miti
/
Decryptor


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
							/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
 *
 */
// App.cpp : Defines the entry point for the console application.
#include <stdio.h>
#include <map>
#include "../Decryptor/Decryptor_u.h"
#include "sgx_eid.h"
#include "sgx_urts.h"
#define __STDC_FORMAT_MACROS
#include <inttypes.h>
#include<unistd.h>
// for sealing - sgx_calc_sealed_data_size
#include "sgx_tseal.h"
#include "LocalAttestationUntrusted.h"


// For reading from/writing to file -sealing.
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <errno.h>

//#define UNUSED(val) (void)(val)
#define TCHAR   char
#define _TCHAR  char
#define _T(str) str
#define scanf_s scanf

// Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
//extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
//int __ImageBase=0;

sgx_enclave_id_t e2_enclave_id = 0;
#define Decryptor_PATH "libDecryptor.so"
//////////////////////////////////////////////////

#include <stdio.h>


uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
{
  lseek(fd, 0, SEEK_SET);
  ssize_t bytes_written;
  bytes_written = write(fd, msg, *expected_msg_length);
  if(bytes_written <= 0)
    return 0xFFFFFFFF;

  fsync(fd);
  *expected_msg_length = bytes_written;
  return 0;
}

uint32_t read_from_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
{
  ssize_t bytes_read;
  lseek(fd, 0, SEEK_SET);
  bytes_read = read(fd, msg, *expected_msg_length);
  if(bytes_read <= 0)
    return 0xFFFFFFFF;
  *expected_msg_length = bytes_read;
  return 0;
}


uint32_t unseal_signing_key_pair_from_disk(int fd, size_t sealed_msg_length_in_file)
{
  uint32_t ret_status=0, length=sealed_msg_length_in_file, counter=0;
  uint8_t* sealed_data;

  sealed_data = (uint8_t*) malloc(0x300); //TODO: Get length of the sealed msg and try to read that much from the file.
	// May be pass the length of the file as input to this function and check that it is at least as much as the output of the sgx call.
  ret_status = read_from_fd(fd, sealed_data, &length);
  if(ret_status != 0)
  {
    free(sealed_data);
    return 0xFFFFFFFF;
  }

  for(counter=0;counter<length;counter++)
	printf("%x ", *(sealed_data+counter));
  printf("\n");  fflush(stdout);

  Decryptor_unseal_and_restore_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, sealed_data, &length);
  free(sealed_data);
  return ret_status;
}

uint32_t create_and_seal_signing_key_pair_to_disk(int fd)
{
  uint32_t ret_status=0, length=0, counter=0;
  uint8_t* sealed_data;

  Decryptor_calculate_sealed_keypair_size_wrapper(e2_enclave_id, &length);
  if(length == 0xFFFFFFFF)
    return 0xFFFFFFFF;
  sealed_data=(uint8_t*) malloc(length); // 0x300); // TODO: Shouldn't it be malloc of length?
        printf("length: %d\n", length); fflush(stdout);

  Decryptor_create_and_seal_long_term_signing_key_pair_wrapper(e2_enclave_id, &ret_status, &length, sealed_data);
  if(ret_status != SGX_SUCCESS)
  {
    printf("create_and_seal called returned an error: %x", ret_status);
    free(sealed_data);
    return 0xFFFFFFFF;
  }
  printf("It returned sgx_success\n"); fflush(stdout);
  for(counter=0; counter<length; counter++)
	printf("%02x ", sealed_data[counter]);
  ret_status = write_to_fd(fd, sealed_data, &length);
  free(sealed_data);

  return ret_status;
}

int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
{
    uint32_t ret_status;
    sgx_status_t status;
    // For sgx setup
    int launch_token_updated;
    sgx_launch_token_t launch_token;
    sgx_ec256_public_t pub_key;  uint32_t counter;

    size_t sealed_msg_length_in_file;
    status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
    if(status != SGX_SUCCESS)
    {
        printf("\nLoad Enclave Failure");
        return -1;
    }
    printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
    fflush(stdout);

    int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
    if(sealed_signing_key_fd == -1)
    {
      perror("\nError in opening the file sealed_signing_key.txt - ");
      fflush(stderr);
      return 0xFFFFFFFF;
    }
    printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
    fflush(stdout);
      struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
      if(ret_status != 0)
      {
	       perror("error in finding the file size. -  ");
        fflush(stderr);
	       return 0xffffffff;

      }
      sealed_msg_length_in_file = st.st_size;
    if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
      // TODO: file is empty. create signing key pair.
      // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
      { printf("Creating new keypair.\n"); fflush(stdout);     ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd); }
    else
    { printf("Unsealing keypair.\n"); fflush(stdout);      ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, sealed_msg_length_in_file); }

     if(ret_status != 0)
      {
	       printf("Some error \n");
//        printf("\n %d error in generating the ecdsa signing key pair \n", errno);
        fflush(stdout);
        sgx_destroy_enclave(e2_enclave_id);

        return 0xFFFFFFFF;
      }


    close(sealed_signing_key_fd);

    int server_fd;
    ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(e2_enclave_id);
    if(ret_status !=0)
    {
      printf("Could not prepare_local_attestation_as_responder_msg1"); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
      return ret_status;
    }

    server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3824)
    if(server_fd <=0)
    {
      printf("Error in setting up server socket."); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return server_fd;
    }
    printf("Successfully set up a socket to communicate with the Apache enclave.\n");
    fflush(stdout);

    // LA with the verifier
    ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id, server_fd);
    if(ret_status!=0)
    {
      printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFFFF;
    }

    ret_status = LocalAttestationUntrusted::post_local_attestation_with_verifier(e2_enclave_id, server_fd);
    if(ret_status!=0)
    {
      printf("post local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFF01;
    }

    server_fd = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,server_fd);
    if(ret_status<=0)
    {
      printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFFFF;
    }

    ret_status = LocalAttestationUntrusted::post_local_attestation_with_apache(e2_enclave_id,server_fd);
    if(ret_status!=0)
    {
      printf("post local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
      sgx_destroy_enclave(e2_enclave_id);
      return 0xFFFFFF01;
    }

    sgx_destroy_enclave(e2_enclave_id);

    return 0;
}