selftests/sgx: Use a statically generated 3072-bit RSA key

author Jarkko Sakkinen <jarkko@kernel.org>

Wed, 18 Nov 2020 17:06:40 +0000 (19:06 +0200)

committer Borislav Petkov <bp@suse.de>

Wed, 18 Nov 2020 17:26:00 +0000 (18:26 +0100)
author Jarkko Sakkinen <jarkko@kernel.org>
Wed, 18 Nov 2020 17:06:40 +0000 (19:06 +0200)
committer Borislav Petkov <bp@suse.de>
Wed, 18 Nov 2020 17:26:00 +0000 (18:26 +0100)
diff --git a/tools/testing/selftests/sgx/Makefile b/tools/testing/selftests/sgx/Makefile

index d51c90663943a2e40bbe238b56ce32469e1fcc79..7f12d55b97f867523f6351bce9a4b786b9e34538 100644 (file)
--- a/tools/testing/selftests/sgx/Makefile
+++ b/tools/testing/selftests/sgx/Makefile
@@ -25,7 +25,8 @@ endif
  $(OUTPUT)/test_sgx: $(OUTPUT)/main.o \
                     $(OUTPUT)/load.o \
                     $(OUTPUT)/sigstruct.o \
-                   $(OUTPUT)/call.o
+                   $(OUTPUT)/call.o \
+                   $(OUTPUT)/sign_key.o
         $(CC) $(HOST_CFLAGS) -o $@ $^ -lcrypto
  
  $(OUTPUT)/main.o: main.c
@@ -40,6 +41,9 @@ $(OUTPUT)/sigstruct.o: sigstruct.c
  $(OUTPUT)/call.o: call.S
         $(CC) $(HOST_CFLAGS) -c $< -o $@
  
+$(OUTPUT)/sign_key.o: sign_key.S
+       $(CC) $(HOST_CFLAGS) -c $< -o $@
+
  $(OUTPUT)/test_encl.elf: test_encl.lds test_encl.c test_encl_bootstrap.S
         $(CC) $(ENCL_CFLAGS) -T $^ -o $@
  
diff --git a/tools/testing/selftests/sgx/main.h b/tools/testing/selftests/sgx/main.h

index 45e6ab65442a494b323eb8eae7a2f09e01b12cf2..67211a708f04846d5d5aa632480d0be6efb05d88 100644 (file)
--- a/tools/testing/selftests/sgx/main.h
+++ b/tools/testing/selftests/sgx/main.h
@@ -27,6 +27,9 @@ struct encl {
         struct sgx_sigstruct sigstruct;
  };
  
+extern unsigned char sign_key[];
+extern unsigned char sign_key_end[];
+
  void encl_delete(struct encl *ctx);
  bool encl_load(const char *path, struct encl *encl);
  bool encl_measure(struct encl *encl);
diff --git a/tools/testing/selftests/sgx/sign_key.S b/tools/testing/selftests/sgx/sign_key.S

new file mode 100644 (file)

index 0000000..e4fbe94
--- /dev/null
+++ b/tools/testing/selftests/sgx/sign_key.S
@@ -0,0 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+/**
+* Copyright(c) 2016-20 Intel Corporation.
+*/
+
+    .section ".rodata", "a"
+
+sign_key:
+    .globl sign_key
+    .incbin "sign_key.pem"
+sign_key_end:
+    .globl sign_key_end
diff --git a/tools/testing/selftests/sgx/sign_key.pem b/tools/testing/selftests/sgx/sign_key.pem

new file mode 100644 (file)

index 0000000..d76f21f
--- /dev/null
+++ b/tools/testing/selftests/sgx/sign_key.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEApalGbq7Q+usM91CPtksu3D+b0Prc8gAFL6grM3mg85A5Bx8V
+cfMXPgtrw8EYFwQxDAvzZWwl+9VfOX0ECrFRBkOHcOiG0SnADN8+FLj1UiNUQwbp
+S6OzhNWuRcSbGraSOyUlVlV0yMQSvewyzGklOaXBe30AJqzIBc8QfdSxKuP8rs0Z
+ga6k/Bl73osrYKByILJTUUeZqjLERsE6GebsdzbWgKn8qVqng4ZS4yMNg6LeRlH3
++9CIPgg4jwpSLHcp7dq2qTIB9a0tGe9ayp+5FbucpB6U7ePold0EeRN6RlJGDF9k
+L93v8P5ykz5G5gYZ2g0K1X2sHIWV4huxPgv5PXgdyQYbK+6olqj0d5rjYuwX57Ul
+k6SroPS1U6UbdCjG5txM+BNGU0VpD0ZhrIRw0leQdnNcCO9sTJuInZrgYacSVJ7u
+mtB+uCt+uzUesc+l+xPRYA+9e14lLkZp7AAmo9FvL816XDI09deehJ3i/LmHKCRN
+tuqC5TprRjFwUr6dAgEDAoIBgG5w2Z8fNfycs0+LCnmHdJLVEotR6KFVWMpwHMz7
+wKJgJgS/Y6FMuilc8oKAuroCy11dTO5IGVKOP3uorVx2NgQtBPXwWeDGgAiU1A3Q
+o4wXjYIEm4fCd63jyYPYZ2ckYXzDbjmOTdstYdPyzIhGGNEZK6eoqsRzMAPfYFPj
+IMdCqHSIu6vJw1K7p+myHOsVoWshjODaZnF3LYSA0WaZ8vokjwBxUxuRxQJZjJds
+s60XPtmL+qfgWtQFewoG4XL6GuD8FcXccynRRtzrLtFNPIl9BQfWfjBBhTC1/Te1
+0Z6XbZvpdUTD9OfLB7SbR2OUFNpKQgriO0iYVdbW3cr7uu38Zwp4W1TX73DPjoi6
+KNooP6SGWd4mRJW2+dUmSYS4QNG8eVVZswKcploEIXlAKRsOe4kzJJ1iETugIe85
+uX8nd1WYEp65xwoRUg8hqng0MeyveVbXqNKuJG6tzNDt9kgFYo+hmC/oouAW2Dtc
+T9jdRAwKJXqA2Eg6OkgXCEv+kwKBwQDYaQiFMlFhsmLlqI+EzCUh7c941/cL7m6U
+7j98+8ngl0HgCEcrc10iJVCKakQW3YbPzAx3XkKTaGjWazvvrFarXIGlOud64B8a
+iWyQ7VdlnmZnNEdk+C83tI91OQeaTKqRLDGzKh29Ry/jL8Pcbazt+kDgxa0H7qJp
+roADUanLQuNkYubpbhFBh3xpa2EExaVq6rF7nIVsD8W9TrbmPKA4LgH7z0iy544D
+kVCNYsTjYDdUWP+WiSor8kCnnpjnN9sCgcEAw/eNezUD1UDf6OYFC9+5JZJFn4Tg
+mZMyN93JKIb199ffwnjtHUSjcyiWeesXucpzwtGbTcwQnDisSW4oneYKLSEBlBaq
+scqiUugyGZZOthFSCbdXYXMViK2vHrKlkse7GxVlROKcEhM/pRBrmjaGO8eWR+D4
+FO2wCXzVs3KgV6j779frw0vC54oHOxc9+Lu1rSHp4i+600koyvL/zF6U/5tZXIvN
+YW2yoiQJnjCmVA1pwbwV6KAUTPDTMnBK+YjnAoHBAJBGBa4hi5Z27JkbCliIGMFJ
+NPs6pLKe9GNJf6in2+sPgUAFhMeiPhbDiwbxgrnpBIqICE+ULGJFmzmc0p/IOceT
+ARjR76dAFLxbnbXzj5kURETNhO36yiUjCk4mBRGIcbYddndxaSjaH+zKgpLzyJ6m
+1esuc1qfFvEfAAI2cTIsl5hB70ZJYNZaUvDyQK3ZGPHxy6e9rkgKg9OJz0QoatAe
+q/002yHvtAJg4F5B2JeVejg7VQ8GHB1MKxppu0TP5wKBwQCCpQj8zgKOKz/wmViy
+lSYZDC5qWJW7t3bP6TDFr06lOpUsUJ4TgxeiGw778g/RMaKB4RIz3WBoJcgw9BsT
+7rFza1ZiucchMcGMmswRDt8kC4wGejpA92Owc8oUdxkMhSdnY5jYlxK2t3/DYEe8
+JFl9L7mFQKVjSSAGUzkiTGrlG1Kf5UfXh9dFBq98uilQfSPIwUaWynyM23CHTKqI
+Pw3/vOY9sojrnncWwrEUIG7is5vWfWPwargzSzd29YdRBe8CgcEAuRVewK/YeNOX
+B7ZG6gKKsfsvrGtY7FPETzLZAHjoVXYNea4LVZ2kn4hBXXlvw/4HD+YqcTt4wmif
+5JQlDvjNobUiKJZpzy7hklVhF7wZFl4pCF7Yh43q9iQ7gKTaeUG7MiaK+G8Zz8aY
+HW9rsiihbdZkccMvnPfO9334XMxl3HtBRzLstjUlbLB7Sdh+7tZ3JQidCOFNs5pE
+XyWwnASPu4tKfDahH1UUTp1uJcq/6716CSWg080avYxFcn75qqsb
+-----END RSA PRIVATE KEY-----
diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c

index cc06f108bae75de6451682961b817e091ef4f685..dee7a3d6c5a5f8d8505b174dfdcdbf4e4fe2c4df 100644 (file)
--- a/tools/testing/selftests/sgx/sigstruct.c
+++ b/tools/testing/selftests/sgx/sigstruct.c
@@ -135,33 +135,21 @@ static inline const BIGNUM *get_modulus(RSA *key)
  
  static RSA *gen_sign_key(void)
  {
-       BIGNUM *e;
+       unsigned long sign_key_length;
+       BIO *bio;
         RSA *key;
-       int ret;
  
-       e = BN_new();
-       key = RSA_new();
+       sign_key_length = (unsigned long)&sign_key_end -
+                         (unsigned long)&sign_key;
  
-       if (!e || !key)
-               goto err;
-
-       ret = BN_set_word(e, RSA_3);
-       if (ret != 1)
-               goto err;
-
-       ret = RSA_generate_key_ex(key, 3072, e, NULL);
-       if (ret != 1)
-               goto err;
+       bio = BIO_new_mem_buf(&sign_key, sign_key_length);
+       if (!bio)
+               return NULL;
  
-       BN_free(e);
+       key = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL);
+       BIO_free(bio);
  
         return key;
-
-err:
-       RSA_free(key);
-       BN_free(e);
-
-       return NULL;
  }
  
  static void reverse_bytes(void *data, int length)
@@ -339,8 +327,10 @@ bool encl_measure(struct encl *encl)
                 goto err;
  
         key = gen_sign_key();
-       if (!key)
+       if (!key) {
+               ERR_print_errors_fp(stdout);
                 goto err;
+       }
  
         BN_bn2bin(get_modulus(key), sigstruct->modulus);
author	Jarkko Sakkinen <jarkko@kernel.org>
	Wed, 18 Nov 2020 17:06:40 +0000 (19:06 +0200)
committer	Borislav Petkov <bp@suse.de>
	Wed, 18 Nov 2020 17:26:00 +0000 (18:26 +0100)
tools/testing/selftests/sgx/Makefile		patch \| blob \| history
tools/testing/selftests/sgx/main.h		patch \| blob \| history
tools/testing/selftests/sgx/sign_key.S	[new file with mode: 0644]	patch \| blob
tools/testing/selftests/sgx/sign_key.pem	[new file with mode: 0644]	patch \| blob
tools/testing/selftests/sgx/sigstruct.c		patch \| blob \| history