Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

sgx_rijndael128GCM_encrypt does not encrypt

Ziidev
New Contributor I
1,075 Views

I am trying to use sgx_rijndael128GCM_encrypt to encrypt some data but the buffer remains empaty. I dont know why or what i am doing wrong.  This is the code I am using, if there is any errors please mention them. As far as I think, there will be some changes in line 2, where i am calculating aesgcm_len or maybe i am using the wrong key. But if the key is wrong then it should show some errors. Please guide me. Thank you in advance.

 

uint8_t *plaintext = (uint8_t *)item->certificate;
size_t aesgcm_len =4 + ((((double)sizee)/16))*16 +16;
item->encrypteee = (uint8_t*)malloc(aesgcm_len);
sgx_aes_gcm_128bit_tag_t mac;
const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
//sgx_read_rand((unsigned char *) &aes_key, sizeof(sgx_aes_gcm_128bit_key_t));
uint8_t iv[12];
memset(iv,0,12);
((int*)item->encrypteee)[0]=sizee;
 
sgx_status_t res;
res= sgx_rijndael128GCM_encrypt(&aes_key, plaintext, sizee, (uint8_t*)item->encrypteee+4,iv,12 ,NULL,0,&mac);
if (res != SGX_SUCCESS) {
//printf("encryption error");
free(wallet);
return ERR_FAIL_UNSEAL;
}
0 Kudos
1 Solution
Ziidev
New Contributor I
1,034 Views

Hi Sahira,

I posted there as well and trying every solution but no success. Even I tried this solution but segmentaion fault occurs at sgx_rijndael128GCM_encrypt function. I dont know why? is there any explanation. Please guide me.

			   uint8_t *bout;
			   //item->encrypteee = (uint8_t*)malloc(aesgcm_len);
			   uint32_t boutlen = *(&bout +1)-bout;
			   //uint32_t boutlen = sizeof(item->encrypteee);
			   uint32_t aes128gcm_ciphertext_size = SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE + sizee;
			   if(boutlen < aes128gcm_ciphertext_size)
					{
						return 0Xffffffff;
					}
			   
			   	if(sgx_read_rand(bout, SGX_AESGCM_IV_SIZE) != SGX_SUCCESS)
					{
						return ERR_FAIL_UNSEAL;
					}
				const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
				uint8_t *plaintext = (uint8_t *)item->certificate;
			    sgx_status_t res;
			   	res=sgx_rijndael128GCM_encrypt(&aes_key,
					plaintext, sizee, // plaintext
					bout + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE, // ciphertext
					bout, SGX_AESGCM_IV_SIZE, // iv
					NULL, 0, // aad
					(sgx_aes_gcm_128bit_tag_t*) (bout + SGX_AESGCM_IV_SIZE)); // mac
				if (res != SGX_SUCCESS) {
					//printf("encryption error");
					free(wallet);
					return ERR_FAIL_UNSEAL;
				}

View solution in original post

0 Kudos
3 Replies
Sahira_Intel
Moderator
1,070 Views

Hi,


Let me look into this for you.

In the meantime, I suggest opening a new issue in the SGX Github too: https://github.com/intel/linux-sgx/issues


Sincerely,

Sahira


0 Kudos
Ziidev
New Contributor I
1,035 Views

Hi Sahira,

I posted there as well and trying every solution but no success. Even I tried this solution but segmentaion fault occurs at sgx_rijndael128GCM_encrypt function. I dont know why? is there any explanation. Please guide me.

			   uint8_t *bout;
			   //item->encrypteee = (uint8_t*)malloc(aesgcm_len);
			   uint32_t boutlen = *(&bout +1)-bout;
			   //uint32_t boutlen = sizeof(item->encrypteee);
			   uint32_t aes128gcm_ciphertext_size = SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE + sizee;
			   if(boutlen < aes128gcm_ciphertext_size)
					{
						return 0Xffffffff;
					}
			   
			   	if(sgx_read_rand(bout, SGX_AESGCM_IV_SIZE) != SGX_SUCCESS)
					{
						return ERR_FAIL_UNSEAL;
					}
				const sgx_aes_gcm_128bit_key_t aes_key= { 0x0, 0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8, 0x9, 0xa, 0xb, 0xc, 0xd, 0xe, 0xf };
				uint8_t *plaintext = (uint8_t *)item->certificate;
			    sgx_status_t res;
			   	res=sgx_rijndael128GCM_encrypt(&aes_key,
					plaintext, sizee, // plaintext
					bout + SGX_AESGCM_IV_SIZE + SGX_AESGCM_MAC_SIZE, // ciphertext
					bout, SGX_AESGCM_IV_SIZE, // iv
					NULL, 0, // aad
					(sgx_aes_gcm_128bit_tag_t*) (bout + SGX_AESGCM_IV_SIZE)); // mac
				if (res != SGX_SUCCESS) {
					//printf("encryption error");
					free(wallet);
					return ERR_FAIL_UNSEAL;
				}
0 Kudos
Sahira_Intel
Moderator
950 Views

Hi Ziidev,

I see someone has replied to your post on Github so I will close this issue and we can work on your issue there.


Sincerely,

Sahira


0 Kudos
Reply