|
@@ -167,17 +167,19 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
|
|
encrypted_token_H_and_tag_length=protobuf_encrypted_msg_string.length();
|
|
encrypted_token_H_and_tag_length=protobuf_encrypted_msg_string.length();
|
|
encrypted_token_H_and_tag = (unsigned char*) malloc(encrypted_token_H_and_tag_length);
|
|
encrypted_token_H_and_tag = (unsigned char*) malloc(encrypted_token_H_and_tag_length);
|
|
memcpy(encrypted_token_H_and_tag, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
|
|
memcpy(encrypted_token_H_and_tag, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
|
|
-
|
|
|
|
|
|
+
|
|
printf("Read the following encrypted token T and tag from the decryptor socket.\n"); fflush(stdout);
|
|
printf("Read the following encrypted token T and tag from the decryptor socket.\n"); fflush(stdout);
|
|
printf("Encrypted data:\n");
|
|
printf("Encrypted data:\n");
|
|
for(count=0; count<encrypted_token_H_and_tag_length; count++)
|
|
for(count=0; count<encrypted_token_H_and_tag_length; count++)
|
|
printf("0x%02x ", encrypted_token_H_and_tag[count]);
|
|
printf("0x%02x ", encrypted_token_H_and_tag[count]);
|
|
printf("\n"); fflush(stdout);
|
|
printf("\n"); fflush(stdout);
|
|
-
|
|
|
|
|
|
+ plaintext_token_H=(unsigned char*) malloc(encrypted_token_H_and_tag_length);
|
|
// TODO: Modify aes_gcm_wrapper to do the thing where it takes care of the tag internally.
|
|
// TODO: Modify aes_gcm_wrapper to do the thing where it takes care of the tag internally.
|
|
internal_return_status = aes_gcm_wrapper(0, encrypted_token_H_and_tag, encrypted_token_H_and_tag_length, plaintext_token_H, &plaintext_token_H_length);
|
|
internal_return_status = aes_gcm_wrapper(0, encrypted_token_H_and_tag, encrypted_token_H_and_tag_length, plaintext_token_H, &plaintext_token_H_length);
|
|
if(internal_return_status != 0)
|
|
if(internal_return_status != 0)
|
|
{
|
|
{
|
|
|
|
+ free(encrypted_token_H_and_tag);
|
|
|
|
+ free(plaintext_token_H);
|
|
printf("Error in decryption 0x%x", internal_return_status); fflush(stdout); return internal_return_status;
|
|
printf("Error in decryption 0x%x", internal_return_status); fflush(stdout); return internal_return_status;
|
|
}
|
|
}
|
|
|
|
|
|
@@ -190,7 +192,7 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
|
|
for(count=64;count<96;count++)
|
|
for(count=64;count<96;count++)
|
|
printf("0x%02x ", plaintext_token_H[count]);
|
|
printf("0x%02x ", plaintext_token_H[count]);
|
|
printf("\n"); fflush(stdout);
|
|
printf("\n"); fflush(stdout);
|
|
-
|
|
|
|
|
|
+
|
|
*base64_encoded_token_H_length=base64_encoding_wrapper(base64_encoded_token_H, plaintext_token_H, plaintext_token_H_length);
|
|
*base64_encoded_token_H_length=base64_encoding_wrapper(base64_encoded_token_H, plaintext_token_H, plaintext_token_H_length);
|
|
/*
|
|
/*
|
|
// TODO: Better return value handling.
|
|
// TODO: Better return value handling.
|
|
@@ -199,7 +201,8 @@ uint32_t post_local_attestation_get_mitigator_header(unsigned char* base64_encod
|
|
printf("Somehow not the entire token was encoded in base64:0x%x\n", base64_encoded_token_H_length); fflush(stdout); return 0x55;
|
|
printf("Somehow not the entire token was encoded in base64:0x%x\n", base64_encoded_token_H_length); fflush(stdout); return 0x55;
|
|
}
|
|
}
|
|
*/
|
|
*/
|
|
- printf("Successfully done Local attestation\n");
|
|
|
|
|
|
+ free(encrypted_token_H_and_tag);
|
|
|
|
+ free(plaintext_token_H);
|
|
fflush(stdout);
|
|
fflush(stdout);
|
|
return 0;
|
|
return 0;
|
|
}
|
|
}
|
|
@@ -210,12 +213,12 @@ uint32_t base64_decoding_on_all_client_data(unsigned char* ip_base64_client_publ
|
|
uint32_t* op_client_public_key_ciphertext_length
|
|
uint32_t* op_client_public_key_ciphertext_length
|
|
)
|
|
)
|
|
{
|
|
{
|
|
- uint32_t openssl_ret_status;
|
|
|
|
|
|
+/* uint32_t openssl_ret_status;
|
|
openssl_ret_status=base64_decoding_wrapper(ip_base64_client_public_key_ciphertext, op_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length);
|
|
openssl_ret_status=base64_decoding_wrapper(ip_base64_client_public_key_ciphertext, op_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length);
|
|
if(openssl_ret_status == -1)
|
|
if(openssl_ret_status == -1)
|
|
return 0xfe;
|
|
return 0xfe;
|
|
*op_client_public_key_ciphertext_length = openssl_ret_status;
|
|
*op_client_public_key_ciphertext_length = openssl_ret_status;
|
|
- return 0;
|
|
|
|
|
|
+*/ return 0;
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
@@ -228,11 +231,11 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
|
|
uint32_t* op_plaintext_length
|
|
uint32_t* op_plaintext_length
|
|
)
|
|
)
|
|
{
|
|
{
|
|
-/* unsigned char* ciphertext_to_decryptor; const char *ciphertext_from_decryptor;
|
|
|
|
|
|
+ unsigned char* ciphertext_to_decryptor, *ciphertext_from_decryptor;
|
|
uint32_t ciphertext_to_decryptor_length, ciphertext_from_decryptor_length;
|
|
uint32_t ciphertext_to_decryptor_length, ciphertext_from_decryptor_length;
|
|
- uint32_t internal_return_status;
|
|
|
|
|
|
+ uint32_t internal_return_status; uint32_t counter;
|
|
protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
|
|
protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
|
|
-
|
|
|
|
|
|
+ std::string protobuf_encrypted_msg_string;
|
|
// Encrypting to the decryptor enclave
|
|
// Encrypting to the decryptor enclave
|
|
ciphertext_to_decryptor=(unsigned char*) malloc(ip_base64_client_public_key_ciphertext_length + 16);
|
|
ciphertext_to_decryptor=(unsigned char*) malloc(ip_base64_client_public_key_ciphertext_length + 16);
|
|
internal_return_status = aes_gcm_wrapper(1, ip_base64_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length,
|
|
internal_return_status = aes_gcm_wrapper(1, ip_base64_client_public_key_ciphertext, ip_base64_client_public_key_ciphertext_length,
|
|
@@ -244,12 +247,16 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
|
|
return internal_return_status;
|
|
return internal_return_status;
|
|
}
|
|
}
|
|
|
|
|
|
|
|
+ printf("Sending this ciphertext and tag to the decryptor enclave:\n");
|
|
|
|
+ for(counter=0;counter< ciphertext_to_decryptor_length;counter++)
|
|
|
|
+ printf("0x%02x ", ciphertext_to_decryptor[counter]);
|
|
|
|
+ printf("\n"); fflush(stdout);
|
|
// write message to decryptor
|
|
// write message to decryptor
|
|
protobuf_encrypted_msg.set_msg( ciphertext_to_decryptor , ciphertext_to_decryptor_length );
|
|
protobuf_encrypted_msg.set_msg( ciphertext_to_decryptor , ciphertext_to_decryptor_length );
|
|
free(ciphertext_to_decryptor);
|
|
free(ciphertext_to_decryptor);
|
|
if(write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_encrypted_msg)!=0)
|
|
if(write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_encrypted_msg)!=0)
|
|
{
|
|
{
|
|
- printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout); return 0xfe;
|
|
|
|
|
|
+ printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout); return 0xfe;
|
|
}
|
|
}
|
|
|
|
|
|
// clear the message before setting it again
|
|
// clear the message before setting it again
|
|
@@ -262,15 +269,24 @@ int decrypt_client_data_through_decryptor( unsigned char* ip_base64_client_publi
|
|
printf("Not all of the decryptor's message was read\n"); fflush(stdout); return 0xf3;
|
|
printf("Not all of the decryptor's message was read\n"); fflush(stdout); return 0xf3;
|
|
}
|
|
}
|
|
printf("Done reading msg from decryptor\n"); fflush(stdout);
|
|
printf("Done reading msg from decryptor\n"); fflush(stdout);
|
|
- ciphertext_from_decryptor_length = protobuf_encrypted_msg.msg().length();
|
|
|
|
- ciphertext_from_decryptor = protobuf_encrypted_msg.msg().c_str();
|
|
|
|
|
|
+
|
|
|
|
+ protobuf_encrypted_msg_string=std::string(protobuf_encrypted_msg.msg());
|
|
|
|
+ ciphertext_from_decryptor_length=protobuf_encrypted_msg_string.length();
|
|
|
|
+ ciphertext_from_decryptor = (unsigned char*) malloc(ciphertext_from_decryptor_length);
|
|
|
|
+ memcpy(ciphertext_from_decryptor, protobuf_encrypted_msg_string.c_str(), protobuf_encrypted_msg_string.length());
|
|
|
|
+
|
|
|
|
+ printf("Got this ciphertext and tag from the decryptor enclave");
|
|
|
|
+ for(counter=0;counter< ciphertext_from_decryptor_length;counter++)
|
|
|
|
+ printf("0x%02x ", ciphertext_from_decryptor[counter]);
|
|
|
|
+ printf("\n");
|
|
|
|
|
|
// Decrypt data from decryptor
|
|
// Decrypt data from decryptor
|
|
- internal_return_status = aes_gcm_wrapper(0, (unsigned char*) ciphertext_from_decryptor, ciphertext_from_decryptor_length,
|
|
|
|
|
|
+/* internal_return_status = aes_gcm_wrapper(0, ciphertext_from_decryptor, ciphertext_from_decryptor_length,
|
|
op_plaintext, op_plaintext_length
|
|
op_plaintext, op_plaintext_length
|
|
);
|
|
);
|
|
- if(internal_return_status != 0)
|
|
|
|
- return internal_return_status;
|
|
|
|
*/
|
|
*/
|
|
- return 0;
|
|
|
|
|
|
+ internal_return_status = 0x34;
|
|
|
|
+ free(ciphertext_from_decryptor);
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
}
|
|
}
|