SKALE-3039

85590b1e · kladko · 28616a45 · 85590b1e · 85590b1e · 85590b1e
Unverified Commit 85590b1e authored Sep 10, 2020 by kladko
Show whitespace changes
Inline Side-by-side

Showing with 8 additions and 8 deletions

AESUtils.c secure_enclave/AESUtils.c +3 -4

AESUtils.h secure_enclave/AESUtils.h +2 -1

secure_enclave.c secure_enclave/secure_enclave.c +3 -3

No files found.
--- a/secure_enclave/AESUtils.c
+++ b/secure_enclave/AESUtils.c
@@ -30,8 +30,7 @@

 #include "AESUtils.h"

-sgx_aes_gcm_128bit_key_t AES_key;
-sgx_aes_gcm_128bit_key_t AES_DH_key;
+uint8_t AES_key[2* BUF_LEN];


 #define SAFE_CHAR_BUF(__X__, __Y__)  ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__);
@@ -75,7 +74,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig

    sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE);

-    sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len,
+    sgx_status_t status = sgx_rijndael128GCM_encrypt(AES_key + BUF_LEN, (uint8_t*)message, len,
                                                     encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE,
                                                     encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
                                                     NULL, 0,
@@ -124,7 +123,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
        return -2;
  }

-  sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
+  sgx_status_t status = sgx_rijndael128GCM_decrypt(AES_key + BUF_LEN,
                                                   encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
                                                   (unsigned char*) message,
                                                   encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,

--- a/secure_enclave/AESUtils.h
+++ b/secure_enclave/AESUtils.h
@@ -24,7 +24,8 @@
 #ifndef SGXD_AESUTILS_H
 #define SGXD_AESUTILS_H

-extern sgx_aes_gcm_128bit_key_t AES_key;
+#define BUF_LEN 1024
+extern uint8_t AES_key[2* BUF_LEN] ;

 int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen,
                unsigned char type, unsigned char exportable, uint64_t* resultLen);

--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString,
    RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE);

    carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex);
-    memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE);
+    memcpy(AES_key + BUF_LEN, SEK_raw, SGX_AESGCM_KEY_SIZE);


    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex);
@@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
    uint64_t len;


-    hex2carray(aes_key_hex, &len, (uint8_t *) AES_key);
+    hex2carray(aes_key_hex, &len, (uint8_t *) AES_key + BUF_LEN);

    SET_SUCCESS
    clean:
@@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    CHECK_STATE(sek_hex);

    uint64_t len;
-    hex2carray(sek_hex, &len, (uint8_t *) AES_key);
+    hex2carray(sek_hex, &len, (uint8_t *) AES_key + BUF_LEN);


    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);