Browse Source

Not working commit of compiling ECDHE key generation code. Correct code is in openssl_ecdhe folder. Linking error of thread functions not defined in stdc keeps throwing up.

dettanym 5 years ago
parent
commit
a20b36689c
4 changed files with 117 additions and 7 deletions
  1. 1 0
      App/App.cpp
  2. 100 0
      Decryptor/Decryptor.cpp
  3. 1 0
      Decryptor/Decryptor.edl
  4. 15 7
      Makefile

+ 1 - 0
App/App.cpp

@@ -57,6 +57,7 @@
 
 // Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
 //extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
+//int __ImageBase=0;
 
 sgx_enclave_id_t e2_enclave_id = 0;
 #define Decryptor_PATH "libDecryptor.so"

+ 100 - 0
Decryptor/Decryptor.cpp

@@ -44,6 +44,20 @@
 #include "LocalAttestationCode_t.h"
 #include "sgx_tseal.h"
 
+// openssl keygen function
+#include "tSgxSSL_api.h"
+
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+
+
+
+
+
 //extern dh_session_t global_session_info;
 uint8_t apache_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
 uint8_t client_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
@@ -507,3 +521,89 @@ static void reverse_byte_array(uint8_t *array, size_t size)
     }
 }
 
+uint32_t ec_key_gen(unsigned char* pub_key_x, unsigned char* pub_key_y, unsigned char* priv_key)
+{
+//	unsigned char entropy_buf[ADD_ENTROPY_SIZE] = {0};
+
+//	RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
+//	RAND_seed(entropy_buf, sizeof(entropy_buf));
+
+	EC_KEY * ec_key = NULL;
+    ec_key = EC_KEY_new_by_curve_name(OBJ_txt2nid("secp256r1"));
+    if (ec_key == NULL) {
+//    	printf("EC_KEY_new_by_curve_name failure: %ld\n", ERR_get_error());
+	    return 0xff;
+    }
+    
+	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);	
+	if (NULL == ec_group) {
+		EC_KEY_free(ec_key); 
+		return 0x0f;
+	}
+
+	EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+
+	int ret = EC_KEY_generate_key(ec_key);
+	if (!ret) {
+//        printf("EC_KEY_generate_key failure\n");
+	    return 0x01;
+	}
+	///////////////////////// Openssl code ////////////
+	const EC_POINT *public_k = NULL;
+	const BIGNUM *private_k = NULL;
+	public_k = EC_KEY_get0_public_key(ec_key);
+	if (NULL == public_k) 
+	{
+		EC_KEY_free(ec_key);
+		return 0x04;
+	}
+
+	private_k = EC_KEY_get0_private_key(ec_key);
+	if (NULL == private_k) 
+	{
+		EC_KEY_free(ec_key);
+		return 0x05;
+	}
+
+        if(!BN_bn2bin(private_k, priv_key))
+        {
+                EC_KEY_free(ec_key); 
+		return 0x06;
+        }
+
+
+        BIGNUM *pub_k_x = NULL;
+        BIGNUM *pub_k_y = NULL;
+        pub_k_x = BN_new();
+        pub_k_y = BN_new();
+        if (NULL ==  pub_k_x || NULL == pub_k_y) {
+                return SGX_ERROR_OUT_OF_MEMORY;
+        }
+
+	// extract two BNs representing the public key
+	//
+	if (!EC_POINT_get_affine_coordinates_GFp(ec_group, public_k, pub_k_x, pub_k_y, NULL)) 
+	EC_KEY_free(ec_key); 
+	{
+		BN_clear_free(pub_k_x); BN_clear_free(pub_k_y);	
+		return 0x07;
+	}
+
+	ret = BN_bn2bin(pub_k_x, pub_key_x); 
+	BN_clear_free(pub_k_x); 
+	if(ret == 0)
+	{
+		BN_clear_free(pub_k_y); 
+		return 0x08; 
+	}
+
+	ret = BN_bn2bin(pub_k_y, pub_key_y);
+	BN_clear_free(pub_k_y);
+	if(ret == 0)
+        {
+  		return 0x09; 
+        }
+
+	return 0;
+}
+

+ 1 - 0
Decryptor/Decryptor.edl

@@ -46,6 +46,7 @@ enclave {
 public uint32_t decrypt_verifiers_message_set_apache_mrsigner([in, size=32] uint8_t* ciphertext, [in, size=16] uint8_t* tag);
 public uint32_t create_and_encrypt_mitigator_header_value([out, size=160] uint8_t* plaintext_sign_data_and_sign, [out, size=160] uint8_t* encrypted_sign_data_and_sign, [out, size=16] uint8_t* tag, [out, size=32] uint8_t* signing_private_key, [out] sgx_ec256_signature_t* sig2);
 public uint32_t decrypt_client_data([in, size=64] unsigned char* client_pub_key, uint32_t ciphertext_length, [in, size=160] unsigned char* user_data, [out, size=160] unsigned char* client_data_to_apache);
+public uint32_t ec_key_gen([out, size=32] unsigned char* pub_key_x, [out, size=32] unsigned char* pub_key_y, [out, size=32] unsigned char* priv_key);
 
 
 

+ 15 - 7
Makefile

@@ -74,6 +74,12 @@ endif
 #PHPTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
 #PHPTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths)
 #PHPTrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
+OPENSSL_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/lib64/
+OpenSSL_Crypto_Library_Name := sgx_tsgxssl_crypto
+SGXSSL_Library_Name := sgx_tsgxssl
+SgxSSL_Link_Libraries := -L$(OPENSSL_LIBRARY_PATH) -Wl,--whole-archive -l$(SGXSSL_Library_Name) -Wl,--no-whole-archive -l$(OpenSSL_Crypto_Library_Name)
+#Security_Link_Flags := -Wl,-z,noexecstack -Wl,-z,relro -Wl,-z,now -pie
+OPENSSL_INCLUDES := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include
 
 
 
@@ -114,7 +120,8 @@ else
 	App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
 endif
 
-App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lprotobuf
+#App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lprotobuf
+App_Link_Flags := $(SGX_COMMON_CFLAGS) $(Security_Link_Flags) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lsgx_uae_service -L$(OPENSSL_LIBRARY_PATH) -lsgx_usgxssl -lpthread  -lprotobuf
 
 ifneq ($(SGX_MODE), HW)
 	App_Link_Flags += -lsgx_uae_service_sim
@@ -139,7 +146,7 @@ endif
 Crypto_Library_Name := sgx_tcrypto
 
 Enclave_Cpp_Files_2 := $(wildcard Decryptor/*.cpp)
-Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include
+Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include -I$(OPENSSL_INCLUDES)
 
 CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
 ifeq ($(CC_BELOW_4_9), 1)
@@ -157,11 +164,12 @@ Enclave_Compile_Flags += $(Enclave_Include_Paths)
 #       Use `--start-group' and `--end-group' to link these libraries.
 # Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
 # Otherwise, you may get some undesirable errors.
-Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \
+Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
+	-Wl,--verbose \
 	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-	-Wl,--start-group -L. -lLocalAttestation_Trusted   -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
-	-Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \
-	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic  \
+	-Wl,--start-group $(Security_Link_Flags) $(SgxSSL_Link_Libraries) -L$(SGX_LIBRARY_PATH) -L. -lLocalAttestation_Trusted  -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+ 	-Wl,-Bstatic -Wl,-Bsymbolic  \
+	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
 	-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
 Decryptor_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Decryptor_Version_Script)
 Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o)
@@ -273,7 +281,7 @@ Decryptor/%.o: Decryptor/%.cpp
 	@echo "CXX  <=  $<"
 
 Decryptor.so: Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
-	@$(CXX) -Wl,--no-undefined Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Decryptor_Link_Flags)
+	@$(CXX)  Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_2): Decryptor.so