SKALE-3151-sgxwallet-cant-decrypt-key

secure_enclave/secure_enclave.c

@@ -216,23 +216,27 @@ void trustedGenerateSEK(int *errStatus, char *errString,
 
     sgx_misc_select_t misc = 0xF0000000;
 
+
+
     sgx_status_t status = sgx_seal_data_ex(SGX_KEYPOLICY_MRENCLAVE, attribute_mask, misc, 0, NULL, hex_aes_key_length + 1, (uint8_t *) SEK_hex, sealedLen,
                                         (sgx_sealed_data_t *) encrypted_SEK);
     CHECK_STATUS("seal SEK failed after SEK generation");
 
-    int len = 0;
+    uint32_t encrypt_text_length = sgx_get_encrypt_txt_len(encrypted_SEK);
 
-    SAFE_CHAR_BUF(unsealedKey, BUF_LEN);
-    int decLen;
+    CHECK_STATE(encrypt_text_length = hex_aes_key_length + 1);
 
-    status = sgx_unseal_data(encrypted_SEK, NULL, NULL, unsealedKey, &decLen );
-
-    SAFE_CHAR_BUF(errS, BUF_LEN);
+    int len = 0;
 
-    return;
+    SAFE_CHAR_BUF(unsealedKey, BUF_LEN);
+    int decLen = BUF_LEN;
 
-//    CHECK_STATUS("seal/unseal SEK failed after SEK generation in unseal");
+    uint32_t add_text_length = sgx_get_add_mac_txt_len(encrypted_SEK);
+    CHECK_STATE(add_text_length == 0);
 
+    CHECK_STATE(sgx_is_within_enclave(encrypted_SEK,sizeof(sgx_sealed_data_t)));
+    status = sgx_unseal_data(encrypted_SEK, NULL, NULL, unsealedKey, &decLen );
+    CHECK_STATUS("seal/unseal SEK failed after SEK generation in unseal");
     *enc_len = sealedLen;
 
     SET_SUCCESS