SGX Remote Attestation Analysis

isv_enclave/isv_enclave.edl

isv_enclave.edl import sgx_tkey_exchange.edl.

enclave {
    from "sgx_tkey_exchange.edl" import *;

    include "sgx_key_exchange.h"
    include "sgx_trts.h"

    trusted {
        public sgx_status_t enclave_init_ra(int b_pse,
                                            [out] sgx_ra_context_t *p_context);
        public sgx_status_t enclave_ra_close(sgx_ra_context_t context);
        public sgx_status_t verify_att_result_mac(sgx_ra_context_t context,
                                                  [in,size=message_size] uint8_t* message, 
                                                  size_t message_size, 
                                                  [in,size=mac_size] uint8_t* mac, 
                                                  size_t mac_size);
        public sgx_status_t put_secret_data(sgx_ra_context_t context,  
                                            [in,size=secret_size] uint8_t* p_secret,
                                            uint32_t secret_size,
                                            [in,count=16] uint8_t* gcm_mac);
    };

};

sgx_tkey_exchange.edl

enclave {
    from "sgx_tae_service.edl" import *;
    trusted {
        public sgx_status_t sgx_ra_get_ga(sgx_ra_context_t context,
            [out] sgx_ec256_public_t *g_a);

        public sgx_status_t sgx_ra_proc_msg2_trusted(sgx_ra_context_t context,
            [in]const sgx_ra_msg2_t *p_msg2, /*copy msg2 except quote into enclave */
            [in] const sgx_target_info_t *p_qe_target,
            [out] sgx_report_t *p_report,
            [out] sgx_quote_nonce_t *p_nonce);

        public sgx_status_t sgx_ra_get_msg3_trusted(sgx_ra_context_t context,
            uint32_t quote_size,
            [in]sgx_report_t* qe_report,
            [user_check]sgx_ra_msg3_t *p_msg3,
            uint32_t msg3_size);
    };
};

##sgx_tae_service.edl

enclave{
    from "sgx_tstdc.edl" import *;
    untrusted {
        sgx_status_t create_session_ocall([out] uint32_t* sid,
                                 [size = dh_msg1_size, out] uint8_t* dh_msg1,
                                 uint32_t dh_msg1_size,
                                 uint32_t timeout);

        sgx_status_t exchange_report_ocall(uint32_t sid,
                                 [size = dh_msg2_size, in] uint8_t* dh_msg2, uint32_t dh_msg2_size,
                                 [size = dh_msg3_size, out] uint8_t* dh_msg3, uint32_t dh_msg3_size,
                                 uint32_t timeout);

        sgx_status_t close_session_ocall(uint32_t sid, uint32_t timeout);

        sgx_status_t invoke_service_ocall([size = pse_message_req_size, in] uint8_t* pse_message_req,
                                 uint32_t pse_message_req_size,
                                 [size = pse_message_resp_size, out] uint8_t* pse_message_resp, uint32_t pse_message_resp_size,
                                 uint32_t timeout);
   };
};

sgx_tstdc.edl

enclave {
    untrusted {
        [cdecl] void sgx_oc_cpuidex([out] int cpuinfo[4], int leaf, int subleaf);
        
        /* Go outside and wait on my untrusted event */
        [cdecl] int sgx_thread_wait_untrusted_event_ocall([user_check] const void *self);

        /* Wake a thread waiting on its untrusted event */
        [cdecl] int sgx_thread_set_untrusted_event_ocall([user_check] const void *waiter);

        /* Wake a thread waiting on its untrusted event, and wait on my untrusted event */
        [cdecl] int sgx_thread_setwait_untrusted_events_ocall([user_check] const void *waiter, [user_check] const void *self);

        /* Wake multiple threads waiting on their untrusted events */
        [cdecl] int sgx_thread_set_multiple_untrusted_events_ocall([in, count = total] const void **waiters, size_t total);
    };
};