Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.
1499 Discussions

How do I fill in the sgx_rsa3072_key_t and sgx_rsa3072_public_key correctly?

lap
Beginner
‎07-24-2021 06:55 AM
2,104 Views
Solved Jump to solution

I generated a pair of RSA 3072 public and private keys with OpenSSL. Now I read them into my program through the API and save them in RSA. Then I passed BN_ bn2bin() converts e, d and mod of RSA to uint8_ t array and fill it into e,d and mod of sgx_ rsa3072_ key_ t , then I signed and verified a piece of data, but I didn't pass the verification. Is there a problem with my filling method?

This is a part of my code :

   RSA *openssl_pubkey,*openssl_prikey;
    openssl_pubkey=arpv2_init_RSA_public_key_file("./Resource/rsa3072_public.pem");
    openssl_prikey=arpv2_init_RSA_private_key_file("./Resource/rsa3072_private.pem");
    sgx_rsa3072_key_t sgx_prikey,*p_sgx_prikey;
    sgx_rsa3072_public_key_t sgx_pubkey,*p_sgx_pubkey;
    p_sgx_prikey = &sgx_prikey;
    p_sgx_pubkey = &sgx_pubkey;

    int len_n = BN_bn2bin(openssl_pubkey->n,sgx_pubkey.mod);
    int len_e = BN_bn2bin(openssl_pubkey->e,sgx_pubkey.exp);
    int len_d = BN_bn2bin(openssl_prikey->d,sgx_prikey.d);
    BN_bn2bin(openssl_prikey->e,sgx_prikey.e);
    BN_bn2bin(openssl_prikey->n,sgx_prikey.mod);

    reverse_str(384,sgx_pubkey.mod);
    reverse_str(4,sgx_pubkey.exp);
    reverse_str(384,sgx_prikey.mod);
    reverse_str(384,sgx_prikey.d);
    reverse_str(4,sgx_prikey.e);

void reverse_str(int len,uint8_t *str)
{
    uint8_t tmp;
    for(int i=0;i<len/2;i++)
    {
        tmp = str[i];
        str[i] = str[len-i-1];
        str[len-i-1] = tmp;
    }
}

 How can I correctly write this part of code?

Labels (2)
Labels:
0 Kudos
1 Solution
lap
Beginner
‎07-28-2021 08:58 AM
2,048 Views
Solved Jump to solution
In response to JesusG_Intel

Hi JesusG_Intel

I have already solve my problem, thank you for your concern.

Sincerely,

lap

View solution in original post

In response to JesusG_Intel
0 Kudos
Copy link

Link Copied

3 Replies
JesusG_Intel
Moderator
‎07-26-2021 08:39 AM
2,074 Views
Solved Jump to solution

Hello lap,

 

Show us how you use the rest of the API to sign and verify the data with sgx_status_t sgx_rsa3072_sign and 
 sgx_status_t sgx_rsa3072_verify, and the error code or result you receive.

 

Sincerely,

Jesus G.

Intel Customer Support

 

 

0 Kudos
Copy link
lap
Beginner
‎07-28-2021 08:58 AM
2,049 Views
Solved Jump to solution
In response to JesusG_Intel

Hi JesusG_Intel

I have already solve my problem, thank you for your concern.

Sincerely,

lap

In response to JesusG_Intel
0 Kudos
Copy link
JesusG_Intel
Moderator
‎07-29-2021 06:45 AM
2,030 Views
Solved Jump to solution

This thread has been marked as answered and Intel will no longer monitor this thread. If you want a response from Intel in a follow-up question, please open a new thread.


0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.