|
@@ -39,15 +39,14 @@
|
|
|
#include<unistd.h>
|
|
|
// for sealing - sgx_calc_sealed_data_size
|
|
|
#include "sgx_tseal.h"
|
|
|
-
|
|
|
+#include "LocalAttestationUntrusted.h"
|
|
|
|
|
|
|
|
|
// For reading from/writing to file -sealing.
|
|
|
#include <fcntl.h>
|
|
|
#include <sys/types.h>
|
|
|
#include <sys/stat.h>
|
|
|
-
|
|
|
-#include "LocalAttestationUntrusted.h"
|
|
|
+#include <errno.h>
|
|
|
|
|
|
//#define UNUSED(val) (void)(val)
|
|
|
#define TCHAR char
|
|
@@ -79,7 +78,7 @@ uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
-uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
|
|
|
+uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
|
|
|
{
|
|
|
ssize_t bytes_read;
|
|
|
lseek(fd, 0, SEEK_SET);
|
|
@@ -91,55 +90,54 @@ uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
|
|
|
}
|
|
|
|
|
|
|
|
|
-uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length)
|
|
|
+uint32_t unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
|
|
|
{
|
|
|
- uint32_t ret_status;
|
|
|
- uint8_t* sgx_sealed_msg;
|
|
|
- printf("expected read 0x%ld\n", *actual_sealed_msg_length);
|
|
|
- sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL)
|
|
|
- ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length);
|
|
|
+ uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
|
|
|
+ uint8_t* sealed_data;
|
|
|
+
|
|
|
+ sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
|
|
|
+ // May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
|
|
|
+ ret_status = read_from_fd(fd, sealed_data, &length);
|
|
|
if(ret_status != 0)
|
|
|
{
|
|
|
- free(sgx_sealed_msg);
|
|
|
+ free(sealed_data);
|
|
|
return 0xFFFFFFFF;
|
|
|
}
|
|
|
- printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status); fflush(stdout);
|
|
|
- size_t counter;
|
|
|
- for(counter=0;counter<*actual_sealed_msg_length;counter++)
|
|
|
- printf("%x ", *(sgx_sealed_msg+counter));
|
|
|
+
|
|
|
+ for(counter=0;counter<length;counter++)
|
|
|
+ printf("%x ", *(sealed_data+counter));
|
|
|
printf("\n"); fflush(stdout);
|
|
|
- Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length);
|
|
|
- free(sgx_sealed_msg);
|
|
|
+
|
|
|
+ Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
|
|
|
+ free(sealed_data);
|
|
|
return ret_status;
|
|
|
}
|
|
|
|
|
|
-uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused)) int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key)
|
|
|
+uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
|
|
|
{
|
|
|
- uint32_t ret_status;
|
|
|
- // Generating a signing ECDSA key to sign the encryption key.
|
|
|
- uint32_t length;
|
|
|
- Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
|
|
|
+ uint32_t ret_status=0, length=0, counter=0;
|
|
|
+ uint8_t* sealed_data;
|
|
|
+
|
|
|
+ Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
|
|
|
if(length == 0xFFFFFFFF)
|
|
|
return 0xFFFFFFFF;
|
|
|
- printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout);
|
|
|
- uint8_t* sealed_data=(uint8_t*) malloc(0x300);
|
|
|
- printf("Made call to sgx_calc_sealed_data_size\n"); fflush(stdout);
|
|
|
- Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data);
|
|
|
+ sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
|
|
|
+ printf("length: %d\n", length); fflush(stdout);
|
|
|
+
|
|
|
+ Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
|
|
|
if(ret_status != SGX_SUCCESS)
|
|
|
{
|
|
|
printf("create_and_seal called returned an error: %x", ret_status);
|
|
|
free(sealed_data);
|
|
|
return 0xFFFFFFFF;
|
|
|
}
|
|
|
- printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length;
|
|
|
-
|
|
|
+ printf("It returned sgx_success\n"); fflush(stdout);
|
|
|
+ for(counter=0; counter<length; counter++)
|
|
|
+ printf("%02x ", sealed_data[counter]);
|
|
|
ret_status = write_to_fd(fd, sealed_data, &length);
|
|
|
free(sealed_data);
|
|
|
-// if(ret_status > 0)
|
|
|
-// *actual_sealed_msg_length = ret_status;
|
|
|
-// return 0;
|
|
|
|
|
|
-return ret_status;
|
|
|
+ return ret_status;
|
|
|
}
|
|
|
|
|
|
int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
@@ -170,10 +168,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
|
}
|
|
|
printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
|
|
|
fflush(stdout);
|
|
|
-// int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
|
|
|
-// int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
|
|
|
struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
|
|
|
- //sealed_msg_length_in_file = st.st_size;
|
|
|
if(ret_status != 0)
|
|
|
{
|
|
|
perror("error in finding the file size. - ");
|
|
@@ -183,52 +178,27 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
|
}
|
|
|
sealed_msg_length_in_file = st.st_size;
|
|
|
if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
|
|
|
- {
|
|
|
// TODO: file is empty. create signing key pair.
|
|
|
// int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
|
|
|
- ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key);
|
|
|
- if(ret_status != 0)
|
|
|
+{ printf("Creating new keypair.\n"); fflush(stdout); ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd); }
|
|
|
+ else
|
|
|
+{ printf("Unsealing keypair.\n"); fflush(stdout); ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, sealed_msg_length_in_file); }
|
|
|
+
|
|
|
+ if(ret_status != 0)
|
|
|
{
|
|
|
- printf("\n error in generating the ecdsa signing key pair \n");
|
|
|
- fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
|
|
|
+ printf("Some error \n");
|
|
|
+// printf("\n %d error in generating the ecdsa signing key pair \n", errno);
|
|
|
+ fflush(stdout);
|
|
|
+sgx_destroy_enclave(e2_enclave_id);
|
|
|
|
|
|
return 0xFFFFFFFF;
|
|
|
- }
|
|
|
- fflush(stdout);
|
|
|
- printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
- printf("0x%x ",pub_key.gx[counter]);
|
|
|
- printf("\n");
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
- printf("0x%x ",pub_key.gy[counter]);
|
|
|
- printf("\n");
|
|
|
- fflush(stdout);
|
|
|
-// fflush(stdout);
|
|
|
- }
|
|
|
- else {
|
|
|
+ }
|
|
|
|
|
|
- ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file);
|
|
|
- if(ret_status != SGX_SUCCESS)
|
|
|
- {
|
|
|
- printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status);
|
|
|
- fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
|
|
|
-
|
|
|
- return 0xFFFFFFFF;
|
|
|
- }
|
|
|
- printf("\n Recovered the ecdsa key pair successfully - gx, gy\n");
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
- printf("%02x",pub_key.gx[31-counter]);
|
|
|
-// printf("\n");
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
- printf("%02x",pub_key.gy[31-counter]);
|
|
|
- printf("\n");
|
|
|
- fflush(stdout);
|
|
|
- }
|
|
|
|
|
|
close(sealed_signing_key_fd);
|
|
|
|
|
|
int server_fd;
|
|
|
- server_fd = prepare_local_attestation_as_responder_fd_and_msg1(own_enclave_id, 3824);
|
|
|
+ server_fd = LocalAttestationUntrusted::prepare_local_attestation_as_responder_fd_and_msg1(e2_enclave_id, 3824);
|
|
|
if(server_fd <=0)
|
|
|
{
|
|
|
printf("Error in setting up server socket."); fflush(stdout);
|
|
@@ -239,7 +209,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
|
fflush(stdout);
|
|
|
|
|
|
// LA with the verifier
|
|
|
- ret_status = local_attestation_as_responder_msg2_msg3(e2_enclave_id);
|
|
|
+ ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id, server_fd);
|
|
|
if(ret_status!=0)
|
|
|
{
|
|
|
printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
@@ -247,7 +217,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
|
return 0xFFFFFFFF;
|
|
|
}
|
|
|
|
|
|
- ret_status = post_local_attestation_with_verifier(e2_enclave_id);
|
|
|
+ ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(e2_enclave_id);
|
|
|
if(ret_status!=0)
|
|
|
{
|
|
|
printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
@@ -255,18 +225,18 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
|
|
|
return 0xFFFFFF01;
|
|
|
}
|
|
|
|
|
|
- ret_status = local_attestation_as_responder_msg2_msg3(e2_enclave_id);
|
|
|
- if(ret_status!=0)
|
|
|
+ server_fd = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,3825);
|
|
|
+ if(ret_status<=0)
|
|
|
{
|
|
|
- printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
|
+ printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
|
sgx_destroy_enclave(e2_enclave_id);
|
|
|
return 0xFFFFFFFF;
|
|
|
}
|
|
|
|
|
|
- ret_status = post_local_attestation_with_apache(e2_enclave_id);
|
|
|
+ ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(e2_enclave_id);
|
|
|
if(ret_status!=0)
|
|
|
{
|
|
|
- printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
|
+ printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
|
|
|
sgx_destroy_enclave(e2_enclave_id);
|
|
|
return 0xFFFFFF01;
|
|
|
}
|