|
|
@@ -8,111 +8,16 @@
|
|
|
#include "Enclave_t.h"
|
|
|
#include "utils.hpp"
|
|
|
#include "config.hpp"
|
|
|
+#include "comms.hpp"
|
|
|
|
|
|
// Our public and private identity keys
|
|
|
static sgx_ec256_private_t g_privkey;
|
|
|
static sgx_ec256_public_t g_pubkey;
|
|
|
|
|
|
-// What step of the handshake are we on?
|
|
|
-enum HandshakeStep {
|
|
|
- HANDSHAKE_NONE,
|
|
|
- HANDSHAKE_C_SENT_1,
|
|
|
- HANDSHAKE_S_SENT_2,
|
|
|
- HANDSHAKE_COMPLETE
|
|
|
-};
|
|
|
-
|
|
|
-// Communication state for a node
|
|
|
-struct NodeCommState {
|
|
|
- sgx_ec256_public_t pubkey;
|
|
|
- nodenum_t node_num;
|
|
|
- HandshakeStep handshake_step;
|
|
|
-
|
|
|
- // Our DH keypair during the handshake
|
|
|
- sgx_ec256_private_t handshake_dh_privkey;
|
|
|
- sgx_ec256_public_t handshake_dh_pubkey;
|
|
|
-
|
|
|
- // The server keeps this state between handshake messages 1 and 3
|
|
|
- uint8_t handshake_cli_srv_mac[16];
|
|
|
-
|
|
|
- // The outgoing and incoming AES keys after the handshake
|
|
|
- sgx_aes_gcm_128bit_key_t out_aes_key, in_aes_key;
|
|
|
-
|
|
|
- // The outgoing and incoming IV counters
|
|
|
- uint8_t out_aes_iv[SGX_AESGCM_IV_SIZE];
|
|
|
- uint8_t in_aes_iv[SGX_AESGCM_IV_SIZE];
|
|
|
-
|
|
|
- // The GCM state for incrementally building each outgoing chunk
|
|
|
- sgx_aes_state_handle_t out_aes_gcm_state;
|
|
|
-
|
|
|
- // The current outgoing frame and the current offset into it
|
|
|
- uint8_t *frame;
|
|
|
- uint32_t frame_offset;
|
|
|
-
|
|
|
- // The current outgoing message ciphertext size and the offset into
|
|
|
- // it of the start of the current frame
|
|
|
- uint32_t msg_size;
|
|
|
- uint32_t msg_frame_offset;
|
|
|
-
|
|
|
- // The current outgoing message plaintext size, how many plaintext
|
|
|
- // bytes we've already processed with message_data, and how many
|
|
|
- // plaintext bytes remain for the current chunk
|
|
|
- uint32_t msg_plaintext_size;
|
|
|
- uint32_t msg_plaintext_processed;
|
|
|
- uint32_t msg_plaintext_chunk_remain;
|
|
|
-
|
|
|
- // The current incoming message ciphertext size and the offset into
|
|
|
- // it of all previous chunks of this message
|
|
|
- uint32_t in_msg_size;
|
|
|
- uint32_t in_msg_offset;
|
|
|
- // The current incoming message number of plaintext bytes processed
|
|
|
- uint32_t in_msg_plaintext_processed;
|
|
|
- // The internal buffer where we're storing the (decrypted) message
|
|
|
- uint8_t *in_msg_buf;
|
|
|
-
|
|
|
- // The function to call when a new incoming message header arrives.
|
|
|
- // This function should return a pointer to enough memory to hold
|
|
|
- // the (decrypted) chunks of the message. Remember that the length
|
|
|
- // passed here is the total size of the _encrypted_ chunks. This
|
|
|
- // function should not itself modify the in_msg_size, in_msg_offset,
|
|
|
- // or in_msg_buf members. This function will usually allocate an
|
|
|
- // appropriate amount of memory and return the pointer to it, but
|
|
|
- // may do other things, like return a pointer to the middle of a
|
|
|
- // previously allocated region of memory.
|
|
|
- std::function<uint8_t*(NodeCommState&,uint32_t)> in_msg_get_buf;
|
|
|
-
|
|
|
- // The function to call after the last chunk of a message has been
|
|
|
- // received. If in_msg_get_buf allocated memory, this function
|
|
|
- // should deallocate it. in_msg_size, in_msg_offset,
|
|
|
- // in_msg_plaintext_processed, and in_msg_buf will already have been
|
|
|
- // reset when this function is called. The uint32_t that is passed
|
|
|
- // are the total size of the _decrypted_ data and the original total
|
|
|
- // size of the _encrypted_ chunks that was passed to in_msg_get_buf.
|
|
|
- std::function<void(NodeCommState&,uint8_t*,uint32_t,uint32_t)>
|
|
|
- in_msg_received;
|
|
|
-
|
|
|
- NodeCommState(const sgx_ec256_public_t* conf_pubkey, nodenum_t i) :
|
|
|
- node_num(i), handshake_step(HANDSHAKE_NONE),
|
|
|
- out_aes_gcm_state(NULL), frame(NULL),
|
|
|
- frame_offset(0), msg_size(0), msg_frame_offset(0),
|
|
|
- msg_plaintext_size(0), msg_plaintext_processed(0),
|
|
|
- msg_plaintext_chunk_remain(0),
|
|
|
- in_msg_size(0), in_msg_offset(0),
|
|
|
- in_msg_plaintext_processed(0), in_msg_buf(NULL),
|
|
|
- in_msg_get_buf(NULL), in_msg_received(NULL) {
|
|
|
- memmove(&pubkey, conf_pubkey, sizeof(pubkey));
|
|
|
- }
|
|
|
-
|
|
|
- void message_start(uint32_t plaintext_len, bool encrypt=true);
|
|
|
-
|
|
|
- void message_data(uint8_t *data, uint32_t len, bool encrypt=true);
|
|
|
-
|
|
|
- // Start the handshake (as the client)
|
|
|
- void handshake_start();
|
|
|
-};
|
|
|
-
|
|
|
// The communication states for all the nodes. There's an entry for
|
|
|
// ourselves in here, but it is unused.
|
|
|
-static std::vector<NodeCommState> commstates;
|
|
|
+std::vector<NodeCommState> commstates;
|
|
|
+
|
|
|
static nodenum_t tot_nodes, my_node_num;
|
|
|
static class CompletedHandshakeCounter {
|
|
|
// Mutex around completed_handshakes
|
