From 59e6be83c7e2faebf7f920e08de7c7cd821fff6f Mon Sep 17 00:00:00 2001
From: Sascha Tommasone <sascha@tommasone.me>
Date: Wed, 3 Jul 2024 17:00:36 +0200
Subject: [PATCH] [Assignment-7] update sign_firmware

---
 7-SGX_Hands-on/src/enclave/enclave.c | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/7-SGX_Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c
index 50bb056..9db5931 100644
--- a/7-SGX_Hands-on/src/enclave/enclave.c
+++ b/7-SGX_Hands-on/src/enclave/enclave.c
@@ -194,15 +194,29 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
     return result;
 }
 
-sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size) {
+sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
     // invalid parameter handling
     if((data == NULL) || (data_size == 0)) {
         return SGX_ERROR_INVALID_PARAMETER;
     } else if((sealed == NULL) || (sealed_size == 0)) {
         return SGX_ERROR_INVALID_PARAMETER;
+    } else if((public_key == NULL) || (public_key_size != PK_SIZE)) {
+        return SGX_ERROR_INVALID_PARAMETER;
     }
+
+    // verify public key
+    for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
+        if(memcmp(public_key, authorized[i].gx, PK_SIZE) != 0) {
+            continue;
+        }
+        goto sign;
+    }
+    return SGX_ERROR_UNEXPECTED;
     
+    sign: ;
+
     // declare need structures
+    sgx_ec256_signature_t ecc_signature;
     sgx_ecc_state_handle_t ecc_handle;
     sgx_ec256_private_t private;
     sgx_ec256_public_t public;
@@ -213,6 +227,13 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
         return status;
     }
 
+    // verify request
+    /*
+    if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
+        sgx_ecc256_close_context(ecc_handle);
+        return status;
+    }*/
+
     // try unseal keypair
     sgx_status_t seal_status;
     if(seal_status = unseal_key_pair(sealed, &private, NULL) != SGX_SUCCESS) {
@@ -223,7 +244,6 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
     }
 
     // create signature
-    sgx_ec256_signature_t ecc_signature;
     if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
         sgx_ecc256_close_context(ecc_handle);
         return status;