|
|
@@ -11,14 +11,62 @@
|
|
|
static sgx_ec256_private_t g_privkey;
|
|
|
static sgx_ec256_public_t g_pubkey;
|
|
|
|
|
|
+// What step of the handshake are we on?
|
|
|
+enum HandshakeStep {
|
|
|
+ HANDSHAKE_NONE,
|
|
|
+ HANDSHAKE_C_SENT_1,
|
|
|
+ HANDSHAKE_S_SENT_2,
|
|
|
+ HANDSHAKE_COMPLETE
|
|
|
+};
|
|
|
+
|
|
|
// Communication state for a node
|
|
|
struct NodeCommState {
|
|
|
sgx_ec256_public_t pubkey;
|
|
|
+ nodenum_t node_num;
|
|
|
+ HandshakeStep handshake_step;
|
|
|
+
|
|
|
+ // Our DH keypair during the handshake
|
|
|
+ sgx_ec256_private_t handshake_privkey;
|
|
|
+ sgx_ec256_public_t handshake_pubkey;
|
|
|
+
|
|
|
+ // The peer's DH public key during the handshake
|
|
|
+ sgx_ec256_public_t handshake_peer_pubkey;
|
|
|
+
|
|
|
+ // The outgoing and incoming AES keys after the handshake
|
|
|
+ sgx_aes_gcm_128bit_key_t out_aes_key, in_aes_key;
|
|
|
+
|
|
|
+ // The outgoing and incoming IV counters
|
|
|
+ uint8_t out_aes_iv[SGX_AESGCM_IV_SIZE];
|
|
|
+ uint8_t in_aes_iv[SGX_AESGCM_IV_SIZE];
|
|
|
+
|
|
|
+ // The current outgoing frame and the current offset into it
|
|
|
+ uint8_t *frame;
|
|
|
+ uint32_t frame_offset;
|
|
|
+
|
|
|
+ // The current outgoing message size and the offset into it of the
|
|
|
+ // start of the current frame
|
|
|
+ uint32_t msg_size;
|
|
|
+ uint32_t msg_frame_offset;
|
|
|
+
|
|
|
+ // The current incoming message size and the offset into it of all
|
|
|
+ // previous chunks of this message
|
|
|
+ uint32_t in_msg_size;
|
|
|
+ uint32_t in_msg_offset;
|
|
|
+ // The internal buffer where we're storing the (decrypted) message
|
|
|
+ uint8_t *in_msg_buf;
|
|
|
+
|
|
|
+ NodeCommState(const sgx_ec256_public_t* conf_pubkey, nodenum_t i) :
|
|
|
+ node_num(i), handshake_step(HANDSHAKE_NONE), frame(NULL),
|
|
|
+ frame_offset(0), msg_size(0), msg_frame_offset(0),
|
|
|
+ in_msg_size(0), in_msg_offset(0), in_msg_buf(NULL) {
|
|
|
+ memmove(&pubkey, conf_pubkey, sizeof(pubkey));
|
|
|
+ }
|
|
|
};
|
|
|
|
|
|
// The communication states for all the nodes. There's an entry for
|
|
|
// ourselves in here, but it is unused.
|
|
|
static std::vector<NodeCommState> commstates;
|
|
|
+static nodenum_t tot_nodes;
|
|
|
|
|
|
// Generate a new identity signature key. Output the public key and the
|
|
|
// sealed private key. outsealedpriv must point to SEALEDPRIVKEY_SIZE =
|
|
|
@@ -90,7 +138,8 @@ bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
|
|
|
sgx_ecc256_open_context(&ecc_handle);
|
|
|
|
|
|
commstates.clear();
|
|
|
- commstates.resize(num_nodes);
|
|
|
+ tot_nodes = 0;
|
|
|
+ commstates.reserve(num_nodes);
|
|
|
for (nodenum_t i=0; i<num_nodes; ++i) {
|
|
|
// Check that the pubkey is valid
|
|
|
int valid;
|
|
|
@@ -102,8 +151,7 @@ bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
|
|
|
sgx_ecc256_close_context(ecc_handle);
|
|
|
return false;
|
|
|
}
|
|
|
- memmove(&commstates[i].pubkey, &apinodeconfigs[i].pubkey,
|
|
|
- sizeof(commstates[i].pubkey));
|
|
|
+ commstates.emplace_back(&apinodeconfigs[i].pubkey, i);
|
|
|
}
|
|
|
sgx_ecc256_close_context(ecc_handle);
|
|
|
|
|
|
@@ -121,16 +169,30 @@ bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ tot_nodes = num_nodes;
|
|
|
return true;
|
|
|
}
|
|
|
|
|
|
bool ecall_message(nodenum_t node_num, uint32_t message_len)
|
|
|
{
|
|
|
- return false;
|
|
|
+ if (node_num >= tot_nodes) {
|
|
|
+ printf("Out-of-range node_num %hu received in ecall_message\n",
|
|
|
+ node_num);
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ NodeCommState &nodest = commstates[node_num];
|
|
|
+
|
|
|
+ if (nodest.in_msg_size != nodest.in_msg_offset) {
|
|
|
+ printf("Received ecall_message without completing previous message\n");
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+ printf("ecall_message called\n");
|
|
|
+ return true;
|
|
|
}
|
|
|
|
|
|
bool ecall_chunk(nodenum_t node_num, const uint8_t *chunkdata,
|
|
|
uint32_t chunklen)
|
|
|
{
|
|
|
- return false;
|
|
|
+ printf("ecall_chunk called\n");
|
|
|
+ return true;
|
|
|
}
|
