From 20529e27687941067297226583d952acb113e054 Mon Sep 17 00:00:00 2001 From: Sascha Tommasone Date: Fri, 5 Jul 2024 23:02:05 +0200 Subject: [PATCH] [Assignment-7] fixed endianess problems --- 7-SGX_Hands-on/src/enclave/enclave.c | 50 +++++++++++++++++++++----- 7-SGX_Hands-on/src/enclave/enclave.edl | 4 +-- 7-SGX_Hands-on/src/enclave/enclave.h | 4 +-- 3 files changed, 45 insertions(+), 13 deletions(-) diff --git a/7-SGX_Hands-on/src/enclave/enclave.c b/7-SGX_Hands-on/src/enclave/enclave.c index db96ec4..fc5da89 100644 --- a/7-SGX_Hands-on/src/enclave/enclave.c +++ b/7-SGX_Hands-on/src/enclave/enclave.c @@ -50,9 +50,15 @@ #endif #ifndef SI_SIZE -#define SI_SIZE 2*SK_SIZE +#define SI_SIZE 2*SK_SIZE// + 8 #endif +#define SWAP_UINT32(x) \ + (((x) >> 24) & 0x000000FF) | \ + (((x) >> 8) & 0x0000FF00) | \ + (((x) << 8) & 0x00FF0000) | \ + (((x) << 24) & 0xFF000000) + const sgx_ec256_public_t authorized[2] = { { 0, @@ -80,6 +86,22 @@ int get_private_key_size() { return SK_SIZE; } +static inline void pk_little_to_big(uint8_t *pk) { + uint32_t i, j; + + for(i = 0, j = PK_SIZE / 2 - 1; i < j; i++, j--) { + uint8_t tmp = pk[i]; + pk[i] = pk[j]; + pk[j] = tmp; + } + + for(i = PK_SIZE / 2, j = PK_SIZE - 1; i < j; i++, j--) { + uint8_t tmp = pk[i]; + pk[i] = pk[j]; + pk[j] = tmp; + } +} + static sgx_status_t seal_key_pair(sgx_ec256_private_t *private, sgx_ec256_public_t *public, uint8_t **sealed, uint32_t sealed_size) { // invalid parameter handling if((private == NULL) || (public == NULL)) @@ -138,7 +160,7 @@ static sgx_status_t unseal_key_pair(const uint8_t *sealed, sgx_ec256_private_t * return status; } -sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size) { +sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size) { // invalid parameter handling if((sealed == NULL) || (sealed_size == 0)) { return SGX_ERROR_INVALID_PARAMETER; @@ -151,10 +173,11 @@ sgx_status_t get_public_key(const uint8_t *sealed, uint32_t sealed_size, uint8_t return status; } - // copy public key into return buffers - if((gx != NULL) && (gy != NULL)) { - memcpy(gx, public.gx, SK_SIZE); - memcpy(gy, public.gy, SK_SIZE); + // copy public key into return buffer + // swap endianess + if((public_key != NULL) && (public_key != NULL) && (public_key_size == PK_SIZE)) { + memcpy(public_key, public.gx, SK_SIZE); + pk_little_to_big(public_key); } // return success @@ -182,6 +205,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si // verify signature uint8_t result; + // sgx_ecdsa_verify_hash sgx_status_t verification_status = sgx_ecdsa_verify(data, data_size, public, ecc_signature, &result, ecc_handle); // handle failed verification process @@ -194,7 +218,7 @@ static sgx_status_t verify_signature(const uint8_t *data, const uint32_t data_si return result; } -sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) { +sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size) { // invalid parameter handling if((data == NULL) || (data_size == 0)) { return SGX_ERROR_INVALID_PARAMETER; @@ -251,10 +275,11 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea // TODO: possible wrong endianess for other programms // copy signature to return buffer - if((signature == NULL) || (signature_size == 0)) { + if((signature == NULL) || (signature_size != SI_SIZE)) { sgx_ecc256_close_context(ecc_handle); return SGX_ERROR_INVALID_PARAMETER; } + memcpy(signature, ecc_signature.x, SI_SIZE); // seal the key @@ -262,6 +287,10 @@ sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sea seal_status = seal_key_pair(&private, &public, &sealed, sealed_size); } + // export pk + memcpy(public_key, public.gx, PK_SIZE); + pk_little_to_big(public_key); + // close ecc handle and return success sgx_ecc256_close_context(ecc_handle); return seal_status; @@ -299,7 +328,10 @@ sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint for(size_t i = 0; i < sizeof(authorized)/sizeof(authorized[0]); i++) { } - + + // public key little to big + pk_little_to_big(public_key); + // copy public key into struct memcpy(public.gx, public_key, PK_SIZE); } else { diff --git a/7-SGX_Hands-on/src/enclave/enclave.edl b/7-SGX_Hands-on/src/enclave/enclave.edl index 64abed2..6b9e803 100644 --- a/7-SGX_Hands-on/src/enclave/enclave.edl +++ b/7-SGX_Hands-on/src/enclave/enclave.edl @@ -44,8 +44,8 @@ enclave { public int get_signature_size(); public int get_public_key_size(); public int get_private_key_size(); - public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=gx_size]uint8_t *gx, uint32_t gx_size, [out, size=gx_size]uint8_t *gy, uint32_t gy_size); - public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size); + public sgx_status_t get_public_key([in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size); + public sgx_status_t sign_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, out, size=sealed_size]uint8_t *sealed, uint32_t sealed_size, [in, out, size=public_key_size]uint8_t *public_key, uint32_t public_key_size, [in, out, size=signature_size]uint8_t *signature, uint32_t signature_size); public sgx_status_t verify_firmware([in, size=data_size]const uint8_t *data, uint32_t data_size, [in, size=sealed_size]const uint8_t *sealed, uint32_t sealed_size, [in, size=public_key_size]const uint8_t *public_key, uint32_t public_key_size, [in, size=signature_size]const uint8_t *signature, uint32_t signature_size); }; diff --git a/7-SGX_Hands-on/src/enclave/enclave.h b/7-SGX_Hands-on/src/enclave/enclave.h index 89c52b7..c7b017b 100644 --- a/7-SGX_Hands-on/src/enclave/enclave.h +++ b/7-SGX_Hands-on/src/enclave/enclave.h @@ -44,8 +44,8 @@ int get_signature_size(); int get_public_key_size(); int get_private_key_size(); -sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *gx, uint32_t gx_size, uint8_t *gy, uint32_t gy_size); -sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size); +sgx_status_t get_public_key(const uint8_t *sealed, const uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size); +sgx_status_t sign_firmware(const uint8_t *data, uint32_t data_size, uint8_t *sealed, uint32_t sealed_size, uint8_t *public_key, uint32_t public_key_size, uint8_t *signature, uint32_t signature_size); sgx_status_t verify_firmware(const uint8_t *data, uint32_t data_size, const uint8_t *sealed, uint32_t sealed_size, const uint8_t *public_key, uint32_t public_key_size, const uint8_t *signature, uint32_t signature_size); #endif /* !_ENCLAVE_H_ */ \ No newline at end of file