Post LA encryption works

App/App.cpp

@@ -258,10 +258,72 @@ int main(__attribute__((unused)) int argc, __attribute__((unused)) char* argv[])
     if(ret_status!=0)
     {
         printf("local attestation - with the verifier - did not successfully return: %x\n", ret_status); fflush(stdout);     sgx_destroy_enclave(e2_enclave_id);
-return 0xFFFFFFFF;
-
+        return 0xFFFFFFFF;
     }
-
+/*	uint8_t ciphertext[32]; uint8_t plaintext[32]; 
+Decryptor_test_encrypt_decrypt(e2_enclave_id, &ret_status, ciphertext, plaintext); 
+if(ret_status!=0)
+	{
+		printf("encryption/decryption failed\n"); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); 
+		return 0xFFFFFFFF;
+	}
+else {
+	printf("received ciphertext: \n"); fflush(stdout); 
+	uint32_t count;
+	for(count=0;count<32;count++) 
+		printf("0x%x ",ciphertext[count]);
+	printf("\n"); fflush(stdout); 
+        printf("received plaintext: \n"); fflush(stdout); 
+        for(count=0;count<32;count++) 
+                printf("0x%x ",plaintext[count]);
+        printf("\n"); fflush(stdout); 
+}
+*/
+/*
+    uint32_t plaintext_length=32;
+    uint8_t plaintext[32]={0x42}; uint8_t ciphertext[48]={0}; uint8_t payload_tag[16]={0}; uint32_t active_counter;
+    uint32_t count;
+    //Allocate memory for the AES-GCM request message
+    secure_message_t* req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ plaintext_length); // WTF is this even - what happens to padding? 
+    memset(req_message,0,sizeof(secure_message_t)+ plaintext_length);
+    req_message->message_aes_gcm_data.payload_size = plaintext_length;
+    
+    Decryptor_encrypt(e2_enclave_id, &ret_status, &plaintext[0], plaintext_length, payload_tag, &ciphertext[0], &active_counter); 
+    if(ret_status!=0)
+    {
+	printf("error in encryption: 0x%x\n", ret_status); fflush(stdout); sgx_destroy_enclave(e2_enclave_id); 
+	return 0xFFFFFFFF;
+    }
+    printf("Successful encryption\n"); fflush(stdout); 
+    printf("Plaintext: \n"); fflush(stdout); 
+    for(count=0;count<32; count++)
+        printf("0x%02x ", plaintext[count]); 
+    printf("\n");fflush(stdout); 
+
+	printf("Counter: 0x%x\n", ret_status);
+	printf("Payload Tag: \n"); 
+    for(count=0;count<16; count++)
+        printf("0x%02x ", payload_tag[count]); 
+    printf("\n");fflush(stdout); 
+
+
+    for(count=0;count<48; count++)
+ 	printf("0x%02x ", ciphertext[count]); 
+    printf("\n");fflush(stdout); 
+	uint8_t expected_plaintext[32]; 
+    Decryptor_decrypt(e2_enclave_id, &ret_status, ciphertext, 48, payload_tag, expected_plaintext, plaintext_length); 
+	if(ret_status == 0)
+	{
+    printf("Successful decryption\n"); fflush(stdout); 
+    for(count=0;count<32; count++)
+        printf("0x%02x ", expected_plaintext[count]); 
+    printf("\n");fflush(stdout); 
+	printf("Expected payload :\n");
+    for(count=0;count<16;count++)
+	printf("0x%02x ", payload_tag[count]);
+    printf("\n"); fflush(stdout); 
+	}
+	printf("Decryption return code:0x%x\n", ret_status);*/
 /*
     // LA with the apache - currently set to return failure - should change it to success when the code to send the mrsigner from the verifier to the decryptor is added- TODO: <--- that 
     ret_status=local_attestation_initiator(3826, e2_enclave_id); // TODO: Change port or sth

App/protobufLAInitiator.cpp

@@ -24,7 +24,7 @@ int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& p
   return 0;
 }
 
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id)
+int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id, uint8_t* read)
 {
   uint32_t ret_status;
   sgx_dh_msg2_t dh_msg2;            //Diffie-Hellman Message 2
@@ -38,7 +38,7 @@ int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
     return -1;
   printf("Done reading and decoding msg2\n");
   // process msg2 and generate msg3
-  Decryptor_exchange_report(own_enclave_id, &ret_status, &dh_msg2, &dh_msg3, session_id);
+  Decryptor_exchange_report(own_enclave_id, &ret_status, &dh_msg2, &dh_msg3, session_id, read);
   if(ret_status!=SGX_SUCCESS)
   {
     fflush(stdout);
@@ -52,3 +52,35 @@ int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id,
   fflush(stdout);
   return 0;
 }
+
+int decrypt_wrapper(uint32_t own_enclave_id, uint8_t* ciphertext, uint32_t ciphertext_len,  uint8_t* tag , uint8_t* plaintext)
+{
+	uint32_t ret_status;	
+        printf("received tag: \n"); fflush(stdout); 
+        uint32_t count;
+        for(count=0;count<16;count++) 
+                printf("0x%02x ",tag[count]);
+        printf("\n"); fflush(stdout); 
+        for(count=0;count<ciphertext_len;count++) 
+                printf("0x%02x ",ciphertext[count]);
+        printf("\n"); fflush(stdout); 
+	Decryptor_decrypt(own_enclave_id, &ret_status, ciphertext, ciphertext_len, tag, plaintext); 
+	if(ret_status!=0)
+        {
+                printf("encryption/decryption failed\n"); fflush(stdout); 
+        //        return ret_status;
+        }
+//	else {
+        printf("received ciphertext: \n"); fflush(stdout); 
+//        uint32_t count;
+        for(count=0;count<32;count++) 
+                printf("0x%x ",ciphertext[count]);
+        printf("\n"); fflush(stdout); 
+        printf("received plaintext: \n"); fflush(stdout); 
+        for(count=0;count<32;count++) 
+                printf("0x%x ",plaintext[count]);
+        printf("\n"); fflush(stdout); 
+//	}
+
+	return ret_status;
+}

App/systemLA.cpp

@@ -104,13 +104,14 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
   protobuf_sgx_dh_msg1_t protobuf_msg1;
   protobuf_sgx_dh_msg2_t protobuf_msg2;
   protobuf_sgx_dh_msg3_t protobuf_msg3;
-  uint32_t protobuf_sgx_ret;
+  uint32_t protobuf_sgx_ret; uint32_t sgx_ret;
 
   // For socket to listen to the Apache enclave.
   int server_fd=0; int accept_fd = 0;
   struct sockaddr_in own_addr;
   struct sockaddr_storage apache_addr; socklen_t apache_addr_size = sizeof(apache_addr);
-  uint32_t session_id; 
+  uint32_t session_id;  uint8_t read_or_write;
+  size_t bytes_read_post_la; uint8_t encrypted_apache_mrsigner_and_tag[48];  uint8_t plaintext[32];
   //  int counter;
   server_fd=set_up_socket(port, &own_addr);
   if(server_fd==-1)
@@ -139,7 +140,7 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
   if(read_protobuf_msg_from_fd(accept_fd, protobuf_msg2)!=0)
     return -1;
 
-  protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &session_id);
+  protobuf_sgx_ret = process_protobuf_dh_msg2_generate_protobuf_dh_msg3(own_enclave_id, protobuf_msg2, protobuf_msg3, &session_id, &read_or_write);
   if(protobuf_sgx_ret != 0)
   {
       printf("Error in generate_protobuf_dh_msg2: 0x%x", protobuf_sgx_ret); fflush(stdout); return protobuf_sgx_ret;
@@ -147,8 +148,31 @@ int local_attestation_initiator(int port, uint32_t own_enclave_id)
 
   if(write_protobuf_msg_to_fd(accept_fd, protobuf_msg3)!=0)
     return -1;
+  if(read_or_write)
+  {  
+  bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag, 32); 
+  if(bytes_read_post_la!=32)
+  {
+       printf("Not all of the encrypted apache's mrsigner was read from the verifier.\n"); fflush(stdout); return 0xfe;
+  }
+  bytes_read_post_la=read(accept_fd, encrypted_apache_mrsigner_and_tag+32, 16);
+  if(bytes_read_post_la!=16)
+  {
+       printf("Not all of the encrypted apache's mrsigner **tag** was read from the verifier.\n"); fflush(stdout); return 0xfe;
+  }uint32_t count;
+  for(count=0;count<48;count++)
+	printf("0x%02x ", encrypted_apache_mrsigner_and_tag[count]);
+  printf("\n");fflush(stdout); 
+  sgx_ret=decrypt_wrapper(own_enclave_id, encrypted_apache_mrsigner_and_tag, 32, encrypted_apache_mrsigner_and_tag+32 , plaintext); 
+  if(sgx_ret!=0)
+  {
+	printf("Error in decryption: 0x%x\n", sgx_ret); fflush(stdout); return sgx_ret; 
+  }
+  printf("Successful decryption\n"); fflush(stdout); 
+  }
 
-	printf("Successfully done Local attestation\n");
-	fflush(stdout);
-	return 0;
+        printf("Successfully done Local attestation\n");
+        fflush(stdout);
+        return 0;
+      
 }

Decryptor/Decryptor.config.xml

@@ -2,7 +2,7 @@
   <ProdID>0</ProdID> 
   <ISVSVN>0</ISVSVN> 
   <StackMaxSize>0x40000</StackMaxSize> 
-  <HeapMaxSize>0x100000</HeapMaxSize> 
+  <HeapMaxSize>0x108000</HeapMaxSize> 
   <TCSNum>1</TCSNum> 
   <TCSPolicy>1</TCSPolicy>
   <!-- Recommend changing 'DisableDebug' to 1 to make the enclave undebuggable for enclave release -->

Include/protobufLAInitiator.h

@@ -1,2 +1,4 @@
-int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id);
+int process_protobuf_dh_msg2_generate_protobuf_dh_msg3(uint32_t own_enclave_id, protobuf_sgx_dh_msg2_t& protobuf_msg2, protobuf_sgx_dh_msg3_t& protobuf_msg3, uint32_t* session_id, uint8_t* read);
 int generate_protobuf_dh_msg1(uint32_t own_enclave_id, protobuf_sgx_dh_msg1_t& protobuf_msg1, uint32_t* session_id);
+int decrypt_wrapper(uint32_t own_enclave_id, uint8_t* ciphertext, uint32_t ciphertext_len, uint8_t* tag, uint8_t* plaintext); 
+

LocalAttestationCode/EnclaveMessageExchange.cpp

@@ -129,7 +129,7 @@ ATTESTATION_STATUS session_request(sgx_dh_msg1_t *dh_msg1,
 ATTESTATION_STATUS exchange_report(
                           sgx_dh_msg2_t *dh_msg2,
                           sgx_dh_msg3_t *dh_msg3,
-                          uint32_t* session_id)
+                          uint32_t* session_id, uint8_t* read)
 {
 
     sgx_key_128bit_t dh_aek;   // Session key
@@ -175,7 +175,7 @@ ATTESTATION_STATUS exchange_report(
         //Verify source enclave's trust
 	if(one_la_done == 0) 
 	{
-		one_la_done = 1;
+		one_la_done = 1; *read=1;
 	        uint32_t ret = verify_peer_enclave_trust(&initiator_identity, NULL);
 	        if(ret != SUCCESS)
         	{
@@ -186,7 +186,7 @@ ATTESTATION_STATUS exchange_report(
 	} 
 	else 
 	{
-		return 0xFFFFFFFF;
+		one_la_done=0; return 0xFFFFFFFF;
 		/*
 		uint32_t ret = verify_peer_enclave_trust(&initiator_identity, &apache_mrsigner);
                 if(ret != SUCCESS)
@@ -203,12 +203,127 @@ ATTESTATION_STATUS exchange_report(
         global_session_info.active.counter = 0;
         memcpy(&global_session_info.active.AEK, &dh_aek, sizeof(sgx_key_128bit_t));
         memset(&dh_aek,0, sizeof(sgx_key_128bit_t));
+
         //g_session_count++;*/
 //    }while(0);
 
     return status;
 }
 
+ATTESTATION_STATUS encrypt(__attribute__((unused)) uint8_t *plaintext, __attribute__((unused)) size_t plaintext_length, __attribute__((unused)) uint8_t* payload_tag, __attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) uint32_t* active_counter)
+{
+//	return 0;
+
+    sgx_status_t status; 
+    if(plaintext == NULL)
+    {
+        return INVALID_PARAMETER_ERROR;
+    }
+    //Check if the nonce for the session has not exceeded 2^32-2 if so end session and start a new session
+    if(global_session_info.active.counter == ((uint32_t) - 2))
+    {	return 0xFF; // TODO: DO something here. 
+//        close_session(src_enclave_id);
+//        create_session(src_enclave_id, session_info);
+    }
+//return plaintext_length ; 
+    uint32_t count;
+    uint8_t* temp_plaintext = (uint8_t*) malloc(plaintext_length); 
+    for(count=0; count<plaintext_length; count++)
+	*(temp_plaintext+count)=*(plaintext+count); 
+
+    secure_message_t* temp_req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ plaintext_length); // WTF is this even - what happens to padding? 
+    memset(temp_req_message,0,sizeof(secure_message_t)+ plaintext_length);
+
+    //Use the session nonce as the payload IV
+//    memcpy(req_message->message_aes_gcm_data.reserved,&global_session_info.active.counter,sizeof(global_session_info.active.counter));
+//	*active_counter=global_session_info.active.counter;
+    memcpy(temp_req_message->message_aes_gcm_data.reserved,&global_session_info.active.counter,sizeof(global_session_info.active.counter));
+
+    //Set the session ID of the message to the current session id
+//    req_message->session_id = global_session_info.session_id;
+
+    uint32_t temp_plaintext_length = plaintext_length;
+	uint8_t* shared_key = (uint8_t*)malloc(16); // 128 bit aes key
+	for(count=0;count<16;count++)
+		*(shared_key+count)=global_session_info.active.AEK[count]; 
+//     return 0; 
+    //Prepare the request message with the encrypted payload
+    status = 
+sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*)shared_key, temp_plaintext, temp_plaintext_length,
+                reinterpret_cast<uint8_t *>(&(temp_req_message->message_aes_gcm_data.payload)),
+                reinterpret_cast<uint8_t *>(&(temp_req_message->message_aes_gcm_data.reserved)),
+                0xc, NULL, 0, 
+                &(temp_req_message->message_aes_gcm_data.payload_tag));
+
+    for(count=0;count<48;count++)
+	*(ciphertext+count) = temp_req_message->message_aes_gcm_data.payload[count];
+
+    // tag length is 16 as per sgx_tseal.h 
+    for(count=0;count<16;count++)
+        *(payload_tag+count) = temp_req_message->message_aes_gcm_data.payload_tag[count];
+
+	// TODO: Should this depend on whether the call has been successful or not? 
+        //Update the value of the session nonce in the source enclave
+//	global_session_info.active.counter +=1; // TODO: Activate this again. 
+
+free(shared_key); free(temp_plaintext); free(temp_req_message); 
+    return status;
+//return global_session_info.active.counter-1; 
+
+}
+/*
+uint32_t decrypt(__attribute__((unused)) uint8_t* ciphertext, __attribute__((unused)) size_t ciphertext_length, __attribute__((unused)) uint8_t* payload_tag,  __attribute__((unused)) uint8_t* plaintext, __attribute__((unused)) size_t plaintext_length)
+{
+        uint32_t count; sgx_status_t status;
+        uint8_t* shared_key = (uint8_t*)malloc(16); // 128 bit aes key
+    secure_message_t* temp_req_message = (secure_message_t*)malloc(sizeof(secure_message_t)+ plaintext_length); // WTF is this even - what happens to padding? 
+    memset(temp_req_message,0,sizeof(secure_message_t)+ plaintext_length);
+
+
+
+        for(count=0;count<16;count++)
+                *(shared_key+count)=global_session_info.active.AEK[count]; 
+
+	uint8_t* temp_ciphertext = (uint8_t*) malloc(ciphertext_length); 
+    for(count=0; count<ciphertext_length; count++)
+        *(temp_ciphertext+count)=*(ciphertext+count); 
+
+	uint8_t* temp_plaintext = (uint8_t*) malloc(plaintext_length); 
+	memset(temp_plaintext, 0, plaintext_length); 
+
+
+//	uint8_t temp_payload_tag[16];// = (uint8_t*) malloc(16); 
+//	for(count=0; count<16; count++)
+//		*(temp_payload_tag+count)=*(payload_tag+count); 
+
+//	const uint8_t expected_payload_tag[16]; // = (uint8_t*) malloc(16); 
+	uint8_t* iv = (uint8_t*) malloc(12); 
+	memset(iv, 0, 12); 
+	memcpy(iv, &global_session_info.active.counter, sizeof(uint32_t));
+
+    //Decrypt the response message payload
+//    status = sgx_rijndael128GCM_decrypt(&global_session_info.active.AEK, resp_message->message_aes_gcm_data.payload, resp_message->message_aes_gcm_data.payload_size, pl$reinterpret_cast<uint8_t *>(&(resp_message->message_aes_gcm_data.reserved)), sizeof(resp_message->message_aes_gcm_data.reserved), NULL, 0, &resp_message$
+status = sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*)  shared_key, temp_ciphertext, ciphertext_length, 
+temp_plaintext, iv, 0xc, NULL, 0, &(temp_req_message->message_aes_gcm_data.payload_tag));
+	for(count=0;count<16; count++) 
+	{
+//		if(temp_req_message->message_aes_gcm_data.payload_tag[count] != *(payload_tag+count))
+//			return 0x2;
+		*(payload_tag+count)=temp_req_message->message_aes_gcm_data.payload_tag[count]; 
+	}
+ 
+//	for(count=0; count<plaintext_length; count++)
+//		*(plaintext+count)=*(temp_plaintext+count); 
+//
+	free(shared_key); free(temp_ciphertext); free(temp_plaintext); // free(temp_payload_tag); 
+       return status;
+
+
+ return 0;
+}
+*/
+
+
 uint32_t create_ecdsa_key_pair(sgx_ec256_public_t* pub_key, sgx_ec256_private_t* priv_key)
 {
   sgx_status_t se_ret; sgx_status_t se_ret2;
@@ -460,3 +575,62 @@ ATTESTATION_STATUS generate_session_id(uint32_t *session_id)
   // *session_id=++global_session_id;
 //}
 
+
+uint32_t decrypt(uint8_t* ip_ciphertext, uint32_t ciphertext_len, uint8_t* ip_tag, uint8_t* op_plaintext)
+{
+	uint32_t return_status2; uint32_t count;
+//	unsigned char key[16]; uint32_t count;
+	unsigned char key[16]; 
+	// copying key to within the enclave as apparently it can't operate on it // TODO: Check if it works now. 
+	for(count=0;count<16;count++)
+		key[count]=global_session_info.active.AEK[count]; 
+
+	// copying ciphertext to within the enclave (otherwise it crashes with NOT enclave signal)
+	uint8_t* ciphertext = (uint8_t*) malloc(ciphertext_len); 
+	for(count=0;count<ciphertext_len;count++)
+		*(ciphertext+count)=*(ip_ciphertext+count); 
+
+	uint8_t* tag = (uint8_t*) malloc(16); 
+	for(count=0;count<16;count++)
+		*(tag+count)=*(ip_tag+count);
+
+	uint8_t* plaintext = (uint8_t*) malloc(ciphertext_len);
+//	uint8_t encryption_tag[16]; uint8_t decryption_tag[16]; 
+
+//	int ciphertext_len=48; int plaintext_len=32;
+	uint8_t iv[12]; 
+	// memset(ciphertext, 0, 48); memset(expected_plaintext, 0, 48); 
+	memset(iv, 0, 12);  //memcpy(iv, &global_session_info.active.counter, 4); 
+	return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, ciphertext_len, plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)tag);
+/*
+	// memset(expected_plaintext, 0, 32); memset(encryption_tag, 0, 16); memset(decryption_tag, 0, 16); 
+	return_status=sgx_rijndael128GCM_encrypt((sgx_key_128bit_t*) key, hash, 32, ciphertext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
+	for(count=0;count<32;count++)
+		*(op_ciphertext+count)=ciphertext[count]; 
+
+	if(return_status == 0)
+return_status2=sgx_rijndael128GCM_decrypt((sgx_key_128bit_t*) key, ciphertext, 32, expected_plaintext, iv, 0xc, NULL, 0, (sgx_aes_gcm_128bit_tag_t*)encryption_tag);
+	else
+		return 0xffffffff;*/
+	for(count=0;count<ciphertext_len;count++)
+		*(op_plaintext+count)=plaintext[count]; 
+
+	return return_status2; 
+}
+
+uint32_t encrypt()
+{
+
+
+
+return 0; 
+
+
+
+
+}
+
+
+
+
+

LocalAttestationCode/EnclaveMessageExchange.h

@@ -43,9 +43,9 @@
 extern "C" {
 #endif
 
-uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
-uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
-uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
+//uint32_t SGXAPI create_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info);
+//uint32_t SGXAPI send_request_receive_response(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id, dh_session_t *p_session_info, char *inp_buff, size_t inp_buff_len, size_t max_out_buff_size, char **out_buff, size_t* out_buff_len);
+//uint32_t SGXAPI close_session(sgx_enclave_id_t src_enclave_id, sgx_enclave_id_t dest_enclave_id);
 
 #ifdef __cplusplus
 }

LocalAttestationCode/LocalAttestationCode.edl

@@ -34,19 +34,21 @@ enclave  {
     include "datatypes.h"
 //    include "sgx_tcrypto.h" // For some reason, this is not being detected - macros are not being resolved!
     #define SEALED_SIZE 768  // 656 // =0x300 (0x290 is the size of the sealed message when both the public(0x40) and private key(0x20) are included) 
+// TODO: refine this to avoid crashes 
+    #define MAX_POST_LA_MSG_SIZE 32 // 32 bytes for the mrsigner from the verifier that will be sent to the apache enclave BUT possibly much more for decrypted content
     include "../Include/dh_session_protocol.h"
     trusted{
         public uint32_t session_request([out] sgx_dh_msg1_t *dh_msg1, [out] uint32_t *session_id);
-        public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id);
+        public uint32_t exchange_report([in] sgx_dh_msg2_t *dh_msg2, [out] sgx_dh_msg3_t *dh_msg3, [in] uint32_t *session_id, [out] uint8_t* read);
         public uint32_t create_and_seal_ecdsa_signing_key_pair([out]sgx_ec256_public_t* pub_key, [in] uint32_t* sealed_data_length, [out, size=SEALED_SIZE] uint8_t* sealed_data);
         public uint32_t unseal_and_restore_sealed_signing_key_pair([out] sgx_ec256_public_t* pub_key, [in, size=SEALED_SIZE] uint8_t* sealed_data, [in] size_t* sealed_data_length);
-//        uint32_t create_ecdsa_key_pair([out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key);
-//void serialize_key_pair_to_string([in] sgx_ec256_public_t* pub_key, [in] sgx_ec256_private_t* signing_priv_key, [out, size=96] uint8_t* private_public_key_string);
-//        void deserialize_string_to_key_pair([in, size=96] uint8_t* private_public_key_string, [out] sgx_ec256_public_t* pub_key, [out] sgx_ec256_private_t* priv_key); 
         public uint32_t end_session();
-        public uint32_t calculate_sealed_data_size(uint32_t input_size); //, [out] uint32_t *opsize);
+        public uint32_t calculate_sealed_data_size(uint32_t input_size); 
 public uint32_t create_and_sign_client_side_pub_key([in] sgx_measurement_t* mr_enclave, [out] sgx_ec256_public_t* generated_pub_key, [out] sgx_ec256_signature_t* generated_signature);
-
+//public uint32_t decrypt([in, size=48] uint8_t* ciphertext, [in, size=16] uint8_t* payload_tag, [out, size=MAX_POST_LA_MSG_SIZE] uint8_t* plaintext); 
+//public uint32_t encrypt([in, size=MAX_POST_LA_MSG_SIZE] uint8_t *plaintext, size_t plaintext_length, [out,size=16] uint8_t* payload_tag, [out, size=48] uint8_t* ciphertext, [out] uint32_t* counter);
+//public uint32_t decrypt([in, size=48] uint8_t* ciphertext, size_t ciphertext_length, [out, size=16] uint8_t* payload_tag, [out, size=MAX_POST_LA_MSG_SIZE] uint8_t* plaintext, size_t plaintext_length);
+public uint32_t decrypt([in, size=32] uint8_t* ip_ciphertext, uint32_t ciphertext_len  , [in,size=16] uint8_t* ip_tag , [out, size=32] uint8_t* op_plaintext );
     };
     untrusted{
     };

Makefile

@@ -31,7 +31,7 @@
 
 ######## SGX SDK Settings ########
 
-SGX_SDK ?= /opt/intel/sgxsdk #/home/m2mazmud/sgx2.1_original/sgxsdk
+SGX_SDK := /home/m2mazmud/sgx2.1/sgxsdk
 SGX_MODE := HW
 SGX_ARCH := x64
 SGX_DEBUG := 1