Esempio n. 1
0
File: tcp_out.c Progetto: 0xcc/tapip
void tcp_send_synack(struct tcp_sock *tsk, struct tcp_segment *seg)
{
	/*
	 * LISTEN :
	 * SYN-SENT:
	 *         SEG: SYN, no ACK, no RST
	 *         <SEQ=ISS><ACK=RCV.NXT><CTL=SYN,ACK>
	 *         (ISS == SND.NXT)
	 */
	struct tcp *otcp, *tcphdr = seg->tcphdr;
	struct pkbuf *opkb;

	if (tcphdr->rst)
		return;
	opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
	/* fill tcp head */
	otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
	otcp->src = tcphdr->dst;
	otcp->dst = tcphdr->src;
	otcp->doff = TCP_HRD_DOFF;
	otcp->seq = _htonl(tsk->iss);
	otcp->ackn = _htonl(tsk->rcv_nxt);
	otcp->syn = 1;
	otcp->ack = 1;
	otcp->window = _htons(tsk->rcv_wnd);
	tcpdbg("send SYN(%u)/ACK(%u) [WIN %d] to "IPFMT":%d",
			_ntohl(otcp->seq), _ntohs(otcp->window),
			_ntohl(otcp->ackn), ipfmt(seg->iphdr->ip_dst),
			_ntohs(otcp->dst));
	tcp_send_out(tsk, opkb, seg);
}
Esempio n. 2
0
File: tcp_out.c Progetto: 0xcc/tapip
void tcp_send_fin(struct tcp_sock *tsk)
{
	struct tcp *otcp;
	struct pkbuf *opkb;

	opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
	/* fill tcp head */
	otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
	otcp->src = tsk->sk.sk_sport;
	otcp->dst = tsk->sk.sk_dport;
	otcp->doff = TCP_HRD_DOFF;
	otcp->seq = _htonl(tsk->snd_nxt);
	otcp->window = _htons(tsk->rcv_wnd);
	otcp->fin = 1;
	/*
	 * Should we send an ACK?
	 * Yes, tcp stack will drop packet if it has no ACK bit
	 * according to RFC 793 #SEGMENT RECEIVE
	 */
	otcp->ackn = _htonl(tsk->rcv_nxt);
	otcp->ack = 1;
	tcpdbg("send FIN(%u)/ACK(%u) [WIN %d] to "IPFMT":%d",
			_ntohl(otcp->seq), _ntohl(otcp->ackn),
			_ntohs(otcp->window), ipfmt(tsk->sk.sk_daddr),
			_ntohs(otcp->dst));
	tcp_send_out(tsk, opkb, NULL);
}
Esempio n. 3
0
int EventStream::load(QIODevice &source)
{
    uint8_t sig[4];
    int32_t size;
    int offset;
    struct evt_file_header file_header;

    if (source.read((char *)&file_header, sizeof(file_header)) != sizeof(file_header)) {
        qDebug() << "Unable to read file header: " << source.errorString();
        return -1;
    }

    if (memcmp(&file_header.magic1, EVENT_HDR_1, sizeof(file_header.magic1))) {
        qDebug() << "Error: File signature doesn't match";
        qDebug("%x%x%x%x vs %x%x%x%x\n", 
                file_header.magic1[0], file_header.magic1[1],
                file_header.magic1[2], file_header.magic1[3],
                EVENT_HDR_1[0], EVENT_HDR_1[1],
                EVENT_HDR_1[2], EVENT_HDR_1[3]);
        return -1;
    }

    size = _ntohl(file_header.count);

	for (offset=0; offset<size; offset++) {
        uint32_t addr;
        if (source.read((char *)&addr, sizeof(addr)) != sizeof(addr)) {
            qDebug() << "Unable to read addr table: " << source.errorString();
            return -1;
        }
        addr = _ntohl(addr);
        _offsets.append(addr);
    }
    
	if (source.read((char *)sig, sizeof(sig)) != sizeof(sig)) {
        qDebug() << "Unable to read stream: " << source.errorString();
        return -1;
    }

    if (memcmp(sig, EVENT_HDR_2, sizeof(sig))) {
        qDebug() << "Error: Main signature doesn't match";
        qDebug("%x%x%x%x vs %x%x%x%x\n", sig[0], sig[1], sig[2], sig[3],
                EVENT_HDR_2[0], EVENT_HDR_2[1], EVENT_HDR_2[2], EVENT_HDR_2[3]);
        return -1;
    }

    for (offset=0; offset<size; offset++) {
        Event e(source, this);
        _events.append(e);
    }

    _currentEvents = _events;

    return 0;
}
ae_error_t CertificateProvisioningProtocol::check_response_header(const provision_response_header_t& header, uint8_t msg_type, uint32_t msg_size)
{
    ae_error_t status = AE_FAILURE;

    do
    {
        if (sizeof(provision_request_header_t) > msg_size)
            break;

        if (header.protocol != PSE_PROVISIONING || header.type != msg_type || header.version < TLV_VERSION_1)
            break;

        const uint32_t* temp = reinterpret_cast<const uint32_t*>(header.size);
        uint32_t totalSize = _ntohl(*temp);
        if (totalSize + PROVISION_RESPONSE_HEADER_SIZE != msg_size)
            break;

        if (sizeof(header.xid) != TransactionID.getSize())
            break;

        if (0 != memcmp(header.xid, TransactionID.getData(), sizeof(header.xid)))
            break;

        status = AE_SUCCESS;
    } while (0);

    return status;
}
Esempio n. 5
0
quint32 fromBufferToNumber (const QByteArray &buffer)
{
    QDataStream ds (buffer);
    quint32 temp;
    ds >> temp;
    return _ntohl(temp);
}
Esempio n. 6
0
uint32 CAddress::ToIPv4() const // must be same as with Qt*/
{
	uint32 ip = 0;
	if(m_eAF == IPv4)
		memcpy(&ip, m_IP, Len());
	return _ntohl(ip);
}
Esempio n. 7
0
File: nbt.cpp Progetto: Zahl/mcmap
bool NBT_Tag::getInt(const string name, int32_t &value)
{
	if (_type != tagCompound || _elems->find(name) == _elems->end() || (*_elems)[name]->getType() != tagInt) {
		return false;
	}
	value = _ntohl((*_elems)[name]->_data);
	return true;
}
Esempio n. 8
0
ae_error_t AESMLogic::save_unverified_white_list(const uint8_t *white_list_cert, uint32_t white_list_cert_size)
{
    wl_cert_chain_t old_cert;
    const wl_cert_chain_t *p_new_cert = reinterpret_cast<const wl_cert_chain_t *>(white_list_cert);
    uint32_t old_cert_size = sizeof(old_cert);
    memset(&old_cert, 0, sizeof(old_cert));
    if((aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, reinterpret_cast<uint8_t *>(&old_cert), &old_cert_size) == AE_SUCCESS)
        && (old_cert_size == sizeof(old_cert)) && (white_list_cert_size >= sizeof(wl_cert_chain_t)))
    {
        if(_ntohl(p_new_cert->wl_cert.wl_version) <= _ntohl(old_cert.wl_cert.wl_version))
        {
            AESM_DBG_WARN("White list version downgraded! current version is %d, new version is %d",
                          _ntohl(old_cert.wl_cert.wl_version), _ntohl(p_new_cert->wl_cert.wl_version));
            return OAL_PARAMETER_ERROR;  // OAL_PARAMETER_ERROR used here is to indicate the white list is incorrect
        }
    }
    return aesm_write_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, white_list_cert, white_list_cert_size);
}
Esempio n. 9
0
/* We're all done sorting.  Write out the logfile.
 * Format:
 *   Magic number 0x43 0x9f 0x22 0x53
 *   Number of elements
 *   Array of absolute offsets from the start of the file
 *   Magic number 0xa4 0xc3 0x2d 0xe5
 *   Array of events
 */
static int st_write(struct state *st) {
    int jump_offset;
    struct evt_file_header file_header;
    uint32_t offset;

    qDebug() << "Writing out...";
	st->out_fdh->seek(0);
    offset = 0;

    // Write out the file header
    memset(&file_header, 0, sizeof(file_header));
    memcpy(file_header.magic1, EVENT_HDR_1, strlen(EVENT_HDR_1));
    file_header.version = _ntohl(1);
    file_header.count = _htonl(hdr_count);
	offset += st->out_fdh->write((char *)&file_header, sizeof(file_header));

    // Advance the offset past the jump table
    offset += hdr_count*sizeof(offset);

    // Read in the jump table entries
	st->fdh->seek(0);
    for (jump_offset=0; jump_offset<hdr_count; jump_offset++) {
        union evt evt;
        uint32_t offset_swab = _htonl(offset);
		st->out_fdh->write((char *)&offset_swab, sizeof(offset_swab));

        st->fdh->seek(hdrs[jump_offset].pos);
        memset(&evt, 0, sizeof(evt));
        event_get_next(st, &evt);
        if (evt.header.size > 32768)
            return 1;
        offset += evt.header.size;
    }

	offset += st->out_fdh->write(EVENT_HDR_2, 4);

    // Now copy over the exact events
    for (jump_offset=0; jump_offset<hdr_count; jump_offset++) {
        union evt evt;
        st->fdh->seek(hdrs[jump_offset].pos);
        event_get_next(st, &evt);
        event_write(st, &evt);
    }

    sstate_set(st, ST_DONE);
    return 1;
}
Esempio n. 10
0
static void tcp_init_text(struct tcp_sock *tsk, struct pkbuf *pkb,
		void *buf, int size)
{
	struct tcp *tcphdr = pkb2tcp(pkb);
	tcphdr->src = tsk->sk.sk_sport;
	tcphdr->dst = tsk->sk.sk_dport;
	tcphdr->doff = TCP_HRD_DOFF;
	tcphdr->seq = _htonl(tsk->snd_nxt);
	tcphdr->ackn = _htonl(tsk->rcv_nxt);
	tcphdr->ack = 1;
	tcphdr->window = _htons(tsk->rcv_wnd);
	memcpy(tcphdr->data, buf, size);
	tsk->snd_nxt += size;
	tsk->snd_wnd -= size;
	tcpsdbg("send TEXT(%u:%d) [WIN %d] to "IPFMT":%d",
			_ntohl(tcphdr->seq), size, _ntohs(tcphdr->window),
			ipfmt(tsk->sk.sk_daddr), _ntohs(tcphdr->dst));
}
Esempio n. 11
0
/*
 * External function used to init white list. It will check whether the input
 * buffer is correctly copied into EPC, and check the size of the buffer.
 *
 * @param wl_cert_chain[in] Pointer to the white list cert chain.
 * @param wl_cert_chain_size[in] The size of white list cert chain, in bytes.
 * @return uint32_t AE_SUCCESS for success, otherwise for errors.
 */
uint32_t le_init_white_list_wrapper(
    const uint8_t *wl_cert_chain,
    uint32_t wl_cert_chain_size)
{
    const wl_cert_chain_t *p_wl_cert_chain = NULL;
    uint32_t entry_number = 0;
    uint32_t temp_size = 0;

    if(wl_cert_chain == NULL)
    {
        return LE_INVALID_PARAMETER;
    }
    if(!sgx_is_within_enclave(wl_cert_chain, wl_cert_chain_size))
        return LE_INVALID_PARAMETER;
    p_wl_cert_chain = (const wl_cert_chain_t *)wl_cert_chain;
    // First compare wl_cert_chain_size with the minimal size of cert chain.
    // It should have at least one entry of mrsigner.
    if(wl_cert_chain_size < sizeof(wl_cert_chain_t)
                            + sizeof(sgx_measurement_t)
                            + sizeof(sgx_ec256_signature_t))
    {
        return LE_INVALID_PARAMETER;
    }
    entry_number = p_wl_cert_chain->wl_cert.entry_number;
    entry_number = _ntohl(entry_number);
    // limits max MRSIGNER entry number in
    // WL Cert to be <= 512
    if(entry_number > LE_MAX_MRSIGNER_NUMBER)
    {
        return LE_INVALID_PARAMETER;
    }
    temp_size =  static_cast<uint32_t>(sizeof(wl_cert_chain_t)
                 + sizeof(sgx_ec256_signature_t)
                 + (sizeof(sgx_measurement_t) * entry_number));
    if(wl_cert_chain_size != temp_size)
    {
        return LE_INVALID_PARAMETER;
    }
    return le_init_white_list(p_wl_cert_chain, entry_number, wl_cert_chain_size);
}
Esempio n. 12
0
File: tcp_out.c Progetto: 0xcc/tapip
void tcp_send_syn(struct tcp_sock *tsk, struct tcp_segment *seg)
{
	/*
	 * SYN-SENT:
	 */
	struct tcp *otcp;
	struct pkbuf *opkb;

	opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
	/* fill tcp head */
	otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
	otcp->src = tsk->sk.sk_sport;
	otcp->dst = tsk->sk.sk_dport;
	otcp->doff = TCP_HRD_DOFF;
	otcp->seq = _htonl(tsk->iss);
	otcp->syn = 1;
	otcp->window = _htons(tsk->rcv_wnd);
	tcpdbg("send SYN(%u) [WIN %d] to "IPFMT":%d",
			_ntohl(otcp->seq), _ntohs(otcp->window),
			ipfmt(tsk->sk.sk_daddr), _ntohs(otcp->dst));
	tcp_send_out(tsk, opkb, seg);
}
Esempio n. 13
0
File: tcp_out.c Progetto: 0xcc/tapip
/*
 * Acknowledgment algorithm is not stated directly in RFC 793,
 * but we can conclude it from all acknowledgment situation.
 */
void tcp_send_ack(struct tcp_sock *tsk, struct tcp_segment *seg)
{
	/*
	 * SYN-SENT :
	 *         SEG: SYN, acceptable ACK, no RST   (SND.NXT = SEG.SEQ+1)
	 *         <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
	 * SYN-RECEIVED / ESTABLISHED  / FIN-WAIT-1   / FIN-WAIT-2   /
	 * CLOSE-WAIT   / CLOSING      / LAST-ACK     / TIME-WAIT    :
	 *         SEG: no RST, ??ACK, ??SYN        (segment is not acceptable)
	 *         <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
	 * ESTABLISHED  / FIN-WAIT-1  / FIN-WAIT-2  / process the segment text:
	 *         SEG: ACK, no RST
	 *         <SEQ=SND.NXT><ACK=RCV.NXT><CTL=ACK>
	 *         (This acknowledgment should be piggybacked on a segment being
	 *          transmitted if possible without incurring undue delay.)
	 */
	struct tcp *otcp, *tcphdr = seg->tcphdr;
	struct pkbuf *opkb;

	if (tcphdr->rst)
		return;
	opkb = alloc_pkb(ETH_HRD_SZ + IP_HRD_SZ + TCP_HRD_SZ);
	/* fill tcp head */
	otcp = (struct tcp *)pkb2ip(opkb)->ip_data;
	otcp->src = tcphdr->dst;
	otcp->dst = tcphdr->src;
	otcp->doff = TCP_HRD_DOFF;
	otcp->seq = _htonl(tsk->snd_nxt);
	otcp->ackn = _htonl(tsk->rcv_nxt);
	otcp->ack = 1;
	otcp->window = _htons(tsk->rcv_wnd);
	tcpdbg("send ACK(%u) [WIN %d] to "IPFMT":%d",
			_ntohl(otcp->ackn), _ntohs(otcp->window),
			ipfmt(seg->iphdr->ip_src), _ntohs(otcp->dst));
	tcp_send_out(tsk, opkb, seg);
}
Esempio n. 14
0
//Function to read the first tlv info from msg and return length in bytes of the TLV header (so it provides offset of TLV payload)
// the function return 0 on error
static uint32_t read_tlv_info(const tlv_msg_t& msg, tlv_info_t *info)
{
    if(msg.msg_size<SMALL_TLV_HEADER_SIZE){//The TLV header has at least 4 bytes
        return 0;
    }
    //read TLV type and version, the highest bit of type to tell whether size is 2 or 4 bytes is removed
    info->type = GET_TLV_TYPE(msg.msg_buf[0]);
    info->version = msg.msg_buf[1];
    if(IS_FOUR_BYTES_SIZE_TYPE(msg.msg_buf[0])){//four bytes or two bytes of size
        if(msg.msg_size<LARGE_TLV_HEADER_SIZE)return 0;
        (void)memcpy_s(&info->size, sizeof(info->size), &msg.msg_buf[2], sizeof(uint32_t));
        info->size = _ntohl(info->size);
        info->payload = msg.msg_buf+LARGE_TLV_HEADER_SIZE;
        info->header_size = LARGE_TLV_HEADER_SIZE;
        return LARGE_TLV_HEADER_SIZE;//6 bytes TLV header
    }else{
        uint16_t size = 0;
        (void)memcpy_s(&size, sizeof(uint16_t), &msg.msg_buf[2], sizeof(uint16_t)); 
        info->size = (uint32_t)_ntohs(size); //reorder to form little endian size value and extended by 0
        info->payload = msg.msg_buf+SMALL_TLV_HEADER_SIZE;
        info->header_size = SMALL_TLV_HEADER_SIZE;
        return SMALL_TLV_HEADER_SIZE; //4 bytes TLV header
    }
}
Esempio n. 15
0
CAddress::CAddress(uint32 IP) // must be same as with Qt
{
	m_eAF = IPv4;
	IP = _ntohl(IP);
	memcpy(m_IP, &IP, Len());
}
Esempio n. 16
0
File: nbt.cpp Progetto: Zahl/mcmap
void NBT_Tag::parseData(uint8_t* &position, const uint8_t *end, string *name)
{
	// position should now point to start of data (for named tags, right after the name)
	//fprintf(stderr, "Have Tag of type %d\n", (int)_type);
	switch (_type) {
	case tagCompound:
		_elems = new tagmap;
		while (*position != 0 && position < end) { // No end tag, go on...
			//fprintf(stderr, "Having a child....*plopp*..\n");
			string thisname;
			NBT_Tag *tmp = new NBT_Tag(position, end, thisname);
			if (position == NULL) {
				//fprintf(stderr, "DELETE tmp in compound because of invalid\n");
				delete tmp;
				return;
			}
			if (name != NULL) {
				//fprintf(stderr, " ** Adding %s to %s\n", thisname.c_str(), name->c_str());
			}
			(*_elems)[thisname] = tmp;
		}
		++position;
		break;
	case tagList: {
		if (*position < 0 || *position > 11) {
			//fprintf(stderr, "Invalid list type!\n");
			position = NULL;
			return;
		}
		TagType type = (TagType)*position;
		uint32_t count = _ntohl(position+1);
		position += 5;
		_list = new list<NBT_Tag *>;
		//fprintf(stderr, "List contains %d elements of type %d\n", (int)count, (int)type);
		while (count-- && position < end) { // No end tag, go on...
			NBT_Tag *tmp = new NBT_Tag(position, end, type);
			if (position == NULL) {
				//fprintf(stderr, "DELETE tmp in list because of invalid\n");
				delete tmp;
				return;
			}
			_list->push_back(tmp);
		}
	}
	break;
	case tagByte:
		_data = position;
		position += 1;
		break;
	case tagShort:
		_data = position;
		position += 2;
		break;
	case tagInt:
		_data = position;
		position += 4;
		break;
	case tagLong:
		_data = position;
		position += 8;
		break;
	case tagFloat:
		_data = position;
		position += 4;
		break;
	case tagDouble:
		_data = position;
		position += 8;
		break;
	case tagByteArray:
		_len = _ntohl(position);
		//fprintf(stderr, "Array size is %d\n", (int)_len);
		if (position + _len + 4 >= end) {
			printf("ByteArray too long by %d bytes!\n", int((position + _len + 4) - end));
			position = NULL;
			return;
		}
		_data = position + 4;
		position += 4 + _len;
		break;
	case tagString:
		_len = _ntohs(position);
		//fprintf(stderr, "Stringlen is %d\n", (int)_len);
		if (position + _len + 2 >= end) {
			//fprintf(stderr, "Too long!\n");
			position = NULL;
			return;
		}
		_data = position;
		position += 2 + _len;
		break;
	case tagIntArray:
		_len = _ntohl(position) * 4;
		//fprintf(stderr, "Array size is %d\n", (int)_len);
		if (position + _len + 4 >= end) {
			printf("IntArray too long by %d bytes!\n", int((position + _len + 4) - end));
			position = NULL;
			return;
		}
		_data = position + 4;
		position += 4 + _len;
		break;
	case tagUnknown:
	default:
		printf("UNKNOWN TAG_ %d!\n", (int)_type);
		position = NULL;
		break;
	}
}
Esempio n. 17
0
/*
 * Internal function used to init white list. It will check the content of the
 * cert chain, and verify the signature of input cert chains. If no problem,
 * it will cache the input white list into EPC.
 *
 * @param p_wl_cert_chain[in] Pointer to the white list cert chain.
 * @param entry_number[in] The entry number within the white list.
 * @param wl_cert_chain_size[in] The size of white list cert chain, in bytes.
 * @return uint32_t AE_SUCCESS for success, otherwise for errors.
 */
uint32_t le_init_white_list(
    const wl_cert_chain_t *p_wl_cert_chain,
    uint32_t entry_number,
    uint32_t wl_cert_chain_size)
{
    sgx_status_t sgx_ret = SGX_SUCCESS;
    uint32_t ret = AE_SUCCESS;
    uint32_t new_wl_version = 0;
    uint8_t verify_result = 0;
    int valid = 0;
    const uint8_t *buf = NULL;
    uint32_t buf_size = 0;
    sgx_prod_id_t wl_prod_id = 0;
    sgx_ecc_state_handle_t ecc_handle = NULL;
    wl_cert_t *p_wl_cert_cache = (wl_cert_t *)g_wl_cert_buf;
    sgx_report_t report;
    sgx_ec256_signature_t wl_signature;
    sgx_ec256_public_t wl_pubkey;


    // Check fields of provider cert
    // Format version should be 1 (big endian)
    if(p_wl_cert_chain->wl_provider_cert.version != WL_PROVIDER_CERT_VERSION)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }
    // For Enclave Signing Key White List Cert, must be 0
    if(p_wl_cert_chain->wl_provider_cert.cert_type != WL_PROVIDER_CERT_TYPE)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }
    // only one White List Provider is approved:
    // WLProviderID: ISecG = 0
    if(p_wl_cert_chain->wl_provider_cert.provider_id != WL_PROVIDER_CERT_PROVIDER_ID)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }
    // only one WLRootID is valid: WLRootID-iKGF-Key-0 = 0
    if(p_wl_cert_chain->wl_provider_cert.root_id != WL_PROVIDER_CERT_ROOT_ID)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    // Check fields of wl cert
    // only valid version is 1
    if(p_wl_cert_chain->wl_cert.version != WL_CERT_VERSION)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }
    // For Enclave Signing Key White List Cert, must be 1
    if(p_wl_cert_chain->wl_cert.cert_type != WL_CERT_TYPE)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }
    // only one White List Provider is approved:
    // WLProviderID: ISecG = 0
    if(p_wl_cert_chain->wl_cert.provider_id != WL_CERT_PROVIDER_ID)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    // If cache exists
    new_wl_version = p_wl_cert_chain->wl_cert.wl_version;
    new_wl_version = _ntohl(new_wl_version);
    if(p_wl_cert_cache->version != 0)
    {
        // the logic will be needed to support more than
        // one providers in the future.
        //if(p_wl_cert_chain->wl_cert.provider_id
        //   != p_wl_cert_cache->provider_id)
        //{
        //    ret = LE_INVALID_PARAMETER;
        //    goto CLEANUP;
        //}
        if(new_wl_version < p_wl_cert_cache->wl_version)
        {
            ret = LE_INVALID_PARAMETER;
            goto CLEANUP;
        }
    }

    sgx_ret = sgx_ecc256_open_context(&ecc_handle);
    if (SGX_SUCCESS != sgx_ret)
    {
        ret = LE_UNEXPECTED_ERROR;
        goto CLEANUP;
    }

    memset(&wl_signature, 0, sizeof(wl_signature));
    // Convert the signature of provider cert into little endian
    memcpy(&wl_signature,
           &(p_wl_cert_chain->wl_provider_cert.signature),
           sizeof(wl_signature));
    SWAP_ENDIAN_8X32B(wl_signature.x);
    SWAP_ENDIAN_8X32B(wl_signature.y);

    // Verify the wl provider cert
    buf = (const uint8_t *)&(p_wl_cert_chain->wl_provider_cert);
    buf_size = static_cast<uint32_t>(sizeof(p_wl_cert_chain->wl_provider_cert)
               - sizeof(p_wl_cert_chain->wl_provider_cert.signature));
    sgx_ret = sgx_ecdsa_verify(buf, buf_size,
                               &g_wl_root_pubkey,
                               &wl_signature,
                               &verify_result,
                               ecc_handle);
    if (SGX_SUCCESS != sgx_ret)
    {
        ret = LE_UNEXPECTED_ERROR;
        goto CLEANUP;
    }
    if(SGX_EC_VALID != verify_result)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    // Convert the signature of wl cert into little endian
    buf = (const uint8_t *)p_wl_cert_chain + wl_cert_chain_size
          - sizeof(wl_signature);
    memcpy(&wl_signature, buf, sizeof(wl_signature));
    SWAP_ENDIAN_8X32B(wl_signature.x);
    SWAP_ENDIAN_8X32B(wl_signature.y);

    // Convert the pubkey into little endian
    memset(&wl_pubkey, 0, sizeof(wl_pubkey));
    memcpy(&wl_pubkey,
           &(p_wl_cert_chain->wl_provider_cert.pub_key),
           sizeof(wl_pubkey));
    reverse_byte_array(wl_pubkey.gx, sizeof(wl_pubkey.gx));
    reverse_byte_array(wl_pubkey.gy, sizeof(wl_pubkey.gy));

    // Check whether the pubkey is valid first.
    sgx_ret = sgx_ecc256_check_point(&wl_pubkey, ecc_handle, &valid);
    if(SGX_SUCCESS != sgx_ret)
    {
        ret = LE_UNEXPECTED_ERROR;
        goto CLEANUP;
    }
    if(!valid)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    // Verify the wl_cert
    buf = (const uint8_t *)&(p_wl_cert_chain->wl_cert);
    buf_size = wl_cert_chain_size - static_cast<uint32_t>(sizeof(wl_provider_cert_t) + sizeof(sgx_ec256_signature_t));
    sgx_ret = sgx_ecdsa_verify(buf, buf_size,
                               &wl_pubkey,
                               &wl_signature,
                               &verify_result,
                               ecc_handle);
    if (SGX_SUCCESS != sgx_ret)
    {
        ret = LE_UNEXPECTED_ERROR;
        goto CLEANUP;
    }
    if(SGX_EC_VALID != verify_result)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    memset(&report, 0, sizeof(report));
    // Create report to get current mrsigner.
    sgx_ret = sgx_create_report(NULL, NULL, &report);
    if(SGX_SUCCESS != sgx_ret)
    {
        ret = LE_UNEXPECTED_ERROR;
        goto CLEANUP;
    }

    // Convert the big endian prod id to little endian.
    wl_prod_id = p_wl_cert_chain->wl_cert.le_prod_id;
    wl_prod_id = _ntohs(wl_prod_id);
    if(report.body.isv_prod_id != wl_prod_id)
    {
        ret = LE_INVALID_PARAMETER;
        goto CLEANUP;
    }

    // Cache the wl cert
    memset(g_wl_cert_buf, 0, sizeof(g_wl_cert_buf));
    memcpy(g_wl_cert_buf, &(p_wl_cert_chain->wl_cert), buf_size);
    // Change entry_number and wl_version to little endian, so we don't need to
    // convert them next time.
    p_wl_cert_cache->entry_number = entry_number;
    p_wl_cert_cache->wl_version = new_wl_version;

CLEANUP:
    if(ecc_handle != NULL)
    {
        sgx_ecc256_close_context(ecc_handle);
    }
    return ret;

}
Esempio n. 18
0
uint32_t Packet::nanoSeconds() const {
	return _ntohl(packet.header.nsec);
}
Esempio n. 19
0
time_t Packet::seconds() const {
	return _ntohl(packet.header.sec);
}
Esempio n. 20
0
uint32_t Packet::commandArg() const {
	if (packetType() != PACKET_COMMAND)
		return 0;
	return _ntohl(packet.data.command.arg);
}