#StackBounty: #hmac #sgx SGX calculating HMAC inside enclave

Bounty: 100

I’m trying to calculate an HMAC with SHA512 inside an Intel SGX enclave.
I got the code to work but receive strange results. I have an example that uses static pre-defined key and nonce from which the HMAC is calculated. But when verifying the received result it does not match the correct one (checked with some online HMAC calculators). When executing it multiple times with the static key and nonce, the function also returns different HMACs which shouldn’t be the case!?

Apparantely there are two different variants to calculate the HMAC (according to this enter link description here, I’ve tried both but don’t even receive the same result from both!?

Here is the function from the enclave:

int calculateHMAC(uint8_t *key, uint8_t *nonce, uint8_t *res_hmac) {
    IppsHMACState *ctx;
    IppStatus status;
    int psize = 0;

    //VARIANT 1
    status = ippsHMAC_GetSize(&psize);

    if (status == ippStsNullPtrErr) 
        return 1;

    ctx = (IppsHMACState*) malloc(psize);
    status = ippsHMAC_Init(key, 16, ctx, ippHashAlg_SHA512);

    if (status != ippStsNoErr)
        return 1;

    status = ippsHMAC_Update(nonce, 16, ctx);

    if (status != ippStsNoErr)
        return 1;

    uint8_t hmac[64];
    memset(hmac, '', 64);
    status = ippsHMAC_Final(hmac, 64, ctx);

    if (status != ippStsNoErr)
        return 1;

    memcpy(res_hmac, hmac, 64);

    //VARIANT 2
//  uint8_t test_hmac[HMAC_LENGTH];
//  status = ippsHMAC_Message(nonce, 16, key, 16, test_hmac, 64, ippHashAlg_SHA512);

//  if (status != ippStsNoErr)
//      return 1;

//  memcpy(res_hmac, test_hmac, 64);

    return 0;

}

And here the call:

char nonce[] = "7d93099f7fed16215836f7bad4db0e48";
char key[] = "a5b115536d5bf350c5b0fa6f69242f18";
uint8_t t_hmac[64];
memset(t_hmac, '', 64);

uint8_t ba_nonce[16];
int count = 0;
for (unsigned int i=0; i<32; i+=2) {
    char tmp[2];
    tmp[0] = nonce[i];
    tmp[1] = nonce[i+1];
    char byte = (char) strtol(tmp, NULL, 16);

    ba_nonce[count] = (unsigned char)byte;
    count++;
}

uint8_t ba_key[16];
count = 0;
for (unsigned int i=0; i<32; i+=2) {
    char tmp[2];
    tmp[0] = key[i];
    tmp[1] = key[i+1];
    char byte = (char) strtol(tmp, NULL, 16);

    ba_key[count] = (unsigned char)byte;
    count++;
}


int error = calculateHMAC(ba_key, ba_nonce, t_hmac);

I don’t see what I’m doing wrong!?


Get this bounty!!!

Leave a Reply