PCEClass.cpp 5.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #ifndef __GNUC__
  32. #include "StdAfx.h"
  33. #include <intrin.h>
  34. #endif
  35. #include <assert.h>
  36. #include "PCEClass.h"
  37. #include "QEClass.h"
  38. #include "PVEClass.h"
  39. #include "util.h"
  40. #include "prof_fun.h"
  41. #include "sgx_report.h"
  42. #include "sgx_tseal.h"
  43. #include "epid_pve_type.h"
  44. #include "pce_u.h"
  45. #include "pce_u.c"
  46. void CPCEClass::before_enclave_load() {
  47. // always unload qe/pve enclave before loading pce enclave
  48. CQEClass::instance().unload_enclave();
  49. CPVEClass::instance().unload_enclave();
  50. }
  51. uint32_t CPCEClass::get_pce_target(
  52. sgx_target_info_t *p_pce_target)
  53. {
  54. token_t *p_token =
  55. reinterpret_cast<token_t *>(&m_launch_token);
  56. /* We need to make sure the PCE is successfully loaded and then we can use
  57. the cached attributes and launch token. */
  58. assert(m_enclave_id);
  59. memset(p_pce_target, 0, sizeof(sgx_target_info_t));
  60. memcpy_s(&p_pce_target->attributes, sizeof(p_pce_target->attributes),
  61. &m_attributes.secs_attr, sizeof(m_attributes.secs_attr));
  62. memcpy_s(&p_pce_target->misc_select, sizeof(p_pce_target->misc_select),
  63. &m_attributes.misc_select, sizeof(m_attributes.misc_select));
  64. memcpy_s(&p_pce_target->mr_enclave, sizeof(p_pce_target->mr_enclave),
  65. &p_token->body.mr_enclave,
  66. sizeof(p_token->body.mr_enclave));
  67. return AE_SUCCESS;
  68. }
  69. uint32_t CPCEClass::get_pce_info(const sgx_report_t& report, const signed_pek_t& pek, uint16_t& pce_id, uint16_t& isv_svn, uint8_t encrypted_ppid[PEK_MOD_SIZE])
  70. {
  71. sgx_status_t status = SGX_SUCCESS;
  72. uint32_t ret_val = 0;
  73. uint32_t ret_size = PEK_MOD_SIZE;
  74. int retry = 0;
  75. pce_info_t pce_info;
  76. uint8_t signature_scheme;
  77. AESM_PROFILE_FUN;
  78. if (m_enclave_id == 0){
  79. AESM_DBG_ERROR("call get_pc_info without loading PCE");
  80. return AE_FAILURE;
  81. }
  82. status = ::get_pc_info(m_enclave_id, &ret_val, &report, (uint8_t*)&pek, static_cast<uint32_t>(PEK_MOD_SIZE + sizeof(pek.e)), ALG_RSA_OAEP_3072, encrypted_ppid, PEK_MOD_SIZE, &ret_size, &pce_info, &signature_scheme);
  83. for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++)
  84. {
  85. unload_enclave();
  86. if(AE_SUCCESS != load_enclave())
  87. return AE_FAILURE;
  88. status = ::get_pc_info(m_enclave_id, &ret_val, &report, (uint8_t*)&pek, static_cast<uint32_t>(PEK_MOD_SIZE + sizeof(pek.e)), ALG_RSA_OAEP_3072, encrypted_ppid, PEK_MOD_SIZE, &ret_size, &pce_info, &signature_scheme);
  89. }
  90. if(status != SGX_SUCCESS)
  91. return AE_FAILURE;
  92. if (ret_val != AE_SUCCESS)
  93. return ret_val;
  94. if(signature_scheme != NIST_P256_ECDSA_SHA256){
  95. return AE_FAILURE;
  96. }
  97. if(ret_size != PEK_MOD_SIZE){
  98. return AE_FAILURE;
  99. }
  100. pce_id = pce_info.pce_id;
  101. isv_svn = pce_info.pce_isvn;
  102. return AE_SUCCESS;
  103. }
  104. uint32_t CPCEClass::sign_report(const psvn_t& cert_psvn, const sgx_report_t& report, uint8_t signed_sign[2*SE_ECDSA_SIGN_SIZE])
  105. {
  106. sgx_status_t status = SGX_SUCCESS;
  107. uint32_t ret_val = 0;
  108. uint32_t ret_size = 2*SE_ECDSA_SIGN_SIZE;
  109. int retry = 0;
  110. AESM_PROFILE_FUN;
  111. if (m_enclave_id == 0){
  112. AESM_DBG_ERROR("call certify_enclave without loading PCE");
  113. return AE_FAILURE;
  114. }
  115. status = ::certify_enclave(m_enclave_id, &ret_val, &cert_psvn, &report, signed_sign, 2*SE_ECDSA_SIGN_SIZE, &ret_size);
  116. for(; status == SGX_ERROR_ENCLAVE_LOST && retry < AESM_RETRY_COUNT; retry++)
  117. {
  118. unload_enclave();
  119. if(AE_SUCCESS != load_enclave())
  120. return AE_FAILURE;
  121. status = ::certify_enclave(m_enclave_id, &ret_val, &cert_psvn, &report, signed_sign, 2*SE_ECDSA_SIGN_SIZE, &ret_size);
  122. }
  123. if(status != SGX_SUCCESS)
  124. return AE_FAILURE;
  125. if(ret_val != AE_SUCCESS){
  126. return ret_val;
  127. }
  128. if(ret_size != 2*SE_ECDSA_SIGN_SIZE)
  129. return AE_FAILURE;
  130. return AE_SUCCESS;
  131. }