systemMain.cpp 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246
  1. #include <stdint.h>
  2. #include <string.h>
  3. #include <string>
  4. #include <unistd.h>
  5. #include <fcntl.h>
  6. #include <sys/types.h>
  7. #include <sys/stat.h>
  8. #include <stdio.h>
  9. #include "crypto.h"
  10. #include "SealerWrapper.h"
  11. #include "DeploymentStageLogic.h"
  12. using namespace std;
  13. #define DECRYPTOR_PORT 3824
  14. #define SGX_HASH_SIZE 32
  15. int __ImageBase=0;
  16. void sgx_foo(){};
  17. void sgx_bar(){};
  18. extern "C" const struct {
  19. size_t nr_ecall; // number of ECALLs
  20. struct {
  21. void *ecall_addr;
  22. uint8_t is_priv;
  23. } ecall_table [2];
  24. } g_ecall_table = {2, { { (void*)sgx_foo, 1}, { (void*)sgx_bar, 0} }};
  25. extern "C" const struct {
  26. // number of OCALLs (number of ECALLs can be found in ECALL table)
  27. size_t nr_ocall;
  28. // entry_table[m][n] = 1 iff. ECALL n is allowed in the OCALL m.
  29. uint8_t entry_table[3][2];
  30. } g_dyn_entry_table = {
  31. 3, {{0, 0}, {0, 1}, {1, 0}}
  32. };
  33. extern "C" uint32_t sgx_init_crypto_lib(uint64_t cpu_feature_indicator, uint32_t *cpuid_table)
  34. {
  35. return 0;
  36. }
  37. int sgx_is_within_enclave(const void *addr, size_t size)
  38. {
  39. return 1;
  40. }
  41. int verify_apache(std::string& path, std::string& keypair) {return 0; }
  42. void foo() //sigsegv_handler(int signo)
  43. {
  44. printf("foo hehe ---------------------\n");
  45. fflush(stdout);
  46. }
  47. int main(int argc, char** argv)
  48. {
  49. // signal(SIGSEGV, SIG_IGN); //sigsegv_handler);
  50. /*
  51. JavaVM *vm;
  52. JNIEnv *env;
  53. JavaVMInitArgs vm_args;
  54. jint res;
  55. jclass cls;
  56. jmethodID mid;
  57. jstring jstr;
  58. jobjectArray main_args;
  59. JavaVMOption* options = new JavaVMOption[7];
  60. options[0].optionString = "-Dpixy.home=/home/m2mazmud/pixy-master";
  61. options[1].optionString = "-Djava.class.path=/home/m2mazmud/pixy-master/lib:/home/m2mazmud/pixy-master/build/class";
  62. options[2].optionString = "-Xcheck:jni";
  63. options[3].optionString = "-Xms32m";
  64. options[4].optionString = "-Xmx128m";
  65. options[5].optionString = "-XX:MaxMetaspaceSize=128m";
  66. options[6].optionString = "-Xss256k";
  67. vm_args.options = options;
  68. vm_args.nOptions = 7;
  69. printf("Helloworld\n"); fflush(stdout);
  70. vm_args.ignoreUnrecognized = JNI_TRUE;
  71. vm_args.version = JNI_VERSION_1_8;
  72. // sleep(60);
  73. if (JNI_CreateJavaVM(&vm, (void **)&env, &vm_args) != JNI_OK) {
  74. delete options;
  75. printf("Failed to create Java VMn");
  76. return 1;
  77. }
  78. printf("WOO HOO CREATED JVM\n"); fflush(stdout);
  79. delete options;
  80. cls = (env)->FindClass("at/ac/tuwien/infosys/www/pixy/Checker");
  81. if (cls == NULL) {
  82. printf("Failed to find Main classn");
  83. return 1;
  84. }
  85. mid = (env)->GetStaticMethodID(cls, "main", "([Ljava/lang/String;)V");
  86. if (mid == NULL) {
  87. printf("Failed to find main functionnnnn");
  88. return 1;
  89. }
  90. printf("Hehehehe\n"); fflush(stdout);
  91. jclass classString = (env)->FindClass("java/lang/String");
  92. jstr = (env)->NewStringUTF("");
  93. main_args = (env)->NewObjectArray( 8, classString, jstr);
  94. (env)->SetObjectArrayElement( main_args, 0, (env)->NewStringUTF( "-aAvLf"));
  95. (env)->SetObjectArrayElement( main_args, 1, (env)->NewStringUTF( "-s"));
  96. (env)->SetObjectArrayElement( main_args, 2, (env)->NewStringUTF( "/home/m2mazmud/pixy-master/config/sinks_xss.txt"));
  97. (env)->SetObjectArrayElement( main_args, 3, (env)->NewStringUTF( "-o"));
  98. (env)->SetObjectArrayElement( main_args, 4, (env)->NewStringUTF( "/home/m2mazmud/pixy-master/sample_mitigator/results"));
  99. (env)->SetObjectArrayElement( main_args, 5, (env)->NewStringUTF( "-y"));
  100. (env)->SetObjectArrayElement( main_args, 6, (env)->NewStringUTF( "xss"));
  101. if(argc>=1)
  102. (env)->SetObjectArrayElement( main_args, 7, (env)->NewStringUTF( argv[1]));
  103. (env)->CallStaticVoidMethod( cls, mid, main_args);
  104. if((env)->ExceptionOccurred()) {
  105. (env)->ExceptionDescribe();
  106. (env)->ExceptionClear();
  107. printf("Exception occurred\n"); fflush(stdout);
  108. }
  109. /*
  110. printf("HELLOWORLD\n");fflush(stdout);
  111. // Py_SetProgramName("verifier");
  112. printf("HELLOWORLD 2\n"); fflush(stdout);
  113. Py_Initialize();
  114. printf("HELLOWORLD 3\n");fflush(stdout);
  115. PyRun_SimpleString("from time import time,ctime\n"
  116. "print 'Today is',ctime(time())\n");
  117. Py_Finalize();
  118. // return 0;
  119. */
  120. /*
  121. // uint8_t expected_apache_mr_signer[32] = {0};
  122. std::string apache_signature_keypair_private("1234567890");
  123. std::string apache_public_key;
  124. std::string apache_private_key2;
  125. // generate_rsa_keypair(apache_public_key, apache_private_key2);
  126. uint32_t return_sgx; uint32_t return_internal;
  127. std::string recovered_plaintext;
  128. uint32_t expected_sealed_msg_size=0;
  129. FILE* fp = fopen("./apache_signature_keypair.pem", "w+");
  130. if(fp == NULL)
  131. {
  132. perror("Could not create the file ./apache_signature_keypair.pem due to error: "); fflush(stderr); return 0xffffffff;
  133. }
  134. // RSA_signing_keypair rsa_signing_keypair();
  135. return_internal = generate_rsa_keypair(fp, apache_public_key, apache_private_key2); //, expected_apache_mr_signer);
  136. if(return_internal !=0)
  137. {
  138. printf("Could not generate RSA keypair - error 0x%x\n", return_internal); fflush(stdout); return return_internal;
  139. }
  140. printf("Generated key pair - outside the fun\n"); fflush(stdout);
  141. int sealed_file_fd = open("sealed_msg.txt", O_CREAT | O_RDWR, S_IRUSR | S_IWUSR);
  142. if(sealed_file_fd == -1)
  143. {
  144. perror("\nError in opening or creating the file sealed_msg.txt - ");
  145. fflush(stderr);
  146. return 0xFFFFFFFF;
  147. }
  148. printf("\nSuccessfully opened a file to seal the apache signature keypair to.\n");
  149. fflush(stdout);
  150. return_sgx = seal_message_to_file(sealed_file_fd, apache_signature_keypair_private, &expected_sealed_msg_size);
  151. if(return_sgx!=0 && return_sgx!=0xFFFFFFFF)
  152. {
  153. printf("Sealing SGX error %x", return_sgx);
  154. fflush(stdout);
  155. return return_sgx;
  156. }
  157. else if(return_sgx == 0xFFFFFFFF)
  158. {
  159. perror("Successful SGX sealing, but error in writing to a file or write returned 0 bytes because the disk was full etc.\n");
  160. fflush(stdout);
  161. return return_sgx;
  162. }
  163. printf("\nSuccessfully sealed the plaintext %s to length 0x%x.\n", apache_signature_keypair_private.c_str(), expected_sealed_msg_size);
  164. fflush(stdout);
  165. */
  166. uint8_t target_hash[32] = {0x54,0x24,0x5d,0x63,0x5c,0x8f,0xec,0xcf,0x37,0xb9,0xcf,0x9e,0xb8,0xd3,0x22,0x04,0x57,0x5b,0xb2,0xfc,0xa6,0xd3,0x11,0xfb,0x87,0xb7,0x01,0x06,0x2f,0x18,0x25,0xc1};
  167. DeploymentStageLogic deploymentStage;
  168. deploymentStage.set_target_hash(target_hash);
  169. printf("Setting up SOCKET:\n"); fflush(stdout);
  170. int fd = deploymentStage.set_up_socket_connect(DECRYPTOR_PORT);
  171. if(fd <= 0)
  172. // Set up an IPC channel for local attestation and post-LA messages.
  173. {
  174. printf("\nCould not set up the socket: had the following error: %d\n", fd);
  175. fflush(stdout);
  176. return fd;
  177. }
  178. printf("Starting main logic with fd: %d\n", fd); fflush(stdout);
  179. int ret_status = deploymentStage.main_logic(fd);
  180. if(ret_status != 0)
  181. return ret_status;
  182. /*
  183. // sleep(50);
  184. printf("\n z z z z z z z z z z z z z (sleeping for a bit) z z z z z z z z (meant to emulate the '2nd' stage of validator, that will be rerun whenever Apache changes)\n");
  185. return_sgx = unseal_message_from_file(sealed_file_fd, recovered_plaintext, &expected_sealed_msg_size);
  186. if(return_sgx!=0 && return_sgx!=0xFFFFFFFF)
  187. {
  188. printf("Successful read from file, but error in SGX unsealing: %x.\n", return_sgx);
  189. fflush(stdout);
  190. return return_sgx;
  191. }
  192. else if(return_sgx == 0xFFFFFFFF)
  193. {
  194. perror("\n Could not read the file.\n");
  195. fflush(stdout);
  196. return return_sgx;
  197. }
  198. printf("\n Unsealed the keypair.\n");
  199. fflush(stdout);
  200. std::string path("../apache/source/code/path");
  201. return_internal = verify_apache(path, apache_signature_keypair_private);
  202. if(return_internal != 0)
  203. {
  204. printf("\nThe signed manifest was not created due to the above errors.\n");
  205. fflush(stdout);
  206. return return_internal;
  207. }
  208. printf("Successfully verified the Apache enclave and signed its manifest.\n");
  209. fflush(stdout);
  210. */
  211. return 0;
  212. }