[bootrom] Sign the SM's public key in compressed format

kkrentz · Sep 20, 2024 · cd54860 · cd54860
1 parent a3d7da6
commit cd54860
Show file tree

Hide file tree

Showing 7 changed files with 16 additions and 10 deletions.
diff --git a/bootrom/bootloader.c b/bootrom/bootloader.c
@@ -55,10 +55,12 @@ void bootloader() {
   {
     sha_256_context_t hash_ctx;
     uint8_t digest[SHA_256_DIGEST_LENGTH];
+    uint8_t sanctum_sm_public_key_compressed[1 + ECC_CURVE_P_256_SIZE];
 
     SHA_256.init(&hash_ctx);
     SHA_256.update(&hash_ctx, sanctum_sm_hash, sizeof(sanctum_sm_hash));
-    SHA_256.update(&hash_ctx, sanctum_sm_public_key, sizeof(sanctum_sm_public_key));
+    uECC_compress(sanctum_sm_public_key, sanctum_sm_public_key_compressed, uECC_CURVE());
+    SHA_256.update(&hash_ctx, sanctum_sm_public_key_compressed, sizeof(sanctum_sm_public_key_compressed));
     SHA_256.finalize(&hash_ctx, digest);
     // Sign (H_SM, PK_SM) with SK_D
     if (!uECC_sign(sanctum_dev_secret_key, digest, sizeof(digest), sanctum_sm_signature, uECC_CURVE())) {

diff --git a/sdk/include/verifier/Keys.hpp b/sdk/include/verifier/Keys.hpp
@@ -13,6 +13,7 @@ typedef unsigned char byte;
 #define MDSIZE (SHA_256_DIGEST_LENGTH)
 #define SIGNATURE_SIZE (ECC_CURVE_P_256_SIZE * 2)
 #define PUBLIC_KEY_SIZE (ECC_CURVE_P_256_SIZE * 2)
+#define PUBLIC_KEY_COMPRESSED_SIZE (1 + ECC_CURVE_P_256_SIZE)
 
 class PublicKey {
  public:

diff --git a/sdk/include/verifier/Report.hpp b/sdk/include/verifier/Report.hpp
@@ -18,7 +18,7 @@ struct enclave_report_t {
 
 struct sm_report_t {
   byte hash[MDSIZE];
-  byte public_key[PUBLIC_KEY_SIZE];
+  byte public_key[PUBLIC_KEY_COMPRESSED_SIZE];
   byte signature[SIGNATURE_SIZE];
 };
 

diff --git a/sdk/src/verifier/Report.cpp b/sdk/src/verifier/Report.cpp
@@ -48,7 +48,7 @@ Report::fromJson(std::string jsonstr) {
   std::string sm_hash = json["security_monitor"]["hash"].string_value();
   HexToBytes(report.sm.hash, MDSIZE, sm_hash);
   std::string sm_pubkey = json["security_monitor"]["pubkey"].string_value();
-  HexToBytes(report.sm.public_key, PUBLIC_KEY_SIZE, sm_pubkey);
+  HexToBytes(report.sm.public_key, PUBLIC_KEY_COMPRESSED_SIZE, sm_pubkey);
   std::string sm_signature =
       json["security_monitor"]["signature"].string_value();
   HexToBytes(report.sm.signature, SIGNATURE_SIZE, sm_signature);
@@ -78,7 +78,7 @@ Report::stringfy() {
           "security_monitor",
           Json::object{
               {"hash", BytesToHex(report.sm.hash, MDSIZE)},
-              {"pubkey", BytesToHex(report.sm.public_key, PUBLIC_KEY_SIZE)},
+              {"pubkey", BytesToHex(report.sm.public_key, PUBLIC_KEY_COMPRESSED_SIZE)},
               {"signature", BytesToHex(report.sm.signature, SIGNATURE_SIZE)}},
       },
       {
@@ -106,7 +106,7 @@ void
 Report::printPretty() {
   std::cout << "\t\t=== Security Monitor ===" << std::endl;
   std::cout << "Hash: " << BytesToHex(report.sm.hash, MDSIZE) << std::endl;
-  std::cout << "Pubkey: " << BytesToHex(report.sm.public_key, PUBLIC_KEY_SIZE)
+  std::cout << "Pubkey: " << BytesToHex(report.sm.public_key, PUBLIC_KEY_COMPRESSED_SIZE)
             << std::endl;
   std::cout << "Signature: " << BytesToHex(report.sm.signature, SIGNATURE_SIZE)
             << std::endl;
@@ -152,18 +152,20 @@ Report::checkSignaturesOnly(const byte* dev_public_key) {
   int enclave_valid = 0;
   uint8_t scratchpad[MDSIZE + ATTEST_DATA_MAXLEN];
   uint8_t md[MDSIZE];
+  uint8_t sm_public_key[PUBLIC_KEY_SIZE];
 
   /* verify SM report */
   memcpy(scratchpad, report.sm.hash, MDSIZE);
-  memcpy(scratchpad + MDSIZE, report.sm.public_key, PUBLIC_KEY_SIZE);
-  SHA_256.hash(scratchpad, MDSIZE + PUBLIC_KEY_SIZE, md);
+  memcpy(scratchpad + MDSIZE, report.sm.public_key, PUBLIC_KEY_COMPRESSED_SIZE);
+  SHA_256.hash(scratchpad, MDSIZE + PUBLIC_KEY_COMPRESSED_SIZE, md);
   sm_valid = uECC_verify(dev_public_key, md, MDSIZE, report.sm.signature, uECC_CURVE());
 
   /* verify Enclave report */
+  uECC_decompress(report.sm.public_key, sm_public_key, uECC_CURVE());
   memcpy(scratchpad, report.enclave.hash, MDSIZE);
   memcpy(scratchpad + MDSIZE, report.enclave.data, report.enclave.data_len);
   SHA_256.hash(scratchpad, MDSIZE + report.enclave.data_len, md);
-  enclave_valid = uECC_verify(report.sm.public_key, md, MDSIZE, report.enclave.signature, uECC_CURVE());
+  enclave_valid = uECC_verify(sm_public_key, md, MDSIZE, report.enclave.signature, uECC_CURVE());
 
   return sm_valid && enclave_valid;
 }

diff --git a/sm/src/crypto.h b/sm/src/crypto.h
@@ -15,6 +15,7 @@ typedef sha_256_context_t hash_ctx;
 #define SIGNATURE_SIZE (ECC_CURVE_P_256_SIZE * 2)
 #define PRIVATE_KEY_SIZE (ECC_CURVE_P_256_SIZE)
 #define PUBLIC_KEY_SIZE (ECC_CURVE_P_256_SIZE * 2)
+#define PUBLIC_KEY_COMPRESSED_SIZE (1 + ECC_CURVE_P_256_SIZE)
 
 typedef unsigned char byte;
 

diff --git a/sm/src/enclave.c b/sm/src/enclave.c
@@ -633,7 +633,7 @@ unsigned long attest_enclave(uintptr_t report_ptr, uintptr_t data, uintptr_t siz
 
   sbi_memcpy(report.dev_public_key, dev_public_key, PUBLIC_KEY_SIZE);
   sbi_memcpy(report.sm.hash, sm_hash, MDSIZE);
-  sbi_memcpy(report.sm.public_key, sm_public_key, PUBLIC_KEY_SIZE);
+  uECC_compress(sm_public_key, report.sm.public_key, uECC_CURVE());
   sbi_memcpy(report.sm.signature, sm_signature, SIGNATURE_SIZE);
   sbi_memcpy(report.enclave.hash, enclaves[eid].hash, MDSIZE);
 

diff --git a/sm/src/enclave.h b/sm/src/enclave.h
@@ -88,7 +88,7 @@ struct enclave_report
 struct sm_report
 {
   byte hash[MDSIZE];
-  byte public_key[PUBLIC_KEY_SIZE];
+  byte public_key[PUBLIC_KEY_COMPRESSED_SIZE];
   byte signature[SIGNATURE_SIZE];
 };
 struct report