123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 |
- #include "sgx_eid.h"
- #define __STDC_FORMAT_MACROS
- #include <inttypes.h>
- #include "ProtobufLAMessages.h"
- #include <stdio.h>
- #include "sgx_trts.h"
- #include "sgx_utils.h"
- #include "error_codes.h"
- #include "sgx_ecp_types.h"
- #include "sgx_thread.h"
- #include <map>
- #include "sgx_dh.h"
- #include "dh_session_protocol.h"
- #include "sgx_tcrypto.h"
- #include "datatypes.h"
- #include "SgxProtobufLAInitiator_Transforms.h"
- #define MAX_SESSION_COUNT 16
- #define SGX_CAST(type, item) ((type)(item))
- #include <string.h>
- dh_session_t global_session_info;
- sgx_dh_session_t sgx_dh_session;
- // sgx_key_128bit_t dh_aek; // Session Key
- uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer);
- uint32_t process_protobuf_dh_msg1_generate_protobuf_dh_msg2(protobuf_sgx_dh_msg1_t& protobuf_msg1, protobuf_sgx_dh_msg2_t& protobuf_msg2, uint32_t* session_id)
- {
- sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1
- sgx_dh_msg2_t dh_msg2;
- memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t));
- uint32_t ret_status;
- if(decode_msg1_from_protobuf(protobuf_msg1, &dh_msg1)!=0)
- return -1;
- //Intialize the session as a session initiator
- ret_status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session);
- if(ret_status != SGX_SUCCESS)
- return ret_status;
- //Process the message 1 obtained from desination enclave and generate message 2
- ret_status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session);
- if(SGX_SUCCESS != ret_status)
- return ret_status;
- encode_msg2_to_protobuf(protobuf_msg2, &dh_msg2);
- return 0;
- }
- uint32_t process_protobuf_dh_msg3(protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id) {
- uint32_t ret_status;
- sgx_dh_msg3_t dh_msg3;
- sgx_key_128bit_t dh_aek; // Session Key
- sgx_dh_session_enclave_identity_t responder_identity;
- memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
- if(decode_msg3_from_protobuf(protobuf_msg3, &dh_msg3)!=0)
- return -1;
- //Process Message 3 obtained from the destination enclave
- ret_status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity);
- if(SGX_SUCCESS != ret_status)
- return ret_status;
- // Verify the identity of the destination enclave
- ret_status = verify_peer_enclave_trust(&responder_identity, NULL, NULL);
- if(ret_status != 0)
- return ret_status;
- memcpy(global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
- global_session_info.session_id = 1; // TODO: session_id;
- global_session_info.active.counter = 0;
- global_session_info.status = ACTIVE;
- memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
- return 0;
- }
- // TODO: Private function
- uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity, uint8_t* expected_mr_enclave, uint8_t* expected_mr_signer)
- {
- int count=0;
- if(!peer_enclave_identity)
- return INVALID_PARAMETER_ERROR;
- sgx_measurement_t actual_mr_enclave = peer_enclave_identity->mr_enclave;
- sgx_measurement_t actual_mr_signer = peer_enclave_identity->mr_signer;
- if(expected_mr_enclave != NULL)
- {
- for(count=0; count<SGX_HASH_SIZE; count++)
- {
- if( actual_mr_enclave.m[count] != expected_mr_enclave[count] )
- return ENCLAVE_TRUST_ERROR;
- }
- }
- if(expected_mr_signer !=NULL)
- {
- for(count=0; count<SGX_HASH_SIZE; count++)
- {
- if( actual_mr_signer.m[count] != expected_mr_signer[count] )
- return ENCLAVE_TRUST_ERROR; // TODO: Different error here.
- }
- }
- return SUCCESS;
- }
|