123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375 |
- /*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
- // Enclave2.cpp : Defines the exported functions for the DLL application
- #include "sgx_eid.h"
- #include "sgx_tcrypto.h"
- #include "Decryptor_t.h"
- #include "EnclaveMessageExchange.h"
- #include "error_codes.h"
- #include "Utility_Decryptor.h"
- #include "sgx_thread.h"
- #include "sgx_dh.h"
- #include <map>
- #include "sgx_tcrypto.h"
- #include "LocalAttestationCode_t.h"
- #include "sgx_tseal.h"
- // internal-internal
- uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
- void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
- void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
- uint32_t create_mitigator_header_value(uint8_t* signature_data, uint8_t* signature);
- uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key);
- uint32_t calculate_sealed_data_size( uint32_t input_size) ;
- uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused)) uint32_t* sealed_data_length, __attribute__((unused)) uint8_t* sealed_data);
- uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length);
- uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag);
- //uint32_t create_and_encrypt_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, uint8_t* tag);
- uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag, sgx_ec256_public_t* pub_key);
- uint32_t one_la_done=0;
- static sgx_ec256_public_t short_term_pub_key;
- static sgx_ec256_private_t short_term_priv_key;
- sgx_ec256_signature_t generated_signature; // TODO: remove
- sgx_measurement_t apache_mr_signer; // TODO: remove
- sgx_measurement_t verifier_mr_enclave; // TODO: remove
- static sgx_ec256_private_t signing_priv_key;
- extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused)) sgx_dh_session_enclave_identity_t* peer_enclave_identity)
- {
- uint32_t count;
- if(!peer_enclave_identity)
- {
- return INVALID_PARAMETER_ERROR;
- }
- if(one_la_done==0)
- {
- for(count=0; count<SGX_HASH_SIZE; count++)
- verifier_mr_enclave.m[count]=peer_enclave_identity->mr_enclave.m[count];
- memset(&(apache_mr_signer.m),0x0,SGX_HASH_SIZE); // "initialization"
- one_la_done=1;
- }
- else // apache enclave
- {
- sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
- // verifier's mrsigner
- // uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c};
- int count;
- for(count=0; count<SGX_HASH_SIZE; count++)
- {
- if( actual_mr_signer.m[count] != apache_mr_signer.m[count] )
- return ENCLAVE_TRUST_ERROR;
- }
- }
- return SGX_SUCCESS;
- }
- // This needs to be called after the first local attestation is successful - otherwise, the internal apache_mr_signer.m will not be set properly for the comparison of the mrsigner for the 2nd LA in verify_peer_enclave_trust.
- // (I.e. if it is not called then DoS
- uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag)
- {
- return decrypt(ciphertext, 32, tag, (uint8_t*) &(apache_mr_signer.m));
- // if(mrsigner_decryption_successful !=0)
- // return mrsigner_decryption_successful;
- }
- // signature_data - 96 bytes, encrypted_signature assumed to be at least 64 bytes, tag - at least 16 bytes
- uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag)
- {
- uint32_t count;
- uint8_t sign_data_and_sign[160];
- uint32_t ret_status=create_mitigator_header_value(sign_data_and_sign, sign_data_and_sign+96);
- if(ret_status != SGX_SUCCESS)
- {
- // printf("Could not generate or sign another keypair for client-side, error:%x.\n", ret_status); fflush(stdout);
- return 0xFFFFFFDD;
- }
- // ret_status=verify_mitigator_header_value(sign_data_and_sign, sign_data_and_sign+96, pub_key);
- // if(ret_status !=0)
- // return ret_status;
- for(count=0; count<160; count++)
- *(plaintext_sign_data_and_sign+count)=sign_data_and_sign[count];
- ret_status = encrypt_internal(sign_data_and_sign, 160, tag, encrypted_sign_data_and_sign);
- return ret_status;
- }
- uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
- {
- sgx_status_t se_ret; sgx_status_t se_ret2;
- //create ECC context
- sgx_ecc_state_handle_t ecc_state = NULL;
- se_ret = sgx_ecc256_open_context(&ecc_state);
- if(SGX_SUCCESS != se_ret)
- return se_ret;
- // generate private key and public key
- se_ret = sgx_ecc256_create_key_pair(priv_key, pub_key, ecc_state);
- se_ret2 = sgx_ecc256_close_context(ecc_state);
- if(SGX_SUCCESS != se_ret || se_ret2!= SGX_SUCCESS) // something weird has happened - couldn't shut it down.
- return 0xFFFFFFFF;
- return SGX_SUCCESS;
- }
- // todo: set to private
- // todo: assumes that the length of the keystring is at least 3*SGX_ECP256_KEY_SIZE
- void serialize_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string)
- {
- if(private_public_key_string != NULL) // nowhere to serialize to
- {
- uint32_t counter;
- if(pub_key != NULL) // public key to serialize
- {
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
- *(private_public_key_string+counter)=pub_key->gx[counter];
- for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
- *(private_public_key_string+counter)=pub_key->gy[counter-SGX_ECP256_KEY_SIZE];
- }
- if(signing_priv_key != NULL) // private key to serialize
- {
- for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
- *(private_public_key_string+counter)=signing_priv_key->r[counter - 2*SGX_ECP256_KEY_SIZE];
- }
- }
- }
- // todo: set to private
- void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key)
- {
- if(private_public_key_string != NULL) // nowhere to deserialize from
- {
- uint32_t counter;
- if(signing_priv_key != NULL)
- {
- for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
- signing_priv_key->r[counter-2*SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
- }
- if(pub_key != NULL)
- {
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
- pub_key->gx[counter]=*(private_public_key_string+counter);
- for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
- pub_key->gy[counter-SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
- }
- }
- }
- uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused)) uint32_t* sealed_data_length,
- __attribute__((unused)) uint8_t* sealed_data)
- {
- uint32_t ret_status; sgx_ec256_private_t private_key; uint32_t counter;
- ret_status=create_ec_key_pair(pub_key, &private_key);
- if(ret_status!=SGX_SUCCESS)
- return ret_status;
- for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
- signing_priv_key.r[counter]=private_key.r[counter];
- // generating the entire string as there is no SGX function to generate the public key from the private one.
- uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
- uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
- // serializing keypair to string
- serialize_key_pair_to_string(pub_key, &private_key, private_public_key_string);
- uint8_t* private_key_string = (uint8_t*) malloc(SGX_ECP256_KEY_SIZE);
- for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
- *(private_key_string+counter)=private_key.r[counter];
- // return *sealed_data_length;
- ret_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2);
- for(counter=0;counter<*sealed_data_length;counter++)
- *(sealed_data+counter)=*(sealed_data2+counter);
- free(sealed_data2);
- free(private_key_string); //free(private_key);
- free(private_public_key_string);
- return ret_status; // SGX_SUCCESS;
- }
- /*
- uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, __attribute__((unused)) uint8_t* sealed_data, __attribute__((unused)) uint32_t* sgx_sealed_data_length)
- {
- return SGX_SUCCESS;
- }*/
- uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
- {
- uint32_t expected_plaintext_msg_length; uint8_t* temp_plaintext; uint32_t counter; uint32_t ret_status;
- expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
- if(expected_plaintext_msg_length == 0xffffffff)
- return 0xFFFFFFFF;
- // uint32_t return_status;
- uint8_t* sealed_data2 = (uint8_t*) malloc(*sgx_sealed_data_length);
- for(counter=0;counter<*sgx_sealed_data_length;counter++)
- {
- *(sealed_data2+counter)=*(sealed_data+counter);
- }
- temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
- ret_status = sgx_unseal_data((sgx_sealed_data_t*)sealed_data2, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
- if(ret_status != SGX_SUCCESS)
- {
- free(temp_plaintext);free(sealed_data2);
- switch(ret_status)
- {
- case SGX_ERROR_MAC_MISMATCH:
- // MAC of the sealed data is incorrect. The sealed data has been tampered.
- break;
- case SGX_ERROR_INVALID_ATTRIBUTE:
- // Indicates attribute field of the sealed data is incorrect.
- break;
- case SGX_ERROR_INVALID_ISVSVN:
- // Indicates isv_svn field of the sealed data is greater than the enclave�s ISVSVN. This is a downgraded enclave.
- break;
- case SGX_ERROR_INVALID_CPUSVN:
- // Indicates cpu_svn field of the sealed data is greater than the platform�s cpu_svn. enclave is on a downgraded platform.
- break;
- case SGX_ERROR_INVALID_KEYNAME:
- // Indicates key_name field of the sealed data is incorrect.
- break;
- default:
- // other errors
- break;
- }
- return ret_status;
- }
-
- deserialize_string_to_key_pair(temp_plaintext, pub_key, &signing_priv_key);
- free(temp_plaintext); free(sealed_data2);
- return SGX_SUCCESS;
- }
- uint32_t create_mitigator_header_value(__attribute__((unused)) uint8_t* signature_data, __attribute__((unused)) uint8_t* signature)
- {
- // Otherwise: DoS or possible bypass (fake verifier does LA but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave or whatever is in the memory.
- if(one_la_done < 1)
- return 0xde; // This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
- // TODO: Comment this
- // memset(&(verifier_mr_enclave.m), 0x55, 32);
- // create key pair
- uint32_t ret_status = create_ec_key_pair(&short_term_pub_key, &short_term_priv_key); uint32_t counter;
- uint32_t ret_status2;
- if(ret_status!=SGX_SUCCESS)
- return ret_status;
- // serialize public key, append mr_enclave
- // uint8_t* public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE); // for .edl file - size parameter for serialize is 96 and this fits coz we need to append the mr_enclave to the pub key
- serialize_key_pair_to_string(&short_term_pub_key, NULL, signature_data);
- for(counter=32*2; counter<32*3; counter++) // appending mr_enclave
- *(signature_data+counter)=0x55;//verifier_mr_enclave.m[counter]; TODO: uncomment verifier_mrenclave
- // retrieve long-term private key from global variable - apparently, need to create a local copy or it crashes
- sgx_ec256_private_t long_term_priv_key;
- for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++)
- long_term_priv_key.r[counter] = signing_priv_key.r[counter];
- // sign public key with long-term private key
- sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle;
- //// opening context for signature
- ret_status = sgx_ecc256_open_context(&ecc_handle);
- if(ret_status != SGX_SUCCESS)
- return ret_status;
- ret_status = sgx_ecdsa_sign(signature_data,3*SGX_ECP256_KEY_SIZE, &long_term_priv_key, &local_signature, ecc_handle);
- ret_status2 = sgx_ecc256_close_context(ecc_handle);
- // free(public_key_string);
- if(ret_status == SGX_SUCCESS)
- { // this only works for Little-endian architectures - need to do byte-wise swapping of the bytes obtained on RHS
- uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x));
- uint32_t ecdsa_sig_count;
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
- signature[ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count);
- current_sig_byte = (uint8_t*)(&(local_signature.y));
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
- signature[ecdsa_sig_count+32]=*(current_sig_byte+ecdsa_sig_count);
- }
- if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
- return 0xFFFFFFFF;
- return 0;
- }
- uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key)
- {
- sgx_ec256_public_t local_pub_key; uint32_t counter; uint32_t ret_status; uint32_t ret_status2;
- for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
- {
- local_pub_key.gx[counter] = pub_key->gx[counter];
- local_pub_key.gy[counter] = pub_key->gy[counter];
- }
- sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle;
- uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x));
- uint32_t ecdsa_sig_count; uint8_t verification_result;
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
- *(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count];
- current_sig_byte = (uint8_t*)(&(local_signature.y));
- for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
- *(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count+32];
- //// opening context for signature
- ret_status = sgx_ecc256_open_context(&ecc_handle);
- if(ret_status != SGX_SUCCESS)
- return ret_status;
- ret_status = sgx_ecdsa_verify(signature_data,3*SGX_ECP256_KEY_SIZE, &local_pub_key, &local_signature, &verification_result, ecc_handle);
- ret_status2 = sgx_ecc256_close_context(ecc_handle);
- if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
- return 0xFFFFFFFF;
- if(verification_result != SGX_EC_VALID)
- return 0xee;
- return 0;
- }
- uint32_t derive_shared_secret_for_client()
- {
- return 0;
- }
- uint32_t calculate_sealed_data_size( uint32_t input_size)
- {
- // *op_size=sgx_calc_sealed_data_size(0, input_size);
- return sgx_calc_sealed_data_size(0, input_size);
- }
|