public async Task RunAsync()
{
// Fetch file
var enclaveInfo = EnclaveInfo.CreateFromFile(this.fileName);
// Send to service for attestation
var maaService = new MaaService(this.attestDnsName);
var serviceJwtToken = await maaService.AttestOpenEnclaveAsync(enclaveInfo.GetMaaBody());
// Dump JWT only?
if (this.dumpJWTOnly)
{
var jwtBody = JoseHelper.ExtractJosePart(serviceJwtToken, 1);
Console.WriteLine($"{jwtBody.ToString()}");
Directory.CreateDirectory("./maa-jwt");
File.WriteAllText($"./maa-jwt/{DateTime.Now.Ticks}.json", jwtBody.ToString());
}
else
{
// Analyze results
Logger.WriteBanner("VALIDATING MAA JWT TOKEN - BASICS");
JwtValidationHelper.ValidateMaaJwt(attestDnsName, serviceJwtToken, this.includeDetails);
Logger.WriteBanner("VALIDATING MAA JWT TOKEN - MATCHES CLIENT ENCLAVE INFO");
enclaveInfo.CompareToMaaServiceJwtToken(serviceJwtToken, this.includeDetails);
}
Logger.WriteLine("\n\n");
}
public void CompareToMaaServiceJwtToken(string serviceJwtToken, bool includeDetails)
{
var jwtBody = JoseHelper.ExtractJosePart(serviceJwtToken, 1);
//if (includeDetails)
//{
// Logger.WriteLine("");
// Logger.WriteLine("Claims in MAA Service JWT Token");
// Logger.WriteLine($"{jwtBody.ToString()}");
// Logger.WriteLine("");
//}
var isDebuggable = (Attributes & 2) != 0;
// In SGX DEBUG flag is equal to 0x0000000000000002ULL
// See https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_attributes.h#L39
var isd = jwtBody["is-debuggable"];
var isdpassed = isDebuggable == (bool)isd;
Logger.WriteLine($"IsDebuggable match : {isdpassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {isDebuggable}");
Logger.WriteLine($" MAA service: {isd}");
}
var mre = jwtBody["sgx-mrenclave"];
var mrepassed = MrEnclaveHex.ToLower().Equals((string)mre);
Logger.WriteLine($"MRENCLAVE match : {mrepassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {MrEnclaveHex.ToLower()}");
Logger.WriteLine($" MAA service: {mre}");
}
var mrs = jwtBody["sgx-mrsigner"];
var mrspassed = MrSignerHex.ToLower().Equals(((string)mrs).ToLower());
Logger.WriteLine($"MRSIGNER match : {mrspassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {MrSignerHex.ToLower()}");
Logger.WriteLine($" MAA service: {mrs}");
}
var pid = jwtBody["product-id"];
var pidpassed = BitConverter.ToUInt64(HexHelper.ConvertHexToByteArray(ProductIdHex), 0) == (ulong)pid;
Logger.WriteLine($"ProductID match : {pidpassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {BitConverter.ToUInt64(HexHelper.ConvertHexToByteArray(ProductIdHex), 0)}");
Logger.WriteLine($" MAA service: {pid}");
}
var svn = jwtBody["svn"];
var svnPassed = SecurityVersion == (uint)svn;
Logger.WriteLine($"Security Version match : {svnPassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {SecurityVersion}");
Logger.WriteLine($" MAA service: {svn}");
}
var ehd = jwtBody["maa-ehd"];
var ehdPassed = HexHelper.ConvertHexToBase64Url(EnclaveHeldDataHex).Equals((string)ehd);
Logger.WriteLine($"Enclave Held Data match : {ehdPassed}");
if (includeDetails)
{
Logger.WriteLine(17, 100, " We think : ", HexHelper.ConvertHexToBase64Url(EnclaveHeldDataHex));
Logger.WriteLine(17, 100, " MAA service: ", ehd.ToString());
}
Logger.WriteLine("");
}
public void CompareToMaaServiceJwtToken(string serviceJwtToken, bool includeDetails)
{
var jwtBody = JoseHelper.ExtractJosePart(serviceJwtToken, 1);
//if (includeDetails)
//{
// Logger.WriteLine("");
// Logger.WriteLine("Claims in MAA Service JWT Token");
// Logger.WriteLine($"{jwtBody.ToString()}");
// Logger.WriteLine("");
//}
var isDebuggable = (Attributes & 1) == 1;
var isd = jwtBody["is-debuggable"];
var isdpassed = isDebuggable == (bool)isd;
Logger.WriteLine($"IsDebuggable match : {isdpassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {isDebuggable}");
Logger.WriteLine($" MAA service: {isd}");
}
var mre = jwtBody["sgx-mrenclave"];
var mrepassed = MrEnclaveHex.ToLower().Equals((string)mre);
Logger.WriteLine($"MRENCLAVE match : {mrepassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {MrEnclaveHex.ToLower()}");
Logger.WriteLine($" MAA service: {mre}");
}
var mrs = jwtBody["sgx-mrsigner"];
var mrspassed = MrSignerHex.ToLower().Equals(((string)mrs).ToLower());
Logger.WriteLine($"MRSIGNER match : {mrspassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {MrSignerHex.ToLower()}");
Logger.WriteLine($" MAA service: {mrs}");
}
var pid = jwtBody["product-id"];
var pidpassed = BitConverter.ToUInt64(HexHelper.ConvertHexToByteArray(ProductIdHex), 0) == (ulong)pid;
Logger.WriteLine($"ProductID match : {pidpassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {BitConverter.ToUInt64(HexHelper.ConvertHexToByteArray(ProductIdHex), 0)}");
Logger.WriteLine($" MAA service: {pid}");
}
var svn = jwtBody["svn"];
var svnPassed = SecurityVersion == (uint)svn;
Logger.WriteLine($"Security Version match : {svnPassed}");
if (includeDetails)
{
Logger.WriteLine($" We think : {SecurityVersion}");
Logger.WriteLine($" MAA service: {svn}");
}
var ehd = jwtBody["maa-ehd"];
var ehdPassed = HexHelper.ConvertHexToBase64Url(EnclaveHeldDataHex).Equals((string)ehd);
Logger.WriteLine($"Enclave Held Data match : {ehdPassed}");
if (includeDetails)
{
Logger.WriteLine(17, 124, " We think : ", EnclaveHeldDataHex);
Logger.WriteLine(17, 124, " MAA service: ", BitConverter.ToString(Base64Url.DecodeBytes(ehd.ToString())).Replace("-", ""));
}
Logger.WriteLine("");
}