[Assignment-7] prototype verify_firmware
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 33s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s

This commit is contained in:
Sascha Tommasone 2024-07-02 23:20:04 +02:00
parent 4aefc416e3
commit ad8bb7a762
Signed by: saschato
GPG key ID: 751068A86FCAA217
3 changed files with 64 additions and 0 deletions

View file

@ -202,3 +202,65 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
sgx_ecc256_close_context(ecc_handle); sgx_ecc256_close_context(ecc_handle);
return seal_status; return seal_status;
} }
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size) {
// invalid parameter handling
if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if(((sealed == NULL) || (sealed_size == 0)) && ((public_key == NULL) || (public_key_size == 0))) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed != NULL) && (public_key != NULL)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((signature == NULL) || (signature_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER;
}
// declare need structures
sgx_ec256_signature_t ecc_signature;
sgx_ecc_state_handle_t ecc_handle;
sgx_ec256_public_t public;
// invalid signature
if(signature_size > SI_SIZE) {
return SGX_ERROR_INVALID_PARAMETER;
}
// open ecc handle
sgx_status_t status;
if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS) {
return status;
}
// copy signature into struct
memcpy(ecc_signature.x, signature, SI_SIZE);
// verify signature from staff or enclave
if(public_key != NULL) {
// invalid public key
if(public_key_size != PK_SIZE) {
return SGX_ERROR_INVALID_PARAMETER;
}
// copy public key into struct
memcpy(public.gx, public_key, PK_SIZE);
} else {
// unseal public key
if(unseal_key_pair(sealed, NULL, &public) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle);
return SGX_ERROR_UNEXPECTED;
}
}
// verify signature
uint8_t result;
sgx_status_t verification_status = sgx_ecdsa_verify((const uint8_t *)data, data_size, (const sgx_ec256_public_t *)&public, (const sgx_ec256_signature_t *)&ecc_signature, &result, ecc_handle);
// handle failed verification process
if(verification_status != SGX_SUCCESS) {
result = verification_status;
}
// close handle and return result
sgx_ecc256_close_context(ecc_handle);
return result;
}

View file

@ -46,6 +46,7 @@ enclave {
public int get_private_key_size(); public int get_private_key_size();
public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size); public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size);
public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [out, size=signature_size]uint8_t *signature, uint32_t signature_size); public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [out, size=signature_size]uint8_t *signature, uint32_t signature_size);
public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size);
}; };
/* /*

View file

@ -46,5 +46,6 @@ int get_private_key_size();
sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size); sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size);
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size); sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *signature, uint32_t signature_size);
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size);
#endif /* !_ENCLAVE_H_ */ #endif /* !_ENCLAVE_H_ */