miti
/
Apache_PHP_extension


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180
							#include <phpcpp.h>
#include <string.h>
#include <string>
#include <unistd.h>
#include <errno.h>

//#include <fcntl.h>
//#include <sys/types.h>
//#include <sys/stat.h>
#include <stdio.h>

#include "crypto.h"
#include "ProtobufLAInitiator.h"
using namespace std;


// #include <unistd.h>
// based off the example functionreturnvalue.cpp in PHP-CPP

/**
 *  Namespace to use
 */
//using namespace std;

#define DECRYPTOR_PORT 3825
int local_attestation_successful=0;
int __ImageBase=0;

class Mitigator : public Php::Base
{
	private:
		static std::string mitigator_pubkey_header_value;
		static std::string mitigator_pubkey_header;
	public:
		Mitigator() = default;
		virtual ~Mitigator() = default;

		static void local_attestation_initiator_wrapper()
		{
			setbuf(stdout,NULL);
			uint32_t return_sgx, count, base64_encoded_token_H_length;
			unsigned char* base64_encoded_mitigator_header_and_value;

			base64_encoded_mitigator_header_and_value = (unsigned char*) malloc( 400  ); 
			//		unsigned char base64_encoded_mitigator_header[229] ; //216=(ceil(160/3) * 4) + 1 (for null character) + 21 for "Mitigator-Public-Key"
			memcpy(base64_encoded_mitigator_header_and_value, mitigator_pubkey_header.c_str(), mitigator_pubkey_header.length());
			return_sgx = local_attestation_initiator(DECRYPTOR_PORT);
			if(return_sgx != 0)
			{
				if(return_sgx== 0xFFFFFFFF)
				{
					perror("\nCould not set up the socket: had the following error: "); fflush(stderr);
				}
				else
				{
					printf("\nHad the following error in SGX local attestation: 0x%x", return_sgx);
					fflush(stdout);
				}
			}
			else {
				printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT);
				fflush(stdout);
				return_sgx= post_local_attestation_get_mitigator_header(base64_encoded_mitigator_header_and_value + mitigator_pubkey_header.length(),
					&base64_encoded_token_H_length);
				if(return_sgx != 0)
				{
					printf("\nHad the following error in SGX POST local attestation: 0x%x", return_sgx);
					fflush(stdout);
				}
				mitigator_pubkey_header_value=std::string((char*)base64_encoded_mitigator_header_and_value,mitigator_pubkey_header.length()+base64_encoded_token_H_length);
			}
			free(base64_encoded_mitigator_header_and_value); 
		}

		static Php::Value get_mitigator_header()
		{
			return mitigator_pubkey_header_value;
		}

		static Php::Value php_decrypt_wrapper(Php::Parameters &params   )
		{

			unsigned char* plaintext_user_data, * base64_client_ciphertext, *base64_client_public_key, *base64_client_data, *client_data;
			uint32_t plaintext_length, base64_client_ciphertext_length, base64_client_public_key_length, base64_client_data_length, client_data_length, ret_status, counter;
			std::string plaintext_user_data_str; 
			uint32_t old_client_data_length; 
			base64_client_ciphertext = (unsigned char*) static_cast<const char*>(params[1]);
			base64_client_public_key = (unsigned char*) static_cast<const char*>(params[0]);
			base64_client_ciphertext_length = params[1].size();
			base64_client_public_key_length = params[0].size();
			

			plaintext_user_data = (unsigned char*) malloc( base64_client_ciphertext_length );
			plaintext_length = base64_client_ciphertext_length;
			memcpy(plaintext_user_data, base64_client_ciphertext, base64_client_ciphertext_length);
			plaintext_user_data_str = std::string((char*) plaintext_user_data, base64_client_ciphertext_length); 

			printf("Base64 encoded key:\n");
			for(counter=0; counter < base64_client_public_key_length; counter++)
				printf("%c", base64_client_public_key[counter]);
			printf("\n"); fflush(stdout);

			printf("Ciphertext received:\n");
			for(counter=0; counter < base64_client_ciphertext_length; counter++ )
				printf("%c", base64_client_ciphertext[counter]);
			printf("\n"); fflush(stdout);
			
			client_data = (unsigned char*) malloc(base64_client_ciphertext_length + base64_client_public_key_length); 
			ret_status = base64_decoding_wrapper(client_data, base64_client_public_key, base64_client_public_key_length);
			if(ret_status<=0)
			{
                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
                                free(plaintext_user_data);
                                free(client_data);
                                return plaintext_user_data_str; 
			}
			client_data_length = ret_status; 
			old_client_data_length=client_data_length; 
			printf("Client public key:\n"); 
			for(counter=0; counter<client_data_length; counter++)
				printf("%d ", client_data[counter]);


                        ret_status = base64_decoding_wrapper(client_data + client_data_length, base64_client_ciphertext, base64_client_ciphertext_length);
                        if(ret_status<=0)
                        {
                                printf("Could not do base64 decoding correctly.\n"); fflush(stdout); 
                                free(plaintext_user_data);
                                free(client_data);
                                return plaintext_user_data_str; 
                        }
                        client_data_length += ret_status; 

			printf("\n Ciphertext from client:\n"); 
                        for(counter=old_client_data_length; counter<client_data_length; counter++)
                                printf("%d ", client_data[counter]);
			printf("\n"); fflush(stdout);
			
			ret_status=decrypt_client_data_through_decryptor(client_data, client_data_length, (unsigned char*) plaintext_user_data, &plaintext_length);
			if(ret_status != 0)
			{
				printf("Received error code: 0x%02x\n", ret_status); fflush(stdout);
				free(client_data);
				free(plaintext_user_data);
				return plaintext_user_data_str;
			}
			
			printf("Going to return this plaintext:\n");
			for(counter=0;counter<plaintext_length;counter++)
				printf("%c", plaintext_user_data[counter]);
			fflush(stdout);

			plaintext_user_data_str = std::string((char*) plaintext_user_data, plaintext_length);
			free(plaintext_user_data); 
			free(client_data); 
			return plaintext_user_data_str;
		}
};

std::string Mitigator::mitigator_pubkey_header_value=std::string("!");
std::string Mitigator::mitigator_pubkey_header=std::string("Mitigator-Public-Key:");
extern "C" {

    // export the "get_module" function that will be called by the Zend engine
    PHPCPP_EXPORT void *get_module()
    {
        // create extension
        static Php::Extension extension("decryptor_la_setup_and_decryption","1.0");

        Php::Class<Mitigator> mitigator("Mitigator");
	mitigator.method<&Mitigator::get_mitigator_header>("get_mitigator_header");
	mitigator.method<&Mitigator::local_attestation_initiator_wrapper>("local_attestation_initiator_wrapper");
	mitigator.method<&Mitigator::php_decrypt_wrapper>("php_decrypt_wrapper", { Php::ByVal("string", Php::Type::String), Php::ByVal("string", Php::Type::String) }   );
        extension.onStartup(&Mitigator::local_attestation_initiator_wrapper);
        // return the extension module
	extension.add(mitigator);
        return extension.module();
    }
}