Decryptor.cpp 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283
  1. #include "Decryptor.h"
  2. #include "sgx_tseal.h"
  3. #include "sgx_tcrypto.h"
  4. #include "sgx_dh.h"
  5. #include "datatypes.h"
  6. #include "error_codes.h"
  7. ECDSASignatureBox Decryptor::signatureBox;
  8. HybridEncryptionBox Decryptor::hybridEncryptionBoxClient;
  9. SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache;
  10. SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier;
  11. uint8_t Decryptor::verifier_mr_enclave[32] = {0};
  12. uint8_t Decryptor::apache_mr_signer[32] = {0};
  13. unsigned int successful_la_count;
  14. uint8_t Decryptor::plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0};
  15. uint8_t Decryptor::first_decryption_output[1092] = {0};
  16. uint8_t Decryptor::plaintext_client_data[1000] = {0};
  17. // INTERNAL
  18. uint32_t Decryptor::create_mitigator_token_M(uint8_t* token)
  19. {
  20. uint32_t internal_return_status;
  21. uint32_t counter;
  22. // create short-term ECDH key pair
  23. internal_return_status = hybridEncryptionBoxClient.generate_keypair();
  24. if(internal_return_status != 0)
  25. return internal_return_status;
  26. hybridEncryptionBoxClient.get_public_key(token);
  27. // create token: concatenate short-term keypair with verifiers mrenclave.
  28. for(counter=0;counter<32;counter++)
  29. *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];
  30. return 0;
  31. }
  32. // INTERNAL
  33. uint32_t Decryptor::create_mitigator_header_H(uint8_t* signature_data_and_signature)
  34. {
  35. uint32_t internal_return_status;
  36. uint8_t local_signature_data_and_signature[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
  37. uint32_t counter;
  38. internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data_and_signature);
  39. if(internal_return_status != 0x0)
  40. return internal_return_status;
  41. internal_return_status = signatureBox.sign(local_signature_data_and_signature, ECDH_PUBLIC_KEY_SIZE + 32, local_signature_data_and_signature + ECDH_PUBLIC_KEY_SIZE + 32);
  42. if(internal_return_status != 0x0)
  43. return internal_return_status;
  44. for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE + 32 + 64;counter++)
  45. signature_data_and_signature[counter] = local_signature_data_and_signature[counter];
  46. return 0;
  47. }
  48. // TODO: FIX DUMMY HEADER.
  49. // EXTERNAL ECALL.
  50. uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag, uint32_t* op_length)
  51. {
  52. uint32_t temp_ciphertext_token_H_iv_tag_length;
  53. uint32_t internal_return_status;
  54. uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0x42};
  55. if(successful_la_count != 2)
  56. return 0x33;
  57. internal_return_status = create_mitigator_header_H(plaintext_mitigator_header_H);
  58. if(internal_return_status != 0)
  59. return internal_return_status;
  60. internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_mitigator_header_H, ECDH_PUBLIC_KEY_SIZE + 32 + 64, ciphertext_token_H_plus_tag, &temp_ciphertext_token_H_iv_tag_length);
  61. *op_length = temp_ciphertext_token_H_iv_tag_length;
  62. return internal_return_status;
  63. }
  64. // INTERNAL. done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
  65. uint32_t Decryptor::create_long_term_signing_keypair(uint8_t* private_public_key_string)
  66. {
  67. uint32_t internal_return_status;
  68. internal_return_status = signatureBox.generate_keypair();
  69. if(internal_return_status != 0)
  70. return internal_return_status;
  71. signatureBox.get_keypair(private_public_key_string);
  72. return 0;
  73. }
  74. // INTERNAL.
  75. uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
  76. {
  77. uint8_t* ciphertext_plus_tag;
  78. uint32_t ciphertext_plus_tag_length;
  79. uint32_t internal_return_status;
  80. // I will derive a shared key from the plaintext_client_public_key
  81. internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
  82. if(internal_return_status != 0)
  83. return internal_return_status;
  84. // and then I will decrypt the rest of the client data with that key.
  85. ciphertext_plus_tag = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
  86. ciphertext_plus_tag_length = total_length - ECDH_PUBLIC_KEY_SIZE;
  87. internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext_plus_tag, ciphertext_plus_tag_length, plaintext_client_data, plaintext_client_data_length);
  88. return internal_return_status;
  89. }
  90. void Decryptor::testing_long_term_verification_key(uint8_t* output)
  91. {
  92. uint8_t keypair[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
  93. uint32_t counter;
  94. signatureBox.get_keypair(keypair);
  95. for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE; counter++)
  96. output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter];
  97. }
  98. // EXTERNAL. DONE.
  99. uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
  100. {
  101. uint32_t sgx_libcall_status;
  102. uint32_t internal_return_status;
  103. uint32_t temp_sealed_data_length;
  104. uint8_t* temp_sealed_data;
  105. uint8_t private_public_key_string[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
  106. uint32_t counter;
  107. temp_sealed_data_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
  108. if(temp_sealed_data_length == 0xFFFFFFFF)
  109. return 0x01;
  110. temp_sealed_data = (uint8_t*) malloc(temp_sealed_data_length);
  111. internal_return_status = create_long_term_signing_keypair(private_public_key_string);
  112. if(internal_return_status != 0)
  113. {
  114. free(temp_sealed_data);
  115. return internal_return_status;
  116. }
  117. sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
  118. if(sgx_libcall_status != SGX_SUCCESS)
  119. {
  120. free(temp_sealed_data);
  121. return sgx_libcall_status;
  122. }
  123. for(counter=0;counter<temp_sealed_data_length;counter++)
  124. *(sealed_data + counter)= *(temp_sealed_data + counter);
  125. *sealed_data_length = temp_sealed_data_length;
  126. free(temp_sealed_data);
  127. return 0;
  128. }
  129. // EXTERNAL. DONE.
  130. uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length)
  131. {
  132. uint32_t temp_plaintext_length;
  133. uint8_t* temp_plaintext;
  134. uint32_t counter;
  135. uint32_t ret_status;
  136. uint8_t* temp_sealed_data ;
  137. temp_sealed_data = (uint8_t*) malloc(*sgx_sealed_data_length);
  138. for(counter=0;counter<*sgx_sealed_data_length;counter++)
  139. *(temp_sealed_data+counter)=*(sealed_data+counter);
  140. temp_plaintext_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
  141. if(temp_plaintext_length == 0xffffffff)
  142. return 0xFFFFFFFF;
  143. temp_plaintext = (uint8_t*)malloc( temp_plaintext_length );
  144. ret_status = sgx_unseal_data((sgx_sealed_data_t*)temp_sealed_data, NULL, 0, temp_plaintext, &temp_plaintext_length);
  145. free(temp_sealed_data);
  146. if(ret_status != SGX_SUCCESS)
  147. {
  148. free(temp_plaintext);
  149. return ret_status;
  150. }
  151. signatureBox.set_private_public_key(temp_plaintext, temp_plaintext + ECDH_PRIVATE_KEY_SIZE);
  152. free(temp_plaintext);
  153. return 0;
  154. }
  155. uint32_t Decryptor::process_verifiers_message(uint8_t* input_ciphertext_plus_tag, uint32_t length)
  156. {
  157. uint8_t first_decryption_output[150];
  158. uint32_t first_decryption_output_length;
  159. uint32_t internal_return_status;
  160. uint32_t counter;
  161. if(successful_la_count != 1) // else, the untrusted application can call this on the first message by apache and cause the verifier to set its mrsigner.
  162. return 0x23;
  163. internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, input_ciphertext_plus_tag, length, first_decryption_output, &first_decryption_output_length);
  164. if(internal_return_status != 0)
  165. return internal_return_status;
  166. if(first_decryption_output_length != 32)
  167. return 0x33;
  168. for(counter=0; counter<32; counter++)
  169. apache_mr_signer[counter] = *(first_decryption_output + counter);
  170. return 0;
  171. }
  172. // EXTERNAL. DONE.
  173. uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
  174. {
  175. uint32_t first_decryption_output_length, plaintext_client_data_length;
  176. uint32_t internal_return_status;
  177. // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
  178. // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
  179. internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length, first_decryption_output, &first_decryption_output_length);
  180. if(internal_return_status != 0)
  181. return internal_return_status;
  182. // then I obtain the plaintext client data, using the client's public key and own key to ultimately decrypt the client's ciphertext data
  183. internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
  184. if(internal_return_status != 0)
  185. return internal_return_status;
  186. // then I will encrypt the plaintext data to the target enclave.
  187. internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
  188. return internal_return_status;
  189. }
  190. // INTERNAL.
  191. uint32_t Decryptor::verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek)
  192. {
  193. uint32_t count;
  194. uint32_t internal_return_status;
  195. if(successful_la_count == 0) // verifier enclave
  196. {
  197. for(count=0; count<SGX_HASH_SIZE; count++)
  198. verifier_mr_enclave[count] = given_mr_enclave[count];
  199. symmetricEncryptionBoxVerifier.set_symmetric_key(dhaek);
  200. }
  201. else // apache enclave
  202. {
  203. /*
  204. for(count=0; count<SGX_HASH_SIZE; count++)
  205. {
  206. if( given_mr_signer[count] != apache_mr_signer[count] )
  207. return ENCLAVE_TRUST_ERROR;
  208. }
  209. */
  210. symmetricEncryptionBoxApache.set_symmetric_key(dhaek);
  211. }
  212. successful_la_count ++;
  213. return SGX_SUCCESS;
  214. }
  215. void Decryptor::calculate_sealed_keypair_size(uint32_t* output_length)
  216. {
  217. *output_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
  218. }
  219. void Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
  220. {
  221. uint32_t counter;
  222. for(counter=0; counter<32;counter++)
  223. {
  224. output[counter]=verifier_mr_enclave[counter];
  225. output[counter+32]=apache_mr_signer[counter];
  226. }
  227. }
  228. void Decryptor::testing_get_short_term_public_key(uint8_t* output)
  229. {
  230. hybridEncryptionBoxClient.get_public_key(output);
  231. }
  232. void Decryptor::testing_get_apache_iv(uint8_t* op)
  233. {
  234. // symmetricEncryptionBoxApache.get_iv(op);
  235. }