epid_utility.cpp 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "epid_utility.h"
  32. ae_error_t tlv_error_2_pve_error(tlv_status_t tlv_status)
  33. {
  34. switch(tlv_status){
  35. case TLV_SUCCESS:
  36. return AE_SUCCESS;
  37. case TLV_INVALID_PARAMETER_ERROR:
  38. return PVE_PARAMETER_ERROR;
  39. case TLV_INVALID_MSG_ERROR:
  40. case TLV_INVALID_FORMAT:
  41. return PVE_MSG_ERROR;
  42. case TLV_INSUFFICIENT_MEMORY:
  43. return PVE_INSUFFICIENT_MEMORY_ERROR;
  44. case TLV_OUT_OF_MEMORY_ERROR:
  45. return AE_OUT_OF_MEMORY_ERROR;
  46. case TLV_UNKNOWN_ERROR:
  47. case TLV_MORE_TLVS:
  48. case TLV_UNSUPPORTED:
  49. return PVE_UNEXPECTED_ERROR;
  50. }
  51. return PVE_UNEXPECTED_ERROR;
  52. }
  53. ae_error_t check_endpoint_pg_stauts(const provision_response_header_t *msg_header)
  54. {
  55. uint16_t gstatus;
  56. gstatus = lv_ntohs(msg_header->gstatus);
  57. switch(gstatus){
  58. case GRS_SERVER_BUSY:
  59. return PVE_SERVER_BUSY_ERROR;
  60. case GRS_INTEGRITY_CHECK_FAIL:
  61. return PVE_INTEGRITY_CHECK_ERROR;
  62. case GRS_INCOMPATIBLE_VERSION://Backend report that PSW has used too old protocol, we need update PSW software
  63. return PSW_UPDATE_REQUIRED;
  64. case GRS_INCORRECT_SYNTAX:
  65. return PVE_MSG_ERROR;
  66. case GRS_OK:
  67. return AE_SUCCESS;
  68. default: //For endpoint selection, no MAC checking of error code required so that return server reported error directly
  69. return PVE_SERVER_REPORTED_ERROR;
  70. }
  71. }
  72. ae_error_t check_epid_pve_pg_status_before_mac_verification(const provision_response_header_t *msg_header)
  73. {
  74. uint16_t gstatus;
  75. gstatus = lv_ntohs(msg_header->gstatus);
  76. switch(gstatus){
  77. case GRS_SERVER_BUSY:
  78. return PVE_SERVER_BUSY_ERROR;
  79. case GRS_INTEGRITY_CHECK_FAIL:
  80. return PVE_INTEGRITY_CHECK_ERROR;
  81. case GRS_INCOMPATIBLE_VERSION://Backend report that PSW has used too old protocol, we need update PSW software, no MAC provided
  82. return PSW_UPDATE_REQUIRED;
  83. case GRS_INCORRECT_SYNTAX:
  84. return PVE_MSG_ERROR;
  85. case GRS_OK:
  86. return AE_SUCCESS;
  87. case GRS_PROTOCOL_ERROR:
  88. return AE_SUCCESS;//ignore those errors to check them after mac verification passed
  89. default:
  90. return PVE_SERVER_REPORTED_ERROR;
  91. }
  92. }
  93. ae_error_t check_epid_pve_pg_status_after_mac_verification(const provision_response_header_t *msg_header)
  94. {
  95. uint16_t gstatus, pstatus;
  96. gstatus = lv_ntohs(msg_header->gstatus);
  97. pstatus = lv_ntohs(msg_header->pstatus);
  98. switch(gstatus){
  99. case GRS_OK:
  100. if(pstatus!=SE_PRS_OK)
  101. return PVE_SERVER_REPORTED_ERROR;
  102. return AE_SUCCESS;
  103. case GRS_PROTOCOL_ERROR:
  104. AESM_LOG_INFO_ADMIN("%s (%d)", g_admin_event_string_table[SGX_ADMIN_EVENT_EPID_PROV_BACKEND_PROTOCOL_ERROR], (int)pstatus);
  105. AESM_DBG_INFO("Server reported protocol error %d", (int)pstatus);
  106. switch(pstatus){
  107. case SE_PRS_STATUS_INTEGRITY_FAILED:
  108. return PVE_INTEGRITY_CHECK_ERROR;
  109. case SE_PRS_PLATFORM_REVOKED:
  110. return PVE_REVOKED_ERROR;
  111. case SE_PRS_PERFORMANCE_REKEY_NOT_SUPPORTED:
  112. return PVE_PERFORMANCE_REKEY_NOT_SUPPORTED;
  113. case SE_PRS_PROV_ATTEST_KEY_NOT_FOUND:
  114. return PVE_PROV_ATTEST_KEY_NOT_FOUND;
  115. case SE_PRS_INVALID_REPORT:
  116. return PVE_INVALID_REPORT;
  117. default:
  118. return PVE_SERVER_REPORTED_ERROR;
  119. }
  120. default:
  121. return PVE_SERVER_REPORTED_ERROR;
  122. }
  123. }