Bläddra i källkod

Compiles, links - Modified for handling multiple form fields correctly.

dettanym 5 år sedan
4 ändrade filer med 79 tillägg och 103 borttagningar
  1. 65 89
  2. 2 2
  3. 1 1
  4. 11 11

+ 65 - 89

@@ -73,6 +73,29 @@ bool write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& mess
   return true;
+void create_vector_from_protobuf(extension_to_decryptor_enclosed_msg &protobuf_ext_to_decryptor,
+                                 std::vector<std::string> &binary_ciphertext_client_data)
+    uint32_t temp_size, counter;
+    binary_ciphertext_client_data.push_back(protobuf_ext_to_decryptor.ciphertext_client_public_key());
+    temp_size=protobuf_ext_to_decryptor.ciphertext_fields_size();
+    for(counter=0; counter<temp_size; counter++)
+        binary_ciphertext_client_data.push_back(protobuf_ext_to_decryptor.ciphertext_fields(counter).field());
+void create_protobuf_from_vector(std::vector<std::string> &double_ciphertext_client_data,
+                                 extension_to_decryptor_enclosed_msg &protobuf_ext_decryptor_msg)
+    uint32_t counter, temp_size;
+    protobuf_ext_decryptor_msg.set_ciphertext_client_public_key(double_ciphertext_client_data[0]);
+    temp_size=double_ciphertext_client_data.size()-1; // 1 for the public key.
+    for(counter=0; counter<temp_size; counter++)
+        protobuf_ext_decryptor_msg.mutable_ciphertext_fields(counter)->set_field(double_ciphertext_client_data[counter]);
 // Sets up a socket connected to the port passed as input - returns the socket FD on success and -1 on error.
 // Also prints the errno on error.
 int set_up_socket_connect(int port)
@@ -229,114 +252,67 @@ uint32_t base64_decoding_on_all_client_data(unsigned char* ip_base64_client_publ
-int exchange_ciphertext_fields_with_decryptor(unsigned char* input, uint32_t input_size,
-        unsigned char* output, uint32_t* output_size)
+int encrypt_decrypt_ciphertexts(int encrypt_decrypt, std::vector<std::string> &binary_ciphertext_client_data,
+        std::vector<std::string> &double_ciphertext_client_data)
-    // TODO: Initialize the extension_to_decryptor_ciphertext_msg protobuf with ciphertext from above.
-    extension_to_decryptor_ciphertext_msg protobuf_extension_to_decryptor_msg;
-    bool bool_return;
-    protobuf_extension_to_decryptor_msg.set_ciphertext_bytes(input, input_size);
+    unsigned char *ciphertext; unsigned char *double_ciphertext;
+    uint32_t ciphertext_size, double_ciphertext_size, ret;
+    double_ciphertext=NULL;
-    // Serialize that protobuf using the write_ call.
-    // write message to decryptor
-    if(!write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_extension_to_decryptor_msg))
-    {
-        printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout);
-        return 0xfe;
-    }
-    protobuf_extension_to_decryptor_msg.clear_ciphertext_bytes();
-    // read encrypted data
-    if(!read_protobuf_msg_from_fd(global_decryptor_fd, protobuf_extension_to_decryptor_msg))
+    for (std::string ciphertext_from_client:binary_ciphertext_client_data)
-        printf("Not all of the decryptor's message was read\n"); fflush(stdout);
-        return 0xf3;
+        ciphertext_size = ciphertext_from_client.length();
+        ciphertext = (unsigned char*) ciphertext_from_client.c_str();
+        double_ciphertext=(unsigned char*) realloc(double_ciphertext, ciphertext_size + 28); // 16 for tag, 12 for IV
+        ret = aes_gcm_wrapper(encrypt_decrypt, ciphertext, ciphertext_size, double_ciphertext, &double_ciphertext_size );
+        if(ret!=0)
+        {
+            free(double_ciphertext);
+            printf("Failed to encrypt a ciphertext field.\n"); fflush(stdout);
+            return 0x2;
+        }
+        double_ciphertext_client_data.push_back(std::string(reinterpret_cast<const char *> (double_ciphertext), double_ciphertext_size));
+    free(double_ciphertext);
-    // First parse to the extension_to_decryptor_ciphertext_msg protobuf
-    bool_return=protobuf_extension_to_decryptor_msg.SerializeToArray(output, protobuf_extension_to_decryptor_msg.ByteSize());
-    if(bool_return)
-    {
-        *output_size=protobuf_extension_to_decryptor_msg.ByteSize();
-        return 0;
-    }
-    else
-        return 0x55;
+    return 0;
 int decrypt_client_data_through_decryptor( std::vector<std::string> &binary_ciphertext_client_data,
         std::vector<std::string> &plaintext_client_data)
-    uint32_t counter, plaintext_size, ciphertext_size, size, double_ciphertext_size, ret;
-    unsigned char* plaintext, *ciphertext, *double_ciphertext;
+    uint32_t ret;
+    std::vector<std::string> double_ciphertext_client_data;
+    std::vector<std::string> received_ciphertext_client_data;
+    extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg;
-    extension_to_decryptor_enclosed_msg protobuf_client_to_decryptor_msg;
-    protobuf_client_to_decryptor_msg.set_ciphertext_client_public_key(binary_ciphertext_client_data[0]);
-    counter=0;
-    for (std::string ciphertext_from_client:binary_ciphertext_client_data)
-    {
-        // Put all fields in the order in which they come, into the enclosed protobuf - first one is client pub key, rest are ciphertexts
-        protobuf_client_to_decryptor_msg.mutable_ciphertext_fields(counter)->set_field(ciphertext_from_client);
-        counter++;
-    }
+    ret=encrypt_decrypt_ciphertexts(1, binary_ciphertext_client_data, double_ciphertext_client_data);
+    if(ret!=0)
+        return ret;
-    // Serializing the protobuf with all ciphertext client data.
-    ciphertext_size=protobuf_client_to_decryptor_msg.ByteSize();
-    ciphertext = (unsigned char*) malloc(ciphertext_size);
-    if(!protobuf_client_to_decryptor_msg.SerializeToArray(ciphertext, ciphertext_size))
-    {
-        free(ciphertext);
-        return 0x32;
-    }
+    create_protobuf_from_vector(double_ciphertext_client_data,
+                                protobuf_extension_decryptor_msg);
-    // Encrypting the serialized protobuf to the decryptor enclave
-    double_ciphertext = (unsigned char*) malloc(ciphertext_size + 20); // +20 for the tag (prolly 16 or w/e)
-    ret = aes_gcm_wrapper(1, ciphertext, ciphertext_size, double_ciphertext, &double_ciphertext_size );
-    if(ret != 0)
+    // write message to decryptor
+    if(!write_protobuf_msg_to_fd(global_decryptor_fd, protobuf_extension_decryptor_msg))
-        free(ciphertext); free(double_ciphertext);
-        printf("Error in encrypting to decryptor.\n"); fflush(stdout);
-        return 34;
+        printf("Not all of the client's pub key and ciphertext data was written\n"); fflush(stdout);
+        return 0xfe;
-    // Communicating with the decryptor enclave by transferring the serialized, encrypted buffer to another protobuf
-    // (no crypto in the php extension code for this function)
-    ret=exchange_ciphertext_fields_with_decryptor(double_ciphertext, double_ciphertext_size, ciphertext, &ciphertext_size);
-    free(double_ciphertext);
-    if(ret!=0)
-    {
-        free(ciphertext);
-        return ret;
-    }
+    protobuf_extension_decryptor_msg.clear_ciphertext_fields();
+    protobuf_extension_decryptor_msg.clear_ciphertext_client_public_key(); // not necessary.
-    // Decrypting from the decryptor enclave
-    plaintext=(unsigned char*)malloc(ciphertext_size);
-    ret = aes_gcm_wrapper(0, (unsigned char*) ciphertext, ciphertext_size,
-                                             plaintext, &plaintext_size);
-    free(ciphertext);
-    if(ret != 0)
+    // read encrypted data
+    if(!read_protobuf_msg_from_fd(global_decryptor_fd, protobuf_extension_decryptor_msg))
-        printf("Error in decrypting content from the decryptor.\n"); fflush(stdout);
-        return 36;
+        printf("Not all of the decryptor's message was read\n"); fflush(stdout);
+        return 0xf3;
-    // Getting a deserialized protobuf
-    protobuf_client_to_decryptor_msg.clear_ciphertext_fields();
-    if(!protobuf_client_to_decryptor_msg.ParseFromArray(plaintext, plaintext_size))
-    {
-        printf("Error in generating protobuf with plaintexts.\n"); fflush(stdout);
-        return 35;
-    }
-    free(plaintext);
+    create_vector_from_protobuf(protobuf_extension_decryptor_msg, received_ciphertext_client_data);
-    // Setting the output to elements in that protobuf.
-    size=protobuf_client_to_decryptor_msg.ciphertext_fields_size();
-    for(counter=0;counter<size;counter++)
-    {
-        plaintext_client_data.push_back(protobuf_client_to_decryptor_msg.ciphertext_fields(counter).field());
-    }
-    return 0;
+    ret=encrypt_decrypt_ciphertexts(0, received_ciphertext_client_data,
+            plaintext_client_data);
+    return ret;

+ 2 - 2

@@ -144,9 +144,9 @@ uint32_t base64_encoding_wrapper(unsigned char* dest, unsigned char* src, uint32
-uint32_t base64_decoding_wrapper(unsigned char* dest, unsigned char* src, uint32_t length)
+uint32_t base64_decoding_wrapper(unsigned char* dest, const char* src, uint32_t length)
-        int length_with_padding = EVP_DecodeBlock(dest, src, length);
+        int length_with_padding = EVP_DecodeBlock(dest, (const unsigned char*) src, length);
         if(length_with_padding == -1)
                 return length_with_padding;
         char* first_equals_character = strstr((char*)src, "=");

+ 1 - 1

@@ -1,3 +1,3 @@
 int aes_gcm_128(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, unsigned char* tag); 
 uint32_t base64_encoding_wrapper(unsigned char* dest, unsigned char* src, uint32_t length);
-uint32_t base64_decoding_wrapper(unsigned char* dest, unsigned char* src, uint32_t length);
+uint32_t base64_decoding_wrapper(unsigned char* dest, const char* src, uint32_t length);

+ 11 - 11

@@ -77,13 +77,14 @@ class Mitigator : public Php::Base
 			// gettimeofday(&tv1, NULL);
-            uint32_t ret_status, counter;
-            size_t bytes_written;
+            uint32_t ret_status, counter, field_size;
             std::vector<std::string> binary_ciphertext_client_fields, plaintext_client_fields;
-            unsigned char *base64_client_field, *binary_ciphertext_client_field;
-            uint32_t field_size;
+            unsigned char *binary_ciphertext_client_field;
             Php::Object ret_object;
             Php::Array php_plaintext_client_fields;
+            const char* temp_ptr;
+            std::string temp_str;
 			if(params.size() < 2 )
@@ -92,23 +93,22 @@ class Mitigator : public Php::Base
                 return ret_object;
-            //field_size=params[0].size();
-            //base64_client_field = std::string(params[0], field_size).c_str();
-            /*
-            for (unsigned int i = 1; i < params.size(); i++)
+			binary_ciphertext_client_fields.push_back(params[0]);
+            for (unsigned int i = 0; i < params.size(); i++)
-                base64_client_field = std::string(params[i], field_size).c_str();
+                temp_ptr = params[i];
                 // upper limit - the binary data will always be smaller than this (base64 length ~= 4/3 * binary length)
                 binary_ciphertext_client_field = (unsigned char*) malloc(field_size);
-                ret_status = base64_decoding_wrapper(binary_ciphertext_client_field, base64_client_field, field_size);
+                ret_status = base64_decoding_wrapper(binary_ciphertext_client_field, temp_ptr, field_size);
                 if(ret_status <= 0)
                     ret_object["error"]="Could not perform base64 decoding correctly for the " + std::to_string(i) + "th argument.";
                     return ret_object;
-                binary_ciphertext_client_fields.push_back(std::string(binary_ciphertext_client_field, ret_status));
+                binary_ciphertext_client_fields.push_back(std::string(reinterpret_cast<const char*> (binary_ciphertext_client_field), ret_status));
             ret_status=decrypt_client_data_through_decryptor(binary_ciphertext_client_fields, plaintext_client_fields);