ae_error_t EPIDBlob::read(epid_blob_with_cur_psvn_t& blob) { ae_error_t ae_ret = AE_FAILURE; if(status == not_initialized){ uint32_t data_size = sizeof(blob_cache); if((ae_ret=aesm_read_data(FT_PERSISTENT_STORAGE, EPID_DATA_BLOB_FID, reinterpret_cast<uint8_t *>(&blob_cache), &data_size))!=AE_SUCCESS){ goto CLEANUP_READ_FILE; } if( data_size != sizeof(blob_cache) ) { ae_ret = QE_EPIDBLOB_ERROR; goto CLEANUP_READ_FILE; } status = update_to_date; CLEANUP_READ_FILE: if(status!=update_to_date) status = not_available;//epid blob lost } if(status == update_to_date){ if(memcpy_s(&blob, sizeof(blob), &blob_cache, sizeof(blob_cache))!=0){ status = not_available; //invalid ae_ret = AE_FAILURE; }else{ ae_ret = AE_SUCCESS; } } return ae_ret; }
ae_error_t EndpointSelectionInfo::verify_file_by_xgid(uint32_t xgid) { if (xgid == DEFAULT_EGID){//always return true for DEFAULT_EGID return AE_SUCCESS; } aesm_server_url_infos_t urls; uint32_t server_urls_size = sizeof(urls); ae_error_t ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&urls), &server_urls_size, xgid); if (AE_SUCCESS != ae_err || server_urls_size != sizeof(urls) || !is_valid_server_url_infos(urls)){ return OAL_CONFIG_FILE_ERROR; } return AE_SUCCESS; }
ae_error_t XEGDBlob::verify_xegd_by_xgid(uint32_t xgid) { extended_epid_group_blob_t blob; if (xgid == DEFAULT_EGID){//always return success for default xgid return AE_SUCCESS; } uint32_t data_size = sizeof(blob); ae_error_t ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast<uint8_t *>(&blob), &data_size, xgid); if (AE_SUCCESS != ae_ret){ return ae_ret; } if (data_size != sizeof(blob)){ return OAL_CONFIG_FILE_ERROR; } ae_ret = verify(blob); return ae_ret; }
ae_error_t AESMLogic::save_unverified_white_list(const uint8_t *white_list_cert, uint32_t white_list_cert_size) { wl_cert_chain_t old_cert; const wl_cert_chain_t *p_new_cert = reinterpret_cast<const wl_cert_chain_t *>(white_list_cert); uint32_t old_cert_size = sizeof(old_cert); memset(&old_cert, 0, sizeof(old_cert)); if((aesm_read_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, reinterpret_cast<uint8_t *>(&old_cert), &old_cert_size) == AE_SUCCESS) && (old_cert_size == sizeof(old_cert)) && (white_list_cert_size >= sizeof(wl_cert_chain_t))) { if(_ntohl(p_new_cert->wl_cert.wl_version) <= _ntohl(old_cert.wl_cert.wl_version)) { AESM_DBG_WARN("White list version downgraded! current version is %d, new version is %d", _ntohl(old_cert.wl_cert.wl_version), _ntohl(p_new_cert->wl_cert.wl_version)); return OAL_PARAMETER_ERROR; // OAL_PARAMETER_ERROR used here is to indicate the white list is incorrect } } return aesm_write_data(FT_PERSISTENT_STORAGE, AESM_WHITE_LIST_CERT_TO_BE_VERIFY_FID, white_list_cert, white_list_cert_size); }
ae_error_t EndpointSelectionInfo::read_pek(endpoint_selection_infos_t& es_info) { ae_error_t ae_err=AE_SUCCESS; uint32_t es_info_size = sizeof(es_info); ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, PROVISION_PEK_BLOB_FID, reinterpret_cast<uint8_t *>(&es_info), &es_info_size); if(AE_SUCCESS == ae_err && (es_info_size != sizeof(es_info)||!is_valid_endpoint_selection_info(es_info))){ AESM_DBG_ERROR("Invalid ES result in persistent storage:size %d, expected size %d", es_info_size, sizeof(es_info)); ae_err = OAL_FILE_ACCESS_ERROR; } if(AE_SUCCESS == ae_err){ AESM_DBG_INFO("Read ES result from persistent storage successfully"); }else{ AESM_DBG_WARN("ES result in persistent storage failed to load:%d", ae_err); } return ae_err; }
ae_error_t XEGDBlob::read(extended_epid_group_blob_t& blob) { ae_error_t ae_ret = AE_FAILURE; if(status == not_initialized){ uint32_t data_size = sizeof(blob_cache); if ((ae_ret = aesm_read_data(FT_PERSISTENT_STORAGE, EXTENDED_EPID_GROUP_BLOB_INFO_FID, reinterpret_cast<uint8_t *>(&blob_cache), &data_size, AESMLogic::get_active_extended_epid_group_id())) != AE_SUCCESS){ goto CLEANUP_READ_FILE; } if (data_size != sizeof(blob_cache)){ ae_ret = OAL_CONFIG_FILE_ERROR; goto CLEANUP_READ_FILE; } ae_ret = verify(blob_cache); if (AE_SUCCESS != ae_ret){ AESM_DBG_ERROR("signature error in XEGD file"); goto CLEANUP_READ_FILE; } status = update_to_date; CLEANUP_READ_FILE: if (status != update_to_date){ if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){ memset(&blob_cache, 0, sizeof(blob_cache));//indicate other part to use default data status = update_to_date; } else{ status = not_available;//xegd blob lost } } } if(status == update_to_date){ if(memcpy_s(&blob, sizeof(blob), &blob_cache, sizeof(blob_cache))!=0){ status = not_available; //invalid ae_ret = AE_FAILURE; }else{ ae_ret = AE_SUCCESS; } } return ae_ret; }
//Function to read urls from configure files ae_error_t EndpointSelectionInfo::get_url_info() { ae_error_t ae_err=AE_SUCCESS; uint32_t server_urls_size = sizeof(_server_urls); ae_err = aesm_read_data(FT_PERSISTENT_STORAGE, AESM_SERVER_URL_FID, reinterpret_cast<uint8_t *>(&_server_urls), &server_urls_size, AESMLogic::get_active_extended_epid_group_id()); if(AE_SUCCESS != ae_err || server_urls_size != sizeof(_server_urls)|| !is_valid_server_url_infos(_server_urls)){ //If fail to read or data format error, use default value _is_server_url_valid = false; if(AE_SUCCESS == ae_err){//File available but format error, report ERROR LOG AESM_LOG_WARN("Server URL Blob file format error"); AESM_DBG_INFO("fail to read server url info from persistent storage, error code (%d), size %d, expected size %d", ae_err, server_urls_size, sizeof(_server_urls)); ae_err = OAL_CONFIG_FILE_ERROR; }else{ AESM_DBG_INFO("server url blob file not available in persistent storage"); } if (AESMLogic::get_active_extended_epid_group_id() == DEFAULT_EGID){ if (strcpy_s(_server_urls.endpoint_url, MAX_PATH, DEFAULT_URL) != 0) return AE_FAILURE; if (strcpy_s(_server_urls.pse_rl_url, MAX_PATH, DEFAULT_PSE_RL_URL) != 0) return AE_FAILURE; if (strcpy_s(_server_urls.pse_ocsp_url, MAX_PATH, DEFAULT_PSE_OCSP_URL) != 0) return AE_FAILURE; _is_server_url_valid = true; return AE_SUCCESS; } else{ return ae_err; } } _is_server_url_valid = true; return AE_SUCCESS; }
ae_error_t upsePersistentStorage::Read(aesm_data_id_t data_id, upse::Buffer& data) { ae_error_t status = AESM_PSE_PR_PERSISTENT_STORAGE_READ_ERROR; uint8_t* tempData = NULL; do { ae_error_t readError; uint32_t sizeInout; readError = aesm_query_data_size(FT_PERSISTENT_STORAGE, data_id, &sizeInout); if ((readError != AE_SUCCESS) || (sizeInout == 0)) { break; } tempData = (uint8_t*) malloc(sizeInout); if (tempData == NULL) { break; } readError = aesm_read_data(FT_PERSISTENT_STORAGE, data_id, tempData, &sizeInout); if (AE_SUCCESS != readError) { break; } data.Alloc(sizeInout); upse::BufferWriter bw(data); bw.writeRaw(tempData, sizeInout); status = AE_SUCCESS; } while (0); if (NULL != tempData) free(tempData); return status; }