From 5e174f25f391658380a8e866743705c2be8f114b Mon Sep 17 00:00:00 2001 From: Paul Zinselmeyer Date: Sat, 6 Jul 2024 18:29:59 +0200 Subject: [PATCH] [Assignment-7] update simulate.sh --- 7-SGX_Hands-on/src/simulate.sh | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/7-SGX_Hands-on/src/simulate.sh b/7-SGX_Hands-on/src/simulate.sh index fefccac..f5718a4 100755 --- a/7-SGX_Hands-on/src/simulate.sh +++ b/7-SGX_Hands-on/src/simulate.sh @@ -5,24 +5,29 @@ TMP=/tmp/signatureproxy KEYDIR=../employee_keys mkdir -p $TMP -echo "setting up enclave" +echo "Step 1: Setting up the signature proxy..." ./signatureproxy proxysetup -pkey $TMP/proxy_private.bin > $TMP/proxy_public.pem +echo "The signature proxy is initialized." -echo "generating dummy firmware" +echo "Step 2: Generating dummy firmware..." dd if=/dev/urandom of=$TMP/firmware.bin bs=1M count=1 &> /dev/null +echo "Dummy firmware is generated." -echo "signing firmware as Alice" +echo "Step 3: Alice signs the firmware..." ./signatureproxy employee -ekey $KEYDIR/alice_private.pem -firm $TMP/firmware.bin > $TMP/signature_alice.der +echo "Alice, a trusted employee, signs the firmware." -echo "resigning firmware using enclave" +echo "Step 4: Resigning Alice's signed firmware using the signature proxy..." cat $TMP/signature_alice.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/alice_public.pem -firm $TMP/firmware.bin > $TMP/signature_for_alice.der +echo "The signature proxy verifies and resigns Alice's firmware." -echo "verifying firmware" +echo "Step 5: Verifying the signed firmware..." cat $TMP/signature_for_alice.der | ./signatureproxy embedded -ppub $TMP/proxy_public.pem -firm $TMP/firmware.bin +echo "The firmware's signature is verified." - -echo "signing firmware as Oskar" +echo "Step 6: Oskar attempts to sign a modified firmware..." ./signatureproxy employee -ekey $KEYDIR/oskar_private.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der +echo "Oskar, an attacker, tries to sign a modified firmware." -echo "resigning firmware using enclave" -cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin || echo "Oskars signing request successfully rejected" +echo "Step 7: Oskar's signing attempt is rejected by the signature proxy..." +cat $TMP/signature_oskar.der | ./signatureproxy proxy -pkey $TMP/proxy_private.bin -epub $KEYDIR/oskar_public.pem -firm $TMP/firmware.bin > $TMP/signature_oskar.der && echo "Oskar's firmware signing attempt was successful." || echo "Oskar's signing request is successfully rejected."