From 20529e27687941067297226583d952acb113e054 Mon Sep 17 00:00:00 2001
From: Sascha Tommasone <sascha@tommasone.me>
Date: Fri, 5 Jul 2024 23:02:05 +0200
Subject: [PATCH] [Assignment-7] fixed endianess problems

---
 7-SGX_Hands-on/src/enclave/enclave.c   | 50 +++++++++++++++++++++-----
 7-SGX_Hands-on/src/enclave/enclave.edl |  4 +--
 7-SGX_Hands-on/src/enclave/enclave.h   |  4 +--
 3 files changed, 45 insertions(+), 13 deletions(-)

diff --git a/7-SGX_Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c
index db96ec4..fc5da89 100644
--- a/7-SGX_Hands-on/src/enclave/enclave.c
+++ b/7-SGX_Hands-on/src/enclave/enclave.c
@@ -50,9 +50,15 @@
 #endif
 
 #ifndef SI_SIZE
-#define SI_SIZE 2*SK_SIZE
+#define SI_SIZE 2*SK_SIZE// + 8
 #endif
 
+#define SWAP_UINT32(x) \
+    (((x) >> 24) & 0x000000FF) | \
+    (((x) >>  8) & 0x0000FF00) | \
+    (((x) <<  8) & 0x00FF0000) | \
+    (((x) << 24) & 0xFF000000)
+
 const sgx_ec256_public_t authorized[2] = {
     {
         0,
@@ -80,6 +86,22 @@ int get_private_key_size() {
     return SK_SIZE;
 }
 
+static inline void pk_little_to_big(uint8_t *pk) {
+    uint32_t i, j;
+
+    for(i = 0, j = PK_SIZE / 2 - 1; i < j; i++, j--) {
+        uint8_t tmp = pk[i];
+        pk[i] = pk[j];
+        pk[j] = tmp;
+    }
+
+    for(i = PK_SIZE / 2, j = PK_SIZE - 1; i < j; i++, j--) {
+        uint8_t tmp = pk[i];
+        pk[i] = pk[j];
+        pk[j] = tmp;
+    }
+}
+
 static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) {
     // invalid parameter handling
     if((private == NULL) || (public == NULL))
@@ -138,7 +160,7 @@ static sgx_status_t unseal_key_pair(const uint8_t *sealed, sgx_ec256_private_t *
     return status;
 }
 
-sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size) {
+sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size) {
     // invalid parameter handling
     if((sealed == NULL) || (sealed_size == 0)) {
         return SGX_ERROR_INVALID_PARAMETER;
@@ -151,10 +173,11 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t
         return status;
     }
 
-    // copy public key into return buffers
-    if((gx != NULL) && (gy != NULL)) {
-        memcpy(gx, public.gx, SK_SIZE);
-        memcpy(gy, public.gy, SK_SIZE);
+    // copy public key into return buffer
+    // swap endianess
+    if((public_key != NULL) && (public_key != NULL) && (public_key_size == PK_SIZE)) {
+        memcpy(public_key, public.gx, SK_SIZE);
+        pk_little_to_big(public_key);
     }
 
     // return success
@@ -182,6 +205,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
 
     // verify signature
     uint8_t result;
+    // sgx_ecdsa_verify_hash
     sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle);
 
     // handle failed verification process
@@ -194,7 +218,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
     return result;
 }
 
-sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
+sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
     // invalid parameter handling
     if((data == NULL) || (data_size == 0)) {
         return SGX_ERROR_INVALID_PARAMETER;
@@ -251,10 +275,11 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
 
     // TODO: possible wrong endianess for other programms
     // copy signature to return buffer
-    if((signature == NULL) || (signature_size == 0)) {
+    if((signature == NULL) || (signature_size != SI_SIZE)) {
         sgx_ecc256_close_context(ecc_handle);
         return SGX_ERROR_INVALID_PARAMETER;
     }
+
     memcpy(signature, ecc_signature.x, SI_SIZE);
 
     // seal the key
@@ -262,6 +287,10 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
         seal_status = seal_key_pair(&private, &public, &sealed, sealed_size);
     }
 
+    // export pk
+    memcpy(public_key, public.gx, PK_SIZE);
+    pk_little_to_big(public_key);
+
     // close ecc handle and return success
     sgx_ecc256_close_context(ecc_handle);
     return seal_status;
@@ -299,7 +328,10 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
         for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
 
         }
-
+        
+        // public key little to big
+        pk_little_to_big(public_key);
+        
         // copy public key into struct
         memcpy(public.gx, public_key, PK_SIZE);
     } else {
diff --git a/7-SGX_Hands-on/src/enclave/enclave.edl b/7-SGX_Hands-on/src/enclave/enclave.edl
index 64abed2..6b9e803 100644
--- a/7-SGX_Hands-on/src/enclave/enclave.edl
+++ b/7-SGX_Hands-on/src/enclave/enclave.edl
@@ -44,8 +44,8 @@ enclave {
         public int get_signature_size();
         public int get_public_key_size();
         public int get_private_key_size();
-        public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size);
-        public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size);
+        public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size);
+        public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size);
         public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size);
     };
 
diff --git a/7-SGX_Hands-on/src/enclave/enclave.h b/7-SGX_Hands-on/src/enclave/enclave.h
index 89c52b7..c7b017b 100644
--- a/7-SGX_Hands-on/src/enclave/enclave.h
+++ b/7-SGX_Hands-on/src/enclave/enclave.h
@@ -44,8 +44,8 @@ int get_signature_size();
 int get_public_key_size();
 int get_private_key_size();
 
-sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size);
-sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size);
+sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size);
+sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size);
 sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size);
 
 #endif /* !_ENCLAVE_H_ */
\ No newline at end of file