Storage servers provide first epoch token bundles to clients when they authenticate. (Currently without using epoch no in token computation)

App/appconfig.cpp

@@ -126,6 +126,9 @@ bool config_parse(Config &config, const std::string configstr,
                     } else if (!nentry.first.compare("clisten")) {
                         ret &= split_host_port(nc.clistenhost, nc.clistenport,
                             nentry.second.get_value<std::string>());
+                    } else if (!nentry.first.compare("slisten")) {
+                        ret &= split_host_port(nc.slistenhost, nc.slistenport,
+                            nentry.second.get_value<std::string>());
                     } else {
                         std::cerr << "Unknown field in host config: " <<
                             nentry.first << "\n";

App/appconfig.hpp

@@ -16,6 +16,7 @@ struct NodeConfig {
     sgx_ec256_public_t pubkey;
     std::string listenhost, listenport;
     std::string clistenhost, clistenport;
+    std::string slistenhost, slistenport;
     uint8_t weight;
     uint8_t roles;
 };

App/mkconfig.py

@@ -47,7 +47,7 @@ def create_json(manifestfile, pubkeysfile, nodelist, params_override):
         nodeconf['pubkey'] = pubkeys[node]
         nodeconf['listen'] = m['listen']
         # Optional fields
-        for f in ['clisten', 'weight', 'roles']:
+        for f in ['clisten', 'slisten', 'weight', 'roles']:
             if f in m:
                 nodeconf[f] = m[f]
         config['nodes'].append(nodeconf)

App/net.cpp

@@ -12,6 +12,9 @@
 
 #define VERBOSE_NET
 // #define DEBUG_NET_CLIENTS
+
+#define CEILDIV(x,y) (((x)+(y)-1)/(y))
+
 NetIO *g_netio = NULL;
 
 NodeIO::NodeIO(tcp::socket &&socket, nodenum_t nodenum) :
@@ -176,7 +179,7 @@ void NodeIO::recv_commands(
     Receive clients dropped off messages, i.e. a CLIENT_MESSAGE_BUNDLE
 */
 
-void NetIO::receive_msgbundle(tcp::socket* csocket, clientid_t c_simid)
+void NetIO::ing_receive_msgbundle(tcp::socket* csocket, clientid_t c_simid)
 {
     unsigned char *msgbundle = (unsigned char*) malloc(msgbundle_size);
 
@@ -199,16 +202,16 @@ void NetIO::receive_msgbundle(tcp::socket* csocket, clientid_t c_simid)
         free(msgbundle);
 
         // Continue to async receive client message bundles
-        receive_msgbundle(csocket, c_simid);
+        ing_receive_msgbundle(csocket, c_simid);
     });
 }
 
 /*
     Handle new client connections.
-    New clients always send a CLIENT_AUTHENTICATE message, and then followed
-    by their CLIENT_MESSAGE_BUNDLE every epoch.
+    New clients always send an authentication message.
+    For ingestion this is then followed by their msg_bundles every epoch.
 */
-void NetIO::authenticate_new_client(tcp::socket* csocket,
+void NetIO::ing_authenticate_new_client(tcp::socket* csocket,
     const boost::system::error_code& error)
 {
     if(error) {
@@ -242,29 +245,122 @@ void NetIO::authenticate_new_client(tcp::socket* csocket,
             // Receive client message bundles on this socket
             // for client sim_id c_simid
             if(ret) {
-                receive_msgbundle(csocket, c_simid);
+                ing_receive_msgbundle(csocket, c_simid);
             } else{
                 delete(csocket);
             }
         }
     });
-    start_accept();
+    ing_start_accept();
+}
+
+/*
+    Handle new client connections.
+    New clients always send an authentication message.
+    For storage this is then followed by the storage servers sending them
+    their mailbox every epoch.
+*/
+
+void NetIO::stg_authenticate_new_client(tcp::socket* csocket,
+    const boost::system::error_code& error)
+{
+    if(error) {
+        printf("Accept handler failed\n");
+        return;
+    }
+
+#ifdef DEBUG_NET_CLIENTS
+        printf("Accept handler success\n");
+#endif
+    unsigned char* auth_message = (unsigned char*) malloc(auth_size);
+    boost::asio::async_read(*csocket, boost::asio::buffer(auth_message, auth_size),
+        [this, csocket, auth_message]
+        (boost::system::error_code ec, std::size_t) {
+        if (ec) {
+            if(ec == boost::asio::error::eof) {
+                // Client connection terminated so we delete this socket
+                delete(csocket);
+            } else {
+                printf("Error %s\n", ec.message().c_str());
+            }
+            return;
+        }
+        else {
+            clientid_t c_simid = *((clientid_t *)(auth_message));
+            // Read the authentication token
+            unsigned char *auth_ptr = auth_message + sizeof(clientid_t);
+
+            bool ret = ecall_storage_authenticate(c_simid, auth_ptr);
+            free(auth_message);
+
+            // If the auth is successful, store this socket into
+            // a client socket array at the local_c_simid index
+            // for storage servers to send clients their mailbox periodically.
+            if(ret) {
+                uint32_t lcid = c_simid / num_stg_nodes;
+                client_sockets[lcid] = csocket;
+
+                //TODO: Send back this clients tokens for first epoch
+                unsigned char *tkn_ptr = epoch_tokens + (token_bundle_size * lcid);
+
+                /*
+                if(c_simid == 3) {
+                    printf("Just before async_write: Client tokens for c_simid 0:\n");
+                    unsigned char *tmp_tkn_ptr = tkn_ptr + SGX_AESGCM_IV_SIZE;
+                    for(uint32_t i = 0; i < 2 * SGX_AESGCM_KEY_SIZE; i++) {
+                        printf("%x", tmp_tkn_ptr[i]);
+                    }
+                    printf("\n");
+                }
+                */
+
+                boost::asio::async_write(*(client_sockets[lcid]),
+                    boost::asio::buffer(tkn_ptr, token_bundle_size),
+                    [this](boost::system::error_code ecc, std::size_t){
+
+                    if (ecc) {
+                        if(ecc == boost::asio::error::eof) {
+                            // Client connection terminated so we delete this socket
+                            // delete(csocket);
+                            printf("Client socket terminated!\n");
+                        } else {
+                            printf("Error %s\n", ecc.message().c_str());
+                        }
+                        return;
+                    }
+                });
+            } else {
+                printf("Net: Storage Authentication FAIL\n");
+            }
+        }
+    });
+    stg_start_accept();
 }
 
 /*
   Asynchronously accept new client connections
 */
-void NetIO::start_accept()
+void NetIO::ing_start_accept()
 {
     tcp::socket *csocket = new tcp::socket(io_context());
 #ifdef DEBUG_NET_CLIENTS
     std::cout << "Accepting on " << myconf.clistenhost << ":" << myconf.clistenport << "\n";
 #endif
-    client_acceptor->async_accept(*csocket,
-        boost::bind(&NetIO::authenticate_new_client, this, csocket,
+    ingestion_acceptor->async_accept(*csocket,
+        boost::bind(&NetIO::ing_authenticate_new_client, this, csocket,
         boost::asio::placeholders::error));
 }
 
+void NetIO::stg_start_accept()
+{
+    tcp::socket *csocket = new tcp::socket(io_context());
+#ifdef DEBUG_NET_CLIENTS
+    std::cout << "Accepting on " << myconf.slistenhost << ":" << myconf.slistenport << "\n";
+#endif
+    storage_acceptor->async_accept(*csocket,
+        boost::bind(&NetIO::stg_authenticate_new_client, this, csocket,
+        boost::asio::placeholders::error));
+}
 
 NetIO::NetIO(boost::asio::io_context &io_context, const Config &config)
     : context(io_context), conf(config),
@@ -337,16 +433,51 @@ NetIO::NetIO(boost::asio::io_context &io_context, const Config &config)
     }
 
 
+    auth_size = sizeof(clientid_t) + sizeof(unsigned long) + SGX_AESGCM_KEY_SIZE;
+    msgbundle_size = SGX_AESGCM_IV_SIZE +
+        (apiparams.m_priv_out * apiparams.msg_size) + SGX_AESGCM_MAC_SIZE;
+
+
+    if(myconf.roles & ROLE_STORAGE) {
+        // Setup the client sockets
+        // Compute no_of_clients per storage_server
+        uint32_t num_users = config.user_count;
+        NodeConfig nc;
+        num_stg_nodes = 0;
+        for (nodenum_t i=0; i<num_nodes; ++i) {
+            nc = conf.nodes[i];
+            if(nc.roles & ROLE_STORAGE) {
+                num_stg_nodes++;
+            }
+        }
+        uint32_t num_clients_per_stg = CEILDIV(num_users, num_stg_nodes);
+        client_sockets.resize(num_clients_per_stg);
+        uint16_t num_priv_channels = config.m_priv_in;
+        uint16_t msg_size = config.msg_size;
+        uint32_t epoch_msgbundles_size = num_clients_per_stg *
+            (SGX_AESGCM_IV_SIZE + msg_size * num_priv_channels + SGX_AESGCM_MAC_SIZE);
+        token_bundle_size = ((num_priv_channels * SGX_AESGCM_KEY_SIZE) + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE);
+        uint32_t epoch_tokens_size = num_clients_per_stg * token_bundle_size;
+        epoch_msgbundles = (unsigned char *) malloc(epoch_msgbundles_size);
+        epoch_tokens = (unsigned char *) malloc (epoch_tokens_size);
+        ecall_supply_storage_buffers(epoch_msgbundles, epoch_msgbundles_size,
+            epoch_tokens, epoch_tokens_size);
+
+        storage_acceptor = std::shared_ptr<tcp::acceptor>(
+            new tcp::acceptor(io_context,
+                resolver.resolve(this->myconf.slistenhost,
+                this->myconf.slistenport)->endpoint()));
+
+        stg_start_accept();
+    }
+
     if(myconf.roles & ROLE_INGESTION) {
-        client_acceptor = std::shared_ptr<tcp::acceptor>(
+        ingestion_acceptor = std::shared_ptr<tcp::acceptor>(
             new tcp::acceptor(io_context,
                 resolver.resolve(this->myconf.clistenhost,
                 this->myconf.clistenport)->endpoint()));
 
-        auth_size = sizeof(clientid_t) + sizeof(unsigned long) + SGX_AESGCM_KEY_SIZE;
-        msgbundle_size = SGX_AESGCM_IV_SIZE +
-            (apiparams.m_priv_out * apiparams.msg_size) + SGX_AESGCM_MAC_SIZE;
-        start_accept();
+        ing_start_accept();
     }
 }
 

App/net.hpp

@@ -12,6 +12,8 @@
 #include "appconfig.hpp"
 #include "../Enclave/enclave_api.h"
 
+// #define DEBUG_NET_CLIENTS
+
 // The inter-node (untrusted node to untrusted node) communication
 // protocol is as follows.  Nodes are numbered 0 through num_nodes-1.
 // At startup time, each pair of nodes establishes a TCP connection by
@@ -129,13 +131,23 @@ class NetIO {
     const Config &conf;
     const NodeConfig &myconf;
     std::deque<std::optional<NodeIO>> nodeios;
-    std::shared_ptr<tcp::acceptor> client_acceptor;
+    std::shared_ptr<tcp::acceptor> ingestion_acceptor;
+    std::shared_ptr<tcp::acceptor> storage_acceptor;
 
-    void receive_msgbundle(tcp::socket* socket, clientid_t c_simid);
-    void authenticate_new_client(tcp::socket* socket,
-        const boost::system::error_code& error);
-    void start_accept();
     size_t auth_size, msgbundle_size;
+    void ing_receive_msgbundle(tcp::socket* socket, clientid_t c_simid);
+    void ing_authenticate_new_client(tcp::socket* socket,
+        const boost::system::error_code& error);
+    void ing_start_accept();
+
+    std::vector<tcp::socket*> client_sockets;
+    unsigned char *epoch_tokens;
+    unsigned char *epoch_msgbundles;
+    uint16_t num_stg_nodes;
+    uint32_t token_bundle_size;
+    void stg_authenticate_new_client(tcp::socket* socket,
+        const boost::system::error_code& error);
+    void stg_start_accept();
 
 public:
     NetIO(boost::asio::io_context &io_context, const Config &config);

App/start.cpp

@@ -157,6 +157,8 @@ static void route_clients_test(NetIO &netio)
     // Run epoch
     for (int i=0; i<3; ++i) {
         if(i==0) {
+            // Clients setup sockets, authenticate, and get token_bundles
+            // from their storage servers during this interval.
             usleep(EPOCH_INTERVAL);
         }
 

Enclave/Enclave.edl

@@ -51,6 +51,15 @@ enclave {
 
         public bool ecall_authenticate(clientid_t cid,
             [user_check] uint8_t *auth_string);
+
+        public bool ecall_storage_authenticate(clientid_t cid,
+            [user_check] uint8_t *auth_string);
+
+        public void ecall_supply_storage_buffers(
+            [user_check] unsigned char *msgbundles,
+            uint32_t msgbundles_size,
+            [user_check] unsigned char *tokens,
+            uint32_t tokens_size);
     };
 
     untrusted {

Enclave/enclave_api.h

@@ -30,6 +30,8 @@ struct EnclaveAPINodeConfig {
 
 #define SEALED_PRIVKEY_SIZE 610
 
+#define TOKEN_SIZE 16
+
 // Must be a multiple of 16
 #define FRAME_SIZE (65536+16)
 

Enclave/storage.cpp

@@ -8,6 +8,8 @@
 #define PROFILE_STORAGE
 
 StgClient *clients;
+uint8_t *epoch_tokens;
+uint8_t *epoch_msgbundles;
 
 static struct {
     uint32_t max_users;
@@ -19,6 +21,62 @@ static struct {
     std::vector<uint32_t> dest;
 } storage_state;
 
+bool storage_generateClientKeys(uint32_t num_clients, uint32_t my_stg_no) {
+    uint16_t num_priv_channels = g_teems_config.m_priv_in;
+    uint16_t msg_size = g_teems_config.msg_size;
+    uint32_t pt_msgbundle_size = num_priv_channels * msg_size;
+
+    clients = new StgClient[num_clients];
+
+    for(uint32_t i =0; i < num_clients; i++) {
+        uint32_t mid = storage_state.my_storage_node_id + i;
+        clients[i].my_id = mid;
+        clients[i].priv_friends = new clientid_t[g_teems_config.m_priv_in];
+        // Initialize this client's private channel friends as themself
+        for(int j =0; j <g_teems_config.m_priv_in; j++) {
+            (clients[i].priv_friends)[j] = mid;
+        }
+    }
+
+    uint32_t num_stg_nodes = g_teems_config.num_storage_nodes;
+    uint32_t c_simid = my_stg_no;
+
+    //printf("In Ingestion::genCK, num_clients = %d\n", num_clients);
+    for (uint32_t i=0; i<num_clients; i++) {
+        const sgx_aes_gcm_128bit_key_t *pESK = &(g_teems_config.ESK);
+        unsigned char zeroes[SGX_AESGCM_KEY_SIZE];
+        unsigned char iv[SGX_AESGCM_IV_SIZE];
+        sgx_aes_gcm_128bit_tag_t tag;
+        memset(zeroes, 0, SGX_AESGCM_KEY_SIZE);
+        memset(iv, 0, SGX_AESGCM_IV_SIZE);
+
+        memcpy(iv, (uint8_t*) (&c_simid), sizeof(c_simid));
+        memcpy(iv + sizeof(c_simid), "STG", sizeof("STG"));
+
+        sgx_status_t ret = SGX_SUCCESS;
+        ret = sgx_rijndael128GCM_encrypt(pESK, zeroes, SGX_AESGCM_KEY_SIZE,
+            (uint8_t*) (clients[i].key), iv, SGX_AESGCM_IV_SIZE, NULL, 0, &tag);
+        if(ret!=SGX_SUCCESS) {
+            printf("stg_generateClientKeys FAIL\n");
+            return false;
+        }
+
+        /*
+        if(c_simid % 10 == 0) {
+            printf("Storage: c_simid = %d, Key:", c_simid);
+            for (int k = 0; k<SGX_AESGCM_KEY_SIZE; k++) {
+                printf("%x", (clients[i].key)[k]);
+            }
+            printf("\n");
+        }
+        */
+        c_simid+=num_stg_nodes;
+
+    }
+
+    return true;
+}
+
 // route_init will call this function; no one else should call it
 // explicitly.  The parameter is the number of messages that can fit in
 // the storage-side MsgBuffer.  Returns true on success, false on
@@ -41,7 +99,9 @@ bool storage_init(uint32_t max_users, uint32_t msg_buf_size)
         }
     }
 
+    printf("my_stg_pos = %d\n", my_stg_pos);
     storage_generateClientKeys(max_users, my_stg_pos);
+    // sendClientTokens();
 
     return true;
 }
@@ -189,6 +249,22 @@ void storage_received(MsgBuffer &storage_buf)
     storage_buf.reset();
     pthread_mutex_unlock(&storage_buf.mutex);
 
+    // TODO: Send the storage_state.stg_buf to clients
+    // Encrypt the storage_state.stg_buf into MSG_BUNDLES
+    // encryptMsgBundles(num_clients, num_priv_channels, msg_size);
+    // Uses: storage_state.stg_buf, clients, epoch_msgbundles
+
+    // generateTokens();
+    // Uses: clients, epoch_tokens,
+
+    // ocall_process_msgbundles(epoch_msgbundles, epoch_tokens);
+    // sendClientTokens();
+    //
+
+    // processStorage(msg_bundles) :
+    //    a) Send out msg_bundles to clients with open sockets
+    //    b) Store the other msg_bundles in "backend"
+
     storage_state.stg_buf.reset();
 
 #ifdef PROFILE_STORAGE
@@ -196,49 +272,131 @@ void storage_received(MsgBuffer &storage_buf)
 #endif
 }
 
-bool storage_generateClientKeys(uint32_t num_clients, uint32_t my_stg_no) {
 
-    clients = new StgClient[num_clients];
-    uint32_t num_stg_nodes = g_teems_config.num_storage_nodes;
-    uint32_t c_simid = my_stg_no;
+/*
+    Given a local client identifier, generate the tokens for this client
+    for their priv_friends for the next round.
+    Populates the supplied tokens buffer with the correct tokens.
+*/
+bool generate_tokens(clientid_t lcid)
+{
+    uint32_t pt_tokens_size = (g_teems_config.m_priv_in * SGX_AESGCM_KEY_SIZE);
+    uint32_t enc_tokens_size = (g_teems_config.m_priv_in * SGX_AESGCM_KEY_SIZE) +
+        SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE;
 
-    //printf("In Ingestion::genCK, num_clients = %d\n", num_clients);
-    for (uint32_t i=0; i<num_clients; i++) {
-        const sgx_aes_gcm_128bit_key_t *pESK = &(g_teems_config.ESK);
-        unsigned char zeroes[SGX_AESGCM_KEY_SIZE];
-        unsigned char iv[SGX_AESGCM_IV_SIZE];
-        sgx_aes_gcm_128bit_tag_t tag;
-        memset(zeroes, 0, SGX_AESGCM_KEY_SIZE);
-        memset(iv, 0, SGX_AESGCM_IV_SIZE);
+    const sgx_aes_gcm_128bit_key_t *pTSK = &(g_teems_config.TSK);
+    unsigned char *tkn_iv_ptr = epoch_tokens + enc_tokens_size * lcid;
+    unsigned char *tkn_ptr = tkn_iv_ptr + SGX_AESGCM_IV_SIZE;
+    unsigned char *tkn_tag = tkn_ptr + pt_tokens_size;
 
-        memcpy(iv, (uint8_t*) (&c_simid), sizeof(c_simid));
-        memcpy(iv + sizeof(c_simid), "STG", sizeof("STG"));
+    // We construct the plaintext underlying the token in the correct location
+    // for this client in epoch_tokens
+    // The tokens get stored in token_body
+    // Later we encrypt token_body with the client's storage key and overwrite
+    // the correct location in epoch_tokens
+    unsigned char token_body[pt_tokens_size];
 
-        sgx_status_t ret = SGX_SUCCESS;
-        ret = sgx_rijndael128GCM_encrypt(pESK, zeroes, SGX_AESGCM_KEY_SIZE,
-            (uint8_t*) (clients[i].key), iv, SGX_AESGCM_IV_SIZE, NULL, 0, &tag);
-        if(ret!=SGX_SUCCESS) {
-            printf("stg_generateClientKeys FAIL\n");
-            return false;
-        }
+    memset(token_body, 0, pt_tokens_size);
+    memset(tkn_iv_ptr, 0, SGX_AESGCM_IV_SIZE);
+    // IV = client_id | epoch_no
+    memcpy(tkn_iv_ptr, (uint8_t*) (&(clients[lcid].my_id)), sizeof(clientid_t));
+    // TODO: Add epoch to IV
+    //memcpy(tkn_iv_ptr + sizeof(clientid_t), epoch_no, sizeof(epoch_no));
 
-        /*
-        if(c_simid % 10 == 0) {
-            printf("Storage: c_simid = %d, Key:", c_simid);
-            for (int k = 0; k<SGX_AESGCM_KEY_SIZE; k++) {
-                printf("%x", (clients[i].key)[k]);
-            }
-            printf("\n");
+    unsigned char *ptr = tkn_ptr;
+    for(int i = 0; i<g_teems_config.m_priv_in; i++)
+    {
+        memcpy(ptr, (uint8_t*) (&(clients[lcid].my_id)), sizeof(clientid_t));
+        memcpy(ptr + sizeof(clientid_t), (uint8_t*) (&(clients[lcid].priv_friends[i])), sizeof(clientid_t));
+        ptr+=SGX_AESGCM_KEY_SIZE;
+    }
+
+    sgx_status_t ret = SGX_SUCCESS;
+    ret = sgx_rijndael128GCM_encrypt(pTSK, tkn_ptr, pt_tokens_size,
+        (uint8_t*) token_body, tkn_iv_ptr, SGX_AESGCM_IV_SIZE, NULL, 0,
+        (sgx_aes_gcm_128bit_tag_t*) tkn_tag);
+    if(ret!=SGX_SUCCESS) {
+        printf("generate_tokens: Creating token FAIL\n");
+        return false;
+    }
+
+    /*
+    if(lcid == 0) {
+        printf("Checking generated token_body:");
+        for(uint32_t i = 0; i < pt_tokens_size; i++) {
+            printf("%x", token_body[i]);
         }
-        */
-        c_simid+=num_stg_nodes;
+        printf("\n");
+    }
+    */
+
+    unsigned char *cl_iv = clients[lcid].iv;
+    ret = (sgx_rijndael128GCM_encrypt(&(clients[lcid].key), token_body, pt_tokens_size,
+        (uint8_t*) tkn_ptr, cl_iv, SGX_AESGCM_IV_SIZE, NULL, 0,
+        (sgx_aes_gcm_128bit_tag_t*) tkn_tag));
+    if(ret!=SGX_SUCCESS) {
+        printf("generate_tokens: Encrypting token FAIL\n");
+        return false;
+    }
 
+    memcpy(tkn_iv_ptr, cl_iv, SGX_AESGCM_IV_SIZE);
+    // Update IV
+    uint64_t *iv_ctr = (uint64_t*) cl_iv;
+    (*iv_ctr)+=1;
+
+    /*
+    if(lcid == 0) {
+        printf("Encrypted client token:");
+        for(uint32_t i = 0; i < pt_tokens_size; i++) {
+            printf("%x", tkn_ptr[i]);
+        }
+        printf("\n");
     }
+    */
 
     return true;
 }
 
-bool authenticateClient()
+
+bool ecall_storage_authenticate(clientid_t cid, unsigned char *auth_message)
 {
+    bool ret = false;
+    uint32_t lcid = cid / g_teems_config.num_storage_nodes;
+    const sgx_aes_gcm_128bit_key_t *ckey = &(clients[lcid].key);
+
+    ret = authenticateClient(auth_message, ckey);
 
+    if(!ret) {
+        printf("Storage authentication FAIL\n");
+    }
+
+    // When clients authenticate:
+    // 1) Send back mailbox archive
+    // 2) Send tokens for current epoch
+
+    ret &= generate_tokens(lcid);
+    /*
+    uint32_t enc_token_bundle_size = SGX_AESGCM_KEY_SIZE + SGX_AESGCM_IV_SIZE
+    unsigned char *token_ptr = lcid *
+    // sendTokens()
+
+    */
+    /*
+    if(ret) {
+        printf("ecall_storage_auth : ret = SUCCESS\n");
+    }
+    else {
+        printf("ecall_storage_auth : ret = FAIL\n");
+    }
+    */
+    return ret;
+}
+
+
+void ecall_supply_storage_buffers(unsigned char *msgbundles,
+    uint32_t msgbundles_size, unsigned char *tokens, uint32_t tokens_size)
+{
+    epoch_msgbundles = msgbundles;
+    epoch_tokens = tokens;
+    printf("Storage buffers were set");
 }

Enclave/storage.hpp

@@ -19,4 +19,6 @@ void storage_received(MsgBuffer &storage_buf);
 
 bool storage_generateClientKeys(uint32_t num_clients, uint32_t my_stg_no);
 
+bool ecall_authenticate(clientid_t cid, unsigned char *auth_message);
+
 #endif

Untrusted/Untrusted.cpp

@@ -319,3 +319,17 @@ bool ecall_authenticate(clientid_t cid, unsigned char *auth_string)
     ecall_authenticate(global_eid, &ret, cid, auth_string);
     return ret;
 }
+
+bool ecall_storage_authenticate(clientid_t cid, unsigned char *auth_string)
+{
+    bool ret;
+    ecall_storage_authenticate(global_eid, &ret, cid, auth_string);
+    return ret;
+}
+
+void ecall_supply_storage_buffers(unsigned char *msgbundles,
+    uint32_t msgbundles_size, unsigned char *tokens, uint32_t tokens_size)
+{
+    ecall_supply_storage_buffers(global_eid, msgbundles, msgbundles_size,
+        tokens, tokens_size);
+}

Untrusted/Untrusted.hpp

@@ -45,4 +45,9 @@ bool ecall_ingest_msgbundle(clientid_t cid, unsigned char *msgbundle,
 
 bool ecall_authenticate(clientid_t cid, unsigned char *auth_string);
 
+bool ecall_storage_authenticate(clientid_t cid, unsigned char *auth_string);
+
+void ecall_supply_storage_buffers(unsigned char *msgbundles,
+    uint32_t msgbundles_size, unsigned char *tokens, uint32_t tokens_size);
+
 #endif