miti
/
Decryptor


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291
							/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
 *
 */
/*
#define SGX_DH_MAC_SIZE 16
#define SGX_TARGET_INFO_RESERVED1_BYTES 4
#define SGX_TARGET_INFO_RESERVED2_BYTES 456
#define SGX_ECP256_KEY_SIZE 32
#define SGX_CPUSVN_SIZE 16
#define SGX_REPORT_DATA_SIZE 64
#define SGX_MAC_SIZE 16 // Message Authentication Code - 16 bytes 
#define SGX_KEYID_SIZE 32
#define SGX_HASH_SIZE 32 // SHA256 

#define SGX_REPORT_BODY_RESERVED1 28
#define SGX_REPORT_BODY_RESERVED2 32
#define SGX_REPORT_BODY_RESERVED3 96
#define SGX_REPORT_BODY_RESERVED4 60
*/
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Decryptor/Decryptor_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#include<unistd.h>
// for sealing - sgx_calc_sealed_data_size
#include "sgx_tseal.h"


// For reading from/writing to file -sealing.
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
/*
// For google proto buffers
#include "dhmsgs.pb.h"
#include <inttypes.h>
#include <google/protobuf/io/coded_stream.h>
#include <google/protobuf/io/zero_copy_stream_impl.h>
#include "SgxProtobufLATransforms_initiator.h"
using namespace google::protobuf::io;
*/
#include "systemLA.h"

//#define UNUSED(val) (void)(val)
#define TCHAR   char
#define _TCHAR  char
#define _T(str) str
#define scanf_s scanf

// Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
//extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;

sgx_enclave_id_t e2_enclave_id = 0;
#define Decryptor_PATH "libDecryptor.so"
//////////////////////////////////////////////////

#include <stdio.h>


uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
{
  lseek(fd, 0, SEEK_SET);
  ssize_t bytes_written;
  bytes_written = write(fd, msg, *expected_msg_length);
  if(bytes_written <= 0)
    return 0xFFFFFFFF;

  fsync(fd);
  *expected_msg_length = bytes_written;
  return 0;
}

uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
{
  ssize_t bytes_read;
  lseek(fd, 0, SEEK_SET);
  bytes_read = read(fd, msg, *expected_msg_length);
  if(bytes_read <= 0)
    return 0xFFFFFFFF;
  *expected_msg_length = bytes_read;
  return 0;
}


uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused))  sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length)
{
  uint32_t ret_status;
  uint8_t* sgx_sealed_msg;
  printf("expected read 0x%ld\n", *actual_sealed_msg_length);
  sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL)
  ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length);
  if(ret_status != 0)
  {
    free(sgx_sealed_msg);
    return 0xFFFFFFFF;
  }
  printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status);  fflush(stdout);
  size_t counter;
  for(counter=0;counter<*actual_sealed_msg_length;counter++)
	printf("%x ", *(sgx_sealed_msg+counter));
  printf("\n");  fflush(stdout);
  Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length);
  free(sgx_sealed_msg);
  return ret_status;
}

uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int fd, __attribute__((unused))   sgx_ec256_public_t* pub_key)
{
  uint32_t ret_status;
  // Generating a signing ECDSA key to sign the encryption key.
  uint32_t length;
  Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
  if(length == 0xFFFFFFFF)
    return 0xFFFFFFFF;
  printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout);
  uint8_t* sealed_data=(uint8_t*) malloc(0x300);
  printf("Made call to sgx_calc_sealed_data_size\n");  fflush(stdout);
  Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data);
  if(ret_status != SGX_SUCCESS)
  {
    printf("create_and_seal called returned an error: %x", ret_status);
    free(sealed_data);
    return 0xFFFFFFFF;
  }
  printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length;

  ret_status = write_to_fd(fd, sealed_data, &length);
  free(sealed_data);
//  if(ret_status > 0)
//	  *actual_sealed_msg_length = ret_status;
//  return 0;

return ret_status;
}

int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
{
    uint32_t ret_status;
    sgx_status_t status;
    // For sgx setup
    int launch_token_updated;
    sgx_launch_token_t launch_token;
//    uint8_t* pub_key = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE);
    sgx_ec256_public_t pub_key;  uint32_t counter;

    size_t sealed_msg_length_in_file;
    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
    if(status != SGX_SUCCESS)
    {
        printf("\nLoad Enclave Failure");
        return -1;
    }
    printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
    fflush(stdout);
    
    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
    if(sealed_signing_key_fd == -1)
    {
      perror("\nError in opening the file sealed_signing_key.txt - ");
      fflush(stderr);
      return 0xFFFFFFFF;
    }
    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
    fflush(stdout);
//    int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
//    int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
     //sealed_msg_length_in_file = st.st_size;
      if(ret_status != 0)
      {
	perror("error in finding the file size. -  ");
        fflush(stderr);
	return 0xffffffff;

      }
      sealed_msg_length_in_file = st.st_size;
    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
    {
      // TODO: file is empty. create signing key pair.
      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
      ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key);
      if(ret_status != 0)
      {
        printf("\n error in generating the ecdsa signing key pair \n");
        fflush(stdout);    sgx_destroy_enclave(e2_enclave_id);

        return 0xFFFFFFFF;
      }
	fflush(stdout);
      printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
      for(counter=0;counter<32;counter++)
        printf("0x%x ",pub_key.gx[counter]);
      printf("\n");
      for(counter=0;counter<32;counter++)
                printf("0x%x ",pub_key.gy[counter]);
      printf("\n");
      fflush(stdout);
//      fflush(stdout);
    }
    else {
//      start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
  //    if(actual_sealed_msg_length == 0)
  //      actual_sealed_msg_length = size; // - start;
      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file);
      if(ret_status != SGX_SUCCESS)
      {
        printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status);
        fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);

        return 0xFFFFFFFF;
      }
      printf("\n Recovered the ecdsa key pair successfully - gx, gy\n");
      for(counter=0;counter<32;counter++)
	printf("0x%x ",pub_key.gx[counter]);
      printf("\n");
      for(counter=0;counter<32;counter++)
	        printf("0x%x ",pub_key.gy[counter]);
      printf("\n");
      fflush(stdout);
    }

    close(sealed_signing_key_fd);

    ret_status=local_attestation_initiator(3825, e2_enclave_id, NULL);
    if(ret_status!=0)
    {
        printf("local attestation did not successfully return: %x\n", ret_status); fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);
return 0xFFFFFFFF;

    }


/*	sgx_ec256_public_t short_term_pub_key;
	sgx_ec256_signature_t generated_signature;
 Decryptor_create_and_sign_client_side_pub_key(e2_enclave_id, &ret_status,&short_term_pub_key, &generated_signature);
if(ret_status != SGX_SUCCESS)
{
	printf("Could not generate or sign another keypair for client-side, error:%x.\n", ret_status); fflush(stdout);
	return 0xFFFFFFFF;
}
printf("Generated signature and pub key.\n");fflush(stdout);
for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++)
                        printf("0x%x ", short_term_pub_key.gx[counter]); printf("\n"); fflush(stdout);
                for(counter=0;counter<SGX_NISTP_ECP256_KEY_SIZE ; counter++)
                {
                        printf("0x%x", generated_signature.x[counter]);
                        printf("0x%x", generated_signature.y[counter]);
                }
printf("\n"); fflush(stdout);
*/


    // TODO: Continue with other msgs - send sign(enc | verifier mr_enclave)
    sgx_destroy_enclave(e2_enclave_id);

    return 0;
}