Browse Source

Works with modified decryptor - commit 0947cf3. JVM code causes it to go into a full signal loop whereas python code causes a sigsegv

dettanym 3 years ago
parent
commit
76723770fa
4 changed files with 14 additions and 20 deletions
  1. 2 3
      Makefile
  2. 7 9
      ProtobufLAInitiator.cpp
  3. 5 8
      systemMain.cpp
  4. BIN
      verifier

+ 2 - 3
Makefile

@@ -46,12 +46,11 @@ crypto.o: crypto.cpp
 
 verifier:  systemMain.o systemSealerWrapper.o SgxSealer.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o
 #	echo $(system_obj)
-	${CXX} -Wl,--noinhibit-exec systemMain.o crypto.o systemSealerWrapper.o SgxSealer.o  -L${Openssl_Path}/lib -lcrypto -lssl -L./ -l$(Service_Library_Name) -l$(Crypto_Library_Name) -L/home/m2mazmud/linux-sgx-trts-modified/build/linux -lsgx_tstdc -lsgx_trts -L/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server -ljvm  ${LD_FLAGS} -o $@ 
+	${CXX} -Wl,--no-undefined systemMain.o systemSealerWrapper.o SgxSealer.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o   -L${Openssl_Path}/lib -lcrypto -lssl -L./ -l$(Service_Library_Name) -l$(Crypto_Library_Name) -L/home/m2mazmud/linux-sgx-trts-modified/build/linux -lsgx_tstdc -lsgx_trts -L/usr/lib/jvm/java-8-openjdk-amd64/jre/lib/amd64/server -ljvm  ${LD_FLAGS} -lprotobuf  -o $@ 
 #-L/home/m2mazmud/linux-sgx-trts-modified/build/linux -lsgx_tstdc -lsgx_trts ${LD_FLAGS} -o $@ 
 
 #-Wl,-rpath,$(SGX_SDK)/lib64  systemMain.o  ${LD_FLAGS} -o $@
-#systemSealerWrapper.o SgxSealer.o 
-#ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o #
+#systemSealerWrapper.o SgxSealer.o ProtobufLAInitiator.o SgxProtobufLAInitiator.o SgxProtobufLAInitiator_Transforms.o ProtobufLAMessages.pb.o crypto.o
 #${LD_FLAGS} 
 #-L./ -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive  -L$(SGX_LIBRARY_PATH) -l$(Service_Library_Name) -l$(Crypto_Library_Name) -lsgx_tstdc 
 # -lprotobuf 

+ 7 - 9
ProtobufLAInitiator.cpp

@@ -104,11 +104,10 @@ int local_attestation_initiator(int port)
   protobuf_sgx_dh_msg2_t protobuf_msg2;
   protobuf_sgx_dh_msg3_t protobuf_msg3;
   uint32_t protobuf_sgx_ret;
-  uint8_t encrypted_hash[32]; uint8_t encrypted_tag[16]; size_t post_la_bytes_written;
+  uint8_t encrypted_hash_and_tag[48];// uint8_t encrypted_tag[16]; 
+size_t post_la_bytes_written;
   // For socket to listen to the Apache enclave.
-//  int server_fd=0; int accept_fd = 0;
-//  struct sockaddr_in own_addr;
-//  struct sockaddr_storage apache_addr; socklen_t apache_addr_size = sizeof(apache_addr);
+
   uint32_t session_id;
   //  int counter;
 
@@ -141,8 +140,8 @@ int local_attestation_initiator(int port)
   {
       printf("Error in process_protobuf_dh_msg3: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
   }
-  memset(encrypted_hash,0, 32); memset(encrypted_tag, 0, 16);
-  protobuf_sgx_ret=generate_encrypted_rsa_keypair_hash(encrypted_hash, encrypted_tag); 
+  memset(encrypted_hash_and_tag, 0, 48); 
+  protobuf_sgx_ret=generate_encrypted_rsa_keypair_hash(encrypted_hash_and_tag, encrypted_hash_and_tag + 32); 
   if(protobuf_sgx_ret==0)
   {
 	printf("Done encryption of hash.\n"); fflush(stdout); 
@@ -153,10 +152,9 @@ int local_attestation_initiator(int port)
 	}
   
 
-   post_la_bytes_written = write(decryptor_fd, encrypted_hash, 32);
-   post_la_bytes_written = write(decryptor_fd, encrypted_tag, 16);
+   post_la_bytes_written = write(decryptor_fd, encrypted_hash_and_tag, 48);
 
-   if(post_la_bytes_written != 16)
+   if(post_la_bytes_written != 48)
    {
 	printf("Not all of the post-LA message was written\n"); fflush(stdout); return 0xfe; 
 

+ 5 - 8
systemMain.cpp

@@ -34,7 +34,7 @@ int main(int argc, char** argv)
 {
 
 //	signal(SIGSEGV, SIG_IGN);  //sigsegv_handler); 
-	
+/*	
     JavaVM         *vm;
     JNIEnv         *env;
     JavaVMInitArgs  vm_args;
@@ -58,8 +58,6 @@ int main(int argc, char** argv)
     vm_args.ignoreUnrecognized = JNI_TRUE;
     vm_args.version  = JNI_VERSION_1_8;
 //	sleep(60); 
-
-	foo();
     if (JNI_CreateJavaVM(&vm, (void **)&env, &vm_args) != JNI_OK) {
         delete options;
 	printf("Failed to create Java VMn");
@@ -101,7 +99,7 @@ int main(int argc, char** argv)
       printf("Exception occurred\n"); fflush(stdout);
     }
 
-
+/*
   printf("HELLOWORLD\n");fflush(stdout); 
 //  Py_SetProgramName("verifier");  
   printf("HELLOWORLD 2\n"); fflush(stdout); 
@@ -113,8 +111,7 @@ int main(int argc, char** argv)
   Py_Finalize();
 //  return 0;
 
-
-
+*/
 
 
   uint8_t expected_apache_mr_signer[32] = {0};
@@ -169,7 +166,7 @@ int main(int argc, char** argv)
   fflush(stdout);
 
 
-/*
+
   return_sgx = local_attestation_initiator(DECRYPTOR_PORT);
   if(return_sgx != 0)
   {
@@ -187,7 +184,7 @@ int main(int argc, char** argv)
   }
   printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT);
   fflush(stdout);
-
+/*
 //  sleep(50);
   printf("\n z z z z z z  z z z z z z z  (sleeping for a bit) z z z z z  z z z (meant to emulate the '2nd' stage of validator, that will be rerun whenever Apache changes)\n");
   return_sgx = unseal_message_from_file(sealed_file_fd, recovered_plaintext, &expected_sealed_msg_size);

BIN
verifier