diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c b/Assignment 7 - SGX Hands-on/src/enclave/enclave.c index 23630a4..fba4b4d 100644 --- a/Assignment 7 - SGX Hands-on/src/enclave/enclave.c +++ b/Assignment 7 - SGX Hands-on/src/enclave/enclave.c @@ -3,11 +3,44 @@ #include #include -const unsigned char *secretkey_file = "/var/signrelay/sk"; -const unsigned char *publickey_file = "/var/signrelay/pk"; +sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy) { + // return if no sealed data provided + if(sealed == NULL) + return SGX_ERROR_UNEXPECTED; + + // calculate public_key size and return error for unexpected results + uint32_t pk_size = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)sealed); + uint32_t sk_size = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)sealed); + if ((pk_size != 2*SGX_ECP256_KEY_SIZE) || (sk_size != SGX_ECP256_KEY_SIZE)) + return SGX_ERROR_UNEXPECTED; -sgx_status_t public_key(uint8_t *gx, uint8_t *gy) { - // TODO + // allocate memory for public and secret key + uint8_t *pk =(uint8_t *)malloc(pk_size); + uint8_t *sk =(uint8_t *)malloc(pk_size); + if((pk == NULL) || (sk == NULL)) { + free(pk); + free(sk); + return SGX_ERROR_OUT_OF_MEMORY; + } + + // unseal ecc key pair + sgx_status_t status = sgx_unseal_data((const sgx_sealed_data_t *)sealed, pk, &pk_size, sk, &sk_size); + if (status != SGX_SUCCESS) { + free(pk); + free(sk); + return status; + } + + // copy public key into return buffers + if((gx != NULL) && (gy != NULL)) { + memcpy(gx, pk, SGX_ECP256_KEY_SIZE); + memcpy(gy, pk + SGX_ECP256_KEY_SIZE, SGX_ECP256_KEY_SIZE); + } + + // free allocated memory and return success + free(pk); + free(sk); + return SGX_SUCCESS; } sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) { diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.edl b/Assignment 7 - SGX Hands-on/src/enclave/enclave.edl index 0603b71..b838f35 100644 --- a/Assignment 7 - SGX Hands-on/src/enclave/enclave.edl +++ b/Assignment 7 - SGX Hands-on/src/enclave/enclave.edl @@ -40,7 +40,7 @@ enclave { */ trusted { - public sgx_status_t public_key([out]uint8_t *gx, [out]uint8_t *gy); + public sgx_status_t public_key([in, size=sealed_size]const uint8_t *sealed, size_t sealed_size, [out]uint8_t *gx, [out]uint8_t *gy); public sgx_status_t sign_firmware([in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size); }; @@ -50,6 +50,6 @@ enclave { * [string]: specifies 'str' is a NULL terminated buffer. */ untrusted { - + int read_file([in, string] path_to_file, [out, size=bsize] uint8_t *buffer, size_t bsize); }; }; \ No newline at end of file diff --git a/Assignment 7 - SGX Hands-on/src/enclave/enclave.h b/Assignment 7 - SGX Hands-on/src/enclave/enclave.h index fa41d3f..cc59694 100644 --- a/Assignment 7 - SGX Hands-on/src/enclave/enclave.h +++ b/Assignment 7 - SGX Hands-on/src/enclave/enclave.h @@ -37,7 +37,7 @@ #include #include -sgx_status_t public_key(uint8_t *gx, uint8_t *gy); +sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy); sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size); #endif /* !_ENCLAVE_H_ */ \ No newline at end of file