Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

External verification for sgx_rsa3072_sign

Tzannetos
Beginner
644 Views

Hello , 

  i am trying to perform signing inside an enclave with the function sgx_rsa3072_sign and verification outside of the enclave. The code i am using is the following :

void *public_key_rsa = NULL;
void *private_key_rsa = NULL;
const int n_byte_size = 384;
long e = 65537;    
uint8_t e_list[4] = {(uint8_t)(e & 0xFF), (uint8_t)((e >>  & 0xFF), (uint8_t)((e >> 16) & 0xFF), (uint8_t)((e >> 24) & 0xFF)};

unsigned char p_n[n_byte_size] = {0};
unsigned char p_d[n_byte_size] = {0};
unsigned char p_p[n_byte_size] = {0};
unsigned char p_q[n_byte_size] = {0};
unsigned char p_dmp1[n_byte_size] = {0};
unsigned char p_dmq1[n_byte_size] = {0};
unsigned char p_iqmp[n_byte_size] = {0};

char rsaPN[2 * n_byte_size + 1];

void ecall_generateEnclaveRSA_3072_OAEP() {
    
    if(initialized_keys) return;

    sgx_status_t ret_create_key_params = sgx_create_rsa_key_pair(n_byte_size, sizeof(e), p_n, p_d, (unsigned char*)&e, p_p, p_q, p_dmp1, p_dmq1, p_iqmp);
    if (ret_create_key_params != SGX_SUCCESS) {
        printf("Error creting keys (%d)\n", ret_create_key_params);
        // Handle error appropriately
        return;
    }

    sgx_status_t ret_create_private_key = sgx_create_rsa_priv2_key(n_byte_size, sizeof(e), (unsigned char*)&e, p_p, p_q, p_dmp1, p_dmq1, p_iqmp, &private_key_rsa);

    if ( ret_create_private_key != SGX_SUCCESS) {
        printf("Private key generation failed (%d)\n", ret_create_private_key);
        
    }
     
    sgx_status_t ret_create_public_key = sgx_create_rsa_pub1_key(n_byte_size, sizeof(e), p_n, (unsigned char*)&e, &public_key_rsa);

    if ( ret_create_public_key != SGX_SUCCESS) {
        printf("Public key generation failed (%d)\n", ret_create_public_key);
        
    }
    
    for (int i = 0; i < n_byte_size; ++i) {
        // printf("%02X", p_n[n_byte_size-i-1]);
        snprintf(rsaPN + 2 * i, 3, "%02X", p_n[n_byte_size-i-1]);
        
    }
    rsaPN[2*n_byte_size] = '\0';
    

    // Example data to sign
    const unsigned char data_to_sign[] = "Hello, SGX!";
    size_t data_size = sizeof(data_to_sign);

    // Example RSA signature
    sgx_rsa3072_signature_t signature;
    sgx_rsa3072_key_t myPkey;
    sgx_rsa3072_public_key_t myPublic;
    memcpy(myPkey.mod,p_n,n_byte_size);
    memcpy(myPkey.d,p_d,n_byte_size);
    memcpy(myPkey.e,e_list,4);

    memcpy(myPublic.mod, p_n, n_byte_size);
    memcpy(myPublic.exp, e_list, 4);

    // Sign the data using RSA-3072 private key
    sgx_status_t sign_status = sgx_rsa3072_sign(data_to_sign, data_size,&myPkey, &signature);
    if (sign_status != SGX_SUCCESS) {
        // Handle signing error
        printf("Signature creation failed (%d)\n", sign_status);
        return;
    }

    // Verify the signature using RSA-3072 public key
    sgx_rsa_result_t is_valid;
    
    sgx_status_t verify_status = sgx_rsa3072_verify(data_to_sign, data_size, &myPublic, &signature, &is_valid);
    if (verify_status != SGX_SUCCESS) {
        // Handle verification error
        printf("Signature verification failed (%d)\n", verify_status);
        return;
    }

    printf("Signature with correct message is (%d)\n",is_valid);

    // Attempt to verify with wrong message
    const unsigned char wrong_message[] = "Hello, SPX!";

    verify_status = sgx_rsa3072_verify(wrong_message, sizeof(wrong_message), &myPublic, &signature, &is_valid);
    
    if (verify_status != SGX_SUCCESS) {
        // Handle verification error
        printf("Signature verification failed (%d)\n", verify_status);
        return;
    }

    printf("Signature with wrong message is (%d)\n",is_valid);


    printf("The signature as it is %s\n","");
    for(int rr = 0; rr < 384;rr++) {
        printf("%02X",signature[rr]);
    }
    printf("\n%s\n","");

        printf("The signature reversed  %s\n","");
    for(int rr = 0; rr < 384;rr++) {
        printf("%02X",signature[384 - rr - 1]);
    }
    printf("\n%s\n","");


    printf("p_d = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_d[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

    printf("p_n = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_n[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

    printf("p_p = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_p[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

    printf("p_q = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_q[n_byte_size-i-1]);
    }
    printf("\n%s\n","");
    
    printf("p_dmp1 = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_dmp1[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

    printf("p_dmq1 = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_dmq1[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

    printf("p_iqmp = ","");
    for (int i = 0; i < n_byte_size; ++i) {
        printf("%02X", p_iqmp[n_byte_size-i-1]);
    }
    printf("\n%s\n","");

}

that generates the keys and fills the structs. I managed to sign and verify inside the enclave but i need to verify outside of the enclave. To do this currently for demo, i print those variables and pass them to nodejs scripts. But i dont manage to verify externally. The node js example i am using is the following 

const NodeRSA = require('node-rsa');
currentSIg = '4DBA9522505ECBBB24F67598B98F708F9874FF1D84681C3B24940AA57ADAB495FA8EA453E213DE36A28409E198112C799E497EE859C1D4EA58CF77006D786BA627F04B8400E7E4401FB75989E913FC5A1EE6C8E19A677BD2616359BD2AC2DFD9B3891726811027C8D5704B31DF34BFC19D563043444114F27BE1FE4836789FC76A61C999B53EBFA12E79E67FCEC468FB887B97958A48C5EF139B989E3B0C0908182BB62F370A9B95AAD30A11CDF0DDC499E08D431605590F291AC66572296A6C4E381B07C29995992B53995119C9284695D5CBD73F81813EB482F1D0C792B08414F8C5D586A5C2A057077D33C3931360FA781C32CE5E5BE09DA0226237DCD1A3E46B1F1D99CD8995CFC5ACD59DF378B8ADBB998BEE91625A0E919D1A920FB944718ABB4E8DD79A1ABE4B0B1F9E7F57429A0B365AE8B2679D0C7367D68AA0342E57F939986C138A16272DD1F59A167F2860FF01F15D28547EB75EBE90C153CE116037AAC149D1FA6AAEC165614FF46AE802B355728B112B5DDA670434B9003668';
currentSigRev = '683600B9340467DA5D2B118B7255B302E86AF44F6165C1AE6AFAD149C1AA376011CE53C190BE5EB77E54285DF101FF60287F169AF5D12D27168A136C9839F9572E34A08AD667730C9D67B2E85A360B9A42577F9E1F0B4BBE1A9AD78D4EBB8A7144B90F921A9D910E5A6291EE8B99BBADB878F39DD5ACC5CF9589CD991D1F6BE4A3D1DC376222A09DE05B5ECE321C78FA601393C3337D0757A0C2A586D5C5F81484B092C7D0F182B43E81813FD7CBD5954628C9195199532B999599C2071B384E6C6A297265C61A290F590516438DE099C4DDF0CD110AD3AA959B0A372FB62B1808090C3B9E989B13EFC5488A95977B88FB68C4CE7FE6792EA1BF3EB599C9616AC79F783648FEE17BF21441444330569DC1BF34DF314B70D5C8271081261789B3D9DFC22ABD596361D27B679AE1C8E61E5AFC13E98959B71F40E4E700844BF027A66B786D0077CF58EAD4C159E87E499E792C1198E10984A236DE13E253A48EFA95B4DA7AA50A94243B1C68841DFF74988F708FB99875F624BBCB5E502295BA4D';
p_d = '008DC17B6587C5F0CE413B3310C4E784F996B3B4B97B33373C5246CE1C484163F29E9B4E0A8C0D964AA955D84DEAB18E10BC0881F0955FA86F3C0D5B8B231313B2F6648C22A013F581963C9746D73DDB3CD829208662C7CB29FC4AEAAC1EF4F7006D542781992058339B2BF3B1DBBBAD7E06EE71A8AB2975352C9CC115BC525A1BC130939C32FD26AF708CBCE9B16C7F4469722CD0645EA0042331A84D16166AC9FD9B46A92C6DE261AAC95B78CEFC20FC4D7CD902B0509E2EDBC7B4F3C87892BD3323EFBA00229043A8F1D176259ACB3063B41A72F54FC9322EC75C1A6C96A4FF2ADC7F65E439192CB6B118F8059ADEF32CA0DEDB3078D7A4813C29E1C2BEF0715FCFE596785F00D09CDBDDA38FE9EBE276374F1726DDF76B8C1F43F01A96DC6BF4CE888A3EAA83136DF8CD7F5C9546AC18740FB42DD98A010D66D106D616E38ABBEE9C745159F22EDFB12564BBB53DF6FE40756EEE2F241CC34D702BD54EB5D00D7536B7B0F5B34EE584B478D307D2B03BADD89C8359BE1287429785C92041';
p_n = 'E167692FB8B79B280FF597871AFBB04E15BF46A412F5FA55209D9E0816D7BA5C3D4DCAF7D072B2A294DF69F614AAE2FEDEC3F66AADD0AE9A10ACAB15750EA698B569C13CB26D0DA63C03767B1F090F129ADE90321B8442B1BC5A7A610DB89566631BF49B6EB85B27AC51FB0477EF5C94FF156B7906134823FC88A1B474B8962654BF558B91A5EC66B40D00BC5009D7C1D7CADF05AC04CC2431A04528EF209A0A3054B28319958ECDFEAD5B0B64E6759E1A3187F28ADA53799A2D6BB2DDB1103DF0CF7F692EA264CC0368236B778DCA563F6B1748FDC6FF7DED59B0CEFDCAEE16E49549C4E20D2BFE4530C49256B1B8949E01871E364187211B6F6E5A07852C4D9358E2EAD10A320D47646D2A53E465B23DAC01F1275DCDD5458104D27ADB35DBD1AE43A9FF693F7DD17D458324A484615BD265731A25DAF31D6DF311961A43321AF84F70E0D2D15E198C03C7E1561875225939D755F3230A50B00C1A40DB7F2665CA3105D468DC462B8603DFC8CD58DE53644682BF1CB7CAF573666E8D186AB1';
p_p = '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000FD401CF3F07FDDB162BC3BF26D01432D4C873292F9386FD3A98E3AF0D3EF59DD8CB648B5FF13B51C29D1E4BDC38AFD40F492172DECECFEC108E87244A14A527CFC6E19D82363C49EAD66D201FC60C4833393EB4E9CDDDE26473B711B7E9AD7128956329A573C9AE2EFD509424B4FDD6B5CA6939E389857608E6237DF5790782C8F9A567477E3CE269400844D31638863A49181A4CD903597CF3D04EEA3C43F8D44FA311F633FAD2F5E7348EDD098AD267B8190478A2A372AF5C00E92AFC6AD19';
p_q = '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E3D9E6A50B7915931DF449693231FD271145B1961E60DB2E4A31F3ABA00338A8F25533871CD1BA9F9F8EE05EB8668133C9E835ED02D8751CBCDBC904076B07A063A13626C3F9F2B395BD3E247B34F298F6DA70C7F84818918E1AF16ED86E89B34FEE5810027AF1569A07450C1D933D9C5CC8FC8367D3ECBFBAEC237594378C015FAE844C06A8A15F8F48AF0B932A4115E333200D57B3E834A55C728A95F82C538AEA9B7284C13505F382AB0F56CF77B164D1185A6FD710A5EDAE61BEA4A2C559';
p_dmp1 = '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000E09FCA4E7025E9EC19685E3F9381C824D8B91E1990A6074215254B902A5B25394642B45180F2E8F416FFCDC4A7399391D69BF1A5517D902485932F2F42645AAFF37270C7EDF3E304DF46D0C4E426AC86B6EBDF8D75C3B0F400C06F7D74994064779E15FA21A066BD1CFEB75CAED222D1C477177E0232D5659644F5CBCAAE20795DD20616FDF3F7F8EDD35B85E065A926C064333A8AFDFB1B30BCADB0415FA302D98894A383738A57F68D88C52EFD0CAF92628427801C1B9CA626F8861114C699';
p_dmq1 = '0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002BC496AE8B86A5E34DB4B84951D0126DE7BE787F7AB46645FD109D5B1170ACF89F1C48BAA289930CC88C9C82F56F13508C6F63B4748079F69C3CA7DF73415704B33EAB7544DE058603B48774608A6A3381EFB20C67A009C02408FEE9A8FF8AC9FC07AFB8DB911C3CE3779406E0C380E94155865403A4CCEC838E8ABD324C7D43624AD6B4F7EE7A992D9FEBA8108BE456BCFEFC203401A6103ED7845524BBB8600FE64317FB7255AA1FFDB0B85097A7C956B167B92F94A3690C401C1C8FE98879';
p_iqmp = '000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000AFBE46F68C4CAD0F521000A7A3F60220C0456820EF57E1A9A153FB184488B1AA9137D33817C888A93FADBCAC8993DBE5A585F25F4F79FAC4E431C797808B15A36099C2FADB460FAE5A2052998DCF9EEDA65B868D9166D854526DA590385609061C6717BE4C3177408846869C96FAC66EAD4908AEBBEA9449CFFD980A15AD69B6FFDB3E0F6CC000325E23DF9C3991A3B296A2561EAECE50A0C477FF62D18A96494667ED4780A46CD355CB0D13956C0A7D4539F25FCB23AC158CB80B90A4146E53';
e = 65537



// Define your RSA key components
const rsaKey = new NodeRSA();
const rsaComponents = {
    n: Buffer.from(p_n, 'hex'),
    e: e,
    d: Buffer.from(p_d, 'hex'),
    p: Buffer.from(p_p, 'hex'),
    q: Buffer.from(p_q, 'hex'),
    dmp1: Buffer.from(p_dmp1, 'hex'),
    dmq1: Buffer.from(p_dmq1, 'hex'),
    coeff: Buffer.from(p_iqmp, 'hex')
};


rsaKey.importKey(rsaComponents,'components');

let exampleMessage = "Hello, SGX!";
let exampleSig = rsaKey.sign(Buffer.from(exampleMessage,'utf-8'),"buffer");

let exampleVerification = rsaKey.verify(Buffer.from(exampleMessage,'utf-8'),exampleSig);

console.log({exampleVerification});

let exampleWrong = rsaKey.verify(Buffer.from("Wrong",'utf-8'),exampleSig);

console.log({exampleWrong});


let currentVer = rsaKey.verify(Buffer.from(exampleMessage,'utf-8'),Buffer.from(currentSIg,'hex'));
console.log(currentVer);
currentVer = rsaKey.verify(Buffer.from(exampleMessage,'utf-8'),Buffer.from(currentSigRev,'hex'));
console.log(currentVer);


But  the signatures that are produced from the enclave and the node js are diffrerent. I would appreciate some assistance on this matter.

 

0 Kudos
0 Replies
Reply