RubNoobs/Systemsicherheit
RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Assignment-7] add first staff public key; enabled request verification

Browse source
This commit is contained in:
Sascha Tommasone 2024-07-06 14:48:43 +02:00 committed by saschato
parent 04e2894de0
commit 3b2b203415
1 changed files with 30 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
7-SGX_Hands-on/src/enclave/enclave.c
View file

@ -65,8 +65,18 @@ const sgx_ec256_public_t authorized[2] = {
0 0
}, },
{ {
0, .gx = {
0 0x76, 0xe5, 0x50, 0x5e, 0x61, 0xf5, 0x2b, 0xea,
0x1c, 0x49, 0x29, 0xef, 0xd2, 0x5f, 0x4f, 0x29,
0xd0, 0xb6, 0xfb, 0x1c, 0x4f, 0x42, 0xb5, 0x72,
0x00, 0x10, 0x18, 0x1a, 0x4f, 0xa3, 0x96, 0x8d
},
.gy = {
0xa1, 0xba, 0x0a, 0x47, 0xf1, 0xa5, 0xa4, 0x9d,
0xf4, 0x7d, 0x71, 0x34, 0xce, 0x2f, 0x2e, 0x93,
0xec, 0x04, 0xb1, 0xdd, 0xad, 0xb6, 0x4b, 0xa0,
0xdf, 0xb5, 0xc4, 0xf3, 0xf9, 0xa6, 0x58, 0xb2
}
} }
}; };
@ -215,7 +225,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) { sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
// invalid parameter handling // invalid parameter handling
if((data == NULL) || (data_size == 0) || (public_key == NULL) || (signature == NULL)) { if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((public_key == NULL) || (signature == NULL)) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed == NULL) || (sealed_size != get_sealed_size())) { } else if((sealed == NULL) || (sealed_size != get_sealed_size())) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
@ -224,10 +236,9 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
// verify public key // verify public key
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) { if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
continue;
}
goto sign; goto sign;
} }
}
return SGX_ERROR_UNEXPECTED; return SGX_ERROR_UNEXPECTED;
sign: ; sign: ;
@ -244,34 +255,25 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
} }
// verify request // verify request
/*
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) { if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
sgx_ecc256_close_context(ecc_handle); goto exit;
return status; }
}*/
// try unseal keypair // try unseal keypair
sgx_status_t seal_status; if(status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
if(seal_status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) { goto exit;
sgx_ecc256_close_context(ecc_handle);
return seal_status;
} }
// create signature // create signature
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) { if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle); goto exit;
return status;
} }
// copy signature to return buffer // copy signature to return buffer
if(signature == NULL) {
sgx_ecc256_close_context(ecc_handle);
return SGX_ERROR_INVALID_PARAMETER;
}
memcpy(signature, ecc_signature.x, SI_SIZE); memcpy(signature, ecc_signature.x, SI_SIZE);
// close ecc handle and return success // close ecc handle and return success
exit: ;
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return status; return status;
} }
@ -284,6 +286,8 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed != NULL) && (public_key != NULL)) { } else if((sealed != NULL) && (public_key != NULL)) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed_size != get_sealed_size()) && (public_key == NULL)) {
return SGX_ERROR_INVALID_PARAMETER;;
} }
// declare needed structures // declare needed structures
@ -294,9 +298,13 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
if(public_key != NULL) { if(public_key != NULL) {
// verification only with authorized public keys // verification only with authorized public keys
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
goto verify;
} }
}
return SGX_ERROR_UNEXPECTED;
verify: ;
// copy public key into struct // copy public key into struct
memcpy(public.gx, public_key, PK_SIZE); memcpy(public.gx, public_key, PK_SIZE);
} else { } else {