|
|
@@ -48,11 +48,10 @@ class ZT_LSORAMServer : public PIRServer {
|
|
|
private:
|
|
|
string pubkey;
|
|
|
uint32_t ZT_instance_id;
|
|
|
- map<string, string> table;
|
|
|
|
|
|
public:
|
|
|
ZT_LSORAMServer();
|
|
|
- void initializeZeroTrace(string ¶ms);
|
|
|
+ void initializeZeroTrace();
|
|
|
|
|
|
virtual void get_params(string ¶ms);
|
|
|
|
|
|
@@ -76,25 +75,32 @@ public:
|
|
|
|
|
|
|
|
|
ZT_LSORAMServer::ZT_LSORAMServer() {
|
|
|
+ initializeZeroTrace();
|
|
|
+
|
|
|
+ //NOTE NUM_BLOCKS does not matter for Access_only oblivious LSORAM
|
|
|
+ ZT_instance_id = ZT_New_LSORAM(START_NUM_BLOCKS, BLINDED_KEY_SIZE, DESCRIPTOR_MAX_SIZE, MEM_MODE, OBLIVIOUS_TYPE, POPULATE_FLAG);
|
|
|
|
|
|
}
|
|
|
|
|
|
-void ZT_LSORAMServer::initializeZeroTrace(string ¶ms) {
|
|
|
- // Variables for Enclave Public Key retrieval
|
|
|
+void ZT_LSORAMServer::initializeZeroTrace() {
|
|
|
+ // Variables for Enclave Public Key retrieval
|
|
|
+
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: init: Starting initializezerotrace \n");
|
|
|
uint32_t max_buff_size = PRIME256V1_KEY_SIZE;
|
|
|
unsigned char bin_x[PRIME256V1_KEY_SIZE], bin_y[PRIME256V1_KEY_SIZE], signature_r[PRIME256V1_KEY_SIZE], signature_s[PRIME256V1_KEY_SIZE];
|
|
|
-
|
|
|
- ZT_Initialize(bin_x, bin_y, signature_r, signature_s, max_buff_size);
|
|
|
-
|
|
|
+
|
|
|
+ int8_t ret;
|
|
|
+ ret = ZT_Initialize(bin_x, bin_y, signature_r, signature_s, max_buff_size);
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: init: After ZT_Initialize ret = %d \n",ret);
|
|
|
+
|
|
|
EC_GROUP *curve;
|
|
|
EC_KEY *enclave_verification_key = NULL;
|
|
|
ECDSA_SIG *sig_enclave = ECDSA_SIG_new();
|
|
|
BIGNUM *x, *y, *xh, *yh;
|
|
|
BN_CTX *bn_ctx = BN_CTX_new();
|
|
|
- int ret;
|
|
|
|
|
|
if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
|
|
|
- printf("Setting EC_GROUP failed \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAM: init: Setting EC_GROUP failed \n");
|
|
|
|
|
|
EC_POINT *pub_point = EC_POINT_new(curve);
|
|
|
//Verify the Enclave Public Key
|
|
|
@@ -110,11 +116,12 @@ void ZT_LSORAMServer::initializeZeroTrace(string ¶ms) {
|
|
|
sig_enclave->s = BN_bin2bn(signature_s, PRIME256V1_KEY_SIZE, NULL);
|
|
|
|
|
|
ret = ECDSA_do_verify((const unsigned char*) serialized_public_key, PRIME256V1_KEY_SIZE*2, sig_enclave, enclave_verification_key);
|
|
|
+
|
|
|
if(ret==1){
|
|
|
- printf("GetEnclavePublishedKey : Verification Successful! \n");
|
|
|
+ //fprintf(stderr, "ZT_LSORAM: init: GetEnclavePublishedKey : Verification Successful! \n");
|
|
|
}
|
|
|
else{
|
|
|
- printf("GetEnclavePublishedKey : Verification FAILED! \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAM: init: GetEnclavePublishedKey : Verification FAILED! \n");
|
|
|
}
|
|
|
|
|
|
//Load the Enclave Public Key
|
|
|
@@ -123,26 +130,39 @@ void ZT_LSORAMServer::initializeZeroTrace(string ¶ms) {
|
|
|
x = BN_bin2bn(bin_x, PRIME256V1_KEY_SIZE, NULL);
|
|
|
y = BN_bin2bn(bin_y, PRIME256V1_KEY_SIZE, NULL);
|
|
|
if(EC_POINT_set_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx)==0)
|
|
|
- printf("EC_POINT_set_affine_coordinates FAILED \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_POINT_set_affine_coordinates FAILED \n");
|
|
|
|
|
|
if(EC_KEY_set_public_key(ENCLAVE_PUBLIC_KEY, pub_point)==0)
|
|
|
- printf("EC_KEY_set_public_key FAILED \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_KEY_set_public_key FAILED \n");
|
|
|
|
|
|
BN_CTX_free(bn_ctx);
|
|
|
- free(serialized_public_key);
|
|
|
pubkey.assign((const char*) serialized_public_key, 2*PRIME256V1_KEY_SIZE);
|
|
|
- params.assign(pubkey);
|
|
|
+ free(serialized_public_key);
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Finished initializezerotrace, pubkey set \n");
|
|
|
}
|
|
|
|
|
|
|
|
|
void ZT_LSORAMServer::get_params(string ¶ms) {
|
|
|
- //We get a string to populate with params, (which is just the public key)
|
|
|
- initializeZeroTrace(params);
|
|
|
-
|
|
|
- //NOTE: num_blocks doesn't make a difference for Access-only Oblivious LSORAM
|
|
|
- //ZT_instance_id = ZT_New_LSORAM(num_blocks, key_size, value_size, mode, oblivious_type, populate_flag);
|
|
|
+ //Populate params with the enclave public key
|
|
|
|
|
|
- ZT_instance_id = ZT_New_LSORAM(START_NUM_BLOCKS, BLINDED_KEY_SIZE, DESCRIPTOR_MAX_SIZE, MEM_MODE, OBLIVIOUS_TYPE, POPULATE_FLAG);
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Started get_params(), params length = %ld\n", params.length());
|
|
|
+ if(pubkey.empty())
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: pubkey is empty when get_params is called. WHY? \n");
|
|
|
+ params.assign(pubkey);
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Finished get_params(), params.length = %ld,\n", params.length());
|
|
|
+ /*
|
|
|
+ unsigned char *param_ptr = (unsigned char*) params.c_str();
|
|
|
+ fprintf(stderr, "Param in ZT_LSORAMServer::get_params():");
|
|
|
+ for(uint32_t i=0;i<params.length();i++){
|
|
|
+ fprintf(stderr, "%02x", param_ptr[i]);
|
|
|
+ }
|
|
|
+ fprintf(stderr, "\n");
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer::ZT_instance_id = %d, params length = %ld\n", ZT_instance_id, params.length());
|
|
|
+ */
|
|
|
}
|
|
|
|
|
|
|
|
|
@@ -167,31 +187,31 @@ int ZT_LSORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned ch
|
|
|
const EC_GROUP *curve = NULL;
|
|
|
|
|
|
if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
|
|
|
- printf("Setting EC_GROUP failed \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Setting EC_GROUP failed \n");
|
|
|
|
|
|
ephemeral_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
|
|
if(ephemeral_key==NULL)
|
|
|
- printf("Client: EC_KEY_new_by_curve_name Fail\n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_KEY_new_by_curve_name Fail\n");
|
|
|
|
|
|
int ret = EC_KEY_generate_key(ephemeral_key);
|
|
|
if(ret!=1)
|
|
|
- printf("Client: EC_KEY_generate_key Fail\n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_KEY_generate_key Fail\n");
|
|
|
|
|
|
const EC_POINT *pub_point;
|
|
|
pub_point = EC_KEY_get0_public_key((const EC_KEY *) ephemeral_key);
|
|
|
if(pub_point == NULL)
|
|
|
- printf("Client: EC_KEY_get0_public_key Fail\n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_KEY_get0_public_key Fail\n");
|
|
|
|
|
|
ret = EC_POINT_get_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx);
|
|
|
if(ret==0)
|
|
|
- printf("Client: EC_POINT_get_affine_coordinates_GFp Failed \n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: EC_POINT_get_affine_coordinates_GFp Failed \n");
|
|
|
|
|
|
unsigned char *bin_x, *bin_y;
|
|
|
uint32_t size_bin_x = BN_num_bytes(x);
|
|
|
uint32_t size_bin_y = BN_num_bytes(y);
|
|
|
- printf("(%d, %d)\n", size_bin_x, size_bin_y);
|
|
|
- bin_x = (unsigned char*) malloc(EC_KEY_SIZE);
|
|
|
- bin_y = (unsigned char*) malloc(EC_KEY_SIZE);
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: (%d, %d)\n", size_bin_x, size_bin_y);
|
|
|
+ bin_x = (unsigned char*) malloc(PRIME256V1_KEY_SIZE);
|
|
|
+ bin_y = (unsigned char*) malloc(PRIME256V1_KEY_SIZE);
|
|
|
BN_bn2bin(x, bin_x);
|
|
|
BN_bn2bin(y, bin_y);
|
|
|
*pubkey_size_x = size_bin_x;
|
|
|
@@ -212,6 +232,7 @@ int ZT_LSORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned ch
|
|
|
printf("\n");
|
|
|
*/
|
|
|
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Before ECDH_compute_key \n");
|
|
|
uint32_t field_size = EC_GROUP_get_degree(EC_KEY_get0_group(target_public_key));
|
|
|
uint32_t secret_len = (field_size+7)/8;
|
|
|
unsigned char *secret = (unsigned char*) malloc(secret_len);
|
|
|
@@ -219,6 +240,7 @@ int ZT_LSORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned ch
|
|
|
secret_len = ECDH_compute_key(secret, secret_len, EC_KEY_get0_public_key(target_public_key),
|
|
|
ephemeral_key, NULL);
|
|
|
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Finished ECDH_compute_key \n");
|
|
|
//Sample IV;
|
|
|
*ecdh_aes_key = (unsigned char*) malloc (KEY_LENGTH);
|
|
|
*iv = (unsigned char*) malloc (IV_LENGTH);
|
|
|
@@ -253,6 +275,9 @@ int ZT_LSORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned ch
|
|
|
printf("%02X", serialized_request[t]);
|
|
|
printf("\n");
|
|
|
*/
|
|
|
+
|
|
|
+
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Before AES_GCM_128_encrypt call \n");
|
|
|
encrypted_request_size = AES_GCM_128_encrypt(serialized_request, request_size,
|
|
|
NULL, 0, (unsigned char*) *ecdh_aes_key, (unsigned char*) *iv,
|
|
|
IV_LENGTH, *encrypted_request, *tag);
|
|
|
@@ -280,11 +305,13 @@ int ZT_LSORAMServer::LSORAM_Insert(uint32_t instance_id, unsigned char *key, uin
|
|
|
uint32_t pubkey_size_x, pubkey_size_y;
|
|
|
|
|
|
uint32_t request_size = serializeLSORAMRequest(key, key_size, value, value_size, &serialized_request);
|
|
|
+
|
|
|
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Before encryptLSORAMRequest\n");
|
|
|
encryptLSORAMRequest(ENCLAVE_PUBLIC_KEY, serialized_request, request_size,
|
|
|
&encrypted_request, &client_pubkey, &pubkey_size_x, &pubkey_size_y,
|
|
|
&ecdh_aes_key, &iv, &tag_in);
|
|
|
-
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: After encryptLSORAMRequest\n");
|
|
|
/*
|
|
|
printf("Clientpubkey going into ZT_LSORAM_insert:\n");
|
|
|
printf("X: :\n");
|
|
|
@@ -297,9 +324,11 @@ int ZT_LSORAMServer::LSORAM_Insert(uint32_t instance_id, unsigned char *key, uin
|
|
|
printf("\n");
|
|
|
*/
|
|
|
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Before ZT_LSORAM_insert\n");
|
|
|
ZT_LSORAM_insert(instance_id, encrypted_request, request_size,
|
|
|
tag_in, TAG_SIZE, client_pubkey, pubkey_size_x, pubkey_size_y);
|
|
|
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: After ZT_LSORAM_insert\n");
|
|
|
free(serialized_request);
|
|
|
return 1;
|
|
|
}
|
|
|
@@ -307,39 +336,31 @@ int ZT_LSORAMServer::LSORAM_Insert(uint32_t instance_id, unsigned char *key, uin
|
|
|
void ZT_LSORAMServer::store(const string &key, const string &value){
|
|
|
if (value.length() > 0) {
|
|
|
//Create encrypted request with strings key, value
|
|
|
-
|
|
|
+
|
|
|
+ unsigned char *key_ptr = (unsigned char*) key.c_str();
|
|
|
+ unsigned char *value_ptr = (unsigned char*) value.c_str();
|
|
|
+ //fprintf(stderr, "ZT_LSORAMServer: Starting store(), key.length= %ld, value.length = %ld\n", key.length(), value.length());
|
|
|
+
|
|
|
LSORAM_Insert(ZT_instance_id, (unsigned char*) key.c_str(), BLINDED_KEY_SIZE,
|
|
|
(unsigned char*) value.c_str(), DESCRIPTOR_MAX_SIZE);
|
|
|
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: STORED HSDesc Key = ");
|
|
|
+ for(uint32_t i = 0; i <32; i++){
|
|
|
+ fprintf(stderr, "%02x", key_ptr[i]);
|
|
|
+ }
|
|
|
+ fprintf(stderr,"\n");
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: STORED (First 32 bytes of ) HSDesc Value= ");
|
|
|
+ for(uint64_t i = 0; i < 32; i++){
|
|
|
+ fprintf(stderr, "%02x", value_ptr[i]);
|
|
|
+ }
|
|
|
+ fprintf(stderr,"\n");
|
|
|
+
|
|
|
} else {
|
|
|
//int8_t ZT_LSORAM_evict(uint32_t id, unsigned char *key, uint32_t key_size);
|
|
|
}
|
|
|
}
|
|
|
|
|
|
-/*
|
|
|
-int ZT_LSORAMServer::LSORAM_Fetch(uint32_t instance_id, unsigned char *key, uint32_t key_size, unsigned char* encrypted_value, uint32_t value_size){
|
|
|
- //value needs to be populated by ZT_LSORAM_fetch
|
|
|
- unsigned char *serialized_request, *encrypted_request, *tag_in;
|
|
|
- unsigned char *client_pubkey, *ecdh_aes_key, *iv, *response;
|
|
|
- uint32_t pubkey_size_x, pubkey_size_y;
|
|
|
-
|
|
|
- // Response buffer and tag, populated by the enclave
|
|
|
- unsigned char tag_out[TAG_SIZE];
|
|
|
-
|
|
|
- uint32_t request_size = serializeLSORAMRequest(key, key_size, encrypted_value, 0, &serialized_request);
|
|
|
-
|
|
|
- encryptLSORAMRequest(ENCLAVE_PUBLIC_KEY, serialized_request, request_size,
|
|
|
- &encrypted_request, &client_pubkey, &pubkey_size_x, &pubkey_size_y, &ecdh_aes_key, &iv, &tag_in);
|
|
|
-
|
|
|
-
|
|
|
- ZT_LSORAM_fetch(instance_id, encrypted_request, request_size,
|
|
|
- encrypted_value, value_size, tag_in, tag_out, TAG_SIZE,
|
|
|
- client_pubkey, pubkey_size_x, pubkey_size_y);
|
|
|
-
|
|
|
- free(serialized_request);
|
|
|
-}
|
|
|
-*/
|
|
|
-
|
|
|
|
|
|
/*
|
|
|
In ZT_LSORAMClient lookup_query should be:
|
|
|
@@ -352,15 +373,17 @@ int ZT_LSORAMServer::LSORAM_Fetch(uint32_t instance_id, unsigned char *key, uint
|
|
|
|
|
|
bool ZT_LSORAMServer::lookup(const string &lookup_query, string &lookup_response) {
|
|
|
|
|
|
-
|
|
|
- //TODO: Parse lookup_query and populate these:
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Starting lookup() call\n");
|
|
|
const char *lookup_query_cstr= lookup_query.c_str();
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: lookup_query length = %ld\n", lookup_query.length());
|
|
|
unsigned char *encrypted_query = (unsigned char*) malloc (BLINDED_KEY_SIZE);
|
|
|
unsigned char *tag_in = (unsigned char*) malloc (TAG_SIZE);
|
|
|
uint32_t pk_x_size;
|
|
|
uint32_t pk_y_size;
|
|
|
unsigned char *client_pubkey;
|
|
|
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Before parsing lookup_query_cstr\n");
|
|
|
unsigned char *ptr = (unsigned char*) lookup_query_cstr;
|
|
|
memcpy(encrypted_query, ptr, BLINDED_KEY_SIZE);
|
|
|
ptr+=BLINDED_KEY_SIZE;
|
|
|
@@ -370,23 +393,31 @@ bool ZT_LSORAMServer::lookup(const string &lookup_query, string &lookup_response
|
|
|
ptr+=sizeof(uint32_t);
|
|
|
memcpy(&pk_y_size, ptr, sizeof(uint32_t));
|
|
|
ptr+=sizeof(uint32_t);
|
|
|
- client_pubkey = (unsigned char*) malloc(pk_x_size+pk_y_size);
|
|
|
- memcpy(client_pubkey, ptr, pk_x_size+pk_y_size);
|
|
|
|
|
|
- uint32_t expected_size = BLINDED_KEY_SIZE+TAG_SIZE+ 2*sizeof(uint32_t) +
|
|
|
+ size_t expected_size = BLINDED_KEY_SIZE+TAG_SIZE+ 2*sizeof(uint32_t) +
|
|
|
pk_x_size + pk_y_size;
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Before allocating client_pubkey call (%d,%d)\n", pk_x_size, pk_y_size);
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: expected_size = %ld, lookup_query.length = %ld\n", expected_size, lookup_query.length());
|
|
|
|
|
|
+ /*
|
|
|
if(lookup_query.length()!=expected_size)
|
|
|
- printf("Query size doesn't match KEY_SIZE + TAG_SIZE\n");
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Query size doesn't match KEY_SIZE + TAG_SIZE\n");
|
|
|
return 0;
|
|
|
+ */
|
|
|
+
|
|
|
+ client_pubkey = (unsigned char*) malloc (pk_x_size+pk_y_size);
|
|
|
+ memcpy(client_pubkey, ptr, (pk_x_size + pk_y_size));
|
|
|
|
|
|
|
|
|
unsigned char *encrypted_response = (unsigned char*) malloc(DESCRIPTOR_MAX_SIZE);
|
|
|
unsigned char *tag_out = (unsigned char*) malloc(TAG_SIZE);
|
|
|
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Before ZT_LSORAM_fetch() call\n");
|
|
|
ZT_LSORAM_fetch(ZT_instance_id, encrypted_query, BLINDED_KEY_SIZE,
|
|
|
encrypted_response, DESCRIPTOR_MAX_SIZE, tag_in, tag_out, TAG_SIZE,
|
|
|
client_pubkey, pk_x_size, pk_y_size);
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: After ZT_LSORAM_fetch() call\n");
|
|
|
|
|
|
lookup_response.assign((const char*) encrypted_response, DESCRIPTOR_MAX_SIZE);
|
|
|
lookup_response.append((const char*) tag_out, TAG_SIZE);
|
|
|
@@ -396,6 +427,8 @@ bool ZT_LSORAMServer::lookup(const string &lookup_query, string &lookup_response
|
|
|
free(client_pubkey);
|
|
|
free(encrypted_query);
|
|
|
free(tag_in);
|
|
|
+
|
|
|
+ fprintf(stderr, "ZT_LSORAMServer: Finished lookup() call\n");
|
|
|
return 1;
|
|
|
}
|
|
|
|
sshsshy