Skip to content

Commit 2ac0547

Browse files
inasmkiminasmkim
committedJan 5, 2016
increase heap space configuration for Tor
1 parent cb8fb29 commit 2ac0547

File tree

3 files changed

+368
-5
lines changed

3 files changed

+368
-5
lines changed
 

‎qemu/target-i386/sgx.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -48,7 +48,7 @@
4848
#define DSLIMIT (4294967295) // 2^32-1 -> 2^32 => overflow
4949
#define NO_OF_TCS_FLAGS (64)
5050
#define STACK_PAGE_FRAMES_PER_THREAD (250)
51-
#define HEAP_PAGE_FRAMES (100) // Need to decide how many initial Heap pages are required
51+
#define HEAP_PAGE_FRAMES (300) // Need to decide how many initial Heap pages are required
5252

5353
/// custom format
5454
#define PRIfptr "0x%016"PRIxPTR

‎user/share/include/sgx-shared.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -33,7 +33,7 @@
3333

3434
// Enclave configuration
3535
#define STACK_PAGE_FRAMES_PER_THREAD 250
36-
#define HEAP_PAGE_FRAMES 100
36+
#define HEAP_PAGE_FRAMES 300
3737

3838
// EINITTOKEN MAC size
3939
#define MAC_SIZE 16

‎user/test/tor/sgx-tor.c

+366-3
Original file line numberDiff line numberDiff line change
@@ -70,7 +70,7 @@ int pipe_open(char *unique_id, int is_write, int flag_dir)
7070
else
7171
flag |= O_RDONLY;
7272

73-
int fd = open(name_buf, 40, flag);
73+
int fd = open(name_buf, flag);
7474

7575
if(fd == -1)
7676
{
@@ -755,6 +755,11 @@ char address[INET_NTOA_BUF_LEN+32];
755755
int addr_success;
756756
int months_lifetime;
757757

758+
char *vote_sig = NULL;
759+
char *consensus_sig = NULL;
760+
char *consensus_sig2 = NULL;
761+
int consensus_sig_count = 0;
762+
758763
/* For exit node */
759764
int exit_node_num;
760765
crypto_pk_t *secret_id_key = NULL;
@@ -1122,6 +1127,353 @@ static int generate_certificate()
11221127
return 0;
11231128
}
11241129

1130+
int directory_configure(int fd_te, int fd_et)
1131+
{
1132+
/* routine for directory authority */
1133+
// addr_success = 0;
1134+
// months_lifetime = 0;
1135+
1136+
int buf_len;
1137+
char *tmp_buf;
1138+
1139+
puts("Directory authority initialization.\n");
1140+
1141+
// identity key process
1142+
read(fd_te, &buf_len, sizeof(int));
1143+
tmp_buf = (char *)malloc(buf_len+1);
1144+
read(fd_te, tmp_buf, buf_len+1);
1145+
1146+
if(!strncmp(tmp_buf, "CR_IDENTITY_KEY", buf_len)) {
1147+
puts("Creating identity key.\n");
1148+
1149+
if(create_identity_key()) {
1150+
puts("creating identity_key fail");
1151+
buf_len = strlen("CR_IDENTITY_KEY_ERROR");
1152+
write(fd_et, &buf_len, sizeof(int));
1153+
write(fd_et, "CR_IDENTITY_KEY_ERROR", buf_len+1);
1154+
return 0;
1155+
}
1156+
1157+
buf_len = strlen("CR_IDENTITY_KEY_DONE");
1158+
write(fd_et, &buf_len, sizeof(int));
1159+
write(fd_et, "CR_IDENTITY_KEY_DONE", buf_len+1);
1160+
}
1161+
else if(!strncmp(tmp_buf, "LD_IDENTITY_KEY", buf_len)) {
1162+
puts("Load identity key.\n");
1163+
if(load_identity_key()) {
1164+
puts("loading identity_key fail");
1165+
buf_len = strlen("LD_IDENTITY_KEY_ERROR");
1166+
write(fd_et, &buf_len, sizeof(int));
1167+
write(fd_et, "LD_IDENTITY_KEY_ERROR", buf_len+1);
1168+
return 0;
1169+
}
1170+
1171+
buf_len = strlen("LD_IDENTITY_KEY_DONE");
1172+
write(fd_et, &buf_len, sizeof(int));
1173+
write(fd_et, "LD_IDENTITY_KEY_DONE", buf_len+1);
1174+
}
1175+
1176+
free(tmp_buf);
1177+
1178+
// signing key process
1179+
read(fd_te, &buf_len, sizeof(int));
1180+
tmp_buf = (char *)malloc(buf_len+1);
1181+
read(fd_te, tmp_buf, buf_len+1);
1182+
1183+
if(!strncmp(tmp_buf, "CR_SIGNING_KEY", buf_len)) {
1184+
// printf("Creating signing key of %d.\n", authority_num);
1185+
puts("Creating signing key.\n");
1186+
if(create_signing_key()) {
1187+
buf_len = strlen("CR_SIGNING_KEY_ERROR");
1188+
write(fd_et, &buf_len, sizeof(int));
1189+
write(fd_et, "CR_IDENTITY_KEY_ERROR", buf_len+1);
1190+
return 0;
1191+
}
1192+
1193+
buf_len = strlen("CR_SIGNING_KEY_DONE");
1194+
write(fd_et, &buf_len, sizeof(int));
1195+
write(fd_et, "CR_SIGNING_KEY_DONE", buf_len+1);
1196+
}
1197+
else if(!strncmp(tmp_buf, "LD_SIGNING_KEY", buf_len)) {
1198+
// printf("Load signing key of %d.\n", authority_num);
1199+
puts("Load signing key.\n");
1200+
1201+
if(load_signing_key()) {
1202+
buf_len = strlen("LD_SIGNING_KEY_ERROR");
1203+
write(fd_et, &buf_len, sizeof(int));
1204+
write(fd_et, "LD_SIGNING_KEY_ERROR", buf_len+1);
1205+
return 0;
1206+
}
1207+
1208+
buf_len = strlen("LD_SIGNING_KEY_DONE");
1209+
write(fd_et, &buf_len, sizeof(int));
1210+
write(fd_et, "LD_SIGNING_KEY_DONE", buf_len+1);
1211+
}
1212+
1213+
free(tmp_buf);
1214+
// recv data related to certificate
1215+
// printf("Receiving global variables for certificate.\n");
1216+
puts("Receiving global variables for certificate.\n");
1217+
read(fd_te, &buf_len, sizeof(int));
1218+
read(fd_te, address, buf_len+1);
1219+
addr_success = 1;
1220+
int temp_var;
1221+
read(fd_te, &temp_var, sizeof(int));
1222+
months_lifetime = temp_var;
1223+
1224+
// printf("Creating certificate of %d.\n", authority_num);
1225+
puts("Creating certificate.\n");
1226+
if(generate_certificate()) {
1227+
buf_len = strlen("CR_CERTIFICATE_ERROR");
1228+
write(fd_et, &buf_len, sizeof(int));
1229+
write(fd_et, "CR_CERTIFICATE_ERROR", buf_len+1);
1230+
return 0;
1231+
}
1232+
1233+
buf_len = strlen("CR_CERTIFICATE_DONE");
1234+
write(fd_et, &buf_len, sizeof(int));
1235+
write(fd_et, "CR_CERTIFICATE_DONE", buf_len+1);
1236+
1237+
// sgx_printf("cert len = %d\n", strlen(certificate));
1238+
1239+
for(int i=0;i<8;i++)
1240+
write(fd_et, certificate+i*512, 512);
1241+
puts("Send successfully!\n");
1242+
1243+
return 1;
1244+
}
1245+
1246+
int directory_request(int fd_et, int fd_te)
1247+
{
1248+
int buf_len;
1249+
char *tmp_buf = NULL;
1250+
1251+
while(1) {
1252+
read(fd_te, &buf_len, sizeof(int));
1253+
tmp_buf = (char *)malloc(buf_len+1);
1254+
read(fd_te, tmp_buf, buf_len+1);
1255+
1256+
// CERTIFICATE VERIFICATION.
1257+
if(!strncmp(tmp_buf, "CERTIFICATE_VERIFY", buf_len)) {
1258+
printf("Certificate verification for directory authority %d\n",
1259+
authority_num);
1260+
size_t len;
1261+
char *tmp_signing_key_str = NULL;
1262+
read(fd_te, &len, sizeof(size_t));
1263+
tmp_signing_key_str = (char *)malloc(len+1);
1264+
read(fd_te, tmp_signing_key_str, len+1);
1265+
1266+
// char *tmp_ori_str = key_to_string_priv(&signing_key_set);
1267+
char *tmp_ori_str = key_to_string_priv(signing_key);
1268+
1269+
if(!memcmp(tmp_signing_key_str, tmp_ori_str, len)) {
1270+
printf("Verification Failed!\n");
1271+
buf_len = strlen("CERTFICATE_VERIFY_ERROR");
1272+
write(fd_et, &buf_len, sizeof(int));
1273+
write(fd_et, "CERIFICATE_VERIFY_ERROR", buf_len+1);
1274+
return 0;
1275+
}
1276+
buf_len = strlen("CERTFICATE_VERIFY_DONE");
1277+
write(fd_et, &buf_len, sizeof(int));
1278+
write(fd_et, "CERIFICATE_VERIFY_DONE", buf_len+1);
1279+
1280+
free(tmp_signing_key_str);
1281+
free(tmp_ori_str);
1282+
1283+
free(tmp_buf);
1284+
continue;
1285+
}
1286+
1287+
// Voting
1288+
if(!strncmp(tmp_buf, "VOTING_START", buf_len)) {
1289+
printf("Voting of %d is started!\n", authority_num);
1290+
1291+
// DIGEST COMPUTING
1292+
// char *tmp_ori_str = key_to_string_priv(&signing_key_set);
1293+
char *tmp_ori_str = key_to_string_priv(signing_key);
1294+
crypto_pk_t *tmp_signing_key = crypto_pk_new();
1295+
crypto_pk_read_private_key_from_string(tmp_signing_key,
1296+
tmp_ori_str, -1);
1297+
char signing_key_digest[DIGEST_LEN];
1298+
1299+
if(crypto_pk_get_digest(tmp_signing_key, signing_key_digest) < 0) {
1300+
puts("Error computing signing key digest\n");
1301+
buf_len = strlen("GET_DIGEST_ERROR");
1302+
write(fd_et, &buf_len, sizeof(int));
1303+
write(fd_et, "GET_DIGEST_ERROR", buf_len+1);
1304+
return 0;
1305+
}
1306+
1307+
buf_len = strlen("GET_DIGEST_DONE");
1308+
write(fd_et, &buf_len, sizeof(int));
1309+
write(fd_et, "GET_DIGEST_DONE", buf_len+1);
1310+
1311+
// Fingerprint
1312+
char fingerprint[FINGERPRINT_LEN+1];
1313+
1314+
if(crypto_pk_get_fingerprint(tmp_signing_key, fingerprint, 0) < 0) {
1315+
puts("Error getting fingerprint for signing key\n");
1316+
buf_len = strlen("GET_FINGERPRINT_ERROR");
1317+
write(fd_et, &buf_len, sizeof(int));
1318+
write(fd_et, "GET_FINGERPRINT_ERROR", buf_len+1);
1319+
return 0;
1320+
}
1321+
1322+
buf_len = strlen("GET_FINGERPRINT_DONE");
1323+
write(fd_et, &buf_len, sizeof(int));
1324+
write(fd_et, "GET_FINGERPRINT_DONE", buf_len+1);
1325+
1326+
write(fd_et, fingerprint, FINGERPRINT_LEN+1);
1327+
1328+
// Vote signing
1329+
char *sig = NULL;
1330+
char digest[DIGEST_LEN];
1331+
1332+
read(fd_te, digest, DIGEST_LEN);
1333+
sig = router_get_dirobj_signature(digest, DIGEST_LEN,
1334+
tmp_signing_key);
1335+
1336+
if(!sig) {
1337+
puts("Unable to sign networkstatus vote!\n");
1338+
buf_len = strlen("VOTE_SIGN_ERROR");
1339+
write(fd_et, &buf_len, sizeof(int));
1340+
write(fd_et, "VOTE_SIGN_ERROR", buf_len+1);
1341+
return 0;
1342+
}
1343+
1344+
buf_len = strlen("VOTE_SIGN_DONE");
1345+
write(fd_et, &buf_len, sizeof(int));
1346+
write(fd_et, "VOTE_SIGN_DONE", buf_len+1);
1347+
1348+
vote_sig = malloc(strlen(sig)+1);
1349+
memcpy(vote_sig, sig, strlen(sig)+1);
1350+
1351+
free(sig);
1352+
free(tmp_signing_key);
1353+
free(tmp_ori_str);
1354+
free(tmp_buf);
1355+
continue;
1356+
}
1357+
1358+
// Concensus
1359+
if(!strncmp(tmp_buf, "CONSENSUS_START", buf_len)) {
1360+
printf("Computing consensus of %d is started!\n", authority_num);
1361+
1362+
// fingerprint
1363+
// char *tmp_ori_str = key_to_string_priv(&signing_key_set);
1364+
char *tmp_ori_str = key_to_string_priv(signing_key);
1365+
crypto_pk_t *tmp_signing_key = crypto_pk_new();
1366+
crypto_pk_read_private_key_from_string(tmp_signing_key, tmp_ori_str, -1);
1367+
1368+
char fingerprint[HEX_DIGEST_LEN+1];
1369+
if(crypto_pk_get_fingerprint(tmp_signing_key, fingerprint, 0) < 0) {
1370+
puts("Error getting fingerprint for signing key\n");
1371+
buf_len = strlen("GET_FINGERPRINT_ERROR");
1372+
write(fd_et, &buf_len, sizeof(int));
1373+
write(fd_et, "GET_FINGERPRINT_ERROR", buf_len+1);
1374+
return 0;
1375+
}
1376+
1377+
puts("Consensus - Getting fingerprint finished!\n");
1378+
buf_len = strlen("GET_FINGERPRINT_DONE");
1379+
write(fd_et, &buf_len, sizeof(int));
1380+
write(fd_et, "GET_FINGERPRINT_DONE", buf_len+1);
1381+
write(fd_et, fingerprint, HEX_DIGEST_LEN+1);
1382+
1383+
// Consensus signing
1384+
char *sig = NULL;
1385+
char digest[DIGEST256_LEN];
1386+
int digest_len;
1387+
1388+
read(fd_te, &digest_len, sizeof(int));
1389+
read(fd_te, digest, digest_len);
1390+
1391+
sig = router_get_dirobj_signature(digest,
1392+
digest_len, tmp_signing_key);
1393+
1394+
if(!sig) {
1395+
puts("Couldn't sign consensus networkstatus\n");
1396+
buf_len = strlen("CONSENSUS_SIGN_ERROR");
1397+
write(fd_et, &buf_len, sizeof(int));
1398+
write(fd_et, "CONSENSUS_SIGN_ERROR", buf_len+1);
1399+
return 0;
1400+
}
1401+
1402+
puts("Consensus signing finished!\n");
1403+
buf_len = strlen("CONSENSUS_SIGN_DONE");
1404+
write(fd_et, &buf_len, sizeof(int));
1405+
write(fd_et, "CONSENSUS_SIGN_DONE", buf_len+1);
1406+
1407+
int sig_len = strlen(sig);
1408+
write(fd_et, &sig_len, sizeof(int));
1409+
write(fd_et, sig, sig_len+1);
1410+
1411+
if(consensus_sig_count == 0) {
1412+
if(consensus_sig != NULL)
1413+
free(consensus_sig2);
1414+
consensus_sig2 = malloc(strlen(sig)+1);
1415+
memcpy(consensus_sig2, sig, strlen(sig)+1);
1416+
consensus_sig_count++;
1417+
}
1418+
else {
1419+
if(consensus_sig != NULL)
1420+
free(consensus_sig);
1421+
consensus_sig = malloc(strlen(sig)+1);
1422+
memcpy(consensus_sig, sig, strlen(sig)+1);
1423+
consensus_sig_count = 0;
1424+
}
1425+
1426+
free(sig);
1427+
free(tmp_ori_str);
1428+
free(tmp_signing_key);
1429+
free(tmp_buf);
1430+
1431+
continue;
1432+
}
1433+
1434+
// Concensus sig verify
1435+
if(!strncmp(tmp_buf, "CONSENSUS_SIG_VERIFY", buf_len)) {
1436+
puts("Consensus verification\n");
1437+
1438+
int sig_len;
1439+
char signature[1536];
1440+
1441+
read(fd_te, &sig_len, sizeof(int));
1442+
1443+
int i;
1444+
for(i=0;i<3;i++)
1445+
read(fd_te, signature+i*512, 512);
1446+
1447+
char *tmp_str1 = memchr(signature+280, '-', 500);
1448+
printf("%s\n", tmp_str1);
1449+
1450+
char *tmp_str2 = memchr(signature+800, '-', 500);
1451+
printf("%s\n", tmp_str2);
1452+
1453+
if(strncmp(tmp_str1, consensus_sig, strlen(consensus_sig))) {
1454+
buf_len = strlen("CONSENSUS_SIG_VERIFY_ERROR");
1455+
write(fd_et, &buf_len, sizeof(int));
1456+
write(fd_et, "CONSENSUS_SIG_VERIFY_ERROR", buf_len+1);
1457+
}
1458+
1459+
if(strncmp(tmp_str2, consensus_sig2, strlen(consensus_sig2))) {
1460+
buf_len = strlen("CONSENSUS_SIG_VERIFY_ERROR");
1461+
write(fd_et, &buf_len, sizeof(int));
1462+
write(fd_et, "CONSENSUS_SIG_VERIFY_ERROR", buf_len+1);
1463+
}
1464+
1465+
buf_len = strlen("CONSENSUS_SIG_VERIFY_DONE");
1466+
write(fd_et, &buf_len, sizeof(int));
1467+
write(fd_et, "CONSENSUS_SIG_VERIFY_DONE", buf_len+1);
1468+
1469+
free(tmp_buf);
1470+
continue;
1471+
}
1472+
}
1473+
1474+
return 1;
1475+
}
1476+
11251477
int exit_node_handling(int fd_te, int fd_et, int flags)
11261478
{
11271479
int buf_len;
@@ -1998,7 +2350,14 @@ void enclave_main(int argc, char **argv)
19982350

19992351
int retval = 0;
20002352

2001-
retval = exit_node_handling(fd_te, fd_et, 0);
2353+
puts(key_enc_to_tor);
2354+
puts(key_tor_to_enc);
2355+
printf("%d %d\n", authority_num, exit_node_num);
2356+
2357+
if(exit_node_num == 3)
2358+
retval = exit_node_handling(fd_te, fd_et, 0);
2359+
else
2360+
retval = directory_configure(fd_te, fd_et);
20022361

20032362
if(retval == 0) {
20042363
puts("Error occurred. Quit program\n");
@@ -2043,7 +2402,11 @@ void enclave_main(int argc, char **argv)
20432402
}
20442403

20452404
client_id_key = NULL; // for key loading
2046-
retval = exit_node_handling(fd_te, fd_et, 1);
2405+
2406+
if(exit_node_num == 3)
2407+
retval = exit_node_handling(fd_te, fd_et, 0);
2408+
else
2409+
retval = directory_request(fd_et, fd_te);
20472410

20482411
if(retval == 0)
20492412
printf("Error occurred, Quit program\n");

0 commit comments

Comments
 (0)
Please sign in to comment.