RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Assignment-7] fixed endianess problems
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m1s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m4s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m0s
Details
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 34s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 9s
Details

Browse source
This commit is contained in:
Sascha Tommasone 2024-07-05 23:02:05 +02:00
parent 66e6265026
commit 2d45c882e2
Signed by: saschato
GPG key ID: 751068A86FCAA217
3 changed files with 45 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
7-SGX_Hands-on/src/enclave/enclave.c
View file

@ -50,9 +50,15 @@
#endif #endif
#ifndef SI_SIZE #ifndef SI_SIZE
#define SI_SIZE 2*SK_SIZE #define SI_SIZE 2*SK_SIZE// + 8
#endif #endif
#define SWAP_UINT32(x) \
(((x) >> 24) & 0x000000FF) | \
(((x) >> 8) & 0x0000FF00) | \
(((x) << 8) & 0x00FF0000) | \
(((x) << 24) & 0xFF000000)
const sgx_ec256_public_t authorized[2] = { const sgx_ec256_public_t authorized[2] = {
{ {
0, 0,
@ -80,6 +86,22 @@ int get_private_key_size() {
return SK_SIZE; return SK_SIZE;
} }
static inline void pk_little_to_big(uint8_t *pk) {
uint32_t i, j;
for(i = 0, j = PK_SIZE / 2 - 1; i < j; i++, j--) {
uint8_t tmp = pk[i];
pk[i] = pk[j];
pk[j] = tmp;
}
for(i = PK_SIZE / 2, j = PK_SIZE - 1; i < j; i++, j--) {
uint8_t tmp = pk[i];
pk[i] = pk[j];
pk[j] = tmp;
}
}
static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) { static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) {
// invalid parameter handling // invalid parameter handling
if((private == NULL) || (public == NULL)) if((private == NULL) || (public == NULL))
@ -138,7 +160,7 @@ static sgx_status_t unseal_key_pair(const uint8_t *sealed, sgx_ec256_private_t *
return status; return status;
} }
sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size) { sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size) {
// invalid parameter handling // invalid parameter handling
if((sealed == NULL) || (sealed_size == 0)) { if((sealed == NULL) || (sealed_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
@ -151,10 +173,11 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t
return status; return status;
} }
// copy public key into return buffers // copy public key into return buffer
if((gx != NULL) && (gy != NULL)) { // swap endianess
memcpy(gx, public.gx, SK_SIZE); if((public_key != NULL) && (public_key != NULL) && (public_key_size == PK_SIZE)) {
memcpy(gy, public.gy, SK_SIZE); memcpy(public_key, public.gx, SK_SIZE);
pk_little_to_big(public_key);
} }
// return success // return success
@ -182,6 +205,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
// verify signature // verify signature
uint8_t result; uint8_t result;
// sgx_ecdsa_verify_hash
sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle); sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle);
// handle failed verification process // handle failed verification process
@ -194,7 +218,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
return result; return result;
} }
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) { sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
// invalid parameter handling // invalid parameter handling
if((data == NULL) || (data_size == 0)) { if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
@ -251,10 +275,11 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
// TODO: possible wrong endianess for other programms // TODO: possible wrong endianess for other programms
// copy signature to return buffer // copy signature to return buffer
if((signature == NULL) || (signature_size == 0)) { if((signature == NULL) || (signature_size != SI_SIZE)) {
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} }
memcpy(signature, ecc_signature.x, SI_SIZE); memcpy(signature, ecc_signature.x, SI_SIZE);
// seal the key // seal the key
@ -262,6 +287,10 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
seal_status = seal_key_pair(&private, &public, &sealed, sealed_size); seal_status = seal_key_pair(&private, &public, &sealed, sealed_size);
} }
// export pk
memcpy(public_key, public.gx, PK_SIZE);
pk_little_to_big(public_key);
// close ecc handle and return success // close ecc handle and return success
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return seal_status; return seal_status;
@ -299,7 +328,10 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
} }
// public key little to big
pk_little_to_big(public_key);
// copy public key into struct // copy public key into struct
memcpy(public.gx, public_key, PK_SIZE); memcpy(public.gx, public_key, PK_SIZE);
} else { } else {

4
7-SGX_Hands-on/src/enclave/enclave.edl
View file

@ -44,8 +44,8 @@ enclave {
public int get_signature_size(); public int get_signature_size();
public int get_public_key_size(); public int get_public_key_size();
public int get_private_key_size(); public int get_private_key_size();
public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size); public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size);
public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size); public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size);
public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size); public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size);
}; };

4
7-SGX_Hands-on/src/enclave/enclave.h
View file

@ -44,8 +44,8 @@ int get_signature_size();
int get_public_key_size(); int get_public_key_size();
int get_private_key_size(); int get_private_key_size();
sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size); sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size);
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size); sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size);
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size); sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size);
#endif /* !_ENCLAVE_H_ */ #endif /* !_ENCLAVE_H_ */