Skip to content

S
sgxwallet
Unverified Commit b505fb2e authored by kladko's avatar kladko
Browse files
Options

SKALE-3067-cleanup-sgx

parent 638cad86
Hide whitespace changes
Inline Side-by-side
Showing with 38 additions and 20 deletions
secure_enclave/AESUtils.c
View file @ b505fb2e
......@@ -40,9 +40,23 @@ int AES_encrypt(char *message, uint8_t *encr_message) {
return status;
}
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message) {
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) {
if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
return -1;
}
uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
if (msgLen < len) {
LOG_ERROR("Output buffer not large enough");
return -2;
}
sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key,
encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
message,
......
secure_enclave/AESUtils.h
View file @ b505fb2e
......@@ -28,6 +28,6 @@ sgx_aes_gcm_128bit_key_t AES_key;
int AES_encrypt(char *message, uint8_t *encr_message);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message);
int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t msgLen) ;
#endif //SGXD_AESUTILS_H
secure_enclave/secure_enclave.c
View file @ b505fb2e
......@@ -971,6 +971,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
pub_key_y[i] = '0';
}
strncpy(pub_key_y + n_zeroes, arr_y, 1024 - n_zeroes);
char skey_str[ECDSA_SKEY_LEN];
char arr_skey_str[mpz_sizeinbase(skey, ECDSA_SKEY_BASE) + 2];
mpz_get_str(arr_skey_str, ECDSA_SKEY_BASE, skey);
......@@ -997,9 +998,7 @@ void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
*enc_len = strlen(skey_str) + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE;
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, skey_str, ECDSA_SKEY_LEN);
if (stat != 0) {
snprintf(errString + 19 + strlen(skey_str), BUF_LEN, "ecdsa private key decr failed with status %d", stat);
......@@ -1026,7 +1025,7 @@ void trustedGetPublicEcdsaKeyAES(int *errStatus, char *errString,
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
skey[enc_len - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE] = '\0';
if (status != 0) {
......@@ -1114,7 +1113,7 @@ void trustedEcdsaSignAES(int *errStatus, char *errString, uint8_t *encryptedPriv
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != 0) {
*errStatus = status;
......@@ -1216,7 +1215,7 @@ void trustedEncryptKeyAES(int *errStatus, char *errString, const char *key,
char decryptedKey[BUF_LEN];
memset(decryptedKey, 0, BUF_LEN);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey);
stat = AES_decrypt(encryptedPrivateKey, *enc_len, decryptedKey, BUF_LEN);
if (stat != 0) {
*errStatus = stat;
......@@ -1247,7 +1246,7 @@ void trustedDecryptKeyAES(int *errStatus, char *errString, uint8_t *encryptedPri
*errStatus = -9;
int status = AES_decrypt(encryptedPrivateKey, enc_len, key);
int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072);
if (status != 0) {
*errStatus = status;
......@@ -1278,7 +1277,7 @@ void trustedBlsSignMessageAES(int *errStatus, char *errString, uint8_t *encrypte
char sig[BUF_LEN];
memset(sig, 0, BUF_LEN);
int stat = AES_decrypt(encryptedPrivateKey, enc_len, key);
int stat = AES_decrypt(encryptedPrivateKey, enc_len, key, BUF_LEN);
if (stat != 0) {
*errStatus = stat;
......@@ -1321,7 +1320,8 @@ trustedGenDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_dkg_s
char decr_dkg_secret[DKG_BUFER_LENGTH];
memset(decr_dkg_secret, 0, DKG_BUFER_LENGTH);
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret);
status = AES_decrypt(encrypted_dkg_secret, *enc_len, decr_dkg_secret,
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt dkg poly failed");
*errStatus = status;
......@@ -1341,7 +1341,8 @@ trustedDecryptDkgSecretAES(int *errStatus, char *errString, uint8_t *encrypted_d
uint32_t *dec_len) {
LOG_DEBUG(__FUNCTION__);
int status = AES_decrypt(encrypted_dkg_secret, *dec_len, (char *) decrypted_dkg_secret);
int status = AES_decrypt(encrypted_dkg_secret, *dec_len, (char *) decrypted_dkg_secret,
3072);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
......@@ -1354,7 +1355,8 @@ void trustedSetEncryptedDkgPolyAES(int *errStatus, char *errString, uint8_t *enc
LOG_DEBUG(__FUNCTION__);
memset(decryptedDkgPoly, 0, DKG_BUFER_LENGTH);
int status = AES_decrypt(encrypted_poly, *enc_len, (char *) decryptedDkgPoly);
int status = AES_decrypt(encrypted_poly, *enc_len, (char *) decryptedDkgPoly,
DKG_BUFER_LENGTH);
if (status != SGX_SUCCESS) {
*errStatus = -1;
......@@ -1382,7 +1384,7 @@ void trustedGetEncryptedSecretShareAES(int *errStatus, char *errString, uint8_t
return;
}
int status = AES_decrypt(encrypted_skey, enc_len, skey);
int status = AES_decrypt(encrypted_skey, enc_len, skey, ECDSA_SKEY_LEN);
skey[ECDSA_SKEY_LEN - 1] = 0;
if (status != SGX_SUCCESS) {
......@@ -1433,7 +1435,8 @@ void trustedGetPublicSharesAES(int *errStatus, char *errString, uint8_t *encrypt
char *decrypted_dkg_secret = (char *) calloc(DKG_MAX_SEALED_LEN, 1);
memset(decrypted_dkg_secret, 0, DKG_MAX_SEALED_LEN);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret);
int status = AES_decrypt(encrypted_dkg_secret, enc_len, decrypted_dkg_secret,
DKG_MAX_SEALED_LEN);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "aes decrypt data - encrypted_dkg_secret failed with status %d", status);
......@@ -1458,7 +1461,8 @@ void trustedDkgVerifyAES(int *errStatus, char *errString, const char *public_sha
char skey[ECDSA_SKEY_LEN];
memset(skey, 0, ECDSA_SKEY_LEN);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey);
int status = AES_decrypt(encryptedPrivateKey, enc_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
snprintf(errString, BUF_LEN, "AES_decrypt failed (in trustedDkgVerifyAES) with status %d", status);
......@@ -1511,7 +1515,7 @@ void trustedCreateBlsKeyAES(int *errStatus, char *errString, const char *s_share
LOG_DEBUG(__FUNCTION__);
char skey[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, key_len, skey);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
*errStatus = status;
snprintf(errString, BUF_LEN, "aes decrypt failed with status %d", status);
......@@ -1624,7 +1628,7 @@ trustedGetBlsPubKeyAES(int *errStatus, char *errString, uint8_t *encryptedPrivat
char skey_hex[ECDSA_SKEY_LEN];
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex);
int status = AES_decrypt(encryptedPrivateKey, key_len, skey_hex, ECDSA_SKEY_LEN);
if (status != SGX_SUCCESS) {
*errStatus = 1;
snprintf(errString, BUF_LEN, "aes_decrypt failed with status %d", status);
......
secure_enclave/secure_enclave.edl
View file @ b505fb2e
......@@ -217,14 +217,14 @@ enclave {
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_dkg_secret,
[out, count = 2490] uint8_t* decrypted_dkg_secret,
[out, count = 3072] uint8_t* decrypted_dkg_secret,
[user_check] uint32_t* dec_len);
public void trustedSetEncryptedDkgPolyAES(
[out] int *errStatus,
[out, count = SMALL_BUF_SIZE] char* err_string,
[in, count = 3050] uint8_t* encrypted_poly,
[out] uint64_t* enc_len);
[user_check] uint64_t* enc_len);
public void trustedGetEncryptedSecretShareAES(
[out]int *errStatus,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment