[Assignment-7] add first staff public key; enabled request verification
This commit is contained in:
parent
04e2894de0
commit
3b2b203415
1 changed files with 30 additions and 22 deletions
|
@ -65,8 +65,18 @@ const sgx_ec256_public_t authorized[2] = {
|
|||
0
|
||||
},
|
||||
{
|
||||
0,
|
||||
0
|
||||
.gx = {
|
||||
0x76, 0xe5, 0x50, 0x5e, 0x61, 0xf5, 0x2b, 0xea,
|
||||
0x1c, 0x49, 0x29, 0xef, 0xd2, 0x5f, 0x4f, 0x29,
|
||||
0xd0, 0xb6, 0xfb, 0x1c, 0x4f, 0x42, 0xb5, 0x72,
|
||||
0x00, 0x10, 0x18, 0x1a, 0x4f, 0xa3, 0x96, 0x8d
|
||||
},
|
||||
.gy = {
|
||||
0xa1, 0xba, 0x0a, 0x47, 0xf1, 0xa5, 0xa4, 0x9d,
|
||||
0xf4, 0x7d, 0x71, 0x34, 0xce, 0x2f, 0x2e, 0x93,
|
||||
0xec, 0x04, 0xb1, 0xdd, 0xad, 0xb6, 0x4b, 0xa0,
|
||||
0xdf, 0xb5, 0xc4, 0xf3, 0xf9, 0xa6, 0x58, 0xb2
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
|
@ -215,7 +225,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
|
|||
|
||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
|
||||
// invalid parameter handling
|
||||
if((data == NULL) || (data_size == 0) || (public_key == NULL) || (signature == NULL)) {
|
||||
if((data == NULL) || (data_size == 0)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((public_key == NULL) || (signature == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((sealed == NULL) || (sealed_size != get_sealed_size())) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
|
@ -224,9 +236,8 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
|||
// verify public key
|
||||
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
|
||||
continue;
|
||||
goto sign;
|
||||
}
|
||||
goto sign;
|
||||
}
|
||||
return SGX_ERROR_UNEXPECTED;
|
||||
|
||||
|
@ -244,34 +255,25 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
|||
}
|
||||
|
||||
// verify request
|
||||
/*
|
||||
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
||||
sgx_ecc256_close_context(ecc_handle);
|
||||
return status;
|
||||
}*/
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// try unseal keypair
|
||||
sgx_status_t seal_status;
|
||||
if(seal_status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
|
||||
sgx_ecc256_close_context(ecc_handle);
|
||||
return seal_status;
|
||||
if(status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// create signature
|
||||
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
||||
sgx_ecc256_close_context(ecc_handle);
|
||||
return status;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// copy signature to return buffer
|
||||
if(signature == NULL) {
|
||||
sgx_ecc256_close_context(ecc_handle);
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
memcpy(signature, ecc_signature.x, SI_SIZE);
|
||||
|
||||
// close ecc handle and return success
|
||||
exit: ;
|
||||
sgx_ecc256_close_context(ecc_handle);
|
||||
return status;
|
||||
}
|
||||
|
@ -284,6 +286,8 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
|||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((sealed != NULL) && (public_key != NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((sealed_size != get_sealed_size()) && (public_key == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;;
|
||||
}
|
||||
|
||||
// declare needed structures
|
||||
|
@ -294,9 +298,13 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
|||
if(public_key != NULL) {
|
||||
// verification only with authorized public keys
|
||||
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||
|
||||
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
|
||||
goto verify;
|
||||
}
|
||||
}
|
||||
return SGX_ERROR_UNEXPECTED;
|
||||
|
||||
verify: ;
|
||||
// copy public key into struct
|
||||
memcpy(public.gx, public_key, PK_SIZE);
|
||||
} else {
|
||||
|
|
Loading…
Reference in a new issue