Skip to content

Commit

Permalink
Update SGX format IDs for support of OE reports and raw SGX quotes
Browse files Browse the repository at this point in the history 
Signed-off-by: Shanwei Cen <[email protected]>
  • Loading branch information
@shnwc
shnwc committed Aug 29, 2020
1 parent 8e8c5cb commit 3392e9a
Show file tree
Hide file tree
Showing 17 changed files with 414 additions and 373 deletions.
28 changes: 20 additions & 8 deletions common/attest_plugin.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,8 +49,8 @@ const char* OE_OPTIONAL_CLAIMS[OE_OPTIONAL_CLAIMS_COUNT] = {
static oe_plugin_list_node_t* verifiers = NULL;

// UUID for all OE reports generated by oe_get_report().
static const oe_uuid_t _sgx_ecdsa_report_uuid = {
OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT};
static const oe_uuid_t _uuid_legacy_report_remote = {
OE_FORMAT_UUID_LEGACY_REPORT_REMOTE};

// verify report user data against peer certificate
static oe_result_t verify_sgx_report_user_data(
Expand Down Expand Up @@ -306,7 +306,11 @@ oe_result_t oe_verify_evidence(

if (evidence_buffer_size < sizeof(oe_attestation_header_t) ||
evidence->version != OE_ATTESTATION_HEADER_VERSION)
OE_RAISE(OE_INVALID_PARAMETER);
OE_RAISE_MSG(
OE_INVALID_PARAMETER,
"Invalid attestation header version %d, expected %d",
evidence->version,
OE_ATTESTATION_HEADER_VERSION);

if (endorsements_buffer)
{
Expand All @@ -315,7 +319,11 @@ oe_result_t oe_verify_evidence(

if (endorsements_buffer_size < sizeof(oe_attestation_header_t) ||
endorsements->version != OE_ATTESTATION_HEADER_VERSION)
OE_RAISE(OE_INVALID_PARAMETER);
OE_RAISE_MSG(
OE_INVALID_PARAMETER,
"Invalid attestation header version %d, expected %d",
endorsements->version,
OE_ATTESTATION_HEADER_VERSION);

if (memcmp(
&evidence->format_id,
Expand Down Expand Up @@ -447,7 +455,11 @@ oe_result_t oe_verify_attestation_certificate_with_evidence(
// find the report version
header = (oe_report_header_t*)report;
if (header->version != OE_ATTESTATION_HEADER_VERSION)
OE_RAISE_MSG(OE_INVALID_PARAMETER, "Invalid report version", NULL);
OE_RAISE_MSG(
OE_INVALID_PARAMETER,
"Invalid attestation header version %d, expected %d",
header->version,
OE_ATTESTATION_HEADER_VERSION);

result = oe_verify_evidence(
// The format ID parameter is NULL in this case, as the format ID is
Expand All @@ -466,9 +478,9 @@ oe_result_t oe_verify_attestation_certificate_with_evidence(
else // oid_oe_report or oid_new_oe_report
{
result = oe_verify_evidence(
// The format ID is OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT for all OE
// reports.
&_sgx_ecdsa_report_uuid,
// The format ID is OE_FORMAT_UUID_LEGACY_REPORT_REMOTE for all OE
// reports for remote attestation.
&_uuid_legacy_report_remote,
report,
report_size,
NULL,
Expand Down
17 changes: 17 additions & 0 deletions common/attest_plugin.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,23 @@

OE_EXTERNC_BEGIN

/**
* Note: V1 is OE_REPORT_HEADER_VERSION, for legacy report headers
* of type oe_report_header_t.
*
* V2 is for legacy attestation headers of type oe_attestation_header_t.
* For SGX local and remote attestation, the evidence requires a legacy
* report header of type oe_report_header_t to prefix the SGX report or
* quote.
*
* V3 is the current version. Its also for attestation headers of type
* oe_attestation_header_t. SGX report or quote will not be prefixed with
* a legacy header of type oe_report_header_t.
*
* Only the latest header version is supported.
*/
#define OE_ATTESTATION_HEADER_VERSION (3)

/**
* Evidence header: the structure that the OE SDK runtime puts on top of
* evidence data, when oe_get_evidence() is asked to include the format ID
Expand Down
114 changes: 62 additions & 52 deletions common/sgx/verifier.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@

#include <openenclave/attestation/sgx/evidence.h>
#include <openenclave/attestation/verifier.h>
#include <openenclave/bits/sgx/sgxtypes.h>
#include <openenclave/internal/hexdump.h>
#include <openenclave/internal/plugin.h>
#include <openenclave/internal/raise.h>
Expand Down Expand Up @@ -32,12 +33,13 @@ typedef oe_mutex oe_mutex_t;
#define OE_MUTEX_INITIALIZER OE_H_MUTEX_INITIALIZER
#endif

static const oe_uuid_t _local_uuid = {OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION};
static const oe_uuid_t _ecdsa_uuid = {OE_FORMAT_UUID_SGX_ECDSA_P256};
static const oe_uuid_t _ecdsa_report_uuid = {
OE_FORMAT_UUID_SGX_ECDSA_P256_REPORT};
static const oe_uuid_t _ecdsa_quote_uuid = {
OE_FORMAT_UUID_SGX_ECDSA_P256_QUOTE};
static const oe_uuid_t _uuid_sgx_local_attestation = {
OE_FORMAT_UUID_SGX_LOCAL_ATTESTATION};
static const oe_uuid_t _uuid_sgx_ecdsa = {OE_FORMAT_UUID_SGX_ECDSA};
static const oe_uuid_t _uuid_legacy_report_remote = {
OE_FORMAT_UUID_LEGACY_REPORT_REMOTE};
static const oe_uuid_t _uuid_raw_sgx_quote_ecdsa = {
OE_FORMAT_UUID_RAW_SGX_QUOTE_ECDSA};

static oe_result_t _on_register(
oe_attestation_role_t* context,
Expand Down Expand Up @@ -111,17 +113,16 @@ static oe_result_t _get_input_time(
}

static oe_result_t _verify_local_report(
const uint8_t* evidence_buffer,
size_t evidence_buffer_size)
const uint8_t* report_body,
size_t report_body_size)
{
// Do a normal report verification on the enclave side.
// Local report verification is unsupported for host side.
#ifdef OE_BUILD_ENCLAVE
return oe_verify_report_internal(
evidence_buffer, evidence_buffer_size, NULL);
return oe_verify_raw_sgx_report(report_body, report_body_size);
#else
OE_UNUSED(evidence_buffer);
OE_UNUSED(evidence_buffer_size);
OE_UNUSED(report_body);
OE_UNUSED(report_body_size);
return OE_UNSUPPORTED;
#endif
}
Expand Down Expand Up @@ -577,36 +578,35 @@ static oe_result_t _verify_evidence(
// Check the datetime policy if it exists.
OE_CHECK(_get_input_time(policies, policies_size, &time));

if (!memcmp(format_id, &_local_uuid, sizeof(oe_uuid_t)))
if (!memcmp(format_id, &_uuid_sgx_local_attestation, sizeof(oe_uuid_t)))
{
// evidence_buffer has oe_report_header_t header,
// followed by an SGX report for local attestation.
oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;
// evidence_buffer has an SGX report for local attestation
// followed by an optional custom claims buffer.
// Note: sgx_report_t has no field that can be checked quickly
// to verify it being an SGX report.

if (evidence_buffer_size < sizeof(*report) ||
report->version != OE_REPORT_HEADER_VERSION ||
report->report_type != OE_REPORT_TYPE_SGX_LOCAL)
if (evidence_buffer_size < sizeof(sgx_report_t))
OE_RAISE(OE_INVALID_PARAMETER);

format_type = SGX_FORMAT_TYPE_LOCAL;
}
else if (!memcmp(format_id, &_ecdsa_uuid, sizeof(oe_uuid_t)))
else if (!memcmp(format_id, &_uuid_sgx_ecdsa, sizeof(oe_uuid_t)))
{
// evidence_buffer has oe_report_header_t header,
// followed by an SGX ECDSA-p256 quote.
oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;
// evidence_buffer has an SGX ECDSA-p256 quote
// followed by an optional custom claims buffer.
sgx_quote_t* quote = (sgx_quote_t*)evidence_buffer;

if (evidence_buffer_size < sizeof(*report) ||
report->version != OE_REPORT_HEADER_VERSION ||
report->report_type != OE_REPORT_TYPE_SGX_REMOTE)
if (evidence_buffer_size < sizeof(*quote) + quote->signature_len ||
quote->version != SGX_QE3_QUOTE_VERSION ||
quote->sign_type != SGX_QL_ALG_ECDSA_P256)
OE_RAISE(OE_INVALID_PARAMETER);

format_type = SGX_FORMAT_TYPE_REMOTE;
}
else if (!memcmp(format_id, &_ecdsa_report_uuid, sizeof(oe_uuid_t)))
else if (!memcmp(format_id, &_uuid_legacy_report_remote, sizeof(oe_uuid_t)))
{
// evidence_buffer has an oe_report_header_t header,
// followed by an SGX ECDSA-p256 quote.
// evidence_buffer has an oe_report_header_t header
// followed by an SGX report or ECDSA-p256 quote.
oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;

if (evidence_buffer_size < sizeof(*report) ||
Expand All @@ -616,10 +616,17 @@ static oe_result_t _verify_evidence(

format_type = SGX_FORMAT_TYPE_LEGACY_REPORT;
}
else if (!memcmp(format_id, &_ecdsa_quote_uuid, sizeof(oe_uuid_t)))
else if (!memcmp(format_id, &_uuid_raw_sgx_quote_ecdsa, sizeof(oe_uuid_t)))
{
// evidence_buffer has no header.
// It contains a raw SGX ECDSA-p256 quote.
// It holds an SGX ECDSA_p256 quote generated by the Intel SGX DCAP
// or quote-ex library.
sgx_quote_t* quote = (sgx_quote_t*)evidence_buffer;

if (evidence_buffer_size < sizeof(*quote) + quote->signature_len ||
quote->version != SGX_QE3_QUOTE_VERSION ||
quote->sign_type != SGX_QL_ALG_ECDSA_P256)
OE_RAISE(OE_INVALID_PARAMETER);

format_type = SGX_FORMAT_TYPE_RAW_QUOTE;
}
Expand All @@ -630,27 +637,23 @@ static oe_result_t _verify_evidence(
// not including the custom claims section.
if (format_type == SGX_FORMAT_TYPE_LOCAL)
{
oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;

report_body = report->report;
report_body_size = report->report_size;
report_body = evidence_buffer;
report_body_size = sizeof(sgx_report_t);
custom_claims_buffer = report_body + report_body_size;
custom_claims_buffer_size =
evidence_buffer_size - (sizeof(*report) + report_body_size);
custom_claims_buffer_size = evidence_buffer_size - report_body_size;

OE_CHECK(_verify_local_report(
evidence_buffer, report->report_size + sizeof(oe_report_header_t)));
OE_CHECK(_verify_local_report(report_body, report_body_size));
}
else
{
if (format_type == SGX_FORMAT_TYPE_REMOTE)
{
oe_report_header_t* report = (oe_report_header_t*)evidence_buffer;
report_body = report->report;
report_body_size = report->report_size;
sgx_quote_t* quote = (sgx_quote_t*)evidence_buffer;

report_body = evidence_buffer;
report_body_size = sizeof(*quote) + quote->signature_len;
custom_claims_buffer = report_body + report_body_size;
custom_claims_buffer_size =
evidence_buffer_size - (sizeof(*report) + report_body_size);
custom_claims_buffer_size = evidence_buffer_size - report_body_size;
}
else if (format_type == SGX_FORMAT_TYPE_LEGACY_REPORT)
{
Expand Down Expand Up @@ -737,7 +740,10 @@ static oe_result_t _get_format_settings(
if (!context || !settings || !settings_size)
OE_RAISE(OE_INVALID_PARAMETER);

if (!memcmp(&context->base.format_id, &_local_uuid, sizeof(oe_uuid_t)))
if (!memcmp(
&context->base.format_id,
&_uuid_sgx_local_attestation,
sizeof(oe_uuid_t)))
{
#ifdef OE_BUILD_ENCLAVE
// Enclave-side, SGX local attestation is supported
Expand Down Expand Up @@ -771,7 +777,8 @@ static oe_result_t _get_format_settings(
OE_RAISE(OE_UNSUPPORTED);
#endif
}
else if (!memcmp(&context->base.format_id, &_ecdsa_uuid, sizeof(oe_uuid_t)))
else if (!memcmp(
&context->base.format_id, &_uuid_sgx_ecdsa, sizeof(oe_uuid_t)))
{
*settings = NULL;
*settings_size = 0;
Expand Down Expand Up @@ -803,9 +810,12 @@ static oe_result_t _verify_report(
// Host-side, verifies only ECDSA report
if (
#ifdef OE_BUILD_ENCLAVE
!memcmp(&context->base.format_id, &_local_uuid, sizeof(oe_uuid_t)) ||
!memcmp(
&context->base.format_id,
&_uuid_sgx_local_attestation,
sizeof(oe_uuid_t)) ||
#endif
!memcmp(&context->base.format_id, &_ecdsa_uuid, sizeof(oe_uuid_t)))
!memcmp(&context->base.format_id, &_uuid_sgx_ecdsa, sizeof(oe_uuid_t)))
{
#ifdef OE_BUILD_ENCLAVE
OE_CHECK(oe_verify_report_internal(report, report_size, parsed_report));
Expand Down Expand Up @@ -833,12 +843,12 @@ static oe_result_t _get_verifier_plugins(
if (!verifiers || !verifiers_length)
OE_RAISE(OE_INVALID_PARAMETER);

uuids[0] = &_ecdsa_uuid;
uuids[1] = &_ecdsa_report_uuid;
uuids[2] = &_ecdsa_quote_uuid;
uuids[0] = &_uuid_sgx_ecdsa;
uuids[1] = &_uuid_legacy_report_remote;
uuids[2] = &_uuid_raw_sgx_quote_ecdsa;

#ifdef OE_BUILD_ENCLAVE
uuids[3] = &_local_uuid;
uuids[3] = &_uuid_sgx_local_attestation;
uuid_count =
4; // In enclave, local attestation and 3 ECDSA formats are supported.
#else
Expand Down
Loading

0 comments on commit 3392e9a

Please sign in to comment.