sgx_rijndael128GCM_encrypt does not encrypt

[ZiiDev]

I am trying to use sgx_rijndael128GCM_encrypt to encrypt some data but the buffer remains empty. I dont know why or what i am doing wrong. This is the code I am using, if there is any errors please mention them. As far as I think, there will be some changes in line 2, where i am calculating aesgcm_len or maybe i am using the wrong key. But if the key is wrong then it should show some errors. Please guide me. Thank you in advance ` uint8_t plaintext = (uint8_t )item->certificate;

size_t aesgcm_len =4 + ((((double)sizee)/16))*16 +16;

item->encrypteee = (uint8_t*)malloc(aesgcm_len);

sgx_aes_gcm_128bit_tag_t mac;

const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };

//sgx_read_rand((unsigned char *) &aes_key, sizeof(sgx_aes_gcm_128bit_key_t));

uint8_t iv[12];

memset(iv,0,12);

((int*)item->encrypteee)[0]=sizee;

sgx_status_t res;

res= sgx_rijndael128GCM_encrypt(&aes_key, plaintext, sizee, (uint8_t*)item->encrypteee+4,iv,12 ,NULL,0,&mac);

if (res != SGX_SUCCESS) {

//printf("encryption error");

free(wallet);

return ERR_FAIL_UNSEAL;

}

`

[ZiiDev]

even tried this solution but segmentaion fault occurs at sgx_rijndael128GCM_encrypt function. I dont know why? is there any explanation. Please guide me. ` uint8_t bout; //item->encrypteee = (uint8_t)malloc(aesgcm_len); uint32_t boutlen = *(&bout +1)-bout; //uint32_t boutlen = sizeof(item->encrypteee); uint32_t aes128gcm_ciphertext_size = SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE + sizee; if(boutlen < aes128gcm_ciphertext_size) { return 0Xffffffff; }

        if(sgx_read_rand(bout, SGX_AESGCM_IV_SIZE) != SGX_SUCCESS)
{
    return ERR_FAIL_UNSEAL;
}

const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf }; uint8_t plaintext = (uint8_t )item->certificate; sgx_status_t res;

        res=sgx_rijndael128GCM_encrypt(&aes_key,
plaintext, sizee, // plaintext
bout + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE, // ciphertext
bout, SGX_AESGCM_IV_SIZE, // iv
NULL, 0, // aad
(sgx_aes_gcm_128bit_tag_t*) (bout + SGX_AESGCM_IV_SIZE)); // mac

                         if (res != SGX_SUCCESS) {
//printf("encryption error");
free(wallet);
return ERR_FAIL_UNSEAL;

}`

[llly]

The function usage is correct. According to aesgcm_len, do you want to hold size|ciphertext|mac in item->encrypteee buffer? However mac is in local var mac instead of (uint8_t*)item->encrypteee+aesgcm_len-sizeof(sgx_aes_gcm_128bit_tag_t). After your function, item->encrypteee only contains size and ciphertext, no mac.

[ZiiDev]

The problem is when I encrypt the data I can only decrypt in the same function. But when I try to send data from outside from the enclave it does not decrypt.

[llly]

As I said, mac ,which is required for decryption, is not in the buffer item->encrypteee. That's why decryption failed.

[ZiiDev]

Then why i am able to decrypt data in the main function but when I send encrypted data to some other function to decrypt it, it does not decrypt.

[llly]

Because you reuse local var mac in encryption and decryption in the main function, but you don't copy mac to other functions. Message Authentication Code (MAC) is used to verify the integrity of the data. You must copy mac along with encrypted data and send to other functions.