miti
/
linux-sgx-trts-modified


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
							/*
 * Copyright (C) 2011-2018 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "arch.h"
#include "sgx_tcrypto.h"
#include "pek_pub_key.h"
#include "pve_qe_common.h"
#include <string.h>
#include "xegdsk_pub.hh"
#include "peksk_pub.hh"
#include "qsdk_pub.hh"
#include "isk_pub.hh"
#include "byte_order.h"


//Function to verify the ECDSA signature of a PEK
//SHA1 value for integrity checking is not verified since the ECDSA verification could make sure the integrity at the same time.
sgx_status_t check_pek_signature(const signed_pek_t& signed_pek, const sgx_ec256_public_t* pek_sk, uint8_t *result)
{
    sgx_status_t status = SGX_SUCCESS;
    sgx_ecc_state_handle_t handle= 0;
    sgx_ec256_signature_t ec_signature;
    status = sgx_ecc256_open_context(&handle);
    if(SGX_SUCCESS!=status){
        return status;
    }
    se_static_assert(sizeof(ec_signature)==sizeof(signed_pek.pek_signature));
    memcpy(&ec_signature, signed_pek.pek_signature, sizeof(signed_pek.pek_signature));
    SWAP_ENDIAN_32B(ec_signature.x);
    SWAP_ENDIAN_32B(ec_signature.y);
    status = sgx_ecdsa_verify(reinterpret_cast<const uint8_t *>(&signed_pek),
        static_cast<uint32_t>(sizeof(signed_pek.n)+sizeof(signed_pek.e)),
        pek_sk,
        &ec_signature,
        result,
        handle);
    (void)sgx_ecc256_close_context(handle);
    return status;
}

//Function to verify that ECDSA signature of XEGB is correct
sgx_status_t verify_xegb(const extended_epid_group_blob_t& xegb, uint8_t *result){
    if (lv_htons(xegb.data_length) != EXTENDED_EPID_GROUP_BLOB_DATA_LEN
        || xegb.format_id != XEGB_FORMAT_ID){
        return SGX_ERROR_INVALID_PARAMETER;
    }

    sgx_status_t status = SGX_SUCCESS;
    sgx_ecc_state_handle_t handle= 0;
    sgx_ec256_signature_t ec_signature;
    status = sgx_ecc256_open_context(&handle);
    if(SGX_SUCCESS!=status){
        return status;
    }
    se_static_assert(sizeof(ec_signature)==sizeof(xegb.signature));
    memcpy(&ec_signature, xegb.signature, sizeof(xegb.signature));
    SWAP_ENDIAN_32B(ec_signature.x);
    SWAP_ENDIAN_32B(ec_signature.y);
    status = sgx_ecdsa_verify(reinterpret_cast<const uint8_t *>(&xegb),
        static_cast<uint32_t>(sizeof(xegb)-sizeof(xegb.signature)),
        const_cast<sgx_ec256_public_t *>(&g_sdsk_pub_key_little_endian),
        &ec_signature,
        result,
        handle);
    (void)sgx_ecc256_close_context(handle);
    if(SGX_SUCCESS!=status){
        return status;
    }
    return SGX_SUCCESS;
}

sgx_status_t verify_xegb_with_default(const extended_epid_group_blob_t& xegb, uint8_t *result, extended_epid_group_blob_t& out_xegb)
{
    const uint8_t *pxegb = reinterpret_cast<const uint8_t *>(&xegb);
    uint32_t i;
    //check whether all bytes of xegb is 0, if so we should use default xegb
    for (i = 0; i < sizeof(xegb); i++){
        if (pxegb[i] != 0){
            break;
        }
    }
    if (i == sizeof(xegb)){//using default xegb value if all bytes are 0, for hardcoded xegb, no ecdsa signature is available so that no ecdsa verification requried too.
        out_xegb.xeid = 0;
        out_xegb.format_id = XEGB_FORMAT_ID;
        memcpy(out_xegb.epid_sk, &g_sgx_isk_pubkey, 2*ECDSA_SIGN_SIZE);
        memcpy(out_xegb.pek_sk, &g_pek_pub_key_little_endian, 2 * ECDSA_SIGN_SIZE);
        memcpy(out_xegb.qsdk_exp, g_qsdk_pub_key_e, sizeof(g_qsdk_pub_key_e));
        memcpy(out_xegb.qsdk_mod, g_qsdk_pub_key_n, RSA_2048_KEY_BYTES);
        *result = SGX_EC_VALID;
        return SGX_SUCCESS;
    }
    memcpy(&out_xegb, &xegb, sizeof(xegb));//use the input xegb if any bytes in it is non-zero
    return verify_xegb(out_xegb, result);
}