Browse Source

Works for LA with verifier, apache. Need to extract sealed verification key to client. Need to get apaches php extension working - need to modify messages to send IV and expect a particular kind (even/odd) from apache, client.

dettanym 5 years ago
parent
commit
ad68d3761a

+ 14 - 3
App/App.cpp

@@ -196,7 +196,17 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
 
 
     close(sealed_signing_key_fd);
+	uint8_t verification_key[64]; 
+	Decryptor_get_long_term_verification_key_wrapper(e2_enclave_id, verification_key); 
+	printf("Verification key\n"); fflush(stdout);
+	for(counter=0;counter<32;counter++)
+		printf("%02x", verification_key[counter]);
+	printf("\n"); fflush(stdout); 
+        for(counter=0;counter<32;counter++)
+                printf("%02x", verification_key[counter + 32]);
+        printf("\n"); fflush(stdout); 
 
+/*
     int server_fd, accept_fd;
     ret_status = LocalAttestationUntrusted::prepare_local_attestation_as_responder_msg1(e2_enclave_id);
     if(ret_status !=0)
@@ -232,7 +242,8 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
       return 0xFFFFFF01;
     }
 
-    server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3824);
+	// LA 	with apache
+    server_fd=LocalAttestationUntrusted::setup_socket_for_local_attestation_requests(3825);
     if(server_fd <=0)
     {
       printf("Error in setting up server socket."); fflush(stdout);
@@ -243,7 +254,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     fflush(stdout);
 
     ret_status = LocalAttestationUntrusted::local_attestation_as_responder_msg2_msg3(e2_enclave_id,server_fd,&accept_fd);
-    if(ret_status<=0)
+    if(ret_status<0)
     {
       printf("local attestation - with the apache - did not successfully return: %x\n", ret_status); fflush(stdout);
       sgx_destroy_enclave(e2_enclave_id);
@@ -257,7 +268,7 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
       sgx_destroy_enclave(e2_enclave_id);
       return 0xFFFFFF01;
     }
-
+*/
     sgx_destroy_enclave(e2_enclave_id);
 
     return 0;

+ 8 - 4
App/LocalAttestationUntrusted.cpp

@@ -111,21 +111,21 @@ using namespace google::protobuf::io;
     uint32_t protobuf_sgx_ret;
     protobuf_sgx_dh_msg2_t protobuf_msg2;
     protobuf_sgx_dh_msg3_t protobuf_msg3;
-
+    printf("Writing message 1\n"); fflush(stdout);
     if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg1)!=0)
       return 0x1;
 
+    printf("Reading message 2\n"); fflush(stdout);
     if(read_protobuf_msg_from_fd(accept_fd, protobuf_msg2)!=0)
       return 0x2;
 
-    // TODO: Edit function signature in the definition: last argument read_or_write is used to control the flow of the untrusted program:
-    // no point in doing this as it is untrusted. Have an attribute in its class for it..
     protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &LocalAttestationUntrusted::session_id);
     if(protobuf_sgx_ret != 0)
     {
         printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
     }
 
+    printf("Writing message 3\n"); fflush(stdout); 
     if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg3)!=0)
       return 0x3;
     return 0;
@@ -285,7 +285,11 @@ using namespace google::protobuf::io;
           close(accept_fd);
           return 0xfe;
         }
-
+	uint8_t public_key[64];
+	Decryptor_get_short_term_public_key_wrapper(own_enclave_id, public_key); 
+	for(count=0;count<64;count++)
+		printf("%02x ",public_key[count]); 
+	printf("\n"); fflush(stdout);
 
   	  do {
       	internal_return_status = decrypt_client_data(own_enclave_id, accept_fd);

+ 3 - 2
App/protobufLAInitiator.cpp

@@ -17,7 +17,8 @@ int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& p
     return 0xffffffff;
 
   encode_msg1_to_protobuf(protobuf_msg1, &dh_msg1);
-  //print_initialized_msg1(protobuf_msg1, &dh_msg1);
+  printf("Generated the following Msg1: ------------- \n"); fflush(stdout); 
+  print_initialized_msg1(protobuf_msg1, &dh_msg1);
   return 0;
 }
 
@@ -37,7 +38,7 @@ int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
   // process msg2 and generate msg3
   Decryptor_exchange_report_wrapper(own_enclave_id, &ret_status, &dh_msg2, &dh_msg3, session_id);
   if(ret_status!=SGX_SUCCESS)
-    return -1;
+    return 0x35;
 
   // convert msg3 sgx_dh_msg3_t object to a protobuf msg3 object.
   encode_msg3_to_protobuf(protobuf_msg3, &dh_msg3);

+ 43 - 28
App/protobufSgxLATransformsInitiator.cpp

@@ -60,11 +60,11 @@ int decode_ec256_public_key_from_protobuf(protobuf_sgx_ec256_public_t* protobuf_
 		temp32 = protobuf_g_a->gx(counter);
 		if(fit_32_into_uint8_t(temp32, &(g_a->gx[counter]))!=0)
 		 return -1;
-    printf("%d ",g_a->gx[counter]);
+    printf("%02x ",g_a->gx[counter]);
 		temp32 = protobuf_g_a->gy(counter);
 		if(fit_32_into_uint8_t(temp32, &(g_a->gy[counter]))!=0)
 		 return -1;
-    printf("%d ",g_a->gy[counter]);
+    printf("%02x ",g_a->gy[counter]);
 	}
   return 0;
 }
@@ -89,16 +89,21 @@ int decode_attributes_from_protobuf(protobuf_sgx_attributes_t* protobuf_attribut
 // TODO: private
 void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_report_t* report)
 {
+	printf("message 3 ------------------------------------------------------------ \n"); fflush(stdout); 
 	int counter; google::protobuf::uint32 temp32;
+	printf("Key ID\n"); 
 	for(counter=0;counter<SGX_KEYID_SIZE;counter++)
 	{
 		temp32=report->key_id.id[counter];
+		printf("%02x ", temp32); 
 		protobuf_report->add_key_id(temp32);
 	}
 
+	printf("MAC\n"); 
 	for(counter=0;counter<SGX_MAC_SIZE;counter++)
 	{
 		temp32=report->mac[counter];
+                printf("%02x ", temp32); 
 		protobuf_report->add_mac(temp32);
 	}
 
@@ -137,21 +142,27 @@ void encode_report_to_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repor
 		protobuf_report->mutable_body()->add_reserved4(temp32);
  	}
 
+	printf("\n enclave measurement\n"); 
 	for(counter=0;counter<SGX_HASH_SIZE;counter++)
 	{
 		temp32=report->body.mr_enclave.m[counter];
+                printf("%02x ", temp32); 
 		protobuf_report->mutable_body()->add_mr_enclave(temp32);
  	}
 
+	printf("\n signer measurement\n"); 
 	for(counter=0;counter<SGX_HASH_SIZE;counter++)
 	{
 		temp32=report->body.mr_signer.m[counter];
+                printf("%02x ", temp32); 
 		protobuf_report->mutable_body()->add_mr_signer(temp32);
  	}
 
+	printf("\n report data\n");
 	for(counter=0;counter<SGX_REPORT_DATA_SIZE;counter++)
 	{
 		temp32=report->body.report_data.d[counter];
+                printf("%02x ", temp32); 
 		protobuf_report->mutable_body()->add_report_data(temp32);
  	}
 }
@@ -161,13 +172,13 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
 {
   int counter; google::protobuf::uint32 temp32;
 
-  printf("\nreport body keyid\n");
+  printf("\n decoding report body:\n keyid\n");
   for(counter=0;counter<SGX_KEYID_SIZE;counter++)
   {
     temp32=protobuf_report->key_id(counter);
     if(fit_32_into_uint8_t(temp32, &(report->key_id.id[counter]))!=0)
 		  return -1;
-    printf("%d ", report->key_id.id[counter]);
+    printf("%02x  ", report->key_id.id[counter]);
   }
 
   printf("\nreport mac\n");
@@ -176,19 +187,19 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mac(counter);
     if(fit_32_into_uint8_t(temp32, &(report->mac[counter]))!=0)
       return -1;
-    printf("%d ", report->mac[counter]);
+    printf("%02x  ", report->mac[counter]);
   }
 
   report->body.misc_select=protobuf_report->mutable_body()->misc_select(); // 32 bit
   temp32=protobuf_report->mutable_body()->isv_svn();
   if(fit_32_into_uint16_t(temp32, &(report->body.isv_svn))!=0)
    return -1;
-  printf("\nmisc select %d \n", report->body.misc_select);
+  printf("\nmisc select %02x \n", report->body.misc_select);
 
   temp32=protobuf_report->mutable_body()->isv_prod_id();
    if(fit_32_into_uint16_t(temp32, &(report->body.isv_prod_id))!=0)
     return -1;
-  printf("\nprod id %d \n", report->body.isv_prod_id);
+  printf("\nprod id %02x \n", report->body.isv_prod_id);
 
   decode_attributes_from_protobuf(protobuf_report->mutable_body()->mutable_attributes(), &(report->body.attributes));
 
@@ -198,17 +209,17 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->cpu_svn(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.cpu_svn.svn[counter]))!=0)
       return -1;
-    printf("%d ", report->body.cpu_svn.svn[counter]);
+    printf("%02x ", report->body.cpu_svn.svn[counter]);
 
   }
-
+/*
   printf("\n reserved1 \n");
   for(counter=0;counter<SGX_REPORT_BODY_RESERVED1;counter++)
   {
     temp32=protobuf_report->mutable_body()->reserved1(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.reserved1[counter]))!=0)
       return -1;
-    printf("%d ", report->body.reserved1[counter]);
+    printf("%02x  ", report->body.reserved1[counter]);
   }
 
   printf("\n reserved2 \n");
@@ -217,7 +228,7 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->reserved2(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.reserved2[counter]))!=0)
       return -1;
-    printf("%d ", report->body.reserved2[counter]);
+    printf("%02x  ", report->body.reserved2[counter]);
   }
 
   printf("\n reserved3 \n");
@@ -226,7 +237,7 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->reserved3(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.reserved3[counter]))!=0)
       return -1;
-    printf("%d ", report->body.reserved3[counter]);
+    printf("%02x  ", report->body.reserved3[counter]);
   }
 
   printf("\n reserved4 \n");
@@ -235,17 +246,17 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->reserved4(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.reserved4[counter]))!=0)
       return -1;
-    printf("%d ", report->body.reserved4[counter]);
+    printf("%02x  ", report->body.reserved4[counter]);
 
   }
-
+*/
   printf("\n mrenclave \n");
   for(counter=0;counter<SGX_HASH_SIZE;counter++)
   {
     temp32=protobuf_report->mutable_body()->mr_enclave(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.mr_enclave.m[counter]))!=0)
       return -1;
-    printf("%x ", report->body.mr_enclave.m[counter]);
+    printf("%02x ", report->body.mr_enclave.m[counter]);
   }
 
   printf("\n mrsigner \n");
@@ -254,7 +265,7 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->mr_signer(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.mr_signer.m[counter]))!=0)
       return -1;
-    printf("%x ", report->body.mr_signer.m[counter]);
+    printf("%02x ", report->body.mr_signer.m[counter]);
   }
 
   printf("\n report data\n");
@@ -263,7 +274,7 @@ int decode_report_from_protobuf(protobuf_sgx_report_t* protobuf_report, sgx_repo
     temp32=protobuf_report->mutable_body()->report_data(counter);
     if(fit_32_into_uint8_t(temp32, &(report->body.report_data.d[counter]))!=0)
       return -1;
-    printf("%d ", report->body.report_data.d[counter]);
+    printf("%02x  ", report->body.report_data.d[counter]);
   }
 	return 0;
 }
@@ -319,13 +330,14 @@ void encode_msg3_to_protobuf(protobuf_sgx_dh_msg3_t& protobuf_dhmsg3, sgx_dh_msg
 int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_msg2_t* native_dhmsg2)
 {
   int counter; google::protobuf::uint32 temp32; //google::protobuf::uint64 temp64;
+  printf("RECEIVED the following msg2\n"); fflush(stdout); 
   printf("\ncmac\n");
   for(counter=0;counter<SGX_DH_MAC_SIZE;counter++)
   {
     temp32=protobuf_dhmsg2.cmac(counter);
     if(fit_32_into_uint8_t(temp32, &(native_dhmsg2->cmac[counter]))!=0)
      return -1;
-    printf("%d ",native_dhmsg2->cmac[counter]);
+    printf("%02x  ",native_dhmsg2->cmac[counter]);
   }
 
   if(decode_ec256_public_key_from_protobuf(protobuf_dhmsg2.mutable_g_b(), &(native_dhmsg2->g_b)) !=0)
@@ -340,38 +352,40 @@ int decode_msg2_from_protobuf(protobuf_sgx_dh_msg2_t& protobuf_dhmsg2, sgx_dh_ms
 int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1_t* native_dhmsg1)
 {
    int counter;
+	printf("Printing msg1:\n");
 	 printf("gx\n");
    for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
    {
-      printf("%d ", protobuf_dhmsg1.g_a().gx(counter));
-      printf("%d ", native_dhmsg1->g_a.gx[counter]);
+      printf("%02x ", protobuf_dhmsg1.g_a().gx(counter));
+//      printf("%02x ", native_dhmsg1->g_a.gx[counter]);
    }
    printf("\ngy\n");
    for(counter=0;counter<SGX_ECP256_KEY_SIZE;counter++)
    {
-      printf("%d ", protobuf_dhmsg1.g_a().gy(counter));
-      printf("%d ", native_dhmsg1->g_a.gy[counter]);
+      printf("%02x ", protobuf_dhmsg1.g_a().gy(counter));
+//      printf("%02x ", native_dhmsg1->g_a.gy[counter]);
    }
 
-   printf("\nmrenclave in target\n");
+   printf("\nmrenclave for target\n");
    for(counter=0;counter<SGX_HASH_SIZE;counter++)
    {
-      printf("%" PRIu32 " ", protobuf_dhmsg1.target().mr_enclave(counter));
-      printf("%d ", native_dhmsg1->target.mr_enclave.m[counter]);
+      printf("%02x ", protobuf_dhmsg1.target().mr_enclave(counter));
+//      printf("%02x ", native_dhmsg1->target.mr_enclave.m[counter]);
 
    }
+   /*
    printf("\nreserved1 in target\n");
    for(counter=0;counter<SGX_TARGET_INFO_RESERVED1_BYTES;counter++)
    {
       printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved1(counter));
-      printf("%d ", native_dhmsg1->target.reserved1[counter]);
+      printf("%02x  ", native_dhmsg1->target.reserved1[counter]);
 
    }
    printf("\nreserved2 in target\n");
    for(counter=0;counter<SGX_TARGET_INFO_RESERVED2_BYTES;counter++)
    {
       printf("%" PRIu32 " ", protobuf_dhmsg1.target().reserved2(counter));
-      printf("%d ", native_dhmsg1->target.reserved2[counter]);
+      printf("%02x  ", native_dhmsg1->target.reserved2[counter]);
    }
 
    printf("\n %" PRIu64 "\n", native_dhmsg1->target.attributes.flags);
@@ -380,6 +394,7 @@ int print_initialized_msg1( protobuf_sgx_dh_msg1_t& protobuf_dhmsg1, sgx_dh_msg1
    printf("\n %" PRIu64 "\n", protobuf_dhmsg1.target().attributes().xfrm());
    printf("\n %" PRIu32 "\n", native_dhmsg1->target.misc_select);
    printf("\n %" PRIu32 "\n", protobuf_dhmsg1.target().misc_select());
-
+   */
+	fflush(stdout); 
 	return 0;
 }

+ 1 - 1
CommonOpensslCode/Openssl_crypto.cpp

@@ -388,7 +388,7 @@ int compute_ecdsa_signature(unsigned char* signature_data, uint32_t signature_da
 // plaintext in case of decryption, should always contain the actual ciphertext length, that is, minus the tag
 // ciphertext in case of encryption consists of ciphertext plus tag and op_ciphertext_len should similarly also consist of ciphertext_length plus 16.
 // Code adapted from here: https://wiki.openssl.org/index.php/EVP_Authenticated_Encryption_and_Decryption
-int aes_gcm_256(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, unsigned char* tag)
+int aes_gcm_128(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, unsigned char* tag)
 {
 	int len;
 	int ciphertext_len;

+ 22 - 16
Decryptor/Decryptor.cpp

@@ -57,8 +57,8 @@
     uint32_t counter;
     // create short-term ECDH key pair
     internal_return_status = hybridEncryptionBoxClient.generate_keypair();
-    if(internal_return_status == NULL)
-      return 0xff;
+    if(internal_return_status != 0)
+      return internal_return_status;
     hybridEncryptionBoxClient.get_public_key(token);
 
     // create token: concatenate short-term keypair with verifiers mrenclave.
@@ -89,11 +89,9 @@
   // EXTERNAL ECALL.
   uint32_t Decryptor::create_and_encrypt_mitigator_header_H(uint8_t* ciphertext_token_H_plus_tag)
   {
-    	uint32_t counter;
-    	uint8_t sign_data_and_sign[ECDH_PUBLIC_KEY_SIZE + 32 + 64 + 10];
-      uint8_t temp_tag[16];
-      uint32_t temp_ciphertext_token_H_length;
+      uint32_t temp_ciphertext_token_H_plus_tag_length;
     	uint32_t internal_return_status;
+        uint8_t plaintext_mitigator_header_H[ECDH_PUBLIC_KEY_SIZE + 32 + 64] = {0x42};
 
       if(successful_la_count != 2)
         return 0x33;
@@ -102,12 +100,7 @@
       if(internal_return_status != 0)
         return internal_return_status;
 
-      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_mitigator_header_H, ECDH_PUBLIC_KEY_SIZE + 32 + 64, ciphertext_token_H_plus_tag, &temp_ciphertext_token_H_length);
-      if(internal_return_status != 0)
-        return internal_return_status;
-
-      if(temp_ciphertext_token_H_length != 160)
-        return 0x45;
+      internal_return_status = symmetricEncryptionBoxApache.encrypt_decrypt(1, plaintext_mitigator_header_H, ECDH_PUBLIC_KEY_SIZE + 32 + 64, ciphertext_token_H_plus_tag, &temp_ciphertext_token_H_plus_tag_length);
     	return 0;
     }
 
@@ -142,6 +135,15 @@
     return internal_return_status;
   }
 
+  void Decryptor::testing_long_term_verification_key(uint8_t* output)
+  {
+	uint8_t keypair[ECDH_PUBLIC_KEY_SIZE + ECDH_PRIVATE_KEY_SIZE];
+	uint32_t counter; 
+	signatureBox.get_keypair(keypair); 
+	for(counter=0;counter<ECDH_PUBLIC_KEY_SIZE; counter++)
+		output[counter]=keypair[ECDH_PRIVATE_KEY_SIZE+counter]; 
+  }
+
   // EXTERNAL. DONE.
   uint32_t Decryptor::create_and_seal_long_term_signing_key_pair(uint32_t* sealed_data_length, uint8_t* sealed_data)
   {
@@ -214,7 +216,7 @@
 
   uint32_t Decryptor::process_verifiers_message(uint8_t* input_ciphertext_plus_tag)
   {
-        uint8_t *first_decryption_output;
+        uint8_t first_decryption_output[48];
         uint32_t first_decryption_output_length;
         uint32_t  internal_return_status;
         uint32_t counter;
@@ -223,8 +225,8 @@
 
         internal_return_status = symmetricEncryptionBoxVerifier.encrypt_decrypt(0, input_ciphertext_plus_tag, 32, first_decryption_output, &first_decryption_output_length);
         if(internal_return_status != 0)
-          return internal_return_status;
-
+	  return internal_return_status;
+	
         if(first_decryption_output_length != 32) 
           return 0x33;
         
@@ -294,7 +296,7 @@
 }
 
 
-	void Decryptor::get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
+	void Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output)
 	{
 		uint32_t counter;
 		for(counter=0; counter<32;counter++)
@@ -303,3 +305,7 @@
 			output[counter+32]=apache_mr_signer[counter];
 		}
 	}
+        void Decryptor::testing_get_short_term_public_key(uint8_t* output)
+	{
+		hybridEncryptionBoxClient.get_public_key(output); 
+	}

+ 2 - 0
Decryptor/Decryptor.edl

@@ -47,6 +47,8 @@ enclave {
       public uint32_t process_apache_message_generate_response_wrapper([in, size=256] uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, [out, size=256] uint8_t* output_ciphertext, [out,size=4] uint32_t* output_ciphertext_plus_tag_length);
       public uint32_t process_verifiers_message_wrapper([in, size=48] uint8_t* input_ciphertext);
       public        void get_verifier_mrenclave_apache_mrsigner_wrapper([out, size=64] uint8_t* output);
+	public void get_short_term_public_key_wrapper([out, size=64] uint8_t* output); 
+  	public void get_long_term_verification_key_wrapper([out, size=64] uint8_t* output);
 
     };
   };

+ 3 - 1
Decryptor/Decryptor.h

@@ -25,7 +25,9 @@ class Decryptor {
     static uint32_t decrypt_verifiers_message_set_apache_mrsigner(uint8_t* ciphertext_plus_tag);
     static uint32_t process_apache_message_generate_response(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
     static uint32_t process_verifiers_message(uint8_t* input_ciphertext);
-	static  void get_verifier_mrenclave_apache_mrsigner(uint8_t* output); 
+	static  void testing_get_verifier_mrenclave_apache_mrsigner(uint8_t* output); 
+	static void testing_get_short_term_public_key(uint8_t* output); 
+  static void testing_long_term_verification_key(uint8_t* output); 
 
   };
 

+ 11 - 1
Decryptor/DecryptorWrapper.cpp

@@ -34,5 +34,15 @@ uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_d
 
 void get_verifier_mrenclave_apache_mrsigner_wrapper(uint8_t* output)
 {
-	return Decryptor::get_verifier_mrenclave_apache_mrsigner(output);
+	Decryptor::testing_get_verifier_mrenclave_apache_mrsigner(output);
+}
+
+void get_short_term_public_key_wrapper(uint8_t* output)
+{
+	Decryptor::testing_get_short_term_public_key(output);
+}
+
+void get_long_term_verification_key_wrapper(uint8_t* output)
+{
+	Decryptor::testing_long_term_verification_key(output);
 }

+ 7 - 3
Decryptor/HybridEncryptionBox.cpp

@@ -3,10 +3,14 @@
 
 unsigned int long HybridEncryptionBox::initialize_symmetric_key(uint8_t* given_public_key)
     {
-	uint8_t symmetric_key[32]; 
+	uint8_t symmetric_key[32]; // underlying crypto was set to return 32 bytes. just trimming it to return 16 instead (so that the same symmetricencryptiobox primitive works for both encryption between enclaves and between decryptor and client 
 	uint8_t private_key[32]; 
 	get_private_key(private_key); 
-	get_symmetric_key(symmetric_key); 
-	return compute_ecdh_shared_key(given_public_key, given_public_key + ECDH_PUBLIC_KEY_SIZE/2, private_key, symmetric_key);
+	unsigned long ret_value= compute_ecdh_shared_key(given_public_key, given_public_key + ECDH_PUBLIC_KEY_SIZE/2, private_key, symmetric_key);
+	if(ret_value==0)
+	{
+		set_symmetric_key(symmetric_key); // JUST SETS 1ST 16 BYTES. 
+	}
+	return ret_value;
     }
 

+ 3 - 3
Decryptor/SymmetricEncryptionBox.cpp

@@ -43,12 +43,12 @@
 		for(counter=0;counter<16;counter++)
 			tag[counter] = plaintext[counter + plaintext_length]; 
 	}
-    uint32_t return_status = aes_gcm_256(enc, symmetric_key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
+    uint32_t return_status = aes_gcm_128(enc, symmetric_key, iv, plaintext, plaintext_length, ciphertext, ciphertext_length, tag);
 	if(enc == 1)
 	{
 		for(counter=0;counter<16;counter++)
-			ciphertext[counter] = tag[counter];
-		ciphertext_length+=16;
+			ciphertext[counter + *ciphertext_length] = tag[counter];
+		*ciphertext_length=*ciphertext_length + 16;
 	}
     if(return_status == 0)
       aes_gcm_increment_iv_internal_call(iv);

+ 1 - 0
Include/DecryptorWrapper.h

@@ -4,3 +4,4 @@ uint32_t create_and_seal_long_term_signing_key_pair_wrapper(uint32_t* sealed_dat
 uint32_t unseal_and_restore_long_term_signing_key_pair_wrapper(uint8_t* sealed_data, uint32_t* sgx_sealed_data_length);
 uint32_t process_apache_message_generate_response_wrapper(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length, uint8_t* output_ciphertext, uint32_t* output_ciphertext_plus_tag_length);
 uint32_t process_verifiers_message(uint8_t* input_ciphertext, uint32_t input_ciphertext_plus_tag_length);
+void get_short_term_public_key_wrapper(uint8_t* output); 

+ 1 - 1
Include/Openssl_crypto.h

@@ -4,6 +4,6 @@ int ecdh_key_gen(unsigned char* pub_key_x, unsigned char* pub_key_y, unsigned ch
 unsigned long check_ecdh_public_key(unsigned char* given_key_x, unsigned char* given_key_y);
 unsigned long compute_ecdh_shared_key(unsigned char* given_key_x, unsigned char* given_key_y, unsigned char* priv_key, unsigned char* derived_key);
 int generate_sha256_hash(const unsigned char *message, size_t message_len, unsigned char *digest);
-int aes_gcm_256(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, uint8_t* tag);
+int aes_gcm_128(int enc, unsigned char *key, unsigned char *iv, unsigned char* plaintext, uint32_t plaintext_len, unsigned char *ciphertext,  uint32_t* op_ciphertext_len, uint8_t* tag);
 int base64_decoding_wrapper(unsigned char* src, unsigned char* dest, uint32_t length);
 int compute_ecdsa_signature(unsigned char* signature_data, uint32_t signature_data_length, unsigned char* own_private_key, unsigned char* signature); 

+ 1 - 1
Makefile

@@ -167,7 +167,7 @@ Enclave_Compile_Flags += $(Enclave_Include_Paths)
 # Otherwise, you may get some undesirable errors.
 Common_Enclave_Link_Flags := $(SGX_COMMON_CFLAGS) -Wl,--no-undefined -nostdlib -nodefaultlibs -nostartfiles \
         -Wl,--whole-archive -L$(OPENSSL_LIBRARY_PATH) -lsgx_tsgxssl -Wl,--no-whole-archive -lsgx_tsgxssl_crypto \
-	-Wl,--verbose -Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
+	-Wl,--whole-archive -l$(Trts_Library_Name) -Wl,--no-whole-archive \
 	-Wl,--start-group -L$(SGX_LIBRARY_PATH) -L. -L./Decryptor -L./LocalAttestationCode -lsgx_tstdc -lsgx_tcxx -l$(Crypto_Library_Name) -l$(Service_Library_Name) -Wl,--end-group \
 	-Wl,-Bstatic -Wl,-Bsymbolic  \
 	-Wl,-pie,-eenclave_entry -Wl,--export-dynamic \