Enclave.cpp 6.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "string.h"
  32. #include "stdlib.h"
  33. #include "stdio.h"
  34. #include "sgx_trts.h"
  35. #include "sgx_thread.h"
  36. #include "sgx_tseal.h"
  37. #include "Enclave_t.h"
  38. uint32_t g_secret;
  39. sgx_thread_mutex_t g_mutex = SGX_THREAD_MUTEX_INITIALIZER;
  40. static inline void free_allocated_memory(void *pointer)
  41. {
  42. if(pointer != NULL)
  43. {
  44. free(pointer);
  45. pointer = NULL;
  46. }
  47. }
  48. int initialize_enclave(struct sealed_buf_t *sealed_buf)
  49. {
  50. // sealed_buf == NULL indicates it is the first time to initialize the enclave
  51. if(sealed_buf == NULL)
  52. {
  53. sgx_thread_mutex_lock(&g_mutex);
  54. g_secret = 0;
  55. sgx_thread_mutex_unlock(&g_mutex);
  56. return 0;
  57. }
  58. // It is not the first time to initialize the enclave
  59. // Reinitialize the enclave to recover the secret data from the input backup sealed data.
  60. uint32_t len = sizeof(sgx_sealed_data_t) + sizeof(uint32_t);
  61. //Check the sealed_buf length and check the outside pointers deeply
  62. if(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)] == NULL ||
  63. sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)] == NULL ||
  64. !sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], len) ||
  65. !sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], len))
  66. {
  67. print("Incorrect input parameter(s).\n");
  68. return -1;
  69. }
  70. // Retrieve the secret from current backup sealed data
  71. uint32_t unsealed_data = 0;
  72. uint32_t unsealed_data_length = sizeof(g_secret);
  73. uint8_t *plain_text = NULL;
  74. uint32_t plain_text_length = 0;
  75. uint8_t *temp_sealed_buf = (uint8_t *)malloc(len);
  76. if(temp_sealed_buf == NULL)
  77. {
  78. print("Out of memory.\n");
  79. return -1;
  80. }
  81. sgx_thread_mutex_lock(&g_mutex);
  82. memcpy(temp_sealed_buf, sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], len);
  83. // Unseal current sealed buf
  84. sgx_status_t ret = sgx_unseal_data((sgx_sealed_data_t *)temp_sealed_buf, plain_text, &plain_text_length, (uint8_t *)&unsealed_data, &unsealed_data_length);
  85. if(ret == SGX_SUCCESS)
  86. {
  87. g_secret = unsealed_data;
  88. sgx_thread_mutex_unlock(&g_mutex);
  89. free_allocated_memory(temp_sealed_buf);
  90. return 0;
  91. }
  92. else
  93. {
  94. sgx_thread_mutex_unlock(&g_mutex);
  95. print("Failed to reinitialize the enclave.\n");
  96. free_allocated_memory(temp_sealed_buf);
  97. return -1;
  98. }
  99. }
  100. int increase_and_seal_data(size_t tid, struct sealed_buf_t* sealed_buf)
  101. {
  102. uint32_t sealed_len = sizeof(sgx_sealed_data_t) + sizeof(g_secret);
  103. // Check the sealed_buf length and check the outside pointers deeply
  104. if(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)] == NULL ||
  105. sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)] == NULL ||
  106. !sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index)], sealed_len) ||
  107. !sgx_is_outside_enclave(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], sealed_len))
  108. {
  109. print("Incorrect input parameter(s).\n");
  110. return -1;
  111. }
  112. char string_buf[BUFSIZ] = {'\0'};
  113. uint32_t temp_secret = 0;
  114. uint8_t *plain_text = NULL;
  115. uint32_t plain_text_length = 0;
  116. uint8_t *temp_sealed_buf = (uint8_t *)malloc(sealed_len);
  117. if(temp_sealed_buf == NULL)
  118. {
  119. print("Out of memory.\n");
  120. return -1;
  121. }
  122. memset(temp_sealed_buf, 0, sealed_len);
  123. sgx_thread_mutex_lock(&g_mutex);
  124. // Increase and seal the secret data
  125. temp_secret = ++g_secret;
  126. sgx_status_t ret = sgx_seal_data(plain_text_length, plain_text, sizeof(g_secret), (uint8_t *)&g_secret, sealed_len, (sgx_sealed_data_t *)temp_sealed_buf);
  127. if(ret != SGX_SUCCESS)
  128. {
  129. sgx_thread_mutex_unlock(&g_mutex);
  130. print("Failed to seal data\n");
  131. free_allocated_memory(temp_sealed_buf);
  132. return -1;
  133. }
  134. // Backup the sealed data to outside buffer
  135. memcpy(sealed_buf->sealed_buf_ptr[MOD2(sealed_buf->index + 1)], temp_sealed_buf, sealed_len);
  136. sealed_buf->index++;
  137. sgx_thread_mutex_unlock(&g_mutex);
  138. free_allocated_memory(temp_sealed_buf);
  139. // Ocall to print the unsealed secret data outside.
  140. // In theory, the secret data(s) SHOULD NOT be transferred outside the enclave as clear text(s).
  141. // So please DO NOT print any secret outside. Here printing the secret data to outside is only for demo.
  142. snprintf(string_buf, BUFSIZ, "Thread %#x>: %u\n", (unsigned int)tid, (unsigned int)temp_secret);
  143. print(string_buf);
  144. return 0;
  145. }