|
@@ -54,13 +54,11 @@
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- // TODO: FIX DUMMY HEADER.
|
|
|
- // EXTERNAL ECALL.
|
|
|
uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag, uint32_t* op_length)
|
|
|
{
|
|
|
uint32_t temp_ciphertext_token_H_iv_tag_length;
|
|
|
- uint32_t internal_return_status;
|
|
|
- uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0x42};
|
|
|
+ uint32_t internal_return_status;
|
|
|
+ uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0x42};
|
|
|
|
|
|
if(successful_la_count != 2)
|
|
|
return 0x33;
|
|
@@ -70,8 +68,8 @@
|
|
|
return internal_return_status;
|
|
|
|
|
|
internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_mitigator_header_H, ECDH_PUBLIC_KEY_SIZE + 32 + 64, ciphertext_token_H_plus_tag, &temp_ciphertext_token_H_iv_tag_length);
|
|
|
- *op_length = temp_ciphertext_token_H_iv_tag_length;
|
|
|
- return internal_return_status;
|
|
|
+ *op_length = temp_ciphertext_token_H_iv_tag_length;
|
|
|
+ return internal_return_status;
|
|
|
}
|
|
|
|
|
|
// INTERNAL. done. But there might be one more return statement for the case when get_keypair returns sth (it is non void).
|
|
@@ -86,7 +84,9 @@
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
+
|
|
|
// INTERNAL.
|
|
|
+ // TODO: Edit to process a list of fields.
|
|
|
uint32_t Decryptor::initialize_symmetric_key_decrypt_client_data(uint8_t* plaintext_client_public_key_plus_encrypted_data_plus_tag, uint32_t total_length, uint8_t* plaintext_client_data, uint32_t* plaintext_client_data_length)
|
|
|
{
|
|
|
uint8_t* ciphertext_plus_tag;
|
|
@@ -208,8 +208,85 @@
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- // EXTERNAL. DONE.
|
|
|
- uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
|
|
|
+ uint32_t Decryptor::encrypt_decrypt_fields_list(SymmetricEncryptionBox &symmetricEncryptionBox , uint32_t encrypt_decrypt,
|
|
|
+ uint8_t *input_fields_list, uint32_t *input_field_sizes,
|
|
|
+ uint32_t no_of_fields,
|
|
|
+ uint8_t *output_fields_list,
|
|
|
+ uint32_t *output_field_sizes, uint32_t* total_output_length) {
|
|
|
+ // Enc-dec loops over no_of_fields.
|
|
|
+ uint32_t field_counter, input_byte_accumulator=0, byte_counter, field_size, output_byte_accumulator=0;
|
|
|
+ uint8_t* input_field, *output_field;
|
|
|
+ uint32_t input_field_length, output_field_length, internal_return_status;
|
|
|
+
|
|
|
+ output_field = output_fields_list;
|
|
|
+ for(field_counter=0; field_counter< no_of_fields; field_counter++)
|
|
|
+ {
|
|
|
+ input_field_length = input_field_sizes[field_counter];
|
|
|
+ input_field = input_fields_list + input_byte_accumulator;
|
|
|
+ output_field = output_fields_list + output_byte_accumulator;
|
|
|
+
|
|
|
+ internal_return_status = symmetricEncryptionBox.encrypt_decrypt(encrypt_decrypt, input_field, input_field_length, output_field, &output_field_length);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+
|
|
|
+ output_field_sizes[field_counter] = output_field_length;
|
|
|
+ input_byte_accumulator += input_field_length;
|
|
|
+ output_byte_accumulator += output_field_length;
|
|
|
+ }
|
|
|
+ *total_output_length = output_byte_accumulator;
|
|
|
+ return 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ uint32_t Decryptor::decrypt_client_data(uint8_t *input_fields_list, uint32_t *input_field_sizes,
|
|
|
+ uint32_t no_of_fields, uint32_t total_input_size,
|
|
|
+ uint8_t *output_fields_list,
|
|
|
+ uint32_t *output_field_sizes) {
|
|
|
+
|
|
|
+ uint8_t *intermediate_fields_list, *plaintext_fields_list;
|
|
|
+ uint32_t *intermediate_fields_sizes, *plaintext_fields_sizes;
|
|
|
+ uint32_t internal_return_status, total_intermediate_fields_length;
|
|
|
+ uint32_t total_plaintext_fields_length, total_output_fields_length;
|
|
|
+ // List of symmetric decryption outputs - will get rid of 12 bytes of IV and 16 bytes of tag.
|
|
|
+ intermediate_fields_list = (uint8_t*) malloc(total_input_size - (28 * no_of_fields));
|
|
|
+ intermediate_fields_sizes = (uint32_t*) malloc(no_of_fields);
|
|
|
+
|
|
|
+ // Remove outermost layer of decryption, namely the one with the target enclave.
|
|
|
+ internal_return_status = encrypt_decrypt_fields_list(symmetricEncryptionBoxApache, 0, input_fields_list,
|
|
|
+ input_field_sizes, no_of_fields,
|
|
|
+ intermediate_fields_list, intermediate_fields_sizes, &total_intermediate_fields_length);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+
|
|
|
+ // Establish a symmetric encryption key with the client, using the client's public key.
|
|
|
+ // TODO: Change this function to take in the key length.
|
|
|
+ internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(intermediate_fields_list);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+
|
|
|
+ // The public key, which was the first element of the output list above, has been processed.
|
|
|
+ // Do not attempt to decrypt it one more time.
|
|
|
+ intermediate_fields_list += intermediate_fields_sizes[0];
|
|
|
+ intermediate_fields_sizes += 1;
|
|
|
+ no_of_fields -= 1;
|
|
|
+ total_intermediate_fields_length -= intermediate_fields_sizes[0];
|
|
|
+
|
|
|
+ // Initializing lists for the plaintext data.
|
|
|
+ plaintext_fields_list = (uint8_t*) malloc(total_intermediate_fields_length);
|
|
|
+ plaintext_fields_sizes = (uint32_t*) malloc(no_of_fields);
|
|
|
+
|
|
|
+ // Obtain plaintext data by decrypting with the above newly-established key with the client.
|
|
|
+ internal_return_status = encrypt_decrypt_fields_list(hybridEncryptionBoxClient, 0,
|
|
|
+ intermediate_fields_list, intermediate_fields_sizes, no_of_fields,
|
|
|
+ plaintext_fields_list, plaintext_fields_sizes, &total_plaintext_fields_length);
|
|
|
+ if(internal_return_status != 0)
|
|
|
+ return internal_return_status;
|
|
|
+
|
|
|
+ // Finally, encrypt the plaintext back to the target enclave.
|
|
|
+ return encrypt_decrypt_fields_list(symmetricEncryptionBoxApache, 1, plaintext_fields_list, plaintext_fields_sizes,
|
|
|
+ no_of_fields, output_fields_list, output_field_sizes, &total_output_fields_length);
|
|
|
+ }
|
|
|
+
|
|
|
+uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)
|
|
|
{
|
|
|
uint32_t first_decryption_output_length, plaintext_client_data_length;
|
|
|
uint32_t internal_return_status;
|