Sealing.cpp 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122
  1. //
  2. // Created by miti on 2019-12-21.
  3. //
  4. #include "../Include/Sealing.h"
  5. uint32_t Sealing::write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
  6. {
  7. lseek(fd, 0, SEEK_SET);
  8. ssize_t bytes_written;
  9. bytes_written = write(fd, msg, *expected_msg_length);
  10. if(bytes_written <= 0)
  11. return 0xFFFFFFFF;
  12. fsync(fd);
  13. *expected_msg_length = bytes_written;
  14. close(fd);
  15. return 0;
  16. }
  17. uint32_t Sealing::read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
  18. {
  19. ssize_t bytes_read;
  20. lseek(fd, 0, SEEK_SET);
  21. bytes_read = read(fd, msg, *expected_msg_length);
  22. if(bytes_read <= 0)
  23. return 0xFFFFFFFF;
  24. *expected_msg_length = bytes_read;
  25. return 0;
  26. }
  27. uint32_t Sealing::unseal_signing_key_pair_from_disk(sgx_enclave_id_t enclave_id, int fd, size_t sealed_msg_length_in_file)
  28. {
  29. uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
  30. uint8_t* sealed_data;
  31. sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
  32. // May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
  33. ret_status = read_from_fd(fd, sealed_data, &length);
  34. if(ret_status != 0)
  35. {
  36. free(sealed_data);
  37. return 0xFFFFFFFF;
  38. }
  39. for(counter=0;counter<length;counter++)
  40. printf("%x ", *(sealed_data+counter));
  41. printf("\n"); fflush(stdout);
  42. Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, sealed_data, &length);
  43. free(sealed_data);
  44. return ret_status;
  45. }
  46. uint32_t Sealing::create_and_seal_signing_key_pair_to_disk(sgx_enclave_id_t enclave_id, int fd)
  47. {
  48. uint32_t ret_status=0, length=0, counter=0;
  49. uint8_t* sealed_data;
  50. Decryptor_calculate_sealed_keypair_size_wrapper(enclave_id, &length);
  51. if(length == 0xFFFFFFFF)
  52. return 0xFFFFFFFF;
  53. sealed_data=(uint8_t*) malloc(length);
  54. printf("length: %d\n", length); fflush(stdout);
  55. Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(enclave_id, &ret_status, &length, sealed_data);
  56. if(ret_status != SGX_SUCCESS)
  57. {
  58. printf("create_and_seal called returned an error: %x", ret_status);
  59. free(sealed_data);
  60. return 0xFFFFFFFF;
  61. }
  62. printf("It returned sgx_success\n"); fflush(stdout);
  63. for(counter=0; counter<length; counter++)
  64. printf("%02x ", sealed_data[counter]);
  65. ret_status = write_to_fd(fd, sealed_data, &length);
  66. free(sealed_data);
  67. return ret_status;
  68. }
  69. // "sealed_signing_key.txt"
  70. uint32_t Sealing::initialize_long_term_keypair(sgx_enclave_id_t enclaveId, const char* filename)
  71. {
  72. struct stat st;
  73. size_t sealed_msg_length_in_file;
  74. int sealed_signing_key_fd;
  75. uint32_t ret_status;
  76. sealed_signing_key_fd = open(filename, O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
  77. if(sealed_signing_key_fd == -1)
  78. {
  79. perror("\nError in opening the file \n");
  80. fflush(stderr);
  81. return 0xFFFFFFFF;
  82. }
  83. printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
  84. fflush(stdout);
  85. ret_status = fstat(sealed_signing_key_fd, &st);
  86. if(ret_status != 0)
  87. {
  88. perror("error in finding the file size. - ");
  89. fflush(stderr);
  90. return 0xffffffff;
  91. }
  92. sealed_msg_length_in_file = st.st_size;
  93. if(sealed_msg_length_in_file == 0)
  94. {
  95. printf("Creating new keypair.\n"); fflush(stdout);
  96. ret_status = create_and_seal_signing_key_pair_to_disk(enclaveId, sealed_signing_key_fd);
  97. }
  98. else
  99. {
  100. printf("Unsealing keypair.\n"); fflush(stdout);
  101. ret_status = unseal_signing_key_pair_from_disk(enclaveId, sealed_signing_key_fd, sealed_msg_length_in_file);
  102. }
  103. return 0;
  104. }