teems/Enclave/comms.hpp

#ifndef __COMMS_HPP__
#define __COMMS_HPP__

#include "enclave_api.h"

// The enclave-to-enclave communication protocol is as follows.  It
// probably could just be attested TLS in a production environment, but
// we're not implementing remote attestation at this time.  This means
// that the list of other enclaves' public keys are currently just
// blindly trusted, so add a remote attestation step to validate them if
// you want to deploy this for real.
//
// The protocol starts with a Sign-and-MAC (SIGMA) handshake, in the
// pre-specified peer setting.  The client is the lower-numbered node,
// and the server is the higher-numbered node.  The protocol is:
//
// Message 1 C -> S: g^x
// Message 2 S -> C: g^y, Sig_S(MAC_{H_1a(g^{xy})}(g^y, g^x, Pub_S, Pub_C)
// Message 3 C -> S: Sig_C(MAC_{H_1b(g^{xy})}(g^x, g^y, Pub_C, Pub_S)
//
// where Pub_C and Pub_S are the long-term signature keys of C and S.
//
// After the handshake, the client-to-server AES-GCM key is set to
// H_2a(g^{xy}) and the server-to-client AES-GCM key is set to
// H_2b(g^{xy}).  H_na(x) and H_nb(x) are the first 128 bits and the
// last 128 bits of SHA256(n || x) respectively.
//
// After the handshake, data is sent in logical messages, which are
// divided into chunks of size at most FRAME_SIZE - SGX_AESGCM_MAC_SIZE
// bytes of plaintext, which will expand to at most FRAME_SIZE bytes of
// ciphertext.  The IV for the first chunk in each direction is
// 0x01 0x00 0x00 ... 0x00 (remember they use different keys in the two
// directions), and each chunk increments the IV in a little-endian
// manner.  The MAC tag of SGX_AESGCM_MAC_SIZE bytes is at the end of
// the chunk.

bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
    nodenum_t num_nodes, nodenum_t my_node_num);

#endif