t_long_term_pairing.cpp 44 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include <cstddef>
  32. #include "sgx_trts.h"
  33. #include "sgx_utils.h"
  34. #include "sgx_tseal.h"
  35. #include "t_long_term_pairing.h"
  36. #include "prepare_hash_sha256.h"
  37. #include "pse_pr_inc.h"
  38. #include "pse_pr_common.h"
  39. #include "pse_pr_sigma_1_1_defs.h"
  40. #include "le2be_macros.h"
  41. #include "t_pairing_blob.h"
  42. #include "epid/common/1.1/types.h"
  43. #include "Keys.h"
  44. #include <string.h>
  45. #include "X509Parser.h"
  46. #include "Epid11_rl.h"
  47. #include "sgx_tcrypto.h"
  48. // Each of the following definitions is larger than
  49. // should ever be encountered.
  50. // MAX possible should be 19280 based on 150 SIGRL entries
  51. #define MAX_ALLOWED_SIGRL_SIZE 20480
  52. #define MAX_ALLOWED_OCSP_SIZE 8192
  53. #define MAX_ALLOWED_CERT_SIZE 8192
  54. // MAX of S2 is defined larger than we should ever encounter
  55. #define MAX_ALLOWED_S2_SIZE 35840
  56. // MAX possible should be 3280 based on 100 PRIVRL entries
  57. #define MAX_ALLOWED_PRIVRL_SIZE 4096
  58. // MAX of S3 is defined larger than we should ever encounter
  59. #define MAX_ALLOWED_S3_SIZE 30720
  60. static ae_error_t map_GenM7_error_for_return(ae_error_t status)
  61. {
  62. #if !defined(_DEBUG)
  63. // Switch to limit errors returned when building for RELEASE
  64. switch (status)
  65. {
  66. case AE_SUCCESS: break;
  67. case PSE_PR_INSUFFICIENT_MEMORY_ERROR:
  68. case PSE_PAIRING_BLOB_UNSEALING_ERROR:
  69. break;
  70. default:
  71. status = AE_FAILURE;
  72. break;
  73. }
  74. #endif
  75. return status;
  76. }
  77. static ae_error_t map_VerifyM8_error_for_return(ae_error_t status)
  78. {
  79. #if !defined(_DEBUG)
  80. // Switch to limit errors returned when building for RELEASE
  81. switch (status)
  82. {
  83. case AE_SUCCESS: break;
  84. case PSE_PR_INSUFFICIENT_MEMORY_ERROR: break;
  85. case PSE_PR_PCH_EPID_NO_MEMORY_ERR:
  86. status = PSE_PR_INSUFFICIENT_MEMORY_ERROR;
  87. break;
  88. case PSE_PR_PCH_EPID_SIG_REVOKED_IN_GROUPRL: break;
  89. default:
  90. status = AE_FAILURE;
  91. break;
  92. }
  93. #else
  94. switch (status)
  95. {
  96. case PSE_PR_PCH_EPID_OUTOFMEMORY:
  97. status = PSE_PR_INSUFFICIENT_MEMORY_ERROR;
  98. break;
  99. }
  100. #endif
  101. return status;
  102. }
  103. // GUID format is DWORD-WORD-WORD-BYTES ARRAY(8)
  104. // Current PSDA applet ID is cbede6f9-6ce4-439c-a1c7-6e2087786616
  105. static const uint8_t PSDA_APPLET_ID[16] = {0xf9, 0xe6, 0xed, 0xcb, 0xe4, 0x6c, 0x9c, 0x43, 0xa1, 0xc7, 0x6e, 0x20, 0x87, 0x78, 0x66, 0x16};
  106. //extern void OutputOctets(const char* pMsg, const void* pData, size_t nData);
  107. TEpidSigma11Verifier::TEpidSigma11Verifier()
  108. {
  109. m_gid = 0;
  110. m_pSigRL = NULL;
  111. m_nSigRL = 0;
  112. m_nSigRLVersion = 0;
  113. m_nPrivRLVersion = 0;
  114. m_nDalAppletVersion = 0;
  115. memset(m_pairingID, 0, sizeof(m_pairingID));
  116. memset(m_pairingNonce, 0, sizeof(m_pairingNonce));
  117. m_nextState = STATE_GENM7;
  118. }
  119. TEpidSigma11Verifier::~TEpidSigma11Verifier(void)
  120. {
  121. if (m_pSigRL)
  122. {
  123. delete[] m_pSigRL;
  124. m_pSigRL = NULL;
  125. }
  126. m_nSigRL = 0;
  127. // Defense-in-depth: clear class members that contain Enclave secrets
  128. memset_s(m_pairingID, sizeof(m_pairingID), 0, sizeof(m_pairingID));
  129. memset_s(m_pairingNonce, sizeof(m_pairingNonce), 0, sizeof(m_pairingNonce));
  130. memset_s(m_verifierPrivateKey, sizeof(m_verifierPrivateKey), 0, sizeof(m_verifierPrivateKey));
  131. }
  132. bool TEpidSigma11Verifier::get_sigRL_info(const EPID11_SIG_RL* pSigRL, uint32_t& sigRL_entries, uint32_t& sigRL_size)
  133. {
  134. if (NULL == pSigRL)
  135. {
  136. // null sigRL is acceptable
  137. sigRL_entries = 0;
  138. sigRL_size = 0;
  139. return true;
  140. }
  141. uint32_t entries = 0;
  142. memcpy(&entries, pSigRL->entries, sizeof(entries));
  143. entries = SwapEndian_DW(entries);
  144. if (entries > MAX_SIGRL_ENTRIES) // invalid sigRL
  145. return false;
  146. sigRL_entries = entries;
  147. sigRL_size = (uint32_t)(sizeof(EPID11_SIG_RL) + (sigRL_entries * EPID11_SIG_RL_ENTRY_SIZE) + EPID11_SIG_RL_SIGNATURE_SIZE);
  148. return true;
  149. }
  150. bool TEpidSigma11Verifier::get_privRL_info(const EPID11_PRIV_RL* pPrivRL, uint32_t& privRL_entries, uint32_t& privRL_size)
  151. {
  152. if (NULL == pPrivRL)
  153. {
  154. // null privRL is acceptable
  155. privRL_entries = 0;
  156. privRL_size = 0;
  157. return true;
  158. }
  159. uint32_t entries = 0;
  160. memcpy(&entries, pPrivRL->entries, sizeof(entries));
  161. entries = SwapEndian_DW(entries);
  162. if (entries > MAX_PRIVRL_ENTRIES) // invalid privRL
  163. return false;
  164. privRL_entries = entries;
  165. privRL_size = (uint32_t)(sizeof(EPID11_PRIV_RL) + (privRL_entries * EPID11_PRIV_RL_ENTRY_SIZE) + EPID11_PRIV_RL_SIGNATURE_SIZE);
  166. return true;
  167. }
  168. //****************************************************************************
  169. //****************************************************************************
  170. //****************************************************************************
  171. // FLOW
  172. // Verifier Prover Intel Server
  173. // uRequestS1FromME |--M1: Start Pairing->| |
  174. // |<-M2: SIGMA S1-------| |
  175. // uGetR2 | | |
  176. // | | |
  177. // uLoadPairingBlob | | |
  178. // | | |
  179. // uGetSigRLFromServer |--M3: GID_cse || R2----------------->|
  180. // |<-M4: Sig_is(RL_cse || R2)-----------|
  181. // uGetOCSPResponseFromServer |--M5: OCSPReq----------------------->|
  182. // |<-M6: OCSPResp-----------------------|
  183. // uCheckOCSPResponseForExpiration | | |
  184. // | | |
  185. // tGenM7 (enclave call) Send S1, Receive S2
  186. // | | |
  187. // uExchangeS2AndS3WithME |--M7: SIGMA S2------>| |
  188. // |<-M8: SIGMA S3-------| |
  189. // uGetGroupIdFromME | | |
  190. // | | |
  191. // tVerifyM8 (enclave call) Send S3, Receive updated pairing blob
  192. // | | |
  193. // uSavePairingBlob | | |
  194. ae_error_t TEpidSigma11Verifier::GenM7
  195. (
  196. /*in */ const SIGMA_S1_MESSAGE* pS1,
  197. /*in */ const EPID11_SIG_RL* pSigRL,
  198. /*in */ const UINT8* pOcspResp,
  199. /*in */ UINT32 nLen_OcspResp,
  200. /*in */ const UINT8* pVerifierCert,
  201. /*in */ UINT32 nLen_VerifierCert,
  202. /*in */ const pairing_blob_t* pPairingBlob,
  203. /*in */ UINT32 nMax_S2,
  204. /*out*/ SIGMA_S2_MESSAGE* pS2,
  205. /*out*/ UINT32* pnLen_S2
  206. )
  207. {
  208. ae_error_t status = AE_FAILURE;
  209. bool bResult;
  210. pairing_data_t pairing_data;
  211. memset(&pairing_data, 0, sizeof(pairing_data));
  212. sgx_ecc_state_handle_t sigma_ecc_handle = NULL;
  213. do
  214. {
  215. ae_error_t tmp_status;
  216. // sigRL_size allows for the sigRL header, array of RL entries, and signature at the end
  217. uint32_t sigRL_entries = 0;
  218. uint32_t sigRL_size = 0;
  219. bResult = TEpidSigma11Verifier::get_sigRL_info(pSigRL, sigRL_entries, sigRL_size);
  220. BREAK_IF_FALSE((bResult), status, PSE_PR_BAD_POINTER_ERROR);
  221. BREAK_IF_TRUE((STATE_GENM7 != m_nextState), status, PSE_PR_CALL_ORDER_ERROR);
  222. //*********************************************************************
  223. // Validate pointers and sizes
  224. //*********************************************************************
  225. BREAK_IF_TRUE((NULL == pS1), status, PSE_PR_BAD_POINTER_ERROR);
  226. // SigRL is allowed to be NULL and will be checked in ValidateSigRL()
  227. BREAK_IF_TRUE((nLen_OcspResp > 0 && NULL == pOcspResp), status, PSE_PR_BAD_POINTER_ERROR);
  228. BREAK_IF_TRUE((NULL == pVerifierCert), status, PSE_PR_BAD_POINTER_ERROR);
  229. BREAK_IF_TRUE((NULL == pPairingBlob), status, PSE_PR_BAD_POINTER_ERROR);
  230. BREAK_IF_TRUE((nLen_VerifierCert > MAX_ALLOWED_CERT_SIZE), status, PSE_PR_PARAMETER_ERROR);
  231. BREAK_IF_TRUE((sigRL_size > MAX_ALLOWED_SIGRL_SIZE), status, PSE_PR_PARAMETER_ERROR);
  232. BREAK_IF_TRUE((nLen_OcspResp > MAX_ALLOWED_OCSP_SIZE), status, PSE_PR_PARAMETER_ERROR);
  233. uint32_t nNeededBytesForS2 = ::NeededBytesForS2(nLen_VerifierCert, sigRL_size, nLen_OcspResp);
  234. BREAK_IF_TRUE((nNeededBytesForS2 > MAX_ALLOWED_S2_SIZE), status, PSE_PR_PARAMETER_ERROR);
  235. BREAK_IF_TRUE((NULL == pS2 || NULL == pnLen_S2 || nMax_S2 < nNeededBytesForS2),
  236. status, PSE_PR_PARAMETER_ERROR);
  237. //*********************************************************************
  238. // Start SIGMA processing of S1 and generate S2
  239. //*********************************************************************
  240. //*********************************************************************
  241. // Extract components of Msg S1
  242. // g^a || GID || OCSPReq
  243. //*********************************************************************
  244. m_sigmaAlg.set_remote_pub_key_ga_be((Ipp8u*)pS1->Ga);
  245. memcpy(&m_gid, &pS1->Gid, sizeof(SAFEID_GID));
  246. //*********************************************************************
  247. // Choose random value 'b' as ephemeral DH private key
  248. // Compute 'g^b' as ephemeral DH public key
  249. //*********************************************************************
  250. sgx_status_t sgx_status = sgx_ecc256_open_context(&sigma_ecc_handle);
  251. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  252. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_KEY_PAIR_GENERATION_ERROR);
  253. /* Get private key b and public key g^b, in little-endian format */
  254. uint8_t Publickey_little_endian[SIGMA_SESSION_PUBKEY_LENGTH];
  255. uint8_t Privatekey_b_little_endian[SIGMA_SESSION_PRIVKEY_LENGTH];
  256. if (SGX_SUCCESS != sgx_ecc256_create_key_pair((sgx_ec256_private_t *)Privatekey_b_little_endian,
  257. (sgx_ec256_public_t*)Publickey_little_endian, sigma_ecc_handle))
  258. {
  259. break;
  260. }
  261. m_sigmaAlg.set_prv_key_b_le(Privatekey_b_little_endian);
  262. // clear buffer containing secrets
  263. memset_s(Privatekey_b_little_endian, sizeof(Privatekey_b_little_endian), 0, sizeof(Privatekey_b_little_endian));
  264. /* Convert to big endian for m_localPublicKey_gb_big_endian */
  265. SwapEndian_32B(&(Publickey_little_endian[0]));
  266. SwapEndian_32B(&(Publickey_little_endian[32]));
  267. m_sigmaAlg.set_pub_key_gb_be(Publickey_little_endian);
  268. // OutputOctets("::GenM7:: g^a (BE)", m_remotePublicKey_ga_big_endian, SIGMA_SESSION_PUBKEY_LENGTH);
  269. // OutputOctets("::GenM7:: b (LE)", m_localPrivateKey_b_little_endian, sizeof(sgx_ec256_private_t));
  270. // OutputOctets("::GenM7:: g^b (BE)", m_localPublicKey_gb_big_endian, SIGMA_SESSION_PUBKEY_LENGTH);
  271. //*********************************************************************
  272. // Compute ((g^a)^b)
  273. // Derive SMK
  274. // SMK := HMAC-SHA256(0x00, g^(ab) || 0x00) with the HMAC key being
  275. // 32 bytes of 0x00 and the data element being g^(ab) little endian
  276. // Derive SK and MK
  277. // a) Compute HMAC-SHA256(0x00, g^(ab) || 0x01)
  278. // with the HMAC key being 32 bytes of 0x00, g^(ab) in little endian
  279. // b) SK is taken as the first 128 bits of the HMAC result
  280. // c) MK is taken as the second 128 bits of the HMAC result
  281. //*********************************************************************
  282. tmp_status = m_sigmaAlg.DeriveSkMk(sigma_ecc_handle);
  283. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  284. // OutputOctets("::GenM7: m_Sk", m_Sk, SIGMA_SK_LENGTH);
  285. // OutputOctets("::GenM7:: m_Mk", m_Mk, SIGMA_MK_LENGTH);
  286. // OutputOctets("::GenM7:: m_SMK", m_SMK, SIGMA_SMK_LENGTH);
  287. //*********************************************************************
  288. // Unseal pairing blob
  289. //*********************************************************************
  290. tmp_status = UnsealPairingBlob(pPairingBlob, &pairing_data);
  291. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  292. //*************************************************************
  293. // Extract Private Key from pairing blob
  294. //*************************************************************
  295. // OutputOctets("::GenM7:: Verifier PrivateKey", unsealedBlobData.VerifierPrivateKey, ECDSA_PRIVKEY_LEN);
  296. memcpy(m_verifierPrivateKey, pairing_data.secret_data.VerifierPrivateKey, ECDSA_PRIVKEY_LEN);
  297. //*************************************************************
  298. // Extract pairing data
  299. //*************************************************************
  300. memcpy(m_pairingID, pairing_data.secret_data.pairingID, sizeof(m_pairingID));
  301. memcpy(m_pairingNonce, pairing_data.secret_data.pairingNonce, sizeof(m_pairingNonce));
  302. // OutputOctets("::GenM7:: m_pairingID", m_pairingID, sizeof(m_pairingID));
  303. // OutputOctets("::GenM7:: m_pairingNonce", m_pairingNonce, sizeof(m_pairingNonce));
  304. //*********************************************************************
  305. // Prepare S2
  306. //*********************************************************************
  307. memset(pS2, 0, nMax_S2);
  308. // Copy Gb in big endian to S2
  309. memcpy(pS2->Gb, m_sigmaAlg.get_pub_key_gb_be(), SIGMA_SESSION_PUBKEY_LENGTH);
  310. // Copy OCSP request sent in S1
  311. memcpy(&pS2->OcspReq, &pS1->OcspReq, sizeof(OCSP_REQ));
  312. // Basename is always set to 0
  313. memset(pS2->Basename, 0, SIGMA_BASENAME_LENGTH);
  314. // Location within pS2->Data where data gets added
  315. size_t index = 0;
  316. //*********************************************************************
  317. // Add verifier certificate chain to S2
  318. //*********************************************************************
  319. tmp_status = AddCertificateChain(pS2, index, nMax_S2,
  320. pVerifierCert, nLen_VerifierCert);
  321. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  322. //*********************************************************************
  323. // Verify SigRL (verify Cert signature and get the RL version)
  324. //*********************************************************************
  325. tmp_status = ValidateSigRL(pSigRL, sigRL_entries, sigRL_size, &m_nSigRLVersion);
  326. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  327. //*********************************************************************
  328. // Add revocation list to S2
  329. //*********************************************************************
  330. tmp_status = AddRevocationList(pS2, index, nMax_S2, pSigRL, sigRL_size);
  331. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  332. //*********************************************************************
  333. // Add OCSP Responses to S2
  334. //*********************************************************************
  335. tmp_status = AddOcspResponses(pS2, index, nMax_S2,
  336. pOcspResp, nLen_OcspResp);
  337. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  338. //*********************************************************************
  339. // Compute the HMAC over S2 using SMK (exclude SigGbGa)
  340. // [g^b || Basename || OCSPReq || Certver || SIG-RL || OCSPResp]SMK
  341. //*********************************************************************
  342. // index is portion of S2 in pS2->Data
  343. tmp_status = m_sigmaAlg.calc_s2_hmac(&pS2->S2Icv, pS2, index);
  344. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  345. //*********************************************************************
  346. // Append Pr_pse, where Pr_pse is HMAC_SHA256(MK, OLD_SK || 0x01)
  347. // if OLD_SK is available, or 256-bit 0x0 if OLD_SK is not available
  348. //*********************************************************************
  349. PR_PSE_T pr = {0};
  350. int nSizePr = sizeof(pr);
  351. const Nonce128_t zeroNonce = {0};
  352. if (0 != memcmp(zeroNonce, m_pairingNonce, sizeof(Nonce128_t)))
  353. {
  354. // A non-zero pairing nonce indicates valid pairing info is available
  355. tmp_status = m_sigmaAlg.ComputePR(&m_pairingID, 0x01, (SIGMA_HMAC*)pr);
  356. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  357. // OutputOctets("::GenM7:: Pr_pse HMAC[(m_pairingID || 0x01)] using m_Mk", pr, nSizePr);
  358. }
  359. nSizePr = sizeof(pr);
  360. memcpy((pS2->Data + index), pr, nSizePr);
  361. index += nSizePr;
  362. //*********************************************************************
  363. // Sign SigGaGb
  364. // Sig_pse(g^a || g^b)
  365. //*********************************************************************
  366. uint8_t combined_pubkeys[SIGMA_SESSION_PUBKEY_LENGTH * 2];
  367. uint8_t ecc_sig[ECDSA_SIG_LENGTH] = {0};
  368. /* GaGb in big endian format */
  369. memcpy(combined_pubkeys, m_sigmaAlg.get_remote_pub_key_ga_be(), SIGMA_SESSION_PUBKEY_LENGTH);
  370. memcpy(combined_pubkeys + SIGMA_SESSION_PUBKEY_LENGTH, m_sigmaAlg.get_pub_key_gb_be(), SIGMA_SESSION_PUBKEY_LENGTH);
  371. if (SGX_SUCCESS == sgx_ecdsa_sign(combined_pubkeys,
  372. sizeof(combined_pubkeys),
  373. (sgx_ec256_private_t *)pairing_data.secret_data.VerifierPrivateKey,
  374. (sgx_ec256_signature_t *)ecc_sig,
  375. sigma_ecc_handle))
  376. {
  377. /* Convert the signature to big endian format for pS2->SigGaGb */
  378. SwapEndian_32B(ecc_sig);
  379. SwapEndian_32B(&(ecc_sig[32]));
  380. memcpy(pS2->SigGaGb, ecc_sig, ECDSA_SIG_LENGTH);
  381. }
  382. else
  383. {
  384. status = PSE_PR_MSG_SIGNING_ERROR;
  385. break;
  386. }
  387. //*********************************************************************
  388. // Set the size of S2 that is being returned
  389. //*********************************************************************
  390. size_t S2IcvSize = SIGMA_S2_ICV_CONSTANT_BUFFER_SIZE + index;
  391. if ( UINT32_MAX - SIGMA_S2_ICV_CONSTANT_BUFFER_SIZE - ECDSA_SIG_LENGTH - SIGMA_HMAC_LENGTH < index)
  392. {
  393. status = PSE_PR_BAD_POINTER_ERROR;
  394. break;
  395. }
  396. *pnLen_S2 = (uint32_t)(S2IcvSize + ECDSA_SIG_LENGTH + SIGMA_HMAC_LENGTH);
  397. //*********************************************************************
  398. // WE PASSED ALL BARRIERS TO SUCCESS
  399. //*********************************************************************
  400. status = AE_SUCCESS;
  401. m_nextState = STATE_VERIFYM8;
  402. } while (false);
  403. /* Defense-in-depth: clear the data on stack that contains enclave secret.*/
  404. memset_s(&pairing_data, sizeof(pairing_data), 0, sizeof(pairing_data));
  405. /* close ecc context handle, the generic crypto lib will free the context memory */
  406. if (sigma_ecc_handle != NULL) sgx_ecc256_close_context(sigma_ecc_handle);
  407. return map_GenM7_error_for_return(status);
  408. }
  409. #define RL_OFFSET 4
  410. /*
  411. This function will check if the S3 ICV is correct.
  412. Then it will verify the EPID signature
  413. */
  414. ae_error_t TEpidSigma11Verifier::VerifyM8
  415. (
  416. /*in */ const SIGMA_S3_MESSAGE* pS3,
  417. /*in */ UINT32 nLen_S3,
  418. /*in */ const EPID11_PRIV_RL* pPrivRL,
  419. /*in, out*/ pairing_blob_t* pPairingBlob,
  420. /*out*/ bool* pbNewPairing
  421. )
  422. {
  423. // S3 --> [TaskInfo || g^a || EpidCert || EpidSig(g^a || g^b) || SIG-RL]SMK
  424. ae_error_t status = AE_FAILURE;
  425. pairing_data_t pairing_data;
  426. //
  427. // This is misleading, PR_PSE_T isn't part of SIGMA, S3, it's part of our (sgx) m8.
  428. // Also, min_s3 is a very low lower bound. m8 message (not s3) is hmac || taskinfo || g**a || group cert || epid sig || sig-rl || pr_pse.
  429. // Group cert, EPID sig and SigRL are variable-length, but they have fixed length parts so lengths of the fixed
  430. // length parts could be included here.
  431. //
  432. const size_t min_s3 = sizeof(SIGMA_S3_MESSAGE) + sizeof(PR_PSE_T);
  433. bool bResult;
  434. bool bNewPairing = false;
  435. do
  436. {
  437. ae_error_t tmp_status;
  438. // privRL_size allows for the privRL header, array of RL entries, and signature at the end
  439. uint32_t privRL_entries = 0;
  440. uint32_t privRL_size = 0;
  441. bResult = TEpidSigma11Verifier::get_privRL_info(pPrivRL, privRL_entries, privRL_size);
  442. BREAK_IF_FALSE((bResult), status, PSE_PR_BAD_POINTER_ERROR);
  443. BREAK_IF_TRUE( (STATE_VERIFYM8 != m_nextState), status, PSE_PR_CALL_ORDER_ERROR);
  444. //*********************************************************************
  445. // Validate pointers and sizes
  446. //*********************************************************************
  447. BREAK_IF_TRUE((NULL == pS3 || nLen_S3 < min_s3), status, PSE_PR_BAD_POINTER_ERROR);
  448. // pPrivRL is allowed to be NULL and will be checked in ValidatePrivRL()
  449. BREAK_IF_TRUE((NULL == pPairingBlob), status, PSE_PR_BAD_POINTER_ERROR);
  450. BREAK_IF_TRUE((NULL == pbNewPairing), status, PSE_PR_BAD_POINTER_ERROR);
  451. BREAK_IF_TRUE((privRL_size > MAX_ALLOWED_PRIVRL_SIZE), status, PSE_PR_PARAMETER_ERROR);
  452. BREAK_IF_TRUE((nLen_S3 > MAX_ALLOWED_S3_SIZE), status, PSE_PR_PARAMETER_ERROR);
  453. BREAK_IF_FALSE(sgx_is_within_enclave(pS3, nLen_S3), status, PSE_PR_BAD_POINTER_ERROR);
  454. //*********************************************************************
  455. // Start SIGMA processing S3
  456. //*********************************************************************
  457. //*********************************************************************
  458. // Initialize for calculating HMAC and indexing to data
  459. //*********************************************************************
  460. size_t S3VLDataLen = nLen_S3 - (sizeof(SIGMA_S3_MESSAGE) + sizeof(PR_PSE_T));
  461. //*********************************************************************
  462. // Verify the S3 HMAC using SMK
  463. // [TaskInfo || g^a || EpidCert || EpidSig(g^a || g^b) || SIG-RL]SMK
  464. //*********************************************************************
  465. SIGMA_HMAC calcHMAC;
  466. tmp_status = m_sigmaAlg.calc_s3_hmac(&calcHMAC, pS3, S3VLDataLen);
  467. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  468. bResult = (1 == consttime_memequal(calcHMAC, pS3->S3Icv, sizeof(SIGMA_HMAC)));
  469. BREAK_IF_FALSE( (bResult), status, PSE_PR_HMAC_COMPARE_ERROR);
  470. //*********************************************************************
  471. // Verify that g^a is the same that arrived in S1
  472. //*********************************************************************
  473. bResult = (0 == memcmp(m_sigmaAlg.get_remote_pub_key_ga_be(), pS3->Ga, sizeof(pS3->Ga)));
  474. BREAK_IF_FALSE( (bResult), status, PSE_PR_GA_COMPARE_ERROR);
  475. //*********************************************************************
  476. // Verify TaskInfo
  477. //*********************************************************************
  478. BREAK_IF_FALSE(TaskInfoIsValid(pS3->TaskInfo), status, PSE_PR_TASK_INFO_ERROR);
  479. //*********************************************************************
  480. // Check the EPID signature
  481. //*********************************************************************
  482. X509_GROUP_CERTIFICATE_VLR* X509GroupCertVlr = NULL;
  483. EPID_SIGNATURE_VLR* EpidSigVlr = NULL;
  484. tmp_status = ValidateS3DataBlock(pS3, nLen_S3, &X509GroupCertVlr, &EpidSigVlr);
  485. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  486. UINT32 S3GID;
  487. Epid11GroupPubKey groupPubKey;
  488. /* X509Parser::ParseGroupCertificate() expecting big endian format public key */
  489. uint8_t SerializedPublicKey[SIGMA_SESSION_PUBKEY_LENGTH];
  490. for (uint32_t i = 0; i < Keys::EpidVerifyKeyNum(); i++)
  491. {
  492. memcpy(SerializedPublicKey, (EcDsaPubKey*)Keys::EpidVerifyKeys()[i], SIGMA_SESSION_PUBKEY_LENGTH);
  493. SwapEndian_32B(SerializedPublicKey);
  494. SwapEndian_32B(&(SerializedPublicKey[32]));
  495. if (0 == X509Parser::ParseGroupCertificate( /*in */ (EcDsaPubKey*)SerializedPublicKey,
  496. /*in */ X509GroupCertVlr, /*out*/ &S3GID, /*out*/ &groupPubKey))
  497. {
  498. tmp_status = AE_SUCCESS;
  499. break;
  500. }
  501. else
  502. {
  503. tmp_status = PSE_PR_X509_PARSE_ERROR;
  504. }
  505. }
  506. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  507. BREAK_IF_FALSE((S3GID == m_gid), status, PSE_PR_GID_MISMATCH_ERROR );
  508. //*********************************************************************
  509. // Verify PrivRL
  510. //*********************************************************************
  511. tmp_status = ValidatePrivRL(pPrivRL, privRL_entries, privRL_size, &m_nPrivRLVersion);
  512. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  513. KeysToSign_t combinedKeys;
  514. memset(&combinedKeys, 0, sizeof(combinedKeys));
  515. // Combine over g^a || g^b to the struct
  516. memcpy(combinedKeys.first, m_sigmaAlg.get_remote_pub_key_ga_be(),
  517. SIGMA_SESSION_PUBKEY_LENGTH);
  518. memcpy(combinedKeys.second, m_sigmaAlg.get_pub_key_gb_be(),
  519. SIGMA_SESSION_PUBKEY_LENGTH);
  520. //*********************************************************************
  521. // the input pPrivRL has a type definition of EPID11_PRIV_RL,
  522. // but the epid-sdk-3.0 library takes Epid11PrivRl as input parameter.
  523. // EPID11_PRIV_RL has 4 addtional bytes at the header so we offset the pointer
  524. // by 4 bytes . Also we need to exclude RL signature because epid-sdk3.0
  525. // checks the RL's size shouldn't include the signature. Similar for SigRL and GroupRL.
  526. //*********************************************************************
  527. uint8_t* pEpid11PrivRL = (pPrivRL == NULL)? NULL:(uint8_t*)pPrivRL+RL_OFFSET;
  528. uint32_t nEpid11PrivRLSize = (pPrivRL == NULL)? 0:privRL_size-RL_OFFSET-ECDSA_SIG_LENGTH;
  529. uint8_t* pEpid11SigRL = (m_pSigRL == NULL)? NULL:m_pSigRL+RL_OFFSET;
  530. uint32_t nEpid11SigRLSize = (m_pSigRL == NULL)? 0:static_cast<uint32_t>(m_nSigRL-RL_OFFSET-ECDSA_SIG_LENGTH);
  531. tmp_status = m_sigmaAlg.MsgVerifyPch((UINT8 *)&groupPubKey,
  532. (uint32_t)(sizeof(EpidCert) - ECDSA_SIG_LENGTH),
  533. NULL, // not required for EPID SDK 3.0
  534. (Ipp8u*)&combinedKeys,
  535. (uint32_t)sizeof(combinedKeys),
  536. NULL, // Bsn
  537. 0, // BsnLen
  538. (UINT8 *)EpidSigVlr->EpidSig,
  539. static_cast<int>(VLR_UNPADDED_PAYLOAD_SIZE(EpidSigVlr->VlrHeader)),
  540. pEpid11PrivRL, nEpid11PrivRLSize, // PrivRL
  541. pEpid11SigRL, nEpid11SigRLSize, // SigRL
  542. NULL, 0); // GroupRL
  543. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  544. //*********************************************************************
  545. // Calculate Id_pse and Id_cse
  546. // Id_pse = hash(sk || mk || 1)
  547. // Id_cse = hash(sk || mk || 2)
  548. //*********************************************************************
  549. SHA256_HASH Id_pse = {0};
  550. SHA256_HASH Id_cse = {0};
  551. tmp_status = m_sigmaAlg.ComputeId(1, &Id_pse);
  552. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  553. tmp_status = m_sigmaAlg.ComputeId(2, &Id_cse);
  554. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  555. //*********************************************************************
  556. // Verify Pr_cse, where Pr_cse is HMAC_SHA256(MK, OLD_SK || 0x02)
  557. // if OLD_SK is available, or 256-bit 0x0 if OLD_SK is not available
  558. //*********************************************************************
  559. size_t nSizePr = sizeof(PR_PSE_T);
  560. PR_PSE_T *pS3_PR_cse = (PR_PSE_T*)((const uint8_t*)pS3 + nLen_S3 - nSizePr);
  561. // OutputOctets("S3", pS3, nLen_S3);
  562. // OutputOctets("VerifyM8 - pS3_PR_cse", pS3_PR_cse, nSizePr);
  563. bNewPairing = true;
  564. PR_PSE_T pr_cse = {0};
  565. const Nonce128_t zeroNonce = {0};
  566. if (0 != memcmp(&pr_cse, pS3_PR_cse, sizeof(pr_cse)) && 0 != memcmp(&m_pairingNonce, &zeroNonce, sizeof(Nonce128_t)))
  567. {
  568. tmp_status = m_sigmaAlg.ComputePR(&m_pairingID, 0x02, (SIGMA_HMAC*)pr_cse);
  569. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  570. // OutputOctets("::VerifyM8:: Computed Pr HMAC[(m_pairingID || 0x02)] using m_Mk", pr_cse, nSizePr);
  571. if (0 == memcmp(&pr_cse, pS3_PR_cse, sizeof(pr_cse)))
  572. bNewPairing = false;
  573. }
  574. if (bNewPairing)
  575. {
  576. memcpy(&m_pairingID, m_sigmaAlg.get_SK(), sizeof(m_pairingID));
  577. sgx_status_t seStatus = sgx_read_rand((uint8_t*)&m_pairingNonce, sizeof(m_pairingNonce));
  578. BREAK_IF_TRUE(SGX_SUCCESS != seStatus, status, PSE_PR_READ_RAND_ERROR);
  579. // LTPBlob.pairingNonce = 0 is used to indicate invalid pairing Info in the LTP blob.
  580. // Under the rare situation of a random number of 0 is returned for pairingNonce generation,
  581. // PSE-Pr declares pairing or re-pairing attempt failure. The next pairing/re-pairing attempt
  582. // most likely will generate a non-zero pairingNonce
  583. BREAK_IF_TRUE(memcmp(&m_pairingNonce, &zeroNonce, sizeof(Nonce128_t)) == 0, status, PSE_PR_READ_RAND_ERROR);
  584. // OutputOctets("VerifyM8 - new pairing", NULL, 0);
  585. }
  586. else
  587. {
  588. // OutputOctets("VerifyM8 - pS3_PR_cse matches pr_cse", NULL, 0);
  589. }
  590. //*********************************************************************
  591. // Update the unsealed pairing data
  592. // [VerifierPrivateKey, id_pse || id_cse || sk || mk ||
  593. // PairingNonce || SigRLVersion_cse || PrvRLVersion_cse ||
  594. // DalAppletVersion]
  595. //*********************************************************************
  596. memset(&pairing_data, 0, sizeof(pairing_data));
  597. memcpy(pairing_data.secret_data.VerifierPrivateKey, m_verifierPrivateKey, sizeof(EcDsaPrivKey));
  598. memcpy(pairing_data.secret_data.Id_cse, &Id_cse, sizeof(SHA256_HASH));
  599. memcpy(pairing_data.secret_data.Id_pse, &Id_pse, sizeof(SHA256_HASH));
  600. memcpy(pairing_data.secret_data.mk, m_sigmaAlg.get_MK(), sizeof(pairing_data.secret_data.mk));
  601. memcpy(pairing_data.secret_data.sk, m_sigmaAlg.get_SK(), sizeof(pairing_data.secret_data.sk));
  602. memcpy(pairing_data.secret_data.pairingID, m_pairingID, sizeof(m_pairingID));
  603. memcpy(pairing_data.secret_data.pairingNonce, m_pairingNonce, sizeof(Nonce128_t));
  604. pairing_data.plaintext.cse_sec_prop.ps_hw_gid = m_gid;
  605. pairing_data.plaintext.cse_sec_prop.ps_hw_sig_rlversion = m_nSigRLVersion;
  606. pairing_data.plaintext.cse_sec_prop.ps_hw_privkey_rlversion = m_nPrivRLVersion;
  607. //NRG: Definition of ME_TASK_INFO and PS_HW_SEC_INFO is still open
  608. // for SunrisePoint from TaskInfo of SIGMA1.1 message:
  609. // byte[ 0- 3] ME_TASK_INFO.TaskID, for SunrisePoint must be 8
  610. // byte[ 4- 7] Reserved, must be 0
  611. // byte[ 8-11] PSDA ID, mapped from the PSDA Applet ID in ME_TASK_INFO (1)
  612. // byte[12-15] PSDA SVN from ME_TASK_INFO
  613. // byte[16-31] Reserved, must be 0
  614. pairing_data.plaintext.cse_sec_prop.ps_hw_sec_info.taskId = pS3->TaskInfo.TaskId;
  615. pairing_data.plaintext.cse_sec_prop.ps_hw_sec_info.psdaId = 1;
  616. pairing_data.plaintext.cse_sec_prop.ps_hw_sec_info.psdaSvn = m_nDalAppletVersion;
  617. //NRG:
  618. // keep instance id
  619. memcpy(pairing_data.plaintext.pse_instance_id,
  620. pPairingBlob->plaintext.pse_instance_id,
  621. sizeof(pairing_data.plaintext.pse_instance_id));
  622. //*********************************************************************
  623. // Seal the pairing blob
  624. //*********************************************************************
  625. tmp_status = SealPairingBlob(&pairing_data, pPairingBlob);
  626. BREAK_IF_TRUE(AE_SUCCESS != tmp_status, status, tmp_status);
  627. *pbNewPairing = bNewPairing;
  628. //*********************************************************************
  629. // WE PASSED ALL BARRIERS TO SUCCESS
  630. //*********************************************************************
  631. status = AE_SUCCESS;
  632. m_nextState = STATE_DONE;
  633. } while (false);
  634. if (AE_FAILED(status))
  635. m_nextState = STATE_ERROR;
  636. /* Defense-in-depth: clear the data on stack that contains enclave secret.*/
  637. memset_s(&pairing_data, sizeof(pairing_data), 0, sizeof(pairing_data));
  638. delete[] m_pSigRL;
  639. m_pSigRL = NULL;
  640. m_nSigRL = 0;
  641. return map_VerifyM8_error_for_return(status);
  642. }
  643. bool TEpidSigma11Verifier::TaskInfoIsValid( const ME_TASK_INFO& taskInfo)
  644. {
  645. uint32_t taskInfoType = SwapEndian_DW(taskInfo.Hdr.Type);
  646. if (taskInfoType != ME_TASK) return false;
  647. //check TaskID and Applet ID according to SunrisePoint specification
  648. /* Check the TaskId matches the hardcoded JVM-On-ME Task ID */
  649. if (taskInfo.TaskId != JOM_TASK_ID) return false;
  650. /* Check the first 16 bytes of RsvdforApp matches the hardcoded PSDA Applet ID */
  651. if (memcmp(taskInfo.RsvdforApp, PSDA_APPLET_ID, DAL_APPLET_ID_LEN))
  652. {
  653. return false;
  654. }
  655. /* retrieve the PSDA SVN */
  656. memcpy(&m_nDalAppletVersion, (const_cast<uint8_t *>(taskInfo.RsvdforApp) + DAL_APPLET_ID_LEN), DAL_APPLET_SVN_LEN);
  657. return true;
  658. }
  659. ae_error_t TEpidSigma11Verifier::ValidateS3DataBlock(const SIGMA_S3_MESSAGE* pS3, uint32_t nLen_S3, X509_GROUP_CERTIFICATE_VLR** X509GroupCertVlr, EPID_SIGNATURE_VLR** EpidSigVlr)
  660. {
  661. X509_GROUP_CERTIFICATE_VLR* pX;
  662. EPID_SIGNATURE_VLR* pE;
  663. uint32_t data_offset = offsetof(SIGMA_S3_MESSAGE, Data);
  664. if (NULL == pS3 || NULL == X509GroupCertVlr || NULL == EpidSigVlr)
  665. return AESM_PSE_PR_BAD_POINTER_ERROR;
  666. // Make sure certificate is within bounds of S3 message allocated in trusted memory
  667. if (data_offset + sizeof(X509_GROUP_CERTIFICATE_VLR) >= nLen_S3)
  668. return PSE_PR_S3_DATA_ERROR;
  669. pX = (X509_GROUP_CERTIFICATE_VLR *)(((uint8_t*)pS3) + data_offset);
  670. // Make sure epid signature VLR is within bounds of S3 message allocated in trusted memory
  671. if ((data_offset + sizeof(EPID_SIGNATURE_VLR) + pX->VlrHeader.Length) >= nLen_S3)
  672. return PSE_PR_S3_DATA_ERROR;
  673. pE = (EPID_SIGNATURE_VLR*)((UINT8*)(pX) + pX->VlrHeader.Length);
  674. // Make sure epid signature data is within bounds of S3 message allocated in trusted memory
  675. if ((data_offset + pX->VlrHeader.Length + pE->VlrHeader.Length) >= nLen_S3)
  676. return PSE_PR_S3_DATA_ERROR;
  677. *X509GroupCertVlr = pX;
  678. *EpidSigVlr = pE;
  679. return AE_SUCCESS;
  680. }
  681. ae_error_t TEpidSigma11Verifier::AddCertificateChain(SIGMA_S2_MESSAGE* pS2,
  682. size_t& index, size_t nMaxS2, const UINT8* pCertChain, size_t nCertChain)
  683. {
  684. ae_error_t status = PSE_PR_INTERNAL_ERROR;
  685. do
  686. {
  687. if (nMaxS2 < ((pS2->Data - (uint8_t*)pS2) + index + nCertChain))
  688. break;
  689. memcpy((pS2->Data + index), pCertChain, nCertChain);
  690. index += nCertChain;
  691. status = AE_SUCCESS;
  692. } while (false);
  693. return status;
  694. }
  695. ae_error_t TEpidSigma11Verifier::AddRevocationList(SIGMA_S2_MESSAGE* pS2,
  696. size_t& index, size_t nMaxS2, const EPID11_SIG_RL* pRL, uint32_t nSigRL)
  697. {
  698. ae_error_t status = PSE_PR_INTERNAL_ERROR;
  699. do
  700. {
  701. if (NULL != m_pSigRL)
  702. delete [] m_pSigRL;
  703. m_nSigRL = 0;
  704. m_pSigRL = NULL;
  705. if (nSigRL > 0)
  706. {
  707. m_nSigRL = nSigRL;
  708. m_pSigRL = new (std::nothrow) UINT8[m_nSigRL];
  709. BREAK_IF_TRUE( (NULL == m_pSigRL), status,
  710. PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  711. int nPaddedBytes = static_cast<int>(REQUIRED_PADDING_DWORD_ALIGNMENT(m_nSigRL));
  712. memcpy(m_pSigRL, pRL , m_nSigRL);
  713. SIGNATURE_REV_LIST_VLR sigRL_VLR;
  714. sigRL_VLR.VlrHeader.ID = SIGNATURE_REVOCATION_LIST_VLR_ID;
  715. sigRL_VLR.VlrHeader.PaddedBytes = (uint8_t)nPaddedBytes;
  716. if (sizeof(SIGMA_VLR_HEADER) + nPaddedBytes + m_nSigRL > UINT16_MAX)
  717. break;
  718. sigRL_VLR.VlrHeader.Length = (uint16_t)(sizeof(SIGMA_VLR_HEADER) + nPaddedBytes + m_nSigRL);
  719. if (nMaxS2 < ((pS2->Data - (uint8_t*)pS2) + index + nSigRL + sizeof(SIGNATURE_REV_LIST_VLR)))
  720. break;
  721. memcpy((pS2->Data + index), &sigRL_VLR, sizeof(SIGNATURE_REV_LIST_VLR));
  722. index += sizeof(SIGNATURE_REV_LIST_VLR);
  723. memcpy((pS2->Data + index), m_pSigRL, m_nSigRL);
  724. index += m_nSigRL;
  725. // must skip nPaddedBytes for alignment
  726. index += nPaddedBytes;
  727. }
  728. status = AE_SUCCESS;
  729. } while (false);
  730. return status;
  731. }
  732. ae_error_t TEpidSigma11Verifier::AddOcspResponses(SIGMA_S2_MESSAGE* pS2,
  733. size_t& index, size_t nMaxS2, const UINT8* pOcspResp, size_t nOcspResp)
  734. {
  735. ae_error_t status = PSE_PR_INTERNAL_ERROR;
  736. do
  737. {
  738. if (pS2->OcspReq.ReqType == NO_OCSP)
  739. {
  740. status = AE_SUCCESS;
  741. break;
  742. }
  743. BREAK_IF_TRUE( (0 == nOcspResp), status ,
  744. PSE_PR_NO_OCSP_RESPONSE_ERROR);
  745. if (nMaxS2 < ((pS2->Data - (uint8_t*)pS2) + index + nOcspResp))
  746. break;
  747. memcpy((pS2->Data+index), pOcspResp, nOcspResp);
  748. index += nOcspResp;
  749. status = AE_SUCCESS;
  750. } while (false);
  751. return status;
  752. }
  753. ae_error_t TEpidSigma11Verifier::ValidateSigRL(const EPID11_SIG_RL* pSigRL, uint32_t sigRL_entries, uint32_t sigRL_size, uint32_t* pVersion)
  754. {
  755. sgx_ecc_state_handle_t ivk_ecc_handle = NULL;
  756. uint8_t result;
  757. ae_error_t status = PSE_PR_MSG_COMPARE_ERROR;
  758. if (NULL == pVersion)
  759. return PSE_PR_BAD_POINTER_ERROR;
  760. *pVersion = 0;
  761. if (0 == sigRL_size || NULL == pSigRL)
  762. return AE_SUCCESS;
  763. do
  764. {
  765. uint32_t nBaseSigRL_size = sigRL_size - EPID11_SIG_RL_SIGNATURE_SIZE;
  766. if (sigRL_entries > MAX_SIGRL_ENTRIES)
  767. break;
  768. uint8_t* p_rl_version = const_cast<uint8_t*>(pSigRL->rl_version);
  769. *pVersion = SwapEndian_DW(*reinterpret_cast<UINT32*>(p_rl_version));
  770. sgx_status_t sgx_status = sgx_ecc256_open_context(&ivk_ecc_handle);
  771. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  772. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_MSG_COMPARE_ERROR);
  773. //Convert the big endian signature in the Cert to little endian
  774. uint8_t ecc_sig[ECDSA_SIG_LENGTH ];
  775. memcpy(ecc_sig, (uint8_t*)pSigRL + nBaseSigRL_size, ECDSA_SIG_LENGTH );
  776. SwapEndian_32B(ecc_sig);
  777. SwapEndian_32B(&(ecc_sig[32]));
  778. const uint8_t** pEpidVerifyKeys = Keys::EpidVerifyKeys();
  779. for (uint32_t i = 0; i < Keys::EpidVerifyKeyNum(); i++)
  780. {
  781. sgx_status = sgx_ecdsa_verify((uint8_t*)pSigRL,
  782. nBaseSigRL_size,
  783. (sgx_ec256_public_t *)(pEpidVerifyKeys[i]), /* requiring little endian format */
  784. (sgx_ec256_signature_t *)ecc_sig,
  785. &result,
  786. ivk_ecc_handle);
  787. if (sgx_status == SGX_SUCCESS && result == SGX_EC_VALID)
  788. break;
  789. }
  790. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  791. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_MSG_COMPARE_ERROR);
  792. BREAK_IF_TRUE((SGX_EC_VALID != result), status, PSE_PR_MSG_COMPARE_ERROR);
  793. status = AE_SUCCESS;
  794. } while (false);
  795. if (ivk_ecc_handle != NULL) sgx_ecc256_close_context(ivk_ecc_handle);
  796. return status;
  797. }
  798. ae_error_t TEpidSigma11Verifier::ValidatePrivRL(const EPID11_PRIV_RL* pPrivRL, uint32_t privRL_entries, uint32_t privRL_size, uint32_t* pVersion)
  799. {
  800. sgx_ecc_state_handle_t ivk_ecc_handle = NULL;
  801. uint8_t result;
  802. ae_error_t status = PSE_PR_MSG_COMPARE_ERROR;
  803. if (NULL == pVersion)
  804. return PSE_PR_BAD_POINTER_ERROR;
  805. *pVersion = 0;
  806. if (0 == privRL_size || NULL == pPrivRL)
  807. return AE_SUCCESS;
  808. do
  809. {
  810. uint32_t nBasePrivRL_size = privRL_size - EPID11_PRIV_RL_SIGNATURE_SIZE;
  811. if (privRL_entries > MAX_SIGRL_ENTRIES)
  812. break;
  813. uint8_t* p_rl_version = const_cast<uint8_t*>(pPrivRL->rl_version);
  814. *pVersion = SwapEndian_DW(*reinterpret_cast<UINT32*>(p_rl_version));
  815. sgx_status_t sgx_status = sgx_ecc256_open_context(&ivk_ecc_handle);
  816. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  817. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_MSG_COMPARE_ERROR);
  818. //Convert the big endian signature in the Cert to little endian
  819. uint8_t ecc_sig[ECDSA_SIG_LENGTH];
  820. memcpy(ecc_sig, (uint8_t*)pPrivRL + nBasePrivRL_size, ECDSA_SIG_LENGTH);
  821. SwapEndian_32B(ecc_sig);
  822. SwapEndian_32B(&(ecc_sig[32]));
  823. const uint8_t** pEpidVerifyKeys = Keys::EpidVerifyKeys();
  824. for (uint32_t i = 0; i < Keys::EpidVerifyKeyNum(); i++)
  825. {
  826. sgx_status = sgx_ecdsa_verify((uint8_t*)pPrivRL,
  827. nBasePrivRL_size,
  828. (sgx_ec256_public_t *)(pEpidVerifyKeys[i]), /* requiring little endian format */
  829. (sgx_ec256_signature_t *)ecc_sig,
  830. &result,
  831. ivk_ecc_handle);
  832. if (sgx_status == SGX_SUCCESS && result == SGX_EC_VALID)
  833. break;
  834. }
  835. BREAK_IF_TRUE((SGX_ERROR_OUT_OF_MEMORY == sgx_status), status, PSE_PR_INSUFFICIENT_MEMORY_ERROR);
  836. BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), status, PSE_PR_MSG_COMPARE_ERROR);
  837. BREAK_IF_TRUE((SGX_EC_VALID != result), status, PSE_PR_MSG_COMPARE_ERROR);
  838. status = AE_SUCCESS;
  839. } while (false);
  840. if (ivk_ecc_handle != NULL) sgx_ecc256_close_context(ivk_ecc_handle);
  841. return status;
  842. }