/* * Copyright (c) 2022 Intel Corporation * Copyright (c) 2020-2021 Alibaba Cloud * * SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception */ #include #include #include "lib_rats_wrapper.h" #define __is_print(ch) ((unsigned int)((ch) - ' ') < 127u - ' ') /** * hex_dump * * @brief dump data in hex format * * @param title: Title * @param buf: User buffer * @param size: Dump data size * @param number: The number of outputs per line * * @return void */ void hex_dump(const char *title, const uint8_t *buf, uint32_t size, uint32_t number) { int i, j; if (title) { printf("\n\t%s:\n\n", title); } for (i = 0; i < size; i += number) { printf("%08X: ", i); for (j = 0; j < number; j++) { if (j % 8 == 0) { printf(" "); } if (i + j < size) printf("%02X ", buf[i + j]); else printf(" "); } printf(" "); for (j = 0; j < number; j++) { if (i + j < size) { printf("%c", __is_print(buf[i + j]) ? buf[i + j] : '.'); } } printf("\n"); } } int main(int argc, char **argv) { int ret_code = -1; char *evidence_json = NULL; // Generate user_data by SHA256 buffer and the wasm module. // user_data = SHA256(sha256_wasm_module || buffer) const char *buffer = "This is a sample."; // If you want to declare the evidence of type rats_sgx_evidence_t on the // stack, you should modify the stack size of the CMAKE_EXE_LINKER_FLAGS in // CMakeLists.txt to 51200 at least. rats_sgx_evidence_t *evidence = (rats_sgx_evidence_t *)malloc(sizeof(rats_sgx_evidence_t)); if (!evidence) { printf("ERROR: No memory to allocate.\n"); goto err; } int rats_err = librats_collect(&evidence_json, buffer); if (rats_err != 0) { printf("ERROR: Collect evidence failed, error code: %#x\n", rats_err); goto err; } if (librats_parse_evidence(evidence_json, evidence) != 0) { printf("ERROR: Parse evidence failed.\n"); goto err; } // You could use these parameters for further verification. hex_dump("Quote", evidence->quote, evidence->quote_size, 32); hex_dump("User Data", evidence->user_data, SGX_USER_DATA_SIZE, 32); hex_dump("MRENCLAVE", evidence->mr_enclave, SGX_MEASUREMENT_SIZE, 32); hex_dump("MRSIGNER", evidence->mr_signer, SGX_MEASUREMENT_SIZE, 32); printf("\n\tProduct ID:\t\t\t\t%u\n", evidence->product_id); printf("\tSecurity Version:\t\t\t%u\n", evidence->security_version); printf("\tAttributes.flags:\t\t\t%llu\n", evidence->att_flags); printf("\tAttributes.flags[INITTED]:\t\t%d\n", (evidence->att_flags & SGX_FLAGS_INITTED) != 0); printf("\tAttributes.flags[DEBUG]:\t\t%d\n", (evidence->att_flags & SGX_FLAGS_DEBUG) != 0); printf("\tAttributes.flags[MODE64BIT]:\t\t%d\n", (evidence->att_flags & SGX_FLAGS_MODE64BIT) != 0); printf("\tAttributes.flags[PROVISION_KEY]:\t%d\n", (evidence->att_flags & SGX_FLAGS_PROVISION_KEY) != 0); printf("\tAttributes.flags[EINITTOKEN_KEY]:\t%d\n", (evidence->att_flags & SGX_FLAGS_EINITTOKEN_KEY) != 0); printf("\tAttributes.flags[KSS]:\t\t\t%d\n", (evidence->att_flags & SGX_FLAGS_KSS) != 0); printf("\tAttributes.flags[AEX_NOTIFY]:\t\t%d\n", (evidence->att_flags & SGX_FLAGS_AEX_NOTIFY) != 0); printf("\tAttribute.xfrm:\t\t\t\t%llu\n", evidence->att_xfrm); rats_err = librats_verify((const char *)evidence_json, evidence->user_data); if (rats_err != 0) { printf("ERROR: Evidence is not trusted, error code: %#x.\n", rats_err); goto err; } ret_code = 0; printf("Evidence is trusted.\n"); err: if (evidence_json) { librats_dispose_evidence_json(evidence_json); } if (evidence) { free(evidence); } return ret_code; }