SgxSealer.cpp 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. /*
  2. * Copyright (C) 2011-2017 Intel Corporation. All rights reserved.
  3. *
  4. * Redistribution and use in source and binary forms, with or without
  5. * modification, are permitted provided that the following conditions
  6. * are met:
  7. *
  8. * * Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions and the following disclaimer.
  10. * * Redistributions in binary form must reproduce the above copyright
  11. * notice, this list of conditions and the following disclaimer in
  12. * the documentation and/or other materials provided with the
  13. * distribution.
  14. * * Neither the name of Intel Corporation nor the names of its
  15. * contributors may be used to endorse or promote products derived
  16. * from this software without specific prior written permission.
  17. *
  18. * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  19. * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
  20. * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
  21. * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
  22. * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  23. * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  24. * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  25. * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  26. * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  27. * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  28. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  29. *
  30. */
  31. #include "sgx.h"
  32. #include "sgx_tseal.h" // For sgx_seal_data, sgx_calc_sealed_data_size, sgx_get_encrypt_txt_len, sgx_unseal_data
  33. #include <string>
  34. #include <stdlib.h>
  35. #include <string.h>
  36. #include <stdio.h>
  37. #include <vector>
  38. //class Sealer {
  39. uint32_t seal_message(std::string& plaintext_str, std::string& sgx_sealed_msg_str)
  40. {
  41. uint32_t ret;
  42. uint8_t* sgx_sealed_msg;
  43. uint32_t expected_sealed_msg_length;
  44. expected_sealed_msg_length = sgx_calc_sealed_data_size(0, 9);
  45. if(expected_sealed_msg_length == 0xFFFFFFFF)
  46. return 1;
  47. sgx_sealed_msg = (uint8_t*)malloc(expected_sealed_msg_length); // Doesn't change with protobufs - convert the data here to protobuf format after it is initialized
  48. ret = sgx_seal_data(0, NULL, 9, (uint8_t*) plaintext_str.c_str(), expected_sealed_msg_length, (sgx_sealed_data_t*) sgx_sealed_msg);
  49. sgx_sealed_msg_str = std::string((char*)sgx_sealed_msg, expected_sealed_msg_length); // TODO: Fishy conversion.
  50. free(sgx_sealed_msg);
  51. return ret;
  52. }
  53. uint32_t unseal_and_verify_sealed_message(std::string& sgx_sealed_msg_str, std::string& plaintext)
  54. {
  55. uint32_t ret = 0;
  56. uint8_t* sgx_sealed_msg;
  57. uint8_t* temp_plaintext;
  58. std::string protobuf_encoded_str; std::string decoded_plaintext;
  59. uint32_t sgx_counter_value;
  60. uint32_t expected_plaintext_msg_length;
  61. std::vector<uint8_t> sgx_sealed_msg_vector(sgx_sealed_msg_str.begin(), sgx_sealed_msg_str.end());// TODO: Add null termination?
  62. sgx_sealed_msg = &sgx_sealed_msg_vector[0];
  63. expected_plaintext_msg_length = sgx_get_encrypt_txt_len((sgx_sealed_data_t*)sgx_sealed_msg);
  64. if(expected_plaintext_msg_length == 0xffffffff)
  65. return 1;
  66. temp_plaintext = (uint8_t*)malloc( expected_plaintext_msg_length );
  67. ret = sgx_unseal_data((sgx_sealed_data_t*)sgx_sealed_msg, NULL, 0, temp_plaintext, &expected_plaintext_msg_length);
  68. if(ret != SGX_SUCCESS)
  69. {
  70. free(temp_plaintext);
  71. switch(ret)
  72. {
  73. case SGX_ERROR_MAC_MISMATCH:
  74. // MAC of the sealed data is incorrect. The sealed data has been tampered.
  75. break;
  76. case SGX_ERROR_INVALID_ATTRIBUTE:
  77. // Indicates attribute field of the sealed data is incorrect.
  78. break;
  79. case SGX_ERROR_INVALID_ISVSVN:
  80. // Indicates isv_svn field of the sealed data is greater than the enclave�s ISVSVN. This is a downgraded enclave.
  81. break;
  82. case SGX_ERROR_INVALID_CPUSVN:
  83. // Indicates cpu_svn field of the sealed data is greater than the platform�s cpu_svn. enclave is on a downgraded platform.
  84. break;
  85. case SGX_ERROR_INVALID_KEYNAME:
  86. // Indicates key_name field of the sealed data is incorrect.
  87. break;
  88. default:
  89. // other errors
  90. break;
  91. }
  92. return ret;
  93. }
  94. protobuf_encoded_str = std::string((char*)temp_plaintext, expected_plaintext_msg_length); // TODO: Fishy conversion.
  95. free(temp_plaintext);
  96. plaintext = protobuf_encoded_str;
  97. return ret;
  98. }
  99. //}