SHARE
TWEET

sgx_exception.hpp

Taraxacum May 26th, 2020 703 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #pragma once
  2.  
  3. #include <cstdio>
  4. #include <exception>
  5. #include <sgx_error.h>
  6. #include <string>
  7.  
  8. #define CHECK_STATUS(status)                                 \
  9.     while (status != SGX_SUCCESS) {                          \
  10.         throw sgx_exception(__FUNCTION__, __LINE__, status); \
  11.     }
  12.  
  13. using namespace std;
  14.  
  15. static const char* sgx_strerror(sgx_status_t status)
  16. {
  17.     switch (status) {
  18.     case SGX_SUCCESS:
  19.         return "Success";
  20.  
  21.     case SGX_ERROR_UNEXPECTED:
  22.         return "Unexpected error";
  23.     case SGX_ERROR_INVALID_PARAMETER:
  24.         return "The parameter is incorrect";
  25.     case SGX_ERROR_OUT_OF_MEMORY:
  26.         return "Not enough memory is available to complete this operation";
  27.     case SGX_ERROR_ENCLAVE_LOST:
  28.         return "Enclave lost after power transition or used in child process created by linux:fork()";
  29.     case SGX_ERROR_INVALID_STATE:
  30.         return "SGX API is invoked in incorrect order or state";
  31.     case SGX_ERROR_FEATURE_NOT_SUPPORTED:
  32.         return "Feature is not supported on this platform";
  33.  
  34.     case SGX_ERROR_INVALID_FUNCTION:
  35.         return "The ecall/ocall index is invalid";
  36.     case SGX_ERROR_OUT_OF_TCS:
  37.         return "The enclave is out of TCS";
  38.     case SGX_ERROR_ENCLAVE_CRASHED:
  39.         return "The enclave is crashed";
  40.     case SGX_ERROR_ECALL_NOT_ALLOWED:
  41.         return "The ECALL is not allowed at this time, e.g. ecall is blocked by the dynamic entry table, or nested ecall is not allowed during initialization";
  42.     case SGX_ERROR_OCALL_NOT_ALLOWED:
  43.         return "The OCALL is not allowed at this time, e.g. ocall is not allowed during exception handling";
  44.     case SGX_ERROR_STACK_OVERRUN:
  45.         return "The enclave is running out of stack";
  46.  
  47.     case SGX_ERROR_UNDEFINED_SYMBOL:
  48.         return "The enclave image has undefined symbol.";
  49.     case SGX_ERROR_INVALID_ENCLAVE:
  50.         return "The enclave image is not correct.";
  51.     case SGX_ERROR_INVALID_ENCLAVE_ID:
  52.         return "The enclave id is invalid";
  53.     case SGX_ERROR_INVALID_SIGNATURE:
  54.         return "The signature is invalid";
  55.     case SGX_ERROR_NDEBUG_ENCLAVE:
  56.         return "The enclave is signed as product enclave, and can not be created as debuggable enclave.";
  57.     case SGX_ERROR_OUT_OF_EPC:
  58.         return "Not enough EPC is available to load the enclave";
  59.     case SGX_ERROR_NO_DEVICE:
  60.         return "Can't open SGX device";
  61.     case SGX_ERROR_MEMORY_MAP_CONFLICT:
  62.         return "Page mapping failed in driver";
  63.     case SGX_ERROR_INVALID_METADATA:
  64.         return "The metadata is incorrect.";
  65.     case SGX_ERROR_DEVICE_BUSY:
  66.         return "Device is busy, mostly EINIT failed.";
  67.     case SGX_ERROR_INVALID_VERSION:
  68.         return "Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform.";
  69.     case SGX_ERROR_MODE_INCOMPATIBLE:
  70.         return "The target enclave 32/64 bit mode or sim/hw mode is incompatible with the mode of current uRTS.";
  71.     case SGX_ERROR_ENCLAVE_FILE_ACCESS:
  72.         return "Can't open enclave file.";
  73.     case SGX_ERROR_INVALID_MISC:
  74.         return "The MiscSelct/MiscMask settings are not correct";
  75.     case SGX_ERROR_INVALID_LAUNCH_TOKEN:
  76.         return "The launch token is not correct";
  77.  
  78.     case SGX_ERROR_MAC_MISMATCH:
  79.         return "Indicates verification error for reports, sealed datas, etc";
  80.     case SGX_ERROR_INVALID_ATTRIBUTE:
  81.         return "The enclave is not authorized";
  82.     case SGX_ERROR_INVALID_CPUSVN:
  83.         return "The cpu svn is beyond platform's cpu svn value";
  84.     case SGX_ERROR_INVALID_ISVSVN:
  85.         return "The isv svn is greater than the enclave's isv svn";
  86.     case SGX_ERROR_INVALID_KEYNAME:
  87.         return "The key name is an unsupported value";
  88.  
  89.     case SGX_ERROR_SERVICE_UNAVAILABLE:
  90.         return "Indicates aesm didn't respond or the requested service is not supported";
  91.     case SGX_ERROR_SERVICE_TIMEOUT:
  92.         return "The request to aesm timed out";
  93.     case SGX_ERROR_AE_INVALID_EPIDBLOB:
  94.         return "Indicates epid blob verification error";
  95.     case SGX_ERROR_SERVICE_INVALID_PRIVILEGE:
  96.         return "Enclave has no privilege to get launch token";
  97.     case SGX_ERROR_EPID_MEMBER_REVOKED:
  98.         return "The EPID group membership is revoked.";
  99.     case SGX_ERROR_UPDATE_NEEDED:
  100.         return "SGX needs to be updated";
  101.     case SGX_ERROR_NETWORK_FAILURE:
  102.         return "Network connecting or proxy setting issue is encountered";
  103.     case SGX_ERROR_AE_SESSION_INVALID:
  104.         return "Session is invalid or ended by server";
  105.     case SGX_ERROR_BUSY:
  106.         return "The requested service is temporarily not availabe";
  107.     case SGX_ERROR_MC_NOT_FOUND:
  108.         return "The Monotonic Counter doesn't exist or has been invalided";
  109.     case SGX_ERROR_MC_NO_ACCESS_RIGHT:
  110.         return "Caller doesn't have the access right to specified VMC";
  111.     case SGX_ERROR_MC_USED_UP:
  112.         return "Monotonic counters are used out";
  113.     case SGX_ERROR_MC_OVER_QUOTA:
  114.         return "Monotonic counters exceeds quota limitation";
  115.     case SGX_ERROR_KDF_MISMATCH:
  116.         return "Key derivation function doesn't match during key exchange";
  117.     case SGX_ERROR_UNRECOGNIZED_PLATFORM:
  118.         return "EPID Provisioning failed due to platform not recognized by backend serve";
  119.     case SGX_ERROR_UNSUPPORTED_CONFIG:
  120.         return "The config for trigging EPID Provisiong or PSE Provisiong&LTP is invali";
  121.  
  122.     case SGX_ERROR_NO_PRIVILEGE:
  123.         return "Not enough privilege to perform the operation";
  124.  
  125.     case SGX_ERROR_PCL_ENCRYPTED:
  126.         return "trying to encrypt an already encrypted enclave";
  127.     case SGX_ERROR_PCL_NOT_ENCRYPTED:
  128.         return "trying to load a plain enclave using sgx_create_encrypted_enclave";
  129.     case SGX_ERROR_PCL_MAC_MISMATCH:
  130.         return "section mac result does not match build time mac";
  131.     case SGX_ERROR_PCL_SHA_MISMATCH:
  132.         return "Unsealed key MAC does not match MAC of key hardcoded in enclave binary";
  133.     case SGX_ERROR_PCL_GUID_MISMATCH:
  134.         return "GUID in sealed blob does not match GUID hardcoded in enclave binary";
  135.  
  136.     case SGX_ERROR_FILE_BAD_STATUS:
  137.         return "The file is in bad status, run sgx_clearerr to try and fix it";
  138.     case SGX_ERROR_FILE_NO_KEY_ID:
  139.         return "The Key ID field is all zeros, can't re-generate the encryption key";
  140.     case SGX_ERROR_FILE_NAME_MISMATCH:
  141.         return "The current file name is different then the original file name (not allowed, substitution attack)";
  142.     case SGX_ERROR_FILE_NOT_SGX_FILE:
  143.         return "The file is not an SGX file";
  144.     case SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE:
  145.         return "A recovery file can't be opened, so flush operation can't continue (only used when no EXXX is returned) ";
  146.     case SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE:
  147.         return "A recovery file can't be written, so flush operation can't continue (only used when no EXXX is returned) ";
  148.     case SGX_ERROR_FILE_RECOVERY_NEEDED:
  149.         return "When openeing the file, recovery is needed, but the recovery process failed";
  150.     case SGX_ERROR_FILE_FLUSH_FAILED:
  151.         return "fflush operation (to disk) failed (only used when no EXXX is returned)";
  152.     case SGX_ERROR_FILE_CLOSE_FAILED:
  153.         return "fclose operation (to disk) failed (only used when no EXXX is returned)";
  154.  
  155.     case SGX_ERROR_UNSUPPORTED_ATT_KEY_ID:
  156.         return "platform quoting infrastructure does not support the key";
  157.     case SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE:
  158.         return "Failed to generate and certify the attestation key";
  159.     case SGX_ERROR_ATT_KEY_UNINITIALIZED:
  160.         return "The platform quoting infrastructure does not have the attestation key available to generate quote";
  161.     case SGX_ERROR_INVALID_ATT_KEY_CERT_DATA:
  162.         return "The data returned by the platform library's sgx_get_quote_config() is invalid";
  163.     case SGX_ERROR_PLATFORM_CERT_UNAVAILABLE:
  164.         return "The PCK Cert for the platform is not available";
  165.  
  166.     case SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED:
  167.         return "The ioctl for enclave_create unexpectedly failed with EINTR. ";
  168.     default:
  169.         return "Unknown SGX status";
  170.     }
  171. }
  172.  
  173. class sgx_exception : public exception {
  174.     char buffer[BUFSIZ];
  175.  
  176. public:
  177.     sgx_exception(const char* where, unsigned line, sgx_status_t status)
  178.     {
  179.         snprintf(buffer, BUFSIZ, "%s:%u (%04x) %s", where, line, status, sgx_strerror(status));
  180.     }
  181.  
  182.     const char* what() const noexcept override
  183.     {
  184.         return buffer;
  185.     }
  186. };
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top