Finished incomplete refactoring of LA code (integrated LA class with

Decryptor class).

App/FileIO.cpp

@@ -59,8 +59,6 @@ namespace FileIO {
         if(file == NULL)
             return 2;
 
-        int fd = fileno(file);
-
         bytes_read = fread(msg, 1, *expected_msg_length, file);
         if(bytes_read == -1)
             return -1;

Decryptor/Decryptor.cpp

@@ -119,10 +119,10 @@
   void Decryptor::testing_long_term_verification_key(uint8_t* output)
   {
 	uint8_t keypair[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
-	uint32_t counter; 
-	signatureBox.get_keypair(keypair); 
+	uint32_t counter;
+	signatureBox.get_keypair(keypair);
 	for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE; counter++)
-		output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter]; 
+		output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter];
   }
 
   // EXTERNAL. DONE.
@@ -207,14 +207,14 @@
         internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, input_ciphertext_plus_tag, length, first_decryption_output, &first_decryption_output_length);
         if(internal_return_status != 0)
 	  return internal_return_status;
-	
-        if(first_decryption_output_length != 32) 
+
+        if(first_decryption_output_length != 32)
           return 0x33;
-        
+
         for(counter=0; counter<32; counter++)
           apache_mr_signer[counter] = *(first_decryption_output + counter);
-        
-        
+
+
         return 0;
   }
 
@@ -318,20 +318,20 @@
       uint32_t first_decryption_output_length, plaintext_client_data_length;
       uint32_t internal_return_status;
       // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
-      // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV) 
+      // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
       internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length,
               first_decryption_output, &first_decryption_output_length);
       if(internal_return_status != 0)
       	return internal_return_status;
-	
+
 	// then I obtain the plaintext client data, using the client's public key and own key to ultimately decrypt the client's ciphertext data
       internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
       if(internal_return_status != 0)
         return internal_return_status;
 
       // then I will encrypt the plaintext data to the target enclave.
-      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length); 
-	return internal_return_status; 
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
+	return internal_return_status;
     }
     */
 
@@ -375,7 +375,7 @@
 	}
 	void Decryptor::testing_get_short_term_public_key(uint8_t* output)
 	{
-		hybridEncryptionBoxClient.get_public_key(output); 
+		hybridEncryptionBoxClient.get_public_key(output);
 	}
 
 
@@ -383,3 +383,24 @@ void Decryptor::testing_get_apache_iv(uint8_t* op)
 {
 	//	symmetricEncryptionBoxApache.get_iv(op);
 }
+
+uint32_t Decryptor::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+{
+    return LA::session_request(dh_msg1, session_id);
+}
+
+    uint32_t Decryptor::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
+    {
+        sgx_key_128bit_t dh_aek;
+        sgx_dh_session_enclave_identity_t initiator_identity;
+        uint32_t la_ret_status = LA::exchange_report(dh_msg2, dh_msg3, session_id, &dh_aek, &initiator_identity);
+      if(la_ret_status == 0)
+      {
+        return Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m,
+                initiator_identity.mr_signer.m,
+                dh_aek);
+      }
+      else
+          return la_ret_status;
+
+    }

Decryptor/DecryptorWrapper.cpp

@@ -73,12 +73,10 @@ void get_apache_iv(uint8_t* op)
 
 uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
 {
-    // return LA::session_request(dh_msg1, session_id);
-    return 0;
+    return Decryptor::session_request(dh_msg1, session_id);
 }
 
 uint32_t exchange_report_wrapper(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
 {
-    // return LA::exchange_report(dh_msg2, dh_msg3, session_id);
-    return 0;
+    return Decryptor::exchange_report(dh_msg2, dh_msg3, session_id);
 }

Decryptor/LA.cpp

@@ -30,6 +30,7 @@
  */
 
 #include "../TrustedInclude/LA.h"
+    dh_session_t LA::global_session_info;
     //Handle the request from Source Enclave for a session
     uint32_t LA::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
     {
@@ -50,7 +51,7 @@
 
         *session_id=1;
 
-        global_session_info.status = IN_PROGRESS;
+        LA::global_session_info.status = IN_PROGRESS;
 
         //Generate Message1 that will be returned to Source Enclave
         status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
@@ -63,13 +64,13 @@
     }
 
     //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
-    uint32_t LA::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
+    uint32_t LA::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id,
+                                 sgx_key_128bit_t* dh_aek,
+                                 sgx_dh_session_enclave_identity_t* initiator_identity
+                                 )
     {
-        sgx_key_128bit_t dh_aek;
         uint32_t status = 0;
         sgx_dh_session_t sgx_dh_session;
-        sgx_dh_session_enclave_identity_t initiator_identity;
-        uint32_t verify_return;
         memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
 
         if(!dh_msg2 || !dh_msg3)
@@ -83,7 +84,7 @@
         dh_msg3->msg3_body.additional_prop_length = 0;
 
         //Process message 2 from source enclave and obtain message 3
-        status = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, &dh_aek, &initiator_identity);
+        status = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, dh_aek, initiator_identity);
         if(SGX_SUCCESS != status)
             return status;
 

TrustedInclude/Decryptor.h

@@ -47,8 +47,10 @@ public:
     static  void testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output);
 	static void testing_get_short_term_public_key(uint8_t* output); 
     static void testing_long_term_verification_key(uint8_t* output);
-	static void testing_get_apache_iv(uint8_t*); 
-  };
+	static void testing_get_apache_iv(uint8_t*);
+    static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
+    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id);
+};
 
 
 

TrustedInclude/LA.h

@@ -14,17 +14,18 @@
 #include "dh_session_protocol.h"
 #include "sgx_dh.h"
 #include "sgx_tcrypto.h"
-//#include "sgx_report.h"
 #include "../Decryptor/Decryptor_t.h"
 #include "string.h"
 class LA
 {
 private:
-    dh_session_t global_session_info;
+    static dh_session_t global_session_info;
 
 public:
-    uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
-    uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id);
+    static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
+    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id,
+            sgx_key_128bit_t* dh_aek,
+            sgx_dh_session_enclave_identity_t* initiator_identity);
 };
 
 #endif //DECRYPTORAPP_LA_H