EnclaveMessageExchange.cpp 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx_trts.h"
  32. #include "sgx_utils.h"
  33. #include "EnclaveMessageExchange.h"
  34. #include "sgx_eid.h"
  35. #include "error_codes.h"
  36. #include "sgx_ecp_types.h"
  37. #include "sgx_thread.h"
  38. #include <map>
  39. #include "dh_session_protocol.h"
  40. #include "sgx_dh.h"
  41. #include "sgx_tcrypto.h"
  42. #include "LocalAttestationCode_t.h"
  43. #ifdef __cplusplus
  44. extern "C" {
  45. #endif
  46. uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length);
  47. uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length);
  48. uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity);
  49. #ifdef __cplusplus
  50. }
  51. #endif
  52. #define MAX_SESSION_COUNT 16
  53. //number of open sessions
  54. uint32_t g_session_count = 0;
  55. ATTESTATION_STATUS generate_session_id(uint32_t *session_id);
  56. ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id);
  57. //Array of open session ids
  58. session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT];
  59. //Map between the source enclave id and the session information associated with that particular session
  60. std::map<sgx_enclave_id_t, dh_session_t>g_dest_session_info_map;
  61. //Create a session with the destination enclave
  62. ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id,
  63. sgx_enclave_id_t dest_enclave_id,
  64. dh_session_t *session_info)
  65. {
  66. sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
  67. sgx_key_128bit_t dh_aek; // Session Key
  68. sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2
  69. sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3
  70. uint32_t session_id;
  71. uint32_t retstatus;
  72. sgx_status_t status = SGX_SUCCESS;
  73. sgx_dh_session_t sgx_dh_session;
  74. sgx_dh_session_enclave_identity_t responder_identity;
  75. if(!session_info)
  76. {
  77. return INVALID_PARAMETER_ERROR;
  78. }
  79. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  80. memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
  81. memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t));
  82. memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t));
  83. memset(session_info, 0, sizeof(dh_session_t));
  84. //Intialize the session as a session initiator
  85. status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
  86. if(SGX_SUCCESS != status)
  87. {
  88. return status;
  89. }
  90. //Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful
  91. status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id);
  92. if (status == SGX_SUCCESS)
  93. {
  94. if ((ATTESTATION_STATUS)retstatus != SUCCESS)
  95. return ((ATTESTATION_STATUS)retstatus);
  96. }
  97. else
  98. {
  99. return ATTESTATION_SE_ERROR;
  100. }
  101. //Process the message 1 obtained from desination enclave and generate message 2
  102. status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
  103. if(SGX_SUCCESS != status)
  104. {
  105. return status;
  106. }
  107. //Send Message 2 to Destination Enclave and get Message 3 in return
  108. status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id);
  109. if (status == SGX_SUCCESS)
  110. {
  111. if ((ATTESTATION_STATUS)retstatus != SUCCESS)
  112. return ((ATTESTATION_STATUS)retstatus);
  113. }
  114. else
  115. {
  116. return ATTESTATION_SE_ERROR;
  117. }
  118. //Process Message 3 obtained from the destination enclave
  119. status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
  120. if(SGX_SUCCESS != status)
  121. {
  122. return status;
  123. }
  124. // Verify the identity of the destination enclave
  125. if(verify_peer_enclave_trust(&responder_identity) != SUCCESS)
  126. {
  127. return INVALID_SESSION;
  128. }
  129. memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
  130. session_info->session_id = session_id;
  131. session_info->active.counter = 0;
  132. session_info->status = ACTIVE;
  133. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  134. return status;
  135. }
  136. //Handle the request from Source Enclave for a session
  137. ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id,
  138. sgx_dh_msg1_t *dh_msg1,
  139. uint32_t *session_id )
  140. {
  141. dh_session_t session_info;
  142. sgx_dh_session_t sgx_dh_session;
  143. sgx_status_t status = SGX_SUCCESS;
  144. if(!session_id || !dh_msg1)
  145. {
  146. return INVALID_PARAMETER_ERROR;
  147. }
  148. //Intialize the session as a session responder
  149. status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session);
  150. if(SGX_SUCCESS != status)
  151. {
  152. return status;
  153. }
  154. //get a new SessionID
  155. if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS)
  156. return status; //no more sessions available
  157. //Allocate memory for the session id tracker
  158. g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t));
  159. if(!g_session_id_tracker[*session_id])
  160. {
  161. return MALLOC_ERROR;
  162. }
  163. memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t));
  164. g_session_id_tracker[*session_id]->session_id = *session_id;
  165. session_info.status = IN_PROGRESS;
  166. //Generate Message1 that will be returned to Source Enclave
  167. status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session);
  168. if(SGX_SUCCESS != status)
  169. {
  170. SAFE_FREE(g_session_id_tracker[*session_id]);
  171. return status;
  172. }
  173. memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t));
  174. //Store the session information under the correspoding source enlave id key
  175. g_dest_session_info_map.insert(std::pair<sgx_enclave_id_t, dh_session_t>(src_enclave_id, session_info));
  176. return status;
  177. }
  178. //Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave
  179. ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id,
  180. sgx_dh_msg2_t *dh_msg2,
  181. sgx_dh_msg3_t *dh_msg3,
  182. uint32_t session_id)
  183. {
  184. sgx_key_128bit_t dh_aek; // Session key
  185. dh_session_t *session_info;
  186. ATTESTATION_STATUS status = SUCCESS;
  187. sgx_dh_session_t sgx_dh_session;
  188. sgx_dh_session_enclave_identity_t initiator_identity;
  189. if(!dh_msg2 || !dh_msg3)
  190. {
  191. return INVALID_PARAMETER_ERROR;
  192. }
  193. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  194. do
  195. {
  196. //Retreive the session information for the corresponding source enclave id
  197. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
  198. if(it != g_dest_session_info_map.end())
  199. {
  200. session_info = &it->second;
  201. }
  202. else
  203. {
  204. status = INVALID_SESSION;
  205. break;
  206. }
  207. if(session_info->status != IN_PROGRESS)
  208. {
  209. status = INVALID_SESSION;
  210. break;
  211. }
  212. memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t));
  213. dh_msg3->msg3_body.additional_prop_length = 0;
  214. //Process message 2 from source enclave and obtain message 3
  215. sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2,
  216. dh_msg3,
  217. &sgx_dh_session,
  218. &dh_aek,
  219. &initiator_identity);
  220. if(SGX_SUCCESS != se_ret)
  221. {
  222. status = se_ret;
  223. break;
  224. }
  225. //Verify source enclave's trust
  226. if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS)
  227. {
  228. return INVALID_SESSION;
  229. }
  230. //save the session ID, status and initialize the session nonce
  231. session_info->session_id = session_id;
  232. session_info->status = ACTIVE;
  233. session_info->active.counter = 0;
  234. memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
  235. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  236. g_session_count++;
  237. }while(0);
  238. if(status != SUCCESS)
  239. {
  240. end_session(src_enclave_id);
  241. }
  242. return status;
  243. }
  244. //Request for the response size, send the request message to the destination enclave and receive the response message back
  245. ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id,
  246. sgx_enclave_id_t dest_enclave_id,
  247. dh_session_t *session_info,
  248. char *inp_buff,
  249. size_t inp_buff_len,
  250. size_t max_out_buff_size,
  251. char **out_buff,
  252. size_t* out_buff_len)
  253. {
  254. const uint8_t* plaintext;
  255. uint32_t plaintext_length;
  256. sgx_status_t status;
  257. uint32_t retstatus;
  258. secure_message_t* req_message;
  259. secure_message_t* resp_message;
  260. uint8_t *decrypted_data;
  261. uint32_t decrypted_data_length;
  262. uint32_t plain_text_offset;
  263. uint8_t l_tag[TAG_SIZE];
  264. size_t max_resp_message_length;
  265. plaintext = (const uint8_t*)(" ");
  266. plaintext_length = 0;
  267. if(!session_info || !inp_buff)
  268. {
  269. return INVALID_PARAMETER_ERROR;
  270. }
  271. //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
  272. if(session_info->active.counter == ((uint32_t) - 2))
  273. {
  274. close_session(src_enclave_id, dest_enclave_id);
  275. create_session(src_enclave_id, dest_enclave_id, session_info);
  276. }
  277. //Allocate memory for the AES-GCM request message
  278. req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len);
  279. if(!req_message)
  280. {
  281. return MALLOC_ERROR;
  282. }
  283. memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len);
  284. const uint32_t data2encrypt_length = (uint32_t)inp_buff_len;
  285. //Set the payload size to data to encrypt length
  286. req_message->message_aes_gcm_data.payload_size = data2encrypt_length;
  287. //Use the session nonce as the payload IV
  288. memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
  289. //Set the session ID of the message to the current session id
  290. req_message->session_id = session_info->session_id;
  291. //Prepare the request message with the encrypted payload
  292. status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length,
  293. reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.payload)),
  294. reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
  295. sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
  296. &(req_message->message_aes_gcm_data.payload_tag));
  297. if(SGX_SUCCESS != status)
  298. {
  299. SAFE_FREE(req_message);
  300. return status;
  301. }
  302. //Allocate memory for the response payload to be copied
  303. *out_buff = (char*)malloc(max_out_buff_size);
  304. if(!*out_buff)
  305. {
  306. SAFE_FREE(req_message);
  307. return MALLOC_ERROR;
  308. }
  309. memset(*out_buff, 0, max_out_buff_size);
  310. //Allocate memory for the response message
  311. resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size);
  312. if(!resp_message)
  313. {
  314. SAFE_FREE(req_message);
  315. return MALLOC_ERROR;
  316. }
  317. memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size);
  318. //Ocall to send the request to the Destination Enclave and get the response message back
  319. status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message,
  320. (sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size,
  321. resp_message, (sizeof(secure_message_t)+ max_out_buff_size));
  322. if (status == SGX_SUCCESS)
  323. {
  324. if ((ATTESTATION_STATUS)retstatus != SUCCESS)
  325. {
  326. SAFE_FREE(req_message);
  327. SAFE_FREE(resp_message);
  328. return ((ATTESTATION_STATUS)retstatus);
  329. }
  330. }
  331. else
  332. {
  333. SAFE_FREE(req_message);
  334. SAFE_FREE(resp_message);
  335. return ATTESTATION_SE_ERROR;
  336. }
  337. max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size;
  338. if(sizeof(resp_message) > max_resp_message_length)
  339. {
  340. SAFE_FREE(req_message);
  341. SAFE_FREE(resp_message);
  342. return INVALID_PARAMETER_ERROR;
  343. }
  344. //Code to process the response message from the Destination Enclave
  345. decrypted_data_length = resp_message->message_aes_gcm_data.payload_size;
  346. plain_text_offset = decrypted_data_length;
  347. decrypted_data = (uint8_t*)malloc(decrypted_data_length);
  348. if(!decrypted_data)
  349. {
  350. SAFE_FREE(req_message);
  351. SAFE_FREE(resp_message);
  352. return MALLOC_ERROR;
  353. }
  354. memset(&l_tag, 0, 16);
  355. memset(decrypted_data, 0, decrypted_data_length);
  356. //Decrypt the response message payload
  357. status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload,
  358. decrypted_data_length, decrypted_data,
  359. reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)),
  360. sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
  361. &resp_message->message_aes_gcm_data.payload_tag);
  362. if(SGX_SUCCESS != status)
  363. {
  364. SAFE_FREE(req_message);
  365. SAFE_FREE(decrypted_data);
  366. SAFE_FREE(resp_message);
  367. return status;
  368. }
  369. // Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks)
  370. if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 ))
  371. {
  372. SAFE_FREE(req_message);
  373. SAFE_FREE(resp_message);
  374. SAFE_FREE(decrypted_data);
  375. return INVALID_PARAMETER_ERROR;
  376. }
  377. //Update the value of the session nonce in the source enclave
  378. session_info->active.counter = session_info->active.counter + 1;
  379. memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length));
  380. memcpy(*out_buff, decrypted_data, decrypted_data_length);
  381. SAFE_FREE(decrypted_data);
  382. SAFE_FREE(req_message);
  383. SAFE_FREE(resp_message);
  384. return SUCCESS;
  385. }
  386. //Process the request from the Source enclave and send the response message back to the Source enclave
  387. ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id,
  388. secure_message_t* req_message,
  389. size_t req_message_size,
  390. size_t max_payload_size,
  391. secure_message_t* resp_message,
  392. size_t resp_message_size)
  393. {
  394. const uint8_t* plaintext;
  395. uint32_t plaintext_length;
  396. uint8_t *decrypted_data;
  397. uint32_t decrypted_data_length;
  398. uint32_t plain_text_offset;
  399. ms_in_msg_exchange_t * ms;
  400. size_t resp_data_length;
  401. size_t resp_message_calc_size;
  402. char* resp_data;
  403. uint8_t l_tag[TAG_SIZE];
  404. size_t header_size, expected_payload_size;
  405. dh_session_t *session_info;
  406. secure_message_t* temp_resp_message;
  407. uint32_t ret;
  408. sgx_status_t status;
  409. plaintext = (const uint8_t*)(" ");
  410. plaintext_length = 0;
  411. if(!req_message || !resp_message)
  412. {
  413. return INVALID_PARAMETER_ERROR;
  414. }
  415. //Get the session information from the map corresponding to the source enclave id
  416. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
  417. if(it != g_dest_session_info_map.end())
  418. {
  419. session_info = &it->second;
  420. }
  421. else
  422. {
  423. return INVALID_SESSION;
  424. }
  425. if(session_info->status != ACTIVE)
  426. {
  427. return INVALID_SESSION;
  428. }
  429. //Set the decrypted data length to the payload size obtained from the message
  430. decrypted_data_length = req_message->message_aes_gcm_data.payload_size;
  431. header_size = sizeof(secure_message_t);
  432. expected_payload_size = req_message_size - header_size;
  433. //Verify the size of the payload
  434. if(expected_payload_size != decrypted_data_length)
  435. return INVALID_PARAMETER_ERROR;
  436. memset(&l_tag, 0, 16);
  437. plain_text_offset = decrypted_data_length;
  438. decrypted_data = (uint8_t*)malloc(decrypted_data_length);
  439. if(!decrypted_data)
  440. {
  441. return MALLOC_ERROR;
  442. }
  443. memset(decrypted_data, 0, decrypted_data_length);
  444. //Decrypt the request message payload from source enclave
  445. status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload,
  446. decrypted_data_length, decrypted_data,
  447. reinterpret_cast<uint8_t *>(&(req_message->message_aes_gcm_data.reserved)),
  448. sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length,
  449. &req_message->message_aes_gcm_data.payload_tag);
  450. if(SGX_SUCCESS != status)
  451. {
  452. SAFE_FREE(decrypted_data);
  453. return status;
  454. }
  455. //Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call)
  456. ms = (ms_in_msg_exchange_t *)decrypted_data;
  457. // Verify if the nonce obtained in the request is equal to the session nonce
  458. if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2))
  459. {
  460. SAFE_FREE(decrypted_data);
  461. return INVALID_PARAMETER_ERROR;
  462. }
  463. if(ms->msg_type == MESSAGE_EXCHANGE)
  464. {
  465. //Call the generic secret response generator for message exchange
  466. ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length);
  467. if(ret !=0)
  468. {
  469. SAFE_FREE(decrypted_data);
  470. SAFE_FREE(resp_data);
  471. return INVALID_SESSION;
  472. }
  473. }
  474. else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL)
  475. {
  476. //Call the destination enclave's dispatcher to call the appropriate function in the destination enclave
  477. ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length);
  478. if(ret !=0)
  479. {
  480. SAFE_FREE(decrypted_data);
  481. SAFE_FREE(resp_data);
  482. return INVALID_SESSION;
  483. }
  484. }
  485. else
  486. {
  487. SAFE_FREE(decrypted_data);
  488. return INVALID_REQUEST_TYPE_ERROR;
  489. }
  490. if(resp_data_length > max_payload_size)
  491. {
  492. SAFE_FREE(resp_data);
  493. SAFE_FREE(decrypted_data);
  494. return OUT_BUFFER_LENGTH_ERROR;
  495. }
  496. resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length;
  497. if(resp_message_calc_size > resp_message_size)
  498. {
  499. SAFE_FREE(resp_data);
  500. SAFE_FREE(decrypted_data);
  501. return OUT_BUFFER_LENGTH_ERROR;
  502. }
  503. //Code to build the response back to the Source Enclave
  504. temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size);
  505. if(!temp_resp_message)
  506. {
  507. SAFE_FREE(resp_data);
  508. SAFE_FREE(decrypted_data);
  509. return MALLOC_ERROR;
  510. }
  511. memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length);
  512. const uint32_t data2encrypt_length = (uint32_t)resp_data_length;
  513. temp_resp_message->session_id = session_info->session_id;
  514. temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length;
  515. //Increment the Session Nonce (Replay Protection)
  516. session_info->active.counter = session_info->active.counter + 1;
  517. //Set the response nonce as the session nonce
  518. memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter));
  519. //Prepare the response message with the encrypted payload
  520. status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length,
  521. reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.payload)),
  522. reinterpret_cast<uint8_t *>(&(temp_resp_message->message_aes_gcm_data.reserved)),
  523. sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length,
  524. &(temp_resp_message->message_aes_gcm_data.payload_tag));
  525. if(SGX_SUCCESS != status)
  526. {
  527. SAFE_FREE(resp_data);
  528. SAFE_FREE(decrypted_data);
  529. SAFE_FREE(temp_resp_message);
  530. return status;
  531. }
  532. memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length);
  533. memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length);
  534. SAFE_FREE(decrypted_data);
  535. SAFE_FREE(resp_data);
  536. SAFE_FREE(temp_resp_message);
  537. return SUCCESS;
  538. }
  539. //Close a current session
  540. ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id,
  541. sgx_enclave_id_t dest_enclave_id)
  542. {
  543. sgx_status_t status;
  544. uint32_t retstatus;
  545. //Ocall to ask the destination enclave to end the session
  546. status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id);
  547. if (status == SGX_SUCCESS)
  548. {
  549. if ((ATTESTATION_STATUS)retstatus != SUCCESS)
  550. return ((ATTESTATION_STATUS)retstatus);
  551. }
  552. else
  553. {
  554. return ATTESTATION_SE_ERROR;
  555. }
  556. return SUCCESS;
  557. }
  558. //Respond to the request from the Source Enclave to close the session
  559. ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id)
  560. {
  561. ATTESTATION_STATUS status = SUCCESS;
  562. int i;
  563. dh_session_t session_info;
  564. uint32_t session_id;
  565. //Get the session information from the map corresponding to the source enclave id
  566. std::map<sgx_enclave_id_t, dh_session_t>::iterator it = g_dest_session_info_map.find(src_enclave_id);
  567. if(it != g_dest_session_info_map.end())
  568. {
  569. session_info = it->second;
  570. }
  571. else
  572. {
  573. return INVALID_SESSION;
  574. }
  575. session_id = session_info.session_id;
  576. //Erase the session information for the current session
  577. g_dest_session_info_map.erase(src_enclave_id);
  578. //Update the session id tracker
  579. if (g_session_count > 0)
  580. {
  581. //check if session exists
  582. for (i=1; i <= MAX_SESSION_COUNT; i++)
  583. {
  584. if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id)
  585. {
  586. memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t));
  587. SAFE_FREE(g_session_id_tracker[i-1]);
  588. g_session_count--;
  589. break;
  590. }
  591. }
  592. }
  593. return status;
  594. }
  595. //Returns a new sessionID for the source destination session
  596. ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
  597. {
  598. ATTESTATION_STATUS status = SUCCESS;
  599. if(!session_id)
  600. {
  601. return INVALID_PARAMETER_ERROR;
  602. }
  603. //if the session structure is untintialized, set that as the next session ID
  604. for (int i = 0; i < MAX_SESSION_COUNT; i++)
  605. {
  606. if (g_session_id_tracker[i] == NULL)
  607. {
  608. *session_id = i;
  609. return status;
  610. }
  611. }
  612. status = NO_AVAILABLE_SESSION_ERROR;
  613. return status;
  614. }