Linux/tools/testing/selftests/sgx/sigstruct.c

Version: ~ [ linux-6.11-rc3 ] ~ [ linux-6.10.4 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.45 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.104 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.164 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.223 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.281 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.319 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.9 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 // SPDX-License-Identifier: GPL-2.0 2 /* Copyright(c) 2016-20 Intel Corporation. */ 3 4 #define _GNU_SOURCE 5 #include <assert.h> 6 #include <getopt.h> 7 #include <stdbool.h> 8 #include <stdint.h> 9 #include <stdio.h> 10 #include <stdlib.h> 11 #include <string.h> 12 #include <sys/stat.h> 13 #include <sys/types.h> 14 #include <unistd.h> 15 #include <openssl/err.h> 16 #include <openssl/pem.h> 17 #include "defines.h" 18 #include "main.h" 19 20 /* 21 * FIXME: OpenSSL 3.0 has deprecated some functions. For now just ignore 22 * the warnings. 23 */ 24 #pragma GCC diagnostic ignored "-Wdeprecated-declarations" 25 26 struct q1q2_ctx { 27 BN_CTX *bn_ctx; 28 BIGNUM *m; 29 BIGNUM *s; 30 BIGNUM *q1; 31 BIGNUM *qr; 32 BIGNUM *q2; 33 }; 34 35 static void free_q1q2_ctx(struct q1q2_ctx *ctx) 36 { 37 BN_CTX_free(ctx->bn_ctx); 38 BN_free(ctx->m); 39 BN_free(ctx->s); 40 BN_free(ctx->q1); 41 BN_free(ctx->qr); 42 BN_free(ctx->q2); 43 } 44 45 static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m, 46 struct q1q2_ctx *ctx) 47 { 48 ctx->bn_ctx = BN_CTX_new(); 49 ctx->s = BN_bin2bn(s, SGX_MODULUS_SIZE, NULL); 50 ctx->m = BN_bin2bn(m, SGX_MODULUS_SIZE, NULL); 51 ctx->q1 = BN_new(); 52 ctx->qr = BN_new(); 53 ctx->q2 = BN_new(); 54 55 if (!ctx->bn_ctx || !ctx->s || !ctx->m || !ctx->q1 || !ctx->qr || 56 !ctx->q2) { 57 free_q1q2_ctx(ctx); 58 return false; 59 } 60 61 return true; 62 } 63 64 static void reverse_bytes(void *data, int length) 65 { 66 int i = 0; 67 int j = length - 1; 68 uint8_t temp; 69 uint8_t *ptr = data; 70 71 while (i < j) { 72 temp = ptr[i]; 73 ptr[i] = ptr[j]; 74 ptr[j] = temp; 75 i++; 76 j--; 77 } 78 } 79 80 static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1, 81 uint8_t *q2) 82 { 83 struct q1q2_ctx ctx; 84 int len; 85 86 if (!alloc_q1q2_ctx(s, m, &ctx)) { 87 fprintf(stderr, "Not enough memory for Q1Q2 calculation\n"); 88 return false; 89 } 90 91 if (!BN_mul(ctx.q1, ctx.s, ctx.s, ctx.bn_ctx)) 92 goto out; 93 94 if (!BN_div(ctx.q1, ctx.qr, ctx.q1, ctx.m, ctx.bn_ctx)) 95 goto out; 96 97 if (BN_num_bytes(ctx.q1) > SGX_MODULUS_SIZE) { 98 fprintf(stderr, "Too large Q1 %d bytes\n", 99 BN_num_bytes(ctx.q1)); 100 goto out; 101 } 102 103 if (!BN_mul(ctx.q2, ctx.s, ctx.qr, ctx.bn_ctx)) 104 goto out; 105 106 if (!BN_div(ctx.q2, NULL, ctx.q2, ctx.m, ctx.bn_ctx)) 107 goto out; 108 109 if (BN_num_bytes(ctx.q2) > SGX_MODULUS_SIZE) { 110 fprintf(stderr, "Too large Q2 %d bytes\n", 111 BN_num_bytes(ctx.q2)); 112 goto out; 113 } 114 115 len = BN_bn2bin(ctx.q1, q1); 116 reverse_bytes(q1, len); 117 len = BN_bn2bin(ctx.q2, q2); 118 reverse_bytes(q2, len); 119 120 free_q1q2_ctx(&ctx); 121 return true; 122 out: 123 free_q1q2_ctx(&ctx); 124 return false; 125 } 126 127 struct sgx_sigstruct_payload { 128 struct sgx_sigstruct_header header; 129 struct sgx_sigstruct_body body; 130 }; 131 132 static bool check_crypto_errors(void) 133 { 134 int err; 135 bool had_errors = false; 136 const char *filename; 137 int line; 138 char str[256]; 139 140 for ( ; ; ) { 141 if (ERR_peek_error() == 0) 142 break; 143 144 had_errors = true; 145 err = ERR_get_error_line(&filename, &line); 146 ERR_error_string_n(err, str, sizeof(str)); 147 fprintf(stderr, "crypto: %s: %s:%d\n", str, filename, line); 148 } 149 150 return had_errors; 151 } 152 153 static inline const BIGNUM *get_modulus(RSA *key) 154 { 155 const BIGNUM *n; 156 157 RSA_get0_key(key, &n, NULL, NULL); 158 return n; 159 } 160 161 static RSA *gen_sign_key(void) 162 { 163 unsigned long sign_key_length; 164 BIO *bio; 165 RSA *key; 166 167 sign_key_length = (unsigned long)&sign_key_end - 168 (unsigned long)&sign_key; 169 170 bio = BIO_new_mem_buf(&sign_key, sign_key_length); 171 if (!bio) 172 return NULL; 173 174 key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL); 175 BIO_free(bio); 176 177 return key; 178 } 179 180 enum mrtags { 181 MRECREATE = 0x0045544145524345, 182 MREADD = 0x0000000044444145, 183 MREEXTEND = 0x00444E4554584545, 184 }; 185 186 static bool mrenclave_update(EVP_MD_CTX *ctx, const void *data) 187 { 188 if (!EVP_DigestUpdate(ctx, data, 64)) { 189 fprintf(stderr, "digest update failed\n"); 190 return false; 191 } 192 193 return true; 194 } 195 196 static bool mrenclave_commit(EVP_MD_CTX *ctx, uint8_t *mrenclave) 197 { 198 unsigned int size; 199 200 if (!EVP_DigestFinal_ex(ctx, (unsigned char *)mrenclave, &size)) { 201 fprintf(stderr, "digest commit failed\n"); 202 return false; 203 } 204 205 if (size != 32) { 206 fprintf(stderr, "invalid digest size = %u\n", size); 207 return false; 208 } 209 210 return true; 211 } 212 213 struct mrecreate { 214 uint64_t tag; 215 uint32_t ssaframesize; 216 uint64_t size; 217 uint8_t reserved[44]; 218 } __attribute__((__packed__)); 219 220 221 static bool mrenclave_ecreate(EVP_MD_CTX *ctx, uint64_t blob_size) 222 { 223 struct mrecreate mrecreate; 224 uint64_t encl_size; 225 226 for (encl_size = 0x1000; encl_size < blob_size; ) 227 encl_size <<= 1; 228 229 memset(&mrecreate, 0, sizeof(mrecreate)); 230 mrecreate.tag = MRECREATE; 231 mrecreate.ssaframesize = 1; 232 mrecreate.size = encl_size; 233 234 if (!EVP_DigestInit_ex(ctx, EVP_sha256(), NULL)) 235 return false; 236 237 return mrenclave_update(ctx, &mrecreate); 238 } 239 240 struct mreadd { 241 uint64_t tag; 242 uint64_t offset; 243 uint64_t flags; /* SECINFO flags */ 244 uint8_t reserved[40]; 245 } __attribute__((__packed__)); 246 247 static bool mrenclave_eadd(EVP_MD_CTX *ctx, uint64_t offset, uint64_t flags) 248 { 249 struct mreadd mreadd; 250 251 memset(&mreadd, 0, sizeof(mreadd)); 252 mreadd.tag = MREADD; 253 mreadd.offset = offset; 254 mreadd.flags = flags; 255 256 return mrenclave_update(ctx, &mreadd); 257 } 258 259 struct mreextend { 260 uint64_t tag; 261 uint64_t offset; 262 uint8_t reserved[48]; 263 } __attribute__((__packed__)); 264 265 static bool mrenclave_eextend(EVP_MD_CTX *ctx, uint64_t offset, 266 const uint8_t *data) 267 { 268 struct mreextend mreextend; 269 int i; 270 271 for (i = 0; i < 0x1000; i += 0x100) { 272 memset(&mreextend, 0, sizeof(mreextend)); 273 mreextend.tag = MREEXTEND; 274 mreextend.offset = offset + i; 275 276 if (!mrenclave_update(ctx, &mreextend)) 277 return false; 278 279 if (!mrenclave_update(ctx, &data[i + 0x00])) 280 return false; 281 282 if (!mrenclave_update(ctx, &data[i + 0x40])) 283 return false; 284 285 if (!mrenclave_update(ctx, &data[i + 0x80])) 286 return false; 287 288 if (!mrenclave_update(ctx, &data[i + 0xC0])) 289 return false; 290 } 291 292 return true; 293 } 294 295 static bool mrenclave_segment(EVP_MD_CTX *ctx, struct encl *encl, 296 struct encl_segment *seg) 297 { 298 uint64_t end = seg->size; 299 uint64_t offset; 300 301 for (offset = 0; offset < end; offset += PAGE_SIZE) { 302 if (!mrenclave_eadd(ctx, seg->offset + offset, seg->flags)) 303 return false; 304 305 if (seg->measure) { 306 if (!mrenclave_eextend(ctx, seg->offset + offset, seg->src + offset)) 307 return false; 308 } 309 } 310 311 return true; 312 } 313 314 bool encl_measure(struct encl *encl) 315 { 316 uint64_t header1[2] = {0x000000E100000006, 0x0000000000010000}; 317 uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060}; 318 struct sgx_sigstruct *sigstruct = &encl->sigstruct; 319 struct sgx_sigstruct_payload payload; 320 uint8_t digest[SHA256_DIGEST_LENGTH]; 321 EVP_MD_CTX *ctx = NULL; 322 unsigned int siglen; 323 RSA *key = NULL; 324 int i; 325 326 memset(sigstruct, 0, sizeof(*sigstruct)); 327 328 sigstruct->header.header1[0] = header1[0]; 329 sigstruct->header.header1[1] = header1[1]; 330 sigstruct->header.header2[0] = header2[0]; 331 sigstruct->header.header2[1] = header2[1]; 332 sigstruct->exponent = 3; 333 sigstruct->body.attributes = SGX_ATTR_MODE64BIT; 334 sigstruct->body.xfrm = 3; 335 336 /* sanity check */ 337 if (check_crypto_errors()) 338 goto err; 339 340 key = gen_sign_key(); 341 if (!key) { 342 ERR_print_errors_fp(stdout); 343 goto err; 344 } 345 346 BN_bn2bin(get_modulus(key), sigstruct->modulus); 347 348 ctx = EVP_MD_CTX_create(); 349 if (!ctx) 350 goto err; 351 352 if (!mrenclave_ecreate(ctx, encl->src_size)) 353 goto err; 354 355 for (i = 0; i < encl->nr_segments; i++) { 356 struct encl_segment *seg = &encl->segment_tbl[i]; 357 358 if (!mrenclave_segment(ctx, encl, seg)) 359 goto err; 360 } 361 362 if (!mrenclave_commit(ctx, sigstruct->body.mrenclave)) 363 goto err; 364 365 memcpy(&payload.header, &sigstruct->header, sizeof(sigstruct->header)); 366 memcpy(&payload.body, &sigstruct->body, sizeof(sigstruct->body)); 367 368 SHA256((unsigned char *)&payload, sizeof(payload), digest); 369 370 if (!RSA_sign(NID_sha256, digest, SHA256_DIGEST_LENGTH, 371 sigstruct->signature, &siglen, key)) 372 goto err; 373 374 if (!calc_q1q2(sigstruct->signature, sigstruct->modulus, sigstruct->q1, 375 sigstruct->q2)) 376 goto err; 377 378 /* BE -> LE */ 379 reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE); 380 reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE); 381 382 EVP_MD_CTX_destroy(ctx); 383 RSA_free(key); 384 return true; 385 386 err: 387 if (ctx) 388 EVP_MD_CTX_destroy(ctx); 389 RSA_free(key); 390 return false; 391 } 392

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/tools/testing/selftests/sgx/sigstruct.c

TOMOYO Linux Cross Reference
Linux/tools/testing/selftests/sgx/sigstruct.c