Not compiling yet - need to go through errors for decryptor.cpp and for localattestationtrusted.cpp

CommonOpensslCode/Openssl_crypto.cpp

@@ -6,7 +6,6 @@
 #include <openssl/rand.h>
 #include <openssl/ecdh.h>
 #include <string.h>
-
 EVP_CIPHER_CTX* ctx;
 
 int generate_sha256_hash(const unsigned char *message, size_t message_len, unsigned char *digest)

Decryptor/Decryptor.cpp

@@ -1,4 +1,4 @@
-localAttestation.verifier_mr_enclave/*
+/*
  * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31,29 +31,9 @@ localAttestation.verifier_mr_enclave/*
 
 
 // Enclave2.cpp : Defines the exported functions for the DLL application
-#include "sgx_eid.h"
-#include "sgx_tcrypto.h"
-#include "Decryptor_t.h"
-#include "EnclaveMessageExchange.h"
-#include "error_codes.h"
-#include "sgx_thread.h"
-#include "sgx_dh.h"
-#include <map>
-#include "sgx_tcrypto.h"
-#include "LocalAttestationCode_t.h"
-#include "sgx_tseal.h"
-#include "Openssl_crypto.h"
-
-#include "sgx_tseal.h"
-
-
-static class Decryptor {
-  uint8_t apache_mrsigner[32];
-  ECDSASignatureBox signatureBox;
-  HybridEncryptionBox hybridEncryptionBoxClient;
-	LocalAttestationTrusted localAttestation;
-
-  uint32_t create_mitigator_token_M(uint8_t* token)
+#include "Decryptor.h"
+
+   uint32_t Decryptor::create_mitigator_token_M(uint8_t* token)
   {
     uint32_t internal_return_status;
     uint32_t counter;
@@ -71,7 +51,7 @@ static class Decryptor {
     return 0;
   }
 
-  uint32_t create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature)
+  uint32_t Decryptor::create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature)
   {
     uint32_t internal_return_status;
     uint8_t local_signature[64];
@@ -94,7 +74,7 @@ static class Decryptor {
   }
 
   // done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
-  uint32_t create_long_term_signing_keypair(uint8_t* private_public_key_string)
+  uint32_t Decryptor::create_long_term_signing_keypair(uint8_t* private_public_key_string)
   {
     uint32_t internal_return_status;
     internal_return_status = signatureBox.generate_keypair();
@@ -108,7 +88,7 @@ static class Decryptor {
     return 0;
   }
 
-  uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
+  uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
   {
     uint8_t* ciphertext;
     uint32_t ciphertext_length;
@@ -127,12 +107,9 @@ static class Decryptor {
     return internal_return_status;
   }
 
-  public:
-    Decryptor(): signatureBox(), hybridEncryptionBoxClient(), localAttestation();
-    ~Decryptor();
 
     // DONE.
-    uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
+    uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
     {
         uint32_t sgx_libcall_status;
         uint32_t internal_return_status;
@@ -162,7 +139,7 @@ static class Decryptor {
     }
 
     // DONE.
-    uint32_t create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
+    uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
     {
     	uint32_t counter;
     	uint8_t sign_data_and_sign[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64];
@@ -195,7 +172,7 @@ static class Decryptor {
     }
 
     // DONE.
-    uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
+    uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
     {
       uint32_t temp_plaintext_length;
       uint8_t* temp_plaintext;
@@ -226,7 +203,7 @@ static class Decryptor {
     }
 
     // DONE.
-    uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag)
+    uint32_t Decryptor::decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag)
     {
       uint8_t temp_apache_mrsigner[32+10];
       uint32_t temp_apache_mrsigner_length;
@@ -249,7 +226,7 @@ static class Decryptor {
     }
 
     // DONE.
-    uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
+    uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
     {
       uint8_t* first_decryption_output, plaintext_client_data, temp_output_ciphertext;
       uint32_t first_decryption_output_length, plaintext_client_data_length, temp_output_ciphertext_plus_tag_length, internal_return_status;
@@ -285,4 +262,4 @@ static class Decryptor {
       free(temp_output_ciphertext);
       return 0;
     }
-  };
+

Decryptor/Decryptor.h

@@ -0,0 +1,35 @@
+#include "sgx_eid.h"
+#include "sgx_tcrypto.h"
+#include "Decryptor_t.h"
+#include "EnclaveMessageExchange.h"
+#include "error_codes.h"
+#include "sgx_thread.h"
+#include "sgx_dh.h"
+#include <map>
+#include "sgx_tcrypto.h"
+#include "LocalAttestationCode_t.h"
+#include "sgx_tseal.h"
+#include "Openssl_crypto.h"
+#include "ECDSASignatureBox.h"
+#include "HybridEncryptionBox.h"
+#include "LocalAttestationTrusted.h"
+#include "sgx_tseal.h"
+
+class Decryptor {
+  static ECDSASignatureBox signatureBox;
+  static HybridEncryptionBox hybridEncryptionBoxClient;
+  static LocalAttestationTrusted localAttestation;
+
+  static uint32_t create_mitigator_token_M(uint8_t* token);
+  static uint32_t create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature);
+  static uint32_t create_long_term_signing_keypair(uint8_t* private_public_key_string);
+  static uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length);
+  public:
+//    Decryptor(): signatureBox(), hybridEncryptionBoxClient(), localAttestation();
+//    ~Decryptor();
+    static uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data);
+    static uint32_t create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag);
+    static uint32_t unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
+    static uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag);
+    static uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
+  };

Decryptor/DecryptorWrapper.cpp

@@ -1,3 +1,5 @@
+#include <stdint.h>
+#include "Decryptor.h"
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
 {
   return Decryptor::process_apache_message_generate_response(input_ciphertext, input_ciphertext_plus_tag_length, output_ciphertext, output_ciphertext_plus_tag_length);
@@ -12,18 +14,18 @@ uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_d
 {
   return Decryptor::unseal_and_restore_long_term_signing_key_pair(sealed_data, sgx_sealed_data_length);
 }
-
-uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
+/*
+uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
 {
-  return Decryptor::unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
+  return Decryptor::unseal_and_restore_long_term_signing_key_pair( sealed_data, sgx_sealed_data_length);
 }
-
-uint32_t create_and_encrypt_mitigator_header_H_wrapper(uint8_t* ciphertext_token_H_plus_tag);
+*/
+uint32_t create_and_encrypt_mitigator_header_H_wrapper(uint8_t* ciphertext_token_H_plus_tag)
 {
   return Decryptor::create_and_encrypt_mitigator_header_H(ciphertext_token_H_plus_tag);
 }
 
-uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_data_length, uint8_t* sealed_data);
+uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_data_length, uint8_t* sealed_data)
 {
   return Decryptor::create_and_seal_long_term_signing_key_pair(sealed_data_length, sealed_data);
 }

Decryptor/ECDHKeypair.cpp

@@ -1,16 +1,33 @@
+#include <stdint.h> 
+#include "ECDHKeypair.h"
 #include"Openssl_crypto.h"
-class ECDHKeypair {
-  uint8_t* private_key;
-  uint8_t* public_key;
-  static const int ECDH_PUBLIC_KEY_SIZE=2*SGX_ECP256_KEY_SIZE;
-  static const int ECDH_PRIVATE_KEY_SIZE=SGX_ECP256_KEY_SIZE;
-public:
-  ECDHKeypair(): private_key(new int(ECDH_PRIVATE_KEY_SIZE)), public_key(new int(ECDH_PUBLIC_KEY_SIZE));
-  uint32_t generate_keypair();
-
-  uint32_t generate_keypair()
+uint32_t ECDHKeypair::generate_keypair()
   {
     return ecdh_key_gen(public_key, public_key+SGX_ECP256_KEY_SIZE, private_key);
   }
 
-}
+  void ECDHKeypair::get_public_key(uint8_t* op_public_key)
+  {
+	uint32_t counter; 
+	for(counter=0 ; counter<ECDH_PUBLIC_KEY_SIZE; counter++) 
+		op_public_key[counter] = public_key[counter]; 
+  }
+
+  void ECDHKeypair::get_private_key(uint8_t* op_private_key)
+  {
+	uint32_t counter; 
+	for(counter=0; counter<ECDH_PRIVATE_KEY_SIZE; counter++) 
+		op_private_key[counter] = private_key[counter]; 
+  }
+
+  void ECDHKeypair::set_private_public_key(uint8_t* ip_private_key, uint8_t* ip_public_key)
+  {
+	// TODO: DO SOME CHECKS HERE - TO MAKE SURE THAT IT IS A VALID KEYPAIR
+	// IT SHOULD BE AS IT WOULD HAVE BEEN GENERATED BY THIS MODULE AND IF IT HAD BEEN TAMPERED (WHILE BEING SEALED), THEN THE MAC WOULD NOT HAVE WORKED OUT. 
+	// BUT STILL... 
+        uint32_t counter; 
+        for(counter=0; counter<ECDH_PRIVATE_KEY_SIZE; counter++) 
+                private_key[counter] = ip_private_key[counter]; 
+        for(counter=0 ; counter<ECDH_PUBLIC_KEY_SIZE; counter++) 
+                public_key[counter] = ip_public_key[counter]; 
+  }

Decryptor/ECDSASignatureBox.cpp

@@ -1,29 +1,16 @@
 #include "Openssl_crypto.h"
-
-class ECDSASignatureBox : public ECDHKeypair {
-public:
-  void get_keypair(uint8_t* output_keypair);
-  uint32_t sign(uint8_t* signature_data, uint32_t signature_data_length, uint8_t* signature)
+#include <stdint.h>
+#include "ECDSASignatureBox.h"
+  uint32_t ECDSASignatureBox::sign(uint8_t* signature_data, uint32_t signature_data_length, uint8_t* signature)
   {
+    uint8_t private_key[ECDH_PRIVATE_KEY_SIZE]; 
+	get_private_key(private_key); 
     return compute_ecdsa_signature(signature_data, signature_data_length, private_key, signature);
   }
-
-  void get_keypair(uint8_t* output_keypair)
+  void ECDSASignatureBox::get_keypair(uint8_t* output_keypair)
   {
-    // TODO: What happens if the ECDH keypair's generate keypair hasnt been set.
-    uint32_t counter;
-    for(counter=0; counter<ECDH_PRIVATE_KEY_SIZE; counter++)
-      *(output_keypair + counter) = *(private_key + counter);
-    for(counter=0; counter<ECDH_PUBLIC_KEY_SIZE; counter++)
-      *(output_keypair + counter) = *(public_key + counter);
+    get_private_key(output_keypair); 
+    get_public_key(output_keypair + ECDH_PRIVATE_KEY_SIZE); 
   }
 
-  void set_keypair(uint8_t* input_keypair)
-  {
-    uint32_t counter;
-    for(counter=0; counter<ECDH_PRIVATE_KEY_SIZE; counter++)
-      *(private_key + counter) = *(input_keypair + counter);
-    for(counter=0; counter<ECDH_PUBLIC_KEY_SIZE; counter++)
-      *(public_key + counter) = *(input_keypair + counter);
-  }
-}
+

Decryptor/HybridEncryptionBox.cpp

@@ -1,20 +1,12 @@
-#include "Openssl_crypto.h"
-class HybridEncryptionBox : public ECDHKeypair, public SymmetricEncryptionBox {
-  public:
-    HybridEncryptionBox(): ECDHKeypair(), SymmetricEncryptionBox();
-    uint32_t get_public_key(uint8_t* blank_key);
-    unsigned long initialize_symmetric_key(uint8_t* given_public_key);
+#include <stdint.h>
+#include "HybridEncryptionBox.h"
 
-    void get_public_key(uint8_t* blank_key)
+unsigned int long HybridEncryptionBox::initialize_symmetric_key(uint8_t* given_public_key)
     {
-      uint32_t counter=0;
-      for(counter=0; counter<ECDH_PUBLIC_KEY_SIZE; counter++)
-        blank_key[counter] = public_key[counter];
+	uint8_t symmetric_key[32]; 
+	uint8_t private_key[32]; 
+	get_private_key(private_key); 
+	get_symmetric_key(symmetric_key); 
+	return compute_ecdh_shared_key(given_public_key, given_public_key + ECDH_PUBLIC_KEY_SIZE/2, private_key, symmetric_key);
     }
 
-    unsigned long initialize_symmetric_key(uint8_t* given_public_key)
-    {
-      return compute_ecdh_shared_key(given_public_key, given_public_key + ECDH_PUBLIC_KEY_SIZE/2, private_key, symmetric_key);
-    }
-
-}

Decryptor/SymmetricEncryptionBox.cpp

@@ -1,9 +1,8 @@
 #include "Openssl_crypto.h"
-class SymmetricEncryptionBox {
-  uint8_t iv[12];
-  uint8_t symmetric_key[32]; // SHA256 used with ECDHE -> or AES whatever symmetric_key.
+#include "SymmetricEncryptionBox.h"
+
   // increments last 4 bytes (in big-endian order)
-  uint32_t aes_gcm_increment_iv_internal_call(uint8_t* iv)  {
+  uint32_t SymmetricEncryptionBox::aes_gcm_increment_iv_internal_call(uint8_t* iv)  {
   	uint32_t counter;
   	for(counter=11;counter>7;counter--)
   	{
@@ -20,23 +19,27 @@ class SymmetricEncryptionBox {
   	return 0;
   }
 
-public:
-  SymmetricEncryptionBox();
-  uint32_t set_symmetric_key(uint8_t* given_key);
-  uint32_t encrypt_decrypt(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length, uint8_t* tag);
 
-  uint32_t set_symmetric_key(uint8_t* given_key)
+  void SymmetricEncryptionBox::set_symmetric_key(uint8_t* given_key)
   {
     uint32_t counter;
     for(counter=0; counter<32; counter++)
       symmetric_key[counter] = given_key[counter];
   }
 
-  // TODO: IMPORTANT - CHECK IF WE NEED TO DO THIS FOR DECRYPTION TOO.
-  uint32_t encrypt_decrypt(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length, uint8_t* tag)
+    void SymmetricEncryptionBox::get_symmetric_key(uint8_t* op_key)
+    {
+	    uint32_t counter;
+	    for(counter=0; counter<32; counter++)
+	      op_key[counter] = symmetric_key[counter];
+    }
+
+  // TODO: IMPORTANT - CHECK IF WE NEED TO DO THE AES GCM INCREMENT IV FOR DECRYPTION TOO.
+  uint32_t SymmetricEncryptionBox::encrypt_decrypt(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length, uint8_t* tag)
   {
-    uint32_t return_status = aes_gcm(enc, symmetric_key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
+    uint32_t return_status = aes_gcm_256(enc, symmetric_key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
     if(return_status == 0)
       aes_gcm_increment_iv_internal_call(iv);
+    return return_status;
   }
-}
+

Include/ECDHKeypair.h

@@ -1,10 +1,20 @@
-#include"Openssl_crypto.h"
+#ifndef ECDHKEYPAIR_H
+#define ECDHKEYPAIR_H
+#include "sgx_tcrypto.h" 
+  static const int ECDH_PUBLIC_KEY_SIZE =2*SGX_ECP256_KEY_SIZE;
+  static const int ECDH_PRIVATE_KEY_SIZE =SGX_ECP256_KEY_SIZE;
 class ECDHKeypair {
+private:  
   uint8_t private_key[ECDH_PUBLIC_KEY_SIZE];
-  uint8_t public_key[ECDH_PRIVATE_KEY_SIZE];
-  static const int ECDH_PUBLIC_KEY_SIZE=2*SGX_ECP256_KEY_SIZE;
-  static const int ECDH_PRIVATE_KEY_SIZE=SGX_ECP256_KEY_SIZE;
+  uint8_t public_key[ECDH_PUBLIC_KEY_SIZE];
+protected:
+  void set_private_public_key(uint8_t* ip_private_key, uint8_t* ip_public_key); 
+  void get_private_key(uint8_t* op_private_key); 
 public:
-  ECDHKeypair();
   uint32_t generate_keypair();
+ 
+	ECDHKeypair(); 
+	void get_public_key(uint8_t* op_public_key); 
+
 };
+#endif

Include/ECDSASignatureBox.h

@@ -1,6 +1,7 @@
 #include "ECDHKeypair.h"
+#include <stdint.h>
 class ECDSASignatureBox : public ECDHKeypair {
 public:
   void get_keypair(uint8_t* output_keypair);
   uint32_t sign(uint8_t* signature_data, uint32_t signature_data_length, uint8_t* signature);
-  }
+  };

Include/HybridEncryption.h → Include/HybridEncryptionBox.h

@@ -1,9 +1,6 @@
-#include "Openssl_crypto.h"
+#include "ECDHKeypair.h"
 #include "SymmetricEncryptionBox.h"
-#include "HybridEncryptionBox.h"
 class HybridEncryptionBox : public ECDHKeypair, public SymmetricEncryptionBox {
   public:
-    HybridEncryptionBox(): ECDHKeypair(), SymmetricEncryptionBox();
-    uint32_t get_public_key(uint8_t* blank_key);
-    unsigned long initialize_symmetric_key(uint8_t* given_public_key);
+    unsigned long initialize_symmetric_key(uint8_t* given_public_key); 
 };

Include/Openssl_crypto.h

@@ -1,7 +1,9 @@
+#include<stdint.h>
+#include<string.h>
 int ecdh_key_gen(unsigned char* pub_key_x, unsigned char* pub_key_y, unsigned char* priv_key);
 unsigned long check_ecdh_public_key(unsigned char* given_key_x, unsigned char* given_key_y);
 unsigned long compute_ecdh_shared_key(unsigned char* given_key_x, unsigned char* given_key_y, unsigned char* priv_key, unsigned char* derived_key);
 int generate_sha256_hash(const unsigned char *message, size_t message_len, unsigned char *digest);
-int aes_gcm(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, unsigned char* tag);
+int aes_gcm_256(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, unsigned char* tag);
 int base64_decoding_wrapper(unsigned char* src, unsigned char* dest, uint32_t length);
-
+int compute_ecdsa_signature(unsigned char* signature_data, uint32_t signature_data_length, unsigned char* own_private_key, unsigned char* signature); 

Include/SymmetricEncryptionBox.h

@@ -1,3 +1,5 @@
+#ifndef SYMMETRICENCRYPTIONBOX_H
+#define SYMMETRICENCRYPTIONBOX_H
 #include "Openssl_crypto.h"
 class SymmetricEncryptionBox {
   uint8_t iv[12];
@@ -6,6 +8,9 @@ class SymmetricEncryptionBox {
   uint32_t aes_gcm_increment_iv_internal_call(uint8_t* iv);
   public:
     SymmetricEncryptionBox();
-    uint32_t set_symmetric_key(uint8_t* given_key);
+    void set_symmetric_key(uint8_t* given_key);
+    void get_symmetric_key(uint8_t* op_key); 
     uint32_t encrypt_decrypt(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length, uint8_t* tag);
+
 };
+#endif

Include/dh_session_protocol.h

@@ -31,7 +31,7 @@
 
 #ifndef _DH_SESSION_PROROCOL_H
 #define _DH_SESSION_PROROCOL_H
-
+#include "sgx_dh.h"
 #include "sgx_ecp_types.h"
 #include "sgx_key.h"
 #include "sgx_report.h"

LocalAttestationCode/LocalAttestationTrusted.cpp

@@ -29,30 +29,10 @@
  *
  */
 
+// #include <stdint.h>
+#include "LocalAttestationTrusted.h"
 
-#include "sgx_trts.h"
-#include "sgx_utils.h"
-#include "EnclaveMessageExchange.h"
-#include "sgx_eid.h"
-#include "error_codes.h"
-#include "sgx_ecp_types.h"
-#include "sgx_thread.h"
-#include "dh_session_protocol.h"
-#include "sgx_dh.h"
-#include "sgx_tcrypto.h"
-#include "LocalAttestationCode_t.h"
-#include "sgx_tseal.h"
-
-static class LocalAttestationTrusted{
-  dh_session_t global_session_info;
-  uint32_t global_session_id=0;
-  uint32_t one_successful_la_done;
-  sgx_ecc_state_handle_t ecc_state;
-  uint8_t verifier_mr_enclave[32];
-  SymmetricEncryptionBox symmetricEncryptionBoxApache;
-  SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
-
-  extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
+  uint32_t LocalAttestationTrusted::verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
   {
   	uint32_t count; sgx_measurement_t given_mr_signer ;
   	if(!peer_enclave_identity)
@@ -62,8 +42,8 @@ static class LocalAttestationTrusted{
   	if(one_successful_la_done==0)
   	{
   		// TODO: Set this attribute in the decryptor object.
-  		verifier_mr_enclave = peer_enclave_identity->mr_enclave;
-  		memset(&(apache_mr_signer.m),0x0,SGX_HASH_SIZE); // "initialization"
+                for(count=0; count<SGX_HASH_SIZE; count++)
+	 		verifier_mr_enclave[count] = peer_enclave_identity->mr_enclave.m[count];
   		one_successful_la_done=1;
   	}
   	else // apache enclave
@@ -72,7 +52,7 @@ static class LocalAttestationTrusted{
   		int count;
   		for(count=0; count<SGX_HASH_SIZE; count++)
   		{
-  			if( given_mr_signer.m[count] != apache_mr_signer.m[count] )
+  			if( given_mr_signer.m[count] != apache_mr_signer[count] )
   				return ENCLAVE_TRUST_ERROR;
   		}
       one_successful_la_done ++;
@@ -80,9 +60,9 @@ static class LocalAttestationTrusted{
   	return SGX_SUCCESS;
   }
 
-  public:
+//  public:
     //Handle the request from Source Enclave for a session
-    ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+    uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
     {
         sgx_dh_session_t sgx_dh_session;
         sgx_status_t status = SGX_SUCCESS;
@@ -115,10 +95,10 @@ static class LocalAttestationTrusted{
 
     // TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
     //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
-    ATTESTATION_STATUS exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
+    uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
     {
         sgx_key_128bit_t dh_aek;
-        sgx_status_t status = SUCCESS;
+        uint32_t status = 0;
         sgx_dh_session_t sgx_dh_session;
         sgx_dh_session_enclave_identity_t initiator_identity;
         uint32_t verify_return;
@@ -158,7 +138,3 @@ static class LocalAttestationTrusted{
         */
         return status;
     }
-
-  public:
-    LocalAttestationTrusted(): symmetricEncryptionBoxApache(), symmetricEncryptionBoxVerifier();
-};

LocalAttestationCode/LocalAttestationTrusted.h

@@ -31,7 +31,6 @@
 
 #include "sgx_trts.h"
 #include "sgx_utils.h"
-// #include "EnclaveMessageExchange.h"
 #include "sgx_eid.h"
 #include "error_codes.h"
 #include "sgx_ecp_types.h"
@@ -41,41 +40,33 @@
 #include "sgx_tcrypto.h"
 #include "LocalAttestationCode_t.h"
 #include "sgx_tseal.h"
-
-//#include "datatypes.h"
-//#include "sgx_eid.h"
-//#include "sgx_trts.h"
-//#include <map>
-//#include "dh_session_protocol.h"
-
-#ifndef LOCALATTESTATION_H_
-#define LOCALATTESTATION_H_
+#include "SymmetricEncryptionBox.h"
+#include <map> // for some reason, for memcpy, memset syscalls
+#ifndef LOCALATTESTATIONTRUSTED_H
+#define LOCALATTESTATIONTRUSTED_H
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
-static class LocalAttestationTrusted{
-  dh_session_t global_session_info;
-  uint32_t global_session_id=0;
-  uint32_t one_successful_la_done;
-  sgx_ecc_state_handle_t ecc_state;
-  uint8_t verifier_mr_enclave[32];
-  SymmetricEncryptionBox symmetricEncryptionBoxApache;
-  SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
-
+class LocalAttestationTrusted {
+  static dh_session_t global_session_info;
+  static uint32_t global_session_id;
+  static uint32_t one_successful_la_done;
+  static sgx_ecc_state_handle_t ecc_state;
+  static uint8_t verifier_mr_enclave[32];
+  static SymmetricEncryptionBox symmetricEncryptionBoxApache;
+  static SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
+  static uint8_t apache_mr_signer[32]; 
+  static uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
 public:
-    extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
-    ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
-    ATTESTATION_STATUS exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id); 
-    LocalAttestationTrusted(): symmetricEncryptionBoxApache(), symmetricEncryptionBoxVerifier();
-
+    static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
+    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id); 
+//    LocalAttestationTrusted(); 
 }; 
 
 
 
-
-
 #ifdef __cplusplus
 }
 #endif

Makefile

@@ -85,7 +85,7 @@ OPENSSL_INCLUDES := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include
 
 
 Trust_Lib_Name := libLocalAttestation_Trusted.a
-TrustLib_Cpp_Files := LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode_t.c
+TrustLib_Cpp_Files := LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode/LocalAttestationCode_t.c
 TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
 TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
 TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall
@@ -167,7 +167,7 @@ Enclave_Compile_Flags += $(Enclave_Include_Paths)
 # Otherwise, you may get some undesirable errors.
 Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
         -Wl,--whole-archive -L$(OPENSSL_LIBRARY_PATH) -lsgx_tsgxssl -Wl,--no-whole-archive -lsgx_tsgxssl_crypto \
-	-Wl,--verbose	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
 	-Wl,--start-group -L$(SGX_LIBRARY_PATH) -L. -lLocalAttestation_Trusted -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
 	-Wl,-Bstatic -Wl,-Bsymbolic  \
 	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \
@@ -271,6 +271,8 @@ $(App_Name): $(App_Cpp_Objects) App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrust
 	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 
+######### Crypto classes for enclave ############
+
 
 ######## Enclave Objects ########
 Decryptor/Decryptor_t.c: $(SGX_EDGER8R) Decryptor/Decryptor.edl
@@ -281,7 +283,16 @@ Decryptor/Decryptor_t.o: Decryptor/Decryptor_t.c
 	@$(CC) $(Enclave_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-Decryptor/Decryptor.o: Decryptor/DecryptorWrapper.cpp Decryptor/Decryptor.cpp
+Decryptor/%Box.o: Decryptor/%Box.cpp 
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+
+Decryptor/ECDHKeypair.o: Decryptor/ECDHKeypair.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+
+Decryptor/DecryptorWrapper.o: Decryptor/DecryptorWrapper.cpp
+	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
+
+Decryptor/Decryptor.o: Decryptor/Decryptor.cpp #Decryptor/HybridEncryptionBox.cpp Decryptor/ECDSASignatureBox.cpp Decryptor/ECDHKeypair.cpp Decryptor/SymmetricEncryptionBox.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags)  -c $< -o $@
 	@echo "CXX  <=  $<"
 
@@ -289,8 +300,8 @@ Decryptor/Decryptor.o: Decryptor/DecryptorWrapper.cpp Decryptor/Decryptor.cpp
 #	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
 #	@echo "CXX  <=  $<"
 
-Decryptor.so: Decryptor/Decryptor_t.o Decryptor/Decryptor.o CommonOpensslCode/Openssl_crypto.o $(Trust_Lib_Name)
-	@$(CXX)  Decryptor/Decryptor_t.o $(Enclave_Cpp_Objects_2) CommonOpensslCode/Openssl_crypto.o -o $@ $(Decryptor_Link_Flags)
+Decryptor.so: Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o  $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o 
+	@$(CXX)  Decryptor/Decryptor_t.o Decryptor/DecryptorWrapper.o Decryptor/Decryptor.o $(Trust_Lib_Name) Decryptor/HybridEncryptionBox.o Decryptor/ECDSASignatureBox.o Decryptor/SymmetricEncryptionBox.o Decryptor/ECDHKeypair.o CommonOpensslCode/Openssl_crypto.o -o $@ $(Decryptor_Link_Flags)
 	@echo "LINK =>  $@"
 
 $(Enclave_Name_2): Decryptor.so