|
|
@@ -42,197 +42,6 @@
|
|
|
#include <map>
|
|
|
|
|
|
#define UNUSED(val) (void)(val)
|
|
|
-/*
|
|
|
-std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
|
|
|
-
|
|
|
-static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
|
|
|
-
|
|
|
-//Function pointer table containing the list of functions that the enclave exposes
|
|
|
-const struct {
|
|
|
- size_t num_funcs;
|
|
|
- const void* table[1];
|
|
|
-} func_table = {
|
|
|
- 1,
|
|
|
- {
|
|
|
- (const void*)e2_foo1_wrapper,
|
|
|
- }
|
|
|
-};
|
|
|
-*/
|
|
|
-/*
|
|
|
-//Makes use of the sample code function to establish a secure channel with the destination enclave
|
|
|
-uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
|
|
|
- sgx_enclave_id_t dest_enclave_id)
|
|
|
-{
|
|
|
- ATTESTATION_STATUS ke_status = SUCCESS;
|
|
|
- dh_session_t dest_session_info;
|
|
|
- //Core reference code function for creating a session
|
|
|
- ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
|
|
|
- if(ke_status == SUCCESS)
|
|
|
- {
|
|
|
- //Insert the session information into the map under the corresponding destination enclave id
|
|
|
- g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
|
|
|
- }
|
|
|
- memset(&dest_session_info, 0, sizeof(dh_session_t));
|
|
|
- return ke_status;
|
|
|
-}
|
|
|
-
|
|
|
-//Makes use of the sample code function to do an enclave to enclave call (Test Vector)
|
|
|
-uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
|
|
|
- sgx_enclave_id_t dest_enclave_id)
|
|
|
-{
|
|
|
- ATTESTATION_STATUS ke_status = SUCCESS;
|
|
|
- param_struct_t *p_struct_var, struct_var;
|
|
|
- uint32_t target_fn_id, msg_type;
|
|
|
- char* marshalled_inp_buff;
|
|
|
- size_t marshalled_inp_buff_len;
|
|
|
- char* out_buff;
|
|
|
- size_t out_buff_len;
|
|
|
- dh_session_t *dest_session_info;
|
|
|
- size_t max_out_buff_size;
|
|
|
- char* retval;
|
|
|
-
|
|
|
- max_out_buff_size = 50;
|
|
|
- target_fn_id = 0;
|
|
|
- msg_type = ENCLAVE_TO_ENCLAVE_CALL;
|
|
|
-
|
|
|
- struct_var.var1 = 0x3;
|
|
|
- struct_var.var2 = 0x4;
|
|
|
- p_struct_var = &struct_var;
|
|
|
-
|
|
|
- //Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
|
|
|
- ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
-
|
|
|
- //Search the map for the session information associated with the destination enclave id passed in
|
|
|
- std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
|
- if(it != g_src_session_info_map.end())
|
|
|
- {
|
|
|
- dest_session_info = &it->second;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- return INVALID_SESSION;
|
|
|
- }
|
|
|
-
|
|
|
- //Core Reference Code function
|
|
|
- ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
|
- marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
|
-
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
-
|
|
|
- //Un-marshal the return value and output parameters from foo1 of Enclave3
|
|
|
- ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
-
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- SAFE_FREE(retval);
|
|
|
-
|
|
|
- return SUCCESS;
|
|
|
-}
|
|
|
-
|
|
|
-//Makes use of the sample code function to do a generic secret message exchange (Test Vector)
|
|
|
-uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
|
|
|
- sgx_enclave_id_t dest_enclave_id)
|
|
|
-{
|
|
|
- ATTESTATION_STATUS ke_status = SUCCESS;
|
|
|
- uint32_t target_fn_id, msg_type;
|
|
|
- char* marshalled_inp_buff;
|
|
|
- size_t marshalled_inp_buff_len;
|
|
|
- char* out_buff;
|
|
|
- size_t out_buff_len;
|
|
|
- dh_session_t *dest_session_info;
|
|
|
- size_t max_out_buff_size;
|
|
|
- char* secret_response;
|
|
|
- uint32_t secret_data;
|
|
|
-
|
|
|
- target_fn_id = 0;
|
|
|
- msg_type = MESSAGE_EXCHANGE;
|
|
|
- max_out_buff_size = 50;
|
|
|
- secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
|
|
|
-
|
|
|
- //Marshals the secret data into a buffer
|
|
|
- ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
- //Search the map for the session information associated with the destination enclave id passed in
|
|
|
- std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
|
- if(it != g_src_session_info_map.end())
|
|
|
- {
|
|
|
- dest_session_info = &it->second;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- return INVALID_SESSION;
|
|
|
- }
|
|
|
-
|
|
|
- //Core Reference Code function
|
|
|
- ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
|
|
|
- marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
-
|
|
|
- //Un-marshal the secret response data
|
|
|
- ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
|
|
|
- if(ke_status != SUCCESS)
|
|
|
- {
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- return ke_status;
|
|
|
- }
|
|
|
-
|
|
|
- SAFE_FREE(marshalled_inp_buff);
|
|
|
- SAFE_FREE(out_buff);
|
|
|
- SAFE_FREE(secret_response);
|
|
|
- return SUCCESS;
|
|
|
-}
|
|
|
-
|
|
|
-
|
|
|
-//Makes use of the sample code function to close a current session
|
|
|
-uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
|
|
|
- sgx_enclave_id_t dest_enclave_id)
|
|
|
-{
|
|
|
- dh_session_t dest_session_info;
|
|
|
- ATTESTATION_STATUS ke_status = SUCCESS;
|
|
|
- //Search the map for the session information associated with the destination enclave id passed in
|
|
|
- std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
|
|
|
- if(it != g_src_session_info_map.end())
|
|
|
- {
|
|
|
- dest_session_info = it->second;
|
|
|
- }
|
|
|
- else
|
|
|
- {
|
|
|
- return NULL;
|
|
|
- }
|
|
|
- //Core reference code function for closing a session
|
|
|
- ke_status = close_session(src_enclave_id, dest_enclave_id);
|
|
|
-
|
|
|
- //Erase the session information associated with the destination enclave id
|
|
|
- g_src_session_info_map.erase(dest_enclave_id)
|
|
|
- return ke_status;
|
|
|
-}
|
|
|
-*/
|
|
|
//Function that is used to verify the trust of the other enclave
|
|
|
//Each enclave can have its own way verifying the peer enclave identity
|
|
|
extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused)) sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
|
@@ -257,26 +66,6 @@ extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused)) sgx_dh_se
|
|
|
return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
|
|
|
}*/
|
|
|
// }
|
|
|
-//#include "stdlib.h"
|
|
|
-//#include "string"
|
|
|
-//#include "sgx_tcrypto.h"
|
|
|
-//int create_rsa_key_pair_for_signing_manifest(/*std::string& priv_key, std::string& pub_key*/)
|
|
|
-//{
|
|
|
-/* uint32_t ret_sgx;
|
|
|
- uint8_t* n=(uint8_t*)malloc(384);
|
|
|
- uint8_t* d=(uint8_t*)malloc(384);
|
|
|
- uint8_t* p=(uint8_t*)malloc(192);
|
|
|
- uint8_t* q=(uint8_t*)malloc(192);
|
|
|
- uint8_t* dmp1=(uint8_t*)malloc(192);
|
|
|
- uint8_t* dmq1=(uint8_t*)malloc(192);
|
|
|
- uint8_t* iqmp=(uint8_t*)malloc(192);
|
|
|
- int e=3;
|
|
|
-
|
|
|
- ret_sgx=sgx_create_rsa_key_pair(384, 4, n, d, (unsigned char*)&e, p, q, dmp1, dmq1, iqmp);
|
|
|
- free(n); free(d); free(p); free(q); free(dmp1); free(dmq1); free(iqmp);
|
|
|
- return ret_sgx;
|
|
|
-*/
|
|
|
-// Decryptor_
|
|
|
|
|
|
return SGX_SUCCESS;
|
|
|
//}
|
|
|
@@ -293,97 +82,6 @@ return SGX_SUCCESS;
|
|
|
}*/
|
|
|
return SUCCESS; //ENCLAVE_TRUST_ERROR;
|
|
|
}
|
|
|
-/*
|
|
|
-//Dispatch function that calls the approriate enclave function based on the function id
|
|
|
-//Each enclave can have its own way of dispatching the calls from other enclave
|
|
|
-extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
|
|
|
- size_t decrypted_data_length,
|
|
|
- char** resp_buffer,
|
|
|
- size_t* resp_length)
|
|
|
-{
|
|
|
- ms_in_msg_exchange_t *ms;
|
|
|
- uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
|
|
|
- if(!decrypted_data || !resp_length)
|
|
|
- {
|
|
|
- return INVALID_PARAMETER_ERROR;
|
|
|
- }
|
|
|
- ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
|
- if(ms->target_fn_id >= func_table.num_funcs)
|
|
|
- {
|
|
|
- return INVALID_PARAMETER_ERROR;
|
|
|
- }
|
|
|
- fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
|
|
|
- return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
|
|
|
- return 1;
|
|
|
-}
|
|
|
-
|
|
|
-//Operates on the input secret and generates the output secret
|
|
|
-uint32_t get_message_exchange_response(uint32_t inp_secret_data)
|
|
|
-{
|
|
|
- uint32_t secret_response;
|
|
|
-
|
|
|
- //User should use more complex encryption method to protect their secret, below is just a simple example
|
|
|
- secret_response = inp_secret_data & 0x11111111;
|
|
|
-
|
|
|
- return secret_response;
|
|
|
- return 0x1;
|
|
|
-}
|
|
|
-
|
|
|
-//Generates the response from the request message
|
|
|
-extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
|
|
|
- char** resp_buffer,
|
|
|
- size_t* resp_length)
|
|
|
-{
|
|
|
- ms_in_msg_exchange_t *ms;
|
|
|
- uint32_t inp_secret_data;
|
|
|
- uint32_t out_secret_data;
|
|
|
- if(!decrypted_data || !resp_length)
|
|
|
- {
|
|
|
- return INVALID_PARAMETER_ERROR;
|
|
|
- }
|
|
|
- ms = (ms_in_msg_exchange_t *)decrypted_data;
|
|
|
-
|
|
|
- if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
|
|
|
- return ATTESTATION_ERROR;
|
|
|
-
|
|
|
- out_secret_data = get_message_exchange_response(inp_secret_data);
|
|
|
-
|
|
|
- if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
|
|
|
- return MALLOC_ERROR;
|
|
|
-
|
|
|
- return SUCCESS;
|
|
|
-
|
|
|
-}
|
|
|
-
|
|
|
-static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
|
|
|
-{
|
|
|
- return(var1 + var2);
|
|
|
-}
|
|
|
-
|
|
|
-//Function which is executed on request from the source enclave
|
|
|
-static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
|
|
|
- size_t param_lenth,
|
|
|
- char** resp_buffer,
|
|
|
- size_t* resp_length)
|
|
|
-{
|
|
|
- UNUSED(param_lenth);
|
|
|
-
|
|
|
- uint32_t var1,var2,ret;
|
|
|
- if(!ms || !resp_length)
|
|
|
- {
|
|
|
- return INVALID_PARAMETER_ERROR;
|
|
|
- }
|
|
|
- if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
|
|
|
- return ATTESTATION_ERROR;
|
|
|
-
|
|
|
- ret = e2_foo1(var1, var2);
|
|
|
-
|
|
|
- if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
|
|
|
- return MALLOC_ERROR; //can set resp buffer to null here
|
|
|
-
|
|
|
- return SUCCESS;
|
|
|
-}
|
|
|
-*/
|
|
|
|
|
|
uint32_t foo()
|
|
|
{
|
dettanym