Working (compiles, links) commit with stubs.

+ Got rid of the "local attestation library" and included its ecalls
within the decryptor edl. Brought over its class file to the main
codebase. Yet to refactor the part where it calls back into the function
call verify_peer_enclave_trust. Plus sort out the static/instance thing
of LA class.

+ Moved the Openssl crypto cpp file to the decryptor as it is not used
elsewhere (within the main app).

+ Fixed the places where headers are included for protobufs and have a
main folder for all .h files for untrusted, trusted includes. For
the autogenerated protobuf cpp file, I can't make it point to its own
protobuf file in another folder (without changing cpp file), so removed
the protobuf subfolder.

App/App.cpp

@@ -1,7 +1,7 @@
 #include <stdio.h>
+#include "../Decryptor/Decryptor_u.h"
 #include "UntrustedInclude/LocalAttestationUntrusted.h"
 #include "UntrustedInclude/SealingUntrusted.h"
-#include "../Decryptor/Decryptor_u.h"
 #include "sgx_eid.h"
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
@@ -13,6 +13,7 @@
 
 int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 {
+    sgx_enclave_id_t enclave_id = 0;
     uint32_t ret_status;
     sgx_status_t status;
     // For sgx setup
@@ -22,25 +23,25 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     int server_fd, accept_fd;
     uint8_t verification_key[64];
 
-    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
+    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_id, NULL);
     if(status != SGX_SUCCESS)
     {
         printf("\nLoad Enclave Failure");
         return -1;
     }
-    printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
+    printf("\nDecryptor - EnclaveID %" PRIx64, enclave_id);
     fflush(stdout);
 
-    ret_status = SealingUntrusted::look_for_signing_key_or_regenerate_it("sealed_signing_key.txt");
+    ret_status = SealingUntrusted::look_for_signing_key_or_regenerate_it(enclave_id, "sealed_signing_key.txt");
     if(ret_status != 0)
     {
         printf("Some error \n");
         fflush(stdout);
-        sgx_destroy_enclave(e2_enclave_id);
+        sgx_destroy_enclave(enclave_id);
         return 0xFFFFFFFF;
     }
 
-	Decryptor_get_long_term_verification_key_wrapper(e2_enclave_id, verification_key); 
+	Decryptor_get_long_term_verification_key_wrapper(enclave_id, verification_key); 
 	printf("Verification key\n"); fflush(stdout);
 	for(counter=0;counter<32;counter++)
 		printf("%02x", verification_key[counter]);
@@ -49,10 +50,10 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 	    printf("%02x", verification_key[counter + 32]);
 	printf("\n"); fflush(stdout);
 
-    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(e2_enclave_id);
+    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(enclave_id);
     if(ret_status !=0)
     {
-      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
+      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(enclave_id);
       return ret_status;
     }
 
@@ -60,26 +61,26 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     if(server_fd <=0)
     {
       printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return server_fd;
     }
     printf("Successfully set up a socket to communicate with the verifier enclave.\n");
     fflush(stdout);
 
     // LA with the verifier
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id, server_fd, &accept_fd);
+    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id, server_fd, &accept_fd);
     if(ret_status!=0)
     {
       printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0x32;
     }
 
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(e2_enclave_id, accept_fd);
+    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(enclave_id, accept_fd);
     if(ret_status!=0)
     {
       printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0x33;
     }
 
@@ -88,29 +89,29 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     if(server_fd <=0)
     {
       printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0x34;
     }
     printf("Successfully set up a socket to communicate with the Apache enclave.\n");
     fflush(stdout);
 
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,server_fd,&accept_fd);
+    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id,server_fd,&accept_fd);
     if(ret_status != 0)
     {
       printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0x35;
     }
 
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(e2_enclave_id,accept_fd);
+    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(enclave_id,accept_fd);
     if(ret_status!=0)
     {
       printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0x36;
     }
 
-    sgx_destroy_enclave(e2_enclave_id);
+    sgx_destroy_enclave(enclave_id);
 
     return 0;
 }

App/FileIO.cpp

@@ -16,7 +16,7 @@ namespace FileIO {
             return errno;
         */
 
-    int write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+    int write_to_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
     {
         ssize_t bytes_written;
         lseek(fd, 0, SEEK_SET);
@@ -30,7 +30,7 @@ namespace FileIO {
         return 0;
     }
 
-    int read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+    int read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
     {
         ssize_t bytes_read;
         lseek(fd, 0, SEEK_SET);

App/LocalAttestationUntrusted.cpp

@@ -1,6 +1,5 @@
 #include "LocalAttestationUntrusted.h"
 
-
 namespace LocalAttestationUntrusted {
     namespace {
         uint32_t session_id = 0;
@@ -20,8 +19,8 @@ namespace LocalAttestationUntrusted {
             if (protobufReadWrite::read_protobuf_msg_from_fd(accept_fd, protobuf_msg2) != 0)
                 return 0x2;
 
-            protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3,
-                                                                                  &session_id);
+            protobuf_sgx_ret = protobufLAInitiator::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id,
+                    protobuf_msg2, protobuf_msg3, &session_id);
             if (protobuf_sgx_ret != 0) {
                 printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret);
                 fflush(stdout);
@@ -168,7 +167,7 @@ namespace LocalAttestationUntrusted {
     int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id)
     {
         uint32_t protobuf_sgx_ret;
-        protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id);
+        protobuf_sgx_ret = protobufLAInitiator::generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id);
         if (protobuf_sgx_ret != 0) {
             printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret);
             fflush(stdout);
@@ -206,12 +205,13 @@ namespace LocalAttestationUntrusted {
         uint32_t protobuf_sgx_ret;
         uint8_t encrypted_apache_mrsigner_and_tag[150];
         size_t bytes_read;
-        int count;
+        int count, ret_status;
 
         printf("Here\n");
         fflush(stdout);
-        bytes_read = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
-        if (bytes_read != 60) {
+        bytes_read = 60;
+        ret_status = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, &bytes_read);
+        if (ret_status != 0) {
             printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n");
             fflush(stdout);
             return 0xfe;

App/SealingUntrusted.cpp

@@ -7,18 +7,19 @@
 namespace SealingUntrusted {
 
     namespace {
-        int create_and_seal_signing_key_pair_to_disk(int fd)
+        int create_and_seal_signing_key_pair_to_disk(sgx_enclave_id_t enclave_id, int fd)
         {
-            uint32_t ret_status=0, length=0, counter=0;
+            uint32_t ret_status=0, counter=0;
+            size_t length=0;
             uint8_t* sealed_data;
 
-            Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
+            Decryptor_calculate_sealed_keypair_size_wrapper(enclave_id, &length);
             if(length == 0xFFFFFFFF)
                 return -31;
-            sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
+            sealed_data=(uint8_t*) malloc(length);
             printf("length: %d\n", length); fflush(stdout);
 
-            Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
+            Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, &length, sealed_data);
             if(ret_status != SGX_SUCCESS)
             {
                 printf("create_and_seal called returned an error: %x", ret_status);
@@ -35,9 +36,10 @@ namespace SealingUntrusted {
             return ret_status;
         }
 
-        int unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
+        int unseal_signing_key_pair_from_disk(sgx_enclave_id_t enclave_id, int fd, size_t sealed_msg_length_in_file)
         {
-            uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
+            uint32_t ret_status=0, counter=0;
+            size_t length=sealed_msg_length_in_file;
             uint8_t* sealed_data;
 
             sealed_data = (uint8_t*) malloc(sealed_msg_length_in_file);
@@ -53,28 +55,28 @@ namespace SealingUntrusted {
                 printf("%x ", *(sealed_data+counter));
             printf("\n");  fflush(stdout);
 
-            Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
+            Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, sealed_data, &length);
             free(sealed_data);
             return -1*ret_status; // ret_status is positive for error in sgx code.
         }
     }
 
-    int look_for_signing_key_or_regenerate_it(char* filename)
+    int look_for_signing_key_or_regenerate_it(sgx_enclave_id_t enclave_id, char* filename)
     {
         size_t sealed_key_size;
         uint32_t ret_status;
         int fd;
 
-        sealed_key_size = check_if_file_exists_return_size(filename, &fd);
+        sealed_key_size = FileIO::check_if_file_exists_return_size(filename, &fd);
         if(sealed_key_size == 0) // File is empty. create signing key pair.
         {
             printf("Creating new keypair.\n"); fflush(stdout);
-            ret_status = create_and_seal_signing_key_pair_to_disk(fd);
+            ret_status = create_and_seal_signing_key_pair_to_disk(enclave_id, fd);
         }
         else
         {
             printf("Unsealing keypair.\n"); fflush(stdout);
-            ret_status = unseal_signing_key_pair_from_disk(fd, sealed_key_size);
+            ret_status = unseal_signing_key_pair_from_disk(enclave_id, fd, sealed_key_size);
         }
         close(fd);
         return ret_status;

App/UntrustedInclude/FileIO.h

@@ -11,11 +11,14 @@
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <errno.h>
+#include <stdint.h> // For uint8_t* as argument.
+#include <unistd.h> // For lseek
+#include <stdio.h> // For fopen
 
 namespace FileIO {
-    int write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+    int write_to_fd(int fd, uint8_t* msg, size_t* expected_msg_length);
 
-    int read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+    int read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length);
 
     size_t check_if_file_exists_return_size(char* filename, int* fd_ptr);
 };

App/UntrustedInclude/LocalAttestationUntrusted.h

@@ -4,9 +4,10 @@
 #include <unistd.h>
 #include <stdio.h>
 #include "Ipc.h"
-#include "Protobufs/protobufLAInitiator.h"
-#include "Protobufs/protobufReadWrite.h"
-#include "Protobufs/PostLAMessages.pb.h"
+#include "protobufLAInitiator.h"
+#include "protobufReadWrite.h"
+#include "PostLAMessages.pb.h"
+#include "FileIO.h"
 
 namespace LocalAttestationUntrusted {
    int setup_socket_for_local_attestation_requests(int port);

App/UntrustedInclude/SealingUntrusted.h

@@ -5,11 +5,13 @@
 #ifndef DECRYPTORAPP_SEALINGUNTRUSTED_H
 #define DECRYPTORAPP_SEALINGUNTRUSTED_H
 // for sealing - sgx_calc_sealed_data_size
+#include "../../Decryptor/Decryptor_u.h"
 #include "sgx_tseal.h"
+#include "sgx_eid.h"
 #include "FileIO.h"
 
 namespace SealingUntrusted {
-    int look_for_signing_key_or_regenerate_it(char* filename);
+    int look_for_signing_key_or_regenerate_it(sgx_enclave_id_t enclave_id, char* filename);
 };
 
 #endif //DECRYPTORAPP_SEALINGUNTRUSTED_H

App/UntrustedInclude/Protobufs/protobufLAInitiator.h → App/UntrustedInclude/protobufLAInitiator.h

@@ -3,8 +3,8 @@
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
-#include "Protobufs/protobufSgxTransformsInitiator.h"
-#include "../Decryptor/Decryptor_u.h"
+#include "protobufSgxTransformsInitiator.h"
+#include "../../Decryptor/Decryptor_u.h"
 
 namespace protobufLAInitiator{
     int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);

App/UntrustedInclude/Protobufs/protobufSgxTransformsHelper.h → App/UntrustedInclude/protobufSgxTransformsHelper.h

@@ -4,7 +4,7 @@
 
 #ifndef DECRYPTORAPP_PROTOBUFSGXTRANSFORMSHELPER_H
 #define DECRYPTORAPP_PROTOBUFSGXTRANSFORMSHELPER_H
-#include "Protobufs/ProtobufLAMessages.pb.h"
+#include "ProtobufLAMessages.pb.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
 #include <stdio.h>

App/UntrustedInclude/Protobufs/protobufSgxTransformsInitiator.h → App/UntrustedInclude/protobufSgxTransformsInitiator.h

@@ -4,7 +4,7 @@
 
 #ifndef DECRYPTORAPP_PROTOBUFSGXTRANSFORMSINITIATOR_H
 #define DECRYPTORAPP_PROTOBUFSGXTRANSFORMSINITIATOR_H
-#include "Protobufs/protobufSgxTransformsHelper.h"
+#include "protobufSgxTransformsHelper.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
 #include <stdio.h>

App/protobufLAInitiator.cpp

@@ -1,4 +1,4 @@
-#include "Protobufs/protobufLAInitiator.h"
+#include "protobufLAInitiator.h"
 namespace protobufLAInitiator
 {
     int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1,

Decryptor/Decryptor.cpp

@@ -114,7 +114,7 @@
   }
 
   // EXTERNAL. DONE.
-  uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
+  uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(size_t* sealed_data_length, uint8_t* sealed_data)
   {
         uint32_t sgx_libcall_status;
         uint32_t internal_return_status;
@@ -153,7 +153,7 @@
     }
 
   // EXTERNAL. DONE.
-  uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
+  uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, size_t* sgx_sealed_data_length)
   {
       uint32_t temp_plaintext_length;
       uint8_t* temp_plaintext;
@@ -270,13 +270,12 @@
         return SGX_SUCCESS;
   }
 
-  void Decryptor::calculate_sealed_keypair_size(uint32_t* output_length)
+  void Decryptor::calculate_sealed_keypair_size(size_t* output_length)
   {
 	*output_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
 }
 
-
-	void Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
+    void Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
 	{
 		uint32_t counter;
 		for(counter=0; counter<32;counter++)
@@ -285,7 +284,7 @@
 			output[counter+32]=apache_mr_signer[counter];
 		}
 	}
-        void Decryptor::testing_get_short_term_public_key(uint8_t* output)
+	void Decryptor::testing_get_short_term_public_key(uint8_t* output)
 	{
 		hybridEncryptionBoxClient.get_public_key(output); 
 	}

Decryptor/Decryptor.edl

@@ -1,35 +1,60 @@
+/*
+ * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ *   * Redistributions of source code must retain the above copyright
+ *     notice, this list of conditions and the following disclaimer.
+ *   * Redistributions in binary form must reproduce the above copyright
+ *     notice, this list of conditions and the following disclaimer in
+ *     the documentation and/or other materials provided with the
+ *     distribution.
+ *   * Neither the name of Intel Corporation nor the names of its
+ *     contributors may be used to endorse or promote products derived
+ *     from this software without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+ * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+ * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+ * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+
 enclave {
     include "sgx_eid.h"
     include "sgx_tcrypto.h"
-    include "datatypes.h"
     include "../TrustedInclude/dh_session_protocol.h"
-    from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
 
+//from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
+    from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
     trusted {
-        public uint32_t session_request_wrapper([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
-        public uint32_t exchange_report_wrapper([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
-        public void calculate_sealed_keypair_size_wrapper([out, size=4] uint32_t* output_length);
-        #define SEALED_SIZE 656  // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
-        public uint32_t create_and_seal_long_term_signing_key_pair_wrapper([out, size=4] uint32_t* sealed_data_length, [out,size=SEALED_SIZE] uint8_t* sealed_data);
-        public uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper([in, size=SEALED_SIZE] uint8_t* sealed_data, [in, size=4] uint32_t* sgx_sealed_data_length);
-        public uint32_t create_and_encrypt_mitigator_header_H_wrapper([out, size=200] uint8_t* ciphertext_token_H_plus_tag, [out] uint32_t* length); // would be 188 in length
-          // Apache mrsigner = 32 bytes + tag on encryption = 16 bytes.
-          // public uint32_t decrypt_verifiers_message_set_apache_mrsigner_wrapper([in, size=60] uint8_t* ciphertext_plus_tag);
-          // NEED AT LEAST: 64 bytes for public key of client, plus 64 bytes of signature over it, plus 16 bytes of tag over any encryption = 144 bytes. Msg length = 144 bytes + Length of form field
-    	public uint32_t process_apache_message_generate_response_wrapper([in, size=4100] uint8_t* input_ciphertext,
-    	        uint32_t input_ciphertext_plus_tag_length, [out, size=4100] uint8_t* output_ciphertext,
-    	        [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
-        public uint32_t decrypt_client_data_wrapper([in, size=input_ciphertext_length] uint8_t* input_ciphertext,
-            uint32_t input_ciphertext_length,
-            [in, size=input_sizes_array_length] uint32_t* input_sizes_array,
-            uint32_t input_sizes_array_length);
-        public uint32_t process_verifiers_message_wrapper([in, size=60] uint8_t* input_ciphertext, uint32_t length);
-        public void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);
-	    public void get_short_term_public_key_wrapper([out, size=64] uint8_t* output);
-  	    public void get_long_term_verification_key_wrapper([out, size=64] uint8_t* output);
-	    public void get_apache_iv([out, size=12] uint8_t* output);
-    };
-    untrusted {
-        public uint32_t get_decrypted_client_data([in, size=array_length] uint8_t* array, uint32_t array_length);
-    };
+	public void calculate_sealed_keypair_size_wrapper([out] size_t* output_length);
+      #define SEALED_SIZE 656  // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
+      public uint32_t create_and_seal_long_term_signing_key_pair_wrapper([out] size_t* sealed_data_length, [out,size=SEALED_SIZE] uint8_t* sealed_data);
+      public uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper([in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sgx_sealed_data_length);
+      public uint32_t create_and_encrypt_mitigator_header_H_wrapper([out, size=200] uint8_t* ciphertext_token_H_plus_tag, [out] uint32_t* length); // would be 188 in length
+      // Apache mrsigner = 32 bytes + tag on encryption = 16 bytes.
+      // public uint32_t decrypt_verifiers_message_set_apache_mrsigner_wrapper([in, size=60] uint8_t* ciphertext_plus_tag);
+      // NEED AT LEAST: 64 bytes for public key of client, plus 64 bytes of signature over it, plus 16 bytes of tag over any encryption = 144 bytes. Msg length = 144 bytes + Length of form field
+      
+	public uint32_t process_apache_message_generate_response_wrapper([in, size=4100] uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, [out, size=4100] uint8_t* output_ciphertext, [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
+      public uint32_t process_verifiers_message_wrapper([in, size=60] uint8_t* input_ciphertext, uint32_t length);
+      public        void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);
+	public void get_short_term_public_key_wrapper([out, size=64] uint8_t* output); 
+  	public void get_long_term_verification_key_wrapper([out, size=64] uint8_t* output);
+	public void get_apache_iv([out, size=12] uint8_t* output);
+    public uint32_t session_request_wrapper([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
+    public uint32_t exchange_report_wrapper([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
+
+};
   };

Decryptor/DecryptorWrapper.cpp

@@ -2,7 +2,9 @@
 #include "../TrustedInclude/Decryptor.h"
 #include "Decryptor_t.h"
 
-uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
+uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext,
+        uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext,
+        uint32_t* output_ciphertext_plus_tag_length)
 {
   return Decryptor::process_apache_message_generate_response(input_ciphertext, input_ciphertext_plus_tag_length, output_ciphertext, output_ciphertext_plus_tag_length);
 }
@@ -17,17 +19,17 @@ uint32_t create_and_encrypt_mitigator_header_H_wrapper(uint8_t* ciphertext_token
   return Decryptor::create_and_encrypt_mitigator_header_H(ciphertext_token_H_plus_tag, length);
 }
 
-void calculate_sealed_keypair_size_wrapper(uint32_t* length)
+void calculate_sealed_keypair_size_wrapper(size_t* length)
 {
   Decryptor::calculate_sealed_keypair_size(length);
 }
 
-uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_data_length, uint8_t* sealed_data)
+uint32_t create_and_seal_long_term_signing_key_pair_wrapper(size_t* sealed_data_length, uint8_t* sealed_data)
 {
      return Decryptor::create_and_seal_long_term_signing_key_pair(sealed_data_length, sealed_data);
 }
 
-uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
+uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, size_t* sgx_sealed_data_length)
 {
   return Decryptor::unseal_and_restore_long_term_signing_key_pair(sealed_data, sgx_sealed_data_length);
 }
@@ -62,10 +64,12 @@ uint32_t decrypt_client_data_wrapper(uint8_t* input_ciphertext,
 
 uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
 {
-    return LA::session_request(dh_msg1, session_id);
+    // return LA::session_request(dh_msg1, session_id);
+    return 0;
 }
 
 uint32_t exchange_report_wrapper(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
 {
-    return LA::exchange_report(dh_msg2, dh_msg3, session_id);
+    // return LA::exchange_report(dh_msg2, dh_msg3, session_id);
+    return 0;
 }

Decryptor/LA.cpp

@@ -30,12 +30,8 @@
  */
 
 #include "../TrustedInclude/LA.h"
-class LA {
-    private:
-        dh_session_t global_session_info;
-
     //Handle the request from Source Enclave for a session
-    uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+    uint32_t LA::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
     {
         sgx_dh_session_t sgx_dh_session;
         sgx_status_t status = SGX_SUCCESS;
@@ -66,9 +62,8 @@ class LA {
         return 0;
     }
 
-    // TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
     //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
-    uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
+    uint32_t LA::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
     {
         sgx_key_128bit_t dh_aek;
         uint32_t status = 0;
@@ -81,7 +76,7 @@ class LA {
             return INVALID_PARAMETER_ERROR;
 
         if(global_session_info.status != IN_PROGRESS)
-            return INVALID_SESSION; // end_session(); // TODO: DA FUQ RETURN STH HERE.
+            return INVALID_SESSION;
 
         memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));
 
@@ -93,9 +88,9 @@ class LA {
             return status;
 
         //Verify source enclave's trust
-        verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
-        if(verify_return != 0)
-            return verify_return;
+        // verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
+        // if(verify_return != 0)
+        //    return verify_return;
 
         /*
         //save the session ID, status and initialize the session nonce
@@ -107,6 +102,3 @@ class LA {
         */
         return 0;
     }
-
-};
-

Makefile

@@ -66,29 +66,15 @@ else
 	SGX_COMMON_CFLAGS += -O2
 endif
 
-######## Library Settings ########
-
-#PHPTrust_Lib_Name := libPHPLocalAttestation_Trusted.a
-#PHPTrustLib_Cpp_Files := $(wildcard PHPLocalAttestationCode/*.cpp)
-#PHPTrustLib_Cpp_Objects := $(PHPTrustLib_Cpp_Files:.cpp=.o)
-#PHPTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude
-#PHPTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths)
-#PHPTrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
+######## Library Settings ######## (cannot move down as both the app and the enclave need the library path for sgxussl/sgxtssl_crypto libraries
+
 OPENSSL_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/lib64/
 OPENSSL_BAREBONES_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/openssl_source/openssl-1.1.0h/
 OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
 SGXSSL_Library_Name := sgx_tsgxssl
 SgxSSL_Link_Libraries := -L$(OPENSSL_LIBRARY_PATH) -Wl,--whole-archive -l$(SGXSSL_Library_Name) -Wl,--no-whole-archive -l$(OpenSSL_Crypto_Library_Name)
-#Security_Link_Flags := -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -pie
 OPENSSL_INCLUDES := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include
 
-
-
-Trust_Lib_Name := libLocalAttestation_Trusted.a
-TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude ./Include
-TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall
-TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
-
 ######## App Settings ########
 
 ifneq ($(SGX_MODE), HW)
@@ -98,7 +84,7 @@ else
 endif
 
 App_Cpp_Files := $(wildcard App/*.cpp)
-App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./UntrustedInclude
+App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./App/UntrustedInclude
 App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall -std=c++11
 # Three configuration modes - Debug, prerelease, release
 #   Debug - Macro DEBUG enabled.
@@ -137,7 +123,7 @@ endif
 Crypto_Library_Name := sgx_tcrypto
 
 Enclave_Cpp_Files_2 := $(wildcard Decryptor/*.cpp)
-Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
+Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude
 
 CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
 ifeq ($(CC_BELOW_4_9), 1)
@@ -166,6 +152,10 @@ Decryptor_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Decr
 Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
 Enclave_Name_2 := libDecryptor.so
 
+#TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude
+TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(Enclave_Include_Paths) -Wall
+TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
+
 
 ifeq ($(SGX_MODE), HW)
 ifeq ($(SGX_DEBUG), 1)
@@ -186,17 +176,16 @@ endif
 endif
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Decryptor.so $(App_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(UnTrustLib_Name) Decryptor.so $(App_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the enclaves (PHP.so, Decryptor.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclaves use the following commands:"
-	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <key1> -enclave PHP.so -out <$(Enclave_Name_1)> -config PHP/PHP.config.xml"
 	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <key2> -enclave Decryptor.so -out <$(Enclave_Name_2)> -config Decryptor/Decryptor.config.xml"
-#	@echo "   $(SGX_ENCLAVE_SIGNER) sign -key <key3> -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml"
 	@echo "You can also sign the enclaves using an external signing tool."
 	@echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW."
 else
-all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_2) $(App_Name)
+
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(UnTrustLib_Name) $(Enclave_Name_2) $(App_Name)
 ifeq ($(Build_Mode), HW_DEBUG)
 	@echo "The project has been built in debug hardware mode."
 else ifeq ($(Build_Mode), SIM_DEBUG)
@@ -214,32 +203,6 @@ endif
 	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Decryptor/*.o Decryptor/*_t.* Decryptor/*_u.* LocalAttestationCode/*.o LocalAttestationCode/*_t.* #Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.*
 	@touch .config_$(Build_Mode)_$(SGX_ARCH)
 
-######## Library Objects ########
-
-LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl
-	@cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include
-	@echo "GEN  =>  $@"
-
-LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c
-	@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
-	@echo "CC   <=  $<"
-
-LocalAttestationCode/LocalAttestationTrustedWrapper.o: LocalAttestationCode/LAWrapper.cpp LocalAttestationCode/LocalAttestationCode_t.h
-	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
-	@echo "CC   <= $<"
-
-LocalAttestationCode/LocalAttestationTrusted.o: Decryptor/LA.cpp LocalAttestationCode/LocalAttestationCode_t.h
-	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
-	@echo "CC   <= $<"
-
-$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o LocalAttestationCode/LocalAttestationTrustedWrapper.o LocalAttestationCode/LocalAttestationTrusted.o
-	@$(AR) rcs $@ $^
-	@echo "GEN  =>  $@"
-
-CommonOpensslCode/Openssl_crypto.o: CommonOpensslCode/Openssl_crypto.cpp
-	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
-	@echo "CXX  <=  $<"
-
 ######## App Objects ########
 Decryptor/Decryptor_u.c Decryptor/Decryptor_u.h: $(SGX_EDGER8R) Decryptor/Decryptor.edl
 	@cd Decryptor && $(SGX_EDGER8R) --use-prefix --untrusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
@@ -249,11 +212,11 @@ App/Decryptor_u.o: Decryptor/Decryptor_u.c
 	@$(CC) $(App_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-App/%.o: App/%.cpp Decryptor/Decryptor_u.h #Enclave3/Enclave3_u.h
+App/%.o: App/%.cpp Decryptor/Decryptor_u.h
 	@$(CXX) $(App_Compile_Flags) -c $< -o $@
 	@echo "CXX  <=  $<"
 
-$(App_Name): App/App.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxTransformsInitiator.o App/protobufSgxTransformsHelper.o App/protobufReadWrite.o  App/ProtobufLAMessages.pb.o App/PostLAMessages.pb.o App/Ipc.o App/Decryptor_u.o
+$(App_Name): App/App.o App/SealingUntrusted.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxTransformsInitiator.o App/protobufSgxTransformsHelper.o App/protobufReadWrite.o App/ProtobufLAMessages.pb.o App/PostLAMessages.pb.o App/Ipc.o App/FileIO.o App/Decryptor_u.o
 	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 
@@ -261,13 +224,9 @@ $(App_Name): App/App.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o
 
 
 ######## Enclave Objects ########
-Decryptor/Decryptor_t.c: $(SGX_EDGER8R) Decryptor/Decryptor.edl
-	@cd Decryptor && $(SGX_EDGER8R)  --use-prefix --trusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
-	@echo "GEN  =>  $@"
-
-Decryptor/Decryptor_t.o: Decryptor/Decryptor_t.c
-	@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
-	@echo "CC   <=  $<"
+Decryptor/Openssl_crypto.o: Decryptor/Openssl_crypto.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
+	@echo "CXX  <=  $<"
 
 Decryptor/%Box.o: Decryptor/%Box.cpp 
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
@@ -277,15 +236,27 @@ Decryptor/ECDHKeypair.o: Decryptor/ECDHKeypair.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
 	@echo "CXX   <=  $<"
 
-Decryptor/DecryptorWrapper.o: Decryptor/DecryptorWrapper.cpp
-	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+Decryptor/LA.o: Decryptor/LA.cpp
+	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
 	@echo "CXX  <=  $<"
 
 Decryptor/Decryptor.o: Decryptor/Decryptor.cpp #Decryptor/HybridEncryptionBox.cpp Decryptor/ECDSASignatureBox.cpp Decryptor/ECDHKeypair.cpp Decryptor/SymmetricEncryptionBox.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
 	@echo "CXX  <=  $<"
 
-Decryptor.so: Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o 
+Decryptor/DecryptorWrapper.o: Decryptor/DecryptorWrapper.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+	@echo "CXX  <=  $<"
+
+Decryptor/Decryptor_t.c: $(SGX_EDGER8R) Decryptor/Decryptor.edl
+	@cd Decryptor && $(SGX_EDGER8R)  --use-prefix --trusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+Decryptor/Decryptor_t.o: Decryptor/Decryptor_t.c
+	@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
+	@echo "CC   <=  $<"
+
+Decryptor.so: Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o Decryptor/LA.o Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o Decryptor/Openssl_crypto.o
 	@$(CXX) $^ -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"
 
@@ -297,4 +268,4 @@ $(Enclave_Name_2): Decryptor.so
 .PHONY: clean
 
 clean:
-	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Decryptor/*.o Decryptor/*_t.* Decryptor/*_u.* LocalAttestationCode/*.o LocalAttestationCode/*_t.* CommonOpensslCode/*.o 
+	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Decryptor/*.o Decryptor/*_t.* Decryptor/*_u.*

TrustedInclude/Decryptor.h

@@ -1,7 +1,6 @@
 #include "ECDSASignatureBox.h"
 #include "HybridEncryptionBox.h"
-#include "LocalAttestationTrusted.h"
-
+#include "LA.h"
 class Decryptor {
   static ECDSASignatureBox signatureBox;
   static HybridEncryptionBox hybridEncryptionBoxClient;
@@ -11,8 +10,7 @@ class Decryptor {
   static uint8_t apache_mr_signer[32];
   static uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
   static uint8_t first_decryption_output[1092]; // 1000 bytes of ciphertext data + 12 IV + 16 Tag + 64 clients public key
-  static uint8_t plaintext_client_data[1000]; 
-
+  static uint8_t plaintext_client_data[1000];
 
   static uint32_t create_mitigator_token_M(uint8_t* token);
   static uint32_t create_mitigator_header_H(uint8_t* signature_data_and_signature);
@@ -20,11 +18,11 @@ class Decryptor {
   static uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length);
   static uint32_t get_decrypted_client_data(uint8_t* array, uint32_t array_length);
 public:
-    static void calculate_sealed_keypair_size(uint32_t* output_length); 
+    static void calculate_sealed_keypair_size(size_t* output_length);
     static uint32_t verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek);
-    static uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data);
+    static uint32_t create_and_seal_long_term_signing_key_pair(size_t* sealed_data_length, uint8_t* sealed_data);
     static uint32_t create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag, uint32_t* length);
-    static uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
+    static uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, size_t* sgx_sealed_data_length);
     static uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag);
     static uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
     static uint32_t process_verifiers_message(uint8_t* input_ciphertext, uint32_t length);

TrustedInclude/DecryptorWrapper.h

@@ -1,7 +1,7 @@
 #include <stdint.h>
 uint32_t encrypt_mitigator_header_H_to_apache_wrapper(uint8_t* ciphertext_token_H_plus_tag);
-uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_data_length, uint8_t* sealed_data);
-uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
+uint32_t create_and_seal_long_term_signing_key_pair_wrapper(size_t* sealed_data_length, uint8_t* sealed_data);
+uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, size_t* sgx_sealed_data_length);
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
 uint32_t process_verifiers_message(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length);
 void get_short_term_public_key_wrapper(uint8_t* output);

TrustedInclude/LA.h

@@ -6,14 +6,17 @@
 #define DECRYPTORAPP_LA_H
 
 
-#include "Decryptor.h"
-#include "error_codes.h"
-#include "sgx_tcrypto.h"
-#include "sgx_report.h"
+#include "sgx_trts.h"
+#include "sgx_utils.h"
 #include "sgx_eid.h"
+#include "error_codes.h"
 #include "sgx_ecp_types.h"
+#include "dh_session_protocol.h"
 #include "sgx_dh.h"
-
+#include "sgx_tcrypto.h"
+//#include "sgx_report.h"
+#include "../Decryptor/Decryptor_t.h"
+#include "string.h"
 class LA
 {
 private:

TrustedInclude/dh_session_protocol.h

@@ -43,6 +43,9 @@
 #define MSG_BUF_LEN        sizeof(ec_pub_t)*2
 #define MSG_HASH_SZ        32
 
+#define CLOSED 0x0
+#define IN_PROGRESS 0x1
+#define ACTIVE 0x2
 
 //Session information structure
 typedef struct _la_dh_session_t

TrustedInclude/error_codes.h

@@ -31,7 +31,7 @@
 
 #ifndef ERROR_CODES_H_
 #define ERROR_CODES_H_
-
+#include <stdint.h>
 typedef uint32_t ATTESTATION_STATUS;
 
 #define SUCCESS                          0x00