Assignment 7 #4
3 changed files with 45 additions and 13 deletions
|
@ -50,9 +50,15 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef SI_SIZE
|
#ifndef SI_SIZE
|
||||||
#define SI_SIZE 2*SK_SIZE
|
#define SI_SIZE 2*SK_SIZE// + 8
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#define SWAP_UINT32(x) \
|
||||||
|
(((x) >> 24) & 0x000000FF) | \
|
||||||
|
(((x) >> 8) & 0x0000FF00) | \
|
||||||
|
(((x) << 8) & 0x00FF0000) | \
|
||||||
|
(((x) << 24) & 0xFF000000)
|
||||||
|
|
||||||
const sgx_ec256_public_t authorized[2] = {
|
const sgx_ec256_public_t authorized[2] = {
|
||||||
{
|
{
|
||||||
0,
|
0,
|
||||||
|
@ -80,6 +86,22 @@ int get_private_key_size() {
|
||||||
return SK_SIZE;
|
return SK_SIZE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static inline void pk_little_to_big(uint8_t *pk) {
|
||||||
|
uint32_t i, j;
|
||||||
|
|
||||||
|
for(i = 0, j = PK_SIZE / 2 - 1; i < j; i++, j--) {
|
||||||
|
uint8_t tmp = pk[i];
|
||||||
|
pk[i] = pk[j];
|
||||||
|
pk[j] = tmp;
|
||||||
|
}
|
||||||
|
|
||||||
|
for(i = PK_SIZE / 2, j = PK_SIZE - 1; i < j; i++, j--) {
|
||||||
|
uint8_t tmp = pk[i];
|
||||||
|
pk[i] = pk[j];
|
||||||
|
pk[j] = tmp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) {
|
static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) {
|
||||||
// invalid parameter handling
|
// invalid parameter handling
|
||||||
if((private == NULL) || (public == NULL))
|
if((private == NULL) || (public == NULL))
|
||||||
|
@ -138,7 +160,7 @@ static sgx_status_t unseal_key_pair(const uint8_t *sealed, sgx_ec256_private_t *
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size) {
|
sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size) {
|
||||||
// invalid parameter handling
|
// invalid parameter handling
|
||||||
if((sealed == NULL) || (sealed_size == 0)) {
|
if((sealed == NULL) || (sealed_size == 0)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
@ -151,10 +173,11 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t
|
||||||
return status;
|
return status;
|
||||||
}
|
}
|
||||||
|
|
||||||
// copy public key into return buffers
|
// copy public key into return buffer
|
||||||
if((gx != NULL) && (gy != NULL)) {
|
// swap endianess
|
||||||
memcpy(gx, public.gx, SK_SIZE);
|
if((public_key != NULL) && (public_key != NULL) && (public_key_size == PK_SIZE)) {
|
||||||
memcpy(gy, public.gy, SK_SIZE);
|
memcpy(public_key, public.gx, SK_SIZE);
|
||||||
|
pk_little_to_big(public_key);
|
||||||
}
|
}
|
||||||
|
|
||||||
// return success
|
// return success
|
||||||
|
@ -182,6 +205,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
|
||||||
|
|
||||||
// verify signature
|
// verify signature
|
||||||
uint8_t result;
|
uint8_t result;
|
||||||
|
// sgx_ecdsa_verify_hash
|
||||||
sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle);
|
sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle);
|
||||||
|
|
||||||
// handle failed verification process
|
// handle failed verification process
|
||||||
|
@ -194,7 +218,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
|
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) {
|
||||||
// invalid parameter handling
|
// invalid parameter handling
|
||||||
if((data == NULL) || (data_size == 0)) {
|
if((data == NULL) || (data_size == 0)) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
|
@ -251,10 +275,11 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
|
||||||
|
|
||||||
// TODO: possible wrong endianess for other programms
|
// TODO: possible wrong endianess for other programms
|
||||||
// copy signature to return buffer
|
// copy signature to return buffer
|
||||||
if((signature == NULL) || (signature_size == 0)) {
|
if((signature == NULL) || (signature_size != SI_SIZE)) {
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
sgx_ecc256_close_context(ecc_handle);
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
memcpy(signature, ecc_signature.x, SI_SIZE);
|
memcpy(signature, ecc_signature.x, SI_SIZE);
|
||||||
|
|
||||||
// seal the key
|
// seal the key
|
||||||
|
@ -262,6 +287,10 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea
|
||||||
seal_status = seal_key_pair(&private, &public, &sealed, sealed_size);
|
seal_status = seal_key_pair(&private, &public, &sealed, sealed_size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// export pk
|
||||||
|
memcpy(public_key, public.gx, PK_SIZE);
|
||||||
|
pk_little_to_big(public_key);
|
||||||
|
|
||||||
// close ecc handle and return success
|
// close ecc handle and return success
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
sgx_ecc256_close_context(ecc_handle);
|
||||||
return seal_status;
|
return seal_status;
|
||||||
|
@ -299,7 +328,10 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
||||||
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// public key little to big
|
||||||
|
pk_little_to_big(public_key);
|
||||||
|
|
||||||
// copy public key into struct
|
// copy public key into struct
|
||||||
memcpy(public.gx, public_key, PK_SIZE);
|
memcpy(public.gx, public_key, PK_SIZE);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -44,8 +44,8 @@ enclave {
|
||||||
public int get_signature_size();
|
public int get_signature_size();
|
||||||
public int get_public_key_size();
|
public int get_public_key_size();
|
||||||
public int get_private_key_size();
|
public int get_private_key_size();
|
||||||
public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size);
|
public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size);
|
||||||
public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size);
|
public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size);
|
||||||
public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size);
|
public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -44,8 +44,8 @@ int get_signature_size();
|
||||||
int get_public_key_size();
|
int get_public_key_size();
|
||||||
int get_private_key_size();
|
int get_private_key_size();
|
||||||
|
|
||||||
sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size);
|
sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size);
|
||||||
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size);
|
sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size);
|
||||||
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size);
|
sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size);
|
||||||
|
|
||||||
#endif /* !_ENCLAVE_H_ */
|
#endif /* !_ENCLAVE_H_ */
|
Loading…
Reference in a new issue