123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243 |
- #include "LocalAttestationUntrusted.h"
- namespace LocalAttestationUntrusted {
- namespace {
- uint32_t session_id = 0;
- protobuf_sgx_dh_msg1_t protobuf_msg1;
- uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd) {
- uint32_t protobuf_sgx_ret;
- protobuf_sgx_dh_msg2_t protobuf_msg2;
- protobuf_sgx_dh_msg3_t protobuf_msg3;
- printf("Writing message 1\n");
- fflush(stdout);
- if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg1) != 0)
- return 0x1;
- printf("Reading message 2\n");
- fflush(stdout);
- if (protobufReadWrite::read_protobuf_msg_from_fd(accept_fd, protobuf_msg2) != 0)
- return 0x2;
- protobuf_sgx_ret = protobufLAInitiator::process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id,
- protobuf_msg2, protobuf_msg3, &session_id);
- if (protobuf_sgx_ret != 0) {
- printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret);
- fflush(stdout);
- return protobuf_sgx_ret;
- }
- printf("Writing message 3\n");
- fflush(stdout);
- if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg3) != 0)
- return 0x3;
- return 0;
- }
- }
- int decrypt_client_data(uint32_t own_enclave_id, int fd, int time_file_fd) {
- extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg;
- unsigned char *double_ciphertext, *ciphertext;
- uint32_t *input_sizes_array, *output_sizes_array;
- uint32_t double_ciphertext_length;
- uint32_t number_of_double_ciphertext_fields;
- uint32_t sgx_ret;
- // Get a message of the type decryptor_to_extension msg
- if (!protobufReadWrite::read_protobuf_msg_from_fd(fd, protobuf_extension_decryptor_msg)) {
- printf("Not all of the extension's message was read\n");
- fflush(stdout);
- return 0xf3;
- }
- PostLAProtobufNativeTransforms::get_lengths_for_protobuf_serialized_array(protobuf_extension_decryptor_msg, &double_ciphertext_length,
- &number_of_double_ciphertext_fields);
- double_ciphertext=(unsigned char*) malloc(double_ciphertext_length);
- ciphertext = (unsigned char*) malloc(double_ciphertext_length);
- input_sizes_array = (uint32_t*) malloc(number_of_double_ciphertext_fields * sizeof(uint32_t));
- output_sizes_array = (uint32_t*) malloc(number_of_double_ciphertext_fields * sizeof(uint32_t));
- PostLAProtobufNativeTransforms::create_array_from_protobuf(protobuf_extension_decryptor_msg, double_ciphertext,
- input_sizes_array, &number_of_double_ciphertext_fields);
- // Call the enclave's decryption function with these arguments and get back another vector of ciphertexts.
- Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret,
- double_ciphertext,
- double_ciphertext_length,
- input_sizes_array,
- number_of_double_ciphertext_fields,
- ciphertext,
- output_sizes_array);
- free(double_ciphertext);
- free(input_sizes_array);
- // Error checking
- if(!sgx_ret)
- {
- free(ciphertext);
- free(output_sizes_array);
- return 0x32;
- }
- // Clear the protobuf msg above and reset it with the output arguments of the ecall.
- protobuf_extension_decryptor_msg.clear_ciphertext_client_public_key();
- protobuf_extension_decryptor_msg.clear_ciphertext_fields();
- PostLAProtobufNativeTransforms::create_protobuf_from_array(ciphertext, output_sizes_array,
- number_of_double_ciphertext_fields,
- protobuf_extension_decryptor_msg);
- free(ciphertext);
- free(output_sizes_array);
- // write message to apache extension
- if (!protobufReadWrite::write_protobuf_msg_to_fd(fd, protobuf_extension_decryptor_msg)) {
- printf("Not all of the client's ciphertext data was written to the extension.\n");
- fflush(stdout);
- return 31;
- }
- /*
- gettimeofday(&tv2, NULL);
- new_time=tv2.tv_usec + tv2.tv_sec * 1000000;
- old_time=tv1.tv_usec + tv1.tv_sec * 1000000;
- bytes_written=sprintf(time_buf, "%lu %lu\n", old_time, new_time);
- FileIO::write_to_fd(time_file_fd, time_buf, bytes_written);
- */
- return 0;
- }
- int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id)
- {
- uint32_t protobuf_sgx_ret;
- protobuf_sgx_ret = protobufLAInitiator::generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id);
- if (protobuf_sgx_ret != 0) {
- printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret);
- fflush(stdout);
- return protobuf_sgx_ret;
- }
- return 0;
- }
- int setup_socket_for_local_attestation_requests(int port) {
- struct sockaddr_in own_addr;
- return Ipc::set_up_socket(port, &own_addr);
- }
- // TODO: CHANGED SIGNATURE.
- int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd,
- int *accept_fd) {
- uint32_t protobuf_sgx_ret;
- struct sockaddr_storage apache_addr;
- socklen_t apache_addr_size = sizeof(apache_addr);
- int temp_accept_fd;
- temp_accept_fd = accept(server_fd, (struct sockaddr *) &apache_addr, &apache_addr_size);
- if (temp_accept_fd < 0) {
- printf("Error in accepting %d", errno);
- fflush(stdout);
- return temp_accept_fd;
- }
- *accept_fd = temp_accept_fd;
- protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
- return protobuf_sgx_ret;
- }
- int post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd) {
- uint32_t protobuf_sgx_ret;
- uint8_t encrypted_apache_mrsigner_and_tag[150];
- size_t bytes_read;
- int count, ret_status;
- printf("Here\n");
- fflush(stdout);
- bytes_read = 60;
- ret_status = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, &bytes_read);
- if (ret_status != 0) {
- printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n");
- fflush(stdout);
- return 0xfe;
- }
- for (count = 0; count < 60; count++)
- printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
- printf("\n");
- fflush(stdout);
- Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag,
- 60);
- if (protobuf_sgx_ret != 0) {
- printf("Error in decryption: 0x%x\n", protobuf_sgx_ret);
- fflush(stdout);
- return protobuf_sgx_ret;
- }
- printf("Successful decryption\n");
- fflush(stdout);
- close(accept_fd);
- uint8_t output[64];
- Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output);
- uint32_t counter;
- for (counter = 0; counter < 32; counter++)
- printf("0x%x ", output[counter]);
- printf("/n");
- for (counter = 32; counter < 64; counter++)
- printf("0x%x ", output[counter]);
- printf("/n");
- fflush(stdout);
- return 0;
- }
- int post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd) {
- protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
- uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
- uint32_t op_length, internal_return_status, count, sgx_ret;
- uint8_t public_key[64];
- int time_file_fd;
- memset(encrypted_sign_data_and_sign_and_tag, 0x0, 200);
- Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret,
- encrypted_sign_data_and_sign_and_tag, &op_length);
- if (sgx_ret != 0) {
- printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret);
- fflush(stdout);
- return 0xf3;
- }
- for (count = 0; count < op_length; count++) {
- printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
- }
- printf("\n");
- fflush(stdout);
- protobuf_encrypted_msg.set_msg((void *) encrypted_sign_data_and_sign_and_tag, op_length);
- if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0) {
- printf("Not all of the mitigator token H was written to the Apache.\n");
- fflush(stdout);
- return 0xfe;
- }
- Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key);
- for (count = 0; count < 64; count++)
- printf("%02x ", public_key[count]);
- printf("\n");
- fflush(stdout);
- time_file_fd = open("decryptor_time.txt", O_APPEND | O_WRONLY);
- do {
- internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, time_file_fd);
- } while (internal_return_status == 0);
- close(accept_fd);
- close(time_file_fd);
- return internal_return_status;
- }
- };
|