[Assignment-7] final

2024-07-07 22:33:11 +02:00 · 2024-07-07 22:33:11 +02:00 · 88f7609783
commit 88f7609783
parent 2d35d4f308
7 changed files with 212 additions and 60 deletions
--- a/7-SGX_Hands-on/src/app/embedded_device.c
+++ b/7-SGX_Hands-on/src/app/embedded_device.c
@ -28,6 +28,9 @@ char *embedded_device_syntax(void) {
        "    -firm  <path>   path of to firmware binary\n";
 }

+/*
+ * read secp256r1 public key and return it as EVP_PKEY*
+ */
 static EVP_PKEY *read_public_key(char *public_key_file_path, EVP_PKEY **key) {
    if(public_key_file_path == NULL) {
        fprintf(stderr, "public_key_file_path is a null pointer!\n");
@ -46,6 +49,9 @@ static EVP_PKEY *read_public_key(char *public_key_file_path, EVP_PKEY **key) {
    return *key;
 }

+/*
+ * hash the firmware
+ */
 static void hash_firmware(uint8_t *firmware_path, EVP_MD_CTX **ctx) {
    if(firmware_path == NULL) {
        fprintf(stderr, "firmware_path is a null pointer!\n");
@ -68,11 +74,13 @@ static void hash_firmware(uint8_t *firmware_path, EVP_MD_CTX **ctx) {
 }

 int handle_embedded_device(int argc, char **argv) {
+    uint8_t status = EXIT_SUCCESS;
    embedded_device_args args = {
        .firmware_path = NULL,
        .public_key_path = NULL
    };

+    // parse parameters
    for(int i = 0; i < argc; i += 2) {
        if((strcmp(argv[i], "-ppub") == 0) && (argc - i >= 2)) {
            args.public_key_path = argv[i+1];
@ -83,42 +91,53 @@ int handle_embedded_device(int argc, char **argv) {
        }
    }

+    // handle invalid parameters
    if((args.firmware_path == NULL) || (args.public_key_path == NULL)) {
        fprintf(stderr, "failed to parse arguments");
        exit(EXIT_FAILURE);
    }

+    // read the public key of the enclave
+    // normally, key would be hardcoded during production
    EVP_PKEY *key = NULL;
    if(read_public_key(args.public_key_path, &key) == NULL) {
        fprintf(stderr, "failed to import public key");
+        status = EXIT_FAILURE;
        goto clean;
    }

+    // initialize the context
    EVP_MD_CTX *ctx = EVP_MD_CTX_new();
    if (EVP_DigestVerifyInit(ctx, NULL, EVP_sha256(), NULL, key) != 1) {
        fprintf(stderr, "failed to initialize context\n");
+        status = EXIT_FAILURE;
        goto clean;
    }

+    // read the firmwares signature
    uint8_t signature[BUFSIZE] = {0};
    size_t signature_size = read(0, signature, BUFSIZE);
    if(signature_size < 70) {
        fprintf(stderr, "failed to read firmware signature\n");
+        status = EXIT_FAILURE;
        goto clean;
    }

+    // hash the firmware and verify the signature
    hash_firmware(args.firmware_path, &ctx);
    if (EVP_DigestVerifyFinal(ctx, signature, signature_size) != 1) {
-        fprintf(stderr, "failed to verify firmware signature\n");
+        fprintf(stderr, "failed to verify firmware signature or signature invalid\n");
+        status = EXIT_FAILURE;
    }else {
-        printf("successfully verified firmware signature\n");
+        printf("Firmware is valid! Update starts in 5 4 3...\n");
    }

+    // cleanup
    clean: ;
    if(key != NULL)
        EVP_PKEY_free(key);
    if(ctx != NULL)
        EVP_MD_CTX_free(ctx);

-    return 0;
+    return status;
 }
--- a/7-SGX_Hands-on/src/app/embedded_device.h
+++ b/7-SGX_Hands-on/src/app/embedded_device.h
@ -3,8 +3,21 @@

 #include <stdint.h>

+/*
+ * @brief getter for embedded subcommand syntax string
+ *
+ * @returns null-terminated syntax string
+ */
 char *embedded_device_syntax(void);

+/*
+ * @brief CLI implementation for the "embedded" subcommand
+ *
+ * @param argc number of arguments with command and subcommand stripped
+ * @param argv arguments with command and subcommand stripped
+ *
+ * @returns 0 on success, else error with output on stderr
+ */
 int handle_embedded_device(int argc, char **argv);

 #endif