Generate (fixed generation error) and verify tokens for private channel messages

Enclave/ingest.cpp

@@ -106,6 +106,47 @@ bool Ingestion::processMsgBundle(clientid_t cid, unsigned char *msgbundle,
     // TODO: Verify the tokens from end of the msgbundle
     // before appending them into the MsgBuffer
     bool verified  = true;
+    unsigned char token_body[TOKEN_SIZE];
+    const sgx_aes_gcm_128bit_key_t *pTSK = &(g_teems_config.TSK);
+    unsigned char *dm_ptr = dec_msgbundle;
+    unsigned char *tkn_ptr = dm_ptr + (msg_size * num_msgs);
+    sgx_cmac_state_handle_t cmac_handle;
+    sgx_cmac_128bit_tag_t token;
+
+    for(int k =0; k < num_msgs; k++)
+    {
+        ret = SGX_SUCCESS;
+        memset(token_body, 0, TOKEN_SIZE);
+        memcpy(token_body, dm_ptr, sizeof(clientid_t) * 2);
+        memcpy(token_body + sizeof(clientid_t) * 2, (uint8_t*) &ingestion_epoch, sizeof(ingestion_epoch));
+        ret = sgx_rijndael128_cmac_msg(pTSK, token_body, TOKEN_SIZE,
+            (sgx_cmac_128bit_tag_t*) &token);
+        if(ret!=SGX_SUCCESS) {
+            printf("Ingestion::processMsgBundle: Token recreation FAIL\n");
+            printf("ret = %x", ret);
+            return false;
+        }
+
+        /*
+        printf("Received token:\n");
+        for(int l=0; l<SGX_CMAC_MAC_SIZE; l++) {
+            printf("%x", tkn_ptr[l]);
+        }
+        printf("Verify created token:\n");
+        for(int l=0; l<SGX_CMAC_MAC_SIZE; l++) {
+            printf("%x", token[l]);
+        }
+        */
+
+        int diff = memcmp(token, tkn_ptr, SGX_CMAC_MAC_SIZE);
+        if(diff!=0) {
+            printf("Ingestion::processMsgBundle: Tokens do not match FAIL\n");
+            return false;
+        }
+
+        dm_ptr+= msg_size;
+        tkn_ptr+=SGX_CMAC_MAC_SIZE;
+    }
 
     if(verified) {
         // Append msgbundle to g_ing.buffer;

Enclave/route.cpp

@@ -505,6 +505,7 @@ void ecall_routing_proceed(void *cbpointer)
 
     if (route_state.step == ROUTE_NOT_STARTED) {
         if (my_roles & ROLE_INGESTION) {
+            ingestion_epoch++;
             route_state.cbpointer = cbpointer;
             MsgBuffer &ingbuf = route_state.ingbuf;
 

Enclave/storage.cpp

@@ -78,8 +78,8 @@ bool storage_generateClientKeys(uint32_t num_clients, uint32_t my_stg_no) {
 
 bool generate_all_tokens()
 {
-    uint32_t pt_tokens_size = (g_teems_config.m_priv_out * SGX_AESGCM_KEY_SIZE);
-    uint32_t enc_tokens_size = (g_teems_config.m_priv_out * SGX_AESGCM_KEY_SIZE) +
+    uint32_t pt_tokens_size = (g_teems_config.m_priv_out * SGX_CMAC_MAC_SIZE);
+    uint32_t enc_tokens_size = pt_tokens_size +
         SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE;
     unsigned char token_body[pt_tokens_size];
 
@@ -103,23 +103,27 @@ bool generate_all_tokens()
         unsigned long epoch_val = storage_epoch + 1;
         memcpy(tkn_iv_ptr, &epoch_val, sizeof(epoch_val));
 
+        sgx_status_t ret = SGX_SUCCESS;
         unsigned char *ptr = tkn_ptr;
+        unsigned char *tkn_body_ptr = token_body;
         for(int i = 0; i<g_teems_config.m_priv_out; i++)
         {
             memcpy(ptr, (&(clients[lcid].my_id)), sizeof(clientid_t));
             memcpy(ptr + sizeof(clientid_t), (&(clients[lcid].priv_friends[i])), sizeof(clientid_t));
             memcpy(ptr + 2 * sizeof(clientid_t), &epoch_val, sizeof(epoch_val));
-            ptr+=SGX_AESGCM_KEY_SIZE;
-        }
 
-        sgx_status_t ret = SGX_SUCCESS;
-        ret = sgx_rijndael128_cmac_msg(pTSK, tkn_ptr, pt_tokens_size,
-            (sgx_cmac_128bit_tag_t*) &token_body);
-        if(ret!=SGX_SUCCESS) {
-            printf("generate_tokens: Creating token FAIL\n");
-            return false;
+            ret = sgx_rijndael128_cmac_msg(pTSK, ptr, pt_tokens_size,
+                (sgx_cmac_128bit_tag_t*) tkn_body_ptr);
+            if(ret!=SGX_SUCCESS) {
+                printf("generate_tokens: Creating token FAIL\n");
+                return false;
+            }
+
+            ptr+=SGX_CMAC_MAC_SIZE;
+            tkn_body_ptr+=SGX_CMAC_MAC_SIZE;
         }
 
+
         /*
         if(lcid == 0) {
             printf("Checking generated token_body:");