Home Explore Help
Sign In
iang
/
teems
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Handshake message 1

Ian Goldberg 1 year ago
parent
9e22973195
commit
91b8557253
6 changed files with 77 additions and 32 deletions
Split View Show Diff Stats
  1. 0 29
      App/start.cpp
  2. 2 0
      App/teems.cpp
  3. 2 0
      Enclave/Enclave.edl
  4. 64 3
      Enclave/comms.cpp
  5. 7 0
      Untrusted/Untrusted.cpp
  6. 2 0
      Untrusted/Untrusted.hpp

+ 0 - 29
App/start.cpp
View File 

@@ -6,35 +6,6 @@
 
 // to do on the command line
 
 void start(NetIO &netio, int argc, char **argv)
 
 {
 
-    srand48(netio.me);
 
-    // Send a bunch of data to all peers
 
-    for(int j=0;j<3;++j)
 
-    for (size_t node_num = 0; node_num < netio.num_nodes; ++node_num) {
 
-        if (node_num == netio.me) continue;
 
-        NodeIO &node = netio.node(node_num);
 
-        uint32_t msgsize = lrand48() % 10000000;
 
-        printf("Msgsize to %lu: %u\n", node_num, msgsize);
 
-        node.send_message_header(msgsize);
 
-
 
-        uint8_t c = 0;
 
-        uint32_t cl = 0;
 
-        while (msgsize > 0) {
 
-            uint8_t* frame = node.request_frame();
 
-            uint32_t chunk_size = (lrand48() % (FRAME_SIZE-1)) + 1;
 
-            if (chunk_size > msgsize) {
 
-                chunk_size = msgsize;
 
-            }
 
-            memset(frame, ++c, chunk_size);
 
-            ++cl;
 
-            memmove(frame, &cl, sizeof(cl));
 
-            node.send_chunk(frame, chunk_size);
 
-            msgsize -= chunk_size;
 
-        }
 
-    }
 
-
 
-    printf("Sleeping\n");
 
-    sleep(3);
 
-
 
     printf("Reading\n");
 
     for (size_t node_num = 0; node_num < netio.num_nodes; ++node_num) {
 
         if (node_num == netio.me) continue;

+ 2 - 0
App/teems.cpp
View File 

@@ -213,6 +213,8 @@ int main(int argc, char **argv)
 
 
     // Queue up the actual work
 
     boost::asio::post(io_context, [&]{
 
+        // Start enclave-to-enclave communications
 
+        ecall_comms_start();
 
         start(netio, argc, argv);
 
     });

+ 2 - 0
Enclave/Enclave.edl
View File 

@@ -18,6 +18,8 @@ enclave {
 
             [in,count=num_nodes] struct EnclaveAPINodeConfig *apinodeconfigs,
 
             nodenum_t num_nodes, nodenum_t my_node_num);
 
 
+        public bool ecall_comms_start();
 
+
 
         public bool ecall_message(
 
             nodenum_t node_num, uint32_t message_len);

+ 64 - 3
Enclave/comms.cpp
View File 

@@ -104,6 +104,9 @@ struct NodeCommState {
 
     void message_start(uint32_t plaintext_len);
 
 
     void message_data(uint8_t *data, uint32_t len);
 
+
 
+    // Start the handshake (as the client)
 
+    void handshake_start();
 
 };
 
 
 // A typical default in_msg_get_buf handler.  It computes the maximum
 
@@ -132,14 +135,42 @@ static uint8_t* default_in_msg_get_buf(NodeCommState &commst,
 
 
 // Receive (at the server) the first handshake message
 
 static void handshake_1_msg_received(NodeCommState &nodest,
 
-    uint8_t *data, uint32_t plaintext_len, uint32_t message_len)
 
+    uint8_t *data, uint32_t plaintext_len, uint32_t)
 
 {
 
+    /*
 
     printf("Received handshake_1 message of %u bytes:\n", plaintext_len);
 
     for (uint32_t i=0;i<plaintext_len;++i) {
 
         printf("%02x", data[i]);
 
     }
 
     printf("\n");
 
+    */
 
+
 
+    if (plaintext_len != sizeof(sgx_ec256_public_t)) {
 
+        printf("Received handshake_1 message of incorrect size %u\n",
 
+            plaintext_len);
 
+        return;
 
+    }
 
+    sgx_ecc_state_handle_t ecc_handle;
 
+    sgx_ec256_public_t pubkey;
 
+    memmove(&pubkey, data, sizeof(pubkey));
 
+    sgx_ecc256_open_context(&ecc_handle);
 
+    int valid;
 
+    if (sgx_ecc256_check_point(&pubkey, ecc_handle, &valid) || !valid) {
 
+        printf("Invalid public key received from node %hu\n",
 
+            nodest.node_num);
 
+        sgx_ecc256_close_context(ecc_handle);
 
+        return;
 
+    }
 
     delete[] data;
 
+
 
+    printf("Valid public key received from node %hu\n", nodest.node_num);
 
+    memmove(&nodest.handshake_peer_pubkey, &pubkey, sizeof(pubkey));
 
+
 
+    // Create our own DH key pair
 
+    sgx_ecc256_create_key_pair(&nodest.handshake_privkey,
 
+        &nodest.handshake_pubkey, ecc_handle);
 
+
 
+    sgx_ecc256_close_context(ecc_handle);
 
 }
 
 
 // Start a new outgoing message.  Pass the number of _plaintext_ bytes
 
@@ -241,7 +272,7 @@ void NodeCommState::message_data(uint8_t *data, uint32_t len)
 
 // The communication states for all the nodes.  There's an entry for
 
 // ourselves in here, but it is unused.
 
 static std::vector<NodeCommState> commstates;
 
-static nodenum_t tot_nodes;
 
+static nodenum_t tot_nodes, my_node_num;
 
 
 // Generate a new identity signature key.  Output the public key and the
 
 // sealed private key.  outsealedpriv must point to SEALEDPRIVKEY_SIZE =
 
@@ -307,7 +338,7 @@ bool ecall_identity_key_load(sgx_ec256_public_t *outpub,
 
 }
 
 
 bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
 
-    nodenum_t num_nodes, nodenum_t my_node_num)
 
+    nodenum_t num_nodes, nodenum_t me)
 
 {
 
     sgx_ecc_state_handle_t ecc_handle;
 
     sgx_ecc256_open_context(&ecc_handle);
 
@@ -330,6 +361,8 @@ bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
 
     }
 
     sgx_ecc256_close_context(ecc_handle);
 
 
+    my_node_num = me;
 
+
 
     // Check that no one other than us has our pubkey (deals with
 
     // reflection attacks)
 
     for (nodenum_t i=0; i<num_nodes; ++i) {
 
@@ -441,3 +474,31 @@ bool ecall_chunk(nodenum_t node_num, const uint8_t *chunkdata,
 
     }
 
     return true;
 
 }
 
+
 
+// Start the handshake (as the client)
 
+void NodeCommState::handshake_start()
 
+{
 
+    sgx_ecc_state_handle_t ecc_handle;
 
+
 
+    sgx_ecc256_open_context(&ecc_handle);
 
+
 
+    // Create a DH keypair
 
+    sgx_ecc256_create_key_pair(&handshake_privkey, &handshake_pubkey,
 
+        ecc_handle);
 
+
 
+    sgx_ecc256_close_context(ecc_handle);
 
+
 
+    // Send the public key as the first message
 
+    message_start(sizeof(handshake_pubkey));
 
+
 
+    message_data((uint8_t*)&handshake_pubkey, sizeof(handshake_pubkey));
 
+}
 
+
 
+// Start all handshakes for which we are the client
 
+bool ecall_comms_start()
 
+{
 
+    for (nodenum_t t = my_node_num+1; t<tot_nodes; ++t) {
 
+        commstates[t].handshake_start();
 
+    }
 
+    return true;
 
+}

+ 7 - 0
Untrusted/Untrusted.cpp
View File 

@@ -235,6 +235,13 @@ bool ecall_config_load(struct EnclaveAPIParams *apiparams,
 
     return ret;
 
 }
 
 
+bool ecall_comms_start()
 
+{
 
+    bool ret;
 
+    ecall_comms_start(global_eid, &ret);
 
+    return ret;
 
+}
 
+
 
 bool ecall_message(nodenum_t node_num, uint32_t message_len)
 
 {
 
     bool ret;

+ 2 - 0
Untrusted/Untrusted.hpp
View File 

@@ -22,6 +22,8 @@ bool ecall_config_load(struct EnclaveAPIParams *apiparams,
 
     struct EnclaveAPINodeConfig *apinodeconfigs,
 
     nodenum_t num_nodes, nodenum_t my_node_num);
 
 
+bool ecall_comms_start();
 
+
 
 bool ecall_message(nodenum_t node_num, uint32_t message_len);
 
 
 bool ecall_chunk(nodenum_t node_num, const uint8_t *chunkdata,