROR_OUT_OF_MEMORY == status)
  178. return SGX_ERROR_OUT_OF_MEMORY;
  179. if(status!=SGX_SUCCESS)
  180. return SGX_ERROR_UNEXPECTED;
  181. se_dh_msg3 = (sgx_dh_msg3_t*)malloc(sizeof(sgx_dh_msg3_t)+sizeof(cse_sec_prop_t));
  182. if(!se_dh_msg3)
  183. return SGX_ERROR_OUT_OF_MEMORY;
  184. do{
  185. //Ocall uae_service create_session, get session_id and se_dh_msg1 from PSE
  186. status = uae_create_session(&session_id,&se_dh_msg1, SE_CREATE_SESSION_TIMEOUT_MSEC);
  187. if (SGX_ERROR_INVALID_PARAMETER == status)
  188. status = SGX_ERROR_UNEXPECTED;
  189. ERROR_BREAK(status);
  190. //process msg1 and generate msg2
  191. status = sgx_dh_initiator_proc_msg1(&se_dh_msg1, &se_dh_msg2, &dh_session_context);
  192. if (SGX_ERROR_OUT_OF_MEMORY == status)
  193. break;
  194. if(status!=SGX_SUCCESS)
  195. {
  196. status = SGX_ERROR_UNEXPECTED;
  197. break;
  198. }
  199. //Ocall uae_service exchange_report, give se_dh_msg2, get se_dh_msg3
  200. status = uae_exchange_report(session_id,&se_dh_msg2, se_dh_msg3, SE_EXCHANGE_REPORT_TIMEOUT_MSEC);
  201. if (SGX_ERROR_INVALID_PARAMETER == status)
  202. status = SGX_ERROR_UNEXPECTED;
  203. ERROR_BREAK(status);
  204. //proc msg3 to get AEK
  205. status = sgx_dh_initiator_proc_msg3(se_dh_msg3, &dh_session_context, &dh_aek, &dh_id);
  206. if (SGX_ERROR_OUT_OF_MEMORY == status)
  207. break;
  208. if(status!=SGX_SUCCESS)
  209. {
  210. status = SGX_ERROR_UNEXPECTED;
  211. break;
  212. }
  213. //verify PSE same as hard-coded attributes
  214. status = verify_pse(&dh_id);
  215. ERROR_BREAK(status);
  216. status = sgx_verify_report(&se_dh_msg3->msg3_body.report);
  217. if (SGX_ERROR_OUT_OF_MEMORY == status)
  218. break;
  219. if(status!=SGX_SUCCESS)
  220. {
  221. status = SGX_ERROR_UNEXPECTED;
  222. break;
  223. }
  224. //fill g_pse_session
  225. g_pse_session.session_id = session_id;
  226. memcpy(&g_pse_session.authenticated_encryption_key , &dh_aek, sizeof(sgx_key_128bit_t));
  227. g_pse_session.ps_security_property.pse_miscselect = dh_id.misc_select;
  228. g_pse_session.ps_security_property.reserved1 = 0;
  229. memset(g_pse_session.ps_security_property.reserved2, 0, sizeof(g_pse_session.ps_security_property.reserved2));
  230. memcpy(&g_pse_session.ps_security_property.pse_attributes, &dh_id.attributes, sizeof(sgx_attributes_t));
  231. memcpy(&g_pse_session.ps_security_property.pse_isvsvn, &dh_id.isv_svn, sizeof(sgx_isv_svn_t));
  232. memcpy(&g_pse_session.ps_security_property.pse_mr_signer, &dh_id.mr_signer, sizeof(sgx_measurement_t));
  233. memcpy(&g_pse_session.ps_security_property.pse_prod_id, &dh_id.isv_prod_id, sizeof(sgx_prod_id_t));
  234. //copy CSE_SEC_PROP of SE_DH_MSG3 to g_pse_session.ps_security_property
  235. pse_dh_msg3_t* pse_dh_msg3 = (pse_dh_msg3_t*)se_dh_msg3;
  236. memcpy(&g_pse_session.ps_security_property.cse_sec_prop, &pse_dh_msg3->cse_sec_prop, sizeof(cse_sec_prop_t));
  237. g_pse_session.session_inited = true;
  238. //reset transaction_number to 0
  239. g_pse_session.transaction_number = 0;
  240. status = SGX_SUCCESS;
  241. break;
  242. }while(0);
  243. SAFE_FREE(se_dh_msg3);
  244. if(status != SGX_SUCCESS && session_id != INVALID_SESSION_ID)
  245. uae_close_session(session_id, SE_CLOSE_SESSION_TIMEOUT_MSEC);//we can do nothing if close_session fails
  246. return status;
  247. }
  248. sgx_status_t sgx_create_pse_session()
  249. {
  250. sgx_status_t status= SGX_ERROR_UNEXPECTED;
  251. //lock mutex, only one thread can create session, others must wait.
  252. g_session_mutex.lock();
  253. status = create_pse_session_within_mutex();
  254. //unlock the session mutex
  255. g_session_mutex.unlock();
  256. return status;
  257. }
  258. sgx_status_t sgx_get_ps_sec_prop(sgx_ps_sec_prop_desc_t* ps_security_property)
  259. {
  260. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  261. if(!ps_security_property)
  262. return SGX_ERROR_INVALID_PARAMETER;
  263. //lock mutex to read session status
  264. g_session_mutex.lock();
  265. if (g_pse_session.session_inited == true)
  266. {
  267. memcpy(ps_security_property,&g_pse_session.ps_security_property,sizeof(sgx_ps_sec_prop_desc_t));
  268. ret = SGX_SUCCESS;
  269. }
  270. else
  271. ret = SGX_ERROR_AE_SESSION_INVALID;
  272. //unlock the session mutex
  273. g_session_mutex.unlock();
  274. return ret;
  275. }
  276. sgx_status_t sgx_get_ps_sec_prop_ex(sgx_ps_sec_prop_desc_ex_t* ps_security_property_ex)
  277. {
  278. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  279. if (!ps_security_property_ex)
  280. return SGX_ERROR_INVALID_PARAMETER;
  281. ret = sgx_get_ps_sec_prop(&ps_security_property_ex->ps_sec_prop_desc);
  282. if (ret != SGX_SUCCESS)
  283. {
  284. return ret;
  285. }
  286. se_ps_sec_prop_desc_internal_t* desc_internal =
  287. (se_ps_sec_prop_desc_internal_t*)&ps_security_property_ex->ps_sec_prop_desc;
  288. memcpy(&ps_security_property_ex->pse_mrsigner, &desc_internal->pse_mr_signer, sizeof(sgx_measurement_t));
  289. memcpy(&ps_security_property_ex->pse_prod_id, &desc_internal->pse_prod_id, sizeof(sgx_prod_id_t));
  290. memcpy(&ps_security_property_ex->pse_isv_svn, &desc_internal->pse_isvsvn, sizeof(sgx_isv_svn_t));
  291. return ret;
  292. }
  293. static sgx_status_t verify_msg_hdr(pse_req_hdr_t* req_payload_hdr, pse_resp_hdr_t* resp_payload_hdr)
  294. {
  295. sgx_status_t ret = SGX_SUCCESS;
  296. if(resp_payload_hdr->service_id != req_payload_hdr->service_id ||
  297. resp_payload_hdr->service_cmd != req_payload_hdr->service_cmd ||
  298. //resp seq_num increases one by PSE
  299. resp_payload_hdr->seq_num != req_payload_hdr->seq_num+1||
  300. //transaction_number has increase one after setting seq_num
  301. g_pse_session.transaction_number != resp_payload_hdr->seq_num/2 +1)
  302. {
  303. ret = SGX_ERROR_UNEXPECTED;
  304. }
  305. else if(resp_payload_hdr->status != PSE_SUCCESS)
  306. {
  307. switch (resp_payload_hdr->status)
  308. {
  309. case PSE_ERROR_INTERNAL:
  310. ret = SGX_ERROR_UNEXPECTED;
  311. break;
  312. case PSE_ERROR_BUSY:
  313. ret = SGX_ERROR_BUSY;
  314. break;
  315. case PSE_ERROR_MC_NOT_FOUND:
  316. ret = SGX_ERROR_MC_NOT_FOUND;
  317. break;
  318. case PSE_ERROR_MC_NO_ACCESS_RIGHT:
  319. ret = SGX_ERROR_MC_NO_ACCESS_RIGHT;
  320. break;
  321. case PSE_ERROR_UNKNOWN_REQ:
  322. ret = SGX_ERROR_INVALID_PARAMETER;
  323. break;
  324. case PSE_ERROR_CAP_NOT_AVAILABLE:
  325. ret = SGX_ERROR_SERVICE_UNAVAILABLE;
  326. break;
  327. case PSE_ERROR_MC_USED_UP:
  328. ret = SGX_ERROR_MC_USED_UP;
  329. break;
  330. case PSE_ERROR_MC_OVER_QUOTA:
  331. ret = SGX_ERROR_MC_OVER_QUOTA;
  332. break;
  333. case PSE_ERROR_INVALID_POLICY:
  334. ret = SGX_ERROR_INVALID_PARAMETER;
  335. break;
  336. default:
  337. ret = SGX_ERROR_UNEXPECTED;
  338. break;
  339. }
  340. }
  341. return ret;
  342. }
  343. //increase nonce, build msg, encrypt msg, call invoke_service, decrypt msg, verify msg format
  344. static sgx_status_t crypt_invoke(pse_message_t* req_msg, uint32_t req_msg_size,
  345. pse_req_hdr_t* req_payload_hdr,
  346. uint32_t timeout,
  347. pse_message_t* resp_msg, uint32_t resp_msg_size,
  348. pse_resp_hdr_t* resp_payload_hdr
  349. )
  350. {
  351. sgx_status_t ret = SGX_ERROR_UNEXPECTED;
  352. int retry = RETRY_TIMES;
  353. //lock transaction_number
  354. g_session_mutex.lock();
  355. //don't need to lock g_pse_session.sgx_spin_lock, g_pse_session only changes when g_session_mutex is locked.
  356. if (!g_pse_session.session_inited)
  357. {
  358. g_session_mutex.unlock();
  359. return SGX_ERROR_AE_SESSION_INVALID;
  360. }
  361. //retry only when return value of uae_invoke_service is SGX_ERROR_AE_SESSION_INVALID,
  362. //which means that session is closed by PSE or transaction_number is out of order.
  363. //In these situation, session needs to reestablish and retry the invoke_service.
  364. while(retry --)
  365. {
  366. //prevent transaction_number from rolling over. 0x7fffffff and below is valid
  367. if(g_pse_session.transaction_number > 0x7fffffff){
  368. //if unexpected failure of following close_pse_session_within_mutex() and create_pse_session_within_mutex()
  369. //return SGX_ERROR_AE_SESSION_INVALID to user
  370. ret = SGX_ERROR_AE_SESSION_INVALID;
  371. //need to close current session and create a new session
  372. //create_pse_session_within_mutex will reset the g_pse_session.transaction_number
  373. //close_session failure will always return SGX_ERROR_AE_SESSION_INVALID
  374. ERROR_BREAK(close_pse_session_within_mutex());
  375. //create_session failure will return SGX_ERROR_BUSY on SGX_ERROR_BUSY, SGX_ERROR_OUT_OF_MEMORY on SGX_ERROR_OUT_OF_MEMORY,
  376. //and SGX_ERROR_AE_SESSION_INVALID on other error code
  377. sgx_status_t aesm_status = create_pse_session_within_mutex();
  378. switch (aesm_status)
  379. {
  380. case SGX_ERROR_BUSY:
  381. ret = SGX_ERROR_BUSY;
  382. break;
  383. case SGX_ERROR_OUT_OF_MEMORY:
  384. ret = SGX_ERROR_OUT_OF_MEMORY;
  385. break;
  386. default:
  387. break;
  388. }
  389. ERROR_BREAK(aesm_status);
  390. }
  391. //set seq_num
  392. req_payload_hdr->seq_num = g_pse_session.transaction_number*2;
  393. //increase transaction_number
  394. g_pse_session.transaction_number++;
  395. //set request message session id
  396. req_msg->session_id = g_pse_session.session_id;
  397. //encrypt_msg with authenticated_encryption_key of the session
  398. if (!encrypt_msg(req_msg, (uint8_t*)req_payload_hdr, &g_pse_session.authenticated_encryption_key))
  399. {
  400. ret = SGX_ERROR_UNEXPECTED;
  401. break;
  402. }
  403. //ocall invoke_service
  404. ret = uae_invoke_service((uint8_t*)req_msg, (req_msg_size),
  405. (uint8_t*)resp_msg, resp_msg_size, timeout);
  406. if (SGX_ERROR_AE_SESSION_INVALID == ret)
  407. {
  408. //close_session failure will always return SGX_ERROR_AE_SESSION_INVALID
  409. ERROR_BREAK(close_pse_session_within_mutex());
  410. //recreating session
  411. sgx_status_t aesm_status = create_pse_session_within_mutex();
  412. if(SGX_SUCCESS == aesm_status)
  413. continue;
  414. switch (aesm_status)
  415. {
  416. case SGX_ERROR_BUSY:
  417. ret = SGX_ERROR_BUSY;
  418. break;
  419. case SGX_ERROR_OUT_OF_MEMORY:
  420. ret = SGX_ERROR_OUT_OF_MEMORY;
  421. break;
  422. default:
  423. break;
  424. }
  425. }
  426. ERROR_BREAK(ret);
  427. //decrypt_msg with authenticated_encryption_key of the session
  428. if(!decrypt_msg(resp_msg, (uint8_t*)resp_payload_hdr, &g_pse_session.authenticated_encryption_key))
  429. {
  430. ret = SGX_ERROR_UNEXPECTED;
  431. break;
  432. }
  433. ret = verify_msg_hdr(req_payload_hdr,resp_payload_hdr);
  434. break;
  435. }
  436. g_session_mutex.unlock();
  437. return ret;
  438. }
  439. sgx_status_t sgx_get_trusted_time(
  440. sgx_time_t* current_time,
  441. sgx_time_source_nonce_t* time_source_nonce
  442. )
  443. {
  444. if(!current_time || !time_source_nonce)
  445. return SGX_ERROR_INVALID_PARAMETER;
  446. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_TIMER_READ_REQ_SIZE);
  447. if (!req_msg)
  448. return SGX_ERROR_OUT_OF_MEMORY;
  449. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_TIMER_READ_RESP_SIZE);
  450. if (!resp_msg)
  451. {
  452. free(req_msg);
  453. return SGX_ERROR_OUT_OF_MEMORY;
  454. }
  455. memset(req_msg, 0, PSE_TIMER_READ_REQ_SIZE);
  456. memset(resp_msg, 0, PSE_TIMER_READ_RESP_SIZE);
  457. req_msg->exp_resp_size = sizeof(pse_timer_read_resp_t);
  458. req_msg->payload_size = sizeof(pse_timer_read_req_t);
  459. pse_timer_read_req_t timer_req;
  460. memset(&timer_req, 0, sizeof(pse_timer_read_req_t));
  461. timer_req.req_hdr.service_id = PSE_TRUSTED_TIME_SERVICE;
  462. timer_req.req_hdr.service_cmd = PSE_TIMER_READ;
  463. pse_timer_read_resp_t timer_resp;
  464. memset(&timer_resp, 0, sizeof(pse_timer_read_resp_t));
  465. sgx_status_t status = crypt_invoke(req_msg, PSE_TIMER_READ_REQ_SIZE, &timer_req.req_hdr, SE_GET_TRUSTED_TIME_TIMEOUT_MSEC,
  466. resp_msg, PSE_TIMER_READ_RESP_SIZE, &timer_resp.resp_hdr);
  467. if (status==SGX_SUCCESS)
  468. {
  469. memcpy(current_time, &timer_resp.timestamp, sizeof(sgx_time_t));
  470. memcpy(time_source_nonce,timer_resp.time_source_nonce,sizeof(sgx_time_source_nonce_t));
  471. }
  472. //error condition
  473. free(req_msg);
  474. free(resp_msg);
  475. return status;
  476. }
  477. se_static_assert(SGX_MC_POLICY_SIGNER == MC_POLICY_SIGNER);
  478. se_static_assert(SGX_MC_POLICY_ENCLAVE == MC_POLICY_ENCLAVE);
  479. sgx_status_t sgx_create_monotonic_counter_ex(
  480. uint16_t owner_policy,
  481. const sgx_attributes_t* owner_attribute_mask,
  482. sgx_mc_uuid_t* counter_uuid,
  483. uint32_t* counter_value
  484. )
  485. {
  486. if (!counter_value || !counter_uuid || !owner_attribute_mask)
  487. {
  488. return SGX_ERROR_INVALID_PARAMETER;
  489. }
  490. if ( 0!= (~(MC_POLICY_SIGNER | MC_POLICY_ENCLAVE) & owner_policy) ||
  491. 0 == ((MC_POLICY_SIGNER | MC_POLICY_ENCLAVE)& owner_policy))
  492. {
  493. return SGX_ERROR_INVALID_PARAMETER;
  494. }
  495. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_CREATE_MC_REQ_SIZE);
  496. if (!req_msg)
  497. return SGX_ERROR_OUT_OF_MEMORY;
  498. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_CREATE_MC_RESP_SIZE);
  499. if (!resp_msg)
  500. {
  501. free(req_msg);
  502. return SGX_ERROR_OUT_OF_MEMORY;
  503. }
  504. memset(req_msg, 0, PSE_CREATE_MC_REQ_SIZE);
  505. memset(resp_msg, 0, PSE_CREATE_MC_RESP_SIZE);
  506. req_msg->exp_resp_size = sizeof(pse_mc_create_resp_t);
  507. req_msg->payload_size = sizeof(pse_mc_create_req_t);
  508. pse_mc_create_req_t mc_req;
  509. memset(&mc_req, 0, sizeof(pse_mc_create_req_t));
  510. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  511. mc_req.req_hdr.service_cmd = PSE_MC_CREATE;
  512. mc_req.policy = owner_policy;
  513. memcpy(mc_req.attr_mask, owner_attribute_mask, sizeof(mc_req.attr_mask));
  514. pse_mc_create_resp_t mc_resp;
  515. memset(&mc_resp, 0, sizeof(pse_mc_create_resp_t));
  516. sgx_status_t status = crypt_invoke(req_msg, PSE_CREATE_MC_REQ_SIZE, &mc_req.req_hdr, SE_CREATE_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  517. resp_msg, PSE_CREATE_MC_RESP_SIZE, &mc_resp.resp_hdr);
  518. if (status == SGX_SUCCESS)
  519. {
  520. memcpy(counter_uuid->counter_id, &mc_resp.counter_id,sizeof(counter_uuid->counter_id));
  521. memcpy(counter_uuid->nonce, &mc_resp.nonce,sizeof(counter_uuid->nonce));
  522. //align with initial counter_value hard-coded in PSE
  523. *counter_value = 0;
  524. }
  525. //error condition
  526. free(req_msg);
  527. free(resp_msg);
  528. return status;
  529. }
  530. sgx_status_t sgx_create_monotonic_counter(
  531. sgx_mc_uuid_t* counter_uuid,
  532. uint32_t* counter_value
  533. )
  534. {
  535. // Default attribute mask
  536. sgx_attributes_t attr_mask;
  537. memset(&attr_mask, 0, sizeof(sgx_attributes_t));
  538. attr_mask.flags = DEFAULT_VMC_ATTRIBUTE_MASK;
  539. attr_mask.xfrm = DEFAULT_VMC_XFRM_MASK;
  540. return sgx_create_monotonic_counter_ex(MC_POLICY_SIGNER,
  541. &attr_mask,
  542. counter_uuid,
  543. counter_value
  544. );
  545. }
  546. sgx_status_t sgx_destroy_monotonic_counter(const sgx_mc_uuid_t* counter_uuid)
  547. {
  548. if (!counter_uuid)
  549. {
  550. return SGX_ERROR_INVALID_PARAMETER;
  551. }
  552. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_DEL_MC_REQ_SIZE);
  553. if (!req_msg)
  554. return SGX_ERROR_OUT_OF_MEMORY;
  555. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_DEL_MC_RESP_SIZE);
  556. if (!resp_msg)
  557. {
  558. free(req_msg);
  559. return SGX_ERROR_OUT_OF_MEMORY;
  560. }
  561. memset(req_msg, 0, PSE_DEL_MC_REQ_SIZE);
  562. memset(resp_msg, 0, PSE_DEL_MC_RESP_SIZE);
  563. req_msg->exp_resp_size = sizeof(pse_mc_del_resp_t);
  564. req_msg->payload_size = sizeof(pse_mc_del_req_t);
  565. pse_mc_del_req_t mc_req;
  566. memset(&mc_req, 0, sizeof(pse_mc_del_req_t));
  567. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  568. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  569. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  570. mc_req.req_hdr.service_cmd = PSE_MC_DEL;
  571. pse_mc_del_resp_t mc_resp;
  572. memset(&mc_resp, 0, sizeof(pse_mc_del_resp_t));
  573. sgx_status_t status = crypt_invoke(req_msg, PSE_DEL_MC_REQ_SIZE, &mc_req.req_hdr, SE_DESTROY_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  574. resp_msg, PSE_DEL_MC_RESP_SIZE, &mc_resp.resp_hdr);
  575. //error condition
  576. free(req_msg);
  577. free(resp_msg);
  578. return status;
  579. }
  580. sgx_status_t sgx_increment_monotonic_counter(
  581. const sgx_mc_uuid_t* counter_uuid,
  582. uint32_t* counter_value
  583. )
  584. {
  585. if (!counter_value || !counter_uuid)
  586. {
  587. return SGX_ERROR_INVALID_PARAMETER;
  588. }
  589. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_INC_MC_REQ_SIZE);
  590. if (!req_msg)
  591. return SGX_ERROR_OUT_OF_MEMORY;
  592. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_INC_MC_RESP_SIZE);
  593. if (!resp_msg)
  594. {
  595. free(req_msg);
  596. return SGX_ERROR_OUT_OF_MEMORY;
  597. }
  598. memset(req_msg, 0, PSE_INC_MC_REQ_SIZE);
  599. memset(resp_msg, 0, PSE_INC_MC_RESP_SIZE);
  600. req_msg->exp_resp_size = sizeof(pse_mc_inc_resp_t);
  601. req_msg->payload_size = sizeof(pse_mc_inc_req_t);
  602. pse_mc_inc_req_t mc_req;
  603. memset(&mc_req, 0, sizeof(pse_mc_inc_req_t));
  604. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  605. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  606. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  607. mc_req.req_hdr.service_cmd = PSE_MC_INC;
  608. pse_mc_inc_resp_t mc_resp;
  609. memset(&mc_resp, 0, sizeof(pse_mc_inc_resp_t));
  610. sgx_status_t status = crypt_invoke(req_msg, PSE_INC_MC_REQ_SIZE, &mc_req.req_hdr, SE_INCREMENT_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  611. resp_msg, PSE_INC_MC_RESP_SIZE, &mc_resp.resp_hdr);
  612. if (status == SGX_SUCCESS)
  613. {
  614. *counter_value = mc_resp.counter_value;
  615. }
  616. //error condition
  617. free(req_msg);
  618. free(resp_msg);
  619. return status;
  620. }
  621. sgx_status_t sgx_read_monotonic_counter(
  622. const sgx_mc_uuid_t* counter_uuid,
  623. uint32_t* counter_value
  624. )
  625. {
  626. if (!counter_value || !counter_uuid)
  627. {
  628. return SGX_ERROR_INVALID_PARAMETER;
  629. }
  630. pse_message_t* req_msg = (pse_message_t*)malloc(PSE_READ_MC_REQ_SIZE);
  631. if (!req_msg)
  632. return SGX_ERROR_OUT_OF_MEMORY;
  633. pse_message_t* resp_msg = (pse_message_t*)malloc(PSE_READ_MC_RESP_SIZE);
  634. if (!resp_msg)
  635. {
  636. free(req_msg);
  637. return SGX_ERROR_OUT_OF_MEMORY;
  638. }
  639. memset(req_msg, 0, PSE_READ_MC_REQ_SIZE);
  640. memset(resp_msg, 0, PSE_READ_MC_RESP_SIZE);
  641. req_msg->exp_resp_size = sizeof(pse_mc_read_resp_t);
  642. req_msg->payload_size = sizeof(pse_mc_read_req_t);
  643. pse_mc_read_req_t mc_req;
  644. memset(&mc_req, 0, sizeof(pse_mc_read_req_t));
  645. memcpy(mc_req.counter_id, counter_uuid->counter_id, sizeof(mc_req.counter_id));
  646. memcpy(mc_req.nonce, counter_uuid->nonce, sizeof(mc_req.nonce));
  647. mc_req.req_hdr.service_id = PSE_MC_SERVICE;
  648. mc_req.req_hdr.service_cmd = PSE_MC_READ;
  649. pse_mc_read_resp_t mc_resp;
  650. memset(&mc_resp, 0, sizeof(pse_mc_read_resp_t));
  651. sgx_status_t status = crypt_invoke(req_msg, PSE_READ_MC_REQ_SIZE, &mc_req.req_hdr, SE_READ_MONOTONIC_COUNTER_TIMEOUT_MSEC,
  652. resp_msg, PSE_READ_MC_RESP_SIZE, &mc_resp.resp_hdr);
  653. if (status == SGX_SUCCESS)
  654. {
  655. *counter_value = mc_resp.counter_value;
  656. }
  657. //error condition
  658. free(req_msg);
  659. free(resp_msg);
  660. return status;
  661. }