common/inc/sgx_pce.h - incubator-teaclave-sgx-sdk - Git at Google

 /*
  * Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
  * are met:
  *
  *   * Redistributions of source code must retain the above copyright
  *     notice, this list of conditions and the following disclaimer.
  *   * Redistributions in binary form must reproduce the above copyright
  *     notice, this list of conditions and the following disclaimer in
  *     the documentation and/or other materials provided with the
  *     distribution.
  *   * Neither the name of Intel Corporation nor the names of its
  *     contributors may be used to endorse or promote products derived
  *     from this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */

 /**
  * File: sgx_pce.h
  * Description: Definition for pce interface.
  *
  * PCE interface and supporting structure definitions.
  */
 #ifndef _SGX_PCE_H_
 #define _SGX_PCE_H_

 #include "sgx_key.h"
 #include "sgx_report.h"

 #define SGX_PCE_MK_ERROR(x)          (0x0000F000|(x))
 typedef enum _sgx_pce_error_t
 {
     SGX_PCE_SUCCESS                  = SGX_PCE_MK_ERROR(0x0000),
     SGX_PCE_UNEXPECTED               = SGX_PCE_MK_ERROR(0x0001),      /* Unexpected error */
     SGX_PCE_INVALID_PARAMETER        = SGX_PCE_MK_ERROR(0x0002),      /* The parameter is incorrect */
     SGX_PCE_OUT_OF_EPC               = SGX_PCE_MK_ERROR(0x0003),      /* Not enough memory is available to complete this operation */
     SGX_PCE_INTERFACE_UNAVAILABLE    = SGX_PCE_MK_ERROR(0x0004),      /* SGX API is unavailable */
     SGX_PCE_INVALID_REPORT           = SGX_PCE_MK_ERROR(0x0005),      /* the report cannot be verified */
     SGX_PCE_CRYPTO_ERROR             = SGX_PCE_MK_ERROR(0x0006),      /* Cannot decrypt or verify ciphertext */
     SGX_PCE_INVALID_PRIVILEGE        = SGX_PCE_MK_ERROR(0x0007),      /* Not enough privilege to perform the operation */
     SGX_PCE_INVALID_TCB              = SGX_PCE_MK_ERROR(0x0008),      /* PCE could not sign at the requested TCB */
 } sgx_pce_error_t;


 /* PCE ID for the PCE in this library */
 #define PCE_ID 0

 /* Crypto_suite */
 #define PCE_ALG_RSA_OAEP_3072 1

 /* Signature_scheme */
 #define PCE_NIST_P256_ECDSA_SHA256 0


 //TODO: in qe pce common header
 /** Typedef enum _sgx_ql_request_policy */
 typedef enum _sgx_ql_request_policy
 {
     SGX_QL_PERSISTENT, ///< QE is initialized on first use and reused until process ends.
     SGX_QL_EPHEMERAL,  ///< QE is initialized and terminated on every quote.
                        ///< If a previous QE exists, it is stopped & restarted before quoting.
     SGX_QL_DEFAULT = SGX_QL_PERSISTENT
 } sgx_ql_request_policy_t;

 #pragma pack(push, 1)
 /** Structure for the Platform Certificate Enclave identity information   */
 typedef struct _sgx_pce_info_t {
     sgx_isv_svn_t pce_isv_svn;  ///< PCE ISVSVN
     uint16_t      pce_id;       ///< PCE ID.  It will change when something in the PCE would cause the PPID generation to change on the same platform
 }sgx_pce_info_t;
 #pragma pack(pop)

 #if defined(__cplusplus)
 extern "C" {
 #endif

 sgx_pce_error_t sgx_set_pce_enclave_load_policy(
                               sgx_ql_request_policy_t policy);

 sgx_pce_error_t sgx_pce_get_target(
                               sgx_target_info_t *p_pce_target,
                               sgx_isv_svn_t *p_pce_isv_svn);

 sgx_pce_error_t sgx_get_pce_info(
                               const sgx_report_t* p_report,
                               const uint8_t *p_public_key,
                               uint32_t key_size,
                               uint8_t crypto_suite,
                               uint8_t *p_encrypted_ppid,
                               uint32_t encrypted_ppid_buf_size,
                               uint32_t *p_encrypted_ppid_out_size,
                               sgx_isv_svn_t* p_pce_isvn,
                               uint16_t* p_pce_id,
                               uint8_t *p_signature_scheme);

 sgx_pce_error_t sgx_pce_sign_report(
                               const sgx_isv_svn_t* isv_svn,
                               const sgx_cpu_svn_t* cpu_svn,
                               const sgx_report_t* p_report,
                               uint8_t *p_signature,
                               uint32_t signature_buf_size,
                               uint32_t *p_signature_out_size);

 sgx_pce_error_t sgx_get_pce_info_without_ppid(
                              sgx_isv_svn_t* p_pce_isvsvn,
                              uint16_t* p_pce_id);

 sgx_pce_error_t sgx_set_pce_path(
                              const char* p_path);
 #if defined(__cplusplus)
 }
 #endif

 #endif
	/*
	* Copyright (C) 2011-2021 Intel Corporation. All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions
	* are met:
	*
	* * Redistributions of source code must retain the above copyright
	* notice, this list of conditions and the following disclaimer.
	* * Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in
	* the documentation and/or other materials provided with the
	* distribution.
	* * Neither the name of Intel Corporation nor the names of its
	* contributors may be used to endorse or promote products derived
	* from this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
	* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
	* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
	* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
	* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
	* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*
	*/

	/**
	* File: sgx_pce.h
	* Description: Definition for pce interface.
	*
	* PCE interface and supporting structure definitions.
	*/
	#ifndef _SGX_PCE_H_
	#define _SGX_PCE_H_

	#include "sgx_key.h"
	#include "sgx_report.h"

	#define SGX_PCE_MK_ERROR(x) (0x0000F000\|(x))
	typedef enum _sgx_pce_error_t
	{
	SGX_PCE_SUCCESS = SGX_PCE_MK_ERROR(0x0000),
	SGX_PCE_UNEXPECTED = SGX_PCE_MK_ERROR(0x0001), /* Unexpected error */
	SGX_PCE_INVALID_PARAMETER = SGX_PCE_MK_ERROR(0x0002), /* The parameter is incorrect */
	SGX_PCE_OUT_OF_EPC = SGX_PCE_MK_ERROR(0x0003), /* Not enough memory is available to complete this operation */
	SGX_PCE_INTERFACE_UNAVAILABLE = SGX_PCE_MK_ERROR(0x0004), /* SGX API is unavailable */
	SGX_PCE_INVALID_REPORT = SGX_PCE_MK_ERROR(0x0005), /* the report cannot be verified */
	SGX_PCE_CRYPTO_ERROR = SGX_PCE_MK_ERROR(0x0006), /* Cannot decrypt or verify ciphertext */
	SGX_PCE_INVALID_PRIVILEGE = SGX_PCE_MK_ERROR(0x0007), /* Not enough privilege to perform the operation */
	SGX_PCE_INVALID_TCB = SGX_PCE_MK_ERROR(0x0008), /* PCE could not sign at the requested TCB */
	} sgx_pce_error_t;


	/* PCE ID for the PCE in this library */
	#define PCE_ID 0

	/* Crypto_suite */
	#define PCE_ALG_RSA_OAEP_3072 1

	/* Signature_scheme */
	#define PCE_NIST_P256_ECDSA_SHA256 0


	//TODO: in qe pce common header
	/** Typedef enum _sgx_ql_request_policy */
	typedef enum _sgx_ql_request_policy
	{
	SGX_QL_PERSISTENT, ///< QE is initialized on first use and reused until process ends.
	SGX_QL_EPHEMERAL, ///< QE is initialized and terminated on every quote.
	///< If a previous QE exists, it is stopped & restarted before quoting.
	SGX_QL_DEFAULT = SGX_QL_PERSISTENT
	} sgx_ql_request_policy_t;

	#pragma pack(push, 1)
	/** Structure for the Platform Certificate Enclave identity information */
	typedef struct _sgx_pce_info_t {
	sgx_isv_svn_t pce_isv_svn; ///< PCE ISVSVN
	uint16_t pce_id; ///< PCE ID. It will change when something in the PCE would cause the PPID generation to change on the same platform
	}sgx_pce_info_t;
	#pragma pack(pop)

	#if defined(__cplusplus)
	extern "C" {
	#endif

	sgx_pce_error_t sgx_set_pce_enclave_load_policy(
	sgx_ql_request_policy_t policy);

	sgx_pce_error_t sgx_pce_get_target(
	sgx_target_info_t *p_pce_target,
	sgx_isv_svn_t *p_pce_isv_svn);

	sgx_pce_error_t sgx_get_pce_info(
	const sgx_report_t* p_report,
	const uint8_t *p_public_key,
	uint32_t key_size,
	uint8_t crypto_suite,
	uint8_t *p_encrypted_ppid,
	uint32_t encrypted_ppid_buf_size,
	uint32_t *p_encrypted_ppid_out_size,
	sgx_isv_svn_t* p_pce_isvn,
	uint16_t* p_pce_id,
	uint8_t *p_signature_scheme);

	sgx_pce_error_t sgx_pce_sign_report(
	const sgx_isv_svn_t* isv_svn,
	const sgx_cpu_svn_t* cpu_svn,
	const sgx_report_t* p_report,
	uint8_t *p_signature,
	uint32_t signature_buf_size,
	uint32_t *p_signature_out_size);

	sgx_pce_error_t sgx_get_pce_info_without_ppid(
	sgx_isv_svn_t* p_pce_isvsvn,
	uint16_t* p_pce_id);

	sgx_pce_error_t sgx_set_pce_path(
	const char* p_path);
	#if defined(__cplusplus)
	}
	#endif

	#endif