EDL files - private ecalls are not inter-enclave function calls. For inter-enclave function calls, entries are removed from the edl files. Added in code for verify_peer_enclave_trust to save the mrenclave of the 1st LA and to compare mrsigner to a global one the second time LA is called. Cleaned up unused functions.

App/App.cpp

@@ -253,15 +253,25 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 
     close(sealed_signing_key_fd);
 
-    ret_status=local_attestation_initiator(3825, e2_enclave_id, NULL);
+    // LA with the verifier 
+    ret_status=local_attestation_initiator(3825, e2_enclave_id);
     if(ret_status!=0)
     {
-        printf("local attestation did not successfully return: %x\n", ret_status); fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);
+        printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);
 return 0xFFFFFFFF;
 
     }
 
+/*
+    // LA with the apache - currently set to return failure - should change it to success when the code to send the mrsigner from the verifier to the decryptor is added- TODO: <--- that 
+    ret_status=local_attestation_initiator(3826, e2_enclave_id); // TODO: Change port or sth
+    if(ret_status!=0)
+    {
+        printf("local attestation - with apache - did not successfully return: %x\n", ret_status); fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);
+return 0xFFFFFFFF;
 
+    }*/
+ 
 /*	sgx_ec256_public_t short_term_pub_key;
 	sgx_ec256_signature_t generated_signature;
  Decryptor_create_and_sign_client_side_pub_key(e2_enclave_id, &ret_status,&short_term_pub_key, &generated_signature);

Decryptor/Decryptor.cpp

@@ -41,36 +41,28 @@
 #include "sgx_dh.h"
 #include <map>
 
-#define UNUSED(val) (void)(val)
+//#define UNUSED(val) (void)(val)
 //Function that is used to verify the trust of the other enclave
 //Each enclave can have its own way verifying the peer enclave identity
-extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_session_enclave_identity_t* peer_enclave_identity)
+extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_session_enclave_identity_t* peer_enclave_identity, sgx_measurement_t* expected_mr_signer)
 {
-   if(!peer_enclave_identity)
-    {
-        return INVALID_PARAMETER_ERROR;
-    }
-//  sgx_measurement_t actual_mr_enclave = peer_enclave_identity->mr_enclave;
-//  sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
-    // verifier's mrsigner 
-//    uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c}; 
-//    int count;
-//    for(count=0; count<SGX_HASH_SIZE; count++)
- // {
-/*    if( actual_mr_enclave.m[count] != expected_mr_enclave[count] )
-    {
-        return ENCLAVE_TRUST_ERROR;
-    }
-    if( actual_mr_signer.m[count] != expected_mr_signer[count] )
-    {
-        return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
-    }*/
- // }
-
-return SGX_SUCCESS;
-//}
-
-
+	if(!peer_enclave_identity)
+	{
+		return INVALID_PARAMETER_ERROR;
+	}
+	if(expected_mr_signer != NULL) // apache enclave
+	{
+		sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
+		// verifier's mrsigner 
+		//    uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c}; 
+		int count;
+		for(count=0; count<SGX_HASH_SIZE; count++)
+		{
+			if( actual_mr_signer.m[count] != expected_mr_signer->m[count] )
+				return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
+		}
+	}
+	return SGX_SUCCESS;
 
  /*   if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
     {
@@ -83,7 +75,3 @@ return SGX_SUCCESS;
 return SUCCESS; //ENCLAVE_TRUST_ERROR;
 }
 
-uint32_t foo()
-{
-return 0;
-}

Decryptor/Decryptor.edl

@@ -32,15 +32,7 @@
 
 enclave {
     include "sgx_eid.h"
-    from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
-//    from "sgx_tstdc.edl" import *;
-//    from "sgx_tae_service.edl" import *;
-
-    trusted{
-		public uint32_t foo(); 
-//              public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
-//            public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
-//            public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
-//            public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
-    };
+    include "sgx_tcrypto.h"
+    from "../LocalAttestationCode/LocalAttestationCode.edl" import *;//session_request, exchange_report, create_and_seal_ecdsa_signing_key_pair, unseal_and_restore_sealed_signing_key_pair, end_session, calculate_sealed_data_size  ;
+//    trusted{};
 };

LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -48,14 +48,17 @@
 extern "C" {
 #endif
 
-uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
-uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
-uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
-
+uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, sgx_measurement_t* measurement);
 #ifdef __cplusplus
 }
 #endif
+uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
+void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
+void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); 
+
 
+
+ 
 #define MAX_SESSION_COUNT  16
 
 //number of open sessions
@@ -66,10 +69,13 @@ ATTESTATION_STATUS end_session();
 sgx_ec256_private_t signing_priv_key;
 sgx_ec256_private_t short_term_priv_key;
 sgx_ec256_public_t short_term_pub_key; // for testing only: to test verification of signature
-
+uint32_t one_la_done; 
+sgx_measurement_t verifier_mr_enclave;
+sgx_measurement_t apache_mr_signer; 
 sgx_ecc_state_handle_t ecc_state;
 
- uint32_t session_ids[MAX_SESSION_COUNT];
+
+uint32_t session_ids[MAX_SESSION_COUNT];
 
 // Our enclave will not be doing LA with more than 1 decryptor enclave at a time.
 // We should not need this.
@@ -164,14 +170,31 @@ ATTESTATION_STATUS exchange_report(
             status = se_ret;
             end_session();
         }
-
+	uint32_t hash_count; 
         // THIS IS WHERE THE DECRYPTOR VERIFIES THE APACHE'S MRSIGNER IS THE PUBLIC KEY GIVEN AFTER THE LOCAL ATTESTATION WITH THE VERIFIER.
         //Verify source enclave's trust
-        uint32_t ret = verify_peer_enclave_trust(&initiator_identity);
-        if(ret != SUCCESS)
-        {
-            return ret; //INVALID_SESSION;
-       }
+	if(one_la_done == 0) 
+	{
+		one_la_done = 1;
+	        uint32_t ret = verify_peer_enclave_trust(&initiator_identity, NULL);
+	        if(ret != SUCCESS)
+        	{
+            		return ret; //INVALID_SESSION;
+       		}
+		for(hash_count=0; hash_count<32; hash_count++)
+			verifier_mr_enclave.m[hash_count] = initiator_identity.mr_signer.m[hash_count];
+	} 
+	else 
+	{
+		return 0xFFFFFFFF;
+		/*
+		uint32_t ret = verify_peer_enclave_trust(&initiator_identity, &apache_mrsigner);
+                if(ret != SUCCESS)
+                {
+                        return ret; //INVALID_SESSION;
+                }
+		*/
+	}
 
 	// TODO: Verify that these changes will be lost on update. 
         //save the session ID, status and initialize the session nonce
@@ -183,7 +206,6 @@ ATTESTATION_STATUS exchange_report(
         //g_session_count++;*/
 //    }while(0);
 
-
     return status;
 }
 
@@ -403,466 +425,6 @@ uint32_t calculate_sealed_data_size( uint32_t input_size)
 
 
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-/*
-uint32_t create_ecdsa_key_pair( sgx_ec256_public_t* pub_key ) 
-{
-//sgx_ec256_public_t pub_key;
-sgx_status_t se_ret; 
-//create ECC context
-ecc_state = NULL;
-
-se_ret = sgx_ecc256_open_context(&ecc_state);
-if(SGX_SUCCESS != se_ret)
-{
-   return se_ret;
-}
-// generate private key and public key
-se_ret = sgx_ecc256_create_key_pair(&signing_priv_key, pub_key, ecc_state);
-if(SGX_SUCCESS != se_ret)
-  return se_ret; 
-
-se_ret = sgx_ecc256_close_context(ecc_state); 
-// if(SGX_SUCCESS != se_ret)
-//  return se_ret; 
-
-return se_ret; 
-
-}
-*/
-/*
-uint32_t generate_and_seal_signing_private_key(uint8_t* pub_key, )
-{
-    uint32_t ret_status; 
-    ret_status=create_ecdsa_key_pair(pub_key); 
-    if(ret_status!=SGX_SUCCESS) 
-       return ret_status; 
-    uint8_t* public_key_string = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE); 
-    uint32_t counter;
-    for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
-    {
-	*(public_key_string+counter)=pub_key->gx[counter];
-    }
-    for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
-    {
-        *(public_key_string+counter)=pub_key->gy[counter];
-    }
-
-    // sgx_seal_data() call 
-    uint32_t expected_sealed_data_length=sgx_calc_sealed_data_size(0,2*ECP256_KEY_SIZE); 
-    if(expected_sealed_data_length == 0xFFFFFFFF)
-	return 0xFFFFFFFF; 
-    uint8_t* sealed_data=(uint8_t*) malloc(expected_sealed_data_length);
-    sgx_sealed_data_t sealed_data; 
-    sgx_seal_data(0, NULL, public_key_string, 2*ECP256_KEY_SIZE, );
-    free(public_key_string); 
-
-}
-*/
-/*
-uint32_t sign_with_signing_private_key(uint8_t* data, uint8_t* length) 
-{
-
-
-
-}
-*/
-// uint32_t create_
-
-
-/*
-//Request for the response size, send the request message to the destination enclave and receive the response message back
-ATTESTATION_STATUS send_request_receive_response(
-                                  sgx_enclave_id_t dest_enclave_id,
-                                  dh_session_t *session_info,
-                                  char *inp_buff,
-                                  size_t inp_buff_len,
-                                  size_t max_out_buff_size,
-                                  char **out_buff,
-                                  size_t* out_buff_len)
-{
-    const uint8_t* plaintext;
-    uint32_t plaintext_length;
-    sgx_status_t status;
-    uint32_t retstatus;
-    secure_message_t* req_message;
-    secure_message_t* resp_message;
-    uint8_t *decrypted_data;
-    uint32_t decrypted_data_length;
-    uint32_t plain_text_offset;
-    uint8_t l_tag[TAG_SIZE];
-    size_t max_resp_message_length;
-    plaintext = (const uint8_t*)(" ");
-    plaintext_length = 0;
-
-    if(!session_info || !inp_buff)
-    {
-        return INVALID_PARAMETER_ERROR;
-    }
-    // TODO: Figure out what this was supposed to be for.
-    //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
-    if(session_info->active.counter == ((uint32_t) - 2))
-    {
-        close_session(src_enclave_id, dest_enclave_id);
-        create_session(src_enclave_id, dest_enclave_id, session_info);
-    }
-
-    //Allocate memory for the AES-GCM request message
-    req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
-    if(!req_message)
-    {
-        return MALLOC_ERROR;
-    }
-
-    memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
-    const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
-    //Set the payload size to data to encrypt length
-    req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
-
-    //Use the session nonce as the payload IV
-    memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
-
-    //Set the session ID of the message to the current session id
-    req_message->session_id = session_info->session_id;
-
-    //Prepare the request message with the encrypted payload
-    status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
-                reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
-                reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
-                sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
-                &(req_message->message_aes_gcm_data.payload_tag));
-
-    if(SGX_SUCCESS != status)
-    {
-        SAFE_FREE(req_message);
-        return status;
-    }
-
-    //Allocate memory for the response payload to be copied
-    *out_buff = (char*)malloc(max_out_buff_size);
-    if(!*out_buff)
-    {
-        SAFE_FREE(req_message);
-        return MALLOC_ERROR;
-    }
-
-    memset(*out_buff, 0, max_out_buff_size);
-
-    //Allocate memory for the response message
-    resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
-    if(!resp_message)
-    {
-        SAFE_FREE(req_message);
-        return MALLOC_ERROR;
-    }
-
-    memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
-
-    // TODO: This should not exist.
-    //Ocall to send the request to the Destination Enclave and get the response message back
-    status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
-                                (sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
-                                resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
-    if (status == SGX_SUCCESS)
-    {
-        if ((ATTESTATION_STATUS)retstatus != SUCCESS)
-        {
-            SAFE_FREE(req_message);
-            SAFE_FREE(resp_message);
-            return ((ATTESTATION_STATUS)retstatus);
-        }
-    }
-    else
-    {
-        SAFE_FREE(req_message);
-        SAFE_FREE(resp_message);
-        return ATTESTATION_SE_ERROR;
-    }
-
-    max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
-
-    if(sizeof(resp_message) > max_resp_message_length)
-    {
-        SAFE_FREE(req_message);
-        SAFE_FREE(resp_message);
-        return INVALID_PARAMETER_ERROR;
-    }
-
-    //Code to process the response message from the Destination Enclave
-
-    decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
-    plain_text_offset = decrypted_data_length;
-    decrypted_data = (uint8_t*)malloc(decrypted_data_length);
-    if(!decrypted_data)
-    {
-        SAFE_FREE(req_message);
-        SAFE_FREE(resp_message);
-        return MALLOC_ERROR;
-    }
-    memset(&l_tag, 0, 16);
-
-    memset(decrypted_data, 0, decrypted_data_length);
-
-    //Decrypt the response message payload
-    status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
-                decrypted_data_length, decrypted_data,
-                reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
-                sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
-                &resp_message->message_aes_gcm_data.payload_tag);
-
-    if(SGX_SUCCESS != status)
-    {
-        SAFE_FREE(req_message);
-        SAFE_FREE(decrypted_data);
-        SAFE_FREE(resp_message);
-        return status;
-    }
-
-    // Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
-    if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
-    {
-        SAFE_FREE(req_message);
-        SAFE_FREE(resp_message);
-        SAFE_FREE(decrypted_data);
-        return INVALID_PARAMETER_ERROR;
-    }
-
-        //Update the value of the session nonce in the source enclave
-    session_info->active.counter = session_info->active.counter + 1;
-
-    memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
-    memcpy(*out_buff, decrypted_data, decrypted_data_length);
-
-    SAFE_FREE(decrypted_data);
-    SAFE_FREE(req_message);
-    SAFE_FREE(resp_message);
-    return SUCCESS;
-
-
-}
-*/
-
-/*
-//Process the request from the Source enclave and send the response message back to the Source enclave
-ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
-                                     secure_message_t* req_message,
-                                     size_t req_message_size,
-                                     size_t max_payload_size,
-                                     secure_message_t* resp_message,
-                                     size_t resp_message_size)
-{
-    const uint8_t* plaintext;
-    uint32_t plaintext_length;
-    uint8_t *decrypted_data;
-    uint32_t decrypted_data_length;
-    uint32_t plain_text_offset;
-    ms_in_msg_exchange_t * ms;
-    size_t resp_data_length;
-    size_t resp_message_calc_size;
-    char* resp_data;
-    uint8_t l_tag[TAG_SIZE];
-    size_t header_size, expected_payload_size;
-    dh_session_t *session_info;
-    secure_message_t* temp_resp_message;
-    uint32_t ret;
-    sgx_status_t status;
-
-    plaintext = (const uint8_t*)(" ");
-    plaintext_length = 0;
-
-    if(!req_message || !resp_message)
-    {
-        return INVALID_PARAMETER_ERROR;
-    }
-// TODO: Set session_info from somewhere.
-
-    //Get the session information from the map corresponding to the source enclave id
-    std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
-    if(it != g_dest_session_info_map.end())
-    {
-        session_info = &it->second;
-    }
-    else
-    {
-        return INVALID_SESSION;
-    }
-
-    if(session_info->status != ACTIVE)
-    {
-        return INVALID_SESSION;
-    }
-
-    //Set the decrypted data length to the payload size obtained from the message
-    decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
-
-    header_size = sizeof(secure_message_t);
-    expected_payload_size = req_message_size - header_size;
-
-    //Verify the size of the payload
-    if(expected_payload_size != decrypted_data_length)
-        return INVALID_PARAMETER_ERROR;
-
-    memset(&l_tag, 0, 16);
-    plain_text_offset = decrypted_data_length;
-    decrypted_data = (uint8_t*)malloc(decrypted_data_length);
-    if(!decrypted_data)
-    {
-            return MALLOC_ERROR;
-    }
-
-    memset(decrypted_data, 0, decrypted_data_length);
-
-    //Decrypt the request message payload from source enclave
-    status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
-                decrypted_data_length, decrypted_data,
-                reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
-                sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
-                &req_message->message_aes_gcm_data.payload_tag);
-
-    if(SGX_SUCCESS != status)
-    {
-        SAFE_FREE(decrypted_data);
-        return status;
-    }
-
-    //Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
-    ms = (ms_in_msg_exchange_t *)decrypted_data;
-
-
-    // Verify if the nonce obtained in the request is equal to the session nonce
-    if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
-    {
-        SAFE_FREE(decrypted_data);
-        return INVALID_PARAMETER_ERROR;
-    }
-
-    if(ms->msg_type == MESSAGE_EXCHANGE)
-    {
-        //Call the generic secret response generator for message exchange
-        ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
-        if(ret !=0)
-        {
-            SAFE_FREE(decrypted_data);
-            SAFE_FREE(resp_data);
-            return INVALID_SESSION;
-        }
-    }
-    else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
-    {
-        //Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
-        ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
-        if(ret !=0)
-        {
-            SAFE_FREE(decrypted_data);
-            SAFE_FREE(resp_data);
-            return INVALID_SESSION;
-        }
-    }
-    else
-    {
-        SAFE_FREE(decrypted_data);
-        return INVALID_REQUEST_TYPE_ERROR;
-    }
-
-
-    if(resp_data_length > max_payload_size)
-    {
-        SAFE_FREE(resp_data);
-        SAFE_FREE(decrypted_data);
-        return OUT_BUFFER_LENGTH_ERROR;
-    }
-
-    resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
-
-    if(resp_message_calc_size > resp_message_size)
-    {
-        SAFE_FREE(resp_data);
-        SAFE_FREE(decrypted_data);
-        return OUT_BUFFER_LENGTH_ERROR;
-    }
-
-    //Code to build the response back to the Source Enclave
-    temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
-    if(!temp_resp_message)
-    {
-            SAFE_FREE(resp_data);
-            SAFE_FREE(decrypted_data);
-            return MALLOC_ERROR;
-    }
-
-    memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
-    const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
-    temp_resp_message->session_id = session_info->session_id;
-    temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
-
-    //Increment the Session Nonce (Replay Protection)
-    session_info->active.counter = session_info->active.counter + 1;
-
-    //Set the response nonce as the session nonce
-    memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
-
-    //Prepare the response message with the encrypted payload
-    status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
-                reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
-                reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
-                sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
-                &(temp_resp_message->message_aes_gcm_data.payload_tag));
-
-    if(SGX_SUCCESS != status)
-    {
-        SAFE_FREE(resp_data);
-        SAFE_FREE(decrypted_data);
-        SAFE_FREE(temp_resp_message);
-        return status;
-    }
-
-    memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
-    memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
-
-    SAFE_FREE(decrypted_data);
-    SAFE_FREE(resp_data);
-    SAFE_FREE(temp_resp_message);
-
-    return SUCCESS;
-}
-*/
-/*
-//Close a current session
-ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
-                        sgx_enclave_id_t dest_enclave_id)
-{
-    sgx_status_t status;
-
-    uint32_t retstatus;
-
-    //Ocall to ask the destination enclave to end the session
-    status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
-    if (status == SGX_SUCCESS)
-    {
-        if ((ATTESTATION_STATUS)retstatus != SUCCESS)
-            return ((ATTESTATION_STATUS)retstatus);
-    }
-    else
-    {
-        return ATTESTATION_SE_ERROR;
-    }
-    return SUCCESS;
-}
-*/
 // TODO: Fix this.
 //Respond to the request from the Source Enclave to close the session
 ATTESTATION_STATUS end_session(/**/)
@@ -898,4 +460,3 @@ ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
   // *session_id=++global_session_id;
 //}
 
-

LocalAttestationCode/LocalAttestationCode.edl

@@ -30,7 +30,6 @@
  */
 
 enclave  {
-    from "sgx_tae_service.edl" import *;
     include "sgx_eid.h"
     include "datatypes.h"
 //    include "sgx_tcrypto.h" // For some reason, this is not being detected - macros are not being resolved!
@@ -41,23 +40,14 @@ enclave  {
         public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
         public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
         public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
-        uint32_t create_ecdsa_key_pair([out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key);
-void serialize_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out, size=96] uint8_t* private_public_key_string);
-        void deserialize_string_to_key_pair([in, size=96] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
+//        uint32_t create_ecdsa_key_pair([out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key);
+//void serialize_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out, size=96] uint8_t* private_public_key_string);
+//        void deserialize_string_to_key_pair([in, size=96] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
         public uint32_t end_session();
         public uint32_t calculate_sealed_data_size(uint32_t input_size); //, [out] uint32_t *opsize);
-//	public uint32_t create_and_sign_client_side_pub_key([out] sgx_ec256_public_t* generated_pub_key, [out] sgx_ec256_signature_t* generated_signature);
 public uint32_t create_and_sign_client_side_pub_key([in] sgx_measurement_t* mr_enclave, [out] sgx_ec256_public_t* generated_pub_key, [out] sgx_ec256_signature_t* generated_signature);
 
-        // public uint32_t generate_response([in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size );
-//        public uint32_t end_session();
     };
     untrusted{
-    /*
-        uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id);
-        uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id);
-        uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size);
-        uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
-    */
     };
 };

Makefile

@@ -255,7 +255,7 @@ App/%.o: App/%.cpp Decryptor/Decryptor_u.h #Enclave3/Enclave3_u.h
 	@echo "CXX  <=  $<"
 
 $(App_Name): $(App_Cpp_Objects) App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrustLib_Name)
-	@$(CXX) -Wl,--undefined --verbose -Wl,--verbose $^ -o $@ $(App_Link_Flags)
+	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 
 
@@ -273,7 +273,7 @@ Decryptor/%.o: Decryptor/%.cpp
 	@echo "CXX  <=  $<"
 
 Decryptor.so: Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name)
-	@$(CXX) -Wl,--verbose --verbose Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Decryptor_Link_Flags)
+	@$(CXX) -Wl,--no-undefined Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_2): Decryptor.so