pse_provisioning_msg3.cpp 12 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. /*
  2. * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "CertificateProvisioningProtocol.h"
  32. #include <cstddef>
  33. #include "epid_utility.h"
  34. #include "sgx_quote.h"
  35. #include "tlv_common.h"
  36. #include "type_length_value.h"
  37. #include "se_wrapper.h"
  38. //*********************************************************************************************************
  39. //* PSE_ProvMsg3
  40. //* Seq # Data Item
  41. //* ===== ============================================================================================
  42. //* 1 Request Header (Protocol, Version, TransactionID, Type)
  43. //* 2 Nonce TLV (TLV Type, Type, Version, Size, [Nonce])
  44. //* 3 Block Cipher Text TLV (TLV Type, Type, Version, Size, [IV, EncryptedPayload is 2.1, 2.2, 2.3])
  45. //* 3.1 SE Quote TLV (TLV Type, Type, Version, Size, [Quote])
  46. //* 3.2 SE Quote Signature TLV (TLV Type, Type, Version, Size, [Signature])
  47. //* 3.3 X509 CSR TLV (TLV Type, Type, Version, Size, [CSR])
  48. //* 4 Message Authentication Code TLV (TLV Type, Type, Version, Size, [MAC])
  49. //* MAC over 1, 2, and 3
  50. //*********************************************************************************************************
  51. ae_error_t CertificateProvisioningProtocol::msg3_generate(const upse::Buffer& csrBuffer, const upse::Buffer& quoteBuffer, upse::Buffer& serializedMsg3)
  52. {
  53. ae_error_t status = AE_FAILURE;
  54. tlv_status_t tlv_status = TLV_UNKNOWN_ERROR;
  55. provision_request_header_t serializedHeader;
  56. memset(&serializedHeader, 0, sizeof(serializedHeader));
  57. TLVsMsg seq2_0_tlv_nonce;
  58. TLVsMsg seq3_0_tlv_block_cipher_text;
  59. TLVsMsg seq3_1_tlv_quote;
  60. TLVsMsg seq3_2_tlv_quote_signature;
  61. TLVsMsg seq3_3_tlv_x509_csr;
  62. TLVsMsg seq4_0_tlv_mac;
  63. do
  64. {
  65. tlv_status = seq2_0_tlv_nonce.add_nonce(Nonce.getData(), Nonce.getSize());
  66. status = tlv_error_2_pve_error(tlv_status);
  67. if (AE_FAILED(status))
  68. break;
  69. status = msg3_seq3_1_create_quote_tlv(quoteBuffer, seq3_1_tlv_quote);
  70. if (AE_FAILED(status))
  71. break;
  72. status = msg3_seq3_2_create_quote_signature_tlv(quoteBuffer, seq3_2_tlv_quote_signature);
  73. if (AE_FAILED(status))
  74. break;
  75. tlv_status = seq3_3_tlv_x509_csr.add_x509_csr(csrBuffer.getData(), csrBuffer.getSize());
  76. status = tlv_error_2_pve_error(tlv_status);
  77. if (AE_FAILED(status))
  78. break;
  79. status = msg3_create_header(TransactionID, seq2_0_tlv_nonce.get_tlv_msg_size(), seq3_1_tlv_quote.get_tlv_msg_size(),
  80. seq3_2_tlv_quote_signature.get_tlv_msg_size(), seq3_3_tlv_x509_csr.get_tlv_msg_size(), serializedHeader);
  81. if (AE_FAILED(status))
  82. break;
  83. upse::Buffer mac;
  84. status = msg3_seq3_0_create_block_cipher_text_tlv(seq3_1_tlv_quote, seq3_2_tlv_quote_signature, seq3_3_tlv_x509_csr, seq2_0_tlv_nonce, serializedHeader,
  85. EK2, seq3_0_tlv_block_cipher_text, mac);
  86. if (AE_FAILED(status))
  87. break;
  88. tlv_status = seq4_0_tlv_mac.add_mac(mac.getData());
  89. status = tlv_error_2_pve_error(tlv_status);
  90. if (AE_FAILED(status))
  91. break;
  92. //*********************************************************************
  93. // Prepare serialized message buffer
  94. //*********************************************************************
  95. uint32_t size_msg3 = static_cast<uint32_t>(PROVISION_REQUEST_HEADER_SIZE + seq2_0_tlv_nonce.get_tlv_msg_size() +
  96. seq3_0_tlv_block_cipher_text.get_tlv_msg_size() + seq4_0_tlv_mac.get_tlv_msg_size());
  97. status = serializedMsg3.Alloc(size_msg3);
  98. if (AE_FAILED(status))
  99. break;
  100. serializedMsg3.zeroMemory();
  101. upse::BufferWriter bwMsg3(serializedMsg3);
  102. // Write serialized request header to serialized message
  103. status = bwMsg3.writeRaw((uint8_t*)&serializedHeader, sizeof(serializedHeader));
  104. if (AE_FAILED(status))
  105. break;
  106. // Write sequence 2.0 - Nonce TLV
  107. status = bwMsg3.writeRaw(const_cast<uint8_t*>(seq2_0_tlv_nonce.get_tlv_msg()), seq2_0_tlv_nonce.get_tlv_msg_size());
  108. if (AE_FAILED(status))
  109. break;
  110. // Write sequence 3.0 - Block Cipher Text TLV (contains 3.1, 3.2, and 3.3 as encrypted payload)
  111. status = bwMsg3.writeRaw(const_cast<uint8_t*>(seq3_0_tlv_block_cipher_text.get_tlv_msg()), seq3_0_tlv_block_cipher_text.get_tlv_msg_size());
  112. if (AE_FAILED(status))
  113. break;
  114. // Write sequence 4.0 - MAC TLV
  115. status = bwMsg3.writeRaw(const_cast<uint8_t*>(seq4_0_tlv_mac.get_tlv_msg()), seq4_0_tlv_mac.get_tlv_msg_size());
  116. if (AE_FAILED(status))
  117. break;
  118. status = AE_SUCCESS;
  119. } while (0);
  120. return status;
  121. }
  122. ae_error_t CertificateProvisioningProtocol::msg3_create_header(const upse::Buffer& transactionID, uint32_t nonceSize, uint32_t quoteSize, uint32_t epidSigSize, uint32_t csrSize, provision_request_header_t& header)
  123. {
  124. ae_error_t status = AESM_PSE_PR_INTERNAL_ERROR;
  125. do
  126. {
  127. uint32_t seq2_0_tlv_block_cipher_text_size = BLOCK_CIPHER_TEXT_TLV_SIZE(quoteSize + epidSigSize + csrSize);
  128. uint32_t seq3_0_tlv_nonce_size = nonceSize;
  129. uint32_t seq4_0_tlv_mac_size = MAC_TLV_SIZE(MAC_SIZE);
  130. header.protocol = PSE_PROVISIONING;
  131. header.version = TLV_VERSION_1;
  132. header.type = static_cast<uint8_t>(TYPE_PSE_MSG3);
  133. if (XID_SIZE != transactionID.getSize())
  134. break;
  135. if (memcpy_s(header.xid, sizeof(header.xid), transactionID.getData(), transactionID.getSize()) != 0)
  136. break;
  137. uint32_t totalSize = seq2_0_tlv_block_cipher_text_size + seq3_0_tlv_nonce_size + seq4_0_tlv_mac_size;
  138. uint32_t serializedSize = _htonl(totalSize);
  139. if (sizeof(serializedSize) != sizeof(header.size))
  140. break;
  141. if (memcpy_s(header.size, sizeof(header.size), &serializedSize, sizeof(serializedSize)) != 0)
  142. break;
  143. status = AE_SUCCESS;
  144. } while (0);
  145. return status;
  146. }
  147. ae_error_t CertificateProvisioningProtocol::msg3_seq3_2_create_quote_signature_tlv(const upse::Buffer& quote, TLVsMsg& seq3_2_tlv_quote_signature)
  148. {
  149. ae_error_t status = AESM_PSE_PR_INTERNAL_ERROR;
  150. tlv_status_t tlv_status;
  151. do
  152. {
  153. if (sizeof(sgx_quote_t) > quote.getSize())
  154. break;
  155. const sgx_quote_t* pQuote = (const sgx_quote_t*)quote.getData();
  156. /* the QUOTE SIGNATURE TLV doesn't include Quote.signature_len */
  157. uint32_t SigLen = pQuote->signature_len;
  158. if (sizeof(sgx_quote_t) + SigLen > quote.getSize())
  159. break;
  160. const uint8_t *pSig = pQuote->signature;
  161. tlv_status = seq3_2_tlv_quote_signature.add_quote_signature(pSig, SigLen);
  162. status = tlv_error_2_pve_error(tlv_status);
  163. if (AE_FAILED(status))
  164. break;
  165. status = AE_SUCCESS;
  166. } while (0);
  167. return status;
  168. }
  169. ae_error_t CertificateProvisioningProtocol::msg3_seq3_0_create_block_cipher_text_tlv(const TLVsMsg& quote, const TLVsMsg& epidSigTLV, const TLVsMsg& csrTLV, const TLVsMsg& nonceTLV,
  170. const provision_request_header_t& requestHeader, const upse::Buffer& ek2,
  171. TLVsMsg& blockCipherTextTLV, upse::Buffer& mac)
  172. {
  173. ae_error_t status = AE_FAILURE;
  174. tlv_status_t tlv_status;
  175. upse::Buffer plainText;
  176. upse::Buffer encryptedPayload;
  177. do
  178. {
  179. status = get_random_value(IV_SIZE, M3IV);
  180. if (AE_FAILED(status))
  181. break;
  182. status = plainText.Alloc(quote.get_tlv_msg_size() + epidSigTLV.get_tlv_msg_size() + csrTLV.get_tlv_msg_size());
  183. if (AE_FAILED(status))
  184. break;
  185. upse::BufferWriter plainTextWriter(plainText);
  186. status = plainTextWriter.writeRaw(quote.get_tlv_msg(), quote.get_tlv_msg_size());
  187. if (AE_FAILED(status))
  188. break;
  189. status = plainTextWriter.writeRaw(epidSigTLV.get_tlv_msg(), epidSigTLV.get_tlv_msg_size());
  190. if (AE_FAILED(status))
  191. break;
  192. status = plainTextWriter.writeRaw(csrTLV.get_tlv_msg(), csrTLV.get_tlv_msg_size());
  193. if (AE_FAILED(status))
  194. break;
  195. uint32_t payloadSize = BLOCK_CIPHER_TEXT_TLV_PAYLOAD_SIZE(plainText.getSize());
  196. uint32_t blockCipherTextHeaderSize = get_tlv_total_size(payloadSize) - payloadSize;
  197. // Calculate AAD (concatenation of Request header, Nonce, Block Cipher Text TLV header and IV from Block Cipher Text TLV)
  198. upse::Buffer aad;
  199. status = aad.Alloc(static_cast<uint32_t>(sizeof(requestHeader) + nonceTLV.get_tlv_msg_size() + blockCipherTextHeaderSize + M3IV.getSize()));
  200. if (AE_FAILED(status))
  201. break;
  202. TLVsMsg tmpBlockCipherTextTLV;
  203. tlv_status = tmpBlockCipherTextTLV.add_block_cipher_text(M3IV.getData(), NULL, plainText.getSize());
  204. status = tlv_error_2_pve_error(tlv_status);
  205. if (AE_FAILED(status))
  206. break;
  207. upse::BufferWriter aadWriter(aad);
  208. status = aadWriter.writeRaw((const uint8_t*)&requestHeader, sizeof(requestHeader));
  209. if (AE_FAILED(status))
  210. break;
  211. status = aadWriter.writeRaw(nonceTLV.get_tlv_msg(), nonceTLV.get_tlv_msg_size());
  212. if (AE_FAILED(status))
  213. break;
  214. status = aadWriter.writeRaw(tmpBlockCipherTextTLV.get_tlv_msg(), blockCipherTextHeaderSize);
  215. if (AE_FAILED(status))
  216. break;
  217. status = aadWriter.writeRaw(M3IV.getData(), M3IV.getSize());
  218. if (AE_FAILED(status))
  219. break;
  220. status = aesGCMEncrypt(M3IV, ek2, plainText, aad, encryptedPayload, mac);
  221. if (AE_FAILED(status))
  222. break;
  223. tlv_status = blockCipherTextTLV.add_block_cipher_text(M3IV.getData(), encryptedPayload.getData(), encryptedPayload.getSize());
  224. status = tlv_error_2_pve_error(tlv_status);
  225. if (AE_FAILED(status))
  226. break;
  227. status = AE_SUCCESS;
  228. } while (0);
  229. return status;
  230. }
  231. ae_error_t CertificateProvisioningProtocol::msg3_seq3_1_create_quote_tlv(const upse::Buffer& quoteBuffer, TLVsMsg& quoteTLV)
  232. {
  233. ae_error_t status = AESM_PSE_PR_INTERNAL_ERROR;
  234. tlv_status_t tlv_status;
  235. do
  236. {
  237. if (sizeof(sgx_quote_t) > quoteBuffer.getSize())
  238. break;
  239. const sgx_quote_t* pQuote = (const sgx_quote_t*)quoteBuffer.getData();
  240. tlv_status = quoteTLV.add_quote((uint8_t*)pQuote, static_cast<uint32_t>(sizeof(sgx_quote_t)-sizeof(pQuote->signature_len)));
  241. status = tlv_error_2_pve_error(tlv_status);
  242. if (AE_FAILED(status))
  243. break;
  244. } while (0);
  245. return status;
  246. }