Add wrapper for sgx_qe_set_enclave_dirpath

Allow Asylo clients to set the directory where the Intel architectural enclaves are located. PiperOrigin-RevId: 271396239 Change-Id: I3876f9b4e25486b8db2b07d6982a2bb0e9cd7736
google · Sep 26, 2019 · c5bf856 · c5bf856
1 parent 725696d
commit c5bf856
Show file tree

Hide file tree

Showing 6 changed files with 111 additions and 4 deletions.
diff --git a/asylo/distrib/sgx_dcap_1_2.patch b/asylo/distrib/sgx_dcap_1_2.patch
@@ -576,7 +576,7 @@ diff -Nur -x '*.png' -x '*.gif' -x .gitignore QuoteGeneration/quote_wrapper/quot
 diff -Nur /dev/null BUILD
 --- /dev/null
 +++ BUILD
-@@ -0,0 +1,270 @@
+@@ -0,0 +1,275 @@
 +# Description: sgx_data_center_attestation_primitives is the Intel SGX Data
 +# Center Attestation Primitives library for linux.
 +
@@ -754,10 +754,13 @@ diff -Nur /dev/null BUILD
 +        "-Iexternal/sgx_dcap/QuoteGeneration/quote_wrapper/quote/enclave",
 +        "-Iexternal/sgx_dcap/QuoteGeneration/quote_wrapper/quote/inc",
 +        "-Iexternal/sgx_dcap/QuoteGeneration/common/inc/internal",
-+        "-Iexternal/sgx_dcap/QuoteGeneration/quote_wrapper/common/inc",
-+        "-Iexternal/sgx_dcap/QuoteGeneration/pce_wrapper/inc",
 +        "-Wno-address",
 +    ],
++    # The DCAP code doesn't qualify header paths.
++    includes = [
++        "QuoteGeneration/pce_wrapper/inc",
++        "QuoteGeneration/quote_wrapper/common/inc",
++    ],
 +    # The linker option below works around a linker issue. The PCE interface is
 +    # implemented twice in both SGX DCAP and SGX SDK. The latter is used to
 +    # build aesmd to avoid circular dependency, which results in compiling
@@ -767,7 +770,9 @@ diff -Nur /dev/null BUILD
 +    # as undefined here keeps the linker from complaining about those
 +    # unresolved symbols.
 +    linkopts = ["-Wl,--undefined=sgx_pce_sign_report"],
-+    visibility = ["@linux_sgx//:__subpackages__"],
++    visibility = [
++        "//visibility:public",
++    ],
 +    deps = [
 +        ":common_inc_internal",
 +        ":qe3_untrusted",

diff --git a/asylo/identity/sgx/BUILD b/asylo/identity/sgx/BUILD
@@ -1341,6 +1341,7 @@ cc_library(
         "@linux_sgx//:public",
         "@sgx_dcap//:pce_constants",
         "@sgx_dcap//:pce_wrapper",
+        "@sgx_dcap//:quote_wrapper",
     ],
 )
 

diff --git a/asylo/identity/sgx/dcap_intel_architectural_enclave_interface.cc b/asylo/identity/sgx/dcap_intel_architectural_enclave_interface.cc
@@ -29,6 +29,7 @@
 #include "include/sgx_key.h"
 #include "include/sgx_report.h"
 #include "QuoteGeneration/pce_wrapper/inc/sgx_pce.h"
+#include "QuoteGeneration/quote_wrapper/ql/inc/sgx_dcap_ql_wrapper.h"
 
 namespace asylo {
 namespace sgx {
@@ -62,8 +63,100 @@ Status PceErrorToStatus(sgx_pce_error_t pce_error) {
   }
 }
 
+Status Quote3ErrorToStatus(quote3_error_t quote3_error) {
+  switch (quote3_error) {
+    case SGX_QL_SUCCESS:
+      return Status::OkStatus();
+    case SGX_QL_ERROR_UNEXPECTED:
+      return Status(error::GoogleError::INTERNAL, "Unexpected error");
+    case SGX_QL_ERROR_INVALID_PARAMETER:
+      return Status(error::GoogleError::INVALID_ARGUMENT, "Invalid parameter");
+    case SGX_QL_ERROR_OUT_OF_MEMORY:
+      return Status(error::GoogleError::RESOURCE_EXHAUSTED, "Out of memory");
+    case SGX_QL_ERROR_ECDSA_ID_MISMATCH:
+      return Status(error::GoogleError::INTERNAL,
+                    "Unexpected ID in the ECDSA key blob");
+    case SGX_QL_PATHNAME_BUFFER_OVERFLOW_ERROR:
+      return Status(error::GoogleError::OUT_OF_RANGE,
+                    "Pathname buffer overflow");
+    case SGX_QL_FILE_ACCESS_ERROR:
+      return Status(error::GoogleError::INTERNAL, "File access error");
+    case SGX_QL_ERROR_STORED_KEY:
+      return Status(error::GoogleError::INTERNAL, "Invalid cached ECDSA key");
+    case SGX_QL_ERROR_PUB_KEY_ID_MISMATCH:
+      return Status(error::GoogleError::INTERNAL,
+                    "Cached ECDSA key ID does not match request");
+    case SGX_QL_ERROR_INVALID_PCE_SIG_SCHEME:
+      return Status(error::GoogleError::INTERNAL,
+                    "The signature scheme supported by the PCE is not "
+                    "supported by the QE");
+    case SGX_QL_ATT_KEY_BLOB_ERROR:
+      return Status(error::GoogleError::INTERNAL, "Attestation key blob error");
+    case SGX_QL_UNSUPPORTED_ATT_KEY_ID:
+      return Status(error::GoogleError::INTERNAL, "Invalid attestation key ID");
+    case SGX_QL_UNSUPPORTED_LOADING_POLICY:
+      return Status(error::GoogleError::INTERNAL,
+                    "Unsupported enclave loading policy");
+    case SGX_QL_INTERFACE_UNAVAILABLE:
+      return Status(error::GoogleError::INTERNAL,
+                    "Unable to load the quoting enclave");
+    case SGX_QL_PLATFORM_LIB_UNAVAILABLE:
+      return Status(
+          error::GoogleError::INTERNAL,
+          "Unable to load the platform quote provider library (not fatal)");
+    case SGX_QL_ATT_KEY_NOT_INITIALIZED:
+      return Status(error::GoogleError::FAILED_PRECONDITION,
+                    "Attestation key not initialized");
+    case SGX_QL_ATT_KEY_CERT_DATA_INVALID:
+      return Status(error::GoogleError::INTERNAL,
+                    "Invalid attestation key certification retrieved from "
+                    "platform quote provider library");
+    case SGX_QL_NO_PLATFORM_CERT_DATA:
+      return Status(error::GoogleError::INTERNAL,
+                    "No certification for the platform could be found");
+    case SGX_QL_OUT_OF_EPC:
+      return Status(error::GoogleError::RESOURCE_EXHAUSTED,
+                    "Insufficient EPC memory to load an enclave");
+    case SGX_QL_ERROR_REPORT:
+      return Status(error::GoogleError::INTERNAL,
+                    "An error occurred validating the report");
+    case SGX_QL_ENCLAVE_LOST:
+      return Status(error::GoogleError::INTERNAL,
+                    "The enclave was lost due to power transition or fork()");
+    case SGX_QL_INVALID_REPORT:
+      return Status(error::GoogleError::INVALID_ARGUMENT,
+                    "The application enclave's report failed validation");
+    case SGX_QL_ENCLAVE_LOAD_ERROR:
+      return Status(error::GoogleError::INTERNAL, "Unable to load an enclave");
+    case SGX_QL_UNABLE_TO_GENERATE_QE_REPORT:
+      return Status(
+          error::GoogleError::INTERNAL,
+          "Unable to generate QE report targeting the application enclave");
+    case SGX_QL_KEY_CERTIFCATION_ERROR:
+      return Status(
+          error::GoogleError::INTERNAL,
+          "The platform quote provider library returned an invalid TCB");
+    case SGX_QL_NETWORK_ERROR:
+      return Status(error::GoogleError::INTERNAL,
+                    "Network error getting PCK certificates");
+    case SGX_QL_MESSAGE_ERROR:
+      return Status(error::GoogleError::INTERNAL,
+                    "Protocol error getting PCK certificates");
+    case SGX_QL_ERROR_INVALID_PRIVILEGE:
+      return Status(error::GoogleError::PERMISSION_DENIED,
+                    "Invalid permission");
+    default:
+      return Status(error::GoogleError::UNKNOWN, "Unknown error");
+  }
+}
+
 }  // namespace
 
+Status DcapIntelArchitecturalEnclaveInterface::SetEnclaveDir(
+    const std::string &path) {
+  return Quote3ErrorToStatus(sgx_qe_set_enclave_dirpath(path.c_str()));
+}
+
 Status DcapIntelArchitecturalEnclaveInterface::GetPceTargetinfo(
     Targetinfo *targetinfo, uint16_t *pce_svn) {
   static_assert(

diff --git a/asylo/identity/sgx/dcap_intel_architectural_enclave_interface.h b/asylo/identity/sgx/dcap_intel_architectural_enclave_interface.h
@@ -46,6 +46,8 @@ class DcapIntelArchitecturalEnclaveInterface
 
   // From IntelArchitecturalEnclaveInterface.
 
+  Status SetEnclaveDir(const std::string &path) override;
+
   Status GetPceTargetinfo(Targetinfo *targetinfo, uint16_t *pce_svn) override;
 
   Status GetPceInfo(const Report &report,

diff --git a/asylo/identity/sgx/intel_architectural_enclave_interface.h b/asylo/identity/sgx/intel_architectural_enclave_interface.h
@@ -41,6 +41,11 @@ class IntelArchitecturalEnclaveInterface {
  public:
   virtual ~IntelArchitecturalEnclaveInterface() = default;
 
+  // Sets the directory |path| where the architectural enclaves are located.
+  // If this function is not called, the enclaves will be loaded from the
+  // directory in which the host binary is located.
+  virtual Status SetEnclaveDir(const std::string &path) = 0;
+
   // Provisioning Certification Enclave (PCE)
 
   // Populates |targetinfo| with the TARGETINFO and |pce_svn| with the PCE SVN

diff --git a/asylo/identity/sgx/mock_intel_architectural_enclave_interface.h b/asylo/identity/sgx/mock_intel_architectural_enclave_interface.h
@@ -36,6 +36,7 @@ namespace sgx {
 class MockIntelArchitecturalEnclaveInterface
     : public IntelArchitecturalEnclaveInterface {
  public:
+  MOCK_METHOD(Status, SetEnclaveDir, (const std::string &), (override));
   MOCK_METHOD(Status, GetPceTargetinfo, (Targetinfo *, uint16_t *), (override));
   MOCK_METHOD(Status, GetPceInfo,
               (const Report &, absl::Span<const uint8_t>,