[Assignment-7] sign_firmware: removed dynamic memory allocations; added sealing of key after creation; uint8_t *sealed is now two way pointer; improved error handling

This commit is contained in:
Sascha Tommasone 2024-07-02 23:18:26 +02:00 committed by saschato
parent 8da66bea12
commit 7a592dc225
3 changed files with 18 additions and 22 deletions

View file

@ -150,17 +150,14 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t
return status; return status;
} }
sgx_status_t sign_firmware(const uint8_t *sealed, size_t sealed_size, uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) { sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size) {
// handle missing sealed buffer // invalid parameter handling
if((sealed == NULL) || (sealed_size == 0)) { if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_UNEXPECTED; return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed == NULL) || (sealed_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER;
} }
// handle missing firmware buffer
if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_UNEXPECTED;
}
// declare need structures // declare need structures
sgx_ecc_state_handle_t ecc_handle; sgx_ecc_state_handle_t ecc_handle;
sgx_ec256_private_t private; sgx_ec256_private_t private;
@ -174,32 +171,31 @@ sgx_status_t sign_firmware(const uint8_t *sealed, size_t sealed_size, uint8_t *d
// try unseal keypair // try unseal keypair
sgx_status_t seal_status; sgx_status_t seal_status;
if(seal_status = unseal_key_pair(sealed, &sealed_size, &private, NULL) != SGX_SUCCESS) { if(seal_status = unseal_key_pair(sealed, &private, NULL) != SGX_SUCCESS) {
if((status = sgx_ecc256_create_key_pair(&private, &public, ecc_handle)) != SGX_SUCCESS) { if((status = sgx_ecc256_create_key_pair(&private, &public, ecc_handle)) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return status; return status;
} }
} }
// create signature // create signature
sgx_ec256_signature_t ecc_signature; sgx_ec256_signature_t ecc_signature;
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) { if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return status; return status;
} }
// TODO: possible wrong endianess for other programms
// copy signature to return buffer // copy signature to return buffer
// TODO: endian swap
if((signature == NULL) || (signature_size == 0)) { if((signature == NULL) || (signature_size == 0)) {
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return SGX_ERROR_UNEXPECTED; return SGX_ERROR_INVALID_PARAMETER;
} }
memcpy(signature, ecc_signature.x, SGX_ECP256_KEY_SIZE); memcpy(signature, ecc_signature.x, SI_SIZE);
memcpy(signature + SGX_ECP256_KEY_SIZE, ecc_signature.y, SGX_ECP256_KEY_SIZE);
// seal the key
if(seal_status != SGX_SUCCESS) { if((seal_status != SGX_SUCCESS) && (sealed != NULL)) {
seal_status = seal_key_pair(&private, &public, sealed, &sealed_size); seal_status = seal_key_pair(&private, &public, &sealed, sealed_size);
// TODO: return sealed keypair
} }
// close ecc handle and return success // close ecc handle and return success

View file

@ -45,7 +45,7 @@ enclave {
public int get_public_key_size(); public int get_public_key_size();
public int get_private_key_size(); public int get_private_key_size();
public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size); public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size);
public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *sealed, size_t sealed_size, [in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size); public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [out, size=signature_size]uint8_t *signature, uint32_t signature_size);
}; };
/* /*

View file

@ -45,6 +45,6 @@ int get_public_key_size();
int get_private_key_size(); int get_private_key_size();
sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size); sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size);
sgx_status_t sign_firmware(const uint8_t *sealed, size_t sealed_size, uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size); sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size);
#endif /* !_ENCLAVE_H_ */ #endif /* !_ENCLAVE_H_ */