/* * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #ifndef _ENCLAVE_H_ #define _ENCLAVE_H_ #include #include /* * returns the size of the sealed key pair */ int get_sealed_size(); /* * returns the length of the hash used in the signature */ int get_digest_size(); /* * returns the size of the signature created by the enclave */ int get_signature_size(); /* * returns the size of the public key */ int get_public_key_size(); /* * returns the size of the private key */ int get_private_key_size(); /* * @brief generates a secp256r1 key pair and returns it sealed by the TEE * * @param sealed buffer to hold the sealed key pair * @param sealed_size size of the sealed key pair * * @returns SGX_SUCCESS on success, else sgx error code */ sgx_status_t generate_key_pair(uint8_t *sealed, uint32_t sealed_size); /* * @brief returns the public key of the sealed key pair provided to the enclave * * @param sealed buffer containing the sealed key pair * @param sealed_size size of the sealed key pair * @param public_key buffer to hold the public key * * @returns SGX_SUCCESS on success, SGX_ERROR_INVALID_PARAMETER for invalid parameters, else sgx error code */ sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *public_key); /* * @brief signs the firmware provided by an authorized employee * * @param firmware buffer containing the firmware * @param firmware_size size of the sealed key pair * @param sealed buffer containing the sealed key pair * @param sealed_size size of the sealed key pair * @param public_key buffer with the employees public key; holds enclaves public key after successful signing * @param signature buffer with the employees signature; holds the enclaves signature after successful signing * * @returns SGX_SUCCESS on success, SGX_ERROR_INVALID_PARAMETER for invalid parameters, else sgx error code */ sgx_status_t sign_firmware(const uint8_t *firmware, uint32_t firmware_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature); /* * @brief verifies a firmware signature provided by an authorized employee or enclave * * @param firmware buffer containing the firmware * @param firmware_size size of the sealed key pair or NULL * @param sealed buffer containing the sealed key pair * @param sealed_size size of the sealed key pair * @param public_key buffer with the employees public key or NULL * @param signature buffer with the employees signature * * @returns SGX_EC_VALID on success, SGX_EC_INVALID for invalid signatures, SGX_ERROR_INVALID_PARAMETER for invalid parameters, else sgx error code */ sgx_status_t verify_firmware(const uint8_t *firmware, uint32_t firmware_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, const uint8_t *signature); #endif /* !_ENCLAVE_H_ */