Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1554 Discussions

Mac mismatch after using sgx_fwrite

Baldini__Stefano
Beginner
‎01-08-2018 07:49 AM
2,197 Views

Hello there,

it's quite urgent since I have a deadline this week and I need to figure out what's wrong so I hope someone will be able to help. Note that I developed everything in simulation mode since my university didn't provide me a machine with IntelSGX in time as promised.

In short, I made an application that is able to encrypt/decrypt a variable, another one that is able to save and retrieve to/from a file. But when I put these two functionalities together something weird happens.

Enclave2.cpp

#include "Enclave2_t.h"

#include "sgx_trts.h"
#include "sgx_utils.h"
#include "sgx_key.h"
#include "sgx_tcrypto.h"
#include "string.h"
#include "stdlib.h"

#include "sgx_tprotected_fs.h"

void enclaveDemo() {
	sgx_status_t		ret = SGX_SUCCESS;
	sgx_key_128bit_t	key;

	sgx_report_t	report;
	sgx_report_data_t reportData;

	uint8_t payload = 222; //number that I want to encrypt and then decrypt
	uint8_t dest; //after encryption
	uint8_t dest2; //after decryption
	uint8_t piv = 0;
	sgx_aes_gcm_128bit_tag_t mac;

	uint32_t seal_length = sizeof(dest);
	uint32_t unseal_length = sizeof(dest2);


	//CREATE REPORT TO GET THE CPUSVN
	sgx_create_report(NULL, &reportData, &report);

	//CREATE KEY
	sgx_key_request_t	kreq = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, report.body.isv_svn, 0, report.body.cpu_svn , NULL, 2, NULL, 0 };

	ret = sgx_get_key(&kreq, &key);
	
	//ENCRYPTION
	ret = sgx_rijndael128GCM_encrypt(&key, &payload, seal_length, &dest, &piv, 12, NULL, NULL, &mac);

	printInt(dest); // Ocall to print an int

	//DECRYPTION
	ret = sgx_rijndael128GCM_decrypt(&key, &dest, unseal_length, &dest2, &piv, 12, NULL, NULL, &mac); 

	if (ret == SGX_ERROR_MAC_MISMATCH) {
		printInt(-1); //failed
	}
	else

		if (ret != SGX_SUCCESS) {
			printInt(-2); //failed
		}
		else {
			printInt((int)dest2); //cast to int not necessary
		}

}

and this works perfectly: I want to encrypt 222 so dest is changing everytime I rebuild (e.g. 43, or when I rebuild 201, rerebuilding 18, etc) and dest2 is always 222 with NO mac mismatch.

Introducing just few lines more (even if I wrote more) I get an SGX_ERROR_MAC_MISMATCH . Looks like the function sgx_fwrite does something to the variable dest.

Enclave2.cpp EDIT1

#include "Enclave2_t.h"

#include "sgx_trts.h"
#include "sgx_utils.h"
#include "sgx_key.h"
#include "sgx_tcrypto.h"
#include "string.h"
#include "stdlib.h"

#include "sgx_tprotected_fs.h"

void enclaveDemo() {
	sgx_status_t		ret = SGX_SUCCESS;
	sgx_key_128bit_t	key;

	sgx_report_t	report;
	sgx_report_data_t reportData;

	uint8_t payload = 222; //number that I want to encrypt and then decrypt
	uint8_t dest; //after encryption
	uint8_t dest2; //after decryption
	uint8_t piv = 0;
	sgx_aes_gcm_128bit_tag_t mac;

	uint32_t seal_length = sizeof(dest);
	uint32_t unseal_length = sizeof(dest2);

	SGX_FILE* pFile;

	size_t sizeofWrite;

	//CREATE REPORT TO GET THE CPUSVN
	sgx_create_report(NULL, &reportData, &report);

	//CREATE KEY
	sgx_key_request_t	kreq = { SGX_KEYSELECT_SEAL, SGX_KEYPOLICY_MRENCLAVE, report.body.isv_svn, 0, report.body.cpu_svn , NULL, 2, NULL, 0 };

	ret = sgx_get_key(&kreq, &key);
	
	//ENCRYPTION
	ret = sgx_rijndael128GCM_encrypt(&key, &payload, seal_length, &dest, &piv, 12, NULL, NULL, &mac);

	pFile = sgx_fopen_auto_key("test.bin", "w+"); //works write/read
	if (pFile == NULL) {
		enclaveOutputInt(-2); //error
	}

	sizeofWrite = sgx_fwrite(&dest, sizeof(uint8_t), sizeof(dest), pFile);

	printInt(dest); // Ocall to print an int

	//DECRYPTION
	ret = sgx_rijndael128GCM_decrypt(&key, &dest, unseal_length, &dest2, &piv, 12, NULL, NULL, &mac);

	if (ret == SGX_ERROR_MAC_MISMATCH) {
		printInt(-1); //failed
	}
	else

		if (ret != SGX_SUCCESS) {
			printInt(-2); //failed
		}
		else {
			printInt((int)dest2); //cast to int not necessary
		}

}

What's going on?

Thanks in advance for your help,

Stefano

0 Kudos

Link Copied

2 Replies
das__batsayan
New Contributor I
‎05-07-2018 03:17 AM
2,197 Views

Have you found the resolution for SGX_ERROR_MAC_MISMATCH?
I was trying sgx_rijndael128GCM_encrypt() and sgx_rijndael128GCM_decrypt() apis. Noticed that const uint8_t *p_iv, and sgx_aes_gcm_128bit_tag_t *p_out_mac has to be passed from encrypt() api to decrypt() api for successful decryption. I used sgx_fopen_auto_key(), sgx_fwrite(), sgx_fclose() to write const uint8_t *p_iv value from the encrypt. When the decrypt tries to use p_iv, SGX_ERROR_MAC_MISMATCH error happens.

Thanks in advance. 

 

0 Kudos
Copy link
Sankar_V
Employee
‎05-17-2018 03:44 AM
2,197 Views

It is the problem with your IV. You have declared IV as uint8_t which is 8 bytes, and are inputting 12 as length of IV. It is going to read four extra random bytes from the start of the address that is pointing to piv.

Solution: Declare iv as an array uint8_t iv[12] and initialize it with meaninful bytes and use &iv[0] or just iv in encrypt/decrypt calls and it will work.

Cheers,

Sankar

 

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.