|
@@ -37,7 +37,7 @@
|
|
|
{
|
|
|
uint32_t internal_return_status;
|
|
|
uint32_t counter;
|
|
|
-
|
|
|
+ uint8_t verifier_mr_enclave[32];
|
|
|
// create short-term ECDH key pair
|
|
|
internal_return_status = hybridEncryptionBoxClient.generate_keypair();
|
|
|
if(internal_return_status == NULL)
|
|
@@ -45,8 +45,9 @@
|
|
|
hybridEncryptionBoxClient.get_public_key(token);
|
|
|
|
|
|
// create token: concatenate short-term keypair with verifiers mrenclave.
|
|
|
+ LocalAttestationTrusted::get_verifier_mr_enclave(verifier_mr_enclave);
|
|
|
for(counter=0;counter<32;counter++)
|
|
|
- *(token + counter + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE) = *(localAttestation.verifier_mr_enclave[counter]);
|
|
|
+ *(token + counter + ECDH_PUBLIC_KEY_SIZE) = verifier_mr_enclave[counter];
|
|
|
|
|
|
return 0;
|
|
|
}
|
|
@@ -55,18 +56,19 @@
|
|
|
{
|
|
|
uint32_t internal_return_status;
|
|
|
uint8_t local_signature[64];
|
|
|
- uint8_t local_signature_data[hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32];
|
|
|
+ uint8_t local_signature_data[ECDH_PUBLIC_KEY_SIZE + 32];
|
|
|
+ uint32_t counter;
|
|
|
// Otherwise: DoS or possible bypass (fake verifier does LA but real verifier mrenclave is given out by decryptor) - signature with junk verifier mrenclave or whatever is in the memory.
|
|
|
- if(one_la_done < 1)
|
|
|
+ if(LocalAttestationTrusted::one_successful_la_done() < 1)
|
|
|
return 0xde; // This needs to be called at any point after the first local attestation is done - else, a junk verifier mrenclave will be included in the signature
|
|
|
- internal_return_status = generate_mitigator_token(local_signature_data);
|
|
|
+ internal_return_status = Decryptor::create_mitigator_token_M(local_signature_data);
|
|
|
if(internal_return_status != 0x0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
- internal_return_status = signatureBox.sign(local_signature_data, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
|
|
|
+ internal_return_status = signatureBox.sign(local_signature_data, ECDH_PUBLIC_KEY_SIZE + 32, local_signature);
|
|
|
if(internal_return_status != 0x0)
|
|
|
return internal_return_status;
|
|
|
- for(counter=0;counter<hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE + 32;counter++)
|
|
|
+ for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE + 32;counter++)
|
|
|
signature_data[counter] = local_signature_data[counter];
|
|
|
for(counter=0;counter<64;counter++)
|
|
|
signature[counter] = local_signature[counter];
|
|
@@ -81,9 +83,6 @@
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
- private_public_key_string = (uint8_t*) malloc(signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
|
|
|
- if(private_public_key_string == NULL)
|
|
|
- return 0xff;
|
|
|
signatureBox.get_keypair(private_public_key_string);
|
|
|
return 0;
|
|
|
}
|
|
@@ -93,14 +92,15 @@
|
|
|
uint8_t* ciphertext;
|
|
|
uint32_t ciphertext_length;
|
|
|
uint8_t* tag;
|
|
|
+ uint32_t internal_return_status;
|
|
|
// and now I will derive a shared key from the plaintext_client_public_key
|
|
|
internal_return_status = hybridEncryptionBoxClient.initialize_symmetric_key(plaintext_client_public_key_plus_encrypted_data_plus_tag);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
// and then I will decrypt the rest of the client data with that key.
|
|
|
- ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE;
|
|
|
- ciphertext_length = total_length - hybridEncryptionBoxClient.ECDH_PUBLIC_KEY_SIZE - 16;
|
|
|
+ ciphertext = plaintext_client_public_key_plus_encrypted_data_plus_tag + ECDH_PUBLIC_KEY_SIZE;
|
|
|
+ ciphertext_length = total_length - ECDH_PUBLIC_KEY_SIZE - 16;
|
|
|
tag = ciphertext + ciphertext_length;
|
|
|
|
|
|
internal_return_status = hybridEncryptionBoxClient.encrypt_decrypt(ciphertext, ciphertext_length, plaintext_client_data, &plaintext_client_data_length, tag);
|
|
@@ -114,10 +114,11 @@
|
|
|
uint32_t sgx_libcall_status;
|
|
|
uint32_t internal_return_status;
|
|
|
uint32_t temp_sealed_data_length;
|
|
|
- uint8_t* temp_sealed_data, private_public_key_string;
|
|
|
+ uint8_t* temp_sealed_data;
|
|
|
+ uint8_t private_public_key_string[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
|
|
|
uint32_t counter;
|
|
|
|
|
|
- temp_sealed_data_length = sgx_calc_sealed_data_size(0, signatureBox.ECDH_PUBLIC_KEY_SIZE + signatureBox.ECDH_PRIVATE_KEY_SIZE);
|
|
|
+ temp_sealed_data_length = sgx_calc_sealed_data_size(0, ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE);
|
|
|
if(temp_sealed_data_length == 0xFFFFFFFF)
|
|
|
return 0x01;
|
|
|
|
|
@@ -142,17 +143,17 @@
|
|
|
uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
|
|
|
{
|
|
|
uint32_t counter;
|
|
|
- uint8_t sign_data_and_sign[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64];
|
|
|
- uint8_t temp_ciphertext_token_H[signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
|
|
|
+ uint8_t sign_data_and_sign[ECDH_PUBLIC_KEY_SIZE + 32 + 64];
|
|
|
+ uint8_t temp_ciphertext_token_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
|
|
|
uint8_t temp_tag[16];
|
|
|
uint32_t temp_ciphertext_token_H_length;
|
|
|
uint32_t internal_return_status;
|
|
|
|
|
|
- internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + signatureBox.ECDH_PUBLIC_KEY_SIZE + 32);
|
|
|
+ internal_return_status = create_mitigator_header_value(token_H, sign_data_and_sign + ECDH_PUBLIC_KEY_SIZE + 32);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
|
- internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, signatureBox.ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
|
|
|
+ internal_return_status = localAttestation.symmetricEncryptionBoxApache.encrypt_decrypt(1, sign_data_and_sign, ECDH_PUBLIC_KEY_SIZE + 32 + 64, temp_ciphertext_token_H, &temp_ciphertext_token_H_length, temp_tag);
|
|
|
if(internal_return_status != 0)
|
|
|
return internal_return_status;
|
|
|
|
|
@@ -262,4 +263,3 @@
|
|
|
free(temp_output_ciphertext);
|
|
|
return 0;
|
|
|
}
|
|
|
-
|