|
@@ -85,22 +85,34 @@
|
|
|
}
|
|
|
|
|
|
// INTERNAL.
|
|
|
- uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
|
|
|
+ uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(
|
|
|
+ uint8_t* client_public_key_plus_ciphertext_fields, uint32_t* client_public_key_plus_ciphertext_fields_lengths,
|
|
|
+ uint32_t number_of_ciphertext_fields,
|
|
|
+ uint8_t* plaintext_fields, uint32_t* plaintext_field_lengths)
|
|
|
{
|
|
|
- uint8_t* ciphertext_plus_tag;
|
|
|
- uint32_t ciphertext_plus_tag_length;
|
|
|
- uint32_t internal_return_status;
|
|
|
+ uint8_t *ciphertext_field_ptr, *plaintext_field_ptr;
|
|
|
+ uint32_t plaintext_field_length, ciphertext_field_length, internal_return_status, counter;
|
|
|
|
|
|
// I will derive a shared key from the plaintext_client_public_key
|
|
|
- internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(client_public_key_plus_ciphertext_fields);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
// and then I will decrypt the rest of the client data with that key.
|
|
|
- ciphertext_plus_tag = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
|
|
|
- ciphertext_plus_tag_length = total_length - ECDH_PUBLIC_KEY_SIZE;
|
|
|
+ ciphertext_field_ptr = client_public_key_plus_ciphertext_fields + client_public_key_plus_ciphertext_fields_lengths[0]; // tag = 16 bytes, iv = 12 bytes.
|
|
|
+ plaintext_field_ptr = plaintext_fields;
|
|
|
+ for(counter=0; counter<number_of_ciphertext_fields; counter++)
|
|
|
+ {
|
|
|
+ ciphertext_field_length = client_public_key_plus_ciphertext_fields_lengths[counter+1];
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext_field_ptr,
|
|
|
+ ciphertext_field_length, plaintext_field_ptr, &plaintext_field_length);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+ plaintext_field_ptr += plaintext_field_length;
|
|
|
+ ciphertext_field_ptr += ciphertext_field_length;
|
|
|
|
|
|
- internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(0, ciphertext_plus_tag, ciphertext_plus_tag_length, plaintext_client_data, plaintext_client_data_length);
|
|
|
+ plaintext_field_lengths[counter] = plaintext_field_length;
|
|
|
+ }
|
|
|
return internal_return_status;
|
|
|
}
|
|
|
|
|
@@ -206,33 +218,109 @@
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- uint32_t Decryptor::decrypt_client_data(
|
|
|
- uint8_t* input_ciphertext,
|
|
|
- uint32_t input_ciphertext_length,
|
|
|
- uint32_t* input_sizes_array,
|
|
|
- uint32_t input_sizes_array_length)
|
|
|
- {
|
|
|
- /*
|
|
|
- // check if the buffer is allocated outside
|
|
|
- if (sgx_is_outside_enclave(val, sz) != 1)
|
|
|
- abort();
|
|
|
-
|
|
|
- // fence after sgx_is_outside_enclave check
|
|
|
- sgx_lfence();
|
|
|
- */
|
|
|
- return 0;
|
|
|
- }
|
|
|
+ // INTERNAL.
|
|
|
+ uint32_t Decryptor::encrypt_decrypt_to_apache(uint32_t encrypt_decrypt,
|
|
|
+ uint8_t* double_ciphertext,
|
|
|
+ uint32_t* double_ciphertext_fields_lengths,
|
|
|
+ uint32_t number_of_double_ciphertext_fields,
|
|
|
+ uint8_t* ciphertext,
|
|
|
+ uint32_t* ciphertext_length,
|
|
|
+ uint32_t* ciphertext_fields_lengths)
|
|
|
+ {
|
|
|
+ uint32_t ciphertext_field_length, field_counter, temp_total_ciphertext_length, internal_return_status;
|
|
|
+ unsigned char *ciphertext_arr_ptr, *double_ciphertext_arr_ptr;
|
|
|
+
|
|
|
+ double_ciphertext_arr_ptr = double_ciphertext;
|
|
|
+ ciphertext_arr_ptr = ciphertext;
|
|
|
+
|
|
|
+ // decrypt each set of bytes of length input_sizes_array[counter] of the input_ciphertext
|
|
|
+ for(field_counter=0; field_counter<number_of_double_ciphertext_fields; field_counter++)
|
|
|
+ {
|
|
|
+ internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(encrypt_decrypt, double_ciphertext_arr_ptr,
|
|
|
+ double_ciphertext_fields_lengths[field_counter],
|
|
|
+ ciphertext_arr_ptr, &ciphertext_field_length);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+
|
|
|
+ double_ciphertext_arr_ptr += double_ciphertext_fields_lengths[field_counter];
|
|
|
+ ciphertext_arr_ptr += ciphertext_field_length;
|
|
|
+ ciphertext_fields_lengths[field_counter] = ciphertext_field_length;
|
|
|
+ temp_total_ciphertext_length += ciphertext_field_length;
|
|
|
+ }
|
|
|
+
|
|
|
+ *ciphertext_length = temp_total_ciphertext_length;
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
|
|
|
+ uint32_t Decryptor::process_apache_message_generate_response(
|
|
|
+ uint8_t* double_ciphertext,
|
|
|
+ uint32_t double_ciphertext_length,
|
|
|
+ uint32_t* double_ciphertext_fields_lengths,
|
|
|
+ uint32_t number_of_double_ciphertext_fields,
|
|
|
+ uint8_t* output_ciphertext,
|
|
|
+ uint32_t* output_sizes_array)
|
|
|
+{
|
|
|
+ unsigned char *incoming_ciphertext, *plaintext;
|
|
|
+ uint32_t *incoming_ciphertext_fields_lengths, *plaintext_fields_lengths;
|
|
|
+ uint32_t internal_return_status, output_ciphertext_length, ciphertext_length;
|
|
|
+
|
|
|
+ // UPPER BOUND - technically: double_ciphertext_length - (number_of_double_ciphertext_fields * 28)
|
|
|
+ incoming_ciphertext = (unsigned char*) malloc(double_ciphertext_length);
|
|
|
+ incoming_ciphertext_fields_lengths = (uint32_t*) malloc(number_of_double_ciphertext_fields);
|
|
|
+
|
|
|
+ internal_return_status = encrypt_decrypt_to_apache(0,
|
|
|
+ double_ciphertext,
|
|
|
+ double_ciphertext_fields_lengths,
|
|
|
+ number_of_double_ciphertext_fields,
|
|
|
+ incoming_ciphertext,
|
|
|
+ &ciphertext_length,
|
|
|
+ incoming_ciphertext_fields_lengths);
|
|
|
+
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ {
|
|
|
+ free(incoming_ciphertext);
|
|
|
+ free(incoming_ciphertext_fields_lengths);
|
|
|
+ return internal_return_status;
|
|
|
+ }
|
|
|
+
|
|
|
+ plaintext = (unsigned char*) malloc(ciphertext_length);
|
|
|
+ plaintext_fields_lengths = (uint32_t*) malloc(number_of_double_ciphertext_fields); // -1 technically.
|
|
|
+ internal_return_status=initialize_symmetric_key_decrypt_client_data(
|
|
|
+ incoming_ciphertext, incoming_ciphertext_fields_lengths,
|
|
|
+ number_of_double_ciphertext_fields - 1,
|
|
|
+ plaintext, plaintext_fields_lengths);
|
|
|
+ free(incoming_ciphertext);
|
|
|
+ free(incoming_ciphertext_fields_lengths);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ {
|
|
|
+ free(plaintext);
|
|
|
+ free(plaintext_fields_lengths);
|
|
|
+ return internal_return_status;
|
|
|
+ }
|
|
|
+
|
|
|
+ internal_return_status = encrypt_decrypt_to_apache(1,
|
|
|
+ plaintext,
|
|
|
+ plaintext_fields_lengths,
|
|
|
+ number_of_double_ciphertext_fields-1,
|
|
|
+ output_ciphertext,
|
|
|
+ &output_ciphertext_length,
|
|
|
+ output_sizes_array);
|
|
|
+ free(plaintext);
|
|
|
+ free(plaintext_fields_lengths);
|
|
|
+ return internal_return_status;
|
|
|
+ }
|
|
|
|
|
|
|
|
|
-// EXTERNAL. DONE.
|
|
|
+ /*
|
|
|
+ // EXTERNAL. DONE.
|
|
|
uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
|
|
|
{
|
|
|
uint32_t first_decryption_output_length, plaintext_client_data_length;
|
|
|
uint32_t internal_return_status;
|
|
|
// TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
|
|
|
// first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
|
|
|
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length, first_decryption_output, &first_decryption_output_length);
|
|
|
+ internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length,
|
|
|
+ first_decryption_output, &first_decryption_output_length);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
@@ -245,6 +333,7 @@
|
|
|
internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
return internal_return_status;
|
|
|
}
|
|
|
+ */
|
|
|
|
|
|
// INTERNAL.
|
|
|
uint32_t Decryptor::verify_peer_enclave_trust(uint8_t* given_mr_enclave, uint8_t* given_mr_signer, uint8_t* dhaek)
|