Assignment 7 #4

Merged
saschato merged 75 commits from Assignment-7 into master 2024-07-08 11:19:51 +02:00
Showing only changes of commit 5e174f25f3 - Show all commits

View file

@ -5,24 +5,29 @@ TMP=/tmp/signatureproxy
KEYDIR=../employee_keys KEYDIR=../employee_keys
mkdir -p $TMP mkdir -p $TMP
echo "setting up enclave" echo "Step 1: Setting up the signature proxy..."
./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem ./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem
echo "The signature proxy is initialized."
echo "generating dummy firmware" echo "Step 2: Generating dummy firmware..."
dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null
echo "Dummy firmware is generated."
echo "signing firmware as Alice" echo "Step 3: Alice signs the firmware..."
./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der ./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der
echo "Alice, a trusted employee, signs the firmware."
echo "resigning firmware using enclave" echo "Step 4: Resigning Alice's signed firmware using the signature proxy..."
cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der
echo "The signature proxy verifies and resigns Alice's firmware."
echo "verifying firmware" echo "Step 5: Verifying the signed firmware..."
cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin
echo "The firmware's signature is verified."
echo "Step 6: Oskar attempts to sign a modified firmware..."
echo "signing firmware as Oskar"
./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der ./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der
echo "Oskar, an attacker, tries to sign a modified firmware."
echo "resigning firmware using enclave" echo "Step 7: Oskar's signing attempt is rejected by the signature proxy..."
cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin || echo "Oskars signing request successfully rejected" cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt was successful." || echo "Oskar's signing request is successfully rejected."