Browse Source

Fixes before compiling. Went through TODOs etc.

dettanym 4 years ago
parent
commit
28daf84a99
8 changed files with 79 additions and 53 deletions
  1. 7 24
      DeploymentStageLogic.cpp
  2. 8 1
      DeploymentStageLogic.h
  3. 5 5
      LAInitiator_Protobuf.cpp
  4. 2 6
      LAInitiator_Protobuf.h
  5. 33 3
      PostLAMessaging.cpp
  6. 4 1
      PostLAMessaging.h
  7. 8 8
      crypto.cpp
  8. 12 5
      systemMain.cpp

+ 7 - 24
DeploymentStageLogic.cpp

@@ -37,7 +37,7 @@ int set_up_socket_connect(int port)
     return sock;
 }
 
-uint32_t set_target_hash(uint8_t* given_hash)
+void set_target_hash(uint8_t* given_hash)
 {
     uint32_t counter;
     for(counter=0; counter<32; counter++)
@@ -48,13 +48,15 @@ int main_logic()
 {
     int decryptor_fd;
     uint8_t key[16];
+    uint32_t ret_status
 
     // Set up an IPC channel for local attestation and post-LA messages.
     decryptor_fd = set_up_socket_connect(port);
     if(decryptor_fd == -1)
     {
-        perror("\nCould not set up the socket: had the following error: ");
-        fflush(stderr);
+        printf("\nCould not set up the socket: had the following error: ");
+        fflush(stdout);
+        return 0x1;
     }
 
     // Conduct LA.
@@ -66,30 +68,11 @@ int main_logic()
     postLAMessaging.set_fd(decryptor_fd);
 
     // Use the symmetric key from LA to send messages for the rest of the deployment stage.
-    postLAMessaging.set_la_symmetric_key(laInitiator.get_la_symmetric_key(key));
+    laInitiator.get_la_symmetric_key(key);
+    postLAMessaging.set_la_symmetric_key(key);
 
     // Send the target's hash to the decryptor enclave.
     return send_secure_msg(target_hash, 32);
 }
 
-/*
-uint32_t generate_encrypted_rsa_keypair_hash(uint8_t* op_ciphertext, uint32_t* length)
-{
-
-    uint8_t tag[16];
-    int ciphertext_len;// int plaintext_len=32;
-    uint8_t iv[12];
-    memset(iv, 0, 12);
-    return_status=aes_cipher(1, key, iv, hash, 32, op_ciphertext,  &ciphertext_len, tag);
-    if(return_status == 0)
-    {
-        for(counter=0;counter<12;counter++)
-            op_ciphertext[counter+ ciphertext_len] = iv[counter];
-        for(counter=0;counter<16;counter++)
-            op_ciphertext[counter+ ciphertext_len + 12] = tag[counter];
-        ciphertext_len+=28;
-        *length=ciphertext_len;
-    }
-}
-*/
 

+ 8 - 1
DeploymentStageLogic.h

@@ -4,6 +4,13 @@
 
 #ifndef VERIFIER_DEPLOYMENTSTAGELOGIC_H
 #define VERIFIER_DEPLOYMENTSTAGELOGIC_H
+#include "stdio.h"
+// For socket programming
+#include <arpa/inet.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include "PostLAMessaging.h"
+#include "LAInitiator_Protobuf.h"
 
 
 class DeploymentStageLogic {
@@ -17,7 +24,7 @@ public:
     //	if(return_status!=0)
     //		return return_status;
 
-    uint32_t set_target_hash(uint8_t* given_hash);
+    void set_target_hash(uint8_t* given_hash);
     int set_up_socket_connect(int port);
     int main_logic();
 };

+ 5 - 5
LAInitiator_Protobuf.cpp

@@ -1,5 +1,5 @@
 
-uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2)
+uint32_t LAInitiator_Protobuf::process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2)
 {
   sgx_dh_msg1_t dh_msg1;            //Diffie-Hellman Message 1
   sgx_dh_msg2_t dh_msg2;
@@ -23,7 +23,7 @@ uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1
   return 0;
 }
 
-uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3) {
+uint32_t LAInitiator_Protobuf::process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3) {
 
   uint32_t ret_status;
   sgx_dh_msg3_t dh_msg3;
@@ -41,6 +41,7 @@ uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3) {
     return ret_status;
 
   memcpy(global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
+  memcpy(key, &dh_aek, sizeof(sgx_key_128bit_t));
   global_session_info.session_id = 1; // TODO: session_id;
   global_session_info.active.counter = 0;
   global_session_info.status = ACTIVE;
@@ -49,7 +50,7 @@ uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3) {
   return 0;
 }
 
-uint32_t conduct_la(int decryptor_fd) {
+uint32_t LAInitiator_Protobuf::conduct_la(int decryptor_fd) {
     // declare msg1, msg2, msg3 protobuf objects
     protobuf_sgx_dh_msg1_t protobuf_msg1;
     protobuf_sgx_dh_msg2_t protobuf_msg2;
@@ -83,10 +84,9 @@ uint32_t conduct_la(int decryptor_fd) {
     return 0;
 }
 
-uint32_t get_la_symmetric_key(uint8_t* op_key)
+uint32_t LAInitiator_Protobuf::get_la_symmetric_key(uint8_t* op_key)
 {
     uint32_t counter;
     for(counter=0; counter<32; counter++)
         op_key[counter] = key[counter];
-    // TODO: Fix this code - there is no attribute called key - it's in one of the existing attributes.
 }

+ 2 - 6
LAInitiator_Protobuf.h

@@ -25,17 +25,13 @@
 #define SGX_CAST(type, item) ((type)(item))
 #include <string.h>
 #include "crypto.h"
-#include "stdio.h"
-
-// For socket programming
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
+#include "ProtobufMessageRW.h"
 
 class LAInitiator_Protobuf {
     sgx_dh_session_t sgx_dh_session;
     dh_session_t global_session_info;
     ProtobufMessageRW protobufReaderWriter;
+    uint8_t key[16];
     uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
     uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2, uint32_t* session_id);
 public:

+ 33 - 3
PostLAMessaging.cpp

@@ -4,6 +4,37 @@
 
 #include "PostLAMessaging.h"
 
+uint32_t aes_gcm_wrapper(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length)
+{
+    uint32_t actual_plaintext_length=plaintext_length;
+    uint8_t tag[16];uint32_t counter, return_status;
+    uint8_t iv[12];
+    if(enc == 0)
+    {
+        for(counter=0;counter<16;counter++)
+            tag[counter]=plaintext[counter+plaintext_length-16];
+        for(counter=0;counter<12;counter++)
+            iv[counter]=plaintext[counter+plaintext_length-28];
+        actual_plaintext_length-=28;
+    }
+    else
+    {
+        return_status=sgx_read_rand(iv, 12);
+        if(return_status != 0)
+            return return_status;
+    }
+    return_status = aes_gcm_128(enc, key, iv, plaintext, actual_plaintext_length, ciphertext, ciphertext_length, tag);
+    if(enc == 1 && return_status == 0)
+    {
+        for(counter=0;counter<12;counter++)
+            ciphertext[counter + *ciphertext_length] = iv[counter];
+        for(counter=0;counter<16;counter++)
+            ciphertext[counter + 12 + *ciphertext_length] = tag[counter];
+        *ciphertext_length=*ciphertext_length + 28;
+    }
+    return return_status;
+}
+
 // The verifier doesn't receive any messages (in the deployment stage or at all)
 uint32_t send_secure_msg(uint8_t* input, uint32_t input_size)
 {
@@ -12,13 +43,12 @@ uint32_t send_secure_msg(uint8_t* input, uint32_t input_size)
     google::protobuf::MessageLite protobuf_msg;
 
     output = (unsigned char*) malloc(output, input_size + 28); // 16 for tag, 12 for IV
-    // TODO: Make sure this is the same as in the PHP extension code.
-    ret = aes_gcm_wrapper(1, input, input_size, output, output_size );
+    ret = aes_gcm_wrapper(1, input, input_size, output, &output_size );
     if(ret != 0)
         return ret;
 
     // TODO: Conversion logic to protobuf. Set msg or whatever.
-    if(!protobufReaderWriter.write_msg(protobuf_msg))
+    if(protobufReaderWriter.write_msg(protobuf_msg) != 0)
         return 0x3;
     return 0;
 }

+ 4 - 1
PostLAMessaging.h

@@ -4,10 +4,13 @@
 
 #ifndef VERIFIER_POSTLAMESSAGING_H
 #define VERIFIER_POSTLAMESSAGING_H
-
+#include "sgx_trts.h" // for sgx_read_rand
+#include "crypto.h"
+#include "ProtobufMessageRW.h"
 class PostLAMessaging {
     uint8_t key[16];
     ProtobufMessageRW protobufReaderWriter;
+    uint32_t aes_gcm_wrapper(int enc, uint8_t* plaintext, uint32_t plaintext_length, uint8_t* ciphertext, uint32_t* ciphertext_length);
 public:
     void set_la_symmetric_key(uint8_t* given_key);
     void set_fd(uint8_t* given_fd);

+ 8 - 8
crypto.cpp

@@ -132,8 +132,8 @@ void crypto_cleanup()
 	EVP_CIPHER_CTX_free(ctx); 
 }
 
-// Code adapted from here: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption 
-int aes_cipher(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, int plaintext_len, unsigned char *ciphertext,  int* op_ciphertext_len, unsigned char* tag)
+// Code adapted from here: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption
+int aes_gcm_128(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, int plaintext_len, unsigned char *ciphertext,  int* op_ciphertext_len, unsigned char* tag)
 {
 	int len;
 	int ciphertext_len;
@@ -172,7 +172,7 @@ int aes_cipher(int enc, unsigned char *key, unsigned char *iv, unsigned char* pl
                 {
                        reset_return = EVP_CIPHER_CTX_reset(ctx);
                        ERR_print_errors_fp(stderr); fflush(stderr);
-                       if(1 != reset_return) 
+                       if(1 != reset_return)
                                 return 0xF5;
                         return 0x5;
                 }
@@ -182,8 +182,8 @@ int aes_cipher(int enc, unsigned char *key, unsigned char *iv, unsigned char* pl
 	/* Finalise the encryption. Normally ciphertext bytes may be written at
 	 * this stage, but this does not occur in GCM mode
 	 */
-	// TODO: ^^^ Why the heck does it not occur in GCM mode ? 
-	if(1 != EVP_CipherFinal_ex(ctx, ciphertext + len, &len)) 
+	// TODO: ^^^ Why the heck does it not occur in GCM mode ?
+	if(1 != EVP_CipherFinal_ex(ctx, ciphertext + len, &len))
 	{
 		reset_return = EVP_CIPHER_CTX_reset(ctx);
 		ERR_print_errors_fp(stderr); fflush(stderr);
@@ -200,7 +200,7 @@ int aes_cipher(int enc, unsigned char *key, unsigned char *iv, unsigned char* pl
 		{
                 	reset_return = EVP_CIPHER_CTX_reset(ctx);
                 	ERR_print_errors_fp(stderr); fflush(stderr);
-                	if(1 != reset_return) 
+                	if(1 != reset_return)
                         	return 0xF5;
 	                return 0x5;
 		}
@@ -210,10 +210,10 @@ int aes_cipher(int enc, unsigned char *key, unsigned char *iv, unsigned char* pl
 	if(1 != EVP_CIPHER_CTX_reset(ctx))
 	{
 		ERR_print_errors_fp(stderr); fflush(stderr);
-		return 0xF0; 
+		return 0xF0;
 	}
 
-	*op_ciphertext_len=ciphertext_len; 
+	*op_ciphertext_len=ciphertext_len;
 	return 0;
 }
 

+ 12 - 5
systemMain.cpp

@@ -162,12 +162,19 @@ int main(int argc, char** argv)
   printf("\nSuccessfully sealed the plaintext %s to length 0x%x.\n", apache_signature_keypair_private.c_str(), expected_sealed_msg_size);
   fflush(stdout);
 
-    uint8_t hash[32] = {0x54,0x24,0x5d,0x63,0x5c,0x8f,0xec,0xcf,0x37,0xb9,0xcf,0x9e,0xb8,0xd3,0x22,0x04,0x57,0x5b,0xb2,0xfc,0xa6,0xd3,0x11,0xfb,0x87,0xb7,0x01,0x06,0x2f,0x18,0x25,0xc1};
-    // TODO: Error conditions.
+    uint8_t target_hash[32] = {0x54,0x24,0x5d,0x63,0x5c,0x8f,0xec,0xcf,0x37,0xb9,0xcf,0x9e,0xb8,0xd3,0x22,0x04,0x57,0x5b,0xb2,0xfc,0xa6,0xd3,0x11,0xfb,0x87,0xb7,0x01,0x06,0x2f,0x18,0x25,0xc1};
     DeploymentStageLogic deploymentStage;
-    deploymentStage.set_target_hash(hash);
-    deploymentStage.set_up_socket_connect(DECRYPTOR_PORT);
-    deploymentStage.main_logic();
+
+    deploymentStage.set_target_hash(target_hash);
+
+    int ret_status = deploymentStage.set_up_socket_connect(DECRYPTOR_PORT);
+    if(ret_status != 0)
+        return ret_status;
+
+    ret_status = deploymentStage.main_logic();
+    if(ret_status != 0)
+        return ret_status;
+
   printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT);
   fflush(stdout);
 /*