123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262 |
- /*
- * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name of Intel Corporation nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.challa
- *
- */
- // App.cpp : Defines the entry point for the console application.
- #include <stdio.h>
- #include <map>
- #include "../Decryptor/Decryptor_u.h"
- #include "sgx_eid.h"
- #include "sgx_urts.h"
- #define __STDC_FORMAT_MACROS
- #include <inttypes.h>
- #include<unistd.h>
- // for sealing - sgx_calc_sealed_data_size
- #include "sgx_tseal.h"
- // For reading from/writing to file -sealing.
- #include <fcntl.h>
- #include <sys/types.h>
- #include <sys/stat.h>
- #include "systemLA.h"
- //#define UNUSED(val) (void)(val)
- #define TCHAR char
- #define _TCHAR char
- #define _T(str) str
- #define scanf_s scanf
- // Not sure if I need this later - as such, I (decryptor app) will only ever need to talk to 1 enclave at a time - verifier enclave first and then the apache enclave.
- //extern std::map<sgx_enclave_id_t, uint32_t>g_enclave_id_map;
- //int __ImageBase=0;
- sgx_enclave_id_t e2_enclave_id = 0;
- #define Decryptor_PATH "libDecryptor.so"
- //////////////////////////////////////////////////
- #include <stdio.h>
- uint32_t write_to_fd(int fd, uint8_t* msg, uint32_t* expected_msg_length)
- {
- lseek(fd, 0, SEEK_SET);
- ssize_t bytes_written;
- bytes_written = write(fd, msg, *expected_msg_length);
- if(bytes_written <= 0)
- return 0xFFFFFFFF;
- fsync(fd);
- *expected_msg_length = bytes_written;
- return 0;
- }
- uint32_t read_from_fd(int fd, uint8_t* msg, size_t* expected_msg_length)
- {
- ssize_t bytes_read;
- lseek(fd, 0, SEEK_SET);
- bytes_read = read(fd, msg, *expected_msg_length);
- if(bytes_read <= 0)
- return 0xFFFFFFFF;
- *expected_msg_length = bytes_read;
- return 0;
- }
- uint32_t unseal_signing_key_pair_from_disk(int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key, size_t* actual_sealed_msg_length)
- {
- uint32_t ret_status;
- uint8_t* sgx_sealed_msg;
- printf("expected read 0x%ld\n", *actual_sealed_msg_length);
- sgx_sealed_msg = (uint8_t*) malloc(0x300); // malloc(*actual_sealed_msg_length); (0x300 for EDL)
- ret_status = read_from_fd(fd, sgx_sealed_msg, actual_sealed_msg_length);
- if(ret_status != 0)
- {
- free(sgx_sealed_msg);
- return 0xFFFFFFFF;
- }
- printf("actual read 0x%ld and ret_status 0x%x\n", *actual_sealed_msg_length, ret_status); fflush(stdout);
- size_t counter;
- for(counter=0;counter<*actual_sealed_msg_length;counter++)
- printf("%x ", *(sgx_sealed_msg+counter));
- printf("\n"); fflush(stdout);
- Decryptor_unseal_and_restore_sealed_signing_key_pair(e2_enclave_id, &ret_status, pub_key, sgx_sealed_msg, actual_sealed_msg_length);
- free(sgx_sealed_msg);
- return ret_status;
- }
- uint32_t create_and_seal_signing_key_pair_to_disk( __attribute__((unused)) int fd, __attribute__((unused)) sgx_ec256_public_t* pub_key)
- {
- uint32_t ret_status;
- // Generating a signing ECDSA key to sign the encryption key.
- uint32_t length;
- Decryptor_calculate_sealed_data_size(e2_enclave_id, &length, 3*SGX_ECP256_KEY_SIZE); // sgx_calc_sealed_data_size(0,3*SGX_ECP256_KEY_SIZE);
- if(length == 0xFFFFFFFF)
- return 0xFFFFFFFF;
- printf("0x%x input msg, 0x%x bytes for sealed msg in parameter value\n", 3*SGX_ECP256_KEY_SIZE, length); fflush(stdout);
- uint8_t* sealed_data=(uint8_t*) malloc(0x300);
- printf("Made call to sgx_calc_sealed_data_size\n"); fflush(stdout);
- Decryptor_create_and_seal_ecdsa_signing_key_pair(e2_enclave_id, &ret_status, pub_key, &length, sealed_data);
- if(ret_status != SGX_SUCCESS)
- {
- printf("create_and_seal called returned an error: %x", ret_status);
- free(sealed_data);
- return 0xFFFFFFFF;
- }
- printf("It returned sgx_success\n"); fflush(stdout); // *actual_sealed_msg_length=length;
- ret_status = write_to_fd(fd, sealed_data, &length);
- free(sealed_data);
- // if(ret_status > 0)
- // *actual_sealed_msg_length = ret_status;
- // return 0;
- return ret_status;
- }
- int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
- {
- uint32_t ret_status;
- sgx_status_t status;
- // For sgx setup
- int launch_token_updated;
- sgx_launch_token_t launch_token;
- // uint8_t* pub_key = (uint8_t*) malloc(2*SGX_ECP256_KEY_SIZE);
- sgx_ec256_public_t pub_key; uint32_t counter;
- size_t sealed_msg_length_in_file;
- status = sgx_create_enclave(Decryptor_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e2_enclave_id, NULL);
- if(status != SGX_SUCCESS)
- {
- printf("\nLoad Enclave Failure");
- return -1;
- }
- printf("\nDecryptor - EnclaveID %" PRIx64, e2_enclave_id);
- fflush(stdout);
-
- int sealed_signing_key_fd = open("sealed_signing_key.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
- if(sealed_signing_key_fd == -1)
- {
- perror("\nError in opening the file sealed_signing_key.txt - ");
- fflush(stderr);
- return 0xFFFFFFFF;
- }
- printf("\nSuccessfully opened a file to seal the signing key pair for the client.\n");
- fflush(stdout);
- // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
- // int end = lseek(sealed_signing_key_fd, 0, SEEK_END);
- struct stat st; ret_status = fstat(sealed_signing_key_fd, &st);
- //sealed_msg_length_in_file = st.st_size;
- if(ret_status != 0)
- {
- perror("error in finding the file size. - ");
- fflush(stderr);
- return 0xffffffff;
- }
- sealed_msg_length_in_file = st.st_size;
- if(sealed_msg_length_in_file == 0) //if(start == end && start != -1)
- {
- // TODO: file is empty. create signing key pair.
- // int start = lseek(sealed_signing_key_fd, 0, SEEK_SET);
- ret_status = create_and_seal_signing_key_pair_to_disk(sealed_signing_key_fd, &pub_key);
- if(ret_status != 0)
- {
- printf("\n error in generating the ecdsa signing key pair \n");
- fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
- return 0xFFFFFFFF;
- }
- fflush(stdout);
- printf("\n Generated the ecdsa key pair successfully - gx, gy\n");
- for(counter=0;counter<32;counter++)
- printf("0x%x ",pub_key.gx[counter]);
- printf("\n");
- for(counter=0;counter<32;counter++)
- printf("0x%x ",pub_key.gy[counter]);
- printf("\n");
- fflush(stdout);
- // fflush(stdout);
- }
- else {
- // start = lseek(sealed_signing_key_fd, 0, SEEK_CUR);
- // if(actual_sealed_msg_length == 0)
- // actual_sealed_msg_length = size; // - start;
- ret_status = unseal_signing_key_pair_from_disk(sealed_signing_key_fd, &pub_key, &sealed_msg_length_in_file);
- if(ret_status != SGX_SUCCESS)
- {
- printf("\n error in unsealing the ecdsa signing key pair:%d \n", ret_status);
- fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
- return 0xFFFFFFFF;
- }
- printf("\n Recovered the ecdsa key pair successfully - gx, gy\n");
- for(counter=0;counter<32;counter++)
- printf("%02x",pub_key.gx[31-counter]);
- // printf("\n");
- for(counter=0;counter<32;counter++)
- printf("%02x",pub_key.gy[31-counter]);
- printf("\n");
- fflush(stdout);
- }
- close(sealed_signing_key_fd);
-
- // LA with the verifier
- ret_status=local_attestation_initiator(3824, e2_enclave_id);
- if(ret_status!=0)
- {
- printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
- return 0xFFFFFFFF;
- }
- // Does decryption too - should probs rename it
- ret_status=local_attestation_initiator(3825, e2_enclave_id);
- if(ret_status!=0)
- {
- printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
- return 0xFFFFFFFF;
- }
- /* // LA with the apache - currently set to return failure - should change it to success when the code to send the mrsigner from the verifier to the decryptor is added- TODO: <--- that
- ret_status=local_attestation_initiator(3826, e2_enclave_id); // TODO: Change port or sth
- if(ret_status!=0)
- {
- printf("local attestation - with apache - did not successfully return: %x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id);
- return 0xFFFFFFFF;
- }
- */ // TODO: Continue with other msgs - send sign(enc | verifier mr_enclave)
- sgx_destroy_enclave(e2_enclave_id);
- return 0;
- }
|