miti
/
Decryptor


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115
							/*
 * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 *
 *   * Redistributions of source code must retain the above copyright
 *     notice, this list of conditions and the following disclaimer.
 *   * Redistributions in binary form must reproduce the above copyright
 *     notice, this list of conditions and the following disclaimer in
 *     the documentation and/or other materials provided with the
 *     distribution.
 *   * Neither the name of Intel Corporation nor the names of its
 *     contributors may be used to endorse or promote products derived
 *     from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 */

// #include <stdint.h>
#include "LocalAttestationTrusted.h"
#include "Decryptor.h"
#include "error_codes.h"
#include "datatypes.h"
#include "sgx_tcrypto.h"
#include "sgx_dh.h"

      dh_session_t LocalAttestationTrusted::global_session_info;


//Handle the request from Source Enclave for a session
uint32_t LocalAttestationTrusted::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
{
        sgx_dh_session_t sgx_dh_session;
        sgx_status_t status = SGX_SUCCESS;

        if(!session_id || !dh_msg1)
        {
            return INVALID_PARAMETER_ERROR;
        }

        //Intialize the session as a session responder
        status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
        if(SGX_SUCCESS != status)
        {
            return status;
        }

        *session_id=1;

        global_session_info.status = IN_PROGRESS;

        //Generate Message1 that will be returned to Source Enclave
        status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
        if(SGX_SUCCESS != status)
          return status;

        memcpy(&global_session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));

        return 0;
    }

// TODO: Hope to edit the sgx_dh_responder_proc_msg2 call to return 32 byte key.
//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
uint32_t LocalAttestationTrusted::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t* session_id)
{
        sgx_key_128bit_t dh_aek;
        uint32_t status = 0;
        sgx_dh_session_t sgx_dh_session;
        sgx_dh_session_enclave_identity_t initiator_identity;
        uint32_t verify_return;
        memset(&dh_aek,0, sizeof(sgx_key_128bit_t));

        if(!dh_msg2 || !dh_msg3)
          return INVALID_PARAMETER_ERROR;

        if(global_session_info.status != IN_PROGRESS)
          return INVALID_SESSION; // end_session(); // TODO: DA FUQ RETURN STH HERE.

        memcpy(&sgx_dh_session, &global_session_info.in_progress.dh_session, sizeof(sgx_dh_session_t));

        dh_msg3->msg3_body.additional_prop_length = 0;

        //Process message 2 from source enclave and obtain message 3
        status = sgx_dh_responder_proc_msg2(dh_msg2, dh_msg3, &sgx_dh_session, &dh_aek, &initiator_identity);
        if(SGX_SUCCESS != status)
          return status;

        //Verify source enclave's trust
    	verify_return = Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m, initiator_identity.mr_signer.m, dh_aek);
        if(verify_return != 0)
         return verify_return;

        /*
        //save the session ID, status and initialize the session nonce
        global_session_info.session_id = *session_id;
        global_session_info.status = ACTIVE; // This means that you can't keep calling exchange_report over and over again.
        global_session_info.active.counter = 0;
        memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
        memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
        */
        return 0;
    }