#include #include #include #include #include #include #include #include "ipc.h" #include "SgxLAInititator.h" #include "SealerWrapper.h" #include "SgxCrypto.h" using namespace std; #define DECRYPTOR_PORT 3825 #define SGX_HASH_SIZE 32 int __ImageBase=0; int verify_apache(std::string& path, std::string& keypair) {return 0; } int local_attestation(int port, uint8_t* mr_enclave, uint8_t* mr_signer, uint8_t* send_mr_signer) { int decryptor_fd; setbuf(stdout,NULL); decryptor_fd=set_up_socket_connect(port); if(decryptor_fd!=-1) { printf("Set up a socket with the other module\n"); return create_session(decryptor_fd, mr_enclave, mr_signer, send_mr_signer); } else return 0xFFFFFFFF; } int main(int argc, char** argv) { // TODO: Generation of keys used to sign Apache Enclave. uint8_t expected_apache_mr_signer[SGX_HASH_SIZE] = {0x3}; std::string apache_signature_keypair_private("1234567890"); std::string apache_public_key; uint8_t decryptor_mr_enclave[SGX_HASH_SIZE] = {0x1}; uint8_t decryptor_mr_signer[SGX_HASH_SIZE] = {0x2}; uint32_t return_sgx; uint32_t return_internal; std::string recovered_plaintext; uint32_t expected_sealed_msg_size=0; /* printf("about to generate rsa key pair\n"); fflush(stdout); return_sgx=create_rsa_key_pair_for_signing_manifest(); if(return_sgx!=0) { printf("Could not successfully create rsa key pair.\n"); fflush(stdout); return 0xFFFFFFFF; } printf("generated rsa key pair\n"); fflush(stdout); */ int sealed_file_fd = open("sealed_msg.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); if(sealed_file_fd == -1) { perror("\nError in opening or creating the file sealed_msg.txt - "); fflush(stderr); return 0xFFFFFFFF; } printf("\nSuccessfully opened a file to seal the apache signature keypair to.\n"); fflush(stdout); return_sgx = seal_message_to_file(sealed_file_fd, apache_signature_keypair_private, &expected_sealed_msg_size); if(return_sgx!=0 && return_sgx!=0xFFFFFFFF) { printf("Sealing SGX error %x", return_sgx); fflush(stdout); return return_sgx; } else if(return_sgx == 0xFFFFFFFF) { perror("Successful SGX sealing, but error in writing to a file or write returned 0 bytes because the disk was full etc.\n"); fflush(stdout); return return_sgx; } printf("\n Successfully sealed the plaintext %s to length 0x%x.\n", apache_signature_keypair_private.c_str(), expected_sealed_msg_size); fflush(stdout); return_sgx = local_attestation(DECRYPTOR_PORT, decryptor_mr_enclave, decryptor_mr_signer, expected_apache_mr_signer); if(return_sgx != 0) { if(return_sgx== 0xFFFFFFFF) { perror("\nCould not set up the socket: had the following error: "); fflush(stderr); } else { printf("\nHad the following error in SGX local attestation: %d", return_sgx); fflush(stdout); } return return_sgx; } printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT); fflush(stdout); sleep(50); printf("\n z z z z z z z z z z z z z (sleeping for a bit) z z z z z z z z (meant to emulate the '2nd' stage of validator, that will be rerun whenever Apache changes)\n"); return_sgx = unseal_message_from_file(sealed_file_fd, recovered_plaintext, &expected_sealed_msg_size); if(return_sgx!=0 && return_sgx!=0xFFFFFFFF) { printf("Successful read from file, but error in SGX unsealing: %x.\n", return_sgx); fflush(stdout); return return_sgx; } else if(return_sgx == 0xFFFFFFFF) { perror("\n Could not read the file.\n"); fflush(stdout); return return_sgx; } printf("\n Unsealed the keypair.\n"); fflush(stdout); std::string path("../apache/source/code/path"); return_internal = verify_apache(path, apache_signature_keypair_private); if(return_internal != 0) { printf("\nThe signed manifest was not created due to the above errors.\n"); fflush(stdout); return return_internal; } printf("Successfully verified the Apache enclave and signed its manifest.\n"); fflush(stdout); return 0; }