#include "LocalAttestationUntrusted.h" namespace LocalAttestationUntrusted { namespace { uint32_t session_id = 0; protobuf_sgx_dh_msg1_t protobuf_msg1; uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd) { uint32_t protobuf_sgx_ret; protobuf_sgx_dh_msg2_t protobuf_msg2; protobuf_sgx_dh_msg3_t protobuf_msg3; printf("Writing message 1\n"); fflush(stdout); if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg1) != 0) return 0x1; printf("Reading message 2\n"); fflush(stdout); if (protobufReadWrite::read_protobuf_msg_from_fd(accept_fd, protobuf_msg2) != 0) return 0x2; protobuf_sgx_ret = protobufLAInitiator::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &session_id); if (protobuf_sgx_ret != 0) { printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret; } printf("Writing message 3\n"); fflush(stdout); if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg3) != 0) return 0x3; return 0; } } int decrypt_client_data(uint32_t own_enclave_id, int fd, int time_file_fd) { extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg; unsigned char *double_ciphertext, *ciphertext; uint32_t *input_sizes_array, *output_sizes_array; uint32_t double_ciphertext_length; uint32_t number_of_double_ciphertext_fields; uint32_t sgx_ret; // Get a message of the type decryptor_to_extension msg if (!protobufReadWrite::read_protobuf_msg_from_fd(fd, protobuf_extension_decryptor_msg)) { printf("Not all of the extension's message was read\n"); fflush(stdout); return 0xf3; } PostLAProtobufNativeTransforms::get_lengths_for_protobuf_serialized_array(protobuf_extension_decryptor_msg, &double_ciphertext_length, &number_of_double_ciphertext_fields); double_ciphertext=(unsigned char*) malloc(double_ciphertext_length); ciphertext = (unsigned char*) malloc(double_ciphertext_length); input_sizes_array = (uint32_t*) malloc(number_of_double_ciphertext_fields * sizeof(uint32_t)); output_sizes_array = (uint32_t*) malloc(number_of_double_ciphertext_fields * sizeof(uint32_t)); PostLAProtobufNativeTransforms::create_array_from_protobuf(protobuf_extension_decryptor_msg, double_ciphertext, input_sizes_array, &number_of_double_ciphertext_fields); // Call the enclave's decryption function with these arguments and get back another vector of ciphertexts. Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret, double_ciphertext, double_ciphertext_length, input_sizes_array, number_of_double_ciphertext_fields, ciphertext, output_sizes_array); free(double_ciphertext); free(input_sizes_array); // Error checking if(!sgx_ret) { free(ciphertext); free(output_sizes_array); return 0x32; } // Clear the protobuf msg above and reset it with the output arguments of the ecall. protobuf_extension_decryptor_msg.clear_ciphertext_client_public_key(); protobuf_extension_decryptor_msg.clear_ciphertext_fields(); PostLAProtobufNativeTransforms::create_protobuf_from_array(ciphertext, output_sizes_array, number_of_double_ciphertext_fields, protobuf_extension_decryptor_msg); free(ciphertext); free(output_sizes_array); // write message to apache extension if (!protobufReadWrite::write_protobuf_msg_to_fd(fd, protobuf_extension_decryptor_msg)) { printf("Not all of the client's ciphertext data was written to the extension.\n"); fflush(stdout); return 31; } /* gettimeofday(&tv2, NULL); new_time=tv2.tv_usec + tv2.tv_sec * 1000000; old_time=tv1.tv_usec + tv1.tv_sec * 1000000; bytes_written=sprintf(time_buf, "%lu %lu\n", old_time, new_time); FileIO::write_to_fd(time_file_fd, time_buf, bytes_written); */ return 0; } int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id) { uint32_t protobuf_sgx_ret; protobuf_sgx_ret = protobufLAInitiator::generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id); if (protobuf_sgx_ret != 0) { printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret; } return 0; } int setup_socket_for_local_attestation_requests(int port) { struct sockaddr_in own_addr; return Ipc::set_up_socket(port, &own_addr); } // TODO: CHANGED SIGNATURE. int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd, int *accept_fd) { uint32_t protobuf_sgx_ret; struct sockaddr_storage apache_addr; socklen_t apache_addr_size = sizeof(apache_addr); int temp_accept_fd; temp_accept_fd = accept(server_fd, (struct sockaddr *) &apache_addr, &apache_addr_size); if (temp_accept_fd < 0) { printf("Error in accepting %d", errno); fflush(stdout); return temp_accept_fd; } *accept_fd = temp_accept_fd; protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd); return protobuf_sgx_ret; } int post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd) { uint32_t protobuf_sgx_ret; uint8_t encrypted_apache_mrsigner_and_tag[150]; size_t bytes_read; int count, ret_status; printf("Here\n"); fflush(stdout); bytes_read = 60; ret_status = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, &bytes_read); if (ret_status != 0) { printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout); return 0xfe; } for (count = 0; count < 60; count++) printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]); printf("\n"); fflush(stdout); Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag, 60); if (protobuf_sgx_ret != 0) { printf("Error in decryption: 0x%x\n", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret; } printf("Successful decryption\n"); fflush(stdout); close(accept_fd); uint8_t output[64]; Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output); uint32_t counter; for (counter = 0; counter < 32; counter++) printf("0x%x ", output[counter]); printf("/n"); for (counter = 32; counter < 64; counter++) printf("0x%x ", output[counter]); printf("/n"); fflush(stdout); return 0; } int post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd) { protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg; uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188 uint32_t op_length, internal_return_status, count, sgx_ret; uint8_t public_key[64]; int time_file_fd; memset(encrypted_sign_data_and_sign_and_tag, 0x0, 200); Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret, encrypted_sign_data_and_sign_and_tag, &op_length); if (sgx_ret != 0) { printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret); fflush(stdout); return 0xf3; } for (count = 0; count < op_length; count++) { printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]); } printf("\n"); fflush(stdout); protobuf_encrypted_msg.set_msg((void *) encrypted_sign_data_and_sign_and_tag, op_length); if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0) { printf("Not all of the mitigator token H was written to the Apache.\n"); fflush(stdout); return 0xfe; } Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key); for (count = 0; count < 64; count++) printf("%02x ", public_key[count]); printf("\n"); fflush(stdout); time_file_fd = open("decryptor_time.txt", O_APPEND | O_WRONLY); do { internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, time_file_fd); } while (internal_return_status == 0); close(accept_fd); close(time_file_fd); return internal_return_status; } };