#include #include #include #include #include #include #include #include #include "crypto.h" #include "ProtobufLAInitiator.h" #include "SealerWrapper.h" //#include "crypto.h" using namespace std; #define DECRYPTOR_PORT 3824 #define SGX_HASH_SIZE 32 int __ImageBase=0; int verify_apache(std::string& path, std::string& keypair) {return 0; } int main(int argc, char** argv) { uint8_t expected_apache_mr_signer[32] = {0}; std::string apache_signature_keypair_private("1234567890"); std::string apache_public_key; std::string apache_private_key2; // generate_rsa_keypair(apache_public_key, apache_private_key2); // uint8_t decryptor_mr_enclave[SGX_HASH_SIZE] = {0x1}; // uint8_t decryptor_mr_signer[SGX_HASH_SIZE] = {0x2}; uint32_t return_sgx; uint32_t return_internal; std::string recovered_plaintext; uint32_t expected_sealed_msg_size=0; FILE* fp = fopen("./apache_signature_keypair.pem", "w+"); if(fp == NULL) { perror("Could not create the file ./apache_signature_keypair.pem due to error: "); fflush(stderr); return 0xffffffff; } // RSA_signing_keypair rsa_signing_keypair(); return_internal = generate_rsa_keypair(fp, apache_public_key, apache_private_key2); //, expected_apache_mr_signer); if(return_internal !=0) { printf("Could not generate RSA keypair - error 0x%x\n", return_internal); fflush(stdout); return return_internal; } printf("Generated key pair - outside the fun\n"); fflush(stdout); int sealed_file_fd = open("sealed_msg.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR); if(sealed_file_fd == -1) { perror("\nError in opening or creating the file sealed_msg.txt - "); fflush(stderr); return 0xFFFFFFFF; } printf("\nSuccessfully opened a file to seal the apache signature keypair to.\n"); fflush(stdout); return_sgx = seal_message_to_file(sealed_file_fd, apache_signature_keypair_private, &expected_sealed_msg_size); if(return_sgx!=0 && return_sgx!=0xFFFFFFFF) { printf("Sealing SGX error %x", return_sgx); fflush(stdout); return return_sgx; } else if(return_sgx == 0xFFFFFFFF) { perror("Successful SGX sealing, but error in writing to a file or write returned 0 bytes because the disk was full etc.\n"); fflush(stdout); return return_sgx; } printf("\nSuccessfully sealed the plaintext %s to length 0x%x.\n", apache_signature_keypair_private.c_str(), expected_sealed_msg_size); fflush(stdout); return_sgx = local_attestation_initiator(DECRYPTOR_PORT); if(return_sgx != 0) { if(return_sgx== 0xFFFFFFFF) { perror("\nCould not set up the socket: had the following error: "); fflush(stderr); } else { printf("\nHad the following error in SGX local attestation: 0x%x", return_sgx); fflush(stdout); } return return_sgx; } printf("\nSuccessful LA with port %d.\n", DECRYPTOR_PORT); fflush(stdout); // sleep(50); printf("\n z z z z z z z z z z z z z (sleeping for a bit) z z z z z z z z (meant to emulate the '2nd' stage of validator, that will be rerun whenever Apache changes)\n"); return_sgx = unseal_message_from_file(sealed_file_fd, recovered_plaintext, &expected_sealed_msg_size); if(return_sgx!=0 && return_sgx!=0xFFFFFFFF) { printf("Successful read from file, but error in SGX unsealing: %x.\n", return_sgx); fflush(stdout); return return_sgx; } else if(return_sgx == 0xFFFFFFFF) { perror("\n Could not read the file.\n"); fflush(stdout); return return_sgx; } printf("\n Unsealed the keypair.\n"); fflush(stdout); std::string path("../apache/source/code/path"); return_internal = verify_apache(path, apache_signature_keypair_private); if(return_internal != 0) { printf("\nThe signed manifest was not created due to the above errors.\n"); fflush(stdout); return return_internal; } printf("Successfully verified the Apache enclave and signed its manifest.\n"); fflush(stdout); return 0; }