Decryptor.so is compiled and linked now.

Decryptor/Decryptor.cpp

@@ -29,15 +29,26 @@
  *
  */
 
-
-// Enclave2.cpp : Defines the exported functions for the DLL application
 #include "Decryptor.h"
+#include "sgx_tseal.h"
+#include "sgx_tcrypto.h"
+#include "sgx_dh.h"
+#include "datatypes.h"
+#include "error_codes.h"
+
+
+        ECDSASignatureBox Decryptor::signatureBox; 
+        HybridEncryptionBox Decryptor::hybridEncryptionBoxClient; 
+        SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache; 
+        SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier;
+        uint8_t Decryptor::verifier_mr_enclave[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
+        uint8_t Decryptor::apache_mr_signer[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
 
    uint32_t Decryptor::create_mitigator_token_M(uint8_t* token)
   {
     uint32_t internal_return_status;
     uint32_t counter;
-    uint8_t verifier_mr_enclave[32];
     // create short-term ECDH key pair
     internal_return_status = hybridEncryptionBoxClient.generate_keypair();
     if(internal_return_status == NULL)
@@ -45,7 +56,6 @@
     hybridEncryptionBoxClient.get_public_key(token);
 
     // create token: concatenate short-term keypair with verifiers mrenclave.
-    LocalAttestationTrusted::get_verifier_mr_enclave(verifier_mr_enclave);
     for(counter=0;counter<32;counter++)
       *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];
 
@@ -59,7 +69,7 @@
     uint8_t local_signature_data[ECDH_PUBLIC_KEY_SIZE + 32];
     uint32_t counter;
     // Otherwise: DoS or possible bypass (fake verifier does LA  but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave  or whatever is in the memory.
-    if(LocalAttestationTrusted::one_successful_la_done() < 1)
+    if(LocalAttestationTrusted::get_one_successful_la_done() < 1)
       return 0xde;  //  This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
     internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data);
     if(internal_return_status != 0x0)
@@ -103,7 +113,7 @@
     ciphertext_length = total_length - ECDH_PUBLIC_KEY_SIZE - 16;
     tag = ciphertext + ciphertext_length;
 
-    internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(ciphertext, ciphertext_length, plaintext_client_data, &plaintext_client_data_length, tag);
+    internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext, ciphertext_length, plaintext_client_data, plaintext_client_data_length, tag);
     return internal_return_status;
   }
 
@@ -124,9 +134,8 @@
 
         internal_return_status = create_long_term_signing_keypair(private_public_key_string);
 
-    		temp_sealed_data = (uint8_t*) malloc(*temp_sealed_data_length);
-        sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
-        free(private_public_key_string); // first_decryption_output data - don't need it anymore, whether the call succeeds or fails.
+    	temp_sealed_data = (uint8_t*) malloc(temp_sealed_data_length);
+        sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
         if(sgx_libcall_status != SGX_SUCCESS)
         {
           free(temp_sealed_data);
@@ -135,6 +144,7 @@
 
         for(counter=0;counter<temp_sealed_data_length;counter++)
     			*(sealed_data + counter)=*(temp_sealed_data + counter);
+	*sealed_data_length = temp_sealed_data_length;
         free(temp_sealed_data);
         return 0;
     }
@@ -149,11 +159,11 @@
       uint32_t temp_ciphertext_token_H_length;
     	uint32_t internal_return_status;
 
-      internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + ECDH_PUBLIC_KEY_SIZE + 32);
+      internal_return_status = create_mitigator_header_H(sign_data_and_sign, sign_data_and_sign + ECDH_PUBLIC_KEY_SIZE + 32);
     	if(internal_return_status != 0)
       	return internal_return_status;
 
-      internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
       if(internal_return_status != 0)
         return internal_return_status;
 
@@ -198,7 +208,7 @@
         return ret_status;
       }
 
-      signatureBox.set_keypair(temp_plaintext);
+      signatureBox.set_private_public_key(temp_plaintext, temp_plaintext + ECDH_PRIVATE_KEY_SIZE);
       free(temp_plaintext);
       return 0;
     }
@@ -213,7 +223,7 @@
       uint8_t* tag;
 
       tag = ciphertext_plus_tag + 32;
-      internal_return_status = localAttestation.symmetricEncryptionBoxVerifier.encrypt_decrypt(0, ciphertext_plus_tag, 32, temp_apache_mrsigner, &temp_apache_mrsigner_length, tag);
+      internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, ciphertext_plus_tag, 32, temp_apache_mrsigner, &temp_apache_mrsigner_length, tag);
       if(internal_return_status != 0)
         return internal_return_status;
       if(temp_apache_mrsigner_length != 32)
@@ -227,14 +237,15 @@
     }
 
     // DONE.
-    uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
+    uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
     {
-      uint8_t* first_decryption_output, plaintext_client_data, temp_output_ciphertext;
-      uint32_t first_decryption_output_length, plaintext_client_data_length, temp_output_ciphertext_plus_tag_length, internal_return_status;
-      uint8_t temp_output_tag[16];
+      uint8_t *first_decryption_output, *plaintext_client_data, *temp_output_ciphertext;
+      uint32_t first_decryption_output_length, plaintext_client_data_length;
+	uint32_t temp_output_ciphertext_length, internal_return_status;
+      uint8_t temp_output_tag[16]; uint32_t counter; 
       // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
-      first_decryption_output = (uint8_t*) malloc(input_ciphertext_length + 10);
-      internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_length, first_decryption_output, &first_decryption_output_length, input_ciphertext + input_ciphertext_length - 16);
+      first_decryption_output = (uint8_t*) malloc(input_ciphertext_plus_tag_length);
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length, first_decryption_output, &first_decryption_output_length, input_ciphertext + input_ciphertext_plus_tag_length - 16);
       if(internal_return_status != 0)
       {
         free(first_decryption_output);
@@ -249,7 +260,7 @@
 
       temp_output_ciphertext = (uint8_t*) malloc(plaintext_client_data_length + 20);
       // then I will encrypt the resulting first_decryption_output to the apache enclave.
-      internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, temp_output_ciphertext, &temp_output_ciphertext_length, temp_output_tag);
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, temp_output_ciphertext, &temp_output_ciphertext_length, temp_output_tag);
       free(plaintext_client_data);
       if(internal_return_status != 0)
       {
@@ -258,8 +269,32 @@
       }
 
       for(counter=0; counter<temp_output_ciphertext_length; counter++)
-        output_ciphertext[counter] = temp_output_ciphertext[counter];
-      *output_ciphertext_length = temp_output_ciphertext_length + 16;
+        output_ciphertext_plus_tag[counter] = temp_output_ciphertext[counter];
       free(temp_output_ciphertext);
+      for(counter=0; counter<16;counter++)
+	output_ciphertext_plus_tag[counter] = temp_output_tag[counter];
+      *output_ciphertext_plus_tag_length = temp_output_ciphertext_length + 16;
       return 0;
     }
+
+uint32_t Decryptor::verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek)
+{
+        uint32_t count; 
+        if(LocalAttestationTrusted::get_one_successful_la_done() == 0)
+        {
+                for(count=0; count<SGX_HASH_SIZE; count++)
+                        verifier_mr_enclave[count] = given_mr_enclave[count];
+		symmetricEncryptionBoxVerifier.set_symmetric_key(dhaek); 
+        }
+        else // apache enclave
+        {
+                for(count=0; count<SGX_HASH_SIZE; count++)
+                {
+                        if( given_mr_signer[count] != apache_mr_signer[count] )
+                                return ENCLAVE_TRUST_ERROR;
+                }
+		symmetricEncryptionBoxApache.set_symmetric_key(dhaek); 
+        }
+        return SGX_SUCCESS;
+  }
+

Decryptor/Decryptor.edl

@@ -36,7 +36,7 @@ enclave {
     from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
     from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
     trusted {
-      #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
+      #define SEALED_SIZE 768  // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
       public uint32_t create_and_seal_long_term_signing_key_pair_wrapper([out] uint32_t* sealed_data_length, [out,size=SEALED_SIZE] uint8_t* sealed_data);
       public uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper([in, size=SEALED_SIZE] uint8_t* sealed_data, [in] uint32_t* sgx_sealed_data_length);
       public uint32_t create_and_encrypt_mitigator_header_H_wrapper([out, size=176] uint8_t* ciphertext_token_H_plus_tag);

Decryptor/Decryptor.h

@@ -1,34 +1,35 @@
-#include "sgx_eid.h"
-#include "sgx_tcrypto.h"
-#include "Decryptor_t.h"
-#include "error_codes.h"
-#include "sgx_thread.h"
-#include "sgx_dh.h"
 #include <map>
-#include "sgx_tcrypto.h"
-#include "LocalAttestationCode_t.h"
-#include "sgx_tseal.h"
-#include "Openssl_crypto.h"
 #include "ECDSASignatureBox.h"
 #include "HybridEncryptionBox.h"
 #include "LocalAttestationTrusted.h"
-#include "sgx_tseal.h"
 
 class Decryptor {
   static ECDSASignatureBox signatureBox;
   static HybridEncryptionBox hybridEncryptionBoxClient;
-  static LocalAttestationTrusted localAttestation;
-
+//  static LocalAttestationTrusted localAttestation;
+  static uint8_t verifier_mr_enclave[32]; // =  {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+  static SymmetricEncryptionBox symmetricEncryptionBoxApache;
+  static SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
+  static uint8_t apache_mr_signer[32]; // = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
   static uint32_t create_mitigator_token_M(uint8_t* token);
   static uint32_t create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature);
   static uint32_t create_long_term_signing_keypair(uint8_t* private_public_key_string);
   static uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length);
   public:
-//    Decryptor(): signatureBox(), hybridEncryptionBoxClient(), localAttestation();
-//    ~Decryptor();
+    static uint32_t verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek);
     static uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data);
     static uint32_t create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag);
     static uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
     static uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag);
     static uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
   };
+
+//ECDSASignatureBox Decryptor::signatureBox(); 
+//HybridEncryptionBox Decryptor::hybridEncryptionBoxClient(); 
+//SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache(); 
+//SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier();
+//uint8_t Decryptor::verifier_mr_enclave = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
+//uint8_t Decryptor::apache_mr_signer = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+
+
+

Decryptor/DecryptorWrapper.cpp

@@ -1,5 +1,16 @@
 #include <stdint.h>
 #include "Decryptor.h"
+#include "Decryptor_t.h" 
+/*void initialize()
+{
+	ECDSASignatureBox Decryptor::signatureBox(); 
+	HybridEncryptionBox Decryptor::hybridEncryptionBoxClient(); 
+	SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache(); 
+	SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier();
+	uint8_t Decryptor::verifier_mr_enclave = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
+	uint8_t Decryptor::apache_mr_signer = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+}
+*/
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
 {
   return Decryptor::process_apache_message_generate_response(input_ciphertext, input_ciphertext_plus_tag_length, output_ciphertext, output_ciphertext_plus_tag_length);

Decryptor/ECDSASignatureBox.cpp

@@ -12,5 +12,3 @@
     get_private_key(output_keypair); 
     get_public_key(output_keypair + ECDH_PRIVATE_KEY_SIZE); 
   }
-
-

Include/ECDHKeypair.h

@@ -7,14 +7,13 @@ class ECDHKeypair {
 private:  
   uint8_t private_key[ECDH_PUBLIC_KEY_SIZE];
   uint8_t public_key[ECDH_PUBLIC_KEY_SIZE];
-protected:
+public:
   void set_private_public_key(uint8_t* ip_private_key, uint8_t* ip_public_key); 
   void get_private_key(uint8_t* op_private_key); 
-public:
   uint32_t generate_keypair();
  
-	ECDHKeypair(); 
+//	ECDHKeypair(); 
 	void get_public_key(uint8_t* op_public_key); 
-
+//	~ECDHKeypair(); 
 };
 #endif

Include/ECDSASignatureBox.h

@@ -4,4 +4,6 @@ class ECDSASignatureBox : public ECDHKeypair {
 public:
   void get_keypair(uint8_t* output_keypair);
   uint32_t sign(uint8_t* signature_data, uint32_t signature_data_length, uint8_t* signature);
+//  ECDSASignatureBox(); 
+//  ~ECDSASignatureBox();
   };

Include/HybridEncryptionBox.h

@@ -3,4 +3,6 @@
 class HybridEncryptionBox : public ECDHKeypair, public SymmetricEncryptionBox {
   public:
     unsigned long initialize_symmetric_key(uint8_t* given_public_key); 
+//    HybridEncryptionBox(); 
+//    ~HybridEncryptionBox(); 
 };

LocalAttestationCode/LocalAttestationTrusted.h → Include/LocalAttestationTrusted.h

@@ -28,50 +28,36 @@
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
  */
-
-#include "sgx_trts.h"
-#include "sgx_utils.h"
-#include "sgx_eid.h"
-#include "error_codes.h"
+#ifndef LOCALATTESTATIONTRUSTED_H
+#define LOCALATTESTATIONTRUSTED_H
 #include "sgx_ecp_types.h"
-#include "sgx_thread.h"
 #include "dh_session_protocol.h"
-#include "sgx_dh.h"
-#include "sgx_tcrypto.h"
-#include "LocalAttestationCode_t.h"
-#include "sgx_tseal.h"
 #include "SymmetricEncryptionBox.h"
 #include <map> // for some reason, for memcpy, memset syscalls
-#ifndef LOCALATTESTATIONTRUSTED_H
-#define LOCALATTESTATIONTRUSTED_H
+#include "sgx_dh.h"
 
-#ifdef __cplusplus
-extern "C" {
-#endif
+//#ifdef __cplusplus
+//extern "C" {
+//#endif
 
 class LocalAttestationTrusted {
   static dh_session_t global_session_info;
   static uint32_t global_session_id;
   static uint32_t one_successful_la_done;
   static sgx_ecc_state_handle_t ecc_state;
-  static uint8_t verifier_mr_enclave[32];
-  static SymmetricEncryptionBox symmetricEncryptionBoxApache;
-  static SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
-  static uint8_t apache_mr_signer[32];
-  static uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
 public:
     static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
     static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id);
-    static void get_verifier_mr_enclave(uint8_t* op_mr_enclave);
-    static void set_apache_mr_signer(uint8_t* ip_mr_signer);
-    static uint32_t is_one_successful_la_done(); 
+    static uint32_t get_one_successful_la_done(); 
+
 //    LocalAttestationTrusted();
 };
 
+//	dh_session_t LocalAttestationTrusted::global_session_info; 
+//	uint32_t LocalAttestationTrusted::one_successful_la_done=0; 
 
-
-#ifdef __cplusplus
-}
-#endif
+//#ifdef __cplusplus
+//}
+//#endif
 
 #endif

Include/SymmetricEncryptionBox.h

@@ -7,10 +7,10 @@ class SymmetricEncryptionBox {
   // increments last 4 bytes (in big-endian order)
   uint32_t aes_gcm_increment_iv_internal_call(uint8_t* iv);
   public:
-    SymmetricEncryptionBox();
+//    SymmetricEncryptionBox();
     void set_symmetric_key(uint8_t* given_key);
     void get_symmetric_key(uint8_t* op_key); 
     uint32_t encrypt_decrypt(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length, uint8_t* tag);
-
+//    ~SymmetricEncryptionBox();
 };
 #endif

LocalAttestationCode/LocalAttestationTrusted.cpp

@@ -31,39 +31,20 @@
 
 // #include <stdint.h>
 #include "LocalAttestationTrusted.h"
-uint32_t LocalAttestationTrusted::is_one_successful_la_done()
-{
-  return one_successful_la_done;
-}
+#include "Decryptor.h" 
+#include "error_codes.h"
+#include "datatypes.h"
+#include "sgx_tcrypto.h"
+#include "sgx_dh.h"
+
+      dh_session_t LocalAttestationTrusted::global_session_info; 
+      uint32_t LocalAttestationTrusted::one_successful_la_done=0; 
 
 
-uint32_t LocalAttestationTrusted::verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
+uint32_t LocalAttestationTrusted::get_one_successful_la_done()
 {
-  	uint32_t count; sgx_measurement_t given_mr_signer ;
-  	if(!peer_enclave_identity)
-  	{
-  		return INVALID_PARAMETER_ERROR;
-  	}
-  	if(one_successful_la_done==0)
-  	{
-  		// TODO: Set this attribute in the decryptor object.
-                for(count=0; count<SGX_HASH_SIZE; count++)
-	 		verifier_mr_enclave[count] = peer_enclave_identity->mr_enclave.m[count];
-  		one_successful_la_done=1;
-  	}
-  	else // apache enclave
-  	{
-  		given_mr_signer = peer_enclave_identity->mr_signer;
-  		int count;
-  		for(count=0; count<SGX_HASH_SIZE; count++)
-  		{
-  			if( given_mr_signer.m[count] != apache_mr_signer[count] )
-  				return ENCLAVE_TRUST_ERROR;
-  		}
-      one_successful_la_done ++;
-  	}
-  	return SGX_SUCCESS;
-  }
+  return one_successful_la_done;
+}
 
 //Handle the request from Source Enclave for a session
 uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
@@ -124,14 +105,12 @@ uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh
           return status;
 
         //Verify source enclave's trust
-    	  verify_return = verify_peer_enclave_trust(&initiator_identity);
+    	verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
         if(verify_return != 0)
          return verify_return;
+	else
+		one_successful_la_done++; 
 
-    	  if(one_successful_la_done == 1)
-          symmetricEncryptionBoxVerifier.set_symmetric_key(dh_aek);
-      	else
-          symmetricEncryptionBoxApache.set_symmetric_key(dh_aek);
         /*
         //save the session ID, status and initialize the session nonce
         global_session_info.session_id = *session_id;
@@ -142,7 +121,7 @@ uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh
         */
         return status;
     }
-
+/*
 void LocalAttestationTrusted::get_verifier_mr_enclave(uint8_t* op_mr_enclave)
 {
   uint32_t counter;
@@ -156,3 +135,4 @@ void LocalAttestationTrusted::set_apache_mr_signer(uint8_t* ip_mr_signer)
   for(counter=0; counter<32; counter++)
     apache_mr_signer[counter] = ip_mr_signer[counter];
 }
+*/

LocalAttestationCode/LocalAttestationTrustedWrapper.cpp

@@ -1,3 +1,4 @@
+#include "LocalAttestationCode_t.h"
 #include "LocalAttestationTrusted.h"
 uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
 {

Makefile

@@ -87,7 +87,7 @@ OPENSSL_INCLUDES := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include
 Trust_Lib_Name := libLocalAttestation_Trusted.a
 TrustLib_Cpp_Files := LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode/LocalAttestationCode_t.c
 TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
-TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
+TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include -I./Decryptor
 TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall
 TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 
@@ -167,8 +167,8 @@ Enclave_Compile_Flags += $(Enclave_Include_Paths)
 # Otherwise, you may get some undesirable errors.
 Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
         -Wl,--whole-archive -L$(OPENSSL_LIBRARY_PATH) -lsgx_tsgxssl -Wl,--no-whole-archive -lsgx_tsgxssl_crypto \
-	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-	-Wl,--start-group -L$(SGX_LIBRARY_PATH) -L. -lLocalAttestation_Trusted -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+	-Wl,--verbose -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -L$(SGX_LIBRARY_PATH) -L. -L./Decryptor -L./LocalAttestationCode -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
 	-Wl,-Bstatic -Wl,-Bsymbolic  \
 	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
 	-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
@@ -196,7 +196,7 @@ endif
 endif
 
 ifeq ($(Build_Mode), HW_RELEASE)
-all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name)  $(UnTrustLib_Name) Decryptor.so $(App_Name)
+all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Decryptor.so $(App_Name)
 	@echo "The project has been built in release hardware mode."
 	@echo "Please sign the enclaves (PHP.so, Decryptor.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave."
 	@echo "To sign the enclaves use the following commands:"
@@ -234,11 +234,15 @@ LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttesta
 	@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h
+LocalAttestationCode/LocalAttestationTrustedWrapper.o: LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationCode_t.h
 	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
 	@echo "CC   <= $<"
 
-$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects)
+LocalAttestationCode/LocalAttestationTrusted.o: LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode/LocalAttestationCode_t.h
+	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
+	@echo "CC   <= $<"
+
+$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o LocalAttestationCode/LocalAttestationTrustedWrapper.o LocalAttestationCode/LocalAttestationTrusted.o
 	@$(AR) rcs $@ $^
 	@echo "GEN  =>  $@"
 
@@ -285,23 +289,22 @@ Decryptor/Decryptor_t.o: Decryptor/Decryptor_t.c
 
 Decryptor/%Box.o: Decryptor/%Box.cpp 
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+	@echo "CXX  <=  $<"
 
 Decryptor/ECDHKeypair.o: Decryptor/ECDHKeypair.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+	@echo "CXX   <=  $<"
 
 Decryptor/DecryptorWrapper.o: Decryptor/DecryptorWrapper.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+	@echo "CXX  <=  $<"
 
 Decryptor/Decryptor.o: Decryptor/Decryptor.cpp #Decryptor/HybridEncryptionBox.cpp Decryptor/ECDSASignatureBox.cpp Decryptor/ECDHKeypair.cpp Decryptor/SymmetricEncryptionBox.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
 	@echo "CXX  <=  $<"
 
-#CommonOpensslCode/Openssl_crypto.o: CommonOpensslCode/Openssl_crypto.cpp
-#	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
-#	@echo "CXX  <=  $<"
-
-Decryptor.so: Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o  $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o 
-	@$(CXX)  Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o -o $@ $(Decryptor_Link_Flags)
+Decryptor.so: Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o 
+	@$(CXX) $^ -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_2): Decryptor.so