Not working big refactor commit :)

App/App.cpp

@@ -1,145 +1,16 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
- *
- */
-// App.cpp : Defines the entry point for the console application.
 #include <stdio.h>
-#include <map>
+#include "UntrustedInclude/LocalAttestationUntrusted.h"
+#include "UntrustedInclude/SealingUntrusted.h"
 #include "../Decryptor/Decryptor_u.h"
 #include "sgx_eid.h"
 #include "sgx_urts.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
 #include<unistd.h>
-// for sealing - sgx_calc_sealed_data_size
-#include "sgx_tseal.h"
-#include "LocalAttestationUntrusted.h"
 
-
-// For reading from/writing to file -sealing.
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
-
-//#define UNUSED(val) (void)(val)
-#define TCHAR   char
-#define _TCHAR  char
-#define _T(str) str
-#define scanf_s scanf
-
-// Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
-//extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
-//int __ImageBase=0;
-
-sgx_enclave_id_t e2_enclave_id = 0;
 #define Decryptor_PATH "libDecryptor.so"
 //////////////////////////////////////////////////
 
-#include <stdio.h>
-
-
-uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
-{
-  lseek(fd, 0, SEEK_SET);
-  ssize_t bytes_written;
-  bytes_written = write(fd, msg, *expected_msg_length);
-  if(bytes_written <= 0)
-    return 0xFFFFFFFF;
-
-  fsync(fd);
-  *expected_msg_length = bytes_written;
-  return 0;
-}
-
-uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
-{
-  ssize_t bytes_read;
-  lseek(fd, 0, SEEK_SET);
-  bytes_read = read(fd, msg, *expected_msg_length);
-  if(bytes_read <= 0)
-    return 0xFFFFFFFF;
-  *expected_msg_length = bytes_read;
-  return 0;
-}
-
-
-uint32_t unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
-{
-  uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
-  uint8_t* sealed_data;
-
-  sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
-	// May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
-  ret_status = read_from_fd(fd, sealed_data, &length);
-  if(ret_status != 0)
-  {
-    free(sealed_data);
-    return 0xFFFFFFFF;
-  }
-
-  for(counter=0;counter<length;counter++)
-	printf("%x ", *(sealed_data+counter));
-  printf("\n");  fflush(stdout);
-
-  Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
-  free(sealed_data);
-  return ret_status;
-}
-
-uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
-{
-  uint32_t ret_status=0, length=0, counter=0;
-  uint8_t* sealed_data;
-
-  Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
-  if(length == 0xFFFFFFFF)
-    return 0xFFFFFFFF;
-  sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
-        printf("length: %d\n", length); fflush(stdout);
-
-  Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
-  if(ret_status != SGX_SUCCESS)
-  {
-    printf("create_and_seal called returned an error: %x", ret_status);
-    free(sealed_data);
-    return 0xFFFFFFFF;
-  }
-  printf("It returned sgx_success\n"); fflush(stdout);
-  for(counter=0; counter<length; counter++)
-	printf("%02x ", sealed_data[counter]);
-  ret_status = write_to_fd(fd, sealed_data, &length);
-  free(sealed_data);
-
-  return ret_status;
-}
-
 int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 {
     uint32_t ret_status;
@@ -147,9 +18,10 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     // For sgx setup
     int launch_token_updated;
     sgx_launch_token_t launch_token;
-    sgx_ec256_public_t pub_key;  uint32_t counter;
+    uint32_t counter;
+    int server_fd, accept_fd;
+    uint8_t verification_key[64];
 
-    size_t sealed_msg_length_in_file;
     status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
     if(status != SGX_SUCCESS)
     {
@@ -159,55 +31,24 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
     fflush(stdout);
 
-    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
-    if(sealed_signing_key_fd == -1)
+    ret_status = SealingUntrusted::look_for_signing_key_or_regenerate_it("sealed_signing_key.txt");
+    if(ret_status != 0)
     {
-      perror("\nError in opening the file sealed_signing_key.txt - ");
-      fflush(stderr);
-      return 0xFFFFFFFF;
-    }
-    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
-    fflush(stdout);
-      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
-      if(ret_status != 0)
-      {
-	       perror("error in finding the file size. -  ");
-        fflush(stderr);
-	       return 0xffffffff;
-
-      }
-      sealed_msg_length_in_file = st.st_size;
-    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
-      // TODO: file is empty. create signing key pair.
-      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
-      { printf("Creating new keypair.\n"); fflush(stdout);     ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd); }
-    else
-    { printf("Unsealing keypair.\n"); fflush(stdout);      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, sealed_msg_length_in_file); }
-
-     if(ret_status != 0)
-      {
-	       printf("Some error \n");
-//        printf("\n %d error in generating the ecdsa signing key pair \n", errno);
+        printf("Some error \n");
         fflush(stdout);
         sgx_destroy_enclave(e2_enclave_id);
-
         return 0xFFFFFFFF;
-      }
-
+    }
 
-    close(sealed_signing_key_fd);
-	uint8_t verification_key[64]; 
 	Decryptor_get_long_term_verification_key_wrapper(e2_enclave_id, verification_key); 
 	printf("Verification key\n"); fflush(stdout);
 	for(counter=0;counter<32;counter++)
 		printf("%02x", verification_key[counter]);
 	printf("\n"); fflush(stdout); 
-        for(counter=0;counter<32;counter++)
-                printf("%02x", verification_key[counter + 32]);
-        printf("\n"); fflush(stdout); 
-
+	for(counter=0;counter<32;counter++)
+	    printf("%02x", verification_key[counter + 32]);
+	printf("\n"); fflush(stdout);
 
-    int server_fd, accept_fd;
     ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(e2_enclave_id);
     if(ret_status !=0)
     {
@@ -231,7 +72,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     {
       printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
-      return 0xFFFFFFFF;
+      return 0x32;
     }
 
     ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(e2_enclave_id, accept_fd);
@@ -239,7 +80,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     {
       printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
-      return 0xFFFFFF01;
+      return 0x33;
     }
 
 	// LA 	with apache
@@ -248,17 +89,17 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     {
       printf("Error in setting up server socket."); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
-      return server_fd;
+      return 0x34;
     }
     printf("Successfully set up a socket to communicate with the Apache enclave.\n");
     fflush(stdout);
 
     ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,server_fd,&accept_fd);
-    if(ret_status<0)
+    if(ret_status != 0)
     {
       printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
-      return 0xFFFFFFFF;
+      return 0x35;
     }
 
     ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(e2_enclave_id,accept_fd);
@@ -266,7 +107,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     {
       printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
-      return 0xFFFFFF01;
+      return 0x36;
     }
 
     sgx_destroy_enclave(e2_enclave_id);

App/FileIO.cpp

@@ -0,0 +1,72 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "UntrustedInclude/FileIO.h"
+
+namespace FileIO {
+    /*
+        FILE* file;
+        file = fopen(filename, "w");
+        if(file == NULL)
+            return errno;
+
+        fd = fileno(file);
+        if(fd == -1)
+            return errno;
+        */
+
+    int write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+    {
+        ssize_t bytes_written;
+        lseek(fd, 0, SEEK_SET);
+
+        bytes_written = write(fd, msg, *expected_msg_length);
+        if(bytes_written == -1)
+            return -1;
+
+        fsync(fd);
+        *expected_msg_length = bytes_written;
+        return 0;
+    }
+
+    int read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
+    {
+        ssize_t bytes_read;
+        lseek(fd, 0, SEEK_SET);
+
+        bytes_read = read(fd, msg, *expected_msg_length);
+        if(bytes_read == -1)
+            return -1;
+        *expected_msg_length = bytes_read;
+        return 0;
+    }
+
+    size_t check_if_file_exists_return_size(char* filename, int* fd_ptr)
+    {
+        int fd, ret_status;
+        FILE* file;
+        struct stat st;
+
+        file = fopen(filename, "r");
+        if(file == NULL)
+            return 0;
+
+        fd = fileno(file);
+        if(fd == -1)
+            return 0;
+        printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
+        fflush(stdout);
+
+        ret_status = fstat(fd, &st);
+        if(ret_status != 0)
+        {
+            perror("error in finding the file size. -  ");
+            fflush(stderr);
+            return 0;
+        }
+
+        *fd_ptr = fd;
+        return st.st_size;
+    }
+};

App/Ipc.cpp

@@ -0,0 +1,40 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "Ipc.h"
+
+namespace Ipc {
+    // Sets up a socket to bind and listen to the given port. Returns FD of the socket on success, -1 on failure (and prints a msg to stdout with the errno)
+    int set_up_socket(int port, sockaddr_in *address) {
+        int server_fd = 0;
+
+        // Creating socket file descriptor for listening for attestation requests.
+        server_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
+        if (server_fd == -1) {
+            printf("Error in creating a socket - %d", errno);
+            return -1;
+        }
+
+        // Preparing the address struct for binding
+        address->sin_family = AF_INET;
+        address->sin_addr.s_addr = INADDR_ANY; // Todo: should this be localhost?
+        address->sin_port = htons(port);
+        //  memset(address->sin_zero,0,sizeof(address->sin_zero));
+
+        socklen_t addrlen = sizeof(*address);
+        // Binding
+        if (bind(server_fd, (sockaddr *) address, addrlen) < 0) {
+            printf("Error in binding %d - port was %d - ", errno, port);
+            return -1;
+        }
+
+        // Listening
+        if (listen(server_fd, 128) < 0) {
+            printf("Error in listening %d", errno);
+            return -1;
+        }
+
+        return server_fd;
+    }
+}

App/LocalAttestationUntrusted.cpp

@@ -1,330 +1,305 @@
-// Knows only protobuf_sgx objects, protobuf header.
-// For socket programming
-#include <sys/socket.h>
-#include <stdlib.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include "ProtobufLAMessages.pb.h"
-#include <google/protobuf/io/coded_stream.h>
-#include <google/protobuf/io/zero_copy_stream_impl.h>
-using namespace google::protobuf::io;
-#include "protobufLAInitiator.h"
-#include "../Decryptor/Decryptor_u.h"
-#include <iostream>
 #include "LocalAttestationUntrusted.h"
-#include<sys/time.h>
-#include <fcntl.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-
-  uint32_t LocalAttestationUntrusted::session_id=0;
-  protobuf_sgx_dh_msg1_t LocalAttestationUntrusted::protobuf_msg1;
-  uint8_t* LocalAttestationUntrusted::output_ciphertext_plus_tag=NULL;
-
-
-  int LocalAttestationUntrusted::read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message)
-  {
-    ZeroCopyInputStream* raw_input;
-    CodedInputStream* coded_input;
-    uint32_t size;
-    CodedInputStream::Limit limit;
-    raw_input = new FileInputStream(accept_fd);
-    coded_input = new CodedInputStream(raw_input);
-    if(!coded_input->ReadVarint32(&size))
-    {
-      printf("Error in reading size of msg");
-      fflush(stdout);
-      return -1;
+
+
+namespace LocalAttestationUntrusted {
+    namespace {
+        uint32_t session_id = 0;
+        protobuf_sgx_dh_msg1_t protobuf_msg1;
+
+        uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd) {
+            uint32_t protobuf_sgx_ret;
+            protobuf_sgx_dh_msg2_t protobuf_msg2;
+            protobuf_sgx_dh_msg3_t protobuf_msg3;
+            printf("Writing message 1\n");
+            fflush(stdout);
+            if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg1) != 0)
+                return 0x1;
+
+            printf("Reading message 2\n");
+            fflush(stdout);
+            if (protobufReadWrite::read_protobuf_msg_from_fd(accept_fd, protobuf_msg2) != 0)
+                return 0x2;
+
+            protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3,
+                                                                                  &session_id);
+            if (protobuf_sgx_ret != 0) {
+                printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret);
+                fflush(stdout);
+                return protobuf_sgx_ret;
+            }
+
+            printf("Writing message 3\n");
+            fflush(stdout);
+            if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg3) != 0)
+                return 0x3;
+            return 0;
+        }
     }
-    //printf("size of msg was read to be %" PRIu32 " \n", size);
-    fflush(stdout);
-    limit = coded_input->PushLimit(size);
-    if(!message.ParseFromCodedStream(coded_input))
+
+    /*
+    void get_lengths_for_protobuf_serialized_array(extension_to_decryptor_enclosed_msg &protobuf_ext_to_decryptor,
+        uint32_t *output_lengths)
     {
-      printf("Error in parsing msg");
-      fflush(stdout);
-      return -1;
+        uint32_t number_of_ciphertext_fields, counter, total_length;
+        // Didn't use bytesize() or bytesizelong() for getting the lengths of the public key or the ciphertext string
+        // as that gives the *serialized* length of the message which should be an upper-bound.
+        // Can switch to that if necessary for time performance reasons.
+        total_length=protobuf_ext_to_decryptor.ciphertext_client_public_key().length();
+        number_of_ciphertext_fields=protobuf_ext_to_decryptor.ciphertext_fields_size();
+        for(counter=0; counter<number_of_ciphertext_fields; counter++)
+            total_length+=protobuf_ext_to_decryptor.ciphertext_fields(counter).field().length();
+        output_lengths[0]=total_length;
+        output_lengths[1]=number_of_ciphertext_fields;
     }
-    coded_input->PopLimit(limit);
-    delete raw_input;
-    delete coded_input;
-    return 0;
-  }
-
-  int LocalAttestationUntrusted::write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message)
-  {
-    ZeroCopyOutputStream* raw_output = new FileOutputStream(accept_fd);
-    CodedOutputStream* coded_output  = new CodedOutputStream(raw_output);
-    coded_output->WriteVarint32(message.ByteSize());
-    if(!message.SerializeToCodedStream(coded_output))
+
+    void create_array_from_protobuf(extension_to_decryptor_enclosed_msg &protobuf_ext_to_decryptor,
+                                    unsigned char* double_ciphertext_client_data, uint32_t* sizes_array, uint32_t* sizes_array_length)
     {
-      printf("SerializeToCodedStream failed");
-      fflush(stdout);
-      return -1;
+        uint32_t counter, size_of_field, number_of_fields;
+        unsigned char* ptr;
+
+        // Set the size of the first element - the public key - and copy it to the output array.
+        sizes_array[0] = protobuf_ext_to_decryptor.ciphertext_client_public_key().length();
+        ptr=strncpy((char*)double_ciphertext_client_data, protobuf_ext_to_decryptor.ciphertext_client_public_key().c_str(),
+            size_of_field);
+
+        // Start copying past the length copied above, copy all ciphertext fields to the output string array
+        // and set their lengths in the output integers array
+        number_of_fields=protobuf_ext_to_decryptor.ciphertext_fields_size();
+        for(counter=0;counter<number_of_fields;counter++)
+        {
+            // First element of the LHS array is the length of the client's public key.
+            sizes_array[counter+1] = protobuf_ext_to_decryptor.ciphertext_fields(counter).field().length();
+            ptr = strncpy((char*)ptr, protobuf_ext_to_decryptor.ciphertext_fields(counter).field().c_str(), size_of_field);
+        }
+        sizes_array_length=number_of_fields+1;
     }
-    // As per this - https://stackoverflow.com/questions/22881876/protocol-buffers-how-to-serialize-and-deserialize-multiple-messages-into-a-file?noredirect=1&lq=1
-    // TODO: There may be a better way to do this - 1) this happens with every accept now and 2) make it happen on the stack vs heap - destructor will be called on return from this function (main) and the items will then be written out. (We probably don't want that, actually)
-    delete coded_output;
-    delete raw_output;
-    fflush(stdout);
-    return 0;
-  }
-
-  // Sets up a socket to bind and listen to the given port. Returns FD of the socket on success, -1 on failure (and prints a msg to stdout with the errno)
-  int LocalAttestationUntrusted::set_up_socket(int port,   sockaddr_in* address)
-  {
-    int server_fd = 0;
-
-    // Creating socket file descriptor for listening for attestation requests.
-    server_fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
-    if (server_fd == -1)
+
+    void create_protobuf_from_array(   unsigned char* ciphertext_client_data, uint32_t* sizes_array, uint32_t sizes_array_length,
+            extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg)
     {
-       printf("Error in creating a socket - %d", errno);
-        return -1;
+        uint32_t counter;
+        void* ptr;
+
+        // Note that we don't care about setting the client public key as we don't include that in the outgoing message
+        // to the extension.
+        ptr=ciphertext_client_data;
+        for(counter=0; counter<sizes_array_length; counter++)
+        {
+            protobuf_extension_decryptor_msg.mutable_ciphertext_fields(counter).set_field(ptr, sizes_array[counter]);
+            ptr+=sizes_array[counter];
+        }
     }
+    */
+    uint32_t get_decrypted_client_data(uint8_t* array, uint32_t array_length)
+        {
+            return 0;
+        }
 
-    // Preparing the address struct for binding
-    address->sin_family = AF_INET;
-    address->sin_addr.s_addr = INADDR_ANY; // Todo: should this be localhost?
-    address->sin_port = htons(port);
-    //  memset(address->sin_zero,0,sizeof(address->sin_zero));
+    int decrypt_client_data(uint32_t own_enclave_id, int fd, int time_file_fd) {
+    /*    extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg;
+        unsigned char* double_ciphertext_client_data, ciphertext_client_data;
+        uint32_t* input_sizes_array, output_sizes_array;
+        uint32_t ecall_input_lengths[2];
+        uint32_t ecall_output_lengths[2];
+        uint32_t sgx_ret;
+
+        // Get a message of the type decryptor_to_extension msg
+        if (!protobufReadWrite::read_protobuf_msg_from_fd(fd, protobuf_extension_decryptor_msg)) {
+            printf("Not all of the extension's message was read\n");
+            fflush(stdout);
+            return 0xf3;
+        }
 
-    socklen_t addrlen = sizeof(*address);
-    // Binding
-    if (bind(server_fd, (sockaddr*)address, addrlen)<0)
-    {
-        printf("Error in binding %d - port was %d - ", errno, port);
-        return -1;
-    }
+        get_length_of_protobuf_serialized_array(protobuf_extension_decryptor_msg, lengths);
+        double_ciphertext_client_data=(unsigned char*) malloc(ecall_input_lengths[0]);
+        ciphertext_client_data = (unsigned char*) malloc(ecall_input_lengths[0]);
 
-    // Listening
-    if (listen(server_fd, 128) < 0)
-    {
-        printf("Error in listening %d", errno);
-        return -1;
-    }
+        input_sizes_array = (uint32_t*) malloc(ecall_input_lengths[1] * sizeof(uint32_t));
 
-    return server_fd;
-  }
+        create_array_from_protobuf(protobuf_extension_decryptor_msg, double_ciphertext_client_data,
+            input_sizes_array, ecall_input_lengths[1]);
 
-  uint32_t LocalAttestationUntrusted::local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd)
-  {
-    uint32_t protobuf_sgx_ret;
-    protobuf_sgx_dh_msg2_t protobuf_msg2;
-    protobuf_sgx_dh_msg3_t protobuf_msg3;
-    printf("Writing message 1\n"); fflush(stdout);
-    if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg1)!=0)
-      return 0x1;
+        // Call the enclave's decryption function with these arguments and get back another vector of ciphertexts.
+        Decryptor_decrypt_client_data_wrapper(own_enclave_id, &sgx_ret,
+                double_ciphertext_client_data,
+                ecall_input_lengths[0],
+                input_sizes_array,
+                ecall_input_lengths[1]);
 
-    printf("Reading message 2\n"); fflush(stdout);
-    if(read_protobuf_msg_from_fd(accept_fd, protobuf_msg2)!=0)
-      return 0x2;
+        free(double_ciphertext_client_data);
+        free(input_sizes_array);
 
-    protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &LocalAttestationUntrusted::session_id);
-    if(protobuf_sgx_ret != 0)
-    {
-        printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
-    }
+        // Error checking
+        if(!sgx_ret)
+        {
+            free(ciphertext_client_data);
+            free(output_sizes_array);
+            return 0x32;
+        }
+        output_sizes_array = (uint32_t *) malloc(ecall_input_lengths[1] * sizeof(uint32_t)); // Upper bound: it should be lengths[1]-1.
+
+        // Clear the protobuf msg above and reset it with the output arguments of the ecall.
+        protobuf_extension_decryptor_msg.clear_ciphertext_client_public_key();
+        protobuf_extension_decryptor_msg.clear_ciphertext_fields();
+        create_protobuf_from_array(ciphertext_client_data, output_sizes_array, ecall_output_lengths[1],
+         protobuf_extension_decryptor_msg);
+        free(ciphertext_client_data);
+        free(output_sizes_array);
+
+        // write message to apache extension
+        if (!protobufReadWrite::write_protobuf_msg_to_fd(fd, protobuf_extension_decryptor_msg)) {
+            printf("Not all of the client's ciphertext data was written to the extension.\n");
+            fflush(stdout);
+            return 31;
+        }
 
-    printf("Writing message 3\n"); fflush(stdout); 
-    if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg3)!=0)
-      return 0x3;
-    return 0;
-  }
-
-  int LocalAttestationUntrusted::decrypt_client_data(uint32_t own_enclave_id, int fd, uint8_t* output_ciphertext_plus_tag, uint8_t* input_ciphertext_plus_tag, int time_file_fd)
-  {
-    protobuf_post_LA_encrypted_msg_t protobuf_msg;
-    protobuf_post_LA_encrypted_msg_t protobuf_msg_response; 
-    unsigned char* protobuf_msg_ptr;
-    uint32_t sgx_ret_status=0;
-    uint32_t input_ciphertext_plus_tag_length;
-    uint32_t output_ciphertext_plus_tag_length;
-    struct timeval  tv1, tv2;
-    char time_buf[60] = {0};
-    size_t bytes_written;
-    unsigned long int new_time, old_time; 
-    uint32_t count; 
-    if(read_protobuf_msg_from_fd(fd, protobuf_msg)!=0)
-      return 0xfe;
-      gettimeofday(&tv1, NULL);
-
-    input_ciphertext_plus_tag_length = protobuf_msg.msg().length();
-    protobuf_msg_ptr = (uint8_t*) protobuf_msg.msg().c_str();
-
-    // Just so that the ciphertext - client data - is returned back to Apache in case this function fails.
-    // client data is after public key (64 bytes) 
-    protobuf_msg_response.set_msg((void*)  protobuf_msg_ptr + 64, input_ciphertext_plus_tag_length - 64);
-    
-    for(count=0;count<input_ciphertext_plus_tag_length;count++)
-    {
-	input_ciphertext_plus_tag[count]=protobuf_msg_ptr[count]; 
+        /*
+        gettimeofday(&tv2, NULL);
+        new_time=tv2.tv_usec + tv2.tv_sec * 1000000;
+        old_time=tv1.tv_usec + tv1.tv_sec * 1000000;
+        bytes_written=sprintf(time_buf,  "%lu %lu\n", old_time, new_time);
+        FileIO::write_to_fd(time_file_fd, time_buf, bytes_written);
+        */
+
+        return 0;
     }
 
-    // We assume that the output is not changed unless it is successful throughout.
-    Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext_plus_tag, &output_ciphertext_plus_tag_length);
-      if(sgx_ret_status==0)
-      {
-      	protobuf_msg_response.set_msg((void*)  output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
-      }
-        else
-	{
-		printf("\n Error in decryptors call to the process_apache wrapper : 0x%02x\n", sgx_ret_status); 
-		for(count=0;count<output_ciphertext_plus_tag_length;count++)
-			printf("0x%02x ", output_ciphertext_plus_tag[count]); 
-		printf("\n"); fflush(stdout); 
-	}
-
-     if(write_protobuf_msg_to_fd(fd, protobuf_msg_response)!=0)
-     	     return 0xfc;
-
-     gettimeofday(&tv2, NULL);
-     new_time=tv2.tv_usec + tv2.tv_sec * 1000000; 
-     old_time=tv1.tv_usec + tv1.tv_sec * 1000000; 
-     bytes_written=sprintf(time_buf,  "%lu %lu\n", old_time, new_time); 
-     write(time_file_fd, time_buf, bytes_written);
-
-  	return 0;
-
-  }
-
- 
-    int LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) //, int port)
+    int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id)
     {
-      uint32_t protobuf_sgx_ret;
-      int temp_server_fd=0;
-      protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &LocalAttestationUntrusted::session_id);
-      if(protobuf_sgx_ret != 0)
-      {
-        printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
-      }
-      return 0;
+        uint32_t protobuf_sgx_ret;
+        protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id);
+        if (protobuf_sgx_ret != 0) {
+            printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret);
+            fflush(stdout);
+            return protobuf_sgx_ret;
+        }
+        return 0;
     }
 
-    int LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(int port)
-    {
-      struct sockaddr_in own_addr;
-      return set_up_socket(port, &own_addr);
+    int setup_socket_for_local_attestation_requests(int port) {
+        struct sockaddr_in own_addr;
+        return Ipc::set_up_socket(port, &own_addr);
     }
 
     // TODO: CHANGED SIGNATURE.
-    int LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int* accept_fd)
-    {
-      uint32_t protobuf_sgx_ret;
-      struct sockaddr_storage apache_addr;
-      socklen_t apache_addr_size = sizeof(apache_addr);
-
-      int temp_accept_fd;
-      temp_accept_fd = accept(server_fd, (struct sockaddr *)&apache_addr,&apache_addr_size);
-      if (temp_accept_fd <0)
-      {
-        printf("Error in accepting %d", errno); fflush(stdout);
-        return temp_accept_fd;
-      }
-      *accept_fd=temp_accept_fd;
-
-      protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
-      return protobuf_sgx_ret;
+    int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd,
+                                                                            int *accept_fd) {
+        uint32_t protobuf_sgx_ret;
+        struct sockaddr_storage apache_addr;
+        socklen_t apache_addr_size = sizeof(apache_addr);
+
+        int temp_accept_fd;
+        temp_accept_fd = accept(server_fd, (struct sockaddr *) &apache_addr, &apache_addr_size);
+        if (temp_accept_fd < 0) {
+            printf("Error in accepting %d", errno);
+            fflush(stdout);
+            return temp_accept_fd;
+        }
+        *accept_fd = temp_accept_fd;
+
+        protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
+        return protobuf_sgx_ret;
     }
 
-    int LocalAttestationUntrusted::post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd)
-    {
-      uint32_t protobuf_sgx_ret;
-      uint8_t encrypted_apache_mrsigner_and_tag[150];
-      size_t bytes_read;
-	int count; 
-      printf("Here\n"); fflush(stdout);
-      bytes_read=read(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
-    	if(bytes_read!=60)
-     	{
-           	printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout);
-            close(accept_fd);
+    int post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd) {
+        uint32_t protobuf_sgx_ret;
+        uint8_t encrypted_apache_mrsigner_and_tag[150];
+        size_t bytes_read;
+        int count;
+
+        printf("Here\n");
+        fflush(stdout);
+        bytes_read = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
+        if (bytes_read != 60) {
+            printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n");
+            fflush(stdout);
             return 0xfe;
-     	}
+        }
 
-      for(count=0;count<60;count++)
-    	  printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
-      printf("\n");fflush(stdout);
+        for (count = 0; count < 60; count++)
+            printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
+        printf("\n");
+        fflush(stdout);
+
+        Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag,
+                                                    60);
+        if (protobuf_sgx_ret != 0) {
+            printf("Error in decryption: 0x%x\n", protobuf_sgx_ret);
+            fflush(stdout);
+            return protobuf_sgx_ret;
+        }
 
-      Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag, 60);
-      if(protobuf_sgx_ret!=0)
-    	{
-        printf("Error in decryption: 0x%x\n", protobuf_sgx_ret); fflush(stdout);
+        printf("Successful decryption\n");
+        fflush(stdout);
         close(accept_fd);
-        return protobuf_sgx_ret;
-    	}
+        uint8_t output[64];
+        Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output);
+        uint32_t counter;
+        for (counter = 0; counter < 32; counter++)
+            printf("0x%x ", output[counter]);
+        printf("/n");
+        for (counter = 32; counter < 64; counter++)
+            printf("0x%x ", output[counter]);
+        printf("/n");
 
-      printf("Successful decryption\n"); fflush(stdout);
-      close(accept_fd);
-	uint8_t output[64];
-      Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output); 
-	uint32_t counter;  
-	for(counter=0; counter<32; counter++)
-		printf("0x%x ", output[counter]);
-	printf("/n"); 
-        for(counter=32; counter<64; counter++)
-                printf("0x%x ", output[counter]);
-        printf("/n"); 
+        fflush(stdout);
 
-	fflush(stdout);
-
-      return 0;
+        return 0;
 
     }
 
-    int LocalAttestationUntrusted::post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd)
-    {
-      protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
-      uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
-	uint32_t op_length;
-  	  memset(encrypted_sign_data_and_sign_and_tag,0x0,200);
-	    uint32_t internal_return_status;
-	    uint32_t count;
-	    uint32_t sgx_ret;
-
-        Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag, &op_length);
-      	if(sgx_ret!=0)
-      	{
-      		printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout);
-          close(accept_fd);
-          return 0xf3;
-      	}
-
-      	for(count=0;count<op_length;count++)
-      	{
-      		printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
-      	}
-      	printf("\n"); fflush(stdout);
-
-      	protobuf_encrypted_msg.set_msg((void*)encrypted_sign_data_and_sign_and_tag, op_length);
-      	if(write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0)
-        {
-          printf("Not all of the mitigator token H was written to the Apache.\n"); fflush(stdout);
-          close(accept_fd);
-          return 0xfe;
+    int post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd) {
+        protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
+        uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
+        uint32_t op_length, internal_return_status, count, sgx_ret;
+        uint8_t public_key[64];
+        int time_file_fd;
+
+        memset(encrypted_sign_data_and_sign_and_tag, 0x0, 200);
+
+        Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret,
+                                                                encrypted_sign_data_and_sign_and_tag, &op_length);
+        if (sgx_ret != 0) {
+            printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret);
+            fflush(stdout);
+            return 0xf3;
         }
-	uint8_t public_key[64];
-	Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key); 
-	for(count=0;count<64;count++)
-		printf("%02x ",public_key[count]); 
-	printf("\n"); fflush(stdout);
-	
-        uint8_t* output_ciphertext_plus_tag = (uint8_t*) malloc(4100); // 12 bytes for ciphertext iv + 16 bytes for ciphertext tag = 28 byte 
-	uint8_t* input_ciphertext_plus_tag = (uint8_t*) malloc(4100); 
 
-	int time_file_fd=open("decryptor_time.txt", O_APPEND | O_WRONLY);
+        for (count = 0; count < op_length; count++) {
+            printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
+        }
+        printf("\n");
+        fflush(stdout);
 
-  	  do {
-      	internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, output_ciphertext_plus_tag, input_ciphertext_plus_tag, time_file_fd);
-      } while(internal_return_status==0);
+        protobuf_encrypted_msg.set_msg((void *) encrypted_sign_data_and_sign_and_tag, op_length);
+        if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0) {
+            printf("Not all of the mitigator token H was written to the Apache.\n");
+            fflush(stdout);
+            return 0xfe;
+        }
 
+        Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key);
+        for (count = 0; count < 64; count++)
+            printf("%02x ", public_key[count]);
+        printf("\n");
+        fflush(stdout);
 
-      close(accept_fd);
-	free(output_ciphertext_plus_tag); 
-	free(input_ciphertext_plus_tag);
-      return internal_return_status;
-}
+        /*
+        uint8_t *output_ciphertext_plus_tag = (uint8_t *) malloc(
+                4100); // 12 bytes for ciphertext iv + 16 bytes for ciphertext tag = 28 byte
+        uint8_t *input_ciphertext_plus_tag = (uint8_t *) malloc(4100);
+        */
+        time_file_fd = open("decryptor_time.txt", O_APPEND | O_WRONLY);
+
+        do {
+            internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, time_file_fd);
+        } while (internal_return_status == 0);
+
+
+        close(accept_fd);
+        close(time_file_fd);
+        return internal_return_status;
+    }
 
+};

App/SealingUntrusted.cpp

@@ -0,0 +1,82 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "UntrustedInclude/SealingUntrusted.h"
+
+namespace SealingUntrusted {
+
+    namespace {
+        int create_and_seal_signing_key_pair_to_disk(int fd)
+        {
+            uint32_t ret_status=0, length=0, counter=0;
+            uint8_t* sealed_data;
+
+            Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
+            if(length == 0xFFFFFFFF)
+                return -31;
+            sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
+            printf("length: %d\n", length); fflush(stdout);
+
+            Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
+            if(ret_status != SGX_SUCCESS)
+            {
+                printf("create_and_seal called returned an error: %x", ret_status);
+                free(sealed_data);
+                return -32;
+            }
+            printf("It returned sgx_success\n"); fflush(stdout);
+            for(counter=0; counter<length; counter++)
+                printf("%02x ", sealed_data[counter]);
+
+            ret_status = FileIO::write_to_fd(fd, sealed_data, &length);
+            free(sealed_data);
+
+            return ret_status;
+        }
+
+        int unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
+        {
+            uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
+            uint8_t* sealed_data;
+
+            sealed_data = (uint8_t*) malloc(sealed_msg_length_in_file);
+            ret_status = FileIO::read_from_fd(fd, sealed_data, &length);
+            if(ret_status == -1)
+            {
+                free(sealed_data);
+                return -1;
+            }
+            length=ret_status;
+
+            for(counter=0;counter<length;counter++)
+                printf("%x ", *(sealed_data+counter));
+            printf("\n");  fflush(stdout);
+
+            Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
+            free(sealed_data);
+            return -1*ret_status; // ret_status is positive for error in sgx code.
+        }
+    }
+
+    int look_for_signing_key_or_regenerate_it(char* filename)
+    {
+        size_t sealed_key_size;
+        uint32_t ret_status;
+        int fd;
+
+        sealed_key_size = check_if_file_exists_return_size(filename, &fd);
+        if(sealed_key_size == 0) // File is empty. create signing key pair.
+        {
+            printf("Creating new keypair.\n"); fflush(stdout);
+            ret_status = create_and_seal_signing_key_pair_to_disk(fd);
+        }
+        else
+        {
+            printf("Unsealing keypair.\n"); fflush(stdout);
+            ret_status = unseal_signing_key_pair_from_disk(fd, sealed_key_size);
+        }
+        close(fd);
+        return ret_status;
+    }
+}

App/UntrustedInclude/FileIO.h

@@ -0,0 +1,24 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_FILEIO_H
+#define DECRYPTORAPP_FILEIO_H
+
+
+// For reading from/writing to file -sealing.
+#include <fcntl.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <errno.h>
+
+namespace FileIO {
+    int write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+
+    int read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length);
+
+    size_t check_if_file_exists_return_size(char* filename, int* fd_ptr);
+};
+
+
+#endif //DECRYPTORAPP_FILEIO_H

App/UntrustedInclude/Ipc.h

@@ -0,0 +1,19 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_IPC_H
+#define DECRYPTORAPP_IPC_H
+
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <stdio.h>
+
+namespace Ipc {
+    int set_up_socket(int port, sockaddr_in *address);
+};
+
+
+#endif //DECRYPTORAPP_IPC_H

App/UntrustedInclude/LocalAttestationUntrusted.h

@@ -0,0 +1,18 @@
+#include "../../Decryptor/Decryptor_u.h"
+#include <stdlib.h>
+#include <string.h>
+#include <unistd.h>
+#include <stdio.h>
+#include "Ipc.h"
+#include "Protobufs/protobufLAInitiator.h"
+#include "Protobufs/protobufReadWrite.h"
+#include "Protobufs/PostLAMessages.pb.h"
+
+namespace LocalAttestationUntrusted {
+   int setup_socket_for_local_attestation_requests(int port);
+   int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id);
+   int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int * accept_fd);
+   uint32_t get_decrypted_client_data(uint8_t* array, uint32_t array_length);
+   int post_local_attestation_with_verifier(uint32_t own_enclave_id, int apache_fd);
+   int post_local_attestation_with_apache(uint32_t own_enclave_id, int apache_fd);
+};

App/UntrustedInclude/Protobufs/protobufLAInitiator.h

@@ -0,0 +1,12 @@
+#include <stdio.h>
+#include "sgx_eid.h"
+#include "sgx_urts.h"
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
+#include "Protobufs/protobufSgxTransformsInitiator.h"
+#include "../Decryptor/Decryptor_u.h"
+
+namespace protobufLAInitiator{
+    int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
+    int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);
+}

App/UntrustedInclude/Protobufs/protobufReadWrite.h

@@ -0,0 +1,21 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_PROTOBUFREADWRITE_H
+#define DECRYPTORAPP_PROTOBUFREADWRITE_H
+#include <google/protobuf/message_lite.h>
+#include <google/protobuf/io/coded_stream.h>
+#include <google/protobuf/io/zero_copy_stream_impl.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <iostream>
+
+namespace protobufReadWrite {
+    using namespace google::protobuf::io;
+    int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message);
+    int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message);
+};
+
+
+#endif //DECRYPTORAPP_PROTOBUFREADWRITE_H

App/UntrustedInclude/Protobufs/protobufSgxTransformsHelper.h

@@ -0,0 +1,30 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_PROTOBUFSGXTRANSFORMSHELPER_H
+#define DECRYPTORAPP_PROTOBUFSGXTRANSFORMSHELPER_H
+#include "Protobufs/ProtobufLAMessages.pb.h"
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
+#include <stdio.h>
+#include "sgx_report.h"
+#include "sgx_eid.h"
+#include "sgx_dh.h"
+#define SGX_REPORT_BODY_RESERVED1 28
+#define SGX_REPORT_BODY_RESERVED2 32
+#define SGX_REPORT_BODY_RESERVED3 96
+#define SGX_REPORT_BODY_RESERVED4 60
+
+namespace protobufSgxTransformsHelper {
+     void encode_ec256_public_key_to_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a);
+     int decode_ec256_public_key_from_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a);
+     void encode_attributes_to_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes);
+     int decode_attributes_from_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes);
+     void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report);
+     int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report);
+     int fit_32_into_uint8_t(google::protobuf::uint32 temp32, uint8_t* temp8);
+};
+
+
+#endif //DECRYPTORAPP_PROTOBUFSGXTRANSFORMSHELPER_H

App/UntrustedInclude/Protobufs/protobufSgxTransformsInitiator.h

@@ -0,0 +1,24 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_PROTOBUFSGXTRANSFORMSINITIATOR_H
+#define DECRYPTORAPP_PROTOBUFSGXTRANSFORMSINITIATOR_H
+#include "Protobufs/protobufSgxTransformsHelper.h"
+#define __STDC_FORMAT_MACROS
+#include <inttypes.h>
+#include <stdio.h>
+#include "sgx_report.h"
+#include "sgx_eid.h"
+#include "sgx_dh.h"
+
+
+namespace protobufSgxTransformsInitiator {
+    using namespace protobufSgxTransformsHelper;
+    void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
+    void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3);
+    int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2);
+    int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
+};
+
+#endif //DECRYPTORAPP_PROTOBUFSGXTRANSFORMSINITIATOR_H

App/UntrustedInclude/SealingUntrusted.h

@@ -0,0 +1,15 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#ifndef DECRYPTORAPP_SEALINGUNTRUSTED_H
+#define DECRYPTORAPP_SEALINGUNTRUSTED_H
+// for sealing - sgx_calc_sealed_data_size
+#include "sgx_tseal.h"
+#include "FileIO.h"
+
+namespace SealingUntrusted {
+    int look_for_signing_key_or_regenerate_it(char* filename);
+};
+
+#endif //DECRYPTORAPP_SEALINGUNTRUSTED_H

App/protobufLAInitiator.cpp

@@ -1,28 +1,25 @@
-#include "../Decryptor/Decryptor_u.h"
-#include "sgx_eid.h"
-#include "sgx_urts.h"
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#include "ProtobufLAMessages.pb.h"
-#include "protobufSgxLATransformsInitiator.h"
-#include <stdio.h>
-
-int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id)
+#include "Protobufs/protobufLAInitiator.h"
+namespace protobufLAInitiator
+{
+    int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1,
+            uint32_t* session_id)
 {
   sgx_dh_msg1_t dh_msg1;            //Diffie-Hellman Message 1
   memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
   uint32_t ret_status;
-  Decryptor_session_request_wrapper(own_enclave_id, &ret_status, &dh_msg1, session_id); // TODO: Check Return status
+  Decryptor_session_request_wrapper(own_enclave_id, &ret_status, &dh_msg1, session_id);
   if(ret_status != SGX_SUCCESS)
     return 0xffffffff;
 
-  encode_msg1_to_protobuf(protobuf_msg1, &dh_msg1);
+  protobufSgxTransformsInitiator::encode_msg1_to_protobuf(protobuf_msg1, &dh_msg1);
   printf("Generated the following Msg1: ------------- \n"); fflush(stdout); 
-  print_initialized_msg1(protobuf_msg1, &dh_msg1);
+  protobufSgxTransformsInitiator::print_initialized_msg1(protobuf_msg1, &dh_msg1);
   return 0;
 }
 
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id)
+    int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
+            protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3,
+            uint32_t* session_id)
 {
   uint32_t ret_status;
   sgx_dh_msg2_t dh_msg2;            //Diffie-Hellman Message 2
@@ -32,7 +29,7 @@ int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
   memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
   memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
 
-  if(decode_msg2_from_protobuf(protobuf_msg2, &dh_msg2)!=0)
+  if(protobufSgxTransformsInitiator::decode_msg2_from_protobuf(protobuf_msg2, &dh_msg2)!=0)
     return -1;
 
   // process msg2 and generate msg3
@@ -41,6 +38,7 @@ int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
     return 0x35;
 
   // convert msg3 sgx_dh_msg3_t object to a protobuf msg3 object.
-  encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);
+  protobufSgxTransformsInitiator::encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);
   return 0;
 }
+};

App/protobufReadWrite.cpp

@@ -0,0 +1,52 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "protobufReadWrite.h"
+
+namespace protobufReadWrite {
+    int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite &message)
+    {
+        ZeroCopyInputStream *raw_input;
+        CodedInputStream *coded_input;
+        uint32_t size;
+        CodedInputStream::Limit limit;
+        raw_input = new FileInputStream(accept_fd);
+        coded_input = new CodedInputStream(raw_input);
+        if (!coded_input->ReadVarint32(&size)) {
+            printf("Error in reading size of msg");
+            fflush(stdout);
+            return -1;
+        }
+        //printf("size of msg was read to be %" PRIu32 " \n", size);
+        fflush(stdout);
+        limit = coded_input->PushLimit(size);
+        if (!message.ParseFromCodedStream(coded_input)) {
+            printf("Error in parsing msg");
+            fflush(stdout);
+            return -1;
+        }
+        coded_input->PopLimit(limit);
+        delete raw_input;
+        delete coded_input;
+        return 0;
+    }
+
+    int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite &message)
+    {
+        ZeroCopyOutputStream *raw_output = new FileOutputStream(accept_fd);
+        CodedOutputStream *coded_output = new CodedOutputStream(raw_output);
+        coded_output->WriteVarint32(message.ByteSize());
+        if (!message.SerializeToCodedStream(coded_output)) {
+            printf("SerializeToCodedStream failed");
+            fflush(stdout);
+            return -1;
+        }
+        // As per this - https://stackoverflow.com/questions/22881876/protocol-buffers-how-to-serialize-and-deserialize-multiple-messages-into-a-file?noredirect=1&lq=1
+        // TODO: There may be a better way to do this - 1) this happens with every accept now and 2) make it happen on the stack vs heap - destructor will be called on return from this function (main) and the items will then be written out. (We probably don't want that, actually)
+        delete coded_output;
+        delete raw_output;
+        fflush(stdout);
+        return 0;
+    }
+};

App/protobufSgxLATransformsInitiator.cpp

@@ -1,400 +0,0 @@
-#include "ProtobufLAMessages.pb.h"
-#include "../Decryptor/Decryptor_u.h"
-#include "sgx_eid.h"
-#include "sgx_urts.h"
-#define __STDC_FORMAT_MACROS
-#include <inttypes.h>
-#include <stdio.h>
-#include "sgx_report.h"
-#define SGX_REPORT_BODY_RESERVED1 28
-#define SGX_REPORT_BODY_RESERVED2 32
-#define SGX_REPORT_BODY_RESERVED3 96
-#define SGX_REPORT_BODY_RESERVED4 60
-
-// TODO: private
-int fit_32_into_uint8_t(google::protobuf::uint32 temp32, uint8_t* temp8)
-{
- if(temp32 > UINT8_MAX)
-	 return -1;
- else
- {
-	 //		 *temp8 = *(uint8_t*)&temp32; // Probably works irrespective of endianness but not sure.
-	 *temp8 = (uint8_t)temp32;
-	 return 0;
- }
-}
-
-// TODO: private
-int fit_32_into_uint16_t(google::protobuf::uint32 temp32, uint16_t* temp16)
-{
- if(temp32 > UINT16_MAX)
-	 return -1;
- else
- {
-	 //		 *temp8 = *(uint8_t*)&temp32; // Probably works irrespective of endianness but not sure.
-	 *temp16 = (uint16_t)temp32;
-	 return 0;
- }
-}
-
-// TODO: private
-void encode_ec256_public_key_to_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
-{
-	int counter; google::protobuf::uint32 temp32;
-	for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-	{
-		temp32 = g_a->gx[counter];
-		protobuf_g_a->add_gx(temp32);
-		temp32 = g_a->gy[counter];
-		protobuf_g_a->add_gy(temp32);
-	}
-}
-
-// TODO: private
-int decode_ec256_public_key_from_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
-{
-  printf("\n ec256 pub key\n");
-	int counter; google::protobuf::uint32 temp32;
-	for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-	{
-		temp32 = protobuf_g_a->gx(counter);
-		if(fit_32_into_uint8_t(temp32, &(g_a->gx[counter]))!=0)
-		 return -1;
-    printf("%02x ",g_a->gx[counter]);
-		temp32 = protobuf_g_a->gy(counter);
-		if(fit_32_into_uint8_t(temp32, &(g_a->gy[counter]))!=0)
-		 return -1;
-    printf("%02x ",g_a->gy[counter]);
-	}
-  return 0;
-}
-
-// TODO: private
-void encode_attributes_to_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
-{
-	protobuf_attributes->set_flags(attributes->flags); // 64 bit
-	protobuf_attributes->set_xfrm(attributes->xfrm); // 64 bit
-}
-
-// TODO: private
-int decode_attributes_from_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
-{
-	attributes->flags = protobuf_attributes->flags();
-  printf("\n flags %" PRIu64 " \n", attributes->flags);
-	attributes->xfrm = protobuf_attributes->xfrm();
-  printf("\n xfrm %" PRIu64 " \n", attributes->xfrm);
-	return 0;
-}
-
-// TODO: private
-void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
-{
-	printf("message 3 ------------------------------------------------------------ \n"); fflush(stdout); 
-	int counter; google::protobuf::uint32 temp32;
-	printf("Key ID\n"); 
-	for(counter=0;counter<SGX_KEYID_SIZE;counter++)
-	{
-		temp32=report->key_id.id[counter];
-		printf("%02x ", temp32); 
-		protobuf_report->add_key_id(temp32);
-	}
-
-	printf("MAC\n"); 
-	for(counter=0;counter<SGX_MAC_SIZE;counter++)
-	{
-		temp32=report->mac[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->add_mac(temp32);
-	}
-
-	protobuf_report->mutable_body()->set_misc_select(report->body.misc_select); // 32 bit
-	protobuf_report->mutable_body()->set_isv_svn(report->body.isv_svn); // 16 bit
-	protobuf_report->mutable_body()->set_isv_prod_id(report->body.isv_prod_id); // 16 bit
-	encode_attributes_to_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
-
-	for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
-	{
-		temp32=report->body.cpu_svn.svn[counter];
-		protobuf_report->mutable_body()->add_cpu_svn(temp32);
-	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
-	{
-		temp32=report->body.reserved1[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved1(temp32);
- 	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
-	{
-		temp32=report->body.reserved2[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved2(temp32);
-	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
-	{
-		temp32=report->body.reserved3[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved3(temp32);
- 	}
-
-	for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
-	{
-		temp32=report->body.reserved4[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
-		protobuf_report->mutable_body()->add_reserved4(temp32);
- 	}
-
-	printf("\n enclave measurement\n"); 
-	for(counter=0;counter<SGX_HASH_SIZE;counter++)
-	{
-		temp32=report->body.mr_enclave.m[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_mr_enclave(temp32);
- 	}
-
-	printf("\n signer measurement\n"); 
-	for(counter=0;counter<SGX_HASH_SIZE;counter++)
-	{
-		temp32=report->body.mr_signer.m[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_mr_signer(temp32);
- 	}
-
-	printf("\n report data\n");
-	for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
-	{
-		temp32=report->body.report_data.d[counter];
-                printf("%02x ", temp32); 
-		protobuf_report->mutable_body()->add_report_data(temp32);
- 	}
-}
-
-// TODO: private
-int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
-{
-  int counter; google::protobuf::uint32 temp32;
-
-  printf("\n decoding report body:\n keyid\n");
-  for(counter=0;counter<SGX_KEYID_SIZE;counter++)
-  {
-    temp32=protobuf_report->key_id(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->key_id.id[counter]))!=0)
-		  return -1;
-    printf("%02x  ", report->key_id.id[counter]);
-  }
-
-  printf("\nreport mac\n");
-  for(counter=0;counter<SGX_MAC_SIZE;counter++)
-  {
-    temp32=protobuf_report->mac(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->mac[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->mac[counter]);
-  }
-
-  report->body.misc_select=protobuf_report->mutable_body()->misc_select(); // 32 bit
-  temp32=protobuf_report->mutable_body()->isv_svn();
-  if(fit_32_into_uint16_t(temp32, &(report->body.isv_svn))!=0)
-   return -1;
-  printf("\nmisc select %02x \n", report->body.misc_select);
-
-  temp32=protobuf_report->mutable_body()->isv_prod_id();
-   if(fit_32_into_uint16_t(temp32, &(report->body.isv_prod_id))!=0)
-    return -1;
-  printf("\nprod id %02x \n", report->body.isv_prod_id);
-
-  decode_attributes_from_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
-
-  printf("\n cpu svn\n");
-  for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->cpu_svn(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.cpu_svn.svn[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.cpu_svn.svn[counter]);
-
-  }
-/*
-  printf("\n reserved1 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved1(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved1[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved1[counter]);
-  }
-
-  printf("\n reserved2 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved2(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved2[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved2[counter]);
-  }
-
-  printf("\n reserved3 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved3(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved3[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved3[counter]);
-  }
-
-  printf("\n reserved4 \n");
-  for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->reserved4(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.reserved4[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.reserved4[counter]);
-
-  }
-*/
-  printf("\n mrenclave \n");
-  for(counter=0;counter<SGX_HASH_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->mr_enclave(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.mr_enclave.m[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.mr_enclave.m[counter]);
-  }
-
-  printf("\n mrsigner \n");
-  for(counter=0;counter<SGX_HASH_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->mr_signer(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.mr_signer.m[counter]))!=0)
-      return -1;
-    printf("%02x ", report->body.mr_signer.m[counter]);
-  }
-
-  printf("\n report data\n");
-  for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
-  {
-    temp32=protobuf_report->mutable_body()->report_data(counter);
-    if(fit_32_into_uint8_t(temp32, &(report->body.report_data.d[counter]))!=0)
-      return -1;
-    printf("%02x  ", report->body.report_data.d[counter]);
-  }
-	return 0;
-}
-
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
-{
-   int counter; google::protobuf::uint32 temp32; // google::protobuf::uint64 temp64;
-
-   encode_ec256_public_key_to_protobuf(protobuf_dhmsg1.mutable_g_a(), &(native_dhmsg1->g_a));
-
-   for(counter=0;counter<SGX_HASH_SIZE;counter++)
-   {
-     temp32=native_dhmsg1->target.mr_enclave.m[counter];
-     protobuf_dhmsg1.mutable_target()->add_mr_enclave(temp32);
-   }
-
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
-   {
-     temp32=native_dhmsg1->target.reserved1[counter];
-     protobuf_dhmsg1.mutable_target()->add_reserved1(temp32);
-   }
-
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
-   {
-     temp32=native_dhmsg1->target.reserved2[counter];
-     protobuf_dhmsg1.mutable_target()->add_reserved2(temp32);
-   }
-
-   encode_attributes_to_protobuf(protobuf_dhmsg1.mutable_target()->mutable_attributes(), &(native_dhmsg1->target.attributes));
-
-   temp32=native_dhmsg1->target.misc_select ;
-   protobuf_dhmsg1.mutable_target()->set_misc_select(temp32);
-}
-
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3)
-{
-  int counter; google::protobuf::uint32 temp32;
-  for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
-	{
-		temp32=native_dhmsg3->cmac[counter];
-		protobuf_dhmsg3.add_cmac(temp32);
-	}
-
-  encode_report_to_protobuf(protobuf_dhmsg3.mutable_msg3_body()->mutable_report(), &(native_dhmsg3->msg3_body.report));
-  int max_counter=native_dhmsg3->msg3_body.additional_prop_length;
-  unsigned char*temp;
-  for(counter=0,temp=native_dhmsg3->msg3_body.additional_prop;counter<max_counter;counter++,temp++)
-  {
-    protobuf_dhmsg3.mutable_msg3_body()->add_additional_prop(*temp);
-  }
-}
-
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2)
-{
-  int counter; google::protobuf::uint32 temp32; //google::protobuf::uint64 temp64;
-  printf("RECEIVED the following msg2\n"); fflush(stdout); 
-  printf("\ncmac\n");
-  for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
-  {
-    temp32=protobuf_dhmsg2.cmac(counter);
-    if(fit_32_into_uint8_t(temp32, &(native_dhmsg2->cmac[counter]))!=0)
-     return -1;
-    printf("%02x  ",native_dhmsg2->cmac[counter]);
-  }
-
-  if(decode_ec256_public_key_from_protobuf(protobuf_dhmsg2.mutable_g_b(), &(native_dhmsg2->g_b)) !=0)
-	return -1;
-
-  if(decode_report_from_protobuf(protobuf_dhmsg2.mutable_report(), &(native_dhmsg2->report)) !=0)
-	return -1;
-
-  return 0;
-}
-
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
-{
-   int counter;
-	printf("Printing msg1:\n");
-	 printf("gx\n");
-   for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.g_a().gx(counter));
-//      printf("%02x ", native_dhmsg1->g_a.gx[counter]);
-   }
-   printf("\ngy\n");
-   for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.g_a().gy(counter));
-//      printf("%02x ", native_dhmsg1->g_a.gy[counter]);
-   }
-
-   printf("\nmrenclave for target\n");
-   for(counter=0;counter<SGX_HASH_SIZE;counter++)
-   {
-      printf("%02x ", protobuf_dhmsg1.target().mr_enclave(counter));
-//      printf("%02x ", native_dhmsg1->target.mr_enclave.m[counter]);
-
-   }
-   /*
-   printf("\nreserved1 in target\n");
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
-   {
-      printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved1(counter));
-      printf("%02x  ", native_dhmsg1->target.reserved1[counter]);
-
-   }
-   printf("\nreserved2 in target\n");
-   for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
-   {
-      printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved2(counter));
-      printf("%02x  ", native_dhmsg1->target.reserved2[counter]);
-   }
-
-   printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.flags);
-   printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().flags());
-   printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.xfrm);
-   printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().xfrm());
-   printf("\n %" PRIu32 "\n", native_dhmsg1->target.misc_select);
-   printf("\n %" PRIu32 "\n", protobuf_dhmsg1.target().misc_select());
-   */
-	fflush(stdout); 
-	return 0;
-}

App/protobufSgxTransformsHelper.cpp

@@ -0,0 +1,265 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "protobufSgxTransformsHelper.h"
+
+namespace protobufSgxTransformsHelper {
+
+    namespace {
+
+        int fit_32_into_uint16_t(google::protobuf::uint32 temp32, uint16_t* temp16)
+        {
+            if(temp32 > UINT16_MAX)
+                return -1;
+            *temp16 = (uint16_t)temp32;
+            return 0;
+        }
+    }
+
+    int fit_32_into_uint8_t(google::protobuf::uint32 temp32, uint8_t* temp8)
+    {
+        if(temp32 > UINT8_MAX)
+            return -1;
+        *temp8 = (uint8_t)temp32;
+        return 0;
+    }
+
+    void encode_ec256_public_key_to_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
+    {
+        int counter; google::protobuf::uint32 temp32;
+        for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+        {
+            temp32 = g_a->gx[counter];
+            protobuf_g_a->add_gx(temp32);
+            temp32 = g_a->gy[counter];
+            protobuf_g_a->add_gy(temp32);
+        }
+    }
+
+    int decode_ec256_public_key_from_protobuf(protobuf_sgx_ec256_public_t* protobuf_g_a , sgx_ec256_public_t* g_a)
+    {
+        printf("\n ec256 pub key\n");
+        int counter; google::protobuf::uint32 temp32;
+        for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+        {
+            temp32 = protobuf_g_a->gx(counter);
+            if(fit_32_into_uint8_t(temp32, &(g_a->gx[counter]))!=0)
+                return -1;
+            printf("%02x ",g_a->gx[counter]);
+            temp32 = protobuf_g_a->gy(counter);
+            if(fit_32_into_uint8_t(temp32, &(g_a->gy[counter]))!=0)
+                return -1;
+            printf("%02x ",g_a->gy[counter]);
+        }
+        return 0;
+    }
+
+    void encode_attributes_to_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
+    {
+        protobuf_attributes->set_flags(attributes->flags); // 64 bit
+        protobuf_attributes->set_xfrm(attributes->xfrm); // 64 bit
+    }
+
+    int decode_attributes_from_protobuf(protobuf_sgx_attributes_t* protobuf_attributes, sgx_attributes_t* attributes)
+    {
+        attributes->flags = protobuf_attributes->flags();
+        printf("\n flags %" PRIu64 " \n", attributes->flags);
+        attributes->xfrm = protobuf_attributes->xfrm();
+        printf("\n xfrm %" PRIu64 " \n", attributes->xfrm);
+        return 0;
+    }
+
+    void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
+    {
+        printf("message 3 ------------------------------------------------------------ \n"); fflush(stdout);
+        int counter; google::protobuf::uint32 temp32;
+        printf("Key ID\n");
+        for(counter=0;counter<SGX_KEYID_SIZE;counter++)
+        {
+            temp32=report->key_id.id[counter];
+            printf("%02x ", temp32);
+            protobuf_report->add_key_id(temp32);
+        }
+
+        printf("MAC\n");
+        for(counter=0;counter<SGX_MAC_SIZE;counter++)
+        {
+            temp32=report->mac[counter];
+            printf("%02x ", temp32);
+            protobuf_report->add_mac(temp32);
+        }
+
+        protobuf_report->mutable_body()->set_misc_select(report->body.misc_select); // 32 bit
+        protobuf_report->mutable_body()->set_isv_svn(report->body.isv_svn); // 16 bit
+        protobuf_report->mutable_body()->set_isv_prod_id(report->body.isv_prod_id); // 16 bit
+        encode_attributes_to_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
+
+        for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
+        {
+            temp32=report->body.cpu_svn.svn[counter];
+            protobuf_report->mutable_body()->add_cpu_svn(temp32);
+        }
+
+        for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
+        {
+            temp32=report->body.reserved1[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
+            protobuf_report->mutable_body()->add_reserved1(temp32);
+        }
+
+        for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
+        {
+            temp32=report->body.reserved2[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
+            protobuf_report->mutable_body()->add_reserved2(temp32);
+        }
+
+        for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
+        {
+            temp32=report->body.reserved3[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
+            protobuf_report->mutable_body()->add_reserved3(temp32);
+        }
+
+        for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
+        {
+            temp32=report->body.reserved4[counter]; // TODO: Could be optimized out - if these are determined to be 0s.
+            protobuf_report->mutable_body()->add_reserved4(temp32);
+        }
+
+        printf("\n enclave measurement\n");
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            temp32=report->body.mr_enclave.m[counter];
+            printf("%02x ", temp32);
+            protobuf_report->mutable_body()->add_mr_enclave(temp32);
+        }
+
+        printf("\n signer measurement\n");
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            temp32=report->body.mr_signer.m[counter];
+            printf("%02x ", temp32);
+            protobuf_report->mutable_body()->add_mr_signer(temp32);
+        }
+
+        printf("\n report data\n");
+        for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
+        {
+            temp32=report->body.report_data.d[counter];
+            printf("%02x ", temp32);
+            protobuf_report->mutable_body()->add_report_data(temp32);
+        }
+    }
+
+    int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
+    {
+        int counter; google::protobuf::uint32 temp32;
+
+        printf("\n decoding report body:\n keyid\n");
+        for(counter=0;counter<SGX_KEYID_SIZE;counter++)
+        {
+            temp32=protobuf_report->key_id(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->key_id.id[counter]))!=0)
+                return -1;
+            printf("%02x  ", report->key_id.id[counter]);
+        }
+
+        printf("\nreport mac\n");
+        for(counter=0;counter<SGX_MAC_SIZE;counter++)
+        {
+            temp32=protobuf_report->mac(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->mac[counter]))!=0)
+                return -1;
+            printf("%02x  ", report->mac[counter]);
+        }
+
+        report->body.misc_select=protobuf_report->mutable_body()->misc_select(); // 32 bit
+        temp32=protobuf_report->mutable_body()->isv_svn();
+        if(fit_32_into_uint16_t(temp32, &(report->body.isv_svn))!=0)
+            return -1;
+        printf("\nmisc select %02x \n", report->body.misc_select);
+
+        temp32=protobuf_report->mutable_body()->isv_prod_id();
+        if(fit_32_into_uint16_t(temp32, &(report->body.isv_prod_id))!=0)
+            return -1;
+        printf("\nprod id %02x \n", report->body.isv_prod_id);
+
+        decode_attributes_from_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
+
+        printf("\n cpu svn\n");
+        for(counter=0;counter<SGX_CPUSVN_SIZE;counter++)
+        {
+            temp32=protobuf_report->mutable_body()->cpu_svn(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.cpu_svn.svn[counter]))!=0)
+                return -1;
+            printf("%02x ", report->body.cpu_svn.svn[counter]);
+
+        }
+        /*
+          printf("\n reserved1 \n");
+          for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
+          {
+            temp32=protobuf_report->mutable_body()->reserved1(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.reserved1[counter]))!=0)
+              return -1;
+            printf("%02x  ", report->body.reserved1[counter]);
+          }
+
+          printf("\n reserved2 \n");
+          for(counter=0;counter<SGX_REPORT_BODY_RESERVED2;counter++)
+          {
+            temp32=protobuf_report->mutable_body()->reserved2(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.reserved2[counter]))!=0)
+              return -1;
+            printf("%02x  ", report->body.reserved2[counter]);
+          }
+
+          printf("\n reserved3 \n");
+          for(counter=0;counter<SGX_REPORT_BODY_RESERVED3;counter++)
+          {
+            temp32=protobuf_report->mutable_body()->reserved3(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.reserved3[counter]))!=0)
+              return -1;
+            printf("%02x  ", report->body.reserved3[counter]);
+          }
+
+          printf("\n reserved4 \n");
+          for(counter=0;counter<SGX_REPORT_BODY_RESERVED4;counter++)
+          {
+            temp32=protobuf_report->mutable_body()->reserved4(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.reserved4[counter]))!=0)
+              return -1;
+            printf("%02x  ", report->body.reserved4[counter]);
+
+          }
+        */
+
+        printf("\n mrenclave \n");
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            temp32=protobuf_report->mutable_body()->mr_enclave(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.mr_enclave.m[counter]))!=0)
+                return -1;
+            printf("%02x ", report->body.mr_enclave.m[counter]);
+        }
+
+        printf("\n mrsigner \n");
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            temp32=protobuf_report->mutable_body()->mr_signer(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.mr_signer.m[counter]))!=0)
+                return -1;
+            printf("%02x ", report->body.mr_signer.m[counter]);
+        }
+
+        printf("\n report data\n");
+        for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
+        {
+            temp32=protobuf_report->mutable_body()->report_data(counter);
+            if(fit_32_into_uint8_t(temp32, &(report->body.report_data.d[counter]))!=0)
+                return -1;
+            printf("%02x  ", report->body.report_data.d[counter]);
+        }
+        return 0;
+    }
+
+}

App/protobufSgxTransformsInitiator.cpp

@@ -0,0 +1,130 @@
+//
+// Created by miti on 21/07/19.
+//
+
+#include "protobufSgxTransformsInitiator.h"
+
+namespace protobufSgxTransformsInitiator {
+    void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
+    {
+        int counter; google::protobuf::uint32 temp32; // google::protobuf::uint64 temp64;
+
+        protobufSgxTransformsHelper::encode_ec256_public_key_to_protobuf(protobuf_dhmsg1.mutable_g_a(), &(native_dhmsg1->g_a));
+
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            temp32=native_dhmsg1->target.mr_enclave.m[counter];
+            protobuf_dhmsg1.mutable_target()->add_mr_enclave(temp32);
+        }
+
+        for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
+        {
+            temp32=native_dhmsg1->target.reserved1[counter];
+            protobuf_dhmsg1.mutable_target()->add_reserved1(temp32);
+        }
+
+        for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
+        {
+            temp32=native_dhmsg1->target.reserved2[counter];
+            protobuf_dhmsg1.mutable_target()->add_reserved2(temp32);
+        }
+
+        protobufSgxTransformsHelper::encode_attributes_to_protobuf(protobuf_dhmsg1.mutable_target()->mutable_attributes(), &(native_dhmsg1->target.attributes));
+
+        temp32=native_dhmsg1->target.misc_select ;
+        protobuf_dhmsg1.mutable_target()->set_misc_select(temp32);
+    }
+
+    void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3)
+    {
+        int counter; google::protobuf::uint32 temp32;
+        for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
+        {
+            temp32=native_dhmsg3->cmac[counter];
+            protobuf_dhmsg3.add_cmac(temp32);
+        }
+
+        protobufSgxTransformsHelper::encode_report_to_protobuf(protobuf_dhmsg3.mutable_msg3_body()->mutable_report(), &(native_dhmsg3->msg3_body.report));
+        int max_counter=native_dhmsg3->msg3_body.additional_prop_length;
+        unsigned char*temp;
+        for(counter=0,temp=native_dhmsg3->msg3_body.additional_prop;counter<max_counter;counter++,temp++)
+        {
+            protobuf_dhmsg3.mutable_msg3_body()->add_additional_prop(*temp);
+        }
+    }
+
+    int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2)
+    {
+        int counter; google::protobuf::uint32 temp32; //google::protobuf::uint64 temp64;
+        printf("RECEIVED the following msg2\n"); fflush(stdout);
+        printf("\ncmac\n");
+        for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
+        {
+            temp32=protobuf_dhmsg2.cmac(counter);
+            if(fit_32_into_uint8_t(temp32, &(native_dhmsg2->cmac[counter]))!=0)
+                return -1;
+            printf("%02x  ",native_dhmsg2->cmac[counter]);
+        }
+
+        if(decode_ec256_public_key_from_protobuf(protobuf_dhmsg2.mutable_g_b(), &(native_dhmsg2->g_b)) !=0)
+            return -1;
+
+        if(decode_report_from_protobuf(protobuf_dhmsg2.mutable_report(), &(native_dhmsg2->report)) !=0)
+            return -1;
+
+        return 0;
+    }
+
+    
+    int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
+    {
+        int counter;
+        printf("Printing msg1:\n");
+        printf("gx\n");
+        for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+        {
+            printf("%02x ", protobuf_dhmsg1.g_a().gx(counter));
+    //      printf("%02x ", native_dhmsg1->g_a.gx[counter]);
+        }
+        printf("\ngy\n");
+        for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
+        {
+            printf("%02x ", protobuf_dhmsg1.g_a().gy(counter));
+    //      printf("%02x ", native_dhmsg1->g_a.gy[counter]);
+        }
+
+        printf("\nmrenclave for target\n");
+        for(counter=0;counter<SGX_HASH_SIZE;counter++)
+        {
+            printf("%02x ", protobuf_dhmsg1.target().mr_enclave(counter));
+    //      printf("%02x ", native_dhmsg1->target.mr_enclave.m[counter]);
+
+        }
+
+        printf("\nreserved1 in target\n");
+        for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
+        {
+           printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved1(counter));
+           printf("%02x  ", native_dhmsg1->target.reserved1[counter]);
+
+        }
+        printf("\nreserved2 in target\n");
+        for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
+        {
+           printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved2(counter));
+           printf("%02x  ", native_dhmsg1->target.reserved2[counter]);
+        }
+
+        printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.flags);
+        printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().flags());
+        printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.xfrm);
+        printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().xfrm());
+        printf("\n %" PRIu32 "\n", native_dhmsg1->target.misc_select);
+        printf("\n %" PRIu32 "\n", protobuf_dhmsg1.target().misc_select());
+
+        fflush(stdout);
+        return 0;
+    }
+    
+
+};

CommonOpensslCode/Openssl_crypto.cpp

@@ -24,7 +24,7 @@ int generate_sha256_hash(const unsigned char *message, size_t message_len, unsig
 	if(EVP_DigestFinal_ex(mdctx, digest, &digest_len) != 1)
 		return 0x4;
 
-	if(digest_en != 32)
+	if(digest_len != 32)
 		return 0x5;
 
 	EVP_MD_CTX_destroy(mdctx);

Decryptor/Decryptor.cpp

@@ -1,40 +1,8 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "Decryptor.h"
+#include "../TrustedInclude/Decryptor.h"
 #include "sgx_tseal.h"
 #include "sgx_tcrypto.h"
 #include "sgx_dh.h"
-#include "datatypes.h"
-#include "error_codes.h"
+#include "../TrustedInclude/error_codes.h"
 
 
         ECDSASignatureBox Decryptor::signatureBox;
@@ -238,7 +206,26 @@
         return 0;
   }
 
-  // EXTERNAL. DONE.
+  uint32_t Decryptor::decrypt_client_data(
+          uint8_t* input_ciphertext,
+        uint32_t input_ciphertext_length,
+        uint32_t* input_sizes_array,
+        uint32_t input_sizes_array_length)
+  {
+      /*
+      // check if the buffer is allocated outside
+      if (sgx_is_outside_enclave(val, sz) != 1)
+          abort();
+
+      // fence after sgx_is_outside_enclave check
+      sgx_lfence();
+      */
+      return 0;
+  }
+
+
+
+// EXTERNAL. DONE.
   uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
   {
       uint32_t first_decryption_output_length, plaintext_client_data_length;

Decryptor/Decryptor.edl

@@ -1,55 +1,35 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-
 enclave {
     include "sgx_eid.h"
     include "sgx_tcrypto.h"
-    from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
+    include "datatypes.h"
+    include "../TrustedInclude/dh_session_protocol.h"
     from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
+
     trusted {
-	public void calculate_sealed_keypair_size_wrapper([out, size=4] uint32_t* output_length); 
-      #define SEALED_SIZE 656  // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
-      public uint32_t create_and_seal_long_term_signing_key_pair_wrapper([out, size=4] uint32_t* sealed_data_length, [out,size=SEALED_SIZE] uint8_t* sealed_data);
-      public uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper([in, size=SEALED_SIZE] uint8_t* sealed_data, [in, size=4] uint32_t* sgx_sealed_data_length);
-      public uint32_t create_and_encrypt_mitigator_header_H_wrapper([out, size=200] uint8_t* ciphertext_token_H_plus_tag, [out] uint32_t* length); // would be 188 in length
-      // Apache mrsigner = 32 bytes + tag on encryption = 16 bytes.
-      // public uint32_t decrypt_verifiers_message_set_apache_mrsigner_wrapper([in, size=60] uint8_t* ciphertext_plus_tag);
-      // NEED AT LEAST: 64 bytes for public key of client, plus 64 bytes of signature over it, plus 16 bytes of tag over any encryption = 144 bytes. Msg length = 144 bytes + Length of form field
-      
-	public uint32_t process_apache_message_generate_response_wrapper([in, size=4100] uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, [out, size=4100] uint8_t* output_ciphertext, [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
-      public uint32_t process_verifiers_message_wrapper([in, size=60] uint8_t* input_ciphertext, uint32_t length);
-      public        void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);
-	public void get_short_term_public_key_wrapper([out, size=64] uint8_t* output); 
-  	public void get_long_term_verification_key_wrapper([out, size=64] uint8_t* output);
-	public void get_apache_iv([out, size=12] uint8_t* output); 
+        public uint32_t session_request_wrapper([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
+        public uint32_t exchange_report_wrapper([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
+        public void calculate_sealed_keypair_size_wrapper([out, size=4] uint32_t* output_length);
+        #define SEALED_SIZE 656  // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included)
+        public uint32_t create_and_seal_long_term_signing_key_pair_wrapper([out, size=4] uint32_t* sealed_data_length, [out,size=SEALED_SIZE] uint8_t* sealed_data);
+        public uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper([in, size=SEALED_SIZE] uint8_t* sealed_data, [in, size=4] uint32_t* sgx_sealed_data_length);
+        public uint32_t create_and_encrypt_mitigator_header_H_wrapper([out, size=200] uint8_t* ciphertext_token_H_plus_tag, [out] uint32_t* length); // would be 188 in length
+          // Apache mrsigner = 32 bytes + tag on encryption = 16 bytes.
+          // public uint32_t decrypt_verifiers_message_set_apache_mrsigner_wrapper([in, size=60] uint8_t* ciphertext_plus_tag);
+          // NEED AT LEAST: 64 bytes for public key of client, plus 64 bytes of signature over it, plus 16 bytes of tag over any encryption = 144 bytes. Msg length = 144 bytes + Length of form field
+    	public uint32_t process_apache_message_generate_response_wrapper([in, size=4100] uint8_t* input_ciphertext,
+    	        uint32_t input_ciphertext_plus_tag_length, [out, size=4100] uint8_t* output_ciphertext,
+    	        [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
+        public uint32_t decrypt_client_data_wrapper([in, size=input_ciphertext_length] uint8_t* input_ciphertext,
+            uint32_t input_ciphertext_length,
+            [in, size=input_sizes_array_length] uint32_t* input_sizes_array,
+            uint32_t input_sizes_array_length);
+        public uint32_t process_verifiers_message_wrapper([in, size=60] uint8_t* input_ciphertext, uint32_t length);
+        public void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);
+	    public void get_short_term_public_key_wrapper([out, size=64] uint8_t* output);
+  	    public void get_long_term_verification_key_wrapper([out, size=64] uint8_t* output);
+	    public void get_apache_iv([out, size=12] uint8_t* output);
+    };
+    untrusted {
+        public uint32_t get_decrypted_client_data([in, size=array_length] uint8_t* array, uint32_t array_length);
     };
   };

Decryptor/DecryptorWrapper.cpp

@@ -1,5 +1,5 @@
 #include <stdint.h>
-#include "Decryptor.h"
+#include "../TrustedInclude/Decryptor.h"
 #include "Decryptor_t.h"
 
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length)
@@ -51,3 +51,21 @@ void get_apache_iv(uint8_t* op)
 {
 	Decryptor::testing_get_apache_iv(op);
 }
+
+uint32_t decrypt_client_data_wrapper(uint8_t* input_ciphertext,
+        uint32_t input_ciphertext_length,
+        uint32_t* input_sizes_array,
+        uint32_t input_sizes_array_length)
+{
+    return Decryptor::decrypt_client_data(input_ciphertext, input_ciphertext_length, input_sizes_array, input_sizes_array_length);
+}
+
+uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+{
+    return LA::session_request(dh_msg1, session_id);
+}
+
+uint32_t exchange_report_wrapper(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
+{
+    return LA::exchange_report(dh_msg2, dh_msg3, session_id);
+}

LocalAttestationCode/LocalAttestationTrusted.cpp → Decryptor/LA.cpp

@@ -29,20 +29,14 @@
  *
  */
 
-// #include <stdint.h>
-#include "LocalAttestationTrusted.h"
-#include "Decryptor.h"
-#include "error_codes.h"
-#include "datatypes.h"
-#include "sgx_tcrypto.h"
-#include "sgx_dh.h"
-
-      dh_session_t LocalAttestationTrusted::global_session_info;
-
-
-//Handle the request from Source Enclave for a session
-uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
-{
+#include "../TrustedInclude/LA.h"
+class LA {
+    private:
+        dh_session_t global_session_info;
+
+    //Handle the request from Source Enclave for a session
+    uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
+    {
         sgx_dh_session_t sgx_dh_session;
         sgx_status_t status = SGX_SUCCESS;
 
@@ -65,17 +59,17 @@ uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32
         //Generate Message1 that will be returned to Source Enclave
         status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
         if(SGX_SUCCESS != status)
-          return status;
+            return status;
 
         memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
 
         return 0;
     }
 
-// TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
-//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
-uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
-{
+    // TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
+    //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
+    uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
+    {
         sgx_key_128bit_t dh_aek;
         uint32_t status = 0;
         sgx_dh_session_t sgx_dh_session;
@@ -84,10 +78,10 @@ uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh
         memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
 
         if(!dh_msg2 || !dh_msg3)
-          return INVALID_PARAMETER_ERROR;
+            return INVALID_PARAMETER_ERROR;
 
         if(global_session_info.status != IN_PROGRESS)
-          return INVALID_SESSION; // end_session(); // TODO: DA FUQ RETURN STH HERE.
+            return INVALID_SESSION; // end_session(); // TODO: DA FUQ RETURN STH HERE.
 
         memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));
 
@@ -96,12 +90,12 @@ uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh
         //Process message 2 from source enclave and obtain message 3
         status = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, &dh_aek, &initiator_identity);
         if(SGX_SUCCESS != status)
-          return status;
+            return status;
 
         //Verify source enclave's trust
-    	verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
+        verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
         if(verify_return != 0)
-         return verify_return;
+            return verify_return;
 
         /*
         //save the session ID, status and initialize the session nonce
@@ -113,3 +107,6 @@ uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh
         */
         return 0;
     }
+
+};
+

Include/LocalAttestationTrusted.h

@@ -1,50 +0,0 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-#ifndef LOCALATTESTATIONTRUSTED_H
-#define LOCALATTESTATIONTRUSTED_H
-#include "sgx_ecp_types.h"
-#include "dh_session_protocol.h"
-#include "SymmetricEncryptionBox.h"
-#include <map> // for some reason, for memcpy, memset syscalls
-#include "sgx_dh.h"
-
-//#ifdef __cplusplus
-//extern "C" {
-//#endif
-
-class LocalAttestationTrusted {
-  static dh_session_t global_session_info;
-public:
-    static uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
-    static uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id);
-};
-
-#endif

Include/LocalAttestationUntrusted.h

@@ -1,33 +0,0 @@
-#include <sys/socket.h>
-#include <stdlib.h>
-#include <netinet/in.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <stdio.h>
-#include "ProtobufLAMessages.pb.h"
-#include <google/protobuf/io/coded_stream.h>
-#include <google/protobuf/io/zero_copy_stream_impl.h>
-using namespace google::protobuf::io;
-#include "protobufLAInitiator.h"
-#include "../Decryptor/Decryptor_u.h"
-#include <iostream>
-
-
-class LocalAttestationUntrusted {
-  static   uint32_t session_id;
-  static protobuf_sgx_dh_msg1_t protobuf_msg1;
-  static uint8_t* output_ciphertext_plus_tag;
-  static int decrypt_client_data(uint32_t own_enclave_id, int apache_fd, uint8_t* output_ciphertext_plus_tag, uint8_t* input_ciphertext_plus_tag, int time_fd);
-  static uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd);
-
-  static int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message);
-  static int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message);
-  static int set_up_socket(int port,   sockaddr_in* address);
-public:
-  static int setup_socket_for_local_attestation_requests(int port);
-  static int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id);
-  static int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int * accept_fd);
-  static int post_local_attestation_with_verifier(uint32_t own_enclave_id, int apache_fd);
-  static int post_local_attestation_with_apache(uint32_t own_enclave_id, int apache_fd);
-};

Include/SgxProtobufLATransforms_initiator.h

@@ -1,6 +0,0 @@
-int write_protobuf_msg_to_fd(int accept_fd, google::protobuf::MessageLite& message);
-int read_protobuf_msg_from_fd(int accept_fd, google::protobuf::MessageLite& message);
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2);
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3);
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);

Include/protobufLAInitiator.h

@@ -1,2 +0,0 @@
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
-int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);

Include/protobufSgxLATransformsInitiator.h

@@ -1,4 +0,0 @@
-int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2);
-void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg3_t* native_dhmsg3);
-void encode_msg1_to_protobuf( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);
-int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1);

LocalAttestationCode/LocalAttestationCode.edl

@@ -1,40 +0,0 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-enclave  {
-    include "sgx_eid.h"
-    include "datatypes.h"
-    include "../Include/dh_session_protocol.h"
-    trusted{
-        public uint32_t session_request_wrapper([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
-        public uint32_t exchange_report_wrapper([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
-    };
-};

LocalAttestationCode/LocalAttestationTrustedWrapper.cpp

@@ -1,11 +0,0 @@
-#include "LocalAttestationCode_t.h"
-#include "LocalAttestationTrusted.h"
-uint32_t session_request_wrapper(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
-{
-  return LocalAttestationTrusted::session_request(dh_msg1, session_id);
-}
-
-uint32_t exchange_report_wrapper(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
-{
-  return LocalAttestationTrusted::exchange_report(dh_msg2, dh_msg3, session_id);
-}

LocalAttestationCode/datatypes.h

@@ -1,105 +0,0 @@
-/*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- *   * Redistributions of source code must retain the above copyright
- *     notice, this list of conditions and the following disclaimer.
- *   * Redistributions in binary form must reproduce the above copyright
- *     notice, this list of conditions and the following disclaimer in
- *     the documentation and/or other materials provided with the
- *     distribution.
- *   * Neither the name of Intel Corporation nor the names of its
- *     contributors may be used to endorse or promote products derived
- *     from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-#include "sgx_report.h"
-#include "sgx_eid.h"
-#include "sgx_ecp_types.h"
-#include "sgx_dh.h"
-#include "sgx_tseal.h"
-
-#ifndef DATATYPES_H_
-#define DATATYPES_H_
-
-#define DH_KEY_SIZE        20
-#define NONCE_SIZE         16
-#define MAC_SIZE           16
-#define MAC_KEY_SIZE       16
-#define PADDING_SIZE       16
-
-#define TAG_SIZE        16
-#define IV_SIZE            12
-
-#define DERIVE_MAC_KEY      0x0
-#define DERIVE_SESSION_KEY  0x1
-#define DERIVE_VK1_KEY      0x3
-#define DERIVE_VK2_KEY      0x4
-
-#define CLOSED 0x0
-#define IN_PROGRESS 0x1
-#define ACTIVE 0x2
-
-#define MESSAGE_EXCHANGE 0x0
-#define ENCLAVE_TO_ENCLAVE_CALL 0x1
-
-#define INVALID_ARGUMENT                   -2   ///< Invalid function argument
-#define LOGIC_ERROR                        -3   ///< Functional logic error
-#define FILE_NOT_FOUND                     -4   ///< File not found
-
-#define SAFE_FREE(ptr)     {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}}
-
-#define VMC_ATTRIBUTE_MASK  0xFFFFFFFFFFFFFFCB
-
-typedef uint8_t dh_nonce[NONCE_SIZE];
-typedef uint8_t cmac_128[MAC_SIZE];
-
-#pragma pack(push, 1)
-
-//Format of the AES-GCM message being exchanged between the source and the destination enclaves
-typedef struct _secure_message_t
-{
-    uint32_t session_id; //Session ID identifyting the session to which the message belongs
-    sgx_aes_gcm_data_t message_aes_gcm_data;    
-}secure_message_t;
-
-//Format of the input function parameter structure
-typedef struct _ms_in_msg_exchange_t {
-    uint32_t msg_type; //Type of Call E2E or general message exchange
-    uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL
-    uint32_t inparam_buff_len; //Length of the serialized input parameters
-    char inparam_buff[]; //Serialized input parameters
-} ms_in_msg_exchange_t;
-
-//Format of the return value and output function parameter structure
-typedef struct _ms_out_msg_exchange_t {
-    uint32_t retval_len; //Length of the return value
-    uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters
-    char ret_outparam_buff[]; //Serialized return value and output parameters
-} ms_out_msg_exchange_t;
-
-//Session Tracker to generate session ids
-typedef struct _session_id_tracker_t
-{
-    uint32_t          session_id;
-}session_id_tracker_t;
-
-#pragma pack(pop)
-
-#endif

Makefile

@@ -71,7 +71,7 @@ endif
 #PHPTrust_Lib_Name := libPHPLocalAttestation_Trusted.a
 #PHPTrustLib_Cpp_Files := $(wildcard PHPLocalAttestationCode/*.cpp)
 #PHPTrustLib_Cpp_Objects := $(PHPTrustLib_Cpp_Files:.cpp=.o)
-#PHPTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include
+#PHPTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude
 #PHPTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths)
 #PHPTrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 OPENSSL_LIBRARY_PATH := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/lib64/
@@ -85,18 +85,10 @@ OPENSSL_INCLUDES := /home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include
 
 
 Trust_Lib_Name := libLocalAttestation_Trusted.a
-TrustLib_Cpp_Files := LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode/LocalAttestationCode_t.c
-TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o)
-TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include -I./Decryptor
+TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./TrustedInclude ./Include
 TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector  $(TrustLib_Include_Paths) -Wall
 TrustLib_Compile_Cxx_Flags :=  -std=c++11 -nostdinc++
 
-#UnTrustLib_Name := libLocalAttestation_unTrusted.a
-#UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp)
-#UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o)
-#UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
-#UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths)
-
 ######## App Settings ########
 
 ifneq ($(SGX_MODE), HW)
@@ -106,9 +98,8 @@ else
 endif
 
 App_Cpp_Files := $(wildcard App/*.cpp)
-App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode
-
-App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall
+App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./UntrustedInclude
+App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) -Wall -std=c++11
 # Three configuration modes - Debug, prerelease, release
 #   Debug - Macro DEBUG enabled.
 #   Prerelease - Macro NDEBUG and EDEBUG enabled.
@@ -121,8 +112,7 @@ else
 	App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG
 endif
 
-#App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lprotobuf
-App_Link_Flags := $(SGX_COMMON_CFLAGS) $(Security_Link_Flags) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lsgx_uae_service -L$(OPENSSL_LIBRARY_PATH) -lsgx_usgxssl -lpthread  -lprotobuf #-L$(OPENSSL_BAREBONES_LIBRARY_PATH) -lcrypto
+App_Link_Flags := $(SGX_COMMON_CFLAGS) $(Security_Link_Flags) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lsgx_uae_service -L$(OPENSSL_LIBRARY_PATH) -lsgx_usgxssl -lpthread -L/usr/local/lib -lprotobuf #-L$(OPENSSL_BAREBONES_LIBRARY_PATH) -lcrypto
 
 ifneq ($(SGX_MODE), HW)
 	App_Link_Flags += -lsgx_uae_service_sim
@@ -234,11 +224,11 @@ LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttesta
 	@$(CC) $(TrustLib_Compile_Flags) -c $< -o $@
 	@echo "CC   <=  $<"
 
-LocalAttestationCode/LocalAttestationTrustedWrapper.o: LocalAttestationCode/LocalAttestationTrustedWrapper.cpp LocalAttestationCode/LocalAttestationCode_t.h
+LocalAttestationCode/LocalAttestationTrustedWrapper.o: LocalAttestationCode/LAWrapper.cpp LocalAttestationCode/LocalAttestationCode_t.h
 	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
 	@echo "CC   <= $<"
 
-LocalAttestationCode/LocalAttestationTrusted.o: LocalAttestationCode/LocalAttestationTrusted.cpp LocalAttestationCode/LocalAttestationCode_t.h
+LocalAttestationCode/LocalAttestationTrusted.o: Decryptor/LA.cpp LocalAttestationCode/LocalAttestationCode_t.h
 	@$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@
 	@echo "CC   <= $<"
 
@@ -250,14 +240,6 @@ CommonOpensslCode/Openssl_crypto.o: CommonOpensslCode/Openssl_crypto.cpp
 	@$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -I$(OPENSSL_INCLUDES)  -c $< -o $@
 	@echo "CXX  <=  $<"
 
-#Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp
-#	@$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@
-#	@echo "CC   <=  $<"
-
-#$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects)
-#	@$(AR) rcs $@ $^
-#	@echo "GEN  =>  $@"
-
 ######## App Objects ########
 Decryptor/Decryptor_u.c Decryptor/Decryptor_u.h: $(SGX_EDGER8R) Decryptor/Decryptor.edl
 	@cd Decryptor && $(SGX_EDGER8R) --use-prefix --untrusted ../Decryptor/Decryptor.edl --search-path $(SGX_SDK)/include
@@ -271,7 +253,7 @@ App/%.o: App/%.cpp Decryptor/Decryptor_u.h #Enclave3/Enclave3_u.h
 	@$(CXX) $(App_Compile_Flags) -c $< -o $@
 	@echo "CXX  <=  $<"
 
-$(App_Name): App/App.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxLATransformsInitiator.o App/ProtobufLAMessages.pb.o   App/Decryptor_u.o #$(App_Cpp_Objects)# $(UnTrustLib_Name)
+$(App_Name): App/App.o App/LocalAttestationUntrusted.o App/protobufLAInitiator.o App/protobufSgxTransformsInitiator.o App/protobufSgxTransformsHelper.o App/protobufReadWrite.o  App/ProtobufLAMessages.pb.o App/PostLAMessages.pb.o App/Ipc.o App/Decryptor_u.o
 	@$(CXX) -Wl,--no-undefined $^ -o $@ $(App_Link_Flags)
 	@echo "LINK =>  $@"
 

Decryptor/Decryptor.h → TrustedInclude/Decryptor.h

@@ -1,4 +1,3 @@
-//#include <map>
 #include "ECDSASignatureBox.h"
 #include "HybridEncryptionBox.h"
 #include "LocalAttestationTrusted.h"
@@ -6,10 +5,10 @@
 class Decryptor {
   static ECDSASignatureBox signatureBox;
   static HybridEncryptionBox hybridEncryptionBoxClient;
-  static uint8_t verifier_mr_enclave[32]; // =  {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
+  static uint8_t verifier_mr_enclave[32];
   static SymmetricEncryptionBox symmetricEncryptionBoxApache;
   static SymmetricEncryptionBox symmetricEncryptionBoxVerifier;
-  static uint8_t apache_mr_signer[32]; // = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
+  static uint8_t apache_mr_signer[32];
   static uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
   static uint8_t first_decryption_output[1092]; // 1000 bytes of ciphertext data + 12 IV + 16 Tag + 64 clients public key
   static uint8_t plaintext_client_data[1000]; 
@@ -19,7 +18,8 @@ class Decryptor {
   static uint32_t create_mitigator_header_H(uint8_t* signature_data_and_signature);
   static uint32_t create_long_term_signing_keypair(uint8_t* private_public_key_string);
   static uint32_t initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length);
-  public:
+  static uint32_t get_decrypted_client_data(uint8_t* array, uint32_t array_length);
+public:
     static void calculate_sealed_keypair_size(uint32_t* output_length); 
     static uint32_t verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek);
     static uint32_t create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data);
@@ -28,18 +28,15 @@ class Decryptor {
     static uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag);
     static uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
     static uint32_t process_verifiers_message(uint8_t* input_ciphertext, uint32_t length);
-	static  void testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output); 
+    static uint32_t decrypt_client_data( uint8_t* input_ciphertext,
+            uint32_t input_ciphertext_length,
+            uint32_t* input_sizes_array,
+            uint32_t input_sizes_array_length);
+    static  void testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output);
 	static void testing_get_short_term_public_key(uint8_t* output); 
-  static void testing_long_term_verification_key(uint8_t* output); 
+    static void testing_long_term_verification_key(uint8_t* output);
 	static void testing_get_apache_iv(uint8_t*); 
   };
 
-//ECDSASignatureBox Decryptor::signatureBox(); 
-//HybridEncryptionBox Decryptor::hybridEncryptionBoxClient(); 
-//SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache(); 
-//SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier();
-//uint8_t Decryptor::verifier_mr_enclave = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
-//uint8_t Decryptor::apache_mr_signer = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};
-
 
 

Include/DecryptorWrapper.h → TrustedInclude/DecryptorWrapper.h

@@ -4,4 +4,8 @@ uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_dat
 uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
 uint32_t process_verifiers_message(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length);
-void get_short_term_public_key_wrapper(uint8_t* output); 
+void get_short_term_public_key_wrapper(uint8_t* output);
+uint32_t decrypt_client_data_wrapper(uint8_t* input_ciphertext,
+        uint32_t input_ciphertext_length,
+        uint32_t* input_sizes_array,
+        uint32_t input_sizes_array_length);

TrustedInclude/LA.h

@@ -0,0 +1,27 @@
+//
+// Created by miti on 22/07/19.
+//
+
+#ifndef DECRYPTORAPP_LA_H
+#define DECRYPTORAPP_LA_H
+
+
+#include "Decryptor.h"
+#include "error_codes.h"
+#include "sgx_tcrypto.h"
+#include "sgx_report.h"
+#include "sgx_eid.h"
+#include "sgx_ecp_types.h"
+#include "sgx_dh.h"
+
+class LA
+{
+private:
+    dh_session_t global_session_info;
+
+public:
+    uint32_t session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id);
+    uint32_t exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id);
+};
+
+#endif //DECRYPTORAPP_LA_H