/* * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * */ #include "sgx_trts.h" #include "sgx_utils.h" #include "EnclaveMessageExchange.h" #include "sgx_eid.h" #include "error_codes.h" #include "sgx_ecp_types.h" #include "sgx_thread.h" #include #include "dh_session_protocol.h" #include "sgx_dh.h" #include "sgx_tcrypto.h" #include "LocalAttestationCode_t.h" #include "sgx_tseal.h" #ifdef __cplusplus extern "C" { #endif uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity); #ifdef __cplusplus } #endif //uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); //void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string); //void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); #define MAX_SESSION_COUNT 16 //number of open sessions // uint32_t g_session_count = 0; ATTESTATION_STATUS generate_session_id(uint32_t *session_id); ATTESTATION_STATUS end_session(); //sgx_ec256_private_t signing_priv_key; uint32_t one_successful_la_done; sgx_ecc_state_handle_t ecc_state; uint32_t session_ids[MAX_SESSION_COUNT]; // Our enclave will not be doing LA with more than 1 decryptor enclave at a time. // We should not need this. //std::mapg_dest_session_info_map; dh_session_t global_session_info; // TODO: May be we need to store all previously assigned session IDs instead of just the counter; to prevent replay attacks - uint32_t global_session_id=0; //Handle the request from Source Enclave for a session ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id ) { // dh_session_t session_info; sgx_dh_session_t sgx_dh_session; sgx_status_t status = SGX_SUCCESS; if(!session_id || !dh_msg1) { return INVALID_PARAMETER_ERROR; } //Intialize the session as a session responder status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session); if(SGX_SUCCESS != status) { return status; } *session_id=1; global_session_info.status = IN_PROGRESS; //Generate Message1 that will be returned to Source Enclave status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session); if(SGX_SUCCESS != status) { global_session_id--; // SAFE_FREE(g_session_id_tracker[*session_id]); return status; } memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t)); //return sgx_seal_data(0, NULL, 0, NULL, 0, NULL); //Store the session information under the correspoding source enlave id key // g_dest_session_info_map.insert(std::pair(src_enclave_id, session_info)); return status; } //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave ATTESTATION_STATUS exchange_report( sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id, uint8_t* read_or_write) { sgx_key_128bit_t dh_aek; // Session key // dh_session_t session_info; ATTESTATION_STATUS status = SUCCESS; sgx_dh_session_t sgx_dh_session; sgx_dh_session_enclave_identity_t initiator_identity; if(!dh_msg2 || !dh_msg3) { return INVALID_PARAMETER_ERROR; } memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); // Why is there a do-while loop anyway? It seems like there is no successful exit ... // do // { // TODO: Make sure that this works - pointers // session_info = global_session_info; if(global_session_info.status != IN_PROGRESS) { status = INVALID_SESSION; end_session(); } memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t)); dh_msg3->msg3_body.additional_prop_length = 0; //Process message 2 from source enclave and obtain message 3 sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, &dh_aek, &initiator_identity); if(SGX_SUCCESS != se_ret) { status = se_ret; end_session(); } uint32_t hash_count; // THIS IS WHERE THE DECRYPTOR VERIFIES THE APACHE'S MRSIGNER IS THE PUBLIC KEY GIVEN AFTER THE LOCAL ATTESTATION WITH THE VERIFIER. //Verify source enclave's trust uint32_t verify_return=verify_peer_enclave_trust(&initiator_identity); if(verify_return!=0) return verify_return; if(one_successful_la_done == 0) { one_successful_la_done = 1; *read_or_write=1; } else { one_successful_la_done=2; *read_or_write=0; } // TODO: Verify that these changes will be lost on update. //save the session ID, status and initialize the session nonce global_session_info.session_id = *session_id; global_session_info.status = ACTIVE; global_session_info.active.counter = 0; memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t)); memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); //g_session_count++;*/ // }while(0); return status; } uint32_t calculate_sealed_data_size( uint32_t input_size) { // *op_size=sgx_calc_sealed_data_size(0, input_size); return sgx_calc_sealed_data_size(0, input_size); } // TODO: Fix this. //Respond to the request from the Source Enclave to close the session ATTESTATION_STATUS end_session(/**/) { return SUCCESS; } /* // Session_id is set to the first index of the pointer array that is non-null.(Not sure how it is ensured that all of them point to NULL at the start) // Why can't it just keep a counter that is incremented? What are the values of g_session_id_tracker array? //Returns a new sessionID for the source destination session ATTESTATION_STATUS generate_session_id(uint32_t *session_id) { ATTESTATION_STATUS status = SUCCESS; if(!session_id) { return INVALID_PARAMETER_ERROR; } //if the session structure is untintialized, set that as the next session ID for (int i = 0; i < MAX_SESSION_COUNT; i++) { if (g_session_id_tracker[i] == NULL) { *session_id = i; return status; } } status = NO_AVAILABLE_SESSION_ERROR; return status; */ // *session_id=++global_session_id; //} uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext) { // if(one_successful_la_done < 2) // doesn't matter as confidentiality of the signer is not a problem - changing it in memory so that the decryptor accepts another mrsigner is a problem. // return 0xfe; // will not return plaintext to the caller as this is the apache's mrsigner, sent to the verifier (value 1) or no LA done yet (value 0) uint32_t return_status2; uint32_t count; unsigned char key[16]; // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now. for(count=0;count<16;count++) key[count]=global_session_info.active.AEK[count]; // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal) uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len); for(count=0;count