Hello all,
I am working on AES GCM 256bit encryption and decryption in intel SGX with SGXSSL support.
In that im able to encrypt and decrypt the message successfully but though message decrypted correctly , tag verification returns (EVP_CipherFinal_ex) 0.
i even tried the same with openssl in that for same key,iv,add im getting 1 for tag verification.
SGX enclave code:
`#include "sgx_tcrypto.h"
#include "sgx_tae_service.h"
#include "tSgxSSL_api.h"
#include "enclave_t.h"
void testGCM() {
unsigned char key[32] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f
};
unsigned char iv[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};
unsigned char aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};
unsigned char plain_text[32] = { 0x4e, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};
unsigned char encrypted_text[48];
unsigned char decrypted_text[48];
unsigned char tag[16];
int tag_v;
OcallPrintArray("key",key,32);
OcallPrintArray("pText",plain_text,32);
OcallPrintArray("aad",aad,12);
AesGcm256bEncrypt( key,
// (size_t)32,
iv,
// (size_t)12,
plain_text,
(size_t)32,
encrypted_text,
// (size_t)48,
tag
);
OcallPrintArray("EncryptedText",encrypted_text,48);
OcallPrintArray("tag",tag,16);
AesGcm256bDecrypt( key,
// 32,
iv,
// 12,
encrypted_text,
48,
decrypted_text,
// 48,
tag,
&tag_v
);
OcallPrintArray("decryptedText",decrypted_text,32);
OcallPrintKeyValue("verification ",tag_v);
}
unsigned char gcm_aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};
int AesGcm256bEncrypt(unsigned char* key, //fixed len
// size_t len_key,
unsigned char* iv, //fixed len
// size_t len_iv,
unsigned char* plain_text,
size_t len_plain_text,
unsigned char* encrypted_text,
// size_t* len_encrypted_text,
unsigned char* tag //fixed len
) {
EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new();
int len;
int ret;
int len_encrypted_text;
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,1);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, encrypted_text, &len, plain_text, len_plain_text);
len_encrypted_text = len;
EVP_CipherFinal_ex(ctx, tag, &len);
len_encrypted_text += len;
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
EVP_CIPHER_CTX_cleanup(ctx);
}
int AesGcm256bDecrypt(unsigned char* key,
// size_t len_key,
unsigned char* iv,
// size_t len_iv,
unsigned char* encrypted_text,
size_t len_encrypted_text,
unsigned char* plain_text,
// size_t len_plain_text,
unsigned char* tag,
int* tag_verification
) {
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
int len, ret;
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
EVP_CipherInit_ex(ctx, NULL, NULL, key,iv,0);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, plain_text, &len, encrypted_text, len_encrypted_text);
*tag_verification = EVP_CipherFinal_ex(ctx, plain_text, &len);
EVP_CIPHER_CTX_cleanup(ctx);
}`
output from sgx :
`array Name : key
size of array 32
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
array Name : pText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
array Name : aad
size of array 12
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66
array Name : EncryptedText
size of array 48
0x8d 0xec 0x44 0xe5 0x7f 0x83 0xe6 0xf1 0x71 0x9b 0x4c 0xe7 0xb 0xc5 0xe2 0xc2 0xd9 0xbd 0xae 0xa1 0xcb 0xb9 0x34 0x7b 0x8e 0x1 0x6a 0xf6 0x16 0xa9 0x94 0xf1 0x40 0x85 0x9f 0x50 0x2f 0x7f (nil) (nil) 0x91 0x38 0x1d 0x50 0x2f 0x7f (nil) (nil)
array Name : tag
size of array 16
0xf8 0x74 0xb9 0x5d 0x38 0xda 0x9a 0xe7 0x5b 0xb5 0x5e 0xa1 0xc9 0xf0 0xb3 0x69
array Name : decryptedText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
verification :: 0`
Openssl version :
`#include <openssl/aes.h>
#include <stdio.h>
#include <openssl/evp.h>
void parr(char* name,unsigned char* arr,int len){
printf("array Name %s\n",name );
printf("size of array %d\n",len);
for(int i =0 ; i < len ; i++ ) {
printf("%p ",arr[i]);
}
printf("\n");
}
void testGCM() {
unsigned char key[32] = { 0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};
unsigned char iv[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};
unsigned char gcm_aad[12] = {
0xee, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66
};
unsigned char plain_text[32] = { 0x4e, 0xbc, 0x1f, 0x57, 0x48, 0x7f, 0x51, 0x92, 0x1c, 0x04, 0x65, 0x66,
0x5f, 0x8a, 0xe6, 0xd1, 0x65, 0x8b, 0xb2, 0x6d, 0xe6, 0xf8, 0xa0, 0x69,
0xa3, 0x52, 0x02, 0x93, 0xa5, 0x72, 0x07, 0x8f};
unsigned char encrypted_text[48];
unsigned char decrypted_text[48];
unsigned char tag[16];
int tag_v;
EVP_CIPHER_CTX * ctx = EVP_CIPHER_CTX_new();
int len;
int ret;
int len_encrypted_text;
int len_plain_text = 32;
parr("plainText",plain_text,32);
parr("aad",gcm_aad,12);
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,1);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, encrypted_text, &len, plain_text, len_plain_text);
len_encrypted_text = len;
EVP_CipherFinal_ex(ctx, tag, &len);
len_encrypted_text += len;
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, 16, tag);
parr("EncryptedText",encrypted_text,48);
parr("tag",tag,16);
EVP_CIPHER_CTX_cleanup(ctx);
ctx = EVP_CIPHER_CTX_new();
EVP_CipherInit_ex(ctx, EVP_aes_256_gcm(), NULL, key,iv,0);
EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, 16, tag);
EVP_CipherInit_ex(ctx, NULL, NULL, key,iv,0);
EVP_CipherUpdate(ctx, NULL, &len, gcm_aad, sizeof(gcm_aad));
EVP_CipherUpdate(ctx, decrypted_text, &len, encrypted_text, len_encrypted_text);
int tag_verification = EVP_CipherFinal_ex(ctx, decrypted_text, &len);
parr("DecryptedText",decrypted_text,32);
printf("verification %d",tag_verification);
}
int main() {
testGCM();
}`
output ::
`array Name plainText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
array Name aad
size of array 12
0xee 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66
array Name EncryptedText
size of array 48
0x8d 0xec 0x44 0xe5 0x7f 0x83 0xe6 0xf1 0x71 0x9b 0x4c 0xe7 0xb 0xc5 0xe2 0xc2 0xd9 0xbd 0xae 0xa1 0xcb 0xb9 0x34 0x7b 0x8e 0x1 0x6a 0xf6 0x16 0xa9 0x94 0xf1 0x9 (nil) (nil) (nil) (nil) (nil) (nil) (nil) 0x40 (nil) (nil) (nil) (nil) (nil) (nil) (nil)
array Name tag
size of array 16
0xf8 0x74 0xb9 0x5d 0x38 0xda 0x9a 0xe7 0x5b 0xb5 0x5e 0xa1 0xc9 0xf0 0xb3 0x69
array Name DecryptedText
size of array 32
0x4e 0xbc 0x1f 0x57 0x48 0x7f 0x51 0x92 0x1c 0x4 0x65 0x66 0x5f 0x8a 0xe6 0xd1 0x65 0x8b 0xb2 0x6d 0xe6 0xf8 0xa0 0x69 0xa3 0x52 0x2 0x93 0xa5 0x72 0x7 0x8f
verification 1`
In that you can note that encrypted text least significant 16 bytes different in both version.
Can anyone explain why iam getting different encrypted text ? and verifcation failure in SGXSSL version.
Please help me with this. thank you!