C++ (Cpp) secure_free_rsa_pub_key Exemples

Exemple #1

Fichier : ipp_rsa_pub_key.cpp Projet : 0-T-0/linux-sgx

extern "C" IppStatus create_rsa_pub_key(int n_byte_size, int e_byte_size, const Ipp32u *n, const Ipp32u *e, IppsRSAPublicKeyState **new_pub_key)
{
    IppsRSAPublicKeyState *p_pub_key = NULL;
    IppsBigNumState *p_n = NULL, *p_e = NULL;
    int rsa_size = 0;
    if(n_byte_size <= 0 || e_byte_size <= 0 || n == NULL || e == NULL || new_pub_key == NULL)
    {
        return ippStsBadArgErr;
    }

    IppStatus error_code = ippStsNoErr;
    do{
        error_code = newBN(n, n_byte_size, &p_n);
        ERROR_BREAK(error_code);
        error_code = newBN(e, e_byte_size, &p_e);
        ERROR_BREAK(error_code);

        error_code = ippsRSA_GetSizePublicKey(n_byte_size * 8, e_byte_size * 8, &rsa_size);
        ERROR_BREAK(error_code);
        p_pub_key = (IppsRSAPublicKeyState *)malloc(rsa_size);
        NULL_BREAK(p_pub_key);
        error_code = ippsRSA_InitPublicKey(n_byte_size * 8, e_byte_size * 8, p_pub_key, rsa_size);
        ERROR_BREAK(error_code);
        error_code = ippsRSA_SetPublicKey(p_n, p_e, p_pub_key);
        ERROR_BREAK(error_code);
    }while(0);
    secure_free_BN(p_n, n_byte_size);
    secure_free_BN(p_e, e_byte_size);
    if(error_code != ippStsNoErr || p_pub_key == NULL)
    {
        if(error_code == ippStsNoErr )
            error_code = ippStsMemAllocErr;

        secure_free_rsa_pub_key(n_byte_size, e_byte_size, p_pub_key);
        return error_code;
    }

    *new_pub_key = p_pub_key;
    return error_code;

}

Exemple #2

Fichier : endpoint_select_info.cpp Projet : daveti/linux-sgx

//The function is to verify the PEK ECDSA Signature and RSA Signature for ES Msg2
//   When PvE uses PEK, it will re-check the ECDSA Signature
//The function will only be called after ES protocol is completed. But it will not be called when reading data back from persitent storage
//@param provision_ttl: The TTL field from ES Msg2 in little endian format
//@param rsa_signature: The RSA Signature in ES Msg2, it is RSA Signature to XID:TTL:provision_url
//@param xid: The transaction id (XID) of the ES Protocol
//@return AE_SUCCESS if signature verification success and passed
//@return PVE_MSG_ERROR if signature verification failed or message error
//other kinds of error code could be returned too due to corresponding error situation
ae_error_t EndpointSelectionInfo::verify_signature(const endpoint_selection_infos_t& es_info, uint8_t xid[XID_SIZE], uint8_t rsa_signature[RSA_3072_KEY_BYTES], uint16_t provision_ttl)
{
    //Do signature verification here
    ae_error_t ae_err = AE_SUCCESS;
    IppsRSAPublicKeyState *rsa_pub_key = NULL;
    Ipp8u *buffer = NULL;
    int public_key_buffer_size = 0;
    int vr = 0;
    uint16_t ttl=_htons(provision_ttl);
    IppStatus ipp_status = ippStsNoErr;
    uint8_t msg_buf[XID_SIZE + sizeof(ttl) + MAX_PATH];
    uint32_t buf_size = 0;
    extended_epid_group_blob_t xegb;

    memset(&xegb, 0, sizeof(xegb));
    if (AE_SUCCESS != (ae_err=XEGDBlob::instance().read(xegb))){
        return ae_err;
    }

    ae_err = aesm_check_pek_signature(es_info.pek, xegb);
    if(AE_SUCCESS != ae_err){
        AESM_DBG_ERROR("PEK Signature verifcation not passed:%d",ae_err);
        goto ret_point;
    }
    AESM_DBG_INFO("PEK signature verified successfully");
    buf_size = XID_SIZE +static_cast<uint32_t>(sizeof(ttl) + strnlen(es_info.provision_url, MAX_PATH));
    if(0!=memcpy_s(msg_buf,sizeof(msg_buf), xid, XID_SIZE)||
        0!=memcpy_s(msg_buf+XID_SIZE, sizeof(ttl) + MAX_PATH, &ttl, sizeof(ttl))||
        0!=memcpy_s(msg_buf+XID_SIZE+sizeof(ttl),  MAX_PATH, es_info.provision_url, buf_size-XID_SIZE-sizeof(ttl))){
            ae_err = AE_FAILURE;
            AESM_DBG_ERROR("memcpy error");
            goto ret_point;
    }

    ipp_status = get_provision_server_rsa_pub_key_in_ipp_format(es_info.pek, &rsa_pub_key);
    if(ippStsNoErr != ipp_status){
        AESM_DBG_ERROR("Fail to load rsa public key from PEK:%d", ipp_status);
        ae_err = ipp_error_to_ae_error(ipp_status);
        goto ret_point;
    }
    ipp_status = ippsRSA_GetBufferSizePublicKey(&public_key_buffer_size, rsa_pub_key);
    if(ippStsNoErr != ipp_status){
        AESM_DBG_ERROR("Fail to get rsa public key size:%s", ipp_status);
        ae_err = ipp_error_to_ae_error(ipp_status);
        goto ret_point;
    }
    buffer = (Ipp8u *)malloc(public_key_buffer_size);
    if(NULL == buffer){
        AESM_DBG_ERROR("malloc error");
        ae_err = AE_OUT_OF_MEMORY_ERROR;
        goto ret_point;
    }
    ipp_status = ippsRSAVerify_PKCS1v15(msg_buf, buf_size, rsa_signature, &vr, rsa_pub_key, ippHashAlg_SHA256, buffer);
    if(ippStsNoErr != ipp_status){
        AESM_DBG_ERROR("Fail to verify rsa signature:%d", ipp_status);
        ae_err = ipp_error_to_ae_error(ipp_status);
        goto ret_point;
    }
    if(vr == 0){
        AESM_DBG_TRACE("rsa signature verification failed");
        ae_err = PVE_MSG_ERROR;
        goto ret_point;
    }else{
        AESM_DBG_TRACE("rsa signature verification passed");
        ae_err = AE_SUCCESS;
    }
ret_point:
    if(NULL != rsa_pub_key){
        secure_free_rsa_pub_key(RSA_3072_KEY_BYTES, sizeof(uint32_t), rsa_pub_key);
    }
    if(NULL != buffer){
        free(buffer);
    }
    return ae_err;
}