Fix compile warning and store user account id to phone number mapping

Author: TonyCode2012

Client/client.js

@@ -12,14 +12,12 @@ const getMsg2 = require('./msg2').getMsg2
 const getMsg4 = require('./msg4').getMsg4
 const msg0 = {
     "type": "msg0",
-    "name" : "yaoz",
-    "age" : 44,
 };
 
 async function main() {
     var session = {}
     /* Send msg0 and get msg1 */
-    const res1 = await httpSend(srvurl,null,msg0)
+    const res1 = await httpSend(srvurl,"POST",null,msg0)
     const msg1 = res1.body
     if (res1.statusCode != 200 || msg1.status == 'failed')
     {
@@ -30,15 +28,15 @@ async function main() {
     console.log("\n===== Msg1 Detail =====")
     console.log(msg1)
     // Get msg2 from msg1
-    const msg2 = getMsg2({
+    const msg2 = await getMsg2({
         X : msg1.gax,
         Y : msg1.gay,
     }, session)
     console.log("\n===== Msg2 Detail =====")
     console.log(msg2)
 
     /* Send msg2 and get msg3 */
-    const res2 = await httpSend(srvurl,null,msg2)
+    const res2 = await httpSend(srvurl,"POST",null,msg2)
     const msg3 = res2.body
     if (res2.statusCode != 200 || msg3.status == 'failed')
     {
@@ -52,10 +50,10 @@ async function main() {
     const msg4 = await getMsg4(msg3,session)
     console.log("\n===== Msg4 Detail =====")
     console.log(msg4)
-    const res = await httpSend(srvurl,null,msg4)
+    const res3 = await httpSend(srvurl,"POST",null,msg4)
 
     console.log("\n===== Response Detail =====")
-    console.log(res.body)
+    console.log(res3.body)
 }
 
 main()

Client/config.js

@@ -2,10 +2,16 @@ const srvurl = "http://localhost:12345";
 const iasBaseUrl = "https://api.trustedservices.intel.com/sgx/dev/attestation/v3"
 const iasHeader = { "Ocp-Apim-Subscription-Key": "e2e08166ca0f41ef88af2797f007c7cd"}
 const signPriKey = "018C03D1533457ADEAAEB6653B6A861FEC879C4311DE663BCEA1522DBB6CE790"
+const SPID = "FEF23C7E73A379823CE71FF289CFBC07"
+const AES_CMAC_KDF_ID = 0x0001
+const SAMPLE_QUOTE_LINKABLE_SIGNATURE = 1
 
 module.exports = {
     srvurl : srvurl,
     iasBaseUrl : iasBaseUrl,
     iasHeader : iasHeader,
     signPriKey : signPriKey,
+    SPID : SPID,
+    AES_CMAC_KDF_ID : AES_CMAC_KDF_ID,
+    SAMPLE_QUOTE_LINKABLE_SIGNATURE : SAMPLE_QUOTE_LINKABLE_SIGNATURE,
 }

Client/msg2.js

@@ -1,41 +1,44 @@
-const SPID = "FEF23C7E73A379823CE71FF289CFBC07";
 const SIGRL = 0;
 const SIZE_SIGRL = 0;
-const AES_CMAC_KDF_ID = 0x0001;
-const SAMPLE_QUOTE_LINKABLE_SIGNATURE = 1;
 const {
     switchEndian,
     toHex,
     hexStringToArray,
     buf2hexString,
     hexString2Buffer,
+    httpSend,
 } = require("./utils");
 const {
     signPriKey,
+    SPID,
+    iasBaseUrl,
+    iasHeader,
 } = require("./config")
 
 const crypto = require("crypto")
 const aesCmac = require("node-aes-cmac").aesCmac;
 const EC = require('elliptic').ec
 const ec = new EC('p256');
-const ecUtils = require('eckey-utils')
-const eccrypto = require("eccrypto")
-const bigInt = require("big-integer");
 
 
-function handleEcdhParam(decArray) {
-  const hexStrArray = decArray.map(num => {
-    const hex = num.toString(16);
-    return (hex.length < 2) ? '0' + hex : hex;
-  });
-  const hexString = hexStrArray.join("");
-  const switchedHexString = switchEndian(hexString);
-  const decimalString = bigInt(switchedHexString, 16).toString();
-  return decimalString;
-}
 
+async function getMsg2(ecPublicKey, session) {
+    /* Get sigrl */
+    console.log("\n===== Requesting SigRL from IAS... ======")
+    var sigrl = ""
+    var sigrlSize = 0
+    const sigRet = await httpSend(iasBaseUrl+"/sigrl/"+switchEndian(session.gid),"GET",iasHeader,"")
+    if (sigRet.statusCode != 200)
+    {
+        console.log("Request IAS server failed!")
+        return null
+    }
+    if (sigRet.body != undefined && sigRet.body != "")
+    {
+        sigrl = sigRet.body
+        sigrlSize = sigrl.length
+    }
 
-function getMsg2(ecPublicKey, session) {
     /* Get GAX */
     const gax = ecPublicKey.X
     const gay = ecPublicKey.Y
@@ -60,10 +63,15 @@ function getMsg2(ecPublicKey, session) {
     const iv = Buffer.alloc(16, 0)
     const kdk = aesCmac(iv, hexString2Buffer(sharedKey))
     //console.log("kdk                = ",kdk)
-    // derive smk
+    // Derive smk
     const message = [0x01,'S'.charCodeAt(0),'M'.charCodeAt(0),'K'.charCodeAt(0),0x00,0x80,0x00]
     const smk = aesCmac(hexString2Buffer(kdk), Buffer.from(message))
     //console.log("smk                = ",smk)
+    // Derive sk and mk
+    const skMsg = [0x01,'S'.charCodeAt(0),'K'.charCodeAt(0),0x00,0x80,0x00]
+    const mkMsg = [0x01,'M'.charCodeAt(0),'K'.charCodeAt(0),0x00,0x80,0x00]
+    const sk = aesCmac(hexString2Buffer(kdk), Buffer.from(skMsg))
+    const mk = aesCmac(hexString2Buffer(kdk), Buffer.from(mkMsg))
 
     /**
      * @desc get signature: sign publck keys with my private key
@@ -100,8 +108,10 @@ function getMsg2(ecPublicKey, session) {
         gax: gax,
         gay: gay
     }
-    session["smk"] = smk
     session["kdk"] = kdk
+    session["smk"] = smk
+    session["sk"] = sk
+    session["mk"] = mk
     session["sharedKey"] = sharedKey
 
   /**
@@ -118,8 +128,8 @@ function getMsg2(ecPublicKey, session) {
         SigSPX: SigSPX,
         SigSPY: SigSPY,
         CMACsmk: CMACsmk,
-        sizeSigrl: SIZE_SIGRL,
-        sigrl: SIGRL
+        sizeSigrl: sigrlSize,
+        sigrl: sigrl,
     }
 }
 

Client/msg4.js

@@ -41,30 +41,27 @@ async function getMsg4(msg3, session) {
     }
 
     // Send quote to IAS
-    /*
     const b64quote = Base64.encode(hexString2Buffer(msg3.quote))
     const body = {
         "isvEnclaveQuote": b64quote
     }
-    console.log("===== Sending quote to IAS... ======")
-    const iasResponse = await httpSend(iasBaseUrl+"/report",iasHeader,body)
+    console.log("\n===== Sending quote to IAS... ======")
+    const iasResponse = await httpSend(iasBaseUrl+"/report","POST",iasHeader,body)
     if (iasResponse.statusCode != 200)
     {
-        console.log("Request IAS service failed!")
+        console.log("Request IAS server failed!")
         return null
     }
     console.log("\n===== Verify Quote successfully =====")
     console.log(iasResponse.body)
-    */
 
-
-    const skMsg = [0x01,'S'.charCodeAt(0),'K'.charCodeAt(0),0x00,0x80,0x00]
-    const sk = aesCmac(hexString2Buffer(session.kdk), Buffer.from(skMsg))
-    console.log("===== sk", sk)
+    // Encypt data
+    console.log("===== sk", session.sk)
+    console.log("===== mk", session.mk)
     const iv = Buffer.alloc(12,0)
     const emptyBuffer = Buffer.alloc(0,0)
-    const plainText = hexString2Buffer(sk)
-    const cipher = gcm.encrypt(hexString2Buffer(sk), iv, plainText, emptyBuffer)
+    const plainText = hexString2Buffer("15021128363")
+    const cipher = gcm.encrypt(hexString2Buffer(session.sk), iv, plainText, emptyBuffer)
     console.log("===== cipher text ===== ")
     console.log(cipher)
 

Client/utils.js

@@ -66,28 +66,31 @@ function buf2hexString(buffer) { // buffer is an ArrayBuffer
   return Array.prototype.map.call(new Uint8Array(buffer), x => ('00'  + x.toString(16)).slice(-2)).join('');
 }
 
-function httpSend(url,header,data) {
+function httpSend(url,method,header,data) {
     if (header == null)
     {
         header = {"content-type": "application/json"}
     }
+    if (method != "POST" && method != "GET")
+    {
+        console.log("Wrong http method!Should be POST or GET!")
+        return
+    }
     return new Promise(function(resolve, reject) {
         request({
             url: url,
-            method: "POST",
+            method: method,
             json: true,
             headers: header,
             body: data
         }, function(error, response, body) {
             if (!error && response.statusCode == 200) {
-                //console.log("successful:",response)
                 resolve({
                     body: body,
                     statusCode: response.statusCode,
                     response: response,
                 })
             } else {
-                //console.log("failed:",response)
                 reject({
                     statusCode: response.statusCode,
                 })

Server/App/App.cpp

@@ -4,7 +4,8 @@
 
 extern FILE *felog;
 
-int main(int argc, char** args)
+//int main(int argc, char** args)
+int main()
 {
     // Create log file
     if ((felog = create_logfile("./server.log")) == NULL)

Server/Enclave/EUtils/EUtils.cpp

@@ -23,7 +23,7 @@ int eprintf(const char *fmt, ...)
  * @description: use ocall_eprint_string to print format string
  * @return: the length of printed string
  */
-int cfeprintf(const char *fmt, ...)
+int feprintf(const char *fmt, ...)
 {
 	char buf[BUFSIZE] = {'\0'};
 	va_list ap;

Server/Enclave/EUtils/EUtils.h

@@ -20,7 +20,7 @@ extern "C"
 #endif
 
 int eprintf(const char* fmt, ...);
-int cfeprintf(const char* fmt, ...);
+int feprintf(const char* fmt, ...);
 char *hexstring(const void *vsrc, size_t len);
 uint8_t *hex_string_to_bytes(const char *src, size_t len);
 

Server/Enclave/Enclave.cpp

@@ -2,13 +2,17 @@
 #include <stdio.h>
 
 #include <assert.h>
+#include <map>
+#include <string>
 #include "sgx_tkey_exchange.h"
 #include "sgx_tcrypto.h"
 #include "sgx_tseal.h"
 #include "string.h"
 #include "EUtils.h"
 #include "Enclave_t.h"
 
+using namespace std;
+
 // This is the public EC key of the SP. The corresponding private EC key is
 // used by the SP to sign data used in the remote attestation SIGMA protocol
 // to sign channel binding data in MSG2. A successful verification of the
@@ -36,7 +40,17 @@ static const sgx_ec256_public_t g_sp_pub_key = {
 
 };
 
+// Store user account id to user phone num mapping
+map<vector<uint8_t>, string> accid_phone_map;
+// Store context id to user account id mapping
+map<sgx_ra_context_t, vector<uint8_t>> contextid_accid_map;
 
+/**
+ * @description: Initialize remote attestation context
+ * @param b_pse -> Indicate whether create pse session
+ * @param p_context -> RA session
+ * @return: Initialize status
+ * */
 sgx_status_t ecall_init_ra(int b_pse, sgx_ra_context_t *p_context)
 {
     // isv enclave call to trusted key exchange library.
@@ -61,32 +75,84 @@ sgx_status_t ecall_init_ra(int b_pse, sgx_ra_context_t *p_context)
     return ret;
 }
 
+/**
+ * @description: Close remote attestation
+ * @param context -> Indicate to be closed context
+ * @return: Close status
+ * */
 sgx_status_t SGXAPI ecall_ra_close(sgx_ra_context_t context) 
 {
     sgx_status_t ret;
     ret = sgx_ra_close(context);
+    contextid_accid_map.erase(context);
     return ret;
 }
 
-sgx_status_t ecall_verify_secret(sgx_ra_context_t context,
+/**
+ * @description: Store user account id
+ * @param context -> Corresponding context
+ * @param p_Gb -> Pointer to user account id
+ * @param Gb_size -> User account id size
+ * */
+void ecall_store_account_id(sgx_ra_context_t context, uint8_t* p_Gb, uint32_t Gb_size)
+{
+    vector<uint8_t> Gb_v(p_Gb, p_Gb + Gb_size);
+    contextid_accid_map[context] = Gb_v;
+}
+
+/**
+ * @description: Decrypt user passed data
+ * @param context -> Corresponding context
+ * @param p_src -> Encrypted data
+ * @param src_len -> Encrypted data size
+ * @param p_in_mac -> Encrypted data mac
+ * @return: Decrypted status
+ * */
+sgx_status_t ecall_decrypt_secret(sgx_ra_context_t context,
         const uint8_t *p_src, uint32_t src_len, 
-        uint8_t *p_dst, const sgx_aes_gcm_128bit_tag_t *p_in_mac)
+        const sgx_aes_gcm_128bit_tag_t *p_in_mac)
 {   
+    if (contextid_accid_map.find(context) == contextid_accid_map.end())
+    {
+        return SGX_ERROR_UNEXPECTED;
+    }
+
     sgx_status_t sgx_status = SGX_SUCCESS;
     sgx_ra_key_128_t ra_key;
+    string phone_num;
 
     sgx_status = sgx_ra_get_keys(context, SGX_RA_KEY_SK, &ra_key);
     if (SGX_SUCCESS != sgx_status)
     {
         return sgx_status;
     }
 
-    cfeprintf("ra key:%s\n", hexstring(&ra_key, sizeof(ra_key)));
+    feprintf("ra key:%s\n", hexstring(&ra_key, sizeof(ra_key)));
 
     uint8_t *p_iv = (uint8_t*)malloc(SGX_AESGCM_IV_SIZE);
     memset(p_iv, 0, SGX_AESGCM_IV_SIZE);
+    uint8_t *p_dst = (uint8_t*)malloc(src_len);
+    memset(p_dst, 0, src_len);
     sgx_status = sgx_rijndael128GCM_decrypt(&ra_key, p_src,
             src_len, p_dst, p_iv, SGX_AESGCM_IV_SIZE, NULL, 0, p_in_mac);
 
+    if (SGX_SUCCESS != sgx_status)
+    {
+        sgx_status = SGX_ERROR_UNEXPECTED;
+        goto cleanup;
+    }
+
+    phone_num = string(hexstring(p_dst, src_len));
+    phone_num = phone_num.substr(0, 11);
+    accid_phone_map[contextid_accid_map[context]] = phone_num;
+
+    feprintf("Phone number:%s\n", accid_phone_map[contextid_accid_map[context]]);
+
+
+cleanup:
+
+    free(p_iv);
+    free(p_dst);
+
     return sgx_status;
 }