From eedcab4637b62e1a99699e041d187e9d001cb834 Mon Sep 17 00:00:00 2001
From: Oleh <oleg@skalelabs.com>
Date: Thu, 9 Sep 2021 18:09:46 +0300
Subject: [PATCH] SKALE-4523 fix bufer length

---
 secure_enclave/AESUtils.c       | 55 ++++++++++++++++++---------------
 secure_enclave/secure_enclave.c | 31 +++++++++----------
 2 files changed, 44 insertions(+), 42 deletions(-)

diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c
index b99790b..ae50160 100644
--- a/secure_enclave/AESUtils.c
+++ b/secure_enclave/AESUtils.c
@@ -49,11 +49,16 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig
         return -2;
     }
 
+    if (!resultLen) {
+        LOG_ERROR("Null resultLen in AES_encrypt");
+        return -3;
+    }
+
     uint64_t len = strlen(message) + 1;
 
     if (2 + len + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE > encrBufLen ) {
         LOG_ERROR("Output buffer too small");
-        return -3;
+        return -4;
     }
 
     SAFE_CHAR_BUF(fullMessage, len + 2);
@@ -97,36 +102,36 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t
         return -3;
     }
 
-    if (!encr_message) {
+    if (!exportable) {
         LOG_ERROR("Null exportable in AES_encrypt");
         return -4;
     }
 
 
-  if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
-      LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
-      return -1;
-  }
+    if (length < SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE) {
+        LOG_ERROR("length < SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE");
+        return -5;
+    }
 
-  uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
+    uint64_t len = length - SGX_AESGCM_MAC_SIZE - SGX_AESGCM_IV_SIZE;
 
-  if (msgLen < len) {
+    if (msgLen < len) {
         LOG_ERROR("Output buffer not large enough");
-        return -2;
-  }
-
-  sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]),
-                                                   encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
-                                                   (unsigned char*) message,
-                                                   encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
-                                                   NULL, 0,
-                                                   (sgx_aes_gcm_128bit_tag_t *)encr_message);
-
-  *type = message[0];
-  *exportable = message[1];
-  for (int i = 2; i < strlen(message) + 1; i++) {
-      message[i - 2 ] = message[i];
-  }
-
-  return status;
+        return -6;
+    }
+
+    sgx_status_t status = sgx_rijndael128GCM_decrypt(&(AES_key[512]),
+                                                    encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len,
+                                                    (unsigned char*) message,
+                                                    encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE,
+                                                    NULL, 0,
+                                                    (sgx_aes_gcm_128bit_tag_t *)encr_message);
+
+    *type = message[0];
+    *exportable = message[1];
+    for (int i = 2; i < strlen(message) + 1; i++) {
+        message[i - 2 ] = message[i];
+    }
+
+    return status;
 }
diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c
index 88423b4..9478dfe 100644
--- a/secure_enclave/secure_enclave.c
+++ b/secure_enclave/secure_enclave.c
@@ -597,7 +597,6 @@ void trustedEcdsaSign(int *errStatus, char *errString, uint8_t *encryptedPrivate
     LOG_DEBUG("SGX call completed");
 }
 
-
 void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivateKey,
                           uint64_t enc_len, char *key) {
 
@@ -606,24 +605,14 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
 
     CHECK_STATE(encryptedPrivateKey);
     CHECK_STATE(key);
+    CHECK_STATE( enc_len == strnlen( encryptedPrivateKey, 1024 ) );
 
     *errStatus = -9;
 
     uint8_t type = 0;
     uint8_t exportable = 0;
 
-    int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 3072,
-                             &type, &exportable);
-
-    if (exportable != EXPORTABLE) {
-        while (*key != '\0') {
-            *key++ = '0';
-        }
-        *errStatus = -11;
-        snprintf(errString, BUF_LEN, "Key is not exportable");
-        LOG_ERROR(errString);
-        goto clean;
-    }
+    int status = AES_decrypt(encryptedPrivateKey, enc_len, key, 1024, &type, &exportable);
 
     if (status != 0) {
         *errStatus = status;
@@ -632,22 +621,30 @@ void trustedDecryptKey(int *errStatus, char *errString, uint8_t *encryptedPrivat
         goto clean;
     }
 
-    *errStatus = -10;
-
-    uint64_t keyLen = strnlen(key, MAX_KEY_LENGTH);
+    size_t keyLen = strnlen(key, MAX_KEY_LENGTH);
 
     if (keyLen == MAX_KEY_LENGTH) {
+        *errStatus = -10;
         snprintf(errString, BUF_LEN, "Key is not null terminated");
         LOG_ERROR(errString);
         goto clean;
     }
 
+    if (exportable != EXPORTABLE) {
+        while (*key != '\0') {
+            *key++ = '0';
+        }
+        *errStatus = -11;
+        snprintf(errString, BUF_LEN, "Key is not exportable");
+        LOG_ERROR(errString);
+        goto clean;
+    }
+
     SET_SUCCESS
     clean:
     ;
 }
 
-
 void trustedEncryptKey(int *errStatus, char *errString, const char *key,
                           uint8_t *encryptedPrivateKey, uint64_t *enc_len) {
     LOG_INFO(__FUNCTION__);
-- 
2.18.1