Skip to content

S
sgxwallet
Unverified Commit 32ccd711 authored by kladko's avatar kladko
Browse files
Options

SKALE-3228

parent 4fd8c4d2
Hide whitespace changes
Inline Side-by-side
Showing with 94 additions and 5 deletions
secure_enclave/AESUtils.c
View file @ 32ccd711
...@@ -29,6 +29,9 @@ ...@@ -29,6 +29,9 @@
#include "AESUtils.h" #include "AESUtils.h"
sgx_aes_gcm_128bit_key_t AES_key;
sgx_aes_gcm_128bit_key_t AES_DH_key;
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) { int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen) {
if (!message) { if (!message) {
...@@ -95,3 +98,83 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t ...@@ -95,3 +98,83 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
return status; return status;
} }
int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}
uint64_t len = strlen(message) + 1;
if (len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrLen ) {
LOG_ERROR("Output buffer too small");
return -3;
}
sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);
sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_DH_key, (uint8_t*)message, strlen(message),
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *) encr_message);
return status;
}
int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
if (!message) {
LOG_ERROR("Null message in AES_encrypt_DH");
return -1;
}
if (!encr_message) {
LOG_ERROR("Null encr message in AES_encrypt_DH");
return -2;
}
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
return -1;
}
uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
if (msgLen < len) {
LOG_ERROR("Output buffer not large enough");
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_DH_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
(unsigned char*) message,
encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
NULL, 0,
(sgx_aes_gcm_128bit_tag_t *)encr_message);
return status;
}
void derive_DH_Key() {
memcpy(AES_DH_key, AES_key, SGX_AESGCM_KEY_SIZE );
}
secure_enclave/AESUtils.h
View file @ 32ccd711
...@@ -24,13 +24,16 @@ ...@@ -24,13 +24,16 @@
#ifndef SGXD_AESUTILS_H #ifndef SGXD_AESUTILS_H
#define SGXD_AESUTILS_H #define SGXD_AESUTILS_H
sgx_aes_gcm_128bit_key_t AES_key; extern sgx_aes_gcm_128bit_key_t AES_key;
extern sgx_aes_gcm_128bit_key_t AES_DH_key;
int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen); int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
int AES_encrypt_dh(char *message, uint8_t *encr_message, uint64_t encrLen); int AES_encrypt_DH(char *message, uint8_t *encr_message, uint64_t encrLen);
int AES_decrypt_dh(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ; int AES_decrypt_DH(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
void derive_DH_Key();
#endif //SGXD_AESUTILS_H #endif //SGXD_AESUTILS_H
secure_enclave/secure_enclave.c
View file @ 32ccd711
...@@ -292,6 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, ...@@ -292,6 +292,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
derive_DH_Key();
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
...@@ -331,6 +332,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { ...@@ -331,6 +332,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
derive_DH_Key();
SET_SUCCESS SET_SUCCESS
clean: clean:
...@@ -349,6 +351,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, ...@@ -349,6 +351,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
uint64_t len; uint64_t len;
hex2carray(sek_hex, &len, (uint8_t *) AES_key); hex2carray(sek_hex, &len, (uint8_t *) AES_key);
derive_DH_Key();
sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);
...@@ -607,7 +610,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri ...@@ -607,7 +610,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -9; *errStatus = -9;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072); int status = AES_decrypt_DH(encryptedPrivateKey, enc_len, key, 3072);
if (status != 0) { if (status != 0) {
*errStatus = status; *errStatus = status;
...@@ -644,7 +647,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key, ...@@ -644,7 +647,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
*errStatus = UNKNOWN_ERROR; *errStatus = UNKNOWN_ERROR;
int status = AES_encrypt((char *)key, encryptedPrivateKey, BUF_LEN); int status = AES_encrypt_DH((char *)key, encryptedPrivateKey, BUF_LEN);
CHECK_STATUS2("AES encrypt failed with status %d"); CHECK_STATUS2("AES encrypt failed with status %d");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment