Skip to content

S
sgxwallet
Unverified Commit bfa691b4 authored by a72d9e2bad9edfd58d6c0248c12c953b71d409d2's avatar a72d9e2bad9edfd58d6c0248c12c953b71d409d2
Browse files
Options

Fixes

parent c15cb343
Hide whitespace changes
Inline Side-by-side
Showing with 34 additions and 15 deletions
secure_enclave/secure_enclave.c
View file @ bfa691b4
...@@ -50,7 +50,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ...@@ -50,7 +50,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#define MAX_KEY_LENGTH 128 #define MAX_KEY_LENGTH 128
#define MAX_ENCRYPTED_KEY_LENGTH 128 #define MAX_ENCRYPTED_KEY_LENGTH 1024
#define ADD_ENTROPY_SIZE 32 #define ADD_ENTROPY_SIZE 32
...@@ -116,25 +116,41 @@ void e_mpz_div(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {} ...@@ -116,25 +116,41 @@ void e_mpz_div(mpz_t *c_un, mpz_t *a_un, mpz_t *b_un) {}
void e_mpf_div(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {} void e_mpf_div(mpf_t *c_un, mpf_t *a_un, mpf_t *b_un) {}
void encrypt_key(int *err_status, unsigned char *key, void encrypt_key(int *err_status, unsigned char *key,
unsigned char *encrypted_key, uint32_t *enc_len) { unsigned char *encrypted_key, uint32_t *enc_len) {
*err_status = -1; *err_status = -1;
if (strnlen(key, MAX_KEY_LENGTH - 1) == MAX_KEY_LENGTH -1) uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
// check that key is zero terminated string
if (keyLen == MAX_KEY_LENGTH)
return; return;
*err_status = -2;
// check that key is padded with 0s
for (int i = keyLen; i < MAX_KEY_LENGTH; i++) {
if (key[i] != 0) {
return;
}
}
*err_status = -3; *err_status = -3;
if (!check_key(key)) { if (!check_key(key)) {
return; return;
} }
uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(key) + 1); uint32_t sealedLen = sgx_calc_sealed_data_size(0, MAX_KEY_LENGTH);
*err_status = -4; *err_status = -4;
if (sealedLen > 1024) { if (sealedLen > MAX_ENCRYPTED_KEY_LENGTH) {
return; return;
} }
...@@ -142,15 +158,13 @@ void encrypt_key(int *err_status, unsigned char *key, ...@@ -142,15 +158,13 @@ void encrypt_key(int *err_status, unsigned char *key,
memset(encrypted_key, 0, MAX_ENCRYPTED_KEY_LENGTH); memset(encrypted_key, 0, MAX_ENCRYPTED_KEY_LENGTH);
if (sgx_seal_data(0, NULL, MAX_KEY_LENGTH, key, sealedLen, encrypted_key) !=
if (sgx_seal_data(0, NULL, strlen(key) + 1, key, sealedLen, encrypted_key) !=
SGX_SUCCESS) SGX_SUCCESS)
return; return;
*enc_len = sealedLen; *enc_len = sealedLen;
*err_status = -6;
char key2[MAX_KEY_LENGTH]; char key2[MAX_KEY_LENGTH];
...@@ -158,17 +172,22 @@ void encrypt_key(int *err_status, unsigned char *key, ...@@ -158,17 +172,22 @@ void encrypt_key(int *err_status, unsigned char *key,
decrypt_key(err_status, encrypted_key, sealedLen, key2); decrypt_key(err_status, encrypted_key, sealedLen, key2);
if (strnlen(key2, MAX_KEY_LENGTH -1) == MAX_KEY_LENGTH -1)
return;
*err_status = -7; if (*err_status != 0) {
return *err_status - 100;
}
if (strcmp(key, key2) != 0)
uint64_t key2Len = strnlen(key2, MAX_KEY_LENGTH);
if (key2Len == MAX_KEY_LENGTH)
return; return;
*err_status = -8; *err_status = -8;
if (strcmp(key, key2) != 0) if (strncmp(key, key2, MAX_KEY_LENGTH) != 0)
return; return;
*err_status = 0; *err_status = 0;
......
sgxd.c
View file @ bfa691b4
...@@ -182,8 +182,8 @@ int main(int argc, char *argv[]) { ...@@ -182,8 +182,8 @@ int main(int argc, char *argv[]) {
status = encrypt_key(eid, &err_status, keyArray, encryptedKey, &enc_len); status = encrypt_key(eid, &err_status, keyArray, encryptedKey, &enc_len);
if (status != SGX_SUCCESS || enc_len < 10) { if (status != SGX_SUCCESS) {
fprintf(stderr, "ECALL encrypt_key: 0x%04x\n", status); gmp_printf(stderr, "ECALL encrypt_key: 0x%04x\n", status);
return 1; return 1;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment