[SGX PAL] Deprecating RSA enclave keys

Signed-off-by: Chia-Che Tsai <chiache@tamu.edu>

Pal/src/host/Linux-SGX/db_process.c

@@ -161,9 +161,9 @@ static int check_child_mrenclave (sgx_arch_hash_t * mrenclave,
     memset(&check_data, 0, sizeof(struct proc_attestation_data));
 
     lib_AESCMAC((void *) &param->mac_key, AES_CMAC_KEY_LEN,
-                remote_state->enclave_keyhash,
-                sizeof(remote_state->enclave_keyhash),
-                check_data.keyhash_mac, sizeof check_data.keyhash_mac);
+                remote_state->enclave_identifier,
+                sizeof(remote_state->enclave_identifier),
+                check_data.keyhash_mac, sizeof(check_data.keyhash_mac));
 
     if (memcmp(data, &check_data, sizeof(struct proc_attestation_data)))
         return 1;
@@ -232,9 +232,9 @@ int _DkProcessCreate (PAL_HANDLE * handle, const char * uri,
     memset(&data, 0, sizeof(struct proc_attestation_data));
 
     lib_AESCMAC((void *) &param.mac_key, AES_CMAC_KEY_LEN,
-                pal_enclave_state.enclave_keyhash,
-                sizeof(pal_enclave_state.enclave_keyhash),
-                data.keyhash_mac, sizeof data.keyhash_mac);
+                pal_enclave_state.enclave_identifier,
+                sizeof(pal_enclave_state.enclave_identifier),
+                data.keyhash_mac, sizeof(data.keyhash_mac));
 
     SGX_DBG(DBG_P|DBG_S, "Attestation data: %s\n",
             alloca_bytes2hexstr(data.keyhash_mac));
@@ -266,9 +266,9 @@ static int check_parent_mrenclave (sgx_arch_hash_t * mrenclave,
     memset(&check_data, 0, sizeof(struct proc_attestation_data));
 
     lib_AESCMAC((void *) &param->mac_key, AES_CMAC_KEY_LEN,
-                remote_state->enclave_keyhash,
-                sizeof(remote_state->enclave_keyhash),
-                check_data.keyhash_mac, sizeof check_data.keyhash_mac);
+                remote_state->enclave_identifier,
+                sizeof(remote_state->enclave_identifier),
+                check_data.keyhash_mac, sizeof(check_data.keyhash_mac));
 
     if (memcmp(data, &check_data, sizeof(struct proc_attestation_data)))
         return 1;
@@ -302,9 +302,9 @@ int init_child_process (PAL_HANDLE * parent_handle)
     memset(&data, 0, sizeof(struct proc_attestation_data));
 
     lib_AESCMAC((void *) &param.mac_key, AES_CMAC_KEY_LEN,
-                pal_enclave_state.enclave_keyhash,
-                sizeof(pal_enclave_state.enclave_keyhash),
-                data.keyhash_mac, sizeof data.keyhash_mac);
+                pal_enclave_state.enclave_identifier,
+                sizeof(pal_enclave_state.enclave_identifier),
+                data.keyhash_mac, sizeof(data.keyhash_mac));
 
     SGX_DBG(DBG_P|DBG_S, "Attestation data: %s\n",
             alloca_bytes2hexstr(data.keyhash_mac));

Pal/src/host/Linux-SGX/enclave_framework.c

@@ -847,50 +847,38 @@ void test_dh (void)
 
 int init_enclave (void)
 {
+#if 0
+    /*
+     * This enclave-specific key is a building block for authenticating
+     * new pipe connections with other enclaves that are already
+     * authenticated. Since pipe protection is a future feature, this key
+     * is currently unused and hence deprecated.
+     */
     int ret;
     LIB_RSA_KEY *rsa = malloc(sizeof(LIB_RSA_KEY));
     lib_RSAInitKey(rsa);
 
     ret = lib_RSAGenerateKey(rsa, RSA_KEY_SIZE, RSA_E);
-    if (ret != 0) {
+    if (ret < 0) {
         SGX_DBG(DBG_S, "lib_RSAGenerateKey failed: %d\n", ret);
         return ret;
     }
 
-    PAL_NUM nsz = RSA_KEY_SIZE / 8, esz = 1;
-    uint8_t n[nsz], e[esz];
-
-    ret = lib_RSAExportPublicKey(rsa, e, &esz, n, &nsz);
-    if (ret != 0) {
-        SGX_DBG(DBG_S, "lib_RSAExtractPublicKey failed: %d\n", ret);
-        goto out_free;
-    }
-
-    LIB_SHA256_CONTEXT sha256;
-
-    ret = lib_SHA256Init(&sha256);
-    if (ret < 0)
-        goto out_free;
-
-    ret = lib_SHA256Update(&sha256, n, nsz);
-    if (ret < 0)
-        goto out_free;
-
-    ret = lib_SHA256Final(&sha256, (uint8_t *) pal_enclave_state.enclave_keyhash);
-    if (ret < 0)
-        goto out_free;
-
     pal_enclave_config.enclave_key = rsa;
+#endif
+
+    /*
+     * The enclave identifier is uniquely created for each enclave as a token
+     * for authenticating the enclave as the sender of attestation.
+     * TODO: documenting the inter-enclave attestation protocol.
+     */
+    _DkRandomBitsRead(&pal_enclave_state.enclave_identifier,
+                      sizeof(pal_enclave_state.enclave_identifier));
 
     SGX_DBG(DBG_S, "enclave (software) key hash: %s\n",
-            alloca_bytes2hexstr(pal_enclave_state.enclave_keyhash));
+            alloca_bytes2hexstr(pal_enclave_state.enclave_identifier));
 
     return 0;
-
-out_free:
-    lib_RSAFreeKey(rsa);
-    free(rsa);
-    return ret;
 }
 
 int _DkStreamKeyExchange (PAL_HANDLE stream, PAL_SESSION_KEY * keyptr)

Pal/src/host/Linux-SGX/pal_linux.h

@@ -163,9 +163,7 @@ extern struct pal_enclave_state {
                                        enclave */
     uint8_t  data[PAL_ATTESTATION_DATA_SIZE];
                                     /* reserved for filling other data */
-    sgx_arch_hash_t enclave_keyhash;   /* SHA256 digest of enclave's public key
-                                       can also be used as an identifier of the
-                                       enclave */
+    sgx_arch_hash_t enclave_identifier;  /* unique identifier of the enclave */
 } __attribute__((packed, aligned (128))) pal_enclave_state;
 
 #include "sgx_arch.h"