[Assignment-7] add prototype 'sgx_status_t public_key'
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m4s
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m2s
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s

This commit is contained in:
Sascha Tommasone 2024-07-01 13:07:32 +02:00
parent 7044b96803
commit c33a97d003
Signed by: saschato
GPG key ID: 751068A86FCAA217
3 changed files with 40 additions and 7 deletions

View file

@ -3,11 +3,44 @@
#include <sgx_error.h> #include <sgx_error.h>
#include <sgx_tcrypto.h> #include <sgx_tcrypto.h>
const unsigned char *secretkey_file = "/var/signrelay/sk"; sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy) {
const unsigned char *publickey_file = "/var/signrelay/pk"; // return if no sealed data provided
if(sealed == NULL)
return SGX_ERROR_UNEXPECTED;
sgx_status_t public_key(uint8_t *gx, uint8_t *gy) { // calculate public_key size and return error for unexpected results
// TODO uint32_t pk_size = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)sealed);
uint32_t sk_size = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)sealed);
if ((pk_size != 2*SGX_ECP256_KEY_SIZE) || (sk_size != SGX_ECP256_KEY_SIZE))
return SGX_ERROR_UNEXPECTED;
// allocate memory for public and secret key
uint8_t *pk =(uint8_t *)malloc(pk_size);
uint8_t *sk =(uint8_t *)malloc(pk_size);
if((pk == NULL) || (sk == NULL)) {
free(pk);
free(sk);
return SGX_ERROR_OUT_OF_MEMORY;
}
// unseal ecc key pair
sgx_status_t status = sgx_unseal_data((const sgx_sealed_data_t *)sealed, pk, &pk_size, sk, &sk_size);
if (status != SGX_SUCCESS) {
free(pk);
free(sk);
return status;
}
// copy public key into return buffers
if((gx != NULL) && (gy != NULL)) {
memcpy(gx, pk, SGX_ECP256_KEY_SIZE);
memcpy(gy, pk + SGX_ECP256_KEY_SIZE, SGX_ECP256_KEY_SIZE);
}
// free allocated memory and return success
free(pk);
free(sk);
return SGX_SUCCESS;
} }
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) { sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) {

View file

@ -40,7 +40,7 @@ enclave {
*/ */
trusted { trusted {
public sgx_status_t public_key([out]uint8_t *gx, [out]uint8_t *gy); public sgx_status_t public_key([in, size=sealed_size]const uint8_t *sealed, size_t sealed_size, [out]uint8_t *gx, [out]uint8_t *gy);
public sgx_status_t sign_firmware([in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size); public sgx_status_t sign_firmware([in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size);
}; };
@ -50,6 +50,6 @@ enclave {
* [string]: specifies 'str' is a NULL terminated buffer. * [string]: specifies 'str' is a NULL terminated buffer.
*/ */
untrusted { untrusted {
int read_file([in, string] path_to_file, [out, size=bsize] uint8_t *buffer, size_t bsize);
}; };
}; };

View file

@ -37,7 +37,7 @@
#include <assert.h> #include <assert.h>
#include <sgx_error.h> #include <sgx_error.h>
sgx_status_t public_key(uint8_t *gx, uint8_t *gy); sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy);
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size); sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size);
#endif /* !_ENCLAVE_H_ */ #endif /* !_ENCLAVE_H_ */