* [PATCH] selftests/x86: Generate an RSA key on fly
@ 2020-03-19 2:33 Jarkko Sakkinen
2020-03-19 2:52 ` Jarkko Sakkinen
0 siblings, 1 reply; 2+ messages in thread
From: Jarkko Sakkinen @ 2020-03-19 2:33 UTC (permalink / raw)
To: linux-sgx; +Cc: Jarkko Sakkinen, Sean Christopherson
Modify the signing tool to generate an RSA key on fly because that is
require for the selftest.
Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
Tested only for compilation.
tools/testing/selftests/x86/sgx/Makefile | 2 +-
tools/testing/selftests/x86/sgx/sgxsign.c | 55 ++++++++-----------
.../testing/selftests/x86/sgx/signing_key.pem | 39 -------------
3 files changed, 25 insertions(+), 71 deletions(-)
delete mode 100644 tools/testing/selftests/x86/sgx/signing_key.pem
diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile
index f838700029e2..ff0136310c2b 100644
--- a/tools/testing/selftests/x86/sgx/Makefile
+++ b/tools/testing/selftests/x86/sgx/Makefile
@@ -31,7 +31,7 @@ $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
$(CC) $(ENCL_CFLAGS) -T $^ -o $@
$(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin
- $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
+ $(OUTPUT)/sgxsign $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
$(OUTPUT)/sgxsign: sgxsign.c
$(CC) $(INCLUDES) -o $@ $< -lcrypto
diff --git a/tools/testing/selftests/x86/sgx/sgxsign.c b/tools/testing/selftests/x86/sgx/sgxsign.c
index 3d9007af40c9..8d62437186ed 100644
--- a/tools/testing/selftests/x86/sgx/sgxsign.c
+++ b/tools/testing/selftests/x86/sgx/sgxsign.c
@@ -60,29 +60,35 @@ static inline const BIGNUM *get_modulus(RSA *key)
#endif
}
-static RSA *load_sign_key(const char *path)
+static RSA *gen_sign_key(void)
{
- FILE *f;
+ BIGNUM *e;
RSA *key;
+ int ret;
- f = fopen(path, "rb");
- if (!f) {
- fprintf(stderr, "Unable to open %s\n", path);
- return NULL;
- }
+ e = BN_new();
key = RSA_new();
- if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL))
- return NULL;
- fclose(f);
- if (BN_num_bytes(get_modulus(key)) != SGX_MODULUS_SIZE) {
- fprintf(stderr, "Invalid key size %d\n",
- BN_num_bytes(get_modulus(key)));
- RSA_free(key);
- return NULL;
- }
+ if (!e || !key)
+ goto err;
+
+ ret = BN_set_word(e, RSA_F4);
+ if (ret != 1)
+ goto err;
+
+ ret = RSA_generate_key_ex(key, 3072, e, NULL);
+ if (ret != 1)
+ goto err;
+
+ BN_free(e);
return key;
+
+err:
+ RSA_free(key);
+ BN_free(e);
+
+ return NULL;
}
static void reverse_bytes(void *data, int length)
@@ -424,8 +430,8 @@ int main(int argc, char **argv)
uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
struct sgx_sigstruct ss;
const char *program;
- int opt;
RSA *sign_key;
+ int opt;
memset(&ss, 0, sizeof(ss));
ss.header.header1[0] = header1[0];
@@ -443,19 +449,6 @@ int main(int argc, char **argv)
program = argv[0];
- do {
- opt = getopt(argc, argv, "");
- switch (opt) {
- case -1:
- break;
- default:
- exit_usage(program);
- }
- } while (opt != -1);
-
- argc -= optind;
- argv += optind;
-
if (argc < 3)
exit_usage(program);
@@ -463,7 +456,7 @@ int main(int argc, char **argv)
if (check_crypto_errors())
exit(1);
- sign_key = load_sign_key(argv[0]);
+ sign_key = gen_sign_key();
if (!sign_key)
goto out;
diff --git a/tools/testing/selftests/x86/sgx/signing_key.pem b/tools/testing/selftests/x86/sgx/signing_key.pem
deleted file mode 100644
index d76f21f19187..000000000000
--- a/tools/testing/selftests/x86/sgx/signing_key.pem
+++ /dev/null
@@ -1,39 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEApalGbq7Q+usM91CPtksu3D+b0Prc8gAFL6grM3mg85A5Bx8V
-cfMXPgtrw8EYFwQxDAvzZWwl+9VfOX0ECrFRBkOHcOiG0SnADN8+FLj1UiNUQwbp
-S6OzhNWuRcSbGraSOyUlVlV0yMQSvewyzGklOaXBe30AJqzIBc8QfdSxKuP8rs0Z
-ga6k/Bl73osrYKByILJTUUeZqjLERsE6GebsdzbWgKn8qVqng4ZS4yMNg6LeRlH3
-+9CIPgg4jwpSLHcp7dq2qTIB9a0tGe9ayp+5FbucpB6U7ePold0EeRN6RlJGDF9k
-L93v8P5ykz5G5gYZ2g0K1X2sHIWV4huxPgv5PXgdyQYbK+6olqj0d5rjYuwX57Ul
-k6SroPS1U6UbdCjG5txM+BNGU0VpD0ZhrIRw0leQdnNcCO9sTJuInZrgYacSVJ7u
-mtB+uCt+uzUesc+l+xPRYA+9e14lLkZp7AAmo9FvL816XDI09deehJ3i/LmHKCRN
-tuqC5TprRjFwUr6dAgEDAoIBgG5w2Z8fNfycs0+LCnmHdJLVEotR6KFVWMpwHMz7
-wKJgJgS/Y6FMuilc8oKAuroCy11dTO5IGVKOP3uorVx2NgQtBPXwWeDGgAiU1A3Q
-o4wXjYIEm4fCd63jyYPYZ2ckYXzDbjmOTdstYdPyzIhGGNEZK6eoqsRzMAPfYFPj
-IMdCqHSIu6vJw1K7p+myHOsVoWshjODaZnF3LYSA0WaZ8vokjwBxUxuRxQJZjJds
-s60XPtmL+qfgWtQFewoG4XL6GuD8FcXccynRRtzrLtFNPIl9BQfWfjBBhTC1/Te1
-0Z6XbZvpdUTD9OfLB7SbR2OUFNpKQgriO0iYVdbW3cr7uu38Zwp4W1TX73DPjoi6
-KNooP6SGWd4mRJW2+dUmSYS4QNG8eVVZswKcploEIXlAKRsOe4kzJJ1iETugIe85
-uX8nd1WYEp65xwoRUg8hqng0MeyveVbXqNKuJG6tzNDt9kgFYo+hmC/oouAW2Dtc
-T9jdRAwKJXqA2Eg6OkgXCEv+kwKBwQDYaQiFMlFhsmLlqI+EzCUh7c941/cL7m6U
-7j98+8ngl0HgCEcrc10iJVCKakQW3YbPzAx3XkKTaGjWazvvrFarXIGlOud64B8a
-iWyQ7VdlnmZnNEdk+C83tI91OQeaTKqRLDGzKh29Ry/jL8Pcbazt+kDgxa0H7qJp
-roADUanLQuNkYubpbhFBh3xpa2EExaVq6rF7nIVsD8W9TrbmPKA4LgH7z0iy544D
-kVCNYsTjYDdUWP+WiSor8kCnnpjnN9sCgcEAw/eNezUD1UDf6OYFC9+5JZJFn4Tg
-mZMyN93JKIb199ffwnjtHUSjcyiWeesXucpzwtGbTcwQnDisSW4oneYKLSEBlBaq
-scqiUugyGZZOthFSCbdXYXMViK2vHrKlkse7GxVlROKcEhM/pRBrmjaGO8eWR+D4
-FO2wCXzVs3KgV6j779frw0vC54oHOxc9+Lu1rSHp4i+600koyvL/zF6U/5tZXIvN
-YW2yoiQJnjCmVA1pwbwV6KAUTPDTMnBK+YjnAoHBAJBGBa4hi5Z27JkbCliIGMFJ
-NPs6pLKe9GNJf6in2+sPgUAFhMeiPhbDiwbxgrnpBIqICE+ULGJFmzmc0p/IOceT
-ARjR76dAFLxbnbXzj5kURETNhO36yiUjCk4mBRGIcbYddndxaSjaH+zKgpLzyJ6m
-1esuc1qfFvEfAAI2cTIsl5hB70ZJYNZaUvDyQK3ZGPHxy6e9rkgKg9OJz0QoatAe
-q/002yHvtAJg4F5B2JeVejg7VQ8GHB1MKxppu0TP5wKBwQCCpQj8zgKOKz/wmViy
-lSYZDC5qWJW7t3bP6TDFr06lOpUsUJ4TgxeiGw778g/RMaKB4RIz3WBoJcgw9BsT
-7rFza1ZiucchMcGMmswRDt8kC4wGejpA92Owc8oUdxkMhSdnY5jYlxK2t3/DYEe8
-JFl9L7mFQKVjSSAGUzkiTGrlG1Kf5UfXh9dFBq98uilQfSPIwUaWynyM23CHTKqI
-Pw3/vOY9sojrnncWwrEUIG7is5vWfWPwargzSzd29YdRBe8CgcEAuRVewK/YeNOX
-B7ZG6gKKsfsvrGtY7FPETzLZAHjoVXYNea4LVZ2kn4hBXXlvw/4HD+YqcTt4wmif
-5JQlDvjNobUiKJZpzy7hklVhF7wZFl4pCF7Yh43q9iQ7gKTaeUG7MiaK+G8Zz8aY
-HW9rsiihbdZkccMvnPfO9334XMxl3HtBRzLstjUlbLB7Sdh+7tZ3JQidCOFNs5pE
-XyWwnASPu4tKfDahH1UUTp1uJcq/6716CSWg080avYxFcn75qqsb
------END RSA PRIVATE KEY-----
--
2.25.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] selftests/x86: Generate an RSA key on fly
2020-03-19 2:33 [PATCH] selftests/x86: Generate an RSA key on fly Jarkko Sakkinen
@ 2020-03-19 2:52 ` Jarkko Sakkinen
0 siblings, 0 replies; 2+ messages in thread
From: Jarkko Sakkinen @ 2020-03-19 2:52 UTC (permalink / raw)
To: linux-sgx; +Cc: Sean Christopherson
On Thu, Mar 19, 2020 at 04:33:06AM +0200, Jarkko Sakkinen wrote:
> Modify the signing tool to generate an RSA key on fly because that is
> require for the selftest.
>
> Cc: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
The bigger idea is to combine sgxsign and the test program. The enclave
can be measured and sigstruct can be calculated in the exact same loop.
After this change has been merged it is somewhat trivial change to do.
This results way way more robust test program (e.g. easy to generate
dynamically enclaves of different sizes).
/Jarkko
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-03-19 2:52 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-19 2:33 [PATCH] selftests/x86: Generate an RSA key on fly Jarkko Sakkinen
2020-03-19 2:52 ` Jarkko Sakkinen
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).