teems/Enclave/comms.cpp

#include <vector>
#include <cstring>

#include "sgx_tcrypto.h"
#include "sgx_tseal.h"
#include "Enclave_t.h"
#include "utils.hpp"
#include "config.hpp"

// Our public and private identity keys
static sgx_ec256_private_t g_privkey;
static sgx_ec256_public_t g_pubkey;

// Communication state for a node
struct NodeCommState {
    sgx_ec256_public_t pubkey;
};

// The communication states for all the nodes.  There's an entry for
// ourselves in here, but it is unused.
static std::vector<NodeCommState> commstates;

// Generate a new identity signature key.  Output the public key and the
// sealed private key.  outsealedpriv must point to SEALEDPRIVKEY_SIZE =
// sizeof(sgx_sealed_data_t) + sizeof(sgx_ec256_private_t) + 18 bytes of
// memory.
void ecall_identity_key_new(sgx_ec256_public_t *outpub,
    sgx_sealed_data_t *outsealedpriv)
{
    sgx_ecc_state_handle_t ecc_handle;

    sgx_ecc256_open_context(&ecc_handle);

    sgx_ecc256_create_key_pair(&g_privkey, &g_pubkey, ecc_handle);
    memmove(outpub, &g_pubkey, sizeof(g_pubkey));

    sgx_ecc256_close_context(ecc_handle);

    sgx_seal_data(18, (const uint8_t*)"TEEMS Identity key",
        sizeof(g_privkey), (const uint8_t*)&g_privkey,
        SEALED_PRIVKEY_SIZE, outsealedpriv);
}

// Load an identity key from a sealed privkey.  Output the resulting
// public key.  insealedpriv must point to sizeof(sgx_sealed_data_t) +
// sizeof(sgx_ec256_private_t) bytes of memory.  Returns true for
// success, false for failure.
bool ecall_identity_key_load(sgx_ec256_public_t *outpub,
    const sgx_sealed_data_t *insealedpriv)
{
    sgx_ecc_state_handle_t ecc_handle;

    char aad[18];
    uint32_t aadsize = sizeof(aad);
    sgx_ec256_private_t privkey;
    uint32_t privkeysize = sizeof(privkey);
    sgx_status_t res = sgx_unseal_data(
        insealedpriv, (uint8_t*)aad, &aadsize,
        (uint8_t*)&privkey, &privkeysize);

    if (res || aadsize != sizeof(aad) || privkeysize != sizeof(privkey)
            || memcmp(aad, "TEEMS Identity key", sizeof(aad))) {
        return false;
    }

    sgx_ecc256_open_context(&ecc_handle);

    sgx_ec256_public_t pubkey;
    int valid;
    if (sgx_ecc256_calculate_pub_from_priv(&privkey, &pubkey) ||
            sgx_ecc256_check_point(&pubkey, ecc_handle, &valid) ||
            !valid) {
        sgx_ecc256_close_context(ecc_handle);
        return false;
    }

    sgx_ecc256_close_context(ecc_handle);

    memmove(&g_pubkey, &pubkey, sizeof(pubkey));
    memmove(&g_privkey, &privkey, sizeof(privkey));
    memmove(outpub, &pubkey, sizeof(pubkey));

    return true;
}

bool comms_init_nodestate(const EnclaveAPINodeConfig *apinodeconfigs,
    nodenum_t num_nodes, nodenum_t my_node_num)
{
    sgx_ecc_state_handle_t ecc_handle;
    sgx_ecc256_open_context(&ecc_handle);

    commstates.clear();
    commstates.resize(num_nodes);
    for (nodenum_t i=0; i<num_nodes; ++i) {
        // Check that the pubkey is valid
        int valid;
        if (sgx_ecc256_check_point(&apinodeconfigs[i].pubkey,
                ecc_handle, &valid) ||
                !valid) {
            printf("Pubkey for node %hu invalid\n", i);
            commstates.clear();
            sgx_ecc256_close_context(ecc_handle);
            return false;
        }
        memmove(&commstates[i].pubkey, &apinodeconfigs[i].pubkey,
            sizeof(commstates[i].pubkey));
    }
    sgx_ecc256_close_context(ecc_handle);

    // Check that no one other than us has our pubkey (deals with
    // reflection attacks)
    for (nodenum_t i=0; i<num_nodes; ++i) {
        if (i == my_node_num) continue;
        if (!memcmp(&commstates[i].pubkey,
                &commstates[my_node_num].pubkey,
                sizeof(commstates[i].pubkey))) {
            printf("Pubkey %hu matches our own; possible reflection attack?\n",
                i);
            commstates.clear();
            return false;
        }
    }

    return true;
}