123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338 |
- /*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- #include "sgx_trts.h"
- #include "sgx_utils.h"
- #include "EnclaveMessageExchange.h"
- #include "sgx_eid.h"
- #include "error_codes.h"
- #include "sgx_ecp_types.h"
- #include "sgx_thread.h"
- #include <map>
- #include "dh_session_protocol.h"
- #include "sgx_dh.h"
- #include "sgx_tcrypto.h"
- #include "LocalAttestationCode_t.h"
- #include "sgx_tseal.h"
- #ifdef __cplusplus
- extern "C" {
- #endif
- uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
- #ifdef __cplusplus
- }
- #endif
- //uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
- //void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
- //void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
-
- #define MAX_SESSION_COUNT 16
- //number of open sessions
- // uint32_t g_session_count = 0;
- ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
- ATTESTATION_STATUS end_session();
- //sgx_ec256_private_t signing_priv_key;
- uint32_t one_successful_la_done;
- sgx_ecc_state_handle_t ecc_state;
- uint32_t session_ids[MAX_SESSION_COUNT];
- // Our enclave will not be doing LA with more than 1 decryptor enclave at a time.
- // We should not need this.
- //std::map<int, dh_session_t>g_dest_session_info_map;
- dh_session_t global_session_info;
- // TODO: May be we need to store all previously assigned session IDs instead of just the counter; to prevent replay attacks -
- uint32_t global_session_id=0;
- //Handle the request from Source Enclave for a session
- ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
- uint32_t *session_id )
- {
- // dh_session_t session_info;
- sgx_dh_session_t sgx_dh_session;
- sgx_status_t status = SGX_SUCCESS;
- if(!session_id || !dh_msg1)
- {
- return INVALID_PARAMETER_ERROR;
- }
- //Intialize the session as a session responder
- status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
- if(SGX_SUCCESS != status)
- {
- return status;
- }
- *session_id=1;
- global_session_info.status = IN_PROGRESS;
- //Generate Message1 that will be returned to Source Enclave
- status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
- if(SGX_SUCCESS != status)
- {
- global_session_id--;
- // SAFE_FREE(g_session_id_tracker[*session_id]);
- return status;
- }
- memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
- //return sgx_seal_data(0, NULL, 0, NULL, 0, NULL);
- //Store the session information under the correspoding source enlave id key
- // g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
- return status;
- }
- //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
- ATTESTATION_STATUS exchange_report(
- sgx_dh_msg2_t *dh_msg2,
- sgx_dh_msg3_t *dh_msg3,
- uint32_t* session_id, uint8_t* read_or_write)
- {
- sgx_key_128bit_t dh_aek; // Session key
- // dh_session_t session_info;
- ATTESTATION_STATUS status = SUCCESS;
- sgx_dh_session_t sgx_dh_session;
- sgx_dh_session_enclave_identity_t initiator_identity;
- if(!dh_msg2 || !dh_msg3)
- {
- return INVALID_PARAMETER_ERROR;
- }
- memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
- // Why is there a do-while loop anyway? It seems like there is no successful exit ...
- // do
- // {
- // TODO: Make sure that this works - pointers
- // session_info = global_session_info;
- if(global_session_info.status != IN_PROGRESS)
- {
- status = INVALID_SESSION;
- end_session();
- }
- memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));
- dh_msg3->msg3_body.additional_prop_length = 0;
- //Process message 2 from source enclave and obtain message 3
- sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
- dh_msg3,
- &sgx_dh_session,
- &dh_aek,
- &initiator_identity);
- if(SGX_SUCCESS != se_ret)
- {
- status = se_ret;
- end_session();
- }
- uint32_t hash_count;
- // THIS IS WHERE THE DECRYPTOR VERIFIES THE APACHE'S MRSIGNER IS THE PUBLIC KEY GIVEN AFTER THE LOCAL ATTESTATION WITH THE VERIFIER.
- //Verify source enclave's trust
- uint32_t verify_return=verify_peer_enclave_trust(&initiator_identity);
- if(verify_return!=0)
- return verify_return;
- if(one_successful_la_done == 0)
- {
- one_successful_la_done = 1; *read_or_write=1;
- }
- else
- {
- one_successful_la_done=2; *read_or_write=0;
- }
- // TODO: Verify that these changes will be lost on update.
- //save the session ID, status and initialize the session nonce
- global_session_info.session_id = *session_id;
- global_session_info.status = ACTIVE;
- global_session_info.active.counter = 0;
- memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
- memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
- //g_session_count++;*/
- // }while(0);
- return status;
- }
- uint32_t calculate_sealed_data_size( uint32_t input_size)
- {
- // *op_size=sgx_calc_sealed_data_size(0, input_size);
- return sgx_calc_sealed_data_size(0, input_size);
- }
- // TODO: Fix this.
- //Respond to the request from the Source Enclave to close the session
- ATTESTATION_STATUS end_session(/**/)
- {
- return SUCCESS;
- }
- /*
- // Session_id is set to the first index of the pointer array that is non-null.(Not sure how it is ensured that all of them point to NULL at the start)
- // Why can't it just keep a counter that is incremented? What are the values of g_session_id_tracker array?
- //Returns a new sessionID for the source destination session
- ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
- {
- ATTESTATION_STATUS status = SUCCESS;
- if(!session_id)
- {
- return INVALID_PARAMETER_ERROR;
- }
- //if the session structure is untintialized, set that as the next session ID
- for (int i = 0; i < MAX_SESSION_COUNT; i++)
- {
- if (g_session_id_tracker[i] == NULL)
- {
- *session_id = i;
- return status;
- }
- }
- status = NO_AVAILABLE_SESSION_ERROR;
- return status;
- */
- // *session_id=++global_session_id;
- //}
- uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
- {
- // if(one_successful_la_done < 2) // doesn't matter as confidentiality of the signer is not a problem - changing it in memory so that the decryptor accepts another mrsigner is a problem.
- // return 0xfe; // will not return plaintext to the caller as this is the apache's mrsigner, sent to the verifier (value 1) or no LA done yet (value 0)
- uint32_t return_status2; uint32_t count;
- unsigned char key[16];
- // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now.
- for(count=0;count<16;count++)
- key[count]=global_session_info.active.AEK[count];
- // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
- uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
- for(count=0;count<ciphertext_len;count++)
- *(ciphertext+count)=*(ip_ciphertext+count);
- uint8_t* tag = (uint8_t*) malloc(16);
- for(count=0;count<16;count++)
- *(tag+count)=*(ip_tag+count);
- uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
- uint8_t iv[12];
-
- memset(iv, 0, 12); //memcpy(iv, &global_session_info.active.counter, 4);
- return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
- for(count=0;count<ciphertext_len;count++)
- *(op_plaintext+count)=plaintext[count];
- free(plaintext); free (ciphertext); free(tag);
- return return_status2;
- }
- uint32_t encrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
- {
- uint32_t return_status2; uint32_t count;
- unsigned char key[16];
- // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now.
- for(count=0;count<16;count++)
- key[count]=global_session_info.active.AEK[count];
- // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
- uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
- for(count=0;count<ciphertext_len;count++)
- *(ciphertext+count)=*(ip_ciphertext+count);
- uint8_t* tag = (uint8_t*) malloc(16);
- for(count=0;count<16;count++)
- *(tag+count)=*(ip_tag+count);
- uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
- uint8_t iv[12];
- memset(iv, 0, 12); //memcpy(iv, &global_session_info.active.counter, 4);
- return_status2=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
- for(count=0;count<ciphertext_len;count++)
- *(op_plaintext+count)=plaintext[count];
- free(plaintext); free (ciphertext); free(tag);
- return return_status2;
- }
- uint32_t encrypt_internal(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* op_tag, uint8_t* op_plaintext)
- {
- //return encrypt(ip_ciphertext, ciphertext_len, ip_tag, op_plaintext);
- uint32_t return_status2; uint32_t count;
- unsigned char key[16];
- // copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now.
- for(count=0;count<16;count++)
- key[count]=global_session_info.active.AEK[count];
- // copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
- uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len);
- for(count=0;count<ciphertext_len;count++)
- *(ciphertext+count)=*(ip_ciphertext+count);
- uint8_t tag[16];
- uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
- uint8_t iv[12];
- memset(iv, 0, 12); //memcpy(iv, &global_session_info.active.counter, 4);
- return_status2=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
- for(count=0;count<ciphertext_len;count++)
- *(op_plaintext+count)=plaintext[count];
- for(count=0;count<16;count++)
- op_tag[count]=tag[count];
- free(plaintext); free (ciphertext);
- return return_status2;
- }
|