Can generate ecdsa keypair now (not seal to disk).

App/App.cpp

@@ -707,8 +707,8 @@ uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused))  sgx_
   free(sgx_sealed_msg);
   return ret_status;
 }
-
-uint32_t create_and_seal_signing_key_pair_to_disk(int fd, sgx_ec256_public_t* pub_key, uint32_t* actual_sealed_msg_length)
+*/
+uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int fd, sgx_ec256_public_t* pub_key, uint32_t* actual_sealed_msg_length)
 {
   uint32_t ret_status;
   // Generating a signing ECDSA key to sign the encryption key.
@@ -719,7 +719,7 @@ uint32_t create_and_seal_signing_key_pair_to_disk(int fd, sgx_ec256_public_t* pu
   printf("%x bytes for sealed msg\n", *actual_sealed_msg_length); fflush(stdout); 
   uint8_t* sealed_data=(uint8_t*) malloc(*actual_sealed_msg_length);
   printf("Made call to sgx_calc_sealed_data_size\n");  fflush(stdout); 
-  Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, (sgx_ec256_public_t*)pub_key, actual_sealed_msg_length, sealed_data);
+  Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, actual_sealed_msg_length, sealed_data);
   if(ret_status != SGX_SUCCESS)
   {
     printf("create_and_seal called returned an error: %x", ret_status); 
@@ -727,11 +727,11 @@ uint32_t create_and_seal_signing_key_pair_to_disk(int fd, sgx_ec256_public_t* pu
     return 0xFFFFFFFF;
   }
   printf("It returned sgx_success\n"); fflush(stdout); 
-  ret_status = write_to_fd(fd, sealed_data, actual_sealed_msg_length);
+/*  ret_status = write_to_fd(fd, sealed_data, actual_sealed_msg_length);
   free(sealed_data);
-  return ret_status;
+  return ret_status;*/ return 0; 
 }
-*/
+
 int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 {
     uint32_t ret_status;
@@ -740,10 +740,10 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     int launch_token_updated;
     sgx_launch_token_t launch_token;
 //    uint8_t* pub_key = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE);
-//    sgx_ec256_public_t pub_key; 
+    sgx_ec256_public_t pub_key; 
     
 
-  //  uint32_t actual_sealed_msg_length;
+  uint32_t actual_sealed_msg_length;
     status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
     if(status != SGX_SUCCESS)
     {
@@ -758,7 +758,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 	printf("local attestation did not successfully return: %x\n", ret_status); fflush(stdout); return 0xFFFFFFFF; 
 
     }
-/*    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
+    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
     if(sealed_signing_key_fd == -1)
     {
       perror("\nError in opening the file sealed_signing_key.txt - ");
@@ -784,7 +784,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
       printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
       fflush(stdout);
     }
-    else {
+/*    else {
       start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
       if(actual_sealed_msg_length == 0)
         actual_sealed_msg_length = end - start;

LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -108,11 +108,11 @@ ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
         return status;
     }
     memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
-    return sgx_seal_data(0, NULL, 0, NULL, 0, NULL); 
+    //return sgx_seal_data(0, NULL, 0, NULL, 0, NULL); 
     //Store the session information under the correspoding source enlave id key
     //    g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
 
-//    return status;
+    return status;
 }
 
 //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
@@ -182,6 +182,113 @@ ATTESTATION_STATUS exchange_report(
 
     return status;
 }
+
+uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
+{
+  sgx_status_t se_ret; sgx_status_t se_ret2;
+  //create ECC context
+  ecc_state = NULL;
+  se_ret = sgx_ecc256_open_context(&ecc_state);
+  if(SGX_SUCCESS != se_ret)
+    return se_ret;
+
+  // generate private key and public key
+  se_ret = sgx_ecc256_create_key_pair(priv_key, pub_key, ecc_state);
+  se_ret2 = sgx_ecc256_close_context(ecc_state);
+
+  if(SGX_SUCCESS != se_ret && se_ret2!= SGX_SUCCESS) // something weird has happened - couldn't shut it down.
+    return 0xFFFFFFFF;
+  return SGX_SUCCESS;
+}
+
+// todo: set to private
+void serialize_signing_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string)
+{
+  uint32_t counter;
+  for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+    *(private_public_key_string+counter)=signing_priv_key->r[counter];
+
+  for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
+    *(private_public_key_string+counter)=pub_key->gx[counter-SGX_ECP256_KEY_SIZE];
+
+  for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
+    *(private_public_key_string+counter)=pub_key->gy[counter-2*SGX_ECP256_KEY_SIZE];
+}
+
+
+// todo: set to private
+void deserialize_string_to_public_private_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key)
+{
+  uint32_t counter;
+  for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+    signing_priv_key->r[counter]=*(private_public_key_string+counter);
+
+  for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
+    pub_key->gx[counter-SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
+
+  for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
+    pub_key->gy[counter-2*SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
+}
+
+
+uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length, __attribute__((unused)) uint8_t* sealed_data)
+{
+    uint32_t ret_status;
+    ret_status=create_ecdsa_key_pair(pub_key, &signing_priv_key);
+    if(ret_status!=SGX_SUCCESS)
+       return ret_status;
+    // generating the entire string as there is no SGX function to generate the public key from the private one.
+    // uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
+//    uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
+    // serializing keypair to string
+//    serialize_signing_key_pair_to_string(pub_key, &signing_priv_key, private_public_key_string);
+    // sealing serialized keypair to disk
+//    ret_status = sgx_unseal_data(NULL /*(sgx_sealed_data_t*)sealed_data2*/, NULL, 0, NULL  /*temp_plaintext*/ ,0 /*&expected_plaintext_msg_length*/);
+  // sgx_seal_data(0, NULL,  3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2);
+  //  free(sealed_data2);
+  //  free(private_public_key_string);
+//    return ret_status;
+	return SGX_SUCCESS; 
+
+}
+
+
+uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused))  uint8_t* sealed_data, __attribute__((unused))   uint32_t* sgx_sealed_data_length)
+{
+	return SGX_SUCCESS; 
+
+}
+
+
+void calculate_sealed_data_size(uint32_t input_size, uint32_t* output_size) 
+{
+	*output_size=sgx_calc_sealed_data_size(0, input_size);
+
+}
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 /*
 uint32_t create_ecdsa_key_pair( sgx_ec256_public_t* pub_key ) 
 {

LocalAttestationCode/LocalAttestationCode.edl

@@ -38,9 +38,16 @@ enclave  {
         public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
 //	public uint32_t create_ecdsa_signing_key_pair(); 
 //	public uint32_t create_ecdsa_signing_key_pair([in, out]sgx_ec256_public_t* pub_key);
+        public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in, out] uint32_t* sealed_data_length, [out] uint8_t* sealed_data);
+        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in] uint8_t* sealed_data, [in] uint32_t* sealed_data_length);
+        uint32_t create_ecdsa_key_pair([out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key);
+void serialize_signing_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out] uint8_t* private_public_key_string);
+        void deserialize_string_to_public_private_key_pair([in] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
+        public uint32_t end_session();
+        void calculate_sealed_data_size(uint32_t input_size, [out] uint32_t* output_size);
 
         // public uint32_t generate_response([in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
-        public uint32_t end_session();
+//        public uint32_t end_session();
     };
     untrusted{
     /*