Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1453 Discussions

sgx_rijndael128GCM_encrypt does not encrypt

Ziidev
New Contributor I
‎06-02-2022 03:34 PM
825 Views
Solved Jump to solution

I am trying to use sgx_rijndael128GCM_encrypt to encrypt some data but the buffer remains empaty. I dont know why or what i am doing wrong.  This is the code I am using, if there is any errors please mention them. As far as I think, there will be some changes in line 2, where i am calculating aesgcm_len or maybe i am using the wrong key. But if the key is wrong then it should show some errors. Please guide me. Thank you in advance.

 

uint8_t *plaintext = (uint8_t *)item->certificate;
size_t aesgcm_len =4 + ((((double)sizee)/16))*16 +16;
item->encrypteee = (uint8_t*)malloc(aesgcm_len);
sgx_aes_gcm_128bit_tag_t mac;
const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
//sgx_read_rand((unsigned char *) &aes_key, sizeof(sgx_aes_gcm_128bit_key_t));
uint8_t iv[12];
memset(iv,0,12);
((int*)item->encrypteee)[0]=sizee;
 
sgx_status_t res;
res= sgx_rijndael128GCM_encrypt(&aes_key, plaintext, sizee, (uint8_t*)item->encrypteee+4,iv,12 ,NULL,0,&mac);
if (res != SGX_SUCCESS) {
//printf("encryption error");
free(wallet);
return ERR_FAIL_UNSEAL;
}
0 Kudos
1 Solution
Ziidev
New Contributor I
‎06-04-2022 07:15 AM
784 Views
Solved Jump to solution
In response to Sahira_Intel

Hi Sahira,

I posted there as well and trying every solution but no success. Even I tried this solution but segmentaion fault occurs at sgx_rijndael128GCM_encrypt function. I dont know why? is there any explanation. Please guide me.

			   uint8_t *bout;
			   //item->encrypteee = (uint8_t*)malloc(aesgcm_len);
			   uint32_t boutlen = *(&bout +1)-bout;
			   //uint32_t boutlen = sizeof(item->encrypteee);
			   uint32_t aes128gcm_ciphertext_size = SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE + sizee;
			   if(boutlen < aes128gcm_ciphertext_size)
					{
						return 0Xffffffff;
					}
			   
			   	if(sgx_read_rand(bout, SGX_AESGCM_IV_SIZE) != SGX_SUCCESS)
					{
						return ERR_FAIL_UNSEAL;
					}
				const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
				uint8_t *plaintext = (uint8_t *)item->certificate;
			    sgx_status_t res;
			   	res=sgx_rijndael128GCM_encrypt(&aes_key,
					plaintext, sizee, // plaintext
					bout + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE, // ciphertext
					bout, SGX_AESGCM_IV_SIZE, // iv
					NULL, 0, // aad
					(sgx_aes_gcm_128bit_tag_t*) (bout + SGX_AESGCM_IV_SIZE)); // mac
				if (res != SGX_SUCCESS) {
					//printf("encryption error");
					free(wallet);
					return ERR_FAIL_UNSEAL;
				}

View solution in original post

In response to Sahira_Intel
0 Kudos
Copy link

Link Copied

3 Replies
Sahira_Intel
Moderator
‎06-02-2022 04:23 PM
820 Views
Solved Jump to solution

Hi,


Let me look into this for you.

In the meantime, I suggest opening a new issue in the SGX Github too: https://github.com/intel/linux-sgx/issues


Sincerely,

Sahira


0 Kudos
Copy link
Ziidev
New Contributor I
‎06-04-2022 07:15 AM
785 Views
Solved Jump to solution
In response to Sahira_Intel

Hi Sahira,

I posted there as well and trying every solution but no success. Even I tried this solution but segmentaion fault occurs at sgx_rijndael128GCM_encrypt function. I dont know why? is there any explanation. Please guide me.

			   uint8_t *bout;
			   //item->encrypteee = (uint8_t*)malloc(aesgcm_len);
			   uint32_t boutlen = *(&bout +1)-bout;
			   //uint32_t boutlen = sizeof(item->encrypteee);
			   uint32_t aes128gcm_ciphertext_size = SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE + sizee;
			   if(boutlen < aes128gcm_ciphertext_size)
					{
						return 0Xffffffff;
					}
			   
			   	if(sgx_read_rand(bout, SGX_AESGCM_IV_SIZE) != SGX_SUCCESS)
					{
						return ERR_FAIL_UNSEAL;
					}
				const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
				uint8_t *plaintext = (uint8_t *)item->certificate;
			    sgx_status_t res;
			   	res=sgx_rijndael128GCM_encrypt(&aes_key,
					plaintext, sizee, // plaintext
					bout + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE, // ciphertext
					bout, SGX_AESGCM_IV_SIZE, // iv
					NULL, 0, // aad
					(sgx_aes_gcm_128bit_tag_t*) (bout + SGX_AESGCM_IV_SIZE)); // mac
				if (res != SGX_SUCCESS) {
					//printf("encryption error");
					free(wallet);
					return ERR_FAIL_UNSEAL;
				}
In response to Sahira_Intel
0 Kudos
Copy link
Sahira_Intel
Moderator
‎07-06-2022 03:29 PM
700 Views
Solved Jump to solution

Hi Ziidev,

I see someone has replied to your post on Github so I will close this issue and we can work on your issue there.


Sincerely,

Sahira


0 Kudos
Copy link
Reply

Community support is provided during standard business hours (Monday to Friday 7AM - 5PM PST). Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.