This is an automated email from the ASF dual-hosted git repository.
rduan pushed a commit to branch emm-dev
in repository https://gitbox.apache.org/repos/asf/incubator-teaclave-sgx-sdk.git
The following commit(s) were added to refs/heads/emm-dev by this push:
new e21a305a Support intel-dcap 1.17
e21a305a is described below
commit e21a305a116e17d8f1b717ec440e0a71dba06f53
Author: volcano <[email protected]>
AuthorDate: Thu Aug 24 15:38:42 2023 +0800
Support intel-dcap 1.17
---
sgx_trts/src/veh/register.rs | 2 +-
sgx_types/src/error/mod.rs | 132 +++++++++++++++++++++++++++++++++++++++++--
sgx_types/src/function.rs | 99 +++++++++++++++++++++++++++++---
sgx_types/src/types/dcap.rs | 26 ++++++++-
sgx_types/src/types/tdx.rs | 112 ++++++++++++++++++++++++++++++++++++
5 files changed, 354 insertions(+), 17 deletions(-)
diff --git a/sgx_trts/src/veh/register.rs b/sgx_trts/src/veh/register.rs
index 30233f40..88a4d4f0 100644
--- a/sgx_trts/src/veh/register.rs
+++ b/sgx_trts/src/veh/register.rs
@@ -98,7 +98,7 @@ pub struct ExceptionInfo {
pub do_aex_mitigation: u32,
pub xsave_size: u64,
pub reserved: [u64; 1],
- pub xsave_area: [u8; 0],
+ pub(super) xsave_area: [u8; 0],
}
impl ExceptionInfo {
diff --git a/sgx_types/src/error/mod.rs b/sgx_types/src/error/mod.rs
index 2b0f8f9b..02948ec3 100644
--- a/sgx_types/src/error/mod.rs
+++ b/sgx_types/src/error/mod.rs
@@ -438,6 +438,13 @@ impl_enum! {
PswNotAvailable = 0x0000_E052,
CollateralVersionNotSupported = 0x0000_E053,
TdxModuleMismatch = 0x0000_E060,
+ QeQeIdentityNotFound = 0x0000_E061,
+ TcbInfoNotFound = 0x0000_E062,
+ InternalServerError = 0x0000_E063,
+ SupplementalDataVersionNotSupport = 0x0000_E064,
+ RootCAUntrusted = 0x0000_E065,
+ TcbNotSupported = 0x0000_E066,
+ ConfigInvalidJson = 0x0000_E067,
ErrorMax = 0x0000_E0FF,
}
}
@@ -557,7 +564,22 @@ impl Quote3Error {
"SGX quote verification collateral version not supported by
QVL/QvE."
}
Quote3Error::TdxModuleMismatch => {
- "TDX SEAM module identity is NOT match to Intel signed TDX
SEAM module"
+ "TDX SEAM module identity is NOT match to Intel signed TDX
SEAM module."
+ }
+ Quote3Error::QeQeIdentityNotFound => "QE identity was not found.",
+ Quote3Error::TcbInfoNotFound => "TCB Info was not found.",
+ Quote3Error::InternalServerError => "Internal server error.",
+ Quote3Error::SupplementalDataVersionNotSupport => {
+ "The supplemental data version is not supported."
+ }
+ Quote3Error::RootCAUntrusted => {
+ "The certificate used to establish SSL session is untrusted."
+ }
+ Quote3Error::TcbNotSupported => {
+ "Current TCB level cannot be found in platform/enclave TCB
info."
+ }
+ Quote3Error::ConfigInvalidJson => {
+ "The QPL's config file is in JSON format but has a format
error."
}
Quote3Error::ErrorMax => "Indicate max error to allow better
translation.",
}
@@ -645,6 +667,13 @@ impl Quote3Error {
Quote3Error::PswNotAvailable => "PswNotAvailable",
Quote3Error::CollateralVersionNotSupported =>
"CollateralVersionNotSupported",
Quote3Error::TdxModuleMismatch => "TdxModuleMismatch",
+ Quote3Error::QeQeIdentityNotFound => "QeQeIdentityNotFound",
+ Quote3Error::TcbInfoNotFound => "TcbInfoNotFound",
+ Quote3Error::InternalServerError => "InternalServerError",
+ Quote3Error::SupplementalDataVersionNotSupport =>
"SupplementalDataVersionNotSupport",
+ Quote3Error::RootCAUntrusted => "RootCAUntrusted",
+ Quote3Error::TcbNotSupported => "TcbNotSupported",
+ Quote3Error::ConfigInvalidJson => "ConfigInvalidJson",
Quote3Error::ErrorMax => "ErrorMax",
}
}
@@ -681,6 +710,11 @@ impl_enum! {
StatusCertsUnavaliable = 0x0000_B012,
StatusServiceUnavaliable = 0x0000_B013,
InvalidConfig = 0x0000_B030,
+ CacheMissing = 0x0000_B031,
+ CacheExpired = 0x0000_B032,
+ RootCAUntrusted = 0x0000_B033,
+ ConfigInvalidJson = 0x0000_B035,
+ ConfigNotJson = 0x0000_B036,
}
}
@@ -694,20 +728,20 @@ impl QcnlError {
QcnlError::NetworkProxyFail => "Network error : Couldn't resolve
proxy.",
QcnlError::NetworkHostFail => "Network error : Couldn't resolve
host.",
QcnlError::NetworkNotConnected => {
- "Network error : Failed to connect() to host or proxy."
+ "Network error: Failed to connect() to host or proxy."
}
QcnlError::NetworkHttp2Error => {
- "Network error : A problem was detected in the HTTP2 framing
layer."
+ "Network error: A problem was detected in the HTTP2 framing
layer."
}
QcnlError::NetworkWriteError => {
- "Network error : an error was returned to libcurl from a write
callback."
+ "Network error: an error was returned to libcurl from a write
callback."
}
QcnlError::NetworkTimeout => "Network error : Operation timeout.",
QcnlError::NetworkHttpsError => {
- "Network error : A problem occurred somewhere in the SSL/TLS
handshake."
+ "Network error: A problem occurred somewhere in the SSL/TLS
handshake."
}
QcnlError::NetworkUnknownOption => {
- "Network error : An option passed to libcurl is not
recognized/known."
+ "Network error: An option passed to libcurl is not
recognized/known."
}
QcnlError::NetworkInitError => "Failed to initialize CURL
library.",
QcnlError::MsgError => "HTTP message error.",
@@ -718,6 +752,15 @@ impl QcnlError {
QcnlError::StatusCertsUnavaliable => "Certs not available.",
QcnlError::StatusServiceUnavaliable => "Service is currently not
available.",
QcnlError::InvalidConfig => "Error in configuration file.",
+ QcnlError::CacheMissing => "Cache missing.",
+ QcnlError::CacheExpired => "Cache expired.",
+ QcnlError::RootCAUntrusted => {
+ "The certificate used to establish SSL session is untrusted."
+ }
+ QcnlError::ConfigInvalidJson => {
+ "The config file is in JSON format but has a format error."
+ }
+ QcnlError::ConfigNotJson => "The config file is not in JSON
format.",
}
}
@@ -744,6 +787,11 @@ impl QcnlError {
QcnlError::StatusCertsUnavaliable => "StatusCertsUnavaliable",
QcnlError::StatusServiceUnavaliable => "StatusServiceUnavaliable",
QcnlError::InvalidConfig => "InvalidConfig",
+ QcnlError::CacheMissing => "CacheMissing",
+ QcnlError::CacheExpired => "CacheExpired",
+ QcnlError::RootCAUntrusted => "RootCAUntrusted",
+ QcnlError::ConfigInvalidJson => "ConfigInvalidJson",
+ QcnlError::ConfigNotJson => "ConfigNotJson",
}
}
}
@@ -754,10 +802,82 @@ impl fmt::Display for QcnlError {
}
}
+impl_enum! {
+ #[repr(u32)]
+ #[derive(Clone, Copy, Debug, Eq, PartialEq, Ord, PartialOrd)]
+ pub enum TdxAttestError {
+ Success = 0x0000_0000,
+ Unexpected = 0x0000_0001,
+ InvalidParameter = 0x0000_0002,
+ OutOfMemory = 0x0000_0003,
+ VSockFailure = 0x0000_0004,
+ ReportFailure = 0x0000_0005,
+ ExtendFailure = 0x0000_0006,
+ NotSupported = 0x0000_0007,
+ QuoteFailure = 0x0000_0008,
+ DeviceBusy = 0x0000_0009,
+ DeviceFailure = 0x0000_000A,
+ InvaildRtmrIndex = 0x0000_000B,
+ UnsupportedAttKeyId = 0x0000_000C,
+ ErrorMax = 0x0000_000D,
+ }
+}
+
+impl TdxAttestError {
+ pub fn __description(&self) -> &'static str {
+ match *self {
+ TdxAttestError::Success => "Success.",
+ TdxAttestError::Unexpected => "Unexpected error.",
+ TdxAttestError::InvalidParameter => "The parameter is incorrect.",
+ TdxAttestError::OutOfMemory => "Out of memory error.",
+ TdxAttestError::VSockFailure => "vsock related failure.",
+ TdxAttestError::ReportFailure => "Failed to get the TD Report.",
+ TdxAttestError::ExtendFailure => "Failed to extend rtmr.",
+ TdxAttestError::NotSupported => "Request feature is not
supported.",
+ TdxAttestError::QuoteFailure => "Failed to get the TD Quote.",
+ TdxAttestError::DeviceBusy => "The device driver return busy.",
+ TdxAttestError::DeviceFailure => "Failed to acess tdx attest
device.",
+ TdxAttestError::InvaildRtmrIndex => "Only supported RTMR index is
2 and 3.",
+ TdxAttestError::UnsupportedAttKeyId => {
+ "The platform Quoting infrastructure does not support any of
the keys described in att_key_id_list."
+ }
+ TdxAttestError::ErrorMax => {
+ "Indicate max error."
+ }
+ }
+ }
+
+ pub fn as_str(&self) -> &'static str {
+ match *self {
+ TdxAttestError::Success => "Success.",
+ TdxAttestError::Unexpected => "Unexpected",
+ TdxAttestError::InvalidParameter => "InvalidParameter",
+ TdxAttestError::OutOfMemory => "OutOfMemory",
+ TdxAttestError::VSockFailure => "VSockFailure",
+ TdxAttestError::ReportFailure => "ReportFailure",
+ TdxAttestError::ExtendFailure => "ExtendFailure",
+ TdxAttestError::NotSupported => "NotSupported",
+ TdxAttestError::QuoteFailure => "QuoteFailure",
+ TdxAttestError::DeviceBusy => "DeviceBusy",
+ TdxAttestError::DeviceFailure => "DeviceFailure",
+ TdxAttestError::InvaildRtmrIndex => "InvaildRtmrIndex",
+ TdxAttestError::UnsupportedAttKeyId => "UnsupportedAttKeyId",
+ TdxAttestError::ErrorMax => "ErrorMax",
+ }
+ }
+}
+
+impl fmt::Display for TdxAttestError {
+ fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+ write!(f, "{}", self.as_str())
+ }
+}
+
pub type SgxResult<T = ()> = result::Result<T, SgxStatus>;
pub type SgxPceResult<T = ()> = result::Result<T, PceError>;
pub type SgxQcnlResult<T = ()> = result::Result<T, QcnlError>;
pub type SgxQuote3Result<T = ()> = result::Result<T, Quote3Error>;
+pub type SgxTdxAttestResult<T = ()> = result::Result<T, TdxAttestError>;
pub type OsError = i32;
pub type OsResult<T = ()> = result::Result<T, OsError>;
diff --git a/sgx_types/src/function.rs b/sgx_types/src/function.rs
index 83d15916..bd91e3ab 100644
--- a/sgx_types/src/function.rs
+++ b/sgx_types/src/function.rs
@@ -15,7 +15,7 @@
// specific language governing permissions and limitations
// under the License..
-use crate::error::{PceError, QcnlError, Quote3Error, SgxStatus};
+use crate::error::{PceError, QcnlError, Quote3Error, SgxStatus,
TdxAttestError};
use crate::metadata::MetaData;
use crate::types::*;
@@ -306,10 +306,19 @@ extern "C" {
fmspc: *const u8,
fmspc_size: u16,
pck_ra: *const c_char,
- pp_quote_collateral: *mut *mut CQlQveCollateral,
+ pp_quote_collateral: *mut *mut CTdxQlQvCollateral,
+ ) -> Quote3Error;
+ /* intel DCAP 1.17 */
+ pub fn tdx_ql_get_quote_verification_collateral_with_params(
+ fmspc: *const u8,
+ fmspc_size: u16,
+ pck_ra: *const c_char,
+ custom_param: *const c_void,
+ custom_param_length: u16,
+ pp_quote_collateral: *mut *mut CTdxQlQvCollateral,
) -> Quote3Error;
pub fn tdx_ql_free_quote_verification_collateral(
- p_quote_collateral: *const CQlQveCollateral,
+ p_quote_collateral: *const CTdxQlQvCollateral,
) -> Quote3Error;
pub fn sgx_ql_get_qve_identity(
@@ -323,14 +332,20 @@ extern "C" {
p_qve_identity_issuer_chain: *const c_char,
) -> Quote3Error;
- /* intel DCAP 1.4 */
+ /* intel DCAP 1.14 */
pub fn sgx_ql_get_root_ca_crl(
pp_root_ca_crl: *mut *mut u8,
p_root_ca_crl_size: *mut u16,
) -> Quote3Error;
pub fn sgx_ql_free_root_ca_crl(p_root_ca_crl: *const uint8_t) ->
Quote3Error;
- /* intel DCAP 2.14 */
- pub fn sgx_ql_set_logging_callback(logger: QlLoggingCallbackFn) ->
Quote3Error;
+ /* intel DCAP 1.17 */
+ pub fn sgx_ql_set_logging_callback(
+ logger: QlLoggingCallbackFn,
+ loglevel: QlLogLevel,
+ ) -> Quote3Error;
+ pub fn sgx_qpl_clear_cache(cache_type: QplCacheType) -> Quote3Error;
+ pub fn sgx_qpl_global_init() -> Quote3Error;
+ pub fn sgx_qpl_global_cleanup() -> Quote3Error;
}
//#[link(name = "sgx_default_qcnl_wrapper")]
@@ -397,7 +412,14 @@ extern "C" {
pub fn sgx_qcnl_free_root_ca_crl(p_root_ca_crl: *const u8);
/* intel DCAP 1.13 */
pub fn sgx_qcnl_get_api_version(p_major_ver: *mut u16, p_minor_ver: *mut
u16) -> bool;
- pub fn sgx_qcnl_set_logging_callback(logger: QlLoggingCallbackFn) ->
QcnlError;
+ pub fn sgx_qcnl_set_logging_callback(
+ logger: QlLoggingCallbackFn,
+ loglevel: QlLogLevel,
+ ) -> QcnlError;
+ /* intel DCAP 1.17 */
+ pub fn sgx_qcnl_clear_cache(cache_type: u32) -> QcnlError;
+ pub fn sgx_qcnl_global_init() -> QcnlError;
+ pub fn sgx_qcnl_global_cleanup() -> QcnlError;
}
//#[link(name = "dcap_quoteverify")]
@@ -443,7 +465,7 @@ extern "C" {
pub fn tdx_qv_verify_quote(
p_quote: *const u8,
quote_size: u32,
- p_quote_collateral: *const CQlQveCollateral,
+ p_quote_collateral: *const CTdxQlQvCollateral,
expiration_check_date: time_t,
p_collateral_expiration_status: *mut u32,
p_quote_verification_result: *mut QlQvResult,
@@ -451,4 +473,65 @@ extern "C" {
supplemental_data_size: u32,
p_supplemental_data: *mut u8,
) -> Quote3Error;
+
+ /* intel DCAP 1.15 */
+ pub fn tee_qv_get_collateral(
+ p_quote: *const u8,
+ quote_size: u32,
+ pp_quote_collateral: *mut *mut u8,
+ p_collateral_size: *mut u32,
+ ) -> Quote3Error;
+
+ pub fn tee_qv_free_collateral(p_quote_collateral: *const u8) ->
Quote3Error;
+ pub fn tee_get_supplemental_data_version_and_size(
+ p_quote: *const u8,
+ quote_size: u32,
+ p_version: *mut u32,
+ p_data_size: *mut u32,
+ ) -> Quote3Error;
+
+ pub fn tee_verify_quote(
+ p_quote: *const u8,
+ quote_size: u32,
+ p_quote_collateral: *const u8,
+ expiration_check_date: time_t,
+ p_collateral_expiration_status: *mut u32,
+ p_quote_verification_result: *mut QlQvResult,
+ p_qve_report_info: *mut QlQeReportInfo,
+ p_supp_data_descriptor: *const CTeeSuppDataDescriptor,
+ ) -> Quote3Error;
+ /* intel DCAP 1.16 */
+ pub fn tee_get_fmspc_from_quote(
+ p_quote: *const u8,
+ quote_size: u32,
+ p_fmspc_from_quote: *mut u8,
+ fmspc_from_quote_size: u32,
+ ) -> Quote3Error;
+}
+
+/* intel DCAP 1.15 */
+//#[link(name = "libtdx_attest")]
+extern "C" {
+ //
+ // tdx_attes.h
+ //
+ pub fn tdx_att_get_quote(
+ p_tdx_report_data: *const TdxReportData,
+ att_key_id_list: *const TdxUuid,
+ list_size: u32,
+ p_att_key_id: *mut TdxUuid,
+ pp_quote: *mut *mut u8,
+ p_quote_size: *mut u32,
+ flags: u32,
+ ) -> TdxAttestError;
+ pub fn tdx_att_free_quote(p_quote: *const u8) -> TdxAttestError;
+ pub fn tdx_att_get_report(
+ p_tdx_report_data: *const TdxReportData,
+ p_tdx_report: *mut TdxReport,
+ ) -> TdxAttestError;
+ pub fn tdx_att_extend(p_rtmr_event: *const TdxRtmrEvent) -> TdxAttestError;
+ pub fn tdx_att_get_supported_att_key_ids(
+ p_att_key_id_list: *mut TdxUuid,
+ p_list_size: *mut u32,
+ ) -> TdxAttestError;
}
diff --git a/sgx_types/src/types/dcap.rs b/sgx_types/src/types/dcap.rs
index b76168ba..5b68f2b5 100644
--- a/sgx_types/src/types/dcap.rs
+++ b/sgx_types/src/types/dcap.rs
@@ -159,6 +159,17 @@ impl_enum! {
}
}
+/* intel DCAP 1.17 */
+impl_enum! {
+ #[repr(u32)]
+ #[derive(Clone, Copy, Debug, Eq, PartialEq)]
+ pub enum QplCacheType {
+ Certificate = 1,
+ Collateral = 2,
+ MultiCerts = 4,
+ }
+}
+
impl_enum! {
#[repr(u32)]
#[derive(Clone, Copy, Debug, Eq, PartialEq)]
@@ -375,10 +386,11 @@ impl_enum! {
}
//
-// qve_header.h
+// sgx_qve_header.h
//
pub const ROOT_KEY_ID_SIZE: usize = 48;
pub const PLATFORM_INSTANCE_ID_SIZE: usize = 16;
+pub const MAX_SA_LIST_SIZE: usize = 160;
/* intel DCAP 1.7 */
impl_enum! {
@@ -417,11 +429,13 @@ impl_copy_clone! {
pub dynamic_platform: PckCertFlag,
pub cached_keys: PckCertFlag,
pub smt_enabled: PckCertFlag,
+ /* intel DCAP 1.15 */
+ pub sa_list: [c_char; MAX_SA_LIST_SIZE]
}
}
impl_struct_default! {
- QlQvSupplemental; //176
+ QlQvSupplemental; //336
}
impl_asref_array! {
@@ -432,6 +446,14 @@ impl_struct_ContiguousMemory! {
QlQvSupplemental;
}
+/* intel DCAP 1.15 */
+#[repr(C)]
+pub struct CTeeSuppDataDescriptor {
+ pub major_version: u16,
+ pub data_size: u32,
+ pub p_data: *mut u8,
+}
+
impl_enum! {
#[repr(u32)]
#[derive(Clone, Copy, Debug, Eq, PartialEq, Ord, PartialOrd)]
diff --git a/sgx_types/src/types/tdx.rs b/sgx_types/src/types/tdx.rs
index e57c4814..f3b7dba0 100644
--- a/sgx_types/src/types/tdx.rs
+++ b/sgx_types/src/types/tdx.rs
@@ -20,6 +20,9 @@ use super::*;
use core::mem;
use core::slice;
+/* intel DCAP 1.17 */
+pub type CTdxQlQvCollateral = CQlQveCollateral;
+
/* intel DCAP 1.14 */
//
// sgx_quote_4.h
@@ -203,3 +206,112 @@ impl Quote4 {
)
}
}
+
+/* intel DCAP 1.15 */
+//
+// tdx_attes.h
+//
+pub const TDX_UUID_SIZE: usize = 16;
+pub const TDX_REPORT_DATA_SIZE: usize = 64;
+pub const TDX_REPORT_SIZE: usize = 1024;
+
+impl_struct! {
+ #[repr(C)]
+ #[derive(Debug, Eq, PartialEq)]
+ pub struct TdxUuid {
+ pub d: [u8; TDX_UUID_SIZE],
+ }
+}
+
+impl_asref_array! {
+ TdxUuid;
+}
+impl_asmut_array! {
+ TdxUuid;
+}
+impl_from_array! {
+ TdxUuid;
+}
+impl_unsafe_marker_for! {
+ BytewiseEquality,
+ TdxUuid
+}
+
+impl_copy_clone! {
+ #[repr(C)]
+ #[derive(Debug)]
+ pub struct TdxReportData {
+ pub d: [u8; TDX_REPORT_DATA_SIZE],
+ }
+}
+impl_copy_clone! {
+ #[repr(C)]
+ #[derive(Debug)]
+ pub struct TdxReport {
+ pub d: [u8; TDX_REPORT_SIZE],
+ }
+}
+
+impl_struct_default! {
+ TdxReportData; //64
+ TdxReport; //1024
+}
+
+impl_struct_ContiguousMemory! {
+ TdxReportData;
+ TdxReport;
+}
+
+impl_asref_array! {
+ TdxReportData;
+ TdxReport;
+}
+
+impl_asmut_array! {
+ TdxReportData;
+}
+impl_from_array! {
+ TdxReportData;
+}
+
+impl_unsafe_marker_for! {
+ BytewiseEquality,
+ TdxReportData
+}
+
+#[derive(Clone, Copy, Debug)]
+#[repr(C, packed)]
+pub struct TdxRtmrEvent {
+ pub version: u32,
+ pub rtmr_index: u64,
+ pub extend_data: [u8; 48],
+ pub event_type: u32,
+ pub event_data_size: u32,
+ pub event_data: [u8; 0],
+}
+
+impl_struct_default! {
+ TdxRtmrEvent; //68
+}
+
+impl_struct_ContiguousMemory! {
+ TdxRtmrEvent;
+}
+
+impl TdxRtmrEvent {
+ /// # Safety
+ pub unsafe fn as_slice_unchecked(&self) -> &[u8] {
+ slice::from_raw_parts(
+ self as *const _ as *const u8,
+ mem::size_of::<TdxRtmrEvent>() + self.event_data_size as usize,
+ )
+ }
+
+ /// # Safety
+ pub unsafe fn event_data_slice_unchecked(&self) -> &[u8] {
+ slice::from_raw_parts(
+ &self.event_data as *const _ as *const u8,
+ self.event_data_size as usize,
+ )
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
