Fixes

bfa691b4 · a72d9e2bad9edfd58d6c0248c12c953b71d409d2 · c15cb343 · bfa691b4 · bfa691b4
Unverified Commit bfa691b4 authored Sep 02, 2019 by a72d9e2bad9edfd58d6c0248c12c953b71d409d2
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 15 deletions

secure_enclave.c secure_enclave/secure_enclave.c +32 -13

sgxd.c sgxd.c +2 -2

No files found.
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -50,7 +50,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


 #define  MAX_KEY_LENGTH 128
-#define  MAX_ENCRYPTED_KEY_LENGTH 128
+#define  MAX_ENCRYPTED_KEY_LENGTH 1024

 #define ADD_ENTROPY_SIZE 32

@@ -116,25 +116,41 @@ void e_mpz_div(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}

 void e_mpf_div(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}

+
+
 void encrypt_key(int *err_status, unsigned char *key,
                 unsigned char *encrypted_key, uint32_t *enc_len) {

  *err_status = -1;

-  if (strnlen(key, MAX_KEY_LENGTH - 1) == MAX_KEY_LENGTH -1)
+  uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
+
+  // check that key is zero terminated string
+
+  if (keyLen == MAX_KEY_LENGTH)
    return;

+  *err_status = -2;
+
+  // check that key is padded with 0s
+
+  for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
+    if (key[i] != 0) {
+      return;
+    }
+  }
+
  *err_status = -3;

  if (!check_key(key)) {
    return;
  }

-  uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(key) + 1);
+  uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);

  *err_status = -4;

-  if (sealedLen > 1024) {
+  if (sealedLen > MAX_ENCRYPTED_KEY_LENGTH) {
    return;
  }

@@ -142,15 +158,13 @@ void encrypt_key(int *err_status, unsigned char *key,

  memset(encrypted_key, 0, MAX_ENCRYPTED_KEY_LENGTH);

-
-
-  if (sgx_seal_data(0, NULL, strlen(key) + 1, key, sealedLen, encrypted_key) !=
+  if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, key, sealedLen, encrypted_key) !=
      SGX_SUCCESS)
    return;

  *enc_len = sealedLen;

-  *err_status = -6;
+

  char key2[MAX_KEY_LENGTH];

@@ -158,17 +172,22 @@ void encrypt_key(int *err_status, unsigned char *key,

  decrypt_key(err_status, encrypted_key, sealedLen, key2);

-  if (strnlen(key2, MAX_KEY_LENGTH -1) == MAX_KEY_LENGTH -1)
-    return;

-  *err_status = -7;
+  if (*err_status != 0) {
+    return *err_status - 100;
+  }

-  if (strcmp(key, key2) != 0)
+
+
+  uint64_t key2Len = strnlen(key2, MAX_KEY_LENGTH);
+
+  if (key2Len == MAX_KEY_LENGTH)
    return;

+
  *err_status = -8;

-  if (strcmp(key, key2) != 0)
+  if (strncmp(key, key2, MAX_KEY_LENGTH) != 0)
    return;

  *err_status = 0;

--- a/sgxd.c
+++ b/sgxd.c
@@ -182,8 +182,8 @@ int main(int argc, char *argv[]) {

  status = encrypt_key(eid, &err_status, keyArray, encryptedKey, &enc_len);

-  if (status != SGX_SUCCESS || enc_len < 10) {
-    fprintf(stderr, "ECALL encrypt_key: 0x%04x\n", status);
+  if (status != SGX_SUCCESS) {
+    gmp_printf(stderr, "ECALL encrypt_key: 0x%04x\n", status);
    return 1;
  }