Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
S
sgxwallet
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
董子豪
sgxwallet
Commits
32ccd711
Unverified
Commit
32ccd711
authored
Sep 07, 2020
by
kladko
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
SKALE-3228
parent
4fd8c4d2
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
94 additions
and
5 deletions
+94
-5
AESUtils.c
secure_enclave/AESUtils.c
+83
-0
AESUtils.h
secure_enclave/AESUtils.h
+6
-3
secure_enclave.c
secure_enclave/secure_enclave.c
+5
-2
No files found.
secure_enclave/AESUtils.c
View file @
32ccd711
...
...
@@ -29,6 +29,9 @@
#include "AESUtils.h"
sgx_aes_gcm_128bit_key_t
AES_key
;
sgx_aes_gcm_128bit_key_t
AES_DH_key
;
int
AES_encrypt
(
char
*
message
,
uint8_t
*
encr_message
,
uint64_t
encrLen
)
{
if
(
!
message
)
{
...
...
@@ -95,3 +98,83 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return
status
;
}
int
AES_encrypt_DH
(
char
*
message
,
uint8_t
*
encr_message
,
uint64_t
encrLen
)
{
if
(
!
message
)
{
LOG_ERROR
(
"Null message in AES_encrypt_DH"
);
return
-
1
;
}
if
(
!
encr_message
)
{
LOG_ERROR
(
"Null encr message in AES_encrypt_DH"
);
return
-
2
;
}
uint64_t
len
=
strlen
(
message
)
+
1
;
if
(
len
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
>
encrLen
)
{
LOG_ERROR
(
"Output buffer too small"
);
return
-
3
;
}
sgx_read_rand
(
encr_message
+
SGX_AESGCM_MAC_SIZE
,
SGX_AESGCM_IV_SIZE
);
sgx_status_t
status
=
sgx_rijndael128GCM_encrypt
(
&
AES_DH_key
,
(
uint8_t
*
)
message
,
strlen
(
message
),
encr_message
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
,
encr_message
+
SGX_AESGCM_MAC_SIZE
,
SGX_AESGCM_IV_SIZE
,
NULL
,
0
,
(
sgx_aes_gcm_128bit_tag_t
*
)
encr_message
);
return
status
;
}
int
AES_decrypt_DH
(
uint8_t
*
encr_message
,
uint64_t
length
,
char
*
message
,
uint64_t
msgLen
)
{
if
(
!
message
)
{
LOG_ERROR
(
"Null message in AES_encrypt_DH"
);
return
-
1
;
}
if
(
!
encr_message
)
{
LOG_ERROR
(
"Null encr message in AES_encrypt_DH"
);
return
-
2
;
}
if
(
length
<
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
)
{
LOG_ERROR
(
"length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE"
);
return
-
1
;
}
uint64_t
len
=
length
-
SGX_AESGCM_MAC_SIZE
-
SGX_AESGCM_IV_SIZE
;
if
(
msgLen
<
len
)
{
LOG_ERROR
(
"Output buffer not large enough"
);
return
-
2
;
}
sgx_status_t
status
=
sgx_rijndael128GCM_decrypt
(
&
AES_DH_key
,
encr_message
+
SGX_AESGCM_MAC_SIZE
+
SGX_AESGCM_IV_SIZE
,
len
,
(
unsigned
char
*
)
message
,
encr_message
+
SGX_AESGCM_MAC_SIZE
,
SGX_AESGCM_IV_SIZE
,
NULL
,
0
,
(
sgx_aes_gcm_128bit_tag_t
*
)
encr_message
);
return
status
;
}
void
derive_DH_Key
()
{
memcpy
(
AES_DH_key
,
AES_key
,
SGX_AESGCM_KEY_SIZE
);
}
secure_enclave/AESUtils.h
View file @
32ccd711
...
...
@@ -24,13 +24,16 @@
#ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t
AES_key
;
extern
sgx_aes_gcm_128bit_key_t
AES_key
;
extern
sgx_aes_gcm_128bit_key_t
AES_DH_key
;
int
AES_encrypt
(
char
*
message
,
uint8_t
*
encr_message
,
uint64_t
encrLen
);
int
AES_decrypt
(
uint8_t
*
encr_message
,
uint64_t
length
,
char
*
message
,
uint64_t
msgLen
)
;
int
AES_encrypt_dh
(
char
*
message
,
uint8_t
*
encr_message
,
uint64_t
encrLen
);
int
AES_decrypt_dh
(
uint8_t
*
encr_message
,
uint64_t
length
,
char
*
message
,
uint64_t
msgLen
)
;
int
AES_encrypt_DH
(
char
*
message
,
uint8_t
*
encr_message
,
uint64_t
encrLen
);
int
AES_decrypt_DH
(
uint8_t
*
encr_message
,
uint64_t
length
,
char
*
message
,
uint64_t
msgLen
)
;
void
derive_DH_Key
();
#endif //SGXD_AESUTILS_H
secure_enclave/secure_enclave.c
View file @
32ccd711
...
...
@@ -292,6 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
carray2Hex
((
uint8_t
*
)
SEK_raw
,
SGX_AESGCM_KEY_SIZE
,
sek_hex
);
memcpy
(
AES_key
,
SEK_raw
,
SGX_AESGCM_KEY_SIZE
);
derive_DH_Key
();
sealHexSEK
(
errStatus
,
errString
,
encrypted_sek
,
enc_len
,
sek_hex
);
...
...
@@ -331,6 +332,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
hex2carray
(
aes_key_hex
,
&
len
,
(
uint8_t
*
)
AES_key
);
derive_DH_Key
();
SET_SUCCESS
clean:
...
...
@@ -349,6 +351,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
uint64_t
len
;
hex2carray
(
sek_hex
,
&
len
,
(
uint8_t
*
)
AES_key
);
derive_DH_Key
();
sealHexSEK
(
errStatus
,
errString
,
encrypted_sek
,
enc_len
,
(
char
*
)
sek_hex
);
...
...
@@ -607,7 +610,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*
errStatus
=
-
9
;
int
status
=
AES_decrypt
(
encryptedPrivateKey
,
enc_len
,
key
,
3072
);
int
status
=
AES_decrypt
_DH
(
encryptedPrivateKey
,
enc_len
,
key
,
3072
);
if
(
status
!=
0
)
{
*
errStatus
=
status
;
...
...
@@ -644,7 +647,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*
errStatus
=
UNKNOWN_ERROR
;
int
status
=
AES_encrypt
((
char
*
)
key
,
encryptedPrivateKey
,
BUF_LEN
);
int
status
=
AES_encrypt
_DH
((
char
*
)
key
,
encryptedPrivateKey
,
BUF_LEN
);
CHECK_STATUS2
(
"AES encrypt failed with status %d"
);
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment