· 5 years ago · May 26, 2020, 10:30 AM
1#pragma once
2
3#include <cstdio>
4#include <exception>
5#include <sgx_error.h>
6#include <string>
7
8#define CHECK_STATUS(status) \
9 while (status != SGX_SUCCESS) { \
10 throw sgx_exception(__FUNCTION__, __LINE__, status); \
11 }
12
13using namespace std;
14
15static const char* sgx_strerror(sgx_status_t status)
16{
17 switch (status) {
18 case SGX_SUCCESS:
19 return "Success";
20
21 case SGX_ERROR_UNEXPECTED:
22 return "Unexpected error";
23 case SGX_ERROR_INVALID_PARAMETER:
24 return "The parameter is incorrect";
25 case SGX_ERROR_OUT_OF_MEMORY:
26 return "Not enough memory is available to complete this operation";
27 case SGX_ERROR_ENCLAVE_LOST:
28 return "Enclave lost after power transition or used in child process created by linux:fork()";
29 case SGX_ERROR_INVALID_STATE:
30 return "SGX API is invoked in incorrect order or state";
31 case SGX_ERROR_FEATURE_NOT_SUPPORTED:
32 return "Feature is not supported on this platform";
33
34 case SGX_ERROR_INVALID_FUNCTION:
35 return "The ecall/ocall index is invalid";
36 case SGX_ERROR_OUT_OF_TCS:
37 return "The enclave is out of TCS";
38 case SGX_ERROR_ENCLAVE_CRASHED:
39 return "The enclave is crashed";
40 case SGX_ERROR_ECALL_NOT_ALLOWED:
41 return "The ECALL is not allowed at this time, e.g. ecall is blocked by the dynamic entry table, or nested ecall is not allowed during initialization";
42 case SGX_ERROR_OCALL_NOT_ALLOWED:
43 return "The OCALL is not allowed at this time, e.g. ocall is not allowed during exception handling";
44 case SGX_ERROR_STACK_OVERRUN:
45 return "The enclave is running out of stack";
46
47 case SGX_ERROR_UNDEFINED_SYMBOL:
48 return "The enclave image has undefined symbol.";
49 case SGX_ERROR_INVALID_ENCLAVE:
50 return "The enclave image is not correct.";
51 case SGX_ERROR_INVALID_ENCLAVE_ID:
52 return "The enclave id is invalid";
53 case SGX_ERROR_INVALID_SIGNATURE:
54 return "The signature is invalid";
55 case SGX_ERROR_NDEBUG_ENCLAVE:
56 return "The enclave is signed as product enclave, and can not be created as debuggable enclave.";
57 case SGX_ERROR_OUT_OF_EPC:
58 return "Not enough EPC is available to load the enclave";
59 case SGX_ERROR_NO_DEVICE:
60 return "Can't open SGX device";
61 case SGX_ERROR_MEMORY_MAP_CONFLICT:
62 return "Page mapping failed in driver";
63 case SGX_ERROR_INVALID_METADATA:
64 return "The metadata is incorrect.";
65 case SGX_ERROR_DEVICE_BUSY:
66 return "Device is busy, mostly EINIT failed.";
67 case SGX_ERROR_INVALID_VERSION:
68 return "Metadata version is inconsistent between uRTS and sgx_sign or uRTS is incompatible with current platform.";
69 case SGX_ERROR_MODE_INCOMPATIBLE:
70 return "The target enclave 32/64 bit mode or sim/hw mode is incompatible with the mode of current uRTS.";
71 case SGX_ERROR_ENCLAVE_FILE_ACCESS:
72 return "Can't open enclave file.";
73 case SGX_ERROR_INVALID_MISC:
74 return "The MiscSelct/MiscMask settings are not correct";
75 case SGX_ERROR_INVALID_LAUNCH_TOKEN:
76 return "The launch token is not correct";
77
78 case SGX_ERROR_MAC_MISMATCH:
79 return "Indicates verification error for reports, sealed datas, etc";
80 case SGX_ERROR_INVALID_ATTRIBUTE:
81 return "The enclave is not authorized";
82 case SGX_ERROR_INVALID_CPUSVN:
83 return "The cpu svn is beyond platform's cpu svn value";
84 case SGX_ERROR_INVALID_ISVSVN:
85 return "The isv svn is greater than the enclave's isv svn";
86 case SGX_ERROR_INVALID_KEYNAME:
87 return "The key name is an unsupported value";
88
89 case SGX_ERROR_SERVICE_UNAVAILABLE:
90 return "Indicates aesm didn't respond or the requested service is not supported";
91 case SGX_ERROR_SERVICE_TIMEOUT:
92 return "The request to aesm timed out";
93 case SGX_ERROR_AE_INVALID_EPIDBLOB:
94 return "Indicates epid blob verification error";
95 case SGX_ERROR_SERVICE_INVALID_PRIVILEGE:
96 return "Enclave has no privilege to get launch token";
97 case SGX_ERROR_EPID_MEMBER_REVOKED:
98 return "The EPID group membership is revoked.";
99 case SGX_ERROR_UPDATE_NEEDED:
100 return "SGX needs to be updated";
101 case SGX_ERROR_NETWORK_FAILURE:
102 return "Network connecting or proxy setting issue is encountered";
103 case SGX_ERROR_AE_SESSION_INVALID:
104 return "Session is invalid or ended by server";
105 case SGX_ERROR_BUSY:
106 return "The requested service is temporarily not availabe";
107 case SGX_ERROR_MC_NOT_FOUND:
108 return "The Monotonic Counter doesn't exist or has been invalided";
109 case SGX_ERROR_MC_NO_ACCESS_RIGHT:
110 return "Caller doesn't have the access right to specified VMC";
111 case SGX_ERROR_MC_USED_UP:
112 return "Monotonic counters are used out";
113 case SGX_ERROR_MC_OVER_QUOTA:
114 return "Monotonic counters exceeds quota limitation";
115 case SGX_ERROR_KDF_MISMATCH:
116 return "Key derivation function doesn't match during key exchange";
117 case SGX_ERROR_UNRECOGNIZED_PLATFORM:
118 return "EPID Provisioning failed due to platform not recognized by backend serve";
119 case SGX_ERROR_UNSUPPORTED_CONFIG:
120 return "The config for trigging EPID Provisiong or PSE Provisiong<P is invali";
121
122 case SGX_ERROR_NO_PRIVILEGE:
123 return "Not enough privilege to perform the operation";
124
125 case SGX_ERROR_PCL_ENCRYPTED:
126 return "trying to encrypt an already encrypted enclave";
127 case SGX_ERROR_PCL_NOT_ENCRYPTED:
128 return "trying to load a plain enclave using sgx_create_encrypted_enclave";
129 case SGX_ERROR_PCL_MAC_MISMATCH:
130 return "section mac result does not match build time mac";
131 case SGX_ERROR_PCL_SHA_MISMATCH:
132 return "Unsealed key MAC does not match MAC of key hardcoded in enclave binary";
133 case SGX_ERROR_PCL_GUID_MISMATCH:
134 return "GUID in sealed blob does not match GUID hardcoded in enclave binary";
135
136 case SGX_ERROR_FILE_BAD_STATUS:
137 return "The file is in bad status, run sgx_clearerr to try and fix it";
138 case SGX_ERROR_FILE_NO_KEY_ID:
139 return "The Key ID field is all zeros, can't re-generate the encryption key";
140 case SGX_ERROR_FILE_NAME_MISMATCH:
141 return "The current file name is different then the original file name (not allowed, substitution attack)";
142 case SGX_ERROR_FILE_NOT_SGX_FILE:
143 return "The file is not an SGX file";
144 case SGX_ERROR_FILE_CANT_OPEN_RECOVERY_FILE:
145 return "A recovery file can't be opened, so flush operation can't continue (only used when no EXXX is returned) ";
146 case SGX_ERROR_FILE_CANT_WRITE_RECOVERY_FILE:
147 return "A recovery file can't be written, so flush operation can't continue (only used when no EXXX is returned) ";
148 case SGX_ERROR_FILE_RECOVERY_NEEDED:
149 return "When openeing the file, recovery is needed, but the recovery process failed";
150 case SGX_ERROR_FILE_FLUSH_FAILED:
151 return "fflush operation (to disk) failed (only used when no EXXX is returned)";
152 case SGX_ERROR_FILE_CLOSE_FAILED:
153 return "fclose operation (to disk) failed (only used when no EXXX is returned)";
154
155 case SGX_ERROR_UNSUPPORTED_ATT_KEY_ID:
156 return "platform quoting infrastructure does not support the key";
157 case SGX_ERROR_ATT_KEY_CERTIFICATION_FAILURE:
158 return "Failed to generate and certify the attestation key";
159 case SGX_ERROR_ATT_KEY_UNINITIALIZED:
160 return "The platform quoting infrastructure does not have the attestation key available to generate quote";
161 case SGX_ERROR_INVALID_ATT_KEY_CERT_DATA:
162 return "The data returned by the platform library's sgx_get_quote_config() is invalid";
163 case SGX_ERROR_PLATFORM_CERT_UNAVAILABLE:
164 return "The PCK Cert for the platform is not available";
165
166 case SGX_INTERNAL_ERROR_ENCLAVE_CREATE_INTERRUPTED:
167 return "The ioctl for enclave_create unexpectedly failed with EINTR. ";
168 default:
169 return "Unknown SGX status";
170 }
171}
172
173class sgx_exception : public exception {
174 char buffer[BUFSIZ];
175
176public:
177 sgx_exception(const char* where, unsigned line, sgx_status_t status)
178 {
179 snprintf(buffer, BUFSIZ, "%s:%u (%04x) %s", where, line, status, sgx_strerror(status));
180 }
181
182 const char* what() const noexcept override
183 {
184 return buffer;
185 }
186};