It works at runtime! Some frees in the decryptor enclave code cause it to crash.

Included the debugging printfs.

App/PostLAMessaging.cpp

@@ -9,12 +9,14 @@
 int PostLAMessaging::process_target_data_msg(extension_to_decryptor_msg& incomingMsg, decryptor_to_extension_msg& outgoingMsg)
 {
     const char* client_public_key;
-    uint8_t* incoming_client_data, *outgoing_client_data;
+    uint8_t* incoming_client_data, *outgoing_client_data; const char *field_string;
     uint32_t* input_field_sizes, *output_field_sizes;
-    std::string client_public_key_string, field_string;
+    std::string client_public_key_string;
     uint32_t sgx_ret_status, client_public_key_length, field_counter, byte_counter, field_size, no_of_fields, total_input_length, field_size_accumulator;
+    uint32_t counter;
 
     // Initialize the client public key
+    printf("Initialize the client public key\n"); fflush(stdout);
     client_public_key_string = incomingMsg.ciphertext_client_public_key();
     client_public_key_length = client_public_key_string.length();
     // client_public_key = (uint8_t*) malloc(client_public_key_length);
@@ -23,64 +25,84 @@ int PostLAMessaging::process_target_data_msg(extension_to_decryptor_msg& incomin
     // Initialize an array of sizes - first element is the length of the public key
     // and rest are sizes of each of the incoming ciphertext fields (an input arg. to the ecall).
     // Initialize an array to store the sizes of the *outgoing* fields too.
-    no_of_fields = incomingMsg.fields_size();
-    input_field_sizes = (uint32_t*) malloc(no_of_fields + 1); // extra one for public key.
-    output_field_sizes = (uint32_t*) malloc(no_of_fields + 1); // Made them the same as the edl file doesnt support fns of input args as sizes.
+    printf("Initialize an array of sizes \n"); fflush(stdout);
+    no_of_fields = incomingMsg.fields_size() + 1; // extra one for public key.
+    input_field_sizes = (uint32_t*) malloc(no_of_fields);
+    output_field_sizes = (uint32_t*) malloc(no_of_fields);
     total_input_length = client_public_key_length;
 
+    printf("Setting input_field_sizes\n"); fflush(stdout);
     input_field_sizes[0] = client_public_key_length;
-    for(field_counter=1; field_counter<no_of_fields+1; field_counter++)
+    for(field_counter=1; field_counter<no_of_fields; field_counter++)
     {
         input_field_sizes[field_counter] = incomingMsg.fields(field_counter-1).field().length();
         total_input_length+=input_field_sizes[field_counter];
+        printf("%d ", input_field_sizes[field_counter]);
     }
 
+    printf("Setting incoming client data\n"); fflush(stdout);
     // Initialize a contiguous array of bytes of the ciphertext fields.
     // The number of bytes in any given ciphertext field will be determined by the above array.
     // Also initialize an array to store the outgoing bytes for all ciphertext fields.
     incoming_client_data = (uint8_t*) malloc(total_input_length);
     // Did not tighten the upper bound for the length of the output data as the edl file cant handle functions of input arguments as the sizes.
     outgoing_client_data = (uint8_t*) malloc(total_input_length);
+    printf("Setting public key of length %d\n", client_public_key_length);
     for(byte_counter=0; byte_counter<client_public_key_length; byte_counter++)
     {
         incoming_client_data[byte_counter] = client_public_key[byte_counter];
+        printf("%02x ", incoming_client_data[byte_counter]);
     }
     field_size_accumulator=client_public_key_length;
-
-    for(field_counter=0; field_counter<no_of_fields; field_counter++)
+    printf("\nSetting the other fields.\n");
+    for(field_counter=1; field_counter<no_of_fields; field_counter++)
     {
         field_size = input_field_sizes[field_counter];
-        field_string = incomingMsg.fields(field_counter).field().c_str();
+        printf("%d bytes\n", field_size);
+        field_string = incomingMsg.fields(field_counter-1).field().c_str();
         for(byte_counter=0; byte_counter<field_size; byte_counter++)
         {
             incoming_client_data[field_size_accumulator + byte_counter] = field_string[byte_counter];
+            printf("%02x ",  incoming_client_data[field_size_accumulator + byte_counter]);
         }
+        printf("\n");
         field_size_accumulator += field_size;
     }
 
+    for(counter=0; counter<total_input_length; counter++)
+        printf("%02x ", incoming_client_data[counter]);
+    for(counter=0; counter<no_of_fields; counter++)
+        printf("%d ", input_field_sizes[counter]);
+    printf("\nAbout to ecall.\n");
     sgx_ret_status=0;
     Decryptor_decrypt_client_data_wrapper(enclave_id, &sgx_ret_status, incoming_client_data, input_field_sizes,
             no_of_fields, total_input_length,  outgoing_client_data, output_field_sizes);
-    free(input_field_sizes);
-    free(incoming_client_data);
+    // free(input_field_sizes);
+    // free(incoming_client_data);
     if(sgx_ret_status!=0)
     {
-        printf("Could not process client's data. Had error: %ud\n", sgx_ret_status);
+        printf("Could not process client's data. Had error: %u\n", sgx_ret_status);
         free(outgoing_client_data);
         free(output_field_sizes);
         return sgx_ret_status;
     }
+    printf("returned successfully\n");
 
     // Initialize the outgoing protobuf message using the field sizes in the outgoing_field_size array and the bytes in the outgoing_client_data array.
     field_size_accumulator=0;
-    for(field_counter=0; field_counter<no_of_fields; field_counter++)
+    printf("No of fields: %d\n", no_of_fields - 1);
+    for(field_counter=0; field_counter<no_of_fields - 1; field_counter++)
     {
         field_size = output_field_sizes[field_counter];
         outgoingMsg.add_fields()->set_field(outgoing_client_data + field_size_accumulator,field_size);
+        printf("%u bytes\n", field_size);
+        for(byte_counter=field_size_accumulator; byte_counter<field_size_accumulator + field_size; byte_counter++)
+            printf("%02x ", outgoing_client_data[byte_counter]);
+        printf("\n");
         field_size_accumulator += field_size;
     }
-    free(outgoing_client_data);
-    free(output_field_sizes);
+    printf("\n");
+
     return 0;
 }
 
@@ -116,12 +138,14 @@ int PostLAMessaging::receive_decrypt_client_data_from_target()
     decryptor_to_extension_msg outgoingMsg;
     int ret_status;
 
+    printf("Listening for the target's msg.\n"); fflush(stdout);
     if( targetChannelData.read_msg(incomingMsg) != 0)
     {
         printf("Error in protobuf in receiving msg from target.\n"); fflush(stdout);
         return 0x1;
     }
 
+    printf("Obtained a msg from the target.  Processing it.\n"); fflush(stdout);
     ret_status = process_target_data_msg(incomingMsg, outgoingMsg);
     if(ret_status != 0)
     {
@@ -129,6 +153,7 @@ int PostLAMessaging::receive_decrypt_client_data_from_target()
         return 0x2;
     }
 
+    printf("Writing the msg back to the target.\n"); fflush(stdout);
     if( targetChannelData.write_msg(outgoingMsg) != 0)
     {
         printf("Error in protobuf in sending msg to target.\n"); fflush(stdout);

Decryptor/Decryptor.cpp

@@ -216,7 +216,7 @@
       // Enc-dec loops over no_of_fields.
       uint32_t field_counter, input_byte_accumulator=0, byte_counter, field_size, output_byte_accumulator=0;
       uint8_t* input_field, *output_field;
-      uint32_t input_field_length, output_field_length, internal_return_status;
+      uint32_t input_field_length, output_field_length, internal_return_status, counter;
 
       output_field = output_fields_list;
       for(field_counter=0; field_counter< no_of_fields; field_counter++)
@@ -242,12 +242,12 @@
                                           uint8_t *output_fields_list,
                                           uint32_t *output_field_sizes) {
 
-      uint8_t *intermediate_fields_list, *plaintext_fields_list;
-      uint32_t *intermediate_fields_sizes, *plaintext_fields_sizes;
+      uint8_t *intermediate_fields_list, *plaintext_fields_list, *temp_output_list;
+      uint32_t *intermediate_fields_sizes, *plaintext_fields_sizes, *temp_output_sizes;
       uint32_t internal_return_status, total_intermediate_fields_length;
-      uint32_t total_plaintext_fields_length, total_output_fields_length;
+      uint32_t total_plaintext_fields_length, total_output_fields_length, counter;
       // List of symmetric decryption outputs - will get rid of 12 bytes of IV and 16 bytes of tag.
-      intermediate_fields_list = (uint8_t*) malloc(total_input_size - (28 * no_of_fields));
+      intermediate_fields_list = (uint8_t*) malloc(total_input_size ); // - (28 * no_of_fields)
       intermediate_fields_sizes = (uint32_t*) malloc(no_of_fields);
 
       // Remove outermost layer of decryption, namely the one with the target enclave.
@@ -281,9 +281,20 @@
       if(internal_return_status != 0)
           return internal_return_status;
 
+      temp_output_list = (uint8_t*) malloc(total_input_size);
+      temp_output_sizes = (uint32_t*) malloc(no_of_fields);
       // Finally, encrypt the plaintext back to the target enclave.
-      return encrypt_decrypt_fields_list(symmetricEncryptionBoxApache, 1, plaintext_fields_list, plaintext_fields_sizes,
-              no_of_fields, output_fields_list, output_field_sizes, &total_output_fields_length);
+      internal_return_status = encrypt_decrypt_fields_list(symmetricEncryptionBoxApache, 1, plaintext_fields_list, plaintext_fields_sizes,
+               no_of_fields, temp_output_list, temp_output_sizes, &total_output_fields_length);
+      if(internal_return_status != 0)
+          return internal_return_status;
+
+      for(counter=0; counter<total_output_fields_length; counter++)
+          output_fields_list[counter] = temp_output_list[counter];
+      for(counter=0;counter<no_of_fields; counter++)
+          output_field_sizes[counter] = temp_output_sizes[counter];
+
+      return 0;
   }
 
 uint32_t Decryptor::process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext_plus_tag, uint32_t* output_ciphertext_plus_tag_length)

Decryptor/Decryptor.edl

@@ -1,6 +1,7 @@
 enclave {
     include "sgx_eid.h"
     include "sgx_tcrypto.h"
+#define SIZEOF_UINT32_T_ARRAY
     from "../LocalAttestationCode/LocalAttestationCode.edl" import *;
     from "/home/m2mazmud/old_stuff/intel-sgx-ssl/Linux/package/include/sgx_tsgxssl.edl" import * ;
     trusted {
@@ -12,10 +13,10 @@ enclave {
       // Apache mrsigner = 32 bytes + tag on encryption = 16 bytes.
       // public uint32_t decrypt_verifiers_message_set_apache_mrsigner_wrapper([in, size=60] uint8_t* ciphertext_plus_tag);
       // NEED AT LEAST: 64 bytes for public key of client, plus 64 bytes of signature over it, plus 16 bytes of tag over any encryption = 144 bytes. Msg length = 144 bytes + Length of form field
-      public uint32_t decrypt_client_data_wrapper([in, size=total_input_size] uint8_t *input_fields_list, [in, size=no_of_fields] uint32_t *input_field_sizes,
+      public uint32_t decrypt_client_data_wrapper([in, count=total_input_size] uint8_t *input_fields_list, [in, count=no_of_fields, size=4] uint32_t *input_field_sizes,
                                               uint32_t no_of_fields, uint32_t total_input_size,
-                                              [out, size=total_input_size] uint8_t *output_fields_list,
-                                              [out, size=no_of_fields] uint32_t *output_field_sizes);
+                                              [out, count=total_input_size] uint8_t *output_fields_list,
+                                              [out, count=no_of_fields, size=4] uint32_t *output_field_sizes);
 public uint32_t process_apache_message_generate_response_wrapper([in, size=4100] uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, [out, size=4100] uint8_t* output_ciphertext, [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
       public uint32_t process_verifiers_message_wrapper([in, size=60] uint8_t* input_ciphertext, uint32_t length);
       public        void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);