|
@@ -129,7 +129,7 @@ ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
|
|
|
ATTESTATION_STATUS exchange_report(
|
|
|
sgx_dh_msg2_t *dh_msg2,
|
|
|
sgx_dh_msg3_t *dh_msg3,
|
|
|
- uint32_t* session_id)
|
|
|
+ uint32_t* session_id, uint8_t* read)
|
|
|
{
|
|
|
|
|
|
sgx_key_128bit_t dh_aek; // Session key
|
|
@@ -175,7 +175,7 @@ ATTESTATION_STATUS exchange_report(
|
|
|
//Verify source enclave's trust
|
|
|
if(one_la_done == 0)
|
|
|
{
|
|
|
- one_la_done = 1;
|
|
|
+ one_la_done = 1; *read=1;
|
|
|
uint32_t ret = verify_peer_enclave_trust(&initiator_identity, NULL);
|
|
|
if(ret != SUCCESS)
|
|
|
{
|
|
@@ -186,7 +186,7 @@ ATTESTATION_STATUS exchange_report(
|
|
|
}
|
|
|
else
|
|
|
{
|
|
|
- return 0xFFFFFFFF;
|
|
|
+ one_la_done=0; return 0xFFFFFFFF;
|
|
|
/*
|
|
|
uint32_t ret = verify_peer_enclave_trust(&initiator_identity, &apache_mrsigner);
|
|
|
if(ret != SUCCESS)
|
|
@@ -203,12 +203,127 @@ ATTESTATION_STATUS exchange_report(
|
|
|
global_session_info.active.counter = 0;
|
|
|
memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
|
|
|
memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
|
|
|
+
|
|
|
//g_session_count++;*/
|
|
|
// }while(0);
|
|
|
|
|
|
return status;
|
|
|
}
|
|
|
|
|
|
+ATTESTATION_STATUS encrypt(__attribute__((unused)) uint8_t *plaintext, __attribute__((unused)) size_t plaintext_length, __attribute__((unused)) uint8_t* payload_tag, __attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) uint32_t* active_counter)
|
|
|
+{
|
|
|
+// return 0;
|
|
|
+
|
|
|
+ sgx_status_t status;
|
|
|
+ if(plaintext == NULL)
|
|
|
+ {
|
|
|
+ return INVALID_PARAMETER_ERROR;
|
|
|
+ }
|
|
|
+ //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
|
|
|
+ if(global_session_info.active.counter == ((uint32_t) - 2))
|
|
|
+ { return 0xFF; // TODO: DO something here.
|
|
|
+// close_session(src_enclave_id);
|
|
|
+// create_session(src_enclave_id, session_info);
|
|
|
+ }
|
|
|
+//return plaintext_length ;
|
|
|
+ uint32_t count;
|
|
|
+ uint8_t* temp_plaintext = (uint8_t*) malloc(plaintext_length);
|
|
|
+ for(count=0; count<plaintext_length; count++)
|
|
|
+ *(temp_plaintext+count)=*(plaintext+count);
|
|
|
+
|
|
|
+ secure_message_t* temp_req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ plaintext_length); // WTF is this even - what happens to padding?
|
|
|
+ memset(temp_req_message,0,sizeof(secure_message_t)+ plaintext_length);
|
|
|
+
|
|
|
+ //Use the session nonce as the payload IV
|
|
|
+// memcpy(req_message->message_aes_gcm_data.reserved,&global_session_info.active.counter,sizeof(global_session_info.active.counter));
|
|
|
+// *active_counter=global_session_info.active.counter;
|
|
|
+ memcpy(temp_req_message->message_aes_gcm_data.reserved,&global_session_info.active.counter,sizeof(global_session_info.active.counter));
|
|
|
+
|
|
|
+ //Set the session ID of the message to the current session id
|
|
|
+// req_message->session_id = global_session_info.session_id;
|
|
|
+
|
|
|
+ uint32_t temp_plaintext_length = plaintext_length;
|
|
|
+ uint8_t* shared_key = (uint8_t*)malloc(16); // 128 bit aes key
|
|
|
+ for(count=0;count<16;count++)
|
|
|
+ *(shared_key+count)=global_session_info.active.AEK[count];
|
|
|
+// return 0;
|
|
|
+ //Prepare the request message with the encrypted payload
|
|
|
+ status =
|
|
|
+sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*)shared_key, temp_plaintext, temp_plaintext_length,
|
|
|
+ reinterpret_cast<uint8_t *>(&(temp_req_message->message_aes_gcm_data.payload)),
|
|
|
+ reinterpret_cast<uint8_t *>(&(temp_req_message->message_aes_gcm_data.reserved)),
|
|
|
+ 0xc, NULL, 0,
|
|
|
+ &(temp_req_message->message_aes_gcm_data.payload_tag));
|
|
|
+
|
|
|
+ for(count=0;count<48;count++)
|
|
|
+ *(ciphertext+count) = temp_req_message->message_aes_gcm_data.payload[count];
|
|
|
+
|
|
|
+ // tag length is 16 as per sgx_tseal.h
|
|
|
+ for(count=0;count<16;count++)
|
|
|
+ *(payload_tag+count) = temp_req_message->message_aes_gcm_data.payload_tag[count];
|
|
|
+
|
|
|
+ // TODO: Should this depend on whether the call has been successful or not?
|
|
|
+ //Update the value of the session nonce in the source enclave
|
|
|
+// global_session_info.active.counter +=1; // TODO: Activate this again.
|
|
|
+
|
|
|
+free(shared_key); free(temp_plaintext); free(temp_req_message);
|
|
|
+ return status;
|
|
|
+//return global_session_info.active.counter-1;
|
|
|
+
|
|
|
+}
|
|
|
+/*
|
|
|
+uint32_t decrypt(__attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) size_t ciphertext_length, __attribute__((unused)) uint8_t* payload_tag, __attribute__((unused)) uint8_t* plaintext, __attribute__((unused)) size_t plaintext_length)
|
|
|
+{
|
|
|
+ uint32_t count; sgx_status_t status;
|
|
|
+ uint8_t* shared_key = (uint8_t*)malloc(16); // 128 bit aes key
|
|
|
+ secure_message_t* temp_req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ plaintext_length); // WTF is this even - what happens to padding?
|
|
|
+ memset(temp_req_message,0,sizeof(secure_message_t)+ plaintext_length);
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+ for(count=0;count<16;count++)
|
|
|
+ *(shared_key+count)=global_session_info.active.AEK[count];
|
|
|
+
|
|
|
+ uint8_t* temp_ciphertext = (uint8_t*) malloc(ciphertext_length);
|
|
|
+ for(count=0; count<ciphertext_length; count++)
|
|
|
+ *(temp_ciphertext+count)=*(ciphertext+count);
|
|
|
+
|
|
|
+ uint8_t* temp_plaintext = (uint8_t*) malloc(plaintext_length);
|
|
|
+ memset(temp_plaintext, 0, plaintext_length);
|
|
|
+
|
|
|
+
|
|
|
+// uint8_t temp_payload_tag[16];// = (uint8_t*) malloc(16);
|
|
|
+// for(count=0; count<16; count++)
|
|
|
+// *(temp_payload_tag+count)=*(payload_tag+count);
|
|
|
+
|
|
|
+// const uint8_t expected_payload_tag[16]; // = (uint8_t*) malloc(16);
|
|
|
+ uint8_t* iv = (uint8_t*) malloc(12);
|
|
|
+ memset(iv, 0, 12);
|
|
|
+ memcpy(iv, &global_session_info.active.counter, sizeof(uint32_t));
|
|
|
+
|
|
|
+ //Decrypt the response message payload
|
|
|
+// status = sgx_rijndael128GCM_decrypt(&global_session_info.active.AEK, resp_message->message_aes_gcm_data.payload, resp_message->message_aes_gcm_data.payload_size, pl$reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)), sizeof(resp_message->message_aes_gcm_data.reserved), NULL, 0, &resp_message$
|
|
|
+status = sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) shared_key, temp_ciphertext, ciphertext_length,
|
|
|
+temp_plaintext, iv, 0xc, NULL, 0, &(temp_req_message->message_aes_gcm_data.payload_tag));
|
|
|
+ for(count=0;count<16; count++)
|
|
|
+ {
|
|
|
+// if(temp_req_message->message_aes_gcm_data.payload_tag[count] != *(payload_tag+count))
|
|
|
+// return 0x2;
|
|
|
+ *(payload_tag+count)=temp_req_message->message_aes_gcm_data.payload_tag[count];
|
|
|
+ }
|
|
|
+
|
|
|
+// for(count=0; count<plaintext_length; count++)
|
|
|
+// *(plaintext+count)=*(temp_plaintext+count);
|
|
|
+//
|
|
|
+ free(shared_key); free(temp_ciphertext); free(temp_plaintext); // free(temp_payload_tag);
|
|
|
+ return status;
|
|
|
+
|
|
|
+
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+*/
|
|
|
+
|
|
|
+
|
|
|
uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
|
|
|
{
|
|
|
sgx_status_t se_ret; sgx_status_t se_ret2;
|
|
@@ -460,3 +575,62 @@ ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
|
|
|
// *session_id=++global_session_id;
|
|
|
//}
|
|
|
|
|
|
+
|
|
|
+uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
|
|
|
+{
|
|
|
+ uint32_t return_status2; uint32_t count;
|
|
|
+// unsigned char key[16]; uint32_t count;
|
|
|
+ unsigned char key[16];
|
|
|
+ // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now.
|
|
|
+ for(count=0;count<16;count++)
|
|
|
+ key[count]=global_session_info.active.AEK[count];
|
|
|
+
|
|
|
+ // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
|
|
|
+ uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
|
|
|
+ for(count=0;count<ciphertext_len;count++)
|
|
|
+ *(ciphertext+count)=*(ip_ciphertext+count);
|
|
|
+
|
|
|
+ uint8_t* tag = (uint8_t*) malloc(16);
|
|
|
+ for(count=0;count<16;count++)
|
|
|
+ *(tag+count)=*(ip_tag+count);
|
|
|
+
|
|
|
+ uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
|
|
|
+// uint8_t encryption_tag[16]; uint8_t decryption_tag[16];
|
|
|
+
|
|
|
+// int ciphertext_len=48; int plaintext_len=32;
|
|
|
+ uint8_t iv[12];
|
|
|
+ // memset(ciphertext, 0, 48); memset(expected_plaintext, 0, 48);
|
|
|
+ memset(iv, 0, 12); //memcpy(iv, &global_session_info.active.counter, 4);
|
|
|
+ return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
|
|
|
+/*
|
|
|
+ // memset(expected_plaintext, 0, 32); memset(encryption_tag, 0, 16); memset(decryption_tag, 0, 16);
|
|
|
+ return_status=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, hash, 32, ciphertext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
|
|
|
+ for(count=0;count<32;count++)
|
|
|
+ *(op_ciphertext+count)=ciphertext[count];
|
|
|
+
|
|
|
+ if(return_status == 0)
|
|
|
+return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, 32, expected_plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
|
|
|
+ else
|
|
|
+ return 0xffffffff;*/
|
|
|
+ for(count=0;count<ciphertext_len;count++)
|
|
|
+ *(op_plaintext+count)=plaintext[count];
|
|
|
+
|
|
|
+ return return_status2;
|
|
|
+}
|
|
|
+
|
|
|
+uint32_t encrypt()
|
|
|
+{
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+return 0;
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+
|