|
@@ -15,10 +15,14 @@ using namespace google::protobuf::io;
|
|
|
#include "../Decryptor/Decryptor_u.h"
|
|
|
#include <iostream>
|
|
|
#include "LocalAttestationUntrusted.h"
|
|
|
+#include<sys/time.h>
|
|
|
+#include <fcntl.h>
|
|
|
+#include <sys/types.h>
|
|
|
+#include <sys/stat.h>
|
|
|
|
|
|
uint32_t LocalAttestationUntrusted::session_id=0;
|
|
|
protobuf_sgx_dh_msg1_t LocalAttestationUntrusted::protobuf_msg1;
|
|
|
-
|
|
|
+ uint8_t* LocalAttestationUntrusted::output_ciphertext_plus_tag=NULL;
|
|
|
|
|
|
|
|
|
int LocalAttestationUntrusted::read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
|
|
@@ -131,58 +135,58 @@ using namespace google::protobuf::io;
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- int LocalAttestationUntrusted::decrypt_client_data(uint32_t own_enclave_id, int fd)
|
|
|
+ int LocalAttestationUntrusted::decrypt_client_data(uint32_t own_enclave_id, int fd, uint8_t* output_ciphertext_plus_tag, uint8_t* input_ciphertext_plus_tag, int time_file_fd)
|
|
|
{
|
|
|
protobuf_post_LA_encrypted_msg_t protobuf_msg;
|
|
|
+ protobuf_post_LA_encrypted_msg_t protobuf_msg_response;
|
|
|
unsigned char* protobuf_msg_ptr;
|
|
|
uint32_t sgx_ret_status=0;
|
|
|
- uint8_t* input_ciphertext_plus_tag;
|
|
|
uint32_t input_ciphertext_plus_tag_length;
|
|
|
- uint8_t* output_ciphertext_plus_tag;
|
|
|
uint32_t output_ciphertext_plus_tag_length;
|
|
|
- int counter;
|
|
|
-
|
|
|
+ struct timeval tv1, tv2;
|
|
|
+ char time_buf[60] = {0};
|
|
|
+ size_t bytes_written;
|
|
|
+ unsigned long int new_time, old_time;
|
|
|
+ uint32_t count;
|
|
|
if(read_protobuf_msg_from_fd(fd, protobuf_msg)!=0)
|
|
|
- {
|
|
|
-// printf("Could not read apache's message post-local attestation\n"); fflush(stdout);
|
|
|
return 0xfe;
|
|
|
- }
|
|
|
-// printf("Clients data\n"); fflush(stdout);
|
|
|
+ gettimeofday(&tv1, NULL);
|
|
|
|
|
|
input_ciphertext_plus_tag_length = protobuf_msg.msg().length();
|
|
|
- input_ciphertext_plus_tag = (uint8_t*) malloc(1000); //malloc(input_ciphertext_plus_tag_length);
|
|
|
- output_ciphertext_plus_tag = (uint8_t*) malloc(1000); //malloc(input_ciphertext_plus_tag_length);
|
|
|
protobuf_msg_ptr = (uint8_t*) protobuf_msg.msg().c_str();
|
|
|
|
|
|
- for(counter=0; counter<input_ciphertext_plus_tag_length; counter++)
|
|
|
- {
|
|
|
- input_ciphertext_plus_tag[counter] = *(protobuf_msg_ptr + counter);
|
|
|
-// printf("0x%02x ", input_ciphertext_plus_tag[counter]);
|
|
|
- }
|
|
|
// Just so that the ciphertext - client data - is returned back to Apache in case this function fails.
|
|
|
- // client data is after public key (64 bytes) + signature (64 bytes) = 128 bytes.
|
|
|
- for(counter=0; counter<input_ciphertext_plus_tag_length-64; counter++)
|
|
|
- output_ciphertext_plus_tag[counter] = input_ciphertext_plus_tag[counter+64];
|
|
|
- output_ciphertext_plus_tag_length=input_ciphertext_plus_tag_length - 64;
|
|
|
- protobuf_msg.set_msg((void*) output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
+ // client data is after public key (64 bytes)
|
|
|
+ protobuf_msg_response.set_msg((void*) protobuf_msg_ptr + 64, input_ciphertext_plus_tag_length - 64);
|
|
|
|
|
|
+ for(count=0;count<input_ciphertext_plus_tag_length;count++)
|
|
|
+ {
|
|
|
+ input_ciphertext_plus_tag[count]=protobuf_msg_ptr[count];
|
|
|
+ }
|
|
|
+
|
|
|
// We assume that the output is not changed unless it is successful throughout.
|
|
|
Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext_plus_tag, &output_ciphertext_plus_tag_length);
|
|
|
- free(input_ciphertext_plus_tag);
|
|
|
if(sgx_ret_status==0)
|
|
|
{
|
|
|
- protobuf_msg.set_msg((void*) output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
+ protobuf_msg_response.set_msg((void*) output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
}
|
|
|
-// else
|
|
|
-// printf("\n0x%02x\n", sgx_ret_status);
|
|
|
-
|
|
|
-/* printf("Returning this: \n");
|
|
|
- for(counter=0;counter<output_ciphertext_plus_tag_length;counter++)
|
|
|
- printf("%02x ",output_ciphertext_plus_tag[counter]);
|
|
|
- printf("\n"); */
|
|
|
- free(output_ciphertext_plus_tag);
|
|
|
- if(write_protobuf_msg_to_fd(fd, protobuf_msg)!=0)
|
|
|
- return 0xfc;
|
|
|
+ else
|
|
|
+ {
|
|
|
+ printf("\n Error in decryptors call to the process_apache wrapper : 0x%02x\n", sgx_ret_status);
|
|
|
+ for(count=0;count<output_ciphertext_plus_tag_length;count++)
|
|
|
+ printf("0x%02x ", output_ciphertext_plus_tag[count]);
|
|
|
+ printf("\n"); fflush(stdout);
|
|
|
+ }
|
|
|
+
|
|
|
+ if(write_protobuf_msg_to_fd(fd, protobuf_msg_response)!=0)
|
|
|
+ return 0xfc;
|
|
|
+
|
|
|
+ gettimeofday(&tv2, NULL);
|
|
|
+ new_time=tv2.tv_usec + tv2.tv_sec * 1000000;
|
|
|
+ old_time=tv1.tv_usec + tv1.tv_sec * 1000000;
|
|
|
+ bytes_written=sprintf(time_buf, "%lu %lu\n", old_time, new_time);
|
|
|
+ write(time_file_fd, time_buf, bytes_written);
|
|
|
+
|
|
|
return 0;
|
|
|
|
|
|
}
|
|
@@ -229,23 +233,23 @@ using namespace google::protobuf::io;
|
|
|
int LocalAttestationUntrusted::post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd)
|
|
|
{
|
|
|
uint32_t protobuf_sgx_ret;
|
|
|
- uint8_t encrypted_apache_mrsigner_and_tag[48];
|
|
|
+ uint8_t encrypted_apache_mrsigner_and_tag[150];
|
|
|
size_t bytes_read;
|
|
|
int count;
|
|
|
printf("Here\n"); fflush(stdout);
|
|
|
- bytes_read=read(accept_fd, encrypted_apache_mrsigner_and_tag, 48);
|
|
|
- if(bytes_read!=48)
|
|
|
+ bytes_read=read(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
|
|
|
+ if(bytes_read!=60)
|
|
|
{
|
|
|
printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout);
|
|
|
close(accept_fd);
|
|
|
return 0xfe;
|
|
|
}
|
|
|
|
|
|
- for(count=0;count<48;count++)
|
|
|
+ for(count=0;count<60;count++)
|
|
|
printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
|
|
|
printf("\n");fflush(stdout);
|
|
|
|
|
|
- Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag);
|
|
|
+ Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag, 60);
|
|
|
if(protobuf_sgx_ret!=0)
|
|
|
{
|
|
|
printf("Error in decryption: 0x%x\n", protobuf_sgx_ret); fflush(stdout);
|
|
@@ -274,13 +278,14 @@ using namespace google::protobuf::io;
|
|
|
int LocalAttestationUntrusted::post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd)
|
|
|
{
|
|
|
protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
|
|
|
- uint8_t encrypted_sign_data_and_sign_and_tag[176];
|
|
|
- memset(encrypted_sign_data_and_sign_and_tag,0x0,176);
|
|
|
+ uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
|
|
|
+ uint32_t op_length;
|
|
|
+ memset(encrypted_sign_data_and_sign_and_tag,0x0,200);
|
|
|
uint32_t internal_return_status;
|
|
|
uint32_t count;
|
|
|
uint32_t sgx_ret;
|
|
|
|
|
|
- Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag);
|
|
|
+ Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag, &op_length);
|
|
|
if(sgx_ret!=0)
|
|
|
{
|
|
|
printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout);
|
|
@@ -288,13 +293,13 @@ using namespace google::protobuf::io;
|
|
|
return 0xf3;
|
|
|
}
|
|
|
|
|
|
- for(count=0;count<176;count++)
|
|
|
+ for(count=0;count<op_length;count++)
|
|
|
{
|
|
|
printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
|
|
|
}
|
|
|
printf("\n"); fflush(stdout);
|
|
|
|
|
|
- protobuf_encrypted_msg.set_msg((void*)encrypted_sign_data_and_sign_and_tag, 176);
|
|
|
+ protobuf_encrypted_msg.set_msg((void*)encrypted_sign_data_and_sign_and_tag, op_length);
|
|
|
if(write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0)
|
|
|
{
|
|
|
printf("Not all of the mitigator token H was written to the Apache.\n"); fflush(stdout);
|
|
@@ -306,12 +311,20 @@ using namespace google::protobuf::io;
|
|
|
for(count=0;count<64;count++)
|
|
|
printf("%02x ",public_key[count]);
|
|
|
printf("\n"); fflush(stdout);
|
|
|
+
|
|
|
+ uint8_t* output_ciphertext_plus_tag = (uint8_t*) malloc(4100); // 12 bytes for ciphertext iv + 16 bytes for ciphertext tag = 28 byte
|
|
|
+ uint8_t* input_ciphertext_plus_tag = (uint8_t*) malloc(4100);
|
|
|
+
|
|
|
+ int time_file_fd=open("decryptor_time.txt", O_APPEND | O_WRONLY);
|
|
|
|
|
|
do {
|
|
|
- internal_return_status = decrypt_client_data(own_enclave_id, accept_fd);
|
|
|
+ internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, output_ciphertext_plus_tag, input_ciphertext_plus_tag, time_file_fd);
|
|
|
} while(internal_return_status==0);
|
|
|
+
|
|
|
+
|
|
|
close(accept_fd);
|
|
|
+ free(output_ciphertext_plus_tag);
|
|
|
+ free(input_ciphertext_plus_tag);
|
|
|
return internal_return_status;
|
|
|
-
|
|
|
- return 0; }
|
|
|
+}
|
|
|
|