search

intel / linux-sgx

Intel SGX for Linux*
https://www.intel.com/content/www/us/en/developer/tools/software-guard-extensions/linux-overview.html
Other
1.33k stars 544 forks source link

Signature is incorrect from sample_ecdsa_sign #361

Open yyd106 opened 5 years ago

yyd106 commented 5 years ago

I'm trying to calculate the signature by using sample_ecdsa_sign.

static const sample_ec256_private_t g_sp_priv_key = {
    {
        0x90, 0xe7, 0x6c, 0xbb, 0x2d, 0x52, 0xa1, 0xce,
        0x3b, 0x66, 0xde, 0x11, 0x43, 0x9c, 0x87, 0xec,
        0x1f, 0x86, 0x6a, 0x3b, 0x65, 0xb6, 0xae, 0xea,
        0xad, 0x57, 0x34, 0x53, 0xd1, 0x03, 0x8c, 0x01
    }
};
sample_ec256_private_t test_text = {1};
sample_ec256_signature_t test_signature = {{0},{0}};
sample_ret = sample_ecdsa_sign((uint8_t *)&test_text, sizeof(sample_ec256_private_t),
                                       (sample_ec256_private_t *)&g_sp_priv_key,
                                       (sample_ec256_signature_t *)&test_signature,
                                       ecc_state);
memcpy(test_sign_buf,(unsigned char *)&test_signature,sizeof(sample_ec256_signature_t));
Log("\t After Signature: (%s)", ByteArrayToString(test_sign_buf, sizeof(sample_ec256_signature_t)));

But result turns out:

1546918147 INFO  :   Before Signature : (00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
1546918147 INFO  :   Plant text: (0100000000000000000000000000000000000000000000000000000000000000)
1546918147 INFO  :   Private Key: (90e76cbb2d52a1ce3b66de11439c87ec1f866a3b65b6aeeaad573453d1038c01)
1546918147 INFO  :   After Signature: (6a83dc84d44c8abb5e42afee8de9f45771fd7366d7faadfaf21714dd5ab99e97dd3cfc8cd2149ab4b3a787930541cbb0e8462d3f24045543d711c617ae3c9332)

The first 32 byte of signature is totally same as the X-coordinate of SP publicKey g_b6a83dc84d44c8abb5e42afee8de9f45771fd7366d7faadfaf21714dd5ab99e97

I'm also done the ECDSA using same private key in both Python and JS, but obviously, totally different with the sample_ecdsa_sign did. Can anyone help on this?

llly commented 5 years ago

As its name, the sample cryptography functions are only samples and must not be used in production environment. https://github.com/intel/linux-sgx/blob/bcd3c27a6ea204a0dea1fd7cb00ef4880226d87d/sdk/sample_libcrypto/sample_libcrypto.cpp#L112 The random seed is hard coded and same ECC pointer is generated every time. X-coordinate of ECC pubkey and X-coordinate of ECDSA signature are both X-coordinate of a ECC pointer. Then they are the same due to ECC pointers are the same.

yyd106 commented 5 years ago

Thank you @llly for the reply. But from enclave side, it still can verify the signature right? Since the signature is not correct (the X-coordinate is not been calculated in correct way), how could it pass the verification from enclave side?

andyzyb commented 5 years ago

The signature is correct, but it uses a fake random number generator which always generates the same number, so the first 32-bit are always the same.

The sample crypto library is only for a demo and not using random number is to easily debug and reproduce the message. So it should not be used in any product code.