|
@@ -14,12 +14,14 @@ using namespace google::protobuf::io;
|
|
|
#include "protobufLAInitiator.h"
|
|
|
#include "../Decryptor/Decryptor_u.h"
|
|
|
#include <iostream>
|
|
|
+#include "LocalAttestationUntrusted.h"
|
|
|
|
|
|
-class LocalAttestationUntrusted {
|
|
|
- uint32_t session_id;
|
|
|
- protobuf_sgx_dh_msg1_t protobuf_msg1;
|
|
|
+ uint32_t LocalAttestationUntrusted::session_id=0;
|
|
|
+ protobuf_sgx_dh_msg1_t LocalAttestationUntrusted::protobuf_msg1;
|
|
|
|
|
|
- int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
|
+
|
|
|
+
|
|
|
+ int LocalAttestationUntrusted::read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
|
{
|
|
|
ZeroCopyInputStream* raw_input;
|
|
|
CodedInputStream* coded_input;
|
|
@@ -48,7 +50,7 @@ class LocalAttestationUntrusted {
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
|
+ int LocalAttestationUntrusted::write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
|
{
|
|
|
ZeroCopyOutputStream* raw_output = new FileOutputStream(accept_fd);
|
|
|
CodedOutputStream* coded_output = new CodedOutputStream(raw_output);
|
|
@@ -68,7 +70,7 @@ class LocalAttestationUntrusted {
|
|
|
}
|
|
|
|
|
|
// Sets up a socket to bind and listen to the given port. Returns FD of the socket on success, -1 on failure (and prints a msg to stdout with the errno)
|
|
|
- int set_up_socket_listen(int port, sockaddr_in* address)
|
|
|
+ int LocalAttestationUntrusted::set_up_socket(int port, sockaddr_in* address)
|
|
|
{
|
|
|
int server_fd = 0;
|
|
|
|
|
@@ -104,7 +106,7 @@ class LocalAttestationUntrusted {
|
|
|
return server_fd;
|
|
|
}
|
|
|
|
|
|
- uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd)
|
|
|
+ uint32_t LocalAttestationUntrusted::local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd)
|
|
|
{
|
|
|
uint32_t protobuf_sgx_ret;
|
|
|
protobuf_sgx_dh_msg2_t protobuf_msg2;
|
|
@@ -118,7 +120,7 @@ class LocalAttestationUntrusted {
|
|
|
|
|
|
// TODO: Edit function signature in the definition: last argument read_or_write is used to control the flow of the untrusted program:
|
|
|
// no point in doing this as it is untrusted. Have an attribute in its class for it..
|
|
|
- protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &session_id);
|
|
|
+ protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &LocalAttestationUntrusted::session_id);
|
|
|
if(protobuf_sgx_ret != 0)
|
|
|
{
|
|
|
printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
|
|
@@ -129,7 +131,7 @@ class LocalAttestationUntrusted {
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- int decrypt_client_data(uint32_t own_enclave_id, int fd)
|
|
|
+ int LocalAttestationUntrusted::decrypt_client_data(uint32_t own_enclave_id, int fd)
|
|
|
{
|
|
|
protobuf_post_LA_encrypted_msg_t protobuf_msg;
|
|
|
unsigned char* protobuf_msg_ptr;
|
|
@@ -159,7 +161,7 @@ class LocalAttestationUntrusted {
|
|
|
|
|
|
// We assume that the output is not changed unless it is successful throughout.
|
|
|
// Return value is not sent back..
|
|
|
- Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext, &output_ciphertext_plus_tag_length);
|
|
|
+ Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext_plus_tag, &output_ciphertext_plus_tag_length);
|
|
|
free(input_ciphertext_plus_tag);
|
|
|
protobuf_msg.set_msg((void*) output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
free(output_ciphertext_plus_tag);
|
|
@@ -168,12 +170,12 @@ class LocalAttestationUntrusted {
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- public:
|
|
|
- int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) //, int port)
|
|
|
+
|
|
|
+ int LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) //, int port)
|
|
|
{
|
|
|
uint32_t protobuf_sgx_ret;
|
|
|
int temp_server_fd=0;
|
|
|
- protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, session_id);
|
|
|
+ protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &LocalAttestationUntrusted::session_id);
|
|
|
if(protobuf_sgx_ret != 0)
|
|
|
{
|
|
|
printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
|
|
@@ -181,14 +183,14 @@ class LocalAttestationUntrusted {
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- int setup_socket_for_local_attestation_requests(int port)
|
|
|
+ int LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(int port)
|
|
|
{
|
|
|
struct sockaddr_in own_addr;
|
|
|
return set_up_socket(port, &own_addr);
|
|
|
}
|
|
|
|
|
|
// TODO: CHANGED SIGNATURE.
|
|
|
- int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int* accept_fd)
|
|
|
+ int LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int* accept_fd)
|
|
|
{
|
|
|
uint32_t protobuf_sgx_ret;
|
|
|
struct sockaddr_storage apache_addr;
|
|
@@ -203,19 +205,19 @@ class LocalAttestationUntrusted {
|
|
|
}
|
|
|
*accept_fd=temp_accept_fd;
|
|
|
|
|
|
- protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, accept_fd);
|
|
|
+ protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
|
|
|
return protobuf_sgx_ret;
|
|
|
}
|
|
|
|
|
|
- int post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd)
|
|
|
+ int LocalAttestationUntrusted::post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd)
|
|
|
{
|
|
|
uint32_t protobuf_sgx_ret;
|
|
|
uint8_t encrypted_apache_mrsigner_and_tag[48];
|
|
|
size_t bytes_read;
|
|
|
-
|
|
|
+ int count;
|
|
|
printf("Here\n"); fflush(stdout);
|
|
|
bytes_read=read(accept_fd, encrypted_apache_mrsigner_and_tag, 48);
|
|
|
- if(bytes_read_post_la!=48)
|
|
|
+ if(bytes_read!=48)
|
|
|
{
|
|
|
printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout);
|
|
|
close(accept_fd);
|
|
@@ -226,20 +228,33 @@ class LocalAttestationUntrusted {
|
|
|
printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
|
|
|
printf("\n");fflush(stdout);
|
|
|
|
|
|
- Decryptor_process_verifiers_message_wrapper(own_enclave_id, &sgx_ret, encrypted_apache_mrsigner_and_tag);
|
|
|
- if(sgx_ret!=0)
|
|
|
+ Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag);
|
|
|
+ if(protobuf_sgx_ret!=0)
|
|
|
{
|
|
|
- printf("Error in decryption: 0x%x\n", sgx_ret); fflush(stdout);
|
|
|
+ printf("Error in decryption: 0x%x\n", protobuf_sgx_ret); fflush(stdout);
|
|
|
close(accept_fd);
|
|
|
- return sgx_ret;
|
|
|
+ return protobuf_sgx_ret;
|
|
|
}
|
|
|
|
|
|
printf("Successful decryption\n"); fflush(stdout);
|
|
|
close(accept_fd);
|
|
|
+ uint8_t output[64];
|
|
|
+ Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output);
|
|
|
+ uint32_t counter;
|
|
|
+ for(counter=0; counter<32; counter++)
|
|
|
+ printf("0x%x ", output[counter]);
|
|
|
+ printf("/n");
|
|
|
+ for(counter=32; counter<64; counter++)
|
|
|
+ printf("0x%x ", output[counter]);
|
|
|
+ printf("/n");
|
|
|
+
|
|
|
+ fflush(stdout);
|
|
|
+
|
|
|
return 0;
|
|
|
+
|
|
|
}
|
|
|
|
|
|
- int post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd)
|
|
|
+ int LocalAttestationUntrusted::post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd)
|
|
|
{
|
|
|
protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
|
|
|
uint8_t encrypted_sign_data_and_sign_and_tag[176];
|
|
@@ -247,9 +262,9 @@ class LocalAttestationUntrusted {
|
|
|
memset(encrypted_sign_data_and_sign_and_tag,0x0,176);
|
|
|
uint32_t internal_return_status;
|
|
|
uint32_t count;
|
|
|
- sgx_status_t sgx_ret;
|
|
|
+ uint32_t sgx_ret;
|
|
|
|
|
|
- Decryptor_encrypt_mitigator_header_H_to_apache_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag);
|
|
|
+ Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag);
|
|
|
if(sgx_ret!=0)
|
|
|
{
|
|
|
printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout);
|
|
@@ -279,4 +294,4 @@ class LocalAttestationUntrusted {
|
|
|
return internal_return_status;
|
|
|
|
|
|
return 0; }
|
|
|
-};
|
|
|
+
|