diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.cpp new file mode 100644 index 0000000..bfd0d6e --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.cpp @@ -0,0 +1,252 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include +#include +#include + +# include +# include +# define MAX_PATH FILENAME_MAX + +#include "sgx_urts.h" +#include "App.h" +#include "Enclave_u.h" + +/* Global EID shared by multiple threads */ +sgx_enclave_id_t global_eid = 0; + +typedef struct _sgx_errlist_t { + sgx_status_t err; + const char *msg; + const char *sug; /* Suggestion */ +} sgx_errlist_t; + +/* Error code returned by sgx_create_enclave */ +static sgx_errlist_t sgx_errlist[] = { + { + SGX_ERROR_UNEXPECTED, + "Unexpected error occurred.", + NULL + }, + { + SGX_ERROR_INVALID_PARAMETER, + "Invalid parameter.", + NULL + }, + { + SGX_ERROR_OUT_OF_MEMORY, + "Out of memory.", + NULL + }, + { + SGX_ERROR_ENCLAVE_LOST, + "Power transition occurred.", + "Please refer to the sample \"PowerTransition\" for details." + }, + { + SGX_ERROR_INVALID_ENCLAVE, + "Invalid enclave image.", + NULL + }, + { + SGX_ERROR_INVALID_ENCLAVE_ID, + "Invalid enclave identification.", + NULL + }, + { + SGX_ERROR_INVALID_SIGNATURE, + "Invalid enclave signature.", + NULL + }, + { + SGX_ERROR_OUT_OF_EPC, + "Out of EPC memory.", + NULL + }, + { + SGX_ERROR_NO_DEVICE, + "Invalid SGX device.", + "Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards." + }, + { + SGX_ERROR_MEMORY_MAP_CONFLICT, + "Memory map conflicted.", + NULL + }, + { + SGX_ERROR_INVALID_METADATA, + "Invalid enclave metadata.", + NULL + }, + { + SGX_ERROR_DEVICE_BUSY, + "SGX device was busy.", + NULL + }, + { + SGX_ERROR_INVALID_VERSION, + "Enclave version was invalid.", + NULL + }, + { + SGX_ERROR_INVALID_ATTRIBUTE, + "Enclave was not authorized.", + NULL + }, + { + SGX_ERROR_ENCLAVE_FILE_ACCESS, + "Can't open enclave file.", + NULL + }, +}; + +/* Check error conditions for loading enclave */ +void print_error_message(sgx_status_t ret) +{ + size_t idx = 0; + size_t ttl = sizeof sgx_errlist/sizeof sgx_errlist[0]; + + for (idx = 0; idx < ttl; idx++) { + if(ret == sgx_errlist[idx].err) { + if(NULL != sgx_errlist[idx].sug) + printf("Info: %s\n", sgx_errlist[idx].sug); + printf("Error: %s\n", sgx_errlist[idx].msg); + break; + } + } + + if (idx == ttl) + printf("Error code is 0x%X. Please refer to the \"Intel SGX SDK Developer Reference\" for more details.\n", ret); +} + +/* Initialize the enclave: + * Step 1: try to retrieve the launch token saved by last transaction + * Step 2: call sgx_create_enclave to initialize an enclave instance + * Step 3: save the launch token if it is updated + */ +int initialize_enclave(void) +{ + char token_path[MAX_PATH] = {'\0'}; + sgx_launch_token_t token = {0}; + sgx_status_t ret = SGX_ERROR_UNEXPECTED; + int updated = 0; + + /* Step 1: try to retrieve the launch token saved by last transaction + * if there is no token, then create a new one. + */ + /* try to get the token saved in $HOME */ + const char *home_dir = getpwuid(getuid())->pw_dir; + + if (home_dir != NULL && + (strlen(home_dir)+strlen("/")+sizeof(TOKEN_FILENAME)+1) <= MAX_PATH) { + /* compose the token path */ + strncpy(token_path, home_dir, strlen(home_dir)); + strncat(token_path, "/", strlen("/")); + strncat(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)+1); + } else { + /* if token path is too long or $HOME is NULL */ + strncpy(token_path, TOKEN_FILENAME, sizeof(TOKEN_FILENAME)); + } + + FILE *fp = fopen(token_path, "rb"); + if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) { + printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path); + } + + if (fp != NULL) { + /* read the token from saved file */ + size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp); + if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) { + /* if token is invalid, clear the buffer */ + memset(&token, 0x0, sizeof(sgx_launch_token_t)); + printf("Warning: Invalid launch token read from \"%s\".\n", token_path); + } + } + /* Step 2: call sgx_create_enclave to initialize an enclave instance */ + /* Debug Support: set 2nd parameter to 1 */ + ret = sgx_create_enclave(ENCLAVE_FILENAME, SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL); + if (ret != SGX_SUCCESS) { + print_error_message(ret); + if (fp != NULL) fclose(fp); + return -1; + } + + /* Step 3: save the launch token if it is updated */ + if (updated == FALSE || fp == NULL) { + /* if the token is not updated, or file handler is invalid, do not perform saving */ + if (fp != NULL) fclose(fp); + return 0; + } + + /* reopen the file with write capablity */ + fp = freopen(token_path, "wb", fp); + if (fp == NULL) return 0; + size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp); + if (write_num != sizeof(sgx_launch_token_t)) + printf("Warning: Failed to save launch token to \"%s\".\n", token_path); + fclose(fp); + return 0; +} + +/* OCall functions */ +void ocall_print_string(const char *str) +{ + /* Proxy/Bridge will check the length and null-terminate + * the input string to prevent buffer overflow. + */ + printf("%s", str); +} + + +/* Application entry */ +int SGX_CDECL main(int argc, char *argv[]) +{ + (void)(argc); + (void)(argv); + + + /* Initialize the enclave */ + if(initialize_enclave() < 0){ + printf("Enter a character before exit ...\n"); + getchar(); + return -1; + } + + printf_helloworld(global_eid); + + /* Destroy the enclave */ + sgx_destroy_enclave(global_eid); + + return 0; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.h new file mode 100644 index 0000000..bb0ef20 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/App/App.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef _APP_H_ +#define _APP_H_ + +#include +#include +#include +#include + +#include "sgx_error.h" /* sgx_status_t */ +#include "sgx_eid.h" /* sgx_enclave_id_t */ + +#ifndef TRUE +# define TRUE 1 +#endif + +#ifndef FALSE +# define FALSE 0 +#endif + +# define TOKEN_FILENAME "enclave.token" +# define ENCLAVE_FILENAME "enclave.signed.so" + +extern sgx_enclave_id_t global_eid; /* global enclave id */ + +#if defined(__cplusplus) +extern "C" { +#endif + +#if defined(__cplusplus) +} +#endif + +#endif /* !_APP_H_ */ diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.config.xml new file mode 100644 index 0000000..e94c9bc --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.cpp new file mode 100644 index 0000000..d13cdd2 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.cpp @@ -0,0 +1,57 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include +#include /* vsnprintf */ + +#include "Enclave.h" +#include "Enclave_t.h" /* print_string */ + +/* + * printf: + * Invokes OCALL to display the enclave buffer to the terminal. + */ +void printf(const char *fmt, ...) +{ + char buf[BUFSIZ] = {'\0'}; + va_list ap; + va_start(ap, fmt); + vsnprintf(buf, BUFSIZ, fmt, ap); + va_end(ap); + ocall_print_string(buf); +} + +void printf_helloworld() +{ + printf("Hello World\n"); +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.edl new file mode 100644 index 0000000..79495f0 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.edl @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/* Enclave.edl - Top EDL file. */ + +enclave { + + /* Import ECALL/OCALL from sub-directory EDLs. + * [from]: specifies the location of EDL file. + * [import]: specifies the functions to import, + * [*]: implies to import all functions. + */ + + trusted { + public void printf_helloworld(); + }; + + /* + * ocall_print_string - invokes OCALL to display string buffer inside the enclave. + * [in]: copy the string buffer to App outside. + * [string]: specifies 'str' is a NULL terminated buffer. + */ + untrusted { + void ocall_print_string([in, string] const char *str); + }; + +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.h new file mode 100644 index 0000000..e1ff7b3 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#ifndef _ENCLAVE_H_ +#define _ENCLAVE_H_ + +#include +#include + +#if defined(__cplusplus) +extern "C" { +#endif + +void printf(const char *fmt, ...); +void printf_helloworld(); + +#if defined(__cplusplus) +} +#endif + +#endif /* !_ENCLAVE_H_ */ diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.lds new file mode 100644 index 0000000..f5f35d5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave.lds @@ -0,0 +1,10 @@ +enclave.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave_private.pem new file mode 100644 index 0000000..529d07b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Enclave/Enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Makefile new file mode 100644 index 0000000..3f65718 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/HelloEnclave/Makefile @@ -0,0 +1,249 @@ +# +# Copyright (C) 2011-2018 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= HW +SGX_ARCH ?= x64 +SGX_DEBUG ?= 1 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +App_Cpp_Files := App/App.cpp +App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include + +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Cpp_Flags := $(App_C_Flags) -std=c++11 +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) + +App_Name := app + +######## Enclave Settings ######## + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +Enclave_Cpp_Files := Enclave/Enclave.cpp +Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx + +CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") +ifeq ($(CC_BELOW_4_9), 1) + Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector +else + Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong +endif + +Enclave_C_Flags += $(Enclave_Include_Paths) +Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. +Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections \ + -Wl,--version-script=Enclave/Enclave.lds + +Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) + +Enclave_Name := enclave.so +Signed_Enclave_Name := enclave.signed.so +Enclave_Config_File := Enclave/Enclave.config.xml + +ifeq ($(SGX_MODE), HW) +ifeq ($(SGX_DEBUG), 1) + Build_Mode = HW_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = HW_PRERELEASE +else + Build_Mode = HW_RELEASE +endif +else +ifeq ($(SGX_DEBUG), 1) + Build_Mode = SIM_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = SIM_PRERELEASE +else + Build_Mode = SIM_RELEASE +endif +endif + + +.PHONY: all run + +ifeq ($(Build_Mode), HW_RELEASE) +all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Enclave_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclave use the command:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" + @echo "You can also sign the enclave using an external signing tool." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: .config_$(Build_Mode)_$(SGX_ARCH) $(App_Name) $(Signed_Enclave_Name) +ifeq ($(Build_Mode), HW_DEBUG) + @echo "The project has been built in debug hardware mode." +else ifeq ($(Build_Mode), SIM_DEBUG) + @echo "The project has been built in debug simulation mode." +else ifeq ($(Build_Mode), HW_PRERELEASE) + @echo "The project has been built in pre-release hardware mode." +else ifeq ($(Build_Mode), SIM_PRERELEASE) + @echo "The project has been built in pre-release simulation mode." +else + @echo "The project has been built in release simulation mode." +endif +endif + +run: all +ifneq ($(Build_Mode), HW_RELEASE) + @$(CURDIR)/$(App_Name) + @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" +endif + +######## App Objects ######## + +App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl + @cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave_u.o: App/Enclave_u.c + @$(CC) $(App_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +App/%.o: App/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): App/Enclave_u.o $(App_Cpp_Objects) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + +.config_$(Build_Mode)_$(SGX_ARCH): + @rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* + @touch .config_$(Build_Mode)_$(SGX_ARCH) + +######## Enclave Objects ######## + +Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl + @cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave/Enclave_t.o: Enclave/Enclave_t.c + @$(CC) $(Enclave_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave/%.o: Enclave/%.cpp + @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) + @$(CXX) $^ -o $@ $(Enclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_Enclave_Name): $(Enclave_Name) + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) + @echo "SIGN => $@" + +.PHONY: clean + +clean: + @rm -f .config_* $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/.gitignore b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/.gitignore new file mode 100755 index 0000000..f46cf6e --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/.gitignore @@ -0,0 +1,55 @@ +# Prerequisites +*.d + +# Object files +*.o +*.ko +*.obj +*.elf + +# Linker output +*.ilk +*.map +*.exp + +# Precompiled Headers +*.gch +*.pch + +# Libraries +*.lib +*.a +*.la +*.lo + +# Shared objects (inc. Windows DLLs) +*.dll +*.so +*.so.* +*.dylib + +# Executables +*.exe +*.out +*.app +*.i*86 +*.x86_64 +*.hex + +# Debug files +*.dSYM/ +*.su +*.idb +*.pdb + +# Kernel Module Compile Results +*.mod* +*.cmd +.tmp_versions/ +modules.order +Module.symvers +Mkfile.old +dkms.conf + +# Apple .DS_Store files +.DS_Store diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/Makefile new file mode 100755 index 0000000..773ff47 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/Makefile @@ -0,0 +1,209 @@ +# +# Copyright (C) 2011-2016 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= SIM +SGX_ARCH ?= x64 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +App_Cpp_Files := app/app.cpp app/utils.cpp +App_Include_Paths := -Iapp -I$(SGX_SDK)/include -Iinclude -Itest + +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Cpp_Flags := $(App_C_Flags) -std=c++11 +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) + +App_Name := sgx-wallet + +######## Enclave Settings ######## + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +Enclave_Cpp_Files := enclave/enclave.cpp enclave/sealing/sealing.cpp +Enclave_Include_Paths := -Ienclave -Iinclude -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport + +Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) +Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ +Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 + # -Wl,--version-script=Enclave/Enclave.lds + +Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) + +Enclave_Name := enclave.so +Signed_Enclave_Name := enclave.signed.so +Enclave_Config_File := enclave/enclave.config.xml + +ifeq ($(SGX_MODE), HW) +ifneq ($(SGX_DEBUG), 1) +ifneq ($(SGX_PRERELEASE), 1) +Build_Mode = HW_RELEASE +endif +endif +endif + + +.PHONY: all run + +ifeq ($(Build_Mode), HW_RELEASE) +all: $(App_Name) $(Enclave_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclave use the command:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" + @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: $(App_Name) $(Signed_Enclave_Name) +endif + +run: all +ifneq ($(Build_Mode), HW_RELEASE) + @$(CURDIR)/$(App_Name) + @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" +endif + +######## App Objects ######## + +app/enclave_u.c: $(SGX_EDGER8R) enclave/enclave.edl + @cd app && $(SGX_EDGER8R) --untrusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +app/enclave_u.o: app/enclave_u.c + @$(CC) $(App_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +app/%.o: app/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): app/enclave_u.o $(App_Cpp_Objects) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + +######## Enclave Objects ######## + +enclave/enclave_t.c: $(SGX_EDGER8R) enclave/enclave.edl + @cd enclave && $(SGX_EDGER8R) --trusted ../enclave/enclave.edl --search-path ../enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +enclave/enclave_t.o: enclave/enclave_t.c + @$(CC) $(Enclave_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +enclave/%.o: enclave/%.cpp + @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(Enclave_Name): enclave/enclave_t.o $(Enclave_Cpp_Objects) + @$(CXX) $^ -o $@ $(Enclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_Enclave_Name): $(Enclave_Name) + @$(SGX_ENCLAVE_SIGNER) sign -key enclave/enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) + @echo "SIGN => $@" + +.PHONY: clean + +clean: + @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) app/enclave_u.* $(Enclave_Cpp_Objects) enclave/enclave_t.* diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.cpp new file mode 100755 index 0000000..f860f47 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.cpp @@ -0,0 +1,225 @@ +#include "enclave_u.h" +#include "sgx_urts.h" + +#include +#include +#include + +#include "app.h" +#include "utils.h" +#include "wallet.h" +#include "enclave.h" + +using namespace std; + + +// OCALLs implementation +int ocall_save_wallet(const uint8_t* sealed_data, const size_t sealed_size) { + ofstream file(WALLET_FILE, ios::out | ios::binary); + if (file.fail()) {return 1;} + file.write((const char*) sealed_data, sealed_size); + file.close(); + return 0; +} + +int ocall_load_wallet(uint8_t* sealed_data, const size_t sealed_size) { + ifstream file(WALLET_FILE, ios::in | ios::binary); + if (file.fail()) {return 1;} + file.read((char*) sealed_data, sealed_size); + file.close(); + return 0; +} + +int ocall_is_wallet(void) { + ifstream file(WALLET_FILE, ios::in | ios::binary); + if (file.fail()) {return 0;} // failure means no wallet found + file.close(); + return 1; +} + +int main(int argc, char** argv) { + + sgx_enclave_id_t eid = 0; + sgx_launch_token_t token = {0}; + int updated, ret; + sgx_status_t ecall_status, enclave_status; + + enclave_status = sgx_create_enclave(ENCLAVE_FILE, SGX_DEBUG_FLAG, &token, &updated, &eid, NULL); + if(enclave_status != SGX_SUCCESS) { + error_print("Fail to initialize enclave."); + return -1; + } + info_print("Enclave successfully initilised."); + + const char* options = "hvn:p:c:sax:y:z:r:"; + opterr=0; // prevent 'getopt' from printing err messages + char err_message[100]; + int opt, stop=0; + int h_flag=0, v_flag=0, s_flag=0, a_flag=0; + char * n_value=NULL, *p_value=NULL, *c_value=NULL, *x_value=NULL, *y_value=NULL, *z_value=NULL, *r_value=NULL; + + // read user input + while ((opt = getopt(argc, argv, options)) != -1) { + switch (opt) { + // help + case 'h': + h_flag = 1; + break; + + // create new wallet + case 'n': + n_value = optarg; + break; + + // master-password + case 'p': + p_value = optarg; + break; + + // change master-password + case 'c': + c_value = optarg; + break; + + // show wallet + case 's': + s_flag = 1; + break; + + // add item + case 'a': // add item flag + a_flag = 1; + break; + case 'x': // item's title + x_value = optarg; + break; + case 'y': // item's username + y_value = optarg; + break; + case 'z': // item's password + z_value = optarg; + break; + + // remove item + case 'r': + r_value = optarg; + break; + + // exceptions + case '?': + if (optopt == 'n' || optopt == 'p' || optopt == 'c' || optopt == 'r' || + optopt == 'x' || optopt == 'y' || optopt == 'z' + ) { + sprintf(err_message, "Option -%c requires an argument.", optopt); + } + else if (isprint(optopt)) { + sprintf(err_message, "Unknown option `-%c'.", optopt); + } + else { + sprintf(err_message, "Unknown option character `\\x%x'.",optopt); + } + stop = 1; + error_print(err_message); + error_print("Program exiting."); + break; + + default: + error_print("Unknown option."); + } + } + + // perform actions + if (stop != 1) { + // show help + if (h_flag) { + show_help(); + } + + // create new wallet + else if(n_value!=NULL) { + ecall_status = ecall_create_wallet(eid, &ret, n_value); + if (ecall_status != SGX_SUCCESS || is_error(ret)) { + error_print("Fail to create new wallet."); + } + else { + info_print("Wallet successfully created."); + } + } + + // change master-password + else if (p_value!=NULL && c_value!=NULL) { + ecall_status = ecall_change_master_password(eid, &ret, p_value, c_value); + if (ecall_status != SGX_SUCCESS || is_error(ret)) { + error_print("Fail change master-password."); + } + else { + info_print("Master-password successfully changed."); + } + } + + // show wallet + else if(p_value!=NULL && s_flag) { + wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t)); + ecall_status = ecall_show_wallet(eid, &ret, p_value, wallet, sizeof(wallet_t)); + if (ecall_status != SGX_SUCCESS || is_error(ret)) { + error_print("Fail to retrieve wallet."); + } + else { + info_print("Wallet successfully retrieved."); + print_wallet(wallet); + } + free(wallet); + } + + // add item + else if (p_value!=NULL && a_flag && x_value!=NULL && y_value!=NULL && z_value!=NULL) { + item_t* new_item = (item_t*)malloc(sizeof(item_t)); + strcpy(new_item->title, x_value); + strcpy(new_item->username, y_value); + strcpy(new_item->password, z_value); + ecall_status = ecall_add_item(eid, &ret, p_value, new_item, sizeof(item_t)); + if (ecall_status != SGX_SUCCESS || is_error(ret)) { + error_print("Fail to add new item to wallet."); + } + else { + info_print("Item successfully added to the wallet."); + } + free(new_item); + } + + // remove item + else if (p_value!=NULL && r_value!=NULL) { + char* p_end; + int index = (int)strtol(r_value, &p_end, 10); + if (r_value == p_end) { + error_print("Option -r requires an integer argument."); + } + else { + ecall_status = ecall_remove_item(eid, &ret, p_value, index); + if (ecall_status != SGX_SUCCESS || is_error(ret)) { + error_print("Fail to remove item."); + } + else { + info_print("Item successfully removed from the wallet."); + } + } + } + + // display help + else { + error_print("Wrong inputs."); + show_help(); + } + } + + // destroy enclave + enclave_status = sgx_destroy_enclave(eid); + if(enclave_status != SGX_SUCCESS) { + error_print("Fail to destroy enclave."); + return -1; + } + info_print("Enclave successfully destroyed."); + + info_print("Program exit success."); + return 0; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.h new file mode 100755 index 0000000..de3003a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/app.h @@ -0,0 +1,13 @@ +#ifndef APP_H_ +#define APP_H_ + + +/*************************************************** + * config. + ***************************************************/ +#define APP_NAME "sgx-wallet" +#define ENCLAVE_FILE "enclave.signed.so" +#define WALLET_FILE "wallet.seal" + + +#endif // APP_H_ \ No newline at end of file diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.cpp new file mode 100755 index 0000000..c032da3 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.cpp @@ -0,0 +1,101 @@ +#include +#include + +#include "utils.h" +#include "app.h" +#include "wallet.h" +#include "enclave.h" + +void info_print(const char* str) { + printf("[INFO] %s\n", str); +} + +void warning_print(const char* str) { + printf("[WARNING] %s\n", str); +} + +void error_print(const char* str) { + printf("[ERROR] %s\n", str); +} + +void print_wallet(const wallet_t* wallet) { + printf("\n-----------------------------------------\n\n"); + printf("Simple password wallet based on Intel SGX.\n\n"); + printf("Number of items: %lu\n\n", wallet->size); + for (int i = 0; i < wallet->size; ++i) { + printf("#%d -- %s\n", i, wallet->items[i].title); + printf("[username:] %s\n", wallet->items[i].username); + printf("[password:] %s\n", wallet->items[i].password); + printf("\n"); + } + printf("\n------------------------------------------\n\n"); +} + +int is_error(int error_code) { + char err_message[100]; + + // check error case + switch(error_code) { + case RET_SUCCESS: + return 0; + + case ERR_PASSWORD_OUT_OF_RANGE: + sprintf(err_message, "Password should be at least 8 characters long and at most %d.", MAX_ITEM_SIZE); + break; + + case ERR_WALLET_ALREADY_EXISTS: + sprintf(err_message, "Wallet already exists: delete file '%s' first.", WALLET_FILE); + break; + + case ERR_CANNOT_SAVE_WALLET: + strcpy(err_message, "Coud not save wallet."); + break; + + case ERR_CANNOT_LOAD_WALLET: + strcpy(err_message, "Coud not load wallet."); + break; + + case ERR_WRONG_MASTER_PASSWORD: + strcpy(err_message, "Wrong master password."); + break; + + case ERR_WALLET_FULL: + sprintf(err_message, "Wallet full (maximum number of item: %d).", MAX_ITEMS); + break; + + case ERR_ITEM_DOES_NOT_EXIST: + strcpy(err_message, "Item does not exist."); + break; + + case ERR_ITEM_TOO_LONG: + sprintf(err_message, "Item too longth (maximum size: %d).", MAX_ITEM_SIZE); + break; + + case ERR_FAIL_SEAL: + sprintf(err_message, "Fail to seal wallet."); + break; + + case ERR_FAIL_UNSEAL: + sprintf(err_message, "Fail to unseal wallet."); + break; + + default: + sprintf(err_message, "Unknown error."); + } + + // print error message + error_print(err_message); + return 1; +} + +void show_help() { + const char* command = "[-h Show this screen] [-v Show version] [-s Show wallet] " \ + "[-n master-password] [-p master-password -c new-master-password]" \ + "[-p master-password -a -x items_title -y items_username -z toitems_password]" \ + "[-p master-password -r items_index]"; + printf("\nusage: %s %s\n\n", APP_NAME, command); +} + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.h new file mode 100755 index 0000000..2ba36c8 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/app/utils.h @@ -0,0 +1,21 @@ +#ifndef UTIL_H_ +#define UTIL_H_ + +#include "wallet.h" + +void info_print(const char* str); + +void warning_print(const char* str); + +void error_print(const char* str); + +void print_wallet(const wallet_t* wallet); + +int is_error(int error_code); + +void show_help(); + +void show_version(); + + +#endif // UTIL_H_ \ No newline at end of file diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.config.xml new file mode 100755 index 0000000..a94d12f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.config.xml @@ -0,0 +1,12 @@ + + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.cpp new file mode 100755 index 0000000..ddb58ca --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.cpp @@ -0,0 +1,403 @@ +#include "enclave_t.h" +#include "string.h" + +#include "enclave.h" +#include "wallet.h" + +#include "sgx_tseal.h" +#include "sealing/sealing.h" + +int ecall_create_wallet(const char* master_password) { + + // + // OVERVIEW: + // 1. check password policy + // 2. [ocall] abort if wallet already exist + // 3. create wallet + // 4. seal wallet + // 5. [ocall] save wallet + // 6. exit enclave + // + // + sgx_status_t ocall_status, sealing_status; + int ocall_ret; + + + // 1. check passaword policy + if (strlen(master_password) < 8 || strlen(master_password)+1 > MAX_ITEM_SIZE) { + return ERR_PASSWORD_OUT_OF_RANGE; + } + + + // 2. abort if wallet already exist + ocall_status = ocall_is_wallet(&ocall_ret); + if (ocall_ret != 0) { + return ERR_WALLET_ALREADY_EXISTS; + } + + + // 3. create new wallet + wallet_t* wallet = (wallet_t*)malloc(sizeof(wallet_t)); + wallet->size = 0; + strncpy(wallet->master_password, master_password, strlen(master_password)+1); + + + // 4. seal wallet + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size); + free(wallet); + if (sealing_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_FAIL_SEAL; + } + + + // 5. save wallet + ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); + free(sealed_data); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + return ERR_CANNOT_SAVE_WALLET; + } + + + // 6. exit enclave + return RET_SUCCESS; +} + + +/** + * @brief Provides the wallet content. The sizes/length of + * pointers need to be specified, otherwise SGX will + * assume a count of 1 for all pointers. + * + */ +int ecall_show_wallet(const char* master_password, wallet_t* wallet, size_t wallet_size) { + + // + // OVERVIEW: + // 1. [ocall] load wallet + // 2. unseal wallet + // 3. verify master-password + // 4. return wallet to app + // 5. exit enclave + // + // + sgx_status_t ocall_status, sealing_status; + int ocall_ret; + + + + // 1. load wallet + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_CANNOT_LOAD_WALLET; + } + + + // 2. unseal loaded wallet + uint32_t plaintext_size = sizeof(wallet_t); + wallet_t* unsealed_wallet = (wallet_t*)malloc(plaintext_size); + sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, unsealed_wallet, plaintext_size); + free(sealed_data); + if (sealing_status != SGX_SUCCESS) { + free(unsealed_wallet); + return ERR_FAIL_UNSEAL; + } + + + // 3. verify master-password + if (strcmp(unsealed_wallet->master_password, master_password) != 0) { + free(unsealed_wallet); + return ERR_WRONG_MASTER_PASSWORD; + } + + + // 4. return wallet to app + (* wallet) = *unsealed_wallet; + free(unsealed_wallet); + + + // 5. exit enclave + return RET_SUCCESS; +} + + +/** + * @brief Changes the wallet's master-password. + * + */ +int ecall_change_master_password(const char* old_password, const char* new_password) { + + // + // OVERVIEW: + // 1. check password policy + // 2. [ocall] load wallet + // 3. unseal wallet + // 4. verify old password + // 5. update password + // 6. seal wallet + // 7. [ocall] save sealed wallet + // 8. exit enclave + // + // + sgx_status_t ocall_status, sealing_status; + int ocall_ret; + + + + // 1. check passaword policy + if (strlen(new_password) < 8 || strlen(new_password)+1 > MAX_ITEM_SIZE) { + return ERR_PASSWORD_OUT_OF_RANGE; + } + + + // 2. load wallet + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_CANNOT_LOAD_WALLET; + } + + + // 3. unseal wallet + uint32_t plaintext_size = sizeof(wallet_t); + wallet_t* wallet = (wallet_t*)malloc(plaintext_size); + sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size); + free(sealed_data); + if (sealing_status != SGX_SUCCESS) { + free(wallet); + return ERR_FAIL_UNSEAL; + } + + + // 4. verify master-password + if (strcmp(wallet->master_password, old_password) != 0) { + free(wallet); + return ERR_WRONG_MASTER_PASSWORD; + } + + + // 5. update password + strncpy(wallet->master_password, new_password, strlen(new_password)+1); + + + // 6. seal wallet + sealed_data = (uint8_t*)malloc(sealed_size); + sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size); + free(wallet); + if (sealing_status != SGX_SUCCESS) { + free(wallet); + free(sealed_data); + return ERR_FAIL_SEAL; + } + + + // 7. save wallet + ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); + free(sealed_data); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + return ERR_CANNOT_SAVE_WALLET; + } + + + // 6. exit enclave + return RET_SUCCESS; +} + + +/** + * @brief Adds an item to the wallet. The sizes/length of + * pointers need to be specified, otherwise SGX will + * assume a count of 1 for all pointers. + * + */ +int ecall_add_item(const char* master_password, const item_t* item, const size_t item_size) { + + // + // OVERVIEW: + // 1. [ocall] load wallet + // 2. unseal wallet + // 3. verify master-password + // 4. check input length + // 5. add item to the wallet + // 6. seal wallet + // 7. [ocall] save sealed wallet + // 8. exit enclave + // + // + sgx_status_t ocall_status, sealing_status; + int ocall_ret; + + + + // 2. load wallet + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_CANNOT_LOAD_WALLET; + } + + + // 3. unseal wallet + uint32_t plaintext_size = sizeof(wallet_t); + wallet_t* wallet = (wallet_t*)malloc(plaintext_size); + sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size); + free(sealed_data); + if (sealing_status != SGX_SUCCESS) { + free(wallet); + return ERR_FAIL_UNSEAL; + } + + + // 3. verify master-password + if (strcmp(wallet->master_password, master_password) != 0) { + free(wallet); + return ERR_WRONG_MASTER_PASSWORD; + } + + + // 4. check input length + if (strlen(item->title)+1 > MAX_ITEM_SIZE || + strlen(item->username)+1 > MAX_ITEM_SIZE || + strlen(item->password)+1 > MAX_ITEM_SIZE + ) { + free(wallet); + return ERR_ITEM_TOO_LONG; + } + + + // 5. add item to the wallet + size_t wallet_size = wallet->size; + if (wallet_size >= MAX_ITEMS) { + free(wallet); + return ERR_WALLET_FULL; + } + wallet->items[wallet_size] = *item; + ++wallet->size; + + + // 6. seal wallet + sealed_data = (uint8_t*)malloc(sealed_size); + sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size); + free(wallet); + if (sealing_status != SGX_SUCCESS) { + free(wallet); + free(sealed_data); + return ERR_FAIL_SEAL; + } + + + // 7. save wallet + ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); + free(sealed_data); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + return ERR_CANNOT_SAVE_WALLET; + } + + + // 8. exit enclave + return RET_SUCCESS; +} + + +/** + * @brief Removes an item from the wallet. The sizes/length of + * pointers need to be specified, otherwise SGX will + * assume a count of 1 for all pointers. + * + */ +int ecall_remove_item(const char* master_password, const int index) { + + // + // OVERVIEW: + // 1. check index bounds + // 2. [ocall] load wallet + // 3. unseal wallet + // 4. verify master-password + // 5. remove item from the wallet + // 6. seal wallet + // 7. [ocall] save sealed wallet + // 8. exit enclave + // + // + sgx_status_t ocall_status, sealing_status; + int ocall_ret; + + + + // 1. check index bounds + if (index < 0 || index >= MAX_ITEMS) { + return ERR_ITEM_DOES_NOT_EXIST; + } + + + // 2. load wallet + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(wallet_t); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + ocall_status = ocall_load_wallet(&ocall_ret, sealed_data, sealed_size); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_CANNOT_LOAD_WALLET; + } + + + // 3. unseal wallet + uint32_t plaintext_size = sizeof(wallet_t); + wallet_t* wallet = (wallet_t*)malloc(plaintext_size); + sealing_status = unseal_wallet((sgx_sealed_data_t*)sealed_data, wallet, plaintext_size); + free(sealed_data); + if (sealing_status != SGX_SUCCESS) { + free(wallet); + return ERR_FAIL_UNSEAL; + } + + + // 4. verify master-password + if (strcmp(wallet->master_password, master_password) != 0) { + free(wallet); + return ERR_WRONG_MASTER_PASSWORD; + } + + + // 5. remove item from the wallet + size_t wallet_size = wallet->size; + if (index >= wallet_size) { + free(wallet); + return ERR_ITEM_DOES_NOT_EXIST; + } + for (int i = index; i < wallet_size-1; ++i) { + wallet->items[i] = wallet->items[i+1]; + } + --wallet->size; + + + // 6. seal wallet + sealed_data = (uint8_t*)malloc(sealed_size); + sealing_status = seal_wallet(wallet, (sgx_sealed_data_t*)sealed_data, sealed_size); + free(wallet); + if (sealing_status != SGX_SUCCESS) { + free(sealed_data); + return ERR_FAIL_SEAL; + } + + + // 7. save wallet + ocall_status = ocall_save_wallet(&ocall_ret, sealed_data, sealed_size); + free(sealed_data); + if (ocall_ret != 0 || ocall_status != SGX_SUCCESS) { + return ERR_CANNOT_SAVE_WALLET; + } + + + // 8. exit enclave + return RET_SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.edl new file mode 100755 index 0000000..656380b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave.edl @@ -0,0 +1,53 @@ +enclave { + + // includes + include "wallet.h" + + + // define ECALLs + trusted { + + public int ecall_create_wallet( + [in, string]const char* master_password + ); + + public int ecall_show_wallet( + [in, string]const char* master_password, + [out, size=wallet_size] wallet_t* wallet, + size_t wallet_size + ); + + public int ecall_change_master_password( + [in, string]const char* old_password, + [in, string]const char* new_password + ); + + public int ecall_add_item( + [in, string]const char* master_password, + [in, size=item_size]const item_t* item, + size_t item_size + ); + + public int ecall_remove_item( + [in, string]const char* master_password, + int index + ); + }; + + + // define OCALLs + untrusted { + + int ocall_save_wallet( + [in, size=sealed_size]const uint8_t* sealed_data, + size_t sealed_size + ); + + int ocall_load_wallet( + [out, size=sealed_size]uint8_t* sealed_data, + size_t sealed_size + ); + + int ocall_is_wallet(void); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave_private.pem new file mode 100755 index 0000000..529d07b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.cpp new file mode 100755 index 0000000..e2c9aaa --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.cpp @@ -0,0 +1,15 @@ +#include "enclave_t.h" +#include "sgx_trts.h" +#include "sgx_tseal.h" + +#include "wallet.h" +#include "sealing.h" + +sgx_status_t seal_wallet(const wallet_t* wallet, sgx_sealed_data_t* sealed_data, size_t sealed_size) { + return sgx_seal_data(0, NULL, sizeof(wallet_t), (uint8_t*)wallet, sealed_size, sealed_data); +} + +sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size) { + return sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_size); +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.h new file mode 100755 index 0000000..c098b25 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/enclave/sealing/sealing.h @@ -0,0 +1,16 @@ +#ifndef SEALING_H_ +#define SEALING_H_ + +#include "sgx_trts.h" +#include "sgx_tseal.h" + +#include "wallet.h" + +sgx_status_t seal_wallet(const wallet_t* plaintext, sgx_sealed_data_t* sealed_data, size_t sealed_size); + +sgx_status_t unseal_wallet(const sgx_sealed_data_t* sealed_data, wallet_t* plaintext, uint32_t plaintext_size); + + +#endif // SEALING_H_ + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/enclave.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/enclave.h new file mode 100755 index 0000000..2b9e87b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/enclave.h @@ -0,0 +1,21 @@ +#ifndef ENCLAVE_H_ +#define ENCLAVE_H_ + + +/*************************************************** + * Enclave return codes + ***************************************************/ +#define RET_SUCCESS 0 +#define ERR_PASSWORD_OUT_OF_RANGE 1 +#define ERR_WALLET_ALREADY_EXISTS 2 +#define ERR_CANNOT_SAVE_WALLET 3 +#define ERR_CANNOT_LOAD_WALLET 4 +#define ERR_WRONG_MASTER_PASSWORD 5 +#define ERR_WALLET_FULL 6 +#define ERR_ITEM_DOES_NOT_EXIST 7 +#define ERR_ITEM_TOO_LONG 8 +#define ERR_FAIL_SEAL 9 +#define ERR_FAIL_UNSEAL 10 + + +#endif // ENCLAVE_H_ \ No newline at end of file diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/wallet.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/wallet.h new file mode 100755 index 0000000..f7b85cc --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/PasswordWallet/include/wallet.h @@ -0,0 +1,25 @@ +#ifndef WALLET_H_ +#define WALLET_H_ + +#define MAX_ITEMS 100 +#define MAX_ITEM_SIZE 100 + +// item +struct Item { + char title[MAX_ITEM_SIZE]; + char username[MAX_ITEM_SIZE]; + char password[MAX_ITEM_SIZE]; +}; +typedef struct Item item_t; + +// wallet +struct Wallet { + item_t items[MAX_ITEMS]; + size_t size; + char master_password[MAX_ITEM_SIZE]; +}; +typedef struct Wallet wallet_t; + + + +#endif // WALLET_H_ \ No newline at end of file diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.cproject b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.cproject new file mode 100644 index 0000000..12d5e29 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.cproject @@ -0,0 +1,216 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.project b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.project new file mode 100644 index 0000000..df8b1a4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.project @@ -0,0 +1,28 @@ + + + LocalAttestation + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + org.eclipse.cdt.core.ccnature + com.intel.sgx.sgxnature + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.settings/language.settings.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.settings/language.settings.xml new file mode 100644 index 0000000..bb1f922 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/.settings/language.settings.xml @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/App/App.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/App/App.cpp new file mode 100644 index 0000000..0cf3f5d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/App/App.cpp @@ -0,0 +1,150 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// App.cpp : Defines the entry point for the console application. +#include +#include +#include "../Enclave1/Enclave1_u.h" +#include "../Enclave2/Enclave2_u.h" +#include "../Enclave3/Enclave3_u.h" +#include "sgx_eid.h" +#include "sgx_urts.h" +#define __STDC_FORMAT_MACROS +#include + +#include +#include +#include + +#define UNUSED(val) (void)(val) +#define TCHAR char +#define _TCHAR char +#define _T(str) str +#define scanf_s scanf +#define _tmain main + +extern std::mapg_enclave_id_map; + + +sgx_enclave_id_t e1_enclave_id = 0; +sgx_enclave_id_t e2_enclave_id = 0; +sgx_enclave_id_t e3_enclave_id = 0; + +#define ENCLAVE1_PATH "libenclave1.so" +#define ENCLAVE2_PATH "libenclave2.so" +#define ENCLAVE3_PATH "libenclave3.so" + +void waitForKeyPress() +{ + char ch; + int temp; + printf("\n\nHit a key....\n"); + temp = scanf_s("%c", &ch); +} + +uint32_t load_enclaves() +{ + uint32_t enclave_temp_no; + int ret, launch_token_updated; + sgx_launch_token_t launch_token; + + enclave_temp_no = 0; + + ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL); + if (ret != SGX_SUCCESS) { + return ret; + } + + enclave_temp_no++; + g_enclave_id_map.insert(std::pair(e1_enclave_id, enclave_temp_no)); + + return SGX_SUCCESS; +} + +int _tmain(int argc, _TCHAR* argv[]) +{ + uint32_t ret_status; + sgx_status_t status; + + UNUSED(argc); + UNUSED(argv); + + if(load_enclaves() != SGX_SUCCESS) + { + printf("\nLoad Enclave Failure"); + } + + //printf("\nAvailable Enclaves"); + //printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id); + + // shared memory + key_t key = ftok("../..", 1); + int shmid = shmget(key, 1024, 0666|IPC_CREAT); + char *str = (char*)shmat(shmid, (void*)0, 0); + printf("[TEST IPC] Sending to Enclave2: Hello from Enclave1\n"); + strncpy(str, "Hello from Enclave1\n", 20); + shmdt(str); + + do + { + printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n"); + status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0); + status = SGX_SUCCESS; + if (status!=SGX_SUCCESS) + { + printf("[END] test_create_session Ecall failed: Error code is %x\n", status); + break; + } + else + { + if(ret_status==0) + { + printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n"); + } + else + { + printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status); + break; + } + } + +#pragma warning (push) +#pragma warning (disable : 4127) + }while(0); +#pragma warning (pop) + + sgx_destroy_enclave(e1_enclave_id); + + waitForKeyPress(); + + return 0; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.config.xml new file mode 100644 index 0000000..9554947 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.cpp new file mode 100644 index 0000000..6b44dc1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.cpp @@ -0,0 +1,367 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave1.cpp : Defines the exported functions for the .so application +#include "sgx_eid.h" +#include "Enclave1_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E1.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e1_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector) +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info); + + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t var1,var2; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + var1 = 0x4; + var2 = 0x5; + target_fn_id = 0; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + max_out_buff_size = 50; + + //Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer + ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id of Enclave2 passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the return value and output parameters from foo1 of Enclave 2 + ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the secret data into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + + +//Dispatcher function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} + +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + + +static uint32_t e1_foo1(external_param_struct_t *p_struct_var) +{ + if(!p_struct_var) + { + return INVALID_PARAMETER_ERROR; + } + (p_struct_var->var1)++; + (p_struct_var->var2)++; + (p_struct_var->p_internal_struct->ivar1)++; + (p_struct_var->p_internal_struct->ivar2)++; + + return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2); +} + +//Function which is executed on request from the source enclave +static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t ret; + size_t len_data, len_ptr_data; + external_param_struct_t *p_struct_var; + internal_param_struct_t internal_struct_var; + + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + + p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t)); + if(!p_struct_var) + return MALLOC_ERROR; + + p_struct_var->p_internal_struct = &internal_struct_var; + + if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack + { + SAFE_FREE(p_struct_var); + return ATTESTATION_ERROR; + } + + ret = e1_foo1(p_struct_var); + + len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct); + len_ptr_data = sizeof(internal_struct_var); + + if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return MALLOC_ERROR; + } + SAFE_FREE(p_struct_var); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.edl new file mode 100644 index 0000000..da2b6ab --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.edl @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; + +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.lds new file mode 100644 index 0000000..f2ee453 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1.lds @@ -0,0 +1,10 @@ +Enclave1.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1_private.pem new file mode 100644 index 0000000..75d7f88 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Enclave1_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0 +c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf +RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx +YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ +oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni +U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP +RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/ +Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ +5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa +brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy +d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB +3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR +YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN +Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy +/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex +4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme +KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/ +gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI +4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i +tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb +9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux +EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe +bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3 +OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde +rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg +OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ +cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw +gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx +E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW +h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi +qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg +1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P +cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2 +Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp +teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx +SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa +mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.cpp new file mode 100644 index 0000000..6b6aea6 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.cpp @@ -0,0 +1,222 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E1.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + + param_len = sizeof(var1)+sizeof(var2); + temp_buff = (char*)malloc(param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff,&var1,sizeof(var1)); + memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2)); + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + return MALLOC_ERROR; + + memcpy(*retval, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + +uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!pstruct || !ms) + return INVALID_PARAMETER_ERROR; + + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2))) + return ATTESTATION_ERROR; + + memcpy(&pstruct->var1, buff, sizeof(pstruct->var1)); + memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2)); + memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1)); + memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2)); + + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data) +{ + ms_out_msg_exchange_t *ms; + size_t param_len, ms_len, ret_param_len;; + char *temp_buff; + int* addr; + char* struct_data; + size_t retval_len; + + if(!resp_length || !p_struct_var) + return INVALID_PARAMETER_ERROR; + + retval_len = sizeof(retval); + struct_data = (char*)p_struct_var; + param_len = len_data + len_ptr_data; + ret_param_len = param_len + retval_len; + addr = *(int **)(struct_data + len_data); + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff, &retval, sizeof(retval)); + memcpy(temp_buff + sizeof(retval), struct_data, len_data); + memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.h new file mode 100644 index 0000000..c0d6373 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave1/Utility_E1.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E1_H__ +#define UTILITY_E1_H__ + +#include "stdint.h" + +typedef struct _internal_param_struct_t +{ + uint32_t ivar1; + uint32_t ivar2; +}internal_param_struct_t; + +typedef struct _external_param_struct_t +{ + uint32_t var1; + uint32_t var2; + internal_param_struct_t *p_internal_struct; +}external_param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval); +uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); +#ifdef __cplusplus + } +#endif +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.config.xml new file mode 100644 index 0000000..3ca2c12 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.cpp new file mode 100644 index 0000000..85e21b5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.cpp @@ -0,0 +1,339 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave2.cpp : Defines the exported functions for the DLL application +#include "sgx_eid.h" +#include "Enclave2_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E2.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e2_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info); + if(ke_status == SUCCESS) + { + //Insert the session information into the map under the corresponding destination enclave id + g_src_session_info_map.insert(std::pair(dest_enclave_id, dest_session_info)); + } + memset(&dest_session_info, 0, sizeof(dh_session_t)); + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + param_struct_t *p_struct_var, struct_var; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + max_out_buff_size = 50; + target_fn_id = 0; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + + struct_var.var1 = 0x3; + struct_var.var2 = 0x4; + p_struct_var = &struct_var; + + //Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer + ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the return value and output parameters from foo1 of Enclave3 + ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the secret data into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + +//Dispatch function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} + +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + +static uint32_t e2_foo1(uint32_t var1, uint32_t var2) +{ + return(var1 + var2); +} + +//Function which is executed on request from the source enclave +static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t var1,var2,ret; + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS) + return ATTESTATION_ERROR; + + ret = e2_foo1(var1, var2); + + if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS ) + return MALLOC_ERROR; //can set resp buffer to null here + + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.edl new file mode 100644 index 0000000..6886a82 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.edl @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.lds new file mode 100644 index 0000000..1507368 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2.lds @@ -0,0 +1,10 @@ +Enclave2.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2_private.pem new file mode 100644 index 0000000..529d07b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Enclave2_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.cpp new file mode 100644 index 0000000..b580758 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E2.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + if(!p_struct_var || !marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + param_len = sizeof(param_struct_t); + temp_buff = (char*)malloc(param_len); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + { + return MALLOC_ERROR; + } + memcpy(*retval, ms->ret_outparam_buff, retval_len); + memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1)); + memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2)); + return SUCCESS; +} + + +uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!var1 || !var2 || !ms) + return INVALID_PARAMETER_ERROR; + + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != (sizeof(*var1) + sizeof(*var2))) + return ATTESTATION_ERROR; + + memcpy(var1, buff, sizeof(*var1)); + memcpy(var2, buff + sizeof(*var1), sizeof(*var2)); + + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval) +{ + ms_out_msg_exchange_t *ms; + size_t ret_param_len, ms_len; + char *temp_buff; + size_t retval_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + retval_len = sizeof(retval); + ret_param_len = retval_len; //no out parameters + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff, &retval, sizeof(retval)); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.h new file mode 100644 index 0000000..e8b4aef --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave2/Utility_E2.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E2_H__ +#define UTILITY_E2_H__ +#include "stdint.h" + +typedef struct _param_struct_t +{ + uint32_t var1; + uint32_t var2; +}param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval); +uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); + +#ifdef __cplusplus + } +#endif +#endif + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.config.xml new file mode 100644 index 0000000..d5fcaa4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.cpp new file mode 100644 index 0000000..70e677d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.cpp @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave3.cpp : Defines the exported functions for the DLL application +#include "sgx_eid.h" +#include "Enclave3_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E3.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e3_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info); + if(ke_status == SUCCESS) + { + //Insert the session information into the map under the corresponding destination enclave id + g_src_session_info_map.insert(std::pair(dest_enclave_id, dest_session_info)); + } + memset(&dest_session_info, 0, sizeof(dh_session_t)); + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + external_param_struct_t *p_struct_var, struct_var; + internal_param_struct_t internal_struct_var; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + max_out_buff_size = 50; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + target_fn_id = 0; + internal_struct_var.ivar1 = 0x5; + internal_struct_var.ivar2 = 0x6; + struct_var.var1 = 0x3; + struct_var.var2 = 0x4; + struct_var.p_internal_struct = &internal_struct_var; + p_struct_var = &struct_var; + + size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct); + size_t len_ptr_data = sizeof(internal_struct_var); + + //Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer + ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data, + len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, + marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + ////Un-marshal the return value and output parameters from foo1 of Enclave1 + ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the parameters into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + + +//Dispatch function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + + +static uint32_t e3_foo1(param_struct_t *p_struct_var) +{ + if(!p_struct_var) + { + return INVALID_PARAMETER_ERROR; + } + p_struct_var->var1++; + p_struct_var->var2++; + + return(p_struct_var->var1 * p_struct_var->var2); +} + +//Function which is executed on request from the source enclave +static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t ret; + param_struct_t *p_struct_var; + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t)); + if(!p_struct_var) + return MALLOC_ERROR; + + if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return ATTESTATION_ERROR; + } + + ret = e3_foo1(p_struct_var); + + if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return MALLOC_ERROR; + } + SAFE_FREE(p_struct_var); + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.edl new file mode 100644 index 0000000..a850546 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.edl @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.lds new file mode 100644 index 0000000..5dc1d0a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3.lds @@ -0,0 +1,10 @@ +Enclave3.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3_private.pem new file mode 100644 index 0000000..b8ace89 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Enclave3_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph +BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H +XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU +trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA +uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf +yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU +vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE +zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw +ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F +I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13 +3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT +iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/ +oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko +UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN +r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q +4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5 +6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr +2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti +QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm +akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc +J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO +J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt +7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+ +5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A +IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv +HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk +6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+ +hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON +HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61 +gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I +D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF +gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg +EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI +TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx +qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy +UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI +9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/ +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.cpp new file mode 100644 index 0000000..0533cd5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.cpp @@ -0,0 +1,223 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E3.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + int* addr; + char* struct_data; + if(!p_struct_var || !marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + struct_data = (char*)p_struct_var; + temp_buff = (char*)malloc(len_data + len_ptr_data); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, struct_data, len_data); + addr = *(int **)(struct_data + len_data); + memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized + param_len = len_data + len_ptr_data; + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var) +{ + ms_out_msg_exchange_t *ms; + size_t ret_param_len, ms_len; + char *temp_buff; + size_t retval_len; + if(!resp_length || !p_struct_var) + return INVALID_PARAMETER_ERROR; + retval_len = sizeof(retval); + ret_param_len = sizeof(retval) + sizeof(param_struct_t); + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, &retval, sizeof(retval)); + memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t)); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!pstruct || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2))) + return ATTESTATION_ERROR; + + memcpy(&pstruct->var1, buff, sizeof(pstruct->var1)); + memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2)); + + return SUCCESS; +} + + +uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff || !p_struct_var) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + { + return MALLOC_ERROR; + } + memcpy(*retval, ms->ret_outparam_buff, retval_len); + memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1)); + memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2)); + memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1)); + memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2)); + return SUCCESS; +} + + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.h new file mode 100644 index 0000000..69327b4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Enclave3/Utility_E3.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E3_H__ +#define UTILITY_E3_H__ + +#include "stdint.h" + + +typedef struct _internal_param_struct_t +{ + uint32_t ivar1; + uint32_t ivar2; +}internal_param_struct_t; + +typedef struct _external_param_struct_t +{ + uint32_t var1; + uint32_t var2; + internal_param_struct_t *p_internal_struct; +}external_param_struct_t; + +typedef struct _param_struct_t +{ + uint32_t var1; + uint32_t var2; +}param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval); +uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); + +#ifdef __cplusplus + } +#endif +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Include/dh_session_protocol.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Include/dh_session_protocol.h new file mode 100644 index 0000000..7257b1f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Include/dh_session_protocol.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _DH_SESSION_PROROCOL_H +#define _DH_SESSION_PROROCOL_H + +#include "sgx_ecp_types.h" +#include "sgx_key.h" +#include "sgx_report.h" +#include "sgx_attributes.h" + +#define NONCE_SIZE 16 +#define MAC_SIZE 16 + +#define MSG_BUF_LEN sizeof(ec_pub_t)*2 +#define MSG_HASH_SZ 32 + + +//Session information structure +typedef struct _la_dh_session_t +{ + uint32_t session_id; //Identifies the current session + uint32_t status; //Indicates session is in progress, active or closed + union + { + struct + { + sgx_dh_session_t dh_session; + }in_progress; + + struct + { + sgx_key_128bit_t AEK; //Session Key + uint32_t counter; //Used to store Message Sequence Number + }active; + }; +} dh_session_t; + + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.cpp new file mode 100644 index 0000000..0eeb1f4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.cpp @@ -0,0 +1,726 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_trts.h" +#include "sgx_utils.h" +#include "EnclaveMessageExchange.h" +#include "sgx_eid.h" +#include "error_codes.h" +#include "sgx_ecp_types.h" +#include "sgx_thread.h" +#include +#include "dh_session_protocol.h" +#include "sgx_dh.h" +#include "sgx_tcrypto.h" +#include "LocalAttestationCode_t.h" + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length); +uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length); +uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity); + +#ifdef __cplusplus +} +#endif + +#define MAX_SESSION_COUNT 16 + +//number of open sessions +uint32_t g_session_count = 0; + +ATTESTATION_STATUS generate_session_id(uint32_t *session_id); +ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id); + +//Array of open session ids +session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT]; + +//Map between the source enclave id and the session information associated with that particular session +std::mapg_dest_session_info_map; + +//Create a session with the destination enclave +ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id, + dh_session_t *session_info) +{ + ocall_print_string("[ECALL] create_session()\n"); + sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1 + sgx_key_128bit_t dh_aek; // Session Key + sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2 + sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3 + uint32_t session_id; + uint32_t retstatus; + sgx_status_t status = SGX_SUCCESS; + sgx_dh_session_t sgx_dh_session; + sgx_dh_session_enclave_identity_t responder_identity; + + if(!session_info) + { + return INVALID_PARAMETER_ERROR; + } + + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t)); + memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t)); + memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t)); + memset(session_info, 0, sizeof(dh_session_t)); + + //Intialize the session as a session initiator + ocall_print_string("[ECALL] Initializing the session as session initiator...\n"); + status = sgx_dh_init_session(SGX_DH_SESSION_INITIATOR, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + return status; + } + + //Ocall to request for a session with the destination enclave and obtain session id and Message 1 if successful + status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + + ocall_print_string("[ECALL] Processing message1 obtained from Enclave2 and generate message2\n"); + status = sgx_dh_initiator_proc_msg1(&dh_msg1, &dh_msg2, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + return status; + } + + //Send Message 2 to Destination Enclave and get Message 3 in return + status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + + //Process Message 3 obtained from the destination enclave + ocall_print_string("[ECALL] Processing message3 obtained from Enclave3\n"); + status = sgx_dh_initiator_proc_msg3(&dh_msg3, &sgx_dh_session, &dh_aek, &responder_identity); + if(SGX_SUCCESS != status) + { + return status; + } + + // Verify the identity of the destination enclave + ocall_print_string("[ECALL] Verifying Encalve2(Responder)'s trust\n"); + if(verify_peer_enclave_trust(&responder_identity) != SUCCESS) + { + return INVALID_SESSION; + } + + memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t)); + session_info->session_id = session_id; + session_info->active.counter = 0; + session_info->status = ACTIVE; + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + return status; +} + +//Handle the request from Source Enclave for a session +ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id, + sgx_dh_msg1_t *dh_msg1, + uint32_t *session_id ) +{ + dh_session_t session_info; + sgx_dh_session_t sgx_dh_session; + sgx_status_t status = SGX_SUCCESS; + + if(!session_id || !dh_msg1) + { + return INVALID_PARAMETER_ERROR; + } + //Intialize the session as a session responder + status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + return status; + } + + //get a new SessionID + if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS) + return status; //no more sessions available + + //Allocate memory for the session id tracker + g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t)); + if(!g_session_id_tracker[*session_id]) + { + return MALLOC_ERROR; + } + + memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t)); + g_session_id_tracker[*session_id]->session_id = *session_id; + session_info.status = IN_PROGRESS; + + //Generate Message1 that will be returned to Source Enclave + status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + SAFE_FREE(g_session_id_tracker[*session_id]); + return status; + } + memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t)); + //Store the session information under the correspoding source enlave id key + g_dest_session_info_map.insert(std::pair(src_enclave_id, session_info)); + + return status; +} + +//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave +ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id, + sgx_dh_msg2_t *dh_msg2, + sgx_dh_msg3_t *dh_msg3, + uint32_t session_id) +{ + + sgx_key_128bit_t dh_aek; // Session key + dh_session_t *session_info; + ATTESTATION_STATUS status = SUCCESS; + sgx_dh_session_t sgx_dh_session; + sgx_dh_session_enclave_identity_t initiator_identity; + + if(!dh_msg2 || !dh_msg3) + { + return INVALID_PARAMETER_ERROR; + } + + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + do + { + //Retreive the session information for the corresponding source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = &it->second; + } + else + { + status = INVALID_SESSION; + break; + } + + if(session_info->status != IN_PROGRESS) + { + status = INVALID_SESSION; + break; + } + + memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t)); + + dh_msg3->msg3_body.additional_prop_length = 0; + //Process message 2 from source enclave and obtain message 3 + sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2, + dh_msg3, + &sgx_dh_session, + &dh_aek, + &initiator_identity); + if(SGX_SUCCESS != se_ret) + { + status = se_ret; + break; + } + + //Verify source enclave's trust + if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS) + { + return INVALID_SESSION; + } + + //save the session ID, status and initialize the session nonce + session_info->session_id = session_id; + session_info->status = ACTIVE; + session_info->active.counter = 0; + memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t)); + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + g_session_count++; + }while(0); + + if(status != SUCCESS) + { + end_session(src_enclave_id); + } + + return status; +} + +//Request for the response size, send the request message to the destination enclave and receive the response message back +ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id, + dh_session_t *session_info, + char *inp_buff, + size_t inp_buff_len, + size_t max_out_buff_size, + char **out_buff, + size_t* out_buff_len) +{ + const uint8_t* plaintext; + uint32_t plaintext_length; + sgx_status_t status; + uint32_t retstatus; + secure_message_t* req_message; + secure_message_t* resp_message; + uint8_t *decrypted_data; + uint32_t decrypted_data_length; + uint32_t plain_text_offset; + uint8_t l_tag[TAG_SIZE]; + size_t max_resp_message_length; + plaintext = (const uint8_t*)(" "); + plaintext_length = 0; + + if(!session_info || !inp_buff) + { + return INVALID_PARAMETER_ERROR; + } + //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session + if(session_info->active.counter == ((uint32_t) - 2)) + { + close_session(src_enclave_id, dest_enclave_id); + create_session(src_enclave_id, dest_enclave_id, session_info); + } + + //Allocate memory for the AES-GCM request message + req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len); + if(!req_message) + { + return MALLOC_ERROR; + } + + memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len); + const uint32_t data2encrypt_length = (uint32_t)inp_buff_len; + //Set the payload size to data to encrypt length + req_message->message_aes_gcm_data.payload_size = data2encrypt_length; + + //Use the session nonce as the payload IV + memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter)); + + //Set the session ID of the message to the current session id + req_message->session_id = session_info->session_id; + + //Prepare the request message with the encrypted payload + status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length, + reinterpret_cast(&(req_message->message_aes_gcm_data.payload)), + reinterpret_cast(&(req_message->message_aes_gcm_data.reserved)), + sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length, + &(req_message->message_aes_gcm_data.payload_tag)); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(req_message); + return status; + } + + //Allocate memory for the response payload to be copied + *out_buff = (char*)malloc(max_out_buff_size); + if(!*out_buff) + { + SAFE_FREE(req_message); + return MALLOC_ERROR; + } + + memset(*out_buff, 0, max_out_buff_size); + + //Allocate memory for the response message + resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size); + if(!resp_message) + { + SAFE_FREE(req_message); + return MALLOC_ERROR; + } + + memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size); + + //Ocall to send the request to the Destination Enclave and get the response message back + status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message, + (sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size, + resp_message, (sizeof(secure_message_t)+ max_out_buff_size)); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return ((ATTESTATION_STATUS)retstatus); + } + } + else + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return ATTESTATION_SE_ERROR; + } + + max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size; + + if(sizeof(resp_message) > max_resp_message_length) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return INVALID_PARAMETER_ERROR; + } + + //Code to process the response message from the Destination Enclave + + decrypted_data_length = resp_message->message_aes_gcm_data.payload_size; + plain_text_offset = decrypted_data_length; + decrypted_data = (uint8_t*)malloc(decrypted_data_length); + if(!decrypted_data) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return MALLOC_ERROR; + } + memset(&l_tag, 0, 16); + + memset(decrypted_data, 0, decrypted_data_length); + + //Decrypt the response message payload + status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload, + decrypted_data_length, decrypted_data, + reinterpret_cast(&(resp_message->message_aes_gcm_data.reserved)), + sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length, + &resp_message->message_aes_gcm_data.payload_tag); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(req_message); + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_message); + return status; + } + + // Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks) + if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 )) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + SAFE_FREE(decrypted_data); + return INVALID_PARAMETER_ERROR; + } + + //Update the value of the session nonce in the source enclave + session_info->active.counter = session_info->active.counter + 1; + + memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length)); + memcpy(*out_buff, decrypted_data, decrypted_data_length); + + SAFE_FREE(decrypted_data); + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return SUCCESS; + + +} + +//Process the request from the Source enclave and send the response message back to the Source enclave +ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id, + secure_message_t* req_message, + size_t req_message_size, + size_t max_payload_size, + secure_message_t* resp_message, + size_t resp_message_size) +{ + const uint8_t* plaintext; + uint32_t plaintext_length; + uint8_t *decrypted_data; + uint32_t decrypted_data_length; + uint32_t plain_text_offset; + ms_in_msg_exchange_t * ms; + size_t resp_data_length; + size_t resp_message_calc_size; + char* resp_data; + uint8_t l_tag[TAG_SIZE]; + size_t header_size, expected_payload_size; + dh_session_t *session_info; + secure_message_t* temp_resp_message; + uint32_t ret; + sgx_status_t status; + + plaintext = (const uint8_t*)(" "); + plaintext_length = 0; + + if(!req_message || !resp_message) + { + return INVALID_PARAMETER_ERROR; + } + + //Get the session information from the map corresponding to the source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = &it->second; + } + else + { + return INVALID_SESSION; + } + + if(session_info->status != ACTIVE) + { + return INVALID_SESSION; + } + + //Set the decrypted data length to the payload size obtained from the message + decrypted_data_length = req_message->message_aes_gcm_data.payload_size; + + header_size = sizeof(secure_message_t); + expected_payload_size = req_message_size - header_size; + + //Verify the size of the payload + if(expected_payload_size != decrypted_data_length) + return INVALID_PARAMETER_ERROR; + + memset(&l_tag, 0, 16); + plain_text_offset = decrypted_data_length; + decrypted_data = (uint8_t*)malloc(decrypted_data_length); + if(!decrypted_data) + { + return MALLOC_ERROR; + } + + memset(decrypted_data, 0, decrypted_data_length); + + //Decrypt the request message payload from source enclave + status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload, + decrypted_data_length, decrypted_data, + reinterpret_cast(&(req_message->message_aes_gcm_data.reserved)), + sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length, + &req_message->message_aes_gcm_data.payload_tag); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(decrypted_data); + return status; + } + + //Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call) + ms = (ms_in_msg_exchange_t *)decrypted_data; + + + // Verify if the nonce obtained in the request is equal to the session nonce + if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2)) + { + SAFE_FREE(decrypted_data); + return INVALID_PARAMETER_ERROR; + } + + if(ms->msg_type == MESSAGE_EXCHANGE) + { + //Call the generic secret response generator for message exchange + ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length); + if(ret !=0) + { + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + return INVALID_SESSION; + } + } + else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL) + { + //Call the destination enclave's dispatcher to call the appropriate function in the destination enclave + ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length); + if(ret !=0) + { + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + return INVALID_SESSION; + } + } + else + { + SAFE_FREE(decrypted_data); + return INVALID_REQUEST_TYPE_ERROR; + } + + + if(resp_data_length > max_payload_size) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return OUT_BUFFER_LENGTH_ERROR; + } + + resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length; + + if(resp_message_calc_size > resp_message_size) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return OUT_BUFFER_LENGTH_ERROR; + } + + //Code to build the response back to the Source Enclave + temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size); + if(!temp_resp_message) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return MALLOC_ERROR; + } + + memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length); + const uint32_t data2encrypt_length = (uint32_t)resp_data_length; + temp_resp_message->session_id = session_info->session_id; + temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length; + + //Increment the Session Nonce (Replay Protection) + session_info->active.counter = session_info->active.counter + 1; + + //Set the response nonce as the session nonce + memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter)); + + //Prepare the response message with the encrypted payload + status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length, + reinterpret_cast(&(temp_resp_message->message_aes_gcm_data.payload)), + reinterpret_cast(&(temp_resp_message->message_aes_gcm_data.reserved)), + sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length, + &(temp_resp_message->message_aes_gcm_data.payload_tag)); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + SAFE_FREE(temp_resp_message); + return status; + } + + memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length); + memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length); + + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + SAFE_FREE(temp_resp_message); + + return SUCCESS; +} + +//Close a current session +ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status; + + uint32_t retstatus; + + //Ocall to ask the destination enclave to end the session + status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + return SUCCESS; +} + +//Respond to the request from the Source Enclave to close the session +ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id) +{ + ATTESTATION_STATUS status = SUCCESS; + int i; + dh_session_t session_info; + uint32_t session_id; + + //Get the session information from the map corresponding to the source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = it->second; + } + else + { + return INVALID_SESSION; + } + + session_id = session_info.session_id; + //Erase the session information for the current session + g_dest_session_info_map.erase(src_enclave_id); + + //Update the session id tracker + if (g_session_count > 0) + { + //check if session exists + for (i=1; i <= MAX_SESSION_COUNT; i++) + { + if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id) + { + memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t)); + SAFE_FREE(g_session_id_tracker[i-1]); + g_session_count--; + break; + } + } + } + + return status; + +} + + +//Returns a new sessionID for the source destination session +ATTESTATION_STATUS generate_session_id(uint32_t *session_id) +{ + ATTESTATION_STATUS status = SUCCESS; + + if(!session_id) + { + return INVALID_PARAMETER_ERROR; + } + //if the session structure is untintialized, set that as the next session ID + for (int i = 0; i < MAX_SESSION_COUNT; i++) + { + if (g_session_id_tracker[i] == NULL) + { + *session_id = i; + return status; + } + } + + status = NO_AVAILABLE_SESSION_ERROR; + + return status; + +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.h new file mode 100644 index 0000000..1d8a56c --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/EnclaveMessageExchange.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "datatypes.h" +#include "sgx_eid.h" +#include "sgx_trts.h" +#include +#include "dh_session_protocol.h" + +#ifndef LOCALATTESTATION_H_ +#define LOCALATTESTATION_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info); +uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len); +uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/LocalAttestationCode.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/LocalAttestationCode.edl new file mode 100644 index 0000000..ce1c140 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/LocalAttestationCode.edl @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + include "datatypes.h" + include "../Include/dh_session_protocol.h" + trusted{ + public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id); + public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); + public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size ); + public uint32_t end_session(sgx_enclave_id_t src_enclave_id); + }; + + untrusted{ + uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [out] sgx_dh_msg1_t *dh_msg1,[out] uint32_t *session_id); + uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); + uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size); + uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + void ocall_print_string([in, string] const char *str); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/datatypes.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/datatypes.h new file mode 100644 index 0000000..6382ea1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/datatypes.h @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_report.h" +#include "sgx_eid.h" +#include "sgx_ecp_types.h" +#include "sgx_dh.h" +#include "sgx_tseal.h" + +#ifndef DATATYPES_H_ +#define DATATYPES_H_ + +#define DH_KEY_SIZE 20 +#define NONCE_SIZE 16 +#define MAC_SIZE 16 +#define MAC_KEY_SIZE 16 +#define PADDING_SIZE 16 + +#define TAG_SIZE 16 +#define IV_SIZE 12 + +#define DERIVE_MAC_KEY 0x0 +#define DERIVE_SESSION_KEY 0x1 +#define DERIVE_VK1_KEY 0x3 +#define DERIVE_VK2_KEY 0x4 + +#define CLOSED 0x0 +#define IN_PROGRESS 0x1 +#define ACTIVE 0x2 + +#define MESSAGE_EXCHANGE 0x0 +#define ENCLAVE_TO_ENCLAVE_CALL 0x1 + +#define INVALID_ARGUMENT -2 ///< Invalid function argument +#define LOGIC_ERROR -3 ///< Functional logic error +#define FILE_NOT_FOUND -4 ///< File not found + +#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}} + +#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB + +typedef uint8_t dh_nonce[NONCE_SIZE]; +typedef uint8_t cmac_128[MAC_SIZE]; + +#pragma pack(push, 1) + +//Format of the AES-GCM message being exchanged between the source and the destination enclaves +typedef struct _secure_message_t +{ + uint32_t session_id; //Session ID identifyting the session to which the message belongs + sgx_aes_gcm_data_t message_aes_gcm_data; +}secure_message_t; + +//Format of the input function parameter structure +typedef struct _ms_in_msg_exchange_t { + uint32_t msg_type; //Type of Call E2E or general message exchange + uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL + uint32_t inparam_buff_len; //Length of the serialized input parameters + char inparam_buff[]; //Serialized input parameters +} ms_in_msg_exchange_t; + +//Format of the return value and output function parameter structure +typedef struct _ms_out_msg_exchange_t { + uint32_t retval_len; //Length of the return value + uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters + char ret_outparam_buff[]; //Serialized return value and output parameters +} ms_out_msg_exchange_t; + +//Session Tracker to generate session ids +typedef struct _session_id_tracker_t +{ + uint32_t session_id; +}session_id_tracker_t; + +#pragma pack(pop) + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/error_codes.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/error_codes.h new file mode 100644 index 0000000..0bca4c0 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/LocalAttestationCode/error_codes.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef ERROR_CODES_H_ +#define ERROR_CODES_H_ + +typedef uint32_t ATTESTATION_STATUS; + +#define SUCCESS 0x00 +#define INVALID_PARAMETER 0xE1 +#define VALID_SESSION 0xE2 +#define INVALID_SESSION 0xE3 +#define ATTESTATION_ERROR 0xE4 +#define ATTESTATION_SE_ERROR 0xE5 +#define IPP_ERROR 0xE6 +#define NO_AVAILABLE_SESSION_ERROR 0xE7 +#define MALLOC_ERROR 0xE8 +#define ERROR_TAG_MISMATCH 0xE9 +#define OUT_BUFFER_LENGTH_ERROR 0xEA +#define INVALID_REQUEST_TYPE_ERROR 0xEB +#define INVALID_PARAMETER_ERROR 0xEC +#define ENCLAVE_TRUST_ERROR 0xED +#define ENCRYPT_DECRYPT_ERROR 0xEE +#define DUPLICATE_SESSION 0xEF +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Makefile new file mode 100644 index 0000000..a90c857 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Makefile @@ -0,0 +1,346 @@ +# +# Copyright (C) 2011-2018 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= HW +SGX_ARCH ?= x64 +SGX_DEBUG ?= 1 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## Library Settings ######## + +Trust_Lib_Name := libLocalAttestation_Trusted.a +TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp) +TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o) +TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include +TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths) +TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++ + +UnTrustLib_Name := libLocalAttestation_unTrusted.a +UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp) +UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o) +UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode +UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths) + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +App_Cpp_Files := $(wildcard App/*.cpp) +App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode + +App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) +App_Name := app + +######## Enclave Settings ######## + +Enclave1_Version_Script := Enclave1/Enclave1.lds +Enclave2_Version_Script := Enclave2/Enclave2.lds +Enclave3_Version_Script := Enclave3/Enclave3.lds + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp) +Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp) +Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp) +Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include + +CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") +ifeq ($(CC_BELOW_4_9), 1) + Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector +else + Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong +endif + +Enclave_Compile_Flags += $(Enclave_Include_Paths) + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. +Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections +Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script) +Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script) +Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script) + +Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o) +Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o) +Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o) + +Enclave_Name_1 := libenclave1.so +Enclave_Name_2 := libenclave2.so +Enclave_Name_3 := libenclave3.so + +ifeq ($(SGX_MODE), HW) +ifeq ($(SGX_DEBUG), 1) + Build_Mode = HW_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = HW_PRERELEASE +else + Build_Mode = HW_RELEASE +endif +else +ifeq ($(SGX_DEBUG), 1) + Build_Mode = SIM_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = SIM_PRERELEASE +else + Build_Mode = SIM_RELEASE +endif +endif + +ifeq ($(Build_Mode), HW_RELEASE) +all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclaves use the following commands:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml" + @echo "You can also sign the enclaves using an external signing tool." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name) +ifeq ($(Build_Mode), HW_DEBUG) + @echo "The project has been built in debug hardware mode." +else ifeq ($(Build_Mode), SIM_DEBUG) + @echo "The project has been built in debug simulation mode." +else ifeq ($(Build_Mode), HW_PRERELEASE) + @echo "The project has been built in pre-release hardware mode." +else ifeq ($(Build_Mode), SIM_PRERELEASE) + @echo "The project has been built in pre-release simulation mode." +else + @echo "The project has been built in release simulation mode." +endif +endif + +.config_$(Build_Mode)_$(SGX_ARCH): + @rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.* + @touch .config_$(Build_Mode)_$(SGX_ARCH) + +######## Library Objects ######## + +LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl + @cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c + @$(CC) $(TrustLib_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h + @$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@ + @echo "CC <= $<" + +$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects) + @$(AR) rcs $@ $^ + @echo "GEN => $@" + +Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp + @$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects) + @$(AR) rcs $@ $^ + @echo "GEN => $@" + +######## App Objects ######## +Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl + @cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave1_u.o: Enclave1/Enclave1_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl + @cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave2_u.o: Enclave2/Enclave2_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl + @cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave3_u.o: Enclave3/Enclave3_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h + @$(CXX) $(App_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + +######## Enclave Objects ######## + +Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl + @cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name) + @$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_1): Enclave1.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml + @echo "SIGN => $@" + +Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl + @cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave2/%.o: Enclave2/%.cpp + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name) + @$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_2): Enclave2.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml + @echo "SIGN => $@" + +Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl + @cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave3/%.o: Enclave3/%.cpp + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name) + @$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_3): Enclave3.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml + @echo "SIGN => $@" + +######## Clean ######## +.PHONY: clean + +clean: + @rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.* diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/README.txt b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/README.txt new file mode 100644 index 0000000..6117cee --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/README.txt @@ -0,0 +1,29 @@ +--------------------------- +Purpose of LocalAttestation +--------------------------- +The project demonstrates: +- How to establish a protected channel +- Secret message exchange using enclave to enclave function calls + +------------------------------------ +How to Build/Execute the Sample Code +------------------------------------ +1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS +2. Make sure your environment is set: + $ source ${sgx-sdk-install-path}/environment +3. Build the project with the prepared Makefile: + a. Hardware Mode, Debug build: + $ make + b. Hardware Mode, Pre-release build: + $ make SGX_PRERELEASE=1 SGX_DEBUG=0 + c. Hardware Mode, Release build: + $ make SGX_DEBUG=0 + d. Simulation Mode, Debug build: + $ make SGX_MODE=SIM + e. Simulation Mode, Pre-release build: + $ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0 + f. Simulation Mode, Release build: + $ make SGX_MODE=SIM SGX_DEBUG=0 +4. Execute the binary directly: + $ ./app +5. Remember to "make clean" before switching build mode diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp new file mode 100644 index 0000000..b09f49a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp @@ -0,0 +1,194 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_eid.h" +#include "error_codes.h" +#include "datatypes.h" +#include "sgx_urts.h" +#include "UntrustedEnclaveMessageExchange.h" +#include "sgx_dh.h" +#include +#include +#include +#include +#include +#include + +std::mapg_enclave_id_map; + +//Makes an sgx_ecall to the destination enclave to get session id and message1 +ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + + // wait for Enclave2 to fill msg1 + printf("[OCALL IPC] Waiting for Enclave2 to generate SessionID and message1...\n"); + sleep(5); + + printf("[OCALL IPC] SessionID and message1 should be ready\n"); + + // for session id + printf("[OCALL IPC] Retriving SessionID from shared memory\n"); + key_t key_session_id = ftok("../..", 3); + int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT); + uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0); + memcpy(session_id, tmp_session_id, sizeof(uint32_t)); + shmdt(tmp_session_id); + + // for msg1 + printf("[OCALL IPC] Retriving message1 from shared memory\n"); + key_t key_msg1 = ftok("../..", 2); + int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT); + sgx_dh_msg1_t *tmp_msg1 = (sgx_dh_msg1_t*)shmat(shmid_msg1, (void*)0, 0); + memcpy(dh_msg1, tmp_msg1, sizeof(sgx_dh_msg1_t)); + shmdt(tmp_msg1); + + ret = SGX_SUCCESS; + + if (ret == SGX_SUCCESS) + return SUCCESS; + else + return INVALID_SESSION; + +} +//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave +ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + + // for msg2 (filled by Enclave1) + printf("[OCALL IPC] Passing message2 to shared memory for Enclave2\n"); + key_t key_msg2 = ftok("../..", 4); + int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT); + sgx_dh_msg2_t *tmp_msg2 = (sgx_dh_msg2_t*)shmat(shmid_msg2, (void*)0, 0); + memcpy(tmp_msg2, dh_msg2, sizeof(sgx_dh_msg2_t)); + shmdt(tmp_msg2); + + // wait for Enclave2 to process msg2 + printf("[OCALL IPC] Waiting for Enclave2 to process message2 and generate message3...\n"); + sleep(5); + + // retrieve msg3 (filled by Enclave2) + printf("[OCALL IPC] Message3 should be ready\n"); + printf("[OCALL IPC] Retrieving message3 from shared memory\n"); + key_t key_msg3 = ftok("../..", 5); + int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT); + sgx_dh_msg3_t *tmp_msg3 = (sgx_dh_msg3_t*)shmat(shmid_msg3, (void*)0, 0); + memcpy(dh_msg3, tmp_msg3, sizeof(sgx_dh_msg3_t)); + shmdt(tmp_msg3); + + ret = SGX_SUCCESS; + if (ret == SGX_SUCCESS) + return SUCCESS; + else + return INVALID_SESSION; + +} + +//Make an sgx_ecall to the destination enclave function that generates the actual response +ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + uint32_t temp_enclave_no; + + std::map::iterator it = g_enclave_id_map.find(dest_enclave_id); + if(it != g_enclave_id_map.end()) + { + temp_enclave_no = it->second; + } + else + { + return INVALID_SESSION; + } + + switch(temp_enclave_no) + { + case 1: + ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + case 2: + ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + case 3: + ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + } + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} + +//Make an sgx_ecall to the destination enclave to close the session +ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + uint32_t temp_enclave_no; + + std::map::iterator it = g_enclave_id_map.find(dest_enclave_id); + if(it != g_enclave_id_map.end()) + { + temp_enclave_no = it->second; + } + else + { + return INVALID_SESSION; + } + + switch(temp_enclave_no) + { + case 1: + ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id); + break; + case 2: + ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id); + break; + case 3: + ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id); + break; + } + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} + +void ocall_print_string(const char *str) +{ + printf("%s", str); +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h new file mode 100644 index 0000000..a97204d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave1/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_eid.h" +#include "error_codes.h" +#include "datatypes.h" +#include "sgx_urts.h" +#include "dh_session_protocol.h" +#include "sgx_dh.h" +#include + + +#ifndef ULOCALATTESTATION_H_ +#define ULOCALATTESTATION_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); +void ocall_print_string(const char *str); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.cproject b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.cproject new file mode 100644 index 0000000..12d5e29 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.cproject @@ -0,0 +1,216 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.project b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.project new file mode 100644 index 0000000..df8b1a4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.project @@ -0,0 +1,28 @@ + + + LocalAttestation + + + + + + org.eclipse.cdt.managedbuilder.core.genmakebuilder + clean,full,incremental, + + + + + org.eclipse.cdt.managedbuilder.core.ScannerConfigBuilder + full,incremental, + + + + + + org.eclipse.cdt.core.cnature + org.eclipse.cdt.managedbuilder.core.managedBuildNature + org.eclipse.cdt.managedbuilder.core.ScannerConfigNature + org.eclipse.cdt.core.ccnature + com.intel.sgx.sgxnature + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.settings/language.settings.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.settings/language.settings.xml new file mode 100644 index 0000000..bb1f922 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/.settings/language.settings.xml @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/App/App.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/App/App.cpp new file mode 100644 index 0000000..41663b9 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/App/App.cpp @@ -0,0 +1,151 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// App.cpp : Defines the entry point for the console application. +#include +#include +#include "../Enclave1/Enclave1_u.h" +#include "../Enclave2/Enclave2_u.h" +#include "../Enclave3/Enclave3_u.h" +#include "sgx_eid.h" +#include "sgx_urts.h" +#define __STDC_FORMAT_MACROS +#include + +#include +#include +#include + +#define UNUSED(val) (void)(val) +#define TCHAR char +#define _TCHAR char +#define _T(str) str +#define scanf_s scanf +#define _tmain main + +extern std::mapg_enclave_id_map; + + +sgx_enclave_id_t e1_enclave_id = 0; +sgx_enclave_id_t e2_enclave_id = 0; +sgx_enclave_id_t e3_enclave_id = 0; + +#define ENCLAVE1_PATH "libenclave1.so" +#define ENCLAVE2_PATH "libenclave2.so" +#define ENCLAVE3_PATH "libenclave3.so" + +void waitForKeyPress() +{ + char ch; + int temp; + printf("\n\nHit a key....\n"); + temp = scanf_s("%c", &ch); +} + +uint32_t load_enclaves() +{ + uint32_t enclave_temp_no; + int ret, launch_token_updated; + sgx_launch_token_t launch_token; + + enclave_temp_no = 0; + + ret = sgx_create_enclave(ENCLAVE1_PATH, SGX_DEBUG_FLAG, &launch_token, &launch_token_updated, &e1_enclave_id, NULL); + if (ret != SGX_SUCCESS) { + return ret; + } + + enclave_temp_no++; + g_enclave_id_map.insert(std::pair(e1_enclave_id, enclave_temp_no)); + + return SGX_SUCCESS; +} + +int _tmain(int argc, _TCHAR* argv[]) +{ + uint32_t ret_status; + sgx_status_t status; + + UNUSED(argc); + UNUSED(argv); + + if(load_enclaves() != SGX_SUCCESS) + { + printf("\nLoad Enclave Failure"); + } + + //printf("\nAvailable Enclaves"); + //printf("\nEnclave1 - EnclaveID %" PRIx64 "\n", e1_enclave_id); + + // shared memory between Enlave1 and Enclave2 to pass data + key_t key = ftok("../..", 1); + int shmid = shmget(key, 1024, 0666 | IPC_CREAT); + char *str = (char*)shmat(shmid, (void*)0, 0); + + printf("[TEST IPC] Receiving from Enclave1: %s", str); + + shmdt(str); + shmctl(shmid, IPC_RMID, NULL); + + do + { + printf("[START] Testing create session between Enclave1 (Initiator) and Enclave2 (Responder)\n"); + status = Enclave1_test_create_session(e1_enclave_id, &ret_status, e1_enclave_id, 0); + if (status!=SGX_SUCCESS) + { + printf("[END] test_create_session Ecall failed: Error code is %x\n", status); + break; + } + else + { + if(ret_status==0) + { + printf("[END] Secure Channel Establishment between Initiator (E1) and Responder (E2) Enclaves successful !!!\n"); + } + else + { + printf("[END] Session establishment and key exchange failure between Initiator (E1) and Responder (E2): Error code is %x\n", ret_status); + break; + } + } + +#pragma warning (push) +#pragma warning (disable : 4127) + }while(0); +#pragma warning (pop) + + sgx_destroy_enclave(e1_enclave_id); + + waitForKeyPress(); + + return 0; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.config.xml new file mode 100644 index 0000000..9554947 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.cpp new file mode 100644 index 0000000..6b44dc1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.cpp @@ -0,0 +1,367 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave1.cpp : Defines the exported functions for the .so application +#include "sgx_eid.h" +#include "Enclave1_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E1.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e1_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave (Test Vector) +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id, &dest_session_info); + + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t var1,var2; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + var1 = 0x4; + var2 = 0x5; + target_fn_id = 0; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + max_out_buff_size = 50; + + //Marshals the input parameters for calling function foo1 in Enclave2 into a input buffer + ke_status = marshal_input_parameters_e2_foo1(target_fn_id, msg_type, var1, var2, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id of Enclave2 passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the return value and output parameters from foo1 of Enclave 2 + ke_status = unmarshal_retval_and_output_parameters_e2_foo1(out_buff, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the secret data into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + + +//Dispatcher function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} + +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + + +static uint32_t e1_foo1(external_param_struct_t *p_struct_var) +{ + if(!p_struct_var) + { + return INVALID_PARAMETER_ERROR; + } + (p_struct_var->var1)++; + (p_struct_var->var2)++; + (p_struct_var->p_internal_struct->ivar1)++; + (p_struct_var->p_internal_struct->ivar2)++; + + return (p_struct_var->var1 + p_struct_var->var2 + p_struct_var->p_internal_struct->ivar1 + p_struct_var->p_internal_struct->ivar2); +} + +//Function which is executed on request from the source enclave +static uint32_t e1_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t ret; + size_t len_data, len_ptr_data; + external_param_struct_t *p_struct_var; + internal_param_struct_t internal_struct_var; + + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + + p_struct_var = (external_param_struct_t*)malloc(sizeof(external_param_struct_t)); + if(!p_struct_var) + return MALLOC_ERROR; + + p_struct_var->p_internal_struct = &internal_struct_var; + + if(unmarshal_input_parameters_e1_foo1(p_struct_var, ms) != SUCCESS)//can use the stack + { + SAFE_FREE(p_struct_var); + return ATTESTATION_ERROR; + } + + ret = e1_foo1(p_struct_var); + + len_data = sizeof(external_param_struct_t) - sizeof(p_struct_var->p_internal_struct); + len_ptr_data = sizeof(internal_struct_var); + + if(marshal_retval_and_output_parameters_e1_foo1(resp_buffer, resp_length, ret, p_struct_var, len_data, len_ptr_data) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return MALLOC_ERROR; + } + SAFE_FREE(p_struct_var); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.edl new file mode 100644 index 0000000..da2b6ab --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.edl @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; + +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.lds new file mode 100644 index 0000000..f2ee453 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1.lds @@ -0,0 +1,10 @@ +Enclave1.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1_private.pem new file mode 100644 index 0000000..75d7f88 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Enclave1_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAuJh4w/KzndQhzEqwH6Ut/3BmOom5CN117KT1/cemEbDLPhn0 +c5yjAfe4NL1qtGqz0RTK9X9BBSi89b6BrsM9S6c2cUJaeYAPrAtJ+IuzN/5BAmmf +RXbPccETd7rHvDdQ9KBRjCipTx+H0D5nOB76S5PZPVrduwrCmSqVFmLNVWWfPYQx +YewbJ2QfEfioICZFYR0Jou38mJqDTl+CH0gLAuQ4n1kdpQ3VGymzt3oUiPzf5ImJ +oZh5HjarRRiWV+cyNyXYJTnx0dOtFQDgd8HhniagbRB0ZOIt6599JjMkWGkVP0Ni +U/NIlXG5musU35GfLB8MbTcxblMNm9sMYz1R8y/eAreoPTXUhtK8NG2TEywRh3UP +RF9/jM9WczjQXxJ3RznKOwNVwg4cRY2AOqD2vb1iGSqyc/WMzVULgfclkcScp75/ +Auz9Y6473CQvaxyrseSWHGwCG7KG1GxYE8Bg8T6OlYD4mzKggoMdwVLAzUepRaPZ +5hqRDZzbTGUxJ+GLAgEDAoIBgHsQUIKhzRPiwTLcdWpuHqpK7tGxJgXo+Uht+VPa +brZ13NQRTaJobKv6es3TnHhHIotjMfj/gK4bKKPUVnSCKN0aJEuBkaZVX8gHhqWy +d3qpgKxGai5PNPaAt6UnL9LPi03ANl1wcN9qWorURNAUpt0NO348k9IHLGYcY2RB +3jjuaikCy5adZ2+YFLalxWrELkC+BmyeqGW8V4mVAWowB1dC0Go7aRiz42dxInpR +YwX96phbsRZlphQkci4QZDqaIFg3ndzTO5bo704zaMcbWtEjmFrYRyb519tRoDkN +Y0rGwOxFANeRV5dSfGGLm7K5JztiuHN0nMu3PhY4LOV0SeZ4+5sYn0LzB2nyKqgy +/c3AA2OG34DEdGxxh94kD66iKFVPyJG38/gnu9CsGmrLl3n4fgutPEVIbPdSSjex +4Y9EQfcnqImPxTrpP9CqD208VPcQHD/uy8s9q3961Ew3RPdHMZ8amIJdXkOmPEme +KZ7SG+VENBaj8r038iq1mPzcWwKBwQDcvJg75LfVuKX+cWMrTO2+MFVcEFiZ/NB/ +gh7mgL6lCleROVa9P6iR2Wn6vHq8nP5BkChehm/rXEG78fgXEMoArimF7FrrICfI +4yB0opDJz/tWrE/62impN7OR8Ce+RQThFj4RTnibQEEVt++JMUXFiMKLdWDSpC2i +tNWnlTOb7d89bk0yk62IoLElCZK/MIMxkCHBKW6YgrmvlPJKQwpA6Z3wQbUpE6Rb +9f8xJfxZGEJPH0s3Ds9A0CVuEt8OOXcCgcEA1hXTHhhgmb2gIUJgIcvrpkDmiLux +EG6ZoyLt6h5QwzScS6KKU1mcoJyVDd0wlt7mEXrPYYHWUWPuvpTQ8/4ZGMw7FCZe +bakhnwRbw36FlLwRG35wCF6nQO1XFBKRGto15ivfTyDvMpJBdtNpET5NwT/ifDF3 +OWS7t6TGhtcfnvBad5S1AgGoAq+q/huFiBGpDbxJ+1xh0lNL5Z8nVypvPWomNpde +rpLuwRPEIb+GBfQ9Hp5AjRXVsPjKnkHsnl2NAoHBAJMoZX1DJTklw/72Qhzd89Qg +OOgK5bv94FUBae8Afxixj7YmOdN/xbaQ8VHS/H29/tZgGumu9UeS1n1L+roLMVXJ +cQPy50dqxTCXavhsYIaKp48diqc8G8YlImFKxSmDWJYO1AuJpbzVgLklSlt2LoOw +gbJOQIxtc8HN48UOImfz6ij0M3cNHlsVy24GYdTLAiEKwStw9GWse8pjTDGCBtXx +E/WBI3C3wuf5VMtuqDtlgYoU3M9fNNXgGPQMlLQmTwKBwQCOuTdpZZW708AWLEAW +h/Ju1e8F0nYK9GZswfPxaYsszb2HwbGM5mhrEw4JPiBklJlg/IpBATmLl/R/DeCi +qWYQiCdixD7zxhZqAufXqa5jKAtnqaAFlG+AnjoNYbYR5s6ZcpTfa0ohttZPN5tg +1DPWKpb9dk97mH0lGIRZ5L+/Sub6YyNWq8VXH8dUElkFYRtefYankuvhjN1Dv2+P +cZ9+RsQkZOnJt0nWDS1r1QQD+Ci/FCsIuTkgpdxpgUhpk7MCgcEAkfkmaBDb7DG2 +Kc39R6ZZuPnV10w+WOpph7ugwcguG/E0wGq+jFWv6HFckCPeHT4BNtOk8Dem/kPp +teF51eAuFWEefj2tScvlSBBPcnla+WzMWXrlxVnajTt73w+oT2Ql//WhgREpsNfx +SvU80YPVu4GJfl+hhxBifLx+0FM20OESW93qFRc3p040bNrDY9JIZuly/y5zaiBa +mRZF9H8P+x3Lu5AJpdXQEOMZ/XJ/xkoWWjbTojkmgOmmZSMLd5Te +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.cpp new file mode 100644 index 0000000..6b6aea6 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.cpp @@ -0,0 +1,222 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E1.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + + param_len = sizeof(var1)+sizeof(var2); + temp_buff = (char*)malloc(param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff,&var1,sizeof(var1)); + memcpy(temp_buff+sizeof(var1),&var2,sizeof(var2)); + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + return MALLOC_ERROR; + + memcpy(*retval, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + +uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!pstruct || !ms) + return INVALID_PARAMETER_ERROR; + + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != (sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)+sizeof(pstruct->p_internal_struct->ivar2))) + return ATTESTATION_ERROR; + + memcpy(&pstruct->var1, buff, sizeof(pstruct->var1)); + memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2)); + memcpy(&pstruct->p_internal_struct->ivar1, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)), sizeof(pstruct->p_internal_struct->ivar1)); + memcpy(&pstruct->p_internal_struct->ivar2, buff+(sizeof(pstruct->var1)+sizeof(pstruct->var2)+sizeof(pstruct->p_internal_struct->ivar1)), sizeof(pstruct->p_internal_struct->ivar2)); + + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data) +{ + ms_out_msg_exchange_t *ms; + size_t param_len, ms_len, ret_param_len;; + char *temp_buff; + int* addr; + char* struct_data; + size_t retval_len; + + if(!resp_length || !p_struct_var) + return INVALID_PARAMETER_ERROR; + + retval_len = sizeof(retval); + struct_data = (char*)p_struct_var; + param_len = len_data + len_ptr_data; + ret_param_len = param_len + retval_len; + addr = *(int **)(struct_data + len_data); + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff, &retval, sizeof(retval)); + memcpy(temp_buff + sizeof(retval), struct_data, len_data); + memcpy(temp_buff + sizeof(retval) + len_data, addr, len_ptr_data); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.h new file mode 100644 index 0000000..c0d6373 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave1/Utility_E1.h @@ -0,0 +1,65 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E1_H__ +#define UTILITY_E1_H__ + +#include "stdint.h" + +typedef struct _internal_param_struct_t +{ + uint32_t ivar1; + uint32_t ivar2; +}internal_param_struct_t; + +typedef struct _external_param_struct_t +{ + uint32_t var1; + uint32_t var2; + internal_param_struct_t *p_internal_struct; +}external_param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e2_foo1(uint32_t target_fn_id, uint32_t msg_type, uint32_t var1, uint32_t var2, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e2_foo1(char* out_buff, char** retval); +uint32_t unmarshal_input_parameters_e1_foo1(external_param_struct_t *pstruct, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e1_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); +#ifdef __cplusplus + } +#endif +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.config.xml new file mode 100644 index 0000000..3ca2c12 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.cpp new file mode 100644 index 0000000..85e21b5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.cpp @@ -0,0 +1,339 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave2.cpp : Defines the exported functions for the DLL application +#include "sgx_eid.h" +#include "Enclave2_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E2.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e2_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info); + if(ke_status == SUCCESS) + { + //Insert the session information into the map under the corresponding destination enclave id + g_src_session_info_map.insert(std::pair(dest_enclave_id, dest_session_info)); + } + memset(&dest_session_info, 0, sizeof(dh_session_t)); + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + param_struct_t *p_struct_var, struct_var; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + max_out_buff_size = 50; + target_fn_id = 0; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + + struct_var.var1 = 0x3; + struct_var.var2 = 0x4; + p_struct_var = &struct_var; + + //Marshals the input parameters for calling function foo1 in Enclave3 into a input buffer + ke_status = marshal_input_parameters_e3_foo1(target_fn_id, msg_type, p_struct_var, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the return value and output parameters from foo1 of Enclave3 + ke_status = unmarshal_retval_and_output_parameters_e3_foo1(out_buff, p_struct_var, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the secret data into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + +//Dispatch function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} + +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + +static uint32_t e2_foo1(uint32_t var1, uint32_t var2) +{ + return(var1 + var2); +} + +//Function which is executed on request from the source enclave +static uint32_t e2_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t var1,var2,ret; + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + if(unmarshal_input_parameters_e2_foo1(&var1, &var2, ms) != SUCCESS) + return ATTESTATION_ERROR; + + ret = e2_foo1(var1, var2); + + if(marshal_retval_and_output_parameters_e2_foo1(resp_buffer, resp_length, ret) != SUCCESS ) + return MALLOC_ERROR; //can set resp buffer to null here + + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.edl new file mode 100644 index 0000000..6886a82 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.edl @@ -0,0 +1,43 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.lds new file mode 100644 index 0000000..1507368 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2.lds @@ -0,0 +1,10 @@ +Enclave2.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2_private.pem new file mode 100644 index 0000000..529d07b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Enclave2_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.cpp new file mode 100644 index 0000000..b580758 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.cpp @@ -0,0 +1,213 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E2.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + if(!p_struct_var || !marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + param_len = sizeof(param_struct_t); + temp_buff = (char*)malloc(param_len); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, p_struct_var, sizeof(param_struct_t)); //can be optimized + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + { + return MALLOC_ERROR; + } + memcpy(*retval, ms->ret_outparam_buff, retval_len); + memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1)); + memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2)); + return SUCCESS; +} + + +uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!var1 || !var2 || !ms) + return INVALID_PARAMETER_ERROR; + + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != (sizeof(*var1) + sizeof(*var2))) + return ATTESTATION_ERROR; + + memcpy(var1, buff, sizeof(*var1)); + memcpy(var2, buff + sizeof(*var1), sizeof(*var2)); + + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval) +{ + ms_out_msg_exchange_t *ms; + size_t ret_param_len, ms_len; + char *temp_buff; + size_t retval_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + retval_len = sizeof(retval); + ret_param_len = retval_len; //no out parameters + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + + memcpy(temp_buff, &retval, sizeof(retval)); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.h new file mode 100644 index 0000000..e8b4aef --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave2/Utility_E2.h @@ -0,0 +1,59 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E2_H__ +#define UTILITY_E2_H__ +#include "stdint.h" + +typedef struct _param_struct_t +{ + uint32_t var1; + uint32_t var2; +}param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e3_foo1(uint32_t target_fn_id, uint32_t msg_type, param_struct_t *p_struct_var, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e3_foo1(char* out_buff, param_struct_t *p_struct_var, char** retval); +uint32_t unmarshal_input_parameters_e2_foo1(uint32_t* var1, uint32_t* var2, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e2_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); + +#ifdef __cplusplus + } +#endif +#endif + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.config.xml new file mode 100644 index 0000000..d5fcaa4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.config.xml @@ -0,0 +1,12 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.cpp new file mode 100644 index 0000000..70e677d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.cpp @@ -0,0 +1,366 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +// Enclave3.cpp : Defines the exported functions for the DLL application +#include "sgx_eid.h" +#include "Enclave3_t.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E3.h" +#include "sgx_thread.h" +#include "sgx_dh.h" +#include + +#define UNUSED(val) (void)(val) + +std::mapg_src_session_info_map; + +static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, size_t param_lenth, char** resp_buffer, size_t* resp_length); + +//Function pointer table containing the list of functions that the enclave exposes +const struct { + size_t num_funcs; + const void* table[1]; +} func_table = { + 1, + { + (const void*)e3_foo1_wrapper, + } +}; + +//Makes use of the sample code function to establish a secure channel with the destination enclave +uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + dh_session_t dest_session_info; + //Core reference code function for creating a session + ke_status = create_session(src_enclave_id, dest_enclave_id,&dest_session_info); + if(ke_status == SUCCESS) + { + //Insert the session information into the map under the corresponding destination enclave id + g_src_session_info_map.insert(std::pair(dest_enclave_id, dest_session_info)); + } + memset(&dest_session_info, 0, sizeof(dh_session_t)); + return ke_status; +} + +//Makes use of the sample code function to do an enclave to enclave call (Test Vector) +uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + external_param_struct_t *p_struct_var, struct_var; + internal_param_struct_t internal_struct_var; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* retval; + + max_out_buff_size = 50; + msg_type = ENCLAVE_TO_ENCLAVE_CALL; + target_fn_id = 0; + internal_struct_var.ivar1 = 0x5; + internal_struct_var.ivar2 = 0x6; + struct_var.var1 = 0x3; + struct_var.var2 = 0x4; + struct_var.p_internal_struct = &internal_struct_var; + p_struct_var = &struct_var; + + size_t len_data = sizeof(struct_var) - sizeof(struct_var.p_internal_struct); + size_t len_ptr_data = sizeof(internal_struct_var); + + //Marshals the input parameters for calling function foo1 in Enclave1 into a input buffer + ke_status = marshal_input_parameters_e1_foo1(target_fn_id, msg_type, p_struct_var, len_data, + len_ptr_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + + if(ke_status != SUCCESS) + { + return ke_status; + } + + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, + marshalled_inp_buff, marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + ////Un-marshal the return value and output parameters from foo1 of Enclave1 + ke_status = unmarshal_retval_and_output_parameters_e1_foo1(out_buff, p_struct_var, &retval); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(retval); + return SUCCESS; +} + +//Makes use of the sample code function to do a generic secret message exchange (Test Vector) +uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + ATTESTATION_STATUS ke_status = SUCCESS; + uint32_t target_fn_id, msg_type; + char* marshalled_inp_buff; + size_t marshalled_inp_buff_len; + char* out_buff; + size_t out_buff_len; + dh_session_t *dest_session_info; + size_t max_out_buff_size; + char* secret_response; + uint32_t secret_data; + + target_fn_id = 0; + msg_type = MESSAGE_EXCHANGE; + max_out_buff_size = 50; + secret_data = 0x12345678; //Secret Data here is shown only for purpose of demonstration. + + //Marshals the parameters into a buffer + ke_status = marshal_message_exchange_request(target_fn_id, msg_type, secret_data, &marshalled_inp_buff, &marshalled_inp_buff_len); + if(ke_status != SUCCESS) + { + return ke_status; + } + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = &it->second; + } + else + { + SAFE_FREE(marshalled_inp_buff); + return INVALID_SESSION; + } + + //Core Reference Code function + ke_status = send_request_receive_response(src_enclave_id, dest_enclave_id, dest_session_info, marshalled_inp_buff, + marshalled_inp_buff_len, max_out_buff_size, &out_buff, &out_buff_len); + + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + //Un-marshal the secret response data + ke_status = umarshal_message_exchange_response(out_buff, &secret_response); + if(ke_status != SUCCESS) + { + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + return ke_status; + } + + SAFE_FREE(marshalled_inp_buff); + SAFE_FREE(out_buff); + SAFE_FREE(secret_response); + return SUCCESS; +} + + +//Makes use of the sample code function to close a current session +uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + dh_session_t dest_session_info; + ATTESTATION_STATUS ke_status = SUCCESS; + //Search the map for the session information associated with the destination enclave id passed in + std::map::iterator it = g_src_session_info_map.find(dest_enclave_id); + if(it != g_src_session_info_map.end()) + { + dest_session_info = it->second; + } + else + { + return NULL; + } + //Core reference code function for closing a session + ke_status = close_session(src_enclave_id, dest_enclave_id); + + //Erase the session information associated with the destination enclave id + g_src_session_info_map.erase(dest_enclave_id); + return ke_status; +} + +//Function that is used to verify the trust of the other enclave +//Each enclave can have its own way verifying the peer enclave identity +extern "C" uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity) +{ + if(!peer_enclave_identity) + { + return INVALID_PARAMETER_ERROR; + } + if(peer_enclave_identity->isv_prod_id != 0 || !(peer_enclave_identity->attributes.flags & SGX_FLAGS_INITTED)) + // || peer_enclave_identity->attributes.xfrm !=3)// || peer_enclave_identity->mr_signer != xx //TODO: To be hardcoded with values to check + { + return ENCLAVE_TRUST_ERROR; + } + else + { + return SUCCESS; + } +} + + +//Dispatch function that calls the approriate enclave function based on the function id +//Each enclave can have its own way of dispatching the calls from other enclave +extern "C" uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, + size_t decrypted_data_length, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t (*fn1)(ms_in_msg_exchange_t *ms, size_t, char**, size_t*); + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + if(ms->target_fn_id >= func_table.num_funcs) + { + return INVALID_PARAMETER_ERROR; + } + fn1 = (uint32_t (*)(ms_in_msg_exchange_t*, size_t, char**, size_t*))func_table.table[ms->target_fn_id]; + return fn1(ms, decrypted_data_length, resp_buffer, resp_length); +} + +//Operates on the input secret and generates the output secret +uint32_t get_message_exchange_response(uint32_t inp_secret_data) +{ + uint32_t secret_response; + + //User should use more complex encryption method to protect their secret, below is just a simple example + secret_response = inp_secret_data & 0x11111111; + + return secret_response; + +} +//Generates the response from the request message +extern "C" uint32_t message_exchange_response_generator(char* decrypted_data, + char** resp_buffer, + size_t* resp_length) +{ + ms_in_msg_exchange_t *ms; + uint32_t inp_secret_data; + uint32_t out_secret_data; + if(!decrypted_data || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + ms = (ms_in_msg_exchange_t *)decrypted_data; + + if(umarshal_message_exchange_request(&inp_secret_data,ms) != SUCCESS) + return ATTESTATION_ERROR; + + out_secret_data = get_message_exchange_response(inp_secret_data); + + if(marshal_message_exchange_response(resp_buffer, resp_length, out_secret_data) != SUCCESS) + return MALLOC_ERROR; + + return SUCCESS; + +} + + +static uint32_t e3_foo1(param_struct_t *p_struct_var) +{ + if(!p_struct_var) + { + return INVALID_PARAMETER_ERROR; + } + p_struct_var->var1++; + p_struct_var->var2++; + + return(p_struct_var->var1 * p_struct_var->var2); +} + +//Function which is executed on request from the source enclave +static uint32_t e3_foo1_wrapper(ms_in_msg_exchange_t *ms, + size_t param_lenth, + char** resp_buffer, + size_t* resp_length) +{ + UNUSED(param_lenth); + + uint32_t ret; + param_struct_t *p_struct_var; + if(!ms || !resp_length) + { + return INVALID_PARAMETER_ERROR; + } + p_struct_var = (param_struct_t*)malloc(sizeof(param_struct_t)); + if(!p_struct_var) + return MALLOC_ERROR; + + if(unmarshal_input_parameters_e3_foo1(p_struct_var, ms) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return ATTESTATION_ERROR; + } + + ret = e3_foo1(p_struct_var); + + if(marshal_retval_and_output_parameters_e3_foo1(resp_buffer, resp_length, ret, p_struct_var) != SUCCESS) + { + SAFE_FREE(p_struct_var); + return MALLOC_ERROR; + } + SAFE_FREE(p_struct_var); + return SUCCESS; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.edl new file mode 100644 index 0000000..a850546 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.edl @@ -0,0 +1,42 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + from "../LocalAttestationCode/LocalAttestationCode.edl" import *; + from "sgx_tstdc.edl" import *; + trusted{ + public uint32_t test_create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_enclave_to_enclave_call(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_message_exchange(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + public uint32_t test_close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.lds new file mode 100644 index 0000000..5dc1d0a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3.lds @@ -0,0 +1,10 @@ +Enclave3.so +{ + global: + g_global_data_sim; + g_global_data; + enclave_entry; + g_peak_heap_used; + local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3_private.pem new file mode 100644 index 0000000..b8ace89 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Enclave3_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph +BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H +XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU +trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA +uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf +yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU +vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE +zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw +ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F +I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13 +3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT +iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/ +oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko +UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN +r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q +4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5 +6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr +2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti +QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm +akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc +J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO +J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt +7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+ +5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A +IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv +HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk +6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+ +hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON +HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61 +gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I +D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF +gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg +EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI +TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx +qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy +UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI +9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/ +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.cpp new file mode 100644 index 0000000..0533cd5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.cpp @@ -0,0 +1,223 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_eid.h" +#include "EnclaveMessageExchange.h" +#include "error_codes.h" +#include "Utility_E3.h" +#include "stdlib.h" +#include "string.h" + +uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t param_len, ms_len; + char *temp_buff; + int* addr; + char* struct_data; + if(!p_struct_var || !marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + struct_data = (char*)p_struct_var; + temp_buff = (char*)malloc(len_data + len_ptr_data); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, struct_data, len_data); + addr = *(int **)(struct_data + len_data); + memcpy(temp_buff + len_data, addr, len_ptr_data); //can be optimized + param_len = len_data + len_ptr_data; + ms_len = sizeof(ms_in_msg_exchange_t) + param_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)param_len; + memcpy(&ms->inparam_buff, temp_buff, param_len); + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var) +{ + ms_out_msg_exchange_t *ms; + size_t ret_param_len, ms_len; + char *temp_buff; + size_t retval_len; + if(!resp_length || !p_struct_var) + return INVALID_PARAMETER_ERROR; + retval_len = sizeof(retval); + ret_param_len = sizeof(retval) + sizeof(param_struct_t); + temp_buff = (char*)malloc(ret_param_len); + if(!temp_buff) + return MALLOC_ERROR; + memcpy(temp_buff, &retval, sizeof(retval)); + memcpy(temp_buff + sizeof(retval), p_struct_var, sizeof(param_struct_t)); + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + { + SAFE_FREE(temp_buff); + return MALLOC_ERROR; + } + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, temp_buff, ret_param_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + SAFE_FREE(temp_buff); + return SUCCESS; +} + +uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!pstruct || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != (sizeof(pstruct->var1) + sizeof(pstruct->var2))) + return ATTESTATION_ERROR; + + memcpy(&pstruct->var1, buff, sizeof(pstruct->var1)); + memcpy(&pstruct->var2, buff + sizeof(pstruct->var1), sizeof(pstruct->var2)); + + return SUCCESS; +} + + +uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff || !p_struct_var) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *retval = (char*)malloc(retval_len); + if(!*retval) + { + return MALLOC_ERROR; + } + memcpy(*retval, ms->ret_outparam_buff, retval_len); + memcpy(&p_struct_var->var1, (ms->ret_outparam_buff) + retval_len, sizeof(p_struct_var->var1)); + memcpy(&p_struct_var->var2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1), sizeof(p_struct_var->var2)); + memcpy(&p_struct_var->p_internal_struct->ivar1, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2), sizeof(p_struct_var->p_internal_struct->ivar1)); + memcpy(&p_struct_var->p_internal_struct->ivar2, (ms->ret_outparam_buff) + retval_len + sizeof(p_struct_var->var1)+ sizeof(p_struct_var->var2) + sizeof(p_struct_var->p_internal_struct->ivar1), sizeof(p_struct_var->p_internal_struct->ivar2)); + return SUCCESS; +} + + +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len) +{ + ms_in_msg_exchange_t *ms; + size_t secret_data_len, ms_len; + if(!marshalled_buff_len) + return INVALID_PARAMETER_ERROR; + secret_data_len = sizeof(secret_data); + ms_len = sizeof(ms_in_msg_exchange_t) + secret_data_len; + ms = (ms_in_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + + ms->msg_type = msg_type; + ms->target_fn_id = target_fn_id; + ms->inparam_buff_len = (uint32_t)secret_data_len; + memcpy(&ms->inparam_buff, &secret_data, secret_data_len); + + *marshalled_buff = (char*)ms; + *marshalled_buff_len = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms) +{ + char* buff; + size_t len; + if(!inp_secret_data || !ms) + return INVALID_PARAMETER_ERROR; + buff = ms->inparam_buff; + len = ms->inparam_buff_len; + + if(len != sizeof(uint32_t)) + return ATTESTATION_ERROR; + + memcpy(inp_secret_data, buff, sizeof(uint32_t)); + + return SUCCESS; +} + +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response) +{ + ms_out_msg_exchange_t *ms; + size_t secret_response_len, ms_len; + size_t retval_len, ret_param_len; + if(!resp_length) + return INVALID_PARAMETER_ERROR; + secret_response_len = sizeof(secret_response); + retval_len = secret_response_len; + ret_param_len = secret_response_len; + ms_len = sizeof(ms_out_msg_exchange_t) + ret_param_len; + ms = (ms_out_msg_exchange_t *)malloc(ms_len); + if(!ms) + return MALLOC_ERROR; + ms->retval_len = (uint32_t)retval_len; + ms->ret_outparam_buff_len = (uint32_t)ret_param_len; + memcpy(&ms->ret_outparam_buff, &secret_response, secret_response_len); + *resp_buffer = (char*)ms; + *resp_length = ms_len; + return SUCCESS; +} + +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response) +{ + size_t retval_len; + ms_out_msg_exchange_t *ms; + if(!out_buff) + return INVALID_PARAMETER_ERROR; + ms = (ms_out_msg_exchange_t *)out_buff; + retval_len = ms->retval_len; + *secret_response = (char*)malloc(retval_len); + if(!*secret_response) + { + return MALLOC_ERROR; + } + memcpy(*secret_response, ms->ret_outparam_buff, retval_len); + return SUCCESS; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.h new file mode 100644 index 0000000..69327b4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Enclave3/Utility_E3.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef UTILITY_E3_H__ +#define UTILITY_E3_H__ + +#include "stdint.h" + + +typedef struct _internal_param_struct_t +{ + uint32_t ivar1; + uint32_t ivar2; +}internal_param_struct_t; + +typedef struct _external_param_struct_t +{ + uint32_t var1; + uint32_t var2; + internal_param_struct_t *p_internal_struct; +}external_param_struct_t; + +typedef struct _param_struct_t +{ + uint32_t var1; + uint32_t var2; +}param_struct_t; + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t marshal_input_parameters_e1_foo1(uint32_t target_fn_id, uint32_t msg_type, external_param_struct_t *p_struct_var, size_t len_data, size_t len_ptr_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t unmarshal_retval_and_output_parameters_e1_foo1(char* out_buff, external_param_struct_t *p_struct_var, char** retval); +uint32_t unmarshal_input_parameters_e3_foo1(param_struct_t *pstruct, ms_in_msg_exchange_t* ms); +uint32_t marshal_retval_and_output_parameters_e3_foo1(char** resp_buffer, size_t* resp_length, uint32_t retval, param_struct_t *p_struct_var); +uint32_t marshal_message_exchange_request(uint32_t target_fn_id, uint32_t msg_type, uint32_t secret_data, char** marshalled_buff, size_t* marshalled_buff_len); +uint32_t umarshal_message_exchange_request(uint32_t* inp_secret_data, ms_in_msg_exchange_t* ms); +uint32_t marshal_message_exchange_response(char** resp_buffer, size_t* resp_length, uint32_t secret_response); +uint32_t umarshal_message_exchange_response(char* out_buff, char** secret_response); + +#ifdef __cplusplus + } +#endif +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Include/dh_session_protocol.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Include/dh_session_protocol.h new file mode 100644 index 0000000..7257b1f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Include/dh_session_protocol.h @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef _DH_SESSION_PROROCOL_H +#define _DH_SESSION_PROROCOL_H + +#include "sgx_ecp_types.h" +#include "sgx_key.h" +#include "sgx_report.h" +#include "sgx_attributes.h" + +#define NONCE_SIZE 16 +#define MAC_SIZE 16 + +#define MSG_BUF_LEN sizeof(ec_pub_t)*2 +#define MSG_HASH_SZ 32 + + +//Session information structure +typedef struct _la_dh_session_t +{ + uint32_t session_id; //Identifies the current session + uint32_t status; //Indicates session is in progress, active or closed + union + { + struct + { + sgx_dh_session_t dh_session; + }in_progress; + + struct + { + sgx_key_128bit_t AEK; //Session Key + uint32_t counter; //Used to store Message Sequence Number + }active; + }; +} dh_session_t; + + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.cpp new file mode 100644 index 0000000..d123b63 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.cpp @@ -0,0 +1,760 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_trts.h" +#include "sgx_utils.h" +#include "EnclaveMessageExchange.h" +#include "sgx_eid.h" +#include "error_codes.h" +#include "sgx_ecp_types.h" +#include "sgx_thread.h" +#include +#include "dh_session_protocol.h" +#include "sgx_dh.h" +#include "sgx_tcrypto.h" +#include "LocalAttestationCode_t.h" + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t enclave_to_enclave_call_dispatcher(char* decrypted_data, size_t decrypted_data_length, char** resp_buffer, size_t* resp_length); +uint32_t message_exchange_response_generator(char* decrypted_data, char** resp_buffer, size_t* resp_length); +uint32_t verify_peer_enclave_trust(sgx_dh_session_enclave_identity_t* peer_enclave_identity); + +#ifdef __cplusplus +} +#endif + +#define MAX_SESSION_COUNT 16 + +//number of open sessions +uint32_t g_session_count = 0; + +ATTESTATION_STATUS generate_session_id(uint32_t *session_id); +ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id); + +//Array of open session ids +session_id_tracker_t *g_session_id_tracker[MAX_SESSION_COUNT]; + +//Map between the source enclave id and the session information associated with that particular session +std::mapg_dest_session_info_map; + +//Create a session with the destination enclave +ATTESTATION_STATUS create_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id, + dh_session_t *session_info) +{ + ocall_print_string("[ECALL] create_session()\n"); + sgx_dh_msg1_t dh_msg1; //Diffie-Hellman Message 1 + sgx_key_128bit_t dh_aek; // Session Key + sgx_dh_msg2_t dh_msg2; //Diffie-Hellman Message 2 + sgx_dh_msg3_t dh_msg3; //Diffie-Hellman Message 3 + uint32_t session_id; + uint32_t retstatus; + sgx_status_t status = SGX_SUCCESS; + sgx_dh_session_t sgx_dh_session; + sgx_dh_session_enclave_identity_t responder_identity; + // for exchange report + // ATTESTATION_STATUS status = SUCCESS; + sgx_dh_session_enclave_identity_t initiator_identity; + + if(!session_info) + { + return INVALID_PARAMETER_ERROR; + } + + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + memset(&dh_msg1, 0, sizeof(sgx_dh_msg1_t)); + memset(&dh_msg2, 0, sizeof(sgx_dh_msg2_t)); + memset(&dh_msg3, 0, sizeof(sgx_dh_msg3_t)); + memset(session_info, 0, sizeof(dh_session_t)); + + //Intialize the session as a session responder + ocall_print_string("[ECALL] Initializing the session as session responder...\n"); + status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + return status; + } + + //get a new SessionID + ocall_print_string("[ECALL] Getting a new SessionID\n"); + if ((status = (sgx_status_t)generate_session_id(&session_id)) != SUCCESS) + return status; //no more sessions available + + //Allocate memory for the session id tracker + g_session_id_tracker[session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t)); + if(!g_session_id_tracker[session_id]) + { + return MALLOC_ERROR; + } + + memset(g_session_id_tracker[session_id], 0, sizeof(session_id_tracker_t)); + g_session_id_tracker[session_id]->session_id = session_id; + session_info->status = IN_PROGRESS; + + //Generate Message1 that will be returned to Source Enclave + ocall_print_string("[ECALL] Generating message1 that will be passed to session initiator\n"); + status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)&dh_msg1, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + SAFE_FREE(g_session_id_tracker[session_id]); + return status; + } + + memcpy(&session_info->in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t)); + //Store the session information under the correspoding source enlave id key + g_dest_session_info_map.insert(std::pair(0, *session_info)); + + // pass session id and msg1 to shared memory + // ocall_print_string("Entering session_request_ocall for IPC\n"); + status = session_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg1, &session_id); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + + // starts report exchange + + //first retrieve msg2 from initiator + status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, NULL, session_id); + + dh_msg3.msg3_body.additional_prop_length = 0; + //Process message 2 from source enclave and obtain message 3 + ocall_print_string("[ECALL] Processing message2 from Enclave1(Initiator) and obtain message3\n"); + sgx_status_t se_ret = sgx_dh_responder_proc_msg2(&dh_msg2, + &dh_msg3, + &sgx_dh_session, + &dh_aek, + &initiator_identity); + + if(SGX_SUCCESS != se_ret) + { + status = se_ret; + return status; + } + + //Verify source enclave's trust + ocall_print_string("[ECALL] Verifying Enclave1(Initiator)'s trust\n"); + if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS) + { + return INVALID_SESSION; + } + + status = exchange_report_ocall(&retstatus, src_enclave_id, dest_enclave_id, &dh_msg2, &dh_msg3, session_id); + + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + + return status; +} + +//Handle the request from Source Enclave for a session +ATTESTATION_STATUS session_request(sgx_enclave_id_t src_enclave_id, + sgx_dh_msg1_t *dh_msg1, + uint32_t *session_id ) +{ + ocall_print_string("Testing session_request()\n"); + dh_session_t session_info; + sgx_dh_session_t sgx_dh_session; + sgx_status_t status = SGX_SUCCESS; + + if(!session_id || !dh_msg1) + { + return INVALID_PARAMETER_ERROR; + } + //Intialize the session as a session responder + status = sgx_dh_init_session(SGX_DH_SESSION_RESPONDER, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + return status; + } + + //get a new SessionID + if ((status = (sgx_status_t)generate_session_id(session_id)) != SUCCESS) + return status; //no more sessions available + + //Allocate memory for the session id tracker + g_session_id_tracker[*session_id] = (session_id_tracker_t *)malloc(sizeof(session_id_tracker_t)); + if(!g_session_id_tracker[*session_id]) + { + return MALLOC_ERROR; + } + + memset(g_session_id_tracker[*session_id], 0, sizeof(session_id_tracker_t)); + g_session_id_tracker[*session_id]->session_id = *session_id; + session_info.status = IN_PROGRESS; + + //Generate Message1 that will be returned to Source Enclave + status = sgx_dh_responder_gen_msg1((sgx_dh_msg1_t*)dh_msg1, &sgx_dh_session); + if(SGX_SUCCESS != status) + { + SAFE_FREE(g_session_id_tracker[*session_id]); + return status; + } + memcpy(&session_info.in_progress.dh_session, &sgx_dh_session, sizeof(sgx_dh_session_t)); + //Store the session information under the correspoding source enlave id key + g_dest_session_info_map.insert(std::pair(src_enclave_id, session_info)); + + return status; +} + +//Verify Message 2, generate Message3 and exchange Message 3 with Source Enclave +ATTESTATION_STATUS exchange_report(sgx_enclave_id_t src_enclave_id, + sgx_dh_msg2_t *dh_msg2, + sgx_dh_msg3_t *dh_msg3, + uint32_t session_id) +{ + + sgx_key_128bit_t dh_aek; // Session key + dh_session_t *session_info; + ATTESTATION_STATUS status = SUCCESS; + sgx_dh_session_t sgx_dh_session; + sgx_dh_session_enclave_identity_t initiator_identity; + + if(!dh_msg2 || !dh_msg3) + { + return INVALID_PARAMETER_ERROR; + } + + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + do + { + //Retreive the session information for the corresponding source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = &it->second; + } + else + { + status = INVALID_SESSION; + break; + } + + if(session_info->status != IN_PROGRESS) + { + status = INVALID_SESSION; + break; + } + + memcpy(&sgx_dh_session, &session_info->in_progress.dh_session, sizeof(sgx_dh_session_t)); + + dh_msg3->msg3_body.additional_prop_length = 0; + //Process message 2 from source enclave and obtain message 3 + sgx_status_t se_ret = sgx_dh_responder_proc_msg2(dh_msg2, + dh_msg3, + &sgx_dh_session, + &dh_aek, + &initiator_identity); + if(SGX_SUCCESS != se_ret) + { + status = se_ret; + break; + } + + //Verify source enclave's trust + if(verify_peer_enclave_trust(&initiator_identity) != SUCCESS) + { + return INVALID_SESSION; + } + + //save the session ID, status and initialize the session nonce + session_info->session_id = session_id; + session_info->status = ACTIVE; + session_info->active.counter = 0; + memcpy(session_info->active.AEK, &dh_aek, sizeof(sgx_key_128bit_t)); + memset(&dh_aek,0, sizeof(sgx_key_128bit_t)); + g_session_count++; + }while(0); + + if(status != SUCCESS) + { + end_session(src_enclave_id); + } + + return status; +} + +//Request for the response size, send the request message to the destination enclave and receive the response message back +ATTESTATION_STATUS send_request_receive_response(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id, + dh_session_t *session_info, + char *inp_buff, + size_t inp_buff_len, + size_t max_out_buff_size, + char **out_buff, + size_t* out_buff_len) +{ + const uint8_t* plaintext; + uint32_t plaintext_length; + sgx_status_t status; + uint32_t retstatus; + secure_message_t* req_message; + secure_message_t* resp_message; + uint8_t *decrypted_data; + uint32_t decrypted_data_length; + uint32_t plain_text_offset; + uint8_t l_tag[TAG_SIZE]; + size_t max_resp_message_length; + plaintext = (const uint8_t*)(" "); + plaintext_length = 0; + + if(!session_info || !inp_buff) + { + return INVALID_PARAMETER_ERROR; + } + //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session + if(session_info->active.counter == ((uint32_t) - 2)) + { + close_session(src_enclave_id, dest_enclave_id); + create_session(src_enclave_id, dest_enclave_id, session_info); + } + + //Allocate memory for the AES-GCM request message + req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ inp_buff_len); + if(!req_message) + { + return MALLOC_ERROR; + } + + memset(req_message,0,sizeof(secure_message_t)+ inp_buff_len); + const uint32_t data2encrypt_length = (uint32_t)inp_buff_len; + //Set the payload size to data to encrypt length + req_message->message_aes_gcm_data.payload_size = data2encrypt_length; + + //Use the session nonce as the payload IV + memcpy(req_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter)); + + //Set the session ID of the message to the current session id + req_message->session_id = session_info->session_id; + + //Prepare the request message with the encrypted payload + status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)inp_buff, data2encrypt_length, + reinterpret_cast(&(req_message->message_aes_gcm_data.payload)), + reinterpret_cast(&(req_message->message_aes_gcm_data.reserved)), + sizeof(req_message->message_aes_gcm_data.reserved), plaintext, plaintext_length, + &(req_message->message_aes_gcm_data.payload_tag)); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(req_message); + return status; + } + + //Allocate memory for the response payload to be copied + *out_buff = (char*)malloc(max_out_buff_size); + if(!*out_buff) + { + SAFE_FREE(req_message); + return MALLOC_ERROR; + } + + memset(*out_buff, 0, max_out_buff_size); + + //Allocate memory for the response message + resp_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ max_out_buff_size); + if(!resp_message) + { + SAFE_FREE(req_message); + return MALLOC_ERROR; + } + + memset(resp_message, 0, sizeof(secure_message_t)+ max_out_buff_size); + + //Ocall to send the request to the Destination Enclave and get the response message back + status = send_request_ocall(&retstatus, src_enclave_id, dest_enclave_id, req_message, + (sizeof(secure_message_t)+ inp_buff_len), max_out_buff_size, + resp_message, (sizeof(secure_message_t)+ max_out_buff_size)); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return ((ATTESTATION_STATUS)retstatus); + } + } + else + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return ATTESTATION_SE_ERROR; + } + + max_resp_message_length = sizeof(secure_message_t)+ max_out_buff_size; + + if(sizeof(resp_message) > max_resp_message_length) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return INVALID_PARAMETER_ERROR; + } + + //Code to process the response message from the Destination Enclave + + decrypted_data_length = resp_message->message_aes_gcm_data.payload_size; + plain_text_offset = decrypted_data_length; + decrypted_data = (uint8_t*)malloc(decrypted_data_length); + if(!decrypted_data) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return MALLOC_ERROR; + } + memset(&l_tag, 0, 16); + + memset(decrypted_data, 0, decrypted_data_length); + + //Decrypt the response message payload + status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, resp_message->message_aes_gcm_data.payload, + decrypted_data_length, decrypted_data, + reinterpret_cast(&(resp_message->message_aes_gcm_data.reserved)), + sizeof(resp_message->message_aes_gcm_data.reserved), &(resp_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length, + &resp_message->message_aes_gcm_data.payload_tag); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(req_message); + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_message); + return status; + } + + // Verify if the nonce obtained in the response is equal to the session nonce + 1 (Prevents replay attacks) + if(*(resp_message->message_aes_gcm_data.reserved) != (session_info->active.counter + 1 )) + { + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + SAFE_FREE(decrypted_data); + return INVALID_PARAMETER_ERROR; + } + + //Update the value of the session nonce in the source enclave + session_info->active.counter = session_info->active.counter + 1; + + memcpy(out_buff_len, &decrypted_data_length, sizeof(decrypted_data_length)); + memcpy(*out_buff, decrypted_data, decrypted_data_length); + + SAFE_FREE(decrypted_data); + SAFE_FREE(req_message); + SAFE_FREE(resp_message); + return SUCCESS; + + +} + +//Process the request from the Source enclave and send the response message back to the Source enclave +ATTESTATION_STATUS generate_response(sgx_enclave_id_t src_enclave_id, + secure_message_t* req_message, + size_t req_message_size, + size_t max_payload_size, + secure_message_t* resp_message, + size_t resp_message_size) +{ + const uint8_t* plaintext; + uint32_t plaintext_length; + uint8_t *decrypted_data; + uint32_t decrypted_data_length; + uint32_t plain_text_offset; + ms_in_msg_exchange_t * ms; + size_t resp_data_length; + size_t resp_message_calc_size; + char* resp_data; + uint8_t l_tag[TAG_SIZE]; + size_t header_size, expected_payload_size; + dh_session_t *session_info; + secure_message_t* temp_resp_message; + uint32_t ret; + sgx_status_t status; + + plaintext = (const uint8_t*)(" "); + plaintext_length = 0; + + if(!req_message || !resp_message) + { + return INVALID_PARAMETER_ERROR; + } + + //Get the session information from the map corresponding to the source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = &it->second; + } + else + { + return INVALID_SESSION; + } + + if(session_info->status != ACTIVE) + { + return INVALID_SESSION; + } + + //Set the decrypted data length to the payload size obtained from the message + decrypted_data_length = req_message->message_aes_gcm_data.payload_size; + + header_size = sizeof(secure_message_t); + expected_payload_size = req_message_size - header_size; + + //Verify the size of the payload + if(expected_payload_size != decrypted_data_length) + return INVALID_PARAMETER_ERROR; + + memset(&l_tag, 0, 16); + plain_text_offset = decrypted_data_length; + decrypted_data = (uint8_t*)malloc(decrypted_data_length); + if(!decrypted_data) + { + return MALLOC_ERROR; + } + + memset(decrypted_data, 0, decrypted_data_length); + + //Decrypt the request message payload from source enclave + status = sgx_rijndael128GCM_decrypt(&session_info->active.AEK, req_message->message_aes_gcm_data.payload, + decrypted_data_length, decrypted_data, + reinterpret_cast(&(req_message->message_aes_gcm_data.reserved)), + sizeof(req_message->message_aes_gcm_data.reserved), &(req_message->message_aes_gcm_data.payload[plain_text_offset]), plaintext_length, + &req_message->message_aes_gcm_data.payload_tag); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(decrypted_data); + return status; + } + + //Casting the decrypted data to the marshaling structure type to obtain type of request (generic message exchange/enclave to enclave call) + ms = (ms_in_msg_exchange_t *)decrypted_data; + + + // Verify if the nonce obtained in the request is equal to the session nonce + if((uint32_t)*(req_message->message_aes_gcm_data.reserved) != session_info->active.counter || *(req_message->message_aes_gcm_data.reserved) > ((2^32)-2)) + { + SAFE_FREE(decrypted_data); + return INVALID_PARAMETER_ERROR; + } + + if(ms->msg_type == MESSAGE_EXCHANGE) + { + //Call the generic secret response generator for message exchange + ret = message_exchange_response_generator((char*)decrypted_data, &resp_data, &resp_data_length); + if(ret !=0) + { + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + return INVALID_SESSION; + } + } + else if(ms->msg_type == ENCLAVE_TO_ENCLAVE_CALL) + { + //Call the destination enclave's dispatcher to call the appropriate function in the destination enclave + ret = enclave_to_enclave_call_dispatcher((char*)decrypted_data, decrypted_data_length, &resp_data, &resp_data_length); + if(ret !=0) + { + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + return INVALID_SESSION; + } + } + else + { + SAFE_FREE(decrypted_data); + return INVALID_REQUEST_TYPE_ERROR; + } + + + if(resp_data_length > max_payload_size) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return OUT_BUFFER_LENGTH_ERROR; + } + + resp_message_calc_size = sizeof(secure_message_t)+ resp_data_length; + + if(resp_message_calc_size > resp_message_size) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return OUT_BUFFER_LENGTH_ERROR; + } + + //Code to build the response back to the Source Enclave + temp_resp_message = (secure_message_t*)malloc(resp_message_calc_size); + if(!temp_resp_message) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + return MALLOC_ERROR; + } + + memset(temp_resp_message,0,sizeof(secure_message_t)+ resp_data_length); + const uint32_t data2encrypt_length = (uint32_t)resp_data_length; + temp_resp_message->session_id = session_info->session_id; + temp_resp_message->message_aes_gcm_data.payload_size = data2encrypt_length; + + //Increment the Session Nonce (Replay Protection) + session_info->active.counter = session_info->active.counter + 1; + + //Set the response nonce as the session nonce + memcpy(&temp_resp_message->message_aes_gcm_data.reserved,&session_info->active.counter,sizeof(session_info->active.counter)); + + //Prepare the response message with the encrypted payload + status = sgx_rijndael128GCM_encrypt(&session_info->active.AEK, (uint8_t*)resp_data, data2encrypt_length, + reinterpret_cast(&(temp_resp_message->message_aes_gcm_data.payload)), + reinterpret_cast(&(temp_resp_message->message_aes_gcm_data.reserved)), + sizeof(temp_resp_message->message_aes_gcm_data.reserved), plaintext, plaintext_length, + &(temp_resp_message->message_aes_gcm_data.payload_tag)); + + if(SGX_SUCCESS != status) + { + SAFE_FREE(resp_data); + SAFE_FREE(decrypted_data); + SAFE_FREE(temp_resp_message); + return status; + } + + memset(resp_message, 0, sizeof(secure_message_t)+ resp_data_length); + memcpy(resp_message, temp_resp_message, sizeof(secure_message_t)+ resp_data_length); + + SAFE_FREE(decrypted_data); + SAFE_FREE(resp_data); + SAFE_FREE(temp_resp_message); + + return SUCCESS; +} + +//Close a current session +ATTESTATION_STATUS close_session(sgx_enclave_id_t src_enclave_id, + sgx_enclave_id_t dest_enclave_id) +{ + sgx_status_t status; + + uint32_t retstatus; + + //Ocall to ask the destination enclave to end the session + status = end_session_ocall(&retstatus, src_enclave_id, dest_enclave_id); + if (status == SGX_SUCCESS) + { + if ((ATTESTATION_STATUS)retstatus != SUCCESS) + return ((ATTESTATION_STATUS)retstatus); + } + else + { + return ATTESTATION_SE_ERROR; + } + return SUCCESS; +} + +//Respond to the request from the Source Enclave to close the session +ATTESTATION_STATUS end_session(sgx_enclave_id_t src_enclave_id) +{ + ATTESTATION_STATUS status = SUCCESS; + int i; + dh_session_t session_info; + uint32_t session_id; + + //Get the session information from the map corresponding to the source enclave id + std::map::iterator it = g_dest_session_info_map.find(src_enclave_id); + if(it != g_dest_session_info_map.end()) + { + session_info = it->second; + } + else + { + return INVALID_SESSION; + } + + session_id = session_info.session_id; + //Erase the session information for the current session + g_dest_session_info_map.erase(src_enclave_id); + + //Update the session id tracker + if (g_session_count > 0) + { + //check if session exists + for (i=1; i <= MAX_SESSION_COUNT; i++) + { + if(g_session_id_tracker[i-1] != NULL && g_session_id_tracker[i-1]->session_id == session_id) + { + memset(g_session_id_tracker[i-1], 0, sizeof(session_id_tracker_t)); + SAFE_FREE(g_session_id_tracker[i-1]); + g_session_count--; + break; + } + } + } + + return status; + +} + + +//Returns a new sessionID for the source destination session +ATTESTATION_STATUS generate_session_id(uint32_t *session_id) +{ + ATTESTATION_STATUS status = SUCCESS; + + if(!session_id) + { + return INVALID_PARAMETER_ERROR; + } + //if the session structure is untintialized, set that as the next session ID + for (int i = 0; i < MAX_SESSION_COUNT; i++) + { + if (g_session_id_tracker[i] == NULL) + { + *session_id = i; + return status; + } + } + + status = NO_AVAILABLE_SESSION_ERROR; + + return status; + +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.h new file mode 100644 index 0000000..1d8a56c --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/EnclaveMessageExchange.h @@ -0,0 +1,54 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "datatypes.h" +#include "sgx_eid.h" +#include "sgx_trts.h" +#include +#include "dh_session_protocol.h" + +#ifndef LOCALATTESTATION_H_ +#define LOCALATTESTATION_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info); +uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len); +uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/LocalAttestationCode.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/LocalAttestationCode.edl new file mode 100644 index 0000000..58f3478 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/LocalAttestationCode.edl @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +enclave { + include "sgx_eid.h" + include "datatypes.h" + include "../Include/dh_session_protocol.h" + trusted{ + public uint32_t session_request(sgx_enclave_id_t src_enclave_id, [out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id); + public uint32_t exchange_report(sgx_enclave_id_t src_enclave_id, [in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); + public uint32_t generate_response(sgx_enclave_id_t src_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size ); + public uint32_t end_session(sgx_enclave_id_t src_enclave_id); + }; + + untrusted{ + uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg1_t *dh_msg1,[in, out] uint32_t *session_id); + uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, out] sgx_dh_msg2_t *dh_msg2, [in, out] sgx_dh_msg3_t *dh_msg3, uint32_t session_id); + uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, [in, size = req_message_size] secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, [out, size=resp_message_size] secure_message_t* resp_message, size_t resp_message_size); + uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); + void ocall_print_string([in, string] const char *str); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/datatypes.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/datatypes.h new file mode 100644 index 0000000..6382ea1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/datatypes.h @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#include "sgx_report.h" +#include "sgx_eid.h" +#include "sgx_ecp_types.h" +#include "sgx_dh.h" +#include "sgx_tseal.h" + +#ifndef DATATYPES_H_ +#define DATATYPES_H_ + +#define DH_KEY_SIZE 20 +#define NONCE_SIZE 16 +#define MAC_SIZE 16 +#define MAC_KEY_SIZE 16 +#define PADDING_SIZE 16 + +#define TAG_SIZE 16 +#define IV_SIZE 12 + +#define DERIVE_MAC_KEY 0x0 +#define DERIVE_SESSION_KEY 0x1 +#define DERIVE_VK1_KEY 0x3 +#define DERIVE_VK2_KEY 0x4 + +#define CLOSED 0x0 +#define IN_PROGRESS 0x1 +#define ACTIVE 0x2 + +#define MESSAGE_EXCHANGE 0x0 +#define ENCLAVE_TO_ENCLAVE_CALL 0x1 + +#define INVALID_ARGUMENT -2 ///< Invalid function argument +#define LOGIC_ERROR -3 ///< Functional logic error +#define FILE_NOT_FOUND -4 ///< File not found + +#define SAFE_FREE(ptr) {if (NULL != (ptr)) {free(ptr); (ptr)=NULL;}} + +#define VMC_ATTRIBUTE_MASK 0xFFFFFFFFFFFFFFCB + +typedef uint8_t dh_nonce[NONCE_SIZE]; +typedef uint8_t cmac_128[MAC_SIZE]; + +#pragma pack(push, 1) + +//Format of the AES-GCM message being exchanged between the source and the destination enclaves +typedef struct _secure_message_t +{ + uint32_t session_id; //Session ID identifyting the session to which the message belongs + sgx_aes_gcm_data_t message_aes_gcm_data; +}secure_message_t; + +//Format of the input function parameter structure +typedef struct _ms_in_msg_exchange_t { + uint32_t msg_type; //Type of Call E2E or general message exchange + uint32_t target_fn_id; //Function Id to be called in Destination. Is valid only when msg_type=ENCLAVE_TO_ENCLAVE_CALL + uint32_t inparam_buff_len; //Length of the serialized input parameters + char inparam_buff[]; //Serialized input parameters +} ms_in_msg_exchange_t; + +//Format of the return value and output function parameter structure +typedef struct _ms_out_msg_exchange_t { + uint32_t retval_len; //Length of the return value + uint32_t ret_outparam_buff_len; //Length of the serialized return value and output parameters + char ret_outparam_buff[]; //Serialized return value and output parameters +} ms_out_msg_exchange_t; + +//Session Tracker to generate session ids +typedef struct _session_id_tracker_t +{ + uint32_t session_id; +}session_id_tracker_t; + +#pragma pack(pop) + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/error_codes.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/error_codes.h new file mode 100644 index 0000000..0bca4c0 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/LocalAttestationCode/error_codes.h @@ -0,0 +1,53 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +#ifndef ERROR_CODES_H_ +#define ERROR_CODES_H_ + +typedef uint32_t ATTESTATION_STATUS; + +#define SUCCESS 0x00 +#define INVALID_PARAMETER 0xE1 +#define VALID_SESSION 0xE2 +#define INVALID_SESSION 0xE3 +#define ATTESTATION_ERROR 0xE4 +#define ATTESTATION_SE_ERROR 0xE5 +#define IPP_ERROR 0xE6 +#define NO_AVAILABLE_SESSION_ERROR 0xE7 +#define MALLOC_ERROR 0xE8 +#define ERROR_TAG_MISMATCH 0xE9 +#define OUT_BUFFER_LENGTH_ERROR 0xEA +#define INVALID_REQUEST_TYPE_ERROR 0xEB +#define INVALID_PARAMETER_ERROR 0xEC +#define ENCLAVE_TRUST_ERROR 0xED +#define ENCRYPT_DECRYPT_ERROR 0xEE +#define DUPLICATE_SESSION 0xEF +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Makefile new file mode 100644 index 0000000..a90c857 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Makefile @@ -0,0 +1,346 @@ +# +# Copyright (C) 2011-2018 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= HW +SGX_ARCH ?= x64 +SGX_DEBUG ?= 1 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## Library Settings ######## + +Trust_Lib_Name := libLocalAttestation_Trusted.a +TrustLib_Cpp_Files := $(wildcard LocalAttestationCode/*.cpp) +TrustLib_Cpp_Objects := $(TrustLib_Cpp_Files:.cpp=.o) +TrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I$(SGX_SDK)/include/epid -I./Include +TrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(TrustLib_Include_Paths) +TrustLib_Compile_Cxx_Flags := -std=c++11 -nostdinc++ + +UnTrustLib_Name := libLocalAttestation_unTrusted.a +UnTrustLib_Cpp_Files := $(wildcard Untrusted_LocalAttestation/*.cpp) +UnTrustLib_Cpp_Objects := $(UnTrustLib_Cpp_Files:.cpp=.o) +UnTrustLib_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode +UnTrustLib_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -std=c++11 $(UnTrustLib_Include_Paths) + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +App_Cpp_Files := $(wildcard App/*.cpp) +App_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/ippcp -I./Include -I./LocalAttestationCode + +App_Compile_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_Compile_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_Compile_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_Compile_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lpthread -lLocalAttestation_unTrusted + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) +App_Name := app + +######## Enclave Settings ######## + +Enclave1_Version_Script := Enclave1/Enclave1.lds +Enclave2_Version_Script := Enclave2/Enclave2.lds +Enclave3_Version_Script := Enclave3/Enclave3.lds + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +Enclave_Cpp_Files_1 := $(wildcard Enclave1/*.cpp) +Enclave_Cpp_Files_2 := $(wildcard Enclave2/*.cpp) +Enclave_Cpp_Files_3 := $(wildcard Enclave3/*.cpp) +Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/libcxx -I./LocalAttestationCode -I./Include + +CC_BELOW_4_9 := $(shell expr "`$(CC) -dumpversion`" \< "4.9") +ifeq ($(CC_BELOW_4_9), 1) + Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector +else + Enclave_Compile_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -ffunction-sections -fdata-sections -fstack-protector-strong +endif + +Enclave_Compile_Flags += $(Enclave_Include_Paths) + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. +Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -L. -lLocalAttestation_Trusted -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 -Wl,--gc-sections +Enclave1_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave1_Version_Script) +Enclave2_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave2_Version_Script) +Enclave3_Link_Flags := $(Common_Enclave_Link_Flags) -Wl,--version-script=$(Enclave3_Version_Script) + +Enclave_Cpp_Objects_1 := $(Enclave_Cpp_Files_1:.cpp=.o) +Enclave_Cpp_Objects_2 := $(Enclave_Cpp_Files_2:.cpp=.o) +Enclave_Cpp_Objects_3 := $(Enclave_Cpp_Files_3:.cpp=.o) + +Enclave_Name_1 := libenclave1.so +Enclave_Name_2 := libenclave2.so +Enclave_Name_3 := libenclave3.so + +ifeq ($(SGX_MODE), HW) +ifeq ($(SGX_DEBUG), 1) + Build_Mode = HW_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = HW_PRERELEASE +else + Build_Mode = HW_RELEASE +endif +else +ifeq ($(SGX_DEBUG), 1) + Build_Mode = SIM_DEBUG +else ifeq ($(SGX_PRERELEASE), 1) + Build_Mode = SIM_PRERELEASE +else + Build_Mode = SIM_RELEASE +endif +endif + +ifeq ($(Build_Mode), HW_RELEASE) +all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) Enclave1.so Enclave2.so Enclave3.so $(App_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the enclaves (Enclave1.so, Enclave2.so, Enclave3.so) first with your signing keys before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclaves use the following commands:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave1.so -out <$(Enclave_Name_1)> -config Enclave1/Enclave1.config.xml" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave2.so -out <$(Enclave_Name_2)> -config Enclave2/Enclave2.config.xml" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave Enclave3.so -out <$(Enclave_Name_3)> -config Enclave3/Enclave3.config.xml" + @echo "You can also sign the enclaves using an external signing tool." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: .config_$(Build_Mode)_$(SGX_ARCH) $(Trust_Lib_Name) $(UnTrustLib_Name) $(Enclave_Name_1) $(Enclave_Name_2) $(Enclave_Name_3) $(App_Name) +ifeq ($(Build_Mode), HW_DEBUG) + @echo "The project has been built in debug hardware mode." +else ifeq ($(Build_Mode), SIM_DEBUG) + @echo "The project has been built in debug simulation mode." +else ifeq ($(Build_Mode), HW_PRERELEASE) + @echo "The project has been built in pre-release hardware mode." +else ifeq ($(Build_Mode), SIM_PRERELEASE) + @echo "The project has been built in pre-release simulation mode." +else + @echo "The project has been built in release simulation mode." +endif +endif + +.config_$(Build_Mode)_$(SGX_ARCH): + @rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.* + @touch .config_$(Build_Mode)_$(SGX_ARCH) + +######## Library Objects ######## + +LocalAttestationCode/LocalAttestationCode_t.c LocalAttestationCode/LocalAttestationCode_t.h : $(SGX_EDGER8R) LocalAttestationCode/LocalAttestationCode.edl + @cd LocalAttestationCode && $(SGX_EDGER8R) --trusted ../LocalAttestationCode/LocalAttestationCode.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +LocalAttestationCode/LocalAttestationCode_t.o: LocalAttestationCode/LocalAttestationCode_t.c + @$(CC) $(TrustLib_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +LocalAttestationCode/%.o: LocalAttestationCode/%.cpp LocalAttestationCode/LocalAttestationCode_t.h + @$(CXX) $(TrustLib_Compile_Flags) $(TrustLib_Compile_Cxx_Flags) -c $< -o $@ + @echo "CC <= $<" + +$(Trust_Lib_Name): LocalAttestationCode/LocalAttestationCode_t.o $(TrustLib_Cpp_Objects) + @$(AR) rcs $@ $^ + @echo "GEN => $@" + +Untrusted_LocalAttestation/%.o: Untrusted_LocalAttestation/%.cpp + @$(CXX) $(UnTrustLib_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +$(UnTrustLib_Name): $(UnTrustLib_Cpp_Objects) + @$(AR) rcs $@ $^ + @echo "GEN => $@" + +######## App Objects ######## +Enclave1/Enclave1_u.c Enclave1/Enclave1_u.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl + @cd Enclave1 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave1_u.o: Enclave1/Enclave1_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave2/Enclave2_u.c Enclave2/Enclave2_u.h: $(SGX_EDGER8R) Enclave2/Enclave2.edl + @cd Enclave2 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave2_u.o: Enclave2/Enclave2_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave3/Enclave3_u.c Enclave3/Enclave3_u.h: $(SGX_EDGER8R) Enclave3/Enclave3.edl + @cd Enclave3 && $(SGX_EDGER8R) --use-prefix --untrusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave3_u.o: Enclave3/Enclave3_u.c + @$(CC) $(App_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +App/%.o: App/%.cpp Enclave1/Enclave1_u.h Enclave2/Enclave2_u.h Enclave3/Enclave3_u.h + @$(CXX) $(App_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): App/Enclave1_u.o App/Enclave2_u.o App/Enclave3_u.o $(App_Cpp_Objects) $(UnTrustLib_Name) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + +######## Enclave Objects ######## + +Enclave1/Enclave1_t.c Enclave1/Enclave1_t.h: $(SGX_EDGER8R) Enclave1/Enclave1.edl + @cd Enclave1 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave1/Enclave1.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave1/Enclave1_t.o: Enclave1/Enclave1_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave1/%.o: Enclave1/%.cpp Enclave1/Enclave1_t.h + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave1.so: Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) $(Trust_Lib_Name) + @$(CXX) Enclave1/Enclave1_t.o $(Enclave_Cpp_Objects_1) -o $@ $(Enclave1_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_1): Enclave1.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave1/Enclave1_private.pem -enclave Enclave1.so -out $@ -config Enclave1/Enclave1.config.xml + @echo "SIGN => $@" + +Enclave2/Enclave2_t.c: $(SGX_EDGER8R) Enclave2/Enclave2.edl + @cd Enclave2 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave2/Enclave2.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave2/Enclave2_t.o: Enclave2/Enclave2_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave2/%.o: Enclave2/%.cpp + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave2.so: Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) $(Trust_Lib_Name) + @$(CXX) Enclave2/Enclave2_t.o $(Enclave_Cpp_Objects_2) -o $@ $(Enclave2_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_2): Enclave2.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave2/Enclave2_private.pem -enclave Enclave2.so -out $@ -config Enclave2/Enclave2.config.xml + @echo "SIGN => $@" + +Enclave3/Enclave3_t.c: $(SGX_EDGER8R) Enclave3/Enclave3.edl + @cd Enclave3 && $(SGX_EDGER8R) --use-prefix --trusted ../Enclave3/Enclave3.edl --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave3/Enclave3_t.o: Enclave3/Enclave3_t.c + @$(CC) $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave3/%.o: Enclave3/%.cpp + @$(CXX) -std=c++11 -nostdinc++ $(Enclave_Compile_Flags) -c $< -o $@ + @echo "CXX <= $<" + +Enclave3.so: Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) $(Trust_Lib_Name) + @$(CXX) Enclave3/Enclave3_t.o $(Enclave_Cpp_Objects_3) -o $@ $(Enclave3_Link_Flags) + @echo "LINK => $@" + +$(Enclave_Name_3): Enclave3.so + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave3/Enclave3_private.pem -enclave Enclave3.so -out $@ -config Enclave3/Enclave3.config.xml + @echo "SIGN => $@" + +######## Clean ######## +.PHONY: clean + +clean: + @rm -rf .config_* $(App_Name) *.so *.a App/*.o Enclave1/*.o Enclave1/*_t.* Enclave1/*_u.* Enclave2/*.o Enclave2/*_t.* Enclave2/*_u.* Enclave3/*.o Enclave3/*_t.* Enclave3/*_u.* LocalAttestationCode/*.o Untrusted_LocalAttestation/*.o LocalAttestationCode/*_t.* diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/README.txt b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/README.txt new file mode 100644 index 0000000..6117cee --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/README.txt @@ -0,0 +1,29 @@ +--------------------------- +Purpose of LocalAttestation +--------------------------- +The project demonstrates: +- How to establish a protected channel +- Secret message exchange using enclave to enclave function calls + +------------------------------------ +How to Build/Execute the Sample Code +------------------------------------ +1. Install Intel(R) Software Guard Extensions (Intel(R) SGX) SDK for Linux* OS +2. Make sure your environment is set: + $ source ${sgx-sdk-install-path}/environment +3. Build the project with the prepared Makefile: + a. Hardware Mode, Debug build: + $ make + b. Hardware Mode, Pre-release build: + $ make SGX_PRERELEASE=1 SGX_DEBUG=0 + c. Hardware Mode, Release build: + $ make SGX_DEBUG=0 + d. Simulation Mode, Debug build: + $ make SGX_MODE=SIM + e. Simulation Mode, Pre-release build: + $ make SGX_MODE=SIM SGX_PRERELEASE=1 SGX_DEBUG=0 + f. Simulation Mode, Release build: + $ make SGX_MODE=SIM SGX_DEBUG=0 +4. Execute the binary directly: + $ ./app +5. Remember to "make clean" before switching build mode diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp new file mode 100644 index 0000000..65595ab --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.cpp @@ -0,0 +1,200 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_eid.h" +#include "error_codes.h" +#include "datatypes.h" +#include "sgx_urts.h" +#include "UntrustedEnclaveMessageExchange.h" +#include "sgx_dh.h" +#include +#include +#include +#include +#include +#include + +std::mapg_enclave_id_map; +extern sgx_enclave_id_t e1_enclave_id; + +//Makes an sgx_ecall to the destination enclave to get session id and message1 +ATTESTATION_STATUS session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + + // printf("[OCALL IPC] Generating msg1 and session_id for Enclave1\n"); + // for session_id + printf("[OCALL IPC] Passing SessionID to shared memory for Enclave1\n"); + key_t key_session_id = ftok("../..", 3); + int shmid_session_id = shmget(key_session_id, sizeof(uint32_t), 0666|IPC_CREAT); + uint32_t* tmp_session_id = (uint32_t*)shmat(shmid_session_id, (void*)0, 0); + memcpy(tmp_session_id, session_id, sizeof(uint32_t)); + + // for msg1 + printf("[OCALL IPC] Passing message1 to shared memory for Enclave1\n"); + key_t key_msg1 = ftok("../..", 2); + int shmid_msg1 = shmget(key_msg1, sizeof(sgx_dh_msg1_t), 0666|IPC_CREAT); + sgx_dh_msg1_t* tmp_msg1 = (sgx_dh_msg1_t *)shmat(shmid_msg1, (void*)0, 0); + memcpy(tmp_msg1, dh_msg1, sizeof(sgx_dh_msg1_t)); + + shmdt(tmp_msg1); + shmdt(tmp_session_id); + + // let enclave1 to receive msg1 + printf("[OCALL IPC] Waiting for Enclave1 to process SessionID and message1...\n"); + sleep(5); + + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} +//Makes an sgx_ecall to the destination enclave sends message2 from the source enclave and gets message 3 from the destination enclave +ATTESTATION_STATUS exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t session_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + + if (dh_msg3 == NULL) + { + // get msg2 from Enclave1 + printf("[OCALL IPC] Message2 should be ready\n"); + printf("[OCALL IPC] Retrieving message2 from shared memory\n"); + key_t key_msg2 = ftok("../..", 4); + int shmid_msg2 = shmget(key_msg2, sizeof(sgx_dh_msg2_t), 0666|IPC_CREAT); + sgx_dh_msg2_t* tmp_msg2 = (sgx_dh_msg2_t *)shmat(shmid_msg2, (void*)0, 0); + memcpy(dh_msg2, tmp_msg2, sizeof(sgx_dh_msg2_t)); + shmdt(tmp_msg2); + } + + // ret = Enclave1_exchange_report(src_enclave_id, &status, 0, dh_msg2, dh_msg3, session_id); + + else + { + // pass msg3 to shm for Enclave + printf("[OCALL IPC] Passing message3 to shared memory for Enclave1\n"); + key_t key_msg3 = ftok("../..", 5); + int shmid_msg3 = shmget(key_msg3, sizeof(sgx_dh_msg3_t), 0666|IPC_CREAT); + sgx_dh_msg3_t* tmp_msg3 = (sgx_dh_msg3_t *)shmat(shmid_msg3, (void*)0, 0); + memcpy(tmp_msg3, dh_msg3, sizeof(sgx_dh_msg3_t)); + shmdt(tmp_msg3); + + // wait for Enclave1 to process msg3 + printf("[OCALL IPC] Waiting for Enclave1 to process message3...\n"); + sleep(5); + } + + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} + +//Make an sgx_ecall to the destination enclave function that generates the actual response +ATTESTATION_STATUS send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id,secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + uint32_t temp_enclave_no; + + std::map::iterator it = g_enclave_id_map.find(dest_enclave_id); + if(it != g_enclave_id_map.end()) + { + temp_enclave_no = it->second; + } + else + { + return INVALID_SESSION; + } + + switch(temp_enclave_no) + { + case 1: + ret = Enclave1_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + case 2: + ret = Enclave2_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + case 3: + ret = Enclave3_generate_response(dest_enclave_id, &status, src_enclave_id, req_message, req_message_size, max_payload_size, resp_message, resp_message_size); + break; + } + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} + +//Make an sgx_ecall to the destination enclave to close the session +ATTESTATION_STATUS end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id) +{ + uint32_t status = 0; + sgx_status_t ret = SGX_SUCCESS; + uint32_t temp_enclave_no; + + std::map::iterator it = g_enclave_id_map.find(dest_enclave_id); + if(it != g_enclave_id_map.end()) + { + temp_enclave_no = it->second; + } + else + { + return INVALID_SESSION; + } + + switch(temp_enclave_no) + { + case 1: + ret = Enclave1_end_session(dest_enclave_id, &status, src_enclave_id); + break; + case 2: + ret = Enclave2_end_session(dest_enclave_id, &status, src_enclave_id); + break; + case 3: + ret = Enclave3_end_session(dest_enclave_id, &status, src_enclave_id); + break; + } + if (ret == SGX_SUCCESS) + return (ATTESTATION_STATUS)status; + else + return INVALID_SESSION; + +} + +void ocall_print_string(const char *str) +{ + printf("%s", str); +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h new file mode 100644 index 0000000..a97204d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/ProcessLocalAttestation/Enclave2/Untrusted_LocalAttestation/UntrustedEnclaveMessageExchange.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2011-2018 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + + +#include "sgx_eid.h" +#include "error_codes.h" +#include "datatypes.h" +#include "sgx_urts.h" +#include "dh_session_protocol.h" +#include "sgx_dh.h" +#include + + +#ifndef ULOCALATTESTATION_H_ +#define ULOCALATTESTATION_H_ + +#ifdef __cplusplus +extern "C" { +#endif + +sgx_status_t Enclave1_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave1_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave1_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave1_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +sgx_status_t Enclave2_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave2_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave2_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave2_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +sgx_status_t Enclave3_session_request(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +sgx_status_t Enclave3_exchange_report(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +sgx_status_t Enclave3_generate_response(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +sgx_status_t Enclave3_end_session(sgx_enclave_id_t eid, uint32_t* retval, sgx_enclave_id_t src_enclave_id); + +uint32_t session_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg1_t* dh_msg1, uint32_t* session_id); +uint32_t exchange_report_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, sgx_dh_msg2_t* dh_msg2, sgx_dh_msg3_t* dh_msg3, uint32_t session_id); +uint32_t send_request_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, secure_message_t* req_message, size_t req_message_size, size_t max_payload_size, secure_message_t* resp_message, size_t resp_message_size); +uint32_t end_session_ocall(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id); +void ocall_print_string(const char *str); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/Makefile new file mode 100644 index 0000000..c6d7d8d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/Makefile @@ -0,0 +1,211 @@ +######## SGX SDK Settings ######## +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= SIM +SGX_ARCH ?= x64 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +ifeq ($(SUPPLIED_KEY_DERIVATION), 1) + SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION +endif + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + + +App_Cpp_Files := isv_app/isv_app.cpp ../Util/LogBase.cpp ../Networking/NetworkManager.cpp ../Networking/Session.cpp ../Networking/Server.cpp \ +../Networking/Client.cpp ../Networking/NetworkManagerServer.cpp ../GoogleMessages/Messages.pb.cpp ../Networking/AbstractNetworkOps.cpp \ +../Util/UtilityFunctions.cpp ../Enclave/Enclave.cpp ../MessageHandler/MessageHandler.cpp ../Util/Base64.cpp + +App_Include_Paths := -I../Util -Iservice_provider -I$(SGX_SDK)/include -Iheaders -I../Networking -Iisv_app -I../GoogleMessages -I/usr/local/include -I../Enclave \ +-I../MessageHandler + +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DEnableServer +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -Wl,-rpath=$(CURDIR)/../sample_libcrypto -Wl,-rpath=$(CURDIR) -llog4cpp -lboost_system -lssl -lcrypto -lboost_thread -lprotobuf -L /usr/local/lib -ljsoncpp + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) + +App_Name := app + + +######## Enclave Settings ######## +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +Enclave_Cpp_Files := isv_enclave/isv_enclave.cpp +Enclave_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -I$(SGX_SDK)/include/crypto_px/include -I../Enclave/ + +Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) +Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++11 -nostdinc++ + +# To generate a proper enclave, it is recommended to follow below guideline to link the trusted libraries: +# 1. Link sgx_trts with the `--whole-archive' and `--no-whole-archive' options, +# so that the whole content of trts is included in the enclave. +# 2. For other libraries, you just need to pull the required symbols. +# Use `--start-group' and `--end-group' to link these libraries. +# Do NOT move the libraries linked with `--start-group' and `--end-group' within `--whole-archive' and `--no-whole-archive' options. +# Otherwise, you may get some undesirable errors. +Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -lsgx_tkey_exchange -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 \ + -Wl,--version-script=isv_enclave/isv_enclave.lds + +Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) + +Enclave_Name := isv_enclave.so +Signed_Enclave_Name := isv_enclave.signed.so +Enclave_Config_File := isv_enclave/isv_enclave.config.xml + +ifeq ($(SGX_MODE), HW) +ifneq ($(SGX_DEBUG), 1) +ifneq ($(SGX_PRERELEASE), 1) +Build_Mode = HW_RELEASE +endif +endif +endif + + +.PHONY: all run + +ifeq ($(Build_Mode), HW_RELEASE) +all: $(App_Name) $(Enclave_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclave use the command:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" + @echo "You can also sign the enclave using an external signing tool." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: $(App_Name) $(Signed_Enclave_Name) +endif + +run: all +ifneq ($(Build_Mode), HW_RELEASE) + @$(CURDIR)/$(App_Name) + @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" +endif + + +######## App Objects ######## + +isv_app/isv_enclave_u.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl + @cd isv_app && $(SGX_EDGER8R) --untrusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +isv_app/isv_enclave_u.o: isv_app/isv_enclave_u.c + @$(CC) $(App_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +isv_app/%.o: isv_app/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../MessageHandler/%.o: ../MessageHandler/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../Util/%.o: ../Util/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../Networking/%.o: ../Networking/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../Enclave/%.o: ../Enclave/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): isv_app/isv_enclave_u.o $(App_Cpp_Objects) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + +######## Enclave Objects ######## + +isv_enclave/isv_enclave_t.c: $(SGX_EDGER8R) isv_enclave/isv_enclave.edl + @cd isv_enclave && $(SGX_EDGER8R) --trusted ../isv_enclave/isv_enclave.edl --search-path ../isv_enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +isv_enclave/isv_enclave_t.o: isv_enclave/isv_enclave_t.c + @$(CC) $(Enclave_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +isv_enclave/%.o: isv_enclave/%.cpp + @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(Enclave_Name): isv_enclave/isv_enclave_t.o $(Enclave_Cpp_Objects) + @$(CXX) $^ -o $@ $(Enclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_Enclave_Name): $(Enclave_Name) + @$(SGX_ENCLAVE_SIGNER) sign -key isv_enclave/isv_enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) + @echo "SIGN => $@" + +.PHONY: clean + +clean: + @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects) diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_app/isv_app.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_app/isv_app.cpp new file mode 100644 index 0000000..1875b5b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_app/isv_app.cpp @@ -0,0 +1,40 @@ +#include +#include + +#include "LogBase.h" + +using namespace util; + +#include "MessageHandler.h" + +int Main(int argc, char* argv[]) { + LogBase::Inst(); + + int ret = 0; + + MessageHandler msg; + msg.init(); + msg.start(); + + return ret; +} + + +int main( int argc, char **argv ) { + try { + return Main(argc, argv); + } catch (std::exception& e) { + Log("exception: %s", e.what()); + } catch (...) { + Log("unexpected exception") ; + } + + return -1; +} + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.config.xml new file mode 100644 index 0000000..8af015b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.config.xml @@ -0,0 +1,11 @@ + + 0 + 0 + 0x40000 + 0x100000 + 1 + 1 + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.cpp new file mode 100644 index 0000000..6a0cfb8 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.cpp @@ -0,0 +1,311 @@ +#include +#include + +#include +#include "isv_enclave_t.h" +#include "sgx_tkey_exchange.h" +#include "sgx_tcrypto.h" +#include "string.h" + +// This is the public EC key of the SP. The corresponding private EC key is +// used by the SP to sign data used in the remote attestation SIGMA protocol +// to sign channel binding data in MSG2. A successful verification of the +// signature confirms the identity of the SP to the ISV app in remote +// attestation secure channel binding. The public EC key should be hardcoded in +// the enclave or delivered in a trustworthy manner. The use of a spoofed public +// EC key in the remote attestation with secure channel binding session may lead +// to a security compromise. Every different SP the enlcave communicates to +// must have a unique SP public key. Delivery of the SP public key is +// determined by the ISV. The TKE SIGMA protocl expects an Elliptical Curve key +// based on NIST P-256 +static const sgx_ec256_public_t g_sp_pub_key = { + { + 0x72, 0x12, 0x8a, 0x7a, 0x17, 0x52, 0x6e, 0xbf, + 0x85, 0xd0, 0x3a, 0x62, 0x37, 0x30, 0xae, 0xad, + 0x3e, 0x3d, 0xaa, 0xee, 0x9c, 0x60, 0x73, 0x1d, + 0xb0, 0x5b, 0xe8, 0x62, 0x1c, 0x4b, 0xeb, 0x38 + }, + { + 0xd4, 0x81, 0x40, 0xd9, 0x50, 0xe2, 0x57, 0x7b, + 0x26, 0xee, 0xb7, 0x41, 0xe7, 0xc6, 0x14, 0xe2, + 0x24, 0xb7, 0xbd, 0xc9, 0x03, 0xf2, 0x9a, 0x28, + 0xa8, 0x3c, 0xc8, 0x10, 0x11, 0x14, 0x5e, 0x06 + } + +}; + + +#ifdef SUPPLIED_KEY_DERIVATION + +#pragma message ("Supplied key derivation function is used.") + +typedef struct _hash_buffer_t { + uint8_t counter[4]; + sgx_ec256_dh_shared_t shared_secret; + uint8_t algorithm_id[4]; +} hash_buffer_t; + +const char ID_U[] = "SGXRAENCLAVE"; +const char ID_V[] = "SGXRASERVER"; + +// Derive two keys from shared key and key id. +bool derive_key( + const sgx_ec256_dh_shared_t *p_shared_key, + uint8_t key_id, + sgx_ec_key_128bit_t *first_derived_key, + sgx_ec_key_128bit_t *second_derived_key) { + sgx_status_t sgx_ret = SGX_SUCCESS; + hash_buffer_t hash_buffer; + sgx_sha_state_handle_t sha_context; + sgx_sha256_hash_t key_material; + + memset(&hash_buffer, 0, sizeof(hash_buffer_t)); + /* counter in big endian */ + hash_buffer.counter[3] = key_id; + + /*convert from little endian to big endian */ + for (size_t i = 0; i < sizeof(sgx_ec256_dh_shared_t); i++) { + hash_buffer.shared_secret.s[i] = p_shared_key->s[sizeof(p_shared_key->s)-1 - i]; + } + + sgx_ret = sgx_sha256_init(&sha_context); + if (sgx_ret != SGX_SUCCESS) { + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context); + if (sgx_ret != SGX_SUCCESS) { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&ID_U, sizeof(ID_U), sha_context); + if (sgx_ret != SGX_SUCCESS) { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_update((uint8_t*)&ID_V, sizeof(ID_V), sha_context); + if (sgx_ret != SGX_SUCCESS) { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_get_hash(sha_context, &key_material); + if (sgx_ret != SGX_SUCCESS) { + sgx_sha256_close(sha_context); + return false; + } + sgx_ret = sgx_sha256_close(sha_context); + + assert(sizeof(sgx_ec_key_128bit_t)* 2 == sizeof(sgx_sha256_hash_t)); + memcpy(first_derived_key, &key_material, sizeof(sgx_ec_key_128bit_t)); + memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sgx_ec_key_128bit_t), sizeof(sgx_ec_key_128bit_t)); + + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_material, 0, sizeof(sgx_sha256_hash_t)); + + return true; +} + +//isv defined key derivation function id +#define ISV_KDF_ID 2 + +typedef enum _derive_key_type_t { + DERIVE_KEY_SMK_SK = 0, + DERIVE_KEY_MK_VK, +} derive_key_type_t; + +sgx_status_t key_derivation(const sgx_ec256_dh_shared_t* shared_key, + uint16_t kdf_id, + sgx_ec_key_128bit_t* smk_key, + sgx_ec_key_128bit_t* sk_key, + sgx_ec_key_128bit_t* mk_key, + sgx_ec_key_128bit_t* vk_key) { + bool derive_ret = false; + + if (NULL == shared_key) { + return SGX_ERROR_INVALID_PARAMETER; + } + + if (ISV_KDF_ID != kdf_id) { + //fprintf(stderr, "\nError, key derivation id mismatch in [%s].", __FUNCTION__); + return SGX_ERROR_KDF_MISMATCH; + } + + derive_ret = derive_key(shared_key, DERIVE_KEY_SMK_SK, + smk_key, sk_key); + if (derive_ret != true) { + //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + return SGX_ERROR_UNEXPECTED; + } + + derive_ret = derive_key(shared_key, DERIVE_KEY_MK_VK, + mk_key, vk_key); + if (derive_ret != true) { + //fprintf(stderr, "\nError, derive key fail in [%s].", __FUNCTION__); + return SGX_ERROR_UNEXPECTED; + } + return SGX_SUCCESS; +} +#else +#pragma message ("Default key derivation function is used.") +#endif + +// This ecall is a wrapper of sgx_ra_init to create the trusted +// KE exchange key context needed for the remote attestation +// SIGMA API's. Input pointers aren't checked since the trusted stubs +// copy them into EPC memory. +// +// @param b_pse Indicates whether the ISV app is using the +// platform services. +// @param p_context Pointer to the location where the returned +// key context is to be copied. +// +// @return Any error return from the create PSE session if b_pse +// is true. +// @return Any error returned from the trusted key exchange API +// for creating a key context. + +sgx_status_t enclave_init_ra( + int b_pse, + sgx_ra_context_t *p_context) { + // isv enclave call to trusted key exchange library. + sgx_status_t ret; + if(b_pse) { + int busy_retry_times = 2; + do { + ret = sgx_create_pse_session(); + } while (ret == SGX_ERROR_BUSY && busy_retry_times--); + if (ret != SGX_SUCCESS) + return ret; + } +#ifdef SUPPLIED_KEY_DERIVATION + ret = sgx_ra_init_ex(&g_sp_pub_key, b_pse, key_derivation, p_context); +#else + ret = sgx_ra_init(&g_sp_pub_key, b_pse, p_context); +#endif + if(b_pse) { + sgx_close_pse_session(); + return ret; + } + return ret; +} + + +// Closes the tKE key context used during the SIGMA key +// exchange. +// +// @param context The trusted KE library key context. +// +// @return Return value from the key context close API + +sgx_status_t SGXAPI enclave_ra_close( + sgx_ra_context_t context) { + sgx_status_t ret; + ret = sgx_ra_close(context); + return ret; +} + + +// Verify the mac sent in att_result_msg from the SP using the +// MK key. Input pointers aren't checked since the trusted stubs +// copy them into EPC memory. +// +// +// @param context The trusted KE library key context. +// @param p_message Pointer to the message used to produce MAC +// @param message_size Size in bytes of the message. +// @param p_mac Pointer to the MAC to compare to. +// @param mac_size Size in bytes of the MAC +// +// @return SGX_ERROR_INVALID_PARAMETER - MAC size is incorrect. +// @return Any error produced by tKE API to get SK key. +// @return Any error produced by the AESCMAC function. +// @return SGX_ERROR_MAC_MISMATCH - MAC compare fails. + +sgx_status_t verify_att_result_mac(sgx_ra_context_t context, + uint8_t* p_message, + size_t message_size, + uint8_t* p_mac, + size_t mac_size) { + sgx_status_t ret; + sgx_ec_key_128bit_t mk_key; + + if(mac_size != sizeof(sgx_mac_t)) { + ret = SGX_ERROR_INVALID_PARAMETER; + return ret; + } + if(message_size > UINT32_MAX) { + ret = SGX_ERROR_INVALID_PARAMETER; + return ret; + } + + do { + uint8_t mac[SGX_CMAC_MAC_SIZE] = {0}; + + ret = sgx_ra_get_keys(context, SGX_RA_KEY_MK, &mk_key); + if(SGX_SUCCESS != ret) { + break; + } + ret = sgx_rijndael128_cmac_msg(&mk_key, + p_message, + (uint32_t)message_size, + &mac); + if(SGX_SUCCESS != ret) { + break; + } + if(0 == consttime_memequal(p_mac, mac, sizeof(mac))) { + ret = SGX_ERROR_MAC_MISMATCH; + break; + } + + } while(0); + + return ret; +} + + +sgx_status_t verify_secret_data ( + sgx_ra_context_t context, + uint8_t *p_secret, + uint32_t secret_size, + uint8_t *p_gcm_mac, + uint32_t max_verification_length, + uint8_t *p_ret) { + sgx_status_t ret = SGX_SUCCESS; + sgx_ec_key_128bit_t sk_key; + + do { + ret = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &sk_key); + if (SGX_SUCCESS != ret) { + break; + } + + uint8_t *decrypted = (uint8_t*) malloc(sizeof(uint8_t) * secret_size); + uint8_t aes_gcm_iv[12] = {0}; + + ret = sgx_rijndael128GCM_decrypt(&sk_key, + p_secret, + secret_size, + decrypted, + &aes_gcm_iv[0], + 12, + NULL, + 0, + (const sgx_aes_gcm_128bit_tag_t *) (p_gcm_mac)); + + if (SGX_SUCCESS == ret) { + if (decrypted[0] == 0) { + if (decrypted[1] != 1) { + ret = SGX_ERROR_INVALID_SIGNATURE; + } + } else { + ret = SGX_ERROR_UNEXPECTED; + } + } + + } while(0); + + return ret; +} + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.edl new file mode 100644 index 0000000..6cd78d2 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.edl @@ -0,0 +1,38 @@ +enclave { + from "sgx_tkey_exchange.edl" import *; + + include "sgx_key_exchange.h" + include "sgx_trts.h" + + trusted { + public sgx_status_t enclave_init_ra(int b_pse, [out] sgx_ra_context_t *p_context); + + public sgx_status_t enclave_ra_close(sgx_ra_context_t context); + + public sgx_status_t verify_att_result_mac(sgx_ra_context_t context, + [in,size=message_size] uint8_t* message, + size_t message_size, + [in,size=mac_size] uint8_t* mac, + size_t mac_size); + + public sgx_status_t verify_secret_data(sgx_ra_context_t context, + [in,size=secret_size] uint8_t* p_secret, + uint32_t secret_size, + [in,count=16] uint8_t* gcm_mac, + uint32_t max_verification_length, + [out, count=16] uint8_t *p_ret); + }; + +}; + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.lds b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.lds new file mode 100644 index 0000000..0626e1f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave.lds @@ -0,0 +1,8 @@ +enclave.so { +global: + g_global_data_sim; + g_global_data; + enclave_entry; +local: + *; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave_private.pem new file mode 100644 index 0000000..b8ace89 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Application/isv_enclave/isv_enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEA0MvI9NpdP4GEqCvtlJQv00OybzTXzxBhPu/257VYt9cYw/ph +BN1WRyxBBcrZs15xmcvlb3xNmFGWs4w5oUgrFBNgi6g+CUOCsj0cM8xw7P/y3K0H +XaZUf+T3CXCp8NvlkZHzfdWAFA5lGGR9g6kmuk7SojE3h87Zm1KjPU/PvAe+BaMU +trlRr4gPNVnu19Vho60xwuswPxfl/pBFUIk7qWEUR3l2hiqWMeLgf3Ays/WSnkXA +uijwPt5g0hxsgIlyDrI3jKbf0zkFB56jvPwSykfU8aw4Gkbo5qSZxUAKnwH2L8Uf +yM6inBaaYtM79icRwsu45Yt6X0GAt7CSb/1TKBrnm5exmK1sug3YSQ/YuK1FYawU +vIaDD0YfzOndTNVBewA+Hr5xNPvqGJoRKHuGbyu2lI9jrKYpVxQWsmx38wnxF6kE +zX6N4m7KZiLeLpDdBVQtLuOzIdIE4wT3t/ckeqElxO/1Ut9bj765GcTTrYwMKHRw +ukWIH7ZtHtAjj0KzAgEDAoIBgQCLMoX4kZN/q63Fcp5jDXU3gnb0zeU0tZYp9U9F +I5B6j2XX/ECt6OQvctYD3JEiPvZmh+5KUt5li7nNCCZrhXINYkBdGtQGLQHMKL13 +3aCd//c9yK+TxDhVQ09boHFLPUO2YUz+jlVitENlmFOtG28m3zcWy3paieZnjGzT +iop9Wn6ubLh50OEfsAojkUnlOOvCc3aB8iAqD+6ptYOLBifGQLgvpk8EHGQhQer/ +oCHNTmG+2SsmxfV/Pus2vZ2rBkrUbZU0hwrnvKOIPhnt3Qwtmx9xsC67jF+MpWko +UisJXC27FAGz2gpIGMhBp35HEppwG9hhCuMQdK2g62bvweyr1tC4qOVdQrKvhksN +r6CMjS9eSXvmWdF7lU4oxStN0V56/LICSIsLbggUaxTPKhAVEgfTSqwEJoQuFA3Q +4GmgTydPhcRH1L/lhbWJqZQm7V1Gt+5i5J6iATD32uNQQ2iZi5GsUhr+jZC+WlE5 +6lS813cRNiaK52HIk62bG7IXOksCgcEA+6RxZhQ5GaCPYZNsk7TqxqsKopXKoYAr +2R4KWuexJTd+1kcNMk0ETX8OSgpY2cYL2uPFWmdutxPpLfpr8S2u92Da/Wxs70Ti +QSb0426ybTmnS5L7nOnGOHiddXILhW175liAszTeoR7nQ6vpr9YjfcnrXiB8bKIm +akft2DQoxrBPzEe9tA8gfkyDTsSG2j7kncSbvYRtkKcJOmmypotVU6uhRPSrSXCc +J59uBQkg6Bk4CKA1mz8ctG07MluFY0/ZAoHBANRpZlfIFl39gFmuEER7lb80GySO +J190LbqOca3dGOvAMsDgEAi6juJyX7ZNpbHFHj++LvmTtw9+kxhVDBcswS7304kt +7J2EfnGdctEZtXif1wiq30YWAp1tjRpQENKtt9wssmgcwgK39rZNiEHmStHGv3l+ +5TnKPKeuFCDnsLvi5lQYoK2wTYvZtsjf+Rnt7H17q90IV54pMjTS8BkGskCkKf2A +IYuaZkqX0T3cM6ovoYYDAU6rWL5rrYPLEwkbawKBwQCnwvZEDXtmawpBDPMNI0cv +HLHBuTHBAB07aVw8mnYYz6nkL14hiK2I/17cBuXmhAfnQoORmknPYptz/Ef2HnSk +6zyo8vNKLewrb03s9Hbze8TdDKe98S7QUGj49rJY86fu5asiIz8WFJotHUZ1OWz+ +hpzpav2dwW7xhUk6zXCEdYqIL9PNX2r+3azfLa88Ke2+gxJ+WEkLGgYm8SHEXOON +HRYt+HIw9b1vv56uBhXwENAFwCO81L3Nnid2565CNTsCgcEAjZuZj9q5k/5VkR61 +gv0Of3gSGF7E6k1z0bRLyT4QnSrMgJVgBdG0lvbqeYkZIS4UKn7J+7fPX6m3ZY4I +D3MrdKU3sMlIaQL+9mj3NhEjpb/ksHHqLrlXE55eEYq14cklPXMhmr3WrHqkeYkF +gUQx4S8qUP9De9wob8liwJp10pdEOBBrHnWJB+Z52z/7Zp6dqP0dPgWPvsYheIyg +EK8hgG1xU6rBB7xEMbqLfpLNHB/BBAIA3xzl1EfJAodiBhJHAoHAeTS2znDHYayI +TvK86tBAPVORiBVTSdRUONdGF3dipo24hyeyrI5MtiOoMc3sKWXnSTkDQWa3WiPx +qStBmmO/SbGTuz7T6+oOwGeMiYzYBe87Ayn8Y0KYYshFikieJbGusHjUlIGmCVPy +UHrDMYGwFGUGBwW47gBsnZa+YPHtxWCPDe/U80et2Trx0RXJJQPmupAVMSiJWObI +9k5gRU+xDqkHanyD1gkGGwhFTUNX94EJEOdQEWw3hxLnVtePoke/ +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/AttestationReportSigningCACert.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/AttestationReportSigningCACert.pem new file mode 100755 index 0000000..27332a1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/AttestationReportSigningCACert.pem @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV +BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 +YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy +MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL +U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD +DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e +LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh +rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT +L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe +NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ +byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H +afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf +6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM +RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX +MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50 +L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW +BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr +NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq +hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir +IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ +sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi +zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra +Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA +152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB +3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O +DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv +DaVzWh5aiEx+idkSGMnX +-----END CERTIFICATE----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.cpp new file mode 100644 index 0000000..3011e8c --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.cpp @@ -0,0 +1,110 @@ +#include "Enclave.h" + +#include + +using namespace util; +using namespace std; + +Enclave* Enclave::instance = NULL; + +Enclave::Enclave() {} + +Enclave* Enclave::getInstance() { + if (instance == NULL) { + instance = new Enclave(); + } + + return instance; +} + + +Enclave::~Enclave() { + int ret = -1; + + if (INT_MAX != context) { + int ret_save = -1; + ret = enclave_ra_close(enclave_id, &status, context); + if (SGX_SUCCESS != ret || status) { + ret = -1; + Log("Error, call enclave_ra_close fail", log::error); + } else { + // enclave_ra_close was successful, let's restore the value that + // led us to this point in the code. + ret = ret_save; + } + + Log("Call enclave_ra_close success"); + } + + sgx_destroy_enclave(enclave_id); +} + + + +sgx_status_t Enclave::createEnclave() { + sgx_status_t ret; + int launch_token_update = 0; + int enclave_lost_retry_time = 1; + sgx_launch_token_t launch_token = {0}; + + memset(&launch_token, 0, sizeof(sgx_launch_token_t)); + + do { + ret = sgx_create_enclave(this->enclave_path, + SGX_DEBUG_FLAG, + &launch_token, + &launch_token_update, + &this->enclave_id, NULL); + + if (SGX_SUCCESS != ret) { + Log("Error, call sgx_create_enclave fail", log::error); + print_error_message(ret); + break; + } else { + Log("Call sgx_create_enclave success"); + + ret = enclave_init_ra(this->enclave_id, + &this->status, + false, + &this->context); + } + + } while (SGX_ERROR_ENCLAVE_LOST == ret && enclave_lost_retry_time--); + + if (ret == SGX_SUCCESS) + Log("Enclave created, ID: %llx", this->enclave_id); + + + return ret; +} + + +sgx_enclave_id_t Enclave::getID() { + return this->enclave_id; +} + +sgx_status_t Enclave::getStatus() { + return this->status; +} + +sgx_ra_context_t Enclave::getContext() { + return this->context; +} + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.h new file mode 100644 index 0000000..e38a202 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Enclave/Enclave.h @@ -0,0 +1,43 @@ +#ifndef ENCLAVE_H +#define ENCLAVE_H + +#include +#include +#include +#include + +#include "LogBase.h" +#include "UtilityFunctions.h" +#include "isv_enclave_u.h" + +// Needed to call untrusted key exchange library APIs, i.e. sgx_ra_proc_msg2. +#include "sgx_ukey_exchange.h" + +// Needed to query extended epid group id. +#include "sgx_uae_service.h" + +class Enclave { + +public: + static Enclave* getInstance(); + virtual ~Enclave(); + sgx_status_t createEnclave(); + sgx_enclave_id_t getID(); + sgx_status_t getStatus(); + sgx_ra_context_t getContext(); + +private: + Enclave(); + static Enclave *instance; + const char *enclave_path = "isv_enclave.signed.so"; + sgx_enclave_id_t enclave_id; + sgx_status_t status; + sgx_ra_context_t context; +}; + +#endif + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GeneralSettings.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GeneralSettings.h new file mode 100644 index 0000000..6f74d55 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GeneralSettings.h @@ -0,0 +1,21 @@ +#ifndef GENERALSETTINGS_H +#define GENERALSETTINGS_H + +#include + +using namespace std; + +namespace Settings { + static int rh_port = 22222; + static string rh_host = "localhost"; + + static string server_crt = "/home/fan/linux-sgx-remoteattestation/server.crt"; //certificate for the HTTPS connection between the SP and the App + static string server_key = "/home/fan/linux-sgx-remoteattestation/server.key"; //private key for the HTTPS connection + + static string spid = "0BC6719F1DB470A7C5D01AB928DACCAF"; //SPID provided by Intel after registration for the IAS service + static const char *ias_crt = "/home/fan/linux-sgx-remoteattestation/server.crt"; //location of the certificate send to Intel when registring for the IAS + static const char *ias_key = "/home/fan/linux-sgx-remoteattestation/server.key"; + static string ias_url = "https://test-as.sgx.trustedservices.intel.com:443/attestation/sgx/v2/"; +} + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.cc b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.cc new file mode 100644 index 0000000..c7ecd42 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.cc @@ -0,0 +1,4544 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: Messages.proto + +#define INTERNAL_SUPPRESS_PROTOBUF_FIELD_DEPRECATION +#include "Messages.pb.h" + +#include + +#include +#include +#include +#include +#include +#include +#include +#include +// @@protoc_insertion_point(includes) + +namespace Messages { + +namespace { + +const ::google::protobuf::Descriptor* InitialMessage_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + InitialMessage_reflection_ = NULL; +const ::google::protobuf::Descriptor* MessageMsg0_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + MessageMsg0_reflection_ = NULL; +const ::google::protobuf::Descriptor* MessageMSG1_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + MessageMSG1_reflection_ = NULL; +const ::google::protobuf::Descriptor* MessageMSG2_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + MessageMSG2_reflection_ = NULL; +const ::google::protobuf::Descriptor* MessageMSG3_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + MessageMSG3_reflection_ = NULL; +const ::google::protobuf::Descriptor* AttestationMessage_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + AttestationMessage_reflection_ = NULL; +const ::google::protobuf::Descriptor* SecretMessage_descriptor_ = NULL; +const ::google::protobuf::internal::GeneratedMessageReflection* + SecretMessage_reflection_ = NULL; + +} // namespace + + +void protobuf_AssignDesc_Messages_2eproto() { + protobuf_AddDesc_Messages_2eproto(); + const ::google::protobuf::FileDescriptor* file = + ::google::protobuf::DescriptorPool::generated_pool()->FindFileByName( + "Messages.proto"); + GOOGLE_CHECK(file != NULL); + InitialMessage_descriptor_ = file->message_type(0); + static const int InitialMessage_offsets_[2] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(InitialMessage, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(InitialMessage, size_), + }; + InitialMessage_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + InitialMessage_descriptor_, + InitialMessage::default_instance_, + InitialMessage_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(InitialMessage, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(InitialMessage, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(InitialMessage)); + MessageMsg0_descriptor_ = file->message_type(1); + static const int MessageMsg0_offsets_[3] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMsg0, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMsg0, epid_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMsg0, status_), + }; + MessageMsg0_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + MessageMsg0_descriptor_, + MessageMsg0::default_instance_, + MessageMsg0_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMsg0, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMsg0, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(MessageMsg0)); + MessageMSG1_descriptor_ = file->message_type(2); + static const int MessageMSG1_offsets_[4] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, gax_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, gay_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, gid_), + }; + MessageMSG1_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + MessageMSG1_descriptor_, + MessageMSG1::default_instance_, + MessageMSG1_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG1, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(MessageMSG1)); + MessageMSG2_descriptor_ = file->message_type(3); + static const int MessageMSG2_offsets_[12] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, public_key_gx_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, public_key_gy_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, quote_type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, spid_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, cmac_kdf_id_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, signature_x_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, signature_y_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, smac_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, size_sigrl_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, sigrl_), + }; + MessageMSG2_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + MessageMSG2_descriptor_, + MessageMSG2::default_instance_, + MessageMSG2_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG2, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(MessageMSG2)); + MessageMSG3_descriptor_ = file->message_type(4); + static const int MessageMSG3_offsets_[7] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, sgx_mac_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, gax_msg3_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, gay_msg3_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, sec_property_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, quote_), + }; + MessageMSG3_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + MessageMSG3_descriptor_, + MessageMSG3::default_instance_, + MessageMSG3_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(MessageMSG3, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(MessageMSG3)); + AttestationMessage_descriptor_ = file->message_type(5); + static const int AttestationMessage_offsets_[16] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, epid_group_status_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, tcb_evaluation_status_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, pse_evaluation_status_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, latest_equivalent_tcb_psvn_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, latest_pse_isvsvn_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, latest_psda_svn_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, performance_rekey_gid_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, ec_sign256_x_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, ec_sign256_y_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, mac_smk_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, result_size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, reserved_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, payload_tag_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, payload_), + }; + AttestationMessage_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + AttestationMessage_descriptor_, + AttestationMessage::default_instance_, + AttestationMessage_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(AttestationMessage, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(AttestationMessage)); + SecretMessage_descriptor_ = file->message_type(6); + static const int SecretMessage_offsets_[10] = { + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, type_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encryped_pkey_size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encryped_x509_size_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encrypted_content_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, mac_smk_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encrypted_pkey_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encrypted_pkey_mac_smk_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encrypted_x509_), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, encrypted_x509_mac_smk_), + }; + SecretMessage_reflection_ = + new ::google::protobuf::internal::GeneratedMessageReflection( + SecretMessage_descriptor_, + SecretMessage::default_instance_, + SecretMessage_offsets_, + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, _has_bits_[0]), + GOOGLE_PROTOBUF_GENERATED_MESSAGE_FIELD_OFFSET(SecretMessage, _unknown_fields_), + -1, + ::google::protobuf::DescriptorPool::generated_pool(), + ::google::protobuf::MessageFactory::generated_factory(), + sizeof(SecretMessage)); +} + +namespace { + +GOOGLE_PROTOBUF_DECLARE_ONCE(protobuf_AssignDescriptors_once_); +inline void protobuf_AssignDescriptorsOnce() { + ::google::protobuf::GoogleOnceInit(&protobuf_AssignDescriptors_once_, + &protobuf_AssignDesc_Messages_2eproto); +} + +void protobuf_RegisterTypes(const ::std::string&) { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + InitialMessage_descriptor_, &InitialMessage::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + MessageMsg0_descriptor_, &MessageMsg0::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + MessageMSG1_descriptor_, &MessageMSG1::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + MessageMSG2_descriptor_, &MessageMSG2::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + MessageMSG3_descriptor_, &MessageMSG3::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + AttestationMessage_descriptor_, &AttestationMessage::default_instance()); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedMessage( + SecretMessage_descriptor_, &SecretMessage::default_instance()); +} + +} // namespace + +void protobuf_ShutdownFile_Messages_2eproto() { + delete InitialMessage::default_instance_; + delete InitialMessage_reflection_; + delete MessageMsg0::default_instance_; + delete MessageMsg0_reflection_; + delete MessageMSG1::default_instance_; + delete MessageMSG1_reflection_; + delete MessageMSG2::default_instance_; + delete MessageMSG2_reflection_; + delete MessageMSG3::default_instance_; + delete MessageMSG3_reflection_; + delete AttestationMessage::default_instance_; + delete AttestationMessage_reflection_; + delete SecretMessage::default_instance_; + delete SecretMessage_reflection_; +} + +void protobuf_AddDesc_Messages_2eproto() { + static bool already_here = false; + if (already_here) return; + already_here = true; + GOOGLE_PROTOBUF_VERIFY_VERSION; + + ::google::protobuf::DescriptorPool::InternalAddGeneratedFile( + "\n\016Messages.proto\022\010Messages\",\n\016InitialMes" + "sage\022\014\n\004type\030\001 \002(\r\022\014\n\004size\030\002 \001(\r\"9\n\013Mess" + "ageMsg0\022\014\n\004type\030\001 \002(\r\022\014\n\004epid\030\002 \002(\r\022\016\n\006s" + "tatus\030\003 \001(\r\"N\n\013MessageMSG1\022\014\n\004type\030\001 \002(\r" + "\022\017\n\003GaX\030\002 \003(\rB\002\020\001\022\017\n\003GaY\030\003 \003(\rB\002\020\001\022\017\n\003GI" + "D\030\004 \003(\rB\002\020\001\"\205\002\n\013MessageMSG2\022\014\n\004type\030\001 \002(" + "\r\022\014\n\004size\030\002 \001(\r\022\031\n\rpublic_key_gx\030\003 \003(\rB\002" + "\020\001\022\031\n\rpublic_key_gy\030\004 \003(\rB\002\020\001\022\022\n\nquote_t" + "ype\030\005 \001(\r\022\020\n\004spid\030\006 \003(\rB\002\020\001\022\023\n\013cmac_kdf_" + "id\030\007 \001(\r\022\027\n\013signature_x\030\010 \003(\rB\002\020\001\022\027\n\013sig" + "nature_y\030\t \003(\rB\002\020\001\022\020\n\004smac\030\n \003(\rB\002\020\001\022\022\n\n" + "size_sigrl\030\013 \001(\r\022\021\n\005sigrl\030\014 \003(\rB\002\020\001\"\227\001\n\013" + "MessageMSG3\022\014\n\004type\030\001 \002(\r\022\014\n\004size\030\002 \001(\r\022" + "\023\n\007sgx_mac\030\003 \003(\rB\002\020\001\022\024\n\010gax_msg3\030\004 \003(\rB\002" + "\020\001\022\024\n\010gay_msg3\030\005 \003(\rB\002\020\001\022\030\n\014sec_property" + "\030\006 \003(\rB\002\020\001\022\021\n\005quote\030\007 \003(\rB\002\020\001\"\262\003\n\022Attest" + "ationMessage\022\014\n\004type\030\001 \002(\r\022\014\n\004size\030\002 \002(\r" + "\022\031\n\021epid_group_status\030\003 \001(\r\022\035\n\025tcb_evalu" + "ation_status\030\004 \001(\r\022\035\n\025pse_evaluation_sta" + "tus\030\005 \001(\r\022&\n\032latest_equivalent_tcb_psvn\030" + "\006 \003(\rB\002\020\001\022\035\n\021latest_pse_isvsvn\030\007 \003(\rB\002\020\001" + "\022\033\n\017latest_psda_svn\030\010 \003(\rB\002\020\001\022!\n\025perform" + "ance_rekey_gid\030\t \003(\rB\002\020\001\022\030\n\014ec_sign256_x" + "\030\n \003(\rB\002\020\001\022\030\n\014ec_sign256_y\030\013 \003(\rB\002\020\001\022\023\n\007" + "mac_smk\030\014 \003(\rB\002\020\001\022\023\n\013result_size\030\r \001(\r\022\024" + "\n\010reserved\030\016 \003(\rB\002\020\001\022\027\n\013payload_tag\030\017 \003(" + "\rB\002\020\001\022\023\n\007payload\030\020 \003(\rB\002\020\001\"\227\002\n\rSecretMes" + "sage\022\014\n\004type\030\001 \002(\r\022\014\n\004size\030\002 \002(\r\022\032\n\022encr" + "yped_pkey_size\030\003 \001(\r\022\032\n\022encryped_x509_si" + "ze\030\004 \001(\r\022\035\n\021encrypted_content\030\005 \003(\rB\002\020\001\022" + "\023\n\007mac_smk\030\006 \003(\rB\002\020\001\022\032\n\016encrypted_pkey\030\007" + " \003(\rB\002\020\001\022\"\n\026encrypted_pkey_mac_smk\030\010 \003(\r" + "B\002\020\001\022\032\n\016encrypted_x509\030\t \003(\rB\002\020\001\022\"\n\026encr" + "ypted_x509_mac_smk\030\n \003(\rB\002\020\001", 1348); + ::google::protobuf::MessageFactory::InternalRegisterGeneratedFile( + "Messages.proto", &protobuf_RegisterTypes); + InitialMessage::default_instance_ = new InitialMessage(); + MessageMsg0::default_instance_ = new MessageMsg0(); + MessageMSG1::default_instance_ = new MessageMSG1(); + MessageMSG2::default_instance_ = new MessageMSG2(); + MessageMSG3::default_instance_ = new MessageMSG3(); + AttestationMessage::default_instance_ = new AttestationMessage(); + SecretMessage::default_instance_ = new SecretMessage(); + InitialMessage::default_instance_->InitAsDefaultInstance(); + MessageMsg0::default_instance_->InitAsDefaultInstance(); + MessageMSG1::default_instance_->InitAsDefaultInstance(); + MessageMSG2::default_instance_->InitAsDefaultInstance(); + MessageMSG3::default_instance_->InitAsDefaultInstance(); + AttestationMessage::default_instance_->InitAsDefaultInstance(); + SecretMessage::default_instance_->InitAsDefaultInstance(); + ::google::protobuf::internal::OnShutdown(&protobuf_ShutdownFile_Messages_2eproto); +} + +// Force AddDescriptors() to be called at static initialization time. +struct StaticDescriptorInitializer_Messages_2eproto { + StaticDescriptorInitializer_Messages_2eproto() { + protobuf_AddDesc_Messages_2eproto(); + } +} static_descriptor_initializer_Messages_2eproto_; + +// =================================================================== + +#ifndef _MSC_VER +const int InitialMessage::kTypeFieldNumber; +const int InitialMessage::kSizeFieldNumber; +#endif // !_MSC_VER + +InitialMessage::InitialMessage() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.InitialMessage) +} + +void InitialMessage::InitAsDefaultInstance() { +} + +InitialMessage::InitialMessage(const InitialMessage& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.InitialMessage) +} + +void InitialMessage::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + size_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +InitialMessage::~InitialMessage() { + // @@protoc_insertion_point(destructor:Messages.InitialMessage) + SharedDtor(); +} + +void InitialMessage::SharedDtor() { + if (this != default_instance_) { + } +} + +void InitialMessage::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* InitialMessage::descriptor() { + protobuf_AssignDescriptorsOnce(); + return InitialMessage_descriptor_; +} + +const InitialMessage& InitialMessage::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +InitialMessage* InitialMessage::default_instance_ = NULL; + +InitialMessage* InitialMessage::New() const { + return new InitialMessage; +} + +void InitialMessage::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + ZR_(type_, size_); + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool InitialMessage::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.InitialMessage) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_size; + break; + } + + // optional uint32 size = 2; + case 2: { + if (tag == 16) { + parse_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_))); + set_has_size(); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.InitialMessage) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.InitialMessage) + return false; +#undef DO_ +} + +void InitialMessage::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.InitialMessage) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // optional uint32 size = 2; + if (has_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->size(), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.InitialMessage) +} + +::google::protobuf::uint8* InitialMessage::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.InitialMessage) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // optional uint32 size = 2; + if (has_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->size(), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.InitialMessage) + return target; +} + +int InitialMessage::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // optional uint32 size = 2; + if (has_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size()); + } + + } + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void InitialMessage::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const InitialMessage* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void InitialMessage::MergeFrom(const InitialMessage& from) { + GOOGLE_CHECK_NE(&from, this); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_size()) { + set_size(from.size()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void InitialMessage::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void InitialMessage::CopyFrom(const InitialMessage& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool InitialMessage::IsInitialized() const { + if ((_has_bits_[0] & 0x00000001) != 0x00000001) return false; + + return true; +} + +void InitialMessage::Swap(InitialMessage* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(size_, other->size_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata InitialMessage::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = InitialMessage_descriptor_; + metadata.reflection = InitialMessage_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int MessageMsg0::kTypeFieldNumber; +const int MessageMsg0::kEpidFieldNumber; +const int MessageMsg0::kStatusFieldNumber; +#endif // !_MSC_VER + +MessageMsg0::MessageMsg0() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.MessageMsg0) +} + +void MessageMsg0::InitAsDefaultInstance() { +} + +MessageMsg0::MessageMsg0(const MessageMsg0& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.MessageMsg0) +} + +void MessageMsg0::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + epid_ = 0u; + status_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +MessageMsg0::~MessageMsg0() { + // @@protoc_insertion_point(destructor:Messages.MessageMsg0) + SharedDtor(); +} + +void MessageMsg0::SharedDtor() { + if (this != default_instance_) { + } +} + +void MessageMsg0::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* MessageMsg0::descriptor() { + protobuf_AssignDescriptorsOnce(); + return MessageMsg0_descriptor_; +} + +const MessageMsg0& MessageMsg0::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +MessageMsg0* MessageMsg0::default_instance_ = NULL; + +MessageMsg0* MessageMsg0::New() const { + return new MessageMsg0; +} + +void MessageMsg0::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + ZR_(type_, status_); + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool MessageMsg0::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.MessageMsg0) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_epid; + break; + } + + // required uint32 epid = 2; + case 2: { + if (tag == 16) { + parse_epid: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &epid_))); + set_has_epid(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(24)) goto parse_status; + break; + } + + // optional uint32 status = 3; + case 3: { + if (tag == 24) { + parse_status: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &status_))); + set_has_status(); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.MessageMsg0) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.MessageMsg0) + return false; +#undef DO_ +} + +void MessageMsg0::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.MessageMsg0) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // required uint32 epid = 2; + if (has_epid()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->epid(), output); + } + + // optional uint32 status = 3; + if (has_status()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(3, this->status(), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.MessageMsg0) +} + +::google::protobuf::uint8* MessageMsg0::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.MessageMsg0) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // required uint32 epid = 2; + if (has_epid()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->epid(), target); + } + + // optional uint32 status = 3; + if (has_status()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(3, this->status(), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.MessageMsg0) + return target; +} + +int MessageMsg0::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // required uint32 epid = 2; + if (has_epid()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->epid()); + } + + // optional uint32 status = 3; + if (has_status()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->status()); + } + + } + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void MessageMsg0::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const MessageMsg0* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void MessageMsg0::MergeFrom(const MessageMsg0& from) { + GOOGLE_CHECK_NE(&from, this); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_epid()) { + set_epid(from.epid()); + } + if (from.has_status()) { + set_status(from.status()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void MessageMsg0::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void MessageMsg0::CopyFrom(const MessageMsg0& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool MessageMsg0::IsInitialized() const { + if ((_has_bits_[0] & 0x00000003) != 0x00000003) return false; + + return true; +} + +void MessageMsg0::Swap(MessageMsg0* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(epid_, other->epid_); + std::swap(status_, other->status_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata MessageMsg0::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = MessageMsg0_descriptor_; + metadata.reflection = MessageMsg0_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int MessageMSG1::kTypeFieldNumber; +const int MessageMSG1::kGaXFieldNumber; +const int MessageMSG1::kGaYFieldNumber; +const int MessageMSG1::kGIDFieldNumber; +#endif // !_MSC_VER + +MessageMSG1::MessageMSG1() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.MessageMSG1) +} + +void MessageMSG1::InitAsDefaultInstance() { +} + +MessageMSG1::MessageMSG1(const MessageMSG1& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.MessageMSG1) +} + +void MessageMSG1::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +MessageMSG1::~MessageMSG1() { + // @@protoc_insertion_point(destructor:Messages.MessageMSG1) + SharedDtor(); +} + +void MessageMSG1::SharedDtor() { + if (this != default_instance_) { + } +} + +void MessageMSG1::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* MessageMSG1::descriptor() { + protobuf_AssignDescriptorsOnce(); + return MessageMSG1_descriptor_; +} + +const MessageMSG1& MessageMSG1::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +MessageMSG1* MessageMSG1::default_instance_ = NULL; + +MessageMSG1* MessageMSG1::New() const { + return new MessageMSG1; +} + +void MessageMSG1::Clear() { + type_ = 0u; + gax_.Clear(); + gay_.Clear(); + gid_.Clear(); + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool MessageMSG1::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.MessageMSG1) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(18)) goto parse_GaX; + break; + } + + // repeated uint32 GaX = 2 [packed = true]; + case 2: { + if (tag == 18) { + parse_GaX: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_gax()))); + } else if (tag == 16) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 18, input, this->mutable_gax()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(26)) goto parse_GaY; + break; + } + + // repeated uint32 GaY = 3 [packed = true]; + case 3: { + if (tag == 26) { + parse_GaY: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_gay()))); + } else if (tag == 24) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 26, input, this->mutable_gay()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(34)) goto parse_GID; + break; + } + + // repeated uint32 GID = 4 [packed = true]; + case 4: { + if (tag == 34) { + parse_GID: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_gid()))); + } else if (tag == 32) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 34, input, this->mutable_gid()))); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.MessageMSG1) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.MessageMSG1) + return false; +#undef DO_ +} + +void MessageMSG1::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.MessageMSG1) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // repeated uint32 GaX = 2 [packed = true]; + if (this->gax_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(2, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_gax_cached_byte_size_); + } + for (int i = 0; i < this->gax_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->gax(i), output); + } + + // repeated uint32 GaY = 3 [packed = true]; + if (this->gay_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(3, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_gay_cached_byte_size_); + } + for (int i = 0; i < this->gay_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->gay(i), output); + } + + // repeated uint32 GID = 4 [packed = true]; + if (this->gid_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(4, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_gid_cached_byte_size_); + } + for (int i = 0; i < this->gid_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->gid(i), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.MessageMSG1) +} + +::google::protobuf::uint8* MessageMSG1::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.MessageMSG1) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // repeated uint32 GaX = 2 [packed = true]; + if (this->gax_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 2, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _gax_cached_byte_size_, target); + } + for (int i = 0; i < this->gax_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->gax(i), target); + } + + // repeated uint32 GaY = 3 [packed = true]; + if (this->gay_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 3, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _gay_cached_byte_size_, target); + } + for (int i = 0; i < this->gay_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->gay(i), target); + } + + // repeated uint32 GID = 4 [packed = true]; + if (this->gid_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 4, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _gid_cached_byte_size_, target); + } + for (int i = 0; i < this->gid_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->gid(i), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.MessageMSG1) + return target; +} + +int MessageMSG1::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + } + // repeated uint32 GaX = 2 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->gax_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->gax(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _gax_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 GaY = 3 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->gay_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->gay(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _gay_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 GID = 4 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->gid_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->gid(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _gid_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void MessageMSG1::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const MessageMSG1* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void MessageMSG1::MergeFrom(const MessageMSG1& from) { + GOOGLE_CHECK_NE(&from, this); + gax_.MergeFrom(from.gax_); + gay_.MergeFrom(from.gay_); + gid_.MergeFrom(from.gid_); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void MessageMSG1::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void MessageMSG1::CopyFrom(const MessageMSG1& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool MessageMSG1::IsInitialized() const { + if ((_has_bits_[0] & 0x00000001) != 0x00000001) return false; + + return true; +} + +void MessageMSG1::Swap(MessageMSG1* other) { + if (other != this) { + std::swap(type_, other->type_); + gax_.Swap(&other->gax_); + gay_.Swap(&other->gay_); + gid_.Swap(&other->gid_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata MessageMSG1::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = MessageMSG1_descriptor_; + metadata.reflection = MessageMSG1_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int MessageMSG2::kTypeFieldNumber; +const int MessageMSG2::kSizeFieldNumber; +const int MessageMSG2::kPublicKeyGxFieldNumber; +const int MessageMSG2::kPublicKeyGyFieldNumber; +const int MessageMSG2::kQuoteTypeFieldNumber; +const int MessageMSG2::kSpidFieldNumber; +const int MessageMSG2::kCmacKdfIdFieldNumber; +const int MessageMSG2::kSignatureXFieldNumber; +const int MessageMSG2::kSignatureYFieldNumber; +const int MessageMSG2::kSmacFieldNumber; +const int MessageMSG2::kSizeSigrlFieldNumber; +const int MessageMSG2::kSigrlFieldNumber; +#endif // !_MSC_VER + +MessageMSG2::MessageMSG2() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.MessageMSG2) +} + +void MessageMSG2::InitAsDefaultInstance() { +} + +MessageMSG2::MessageMSG2(const MessageMSG2& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.MessageMSG2) +} + +void MessageMSG2::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + size_ = 0u; + quote_type_ = 0u; + cmac_kdf_id_ = 0u; + size_sigrl_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +MessageMSG2::~MessageMSG2() { + // @@protoc_insertion_point(destructor:Messages.MessageMSG2) + SharedDtor(); +} + +void MessageMSG2::SharedDtor() { + if (this != default_instance_) { + } +} + +void MessageMSG2::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* MessageMSG2::descriptor() { + protobuf_AssignDescriptorsOnce(); + return MessageMSG2_descriptor_; +} + +const MessageMSG2& MessageMSG2::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +MessageMSG2* MessageMSG2::default_instance_ = NULL; + +MessageMSG2* MessageMSG2::New() const { + return new MessageMSG2; +} + +void MessageMSG2::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + ZR_(type_, size_); + ZR_(quote_type_, cmac_kdf_id_); + size_sigrl_ = 0u; + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + public_key_gx_.Clear(); + public_key_gy_.Clear(); + spid_.Clear(); + signature_x_.Clear(); + signature_y_.Clear(); + smac_.Clear(); + sigrl_.Clear(); + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool MessageMSG2::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.MessageMSG2) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_size; + break; + } + + // optional uint32 size = 2; + case 2: { + if (tag == 16) { + parse_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_))); + set_has_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(26)) goto parse_public_key_gx; + break; + } + + // repeated uint32 public_key_gx = 3 [packed = true]; + case 3: { + if (tag == 26) { + parse_public_key_gx: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_public_key_gx()))); + } else if (tag == 24) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 26, input, this->mutable_public_key_gx()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(34)) goto parse_public_key_gy; + break; + } + + // repeated uint32 public_key_gy = 4 [packed = true]; + case 4: { + if (tag == 34) { + parse_public_key_gy: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_public_key_gy()))); + } else if (tag == 32) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 34, input, this->mutable_public_key_gy()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(40)) goto parse_quote_type; + break; + } + + // optional uint32 quote_type = 5; + case 5: { + if (tag == 40) { + parse_quote_type: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, "e_type_))); + set_has_quote_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(50)) goto parse_spid; + break; + } + + // repeated uint32 spid = 6 [packed = true]; + case 6: { + if (tag == 50) { + parse_spid: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_spid()))); + } else if (tag == 48) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 50, input, this->mutable_spid()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(56)) goto parse_cmac_kdf_id; + break; + } + + // optional uint32 cmac_kdf_id = 7; + case 7: { + if (tag == 56) { + parse_cmac_kdf_id: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &cmac_kdf_id_))); + set_has_cmac_kdf_id(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(66)) goto parse_signature_x; + break; + } + + // repeated uint32 signature_x = 8 [packed = true]; + case 8: { + if (tag == 66) { + parse_signature_x: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_signature_x()))); + } else if (tag == 64) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 66, input, this->mutable_signature_x()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(74)) goto parse_signature_y; + break; + } + + // repeated uint32 signature_y = 9 [packed = true]; + case 9: { + if (tag == 74) { + parse_signature_y: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_signature_y()))); + } else if (tag == 72) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 74, input, this->mutable_signature_y()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(82)) goto parse_smac; + break; + } + + // repeated uint32 smac = 10 [packed = true]; + case 10: { + if (tag == 82) { + parse_smac: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_smac()))); + } else if (tag == 80) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 82, input, this->mutable_smac()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(88)) goto parse_size_sigrl; + break; + } + + // optional uint32 size_sigrl = 11; + case 11: { + if (tag == 88) { + parse_size_sigrl: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_sigrl_))); + set_has_size_sigrl(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(98)) goto parse_sigrl; + break; + } + + // repeated uint32 sigrl = 12 [packed = true]; + case 12: { + if (tag == 98) { + parse_sigrl: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_sigrl()))); + } else if (tag == 96) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 98, input, this->mutable_sigrl()))); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.MessageMSG2) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.MessageMSG2) + return false; +#undef DO_ +} + +void MessageMSG2::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.MessageMSG2) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // optional uint32 size = 2; + if (has_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->size(), output); + } + + // repeated uint32 public_key_gx = 3 [packed = true]; + if (this->public_key_gx_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(3, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_public_key_gx_cached_byte_size_); + } + for (int i = 0; i < this->public_key_gx_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->public_key_gx(i), output); + } + + // repeated uint32 public_key_gy = 4 [packed = true]; + if (this->public_key_gy_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(4, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_public_key_gy_cached_byte_size_); + } + for (int i = 0; i < this->public_key_gy_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->public_key_gy(i), output); + } + + // optional uint32 quote_type = 5; + if (has_quote_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(5, this->quote_type(), output); + } + + // repeated uint32 spid = 6 [packed = true]; + if (this->spid_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(6, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_spid_cached_byte_size_); + } + for (int i = 0; i < this->spid_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->spid(i), output); + } + + // optional uint32 cmac_kdf_id = 7; + if (has_cmac_kdf_id()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(7, this->cmac_kdf_id(), output); + } + + // repeated uint32 signature_x = 8 [packed = true]; + if (this->signature_x_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(8, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_signature_x_cached_byte_size_); + } + for (int i = 0; i < this->signature_x_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->signature_x(i), output); + } + + // repeated uint32 signature_y = 9 [packed = true]; + if (this->signature_y_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(9, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_signature_y_cached_byte_size_); + } + for (int i = 0; i < this->signature_y_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->signature_y(i), output); + } + + // repeated uint32 smac = 10 [packed = true]; + if (this->smac_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(10, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_smac_cached_byte_size_); + } + for (int i = 0; i < this->smac_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->smac(i), output); + } + + // optional uint32 size_sigrl = 11; + if (has_size_sigrl()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(11, this->size_sigrl(), output); + } + + // repeated uint32 sigrl = 12 [packed = true]; + if (this->sigrl_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(12, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_sigrl_cached_byte_size_); + } + for (int i = 0; i < this->sigrl_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->sigrl(i), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.MessageMSG2) +} + +::google::protobuf::uint8* MessageMSG2::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.MessageMSG2) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // optional uint32 size = 2; + if (has_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->size(), target); + } + + // repeated uint32 public_key_gx = 3 [packed = true]; + if (this->public_key_gx_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 3, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _public_key_gx_cached_byte_size_, target); + } + for (int i = 0; i < this->public_key_gx_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->public_key_gx(i), target); + } + + // repeated uint32 public_key_gy = 4 [packed = true]; + if (this->public_key_gy_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 4, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _public_key_gy_cached_byte_size_, target); + } + for (int i = 0; i < this->public_key_gy_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->public_key_gy(i), target); + } + + // optional uint32 quote_type = 5; + if (has_quote_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(5, this->quote_type(), target); + } + + // repeated uint32 spid = 6 [packed = true]; + if (this->spid_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 6, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _spid_cached_byte_size_, target); + } + for (int i = 0; i < this->spid_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->spid(i), target); + } + + // optional uint32 cmac_kdf_id = 7; + if (has_cmac_kdf_id()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(7, this->cmac_kdf_id(), target); + } + + // repeated uint32 signature_x = 8 [packed = true]; + if (this->signature_x_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 8, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _signature_x_cached_byte_size_, target); + } + for (int i = 0; i < this->signature_x_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->signature_x(i), target); + } + + // repeated uint32 signature_y = 9 [packed = true]; + if (this->signature_y_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 9, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _signature_y_cached_byte_size_, target); + } + for (int i = 0; i < this->signature_y_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->signature_y(i), target); + } + + // repeated uint32 smac = 10 [packed = true]; + if (this->smac_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 10, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _smac_cached_byte_size_, target); + } + for (int i = 0; i < this->smac_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->smac(i), target); + } + + // optional uint32 size_sigrl = 11; + if (has_size_sigrl()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(11, this->size_sigrl(), target); + } + + // repeated uint32 sigrl = 12 [packed = true]; + if (this->sigrl_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 12, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _sigrl_cached_byte_size_, target); + } + for (int i = 0; i < this->sigrl_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->sigrl(i), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.MessageMSG2) + return target; +} + +int MessageMSG2::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // optional uint32 size = 2; + if (has_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size()); + } + + // optional uint32 quote_type = 5; + if (has_quote_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->quote_type()); + } + + // optional uint32 cmac_kdf_id = 7; + if (has_cmac_kdf_id()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->cmac_kdf_id()); + } + + } + if (_has_bits_[10 / 32] & (0xffu << (10 % 32))) { + // optional uint32 size_sigrl = 11; + if (has_size_sigrl()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size_sigrl()); + } + + } + // repeated uint32 public_key_gx = 3 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->public_key_gx_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->public_key_gx(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _public_key_gx_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 public_key_gy = 4 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->public_key_gy_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->public_key_gy(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _public_key_gy_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 spid = 6 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->spid_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->spid(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _spid_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 signature_x = 8 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->signature_x_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->signature_x(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _signature_x_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 signature_y = 9 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->signature_y_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->signature_y(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _signature_y_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 smac = 10 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->smac_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->smac(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _smac_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 sigrl = 12 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->sigrl_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->sigrl(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _sigrl_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void MessageMSG2::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const MessageMSG2* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void MessageMSG2::MergeFrom(const MessageMSG2& from) { + GOOGLE_CHECK_NE(&from, this); + public_key_gx_.MergeFrom(from.public_key_gx_); + public_key_gy_.MergeFrom(from.public_key_gy_); + spid_.MergeFrom(from.spid_); + signature_x_.MergeFrom(from.signature_x_); + signature_y_.MergeFrom(from.signature_y_); + smac_.MergeFrom(from.smac_); + sigrl_.MergeFrom(from.sigrl_); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_size()) { + set_size(from.size()); + } + if (from.has_quote_type()) { + set_quote_type(from.quote_type()); + } + if (from.has_cmac_kdf_id()) { + set_cmac_kdf_id(from.cmac_kdf_id()); + } + } + if (from._has_bits_[10 / 32] & (0xffu << (10 % 32))) { + if (from.has_size_sigrl()) { + set_size_sigrl(from.size_sigrl()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void MessageMSG2::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void MessageMSG2::CopyFrom(const MessageMSG2& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool MessageMSG2::IsInitialized() const { + if ((_has_bits_[0] & 0x00000001) != 0x00000001) return false; + + return true; +} + +void MessageMSG2::Swap(MessageMSG2* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(size_, other->size_); + public_key_gx_.Swap(&other->public_key_gx_); + public_key_gy_.Swap(&other->public_key_gy_); + std::swap(quote_type_, other->quote_type_); + spid_.Swap(&other->spid_); + std::swap(cmac_kdf_id_, other->cmac_kdf_id_); + signature_x_.Swap(&other->signature_x_); + signature_y_.Swap(&other->signature_y_); + smac_.Swap(&other->smac_); + std::swap(size_sigrl_, other->size_sigrl_); + sigrl_.Swap(&other->sigrl_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata MessageMSG2::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = MessageMSG2_descriptor_; + metadata.reflection = MessageMSG2_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int MessageMSG3::kTypeFieldNumber; +const int MessageMSG3::kSizeFieldNumber; +const int MessageMSG3::kSgxMacFieldNumber; +const int MessageMSG3::kGaxMsg3FieldNumber; +const int MessageMSG3::kGayMsg3FieldNumber; +const int MessageMSG3::kSecPropertyFieldNumber; +const int MessageMSG3::kQuoteFieldNumber; +#endif // !_MSC_VER + +MessageMSG3::MessageMSG3() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.MessageMSG3) +} + +void MessageMSG3::InitAsDefaultInstance() { +} + +MessageMSG3::MessageMSG3(const MessageMSG3& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.MessageMSG3) +} + +void MessageMSG3::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + size_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +MessageMSG3::~MessageMSG3() { + // @@protoc_insertion_point(destructor:Messages.MessageMSG3) + SharedDtor(); +} + +void MessageMSG3::SharedDtor() { + if (this != default_instance_) { + } +} + +void MessageMSG3::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* MessageMSG3::descriptor() { + protobuf_AssignDescriptorsOnce(); + return MessageMSG3_descriptor_; +} + +const MessageMSG3& MessageMSG3::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +MessageMSG3* MessageMSG3::default_instance_ = NULL; + +MessageMSG3* MessageMSG3::New() const { + return new MessageMSG3; +} + +void MessageMSG3::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + ZR_(type_, size_); + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + sgx_mac_.Clear(); + gax_msg3_.Clear(); + gay_msg3_.Clear(); + sec_property_.Clear(); + quote_.Clear(); + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool MessageMSG3::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.MessageMSG3) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_size; + break; + } + + // optional uint32 size = 2; + case 2: { + if (tag == 16) { + parse_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_))); + set_has_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(26)) goto parse_sgx_mac; + break; + } + + // repeated uint32 sgx_mac = 3 [packed = true]; + case 3: { + if (tag == 26) { + parse_sgx_mac: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_sgx_mac()))); + } else if (tag == 24) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 26, input, this->mutable_sgx_mac()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(34)) goto parse_gax_msg3; + break; + } + + // repeated uint32 gax_msg3 = 4 [packed = true]; + case 4: { + if (tag == 34) { + parse_gax_msg3: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_gax_msg3()))); + } else if (tag == 32) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 34, input, this->mutable_gax_msg3()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(42)) goto parse_gay_msg3; + break; + } + + // repeated uint32 gay_msg3 = 5 [packed = true]; + case 5: { + if (tag == 42) { + parse_gay_msg3: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_gay_msg3()))); + } else if (tag == 40) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 42, input, this->mutable_gay_msg3()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(50)) goto parse_sec_property; + break; + } + + // repeated uint32 sec_property = 6 [packed = true]; + case 6: { + if (tag == 50) { + parse_sec_property: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_sec_property()))); + } else if (tag == 48) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 50, input, this->mutable_sec_property()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(58)) goto parse_quote; + break; + } + + // repeated uint32 quote = 7 [packed = true]; + case 7: { + if (tag == 58) { + parse_quote: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_quote()))); + } else if (tag == 56) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 58, input, this->mutable_quote()))); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.MessageMSG3) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.MessageMSG3) + return false; +#undef DO_ +} + +void MessageMSG3::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.MessageMSG3) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // optional uint32 size = 2; + if (has_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->size(), output); + } + + // repeated uint32 sgx_mac = 3 [packed = true]; + if (this->sgx_mac_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(3, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_sgx_mac_cached_byte_size_); + } + for (int i = 0; i < this->sgx_mac_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->sgx_mac(i), output); + } + + // repeated uint32 gax_msg3 = 4 [packed = true]; + if (this->gax_msg3_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(4, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_gax_msg3_cached_byte_size_); + } + for (int i = 0; i < this->gax_msg3_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->gax_msg3(i), output); + } + + // repeated uint32 gay_msg3 = 5 [packed = true]; + if (this->gay_msg3_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(5, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_gay_msg3_cached_byte_size_); + } + for (int i = 0; i < this->gay_msg3_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->gay_msg3(i), output); + } + + // repeated uint32 sec_property = 6 [packed = true]; + if (this->sec_property_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(6, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_sec_property_cached_byte_size_); + } + for (int i = 0; i < this->sec_property_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->sec_property(i), output); + } + + // repeated uint32 quote = 7 [packed = true]; + if (this->quote_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(7, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_quote_cached_byte_size_); + } + for (int i = 0; i < this->quote_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->quote(i), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.MessageMSG3) +} + +::google::protobuf::uint8* MessageMSG3::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.MessageMSG3) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // optional uint32 size = 2; + if (has_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->size(), target); + } + + // repeated uint32 sgx_mac = 3 [packed = true]; + if (this->sgx_mac_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 3, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _sgx_mac_cached_byte_size_, target); + } + for (int i = 0; i < this->sgx_mac_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->sgx_mac(i), target); + } + + // repeated uint32 gax_msg3 = 4 [packed = true]; + if (this->gax_msg3_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 4, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _gax_msg3_cached_byte_size_, target); + } + for (int i = 0; i < this->gax_msg3_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->gax_msg3(i), target); + } + + // repeated uint32 gay_msg3 = 5 [packed = true]; + if (this->gay_msg3_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 5, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _gay_msg3_cached_byte_size_, target); + } + for (int i = 0; i < this->gay_msg3_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->gay_msg3(i), target); + } + + // repeated uint32 sec_property = 6 [packed = true]; + if (this->sec_property_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 6, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _sec_property_cached_byte_size_, target); + } + for (int i = 0; i < this->sec_property_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->sec_property(i), target); + } + + // repeated uint32 quote = 7 [packed = true]; + if (this->quote_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 7, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _quote_cached_byte_size_, target); + } + for (int i = 0; i < this->quote_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->quote(i), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.MessageMSG3) + return target; +} + +int MessageMSG3::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // optional uint32 size = 2; + if (has_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size()); + } + + } + // repeated uint32 sgx_mac = 3 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->sgx_mac_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->sgx_mac(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _sgx_mac_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 gax_msg3 = 4 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->gax_msg3_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->gax_msg3(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _gax_msg3_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 gay_msg3 = 5 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->gay_msg3_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->gay_msg3(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _gay_msg3_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 sec_property = 6 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->sec_property_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->sec_property(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _sec_property_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 quote = 7 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->quote_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->quote(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _quote_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void MessageMSG3::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const MessageMSG3* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void MessageMSG3::MergeFrom(const MessageMSG3& from) { + GOOGLE_CHECK_NE(&from, this); + sgx_mac_.MergeFrom(from.sgx_mac_); + gax_msg3_.MergeFrom(from.gax_msg3_); + gay_msg3_.MergeFrom(from.gay_msg3_); + sec_property_.MergeFrom(from.sec_property_); + quote_.MergeFrom(from.quote_); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_size()) { + set_size(from.size()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void MessageMSG3::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void MessageMSG3::CopyFrom(const MessageMSG3& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool MessageMSG3::IsInitialized() const { + if ((_has_bits_[0] & 0x00000001) != 0x00000001) return false; + + return true; +} + +void MessageMSG3::Swap(MessageMSG3* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(size_, other->size_); + sgx_mac_.Swap(&other->sgx_mac_); + gax_msg3_.Swap(&other->gax_msg3_); + gay_msg3_.Swap(&other->gay_msg3_); + sec_property_.Swap(&other->sec_property_); + quote_.Swap(&other->quote_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata MessageMSG3::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = MessageMSG3_descriptor_; + metadata.reflection = MessageMSG3_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int AttestationMessage::kTypeFieldNumber; +const int AttestationMessage::kSizeFieldNumber; +const int AttestationMessage::kEpidGroupStatusFieldNumber; +const int AttestationMessage::kTcbEvaluationStatusFieldNumber; +const int AttestationMessage::kPseEvaluationStatusFieldNumber; +const int AttestationMessage::kLatestEquivalentTcbPsvnFieldNumber; +const int AttestationMessage::kLatestPseIsvsvnFieldNumber; +const int AttestationMessage::kLatestPsdaSvnFieldNumber; +const int AttestationMessage::kPerformanceRekeyGidFieldNumber; +const int AttestationMessage::kEcSign256XFieldNumber; +const int AttestationMessage::kEcSign256YFieldNumber; +const int AttestationMessage::kMacSmkFieldNumber; +const int AttestationMessage::kResultSizeFieldNumber; +const int AttestationMessage::kReservedFieldNumber; +const int AttestationMessage::kPayloadTagFieldNumber; +const int AttestationMessage::kPayloadFieldNumber; +#endif // !_MSC_VER + +AttestationMessage::AttestationMessage() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.AttestationMessage) +} + +void AttestationMessage::InitAsDefaultInstance() { +} + +AttestationMessage::AttestationMessage(const AttestationMessage& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.AttestationMessage) +} + +void AttestationMessage::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + size_ = 0u; + epid_group_status_ = 0u; + tcb_evaluation_status_ = 0u; + pse_evaluation_status_ = 0u; + result_size_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +AttestationMessage::~AttestationMessage() { + // @@protoc_insertion_point(destructor:Messages.AttestationMessage) + SharedDtor(); +} + +void AttestationMessage::SharedDtor() { + if (this != default_instance_) { + } +} + +void AttestationMessage::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* AttestationMessage::descriptor() { + protobuf_AssignDescriptorsOnce(); + return AttestationMessage_descriptor_; +} + +const AttestationMessage& AttestationMessage::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +AttestationMessage* AttestationMessage::default_instance_ = NULL; + +AttestationMessage* AttestationMessage::New() const { + return new AttestationMessage; +} + +void AttestationMessage::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + if (_has_bits_[0 / 32] & 31) { + ZR_(type_, tcb_evaluation_status_); + pse_evaluation_status_ = 0u; + } + result_size_ = 0u; + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + latest_equivalent_tcb_psvn_.Clear(); + latest_pse_isvsvn_.Clear(); + latest_psda_svn_.Clear(); + performance_rekey_gid_.Clear(); + ec_sign256_x_.Clear(); + ec_sign256_y_.Clear(); + mac_smk_.Clear(); + reserved_.Clear(); + payload_tag_.Clear(); + payload_.Clear(); + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool AttestationMessage::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.AttestationMessage) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(16383); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_size; + break; + } + + // required uint32 size = 2; + case 2: { + if (tag == 16) { + parse_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_))); + set_has_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(24)) goto parse_epid_group_status; + break; + } + + // optional uint32 epid_group_status = 3; + case 3: { + if (tag == 24) { + parse_epid_group_status: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &epid_group_status_))); + set_has_epid_group_status(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(32)) goto parse_tcb_evaluation_status; + break; + } + + // optional uint32 tcb_evaluation_status = 4; + case 4: { + if (tag == 32) { + parse_tcb_evaluation_status: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &tcb_evaluation_status_))); + set_has_tcb_evaluation_status(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(40)) goto parse_pse_evaluation_status; + break; + } + + // optional uint32 pse_evaluation_status = 5; + case 5: { + if (tag == 40) { + parse_pse_evaluation_status: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &pse_evaluation_status_))); + set_has_pse_evaluation_status(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(50)) goto parse_latest_equivalent_tcb_psvn; + break; + } + + // repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; + case 6: { + if (tag == 50) { + parse_latest_equivalent_tcb_psvn: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_latest_equivalent_tcb_psvn()))); + } else if (tag == 48) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 50, input, this->mutable_latest_equivalent_tcb_psvn()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(58)) goto parse_latest_pse_isvsvn; + break; + } + + // repeated uint32 latest_pse_isvsvn = 7 [packed = true]; + case 7: { + if (tag == 58) { + parse_latest_pse_isvsvn: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_latest_pse_isvsvn()))); + } else if (tag == 56) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 58, input, this->mutable_latest_pse_isvsvn()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(66)) goto parse_latest_psda_svn; + break; + } + + // repeated uint32 latest_psda_svn = 8 [packed = true]; + case 8: { + if (tag == 66) { + parse_latest_psda_svn: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_latest_psda_svn()))); + } else if (tag == 64) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 66, input, this->mutable_latest_psda_svn()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(74)) goto parse_performance_rekey_gid; + break; + } + + // repeated uint32 performance_rekey_gid = 9 [packed = true]; + case 9: { + if (tag == 74) { + parse_performance_rekey_gid: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_performance_rekey_gid()))); + } else if (tag == 72) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 74, input, this->mutable_performance_rekey_gid()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(82)) goto parse_ec_sign256_x; + break; + } + + // repeated uint32 ec_sign256_x = 10 [packed = true]; + case 10: { + if (tag == 82) { + parse_ec_sign256_x: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_ec_sign256_x()))); + } else if (tag == 80) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 82, input, this->mutable_ec_sign256_x()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(90)) goto parse_ec_sign256_y; + break; + } + + // repeated uint32 ec_sign256_y = 11 [packed = true]; + case 11: { + if (tag == 90) { + parse_ec_sign256_y: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_ec_sign256_y()))); + } else if (tag == 88) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 90, input, this->mutable_ec_sign256_y()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(98)) goto parse_mac_smk; + break; + } + + // repeated uint32 mac_smk = 12 [packed = true]; + case 12: { + if (tag == 98) { + parse_mac_smk: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_mac_smk()))); + } else if (tag == 96) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 98, input, this->mutable_mac_smk()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(104)) goto parse_result_size; + break; + } + + // optional uint32 result_size = 13; + case 13: { + if (tag == 104) { + parse_result_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &result_size_))); + set_has_result_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(114)) goto parse_reserved; + break; + } + + // repeated uint32 reserved = 14 [packed = true]; + case 14: { + if (tag == 114) { + parse_reserved: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_reserved()))); + } else if (tag == 112) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 114, input, this->mutable_reserved()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(122)) goto parse_payload_tag; + break; + } + + // repeated uint32 payload_tag = 15 [packed = true]; + case 15: { + if (tag == 122) { + parse_payload_tag: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_payload_tag()))); + } else if (tag == 120) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 122, input, this->mutable_payload_tag()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(130)) goto parse_payload; + break; + } + + // repeated uint32 payload = 16 [packed = true]; + case 16: { + if (tag == 130) { + parse_payload: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_payload()))); + } else if (tag == 128) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 2, 130, input, this->mutable_payload()))); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.AttestationMessage) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.AttestationMessage) + return false; +#undef DO_ +} + +void AttestationMessage::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.AttestationMessage) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // required uint32 size = 2; + if (has_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->size(), output); + } + + // optional uint32 epid_group_status = 3; + if (has_epid_group_status()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(3, this->epid_group_status(), output); + } + + // optional uint32 tcb_evaluation_status = 4; + if (has_tcb_evaluation_status()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(4, this->tcb_evaluation_status(), output); + } + + // optional uint32 pse_evaluation_status = 5; + if (has_pse_evaluation_status()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(5, this->pse_evaluation_status(), output); + } + + // repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; + if (this->latest_equivalent_tcb_psvn_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(6, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_latest_equivalent_tcb_psvn_cached_byte_size_); + } + for (int i = 0; i < this->latest_equivalent_tcb_psvn_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->latest_equivalent_tcb_psvn(i), output); + } + + // repeated uint32 latest_pse_isvsvn = 7 [packed = true]; + if (this->latest_pse_isvsvn_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(7, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_latest_pse_isvsvn_cached_byte_size_); + } + for (int i = 0; i < this->latest_pse_isvsvn_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->latest_pse_isvsvn(i), output); + } + + // repeated uint32 latest_psda_svn = 8 [packed = true]; + if (this->latest_psda_svn_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(8, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_latest_psda_svn_cached_byte_size_); + } + for (int i = 0; i < this->latest_psda_svn_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->latest_psda_svn(i), output); + } + + // repeated uint32 performance_rekey_gid = 9 [packed = true]; + if (this->performance_rekey_gid_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(9, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_performance_rekey_gid_cached_byte_size_); + } + for (int i = 0; i < this->performance_rekey_gid_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->performance_rekey_gid(i), output); + } + + // repeated uint32 ec_sign256_x = 10 [packed = true]; + if (this->ec_sign256_x_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(10, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_ec_sign256_x_cached_byte_size_); + } + for (int i = 0; i < this->ec_sign256_x_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->ec_sign256_x(i), output); + } + + // repeated uint32 ec_sign256_y = 11 [packed = true]; + if (this->ec_sign256_y_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(11, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_ec_sign256_y_cached_byte_size_); + } + for (int i = 0; i < this->ec_sign256_y_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->ec_sign256_y(i), output); + } + + // repeated uint32 mac_smk = 12 [packed = true]; + if (this->mac_smk_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(12, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_mac_smk_cached_byte_size_); + } + for (int i = 0; i < this->mac_smk_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->mac_smk(i), output); + } + + // optional uint32 result_size = 13; + if (has_result_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(13, this->result_size(), output); + } + + // repeated uint32 reserved = 14 [packed = true]; + if (this->reserved_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(14, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_reserved_cached_byte_size_); + } + for (int i = 0; i < this->reserved_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->reserved(i), output); + } + + // repeated uint32 payload_tag = 15 [packed = true]; + if (this->payload_tag_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(15, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_payload_tag_cached_byte_size_); + } + for (int i = 0; i < this->payload_tag_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->payload_tag(i), output); + } + + // repeated uint32 payload = 16 [packed = true]; + if (this->payload_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(16, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_payload_cached_byte_size_); + } + for (int i = 0; i < this->payload_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->payload(i), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.AttestationMessage) +} + +::google::protobuf::uint8* AttestationMessage::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.AttestationMessage) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // required uint32 size = 2; + if (has_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->size(), target); + } + + // optional uint32 epid_group_status = 3; + if (has_epid_group_status()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(3, this->epid_group_status(), target); + } + + // optional uint32 tcb_evaluation_status = 4; + if (has_tcb_evaluation_status()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(4, this->tcb_evaluation_status(), target); + } + + // optional uint32 pse_evaluation_status = 5; + if (has_pse_evaluation_status()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(5, this->pse_evaluation_status(), target); + } + + // repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; + if (this->latest_equivalent_tcb_psvn_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 6, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _latest_equivalent_tcb_psvn_cached_byte_size_, target); + } + for (int i = 0; i < this->latest_equivalent_tcb_psvn_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->latest_equivalent_tcb_psvn(i), target); + } + + // repeated uint32 latest_pse_isvsvn = 7 [packed = true]; + if (this->latest_pse_isvsvn_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 7, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _latest_pse_isvsvn_cached_byte_size_, target); + } + for (int i = 0; i < this->latest_pse_isvsvn_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->latest_pse_isvsvn(i), target); + } + + // repeated uint32 latest_psda_svn = 8 [packed = true]; + if (this->latest_psda_svn_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 8, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _latest_psda_svn_cached_byte_size_, target); + } + for (int i = 0; i < this->latest_psda_svn_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->latest_psda_svn(i), target); + } + + // repeated uint32 performance_rekey_gid = 9 [packed = true]; + if (this->performance_rekey_gid_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 9, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _performance_rekey_gid_cached_byte_size_, target); + } + for (int i = 0; i < this->performance_rekey_gid_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->performance_rekey_gid(i), target); + } + + // repeated uint32 ec_sign256_x = 10 [packed = true]; + if (this->ec_sign256_x_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 10, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _ec_sign256_x_cached_byte_size_, target); + } + for (int i = 0; i < this->ec_sign256_x_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->ec_sign256_x(i), target); + } + + // repeated uint32 ec_sign256_y = 11 [packed = true]; + if (this->ec_sign256_y_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 11, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _ec_sign256_y_cached_byte_size_, target); + } + for (int i = 0; i < this->ec_sign256_y_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->ec_sign256_y(i), target); + } + + // repeated uint32 mac_smk = 12 [packed = true]; + if (this->mac_smk_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 12, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _mac_smk_cached_byte_size_, target); + } + for (int i = 0; i < this->mac_smk_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->mac_smk(i), target); + } + + // optional uint32 result_size = 13; + if (has_result_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(13, this->result_size(), target); + } + + // repeated uint32 reserved = 14 [packed = true]; + if (this->reserved_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 14, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _reserved_cached_byte_size_, target); + } + for (int i = 0; i < this->reserved_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->reserved(i), target); + } + + // repeated uint32 payload_tag = 15 [packed = true]; + if (this->payload_tag_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 15, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _payload_tag_cached_byte_size_, target); + } + for (int i = 0; i < this->payload_tag_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->payload_tag(i), target); + } + + // repeated uint32 payload = 16 [packed = true]; + if (this->payload_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 16, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _payload_cached_byte_size_, target); + } + for (int i = 0; i < this->payload_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->payload(i), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.AttestationMessage) + return target; +} + +int AttestationMessage::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // required uint32 size = 2; + if (has_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size()); + } + + // optional uint32 epid_group_status = 3; + if (has_epid_group_status()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->epid_group_status()); + } + + // optional uint32 tcb_evaluation_status = 4; + if (has_tcb_evaluation_status()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->tcb_evaluation_status()); + } + + // optional uint32 pse_evaluation_status = 5; + if (has_pse_evaluation_status()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->pse_evaluation_status()); + } + + } + if (_has_bits_[12 / 32] & (0xffu << (12 % 32))) { + // optional uint32 result_size = 13; + if (has_result_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->result_size()); + } + + } + // repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->latest_equivalent_tcb_psvn_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->latest_equivalent_tcb_psvn(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _latest_equivalent_tcb_psvn_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 latest_pse_isvsvn = 7 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->latest_pse_isvsvn_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->latest_pse_isvsvn(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _latest_pse_isvsvn_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 latest_psda_svn = 8 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->latest_psda_svn_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->latest_psda_svn(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _latest_psda_svn_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 performance_rekey_gid = 9 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->performance_rekey_gid_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->performance_rekey_gid(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _performance_rekey_gid_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 ec_sign256_x = 10 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->ec_sign256_x_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->ec_sign256_x(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _ec_sign256_x_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 ec_sign256_y = 11 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->ec_sign256_y_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->ec_sign256_y(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _ec_sign256_y_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 mac_smk = 12 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->mac_smk_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->mac_smk(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _mac_smk_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 reserved = 14 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->reserved_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->reserved(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _reserved_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 payload_tag = 15 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->payload_tag_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->payload_tag(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _payload_tag_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 payload = 16 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->payload_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->payload(i)); + } + if (data_size > 0) { + total_size += 2 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _payload_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void AttestationMessage::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const AttestationMessage* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void AttestationMessage::MergeFrom(const AttestationMessage& from) { + GOOGLE_CHECK_NE(&from, this); + latest_equivalent_tcb_psvn_.MergeFrom(from.latest_equivalent_tcb_psvn_); + latest_pse_isvsvn_.MergeFrom(from.latest_pse_isvsvn_); + latest_psda_svn_.MergeFrom(from.latest_psda_svn_); + performance_rekey_gid_.MergeFrom(from.performance_rekey_gid_); + ec_sign256_x_.MergeFrom(from.ec_sign256_x_); + ec_sign256_y_.MergeFrom(from.ec_sign256_y_); + mac_smk_.MergeFrom(from.mac_smk_); + reserved_.MergeFrom(from.reserved_); + payload_tag_.MergeFrom(from.payload_tag_); + payload_.MergeFrom(from.payload_); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_size()) { + set_size(from.size()); + } + if (from.has_epid_group_status()) { + set_epid_group_status(from.epid_group_status()); + } + if (from.has_tcb_evaluation_status()) { + set_tcb_evaluation_status(from.tcb_evaluation_status()); + } + if (from.has_pse_evaluation_status()) { + set_pse_evaluation_status(from.pse_evaluation_status()); + } + } + if (from._has_bits_[12 / 32] & (0xffu << (12 % 32))) { + if (from.has_result_size()) { + set_result_size(from.result_size()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void AttestationMessage::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void AttestationMessage::CopyFrom(const AttestationMessage& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool AttestationMessage::IsInitialized() const { + if ((_has_bits_[0] & 0x00000003) != 0x00000003) return false; + + return true; +} + +void AttestationMessage::Swap(AttestationMessage* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(size_, other->size_); + std::swap(epid_group_status_, other->epid_group_status_); + std::swap(tcb_evaluation_status_, other->tcb_evaluation_status_); + std::swap(pse_evaluation_status_, other->pse_evaluation_status_); + latest_equivalent_tcb_psvn_.Swap(&other->latest_equivalent_tcb_psvn_); + latest_pse_isvsvn_.Swap(&other->latest_pse_isvsvn_); + latest_psda_svn_.Swap(&other->latest_psda_svn_); + performance_rekey_gid_.Swap(&other->performance_rekey_gid_); + ec_sign256_x_.Swap(&other->ec_sign256_x_); + ec_sign256_y_.Swap(&other->ec_sign256_y_); + mac_smk_.Swap(&other->mac_smk_); + std::swap(result_size_, other->result_size_); + reserved_.Swap(&other->reserved_); + payload_tag_.Swap(&other->payload_tag_); + payload_.Swap(&other->payload_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata AttestationMessage::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = AttestationMessage_descriptor_; + metadata.reflection = AttestationMessage_reflection_; + return metadata; +} + + +// =================================================================== + +#ifndef _MSC_VER +const int SecretMessage::kTypeFieldNumber; +const int SecretMessage::kSizeFieldNumber; +const int SecretMessage::kEncrypedPkeySizeFieldNumber; +const int SecretMessage::kEncrypedX509SizeFieldNumber; +const int SecretMessage::kEncryptedContentFieldNumber; +const int SecretMessage::kMacSmkFieldNumber; +const int SecretMessage::kEncryptedPkeyFieldNumber; +const int SecretMessage::kEncryptedPkeyMacSmkFieldNumber; +const int SecretMessage::kEncryptedX509FieldNumber; +const int SecretMessage::kEncryptedX509MacSmkFieldNumber; +#endif // !_MSC_VER + +SecretMessage::SecretMessage() + : ::google::protobuf::Message() { + SharedCtor(); + // @@protoc_insertion_point(constructor:Messages.SecretMessage) +} + +void SecretMessage::InitAsDefaultInstance() { +} + +SecretMessage::SecretMessage(const SecretMessage& from) + : ::google::protobuf::Message() { + SharedCtor(); + MergeFrom(from); + // @@protoc_insertion_point(copy_constructor:Messages.SecretMessage) +} + +void SecretMessage::SharedCtor() { + _cached_size_ = 0; + type_ = 0u; + size_ = 0u; + encryped_pkey_size_ = 0u; + encryped_x509_size_ = 0u; + ::memset(_has_bits_, 0, sizeof(_has_bits_)); +} + +SecretMessage::~SecretMessage() { + // @@protoc_insertion_point(destructor:Messages.SecretMessage) + SharedDtor(); +} + +void SecretMessage::SharedDtor() { + if (this != default_instance_) { + } +} + +void SecretMessage::SetCachedSize(int size) const { + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); +} +const ::google::protobuf::Descriptor* SecretMessage::descriptor() { + protobuf_AssignDescriptorsOnce(); + return SecretMessage_descriptor_; +} + +const SecretMessage& SecretMessage::default_instance() { + if (default_instance_ == NULL) protobuf_AddDesc_Messages_2eproto(); + return *default_instance_; +} + +SecretMessage* SecretMessage::default_instance_ = NULL; + +SecretMessage* SecretMessage::New() const { + return new SecretMessage; +} + +void SecretMessage::Clear() { +#define OFFSET_OF_FIELD_(f) (reinterpret_cast( \ + &reinterpret_cast(16)->f) - \ + reinterpret_cast(16)) + +#define ZR_(first, last) do { \ + size_t f = OFFSET_OF_FIELD_(first); \ + size_t n = OFFSET_OF_FIELD_(last) - f + sizeof(last); \ + ::memset(&first, 0, n); \ + } while (0) + + ZR_(type_, encryped_x509_size_); + +#undef OFFSET_OF_FIELD_ +#undef ZR_ + + encrypted_content_.Clear(); + mac_smk_.Clear(); + encrypted_pkey_.Clear(); + encrypted_pkey_mac_smk_.Clear(); + encrypted_x509_.Clear(); + encrypted_x509_mac_smk_.Clear(); + ::memset(_has_bits_, 0, sizeof(_has_bits_)); + mutable_unknown_fields()->Clear(); +} + +bool SecretMessage::MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input) { +#define DO_(EXPRESSION) if (!(EXPRESSION)) goto failure + ::google::protobuf::uint32 tag; + // @@protoc_insertion_point(parse_start:Messages.SecretMessage) + for (;;) { + ::std::pair< ::google::protobuf::uint32, bool> p = input->ReadTagWithCutoff(127); + tag = p.first; + if (!p.second) goto handle_unusual; + switch (::google::protobuf::internal::WireFormatLite::GetTagFieldNumber(tag)) { + // required uint32 type = 1; + case 1: { + if (tag == 8) { + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &type_))); + set_has_type(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(16)) goto parse_size; + break; + } + + // required uint32 size = 2; + case 2: { + if (tag == 16) { + parse_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &size_))); + set_has_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(24)) goto parse_encryped_pkey_size; + break; + } + + // optional uint32 encryped_pkey_size = 3; + case 3: { + if (tag == 24) { + parse_encryped_pkey_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &encryped_pkey_size_))); + set_has_encryped_pkey_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(32)) goto parse_encryped_x509_size; + break; + } + + // optional uint32 encryped_x509_size = 4; + case 4: { + if (tag == 32) { + parse_encryped_x509_size: + DO_((::google::protobuf::internal::WireFormatLite::ReadPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, &encryped_x509_size_))); + set_has_encryped_x509_size(); + } else { + goto handle_unusual; + } + if (input->ExpectTag(42)) goto parse_encrypted_content; + break; + } + + // repeated uint32 encrypted_content = 5 [packed = true]; + case 5: { + if (tag == 42) { + parse_encrypted_content: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_encrypted_content()))); + } else if (tag == 40) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 42, input, this->mutable_encrypted_content()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(50)) goto parse_mac_smk; + break; + } + + // repeated uint32 mac_smk = 6 [packed = true]; + case 6: { + if (tag == 50) { + parse_mac_smk: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_mac_smk()))); + } else if (tag == 48) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 50, input, this->mutable_mac_smk()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(58)) goto parse_encrypted_pkey; + break; + } + + // repeated uint32 encrypted_pkey = 7 [packed = true]; + case 7: { + if (tag == 58) { + parse_encrypted_pkey: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_encrypted_pkey()))); + } else if (tag == 56) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 58, input, this->mutable_encrypted_pkey()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(66)) goto parse_encrypted_pkey_mac_smk; + break; + } + + // repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; + case 8: { + if (tag == 66) { + parse_encrypted_pkey_mac_smk: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_encrypted_pkey_mac_smk()))); + } else if (tag == 64) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 66, input, this->mutable_encrypted_pkey_mac_smk()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(74)) goto parse_encrypted_x509; + break; + } + + // repeated uint32 encrypted_x509 = 9 [packed = true]; + case 9: { + if (tag == 74) { + parse_encrypted_x509: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_encrypted_x509()))); + } else if (tag == 72) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 74, input, this->mutable_encrypted_x509()))); + } else { + goto handle_unusual; + } + if (input->ExpectTag(82)) goto parse_encrypted_x509_mac_smk; + break; + } + + // repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; + case 10: { + if (tag == 82) { + parse_encrypted_x509_mac_smk: + DO_((::google::protobuf::internal::WireFormatLite::ReadPackedPrimitive< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + input, this->mutable_encrypted_x509_mac_smk()))); + } else if (tag == 80) { + DO_((::google::protobuf::internal::WireFormatLite::ReadRepeatedPrimitiveNoInline< + ::google::protobuf::uint32, ::google::protobuf::internal::WireFormatLite::TYPE_UINT32>( + 1, 82, input, this->mutable_encrypted_x509_mac_smk()))); + } else { + goto handle_unusual; + } + if (input->ExpectAtEnd()) goto success; + break; + } + + default: { + handle_unusual: + if (tag == 0 || + ::google::protobuf::internal::WireFormatLite::GetTagWireType(tag) == + ::google::protobuf::internal::WireFormatLite::WIRETYPE_END_GROUP) { + goto success; + } + DO_(::google::protobuf::internal::WireFormat::SkipField( + input, tag, mutable_unknown_fields())); + break; + } + } + } +success: + // @@protoc_insertion_point(parse_success:Messages.SecretMessage) + return true; +failure: + // @@protoc_insertion_point(parse_failure:Messages.SecretMessage) + return false; +#undef DO_ +} + +void SecretMessage::SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const { + // @@protoc_insertion_point(serialize_start:Messages.SecretMessage) + // required uint32 type = 1; + if (has_type()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(1, this->type(), output); + } + + // required uint32 size = 2; + if (has_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(2, this->size(), output); + } + + // optional uint32 encryped_pkey_size = 3; + if (has_encryped_pkey_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(3, this->encryped_pkey_size(), output); + } + + // optional uint32 encryped_x509_size = 4; + if (has_encryped_x509_size()) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32(4, this->encryped_x509_size(), output); + } + + // repeated uint32 encrypted_content = 5 [packed = true]; + if (this->encrypted_content_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(5, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_encrypted_content_cached_byte_size_); + } + for (int i = 0; i < this->encrypted_content_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->encrypted_content(i), output); + } + + // repeated uint32 mac_smk = 6 [packed = true]; + if (this->mac_smk_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(6, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_mac_smk_cached_byte_size_); + } + for (int i = 0; i < this->mac_smk_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->mac_smk(i), output); + } + + // repeated uint32 encrypted_pkey = 7 [packed = true]; + if (this->encrypted_pkey_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(7, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_encrypted_pkey_cached_byte_size_); + } + for (int i = 0; i < this->encrypted_pkey_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->encrypted_pkey(i), output); + } + + // repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; + if (this->encrypted_pkey_mac_smk_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(8, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_encrypted_pkey_mac_smk_cached_byte_size_); + } + for (int i = 0; i < this->encrypted_pkey_mac_smk_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->encrypted_pkey_mac_smk(i), output); + } + + // repeated uint32 encrypted_x509 = 9 [packed = true]; + if (this->encrypted_x509_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(9, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_encrypted_x509_cached_byte_size_); + } + for (int i = 0; i < this->encrypted_x509_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->encrypted_x509(i), output); + } + + // repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; + if (this->encrypted_x509_mac_smk_size() > 0) { + ::google::protobuf::internal::WireFormatLite::WriteTag(10, ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, output); + output->WriteVarint32(_encrypted_x509_mac_smk_cached_byte_size_); + } + for (int i = 0; i < this->encrypted_x509_mac_smk_size(); i++) { + ::google::protobuf::internal::WireFormatLite::WriteUInt32NoTag( + this->encrypted_x509_mac_smk(i), output); + } + + if (!unknown_fields().empty()) { + ::google::protobuf::internal::WireFormat::SerializeUnknownFields( + unknown_fields(), output); + } + // @@protoc_insertion_point(serialize_end:Messages.SecretMessage) +} + +::google::protobuf::uint8* SecretMessage::SerializeWithCachedSizesToArray( + ::google::protobuf::uint8* target) const { + // @@protoc_insertion_point(serialize_to_array_start:Messages.SecretMessage) + // required uint32 type = 1; + if (has_type()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(1, this->type(), target); + } + + // required uint32 size = 2; + if (has_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(2, this->size(), target); + } + + // optional uint32 encryped_pkey_size = 3; + if (has_encryped_pkey_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(3, this->encryped_pkey_size(), target); + } + + // optional uint32 encryped_x509_size = 4; + if (has_encryped_x509_size()) { + target = ::google::protobuf::internal::WireFormatLite::WriteUInt32ToArray(4, this->encryped_x509_size(), target); + } + + // repeated uint32 encrypted_content = 5 [packed = true]; + if (this->encrypted_content_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 5, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _encrypted_content_cached_byte_size_, target); + } + for (int i = 0; i < this->encrypted_content_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->encrypted_content(i), target); + } + + // repeated uint32 mac_smk = 6 [packed = true]; + if (this->mac_smk_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 6, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _mac_smk_cached_byte_size_, target); + } + for (int i = 0; i < this->mac_smk_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->mac_smk(i), target); + } + + // repeated uint32 encrypted_pkey = 7 [packed = true]; + if (this->encrypted_pkey_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 7, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _encrypted_pkey_cached_byte_size_, target); + } + for (int i = 0; i < this->encrypted_pkey_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->encrypted_pkey(i), target); + } + + // repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; + if (this->encrypted_pkey_mac_smk_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 8, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _encrypted_pkey_mac_smk_cached_byte_size_, target); + } + for (int i = 0; i < this->encrypted_pkey_mac_smk_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->encrypted_pkey_mac_smk(i), target); + } + + // repeated uint32 encrypted_x509 = 9 [packed = true]; + if (this->encrypted_x509_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 9, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _encrypted_x509_cached_byte_size_, target); + } + for (int i = 0; i < this->encrypted_x509_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->encrypted_x509(i), target); + } + + // repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; + if (this->encrypted_x509_mac_smk_size() > 0) { + target = ::google::protobuf::internal::WireFormatLite::WriteTagToArray( + 10, + ::google::protobuf::internal::WireFormatLite::WIRETYPE_LENGTH_DELIMITED, + target); + target = ::google::protobuf::io::CodedOutputStream::WriteVarint32ToArray( + _encrypted_x509_mac_smk_cached_byte_size_, target); + } + for (int i = 0; i < this->encrypted_x509_mac_smk_size(); i++) { + target = ::google::protobuf::internal::WireFormatLite:: + WriteUInt32NoTagToArray(this->encrypted_x509_mac_smk(i), target); + } + + if (!unknown_fields().empty()) { + target = ::google::protobuf::internal::WireFormat::SerializeUnknownFieldsToArray( + unknown_fields(), target); + } + // @@protoc_insertion_point(serialize_to_array_end:Messages.SecretMessage) + return target; +} + +int SecretMessage::ByteSize() const { + int total_size = 0; + + if (_has_bits_[0 / 32] & (0xffu << (0 % 32))) { + // required uint32 type = 1; + if (has_type()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->type()); + } + + // required uint32 size = 2; + if (has_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->size()); + } + + // optional uint32 encryped_pkey_size = 3; + if (has_encryped_pkey_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->encryped_pkey_size()); + } + + // optional uint32 encryped_x509_size = 4; + if (has_encryped_x509_size()) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::UInt32Size( + this->encryped_x509_size()); + } + + } + // repeated uint32 encrypted_content = 5 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->encrypted_content_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->encrypted_content(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _encrypted_content_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 mac_smk = 6 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->mac_smk_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->mac_smk(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _mac_smk_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 encrypted_pkey = 7 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->encrypted_pkey_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->encrypted_pkey(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _encrypted_pkey_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->encrypted_pkey_mac_smk_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->encrypted_pkey_mac_smk(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _encrypted_pkey_mac_smk_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 encrypted_x509 = 9 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->encrypted_x509_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->encrypted_x509(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _encrypted_x509_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + // repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; + { + int data_size = 0; + for (int i = 0; i < this->encrypted_x509_mac_smk_size(); i++) { + data_size += ::google::protobuf::internal::WireFormatLite:: + UInt32Size(this->encrypted_x509_mac_smk(i)); + } + if (data_size > 0) { + total_size += 1 + + ::google::protobuf::internal::WireFormatLite::Int32Size(data_size); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _encrypted_x509_mac_smk_cached_byte_size_ = data_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + total_size += data_size; + } + + if (!unknown_fields().empty()) { + total_size += + ::google::protobuf::internal::WireFormat::ComputeUnknownFieldsSize( + unknown_fields()); + } + GOOGLE_SAFE_CONCURRENT_WRITES_BEGIN(); + _cached_size_ = total_size; + GOOGLE_SAFE_CONCURRENT_WRITES_END(); + return total_size; +} + +void SecretMessage::MergeFrom(const ::google::protobuf::Message& from) { + GOOGLE_CHECK_NE(&from, this); + const SecretMessage* source = + ::google::protobuf::internal::dynamic_cast_if_available( + &from); + if (source == NULL) { + ::google::protobuf::internal::ReflectionOps::Merge(from, this); + } else { + MergeFrom(*source); + } +} + +void SecretMessage::MergeFrom(const SecretMessage& from) { + GOOGLE_CHECK_NE(&from, this); + encrypted_content_.MergeFrom(from.encrypted_content_); + mac_smk_.MergeFrom(from.mac_smk_); + encrypted_pkey_.MergeFrom(from.encrypted_pkey_); + encrypted_pkey_mac_smk_.MergeFrom(from.encrypted_pkey_mac_smk_); + encrypted_x509_.MergeFrom(from.encrypted_x509_); + encrypted_x509_mac_smk_.MergeFrom(from.encrypted_x509_mac_smk_); + if (from._has_bits_[0 / 32] & (0xffu << (0 % 32))) { + if (from.has_type()) { + set_type(from.type()); + } + if (from.has_size()) { + set_size(from.size()); + } + if (from.has_encryped_pkey_size()) { + set_encryped_pkey_size(from.encryped_pkey_size()); + } + if (from.has_encryped_x509_size()) { + set_encryped_x509_size(from.encryped_x509_size()); + } + } + mutable_unknown_fields()->MergeFrom(from.unknown_fields()); +} + +void SecretMessage::CopyFrom(const ::google::protobuf::Message& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +void SecretMessage::CopyFrom(const SecretMessage& from) { + if (&from == this) return; + Clear(); + MergeFrom(from); +} + +bool SecretMessage::IsInitialized() const { + if ((_has_bits_[0] & 0x00000003) != 0x00000003) return false; + + return true; +} + +void SecretMessage::Swap(SecretMessage* other) { + if (other != this) { + std::swap(type_, other->type_); + std::swap(size_, other->size_); + std::swap(encryped_pkey_size_, other->encryped_pkey_size_); + std::swap(encryped_x509_size_, other->encryped_x509_size_); + encrypted_content_.Swap(&other->encrypted_content_); + mac_smk_.Swap(&other->mac_smk_); + encrypted_pkey_.Swap(&other->encrypted_pkey_); + encrypted_pkey_mac_smk_.Swap(&other->encrypted_pkey_mac_smk_); + encrypted_x509_.Swap(&other->encrypted_x509_); + encrypted_x509_mac_smk_.Swap(&other->encrypted_x509_mac_smk_); + std::swap(_has_bits_[0], other->_has_bits_[0]); + _unknown_fields_.Swap(&other->_unknown_fields_); + std::swap(_cached_size_, other->_cached_size_); + } +} + +::google::protobuf::Metadata SecretMessage::GetMetadata() const { + protobuf_AssignDescriptorsOnce(); + ::google::protobuf::Metadata metadata; + metadata.descriptor = SecretMessage_descriptor_; + metadata.reflection = SecretMessage_reflection_; + return metadata; +} + + +// @@protoc_insertion_point(namespace_scope) + +} // namespace Messages + +// @@protoc_insertion_point(global_scope) diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.h new file mode 100644 index 0000000..8c2e78f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.pb.h @@ -0,0 +1,2720 @@ +// Generated by the protocol buffer compiler. DO NOT EDIT! +// source: Messages.proto + +#ifndef PROTOBUF_Messages_2eproto__INCLUDED +#define PROTOBUF_Messages_2eproto__INCLUDED + +#include + +#include + +#if GOOGLE_PROTOBUF_VERSION < 2006000 +#error This file was generated by a newer version of protoc which is +#error incompatible with your Protocol Buffer headers. Please update +#error your headers. +#endif +#if 2006001 < GOOGLE_PROTOBUF_MIN_PROTOC_VERSION +#error This file was generated by an older version of protoc which is +#error incompatible with your Protocol Buffer headers. Please +#error regenerate this file with a newer version of protoc. +#endif + +#include +#include +#include +#include +#include +// @@protoc_insertion_point(includes) + +namespace Messages { + +// Internal implementation detail -- do not call these. +void protobuf_AddDesc_Messages_2eproto(); +void protobuf_AssignDesc_Messages_2eproto(); +void protobuf_ShutdownFile_Messages_2eproto(); + +class InitialMessage; +class MessageMsg0; +class MessageMSG1; +class MessageMSG2; +class MessageMSG3; +class AttestationMessage; +class SecretMessage; + +// =================================================================== + +class InitialMessage : public ::google::protobuf::Message { + public: + InitialMessage(); + virtual ~InitialMessage(); + + InitialMessage(const InitialMessage& from); + + inline InitialMessage& operator=(const InitialMessage& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const InitialMessage& default_instance(); + + void Swap(InitialMessage* other); + + // implements Message ---------------------------------------------- + + InitialMessage* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const InitialMessage& from); + void MergeFrom(const InitialMessage& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // optional uint32 size = 2; + inline bool has_size() const; + inline void clear_size(); + static const int kSizeFieldNumber = 2; + inline ::google::protobuf::uint32 size() const; + inline void set_size(::google::protobuf::uint32 value); + + // @@protoc_insertion_point(class_scope:Messages.InitialMessage) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_size(); + inline void clear_has_size(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 size_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static InitialMessage* default_instance_; +}; +// ------------------------------------------------------------------- + +class MessageMsg0 : public ::google::protobuf::Message { + public: + MessageMsg0(); + virtual ~MessageMsg0(); + + MessageMsg0(const MessageMsg0& from); + + inline MessageMsg0& operator=(const MessageMsg0& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const MessageMsg0& default_instance(); + + void Swap(MessageMsg0* other); + + // implements Message ---------------------------------------------- + + MessageMsg0* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const MessageMsg0& from); + void MergeFrom(const MessageMsg0& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // required uint32 epid = 2; + inline bool has_epid() const; + inline void clear_epid(); + static const int kEpidFieldNumber = 2; + inline ::google::protobuf::uint32 epid() const; + inline void set_epid(::google::protobuf::uint32 value); + + // optional uint32 status = 3; + inline bool has_status() const; + inline void clear_status(); + static const int kStatusFieldNumber = 3; + inline ::google::protobuf::uint32 status() const; + inline void set_status(::google::protobuf::uint32 value); + + // @@protoc_insertion_point(class_scope:Messages.MessageMsg0) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_epid(); + inline void clear_has_epid(); + inline void set_has_status(); + inline void clear_has_status(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 epid_; + ::google::protobuf::uint32 status_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static MessageMsg0* default_instance_; +}; +// ------------------------------------------------------------------- + +class MessageMSG1 : public ::google::protobuf::Message { + public: + MessageMSG1(); + virtual ~MessageMSG1(); + + MessageMSG1(const MessageMSG1& from); + + inline MessageMSG1& operator=(const MessageMSG1& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const MessageMSG1& default_instance(); + + void Swap(MessageMSG1* other); + + // implements Message ---------------------------------------------- + + MessageMSG1* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const MessageMSG1& from); + void MergeFrom(const MessageMSG1& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // repeated uint32 GaX = 2 [packed = true]; + inline int gax_size() const; + inline void clear_gax(); + static const int kGaXFieldNumber = 2; + inline ::google::protobuf::uint32 gax(int index) const; + inline void set_gax(int index, ::google::protobuf::uint32 value); + inline void add_gax(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + gax() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_gax(); + + // repeated uint32 GaY = 3 [packed = true]; + inline int gay_size() const; + inline void clear_gay(); + static const int kGaYFieldNumber = 3; + inline ::google::protobuf::uint32 gay(int index) const; + inline void set_gay(int index, ::google::protobuf::uint32 value); + inline void add_gay(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + gay() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_gay(); + + // repeated uint32 GID = 4 [packed = true]; + inline int gid_size() const; + inline void clear_gid(); + static const int kGIDFieldNumber = 4; + inline ::google::protobuf::uint32 gid(int index) const; + inline void set_gid(int index, ::google::protobuf::uint32 value); + inline void add_gid(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + gid() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_gid(); + + // @@protoc_insertion_point(class_scope:Messages.MessageMSG1) + private: + inline void set_has_type(); + inline void clear_has_type(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > gax_; + mutable int _gax_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > gay_; + mutable int _gay_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > gid_; + mutable int _gid_cached_byte_size_; + ::google::protobuf::uint32 type_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static MessageMSG1* default_instance_; +}; +// ------------------------------------------------------------------- + +class MessageMSG2 : public ::google::protobuf::Message { + public: + MessageMSG2(); + virtual ~MessageMSG2(); + + MessageMSG2(const MessageMSG2& from); + + inline MessageMSG2& operator=(const MessageMSG2& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const MessageMSG2& default_instance(); + + void Swap(MessageMSG2* other); + + // implements Message ---------------------------------------------- + + MessageMSG2* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const MessageMSG2& from); + void MergeFrom(const MessageMSG2& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // optional uint32 size = 2; + inline bool has_size() const; + inline void clear_size(); + static const int kSizeFieldNumber = 2; + inline ::google::protobuf::uint32 size() const; + inline void set_size(::google::protobuf::uint32 value); + + // repeated uint32 public_key_gx = 3 [packed = true]; + inline int public_key_gx_size() const; + inline void clear_public_key_gx(); + static const int kPublicKeyGxFieldNumber = 3; + inline ::google::protobuf::uint32 public_key_gx(int index) const; + inline void set_public_key_gx(int index, ::google::protobuf::uint32 value); + inline void add_public_key_gx(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + public_key_gx() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_public_key_gx(); + + // repeated uint32 public_key_gy = 4 [packed = true]; + inline int public_key_gy_size() const; + inline void clear_public_key_gy(); + static const int kPublicKeyGyFieldNumber = 4; + inline ::google::protobuf::uint32 public_key_gy(int index) const; + inline void set_public_key_gy(int index, ::google::protobuf::uint32 value); + inline void add_public_key_gy(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + public_key_gy() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_public_key_gy(); + + // optional uint32 quote_type = 5; + inline bool has_quote_type() const; + inline void clear_quote_type(); + static const int kQuoteTypeFieldNumber = 5; + inline ::google::protobuf::uint32 quote_type() const; + inline void set_quote_type(::google::protobuf::uint32 value); + + // repeated uint32 spid = 6 [packed = true]; + inline int spid_size() const; + inline void clear_spid(); + static const int kSpidFieldNumber = 6; + inline ::google::protobuf::uint32 spid(int index) const; + inline void set_spid(int index, ::google::protobuf::uint32 value); + inline void add_spid(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + spid() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_spid(); + + // optional uint32 cmac_kdf_id = 7; + inline bool has_cmac_kdf_id() const; + inline void clear_cmac_kdf_id(); + static const int kCmacKdfIdFieldNumber = 7; + inline ::google::protobuf::uint32 cmac_kdf_id() const; + inline void set_cmac_kdf_id(::google::protobuf::uint32 value); + + // repeated uint32 signature_x = 8 [packed = true]; + inline int signature_x_size() const; + inline void clear_signature_x(); + static const int kSignatureXFieldNumber = 8; + inline ::google::protobuf::uint32 signature_x(int index) const; + inline void set_signature_x(int index, ::google::protobuf::uint32 value); + inline void add_signature_x(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + signature_x() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_signature_x(); + + // repeated uint32 signature_y = 9 [packed = true]; + inline int signature_y_size() const; + inline void clear_signature_y(); + static const int kSignatureYFieldNumber = 9; + inline ::google::protobuf::uint32 signature_y(int index) const; + inline void set_signature_y(int index, ::google::protobuf::uint32 value); + inline void add_signature_y(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + signature_y() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_signature_y(); + + // repeated uint32 smac = 10 [packed = true]; + inline int smac_size() const; + inline void clear_smac(); + static const int kSmacFieldNumber = 10; + inline ::google::protobuf::uint32 smac(int index) const; + inline void set_smac(int index, ::google::protobuf::uint32 value); + inline void add_smac(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + smac() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_smac(); + + // optional uint32 size_sigrl = 11; + inline bool has_size_sigrl() const; + inline void clear_size_sigrl(); + static const int kSizeSigrlFieldNumber = 11; + inline ::google::protobuf::uint32 size_sigrl() const; + inline void set_size_sigrl(::google::protobuf::uint32 value); + + // repeated uint32 sigrl = 12 [packed = true]; + inline int sigrl_size() const; + inline void clear_sigrl(); + static const int kSigrlFieldNumber = 12; + inline ::google::protobuf::uint32 sigrl(int index) const; + inline void set_sigrl(int index, ::google::protobuf::uint32 value); + inline void add_sigrl(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + sigrl() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_sigrl(); + + // @@protoc_insertion_point(class_scope:Messages.MessageMSG2) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_size(); + inline void clear_has_size(); + inline void set_has_quote_type(); + inline void clear_has_quote_type(); + inline void set_has_cmac_kdf_id(); + inline void clear_has_cmac_kdf_id(); + inline void set_has_size_sigrl(); + inline void clear_has_size_sigrl(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > public_key_gx_; + mutable int _public_key_gx_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > public_key_gy_; + mutable int _public_key_gy_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > spid_; + mutable int _spid_cached_byte_size_; + ::google::protobuf::uint32 quote_type_; + ::google::protobuf::uint32 cmac_kdf_id_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > signature_x_; + mutable int _signature_x_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > signature_y_; + mutable int _signature_y_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > smac_; + mutable int _smac_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > sigrl_; + mutable int _sigrl_cached_byte_size_; + ::google::protobuf::uint32 size_sigrl_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static MessageMSG2* default_instance_; +}; +// ------------------------------------------------------------------- + +class MessageMSG3 : public ::google::protobuf::Message { + public: + MessageMSG3(); + virtual ~MessageMSG3(); + + MessageMSG3(const MessageMSG3& from); + + inline MessageMSG3& operator=(const MessageMSG3& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const MessageMSG3& default_instance(); + + void Swap(MessageMSG3* other); + + // implements Message ---------------------------------------------- + + MessageMSG3* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const MessageMSG3& from); + void MergeFrom(const MessageMSG3& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // optional uint32 size = 2; + inline bool has_size() const; + inline void clear_size(); + static const int kSizeFieldNumber = 2; + inline ::google::protobuf::uint32 size() const; + inline void set_size(::google::protobuf::uint32 value); + + // repeated uint32 sgx_mac = 3 [packed = true]; + inline int sgx_mac_size() const; + inline void clear_sgx_mac(); + static const int kSgxMacFieldNumber = 3; + inline ::google::protobuf::uint32 sgx_mac(int index) const; + inline void set_sgx_mac(int index, ::google::protobuf::uint32 value); + inline void add_sgx_mac(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + sgx_mac() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_sgx_mac(); + + // repeated uint32 gax_msg3 = 4 [packed = true]; + inline int gax_msg3_size() const; + inline void clear_gax_msg3(); + static const int kGaxMsg3FieldNumber = 4; + inline ::google::protobuf::uint32 gax_msg3(int index) const; + inline void set_gax_msg3(int index, ::google::protobuf::uint32 value); + inline void add_gax_msg3(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + gax_msg3() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_gax_msg3(); + + // repeated uint32 gay_msg3 = 5 [packed = true]; + inline int gay_msg3_size() const; + inline void clear_gay_msg3(); + static const int kGayMsg3FieldNumber = 5; + inline ::google::protobuf::uint32 gay_msg3(int index) const; + inline void set_gay_msg3(int index, ::google::protobuf::uint32 value); + inline void add_gay_msg3(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + gay_msg3() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_gay_msg3(); + + // repeated uint32 sec_property = 6 [packed = true]; + inline int sec_property_size() const; + inline void clear_sec_property(); + static const int kSecPropertyFieldNumber = 6; + inline ::google::protobuf::uint32 sec_property(int index) const; + inline void set_sec_property(int index, ::google::protobuf::uint32 value); + inline void add_sec_property(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + sec_property() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_sec_property(); + + // repeated uint32 quote = 7 [packed = true]; + inline int quote_size() const; + inline void clear_quote(); + static const int kQuoteFieldNumber = 7; + inline ::google::protobuf::uint32 quote(int index) const; + inline void set_quote(int index, ::google::protobuf::uint32 value); + inline void add_quote(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + quote() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_quote(); + + // @@protoc_insertion_point(class_scope:Messages.MessageMSG3) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_size(); + inline void clear_has_size(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > sgx_mac_; + mutable int _sgx_mac_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > gax_msg3_; + mutable int _gax_msg3_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > gay_msg3_; + mutable int _gay_msg3_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > sec_property_; + mutable int _sec_property_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > quote_; + mutable int _quote_cached_byte_size_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static MessageMSG3* default_instance_; +}; +// ------------------------------------------------------------------- + +class AttestationMessage : public ::google::protobuf::Message { + public: + AttestationMessage(); + virtual ~AttestationMessage(); + + AttestationMessage(const AttestationMessage& from); + + inline AttestationMessage& operator=(const AttestationMessage& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const AttestationMessage& default_instance(); + + void Swap(AttestationMessage* other); + + // implements Message ---------------------------------------------- + + AttestationMessage* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const AttestationMessage& from); + void MergeFrom(const AttestationMessage& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // required uint32 size = 2; + inline bool has_size() const; + inline void clear_size(); + static const int kSizeFieldNumber = 2; + inline ::google::protobuf::uint32 size() const; + inline void set_size(::google::protobuf::uint32 value); + + // optional uint32 epid_group_status = 3; + inline bool has_epid_group_status() const; + inline void clear_epid_group_status(); + static const int kEpidGroupStatusFieldNumber = 3; + inline ::google::protobuf::uint32 epid_group_status() const; + inline void set_epid_group_status(::google::protobuf::uint32 value); + + // optional uint32 tcb_evaluation_status = 4; + inline bool has_tcb_evaluation_status() const; + inline void clear_tcb_evaluation_status(); + static const int kTcbEvaluationStatusFieldNumber = 4; + inline ::google::protobuf::uint32 tcb_evaluation_status() const; + inline void set_tcb_evaluation_status(::google::protobuf::uint32 value); + + // optional uint32 pse_evaluation_status = 5; + inline bool has_pse_evaluation_status() const; + inline void clear_pse_evaluation_status(); + static const int kPseEvaluationStatusFieldNumber = 5; + inline ::google::protobuf::uint32 pse_evaluation_status() const; + inline void set_pse_evaluation_status(::google::protobuf::uint32 value); + + // repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; + inline int latest_equivalent_tcb_psvn_size() const; + inline void clear_latest_equivalent_tcb_psvn(); + static const int kLatestEquivalentTcbPsvnFieldNumber = 6; + inline ::google::protobuf::uint32 latest_equivalent_tcb_psvn(int index) const; + inline void set_latest_equivalent_tcb_psvn(int index, ::google::protobuf::uint32 value); + inline void add_latest_equivalent_tcb_psvn(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + latest_equivalent_tcb_psvn() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_latest_equivalent_tcb_psvn(); + + // repeated uint32 latest_pse_isvsvn = 7 [packed = true]; + inline int latest_pse_isvsvn_size() const; + inline void clear_latest_pse_isvsvn(); + static const int kLatestPseIsvsvnFieldNumber = 7; + inline ::google::protobuf::uint32 latest_pse_isvsvn(int index) const; + inline void set_latest_pse_isvsvn(int index, ::google::protobuf::uint32 value); + inline void add_latest_pse_isvsvn(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + latest_pse_isvsvn() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_latest_pse_isvsvn(); + + // repeated uint32 latest_psda_svn = 8 [packed = true]; + inline int latest_psda_svn_size() const; + inline void clear_latest_psda_svn(); + static const int kLatestPsdaSvnFieldNumber = 8; + inline ::google::protobuf::uint32 latest_psda_svn(int index) const; + inline void set_latest_psda_svn(int index, ::google::protobuf::uint32 value); + inline void add_latest_psda_svn(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + latest_psda_svn() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_latest_psda_svn(); + + // repeated uint32 performance_rekey_gid = 9 [packed = true]; + inline int performance_rekey_gid_size() const; + inline void clear_performance_rekey_gid(); + static const int kPerformanceRekeyGidFieldNumber = 9; + inline ::google::protobuf::uint32 performance_rekey_gid(int index) const; + inline void set_performance_rekey_gid(int index, ::google::protobuf::uint32 value); + inline void add_performance_rekey_gid(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + performance_rekey_gid() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_performance_rekey_gid(); + + // repeated uint32 ec_sign256_x = 10 [packed = true]; + inline int ec_sign256_x_size() const; + inline void clear_ec_sign256_x(); + static const int kEcSign256XFieldNumber = 10; + inline ::google::protobuf::uint32 ec_sign256_x(int index) const; + inline void set_ec_sign256_x(int index, ::google::protobuf::uint32 value); + inline void add_ec_sign256_x(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + ec_sign256_x() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_ec_sign256_x(); + + // repeated uint32 ec_sign256_y = 11 [packed = true]; + inline int ec_sign256_y_size() const; + inline void clear_ec_sign256_y(); + static const int kEcSign256YFieldNumber = 11; + inline ::google::protobuf::uint32 ec_sign256_y(int index) const; + inline void set_ec_sign256_y(int index, ::google::protobuf::uint32 value); + inline void add_ec_sign256_y(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + ec_sign256_y() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_ec_sign256_y(); + + // repeated uint32 mac_smk = 12 [packed = true]; + inline int mac_smk_size() const; + inline void clear_mac_smk(); + static const int kMacSmkFieldNumber = 12; + inline ::google::protobuf::uint32 mac_smk(int index) const; + inline void set_mac_smk(int index, ::google::protobuf::uint32 value); + inline void add_mac_smk(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + mac_smk() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_mac_smk(); + + // optional uint32 result_size = 13; + inline bool has_result_size() const; + inline void clear_result_size(); + static const int kResultSizeFieldNumber = 13; + inline ::google::protobuf::uint32 result_size() const; + inline void set_result_size(::google::protobuf::uint32 value); + + // repeated uint32 reserved = 14 [packed = true]; + inline int reserved_size() const; + inline void clear_reserved(); + static const int kReservedFieldNumber = 14; + inline ::google::protobuf::uint32 reserved(int index) const; + inline void set_reserved(int index, ::google::protobuf::uint32 value); + inline void add_reserved(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + reserved() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_reserved(); + + // repeated uint32 payload_tag = 15 [packed = true]; + inline int payload_tag_size() const; + inline void clear_payload_tag(); + static const int kPayloadTagFieldNumber = 15; + inline ::google::protobuf::uint32 payload_tag(int index) const; + inline void set_payload_tag(int index, ::google::protobuf::uint32 value); + inline void add_payload_tag(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + payload_tag() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_payload_tag(); + + // repeated uint32 payload = 16 [packed = true]; + inline int payload_size() const; + inline void clear_payload(); + static const int kPayloadFieldNumber = 16; + inline ::google::protobuf::uint32 payload(int index) const; + inline void set_payload(int index, ::google::protobuf::uint32 value); + inline void add_payload(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + payload() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_payload(); + + // @@protoc_insertion_point(class_scope:Messages.AttestationMessage) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_size(); + inline void clear_has_size(); + inline void set_has_epid_group_status(); + inline void clear_has_epid_group_status(); + inline void set_has_tcb_evaluation_status(); + inline void clear_has_tcb_evaluation_status(); + inline void set_has_pse_evaluation_status(); + inline void clear_has_pse_evaluation_status(); + inline void set_has_result_size(); + inline void clear_has_result_size(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 size_; + ::google::protobuf::uint32 epid_group_status_; + ::google::protobuf::uint32 tcb_evaluation_status_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > latest_equivalent_tcb_psvn_; + mutable int _latest_equivalent_tcb_psvn_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > latest_pse_isvsvn_; + mutable int _latest_pse_isvsvn_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > latest_psda_svn_; + mutable int _latest_psda_svn_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > performance_rekey_gid_; + mutable int _performance_rekey_gid_cached_byte_size_; + ::google::protobuf::uint32 pse_evaluation_status_; + ::google::protobuf::uint32 result_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > ec_sign256_x_; + mutable int _ec_sign256_x_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > ec_sign256_y_; + mutable int _ec_sign256_y_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > mac_smk_; + mutable int _mac_smk_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > reserved_; + mutable int _reserved_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > payload_tag_; + mutable int _payload_tag_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > payload_; + mutable int _payload_cached_byte_size_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static AttestationMessage* default_instance_; +}; +// ------------------------------------------------------------------- + +class SecretMessage : public ::google::protobuf::Message { + public: + SecretMessage(); + virtual ~SecretMessage(); + + SecretMessage(const SecretMessage& from); + + inline SecretMessage& operator=(const SecretMessage& from) { + CopyFrom(from); + return *this; + } + + inline const ::google::protobuf::UnknownFieldSet& unknown_fields() const { + return _unknown_fields_; + } + + inline ::google::protobuf::UnknownFieldSet* mutable_unknown_fields() { + return &_unknown_fields_; + } + + static const ::google::protobuf::Descriptor* descriptor(); + static const SecretMessage& default_instance(); + + void Swap(SecretMessage* other); + + // implements Message ---------------------------------------------- + + SecretMessage* New() const; + void CopyFrom(const ::google::protobuf::Message& from); + void MergeFrom(const ::google::protobuf::Message& from); + void CopyFrom(const SecretMessage& from); + void MergeFrom(const SecretMessage& from); + void Clear(); + bool IsInitialized() const; + + int ByteSize() const; + bool MergePartialFromCodedStream( + ::google::protobuf::io::CodedInputStream* input); + void SerializeWithCachedSizes( + ::google::protobuf::io::CodedOutputStream* output) const; + ::google::protobuf::uint8* SerializeWithCachedSizesToArray(::google::protobuf::uint8* output) const; + int GetCachedSize() const { return _cached_size_; } + private: + void SharedCtor(); + void SharedDtor(); + void SetCachedSize(int size) const; + public: + ::google::protobuf::Metadata GetMetadata() const; + + // nested types ---------------------------------------------------- + + // accessors ------------------------------------------------------- + + // required uint32 type = 1; + inline bool has_type() const; + inline void clear_type(); + static const int kTypeFieldNumber = 1; + inline ::google::protobuf::uint32 type() const; + inline void set_type(::google::protobuf::uint32 value); + + // required uint32 size = 2; + inline bool has_size() const; + inline void clear_size(); + static const int kSizeFieldNumber = 2; + inline ::google::protobuf::uint32 size() const; + inline void set_size(::google::protobuf::uint32 value); + + // optional uint32 encryped_pkey_size = 3; + inline bool has_encryped_pkey_size() const; + inline void clear_encryped_pkey_size(); + static const int kEncrypedPkeySizeFieldNumber = 3; + inline ::google::protobuf::uint32 encryped_pkey_size() const; + inline void set_encryped_pkey_size(::google::protobuf::uint32 value); + + // optional uint32 encryped_x509_size = 4; + inline bool has_encryped_x509_size() const; + inline void clear_encryped_x509_size(); + static const int kEncrypedX509SizeFieldNumber = 4; + inline ::google::protobuf::uint32 encryped_x509_size() const; + inline void set_encryped_x509_size(::google::protobuf::uint32 value); + + // repeated uint32 encrypted_content = 5 [packed = true]; + inline int encrypted_content_size() const; + inline void clear_encrypted_content(); + static const int kEncryptedContentFieldNumber = 5; + inline ::google::protobuf::uint32 encrypted_content(int index) const; + inline void set_encrypted_content(int index, ::google::protobuf::uint32 value); + inline void add_encrypted_content(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + encrypted_content() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_encrypted_content(); + + // repeated uint32 mac_smk = 6 [packed = true]; + inline int mac_smk_size() const; + inline void clear_mac_smk(); + static const int kMacSmkFieldNumber = 6; + inline ::google::protobuf::uint32 mac_smk(int index) const; + inline void set_mac_smk(int index, ::google::protobuf::uint32 value); + inline void add_mac_smk(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + mac_smk() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_mac_smk(); + + // repeated uint32 encrypted_pkey = 7 [packed = true]; + inline int encrypted_pkey_size() const; + inline void clear_encrypted_pkey(); + static const int kEncryptedPkeyFieldNumber = 7; + inline ::google::protobuf::uint32 encrypted_pkey(int index) const; + inline void set_encrypted_pkey(int index, ::google::protobuf::uint32 value); + inline void add_encrypted_pkey(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + encrypted_pkey() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_encrypted_pkey(); + + // repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; + inline int encrypted_pkey_mac_smk_size() const; + inline void clear_encrypted_pkey_mac_smk(); + static const int kEncryptedPkeyMacSmkFieldNumber = 8; + inline ::google::protobuf::uint32 encrypted_pkey_mac_smk(int index) const; + inline void set_encrypted_pkey_mac_smk(int index, ::google::protobuf::uint32 value); + inline void add_encrypted_pkey_mac_smk(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + encrypted_pkey_mac_smk() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_encrypted_pkey_mac_smk(); + + // repeated uint32 encrypted_x509 = 9 [packed = true]; + inline int encrypted_x509_size() const; + inline void clear_encrypted_x509(); + static const int kEncryptedX509FieldNumber = 9; + inline ::google::protobuf::uint32 encrypted_x509(int index) const; + inline void set_encrypted_x509(int index, ::google::protobuf::uint32 value); + inline void add_encrypted_x509(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + encrypted_x509() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_encrypted_x509(); + + // repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; + inline int encrypted_x509_mac_smk_size() const; + inline void clear_encrypted_x509_mac_smk(); + static const int kEncryptedX509MacSmkFieldNumber = 10; + inline ::google::protobuf::uint32 encrypted_x509_mac_smk(int index) const; + inline void set_encrypted_x509_mac_smk(int index, ::google::protobuf::uint32 value); + inline void add_encrypted_x509_mac_smk(::google::protobuf::uint32 value); + inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& + encrypted_x509_mac_smk() const; + inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* + mutable_encrypted_x509_mac_smk(); + + // @@protoc_insertion_point(class_scope:Messages.SecretMessage) + private: + inline void set_has_type(); + inline void clear_has_type(); + inline void set_has_size(); + inline void clear_has_size(); + inline void set_has_encryped_pkey_size(); + inline void clear_has_encryped_pkey_size(); + inline void set_has_encryped_x509_size(); + inline void clear_has_encryped_x509_size(); + + ::google::protobuf::UnknownFieldSet _unknown_fields_; + + ::google::protobuf::uint32 _has_bits_[1]; + mutable int _cached_size_; + ::google::protobuf::uint32 type_; + ::google::protobuf::uint32 size_; + ::google::protobuf::uint32 encryped_pkey_size_; + ::google::protobuf::uint32 encryped_x509_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > encrypted_content_; + mutable int _encrypted_content_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > mac_smk_; + mutable int _mac_smk_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > encrypted_pkey_; + mutable int _encrypted_pkey_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > encrypted_pkey_mac_smk_; + mutable int _encrypted_pkey_mac_smk_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > encrypted_x509_; + mutable int _encrypted_x509_cached_byte_size_; + ::google::protobuf::RepeatedField< ::google::protobuf::uint32 > encrypted_x509_mac_smk_; + mutable int _encrypted_x509_mac_smk_cached_byte_size_; + friend void protobuf_AddDesc_Messages_2eproto(); + friend void protobuf_AssignDesc_Messages_2eproto(); + friend void protobuf_ShutdownFile_Messages_2eproto(); + + void InitAsDefaultInstance(); + static SecretMessage* default_instance_; +}; +// =================================================================== + + +// =================================================================== + +// InitialMessage + +// required uint32 type = 1; +inline bool InitialMessage::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void InitialMessage::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void InitialMessage::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void InitialMessage::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 InitialMessage::type() const { + // @@protoc_insertion_point(field_get:Messages.InitialMessage.type) + return type_; +} +inline void InitialMessage::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.InitialMessage.type) +} + +// optional uint32 size = 2; +inline bool InitialMessage::has_size() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void InitialMessage::set_has_size() { + _has_bits_[0] |= 0x00000002u; +} +inline void InitialMessage::clear_has_size() { + _has_bits_[0] &= ~0x00000002u; +} +inline void InitialMessage::clear_size() { + size_ = 0u; + clear_has_size(); +} +inline ::google::protobuf::uint32 InitialMessage::size() const { + // @@protoc_insertion_point(field_get:Messages.InitialMessage.size) + return size_; +} +inline void InitialMessage::set_size(::google::protobuf::uint32 value) { + set_has_size(); + size_ = value; + // @@protoc_insertion_point(field_set:Messages.InitialMessage.size) +} + +// ------------------------------------------------------------------- + +// MessageMsg0 + +// required uint32 type = 1; +inline bool MessageMsg0::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void MessageMsg0::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void MessageMsg0::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void MessageMsg0::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 MessageMsg0::type() const { + // @@protoc_insertion_point(field_get:Messages.MessageMsg0.type) + return type_; +} +inline void MessageMsg0::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMsg0.type) +} + +// required uint32 epid = 2; +inline bool MessageMsg0::has_epid() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void MessageMsg0::set_has_epid() { + _has_bits_[0] |= 0x00000002u; +} +inline void MessageMsg0::clear_has_epid() { + _has_bits_[0] &= ~0x00000002u; +} +inline void MessageMsg0::clear_epid() { + epid_ = 0u; + clear_has_epid(); +} +inline ::google::protobuf::uint32 MessageMsg0::epid() const { + // @@protoc_insertion_point(field_get:Messages.MessageMsg0.epid) + return epid_; +} +inline void MessageMsg0::set_epid(::google::protobuf::uint32 value) { + set_has_epid(); + epid_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMsg0.epid) +} + +// optional uint32 status = 3; +inline bool MessageMsg0::has_status() const { + return (_has_bits_[0] & 0x00000004u) != 0; +} +inline void MessageMsg0::set_has_status() { + _has_bits_[0] |= 0x00000004u; +} +inline void MessageMsg0::clear_has_status() { + _has_bits_[0] &= ~0x00000004u; +} +inline void MessageMsg0::clear_status() { + status_ = 0u; + clear_has_status(); +} +inline ::google::protobuf::uint32 MessageMsg0::status() const { + // @@protoc_insertion_point(field_get:Messages.MessageMsg0.status) + return status_; +} +inline void MessageMsg0::set_status(::google::protobuf::uint32 value) { + set_has_status(); + status_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMsg0.status) +} + +// ------------------------------------------------------------------- + +// MessageMSG1 + +// required uint32 type = 1; +inline bool MessageMSG1::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void MessageMSG1::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void MessageMSG1::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void MessageMSG1::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 MessageMSG1::type() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG1.type) + return type_; +} +inline void MessageMSG1::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG1.type) +} + +// repeated uint32 GaX = 2 [packed = true]; +inline int MessageMSG1::gax_size() const { + return gax_.size(); +} +inline void MessageMSG1::clear_gax() { + gax_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG1::gax(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG1.GaX) + return gax_.Get(index); +} +inline void MessageMSG1::set_gax(int index, ::google::protobuf::uint32 value) { + gax_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG1.GaX) +} +inline void MessageMSG1::add_gax(::google::protobuf::uint32 value) { + gax_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG1.GaX) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG1::gax() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG1.GaX) + return gax_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG1::mutable_gax() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG1.GaX) + return &gax_; +} + +// repeated uint32 GaY = 3 [packed = true]; +inline int MessageMSG1::gay_size() const { + return gay_.size(); +} +inline void MessageMSG1::clear_gay() { + gay_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG1::gay(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG1.GaY) + return gay_.Get(index); +} +inline void MessageMSG1::set_gay(int index, ::google::protobuf::uint32 value) { + gay_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG1.GaY) +} +inline void MessageMSG1::add_gay(::google::protobuf::uint32 value) { + gay_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG1.GaY) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG1::gay() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG1.GaY) + return gay_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG1::mutable_gay() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG1.GaY) + return &gay_; +} + +// repeated uint32 GID = 4 [packed = true]; +inline int MessageMSG1::gid_size() const { + return gid_.size(); +} +inline void MessageMSG1::clear_gid() { + gid_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG1::gid(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG1.GID) + return gid_.Get(index); +} +inline void MessageMSG1::set_gid(int index, ::google::protobuf::uint32 value) { + gid_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG1.GID) +} +inline void MessageMSG1::add_gid(::google::protobuf::uint32 value) { + gid_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG1.GID) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG1::gid() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG1.GID) + return gid_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG1::mutable_gid() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG1.GID) + return &gid_; +} + +// ------------------------------------------------------------------- + +// MessageMSG2 + +// required uint32 type = 1; +inline bool MessageMSG2::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void MessageMSG2::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void MessageMSG2::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void MessageMSG2::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 MessageMSG2::type() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.type) + return type_; +} +inline void MessageMSG2::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.type) +} + +// optional uint32 size = 2; +inline bool MessageMSG2::has_size() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void MessageMSG2::set_has_size() { + _has_bits_[0] |= 0x00000002u; +} +inline void MessageMSG2::clear_has_size() { + _has_bits_[0] &= ~0x00000002u; +} +inline void MessageMSG2::clear_size() { + size_ = 0u; + clear_has_size(); +} +inline ::google::protobuf::uint32 MessageMSG2::size() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.size) + return size_; +} +inline void MessageMSG2::set_size(::google::protobuf::uint32 value) { + set_has_size(); + size_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.size) +} + +// repeated uint32 public_key_gx = 3 [packed = true]; +inline int MessageMSG2::public_key_gx_size() const { + return public_key_gx_.size(); +} +inline void MessageMSG2::clear_public_key_gx() { + public_key_gx_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::public_key_gx(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.public_key_gx) + return public_key_gx_.Get(index); +} +inline void MessageMSG2::set_public_key_gx(int index, ::google::protobuf::uint32 value) { + public_key_gx_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.public_key_gx) +} +inline void MessageMSG2::add_public_key_gx(::google::protobuf::uint32 value) { + public_key_gx_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.public_key_gx) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::public_key_gx() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.public_key_gx) + return public_key_gx_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_public_key_gx() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.public_key_gx) + return &public_key_gx_; +} + +// repeated uint32 public_key_gy = 4 [packed = true]; +inline int MessageMSG2::public_key_gy_size() const { + return public_key_gy_.size(); +} +inline void MessageMSG2::clear_public_key_gy() { + public_key_gy_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::public_key_gy(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.public_key_gy) + return public_key_gy_.Get(index); +} +inline void MessageMSG2::set_public_key_gy(int index, ::google::protobuf::uint32 value) { + public_key_gy_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.public_key_gy) +} +inline void MessageMSG2::add_public_key_gy(::google::protobuf::uint32 value) { + public_key_gy_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.public_key_gy) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::public_key_gy() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.public_key_gy) + return public_key_gy_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_public_key_gy() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.public_key_gy) + return &public_key_gy_; +} + +// optional uint32 quote_type = 5; +inline bool MessageMSG2::has_quote_type() const { + return (_has_bits_[0] & 0x00000010u) != 0; +} +inline void MessageMSG2::set_has_quote_type() { + _has_bits_[0] |= 0x00000010u; +} +inline void MessageMSG2::clear_has_quote_type() { + _has_bits_[0] &= ~0x00000010u; +} +inline void MessageMSG2::clear_quote_type() { + quote_type_ = 0u; + clear_has_quote_type(); +} +inline ::google::protobuf::uint32 MessageMSG2::quote_type() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.quote_type) + return quote_type_; +} +inline void MessageMSG2::set_quote_type(::google::protobuf::uint32 value) { + set_has_quote_type(); + quote_type_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.quote_type) +} + +// repeated uint32 spid = 6 [packed = true]; +inline int MessageMSG2::spid_size() const { + return spid_.size(); +} +inline void MessageMSG2::clear_spid() { + spid_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::spid(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.spid) + return spid_.Get(index); +} +inline void MessageMSG2::set_spid(int index, ::google::protobuf::uint32 value) { + spid_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.spid) +} +inline void MessageMSG2::add_spid(::google::protobuf::uint32 value) { + spid_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.spid) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::spid() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.spid) + return spid_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_spid() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.spid) + return &spid_; +} + +// optional uint32 cmac_kdf_id = 7; +inline bool MessageMSG2::has_cmac_kdf_id() const { + return (_has_bits_[0] & 0x00000040u) != 0; +} +inline void MessageMSG2::set_has_cmac_kdf_id() { + _has_bits_[0] |= 0x00000040u; +} +inline void MessageMSG2::clear_has_cmac_kdf_id() { + _has_bits_[0] &= ~0x00000040u; +} +inline void MessageMSG2::clear_cmac_kdf_id() { + cmac_kdf_id_ = 0u; + clear_has_cmac_kdf_id(); +} +inline ::google::protobuf::uint32 MessageMSG2::cmac_kdf_id() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.cmac_kdf_id) + return cmac_kdf_id_; +} +inline void MessageMSG2::set_cmac_kdf_id(::google::protobuf::uint32 value) { + set_has_cmac_kdf_id(); + cmac_kdf_id_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.cmac_kdf_id) +} + +// repeated uint32 signature_x = 8 [packed = true]; +inline int MessageMSG2::signature_x_size() const { + return signature_x_.size(); +} +inline void MessageMSG2::clear_signature_x() { + signature_x_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::signature_x(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.signature_x) + return signature_x_.Get(index); +} +inline void MessageMSG2::set_signature_x(int index, ::google::protobuf::uint32 value) { + signature_x_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.signature_x) +} +inline void MessageMSG2::add_signature_x(::google::protobuf::uint32 value) { + signature_x_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.signature_x) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::signature_x() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.signature_x) + return signature_x_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_signature_x() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.signature_x) + return &signature_x_; +} + +// repeated uint32 signature_y = 9 [packed = true]; +inline int MessageMSG2::signature_y_size() const { + return signature_y_.size(); +} +inline void MessageMSG2::clear_signature_y() { + signature_y_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::signature_y(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.signature_y) + return signature_y_.Get(index); +} +inline void MessageMSG2::set_signature_y(int index, ::google::protobuf::uint32 value) { + signature_y_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.signature_y) +} +inline void MessageMSG2::add_signature_y(::google::protobuf::uint32 value) { + signature_y_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.signature_y) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::signature_y() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.signature_y) + return signature_y_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_signature_y() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.signature_y) + return &signature_y_; +} + +// repeated uint32 smac = 10 [packed = true]; +inline int MessageMSG2::smac_size() const { + return smac_.size(); +} +inline void MessageMSG2::clear_smac() { + smac_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::smac(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.smac) + return smac_.Get(index); +} +inline void MessageMSG2::set_smac(int index, ::google::protobuf::uint32 value) { + smac_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.smac) +} +inline void MessageMSG2::add_smac(::google::protobuf::uint32 value) { + smac_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.smac) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::smac() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.smac) + return smac_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_smac() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.smac) + return &smac_; +} + +// optional uint32 size_sigrl = 11; +inline bool MessageMSG2::has_size_sigrl() const { + return (_has_bits_[0] & 0x00000400u) != 0; +} +inline void MessageMSG2::set_has_size_sigrl() { + _has_bits_[0] |= 0x00000400u; +} +inline void MessageMSG2::clear_has_size_sigrl() { + _has_bits_[0] &= ~0x00000400u; +} +inline void MessageMSG2::clear_size_sigrl() { + size_sigrl_ = 0u; + clear_has_size_sigrl(); +} +inline ::google::protobuf::uint32 MessageMSG2::size_sigrl() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.size_sigrl) + return size_sigrl_; +} +inline void MessageMSG2::set_size_sigrl(::google::protobuf::uint32 value) { + set_has_size_sigrl(); + size_sigrl_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.size_sigrl) +} + +// repeated uint32 sigrl = 12 [packed = true]; +inline int MessageMSG2::sigrl_size() const { + return sigrl_.size(); +} +inline void MessageMSG2::clear_sigrl() { + sigrl_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG2::sigrl(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG2.sigrl) + return sigrl_.Get(index); +} +inline void MessageMSG2::set_sigrl(int index, ::google::protobuf::uint32 value) { + sigrl_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG2.sigrl) +} +inline void MessageMSG2::add_sigrl(::google::protobuf::uint32 value) { + sigrl_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG2.sigrl) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG2::sigrl() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG2.sigrl) + return sigrl_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG2::mutable_sigrl() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG2.sigrl) + return &sigrl_; +} + +// ------------------------------------------------------------------- + +// MessageMSG3 + +// required uint32 type = 1; +inline bool MessageMSG3::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void MessageMSG3::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void MessageMSG3::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void MessageMSG3::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 MessageMSG3::type() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.type) + return type_; +} +inline void MessageMSG3::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.type) +} + +// optional uint32 size = 2; +inline bool MessageMSG3::has_size() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void MessageMSG3::set_has_size() { + _has_bits_[0] |= 0x00000002u; +} +inline void MessageMSG3::clear_has_size() { + _has_bits_[0] &= ~0x00000002u; +} +inline void MessageMSG3::clear_size() { + size_ = 0u; + clear_has_size(); +} +inline ::google::protobuf::uint32 MessageMSG3::size() const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.size) + return size_; +} +inline void MessageMSG3::set_size(::google::protobuf::uint32 value) { + set_has_size(); + size_ = value; + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.size) +} + +// repeated uint32 sgx_mac = 3 [packed = true]; +inline int MessageMSG3::sgx_mac_size() const { + return sgx_mac_.size(); +} +inline void MessageMSG3::clear_sgx_mac() { + sgx_mac_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG3::sgx_mac(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.sgx_mac) + return sgx_mac_.Get(index); +} +inline void MessageMSG3::set_sgx_mac(int index, ::google::protobuf::uint32 value) { + sgx_mac_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.sgx_mac) +} +inline void MessageMSG3::add_sgx_mac(::google::protobuf::uint32 value) { + sgx_mac_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG3.sgx_mac) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG3::sgx_mac() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG3.sgx_mac) + return sgx_mac_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG3::mutable_sgx_mac() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG3.sgx_mac) + return &sgx_mac_; +} + +// repeated uint32 gax_msg3 = 4 [packed = true]; +inline int MessageMSG3::gax_msg3_size() const { + return gax_msg3_.size(); +} +inline void MessageMSG3::clear_gax_msg3() { + gax_msg3_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG3::gax_msg3(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.gax_msg3) + return gax_msg3_.Get(index); +} +inline void MessageMSG3::set_gax_msg3(int index, ::google::protobuf::uint32 value) { + gax_msg3_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.gax_msg3) +} +inline void MessageMSG3::add_gax_msg3(::google::protobuf::uint32 value) { + gax_msg3_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG3.gax_msg3) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG3::gax_msg3() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG3.gax_msg3) + return gax_msg3_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG3::mutable_gax_msg3() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG3.gax_msg3) + return &gax_msg3_; +} + +// repeated uint32 gay_msg3 = 5 [packed = true]; +inline int MessageMSG3::gay_msg3_size() const { + return gay_msg3_.size(); +} +inline void MessageMSG3::clear_gay_msg3() { + gay_msg3_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG3::gay_msg3(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.gay_msg3) + return gay_msg3_.Get(index); +} +inline void MessageMSG3::set_gay_msg3(int index, ::google::protobuf::uint32 value) { + gay_msg3_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.gay_msg3) +} +inline void MessageMSG3::add_gay_msg3(::google::protobuf::uint32 value) { + gay_msg3_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG3.gay_msg3) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG3::gay_msg3() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG3.gay_msg3) + return gay_msg3_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG3::mutable_gay_msg3() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG3.gay_msg3) + return &gay_msg3_; +} + +// repeated uint32 sec_property = 6 [packed = true]; +inline int MessageMSG3::sec_property_size() const { + return sec_property_.size(); +} +inline void MessageMSG3::clear_sec_property() { + sec_property_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG3::sec_property(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.sec_property) + return sec_property_.Get(index); +} +inline void MessageMSG3::set_sec_property(int index, ::google::protobuf::uint32 value) { + sec_property_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.sec_property) +} +inline void MessageMSG3::add_sec_property(::google::protobuf::uint32 value) { + sec_property_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG3.sec_property) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG3::sec_property() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG3.sec_property) + return sec_property_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG3::mutable_sec_property() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG3.sec_property) + return &sec_property_; +} + +// repeated uint32 quote = 7 [packed = true]; +inline int MessageMSG3::quote_size() const { + return quote_.size(); +} +inline void MessageMSG3::clear_quote() { + quote_.Clear(); +} +inline ::google::protobuf::uint32 MessageMSG3::quote(int index) const { + // @@protoc_insertion_point(field_get:Messages.MessageMSG3.quote) + return quote_.Get(index); +} +inline void MessageMSG3::set_quote(int index, ::google::protobuf::uint32 value) { + quote_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.MessageMSG3.quote) +} +inline void MessageMSG3::add_quote(::google::protobuf::uint32 value) { + quote_.Add(value); + // @@protoc_insertion_point(field_add:Messages.MessageMSG3.quote) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +MessageMSG3::quote() const { + // @@protoc_insertion_point(field_list:Messages.MessageMSG3.quote) + return quote_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +MessageMSG3::mutable_quote() { + // @@protoc_insertion_point(field_mutable_list:Messages.MessageMSG3.quote) + return "e_; +} + +// ------------------------------------------------------------------- + +// AttestationMessage + +// required uint32 type = 1; +inline bool AttestationMessage::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void AttestationMessage::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void AttestationMessage::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void AttestationMessage::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 AttestationMessage::type() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.type) + return type_; +} +inline void AttestationMessage::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.type) +} + +// required uint32 size = 2; +inline bool AttestationMessage::has_size() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void AttestationMessage::set_has_size() { + _has_bits_[0] |= 0x00000002u; +} +inline void AttestationMessage::clear_has_size() { + _has_bits_[0] &= ~0x00000002u; +} +inline void AttestationMessage::clear_size() { + size_ = 0u; + clear_has_size(); +} +inline ::google::protobuf::uint32 AttestationMessage::size() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.size) + return size_; +} +inline void AttestationMessage::set_size(::google::protobuf::uint32 value) { + set_has_size(); + size_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.size) +} + +// optional uint32 epid_group_status = 3; +inline bool AttestationMessage::has_epid_group_status() const { + return (_has_bits_[0] & 0x00000004u) != 0; +} +inline void AttestationMessage::set_has_epid_group_status() { + _has_bits_[0] |= 0x00000004u; +} +inline void AttestationMessage::clear_has_epid_group_status() { + _has_bits_[0] &= ~0x00000004u; +} +inline void AttestationMessage::clear_epid_group_status() { + epid_group_status_ = 0u; + clear_has_epid_group_status(); +} +inline ::google::protobuf::uint32 AttestationMessage::epid_group_status() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.epid_group_status) + return epid_group_status_; +} +inline void AttestationMessage::set_epid_group_status(::google::protobuf::uint32 value) { + set_has_epid_group_status(); + epid_group_status_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.epid_group_status) +} + +// optional uint32 tcb_evaluation_status = 4; +inline bool AttestationMessage::has_tcb_evaluation_status() const { + return (_has_bits_[0] & 0x00000008u) != 0; +} +inline void AttestationMessage::set_has_tcb_evaluation_status() { + _has_bits_[0] |= 0x00000008u; +} +inline void AttestationMessage::clear_has_tcb_evaluation_status() { + _has_bits_[0] &= ~0x00000008u; +} +inline void AttestationMessage::clear_tcb_evaluation_status() { + tcb_evaluation_status_ = 0u; + clear_has_tcb_evaluation_status(); +} +inline ::google::protobuf::uint32 AttestationMessage::tcb_evaluation_status() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.tcb_evaluation_status) + return tcb_evaluation_status_; +} +inline void AttestationMessage::set_tcb_evaluation_status(::google::protobuf::uint32 value) { + set_has_tcb_evaluation_status(); + tcb_evaluation_status_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.tcb_evaluation_status) +} + +// optional uint32 pse_evaluation_status = 5; +inline bool AttestationMessage::has_pse_evaluation_status() const { + return (_has_bits_[0] & 0x00000010u) != 0; +} +inline void AttestationMessage::set_has_pse_evaluation_status() { + _has_bits_[0] |= 0x00000010u; +} +inline void AttestationMessage::clear_has_pse_evaluation_status() { + _has_bits_[0] &= ~0x00000010u; +} +inline void AttestationMessage::clear_pse_evaluation_status() { + pse_evaluation_status_ = 0u; + clear_has_pse_evaluation_status(); +} +inline ::google::protobuf::uint32 AttestationMessage::pse_evaluation_status() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.pse_evaluation_status) + return pse_evaluation_status_; +} +inline void AttestationMessage::set_pse_evaluation_status(::google::protobuf::uint32 value) { + set_has_pse_evaluation_status(); + pse_evaluation_status_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.pse_evaluation_status) +} + +// repeated uint32 latest_equivalent_tcb_psvn = 6 [packed = true]; +inline int AttestationMessage::latest_equivalent_tcb_psvn_size() const { + return latest_equivalent_tcb_psvn_.size(); +} +inline void AttestationMessage::clear_latest_equivalent_tcb_psvn() { + latest_equivalent_tcb_psvn_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::latest_equivalent_tcb_psvn(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.latest_equivalent_tcb_psvn) + return latest_equivalent_tcb_psvn_.Get(index); +} +inline void AttestationMessage::set_latest_equivalent_tcb_psvn(int index, ::google::protobuf::uint32 value) { + latest_equivalent_tcb_psvn_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.latest_equivalent_tcb_psvn) +} +inline void AttestationMessage::add_latest_equivalent_tcb_psvn(::google::protobuf::uint32 value) { + latest_equivalent_tcb_psvn_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.latest_equivalent_tcb_psvn) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::latest_equivalent_tcb_psvn() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.latest_equivalent_tcb_psvn) + return latest_equivalent_tcb_psvn_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_latest_equivalent_tcb_psvn() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.latest_equivalent_tcb_psvn) + return &latest_equivalent_tcb_psvn_; +} + +// repeated uint32 latest_pse_isvsvn = 7 [packed = true]; +inline int AttestationMessage::latest_pse_isvsvn_size() const { + return latest_pse_isvsvn_.size(); +} +inline void AttestationMessage::clear_latest_pse_isvsvn() { + latest_pse_isvsvn_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::latest_pse_isvsvn(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.latest_pse_isvsvn) + return latest_pse_isvsvn_.Get(index); +} +inline void AttestationMessage::set_latest_pse_isvsvn(int index, ::google::protobuf::uint32 value) { + latest_pse_isvsvn_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.latest_pse_isvsvn) +} +inline void AttestationMessage::add_latest_pse_isvsvn(::google::protobuf::uint32 value) { + latest_pse_isvsvn_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.latest_pse_isvsvn) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::latest_pse_isvsvn() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.latest_pse_isvsvn) + return latest_pse_isvsvn_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_latest_pse_isvsvn() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.latest_pse_isvsvn) + return &latest_pse_isvsvn_; +} + +// repeated uint32 latest_psda_svn = 8 [packed = true]; +inline int AttestationMessage::latest_psda_svn_size() const { + return latest_psda_svn_.size(); +} +inline void AttestationMessage::clear_latest_psda_svn() { + latest_psda_svn_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::latest_psda_svn(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.latest_psda_svn) + return latest_psda_svn_.Get(index); +} +inline void AttestationMessage::set_latest_psda_svn(int index, ::google::protobuf::uint32 value) { + latest_psda_svn_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.latest_psda_svn) +} +inline void AttestationMessage::add_latest_psda_svn(::google::protobuf::uint32 value) { + latest_psda_svn_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.latest_psda_svn) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::latest_psda_svn() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.latest_psda_svn) + return latest_psda_svn_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_latest_psda_svn() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.latest_psda_svn) + return &latest_psda_svn_; +} + +// repeated uint32 performance_rekey_gid = 9 [packed = true]; +inline int AttestationMessage::performance_rekey_gid_size() const { + return performance_rekey_gid_.size(); +} +inline void AttestationMessage::clear_performance_rekey_gid() { + performance_rekey_gid_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::performance_rekey_gid(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.performance_rekey_gid) + return performance_rekey_gid_.Get(index); +} +inline void AttestationMessage::set_performance_rekey_gid(int index, ::google::protobuf::uint32 value) { + performance_rekey_gid_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.performance_rekey_gid) +} +inline void AttestationMessage::add_performance_rekey_gid(::google::protobuf::uint32 value) { + performance_rekey_gid_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.performance_rekey_gid) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::performance_rekey_gid() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.performance_rekey_gid) + return performance_rekey_gid_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_performance_rekey_gid() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.performance_rekey_gid) + return &performance_rekey_gid_; +} + +// repeated uint32 ec_sign256_x = 10 [packed = true]; +inline int AttestationMessage::ec_sign256_x_size() const { + return ec_sign256_x_.size(); +} +inline void AttestationMessage::clear_ec_sign256_x() { + ec_sign256_x_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::ec_sign256_x(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.ec_sign256_x) + return ec_sign256_x_.Get(index); +} +inline void AttestationMessage::set_ec_sign256_x(int index, ::google::protobuf::uint32 value) { + ec_sign256_x_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.ec_sign256_x) +} +inline void AttestationMessage::add_ec_sign256_x(::google::protobuf::uint32 value) { + ec_sign256_x_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.ec_sign256_x) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::ec_sign256_x() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.ec_sign256_x) + return ec_sign256_x_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_ec_sign256_x() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.ec_sign256_x) + return &ec_sign256_x_; +} + +// repeated uint32 ec_sign256_y = 11 [packed = true]; +inline int AttestationMessage::ec_sign256_y_size() const { + return ec_sign256_y_.size(); +} +inline void AttestationMessage::clear_ec_sign256_y() { + ec_sign256_y_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::ec_sign256_y(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.ec_sign256_y) + return ec_sign256_y_.Get(index); +} +inline void AttestationMessage::set_ec_sign256_y(int index, ::google::protobuf::uint32 value) { + ec_sign256_y_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.ec_sign256_y) +} +inline void AttestationMessage::add_ec_sign256_y(::google::protobuf::uint32 value) { + ec_sign256_y_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.ec_sign256_y) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::ec_sign256_y() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.ec_sign256_y) + return ec_sign256_y_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_ec_sign256_y() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.ec_sign256_y) + return &ec_sign256_y_; +} + +// repeated uint32 mac_smk = 12 [packed = true]; +inline int AttestationMessage::mac_smk_size() const { + return mac_smk_.size(); +} +inline void AttestationMessage::clear_mac_smk() { + mac_smk_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::mac_smk(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.mac_smk) + return mac_smk_.Get(index); +} +inline void AttestationMessage::set_mac_smk(int index, ::google::protobuf::uint32 value) { + mac_smk_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.mac_smk) +} +inline void AttestationMessage::add_mac_smk(::google::protobuf::uint32 value) { + mac_smk_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.mac_smk) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::mac_smk() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.mac_smk) + return mac_smk_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_mac_smk() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.mac_smk) + return &mac_smk_; +} + +// optional uint32 result_size = 13; +inline bool AttestationMessage::has_result_size() const { + return (_has_bits_[0] & 0x00001000u) != 0; +} +inline void AttestationMessage::set_has_result_size() { + _has_bits_[0] |= 0x00001000u; +} +inline void AttestationMessage::clear_has_result_size() { + _has_bits_[0] &= ~0x00001000u; +} +inline void AttestationMessage::clear_result_size() { + result_size_ = 0u; + clear_has_result_size(); +} +inline ::google::protobuf::uint32 AttestationMessage::result_size() const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.result_size) + return result_size_; +} +inline void AttestationMessage::set_result_size(::google::protobuf::uint32 value) { + set_has_result_size(); + result_size_ = value; + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.result_size) +} + +// repeated uint32 reserved = 14 [packed = true]; +inline int AttestationMessage::reserved_size() const { + return reserved_.size(); +} +inline void AttestationMessage::clear_reserved() { + reserved_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::reserved(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.reserved) + return reserved_.Get(index); +} +inline void AttestationMessage::set_reserved(int index, ::google::protobuf::uint32 value) { + reserved_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.reserved) +} +inline void AttestationMessage::add_reserved(::google::protobuf::uint32 value) { + reserved_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.reserved) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::reserved() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.reserved) + return reserved_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_reserved() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.reserved) + return &reserved_; +} + +// repeated uint32 payload_tag = 15 [packed = true]; +inline int AttestationMessage::payload_tag_size() const { + return payload_tag_.size(); +} +inline void AttestationMessage::clear_payload_tag() { + payload_tag_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::payload_tag(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.payload_tag) + return payload_tag_.Get(index); +} +inline void AttestationMessage::set_payload_tag(int index, ::google::protobuf::uint32 value) { + payload_tag_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.payload_tag) +} +inline void AttestationMessage::add_payload_tag(::google::protobuf::uint32 value) { + payload_tag_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.payload_tag) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::payload_tag() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.payload_tag) + return payload_tag_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_payload_tag() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.payload_tag) + return &payload_tag_; +} + +// repeated uint32 payload = 16 [packed = true]; +inline int AttestationMessage::payload_size() const { + return payload_.size(); +} +inline void AttestationMessage::clear_payload() { + payload_.Clear(); +} +inline ::google::protobuf::uint32 AttestationMessage::payload(int index) const { + // @@protoc_insertion_point(field_get:Messages.AttestationMessage.payload) + return payload_.Get(index); +} +inline void AttestationMessage::set_payload(int index, ::google::protobuf::uint32 value) { + payload_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.AttestationMessage.payload) +} +inline void AttestationMessage::add_payload(::google::protobuf::uint32 value) { + payload_.Add(value); + // @@protoc_insertion_point(field_add:Messages.AttestationMessage.payload) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +AttestationMessage::payload() const { + // @@protoc_insertion_point(field_list:Messages.AttestationMessage.payload) + return payload_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +AttestationMessage::mutable_payload() { + // @@protoc_insertion_point(field_mutable_list:Messages.AttestationMessage.payload) + return &payload_; +} + +// ------------------------------------------------------------------- + +// SecretMessage + +// required uint32 type = 1; +inline bool SecretMessage::has_type() const { + return (_has_bits_[0] & 0x00000001u) != 0; +} +inline void SecretMessage::set_has_type() { + _has_bits_[0] |= 0x00000001u; +} +inline void SecretMessage::clear_has_type() { + _has_bits_[0] &= ~0x00000001u; +} +inline void SecretMessage::clear_type() { + type_ = 0u; + clear_has_type(); +} +inline ::google::protobuf::uint32 SecretMessage::type() const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.type) + return type_; +} +inline void SecretMessage::set_type(::google::protobuf::uint32 value) { + set_has_type(); + type_ = value; + // @@protoc_insertion_point(field_set:Messages.SecretMessage.type) +} + +// required uint32 size = 2; +inline bool SecretMessage::has_size() const { + return (_has_bits_[0] & 0x00000002u) != 0; +} +inline void SecretMessage::set_has_size() { + _has_bits_[0] |= 0x00000002u; +} +inline void SecretMessage::clear_has_size() { + _has_bits_[0] &= ~0x00000002u; +} +inline void SecretMessage::clear_size() { + size_ = 0u; + clear_has_size(); +} +inline ::google::protobuf::uint32 SecretMessage::size() const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.size) + return size_; +} +inline void SecretMessage::set_size(::google::protobuf::uint32 value) { + set_has_size(); + size_ = value; + // @@protoc_insertion_point(field_set:Messages.SecretMessage.size) +} + +// optional uint32 encryped_pkey_size = 3; +inline bool SecretMessage::has_encryped_pkey_size() const { + return (_has_bits_[0] & 0x00000004u) != 0; +} +inline void SecretMessage::set_has_encryped_pkey_size() { + _has_bits_[0] |= 0x00000004u; +} +inline void SecretMessage::clear_has_encryped_pkey_size() { + _has_bits_[0] &= ~0x00000004u; +} +inline void SecretMessage::clear_encryped_pkey_size() { + encryped_pkey_size_ = 0u; + clear_has_encryped_pkey_size(); +} +inline ::google::protobuf::uint32 SecretMessage::encryped_pkey_size() const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encryped_pkey_size) + return encryped_pkey_size_; +} +inline void SecretMessage::set_encryped_pkey_size(::google::protobuf::uint32 value) { + set_has_encryped_pkey_size(); + encryped_pkey_size_ = value; + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encryped_pkey_size) +} + +// optional uint32 encryped_x509_size = 4; +inline bool SecretMessage::has_encryped_x509_size() const { + return (_has_bits_[0] & 0x00000008u) != 0; +} +inline void SecretMessage::set_has_encryped_x509_size() { + _has_bits_[0] |= 0x00000008u; +} +inline void SecretMessage::clear_has_encryped_x509_size() { + _has_bits_[0] &= ~0x00000008u; +} +inline void SecretMessage::clear_encryped_x509_size() { + encryped_x509_size_ = 0u; + clear_has_encryped_x509_size(); +} +inline ::google::protobuf::uint32 SecretMessage::encryped_x509_size() const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encryped_x509_size) + return encryped_x509_size_; +} +inline void SecretMessage::set_encryped_x509_size(::google::protobuf::uint32 value) { + set_has_encryped_x509_size(); + encryped_x509_size_ = value; + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encryped_x509_size) +} + +// repeated uint32 encrypted_content = 5 [packed = true]; +inline int SecretMessage::encrypted_content_size() const { + return encrypted_content_.size(); +} +inline void SecretMessage::clear_encrypted_content() { + encrypted_content_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::encrypted_content(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encrypted_content) + return encrypted_content_.Get(index); +} +inline void SecretMessage::set_encrypted_content(int index, ::google::protobuf::uint32 value) { + encrypted_content_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encrypted_content) +} +inline void SecretMessage::add_encrypted_content(::google::protobuf::uint32 value) { + encrypted_content_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.encrypted_content) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::encrypted_content() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.encrypted_content) + return encrypted_content_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_encrypted_content() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.encrypted_content) + return &encrypted_content_; +} + +// repeated uint32 mac_smk = 6 [packed = true]; +inline int SecretMessage::mac_smk_size() const { + return mac_smk_.size(); +} +inline void SecretMessage::clear_mac_smk() { + mac_smk_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::mac_smk(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.mac_smk) + return mac_smk_.Get(index); +} +inline void SecretMessage::set_mac_smk(int index, ::google::protobuf::uint32 value) { + mac_smk_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.mac_smk) +} +inline void SecretMessage::add_mac_smk(::google::protobuf::uint32 value) { + mac_smk_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.mac_smk) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::mac_smk() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.mac_smk) + return mac_smk_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_mac_smk() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.mac_smk) + return &mac_smk_; +} + +// repeated uint32 encrypted_pkey = 7 [packed = true]; +inline int SecretMessage::encrypted_pkey_size() const { + return encrypted_pkey_.size(); +} +inline void SecretMessage::clear_encrypted_pkey() { + encrypted_pkey_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::encrypted_pkey(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encrypted_pkey) + return encrypted_pkey_.Get(index); +} +inline void SecretMessage::set_encrypted_pkey(int index, ::google::protobuf::uint32 value) { + encrypted_pkey_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encrypted_pkey) +} +inline void SecretMessage::add_encrypted_pkey(::google::protobuf::uint32 value) { + encrypted_pkey_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.encrypted_pkey) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::encrypted_pkey() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.encrypted_pkey) + return encrypted_pkey_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_encrypted_pkey() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.encrypted_pkey) + return &encrypted_pkey_; +} + +// repeated uint32 encrypted_pkey_mac_smk = 8 [packed = true]; +inline int SecretMessage::encrypted_pkey_mac_smk_size() const { + return encrypted_pkey_mac_smk_.size(); +} +inline void SecretMessage::clear_encrypted_pkey_mac_smk() { + encrypted_pkey_mac_smk_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::encrypted_pkey_mac_smk(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encrypted_pkey_mac_smk) + return encrypted_pkey_mac_smk_.Get(index); +} +inline void SecretMessage::set_encrypted_pkey_mac_smk(int index, ::google::protobuf::uint32 value) { + encrypted_pkey_mac_smk_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encrypted_pkey_mac_smk) +} +inline void SecretMessage::add_encrypted_pkey_mac_smk(::google::protobuf::uint32 value) { + encrypted_pkey_mac_smk_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.encrypted_pkey_mac_smk) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::encrypted_pkey_mac_smk() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.encrypted_pkey_mac_smk) + return encrypted_pkey_mac_smk_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_encrypted_pkey_mac_smk() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.encrypted_pkey_mac_smk) + return &encrypted_pkey_mac_smk_; +} + +// repeated uint32 encrypted_x509 = 9 [packed = true]; +inline int SecretMessage::encrypted_x509_size() const { + return encrypted_x509_.size(); +} +inline void SecretMessage::clear_encrypted_x509() { + encrypted_x509_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::encrypted_x509(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encrypted_x509) + return encrypted_x509_.Get(index); +} +inline void SecretMessage::set_encrypted_x509(int index, ::google::protobuf::uint32 value) { + encrypted_x509_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encrypted_x509) +} +inline void SecretMessage::add_encrypted_x509(::google::protobuf::uint32 value) { + encrypted_x509_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.encrypted_x509) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::encrypted_x509() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.encrypted_x509) + return encrypted_x509_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_encrypted_x509() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.encrypted_x509) + return &encrypted_x509_; +} + +// repeated uint32 encrypted_x509_mac_smk = 10 [packed = true]; +inline int SecretMessage::encrypted_x509_mac_smk_size() const { + return encrypted_x509_mac_smk_.size(); +} +inline void SecretMessage::clear_encrypted_x509_mac_smk() { + encrypted_x509_mac_smk_.Clear(); +} +inline ::google::protobuf::uint32 SecretMessage::encrypted_x509_mac_smk(int index) const { + // @@protoc_insertion_point(field_get:Messages.SecretMessage.encrypted_x509_mac_smk) + return encrypted_x509_mac_smk_.Get(index); +} +inline void SecretMessage::set_encrypted_x509_mac_smk(int index, ::google::protobuf::uint32 value) { + encrypted_x509_mac_smk_.Set(index, value); + // @@protoc_insertion_point(field_set:Messages.SecretMessage.encrypted_x509_mac_smk) +} +inline void SecretMessage::add_encrypted_x509_mac_smk(::google::protobuf::uint32 value) { + encrypted_x509_mac_smk_.Add(value); + // @@protoc_insertion_point(field_add:Messages.SecretMessage.encrypted_x509_mac_smk) +} +inline const ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >& +SecretMessage::encrypted_x509_mac_smk() const { + // @@protoc_insertion_point(field_list:Messages.SecretMessage.encrypted_x509_mac_smk) + return encrypted_x509_mac_smk_; +} +inline ::google::protobuf::RepeatedField< ::google::protobuf::uint32 >* +SecretMessage::mutable_encrypted_x509_mac_smk() { + // @@protoc_insertion_point(field_mutable_list:Messages.SecretMessage.encrypted_x509_mac_smk) + return &encrypted_x509_mac_smk_; +} + + +// @@protoc_insertion_point(namespace_scope) + +} // namespace Messages + +#ifndef SWIG +namespace google { +namespace protobuf { + + +} // namespace google +} // namespace protobuf +#endif // SWIG + +// @@protoc_insertion_point(global_scope) + +#endif // PROTOBUF_Messages_2eproto__INCLUDED diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.proto b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.proto new file mode 100644 index 0000000..b6be8f2 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/GoogleMessages/Messages.proto @@ -0,0 +1,69 @@ +package Messages; + +message InitialMessage { + required uint32 type = 1; + optional uint32 size = 2; +} + +message MessageMsg0 { + required uint32 type = 1; + required uint32 epid = 2; + optional uint32 status = 3; +} + +message MessageMSG1 { + required uint32 type = 1; + repeated uint32 GaX = 2 [packed=true]; + repeated uint32 GaY = 3 [packed=true]; + repeated uint32 GID = 4 [packed=true]; +} + +message MessageMSG2 { + required uint32 type = 1; + optional uint32 size = 2; + repeated uint32 public_key_gx = 3 [packed=true]; + repeated uint32 public_key_gy = 4 [packed=true]; + optional uint32 quote_type = 5; + repeated uint32 spid = 6 [packed=true]; + optional uint32 cmac_kdf_id = 7; + repeated uint32 signature_x = 8 [packed=true]; + repeated uint32 signature_y = 9 [packed=true]; + repeated uint32 smac = 10 [packed=true]; + optional uint32 size_sigrl = 11; + repeated uint32 sigrl = 12 [packed=true]; +} + +message MessageMSG3 { + required uint32 type = 1; + optional uint32 size = 2; + repeated uint32 sgx_mac = 3 [packed=true]; + repeated uint32 gax_msg3 = 4 [packed=true]; + repeated uint32 gay_msg3 = 5 [packed=true]; + repeated uint32 sec_property = 6 [packed=true]; + repeated uint32 quote = 7 [packed=true]; +} + +message AttestationMessage { + required uint32 type = 1; + required uint32 size = 2; + + optional uint32 epid_group_status = 3; + optional uint32 tcb_evaluation_status = 4; + optional uint32 pse_evaluation_status = 5; + repeated uint32 latest_equivalent_tcb_psvn = 6 [packed=true]; + repeated uint32 latest_pse_isvsvn = 7 [packed=true]; + repeated uint32 latest_psda_svn = 8 [packed=true]; + repeated uint32 performance_rekey_gid = 9 [packed=true]; + repeated uint32 ec_sign256_x = 10 [packed=true]; + repeated uint32 ec_sign256_y = 11 [packed=true]; + repeated uint32 mac_smk = 12 [packed=true]; + + optional uint32 result_size = 13; + repeated uint32 reserved = 14 [packed=true]; + repeated uint32 payload_tag = 15 [packed=true]; + repeated uint32 payload = 16 [packed=true]; +} + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/LICENSE b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/LICENSE new file mode 100644 index 0000000..18fdec3 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Blackrabbit + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.cpp new file mode 100644 index 0000000..647481a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.cpp @@ -0,0 +1,463 @@ +#include "MessageHandler.h" + +using namespace util; + +MessageHandler::MessageHandler(int port) { + this->nm = NetworkManagerServer::getInstance(port); +} + +MessageHandler::~MessageHandler() { + delete this->enclave; +} + + +int MessageHandler::init() { + this->nm->Init(); + this->nm->connectCallbackHandler([this](string v, int type) { + return this->incomingHandler(v, type); + }); +} + + +void MessageHandler::start() { + this->nm->startService(); +} + + +sgx_status_t MessageHandler::initEnclave() { + this->enclave = Enclave::getInstance(); + return this->enclave->createEnclave(); +} + + +sgx_status_t MessageHandler::getEnclaveStatus() { + return this->enclave->getStatus(); +} + + +uint32_t MessageHandler::getExtendedEPID_GID(uint32_t *extended_epid_group_id) { + int ret = sgx_get_extended_epid_group_id(extended_epid_group_id); + + if (SGX_SUCCESS != ret) { + Log("Error, call sgx_get_extended_epid_group_id fail: 0x%x", ret); + print_error_message((sgx_status_t)ret); + return ret; + } else + Log("Call sgx_get_extended_epid_group_id success"); + + return ret; +} + + +string MessageHandler::generateMSG0() { + Log("Call MSG0 generate"); + + uint32_t extended_epid_group_id; + int ret = this->getExtendedEPID_GID(&extended_epid_group_id); + + Messages::MessageMsg0 msg; + msg.set_type(RA_MSG0); + + if (ret == SGX_SUCCESS) { + msg.set_epid(extended_epid_group_id); + } else { + msg.set_status(TYPE_TERMINATE); + msg.set_epid(0); + } + return nm->serialize(msg); +} + + +string MessageHandler::generateMSG1() { + int retGIDStatus = 0; + int count = 0; + sgx_ra_msg1_t sgxMsg1Obj; + + while (1) { + retGIDStatus = sgx_ra_get_msg1(this->enclave->getContext(), + this->enclave->getID(), + sgx_ra_get_ga, + &sgxMsg1Obj); + + if (retGIDStatus == SGX_SUCCESS) { + break; + } else if (retGIDStatus == SGX_ERROR_BUSY) { + if (count == 5) { //retried 5 times, so fail out + Log("Error, sgx_ra_get_msg1 is busy - 5 retries failed", log::error); + break;; + } else { + sleep(3); + count++; + } + } else { //error other than busy + Log("Error, failed to generate MSG1", log::error); + break; + } + } + + + if (SGX_SUCCESS == retGIDStatus) { + Log("MSG1 generated Successfully"); + + Messages::MessageMSG1 msg; + msg.set_type(RA_MSG1); + + for (auto x : sgxMsg1Obj.g_a.gx) + msg.add_gax(x); + + for (auto x : sgxMsg1Obj.g_a.gy) + msg.add_gay(x); + + for (auto x : sgxMsg1Obj.gid) { + msg.add_gid(x); + } + + return nm->serialize(msg); + } + + return ""; +} + + +void MessageHandler::assembleMSG2(Messages::MessageMSG2 msg, sgx_ra_msg2_t **pp_msg2) { + uint32_t size = msg.size(); + + sgx_ra_msg2_t *p_msg2 = NULL; + p_msg2 = (sgx_ra_msg2_t*) malloc(size + sizeof(sgx_ra_msg2_t)); + + uint8_t pub_key_gx[32]; + uint8_t pub_key_gy[32]; + + sgx_ec256_signature_t sign_gb_ga; + sgx_spid_t spid; + + for (int i; i<32; i++) { + pub_key_gx[i] = msg.public_key_gx(i); + pub_key_gy[i] = msg.public_key_gy(i); + } + + for (int i=0; i<16; i++) { + spid.id[i] = msg.spid(i); + } + + for (int i=0; i<8; i++) { + sign_gb_ga.x[i] = msg.signature_x(i); + sign_gb_ga.y[i] = msg.signature_y(i); + } + + memcpy(&p_msg2->g_b.gx, &pub_key_gx, sizeof(pub_key_gx)); + memcpy(&p_msg2->g_b.gy, &pub_key_gy, sizeof(pub_key_gy)); + memcpy(&p_msg2->sign_gb_ga, &sign_gb_ga, sizeof(sign_gb_ga)); + memcpy(&p_msg2->spid, &spid, sizeof(spid)); + + p_msg2->quote_type = (uint16_t)msg.quote_type(); + p_msg2->kdf_id = msg.cmac_kdf_id(); + + uint8_t smac[16]; + for (int i=0; i<16; i++) + smac[i] = msg.smac(i); + + memcpy(&p_msg2->mac, &smac, sizeof(smac)); + + p_msg2->sig_rl_size = msg.size_sigrl(); + uint8_t *sigrl = (uint8_t*) malloc(sizeof(uint8_t) * msg.size_sigrl()); + + for (int i=0; isig_rl, &sigrl, msg.size_sigrl()); + + *pp_msg2 = p_msg2; +} + + +string MessageHandler::handleMSG2(Messages::MessageMSG2 msg) { + Log("Received MSG2"); + + uint32_t size = msg.size(); + + sgx_ra_msg2_t *p_msg2; + this->assembleMSG2(msg, &p_msg2); + + sgx_ra_msg3_t *p_msg3 = NULL; + uint32_t msg3_size; + int ret = 0; + + do { + ret = sgx_ra_proc_msg2(this->enclave->getContext(), + this->enclave->getID(), + sgx_ra_proc_msg2_trusted, + sgx_ra_get_msg3_trusted, + p_msg2, + size, + &p_msg3, + &msg3_size); + } while (SGX_ERROR_BUSY == ret && busy_retry_time--); + + SafeFree(p_msg2); + + if (SGX_SUCCESS != (sgx_status_t)ret) { + Log("Error, call sgx_ra_proc_msg2 fail, error code: 0x%x", ret); + } else { + Log("Call sgx_ra_proc_msg2 success"); + + Messages::MessageMSG3 msg3; + + msg3.set_type(RA_MSG3); + msg3.set_size(msg3_size); + + for (int i=0; imac[i]); + + for (int i=0; ig_a.gx[i]); + msg3.add_gay_msg3(p_msg3->g_a.gy[i]); + } + + for (int i=0; i<256; i++) { + msg3.add_sec_property(p_msg3->ps_sec_prop.sgx_ps_sec_prop_desc[i]); + } + + + for (int i=0; i<1116; i++) { + msg3.add_quote(p_msg3->quote[i]); + } + + SafeFree(p_msg3); + + return nm->serialize(msg3); + } + + SafeFree(p_msg3); + + return ""; +} + + +void MessageHandler::assembleAttestationMSG(Messages::AttestationMessage msg, ra_samp_response_header_t **pp_att_msg) { + sample_ra_att_result_msg_t *p_att_result_msg = NULL; + ra_samp_response_header_t* p_att_result_msg_full = NULL; + + int total_size = msg.size() + sizeof(ra_samp_response_header_t) + msg.result_size(); + p_att_result_msg_full = (ra_samp_response_header_t*) malloc(total_size); + + memset(p_att_result_msg_full, 0, total_size); + p_att_result_msg_full->type = RA_ATT_RESULT; + p_att_result_msg_full->size = msg.size(); + + p_att_result_msg = (sample_ra_att_result_msg_t *) p_att_result_msg_full->body; + + p_att_result_msg->platform_info_blob.sample_epid_group_status = msg.epid_group_status(); + p_att_result_msg->platform_info_blob.sample_tcb_evaluation_status = msg.tcb_evaluation_status(); + p_att_result_msg->platform_info_blob.pse_evaluation_status = msg.pse_evaluation_status(); + + for (int i=0; iplatform_info_blob.latest_equivalent_tcb_psvn[i] = msg.latest_equivalent_tcb_psvn(i); + + for (int i=0; iplatform_info_blob.latest_pse_isvsvn[i] = msg.latest_pse_isvsvn(i); + + for (int i=0; iplatform_info_blob.latest_psda_svn[i] = msg.latest_psda_svn(i); + + for (int i=0; iplatform_info_blob.performance_rekey_gid[i] = msg.performance_rekey_gid(i); + + for (int i=0; iplatform_info_blob.signature.x[i] = msg.ec_sign256_x(i); + p_att_result_msg->platform_info_blob.signature.y[i] = msg.ec_sign256_y(i); + } + + for (int i=0; imac[i] = msg.mac_smk(i); + + + p_att_result_msg->secret.payload_size = msg.result_size(); + + for (int i=0; i<12; i++) + p_att_result_msg->secret.reserved[i] = msg.reserved(i); + + for (int i=0; isecret.payload_tag[i] = msg.payload_tag(i); + + for (int i=0; isecret.payload_tag[i] = msg.payload_tag(i); + + for (int i=0; isecret.payload[i] = (uint8_t)msg.payload(i); + } + + *pp_att_msg = p_att_result_msg_full; +} + + +string MessageHandler::handleAttestationResult(Messages::AttestationMessage msg) { + Log("Received Attestation result"); + + ra_samp_response_header_t *p_att_result_msg_full = NULL; + this->assembleAttestationMSG(msg, &p_att_result_msg_full); + sample_ra_att_result_msg_t *p_att_result_msg_body = (sample_ra_att_result_msg_t *) ((uint8_t*) p_att_result_msg_full + sizeof(ra_samp_response_header_t)); + + sgx_status_t status; + sgx_status_t ret; + + ret = verify_att_result_mac(this->enclave->getID(), + &status, + this->enclave->getContext(), + (uint8_t*)&p_att_result_msg_body->platform_info_blob, + sizeof(ias_platform_info_blob_t), + (uint8_t*)&p_att_result_msg_body->mac, + sizeof(sgx_mac_t)); + + + if ((SGX_SUCCESS != ret) || (SGX_SUCCESS != status)) { + Log("Error: INTEGRITY FAILED - attestation result message MK based cmac failed", log::error); + return ""; + } + + if (0 != p_att_result_msg_full->status[0] || 0 != p_att_result_msg_full->status[1]) { + Log("Error, attestation mac result message MK based cmac failed", log::error); + } else { + ret = verify_secret_data(this->enclave->getID(), + &status, + this->enclave->getContext(), + p_att_result_msg_body->secret.payload, + p_att_result_msg_body->secret.payload_size, + p_att_result_msg_body->secret.payload_tag, + MAX_VERIFICATION_RESULT, + NULL); + + SafeFree(p_att_result_msg_full); + + if (SGX_SUCCESS != ret) { + Log("Error, attestation result message secret using SK based AESGCM failed", log::error); + print_error_message(ret); + } else if (SGX_SUCCESS != status) { + Log("Error, attestation result message secret using SK based AESGCM failed", log::error); + print_error_message(status); + } else { + Log("Send attestation okay"); + + Messages::InitialMessage msg; + msg.set_type(RA_APP_ATT_OK); + msg.set_size(0); + + return nm->serialize(msg); + } + } + + SafeFree(p_att_result_msg_full); + + return ""; +} + + +string MessageHandler::handleMSG0(Messages::MessageMsg0 msg) { + Log("MSG0 response received"); + + if (msg.status() == TYPE_OK) { + sgx_status_t ret = this->initEnclave(); + + if (SGX_SUCCESS != ret || this->getEnclaveStatus()) { + Log("Error, call enclave_init_ra fail", log::error); + } else { + Log("Call enclave_init_ra success"); + Log("Sending msg1 to remote attestation service provider. Expecting msg2 back"); + + auto ret = this->generateMSG1(); + + return ret; + } + + } else { + Log("MSG0 response status was not OK", log::error); + } + + return ""; +} + + +string MessageHandler::handleVerification() { + Log("Verification request received"); + return this->generateMSG0(); +} + + +string MessageHandler::createInitMsg(int type, string msg) { + Messages::SecretMessage init_msg; + init_msg.set_type(type); + init_msg.set_size(msg.size()); + + return nm->serialize(init_msg); +} + + +vector MessageHandler::incomingHandler(string v, int type) { + vector res; + string s; + bool ret; + + switch (type) { + case RA_VERIFICATION: { //Verification request + Messages::InitialMessage init_msg; + ret = init_msg.ParseFromString(v); + if (ret && init_msg.type() == RA_VERIFICATION) { + s = this->handleVerification(); + res.push_back(to_string(RA_MSG0)); + } + } + break; + case RA_MSG0: { //Reply to MSG0 + Messages::MessageMsg0 msg0; + ret = msg0.ParseFromString(v); + if (ret && (msg0.type() == RA_MSG0)) { + s = this->handleMSG0(msg0); + res.push_back(to_string(RA_MSG1)); + } + } + break; + case RA_MSG2: { //MSG2 + Messages::MessageMSG2 msg2; + ret = msg2.ParseFromString(v); + if (ret && (msg2.type() == RA_MSG2)) { + s = this->handleMSG2(msg2); + res.push_back(to_string(RA_MSG3)); + } + } + break; + case RA_ATT_RESULT: { //Reply to MSG3 + Messages::AttestationMessage att_msg; + ret = att_msg.ParseFromString(v); + if (ret && att_msg.type() == RA_ATT_RESULT) { + s = this->handleAttestationResult(att_msg); + res.push_back(to_string(RA_APP_ATT_OK)); + } + } + break; + default: + Log("Unknown type: %d", type, log::error); + break; + } + + res.push_back(s); + + return res; +} + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.h new file mode 100644 index 0000000..52bc904 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/MessageHandler/MessageHandler.h @@ -0,0 +1,68 @@ +#ifndef MESSAGEHANDLER_H +#define MESSAGEHANDLER_H + +#include +#include +#include +#include +#include +#include + +#include "Enclave.h" +#include "NetworkManagerServer.h" +#include "Messages.pb.h" +#include "UtilityFunctions.h" +#include "remote_attestation_result.h" +#include "LogBase.h" +#include "../GeneralSettings.h" + +using namespace std; +using namespace util; + +class MessageHandler { + +public: + MessageHandler(int port = Settings::rh_port); + virtual ~MessageHandler(); + + sgx_ra_msg3_t* getMSG3(); + int init(); + void start(); + vector incomingHandler(string v, int type); + +private: + sgx_status_t initEnclave(); + uint32_t getExtendedEPID_GID(uint32_t *extended_epid_group_id); + sgx_status_t getEnclaveStatus(); + + void assembleAttestationMSG(Messages::AttestationMessage msg, ra_samp_response_header_t **pp_att_msg); + string handleAttestationResult(Messages::AttestationMessage msg); + void assembleMSG2(Messages::MessageMSG2 msg, sgx_ra_msg2_t **pp_msg2); + string handleMSG2(Messages::MessageMSG2 msg); + string handleMSG0(Messages::MessageMsg0 msg); + string generateMSG1(); + string handleVerification(); + string generateMSG0(); + string createInitMsg(int type, string msg); + +protected: + Enclave *enclave = NULL; + +private: + int busy_retry_time = 4; + NetworkManagerServer *nm = NULL; + +}; + +#endif + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.cpp new file mode 100644 index 0000000..df6bfca --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.cpp @@ -0,0 +1,121 @@ +#include "AbstractNetworkOps.h" +#include +#include + +using namespace util; + +AbstractNetworkOps::AbstractNetworkOps(boost::asio::io_service& io_service, boost::asio::ssl::context& context) : socket_(io_service, context) {} + +AbstractNetworkOps::~AbstractNetworkOps() {} + + +AbstractNetworkOps::ssl_socket::lowest_layer_type& AbstractNetworkOps::socket() { + return socket_.lowest_layer(); +} + + +void AbstractNetworkOps::saveCloseSocket() { + boost::system::error_code ec; + + socket_.lowest_layer().cancel(); + + if (ec) { + stringstream ss; + Log("Socket shutdown error: %s", ec.message()); + } else { + socket_.lowest_layer().close(); + } +} + + +void AbstractNetworkOps::read() { + char buffer_header[20]; + memset(buffer_header, '\0', 20); + + boost::system::error_code ec; + int read = boost::asio::read(socket_, boost::asio::buffer(buffer_header, 20), ec); + + if (ec) { + if ((boost::asio::error::eof == ec) || (boost::asio::error::connection_reset == ec)) { + Log("Connection has been closed by remote host"); + } else { + Log("Unknown socket error while reading occured!", log::error); + } + } else { + vector incomming; + boost::split(incomming, buffer_header, boost::is_any_of("@")); + + int msg_size = boost::lexical_cast(incomming[0]); + int type = boost::lexical_cast(incomming[1]); + + char *buffer = (char*) malloc(sizeof(char) * msg_size); + memset(buffer, '\0', sizeof(char)*msg_size); + + read = boost::asio::read(socket_, boost::asio::buffer(buffer, msg_size)); + + process_read(buffer, msg_size, type); + } +} + + +void AbstractNetworkOps::send(vector v) { + string type = v[0]; + string msg = v[1]; + + if (msg.size() > 0) { + const char *msg_c = msg.c_str(); + int msg_length = msg.size(); + + string header = to_string(msg_length) + "@" + type; + + char buffer_header[20]; + memset(buffer_header, '\0', 20); + memcpy(buffer_header, header.c_str(), header.length()); + + boost::asio::write(socket_, boost::asio::buffer(buffer_header, 20)); + + char *buffer_msg = (char*) malloc(sizeof(char) * msg_length); + + memset(buffer_msg, '\0', sizeof(char) * msg_length); + memcpy(buffer_msg, msg_c, msg_length); + + boost::asio::write(socket_, boost::asio::buffer(buffer_msg, msg_length)); + + free(buffer_msg); + + this->read(); + } else { + this->saveCloseSocket(); + } +} + + +void AbstractNetworkOps::setCallbackHandler(CallbackHandler cb) { + this->callback_handler = cb; +} + + +void AbstractNetworkOps::process_read(char* buffer, int msg_size, int type) { + std::string str(reinterpret_cast(buffer), msg_size); + + free(buffer); + + auto msg = this->callback_handler(str, type); + + if (msg.size() == 2 && msg[0].size() > 0 && msg[1].size() > 0) { + Log("Send to client"); + send(msg); + } else { + Log("Close connection"); + this->saveCloseSocket(); + } +} + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.h new file mode 100644 index 0000000..2ac6dca --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/AbstractNetworkOps.h @@ -0,0 +1,55 @@ +#ifndef ABSTRACTNETWORKOPS_H +#define ABSTRACTNETWORKOPS_H + +#include "LogBase.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +using namespace std; + +typedef function(string, int)> CallbackHandler; + +class AbstractNetworkOps { + + typedef boost::asio::ssl::stream ssl_socket; + +public: + AbstractNetworkOps(); + AbstractNetworkOps(boost::asio::io_service& io_service, boost::asio::ssl::context& context); + virtual ~AbstractNetworkOps(); + ssl_socket::lowest_layer_type& socket(); + void setCallbackHandler(CallbackHandler cb); + +protected: + ssl_socket socket_; + enum { max_length = 1024 }; + CallbackHandler callback_handler = NULL; + +protected: + void read(); + void send(vector); + void process_read(char* buffer, int size, int type); + +private: + void saveCloseSocket(); + +}; + + +#endif + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.cpp new file mode 100644 index 0000000..979d822 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.cpp @@ -0,0 +1,72 @@ +#include "Client.h" +#include "LogBase.h" +#include "Network_def.h" +#include "Messages.pb.h" + +#include + +using namespace util; + +Client::Client(boost::asio::io_service& io_service, + boost::asio::ssl::context& context, + boost::asio::ip::tcp::resolver::iterator endpoint_iterator) : AbstractNetworkOps(io_service, context) { + socket_.set_verify_mode(boost::asio::ssl::verify_peer); + socket_.set_verify_callback(boost::bind(&Client::verify_certificate, this, _1, _2)); + + this->endpoint_iterator = endpoint_iterator; +} + +Client::~Client() {} + + +void Client::startConnection() { + Log("Start connecting..."); + + boost::system::error_code ec; + boost::asio::connect(socket_.lowest_layer(), this->endpoint_iterator, ec); + + handle_connect(ec); +} + + +bool Client::verify_certificate(bool preverified, boost::asio::ssl::verify_context& ctx) { + char subject_name[256]; + X509* cert = X509_STORE_CTX_get_current_cert(ctx.native_handle()); + X509_NAME_oneline(X509_get_subject_name(cert), subject_name, 256); + + Log("Verifying certificate: %s", subject_name); + + return preverified; +} + + +void Client::handle_connect(const boost::system::error_code &error) { + if (!error) { + Log("Connection established"); + + boost::system::error_code ec; + socket_.handshake(boost::asio::ssl::stream_base::client, ec); + + handle_handshake(ec); + } else { + Log("Connect failed: %s", error.message(), log::error); + } +} + + +void Client::handle_handshake(const boost::system::error_code& error) { + if (!error) { + Log("Handshake successful"); + + auto ret = this->callback_handler("", -1); + send(ret); + } else { + Log("Handshake failed: %s", error.message(), log::error); + } +} + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.h new file mode 100644 index 0000000..e1bf1fd --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Client.h @@ -0,0 +1,25 @@ +#ifndef CLIENT_H +#define CLIENT_H + +#include "AbstractNetworkOps.h" + +using namespace std; + +class Client : public AbstractNetworkOps { + +public: + Client(boost::asio::io_service& io_service, boost::asio::ssl::context& context, boost::asio::ip::tcp::resolver::iterator endpoint_iterator); + + virtual ~Client(); + bool verify_certificate(bool preverified, boost::asio::ssl::verify_context& ctx); + void handle_connect(const boost::system::error_code& error); + void handle_handshake(const boost::system::error_code& error); + + void startConnection(); + +private: + boost::asio::ip::tcp::resolver::iterator endpoint_iterator; + +}; + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.cpp new file mode 100644 index 0000000..e8b4d4f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.cpp @@ -0,0 +1,24 @@ +#include "NetworkManager.h" + +NetworkManager::NetworkManager() {} + +NetworkManager::~NetworkManager() {} + + +void NetworkManager::setPort(int port) { + this->port = port; +} + + +void NetworkManager::printMsg(bool send, const char* msg) { + string s(msg); + replace(s.begin(), s.end(), '\n', '-'); + if (send) + Log("Send msg: '%s'", s); + else + Log("Received msg: '%s'", s); +} + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.h new file mode 100644 index 0000000..f0d6cc0 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManager.h @@ -0,0 +1,61 @@ +#ifndef NETWORKMANAGER_H +#define NETWORKMANAGER_H + +#include "Server.h" +#include "Client.h" +#include "LogBase.h" +#include "Network_def.h" + +#include +#include +#include +#include +#include +#include +#include + +using namespace std; +using namespace util; + +class NetworkManager { + + typedef boost::asio::ssl::stream ssl_socket; + +public: + NetworkManager(); + virtual ~NetworkManager(); + void sendMsg(); + void Init(); + void setPort(int port); + void printMsg(bool send, const char* msg); + + template + string serialize(T msg) { + string s; + if (msg.SerializeToString(&s)) { + Log("Serialization successful"); + return s; + } else { + Log("Serialization failed", log::error); + return ""; + } + } + +public: + boost::asio::io_service io_service; + int port; +}; + + +#endif + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.cpp new file mode 100644 index 0000000..d5d40b4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.cpp @@ -0,0 +1,75 @@ +#include "NetworkManagerClient.h" +#include "../GeneralSettings.h" + +NetworkManagerClient* NetworkManagerClient::instance = NULL; + +NetworkManagerClient::NetworkManagerClient() {} + + +void NetworkManagerClient::Init() { + if (client) { + delete client; + client = NULL; + } + + boost::asio::ip::tcp::resolver resolver(this->io_service); + boost::asio::ip::tcp::resolver::query query(this->host, std::to_string(this->port).c_str()); + boost::asio::ip::tcp::resolver::iterator iterator = resolver.resolve(query); + + boost::asio::ssl::context ctx(boost::asio::ssl::context::sslv23); + ctx.load_verify_file(Settings::server_crt); + + this->client = new Client(io_service, ctx, iterator); +} + + +NetworkManagerClient* NetworkManagerClient::getInstance(int port, std::string host) { + if (instance == NULL) { + instance = new NetworkManagerClient(); + instance->setPort(port); + instance->setHost(host); + } + + return instance; +} + + +void NetworkManagerClient::startService() { + this->client->startConnection(); +} + + +void NetworkManagerClient::setHost(std::string host) { + this->host = host; +} + + +void NetworkManagerClient::connectCallbackHandler(CallbackHandler cb) { + this->client->setCallbackHandler(cb); +} + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.h new file mode 100644 index 0000000..ba77b8a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerClient.h @@ -0,0 +1,22 @@ +#include "NetworkManager.h" + +class NetworkManagerClient : public NetworkManager { + +public: + static NetworkManagerClient* getInstance(int port, std::string host = "localhost"); + void Init(); + void connectCallbackHandler(CallbackHandler cb); + void startService(); + void setHost(std::string host); + +private: + NetworkManagerClient(); + +private: + static NetworkManagerClient* instance; + std::string host; + Client *client = NULL; +}; + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.cpp new file mode 100644 index 0000000..d3eb472 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.cpp @@ -0,0 +1,33 @@ +#include "NetworkManagerServer.h" + +NetworkManagerServer* NetworkManagerServer::instance = NULL; + +NetworkManagerServer::NetworkManagerServer() {} + + +void NetworkManagerServer::Init() { + this->server = new Server(this->io_service, this->port); +} + + +NetworkManagerServer* NetworkManagerServer::getInstance(int port) { + if (instance == NULL) { + instance = new NetworkManagerServer(); + instance->setPort(port); + } + + return instance; +} + + +void NetworkManagerServer::startService() { + this->server->start_accept(); + this->io_service.run(); +} + + +void NetworkManagerServer::connectCallbackHandler(CallbackHandler cb) { + this->server->connectCallbackHandler(cb); +} + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.h new file mode 100644 index 0000000..51ee151 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/NetworkManagerServer.h @@ -0,0 +1,21 @@ +#include "NetworkManager.h" + +class NetworkManagerServer : public NetworkManager { + +public: + static NetworkManagerServer* getInstance(int port); + void Init(); + void connectCallbackHandler(CallbackHandler cb); + void startService(); + +private: + NetworkManagerServer(); + +private: + static NetworkManagerServer* instance; + Server *server = NULL; + +}; + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Network_def.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Network_def.h new file mode 100644 index 0000000..4d2b1d2 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Network_def.h @@ -0,0 +1,42 @@ +#ifndef NETWORK_DEF_H +#define NETWORK_DEF_H + +#define MAX_VERIFICATION_RESULT 2 + +typedef enum _ra_msg_types { + RA_MSG0, + RA_MSG1, + RA_MSG2, + RA_MSG3, + RA_ATT_RESULT, + RA_VERIFICATION, + RA_APP_ATT_OK +} ra_msg_types; + + +typedef enum _ra_msg { + TYPE_OK, + TYPE_TERMINATE +} ra_msg; + + +#pragma pack(1) +typedef struct _ra_samp_request_header_t { + uint8_t type; /* set to one of ra_msg_type_t*/ + uint32_t size; /*size of request body*/ + uint8_t align[3]; + uint8_t body[]; +} ra_samp_request_header_t; + +typedef struct _ra_samp_response_header_t { + uint8_t type; /* set to one of ra_msg_type_t*/ + uint8_t status[2]; + uint32_t size; /*size of the response body*/ + uint8_t align[1]; + uint8_t body[]; +} ra_samp_response_header_t; + +#pragma pack() + + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.cpp new file mode 100644 index 0000000..ae978a0 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.cpp @@ -0,0 +1,53 @@ +#include "Server.h" +#include "../GeneralSettings.h" + +using namespace util; + +Server::Server(boost::asio::io_service& io_service, int port) : io_service_(io_service), acceptor_(io_service, + boost::asio::ip::tcp::endpoint(boost::asio::ip::tcp::v4(), port)), + context_(boost::asio::ssl::context::sslv23) { + + this->context_.set_options(boost::asio::ssl::context::default_workarounds + | boost::asio::ssl::context::no_sslv2 + | boost::asio::ssl::context::single_dh_use); + + this->context_.use_certificate_chain_file(Settings::server_crt); + this->context_.use_private_key_file(Settings::server_key, boost::asio::ssl::context::pem); + + Log("Certificate \"" + Settings::server_crt + "\" set"); + Log("Server running on port: %d", port); +} + + +Server::~Server() {} + + +void Server::start_accept() { + Session *new_session = new Session(io_service_, context_); + new_session->setCallbackHandler(this->callback_handler); + acceptor_.async_accept(new_session->socket(), boost::bind(&Server::handle_accept, this, new_session, boost::asio::placeholders::error)); +} + + +void Server::handle_accept(Session* new_session, const boost::system::error_code& error) { + if (!error) { + Log("New accept request, starting new session"); + new_session->start(); + } else { + delete new_session; + } + + start_accept(); +} + +void Server::connectCallbackHandler(CallbackHandler cb) { + this->callback_handler = cb; +} + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.h new file mode 100644 index 0000000..ccb62ae --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Server.h @@ -0,0 +1,36 @@ +#ifndef SERVER_H +#define SERVER_H + +#include "Session.h" +#include "LogBase.h" + +#include +#include +#include +#include +#include + + +class Server { + + typedef boost::asio::ssl::stream ssl_socket; + +public: + Server(boost::asio::io_service& io_service, int port); + virtual ~Server(); + std::string get_password() const; + void handle_accept(Session* new_session, const boost::system::error_code& error); + void start_accept(); + void connectCallbackHandler(CallbackHandler cb); + +private: + boost::asio::io_service& io_service_; + boost::asio::ip::tcp::acceptor acceptor_; + boost::asio::ssl::context context_; + CallbackHandler callback_handler; +}; + + +#endif + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.cpp new file mode 100644 index 0000000..4d41f00 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.cpp @@ -0,0 +1,33 @@ +#include "Session.h" + +#include + +using namespace util; + +Session::Session(boost::asio::io_service& io_service, boost::asio::ssl::context& context) : AbstractNetworkOps(io_service, context) {} + +Session::~Session() {} + + +void Session::start() { + Log("Connection from %s", socket().remote_endpoint().address().to_string()); + + socket_.async_handshake(boost::asio::ssl::stream_base::server, + boost::bind(&Session::handle_handshake, this, + boost::asio::placeholders::error)); +} + + +void Session::handle_handshake(const boost::system::error_code& error) { + if (!error) { + Log("Handshake successful"); + this->read(); + } else { + Log("Handshake was not successful: %s", error.message(), log::error); + delete this; + } +} + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.h new file mode 100644 index 0000000..7cd8ec2 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/Session.h @@ -0,0 +1,27 @@ +#ifndef SESSION_H +#define SESSION_H + +#include "AbstractNetworkOps.h" + +using namespace std; + +class Session : public AbstractNetworkOps { + + typedef boost::asio::ssl::stream ssl_socket; + +public: + Session(boost::asio::io_service& io_service, boost::asio::ssl::context& context); + virtual ~Session(); + void start(); + void handle_handshake(const boost::system::error_code& error); + +}; + + +#endif + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/remote_attestation_result.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/remote_attestation_result.h new file mode 100644 index 0000000..3f1f536 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Networking/remote_attestation_result.h @@ -0,0 +1,72 @@ +#ifndef _REMOTE_ATTESTATION_RESULT_H_ +#define _REMOTE_ATTESTATION_RESULT_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SAMPLE_MAC_SIZE 16 /* Message Authentication Code*/ +/* - 16 bytes*/ +typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE]; + +#ifndef SAMPLE_FEBITSIZE +#define SAMPLE_FEBITSIZE 256 +#endif + +#define SAMPLE_NISTP256_KEY_SIZE (SAMPLE_FEBITSIZE/ 8 /sizeof(uint32_t)) + +typedef struct sample_ec_sign256_t { + uint32_t x[SAMPLE_NISTP256_KEY_SIZE]; + uint32_t y[SAMPLE_NISTP256_KEY_SIZE]; +} sample_ec_sign256_t; + +#pragma pack(push,1) + +#define SAMPLE_SP_TAG_SIZE 16 + +typedef struct sp_aes_gcm_data_t { + uint32_t payload_size; /* 0: Size of the payload which is*/ + /* encrypted*/ + uint8_t reserved[12]; /* 4: Reserved bits*/ + uint8_t payload_tag[SAMPLE_SP_TAG_SIZE]; + /* 16: AES-GMAC of the plain text,*/ + /* payload, and the sizes*/ + uint8_t payload[]; /* 32: Ciphertext of the payload*/ + /* followed by the plain text*/ +} sp_aes_gcm_data_t; + + +#define ISVSVN_SIZE 2 +#define PSDA_SVN_SIZE 4 +#define GID_SIZE 4 +#define PSVN_SIZE 18 + +/* @TODO: Modify at production to use the values specified by an Production*/ +/* attestation server API*/ +typedef struct ias_platform_info_blob_t { + uint8_t sample_epid_group_status; + uint16_t sample_tcb_evaluation_status; + uint16_t pse_evaluation_status; + uint8_t latest_equivalent_tcb_psvn[PSVN_SIZE]; + uint8_t latest_pse_isvsvn[ISVSVN_SIZE]; + uint8_t latest_psda_svn[PSDA_SVN_SIZE]; + uint8_t performance_rekey_gid[GID_SIZE]; + sample_ec_sign256_t signature; +} ias_platform_info_blob_t; + + +typedef struct sample_ra_att_result_msg_t { + ias_platform_info_blob_t platform_info_blob; + sample_mac_t mac; /* mac_smk(attestation_status)*/ + sp_aes_gcm_data_t secret; +} sample_ra_att_result_msg_t; + +#pragma pack(pop) + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/README.md b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/README.md new file mode 100644 index 0000000..a670f2d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/README.md @@ -0,0 +1,35 @@ +# Linux SGX remote attestation +Example of a remote attestation with Intel's SGX including the communication with IAS. + +The code requires the installation of Intel SGX [here](https://github.com/01org/linux-sgx) and +the SGX driver [here](https://github.com/01org/linux-sgx-driver). Furthermore, also a developer account +for the usage of IAS has be registered [Deverloper account](https://software.intel.com/en-us/sgx). +After the registration with a certificate (can be self-signed for development purposes), Intel will +respond with a SPID which is needed to communicate with IAS. + +The code consists of two separate programs, the ServiceProvider and the Application. +The message exchange over the network is performed using Google Protocol Buffers. + +## Installation + +Before running the code, some settings have to be set in the ```GeneralSettings.h``` file: +* The application port and IP +* A server certificate and private key are required for the SSL communication between the SP and the Application (which can be self-signed)
+e.g. ```openssl req -x509 -nodes -newkey rsa:4096 -keyout server.key -out server.crt -days 365``` +* The SPID provided by Intel when registering for the developer account +* The certificate sent to Intel when registering for the developer account +* IAS Rest API url (should stay the same) + +To be able to run the above code some external libraries are needed: + +* Google Protocol Buffers (should already be installed with the SGX SDK package) otherwise install ```libprotobuf-dev```, ```libprotobuf-c0-dev``` and ```protobuf-compiler``` + +All other required libraries can be installed with the following command +```sudo apt-get install libboost-thread-dev libboost-system-dev curl libcurl4-openssl-dev libssl-dev liblog4cpp5-dev libjsoncpp-dev``` + + +After the installation of those dependencies, the code can be compiled with the following commands:
+```cd ServiceProvider```
+```make```
+```cd ../Application```
+```make SGX_MODE=HW SGX_PRERELEASE=1``` diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/Makefile new file mode 100644 index 0000000..b97688f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/Makefile @@ -0,0 +1,151 @@ +######## SGX SDK Settings ######## +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= SIM +SGX_ARCH ?= x64 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +ifeq ($(SUPPLIED_KEY_DERIVATION), 1) + SGX_COMMON_CFLAGS += -DSUPPLIED_KEY_DERIVATION +endif + + +######## App Settings ######## +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +App_Cpp_Files := isv_app/isv_app.cpp ../Util/LogBase.cpp ../Networking/NetworkManager.cpp \ +../Networking/Session.cpp ../Networking/Client.cpp ../Networking/Server.cpp isv_app/VerificationManager.cpp ../Networking/NetworkManagerClient.cpp \ +../GoogleMessages/Messages.pb.cpp ../Networking/AbstractNetworkOps.cpp ../Util/UtilityFunctions.cpp ../WebService/WebService.cpp \ +../Util/Base64.cpp + +App_Include_Paths := -Iservice_provider -I$(SGX_SDK)/include -Iheaders -I../Util -I../Networking -Iisv_app -I../GoogleMessages -I/usr/local/include -I../WebService + +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Cpp_Flags := $(App_C_Flags) -std=c++11 -DEnableClient +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -L. -lsgx_ukey_exchange -lpthread -lservice_provider \ +-Wl,-rpath=$(CURDIR)/sample_libcrypto -Wl,-rpath=$(CURDIR) -llog4cpp -lboost_system -L/usr/lib -lssl -lcrypto -lboost_thread -lprotobuf -L /usr/local/lib -ljsoncpp -lcurl + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) + +App_Name := app + + + +######## Service Provider Settings ######## +ServiceProvider_Cpp_Files := service_provider/ecp.cpp ../Util/LogBase.cpp \ +service_provider/ias_ra.cpp ../Util/UtilityFunctions.cpp ../WebService/WebService.cpp service_provider/ServiceProvider.cpp + +ServiceProvider_Include_Paths := -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport -Isample_libcrypto + +ServiceProvider_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes -I$(SGX_SDK)/include -Isample_libcrypto -I/usr/local/include -I../GoogleMessages -I../Util \ +-I../WebService -I../Networking + +ServiceProvider_Cpp_Flags := $(ServiceProvider_C_Flags) -std=c++11 +ServiceProvider_Link_Flags := -shared $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -lsample_libcrypto -Lsample_libcrypto -llog4cpp + +ServiceProvider_Cpp_Objects := $(ServiceProvider_Cpp_Files:.cpp=.o) + +.PHONY: all run + +all: libservice_provider.so $(App_Name) + + + +######## App Objects ######## +isv_app/%.o: isv_app/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../Util/%.o: ../Util/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../Networking/%.o: ../Networking/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../GoogleMessages/%.o: ../GoogleMessages/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +../WebService/%.o: ../WebService/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +CertificateHandler/%.o: CertificateHandler/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): $(App_Cpp_Objects) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + + +######## Service Provider Objects ######## +service_provider/%.o: service_provider/%.cpp + @$(CXX) $(ServiceProvider_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +libservice_provider.so: $(ServiceProvider_Cpp_Objects) + @$(CXX) $^ -o $@ $(ServiceProvider_Link_Flags) + @echo "LINK => $@" + +.PHONY: clean + +clean: + @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) isv_app/isv_enclave_u.* $(Enclave_Cpp_Objects) isv_enclave/isv_enclave_t.* libservice_provider.* $(ServiceProvider_Cpp_Objects) + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.cpp new file mode 100644 index 0000000..c04c34a --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.cpp @@ -0,0 +1,209 @@ +#include "VerificationManager.h" +#include "../GeneralSettings.h" + +#include + +using namespace util; +using namespace std; + +VerificationManager* VerificationManager::instance = NULL; + +VerificationManager::VerificationManager() { + this->nm = NetworkManagerClient::getInstance(Settings::rh_port, Settings::rh_host); + this->ws = WebService::getInstance(); + this->ws->init(); + this->sp = new ServiceProvider(this->ws); +} + + +VerificationManager::~VerificationManager() {} + + +VerificationManager* VerificationManager::getInstance() { + if (instance == NULL) { + instance = new VerificationManager(); + } + + return instance; +} + + +int VerificationManager::init() { + if (this->sp) { + delete this->sp; + this->sp = new ServiceProvider(this->ws); + } + + this->nm->Init(); + this->nm->connectCallbackHandler([this](string v, int type) { + return this->incomingHandler(v, type); + }); +} + + +void VerificationManager::start() { + this->nm->startService(); + Log("Remote attestation done"); +} + + +string VerificationManager::handleMSG0(Messages::MessageMsg0 msg) { + Log("MSG0 received"); + + if (msg.status() != TYPE_TERMINATE) { + uint32_t extended_epid_group_id = msg.epid(); + int ret = this->sp->sp_ra_proc_msg0_req(extended_epid_group_id); + + if (ret == 0) { + msg.set_status(TYPE_OK); + return nm->serialize(msg); + } + } else { + Log("Termination received!"); + } + + return ""; +} + + +string VerificationManager::handleMSG1(Messages::MessageMSG1 msg1) { + Log("MSG1 received"); + + Messages::MessageMSG2 msg2; + msg2.set_type(RA_MSG2); + + int ret = this->sp->sp_ra_proc_msg1_req(msg1, &msg2); + + if (ret != 0) { + Log("Error, processing MSG1 failed"); + } else { + Log("MSG1 processed correctly and MSG2 created"); + return nm->serialize(msg2); + } + + return ""; +} + + +string VerificationManager::handleMSG3(Messages::MessageMSG3 msg) { + Log("MSG3 received"); + + Messages::AttestationMessage att_msg; + att_msg.set_type(RA_ATT_RESULT); + + int ret = this->sp->sp_ra_proc_msg3_req(msg, &att_msg); + + if (ret == -1) { + Log("Error, processing MSG3 failed"); + } else { + Log("MSG3 processed correctly and attestation result created"); + return nm->serialize(att_msg); + } + + return ""; +} + + +string VerificationManager::handleAppAttOk() { + Log("APP attestation result received"); + return ""; +} + + +string VerificationManager::prepareVerificationRequest() { + Log("Prepare Verification request"); + + Messages::InitialMessage msg; + msg.set_type(RA_VERIFICATION); + + return nm->serialize(msg); +} + + +string VerificationManager::createInitMsg(int type, string msg) { + Messages::InitialMessage init_msg; + init_msg.set_type(type); + init_msg.set_size(msg.size()); + + return nm->serialize(init_msg); +} + + +vector VerificationManager::incomingHandler(string v, int type) { + vector res; + + if (!v.empty()) { + string s; + bool ret; + + switch (type) { + case RA_MSG0: { + Messages::MessageMsg0 msg0; + ret = msg0.ParseFromString(v); + if (ret && (msg0.type() == RA_MSG0)) { + s = this->handleMSG0(msg0); + res.push_back(to_string(RA_MSG0)); + } + } + break; + case RA_MSG1: { + Messages::MessageMSG1 msg1; + ret = msg1.ParseFromString(v); + if (ret && (msg1.type() == RA_MSG1)) { + s = this->handleMSG1(msg1); + res.push_back(to_string(RA_MSG2)); + } + } + break; + case RA_MSG3: { + Messages::MessageMSG3 msg3; + ret = msg3.ParseFromString(v); + if (ret && (msg3.type() == RA_MSG3)) { + s = this->handleMSG3(msg3); + res.push_back(to_string(RA_ATT_RESULT)); + } + } + break; + case RA_APP_ATT_OK: { + Messages::SecretMessage sec_msg; + ret = sec_msg.ParseFromString(v); + if (ret) { + if (sec_msg.type() == RA_APP_ATT_OK) { + this->handleAppAttOk(); + } + } + } + break; + default: + Log("Unknown type: %d", type, log::error); + break; + } + + res.push_back(s); + } else { //after handshake + res.push_back(to_string(RA_VERIFICATION)); + res.push_back(this->prepareVerificationRequest()); + } + + return res; +} + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.h new file mode 100644 index 0000000..9ae522d --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/VerificationManager.h @@ -0,0 +1,53 @@ +#ifndef VERIFICATIONMANAGER_H +#define VERIFICATIONMANAGER_H + +#include +#include +#include +#include + +#include "ServiceProvider.h" +#include "NetworkManagerClient.h" +#include "LogBase.h" +#include "Messages.pb.h" +#include "WebService.h" + +using namespace std; + +class VerificationManager { + +public: + static VerificationManager* getInstance(); + virtual ~VerificationManager(); + int init(); + vector incomingHandler(string v, int type); + void start(); + +private: + VerificationManager(); + string prepareVerificationRequest(); + string handleMSG0(Messages::MessageMsg0 m); + string handleMSG1(Messages::MessageMSG1 msg); + string handleMSG3(Messages::MessageMSG3 msg); + string createInitMsg(int type, string msg); + string handleAppAttOk(); + +private: + static VerificationManager* instance; + NetworkManagerClient *nm = NULL; + ServiceProvider *sp = NULL; + WebService *ws = NULL; +}; + +#endif + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/isv_app.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/isv_app.cpp new file mode 100644 index 0000000..de55c43 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/isv_app/isv_app.cpp @@ -0,0 +1,40 @@ +#include +#include + +#include "LogBase.h" +#include "NetworkManager.h" +#include "VerificationManager.h" +#include "UtilityFunctions.h" + +using namespace util; + +int Main(int argc, char *argv[]) { + LogBase::Inst(); + + int ret = 0; + + VerificationManager *vm = VerificationManager::getInstance(); + vm->init(); + vm->start(); + + return ret; +} + + +int main( int argc, char **argv ) { + try { + int ret = Main(argc, argv); + return ret; + } catch (std::exception & e) { + Log("exception: %s", e.what()); + } catch (...) { + Log("unexpected exception"); + } + + return -1; +} + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/sample_libcrypto/sample_libcrypto.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/sample_libcrypto/sample_libcrypto.h new file mode 100644 index 0000000..4e4de19 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/sample_libcrypto/sample_libcrypto.h @@ -0,0 +1,240 @@ +/* + * Copyright (C) 2011-2016 Intel Corporation. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * * Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * * Neither the name of Intel Corporation nor the names of its + * contributors may be used to endorse or promote products derived + * from this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** +* File: sample_libcrypto.h +* Description: +* Interface for generic crypto library APIs. +* Do NOT use this library in your actual product. +* The purpose of this sample library is to aid the debugging of a +* remote attestation service. +* To achieve that goal, the sample remote attestation application +* will use this sample library to generate reproducible messages. +*/ + +#ifndef SAMPLE_LIBCRYPTO_H +#define SAMPLE_LIBCRYPTO_H + +#include + +typedef enum sample_status_t +{ + SAMPLE_SUCCESS = 0, + + SAMPLE_ERROR_UNEXPECTED , // Unexpected error + SAMPLE_ERROR_INVALID_PARAMETER , // The parameter is incorrect + SAMPLE_ERROR_OUT_OF_MEMORY , // Not enough memory is available to complete this operation + +} sample_status_t; + +#define SAMPLE_SHA256_HASH_SIZE 32 +#define SAMPLE_ECP256_KEY_SIZE 32 +#define SAMPLE_NISTP_ECP256_KEY_SIZE (SAMPLE_ECP256_KEY_SIZE/sizeof(uint32_t)) +#define SAMPLE_AESGCM_IV_SIZE 12 +#define SAMPLE_AESGCM_KEY_SIZE 16 +#define SAMPLE_AESGCM_MAC_SIZE 16 +#define SAMPLE_CMAC_KEY_SIZE 16 +#define SAMPLE_CMAC_MAC_SIZE 16 +#define SAMPLE_AESCTR_KEY_SIZE 16 + +typedef struct sample_ec256_dh_shared_t +{ + uint8_t s[SAMPLE_ECP256_KEY_SIZE]; +} sample_ec256_dh_shared_t; + +typedef struct sample_ec256_private_t +{ + uint8_t r[SAMPLE_ECP256_KEY_SIZE]; +} sample_ec256_private_t; + +typedef struct sample_ec256_public_t +{ + uint8_t gx[SAMPLE_ECP256_KEY_SIZE]; + uint8_t gy[SAMPLE_ECP256_KEY_SIZE]; +} sample_ec256_public_t; + +typedef struct sample_ec256_signature_t +{ + uint32_t x[SAMPLE_NISTP_ECP256_KEY_SIZE]; + uint32_t y[SAMPLE_NISTP_ECP256_KEY_SIZE]; +} sample_ec256_signature_t; + +typedef void* sample_sha_state_handle_t; +typedef void* sample_cmac_state_handle_t; +typedef void* sample_ecc_state_handle_t; + +typedef uint8_t sample_sha256_hash_t[SAMPLE_SHA256_HASH_SIZE]; + +typedef uint8_t sample_aes_gcm_128bit_key_t[SAMPLE_AESGCM_KEY_SIZE]; +typedef uint8_t sample_aes_gcm_128bit_tag_t[SAMPLE_AESGCM_MAC_SIZE]; +typedef uint8_t sample_cmac_128bit_key_t[SAMPLE_CMAC_KEY_SIZE]; +typedef uint8_t sample_cmac_128bit_tag_t[SAMPLE_CMAC_MAC_SIZE]; +typedef uint8_t sample_aes_ctr_128bit_key_t[SAMPLE_AESCTR_KEY_SIZE]; + +#ifdef __cplusplus + #define EXTERN_C extern "C" +#else + #define EXTERN_C +#endif + + #define SAMPLE_LIBCRYPTO_API EXTERN_C + +/* Rijndael AES-GCM +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Inputs: sample_aes_gcm_128bit_key_t *p_key - Pointer to key used in encryption/decryption operation +* uint8_t *p_src - Pointer to input stream to be encrypted/decrypted +* uint32_t src_len - Length of input stream to be encrypted/decrypted +* uint8_t *p_iv - Pointer to initialization vector to use +* uint32_t iv_len - Length of initialization vector +* uint8_t *p_aad - Pointer to input stream of additional authentication data +* uint32_t aad_len - Length of additional authentication data stream +* sample_aes_gcm_128bit_tag_t *p_in_mac - Pointer to expected MAC in decryption process +* Output: uint8_t *p_dst - Pointer to cipher text. Size of buffer should be >= src_len. +* sample_aes_gcm_128bit_tag_t *p_out_mac - Pointer to MAC generated from encryption process +* NOTE: Wrapper is responsible for confirming decryption tag matches encryption tag */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_rijndael128GCM_encrypt(const sample_aes_gcm_128bit_key_t *p_key, const uint8_t *p_src, uint32_t src_len, + uint8_t *p_dst, const uint8_t *p_iv, uint32_t iv_len, const uint8_t *p_aad, uint32_t aad_len, + sample_aes_gcm_128bit_tag_t *p_out_mac); + +/* Message Authentication - Rijndael 128 CMAC +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Inputs: sample_cmac_128bit_key_t *p_key - Pointer to key used in encryption/decryption operation +* uint8_t *p_src - Pointer to input stream to be MAC +* uint32_t src_len - Length of input stream to be MAC +* Output: sample_cmac_gcm_128bit_tag_t *p_mac - Pointer to resultant MAC */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_rijndael128_cmac_msg(const sample_cmac_128bit_key_t *p_key, const uint8_t *p_src, + uint32_t src_len, sample_cmac_128bit_tag_t *p_mac); + + + +/* +* Elliptic Curve Crytpography - Based on GF(p), 256 bit +*/ +/* Allocates and initializes ecc context +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS or failure as defined SAMPLE_Error.h. +* Output: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_ecc256_open_context(sample_ecc_state_handle_t* ecc_handle); + +/* Cleans up ecc context +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS or failure as defined SAMPLE_Error.h. +* Output: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_ecc256_close_context(sample_ecc_state_handle_t ecc_handle); + +/* Populates private/public key pair - caller code allocates memory +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system +* Outputs: sample_ec256_private_t *p_private - Pointer to the private key +* sample_ec256_public_t *p_public - Pointer to the public key */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_ecc256_create_key_pair(sample_ec256_private_t *p_private, + sample_ec256_public_t *p_public, + sample_ecc_state_handle_t ecc_handle); + +/* Computes DH shared key based on private B key (local) and remote public Ga Key +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Inputs: sample_ecc_state_handle_t ecc_handle - Handle to ECC crypto system +* sample_ec256_private_t *p_private_b - Pointer to the local private key - LITTLE ENDIAN +* sample_ec256_public_t *p_public_ga - Pointer to the remote public key - LITTLE ENDIAN +* Output: sample_ec256_dh_shared_t *p_shared_key - Pointer to the shared DH key - LITTLE ENDIAN +x-coordinate of (privKeyB - pubKeyA) */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_ecc256_compute_shared_dhkey(sample_ec256_private_t *p_private_b, + sample_ec256_public_t *p_public_ga, + sample_ec256_dh_shared_t *p_shared_key, + sample_ecc_state_handle_t ecc_handle); + + +/* Computes signature for data based on private key +* +* A message digest is a fixed size number derived from the original message with +* an applied hash function over the binary code of the message. (SHA256 in this case) +* The signer's private key and the message digest are used to create a signature. +* +* A digital signature over a message consists of a pair of large numbers, 256-bits each, +* which the given function computes. +* +* The scheme used for computing a digital signature is of the ECDSA scheme, +* an elliptic curve of the DSA scheme. +* +* The keys can be generated and set up by the function: sgx_ecc256_create_key_pair. +* +* The elliptic curve domain parameters must be created by function: +* sample_ecc256_open_context +* +* Return: If context, private key, signature or data pointer is NULL, +* SAMPLE_ERROR_INVALID_PARAMETER is returned. +* If the signature creation process fails then SAMPLE_ERROR_UNEXPECTED is returned. +* +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS, success, error code otherwise. +* Inputs: sample_ecc_state_handle_t ecc_handle - Handle to the ECC crypto system +* sample_ec256_private_t *p_private - Pointer to the private key - LITTLE ENDIAN +* uint8_t *p_data - Pointer to the data to be signed +* uint32_t data_size - Size of the data to be signed +* Output: ec256_signature_t *p_signature - Pointer to the signature - LITTLE ENDIAN */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_ecdsa_sign(const uint8_t *p_data, + uint32_t data_size, + sample_ec256_private_t *p_private, + sample_ec256_signature_t *p_signature, + sample_ecc_state_handle_t ecc_handle); + +/* Allocates and initializes sha256 state +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Output: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_sha256_init(sample_sha_state_handle_t* p_sha_handle); + +/* Updates sha256 has calculation based on the input message +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS or failure. +* Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state +* uint8_t *p_src - Pointer to the input stream to be hashed +* uint32_t src_len - Length of the input stream to be hashed */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_sha256_update(const uint8_t *p_src, uint32_t src_len, sample_sha_state_handle_t sha_handle); + +/* Returns Hash calculation +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state +* Output: sample_sha256_hash_t *p_hash - Resultant hash from operation */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_sha256_get_hash(sample_sha_state_handle_t sha_handle, sample_sha256_hash_t *p_hash); + +/* Cleans up sha state +* Parameters: +* Return: sample_status_t - SAMPLE_SUCCESS on success, error code otherwise. +* Input: sample_sha_state_handle_t sha_handle - Handle to the SHA256 state */ +SAMPLE_LIBCRYPTO_API sample_status_t sample_sha256_close(sample_sha_state_handle_t sha_handle); + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.cpp new file mode 100644 index 0000000..46ca84f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.cpp @@ -0,0 +1,557 @@ +#include "ServiceProvider.h" +#include "sample_libcrypto.h" +#include "../GeneralSettings.h" +#include "sgx_tcrypto.h" + +// This is the private EC key of SP, the corresponding public EC key is +// hard coded in isv_enclave. It is based on NIST P-256 curve. +static const sample_ec256_private_t g_sp_priv_key = { + { + 0x90, 0xe7, 0x6c, 0xbb, 0x2d, 0x52, 0xa1, 0xce, + 0x3b, 0x66, 0xde, 0x11, 0x43, 0x9c, 0x87, 0xec, + 0x1f, 0x86, 0x6a, 0x3b, 0x65, 0xb6, 0xae, 0xea, + 0xad, 0x57, 0x34, 0x53, 0xd1, 0x03, 0x8c, 0x01 + } +}; + +ServiceProvider::ServiceProvider(WebService *ws) : ws(ws) {} + +ServiceProvider::~ServiceProvider() {} + + +int ServiceProvider::sp_ra_proc_msg0_req(const uint32_t id) { + int ret = -1; + + if (!this->g_is_sp_registered || (this->extended_epid_group_id != id)) { + Log("Received extended EPID group ID: %d", id); + + extended_epid_group_id = id; + this->g_is_sp_registered = true; + ret = SP_OK; + } + + return ret; +} + + +int ServiceProvider::sp_ra_proc_msg1_req(Messages::MessageMSG1 msg1, Messages::MessageMSG2 *msg2) { + ra_samp_response_header_t **pp_msg2; + int ret = 0; + ra_samp_response_header_t* p_msg2_full = NULL; + sgx_ra_msg2_t *p_msg2 = NULL; + sample_ecc_state_handle_t ecc_state = NULL; + sample_status_t sample_ret = SAMPLE_SUCCESS; + bool derive_ret = false; + + if (!g_is_sp_registered) { + return SP_UNSUPPORTED_EXTENDED_EPID_GROUP; + } + + do { + //===================== RETRIEVE SIGRL FROM IAS ======================= + uint8_t GID[4]; + + for (int i=0; i<4; i++) + GID[i] = msg1.gid(i); + + reverse(begin(GID), end(GID)); + + string sigRl; + bool error = false; + error = this->ws->getSigRL(ByteArrayToString(GID, 4), &sigRl); + + if (error) + return SP_RETRIEVE_SIGRL_ERROR; + + uint8_t *sig_rl; + uint32_t sig_rl_size = StringToByteArray(sigRl, &sig_rl); + //===================================================================== + + uint8_t gaXLittleEndian[32]; + uint8_t gaYLittleEndian[32]; + + for (int i=0; i<32; i++) { + gaXLittleEndian[i] = msg1.gax(i); + gaYLittleEndian[i] = msg1.gay(i); + } + + sample_ec256_public_t client_pub_key = {{0},{0}}; + + for (int x=0; xtype = RA_MSG2; + p_msg2_full->size = msg2_size; + + p_msg2_full->status[0] = 0; + p_msg2_full->status[1] = 0; + p_msg2 = (sgx_ra_msg2_t *) p_msg2_full->body; + + + uint8_t *spidBa; + HexStringToByteArray(Settings::spid, &spidBa); + + for (int i=0; i<16; i++) + p_msg2->spid.id[i] = spidBa[i]; + + + // Assemble MSG2 + if(memcpy_s(&p_msg2->g_b, sizeof(p_msg2->g_b), &g_sp_db.g_b, sizeof(g_sp_db.g_b))) { + Log("Error, memcpy failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + p_msg2->quote_type = SAMPLE_QUOTE_LINKABLE_SIGNATURE; + p_msg2->kdf_id = AES_CMAC_KDF_ID; + + // Create gb_ga + sgx_ec256_public_t gb_ga[2]; + if (memcpy_s(&gb_ga[0], sizeof(gb_ga[0]), &g_sp_db.g_b, sizeof(g_sp_db.g_b)) || + memcpy_s(&gb_ga[1], sizeof(gb_ga[1]), &g_sp_db.g_a, sizeof(g_sp_db.g_a))) { + Log("Error, memcpy failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + // Sign gb_ga + sample_ret = sample_ecdsa_sign((uint8_t *)&gb_ga, sizeof(gb_ga), + (sample_ec256_private_t *)&g_sp_priv_key, + (sample_ec256_signature_t *)&p_msg2->sign_gb_ga, + ecc_state); + + if (SAMPLE_SUCCESS != sample_ret) { + Log("Error, sign ga_gb fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + + // Generate the CMACsmk for gb||SPID||TYPE||KDF_ID||Sigsp(gb,ga) + uint8_t mac[SAMPLE_EC_MAC_SIZE] = {0}; + uint32_t cmac_size = offsetof(sgx_ra_msg2_t, mac); + sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.smk_key, (uint8_t *)&p_msg2->g_b, cmac_size, &mac); + + if (SAMPLE_SUCCESS != sample_ret) { + Log("Error, cmac fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + if (memcpy_s(&p_msg2->mac, sizeof(p_msg2->mac), mac, sizeof(mac))) { + Log("Error, memcpy failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + if (memcpy_s(&p_msg2->sig_rl[0], sig_rl_size, sig_rl, sig_rl_size)) { + Log("Error, memcpy failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + p_msg2->sig_rl_size = sig_rl_size; + + } while(0); + + + if (ret) { + *pp_msg2 = NULL; + SafeFree(p_msg2_full); + } else { + + //================= SET MSG2 Fields ================ + msg2->set_size(p_msg2_full->size); + + for (auto x : p_msg2->g_b.gx) + msg2->add_public_key_gx(x); + + for (auto x : p_msg2->g_b.gy) + msg2->add_public_key_gy(x); + + for (auto x : p_msg2->spid.id) + msg2->add_spid(x); + + msg2->set_quote_type(SAMPLE_QUOTE_LINKABLE_SIGNATURE); + msg2->set_cmac_kdf_id(AES_CMAC_KDF_ID); + + for (auto x : p_msg2->sign_gb_ga.x) { + msg2->add_signature_x(x); + } + + for (auto x : p_msg2->sign_gb_ga.y) + msg2->add_signature_y(x); + + for (auto x : p_msg2->mac) + msg2->add_smac(x); + + msg2->set_size_sigrl(p_msg2->sig_rl_size); + + for (int i=0; isig_rl_size; i++) + msg2->add_sigrl(p_msg2->sig_rl[i]); + //===================================================== + } + + if (ecc_state) { + sample_ecc256_close_context(ecc_state); + } + + return ret; +} + + +sgx_ra_msg3_t* ServiceProvider::assembleMSG3(Messages::MessageMSG3 msg) { + sgx_ra_msg3_t *p_msg3 = (sgx_ra_msg3_t*) malloc(msg.size()); + + for (int i=0; imac[i] = msg.sgx_mac(i); + + for (int i=0; ig_a.gx[i] = msg.gax_msg3(i); + p_msg3->g_a.gy[i] = msg.gay_msg3(i); + } + + for (int i=0; i<256; i++) + p_msg3->ps_sec_prop.sgx_ps_sec_prop_desc[i] = msg.sec_property(i); + + for (int i=0; i<1116; i++) + p_msg3->quote[i] = msg.quote(i); + + return p_msg3; +} + + + +// Process remote attestation message 3 +int ServiceProvider::sp_ra_proc_msg3_req(Messages::MessageMSG3 msg, Messages::AttestationMessage *att_msg) { + int ret = 0; + sample_status_t sample_ret = SAMPLE_SUCCESS; + const uint8_t *p_msg3_cmaced = NULL; + sgx_quote_t *p_quote = NULL; + sample_sha_state_handle_t sha_handle = NULL; + sample_report_data_t report_data = {0}; + sample_ra_att_result_msg_t *p_att_result_msg = NULL; + ra_samp_response_header_t* p_att_result_msg_full = NULL; + uint32_t i; + sgx_ra_msg3_t *p_msg3 = NULL; + uint32_t att_result_msg_size; + int len_hmac_nonce = 0; + + p_msg3 = assembleMSG3(msg); + + // Check to see if we have registered? + if (!g_is_sp_registered) { + Log("Unsupported extended EPID group", log::error); + return -1; + } + + do { + // Compare g_a in message 3 with local g_a. + if (memcmp(&g_sp_db.g_a, &p_msg3->g_a, sizeof(sgx_ec256_public_t))) { + Log("Error, g_a is not same", log::error); + ret = SP_PROTOCOL_ERROR; + break; + } + + //Make sure that msg3_size is bigger than sample_mac_t. + uint32_t mac_size = msg.size() - sizeof(sample_mac_t); + p_msg3_cmaced = reinterpret_cast(p_msg3); + p_msg3_cmaced += sizeof(sample_mac_t); + + // Verify the message mac using SMK + sample_cmac_128bit_tag_t mac = {0}; + sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.smk_key, p_msg3_cmaced, mac_size, &mac); + + if (SAMPLE_SUCCESS != sample_ret) { + Log("Error, cmac fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + if (memcmp(&p_msg3->mac, mac, sizeof(mac))) { + Log("Error, verify cmac fail", log::error); + ret = SP_INTEGRITY_FAILED; + break; + } + + if (memcpy_s(&g_sp_db.ps_sec_prop, sizeof(g_sp_db.ps_sec_prop), &p_msg3->ps_sec_prop, sizeof(p_msg3->ps_sec_prop))) { + Log("Error, memcpy fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + p_quote = (sgx_quote_t *) p_msg3->quote; + + + // Verify the report_data in the Quote matches the expected value. + // The first 32 bytes of report_data are SHA256 HASH of {ga|gb|vk}. + // The second 32 bytes of report_data are set to zero. + sample_ret = sample_sha256_init(&sha_handle); + if (sample_ret != SAMPLE_SUCCESS) { + Log("Error, init hash failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.g_a), sizeof(g_sp_db.g_a), sha_handle); + if (sample_ret != SAMPLE_SUCCESS) { + Log("Error, udpate hash failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.g_b), sizeof(g_sp_db.g_b), sha_handle); + if (sample_ret != SAMPLE_SUCCESS) { + Log("Error, udpate hash failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + sample_ret = sample_sha256_update((uint8_t *)&(g_sp_db.vk_key), sizeof(g_sp_db.vk_key), sha_handle); + if (sample_ret != SAMPLE_SUCCESS) { + Log("Error, udpate hash failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + sample_ret = sample_sha256_get_hash(sha_handle, (sample_sha256_hash_t *)&report_data); + if (sample_ret != SAMPLE_SUCCESS) { + Log("Error, Get hash failed", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + if (memcmp((uint8_t *)&report_data, (uint8_t *)&(p_quote->report_body.report_data), sizeof(report_data))) { + Log("Error, verify hash failed", log::error); + ret = SP_INTEGRITY_FAILED; + break; + } + + // Verify quote with attestation server. + ias_att_report_t attestation_report = {0}; + ret = ias_verify_attestation_evidence(p_msg3->quote, p_msg3->ps_sec_prop.sgx_ps_sec_prop_desc, &attestation_report, ws); + + if (0 != ret) { + ret = SP_IAS_FAILED; + break; + } + + Log("Atestation Report:"); + Log("\tid: %s", attestation_report.id); + Log("\tstatus: %d", attestation_report.status); + Log("\trevocation_reason: %u", attestation_report.revocation_reason); + Log("\tpse_status: %d", attestation_report.pse_status); + + Log("Enclave Report:"); + Log("\tSignature Type: 0x%x", p_quote->sign_type); + Log("\tSignature Basename: %s", ByteArrayToNoHexString(p_quote->basename.name, 32)); + Log("\tattributes.flags: 0x%0lx", p_quote->report_body.attributes.flags); + Log("\tattributes.xfrm: 0x%0lx", p_quote->report_body.attributes.xfrm); + Log("\tmr_enclave: %s", ByteArrayToString(p_quote->report_body.mr_enclave.m, SGX_HASH_SIZE)); + Log("\tmr_signer: %s", ByteArrayToString(p_quote->report_body.mr_signer.m, SGX_HASH_SIZE)); + Log("\tisv_prod_id: 0x%0x", p_quote->report_body.isv_prod_id); + Log("\tisv_svn: 0x%0x", p_quote->report_body.isv_svn); + + + // Respond the client with the results of the attestation. + att_result_msg_size = sizeof(sample_ra_att_result_msg_t); + + p_att_result_msg_full = (ra_samp_response_header_t*) malloc(att_result_msg_size + sizeof(ra_samp_response_header_t) + sizeof(validation_result)); + if (!p_att_result_msg_full) { + Log("Error, out of memory", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + memset(p_att_result_msg_full, 0, att_result_msg_size + sizeof(ra_samp_response_header_t) + sizeof(validation_result)); + p_att_result_msg_full->type = RA_ATT_RESULT; + p_att_result_msg_full->size = att_result_msg_size; + + if (IAS_QUOTE_OK != attestation_report.status) { + p_att_result_msg_full->status[0] = 0xFF; + } + + if (IAS_PSE_OK != attestation_report.pse_status) { + p_att_result_msg_full->status[1] = 0xFF; + } + + p_att_result_msg = (sample_ra_att_result_msg_t *)p_att_result_msg_full->body; + + bool isv_policy_passed = true; + + p_att_result_msg->platform_info_blob = attestation_report.info_blob; + + // Generate mac based on the mk key. + mac_size = sizeof(ias_platform_info_blob_t); + sample_ret = sample_rijndael128_cmac_msg(&g_sp_db.mk_key, + (const uint8_t*)&p_att_result_msg->platform_info_blob, + mac_size, + &p_att_result_msg->mac); + + if (SAMPLE_SUCCESS != sample_ret) { + Log("Error, cmac fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + // Generate shared secret and encrypt it with SK, if attestation passed. + uint8_t aes_gcm_iv[SAMPLE_SP_IV_SIZE] = {0}; + p_att_result_msg->secret.payload_size = MAX_VERIFICATION_RESULT; + + if ((IAS_QUOTE_OK == attestation_report.status) && + (IAS_PSE_OK == attestation_report.pse_status) && + (isv_policy_passed == true)) { + memset(validation_result, '\0', MAX_VERIFICATION_RESULT); + validation_result[0] = 0; + validation_result[1] = 1; + + ret = sample_rijndael128GCM_encrypt(&g_sp_db.sk_key, + &validation_result[0], + p_att_result_msg->secret.payload_size, + p_att_result_msg->secret.payload, + &aes_gcm_iv[0], + SAMPLE_SP_IV_SIZE, + NULL, + 0, + &p_att_result_msg->secret.payload_tag); + } + + } while(0); + + if (ret) { + SafeFree(p_att_result_msg_full); + return -1; + } else { + att_msg->set_size(att_result_msg_size); + + ias_platform_info_blob_t platform_info_blob = p_att_result_msg->platform_info_blob; + att_msg->set_epid_group_status(platform_info_blob.sample_epid_group_status); + att_msg->set_tcb_evaluation_status(platform_info_blob.sample_tcb_evaluation_status); + att_msg->set_pse_evaluation_status(platform_info_blob.pse_evaluation_status); + + for (int i=0; iadd_latest_equivalent_tcb_psvn(platform_info_blob.latest_equivalent_tcb_psvn[i]); + + for (int i=0; iadd_latest_pse_isvsvn(platform_info_blob.latest_pse_isvsvn[i]); + + for (int i=0; iadd_latest_psda_svn(platform_info_blob.latest_psda_svn[i]); + + for (int i=0; iadd_performance_rekey_gid(platform_info_blob.performance_rekey_gid[i]); + + for (int i=0; iadd_ec_sign256_x(platform_info_blob.signature.x[i]); + att_msg->add_ec_sign256_y(platform_info_blob.signature.y[i]); + } + + for (int i=0; iadd_mac_smk(p_att_result_msg->mac[i]); + + att_msg->set_result_size(p_att_result_msg->secret.payload_size); + + for (int i=0; i<12; i++) + att_msg->add_reserved(p_att_result_msg->secret.reserved[i]); + + for (int i=0; i<16; i++) + att_msg->add_payload_tag(p_att_result_msg->secret.payload_tag[i]); + + for (int i=0; isecret.payload_size; i++) + att_msg->add_payload(p_att_result_msg->secret.payload[i]); + } + + return ret; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.h new file mode 100644 index 0000000..19df038 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ServiceProvider.h @@ -0,0 +1,85 @@ +#ifndef SERVICE_PROVIDER_H +#define SERVICE_PROVIDER_H + +#include +#include +#include // std::reverse +#include +#include +#include +#include +#include +#include + +#include "Messages.pb.h" +#include "UtilityFunctions.h" +#include "LogBase.h" +#include "Network_def.h" +#include "WebService.h" + +#include "remote_attestation_result.h" +#include "sgx_key_exchange.h" +#include "ias_ra.h" + +using namespace std; + +#define DH_HALF_KEY_LEN 32 +#define DH_SHARED_KEY_LEN 32 +#define SAMPLE_SP_IV_SIZE 12 + + +enum sp_ra_msg_status_t { + SP_OK, + SP_UNSUPPORTED_EXTENDED_EPID_GROUP, + SP_INTEGRITY_FAILED, + SP_QUOTE_VERIFICATION_FAILED, + SP_IAS_FAILED, + SP_INTERNAL_ERROR, + SP_PROTOCOL_ERROR, + SP_QUOTE_VERSION_ERROR, + SP_RETRIEVE_SIGRL_ERROR +}; + +typedef struct _sp_db_item_t { + sgx_ec256_public_t g_a; + sgx_ec256_public_t g_b; + sgx_ec_key_128bit_t vk_key; // Shared secret key for the REPORT_DATA + sgx_ec_key_128bit_t mk_key; // Shared secret key for generating MAC's + sgx_ec_key_128bit_t sk_key; // Shared secret key for encryption + sgx_ec_key_128bit_t smk_key; // Used only for SIGMA protocol + sample_ec_priv_t b; + sgx_ps_sec_prop_desc_t ps_sec_prop; +} sp_db_item_t; + + +class ServiceProvider { + +public: + ServiceProvider(WebService *ws); + virtual ~ServiceProvider(); + int sp_ra_proc_msg0_req(const uint32_t extended_epid_group_id); + int sp_ra_proc_msg1_req(Messages::MessageMSG1 msg1, Messages::MessageMSG2 *msg2); + int sp_ra_proc_msg3_req(Messages::MessageMSG3 msg, Messages::AttestationMessage *att_msg); + sgx_ra_msg3_t* assembleMSG3(Messages::MessageMSG3 msg); + int sp_ra_proc_app_att_hmac(Messages::SecretMessage *new_msg, string hmac_key, string hmac_key_filename); + +private: + WebService *ws = NULL; + bool g_is_sp_registered = false; + uint32_t extended_epid_group_id; + sp_db_item_t g_sp_db; + const uint16_t AES_CMAC_KDF_ID = 0x0001; + uint8_t validation_result[MAX_VERIFICATION_RESULT]; +}; + +#endif + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.cpp new file mode 100644 index 0000000..edf5325 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.cpp @@ -0,0 +1,209 @@ +#include +#include +#include "ecp.h" + +#include "sample_libcrypto.h" + + +#define MAC_KEY_SIZE 16 + +errno_t memcpy_s( + void *dest, + size_t numberOfElements, + const void *src, + size_t count) { + if(numberOfElementss[sizeof(p_shared_key->s) - 1 - i]; + } + + sample_ret = sample_sha256_init(&sha_context); + if (sample_ret != SAMPLE_SUCCESS) { + return false; + } + sample_ret = sample_sha256_update((uint8_t*)&hash_buffer, sizeof(hash_buffer_t), sha_context); + if (sample_ret != SAMPLE_SUCCESS) { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_update((uint8_t*)ID_U, sizeof(ID_U), sha_context); + if (sample_ret != SAMPLE_SUCCESS) { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_update((uint8_t*)ID_V, sizeof(ID_V), sha_context); + if (sample_ret != SAMPLE_SUCCESS) { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_get_hash(sha_context, &key_material); + if (sample_ret != SAMPLE_SUCCESS) { + sample_sha256_close(sha_context); + return false; + } + sample_ret = sample_sha256_close(sha_context); + + static_assert(sizeof(sample_ec_key_128bit_t)* 2 == sizeof(sample_sha256_hash_t), "structure size mismatch."); + memcpy(first_derived_key, &key_material, sizeof(sample_ec_key_128bit_t)); + memcpy(second_derived_key, (uint8_t*)&key_material + sizeof(sample_ec_key_128bit_t), sizeof(sample_ec_key_128bit_t)); + + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_material, 0, sizeof(sample_sha256_hash_t)); + + return true; +} + +#else + +#pragma message ("Default key derivation function is used.") + +#define EC_DERIVATION_BUFFER_SIZE(label_length) ((label_length) +4) + +const char str_SMK[] = "SMK"; +const char str_SK[] = "SK"; +const char str_MK[] = "MK"; +const char str_VK[] = "VK"; + +// Derive key from shared key and key id. +// key id should be sample_derive_key_type_t. +bool derive_key( + const sample_ec_dh_shared_t *p_shared_key, + uint8_t key_id, + sample_ec_key_128bit_t* derived_key) { + sample_status_t sample_ret = SAMPLE_SUCCESS; + uint8_t cmac_key[MAC_KEY_SIZE]; + sample_ec_key_128bit_t key_derive_key; + + memset(&cmac_key, 0, MAC_KEY_SIZE); + + sample_ret = sample_rijndael128_cmac_msg( + (sample_cmac_128bit_key_t *)&cmac_key, + (uint8_t*)p_shared_key, + sizeof(sample_ec_dh_shared_t), + (sample_cmac_128bit_tag_t *)&key_derive_key); + if (sample_ret != SAMPLE_SUCCESS) { + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_derive_key, 0, sizeof(key_derive_key)); + return false; + } + + const char *label = NULL; + uint32_t label_length = 0; + switch (key_id) { + case SAMPLE_DERIVE_KEY_SMK: + label = str_SMK; + label_length = sizeof(str_SMK) -1; + break; + case SAMPLE_DERIVE_KEY_SK: + label = str_SK; + label_length = sizeof(str_SK) -1; + break; + case SAMPLE_DERIVE_KEY_MK: + label = str_MK; + label_length = sizeof(str_MK) -1; + break; + case SAMPLE_DERIVE_KEY_VK: + label = str_VK; + label_length = sizeof(str_VK) -1; + break; + default: + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_derive_key, 0, sizeof(key_derive_key)); + return false; + break; + } + /* derivation_buffer = counter(0x01) || label || 0x00 || output_key_len(0x0080) */ + uint32_t derivation_buffer_length = EC_DERIVATION_BUFFER_SIZE(label_length); + uint8_t *p_derivation_buffer = (uint8_t *)malloc(derivation_buffer_length); + if (p_derivation_buffer == NULL) { + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_derive_key, 0, sizeof(key_derive_key)); + return false; + } + memset(p_derivation_buffer, 0, derivation_buffer_length); + + /*counter = 0x01 */ + p_derivation_buffer[0] = 0x01; + /*label*/ + memcpy(&p_derivation_buffer[1], label, label_length); + /*output_key_len=0x0080*/ + uint16_t *key_len = (uint16_t *)(&(p_derivation_buffer[derivation_buffer_length - 2])); + *key_len = 0x0080; + + + sample_ret = sample_rijndael128_cmac_msg( + (sample_cmac_128bit_key_t *)&key_derive_key, + p_derivation_buffer, + derivation_buffer_length, + (sample_cmac_128bit_tag_t *)derived_key); + free(p_derivation_buffer); + // memset here can be optimized away by compiler, so please use memset_s on + // windows for production code and similar functions on other OSes. + memset(&key_derive_key, 0, sizeof(key_derive_key)); + if (sample_ret != SAMPLE_SUCCESS) { + return false; + } + return true; +} +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.h new file mode 100644 index 0000000..617757b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ecp.h @@ -0,0 +1,79 @@ +#ifndef _ECP_H +#define _ECP_H + +#include +#include + +#include "remote_attestation_result.h" + +#ifndef SAMPLE_FEBITSIZE +#define SAMPLE_FEBITSIZE 256 +#endif + +#define SAMPLE_ECP_KEY_SIZE (SAMPLE_FEBITSIZE/8) + +typedef struct sample_ec_priv_t { + uint8_t r[SAMPLE_ECP_KEY_SIZE]; +} sample_ec_priv_t; + +typedef struct sample_ec_dh_shared_t { + uint8_t s[SAMPLE_ECP_KEY_SIZE]; +} sample_ec_dh_shared_t; + +typedef uint8_t sample_ec_key_128bit_t[16]; + +#define SAMPLE_EC_MAC_SIZE 16 + +#ifdef __cplusplus +extern "C" { +#endif + + +#ifndef _ERRNO_T_DEFINED +#define _ERRNO_T_DEFINED +typedef int errno_t; +#endif +errno_t memcpy_s(void *dest, size_t numberOfElements, const void *src, + size_t count); + + +#ifdef SUPPLIED_KEY_DERIVATION + +typedef enum _sample_derive_key_type_t { + SAMPLE_DERIVE_KEY_SMK_SK = 0, + SAMPLE_DERIVE_KEY_MK_VK, +} sample_derive_key_type_t; + +bool derive_key( + const sample_ec_dh_shared_t *p_shared_key, + uint8_t key_id, + sample_ec_key_128bit_t *first_derived_key, + sample_ec_key_128bit_t *second_derived_key); + +#else + +typedef enum _sample_derive_key_type_t { + SAMPLE_DERIVE_KEY_SMK = 0, + SAMPLE_DERIVE_KEY_SK, + SAMPLE_DERIVE_KEY_MK, + SAMPLE_DERIVE_KEY_VK, +} sample_derive_key_type_t; + +bool derive_key( + const sample_ec_dh_shared_t *p_shared_key, + uint8_t key_id, + sample_ec_key_128bit_t *derived_key); + +#endif + +bool verify_cmac128( + sample_ec_key_128bit_t mac_key, + const uint8_t *p_data_buf, + uint32_t buf_size, + const uint8_t *p_mac_buf); +#ifdef __cplusplus +} +#endif + +#endif + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.cpp new file mode 100644 index 0000000..5cd4ec3 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.cpp @@ -0,0 +1,177 @@ +#include "ServiceProvider.h" +#include "sample_libcrypto.h" +#include "ecp.h" +#include +#include +#include +#include +#include +#include "ias_ra.h" +#include "UtilityFunctions.h" + +using namespace std; + +#if !defined(SWAP_ENDIAN_DW) +#define SWAP_ENDIAN_DW(dw) ((((dw) & 0x000000ff) << 24) \ + | (((dw) & 0x0000ff00) << 8) \ + | (((dw) & 0x00ff0000) >> 8) \ + | (((dw) & 0xff000000) >> 24)) +#endif +#if !defined(SWAP_ENDIAN_32B) +#define SWAP_ENDIAN_32B(ptr) \ +{\ + unsigned int temp = 0; \ + temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[0]); \ + ((unsigned int*)(ptr))[0] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[7]); \ + ((unsigned int*)(ptr))[7] = temp; \ + temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[1]); \ + ((unsigned int*)(ptr))[1] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[6]); \ + ((unsigned int*)(ptr))[6] = temp; \ + temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[2]); \ + ((unsigned int*)(ptr))[2] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[5]); \ + ((unsigned int*)(ptr))[5] = temp; \ + temp = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[3]); \ + ((unsigned int*)(ptr))[3] = SWAP_ENDIAN_DW(((unsigned int*)(ptr))[4]); \ + ((unsigned int*)(ptr))[4] = temp; \ +} +#endif + +// This is the ECDSA NIST P-256 private key used to sign platform_info_blob. +// This private +// key and the public key in SDK untrusted KElibrary should be a temporary key +// pair. For production parts an attestation server will sign the platform_info_blob with the +// production private key and the SDK untrusted KE library will have the public +// key for verifcation. + +static const sample_ec256_private_t g_rk_priv_key = { + { + 0x63,0x2c,0xd4,0x02,0x7a,0xdc,0x56,0xa5, + 0x59,0x6c,0x44,0x3e,0x43,0xca,0x4e,0x0b, + 0x58,0xcd,0x78,0xcb,0x3c,0x7e,0xd5,0xb9, + 0xf2,0x91,0x5b,0x39,0x0d,0xb3,0xb5,0xfb + } +}; + + +// Simulates the attestation server function for verifying the quote produce by +// the ISV enclave. It doesn't decrypt or verify the quote in +// the simulation. Just produces the attestaion verification +// report with the platform info blob. +// +// @param p_isv_quote Pointer to the quote generated by the ISV +// enclave. +// @param pse_manifest Pointer to the PSE manifest if used. +// @param p_attestation_verification_report Pointer the outputed +// verification report. +// +// @return int + +int ias_verify_attestation_evidence( + uint8_t *p_isv_quote, + uint8_t* pse_manifest, + ias_att_report_t* p_attestation_verification_report, + WebService *ws) { + int ret = 0; + sample_ecc_state_handle_t ecc_state = NULL; + + vector> result; + bool error = ws->verifyQuote(p_isv_quote, pse_manifest, NULL, &result); + + + if (error || (NULL == p_isv_quote) || (NULL == p_attestation_verification_report)) { + return -1; + } + + string report_id; + uintmax_t test; + ias_quote_status_t quoteStatus; + string timestamp, epidPseudonym, isvEnclaveQuoteStatus; + + for (auto x : result) { + if (x.first == "id") { + report_id = x.second; + } else if (x.first == "timestamp") { + timestamp = x.second; + } else if (x.first == "epidPseudonym") { + epidPseudonym = x.second; + } else if (x.first == "isvEnclaveQuoteStatus") { + if (x.second == "OK") + quoteStatus = IAS_QUOTE_OK; + else if (x.second == "SIGNATURE_INVALID") + quoteStatus = IAS_QUOTE_SIGNATURE_INVALID; + else if (x.second == "GROUP_REVOKED") + quoteStatus = IAS_QUOTE_GROUP_REVOKED; + else if (x.second == "SIGNATURE_REVOKED") + quoteStatus = IAS_QUOTE_SIGNATURE_REVOKED; + else if (x.second == "KEY_REVOKED") + quoteStatus = IAS_QUOTE_KEY_REVOKED; + else if (x.second == "SIGRL_VERSION_MISMATCH") + quoteStatus = IAS_QUOTE_SIGRL_VERSION_MISMATCH; + else if (x.second == "GROUP_OUT_OF_DATE") + quoteStatus = IAS_QUOTE_GROUP_OUT_OF_DATE; + } + } + + report_id.copy(p_attestation_verification_report->id, report_id.size()); + p_attestation_verification_report->status = quoteStatus; + p_attestation_verification_report->revocation_reason = IAS_REVOC_REASON_NONE; + + //this is only sent back from the IAS if something bad happened for reference please see + //https://software.intel.com/sites/default/files/managed/3d/c8/IAS_1_0_API_spec_1_1_Final.pdf + //for testing purposes we assume the world is nice and sunny + p_attestation_verification_report->info_blob.sample_epid_group_status = + 0 << IAS_EPID_GROUP_STATUS_REVOKED_BIT_POS + | 0 << IAS_EPID_GROUP_STATUS_REKEY_AVAILABLE_BIT_POS; + p_attestation_verification_report->info_blob.sample_tcb_evaluation_status = + 0 << IAS_TCB_EVAL_STATUS_CPUSVN_OUT_OF_DATE_BIT_POS + | 0 << IAS_TCB_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS; + p_attestation_verification_report->info_blob.pse_evaluation_status = + 0 << IAS_PSE_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS + | 0 << IAS_PSE_EVAL_STATUS_EPID_GROUP_REVOKED_BIT_POS + | 0 << IAS_PSE_EVAL_STATUS_PSDASVN_OUT_OF_DATE_BIT_POS + | 0 << IAS_PSE_EVAL_STATUS_SIGRL_OUT_OF_DATE_BIT_POS + | 0 << IAS_PSE_EVAL_STATUS_PRIVRL_OUT_OF_DATE_BIT_POS; + + memset(p_attestation_verification_report->info_blob.latest_equivalent_tcb_psvn, 0, PSVN_SIZE); + memset(p_attestation_verification_report->info_blob.latest_pse_isvsvn, 0, ISVSVN_SIZE); + memset(p_attestation_verification_report->info_blob.latest_psda_svn, 0, PSDA_SVN_SIZE); + memset(p_attestation_verification_report->info_blob.performance_rekey_gid, 0, GID_SIZE); + + // Generate the Service providers ECCDH key pair. + do { + ret = sample_ecc256_open_context(&ecc_state); + if (SAMPLE_SUCCESS != ret) { + Log("Error, cannot get ECC context", log::error); + ret = -1; + break; + } + // Sign + ret = sample_ecdsa_sign((uint8_t *)&p_attestation_verification_report->info_blob.sample_epid_group_status, + sizeof(ias_platform_info_blob_t) - sizeof(sample_ec_sign256_t), + (sample_ec256_private_t *)&g_rk_priv_key, + (sample_ec256_signature_t *)&p_attestation_verification_report->info_blob.signature, + ecc_state); + + if (SAMPLE_SUCCESS != ret) { + Log("Error, sign ga_gb fail", log::error); + ret = SP_INTERNAL_ERROR; + break; + } + + SWAP_ENDIAN_32B(p_attestation_verification_report->info_blob.signature.x); + SWAP_ENDIAN_32B(p_attestation_verification_report->info_blob.signature.y); + + } while (0); + + if (ecc_state) { + sample_ecc256_close_context(ecc_state); + } + + p_attestation_verification_report->pse_status = IAS_PSE_OK; + + // For now, don't simulate the policy reports. + p_attestation_verification_report->policy_report_size = 0; + + return ret; +} + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.h new file mode 100644 index 0000000..37898a1 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/ias_ra.h @@ -0,0 +1,137 @@ +#ifndef _IAS_RA_H +#define _IAS_RA_H + +#include "ecp.h" +#include "sgx_quote.h" + +#include "LogBase.h" +#include "WebService.h" + +using namespace util; + +typedef enum { + IAS_QUOTE_OK, + IAS_QUOTE_SIGNATURE_INVALID, + IAS_QUOTE_GROUP_REVOKED, + IAS_QUOTE_SIGNATURE_REVOKED, + IAS_QUOTE_KEY_REVOKED, + IAS_QUOTE_SIGRL_VERSION_MISMATCH, + IAS_QUOTE_GROUP_OUT_OF_DATE, +} ias_quote_status_t; + +// These status should align with the definition in IAS API spec(rev 0.6) +typedef enum { + IAS_PSE_OK, + IAS_PSE_DESC_TYPE_NOT_SUPPORTED, + IAS_PSE_ISVSVN_OUT_OF_DATE, + IAS_PSE_MISCSELECT_INVALID, + IAS_PSE_ATTRIBUTES_INVALID, + IAS_PSE_MRSIGNER_INVALID, + IAS_PS_HW_GID_REVOKED, + IAS_PS_HW_PRIVKEY_RLVER_MISMATCH, + IAS_PS_HW_SIG_RLVER_MISMATCH, + IAS_PS_HW_CA_ID_INVALID, + IAS_PS_HW_SEC_INFO_INVALID, + IAS_PS_HW_PSDA_SVN_OUT_OF_DATE, +} ias_pse_status_t; + +// Revocation Reasons from RFC5280 +typedef enum { + IAS_REVOC_REASON_NONE, + IAS_REVOC_REASON_KEY_COMPROMISE, + IAS_REVOC_REASON_CA_COMPROMISED, + IAS_REVOC_REASON_SUPERCEDED, + IAS_REVOC_REASON_CESSATION_OF_OPERATION, + IAS_REVOC_REASON_CERTIFICATE_HOLD, + IAS_REVOC_REASON_PRIVILEGE_WITHDRAWN, + IAS_REVOC_REASON_AA_COMPROMISE, +} ias_revoc_reason_t; + +// These status should align with the definition in IAS API spec(rev 0.6) +#define IAS_EPID_GROUP_STATUS_REVOKED_BIT_POS 0x00 +#define IAS_EPID_GROUP_STATUS_REKEY_AVAILABLE_BIT_POS 0x01 + +#define IAS_TCB_EVAL_STATUS_CPUSVN_OUT_OF_DATE_BIT_POS 0x00 +#define IAS_TCB_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS 0x01 + +#define IAS_PSE_EVAL_STATUS_ISVSVN_OUT_OF_DATE_BIT_POS 0x00 +#define IAS_PSE_EVAL_STATUS_EPID_GROUP_REVOKED_BIT_POS 0x01 +#define IAS_PSE_EVAL_STATUS_PSDASVN_OUT_OF_DATE_BIT_POS 0x02 +#define IAS_PSE_EVAL_STATUS_SIGRL_OUT_OF_DATE_BIT_POS 0x03 +#define IAS_PSE_EVAL_STATUS_PRIVRL_OUT_OF_DATE_BIT_POS 0x04 + +// These status should align with the definition in IAS API spec(rev 0.6) +#define ISVSVN_SIZE 2 +#define PSDA_SVN_SIZE 4 +#define GID_SIZE 4 +#define PSVN_SIZE 18 + +#define SAMPLE_HASH_SIZE 32 // SHA256 +#define SAMPLE_MAC_SIZE 16 // Message Authentication Code +// - 16 bytes + +#define SAMPLE_REPORT_DATA_SIZE 64 + +typedef uint8_t sample_measurement_t[SAMPLE_HASH_SIZE]; +typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE]; +typedef uint8_t sample_report_data_t[SAMPLE_REPORT_DATA_SIZE]; +typedef uint16_t sample_prod_id_t; + +#define SAMPLE_CPUSVN_SIZE 16 + +typedef uint8_t sample_cpu_svn_t[SAMPLE_CPUSVN_SIZE]; +typedef uint16_t sample_isv_svn_t; + +typedef struct sample_attributes_t { + uint64_t flags; + uint64_t xfrm; +} sample_attributes_t; + +typedef struct sample_report_body_t { + sample_cpu_svn_t cpu_svn; // ( 0) Security Version of the CPU + uint8_t reserved1[32]; // ( 16) + sample_attributes_t attributes; // ( 48) Any special Capabilities + // the Enclave possess + sample_measurement_t mr_enclave; // ( 64) The value of the enclave's + // ENCLAVE measurement + uint8_t reserved2[32]; // ( 96) + sample_measurement_t mr_signer; // (128) The value of the enclave's + // SIGNER measurement + uint8_t reserved3[32]; // (160) + sample_measurement_t mr_reserved1; // (192) + sample_measurement_t mr_reserved2; // (224) + sample_prod_id_t isv_prod_id; // (256) Product ID of the Enclave + sample_isv_svn_t isv_svn; // (258) Security Version of the + // Enclave + uint8_t reserved4[60]; // (260) + sample_report_data_t report_data; // (320) Data provided by the user +} sample_report_body_t; + +#pragma pack(push, 1) + +typedef struct _ias_att_report_t { + char id[100]; + ias_quote_status_t status; + uint32_t revocation_reason; + ias_platform_info_blob_t info_blob; + ias_pse_status_t pse_status; + uint32_t policy_report_size; + uint8_t policy_report[];// IAS_Q: Why does it specify a list of reports? +} ias_att_report_t; + +#define SAMPLE_QUOTE_UNLINKABLE_SIGNATURE 0 +#define SAMPLE_QUOTE_LINKABLE_SIGNATURE 1 + +#pragma pack(pop) + +#ifdef __cplusplus +extern "C" { +#endif + +int ias_verify_attestation_evidence(uint8_t* p_isv_quote, uint8_t* pse_manifest, ias_att_report_t* attestation_verification_report, WebService *ws); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/remote_attestation_result.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/remote_attestation_result.h new file mode 100644 index 0000000..3f1f536 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/ServiceProvider/service_provider/remote_attestation_result.h @@ -0,0 +1,72 @@ +#ifndef _REMOTE_ATTESTATION_RESULT_H_ +#define _REMOTE_ATTESTATION_RESULT_H_ + +#include + +#ifdef __cplusplus +extern "C" { +#endif + +#define SAMPLE_MAC_SIZE 16 /* Message Authentication Code*/ +/* - 16 bytes*/ +typedef uint8_t sample_mac_t[SAMPLE_MAC_SIZE]; + +#ifndef SAMPLE_FEBITSIZE +#define SAMPLE_FEBITSIZE 256 +#endif + +#define SAMPLE_NISTP256_KEY_SIZE (SAMPLE_FEBITSIZE/ 8 /sizeof(uint32_t)) + +typedef struct sample_ec_sign256_t { + uint32_t x[SAMPLE_NISTP256_KEY_SIZE]; + uint32_t y[SAMPLE_NISTP256_KEY_SIZE]; +} sample_ec_sign256_t; + +#pragma pack(push,1) + +#define SAMPLE_SP_TAG_SIZE 16 + +typedef struct sp_aes_gcm_data_t { + uint32_t payload_size; /* 0: Size of the payload which is*/ + /* encrypted*/ + uint8_t reserved[12]; /* 4: Reserved bits*/ + uint8_t payload_tag[SAMPLE_SP_TAG_SIZE]; + /* 16: AES-GMAC of the plain text,*/ + /* payload, and the sizes*/ + uint8_t payload[]; /* 32: Ciphertext of the payload*/ + /* followed by the plain text*/ +} sp_aes_gcm_data_t; + + +#define ISVSVN_SIZE 2 +#define PSDA_SVN_SIZE 4 +#define GID_SIZE 4 +#define PSVN_SIZE 18 + +/* @TODO: Modify at production to use the values specified by an Production*/ +/* attestation server API*/ +typedef struct ias_platform_info_blob_t { + uint8_t sample_epid_group_status; + uint16_t sample_tcb_evaluation_status; + uint16_t pse_evaluation_status; + uint8_t latest_equivalent_tcb_psvn[PSVN_SIZE]; + uint8_t latest_pse_isvsvn[ISVSVN_SIZE]; + uint8_t latest_psda_svn[PSDA_SVN_SIZE]; + uint8_t performance_rekey_gid[GID_SIZE]; + sample_ec_sign256_t signature; +} ias_platform_info_blob_t; + + +typedef struct sample_ra_att_result_msg_t { + ias_platform_info_blob_t platform_info_blob; + sample_mac_t mac; /* mac_smk(attestation_status)*/ + sp_aes_gcm_data_t secret; +} sample_ra_att_result_msg_t; + +#pragma pack(pop) + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/Base64.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/Base64.cpp new file mode 100644 index 0000000..18416f4 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/Base64.cpp @@ -0,0 +1,99 @@ +#include "Base64.h" +#include + +static const std::string base64_chars = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/"; + + +static inline bool is_base64(unsigned char c) { + return (isalnum(c) || (c == '+') || (c == '/')); +} + +std::string base64_encode(unsigned char const* bytes_to_encode, unsigned int in_len) { + std::string ret; + int i = 0; + int j = 0; + unsigned char char_array_3[3]; + unsigned char char_array_4[4]; + + while (in_len--) { + char_array_3[i++] = *(bytes_to_encode++); + if (i == 3) { + char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; + char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); + char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); + char_array_4[3] = char_array_3[2] & 0x3f; + + for (i=0; i<4; i++) + ret += base64_chars[char_array_4[i]]; + i = 0; + } + } + + if (i) { + for(j = i; j < 3; j++) + char_array_3[j] = '\0'; + + char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; + char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); + char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); + char_array_4[3] = char_array_3[2] & 0x3f; + + for (j=0; j> 4); + char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); + char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; + + for (i=0; i<3; i++) + ret += char_array_3[i]; + i = 0; + } + } + + if (i) { + for (j=i; j<4; j++) + char_array_4[j] = 0; + + for (j=0; j<4; j++) + char_array_4[j] = base64_chars.find(char_array_4[j]); + + char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); + char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); + char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; + + for (j=0; j + +std::string base64_encode(unsigned char const* , unsigned int len); +std::string base64_decode(std::string const& s); + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.cpp new file mode 100644 index 0000000..3245bda --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.cpp @@ -0,0 +1,85 @@ +#include "LogBase.h" +#include + +namespace util { + +LogBase* LogBase::instance = NULL; + +LogBase* LogBase::Inst() { + if (instance == NULL) { + instance = new LogBase(); + } + + return instance; +} + + +LogBase::LogBase() { + m_enabled[log::verbose] = false; + m_enabled[log::info] = true; + m_enabled[log::warning] = true; + m_enabled[log::error] = true; + m_enabled[log::timer] = false; + + this->appender = new log4cpp::OstreamAppender("console", &std::cout); + this->appender->setLayout(new log4cpp::BasicLayout()); + + root.setPriority(log4cpp::Priority::INFO); + root.addAppender(this->appender); +} + + +LogBase::~LogBase() {} + + +void LogBase::Log(const log::Fmt& msg, log::Severity s) { + if (IsEnabled(s) && !IsEnabled(log::timer)) { + switch (s) { + case log::info: + root.info(msg.str()); + break; + case log::error: + root.error(msg.str()); + break; + case log::warning: + root.warn(msg.str()); + break; + } + } +} + + +bool LogBase::Enable(log::Severity s, bool enable) { + bool prev = m_enabled[s]; + m_enabled[s] = enable; + + return prev; +} + + +void LogBase::DisableAll(bool b) { + m_enabled[log::verbose] = b; + m_enabled[log::info] = b; + m_enabled[log::warning] = b; + m_enabled[log::error] = b; + m_enabled[log::timer] = b; +} + + +bool LogBase::IsEnabled( log::Severity s ) const { + return m_enabled[s]; +} + + +void Log(const string& str, log::Severity s) { + LogBase::Inst()->Log(log::Fmt(str), s); +} + + +void DisableAllLogs(bool b) { + LogBase::Inst()->DisableAll(b); +} + + + +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.h new file mode 100644 index 0000000..0c0356c --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/LogBase.h @@ -0,0 +1,89 @@ +#ifndef LOG_H +#define LOG_H + +#include +#include +#include +#include +#include +#include +#include + +#include +#include +#include +#include +#include + +using namespace std; + +namespace util { + +namespace log { +enum Severity { + verbose, + info, + warning, + error, + timer, + severity_count +}; + +typedef boost::format Fmt; +} + + +class LogBase { + +public: + static LogBase* Inst(); + void Log(const log::Fmt& msg, log::Severity s = log::info); + bool Enable(log::Severity s, bool enable = true); + bool IsEnabled(log::Severity s) const; + void DisableAll(bool b); + virtual ~LogBase(); + +private: + LogBase(); + +private: + std::bitset m_enabled; + static LogBase *instance; + log4cpp::Appender *appender; + log4cpp::Category &root = log4cpp::Category::getRoot(); + + struct timespec start; + vector> measurements; +}; + +void Log(const std::string& str, log::Severity s = log::info); +void DisableAllLogs(bool b); + +template +void Log(const std::string& fmt, const P1& p1, log::Severity s = log::info) { + LogBase::Inst()->Log(log::Fmt(fmt) % p1, s); +} + +template +void Log(const std::string& fmt, const P1& p1, const P2& p2, log::Severity s = log::info) { + LogBase::Inst()->Log( log::Fmt(fmt) % p1 % p2, s ) ; +} + +template +void Log(const std::string& fmt, const P1& p1, const P2& p2, const P3& p3, log::Severity s = log::info) { + LogBase::Inst()->Log(log::Fmt(fmt) % p1 % p2 % p3, s); +} + +template +void Log(const std::string& fmt, const P1& p1, const P2& p2, const P3& p3, const P4& p4, log::Severity s = log::info) { + LogBase::Inst()->Log(log::Fmt(fmt) % p1 % p2 % p3 % p4, s); +} + +template +void Log(const std::string& fmt, const P1& p1, const P2& p2, const P3& p3, const P4& p4, const P5& p5, log::Severity s = log::info) { + LogBase::Inst()->Log(log::Fmt(fmt) % p1 % p2 % p3 % p4 % p5, s); +} + +} + +#endif diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.cpp new file mode 100644 index 0000000..f3bd5d6 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.cpp @@ -0,0 +1,313 @@ +#include "UtilityFunctions.h" + +using namespace util; + +void SafeFree(void *ptr) { + if (NULL != ptr) { + free(ptr); + ptr = NULL; + } +} + + +string GetRandomString() { + string str = lexical_cast((random_generator())()); + str.erase(remove(str.begin(), str.end(), '-'), str.end()); + + return str; +} + + +string ByteArrayToString(const uint8_t *arr, int size) { + ostringstream convert; + + for (int a = 0; a < size; a++) { + convert << setfill('0') << setw(2) << hex << (unsigned int)arr[a]; + } + + return convert.str(); +} + + +string ByteArrayToStringNoFill(const uint8_t *arr, int size) { + ostringstream convert; + + for (int a = 0; a < size; a++) { + convert << hex << (int)arr[a]; + } + + return convert.str(); +} + + +int HexStringToByteArray(string str, uint8_t **arr) { + vector bytes; + + for (unsigned int i=0; i vec(str.begin(), str.end()); + + *arr = (uint8_t*) malloc(sizeof(uint8_t) * vec.size()); + copy(vec.begin(), vec.end(), *arr); + + return vec.size(); +} + + +string ByteArrayToNoHexString(const uint8_t *arr, int size) { + std::ostringstream convert; + + for (int a = 0; a < size; a++) { + convert << (uint8_t)arr[a]; + } + + return convert.str(); +} + + +string UIntToString(uint32_t *arr, int size) { + stringstream ss; + + for (int i=0; i(t)), istreambuf_iterator()); + + *content = (char*) malloc(sizeof(char) * (str.size()+1)); + memset(*content, '\0', (str.size()+1)); + str.copy(*content, str.size()); + + return str.size(); +} + + +int ReadFileToBuffer(string filePath, uint8_t **content) { + ifstream file(filePath, ios::binary | ios::ate); + streamsize file_size = file.tellg(); + + file.seekg(0, ios::beg); + + std::vector buffer(file_size); + + if (file.read(buffer.data(), file_size)) { + string str(buffer.begin(), buffer.end()); + + vector vec(str.begin(), str.end()); + + *content = (uint8_t*) malloc(sizeof(uint8_t) * vec.size()); + copy(vec.begin(), vec.end(), *content); + + return str.length(); + } + + return -1; +} + + +int RemoveFile(string filePath) { + if (remove(filePath.c_str()) != 0 ) { + Log("Error deleting file: " + filePath); + return 1; + } else + Log("File deleted successfully: " + filePath); + + return 0; +} + + +static sgx_errlist_t sgx_errlist[] = { + { + SGX_ERROR_UNEXPECTED, + "Unexpected error occurred.", + NULL + }, + { + SGX_ERROR_INVALID_PARAMETER, + "Invalid parameter.", + NULL + }, + { + SGX_ERROR_OUT_OF_MEMORY, + "Out of memory.", + NULL + }, + { + SGX_ERROR_ENCLAVE_LOST, + "Power transition occurred.", + "Please refer to the sample \"PowerTransition\" for details." + }, + { + SGX_ERROR_INVALID_ENCLAVE, + "Invalid enclave image.", + NULL + }, + { + SGX_ERROR_INVALID_ENCLAVE_ID, + "Invalid enclave identification.", + NULL + }, + { + SGX_ERROR_INVALID_SIGNATURE, + "Invalid enclave signature.", + NULL + }, + { + SGX_ERROR_OUT_OF_EPC, + "Out of EPC memory.", + NULL + }, + { + SGX_ERROR_NO_DEVICE, + "Invalid SGX device.", + "Please make sure SGX module is enabled in the BIOS, and install SGX driver afterwards." + }, + { + SGX_ERROR_MEMORY_MAP_CONFLICT, + "Memory map conflicted.", + NULL + }, + { + SGX_ERROR_INVALID_METADATA, + "Invalid enclave metadata.", + NULL + }, + { + SGX_ERROR_DEVICE_BUSY, + "SGX device was busy.", + NULL + }, + { + SGX_ERROR_INVALID_VERSION, + "Enclave version was invalid.", + NULL + }, + { + SGX_ERROR_INVALID_ATTRIBUTE, + "Enclave was not authorized.", + NULL + }, + { + SGX_ERROR_ENCLAVE_FILE_ACCESS, + "Can't open enclave file.", + NULL + }, + { + SGX_ERROR_MODE_INCOMPATIBLE, + "Target enclave mode is incompatible with the mode of the current RTS", + NULL + }, + { + SGX_ERROR_SERVICE_UNAVAILABLE, + "sgx_create_enclave() needs the AE service to get a launch token", + NULL + }, + { + SGX_ERROR_SERVICE_TIMEOUT, + "The request to the AE service timed out", + NULL + }, + { + SGX_ERROR_SERVICE_INVALID_PRIVILEGE, + "The request requires some special attributes for the enclave, but is not privileged", + NULL + }, + { + SGX_ERROR_NDEBUG_ENCLAVE, + "The enclave is signed as a product enclave and cannot be created as a debuggable enclave", + NULL + }, + { + SGX_ERROR_UNDEFINED_SYMBOL, + "The enclave contains an import table", + NULL + }, + { + SGX_ERROR_INVALID_MISC, + "The MiscSelct/MiscMask settings are not correct", + NULL + }, + { + SGX_ERROR_MAC_MISMATCH, + "The input MAC does not match the MAC calculated", + NULL + } +}; + + +void print_error_message(sgx_status_t ret) { + size_t idx = 0; + size_t ttl = sizeof(sgx_errlist)/sizeof (sgx_errlist[0]); + + for (idx = 0; idx < ttl; idx++) { + if (ret == sgx_errlist[idx].err) { + if (NULL != sgx_errlist[idx].sug) + Log("%s", sgx_errlist[idx].sug); + + Log("%s", sgx_errlist[idx].msg); + break; + } + } + + if (idx == ttl) + Log("Unexpected error occurred"); +} + + +string Base64decode(const string val) { + return base64_decode(val); +} + + +string Base64encodeUint8(uint8_t *val, uint32_t len) { + return base64_encode(val, len); +} + + + + + + + + + + + + + + + + + + + + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.h new file mode 100644 index 0000000..e2b6523 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/Util/UtilityFunctions.h @@ -0,0 +1,65 @@ +#ifndef UTILITY_FUNCTIONS_H +#define UTILITY_FUNCTIONS_H + +#include +#include +#include +#include +#include +#include +// #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "LogBase.h" +#include "sgx_urts.h" +#include "Base64.h" + +using namespace std; +using namespace boost::archive::iterators; +using boost::lexical_cast; +using boost::uuids::uuid; +using boost::uuids::random_generator; + +#define FILE_UUID_LENGTH 32 + +typedef struct _sgx_errlist_t { + sgx_status_t err; + const char *msg; + const char *sug; /* Suggestion */ +} sgx_errlist_t; + +void print_error_message(sgx_status_t ret); + +void SafeFree(void *ptr); + +string GetRandomString(); + +string ByteArrayToString(const uint8_t *arr, int size); +string ByteArrayToStringNoFill(const uint8_t *arr, int size); +int StringToByteArray(string str, uint8_t **arr); +string ByteArrayToNoHexString(const uint8_t *arr, int size); +string UIntToString(uint32_t *arr, int size); +int HexStringToByteArray(string str, uint8_t **arr); + +int ReadFileToBuffer(string filePath, uint8_t **content); +int ReadFileToBuffer(string filePath, char **content); +int SaveBufferToFile(string filePath, string content); +int RemoveFile(string filePath); + +string Base64encode(const string val); +string Base64decode(const string val); +string Base64encodeUint8(uint8_t *val, uint32_t len); + +#endif + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.cpp new file mode 100644 index 0000000..71a6340 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.cpp @@ -0,0 +1,232 @@ +#include "WebService.h" +#include "../GeneralSettings.h" + +WebService* WebService::instance = NULL; + +WebService::WebService() {} + +WebService::~WebService() { + if (curl) + curl_easy_cleanup(curl); +} + + +WebService* WebService::getInstance() { + if (instance == NULL) { + instance = new WebService(); + } + + return instance; +} + + +void WebService::init() { + curl_global_init(CURL_GLOBAL_DEFAULT); + + curl = curl_easy_init(); + + if (curl) { + Log("Curl initialized successfully"); +// curl_easy_setopt( curl, CURLOPT_VERBOSE, 1L ); + curl_easy_setopt( curl, CURLOPT_SSLCERTTYPE, "PEM"); + curl_easy_setopt( curl, CURLOPT_SSLCERT, Settings::ias_crt); + curl_easy_setopt( curl, CURLOPT_SSLKEY, Settings::ias_key); + curl_easy_setopt( curl, CURLOPT_USE_SSL, CURLUSESSL_ALL); + curl_easy_setopt( curl, CURLOPT_SSLVERSION, CURL_SSLVERSION_TLSv1_2); + curl_easy_setopt( curl, CURLOPT_NOPROGRESS, 1L); + } else + Log("Curl init error", log::error); +} + + +vector> WebService::parseJSONfromIAS(string json) { + Json::Value root; + Json::Reader reader; + bool parsingSuccessful = reader.parse(json.c_str(), root); + + if (!parsingSuccessful) { + Log("Failed to parse JSON string from IAS", log::error); + return vector>(); + } + + vector> values; + + string id = root.get("id", "UTF-8" ).asString(); + string timestamp = root.get("timestamp", "UTF-8" ).asString(); + string epidPseudonym = root.get("epidPseudonym", "UTF-8" ).asString(); + string isvEnclaveQuoteStatus = root.get("isvEnclaveQuoteStatus", "UTF-8" ).asString(); + + values.push_back({"id", id}); + values.push_back({"timestamp", timestamp}); + values.push_back({"epidPseudonym", epidPseudonym}); + values.push_back({"isvEnclaveQuoteStatus", isvEnclaveQuoteStatus}); + + return values; +} + + +string WebService::createJSONforIAS(uint8_t *quote, uint8_t *pseManifest, uint8_t *nonce) { + Json::Value request; + + request["isvEnclaveQuote"] = Base64encodeUint8(quote, 1116); +// request["pseManifest"] = Base64encodeUint8(quote, 256); //only needed when enclave has been signed + + Json::FastWriter fastWriter; + string output = fastWriter.write(request); + + return output; +} + + +size_t ias_response_header_parser(void *ptr, size_t size, size_t nmemb, void *userdata) { + int parsed_fields = 0, response_status, content_length, ret = size * nmemb; + + char *x = (char*) calloc(size+1, nmemb); + assert(x); + memcpy(x, ptr, size * nmemb); + parsed_fields = sscanf( x, "HTTP/1.1 %d", &response_status ); + + if (parsed_fields == 1) { + ((ias_response_header_t *) userdata)->response_status = response_status; + return ret; + } + + parsed_fields = sscanf( x, "content-length: %d", &content_length ); + if (parsed_fields == 1) { + ((ias_response_header_t *) userdata)->content_length = content_length; + return ret; + } + + char *p_request_id = (char*) calloc(1, REQUEST_ID_MAX_LEN); + parsed_fields = sscanf(x, "request-id: %s", p_request_id ); + + if (parsed_fields == 1) { + std::string request_id_str( p_request_id ); + ( ( ias_response_header_t * ) userdata )->request_id = request_id_str; + return ret; + } + + return ret; +} + + +size_t ias_reponse_body_handler( void *ptr, size_t size, size_t nmemb, void *userdata ) { + size_t realsize = size * nmemb; + ias_response_container_t *ias_response_container = ( ias_response_container_t * ) userdata; + ias_response_container->p_response = (char *) realloc(ias_response_container->p_response, ias_response_container->size + realsize + 1); + + if (ias_response_container->p_response == NULL ) { + Log("Unable to allocate extra memory", log::error); + return 0; + } + + memcpy( &( ias_response_container->p_response[ias_response_container->size]), ptr, realsize ); + ias_response_container->size += realsize; + ias_response_container->p_response[ias_response_container->size] = 0; + + return realsize; +} + + +bool WebService::sendToIAS(string url, + IAS type, + string payload, + struct curl_slist *headers, + ias_response_container_t *ias_response_container, + ias_response_header_t *response_header) { + + CURLcode res = CURLE_OK; + + curl_easy_setopt( curl, CURLOPT_URL, url.c_str()); + + if (headers) { + curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); + curl_easy_setopt(curl, CURLOPT_POSTFIELDS, payload.c_str()); + } + + ias_response_container->p_response = (char*) malloc(1); + ias_response_container->size = 0; + + curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, ias_response_header_parser); + curl_easy_setopt(curl, CURLOPT_HEADERDATA, response_header); + curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, ias_reponse_body_handler); + curl_easy_setopt(curl, CURLOPT_WRITEDATA, ias_response_container); + + res = curl_easy_perform(curl); + if (res != CURLE_OK) { + Log("curl_easy_perform() failed: %s", curl_easy_strerror(res)); + return false; + } + + return true; +} + + +bool WebService::getSigRL(string gid, string *sigrl) { + Log("Retrieving SigRL from IAS"); + + //check if the sigrl for the gid has already been retrieved once -> to save time + for (auto x : retrieved_sigrl) { + if (x.first == gid) { + *sigrl = x.second; + return false; + } + } + Log("Gid is %s", gid); + + ias_response_container_t ias_response_container; + ias_response_header_t response_header; + + string url = Settings::ias_url + "sigrl/" + gid; + + this->sendToIAS(url, IAS::sigrl, "", NULL, &ias_response_container, &response_header); + + Log("\tResponse status is: %d" , response_header.response_status); + Log("\tContent-Length: %d", response_header.content_length); + + if (response_header.response_status == 200) { + if (response_header.content_length > 0) { + string response(ias_response_container.p_response); + *sigrl = Base64decode(response); + } + retrieved_sigrl.push_back({gid, *sigrl}); + } else + return true; + + return false; +} + + +bool WebService::verifyQuote(uint8_t *quote, uint8_t *pseManifest, uint8_t *nonce, vector> *result) { + string encoded_quote = this->createJSONforIAS(quote, pseManifest, nonce); + + ias_response_container_t ias_response_container; + ias_response_header_t response_header; + + struct curl_slist *headers = NULL; + headers = curl_slist_append(headers, "Content-Type: application/json"); + + string payload = encoded_quote; + + string url = Settings::ias_url + "report"; + this->sendToIAS(url, IAS::report, payload, headers, &ias_response_container, &response_header); + + + if (response_header.response_status == 200) { + Log("Quote attestation successful, new report has been created"); + + string response(ias_response_container.p_response); + + auto res = parseJSONfromIAS(response); + *result = res; + } else { + Log("Quote attestation returned status: %d", response_header.response_status); + return true; + } + + return false; +} + + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.h new file mode 100644 index 0000000..70586b7 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/WebService/WebService.h @@ -0,0 +1,75 @@ +#ifndef WEBSERVICE_H +#define WEBSERVICE_H + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "LogBase.h" +#include "UtilityFunctions.h" + +using namespace std; +using namespace util; + +enum IAS { + sigrl, + report +}; + +struct attestation_verification_report_t { + string report_id; + string isv_enclave_quote_status; + string timestamp; +}; + +struct attestation_evidence_payload_t { + string isv_enclave_quote; +}; + +struct ias_response_header_t { + int response_status; + int content_length; + std::string request_id; +}; + +struct ias_response_container_t { + char *p_response; + size_t size; +}; + +static int REQUEST_ID_MAX_LEN = 32; +static vector> retrieved_sigrl; + +class WebService { + +public: + static WebService* getInstance(); + virtual ~WebService(); + void init(); + bool getSigRL(string gid, string *sigrl); + bool verifyQuote(uint8_t *quote, uint8_t *pseManifest, uint8_t *nonce, vector> *result); + +private: + WebService(); + bool sendToIAS(string url, IAS type, string payload, + struct curl_slist *headers, + ias_response_container_t *ias_response_container, + ias_response_header_t *response_header); + + string createJSONforIAS(uint8_t *quote, uint8_t *pseManifest, uint8_t *nonce); + vector> parseJSONfromIAS(string json); + +private: + static WebService* instance; + CURL *curl; +}; + +#endif + + + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.crt b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.crt new file mode 100644 index 0000000..08fb3ef --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.crt @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqzCCA5OgAwIBAgIJAJELT4LFOrbqMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJHQTEQMA4GA1UEBwwHQXRsYW50YTEPMA0GA1UECgwG +R2F0ZWNoMQwwCgYDVQQDDANmYW4xHzAdBgkqhkiG9w0BCQEWEGZzYW5nQGdhdGVj +aC5lZHUwHhcNMTgwNzAzMjIwOTQyWhcNMTkwNzAzMjIwOTQyWjBsMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCR0ExEDAOBgNVBAcMB0F0bGFudGExDzANBgNVBAoMBkdh +dGVjaDEMMAoGA1UEAwwDZmFuMR8wHQYJKoZIhvcNAQkBFhBmc2FuZ0BnYXRlY2gu +ZWR1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2sM3FEWvQ8vnMpG+ +5owtpCyBNrl8s50hpd3I4RgjxiTDioN1ku7Zt6nkEcMRmKZYKmWS00tdeWDRX7oS +KvjhEkwG2+KCOxkadSKdbR2LRWQpzkiRIj0ZbyHlvsFDQU1aX2F/JoPYa2vKHgba +UG8Ee7InuMeeJGRCpNdSPuDQD8fMBquqik7ut3lF+UYJVskKATpXTc5gpMfywTWs +Nh+euWEZD99vJVZH8nQKlpTQudIP6W0hA0Z5o50CmDnXJUplghCTBxvVnW++7qKx +oeYVRHzts2ZxVAjgqTf+EO+lkSxjA4T/A806/jzl59rEJ5ZjEF/jDofgngI5Z66r +0fX5A8oNl1ViJeZ2yzIRYbenar3GW6azqCmkrlCHOgRCULPHOKZ4UD9qUVWHJQoW +h3Vg+R41sPvULIWiT2RUvoU3URFPB3gOH5wi+nXzkP9Cw6x7zJqWlExBcU+BSNGO +gPADyA98n0vo0Lj4JmmqWPfyqQWBw68H0cxycoxApkqIFPciQ1FhK3NJdhu5rN5Y +X48vqPwNNRpGjqjEnvf/6q9G6ArF7HUvEeEqPd5WIWNb5f/vCKoWLphE7rNnwHO3 +axUU/hKlzM0xeU+A//yKgpHL3jCBU1w5GaJyD8Xl6iAB9UgKMCgKOGBZG7J/BNRb +DSmarljbEmEln4kPNw3EVdRdZtUCAwEAAaNQME4wHQYDVR0OBBYEFMTWqmoK2OzU +aEkH7EO7oJ9AxP5aMB8GA1UdIwQYMBaAFMTWqmoK2OzUaEkH7EO7oJ9AxP5aMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFg4Ud8hQbZTsn3kkk5Qp55l +6cFugTQspw04HPagescRlzEaHqvgzt5UiIqNMiIUJYi8nb/TeDNGpLC5pcRUmcvR +MyPsGOc6B6C+9ubciiPHSq6tzoVYuBZ6/mnttYWtV1MqbELcDxw1D/AOVArgpOBz +6hgpvkWNkYhenPvZVCFCe4rfqINCbNNw3wO/W7Y7H02OS0XZK9F/H4rEJkphhZ88 +3s8E1B6ExViwsnvO8qm+Pc7SrmYdyTutUTmBPLt0ufFHcrabcME6faeFSR0P2+5V +Wf4ui28i8sSij+AbgVaa25AXZc33AZn5g6Lru9VXqEnatMX8pLVGbT7594LOeRUh +Swq8L7LpCCDjUrepnN4prDadNfQ1Jog7lO1Vn7SK1NrItxCFLbJRSXQEfEuBWmoB +l2luP0uKyYw61roz9yD3viaJNrcZBsnQbfujz4kB8PqL5pnvX8BB0E6Kp7v0iOrW +vSpiJvm4MYh8f7yD+AMo8mUqthOeyg0WUQn9ey6Izc5Y4l4wX3RdKrYMLVJXgDgv +c389BD7JO0HS/ebL1G/3j7+ksR++Atbqt5LvwrROzCTUVry1HVR0QmyQfotYYe6B +1EgtOD9kORzmqK1MIdZFhKq2nzSmpJSAflvHGVHB0nWHFae8VEoZViELaa58SNAf +Ot6BfvcIQ3GBwPEusVFk +-----END CERTIFICATE----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.key b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.key new file mode 100644 index 0000000..38f68ee --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.key @@ -0,0 +1,52 @@ +-----BEGIN PRIVATE KEY----- +MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDawzcURa9Dy+cy +kb7mjC2kLIE2uXyznSGl3cjhGCPGJMOKg3WS7tm3qeQRwxGYplgqZZLTS115YNFf +uhIq+OESTAbb4oI7GRp1Ip1tHYtFZCnOSJEiPRlvIeW+wUNBTVpfYX8mg9hra8oe +BtpQbwR7sie4x54kZEKk11I+4NAPx8wGq6qKTu63eUX5RglWyQoBOldNzmCkx/LB +Naw2H565YRkP328lVkfydAqWlNC50g/pbSEDRnmjnQKYOdclSmWCEJMHG9Wdb77u +orGh5hVEfO2zZnFUCOCpN/4Q76WRLGMDhP8DzTr+POXn2sQnlmMQX+MOh+CeAjln +rqvR9fkDyg2XVWIl5nbLMhFht6dqvcZbprOoKaSuUIc6BEJQs8c4pnhQP2pRVYcl +ChaHdWD5HjWw+9QshaJPZFS+hTdREU8HeA4fnCL6dfOQ/0LDrHvMmpaUTEFxT4FI +0Y6A8APID3yfS+jQuPgmaapY9/KpBYHDrwfRzHJyjECmSogU9yJDUWErc0l2G7ms +3lhfjy+o/A01GkaOqMSe9//qr0boCsXsdS8R4So93lYhY1vl/+8IqhYumETus2fA +c7drFRT+EqXMzTF5T4D//IqCkcveMIFTXDkZonIPxeXqIAH1SAowKAo4YFkbsn8E +1FsNKZquWNsSYSWfiQ83DcRV1F1m1QIDAQABAoICAQDAjXWspU2IejBtBXYnjZka +2YV+erO1kQgt69JFtq6+WFu5Ts6tXwlJrQMvUyjo2Pnfj3o1+y8yiDKidLBLHLdX +GI4s+umwRP9RvP8eLRQKJwjZJmyA25DIjeigB5JAJ2r1a2a0qvZSTxUfat68T4t9 +qSlnbmTXGVzDpTciW1UnnrAJ6w34IVPjMJ6Ts77Cob/ppsVzmcTdJZWZ1LlZBmn6 +N+oMW5mEHrbDRLqRIjm6ZZhV2RVmwaCNj8TZ4odprls8qYQQjMJwigxgFdoOa+uq +VeAPuYrk8c91gvBhTd7Ism4Qif7BBOL5JvciJh/jzG4z2oKLprPhwIlwpoFcFIpx +10UoW+IYq3K+iPbtwvsdANFS+RstO2JbrK2R3qSMwnt42Nh048sJ71viTq0DqO5d +4JHbX+qzVZzRxVoR+sUg4tSOafx5DIwQWo7eMg+VKxvkn2gdNG9a1ISyR5Mehmaf +kZ/ZDyjGOC8G9q9y473bGNZcgC/J3ObceiZBV3B781hBAUcDBk1MJx5wWFZXUz4/ +8Dgfyvbk2Sv4EqzdyjV+/zJAG+sTCCYxbT7M5gga4lcQFZiJ2qOEZfBXqIG8LtYg +Q4erSCLf7ZE2DnUFO83eSKuobi7FxiWtZfDKNJNkMFeDoSzPAMRTxW2iD0bhz7+a +Op+7A8rY5LreXjNEj5s4gQKCAQEA+ODszR7Mdi4ywSbYg8Qsmw64cRrHlXuVKuRZ +DpDEWEOHtuE36lY3VFK17NLGBBeq/Rbmjqv7Ez3AIevlSQHy8FXmwBgLUHsh91Tv +CMM/ClVaFQwttf/lBEfQjBer8MDdobs48/NboRixuN9az69xGbN/L3XB5G+XKbON +qhUwQPgi5IKyP3ZzKS2Q679FGwmfeUJVdwlIAA5lnFrqyq0DTbiXZPkoIhWMMJ4+ +wggVUn9RdgUmD6Pb7z7iuaXbhABB7ttup39J6tuN8/aWPqDTzi2VnQdRwl3lqqn2 +V8hP3aoXcyr8tOUIb1FbeEAr/DFVfnCvuoUyGGiRmXB7r9ZMNQKCAQEA4QWvcL6h +s+/9EBIB/4epkYjZiB+lUSnX8f7tWXJa9GYdlUKLoddTaDj1Lj8/6xj7VzlNju75 +aHybWzobcL+MKu8sKnxvuHRgGuUMwtr1vS077OH0CJZJ2IZVxj3Dwg2jkVh1USgA +2ygsrZrNt4BPrJFwteyzlOmst0xjtn4bMkYaAplfw1XjMUUXh0urAbXgnjkLVlPc +fa/uFqKxul1LCs6uYA5wLr3hv3gIPfnpol00CvtvwQGugx1TL25yhKYqEEXe7Cq6 +Gh/gFf5FEfveqftMRUROAtR147uoEMlcDKccoYng1RRUZyZwXmUsjD0Wioib6SWb +Dx2u/JhBJHHEIQKCAQAhp1ieDBId0PVwBO62MqrNdNogAT0Hy6RKHoKkY5MJVGhf +pGjJOUtWDbEoCwBXwVOP0a7vj/XtjiYS8DEbBDZzpUoEo7uz8FKRfVytVKmLnisG +OZVczPOM9qEOsIzBi3Ls0cJLypaTXCF8HEfNWa3zicAjDMthNm28Z9k6LI9P2b3u +JHYx+rRr1wuHtV+E3nJAFWY1KH4h89BtqiWhrm+J7PIb500z/rHsSRm3ZxxrAWhk +iyGwb7nnyhsie3kJindf8zAtWhsGtRWm7as3YMwDT0qx5zF5FPVfdIgpKp8SHFP7 +cM6nL2lKlDfINPU9rvYemOJKWISDpHA7zWgMSPAZAoIBAFrn3RSDLvhuf6G6ZKxC +tjJhQuBHSJYdfWv6PRDhrfUGO/VMyPQ89SkpuYNRchUcJo36TGbuDDw1+t1EAEnw +WEQQE5umYcv218yFtD4UDyq513e/YMMHVBXxTz2jPi5rLCVPwzViH9ZpyILqAyma +4JUqvIoCcho6vNfgOHhFQd9xiph6NcHINNx2uSajXxZ1z6ScDwR1JKJyLJFgcMSF +ZAedr7yGmLOJamXbrBi9mbFKTfgR0/f5IfM+KZkD2afVKTEhyQlHyZ88OV8pNeYq +Bq5NI2boTUu/YVD7Qs5lSpah/GMWPIpYiDCTytmXrgOJuk2FGtd5pcbZixPovohm +nYECggEAXlAodUwd/B9S3j74VjYPjUBPM5EiQ8xIcY2VfO+FC+GBlKtRPbLX7p3Y +D1pGm7pVECaA2tjZkycvPVQmzsFNoFlUF3dqunTT3rrXgwGhvBT8ig6MYDk+1AoY +ZCPWfVDcRWMCvBaf7GBuGRZ/5Bly02PDu6587OOyDQ2MpP8yMzz3f+T2uRalyeEC +7xU1ULvpOlffGEQ7idNX/ebdsKyPRuqfvr5dgmJcRO8y+Qjr85/Pajes2pYYeF2X +P0n8Stypn+gNHU4YTX2O73qXKbMITzpqVOVv+aJPTAyTGPqTI2AytqWThTu2+rtj +VB4k7gEWgySNUslPoSqGbiipfiEYEA== +-----END PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.pem new file mode 100644 index 0000000..08fb3ef --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/RemoteAttestation/server.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFqzCCA5OgAwIBAgIJAJELT4LFOrbqMA0GCSqGSIb3DQEBCwUAMGwxCzAJBgNV +BAYTAlVTMQswCQYDVQQIDAJHQTEQMA4GA1UEBwwHQXRsYW50YTEPMA0GA1UECgwG +R2F0ZWNoMQwwCgYDVQQDDANmYW4xHzAdBgkqhkiG9w0BCQEWEGZzYW5nQGdhdGVj +aC5lZHUwHhcNMTgwNzAzMjIwOTQyWhcNMTkwNzAzMjIwOTQyWjBsMQswCQYDVQQG +EwJVUzELMAkGA1UECAwCR0ExEDAOBgNVBAcMB0F0bGFudGExDzANBgNVBAoMBkdh +dGVjaDEMMAoGA1UEAwwDZmFuMR8wHQYJKoZIhvcNAQkBFhBmc2FuZ0BnYXRlY2gu +ZWR1MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA2sM3FEWvQ8vnMpG+ +5owtpCyBNrl8s50hpd3I4RgjxiTDioN1ku7Zt6nkEcMRmKZYKmWS00tdeWDRX7oS +KvjhEkwG2+KCOxkadSKdbR2LRWQpzkiRIj0ZbyHlvsFDQU1aX2F/JoPYa2vKHgba +UG8Ee7InuMeeJGRCpNdSPuDQD8fMBquqik7ut3lF+UYJVskKATpXTc5gpMfywTWs +Nh+euWEZD99vJVZH8nQKlpTQudIP6W0hA0Z5o50CmDnXJUplghCTBxvVnW++7qKx +oeYVRHzts2ZxVAjgqTf+EO+lkSxjA4T/A806/jzl59rEJ5ZjEF/jDofgngI5Z66r +0fX5A8oNl1ViJeZ2yzIRYbenar3GW6azqCmkrlCHOgRCULPHOKZ4UD9qUVWHJQoW +h3Vg+R41sPvULIWiT2RUvoU3URFPB3gOH5wi+nXzkP9Cw6x7zJqWlExBcU+BSNGO +gPADyA98n0vo0Lj4JmmqWPfyqQWBw68H0cxycoxApkqIFPciQ1FhK3NJdhu5rN5Y +X48vqPwNNRpGjqjEnvf/6q9G6ArF7HUvEeEqPd5WIWNb5f/vCKoWLphE7rNnwHO3 +axUU/hKlzM0xeU+A//yKgpHL3jCBU1w5GaJyD8Xl6iAB9UgKMCgKOGBZG7J/BNRb +DSmarljbEmEln4kPNw3EVdRdZtUCAwEAAaNQME4wHQYDVR0OBBYEFMTWqmoK2OzU +aEkH7EO7oJ9AxP5aMB8GA1UdIwQYMBaAFMTWqmoK2OzUaEkH7EO7oJ9AxP5aMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAFg4Ud8hQbZTsn3kkk5Qp55l +6cFugTQspw04HPagescRlzEaHqvgzt5UiIqNMiIUJYi8nb/TeDNGpLC5pcRUmcvR +MyPsGOc6B6C+9ubciiPHSq6tzoVYuBZ6/mnttYWtV1MqbELcDxw1D/AOVArgpOBz +6hgpvkWNkYhenPvZVCFCe4rfqINCbNNw3wO/W7Y7H02OS0XZK9F/H4rEJkphhZ88 +3s8E1B6ExViwsnvO8qm+Pc7SrmYdyTutUTmBPLt0ufFHcrabcME6faeFSR0P2+5V +Wf4ui28i8sSij+AbgVaa25AXZc33AZn5g6Lru9VXqEnatMX8pLVGbT7594LOeRUh +Swq8L7LpCCDjUrepnN4prDadNfQ1Jog7lO1Vn7SK1NrItxCFLbJRSXQEfEuBWmoB +l2luP0uKyYw61roz9yD3viaJNrcZBsnQbfujz4kB8PqL5pnvX8BB0E6Kp7v0iOrW +vSpiJvm4MYh8f7yD+AMo8mUqthOeyg0WUQn9ey6Izc5Y4l4wX3RdKrYMLVJXgDgv +c389BD7JO0HS/ebL1G/3j7+ksR++Atbqt5LvwrROzCTUVry1HVR0QmyQfotYYe6B +1EgtOD9kORzmqK1MIdZFhKq2nzSmpJSAflvHGVHB0nWHFae8VEoZViELaa58SNAf +Ot6BfvcIQ3GBwPEusVFk +-----END CERTIFICATE----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/App.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/App.cpp new file mode 100755 index 0000000..c0e9ebb --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/App.cpp @@ -0,0 +1,53 @@ +#include +#include +#include "Enclave_u.h" +#include "sgx_urts.h" +#include "sgx_utils/sgx_utils.h" + +/* Global EID shared by multiple threads */ +sgx_enclave_id_t global_eid = 0; + +// OCall implementations +void ocall_print(const char* str) { + printf("%s\n", str); +} + +int main(int argc, char const *argv[]) { + if (initialize_enclave(&global_eid, "enclave.token", "enclave.signed.so") < 0) { + std::cout << "Fail to initialize enclave." << std::endl; + return 1; + } + int ptr; + sgx_status_t status = generate_random_number(global_eid, &ptr); + std::cout << status << std::endl; + if (status != SGX_SUCCESS) { + std::cout << "noob" << std::endl; + } + printf("Random number: %d\n", ptr); + + // Seal the random number + size_t sealed_size = sizeof(sgx_sealed_data_t) + sizeof(ptr); + uint8_t* sealed_data = (uint8_t*)malloc(sealed_size); + + sgx_status_t ecall_status; + status = seal(global_eid, &ecall_status, + (uint8_t*)&ptr, sizeof(ptr), + (sgx_sealed_data_t*)sealed_data, sealed_size); + + if (!is_ecall_successful(status, "Sealing failed :(", ecall_status)) { + return 1; + } + + int unsealed; + status = unseal(global_eid, &ecall_status, + (sgx_sealed_data_t*)sealed_data, sealed_size, + (uint8_t*)&unsealed, sizeof(unsealed)); + + if (!is_ecall_successful(status, "Unsealing failed :(", ecall_status)) { + return 1; + } + + std::cout << "Seal round trip success! Receive back " << unsealed << std::endl; + + return 0; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.cpp new file mode 100755 index 0000000..1e1d2e5 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.cpp @@ -0,0 +1,83 @@ +#include +#include +#include "sgx_urts.h" +#include "sgx_utils.h" + +#ifndef TRUE +# define TRUE 1 +#endif + +#ifndef FALSE +# define FALSE 0 +#endif + +/* Check error conditions for loading enclave */ +void print_error_message(sgx_status_t ret) { + printf("SGX error code: %d\n", ret); +} + +/* Initialize the enclave: + * Step 1: try to retrieve the launch token saved by last transaction + * Step 2: call sgx_create_enclave to initialize an enclave instance + * Step 3: save the launch token if it is updated + */ +int initialize_enclave(sgx_enclave_id_t* eid, const std::string& launch_token_path, const std::string& enclave_name) { + const char* token_path = launch_token_path.c_str(); + sgx_launch_token_t token = {0}; + sgx_status_t ret = SGX_ERROR_UNEXPECTED; + int updated = 0; + + /* Step 1: try to retrieve the launch token saved by last transaction + * if there is no token, then create a new one. + */ + /* try to get the token saved in $HOME */ + FILE* fp = fopen(token_path, "rb"); + if (fp == NULL && (fp = fopen(token_path, "wb")) == NULL) { + printf("Warning: Failed to create/open the launch token file \"%s\".\n", token_path); + } + + if (fp != NULL) { + /* read the token from saved file */ + size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), fp); + if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) { + /* if token is invalid, clear the buffer */ + memset(&token, 0x0, sizeof(sgx_launch_token_t)); + printf("Warning: Invalid launch token read from \"%s\".\n", token_path); + } + } + /* Step 2: call sgx_create_enclave to initialize an enclave instance */ + /* Debug Support: set 2nd parameter to 1 */ + ret = sgx_create_enclave(enclave_name.c_str(), SGX_DEBUG_FLAG, &token, &updated, eid, NULL); + if (ret != SGX_SUCCESS) { + print_error_message(ret); + if (fp != NULL) fclose(fp); + return -1; + } + + /* Step 3: save the launch token if it is updated */ + if (updated == FALSE || fp == NULL) { + /* if the token is not updated, or file handler is invalid, do not perform saving */ + if (fp != NULL) fclose(fp); + return 0; + } + + /* reopen the file with write capablity */ + fp = freopen(token_path, "wb", fp); + if (fp == NULL) return 0; + size_t write_num = fwrite(token, 1, sizeof(sgx_launch_token_t), fp); + if (write_num != sizeof(sgx_launch_token_t)) + printf("Warning: Failed to save launch token to \"%s\".\n", token_path); + fclose(fp); + return 0; +} + +bool is_ecall_successful(sgx_status_t sgx_status, const std::string& err_msg, + sgx_status_t ecall_return_value) { + if (sgx_status != SGX_SUCCESS || ecall_return_value != SGX_SUCCESS) { + printf("%s\n", err_msg.c_str()); + print_error_message(sgx_status); + print_error_message(ecall_return_value); + return false; + } + return true; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.h b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.h new file mode 100755 index 0000000..cc71586 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/App/sgx_utils/sgx_utils.h @@ -0,0 +1,12 @@ +#ifndef SGX_UTILS_H_ +#define SGX_UTILS_H_ + +#include + +void print_error_message(sgx_status_t ret); + +int initialize_enclave(sgx_enclave_id_t* eid, const std::string& launch_token_path, const std::string& enclave_name); + +bool is_ecall_successful(sgx_status_t sgx_status, const std::string& err_msg, sgx_status_t ecall_return_value = SGX_SUCCESS); + +#endif // SGX_UTILS_H_ diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.config.xml b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.config.xml new file mode 100755 index 0000000..a94d12f --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.config.xml @@ -0,0 +1,12 @@ + + + 0 + 0 + 0x40000 + 0x100000 + 10 + 1 + 0 + 0 + 0xFFFFFFFF + diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.cpp new file mode 100755 index 0000000..a452652 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.cpp @@ -0,0 +1,6 @@ +#include "Enclave_t.h" + +int generate_random_number() { + ocall_print("Processing random number generation..."); + return 42; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.edl new file mode 100755 index 0000000..de78cab --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave.edl @@ -0,0 +1,13 @@ +enclave { + from "Sealing/Sealing.edl" import *; + + trusted { + /* define ECALLs here. */ + public int generate_random_number(void); + }; + + untrusted { + /* define OCALLs here. */ + void ocall_print([in, string]const char* str); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave_private.pem b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave_private.pem new file mode 100755 index 0000000..529d07b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Enclave_private.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4gIBAAKCAYEAroOogvsj/fZDZY8XFdkl6dJmky0lRvnWMmpeH41Bla6U1qLZ +AmZuyIF+mQC/cgojIsrBMzBxb1kKqzATF4+XwPwgKz7fmiddmHyYz2WDJfAjIveJ +ZjdMjM4+EytGlkkJ52T8V8ds0/L2qKexJ+NBLxkeQLfV8n1mIk7zX7jguwbCG1Pr +nEMdJ3Sew20vnje+RsngAzdPChoJpVsWi/K7cettX/tbnre1DL02GXc5qJoQYk7b +3zkmhz31TgFrd9VVtmUGyFXAysuSAb3EN+5VnHGr0xKkeg8utErea2FNtNIgua8H +ONfm9Eiyaav1SVKzPHlyqLtcdxH3I8Wg7yqMsaprZ1n5A1v/levxnL8+It02KseD +5HqV4rf/cImSlCt3lpRg8U5E1pyFQ2IVEC/XTDMiI3c+AR+w2jSRB3Bwn9zJtFlW +KHG3m1xGI4ck+Lci1JvWWLXQagQSPtZTsubxTQNx1gsgZhgv1JHVZMdbVlAbbRMC +1nSuJNl7KPAS/VfzAgEDAoIBgHRXxaynbVP5gkO0ug6Qw/E27wzIw4SmjsxG6Wpe +K7kfDeRskKxESdsA/xCrKkwGwhcx1iIgS5+Qscd1Yg+1D9X9asd/P7waPmWoZd+Z +AhlKwhdPsO7PiF3e1AzHhGQwsUTt/Y/aSI1MpHBvy2/s1h9mFCslOUxTmWw0oj/Q +ldIEgWeNR72CE2+jFIJIyml6ftnb6qzPiga8Bm48ubKh0kvySOqnkmnPzgh+JBD6 +JnBmtZbfPT97bwTT+N6rnPqOOApvfHPf15kWI8yDbprG1l4OCUaIUH1AszxLd826 +5IPM+8gINLRDP1MA6azECPjTyHXhtnSIBZCyWSVkc05vYmNXYUNiXWMajcxW9M02 +wKzFELO8NCEAkaTPxwo4SCyIjUxiK1LbQ9h8PSy4c1+gGP4LAMR8xqP4QKg6zdu9 +osUGG/xRe/uufgTBFkcjqBHtK5L5VI0jeNIUAgW/6iNbYXjBMJ0GfauLs+g1VsOm +WfdgXzsb9DYdMa0OXXHypmV4GwKBwQDUwQj8RKJ6c8cT4vcWCoJvJF00+RFL+P3i +Gx2DLERxRrDa8AVGfqaCjsR+3vLgG8V/py+z+dxZYSqeB80Qeo6PDITcRKoeAYh9 +xlT3LJOS+k1cJcEmlbbO2IjLkTmzSwa80fWexKu8/Xv6vv15gpqYl1ngYoqJM3pd +vzmTIOi7MKSZ0WmEQavrZj8zK4endE3v0eAEeQ55j1GImbypSf7Idh7wOXtjZ7WD +Dg6yWDrri+AP/L3gClMj8wsAxMV4ZR8CgcEA0fzDHkFa6raVOxWnObmRoDhAtE0a +cjUj976NM5yyfdf2MrKy4/RhdTiPZ6b08/lBC/+xRfV3xKVGzacm6QjqjZrUpgHC +0LKiZaMtccCJjLtPwQd0jGQEnKfMFaPsnhOc5y8qVkCzVOSthY5qhz0XNotHHFmJ +gffVgB0iqrMTvSL7IA2yqqpOqNRlhaYhNl8TiFP3gIeMtVa9rZy31JPgT2uJ+kfo +gV7sdTPEjPWZd7OshGxWpT6QfVDj/T9T7L6tAoHBAI3WBf2DFvxNL2KXT2QHAZ9t +k3imC4f7U+wSE6zILaDZyzygA4RUbwG0gv8/TJVn2P/Eynf76DuWHGlaiLWnCbSz +Az2DHBQBBaku409zDQym3j1ugMRjzzSQWzJg0SIyBH3hTmnYcn3+Uqcp/lEBvGW6 +O+rsXFt3pukqJmIV8HzLGGaLm62BHUeZf3dyWm+i3p/hQAL7Xvu04QW70xuGqdr5 +afV7p5eaeQIJXyGQJ0eylV/90+qxjMKiB1XYg6WYvwKBwQCL/ddpgOdHJGN8uRom +e7Zq0Csi3hGheMKlKbN3vcxT5U7MdyHtTZZOJbTvxKNNUNYH/8uD+PqDGNneb29G +BfGzvI3EASyLIcGZF3OhKwZd0jUrWk2y7Vhob91jwp2+t73vdMbkKyI4mHOuXvGv +fg95si9oO7EBT+Oqvhccd2J+F1IVXncccYnF4u5ZGWt5lLewN/pVr7MjjykeaHqN +t+rfnQam2psA6fL4zS2zTmZPzR2tnY8Y1GBTi0Ko1OKd1HMCgcAb5cB/7/AQlhP9 +yQa04PLH9ygQkKKptZp7dy5WcWRx0K/hAHRoi2aw1wZqfm7VBNu2SLcs90kCCCxp +6C5sfJi6b8NpNbIPC+sc9wsFr7pGo9SFzQ78UlcWYK2Gu2FxlMjonhka5hvo4zvg +WxlpXKEkaFt3gLd92m/dMqBrHfafH7VwOJY2zT3WIpjwuk0ZzmRg5p0pG/svVQEH +NZmwRwlopysbR69B/n1nefJ84UO50fLh5s5Zr3gBRwbWNZyzhXk= +-----END RSA PRIVATE KEY----- diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.cpp b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.cpp new file mode 100755 index 0000000..068bdcd --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.cpp @@ -0,0 +1,48 @@ +#include "sgx_trts.h" +#include "sgx_tseal.h" +#include "string.h" +#include "Enclave_t.h" + +/** + * @brief Seals the plaintext given into the sgx_sealed_data_t structure + * given. + * + * @details The plaintext can be any data. uint8_t is used to represent a + * byte. The sealed size can be determined by computing + * sizeof(sgx_sealed_data_t) + plaintext_len, since it is using + * AES-GCM which preserves length of plaintext. The size needs to be + * specified, otherwise SGX will assume the size to be just + * sizeof(sgx_sealed_data_t), not taking into account the sealed + * payload. + * + * @param plaintext The data to be sealed + * @param[in] plaintext_len The plaintext length + * @param sealed_data The pointer to the sealed data structure + * @param[in] sealed_size The size of the sealed data structure supplied + * + * @return Truthy if seal successful, falsy otherwise. + */ +sgx_status_t seal(uint8_t* plaintext, size_t plaintext_len, sgx_sealed_data_t* sealed_data, size_t sealed_size) { + sgx_status_t status = sgx_seal_data(0, NULL, plaintext_len, plaintext, sealed_size, sealed_data); + return status; +} + +/** + * @brief Unseal the sealed_data given into c-string + * + * @details The resulting plaintext is of type uint8_t to represent a byte. + * The sizes/length of pointers need to be specified, otherwise SGX + * will assume a count of 1 for all pointers. + * + * @param sealed_data The sealed data + * @param[in] sealed_size The size of the sealed data + * @param plaintext A pointer to buffer to store the plaintext + * @param[in] plaintext_max_len The size of buffer prepared to store the + * plaintext + * + * @return Truthy if unseal successful, falsy otherwise. + */ +sgx_status_t unseal(sgx_sealed_data_t* sealed_data, size_t sealed_size, uint8_t* plaintext, uint32_t plaintext_len) { + sgx_status_t status = sgx_unseal_data(sealed_data, NULL, NULL, (uint8_t*)plaintext, &plaintext_len); + return status; +} diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.edl b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.edl new file mode 100755 index 0000000..c3d4b63 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Enclave/Sealing/Sealing.edl @@ -0,0 +1,9 @@ +enclave { + include "sgx_tseal.h" + + trusted { + public sgx_status_t seal([in, size=plaintext_len]uint8_t* plaintext, size_t plaintext_len, [out, size=sealed_size]sgx_sealed_data_t* sealed_data, size_t sealed_size); + + public sgx_status_t unseal([in, size=sealed_size]sgx_sealed_data_t* sealed_data, size_t sealed_size, [out, size=plaintext_len]uint8_t* plaintext, uint32_t plaintext_len); + }; +}; diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/LICENSE b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/LICENSE new file mode 100755 index 0000000..cf1ab25 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/LICENSE @@ -0,0 +1,24 @@ +This is free and unencumbered software released into the public domain. + +Anyone is free to copy, modify, publish, use, compile, sell, or +distribute this software, either in source code form or as a compiled +binary, for any purpose, commercial or non-commercial, and by any +means. + +In jurisdictions that recognize copyright laws, the author or authors +of this software dedicate any and all copyright interest in the +software to the public domain. We make this dedication for the benefit +of the public at large and to the detriment of our heirs and +successors. We intend this dedication to be an overt act of +relinquishment in perpetuity of all present and future rights to this +software under copyright law. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. +IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR +OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, +ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR +OTHER DEALINGS IN THE SOFTWARE. + +For more information, please refer to diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Makefile b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Makefile new file mode 100755 index 0000000..d0ea32b --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/Makefile @@ -0,0 +1,213 @@ +# +# Copyright (C) 2011-2016 Intel Corporation. All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in +# the documentation and/or other materials provided with the +# distribution. +# * Neither the name of Intel Corporation nor the names of its +# contributors may be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +# + +######## SGX SDK Settings ######## + +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= SIM +SGX_ARCH ?= x64 + +ifeq ($(shell getconf LONG_BIT), 32) + SGX_ARCH := x86 +else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) + SGX_ARCH := x86 +endif + +ifeq ($(SGX_ARCH), x86) + SGX_COMMON_CFLAGS := -m32 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x86/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x86/sgx_edger8r +else + SGX_COMMON_CFLAGS := -m64 + SGX_LIBRARY_PATH := $(SGX_SDK)/lib64 + SGX_ENCLAVE_SIGNER := $(SGX_SDK)/bin/x64/sgx_sign + SGX_EDGER8R := $(SGX_SDK)/bin/x64/sgx_edger8r +endif + +ifeq ($(SGX_DEBUG), 1) +ifeq ($(SGX_PRERELEASE), 1) +$(error Cannot set SGX_DEBUG and SGX_PRERELEASE at the same time!!) +endif +endif + +ifeq ($(SGX_DEBUG), 1) + SGX_COMMON_CFLAGS += -O0 -g +else + SGX_COMMON_CFLAGS += -O2 +endif + +######## App Settings ######## + +ifneq ($(SGX_MODE), HW) + Urts_Library_Name := sgx_urts_sim +else + Urts_Library_Name := sgx_urts +endif + +# App_Cpp_Files := App/App.cpp $(wildcard App/Edger8rSyntax/*.cpp) $(wildcard App/TrustedLibrary/*.cpp) +App_Cpp_Files := App/App.cpp App/sgx_utils/sgx_utils.cpp +# App_Include_Paths := -IInclude -IApp -I$(SGX_SDK)/include +App_Include_Paths := -IApp -I$(SGX_SDK)/include + +App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) + +# Three configuration modes - Debug, prerelease, release +# Debug - Macro DEBUG enabled. +# Prerelease - Macro NDEBUG and EDEBUG enabled. +# Release - Macro NDEBUG enabled. +ifeq ($(SGX_DEBUG), 1) + App_C_Flags += -DDEBUG -UNDEBUG -UEDEBUG +else ifeq ($(SGX_PRERELEASE), 1) + App_C_Flags += -DNDEBUG -DEDEBUG -UDEBUG +else + App_C_Flags += -DNDEBUG -UEDEBUG -UDEBUG +endif + +App_Cpp_Flags := $(App_C_Flags) -std=c++11 +App_Link_Flags := $(SGX_COMMON_CFLAGS) -L$(SGX_LIBRARY_PATH) -l$(Urts_Library_Name) -lpthread + +ifneq ($(SGX_MODE), HW) + App_Link_Flags += -lsgx_uae_service_sim +else + App_Link_Flags += -lsgx_uae_service +endif + +App_Cpp_Objects := $(App_Cpp_Files:.cpp=.o) + +App_Name := app + +######## Enclave Settings ######## + +ifneq ($(SGX_MODE), HW) + Trts_Library_Name := sgx_trts_sim + Service_Library_Name := sgx_tservice_sim +else + Trts_Library_Name := sgx_trts + Service_Library_Name := sgx_tservice +endif +Crypto_Library_Name := sgx_tcrypto + +# Enclave_Cpp_Files := Enclave/Enclave.cpp $(wildcard Enclave/Edger8rSyntax/*.cpp) $(wildcard Enclave/TrustedLibrary/*.cpp) +Enclave_Cpp_Files := Enclave/Enclave.cpp Enclave/Sealing/Sealing.cpp +# Enclave_Include_Paths := -IInclude -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport +Enclave_Include_Paths := -IEnclave -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc -I$(SGX_SDK)/include/stlport + +Enclave_C_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Enclave_Include_Paths) +Enclave_Cpp_Flags := $(Enclave_C_Flags) -std=c++03 -nostdinc++ +Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles -L$(SGX_LIBRARY_PATH) \ + -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \ + -Wl,--start-group -lsgx_tstdc -lsgx_tstdcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \ + -Wl,-Bstatic -Wl,-Bsymbolic -Wl,--no-undefined \ + -Wl,-pie,-eenclave_entry -Wl,--export-dynamic \ + -Wl,--defsym,__ImageBase=0 + # -Wl,--version-script=Enclave/Enclave.lds + +Enclave_Cpp_Objects := $(Enclave_Cpp_Files:.cpp=.o) + +Enclave_Name := enclave.so +Signed_Enclave_Name := enclave.signed.so +Enclave_Config_File := Enclave/Enclave.config.xml + +ifeq ($(SGX_MODE), HW) +ifneq ($(SGX_DEBUG), 1) +ifneq ($(SGX_PRERELEASE), 1) +Build_Mode = HW_RELEASE +endif +endif +endif + + +.PHONY: all run + +ifeq ($(Build_Mode), HW_RELEASE) +all: $(App_Name) $(Enclave_Name) + @echo "The project has been built in release hardware mode." + @echo "Please sign the $(Enclave_Name) first with your signing key before you run the $(App_Name) to launch and access the enclave." + @echo "To sign the enclave use the command:" + @echo " $(SGX_ENCLAVE_SIGNER) sign -key -enclave $(Enclave_Name) -out <$(Signed_Enclave_Name)> -config $(Enclave_Config_File)" + @echo "You can also sign the enclave using an external signing tool. See User's Guide for more details." + @echo "To build the project in simulation mode set SGX_MODE=SIM. To build the project in prerelease mode set SGX_PRERELEASE=1 and SGX_MODE=HW." +else +all: $(App_Name) $(Signed_Enclave_Name) +endif + +run: all +ifneq ($(Build_Mode), HW_RELEASE) + @$(CURDIR)/$(App_Name) + @echo "RUN => $(App_Name) [$(SGX_MODE)|$(SGX_ARCH), OK]" +endif + +######## App Objects ######## + +App/Enclave_u.c: $(SGX_EDGER8R) Enclave/Enclave.edl + @cd App && $(SGX_EDGER8R) --untrusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +App/Enclave_u.o: App/Enclave_u.c + @$(CC) $(App_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +App/%.o: App/%.cpp + @$(CXX) $(App_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(App_Name): App/Enclave_u.o $(App_Cpp_Objects) + @$(CXX) $^ -o $@ $(App_Link_Flags) + @echo "LINK => $@" + + +######## Enclave Objects ######## + +Enclave/Enclave_t.c: $(SGX_EDGER8R) Enclave/Enclave.edl + @cd Enclave && $(SGX_EDGER8R) --trusted ../Enclave/Enclave.edl --search-path ../Enclave --search-path $(SGX_SDK)/include + @echo "GEN => $@" + +Enclave/Enclave_t.o: Enclave/Enclave_t.c + @$(CC) $(Enclave_C_Flags) -c $< -o $@ + @echo "CC <= $<" + +Enclave/%.o: Enclave/%.cpp + @$(CXX) $(Enclave_Cpp_Flags) -c $< -o $@ + @echo "CXX <= $<" + +$(Enclave_Name): Enclave/Enclave_t.o $(Enclave_Cpp_Objects) + @$(CXX) $^ -o $@ $(Enclave_Link_Flags) + @echo "LINK => $@" + +$(Signed_Enclave_Name): $(Enclave_Name) + @$(SGX_ENCLAVE_SIGNER) sign -key Enclave/Enclave_private.pem -enclave $(Enclave_Name) -out $@ -config $(Enclave_Config_File) + @echo "SIGN => $@" + +.PHONY: clean + +clean: + @rm -f $(App_Name) $(Enclave_Name) $(Signed_Enclave_Name) $(App_Cpp_Objects) App/Enclave_u.* $(Enclave_Cpp_Objects) Enclave/Enclave_t.* diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/README.md b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/README.md new file mode 100755 index 0000000..5b74c58 --- /dev/null +++ b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/README.md @@ -0,0 +1,23 @@ +# Intel SGX "Hello World" + +This is meant to be a base template for an [Intel SGX](https://github.com/01org/linux-sgx/) application on Linux. Not sure if it is just me, but I feel the documentations on Intel SGX development on Linux is still sorely lacking. This meant to be a stub of a "Getting-started" tutorial. + +This template is based on the SampleEnclave app of the sample enclaves provided with the Intel SGX Linux [drivers](https://github.com/01org/linux-sgx-driver) and [SDK](https://github.com/01org/linux-sgx/). + +## Features + +- Sample code for doing `ECALL` +- Sample code for doing `OCALL` +- Sample code for sealing (can be taken out and patched into your enclave!) + +## TODO + +- Tutorial explaining what each directory and file is used for. + +- Write a getting started tutorial. + +- Tutorial on treating `edl`s as static library (with the sealing functions as example) + +## Contribute + +Any help for the above TODOs or any general feedback will be much appreciated! Go ahead and submit those PRs in! diff --git a/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/enclave.token b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/enclave.token new file mode 100644 index 0000000..f8251c5 Binary files /dev/null and b/Assignment 7 - SGX Hands-on/SGX101_sample_code-master/Sealing/enclave.token differ