Works with sample verifier mrenclave being encrypted and written to Apache. Verification of signature not done yet.

App/App.cpp

@@ -252,7 +252,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     }
 
     close(sealed_signing_key_fd);
-
+    
     // LA with the verifier 
     ret_status=local_attestation_initiator(3825, e2_enclave_id);
     if(ret_status!=0)
@@ -333,8 +333,8 @@ else {
 return 0xFFFFFFFF;
 
     }*/
- 
-/*	sgx_ec256_public_t short_term_pub_key;
+ /*
+	sgx_ec256_public_t short_term_pub_key;
 	sgx_ec256_signature_t generated_signature;
  Decryptor_create_and_sign_client_side_pub_key(e2_enclave_id, &ret_status,&short_term_pub_key, &generated_signature);
 if(ret_status != SGX_SUCCESS)
@@ -351,8 +351,8 @@ for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++)
                         printf("0x%x", generated_signature.y[counter]);
                 }
 printf("\n"); fflush(stdout);
-*/
 
+*/
 
 
 

App/protobufLAInitiator.cpp

@@ -84,3 +84,36 @@ int decrypt_wrapper(uint32_t own_enclave_id, uint8_t* ciphertext, uint32_t ciphe
 
 	return ret_status;
 }
+
+int encrypt_wrapper(uint32_t own_enclave_id, uint8_t* ciphertext, uint32_t ciphertext_len,  uint8_t* tag , uint8_t* plaintext)
+{
+        uint32_t ret_status;
+        printf("received tag: \n"); fflush(stdout);
+        uint32_t count;
+        for(count=0;count<16;count++)
+                printf("0x%02x ",tag[count]);
+        printf("\n"); fflush(stdout);
+        for(count=0;count<ciphertext_len;count++)
+                printf("0x%02x ",ciphertext[count]);
+        printf("\n"); fflush(stdout);
+        Decryptor_encrypt(own_enclave_id, &ret_status, ciphertext, ciphertext_len, tag, plaintext);
+        if(ret_status!=0)
+        {
+                printf("encryption/decryption failed\n"); fflush(stdout);
+        //        return ret_status;
+        }
+//      else {
+        printf("received ciphertext: \n"); fflush(stdout);
+//        uint32_t count;
+        for(count=0;count<32;count++)
+                printf("0x%x ",ciphertext[count]);
+        printf("\n"); fflush(stdout);
+        printf("received plaintext: \n"); fflush(stdout);
+        for(count=0;count<32;count++)
+                printf("0x%x ",plaintext[count]);
+        printf("\n"); fflush(stdout);
+//      }
+
+        return ret_status;
+}
+

App/systemLA.cpp

@@ -12,7 +12,7 @@
 #include <google/protobuf/io/zero_copy_stream_impl.h>
 using namespace google::protobuf::io;
 #include "protobufLAInitiator.h"
-
+#include "../Decryptor/Decryptor_u.h"
 // TODO: Make these private functions
 int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
 {
@@ -111,7 +111,8 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
   struct sockaddr_in own_addr;
   struct sockaddr_storage apache_addr; socklen_t apache_addr_size = sizeof(apache_addr);
   uint32_t session_id;  uint8_t read_or_write;
-  size_t bytes_read_post_la; uint8_t encrypted_apache_mrsigner_and_tag[48];  uint8_t plaintext[32];
+  size_t bytes_read_post_la; uint8_t encrypted_apache_mrsigner_and_tag[48];  uint8_t encrypted_decryptor_signature_and_tag[80];
+  size_t bytes_written_post_la; 
   //  int counter;
   server_fd=set_up_socket(port, &own_addr);
   if(server_fd==-1)
@@ -148,27 +149,57 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
 
   if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg3)!=0)
     return -1;
+  read_or_write=0;  
+
+  printf("Here\n"); fflush(stdout); 
   if(read_or_write)
   {  
-  bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag, 32); 
-  if(bytes_read_post_la!=32)
-  {
-       printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout); return 0xfe;
-  }
-  bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag+32, 16);
-  if(bytes_read_post_la!=16)
-  {
+  	bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag, 32); 
+	  if(bytes_read_post_la!=32)
+ 	 {
+       	printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout); return 0xfe;
+ 	 }
+	  bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag+32, 16);
+	  if(bytes_read_post_la!=16)
+	  {
        printf("Not all of the encrypted apache's mrsigner **tag** was read from the verifier.\n"); fflush(stdout); return 0xfe;
-  }uint32_t count;
-  for(count=0;count<48;count++)
-	printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
-  printf("\n");fflush(stdout); 
-  sgx_ret=decrypt_wrapper(own_enclave_id, encrypted_apache_mrsigner_and_tag, 32, encrypted_apache_mrsigner_and_tag+32 , plaintext); 
-  if(sgx_ret!=0)
-  {
+  	}
+  	uint32_t count;
+  	for(count=0;count<48;count++)
+		printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
+  	printf("\n");fflush(stdout); 
+//  sgx_ret=decrypt_wrapper(own_enclave_id, encrypted_apache_mrsigner_and_tag, 32, encrypted_apache_mrsigner_and_tag+32 , plaintext); 
+Decryptor_decrypt_verifiers_message_set_apache_mrsigner(own_enclave_id, &sgx_ret, encrypted_apache_mrsigner_and_tag, encrypted_apache_mrsigner_and_tag+32);
+
+ 	 if(sgx_ret!=0)
+	  {
 	printf("Error in decryption: 0x%x\n", sgx_ret); fflush(stdout); return sgx_ret; 
+	  }
+	  printf("Successful decryption\n"); fflush(stdout); 
   }
-  printf("Successful decryption\n"); fflush(stdout); 
+  else 
+  {
+	memset(encrypted_decryptor_signature_and_tag,0x0,80);
+	Decryptor_encrypt_mitigator_header_to_apache(own_enclave_id, &sgx_ret, encrypted_decryptor_signature_and_tag , encrypted_decryptor_signature_and_tag+64);
+	if(sgx_ret!=0)
+	{
+		printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout); return 0xf3;
+	}uint32_t count; 
+	for(count=0;count<80;count++)
+	{
+		printf("0x%02x ", encrypted_decryptor_signature_and_tag[count]);
+
+	}
+	printf("\n"); fflush(stdout); 
+
+	bytes_written_post_la=write(accept_fd, encrypted_decryptor_signature_and_tag, 80);
+	  if(bytes_written_post_la!=80)
+         {
+        printf("Not all of the decryptor's signature was written to the Apache.\n"); fflush(stdout); return 0xfe;
+         }
+
+
+
   }
 
         printf("Successfully done Local attestation\n");

Decryptor/Decryptor.cpp

@@ -40,17 +40,48 @@
 #include "sgx_thread.h"
 #include "sgx_dh.h"
 #include <map>
+#include "sgx_tcrypto.h"
+#include "LocalAttestationCode_t.h"
+#include "sgx_tseal.h"
+
+// internal-internal
+uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
+void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
+void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); 
+uint32_t create_and_sign_mitigator_header_value();
+
+uint32_t calculate_sealed_data_size( uint32_t input_size) ; 
+uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length,  __attribute__((unused)) uint8_t* sealed_data); 
+uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length);
+//uint32_t create_and_sign_mitigator_header_value(); 
+uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag);
+uint32_t encrypt_mitigator_header_to_apache(uint8_t* ciphertext, uint8_t* tag);
+
+
+uint32_t one_la_done=0; 
+sgx_ec256_public_t short_term_pub_key;
+sgx_ec256_private_t short_term_priv_key; 
+sgx_ec256_signature_t generated_signature;
+sgx_measurement_t apache_mr_signer; 
+sgx_measurement_t verifier_mr_enclave;
+sgx_ec256_private_t signing_priv_key;
 
-//#define UNUSED(val) (void)(val)
-//Function that is used to verify the trust of the other enclave
-//Each enclave can have its own way verifying the peer enclave identity
-extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_session_enclave_identity_t* peer_enclave_identity, sgx_measurement_t* expected_mr_signer)
+extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_session_enclave_identity_t* peer_enclave_identity)
 {
+	uint32_t count;
 	if(!peer_enclave_identity)
 	{
 		return INVALID_PARAMETER_ERROR;
 	}
-	if(expected_mr_signer != NULL) // apache enclave
+	if(one_la_done==0)
+	{
+                for(count=0; count<SGX_HASH_SIZE; count++)
+			verifier_mr_enclave.m[count]=peer_enclave_identity->mr_enclave.m[count]; 
+		memset(&(apache_mr_signer.m),0x0,SGX_HASH_SIZE); // "initialization" 
+		one_la_done=1;
+
+	}
+	else // apache enclave
 	{
 		sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
 		// verifier's mrsigner 
@@ -58,20 +89,249 @@ extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_se
 		int count;
 		for(count=0; count<SGX_HASH_SIZE; count++)
 		{
-			if( actual_mr_signer.m[count] != expected_mr_signer->m[count] )
-				return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
+			if( actual_mr_signer.m[count] != apache_mr_signer.m[count] )
+				return ENCLAVE_TRUST_ERROR; 
 		}
 	}
 	return SGX_SUCCESS;
+}
+
+// This needs to be called after the first local attestation is successful - otherwise, the internal apache_mr_signer.m will not be set properly for the comparison of the mrsigner for the 2nd LA in verify_peer_enclave_trust. 
+// (I.e. if it is not called then DoS 
+uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag)
+{
+return 	decrypt(ciphertext, 32, tag, (uint8_t*) &(apache_mr_signer.m)); 
+//	if(mrsigner_decryption_successful !=0)
+//		return mrsigner_decryption_successful; 
+}
+
+// ciphertext assumed to be at least 64 bytes, tag - at least 16 bytes
+uint32_t encrypt_mitigator_header_to_apache(uint8_t* ciphertext, uint8_t* tag)
+{
+	uint32_t ret_status=create_and_sign_mitigator_header_value();
+	if(ret_status != SGX_SUCCESS)
+        {
+		//      printf("Could not generate or sign another keypair for client-side, error:%x.\n", ret_status); fflush(stdout);
+		return 0xFFFFFFDD;
+	}
+
+	// serializing the weird signature string
+	uint8_t mitigator_header_unencrypted[64]; 
+	uint8_t *current_sig_byte = (uint8_t*)(&(generated_signature.x)); 
+	uint32_t ecdsa_sig_count; 
+	for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
+		mitigator_header_unencrypted[ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count); 
+        current_sig_byte = (uint8_t*)(&(generated_signature.y)); 
+        for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
+                mitigator_header_unencrypted[ecdsa_sig_count+32]=*(current_sig_byte+ecdsa_sig_count); 
+
+	ret_status = encrypt_internal(mitigator_header_unencrypted, 64, tag, ciphertext); 
+	return ret_status; 
+}
+
+
+
+
+uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
+{
+  sgx_status_t se_ret; sgx_status_t se_ret2;
+  //create ECC context
+  sgx_ecc_state_handle_t ecc_state = NULL;
+  se_ret = sgx_ecc256_open_context(&ecc_state);
+  if(SGX_SUCCESS != se_ret)
+    return se_ret;
+
+  // generate private key and public key
+  se_ret = sgx_ecc256_create_key_pair(priv_key, pub_key, ecc_state);
+  se_ret2 = sgx_ecc256_close_context(ecc_state);
+
+  if(SGX_SUCCESS != se_ret || se_ret2!= SGX_SUCCESS) // something weird has happened - couldn't shut it down.
+    return 0xFFFFFFFF;
+  return SGX_SUCCESS;
+}
+
+// todo: set to private
+// todo: assumes that the length of the keystring is at least 3*SGX_ECP256_KEY_SIZE
+void serialize_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string)
+{
+  if(private_public_key_string != NULL)  // nowhere to serialize to
+  {
+     uint32_t counter;
+     if(pub_key != NULL)  // public key to serialize
+     {
+        for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+          *(private_public_key_string+counter)=pub_key->gx[counter];
+
+        for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
+           *(private_public_key_string+counter)=pub_key->gy[counter-SGX_ECP256_KEY_SIZE];
+     }
+
+     if(signing_priv_key != NULL) // private key to serialize
+     {
+       for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
+          *(private_public_key_string+counter)=signing_priv_key->r[counter - 2*SGX_ECP256_KEY_SIZE];
+     } 
+  }
+}
+
+
+// todo: set to private
+void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key)
+{
+  if(private_public_key_string != NULL) // nowhere to deserialize from 
+  {
+    uint32_t counter;
+    if(signing_priv_key != NULL) 
+    {
 
- /*   if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
+     for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
+       signing_priv_key->r[counter-2*SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
+    }
+
+    if(pub_key != NULL)
     {
-        return ENCLAVE_TRUST_ERROR;
+      for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+        	pub_key->gx[counter]=*(private_public_key_string+counter);
+
+      for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
+  	pub_key->gy[counter-SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
     }
-    else
+  }
+}
+
+
+uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length,
+ __attribute__((unused)) uint8_t* sealed_data)
+{
+    uint32_t ret_status; sgx_ec256_private_t private_key;  uint32_t counter;
+    ret_status=create_ecdsa_key_pair(pub_key, &private_key);
+    if(ret_status!=SGX_SUCCESS)
+       return ret_status;
+    for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
+	signing_priv_key.r[counter]=private_key.r[counter]; 
+    // generating the entire string as there is no SGX function to generate the public key from the private one.
+    uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
+    uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
+    // serializing keypair to string
+    serialize_key_pair_to_string(pub_key, &private_key, private_public_key_string);
+    uint8_t* private_key_string = (uint8_t*) malloc(SGX_ECP256_KEY_SIZE); 
+    for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+	*(private_key_string+counter)=private_key.r[counter];
+//    return *sealed_data_length;
+    ret_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2); 
+    for(counter=0;counter<*sealed_data_length;counter++)
+	*(sealed_data+counter)=*(sealed_data2+counter); 
+    free(sealed_data2);
+    free(private_key_string);  //free(private_key);  
+    free(private_public_key_string);
+
+    return ret_status; // SGX_SUCCESS; 
+}
+
+/*
+uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused))  uint8_t* sealed_data, __attribute__((unused))   uint32_t* sgx_sealed_data_length)
+{
+	return SGX_SUCCESS; 
+
+}*/
+
+uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
+{
+  uint32_t expected_plaintext_msg_length; uint8_t* temp_plaintext; uint32_t counter; uint32_t ret_status;
+  expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
+  if(expected_plaintext_msg_length == 0xffffffff)
+    return 0xFFFFFFFF;
+
+//  uint32_t return_status; 
+  uint8_t* sealed_data2 = (uint8_t*) malloc(*sgx_sealed_data_length); 
+  for(counter=0;counter<*sgx_sealed_data_length;counter++)
+  {
+	*(sealed_data2+counter)=*(sealed_data+counter); 
+  }
+
+  temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
+  ret_status = sgx_unseal_data((sgx_sealed_data_t*)sealed_data2, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
+  if(ret_status != SGX_SUCCESS)
+  {
+    free(temp_plaintext);free(sealed_data2);
+    switch(ret_status)
     {
-        return SUCCESS;
-    }*/
-return SUCCESS; //ENCLAVE_TRUST_ERROR;
+      case SGX_ERROR_MAC_MISMATCH:
+          // MAC of the sealed data is incorrect.          The sealed data has been tampered.
+          break;
+      case SGX_ERROR_INVALID_ATTRIBUTE:
+          // Indicates attribute field of the sealed data is incorrect.
+          break;
+      case SGX_ERROR_INVALID_ISVSVN:
+          // Indicates isv_svn field of the sealed data is greater than            the enclave�s ISVSVN. This is a downgraded enclave.
+          break;
+      case SGX_ERROR_INVALID_CPUSVN:
+          // Indicates cpu_svn field of the sealed data is greater than            the platform�s cpu_svn. enclave is  on a downgraded platform.
+          break;
+      case SGX_ERROR_INVALID_KEYNAME:
+          // Indicates key_name field of the sealed data is incorrect.
+          break;
+      default:
+          // other errors
+          break;
+    }
+    return ret_status;
+  }
+   
+  deserialize_string_to_key_pair(temp_plaintext, pub_key, &signing_priv_key);
+  free(temp_plaintext); free(sealed_data2);  
+  return SGX_SUCCESS;
+}
+
+uint32_t create_and_sign_mitigator_header_value()
+{
+	// Otherwise: DoS or possible bypass (fake verifier does LA  but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave  or whatever is in the memory. 
+	if(one_la_done < 1)
+		return 0xde;  //  This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
+	// TODO: Comment this
+	memset(&(verifier_mr_enclave.m), 0x01, 32); 
+
+	// create key pair
+	uint32_t ret_status = create_ecdsa_key_pair(&short_term_pub_key, &short_term_priv_key);  uint32_t counter;
+	uint32_t ret_status2;
+        if(ret_status!=SGX_SUCCESS)
+           return ret_status;
+	// serialize public key, append mr_enclave 
+	uint8_t* public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE); // for .edl file - size parameter for serialize is 96 and this fits coz we need to append the mr_enclave to the pub key 
+	serialize_key_pair_to_string(&short_term_pub_key, NULL, public_key_string);
+	for(counter=32*2; counter<32*3; counter++) // appending mr_enclave
+		*(public_key_string+counter)=verifier_mr_enclave.m[counter]; 
+	// retrieve long-term private key from global variable - apparently, need to create a local copy or it crashes
+	sgx_ec256_private_t long_term_priv_key;
+	for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++) 
+		long_term_priv_key.r[counter] = signing_priv_key.r[counter];  
+	// sign public key with long-term private key 
+	sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle; 
+	//// opening context for signature
+	ret_status = sgx_ecc256_open_context(&ecc_handle); 
+	if(ret_status != SGX_SUCCESS) 
+		return ret_status; 
+	ret_status = sgx_ecdsa_sign(public_key_string,2*SGX_ECP256_KEY_SIZE, &long_term_priv_key, &local_signature, ecc_handle);
+	ret_status2 = sgx_ecc256_close_context(ecc_handle); 
+	free(public_key_string); 
+	if(ret_status == SGX_SUCCESS) 
+	{
+		for(counter=0;counter<SGX_NISTP_ECP256_KEY_SIZE/sizeof(uint32_t); counter++)
+		{
+			generated_signature.x[counter] = local_signature.x[counter]; 
+                        generated_signature.y[counter] = local_signature.y[counter]; 
+		}
+	}
+	if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
+		return 0xFFFFFFFF;
+	return 0; 
+}
+
+
+uint32_t calculate_sealed_data_size( uint32_t input_size) 
+{
+//      *op_size=sgx_calc_sealed_data_size(0, input_size); 
+        return sgx_calc_sealed_data_size(0, input_size);
+
 }
 

Decryptor/Decryptor.edl

@@ -33,6 +33,21 @@
 enclave {
     include "sgx_eid.h"
     include "sgx_tcrypto.h"
-    from "../LocalAttestationCode/LocalAttestationCode.edl" import *;//session_request, exchange_report, create_and_seal_ecdsa_signing_key_pair, unseal_and_restore_sealed_signing_key_pair, end_session, calculate_sealed_data_size  ;
-//    trusted{};
+    from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
+    trusted{
+    #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
+// TODO: refine this to avoid crashes
+    #define MAX_POST_LA_MSG_SIZE 32 // 32 bytes for the mrsigner from the verifier that will be sent to the apache enclave BUT possibly much more for decrypted content
+
+
+	public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
+        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
+        public uint32_t calculate_sealed_data_size(uint32_t input_size); 
+public uint32_t decrypt_verifiers_message_set_apache_mrsigner([in, size=32] uint8_t* ciphertext, [in, size=16] uint8_t* tag);
+public uint32_t encrypt_mitigator_header_to_apache([out, size=64] uint8_t* ciphertext, [out, size=16] uint8_t* tag);
+ 
+
+
+
+};
 };

Include/protobufLAInitiator.h

@@ -1,4 +1,5 @@
 int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id, uint8_t* read);
 int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);
 int decrypt_wrapper(uint32_t own_enclave_id, uint8_t* ciphertext, uint32_t ciphertext_len, uint8_t* tag, uint8_t* plaintext); 
+int encrypt_wrapper(uint32_t own_enclave_id, uint8_t* plaintext, uint32_t plaintext_len,  uint8_t* tag , uint8_t* ciphertext);
 

LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -48,13 +48,13 @@
 extern "C" {
 #endif
 
-uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, sgx_measurement_t* measurement);
+uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
 #ifdef __cplusplus
 }
 #endif
-uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
-void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
-void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); 
+//uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
+//void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
+//void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); 
 
 
 
@@ -66,12 +66,8 @@ void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec25
 
 ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
 ATTESTATION_STATUS end_session();
-sgx_ec256_private_t signing_priv_key;
-sgx_ec256_private_t short_term_priv_key;
-sgx_ec256_public_t short_term_pub_key; // for testing only: to test verification of signature
-uint32_t one_la_done; 
-sgx_measurement_t verifier_mr_enclave;
-sgx_measurement_t apache_mr_signer; 
+//sgx_ec256_private_t signing_priv_key;
+uint32_t one_successful_la_done;
 sgx_ecc_state_handle_t ecc_state;
 
 
@@ -129,7 +125,7 @@ ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
 ATTESTATION_STATUS exchange_report(
                           sgx_dh_msg2_t *dh_msg2,
                           sgx_dh_msg3_t *dh_msg3,
-                          uint32_t* session_id, uint8_t* read)
+                          uint32_t* session_id, uint8_t* read_or_write)
 {
 
     sgx_key_128bit_t dh_aek;   // Session key
@@ -173,28 +169,17 @@ ATTESTATION_STATUS exchange_report(
 	uint32_t hash_count; 
         // THIS IS WHERE THE DECRYPTOR VERIFIES THE APACHE'S MRSIGNER IS THE PUBLIC KEY GIVEN AFTER THE LOCAL ATTESTATION WITH THE VERIFIER.
         //Verify source enclave's trust
-	if(one_la_done == 0) 
+	uint32_t verify_return=verify_peer_enclave_trust(&initiator_identity); 
+	if(verify_return!=0)
+		return verify_return; 
+	if(one_successful_la_done == 0) 
 	{
-		one_la_done = 1; *read=1;
-	        uint32_t ret = verify_peer_enclave_trust(&initiator_identity, NULL);
-	        if(ret != SUCCESS)
-        	{
-            		return ret; //INVALID_SESSION;
-       		}
-		for(hash_count=0; hash_count<32; hash_count++)
-			verifier_mr_enclave.m[hash_count] = initiator_identity.mr_signer.m[hash_count];
-	} 
-	else 
-	{
-		one_la_done=0; return 0xFFFFFFFF;
-		/*
-		uint32_t ret = verify_peer_enclave_trust(&initiator_identity, &apache_mrsigner);
-                if(ret != SUCCESS)
-                {
-                        return ret; //INVALID_SESSION;
-                }
-		*/
+		one_successful_la_done = 1; *read_or_write=1;
 	}
+	else
+	{
+		one_successful_la_done=2; *read_or_write=0; 
+	} 
 
 	// TODO: Verify that these changes will be lost on update. 
         //save the session ID, status and initialize the session nonce
@@ -209,7 +194,7 @@ ATTESTATION_STATUS exchange_report(
 
     return status;
 }
-
+/*
 ATTESTATION_STATUS encrypt(__attribute__((unused)) uint8_t *plaintext, __attribute__((unused)) size_t plaintext_length, __attribute__((unused)) uint8_t* payload_tag, __attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) uint32_t* active_counter)
 {
 //	return 0;
@@ -271,7 +256,7 @@ free(shared_key); free(temp_plaintext); free(temp_req_message);
 //return global_session_info.active.counter-1; 
 
 }
-/*
+
 uint32_t decrypt(__attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) size_t ciphertext_length, __attribute__((unused)) uint8_t* payload_tag,  __attribute__((unused)) uint8_t* plaintext, __attribute__((unused)) size_t plaintext_length)
 {
         uint32_t count; sgx_status_t status;
@@ -323,7 +308,7 @@ temp_plaintext, iv, 0xc, NULL, 0, &(temp_req_message->message_aes_gcm_data.paylo
 }
 */
 
-
+/*
 uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
 {
   sgx_status_t se_ret; sgx_status_t se_ret2;
@@ -362,16 +347,7 @@ void serialize_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private
      {
        for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
           *(private_public_key_string+counter)=signing_priv_key->r[counter - 2*SGX_ECP256_KEY_SIZE];
-     }
-/*
-     if(pub_key != NULL)  // public key to serialize
-     {
-        for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
-          *(private_public_key_string+counter)=pub_key->gx[counter-SGX_ECP256_KEY_SIZE];
-
-        for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
-           *(private_public_key_string+counter)=pub_key->gy[counter-2*SGX_ECP256_KEY_SIZE];
-     }*/
+     } 
   }
 }
 
@@ -428,12 +404,12 @@ uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec
     return ret_status; // SGX_SUCCESS; 
 }
 
-/*
+
 uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused))  uint8_t* sealed_data, __attribute__((unused))   uint32_t* sgx_sealed_data_length)
 {
 	return SGX_SUCCESS; 
 
-}*/
+}
 
 uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
 {
@@ -488,7 +464,7 @@ uint32_t create_and_sign_client_side_pub_key(sgx_measurement_t* mr_enclave,  sgx
 	// create key pair
 	uint32_t ret_status = create_ecdsa_key_pair(&short_term_pub_key, &short_term_priv_key);  uint32_t counter;
 	uint32_t ret_status2;
-       if(ret_status!=SGX_SUCCESS)
+        if(ret_status!=SGX_SUCCESS)
            return ret_status;
 	// serialize public key, append mr_enclave 
 	uint8_t* public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE); // for .edl file - size parameter for serialize is 96 and this fits coz we need to append the mr_enclave to the pub key 
@@ -522,7 +498,7 @@ uint32_t create_and_sign_client_side_pub_key(sgx_measurement_t* mr_enclave,  sgx
 		return 0xFFFFFFFF;
 	return 0; 
 }
-
+*/
 
 
 uint32_t calculate_sealed_data_size( uint32_t input_size) 
@@ -578,8 +554,9 @@ ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
 
 uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
 {
+//	if(one_successful_la_done < 2) // doesn't matter as confidentiality of the signer is not a problem - changing it in memory so that the decryptor accepts another mrsigner is a problem. 
+//		return 0xfe; // will not return plaintext to the caller as this is the apache's mrsigner, sent to the verifier (value 1) or no LA done yet (value 0)
 	uint32_t return_status2; uint32_t count;
-//	unsigned char key[16]; uint32_t count;
 	unsigned char key[16]; 
 	// copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now. 
 	for(count=0;count<16;count++)
@@ -595,41 +572,72 @@ uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_ta
 		*(tag+count)=*(ip_tag+count);
 
 	uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
-//	uint8_t encryption_tag[16]; uint8_t decryption_tag[16]; 
-
-//	int ciphertext_len=48; int plaintext_len=32;
 	uint8_t iv[12]; 
-	// memset(ciphertext, 0, 48); memset(expected_plaintext, 0, 48); 
+	
 	memset(iv, 0, 12);  //memcpy(iv, &global_session_info.active.counter, 4); 
 	return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
-/*
-	// memset(expected_plaintext, 0, 32); memset(encryption_tag, 0, 16); memset(decryption_tag, 0, 16); 
-	return_status=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, hash, 32, ciphertext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
-	for(count=0;count<32;count++)
-		*(op_ciphertext+count)=ciphertext[count]; 
-
-	if(return_status == 0)
-return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, 32, expected_plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
-	else
-		return 0xffffffff;*/
 	for(count=0;count<ciphertext_len;count++)
 		*(op_plaintext+count)=plaintext[count]; 
-
+	free(plaintext); free (ciphertext); free(tag); 
 	return return_status2; 
 }
 
-uint32_t encrypt()
+uint32_t encrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
 {
+        uint32_t return_status2; uint32_t count;
+        unsigned char key[16];
+        // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now. 
+        for(count=0;count<16;count++)
+                key[count]=global_session_info.active.AEK[count];
 
+        // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
+        uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
+        for(count=0;count<ciphertext_len;count++)
+                *(ciphertext+count)=*(ip_ciphertext+count);
 
+        uint8_t* tag = (uint8_t*) malloc(16);
+        for(count=0;count<16;count++)
+                *(tag+count)=*(ip_tag+count);
 
-return 0; 
+        uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
+        uint8_t iv[12];
 
+        memset(iv, 0, 12);  //memcpy(iv, &global_session_info.active.counter, 4); 
+        return_status2=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
+        for(count=0;count<ciphertext_len;count++)
+                *(op_plaintext+count)=plaintext[count];
+        free(plaintext); free (ciphertext); free(tag);
+        return return_status2;
+}
 
+uint32_t encrypt_internal(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* op_tag, uint8_t* op_plaintext)
+{
+//return 	encrypt(ip_ciphertext, ciphertext_len, ip_tag, op_plaintext);
+        uint32_t return_status2; uint32_t count;
+        unsigned char key[16];
+        // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now. 
+        for(count=0;count<16;count++)
+                key[count]=global_session_info.active.AEK[count];
 
+        // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
+        uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
+        for(count=0;count<ciphertext_len;count++)
+                *(ciphertext+count)=*(ip_ciphertext+count);
 
-}
+        uint8_t tag[16];
+        uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
+        uint8_t iv[12];
+
+        memset(iv, 0, 12);  //memcpy(iv, &global_session_info.active.counter, 4); 
+        return_status2=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
+        for(count=0;count<ciphertext_len;count++)
+                *(op_plaintext+count)=plaintext[count];
+	for(count=0;count<16;count++)
+		op_tag[count]=tag[count]; 
+        free(plaintext); free (ciphertext); 
+        return return_status2;
 
+}
 
 
 

LocalAttestationCode/LocalAttestationCode.edl

@@ -33,22 +33,22 @@ enclave  {
     include "sgx_eid.h"
     include "datatypes.h"
 //    include "sgx_tcrypto.h" // For some reason, this is not being detected - macros are not being resolved!
-    #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included) 
+//    #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included) 
 // TODO: refine this to avoid crashes 
-    #define MAX_POST_LA_MSG_SIZE 32 // 32 bytes for the mrsigner from the verifier that will be sent to the apache enclave BUT possibly much more for decrypted content
+//    #define MAX_POST_LA_MSG_SIZE 32 // 32 bytes for the mrsigner from the verifier that will be sent to the apache enclave BUT possibly much more for decrypted content
     include "../Include/dh_session_protocol.h"
     trusted{
         public uint32_t session_request([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
         public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id, [out] uint8_t* read);
-        public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
-        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
+//        public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
+//        public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
         public uint32_t end_session();
-        public uint32_t calculate_sealed_data_size(uint32_t input_size); 
-public uint32_t create_and_sign_client_side_pub_key([in] sgx_measurement_t* mr_enclave, [out] sgx_ec256_public_t* generated_pub_key, [out] sgx_ec256_signature_t* generated_signature);
-//public uint32_t decrypt([in, size=48] uint8_t* ciphertext, [in, size=16] uint8_t* payload_tag, [out, size=MAX_POST_LA_MSG_SIZE] uint8_t* plaintext); 
-//public uint32_t encrypt([in, size=MAX_POST_LA_MSG_SIZE] uint8_t *plaintext, size_t plaintext_length, [out,size=16] uint8_t* payload_tag, [out, size=48] uint8_t* ciphertext, [out] uint32_t* counter);
-//public uint32_t decrypt([in, size=48] uint8_t* ciphertext, size_t ciphertext_length, [out, size=16] uint8_t* payload_tag, [out, size=MAX_POST_LA_MSG_SIZE] uint8_t* plaintext, size_t plaintext_length);
-public uint32_t decrypt([in, size=32] uint8_t* ip_ciphertext, uint32_t ciphertext_len  , [in,size=16] uint8_t* ip_tag , [out, size=32] uint8_t* op_plaintext );
+//        public uint32_t calculate_sealed_data_size(uint32_t input_size); 
+// public uint32_t create_and_sign_client_side_pub_key([in] sgx_measurement_t* mr_enclave, [out] sgx_ec256_public_t* generated_pub_key, [out] sgx_ec256_signature_t* generated_signature);
+public uint32_t encrypt([in, size=64] uint8_t* ip_ciphertext, uint32_t ciphertext_len, [out,size=16] uint8_t* ip_tag, [out,size=64] uint8_t* op_plaintext);
+public uint32_t decrypt([in, size=32] uint8_t* ip_ciphertext, uint32_t ciphertext_len, [in,size=16] uint8_t* ip_tag , [out, size=32] uint8_t* op_plaintext );
+uint32_t encrypt_internal([in, size=64] uint8_t* ip_ciphertext, uint32_t ciphertext_len, [out,size=16] uint8_t* ip_tag, [out,size=64] uint8_t* op_plaintext);
+
     };
     untrusted{
     };

Makefile

@@ -81,7 +81,7 @@ Trust_Lib_Name := libLocalAttestation_Trusted.a
 TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp)
 TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
 TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
-TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall -Wextra -Werror
+TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall  
 TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 
 #UnTrustLib_Name := libLocalAttestation_unTrusted.a
@@ -101,7 +101,7 @@ endif
 App_Cpp_Files := $(wildcard App/*.cpp)
 App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
 
-App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall -Wextra -Werror
+App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall 
 # Three configuration modes - Debug, prerelease, release
 #   Debug - Macro DEBUG enabled.
 #   Prerelease - Macro NDEBUG and EDEBUG enabled.
@@ -143,9 +143,9 @@ Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX
 
 CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
 ifeq ($(CC_BELOW_4_9), 1)
-	Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -Wall -Wextra -Werror
+	Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector -Wno-unused-variable -Wall 
 else
-	Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong -Wall -Wextra -Werror
+	Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong -Wno-unused-variable -Wall 
 endif
 
 Enclave_Compile_Flags += $(Enclave_Include_Paths)