Assignment 7 #4
1 changed files with 12 additions and 28 deletions
|
@ -279,25 +279,15 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
// declare need structures
|
// declare needed structures
|
||||||
sgx_ec256_signature_t ecc_signature;
|
|
||||||
sgx_ecc_state_handle_t ecc_handle;
|
|
||||||
sgx_ec256_public_t public;
|
sgx_ec256_public_t public;
|
||||||
|
sgx_status_t status;
|
||||||
|
|
||||||
// invalid signature
|
// invalid signature
|
||||||
if(signature_size > SI_SIZE) {
|
if(signature_size > SI_SIZE) {
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
// open ecc handle
|
|
||||||
sgx_status_t status;
|
|
||||||
if((status = sgx_ecc256_open_context(&ecc_handle)) != SGX_SUCCESS) {
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// copy signature into struct
|
|
||||||
memcpy(ecc_signature.x, signature, SI_SIZE);
|
|
||||||
|
|
||||||
// verify signature from staff or enclave
|
// verify signature from staff or enclave
|
||||||
if(public_key != NULL) {
|
if(public_key != NULL) {
|
||||||
// invalid public key
|
// invalid public key
|
||||||
|
@ -305,26 +295,20 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint
|
||||||
return SGX_ERROR_INVALID_PARAMETER;
|
return SGX_ERROR_INVALID_PARAMETER;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// verification only with authorized public keys
|
||||||
|
for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
// copy public key into struct
|
// copy public key into struct
|
||||||
memcpy(public.gx, public_key, PK_SIZE);
|
memcpy(public.gx, public_key, PK_SIZE);
|
||||||
} else {
|
} else {
|
||||||
// unseal public key
|
// unseal public key
|
||||||
if(unseal_key_pair(sealed, NULL, &public) != SGX_SUCCESS) {
|
if((status = unseal_key_pair(sealed, NULL, &public)) != SGX_SUCCESS) {
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
return status;
|
||||||
return SGX_ERROR_UNEXPECTED;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// verify signature
|
// verify signature and return result
|
||||||
uint8_t result;
|
return verify_signature(data, data_size, &public, (const sgx_ec256_signature_t *)signature);
|
||||||
sgx_status_t verification_status = sgx_ecdsa_verify((const uint8_t *)data, data_size, (const sgx_ec256_public_t *)&public, (const sgx_ec256_signature_t *)&ecc_signature, &result, ecc_handle);
|
|
||||||
|
|
||||||
// handle failed verification process
|
|
||||||
if(verification_status != SGX_SUCCESS) {
|
|
||||||
result = verification_status;
|
|
||||||
}
|
|
||||||
|
|
||||||
// close handle and return result
|
|
||||||
sgx_ecc256_close_context(ecc_handle);
|
|
||||||
return result;
|
|
||||||
}
|
}
|
Loading…
Reference in a new issue