sgx_exception.hpp

1. #pragma once
2.  
3. #include <cstdio>
4. #include <exception>
5. #include <sgx_error.h>
6. #include <string>
7.  
8. #define CHECK_STATUS(status)                                 \
9.     while (status != SGX_SUCCESS) {                          \
10.         throw sgx_exception(__FUNCTION__, __LINE__, status); \
11.     }
12.  
13. using namespace std;
14.  
15. static const char* sgx_strerror(sgx_status_t status)
16. {
17.     switch (status) {
18.     case SGX_SUCCESS:
19.         return "Success";
20.  
21.     case SGX_ERROR_UNEXPECTED:
22.         return "Unexpected error";
23.     case SGX_ERROR_INVALID_PARAMETER:
24.         return "The parameter is incorrect";
25.     case SGX_ERROR_OUT_OF_MEMORY:
26.         return "Not enough memory is available to complete this operation";
27.     case SGX_ERROR_ENCLAVE_LOST:
28.         return "Enclave lost after power transition or used in child process created by linux:fork()";
29.     case SGX_ERROR_INVALID_STATE:
30.         return "SGX API is invoked in incorrect order or state";
31.     case SGX_ERROR_FEATURE_NOT_SUPPORTED:
32.         return "Feature is not supported on this platform";
33.  
34.     case SGX_ERROR_INVALID_FUNCTION:
35.         return "The ecall/ocall index is invalid";
36.     case SGX_ERROR_OUT_OF_TCS:
37.         return "The enclave is out of TCS";
38.     case SGX_ERROR_ENCLAVE_CRASHED:
39.         return "The enclave is crashed";
40.     case SGX_ERROR_ECALL_NOT_ALLOWED:
41.         return "The ECALL is not allowed at this time, e.g. ecall is blocked by the dynamic entry table, or nested ecall is not allowed during initialization";
42.     case SGX_ERROR_OCALL_NOT_ALLOWED:
43.         return "The OCALL is not allowed at this time, e.g. ocall is not allowed during exception handling";
44.     case SGX_ERROR_STACK_OVERRUN:
45.         return "The enclave is running out of stack";
46.  
47.     case SGX_ERROR_UNDEFINED_SYMBOL:
48.         return "The enclave image has undefined symbol.";
49.     case SGX_ERROR_INVALID_ENCLAVE:
50.         return "The enclave image is not correct.";
51.     case SGX_ERROR_INVALID_ENCLAVE_ID:
52.         return "The enclave id is invalid";
53.     case SGX_ERROR_INVALID_SIGNATURE:
54.         return "The signature is invalid";
55.     case SGX_ERROR_NDEBUG_ENCLAVE:
56.         return "The enclave is signed as product enclave, and can not be created as debuggable enclave.";
57.     case SGX_ERROR_OUT_OF_EPC:
58.         return "Not enough EPC is available to load the enclave";
59.     case SGX_ERROR_NO_DEVICE:
60.         return "Can't open SGX device";
61.     case SGX_ERROR_MEMORY_MAP_CONFLICT:
62.         return "Page mapping failed in driver";
63.     case SGX_ERROR_INVALID_METADATA:
64.         return "The metadata is incorrect.";
65.     case SGX_ERROR_DEVICE_BUSY:
66.         return "Device is busy, mostly EINIT failed.";
67.     case SGX_ERROR_INVALID_VERSION:
68.         return "Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform.";
69.     case SGX_ERROR_MODE_INCOMPATIBLE:
70.         return "The target enclave 32/64 bit mode or sim/hw mode is incompatible with the mode of current uRTS.";
71.     case SGX_ERROR_ENCLAVE_FILE_ACCESS:
72.         return "Can't open enclave file.";
73.     case SGX_ERROR_INVALID_MISC:
74.         return "The MiscSelct/MiscMask settings are not correct";
75.     case SGX_ERROR_INVALID_LAUNCH_TOKEN:
76.         return "The launch token is not correct";
77.  
78.     case SGX_ERROR_MAC_MISMATCH:
79.         return "Indicates verification error for reports, sealed datas, etc";
80.     case SGX_ERROR_INVALID_ATTRIBUTE:
81.         return "The enclave is not authorized";
82.     case SGX_ERROR_INVALID_CPUSVN:
83.         return "The cpu svn is beyond platform's cpu svn value";
84.     case SGX_ERROR_INVALID_ISVSVN:
85.         return "The isv svn is greater than the enclave's isv svn";
86.     case SGX_ERROR_INVALID_KEYNAME:
87.         return "The key name is an unsupported value";
88.  
89.     case SGX_ERROR_SERVICE_UNAVAILABLE:
90.         return "Indicates aesm didn't respond or the requested service is not supported";
91.     case SGX_ERROR_SERVICE_TIMEOUT:
92.         return "The request to aesm timed out";
93.     case SGX_ERROR_AE_INVALID_EPIDBLOB:
94.         return "Indicates epid blob verification error";
95.     case SGX_ERROR_SERVICE_INVALID_PRIVILEGE:
96.         return "Enclave has no privilege to get launch token";
97.     case SGX_ERROR_EPID_MEMBER_REVOKED:
98.         return "The EPID group membership is revoked.";
99.     case SGX_ERROR_UPDATE_NEEDED:
100.         return "SGX needs to be updated";
101.     case SGX_ERROR_NETWORK_FAILURE:
102.         return "Network connecting or proxy setting issue is encountered";
103.     case SGX_ERROR_AE_SESSION_INVALID:
104.         return "Session is invalid or ended by server";
105.     case SGX_ERROR_BUSY:
106.         return "The requested service is temporarily not availabe";
107.     case SGX_ERROR_MC_NOT_FOUND:
108.         return "The Monotonic Counter doesn't exist or has been invalided";
109.     case SGX_ERROR_MC_NO_ACCESS_RIGHT:
110.         return "Caller doesn't have the access right to specified VMC";
111.     case SGX_ERROR_MC_USED_UP:
112.         return "Monotonic counters are used out";
113.     case SGX_ERROR_MC_OVER_QUOTA:
114.         return "Monotonic counters exceeds quota limitation";
115.     case SGX_ERROR_KDF_MISMATCH:
116.         return "Key derivation function doesn't match during key exchange";
117.     case SGX_ERROR_UNRECOGNIZED_PLATFORM:
118.         return "EPID Provisioning failed due to platform not recognized by backend serve";
119.     case SGX_ERROR_UNSUPPORTED_CONFIG:
120.         return "The config for trigging EPID Provisiong or PSE Provisiong&LTP is invali";
121.  
122.     case SGX_ERROR_NO_PRIVILEGE:
123.         return "Not enough privilege to perform the operation";
124.  
125.     case SGX_ERROR_PCL_ENCRYPTED:
126.         return "trying to encrypt an already encrypted enclave";
127.     case SGX_ERROR_PCL_NOT_ENCRYPTED:
128.         return "trying to load a plain enclave using sgx_create_encrypted_enclave";
129.     case SGX_ERROR_PCL_MAC_MISMATCH:
130.         return "section mac result does not match build time mac";
131.     case SGX_ERROR_PCL_SHA_MISMATCH:
132.         return "Unsealed key MAC does not match MAC of key hardcoded in enclave binary";
133.     case SGX_ERROR_PCL_GUID_MISMATCH:
134.         return "GUID in sealed blob does not match GUID hardcoded in enclave binary";
135.  
136.     case SGX_ERROR_FILE_BAD_STATUS:
137.         return "The file is in bad status, run sgx_clearerr to try and fix it";
138.     case SGX_ERROR_FILE_NO_KEY_ID:
139.         return "The Key ID field is all zeros, can't re-generate the encryption key";
140.     case SGX_ERROR_FILE_NAME_MISMATCH:
141.         return "The current file name is different then the original file name (not allowed, substitution attack)";
142.     case SGX_ERROR_FILE_NOT_SGX_FILE:
143.         return "The file is not an SGX file";
144.     case SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE:
145.         return "A recovery file can't be opened, so flush operation can't continue (only used when no EXXX is returned) ";
146.     case SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE:
147.         return "A recovery file can't be written, so flush operation can't continue (only used when no EXXX is returned) ";
148.     case SGX_ERROR_FILE_RECOVERY_NEEDED:
149.         return "When openeing the file, recovery is needed, but the recovery process failed";
150.     case SGX_ERROR_FILE_FLUSH_FAILED:
151.         return "fflush operation (to disk) failed (only used when no EXXX is returned)";
152.     case SGX_ERROR_FILE_CLOSE_FAILED:
153.         return "fclose operation (to disk) failed (only used when no EXXX is returned)";
154.  
155.     case SGX_ERROR_UNSUPPORTED_ATT_KEY_ID:
156.         return "platform quoting infrastructure does not support the key";
157.     case SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE:
158.         return "Failed to generate and certify the attestation key";
159.     case SGX_ERROR_ATT_KEY_UNINITIALIZED:
160.         return "The platform quoting infrastructure does not have the attestation key available to generate quote";
161.     case SGX_ERROR_INVALID_ATT_KEY_CERT_DATA:
162.         return "The data returned by the platform library's sgx_get_quote_config() is invalid";
163.     case SGX_ERROR_PLATFORM_CERT_UNAVAILABLE:
164.         return "The PCK Cert for the platform is not available";
165.  
166.     case SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED:
167.         return "The ioctl for enclave_create unexpectedly failed with EINTR. ";
168.     default:
169.         return "Unknown SGX status";
170.     }
171. }
172.  
173. class sgx_exception : public exception {
174.     char buffer[BUFSIZ];
175.  
176. public:
177.     sgx_exception(const char* where, unsigned line, sgx_status_t status)
178.     {
179.         snprintf(buffer, BUFSIZ, "%s:%u (%04x) %s", where, line, status, sgx_strerror(status));
180.     }
181.  
182.     const char* what() const noexcept override
183.     {
184.         return buffer;
185.     }
186. };