[Assignment-7] update sign_firmware
This commit is contained in:
parent
cb9917f7b4
commit
a08e4614c6
1 changed files with 22 additions and 2 deletions
|
@ -194,15 +194,29 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size) {
|
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
|
||||||
// invalid parameter handling
|
// invalid parameter handling
|
||||||
if((data == NULL) || (data_size == 0)) {
|
if((data == NULL) || (data_size == 0)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
} else if((sealed == NULL) || (sealed_size == 0)) {
|
} else if((sealed == NULL) || (sealed_size == 0)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
} else if((public_key == NULL) || (public_key_size != PK_SIZE)) {
|
||||||
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verify public key
|
||||||
|
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||||
|
if(memcmp(public_key, authorized[i].gx, PK_SIZE) != 0) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
goto sign;
|
||||||
|
}
|
||||||
|
return SGX_ERROR_UNEXPECTED;
|
||||||
|
|
||||||
|
sign: ;
|
||||||
|
|
||||||
// declare need structures
|
// declare need structures
|
||||||
|
sgx_ec256_signature_t ecc_signature;
|
||||||
sgx_ecc_state_handle_t ecc_handle;
|
sgx_ecc_state_handle_t ecc_handle;
|
||||||
sgx_ec256_private_t private;
|
sgx_ec256_private_t private;
|
||||||
sgx_ec256_public_t public;
|
sgx_ec256_public_t public;
|
||||||
|
@ -213,6 +227,13 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verify request
|
||||||
|
/*
|
||||||
|
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
||||||
|
sgx_ecc256_close_context(ecc_handle);
|
||||||
|
return status;
|
||||||
|
}*/
|
||||||
|
|
||||||
// try unseal keypair
|
// try unseal keypair
|
||||||
sgx_status_t seal_status;
|
sgx_status_t seal_status;
|
||||||
if(seal_status = unseal_key_pair(sealed, &private, NULL) != SGX_SUCCESS) {
|
if(seal_status = unseal_key_pair(sealed, &private, NULL) != SGX_SUCCESS) {
|
||||||
|
@ -223,7 +244,6 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
|
||||||
}
|
}
|
||||||
|
|
||||||
// create signature
|
// create signature
|
||||||
sgx_ec256_signature_t ecc_signature;
|
|
||||||
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
sgx_ecc256_close_context(ecc_handle);
|
||||||
return status;
|
return status;
|
||||||
|
|
Loading…
Reference in a new issue