Upgraded BI-SGX not to use sgx_tae_service.h which is excluded after …

…SGX v2.8.

Enclave/Enclave.cpp

@@ -22,7 +22,9 @@ in the License.
 #include <string.h>
 #include <cstdlib>
 #include <sgx_utils.h>
+#ifdef _WIN32
 #include <sgx_tae_service.h>
+#endif
 #include <sgx_tkey_exchange.h>
 #include <sgx_tcrypto.h>
 #include <sgx_tseal.h>
@@ -105,11 +107,14 @@ sgx_status_t get_report(sgx_report_t *report, sgx_target_info_t *target_info)
 #endif
 }
 
+/*
 size_t get_pse_manifest_size ()
 {
 	return sizeof(sgx_ps_sec_prop_desc_t);
 }
+*/
 
+/*
 sgx_status_t get_pse_manifest(char *buf, size_t sz)
 {
 	sgx_ps_sec_prop_desc_t ps_sec_prop_desc;
@@ -131,6 +136,7 @@ sgx_status_t get_pse_manifest(char *buf, size_t sz)
 
 	return status;
 }
+*/
 
 sgx_status_t enclave_ra_init(sgx_ec256_public_t key, int b_pse,
 	sgx_ra_context_t *ctx, sgx_status_t *pse_status)
@@ -142,6 +148,7 @@ sgx_status_t enclave_ra_init(sgx_ec256_public_t key, int b_pse,
 	 * before calling sgx_ra_init()
 	 */
 
+	/*
 	if ( b_pse ) {
 		int retries= PSE_RETRIES;
 		do {
@@ -150,9 +157,11 @@ sgx_status_t enclave_ra_init(sgx_ec256_public_t key, int b_pse,
 		} while (*pse_status == SGX_ERROR_BUSY && retries--);
 		if ( *pse_status != SGX_SUCCESS ) return SGX_ERROR_UNEXPECTED;
 	}
+	*/
 
 	ra_status= sgx_ra_init(&key, b_pse, ctx);
 
+	/*
 	if ( b_pse ) {
 		int retries= PSE_RETRIES;
 		do {
@@ -161,6 +170,7 @@ sgx_status_t enclave_ra_init(sgx_ec256_public_t key, int b_pse,
 		} while (*pse_status == SGX_ERROR_BUSY && retries--);
 		if ( *pse_status != SGX_SUCCESS ) return SGX_ERROR_UNEXPECTED;
 	}
+	*/
 
 	return ra_status;
 }
@@ -1456,14 +1466,45 @@ sgx_status_t process_data_for_dl(sgx_ra_context_t context, uint8_t *login_info,
 	size_t header_sz = header_str.length() + 1;
 	uint8_t *dl_cut = new uint8_t[dl_plain_len + 1 - header_sz]();
 
+	int dummy = 0;
+
 	for(int i = header_sz; i < dl_plain_len; i++)
 	{
 		dl_cut[i - header_sz] = dl_plain[i];
+		dummy++;
 	}
 
-	OCALL_print((char*)dl_cut);
+	*dl_sz = dl_plain_len - header_sz;
+
+	OCALL_generate_nonce(iv_t, 12);
 
 
-
+
+	/*AES/GCM's cipher length is equal to the length of plain text*/
+	status = sgx_rijndael128GCM_encrypt(&sk_key, dl_cut, *dl_sz,
+		dl_data, iv_t, 12, NULL, 0, &tag_t);
+
+
+	if(status != SGX_SUCCESS)
+	{
+		OCALL_print("Failed to encrypt data for download.");
+		OCALL_print_status(status);
+
+		return status;
+	}
+
+
+
+	/* copy IV and tag buffer to passed pointer */
+	for(int i = 0; i < 12; i++)
+	{
+		dl_iv[i] = iv_t[i];
+	}
+
+	for(int i = 0; i < 16; i++)
+	{
+		dl_tag[i] = tag_t[i];
+	}
+
 	return SGX_SUCCESS;
 }

Enclave/Enclave.edl

@@ -34,9 +34,10 @@ enclave {
 		public sgx_status_t get_report([out] sgx_report_t *report,
 			[in] sgx_target_info_t *target_info);
 
+		/*
 		public size_t get_pse_manifest_size();
-
 		public sgx_status_t get_pse_manifest([out, count=sz] char *buf, size_t sz);
+		*/
 
 		public sgx_status_t enclave_ra_init(sgx_ec256_public_t key, int b_pse,
 			[out] sgx_ra_context_t *ctx, [out] sgx_status_t *pse_status);
@@ -64,7 +65,8 @@ enclave {
 			[in, out, size=32]uint8_t *username,
 			[in, out, size=33]uint8_t *password_hash,
 			[in, out, size=2]uint8_t *privilege,
-			[in, out, size=8]uint8_t *datatype);
+			[in, out, size=32]uint8_t *datatype,
+			[in, out, size=128]uint8_t *misc_info);
 
 		public sgx_status_t seal_data(sgx_ra_context_t context,
 			[user_check]uint8_t *data_cipher, size_t cipherlen,
@@ -96,6 +98,19 @@ enclave {
 			[in, size=taglen]uint8_t *tag_array, size_t taglen, 
 			[out, size=emsg_len]uint8_t *error_msg_cipher, size_t emsg_len,
 			[out]size_t *emsg_cipher_len);
+
+		public sgx_status_t encrypt_for_TLS(sgx_ra_context_t context,
+			[in, size=plain_len]uint8_t *plain, size_t plain_len,
+			[in, out, size=plain_len]uint8_t *cipher,
+			[in, out, size=12]uint8_t *iv, [in, out, size=16]uint8_t *tag);
+
+		public sgx_status_t process_data_for_dl(sgx_ra_context_t context,
+			[in, size=login_sz]uint8_t *login_info, size_t login_sz,
+			[in, size=12]uint8_t *login_iv, [in, size=16]uint8_t *login_tag,
+			[in, out, size=sealed_sz]uint8_t *sealed_binary, size_t sealed_sz,
+			[in, out, size=sealed_sz]uint8_t *dl_data,
+			[in, out, size=12]uint8_t *dl_iv,
+			[in, out, size=16]uint8_t *dl_tag, [out]size_t *dl_sz);
 	};
 
 	untrusted {

isv.cpp

@@ -54,6 +54,9 @@ using namespace std;
 #include <unistd.h>
 #endif
 #include <sgx_uae_service.h>
+#include <sgx_uae_launch.h>
+#include <sgx_uae_epid.h>
+#include <sgx_uae_quote_ex.h>
 #include <sgx_ukey_exchange.h>
 #include <sgx_uswitchless.h>
 #include <string>
@@ -119,6 +122,16 @@ sgx_status_t sgx_create_enclave_search (
 	sgx_misc_attribute_t *attr
 );
 
+sgx_status_t sgx_create_enclave_search_ex (
+	const char *filename,
+	const int edebug,
+	sgx_launch_token_t *token,
+	int *updated,
+	sgx_enclave_id_t *eid,
+	sgx_misc_attribute_t *attr
+);
+
+
 void usage();
 int do_quote(sgx_enclave_id_t eid, config_t *config);
 int do_attestation(sgx_enclave_id_t eid, config_t *config);
@@ -1872,8 +1885,15 @@ int main (int argc, char *argv[])
 		return 1;
 	}
 #else
+
 	status = sgx_create_enclave_search(ENCLAVE_NAME,
 		SGX_DEBUG_FLAG, &token, &updated, &eid, 0);
+
+	/*
+	status = sgx_create_enclave_search_ex(ENCLAVE_NAME,
+		SGX_DEBUG_FLAG, &token, &updated, &eid, 0);
+	*/
+
 	if ( status != SGX_SUCCESS ) {
 		fprintf(stderr, "sgx_create_enclave: %s: %08x\n",
 			ENCLAVE_NAME, status);
@@ -3393,7 +3413,7 @@ int do_quote(sgx_enclave_id_t eid, config_t *config)
 	uint32_t sz= 0;
 	uint32_t flags= config->flags;
 	sgx_quote_sign_type_t linkable= SGX_UNLINKABLE_SIGNATURE;
-	sgx_ps_cap_t ps_cap;
+	//sgx_ps_cap_t ps_cap;
 	char *pse_manifest = NULL;
 	size_t pse_manifest_sz;
 #ifdef _WIN32
@@ -3409,6 +3429,7 @@ int do_quote(sgx_enclave_id_t eid, config_t *config)
  	if (OPT_ISSET(flags, OPT_LINK)) linkable= SGX_LINKABLE_SIGNATURE;
 
 	/* Platform services info */
+	/*
 	if (OPT_ISSET(flags, OPT_PSE)) {
 		status = sgx_get_ps_cap(&ps_cap);
 		if (status != SGX_SUCCESS) {
@@ -3437,6 +3458,7 @@ int do_quote(sgx_enclave_id_t eid, config_t *config)
 			return 1;
 		}
 	}
+	*/
 
 	/* Get our quote */
 
@@ -3622,6 +3644,62 @@ sgx_status_t sgx_create_enclave_search (const char *filename, const int edebug,
 	return sgx_create_enclave(filename, edebug, token, updated, eid, attr);
 }
 
+sgx_status_t sgx_create_enclave_search_ex (const char *filename, const int edebug,
+	sgx_launch_token_t *token, int *updated, sgx_enclave_id_t *eid,
+	sgx_misc_attribute_t *attr)
+{
+	struct stat sb;
+	char epath[PATH_MAX];	/* includes NULL */
+
+	sgx_uswitchless_config_t us_config = {0, 1, 1, 20000, 20000, {0}};
+	void* enclave_ex_p[32] = {0};
+
+	enclave_ex_p[SGX_CREATE_ENCLAVE_EX_SWITCHLESS_BIT_IDX] = &us_config;
+
+	/* Is filename an absolute path? */
+
+	if ( filename[0] == '/' ) 
+		return sgx_create_enclave_ex(filename, edebug, token, updated, eid, attr,
+			SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);
+
+	/* Is the enclave in the current working directory? */
+
+	if ( stat(filename, &sb) == 0 )
+		return sgx_create_enclave_ex(filename, edebug, token, updated, eid, attr,
+			SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);
+
+	/* Search the paths in LD_LBRARY_PATH */
+
+	if ( file_in_searchpath(filename, getenv("LD_LIBRARY_PATH"), epath, PATH_MAX) )
+		return sgx_create_enclave_ex(epath, edebug, token, updated, eid, attr,
+			SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);
+
+	/* Search the paths in DT_RUNPATH */
+
+	if ( file_in_searchpath(filename, getenv("DT_RUNPATH"), epath, PATH_MAX) )
+		return sgx_create_enclave_ex(epath, edebug, token, updated, eid, attr,
+			SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);
+
+	/* Standard system library paths */
+
+	if ( file_in_searchpath(filename, DEF_LIB_SEARCHPATH, epath, PATH_MAX) )
+		return sgx_create_enclave_ex(epath, edebug, token, updated, eid, attr,
+			SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);
+
+	/*
+	 * If we've made it this far then we don't know where else to look.
+	 * Just call sgx_create_enclave() which assumes the enclave is in
+	 * the current working directory. This is almost guaranteed to fail,
+	 * but it will insure we are consistent about the error codes that
+	 * get reported to the calling function.
+	 */
+
+	return sgx_create_enclave_ex(filename, edebug, token, updated, eid, attr,
+		SGX_CREATE_ENCLAVE_EX_SWITCHLESS, (const void**)enclave_ex_p);;
+}
+
+
+
 int file_in_searchpath (const char *file, const char *search, char *fullpath, 
 	size_t len)
 {

sgx_stub.c

@@ -505,6 +505,7 @@ int sgx_thread_wait_untrusted_event_ocall(const void *self)
 	return (int) p_sgx_thread_wait_untrusted_event_ocall(self);
 }
 
+/*
 sgx_status_t sgx_get_ps_cap(sgx_ps_cap_t *p_sgx_ps_cap)
 {
 	if ( l_sgx_get_ps_cap == 0 ) {
@@ -516,6 +517,7 @@ sgx_status_t sgx_get_ps_cap(sgx_ps_cap_t *p_sgx_ps_cap)
 
 	return (sgx_status_t) p_sgx_get_ps_cap(p_sgx_ps_cap);
 }
+*/
 
 sgx_status_t sgx_ecall_switchless(const sgx_enclave_id_t eid, const int index, const void *ocall_table, void *ms)
 {