123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406 |
- #include "../TrustedInclude/Decryptor.h"
- #include "sgx_tseal.h"
- #include "sgx_tcrypto.h"
- #include "sgx_dh.h"
- #include "../TrustedInclude/error_codes.h"
- ECDSASignatureBox Decryptor::signatureBox;
- HybridEncryptionBox Decryptor::hybridEncryptionBoxClient;
- SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxApache;
- SymmetricEncryptionBox Decryptor::symmetricEncryptionBoxVerifier;
- uint8_t Decryptor::verifier_mr_enclave[32] = {0};
- uint8_t Decryptor::apache_mr_signer[32] = {0};
- unsigned int successful_la_count;
- uint8_t Decryptor::plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0};
- uint8_t Decryptor::first_decryption_output[1092] = {0};
- uint8_t Decryptor::plaintext_client_data[1000] = {0};
- // INTERNAL
- uint32_t Decryptor::create_mitigator_token_M(uint8_t* token)
- {
- uint32_t internal_return_status;
- uint32_t counter;
- // create short-term ECDH key pair
- internal_return_status = hybridEncryptionBoxClient.generate_keypair();
- if(internal_return_status != 0)
- return internal_return_status;
- hybridEncryptionBoxClient.get_public_key(token);
- // create token: concatenate short-term keypair with verifiers mrenclave.
- for(counter=0;counter<32;counter++)
- *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];
- return 0;
- }
- // INTERNAL
- uint32_t Decryptor::create_mitigator_header_H(uint8_t* signature_data_and_signature)
- {
- uint32_t internal_return_status;
- uint8_t local_signature_data_and_signature[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
- uint32_t counter;
- internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data_and_signature);
- if(internal_return_status != 0x0)
- return internal_return_status;
- internal_return_status = signatureBox.sign(local_signature_data_and_signature, ECDH_PUBLIC_KEY_SIZE + 32, local_signature_data_and_signature + ECDH_PUBLIC_KEY_SIZE + 32);
- if(internal_return_status != 0x0)
- return internal_return_status;
- for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE + 32 + 64;counter++)
- signature_data_and_signature[counter] = local_signature_data_and_signature[counter];
- return 0;
- }
- // EXTERNAL ECALL.
- uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag, uint32_t* op_length)
- {
- uint32_t temp_ciphertext_token_H_iv_tag_length;
- uint32_t internal_return_status;
- uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0x42};
- if(successful_la_count != 2)
- return 0x33;
- internal_return_status = create_mitigator_header_H(plaintext_mitigator_header_H);
- if(internal_return_status != 0)
- return internal_return_status;
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_mitigator_header_H, ECDH_PUBLIC_KEY_SIZE + 32 + 64, ciphertext_token_H_plus_tag, &temp_ciphertext_token_H_iv_tag_length);
- *op_length = temp_ciphertext_token_H_iv_tag_length;
- return internal_return_status;
- }
- // INTERNAL. done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
- uint32_t Decryptor::create_long_term_signing_keypair(uint8_t* private_public_key_string)
- {
- uint32_t internal_return_status;
- internal_return_status = signatureBox.generate_keypair();
- if(internal_return_status != 0)
- return internal_return_status;
- signatureBox.get_keypair(private_public_key_string);
- return 0;
- }
- // INTERNAL.
- uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(
- uint8_t* client_public_key_plus_ciphertext_fields, uint32_t* client_public_key_plus_ciphertext_fields_lengths,
- uint32_t number_of_ciphertext_fields,
- uint8_t* plaintext_fields, uint32_t* plaintext_field_lengths)
- {
- uint8_t *ciphertext_field_ptr, *plaintext_field_ptr;
- uint32_t plaintext_field_length, ciphertext_field_length, internal_return_status, counter;
- // I will derive a shared key from the plaintext_client_public_key
- internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(client_public_key_plus_ciphertext_fields);
- if(internal_return_status != 0)
- return internal_return_status;
- // and then I will decrypt the rest of the client data with that key.
- ciphertext_field_ptr = client_public_key_plus_ciphertext_fields + client_public_key_plus_ciphertext_fields_lengths[0]; // tag = 16 bytes, iv = 12 bytes.
- plaintext_field_ptr = plaintext_fields;
- for(counter=0; counter<number_of_ciphertext_fields; counter++)
- {
- ciphertext_field_length = client_public_key_plus_ciphertext_fields_lengths[counter+1];
- internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext_field_ptr,
- ciphertext_field_length, plaintext_field_ptr, &plaintext_field_length);
- if(internal_return_status != 0)
- return internal_return_status;
- plaintext_field_ptr += plaintext_field_length;
- ciphertext_field_ptr += ciphertext_field_length;
- plaintext_field_lengths[counter] = plaintext_field_length;
- }
- return internal_return_status;
- }
- void Decryptor::testing_long_term_verification_key(uint8_t* output)
- {
- uint8_t keypair[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
- uint32_t counter;
- signatureBox.get_keypair(keypair);
- for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE; counter++)
- output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter];
- }
- // EXTERNAL. DONE.
- uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(size_t* sealed_data_length, uint8_t* sealed_data)
- {
- uint32_t sgx_libcall_status;
- uint32_t internal_return_status;
- uint32_t temp_sealed_data_length;
- uint8_t* temp_sealed_data;
- uint8_t private_public_key_string[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
- uint32_t counter;
- temp_sealed_data_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
- if(temp_sealed_data_length == 0xFFFFFFFF)
- return 0x01;
- temp_sealed_data = (uint8_t*) malloc(temp_sealed_data_length);
- internal_return_status = create_long_term_signing_keypair(private_public_key_string);
- if(internal_return_status != 0)
- {
- free(temp_sealed_data);
- return internal_return_status;
- }
- sgx_libcall_status = sgx_seal_data(0, NULL, 3*SGX_ECP256_KEY_SIZE, private_public_key_string, temp_sealed_data_length, (sgx_sealed_data_t*) temp_sealed_data);
- if(sgx_libcall_status != SGX_SUCCESS)
- {
- free(temp_sealed_data);
- return sgx_libcall_status;
- }
- for(counter=0;counter<temp_sealed_data_length;counter++)
- *(sealed_data + counter)= *(temp_sealed_data + counter);
- *sealed_data_length = temp_sealed_data_length;
- free(temp_sealed_data);
- return 0;
- }
- // EXTERNAL. DONE.
- uint32_t Decryptor::unseal_and_restore_long_term_signing_key_pair(uint8_t* sealed_data, size_t* sgx_sealed_data_length)
- {
- uint32_t temp_plaintext_length;
- uint8_t* temp_plaintext;
- uint32_t counter;
- uint32_t ret_status;
- uint8_t* temp_sealed_data ;
- temp_sealed_data = (uint8_t*) malloc(*sgx_sealed_data_length);
- for(counter=0;counter<*sgx_sealed_data_length;counter++)
- *(temp_sealed_data+counter)=*(sealed_data+counter);
- temp_plaintext_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sealed_data);
- if(temp_plaintext_length == 0xffffffff)
- return 0xFFFFFFFF;
- temp_plaintext = (uint8_t*)malloc( temp_plaintext_length );
- ret_status = sgx_unseal_data((sgx_sealed_data_t*)temp_sealed_data, NULL, 0, temp_plaintext, &temp_plaintext_length);
- free(temp_sealed_data);
- if(ret_status != SGX_SUCCESS)
- {
- free(temp_plaintext);
- return ret_status;
- }
- signatureBox.set_private_public_key(temp_plaintext, temp_plaintext + ECDH_PRIVATE_KEY_SIZE);
- free(temp_plaintext);
- return 0;
- }
- uint32_t Decryptor::process_verifiers_message(uint8_t* input_ciphertext_plus_tag, uint32_t length)
- {
- uint8_t first_decryption_output[150];
- uint32_t first_decryption_output_length;
- uint32_t internal_return_status;
- uint32_t counter;
- if(successful_la_count != 1) // else, the untrusted application can call this on the first message by apache and cause the verifier to set its mrsigner.
- return 0x23;
- internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, input_ciphertext_plus_tag, length, first_decryption_output, &first_decryption_output_length);
- if(internal_return_status != 0)
- return internal_return_status;
- if(first_decryption_output_length != 32)
- return 0x33;
- for(counter=0; counter<32; counter++)
- apache_mr_signer[counter] = *(first_decryption_output + counter);
- return 0;
- }
- // INTERNAL.
- uint32_t Decryptor::encrypt_decrypt_to_apache(uint32_t encrypt_decrypt,
- uint8_t* double_ciphertext,
- uint32_t* double_ciphertext_fields_lengths,
- uint32_t number_of_double_ciphertext_fields,
- uint8_t* ciphertext,
- uint32_t* ciphertext_length,
- uint32_t* ciphertext_fields_lengths)
- {
- uint32_t ciphertext_field_length, field_counter, temp_total_ciphertext_length, internal_return_status;
- unsigned char *ciphertext_arr_ptr, *double_ciphertext_arr_ptr;
- double_ciphertext_arr_ptr = double_ciphertext;
- ciphertext_arr_ptr = ciphertext;
- // decrypt each set of bytes of length input_sizes_array[counter] of the input_ciphertext
- for(field_counter=0; field_counter<number_of_double_ciphertext_fields; field_counter++)
- {
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(encrypt_decrypt, double_ciphertext_arr_ptr,
- double_ciphertext_fields_lengths[field_counter],
- ciphertext_arr_ptr, &ciphertext_field_length);
- if(internal_return_status != 0)
- return internal_return_status;
- double_ciphertext_arr_ptr += double_ciphertext_fields_lengths[field_counter];
- ciphertext_arr_ptr += ciphertext_field_length;
- ciphertext_fields_lengths[field_counter] = ciphertext_field_length;
- temp_total_ciphertext_length += ciphertext_field_length;
- }
- *ciphertext_length = temp_total_ciphertext_length;
- return 0;
- }
- uint32_t Decryptor::process_apache_message_generate_response(
- uint8_t* double_ciphertext,
- uint32_t double_ciphertext_length,
- uint32_t* double_ciphertext_fields_lengths,
- uint32_t number_of_double_ciphertext_fields,
- uint8_t* output_ciphertext,
- uint32_t* output_sizes_array)
- {
- unsigned char *incoming_ciphertext, *plaintext;
- uint32_t *incoming_ciphertext_fields_lengths, *plaintext_fields_lengths;
- uint32_t internal_return_status, output_ciphertext_length, ciphertext_length;
- // UPPER BOUND - technically: double_ciphertext_length - (number_of_double_ciphertext_fields * 28)
- incoming_ciphertext = (unsigned char*) malloc(double_ciphertext_length);
- incoming_ciphertext_fields_lengths = (uint32_t*) malloc(number_of_double_ciphertext_fields);
- internal_return_status = encrypt_decrypt_to_apache(0,
- double_ciphertext,
- double_ciphertext_fields_lengths,
- number_of_double_ciphertext_fields,
- incoming_ciphertext,
- &ciphertext_length,
- incoming_ciphertext_fields_lengths);
- if(internal_return_status != 0)
- {
- free(incoming_ciphertext);
- free(incoming_ciphertext_fields_lengths);
- return internal_return_status;
- }
- plaintext = (unsigned char*) malloc(ciphertext_length);
- plaintext_fields_lengths = (uint32_t*) malloc(number_of_double_ciphertext_fields); // -1 technically.
- internal_return_status=initialize_symmetric_key_decrypt_client_data(
- incoming_ciphertext, incoming_ciphertext_fields_lengths,
- number_of_double_ciphertext_fields - 1,
- plaintext, plaintext_fields_lengths);
- free(incoming_ciphertext);
- free(incoming_ciphertext_fields_lengths);
- if(internal_return_status != 0)
- {
- free(plaintext);
- free(plaintext_fields_lengths);
- return internal_return_status;
- }
- internal_return_status = encrypt_decrypt_to_apache(1,
- plaintext,
- plaintext_fields_lengths,
- number_of_double_ciphertext_fields-1,
- output_ciphertext,
- &output_ciphertext_length,
- output_sizes_array);
- free(plaintext);
- free(plaintext_fields_lengths);
- return internal_return_status;
- }
- /*
- // EXTERNAL. DONE.
- uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
- {
- uint32_t first_decryption_output_length, plaintext_client_data_length;
- uint32_t internal_return_status;
- // TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
- // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length,
- first_decryption_output, &first_decryption_output_length);
- if(internal_return_status != 0)
- return internal_return_status;
- // then I obtain the plaintext client data, using the client's public key and own key to ultimately decrypt the client's ciphertext data
- internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
- if(internal_return_status != 0)
- return internal_return_status;
- // then I will encrypt the plaintext data to the target enclave.
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
- return internal_return_status;
- }
- */
- // INTERNAL.
- uint32_t Decryptor::verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek)
- {
- uint32_t count;
- uint32_t internal_return_status;
- if(successful_la_count == 0) // verifier enclave
- {
- for(count=0; count<SGX_HASH_SIZE; count++)
- verifier_mr_enclave[count] = given_mr_enclave[count];
- symmetricEncryptionBoxVerifier.set_symmetric_key(dhaek);
- }
- else // apache enclave
- {
- for(count=0; count<SGX_HASH_SIZE; count++)
- {
- if( given_mr_signer[count] != apache_mr_signer[count] )
- return ENCLAVE_TRUST_ERROR;
- }
- symmetricEncryptionBoxApache.set_symmetric_key(dhaek);
- }
- successful_la_count ++;
- return SGX_SUCCESS;
- }
- void Decryptor::calculate_sealed_keypair_size(size_t* output_length)
- {
- *output_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
- }
- void Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
- {
- uint32_t counter;
- for(counter=0; counter<32;counter++)
- {
- output[counter]=verifier_mr_enclave[counter];
- output[counter+32]=apache_mr_signer[counter];
- }
- }
- void Decryptor::testing_get_short_term_public_key(uint8_t* output)
- {
- hybridEncryptionBoxClient.get_public_key(output);
- }
- void Decryptor::testing_get_apache_iv(uint8_t* op)
- {
- // symmetricEncryptionBoxApache.get_iv(op);
- }
- uint32_t Decryptor::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
- {
- return LA::session_request(dh_msg1, session_id);
- }
- uint32_t Decryptor::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
- {
- sgx_key_128bit_t dh_aek;
- sgx_dh_session_enclave_identity_t initiator_identity;
- uint32_t la_ret_status = LA::exchange_report(dh_msg2, dh_msg3, session_id, &dh_aek, &initiator_identity);
- if(la_ret_status == 0)
- {
- return Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m,
- initiator_identity.mr_signer.m,
- dh_aek);
- }
- else
- return la_ret_status;
- }
|