Home Explore Help
Sign In
miti
/
verifier
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 17eb69029c
Branches Tags
verifier
/
SgxProtobufLAInitiator.cpp

SgxProtobufLAInitiator.cpp 4.9 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. #include "sgx_eid.h"
    2. 

  2. #define __STDC_FORMAT_MACROS
    3. 

  3. #include <inttypes.h>
    4. 

  4. #include "ProtobufLAMessages.h"
    5. 

  5. #include <stdio.h>
    6. 

  6. 

  7. #include "sgx_trts.h"
    8. 

  8. #include "sgx_utils.h"
    9. 

  9. #include "error_codes.h"
    10. 

  10. #include "sgx_ecp_types.h"
    11. 

  11. #include "sgx_thread.h"
    12. 

  12. #include <map>
    13. 

  13. #include "sgx_dh.h"
    14. 

  14. #include "dh_session_protocol.h"
    15. 

  15. #include "sgx_tcrypto.h"
    16. 

  16. #include "datatypes.h"
    17. 

  17. #include "SgxProtobufLAInitiator_Transforms.h"
    18. 

  18. #define MAX_SESSION_COUNT  16
    19. 

  19. #define SGX_CAST(type, item) ((type)(item))
    20. 

  20. #include <string.h>
    21. 

  21. #include "crypto.h"
    22. 

  22. #include "stdio.h"
    23. 

  23. 

  24. dh_session_t global_session_info;
    25. 

  25. 

  26. sgx_dh_session_t sgx_dh_session;
    27. 

  27. //  sgx_key_128bit_t dh_aek;        // Session Key
    28. 

  28. 

  29. uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer);
    30. 

  30. 

  31. 

  32. uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2, uint32_t* session_id)
    33. 

  33. {
    34. 

  34.   sgx_dh_msg1_t dh_msg1;            //Diffie-Hellman Message 1
    35. 

  35.   sgx_dh_msg2_t dh_msg2;
    36. 

  36.   memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
    37. 

  37.   uint32_t ret_status;
    38. 

  38. 

  39.   if(decode_msg1_from_protobuf(protobuf_msg1, &dh_msg1)!=0)
    40. 

  40.     return -1;
    41. 

  41. 

  42.   //Intialize the session as a session initiator
    43. 

  43.   ret_status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
    44. 

  44.   if(ret_status != SGX_SUCCESS)
    45. 

  45.     return ret_status;
    46. 

  46. 

  47.   //Process the message 1 obtained from desination enclave and generate message 2
    48. 

  48.   ret_status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
    49. 

  49.   if(SGX_SUCCESS != ret_status)
    50. 

  50.     return ret_status;
    51. 

  51. 

  52.   encode_msg2_to_protobuf(protobuf_msg2, &dh_msg2);
    53. 

  53.   return 0;
    54. 

  54. }
    55. 

  55. 

  56. uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id) {
    57. 

  57. 

  58.   uint32_t ret_status;
    59. 

  59.   sgx_dh_msg3_t dh_msg3;
    60. 

  60.   sgx_key_128bit_t dh_aek;        // Session Key
    61. 

  61.   sgx_dh_session_enclave_identity_t responder_identity;
    62. 

  62. 

  63.   memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
    64. 

  64. 

  65.   if(decode_msg3_from_protobuf(protobuf_msg3, &dh_msg3)!=0)
    66. 

  66.     return -1;
    67. 

  67. 

  68.   //Process Message 3 obtained from the destination enclave
    69. 

  69.   ret_status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
    70. 

  70.   if(SGX_SUCCESS != ret_status)
    71. 

  71.     return ret_status;
    72. 

  72. 

  73.   // Verify the identity of the destination enclave
    74. 

  74.   ret_status = verify_peer_enclave_trust(&responder_identity, NULL, NULL);
    75. 

  75.   if(ret_status != 0)
    76. 

  76.     return ret_status;
    77. 

  77. 

  78.   memcpy(global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
    79. 

  79.   global_session_info.session_id = 1; // TODO: session_id;
    80. 

  80.   global_session_info.active.counter = 0;
    81. 

  81.   global_session_info.status = ACTIVE;
    82. 

  82.   memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
    83. 

  83. 

  84.   return 0;
    85. 

  85. }
    86. 

  86. 

  87. uint32_t generate_encrypted_rsa_keypair_hash()
    88. 

  88. {
    89. 

  89. 	uint8_t hash[32]; uint32_t return_status;
    90. 

  90. 	unsigned char key[16]; uint32_t count;
    91. 

  91. 	for(count=0;count<16;count++)
    92. 

  92. 		key[count]=global_session_info.active.AEK[count]; 
    93. 

  93. 	return_status=generate_rsa_keypair_hash(hash); 
    94. 

  94. 	if(return_status!=0)
    95. 

  95. 		return return_status; 
    96. 

  96. 	
    97. 

  97. 	uint8_t ciphertext[48]; uint8_t expected_plaintext[48]; 
    98. 

  98. 	uint8_t encryption_tag[16]; uint8_t decryption_tag[16]; 
    99. 

  99. 	int ciphertext_len=48; int plaintext_len=32;
    100. 

  100. 	uint8_t iv[12]; 
    101. 

  101. 	memset(ciphertext, 0, 48); memset(expected_plaintext, 0, 48); 
    102. 

  102. 	memset(iv, 0, 12);  memset(expected_plaintext, 0, 32); memset(encryption_tag, 0, 16); memset(decryption_tag, 0, 16); 
    103. 

  103. 	return_status=aes_cipher(1, key, iv, hash, 32, ciphertext,  &ciphertext_len, encryption_tag);
    104. 

  104. 	printf("ciphertext len: %d\n", ciphertext_len); fflush(stdout);
    105. 

  105. 	printf("Encryption return status: 0x%x", return_status);  fflush(stdout); 
    106. 

  106. 	return_status=aes_cipher(0, key, iv, ciphertext, ciphertext_len, expected_plaintext, &plaintext_len, encryption_tag); 
    107. 

  107. //	for(count=0;count<16;count++)
    108. 

  108. //	{
    109. 

  109. //		if(encryption_tag[count]!=decryption_tag[count])
    110. 

  110. //			return 0xFF;
    111. 

  111. //		printf("0x%x 0x%x ", encryption_tag[count], decryption_tag[count]);
    112. 

  112. //	}
    113. 

  113. //	printf("\n");
    114. 

  114. //	fflush(stdout); 
    115. 

  115. 	for(count=0;count<32;count++)
    116. 

  116. 	{
    117. 

  117. 		printf("0x%x 0x%x ", hash[count], expected_plaintext[count]);
    118. 

  118. //		if(hash[count]!=expected_plaintext[count])
    119. 

  119. //			return 0xFE;
    120. 

  120. 	}
    121. 

  121. 	fflush(stdout); 
    122. 

  122. 

  123. 	return return_status;
    124. 

  124. }
    125. 

  125. 

  126. // TODO: Private function
    127. 

  127. uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer)
    128. 

  128. {
    129. 

  129.   int count=0;
    130. 

  130.   if(!peer_enclave_identity)
    131. 

  131.     return INVALID_PARAMETER_ERROR;
    132. 

  132. 

  133.   sgx_measurement_t actual_mr_enclave = peer_enclave_identity->mr_enclave;
    134. 

  134.   sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
    135. 

  135. 

  136. 	if(expected_mr_enclave != NULL)
    137. 

  137. 	{
    138. 

  138. 		for(count=0; count<SGX_HASH_SIZE; count++)
    139. 

  139. 		{
    140. 

  140. 			if( actual_mr_enclave.m[count] != expected_mr_enclave[count] )
    141. 

  141. 			        return ENCLAVE_TRUST_ERROR;
    142. 

  142.   		}
    143. 

  143. 	}
    144. 

  144. 	if(expected_mr_signer !=NULL)
    145. 

  145. 	{
    146. 

  146. 		for(count=0; count<SGX_HASH_SIZE; count++)
    147. 

  147. 		{
    148. 

  148. 			if( actual_mr_signer.m[count] != expected_mr_signer[count] )
    149. 

  149. 			        return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
    150. 

  150. 		}
    151. 

  151. 	}
    152. 

  152. 

  153.   return SUCCESS;
    154. 

  154. }
    155.