From 3b2b2034159a3f602ebdd218066745e853b637e5 Mon Sep 17 00:00:00 2001 From: Sascha Tommasone Date: Sat, 6 Jul 2024 14:48:43 +0200 Subject: [PATCH] [Assignment-7] add first staff public key; enabled request verification --- 7-SGX_Hands-on/src/enclave/enclave.c | 52 ++++++++++++++++------------ 1 file changed, 30 insertions(+), 22 deletions(-) diff --git a/7-SGX_Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c index 4d2e1f5..c68cd5b 100644 --- a/7-SGX_Hands-on/src/enclave/enclave.c +++ b/7-SGX_Hands-on/src/enclave/enclave.c @@ -65,8 +65,18 @@ const sgx_ec256_public_t authorized[2] = { 0 }, { - 0, - 0 + .gx = { + 0x76, 0xe5, 0x50, 0x5e, 0x61, 0xf5, 0x2b, 0xea, + 0x1c, 0x49, 0x29, 0xef, 0xd2, 0x5f, 0x4f, 0x29, + 0xd0, 0xb6, 0xfb, 0x1c, 0x4f, 0x42, 0xb5, 0x72, + 0x00, 0x10, 0x18, 0x1a, 0x4f, 0xa3, 0x96, 0x8d + }, + .gy = { + 0xa1, 0xba, 0x0a, 0x47, 0xf1, 0xa5, 0xa4, 0x9d, + 0xf4, 0x7d, 0x71, 0x34, 0xce, 0x2f, 0x2e, 0x93, + 0xec, 0x04, 0xb1, 0xdd, 0xad, 0xb6, 0x4b, 0xa0, + 0xdf, 0xb5, 0xc4, 0xf3, 0xf9, 0xa6, 0x58, 0xb2 + } } }; @@ -215,7 +225,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) { // invalid parameter handling - if((data == NULL) || (data_size == 0) || (public_key == NULL) || (signature == NULL)) { + if((data == NULL) || (data_size == 0)) { + return SGX_ERROR_INVALID_PARAMETER; + } else if((public_key == NULL) || (signature == NULL)) { return SGX_ERROR_INVALID_PARAMETER; } else if((sealed == NULL) || (sealed_size != get_sealed_size())) { return SGX_ERROR_INVALID_PARAMETER; @@ -224,9 +236,8 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_ // verify public key for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) { - continue; + goto sign; } - goto sign; } return SGX_ERROR_UNEXPECTED; @@ -244,34 +255,25 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_ } // verify request - /* if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) { - sgx_ecc256_close_context(ecc_handle); - return status; - }*/ + goto exit; + } // try unseal keypair - sgx_status_t seal_status; - if(seal_status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) { - sgx_ecc256_close_context(ecc_handle); - return seal_status; + if(status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) { + goto exit; } // create signature if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) { - sgx_ecc256_close_context(ecc_handle); - return status; + goto exit; } // copy signature to return buffer - if(signature == NULL) { - sgx_ecc256_close_context(ecc_handle); - return SGX_ERROR_INVALID_PARAMETER; - } - memcpy(signature, ecc_signature.x, SI_SIZE); // close ecc handle and return success + exit: ; sgx_ecc256_close_context(ecc_handle); return status; } @@ -284,6 +286,8 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint return SGX_ERROR_INVALID_PARAMETER; } else if((sealed != NULL) && (public_key != NULL)) { return SGX_ERROR_INVALID_PARAMETER; + } else if((sealed_size != get_sealed_size()) && (public_key == NULL)) { + return SGX_ERROR_INVALID_PARAMETER;; } // declare needed structures @@ -294,9 +298,13 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint if(public_key != NULL) { // verification only with authorized public keys for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { + if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) { + goto verify; + } + } + return SGX_ERROR_UNEXPECTED; - } - + verify: ; // copy public key into struct memcpy(public.gx, public_key, PK_SIZE); } else {