Google Git
Sign in
apache / incubator-teaclave-sgx-sdk / refs/tags/v0.2.0 / . / samplecode / remoteattestation / Application / enclave / src / lib.rs
blob: 36f02a8b5c5f29b498520a5acbe5cbbae2837df0 [file] [log] [blame]
/*
* Copyright (C) 2011-2016 2017 Baidu, Inc. All Rights Reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
* * Neither the name of Baidu, Inc., nor the names of its
* contributors may be used to endorse or promote products derived
* from this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
#![crate_name = "raenclave"]
#![crate_type = "staticlib"]
#![no_std]
#![feature(collections)]
#![allow(unused_variables)]
#[macro_use]
extern crate collections;
extern crate sgx_types;
extern crate sgx_trts;
extern crate sgx_tdh;
extern crate sgx_tcrypto;
extern crate sgx_tservice;
extern crate sgx_tkey_exchange;
use sgx_types::*;
use sgx_tcrypto::*;
use sgx_tservice::*;
use sgx_tkey_exchange::*;
use collections::slice;
use collections::vec::Vec;
const G_SP_PUB_KEY : sgx_ec256_public_t = sgx_ec256_public_t {
gx : [0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38],
gy : [0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06]
};
#[no_mangle]
pub extern "C"
fn enclave_init_ra(b_pse : i32,
p_context : &mut sgx_ra_context_t)
-> sgx_status_t {
let mut ret:sgx_status_t = sgx_status_t::SGX_SUCCESS;
if b_pse != 0 {
for _ in 0..2 {
match rsgx_create_pse_session() {
Ok(()) => {
ret = sgx_status_t::SGX_SUCCESS;
break;
},
Err(x) => {ret = x;}
}
}
if ret != sgx_status_t::SGX_SUCCESS {
return ret;
}
}
match rsgx_ra_init(&G_SP_PUB_KEY, b_pse) {
Ok(p) => {
*p_context = p;
ret = sgx_status_t::SGX_SUCCESS;
},
Err(x) => {
ret = x;
return ret;
}
}
if b_pse != 0 {
let _ = rsgx_close_pse_session();
}
ret
}
#[no_mangle]
pub extern "C"
fn enclave_ra_close(context : sgx_ra_context_t) -> sgx_status_t {
match rsgx_ra_close(context) {
Ok(()) => sgx_status_t::SGX_SUCCESS,
Err(x) => x
}
}
#[no_mangle]
pub extern "C"
fn verify_att_result_mac(context : sgx_ra_context_t,
message : * const u8,
msg_size: size_t,
mac : * const u8,
mac_size: size_t) -> sgx_status_t {
let ret:sgx_status_t;
let mk_key:sgx_ec_key_128bit_t;
let mac_slice;
let message_slice;
let mac_result:sgx_cmac_128bit_tag_t;
if mac_size != SGX_MAC_SIZE || msg_size > u32::max_value as usize {
ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
return ret;
}
unsafe {
mac_slice = slice::from_raw_parts(mac, mac_size as usize);
message_slice = slice::from_raw_parts(message, msg_size as usize);
}
if mac_slice.len() != SGX_MAC_SIZE as usize ||
message_slice.len() != msg_size as usize {
ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
return ret;
}
match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_MK) {
Ok(k) => mk_key = k,
Err(x) => return x
}
match rsgx_rijndael128_cmac_slice(&mk_key, message_slice) {
Ok(tag) => mac_result = tag,
Err(x) => return x
}
let mut diff:u8 = 0;
// consttime_memequal
for i in 0..SGX_CMAC_MAC_SIZE {
diff |= mac_slice[i] ^ mac_result[i];
}
if diff != 0 {
ret = sgx_status_t::SGX_ERROR_MAC_MISMATCH;
return ret;
}
sgx_status_t::SGX_SUCCESS
}
#[no_mangle]
pub extern "C"
fn verify_secret_data(context : sgx_ra_context_t,
p_secret: * const u8,
sec_size: u32,
gcm_mac : &[u8;16],
max_vlen: u32,
p_ret : & mut [u8;16]) -> sgx_status_t {
let ret:sgx_status_t;
let sk_key:sgx_ec_key_128bit_t;
match rsgx_ra_get_keys(context, sgx_ra_key_type_t::SGX_RA_KEY_SK) {
Ok(key) => sk_key = key,
Err(x) => return x
}
let secret_slice;
// let gcm_mac_slice;
unsafe {
secret_slice = slice::from_raw_parts(p_secret, sec_size as usize);
// gcm_mac_slice = slice::from_raw_parts(gcm_mac, SGX_AESGCM_MAC_SIZE);
}
if secret_slice.len() != sec_size as usize {
// gcm_mac_slice.len() != SGX_AESGCM_MAC_SIZE {
ret = sgx_status_t::SGX_ERROR_INVALID_PARAMETER;
return ret;
}
let mut decrypted_vec: Vec<u8> = vec![0; sec_size as usize];
let mut decrypted_slice = &mut decrypted_vec[..];
let iv = [0;12];
let aad:[u8;0] = [0;0];
// let debug_str = fmt!("{}", aad.len());
//
// unsafe {
// ocall_print_string(debug_str as *const c_uchar, debug_str.len() as size_t);
// }
let ret = rsgx_rijndael128GCM_decrypt(&sk_key,
&secret_slice,
&iv,
&aad,
gcm_mac,
decrypted_slice);
match ret {
Ok(()) => {
if decrypted_slice[0] == 0 && decrypted_slice[1] != 1 {
return sgx_status_t::SGX_ERROR_INVALID_SIGNATURE;
}
else {
return sgx_status_t::SGX_SUCCESS;
}
},
Err(_) => {
return sgx_status_t::SGX_ERROR_UNEXPECTED;
}
}
}