Decryptor/Decryptor/Decryptor.cpp

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */


// Enclave2.cpp : Defines the exported functions for the DLL application
#include "sgx_eid.h"
#include "sgx_tcrypto.h"
#include "Decryptor_t.h"
#include "EnclaveMessageExchange.h"
#include "error_codes.h"
#include "Utility_Decryptor.h"
#include "sgx_thread.h"
#include "sgx_dh.h"
#include <map>
#include "sgx_tcrypto.h"
#include "LocalAttestationCode_t.h"
#include "sgx_tseal.h"

//extern dh_session_t global_session_info;
uint8_t apache_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
uint8_t client_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
uint8_t verifier_iv[12] = {0,0,0,0, 0,0,0,0, 0,0,0,0};
extern uint8_t apache_key[16]; 
extern uint8_t verifier_key[16]; 


//uint32_t client_iv=0; 

// internal-internal
uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key);
void serialize_key_pair_to_string( sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string);
void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key); 
uint32_t create_mitigator_header_value(__attribute__((unused)) uint8_t* signature_data, __attribute__((unused)) uint8_t* signature, __attribute__((unused)) uint8_t* private_key,  __attribute__((unused)) sgx_ec256_signature_t* sig2); 
uint32_t aes_gcm_internal_call(uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* tag, uint8_t* op_plaintext, uint32_t enc);
void memcpy_equivalent_copy(uint8_t* dest, uint8_t* src, uint32_t length);

uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key);

uint32_t calculate_sealed_data_size( uint32_t input_size) ; 
uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length,  __attribute__((unused)) uint8_t* sealed_data); 
uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length);

uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag);
uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag, uint8_t* signing_private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2);


uint32_t one_la_done=0; 
static sgx_ec256_public_t short_term_pub_key;
static sgx_ec256_private_t short_term_priv_key; 
//sgx_ec256_signature_t generated_signature; // TODO: remove 
sgx_measurement_t apache_mr_signer; // TODO: remove 
sgx_measurement_t verifier_mr_enclave; // TODO: remove 
static sgx_ec256_private_t signing_priv_key; 

extern "C" uint32_t verify_peer_enclave_trust(__attribute__((unused))  sgx_dh_session_enclave_identity_t* peer_enclave_identity)
{
	uint32_t count;
	if(!peer_enclave_identity)
	{
		return INVALID_PARAMETER_ERROR;
	}
	if(one_la_done==0)
	{
//		return 0x55;
		//sgx_measurement_t local_mr_enclave;
		verifier_mr_enclave = peer_enclave_identity->mr_enclave;
//		memset(&(verifier_mr_enclave.m),0x0, SGX_HASH_SIZE) ; 
//                for(count=0; count<SGX_HASH_SIZE; count++)
//			(&verifier_mr_enclave)->m[count]=0x55;//peer_enclave_identity->mr_enclave.m[count]; 
		memset(&(apache_mr_signer.m),0x0,SGX_HASH_SIZE); // "initialization" 
		one_la_done=1;

	}
	else // apache enclave
	{
		sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
		// verifier's mrsigner 
		//    uint8_t expected_mr_signer[32] ={0xdf, 0xd7, 0x3b, 0x93, 0xea, 0x39, 0x02, 0x02, 0x3c, 0xd0, 0x52, 0x1a, 0xbd, 0x00, 0xaf, 0xb9, 0xa6, 0x54, 0x57, 0x3e, 0xe5, 0xef, 0x36, 0xf4, 0x8c, 0xc2, 0x4d, 0x92, 0x70, 0xae, 0xd4, 0x7c}; 
		int count;
		for(count=0; count<SGX_HASH_SIZE; count++)
		{
			if( actual_mr_signer.m[count] != apache_mr_signer.m[count] )
				return ENCLAVE_TRUST_ERROR; 
		}
	}
	return SGX_SUCCESS;
}

// increments last 4 bytes (in big-endian order) 
uint32_t aes_gcm_increment_iv_internal_call(uint8_t* iv)
{
	uint32_t counter;
	for(counter=11;counter>7;counter--)
	{
		if(iv[counter] == 0xff) 
		{
			if(counter - 1 == 7)
				return 0xff; 
			iv[counter-1] = 0x01;
			iv[counter] = 0x0;  
		}
		else
			iv[counter] += 1; 
	}
	return 0; 
}

// TODO: change global_session_info to two different dh_sessions 
// This needs to be called after the first local attestation is successful - otherwise, the internal apache_mr_signer.m will not be set properly for the comparison of the mrsigner for the 2nd LA in verify_peer_enclave_trust. 
// (I.e. if it is not called then DoS 
uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext, uint8_t* tag)
{
	uint32_t internal_ret_status= aes_gcm_internal_call(ciphertext, 32, verifier_key, verifier_iv , tag, (uint8_t*) &(apache_mr_signer.m), 0);
	return internal_ret_status;
}

// signature_data - 96 bytes, encrypted_signature assumed to be at least 64 bytes, tag - at least 16 bytes
uint32_t create_and_encrypt_mitigator_header_value(uint8_t* plaintext_sign_data_and_sign, uint8_t* encrypted_sign_data_and_sign, uint8_t* tag, uint8_t* signing_private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2)

{
	uint32_t count;
	uint8_t sign_data_and_sign[160]; 
	uint32_t ret_status=create_mitigator_header_value(sign_data_and_sign, sign_data_and_sign+96, signing_private_key, sig2);
	if(ret_status != SGX_SUCCESS)
        	return 0xFFFFFFDD;
	// TODO: Remove - just for troubleshooting
	for(count=0; count<160; count++)
		*(plaintext_sign_data_and_sign+count)=sign_data_and_sign[count]; 

	ret_status = aes_gcm_internal_call(sign_data_and_sign, 160, apache_key, apache_iv, tag, encrypted_sign_data_and_sign, 1); 
//	ret_status = encrypt_internal(sign_data_and_sign, 160, tag, encrypted_sign_data_and_sign); 
	aes_gcm_increment_iv_internal_call(apache_iv); 
	return ret_status; 
}




uint32_t create_ec_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
{
  sgx_status_t se_ret; sgx_status_t se_ret2;
  //create ECC context
  sgx_ecc_state_handle_t ecc_state = NULL;
  se_ret = sgx_ecc256_open_context(&ecc_state);
  if(SGX_SUCCESS != se_ret)
    return se_ret;

  // generate private key and public key
  se_ret = sgx_ecc256_create_key_pair(priv_key, pub_key, ecc_state);
  se_ret2 = sgx_ecc256_close_context(ecc_state);

  if(SGX_SUCCESS != se_ret || se_ret2!= SGX_SUCCESS) // something weird has happened - couldn't shut it down.
    return 0xFFFFFFFF;
  return SGX_SUCCESS;
}

// todo: set to private
// todo: assumes that the length of the keystring is at least 3*SGX_ECP256_KEY_SIZE
void serialize_key_pair_to_string(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key, uint8_t* private_public_key_string)
{
  if(private_public_key_string != NULL)  // nowhere to serialize to
  {
     uint32_t counter;
     if(pub_key != NULL)  // public key to serialize
     {
        for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
          *(private_public_key_string+counter)=pub_key->gx[counter];

        for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
           *(private_public_key_string+counter)=pub_key->gy[counter-SGX_ECP256_KEY_SIZE];
     }

     if(signing_priv_key != NULL) // private key to serialize
     {
       for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
          *(private_public_key_string+counter)=signing_priv_key->r[counter - 2*SGX_ECP256_KEY_SIZE];
     } 
  }
}


// todo: set to private
void deserialize_string_to_key_pair(uint8_t* private_public_key_string, sgx_ec256_public_t* pub_key, sgx_ec256_private_t* signing_priv_key)
{
  if(private_public_key_string != NULL) // nowhere to deserialize from 
  {
    uint32_t counter;
    if(signing_priv_key != NULL) 
    {

     for(counter=2*SGX_ECP256_KEY_SIZE;counter<3*SGX_ECP256_KEY_SIZE; counter++)
       signing_priv_key->r[counter-2*SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
    }

    if(pub_key != NULL)
    {
      for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
        	pub_key->gx[counter]=*(private_public_key_string+counter);

      for(counter=SGX_ECP256_KEY_SIZE;counter<2*SGX_ECP256_KEY_SIZE; counter++)
  	pub_key->gy[counter-SGX_ECP256_KEY_SIZE]=*(private_public_key_string+counter);
    }
  }
}


uint32_t create_and_seal_ecdsa_signing_key_pair(__attribute__((unused))   sgx_ec256_public_t* pub_key, __attribute__((unused))  uint32_t* sealed_data_length,
 __attribute__((unused)) uint8_t* sealed_data)
{
    uint32_t ret_status; sgx_ec256_private_t private_key;  uint32_t counter;
    ret_status=create_ec_key_pair(pub_key, &private_key);
    if(ret_status!=SGX_SUCCESS)
       return ret_status;
    for(counter=0;counter<SGX_ECP256_KEY_SIZE; counter++)
	signing_priv_key.r[counter]=private_key.r[counter]; 
    // generating the entire string as there is no SGX function to generate the public key from the private one.
    uint8_t* private_public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE);
    uint8_t* sealed_data2 = (uint8_t*) malloc(*sealed_data_length);
    // serializing keypair to string
    serialize_key_pair_to_string(pub_key, &private_key, private_public_key_string);
    uint8_t* private_key_string = (uint8_t*) malloc(SGX_ECP256_KEY_SIZE); 
    for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
	*(private_key_string+counter)=private_key.r[counter];
//    return *sealed_data_length;
    ret_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, *sealed_data_length, (sgx_sealed_data_t*) sealed_data2); 
    for(counter=0;counter<*sealed_data_length;counter++)
	*(sealed_data+counter)=*(sealed_data2+counter); 
    free(sealed_data2);
    free(private_key_string);  //free(private_key);  
    free(private_public_key_string);

    return ret_status; // SGX_SUCCESS; 
}

uint32_t unseal_and_restore_sealed_signing_key_pair(__attribute__((unused)) sgx_ec256_public_t* pub_key, uint8_t* sealed_data, size_t* sgx_sealed_data_length)
{
  uint32_t expected_plaintext_msg_length; uint8_t* temp_plaintext; uint32_t counter; uint32_t ret_status;
  expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
  if(expected_plaintext_msg_length == 0xffffffff)
    return 0xFFFFFFFF;

  uint8_t* sealed_data2 = (uint8_t*) malloc(*sgx_sealed_data_length); 
  for(counter=0;counter<*sgx_sealed_data_length;counter++)
  {
	*(sealed_data2+counter)=*(sealed_data+counter); 
  }

  temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
  ret_status = sgx_unseal_data((sgx_sealed_data_t*)sealed_data2, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
  if(ret_status != SGX_SUCCESS)
  {
    free(temp_plaintext);free(sealed_data2);
    return ret_status;
  }
  deserialize_string_to_key_pair(temp_plaintext, pub_key, &signing_priv_key);
  free(temp_plaintext); free(sealed_data2);  
  return SGX_SUCCESS;
}

uint32_t create_mitigator_header_value(__attribute__((unused)) uint8_t* signature_data, __attribute__((unused)) uint8_t* signature, __attribute__((unused)) uint8_t* private_key, __attribute__((unused)) sgx_ec256_signature_t* sig2)
{
	// Otherwise: DoS or possible bypass (fake verifier does LA  but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave  or whatever is in the memory. 
	if(one_la_done < 1)
		return 0xde;  //  This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
	// TODO: Comment this
	// memset(&(verifier_mr_enclave.m), 0x55, 32); 

	// create key pair
	uint32_t ret_status = create_ec_key_pair(&short_term_pub_key, &short_term_priv_key);  uint32_t counter;
	uint32_t ret_status2;
        if(ret_status!=SGX_SUCCESS)
           return ret_status;
	// serialize public key, append mr_enclave 
//	uint8_t* public_key_string = (uint8_t*) malloc(3*SGX_ECP256_KEY_SIZE); // for .edl file - size parameter for serialize is 96 and this fits coz we need to append the mr_enclave to the pub key 
	serialize_key_pair_to_string(&short_term_pub_key, NULL, signature_data);
	for(counter=32*2; counter<32*3; counter++) // appending mr_enclave
		*(signature_data+counter)=0x55;//verifier_mr_enclave.m[counter]; // TODO: uncomment verifier_mrenclave
//	for(counter=0;counter<32*3;counter++) // TODO: REmove - for checking against js library only
//		*(signature_data+counter)=0x55; 
	// retrieve long-term private key from global variable - apparently, need to create a local copy or it crashes
	sgx_ec256_private_t long_term_priv_key;
	for(counter=0; counter<SGX_ECP256_KEY_SIZE; counter++) 
		long_term_priv_key.r[counter] = signing_priv_key.r[counter];  
	// sign public key with long-term private key 
	sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle; 

	for(counter=0;counter<32;counter++)
		*(private_key+counter)=short_term_priv_key.r[counter]; 
//	uint8_t signature_data2[96];
//	for(counter=0;counter<96;counter++)
//		signature_data2[counter]=0x55; 
	//// opening context for signature
	ret_status = sgx_ecc256_open_context(&ecc_handle); 
	if(ret_status != SGX_SUCCESS) 
		return ret_status; 
	ret_status = sgx_ecdsa_sign(signature_data, 96, &long_term_priv_key, &local_signature, ecc_handle);
	ret_status2 = sgx_ecc256_close_context(ecc_handle); 
//	free(public_key_string); 
	if(ret_status == SGX_SUCCESS) 
	{	// this only works for Little-endian architectures - need to do byte-wise swapping of the bytes obtained on RHS
		uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x)); 
	        uint32_t ecdsa_sig_count; 
        	for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
                	signature[31-ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count); 
	        current_sig_byte = (uint8_t*)(&(local_signature.y)); 
        	for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
                	signature[63-ecdsa_sig_count]=*(current_sig_byte+ecdsa_sig_count); 
		for(ecdsa_sig_count=0;ecdsa_sig_count<8;ecdsa_sig_count++)
			sig2->x[ecdsa_sig_count]=local_signature.x[ecdsa_sig_count];
                for(ecdsa_sig_count=0;ecdsa_sig_count<8;ecdsa_sig_count++)
                        sig2->y[ecdsa_sig_count]=local_signature.y[ecdsa_sig_count];
		
	}
	if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
		return 0xFFFFFFFF;
	return 0; 
}

uint32_t verify_mitigator_header_value(uint8_t* signature_data, uint8_t* signature, sgx_ec256_public_t* pub_key)
{
	sgx_ec256_public_t local_pub_key;	uint32_t counter;  uint32_t ret_status; uint32_t ret_status2; 
	for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
	{
		local_pub_key.gx[counter] = pub_key->gx[counter]; 
		local_pub_key.gy[counter] = pub_key->gy[counter]; 
	}
	sgx_ec256_signature_t local_signature; sgx_ecc_state_handle_t ecc_handle;
	uint8_t *current_sig_byte = (uint8_t*)(&(local_signature.x));
	uint32_t ecdsa_sig_count; uint8_t verification_result;
        for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
        	*(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count];
	current_sig_byte = (uint8_t*)(&(local_signature.y));
	for(ecdsa_sig_count=0;ecdsa_sig_count<32;ecdsa_sig_count++)
		*(current_sig_byte+ecdsa_sig_count)=signature[ecdsa_sig_count+32];

	//// opening context for signature
        ret_status = sgx_ecc256_open_context(&ecc_handle);
        if(ret_status != SGX_SUCCESS)
                return ret_status;

        ret_status = sgx_ecdsa_verify(signature_data,3*SGX_ECP256_KEY_SIZE, &local_pub_key, &local_signature, &verification_result, ecc_handle);
        ret_status2 = sgx_ecc256_close_context(ecc_handle);
        if(ret_status != SGX_SUCCESS || ret_status2 != SGX_SUCCESS)
                return 0xFFFFFFFF;
	if(verification_result != SGX_EC_VALID)
		return 0xee; 
        return 0;
}

uint32_t derive_shared_secret_for_client(uint8_t* pub_key, uint8_t* shared_key)
{
	return 0; 


}

uint32_t calculate_sealed_data_size( uint32_t input_size) 
{
//      *op_size=sgx_calc_sealed_data_size(0, input_size); 
        return sgx_calc_sealed_data_size(0, input_size);

}


// ip_key will always be within the enclave. 
// enc = 1 for encryption and 0 for decryption, like openssl api
uint32_t aes_gcm_internal_call(uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* tag, uint8_t* op_plaintext, uint32_t enc) 
{
	uint32_t counter;
	if(ip_ciphertext == NULL)
		return 0x33; 
	if(tag == NULL)
		return 0x34;
	if(op_plaintext == NULL) 
		return 0x36; 
	if(ip_key == NULL) 
		return 0x35;
	if(ip_iv == NULL)
		return 0x37; 

	uint8_t* ip_ciphertext_in_enclave = (uint8_t*) malloc(ip_ciphertext_len); 	
	memcpy_equivalent_copy(ip_ciphertext_in_enclave, ip_ciphertext, ip_ciphertext_len); 

	uint8_t tag_in_enclave [16];
	if(!enc)
		memcpy_equivalent_copy(tag_in_enclave, tag, 16); 

	uint8_t* op_plaintext_in_enclave = (uint8_t*) malloc(ip_ciphertext_len);
	uint32_t internal_ret_status;
	if(enc)
		internal_ret_status = sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) ip_key, ip_ciphertext_in_enclave, ip_ciphertext_len, op_plaintext_in_enclave, ip_iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag_in_enclave);
	else 
		internal_ret_status = sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) ip_key, ip_ciphertext_in_enclave, ip_ciphertext_len, op_plaintext_in_enclave, ip_iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag_in_enclave);	

	if(internal_ret_status == 0)
	{
		memcpy_equivalent_copy(op_plaintext, op_plaintext_in_enclave, ip_ciphertext_len);
		if(enc)
	                memcpy_equivalent_copy(tag, tag_in_enclave, 16);
	}

	free(ip_ciphertext_in_enclave); free(op_plaintext_in_enclave); 	
	
	return internal_ret_status; 
}

void memcpy_equivalent_copy(uint8_t* dest, uint8_t* src, uint32_t length)
{
	uint32_t counter;	
	for(counter=0; counter<length; counter++)
		*(dest + counter) = *(src + counter); 
}