6 years ago · 0ae1160096
--- a/App/systemLA.cpp
+++ b/App/systemLA.cpp
@@ -302,6 +302,8 @@ int decrypt_client_data_wrapper(unsigned char* op_plaintext , uint32_t own_encla
 
				 	int counter;
			
 
				 
			
 
				   memset(client_keys_and_data_encrypted_to_enclave, 0, 160+64);
			
 
				+ 
			
 
				+  printf("Read the following from Apache: \n"); fflush(stdout);
			
 
				   for(counter=0;counter<protobuf_msg_from_apache_length;counter++)
			
 
				   {
			
 
				   	client_keys_and_data_encrypted_to_enclave[counter]=*(msg_from_apache+counter);
			
@@ -314,11 +316,6 @@ int decrypt_client_data_wrapper(unsigned char* op_plaintext , uint32_t own_encla
 
				 	for(counter=0;counter<client_data_encrypted_to_enclave_length;counter++)
			
 
				 		client_data_encrypted_to_apache[counter]=client_keys_and_data_encrypted_to_enclave[counter+64];
			
 
				 
			
 
				-  printf("Key in big endian form:\n"); fflush(stdout);
			
 
				-  for(counter=0; counter<64; counter++)
			
 
				-    printf("0x%02x ", *(client_keys_and_data_encrypted_to_enclave + counter));
			
 
				-  printf("\n"); fflush(stdout);
			
 
				-
			
 
				 	client_data_encrypted_to_apache_length = client_data_encrypted_to_enclave_length;
			
 
				 	uint8_t clen; 
			
 
				 	Decryptor_decrypt_client_data(own_enclave_id, &sgx_ret_status, client_keys_and_data_encrypted_to_enclave, client_data_encrypted_to_enclave_length, client_data_encrypted_to_apache, &clen);
			
--- a/Decryptor/Decryptor.cpp
+++ b/Decryptor/Decryptor.cpp
@@ -399,6 +399,7 @@ uint32_t calculate_sealed_data_size( uint32_t input_size)
 
				 
			
 
				 // ip_key will always be within the enclave.
			
 
				 // enc = 1 for encryption and 0 for decryption, like openssl api
			
 
				+// TODO: Rename this - it's actually 128 bit encryption. 
			
 
				 uint32_t aes_gcm_192_call(uint32_t enc, uint8_t* ip_key, uint8_t* ip_iv, uint8_t* ip_ciphertext, uint32_t ip_ciphertext_len, uint8_t* op_plaintext, uint32_t* op_plaintext_length, uint8_t* tag)
			
 
				 {
			
 
				 	uint32_t counter;
			
@@ -464,11 +465,12 @@ uint32_t decrypt_client_data(unsigned char* ip_encrypted_client_pub_key_and_data
 
				 	uint32_t temp_array_valid_length;
			
 
				 	unsigned char client_iv[12]={0,0,0,0, 0,0,0,0, 0,0,0,0};
			
 
				 
			
 
				-	for(counter=0;counter<ip_encrypted_client_pub_key_and_data_length;counter++)
			
 
				+	for(counter=64;counter<ip_encrypted_client_pub_key_and_data_length;counter++)
			
 
				 		op_client_data[counter]=ip_encrypted_client_pub_key_and_data[counter];
			
 
				 	*clen = (uint8_t) ip_encrypted_client_pub_key_and_data_length; 
			
 
				 
			
 
				 	temp_array = (unsigned char*) malloc(ip_encrypted_client_pub_key_and_data_length); 
			
 
				+/*
			
 
				 	// TODO: Remove aes_gcm_internal_call function - upgrade to using openssl's aesgcm 192 bit enc 
			
 
				 	// TODO: Change the returned 2nd length o/p to be incoming length - tag length for decryption and incoming length + 16 for encryption
			
 
				 	ret = aes_gcm_192_call(0, apache_key, apache_iv, ip_encrypted_client_pub_key_and_data, ip_encrypted_client_pub_key_and_data_length, temp_array, &temp_array_valid_length, ip_encrypted_client_pub_key_and_data + ip_encrypted_client_pub_key_and_data_length - 16);
			
@@ -477,6 +479,53 @@ uint32_t decrypt_client_data(unsigned char* ip_encrypted_client_pub_key_and_data
 
				 		free(temp_array);
			
 
				 		return ret; 
			
 
				 	}
			
 
				+	
			
 
				+	for(counter=0; counter<temp_array_valid_length; counter++)
			
 
				+        	op_client_data[counter] = temp_array[counter];
			
 
				+	*clen = temp_array_valid_length;
			
 
				+	free(temp_array); 
			
 
				+	return 0;
			
 
				+*/
			
 
				+
			
 
				+	// Temp_array = {X component of public key (32 bytes), Y component of public key (32 bytes), client data encrypted to decryptor (x), tag for client data encrypted to decryptor (16 bytes)
			
 
				+	// therefore, length x = temp_array_valid_length - 64 (for public key) - 16 (for own tag) 
			
 
				+	plaintext_client_public_key = ip_encrypted_client_pub_key_and_data; // temp_array; 
			
 
				+	client_data_encrypted_to_decryptor = ip_encrypted_client_pub_key_and_data + 64; 
			
 
				+	client_data_encrypted_to_decryptor_length = ip_encrypted_client_pub_key_and_data_length; // temp_array_valid_length - 64 - 16; 
			
 
				+	tag_for_client_data_encrypted_to_decryptor = ip_encrypted_client_pub_key_and_data + 64 + ip_encrypted_client_pub_key_and_data_length; //temp_array + 64 + client_data_encrypted_to_decryptor_length; 
			
 
				+
			
 
				+	check_ret = compute_ecdh_shared_key(plaintext_client_public_key, plaintext_client_public_key + 32, short_term_private_key_arr, derived_key);
			
 
				+	if(check_ret != 0)
			
 
				+	{
			
 
				+		plaintext_client_public_key = NULL;
			
 
				+		client_data_encrypted_to_decryptor = NULL;
			
 
				+		tag_for_client_data_encrypted_to_decryptor = NULL;
			
 
				+		free(temp_array); 
			
 
				+		return check_ret;
			
 
				+	}
			
 
				+/*
			
 
				+	check_ret = aes_gcm(0, derived_key, client_iv, client_data_encrypted_to_decryptor, client_data_encrypted_to_decryptor_length, temp_array, &temp_array_valid_length, tag_for_client_data_encrypted_to_decryptor);
			
 
				+	if(check_ret != 0)
			
 
				+	{
			
 
				+	        plaintext_client_public_key = NULL;
			
 
				+                client_data_encrypted_to_decryptor = NULL;
			
 
				+                tag_for_client_data_encrypted_to_decryptor = NULL;
			
 
				+                free(temp_array); 
			
 
				+		return check_ret;
			
 
				+	}
			
 
				+*/
			
 
				+	for(counter=0;counter<32;counter++)
			
 
				+		op_client_data[counter]=derived_key[counter]; 
			
 
				+
			
 
				+//	for(counter=0; counter<temp_array_valid_length; counter++)
			
 
				+//		op_client_data[counter] = temp_array[counter];
			
 
				+//	for(counter=0; counter<16; counter++)
			
 
				+//		op_client_data[temp_array_valid_length + counter] = tag_for_client_data_encrypted_to_decryptor[counter];
			
 
				+
			
 
				+//	*clen = temp_array_valid_length + 16; 
			
 
				+	*clen = 32; 
			
 
				+	return 0;
			
 
				+/*
			
 
				 	// Temp_array = {X component of public key (32 bytes), Y component of public key (32 bytes), client data encrypted to decryptor (x), tag for client data encrypted to decryptor (16 bytes)
			
 
				 	// therefore, length x = temp_array_valid_length - 64 (for public key) - 16 (for own tag) 
			
 
				 	plaintext_client_public_key = temp_array; 
			
@@ -510,7 +559,7 @@ uint32_t decrypt_client_data(unsigned char* ip_encrypted_client_pub_key_and_data
 
				 	{
			
 
				 		for(counter=0; counter<client_data_encrypted_to_apache_length; counter++)
			
 
				 			op_client_data[counter] = client_data_encrypted_to_apache[counter];
			
 
				-		for(counter=0; counter<16; counter++)
			
 
				+		for(counter=0; counter<16; counter++) // TODO: This overwrites the first 16 bytes of the array written in the line above (WTF is going on) 
			
 
				 			op_client_data[counter] = tag_for_client_data_encrypted_to_apache[counter]; 
			
 
				 		*clen = (uint8_t) client_data_encrypted_to_apache_length + 16; // Need to give in the total wire length
			
 
				 	}
			
@@ -520,5 +569,7 @@ uint32_t decrypt_client_data(unsigned char* ip_encrypted_client_pub_key_and_data
 
				         tag_for_client_data_encrypted_to_decryptor = NULL;
			
 
				         free(temp_array); 
			
 
				 	free(client_data_encrypted_to_apache); 
			
 
				+
			
 
				         return ret; 
			
 
				+*/
			
 
				 }