From b16dfbff87d3ca7c0e9d3ea29e1bf946596dc766 Mon Sep 17 00:00:00 2001 From: Bruno Vavala Date: Fri, 24 May 2024 21:57:41 +0000 Subject: [PATCH] Add sgx flag checks to pservice. This normalizes the attestation verification checks with the TP. Signed-off-by: Bruno Vavala --- build/__tools__/generate_mrenclave_header | 15 ++++++++++- .../lib/libpdo_enclave/secret_enclave.cpp | 27 +++++++++++++------ 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/build/__tools__/generate_mrenclave_header b/build/__tools__/generate_mrenclave_header index 5522d7f8..f45440e8 100755 --- a/build/__tools__/generate_mrenclave_header +++ b/build/__tools__/generate_mrenclave_header @@ -30,9 +30,9 @@ parser.add_argument('--enclave', type=str, help='Name of the enclave to use in t options = parser.parse_args() +# get mrenclave from metadata pattern_start = '^metadata->enclave_css.body.enclave_hash.m:$' pattern_end = '^metadata->' - values = [] with open(options.metadata, 'r') as f: for line in f : @@ -43,11 +43,22 @@ with open(options.metadata, 'r') as f: values.extend(list(map(lambda v : v.upper()[2:], line.strip().split(' ')))) break +def get_meta_parameter(meta_file, pattern): + with open(meta_file, 'r') as f: + for line in f : + if re.match(pattern, line) : + return line.strip().split(': ')[1] + +attributes_flags = get_meta_parameter(options.metadata, '^metadata->enclave_css.body.attributes.flags:') +attribute_mask_flags = get_meta_parameter(options.metadata, '^metadata->enclave_css.body.attribute_mask.flags:') + template_fields = dict() template_fields['mrenclave'] = ''.join(values) template_fields['source_file'] = options.metadata template_fields['timestamp'] = datetime.date.today().isoformat() template_fields['enclave'] = options.enclave +template_fields['attributes_flags'] = attributes_flags +template_fields['attribute_mask_flags'] = attribute_mask_flags with open(options.header, 'w') as f: f.write(""" @@ -58,4 +69,6 @@ with open(options.header, 'w') as f: #include "types.h" HexEncodedString {enclave}_ENCLAVE_MRENCLAVE = "{mrenclave}"; +uint64_t attributes_flags = {attributes_flags}; +uint64_t attribute_mask_flags = {attribute_mask_flags}; """.format(**template_fields)) diff --git a/pservice/lib/libpdo_enclave/secret_enclave.cpp b/pservice/lib/libpdo_enclave/secret_enclave.cpp index 905bfa2d..4abc032a 100644 --- a/pservice/lib/libpdo_enclave/secret_enclave.cpp +++ b/pservice/lib/libpdo_enclave/secret_enclave.cpp @@ -651,6 +651,7 @@ pdo_err_t VerifyEnclaveInfo(const std::string& enclaveInfo, sgx_report_body_t* reportBody = "eBody->report_body; sgx_report_data_t expectedReportData = *(&reportBody->report_data); sgx_measurement_t mrEnclaveFromReport = *(&reportBody->mr_enclave); + sgx_attributes_t attributes = *(&reportBody->attributes); ByteArray allowedContractMR_ENCLAVE = HexEncodedStringToByteArray(ESERVICE_ENCLAVE_MRENCLAVE); @@ -676,14 +677,24 @@ pdo_err_t VerifyEnclaveInfo(const std::string& enclaveInfo, memcmp(computedReportData.d, expectedReportData.d, SGX_REPORT_DATA_SIZE) != 0, "Invalid Report data: computedReportData does not match expectedReportData"); - //Note that we do not currently verify whether the enclave debug flag is - //turned on or not. In order to ensure that the enclave is run in a mode - //that supports enhanced-confidentiality and execution integrity, the debug - //flag (SGX_FLAGS_DEBUG / 0x0000000000000002ULL in the report's attribute) - //should be set to 0. For additional details on how we plan to support this - //check, please see - //https://github.com/hyperledger-labs/private-data-objects/issues/195. - // + // Verify 64-bit enclave + pdo::error::ThrowIf((attributes.flags & SGX_FLAGS_MODE64BIT) == 0, + "Invalid 64-bit flag: 0"); + + // Verify SGX debug flag: check mask and enforce if necessary + if(attribute_mask_flags & SGX_FLAGS_DEBUG) //if bit is set, enforce debug flag check + { + pdo::error::ThrowIf( + (attributes.flags & SGX_FLAGS_DEBUG) != (attributes_flags & SGX_FLAGS_DEBUG), + "Invalid SGX debug flag"); + } + + // Note that we do not currently verify whether the TCB version of the enclave. + // This must be implemented to ensure that the enclave does not run using an old + // superseded TCB. + // For additional details on how we plan to support this check, please see + // https://github.com/hyperledger-labs/private-data-objects/issues/195. + return result; }// VerifyEnclaveInfo