@@ -31,7 +31,7 @@ $(OUTPUT)/encl.elf: encl.lds encl.c encl_bootstrap.S
$(CC) $(ENCL_CFLAGS) -T $^ -o $@
$(OUTPUT)/encl.ss: $(OUTPUT)/encl.bin
- $(OUTPUT)/sgxsign signing_key.pem $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
+ $(OUTPUT)/sgxsign $(OUTPUT)/encl.bin $(OUTPUT)/encl.ss
$(OUTPUT)/sgxsign: sgxsign.c
$(CC) $(INCLUDES) -o $@ $< -lcrypto
@@ -60,29 +60,35 @@ static inline const BIGNUM *get_modulus(RSA *key)
#endif
}
-static RSA *load_sign_key(const char *path)
+static RSA *gen_sign_key(void)
{
- FILE *f;
+ BIGNUM *e;
RSA *key;
+ int ret;
- f = fopen(path, "rb");
- if (!f) {
- fprintf(stderr, "Unable to open %s\n", path);
- return NULL;
- }
+ e = BN_new();
key = RSA_new();
- if (!PEM_read_RSAPrivateKey(f, &key, NULL, NULL))
- return NULL;
- fclose(f);
- if (BN_num_bytes(get_modulus(key)) != SGX_MODULUS_SIZE) {
- fprintf(stderr, "Invalid key size %d\n",
- BN_num_bytes(get_modulus(key)));
- RSA_free(key);
- return NULL;
- }
+ if (!e || !key)
+ goto err;
+
+ ret = BN_set_word(e, RSA_F4);
+ if (ret != 1)
+ goto err;
+
+ ret = RSA_generate_key_ex(key, 3072, e, NULL);
+ if (ret != 1)
+ goto err;
+
+ BN_free(e);
return key;
+
+err:
+ RSA_free(key);
+ BN_free(e);
+
+ return NULL;
}
static void reverse_bytes(void *data, int length)
@@ -424,8 +430,8 @@ int main(int argc, char **argv)
uint64_t header2[2] = {0x0000006000000101, 0x0000000100000060};
struct sgx_sigstruct ss;
const char *program;
- int opt;
RSA *sign_key;
+ int opt;
memset(&ss, 0, sizeof(ss));
ss.header.header1[0] = header1[0];
@@ -443,19 +449,6 @@ int main(int argc, char **argv)
program = argv[0];
- do {
- opt = getopt(argc, argv, "");
- switch (opt) {
- case -1:
- break;
- default:
- exit_usage(program);
- }
- } while (opt != -1);
-
- argc -= optind;
- argv += optind;
-
if (argc < 3)
exit_usage(program);
@@ -463,7 +456,7 @@ int main(int argc, char **argv)
if (check_crypto_errors())
exit(1);
- sign_key = load_sign_key(argv[0]);
+ sign_key = gen_sign_key();
if (!sign_key)
goto out;
deleted file mode 100644
@@ -1,39 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEApalGbq7Q+usM91CPtksu3D+b0Prc8gAFL6grM3mg85A5Bx8V
-cfMXPgtrw8EYFwQxDAvzZWwl+9VfOX0ECrFRBkOHcOiG0SnADN8+FLj1UiNUQwbp
-S6OzhNWuRcSbGraSOyUlVlV0yMQSvewyzGklOaXBe30AJqzIBc8QfdSxKuP8rs0Z
-ga6k/Bl73osrYKByILJTUUeZqjLERsE6GebsdzbWgKn8qVqng4ZS4yMNg6LeRlH3
-+9CIPgg4jwpSLHcp7dq2qTIB9a0tGe9ayp+5FbucpB6U7ePold0EeRN6RlJGDF9k
-L93v8P5ykz5G5gYZ2g0K1X2sHIWV4huxPgv5PXgdyQYbK+6olqj0d5rjYuwX57Ul
-k6SroPS1U6UbdCjG5txM+BNGU0VpD0ZhrIRw0leQdnNcCO9sTJuInZrgYacSVJ7u
-mtB+uCt+uzUesc+l+xPRYA+9e14lLkZp7AAmo9FvL816XDI09deehJ3i/LmHKCRN
-tuqC5TprRjFwUr6dAgEDAoIBgG5w2Z8fNfycs0+LCnmHdJLVEotR6KFVWMpwHMz7
-wKJgJgS/Y6FMuilc8oKAuroCy11dTO5IGVKOP3uorVx2NgQtBPXwWeDGgAiU1A3Q
-o4wXjYIEm4fCd63jyYPYZ2ckYXzDbjmOTdstYdPyzIhGGNEZK6eoqsRzMAPfYFPj
-IMdCqHSIu6vJw1K7p+myHOsVoWshjODaZnF3LYSA0WaZ8vokjwBxUxuRxQJZjJds
-s60XPtmL+qfgWtQFewoG4XL6GuD8FcXccynRRtzrLtFNPIl9BQfWfjBBhTC1/Te1
-0Z6XbZvpdUTD9OfLB7SbR2OUFNpKQgriO0iYVdbW3cr7uu38Zwp4W1TX73DPjoi6
-KNooP6SGWd4mRJW2+dUmSYS4QNG8eVVZswKcploEIXlAKRsOe4kzJJ1iETugIe85
-uX8nd1WYEp65xwoRUg8hqng0MeyveVbXqNKuJG6tzNDt9kgFYo+hmC/oouAW2Dtc
-T9jdRAwKJXqA2Eg6OkgXCEv+kwKBwQDYaQiFMlFhsmLlqI+EzCUh7c941/cL7m6U
-7j98+8ngl0HgCEcrc10iJVCKakQW3YbPzAx3XkKTaGjWazvvrFarXIGlOud64B8a
-iWyQ7VdlnmZnNEdk+C83tI91OQeaTKqRLDGzKh29Ry/jL8Pcbazt+kDgxa0H7qJp
-roADUanLQuNkYubpbhFBh3xpa2EExaVq6rF7nIVsD8W9TrbmPKA4LgH7z0iy544D
-kVCNYsTjYDdUWP+WiSor8kCnnpjnN9sCgcEAw/eNezUD1UDf6OYFC9+5JZJFn4Tg
-mZMyN93JKIb199ffwnjtHUSjcyiWeesXucpzwtGbTcwQnDisSW4oneYKLSEBlBaq
-scqiUugyGZZOthFSCbdXYXMViK2vHrKlkse7GxVlROKcEhM/pRBrmjaGO8eWR+D4
-FO2wCXzVs3KgV6j779frw0vC54oHOxc9+Lu1rSHp4i+600koyvL/zF6U/5tZXIvN
-YW2yoiQJnjCmVA1pwbwV6KAUTPDTMnBK+YjnAoHBAJBGBa4hi5Z27JkbCliIGMFJ
-NPs6pLKe9GNJf6in2+sPgUAFhMeiPhbDiwbxgrnpBIqICE+ULGJFmzmc0p/IOceT
-ARjR76dAFLxbnbXzj5kURETNhO36yiUjCk4mBRGIcbYddndxaSjaH+zKgpLzyJ6m
-1esuc1qfFvEfAAI2cTIsl5hB70ZJYNZaUvDyQK3ZGPHxy6e9rkgKg9OJz0QoatAe
-q/002yHvtAJg4F5B2JeVejg7VQ8GHB1MKxppu0TP5wKBwQCCpQj8zgKOKz/wmViy
-lSYZDC5qWJW7t3bP6TDFr06lOpUsUJ4TgxeiGw778g/RMaKB4RIz3WBoJcgw9BsT
-7rFza1ZiucchMcGMmswRDt8kC4wGejpA92Owc8oUdxkMhSdnY5jYlxK2t3/DYEe8
-JFl9L7mFQKVjSSAGUzkiTGrlG1Kf5UfXh9dFBq98uilQfSPIwUaWynyM23CHTKqI
-Pw3/vOY9sojrnncWwrEUIG7is5vWfWPwargzSzd29YdRBe8CgcEAuRVewK/YeNOX
-B7ZG6gKKsfsvrGtY7FPETzLZAHjoVXYNea4LVZ2kn4hBXXlvw/4HD+YqcTt4wmif
-5JQlDvjNobUiKJZpzy7hklVhF7wZFl4pCF7Yh43q9iQ7gKTaeUG7MiaK+G8Zz8aY
-HW9rsiihbdZkccMvnPfO9334XMxl3HtBRzLstjUlbLB7Sdh+7tZ3JQidCOFNs5pE
-XyWwnASPu4tKfDahH1UUTp1uJcq/6716CSWg080avYxFcn75qqsb
------END RSA PRIVATE KEY-----
Modify the signing tool to generate an RSA key on fly because that is require for the selftest. Cc: Sean Christopherson <sean.j.christopherson@intel.com> Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- Tested only for compilation. tools/testing/selftests/x86/sgx/Makefile | 2 +- tools/testing/selftests/x86/sgx/sgxsign.c | 55 ++++++++----------- .../testing/selftests/x86/sgx/signing_key.pem | 39 ------------- 3 files changed, 25 insertions(+), 71 deletions(-) delete mode 100644 tools/testing/selftests/x86/sgx/signing_key.pem