ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper) { ae_error_t ae_err = AE_FAILURE; sgx_ecc_state_handle_t ecc_handle = NULL; uint8_t result = SGX_EC_INVALID_SIGNATURE; const uint32_t data_size = static_cast<uint32_t>(sizeof(piBlobWrapper.platform_info_blob) - sizeof(piBlobWrapper.platform_info_blob.signature)); piBlobWrapper.valid_info_blob = false; do { sgx_ec256_public_t publicKey; sgx_ec256_signature_t signature; sgx_status_t sgx_status; //BREAK_IF_TRUE((sizeof(publicKey) != sizeof(s_pib_pub_key_big_endian)), ae_err, AE_FAILURE); //BREAK_IF_TRUE((sizeof(signature) != sizeof(piBlobWrapper.platform_info_blob.signature)), ae_err, AE_FAILURE); if(0!=memcpy_s(&publicKey, sizeof(publicKey), s_pib_pub_key_big_endian, sizeof(s_pib_pub_key_big_endian))){ ae_err = AE_FAILURE; break; } if(0!=memcpy_s(&signature, sizeof(signature), &piBlobWrapper.platform_info_blob.signature, sizeof(piBlobWrapper.platform_info_blob.signature))){ ae_err = AE_FAILURE; break; } sgx_status = sgx_ecc256_open_context(&ecc_handle); BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE); sgx_status = sgx_ecdsa_verify((uint8_t*)&piBlobWrapper.platform_info_blob, data_size, &publicKey, &signature, &result, ecc_handle); BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE); if (SGX_EC_VALID != result) { AESM_LOG_WARN(g_event_string_table[SGX_EVENT_PID_SIGNATURE_FAILURE]); break; } piBlobWrapper.valid_info_blob = true; ae_err = AE_SUCCESS; } while (0); if (ecc_handle != NULL) { sgx_ecc256_close_context(ecc_handle); } return ae_err; }
int main() { if(daemon(0, 0) < 0) { AESM_LOG_INIT(); AESM_LOG_FATAL("Fail to set daemon."); AESM_LOG_FINI(); exit(1); } CURLcode curl_code = curl_global_init(CURL_GLOBAL_DEFAULT); if(curl_code!=CURLE_OK){ curl_initialized = false; }else{ curl_initialized = true; } signal(SIGCHLD, SIG_IGN); signal(SIGHUP, signal_handler); //ignore SIGPIPE, socket is unexpectedly closed by client signal(SIGPIPE, SIG_IGN); signal(SIGTERM, signal_handler); try{ do{ reload = false; AESMLogicWrapper* aesmLogic = new AESMLogicWrapper(); if(aesmLogic->service_start()!=AE_SUCCESS){ AESM_LOG_ERROR("Fail to start service."); delete aesmLogic; exit(1); } UnixServerSocket* serverSock = new UnixServerSocket(CONFIG_SOCKET_PATH); CSelector* selector = new CSelector(serverSock); server = new CAESMServer(serverSock, selector, aesmLogic); AESM_LOG_WARN("The server sock is %#lx" ,serverSock); server->init(); server->doWork(); CAESMServer* temp_server = server; server = NULL; delete temp_server; }while(reload == true); } catch(char const* error_msg) { AESM_LOG_FATAL("%s", error_msg); } return 0; }
ae_error_t EPIDBlob::write(const epid_blob_with_cur_psvn_t& blob) { ae_error_t ae_ret = AE_FAILURE; status = not_available; if((ae_ret = aesm_write_data(FT_PERSISTENT_STORAGE, EPID_DATA_BLOB_FID,reinterpret_cast<const uint8_t *>(&blob), sizeof(blob)))!=AE_SUCCESS) { AESM_DBG_WARN("fail to write epid blob to persistent storage:%d",ae_ret); AESM_LOG_WARN("%s",g_event_string_table[SGX_EVENT_EPID_BLOB_PERSISTENT_STROAGE_FAILURE]); // continue to update cache } if(memcpy_s(&blob_cache, sizeof(blob_cache), &blob, sizeof(blob))!=0){ status = not_available; //invalid status ae_ret = AE_FAILURE; }else{ status = update_to_date; ae_ret = AE_SUCCESS; } return ae_ret; }
//Function to read urls from configure files ae_error_t EndpointSelectionInfo::get_url_info() { ae_error_t ae_err=AE_SUCCESS; uint32_t server_urls_size = sizeof(_server_urls); ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&_server_urls), &server_urls_size, AESMLogic::get_active_extended_epid_group_id()); if(AE_SUCCESS != ae_err || server_urls_size != sizeof(_server_urls)|| !is_valid_server_url_infos(_server_urls)){ //If fail to read or data format error, use default value _is_server_url_valid = false; if(AE_SUCCESS == ae_err){//File available but format error, report ERROR LOG AESM_LOG_WARN("Server URL Blob file format error"); AESM_DBG_INFO("fail to read server url info from persistent storage, error code (%d), size %d, expected size %d", ae_err, server_urls_size, sizeof(_server_urls)); ae_err = OAL_CONFIG_FILE_ERROR; }else{ AESM_DBG_INFO("server url blob file not available in persistent storage"); } if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){ if (strcpy_s(_server_urls.endpoint_url, MAX_PATH, DEFAULT_URL) != 0) return AE_FAILURE; if (strcpy_s(_server_urls.pse_rl_url, MAX_PATH, DEFAULT_PSE_RL_URL) != 0) return AE_FAILURE; if (strcpy_s(_server_urls.pse_ocsp_url, MAX_PATH, DEFAULT_PSE_OCSP_URL) != 0) return AE_FAILURE; _is_server_url_valid = true; return AE_SUCCESS; } else{ return ae_err; } } _is_server_url_valid = true; return AE_SUCCESS; }
bool read_aesm_config(aesm_config_infos_t& infos) { char line[MAX_LINE]; int line_no=0; bool ret = true; config_entry_t entries[config_value_nums]; memset(&entries,0,sizeof(entries)); memset(&infos, 0, sizeof(aesm_config_infos_t)); strcpy(infos.white_list_url, DEFAULT_WHITE_LIST_URL); infos.proxy_type = AESM_PROXY_TYPE_DEFAULT_PROXY; FILE *f =fopen(AESM_CONFIG_FILE, "r"); if(f==NULL){ AESM_DBG_ERROR("Cannnot read aesm config file %s",AESM_CONFIG_FILE); return false; } init_config_patterns(entries); while(fgets(line, MAX_LINE, f)!=NULL){ size_t len=strlen(line); if(len>0&&line[len-1]=='\n')line[len-1]='\0';//remove the line ending line_no++; if(!config_process_one_line(line, entries, infos)){ AESM_LOG_WARN("format error in file %s:%d [%s]",AESM_CONFIG_FILE, line_no, line); ret = false;//continue process the file but save the error status } } release_config_patterns(entries); fclose(f); if(infos.proxy_type>=NUM_PROXY_TYPE|| (infos.proxy_type==AESM_PROXY_TYPE_MANUAL_PROXY&&infos.aesm_proxy[0]=='\0')){ AESM_DBG_WARN("Invalid proxy type %d",infos.proxy_type); infos.proxy_type = AESM_PROXY_TYPE_DIRECT_ACCESS; ret = false; } return ret; }