Implementation of Enclave Key Refresh

This feature initiates refresh of enclave encryption key pair based on
timer value set in the config file. A new pair of encryption key is
generated in the enclave and the updated enclave signup details are
stored in the KvStorage in workers table.

Additioanlly, encryption key signature is also generated during enclave
initialization and its made part of PublicEnclaveData. This encryption
key signature is re-computed when encryption key gets refreshed.

Signed-off-by: manju956 <[email protected]>

Author: manju956

common/cpp/error.h

@@ -46,6 +46,13 @@ namespace tcf {
                 ) : Error(TCF_ERR_CRYPTO, msg) {}
         }; // class CryptoError
 
+        // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+        class KeyRefreshError : public Error {
+        public:
+            explicit KeyRefreshError(
+                const std::string& msg
+                ) : Error(TCF_ERR_KEY_REFRESH, msg) {}
+        }; // class KeyRefreshError
 
         // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
         class MemoryError : public Error {

common/cpp/tcf_error.h

@@ -35,7 +35,8 @@ typedef enum {
                                   a TCF_ERR_SYSTEM for reporting.
                                 */
     TCF_ERR_CRYPTO = -11,
-    TCF_ERR_INVALID_WORKLOAD = -12  /* Invalid workload id */
+    TCF_ERR_INVALID_WORKLOAD = -12,  /* Invalid workload id */
+    TCF_ERR_KEY_REFRESH = -13  /* Enclave key refresh error */
 } tcf_err_t;
 
 typedef enum {

common/cpp/utils.h

@@ -20,4 +20,3 @@
 ByteArray StrToByteArray(std::string str);
 
 std::string ByteArrayToStr(ByteArray ba);
-

config/tcs_config.toml

@@ -99,3 +99,7 @@ DataEncryptionAlgorithm = "AES-GCM-256"
 # starting with tilde "~"
 workOrderPayloadFormats = "JSON-RPC"
 
+[WorkerKeyRefresh]
+# Configure key refresh interval based on need.
+# By default, key refresh feature is disabled.
+key_refresh_interval = 0

enclave_manager/avalon_enclave_manager/avalon_enclave_bridge.py

@@ -210,6 +210,7 @@ def create_signup_info(originator_public_key_hash, nonce):
     signup_info = {
         'verifying_key': signup_data['verifying_key'],
         'encryption_key': signup_data['encryption_key'],
+        'encryption_key_signature': signup_data['encryption_key_signature'],
         'proof_data': 'Not present',
         'enclave_persistent_id': 'Not present'
     }
@@ -263,3 +264,23 @@ def create_signup_info(originator_public_key_hash, nonce):
 
     # Now we can return the real object
     return signup_info_obj
+
+
+def refresh_enclave_key(enclave_sealed_data):
+    """
+    Refresh enclave encryption key pair
+    """
+    # start enclave key refresh
+    updated_signup_data = enclave.RefreshEnclaveKey(enclave_sealed_data)
+    if updated_signup_data is None:
+        return None
+    signup_info = {
+        'encryption_key':
+            updated_signup_data['encryption_key'],
+        'encryption_key_signature':
+            updated_signup_data['encryption_key_signature'],
+        'sealed_enclave_data':
+            updated_signup_data['sealed_enclave_data']
+    }
+
+    return signup_info

enclave_manager/avalon_enclave_manager/avalon_enclave_helper.py

@@ -68,6 +68,8 @@ def create_enclave_signup_data(cls, tcf_instance_keys=None):
         enclave_info['sealed_data'] = enclave_data.sealed_signup_data
         enclave_info['verifying_key'] = enclave_data.verifying_key
         enclave_info['encryption_key'] = enclave_data.encryption_key
+        enclave_info['encryption_key_signature'] = \
+            enclave_data.encryption_key_signature
         enclave_info['enclave_id'] = enclave_data.verifying_key
         enclave_info['proof_data'] = ''
         if not avalon_enclave.enclave.is_sgx_simulator():
@@ -87,6 +89,8 @@ def __init__(self, enclave_info, tcf_instance_keys):
             self.sealed_data = enclave_info['sealed_data']
             self.verifying_key = enclave_info['verifying_key']
             self.encryption_key = enclave_info['encryption_key']
+            self.encryption_key_signature = \
+                enclave_info['encryption_key_signature']
             self.proof_data = enclave_info['proof_data']
             self.enclave_id = enclave_info['enclave_id']
         except KeyError as ke:
@@ -96,6 +100,22 @@ def __init__(self, enclave_info, tcf_instance_keys):
         self.enclave_keys = \
             keys.EnclaveKeys(self.verifying_key, self.encryption_key)
 
+    # -------------------------------------------------------
+    def initiate_refresh_enclave_key(self):
+        """
+        Initiate worker encryption key refresh and update worker signup details
+        """
+        try:
+            updated_enclave_data = avalon_enclave.refresh_enclave_key(
+                self.sealed_data)
+        except Exception as err:
+            raise Exception('failed to refresh enclave key; {}'
+                            .format(str(err)))
+        self.encryption_key = updated_enclave_data["encryption_key"]
+        self.encryption_key_signature = \
+            updated_enclave_data["encryption_key_signature"]
+        self.sealed_data = updated_enclave_data["sealed_enclave_data"]
+
     # -------------------------------------------------------
     def send_to_sgx_worker(self, encrypted_request):
         """

enclave_manager/avalon_enclave_manager/enclave_manager.py

@@ -59,7 +59,7 @@ def __init__(self, config, signup_data, measurements):
         # Need to come up with a scheme to generate both for every unique
         # encryption key.
         self.encryption_key_nonce = ""
-        self.encryption_key_signature = ""
+        self.encryption_key_signature = signup_data.encryption_key_signature
         self.enclave_id = signup_data.enclave_id
         self.extended_measurements = measurements
 
@@ -330,6 +330,20 @@ def create_enclave_signup_data():
     return enclave_signup_data
 
 
+# -----------------------------------------------------------------
+def initiate_key_refresh(enclave_data):
+    """
+    Initiate worker encryption key refresh and update worker details
+    and updates worker details to kv storage
+    @param enclave_data - enclave signup data
+    """
+    try:
+        enclave_signup_data = enclave_data.initiate_refresh_enclave_key()
+    except Exception as e:
+        logger.error("failed to get signup data after key refresh: %s", str(e))
+    return enclave_signup_data
+
+
 # -----------------------------------------------------------------
 def execute_work_order(enclave_data, input_json_str, indent=4):
     """
@@ -430,6 +444,25 @@ def create_json_worker(enclave_data, config):
     return json_worker_info
 
 
+# -----------------------------------------------------------------
+def persist_worker(enclave_manager, kv_helper):
+    """
+    Persists worker to KvStorage
+
+    @param enclave_manager - instance of EnclaveManager class
+    @param kv_helper - instance of KvStorage
+    """
+    worker_info = create_json_worker(enclave_manager, enclave_manager.config)
+    logger.info("Persisting worker to workers table")
+    worker_id = crypto_utils.strip_begin_end_public_key(
+        enclave_manager.enclave_id).encode("UTF-8")
+    # Calculate sha256 of worker id to get 32 bytes. The TC spec proxy
+    # model contracts expect byte32. Then take a hexdigest for hex str.
+    worker_id = hashlib.sha256(worker_id).hexdigest()
+
+    kv_helper.set("workers", worker_id, worker_info)
+
+
 # -----------------------------------------------------------------
 def start_enclave_manager(config):
     """
@@ -475,17 +508,35 @@ def start_enclave_manager(config):
 
     try:
         sleep_interval = int(config["EnclaveManager"]["sleep_interval"])
+        key_refresh_interval = \
+            int(config["WorkerKeyRefresh"]["key_refresh_interval"])
     except Exception as err:
         logger.error("Failed to get sleep interval from config file. " +
                      "Setting sleep interval to 10 seconds: %s", str(err))
         sleep_interval = 10
 
+    # key_refresh_time is the time elapsed since last key refresh
+    key_refresh_time = 0
     try:
         while True:
+            if key_refresh_interval > 0 and \
+                    key_refresh_time >= key_refresh_interval:
+                logger.info("Initiate Worker Key refresh based on timer")
+                updated_enclave_signup_data = \
+                    initiate_key_refresh(enclave_manager.enclave_data)
+                # Update Enclave Manager with updated signup data
+                # after key refresh
+                enclave_manager = EnclaveManager(
+                    config, enclave_signup_data, extended_measurements)
+                # Persist updated worker to KV storage
+                persist_worker(enclave_manager, kv_helper)
+                key_refresh_time = 0
+
             # Poll KV storage for new work-order requests and process
             enclave_manager.process_work_orders(kv_helper)
             logger.info("Enclave manager sleeping for %d secs", sleep_interval)
             time.sleep(sleep_interval)
+            key_refresh_time = key_refresh_time + sleep_interval
     except Exception as inst:
         logger.error("Error while processing work-order; " +
                      "shutting down enclave manager")

tc/sgx/trusted_worker_manager/enclave/enclave_data.cpp

@@ -31,6 +31,8 @@
 
 #include "jsonvalue.h"
 #include "parson.h"
+#include "base64.h"
+#include "enclave_utils.h"
 
 #include "enclave_data.h"
 
@@ -57,6 +59,8 @@ EnclaveData::EnclaveData(void) {
     // Create the public encryption key
     public_encryption_key_ = private_encryption_key_.GetPublicKey();
 
+    // Create encryption key signature
+    generate_encryption_key_signature();
     SerializePrivateData();
     SerializePublicData();
 }
@@ -74,15 +78,11 @@ EnclaveData::~EnclaveData(void) {
 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 EnclaveData::EnclaveData(const uint8_t* inSealedData) {
     tcf::error::ThrowIfNull(inSealedData, "Sealed sign up data pointer is NULL");
-
     uint32_t decrypted_size =
         sgx_get_encrypt_txt_len(reinterpret_cast<const sgx_sealed_data_t*>(inSealedData));
 
-    // Need to check for error
-
     std::vector<uint8_t> decrypted_data;
     decrypted_data.resize(decrypted_size);
-
     // Unseal the data
     sgx_status_t ret = sgx_unseal_data(reinterpret_cast<const sgx_sealed_data_t*>(inSealedData),
         nullptr, 0, &decrypted_data[0], &decrypted_size);
@@ -95,6 +95,9 @@ EnclaveData::EnclaveData(const uint8_t* inSealedData) {
     decrypted_data.clear();
     decrypted_data_string.clear();
 
+    /* Create encryption key signature */
+    generate_encryption_key_signature();
+
     SerializePrivateData();
     SerializePublicData();
 }
@@ -263,6 +266,14 @@ void EnclaveData::SerializePublicData(void) {
     tcf::error::ThrowIf<tcf::error::RuntimeError>(
         jret != JSONSuccess, "enclave data serialization failed on public encryption key");
 
+    // Public encryption key signature
+    jret =
+        json_object_dotset_string(dataObject, "EncryptionKeySignature", \
+            encryption_key_signature_.c_str());
+    tcf::error::ThrowIf<tcf::error::RuntimeError>(
+        jret != JSONSuccess, \
+        "enclave data serialization failed on public encryption key signature");
+
     size_t serializedSize = json_serialization_size(dataValue);
 
     std::vector<char> serialized_buffer;

tc/sgx/trusted_worker_manager/enclave/enclave_data.h

@@ -22,6 +22,8 @@
 #include <string>
 
 #include "crypto.h"
+#include "utils.h"
+#include "base64.h"
 
 // JSON format for private data:
 // {
@@ -41,21 +43,20 @@
 // JSON format for public data
 // {
 //     "SigningKey" : "",
-//     "EncryptionKey" : ""
+//     "EncryptionKey" : "",
+//     "EncryptionKeySignature" : ""
 // }
 
 // XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 class EnclaveData {
 protected:
-    void SerializePrivateData(void);
-    void SerializePublicData(void);
-
     void DeserializeSealedData(const std::string& inSerializedEnclaveData);
 
     tcf::crypto::sig::PublicKey public_signing_key_;
     tcf::crypto::sig::PrivateKey private_signing_key_;
     tcf::crypto::pkenc::PublicKey public_encryption_key_;
     tcf::crypto::pkenc::PrivateKey private_encryption_key_;
+    std::string encryption_key_signature_;
 
     std::string serialized_private_data_;
     std::string serialized_public_data_;
@@ -65,13 +66,19 @@ class EnclaveData {
     // allocated storage for the sealed data. There are a number of ways
     // to do this; for now, the constant will be good enough.
     static const size_t cMaxSealedDataSize = 8192;
-    static const size_t cMaxPublicDataSize = 4096;
+    //static const size_t cMaxPublicDataSize = 4096;
+
+    // size of RSA key signature is 2048
+    static const size_t cMaxPublicDataSize = 6144;
 
     EnclaveData(void);
     EnclaveData(const uint8_t* inSealedData);
 
     ~EnclaveData(void);
 
+    void SerializePrivateData(void);
+    void SerializePublicData(void);
+
     ByteArray encrypt_message(const ByteArray& message) const {
         return public_encryption_key_.EncryptMessage(message);
     }
@@ -104,6 +111,18 @@ class EnclaveData {
 
     size_t get_private_data_size(void) const { return serialized_private_data_.length(); }
 
+    void generate_new_encryption_key_pair(void) {
+        private_encryption_key_.Generate();
+        public_encryption_key_ = private_encryption_key_.GetPublicKey();
+    }    
+
+    void generate_encryption_key_signature() {
+        std::string b64_pub_encr_key = public_encryption_key_.Serialize();
+        ByteArray encr_key_sig_bytes = \
+            private_signing_key_.SignMessage(StrToByteArray(b64_pub_encr_key));
+        encryption_key_signature_ = base64_encode(encr_key_sig_bytes);
+    }
+
     size_t get_sealed_data_size(void) const {
         size_t sdsize = sgx_calc_sealed_data_size(0, get_private_data_size());
         assert(sdsize < cMaxSealedDataSize);

tc/sgx/trusted_worker_manager/enclave/signup.edl

@@ -38,6 +38,16 @@ enclave {
             [out] size_t* outSealedEnclaveDataSize,
             [out] sgx_report_t* outEnclaveReport
             );
+        public tcf_err_t ecall_RefreshEnclaveKey(
+            [in, size=inSealedEnclaveDataSize] const uint8_t* inSealedEnclaveData,
+            size_t inSealedEnclaveDataSize,
+            [out, size=inAllocatedPublicEnclaveDataSize] char* outPublicEnclaveData,
+            size_t inAllocatedPublicEnclaveDataSize,
+            [out] size_t* outPublicEnclaveDataSize,
+            [out, size=inAllocatedSealedEnclaveDataSize] uint8_t* outSealedEnclaveData,
+            size_t inAllocatedSealedEnclaveDataSize,
+            [out] size_t* outSealedEnclaveDataSize
+            );
 
         public tcf_err_t ecall_UnsealEnclaveData(
             [in, size=inSealedEnclaveDataSize] const uint8_t* inSealedEnclaveData,