Intel® Software Guard Extensions (Intel® SGX)
Use hardware-based isolation and memory encryption to provide more code protection in your solutions.

Signature Padding in SGX

SAM_R_2
Beginner
187 Views

Hi,

From this white paper : https://software.intel.com/en-us/articles/innovative-technology-for-cpu-based-attestation-and-sealin...

If you look at Table 2-2 in the reference, it mentions that the padding in the SECS is derived from the signature (presumably from the SIGSTRUCT).

- Thanks

0 Kudos
1 Solution
Surenthar_S_Intel
187 Views

Hi Sam,

Signature Padding is included as an additional defense against padding attacks on the SIGSTRUCT signature. The signature padding being included in SGX keys results in the key being bound to a correctly composed signature over the enclave’s SIGSTRUCT and not key that signed the contents of SIGSTRUCT [MRSIGNER] or ISVSVN. 

Thanks and Regards,
Surenthar Selvaraj

View solution in original post

2 Replies
Surenthar_S_Intel
188 Views

Hi Sam,

Signature Padding is included as an additional defense against padding attacks on the SIGSTRUCT signature. The signature padding being included in SGX keys results in the key being bound to a correctly composed signature over the enclave’s SIGSTRUCT and not key that signed the contents of SIGSTRUCT [MRSIGNER] or ISVSVN. 

Thanks and Regards,
Surenthar Selvaraj

SAM_R_2
Beginner
187 Views

Thanks for your info....

Reply