App.cpp 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212
  1. // App.cpp : Defines the entry point for the console application.
  2. #include <stdio.h>
  3. #include <map>
  4. #include "../Decryptor/Decryptor_u.h"
  5. #include "sgx_eid.h"
  6. #include "sgx_urts.h"
  7. #define __STDC_FORMAT_MACROS
  8. #include <inttypes.h>
  9. #include "LocalAttestationUntrusted.h"
  10. #include "Sealing.h"
  11. //#define UNUSED(val) (void)(val)
  12. #define TCHAR char
  13. #define _TCHAR char
  14. #define _T(str) str
  15. #define scanf_s scanf
  16. // Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
  17. //extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
  18. //int __ImageBase=0;
  19. sgx_enclave_id_t enclave_id = 0;
  20. #define Decryptor_PATH "libDecryptor.so"
  21. //////////////////////////////////////////////////
  22. #include <stdio.h>
  23. uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
  24. {
  25. lseek(fd, 0, SEEK_SET);
  26. ssize_t bytes_written;
  27. bytes_written = write(fd, msg, *expected_msg_length);
  28. if(bytes_written <= 0)
  29. return 0xFFFFFFFF;
  30. fsync(fd);
  31. *expected_msg_length = bytes_written;
  32. return 0;
  33. }
  34. uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
  35. {
  36. ssize_t bytes_read;
  37. lseek(fd, 0, SEEK_SET);
  38. bytes_read = read(fd, msg, *expected_msg_length);
  39. if(bytes_read <= 0)
  40. return 0xFFFFFFFF;
  41. *expected_msg_length = bytes_read;
  42. return 0;
  43. }
  44. uint32_t unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
  45. {
  46. uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
  47. uint8_t* sealed_data;
  48. sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
  49. // May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
  50. ret_status = read_from_fd(fd, sealed_data, &length);
  51. if(ret_status != 0)
  52. {
  53. free(sealed_data);
  54. return 0xFFFFFFFF;
  55. }
  56. for(counter=0;counter<length;counter++)
  57. printf("%x ", *(sealed_data+counter));
  58. printf("\n"); fflush(stdout);
  59. Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, sealed_data, &length);
  60. free(sealed_data);
  61. return ret_status;
  62. }
  63. uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
  64. {
  65. uint32_t ret_status=0, length=0, counter=0;
  66. uint8_t* sealed_data;
  67. Decryptor_calculate_sealed_keypair_size_wrapper(enclave_id, &length);
  68. if(length == 0xFFFFFFFF)
  69. return 0xFFFFFFFF;
  70. sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
  71. printf("length: %d\n", length); fflush(stdout);
  72. Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, &length, sealed_data);
  73. if(ret_status != SGX_SUCCESS)
  74. {
  75. printf("create_and_seal called returned an error: %x", ret_status);
  76. free(sealed_data);
  77. return 0xFFFFFFFF;
  78. }
  79. printf("It returned sgx_success\n"); fflush(stdout);
  80. for(counter=0; counter<length; counter++)
  81. printf("%02x ", sealed_data[counter]);
  82. ret_status = write_to_fd(fd, sealed_data, &length);
  83. free(sealed_data);
  84. return ret_status;
  85. }
  86. int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
  87. {
  88. uint32_t ret_status, counter;
  89. sgx_status_t status;
  90. // For sgx setup
  91. int launch_token_updated;
  92. sgx_launch_token_t launch_token;
  93. // sgx_ec256_public_t pub_key;
  94. int server_fd, accept_fd;
  95. status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &enclave_id, NULL);
  96. if(status != SGX_SUCCESS)
  97. {
  98. printf("\nLoad Enclave Failure");
  99. return -1;
  100. }
  101. printf("\nDecryptor - EnclaveID %" PRIx64, enclave_id);
  102. fflush(stdout);
  103. // Sealing class looks for this file on disk.
  104. // If it exists, it reads the file, does an ecall to unseal the content and loads the signing-verification keypair.
  105. // Otherwise, it runs an ecall that creates such a keypair, seals it and then writes the content to disk.
  106. // In either case, this keypair is initialized within the enclave.
  107. Sealing sealer;
  108. const char* sealed_keypair_file = "sealed_signing_key.txt";
  109. ret_status = sealer.initialize_long_term_keypair(enclave_id, sealed_keypair_file);
  110. if(ret_status != 0)
  111. {
  112. sgx_destroy_enclave(enclave_id);
  113. return ret_status;
  114. }
  115. // Retrieves the long-term *verification* key that is initialized in the enclave as a result of the previous call.
  116. uint8_t verification_key[64];
  117. Decryptor_get_long_term_verification_key_wrapper(enclave_id, verification_key);
  118. printf("Verification key\n"); fflush(stdout);
  119. for(counter=0;counter<32;counter++)
  120. printf("%02x", verification_key[counter]);
  121. printf("\n"); fflush(stdout);
  122. for(counter=0;counter<32;counter++)
  123. printf("%02x", verification_key[counter + 32]);
  124. printf("\n"); fflush(stdout);
  125. ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(enclave_id);
  126. if(ret_status !=0)
  127. {
  128. printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(enclave_id);
  129. return ret_status;
  130. }
  131. server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3824);
  132. if(server_fd <=0)
  133. {
  134. printf("Error in setting up server socket."); fflush(stdout);
  135. sgx_destroy_enclave(enclave_id);
  136. return server_fd;
  137. }
  138. printf("Successfully set up a socket to communicate with the verifier enclave.\n");
  139. fflush(stdout);
  140. // LA with the verifier
  141. ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id, server_fd, &accept_fd);
  142. if(ret_status!=0)
  143. {
  144. printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
  145. sgx_destroy_enclave(enclave_id);
  146. return 0xFFFFFFFF;
  147. }
  148. ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(enclave_id, accept_fd);
  149. if(ret_status!=0)
  150. {
  151. printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
  152. sgx_destroy_enclave(enclave_id);
  153. return 0xFFFFFF01;
  154. }
  155. // LA with apache
  156. server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3825);
  157. if(server_fd <=0)
  158. {
  159. printf("Error in setting up server socket."); fflush(stdout);
  160. sgx_destroy_enclave(enclave_id);
  161. return server_fd;
  162. }
  163. printf("Successfully set up a socket to communicate with the Apache enclave.\n");
  164. fflush(stdout);
  165. ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(enclave_id,server_fd,&accept_fd);
  166. if(ret_status<0)
  167. {
  168. printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
  169. sgx_destroy_enclave(enclave_id);
  170. return 0xFFFFFFFF;
  171. }
  172. ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(enclave_id,accept_fd);
  173. if(ret_status!=0)
  174. {
  175. printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
  176. sgx_destroy_enclave(enclave_id);
  177. return 0xFFFFFF01;
  178. }
  179. sgx_destroy_enclave(enclave_id);
  180. return 0;
  181. }