Decryptor/Decryptor/Decryptor.cpp

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

#include "Decryptor.h"
#include "sgx_tseal.h"
#include "sgx_tcrypto.h"
#include "sgx_dh.h"
#include "datatypes.h"
#include "error_codes.h"


        ECDSASignatureBox Decryptor::signatureBox; 
        HybridEncryptionBox Decryptor::hybridEncryptionBoxClient; 
        SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache; 
        SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier;
        uint8_t Decryptor::verifier_mr_enclave[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 
        uint8_t Decryptor::apache_mr_signer[32] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0};


   uint32_t Decryptor::create_mitigator_token_M(uint8_t* token)
  {
    uint32_t internal_return_status;
    uint32_t counter;
    // create short-term ECDH key pair
    internal_return_status = hybridEncryptionBoxClient.generate_keypair();
    if(internal_return_status == NULL)
      return 0xff;
    hybridEncryptionBoxClient.get_public_key(token);

    // create token: concatenate short-term keypair with verifiers mrenclave.
    for(counter=0;counter<32;counter++)
      *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];

    return 0;
  }

  uint32_t Decryptor::create_mitigator_header_H(uint8_t* signature_data, uint8_t* signature)
  {
    uint32_t internal_return_status;
    uint8_t local_signature[64];
    uint8_t local_signature_data[ECDH_PUBLIC_KEY_SIZE + 32];
    uint32_t counter;
    // Otherwise: DoS or possible bypass (fake verifier does LA  but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave  or whatever is in the memory.
    if(LocalAttestationTrusted::get_one_successful_la_done() < 1)
      return 0xde;  //  This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
    internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data);
    if(internal_return_status != 0x0)
      return internal_return_status;

    internal_return_status = signatureBox.sign(local_signature_data, ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
    if(internal_return_status != 0x0)
      return internal_return_status;
    for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE + 32;counter++)
      signature_data[counter] = local_signature_data[counter];
    for(counter=0;counter<64;counter++)
      signature[counter] = local_signature[counter];
    return 0;
  }

  // done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
  uint32_t Decryptor::create_long_term_signing_keypair(uint8_t* private_public_key_string)
  {
    uint32_t internal_return_status;
    internal_return_status = signatureBox.generate_keypair();
    if(internal_return_status != 0)
      return internal_return_status;

    signatureBox.get_keypair(private_public_key_string);
    return 0;
  }

  uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
  {
    uint8_t* ciphertext;
    uint32_t ciphertext_length;
    uint8_t* tag;
    uint32_t internal_return_status;
    // and now I will derive a shared key from the plaintext_client_public_key
    internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
    if(internal_return_status != 0)
      return internal_return_status;

    // and then I will decrypt the rest of the client data with that key.
    ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
    ciphertext_length = total_length - ECDH_PUBLIC_KEY_SIZE - 16;
    tag = ciphertext + ciphertext_length;

    internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext, ciphertext_length, plaintext_client_data, plaintext_client_data_length, tag);
    return internal_return_status;
  }


    // DONE.
    uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
    {
        uint32_t sgx_libcall_status;
        uint32_t internal_return_status;
        uint32_t temp_sealed_data_length;
        uint8_t* temp_sealed_data;
        uint8_t private_public_key_string[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
        uint32_t counter;
	
        temp_sealed_data_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
        if(temp_sealed_data_length == 0xFFFFFFFF)
          return 0x01;

	
        temp_sealed_data = (uint8_t*) malloc(temp_sealed_data_length);
	
        internal_return_status = create_long_term_signing_keypair(private_public_key_string);
	if(internal_return_status != 0)
	{
		free(temp_sealed_data); 
		return internal_return_status;
	}
	
/*	for(counter=0; counter<temp_sealed_data_length; counter++) 
		temp_sealed_data[counter]=counter;
 */	
        sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
        if(sgx_libcall_status != SGX_SUCCESS)
        {
          free(temp_sealed_data);
          return sgx_libcall_status;
        }
	
        for(counter=0;counter<temp_sealed_data_length;counter++)
    			*(sealed_data + counter)= *(temp_sealed_data + counter);
	*sealed_data_length = temp_sealed_data_length;
        free(temp_sealed_data);
	
        return 0;
    }

    // DONE.
    uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
    {
    	uint32_t counter;
    	uint8_t sign_data_and_sign[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
      uint8_t temp_ciphertext_token_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
      uint8_t temp_tag[16];
      uint32_t temp_ciphertext_token_H_length;
    	uint32_t internal_return_status;

      internal_return_status = create_mitigator_header_H(sign_data_and_sign, sign_data_and_sign + ECDH_PUBLIC_KEY_SIZE + 32);
    	if(internal_return_status != 0)
      	return internal_return_status;

      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
      if(internal_return_status != 0)
        return internal_return_status;

      if(temp_ciphertext_token_H_length != 160)
        return 0x45;

      for(counter=0; counter<160; counter++)
      {
        *(ciphertext_token_H_plus_tag + counter) = *(temp_ciphertext_token_H + counter);
      }
      for(counter=0; counter<16; counter++)
      {
        *(ciphertext_token_H_plus_tag + counter) = *(temp_tag + counter);
      }

    	return 0;
    }

    // DONE.
    uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
    {
      uint32_t temp_plaintext_length;
      uint8_t* temp_plaintext;
      uint32_t counter;
      uint32_t ret_status;
      uint8_t* temp_sealed_data ;

      temp_sealed_data = (uint8_t*) malloc(*sgx_sealed_data_length);
      for(counter=0;counter<*sgx_sealed_data_length;counter++)
        *(temp_sealed_data+counter)=*(sealed_data+counter);

      temp_plaintext_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
      if(temp_plaintext_length == 0xffffffff)
        return 0xFFFFFFFF;
      temp_plaintext = (uint8_t*)malloc( temp_plaintext_length );

      ret_status = sgx_unseal_data((sgx_sealed_data_t*)temp_sealed_data, NULL, 0, temp_plaintext, &temp_plaintext_length);
      free(temp_sealed_data);
      if(ret_status != SGX_SUCCESS)
      {
        free(temp_plaintext);
        return ret_status;
      }

      signatureBox.set_private_public_key(temp_plaintext, temp_plaintext + ECDH_PRIVATE_KEY_SIZE);
      free(temp_plaintext);
      return 0;
    }

    // DONE.
    uint32_t Decryptor::decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag)
    {
      uint8_t temp_apache_mrsigner[32+10];
      uint32_t temp_apache_mrsigner_length;
      uint32_t internal_return_status;
      uint32_t counter;
      uint8_t* tag;

      tag = ciphertext_plus_tag + 32;
      internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, ciphertext_plus_tag, 32, temp_apache_mrsigner, &temp_apache_mrsigner_length, tag);
      if(internal_return_status != 0)
        return internal_return_status;
      if(temp_apache_mrsigner_length != 32)
        return 0x33;

      for(counter=0; counter<32; counter++)
      {
        apache_mr_signer[counter] = *(temp_apache_mrsigner + counter);
      }
      return 0;
    }

    // DONE.
    uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
    {
      uint8_t *first_decryption_output, *plaintext_client_data, *temp_output_ciphertext;
      uint32_t first_decryption_output_length, plaintext_client_data_length;
	uint32_t temp_output_ciphertext_length, internal_return_status;
      uint8_t temp_output_tag[16]; uint32_t counter; 
      // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
      first_decryption_output = (uint8_t*) malloc(input_ciphertext_plus_tag_length);
      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length, first_decryption_output, &first_decryption_output_length, input_ciphertext + input_ciphertext_plus_tag_length - 16);
      if(internal_return_status != 0)
      {
        free(first_decryption_output);
        return internal_return_status;
      }

      plaintext_client_data = (uint8_t*) malloc(first_decryption_output_length); // you will need less than this coz public key size.
      internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
      free(first_decryption_output);
      if(internal_return_status != 0)
        return internal_return_status;

      temp_output_ciphertext = (uint8_t*) malloc(plaintext_client_data_length + 20);
      // then I will encrypt the resulting first_decryption_output to the apache enclave.
      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, temp_output_ciphertext, &temp_output_ciphertext_length, temp_output_tag);
      free(plaintext_client_data);
      if(internal_return_status != 0)
      {
        free(temp_output_ciphertext);
        return internal_return_status;
      }

      for(counter=0; counter<temp_output_ciphertext_length; counter++)
        output_ciphertext_plus_tag[counter] = temp_output_ciphertext[counter];
      free(temp_output_ciphertext);
      for(counter=0; counter<16;counter++)
	output_ciphertext_plus_tag[counter] = temp_output_tag[counter];
      *output_ciphertext_plus_tag_length = temp_output_ciphertext_length + 16;
      return 0;
    }

uint32_t Decryptor::verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek)
{
        uint32_t count; 
        if(LocalAttestationTrusted::get_one_successful_la_done() == 0)
        {
                for(count=0; count<SGX_HASH_SIZE; count++)
                        verifier_mr_enclave[count] = given_mr_enclave[count];
		symmetricEncryptionBoxVerifier.set_symmetric_key(dhaek); 
        }
        else // apache enclave
        {
                for(count=0; count<SGX_HASH_SIZE; count++)
                {
                        if( given_mr_signer[count] != apache_mr_signer[count] )
                                return ENCLAVE_TRUST_ERROR;
                }
		symmetricEncryptionBoxApache.set_symmetric_key(dhaek); 
        }
        return SGX_SUCCESS;
  }

void Decryptor::calculate_sealed_keypair_size(uint32_t* output_length)
{
	*output_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE); 
}