diff --git a/SGX_Linux/Makefile b/SGX_Linux/Makefile index 3defedc4..df6744aa 100644 --- a/SGX_Linux/Makefile +++ b/SGX_Linux/Makefile @@ -1,8 +1,19 @@ +SGX_SDK ?= /opt/intel/sgxsdk +SGX_MODE ?= SIM +SGX_ARCH ?= x64 +SGX_WOLFSSL_LIB ?= ./ + +ifndef WOLFSSL_ROOT +$(error WOLFSSL_ROOT is not set. Please set to root wolfssl directory) +endif + + + all: - $(MAKE) -f sgx_u.mk all - $(MAKE) -f sgx_t.mk all + $(MAKE) -ef sgx_u.mk all + $(MAKE) -ef sgx_t.mk all clean: - $(MAKE) -f sgx_u.mk clean - $(MAKE) -f sgx_t.mk clean + $(MAKE) -ef sgx_u.mk clean + $(MAKE) -ef sgx_t.mk clean diff --git a/SGX_Linux/README-images/expected-make-output.png b/SGX_Linux/README-images/expected-make-output.png index b6cd25eb..38298a58 100644 Binary files a/SGX_Linux/README-images/expected-make-output.png and b/SGX_Linux/README-images/expected-make-output.png differ diff --git a/SGX_Linux/README-images/expected-run-output-app.png b/SGX_Linux/README-images/expected-run-output-app.png deleted file mode 100644 index b77fda05..00000000 Binary files a/SGX_Linux/README-images/expected-run-output-app.png and /dev/null differ diff --git a/SGX_Linux/README-images/expected-run-output-benchmark.png b/SGX_Linux/README-images/expected-run-output-benchmark.png new file mode 100644 index 00000000..1854e61b Binary files /dev/null and b/SGX_Linux/README-images/expected-run-output-benchmark.png differ diff --git a/SGX_Linux/README-images/expected-run-output-client.png b/SGX_Linux/README-images/expected-run-output-client.png new file mode 100644 index 00000000..6117d475 Binary files /dev/null and b/SGX_Linux/README-images/expected-run-output-client.png differ diff --git a/SGX_Linux/README-images/expected-run-output-test.png b/SGX_Linux/README-images/expected-run-output-test.png new file mode 100644 index 00000000..1e754600 Binary files /dev/null and b/SGX_Linux/README-images/expected-run-output-test.png differ diff --git a/SGX_Linux/README.md b/SGX_Linux/README.md index 29075b9c..f3a658d9 100644 --- a/SGX_Linux/README.md +++ b/SGX_Linux/README.md @@ -30,32 +30,55 @@ After creating the static library, build the example untrusted application using `WOLFSSL_ROOT=[location/to/wolfssl_root]` +6. Whether benchmark tests have been enabled. *NOTE: These must be enabled during compilation of the static library as well. See the README in `/IDE/LINUX-SGX/README.md`* + + `HAVE_WOLFSSL_BENCHMARK=[0/1]` + +6. Whether wolfcrypt tests have been enabled. *NOTE: These must be enabled during compilation of the static library as well. See the README in `/IDE/LINUX-SGX/README.md`* + + `HAVE_WOLFSSL_TEST=[0/1]` + + With these three options, simply call, for example: -```make SGX_MODE=SIM SGX_PRERELEASE=0 SGX_WOLFSSL_LIB=~/wolfssl/IDE/LINUX-SGX/ WOLFSSL_ROOT=../../wolfssl SGX_DEBUG=0``` +```make SGX_MODE=SIM SGX_PRERELEASE=0 SGX_WOLFSSL_LIB=~/wolfssl/IDE/LINUX-SGX/ WOLFSSL_ROOT=../../wolfssl SGX_DEBUG=0 HAVE_WOLFSSL_TEST=1``` ### Expected Output ![expected make results](README-images/expected-make-output.png) ## Running -After the application has been built, it should be tested against the default wolfssl example server. +After building, the user can specify one of a set of options to be run via the command line. These are: -### First, start the example server. - From run: - ./examples/server/server +* -c: Run a TLS Client in an enclave + * This option runs an example TLS client in enclave to connect to a server on port 11111. +* -s: Run a TLS Server in an enclave + * This option runs an example TLS server in enclave to receive clients on port 11111. +* -t: Run wolfCrypt tests in an enclave + * This option runs the wolfCrypt tests. *NOTE: These must be enabled during compilation of the static library as well. See the README in `/IDE/LINUX-SGX/README.md`* +* -b: Run wolfCrypt benchmarks in an enclave + * This option runs the wolfCrypt benchmarks in an enclave. These benchmarks will be somewhat faster than standard benchmarks because the benchmarks are operating entirely within the enclave and buffers don't need to be moved across the enclave boundary between calls. *NOTE: These must be enabled during compilation of the static library as well. See the README in `/IDE/LINUX-SGX/README.md`* -### Then, start the SGX Application - ./App +To test the enclave client against the enclave server: -This will run three tests. The first is the wolfcrypt testsuite, which tests a variety of wolfcrypt functionality. The second is the wolfcrypt benchmark testsuite, which benchmarks some of the main wolfcrypt ciphers. Finally, a simple TLS client test is run which connects a TLS client, instantiated on the enclave, against the previously started example server running normally on the PC. The connection targets localhost:11111. +### First, start the enclave server. + ./App -s + +### Then, start the enclave client + ./App -c + +This will connect an enclave client, in one enclave, to an enclave server, in a second enclave. These can also be replaced by the wolfssl example client/server. For example, to test a standard client against an enclave server, start the enclave server and then run /examples/client/client. ### Expected Output -![expected app results](README-images/expected-run-output-app.png) +![expected client results](README-images/expected-run-output-client.png) ![expected server results](README-images/expected-run-output-server.png) +![expected test results](README-images/expected-run-output-test.png) + +![expected benchmark results](README-images/expected-run-output-benchmark.png) + ## Limitations 1) Single Threaded diff --git a/SGX_Linux/sgx_t.mk b/SGX_Linux/sgx_t.mk index 2379fbd5..b4dd62c0 100644 --- a/SGX_Linux/sgx_t.mk +++ b/SGX_Linux/sgx_t.mk @@ -1,13 +1,4 @@ ######## Intel(R) SGX SDK Settings ######## -SGX_SDK ?= /opt/intel/sgxsdk -SGX_MODE ?= SIM -SGX_ARCH ?= x64 -SGX_WOLFSSL_LIB ?= ./ - -ifndef WOLFSSL_ROOT -$(error WOLFSSL_ROOT is not set. Please set to root wolfssl directory.) -endif - ifeq ($(shell getconf LONG_BIT), 32) SGX_ARCH := x86 else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) @@ -51,9 +42,7 @@ Crypto_Library_Name := sgx_tcrypto Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/test/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/ \ + -I$(WOLFSSL_ROOT)/wolfcrypt/ Wolfssl_Enclave_C_Files := trusted/Wolfssl_Enclave.c @@ -61,6 +50,17 @@ Wolfssl_Enclave_Include_Paths := -IInclude -Itrusted $(Wolfssl_Include_Paths)\ -I$(SGX_SDK)/include -I$(SGX_SDK)/include/tlibc\ -I$(SGX_SDK)/include/stlport +ifeq ($(HAVE_WOLFSSL_TEST), 1) + Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/test/ + Wolfssl_C_Extra_Flags += -DHAVE_WOLFSSL_TEST +endif + +ifeq ($(HAVE_WOLFSSL_BENCHMARK), 1) + Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/ + Wolfssl_C_Extra_Flags += -DHAVE_WOLFSSL_BENCHMARK +endif + + Flags_Just_For_C := -Wno-implicit-function-declaration -std=c11 Common_C_Cpp_Flags := $(SGX_COMMON_CFLAGS) -nostdinc -fvisibility=hidden -fpie -fstack-protector $(Wolfssl_Enclave_Include_Paths)-fno-builtin -fno-builtin-printf -I. Wolfssl_Enclave_C_Flags := $(Flags_Just_For_C) $(Common_C_Cpp_Flags) $(Wolfssl_C_Extra_Flags) @@ -76,6 +76,9 @@ Wolfssl_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib Wolfssl_Enclave_C_Objects := $(Wolfssl_Enclave_C_Files:.c=.o) + + + ifeq ($(SGX_MODE), HW) ifneq ($(SGX_DEBUG), 1) ifneq ($(SGX_PRERELEASE), 1) diff --git a/SGX_Linux/sgx_u.mk b/SGX_Linux/sgx_u.mk index 919804df..4d157cd9 100644 --- a/SGX_Linux/sgx_u.mk +++ b/SGX_Linux/sgx_u.mk @@ -1,16 +1,5 @@ ######## Intel(R) SGX SDK Settings ######## -SGX_SDK ?= /opt/intel/sgxsdk -SGX_MODE ?= SIM -SGX_ARCH ?= x64 UNTRUSTED_DIR=untrusted -SGX_WOLFSSL_LIB ?= ./ - -ifndef WOLFSSL_ROOT -$(error WOLFSSL_ROOT is not set. Please set to root wolfssl directory) -endif - - - ifeq ($(shell getconf LONG_BIT), 32) SGX_ARCH := x86 else ifeq ($(findstring -m32, $(CXXFLAGS)), -m32) @@ -51,11 +40,21 @@ endif Wolfssl_C_Extra_Flags := -DWOLFSSL_SGX Wolfssl_Include_Paths := -I$(WOLFSSL_ROOT)/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/test/ \ - -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/ \ + -I$(WOLFSSL_ROOT)/wolfcrypt/ -App_C_Files := $(UNTRUSTED_DIR)/App.c $(UNTRUSTED_DIR)/client-tls.c +ifeq ($(HAVE_WOLFSSL_TEST), 1) + Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/test/ + Wolfssl_C_Extra_Flags += -DHAVE_WOLFSSL_TEST +endif + +ifeq ($(HAVE_WOLFSSL_BENCHMARK), 1) + Wolfssl_Include_Paths += -I$(WOLFSSL_ROOT)/wolfcrypt/benchmark/ + Wolfssl_C_Extra_Flags += -DHAVE_WOLFSSL_BENCHMARK +endif + + + +App_C_Files := $(UNTRUSTED_DIR)/App.c $(UNTRUSTED_DIR)/client-tls.c $(UNTRUSTED_DIR)/server-tls.c App_Include_Paths := -IInclude $(Wolfssl_Include_Paths) -I$(UNTRUSTED_DIR) -I$(SGX_SDK)/include App_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(App_Include_Paths) $(Wolfssl_C_Extra_Flags) diff --git a/SGX_Linux/trusted/Wolfssl_Enclave.c b/SGX_Linux/trusted/Wolfssl_Enclave.c index d70c7b48..155df0b8 100644 --- a/SGX_Linux/trusted/Wolfssl_Enclave.c +++ b/SGX_Linux/trusted/Wolfssl_Enclave.c @@ -8,12 +8,23 @@ int wc_test(void* args) { +#ifdef HAVE_WOLFSSL_TEST return wolfcrypt_test(args); +#else + /* wolfSSL test not compiled in! */ + return -1; +#endif /* HAVE_WOLFSSL_TEST */ } int wc_benchmark_test(void* args) { + +#ifdef HAVE_WOLFSSL_BENCHMARK return benchmark_test(args); +#else + /* wolfSSL benchmark not compiled in! */ + return -1; +#endif /* HAVE_WOLFSSL_BENCHMARK */ } void enc_wolfSSL_Debugging_ON(void) @@ -36,6 +47,12 @@ WOLFSSL_METHOD* enc_wolfTLSv1_2_client_method(void) return wolfTLSv1_2_client_method(); } +WOLFSSL_METHOD* enc_wolfTLSv1_2_server_method(void) +{ + return wolfTLSv1_2_server_method(); +} + + WOLFSSL_CTX* enc_wolfSSL_CTX_new(WOLFSSL_METHOD* method) { if(sgx_is_within_enclave(method, wolfSSL_METHOD_GetObjectSize()) != 1) @@ -51,6 +68,14 @@ int enc_wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx, return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, sz, type); } +int enc_wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx, + const unsigned char* buf, long sz, int type) +{ + if(sgx_is_within_enclave(ctx, wolfSSL_CTX_GetObjectSize()) != 1) + abort(); + return wolfSSL_CTX_use_certificate_buffer(ctx, buf, sz, type); +} + int enc_wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf, long sz, int type) { @@ -67,6 +92,12 @@ int enc_wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in return wolfSSL_CTX_load_verify_buffer(ctx, in, sz, format); } +int enc_wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list) { + if(sgx_is_within_enclave(ctx, wolfSSL_CTX_GetObjectSize()) != 1) + abort(); + return wolfSSL_CTX_set_cipher_list(ctx, list); +} + WOLFSSL* enc_wolfSSL_new( WOLFSSL_CTX* ctx) { if(sgx_is_within_enclave(ctx, wolfSSL_CTX_GetObjectSize()) != 1) diff --git a/SGX_Linux/trusted/Wolfssl_Enclave.edl b/SGX_Linux/trusted/Wolfssl_Enclave.edl index 51af70b6..9a51b0ff 100644 --- a/SGX_Linux/trusted/Wolfssl_Enclave.edl +++ b/SGX_Linux/trusted/Wolfssl_Enclave.edl @@ -7,7 +7,6 @@ enclave { include "wolfcrypt/test/test.h" include "wolfcrypt/benchmark/benchmark.h" - trusted { public int wc_test([user_check]void* args); public int wc_benchmark_test([user_check]void* args); @@ -16,6 +15,7 @@ enclave { public void enc_wolfSSL_Debugging_ON(void); public void enc_wolfSSL_Debugging_OFF(void); public WOLFSSL_METHOD* enc_wolfTLSv1_2_client_method(void); + public WOLFSSL_METHOD* enc_wolfTLSv1_2_server_method(void); public WOLFSSL_CTX* enc_wolfSSL_CTX_new([user_check] WOLFSSL_METHOD* method); public int enc_wolfSSL_CTX_use_PrivateKey_buffer([user_check] WOLFSSL_CTX* ctx, [in, size=sz] const unsigned char* buf, @@ -29,6 +29,12 @@ enclave { [in, size=sz] const unsigned char* buf, long sz, int type); + public int enc_wolfSSL_CTX_use_certificate_buffer([user_check] WOLFSSL_CTX* ctx, + [in, size=sz] const unsigned char* buf, + long sz, + int type); + public int enc_wolfSSL_CTX_set_cipher_list([user_check] WOLFSSL_CTX* ctx, + [in, string] const char* list); public WOLFSSL* enc_wolfSSL_new([user_check] WOLFSSL_CTX* ctx); public int enc_wolfSSL_set_fd([user_check]WOLFSSL* ssl, int fd); public int enc_wolfSSL_connect([user_check]WOLFSSL* ssl); diff --git a/SGX_Linux/untrusted/App.c b/SGX_Linux/untrusted/App.c index c7c34acc..8fbecc4e 100644 --- a/SGX_Linux/untrusted/App.c +++ b/SGX_Linux/untrusted/App.c @@ -23,6 +23,7 @@ #include "stdafx.h" #include "App.h" /* contains include of Enclave_u.h which has wolfSSL header files */ #include "client-tls.h" +#include "server-tls.h" /* Use Debug SGX ? */ #if _DEBUG @@ -48,11 +49,23 @@ int main(int argc, char* argv[]) /* not using since just testing w/ wc_test */ func_args args = { 0 }; /* only print off if no command line arguments were passed in */ - if (argc == 1) { - printf("Setting up Enclave ... "); + if (argc != 2 || strlen(argv[1]) != 2) { + printf("Usage:\n" + "\t-c Run a TLS client in enclave\n" + "\t-s Run a TLS server in enclave\n" +#ifdef HAVE_WOLFSSL_TEST + "\t-t Run wolfCrypt tests only \n" +#endif /* HAVE_WOLFSSL_TEST */ + +#ifdef HAVE_WOLFSSL_BENCHMARK + "\t-b Run wolfCrypt benchmarks in enclave\n" +#endif /* HAVE_WOLFSSL_BENCHMARK */ + ); + return 0; } - memset(t, 0, sizeof(sgx_launch_token_t)); + memset(t, 0, sizeof(sgx_launch_token_t)); + memset(&args,0,sizeof(args)); ret = sgx_create_enclave(ENCLAVE_FILENAME, DEBUG_VALUE, &t, &updated, &id, NULL); if (ret != SGX_SUCCESS) { @@ -60,22 +73,39 @@ int main(int argc, char* argv[]) /* not using since just testing w/ wc_test */ return 1; } - printf("\nCrypt Test:\n"); - wc_test(id, &sgxStatus, &args); - printf("Crypt Test: Return code %d\n", args.return_code); - printf("\n\n\n"); - memset(&args,0,sizeof(args)); + switch(argv[1][1]) { + case 'c': + printf("Client Test:\n"); + client_connect(id); + break; - printf("\nBenchmark Test:\n"); - wc_benchmark_test(id, &sgxStatus, &args); - printf("Benchmark Test: Return code %d\n", args.return_code); - printf("\n\n\n"); + case 's': + printf("Server Test:\n"); + server_connect(id); + break; - printf("\nClient Test:\n"); - client_connect(id); +#ifdef HAVE_WOLFSSL_TEST + case 't': + printf("Crypt Test:\n"); + wc_test(id, &sgxStatus, &args); + printf("Crypt Test: Return code %d\n", args.return_code); + break; +#endif /* HAVE_WOLFSSL_TEST */ - return 0; +#ifdef HAVE_WOLFSSL_BENCHMARK + case 'b': + printf("\nBenchmark Test:\n"); + wc_benchmark_test(id, &sgxStatus, &args); + printf("Benchmark Test: Return code %d\n", args.return_code); + break; +#endif /* HAVE_WOLFSSL_BENCHMARK */ + default: + printf("Unrecognized option set!\n"); + break; + } + + return 0; } static double current_time() diff --git a/SGX_Linux/untrusted/server-tls.c b/SGX_Linux/untrusted/server-tls.c new file mode 100644 index 00000000..f49b9129 --- /dev/null +++ b/SGX_Linux/untrusted/server-tls.c @@ -0,0 +1,190 @@ +/* server-tls.c + * + * Copyright (C) 2006-2015 wolfSSL Inc. + * + * This file is part of wolfSSL. (formerly known as CyaSSL) + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + +#include "server-tls.h" + +/* the usual suspects */ +#include +#include +#include +#include + +/* socket includes */ +#include +#include +#include +#include + +/* wolfSSL */ +#include +#include + +#define DEFAULT_PORT 11111 + +#define CIPHER_LIST "ECDHE-ECDSA-AES128-GCM-SHA256" + + + +int server_connect(sgx_enclave_id_t id) +{ + int sgxStatus; + int sockfd; + int connd; + struct sockaddr_in servAddr; + struct sockaddr_in clientAddr; + socklen_t size = sizeof(clientAddr); + char buff[256]; + size_t len; + int ret = 0; /* variable for error checking */ + + /* declare wolfSSL objects */ + WOLFSSL_CTX* ctx; + WOLFSSL* ssl; + WOLFSSL_METHOD* method; + + + + /* Initialize wolfSSL */ + enc_wolfSSL_Init(id, &sgxStatus); + +#ifdef SGX_DEBUG + enc_wolfSSL_Debugging_ON(id); +#else + enc_wolfSSL_Debugging_OFF(id); +#endif + + /* Create a socket that uses an internet IPv4 address, + * Sets the socket to be stream based (TCP), + * 0 means choose the default protocol. */ + if ((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { + fprintf(stderr, "ERROR: failed to create the socket\n"); + return -1; + } + + + /* Create and initialize WOLFSSL_CTX */ + sgxStatus = enc_wolfTLSv1_2_server_method(id, &method); + if (sgxStatus != SGX_SUCCESS || method == NULL) { + printf("wolfTLSv1_2_server_method failure\n"); + return EXIT_FAILURE; + } + + sgxStatus = enc_wolfSSL_CTX_new(id, &ctx, method); + if (sgxStatus != SGX_SUCCESS || ctx == NULL) { + printf("wolfSSL_CTX_new failure\n"); + return EXIT_FAILURE; + } + + /* Load server certificates into WOLFSSL_CTX */ + sgxStatus = enc_wolfSSL_CTX_use_certificate_buffer(id, &ret, ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, SSL_FILETYPE_ASN1); + if (sgxStatus != SGX_SUCCESS || ret != SSL_SUCCESS) { + printf("enc_wolfSSL_CTX_use_certificate_chain_buffer_format failure\n"); + return EXIT_FAILURE; + } + + /* Load server key into WOLFSSL_CTX */ + sgxStatus = enc_wolfSSL_CTX_use_PrivateKey_buffer(id, &ret, ctx, + server_key_der_2048, sizeof_server_key_der_2048, SSL_FILETYPE_ASN1); + if (sgxStatus != SGX_SUCCESS || ret != SSL_SUCCESS) { + printf("wolfSSL_CTX_use_PrivateKey_buffer failure\n"); + return EXIT_FAILURE; + } + + /* Initialize the server address struct with zeros */ + memset(&servAddr, 0, sizeof(servAddr)); +/* Fill in the server address */ + servAddr.sin_family = AF_INET; /* using IPv4 */ + servAddr.sin_port = htons(DEFAULT_PORT); /* on DEFAULT_PORT */ + servAddr.sin_addr.s_addr = INADDR_ANY; /* from anywhere */ + + + + /* Bind the server socket to our port */ + if (bind(sockfd, (struct sockaddr*)&servAddr, sizeof(servAddr)) == -1) { + fprintf(stderr, "ERROR: failed to bind\n"); + return -1; + } + + /* Listen for a new connection, allow 5 pending connections */ + if (listen(sockfd, 5) == -1) { + fprintf(stderr, "ERROR: failed to listen\n"); + return -1; + } + + printf("Waiting for a connection...\n"); + + /* Accept client connections */ + if ((connd = accept(sockfd, (struct sockaddr*)&clientAddr, &size)) + == -1) { + fprintf(stderr, "ERROR: failed to accept the connection\n\n"); + return -1; + } + + sgxStatus = enc_wolfSSL_new(id, &ssl, ctx); + + if (sgxStatus != SGX_SUCCESS || ssl == NULL) { + printf("wolfSSL_new failure\n"); + return EXIT_FAILURE; + } + + /* Attach wolfSSL to the socket */ + sgxStatus = enc_wolfSSL_set_fd(id, &ret, ssl, connd); + if (sgxStatus != SGX_SUCCESS || ret != SSL_SUCCESS) { + printf("wolfSSL_set_fd failure\n"); + return EXIT_FAILURE; + } + + printf("Client connected successfully\n"); + + /* Read the client data into our buff array */ + memset(buff, 0, sizeof(buff)); + sgxStatus = enc_wolfSSL_read(id, &ret, ssl, buff, sizeof(buff)-1); + if(sgxStatus != SGX_SUCCESS || ret == -1) { + printf("Server failed to read\n"); + return EXIT_FAILURE; + } + + /* Print to stdout any data the client sends */ + printf("Client: %s\n", buff); + + /* Write our reply into buff */ + memset(buff, 0, sizeof(buff)); + memcpy(buff, "I hear ya fa shizzle!\n", sizeof(buff)); + len = strnlen(buff, sizeof(buff)); + + /* Reply back to the client */ + sgxStatus = enc_wolfSSL_write(id, &ret, ssl, buff, len); + if (sgxStatus != SGX_SUCCESS || ret != len) { + printf("Server write failed.\n"); + return EXIT_FAILURE; + } + + /* Cleanup after this connection */ + enc_wolfSSL_free(id, ssl); /* Free the wolfSSL object */ + close(connd); /* Close the connection to the client */ + + /* Cleanup and return */ + sgxStatus = enc_wolfSSL_CTX_free(id, ctx); /* Free the wolfSSL context object */ + sgxStatus = enc_wolfSSL_Cleanup(id, &ret); /* Cleanup the wolfSSL environment */ + close(sockfd); /* Close the socket listening for clients */ + return 0; /* Return reporting a success */ +} diff --git a/SGX_Linux/untrusted/server-tls.h b/SGX_Linux/untrusted/server-tls.h new file mode 100644 index 00000000..f3f8db28 --- /dev/null +++ b/SGX_Linux/untrusted/server-tls.h @@ -0,0 +1,30 @@ +/* server-tls.h +* +* Copyright (C) 2006-2016 wolfSSL Inc. +* +* This file is part of wolfSSL. +* +* wolfSSL is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License as published by +* the Free Software Foundation; either version 2 of the License, or +* (at your option) any later version. +* +* wolfSSL is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA +*/ + +#ifndef SERVER_TLS_H +#define SERVER_TLS_H + +#include "sgx_urts.h" /* for enclave_id etc.*/ +#include "Wolfssl_Enclave_u.h" /* contains untrusted wrapper functions used to call enclave functions*/ + +int server_connect(sgx_enclave_id_t id); + +#endif /* SERVER_TLS_H */