tSeal_internal.cpp 7.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx_tseal.h"
  32. #include "sgx_lfence.h"
  33. #include "tSeal_internal.h"
  34. #include "sgx_utils.h"
  35. #include <string.h>
  36. // sgx_seal_data_iv
  37. //
  38. // Parameters:
  39. // additional_MACtext_length - [IN] length of the plaintext data stream in bytes
  40. // p_additional_MACtext - [IN] pointer to the plaintext data stream to be GCM protected
  41. // text2encrypt_length - [IN] length of the data stream to encrypt in bytes
  42. // p_text2encrypt - [IN] pointer to data stream to encrypt
  43. // p_payload_iv - [IN] Pointer to Initialization Vector to be used during AES GCM encryption
  44. // p_key_request - [IN] Pointer to the key request structure to be utilized to obtain the SEAL key
  45. // p_sealed_data - [OUT] pointer to the sealed data structure containing protected data
  46. //
  47. // Return Value:
  48. // sgx_status_t - SGX Error code
  49. sgx_status_t sgx_seal_data_iv(const uint32_t additional_MACtext_length,
  50. const uint8_t *p_additional_MACtext, const uint32_t text2encrypt_length,
  51. const uint8_t *p_text2encrypt, const uint8_t *p_payload_iv,
  52. const sgx_key_request_t* p_key_request, sgx_sealed_data_t *p_sealed_data)
  53. {
  54. sgx_status_t err = SGX_ERROR_UNEXPECTED;
  55. // Parameter checking performed in sgx_seal_data
  56. // Generate the seal key
  57. // The random p_key_request->key_id guarantees the generated seal key is random
  58. sgx_key_128bit_t seal_key;
  59. memset(&seal_key, 0, sizeof(sgx_key_128bit_t));
  60. err = sgx_get_key(p_key_request, &seal_key);
  61. if (err != SGX_SUCCESS)
  62. {
  63. // Clear temp state
  64. memset_s(&seal_key, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
  65. if (err != SGX_ERROR_OUT_OF_MEMORY)
  66. err = SGX_ERROR_UNEXPECTED;
  67. return err;
  68. }
  69. // Encrypt the content with the random seal key and the static payload_iv
  70. err = sgx_rijndael128GCM_encrypt(&seal_key, p_text2encrypt, text2encrypt_length,
  71. reinterpret_cast<uint8_t *>(&(p_sealed_data->aes_data.payload)), p_payload_iv,
  72. SGX_SEAL_IV_SIZE, p_additional_MACtext, additional_MACtext_length,
  73. &(p_sealed_data->aes_data.payload_tag));
  74. if (err == SGX_SUCCESS)
  75. {
  76. // Copy additional MAC text
  77. uint8_t* p_aad = NULL;
  78. if (additional_MACtext_length > 0)
  79. {
  80. p_aad = &(p_sealed_data->aes_data.payload[text2encrypt_length]);
  81. memcpy(p_aad, p_additional_MACtext, additional_MACtext_length);
  82. }
  83. // populate the plain_text_offset, payload_size in the data_blob
  84. p_sealed_data->plain_text_offset = text2encrypt_length;
  85. p_sealed_data->aes_data.payload_size = additional_MACtext_length + text2encrypt_length;
  86. }
  87. // Clear temp state
  88. memset_s(&seal_key, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
  89. return err;
  90. }
  91. // sgx_unseal_data_helper
  92. //
  93. // Parameters:
  94. // p_sealed_data - [IN] pointer to the sealed data structure containing protected data
  95. // p_additional_MACtext - [OUT] pointer to the plaintext data stream which was GCM protected
  96. // additional_MACtext_length - [IN] length of the plaintext data stream in bytes
  97. // p_decrypted_text - [OUT] pointer to decrypted data stream
  98. // decrypted_text_length - [IN] length of the decrypted data stream to encrypt in bytes
  99. //
  100. // Return Value:
  101. // sgx_status_t - SGX Error code
  102. sgx_status_t sgx_unseal_data_helper(const sgx_sealed_data_t *p_sealed_data, uint8_t *p_additional_MACtext,
  103. uint32_t additional_MACtext_length, uint8_t *p_decrypted_text, uint32_t decrypted_text_length)
  104. {
  105. sgx_status_t err = SGX_ERROR_UNEXPECTED;
  106. sgx_key_128bit_t seal_key;
  107. memset(&seal_key, 0, sizeof(sgx_key_128bit_t));
  108. uint8_t payload_iv[SGX_SEAL_IV_SIZE];
  109. memset(&payload_iv, 0, SGX_SEAL_IV_SIZE);
  110. if (decrypted_text_length > 0)
  111. memset(p_decrypted_text, 0, decrypted_text_length);
  112. if (additional_MACtext_length > 0)
  113. memset(p_additional_MACtext, 0, additional_MACtext_length);
  114. // Get the seal key
  115. err = sgx_get_key(&p_sealed_data->key_request, &seal_key);
  116. if (err != SGX_SUCCESS)
  117. {
  118. // Clear temp state
  119. memset_s(&seal_key, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
  120. // Provide only error codes that the calling code could act on
  121. if ((err == SGX_ERROR_INVALID_CPUSVN) || (err == SGX_ERROR_INVALID_ISVSVN) || (err == SGX_ERROR_OUT_OF_MEMORY))
  122. return err;
  123. // Return error indicating the blob is corrupted
  124. return SGX_ERROR_MAC_MISMATCH;
  125. }
  126. //
  127. // code that calls sgx_unseal_data commonly does some sanity checks
  128. // related to plain_text_offset. We add fence here since we don't
  129. // know what crypto code does and if plain_text_offset-related
  130. // checks mispredict the crypto code could operate on unintended data
  131. //
  132. sgx_lfence();
  133. err = sgx_rijndael128GCM_decrypt(&seal_key, const_cast<uint8_t *>(p_sealed_data->aes_data.payload),
  134. decrypted_text_length, p_decrypted_text, &payload_iv[0], SGX_SEAL_IV_SIZE,
  135. const_cast<uint8_t *>(&(p_sealed_data->aes_data.payload[decrypted_text_length])), additional_MACtext_length,
  136. const_cast<sgx_aes_gcm_128bit_tag_t *>(&p_sealed_data->aes_data.payload_tag));
  137. if (err != SGX_SUCCESS)
  138. {
  139. // Clear temp state
  140. memset_s(&seal_key, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
  141. return err;
  142. }
  143. if (additional_MACtext_length > 0)
  144. {
  145. memcpy(p_additional_MACtext, &(p_sealed_data->aes_data.payload[decrypted_text_length]), additional_MACtext_length);
  146. }
  147. // Clear temp state
  148. memset_s(&seal_key, sizeof(sgx_key_128bit_t), 0, sizeof(sgx_key_128bit_t));
  149. return SGX_SUCCESS;
  150. }