samplecode/remoteattestation/Application/enclave/src/lib.rs - incubator-teaclave-sgx-sdk - Git at Google

 // Licensed to the Apache Software Foundation (ASF) under one
 // or more contributor license agreements.  See the NOTICE file
 // distributed with this work for additional information
 // regarding copyright ownership.  The ASF licenses this file
 // to you under the Apache License, Version 2.0 (the
 // "License"); you may not use this file except in compliance
 // with the License.  You may obtain a copy of the License at
 //
 //   http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing,
 // software distributed under the License is distributed on an
 // "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 // KIND, either express or implied.  See the License for the
 // specific language governing permissions and limitations
 // under the License..

 #![crate_name = "raenclave"]
 #![crate_type = "staticlib"]
 #![cfg_attr(not(target_env = "sgx"), no_std)]
 #![cfg_attr(target_env = "sgx", feature(rustc_private))]
 #![allow(unused_variables)]

 extern crate sgx_trts;
 extern crate sgx_types;
 #[cfg(not(target_env = "sgx"))]
 #[macro_use]
 extern crate sgx_tstd as std;
 extern crate sgx_tcrypto;
 extern crate sgx_tdh;
 extern crate sgx_tkey_exchange;

 use sgx_tcrypto::*;
 use sgx_tkey_exchange::*;
 use sgx_trts::memeq::ConsttimeMemEq;
 use sgx_types::*;
 use std::slice;
 use std::vec::Vec;

 const G_SP_PUB_KEY: sgx_ec256_public_t = sgx_ec256_public_t {
     gx: [
         0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf, 0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae,
         0xad, 0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d, 0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b,
         0xeb, 0x38,
     ],
     gy: [
         0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b, 0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14,
         0xe2, 0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28, 0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14,
         0x5e, 0x06,
     ],
 };

 #[no_mangle]
 pub extern "C" fn enclave_init_ra(b_pse: i32, p_context: &mut sgx_ra_context_t) -> sgx_status_t {
     match rsgx_ra_init(&G_SP_PUB_KEY, b_pse) {
         Ok(p) => {
             *p_context = p;
             sgx_status_t::SGX_SUCCESS
         }
         Err(x) => x,
     }
 }

 #[no_mangle]
 pub extern "C" fn enclave_ra_close(context: sgx_ra_context_t) -> sgx_status_t {
     match rsgx_ra_close(context) {
         Ok(()) => sgx_status_t::SGX_SUCCESS,
         Err(x) => x,
     }
 }

 #[no_mangle]
 pub extern "C" fn verify_att_result_mac(
     context: sgx_ra_context_t,
     message: *const u8,
     msg_size: size_t,
     mac: *const u8,
     mac_size: size_t,
 ) -> sgx_status_t {
     let ret: sgx_status_t;
     let mk_key: sgx_ec_key_128bit_t;
     let mac_slice;
     let message_slice;
     let mac_result: sgx_cmac_128bit_tag_t;

     if mac_size != SGX_MAC_SIZE || msg_size > u32::max_value as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     unsafe {
         mac_slice = slice::from_raw_parts(mac, mac_size as usize);
         message_slice = slice::from_raw_parts(message, msg_size as usize);
     }

     if mac_slice.len() != SGX_MAC_SIZE as usize || message_slice.len() != msg_size as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_MK) {
         Ok(k) => mk_key = k,
         Err(x) => return x,
     }

     match rsgx_rijndael128_cmac_slice(&mk_key, message_slice) {
         Ok(tag) => mac_result = tag,
         Err(x) => return x,
     }

     if mac_slice.consttime_memeq(&mac_result) == false {
         return sgx_status_t::SGX_ERROR_MAC_MISMATCH;
     }

     sgx_status_t::SGX_SUCCESS
 }

 #[no_mangle]
 pub extern "C" fn verify_secret_data(
     context: sgx_ra_context_t,
     p_secret: *const u8,
     sec_size: u32,
     gcm_mac: &[u8; 16],
     max_vlen: u32,
     p_ret: &mut [u8; 16],
 ) -> sgx_status_t {
     let ret: sgx_status_t;
     let sk_key: sgx_ec_key_128bit_t;

     match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_SK) {
         Ok(key) => sk_key = key,
         Err(x) => return x,
     }

     let secret_slice = unsafe { slice::from_raw_parts(p_secret, sec_size as usize) };

     if secret_slice.len() != sec_size as usize {
         ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
         return ret;
     }

     let mut decrypted_vec: Vec<u8> = vec![0; sec_size as usize];
     let decrypted_slice = &mut decrypted_vec[..];
     let iv = [0; 12];
     let aad: [u8; 0] = [0; 0];

     let ret =
         rsgx_rijndael128GCM_decrypt(&sk_key, &secret_slice, &iv, &aad, gcm_mac, decrypted_slice);

     match ret {
         Ok(()) => {
             if decrypted_slice[0] == 0 && decrypted_slice[1] != 1 {
                 sgx_status_t::SGX_ERROR_INVALID_SIGNATURE
             } else {
                 sgx_status_t::SGX_SUCCESS
             }
         }
         Err(_) => {
             sgx_status_t::SGX_ERROR_UNEXPECTED
         }
     }
 }
	// Licensed to the Apache Software Foundation (ASF) under one
	// or more contributor license agreements. See the NOTICE file
	// distributed with this work for additional information
	// regarding copyright ownership. The ASF licenses this file
	// to you under the Apache License, Version 2.0 (the
	// "License"); you may not use this file except in compliance
	// with the License. You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing,
	// software distributed under the License is distributed on an
	// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	// KIND, either express or implied. See the License for the
	// specific language governing permissions and limitations
	// under the License..

	#![crate_name = "raenclave"]
	#![crate_type = "staticlib"]
	#![cfg_attr(not(target_env = "sgx"), no_std)]
	#![cfg_attr(target_env = "sgx", feature(rustc_private))]
	#![allow(unused_variables)]

	extern crate sgx_trts;
	extern crate sgx_types;
	#[cfg(not(target_env = "sgx"))]
	#[macro_use]
	extern crate sgx_tstd as std;
	extern crate sgx_tcrypto;
	extern crate sgx_tdh;
	extern crate sgx_tkey_exchange;

	use sgx_tcrypto::*;
	use sgx_tkey_exchange::*;
	use sgx_trts::memeq::ConsttimeMemEq;
	use sgx_types::*;
	use std::slice;
	use std::vec::Vec;

	const G_SP_PUB_KEY: sgx_ec256_public_t = sgx_ec256_public_t {
	gx: [
	0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf, 0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae,
	0xad, 0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d, 0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b,
	0xeb, 0x38,
	],
	gy: [
	0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b, 0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14,
	0xe2, 0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28, 0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14,
	0x5e, 0x06,
	],
	};

	#[no_mangle]
	pub extern "C" fn enclave_init_ra(b_pse: i32, p_context: &mut sgx_ra_context_t) -> sgx_status_t {
	match rsgx_ra_init(&G_SP_PUB_KEY, b_pse) {
	Ok(p) => {
	*p_context = p;
	sgx_status_t::SGX_SUCCESS
	}
	Err(x) => x,
	}
	}

	#[no_mangle]
	pub extern "C" fn enclave_ra_close(context: sgx_ra_context_t) -> sgx_status_t {
	match rsgx_ra_close(context) {
	Ok(()) => sgx_status_t::SGX_SUCCESS,
	Err(x) => x,
	}
	}

	#[no_mangle]
	pub extern "C" fn verify_att_result_mac(
	context: sgx_ra_context_t,
	message: *const u8,
	msg_size: size_t,
	mac: *const u8,
	mac_size: size_t,
	) -> sgx_status_t {
	let ret: sgx_status_t;
	let mk_key: sgx_ec_key_128bit_t;
	let mac_slice;
	let message_slice;
	let mac_result: sgx_cmac_128bit_tag_t;

	if mac_size != SGX_MAC_SIZE \|\| msg_size > u32::max_value as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	unsafe {
	mac_slice = slice::from_raw_parts(mac, mac_size as usize);
	message_slice = slice::from_raw_parts(message, msg_size as usize);
	}

	if mac_slice.len() != SGX_MAC_SIZE as usize \|\| message_slice.len() != msg_size as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_MK) {
	Ok(k) => mk_key = k,
	Err(x) => return x,
	}

	match rsgx_rijndael128_cmac_slice(&mk_key, message_slice) {
	Ok(tag) => mac_result = tag,
	Err(x) => return x,
	}

	if mac_slice.consttime_memeq(&mac_result) == false {
	return sgx_status_t::SGX_ERROR_MAC_MISMATCH;
	}

	sgx_status_t::SGX_SUCCESS
	}

	#[no_mangle]
	pub extern "C" fn verify_secret_data(
	context: sgx_ra_context_t,
	p_secret: *const u8,
	sec_size: u32,
	gcm_mac: &[u8; 16],
	max_vlen: u32,
	p_ret: &mut [u8; 16],
	) -> sgx_status_t {
	let ret: sgx_status_t;
	let sk_key: sgx_ec_key_128bit_t;

	match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_SK) {
	Ok(key) => sk_key = key,
	Err(x) => return x,
	}

	let secret_slice = unsafe { slice::from_raw_parts(p_secret, sec_size as usize) };

	if secret_slice.len() != sec_size as usize {
	ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
	return ret;
	}

	let mut decrypted_vec: Vec<u8> = vec![0; sec_size as usize];
	let decrypted_slice = &mut decrypted_vec[..];
	let iv = [0; 12];
	let aad: [u8; 0] = [0; 0];

	let ret =
	rsgx_rijndael128GCM_decrypt(&sk_key, &secret_slice, &iv, &aad, gcm_mac, decrypted_slice);

	match ret {
	Ok(()) => {
	if decrypted_slice[0] == 0 && decrypted_slice[1] != 1 {
	sgx_status_t::SGX_ERROR_INVALID_SIGNATURE
	} else {
	sgx_status_t::SGX_SUCCESS
	}
	}
	Err(_) => {
	sgx_status_t::SGX_ERROR_UNEXPECTED
	}
	}
	}