|
@@ -1,4 +1,4 @@
|
|
-/*
|
|
|
|
|
|
+localAttestation.verifier_mr_enclave/*
|
|
* Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
|
|
* Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
|
|
*
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* Redistribution and use in source and binary forms, with or without
|
|
@@ -44,532 +44,245 @@
|
|
#include "sgx_tseal.h"
|
|
#include "sgx_tseal.h"
|
|
#include "Openssl_crypto.h"
|
|
#include "Openssl_crypto.h"
|
|
|
|
|
|
|
|
+#include "sgx_tseal.h"
|
|
|
|
+
|
|
|
|
|
|
|
|
+static class Decryptor {
|
|
|
|
+ uint8_t apache_mrsigner[32];
|
|
|
|
+ ECDSASignatureBox signatureBox;
|
|
|
|
+ HybridEncryptionBox hybridEncryptionBoxClient;
|
|
|
|
+ LocalAttestationTrusted localAttestation;
|
|
|
|
|
|
|
|
+ uint32_t create_mitigator_token_M(uint8_t* token)
|
|
|
|
+ {
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+ uint32_t counter;
|
|
|
|
|
|
|
|
+ // create short-term ECDH key pair
|
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.generate_keypair();
|
|
|
|
+ if(internal_return_status == NULL)
|
|
|
|
+ return 0xff;
|
|
|
|
+ hybridEncryptionBoxClient.get_public_key(token);
|
|
|
|
+
|
|
|
|
+ // create token: concatenate short-term keypair with verifiers mrenclave.
|
|
|
|
+ for(counter=0;counter<32;counter++)
|
|
|
|
+ *(token + counter + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE) = *(localAttestation.verifier_mr_enclave[counter]);
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
|
|
-//extern dh_session_t global_session_info;
|
|
|
|
-uint8_t apache_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
|
|
|
|
-uint8_t client_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
|
|
|
|
-uint8_t verifier_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
|
|
|
|
-extern uint8_t apache_key[16];
|
|
|
|
-extern uint8_t verifier_key[16];
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-//uint32_t client_iv=0;
|
|
|
|
-
|
|
|
|
-// internal-internal
|
|
|
|
-uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
|
|
|
|
-void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
|
|
|
|
-void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
|
|
|
|
-uint32_t create_mitigator_header_value(__attribute__((unused)) uint8_t* signature_data, __attribute__((unused)) uint8_t* signature, __attribute__((unused)) uint8_t* private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2);
|
|
|
|
-uint32_t aes_gcm_192_call(uint32_t enc, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* op_plaintext, uint32_t* op_plaintext_length, uint8_t* tag);
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-//uint32_t aes_gcm_internal_call(uint32_t enc, uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* op_plaintext, uint8_t* tag);
|
|
|
|
-void memcpy_equivalent_copy(uint8_t* dest, uint8_t* src, uint32_t length);
|
|
|
|
-
|
|
|
|
-uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key);
|
|
|
|
-
|
|
|
|
-uint32_t calculate_sealed_data_size( uint32_t input_size) ;
|
|
|
|
-uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused)) uint32_t* sealed_data_length, __attribute__((unused)) uint8_t* sealed_data);
|
|
|
|
-uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length);
|
|
|
|
-
|
|
|
|
-uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag);
|
|
|
|
-uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag, uint8_t* signing_private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2);
|
|
|
|
-//static void reverse_byte_array(uint8_t *array, size_t size);
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-uint32_t one_la_done=0;
|
|
|
|
-static sgx_ec256_public_t short_term_pub_key;
|
|
|
|
-static sgx_ec256_private_t short_term_priv_key;
|
|
|
|
-unsigned char short_term_private_key_arr[32];
|
|
|
|
-unsigned char short_term_public_key_arr[64];
|
|
|
|
-
|
|
|
|
-//sgx_ec256_signature_t generated_signature; // TODO: remove
|
|
|
|
-sgx_measurement_t apache_mr_signer; // TODO: remove
|
|
|
|
-sgx_measurement_t verifier_mr_enclave; // TODO: remove
|
|
|
|
-static sgx_ec256_private_t signing_priv_key;
|
|
|
|
-
|
|
|
|
-extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused)) sgx_dh_session_enclave_identity_t* peer_enclave_identity)
|
|
|
|
-{
|
|
|
|
- uint32_t count;
|
|
|
|
- if(!peer_enclave_identity)
|
|
|
|
- {
|
|
|
|
- return INVALID_PARAMETER_ERROR;
|
|
|
|
- }
|
|
|
|
- if(one_la_done==0)
|
|
|
|
- {
|
|
|
|
-// return 0x55;
|
|
|
|
- //sgx_measurement_t local_mr_enclave;
|
|
|
|
- verifier_mr_enclave = peer_enclave_identity->mr_enclave;
|
|
|
|
- memset(&(apache_mr_signer.m),0x0,SGX_HASH_SIZE); // "initialization"
|
|
|
|
- one_la_done=1;
|
|
|
|
-
|
|
|
|
- }
|
|
|
|
- else // apache enclave
|
|
|
|
- {
|
|
|
|
- sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
|
|
|
|
- // verifier's mrsigner
|
|
|
|
- // uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c};
|
|
|
|
- int count;
|
|
|
|
- for(count=0; count<SGX_HASH_SIZE; count++)
|
|
|
|
- {
|
|
|
|
- if( actual_mr_signer.m[count] != apache_mr_signer.m[count] )
|
|
|
|
- return ENCLAVE_TRUST_ERROR;
|
|
|
|
- }
|
|
|
|
- }
|
|
|
|
- return SGX_SUCCESS;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-// increments last 4 bytes (in big-endian order)
|
|
|
|
-uint32_t aes_gcm_increment_iv_internal_call(uint8_t* iv)
|
|
|
|
-{
|
|
|
|
- uint32_t counter;
|
|
|
|
- for(counter=11;counter>7;counter--)
|
|
|
|
- {
|
|
|
|
- if(iv[counter] == 0xff)
|
|
|
|
- {
|
|
|
|
- if(counter - 1 == 7)
|
|
|
|
- return 0xff;
|
|
|
|
- iv[counter-1] = 0x01;
|
|
|
|
- iv[counter] = 0x0;
|
|
|
|
- }
|
|
|
|
- else
|
|
|
|
- iv[counter] += 1;
|
|
|
|
- }
|
|
|
|
- return 0;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-// TODO: change global_session_info to two different dh_sessions
|
|
|
|
-// This needs to be called after the first local attestation is successful - otherwise, the internal apache_mr_signer.m will not be set properly for the comparison of the mrsigner for the 2nd LA in verify_peer_enclave_trust.
|
|
|
|
-// (I.e. if it is not called then DoS
|
|
|
|
-uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag)
|
|
|
|
-{
|
|
|
|
- uint32_t length;
|
|
|
|
- uint32_t internal_ret_status= aes_gcm_192_call(0, verifier_key, verifier_iv, ciphertext, 32, (uint8_t*) &(apache_mr_signer.m), &length, tag);
|
|
|
|
- return internal_ret_status;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-// signature_data - 96 bytes, encrypted_signature assumed to be at least 64 bytes, tag - at least 16 bytes
|
|
|
|
-uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag, uint8_t* signing_private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2)
|
|
|
|
-
|
|
|
|
-{
|
|
|
|
- uint32_t count; uint32_t length;
|
|
|
|
- uint8_t sign_data_and_sign[160];
|
|
|
|
- uint32_t ret_status=create_mitigator_header_value(sign_data_and_sign, sign_data_and_sign+96, signing_private_key, sig2);
|
|
|
|
- if(ret_status != SGX_SUCCESS)
|
|
|
|
- return 0xFFFFFFDD;
|
|
|
|
- // TODO: Remove - just for troubleshooting
|
|
|
|
- for(count=0; count<160; count++)
|
|
|
|
- *(plaintext_sign_data_and_sign+count)=sign_data_and_sign[count];
|
|
|
|
-
|
|
|
|
- ret_status = aes_gcm_192_call(1, apache_key, apache_iv, sign_data_and_sign, 160, encrypted_sign_data_and_sign, &length, tag);
|
|
|
|
-// ret_status = encrypt_internal(sign_data_and_sign, 160, tag, encrypted_sign_data_and_sign);
|
|
|
|
- aes_gcm_increment_iv_internal_call(apache_iv);
|
|
|
|
- return ret_status;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
|
|
|
|
-{
|
|
|
|
- sgx_status_t se_ret; sgx_status_t se_ret2;
|
|
|
|
- //create ECC context
|
|
|
|
- sgx_ecc_state_handle_t ecc_state = NULL;
|
|
|
|
- se_ret = sgx_ecc256_open_context(&ecc_state);
|
|
|
|
- if(SGX_SUCCESS != se_ret)
|
|
|
|
- return se_ret;
|
|
|
|
-
|
|
|
|
- // generate private key and public key
|
|
|
|
- se_ret = sgx_ecc256_create_key_pair(priv_key, pub_key, ecc_state);
|
|
|
|
- se_ret2 = sgx_ecc256_close_context(ecc_state);
|
|
|
|
-
|
|
|
|
- if(SGX_SUCCESS != se_ret || se_ret2!= SGX_SUCCESS) // something weird has happened - couldn't shut it down.
|
|
|
|
- return 0xFFFFFFFF;
|
|
|
|
- return SGX_SUCCESS;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-// todo: set to private
|
|
|
|
-// todo: assumes that the length of the keystring is at least 3*SGX_ECP256_KEY_SIZE
|
|
|
|
-void serialize_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string)
|
|
|
|
-{
|
|
|
|
- if(private_public_key_string != NULL) // nowhere to serialize to
|
|
|
|
|
|
+ uint32_t create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature)
|
|
{
|
|
{
|
|
- uint32_t counter;
|
|
|
|
- if(pub_key != NULL) // public key to serialize
|
|
|
|
- {
|
|
|
|
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- *(private_public_key_string+counter)=pub_key->gx[counter];
|
|
|
|
-
|
|
|
|
- for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- *(private_public_key_string+counter)=pub_key->gy[counter-SGX_ECP256_KEY_SIZE];
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- if(signing_priv_key != NULL) // private key to serialize
|
|
|
|
- {
|
|
|
|
- for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- *(private_public_key_string+counter)=signing_priv_key->r[counter - 2*SGX_ECP256_KEY_SIZE];
|
|
|
|
- }
|
|
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+ uint8_t local_signature[64];
|
|
|
|
+ uint8_t local_signature_data[hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32];
|
|
|
|
+ // Otherwise: DoS or possible bypass (fake verifier does LA but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave or whatever is in the memory.
|
|
|
|
+ if(one_la_done < 1)
|
|
|
|
+ return 0xde; // This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
|
|
|
|
+ internal_return_status = generate_mitigator_token(local_signature_data);
|
|
|
|
+ if(internal_return_status != 0x0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ internal_return_status = signatureBox.sign(local_signature_data, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
|
|
|
|
+ if(internal_return_status != 0x0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+ for(counter=0;counter<hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32;counter++)
|
|
|
|
+ signature_data[counter] = local_signature_data[counter];
|
|
|
|
+ for(counter=0;counter<64;counter++)
|
|
|
|
+ signature[counter] = local_signature[counter];
|
|
|
|
+ return 0;
|
|
}
|
|
}
|
|
-}
|
|
|
|
|
|
|
|
|
|
+ // done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
|
|
|
|
+ uint32_t create_long_term_signing_keypair(uint8_t* private_public_key_string)
|
|
|
|
+ {
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+ internal_return_status = signatureBox.generate_keypair();
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ private_public_key_string = (uint8_t*) malloc(signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
|
|
|
|
+ if(private_public_key_string == NULL)
|
|
|
|
+ return 0xff;
|
|
|
|
+ signatureBox.get_keypair(private_public_key_string);
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
|
|
-// todo: set to private
|
|
|
|
-void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key)
|
|
|
|
-{
|
|
|
|
- if(private_public_key_string != NULL) // nowhere to deserialize from
|
|
|
|
|
|
+ uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
|
|
{
|
|
{
|
|
- uint32_t counter;
|
|
|
|
- if(signing_priv_key != NULL)
|
|
|
|
|
|
+ uint8_t* ciphertext;
|
|
|
|
+ uint32_t ciphertext_length;
|
|
|
|
+ uint8_t* tag;
|
|
|
|
+ // and now I will derive a shared key from the plaintext_client_public_key
|
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ // and then I will decrypt the rest of the client data with that key.
|
|
|
|
+ ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE;
|
|
|
|
+ ciphertext_length = total_length - hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE - 16;
|
|
|
|
+ tag = ciphertext + ciphertext_length;
|
|
|
|
+
|
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(ciphertext, ciphertext_length, plaintext_client_data, &plaintext_client_data_length, tag);
|
|
|
|
+ return internal_return_status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ public:
|
|
|
|
+ Decryptor(): signatureBox(), hybridEncryptionBoxClient(), localAttestation();
|
|
|
|
+ ~Decryptor();
|
|
|
|
+
|
|
|
|
+ // DONE.
|
|
|
|
+ uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
|
|
{
|
|
{
|
|
|
|
+ uint32_t sgx_libcall_status;
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+ uint32_t temp_sealed_data_length;
|
|
|
|
+ uint8_t* temp_sealed_data, private_public_key_string;
|
|
|
|
+ uint32_t counter;
|
|
|
|
+
|
|
|
|
+ temp_sealed_data_length = sgx_calc_sealed_data_size(0, signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
|
|
|
|
+ if(temp_sealed_data_length == 0xFFFFFFFF)
|
|
|
|
+ return 0x01;
|
|
|
|
+
|
|
|
|
+ internal_return_status = create_long_term_signing_keypair(private_public_key_string);
|
|
|
|
+
|
|
|
|
+ temp_sealed_data = (uint8_t*) malloc(*temp_sealed_data_length);
|
|
|
|
+ sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
|
|
|
|
+ free(private_public_key_string); // first_decryption_output data - don't need it anymore, whether the call succeeds or fails.
|
|
|
|
+ if(sgx_libcall_status != SGX_SUCCESS)
|
|
|
|
+ {
|
|
|
|
+ free(temp_sealed_data);
|
|
|
|
+ return sgx_libcall_status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ for(counter=0;counter<temp_sealed_data_length;counter++)
|
|
|
|
+ *(sealed_data + counter)=*(temp_sealed_data + counter);
|
|
|
|
+ free(temp_sealed_data);
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
|
|
- for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- signing_priv_key->r[counter-2*SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
|
|
|
|
|
|
+ // DONE.
|
|
|
|
+ uint32_t create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
|
|
|
|
+ {
|
|
|
|
+ uint32_t counter;
|
|
|
|
+ uint8_t sign_data_and_sign[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64];
|
|
|
|
+ uint8_t temp_ciphertext_token_H[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
|
|
|
|
+ uint8_t temp_tag[16];
|
|
|
|
+ uint32_t temp_ciphertext_token_H_length;
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+
|
|
|
|
+ internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + signatureBox.ECDH_PUBLIC_KEY_SIZE + 32);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ if(temp_ciphertext_token_H_length != 160)
|
|
|
|
+ return 0x45;
|
|
|
|
+
|
|
|
|
+ for(counter=0; counter<160; counter++)
|
|
|
|
+ {
|
|
|
|
+ *(ciphertext_token_H_plus_tag + counter) = *(temp_ciphertext_token_H + counter);
|
|
|
|
+ }
|
|
|
|
+ for(counter=0; counter<16; counter++)
|
|
|
|
+ {
|
|
|
|
+ *(ciphertext_token_H_plus_tag + counter) = *(temp_tag + counter);
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ return 0;
|
|
}
|
|
}
|
|
|
|
|
|
- if(pub_key != NULL)
|
|
|
|
|
|
+ // DONE.
|
|
|
|
+ uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
|
|
{
|
|
{
|
|
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- pub_key->gx[counter]=*(private_public_key_string+counter);
|
|
|
|
|
|
+ uint32_t temp_plaintext_length;
|
|
|
|
+ uint8_t* temp_plaintext;
|
|
|
|
+ uint32_t counter;
|
|
|
|
+ uint32_t ret_status;
|
|
|
|
+ uint8_t* temp_sealed_data ;
|
|
|
|
+
|
|
|
|
+ temp_sealed_data = (uint8_t*) malloc(*sgx_sealed_data_length);
|
|
|
|
+ for(counter=0;counter<*sgx_sealed_data_length;counter++)
|
|
|
|
+ *(temp_sealed_data+counter)=*(sealed_data+counter);
|
|
|
|
+
|
|
|
|
+ temp_plaintext_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
|
|
|
|
+ if(temp_plaintext_length == 0xffffffff)
|
|
|
|
+ return 0xFFFFFFFF;
|
|
|
|
+ temp_plaintext = (uint8_t*)malloc( temp_plaintext_length );
|
|
|
|
+
|
|
|
|
+ ret_status = sgx_unseal_data((sgx_sealed_data_t*)temp_sealed_data, NULL, 0, temp_plaintext, &temp_plaintext_length);
|
|
|
|
+ free(temp_sealed_data);
|
|
|
|
+ if(ret_status != SGX_SUCCESS)
|
|
|
|
+ {
|
|
|
|
+ free(temp_plaintext);
|
|
|
|
+ return ret_status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ signatureBox.set_keypair(temp_plaintext);
|
|
|
|
+ free(temp_plaintext);
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
|
|
- for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- pub_key->gy[counter-SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
|
|
|
|
|
|
+ // DONE.
|
|
|
|
+ uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag)
|
|
|
|
+ {
|
|
|
|
+ uint8_t temp_apache_mrsigner[32+10];
|
|
|
|
+ uint32_t temp_apache_mrsigner_length;
|
|
|
|
+ uint32_t internal_return_status;
|
|
|
|
+ uint32_t counter;
|
|
|
|
+ uint8_t* tag;
|
|
|
|
+
|
|
|
|
+ tag = ciphertext_plus_tag + 32;
|
|
|
|
+ internal_return_status = localAttestation.symmetricEncryptionBoxVerifier.encrypt_decrypt(0, ciphertext_plus_tag, 32, temp_apache_mrsigner, &temp_apache_mrsigner_length, tag);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+ if(temp_apache_mrsigner_length != 32)
|
|
|
|
+ return 0x33;
|
|
|
|
+
|
|
|
|
+ for(counter=0; counter<32; counter++)
|
|
|
|
+ {
|
|
|
|
+ apache_mr_signer[counter] = *(temp_apache_mrsigner + counter);
|
|
|
|
+ }
|
|
|
|
+ return 0;
|
|
}
|
|
}
|
|
- }
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused)) uint32_t* sealed_data_length,
|
|
|
|
- __attribute__((unused)) uint8_t* sealed_data)
|
|
|
|
-{
|
|
|
|
- uint32_t ret_status; sgx_ec256_private_t private_key; uint32_t counter;
|
|
|
|
- ret_status=create_ec_key_pair(pub_key, &private_key);
|
|
|
|
- if(ret_status!=SGX_SUCCESS)
|
|
|
|
- return ret_status;
|
|
|
|
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- signing_priv_key.r[counter]=private_key.r[counter];
|
|
|
|
- // generating the entire string as there is no SGX function to generate the public key from the private one.
|
|
|
|
- uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
|
|
|
|
- uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
|
|
|
|
- // serializing keypair to string
|
|
|
|
- serialize_key_pair_to_string(pub_key, &private_key, private_public_key_string);
|
|
|
|
- uint8_t* private_key_string = (uint8_t*) malloc(SGX_ECP256_KEY_SIZE);
|
|
|
|
- for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
|
|
|
|
- *(private_key_string+counter)=private_key.r[counter];
|
|
|
|
-// return *sealed_data_length;
|
|
|
|
- ret_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2);
|
|
|
|
- for(counter=0;counter<*sealed_data_length;counter++)
|
|
|
|
- *(sealed_data+counter)=*(sealed_data2+counter);
|
|
|
|
- free(sealed_data2);
|
|
|
|
- free(private_key_string); //free(private_key);
|
|
|
|
- free(private_public_key_string);
|
|
|
|
-
|
|
|
|
- return ret_status; // SGX_SUCCESS;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
|
|
|
|
-{
|
|
|
|
- uint32_t expected_plaintext_msg_length; uint8_t* temp_plaintext; uint32_t counter; uint32_t ret_status;
|
|
|
|
- expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
|
|
|
|
- if(expected_plaintext_msg_length == 0xffffffff)
|
|
|
|
- return 0xFFFFFFFF;
|
|
|
|
-
|
|
|
|
- uint8_t* sealed_data2 = (uint8_t*) malloc(*sgx_sealed_data_length);
|
|
|
|
- for(counter=0;counter<*sgx_sealed_data_length;counter++)
|
|
|
|
- {
|
|
|
|
- *(sealed_data2+counter)=*(sealed_data+counter);
|
|
|
|
- }
|
|
|
|
|
|
|
|
- temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
|
|
|
|
- ret_status = sgx_unseal_data((sgx_sealed_data_t*)sealed_data2, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
|
|
|
|
- if(ret_status != SGX_SUCCESS)
|
|
|
|
- {
|
|
|
|
- free(temp_plaintext);free(sealed_data2);
|
|
|
|
- return ret_status;
|
|
|
|
- }
|
|
|
|
- deserialize_string_to_key_pair(temp_plaintext, pub_key, &signing_priv_key);
|
|
|
|
- free(temp_plaintext); free(sealed_data2);
|
|
|
|
- return SGX_SUCCESS;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-uint32_t create_mitigator_header_value(__attribute__((unused)) uint8_t* signature_data, __attribute__((unused)) uint8_t* signature, __attribute__((unused)) uint8_t* private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2)
|
|
|
|
-{
|
|
|
|
- // Otherwise: DoS or possible bypass (fake verifier does LA but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave or whatever is in the memory.
|
|
|
|
- if(one_la_done < 1)
|
|
|
|
- return 0xde; // This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
|
|
|
|
-
|
|
|
|
- // create key pair
|
|
|
|
- uint32_t ret_status = ecdh_key_gen(short_term_public_key_arr, short_term_public_key_arr + 32, short_term_private_key_arr); //create_ec_key_pair(&short_term_pub_key, &short_term_priv_key);
|
|
|
|
- uint32_t counter;
|
|
|
|
- uint32_t ret_status2;
|
|
|
|
- if(ret_status!=0)
|
|
|
|
- return ret_status;
|
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
|
- {
|
|
|
|
- *(signature_data + counter) = short_term_public_key_arr[counter]; // public key -> x component
|
|
|
|
- *(signature_data + counter + 32) = short_term_public_key_arr[counter + 32]; // public key -> y component
|
|
|
|
- *(signature_data + counter + 64) = 0x55; // verifier mr_enclave // TODO: fix this.
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- // retrieve long-term private key from global variable - apparently, need to create a local copy or it crashes
|
|
|
|
- sgx_ec256_private_t long_term_priv_key;
|
|
|
|
- for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++)
|
|
|
|
- long_term_priv_key.r[counter] = signing_priv_key.r[counter];
|
|
|
|
- // sign public key with long-term private key
|
|
|
|
- sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle;
|
|
|
|
-
|
|
|
|
- // TODO: For testing/checking purposes only.
|
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
|
- *(private_key+counter)=short_term_private_key_arr[counter]; //short_term_priv_key.r[counter];
|
|
|
|
-
|
|
|
|
- //// opening context for signature
|
|
|
|
- ret_status = sgx_ecc256_open_context(&ecc_handle);
|
|
|
|
- if(ret_status != SGX_SUCCESS)
|
|
|
|
- return ret_status;
|
|
|
|
- ret_status = sgx_ecdsa_sign(signature_data, 96, &long_term_priv_key, &local_signature, ecc_handle);
|
|
|
|
- ret_status2 = sgx_ecc256_close_context(ecc_handle);
|
|
|
|
-// free(public_key_string);
|
|
|
|
- if(ret_status == SGX_SUCCESS)
|
|
|
|
- { // this only works for Little-endian architectures - need to do byte-wise swapping of the bytes obtained on RHS
|
|
|
|
- uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x));
|
|
|
|
- uint32_t ecdsa_sig_count;
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
|
|
|
|
- signature[31-ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count);
|
|
|
|
- current_sig_byte = (uint8_t*)(&(local_signature.y));
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
|
|
|
|
- signature[63-ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count);
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<8;ecdsa_sig_count++)
|
|
|
|
- sig2->x[ecdsa_sig_count]=local_signature.x[ecdsa_sig_count];
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<8;ecdsa_sig_count++)
|
|
|
|
- sig2->y[ecdsa_sig_count]=local_signature.y[ecdsa_sig_count];
|
|
|
|
-
|
|
|
|
- }
|
|
|
|
- if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
|
|
|
|
- return 0xFFFFFFFF;
|
|
|
|
- return 0;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key)
|
|
|
|
-{
|
|
|
|
- sgx_ec256_public_t local_pub_key; uint32_t counter; uint32_t ret_status; uint32_t ret_status2;
|
|
|
|
- for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
|
|
|
|
- {
|
|
|
|
- local_pub_key.gx[counter] = pub_key->gx[counter];
|
|
|
|
- local_pub_key.gy[counter] = pub_key->gy[counter];
|
|
|
|
- }
|
|
|
|
- sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle;
|
|
|
|
- uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x));
|
|
|
|
- uint32_t ecdsa_sig_count; uint8_t verification_result;
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
|
|
|
|
- *(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count];
|
|
|
|
- current_sig_byte = (uint8_t*)(&(local_signature.y));
|
|
|
|
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
|
|
|
|
- *(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count+32];
|
|
|
|
-
|
|
|
|
- //// opening context for signature
|
|
|
|
- ret_status = sgx_ecc256_open_context(&ecc_handle);
|
|
|
|
- if(ret_status != SGX_SUCCESS)
|
|
|
|
- return ret_status;
|
|
|
|
-
|
|
|
|
- ret_status = sgx_ecdsa_verify(signature_data,3*SGX_ECP256_KEY_SIZE, &local_pub_key, &local_signature, &verification_result, ecc_handle);
|
|
|
|
- ret_status2 = sgx_ecc256_close_context(ecc_handle);
|
|
|
|
- if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
|
|
|
|
- return 0xFFFFFFFF;
|
|
|
|
- if(verification_result != SGX_EC_VALID)
|
|
|
|
- return 0xee;
|
|
|
|
- return 0;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-uint32_t derive_shared_secret_for_client(uint8_t* pub_key, uint8_t* shared_key)
|
|
|
|
-{
|
|
|
|
- return 0;
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-uint32_t calculate_sealed_data_size( uint32_t input_size)
|
|
|
|
-{
|
|
|
|
-// *op_size=sgx_calc_sealed_data_size(0, input_size);
|
|
|
|
- return sgx_calc_sealed_data_size(0, input_size);
|
|
|
|
-
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-
|
|
|
|
-// ip_key will always be within the enclave.
|
|
|
|
-// enc = 1 for encryption and 0 for decryption, like openssl api
|
|
|
|
-// TODO: Rename this - it's actually 128 bit encryption.
|
|
|
|
-uint32_t aes_gcm_192_call(uint32_t enc, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* op_plaintext, uint32_t* op_plaintext_length, uint8_t* tag)
|
|
|
|
-{
|
|
|
|
- uint32_t counter;
|
|
|
|
- if(ip_ciphertext == NULL)
|
|
|
|
- return 0x33;
|
|
|
|
- if(tag == NULL)
|
|
|
|
- return 0x34;
|
|
|
|
- if(op_plaintext == NULL)
|
|
|
|
- return 0x36;
|
|
|
|
- if(ip_key == NULL)
|
|
|
|
- return 0x35;
|
|
|
|
- if(ip_iv == NULL)
|
|
|
|
- return 0x37;
|
|
|
|
-
|
|
|
|
- uint8_t* ip_ciphertext_in_enclave = (uint8_t*) malloc(ip_ciphertext_len);
|
|
|
|
- memcpy_equivalent_copy(ip_ciphertext_in_enclave, ip_ciphertext, ip_ciphertext_len);
|
|
|
|
-
|
|
|
|
- uint8_t tag_in_enclave [16];
|
|
|
|
- if(!enc)
|
|
|
|
- memcpy_equivalent_copy(tag_in_enclave, tag, 16);
|
|
|
|
-
|
|
|
|
- uint8_t* op_plaintext_in_enclave = (uint8_t*) malloc(ip_ciphertext_len);
|
|
|
|
- uint32_t internal_ret_status;
|
|
|
|
- if(enc)
|
|
|
|
- internal_ret_status = sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) ip_key, ip_ciphertext_in_enclave, ip_ciphertext_len, op_plaintext_in_enclave, ip_iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag_in_enclave);
|
|
|
|
- else
|
|
|
|
- internal_ret_status = sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) ip_key, ip_ciphertext_in_enclave, ip_ciphertext_len, op_plaintext_in_enclave, ip_iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag_in_enclave);
|
|
|
|
-
|
|
|
|
- if(internal_ret_status == 0)
|
|
|
|
- {
|
|
|
|
- memcpy_equivalent_copy(op_plaintext, op_plaintext_in_enclave, ip_ciphertext_len);
|
|
|
|
- if(enc)
|
|
|
|
- memcpy_equivalent_copy(tag, tag_in_enclave, 16);
|
|
|
|
- *op_plaintext_length = ip_ciphertext_len;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- free(ip_ciphertext_in_enclave); free(op_plaintext_in_enclave);
|
|
|
|
-
|
|
|
|
- return internal_ret_status;
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-void memcpy_equivalent_copy(uint8_t* dest, uint8_t* src, uint32_t length)
|
|
|
|
-{
|
|
|
|
- uint32_t counter;
|
|
|
|
- for(counter=0; counter<length; counter++)
|
|
|
|
- *(dest + counter) = *(src + counter);
|
|
|
|
-}
|
|
|
|
-
|
|
|
|
-// Output buffer should be of length at least equal to the second argument.
|
|
|
|
-uint32_t decrypt_client_data(unsigned char* ip_encrypted_client_pub_key_and_data, uint32_t ip_encrypted_client_pub_key_and_data_length, unsigned char* op_client_data, uint8_t* clen)
|
|
|
|
-{
|
|
|
|
- unsigned int counter; unsigned long check_ret; uint32_t ret;
|
|
|
|
- unsigned char derived_key[32];
|
|
|
|
- unsigned char* plaintext_client_public_key;
|
|
|
|
- unsigned char* plaintext_client_data;
|
|
|
|
- unsigned char* client_data_encrypted_to_decryptor;
|
|
|
|
- uint32_t client_data_encrypted_to_decryptor_length;
|
|
|
|
- unsigned char* tag_for_client_data_encrypted_to_decryptor;
|
|
|
|
- unsigned char* client_data_encrypted_to_apache;
|
|
|
|
- uint32_t client_data_encrypted_to_apache_length;
|
|
|
|
- unsigned char tag_for_client_data_encrypted_to_apache[16];
|
|
|
|
- unsigned char* temp_array;
|
|
|
|
- uint32_t temp_array_valid_length;
|
|
|
|
- unsigned char client_iv[12]={0,0,0,0, 0,0,0,0, 0,0,0,0};
|
|
|
|
-
|
|
|
|
- for(counter=64;counter<ip_encrypted_client_pub_key_and_data_length;counter++)
|
|
|
|
- op_client_data[counter]=ip_encrypted_client_pub_key_and_data[counter];
|
|
|
|
- *clen = (uint8_t) ip_encrypted_client_pub_key_and_data_length;
|
|
|
|
-
|
|
|
|
- temp_array = (unsigned char*) malloc(ip_encrypted_client_pub_key_and_data_length);
|
|
|
|
-/*
|
|
|
|
- // TODO: Remove aes_gcm_internal_call function - upgrade to using openssl's aesgcm 192 bit enc
|
|
|
|
- // TODO: Change the returned 2nd length o/p to be incoming length - tag length for decryption and incoming length + 16 for encryption
|
|
|
|
- ret = aes_gcm_192_call(0, apache_key, apache_iv, ip_encrypted_client_pub_key_and_data, ip_encrypted_client_pub_key_and_data_length, temp_array, &temp_array_valid_length, ip_encrypted_client_pub_key_and_data + ip_encrypted_client_pub_key_and_data_length - 16);
|
|
|
|
- if(ret != 0)
|
|
|
|
- {
|
|
|
|
- free(temp_array);
|
|
|
|
- return ret;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- for(counter=0; counter<temp_array_valid_length; counter++)
|
|
|
|
- op_client_data[counter] = temp_array[counter];
|
|
|
|
- *clen = temp_array_valid_length;
|
|
|
|
- free(temp_array);
|
|
|
|
- return 0;
|
|
|
|
-*/
|
|
|
|
-
|
|
|
|
- // Temp_array = {X component of public key (32 bytes), Y component of public key (32 bytes), client data encrypted to decryptor (x), tag for client data encrypted to decryptor (16 bytes)
|
|
|
|
- // therefore, length x = temp_array_valid_length - 64 (for public key) - 16 (for own tag)
|
|
|
|
- plaintext_client_public_key = ip_encrypted_client_pub_key_and_data; // temp_array;
|
|
|
|
- client_data_encrypted_to_decryptor = ip_encrypted_client_pub_key_and_data + 64;
|
|
|
|
- client_data_encrypted_to_decryptor_length = ip_encrypted_client_pub_key_and_data_length; // temp_array_valid_length - 64 - 16;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = ip_encrypted_client_pub_key_and_data + 64 + ip_encrypted_client_pub_key_and_data_length; //temp_array + 64 + client_data_encrypted_to_decryptor_length;
|
|
|
|
-
|
|
|
|
- check_ret = compute_ecdh_shared_key(plaintext_client_public_key, plaintext_client_public_key + 32, short_term_private_key_arr, derived_key);
|
|
|
|
- if(check_ret != 0)
|
|
|
|
- {
|
|
|
|
- plaintext_client_public_key = NULL;
|
|
|
|
- client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- free(temp_array);
|
|
|
|
- return check_ret;
|
|
|
|
- }
|
|
|
|
-/*
|
|
|
|
- check_ret = aes_gcm(0, derived_key, client_iv, client_data_encrypted_to_decryptor, client_data_encrypted_to_decryptor_length, temp_array, &temp_array_valid_length, tag_for_client_data_encrypted_to_decryptor);
|
|
|
|
- if(check_ret != 0)
|
|
|
|
- {
|
|
|
|
- plaintext_client_public_key = NULL;
|
|
|
|
- client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- free(temp_array);
|
|
|
|
- return check_ret;
|
|
|
|
- }
|
|
|
|
-*/
|
|
|
|
- for(counter=0;counter<32;counter++)
|
|
|
|
- op_client_data[counter]=derived_key[counter];
|
|
|
|
-
|
|
|
|
-// for(counter=0; counter<temp_array_valid_length; counter++)
|
|
|
|
-// op_client_data[counter] = temp_array[counter];
|
|
|
|
-// for(counter=0; counter<16; counter++)
|
|
|
|
-// op_client_data[temp_array_valid_length + counter] = tag_for_client_data_encrypted_to_decryptor[counter];
|
|
|
|
-
|
|
|
|
-// *clen = temp_array_valid_length + 16;
|
|
|
|
- *clen = 32;
|
|
|
|
- return 0;
|
|
|
|
-/*
|
|
|
|
- // Temp_array = {X component of public key (32 bytes), Y component of public key (32 bytes), client data encrypted to decryptor (x), tag for client data encrypted to decryptor (16 bytes)
|
|
|
|
- // therefore, length x = temp_array_valid_length - 64 (for public key) - 16 (for own tag)
|
|
|
|
- plaintext_client_public_key = temp_array;
|
|
|
|
- client_data_encrypted_to_decryptor = temp_array + 64;
|
|
|
|
- client_data_encrypted_to_decryptor_length = temp_array_valid_length - 64 - 16;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = temp_array + 64 + client_data_encrypted_to_decryptor_length;
|
|
|
|
-
|
|
|
|
- check_ret = compute_ecdh_shared_key(plaintext_client_public_key, plaintext_client_public_key + 32, short_term_private_key_arr, derived_key);
|
|
|
|
- if(check_ret != 0)
|
|
|
|
- {
|
|
|
|
- plaintext_client_public_key = NULL;
|
|
|
|
- client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- free(temp_array);
|
|
|
|
- return check_ret;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- check_ret = aes_gcm(0, derived_key, client_iv, client_data_encrypted_to_decryptor, client_data_encrypted_to_decryptor_length, temp_array, &temp_array_valid_length, tag_for_client_data_encrypted_to_decryptor);
|
|
|
|
- if(check_ret != 0)
|
|
|
|
- {
|
|
|
|
- plaintext_client_public_key = NULL;
|
|
|
|
- client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- free(temp_array);
|
|
|
|
- return check_ret;
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- client_data_encrypted_to_apache = (uint8_t*) malloc(temp_array_valid_length);
|
|
|
|
- ret = aes_gcm_192_call(1, apache_key, apache_iv, temp_array, temp_array_valid_length, client_data_encrypted_to_apache, &client_data_encrypted_to_apache_length, tag_for_client_data_encrypted_to_apache);
|
|
|
|
- if(ret == 0)
|
|
|
|
- {
|
|
|
|
- for(counter=0; counter<client_data_encrypted_to_apache_length; counter++)
|
|
|
|
- op_client_data[counter] = client_data_encrypted_to_apache[counter];
|
|
|
|
- for(counter=0; counter<16; counter++) // TODO: This overwrites the first 16 bytes of the array written in the line above (WTF is going on)
|
|
|
|
- op_client_data[counter] = tag_for_client_data_encrypted_to_apache[counter];
|
|
|
|
- *clen = (uint8_t) client_data_encrypted_to_apache_length + 16; // Need to give in the total wire length
|
|
|
|
- }
|
|
|
|
-
|
|
|
|
- plaintext_client_public_key = NULL;
|
|
|
|
- client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- tag_for_client_data_encrypted_to_decryptor = NULL;
|
|
|
|
- free(temp_array);
|
|
|
|
- free(client_data_encrypted_to_apache);
|
|
|
|
-
|
|
|
|
- return ret;
|
|
|
|
-*/
|
|
|
|
-}
|
|
|
|
|
|
+ // DONE.
|
|
|
|
+ uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
|
|
|
|
+ {
|
|
|
|
+ uint8_t* first_decryption_output, plaintext_client_data, temp_output_ciphertext;
|
|
|
|
+ uint32_t first_decryption_output_length, plaintext_client_data_length, temp_output_ciphertext_plus_tag_length, internal_return_status;
|
|
|
|
+ uint8_t temp_output_tag[16];
|
|
|
|
+ // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
|
|
|
|
+ first_decryption_output = (uint8_t*) malloc(input_ciphertext_length + 10);
|
|
|
|
+ internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_length, first_decryption_output, &first_decryption_output_length, input_ciphertext + input_ciphertext_length - 16);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ {
|
|
|
|
+ free(first_decryption_output);
|
|
|
|
+ return internal_return_status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ plaintext_client_data = (uint8_t*) malloc(first_decryption_output_length); // you will need less than this coz public key size.
|
|
|
|
+ internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
|
|
|
|
+ free(first_decryption_output);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ return internal_return_status;
|
|
|
|
+
|
|
|
|
+ temp_output_ciphertext = (uint8_t*) malloc(plaintext_client_data_length + 20);
|
|
|
|
+ // then I will encrypt the resulting first_decryption_output to the apache enclave.
|
|
|
|
+ internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, temp_output_ciphertext, &temp_output_ciphertext_length, temp_output_tag);
|
|
|
|
+ free(plaintext_client_data);
|
|
|
|
+ if(internal_return_status != 0)
|
|
|
|
+ {
|
|
|
|
+ free(temp_output_ciphertext);
|
|
|
|
+ return internal_return_status;
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ for(counter=0; counter<temp_output_ciphertext_length; counter++)
|
|
|
|
+ output_ciphertext[counter] = temp_output_ciphertext[counter];
|
|
|
|
+ *output_ciphertext_length = temp_output_ciphertext_length + 16;
|
|
|
|
+ free(temp_output_ciphertext);
|
|
|
|
+ return 0;
|
|
|
|
+ }
|
|
|
|
+ };
|