Browse Source

Got decryptor working with intel-sgx-ssl libraries without any linker errors. Added in sample ECDHE key and shared secret generation code, key derivation code that worked outside sgx

dettanym 5 years ago
parent
commit
c508171e76

+ 0 - 96
Decryptor/Decryptor.cpp

@@ -36,7 +36,6 @@
 #include "Decryptor_t.h"
 #include "EnclaveMessageExchange.h"
 #include "error_codes.h"
-#include "Utility_Decryptor.h"
 #include "sgx_thread.h"
 #include "sgx_dh.h"
 #include <map>
@@ -44,15 +43,6 @@
 #include "LocalAttestationCode_t.h"
 #include "sgx_tseal.h"
 
-// openssl keygen function
-#include "tSgxSSL_api.h"
-
-#include <openssl/ec.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/evp.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
 
 
 
@@ -521,89 +511,3 @@ static void reverse_byte_array(uint8_t *array, size_t size)
     }
 }
 
-uint32_t ec_key_gen(unsigned char* pub_key_x, unsigned char* pub_key_y, unsigned char* priv_key)
-{
-//	unsigned char entropy_buf[ADD_ENTROPY_SIZE] = {0};
-
-//	RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
-//	RAND_seed(entropy_buf, sizeof(entropy_buf));
-
-	EC_KEY * ec_key = NULL;
-    ec_key = EC_KEY_new_by_curve_name(OBJ_txt2nid("secp256r1"));
-    if (ec_key == NULL) {
-//    	printf("EC_KEY_new_by_curve_name failure: %ld\n", ERR_get_error());
-	    return 0xff;
-    }
-    
-	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);	
-	if (NULL == ec_group) {
-		EC_KEY_free(ec_key); 
-		return 0x0f;
-	}
-
-	EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
-
-	int ret = EC_KEY_generate_key(ec_key);
-	if (!ret) {
-//        printf("EC_KEY_generate_key failure\n");
-	    return 0x01;
-	}
-	///////////////////////// Openssl code ////////////
-	const EC_POINT *public_k = NULL;
-	const BIGNUM *private_k = NULL;
-	public_k = EC_KEY_get0_public_key(ec_key);
-	if (NULL == public_k) 
-	{
-		EC_KEY_free(ec_key);
-		return 0x04;
-	}
-
-	private_k = EC_KEY_get0_private_key(ec_key);
-	if (NULL == private_k) 
-	{
-		EC_KEY_free(ec_key);
-		return 0x05;
-	}
-
-        if(!BN_bn2bin(private_k, priv_key))
-        {
-                EC_KEY_free(ec_key); 
-		return 0x06;
-        }
-
-
-        BIGNUM *pub_k_x = NULL;
-        BIGNUM *pub_k_y = NULL;
-        pub_k_x = BN_new();
-        pub_k_y = BN_new();
-        if (NULL ==  pub_k_x || NULL == pub_k_y) {
-                return SGX_ERROR_OUT_OF_MEMORY;
-        }
-
-	// extract two BNs representing the public key
-	//
-	if (!EC_POINT_get_affine_coordinates_GFp(ec_group, public_k, pub_k_x, pub_k_y, NULL)) 
-	EC_KEY_free(ec_key); 
-	{
-		BN_clear_free(pub_k_x); BN_clear_free(pub_k_y);	
-		return 0x07;
-	}
-
-	ret = BN_bn2bin(pub_k_x, pub_key_x); 
-	BN_clear_free(pub_k_x); 
-	if(ret == 0)
-	{
-		BN_clear_free(pub_k_y); 
-		return 0x08; 
-	}
-
-	ret = BN_bn2bin(pub_k_y, pub_key_y);
-	BN_clear_free(pub_k_y);
-	if(ret == 0)
-        {
-  		return 0x09; 
-        }
-
-	return 0;
-}
-

+ 2 - 1
Decryptor/Decryptor.edl

@@ -34,6 +34,7 @@ enclave {
     include "sgx_eid.h"
     include "sgx_tcrypto.h"
     from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
+    from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
     trusted{
     #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
 // TODO: refine this to avoid crashes
@@ -46,7 +47,7 @@ enclave {
 public uint32_t decrypt_verifiers_message_set_apache_mrsigner([in, size=32] uint8_t* ciphertext, [in, size=16] uint8_t* tag);
 public uint32_t create_and_encrypt_mitigator_header_value([out, size=160] uint8_t* plaintext_sign_data_and_sign, [out, size=160] uint8_t* encrypted_sign_data_and_sign, [out, size=16] uint8_t* tag, [out, size=32] uint8_t* signing_private_key, [out] sgx_ec256_signature_t* sig2);
 public uint32_t decrypt_client_data([in, size=64] unsigned char* client_pub_key, uint32_t ciphertext_length, [in, size=160] unsigned char* user_data, [out, size=160] unsigned char* client_data_to_apache);
-public uint32_t ec_key_gen([out, size=32] unsigned char* pub_key_x, [out, size=32] unsigned char* pub_key_y, [out, size=32] unsigned char* priv_key);
+//public uint32_t ec_key_gen([out, size=32] unsigned char* pub_key_x, [out, size=32] unsigned char* pub_key_y, [out, size=32] unsigned char* priv_key);
 
 
 

+ 325 - 0
Decryptor/Openssl_crypto.cpp

@@ -0,0 +1,325 @@
+#include <openssl/ec.h>
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/ecdh.h>
+#include <stdio.h>
+
+int generate_sha256_hash(const unsigned char *message, size_t message_len, unsigned char *digest);
+
+int ec_key_gen(unsigned char* pub_key_x, unsigned char* pub_key_y, unsigned char* priv_key)
+{
+//	unsigned char entropy_buf[ADD_ENTROPY_SIZE] = {0};
+
+//	RAND_add(entropy_buf, sizeof(entropy_buf), ADD_ENTROPY_SIZE);
+//	RAND_seed(entropy_buf, sizeof(entropy_buf));
+
+	EC_KEY * ec_key = NULL;
+    
+		ec_key = EC_KEY_new();
+		if (NULL == ec_key) {
+			return 0x42;
+		}
+
+	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);	
+	if (NULL == ec_group) {
+		//EC_KEY_free(ec_key); 
+		return 0x0f;
+	}
+
+			if (0 == EC_KEY_set_group (ec_key, ec_group)) {
+			EC_KEY_free(ec_key); 
+			EC_GROUP_free(ec_group);
+			return 0x43; //break;
+		}
+
+
+	EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE);
+
+	int ret = EC_KEY_generate_key(ec_key);
+	if (!ret) {
+//        printf("EC_KEY_generate_key failure\n");
+	    return 0x01;
+	}
+	///////////////////////// Openssl code ////////////
+	const EC_POINT *public_k = NULL;
+	const BIGNUM *private_k = NULL;
+	public_k = EC_KEY_get0_public_key(ec_key);
+	if (NULL == public_k) 
+	{
+		EC_KEY_free(ec_key);
+		return 0x04;
+	}
+
+	private_k = EC_KEY_get0_private_key(ec_key);
+	if (NULL == private_k) 
+	{
+		EC_KEY_free(ec_key);
+		return 0x05;
+	}
+
+        if(!BN_bn2bin(private_k, priv_key))
+        {
+                EC_KEY_free(ec_key); 
+		return 0x06;
+        }
+
+
+        BIGNUM *pub_k_x = NULL;
+        BIGNUM *pub_k_y = NULL;
+        pub_k_x = BN_new();
+        pub_k_y = BN_new();
+        if (NULL ==  pub_k_x || NULL == pub_k_y) {
+                return 0x42;//SGX_ERROR_OUT_OF_MEMORY;
+        }
+
+	// extract two BNs representing the public key
+	//
+	if (!EC_POINT_get_affine_coordinates_GFp(ec_group, public_k, pub_k_x, pub_k_y, NULL)) 
+	//EC_KEY_free(ec_key); 
+	{
+		//printf("%ld\n", ERR_get_error());
+		BN_clear_free(pub_k_x); BN_clear_free(pub_k_y);	
+		EC_KEY_free(ec_key);
+		EC_GROUP_free(ec_group);
+		return 0x07;
+	}
+
+	ret = BN_bn2bin(pub_k_x, pub_key_x); 
+	BN_clear_free(pub_k_x); 
+	if(ret == 0)
+	{
+		BN_clear_free(pub_k_y); 
+        	EC_KEY_free(ec_key);
+	        EC_GROUP_free(ec_group);
+		return 0x08; 
+	}
+
+	ret = BN_bn2bin(pub_k_y, pub_key_y);
+
+	BN_clear_free(pub_k_y);
+	EC_KEY_free(ec_key);        
+	EC_GROUP_free(ec_group);
+
+	if(ret == 0)
+  		return 0x09; 
+
+	return 0;
+}
+
+unsigned long check_key(unsigned char* given_key_x, unsigned char* given_key_y) //, unsigned char* priv_key, unsigned char* shared_key_x, unsigned char* shared_key_y)
+{
+        EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);  
+        if (NULL == ec_group) {
+                //EC_KEY_free(ec_key); 
+                return 0x0f;
+        }
+	EC_POINT *ec_point = NULL;
+	BIGNUM *b_x = NULL;
+	BIGNUM *b_y = NULL;
+
+	ec_point = EC_POINT_new(ec_group);
+	if (NULL == ec_point) {
+			return 0x42; //retval = SGX_ERROR_OUT_OF_MEMORY;
+//			break;
+	}
+
+	// converts the x value of the point, represented as positive integer in big-endian into a BIGNUM
+	b_x = BN_bin2bn(given_key_x, 32, NULL);
+	if (NULL == b_x) {
+		EC_POINT_free(ec_point);
+		// return ERR_get_error(); 
+		return 0xfd;
+	}
+
+	// converts the y value of the point, represented as positive integer in big-endian into a BIGNUM
+	b_y = BN_bin2bn(given_key_y, 32, NULL);
+	if (NULL == b_y) {
+		BN_clear_free(b_x); 
+		EC_POINT_free(ec_point); 
+		return 0xfe;
+	}
+
+	// sets point based on x,y coordinates
+	int ret = EC_POINT_set_affine_coordinates_GFp(ec_group, ec_point, b_x, b_y, NULL);
+	if (1 != ret) {
+		BN_clear_free(b_x);
+		BN_clear_free(b_y);
+		EC_POINT_free(ec_point);
+		return ERR_get_error();	
+	}
+
+	// checks if point is on curve
+	//
+	int ret_point_on_curve = EC_POINT_is_on_curve(ec_group, ec_point, NULL);
+	if (1 != ret_point_on_curve) {
+	        EC_POINT_free(ec_point);
+		BN_clear_free(b_x);
+		BN_clear_free(b_y);
+		return ret_point_on_curve << 4; //ret_point_on_curve;//	break;
+	}
+	
+        BN_clear_free(b_x);
+        BN_clear_free(b_y);
+	EC_POINT_free(ec_point);
+	return 0;
+}
+
+unsigned long compute_shared_ECDHE_key(unsigned char* given_key_x, unsigned char* given_key_y, unsigned char* priv_key, unsigned char* shared_key, unsigned char* derived_key)
+{
+//	int valid_point = check_key(given_key_x, given_key_y);
+//	if(valid_point != 0)
+//		return valid_point;
+	unsigned long long_ret = 0; 
+	EC_GROUP* ec_group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1);  
+        if (NULL == ec_group) {
+                return 0x0f;
+        }
+        EC_POINT *given_point = NULL;
+        BIGNUM *b_x = NULL;
+        BIGNUM *b_y = NULL;
+	EC_KEY *private_key = NULL;
+
+        given_point = EC_POINT_new(ec_group);
+        if (NULL == given_point) {
+                        return 0x42; //retval = SGX_ERROR_OUT_OF_MEMORY;
+//                      break;
+        }
+
+        // converts the x value of the point, represented as positive integer in big-endian into a BIGNUM
+        b_x = BN_bin2bn(given_key_x, 32, NULL);
+        if (NULL == b_x) {
+                EC_POINT_free(given_point);
+                return 0xfd;
+        }
+
+        // converts the y value of the point, represented as positive integer in big-endian into a BIGNUM
+        b_y = BN_bin2bn(given_key_y, 32, NULL);
+        if (NULL == b_y) {
+                EC_POINT_free(given_point); 
+	        BN_clear_free(b_x); 
+                return 0xfe;
+        }
+
+        // sets point based on x,y coordinates
+        int ret = EC_POINT_set_affine_coordinates_GFp(ec_group, given_point, b_x, b_y, NULL);
+        if (1 != ret) {
+                EC_POINT_free(given_point);
+                BN_clear_free(b_x); 
+                BN_clear_free(b_y);
+		return ERR_get_error(); 
+        }
+
+        // checks if point is on curve
+        //
+        int ret_point_on_curve = EC_POINT_is_on_curve(ec_group, given_point, NULL);
+        if (1 != ret_point_on_curve) {
+                EC_POINT_free(given_point);
+		BN_clear_free(b_x);
+		BN_clear_free(b_y); 
+		if(ret_point_on_curve == 0)
+			return 0x43;
+		else 
+			return ERR_get_error(); 
+	}
+
+	
+	// create empty shared key BN
+	//
+	private_key = EC_KEY_new();
+	if (private_key == NULL) {
+		EC_POINT_free(given_point);
+                BN_clear_free(b_x); 
+                BN_clear_free(b_y);
+		return 0x42;//ret = SGX_ERROR_OUT_OF_MEMORY;
+	}
+
+	// init private key group (set curve)
+	//
+	if (EC_KEY_set_group (private_key, ec_group) != 1) {
+		EC_POINT_free(given_point); 
+		EC_KEY_free(private_key); 
+                BN_clear_free(b_x); 
+                BN_clear_free(b_y);
+		return ERR_get_error(); //break;
+	}
+
+	// init private key with BN value
+	//
+	BIGNUM *BN_dh_privB = NULL; 
+	BN_dh_privB = BN_bin2bn(priv_key, 32, NULL);
+	if(BN_dh_privB == NULL) {
+		EC_POINT_free(given_point); 
+                EC_KEY_free(private_key); 
+                BN_clear_free(b_x); 
+                BN_clear_free(b_y);
+		return 0x44;
+	}
+
+	if (EC_KEY_set_private_key(private_key, BN_dh_privB) != 1) {
+		EC_POINT_free(given_point);
+		EC_KEY_free(private_key); 
+        	BN_clear_free(b_x); 
+	        BN_clear_free(b_y);
+		BN_clear_free(BN_dh_privB); 
+		return ERR_get_error(); 
+	}
+
+	// calculate shared dh key
+	//
+	int shared_key_len = 32; //sizeof(sgx_ec256_dh_shared_t);
+	shared_key_len = ECDH_compute_key(shared_key, 32, given_point, private_key, NULL);
+	if (shared_key_len <= 0) {
+		long_ret = ERR_get_error(); 
+	}
+	else 
+		long_ret = generate_sha256_hash(shared_key, 32, derived_key); 
+
+	BN_clear_free(BN_dh_privB);
+	BN_clear_free(b_x); 
+	BN_clear_free(b_y);
+	EC_POINT_free(given_point);
+	EC_KEY_free(private_key); 
+	return long_ret; 
+}
+
+int generate_sha256_hash(const unsigned char *message, size_t message_len, unsigned char *digest)
+{
+	EVP_MD_CTX *mdctx; unsigned int digest_len;
+
+	if((mdctx = EVP_MD_CTX_create()) == NULL)
+	{
+		//printf("EVP_MD_CTX_create returned NULL - could not create context\n"); fflush(stdout); 
+		return 0x1; 
+	}
+
+	if(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL) != 1)
+	{
+                //printf("EVP_DigestInit_ex returned 0 - could not initialize hash with SHA256\n"); fflush(stdout); 
+		return 0x2; 
+	}
+
+        if(EVP_DigestUpdate(mdctx, message, message_len) != 1)        
+        {
+                //printf("EVP_DigestUpdate returned 0 - could not compute SHA256 hash\n"); fflush(stdout); 
+		return 0x3; 
+        }
+
+	if(1 != EVP_DigestFinal_ex(mdctx, digest, &digest_len))     
+        {
+                //printf("EVP_DigestFinal_ex returned 0 - could not finalize SHA256 hash\n"); fflush(stdout); 
+		return 0x4; 
+        }
+
+	if(digest_len != 32) 
+	{
+//		printf("EVP_DigestFinal_ex returned a digest length of 0x%x instead of 0x20\n", digest_len); fflush(stdout); 
+	return 0x5; 
+	}
+	EVP_MD_CTX_destroy(mdctx);
+	return 0; 
+}
+
+

+ 0 - 213
Decryptor/Utility_Decryptor.cpp

@@ -1,213 +0,0 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "sgx_eid.h"
-#include "EnclaveMessageExchange.h"
-#include "error_codes.h"
-#include "Utility_Decryptor.h"
-#include "stdlib.h"
-#include "string.h"
-
-uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len)
-{
-    ms_in_msg_exchange_t *ms;
-    size_t param_len, ms_len;
-    char *temp_buff;
-    if(!p_struct_var || !marshalled_buff_len)
-        return INVALID_PARAMETER_ERROR;    
-    param_len = sizeof(param_struct_t);
-    temp_buff = (char*)malloc(param_len);
-    if(!temp_buff)
-        return MALLOC_ERROR;
-    memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized
-    ms_len = sizeof(ms_in_msg_exchange_t) + param_len;
-    ms = (ms_in_msg_exchange_t *)malloc(ms_len);
-    if(!ms)
-    {
-        SAFE_FREE(temp_buff);
-        return MALLOC_ERROR;
-    }
-    ms->msg_type = msg_type;
-    ms->target_fn_id = target_fn_id;
-    ms->inparam_buff_len = (uint32_t)param_len;
-    memcpy(&ms->inparam_buff, temp_buff, param_len);
-    *marshalled_buff = (char*)ms;
-    *marshalled_buff_len = ms_len;
-    SAFE_FREE(temp_buff);
-    return SUCCESS;
-}
-
-uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval)
-{
-    size_t retval_len;
-    ms_out_msg_exchange_t *ms;
-    if(!out_buff)
-        return INVALID_PARAMETER_ERROR;
-    ms = (ms_out_msg_exchange_t *)out_buff;
-    retval_len = ms->retval_len;
-    *retval = (char*)malloc(retval_len);
-    if(!*retval)
-    {
-        return MALLOC_ERROR;
-    }
-    memcpy(*retval, ms->ret_outparam_buff, retval_len);
-    memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1));
-    memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2));
-    return SUCCESS;
-}
-
-
-uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms)
-{
-    char* buff;
-    size_t len;
-    if(!var1 || !var2 || !ms)
-        return INVALID_PARAMETER_ERROR;
-
-    buff = ms->inparam_buff;
-    len = ms->inparam_buff_len;
-
-    if(len != (sizeof(*var1) + sizeof(*var2)))
-        return ATTESTATION_ERROR;
-
-    memcpy(var1, buff, sizeof(*var1));
-    memcpy(var2, buff + sizeof(*var1), sizeof(*var2));
-
-    return SUCCESS;
-}
-
-uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval)
-{
-    ms_out_msg_exchange_t *ms;
-    size_t ret_param_len, ms_len;
-    char *temp_buff;
-    size_t retval_len;
-    if(!resp_length)
-        return INVALID_PARAMETER_ERROR;
-    retval_len = sizeof(retval);
-    ret_param_len = retval_len; //no out parameters
-    temp_buff = (char*)malloc(ret_param_len);
-    if(!temp_buff)
-        return MALLOC_ERROR;
-
-    memcpy(temp_buff, &retval, sizeof(retval)); 
-    ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
-    ms = (ms_out_msg_exchange_t *)malloc(ms_len);
-    if(!ms)
-    {
-        SAFE_FREE(temp_buff);
-        return MALLOC_ERROR;
-    }
-    ms->retval_len = (uint32_t)retval_len;
-    ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
-    memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len);
-    *resp_buffer = (char*)ms;
-    *resp_length = ms_len;
-    SAFE_FREE(temp_buff);
-    return SUCCESS;
-}
-
-uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len)
-{
-    ms_in_msg_exchange_t *ms;
-    size_t secret_data_len, ms_len;
-    if(!marshalled_buff_len)
-        return INVALID_PARAMETER_ERROR;    
-    secret_data_len = sizeof(secret_data);
-    ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len;
-    ms = (ms_in_msg_exchange_t *)malloc(ms_len);
-    if(!ms)
-        return MALLOC_ERROR;
-
-    ms->msg_type = msg_type;
-    ms->target_fn_id = target_fn_id;
-    ms->inparam_buff_len = (uint32_t)secret_data_len;
-    memcpy(&ms->inparam_buff, &secret_data, secret_data_len);
-    *marshalled_buff = (char*)ms;
-    *marshalled_buff_len = ms_len;
-    return SUCCESS;
-}
-
-uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms)
-{
-    char* buff;
-    size_t len;
-    if(!inp_secret_data || !ms)
-        return INVALID_PARAMETER_ERROR;    
-    buff = ms->inparam_buff;
-    len = ms->inparam_buff_len;
-    if(len != sizeof(uint32_t))
-        return ATTESTATION_ERROR;
-
-    memcpy(inp_secret_data, buff, sizeof(uint32_t));
-
-    return SUCCESS;
-}
-
-
-uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response)
-{
-    ms_out_msg_exchange_t *ms;
-    size_t secret_response_len, ms_len;
-    size_t retval_len, ret_param_len;
-    if(!resp_length)
-        return INVALID_PARAMETER_ERROR;    
-    secret_response_len = sizeof(secret_response);
-    retval_len = secret_response_len;
-    ret_param_len = secret_response_len;
-    ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len;
-    ms = (ms_out_msg_exchange_t *)malloc(ms_len);
-    if(!ms)
-        return MALLOC_ERROR;
-    ms->retval_len = (uint32_t)retval_len;
-    ms->ret_outparam_buff_len = (uint32_t)ret_param_len;
-    memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len);
-    *resp_buffer = (char*)ms;
-    *resp_length = ms_len;
-     return SUCCESS;
-}
-
-uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response)
-{
-    size_t retval_len;
-    ms_out_msg_exchange_t *ms;
-    if(!out_buff)
-        return INVALID_PARAMETER_ERROR;    
-    ms = (ms_out_msg_exchange_t *)out_buff;
-    retval_len = ms->retval_len;
-    *secret_response = (char*)malloc(retval_len);
-    if(!*secret_response)
-    {
-        return MALLOC_ERROR;
-    }
-    memcpy(*secret_response, ms->ret_outparam_buff, retval_len);
-    return SUCCESS;
-}

+ 0 - 59
Decryptor/Utility_Decryptor.h

@@ -1,59 +0,0 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#ifndef UTILITY_E2_H__
-#define UTILITY_E2_H__
-#include "stdint.h"
-
-typedef struct _param_struct_t
-{
-    uint32_t var1;
-    uint32_t var2;
-}param_struct_t;
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len);
-uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval);
-uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms);
-uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval);
-uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len);
-uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms);
-uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response);
-uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response);
-
-#ifdef __cplusplus
- }
-#endif
-#endif
-

+ 12 - 8
Makefile

@@ -146,7 +146,7 @@ endif
 Crypto_Library_Name := sgx_tcrypto
 
 Enclave_Cpp_Files_2 := $(wildcard Decryptor/*.cpp)
-Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include -I$(OPENSSL_INCLUDES)
+Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include 
 
 CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9")
 ifeq ($(CC_BELOW_4_9), 1)
@@ -165,10 +165,10 @@ Enclave_Compile_Flags += $(Enclave_Include_Paths)
 # Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options.
 # Otherwise, you may get some undesirable errors.
 Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
-	-Wl,--verbose \
-	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
-	-Wl,--start-group $(Security_Link_Flags) $(SgxSSL_Link_Libraries) -L$(SGX_LIBRARY_PATH) -L. -lLocalAttestation_Trusted  -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
- 	-Wl,-Bstatic -Wl,-Bsymbolic  \
+        -Wl,--whole-archive -L$(OPENSSL_LIBRARY_PATH) -lsgx_tsgxssl -Wl,--no-whole-archive -lsgx_tsgxssl_crypto \
+	-Wl,--verbose	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--start-group -L$(SGX_LIBRARY_PATH) -L. -lLocalAttestation_Trusted -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
+	-Wl,-Bstatic -Wl,-Bsymbolic  \
 	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
 	-Wl,--defsym,__ImageBase=0 -Wl,--gc-sections
 Decryptor_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Decryptor_Version_Script)
@@ -276,11 +276,15 @@ Decryptor/Decryptor_t.o: Decryptor/Decryptor_t.c
 	@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-Decryptor/%.o: Decryptor/%.cpp
-	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@
+Decryptor/Decryptor.o: Decryptor/Decryptor.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
 	@echo "CXX  <=  $<"
 
-Decryptor.so: Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
+Decryptor/Openssl_crypto.o: Decryptor/Openssl_crypto.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
+	@echo "CXX  <=  $<"
+
+Decryptor.so: Decryptor/Decryptor_t.o Decryptor/Decryptor.o Decryptor/Openssl_crypto.o $(Trust_Lib_Name)
 	@$(CXX)  Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"