teems/Client/clients.cpp

#include <iostream>
#include "../App/appconfig.hpp"

// The next line suppresses a deprecation warning within boost
#define BOOST_BIND_GLOBAL_PLACEHOLDERS
#include "boost/property_tree/ptree.hpp"
#include "boost/property_tree/json_parser.hpp"
#include <boost/asio.hpp>
#include <boost/thread.hpp>
#include "gcm.h"
#include "sgx_tcrypto.h"
#include "clients.hpp"

#define CEILDIV(x,y) (((x)+(y)-1)/(y))

// Split a hostport string like "127.0.0.1:12000" at the rightmost colon
// into a host part "127.0.0.1" and a port part "12000".
static bool split_host_port(std::string &host, std::string &port,
    const std::string &hostport)
{
    size_t colon = hostport.find_last_of(':');
    if (colon == std::string::npos) {
        std::cerr << "Cannot parse \"" << hostport << "\" as host:port\n";
        return false;
    }
    host = hostport.substr(0, colon);
    port = hostport.substr(colon+1);
    return true;
}

// Convert a single hex character into its value from 0 to 15. Return
// true on success, false if it wasn't a hex character.
static inline bool hextoval(unsigned char &val, char hex)
{
    if (hex >= '0' && hex <= '9') {
        val = ((unsigned char)hex)-'0';
    } else if (hex >= 'a' && hex <= 'f') {
        val = ((unsigned char)hex)-'a'+10;
    } else if (hex >= 'A' && hex <= 'F') {
        val = ((unsigned char)hex)-'A'+10;
    } else {
        return false;
    }
    return true;
}

// Convert a 2*len hex character string into a len-byte buffer. Return
// true on success, false on failure.
static bool hextobuf(unsigned char *buf, const char *str, size_t len)
{
    if (strlen(str) != 2*len) {
        std::cerr << "Hex string was not the expected size\n";
        return false;
    }
    for (size_t i=0;i<len;++i) {
        unsigned char hi, lo;
        if (!hextoval(hi, str[2*i]) || !hextoval(lo, str[2*i+1])) {
            std::cerr << "Cannot parse string as hex\n";
            return false;
        }
        buf[i] = (unsigned char)((hi << 4) + lo);
    }
    return true;
}

bool config_parse(Config &config, const std::string configstr,
    std::vector<NodeConfig> &ingestion_nodes,
    std::vector<NodeConfig> &storage_nodes)
{
    bool found_params = false;
    bool ret = true;

    std::istringstream configstream(configstr);
    boost::property_tree::ptree conftree;

    read_json(configstream, conftree);

    for (auto & entry : conftree) {
        if (!entry.first.compare("params")) {
            for (auto & pentry : entry.second) {
                if (!pentry.first.compare("msg_size")) {
                    config.msg_size = pentry.second.get_value<uint16_t>();
                } else if (!pentry.first.compare("user_count")) {
                    config.user_count = pentry.second.get_value<uint32_t>();
                } else if (!pentry.first.compare("priv_out")) {
                    config.m_priv_out = pentry.second.get_value<uint8_t>();
                } else if (!pentry.first.compare("priv_in")) {
                    config.m_priv_in = pentry.second.get_value<uint8_t>();
                } else if (!pentry.first.compare("pub_out")) {
                    config.m_pub_out = pentry.second.get_value<uint8_t>();
                } else if (!pentry.first.compare("pub_in")) {
                    config.m_pub_in = pentry.second.get_value<uint8_t>();
                // Currently hardcoding an AES key for client -> server communication
                } else if (!pentry.first.compare("master_secret")) {
                    std::string hex_key = pentry.second.data();
                    memcpy(config.master_secret, hex_key.c_str(), SGX_AESGCM_KEY_SIZE);

                } else {
                    std::cerr << "Unknown field in params: " <<
                        pentry.first << "\n";
                    ret = false;
                }
            }
            found_params = true;
        } else if (!entry.first.compare("nodes")) {
            for (auto & node : entry.second) {
                NodeConfig nc;
                // All nodes need to be assigned their role in manifest.yaml
                nc.roles = 0;
                for (auto & nentry : node.second) {
                    if (!nentry.first.compare("name")) {
                        nc.name = nentry.second.get_value<std::string>();
                    } else if (!nentry.first.compare("pubkey")) {
                        ret &= hextobuf((unsigned char *)&nc.pubkey,
                            nentry.second.get_value<std::string>().c_str(),
                            sizeof(nc.pubkey));
                    } else if (!nentry.first.compare("weight")) {
                        nc.weight = nentry.second.get_value<std::uint8_t>();
                    } else if (!nentry.first.compare("listen")) {
                        ret &= split_host_port(nc.listenhost, nc.listenport,
                            nentry.second.get_value<std::string>());
                    } else if (!nentry.first.compare("clisten")) {
                        ret &= split_host_port(nc.clistenhost, nc.clistenport,
                            nentry.second.get_value<std::string>());
                    } else if (!nentry.first.compare("roles")) {
                        nc.roles = nentry.second.get_value<std::uint8_t>();
                    } else {
                        std::cerr << "Unknown field in host config: " <<
                            nentry.first << "\n";
                        ret = false;
                    }
                }
                if(nc.roles == ROLE_INGESTION) {
                    ingestion_nodes.push_back(std::move(nc));
                } else if(nc.roles == ROLE_STORAGE) {
                    storage_nodes.push_back(std::move(nc));
                }
            }
        } else {
            std::cerr << "Unknown key in config: " <<
                entry.first << "\n";
            ret = false;
        }
    }

    if (!found_params) {
        std::cerr << "Could not find params in config\n";
        ret = false;
    }

    return ret;
}

static void usage(const char *argv0)
{
    fprintf(stderr, "%s [-t nthreads] < config.json\n",
        argv0);
    exit(1);
}

/*

    Generate ESK (Encryption master Secret Key) and TSK (Token master Secret Key)

*/
int generateMasterKeys(sgx_aes_gcm_128bit_key_t master_secret,
   aes_key &ESK, aes_key &TSK )
{
    unsigned char zeroes[SGX_AESGCM_KEY_SIZE];
    unsigned char iv[SGX_AESGCM_IV_SIZE];
    unsigned char mac[SGX_AESGCM_MAC_SIZE];
    memset(iv, 0, SGX_AESGCM_IV_SIZE);
    memset(zeroes, 0, SGX_AESGCM_KEY_SIZE);
    memcpy(iv, "Encryption", sizeof("Encryption"));

    if (sizeof(zeroes) != gcm_encrypt(zeroes, SGX_AESGCM_KEY_SIZE, NULL, 0,
            master_secret, iv, SGX_AESGCM_IV_SIZE, ESK, mac)) {
        printf("Client: generateMasterKeys FAIL\n");
        return -1;
    }

    printf("Encryption Master Key: ");
    for(int i=0;i<SGX_AESGCM_KEY_SIZE;i++) {
        printf("%x", ESK[i]);
    }
    printf("\n\n");

    memset(iv, 0, SGX_AESGCM_IV_SIZE);
    memcpy(iv, "Token", sizeof("Token"));
    if (sizeof(zeroes) != gcm_encrypt(zeroes, SGX_AESGCM_KEY_SIZE, NULL, 0,
            master_secret, iv, SGX_AESGCM_IV_SIZE, TSK, mac)) {
        printf("generateMasterKeys failed\n");
        return -1;
    }

    printf("Token Master Key: ");
    for(int i=0;i<SGX_AESGCM_KEY_SIZE;i++) {
        printf("%x", TSK[i]);
    }
    printf("\n");

    return 1;
}

/*
    Takes the client_number, the master aes_key for generating client encryption keys,
    and the client aes_key to be generated.
*/
int generateClientEncryptionKey(clientid_t client_number, aes_key &ESK, aes_key &client_key)
{
    unsigned char zeroes[SGX_AESGCM_KEY_SIZE];
    unsigned char mac[SGX_AESGCM_MAC_SIZE];
    unsigned char iv[SGX_AESGCM_IV_SIZE];
    memset(zeroes, 0, SGX_AESGCM_KEY_SIZE);
    memset(iv, 0, SGX_AESGCM_IV_SIZE);
    memcpy(iv, (unsigned char*) (&client_number), sizeof(client_number));

    // GCM-encrypt, using the chunk key as the associated data
    if (sizeof(zeroes) != gcm_encrypt(zeroes, SGX_AESGCM_KEY_SIZE, NULL, 0, ESK,
            iv, SGX_AESGCM_IV_SIZE, client_key, mac)) {
        printf("generateClientEncryptionKey failed\n");
        return -1;
    }

    return 1;
}



int main(int argc, char **argv)
{
    // Unbuffer stdout
    setbuf(stdout, NULL);

    uint16_t nthreads = 1;
    const char *progname = argv[0];
    std::vector<NodeConfig> ingestion_nodes, storage_nodes;
    ++argv;

    // Parse options
    while (*argv && (*argv)[0] == '-') {
        if (!strcmp(*argv, "-t")) {
            if (argv[1] == NULL) {
                usage(progname);
            }
            nthreads = uint16_t(atoi(argv[1]));
            argv += 2;
        } else {
            usage(progname);
        }
    }

    // Read the config.json from the first line of stdin.  We have to do
    // this before outputting anything to avoid potential deadlock with
    // the launch program.
    std::string configstr;
    std::getline(std::cin, configstr);

    Config config;
    aes_key ESK, TSK;
    Client *clients = new Client[config.user_count];

    if (!config_parse(config, configstr, ingestion_nodes, storage_nodes)) {
       exit(1);
    }

    printf("Number of ingestion_nodes = %ld, Number of storage_node = %ld\n",
        ingestion_nodes.size(), storage_nodes.size());

    generateMasterKeys(config.master_secret, ESK, TSK);

    uint32_t clients_per_ing = CEILDIV(config.user_count, ingestion_nodes.size());
    aes_key client_key;

    for(uint32_t i=0; i<config.user_count; i++) {
        generateClientEncryptionKey(i, ESK, client_key);
        clients[i].setKey(client_key);

        printf("Client %d key: ", i);
        for(int i=0;i<SGX_AESGCM_KEY_SIZE;i++) {
            printf("%x", client_key[i]);
        }
        printf("\n");
    }


    /*
    // Attempt sending a data packet to one of the ingestion servers
    boost::asio::io_context io_context;
    boost::system::error_code err;
    boost::asio::ip::tcp::socket nodesock(io_context);
    boost::asio::ip::tcp::resolver resolver(io_context);

    while(1) {
#ifdef VERBOSE_NET
        std::cerr << "Connecting to " << ingestion_nodes[0].name << "...\n";
#endif
        std::cout << ingestion_nodes[0].clistenhost << ":" << ingestion_nodes[0].clistenport;
        boost::asio::connect(nodesock,
            resolver.resolve(ingestion_nodes[0].clistenhost,
                ingestion_nodes[0].clistenport), err);
        if (!err) break;
        std::cerr << "Connection to " << ingestion_nodes[0].name <<
            " refused, will retry.\n";
        sleep(1);
    }

    nodenum_t node_num = 7;
    boost::asio::write(nodesock,
        boost::asio::buffer(&node_num, sizeof(node_num)));
    */

    /*
    int randfd = open("/dev/urandom", O_RDONLY);
    if (randfd < 0) {
      throw std::runtime_error("Cannot open /dev/urandom");
    }

    unsigned char zeroes[config.msg_size];
    unsigned char buffer[config.msg_size+4+12+16];
    memset(zeroes, 0, sizeof(zeroes));
    // An AES key for constructing and verifying the _plaintext_ of the blocks
    // so that we can ensure that the blocks come out unaltered
    unsigned char datakey[16];
    read(randfd, datakey, 16);

    // GCM-encrypt, using the chunk key as the associated data
    if (sizeof(zeroes) != gcm_encrypt(zeroes, sizeof(zeroes), buffer, 4, datakey,
            buffer+4, 12, buffer+4+12, buffer+4+12+sizeof(zeroes))) {
        printf("Inner encryption failed\n");
    }
    */

    /*
        Spin config.user_client actual clients. Each client:
        1) Retrieve messages and tokens from their storage server
        2) Send all their messages to the ingestion server
        3) Wait for a predetermined EPOCH_DURATION time
        4) Repeat from 1)
    */

    delete [] clients;
}