[Assignment-7] final
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m6s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m6s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
This commit is contained in:
Sascha Tommasone
parent
2d35d4f308
commit
88f7609783
GPG key ID:
751068A86FCAA217
7 changed files with 212 additions and 60 deletions
|
|
@ -58,11 +58,23 @@
|
|||
#define SI_SIZE 2*SK_SIZE
|
||||
#endif
|
||||
|
||||
|
||||
/*
|
||||
* Bobs and Alices public keys
|
||||
*/
|
||||
const sgx_ec256_public_t authorized[2] = {
|
||||
{
|
||||
0,
|
||||
0
|
||||
.gx = {
|
||||
0x9c, 0x72, 0x2b, 0x52, 0x0e, 0xff, 0x07, 0xdc,
|
||||
0x7a, 0x32, 0x19, 0xbb, 0xd8, 0x41, 0x94, 0x2c,
|
||||
0xee, 0x17, 0xb2, 0xf6, 0x2e, 0x08, 0x61, 0xab,
|
||||
0xbc, 0x50, 0xaf, 0xb6, 0x2e, 0xf9, 0x2c, 0xee
|
||||
},
|
||||
.gy = {
|
||||
0x8c, 0x84, 0x2f, 0xb5, 0x94, 0xca, 0x60, 0x94,
|
||||
0xb0, 0xdc, 0x8a, 0xcf, 0x17, 0x91, 0xd3, 0xab,
|
||||
0x29, 0x0e, 0x81, 0x8c, 0xf6, 0x95, 0xc6, 0x92,
|
||||
0x87, 0x0e, 0x1d, 0x76, 0x56, 0xba, 0x51, 0xbb
|
||||
}
|
||||
},
|
||||
{
|
||||
.gx = {
|
||||
|
|
@ -101,6 +113,9 @@ int get_private_key_size() {
|
|||
return SK_SIZE;
|
||||
}
|
||||
|
||||
/*
|
||||
* seals a key pair
|
||||
*/
|
||||
static sgx_status_t seal_key_pair(const sgx_ec256_private_t *private, const sgx_ec256_public_t *public, uint8_t **sealed) {
|
||||
// allocate temporary buffers on stack
|
||||
uint8_t pk[PK_SIZE] = {0};
|
||||
|
|
@ -114,6 +129,9 @@ static sgx_status_t seal_key_pair(const sgx_ec256_private_t *private, const sgx_
|
|||
return sgx_seal_data(PK_SIZE, (const uint8_t *)pk, SK_SIZE, (const uint8_t *)sk, get_sealed_size(), (sgx_sealed_data_t *) *sealed);
|
||||
}
|
||||
|
||||
/*
|
||||
* unseals a key pair
|
||||
*/
|
||||
static sgx_status_t unseal_key_pair(const uint8_t *sealed, sgx_ec256_private_t *private, sgx_ec256_public_t *public) {
|
||||
// invalid parameter handling
|
||||
if(sealed == NULL) {
|
||||
|
|
@ -166,12 +184,12 @@ sgx_status_t generate_key_pair(uint8_t *sealed, uint32_t sealed_size) {
|
|||
return status;
|
||||
}
|
||||
|
||||
// create ecc keypair
|
||||
// create ecc key pair
|
||||
if((status = sgx_ecc256_create_key_pair(&private, &public, ecc_handle)) != SGX_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// seal keypair
|
||||
// seal key pair
|
||||
status = seal_key_pair(&private, &public, &sealed);
|
||||
|
||||
exit: ;
|
||||
|
|
@ -197,9 +215,12 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t
|
|||
return status;
|
||||
}
|
||||
|
||||
static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, const sgx_ec256_public_t *public, const sgx_ec256_signature_t* ecc_signature) {
|
||||
/*
|
||||
* verifies an ecdsa signature
|
||||
*/
|
||||
static sgx_status_t verify_signature(const uint8_t *firmware, uint32_t firmware_size, const sgx_ec256_public_t *public, const sgx_ec256_signature_t* ecc_signature) {
|
||||
// invalid parameter handling
|
||||
if((data == NULL) || (data_size == 0) || (public == NULL) || (ecc_signature == NULL)) {
|
||||
if((firmware == NULL) || (firmware_size == 0) || (public == NULL) || (ecc_signature == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
}
|
||||
|
||||
|
|
@ -214,7 +235,7 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
|
|||
|
||||
// verify signature
|
||||
uint8_t result;
|
||||
sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle);
|
||||
sgx_status_t verification_status = sgx_ecdsa_verify(firmware, firmware_size, public, ecc_signature, &result, ecc_handle);
|
||||
|
||||
// handle failed verification process
|
||||
if(verification_status != SGX_SUCCESS) {
|
||||
|
|
@ -226,9 +247,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
|
|||
return result;
|
||||
}
|
||||
|
||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
|
||||
sgx_status_t sign_firmware(const uint8_t *firmware, uint32_t firmware_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
|
||||
// invalid parameter handling
|
||||
if((data == NULL) || (data_size == 0)) {
|
||||
if((firmware == NULL) || (firmware_size == 0)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((public_key == NULL) || (signature == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
|
|
@ -258,7 +279,7 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
|||
}
|
||||
|
||||
// verify request
|
||||
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
||||
if((status = verify_signature(firmware, firmware_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -268,7 +289,7 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
|||
}
|
||||
|
||||
// create signature
|
||||
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
||||
if((status = sgx_ecdsa_sign(firmware, firmware_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
|
@ -281,9 +302,9 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
|||
return status;
|
||||
}
|
||||
|
||||
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, const uint8_t *signature) {
|
||||
sgx_status_t verify_firmware(const uint8_t *firmware, uint32_t firmware_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, const uint8_t *signature) {
|
||||
// invalid parameter handling
|
||||
if((data == NULL) || (data_size == 0) || (signature == NULL)) {
|
||||
if((firmware == NULL) || (firmware_size == 0) || (signature == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
} else if((sealed == NULL) && (public_key == NULL)) {
|
||||
return SGX_ERROR_INVALID_PARAMETER;
|
||||
|
|
@ -318,5 +339,5 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
|||
}
|
||||
|
||||
// verify signature and return result
|
||||
return verify_signature(data, data_size, &public, (const sgx_ec256_signature_t *)signature);
|
||||
return verify_signature(firmware, firmware_size, &public, (const sgx_ec256_signature_t *)signature);
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue