SKALE-3151-cannot decrypt storage key

d65cea62 · kladko · 1f6064e7 · d65cea62
Unverified Commit d65cea62 authored Aug 21, 2020 by kladko
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 16 deletions

secure_enclave.c secure_enclave/secure_enclave.c +8 -16

No files found.
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -266,7 +266,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) {
    CHECK_STATE(encrypted_sek);
    SAFE_CHAR_BUF(aes_key_hex, BUF_LEN);

-    uint32_t dec_len;
+    uint32_t dec_len = BUF_LEN;

    sgx_status_t status = sgx_unseal_data(
            (const sgx_sealed_data_t *) encrypted_sek, NULL, 0,
@@ -295,22 +295,12 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    uint64_t len;
    hex2carray(sek_hex, &len, (uint8_t *) AES_key);

-    uint32_t sealedLen = sgx_calc_sealed_data_size(0, strlen(sek_hex) + 1);
+    sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);

-
-    sgx_attributes_t attribute_mask;
-    attribute_mask.flags = 0xfffffffffffffff3;
-    attribute_mask.xfrm = 0x0;
-
-    sgx_misc_select_t misc = 0xF0000000;
-
-    sgx_status_t status = sgx_seal_data_ex(SGX_KEYPOLICY_MRENCLAVE,
-                                           attribute_mask, misc, 0, NULL, strlen(sek_hex) + 1, (uint8_t *) sek_hex, sealedLen,
-                                        (sgx_sealed_data_t *) encrypted_sek);
-
-    CHECK_STATUS2("seal SEK failed with status %d")
-
-    *enc_len = sealedLen;
+    if (errStatus != 0) {
+        LOG_ERROR("sealHexSEK failed");
+        goto clean;
+    }

    SET_SUCCESS
    clean:
@@ -318,6 +308,8 @@ void trustedSetSEK_backup(int *errStatus, char *errString,
    LOG_INFO("SGX call completed");
 }

+
+
 void trustedGenerateEcdsaKeyAES(int *errStatus, char *errString,
                                uint8_t *encryptedPrivateKey, uint32_t *enc_len, char *pub_key_x, char *pub_key_y) {
    LOG_INFO(__FUNCTION__);