Esempio n. 1
0
ae_error_t EPIDBlob::read(epid_blob_with_cur_psvn_t& blob)
{
    ae_error_t ae_ret = AE_FAILURE;
    if(status == not_initialized){
        uint32_t data_size = sizeof(blob_cache);
        if((ae_ret=aesm_read_data(FT_PERSISTENT_STORAGE, EPID_DATA_BLOB_FID, reinterpret_cast<uint8_t *>(&blob_cache), &data_size))!=AE_SUCCESS){
            goto CLEANUP_READ_FILE;
        }

        if( data_size != sizeof(blob_cache) )
        {
            ae_ret = QE_EPIDBLOB_ERROR;
            goto CLEANUP_READ_FILE;
        }
        status = update_to_date;
CLEANUP_READ_FILE:
        if(status!=update_to_date)
            status = not_available;//epid blob lost
    }

    if(status == update_to_date){
        if(memcpy_s(&blob, sizeof(blob), &blob_cache, sizeof(blob_cache))!=0){
            status = not_available; //invalid 
            ae_ret = AE_FAILURE;
        }else{
            ae_ret = AE_SUCCESS;
        }
    }
    return ae_ret;
}
Esempio n. 2
0
ae_error_t EndpointSelectionInfo::verify_file_by_xgid(uint32_t xgid)
{
    if (xgid == DEFAULT_EGID){//always return true for DEFAULT_EGID
        return AE_SUCCESS;
    }
    aesm_server_url_infos_t urls;
    uint32_t server_urls_size = sizeof(urls);
    ae_error_t ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&urls), &server_urls_size, xgid);
    if (AE_SUCCESS != ae_err ||
        server_urls_size != sizeof(urls) ||
        !is_valid_server_url_infos(urls)){
        return OAL_CONFIG_FILE_ERROR;
    }
    return AE_SUCCESS;
}
Esempio n. 3
0
ae_error_t XEGDBlob::verify_xegd_by_xgid(uint32_t xgid)
{
    extended_epid_group_blob_t blob;
    if (xgid == DEFAULT_EGID){//always return success for default xgid
        return AE_SUCCESS;
    }
    uint32_t data_size = sizeof(blob);
    ae_error_t ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast<uint8_t *>(&blob), &data_size, xgid);
    if (AE_SUCCESS != ae_ret){
        return ae_ret;
    }
    if (data_size != sizeof(blob)){
        return OAL_CONFIG_FILE_ERROR;
    }
    ae_ret = verify(blob);
    return ae_ret;
}
Esempio n. 4
0
ae_error_t AESMLogic::save_unverified_white_list(const uint8_t *white_list_cert, uint32_t white_list_cert_size)
{
    wl_cert_chain_t old_cert;
    const wl_cert_chain_t *p_new_cert = reinterpret_cast<const wl_cert_chain_t *>(white_list_cert);
    uint32_t old_cert_size = sizeof(old_cert);
    memset(&old_cert, 0, sizeof(old_cert));
    if((aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, reinterpret_cast<uint8_t *>(&old_cert), &old_cert_size) == AE_SUCCESS)
        && (old_cert_size == sizeof(old_cert)) && (white_list_cert_size >= sizeof(wl_cert_chain_t)))
    {
        if(_ntohl(p_new_cert->wl_cert.wl_version) <= _ntohl(old_cert.wl_cert.wl_version))
        {
            AESM_DBG_WARN("White list version downgraded! current version is %d, new version is %d",
                          _ntohl(old_cert.wl_cert.wl_version), _ntohl(p_new_cert->wl_cert.wl_version));
            return OAL_PARAMETER_ERROR;  // OAL_PARAMETER_ERROR used here is to indicate the white list is incorrect
        }
    }
    return aesm_write_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, white_list_cert, white_list_cert_size);
}
Esempio n. 5
0
ae_error_t EndpointSelectionInfo::read_pek(endpoint_selection_infos_t& es_info)
{
    ae_error_t ae_err=AE_SUCCESS;
    uint32_t es_info_size = sizeof(es_info);

    ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, PROVISION_PEK_BLOB_FID, reinterpret_cast<uint8_t *>(&es_info), &es_info_size);

    if(AE_SUCCESS == ae_err && (es_info_size != sizeof(es_info)||!is_valid_endpoint_selection_info(es_info))){
        AESM_DBG_ERROR("Invalid ES result in persistent storage:size %d, expected size %d", es_info_size, sizeof(es_info));
        ae_err = OAL_FILE_ACCESS_ERROR;
    }

    if(AE_SUCCESS == ae_err){
        AESM_DBG_INFO("Read ES result from persistent storage successfully");
    }else{
        AESM_DBG_WARN("ES result in persistent storage failed to load:%d", ae_err);
    }

    return ae_err;
}
Esempio n. 6
0
ae_error_t XEGDBlob::read(extended_epid_group_blob_t& blob)
{
    ae_error_t ae_ret = AE_FAILURE;
    if(status == not_initialized){
        uint32_t data_size = sizeof(blob_cache);
        if ((ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast<uint8_t *>(&blob_cache), &data_size, AESMLogic::get_active_extended_epid_group_id())) != AE_SUCCESS){
            goto CLEANUP_READ_FILE;
        }
        if (data_size != sizeof(blob_cache)){
            ae_ret = OAL_CONFIG_FILE_ERROR;
            goto CLEANUP_READ_FILE;
        }
        ae_ret = verify(blob_cache);
        if (AE_SUCCESS != ae_ret){
            AESM_DBG_ERROR("signature error in XEGD file");
            goto CLEANUP_READ_FILE;
        }
        status = update_to_date;
CLEANUP_READ_FILE:
        if (status != update_to_date){
            if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){
                memset(&blob_cache, 0, sizeof(blob_cache));//indicate other part to use default data
                status = update_to_date;
            }
            else{
                status = not_available;//xegd blob lost
            }
        }
    }
    if(status == update_to_date){
        if(memcpy_s(&blob, sizeof(blob), &blob_cache, sizeof(blob_cache))!=0){
            status = not_available; //invalid
            ae_ret = AE_FAILURE;
        }else{
            ae_ret = AE_SUCCESS;
        }
    }
    return ae_ret;
}
Esempio n. 7
0
//Function to read urls from configure files
ae_error_t EndpointSelectionInfo::get_url_info()
{
    ae_error_t ae_err=AE_SUCCESS;
    uint32_t server_urls_size = sizeof(_server_urls);

    ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&_server_urls), &server_urls_size, AESMLogic::get_active_extended_epid_group_id());

    if(AE_SUCCESS != ae_err || 
        server_urls_size != sizeof(_server_urls)||
        !is_valid_server_url_infos(_server_urls)){ //If fail to read or data format error, use default value
            _is_server_url_valid = false;
            if(AE_SUCCESS == ae_err){//File available but format error, report ERROR LOG
                AESM_LOG_WARN("Server URL Blob file format error");
                AESM_DBG_INFO("fail to read server url info from persistent storage, error code (%d), size %d, expected size %d",
                    ae_err, server_urls_size, sizeof(_server_urls));
                ae_err = OAL_CONFIG_FILE_ERROR;
            }else{
                AESM_DBG_INFO("server url blob file not available in persistent storage");
            }
            if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){
                if (strcpy_s(_server_urls.endpoint_url, MAX_PATH, DEFAULT_URL) != 0)
                    return AE_FAILURE;
                if (strcpy_s(_server_urls.pse_rl_url, MAX_PATH, DEFAULT_PSE_RL_URL) != 0)
                    return AE_FAILURE;
                if (strcpy_s(_server_urls.pse_ocsp_url, MAX_PATH, DEFAULT_PSE_OCSP_URL) != 0)
                    return AE_FAILURE;
                _is_server_url_valid = true;
                return AE_SUCCESS;
            }
            else{
                return ae_err;
            }
    }

    _is_server_url_valid = true;
    return AE_SUCCESS;
}
Esempio n. 8
0
ae_error_t upsePersistentStorage::Read(aesm_data_id_t data_id, upse::Buffer& data)
{
    ae_error_t status = AESM_PSE_PR_PERSISTENT_STORAGE_READ_ERROR;

    uint8_t* tempData = NULL;

    do {
        ae_error_t readError;
        uint32_t sizeInout;
        readError = aesm_query_data_size(FT_PERSISTENT_STORAGE, data_id, &sizeInout);
        if ((readError != AE_SUCCESS) || (sizeInout == 0))
        {
            break;
        }
        tempData = (uint8_t*) malloc(sizeInout);
        if (tempData == NULL)
        {
            break;
        }
        readError = aesm_read_data(FT_PERSISTENT_STORAGE, data_id, tempData, &sizeInout);
        if (AE_SUCCESS != readError)
        {
            break;
        }
        data.Alloc(sizeInout);
        upse::BufferWriter bw(data);
        bw.writeRaw(tempData, sizeInout);

        status = AE_SUCCESS;
    } while (0);

    if (NULL != tempData)
        free(tempData);

    return status;
}