Skip to content

Commit c505e61

Browse files
lllyllly
committed
Linux 2.6 Open Source Gold Release
Added support for Reproducible Enclave Build using Docker file. Added support for Intel AVX-512 instructions and Intel SHA Extensions New Instructions (SHA-NI) in trusted libraries. Support both EPID and ECDSA based quote for quoting related interfaces in sgx_uae_service library. Updated key exchange library to support both EPID and ECDSA based remote attestation. Support new interface to check platform information blob from remote attestation response message. Fixed bugs. Signed-off-by: Li, Xun <[email protected]>
1 parent da495bd commit c505e61

File tree

1,571 files changed

+75143
-69505
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,571 files changed

+75143
-69505
lines changed

Makefile

Lines changed: 19 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,8 @@
2828
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
2929
#
3030
#
31-
DCAP_VER?= 1.1
31+
32+
DCAP_VER?= 1.2
3233
DCAP_DOWNLOAD_BASE ?= https://github.com/intel/SGXDataCenterAttestationPrimitives/archive
3334

3435
include buildenv.mk
@@ -74,6 +75,19 @@ deb_pkg: deb_sgx_urts_pkg deb_sgx_enclave_common_pkg deb_sgx_enclave_common_dev_
7475
@$(RM) -f ./linux/installer/deb/*.deb ./linux/installer/deb/*.ddeb
7576
cp `find ./linux/installer/deb/ -name "*.deb" -o -name "*.ddeb"` ./linux/installer/deb/
7677

78+
rpm_sdk_pkg: sdk
79+
./linux/installer/rpm/sdk/build.sh
80+
81+
rpm_psw_pkg: psw
82+
./linux/installer/rpm/psw/build.sh
83+
84+
rpm_psw_dev_pkg:
85+
./linux/installer/rpm/psw-dev/build.sh
86+
87+
rpm_pkg: rpm_sdk_pkg rpm_psw_pkg rpm_psw_dev_pkg
88+
@$(RM) -f ./linux/installer/rpm/*.rpm
89+
cp `find ./linux/installer/rpm/ -name "*.rpm"` ./linux/installer/rpm/
90+
7791
clean:
7892
@$(MAKE) -C sdk/ clean
7993
@$(MAKE) -C psw/ clean
@@ -92,6 +106,10 @@ clean:
92106
@$(RM) -r linux/installer/deb/libsgx-urts/libsgx-urts_*.deb
93107
@$(RM) -r linux/installer/deb/*.deb
94108
@$(RM) -r linux/installer/deb/*.ddeb
109+
@$(RM) -r linux/installer/rpm/sdk/sgxsdk*.rpm
110+
@$(RM) -r linux/installer/rpm/psw/sgxpsw*.rpm
111+
@$(RM) -r linux/installer/rpm/psw-dev/sgxpsw-dev*.rpm
112+
@$(RM) -r linux/installer/rpm/*.rpm
95113
@$(RM) -rf linux/installer/common/psw/output
96114
@$(RM) -rf linux/installer/common/psw/gen_source.py
97115
@$(RM) -rf linux/installer/common/libsgx-enclave-common/output

SampleCode/LocalAttestation/LocalAttestationCode/EnclaveMessageExchange.cpp

Lines changed: 16 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,7 @@ ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
100100
{
101101
return status;
102102
}
103-
103+
104104
//Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
105105
status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
106106
if (status == SGX_SUCCESS)
@@ -171,7 +171,7 @@ ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
171171
{
172172
return status;
173173
}
174-
174+
175175
//get a new SessionID
176176
if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
177177
return status; //no more sessions available
@@ -197,7 +197,7 @@ ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
197197
memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
198198
//Store the session information under the correspoding source enlave id key
199199
g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
200-
200+
201201
return status;
202202
}
203203

@@ -244,10 +244,10 @@ ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
244244

245245
dh_msg3->msg3_body.additional_prop_length = 0;
246246
//Process message 2 from source enclave and obtain message 3
247-
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
248-
dh_msg3,
249-
&sgx_dh_session,
250-
&dh_aek,
247+
sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
248+
dh_msg3,
249+
&sgx_dh_session,
250+
&dh_aek,
251251
&initiator_identity);
252252
if(SGX_SUCCESS != se_ret)
253253
{
@@ -298,7 +298,6 @@ ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id
298298
uint32_t decrypted_data_length;
299299
uint32_t plain_text_offset;
300300
uint8_t l_tag[TAG_SIZE];
301-
size_t max_resp_message_length;
302301
plaintext = (const uint8_t*)(" ");
303302
plaintext_length = 0;
304303

@@ -335,15 +334,15 @@ ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id
335334
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
336335
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
337336
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
338-
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
337+
sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
339338
&(req_message->message_aes_gcm_data.payload_tag));
340339

341340
if(SGX_SUCCESS != status)
342341
{
343342
SAFE_FREE(req_message);
344343
return status;
345344
}
346-
345+
347346
//Allocate memory for the response payload to be copied
348347
*out_buff = (char*)malloc(max_out_buff_size);
349348
if(!*out_buff)
@@ -384,15 +383,6 @@ ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id
384383
return ATTESTATION_SE_ERROR;
385384
}
386385

387-
max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
388-
389-
if(sizeof(resp_message) > max_resp_message_length)
390-
{
391-
SAFE_FREE(req_message);
392-
SAFE_FREE(resp_message);
393-
return INVALID_PARAMETER_ERROR;
394-
}
395-
396386
//Code to process the response message from the Destination Enclave
397387

398388
decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
@@ -409,12 +399,12 @@ ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id
409399
memset(decrypted_data, 0, decrypted_data_length);
410400

411401
//Decrypt the response message payload
412-
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
402+
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
413403
decrypted_data_length, decrypted_data,
414404
reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
415-
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
405+
sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
416406
&resp_message->message_aes_gcm_data.payload_tag);
417-
407+
418408
if(SGX_SUCCESS != status)
419409
{
420410
SAFE_FREE(req_message);
@@ -515,10 +505,10 @@ ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
515505
memset(decrypted_data, 0, decrypted_data_length);
516506

517507
//Decrypt the request message payload from source enclave
518-
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
508+
status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
519509
decrypted_data_length, decrypted_data,
520510
reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
521-
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
511+
sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
522512
&req_message->message_aes_gcm_data.payload_tag);
523513

524514
if(SGX_SUCCESS != status)
@@ -565,7 +555,7 @@ ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
565555
SAFE_FREE(decrypted_data);
566556
return INVALID_REQUEST_TYPE_ERROR;
567557
}
568-
558+
569559

570560
if(resp_data_length > max_payload_size)
571561
{
@@ -607,7 +597,7 @@ ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
607597
status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
608598
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
609599
reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
610-
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
600+
sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
611601
&(temp_resp_message->message_aes_gcm_data.payload_tag));
612602

613603
if(SGX_SUCCESS != status)

0 commit comments

Comments
 (0)