From a26a7627fe073ca43c331dc81d6900844d8ab350 Mon Sep 17 00:00:00 2001 From: "Zheng, Qi" Date: Mon, 23 Aug 2021 03:17:22 +0000 Subject: [PATCH] Update dcap demo to support dumping SGX KSS info Signed-off-by: Zheng, Qi --- .../dcap/c_app/dcap_c_test.c | 48 ++++++++++++++++--- .../dcap/dcap_lib/examples/dcap_test.rs | 41 ++++++++++++++++ 2 files changed, 82 insertions(+), 7 deletions(-) diff --git a/demos/remote_attestation/dcap/c_app/dcap_c_test.c b/demos/remote_attestation/dcap/c_app/dcap_c_test.c index 0f7f0ff2..a232c3ae 100644 --- a/demos/remote_attestation/dcap/c_app/dcap_c_test.c +++ b/demos/remote_attestation/dcap/c_app/dcap_c_test.c @@ -5,6 +5,46 @@ #include "sgx_quote_3.h" #include "dcap_quote.h" + +void dump_quote_info(sgx_quote3_t *p_quote) +{ + unsigned int i; + sgx_report_body_t *p_rep_body; + sgx_report_data_t *p_rep_data; + sgx_ql_auth_data_t *p_auth_data; + sgx_ql_ecdsa_sig_data_t *p_sig_data; + sgx_ql_certification_data_t *p_cert_data; + uint64_t*pll; + + p_rep_body = (sgx_report_body_t *)(&p_quote->report_body); + p_rep_data = (sgx_report_data_t *)(&p_rep_body->report_data); + p_sig_data = (sgx_ql_ecdsa_sig_data_t *)p_quote->signature_data; + p_auth_data = (sgx_ql_auth_data_t*)p_sig_data->auth_certification_data; + p_cert_data = (sgx_ql_certification_data_t *)((uint8_t *)p_auth_data + sizeof(*p_auth_data) + p_auth_data->size); + + printf("cert_key_type = 0x%x\n", p_cert_data->cert_key_type); + + printf("\nSGX ISV Family ID:\n"); + pll = (uint64_t *)p_rep_body->isv_family_id; + printf("\tLow 8 bytes: \t0x%08lx\n", *pll++); + printf("\tHigh 8 bytes: \t0x%08lx\n", *pll); + + printf("\nSGX ISV EXT Product ID:\n"); + pll = (uint64_t *)p_rep_body->isv_ext_prod_id; + printf("\tLow 8 bytes: \t0x%08lx\n", *pll++); + printf("\tHigh 8 bytes: \t0x%08lx\n", *pll); + + printf("\nSGX CONFIG ID:"); + for (i = 0; i < SGX_CONFIGID_SIZE; i++) { + if (!(i % 16)) + printf("\n\t"); + printf("%02x ", p_rep_body->config_id[i]); + } + + printf("\n\nSGX CONFIG SVN:\n"); + printf("\t0x%04x\n", p_rep_body->config_svn); +} + void main() { void *handle; uint32_t quote_size, supplemental_size; @@ -12,9 +52,6 @@ void main() { sgx_quote3_t *p_quote; sgx_report_body_t *p_rep_body; sgx_report_data_t *p_rep_data; - sgx_ql_auth_data_t *p_auth_data; - sgx_ql_ecdsa_sig_data_t *p_sig_data; - sgx_ql_certification_data_t *p_cert_data; int32_t ret; handle = dcap_quote_open(); @@ -44,16 +81,13 @@ void main() { p_quote = (sgx_quote3_t *)p_quote_buffer; p_rep_body = (sgx_report_body_t *)(&p_quote->report_body); p_rep_data = (sgx_report_data_t *)(&p_rep_body->report_data); - p_sig_data = (sgx_ql_ecdsa_sig_data_t *)p_quote->signature_data; - p_auth_data = (sgx_ql_auth_data_t*)p_sig_data->auth_certification_data; - p_cert_data = (sgx_ql_certification_data_t *)((uint8_t *)p_auth_data + sizeof(*p_auth_data) + p_auth_data->size); if (memcmp((void *)p_rep_data, (void *)&report_data, sizeof(sgx_report_data_t)) != 0) { printf("mismathced report data\n"); goto CLEANUP; } - printf("cert_key_type = 0x%x\n", p_cert_data->cert_key_type); + dump_quote_info(p_quote); supplemental_size = dcap_get_supplemental_data_size(handle); printf("supplemental_size size = %d\n", supplemental_size); diff --git a/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs b/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs index ed469bae..2110dd94 100644 --- a/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs +++ b/demos/remote_attestation/dcap/dcap_lib/examples/dcap_test.rs @@ -1,5 +1,6 @@ extern crate dcap_quote; use std::str; +use std::convert::TryFrom; use dcap_quote::*; use sgx_types::{ sgx_report_data_t, sgx_ql_qv_result_t, sgx_report_body_t, sgx_quote3_t @@ -78,6 +79,44 @@ impl DcapDemo { Ok( quote_verification_result ) } + + fn dcap_dump_quote_info(&mut self) { + let report_body_ptr = self.dcap_quote_get_report_body().unwrap(); + + // Dump ISV FAMILY ID + let family_id = unsafe { (*report_body_ptr).isv_family_id }; + let (fam_id_l, fam_id_h) = family_id.split_at(8); + let fam_id_l = <&[u8; 8]>::try_from(fam_id_l).unwrap(); + let fam_id_l = u64::from_le_bytes(*fam_id_l); + let fam_id_h = <&[u8; 8]>::try_from(fam_id_h).unwrap(); + let fam_id_h = u64::from_le_bytes(*fam_id_h); + println!("\nSGX ISV Family ID:"); + println!("\t Low 8 bytes: 0x{:016x?}\t", fam_id_l); + println!("\t high 8 bytes: 0x{:016x?}\t", fam_id_h); + + // Dump ISV EXT Product ID + let prod_id = unsafe { (*report_body_ptr).isv_ext_prod_id }; + let (prod_id_l, prod_id_h) = prod_id.split_at(8); + let prod_id_l = <&[u8; 8]>::try_from(prod_id_l).unwrap(); + let prod_id_l = u64::from_le_bytes(*prod_id_l); + let prod_id_h = <&[u8; 8]>::try_from(prod_id_h).unwrap(); + let prod_id_h = u64::from_le_bytes(*prod_id_h); + println!("\nSGX ISV EXT Product ID:"); + println!("\t Low 8 bytes: 0x{:016x?}\t", prod_id_l); + println!("\t high 8 bytes: 0x{:016x?}\t", prod_id_h); + + // Dump CONFIG ID + let conf_id = unsafe { (*report_body_ptr).config_id }; + println!("\nSGX CONFIG ID:"); + println!("\t{:02x?}", &conf_id[..16]); + println!("\t{:02x?}", &conf_id[16..32]); + println!("\t{:02x?}", &conf_id[32..48]); + println!("\t{:02x?}", &conf_id[48..]); + + // Dump CONFIG SVN + let conf_svn = unsafe { (*report_body_ptr).config_svn }; + println!("\nSGX CONFIG SVN:\t {:04x?}", conf_svn); + } } impl Drop for DcapDemo { @@ -103,6 +142,8 @@ fn main() { println!("Report data from Quote: '{}' doesn't match !!!", string); } + dcap_demo.dcap_dump_quote_info(); + let result = dcap_demo.dcap_quote_ver().unwrap(); match result { sgx_ql_qv_result_t::SGX_QL_QV_RESULT_OK => {