Works with apache, client extension. Need to fix IVs for both.

App/LocalAttestationUntrusted.cpp

@@ -170,10 +170,13 @@ using namespace google::protobuf::io;
     // We assume that the output is not changed unless it is successful throughout.
     Decryptor_process_apache_message_generate_response_wrapper(own_enclave_id, &sgx_ret_status, input_ciphertext_plus_tag, input_ciphertext_plus_tag_length, output_ciphertext_plus_tag, &output_ciphertext_plus_tag_length);
     free(input_ciphertext_plus_tag);
-      if(sgx_ret_status!=0)
+      if(sgx_ret_status==0)
       {
       	protobuf_msg.set_msg((void*)  output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
       }
+	else
+		        printf("\n0x%02x\n", sgx_ret_status); 
+
 	printf("Returning this: \n"); 
 	for(counter=0;counter<output_ciphertext_plus_tag_length;counter++)
 		printf("%02x ",output_ciphertext_plus_tag[counter]); 

CommonOpensslCode/Openssl_crypto.cpp

@@ -439,7 +439,7 @@ int aes_gcm_128(int enc, unsigned char *key, unsigned char *iv, unsigned char* p
 		reset_return = EVP_CIPHER_CTX_reset(ctx);
                 if(1 != reset_return)
                         return 0xF4;
-                return 0x4;
+                return 0x43;
 	}
 	ciphertext_len += len;
 

Decryptor/Decryptor.cpp

@@ -127,6 +127,10 @@
     if(internal_return_status != 0)
       return internal_return_status;
 
+//    hybridEncryptionBoxClient.get_symmetric_key(plaintext_client_data); 
+//    *plaintext_client_data_length = 16; 
+//    return 0; 
+
     // and then I will decrypt the rest of the client data with that key.
     ciphertext_plus_tag = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
     ciphertext_plus_tag_length = total_length - ECDH_PUBLIC_KEY_SIZE;
@@ -250,7 +254,7 @@
       {
         free(first_decryption_output);
         return internal_return_status;
-      }
+     }
 
       plaintext_client_data = (uint8_t*) malloc(first_decryption_output_length); // you will need less than this coz public key size.
       internal_return_status = initialize_symmetric_key_decrypt_client_data(first_decryption_output, first_decryption_output_length, plaintext_client_data, &plaintext_client_data_length);
@@ -260,19 +264,11 @@
 	free(plaintext_client_data); 
         return internal_return_status;
       }
+
       // then I will encrypt the resulting first_decryption_output to the apache enclave.
-	final_encryption_output = (uint8_t*) malloc(1000); 
-      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, final_encryption_output, &final_encryption_output_length);
-	if(internal_return_status == 0)
-	{
-		for(counter=0;counter<final_encryption_output_length;counter++)
-			output_ciphertext_plus_tag[counter]=final_encryption_output[counter]; 
-		*output_ciphertext_plus_tag_length=final_encryption_output_length; 
-	}
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_client_data, plaintext_client_data_length, output_ciphertext_plus_tag, output_ciphertext_plus_tag_length);
       free(plaintext_client_data);
-	free(final_encryption_output);
-
-        return internal_return_status;
+	return internal_return_status; 
     }
 
   // INTERNAL.

Decryptor/SymmetricEncryptionBox.cpp

@@ -52,7 +52,7 @@
 			ciphertext[counter + *ciphertext_length] = tag[counter];
 		*ciphertext_length=*ciphertext_length + 16;
 	}
-    if(return_status == 0)
-      aes_gcm_increment_iv_internal_call(iv);
+//    if(return_status == 0)
+//      aes_gcm_increment_iv_internal_call(iv);
     return return_status;
   }