From: Jarkko Sakkinen <jarkko@kernel.org>
To: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Cc: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
"H. Peter Anvin" <hpa@zytor.com>,
Sean Christopherson <seanjc@google.com>,
Shuah Khan <shuah@kernel.org>,
x86@kernel.org, linux-sgx@vger.kernel.org,
linux-kselftest@vger.kernel.org, linux-kernel@vger.kernel.org,
Jia Zhang <zhang.jia@linux.alibaba.com>
Subject: Re: [PATCH] selftests/sgx: fix EINIT failure dueto SGX_INVALID_SIGNATURE
Date: Mon, 1 Mar 2021 11:54:29 +0200 [thread overview]
Message-ID: <YDy51R2Wva7s+k/x@kernel.org> (raw)
In-Reply-To: <20210301051836.30738-1-tianjia.zhang@linux.alibaba.com>
On Mon, Mar 01, 2021 at 01:18:36PM +0800, Tianjia Zhang wrote:
> q2 is not always 384-byte length. Sometimes it only has 383-byte.
What does determine this?
> In this case, the valid portion of q2 is reordered reversely for
> little endian order, and the remaining portion is filled with zero.
I'm presuming that you want to say "In this case, q2 needs to be reversed because...".
I'm lacking these details:
1. Why the length of Q2 can vary?
2. Why reversing the bytes is the correct measure to counter-measure
this variation?
/Jarkko
> Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
> ---
> tools/testing/selftests/sgx/sigstruct.c | 41 +++++++++++++------------
> 1 file changed, 21 insertions(+), 20 deletions(-)
>
> diff --git a/tools/testing/selftests/sgx/sigstruct.c b/tools/testing/selftests/sgx/sigstruct.c
> index dee7a3d6c5a5..92bbc5a15c39 100644
> --- a/tools/testing/selftests/sgx/sigstruct.c
> +++ b/tools/testing/selftests/sgx/sigstruct.c
> @@ -55,10 +55,27 @@ static bool alloc_q1q2_ctx(const uint8_t *s, const uint8_t *m,
> return true;
> }
>
> +static void reverse_bytes(void *data, int length)
> +{
> + int i = 0;
> + int j = length - 1;
> + uint8_t temp;
> + uint8_t *ptr = data;
> +
> + while (i < j) {
> + temp = ptr[i];
> + ptr[i] = ptr[j];
> + ptr[j] = temp;
> + i++;
> + j--;
> + }
> +}
> +
> static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1,
> uint8_t *q2)
> {
> struct q1q2_ctx ctx;
> + int len;
>
> if (!alloc_q1q2_ctx(s, m, &ctx)) {
> fprintf(stderr, "Not enough memory for Q1Q2 calculation\n");
> @@ -89,8 +106,10 @@ static bool calc_q1q2(const uint8_t *s, const uint8_t *m, uint8_t *q1,
> goto out;
> }
>
> - BN_bn2bin(ctx.q1, q1);
> - BN_bn2bin(ctx.q2, q2);
> + len = BN_bn2bin(ctx.q1, q1);
> + reverse_bytes(q1, len);
> + len = BN_bn2bin(ctx.q2, q2);
> + reverse_bytes(q2, len);
>
> free_q1q2_ctx(&ctx);
> return true;
> @@ -152,22 +171,6 @@ static RSA *gen_sign_key(void)
> return key;
> }
>
> -static void reverse_bytes(void *data, int length)
> -{
> - int i = 0;
> - int j = length - 1;
> - uint8_t temp;
> - uint8_t *ptr = data;
> -
> - while (i < j) {
> - temp = ptr[i];
> - ptr[i] = ptr[j];
> - ptr[j] = temp;
> - i++;
> - j--;
> - }
> -}
> -
> enum mrtags {
> MRECREATE = 0x0045544145524345,
> MREADD = 0x0000000044444145,
> @@ -367,8 +370,6 @@ bool encl_measure(struct encl *encl)
> /* BE -> LE */
> reverse_bytes(sigstruct->signature, SGX_MODULUS_SIZE);
> reverse_bytes(sigstruct->modulus, SGX_MODULUS_SIZE);
> - reverse_bytes(sigstruct->q1, SGX_MODULUS_SIZE);
> - reverse_bytes(sigstruct->q2, SGX_MODULUS_SIZE);
>
> EVP_MD_CTX_destroy(ctx);
> RSA_free(key);
> --
> 2.19.1.3.ge56e4f7
>
>
next prev parent reply other threads:[~2021-03-01 9:57 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-01 5:18 [PATCH] selftests/sgx: fix EINIT failure dueto SGX_INVALID_SIGNATURE Tianjia Zhang
2021-03-01 9:54 ` Jarkko Sakkinen [this message]
2021-03-02 5:06 ` Tianjia Zhang
2021-03-02 5:54 ` Andy Lutomirski
2021-03-02 13:47 ` Jarkko Sakkinen
2021-03-10 12:44 ` Jia Zhang
2021-03-10 21:39 ` Jarkko Sakkinen
2021-03-11 2:47 ` Jia Zhang
2021-03-11 3:42 ` Jarkko Sakkinen
2021-03-11 4:53 ` Tianjia Zhang
2021-03-12 16:53 ` Jarkko Sakkinen
2021-03-11 5:55 ` Jia Zhang
2021-03-03 12:03 ` Tianjia Zhang
2021-03-02 12:51 ` Jarkko Sakkinen
2021-03-03 12:12 ` Tianjia Zhang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YDy51R2Wva7s+k/x@kernel.org \
--to=jarkko@kernel.org \
--cc=bp@alien8.de \
--cc=hpa@zytor.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux-sgx@vger.kernel.org \
--cc=mingo@redhat.com \
--cc=seanjc@google.com \
--cc=shuah@kernel.org \
--cc=tglx@linutronix.de \
--cc=tianjia.zhang@linux.alibaba.com \
--cc=x86@kernel.org \
--cc=zhang.jia@linux.alibaba.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).