Assignment-7-sgximpl #13
1 changed files with 30 additions and 22 deletions
|
@ -65,8 +65,18 @@ const sgx_ec256_public_t authorized[2] = {
|
||||||
0
|
0
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
0,
|
.gx = {
|
||||||
0
|
0x76, 0xe5, 0x50, 0x5e, 0x61, 0xf5, 0x2b, 0xea,
|
||||||
|
0x1c, 0x49, 0x29, 0xef, 0xd2, 0x5f, 0x4f, 0x29,
|
||||||
|
0xd0, 0xb6, 0xfb, 0x1c, 0x4f, 0x42, 0xb5, 0x72,
|
||||||
|
0x00, 0x10, 0x18, 0x1a, 0x4f, 0xa3, 0x96, 0x8d
|
||||||
|
},
|
||||||
|
.gy = {
|
||||||
|
0xa1, 0xba, 0x0a, 0x47, 0xf1, 0xa5, 0xa4, 0x9d,
|
||||||
|
0xf4, 0x7d, 0x71, 0x34, 0xce, 0x2f, 0x2e, 0x93,
|
||||||
|
0xec, 0x04, 0xb1, 0xdd, 0xad, 0xb6, 0x4b, 0xa0,
|
||||||
|
0xdf, 0xb5, 0xc4, 0xf3, 0xf9, 0xa6, 0x58, 0xb2
|
||||||
|
}
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -215,7 +225,9 @@ static sgx_status_t verify_signature(const uint8_t *data, uint32_t data_size, co
|
||||||
|
|
||||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
|
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint8_t *signature) {
|
||||||
// invalid parameter handling
|
// invalid parameter handling
|
||||||
if((data == NULL) || (data_size == 0) || (public_key == NULL) || (signature == NULL)) {
|
if((data == NULL) || (data_size == 0)) {
|
||||||
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
} else if((public_key == NULL) || (signature == NULL)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
} else if((sealed == NULL) || (sealed_size != get_sealed_size())) {
|
} else if((sealed == NULL) || (sealed_size != get_sealed_size())) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
@ -224,9 +236,8 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
||||||
// verify public key
|
// verify public key
|
||||||
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||||
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
|
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
|
||||||
continue;
|
goto sign;
|
||||||
}
|
}
|
||||||
goto sign;
|
|
||||||
}
|
}
|
||||||
return SGX_ERROR_UNEXPECTED;
|
return SGX_ERROR_UNEXPECTED;
|
||||||
|
|
||||||
|
@ -244,34 +255,25 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, const uint8_
|
||||||
}
|
}
|
||||||
|
|
||||||
// verify request
|
// verify request
|
||||||
/*
|
|
||||||
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
if((status = verify_signature(data, data_size, (const sgx_ec256_public_t *)public_key, (const sgx_ec256_signature_t *)signature)) != SGX_EC_VALID) {
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
goto exit;
|
||||||
return status;
|
}
|
||||||
}*/
|
|
||||||
|
|
||||||
// try unseal keypair
|
// try unseal keypair
|
||||||
sgx_status_t seal_status;
|
if(status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
|
||||||
if(seal_status = unseal_key_pair(sealed, &private, (sgx_ec256_public_t *)public_key) != SGX_SUCCESS) {
|
goto exit;
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
|
||||||
return seal_status;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// create signature
|
// create signature
|
||||||
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
if((status = sgx_ecdsa_sign(data, data_size, &private, &ecc_signature, ecc_handle)) != SGX_SUCCESS) {
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
goto exit;
|
||||||
return status;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// copy signature to return buffer
|
// copy signature to return buffer
|
||||||
if(signature == NULL) {
|
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
|
||||||
}
|
|
||||||
|
|
||||||
memcpy(signature, ecc_signature.x, SI_SIZE);
|
memcpy(signature, ecc_signature.x, SI_SIZE);
|
||||||
|
|
||||||
// close ecc handle and return success
|
// close ecc handle and return success
|
||||||
|
exit: ;
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
sgx_ecc256_close_context(ecc_handle);
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
@ -284,6 +286,8 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
} else if((sealed != NULL) && (public_key != NULL)) {
|
} else if((sealed != NULL) && (public_key != NULL)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
} else if((sealed_size != get_sealed_size()) && (public_key == NULL)) {
|
||||||
|
return SGX_ERROR_INVALID_PARAMETER;;
|
||||||
}
|
}
|
||||||
|
|
||||||
// declare needed structures
|
// declare needed structures
|
||||||
|
@ -294,9 +298,13 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
||||||
if(public_key != NULL) {
|
if(public_key != NULL) {
|
||||||
// verification only with authorized public keys
|
// verification only with authorized public keys
|
||||||
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||||
|
if(memcmp(public_key, authorized[i].gx, PK_SIZE) == 0) {
|
||||||
|
goto verify;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
return SGX_ERROR_UNEXPECTED;
|
||||||
|
|
||||||
|
verify: ;
|
||||||
// copy public key into struct
|
// copy public key into struct
|
||||||
memcpy(public.gx, public_key, PK_SIZE);
|
memcpy(public.gx, public_key, PK_SIZE);
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue