Decryptor/App/LocalAttestationUntrusted.cpp

#include "LocalAttestationUntrusted.h"


namespace LocalAttestationUntrusted {
    namespace {
        uint32_t session_id = 0;
        protobuf_sgx_dh_msg1_t protobuf_msg1;

        uint32_t local_attestation_msg2_msg3(uint32_t own_enclave_id, int accept_fd) {
            uint32_t protobuf_sgx_ret;
            protobuf_sgx_dh_msg2_t protobuf_msg2;
            protobuf_sgx_dh_msg3_t protobuf_msg3;
            printf("Writing message 1\n");
            fflush(stdout);
            if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg1) != 0)
                return 0x1;

            printf("Reading message 2\n");
            fflush(stdout);
            if (protobufReadWrite::read_protobuf_msg_from_fd(accept_fd, protobuf_msg2) != 0)
                return 0x2;

            protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3,
                                                                                  &session_id);
            if (protobuf_sgx_ret != 0) {
                printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret);
                fflush(stdout);
                return protobuf_sgx_ret;
            }

            printf("Writing message 3\n");
            fflush(stdout);
            if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_msg3) != 0)
                return 0x3;
            return 0;
        }
    }

    /*
    void get_lengths_for_protobuf_serialized_array(extension_to_decryptor_enclosed_msg &protobuf_ext_to_decryptor,
        uint32_t *output_lengths)
    {
        uint32_t number_of_ciphertext_fields, counter, total_length;
        // Didn't use bytesize() or bytesizelong() for getting the lengths of the public key or the ciphertext string
        // as that gives the *serialized* length of the message which should be an upper-bound.
        // Can switch to that if necessary for time performance reasons.
        total_length=protobuf_ext_to_decryptor.ciphertext_client_public_key().length();
        number_of_ciphertext_fields=protobuf_ext_to_decryptor.ciphertext_fields_size();
        for(counter=0; counter<number_of_ciphertext_fields; counter++)
            total_length+=protobuf_ext_to_decryptor.ciphertext_fields(counter).field().length();
        output_lengths[0]=total_length;
        output_lengths[1]=number_of_ciphertext_fields;
    }

    void create_array_from_protobuf(extension_to_decryptor_enclosed_msg &protobuf_ext_to_decryptor,
                                    unsigned char* double_ciphertext_client_data, uint32_t* sizes_array, uint32_t* sizes_array_length)
    {
        uint32_t counter, size_of_field, number_of_fields;
        unsigned char* ptr;

        // Set the size of the first element - the public key - and copy it to the output array.
        sizes_array[0] = protobuf_ext_to_decryptor.ciphertext_client_public_key().length();
        ptr=strncpy((char*)double_ciphertext_client_data, protobuf_ext_to_decryptor.ciphertext_client_public_key().c_str(),
            size_of_field);

        // Start copying past the length copied above, copy all ciphertext fields to the output string array
        // and set their lengths in the output integers array
        number_of_fields=protobuf_ext_to_decryptor.ciphertext_fields_size();
        for(counter=0;counter<number_of_fields;counter++)
        {
            // First element of the LHS array is the length of the client's public key.
            sizes_array[counter+1] = protobuf_ext_to_decryptor.ciphertext_fields(counter).field().length();
            ptr = strncpy((char*)ptr, protobuf_ext_to_decryptor.ciphertext_fields(counter).field().c_str(), size_of_field);
        }
        sizes_array_length=number_of_fields+1;
    }

    void create_protobuf_from_array(   unsigned char* ciphertext_client_data, uint32_t* sizes_array, uint32_t sizes_array_length,
            extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg)
    {
        uint32_t counter;
        void* ptr;

        // Note that we don't care about setting the client public key as we don't include that in the outgoing message
        // to the extension.
        ptr=ciphertext_client_data;
        for(counter=0; counter<sizes_array_length; counter++)
        {
            protobuf_extension_decryptor_msg.mutable_ciphertext_fields(counter).set_field(ptr, sizes_array[counter]);
            ptr+=sizes_array[counter];
        }
    }
    */
    uint32_t get_decrypted_client_data(uint8_t* array, uint32_t array_length)
        {
            return 0;
        }

    int decrypt_client_data(uint32_t own_enclave_id, int fd, int time_file_fd) {
    /*    extension_to_decryptor_enclosed_msg protobuf_extension_decryptor_msg;
        unsigned char* double_ciphertext_client_data, ciphertext_client_data;
        uint32_t* input_sizes_array, output_sizes_array;
        uint32_t ecall_input_lengths[2];
        uint32_t ecall_output_lengths[2];
        uint32_t sgx_ret;

        // Get a message of the type decryptor_to_extension msg
        if (!protobufReadWrite::read_protobuf_msg_from_fd(fd, protobuf_extension_decryptor_msg)) {
            printf("Not all of the extension's message was read\n");
            fflush(stdout);
            return 0xf3;
        }

        get_length_of_protobuf_serialized_array(protobuf_extension_decryptor_msg, lengths);
        double_ciphertext_client_data=(unsigned char*) malloc(ecall_input_lengths[0]);
        ciphertext_client_data = (unsigned char*) malloc(ecall_input_lengths[0]);

        input_sizes_array = (uint32_t*) malloc(ecall_input_lengths[1] * sizeof(uint32_t));

        create_array_from_protobuf(protobuf_extension_decryptor_msg, double_ciphertext_client_data,
            input_sizes_array, ecall_input_lengths[1]);

        // Call the enclave's decryption function with these arguments and get back another vector of ciphertexts.
        Decryptor_decrypt_client_data_wrapper(own_enclave_id, &sgx_ret,
                double_ciphertext_client_data,
                ecall_input_lengths[0],
                input_sizes_array,
                ecall_input_lengths[1]);

        free(double_ciphertext_client_data);
        free(input_sizes_array);

        // Error checking
        if(!sgx_ret)
        {
            free(ciphertext_client_data);
            free(output_sizes_array);
            return 0x32;
        }
        output_sizes_array = (uint32_t *) malloc(ecall_input_lengths[1] * sizeof(uint32_t)); // Upper bound: it should be lengths[1]-1.

        // Clear the protobuf msg above and reset it with the output arguments of the ecall.
        protobuf_extension_decryptor_msg.clear_ciphertext_client_public_key();
        protobuf_extension_decryptor_msg.clear_ciphertext_fields();
        create_protobuf_from_array(ciphertext_client_data, output_sizes_array, ecall_output_lengths[1],
         protobuf_extension_decryptor_msg);
        free(ciphertext_client_data);
        free(output_sizes_array);

        // write message to apache extension
        if (!protobufReadWrite::write_protobuf_msg_to_fd(fd, protobuf_extension_decryptor_msg)) {
            printf("Not all of the client's ciphertext data was written to the extension.\n");
            fflush(stdout);
            return 31;
        }

        /*
        gettimeofday(&tv2, NULL);
        new_time=tv2.tv_usec + tv2.tv_sec * 1000000;
        old_time=tv1.tv_usec + tv1.tv_sec * 1000000;
        bytes_written=sprintf(time_buf,  "%lu %lu\n", old_time, new_time);
        FileIO::write_to_fd(time_file_fd, time_buf, bytes_written);
        */

        return 0;
    }

    int prepare_local_attestation_as_responder_msg1(uint32_t own_enclave_id)
    {
        uint32_t protobuf_sgx_ret;
        protobuf_sgx_ret = generate_protobuf_dh_msg1(own_enclave_id, protobuf_msg1, &session_id);
        if (protobuf_sgx_ret != 0) {
            printf("Error in generate_protobuf_dh_msg1: 0x%x", protobuf_sgx_ret);
            fflush(stdout);
            return protobuf_sgx_ret;
        }
        return 0;
    }

    int setup_socket_for_local_attestation_requests(int port) {
        struct sockaddr_in own_addr;
        return Ipc::set_up_socket(port, &own_addr);
    }

    // TODO: CHANGED SIGNATURE.
    int local_attestation_as_responder_msg2_msg3(uint32_t own_enclave_id, int server_fd,
                                                                            int *accept_fd) {
        uint32_t protobuf_sgx_ret;
        struct sockaddr_storage apache_addr;
        socklen_t apache_addr_size = sizeof(apache_addr);

        int temp_accept_fd;
        temp_accept_fd = accept(server_fd, (struct sockaddr *) &apache_addr, &apache_addr_size);
        if (temp_accept_fd < 0) {
            printf("Error in accepting %d", errno);
            fflush(stdout);
            return temp_accept_fd;
        }
        *accept_fd = temp_accept_fd;

        protobuf_sgx_ret = local_attestation_msg2_msg3(own_enclave_id, temp_accept_fd);
        return protobuf_sgx_ret;
    }

    int post_local_attestation_with_verifier(uint32_t own_enclave_id, int accept_fd) {
        uint32_t protobuf_sgx_ret;
        uint8_t encrypted_apache_mrsigner_and_tag[150];
        size_t bytes_read;
        int count;

        printf("Here\n");
        fflush(stdout);
        bytes_read = FileIO::read_from_fd(accept_fd, encrypted_apache_mrsigner_and_tag, 60);
        if (bytes_read != 60) {
            printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n");
            fflush(stdout);
            return 0xfe;
        }

        for (count = 0; count < 60; count++)
            printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
        printf("\n");
        fflush(stdout);

        Decryptor_process_verifiers_message_wrapper(own_enclave_id, &protobuf_sgx_ret, encrypted_apache_mrsigner_and_tag,
                                                    60);
        if (protobuf_sgx_ret != 0) {
            printf("Error in decryption: 0x%x\n", protobuf_sgx_ret);
            fflush(stdout);
            return protobuf_sgx_ret;
        }

        printf("Successful decryption\n");
        fflush(stdout);
        close(accept_fd);
        uint8_t output[64];
        Decryptor_get_verifier_mrenclave_apache_mrsigner_wrapper(own_enclave_id, output);
        uint32_t counter;
        for (counter = 0; counter < 32; counter++)
            printf("0x%x ", output[counter]);
        printf("/n");
        for (counter = 32; counter < 64; counter++)
            printf("0x%x ", output[counter]);
        printf("/n");

        fflush(stdout);

        return 0;

    }

    int post_local_attestation_with_apache(uint32_t own_enclave_id, int accept_fd) {
        protobuf_post_LA_encrypted_msg_t protobuf_encrypted_msg;
        uint8_t encrypted_sign_data_and_sign_and_tag[200]; // 176+12 for IV = 188
        uint32_t op_length, internal_return_status, count, sgx_ret;
        uint8_t public_key[64];
        int time_file_fd;

        memset(encrypted_sign_data_and_sign_and_tag, 0x0, 200);

        Decryptor_create_and_encrypt_mitigator_header_H_wrapper(own_enclave_id, &sgx_ret,
                                                                encrypted_sign_data_and_sign_and_tag, &op_length);
        if (sgx_ret != 0) {
            printf("Error in generating encrypted mitigator header:0x%x\n", sgx_ret);
            fflush(stdout);
            return 0xf3;
        }

        for (count = 0; count < op_length; count++) {
            printf("0x%02x ", encrypted_sign_data_and_sign_and_tag[count]);
        }
        printf("\n");
        fflush(stdout);

        protobuf_encrypted_msg.set_msg((void *) encrypted_sign_data_and_sign_and_tag, op_length);
        if (protobufReadWrite::write_protobuf_msg_to_fd(accept_fd, protobuf_encrypted_msg) != 0) {
            printf("Not all of the mitigator token H was written to the Apache.\n");
            fflush(stdout);
            return 0xfe;
        }

        Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key);
        for (count = 0; count < 64; count++)
            printf("%02x ", public_key[count]);
        printf("\n");
        fflush(stdout);

        /*
        uint8_t *output_ciphertext_plus_tag = (uint8_t *) malloc(
                4100); // 12 bytes for ciphertext iv + 16 bytes for ciphertext tag = 28 byte
        uint8_t *input_ciphertext_plus_tag = (uint8_t *) malloc(4100);
        */
        time_file_fd = open("decryptor_time.txt", O_APPEND | O_WRONLY);

        do {
            internal_return_status = decrypt_client_data(own_enclave_id, accept_fd, time_file_fd);
        } while (internal_return_status == 0);


        close(accept_fd);
        close(time_file_fd);
        return internal_return_status;
    }

};