diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index d3cd9464..df4264f2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -3,7 +3,7 @@ name: ci on: push: branches: - - 'main' + - "main" pull_request: env: @@ -13,7 +13,7 @@ env: jobs: lint: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable @@ -32,7 +32,7 @@ jobs: check: - advisories - bans licenses sources - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" steps: @@ -45,7 +45,7 @@ jobs: command: check ${{ matrix.check }} sort: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" steps: @@ -55,7 +55,7 @@ jobs: - run: cargo sort --workspace --check >/dev/null clippy: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: @@ -69,7 +69,7 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.20.100.2-jammy1 + version: 1.22.100.3-noble1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -78,7 +78,7 @@ jobs: - run: cargo +${{ matrix.rust }} clippy --all --all-features -- -D warnings -Aclippy::non_canonical_clone_impl build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: @@ -91,10 +91,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.23.100.2 + version: 2.25.100.3 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.20.100.2-jammy1 + version: 1.22.100.3-noble1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -102,7 +102,7 @@ jobs: - run: cargo +${{ matrix.rust }} build --release --locked build-all-features: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: @@ -115,10 +115,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.23.100.2 + version: 2.25.100.3 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.20.100.2-jammy1 + version: 1.22.100.3-noble1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -126,7 +126,7 @@ jobs: - run: cargo +${{ matrix.rust }} build --release --locked --all-features test: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: @@ -139,10 +139,10 @@ jobs: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.23.100.2 + version: 2.25.100.3 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.20.100.2-jammy1 + version: 1.22.100.3-noble1 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ matrix.rust }} @@ -154,7 +154,7 @@ jobs: run: unset SGX_AESM_ADDR && cargo +${{ matrix.rust }} test --release --features "sim alloc" --locked doc: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: @@ -173,17 +173,17 @@ jobs: - run: cargo +${{ matrix.rust }} doc --release --no-deps --features sim coverage: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" steps: - uses: actions/checkout@v4 - uses: mobilecoinfoundation/actions/sgxsdk@main with: - version: 2.23.100.2 + version: 2.25.100.3 - uses: mobilecoinfoundation/actions/dcap-libs@main with: - version: 1.20.100.2-jammy1 + version: 1.22.100.3-noble1 - uses: dtolnay/rust-toolchain@stable with: components: llvm-tools-preview @@ -201,7 +201,7 @@ jobs: # This job ensures that the specified crates are able to build without alloc. By proxy this also ensures that they # build with no_std build-no-alloc: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: - "lint" strategy: diff --git a/Cargo.lock b/Cargo.lock index ce0fd418..2abdde6d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -54,7 +54,7 @@ dependencies = [ "regex", "rustc-hash", "shlex", - "syn 2.0.28", + "syn", "which", ] @@ -169,7 +169,7 @@ dependencies = [ "proc-macro2", "quote", "strsim", - "syn 2.0.28", + "syn", ] [[package]] @@ -180,7 +180,7 @@ checksum = "836a9bbc7ad63342d6d6e7b815ccab164bc77a2d95d84bc3117a8c0d5c98e2d5" dependencies = [ "darling_core", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -198,9 +198,9 @@ dependencies = [ [[package]] name = "der" -version = "0.7.7" +version = "0.7.10" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7ed52955ce76b1554f509074bb357d3fb8ac9b51288a65a3fd480d1dfba946" +checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb" dependencies = [ "const-oid", "der_derive", @@ -211,14 +211,13 @@ dependencies = [ [[package]] name = "der_derive" -version = "0.7.1" +version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "114792ba6b7545d3f3dd693794aed3a312a67795cd577fcc725c148d84fabe32" +checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18" dependencies = [ - "proc-macro-error", "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -235,13 +234,13 @@ dependencies = [ [[package]] name = "displaydoc" -version = "0.2.4" +version = "0.2.5" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "487585f4d0c6655fe74905e2504d8ad6908e4db67f744eb140876906c2f3175d" +checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -911,7 +910,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "92139198957b410250d43fad93e630d956499a625c527eda65175c8680f83387" dependencies = [ "proc-macro2", - "syn 2.0.28", + "syn", ] [[package]] @@ -923,30 +922,6 @@ dependencies = [ "elliptic-curve", ] -[[package]] -name = "proc-macro-error" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "da25490ff9892aab3fcf7c36f08cfb902dd3e71ca0f9f9517bea02a73a5ce38c" -dependencies = [ - "proc-macro-error-attr", - "proc-macro2", - "quote", - "syn 1.0.109", - "version_check", -] - -[[package]] -name = "proc-macro-error-attr" -version = "1.0.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a1be40180e52ecc98ad80b184934baf3d0d29f979574e439af5a55274b35f869" -dependencies = [ - "proc-macro2", - "quote", - "version_check", -] - [[package]] name = "proc-macro2" version = "1.0.64" @@ -1117,7 +1092,7 @@ checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -1139,7 +1114,7 @@ dependencies = [ "darling", "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -1162,7 +1137,7 @@ checksum = "91d129178576168c589c9ec973feedf7d3126c01ac2bf08795109aa35b69fb8f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] @@ -1232,16 +1207,6 @@ version = "2.5.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "81cdd64d312baedb58e21336b31bc043b77e01cc99033ce76ef539f78e965ebc" -[[package]] -name = "syn" -version = "1.0.109" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "72b64191b275b66ffe2469e8af2c1cfe3bafa67b529ead792a6d0160888b4237" -dependencies = [ - "proc-macro2", - "unicode-ident", -] - [[package]] name = "syn" version = "2.0.28" @@ -1497,7 +1462,7 @@ checksum = "74e7573777bff194739148d7ffe000c9c652f1db6dafbb7d3b8475551bd4189d" dependencies = [ "proc-macro2", "quote", - "syn 2.0.28", + "syn", ] [[package]] diff --git a/core/build/headers/sgx_dcap_qae_tvl.h b/core/build/headers/sgx_dcap_qae_tvl.h new file mode 100644 index 00000000..deb456d9 --- /dev/null +++ b/core/build/headers/sgx_dcap_qae_tvl.h @@ -0,0 +1,88 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ +/** + * File: sgx_dcap_qae_tvl.h + * + * Description: Trusted library for app enclave to verify QaE Report and Identity + * + */ +#ifndef __QAE_VERIFICATION_INPUT_T +#define __QAE_VERIFICATION_INPUT_T + +#include "sgx_dcap_qal.h" + +#ifndef _MSC_VER + +typedef enum _tvl_mode_t +{ + APPRAISAL = 1, //should be used along with QVL API `tee_appraise_verification_token` + AUTH_POLICY, //should be used along with QVL API`tee_authenticate_appraisal_result_ex` + AUTH_OWNER //should be used along with QVL API`tee_authenticate_policy_owner` +} tvl_mode_t; + +typedef struct _qae_verification_input_t +{ + tvl_mode_t mode; + union + { + struct + { + char* p_appraisal_jwt; //Pointer to the final appraisal JWT + char* p_qvl_jwt; //Pointer to the QvE output JWT + time_t appraisal_check_date; //The date for appraisal check + uint8_t** p_policies; //Pointer to an array of pointers to individual policies + uint8_t policy_count; //Count of individual policies provided + } appraisal; // APPRAISAL mode + struct + { + char* p_appraisal_jwt; //Pointer to the final appraisal JWT + tee_policy_bundle_t* p_policy_bundle; //Pointer to the policy bundle structure + const uint8_t* p_td_identity; //This parameter should currently be set to NULL; functionality to be implemented in a future release + const uint8_t* p_td_tcb_mapping_table; //This parameter should currently be set to NULL; functionality to be implemented in a future release + tee_policy_auth_result_t* p_result; //Pointer to the result of policy authentication + uint8_t *p_quote; //Optional. Pointer to the quote data + uint32_t quote_size; //quote size, it should be 0 if p_quote is NULL + } auth_policy; // AUTH POLICY mode + struct + { + char* p_appraisal_jwt; //Pointer to the final appraisal JWT + uint8_t** p_policy_key_list; //Points to an array of pointers, with each pointer pointing to a buffer holding a policy signing key + uint8_t key_list_count; //Count of individual policy keys provided + const uint8_t* p_td_identity; //This parameter should currently be set to NULL; functionality to be implemented in a future release + const uint8_t* p_td_tcb_mapping_table; //This parameter should currently be set to NULL; functionality to be implemented in a future release + tee_policy_auth_result_t* p_result; //Pointer to the result of policy authentication + uint8_t * p_quote; //Optional. Pointer to the quote data + uint32_t quote_size; //quote size, it should be 0 if p_quote is NULL + } auth_owner; // AUTH OWNER mode + }input; +} qae_verification_input_t; +#endif +#endif \ No newline at end of file diff --git a/core/build/headers/sgx_dcap_qal.h b/core/build/headers/sgx_dcap_qal.h new file mode 100644 index 00000000..259e06df --- /dev/null +++ b/core/build/headers/sgx_dcap_qal.h @@ -0,0 +1,186 @@ +/** +* Copyright (c) 2017-2022, Intel Corporation +* +* Redistribution and use in source and binary forms, with or without +* modification, are permitted provided that the following conditions are met: +* +* * Redistributions of source code must retain the above copyright notice, +* this list of conditions and the following disclaimer. +* * Redistributions in binary form must reproduce the above copyright +* notice, this list of conditions and the following disclaimer in the +* documentation and/or other materials provided with the distribution. +* * Neither the name of Intel Corporation nor the names of its contributors +* may be used to endorse or promote products derived from this software +* without specific prior written permission. +* +* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +* DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE + +* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +* SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +*/ + +#ifndef _SGX_DCAP_QAL_H_ +#define _SGX_DCAP_QAL_H_ + +#include "sgx_report.h" +#include "sgx_ql_lib_common.h" +#include "sgx_ql_quote.h" +#include + +typedef enum _tee_platform_policy_type_t +{ + DEFAULT_STRICT = 0, + CUSTOMIZED +} tee_platform_policy_type_t; + +typedef struct _tee_platform_policy_t +{ + tee_platform_policy_type_t pt; + const uint8_t* p_policy; +} tee_platform_policy_t; + +typedef struct _tee_policy_bundle_t +{ + const uint8_t *p_tenant_identity_policy; + tee_platform_policy_t platform_policy; + + tee_platform_policy_t tdqe_policy; /* For tdqe. Only for TDX and only need to be set when user uses a seperate tdqe_policy + * instead of an integrated platform_policy including both TDX platform policy and TDQE. */ + + tee_platform_policy_t reserved[2]; /* Reserved for future usage */ +} tee_policy_bundle_t; + +typedef enum _tee_policy_auth_result_t +{ + TEE_AUTH_INCOMPLET = -1, /* Only part of the policies are provided and authenticated successfully. For example, you only input + * SGX platform policy for an SGX appraisal token, and the platform policy is authenticated successfully */ + TEE_AUTH_SUCCESS = 0, /* All the policies are authenticated successfully. For SGX, both SGX platform policies are provided and successfully */ + TEE_AUTH_FAILURE = 1, /* At least one of the input policies are authenticated failed */ +} tee_policy_auth_result_t; + +#if defined(__cplusplus) +extern "C" { +#endif + + +/** + * Appraise a Verification Result JWT against one or more Quote Appraisal Policies + * + * @param p_verification_result_token[IN] - Points to a null-terminated string containing the input Verification Result JWT. + * @param p_qaps[IN] - Points to an array of pointers, with each pointer pointing to a buffer holding a quote appraisal policy JWT token. + * Each token is a null-terminated string holding a JWT. + * @param qaps_count[IN] - The number of pointers in the p_qaps array. + * @param appraisal_check_date[IN] - - User input, used by the appraisal engine as its “current time” for expiration dates check. + * @param p_qae_report_info[IN, OUT] - The parameter is optional. If not NULL, QAE is used in the appraisal process. It holds the QvE report and + * the ISV Enclave's target info as input. A QAE report will be returnted after this function completes. + * @param p_appraisal_result_token_buffer_size[OUT] - Points to hold the size of the p_appraisal_result_token buffer. + * @param p_appraisal_result_token[OUT] - Points to the output Appraisal result JWT. + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h + **/ +quote3_error_t tee_appraise_verification_token( + const uint8_t *p_verification_result_token, + uint8_t **p_qaps, + uint8_t qaps_count, + const time_t appraisal_check_date, + sgx_ql_qe_report_info_t *p_qae_report_info, + uint32_t *p_appraisal_result_token_buffer_size, + uint8_t **p_appraisal_result_token); + +/** + * Free the appraisal result token that allocated in the "tee_appraise_verification_token" API + * @param p_appraisal_result_token[IN] - Points to the output Appraisal result JWT. + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h +**/ +quote3_error_t tee_free_appraisal_token(uint8_t *p_appraisal_result_token); + +/** + * Check whether the input policies are used in the appraisal process by comparing the policies with the appraisal result + * + * @param p_appraisal_result_token[IN] - Points to the Appraisal result JWT that generated by the "tee_appraise_verification_token" API + * @param p_policies[IN] - A structure that contains the target policies + * @param result[OUT] - the authentication result + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h +**/ +quote3_error_t tee_authenticate_appraisal_result(const uint8_t *p_appraisal_result_token, const tee_policy_bundle_t *p_policies, tee_policy_auth_result_t *result); + + +/** + * An expert implememntation to check whether the input policies are used in the appraisal process by comparing the policies with the appraisal result. + * + * @param p_quote[IN] - Optional. If not NULL, QAL will validate the quote hash in appraisal result with this input quote + * @param quote_size[IN] - Quote size. If p_quote is NULL, quote_size should be 0 + * @param p_appraisal_result_token[IN] - Points to the Appraisal result JWT that generated by the "tee_appraise_verification_token" API + * @param p_policies[IN] - A structure that contains the target policies + * @param p_td_identity[IN] - Optional. Pointer to tenant TD identity structure. It's a placeholder to support self signed TD identity in future. + * @param p_td_tcb_mapping_table[IN] - Optional. Pointer to tenant TD TCB mapping table. It's a placeholder to support self signed TD TCB mapping table in future. + * @param result[OUT] - the authentication result + * @param p_qae_report_info[IN, OUT] - The parameter is optional. If not NULL, QAE is used to authenticate the policies and a QAE report will be returned. + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h +**/ +quote3_error_t tee_authenticate_appraisal_result_ex(const uint8_t *p_quote, + uint32_t quote_size, + const uint8_t *p_appraisal_result_token, + const tee_policy_bundle_t *p_policies, + const uint8_t *p_td_identity, + const uint8_t *p_td_tcb_mapping_table, + tee_policy_auth_result_t *result, + sgx_ql_qe_report_info_t *p_qae_report_info); + +/** + * Check whether the input policies that are used in the appraisal process are signed by the specific owners. + * + * @param p_quote[IN] - Optional. If not NULL, QAL will validate the quote hash in appraisal result with this input quote + * @param quote_size[IN] - Quote size. If p_quote is NULL, quote_size should be 0 + * @param p_appraisal_result_token[IN] - Points to the Appraisal result JWT that generated by the "tee_appraise_verification_token" API + * @param policy_key_list[IN] - Points to an array of pointers, with each pointer pointing to a buffer holding a policy signing key. + * @param list_size[IN] - The policy signing key number. + * @param p_td_identity[IN] - Optional. Pointer to tenant TD identity structure. It's a placeholder to support self signed TD identity in future. + * @param p_td_tcb_mapping_table[IN] - Optional. Pointer to tenant TD TCB mapping table. It's a placeholder to support self signed TD TCB mapping table in future. + * @param result[OUT] - the authentication result + * @param p_qae_report_info[IN/OUT] - This parameter can be used in 2 ways: + * If p_qae_report_info is NOT NULL, the API will use Intel QAE to check the policies owner and appraisal result, and QAE will generate a report + * using the target_info in sgx_ql_qe_report_info_t structure. You should verify the report and QAE identity by using API in Intel TVL library. + * If p_qae_report_info is NULL, the API will use QVL library to check the policies owner and appraisal result, note that the results cannot be + * cryptographically authenticated in this mode. + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h + **/ +quote3_error_t tee_authenticate_policy_owner(const uint8_t *p_quote, + uint32_t quote_size, + const uint8_t *p_appraisal_result_token, + const uint8_t **policy_key_list, + uint32_t list_size, + const uint8_t *p_td_identity, + const uint8_t *p_td_tcb_mapping_table, + tee_policy_auth_result_t *result, + sgx_ql_qe_report_info_t *p_qae_report_info); + +/** + * Set QAE's loading policy. + * Supported policies: + * SGX_QL_EPHEMERAL - QAE is initialized and terminated on every appraisal function call. + * SGX_QL_PERSISTENT - Default policy. The process will share one single QAE instance. + * QAE is initialized on first use and reused until process ends. + * @param policy[in] - The enclave loading policy to be set. + * + * @return Status code of the operation. SGX_QL_SUCCESS or failure as defined in sgx_ql_lib_common.h + * + **/ +quote3_error_t sgx_qae_set_enclave_load_policy(sgx_ql_request_policy_t policy); + +#if defined(__cplusplus) +} +#endif + +#endif \ No newline at end of file diff --git a/core/build/headers/sgx_dcap_quoteverify.h b/core/build/headers/sgx_dcap_quoteverify.h index ae63f8b8..36bd170e 100644 --- a/core/build/headers/sgx_dcap_quoteverify.h +++ b/core/build/headers/sgx_dcap_quoteverify.h @@ -166,15 +166,17 @@ quote3_error_t sgx_qv_set_path(sgx_qv_path_type_t path_type, const char *p_path); /** - * Get quote verification result token. + * Perform ECDSA quote verification and get quote verification result token. * - * @param p_quote[IN] - Pointer to SGX Quote. + * @param p_quote[IN] - Pointer to SGX or TDX Quote. * @param quote_size[IN] - Size of the buffer pointed to by p_quote (in bytes). * @param p_quote_collateral[IN] - The parameter is optional. This is a pointer to the Quote Certification Collateral provided by the caller. * @param p_qve_report_info[IN/OUT] - This parameter can be used in 2 ways. * If p_qve_report_info is NOT NULL, the API will use Intel QvE to perform quote verification, and QvE will generate a report using the target_info in sgx_ql_qe_report_info_t structure. * if p_qve_report_info is NULL, the API will use QVL library to perform quote verification, note that the results can not be cryptographically authenticated in this mode. - * @param p_user_data[IN] - User data. + * @param p_user_data[IN] - If not NULL, this points to a buffer holding a null-terminated string for user data. The hash of this string will be verified to match the application enclave SGX reportData held in the input quote. Upon successful verification, the user data will be converted back into JSON format and included in the output VR JWT (instead of the reportData itself). + * The user data must be less than or equal to 128 bytes in size. + * This API only supports the SHA384 hashing algorithm, which means the SGX reportData in the quote must be SHA384 hashed. * @param p_verification_result_token_buffer_size[OUT] - Size of the buffer pointed to by verification_result_token (in bytes). * @param p_verification_result_token[OUT] - Pointer to the verification_result_token. * @@ -356,12 +358,12 @@ quote3_error_t tee_verify_quote( tee_supp_data_descriptor_t *p_supp_data_descriptor); /** - * Extrace FMSPC from a given quote + * Extrace FMSPC from a given quote * @param p_quote[IN] - Pointer to a quote buffer. * @param quote_size[IN] - Size of input quote buffer. * @param p_fmspc_from_quote[IN/OUT] - Pointer to a buffer to write fmspc to. * @param fmspc_from_quote_size[IN] - Size of fmspc buffer. - * + * * @return Status code of the operation, one of: * - SGX_QL_SUCCESS * - SGX_QL_ERROR_INVALID_PARAMETER @@ -371,7 +373,7 @@ quote3_error_t tee_verify_quote( */ quote3_error_t tee_get_fmspc_from_quote(const uint8_t* p_quote, uint32_t quote_size, uint8_t* p_fmspc_from_quote, uint32_t fmspc_from_quote_size); - + #if defined(__cplusplus) } #endif diff --git a/core/build/headers/sgx_dcap_tvl.h b/core/build/headers/sgx_dcap_tvl.h index 9e72690f..5eb7f577 100644 --- a/core/build/headers/sgx_dcap_tvl.h +++ b/core/build/headers/sgx_dcap_tvl.h @@ -40,7 +40,9 @@ #include "sgx_qve_header.h" #include "sgx_ql_quote.h" - +#ifndef _MSC_VER +#include "sgx_dcap_qae_tvl.h" +#endif #if defined(__cplusplus) extern "C" { @@ -87,7 +89,27 @@ SGX_TVL_API quote3_error_t sgx_tvl_verify_qve_report_and_identity( const uint8_t *p_supplemental_data, uint32_t supplemental_data_size, sgx_isv_svn_t qve_isvsvn_threshold); +#ifndef _MSC_VER +/** + * @brief Verifies the QAE report and identity based on the provided policies and the specified mode. + * + * This API is designed to verify the Quote Appraisal Enclave (QAE)'s report and identity + * according to the specified mode: QAE appraisal, strict policy authentication, or policy owner authentication. + * + * @param input [IN] Pointer to the qae_verification_input_t + * @param p_qae_report_info [IN] Pointer to the QAE report information structure. + * @param qae_isvsvn_threshold [IN] ISV SVN threshold for QAE. + * + * @return quote3_error_t Returns an error code on failure, or SGX_QL_SUCCESS on success. + * +**/ + +SGX_TVL_API quote3_error_t tee_verify_qae_report_and_identity( + qae_verification_input_t *input, + sgx_ql_qe_report_info_t p_qae_report_info, + sgx_isv_svn_t qae_isvsvn_threshold); +#endif #if defined(__cplusplus) } #endif diff --git a/core/build/headers/sgx_error.h b/core/build/headers/sgx_error.h index 092d1d89..8c8c6d38 100644 --- a/core/build/headers/sgx_error.h +++ b/core/build/headers/sgx_error.h @@ -75,6 +75,7 @@ typedef enum _status_t SGX_ERROR_INVALID_CPUSVN = SGX_MK_ERROR(0x3003), /* The cpu svn is beyond platform's cpu svn value */ SGX_ERROR_INVALID_ISVSVN = SGX_MK_ERROR(0x3004), /* The isv svn is greater than the enclave's isv svn */ SGX_ERROR_INVALID_KEYNAME = SGX_MK_ERROR(0x3005), /* The key name is an unsupported value */ + SGX_ERROR_UNSUPPORTED_FUNCTION = SGX_MK_ERROR(0x3006), /* The functionality is not supported */ SGX_ERROR_SERVICE_UNAVAILABLE = SGX_MK_ERROR(0x4001), /* Indicates aesm didn't respond or the requested service is not supported */ SGX_ERROR_SERVICE_TIMEOUT = SGX_MK_ERROR(0x4002), /* The request to aesm timed out */ diff --git a/core/build/headers/sgx_ql_lib_common.h b/core/build/headers/sgx_ql_lib_common.h index 8995db2f..b32c32dc 100644 --- a/core/build/headers/sgx_ql_lib_common.h +++ b/core/build/headers/sgx_ql_lib_common.h @@ -41,114 +41,120 @@ #include "sgx_key.h" -#define SGX_QL_MK_ERROR(x) (0x0000E000|(x)) +#define TEE_MK_ERROR(x) (0x0000E000|(x)) /** Possible errors generated by the quote interface. */ typedef enum _quote3_error_t { - SGX_QL_SUCCESS = 0x0000, ///< Success - SGX_QL_ERROR_MIN = SGX_QL_MK_ERROR(0x0001), ///< Indicate min error to allow better translation. - SGX_QL_ERROR_UNEXPECTED = SGX_QL_MK_ERROR(0x0001), ///< Unexpected error - SGX_QL_ERROR_INVALID_PARAMETER = SGX_QL_MK_ERROR(0x0002), ///< The parameter is incorrect - SGX_QL_ERROR_OUT_OF_MEMORY = SGX_QL_MK_ERROR(0x0003), ///< Not enough memory is available to complete this operation - SGX_QL_ERROR_ECDSA_ID_MISMATCH = SGX_QL_MK_ERROR(0x0004), ///< Expected ECDSA_ID does not match the value stored in the ECDSA Blob - SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR = SGX_QL_MK_ERROR(0x0005), ///< The ECDSA blob pathname is too large - SGX_QL_FILE_ACCESS_ERROR = SGX_QL_MK_ERROR(0x0006), ///< Error accessing ECDSA blob - SGX_QL_ERROR_STORED_KEY = SGX_QL_MK_ERROR(0x0007), ///< Cached ECDSA key is invalid - SGX_QL_ERROR_PUB_KEY_ID_MISMATCH = SGX_QL_MK_ERROR(0x0008), ///< Cached ECDSA key does not match requested key - SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME = SGX_QL_MK_ERROR(0x0009), ///< PCE use the incorrect signature scheme - SGX_QL_ATT_KEY_BLOB_ERROR = SGX_QL_MK_ERROR(0x000a), ///< There is a problem with the attestation key blob. - SGX_QL_UNSUPPORTED_ATT_KEY_ID = SGX_QL_MK_ERROR(0x000b), ///< Unsupported attestation key ID. - SGX_QL_UNSUPPORTED_LOADING_POLICY = SGX_QL_MK_ERROR(0x000c), ///< Unsupported enclave loading policy. - SGX_QL_INTERFACE_UNAVAILABLE = SGX_QL_MK_ERROR(0x000d), ///< Unable to load the PCE enclave - SGX_QL_PLATFORM_LIB_UNAVAILABLE = SGX_QL_MK_ERROR(0x000e), ///< Unable to find the platform library with the dependent APIs. Not fatal. - SGX_QL_ATT_KEY_NOT_INITIALIZED = SGX_QL_MK_ERROR(0x000f), ///< The attestation key doesn't exist or has not been certified. - SGX_QL_ATT_KEY_CERT_DATA_INVALID = SGX_QL_MK_ERROR(0x0010), ///< The certification data retrieved from the platform library is invalid. - SGX_QL_NO_PLATFORM_CERT_DATA = SGX_QL_MK_ERROR(0x0011), ///< The platform library doesn't have any platfrom cert data. - SGX_QL_OUT_OF_EPC = SGX_QL_MK_ERROR(0x0012), ///< Not enough memory in the EPC to load the enclave. - SGX_QL_ERROR_REPORT = SGX_QL_MK_ERROR(0x0013), ///< There was a problem verifying an SGX REPORT. - SGX_QL_ENCLAVE_LOST = SGX_QL_MK_ERROR(0x0014), ///< Interfacing to the enclave failed due to a power transition. - SGX_QL_INVALID_REPORT = SGX_QL_MK_ERROR(0x0015), ///< Error verifying the application enclave's report. - SGX_QL_ENCLAVE_LOAD_ERROR = SGX_QL_MK_ERROR(0x0016), ///< Unable to load the enclaves. Could be due to file I/O error, loading infrastructure error, or non-SGX capable system - SGX_QL_UNABLE_TO_GENERATE_QE_REPORT = SGX_QL_MK_ERROR(0x0017), ///< The QE was unable to generate its own report targeting the application enclave either - ///< because the QE doesn't support this feature there is an enclave compatibility issue. - ///< Please call again with the p_qe_report_info to NULL. - SGX_QL_KEY_CERTIFCATION_ERROR = SGX_QL_MK_ERROR(0x0018), ///< Caused when the provider library returns an invalid TCB (too high). - SGX_QL_NETWORK_ERROR = SGX_QL_MK_ERROR(0x0019), ///< Network error when retrieving PCK certs - SGX_QL_MESSAGE_ERROR = SGX_QL_MK_ERROR(0x001a), ///< Message error when retrieving PCK certs - SGX_QL_NO_QUOTE_COLLATERAL_DATA = SGX_QL_MK_ERROR(0x001b), ///< The platform does not have the quote verification collateral data available. - SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = SGX_QL_MK_ERROR(0x001c), - SGX_QL_QUOTE_FORMAT_UNSUPPORTED = SGX_QL_MK_ERROR(0x001d), - SGX_QL_UNABLE_TO_GENERATE_REPORT = SGX_QL_MK_ERROR(0x001e), - SGX_QL_QE_REPORT_INVALID_SIGNATURE = SGX_QL_MK_ERROR(0x001f), - SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT = SGX_QL_MK_ERROR(0x0020), - SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT = SGX_QL_MK_ERROR(0x0021), - SGX_QL_PCK_CERT_CHAIN_ERROR = SGX_QL_MK_ERROR(0x0022), - SGX_QL_TCBINFO_UNSUPPORTED_FORMAT = SGX_QL_MK_ERROR(0x0023), - SGX_QL_TCBINFO_MISMATCH = SGX_QL_MK_ERROR(0x0024), - SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT = SGX_QL_MK_ERROR(0x0025), - SGX_QL_QEIDENTITY_MISMATCH = SGX_QL_MK_ERROR(0x0026), - SGX_QL_TCB_OUT_OF_DATE = SGX_QL_MK_ERROR(0x0027), - SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = SGX_QL_MK_ERROR(0x0028), ///< TCB out of date and Configuration needed - SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = SGX_QL_MK_ERROR(0x0029), - SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = SGX_QL_MK_ERROR(0x002a), - SGX_QL_QE_IDENTITY_OUT_OF_DATE = SGX_QL_MK_ERROR(0x002b), - SGX_QL_SGX_TCB_INFO_EXPIRED = SGX_QL_MK_ERROR(0x002c), - SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED = SGX_QL_MK_ERROR(0x002d), - SGX_QL_SGX_CRL_EXPIRED = SGX_QL_MK_ERROR(0x002e), - SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED = SGX_QL_MK_ERROR(0x002f), - SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED = SGX_QL_MK_ERROR(0x0030), - SGX_QL_PCK_REVOKED = SGX_QL_MK_ERROR(0x0031), - SGX_QL_TCB_REVOKED = SGX_QL_MK_ERROR(0x0032), - SGX_QL_TCB_CONFIGURATION_NEEDED = SGX_QL_MK_ERROR(0x0033), - SGX_QL_UNABLE_TO_GET_COLLATERAL = SGX_QL_MK_ERROR(0x0034), - SGX_QL_ERROR_INVALID_PRIVILEGE = SGX_QL_MK_ERROR(0x0035), ///< No enough privilege to perform the operation - SGX_QL_NO_QVE_IDENTITY_DATA = SGX_QL_MK_ERROR(0x0037), ///< The platform does not have the QVE identity data available. - SGX_QL_CRL_UNSUPPORTED_FORMAT = SGX_QL_MK_ERROR(0x0038), - SGX_QL_QEIDENTITY_CHAIN_ERROR = SGX_QL_MK_ERROR(0x0039), - SGX_QL_TCBINFO_CHAIN_ERROR = SGX_QL_MK_ERROR(0x003a), - SGX_QL_ERROR_QVL_QVE_MISMATCH = SGX_QL_MK_ERROR(0x003b), ///< Supplemental data size and version mismatched between QVL and QvE - ///< Please make sure to use QVL and QvE from same release package - SGX_QL_TCB_SW_HARDENING_NEEDED = SGX_QL_MK_ERROR(0x003c), ///< TCB up to date but SW Hardening needed - SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = SGX_QL_MK_ERROR(0x003d), ///< TCB up to date but Configuration and SW Hardening needed - - SGX_QL_UNSUPPORTED_MODE = SGX_QL_MK_ERROR(0x003e), - - SGX_QL_NO_DEVICE = SGX_QL_MK_ERROR(0x003f), - SGX_QL_SERVICE_UNAVAILABLE = SGX_QL_MK_ERROR(0x0040), - SGX_QL_NETWORK_FAILURE = SGX_QL_MK_ERROR(0x0041), - SGX_QL_SERVICE_TIMEOUT = SGX_QL_MK_ERROR(0x0042), - SGX_QL_ERROR_BUSY = SGX_QL_MK_ERROR(0x0043), - - SGX_QL_UNKNOWN_MESSAGE_RESPONSE = SGX_QL_MK_ERROR(0x0044), /// Unexpected error from the cache service - SGX_QL_PERSISTENT_STORAGE_ERROR = SGX_QL_MK_ERROR(0x0045), /// Error storing the retrieved cached data in persistent memory - SGX_QL_ERROR_MESSAGE_PARSING_ERROR = SGX_QL_MK_ERROR(0x0046), /// Message parsing error - SGX_QL_PLATFORM_UNKNOWN = SGX_QL_MK_ERROR(0x0047), /// Platform was not found in the cache - SGX_QL_UNKNOWN_API_VERSION = SGX_QL_MK_ERROR(0x0048), /// The current PCS API version configured is unknown - SGX_QL_CERTS_UNAVAILABLE = SGX_QL_MK_ERROR(0x0049), /// Certificates are not available for this platform - - SGX_QL_QVEIDENTITY_MISMATCH = SGX_QL_MK_ERROR(0x0050), ///< QvE Identity is NOT match to Intel signed QvE identity - SGX_QL_QVE_OUT_OF_DATE = SGX_QL_MK_ERROR(0x0051), ///< QvE ISVSVN is smaller than the ISVSVN threshold, or input QvE ISVSVN is too small - SGX_QL_PSW_NOT_AVAILABLE = SGX_QL_MK_ERROR(0x0052), ///< SGX PSW library cannot be loaded, could be due to file I/O error - SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED = SGX_QL_MK_ERROR(0x0053), ///< SGX quote verification collateral version not supported by QVL/QvE - SGX_QL_TDX_MODULE_MISMATCH = SGX_QL_MK_ERROR(0x0060), ///< TDX SEAM module identity is NOT match to Intel signed TDX SEAM module - - SGX_QL_QEIDENTITY_NOT_FOUND = SGX_QL_MK_ERROR(0x0061), ///< QE identity was not found - SGX_QL_TCBINFO_NOT_FOUND = SGX_QL_MK_ERROR(0x0062), ///< TCB Info was not found - SGX_QL_INTERNAL_SERVER_ERROR = SGX_QL_MK_ERROR(0x0063), ///< Internal server error - - SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED = SGX_QL_MK_ERROR(0x0064), ///< The supplemental data version is not supported - - SGX_QL_ROOT_CA_UNTRUSTED = SGX_QL_MK_ERROR(0x0065), ///< The certificate used to establish SSL session is untrusted - - SGX_QL_TCB_NOT_SUPPORTED = SGX_QL_MK_ERROR(0x0066), ///< Current TCB level cannot be found in platform/enclave TCB info - - SGX_QL_CONFIG_INVALID_JSON = SGX_QL_MK_ERROR(0x0067), ///< The QPL's config file is in JSON format but has a format error - - SGX_QL_RESULT_INVALID_SIGNATURE = SGX_QL_MK_ERROR(0x0068), ///< Invalid signature during quote verification - - SGX_QL_ERROR_MAX = SGX_QL_MK_ERROR(0x00FF), ///< Indicate max error to allow better translation. - -} quote3_error_t; + SGX_QL_SUCCESS = 0x0000, TEE_SUCCESS = 0x0000, ///< Success + SGX_QL_ERROR_MIN = TEE_MK_ERROR(0x0001), TEE_ERROR_MIN = TEE_MK_ERROR(0x0001), ///< Indicate min error to allow better translation. + SGX_QL_ERROR_UNEXPECTED = TEE_MK_ERROR(0x0001), TEE_ERROR_UNEXPECTED = TEE_MK_ERROR(0x0001), ///< Unexpected error + SGX_QL_ERROR_INVALID_PARAMETER = TEE_MK_ERROR(0x0002), TEE_ERROR_INVALID_PARAMETER = TEE_MK_ERROR(0x0002), ///< The parameter is incorrect + SGX_QL_ERROR_OUT_OF_MEMORY = TEE_MK_ERROR(0x0003), TEE_ERROR_OUT_OF_MEMORY = TEE_MK_ERROR(0x0003), ///< Not enough memory is available to complete this operation + SGX_QL_ERROR_ECDSA_ID_MISMATCH = TEE_MK_ERROR(0x0004), TEE_ERROR_ECDSA_ID_MISMATCH = TEE_MK_ERROR(0x0004), ///< Expected ECDSA_ID does not match the value stored in the ECDSA Blob + SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR = TEE_MK_ERROR(0x0005), TEE_PATHNAME_BUFFER_OVERFLOW_ERROR = TEE_MK_ERROR(0x0005), ///< The ECDSA blob pathname is too large + SGX_QL_FILE_ACCESS_ERROR = TEE_MK_ERROR(0x0006), TEE_FILE_ACCESS_ERROR = TEE_MK_ERROR(0x0006), ///< Error accessing ECDSA blob + SGX_QL_ERROR_STORED_KEY = TEE_MK_ERROR(0x0007), TEE_ERROR_STORED_KEY = TEE_MK_ERROR(0x0007), ///< Cached ECDSA key is invalid + SGX_QL_ERROR_PUB_KEY_ID_MISMATCH = TEE_MK_ERROR(0x0008), TEE_ERROR_PUB_KEY_ID_MISMATCH = TEE_MK_ERROR(0x0008), ///< Cached ECDSA key does not match requested key + SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME = TEE_MK_ERROR(0x0009), TEE_ERROR_INVALID_PCE_SIG_SCHEME = TEE_MK_ERROR(0x0009), ///< PCE use the incorrect signature scheme + SGX_QL_ATT_KEY_BLOB_ERROR = TEE_MK_ERROR(0x000a), TEE_ATT_KEY_BLOB_ERROR = TEE_MK_ERROR(0x000a), ///< There is a problem with the attestation key blob. + SGX_QL_UNSUPPORTED_ATT_KEY_ID = TEE_MK_ERROR(0x000b), TEE_UNSUPPORTED_ATT_KEY_ID = TEE_MK_ERROR(0x000b), ///< Unsupported attestation key ID. + SGX_QL_UNSUPPORTED_LOADING_POLICY = TEE_MK_ERROR(0x000c), TEE_UNSUPPORTED_LOADING_POLICY = TEE_MK_ERROR(0x000c), ///< Unsupported enclave loading policy. + SGX_QL_INTERFACE_UNAVAILABLE = TEE_MK_ERROR(0x000d), TEE_INTERFACE_UNAVAILABLE = TEE_MK_ERROR(0x000d), ///< Unable to load the PCE enclave + SGX_QL_PLATFORM_LIB_UNAVAILABLE = TEE_MK_ERROR(0x000e), TEE_PLATFORM_LIB_UNAVAILABLE = TEE_MK_ERROR(0x000e), ///< Unable to find the platform library with the dependent APIs. Not fatal. + SGX_QL_ATT_KEY_NOT_INITIALIZED = TEE_MK_ERROR(0x000f), TEE_ATT_KEY_NOT_INITIALIZED = TEE_MK_ERROR(0x000f), ///< The attestation key doesn't exist or has not been certified. + SGX_QL_ATT_KEY_CERT_DATA_INVALID = TEE_MK_ERROR(0x0010), TEE_ATT_KEY_CERT_DATA_INVALID = TEE_MK_ERROR(0x0010), ///< The certification data retrieved from the platform library is invalid. + SGX_QL_NO_PLATFORM_CERT_DATA = TEE_MK_ERROR(0x0011), TEE_NO_PLATFORM_CERT_DATA = TEE_MK_ERROR(0x0011), ///< The platform library doesn't have any platfrom cert data. + SGX_QL_OUT_OF_EPC = TEE_MK_ERROR(0x0012), TEE_OUT_OF_EPC = TEE_MK_ERROR(0x0012), ///< Not enough memory in the EPC to load the enclave. + SGX_QL_ERROR_REPORT = TEE_MK_ERROR(0x0013), TEE_ERROR_REPORT = TEE_MK_ERROR(0x0013), ///< There was a problem verifying an SGX REPORT. + SGX_QL_ENCLAVE_LOST = TEE_MK_ERROR(0x0014), TEE_ENCLAVE_LOST = TEE_MK_ERROR(0x0014), ///< Interfacing to the enclave failed due to a power transition. + SGX_QL_INVALID_REPORT = TEE_MK_ERROR(0x0015), TEE_INVALID_REPORT = TEE_MK_ERROR(0x0015), ///< Error verifying the application enclave's report. + SGX_QL_ENCLAVE_LOAD_ERROR = TEE_MK_ERROR(0x0016), TEE_ENCLAVE_LOAD_ERROR = TEE_MK_ERROR(0x0016), ///< Unable to load the enclaves. Could be due to file I/O error, loading infrastructure error, or non-SGX capable system + SGX_QL_UNABLE_TO_GENERATE_QE_REPORT = TEE_MK_ERROR(0x0017), TEE_UNABLE_TO_GENERATE_QE_REPORT = TEE_MK_ERROR(0x0017), ///< The QE was unable to generate its own report targeting the application enclave either + ///< because the QE doesn't support this feature there is an enclave compatibility issue. + ///< Please call again with the p_qe_report_info to NULL. + SGX_QL_KEY_CERTIFCATION_ERROR = TEE_MK_ERROR(0x0018), TEE_KEY_CERTIFCATION_ERROR = TEE_MK_ERROR(0x0018), ///< Caused when the provider library returns an invalid TCB (too high). + SGX_QL_NETWORK_ERROR = TEE_MK_ERROR(0x0019), TEE_NETWORK_ERROR = TEE_MK_ERROR(0x0019), ///< Network error when retrieving PCK certs + SGX_QL_MESSAGE_ERROR = TEE_MK_ERROR(0x001a), TEE_MESSAGE_ERROR = TEE_MK_ERROR(0x001a), ///< Message error when retrieving PCK certs + SGX_QL_NO_QUOTE_COLLATERAL_DATA = TEE_MK_ERROR(0x001b), TEE_NO_QUOTE_COLLATERAL_DATA = TEE_MK_ERROR(0x001b), ///< The platform does not have the quote verification collateral data available. + SGX_QL_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = TEE_MK_ERROR(0x001c), TEE_QUOTE_CERTIFICATION_DATA_UNSUPPORTED = TEE_MK_ERROR(0x001c), + SGX_QL_QUOTE_FORMAT_UNSUPPORTED = TEE_MK_ERROR(0x001d), TEE_QUOTE_FORMAT_UNSUPPORTED = TEE_MK_ERROR(0x001d), + SGX_QL_UNABLE_TO_GENERATE_REPORT = TEE_MK_ERROR(0x001e), TEE_UNABLE_TO_GENERATE_REPORT = TEE_MK_ERROR(0x001e), + SGX_QL_QE_REPORT_INVALID_SIGNATURE = TEE_MK_ERROR(0x001f), TEE_QE_REPORT_INVALID_SIGNATURE = TEE_MK_ERROR(0x001f), + SGX_QL_QE_REPORT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0020), TEE_QE_REPORT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0020), + SGX_QL_PCK_CERT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0021), TEE_PCK_CERT_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0021), + SGX_QL_PCK_CERT_CHAIN_ERROR = TEE_MK_ERROR(0x0022), TEE_PCK_CERT_CHAIN_ERROR = TEE_MK_ERROR(0x0022), + SGX_QL_TCBINFO_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0023), TEE_TCBINFO_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0023), + SGX_QL_TCBINFO_MISMATCH = TEE_MK_ERROR(0x0024), TEE_TCBINFO_MISMATCH = TEE_MK_ERROR(0x0024), + SGX_QL_QEIDENTITY_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0025), TEE_QEIDENTITY_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0025), + SGX_QL_QEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0026), TEE_QEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0026), + SGX_QL_TCB_OUT_OF_DATE = TEE_MK_ERROR(0x0027), TEE_TCB_OUT_OF_DATE = TEE_MK_ERROR(0x0027), + SGX_QL_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0028), TEE_TCB_OUT_OF_DATE_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0028), ///< TCB out of date and Configuration needed + SGX_QL_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x0029), TEE_SGX_ENCLAVE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x0029), + SGX_QL_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = TEE_MK_ERROR(0x002a), TEE_SGX_ENCLAVE_REPORT_ISVSVN_OUT_OF_DATE = TEE_MK_ERROR(0x002a), + SGX_QL_QE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x002b), TEE_QE_IDENTITY_OUT_OF_DATE = TEE_MK_ERROR(0x002b), + SGX_QL_SGX_TCB_INFO_EXPIRED = TEE_MK_ERROR(0x002c), TEE_SGX_TCB_INFO_EXPIRED = TEE_MK_ERROR(0x002c), + SGX_QL_SGX_PCK_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002d), TEE_SGX_PCK_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002d), + SGX_QL_SGX_CRL_EXPIRED = TEE_MK_ERROR(0x002e), TEE_SGX_CRL_EXPIRED = TEE_MK_ERROR(0x002e), + SGX_QL_SGX_SIGNING_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002f), TEE_SGX_SIGNING_CERT_CHAIN_EXPIRED = TEE_MK_ERROR(0x002f), + SGX_QL_SGX_ENCLAVE_IDENTITY_EXPIRED = TEE_MK_ERROR(0x0030), TEE_SGX_ENCLAVE_IDENTITY_EXPIRED = TEE_MK_ERROR(0x0030), + SGX_QL_PCK_REVOKED = TEE_MK_ERROR(0x0031), TEE_PCK_REVOKED = TEE_MK_ERROR(0x0031), + SGX_QL_TCB_REVOKED = TEE_MK_ERROR(0x0032), TEE_TCB_REVOKED = TEE_MK_ERROR(0x0032), + SGX_QL_TCB_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0033), TEE_TCB_CONFIGURATION_NEEDED = TEE_MK_ERROR(0x0033), + SGX_QL_UNABLE_TO_GET_COLLATERAL = TEE_MK_ERROR(0x0034), TEE_UNABLE_TO_GET_COLLATERAL = TEE_MK_ERROR(0x0034), + SGX_QL_ERROR_INVALID_PRIVILEGE = TEE_MK_ERROR(0x0035), TEE_ERROR_INVALID_PRIVILEGE = TEE_MK_ERROR(0x0035), ///< No enough privilege to perform the operation + SGX_QL_NO_QVE_IDENTITY_DATA = TEE_MK_ERROR(0x0037), TEE_NO_QVE_IDENTITY_DATA = TEE_MK_ERROR(0x0037), ///< The platform does not have the QVE identity data available. + SGX_QL_CRL_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0038), TEE_CRL_UNSUPPORTED_FORMAT = TEE_MK_ERROR(0x0038), + SGX_QL_QEIDENTITY_CHAIN_ERROR = TEE_MK_ERROR(0x0039), TEE_QEIDENTITY_CHAIN_ERROR = TEE_MK_ERROR(0x0039), + SGX_QL_TCBINFO_CHAIN_ERROR = TEE_MK_ERROR(0x003a), TEE_TCBINFO_CHAIN_ERROR = TEE_MK_ERROR(0x003a), + SGX_QL_ERROR_QVL_QVE_MISMATCH = TEE_MK_ERROR(0x003b), TEE_ERROR_QVL_QVE_MISMATCH = TEE_MK_ERROR(0x003b), ///< Supplemental data size and version mismatched between QVL and QvE + ///< Please make sure to use QVL and QvE from same release package + SGX_QL_TCB_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003c), TEE_TCB_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003c), ///< TCB up to date but SW Hardening needed + SGX_QL_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003d), TEE_TCB_CONFIGURATION_AND_SW_HARDENING_NEEDED = TEE_MK_ERROR(0x003d), ///< TCB up to date but Configuration and SW Hardening needed + + SGX_QL_UNSUPPORTED_MODE = TEE_MK_ERROR(0x003e), TEE_UNSUPPORTED_MODE = TEE_MK_ERROR(0x003e), + + SGX_QL_NO_DEVICE = TEE_MK_ERROR(0x003f), TEE_NO_DEVICE = TEE_MK_ERROR(0x003f), + SGX_QL_SERVICE_UNAVAILABLE = TEE_MK_ERROR(0x0040), TEE_SERVICE_UNAVAILABLE = TEE_MK_ERROR(0x0040), + SGX_QL_NETWORK_FAILURE = TEE_MK_ERROR(0x0041), TEE_NETWORK_FAILURE = TEE_MK_ERROR(0x0041), + SGX_QL_SERVICE_TIMEOUT = TEE_MK_ERROR(0x0042), TEE_SERVICE_TIMEOUT = TEE_MK_ERROR(0x0042), + SGX_QL_ERROR_BUSY = TEE_MK_ERROR(0x0043), TEE_ERROR_BUSY = TEE_MK_ERROR(0x0043), + + SGX_QL_UNKNOWN_MESSAGE_RESPONSE = TEE_MK_ERROR(0x0044), TEE_UNKNOWN_MESSAGE_RESPONSE = TEE_MK_ERROR(0x0044), ///< Unexpected error from the cache service + SGX_QL_PERSISTENT_STORAGE_ERROR = TEE_MK_ERROR(0x0045), TEE_PERSISTENT_STORAGE_ERROR = TEE_MK_ERROR(0x0045), ///< Error storing the retrieved cached data in persistent memory + SGX_QL_ERROR_MESSAGE_PARSING_ERROR = TEE_MK_ERROR(0x0046), TEE_ERROR_MESSAGE_PARSING_ERROR = TEE_MK_ERROR(0x0046), /// Message parsing error + SGX_QL_PLATFORM_UNKNOWN = TEE_MK_ERROR(0x0047), TEE_PLATFORM_UNKNOWN = TEE_MK_ERROR(0x0047), ///< Platform was not found in the cache + SGX_QL_UNKNOWN_API_VERSION = TEE_MK_ERROR(0x0048), TEE_UNKNOWN_API_VERSION = TEE_MK_ERROR(0x0048), ///< The current PCS API version configured is unknown + SGX_QL_CERTS_UNAVAILABLE = TEE_MK_ERROR(0x0049), TEE_CERTS_UNAVAILABLE = TEE_MK_ERROR(0x0049), ///< Certificates are not available for this platform + + SGX_QL_QVEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0050), TEE_QVEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0050), ///< QvE Identity is NOT match to Intel signed QvE identity + SGX_QL_QVE_OUT_OF_DATE = TEE_MK_ERROR(0x0051), TEE_QVE_OUT_OF_DATE = TEE_MK_ERROR(0x0051), ///< QvE ISVSVN is smaller than the ISVSVN threshold, or input QvE ISVSVN is too small + SGX_QL_PSW_NOT_AVAILABLE = TEE_MK_ERROR(0x0052), TEE_PSW_NOT_AVAILABLE = TEE_MK_ERROR(0x0052), ///< SGX PSW library cannot be loaded, could be due to file I/O error + SGX_QL_COLLATERAL_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0053), TEE_COLLATERAL_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0053), ///< SGX quote verification collateral version not supported by QVL/QvE + SGX_QL_TDX_MODULE_MISMATCH = TEE_MK_ERROR(0x0060), TEE_TDX_MODULE_MISMATCH = TEE_MK_ERROR(0x0060), ///< TDX SEAM module identity is NOT match to Intel signed TDX SEAM module + + SGX_QL_QEIDENTITY_NOT_FOUND = TEE_MK_ERROR(0x0061), TEE_QEIDENTITY_NOT_FOUND = TEE_MK_ERROR(0x0061), ///< QE identity was not found + SGX_QL_TCBINFO_NOT_FOUND = TEE_MK_ERROR(0x0062), TEE_TCBINFO_NOT_FOUND = TEE_MK_ERROR(0x0062), ///< TCB Info was not found + SGX_QL_INTERNAL_SERVER_ERROR = TEE_MK_ERROR(0x0063), TEE_INTERNAL_SERVER_ERROR = TEE_MK_ERROR(0x0063), ///< Internal server error + + SGX_QL_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0064), TEE_SUPPLEMENTAL_DATA_VERSION_NOT_SUPPORTED = TEE_MK_ERROR(0x0064), ///< The supplemental data version is not supported + + SGX_QL_ROOT_CA_UNTRUSTED = TEE_MK_ERROR(0x0065), TEE_ROOT_CA_UNTRUSTED = TEE_MK_ERROR(0x0065), ///< The certificate used to establish SSL session is untrusted + + SGX_QL_TCB_NOT_SUPPORTED = TEE_MK_ERROR(0x0066), TEE_TCB_NOT_SUPPORTED = TEE_MK_ERROR(0x0066), ///< Current TCB level cannot be found in platform/enclave TCB info + + SGX_QL_CONFIG_INVALID_JSON = TEE_MK_ERROR(0x0067), TEE_CONFIG_INVALID_JSON = TEE_MK_ERROR(0x0067), ///< The QPL's config file is in JSON format but has a format error + + SGX_QL_RESULT_INVALID_SIGNATURE = TEE_MK_ERROR(0x0068), TEE_RESULT_INVALID_SIGNATURE = TEE_MK_ERROR(0x0068), ///< Invalid signature during quote verification + + // Appraisal specific error codes + SGX_QL_QAEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0070), TEE_QAEIDENTITY_MISMATCH = TEE_MK_ERROR(0x0070), ///< QaE Identity is NOT match to Intel signed QaE identity + SGX_QL_QAE_OUT_OF_DATE = TEE_MK_ERROR(0x0071), TEE_QAE_OUT_OF_DATE = TEE_MK_ERROR(0x0071), ///< QaE ISVSVN is smaller than the ISVSVN threshold, or input QaE ISVSVN is too small + SGX_QL_QUOTE_HASH_MISMATCH = TEE_MK_ERROR(0x0072), TEE_RESULT_QUOTE_HASH_MISMATCH = TEE_MK_ERROR(0x0072), ///< Quote hash in the appraisal result is not derived from the input quote + SGX_QL_REPORT_DATA_MISMATCH = TEE_MK_ERROR(0x0073), TEE_RESULT_REPORT_DATA_MISMATCH = TEE_MK_ERROR(0x0073), ///< report data mismatch during qae report and identity verify + + SGX_QL_ERROR_MAX = TEE_MK_ERROR(0x00FF), TEE_ERROR_MAX = TEE_MK_ERROR(0x00FF), ///< Indicate max error to allow better translation. + +} quote3_error_t, tee_error_t; #pragma pack(push, 1) diff --git a/core/build/headers/sgx_quote_5.h b/core/build/headers/sgx_quote_5.h new file mode 100644 index 00000000..6f33090d --- /dev/null +++ b/core/build/headers/sgx_quote_5.h @@ -0,0 +1,132 @@ +/* + * Copyright (C) 2011-2019 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * File: sgx_quote_5.h + * Description: Definition for quote structure. + * + * Quote structure and all relative structure will be defined in this file. + */ + +#ifndef _SGX_QUOTE_5_H_ +#define _SGX_QUOTE_5_H_ + +#include "sgx_quote_4.h" + + +#pragma pack(push, 1) + +#define QE_QUOTE_VERSION_V5 5 +#define TD_INFO_RESERVED_BYTES_V1_5 64 +typedef struct _tee_info_v1_5_t /* 512 bytes */ +{ + tee_attributes_t attributes; /* ( 0) TD's attributes */ + tee_attributes_t xfam; /* ( 8) TD's XFAM */ + tee_measurement_t mr_td; /* ( 16) Measurement of the initial contents of the TD */ + tee_measurement_t mr_config_id; /* ( 64) Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration */ + tee_measurement_t mr_owner; /* (112) Software defined ID for the guest TD's owner */ + tee_measurement_t mr_owner_config; /* (160) Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS */ + tee_measurement_t rt_mr[4]; /* (208) Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers */ + tee_measurement_t mr_servicetd; /* (400) If is one or more bound or pre-bound service TDs, SERVTD_HASH is the SHA384 hash of the TDINFO_STRUCTs of those service TDs bound. + Else, SERVTD_HASH is 0. */ + uint8_t reserved[TD_INFO_RESERVED_BYTES_V1_5]; /* (448) Reserved, must be zero */ +} tee_info_v1_5_t; + + +#define TD_TEE_TCB_INFO_RESERVED_BYTES_V1_5 95 +typedef struct _tee_tcb_info_v1_5_t +{ + uint8_t valid[8]; /* ( 0) Indicates TEE_TCB_INFO fields which are valid */ + /* - 1 in the i-th significant bit reflects that the field starting at byte offset(8*i) */ + /* - 0 in the i-th significant bit reflects that either no field start by byte offset(8*i) or that */ + /* field is not populated and is set to zero. */ + /* the accepted value of a TDX 1.5 tee_tcb_info_v2 is 0x013ff. (Note: Set to 0x301FF if */ + /* SEAMDB_ENABLED == ‘1, otherwise set to 0x1FF. (SEAMDB_ENABLED is introduced for TDX1.4 TD Preserving)*/ + tee_tcb_svn_t tee_tcb_svn; /* ( 8) TEE_TCB_SVN Array */ + tee_measurement_t mr_seam; /* ( 24) Measurement of the SEAM module */ + tee_measurement_t mr_seam_signer; /* ( 72) Measurement of SEAM module signer. (Not populated for Intel SEAM modules) */ + tee_attributes_t attributes; /* (120) Additional configuration attributes.(Not populated for Intel SEAM modules) */ + tee_tcb_svn_t tee_tcb_svn2; /* (128) Array of TEE TCB SVNs (for TD preserving). */ + uint8_t reserved[TD_TEE_TCB_INFO_RESERVED_BYTES_V1_5];/* (144) Reserved, must be zero */ +} tee_tcb_info_v1_5_t; + +/** The quote header. It is designed to compatible with earlier versions of the quote. */ +typedef sgx_quote4_header_t sgx_quote5_header_t; + +/** SGX Report2 body for quote v5 */ +typedef struct _sgx_report2_body_v1_5_t { + tee_tcb_svn_t tee_tcb_svn; ///< 0: TEE_TCB_SVN Array + tee_measurement_t mr_seam; ///< 16: Measurement of the SEAM module + tee_measurement_t mrsigner_seam; ///< 64: Measurement of a 3rd party SEAM module’s signer (SHA384 hash). + /// The value is 0’ed for Intel SEAM module + tee_attributes_t seam_attributes; ///< 112: MBZ: TDX 1.0 + tee_attributes_t td_attributes; ///< 120: TD's attributes + tee_attributes_t xfam; ///< 128: TD's XFAM + tee_measurement_t mr_td; ///< 136: Measurement of the initial contents of the TD + tee_measurement_t mr_config_id; ///< 184: Software defined ID for non-owner-defined configuration on the guest TD. e.g., runtime or OS configuration + tee_measurement_t mr_owner; ///< 232: Software defined ID for the guest TD's owner + tee_measurement_t mr_owner_config; ///< 280: Software defined ID for owner-defined configuration of the guest TD, e.g., specific to the workload rather than the runtime or OS + tee_measurement_t rt_mr[4]; ///< 328: Array of 4(TDX1: NUM_RTMRS is 4) runtime extendable measurement registers + tee_report_data_t report_data; ///< 520: Additional report data + tee_tcb_svn_t tee_tcb_svn2; ///< 584: Array of TEE TCB SVNs (for TD preserving). + tee_measurement_t mr_servicetd; ///< 600: If is one or more bound or pre-bound service TDs, SERVTD_HASH is the SHA384 hash of the TDINFO_STRUCTs of those service TDs bound. + /// Else, SERVTD_HASH is 0.. +}sgx_report2_body_v1_5_t; + +/** The generic TD quote data structure. This is the common part of the quote. The signature_data[] contains the signature and supporting + * information of the key used to sign the quote and the contents depend on the sgx_quote_sign_type_t value. */ +typedef struct _sgx_quote5_t { + sgx_quote5_header_t header; ///< 0: The quote header. + uint16_t type; ///< 48: Determines type of Quote body (TEE report) + /// Architecturally supported values: + /// 1 (SGX Enclave Report) + /// 2 (TD Report for TDX 1.0) + /// 3 (TD Report for TDX 1.5) + uint32_t size; ///< 50: Size of Quote Body field. +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable : 4200) +#endif + uint8_t body[]; ///< 54: Data conveyed as Quote Body. Its content depends on the value of Quote Body Type + /// 1 Byte array that contains SGX Enclave Report. + /// sgx_report_body_t + (uint32_t)signature_data_len + signature + /// 2 Byte array that contains TD Report for TDX 1.0. + /// sgx_report2_body_t + (uint32_t)signature_data_len + signature + /// 3 Byte array that contains TD Report for TDX 1.5. + /// sgx_report2_body_v1_5_t + (uint32_t)signature_data_len + signature +#ifdef _MSC_VER +#pragma warning(pop) +#endif +} sgx_quote5_t; + +#pragma pack(pop) + +#endif //_SGX_QUOTE_5_H_ diff --git a/core/build/headers/sgx_qve_def.h b/core/build/headers/sgx_qve_def.h new file mode 100644 index 00000000..8ace803f --- /dev/null +++ b/core/build/headers/sgx_qve_def.h @@ -0,0 +1,147 @@ +/* + * Copyright (C) 2011-2021 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _SGX_QVE_DEF_H_ +#define _SGX_QVE_DEF_H_ + +#include "sgx_ql_quote.h" +#include "sgx_report.h" +#include "sgx_quote.h" + + +#ifndef DEBUG_MODE +#define DEBUG_MODE 0 +#endif //DEBUG_MODE + +#define TEE_SGX_PALTFORM_TOKEN_UUID "3123ec35-8d38-4ea5-87a5-d6c48b567570" +#define TEE_SGX_ENCLAVE_TOKEN_UUID "bef7cb8c-31aa-42c1-854c-10db005d5c41" +#define TEE_SGX_PLATFORM_TOKEN_VER "1.0" +#define TEE_SGX_ENCLAVE_TOKEN_VER "1.0" +#define TEE_SGX_PLATFORM_DESCRIPTION "SGX Platform TCB" +#define TEE_SGX_ENCLAVE_DESCRIPTION "SGX Platform TCB" + +#define TEE_TDX10_PALTFORM_TOKEN_UUID "9eec018b-7481-4b1c-8e1a-9f7c0c8c777f" +#define TEE_TDX15_PALTFORM_TOKEN_UUID "f708b97f-0fb2-4e6b-8b03-8a5bcd1221d3" +#define TEE_TDX_QE_IDENTITY_TOKEN_UUID "3769258c-75e6-4bc7-8d72-d2b0e224cad2" +#define TEE_TDX_TD10_IDENTITY_TOKEN_UUID "a1e4ee9c-a12e-48ac-bed0-e3f89297f687" +#define TEE_TDX_TD15_IDENTITY_TOKEN_UUID "45b734fc-aa4e-4c3d-ad28-e43d08880e68" +#define TEE_TDX_PLATFORM_TOKEN_VER "1.0" +#define TEE_TDX_QE_IDENTITY_TOKEN_VER "1.0" +#define TEE_TDX_TD_IDENTITY_TOKEN_VER "1.0" +#define TEE_TDX_PLATFORM_DESCRIPTION "TDX Platform TCB" +#define TEE_TDX_QE_IDENTITY_DESCRIPTION "RAW TDX QE Report" +#define TEE_TDX_TD_IDENTITY_DESCRIPTION "Application TD TCB" +#define QUOTE_HASH_ALGO "SHA384" +#define SGX_QUOTE_TYPE 0x0 +#define TDX_QUOTE_TYPE 0x81 +#define REQUEST_ID_LEN 16 +#define TIME_STR_LEN 24 +#define SHA384_LEN 48 + +typedef enum _tee_evidence_type_t{ + SGX_EVIDENCE = 0, + TDX_EVIDENCE, + UNKNOWN_QUOTE_TYPE +} tee_evidence_type_t; + +typedef enum _tee_qv_report_type_t{ + UNKNOWN_REPORT_TYPE = 0, + SGX_REPORT, + TDX10_REPORT, + TDX15_REPORT +} tee_qv_report_type_t; + + +#define SUPPLEMENTAL_DATA_VERSION 3 +#define LEGACY_SUPPLEMENTAL_MINOR_VERSION 0 +#define SUPPLEMENTAL_V3_LATEST_MINOR_VERSION 3 +#define QVE_COLLATERAL_VERSION1 0x1 +#define QVE_COLLATERAL_VERSION3 0x3 +#define QVE_COLLATERAL_VERSOIN31 0x00010003 +#define QVE_COLLATERAL_VERSION4 0x4 +#define FMSPC_SIZE 6 +#define CA_SIZE 10 +#define SGX_CPUSVN_SIZE 16 +// +#define QUOTE_MIN_SIZE 1020 +#define QUOTE_CERT_TYPE 5 +#define CRL_MIN_SIZE 300 +#define PROCESSOR_ISSUER "Processor" +#define PLATFORM_ISSUER "Platform" +#define PROCESSOR_ISSUER_ID "processor" +#define PLATFORM_ISSUER_ID "platform" +#define PEM_CRL_PREFIX "-----BEGIN X509 CRL-----" +#define PEM_CRL_PREFIX_SIZE 24 + +#define UNUSED_PARAM(x) (void)(x) +#define CHECK_MANDATORY_PARAMS(param, param_size) (param == NULL || param_size == 0) +#define CHECK_OPT_PARAMS(param, param_size) ((param == NULL && param_size != 0) || (param != NULL && param_size == 0)) + +#define NULL_POINTER(x) x==NULL +#define NULL_BREAK(x) if (x == NULL) {break;} +#define BREAK_ERR(x) {if (x != STATUS_OK) break;} +#define SGX_ERR_BREAK(x) {if (x != SGX_SUCCESS) break;} +#ifndef CLEAR_FREE_MEM +#include +#define CLEAR_FREE_MEM(address, size) { \ + if (address != NULL) { \ + if (size > 0) { \ + (void)memset_s(address, size, 0, size); \ + } \ + free(address); \ + } \ +} +#endif //CLEAR_FREE_MEM + +#define EXPECTED_CERTIFICATE_COUNT_IN_PCK_CHAIN 3 + +// Nameless struct generates C4201 warning in MS compiler, but it is allowed in c++ 11 standard +// Should remove the pragma after Microsoft fixes this issue +#ifdef _MSC_VER +#pragma warning(push) +#pragma warning(disable : 4201) +#endif + +//Quote verfication supplemental data version +//Use for checking and assigning supplemental data version +typedef union _supp_ver_t{ + uint32_t version; + struct { + uint16_t major_version; + uint16_t minor_version; + }; +} supp_ver_t; + +#ifdef _MSC_VER +#pragma warning(pop) +#endif + +#endif //_SGX_QVE_DEF_H_ diff --git a/core/build/headers/sgx_qve_header.h b/core/build/headers/sgx_qve_header.h index 90b197f1..76904153 100644 --- a/core/build/headers/sgx_qve_header.h +++ b/core/build/headers/sgx_qve_header.h @@ -35,38 +35,41 @@ #include "sgx_key.h" #include "time.h" -#ifndef SGX_QL_QV_MK_ERROR -#define SGX_QL_QV_MK_ERROR(x) (0x0000A000|(x)) -#endif //SGX_QL_QV_MK_ERROR +#ifndef TEE_QV_MK_ERROR +#define TEE_QV_MK_ERROR(x) (0x0000A000|(x)) +#endif //TEE_QV_MK_ERROR /** Contains the possible values of the quote verification result. */ typedef enum _sgx_ql_qv_result_t { - SGX_QL_QV_RESULT_OK = 0x0000, ///< The Quote verification passed and is at the latest TCB level - SGX_QL_QV_RESULT_MIN = SGX_QL_QV_MK_ERROR(0x0001), - SGX_QL_QV_RESULT_CONFIG_NEEDED = SGX_QL_QV_MK_ERROR(0x0001), ///< The Quote verification passed and the platform is patched to - ///< the latest TCB level but additional configuration of the SGX - ///< platform may be needed - SGX_QL_QV_RESULT_OUT_OF_DATE = SGX_QL_QV_MK_ERROR(0x0002), ///< The Quote is good but TCB level of the platform is out of date. - ///< The platform needs patching to be at the latest TCB level - SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = SGX_QL_QV_MK_ERROR(0x0003), ///< The Quote is good but the TCB level of the platform is out of - ///< date and additional configuration of the SGX Platform at its - ///< current patching level may be needed. The platform needs - ///< patching to be at the latest TCB level - SGX_QL_QV_RESULT_INVALID_SIGNATURE = SGX_QL_QV_MK_ERROR(0x0004), ///< The signature over the application report is invalid - SGX_QL_QV_RESULT_REVOKED = SGX_QL_QV_MK_ERROR(0x0005), ///< The attestation key or platform has been revoked - SGX_QL_QV_RESULT_UNSPECIFIED = SGX_QL_QV_MK_ERROR(0x0006), ///< The Quote verification failed due to an error in one of the input - SGX_QL_QV_RESULT_SW_HARDENING_NEEDED = SGX_QL_QV_MK_ERROR(0x0007), ///< The TCB level of the platform is up to date, but SGX SW Hardening - ///< is needed - SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = SGX_QL_QV_MK_ERROR(0x0008), ///< The TCB level of the platform is up to date, but additional - ///< configuration of the platform at its current patching level - ///< may be needed. Moreove, SGX SW Hardening is also needed - SGX_QL_QV_RESULT_TD_RELAUNCH_ADVISED = SGX_QL_QV_MK_ERROR(0x0009), ///< For TDX only. All components in the TD’s TCB are latest, including the - ///< TD preserving loaded TDX, but the TD was launched and ran for some time - ///< with out-of-date TDX Module. Relaunching or re-provisioning your TD is advised - - SGX_QL_QV_RESULT_MAX = SGX_QL_QV_MK_ERROR(0x00FF), ///< Indicate max result to allow better translation - -} sgx_ql_qv_result_t; + // Quote verification passed and is at the latest TCB level + SGX_QL_QV_RESULT_OK = 0x0000, TEE_QV_RESULT_OK = 0x0000, + + SGX_QL_QV_RESULT_MIN = TEE_QV_MK_ERROR(0x0001), TEE_QV_RESULT_MIN = TEE_QV_MK_ERROR(0x0001), + + // The Quote verification passed, but further actions are required: + SGX_QL_QV_RESULT_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0001), TEE_QV_RESULT_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0001), // Additional configuration of the platform needed + SGX_QL_QV_RESULT_OUT_OF_DATE = TEE_QV_MK_ERROR(0x0002), TEE_QV_RESULT_OUT_OF_DATE = TEE_QV_MK_ERROR(0x0002), // TCB level out of date, platform patching required + SGX_QL_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0003), TEE_QV_RESULT_OUT_OF_DATE_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x0003), // Both patching and additional configuration needed + + // Errors + SGX_QL_QV_RESULT_INVALID_SIGNATURE = TEE_QV_MK_ERROR(0x0004), TEE_QV_RESULT_INVALID_SIGNATURE = TEE_QV_MK_ERROR(0x0004), + SGX_QL_QV_RESULT_REVOKED = TEE_QV_MK_ERROR(0x0005), TEE_QV_RESULT_REVOKED = TEE_QV_MK_ERROR(0x0005), + SGX_QL_QV_RESULT_UNSPECIFIED = TEE_QV_MK_ERROR(0x0006), TEE_QV_RESULT_UNSPECIFIED = TEE_QV_MK_ERROR(0x0006), + + // Requires Software or Configuration Hardening + SGX_QL_QV_RESULT_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0007), TEE_QV_RESULT_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0007), // TCB level is up to date, but SGX SW Hardening is needed + SGX_QL_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0008), TEE_QV_RESULT_CONFIG_AND_SW_HARDENING_NEEDED = TEE_QV_MK_ERROR(0x0008), //TCB level is up to date, but both SW Hardening and additional configuration are needed + + // TDX specific results + SGX_QL_QV_RESULT_TD_RELAUNCH_ADVISED = TEE_QV_MK_ERROR(0x0009), TEE_QV_RESULT_TD_RELAUNCH_ADVISED = TEE_QV_MK_ERROR(0x0009), // All components in the TD’s TCB are latest, including the TD preserving loaded TDX, but the TD was launched + // and ran for some time with out-of-date TDX Module. Relaunching or re-provisioning your TD is advised + SGX_QL_QV_RESULT_TD_RELAUNCH_ADVISED_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x000A), TEE_QV_RESULT_TD_RELAUNCH_ADVISED_CONFIG_NEEDED = TEE_QV_MK_ERROR(0x000A), // Same as above, relaunching or re-provisioning your TD is advised. In the meantime, + // additional configuration of the platform is needed + + // Maximum result value + SGX_QL_QV_RESULT_MAX = TEE_QV_MK_ERROR(0x00FF), TEE_QV_RESULT_MAX = TEE_QV_MK_ERROR(0x00FF), + +} sgx_ql_qv_result_t, tee_qv_result_t; typedef enum _pck_cert_flag_enum_t { PCK_FLAG_FALSE = 0, diff --git a/core/build/headers/sgx_tcrypto.h b/core/build/headers/sgx_tcrypto.h index 982daba7..b16df7f5 100644 --- a/core/build/headers/sgx_tcrypto.h +++ b/core/build/headers/sgx_tcrypto.h @@ -51,6 +51,7 @@ #define SGX_NISTP_ECP256_KEY_SIZE (SGX_ECP256_KEY_SIZE/sizeof(uint32_t)) #define SGX_AESGCM_IV_SIZE 12 #define SGX_AESGCM_KEY_SIZE 16 +#define SGX_AESGCM_KEY256_SIZE 32 #define SGX_AESGCM_MAC_SIZE 16 #define SGX_HMAC256_KEY_SIZE 32 #define SGX_HMAC256_MAC_SIZE 32 @@ -109,6 +110,7 @@ typedef uint8_t sgx_sha256_hash_t[SGX_SHA256_HASH_SIZE]; typedef uint8_t sgx_sha384_hash_t[SGX_SHA384_HASH_SIZE]; typedef uint8_t sgx_aes_gcm_128bit_key_t[SGX_AESGCM_KEY_SIZE]; +typedef uint8_t sgx_aes_gcm_256bit_key_t[SGX_AESGCM_KEY256_SIZE]; typedef uint8_t sgx_aes_gcm_128bit_tag_t[SGX_AESGCM_MAC_SIZE]; typedef uint8_t sgx_hmac_256bit_key_t[SGX_HMAC256_KEY_SIZE]; typedef uint8_t sgx_hmac_256bit_tag_t[SGX_HMAC256_MAC_SIZE]; @@ -184,6 +186,52 @@ typedef struct _rsa_params_t { unsigned int iqmp[IQMP_SIZE_IN_UINT]; }rsa_params_t; +typedef enum _sgx_fips_func_t { + // FIPS approved SGX crypto wrapper, > 0 + SGX_SHA384_MSG = 0x1, + SGX_SHA256_MSG, + SGX_SHA384_UPDATE, + SGX_SHA384_GET_HASH, + SGX_SHA256_UPDATE, + SGX_SHA256_GET_HASH, + SGX_RIJNDAEL128_CMAC_MSG, + SGX_CMAC128_UPDATE, + SGX_CMAC128_FINAL, + SGX_HMAC_SHA256_MSG, + SGX_HMAC256_UPDATE, + SGX_HMAC256_FINAL, + SGX_AES_CTR_ENCRYPT, + SGX_AES_CTR_DECRYPT, + SGX_ECC256_CHECK_POINT, + SGX_ECDSA_VERIFY, + SGX_ECDSA_VERIFY_HASH, + SGX_RSA3072_SIGN, + SGX_RSA3072_SIGN_EX, + SGX_RSA3072_VERIFY, + SGX_RSA_PRIV_DECRYPT_SHA256, + SGX_RSA_PUB_ENCRYPT_SHA256, + SGX_CREATE_RSA_PRIV2_KEY, + SGX_CREATE_RSA_PRIV1_KEY, + SGX_CREATE_RSA_PUB1_KEY, + SGX_ECC256_COMPUTE_SHARED_DHKEY, + SGX_CREATE_RSA_KEY_PAIR, + + // FIPS mode not supported functions, < 0 + SGX_RIJNDAEL128GCM_ENCRYPT = -0xFF, + SGX_RIJNDAEL128GCM_DECRYPT, + SGX_SHA1_MSG, + SGX_SHA1_UPDATE, + SGX_SHA1_GET_HASH, + SGX_ECC256_CREATE_KEY_PAIR, // FIPS mode is not enabled because GFpECPrivateKey is not implemented as FIPS approved + SGX_ECDSA_SIGN // FIPS mode is not enabled because GFpECPrivateKey is not implemented as FIPS approved +}sgx_fips_func_t; + +typedef unsigned int func_fips_approved_t; + +#define _TCRYPTO_DEPRECATED(message) __attribute__(( deprecated( message ))) +#define SHA1_DEPRECATED_MSG "The SHA-1 hash algorithm is considered weak due to known vulnerabilities and has been deprecated \ +in sgx_tcrypto. Please switch to some other hash algorithm." + #ifdef __cplusplus extern "C" { #endif @@ -221,6 +269,7 @@ extern "C" { */ sgx_status_t SGXAPI sgx_sha384_msg(const uint8_t *p_src, uint32_t src_len, sgx_sha384_hash_t *p_hash); sgx_status_t SGXAPI sgx_sha256_msg(const uint8_t *p_src, uint32_t src_len, sgx_sha256_hash_t *p_hash); + _TCRYPTO_DEPRECATED(SHA1_DEPRECATED_MSG) sgx_status_t SGXAPI sgx_sha1_msg(const uint8_t *p_src, uint32_t src_len, sgx_sha1_hash_t *p_hash); /** Allocates and initializes sha state @@ -231,6 +280,7 @@ extern "C" { */ sgx_status_t SGXAPI sgx_sha384_init(sgx_sha_state_handle_t* p_sha_handle); sgx_status_t SGXAPI sgx_sha256_init(sgx_sha_state_handle_t* p_sha_handle); + _TCRYPTO_DEPRECATED(SHA1_DEPRECATED_MSG) sgx_status_t SGXAPI sgx_sha1_init(sgx_sha_state_handle_t* p_sha_handle); /** Updates sha calculation based on the input message @@ -243,6 +293,7 @@ extern "C" { */ sgx_status_t SGXAPI sgx_sha384_update(const uint8_t *p_src, uint32_t src_len, sgx_sha_state_handle_t sha_handle); sgx_status_t SGXAPI sgx_sha256_update(const uint8_t *p_src, uint32_t src_len, sgx_sha_state_handle_t sha_handle); + _TCRYPTO_DEPRECATED(SHA1_DEPRECATED_MSG) sgx_status_t SGXAPI sgx_sha1_update(const uint8_t *p_src, size_t src_len, sgx_sha_state_handle_t sha_handle); /** Returns Hash calculation @@ -254,6 +305,7 @@ extern "C" { */ sgx_status_t SGXAPI sgx_sha384_get_hash(sgx_sha_state_handle_t sha_handle, sgx_sha384_hash_t *p_hash); sgx_status_t SGXAPI sgx_sha256_get_hash(sgx_sha_state_handle_t sha_handle, sgx_sha256_hash_t *p_hash); + _TCRYPTO_DEPRECATED(SHA1_DEPRECATED_MSG) sgx_status_t SGXAPI sgx_sha1_get_hash(sgx_sha_state_handle_t sha_handle, sgx_sha1_hash_t *p_hash); /** Cleans up SHA state @@ -264,6 +316,7 @@ extern "C" { */ sgx_status_t SGXAPI sgx_sha384_close(sgx_sha_state_handle_t sha_handle); sgx_status_t SGXAPI sgx_sha256_close(sgx_sha_state_handle_t sha_handle); + _TCRYPTO_DEPRECATED(SHA1_DEPRECATED_MSG) sgx_status_t SGXAPI sgx_sha1_close(sgx_sha_state_handle_t sha_handle); /**Rijndael AES-GCM - Only 128-bit key AES-GCM Encryption/Decryption is supported @@ -330,6 +383,77 @@ extern "C" { uint32_t aad_len, const sgx_aes_gcm_128bit_tag_t *p_in_mac); + /** FIPS compatible version AES-GCM Encryption function, which will generate a random initialization vector + * + * sgx_aes_gcm_encrypt: + * Return: If key, source, destination, MAC, or IV pointer is NULL, SGX_ERROR_INVALID_PARAMETER is returned. + * If AAD size is > 0 and the AAD pointer is NULL, SGX_ERROR_INVALID_PARAMETER is returned. + * If the Source Length is < 1, SGX_ERROR_INVALID_PARAMETER is returned. + * IV Length must = 12 (bytes) or SGX_ERROR_INVALID_PARAMETER is returned. + * If out of enclave memory, then SGX_ERROR_OUT_OF_MEMORY is returned. + * If the encryption process fails then SGX_ERROR_UNEXPECTED is returned. + * Parameters: + * Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h + * Inputs: uint8_t *p_key - Pointer to the key used in encryption operation + * Size must be 16 bytes (128-bits) or 32 bytes (256-bits) + * uint32_t key_len – Key size, must be 16 (bytes) or 32 (bytes) + * uint8_t *p_src - Pointer to the input stream to be encrypted + * uint32_t src_len - Length of the input stream to be encrypted + * uint32_t iv_len - Length of the initialization vector - MUST BE 12 (bytes) + * NIST AES-GCM recommended IV size = 96 bits + * uint8_t *p_aad - Pointer to the input stream of additional authentication data + * uint32_t aad_len - Length of the additional authentication data stream + * Output: uint8_t *p_dst - Pointer to the cipher text. Size of buffer should be >= src_len + * sgx_aes_gcm_128bit_tag_t *p_out_mac - Pointer to the MAC generated from encryption process + * uint8_t *p_iv - Pointer to the generated initialization vector. Size of buffer should be >= iv_len + */ + sgx_status_t sgx_aes_gcm_encrypt(const uint8_t *p_key, + uint32_t key_len, + const uint8_t *p_src, + uint32_t src_len, + uint8_t *p_dst, + uint8_t *p_iv, + uint32_t iv_len, + const uint8_t *p_aad, + uint32_t aad_len, + sgx_aes_gcm_128bit_tag_t *p_out_mac); + + /** AES-GCM Decryption + * + * sgx_aes_gcm_decrypt: + * Return: If key, source, destination, MAC, or IV pointer is NULL, SGX_ERROR_INVALID_PARAMETER is returned. + * If AAD size is > 0 and the AAD pointer is NULL, SGX_ERROR_INVALID_PARAMETER is returned. + * If the Source Length is < 1, SGX_ERROR_INVALID_PARAMETER is returned. + * IV Length must = 12 (bytes) or SGX_ERROR_INVALID_PARAMETER is returned. + * If out of enclave memory, then SGX_ERROR_OUT_OF_MEMORY is returned. + * If the decryption process fails then SGX_ERROR_UNEXPECTED is returned. + * Parameters: + * Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h + * Inputs: uint8_t *p_key - Pointer to the key used in decryption operation + * Size must be 16 bytes (128-bits) or 32 bytes (256-bits) + * uint32_t key_len – Key size, must be 16 (bytes) or 32 (bytes) + * uint8_t *p_src - Pointer to the input stream to be decrypted + * uint32_t src_len - Length of the input stream to be decrypted + * uint8_t *p_iv - Pointer to the initialization vector + * uint32_t iv_len - Length of the initialization vector - MUST BE 12 (bytes) + * NIST AES-GCM recommended IV size = 96 bits + * uint8_t *p_aad - Pointer to the input stream of additional authentication data + * uint32_t aad_len - Length of the additional authentication data stream + * sgx_aes_gcm_128bit_tag_t *p_in_mac - Pointer to the expected MAC in decryption process + * Output: uint8_t *p_dst - Pointer to the clear text for decryption. Size of buffer should be >= src_len + * NOTE: Wrapper is responsible for confirming decryption tag matches encryption tag + */ + sgx_status_t sgx_aes_gcm_decrypt(const uint8_t *p_key, + uint32_t key_len, + const uint8_t *p_src, + uint32_t src_len, + uint8_t *p_dst, + const uint8_t *p_iv, + uint32_t iv_len, + const uint8_t *p_aad, + uint32_t aad_len, + const sgx_aes_gcm_128bit_tag_t *p_in_mac); + /** Message Authentication Rijndael 128 CMAC - Only 128-bit key size is supported. * NOTE: Use sgx_rijndael128_cmac_msg if the src ptr contains the complete msg to perform hash (Option 1) * Else use the Init, Update, Update, ..., Final, Close procedure (Option 2) @@ -1002,6 +1126,16 @@ extern "C" { uint8_t *p_dst, sgx_aes_state_handle_t aes_gcm_state); + /** Check if a function is FIPS-approved or not + * + * Paramters: + * Return: sgx_status_t - SGX_SUCCESS or failure as defined in sgx_error.h + * Inputs: func - function name that is member of sgx_fips_func_t enumerator. + * Output: is_approved - equal to 1 if FIPS-approved function is used. + * + */ + sgx_status_t sgx_is_fips_approved_func(sgx_fips_func_t func, func_fips_approved_t *is_approved); + #ifdef __cplusplus } #endif diff --git a/core/build/headers/tlibc/time.h b/core/build/headers/tlibc/time.h index 3880d3e9..baa4b67a 100644 --- a/core/build/headers/tlibc/time.h +++ b/core/build/headers/tlibc/time.h @@ -94,6 +94,13 @@ double _TLIBC_CDECL_ difftime(time_t, time_t); char * _TLIBC_CDECL_ asctime(const struct tm *); size_t _TLIBC_CDECL_ strftime(char *, size_t, const char *, const struct tm *); +/* + * NOTE: The functions listed below only supports limited scenarios. + * Full functionality support requires locale, which is not avaiable inside enclave + */ +char *_TLIBC_CDECL_ strptime(const char *buf, const char *fmt, struct tm *tm); +time_t _TLIBC_CDECL_ mktime(struct tm *tmp); + /* * Non-C99 */ diff --git a/core/types/src/attributes.rs b/core/types/src/attributes.rs index 57112fd2..794928c0 100644 --- a/core/types/src/attributes.rs +++ b/core/types/src/attributes.rs @@ -50,7 +50,7 @@ impl Display for Attributes { if flags.is_empty() { write!(f, "Flags: (none)")? } else { - write!(f, "Flags: {}", flags)? + write!(f, "Flags: {flags}")? } } @@ -64,7 +64,7 @@ impl Display for Attributes { if xfrm.is_empty() { write!(f, " Xfrm: (none)")? } else { - write!(f, " Xfrm: {}", xfrm)? + write!(f, " Xfrm: {xfrm}")? } } None => { @@ -105,14 +105,14 @@ where let mut iter = bitflags.iter_names(); for (name, _) in &mut iter { let separator = separators.next().expect("Separator should exist"); - write!(f, "{}", separator)?; - write!(f, "{}", name)?; + write!(f, "{separator}")?; + write!(f, "{name}")?; } let remaining = iter.remaining().bits(); if remaining != bitflags::Bits::EMPTY { let separator = separators.next().expect("Separator should exist"); - write!(f, "{}", separator)?; + write!(f, "{separator}")?; mc_sgx_util::fmt_hex(&remaining.into().to_be_bytes(), f)?; } @@ -263,7 +263,7 @@ mod test { .set_flags(flags) .set_extended_features_mask(xfrm); - let display_string = format!("{}", attributes); + let display_string = format!("{attributes}"); let expected = format!("Flags: {flag1} | {flag2} | {flag3} Xfrm: {xfrm1} | {xfrm2}",); assert_eq!(display_string, expected); @@ -281,7 +281,7 @@ mod test { let attributes = Attributes::default().set_flags(flags); - let display_string = format!("{}", attributes); + let display_string = format!("{attributes}"); let expected = format!( "Flags: {flag1} | {flag2} | {flag3} | {flag4} | {flag5} | {flag6} Xfrm: (none)", ); diff --git a/core/types/src/error.rs b/core/types/src/error.rs index b7c36719..fe795f10 100644 --- a/core/types/src/error.rs +++ b/core/types/src/error.rs @@ -40,7 +40,7 @@ impl From>> for FfiError { /// 3. `0x2000-0x2fff`: Enclave creation errors. /// 4. `0x3000-0x3fff`: Local attestation/report verification errors. /// 5. `0x4000-0x4fff`: Errors when communicating with the Architectural -/// Enclave Service Manager (AESM). +/// Enclave Service Manager (AESM). /// 6. `0x5000-0x5fff`: Errors internal to AESM. /// 7. `0x6000-0x6fff`: Errors with the encrypted enclave loader. /// 8. `0x7000-0x7fff`: Errors with the "SGX Encrypted FS" utility. @@ -150,6 +150,8 @@ pub enum Error { InvalidIsvSvn, /// Unsupported key name value. InvalidKeyname, + /// The functionality is not supported + UnsupportedFunction, // 0x4000 - 0x4fff: AESM /** Architectural Enclave service does not respond or the requested @@ -307,6 +309,7 @@ impl TryFrom for Error { sgx_status_t::SGX_ERROR_INVALID_CPUSVN => Ok(Error::InvalidCpuSvn), sgx_status_t::SGX_ERROR_INVALID_ISVSVN => Ok(Error::InvalidIsvSvn), sgx_status_t::SGX_ERROR_INVALID_KEYNAME => Ok(Error::InvalidKeyname), + sgx_status_t::SGX_ERROR_UNSUPPORTED_FUNCTION => Ok(Error::UnsupportedFunction), // 0x4000 - 0x4fff: AESM sgx_status_t::SGX_ERROR_SERVICE_UNAVAILABLE => Ok(Error::ServiceUnavailable), @@ -391,6 +394,7 @@ mod test { invalid_function = { sgx_status_t::SGX_ERROR_INVALID_FUNCTION, Error::InvalidFunction }, stack_overrun = { sgx_status_t::SGX_ERROR_STACK_OVERRUN, Error::StackOverrun }, undefined_symbol = { sgx_status_t::SGX_ERROR_UNDEFINED_SYMBOL, Error::UndefinedSymbol }, + unsupported_function = { sgx_status_t::SGX_ERROR_UNSUPPORTED_FUNCTION, Error::UnsupportedFunction }, invalid_launch_token = { sgx_status_t::SGX_ERROR_INVALID_LAUNCH_TOKEN, Error::InvalidLaunchToken }, mac_mismatch = { sgx_status_t::SGX_ERROR_MAC_MISMATCH, Error::MacMismatch }, invalid_keyname = { sgx_status_t::SGX_ERROR_INVALID_KEYNAME, Error::InvalidKeyname }, diff --git a/core/types/src/macros.rs b/core/types/src/macros.rs index bda382e1..0d2b2c53 100644 --- a/core/types/src/macros.rs +++ b/core/types/src/macros.rs @@ -288,14 +288,14 @@ mod test { #[test] fn from_array() { let raw_array = [5u8; Outer::SIZE]; - let outer: Outer = raw_array.try_into().unwrap(); + let outer: Outer = raw_array.into(); assert_eq!(outer.0.field, raw_array); } #[test] fn as_ref() { let raw_array = [9u8; Outer::SIZE]; - let outer: Outer = raw_array.try_into().unwrap(); + let outer: Outer = raw_array.into(); assert_eq!(outer.as_ref(), raw_array); } diff --git a/core/types/src/quote.rs b/core/types/src/quote.rs index 2bbd6991..9985d7e5 100644 --- a/core/types/src/quote.rs +++ b/core/types/src/quote.rs @@ -241,8 +241,10 @@ mod test { } fn base_quote_1() -> sgx_quote_t { - let mut report_body = sgx_report_body_t::default(); - report_body.misc_select = 18; + let report_body = sgx_report_body_t { + misc_select: 18, + ..Default::default() + }; sgx_quote_t { version: 11, @@ -259,8 +261,10 @@ mod test { } fn base_quote_2() -> sgx_quote_t { - let mut report_body = sgx_report_body_t::default(); - report_body.misc_select = 28; + let report_body = sgx_report_body_t { + misc_select: 28, + ..Default::default() + }; sgx_quote_t { version: 21, @@ -319,8 +323,10 @@ mod test { ); assert_eq!(quote._basename(), Basename::from([17u8; BASENAME_SIZE])); - let mut report_body = sgx_report_body_t::default(); - report_body.misc_select = 18; + let report_body = sgx_report_body_t { + misc_select: 18, + ..Default::default() + }; assert_eq!(quote._report_body().unwrap(), report_body.into()); } @@ -341,17 +347,19 @@ mod test { ); assert_eq!(quote._basename(), Basename::from([27u8; BASENAME_SIZE])); - let mut report_body = sgx_report_body_t::default(); - report_body.misc_select = 28; + let report_body = sgx_report_body_t { + misc_select: 28, + ..Default::default() + }; assert_eq!(quote._report_body().unwrap(), report_body.into()); } #[test] fn default_update_info() { let info = UpdateInfoBit::default(); - assert_eq!(info.ucode_needs_update(), false); - assert_eq!(info.csme_firmware_needs_update(), false); - assert_eq!(info.platform_software_needs_update(), false); + assert!(!info.ucode_needs_update()); + assert!(!info.csme_firmware_needs_update()); + assert!(!info.platform_software_needs_update()); } #[test] @@ -363,9 +371,9 @@ mod test { }; let info = UpdateInfoBit::from(sgx_info); - assert_eq!(info.ucode_needs_update(), true); - assert_eq!(info.csme_firmware_needs_update(), true); - assert_eq!(info.platform_software_needs_update(), true); + assert!(info.ucode_needs_update()); + assert!(info.csme_firmware_needs_update()); + assert!(info.platform_software_needs_update()); } #[test] @@ -386,8 +394,10 @@ mod test { assert_eq!(info.nonce(), QuoteNonce::from([1u8; 16])); - let mut target_info = sgx_target_info_t::default(); - target_info.config_svn = 2; + let target_info = sgx_target_info_t { + config_svn: 2, + ..Default::default() + }; assert_eq!( info.app_enclave_target_info(), TargetInfo::from(target_info) diff --git a/core/types/src/report.rs b/core/types/src/report.rs index 5fd8d091..4bb775d2 100644 --- a/core/types/src/report.rs +++ b/core/types/src/report.rs @@ -90,7 +90,7 @@ impl_newtype_no_display! { impl Display for ExtendedProductId { fn fmt(&self, f: &mut Formatter<'_>) -> core::fmt::Result { let inner = u128::from_be_bytes(self.0); - write!(f, "{}", inner) + write!(f, "{inner}") } } diff --git a/dcap/types/src/error.rs b/dcap/types/src/error.rs index 925edd00..2652a075 100644 --- a/dcap/types/src/error.rs +++ b/dcap/types/src/error.rs @@ -291,6 +291,15 @@ pub enum QlError { /// Invalid signature during quote verification InvalidSignature = quote3_error_t::SGX_QL_RESULT_INVALID_SIGNATURE.0, + /// QaE identity is not a match + QaeIdentityMismatch = quote3_error_t::SGX_QL_QAEIDENTITY_MISMATCH.0, + /// QaE ISVSVN is smaller than the minimum required ISVSVN + QaeOutOfDate = quote3_error_t::SGX_QL_QAE_OUT_OF_DATE.0, + /// QaE quote hash is not a match + QaeQuoteHashMismatch = quote3_error_t::SGX_QL_QUOTE_HASH_MISMATCH.0, + /// Report data is not a match + ReportDataMismatch = quote3_error_t::SGX_QL_REPORT_DATA_MISMATCH.0, + /// Indicate max error to allow better translation Max = quote3_error_t::SGX_QL_ERROR_MAX.0, } @@ -429,6 +438,12 @@ impl TryFrom for QlError { quote3_error_t::SGX_QL_TCB_NOT_SUPPORTED => Ok(QlError::TcbNotSupported), quote3_error_t::SGX_QL_CONFIG_INVALID_JSON => Ok(QlError::ConfigInvalidJson), quote3_error_t::SGX_QL_RESULT_INVALID_SIGNATURE => Ok(QlError::InvalidSignature), + + quote3_error_t::SGX_QL_QAEIDENTITY_MISMATCH => Ok(QlError::QaeIdentityMismatch), + quote3_error_t::SGX_QL_QAE_OUT_OF_DATE => Ok(QlError::QaeOutOfDate), + quote3_error_t::SGX_QL_QUOTE_HASH_MISMATCH => Ok(QlError::QaeQuoteHashMismatch), + quote3_error_t::SGX_QL_REPORT_DATA_MISMATCH => Ok(QlError::ReportDataMismatch), + quote3_error_t::SGX_QL_ERROR_MAX => Ok(QlError::Max), // Map all unknowns to the unexpected error _ => Ok(QlError::Unexpected), diff --git a/dcap/types/src/quote3.rs b/dcap/types/src/quote3.rs index 078ab07a..b01b42d2 100644 --- a/dcap/types/src/quote3.rs +++ b/dcap/types/src/quote3.rs @@ -172,12 +172,12 @@ impl> Quote3 { /// provided `report_data` /// /// > Note: This report data is *not* the QE report data in the quote, it is - /// part of the report info returned from SGX SDK quote generation. + /// > part of the report info returned from SGX SDK quote generation. /// /// # Arguments /// * `nonce` - The nonce believed to be in the `report_data` /// * `report_data` - The report data to verify matches the `nonce` and this - /// quote instance. + /// quote instance. /// /// Returns `true` if the `report_data` matches the `nonce` and this quote /// instance. Returns `false` if they differ. @@ -522,6 +522,7 @@ fn take(count: usize) -> impl Fn(&[u8]) -> (&[u8], &[u8]) { #[cfg(test)] mod test { use super::*; + use core::ops::Deref; use core::slice; use mc_sgx_core_sys_types::sgx_report_body_t; use mc_sgx_core_types::CpuSvn; @@ -626,6 +627,7 @@ mod test { // Get the signing key from the PCK leaf certificate in the // [`CertifciationData`] of the `quote`. + #[cfg(feature = "alloc")] fn pck_leaf_signing_key>(quote: &Quote3) -> VerifyingKey { let signature_data = quote.signature_data(); let cert_chain = match signature_data.certification_data() { @@ -672,7 +674,7 @@ mod test { .copy_from_slice(&app_report_body_bytes); bytes[SIGNATURE_DATA_OFFSET..SIGNATURE_DATA_OFFSET + MIN_SIGNATURE_DATA_SIZE] .copy_from_slice(&signature_bytes); - let quote = Quote3::try_from(bytes.as_ref()).unwrap(); + let quote = Quote3::try_from(bytes.deref()).unwrap(); assert_eq!(quote.raw_bytes, bytes); assert_eq!( quote.app_report_body(), @@ -684,6 +686,7 @@ mod test { ); } + #[cfg(feature = "alloc")] #[test] fn quote_from_real_quote_file() { let hw_quote = include_bytes!("../data/tests/hw_quote.dat"); @@ -714,7 +717,7 @@ mod test { bytes[..mem::size_of::()].copy_from_slice(&version_bytes); assert_eq!( - Quote3::try_from(bytes.as_ref()), + Quote3::try_from(bytes.deref()), Err(Quote3Error::Version(version)) ); } @@ -742,7 +745,7 @@ mod test { bytes[cert_data_size_offset] = 1; assert_eq!( - Quote3::try_from(&bytes[..]), + Quote3::try_from(bytes.deref()), Err(Quote3Error::InputLength { actual: MIN_QUOTE_SIZE, required: MIN_QUOTE_SIZE + 1, @@ -774,7 +777,7 @@ mod test { let quote = bytes.as_ref().try_into().unwrap(); let nonce = [1u8; QuoteNonce::SIZE].into(); let report_data = report_data_from_quote_and_nonce("e, &nonce); - assert_eq!(quote.verify_nonce(&nonce, &report_data), true); + assert!(quote.verify_nonce(&nonce, &report_data)); } #[test] @@ -784,7 +787,7 @@ mod test { let quote = bytes.as_ref().try_into().unwrap(); let nonce = [5u8; QuoteNonce::SIZE].into(); let report_data = report_data_from_quote_and_nonce("e, &nonce); - assert_eq!(quote.verify_nonce(&nonce, &report_data), true); + assert!(quote.verify_nonce(&nonce, &report_data)); } #[test] @@ -798,7 +801,7 @@ mod test { let contents: &mut [u8] = nonce.as_mut(); contents[0] += 1; - assert_eq!(quote.verify_nonce(&nonce, &report_data), false); + assert!(!quote.verify_nonce(&nonce, &report_data)); } #[test] @@ -813,7 +816,7 @@ mod test { let hash_size = 32; contents[hash_size] += 1; - assert_eq!(quote.verify_nonce(&nonce, &report_data), false); + assert!(!quote.verify_nonce(&nonce, &report_data)); } #[test] @@ -876,8 +879,10 @@ mod test { #[test] fn signature_data_1() { - let mut report_body = sgx_report_body_t::default(); - report_body.cpu_svn = CpuSvn::try_from([2u8; CpuSvn::SIZE]).unwrap().into(); + let report_body = sgx_report_body_t { + cpu_svn: CpuSvn::from([2u8; CpuSvn::SIZE]).into(), + ..Default::default() + }; let ecdsa_sig = sgx_ql_ecdsa_sig_data_t { sig: [1u8; SIGNATURE_SIZE], attest_pub_key: VALID_P256_KEY, @@ -915,8 +920,10 @@ mod test { #[test] fn signature_data_2() { - let mut report_body = sgx_report_body_t::default(); - report_body.cpu_svn = CpuSvn::try_from([3u8; CpuSvn::SIZE]).unwrap().into(); + let report_body = sgx_report_body_t { + cpu_svn: CpuSvn::from([3u8; CpuSvn::SIZE]).into(), + ..Default::default() + }; let ecdsa_sig = sgx_ql_ecdsa_sig_data_t { sig: [2u8; SIGNATURE_SIZE], attest_pub_key: VALID_P256_KEY, @@ -978,7 +985,7 @@ mod test { // Test focuses on the auth parsing, so only spot checking one field // of SignatureData - let signature_data = SignatureData::try_from(bytes.as_ref()).unwrap(); + let signature_data = SignatureData::try_from(bytes.deref()).unwrap(); assert_eq!( signature_data.qe_report_signature, Signature::try_from([2u8; 64].as_slice()).unwrap() @@ -998,7 +1005,7 @@ mod test { bytes[auth_offset] = auth_data_size as u8; assert_eq!( - SignatureData::try_from(bytes.as_ref()), + SignatureData::try_from(bytes.deref()), Err(Quote3Error::InputLength { actual: MIN_SIGNATURE_DATA_SIZE, required: MIN_SIGNATURE_DATA_SIZE + auth_data_size, @@ -1022,7 +1029,7 @@ mod test { // Test focuses on the cert parsing, so only spot checking one field // of SignatureData - let signature_data = SignatureData::try_from(bytes.as_ref()).unwrap(); + let signature_data = SignatureData::try_from(bytes.deref()).unwrap(); assert_eq!( signature_data.qe_report_signature, Signature::try_from([7u8; 64].as_slice()).unwrap() @@ -1045,7 +1052,7 @@ mod test { bytes[start] = 1; assert_eq!( - SignatureData::try_from(bytes.as_ref()), + SignatureData::try_from(bytes.deref()), Err(Quote3Error::InputLength { actual: MIN_SIGNATURE_DATA_SIZE + 1, required: MIN_SIGNATURE_DATA_SIZE + 2, @@ -1079,7 +1086,7 @@ mod test { // Test focuses on the cert parsing, so only spot checking one field // of SignatureData - let signature_data = SignatureData::try_from(bytes.as_ref()).unwrap(); + let signature_data = SignatureData::try_from(bytes.deref()).unwrap(); assert_eq!( signature_data.qe_report_signature, Signature::try_from([7u8; 64].as_slice()).unwrap() @@ -1088,6 +1095,7 @@ mod test { assert_eq!(signature_data.certification_data().raw_data(), [23u8; 4]); } + #[cfg(feature = "alloc")] #[test] fn verify_quote_signature() { let hw_quote = include_bytes!("../data/tests/hw_quote.dat"); diff --git a/dcap/types/src/tcb.rs b/dcap/types/src/tcb.rs index e27c9b8e..ae7295e8 100644 --- a/dcap/types/src/tcb.rs +++ b/dcap/types/src/tcb.rs @@ -275,7 +275,7 @@ mod test { #[test] fn valid_pck_tcb_info() { - let certificate = Certificate::from_der(&LEAF_CERT).expect("failed to parse DER"); + let certificate = Certificate::from_der(LEAF_CERT).expect("failed to parse DER"); let tcb_info = TcbInfo::try_from(&certificate).expect("failed to parse TCB info"); // These were taken by looking at `leaf_cert.der` on an ASN1 decoder, like @@ -521,7 +521,7 @@ mod test { let pem_byte_offset = cert_contents_offset + "-----BEGIN CERTIFICATE-----\n".len(); // `%` is an invalid base64 character sure to make the parsing fail. - hw_quote[pem_byte_offset] = '%' as u8; + hw_quote[pem_byte_offset] = b'%'; let quote = Quote3::try_from(hw_quote.as_ref()).expect("Failed to parse quote"); diff --git a/headers.log b/headers.log deleted file mode 100644 index 5a8cd130..00000000 --- a/headers.log +++ /dev/null @@ -1,51 +0,0 @@ -- [x] sgx_attributes.h -- [x] sgx_capable.h -- [x] sgx_cpuid.h -- [x] sgx_dcap_ql_wrapper.h -- [x] sgx_dcap_quoteverify.h (some new token?) -- [x] sgx_dcap_tvl.h -- [x] sgx_defs.h -- [x] sgx_dh.h -- [x] sgx_ecp_types.h -- [x] sgx_edger8r.h -- [x] sgx_eid.h -- [x] sgx_enclave_common.h -- [x] sgx_error.h -- [x] sgx.h -- [x] sgx_intrin.h -- [x] sgx_key_exchange.h -- [x] sgx_key.h -- [x] sgx_lfence.h -- [x] sgx_pce.h -- [x] sgx_pcl_guid.h -- [x] sgx_ql_lib_common.h -- [x] sgx_ql_quote.h -- [x] sgx_quote_3.h -- [x] sgx_quote_4.h -- [x] sgx_quote.h -- [x] sgx_qve_header.h -- [x] sgx_report2.h -- [x] sgx_report.h -- [x] sgx_rsrv_mem_mngr.h -- [x] sgx_secure_align_api.h -- [x] sgx_secure_align.h -- [x] sgx_spinlock.h -- [x] sgx_tcrypto.h -- [x] sgx_thread.h -- [x] sgx_tkey_exchange.h -- [x] sgx_tprotected_fs.h -- [x] sgx_trts_aex.h -- [x] sgx_trts_exception.h -- [x] sgx_trts.h -- [x] sgx_tseal.h -- [x] sgx_ttls.h -- [x] sgx_uae_epid.h -- [x] sgx_uae_launch.h -- [x] sgx_uae_quote_ex.h -- [x] sgx_uae_service.h -- [x] sgx_ukey_exchange.h -- [x] sgx_urts.h -- [x] sgx_uswitchless.h -- [x] sgx_utils.h -- [x] sgx_utls.h -- [x] tlibc diff --git a/sdk-tools/src/edger8r.rs b/sdk-tools/src/edger8r.rs index b0f25761..d44c5da8 100644 --- a/sdk-tools/src/edger8r.rs +++ b/sdk-tools/src/edger8r.rs @@ -116,7 +116,7 @@ impl Edger8r { /// /// # Argumenst /// * `search_path` - A search path to look in for other edl files. - /// The `--search-path` argument for `sgx_edger8r`. + /// The `--search-path` argument for `sgx_edger8r`. pub fn search_path(&mut self, search_path: impl AsRef) -> &mut Self { self.search_paths.push(search_path.as_ref().to_owned()); self @@ -199,7 +199,7 @@ impl Edger8r { /// # Arguments /// * `out_dir` - The directory the generated files are created in /// * `suffix` - The suffix to use on the generated files. Should be one of - /// "_u" or "_t" + /// "_u" or "_t" fn generated_files(&self, out_dir: impl AsRef, suffix: impl AsRef) -> Vec { let mut output_stem = self .edl_file diff --git a/tstdc/src/condvar.rs b/tstdc/src/condvar.rs index eff4e202..c202beb6 100644 --- a/tstdc/src/condvar.rs +++ b/tstdc/src/condvar.rs @@ -54,7 +54,7 @@ impl Condvar { /// /// # Arguments: /// * `mutex` - The [`Mutex`] used to guard the condition variable. This - /// should be locked by the current thread. + /// should be locked by the current thread. /// /// # Errors /// - [`Error::MutexLock`] if another thread has the [`Mutex`] lock. diff --git a/tstdc/src/mutex.rs b/tstdc/src/mutex.rs index 8ffb9061..4c529764 100644 --- a/tstdc/src/mutex.rs +++ b/tstdc/src/mutex.rs @@ -74,7 +74,7 @@ impl Mutex { /// /// # Errors /// - [`Error::Invalid`] if self is invalid or trying to lock self when - /// already holding a lock on self. + /// already holding a lock on self. pub fn try_lock(&self) -> Result { let result = unsafe { sgx_thread_mutex_trylock(self.0.get()) }; match result { diff --git a/util/src/format.rs b/util/src/format.rs index 612af0b7..7717b867 100644 --- a/util/src/format.rs +++ b/util/src/format.rs @@ -12,7 +12,7 @@ pub fn fmt_hex(src: &[u8], f: &mut Formatter) -> core::fmt::Result { for (separator, chunk) in segments { write!(f, "{separator}")?; for byte in chunk { - write!(f, "{:02X}", byte)?; + write!(f, "{byte:02X}")?; } }