|
@@ -7,14 +7,20 @@
|
|
|
#include <errno.h>
|
|
|
#include<unistd.h>
|
|
|
#include <stdio.h>
|
|
|
-#include "dhmsgs.pb.h"
|
|
|
+#include "ProtobufLAMessages.pb.h"
|
|
|
#include <google/protobuf/io/coded_stream.h>
|
|
|
#include <google/protobuf/io/zero_copy_stream_impl.h>
|
|
|
using namespace google::protobuf::io;
|
|
|
#include "protobufLAInitiator.h"
|
|
|
#include "../Decryptor/Decryptor_u.h"
|
|
|
#include "sgx_tcrypto.h"
|
|
|
+#include <iostream>
|
|
|
+
|
|
|
// TODO: Make these private functions
|
|
|
+int apache_fd;
|
|
|
+int decrypt_client_data_wrapper(unsigned char* op_plaintext , uint32_t own_enclave_id);
|
|
|
+
|
|
|
+
|
|
|
int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
|
{
|
|
|
ZeroCopyInputStream* raw_input;
|
|
@@ -39,6 +45,8 @@ int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& mess
|
|
|
return -1;
|
|
|
}
|
|
|
coded_input->PopLimit(limit);
|
|
|
+ delete raw_input;
|
|
|
+ delete coded_input;
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -105,6 +113,7 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
|
|
|
protobuf_sgx_dh_msg1_t protobuf_msg1;
|
|
|
protobuf_sgx_dh_msg2_t protobuf_msg2;
|
|
|
protobuf_sgx_dh_msg3_t protobuf_msg3;
|
|
|
+ protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
|
|
|
uint32_t protobuf_sgx_ret; uint32_t sgx_ret;
|
|
|
|
|
|
// For socket to listen to the Apache enclave.
|
|
@@ -176,22 +185,24 @@ Decryptor_decrypt_verifiers_message_set_apache_mrsigner(own_enclave_id, &sgx_ret
|
|
|
printf("Error in decryption: 0x%x\n", sgx_ret); fflush(stdout); return sgx_ret;
|
|
|
}
|
|
|
printf("Successful decryption\n"); fflush(stdout);
|
|
|
-//Decryptor_aes_gcm_internal_call(own_enclave_id, &sgx_ret, NULL, 0, NULL, NULL, NULL, NULL);
|
|
|
+
|
|
|
|
|
|
}
|
|
|
else
|
|
|
{
|
|
|
+
|
|
|
+ apache_fd=accept_fd;
|
|
|
uint8_t encrypted_sign_data_and_sign_and_tag[176];
|
|
|
memset(encrypted_sign_data_and_sign_and_tag,0x0,176);
|
|
|
uint8_t plaintext_sign_data_and_sign[160];
|
|
|
uint8_t plaintext_priv_key[32];
|
|
|
-//uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag);
|
|
|
sgx_ec256_signature_t sig2;
|
|
|
Decryptor_create_and_encrypt_mitigator_header_value(own_enclave_id, &sgx_ret, plaintext_sign_data_and_sign, encrypted_sign_data_and_sign_and_tag , encrypted_sign_data_and_sign_and_tag+160, plaintext_priv_key,&sig2);
|
|
|
if(sgx_ret!=0)
|
|
|
{
|
|
|
printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout); return 0xf3;
|
|
|
- }uint32_t count;
|
|
|
+ }
|
|
|
+ uint32_t count;
|
|
|
for(count=0;count<160;count++)
|
|
|
{
|
|
|
printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
|
|
@@ -206,7 +217,6 @@ Decryptor_decrypt_verifiers_message_set_apache_mrsigner(own_enclave_id, &sgx_ret
|
|
|
printf("\n"); fflush(stdout);
|
|
|
|
|
|
printf("Plaintext signature: \n"); fflush(stdout);
|
|
|
-// printf("Signature data:\n"); fflush(stdout);
|
|
|
for(count=0;count<32;count++)
|
|
|
{
|
|
|
printf("%02x", plaintext_sign_data_and_sign[count+96]);
|
|
@@ -235,13 +245,17 @@ Decryptor_decrypt_verifiers_message_set_apache_mrsigner(own_enclave_id, &sgx_ret
|
|
|
}
|
|
|
printf("\n"); fflush(stdout);
|
|
|
|
|
|
- // TODO: code to write signature data first
|
|
|
- bytes_written_post_la=write(accept_fd, encrypted_sign_data_and_sign_and_tag, 176);
|
|
|
- if(bytes_written_post_la!=176)
|
|
|
+ protobuf_encrypted_msg.set_msg((void*)encrypted_sign_data_and_sign_and_tag, 176);
|
|
|
+ if(write_protobuf_msg_to_fd(apache_fd, protobuf_encrypted_msg) != 0)
|
|
|
{
|
|
|
printf("Not all of the decryptor's signature was written to the Apache.\n"); fflush(stdout); return 0xfe;
|
|
|
}
|
|
|
-
|
|
|
+ unsigned char op_plaintext[160];
|
|
|
+ do {
|
|
|
+// sleep(100);
|
|
|
+ decrypt_client_data_wrapper(op_plaintext, own_enclave_id);
|
|
|
+// sleep(100);
|
|
|
+ } while(true);
|
|
|
|
|
|
|
|
|
}
|
|
@@ -251,3 +265,119 @@ Decryptor_decrypt_verifiers_message_set_apache_mrsigner(own_enclave_id, &sgx_ret
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
|
+
|
|
|
+
|
|
|
+// decrypt_client_data function that does a read-then-write loop
|
|
|
+// say msg length amount of bytes are read
|
|
|
+////// TODO: first need to decrypt all data received with the aes-gcm apache_iv
|
|
|
+////// Decryptor.cpp function gets the first 64 bytes as first arg and the rest of ciphertext as 2nd arg.
|
|
|
+// then need to call the sgx's compute_shared_key fn for ECDH key - on first 64 bytes.
|
|
|
+// print this key
|
|
|
+// call sha256 on it
|
|
|
+// TODO: decrypt rest of msglength - 64 bytes using this key. (set IV in crypto function)
|
|
|
+////// TODO: then encrypt all user data with apache's key
|
|
|
+////// return here
|
|
|
+/// write data.
|
|
|
+int decrypt_client_data_wrapper(unsigned char* op_plaintext , uint32_t own_enclave_id)
|
|
|
+{
|
|
|
+ protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg; uint32_t sgx_ret_status;
|
|
|
+
|
|
|
+ printf("Reading msg from apache"); fflush(stdout);
|
|
|
+ if(read_protobuf_msg_from_fd(apache_fd, protobuf_encrypted_msg)!=0)
|
|
|
+ {
|
|
|
+ printf("Not all of the Apache's message was read\n"); fflush(stdout); return 0xfe;
|
|
|
+ }
|
|
|
+
|
|
|
+ std::string protobuf_encrypted_msg_string(protobuf_encrypted_msg.msg());
|
|
|
+// printf("%s\n", protobuf_encrypted_msg_string.c_str()); fflush(stdout);
|
|
|
+ const char* temp_array = protobuf_encrypted_msg_string.c_str();
|
|
|
+ int counter;
|
|
|
+ for(counter=0;counter<protobuf_encrypted_msg_string.length();counter++)
|
|
|
+ printf("%d ",temp_array[counter]);
|
|
|
+ printf("\n"); fflush(stdout);
|
|
|
+
|
|
|
+ unsigned char client_data_from_apache[160+64]; //protobuf_encrypted_msg_string.size()); // set a large limit for "size" for third argument - client data - of 160 - so 160+64
|
|
|
+ memset(client_data_from_apache, 0, 160+64);
|
|
|
+ unsigned char* protobuf_string = (unsigned char*) protobuf_encrypted_msg_string.c_str();
|
|
|
+// client_data_from_apache = (unsigned char*) protobuf_encrypted_msg_string.c_str(); //temp_array;//(unsigned char*)&(std::vector<char> (protobuf_encrypted_msg_string.begin(), protobuf_encrypted_msg_string.end()))[0]; // This shit eats up 8 starting bytes - sets them to 0s
|
|
|
+ for(counter=0;counter<protobuf_encrypted_msg_string.length();counter++)
|
|
|
+ client_data_from_apache[counter]=*(protobuf_string+counter);
|
|
|
+
|
|
|
+ uint32_t ciphertext_length = protobuf_encrypted_msg_string.length()-64; // we hope it's greater than 0
|
|
|
+
|
|
|
+ unsigned char pub_key[64];
|
|
|
+ printf("Key in big endian form:\n"); fflush(stdout);
|
|
|
+ for(counter=0; counter<64; counter++)
|
|
|
+ printf("0x%02x ", *(client_data_from_apache + counter));
|
|
|
+ printf("\n"); fflush(stdout);
|
|
|
+
|
|
|
+ for(counter=0; counter<32; counter++)
|
|
|
+ {
|
|
|
+ *(pub_key + counter) = *(client_data_from_apache + 31 - counter);
|
|
|
+ *(pub_key + 32 + counter) = *(client_data_from_apache + 63 - counter);
|
|
|
+ }
|
|
|
+
|
|
|
+ printf("Key in lil endian form:\n"); fflush(stdout);
|
|
|
+ for(counter=0; counter<64; counter++)
|
|
|
+ printf("0x%02x ", *(pub_key + counter));
|
|
|
+ printf("\n"); fflush(stdout);
|
|
|
+ unsigned char client_data_to_apache[160+64]; //ciphertext_length);
|
|
|
+ for(counter=0;counter<ciphertext_length;counter++)
|
|
|
+ client_data_to_apache[counter]=client_data_from_apache[counter+64];
|
|
|
+ Decryptor_decrypt_client_data(own_enclave_id, &sgx_ret_status, pub_key, ciphertext_length, client_data_from_apache + 64, client_data_to_apache);
|
|
|
+ if(sgx_ret_status != 0)
|
|
|
+ {
|
|
|
+ printf("decrypt_client_data returned :0x%x\n", sgx_ret_status); fflush(stdout); //return sgx_ret_status;
|
|
|
+ }
|
|
|
+
|
|
|
+ // TODO: REMOVE THIS -
|
|
|
+// for(counter=0;counter<ciphertext_length;counter++)
|
|
|
+// client_data_to_apache[counter]=0x46;//client_data_from_apache[counter+64];
|
|
|
+ // TODO: Print the bytesize of the message. should be ciphertext_length=4 + more bytes for protobuf packing.
|
|
|
+ printf("About to write the following bytes to the apache\n"); fflush(stdout);
|
|
|
+ for(counter=0;counter<ciphertext_length;counter++)
|
|
|
+ printf("0x%02x ", client_data_to_apache[counter]);
|
|
|
+ printf("\n"); fflush(stdout);
|
|
|
+ protobuf_encrypted_msg.set_msg((void*) client_data_to_apache, ciphertext_length);// Is this message set tho?
|
|
|
+ if(write_protobuf_msg_to_fd(apache_fd, protobuf_encrypted_msg)!=0)
|
|
|
+ {
|
|
|
+ printf("Not all of the protobuf message was written to Apache.\n"); fflush(stdout); return 0xfe;
|
|
|
+ }
|
|
|
+ printf("Wrote data to Apache of length %d \n", protobuf_encrypted_msg.ByteSize());fflush(stdout);
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|