Skip to content

Latest commit

 

History

History
101 lines (69 loc) · 4.85 KB

PUBKEY.md

File metadata and controls

101 lines (69 loc) · 4.85 KB
Raw

EC Public Key Encoding for the REPORT DATA

Put x and y numbers in report data.

To check with python use https://cryptography.io/en/latest/hazmat/primitives/asymmetric/ec/#cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point.

Ex:

Read the public key PEM file generated by the enclave app:

with open('demo_sgx/secp256r1.pem') as f:
    pem_data = f.read()

# demo_sgx/secp256r1.pem
#
# -----BEGIN PUBLIC KEY-----
# MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7nw+BifBCxWqyqIkEJMA8APsN1If
# LvC6U011UnQNr1Ss5+5nSLHvXGlDL/1UgQh12ztcrOISsDwrEWtEHExMGA==
# -----END PUBLIC KEY-----

Load the public key:

from cryptography.hazmat.primitives import serialization

public_key = serialization.load_pem_public_key(pem_data.encode())

Show the bytes of the public key in different encodings & formats ( docs):

>>> public_key.public_bytes(encoding=serialization.Encoding.X962, format=serialization.PublicFormat.CompressedPoint)
b"\x02\xee|>\x06'\xc1\x0b\x15\xaa\xca\xa2$\x10\x93\x00\xf0\x03\xec7R\x1f.\xf0\xbaSMuRt\r\xafT"

>>> public_key.public_bytes(encoding=serialization.Encoding.X962, format=serialization.PublicFormat.UncompressedPoint)
b"\x04\xee|>\x06'\xc1\x0b\x15\xaa\xca\xa2$\x10\x93\x00\xf0\x03\xec7R\x1f.\xf0\xbaSMuRt\r\xafT\xac\xe7\xeegH\xb1\xef\\iC/\xfdT\x81\x08u\xdb;\\\xac\xe2\x12\xb0<+\x11kD\x1cLL\x18"

# PEM - should match the secp256r1.pem file content
>>> public_key.public_bytes(encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) == pem_data.encode()

Not sure how the point will encoded be in the report data ... but in case this may be useful:

from cryptography.hazmat.primitives.asymmetric import ec

x962 = public_key.public_bytes(encoding=serialization.Encoding.X962, format=serialization.PublicFormat.CompressedPoint)
pubkey_from_point = ec.EllipticCurvePublicKey.from_encoded_point(curve=ec.SECP256R1(), data=x962)

Given a quote:

qupte = {'isvEnclaveQuote': 'AgAAAFsLAAALAAoAAAAAAPxHYXRld2F5QXBwXTogQ2FRL+mnne+xUYaEHsh4Un5KCRH//wECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwAAAAAAAAAHAAAAAAAAAKijCU12IXxd0KESasFCs23TT4hRSpm/jfyOqFLx+mI4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADVGyccDiIZU+WyCA0PazAFKHQlJzMAvt2Sg0DE8oOo1QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0gQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFcYye3p+RYi7b+aqi+GsjVE9LopGCtRrG0JaI9B5KuezB8JbRzEjkxanE8V9PP6MJ/kF4iywU6vOq2FvEZfIqAIAAIxWDI2BGZC/jiPvisaergOPrVL7FvjzhIMe3dQZeiNgh1DznnP8UmLQl3H9FJ8sN1l6ZY8ewLakWeJydG5Iya6cfarNG/h1FO9dbUfQLg3g5lmKou9DU5u2qUUKGgaglrp4V5xQcOrAC2i46wE0yiX716Ci+LF+ElxjEdXVUKgYKjSBreKgC3ogriWZbEGIorcd/IXN8liaNouE+OCkh6XObIv15tZS2H/NJiAit090c4NKDWe4/FlDrsgCDNZ2N7tIqAkq3YY1r6hwewCn4a9et0YYJiKO7qL3Lu3EfVcdKyhRU28WKWqvSf7xiUoQhn3zOjLhq+ad8L6QJdAMrgxSEBizd3i+pyjWtwWVHi/M5TMxhQqqxGCTSJijJvnCJq+yQaUt2JXGFRUvxWgBAACes3YzC7v6DZnc+EohfZV4eYWvrrXNCS05knxQ8Z74vp+813+1NVQPfNJ5+fFmFP6QUWqywIYGOEwGRMGyTWz37tKGS1mLfHwQ7c+jJiA+Hjhm3Qu705lKC44GlKkaSIF5S5s7rbjSjP24KgYQxpzp5IgCZljy1fm0GiENTqmOGwAg4VviLTP2ceZrJ1wOvOa1BmcvA2HZ6O3ieDnNAV3wiSxsCdCQiyJsEF4j87/Jkq2e7xQ7immQRVSxWqPt3CQaB8S5KJgcto9kTezsRwJO1JYWEqHgngHDUAdJWbu7SpE9JGOgdMu2D2v9WOvAAHIhBnPSxnf2+1XWiu6Cc7t4fd9HlTq79GzWQNKjShq5VRonSJv4A++ABD+ssP4sf/uslBKnzi3b0gKiojWDDADkmyAS6ddrQaqKJ1vNdsdha92qRLjVAMLF14JtYOWIXWpIUdes2wH1GggCuz8jXjOhbj/6dnLTaziyMRWErrD9u7tPHuWspfrH'}

extract the report_data:

import base64

report_data = base64.b64decode(quote['isvEnclaveQuote'])[368:432]

for the above quote, the report data should be:

>>> report_data.hex()
2015c6327b7a7e4588bb6fe6aa8be1ac8d513d2e8a460ad46b1b425a23d0792ae7b307c25b4731239316a713c57d3cfe8c27f905e22cb053abceab616f1197c8

With Python's cryptography the public point can be used to instantiate a public key object, EllipticCurvePublicKey, from which it's possible to obtain other formats such as PEM and DER.

It's important to note that Python's cryptography library expects the point to be encoded as per Section 2.3.3 in https://www.secg.org/sec1-v2.pdf. The report data contains both x and y coordinates, in uncompressed form, and without the octet prefix 04. It's therefore necessary to add the octet prefix to the report data.

from cryptography.hazmat.primitives.asymmetric import ec

point = b"\x04" + report_data
pubkey = ec.EllipticCurvePublicKey.from_encoded_point(curve=ec.SECP256R1(), data=point)

Check that it matches the PEM data file:

from cryptography.hazmat.primitives import serialization

pubkey.public_bytes(encoding=serialization.Encoding.PEM, format=serialization.PublicFormat.SubjectPublicKeyInfo) == pem_data.encode()
# True