|
@@ -119,10 +119,10 @@
|
|
|
void Decryptor::testing_long_term_verification_key(uint8_t* output)
|
|
|
{
|
|
|
uint8_t keypair[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
|
|
|
- uint32_t counter;
|
|
|
- signatureBox.get_keypair(keypair);
|
|
|
+ uint32_t counter;
|
|
|
+ signatureBox.get_keypair(keypair);
|
|
|
for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE; counter++)
|
|
|
- output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter];
|
|
|
+ output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter];
|
|
|
}
|
|
|
|
|
|
// EXTERNAL. DONE.
|
|
@@ -207,14 +207,14 @@
|
|
|
internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, input_ciphertext_plus_tag, length, first_decryption_output, &first_decryption_output_length);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
-
|
|
|
- if(first_decryption_output_length != 32)
|
|
|
+
|
|
|
+ if(first_decryption_output_length != 32)
|
|
|
return 0x33;
|
|
|
-
|
|
|
+
|
|
|
for(counter=0; counter<32; counter++)
|
|
|
apache_mr_signer[counter] = *(first_decryption_output + counter);
|
|
|
-
|
|
|
-
|
|
|
+
|
|
|
+
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
@@ -318,20 +318,20 @@
|
|
|
uint32_t first_decryption_output_length, plaintext_client_data_length;
|
|
|
uint32_t internal_return_status;
|
|
|
// TODO: May be have temporary variables for input ciphertext as they can't be passed directly to functions?
|
|
|
- // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
|
|
|
+ // first, I decrypt the message from the target enclave, to get the client's public key and ciphertext data (and tag and IV)
|
|
|
internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(0, input_ciphertext, input_ciphertext_plus_tag_length,
|
|
|
first_decryption_output, &first_decryption_output_length);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
-
|
|
|
+
|
|
|
// then I obtain the plaintext client data, using the client's public key and own key to ultimately decrypt the client's ciphertext data
|
|
|
internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
// then I will encrypt the plaintext data to the target enclave.
|
|
|
- internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
- return internal_return_status;
|
|
|
+ internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
|
|
|
+ return internal_return_status;
|
|
|
}
|
|
|
*/
|
|
|
|
|
@@ -375,7 +375,7 @@
|
|
|
}
|
|
|
void Decryptor::testing_get_short_term_public_key(uint8_t* output)
|
|
|
{
|
|
|
- hybridEncryptionBoxClient.get_public_key(output);
|
|
|
+ hybridEncryptionBoxClient.get_public_key(output);
|
|
|
}
|
|
|
|
|
|
|
|
@@ -383,3 +383,24 @@ void Decryptor::testing_get_apache_iv(uint8_t* op)
|
|
|
{
|
|
|
// symmetricEncryptionBoxApache.get_iv(op);
|
|
|
}
|
|
|
+
|
|
|
+uint32_t Decryptor::session_request(sgx_dh_msg1_t *dh_msg1, uint32_t *session_id)
|
|
|
+{
|
|
|
+ return LA::session_request(dh_msg1, session_id);
|
|
|
+}
|
|
|
+
|
|
|
+ uint32_t Decryptor::exchange_report(sgx_dh_msg2_t *dh_msg2, sgx_dh_msg3_t *dh_msg3, uint32_t *session_id)
|
|
|
+ {
|
|
|
+ sgx_key_128bit_t dh_aek;
|
|
|
+ sgx_dh_session_enclave_identity_t initiator_identity;
|
|
|
+ uint32_t la_ret_status = LA::exchange_report(dh_msg2, dh_msg3, session_id, &dh_aek, &initiator_identity);
|
|
|
+ if(la_ret_status == 0)
|
|
|
+ {
|
|
|
+ return Decryptor::verify_peer_enclave_trust(initiator_identity.mr_enclave.m,
|
|
|
+ initiator_identity.mr_signer.m,
|
|
|
+ dh_aek);
|
|
|
+ }
|
|
|
+ else
|
|
|
+ return la_ret_status;
|
|
|
+
|
|
|
+ }
|