[Assignment-7] update simulate.sh
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 32s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 32s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
This commit is contained in:
parent
a43cc4ebce
commit
5e174f25f3
GPG key ID:
B471A1AF06C895FD
1 changed files with 14 additions and 9 deletions
|
|
@ -5,24 +5,29 @@ TMP=/tmp/signatureproxy
|
||||||
KEYDIR=../employee_keys
|
KEYDIR=../employee_keys
|
||||||
mkdir -p $TMP
|
mkdir -p $TMP
|
||||||
|
|
||||||
echo "setting up enclave"
|
echo "Step 1: Setting up the signature proxy..."
|
||||||
./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
|
./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
|
||||||
|
echo "The signature proxy is initialized."
|
||||||
|
|
||||||
echo "generating dummy firmware"
|
echo "Step 2: Generating dummy firmware..."
|
||||||
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null
|
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null
|
||||||
|
echo "Dummy firmware is generated."
|
||||||
|
|
||||||
echo "signing firmware as Alice"
|
echo "Step 3: Alice signs the firmware..."
|
||||||
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
|
||||||
|
echo "Alice, a trusted employee, signs the firmware."
|
||||||
|
|
||||||
echo "resigning firmware using enclave"
|
echo "Step 4: Resigning Alice's signed firmware using the signature proxy..."
|
||||||
cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
|
cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
|
||||||
|
echo "The signature proxy verifies and resigns Alice's firmware."
|
||||||
|
|
||||||
echo "verifying firmware"
|
echo "Step 5: Verifying the signed firmware..."
|
||||||
cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
|
cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
|
||||||
|
echo "The firmware's signature is verified."
|
||||||
|
|
||||||
|
echo "Step 6: Oskar attempts to sign a modified firmware..."
|
||||||
echo "signing firmware as Oskar"
|
|
||||||
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
|
||||||
|
echo "Oskar, an attacker, tries to sign a modified firmware."
|
||||||
|
|
||||||
echo "resigning firmware using enclave"
|
echo "Step 7: Oskar's signing attempt is rejected by the signature proxy..."
|
||||||
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin || echo "Oskars signing request successfully rejected"
|
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt was successful." || echo "Oskar's signing request is successfully rejected."
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue