This repo contains two enclaves (Ea and Eb) along with two untrusted apps Aa and Ab where Ea and Eb are managed by Aa and Ab respectively.
The apps Aa and Ab act as the untrusted transport between the two enclaves Ea and Eb. Aa communicates the outcome of the challenges to the user. The communication between Aa and Ab implemented using a named pipe.
The protocol between these two pairs of enclaves and applications can be described as:
The code is annotated in folowing keypoints:
- Points of communication between Aa and Ab: Sending and receiving the public keys, the encrypted PSK, and the encrypted challenges/responses.
- The points where the enclaves Ea and Eb generate their key pairs.
- The points where the enclaves Ea and Eb calculate the shared secret.
- The point where enclave Ea generates and encrypts the challenge.
- The point where enclave Ea decrypts and verifies the response.
- The point where enclave Eb decrypts the challenge.
- The point where enclave Eb computes and encrypts the response.
Using the following format:
/***********************************************
* 1. BEGIN: Enclave A: send public key to B and receive key from B
***********************************************/
<code here>
/***********************************************
* 1. END: Enclave A: send public key to B and receive key from B
***********************************************/
This repo was done in context of System Security course assignment at ETH Zurich.