Fatal编程技术网
  • node.js/
  • Node.js 英特尔SGX远程认证:无法在客户端验证SP的签名

Node.js 英特尔SGX远程认证:无法在客户端验证SP的签名

node.js

Node.js 英特尔SGX远程认证:无法在客户端验证SP的签名,node.js,ecdsa,sgx,Node.js,Ecdsa,Sgx,基于,我想在NodeJS服务器中实现服务提供者功能。然而,尽管我认为我遵循RA示例中的算法,但启用SGX的客户端(在我的示例中,来自sgxsdk SampleCode中的RemoteDetection项目的isv_应用程序)不接受SP的MSG2,从而产生0x2003错误(无效签名),由SGX_RA_proc_MSG2_ex函数返回 生成msg2的JS代码: const crypto = require('crypto'); const aesCmac = require('node-aes-cm

基于,我想在NodeJS服务器中实现服务提供者功能。然而,尽管我认为我遵循RA示例中的算法,但启用SGX的客户端(在我的示例中,来自sgxsdk SampleCode中的RemoteDetection项目的isv_应用程序)不接受SP的MSG2,从而产生
0x2003
错误(无效签名),由
SGX_RA_proc_MSG2_ex
函数返回

生成msg2的JS代码:

const crypto = require('crypto');
const aesCmac = require('node-aes-cmac').aesCmac;
const EC = require('elliptic').ec;
const ec = new EC('p256');
const pepECDH = crypto.createECDH('prime256v1');

const SPID = 'C8C56121818E4F00FE4AB868389F3059';
const X_LENGTH = 32;
const Y_LENGTH = 64;

//Utilities
const swap = function(l_index, h_index, array) {
   let aux;
   while (l_index < h_index) {
     aux = array[l_index];
     array[l_index] = array[h_index];
     array[h_index] = aux;
     l_index++;
     h_index--;
   }
 };

const changeKeyEndianess = function(key) {
  swap(0, X_LENGTH - 1, key);
  swap(X_LENGTH, Y_LENGTH - 1, key);
    };

const generateCMAC = function(key, data) {
  const options = { returnAsBuffer: true };
  return aesCmac(key, data, options);
};

const deriveKey = function(sharedKey, label) {
  swap(0, sharedKey.length - 1, sharedKey);
  const key0s = Buffer.from('00000000000000000000000000000000', 'hex');

  const cmacKey0s = generateCMAC(key0s, Buffer.from(sharedKey));
  //0x01 || SMK || 0x00 || 0x80 || 0x00
  const auxInfo = Buffer.concat([
    Buffer.from('01', 'hex'),
    Buffer.from(label),
    Buffer.from('008000', 'hex'),
  ]);
  const derivedKey = generateCMAC(cmacKey0s, auxInfo);
  return derivedKey;
};

//1. Generate a random EC key using the P-256 curve. This key will become Gb.
pepECDH.generateKeys();
var Gb_BE = pepECDH.getPublicKey().slice(1); //remove 0x04, used only for elliptic library internals
var Gb_LE = Gb_BE;
changeKeyEndianess(Gb_LE); //pep public key now in Little Endian
//2. Derive the key derivation key (KDK) from Ga and Gb:
//2.1. Compute the shared secret using the client's public session key, Ga,
//and the service provider's private session key (obtained from Step 1), Gb.
// The result of this operation will be the x coordinate of Gab, denoted as Gabx.
var Ga_raw = msg.slice(0, 64); //client's public key, Little Endian
var Ga_LE = Buffer.from(Ga_raw);
let Ga_BE = Ga_LE;
changeKeyEndianess(Ga_BE); //done for computeSecret function (to Big Endian)
Ga_BE = [0x04, ...Ga_BE]; //the elliptic lib requires 0x04 at the beginning of the key to work properly
var Gabx_BE = pepECDH.computeSecret(new Buffer(Ga_BE));
//2.2. Convert Gabx to little-endian byte order by reversing its bytes.
var Gabx_LE = Gabx_BE;
changeKeyEndianess(Gabx_LE); //now in little-endian
//2.3. Perform an AES-128 CMAC on the little-endian form of Gabx
//using a block of 0x00 bytes for the key.
//Derive the SMK from the KDK by performing an AES-128 CMAC on the byte sequence:
//0x01 || SMK || 0x00 || 0x80 || 0x00 --> SMK is a literal string without quotes
var derivedKeySMK = deriveKey(Gabx_LE, 'SMK');
//1. Determine the quote type that should be requested from the client
//(0x0 for unlinkable, and 0x1 for linkable). Note that this is a service provider
//policy decision, and the SPID must be associated with the correct quote type.
var quoteType = Buffer.from('0000', 'hex');
//2. Set the KDF_ID. Normally this is 0x1.
var kdfID = Buffer.from('0100', 'hex');
var spid = Buffer.from(SPID, 'hex');
//3. Calculate the ECDSA signature of:
//Gbx || Gby || Gax || Gay
//(traditionally written as r || s) with the service provider's EC private key.
var concatenatedPublicKeys = Buffer.concat([Gb_LE, Ga_LE]);
var pepPrivateKey = pepECDH.getPrivateKey();
var keysHash = crypto
  .createHash('sha256')
  .update(concatenatedPublicKeys)
  .digest();

var SigSP_BE = ec.sign(keysHash, pepPrivateKey, { canonical: true });
var r = SigSP_BE.r.toBuffer('le', 32);
var s = SigSP_BE.s.toBuffer('le', 32);
var SigSP_LE = Buffer.concat([r, s]);
//4. Calculate the AES-128 CMAC of:
//Gb || SPID || Quote_Type || KDF_ID || SigSP
//using the SMK (derived in Step 3) as the key.
var toCmac = Buffer.concat([Gb_LE, spid, quoteType, kdfID, SigSP_LE]);
var Cmaced = generateCMAC(derivedKeySMK, toCmac);
我在Ubuntu18.04上使用nodejsv14.10.0。使用的JS库:

"elliptic": "^6.5.3",
"node-aes-cmac": "^0.1.1",
我尝试了数千次反转每个变量中的字节,但都没有成功。错误的原因可能是什么?我是不是按照SGX RA协议生成了MSG2,或者我在JS中使用了错误的密码

谢谢你的帮助

"elliptic": "^6.5.3",
"node-aes-cmac": "^0.1.1",