RubNoobs/Systemsicherheit
RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[Assignment-7] App Intermediary and Proxy
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 31s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 9s

Browse source 
- Intermediary is fully functional
- Proxy is ready until invocation of enclave
This commit is contained in:
Paul Zinselmeyer 2024-07-04 21:05:55 +02:00
parent eccc86165a
commit 66e6265026
Signed by: pfzetto
GPG key ID: B471A1AF06C895FD
7 changed files with 182 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

74
7-SGX_Hands-on/src/app/proxy.c
View file

@ -4,15 +4,13 @@
#include <stdlib.h>
#include <string.h>
#include "enclave.h"
#include "../enclave/enclave.h"
#include "proxy.h"
#include "util.h"
sgx_enclave_id_t global_eid = 0;
struct ProxyArgs {
char* input_path;
char* output_path;
char* sealed_key_file_path;
char* sgx_token_path;
};
@ -127,26 +125,28 @@ static int initialize_enclave(char* token_path) {
sgx_status_t ret;
int updated = 0;
sgx_token_file = fopen(token_path, "r");
sgx_token_file = fopen(token_path, "rb");
if(sgx_token_file == NULL){
perror("Error opening sgx token file");
exit(1);
}
//TODO create new on error / ignore missing token file
size_t read_num = fread(token, 1, sizeof(sgx_launch_token_t), sgx_token_file);
if (read_num != 0 && read_num != sizeof(sgx_launch_token_t)) {
fprintf(stderr, "sgx token file is corrupted");
return (1);
}
ret = sgx_create_enclave("enclave.so", SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
ret = sgx_create_enclave("enclave.signed.so", SGX_DEBUG_FLAG, &token, &updated, &global_eid, NULL);
if (ret != SGX_SUCCESS) {
print_error_message(ret);
return (1);
}
if (updated) {
sgx_token_file = freopen(token_path, "w", sgx_token_file);
sgx_token_file = freopen(token_path, "wb", sgx_token_file);
if(sgx_token_file == NULL){
perror("Error opening sgx token file");
return (1);
@ -163,32 +163,32 @@ static int initialize_enclave(char* token_path) {
char* proxy_syntax(void) {
return
"proxy implementation of the enclave-powered SignatureProxy\n"
" -i <path> file path to the intermediary output(signature of firmware)\n"
" -o <path> output path of the signature\n"
" expects intermediary signature on stdin\n"
" outputs proxied signature on stdout\n"
" -s <path> file path of the sealed proxy key\n"
" -t <path> file path of the sgx token\n";
}
int handle_proxy(int argc, char** argv) {
struct ProxyArgs args = {
NULL,
NULL,
NULL,
NULL
};
FILE* input_file;
FILE* output_file;
FILE* input_file = stdin;
FILE* output_file = stdout;
FILE* sealed_key_file;
uint8_t *sealed;
uint32_t sealed_size;
char line[141];
uint8_t signature[70];
/*
* Parse Input
*/
int i = 0;
while(i < argc) {
if(strcmp(argv[i], "-i")==0 && argc-i >=2){
args.input_path = argv[i+1];
i += 2;
}else if(strcmp(argv[i], "-o")==0 && argc-i >=2){
args.output_path = argv[i+1];
i += 2;
}else if(strcmp(argv[i], "-s")==0 && argc-i >=2){
if(strcmp(argv[i], "-s")==0 && argc-i >=2){
args.sealed_key_file_path = argv[i+1];
i += 2;
}else if(strcmp(argv[i], "-t")==0 && argc-i >=2){
@ -198,25 +198,28 @@ int handle_proxy(int argc, char** argv) {
syntax_exit();
}
if(args.input_path == NULL || args.output_path == NULL || args.sealed_key_file_path == NULL || args.sgx_token_path == NULL)
if(args.sealed_key_file_path == NULL || args.sgx_token_path == NULL)
syntax_exit();
input_file = fopen(args.input_path, "r");
if(input_file == NULL){
perror("Error opening input file");
if(fgets(line, 141, stdin) == NULL) {
fprintf(stderr, "failed to read signature from stdin");
exit(1);
}
output_file = fopen(args.output_path, "w");
if(output_file == NULL){
perror("Error opening output file");
if(line[140] != '\0') {
fprintf(stderr, "invalid input");
exit(1);
}
//TODO read input -> calculate size of input (ECDSA of SHA3-256 of Firmware File, generated by intermediary)
//TODO read sealed key -> calculate size or dynamic alloc
for (i = 0; i < 70; i++) {
sscanf(line+2*i, "%02x", &signature[i]);
}
sealed_key_file = fopen(args.sealed_key_file_path, "w");
/*
* Initialize SGX Enclave
*/
sealed_key_file = fopen(args.sealed_key_file_path, "rb");
if(sealed_key_file == NULL){
perror("Error opening sealed_key_file file");
exit(1);
@ -225,11 +228,20 @@ int handle_proxy(int argc, char** argv) {
if (initialize_enclave(args.sgx_token_path) != 0)
exit(1);
//TODO call enclave -> refactor interface to do verify and sign in one call to avoid trip through "untrusted" land.
sealed_size = get_sealed_size();
sealed = malloc(sizeof(uint8_t)*sealed_size);
if (sealed == NULL) {
fprintf(stderr, "failed to allocate for sealed key");
exit(1);
}
//TODO load sealed (what to do when missing?)
//TODO call enclave
//TODO store sealed key if changed
//TODO write output
//TODO enclave teardown
printf("proxy %s %s", args.input_path, args.output_path);
exit(0);
}