diff --git a/secure_enclave/AESUtils.c b/secure_enclave/AESUtils.c index 1d49c25b..152dbc70 100644 --- a/secure_enclave/AESUtils.c +++ b/secure_enclave/AESUtils.c @@ -30,7 +30,8 @@ #include "AESUtils.h" -uint8_t AES_key[2* BUF_LEN]; +sgx_aes_gcm_128bit_key_t AES_key; +sgx_aes_gcm_128bit_key_t AES_DH_key; #define SAFE_CHAR_BUF(__X__, __Y__) ;char __X__ [ __Y__ ]; memset(__X__, 0, __Y__); @@ -74,7 +75,7 @@ int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrBufLen, unsig sgx_read_rand(encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE); - sgx_status_t status = sgx_rijndael128GCM_encrypt(AES_key + BUF_LEN, (uint8_t*)message, len, + sgx_status_t status = sgx_rijndael128GCM_encrypt(&AES_key, (uint8_t*)message, len, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, NULL, 0, @@ -123,7 +124,7 @@ int AES_decrypt(uint8_t *encr_message, uint64_t length, char *message, uint64_t return -2; } - sgx_status_t status = sgx_rijndael128GCM_decrypt(AES_key + BUF_LEN, + sgx_status_t status = sgx_rijndael128GCM_decrypt(&AES_key, encr_message + SGX_AESGCM_MAC_SIZE + SGX_AESGCM_IV_SIZE, len, (unsigned char*) message, encr_message + SGX_AESGCM_MAC_SIZE, SGX_AESGCM_IV_SIZE, diff --git a/secure_enclave/AESUtils.h b/secure_enclave/AESUtils.h index 9f339b95..24671587 100644 --- a/secure_enclave/AESUtils.h +++ b/secure_enclave/AESUtils.h @@ -24,8 +24,7 @@ #ifndef SGXD_AESUTILS_H #define SGXD_AESUTILS_H -#define BUF_LEN 1024 -extern uint8_t AES_key[2* BUF_LEN] ; +extern sgx_aes_gcm_128bit_key_t AES_key; int AES_encrypt(char *message, uint8_t *encr_message, uint64_t encrLen, unsigned char type, unsigned char exportable, uint64_t* resultLen); diff --git a/secure_enclave/secure_enclave.c b/secure_enclave/secure_enclave.c index 106fa0ec..e8f87a88 100644 --- a/secure_enclave/secure_enclave.c +++ b/secure_enclave/secure_enclave.c @@ -291,7 +291,7 @@ void trustedGenerateSEK(int *errStatus, char *errString, RANDOM_CHAR_BUF(SEK_raw, SGX_AESGCM_KEY_SIZE); carray2Hex((uint8_t*) SEK_raw, SGX_AESGCM_KEY_SIZE, sek_hex); - memcpy(AES_key + BUF_LEN, SEK_raw, SGX_AESGCM_KEY_SIZE); + memcpy(AES_key, SEK_raw, SGX_AESGCM_KEY_SIZE); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, sek_hex); @@ -331,7 +331,7 @@ void trustedSetSEK(int *errStatus, char *errString, uint8_t *encrypted_sek) { uint64_t len; - hex2carray(aes_key_hex, &len, (uint8_t *) AES_key + BUF_LEN); + hex2carray(aes_key_hex, &len, (uint8_t *) AES_key); SET_SUCCESS clean: @@ -349,7 +349,7 @@ void trustedSetSEK_backup(int *errStatus, char *errString, CHECK_STATE(sek_hex); uint64_t len; - hex2carray(sek_hex, &len, (uint8_t *) AES_key + BUF_LEN); + hex2carray(sek_hex, &len, (uint8_t *) AES_key); sealHexSEK(errStatus, errString, encrypted_sek, enc_len, (char *)sek_hex);