[Assignment-7] app restructure and cleanup
Some checks failed
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Has been cancelled
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 30s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 8s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 35s
Some checks failed
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Has been cancelled
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 30s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 8s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 35s
This commit is contained in:
parent
5a12559f5d
commit
a9d894a97d
GPG key ID:
B471A1AF06C895FD
10 changed files with 304 additions and 345 deletions
|
|
@ -5,18 +5,13 @@
|
|||
#include <string.h>
|
||||
|
||||
#include <openssl/core_names.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/param_build.h>
|
||||
#include <openssl/pem.h>
|
||||
|
||||
#include <sgx_tcrypto.h>
|
||||
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
|
||||
#include <fcntl.h>
|
||||
|
||||
#include "enclave_u.h"
|
||||
#include "proxy.h"
|
||||
|
|
@ -36,10 +31,10 @@ char* proxy_syntax(void) {
|
|||
" expects intermediary signature on stdin\n"
|
||||
" outputs proxied signature on stdout\n"
|
||||
" WARNING: output is binary format, may mess up terminal\n"
|
||||
" -s <path> file path of the sealed proxy key\n"
|
||||
" -t <path> file path of the sgx token\n"
|
||||
" -pkey <path> file path of the sealed proxy key\n"
|
||||
" -epub <path> path of the PEM encoded employee public key\n"
|
||||
" -firm <path> path of the firmware\n";
|
||||
" -firm <path> path of the firmware\n"
|
||||
" -token <path> (optional) file path of the sgx token\n";
|
||||
}
|
||||
|
||||
static EVP_PKEY *sgx_public_to_EVP_PKEY(const sgx_ec256_public_t *p_public)
|
||||
|
|
@ -208,18 +203,18 @@ cleanup:
|
|||
}
|
||||
|
||||
static int ECDSA_SIG_to_sgx_signature(ECDSA_SIG* ecdsa_sig, sgx_ec256_signature_t* sgx_signature) {
|
||||
BIGNUM* r = NULL;
|
||||
BIGNUM* s = NULL;
|
||||
const BIGNUM* r = NULL;
|
||||
const BIGNUM* s = NULL;
|
||||
int ret;
|
||||
|
||||
r = ECDSA_SIG_get0_r(ecdsa_sig);
|
||||
s = ECDSA_SIG_get0_s(ecdsa_sig);
|
||||
|
||||
ret = BN_bn2lebinpad(r, sgx_signature->x, SGX_ECP256_KEY_SIZE);
|
||||
ret = BN_bn2lebinpad(r, (unsigned char*)sgx_signature->x, SGX_ECP256_KEY_SIZE);
|
||||
if (ret == -1)
|
||||
return (1);
|
||||
|
||||
ret = BN_bn2lebinpad(s, sgx_signature->y, SGX_ECP256_KEY_SIZE);
|
||||
ret = BN_bn2lebinpad(s, (unsigned char*)sgx_signature->y, SGX_ECP256_KEY_SIZE);
|
||||
if (ret == -1)
|
||||
return (2);
|
||||
|
||||
|
|
@ -286,10 +281,10 @@ int handle_proxy(int argc, char** argv) {
|
|||
NULL,
|
||||
NULL
|
||||
};
|
||||
FILE* sealed_file;
|
||||
FILE* firmware_file;
|
||||
uint8_t *sealed;
|
||||
int sealed_size;
|
||||
uint8_t* sealed;
|
||||
size_t sealed_len;
|
||||
uint8_t* firmware;
|
||||
size_t firmware_len;
|
||||
unsigned char* ecdsa_signature_data;
|
||||
size_t ecdsa_signature_size = 0;
|
||||
uint8_t signature[70];
|
||||
|
|
@ -303,10 +298,10 @@ int handle_proxy(int argc, char** argv) {
|
|||
|
||||
int i = 0;
|
||||
while(i < argc) {
|
||||
if(strcmp(argv[i], "-s")==0 && argc-i >=2){
|
||||
if(strcmp(argv[i], "-pkey")==0 && argc-i >=2){
|
||||
args.sealed_key_file_path = argv[i+1];
|
||||
i += 2;
|
||||
}else if(strcmp(argv[i], "-t")==0 && argc-i >=2){
|
||||
}else if(strcmp(argv[i], "-token")==0 && argc-i >=2){
|
||||
args.sgx_token_path = argv[i+1];
|
||||
i += 2;
|
||||
}else if(strcmp(argv[i], "-epub")==0 && argc-i >=2){
|
||||
|
|
@ -322,7 +317,6 @@ int handle_proxy(int argc, char** argv) {
|
|||
if(args.sealed_key_file_path == NULL || args.employee_public_key_path == NULL || args.firmware_path == NULL)
|
||||
syntax_exit();
|
||||
|
||||
|
||||
/*
|
||||
* Read Signature Input
|
||||
*/
|
||||
|
|
@ -330,27 +324,27 @@ int handle_proxy(int argc, char** argv) {
|
|||
ecdsa_signature_data = malloc(1024);
|
||||
if (ecdsa_signature_data == NULL) {
|
||||
perror("failed to allocate signature");
|
||||
exit(1);
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
ecdsa_signature_size = fread(ecdsa_signature_data, 1, 1024, stdin);
|
||||
|
||||
if (ferror(stdin) != 0) {
|
||||
fprintf(stderr, "failed to read signature from stdin\n");
|
||||
exit(1);
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
ecdsa_signature = ECDSA_SIG_new();
|
||||
ecdsa_signature = d2i_ECDSA_SIG(&ecdsa_signature, &ecdsa_signature_data, ecdsa_signature_size);
|
||||
ecdsa_signature = d2i_ECDSA_SIG(&ecdsa_signature, (const unsigned char**)&ecdsa_signature_data, ecdsa_signature_size);
|
||||
ecdsa_signature_data = NULL;
|
||||
if (ecdsa_signature == NULL) {
|
||||
fprintf(stderr, "failed to read signature");
|
||||
exit(1);
|
||||
fprintf(stderr, "failed to read signature\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (ECDSA_SIG_to_sgx_signature(ecdsa_signature, &sgx_signature) != 0) {
|
||||
fprintf(stderr, "failed to transform signature\n");
|
||||
exit(1);
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
ECDSA_SIG_free(ecdsa_signature);
|
||||
ecdsa_signature = NULL;
|
||||
|
|
@ -372,90 +366,42 @@ int handle_proxy(int argc, char** argv) {
|
|||
}
|
||||
key = PEM_read_PUBKEY(key_file, &key, NULL, NULL);
|
||||
if(key == NULL) {
|
||||
fprintf(stderr, "failed to read employee public key");
|
||||
exit(1);
|
||||
fprintf(stderr, "failed to read employee public key\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
fclose(key_file);
|
||||
|
||||
sgx_ec256_public_t sgx_public;
|
||||
if (EVP_PKEY_to_sgx_public(key, &sgx_public) != 0) {
|
||||
fprintf(stderr, "failed transform employee public key");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
/*
|
||||
* Read Sealed Proxy Keypair
|
||||
*/
|
||||
|
||||
sealed_file = fopen(args.sealed_key_file_path, "rb");
|
||||
if(sealed_file == NULL){
|
||||
perror("Error opening sealed_key_file file");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
ret = get_sealed_size(get_global_eid(), &sealed_size);
|
||||
if (ret != SGX_SUCCESS) {
|
||||
print_error_message(ret);
|
||||
exit (1);
|
||||
}
|
||||
sealed = malloc(sizeof(uint8_t)*sealed_size);
|
||||
if (sealed == NULL) {
|
||||
fprintf(stderr, "failed to allocate for sealed key");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
size_t sealed_read = fread(sealed, sealed_size, 1, sealed_file);
|
||||
if (sealed_read != 1) {
|
||||
fprintf(stderr, "failed to read sealed private key");
|
||||
fprintf(stderr, "failed transform employee public key\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
fclose(sealed_file);
|
||||
|
||||
/*
|
||||
* Read Firmware
|
||||
*/
|
||||
int firmware_file_des = open(args.firmware_path, O_RDWR);
|
||||
if(firmware_file_des == 0){
|
||||
perror("Error opening firmware file");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
struct stat stat;
|
||||
if (fstat(firmware_file_des, &stat) != 0) {
|
||||
perror("failed to get firmware size");
|
||||
//Read Sealed Proxy Keypair
|
||||
if (load_file(args.sealed_key_file_path, &sealed, &sealed_len)!=0){
|
||||
fprintf(stderr, "failed to read sealed key\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
firmware_file = fopen(args.firmware_path, "rb");
|
||||
if(firmware_file == NULL){
|
||||
perror("Error opening firmware file");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
||||
size_t firmware_size = stat.st_size;
|
||||
uint8_t* firmware_buf = malloc(firmware_size);
|
||||
if (firmware_buf == NULL) {
|
||||
perror("failed to allocate firmware buffer");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
|
||||
if (fread(firmware_buf, firmware_size, 1, firmware_file) != 1 || ferror(firmware_file) != 0) {
|
||||
// Read Firmware
|
||||
if (load_file(args.firmware_path, &firmware, &firmware_len)!=0){
|
||||
fprintf(stderr, "failed to read firmware\n");
|
||||
exit (EXIT_FAILURE);
|
||||
}
|
||||
fclose(firmware_file);
|
||||
|
||||
/*
|
||||
* Use Enclave To Resign the Firmware
|
||||
*/
|
||||
|
||||
sign_firmware(get_global_eid(), &ret, firmware_buf, firmware_size, sealed, sealed_size, (uint8_t*)&sgx_public, (uint8_t*)&sgx_signature);
|
||||
sign_firmware(get_global_eid(), &ret, firmware, firmware_len, sealed, sealed_len, (uint8_t*)&sgx_public, (uint8_t*)&sgx_signature);
|
||||
if (ret != SGX_SUCCESS) {
|
||||
print_error_message(ret);
|
||||
sgx_print_error_message(ret);
|
||||
exit (1);
|
||||
}
|
||||
|
||||
free(sealed);
|
||||
free(firmware);
|
||||
|
||||
/*
|
||||
* Output Signature
|
||||
*/
|
||||
|
|
@ -483,9 +429,5 @@ int handle_proxy(int argc, char** argv) {
|
|||
free(ecdsa_signature_data);
|
||||
ECDSA_SIG_free(ecdsa_signature);
|
||||
|
||||
free(sealed);
|
||||
exit(0);
|
||||
exit (EXIT_SUCCESS);
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue