Mac mismatch after using sgx_fwrite

Baldini__Stefano — Mon, 08 Jan 2018 15:49:21 GMT

Hello there,

it's quite urgent since I have a deadline this week and I need to figure out what's wrong so I hope someone will be able to help. Note that I developed everything in simulation mode since my university didn't provide me a machine with IntelSGX in time as promised.

In short, I made an application that is able to encrypt/decrypt a variable, another one that is able to save and retrieve to/from a file. But when I put these two functionalities together something weird happens.

Enclave2.cpp

#include "Enclave2_t.h"

#include "sgx_trts.h"
#include "sgx_utils.h"
#include "sgx_key.h"
#include "sgx_tcrypto.h"
#include "string.h"
#include "stdlib.h"

#include "sgx_tprotected_fs.h"

void enclaveDemo() {
	sgx_status_t		ret = SGX_SUCCESS;
	sgx_key_128bit_t	key;

	sgx_report_t	report;
	sgx_report_data_t reportData;

	uint8_t payload = 222; //number that I want to encrypt and then decrypt
	uint8_t dest; //after encryption
	uint8_t dest2; //after decryption
	uint8_t piv = 0;
	sgx_aes_gcm_128bit_tag_t mac;

	uint32_t seal_length = sizeof(dest);
	uint32_t unseal_length = sizeof(dest2);


	//CREATE REPORT TO GET THE CPUSVN
	sgx_create_report(NULL, &reportData, &report);

	//CREATE KEY
	sgx_key_request_t	kreq = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, report.body.isv_svn, 0, report.body.cpu_svn , NULL, 2, NULL, 0 };

	ret = sgx_get_key(&kreq, &key);
	
	//ENCRYPTION
	ret = sgx_rijndael128GCM_encrypt(&key, &payload, seal_length, &dest, &piv, 12, NULL, NULL, &mac);

	printInt(dest); // Ocall to print an int

	//DECRYPTION
	ret = sgx_rijndael128GCM_decrypt(&key, &dest, unseal_length, &dest2, &piv, 12, NULL, NULL, &mac); 

	if (ret == SGX_ERROR_MAC_MISMATCH) {
		printInt(-1); //failed
	}
	else

		if (ret != SGX_SUCCESS) {
			printInt(-2); //failed
		}
		else {
			printInt((int)dest2); //cast to int not necessary
		}

}

and this works perfectly: I want to encrypt 222 so dest is changing everytime I rebuild (e.g. 43, or when I rebuild 201, rerebuilding 18, etc) and dest2 is always 222 with NO mac mismatch.

Introducing just few lines more (even if I wrote more) I get an SGX_ERROR_MAC_MISMATCH . Looks like the function sgx_fwrite does something to the variable dest.

Enclave2.cpp EDIT1

#include "Enclave2_t.h"

#include "sgx_trts.h"
#include "sgx_utils.h"
#include "sgx_key.h"
#include "sgx_tcrypto.h"
#include "string.h"
#include "stdlib.h"

#include "sgx_tprotected_fs.h"

void enclaveDemo() {
	sgx_status_t		ret = SGX_SUCCESS;
	sgx_key_128bit_t	key;

	sgx_report_t	report;
	sgx_report_data_t reportData;

	uint8_t payload = 222; //number that I want to encrypt and then decrypt
	uint8_t dest; //after encryption
	uint8_t dest2; //after decryption
	uint8_t piv = 0;
	sgx_aes_gcm_128bit_tag_t mac;

	uint32_t seal_length = sizeof(dest);
	uint32_t unseal_length = sizeof(dest2);

	SGX_FILE* pFile;

	size_t sizeofWrite;

	//CREATE REPORT TO GET THE CPUSVN
	sgx_create_report(NULL, &reportData, &report);

	//CREATE KEY
	sgx_key_request_t	kreq = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, report.body.isv_svn, 0, report.body.cpu_svn , NULL, 2, NULL, 0 };

	ret = sgx_get_key(&kreq, &key);
	
	//ENCRYPTION
	ret = sgx_rijndael128GCM_encrypt(&key, &payload, seal_length, &dest, &piv, 12, NULL, NULL, &mac);

	pFile = sgx_fopen_auto_key("test.bin", "w+"); //works write/read
	if (pFile == NULL) {
		enclaveOutputInt(-2); //error
	}

	sizeofWrite = sgx_fwrite(&dest, sizeof(uint8_t), sizeof(dest), pFile);

	printInt(dest); // Ocall to print an int

	//DECRYPTION
	ret = sgx_rijndael128GCM_decrypt(&key, &dest, unseal_length, &dest2, &piv, 12, NULL, NULL, &mac);

	if (ret == SGX_ERROR_MAC_MISMATCH) {
		printInt(-1); //failed
	}
	else

		if (ret != SGX_SUCCESS) {
			printInt(-2); //failed
		}
		else {
			printInt((int)dest2); //cast to int not necessary
		}

}

What's going on?

Thanks in advance for your help,

Stefano

Have you found the resolution

das__batsayan — Mon, 07 May 2018 10:17:47 GMT

Have you found the resolution for SGX_ERROR_MAC_MISMATCH?
I was trying sgx_rijndael128GCM_encrypt() and sgx_rijndael128GCM_decrypt() apis. Noticed that const uint8_t *p_iv, and sgx_aes_gcm_128bit_tag_t *p_out_mac has to be passed from encrypt() api to decrypt() api for successful decryption. I used sgx_fopen_auto_key(), sgx_fwrite(), sgx_fclose() to write const uint8_t *p_iv value from the encrypt. When the decrypt tries to use p_iv, SGX_ERROR_MAC_MISMATCH error happens.

Thanks in advance.

It is the problem with your

Sankar_V — Thu, 17 May 2018 10:44:02 GMT

It is the problem with your IV. You have declared IV as uint8_t which is 8 bytes, and are inputting 12 as length of IV. It is going to read four extra random bytes from the start of the address that is pointing to piv.

Solution: Declare iv as an array uint8_t iv[12] and initialize it with meaninful bytes and use &iv[0] or just iv in encrypt/decrypt calls and it will work.

Cheers,

Sankar

topic Mac mismatch after using sgx_fwrite in Intel® Software Guard Extensions (Intel® SGX)

Mac mismatch after using sgx_fwrite

Have you found the resolution

It is the problem with your