RubNoobs/Systemsicherheit
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[Assignment-7] update verify_firmware
All checks were successful
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (push) Successful in 1m4s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (push) Successful in 1m1s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (push) Successful in 59s
Details
Latex Build / build-latex (Assignment 4 - Protokollsicherheit (Praxis)) (pull_request) Successful in 31s
Details
Latex Build / build-latex (Assignment 5 - Software Security - Teil 1) (pull_request) Successful in 9s
Details
Latex Build / build-latex (Assignment 6 - Software Security - Teil 2) (pull_request) Successful in 8s
Details

Browse source
This commit is contained in:
Sascha Tommasone 2024-07-03 17:03:16 +02:00
parent a08e4614c6
commit daec66f6a8
Signed by: saschato
GPG key ID: 751068A86FCAA217
1 changed files with 12 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

40
7-SGX_Hands-on/src/enclave/enclave.c
View file

@ -279,25 +279,15 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} }
// declare need structures // declare needed structures
sgx_ec256_signature_t ecc_signature;
sgx_ecc_state_handle_t ecc_handle;
sgx_ec256_public_t public; sgx_ec256_public_t public;
sgx_status_t status;
// invalid signature // invalid signature
if(signature_size > SI_SIZE) { if(signature_size > SI_SIZE) {
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} }
// open ecc handle
sgx_status_t status;
if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS) {
return status;
}
// copy signature into struct
memcpy(ecc_signature.x, signature, SI_SIZE);
// verify signature from staff or enclave // verify signature from staff or enclave
if(public_key != NULL) { if(public_key != NULL) {
// invalid public key // invalid public key
@ -305,26 +295,20 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
return SGX_ERROR_INVALID_PARAMETER; return SGX_ERROR_INVALID_PARAMETER;
} }
// verification only with authorized public keys
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
}
// copy public key into struct // copy public key into struct
memcpy(public.gx, public_key, PK_SIZE); memcpy(public.gx, public_key, PK_SIZE);
} else { } else {
// unseal public key // unseal public key
if(unseal_key_pair(sealed, NULL, &public) != SGX_SUCCESS) { if((status = unseal_key_pair(sealed, NULL, &public)) != SGX_SUCCESS) {
sgx_ecc256_close_context(ecc_handle); return status;
return SGX_ERROR_UNEXPECTED;
} }
} }
// verify signature // verify signature and return result
uint8_t result; return verify_signature(data, data_size, &public, (const sgx_ec256_signature_t *)signature);
sgx_status_t verification_status = sgx_ecdsa_verify((const uint8_t *)data, data_size, (const sgx_ec256_public_t *)&public, (const sgx_ec256_signature_t *)&ecc_signature, &result, ecc_handle); }
// handle failed verification process
if(verification_status != SGX_SUCCESS) {
result = verification_status;
}
// close handle and return result
sgx_ecc256_close_context(ecc_handle);
return result;
}