-
Notifications
You must be signed in to change notification settings - Fork 196
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: support flexible key derivation APIs #857
Comments
I think this is because we use our own KDF on that key later, so there's no weakness here? |
How does the KDF work and when is it used? Do you mix some random value for each newly derived key? If not, the weakness may be applicable |
@DL8 You can look at this function and its comment: https://github.com/gramineproject/gramine/blob/master/common/src/protected_files/protected_files.c#L142-L145 Basically, yes, we mix a random value (nonce) with the KDK (key derivation key) to generate a newly derived key. This happens for every new 4KB block of the file (including on re-writes of the same block). |
The solution you described is applicable only for protected files. What about keys derived by the application (read directly from key derivation APIs)? |
What are these key derivation APIs? We don't expose such things in Gramine to the app. |
So if I understand correctly, the challenge here is how to let the developer configure protected filesystem keys in a flexible manner. I feel that using key name mechanism as is might be very cumbersome, because there are too many combinations. Another solution I have in mind is to add something like key parameters property to
|
@DL8 I see your point now. But this new helper At some point, Gramine needs to put limits on how configurable it is. Our manifest syntax is already very complex, and I feel that it's better for Gramine to just use some sensible defaults rather than leave it to the enclave developer (= manifest writer) to specify all the nitty-gritty SGX details. |
I think we have no plans to implement this in any foreseeable future, so I'm closing it. Gramine doesn't expose any C APIs to the app, so the proposal from the original post is not viable, and doing it from the manifest looks quite complicated. |
Taking the discussion about key derivation APIs from #855
Current key derivation APIs use hard-coded values for the key request, most notably SVNs (ISV, and CPU) are taken directly from the currently running enclave (see in
sgx_get_seal_key()
). This has several consequences:This may not be a straightforward change, as it may require changes to key derivation APIs (
PalGetSpecialKey()
and corresponding pseudofiles) and may break backwards compatibility.One solution I can think of:
sgx_get_seal_key()
to get a more detailed key request_sgx_sealing_custom
_sgx_sealing_custom
. The written value will be stored in internal state_sgx_sealing_custom
,_PalGetSpecialKey()
will be modified such that it will use the previously stored key request parametersSome opens with this proposal:
EGETKEY
. I'm not sure whether it should happen when writing the policy or when reading the keyAnother approach is to create a special handle just to write the policy and use it when reading
_sgx_mrsigner
and_sgx_mrenclave
. I prefer the first proposal, because:_sgx_mrsigner
might suddenly get different keys because of a stale key requestThe text was updated successfully, but these errors were encountered: