diff mbox series

selftests/x86: Generate an RSA key on fly

Message ID 20200319023306.6875-1-jarkko.sakkinen@linux.intel.com (mailing list archive)
State New, archived
Headers show
Series selftests/x86: Generate an RSA key on fly | expand

Commit Message

Jarkko Sakkinen March 19, 2020, 2:33 a.m. UTC 
Modify the signing tool to generate an RSA key on fly because that is
require for the selftest.

Cc: Sean Christopherson <sean.j.christopherson@intel.com>
Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
---
Tested only for compilation.
 tools/testing/selftests/x86/sgx/Makefile      |  2 +-
 tools/testing/selftests/x86/sgx/sgxsign.c     | 55 ++++++++-----------
 .../testing/selftests/x86/sgx/signing_key.pem | 39 -------------
 3 files changed, 25 insertions(+), 71 deletions(-)
 delete mode 100644 tools/testing/selftests/x86/sgx/signing_key.pem

Comments

Jarkko Sakkinen March 19, 2020, 2:52 a.m. UTC | #1 
On Thu, Mar 19, 2020 at 04:33:06AM +0200, Jarkko Sakkinen wrote:
> Modify the signing tool to generate an RSA key on fly because that is
> require for the selftest.
> 
> Cc: Sean Christopherson <sean.j.christopherson@intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

The bigger idea is to combine sgxsign and the test program. The enclave
can be measured and sigstruct can be calculated in the exact same loop.

After this change has been merged it is somewhat trivial change to do.

This results way way more robust test program (e.g. easy to generate
dynamically enclaves of different sizes).

/Jarkko
diff mbox series

Patch

diff --git a/tools/testing/selftests/x86/sgx/Makefile b/tools/testing/selftests/x86/sgx/Makefile
index f838700029e2..ff0136310c2b 100644
--- a/tools/testing/selftests/x86/sgx/Makefile
+++ b/tools/testing/selftests/x86/sgx/Makefile
@@ -31,7 +31,7 @@  $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
 	$(CC) $(ENCL_CFLAGS) -T $^ -o $@
 
 $(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin
-	$(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
+	$(OUTPUT)/sgxsign $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
 
 $(OUTPUT)/sgxsign: sgxsign.c
 	$(CC) $(INCLUDES) -o $@ $< -lcrypto
diff --git a/tools/testing/selftests/x86/sgx/sgxsign.c b/tools/testing/selftests/x86/sgx/sgxsign.c
index 3d9007af40c9..8d62437186ed 100644
--- a/tools/testing/selftests/x86/sgx/sgxsign.c
+++ b/tools/testing/selftests/x86/sgx/sgxsign.c
@@ -60,29 +60,35 @@  static inline const BIGNUM *get_modulus(RSA *key)
 #endif
 }
 
-static RSA *load_sign_key(const char *path)
+static RSA *gen_sign_key(void)
 {
-	FILE *f;
+	BIGNUM *e;
 	RSA *key;
+	int ret;
 
-	f = fopen(path, "rb");
-	if (!f) {
-		fprintf(stderr, "Unable to open %s\n", path);
-		return NULL;
-	}
+	e = BN_new();
 	key = RSA_new();
-	if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL))
-		return NULL;
-	fclose(f);
 
-	if (BN_num_bytes(get_modulus(key)) != SGX_MODULUS_SIZE) {
-		fprintf(stderr, "Invalid key size %d\n",
-			BN_num_bytes(get_modulus(key)));
-		RSA_free(key);
-		return NULL;
-	}
+	if (!e || !key)
+		goto err;
+
+	ret = BN_set_word(e, RSA_F4);
+	if (ret != 1)
+		goto err;
+
+	ret = RSA_generate_key_ex(key, 3072, e, NULL);
+	if (ret != 1)
+		goto err;
+
+	BN_free(e);
 
 	return key;
+
+err:
+	RSA_free(key);
+	BN_free(e);
+
+	return NULL;
 }
 
 static void reverse_bytes(void *data, int length)
@@ -424,8 +430,8 @@  int main(int argc, char **argv)
 	uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
 	struct sgx_sigstruct ss;
 	const char *program;
-	int opt;
 	RSA *sign_key;
+	int opt;
 
 	memset(&ss, 0, sizeof(ss));
 	ss.header.header1[0] = header1[0];
@@ -443,19 +449,6 @@  int main(int argc, char **argv)
 
 	program = argv[0];
 
-	do {
-		opt = getopt(argc, argv, "");
-		switch (opt) {
-		case -1:
-			break;
-		default:
-			exit_usage(program);
-		}
-	} while (opt != -1);
-
-	argc -= optind;
-	argv += optind;
-
 	if (argc < 3)
 		exit_usage(program);
 
@@ -463,7 +456,7 @@  int main(int argc, char **argv)
 	if (check_crypto_errors())
 		exit(1);
 
-	sign_key = load_sign_key(argv[0]);
+	sign_key = gen_sign_key();
 	if (!sign_key)
 		goto out;
 
diff --git a/tools/testing/selftests/x86/sgx/signing_key.pem b/tools/testing/selftests/x86/sgx/signing_key.pem
deleted file mode 100644
index d76f21f19187..000000000000
--- a/tools/testing/selftests/x86/sgx/signing_key.pem
+++ /dev/null
@@ -1,39 +0,0 @@ 
------BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEApalGbq7Q+usM91CPtksu3D+b0Prc8gAFL6grM3mg85A5Bx8V
-cfMXPgtrw8EYFwQxDAvzZWwl+9VfOX0ECrFRBkOHcOiG0SnADN8+FLj1UiNUQwbp
-S6OzhNWuRcSbGraSOyUlVlV0yMQSvewyzGklOaXBe30AJqzIBc8QfdSxKuP8rs0Z
-ga6k/Bl73osrYKByILJTUUeZqjLERsE6GebsdzbWgKn8qVqng4ZS4yMNg6LeRlH3
-+9CIPgg4jwpSLHcp7dq2qTIB9a0tGe9ayp+5FbucpB6U7ePold0EeRN6RlJGDF9k
-L93v8P5ykz5G5gYZ2g0K1X2sHIWV4huxPgv5PXgdyQYbK+6olqj0d5rjYuwX57Ul
-k6SroPS1U6UbdCjG5txM+BNGU0VpD0ZhrIRw0leQdnNcCO9sTJuInZrgYacSVJ7u
-mtB+uCt+uzUesc+l+xPRYA+9e14lLkZp7AAmo9FvL816XDI09deehJ3i/LmHKCRN
-tuqC5TprRjFwUr6dAgEDAoIBgG5w2Z8fNfycs0+LCnmHdJLVEotR6KFVWMpwHMz7
-wKJgJgS/Y6FMuilc8oKAuroCy11dTO5IGVKOP3uorVx2NgQtBPXwWeDGgAiU1A3Q
-o4wXjYIEm4fCd63jyYPYZ2ckYXzDbjmOTdstYdPyzIhGGNEZK6eoqsRzMAPfYFPj
-IMdCqHSIu6vJw1K7p+myHOsVoWshjODaZnF3LYSA0WaZ8vokjwBxUxuRxQJZjJds
-s60XPtmL+qfgWtQFewoG4XL6GuD8FcXccynRRtzrLtFNPIl9BQfWfjBBhTC1/Te1
-0Z6XbZvpdUTD9OfLB7SbR2OUFNpKQgriO0iYVdbW3cr7uu38Zwp4W1TX73DPjoi6
-KNooP6SGWd4mRJW2+dUmSYS4QNG8eVVZswKcploEIXlAKRsOe4kzJJ1iETugIe85
-uX8nd1WYEp65xwoRUg8hqng0MeyveVbXqNKuJG6tzNDt9kgFYo+hmC/oouAW2Dtc
-T9jdRAwKJXqA2Eg6OkgXCEv+kwKBwQDYaQiFMlFhsmLlqI+EzCUh7c941/cL7m6U
-7j98+8ngl0HgCEcrc10iJVCKakQW3YbPzAx3XkKTaGjWazvvrFarXIGlOud64B8a
-iWyQ7VdlnmZnNEdk+C83tI91OQeaTKqRLDGzKh29Ry/jL8Pcbazt+kDgxa0H7qJp
-roADUanLQuNkYubpbhFBh3xpa2EExaVq6rF7nIVsD8W9TrbmPKA4LgH7z0iy544D
-kVCNYsTjYDdUWP+WiSor8kCnnpjnN9sCgcEAw/eNezUD1UDf6OYFC9+5JZJFn4Tg
-mZMyN93JKIb199ffwnjtHUSjcyiWeesXucpzwtGbTcwQnDisSW4oneYKLSEBlBaq
-scqiUugyGZZOthFSCbdXYXMViK2vHrKlkse7GxVlROKcEhM/pRBrmjaGO8eWR+D4
-FO2wCXzVs3KgV6j779frw0vC54oHOxc9+Lu1rSHp4i+600koyvL/zF6U/5tZXIvN
-YW2yoiQJnjCmVA1pwbwV6KAUTPDTMnBK+YjnAoHBAJBGBa4hi5Z27JkbCliIGMFJ
-NPs6pLKe9GNJf6in2+sPgUAFhMeiPhbDiwbxgrnpBIqICE+ULGJFmzmc0p/IOceT
-ARjR76dAFLxbnbXzj5kURETNhO36yiUjCk4mBRGIcbYddndxaSjaH+zKgpLzyJ6m
-1esuc1qfFvEfAAI2cTIsl5hB70ZJYNZaUvDyQK3ZGPHxy6e9rkgKg9OJz0QoatAe
-q/002yHvtAJg4F5B2JeVejg7VQ8GHB1MKxppu0TP5wKBwQCCpQj8zgKOKz/wmViy
-lSYZDC5qWJW7t3bP6TDFr06lOpUsUJ4TgxeiGw778g/RMaKB4RIz3WBoJcgw9BsT
-7rFza1ZiucchMcGMmswRDt8kC4wGejpA92Owc8oUdxkMhSdnY5jYlxK2t3/DYEe8
-JFl9L7mFQKVjSSAGUzkiTGrlG1Kf5UfXh9dFBq98uilQfSPIwUaWynyM23CHTKqI
-Pw3/vOY9sojrnncWwrEUIG7is5vWfWPwargzSzd29YdRBe8CgcEAuRVewK/YeNOX
-B7ZG6gKKsfsvrGtY7FPETzLZAHjoVXYNea4LVZ2kn4hBXXlvw/4HD+YqcTt4wmif
-5JQlDvjNobUiKJZpzy7hklVhF7wZFl4pCF7Yh43q9iQ7gKTaeUG7MiaK+G8Zz8aY
-HW9rsiihbdZkccMvnPfO9334XMxl3HtBRzLstjUlbLB7Sdh+7tZ3JQidCOFNs5pE
-XyWwnASPu4tKfDahH1UUTp1uJcq/6716CSWg080avYxFcn75qqsb
------END RSA PRIVATE KEY-----