decrypt_client_data does not crash but it does not work in tandem with the decryptor. Uncommenting both causes both to crash coz of freeing issues.

Makefile

@@ -36,7 +36,7 @@ crypto.o: crypto.cpp
 	g++ -I${Openssl_Path}/include ${CXX_FLAGS} -c $^ -o $@
 
 localattestation_decryption.so:  systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o
-	${CXX} ${LD_FLAGS} -Wl,--no-undefined systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o  -lphpcpp -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib    -L${Openssl_Path}/lib -lssl -lcrypto   -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -Wl,--verbose -o $@ 
+	${CXX} ${LD_FLAGS} -Wl,--no-undefined systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o  -lphpcpp -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib    -L${Openssl_Path}/lib -lssl -lcrypto   -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -o $@ 
 #ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o 
 # -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib   -L${Openssl_Path}/lib -lssl -lcrypto  -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -Wl,--verbose -lphpcpp -lprotobuf  -o $@
 #ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o 

ProtobufLAInitiator.cpp

@@ -167,17 +167,19 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
   encrypted_token_H_and_tag_length=protobuf_encrypted_msg_string.length();
   encrypted_token_H_and_tag = (unsigned char*) malloc(encrypted_token_H_and_tag_length);
   memcpy(encrypted_token_H_and_tag, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
-
+  
   printf("Read the following encrypted token T and tag from the decryptor socket.\n"); fflush(stdout);
 	printf("Encrypted data:\n");
 	for(count=0; count<encrypted_token_H_and_tag_length; count++)
 		printf("0x%02x ", encrypted_token_H_and_tag[count]);
 	printf("\n"); fflush(stdout);
-
+ plaintext_token_H=(unsigned char*) malloc(encrypted_token_H_and_tag_length); 
   // TODO: Modify aes_gcm_wrapper to do the thing where it takes care of the tag internally.
 	internal_return_status = aes_gcm_wrapper(0, encrypted_token_H_and_tag, encrypted_token_H_and_tag_length, plaintext_token_H, &plaintext_token_H_length);
 	if(internal_return_status != 0)
 	{
+	free(encrypted_token_H_and_tag); 
+	free(plaintext_token_H); 
     printf("Error in decryption 0x%x", internal_return_status); fflush(stdout); return internal_return_status;
 	}
 
@@ -190,7 +192,7 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
 	for(count=64;count<96;count++)
     printf("0x%02x ", plaintext_token_H[count]);
 	printf("\n"); fflush(stdout);
-
+	 
 	*base64_encoded_token_H_length=base64_encoding_wrapper(base64_encoded_token_H, plaintext_token_H, plaintext_token_H_length);
   /*
   // TODO: Better return value handling.
@@ -199,7 +201,8 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
     printf("Somehow not the entire token was encoded in base64:0x%x\n", base64_encoded_token_H_length); fflush(stdout); return 0x55;
   }
   */
-	printf("Successfully done Local attestation\n");
+        free(encrypted_token_H_and_tag); 
+        free(plaintext_token_H); 
 	fflush(stdout);
 	return 0;
 }
@@ -210,12 +213,12 @@ uint32_t base64_decoding_on_all_client_data(unsigned char* ip_base64_client_publ
   uint32_t* op_client_public_key_ciphertext_length
 )
 {
-    uint32_t openssl_ret_status;
+/*    uint32_t openssl_ret_status;
     openssl_ret_status=base64_decoding_wrapper(ip_base64_client_public_key_ciphertext, op_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length);
     if(openssl_ret_status == -1)
       	return 0xfe;
     *op_client_public_key_ciphertext_length = openssl_ret_status; 
-    return 0;
+*/    return 0;
 
 }
 
@@ -228,11 +231,11 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
   uint32_t* op_plaintext_length
 )
 {
-/*  unsigned char* ciphertext_to_decryptor; const char *ciphertext_from_decryptor;
+ unsigned char* ciphertext_to_decryptor, *ciphertext_from_decryptor;
   uint32_t ciphertext_to_decryptor_length, ciphertext_from_decryptor_length;
-  uint32_t internal_return_status;
+  uint32_t internal_return_status; uint32_t counter;
   protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg; 
-
+  std::string protobuf_encrypted_msg_string;
   // Encrypting to the decryptor enclave
   ciphertext_to_decryptor=(unsigned char*) malloc(ip_base64_client_public_key_ciphertext_length + 16);
   internal_return_status = aes_gcm_wrapper(1, ip_base64_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length,
@@ -244,12 +247,16 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
     return internal_return_status;
   }
 
+  printf("Sending this ciphertext and tag to the decryptor enclave:\n"); 
+  for(counter=0;counter< ciphertext_to_decryptor_length;counter++)
+	printf("0x%02x ", ciphertext_to_decryptor[counter]); 
+  printf("\n"); fflush(stdout);
   // write message to decryptor
   protobuf_encrypted_msg.set_msg( ciphertext_to_decryptor , ciphertext_to_decryptor_length );
   free(ciphertext_to_decryptor);
 	if(write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_encrypted_msg)!=0)
 	{
-		printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout); return 0xfe;
+		printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout);   return 0xfe;
 	}
 
 	// clear the message before setting it again
@@ -262,15 +269,24 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
 		printf("Not all of the decryptor's message was read\n"); fflush(stdout); return 0xf3;
 	}
 	printf("Done reading msg from decryptor\n"); fflush(stdout);
-  ciphertext_from_decryptor_length = protobuf_encrypted_msg.msg().length();
-  ciphertext_from_decryptor = protobuf_encrypted_msg.msg().c_str();
+
+  protobuf_encrypted_msg_string=std::string(protobuf_encrypted_msg.msg());
+  ciphertext_from_decryptor_length=protobuf_encrypted_msg_string.length();
+  ciphertext_from_decryptor = (unsigned char*) malloc(ciphertext_from_decryptor_length);
+  memcpy(ciphertext_from_decryptor, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
+
+  printf("Got this ciphertext and tag from the decryptor enclave"); 
+  for(counter=0;counter< ciphertext_from_decryptor_length;counter++)
+        printf("0x%02x ", ciphertext_from_decryptor[counter]); 
+  printf("\n");
 
   // Decrypt data from decryptor
-  internal_return_status = aes_gcm_wrapper(0, (unsigned char*) ciphertext_from_decryptor, ciphertext_from_decryptor_length,
+/*  internal_return_status = aes_gcm_wrapper(0,  ciphertext_from_decryptor, ciphertext_from_decryptor_length,
     op_plaintext, op_plaintext_length
   );
-  if(internal_return_status != 0)
-    return internal_return_status;
 */
-  return 0;
+    internal_return_status = 0x34; 
+    free(ciphertext_from_decryptor); 
+    return internal_return_status;
+
 }

SgxProtobufLAInitiator.cpp

@@ -106,14 +106,17 @@ uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_
   uint32_t aes_gcm_wrapper(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length)
 
 {
+    uint32_t actual_plaintext_length=plaintext_length; 
+
 	memset(iv, 0, 12);
   uint8_t tag[16];uint32_t counter; uint32_t return_status;
   if(enc == 0)
   {
     for(counter=0;counter<16;counter++)
-      tag[counter] = plaintext[counter + plaintext_length];
+	tag[counter] = plaintext[counter + plaintext_length - 16]; 
+    actual_plaintext_length-=16;
   }
-  return_status = aes_gcm_128(enc, key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
+  return_status = aes_gcm_128(enc, key, iv, plaintext, actual_plaintext_length, ciphertext, ciphertext_length, tag);
   if(enc == 1)
   {
     for(counter=0;counter<16;counter++)

systemMain.cpp

@@ -9,7 +9,7 @@
 //#include <sys/stat.h>
 #include <stdio.h>
 
-//#include "crypto.h"
+#include "crypto.h"
 #include "ProtobufLAInitiator.h"
 using namespace std;
 
@@ -42,6 +42,7 @@ class Mitigator : public Php::Base
 			uint32_t return_sgx, count, base64_encoded_token_H_length;
 			unsigned char* base64_encoded_mitigator_header_and_value;
 
+			base64_encoded_mitigator_header_and_value = (unsigned char*) malloc( 400  ); 
 			//		unsigned char base64_encoded_mitigator_header[229] ; //216=(ceil(160/3) * 4) + 1 (for null character) + 21 for "Mitigator-Public-Key"
 			memcpy(base64_encoded_mitigator_header_and_value, mitigator_pubkey_header.c_str(), mitigator_pubkey_header.length());
 			return_sgx = local_attestation_initiator(DECRYPTOR_PORT);
@@ -60,7 +61,6 @@ class Mitigator : public Php::Base
 			else {
 				printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT);
 				fflush(stdout);
-				base64_encoded_mitigator_header_and_value = (unsigned char*) malloc(400);
 				return_sgx= post_local_attestation_get_mitigator_header(base64_encoded_mitigator_header_and_value + mitigator_pubkey_header.length(),
 					&base64_encoded_token_H_length);
 				if(return_sgx != 0)
@@ -70,6 +70,7 @@ class Mitigator : public Php::Base
 				}
 				mitigator_pubkey_header_value=std::string((char*)base64_encoded_mitigator_header_and_value,mitigator_pubkey_header.length()+base64_encoded_token_H_length);
 			}
+			free(base64_encoded_mitigator_header_and_value); 
 		}
 
 		static Php::Value get_mitigator_header()
@@ -79,45 +80,63 @@ class Mitigator : public Php::Base
 
 		static Php::Value php_decrypt_wrapper(Php::Parameters &params   )
 		{
-/*
+
 			unsigned char* plaintext_user_data, * base64_client_ciphertext, *base64_client_public_key, *base64_client_data, *client_data;
 			uint32_t plaintext_length, base64_client_ciphertext_length, base64_client_public_key_length, base64_client_data_length, client_data_length, ret_status, counter;
 			std::string plaintext_user_data_str; 
-
+			uint32_t old_client_data_length; 
 			base64_client_ciphertext = (unsigned char*) static_cast<const char*>(params[1]);
 			base64_client_public_key = (unsigned char*) static_cast<const char*>(params[0]);
 			base64_client_ciphertext_length = params[1].size();
 			base64_client_public_key_length = params[0].size();
-			base64_client_data = (unsigned char*) malloc(params[1].size() + params[0].size());
-			memcpy(base64_client_data, base64_client_public_key, base64_client_public_key_length);
-			memcpy(base64_client_data + base64_client_public_key_length, base64_client_ciphertext, base64_client_ciphertext_length);
-			base64_client_data_length = base64_client_public_key_length + base64_client_ciphertext_length;
+			
 
 			plaintext_user_data = (unsigned char*) malloc( base64_client_ciphertext_length );
+			plaintext_length = base64_client_ciphertext_length;
 			memcpy(plaintext_user_data, base64_client_ciphertext, base64_client_ciphertext_length);
 			plaintext_user_data_str = std::string((char*) plaintext_user_data, base64_client_ciphertext_length); 
 
 			printf("Base64 encoded key:\n");
 			for(counter=0; counter < base64_client_public_key_length; counter++)
-				printf("%c", base64_client_data[counter]);
+				printf("%c", base64_client_public_key[counter]);
 			printf("\n"); fflush(stdout);
 
 			printf("Ciphertext received:\n");
-			for(counter=base64_client_public_key_length; counter < base64_client_public_key_length + base64_client_ciphertext_length; counter++ )
-				printf("%02x", base64_client_data[counter]);
+			for(counter=0; counter < base64_client_ciphertext_length; counter++ )
+				printf("%c", base64_client_ciphertext[counter]);
 			printf("\n"); fflush(stdout);
-			/*
-			client_data = (unsigned char*) malloc(base64_client_data_length); 
-			ret_status = base64_decoding_on_all_client_data(base64_client_data, base64_client_data_length, client_data, &client_data_length);
-			free(base64_client_data);
+			
+			client_data = (unsigned char*) malloc(base64_client_ciphertext_length + base64_client_public_key_length); 
+			ret_status = base64_decoding_wrapper(client_data, base64_client_public_key, base64_client_public_key_length);
 			if(ret_status<=0)
 			{
-				printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
-				free(plaintext_user_data);
-				free(client_data);
-				return plaintext_user_data_str; 
+                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
+                                free(plaintext_user_data);
+                                free(client_data);
+                                return plaintext_user_data_str; 
 			}
-
+			client_data_length = ret_status; 
+			old_client_data_length=client_data_length; 
+			printf("Client public key:\n"); 
+			for(counter=0; counter<client_data_length; counter++)
+				printf("%d ", client_data[counter]);
+
+
+                        ret_status = base64_decoding_wrapper(client_data + client_data_length, base64_client_ciphertext, base64_client_ciphertext_length);
+                        if(ret_status<=0)
+                        {
+                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
+                                free(plaintext_user_data);
+                                free(client_data);
+                                return plaintext_user_data_str; 
+                        }
+                        client_data_length += ret_status; 
+
+			printf("\n Ciphertext from client:\n"); 
+                        for(counter=old_client_data_length; counter<client_data_length; counter++)
+                                printf("%d ", client_data[counter]);
+			printf("\n"); fflush(stdout);
+			
 			ret_status=decrypt_client_data_through_decryptor(client_data, client_data_length, (unsigned char*) plaintext_user_data, &plaintext_length);
 			if(ret_status != 0)
 			{
@@ -129,16 +148,13 @@ class Mitigator : public Php::Base
 			
 			printf("Going to return this plaintext:\n");
 			for(counter=0;counter<plaintext_length;counter++)
-				printf("0x%02x ", plaintext_user_data[counter]);
+				printf("%c", plaintext_user_data[counter]);
 			fflush(stdout);
 
-//			plaintext_user_data_str = std::string((char*) plaintext_user_data, plaintext_length);
+			plaintext_user_data_str = std::string((char*) plaintext_user_data, plaintext_length);
 			free(plaintext_user_data); 
-//			free(base64_client_data);
-
+			free(client_data); 
 			return plaintext_user_data_str;
-*/
-			return params[1];
 		}
 };