Unverified Commit 32ccd711 authored by kladko's avatar kladko

SKALE-3228

parent 4fd8c4d2
......@@ -29,6 +29,9 @@
#include "AESUtils.h"
sgx_aes_gcm_128bit_key_t AES_key;
sgx_aes_gcm_128bit_key_t AES_DH_key;
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
if (!message) {
......@@ -95,3 +98,83 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return status;
}
int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}
uint64_t len = strlen(message) + 1;
if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
return status;
}
int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
return -1;
}
uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
if (msgLen < len) {
LOG_ERROR("Output buffer not large enough");
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
(unsigned char*) message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);
return status;
}
void derive_DH_Key() {
memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE );
}
......@@ -24,13 +24,16 @@
#ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_DH_key;
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
int AES_encrypt_dh(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt_dh(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
void derive_DH_Key();
#endif //SGXD_AESUTILS_H
......@@ -292,6 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
derive_DH_Key();
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
......@@ -331,6 +332,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
derive_DH_Key();
SET_SUCCESS
clean:
......@@ -349,6 +351,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
uint64_t len;
hex2carray(sek_hex, &len, (uint8_t *) AES_key);
derive_DH_Key();
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
......@@ -607,7 +610,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -9;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072);
int status = AES_decrypt_DH(encryptedPrivateKey, enc_len, key, 3072);
if (status != 0) {
*errStatus = status;
......@@ -644,7 +647,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR;
int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN);
int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN);
CHECK_STATUS2("AES encrypt failed with status %d");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment