Tips and tricks

1. Decoding sigstruct

Example file: sigstruct.bin

a. Using CLI

$ em-cli build parse-sigstruct ./sigstruct.bin 
{
  "mrenclave": "53cc2b0e4de94af0d237870c8f6cdddcf7d500b550de9c912fb0679294239ddb",
  "mrsigner": "ead6b106311614ab8cf26606e2583b61be82a43109e14d4fc91609286a58ab10",
  "isvprodid": 10001,
  "isvsvn": 13003
}

b. Using bash commands

1. mrenclave - 32 bytes at offset 960

# dd if=~/sigstruct.bin of=~/mrenclave.bin bs=1 skip=960 count=32
# xxd -p ~/mrenclave.bin | tr -d '\n'
53cc2b0e4de94af0d237870c8f6cdddcf7d500b550de9c912fb0679294239ddb

2. mrsigner - sha256 over 384 bytes at offset 128

# dd if=~/sigstruct.bin of=~/mrsigner.bin bs=1 skip=128 count=384
# sha256sum ~/mrsigner.bin 
ead6b106311614ab8cf26606e2583b61be82a43109e14d4fc91609286a58ab10

RUN 3. isvprodid - 2 bytes - little endian at position 1024

# od --endian=little --read-bytes=2 -j 1024 -s ~/sigstruct.bin | awk '{print $2}'
10001

4. isvsvn - 2 bytes - little endian at position 1026

# od --endian=little --read-bytes=2 -j 1026 -s ~/sigstruct.bin | awk '{print $2}'
13003

c. Using Javascript

Quick javascript sample code that outputs values to console

<input type="file" />
<div id="result"></div>

<script>
  function toHexString(byteArray) {
      return Array.from(byteArray, function(byte) {
          return ('0' + (byte & 0xFF).toString(16)).slice(-2);
      }).join('')
  }
  document.querySelector('input').addEventListener('change', function() {
      var reader = new FileReader();
      reader.onload = function() {
          var arrayBuffer = this.result;
          var array = new Uint8Array(arrayBuffer);

          const mrenclave = toHexString(array.slice(960,960+32));
          console.log("mrenclave=" + mrenclave);

          const mrsignerbytes = array.slice(128,128+384);
          crypto.subtle.digest('SHA-256', mrsignerbytes).then(hash => {
              const mrsigner = toHexString(new Uint8Array(hash));
              console.log("mrsigner=" + mrsigner);
          });

          const isvsvn = array[1024] + array[1025] * 256;
          console.log("isvsvn=" + isvsvn);
          const isvprodid = array[1026] + array[1027] * 256;
          console.log("isvprodid=" + isvprodid);
      }
      reader.readAsArrayBuffer(this.files[0]);

  }, false);

</script>

Example output:

1.html:17 mrenclave=53cc2b0e4de94af0d237870c8f6cdddcf7d500b550de9c912fb0679294239ddb
1.html:26 isvsvn=10001
1.html:28 isvprodid=13003
1.html:22 mrsigner=ead6b106311614ab8cf26606e2583b61be82a43109e14d4fc91609286a58ab10

2. Installing rust quickly

# apt-get update && apt-get install -y wget curl build-essential g++ clang pkg-config libssl-dev protobuf-compiler libclang-dev cmake
# wget https://sh.rustup.rs -O ./rust.sh && chmod u+x ./rust.sh && ./rust.sh -y && echo "source ~/.cargo/env" >> ~/.bashrc
# source ~/.cargo/env && rustup toolchain add nightly && rustup default nightly && rustup target add x86_64-fortanix-unknown-sgx --toolchain nightly && cargo install fortanix-sgx-tools sgxs-tools
# echo -e "[target.x86_64-fortanix-unknown-sgx]\nrunner = \"ftxsgx-runner-cargo\"" > ~/.cargo/config
Was this article helpful?
0 out of 0 found this helpful