void tcp_send_synack(struct tcp_sock *tsk, struct tcp_segment *seg)
{
/*
* LISTEN :
* SYN-SENT:
* SEG: SYN, no ACK, no RST
* <SEQ=ISS><ACK=RCV.NXT><CTL=SYN,ACK>
* (ISS == SND.NXT)
*/
struct tcp *otcp, *tcphdr = seg->tcphdr;
struct pkbuf *opkb;
if (tcphdr->rst)
return;
opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
/* fill tcp head */
otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
otcp->src = tcphdr->dst;
otcp->dst = tcphdr->src;
otcp->doff = TCP_HRD_DOFF;
otcp->seq = _htonl(tsk->iss);
otcp->ackn = _htonl(tsk->rcv_nxt);
otcp->syn = 1;
otcp->ack = 1;
otcp->window = _htons(tsk->rcv_wnd);
tcpdbg("send SYN(%u)/ACK(%u) [WIN %d] to "IPFMT":%d",
_ntohl(otcp->seq), _ntohs(otcp->window),
_ntohl(otcp->ackn), ipfmt(seg->iphdr->ip_dst),
_ntohs(otcp->dst));
tcp_send_out(tsk, opkb, seg);
}
void tcp_send_fin(struct tcp_sock *tsk)
{
struct tcp *otcp;
struct pkbuf *opkb;
opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
/* fill tcp head */
otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
otcp->src = tsk->sk.sk_sport;
otcp->dst = tsk->sk.sk_dport;
otcp->doff = TCP_HRD_DOFF;
otcp->seq = _htonl(tsk->snd_nxt);
otcp->window = _htons(tsk->rcv_wnd);
otcp->fin = 1;
/*
* Should we send an ACK?
* Yes, tcp stack will drop packet if it has no ACK bit
* according to RFC 793 #SEGMENT RECEIVE
*/
otcp->ackn = _htonl(tsk->rcv_nxt);
otcp->ack = 1;
tcpdbg("send FIN(%u)/ACK(%u) [WIN %d] to "IPFMT":%d",
_ntohl(otcp->seq), _ntohl(otcp->ackn),
_ntohs(otcp->window), ipfmt(tsk->sk.sk_daddr),
_ntohs(otcp->dst));
tcp_send_out(tsk, opkb, NULL);
}
int EventStream::load(QIODevice &source)
{
uint8_t sig[4];
int32_t size;
int offset;
struct evt_file_header file_header;
if (source.read((char *)&file_header, sizeof(file_header)) != sizeof(file_header)) {
qDebug() << "Unable to read file header: " << source.errorString();
return -1;
}
if (memcmp(&file_header.magic1, EVENT_HDR_1, sizeof(file_header.magic1))) {
qDebug() << "Error: File signature doesn't match";
qDebug("%x%x%x%x vs %x%x%x%x\n",
file_header.magic1[0], file_header.magic1[1],
file_header.magic1[2], file_header.magic1[3],
EVENT_HDR_1[0], EVENT_HDR_1[1],
EVENT_HDR_1[2], EVENT_HDR_1[3]);
return -1;
}
size = _ntohl(file_header.count);
for (offset=0; offset<size; offset++) {
uint32_t addr;
if (source.read((char *)&addr, sizeof(addr)) != sizeof(addr)) {
qDebug() << "Unable to read addr table: " << source.errorString();
return -1;
}
addr = _ntohl(addr);
_offsets.append(addr);
}
if (source.read((char *)sig, sizeof(sig)) != sizeof(sig)) {
qDebug() << "Unable to read stream: " << source.errorString();
return -1;
}
if (memcmp(sig, EVENT_HDR_2, sizeof(sig))) {
qDebug() << "Error: Main signature doesn't match";
qDebug("%x%x%x%x vs %x%x%x%x\n", sig[0], sig[1], sig[2], sig[3],
EVENT_HDR_2[0], EVENT_HDR_2[1], EVENT_HDR_2[2], EVENT_HDR_2[3]);
return -1;
}
for (offset=0; offset<size; offset++) {
Event e(source, this);
_events.append(e);
}
_currentEvents = _events;
return 0;
}
ae_error_t CertificateProvisioningProtocol::check_response_header(const provision_response_header_t& header, uint8_t msg_type, uint32_t msg_size)
{
ae_error_t status = AE_FAILURE;
do
{
if (sizeof(provision_request_header_t) > msg_size)
break;
if (header.protocol != PSE_PROVISIONING || header.type != msg_type || header.version < TLV_VERSION_1)
break;
const uint32_t* temp = reinterpret_cast<const uint32_t*>(header.size);
uint32_t totalSize = _ntohl(*temp);
if (totalSize + PROVISION_RESPONSE_HEADER_SIZE != msg_size)
break;
if (sizeof(header.xid) != TransactionID.getSize())
break;
if (0 != memcmp(header.xid, TransactionID.getData(), sizeof(header.xid)))
break;
status = AE_SUCCESS;
} while (0);
return status;
}
quint32 fromBufferToNumber (const QByteArray &buffer)
{
QDataStream ds (buffer);
quint32 temp;
ds >> temp;
return _ntohl(temp);
}
uint32 CAddress::ToIPv4() const // must be same as with Qt*/
{
uint32 ip = 0;
if(m_eAF == IPv4)
memcpy(&ip, m_IP, Len());
return _ntohl(ip);
}
bool NBT_Tag::getInt(const string name, int32_t &value)
{
if (_type != tagCompound || _elems->find(name) == _elems->end() || (*_elems)[name]->getType() != tagInt) {
return false;
}
value = _ntohl((*_elems)[name]->_data);
return true;
}
ae_error_t AESMLogic::save_unverified_white_list(const uint8_t *white_list_cert, uint32_t white_list_cert_size)
{
wl_cert_chain_t old_cert;
const wl_cert_chain_t *p_new_cert = reinterpret_cast<const wl_cert_chain_t *>(white_list_cert);
uint32_t old_cert_size = sizeof(old_cert);
memset(&old_cert, 0, sizeof(old_cert));
if((aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, reinterpret_cast<uint8_t *>(&old_cert), &old_cert_size) == AE_SUCCESS)
&& (old_cert_size == sizeof(old_cert)) && (white_list_cert_size >= sizeof(wl_cert_chain_t)))
{
if(_ntohl(p_new_cert->wl_cert.wl_version) <= _ntohl(old_cert.wl_cert.wl_version))
{
AESM_DBG_WARN("White list version downgraded! current version is %d, new version is %d",
_ntohl(old_cert.wl_cert.wl_version), _ntohl(p_new_cert->wl_cert.wl_version));
return OAL_PARAMETER_ERROR; // OAL_PARAMETER_ERROR used here is to indicate the white list is incorrect
}
}
return aesm_write_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, white_list_cert, white_list_cert_size);
}
/* We're all done sorting. Write out the logfile.
* Format:
* Magic number 0x43 0x9f 0x22 0x53
* Number of elements
* Array of absolute offsets from the start of the file
* Magic number 0xa4 0xc3 0x2d 0xe5
* Array of events
*/
static int st_write(struct state *st) {
int jump_offset;
struct evt_file_header file_header;
uint32_t offset;
qDebug() << "Writing out...";
st->out_fdh->seek(0);
offset = 0;
// Write out the file header
memset(&file_header, 0, sizeof(file_header));
memcpy(file_header.magic1, EVENT_HDR_1, strlen(EVENT_HDR_1));
file_header.version = _ntohl(1);
file_header.count = _htonl(hdr_count);
offset += st->out_fdh->write((char *)&file_header, sizeof(file_header));
// Advance the offset past the jump table
offset += hdr_count*sizeof(offset);
// Read in the jump table entries
st->fdh->seek(0);
for (jump_offset=0; jump_offset<hdr_count; jump_offset++) {
union evt evt;
uint32_t offset_swab = _htonl(offset);
st->out_fdh->write((char *)&offset_swab, sizeof(offset_swab));
st->fdh->seek(hdrs[jump_offset].pos);
memset(&evt, 0, sizeof(evt));
event_get_next(st, &evt);
if (evt.header.size > 32768)
return 1;
offset += evt.header.size;
}
offset += st->out_fdh->write(EVENT_HDR_2, 4);
// Now copy over the exact events
for (jump_offset=0; jump_offset<hdr_count; jump_offset++) {
union evt evt;
st->fdh->seek(hdrs[jump_offset].pos);
event_get_next(st, &evt);
event_write(st, &evt);
}
sstate_set(st, ST_DONE);
return 1;
}
static void tcp_init_text(struct tcp_sock *tsk, struct pkbuf *pkb,
void *buf, int size)
{
struct tcp *tcphdr = pkb2tcp(pkb);
tcphdr->src = tsk->sk.sk_sport;
tcphdr->dst = tsk->sk.sk_dport;
tcphdr->doff = TCP_HRD_DOFF;
tcphdr->seq = _htonl(tsk->snd_nxt);
tcphdr->ackn = _htonl(tsk->rcv_nxt);
tcphdr->ack = 1;
tcphdr->window = _htons(tsk->rcv_wnd);
memcpy(tcphdr->data, buf, size);
tsk->snd_nxt += size;
tsk->snd_wnd -= size;
tcpsdbg("send TEXT(%u:%d) [WIN %d] to "IPFMT":%d",
_ntohl(tcphdr->seq), size, _ntohs(tcphdr->window),
ipfmt(tsk->sk.sk_daddr), _ntohs(tcphdr->dst));
}
/*
* External function used to init white list. It will check whether the input
* buffer is correctly copied into EPC, and check the size of the buffer.
*
* @param wl_cert_chain[in] Pointer to the white list cert chain.
* @param wl_cert_chain_size[in] The size of white list cert chain, in bytes.
* @return uint32_t AE_SUCCESS for success, otherwise for errors.
*/
uint32_t le_init_white_list_wrapper(
const uint8_t *wl_cert_chain,
uint32_t wl_cert_chain_size)
{
const wl_cert_chain_t *p_wl_cert_chain = NULL;
uint32_t entry_number = 0;
uint32_t temp_size = 0;
if(wl_cert_chain == NULL)
{
return LE_INVALID_PARAMETER;
}
if(!sgx_is_within_enclave(wl_cert_chain, wl_cert_chain_size))
return LE_INVALID_PARAMETER;
p_wl_cert_chain = (const wl_cert_chain_t *)wl_cert_chain;
// First compare wl_cert_chain_size with the minimal size of cert chain.
// It should have at least one entry of mrsigner.
if(wl_cert_chain_size < sizeof(wl_cert_chain_t)
+ sizeof(sgx_measurement_t)
+ sizeof(sgx_ec256_signature_t))
{
return LE_INVALID_PARAMETER;
}
entry_number = p_wl_cert_chain->wl_cert.entry_number;
entry_number = _ntohl(entry_number);
// limits max MRSIGNER entry number in
// WL Cert to be <= 512
if(entry_number > LE_MAX_MRSIGNER_NUMBER)
{
return LE_INVALID_PARAMETER;
}
temp_size = static_cast<uint32_t>(sizeof(wl_cert_chain_t)
+ sizeof(sgx_ec256_signature_t)
+ (sizeof(sgx_measurement_t) * entry_number));
if(wl_cert_chain_size != temp_size)
{
return LE_INVALID_PARAMETER;
}
return le_init_white_list(p_wl_cert_chain, entry_number, wl_cert_chain_size);
}
void tcp_send_syn(struct tcp_sock *tsk, struct tcp_segment *seg)
{
/*
* SYN-SENT:
*/
struct tcp *otcp;
struct pkbuf *opkb;
opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
/* fill tcp head */
otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
otcp->src = tsk->sk.sk_sport;
otcp->dst = tsk->sk.sk_dport;
otcp->doff = TCP_HRD_DOFF;
otcp->seq = _htonl(tsk->iss);
otcp->syn = 1;
otcp->window = _htons(tsk->rcv_wnd);
tcpdbg("send SYN(%u) [WIN %d] to "IPFMT":%d",
_ntohl(otcp->seq), _ntohs(otcp->window),
ipfmt(tsk->sk.sk_daddr), _ntohs(otcp->dst));
tcp_send_out(tsk, opkb, seg);
}
/*
* Acknowledgment algorithm is not stated directly in RFC 793,
* but we can conclude it from all acknowledgment situation.
*/
void tcp_send_ack(struct tcp_sock *tsk, struct tcp_segment *seg)
{
/*
* SYN-SENT :
* SEG: SYN, acceptable ACK, no RST (SND.NXT = SEG.SEQ+1)
* <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
* SYN-RECEIVED / ESTABLISHED / FIN-WAIT-1 / FIN-WAIT-2 /
* CLOSE-WAIT / CLOSING / LAST-ACK / TIME-WAIT :
* SEG: no RST, ??ACK, ??SYN (segment is not acceptable)
* <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
* ESTABLISHED / FIN-WAIT-1 / FIN-WAIT-2 / process the segment text:
* SEG: ACK, no RST
* <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
* (This acknowledgment should be piggybacked on a segment being
* transmitted if possible without incurring undue delay.)
*/
struct tcp *otcp, *tcphdr = seg->tcphdr;
struct pkbuf *opkb;
if (tcphdr->rst)
return;
opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
/* fill tcp head */
otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
otcp->src = tcphdr->dst;
otcp->dst = tcphdr->src;
otcp->doff = TCP_HRD_DOFF;
otcp->seq = _htonl(tsk->snd_nxt);
otcp->ackn = _htonl(tsk->rcv_nxt);
otcp->ack = 1;
otcp->window = _htons(tsk->rcv_wnd);
tcpdbg("send ACK(%u) [WIN %d] to "IPFMT":%d",
_ntohl(otcp->ackn), _ntohs(otcp->window),
ipfmt(seg->iphdr->ip_src), _ntohs(otcp->dst));
tcp_send_out(tsk, opkb, seg);
}
//Function to read the first tlv info from msg and return length in bytes of the TLV header (so it provides offset of TLV payload)
// the function return 0 on error
static uint32_t read_tlv_info(const tlv_msg_t& msg, tlv_info_t *info)
{
if(msg.msg_size<SMALL_TLV_HEADER_SIZE){//The TLV header has at least 4 bytes
return 0;
}
//read TLV type and version, the highest bit of type to tell whether size is 2 or 4 bytes is removed
info->type = GET_TLV_TYPE(msg.msg_buf[0]);
info->version = msg.msg_buf[1];
if(IS_FOUR_BYTES_SIZE_TYPE(msg.msg_buf[0])){//four bytes or two bytes of size
if(msg.msg_size<LARGE_TLV_HEADER_SIZE)return 0;
(void)memcpy_s(&info->size, sizeof(info->size), &msg.msg_buf[2], sizeof(uint32_t));
info->size = _ntohl(info->size);
info->payload = msg.msg_buf+LARGE_TLV_HEADER_SIZE;
info->header_size = LARGE_TLV_HEADER_SIZE;
return LARGE_TLV_HEADER_SIZE;//6 bytes TLV header
}else{
uint16_t size = 0;
(void)memcpy_s(&size, sizeof(uint16_t), &msg.msg_buf[2], sizeof(uint16_t));
info->size = (uint32_t)_ntohs(size); //reorder to form little endian size value and extended by 0
info->payload = msg.msg_buf+SMALL_TLV_HEADER_SIZE;
info->header_size = SMALL_TLV_HEADER_SIZE;
return SMALL_TLV_HEADER_SIZE; //4 bytes TLV header
}
}
CAddress::CAddress(uint32 IP) // must be same as with Qt
{
m_eAF = IPv4;
IP = _ntohl(IP);
memcpy(m_IP, &IP, Len());
}
void NBT_Tag::parseData(uint8_t* &position, const uint8_t *end, string *name)
{
// position should now point to start of data (for named tags, right after the name)
//fprintf(stderr, "Have Tag of type %d\n", (int)_type);
switch (_type) {
case tagCompound:
_elems = new tagmap;
while (*position != 0 && position < end) { // No end tag, go on...
//fprintf(stderr, "Having a child....*plopp*..\n");
string thisname;
NBT_Tag *tmp = new NBT_Tag(position, end, thisname);
if (position == NULL) {
//fprintf(stderr, "DELETE tmp in compound because of invalid\n");
delete tmp;
return;
}
if (name != NULL) {
//fprintf(stderr, " ** Adding %s to %s\n", thisname.c_str(), name->c_str());
}
(*_elems)[thisname] = tmp;
}
++position;
break;
case tagList: {
if (*position < 0 || *position > 11) {
//fprintf(stderr, "Invalid list type!\n");
position = NULL;
return;
}
TagType type = (TagType)*position;
uint32_t count = _ntohl(position+1);
position += 5;
_list = new list<NBT_Tag *>;
//fprintf(stderr, "List contains %d elements of type %d\n", (int)count, (int)type);
while (count-- && position < end) { // No end tag, go on...
NBT_Tag *tmp = new NBT_Tag(position, end, type);
if (position == NULL) {
//fprintf(stderr, "DELETE tmp in list because of invalid\n");
delete tmp;
return;
}
_list->push_back(tmp);
}
}
break;
case tagByte:
_data = position;
position += 1;
break;
case tagShort:
_data = position;
position += 2;
break;
case tagInt:
_data = position;
position += 4;
break;
case tagLong:
_data = position;
position += 8;
break;
case tagFloat:
_data = position;
position += 4;
break;
case tagDouble:
_data = position;
position += 8;
break;
case tagByteArray:
_len = _ntohl(position);
//fprintf(stderr, "Array size is %d\n", (int)_len);
if (position + _len + 4 >= end) {
printf("ByteArray too long by %d bytes!\n", int((position + _len + 4) - end));
position = NULL;
return;
}
_data = position + 4;
position += 4 + _len;
break;
case tagString:
_len = _ntohs(position);
//fprintf(stderr, "Stringlen is %d\n", (int)_len);
if (position + _len + 2 >= end) {
//fprintf(stderr, "Too long!\n");
position = NULL;
return;
}
_data = position;
position += 2 + _len;
break;
case tagIntArray:
_len = _ntohl(position) * 4;
//fprintf(stderr, "Array size is %d\n", (int)_len);
if (position + _len + 4 >= end) {
printf("IntArray too long by %d bytes!\n", int((position + _len + 4) - end));
position = NULL;
return;
}
_data = position + 4;
position += 4 + _len;
break;
case tagUnknown:
default:
printf("UNKNOWN TAG_ %d!\n", (int)_type);
position = NULL;
break;
}
}
/*
* Internal function used to init white list. It will check the content of the
* cert chain, and verify the signature of input cert chains. If no problem,
* it will cache the input white list into EPC.
*
* @param p_wl_cert_chain[in] Pointer to the white list cert chain.
* @param entry_number[in] The entry number within the white list.
* @param wl_cert_chain_size[in] The size of white list cert chain, in bytes.
* @return uint32_t AE_SUCCESS for success, otherwise for errors.
*/
uint32_t le_init_white_list(
const wl_cert_chain_t *p_wl_cert_chain,
uint32_t entry_number,
uint32_t wl_cert_chain_size)
{
sgx_status_t sgx_ret = SGX_SUCCESS;
uint32_t ret = AE_SUCCESS;
uint32_t new_wl_version = 0;
uint8_t verify_result = 0;
int valid = 0;
const uint8_t *buf = NULL;
uint32_t buf_size = 0;
sgx_prod_id_t wl_prod_id = 0;
sgx_ecc_state_handle_t ecc_handle = NULL;
wl_cert_t *p_wl_cert_cache = (wl_cert_t *)g_wl_cert_buf;
sgx_report_t report;
sgx_ec256_signature_t wl_signature;
sgx_ec256_public_t wl_pubkey;
// Check fields of provider cert
// Format version should be 1 (big endian)
if(p_wl_cert_chain->wl_provider_cert.version != WL_PROVIDER_CERT_VERSION)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// For Enclave Signing Key White List Cert, must be 0
if(p_wl_cert_chain->wl_provider_cert.cert_type != WL_PROVIDER_CERT_TYPE)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// only one White List Provider is approved:
// WLProviderID: ISecG = 0
if(p_wl_cert_chain->wl_provider_cert.provider_id != WL_PROVIDER_CERT_PROVIDER_ID)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// only one WLRootID is valid: WLRootID-iKGF-Key-0 = 0
if(p_wl_cert_chain->wl_provider_cert.root_id != WL_PROVIDER_CERT_ROOT_ID)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// Check fields of wl cert
// only valid version is 1
if(p_wl_cert_chain->wl_cert.version != WL_CERT_VERSION)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// For Enclave Signing Key White List Cert, must be 1
if(p_wl_cert_chain->wl_cert.cert_type != WL_CERT_TYPE)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// only one White List Provider is approved:
// WLProviderID: ISecG = 0
if(p_wl_cert_chain->wl_cert.provider_id != WL_CERT_PROVIDER_ID)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// If cache exists
new_wl_version = p_wl_cert_chain->wl_cert.wl_version;
new_wl_version = _ntohl(new_wl_version);
if(p_wl_cert_cache->version != 0)
{
// the logic will be needed to support more than
// one providers in the future.
//if(p_wl_cert_chain->wl_cert.provider_id
// != p_wl_cert_cache->provider_id)
//{
// ret = LE_INVALID_PARAMETER;
// goto CLEANUP;
//}
if(new_wl_version < p_wl_cert_cache->wl_version)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
}
sgx_ret = sgx_ecc256_open_context(&ecc_handle);
if (SGX_SUCCESS != sgx_ret)
{
ret = LE_UNEXPECTED_ERROR;
goto CLEANUP;
}
memset(&wl_signature, 0, sizeof(wl_signature));
// Convert the signature of provider cert into little endian
memcpy(&wl_signature,
&(p_wl_cert_chain->wl_provider_cert.signature),
sizeof(wl_signature));
SWAP_ENDIAN_8X32B(wl_signature.x);
SWAP_ENDIAN_8X32B(wl_signature.y);
// Verify the wl provider cert
buf = (const uint8_t *)&(p_wl_cert_chain->wl_provider_cert);
buf_size = static_cast<uint32_t>(sizeof(p_wl_cert_chain->wl_provider_cert)
- sizeof(p_wl_cert_chain->wl_provider_cert.signature));
sgx_ret = sgx_ecdsa_verify(buf, buf_size,
&g_wl_root_pubkey,
&wl_signature,
&verify_result,
ecc_handle);
if (SGX_SUCCESS != sgx_ret)
{
ret = LE_UNEXPECTED_ERROR;
goto CLEANUP;
}
if(SGX_EC_VALID != verify_result)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// Convert the signature of wl cert into little endian
buf = (const uint8_t *)p_wl_cert_chain + wl_cert_chain_size
- sizeof(wl_signature);
memcpy(&wl_signature, buf, sizeof(wl_signature));
SWAP_ENDIAN_8X32B(wl_signature.x);
SWAP_ENDIAN_8X32B(wl_signature.y);
// Convert the pubkey into little endian
memset(&wl_pubkey, 0, sizeof(wl_pubkey));
memcpy(&wl_pubkey,
&(p_wl_cert_chain->wl_provider_cert.pub_key),
sizeof(wl_pubkey));
reverse_byte_array(wl_pubkey.gx, sizeof(wl_pubkey.gx));
reverse_byte_array(wl_pubkey.gy, sizeof(wl_pubkey.gy));
// Check whether the pubkey is valid first.
sgx_ret = sgx_ecc256_check_point(&wl_pubkey, ecc_handle, &valid);
if(SGX_SUCCESS != sgx_ret)
{
ret = LE_UNEXPECTED_ERROR;
goto CLEANUP;
}
if(!valid)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// Verify the wl_cert
buf = (const uint8_t *)&(p_wl_cert_chain->wl_cert);
buf_size = wl_cert_chain_size - static_cast<uint32_t>(sizeof(wl_provider_cert_t) + sizeof(sgx_ec256_signature_t));
sgx_ret = sgx_ecdsa_verify(buf, buf_size,
&wl_pubkey,
&wl_signature,
&verify_result,
ecc_handle);
if (SGX_SUCCESS != sgx_ret)
{
ret = LE_UNEXPECTED_ERROR;
goto CLEANUP;
}
if(SGX_EC_VALID != verify_result)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
memset(&report, 0, sizeof(report));
// Create report to get current mrsigner.
sgx_ret = sgx_create_report(NULL, NULL, &report);
if(SGX_SUCCESS != sgx_ret)
{
ret = LE_UNEXPECTED_ERROR;
goto CLEANUP;
}
// Convert the big endian prod id to little endian.
wl_prod_id = p_wl_cert_chain->wl_cert.le_prod_id;
wl_prod_id = _ntohs(wl_prod_id);
if(report.body.isv_prod_id != wl_prod_id)
{
ret = LE_INVALID_PARAMETER;
goto CLEANUP;
}
// Cache the wl cert
memset(g_wl_cert_buf, 0, sizeof(g_wl_cert_buf));
memcpy(g_wl_cert_buf, &(p_wl_cert_chain->wl_cert), buf_size);
// Change entry_number and wl_version to little endian, so we don't need to
// convert them next time.
p_wl_cert_cache->entry_number = entry_number;
p_wl_cert_cache->wl_version = new_wl_version;
CLEANUP:
if(ecc_handle != NULL)
{
sgx_ecc256_close_context(ecc_handle);
}
return ret;
}
uint32_t Packet::nanoSeconds() const {
return _ntohl(packet.header.nsec);
}
time_t Packet::seconds() const {
return _ntohl(packet.header.sec);
}
uint32_t Packet::commandArg() const {
if (packetType() != PACKET_COMMAND)
return 0;
return _ntohl(packet.data.command.arg);
}