Intel® Software Guard Extensions (Intel® SGX)
Discussion board focused on hardware-based isolation and memory encryption to provide extended code protection in solutions.

Signature Padding in SGX

SAM_R_2
Beginner
515 Views

Hi,

From this white paper : https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealing

If you look at Table 2-2 in the reference, it mentions that the padding in the SECS is derived from the signature (presumably from the SIGSTRUCT).

- Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
515 Views

Hi Sam,

Signature Padding is included as an additional defense against padding attacks on the SIGSTRUCT signature. The signature padding being included in SGX keys results in the key being bound to a correctly composed signature over the enclave’s SIGSTRUCT and not key that signed the contents of SIGSTRUCT [MRSIGNER] or ISVSVN. 

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

0 Kudos
2 Replies
Surenthar_S_Intel
516 Views

Hi Sam,

Signature Padding is included as an additional defense against padding attacks on the SIGSTRUCT signature. The signature padding being included in SGX keys results in the key being bound to a correctly composed signature over the enclave’s SIGSTRUCT and not key that signed the contents of SIGSTRUCT [MRSIGNER] or ISVSVN. 

Thanks and Regards,
Surenthar Selvaraj

0 Kudos
SAM_R_2
Beginner
515 Views

Thanks for your info....

0 Kudos
Reply