ZT_ORAMserver.cc 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <stdint.h>
  4. #include <unistd.h>
  5. #include <sys/types.h>
  6. #include <sys/stat.h>
  7. #include <fcntl.h>
  8. #include <cstring>
  9. #include <iostream>
  10. #include <map>
  11. #include <iterator>
  12. #include <openssl/ec.h>
  13. #include <openssl/ecdh.h>
  14. #include <openssl/ecdsa.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/evp.h>
  17. #include <openssl/err.h>
  18. #include <openssl/obj_mac.h>
  19. #include "pirserver.h"
  20. #include "ZeroTrace/Globals.hpp"
  21. #include "utils.h"
  22. #include "ZT.hpp"
  23. #define OBLIVIOUS_TYPE_LS 0
  24. #define MEM_MODE 0
  25. #define POPULATE_FLAG 0
  26. // SET ORAM TYPE:
  27. // ORAM_TYPE 0 = Path ORAM
  28. // 1 = Circuit ORAM
  29. #define ORAM_TYPE 0
  30. //if(ORAM_TYPE == 0)
  31. #define STASH_SIZE 150
  32. #define Z 4
  33. //else:
  34. // #define STASH_SIZE 10
  35. //TODO: When tinkering with CircuitORAM Z,
  36. // lookout for UTILIZATION_PARAMETER in LS
  37. // #define Z 2
  38. EC_KEY *ENCLAVE_PUBLIC_KEY = NULL;
  39. // ZT Spawn new ORAM command:
  40. // ZT_New(max_blocks, data_size, stash_size, oblivious, recursion_data_size, oram_type, Z);
  41. #define MAX_BLOCKS 1000
  42. #define OBLIVIOUS_TYPE_ORAM 1
  43. #define RECURSION_DATA_SIZE 64
  44. //ORAM Index size (uint32_t) so 4 bytes
  45. #define INDEX_SIZE 4
  46. //TODO: Fix PathORAM STASH_SIZE parameter
  47. // Fix CircuitORAM STASH_SIZE parameter
  48. // Pick STASH_SIZE parameter based on
  49. class ZT_ORAMServer : public PIRServer {
  50. private:
  51. string pubkey;
  52. uint32_t ZT_lsoram_iid;
  53. uint32_t ZT_oram_iid;
  54. uint32_t oram_index;
  55. public:
  56. ZT_ORAMServer();
  57. void initializeZeroTrace();
  58. virtual void get_params(string &params);
  59. virtual void store(const string &key, const string &value);
  60. //Helper functions for store:
  61. int encryptLSORAMRequest(EC_KEY* target_public_key, unsigned char *serialized_request,
  62. uint32_t request_size, unsigned char **encrypted_request, unsigned char **client_pubkey,
  63. uint32_t *pubkey_size_x, uint32_t *pubkey_size_y, unsigned char **ecdh_aes_key,
  64. unsigned char **iv, unsigned char **tag);
  65. int LSORAM_Insert(unsigned char *key, uint32_t key_size,
  66. unsigned char* value, uint32_t value_size);
  67. virtual bool lookup(const string &lookup_query, string &lookup_response);
  68. //Helper functions for lookup:
  69. };
  70. ZT_ORAMServer::ZT_ORAMServer() {
  71. initializeZeroTrace();
  72. ZT_lsoram_iid = ZT_New_LSORAM(MAX_BLOCKS, BLINDED_KEY_SIZE, INDEX_SIZE, MEM_MODE, OBLIVIOUS_TYPE_LS, POPULATE_FLAG);
  73. ZT_oram_iid = ZT_New(MAX_BLOCKS, DESCRIPTOR_MAX_SIZE, STASH_SIZE, OBLIVIOUS_TYPE_ORAM, RECURSION_DATA_SIZE, ORAM_TYPE, Z);
  74. oram_index = 0;
  75. }
  76. void ZT_ORAMServer::initializeZeroTrace() {
  77. // Variables for Enclave Public Key retrieval
  78. //fprintf(stderr, "ZT_LSORAMServer: init: Starting initializezerotrace \n");
  79. uint32_t max_buff_size = PRIME256V1_KEY_SIZE;
  80. unsigned char bin_x[PRIME256V1_KEY_SIZE], bin_y[PRIME256V1_KEY_SIZE], signature_r[PRIME256V1_KEY_SIZE], signature_s[PRIME256V1_KEY_SIZE];
  81. int8_t ret;
  82. ret = ZT_Initialize(bin_x, bin_y, signature_r, signature_s, max_buff_size);
  83. //fprintf(stderr, "ZT_LSORAMServer: init: After ZT_Initialize ret = %d \n",ret);
  84. EC_GROUP *curve;
  85. EC_KEY *enclave_verification_key = NULL;
  86. ECDSA_SIG *sig_enclave = ECDSA_SIG_new();
  87. BIGNUM *x, *y, *xh, *yh;
  88. BN_CTX *bn_ctx = BN_CTX_new();
  89. if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
  90. fprintf(stderr, "ZT_LSORAM: init: Setting EC_GROUP failed \n");
  91. EC_POINT *pub_point = EC_POINT_new(curve);
  92. //Verify the Enclave Public Key
  93. enclave_verification_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  94. xh = BN_bin2bn(hardcoded_verification_key_x, PRIME256V1_KEY_SIZE, NULL);
  95. yh = BN_bin2bn(hardcoded_verification_key_y, PRIME256V1_KEY_SIZE, NULL);
  96. EC_KEY_set_public_key_affine_coordinates(enclave_verification_key, xh, yh);
  97. unsigned char *serialized_public_key = (unsigned char*) malloc (PRIME256V1_KEY_SIZE*2);
  98. memcpy(serialized_public_key, bin_x, PRIME256V1_KEY_SIZE);
  99. memcpy(serialized_public_key + PRIME256V1_KEY_SIZE, bin_y, PRIME256V1_KEY_SIZE);
  100. sig_enclave->r = BN_bin2bn(signature_r, PRIME256V1_KEY_SIZE, NULL);
  101. sig_enclave->s = BN_bin2bn(signature_s, PRIME256V1_KEY_SIZE, NULL);
  102. ret = ECDSA_do_verify((const unsigned char*) serialized_public_key, PRIME256V1_KEY_SIZE*2, sig_enclave, enclave_verification_key);
  103. if(ret==1){
  104. //fprintf(stderr, "ZT_LSORAM: init: GetEnclavePublishedKey : Verification Successful! \n");
  105. }
  106. else{
  107. fprintf(stderr, "ZT_LSORAM: init: GetEnclavePublishedKey : Verification FAILED! \n");
  108. }
  109. //Load the Enclave Public Key
  110. ENCLAVE_PUBLIC_KEY = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  111. x = BN_bin2bn(bin_x, PRIME256V1_KEY_SIZE, NULL);
  112. y = BN_bin2bn(bin_y, PRIME256V1_KEY_SIZE, NULL);
  113. if(EC_POINT_set_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx)==0)
  114. fprintf(stderr, "ZT_LSORAMServer: EC_POINT_set_affine_coordinates FAILED \n");
  115. if(EC_KEY_set_public_key(ENCLAVE_PUBLIC_KEY, pub_point)==0)
  116. fprintf(stderr, "ZT_LSORAMServer: EC_KEY_set_public_key FAILED \n");
  117. BN_CTX_free(bn_ctx);
  118. pubkey.assign((const char*) serialized_public_key, 2*PRIME256V1_KEY_SIZE);
  119. free(serialized_public_key);
  120. fprintf(stderr, "ZT_LSORAMServer: Finished initializezerotrace, pubkey set \n");
  121. }
  122. void ZT_ORAMServer::get_params(string &params) {
  123. //Populate params with the enclave public key
  124. fprintf(stderr, "ZT_LSORAMServer: Started get_params(), params length = %ld\n", params.length());
  125. if(pubkey.empty())
  126. fprintf(stderr, "ZT_LSORAMServer: pubkey is empty when get_params is called. WHY? \n");
  127. params.assign(pubkey);
  128. fprintf(stderr, "ZT_LSORAMServer: Finished get_params(), params.length = %ld,\n", params.length());
  129. /*
  130. unsigned char *param_ptr = (unsigned char*) params.c_str();
  131. fprintf(stderr, "Param in ZT_LSORAMServer::get_params():");
  132. for(uint32_t i=0;i<params.length();i++){
  133. fprintf(stderr, "%02x", param_ptr[i]);
  134. }
  135. fprintf(stderr, "\n");
  136. fprintf(stderr, "ZT_LSORAMServer::ZT_instance_id = %d, params length = %ld\n", ZT_instance_id, params.length());
  137. */
  138. }
  139. /*
  140. Inputs: a target pub key, a seriailzed request and request size.
  141. Outputs: instantiates and populates:
  142. client_pubkey, aes_key (from target_pubkey and generated client_pubkey ECDH)
  143. iv, encrypted request and tag for the request
  144. */
  145. int ZT_ORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned char *serialized_request,
  146. uint32_t request_size, unsigned char **encrypted_request, unsigned char **client_pubkey,
  147. uint32_t *pubkey_size_x, uint32_t *pubkey_size_y, unsigned char **ecdh_aes_key,
  148. unsigned char **iv, unsigned char **tag){
  149. //Generate a new key
  150. EC_KEY *ephemeral_key = NULL;
  151. BIGNUM *x, *y;
  152. x = BN_new();
  153. y = BN_new();
  154. BN_CTX *bn_ctx = BN_CTX_new();
  155. const EC_GROUP *curve = NULL;
  156. if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
  157. fprintf(stderr, "ZT_LSORAMServer: Setting EC_GROUP failed \n");
  158. ephemeral_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  159. if(ephemeral_key==NULL)
  160. fprintf(stderr, "ZT_LSORAMServer: EC_KEY_new_by_curve_name Fail\n");
  161. int ret = EC_KEY_generate_key(ephemeral_key);
  162. if(ret!=1)
  163. fprintf(stderr, "ZT_LSORAMServer: EC_KEY_generate_key Fail\n");
  164. const EC_POINT *pub_point;
  165. pub_point = EC_KEY_get0_public_key((const EC_KEY *) ephemeral_key);
  166. if(pub_point == NULL)
  167. fprintf(stderr, "ZT_LSORAMServer: EC_KEY_get0_public_key Fail\n");
  168. ret = EC_POINT_get_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx);
  169. if(ret==0)
  170. fprintf(stderr, "ZT_LSORAMServer: EC_POINT_get_affine_coordinates_GFp Failed \n");
  171. unsigned char *bin_x, *bin_y;
  172. uint32_t size_bin_x = BN_num_bytes(x);
  173. uint32_t size_bin_y = BN_num_bytes(y);
  174. //fprintf(stderr, "ZT_LSORAMServer: (%d, %d)\n", size_bin_x, size_bin_y);
  175. bin_x = (unsigned char*) malloc(PRIME256V1_KEY_SIZE);
  176. bin_y = (unsigned char*) malloc(PRIME256V1_KEY_SIZE);
  177. BN_bn2bin(x, bin_x);
  178. BN_bn2bin(y, bin_y);
  179. *pubkey_size_x = size_bin_x;
  180. *pubkey_size_y = size_bin_y;
  181. *client_pubkey = (unsigned char*) malloc(size_bin_x + size_bin_y);
  182. memcpy(*client_pubkey, bin_x, size_bin_x);
  183. memcpy(*client_pubkey + size_bin_x, bin_y, size_bin_y);
  184. /*
  185. unsigned char *ptr = *client_pubkey;
  186. printf("Serialized Client's Public Key in encryptLSORAM :\n");
  187. for(int t = 0; t < size_bin_x; t++)
  188. printf("%02X", ptr[t]);
  189. printf("\n");
  190. printf("Serialized Client's Public Key in encryptLSORAM :\n");
  191. for(int t = 0; t < size_bin_y; t++)
  192. printf("%02X", ptr[size_bin_x + t]);
  193. printf("\n");
  194. */
  195. //fprintf(stderr, "ZT_LSORAMServer: Before ECDH_compute_key \n");
  196. uint32_t field_size = EC_GROUP_get_degree(EC_KEY_get0_group(target_public_key));
  197. uint32_t secret_len = (field_size+7)/8;
  198. unsigned char *secret = (unsigned char*) malloc(secret_len);
  199. //Returns a 32 byte secret
  200. secret_len = ECDH_compute_key(secret, secret_len, EC_KEY_get0_public_key(target_public_key),
  201. ephemeral_key, NULL);
  202. //fprintf(stderr, "ZT_LSORAMServer: Finished ECDH_compute_key \n");
  203. //Sample IV;
  204. *ecdh_aes_key = (unsigned char*) malloc (KEY_LENGTH);
  205. *iv = (unsigned char*) malloc (IV_LENGTH);
  206. memcpy(*ecdh_aes_key, secret, KEY_LENGTH);
  207. memcpy(*iv, secret + KEY_LENGTH, IV_LENGTH);
  208. /*
  209. unsigned char *ecdh_ptr = (unsigned char *) *ecdh_aes_key;
  210. unsigned char *iv_ptr = (unsigned char *) *iv;
  211. printf("KEY_LENGTH = %d\n", KEY_LENGTH);
  212. printf("ecdh_key computed by Client :\n");
  213. for(int t = 0; t < KEY_LENGTH; t++)
  214. printf("%02X", ecdh_ptr[t]);
  215. printf("\n");
  216. printf("iv computed by Client :\n");
  217. for(int t = 0; t < IV_LENGTH; t++)
  218. printf("%02X", iv_ptr[t]);
  219. printf("\n");
  220. */
  221. BN_CTX_free(bn_ctx);
  222. *encrypted_request = (unsigned char*) malloc (request_size);
  223. *tag = (unsigned char*) malloc (TAG_SIZE);
  224. uint32_t encrypted_request_size;
  225. /*
  226. printf("Request bytes before encrypting: \n");
  227. for(int t = 0; t < request_size; t++)
  228. printf("%02X", serialized_request[t]);
  229. printf("\n");
  230. */
  231. //fprintf(stderr, "ZT_LSORAMServer: Before AES_GCM_128_encrypt call \n");
  232. encrypted_request_size = AES_GCM_128_encrypt(serialized_request, request_size,
  233. NULL, 0, (unsigned char*) *ecdh_aes_key, (unsigned char*) *iv,
  234. IV_LENGTH, *encrypted_request, *tag);
  235. /*
  236. unsigned char*tag_ptr = *tag;
  237. printf("Tag bytes after encryption: \n");
  238. for(uint32_t t = 0; t < TAG_SIZE; t++)
  239. printf("%02X", tag_ptr[t]);
  240. printf("\n");
  241. printf("Request_size = %d, Encrypted_request_size = %d,\n", request_size, encrypted_request_size);
  242. printf("Request bytes after encrypting: \n");
  243. unsigned char *encrypted_ptr = (unsigned char*) *encrypted_request;
  244. for(uint32_t t = 0; t < encrypted_request_size; t++)
  245. printf("%02X", encrypted_ptr[t]);
  246. printf("\n");
  247. */
  248. return encrypted_request_size;
  249. }
  250. int ZT_ORAMServer::LSORAM_Insert(unsigned char *key, uint32_t key_size, unsigned char* value, uint32_t value_size){
  251. unsigned char *serialized_request, *encrypted_request, *tag_in;
  252. unsigned char *client_pubkey, *ecdh_aes_key, *iv;
  253. uint32_t pubkey_size_x, pubkey_size_y;
  254. uint32_t request_size = serializeLSORAMRequest(key, key_size, value, value_size, &serialized_request);
  255. //fprintf(stderr, "ZT_LSORAMServer: Before encryptLSORAMRequest\n");
  256. encryptLSORAMRequest(ENCLAVE_PUBLIC_KEY, serialized_request, request_size,
  257. &encrypted_request, &client_pubkey, &pubkey_size_x, &pubkey_size_y,
  258. &ecdh_aes_key, &iv, &tag_in);
  259. //fprintf(stderr, "ZT_LSORAMServer: After encryptLSORAMRequest\n");
  260. /*
  261. printf("Clientpubkey going into ZT_LSORAM_insert:\n");
  262. printf("X: :\n");
  263. for(int t = 0; t < 32; t++)
  264. printf("%02X", client_pubkey[t]);
  265. printf("\n");
  266. printf("Y :\n");
  267. for(int t = 0; t < 32; t++)
  268. printf("%02X", client_pubkey[32+t]);
  269. printf("\n");
  270. */
  271. //fprintf(stderr, "ZT_LSORAMServer: Before ZT_LSORAM_insert\n");
  272. ZT_HSORAM_insert(ZT_lsoram_iid, ZT_oram_iid, ORAM_TYPE, oram_index++, encrypted_request,
  273. request_size, tag_in, TAG_SIZE, client_pubkey, pubkey_size_x, pubkey_size_y);
  274. //fprintf(stderr, "ZT_LSORAMServer: After ZT_LSORAM_insert\n");
  275. free(serialized_request);
  276. return 1;
  277. }
  278. void ZT_ORAMServer::store(const string &key, const string &value){
  279. if (value.length() > 0) {
  280. //Create encrypted request with strings key, value
  281. unsigned char *key_ptr = (unsigned char*) key.c_str();
  282. unsigned char *value_ptr = (unsigned char*) value.c_str();
  283. //fprintf(stderr, "ZT_LSORAMServer: Starting store(), key.length= %ld, value.length = %ld\n", key.length(), value.length());
  284. LSORAM_Insert((unsigned char*) key.c_str(), BLINDED_KEY_SIZE,
  285. (unsigned char*) value.c_str(), DESCRIPTOR_MAX_SIZE);
  286. fprintf(stderr, "ZT_LSORAMServer: STORED HSDesc Key = ");
  287. for(uint32_t i = 0; i <32; i++){
  288. fprintf(stderr, "%02x", key_ptr[i]);
  289. }
  290. fprintf(stderr,"\n");
  291. fprintf(stderr, "ZT_LSORAMServer: STORED (First 32 bytes of ) HSDesc Value= ");
  292. for(uint64_t i = 0; i < 32; i++){
  293. fprintf(stderr, "%02x", value_ptr[i]);
  294. }
  295. fprintf(stderr,"\n");
  296. } else {
  297. //int8_t ZT_LSORAM_evict(uint32_t id, unsigned char *key, uint32_t key_size);
  298. }
  299. }
  300. /*
  301. In ZT_LSORAMClient lookup_query should be:
  302. encrypted_query||tag_in||pk_x_size||pk_y_size||client_pubkey
  303. where client_pubkey is of size pk_x_size+pk_y_size
  304. returns lookup_response:
  305. encrypted_response||tag_out
  306. */
  307. bool ZT_ORAMServer::lookup(const string &lookup_query, string &lookup_response) {
  308. fprintf(stderr, "ZT_LSORAMServer: Starting lookup() call\n");
  309. const char *lookup_query_cstr= lookup_query.c_str();
  310. fprintf(stderr, "ZT_LSORAMServer: lookup_query length = %ld\n", lookup_query.length());
  311. unsigned char *encrypted_query = (unsigned char*) malloc (BLINDED_KEY_SIZE);
  312. unsigned char *tag_in = (unsigned char*) malloc (TAG_SIZE);
  313. uint32_t pk_x_size;
  314. uint32_t pk_y_size;
  315. unsigned char *client_pubkey;
  316. fprintf(stderr, "ZT_LSORAMServer: Before parsing lookup_query_cstr\n");
  317. unsigned char *ptr = (unsigned char*) lookup_query_cstr;
  318. memcpy(encrypted_query, ptr, BLINDED_KEY_SIZE);
  319. ptr+=BLINDED_KEY_SIZE;
  320. memcpy(tag_in, ptr, TAG_SIZE);
  321. ptr+=TAG_SIZE;
  322. memcpy(&pk_x_size, ptr, sizeof(uint32_t));
  323. ptr+=sizeof(uint32_t);
  324. memcpy(&pk_y_size, ptr, sizeof(uint32_t));
  325. ptr+=sizeof(uint32_t);
  326. size_t expected_size = BLINDED_KEY_SIZE+TAG_SIZE+ 2*sizeof(uint32_t) +
  327. pk_x_size + pk_y_size;
  328. fprintf(stderr, "ZT_LSORAMServer: Before allocating client_pubkey call (%d,%d)\n", pk_x_size, pk_y_size);
  329. fprintf(stderr, "ZT_LSORAMServer: expected_size = %ld, lookup_query.length = %ld\n", expected_size, lookup_query.length());
  330. /*
  331. if(lookup_query.length()!=expected_size)
  332. fprintf(stderr, "ZT_LSORAMServer: Query size doesn't match KEY_SIZE + TAG_SIZE\n");
  333. return 0;
  334. */
  335. client_pubkey = (unsigned char*) malloc (pk_x_size+pk_y_size);
  336. memcpy(client_pubkey, ptr, (pk_x_size + pk_y_size));
  337. unsigned char *encrypted_response = (unsigned char*) malloc(DESCRIPTOR_MAX_SIZE);
  338. unsigned char *tag_out = (unsigned char*) malloc(TAG_SIZE);
  339. fprintf(stderr, "ZT_LSORAMServer: Before ZT_LSORAM_fetch() call\n");
  340. ZT_HSORAM_fetch(ZT_lsoram_iid, ZT_oram_iid, ORAM_TYPE, encrypted_query, BLINDED_KEY_SIZE,
  341. encrypted_response, DESCRIPTOR_MAX_SIZE, tag_in, tag_out, TAG_SIZE,
  342. client_pubkey, pk_x_size, pk_y_size);
  343. fprintf(stderr, "ZT_LSORAMServer: After ZT_LSORAM_fetch() call\n");
  344. lookup_response.assign((const char*) encrypted_response, DESCRIPTOR_MAX_SIZE);
  345. lookup_response.append((const char*) tag_out, TAG_SIZE);
  346. free(encrypted_response);
  347. free(tag_out);
  348. free(client_pubkey);
  349. free(encrypted_query);
  350. free(tag_in);
  351. fprintf(stderr, "ZT_LSORAMServer: Finished lookup() call\n");
  352. return 1;
  353. }
  354. int main(int argc, char **argv) {
  355. ZT_ORAMServer server;
  356. server.mainloop();
  357. return 0;
  358. }