[Assignment-7] add SGX sample code from VM

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.config.xml

@@ -0,0 +1,11 @@
+<EnclaveConfiguration>
+	<ProdID>0</ProdID>
+	<ISVSVN>0</ISVSVN>
+	<StackMaxSize>0x40000</StackMaxSize>
+	<HeapMaxSize>0x100000</HeapMaxSize>
+	<TCSNum>1</TCSNum>
+	<TCSPolicy>1</TCSPolicy>
+	<DisableDebug>0</DisableDebug>
+	<MiscSelect>0</MiscSelect>
+	<MiscMask>0xFFFFFFFF</MiscMask>
+</EnclaveConfiguration>

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.cpp

@@ -0,0 +1,311 @@
+#include <stdarg.h>
+#include <stdio.h>
+
+#include <assert.h>
+#include "isv_enclave_t.h"
+#include "sgx_tkey_exchange.h"
+#include "sgx_tcrypto.h"
+#include "string.h"
+
+// This is the public EC key of the SP. The corresponding private EC key is
+// used by the SP to sign data used in the remote attestation SIGMA protocol
+// to sign channel binding data in MSG2. A successful verification of the
+// signature confirms the identity of the SP to the ISV app in remote
+// attestation secure channel binding. The public EC key should be hardcoded in
+// the enclave or delivered in a trustworthy manner. The use of a spoofed public
+// EC key in the remote attestation with secure channel binding session may lead
+// to a security compromise. Every different SP the enlcave communicates to
+// must have a unique SP public key. Delivery of the SP public key is
+// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key
+// based on NIST P-256
+static const sgx_ec256_public_t g_sp_pub_key = {
+    {
+        0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf,
+        0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad,
+        0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d,
+        0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38
+    },
+    {
+        0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b,
+        0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2,
+        0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28,
+        0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06
+    }
+
+};
+
+
+#ifdef SUPPLIED_KEY_DERIVATION
+
+#pragma message ("Supplied key derivation function is used.")
+
+typedef struct _hash_buffer_t {
+    uint8_t counter[4];
+    sgx_ec256_dh_shared_t shared_secret;
+    uint8_t algorithm_id[4];
+} hash_buffer_t;
+
+const char ID_U[] = "SGXRAENCLAVE";
+const char ID_V[] = "SGXRASERVER";
+
+// Derive two keys from shared key and key id.
+bool derive_key(
+    const sgx_ec256_dh_shared_t *p_shared_key,
+    uint8_t key_id,
+    sgx_ec_key_128bit_t *first_derived_key,
+    sgx_ec_key_128bit_t *second_derived_key) {
+    sgx_status_t sgx_ret = SGX_SUCCESS;
+    hash_buffer_t hash_buffer;
+    sgx_sha_state_handle_t sha_context;
+    sgx_sha256_hash_t key_material;
+
+    memset(&hash_buffer, 0, sizeof(hash_buffer_t));
+    /* counter in big endian  */
+    hash_buffer.counter[3] = key_id;
+
+    /*convert from little endian to big endian */
+    for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) {
+        hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i];
+    }
+
+    sgx_ret = sgx_sha256_init(&sha_context);
+    if (sgx_ret != SGX_SUCCESS) {
+        return false;
+    }
+    sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context);
+    if (sgx_ret != SGX_SUCCESS) {
+        sgx_sha256_close(sha_context);
+        return false;
+    }
+    sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context);
+    if (sgx_ret != SGX_SUCCESS) {
+        sgx_sha256_close(sha_context);
+        return false;
+    }
+    sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context);
+    if (sgx_ret != SGX_SUCCESS) {
+        sgx_sha256_close(sha_context);
+        return false;
+    }
+    sgx_ret = sgx_sha256_get_hash(sha_context, &key_material);
+    if (sgx_ret != SGX_SUCCESS) {
+        sgx_sha256_close(sha_context);
+        return false;
+    }
+    sgx_ret = sgx_sha256_close(sha_context);
+
+    assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t));
+    memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t));
+    memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t));
+
+    // memset here can be optimized away by compiler, so please use memset_s on
+    // windows for production code and similar functions on other OSes.
+    memset(&key_material, 0, sizeof(sgx_sha256_hash_t));
+
+    return true;
+}
+
+//isv defined key derivation function id
+#define ISV_KDF_ID 2
+
+typedef enum _derive_key_type_t {
+    DERIVE_KEY_SMK_SK = 0,
+    DERIVE_KEY_MK_VK,
+} derive_key_type_t;
+
+sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key,
+                            uint16_t kdf_id,
+                            sgx_ec_key_128bit_t* smk_key,
+                            sgx_ec_key_128bit_t* sk_key,
+                            sgx_ec_key_128bit_t* mk_key,
+                            sgx_ec_key_128bit_t* vk_key) {
+    bool derive_ret = false;
+
+    if (NULL == shared_key) {
+        return SGX_ERROR_INVALID_PARAMETER;
+    }
+
+    if (ISV_KDF_ID != kdf_id) {
+        //fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__);
+        return SGX_ERROR_KDF_MISMATCH;
+    }
+
+    derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK,
+                            smk_key, sk_key);
+    if (derive_ret != true) {
+        //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
+        return SGX_ERROR_UNEXPECTED;
+    }
+
+    derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK,
+                            mk_key, vk_key);
+    if (derive_ret != true) {
+        //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__);
+        return SGX_ERROR_UNEXPECTED;
+    }
+    return SGX_SUCCESS;
+}
+#else
+#pragma message ("Default key derivation function is used.")
+#endif
+
+// This ecall is a wrapper of sgx_ra_init to create the trusted
+// KE exchange key context needed for the remote attestation
+// SIGMA API's. Input pointers aren't checked since the trusted stubs
+// copy them into EPC memory.
+//
+// @param b_pse Indicates whether the ISV app is using the
+//              platform services.
+// @param p_context Pointer to the location where the returned
+//                  key context is to be copied.
+//
+// @return Any error return from the create PSE session if b_pse
+//         is true.
+// @return Any error returned from the trusted key exchange API
+//         for creating a key context.
+
+sgx_status_t enclave_init_ra(
+    int b_pse,
+    sgx_ra_context_t *p_context) {
+    // isv enclave call to trusted key exchange library.
+    sgx_status_t ret;
+    if(b_pse) {
+        int busy_retry_times = 2;
+        do {
+            ret = sgx_create_pse_session();
+        } while (ret == SGX_ERROR_BUSY && busy_retry_times--);
+        if (ret != SGX_SUCCESS)
+            return ret;
+    }
+#ifdef SUPPLIED_KEY_DERIVATION
+    ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context);
+#else
+    ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context);
+#endif
+    if(b_pse) {
+        sgx_close_pse_session();
+        return ret;
+    }
+    return ret;
+}
+
+
+// Closes the tKE key context used during the SIGMA key
+// exchange.
+//
+// @param context The trusted KE library key context.
+//
+// @return Return value from the key context close API
+
+sgx_status_t SGXAPI enclave_ra_close(
+    sgx_ra_context_t context) {
+    sgx_status_t ret;
+    ret = sgx_ra_close(context);
+    return ret;
+}
+
+
+// Verify the mac sent in att_result_msg from the SP using the
+// MK key. Input pointers aren't checked since the trusted stubs
+// copy them into EPC memory.
+//
+//
+// @param context The trusted KE library key context.
+// @param p_message Pointer to the message used to produce MAC
+// @param message_size Size in bytes of the message.
+// @param p_mac Pointer to the MAC to compare to.
+// @param mac_size Size in bytes of the MAC
+//
+// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect.
+// @return Any error produced by tKE  API to get SK key.
+// @return Any error produced by the AESCMAC function.
+// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails.
+
+sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
+                                   uint8_t* p_message,
+                                   size_t message_size,
+                                   uint8_t* p_mac,
+                                   size_t mac_size) {
+    sgx_status_t ret;
+    sgx_ec_key_128bit_t mk_key;
+
+    if(mac_size != sizeof(sgx_mac_t)) {
+        ret = SGX_ERROR_INVALID_PARAMETER;
+        return ret;
+    }
+    if(message_size > UINT32_MAX) {
+        ret = SGX_ERROR_INVALID_PARAMETER;
+        return ret;
+    }
+
+    do {
+        uint8_t mac[SGX_CMAC_MAC_SIZE] = {0};
+
+        ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key);
+        if(SGX_SUCCESS != ret) {
+            break;
+        }
+        ret = sgx_rijndael128_cmac_msg(&mk_key,
+                                       p_message,
+                                       (uint32_t)message_size,
+                                       &mac);
+        if(SGX_SUCCESS != ret) {
+            break;
+        }
+        if(0 == consttime_memequal(p_mac, mac, sizeof(mac))) {
+            ret = SGX_ERROR_MAC_MISMATCH;
+            break;
+        }
+
+    } while(0);
+
+    return ret;
+}
+
+
+sgx_status_t verify_secret_data (
+    sgx_ra_context_t context,
+    uint8_t *p_secret,
+    uint32_t secret_size,
+    uint8_t *p_gcm_mac,
+    uint32_t max_verification_length,
+    uint8_t *p_ret) {
+    sgx_status_t ret = SGX_SUCCESS;
+    sgx_ec_key_128bit_t sk_key;
+
+    do {
+        ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key);
+        if (SGX_SUCCESS != ret) {
+            break;
+        }
+
+        uint8_t *decrypted = (uint8_t*) malloc(sizeof(uint8_t) * secret_size);
+        uint8_t aes_gcm_iv[12] = {0};
+
+        ret = sgx_rijndael128GCM_decrypt(&sk_key,
+                                         p_secret,
+                                         secret_size,
+                                         decrypted,
+                                         &aes_gcm_iv[0],
+                                         12,
+                                         NULL,
+                                         0,
+                                         (const sgx_aes_gcm_128bit_tag_t *) (p_gcm_mac));
+
+        if (SGX_SUCCESS == ret) {
+            if (decrypted[0] == 0) {
+                if (decrypted[1] != 1) {
+                    ret = SGX_ERROR_INVALID_SIGNATURE;
+                }
+            } else {
+                ret = SGX_ERROR_UNEXPECTED;
+            }
+        }
+
+    } while(0);
+
+    return ret;
+}
+
+
+

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.edl

@@ -0,0 +1,38 @@
+enclave {
+    from "sgx_tkey_exchange.edl" import *;
+
+    include "sgx_key_exchange.h"
+    include "sgx_trts.h"
+
+    trusted {
+        public sgx_status_t enclave_init_ra(int b_pse, [out] sgx_ra_context_t *p_context);
+
+        public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
+
+        public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
+													[in,size=message_size] uint8_t* message,
+													size_t message_size,
+													[in,size=mac_size] uint8_t* mac,
+													size_t mac_size);
+
+        public sgx_status_t verify_secret_data(sgx_ra_context_t context,
+												[in,size=secret_size] uint8_t* p_secret,
+												uint32_t secret_size,
+												[in,count=16] uint8_t* gcm_mac,
+												uint32_t max_verification_length,
+												[out, count=16] uint8_t *p_ret);
+    };
+
+};
+
+
+
+
+
+
+
+
+
+
+
+

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.lds

@@ -0,0 +1,8 @@
+enclave.so {
+global:
+    g_global_data_sim;
+    g_global_data;
+    enclave_entry;
+local:
+    *;
+};

Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave_private.pem

@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph
+BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H
+XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU
+trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA
+uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf
+yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU
+vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE
+zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw
+ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F
+I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13
+3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT
+iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/
+oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko
+UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN
+r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q
+4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5
+6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr
+2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti
+QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm
+akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc
+J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO
+J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt
+7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+
+5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A
+IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv
+HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk
+6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+
+hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON
+HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61
+gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I
+D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF
+gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg
+EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI
+TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx
+qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy
+UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI
+9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/
+-----END RSA PRIVATE KEY-----