ZT_LSORAMserver.cc 13 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408
  1. #include <stdio.h>
  2. #include <stdlib.h>
  3. #include <stdint.h>
  4. #include <unistd.h>
  5. #include <sys/types.h>
  6. #include <sys/stat.h>
  7. #include <fcntl.h>
  8. #include <cstring>
  9. #include <iostream>
  10. #include <map>
  11. #include <iterator>
  12. #include <openssl/ec.h>
  13. #include <openssl/ecdh.h>
  14. #include <openssl/ecdsa.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/evp.h>
  17. #include <openssl/err.h>
  18. #include <openssl/obj_mac.h>
  19. using std::map;
  20. #include "pirserver.h"
  21. #include "ZeroTrace/Globals.hpp"
  22. #include "utils.h"
  23. #include "ZT.hpp"
  24. EC_KEY *ENCLAVE_PUBLIC_KEY = NULL;
  25. // Not in use since we use a vector that can expand for LS ORAM
  26. #define START_NUM_BLOCKS 100
  27. //MEM_MODE 0 = INSIDE_PRM
  28. // 1 = OUTSIDE_PRM
  29. #define MEM_MODE 0
  30. //OBLIVIOUS_TYPE 0 = ACCESS_ONLY
  31. // 1 = FULL_OBLIVIOUS
  32. #define OBLIVIOUS_TYPE 0
  33. //POPULATE_FLAG is for populating the LSORAM with dummy records
  34. #define POPULATE_FLAG 0
  35. // TODO: Put everything above this point into a ZT_LSORAMServer.hpp
  36. class ZT_LSORAMServer : public PIRServer {
  37. private:
  38. string pubkey;
  39. uint32_t ZT_instance_id;
  40. map<string, string> table;
  41. public:
  42. ZT_LSORAMServer();
  43. void initializeZeroTrace(string &params);
  44. virtual void get_params(string &params);
  45. virtual void store(const string &key, const string &value);
  46. //Helper functions for store:
  47. int encryptLSORAMRequest(EC_KEY* target_public_key, unsigned char *serialized_request,
  48. uint32_t request_size, unsigned char **encrypted_request, unsigned char **client_pubkey,
  49. uint32_t *pubkey_size_x, uint32_t *pubkey_size_y, unsigned char **ecdh_aes_key,
  50. unsigned char **iv, unsigned char **tag);
  51. int LSORAM_Insert(uint32_t instance_id, unsigned char *key, uint32_t key_size,
  52. unsigned char* value, uint32_t value_size);
  53. virtual bool lookup(const string &lookup_query, string &lookup_response);
  54. //Helper functions for lookup:
  55. };
  56. ZT_LSORAMServer::ZT_LSORAMServer() {
  57. }
  58. void ZT_LSORAMServer::initializeZeroTrace(string &params) {
  59. // Variables for Enclave Public Key retrieval
  60. uint32_t max_buff_size = PRIME256V1_KEY_SIZE;
  61. unsigned char bin_x[PRIME256V1_KEY_SIZE], bin_y[PRIME256V1_KEY_SIZE], signature_r[PRIME256V1_KEY_SIZE], signature_s[PRIME256V1_KEY_SIZE];
  62. ZT_Initialize(bin_x, bin_y, signature_r, signature_s, max_buff_size);
  63. EC_GROUP *curve;
  64. EC_KEY *enclave_verification_key = NULL;
  65. ECDSA_SIG *sig_enclave = ECDSA_SIG_new();
  66. BIGNUM *x, *y, *xh, *yh;
  67. BN_CTX *bn_ctx = BN_CTX_new();
  68. int ret;
  69. if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
  70. printf("Setting EC_GROUP failed \n");
  71. EC_POINT *pub_point = EC_POINT_new(curve);
  72. //Verify the Enclave Public Key
  73. enclave_verification_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  74. xh = BN_bin2bn(hardcoded_verification_key_x, PRIME256V1_KEY_SIZE, NULL);
  75. yh = BN_bin2bn(hardcoded_verification_key_y, PRIME256V1_KEY_SIZE, NULL);
  76. EC_KEY_set_public_key_affine_coordinates(enclave_verification_key, xh, yh);
  77. unsigned char *serialized_public_key = (unsigned char*) malloc (PRIME256V1_KEY_SIZE*2);
  78. memcpy(serialized_public_key, bin_x, PRIME256V1_KEY_SIZE);
  79. memcpy(serialized_public_key + PRIME256V1_KEY_SIZE, bin_y, PRIME256V1_KEY_SIZE);
  80. sig_enclave->r = BN_bin2bn(signature_r, PRIME256V1_KEY_SIZE, NULL);
  81. sig_enclave->s = BN_bin2bn(signature_s, PRIME256V1_KEY_SIZE, NULL);
  82. ret = ECDSA_do_verify((const unsigned char*) serialized_public_key, PRIME256V1_KEY_SIZE*2, sig_enclave, enclave_verification_key);
  83. if(ret==1){
  84. printf("GetEnclavePublishedKey : Verification Successful! \n");
  85. }
  86. else{
  87. printf("GetEnclavePublishedKey : Verification FAILED! \n");
  88. }
  89. //Load the Enclave Public Key
  90. ENCLAVE_PUBLIC_KEY = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  91. x = BN_bin2bn(bin_x, PRIME256V1_KEY_SIZE, NULL);
  92. y = BN_bin2bn(bin_y, PRIME256V1_KEY_SIZE, NULL);
  93. if(EC_POINT_set_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx)==0)
  94. printf("EC_POINT_set_affine_coordinates FAILED \n");
  95. if(EC_KEY_set_public_key(ENCLAVE_PUBLIC_KEY, pub_point)==0)
  96. printf("EC_KEY_set_public_key FAILED \n");
  97. BN_CTX_free(bn_ctx);
  98. free(serialized_public_key);
  99. pubkey.assign((const char*) serialized_public_key, 2*PRIME256V1_KEY_SIZE);
  100. params.assign(pubkey);
  101. }
  102. void ZT_LSORAMServer::get_params(string &params) {
  103. //We get a string to populate with params, (which is just the public key)
  104. initializeZeroTrace(params);
  105. //NOTE: num_blocks doesn't make a difference for Access-only Oblivious LSORAM
  106. //ZT_instance_id = ZT_New_LSORAM(num_blocks, key_size, value_size, mode, oblivious_type, populate_flag);
  107. ZT_instance_id = ZT_New_LSORAM(START_NUM_BLOCKS, BLINDED_KEY_SIZE, DESCRIPTOR_MAX_SIZE, MEM_MODE, OBLIVIOUS_TYPE, POPULATE_FLAG);
  108. }
  109. /*
  110. Inputs: a target pub key, a seriailzed request and request size.
  111. Outputs: instantiates and populates:
  112. client_pubkey, aes_key (from target_pubkey and generated client_pubkey ECDH)
  113. iv, encrypted request and tag for the request
  114. */
  115. int ZT_LSORAMServer::encryptLSORAMRequest(EC_KEY* target_public_key, unsigned char *serialized_request,
  116. uint32_t request_size, unsigned char **encrypted_request, unsigned char **client_pubkey,
  117. uint32_t *pubkey_size_x, uint32_t *pubkey_size_y, unsigned char **ecdh_aes_key,
  118. unsigned char **iv, unsigned char **tag){
  119. //Generate a new key
  120. EC_KEY *ephemeral_key = NULL;
  121. BIGNUM *x, *y;
  122. x = BN_new();
  123. y = BN_new();
  124. BN_CTX *bn_ctx = BN_CTX_new();
  125. const EC_GROUP *curve = NULL;
  126. if(NULL == (curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)))
  127. printf("Setting EC_GROUP failed \n");
  128. ephemeral_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  129. if(ephemeral_key==NULL)
  130. printf("Client: EC_KEY_new_by_curve_name Fail\n");
  131. int ret = EC_KEY_generate_key(ephemeral_key);
  132. if(ret!=1)
  133. printf("Client: EC_KEY_generate_key Fail\n");
  134. const EC_POINT *pub_point;
  135. pub_point = EC_KEY_get0_public_key((const EC_KEY *) ephemeral_key);
  136. if(pub_point == NULL)
  137. printf("Client: EC_KEY_get0_public_key Fail\n");
  138. ret = EC_POINT_get_affine_coordinates_GFp(curve, pub_point, x, y, bn_ctx);
  139. if(ret==0)
  140. printf("Client: EC_POINT_get_affine_coordinates_GFp Failed \n");
  141. unsigned char *bin_x, *bin_y;
  142. uint32_t size_bin_x = BN_num_bytes(x);
  143. uint32_t size_bin_y = BN_num_bytes(y);
  144. printf("(%d, %d)\n", size_bin_x, size_bin_y);
  145. bin_x = (unsigned char*) malloc(EC_KEY_SIZE);
  146. bin_y = (unsigned char*) malloc(EC_KEY_SIZE);
  147. BN_bn2bin(x, bin_x);
  148. BN_bn2bin(y, bin_y);
  149. *pubkey_size_x = size_bin_x;
  150. *pubkey_size_y = size_bin_y;
  151. *client_pubkey = (unsigned char*) malloc(size_bin_x + size_bin_y);
  152. memcpy(*client_pubkey, bin_x, size_bin_x);
  153. memcpy(*client_pubkey + size_bin_x, bin_y, size_bin_y);
  154. /*
  155. unsigned char *ptr = *client_pubkey;
  156. printf("Serialized Client's Public Key in encryptLSORAM :\n");
  157. for(int t = 0; t < size_bin_x; t++)
  158. printf("%02X", ptr[t]);
  159. printf("\n");
  160. printf("Serialized Client's Public Key in encryptLSORAM :\n");
  161. for(int t = 0; t < size_bin_y; t++)
  162. printf("%02X", ptr[size_bin_x + t]);
  163. printf("\n");
  164. */
  165. uint32_t field_size = EC_GROUP_get_degree(EC_KEY_get0_group(target_public_key));
  166. uint32_t secret_len = (field_size+7)/8;
  167. unsigned char *secret = (unsigned char*) malloc(secret_len);
  168. //Returns a 32 byte secret
  169. secret_len = ECDH_compute_key(secret, secret_len, EC_KEY_get0_public_key(target_public_key),
  170. ephemeral_key, NULL);
  171. //Sample IV;
  172. *ecdh_aes_key = (unsigned char*) malloc (KEY_LENGTH);
  173. *iv = (unsigned char*) malloc (IV_LENGTH);
  174. memcpy(*ecdh_aes_key, secret, KEY_LENGTH);
  175. memcpy(*iv, secret + KEY_LENGTH, IV_LENGTH);
  176. /*
  177. unsigned char *ecdh_ptr = (unsigned char *) *ecdh_aes_key;
  178. unsigned char *iv_ptr = (unsigned char *) *iv;
  179. printf("KEY_LENGTH = %d\n", KEY_LENGTH);
  180. printf("ecdh_key computed by Client :\n");
  181. for(int t = 0; t < KEY_LENGTH; t++)
  182. printf("%02X", ecdh_ptr[t]);
  183. printf("\n");
  184. printf("iv computed by Client :\n");
  185. for(int t = 0; t < IV_LENGTH; t++)
  186. printf("%02X", iv_ptr[t]);
  187. printf("\n");
  188. */
  189. BN_CTX_free(bn_ctx);
  190. *encrypted_request = (unsigned char*) malloc (request_size);
  191. *tag = (unsigned char*) malloc (TAG_SIZE);
  192. uint32_t encrypted_request_size;
  193. /*
  194. printf("Request bytes before encrypting: \n");
  195. for(int t = 0; t < request_size; t++)
  196. printf("%02X", serialized_request[t]);
  197. printf("\n");
  198. */
  199. encrypted_request_size = AES_GCM_128_encrypt(serialized_request, request_size,
  200. NULL, 0, (unsigned char*) *ecdh_aes_key, (unsigned char*) *iv,
  201. IV_LENGTH, *encrypted_request, *tag);
  202. /*
  203. unsigned char*tag_ptr = *tag;
  204. printf("Tag bytes after encryption: \n");
  205. for(uint32_t t = 0; t < TAG_SIZE; t++)
  206. printf("%02X", tag_ptr[t]);
  207. printf("\n");
  208. printf("Request_size = %d, Encrypted_request_size = %d,\n", request_size, encrypted_request_size);
  209. printf("Request bytes after encrypting: \n");
  210. unsigned char *encrypted_ptr = (unsigned char*) *encrypted_request;
  211. for(uint32_t t = 0; t < encrypted_request_size; t++)
  212. printf("%02X", encrypted_ptr[t]);
  213. printf("\n");
  214. */
  215. return encrypted_request_size;
  216. }
  217. int ZT_LSORAMServer::LSORAM_Insert(uint32_t instance_id, unsigned char *key, uint32_t key_size, unsigned char* value, uint32_t value_size){
  218. unsigned char *serialized_request, *encrypted_request, *tag_in;
  219. unsigned char *client_pubkey, *ecdh_aes_key, *iv;
  220. uint32_t pubkey_size_x, pubkey_size_y;
  221. uint32_t request_size = serializeLSORAMRequest(key, key_size, value, value_size, &serialized_request);
  222. encryptLSORAMRequest(ENCLAVE_PUBLIC_KEY, serialized_request, request_size,
  223. &encrypted_request, &client_pubkey, &pubkey_size_x, &pubkey_size_y,
  224. &ecdh_aes_key, &iv, &tag_in);
  225. /*
  226. printf("Clientpubkey going into ZT_LSORAM_insert:\n");
  227. printf("X: :\n");
  228. for(int t = 0; t < 32; t++)
  229. printf("%02X", client_pubkey[t]);
  230. printf("\n");
  231. printf("Y :\n");
  232. for(int t = 0; t < 32; t++)
  233. printf("%02X", client_pubkey[32+t]);
  234. printf("\n");
  235. */
  236. ZT_LSORAM_insert(instance_id, encrypted_request, request_size,
  237. tag_in, TAG_SIZE, client_pubkey, pubkey_size_x, pubkey_size_y);
  238. free(serialized_request);
  239. return 1;
  240. }
  241. void ZT_LSORAMServer::store(const string &key, const string &value){
  242. if (value.length() > 0) {
  243. //Create encrypted request with strings key, value
  244. LSORAM_Insert(ZT_instance_id, (unsigned char*) key.c_str(), BLINDED_KEY_SIZE,
  245. (unsigned char*) value.c_str(), DESCRIPTOR_MAX_SIZE);
  246. } else {
  247. //int8_t ZT_LSORAM_evict(uint32_t id, unsigned char *key, uint32_t key_size);
  248. }
  249. }
  250. /*
  251. int ZT_LSORAMServer::LSORAM_Fetch(uint32_t instance_id, unsigned char *key, uint32_t key_size, unsigned char* encrypted_value, uint32_t value_size){
  252. //value needs to be populated by ZT_LSORAM_fetch
  253. unsigned char *serialized_request, *encrypted_request, *tag_in;
  254. unsigned char *client_pubkey, *ecdh_aes_key, *iv, *response;
  255. uint32_t pubkey_size_x, pubkey_size_y;
  256. // Response buffer and tag, populated by the enclave
  257. unsigned char tag_out[TAG_SIZE];
  258. uint32_t request_size = serializeLSORAMRequest(key, key_size, encrypted_value, 0, &serialized_request);
  259. encryptLSORAMRequest(ENCLAVE_PUBLIC_KEY, serialized_request, request_size,
  260. &encrypted_request, &client_pubkey, &pubkey_size_x, &pubkey_size_y, &ecdh_aes_key, &iv, &tag_in);
  261. ZT_LSORAM_fetch(instance_id, encrypted_request, request_size,
  262. encrypted_value, value_size, tag_in, tag_out, TAG_SIZE,
  263. client_pubkey, pubkey_size_x, pubkey_size_y);
  264. free(serialized_request);
  265. }
  266. */
  267. /*
  268. In ZT_LSORAMClient lookup_query should be:
  269. encrypted_query||tag_in||pk_x_size||pk_y_size||client_pubkey
  270. where client_pubkey is of size pk_x_size+pk_y_size
  271. returns lookup_response:
  272. encrypted_response||tag_out
  273. */
  274. bool ZT_LSORAMServer::lookup(const string &lookup_query, string &lookup_response) {
  275. //TODO: Parse lookup_query and populate these:
  276. const char *lookup_query_cstr= lookup_query.c_str();
  277. unsigned char *encrypted_query = (unsigned char*) malloc (BLINDED_KEY_SIZE);
  278. unsigned char *tag_in = (unsigned char*) malloc (TAG_SIZE);
  279. uint32_t pk_x_size;
  280. uint32_t pk_y_size;
  281. unsigned char *client_pubkey;
  282. unsigned char *ptr = (unsigned char*) lookup_query_cstr;
  283. memcpy(encrypted_query, ptr, BLINDED_KEY_SIZE);
  284. ptr+=BLINDED_KEY_SIZE;
  285. memcpy(tag_in, ptr, TAG_SIZE);
  286. ptr+=TAG_SIZE;
  287. memcpy(&pk_x_size, ptr, sizeof(uint32_t));
  288. ptr+=sizeof(uint32_t);
  289. memcpy(&pk_y_size, ptr, sizeof(uint32_t));
  290. ptr+=sizeof(uint32_t);
  291. client_pubkey = (unsigned char*) malloc(pk_x_size+pk_y_size);
  292. memcpy(client_pubkey, ptr, pk_x_size+pk_y_size);
  293. uint32_t expected_size = BLINDED_KEY_SIZE+TAG_SIZE+ 2*sizeof(uint32_t) +
  294. pk_x_size + pk_y_size;
  295. if(lookup_query.length()!=expected_size)
  296. printf("Query size doesn't match KEY_SIZE + TAG_SIZE\n");
  297. return 0;
  298. unsigned char *encrypted_response = (unsigned char*) malloc(DESCRIPTOR_MAX_SIZE);
  299. unsigned char *tag_out = (unsigned char*) malloc(TAG_SIZE);
  300. ZT_LSORAM_fetch(ZT_instance_id, encrypted_query, BLINDED_KEY_SIZE,
  301. encrypted_response, DESCRIPTOR_MAX_SIZE, tag_in, tag_out, TAG_SIZE,
  302. client_pubkey, pk_x_size, pk_y_size);
  303. lookup_response.assign((const char*) encrypted_response, DESCRIPTOR_MAX_SIZE);
  304. lookup_response.append((const char*) tag_out, TAG_SIZE);
  305. free(encrypted_response);
  306. free(tag_out);
  307. free(client_pubkey);
  308. free(encrypted_query);
  309. free(tag_in);
  310. return 1;
  311. }
  312. int main(int argc, char **argv) {
  313. ZT_LSORAMServer server;
  314. server.mainloop();
  315. return 0;
  316. }