Browse Source

Refactored sealing code into another class and made other edits to get it to compile.

dettanym 2 years ago
parent
commit
7f157da341
7 changed files with 192 additions and 149 deletions
  1. 40 103
      App/App.cpp
  2. 1 1
      App/LocalAttestationUntrusted.cpp
  3. 122 0
      App/Sealing.cpp
  4. 1 1
      CommonOpensslCode/Openssl_crypto.cpp
  5. 0 31
      Decryptor/Decryptor.cpp
  6. 27 0
      Include/Sealing.h
  7. 1 13
      Makefile

+ 40 - 103
App/App.cpp

@@ -1,33 +1,3 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
- *
- */
 // App.cpp : Defines the entry point for the console application.
 #include <stdio.h>
 #include <map>
@@ -36,18 +6,10 @@
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
-#include<unistd.h>
-// for sealing - sgx_calc_sealed_data_size
-#include "sgx_tseal.h"
 #include "LocalAttestationUntrusted.h"
+#include "Sealing.h"
 
 
-// For reading from/writing to file -sealing.
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
-
 //#define UNUSED(val) (void)(val)
 #define TCHAR   char
 #define _TCHAR  char
@@ -58,7 +20,7 @@
 //extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
 //int __ImageBase=0;
 
-sgx_enclave_id_t e2_enclave_id = 0;
+sgx_enclave_id_t enclave_id = 0;
 #define Decryptor_PATH "libDecryptor.so"
 //////////////////////////////////////////////////
 
@@ -108,7 +70,7 @@ uint32_t unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_f
 	printf("%x ", *(sealed_data+counter));
   printf("\n");  fflush(stdout);
 
-  Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
+  Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, sealed_data, &length);
   free(sealed_data);
   return ret_status;
 }
@@ -118,13 +80,13 @@ uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
   uint32_t ret_status=0, length=0, counter=0;
   uint8_t* sealed_data;
 
-  Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
+  Decryptor_calculate_sealed_keypair_size_wrapper(enclave_id, &length);
   if(length == 0xFFFFFFFF)
     return 0xFFFFFFFF;
   sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
         printf("length: %d\n", length); fflush(stdout);
 
-  Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
+  Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, &length, sealed_data);
   if(ret_status != SGX_SUCCESS)
   {
     printf("create_and_seal called returned an error: %x", ret_status);
@@ -142,76 +104,51 @@ uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
 
 int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 {
-    uint32_t ret_status;
+    uint32_t ret_status, counter;
     sgx_status_t status;
     // For sgx setup
     int launch_token_updated;
     sgx_launch_token_t launch_token;
-    sgx_ec256_public_t pub_key;  uint32_t counter;
+    // sgx_ec256_public_t pub_key;
+    int server_fd, accept_fd;
 
-    size_t sealed_msg_length_in_file;
-    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
+    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_id, NULL);
     if(status != SGX_SUCCESS)
     {
         printf("\nLoad Enclave Failure");
         return -1;
     }
-    printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
+    printf("\nDecryptor - EnclaveID %" PRIx64, enclave_id);
     fflush(stdout);
 
-    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
-    if(sealed_signing_key_fd == -1)
+    // Sealing class looks for this file on disk.
+    // If it exists, it reads the file, does an ecall to unseal the content and loads the signing-verification keypair.
+    // Otherwise, it runs an ecall that creates such a keypair, seals it and then writes the content to disk.
+    // In either case, this keypair is initialized within the enclave.
+    Sealing sealer;
+    const char* sealed_keypair_file = "sealed_signing_key.txt";
+    ret_status = sealer.initialize_long_term_keypair(enclave_id, sealed_keypair_file);
+    if(ret_status != 0)
     {
-      perror("\nError in opening the file sealed_signing_key.txt - ");
-      fflush(stderr);
-      return 0xFFFFFFFF;
+        sgx_destroy_enclave(enclave_id);
+        return ret_status;
     }
-    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
-    fflush(stdout);
-      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
-      if(ret_status != 0)
-      {
-	       perror("error in finding the file size. -  ");
-        fflush(stderr);
-	       return 0xffffffff;
-
-      }
-      sealed_msg_length_in_file = st.st_size;
-    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
-      // TODO: file is empty. create signing key pair.
-      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
-      { printf("Creating new keypair.\n"); fflush(stdout);     ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd); }
-    else
-    { printf("Unsealing keypair.\n"); fflush(stdout);      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, sealed_msg_length_in_file); }
-
-     if(ret_status != 0)
-      {
-	       printf("Some error \n");
-//        printf("\n %d error in generating the ecdsa signing key pair \n", errno);
-        fflush(stdout);
-        sgx_destroy_enclave(e2_enclave_id);
 
-        return 0xFFFFFFFF;
-      }
-
-
-    close(sealed_signing_key_fd);
-	uint8_t verification_key[64]; 
-	Decryptor_get_long_term_verification_key_wrapper(e2_enclave_id, verification_key); 
+    // Retrieves the long-term *verification* key that is initialized in the enclave as a result of the previous call.
+    uint8_t verification_key[64];
+	Decryptor_get_long_term_verification_key_wrapper(enclave_id, verification_key);
 	printf("Verification key\n"); fflush(stdout);
 	for(counter=0;counter<32;counter++)
 		printf("%02x", verification_key[counter]);
-	printf("\n"); fflush(stdout); 
-        for(counter=0;counter<32;counter++)
-                printf("%02x", verification_key[counter + 32]);
-        printf("\n"); fflush(stdout); 
-
+	printf("\n"); fflush(stdout);
+	for(counter=0;counter<32;counter++)
+	    printf("%02x", verification_key[counter + 32]);
+	printf("\n"); fflush(stdout);
 
-    int server_fd, accept_fd;
-    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(e2_enclave_id);
+    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(enclave_id);
     if(ret_status !=0)
     {
-      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
+      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(enclave_id);
       return ret_status;
     }
 
@@ -219,26 +156,26 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     if(server_fd <=0)
     {
       printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return server_fd;
     }
     printf("Successfully set up a socket to communicate with the verifier enclave.\n");
     fflush(stdout);
 
     // LA with the verifier
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id, server_fd, &accept_fd);
+    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id, server_fd, &accept_fd);
     if(ret_status!=0)
     {
       printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0xFFFFFFFF;
     }
 
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(e2_enclave_id, accept_fd);
+    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(enclave_id, accept_fd);
     if(ret_status!=0)
     {
       printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0xFFFFFF01;
     }
 
@@ -247,29 +184,29 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     if(server_fd <=0)
     {
       printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return server_fd;
     }
     printf("Successfully set up a socket to communicate with the Apache enclave.\n");
     fflush(stdout);
 
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,server_fd,&accept_fd);
+    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id,server_fd,&accept_fd);
     if(ret_status<0)
     {
       printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0xFFFFFFFF;
     }
 
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(e2_enclave_id,accept_fd);
+    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(enclave_id,accept_fd);
     if(ret_status!=0)
     {
       printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(e2_enclave_id);
+      sgx_destroy_enclave(enclave_id);
       return 0xFFFFFF01;
     }
 
-    sgx_destroy_enclave(e2_enclave_id);
+    sgx_destroy_enclave(enclave_id);
 
     return 0;
 }

+ 1 - 1
App/LocalAttestationUntrusted.cpp

@@ -195,7 +195,7 @@ using namespace google::protobuf::io;
     int LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) //, int port)
     {
       uint32_t protobuf_sgx_ret;
-      int temp_server_fd=0;
+
       protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &LocalAttestationUntrusted::session_id);
       if(protobuf_sgx_ret != 0)
       {

+ 122 - 0
App/Sealing.cpp

@@ -0,0 +1,122 @@
+//
+// Created by miti on 2019-12-21.
+//
+
+#include "../Include/Sealing.h"
+
+uint32_t Sealing::write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+{
+    lseek(fd, 0, SEEK_SET);
+    ssize_t bytes_written;
+    bytes_written = write(fd, msg, *expected_msg_length);
+    if(bytes_written <= 0)
+        return 0xFFFFFFFF;
+
+    fsync(fd);
+    *expected_msg_length = bytes_written;
+    close(fd);
+    return 0;
+}
+
+uint32_t Sealing::read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+{
+    ssize_t bytes_read;
+    lseek(fd, 0, SEEK_SET);
+    bytes_read = read(fd, msg, *expected_msg_length);
+    if(bytes_read <= 0)
+        return 0xFFFFFFFF;
+    *expected_msg_length = bytes_read;
+    return 0;
+}
+
+
+uint32_t Sealing::unseal_signing_key_pair_from_disk(sgx_enclave_id_t enclave_id, int fd, size_t sealed_msg_length_in_file)
+{
+    uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
+    uint8_t* sealed_data;
+
+    sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
+    // May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
+    ret_status = read_from_fd(fd, sealed_data, &length);
+    if(ret_status != 0)
+    {
+        free(sealed_data);
+        return 0xFFFFFFFF;
+    }
+
+    for(counter=0;counter<length;counter++)
+        printf("%x ", *(sealed_data+counter));
+    printf("\n");  fflush(stdout);
+
+    Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, sealed_data, &length);
+    free(sealed_data);
+    return ret_status;
+}
+
+uint32_t Sealing::create_and_seal_signing_key_pair_to_disk(sgx_enclave_id_t enclave_id, int fd)
+{
+    uint32_t ret_status=0, length=0, counter=0;
+    uint8_t* sealed_data;
+
+    Decryptor_calculate_sealed_keypair_size_wrapper(enclave_id, &length);
+    if(length == 0xFFFFFFFF)
+        return 0xFFFFFFFF;
+    sealed_data=(uint8_t*) malloc(length);
+    printf("length: %d\n", length); fflush(stdout);
+
+    Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, &length, sealed_data);
+    if(ret_status != SGX_SUCCESS)
+    {
+        printf("create_and_seal called returned an error: %x", ret_status);
+        free(sealed_data);
+        return 0xFFFFFFFF;
+    }
+    printf("It returned sgx_success\n"); fflush(stdout);
+    for(counter=0; counter<length; counter++)
+        printf("%02x ", sealed_data[counter]);
+    ret_status = write_to_fd(fd, sealed_data, &length);
+    free(sealed_data);
+
+    return ret_status;
+}
+
+// "sealed_signing_key.txt"
+uint32_t Sealing::initialize_long_term_keypair(sgx_enclave_id_t enclaveId, const char* filename)
+{
+    struct stat st;
+    size_t sealed_msg_length_in_file;
+    int sealed_signing_key_fd;
+    uint32_t ret_status;
+
+    sealed_signing_key_fd = open(filename, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
+    if(sealed_signing_key_fd == -1)
+    {
+        perror("\nError in opening the file \n");
+        fflush(stderr);
+        return 0xFFFFFFFF;
+    }
+
+    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
+    fflush(stdout);
+
+    ret_status = fstat(sealed_signing_key_fd, &st);
+    if(ret_status != 0)
+    {
+        perror("error in finding the file size. -  ");
+        fflush(stderr);
+        return 0xffffffff;
+
+    }
+    sealed_msg_length_in_file = st.st_size;
+    if(sealed_msg_length_in_file == 0)
+    {
+        printf("Creating new keypair.\n"); fflush(stdout);
+        ret_status = create_and_seal_signing_key_pair_to_disk(enclaveId, sealed_signing_key_fd);
+    }
+    else
+    {
+        printf("Unsealing keypair.\n"); fflush(stdout);
+        ret_status = unseal_signing_key_pair_from_disk(enclaveId, sealed_signing_key_fd, sealed_msg_length_in_file);
+    }
+    return 0;
+}

+ 1 - 1
CommonOpensslCode/Openssl_crypto.cpp

@@ -24,7 +24,7 @@ int generate_sha256_hash(const unsigned char *message, size_t message_len, unsig
 	if(EVP_DigestFinal_ex(mdctx, digest, &digest_len) != 1)
 		return 0x4;
 
-	if(digest_en != 32)
+	if(digest_len != 32)
 		return 0x5;
 
 	EVP_MD_CTX_destroy(mdctx);

+ 0 - 31
Decryptor/Decryptor.cpp

@@ -1,34 +1,3 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
 #include "Decryptor.h"
 #include "sgx_tseal.h"
 #include "sgx_tcrypto.h"

+ 27 - 0
Include/Sealing.h

@@ -0,0 +1,27 @@
+//
+// Created by miti on 2019-12-21.
+//
+
+#ifndef DECRYPTORAPP_SEALING_H
+#define DECRYPTORAPP_SEALING_H
+#include "../Decryptor/Decryptor_u.h"
+// for sealing - sgx_calc_sealed_data_size
+#include "sgx_tseal.h"
+// For reading from/writing to file -sealing.
+
+#include<unistd.h>
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+#include <stdio.h>
+class Sealing {
+    uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+    uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+    uint32_t unseal_signing_key_pair_from_disk(sgx_enclave_id_t enclave_id, int fd, size_t sealed_msg_length_in_file);
+    uint32_t create_and_seal_signing_key_pair_to_disk(sgx_enclave_id_t enclave_id, int fd);
+public:
+    uint32_t initialize_long_term_keypair(sgx_enclave_id_t enclave_id, const char* filename);
+};
+
+#endif //DECRYPTORAPP_SEALING_H

+ 1 - 13
Makefile

@@ -68,12 +68,6 @@ endif
 
 ######## Library Settings ########
 
-#PHPTrust_Lib_Name := libPHPLocalAttestation_Trusted.a
-#PHPTrustLib_Cpp_Files := $(wildcard PHPLocalAttestationCode/*.cpp)
-#PHPTrustLib_Cpp_Objects := $(PHPTrustLib_Cpp_Files:.cpp=.o)
-#PHPTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
-#PHPTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths)
-#PHPTrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 OPENSSL_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/lib64/
 OPENSSL_BAREBONES_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/openssl_source/openssl-1.1.0h/
 OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
@@ -91,12 +85,6 @@ TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SG
 TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall
 TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 
-#UnTrustLib_Name := libLocalAttestation_unTrusted.a
-#UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
-#UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
-#UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
-#UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
-
 ######## App Settings ########
 
 ifneq ($(SGX_MODE), HW)
@@ -271,7 +259,7 @@ App/%.o: App/%.cpp Decryptor/Decryptor_u.h #Enclave3/Enclave3_u.h
 	@$(CXX) $(App_Compile_Flags) -c $< -o $@
 	@echo "CXX  <=  $<"
 
-$(App_Name): App/App.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxLATransformsInitiator.o App/ProtobufLAMessages.pb.o   App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrustLib_Name)
+$(App_Name): App/App.o App/Sealing.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxLATransformsInitiator.o App/ProtobufLAMessages.pb.o   App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrustLib_Name)
 	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"