Some changes to decryptor cpp file

Decryptor/Decryptor.cpp

@@ -37,7 +37,7 @@
   {
     uint32_t internal_return_status;
     uint32_t counter;
-
+    uint8_t verifier_mr_enclave[32];
     // create short-term ECDH key pair
     internal_return_status = hybridEncryptionBoxClient.generate_keypair();
     if(internal_return_status == NULL)
@@ -45,8 +45,9 @@
     hybridEncryptionBoxClient.get_public_key(token);
 
     // create token: concatenate short-term keypair with verifiers mrenclave.
+    LocalAttestationTrusted::get_verifier_mr_enclave(verifier_mr_enclave);
     for(counter=0;counter<32;counter++)
-      *(token + counter + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE) = *(localAttestation.verifier_mr_enclave[counter]);
+      *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];
 
     return 0;
   }
@@ -55,18 +56,19 @@
   {
     uint32_t internal_return_status;
     uint8_t local_signature[64];
-    uint8_t local_signature_data[hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32];
+    uint8_t local_signature_data[ECDH_PUBLIC_KEY_SIZE + 32];
+    uint32_t counter;
     // Otherwise: DoS or possible bypass (fake verifier does LA  but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave  or whatever is in the memory.
-    if(one_la_done < 1)
+    if(LocalAttestationTrusted::one_successful_la_done() < 1)
       return 0xde;  //  This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
-    internal_return_status = generate_mitigator_token(local_signature_data);
+    internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data);
     if(internal_return_status != 0x0)
       return internal_return_status;
 
-    internal_return_status = signatureBox.sign(local_signature_data, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
+    internal_return_status = signatureBox.sign(local_signature_data, ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
     if(internal_return_status != 0x0)
       return internal_return_status;
-    for(counter=0;counter<hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32;counter++)
+    for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE + 32;counter++)
       signature_data[counter] = local_signature_data[counter];
     for(counter=0;counter<64;counter++)
       signature[counter] = local_signature[counter];
@@ -81,9 +83,6 @@
     if(internal_return_status != 0)
       return internal_return_status;
 
-    private_public_key_string = (uint8_t*) malloc(signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
-    if(private_public_key_string == NULL)
-      return 0xff;
     signatureBox.get_keypair(private_public_key_string);
     return 0;
   }
@@ -93,14 +92,15 @@
     uint8_t* ciphertext;
     uint32_t ciphertext_length;
     uint8_t* tag;
+    uint32_t internal_return_status;
     // and now I will derive a shared key from the plaintext_client_public_key
     internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
     if(internal_return_status != 0)
       return internal_return_status;
 
     // and then I will decrypt the rest of the client data with that key.
-    ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE;
-    ciphertext_length = total_length - hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE - 16;
+    ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
+    ciphertext_length = total_length - ECDH_PUBLIC_KEY_SIZE - 16;
     tag = ciphertext + ciphertext_length;
 
     internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(ciphertext, ciphertext_length, plaintext_client_data, &plaintext_client_data_length, tag);
@@ -114,10 +114,11 @@
         uint32_t sgx_libcall_status;
         uint32_t internal_return_status;
         uint32_t temp_sealed_data_length;
-        uint8_t* temp_sealed_data, private_public_key_string;
+        uint8_t* temp_sealed_data;
+        uint8_t private_public_key_string[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
         uint32_t counter;
 
-        temp_sealed_data_length = sgx_calc_sealed_data_size(0, signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
+        temp_sealed_data_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
         if(temp_sealed_data_length == 0xFFFFFFFF)
           return 0x01;
 
@@ -142,17 +143,17 @@
     uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
     {
     	uint32_t counter;
-    	uint8_t sign_data_and_sign[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64];
-      uint8_t temp_ciphertext_token_H[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
+    	uint8_t sign_data_and_sign[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
+      uint8_t temp_ciphertext_token_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
       uint8_t temp_tag[16];
       uint32_t temp_ciphertext_token_H_length;
     	uint32_t internal_return_status;
 
-      internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + signatureBox.ECDH_PUBLIC_KEY_SIZE + 32);
+      internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + ECDH_PUBLIC_KEY_SIZE + 32);
     	if(internal_return_status != 0)
       	return internal_return_status;
 
-      internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
+      internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
       if(internal_return_status != 0)
         return internal_return_status;
 
@@ -262,4 +263,3 @@
       free(temp_output_ciphertext);
       return 0;
     }
-

Decryptor/Decryptor.h

@@ -1,7 +1,6 @@
 #include "sgx_eid.h"
 #include "sgx_tcrypto.h"
 #include "Decryptor_t.h"
-#include "EnclaveMessageExchange.h"
 #include "error_codes.h"
 #include "sgx_thread.h"
 #include "sgx_dh.h"

LocalAttestationCode/LocalAttestationTrusted.cpp

@@ -31,9 +31,14 @@
 
 // #include <stdint.h>
 #include "LocalAttestationTrusted.h"
+uint32_t LocalAttestationTrusted::is_one_successful_la_done()
+{
+  return one_successful_la_done;
+}
 
-  uint32_t LocalAttestationTrusted::verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
-  {
+
+uint32_t LocalAttestationTrusted::verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
+{
   	uint32_t count; sgx_measurement_t given_mr_signer ;
   	if(!peer_enclave_identity)
   	{
@@ -60,10 +65,9 @@
   	return SGX_SUCCESS;
   }
 
-//  public:
-    //Handle the request from Source Enclave for a session
-    uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
-    {
+//Handle the request from Source Enclave for a session
+uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+{
         sgx_dh_session_t sgx_dh_session;
         sgx_status_t status = SGX_SUCCESS;
 
@@ -93,10 +97,10 @@
         return 0;
     }
 
-    // TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
-    //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
-    uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
-    {
+// TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
+//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
+uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
+{
         sgx_key_128bit_t dh_aek;
         uint32_t status = 0;
         sgx_dh_session_t sgx_dh_session;
@@ -138,3 +142,17 @@
         */
         return status;
     }
+
+void LocalAttestationTrusted::get_verifier_mr_enclave(uint8_t* op_mr_enclave)
+{
+  uint32_t counter;
+  for(counter=0; counter<32; counter++)
+    op_mr_enclave[counter] = verifier_mr_enclave[counter];
+}
+
+void LocalAttestationTrusted::set_apache_mr_signer(uint8_t* ip_mr_signer)
+{
+  uint32_t counter;
+  for(counter=0; counter<32; counter++)
+    apache_mr_signer[counter] = ip_mr_signer[counter];
+}

LocalAttestationCode/LocalAttestationTrusted.h

@@ -57,13 +57,16 @@ class LocalAttestationTrusted {
   static uint8_t verifier_mr_enclave[32];
   static SymmetricEncryptionBox symmetricEncryptionBoxApache;
   static SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
-  static uint8_t apache_mr_signer[32]; 
+  static uint8_t apache_mr_signer[32];
   static uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
 public:
     static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
-    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id); 
-//    LocalAttestationTrusted(); 
-}; 
+    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id);
+    static void get_verifier_mr_enclave(uint8_t* op_mr_enclave);
+    static void set_apache_mr_signer(uint8_t* ip_mr_signer);
+    static uint32_t is_one_successful_la_done(); 
+//    LocalAttestationTrusted();
+};