/* * Copyright (C) 2011-2017 Intel Corporation. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * * Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * Neither the name of Intel Corporation nor the names of its * contributors may be used to endorse or promote products derived * from this software without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa * */ // App.cpp : Defines the entry point for the console application. #include #include #include "../Decryptor/Decryptor_u.h" #include "sgx_eid.h" #include "sgx_urts.h" #define __STDC_FORMAT_MACROS #include #include // for sealing - sgx_calc_sealed_data_size #include "sgx_tseal.h" // For reading from/writing to file -sealing. #include #include #include #include "systemLA.h" //#define UNUSED(val) (void)(val) #define TCHAR char #define _TCHAR char #define _T(str) str #define scanf_s scanf // Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave. //extern std::mapg_enclave_id_map; //int __ImageBase=0; sgx_enclave_id_t e2_enclave_id = 0; #define Decryptor_PATH "libDecryptor.so" ////////////////////////////////////////////////// #include uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length) { lseek(fd, 0, SEEK_SET); ssize_t bytes_written; bytes_written = write(fd, msg, *expected_msg_length); if(bytes_written <= 0) return 0xFFFFFFFF; fsync(fd); *expected_msg_length = bytes_written; return 0; } uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length) { ssize_t bytes_read; lseek(fd, 0, SEEK_SET); bytes_read = read(fd, msg, *expected_msg_length); if(bytes_read <= 0) return 0xFFFFFFFF; *expected_msg_length = bytes_read; return 0; } uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length) { uint32_t ret_status; uint8_t* sgx_sealed_msg; printf("expected read 0x%ld\n", *actual_sealed_msg_length); sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL) ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length); if(ret_status != 0) { free(sgx_sealed_msg); return 0xFFFFFFFF; } printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status); fflush(stdout); size_t counter; for(counter=0;counter<*actual_sealed_msg_length;counter++) printf("%x ", *(sgx_sealed_msg+counter)); printf("\n"); fflush(stdout); Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length); free(sgx_sealed_msg); return ret_status; } uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused)) int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key) { uint32_t ret_status; // Generating a signing ECDSA key to sign the encryption key. uint32_t length; Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE); if(length == 0xFFFFFFFF) return 0xFFFFFFFF; printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout); uint8_t* sealed_data=(uint8_t*) malloc(0x300); printf("Made call to sgx_calc_sealed_data_size\n"); fflush(stdout); Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data); if(ret_status != SGX_SUCCESS) { printf("create_and_seal called returned an error: %x", ret_status); free(sealed_data); return 0xFFFFFFFF; } printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length; ret_status = write_to_fd(fd, sealed_data, &length); free(sealed_data); // if(ret_status > 0) // *actual_sealed_msg_length = ret_status; // return 0; return ret_status; } int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[]) { uint32_t ret_status; sgx_status_t status; // For sgx setup int launch_token_updated; sgx_launch_token_t launch_token; // uint8_t* pub_key = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE); sgx_ec256_public_t pub_key; uint32_t counter; size_t sealed_msg_length_in_file; status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL); if(status != SGX_SUCCESS) { printf("\nLoad Enclave Failure"); return -1; } printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id); fflush(stdout); int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); if(sealed_signing_key_fd == -1) { perror("\nError in opening the file sealed_signing_key.txt - "); fflush(stderr); return 0xFFFFFFFF; } printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n"); fflush(stdout); // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET); // int end = lseek(sealed_signing_key_fd, 0, SEEK_END); struct stat st; ret_status = fstat(sealed_signing_key_fd, &st); //sealed_msg_length_in_file = st.st_size; if(ret_status != 0) { perror("error in finding the file size. - "); fflush(stderr); return 0xffffffff; } sealed_msg_length_in_file = st.st_size; if(sealed_msg_length_in_file == 0) //if(start == end && start != -1) { // TODO: file is empty. create signing key pair. // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET); ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key); if(ret_status != 0) { printf("\n error in generating the ecdsa signing key pair \n"); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); return 0xFFFFFFFF; } fflush(stdout); printf("\n Generated the ecdsa key pair successfully - gx, gy\n"); for(counter=0;counter<32;counter++) printf("0x%x ",pub_key.gx[counter]); printf("\n"); for(counter=0;counter<32;counter++) printf("0x%x ",pub_key.gy[counter]); printf("\n"); fflush(stdout); // fflush(stdout); } else { // start = lseek(sealed_signing_key_fd, 0, SEEK_CUR); // if(actual_sealed_msg_length == 0) // actual_sealed_msg_length = size; // - start; ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file); if(ret_status != SGX_SUCCESS) { printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); return 0xFFFFFFFF; } printf("\n Recovered the ecdsa key pair successfully - gx, gy\n"); for(counter=0;counter<32;counter++) printf("%02x",pub_key.gx[31-counter]); // printf("\n"); for(counter=0;counter<32;counter++) printf("%02x",pub_key.gy[31-counter]); printf("\n"); fflush(stdout); } close(sealed_signing_key_fd); // LA with the verifier ret_status=local_attestation_initiator(3824, e2_enclave_id); if(ret_status!=0) { printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); return 0xFFFFFFFF; } // Does decryption too - should probs rename it ret_status=local_attestation_initiator(3825, e2_enclave_id); if(ret_status!=0) { printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); return 0xFFFFFFFF; } /* // LA with the apache - currently set to return failure - should change it to success when the code to send the mrsigner from the verifier to the decryptor is added- TODO: <--- that ret_status=local_attestation_initiator(3826, e2_enclave_id); // TODO: Change port or sth if(ret_status!=0) { printf("local attestation - with apache - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); return 0xFFFFFFFF; } */ // TODO: Continue with other msgs - send sign(enc | verifier mr_enclave) sgx_destroy_enclave(e2_enclave_id); return 0; }