Browse Source

Complete refactor - compiles, links. Yet to test it.

dettanym 2 years ago
parent
commit
aa16d23233

+ 5 - 65
App/App.cpp

@@ -1,14 +1,13 @@
 // App.cpp : Defines the entry point for the console application.
 #include <stdio.h>
 #include <map>
-#include "../Decryptor/Decryptor_u.h"
 #include "sgx_eid.h"
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
-#include "LocalAttestationUntrusted.h"
+// #include "LocalAttestationUntrusted.h"
 #include "Sealing.h"
-
+#include "MainLogic.h"
 
 //#define UNUSED(val) (void)(val)
 #define TCHAR   char
@@ -109,8 +108,6 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     // For sgx setup
     int launch_token_updated;
     sgx_launch_token_t launch_token;
-    // sgx_ec256_public_t pub_key;
-    int server_fd, accept_fd;
 
     status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_id, NULL);
     if(status != SGX_SUCCESS)
@@ -145,66 +142,9 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 	    printf("%02x", verification_key[counter + 32]);
 	printf("\n"); fflush(stdout);
 
-    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(enclave_id);
-    if(ret_status !=0)
-    {
-      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(enclave_id);
-      return ret_status;
-    }
-
-    server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3824);
-    if(server_fd <=0)
-    {
-      printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return server_fd;
-    }
-    printf("Successfully set up a socket to communicate with the verifier enclave.\n");
-    fflush(stdout);
-
-    // LA with the verifier
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id, server_fd, &accept_fd);
-    if(ret_status!=0)
-    {
-      printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return 0xFFFFFFFF;
-    }
-
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(enclave_id, accept_fd);
-    if(ret_status!=0)
-    {
-      printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return 0xFFFFFF01;
-    }
-
-	// LA 	with apache
-    server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3825);
-    if(server_fd <=0)
-    {
-      printf("Error in setting up server socket."); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return server_fd;
-    }
-    printf("Successfully set up a socket to communicate with the Apache enclave.\n");
-    fflush(stdout);
-
-    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id,server_fd,&accept_fd);
-    if(ret_status<0)
-    {
-      printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return 0xFFFFFFFF;
-    }
-
-    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(enclave_id,accept_fd);
-    if(ret_status!=0)
-    {
-      printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
-      sgx_destroy_enclave(enclave_id);
-      return 0xFFFFFF01;
-    }
+    MainLogic mainLogic;
+    mainLogic.set_enclave_id(enclave_id);
+    mainLogic.run_deployment_runtime_stage_logic();
 
     sgx_destroy_enclave(enclave_id);
 

+ 15 - 16
App/LAResponder/LA.cpp

@@ -1,8 +1,9 @@
 //
 // Created by miti on 2020-01-01.
 //
+#include "LA.h"
 #include <stdio.h>
-#include "../../Decryptor/Decryptor_u.h"
+#include "Decryptor_u.h"
 #include "sgx_eid.h"
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
@@ -10,22 +11,22 @@
 #include "ProtobufLAMessages.pb.h"
 #include "Transforms.h"
 
-int LA::generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1)
+uint32_t LA::generate_protobuf_dh_msg1(protobuf_sgx_dh_msg1_t& protobuf_msg1)
 {
     sgx_dh_msg1_t dh_msg1;            //Diffie-Hellman Message 1
     memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
     uint32_t ret_status;
-    Decryptor_session_request_wrapper(own_enclave_id, &ret_status, &dh_msg1);
+    Decryptor_session_request_wrapper(enclave_id, &ret_status, &dh_msg1);
     if(ret_status != SGX_SUCCESS)
         return 0xffffffff;
 
     Transforms::encode_msg1_to_protobuf(protobuf_msg1, &dh_msg1);
     printf("Generated the following Msg1: ------------- \n"); fflush(stdout);
-    Transforms::print_initialized_msg1(protobuf_msg1, &dh_msg1);
+    Transforms::print_initialized_msg1(protobuf_msg1);
     return 0;
 }
 
-int LA::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id)
+uint32_t LA::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3)
 {
     uint32_t ret_status;
     sgx_dh_msg2_t dh_msg2;            //Diffie-Hellman Message 2
@@ -35,20 +36,20 @@ int LA::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_
     memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
     memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
 
-    if(decode_msg2_from_protobuf(protobuf_msg2, &dh_msg2)!=0)
+    if(Transforms::decode_msg2_from_protobuf(protobuf_msg2, &dh_msg2)!=0)
         return -1;
 
     // process msg2 and generate msg3
-    Decryptor_exchange_report_wrapper(own_enclave_id, &ret_status, &dh_msg2, &dh_msg3);
+    Decryptor_exchange_report_wrapper(enclave_id, &ret_status, &dh_msg2, &dh_msg3);
     if(ret_status!=SGX_SUCCESS)
         return 0x35;
 
     // convert msg3 sgx_dh_msg3_t object to a protobuf msg3 object.
-    encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);
+    Transforms::encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);
     return 0;
 }
 
-int LA::conduct_la(uint32_t own_enclave_id, int fd)
+uint32_t LA::conduct_la(int fd)
 {
     // declare msg1, msg2, msg3 protobuf objects
     protobuf_sgx_dh_msg1_t protobuf_msg1;
@@ -60,7 +61,7 @@ int LA::conduct_la(uint32_t own_enclave_id, int fd)
 
     protobufReaderWriter.set_fd(fd);
 
-    protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1);
+    protobuf_sgx_ret = generate_protobuf_dh_msg1(protobuf_msg1);
     if(protobuf_sgx_ret != 0)
     {
         printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
@@ -74,7 +75,7 @@ int LA::conduct_la(uint32_t own_enclave_id, int fd)
     if(protobufReaderWriter.read_msg(protobuf_msg2)!=0)
         return 0x2;
 
-    protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3);
+    protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(protobuf_msg2, protobuf_msg3);
     if(protobuf_sgx_ret != 0)
     {
         printf("Error in process_protobuf_dh_msg2_generate_protobuf_dh_msg3: 0x%x", protobuf_sgx_ret);
@@ -89,9 +90,7 @@ int LA::conduct_la(uint32_t own_enclave_id, int fd)
 
 }
 
-void LA::get_la_symmetric_key(uint8_t* op_key)
+void LA::set_enclave_id(uint32_t given_eid)
 {
-    uint32_t counter;
-    for(counter=0; counter<16; counter++)
-        op_key[counter] = key[counter];
-}
+    enclave_id = given_eid;
+}

+ 3 - 3
App/LAInitiator/Transforms.cpp → App/LAResponder/Transforms.cpp

@@ -1,9 +1,9 @@
 //
 // Created by miti on 2020-01-01.
 //
-
+#include "Transforms.h"
 #include "ProtobufLAMessages.pb.h"
-#include "../Decryptor/Decryptor_u.h"
+#include "Decryptor_u.h"
 #include "sgx_eid.h"
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
@@ -275,7 +275,7 @@ int Transforms::decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_repo
     return 0;
 }
 
-int Transforms::print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
+int Transforms::print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1)
 {
     int counter;
     printf("Printing msg1:\n");

+ 0 - 330
App/LocalAttestationUntrusted.cpp

@@ -1,330 +0,0 @@
-// Knows only protobuf_sgx objects, protobuf header.
-// For socket programming
-#include <sys/socket.h>
-#include <stdlib.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include "ProtobufLAMessages.pb.h"
-#include <google/protobuf/io/coded_stream.h>
-#include <google/protobuf/io/zero_copy_stream_impl.h>
-using namespace google::protobuf::io;
-#include "protobufLAInitiator.h"
-#include "../Decryptor/Decryptor_u.h"
-#include <iostream>
-#include "LocalAttestationUntrusted.h"
-#include<sys/time.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-  uint32_t LocalAttestationUntrusted::session_id=0;
-  protobuf_sgx_dh_msg1_t LocalAttestationUntrusted::protobuf_msg1;
-  uint8_t* LocalAttestationUntrusted::output_ciphertext_plus_tag=NULL;
-
-
-  int LocalAttestationUntrusted::read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
-  {
-    ZeroCopyInputStream* raw_input;
-    CodedInputStream* coded_input;
-    uint32_t size;
-    CodedInputStream::Limit limit;
-    raw_input = new FileInputStream(accept_fd);
-    coded_input = new CodedInputStream(raw_input);
-    if(!coded_input->ReadVarint32(&size))
-    {
-      printf("Error in reading size of msg");
-      fflush(stdout);
-      return -1;
-    }
-    //printf("size of msg was read to be %" PRIu32 " \n", size);
-    fflush(stdout);
-    limit = coded_input->PushLimit(size);
-    if(!message.ParseFromCodedStream(coded_input))
-    {
-      printf("Error in parsing msg");
-      fflush(stdout);
-      return -1;
-    }
-    coded_input->PopLimit(limit);
-    delete raw_input;
-    delete coded_input;
-    return 0;
-  }
-
-  int LocalAttestationUntrusted::write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message)
-  {
-    ZeroCopyOutputStream* raw_output = new FileOutputStream(accept_fd);
-    CodedOutputStream* coded_output  = new CodedOutputStream(raw_output);
-    coded_output->WriteVarint32(message.ByteSize());
-    if(!message.SerializeToCodedStream(coded_output))
-    {
-      printf("SerializeToCodedStream failed");
-      fflush(stdout);
-      return -1;
-    }
-    // As per this - https://stackoverflow.com/questions/22881876/protocol-buffers-how-to-serialize-and-deserialize-multiple-messages-into-a-file?noredirect=1&lq=1
-    // TODO: There may be a better way to do this - 1) this happens with every accept now and 2) make it happen on the stack vs heap - destructor will be called on return from this function (main) and the items will then be written out. (We probably don't want that, actually)
-    delete coded_output;
-    delete raw_output;
-    fflush(stdout);
-    return 0;
-  }
-
-  // Sets up a socket to bind and listen to the given port. Returns FD of the socket on success, -1 on failure (and prints a msg to stdout with the errno)
-  int LocalAttestationUntrusted::set_up_socket(int port,   sockaddr_in* address)
-  {
-    int server_fd = 0;
-
-    // Creating socket file descriptor for listening for attestation requests.
-    server_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
-    if (server_fd == -1)
-    {
-       printf("Error in creating a socket - %d", errno);
-        return -1;
-    }
-
-    // Preparing the address struct for binding
-    address->sin_family = AF_INET;
-    address->sin_addr.s_addr = INADDR_ANY; // Todo: should this be localhost?
-    address->sin_port = htons(port);
-    //  memset(address->sin_zero,0,sizeof(address->sin_zero));
-
-    socklen_t addrlen = sizeof(*address);
-    // Binding
-    if (bind(server_fd, (sockaddr*)address, addrlen)<0)
-    {
-        printf("Error in binding %d - port was %d - ", errno, port);
-        return -1;
-    }
-
-    // Listening
-    if (listen(server_fd, 128) < 0)
-    {
-        printf("Error in listening %d", errno);
-        return -1;
-    }
-
-    return server_fd;
-  }
-
-  uint32_t LocalAttestationUntrusted::local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd)
-  {
-    uint32_t protobuf_sgx_ret;
-    protobuf_sgx_dh_msg2_t protobuf_msg2;
-    protobuf_sgx_dh_msg3_t protobuf_msg3;
-    printf("Writing message 1\n"); fflush(stdout);
-    if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg1)!=0)
-      return 0x1;
-
-    printf("Reading message 2\n"); fflush(stdout);
-    if(read_protobuf_msg_from_fd(accept_fd, protobuf_msg2)!=0)
-      return 0x2;
-
-    protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &LocalAttestationUntrusted::session_id);
-    if(protobuf_sgx_ret != 0)
-    {
-        printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
-    }
-
-    printf("Writing message 3\n"); fflush(stdout); 
-    if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg3)!=0)
-      return 0x3;
-    return 0;
-  }
-
-  int LocalAttestationUntrusted::decrypt_client_data(uint32_t own_enclave_id, int fd, uint8_t* output_ciphertext_plus_tag, uint8_t* input_ciphertext_plus_tag, int time_file_fd)
-  {
-    protobuf_post_LA_encrypted_msg_t protobuf_msg;
-    protobuf_post_LA_encrypted_msg_t protobuf_msg_response; 
-    unsigned char* protobuf_msg_ptr;
-    uint32_t sgx_ret_status=0;
-    uint32_t input_ciphertext_plus_tag_length;
-    uint32_t output_ciphertext_plus_tag_length;
-    struct timeval  tv1, tv2;
-    char time_buf[60] = {0};
-    size_t bytes_written;
-    unsigned long int new_time, old_time; 
-    uint32_t count; 
-    if(read_protobuf_msg_from_fd(fd, protobuf_msg)!=0)
-      return 0xfe;
-      gettimeofday(&tv1, NULL);
-
-    input_ciphertext_plus_tag_length = protobuf_msg.msg().length();
-    protobuf_msg_ptr = (uint8_t*) protobuf_msg.msg().c_str();
-
-    // Just so that the ciphertext - client data - is returned back to Apache in case this function fails.
-    // client data is after public key (64 bytes) 
-    protobuf_msg_response.set_msg((void*)  protobuf_msg_ptr + 64, input_ciphertext_plus_tag_length - 64);
-    
-    for(count=0;count<input_ciphertext_plus_tag_length;count++)
-    {
-	input_ciphertext_plus_tag[count]=protobuf_msg_ptr[count]; 
-    }
-
-    // We assume that the output is not changed unless it is successful throughout.
-    Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext_plus_tag, &output_ciphertext_plus_tag_length);
-      if(sgx_ret_status==0)
-      {
-      	protobuf_msg_response.set_msg((void*)  output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
-      }
-        else
-	{
-		printf("\n Error in decryptors call to the process_apache wrapper : 0x%02x\n", sgx_ret_status); 
-		for(count=0;count<output_ciphertext_plus_tag_length;count++)
-			printf("0x%02x ", output_ciphertext_plus_tag[count]); 
-		printf("\n"); fflush(stdout); 
-	}
-
-     if(write_protobuf_msg_to_fd(fd, protobuf_msg_response)!=0)
-     	     return 0xfc;
-
-     gettimeofday(&tv2, NULL);
-     new_time=tv2.tv_usec + tv2.tv_sec * 1000000; 
-     old_time=tv1.tv_usec + tv1.tv_sec * 1000000; 
-     bytes_written=sprintf(time_buf,  "%lu %lu\n", old_time, new_time); 
-     write(time_file_fd, time_buf, bytes_written);
-
-  	return 0;
-
-  }
-
- 
-    int LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) //, int port)
-    {
-      uint32_t protobuf_sgx_ret;
-
-      protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &LocalAttestationUntrusted::session_id);
-      if(protobuf_sgx_ret != 0)
-      {
-        printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
-      }
-      return 0;
-    }
-
-    int LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(int port)
-    {
-      struct sockaddr_in own_addr;
-      return set_up_socket(port, &own_addr);
-    }
-
-    // TODO: CHANGED SIGNATURE.
-    int LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int* accept_fd)
-    {
-      uint32_t protobuf_sgx_ret;
-      struct sockaddr_storage apache_addr;
-      socklen_t apache_addr_size = sizeof(apache_addr);
-
-      int temp_accept_fd;
-      temp_accept_fd = accept(server_fd, (struct sockaddr *)&apache_addr,&apache_addr_size);
-      if (temp_accept_fd <0)
-      {
-        printf("Error in accepting %d", errno); fflush(stdout);
-        return temp_accept_fd;
-      }
-      *accept_fd=temp_accept_fd;
-
-      protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
-      return protobuf_sgx_ret;
-    }
-
-    int LocalAttestationUntrusted::post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd)
-    {
-      uint32_t protobuf_sgx_ret;
-      uint8_t encrypted_apache_mrsigner_and_tag[150];
-      size_t bytes_read;
-	int count; 
-      printf("Here\n"); fflush(stdout);
-      bytes_read=read(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
-    	if(bytes_read!=60)
-     	{
-           	printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout);
-            close(accept_fd);
-            return 0xfe;
-     	}
-
-      for(count=0;count<60;count++)
-    	  printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
-      printf("\n");fflush(stdout);
-
-      Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag, 60);
-      if(protobuf_sgx_ret!=0)
-    	{
-        printf("Error in decryption: 0x%x\n", protobuf_sgx_ret); fflush(stdout);
-        close(accept_fd);
-        return protobuf_sgx_ret;
-    	}
-
-      printf("Successful decryption\n"); fflush(stdout);
-      close(accept_fd);
-	uint8_t output[64];
-      Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output); 
-	uint32_t counter;  
-	for(counter=0; counter<32; counter++)
-		printf("0x%x ", output[counter]);
-	printf("/n"); 
-        for(counter=32; counter<64; counter++)
-                printf("0x%x ", output[counter]);
-        printf("/n"); 
-
-	fflush(stdout);
-
-      return 0;
-
-    }
-
-    int LocalAttestationUntrusted::post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd)
-    {
-      protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
-      uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
-	uint32_t op_length;
-  	  memset(encrypted_sign_data_and_sign_and_tag,0x0,200);
-	    uint32_t internal_return_status;
-	    uint32_t count;
-	    uint32_t sgx_ret;
-
-        Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag, &op_length);
-      	if(sgx_ret!=0)
-      	{
-      		printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout);
-          close(accept_fd);
-          return 0xf3;
-      	}
-
-      	for(count=0;count<op_length;count++)
-      	{
-      		printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
-      	}
-      	printf("\n"); fflush(stdout);
-
-      	protobuf_encrypted_msg.set_msg((void*)encrypted_sign_data_and_sign_and_tag, op_length);
-      	if(write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0)
-        {
-          printf("Not all of the mitigator token H was written to the Apache.\n"); fflush(stdout);
-          close(accept_fd);
-          return 0xfe;
-        }
-	uint8_t public_key[64];
-	Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key); 
-	for(count=0;count<64;count++)
-		printf("%02x ",public_key[count]); 
-	printf("\n"); fflush(stdout);
-	
-        uint8_t* output_ciphertext_plus_tag = (uint8_t*) malloc(4100); // 12 bytes for ciphertext iv + 16 bytes for ciphertext tag = 28 byte 
-	uint8_t* input_ciphertext_plus_tag = (uint8_t*) malloc(4100); 
-
-	int time_file_fd=open("decryptor_time.txt", O_APPEND | O_WRONLY);
-
-  	  do {
-      	internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, output_ciphertext_plus_tag, input_ciphertext_plus_tag, time_file_fd);
-      } while(internal_return_status==0);
-
-
-      close(accept_fd);
-	free(output_ciphertext_plus_tag); 
-	free(input_ciphertext_plus_tag);
-      return internal_return_status;
-}
-

+ 194 - 0
App/MainLogic.cpp

@@ -0,0 +1,194 @@
+//
+// Created by miti on 2020-01-01.
+//
+
+#include "MainLogic.h"
+#include <stdio.h>
+
+// For socket programming
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+
+int MainLogic::accept_fd(int fd)
+{
+    struct sockaddr_storage apache_addr;
+    socklen_t apache_addr_size = sizeof(apache_addr);
+
+    return  accept(fd, (struct sockaddr *)&apache_addr,&apache_addr_size);
+}
+
+int MainLogic::la_post_la_with_verifier()
+{
+    int listen_fd, verifier_fd, la_ret, post_la_ret;
+    // DEPLOYMENT STAGE.
+    listen_fd = set_up_listening_socket(3824);
+    if(listen_fd <=0)
+    {
+        printf("Error in setting up server socket."); fflush(stdout);
+        return 0x1;
+    }
+    printf("Successfully set up a socket to communicate with the verifier enclave.\n");
+    fflush(stdout);
+
+    verifier_fd = accept_fd(listen_fd);
+    if (verifier_fd <0)
+    {
+        printf("Error in accepting %d", errno); fflush(stdout);
+    }
+
+    la_ret = laInitiator.conduct_la(verifier_fd);
+    if(la_ret !=0)
+    {
+        printf("local attestation - with the verifier - did not successfully return: %x\n", la_ret); fflush(stdout);
+        return 0xFFFFFFFF;
+    }
+    printf("Successfully conducted LA with the verifier.\n"); fflush(stdout);
+
+    messaging.set_verifier_fd(verifier_fd);
+    post_la_ret = messaging.receive_token_from_verifier();
+    if(post_la_ret != 0)
+    {
+        printf("Error in post-verifier LA: %ud\n", post_la_ret); fflush(stdout);
+        return post_la_ret;
+    }
+    printf("Obtained the token from the verifier.\n"); fflush(stdout);
+    return 0;
+}
+
+int MainLogic::la_post_la_with_target()
+{
+    int listen_fd, la_ret, target_data_fd, target_headers_fd;
+    listen_fd = set_up_listening_socket(3825);
+    if(listen_fd <=0)
+    {
+        printf("Error in setting up server socket."); fflush(stdout);
+        return listen_fd;
+    }
+    printf("Successfully set up a socket to communicate with the target enclave.\n");
+    fflush(stdout);
+
+    target_data_fd = accept_fd(listen_fd);
+    if (target_data_fd <0)
+    {
+        printf("Error in accepting %d", errno); fflush(stdout);
+    }
+
+    la_ret = laInitiator.conduct_la(target_data_fd);
+    if(la_ret !=0)
+    {
+        printf("local attestation - with the target - did not successfully return: %x\n", la_ret); fflush(stdout);
+        return 0xFFFFFFFF;
+    }
+    printf("Successfully conducted LA with the target.\n"); fflush(stdout);
+
+    // For post-la messaging of client data.
+    messaging.set_target_data_fd(target_data_fd);
+
+    listen_fd = set_up_listening_socket(3826);
+    if(listen_fd <=0)
+    {
+        printf("Error in setting up server socket for the header.\n"); fflush(stdout);
+        return listen_fd;
+    }
+    printf("Successfully set up a socket to send a header to the target.\n");
+    fflush(stdout);
+
+    target_headers_fd = accept_fd(listen_fd);
+    if (target_headers_fd <0)
+    {
+        printf("Error in accepting %d\n", errno); fflush(stdout);
+    }
+    messaging.set_target_headers_fd(target_headers_fd);
+
+    if(messaging.read_and_write_header() != 0)
+    {
+        printf("Could not write the header.\n");
+        fflush(stdout);
+        return 0x1;
+    }
+    printf("Wrote the header to the target fd for headers.\n"); fflush(stdout);
+    return 0;
+}
+
+// Sets up a socket to bind and listen to the given port. Returns FD of the socket on success, -1 on failure (and prints a msg to stdout with the errno)
+int MainLogic::set_up_listening_socket(int port)
+{
+    struct sockaddr_in own_addr;
+    sockaddr_in* address = &own_addr;
+    int server_fd = 0;
+
+    // Creating socket file descriptor for listening for attestation requests.
+    server_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+    if (server_fd == -1)
+    {
+        printf("Error in creating a socket - %d", errno);
+        return -1;
+    }
+
+    // Preparing the address struct for binding
+    address->sin_family = AF_INET;
+    address->sin_addr.s_addr = INADDR_ANY; // Todo: should this be localhost?
+    address->sin_port = htons(port);
+
+    socklen_t addrlen = sizeof(*address);
+    // Binding
+    if (bind(server_fd, (sockaddr*)address, addrlen)<0)
+    {
+        printf("Error in binding %d - port was %d - ", errno, port);
+        return -1;
+    }
+
+    // Listening
+    if (listen(server_fd, 128) < 0)
+    {
+        printf("Error in listening %d", errno);
+        return -1;
+    }
+
+    return server_fd;
+}
+
+void MainLogic::set_enclave_id(uint32_t given_enclave_id) {
+    laInitiator.set_enclave_id(given_enclave_id);
+    messaging.set_enclave_id(given_enclave_id);
+}
+
+int MainLogic::run_deployment_runtime_stage_logic() {
+    int ret_status;
+    pid_t child_pid;
+
+    ret_status = la_post_la_with_verifier();
+    if(ret_status != 0)
+        return ret_status;
+
+    ret_status = la_post_la_with_target();
+    if(ret_status != 0)
+        return ret_status;
+
+    child_pid = fork();
+    if(child_pid < 0)
+    {
+        printf("Error forking (to create a process to listen for header requests).\n"); fflush(stdout);
+        return 0x1;
+    }
+    else if(child_pid == 0) // Child process - returns headers.
+    {
+        ret_status = 0;
+        do
+        {
+            ret_status = messaging.read_and_write_header();
+        }    while(ret_status == 0);
+        return ret_status;
+    }
+    else // Parent process - decrypts client data.
+    {
+        ret_status = 0;
+        do
+        {
+            ret_status = messaging.receive_decrypt_client_data_from_target();
+        }    while(ret_status == 0);
+        return ret_status;
+    }
+}
+

+ 1 - 0
App/PostLAMessages.pb.cpp

@@ -0,0 +1 @@
+../../dhmsgs_proto_defs/PostLAMessages.pb.cc

+ 171 - 0
App/PostLAMessaging.cpp

@@ -0,0 +1,171 @@
+//
+// Created by miti on 2019-12-24.
+//
+#include "PostLAMessages.pb.h"
+#include "PostLAMessaging.h"
+#include <unistd.h>
+#include <stdio.h>
+#include "Decryptor_u.h"
+int PostLAMessaging::process_target_data_msg(extension_to_decryptor_msg& incomingMsg, decryptor_to_extension_msg& outgoingMsg)
+{
+    const char* client_public_key;
+    uint8_t* incoming_client_data, *outgoing_client_data;
+    uint32_t* input_field_sizes, *output_field_sizes;
+    std::string client_public_key_string, field_string;
+    uint32_t sgx_ret_status, client_public_key_length, field_counter, byte_counter, field_size, no_of_fields, total_input_length, field_size_accumulator;
+
+    // Initialize the client public key as an input to the decryptor ecall
+    client_public_key_string = incomingMsg.ciphertext_client_public_key();
+    client_public_key_length = client_public_key_string.length();
+    // client_public_key = (uint8_t*) malloc(client_public_key_length);
+    client_public_key = client_public_key_string.c_str();
+
+    // Initialize an array of sizes of each of the incoming ciphertext fields (again an input arg. to the ecall).
+    // Initialize an array to store the sizes of the *outgoing* fields too.
+    no_of_fields = incomingMsg.fields_size();
+    input_field_sizes = (uint32_t*) malloc(no_of_fields);
+    output_field_sizes = (uint32_t*) malloc(no_of_fields);
+    total_input_length = 0;
+    for(field_counter=0; field_counter<no_of_fields; field_counter++)
+    {
+        input_field_sizes[field_counter] = incomingMsg.fields(field_counter).field().length();
+        total_input_length+=input_field_sizes[field_counter];
+    }
+
+    // Initialize a contiguous array of bytes of the ciphertext fields.
+    // The number of bytes in any given ciphertext field will be determined by the above array.
+    // Also initialize an array to store the outgoing bytes for all ciphertext fields.
+    incoming_client_data = (uint8_t*) malloc(total_input_length);
+    outgoing_client_data = (uint8_t*) malloc(total_input_length);
+    for(field_counter=0; field_counter<no_of_fields; field_counter++)
+    {
+        field_size = input_field_sizes[field_counter];
+        field_string = incomingMsg.fields(field_counter).field().c_str();
+        for(byte_counter=0; byte_counter<field_size; byte_counter++)
+        {
+            incoming_client_data[field_size_accumulator + byte_counter] = field_string[byte_counter];
+        }
+        field_size_accumulator += field_size;
+    }
+
+    sgx_ret_status=0;
+    // TODO: Fix enclave ecall.
+    // Ecall into the enclave to obtain the fields to be sent to the target enclave in response.
+    // Decryptor_functionX(enclave_id, &sgx_ret_status, client_public_key, incoming_client_data, no_of_fields, input_field_sizes,  outgoing_client_data, output_field_sizes);
+    free(input_field_sizes);
+    free(incoming_client_data);
+    if(sgx_ret_status!=0)
+    {
+        printf("Could not process client's data. Had error: %ud\n", sgx_ret_status);
+        free(outgoing_client_data);
+        free(output_field_sizes);
+        return sgx_ret_status;
+    }
+
+    // Initialize the outgoing protobuf message using the field sizes in the outgoing_field_size array and the bytes in the outgoing_client_data array.
+    field_size_accumulator=0;
+    for(field_counter=0; field_counter<no_of_fields; field_counter++)
+    {
+        field_size = output_field_sizes[field_counter];
+        outgoingMsg.add_fields()->set_field(outgoing_client_data + field_size_accumulator,field_size);
+        field_size_accumulator += field_size;
+    }
+    free(outgoing_client_data);
+    free(output_field_sizes);
+    return 0;
+}
+
+void PostLAMessaging::set_enclave_id(int given_id)
+{
+    enclave_id = given_id;
+}
+
+int PostLAMessaging::receive_token_from_verifier()
+{
+    uint8_t* token = (uint8_t*) malloc(400);
+    uint32_t token_length  = read(verifier_fd, token, 400);
+    uint32_t sgx_ret_status;
+    if(token_length < 0)
+    {
+        printf("Could not read verifier's token.\n"); fflush(stdout);
+        return 0x1;
+    }
+    else if(token_length > 400)
+    {
+        printf("Could not fit all of verifiers token into the buffer.\n"); fflush(stdout);
+        return 0x2;
+    }
+
+    Decryptor_process_verifiers_message_wrapper(enclave_id, &sgx_ret_status, token, token_length);
+    free(token);
+    return sgx_ret_status;
+}
+
+int PostLAMessaging::receive_decrypt_client_data_from_target()
+{
+    extension_to_decryptor_msg incomingMsg;
+    decryptor_to_extension_msg outgoingMsg;
+    int ret_status;
+
+    if( targetChannelData.read_msg(incomingMsg) != 0)
+    {
+        printf("Error in protobuf in receiving msg from target.\n"); fflush(stdout);
+        return 0x1;
+    }
+
+    ret_status = process_target_data_msg(incomingMsg, outgoingMsg);
+    if(ret_status != 0)
+    {
+        printf("Error in processing msg from target.\n"); fflush(stdout);
+        return 0x2;
+    }
+
+    if( targetChannelData.write_msg(outgoingMsg) != 0)
+    {
+        printf("Error in protobuf in sending msg to target.\n"); fflush(stdout);
+        return 0x3;
+    }
+    return 0;
+}
+
+int PostLAMessaging::read_and_write_header()
+{
+    uint32_t sgx_ret_status, value_length, protobuf_ret_status;
+    uint8_t* header_value = (uint8_t*) malloc(400);
+
+    mitigator_header headerMsg;
+    if(targetChannelHeaders.read_msg(headerMsg) != 0)
+    {
+        printf("Error in reading msg for headers.\n"); fflush(stdout); return 0x1;
+    }
+
+    Decryptor_create_and_encrypt_mitigator_header_H_wrapper(enclave_id, &sgx_ret_status, header_value, &value_length);
+    if(sgx_ret_status != 0 )
+    {
+        printf("Could not create mitigator header.\n");
+        fflush(stdout);
+        return sgx_ret_status;
+    }
+
+    headerMsg.set_name("Mitigator-Public-Key:", 21);
+    headerMsg.set_value(header_value, value_length);
+    free(header_value);
+
+    protobuf_ret_status = targetChannelHeaders.write_msg(headerMsg);
+    return protobuf_ret_status;
+}
+
+void PostLAMessaging::set_verifier_fd(int fd)
+{
+    verifier_fd = fd;
+}
+
+void PostLAMessaging::set_target_data_fd(int fd)
+{
+    targetChannelData.set_fd(fd);
+}
+
+void PostLAMessaging::set_target_headers_fd(int fd)
+{
+    targetChannelHeaders.set_fd(fd);
+}

+ 1 - 0
App/ProtobufMessageRW.cpp

@@ -0,0 +1 @@
+../../commonVerifierPHPfiles/ProtobufMessageRW.cpp

+ 0 - 46
App/protobufLAInitiator.cpp

@@ -1,46 +0,0 @@
-#include "../Decryptor/Decryptor_u.h"
-#include "sgx_eid.h"
-#include "sgx_urts.h"
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#include "ProtobufLAMessages.pb.h"
-#include "protobufSgxLATransformsInitiator.h"
-#include <stdio.h>
-
-int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id)
-{
-  sgx_dh_msg1_t dh_msg1;            //Diffie-Hellman Message 1
-  memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
-  uint32_t ret_status;
-  Decryptor_session_request_wrapper(own_enclave_id, &ret_status, &dh_msg1, session_id); // TODO: Check Return status
-  if(ret_status != SGX_SUCCESS)
-    return 0xffffffff;
-
-  encode_msg1_to_protobuf(protobuf_msg1, &dh_msg1);
-  printf("Generated the following Msg1: ------------- \n"); fflush(stdout); 
-  print_initialized_msg1(protobuf_msg1, &dh_msg1);
-  return 0;
-}
-
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id)
-{
-  uint32_t ret_status;
-  sgx_dh_msg2_t dh_msg2;            //Diffie-Hellman Message 2
-  sgx_dh_msg3_t dh_msg3;            //Diffie-Hellman Message 3
-  sgx_key_128bit_t dh_aek;        // Session Key
-  memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
-  memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
-  memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
-
-  if(decode_msg2_from_protobuf(protobuf_msg2, &dh_msg2)!=0)
-    return -1;
-
-  // process msg2 and generate msg3
-  Decryptor_exchange_report_wrapper(own_enclave_id, &ret_status, &dh_msg2, &dh_msg3, session_id);
-  if(ret_status!=SGX_SUCCESS)
-    return 0x35;
-
-  // convert msg3 sgx_dh_msg3_t object to a protobuf msg3 object.
-  encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);
-  return 0;
-}

+ 0 - 400
App/protobufSgxLATransformsInitiator.cpp

@@ -1,400 +0,0 @@
-#include "ProtobufLAMessages.pb.h"
-#include "../Decryptor/Decryptor_u.h"
-#include "sgx_eid.h"
-#include "sgx_urts.h"
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#include <stdio.h>
-#include "sgx_report.h"
-#define SGX_REPORT_BODY_RESERVED1 28
-#define SGX_REPORT_BODY_RESERVED2 32
-#define SGX_REPORT_BODY_RESERVED3 96
-#define SGX_REPORT_BODY_RESERVED4 60
-
-// TODO: private
-int fit_32_into_uint8_t(google::protobuf::uint32 temp32, uint8_t* temp8)
-{
- if(temp32 > UINT8_MAX)
-	 return -1;
- else
- {
-	 //		 *temp8 = *(uint8_t*)&temp32; // Probably works irrespective of endianness but not sure.
-	 *temp8 = (uint8_t)temp32;
-	 return 0;
- }
-}
-
-// TODO: private
-int fit_32_into_uint16_t(google::protobuf::uint32 temp32, uint16_t* temp16)
-{
- if(temp32 > UINT16_MAX)
-	 return -1;
- else
- {
-	 //		 *temp8 = *(uint8_t*)&temp32; // Probably works irrespective of endianness but not sure.
-	 *temp16 = (uint16_t)temp32;
-	 return 0;
- }
-}
-
-// TODO: private
-void encode_ec256_public_key_to_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
-{
-	int counter; google::protobuf::uint32 temp32;
-	for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-	{
-		temp32 = g_a->gx[counter];
-		protobuf_g_a->add_gx(temp32);
-		temp32 = g_a->gy[counter];
-		protobuf_g_a->add_gy(temp32);
-	}
-}
-
-// TODO: private
-int decode_ec256_public_key_from_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
-{
-  printf("\n ec256 pub key\n");
-	int counter; google::protobuf::uint32 temp32;
-	for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-	{
-		temp32 = protobuf_g_a->gx(counter);
-		if(fit_32_into_uint8_t(temp32, &(g_a->gx[counter]))!=0)
-		 return -1;
-    printf("%02x ",g_a->gx[counter]);
-		temp32 = protobuf_g_a->gy(counter);
-		if(fit_32_into_uint8_t(temp32, &(g_a->gy[counter]))!=0)
-		 return -1;
-    printf("%02x ",g_a->gy[counter]);
-	}
-  return 0;
-}
-
-// TODO: private
-void encode_attributes_to_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
-{
-	protobuf_attributes->set_flags(attributes->flags); // 64 bit
-	protobuf_attributes->set_xfrm(attributes->xfrm); // 64 bit
-}
-
-// TODO: private
-int decode_attributes_from_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
-{
-	attributes->flags = protobuf_attributes->flags();
-  printf("\n flags %" PRIu64 " \n", attributes->flags);
-	attributes->xfrm = protobuf_attributes->xfrm();
-  printf("\n xfrm %" PRIu64 " \n", attributes->xfrm);
-	return 0;
-}
-
-// TODO: private
-void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
-{
-	printf("message 3 ------------------------------------------------------------ \n"); fflush(stdout); 
-	int counter; google::protobuf::uint32 temp32;
-	printf("Key ID\n"); 
-	for(counter=0;counter<SGX_KEYID_SIZE;counter++)
-	{
-		temp32=report->key_id.id[counter];
-		printf("%02x ", temp32); 
-		protobuf_report->add_key_id(temp32);
-	}
-
-	printf("MAC\n"); 
-	for(counter=0;counter<SGX_MAC_SIZE;counter++)
-	{
-		temp32=report->mac[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->add_mac(temp32);
-	}
-
-	protobuf_report->mutable_body()->set_misc_select(report->body.misc_select); // 32 bit
-	protobuf_report->mutable_body()->set_isv_svn(report->body.isv_svn); // 16 bit
-	protobuf_report->mutable_body()->set_isv_prod_id(report->body.isv_prod_id); // 16 bit
-	encode_attributes_to_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
-
-	for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
-	{
-		temp32=report->body.cpu_svn.svn[counter];
-		protobuf_report->mutable_body()->add_cpu_svn(temp32);
-	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
-	{
-		temp32=report->body.reserved1[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved1(temp32);
- 	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
-	{
-		temp32=report->body.reserved2[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved2(temp32);
-	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
-	{
-		temp32=report->body.reserved3[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved3(temp32);
- 	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
-	{
-		temp32=report->body.reserved4[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved4(temp32);
- 	}
-
-	printf("\n enclave measurement\n"); 
-	for(counter=0;counter<SGX_HASH_SIZE;counter++)
-	{
-		temp32=report->body.mr_enclave.m[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_mr_enclave(temp32);
- 	}
-
-	printf("\n signer measurement\n"); 
-	for(counter=0;counter<SGX_HASH_SIZE;counter++)
-	{
-		temp32=report->body.mr_signer.m[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_mr_signer(temp32);
- 	}
-
-	printf("\n report data\n");
-	for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
-	{
-		temp32=report->body.report_data.d[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_report_data(temp32);
- 	}
-}
-
-// TODO: private
-int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
-{
-  int counter; google::protobuf::uint32 temp32;
-
-  printf("\n decoding report body:\n keyid\n");
-  for(counter=0;counter<SGX_KEYID_SIZE;counter++)
-  {
-    temp32=protobuf_report->key_id(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->key_id.id[counter]))!=0)
-		  return -1;
-    printf("%02x  ", report->key_id.id[counter]);
-  }
-
-  printf("\nreport mac\n");
-  for(counter=0;counter<SGX_MAC_SIZE;counter++)
-  {
-    temp32=protobuf_report->mac(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->mac[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->mac[counter]);
-  }
-
-  report->body.misc_select=protobuf_report->mutable_body()->misc_select(); // 32 bit
-  temp32=protobuf_report->mutable_body()->isv_svn();
-  if(fit_32_into_uint16_t(temp32, &(report->body.isv_svn))!=0)
-   return -1;
-  printf("\nmisc select %02x \n", report->body.misc_select);
-
-  temp32=protobuf_report->mutable_body()->isv_prod_id();
-   if(fit_32_into_uint16_t(temp32, &(report->body.isv_prod_id))!=0)
-    return -1;
-  printf("\nprod id %02x \n", report->body.isv_prod_id);
-
-  decode_attributes_from_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
-
-  printf("\n cpu svn\n");
-  for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->cpu_svn(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.cpu_svn.svn[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.cpu_svn.svn[counter]);
-
-  }
-/*
-  printf("\n reserved1 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved1(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved1[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved1[counter]);
-  }
-
-  printf("\n reserved2 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved2(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved2[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved2[counter]);
-  }
-
-  printf("\n reserved3 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved3(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved3[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved3[counter]);
-  }
-
-  printf("\n reserved4 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved4(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved4[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved4[counter]);
-
-  }
-*/
-  printf("\n mrenclave \n");
-  for(counter=0;counter<SGX_HASH_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->mr_enclave(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.mr_enclave.m[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.mr_enclave.m[counter]);
-  }
-
-  printf("\n mrsigner \n");
-  for(counter=0;counter<SGX_HASH_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->mr_signer(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.mr_signer.m[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.mr_signer.m[counter]);
-  }
-
-  printf("\n report data\n");
-  for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->report_data(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.report_data.d[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.report_data.d[counter]);
-  }
-	return 0;
-}
-
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
-{
-   int counter; google::protobuf::uint32 temp32; // google::protobuf::uint64 temp64;
-
-   encode_ec256_public_key_to_protobuf(protobuf_dhmsg1.mutable_g_a(), &(native_dhmsg1->g_a));
-
-   for(counter=0;counter<SGX_HASH_SIZE;counter++)
-   {
-     temp32=native_dhmsg1->target.mr_enclave.m[counter];
-     protobuf_dhmsg1.mutable_target()->add_mr_enclave(temp32);
-   }
-
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
-   {
-     temp32=native_dhmsg1->target.reserved1[counter];
-     protobuf_dhmsg1.mutable_target()->add_reserved1(temp32);
-   }
-
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
-   {
-     temp32=native_dhmsg1->target.reserved2[counter];
-     protobuf_dhmsg1.mutable_target()->add_reserved2(temp32);
-   }
-
-   encode_attributes_to_protobuf(protobuf_dhmsg1.mutable_target()->mutable_attributes(), &(native_dhmsg1->target.attributes));
-
-   temp32=native_dhmsg1->target.misc_select ;
-   protobuf_dhmsg1.mutable_target()->set_misc_select(temp32);
-}
-
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3)
-{
-  int counter; google::protobuf::uint32 temp32;
-  for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
-	{
-		temp32=native_dhmsg3->cmac[counter];
-		protobuf_dhmsg3.add_cmac(temp32);
-	}
-
-  encode_report_to_protobuf(protobuf_dhmsg3.mutable_msg3_body()->mutable_report(), &(native_dhmsg3->msg3_body.report));
-  int max_counter=native_dhmsg3->msg3_body.additional_prop_length;
-  unsigned char*temp;
-  for(counter=0,temp=native_dhmsg3->msg3_body.additional_prop;counter<max_counter;counter++,temp++)
-  {
-    protobuf_dhmsg3.mutable_msg3_body()->add_additional_prop(*temp);
-  }
-}
-
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2)
-{
-  int counter; google::protobuf::uint32 temp32; //google::protobuf::uint64 temp64;
-  printf("RECEIVED the following msg2\n"); fflush(stdout); 
-  printf("\ncmac\n");
-  for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
-  {
-    temp32=protobuf_dhmsg2.cmac(counter);
-    if(fit_32_into_uint8_t(temp32, &(native_dhmsg2->cmac[counter]))!=0)
-     return -1;
-    printf("%02x  ",native_dhmsg2->cmac[counter]);
-  }
-
-  if(decode_ec256_public_key_from_protobuf(protobuf_dhmsg2.mutable_g_b(), &(native_dhmsg2->g_b)) !=0)
-	return -1;
-
-  if(decode_report_from_protobuf(protobuf_dhmsg2.mutable_report(), &(native_dhmsg2->report)) !=0)
-	return -1;
-
-  return 0;
-}
-
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
-{
-   int counter;
-	printf("Printing msg1:\n");
-	 printf("gx\n");
-   for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.g_a().gx(counter));
-//      printf("%02x ", native_dhmsg1->g_a.gx[counter]);
-   }
-   printf("\ngy\n");
-   for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.g_a().gy(counter));
-//      printf("%02x ", native_dhmsg1->g_a.gy[counter]);
-   }
-
-   printf("\nmrenclave for target\n");
-   for(counter=0;counter<SGX_HASH_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.target().mr_enclave(counter));
-//      printf("%02x ", native_dhmsg1->target.mr_enclave.m[counter]);
-
-   }
-   /*
-   printf("\nreserved1 in target\n");
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
-   {
-      printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved1(counter));
-      printf("%02x  ", native_dhmsg1->target.reserved1[counter]);
-
-   }
-   printf("\nreserved2 in target\n");
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
-   {
-      printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved2(counter));
-      printf("%02x  ", native_dhmsg1->target.reserved2[counter]);
-   }
-
-   printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.flags);
-   printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().flags());
-   printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.xfrm);
-   printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().xfrm());
-   printf("\n %" PRIu32 "\n", native_dhmsg1->target.misc_select);
-   printf("\n %" PRIu32 "\n", protobuf_dhmsg1.target().misc_select());
-   */
-	fflush(stdout); 
-	return 0;
-}

+ 5 - 1
Decryptor/Decryptor.cpp

@@ -54,6 +54,7 @@
     return 0;
   }
 
+  // TODO: FIX DUMMY HEADER. 
   // EXTERNAL ECALL.
   uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag, uint32_t* op_length)
   {
@@ -241,11 +242,13 @@
         }
         else // apache enclave
         {
+                /*
                 for(count=0; count<SGX_HASH_SIZE; count++)
                 {
                         if( given_mr_signer[count] != apache_mr_signer[count] )
                                 return ENCLAVE_TRUST_ERROR;
                 }
+                */
 		            symmetricEncryptionBoxApache.set_symmetric_key(dhaek);
         }
         successful_la_count ++;
@@ -267,7 +270,8 @@
 			output[counter+32]=apache_mr_signer[counter];
 		}
 	}
-        void Decryptor::testing_get_short_term_public_key(uint8_t* output)
+
+	void Decryptor::testing_get_short_term_public_key(uint8_t* output)
 	{
 		hybridEncryptionBoxClient.get_public_key(output); 
 	}

+ 5 - 5
Include/LA.h

@@ -9,13 +9,13 @@
 #include "ProtobufLAMessages.pb.h"
 
 class LA {
+    uint32_t enclave_id;
     ProtobufMessageRW protobufReaderWriter;
-    uint8_t key[16];
-    uint32_t process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
-    uint32_t generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);
+    uint32_t process_protobuf_dh_msg2_generate_protobuf_dh_msg3( protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3);
+    uint32_t generate_protobuf_dh_msg1( protobuf_sgx_dh_msg1_t& protobuf_msg1);
 public:
-    uint32_t conduct_la(uint32_t own_enclave_id, int fd);
-    void get_la_symmetric_key(uint8_t* key);
+    uint32_t conduct_la(int fd);
+    void set_enclave_id(uint32_t given_eid);
 };
 
 #endif //DECRYPTORAPP_LA_H

+ 0 - 33
Include/LocalAttestationUntrusted.h

@@ -1,33 +0,0 @@
-#include <sys/socket.h>
-#include <stdlib.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include "ProtobufLAMessages.pb.h"
-#include <google/protobuf/io/coded_stream.h>
-#include <google/protobuf/io/zero_copy_stream_impl.h>
-using namespace google::protobuf::io;
-#include "protobufLAInitiator.h"
-#include "../Decryptor/Decryptor_u.h"
-#include <iostream>
-
-
-class LocalAttestationUntrusted {
-  static   uint32_t session_id;
-  static protobuf_sgx_dh_msg1_t protobuf_msg1;
-  static uint8_t* output_ciphertext_plus_tag;
-  static int decrypt_client_data(uint32_t own_enclave_id, int apache_fd, uint8_t* output_ciphertext_plus_tag, uint8_t* input_ciphertext_plus_tag, int time_fd);
-  static uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd);
-
-  static int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message);
-  static int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message);
-  static int set_up_socket(int port,   sockaddr_in* address);
-public:
-  static int setup_socket_for_local_attestation_requests(int port);
-  static int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id);
-  static int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int * accept_fd);
-  static int post_local_attestation_with_verifier(uint32_t own_enclave_id, int apache_fd);
-  static int post_local_attestation_with_apache(uint32_t own_enclave_id, int apache_fd);
-};

+ 29 - 0
Include/MainLogic.h

@@ -0,0 +1,29 @@
+//
+// Created by miti on 2020-01-01.
+//
+
+#ifndef DECRYPTORAPP_MAINLOGIC_H
+#define DECRYPTORAPP_MAINLOGIC_H
+#include <unistd.h>
+#include "LA.h"
+#include "ProtobufMessageRW.h"
+#include <string>
+#include <vector>
+#include <phpcpp.h>
+#include "PostLAMessaging.h"
+
+class MainLogic {
+    uint32_t enclave_id;
+    PostLAMessaging messaging;
+    LA laInitiator;
+    int set_up_listening_socket(int port);
+    int accept_fd(int fd);
+    int la_post_la_with_verifier();
+    int la_post_la_with_target();
+public:
+    void set_enclave_id(uint32_t given_enclave_id);
+    int run_deployment_runtime_stage_logic();
+};
+
+
+#endif //DECRYPTORAPP_MAINLOGIC_H

+ 1 - 0
Include/PostLAMessages.pb.h

@@ -0,0 +1 @@
+../../dhmsgs_proto_defs/PostLAMessages.pb.h

+ 29 - 0
Include/PostLAMessaging.h

@@ -0,0 +1,29 @@
+//
+// Created by miti on 2020-01-01.
+//
+
+#ifndef DECRYPTORAPP_POSTLAMESSAGING_H
+#define DECRYPTORAPP_POSTLAMESSAGING_H
+
+#include "ProtobufMessageRW.h"
+#include "PostLAMessages.pb.h"
+#include <string>
+#include <vector>
+class PostLAMessaging {
+    uint32_t enclave_id;
+    int verifier_fd;
+    ProtobufMessageRW targetChannelData;
+    ProtobufMessageRW targetChannelHeaders;
+    int process_target_data_msg(extension_to_decryptor_msg& incomingMsg, decryptor_to_extension_msg& outgoingMsg);
+public:
+    int read_and_write_header();
+    int receive_token_from_verifier();
+    int receive_decrypt_client_data_from_target();
+    void set_enclave_id(int given_id);
+    void set_verifier_fd(int fd);
+    void set_target_data_fd(int fd);
+    void set_target_headers_fd(int fd);
+};
+
+
+#endif //DECRYPTORAPP_POSTLAMESSAGING_H

+ 1 - 0
Include/ProtobufMessageRW.h

@@ -0,0 +1 @@
+../../commonVerifierPHPfiles/header_files/ProtobufMessageRW.h

+ 1 - 1
Include/Sealing.h

@@ -4,7 +4,7 @@
 
 #ifndef DECRYPTORAPP_SEALING_H
 #define DECRYPTORAPP_SEALING_H
-#include "../Decryptor/Decryptor_u.h"
+#include "Decryptor_u.h"
 // for sealing - sgx_calc_sealed_data_size
 #include "sgx_tseal.h"
 // For reading from/writing to file -sealing.

+ 0 - 6
Include/SgxProtobufLATransforms_initiator.h

@@ -1,6 +0,0 @@
-int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message);
-int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message);
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2);
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3);
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);

+ 0 - 2
Include/protobufLAInitiator.h

@@ -1,2 +0,0 @@
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
-int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);

+ 0 - 4
Include/protobufSgxLATransformsInitiator.h

@@ -1,4 +0,0 @@
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2);
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3);
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);

+ 1 - 1
LocalAttestationCode/LocalAttestationTrustedWrapper.cpp

@@ -1,6 +1,6 @@
 #include "LocalAttestationCode_t.h"
 #include "LocalAttestationTrusted.h"
-uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg)
+uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1)
 {
   return LocalAttestationTrusted::session_request(dh_msg1);
 }

+ 11 - 7
Makefile

@@ -96,7 +96,7 @@ endif
 App_Cpp_Files := $(wildcard App/*.cpp)
 App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
 
-App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall
+App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -std=c++11 -Wall
 # Three configuration modes - Debug, prerelease, release
 #   Debug - Macro DEBUG enabled.
 #   Prerelease - Macro NDEBUG and EDEBUG enabled.
@@ -247,19 +247,23 @@ CommonOpensslCode/Openssl_crypto.o: CommonOpensslCode/Openssl_crypto.cpp
 #	@echo "GEN  =>  $@"
 
 ######## App Objects ########
-Decryptor/Decryptor_u.c Decryptor/Decryptor_u.h: $(SGX_EDGER8R) Decryptor/Decryptor.edl
-	@cd Decryptor && $(SGX_EDGER8R) --use-prefix --untrusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
+Include/Decryptor_u.h: $(SGX_EDGER8R) Decryptor/Decryptor.edl
+	@cd Decryptor && $(SGX_EDGER8R) --use-prefix --untrusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include --untrusted-dir ../Include/
 	@echo "GEN  =>  $@"
 
-App/Decryptor_u.o: Decryptor/Decryptor_u.c
+App/Decryptor_u.c: $(SGX_EDGER8R) Decryptor/Decryptor.edl Include/Decryptor_u.h
+	@cd App && $(SGX_EDGER8R) --use-prefix --untrusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
+	@echo "GEN  =>  $@"
+
+App/Decryptor_u.o: App/Decryptor_u.c
 	@$(CC) $(App_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-App/%.o: App/%.cpp Decryptor/Decryptor_u.h #Enclave3/Enclave3_u.h
+App/%.o: App/%.cpp
 	@$(CXX) $(App_Compile_Flags) -c $< -o $@
 	@echo "CXX  <=  $<"
 
-$(App_Name): App/App.o App/Sealing.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxLATransformsInitiator.o App/ProtobufLAMessages.pb.o   App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrustLib_Name)
+$(App_Name): App/App.o App/Sealing.o App/MainLogic.o App/PostLAMessaging.o App/LAResponder/LA.o App/LAResponder/Transforms.o  App/PostLAMessaging.o App/PostLAMessages.pb.o App/ProtobufLAMessages.pb.o  App/ProtobufMessageRW.o App/Decryptor_u.o
 	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 
@@ -303,4 +307,4 @@ $(Enclave_Name_2): Decryptor.so
 .PHONY: clean
 
 clean:
-	@rm -rf .config_* $(App_Name) *.so *.a App/*.o Decryptor/*.o Decryptor/*_t.* Decryptor/*_u.* LocalAttestationCode/*.o LocalAttestationCode/*_t.* CommonOpensslCode/*.o 
+	@rm -rf .config_* $(App_Name) *.so *.a App/*.o App/LAResponder/*.o Decryptor/*.o Decryptor/*_t.* Decryptor/*_u.* LocalAttestationCode/*.o LocalAttestationCode/*_t.* CommonOpensslCode/*.o