[Assignment-7] add first staff public key; enabled request verification
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m3s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m5s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 1m0s
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 31s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 8s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s

This commit is contained in:
Sascha Tommasone 2024-07-06 14:48:43 +02:00
parent f0ef090853
commit bcd1c7aa80
Signed by: saschato
GPG key ID: 751068A86FCAA217

View file

@ -65,8 +65,18 @@ const sgx_ec256_public_t authorized[2] = {
0
},
{
0,
0
.gx = {
0x76, 0xe5, 0x50, 0x5e, 0x61, 0xf5, 0x2b, 0xea,
0x1c, 0x49, 0x29, 0xef, 0xd2, 0x5f, 0x4f, 0x29,
0xd0, 0xb6, 0xfb, 0x1c, 0x4f, 0x42, 0xb5, 0x72,
0x00, 0x10, 0x18, 0x1a, 0x4f, 0xa3, 0x96, 0x8d
},
.gy = {
0xa1, 0xba, 0x0a, 0x47, 0xf1, 0xa5, 0xa4, 0x9d,
0xf4, 0x7d, 0x71, 0x34, 0xce, 0x2f, 0x2e, 0x93,
0xec, 0x04, 0xb1, 0xdd, 0xad, 0xb6, 0x4b, 0xa0,
0xdf, 0xb5, 0xc4, 0xf3, 0xf9, 0xa6, 0x58, 0xb2
}
}
};
@ -215,7 +225,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
// invalid parameter handling
if((data == NULL) || (data_size == 0) || (public_key == NULL) || (signature == NULL)) {
if((data == NULL) || (data_size == 0)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((public_key == NULL) || (signature == NULL)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed == NULL) || (sealed_size != get_sealed_size())) {
return SGX_ERROR_INVALID_PARAMETER;
@ -224,9 +236,8 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
// verify public key
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
continue;
goto sign;
}
goto sign;
}
return SGX_ERROR_UNEXPECTED;
@ -244,34 +255,25 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
}
// verify request
/*
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
sgx_ecc256_close_context(ecc_handle);
return status;
}*/
goto exit;
}
// try unseal keypair
sgx_status_t seal_status;
if(seal_status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle);
return seal_status;
if(status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
goto exit;
}
// create signature
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle);
return status;
goto exit;
}
// copy signature to return buffer
if(signature == NULL) {
sgx_ecc256_close_context(ecc_handle);
return SGX_ERROR_INVALID_PARAMETER;
}
memcpy(signature, ecc_signature.x, SI_SIZE);
// close ecc handle and return success
exit: ;
sgx_ecc256_close_context(ecc_handle);
return status;
}
@ -284,6 +286,8 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed != NULL) && (public_key != NULL)) {
return SGX_ERROR_INVALID_PARAMETER;
} else if((sealed_size != get_sealed_size()) && (public_key == NULL)) {
return SGX_ERROR_INVALID_PARAMETER;;
}
// declare needed structures
@ -294,9 +298,13 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
if(public_key != NULL) {
// verification only with authorized public keys
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
goto verify;
}
}
return SGX_ERROR_UNEXPECTED;
}
verify: ;
// copy public key into struct
memcpy(public.gx, public_key, PK_SIZE);
} else {