Home Explore Help
Sign In
miti
/
Apache_PHP_extension
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

decrypt_client_data does not crash but it does not work in tandem with the decryptor. Uncommenting both causes both to crash coz of freeing issues.

dettanym 6 years ago
parent
6a61074ed8
commit
5e21212d5a
5 changed files with 80 additions and 45 deletions
Split View Show Diff Stats
  1. 1 1
      Makefile
  2. 32 16
      ProtobufLAInitiator.cpp
  3. 5 2
      SgxProtobufLAInitiator.cpp
  4. BIN
      localattestation_decryption.so
  5. 42 26
      systemMain.cpp

+ 1 - 1
Makefile
View File 

@@ -36,7 +36,7 @@ crypto.o: crypto.cpp
 
 	g++ -I${Openssl_Path}/include ${CXX_FLAGS} -c $^ -o $@
 
 
 localattestation_decryption.so:  systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o
 
-	${CXX} ${LD_FLAGS} -Wl,--no-undefined systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o  -lphpcpp -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib    -L${Openssl_Path}/lib -lssl -lcrypto   -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -Wl,--verbose -o $@ 
+	${CXX} ${LD_FLAGS} -Wl,--no-undefined systemMain.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o  -lphpcpp -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib    -L${Openssl_Path}/lib -lssl -lcrypto   -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -o $@ 
 #ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o 
 # -L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc -lprotobuf -Wl,--rpath /home/m2mazmud/plain-openssl/lib   -L${Openssl_Path}/lib -lssl -lcrypto  -Wl,-Bsymbolic -Wl,-pie,-eenclave_entry -Wl,--export-dynamic  -Wl,--verbose -lphpcpp -lprotobuf  -o $@
 
 #ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o

+ 32 - 16
ProtobufLAInitiator.cpp
View File 

@@ -167,17 +167,19 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
 
   encrypted_token_H_and_tag_length=protobuf_encrypted_msg_string.length();
 
   encrypted_token_H_and_tag = (unsigned char*) malloc(encrypted_token_H_and_tag_length);
 
   memcpy(encrypted_token_H_and_tag, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
 
-
 
+  
   printf("Read the following encrypted token T and tag from the decryptor socket.\n"); fflush(stdout);
 
 	printf("Encrypted data:\n");
 
 	for(count=0; count<encrypted_token_H_and_tag_length; count++)
 
 		printf("0x%02x ", encrypted_token_H_and_tag[count]);
 
 	printf("\n"); fflush(stdout);
 
-
 
+ plaintext_token_H=(unsigned char*) malloc(encrypted_token_H_and_tag_length); 
   // TODO: Modify aes_gcm_wrapper to do the thing where it takes care of the tag internally.
 
 	internal_return_status = aes_gcm_wrapper(0, encrypted_token_H_and_tag, encrypted_token_H_and_tag_length, plaintext_token_H, &plaintext_token_H_length);
 
 	if(internal_return_status != 0)
 
 	{
 
+	free(encrypted_token_H_and_tag); 
+	free(plaintext_token_H); 
     printf("Error in decryption 0x%x", internal_return_status); fflush(stdout); return internal_return_status;
 
 	}
 
 
@@ -190,7 +192,7 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
 
 	for(count=64;count<96;count++)
 
     printf("0x%02x ", plaintext_token_H[count]);
 
 	printf("\n"); fflush(stdout);
 
-
 
+	 
 	*base64_encoded_token_H_length=base64_encoding_wrapper(base64_encoded_token_H, plaintext_token_H, plaintext_token_H_length);
 
   /*
 
   // TODO: Better return value handling.
 
@@ -199,7 +201,8 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
 
     printf("Somehow not the entire token was encoded in base64:0x%x\n", base64_encoded_token_H_length); fflush(stdout); return 0x55;
 
   }
 
   */
 
-	printf("Successfully done Local attestation\n");
 
+        free(encrypted_token_H_and_tag); 
+        free(plaintext_token_H); 
 	fflush(stdout);
 
 	return 0;
 
 }
 
@@ -210,12 +213,12 @@ uint32_t base64_decoding_on_all_client_data(unsigned char* ip_base64_client_publ
 
   uint32_t* op_client_public_key_ciphertext_length
 
 )
 
 {
 
-    uint32_t openssl_ret_status;
 
+/*    uint32_t openssl_ret_status;
 
     openssl_ret_status=base64_decoding_wrapper(ip_base64_client_public_key_ciphertext, op_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length);
 
     if(openssl_ret_status == -1)
 
       	return 0xfe;
 
     *op_client_public_key_ciphertext_length = openssl_ret_status; 
-    return 0;
 
+*/    return 0;
 
 
 }
 
 
@@ -228,11 +231,11 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
 
   uint32_t* op_plaintext_length
 
 )
 
 {
 
-/*  unsigned char* ciphertext_to_decryptor; const char *ciphertext_from_decryptor;
 
+ unsigned char* ciphertext_to_decryptor, *ciphertext_from_decryptor;
 
   uint32_t ciphertext_to_decryptor_length, ciphertext_from_decryptor_length;
 
-  uint32_t internal_return_status;
 
+  uint32_t internal_return_status; uint32_t counter;
 
   protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg; 
-
 
+  std::string protobuf_encrypted_msg_string;
 
   // Encrypting to the decryptor enclave
 
   ciphertext_to_decryptor=(unsigned char*) malloc(ip_base64_client_public_key_ciphertext_length + 16);
 
   internal_return_status = aes_gcm_wrapper(1, ip_base64_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length,
 
@@ -244,12 +247,16 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
 
     return internal_return_status;
 
   }
 
 
+  printf("Sending this ciphertext and tag to the decryptor enclave:\n"); 
+  for(counter=0;counter< ciphertext_to_decryptor_length;counter++)
 
+	printf("0x%02x ", ciphertext_to_decryptor[counter]); 
+  printf("\n"); fflush(stdout);
 
   // write message to decryptor
 
   protobuf_encrypted_msg.set_msg( ciphertext_to_decryptor , ciphertext_to_decryptor_length );
 
   free(ciphertext_to_decryptor);
 
 	if(write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_encrypted_msg)!=0)
 
 	{
 
-		printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout); return 0xfe;
 
+		printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout);   return 0xfe;
 
 	}
 
 
 	// clear the message before setting it again
 
@@ -262,15 +269,24 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
 
 		printf("Not all of the decryptor's message was read\n"); fflush(stdout); return 0xf3;
 
 	}
 
 	printf("Done reading msg from decryptor\n"); fflush(stdout);
 
-  ciphertext_from_decryptor_length = protobuf_encrypted_msg.msg().length();
 
-  ciphertext_from_decryptor = protobuf_encrypted_msg.msg().c_str();
 
+
 
+  protobuf_encrypted_msg_string=std::string(protobuf_encrypted_msg.msg());
 
+  ciphertext_from_decryptor_length=protobuf_encrypted_msg_string.length();
 
+  ciphertext_from_decryptor = (unsigned char*) malloc(ciphertext_from_decryptor_length);
 
+  memcpy(ciphertext_from_decryptor, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
 
+
 
+  printf("Got this ciphertext and tag from the decryptor enclave"); 
+  for(counter=0;counter< ciphertext_from_decryptor_length;counter++)
 
+        printf("0x%02x ", ciphertext_from_decryptor[counter]); 
+  printf("\n");
 
 
   // Decrypt data from decryptor
 
-  internal_return_status = aes_gcm_wrapper(0, (unsigned char*) ciphertext_from_decryptor, ciphertext_from_decryptor_length,
 
+/*  internal_return_status = aes_gcm_wrapper(0,  ciphertext_from_decryptor, ciphertext_from_decryptor_length,
 
     op_plaintext, op_plaintext_length
 
   );
 
-  if(internal_return_status != 0)
 
-    return internal_return_status;
 
 */
 
-  return 0;
 
+    internal_return_status = 0x34; 
+    free(ciphertext_from_decryptor); 
+    return internal_return_status;
 
+
 
 }

+ 5 - 2
SgxProtobufLAInitiator.cpp
View File 

@@ -106,14 +106,17 @@ uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_
 
   uint32_t aes_gcm_wrapper(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length)
 
 
 {
 
+    uint32_t actual_plaintext_length=plaintext_length; 
+
 
 	memset(iv, 0, 12);
 
   uint8_t tag[16];uint32_t counter; uint32_t return_status;
 
   if(enc == 0)
 
   {
 
     for(counter=0;counter<16;counter++)
 
-      tag[counter] = plaintext[counter + plaintext_length];
 
+	tag[counter] = plaintext[counter + plaintext_length - 16]; 
+    actual_plaintext_length-=16;
 
   }
 
-  return_status = aes_gcm_128(enc, key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
 
+  return_status = aes_gcm_128(enc, key, iv, plaintext, actual_plaintext_length, ciphertext, ciphertext_length, tag);
 
   if(enc == 1)
 
   {
 
     for(counter=0;counter<16;counter++)

BIN
localattestation_decryption.so
View File


+ 42 - 26
systemMain.cpp
View File 

@@ -9,7 +9,7 @@
 
 //#include <sys/stat.h>
 
 #include <stdio.h>
 
 
-//#include "crypto.h"
 
+#include "crypto.h"
 
 #include "ProtobufLAInitiator.h"
 
 using namespace std;
 
 
@@ -42,6 +42,7 @@ class Mitigator : public Php::Base
 
 			uint32_t return_sgx, count, base64_encoded_token_H_length;
 
 			unsigned char* base64_encoded_mitigator_header_and_value;
 
 
+			base64_encoded_mitigator_header_and_value = (unsigned char*) malloc( 400  ); 
 			//		unsigned char base64_encoded_mitigator_header[229] ; //216=(ceil(160/3) * 4) + 1 (for null character) + 21 for "Mitigator-Public-Key"
 
 			memcpy(base64_encoded_mitigator_header_and_value, mitigator_pubkey_header.c_str(), mitigator_pubkey_header.length());
 
 			return_sgx = local_attestation_initiator(DECRYPTOR_PORT);
 
@@ -60,7 +61,6 @@ class Mitigator : public Php::Base
 
 			else {
 
 				printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT);
 
 				fflush(stdout);
 
-				base64_encoded_mitigator_header_and_value = (unsigned char*) malloc(400);
 
 				return_sgx= post_local_attestation_get_mitigator_header(base64_encoded_mitigator_header_and_value + mitigator_pubkey_header.length(),
 
 					&base64_encoded_token_H_length);
 
 				if(return_sgx != 0)
 
@@ -70,6 +70,7 @@ class Mitigator : public Php::Base
 
 				}
 
 				mitigator_pubkey_header_value=std::string((char*)base64_encoded_mitigator_header_and_value,mitigator_pubkey_header.length()+base64_encoded_token_H_length);
 
 			}
 
+			free(base64_encoded_mitigator_header_and_value); 
 		}
 
 
 		static Php::Value get_mitigator_header()
 
@@ -79,45 +80,63 @@ class Mitigator : public Php::Base
 
 
 		static Php::Value php_decrypt_wrapper(Php::Parameters &params   )
 
 		{
 
-/*
 
+
 
 			unsigned char* plaintext_user_data, * base64_client_ciphertext, *base64_client_public_key, *base64_client_data, *client_data;
 
 			uint32_t plaintext_length, base64_client_ciphertext_length, base64_client_public_key_length, base64_client_data_length, client_data_length, ret_status, counter;
 
 			std::string plaintext_user_data_str; 
-
 
+			uint32_t old_client_data_length; 
 			base64_client_ciphertext = (unsigned char*) static_cast<const char*>(params[1]);
 
 			base64_client_public_key = (unsigned char*) static_cast<const char*>(params[0]);
 
 			base64_client_ciphertext_length = params[1].size();
 
 			base64_client_public_key_length = params[0].size();
 
-			base64_client_data = (unsigned char*) malloc(params[1].size() + params[0].size());
 
-			memcpy(base64_client_data, base64_client_public_key, base64_client_public_key_length);
 
-			memcpy(base64_client_data + base64_client_public_key_length, base64_client_ciphertext, base64_client_ciphertext_length);
 
-			base64_client_data_length = base64_client_public_key_length + base64_client_ciphertext_length;
 
+			
 
 			plaintext_user_data = (unsigned char*) malloc( base64_client_ciphertext_length );
 
+			plaintext_length = base64_client_ciphertext_length;
 
 			memcpy(plaintext_user_data, base64_client_ciphertext, base64_client_ciphertext_length);
 
 			plaintext_user_data_str = std::string((char*) plaintext_user_data, base64_client_ciphertext_length); 
 
 			printf("Base64 encoded key:\n");
 
 			for(counter=0; counter < base64_client_public_key_length; counter++)
 
-				printf("%c", base64_client_data[counter]);
 
+				printf("%c", base64_client_public_key[counter]);
 
 			printf("\n"); fflush(stdout);
 
 
 			printf("Ciphertext received:\n");
 
-			for(counter=base64_client_public_key_length; counter < base64_client_public_key_length + base64_client_ciphertext_length; counter++ )
 
-				printf("%02x", base64_client_data[counter]);
 
+			for(counter=0; counter < base64_client_ciphertext_length; counter++ )
 
+				printf("%c", base64_client_ciphertext[counter]);
 
 			printf("\n"); fflush(stdout);
 
-			/*
 
-			client_data = (unsigned char*) malloc(base64_client_data_length); 
-			ret_status = base64_decoding_on_all_client_data(base64_client_data, base64_client_data_length, client_data, &client_data_length);
 
-			free(base64_client_data);
 
+			
+			client_data = (unsigned char*) malloc(base64_client_ciphertext_length + base64_client_public_key_length); 
+			ret_status = base64_decoding_wrapper(client_data, base64_client_public_key, base64_client_public_key_length);
 
 			if(ret_status<=0)
 
 			{
 
-				printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
-				free(plaintext_user_data);
 
-				free(client_data);
 
-				return plaintext_user_data_str; 
+                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
+                                free(plaintext_user_data);
 
+                                free(client_data);
 
+                                return plaintext_user_data_str; 
 			}
 
-
 
+			client_data_length = ret_status; 
+			old_client_data_length=client_data_length; 
+			printf("Client public key:\n"); 
+			for(counter=0; counter<client_data_length; counter++)
 
+				printf("%d ", client_data[counter]);
 
+
 
+
 
+                        ret_status = base64_decoding_wrapper(client_data + client_data_length, base64_client_ciphertext, base64_client_ciphertext_length);
 
+                        if(ret_status<=0)
 
+                        {
 
+                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
+                                free(plaintext_user_data);
 
+                                free(client_data);
 
+                                return plaintext_user_data_str; 
+                        }
 
+                        client_data_length += ret_status; 
+
 
+			printf("\n Ciphertext from client:\n"); 
+                        for(counter=old_client_data_length; counter<client_data_length; counter++)
 
+                                printf("%d ", client_data[counter]);
 
+			printf("\n"); fflush(stdout);
 
+			
 			ret_status=decrypt_client_data_through_decryptor(client_data, client_data_length, (unsigned char*) plaintext_user_data, &plaintext_length);
 
 			if(ret_status != 0)
 
 			{
 
@@ -129,16 +148,13 @@ class Mitigator : public Php::Base
 
 			
 			printf("Going to return this plaintext:\n");
 
 			for(counter=0;counter<plaintext_length;counter++)
 
-				printf("0x%02x ", plaintext_user_data[counter]);
 
+				printf("%c", plaintext_user_data[counter]);
 
 			fflush(stdout);
 
 
-//			plaintext_user_data_str = std::string((char*) plaintext_user_data, plaintext_length);
 
+			plaintext_user_data_str = std::string((char*) plaintext_user_data, plaintext_length);
 
 			free(plaintext_user_data); 
-//			free(base64_client_data);
 
-
 
+			free(client_data); 
 			return plaintext_user_data_str;
 
-*/
 
-			return params[1];
 
 		}
 
 };