SgxProtobufLAInitiator.cpp 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160
  1. #include "sgx_eid.h"
  2. #define __STDC_FORMAT_MACROS
  3. #include <inttypes.h>
  4. #include "ProtobufLAMessages.h"
  5. #include <stdio.h>
  6. #include "sgx_trts.h"
  7. #include "sgx_utils.h"
  8. #include "error_codes.h"
  9. #include "sgx_ecp_types.h"
  10. #include "sgx_thread.h"
  11. #include <map>
  12. #include "sgx_dh.h"
  13. #include "dh_session_protocol.h"
  14. #include "sgx_tcrypto.h"
  15. #include "datatypes.h"
  16. #include "SgxProtobufLAInitiator_Transforms.h"
  17. #define MAX_SESSION_COUNT 16
  18. #define SGX_CAST(type, item) ((type)(item))
  19. #include <string.h>
  20. #include "crypto.h"
  21. #include "stdio.h"
  22. dh_session_t global_session_info;
  23. sgx_dh_session_t sgx_dh_session;
  24. // sgx_key_128bit_t dh_aek; // Session Key
  25. uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer);
  26. uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2, uint32_t* session_id)
  27. {
  28. sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
  29. sgx_dh_msg2_t dh_msg2;
  30. memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
  31. uint32_t ret_status;
  32. if(decode_msg1_from_protobuf(protobuf_msg1, &dh_msg1)!=0)
  33. return -1;
  34. //Intialize the session as a session initiator
  35. ret_status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
  36. if(ret_status != SGX_SUCCESS)
  37. return ret_status;
  38. //Process the message 1 obtained from desination enclave and generate message 2
  39. ret_status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
  40. if(SGX_SUCCESS != ret_status)
  41. return ret_status;
  42. encode_msg2_to_protobuf(protobuf_msg2, &dh_msg2);
  43. return 0;
  44. }
  45. uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id) {
  46. uint32_t ret_status;
  47. sgx_dh_msg3_t dh_msg3;
  48. sgx_key_128bit_t dh_aek; // Session Key
  49. sgx_dh_session_enclave_identity_t responder_identity;
  50. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  51. if(decode_msg3_from_protobuf(protobuf_msg3, &dh_msg3)!=0)
  52. return -1;
  53. //Process Message 3 obtained from the destination enclave
  54. ret_status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
  55. if(SGX_SUCCESS != ret_status)
  56. return ret_status;
  57. // Verify the identity of the destination enclave
  58. ret_status = verify_peer_enclave_trust(&responder_identity, NULL, NULL);
  59. if(ret_status != 0)
  60. return ret_status;
  61. memcpy(global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
  62. global_session_info.session_id = 1; // TODO: session_id;
  63. global_session_info.active.counter = 0;
  64. global_session_info.status = ACTIVE;
  65. memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
  66. return 0;
  67. }
  68. uint32_t generate_encrypted_rsa_keypair_hash(uint8_t* op_ciphertext, uint32_t* length)
  69. {
  70. uint8_t hash[32]={0x54,0x24,0x5d,0x63,0x5c,0x8f,0xec,0xcf,0x37,0xb9,0xcf,0x9e,0xb8,0xd3,0x22,0x04,0x57,0x5b,0xb2,0xfc,0xa6,0xd3,0x11,0xfb,0x87,0xb7,0x01,0x06,0x2f,0x18,0x25,0xc1};
  71. uint32_t return_status;
  72. unsigned char key[16]; uint32_t counter;
  73. for(counter=0;counter<16;counter++)
  74. key[counter]=global_session_info.active.AEK[counter];
  75. // return_status=generate_rsa_keypair_hash(hash);
  76. // if(return_status!=0)
  77. // return return_status;
  78. uint8_t tag[16];
  79. int ciphertext_len;// int plaintext_len=32;
  80. uint8_t iv[12];
  81. memset(iv, 0, 12);
  82. return_status=aes_cipher(1, key, iv, hash, 32, op_ciphertext, &ciphertext_len, tag);
  83. if(return_status == 0)
  84. {
  85. for(counter=0;counter<12;counter++)
  86. op_ciphertext[counter+ ciphertext_len] = iv[counter];
  87. for(counter=0;counter<16;counter++)
  88. op_ciphertext[counter+ ciphertext_len + 12] = tag[counter];
  89. ciphertext_len+=28;
  90. *length=ciphertext_len;
  91. }
  92. for(counter=0;counter<32;counter++)
  93. {
  94. printf("0x%02x ", op_ciphertext[counter]);
  95. }
  96. printf("IV:\n");
  97. for(counter=32;counter<44;counter++)
  98. {
  99. printf("0x%02x ", op_ciphertext[counter]);
  100. }
  101. printf("Tag:\n");
  102. for(counter=44;counter<60;counter++)
  103. {
  104. printf("0x%02x ", op_ciphertext[counter]);
  105. }
  106. printf("\n");
  107. fflush(stdout);
  108. return return_status;
  109. }
  110. // TODO: Private function
  111. uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer)
  112. {
  113. int count=0;
  114. if(!peer_enclave_identity)
  115. return INVALID_PARAMETER_ERROR;
  116. sgx_measurement_t actual_mr_enclave = peer_enclave_identity->mr_enclave;
  117. sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
  118. if(expected_mr_enclave != NULL)
  119. {
  120. for(count=0; count<SGX_HASH_SIZE; count++)
  121. {
  122. if( actual_mr_enclave.m[count] != expected_mr_enclave[count] )
  123. return ENCLAVE_TRUST_ERROR;
  124. }
  125. }
  126. if(expected_mr_signer !=NULL)
  127. {
  128. for(count=0; count<SGX_HASH_SIZE; count++)
  129. {
  130. if( actual_mr_signer.m[count] != expected_mr_signer[count] )
  131. return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
  132. }
  133. }
  134. return SUCCESS;
  135. }