From daec66f6a86b3664a09e9fddf81c254bfb29bdc1 Mon Sep 17 00:00:00 2001
From: Sascha Tommasone <sascha@tommasone.me>
Date: Wed, 3 Jul 2024 17:03:16 +0200
Subject: [PATCH] [Assignment-7] update verify_firmware

---
 7-SGX_Hands-on/src/enclave/enclave.c | 40 +++++++++-------------------
 1 file changed, 12 insertions(+), 28 deletions(-)

diff --git a/7-SGX_Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c
index 9db5931..db96ec4 100644
--- a/7-SGX_Hands-on/src/enclave/enclave.c
+++ b/7-SGX_Hands-on/src/enclave/enclave.c
@@ -279,25 +279,15 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
         return SGX_ERROR_INVALID_PARAMETER;
     }
 
-    // declare need structures
-    sgx_ec256_signature_t ecc_signature;
-    sgx_ecc_state_handle_t ecc_handle;
+    // declare needed structures
     sgx_ec256_public_t public;
+    sgx_status_t status;
 
     // invalid signature
     if(signature_size > SI_SIZE) {
         return SGX_ERROR_INVALID_PARAMETER;
     }
 
-    // open ecc handle
-    sgx_status_t status;
-    if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS) {
-        return status;
-    }
-
-    // copy signature into struct
-    memcpy(ecc_signature.x, signature, SI_SIZE);
-
     // verify signature from staff or enclave
     if(public_key != NULL) {
         // invalid public key
@@ -305,26 +295,20 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
             return SGX_ERROR_INVALID_PARAMETER;
         }
 
+        // verification only with authorized public keys
+        for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
+
+        }
+
         // copy public key into struct
         memcpy(public.gx, public_key, PK_SIZE);
     } else {
         // unseal public key
-        if(unseal_key_pair(sealed, NULL, &public) != SGX_SUCCESS) {
-            sgx_ecc256_close_context(ecc_handle);
-            return SGX_ERROR_UNEXPECTED;
+        if((status = unseal_key_pair(sealed, NULL, &public)) != SGX_SUCCESS) {
+            return status;
         }
     }
 
-    // verify signature
-    uint8_t result;
-    sgx_status_t verification_status = sgx_ecdsa_verify((const uint8_t *)data, data_size, (const sgx_ec256_public_t *)&public, (const sgx_ec256_signature_t *)&ecc_signature, &result, ecc_handle);
-
-    // handle failed verification process
-    if(verification_status != SGX_SUCCESS) {
-        result = verification_status;
-    }
-
-    // close handle and return result
-    sgx_ecc256_close_context(ecc_handle);
-    return result;
-}
+    // verify signature and return result
+    return verify_signature(data, data_size, &public, (const sgx_ec256_signature_t *)signature);
+}
\ No newline at end of file