Assignment 7 #4
3 changed files with 40 additions and 7 deletions
|
@ -3,11 +3,44 @@
|
||||||
#include <sgx_error.h>
|
#include <sgx_error.h>
|
||||||
#include <sgx_tcrypto.h>
|
#include <sgx_tcrypto.h>
|
||||||
|
|
||||||
const unsigned char *secretkey_file = "/var/signrelay/sk";
|
sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy) {
|
||||||
const unsigned char *publickey_file = "/var/signrelay/pk";
|
// return if no sealed data provided
|
||||||
|
if(sealed == NULL)
|
||||||
|
return SGX_ERROR_UNEXPECTED;
|
||||||
|
|
||||||
|
// calculate public_key size and return error for unexpected results
|
||||||
|
uint32_t pk_size = sgx_get_add_mac_txt_len((const sgx_sealed_data_t *)sealed);
|
||||||
|
uint32_t sk_size = sgx_get_encrypt_txt_len((const sgx_sealed_data_t *)sealed);
|
||||||
|
if ((pk_size != 2*SGX_ECP256_KEY_SIZE) || (sk_size != SGX_ECP256_KEY_SIZE))
|
||||||
|
return SGX_ERROR_UNEXPECTED;
|
||||||
|
|
||||||
sgx_status_t public_key(uint8_t *gx, uint8_t *gy) {
|
// allocate memory for public and secret key
|
||||||
// TODO
|
uint8_t *pk =(uint8_t *)malloc(pk_size);
|
||||||
|
uint8_t *sk =(uint8_t *)malloc(pk_size);
|
||||||
|
if((pk == NULL) || (sk == NULL)) {
|
||||||
|
free(pk);
|
||||||
|
free(sk);
|
||||||
|
return SGX_ERROR_OUT_OF_MEMORY;
|
||||||
|
}
|
||||||
|
|
||||||
|
// unseal ecc key pair
|
||||||
|
sgx_status_t status = sgx_unseal_data((const sgx_sealed_data_t *)sealed, pk, &pk_size, sk, &sk_size);
|
||||||
|
if (status != SGX_SUCCESS) {
|
||||||
|
free(pk);
|
||||||
|
free(sk);
|
||||||
|
return status;
|
||||||
|
}
|
||||||
|
|
||||||
|
// copy public key into return buffers
|
||||||
|
if((gx != NULL) && (gy != NULL)) {
|
||||||
|
memcpy(gx, pk, SGX_ECP256_KEY_SIZE);
|
||||||
|
memcpy(gy, pk + SGX_ECP256_KEY_SIZE, SGX_ECP256_KEY_SIZE);
|
||||||
|
}
|
||||||
|
|
||||||
|
// free allocated memory and return success
|
||||||
|
free(pk);
|
||||||
|
free(sk);
|
||||||
|
return SGX_SUCCESS;
|
||||||
}
|
}
|
||||||
|
|
||||||
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) {
|
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size) {
|
||||||
|
|
|
@ -40,7 +40,7 @@ enclave {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
trusted {
|
trusted {
|
||||||
public sgx_status_t public_key([out]uint8_t *gx, [out]uint8_t *gy);
|
public sgx_status_t public_key([in, size=sealed_size]const uint8_t *sealed, size_t sealed_size, [out]uint8_t *gx, [out]uint8_t *gy);
|
||||||
public sgx_status_t sign_firmware([in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size);
|
public sgx_status_t sign_firmware([in, size=data_size]uint8_t *data, size_t data_size, [out, size=signature_size]uint8_t *signature, size_t signature_size);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -50,6 +50,6 @@ enclave {
|
||||||
* [string]: specifies 'str' is a NULL terminated buffer.
|
* [string]: specifies 'str' is a NULL terminated buffer.
|
||||||
*/
|
*/
|
||||||
untrusted {
|
untrusted {
|
||||||
|
int read_file([in, string] path_to_file, [out, size=bsize] uint8_t *buffer, size_t bsize);
|
||||||
};
|
};
|
||||||
};
|
};
|
|
@ -37,7 +37,7 @@
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <sgx_error.h>
|
#include <sgx_error.h>
|
||||||
|
|
||||||
sgx_status_t public_key(uint8_t *gx, uint8_t *gy);
|
sgx_status_t public_key(const uint8_t *sealed, const size_t sealed_size, uint8_t *gx, uint8_t *gy);
|
||||||
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size);
|
sgx_status_t sign_firmware(uint8_t *data, size_t data_size, uint8_t *signature, size_t signature_size);
|
||||||
|
|
||||||
#endif /* !_ENCLAVE_H_ */
|
#endif /* !_ENCLAVE_H_ */
|
Loading…
Reference in a new issue