Decryptor/App/App.cpp

/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
 *
 */
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Decryptor/Decryptor_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#include<unistd.h>
// for sealing - sgx_calc_sealed_data_size
#include "sgx_tseal.h"



// For reading from/writing to file -sealing.
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>

#include "LocalAttestationUntrusted.h"

//#define UNUSED(val) (void)(val)
#define TCHAR   char
#define _TCHAR  char
#define _T(str) str
#define scanf_s scanf

// Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
//extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
//int __ImageBase=0;

sgx_enclave_id_t e2_enclave_id = 0;
#define Decryptor_PATH "libDecryptor.so"
//////////////////////////////////////////////////

#include <stdio.h>


uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
{
  lseek(fd, 0, SEEK_SET);
  ssize_t bytes_written;
  bytes_written = write(fd, msg, *expected_msg_length);
  if(bytes_written <= 0)
    return 0xFFFFFFFF;

  fsync(fd);
  *expected_msg_length = bytes_written;
  return 0;
}

uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
{
  ssize_t bytes_read;
  lseek(fd, 0, SEEK_SET);
  bytes_read = read(fd, msg, *expected_msg_length);
  if(bytes_read <= 0)
    return 0xFFFFFFFF;
  *expected_msg_length = bytes_read;
  return 0;
}


uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused))  sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length)
{
  uint32_t ret_status;
  uint8_t* sgx_sealed_msg;
  printf("expected read 0x%ld\n", *actual_sealed_msg_length);
  sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL)
  ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length);
  if(ret_status != 0)
  {
    free(sgx_sealed_msg);
    return 0xFFFFFFFF;
  }
  printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status);  fflush(stdout);
  size_t counter;
  for(counter=0;counter<*actual_sealed_msg_length;counter++)
	printf("%x ", *(sgx_sealed_msg+counter));
  printf("\n");  fflush(stdout);
  Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length);
  free(sgx_sealed_msg);
  return ret_status;
}

uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused))  int fd, __attribute__((unused))   sgx_ec256_public_t* pub_key)
{
  uint32_t ret_status;
  // Generating a signing ECDSA key to sign the encryption key.
  uint32_t length;
  Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
  if(length == 0xFFFFFFFF)
    return 0xFFFFFFFF;
  printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout);
  uint8_t* sealed_data=(uint8_t*) malloc(0x300);
  printf("Made call to sgx_calc_sealed_data_size\n");  fflush(stdout);
  Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data);
  if(ret_status != SGX_SUCCESS)
  {
    printf("create_and_seal called returned an error: %x", ret_status);
    free(sealed_data);
    return 0xFFFFFFFF;
  }
  printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length;

  ret_status = write_to_fd(fd, sealed_data, &length);
  free(sealed_data);
//  if(ret_status > 0)
//	  *actual_sealed_msg_length = ret_status;
//  return 0;

return ret_status;
}

int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
{
    uint32_t ret_status;
    sgx_status_t status;
    // For sgx setup
    int launch_token_updated;
    sgx_launch_token_t launch_token;
    sgx_ec256_public_t pub_key;  uint32_t counter;

    size_t sealed_msg_length_in_file;
    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
    if(status != SGX_SUCCESS)
    {
        printf("\nLoad Enclave Failure");
        return -1;
    }
    printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
    fflush(stdout);

    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
    if(sealed_signing_key_fd == -1)
    {
      perror("\nError in opening the file sealed_signing_key.txt - ");
      fflush(stderr);
      return 0xFFFFFFFF;
    }
    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
    fflush(stdout);
//    int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
//    int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
     //sealed_msg_length_in_file = st.st_size;
      if(ret_status != 0)
      {
	perror("error in finding the file size. -  ");
        fflush(stderr);
	return 0xffffffff;

      }
      sealed_msg_length_in_file = st.st_size;
    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
    {
      // TODO: file is empty. create signing key pair.
      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
      ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key);
      if(ret_status != 0)
      {
        printf("\n error in generating the ecdsa signing key pair \n");
        fflush(stdout);    sgx_destroy_enclave(e2_enclave_id);

        return 0xFFFFFFFF;
      }
	fflush(stdout);
      printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
      for(counter=0;counter<32;counter++)
        printf("0x%x ",pub_key.gx[counter]);
      printf("\n");
      for(counter=0;counter<32;counter++)
                printf("0x%x ",pub_key.gy[counter]);
      printf("\n");
      fflush(stdout);
//      fflush(stdout);
    }
    else {

      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file);
      if(ret_status != SGX_SUCCESS)
      {
        printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status);
        fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);

        return 0xFFFFFFFF;
      }
      printf("\n Recovered the ecdsa key pair successfully - gx, gy\n");
      for(counter=0;counter<32;counter++)
	printf("%02x",pub_key.gx[31-counter]);
//      printf("\n");
      for(counter=0;counter<32;counter++)
	        printf("%02x",pub_key.gy[31-counter]);
      printf("\n");
      fflush(stdout);
    }

    close(sealed_signing_key_fd);

    int server_fd;
    server_fd = prepare_local_attestation_as_responder_fd_and_msg1(own_enclave_id, 3824);
    if(server_fd <=0)
    {
      printf("Error in setting up server socket."); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return server_fd;
    }
    printf("Successfully set up a socket to communicate with the Apache enclave.\n");
    fflush(stdout);

    // LA with the verifier
    ret_status = local_attestation_as_responder_msg2_msg3(e2_enclave_id);
    if(ret_status!=0)
    {
      printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFFFF;
    }

    ret_status = post_local_attestation_with_verifier(e2_enclave_id);
    if(ret_status!=0)
    {
      printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFF01;
    }

    ret_status = local_attestation_as_responder_msg2_msg3(e2_enclave_id);
    if(ret_status!=0)
    {
      printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFFFF;
    }

    ret_status = post_local_attestation_with_apache(e2_enclave_id);
    if(ret_status!=0)
    {
      printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFF01;
    }

    sgx_destroy_enclave(e2_enclave_id);

    return 0;
}