Decryptor.cpp 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. // Enclave2.cpp : Defines the exported functions for the DLL application
  32. #include "sgx_eid.h"
  33. #include "sgx_tcrypto.h"
  34. #include "Decryptor_t.h"
  35. #include "EnclaveMessageExchange.h"
  36. #include "error_codes.h"
  37. #include "Utility_Decryptor.h"
  38. #include "sgx_thread.h"
  39. #include "sgx_dh.h"
  40. #include <map>
  41. #define UNUSED(val) (void)(val)
  42. /*
  43. std::map<sgx_enclave_id_t, dh_session_t>g_src_session_info_map;
  44. static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length);
  45. //Function pointer table containing the list of functions that the enclave exposes
  46. const struct {
  47. size_t num_funcs;
  48. const void* table[1];
  49. } func_table = {
  50. 1,
  51. {
  52. (const void*)e2_foo1_wrapper,
  53. }
  54. };
  55. */
  56. /*
  57. //Makes use of the sample code function to establish a secure channel with the destination enclave
  58. uint32_t test_create_session(sgx_enclave_id_t src_enclave_id,
  59. sgx_enclave_id_t dest_enclave_id)
  60. {
  61. ATTESTATION_STATUS ke_status = SUCCESS;
  62. dh_session_t dest_session_info;
  63. //Core reference code function for creating a session
  64. ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info);
  65. if(ke_status == SUCCESS)
  66. {
  67. //Insert the session information into the map under the corresponding destination enclave id
  68. g_src_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(dest_enclave_id, dest_session_info));
  69. }
  70. memset(&dest_session_info, 0, sizeof(dh_session_t));
  71. return ke_status;
  72. }
  73. //Makes use of the sample code function to do an enclave to enclave call (Test Vector)
  74. uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id,
  75. sgx_enclave_id_t dest_enclave_id)
  76. {
  77. ATTESTATION_STATUS ke_status = SUCCESS;
  78. param_struct_t *p_struct_var, struct_var;
  79. uint32_t target_fn_id, msg_type;
  80. char* marshalled_inp_buff;
  81. size_t marshalled_inp_buff_len;
  82. char* out_buff;
  83. size_t out_buff_len;
  84. dh_session_t *dest_session_info;
  85. size_t max_out_buff_size;
  86. char* retval;
  87. max_out_buff_size = 50;
  88. target_fn_id = 0;
  89. msg_type = ENCLAVE_TO_ENCLAVE_CALL;
  90. struct_var.var1 = 0x3;
  91. struct_var.var2 = 0x4;
  92. p_struct_var = &struct_var;
  93. //Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer
  94. ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len);
  95. if(ke_status != SUCCESS)
  96. {
  97. return ke_status;
  98. }
  99. //Search the map for the session information associated with the destination enclave id passed in
  100. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  101. if(it != g_src_session_info_map.end())
  102. {
  103. dest_session_info = &it->second;
  104. }
  105. else
  106. {
  107. SAFE_FREE(marshalled_inp_buff);
  108. return INVALID_SESSION;
  109. }
  110. //Core Reference Code function
  111. ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
  112. marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
  113. if(ke_status != SUCCESS)
  114. {
  115. SAFE_FREE(marshalled_inp_buff);
  116. SAFE_FREE(out_buff);
  117. return ke_status;
  118. }
  119. //Un-marshal the return value and output parameters from foo1 of Enclave3
  120. ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval);
  121. if(ke_status != SUCCESS)
  122. {
  123. SAFE_FREE(marshalled_inp_buff);
  124. SAFE_FREE(out_buff);
  125. return ke_status;
  126. }
  127. SAFE_FREE(marshalled_inp_buff);
  128. SAFE_FREE(out_buff);
  129. SAFE_FREE(retval);
  130. return SUCCESS;
  131. }
  132. //Makes use of the sample code function to do a generic secret message exchange (Test Vector)
  133. uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id,
  134. sgx_enclave_id_t dest_enclave_id)
  135. {
  136. ATTESTATION_STATUS ke_status = SUCCESS;
  137. uint32_t target_fn_id, msg_type;
  138. char* marshalled_inp_buff;
  139. size_t marshalled_inp_buff_len;
  140. char* out_buff;
  141. size_t out_buff_len;
  142. dh_session_t *dest_session_info;
  143. size_t max_out_buff_size;
  144. char* secret_response;
  145. uint32_t secret_data;
  146. target_fn_id = 0;
  147. msg_type = MESSAGE_EXCHANGE;
  148. max_out_buff_size = 50;
  149. secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration.
  150. //Marshals the secret data into a buffer
  151. ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len);
  152. if(ke_status != SUCCESS)
  153. {
  154. return ke_status;
  155. }
  156. //Search the map for the session information associated with the destination enclave id passed in
  157. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  158. if(it != g_src_session_info_map.end())
  159. {
  160. dest_session_info = &it->second;
  161. }
  162. else
  163. {
  164. SAFE_FREE(marshalled_inp_buff);
  165. return INVALID_SESSION;
  166. }
  167. //Core Reference Code function
  168. ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff,
  169. marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len);
  170. if(ke_status != SUCCESS)
  171. {
  172. SAFE_FREE(marshalled_inp_buff);
  173. SAFE_FREE(out_buff);
  174. return ke_status;
  175. }
  176. //Un-marshal the secret response data
  177. ke_status = umarshal_message_exchange_response(out_buff, &secret_response);
  178. if(ke_status != SUCCESS)
  179. {
  180. SAFE_FREE(marshalled_inp_buff);
  181. SAFE_FREE(out_buff);
  182. return ke_status;
  183. }
  184. SAFE_FREE(marshalled_inp_buff);
  185. SAFE_FREE(out_buff);
  186. SAFE_FREE(secret_response);
  187. return SUCCESS;
  188. }
  189. //Makes use of the sample code function to close a current session
  190. uint32_t test_close_session(sgx_enclave_id_t src_enclave_id,
  191. sgx_enclave_id_t dest_enclave_id)
  192. {
  193. dh_session_t dest_session_info;
  194. ATTESTATION_STATUS ke_status = SUCCESS;
  195. //Search the map for the session information associated with the destination enclave id passed in
  196. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_src_session_info_map.find(dest_enclave_id);
  197. if(it != g_src_session_info_map.end())
  198. {
  199. dest_session_info = it->second;
  200. }
  201. else
  202. {
  203. return NULL;
  204. }
  205. //Core reference code function for closing a session
  206. ke_status = close_session(src_enclave_id, dest_enclave_id);
  207. //Erase the session information associated with the destination enclave id
  208. g_src_session_info_map.erase(dest_enclave_id)
  209. return ke_status;
  210. }
  211. */
  212. //Function that is used to verify the trust of the other enclave
  213. //Each enclave can have its own way verifying the peer enclave identity
  214. extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity)
  215. {
  216. if(!peer_enclave_identity)
  217. {
  218. return INVALID_PARAMETER_ERROR;
  219. }
  220. // sgx_measurement_t actual_mr_enclave = peer_enclave_identity->mr_enclave;
  221. sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
  222. // verifier's mrsigner
  223. uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c};
  224. int count;
  225. for(count=0; count<SGX_HASH_SIZE; count++)
  226. {
  227. /* if( actual_mr_enclave.m[count] != expected_mr_enclave[count] )
  228. {
  229. return ENCLAVE_TRUST_ERROR;
  230. }*/
  231. if( actual_mr_signer.m[count] != expected_mr_signer[count] )
  232. {
  233. return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
  234. }
  235. }
  236. //#include "stdlib.h"
  237. //#include "string"
  238. //#include "sgx_tcrypto.h"
  239. //int create_rsa_key_pair_for_signing_manifest(/*std::string& priv_key, std::string& pub_key*/)
  240. //{
  241. uint32_t ret_sgx;
  242. uint8_t* n=(uint8_t*)malloc(384);
  243. uint8_t* d=(uint8_t*)malloc(384);
  244. uint8_t* p=(uint8_t*)malloc(192);
  245. uint8_t* q=(uint8_t*)malloc(192);
  246. uint8_t* dmp1=(uint8_t*)malloc(192);
  247. uint8_t* dmq1=(uint8_t*)malloc(192);
  248. uint8_t* iqmp=(uint8_t*)malloc(192);
  249. int e=3;
  250. ret_sgx=sgx_create_rsa_key_pair(384, 4, n, d, (unsigned char*)&e, p, q, dmp1, dmq1, iqmp);
  251. free(n); free(d); free(p); free(q); free(dmp1); free(dmq1); free(iqmp);
  252. return ret_sgx;
  253. //}
  254. /* if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED))
  255. {
  256. return ENCLAVE_TRUST_ERROR;
  257. }
  258. else
  259. {
  260. return SUCCESS;
  261. }*/
  262. return SUCCESS; //ENCLAVE_TRUST_ERROR;
  263. }
  264. /*
  265. //Dispatch function that calls the approriate enclave function based on the function id
  266. //Each enclave can have its own way of dispatching the calls from other enclave
  267. extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data,
  268. size_t decrypted_data_length,
  269. char** resp_buffer,
  270. size_t* resp_length)
  271. {
  272. ms_in_msg_exchange_t *ms;
  273. uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*);
  274. if(!decrypted_data || !resp_length)
  275. {
  276. return INVALID_PARAMETER_ERROR;
  277. }
  278. ms = (ms_in_msg_exchange_t *)decrypted_data;
  279. if(ms->target_fn_id >= func_table.num_funcs)
  280. {
  281. return INVALID_PARAMETER_ERROR;
  282. }
  283. fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id];
  284. return fn1(ms, decrypted_data_length, resp_buffer, resp_length);
  285. return 1;
  286. }
  287. //Operates on the input secret and generates the output secret
  288. uint32_t get_message_exchange_response(uint32_t inp_secret_data)
  289. {
  290. uint32_t secret_response;
  291. //User should use more complex encryption method to protect their secret, below is just a simple example
  292. secret_response = inp_secret_data & 0x11111111;
  293. return secret_response;
  294. return 0x1;
  295. }
  296. //Generates the response from the request message
  297. extern "C" uint32_t message_exchange_response_generator(char* decrypted_data,
  298. char** resp_buffer,
  299. size_t* resp_length)
  300. {
  301. ms_in_msg_exchange_t *ms;
  302. uint32_t inp_secret_data;
  303. uint32_t out_secret_data;
  304. if(!decrypted_data || !resp_length)
  305. {
  306. return INVALID_PARAMETER_ERROR;
  307. }
  308. ms = (ms_in_msg_exchange_t *)decrypted_data;
  309. if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS)
  310. return ATTESTATION_ERROR;
  311. out_secret_data = get_message_exchange_response(inp_secret_data);
  312. if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS)
  313. return MALLOC_ERROR;
  314. return SUCCESS;
  315. }
  316. static uint32_t e2_foo1(uint32_t var1, uint32_t var2)
  317. {
  318. return(var1 + var2);
  319. }
  320. //Function which is executed on request from the source enclave
  321. static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms,
  322. size_t param_lenth,
  323. char** resp_buffer,
  324. size_t* resp_length)
  325. {
  326. UNUSED(param_lenth);
  327. uint32_t var1,var2,ret;
  328. if(!ms || !resp_length)
  329. {
  330. return INVALID_PARAMETER_ERROR;
  331. }
  332. if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS)
  333. return ATTESTATION_ERROR;
  334. ret = e2_foo1(var1, var2);
  335. if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS )
  336. return MALLOC_ERROR; //can set resp buffer to null here
  337. return SUCCESS;
  338. }
  339. */
  340. uint32_t foo()
  341. {
  342. return 0;
  343. }