Decryptor/LocalAttestationCode/EnclaveMessageExchange.cpp

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */


#include "sgx_trts.h"
#include "sgx_utils.h"
#include "EnclaveMessageExchange.h"
#include "sgx_eid.h"
#include "error_codes.h"
#include "sgx_ecp_types.h"
#include "sgx_thread.h"
#include <map>
#include "dh_session_protocol.h"
#include "sgx_dh.h"
#include "sgx_tcrypto.h"
#include "LocalAttestationCode_t.h"
#include "sgx_tseal.h"

#ifdef __cplusplus
extern "C" {
#endif

uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
#ifdef __cplusplus
}
#endif
 
#define MAX_SESSION_COUNT  16

ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
ATTESTATION_STATUS end_session();

uint32_t one_successful_la_done;
sgx_ecc_state_handle_t ecc_state;


uint32_t session_ids[MAX_SESSION_COUNT];

// Our enclave will not be doing LA with more than 1 decryptor enclave at a time.
// We should not need this.
//std::map<int, dh_session_t>g_dest_session_info_map;
dh_session_t global_session_info;
// TODO: May be we need to store all previously assigned session IDs instead of just the counter; to prevent replay attacks -
uint32_t global_session_id=0;
uint8_t apache_key[16]; 
uint8_t verifier_key[16]; 


//Handle the request from Source Enclave for a session
ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
                          uint32_t *session_id )
{
 //   dh_session_t session_info;
    sgx_dh_session_t sgx_dh_session;
    sgx_status_t status = SGX_SUCCESS;

    if(!session_id || !dh_msg1)
    {
        return INVALID_PARAMETER_ERROR;
    }

    //Intialize the session as a session responder
    status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
    if(SGX_SUCCESS != status)
    {
        return status;
    }

    *session_id=1;

    global_session_info.status = IN_PROGRESS;

    //Generate Message1 that will be returned to Source Enclave
    status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
    if(SGX_SUCCESS != status)
    {
        global_session_id--;
        // SAFE_FREE(g_session_id_tracker[*session_id]);
        return status;
    }
    memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
    //return sgx_seal_data(0, NULL, 0, NULL, 0, NULL); 
    //Store the session information under the correspoding source enlave id key
    //    g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));

    return status;
}

//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
ATTESTATION_STATUS exchange_report(
                          sgx_dh_msg2_t *dh_msg2,
                          sgx_dh_msg3_t *dh_msg3,
                          uint32_t* session_id, uint8_t* read_or_write)
{

    sgx_key_128bit_t dh_aek;   // Session key
//    dh_session_t session_info;
    ATTESTATION_STATUS status = SUCCESS;
    sgx_dh_session_t sgx_dh_session;
    sgx_dh_session_enclave_identity_t initiator_identity;

    if(!dh_msg2 || !dh_msg3)
    {
        return INVALID_PARAMETER_ERROR;
    }

    memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
// Why is there a do-while loop anyway? It seems like there is no successful exit ... 
//    do
//    {
      // TODO: Make sure that this works - pointers
//        session_info = global_session_info;

        if(global_session_info.status != IN_PROGRESS)
        {
            status = INVALID_SESSION;
            end_session(); 
        }

        memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));

        dh_msg3->msg3_body.additional_prop_length = 0;
        //Process message 2 from source enclave and obtain message 3
        sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
                                                       dh_msg3,
                                                       &sgx_dh_session,
                                                       &dh_aek,
                                                       &initiator_identity);
        if(SGX_SUCCESS != se_ret)
        {
            status = se_ret;
            end_session();
        }
	uint32_t hash_count; 
        // THIS IS WHERE THE DECRYPTOR VERIFIES THE APACHE'S MRSIGNER IS THE PUBLIC KEY GIVEN AFTER THE LOCAL ATTESTATION WITH THE VERIFIER.
        //Verify source enclave's trust
	uint32_t verify_return=verify_peer_enclave_trust(&initiator_identity); 
	if(verify_return!=0)
		return verify_return; 
	if(one_successful_la_done == 0) 
	{
		one_successful_la_done = 1; *read_or_write=1;
	        memcpy(verifier_key, &dh_aek, 16);
	}
	else
	{
		one_successful_la_done=2; *read_or_write=0; 
		memcpy(apache_key, &dh_aek, 16);
	} 

	// TODO: Verify that these changes will be lost on update. 
        //save the session ID, status and initialize the session nonce
        global_session_info.session_id = *session_id;
        global_session_info.status = ACTIVE;
        global_session_info.active.counter = 0;
        memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
        memset(&dh_aek,0, sizeof(sgx_key_128bit_t));

    return status;
}

uint32_t calculate_sealed_data_size( uint32_t input_size) 
{
//	*op_size=sgx_calc_sealed_data_size(0, input_size); 
	return sgx_calc_sealed_data_size(0, input_size);

}









// TODO: Fix this.
//Respond to the request from the Source Enclave to close the session
ATTESTATION_STATUS end_session(/**/)
{
  return SUCCESS;
}
/*
// Session_id is set to the first index of the pointer array that is non-null.(Not sure how it is ensured that all of them point to NULL at the start)
// Why can't it just keep a counter that is incremented? What are the values of g_session_id_tracker array?
//Returns a new sessionID for the source destination session
ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
{
    ATTESTATION_STATUS status = SUCCESS;

    if(!session_id)
    {
        return INVALID_PARAMETER_ERROR;
    }
    //if the session structure is untintialized, set that as the next session ID
    for (int i = 0; i < MAX_SESSION_COUNT; i++)
    {
        if (g_session_id_tracker[i] == NULL)
        {
            *session_id = i;
            return status;
        }
    }

    status = NO_AVAILABLE_SESSION_ERROR;

    return status;
*/
  // *session_id=++global_session_id;
//}