ae_error_t pib_verify_signature(platform_info_blob_wrapper_t& piBlobWrapper)
{
ae_error_t ae_err = AE_FAILURE;
sgx_ecc_state_handle_t ecc_handle = NULL;
uint8_t result = SGX_EC_INVALID_SIGNATURE;
const uint32_t data_size = static_cast<uint32_t>(sizeof(piBlobWrapper.platform_info_blob) - sizeof(piBlobWrapper.platform_info_blob.signature));
piBlobWrapper.valid_info_blob = false;
do
{
sgx_ec256_public_t publicKey;
sgx_ec256_signature_t signature;
sgx_status_t sgx_status;
//BREAK_IF_TRUE((sizeof(publicKey) != sizeof(s_pib_pub_key_big_endian)), ae_err, AE_FAILURE);
//BREAK_IF_TRUE((sizeof(signature) != sizeof(piBlobWrapper.platform_info_blob.signature)), ae_err, AE_FAILURE);
if(0!=memcpy_s(&publicKey, sizeof(publicKey), s_pib_pub_key_big_endian, sizeof(s_pib_pub_key_big_endian))){
ae_err = AE_FAILURE;
break;
}
if(0!=memcpy_s(&signature, sizeof(signature), &piBlobWrapper.platform_info_blob.signature, sizeof(piBlobWrapper.platform_info_blob.signature))){
ae_err = AE_FAILURE;
break;
}
sgx_status = sgx_ecc256_open_context(&ecc_handle);
BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);
sgx_status = sgx_ecdsa_verify((uint8_t*)&piBlobWrapper.platform_info_blob, data_size, &publicKey, &signature, &result, ecc_handle);
BREAK_IF_TRUE((SGX_SUCCESS != sgx_status), ae_err, AE_FAILURE);
if (SGX_EC_VALID != result)
{
AESM_LOG_WARN(g_event_string_table[SGX_EVENT_PID_SIGNATURE_FAILURE]);
break;
}
piBlobWrapper.valid_info_blob = true;
ae_err = AE_SUCCESS;
} while (0);
if (ecc_handle != NULL) {
sgx_ecc256_close_context(ecc_handle);
}
return ae_err;
}
int main() {
if(daemon(0, 0) < 0)
{
AESM_LOG_INIT();
AESM_LOG_FATAL("Fail to set daemon.");
AESM_LOG_FINI();
exit(1);
}
CURLcode curl_code = curl_global_init(CURL_GLOBAL_DEFAULT);
if(curl_code!=CURLE_OK){
curl_initialized = false;
}else{
curl_initialized = true;
}
signal(SIGCHLD, SIG_IGN);
signal(SIGHUP, signal_handler);
//ignore SIGPIPE, socket is unexpectedly closed by client
signal(SIGPIPE, SIG_IGN);
signal(SIGTERM, signal_handler);
try{
do{
reload = false;
AESMLogicWrapper* aesmLogic = new AESMLogicWrapper();
if(aesmLogic->service_start()!=AE_SUCCESS){
AESM_LOG_ERROR("Fail to start service.");
delete aesmLogic;
exit(1);
}
UnixServerSocket* serverSock = new UnixServerSocket(CONFIG_SOCKET_PATH);
CSelector* selector = new CSelector(serverSock);
server = new CAESMServer(serverSock, selector, aesmLogic);
AESM_LOG_WARN("The server sock is %#lx" ,serverSock);
server->init();
server->doWork();
CAESMServer* temp_server = server;
server = NULL;
delete temp_server;
}while(reload == true);
}
catch(char const* error_msg)
{
AESM_LOG_FATAL("%s", error_msg);
}
return 0;
}
ae_error_t EPIDBlob::write(const epid_blob_with_cur_psvn_t& blob)
{
ae_error_t ae_ret = AE_FAILURE;
status = not_available;
if((ae_ret = aesm_write_data(FT_PERSISTENT_STORAGE, EPID_DATA_BLOB_FID,reinterpret_cast<const uint8_t *>(&blob), sizeof(blob)))!=AE_SUCCESS)
{
AESM_DBG_WARN("fail to write epid blob to persistent storage:%d",ae_ret);
AESM_LOG_WARN("%s",g_event_string_table[SGX_EVENT_EPID_BLOB_PERSISTENT_STROAGE_FAILURE]);
// continue to update cache
}
if(memcpy_s(&blob_cache, sizeof(blob_cache), &blob, sizeof(blob))!=0){
status = not_available; //invalid status
ae_ret = AE_FAILURE;
}else{
status = update_to_date;
ae_ret = AE_SUCCESS;
}
return ae_ret;
}
//Function to read urls from configure files
ae_error_t EndpointSelectionInfo::get_url_info()
{
ae_error_t ae_err=AE_SUCCESS;
uint32_t server_urls_size = sizeof(_server_urls);
ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&_server_urls), &server_urls_size, AESMLogic::get_active_extended_epid_group_id());
if(AE_SUCCESS != ae_err ||
server_urls_size != sizeof(_server_urls)||
!is_valid_server_url_infos(_server_urls)){ //If fail to read or data format error, use default value
_is_server_url_valid = false;
if(AE_SUCCESS == ae_err){//File available but format error, report ERROR LOG
AESM_LOG_WARN("Server URL Blob file format error");
AESM_DBG_INFO("fail to read server url info from persistent storage, error code (%d), size %d, expected size %d",
ae_err, server_urls_size, sizeof(_server_urls));
ae_err = OAL_CONFIG_FILE_ERROR;
}else{
AESM_DBG_INFO("server url blob file not available in persistent storage");
}
if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){
if (strcpy_s(_server_urls.endpoint_url, MAX_PATH, DEFAULT_URL) != 0)
return AE_FAILURE;
if (strcpy_s(_server_urls.pse_rl_url, MAX_PATH, DEFAULT_PSE_RL_URL) != 0)
return AE_FAILURE;
if (strcpy_s(_server_urls.pse_ocsp_url, MAX_PATH, DEFAULT_PSE_OCSP_URL) != 0)
return AE_FAILURE;
_is_server_url_valid = true;
return AE_SUCCESS;
}
else{
return ae_err;
}
}
_is_server_url_valid = true;
return AE_SUCCESS;
}
bool read_aesm_config(aesm_config_infos_t& infos)
{
char line[MAX_LINE];
int line_no=0;
bool ret = true;
config_entry_t entries[config_value_nums];
memset(&entries,0,sizeof(entries));
memset(&infos, 0, sizeof(aesm_config_infos_t));
strcpy(infos.white_list_url, DEFAULT_WHITE_LIST_URL);
infos.proxy_type = AESM_PROXY_TYPE_DEFAULT_PROXY;
FILE *f =fopen(AESM_CONFIG_FILE, "r");
if(f==NULL){
AESM_DBG_ERROR("Cannnot read aesm config file %s",AESM_CONFIG_FILE);
return false;
}
init_config_patterns(entries);
while(fgets(line, MAX_LINE, f)!=NULL){
size_t len=strlen(line);
if(len>0&&line[len-1]=='\n')line[len-1]='\0';//remove the line ending
line_no++;
if(!config_process_one_line(line, entries, infos)){
AESM_LOG_WARN("format error in file %s:%d [%s]",AESM_CONFIG_FILE, line_no, line);
ret = false;//continue process the file but save the error status
}
}
release_config_patterns(entries);
fclose(f);
if(infos.proxy_type>=NUM_PROXY_TYPE||
(infos.proxy_type==AESM_PROXY_TYPE_MANUAL_PROXY&&infos.aesm_proxy[0]=='\0')){
AESM_DBG_WARN("Invalid proxy type %d",infos.proxy_type);
infos.proxy_type = AESM_PROXY_TYPE_DIRECT_ACCESS;
ret = false;
}
return ret;
}
