Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Rust protections for the private keys #4513

Open
ipetr0v opened this issue Nov 28, 2023 · 4 comments
Open

Add Rust protections for the private keys #4513

ipetr0v opened this issue Nov 28, 2023 · 4 comments
Labels
lang/Rust

Comments

@ipetr0v
Copy link
Contributor

ipetr0v commented Nov 28, 2023
edited
Loading

Currently our abstractions have to expose the private keys in order to:

  • Pass the private keys from the Restricted Kernel to the enclave application
  • Use the Instance key to decrypt the Group key that was received via Key Provisioning

For example we have the following functions that expose the private key instance_encryption_key and get_private_key.

We need to implement an abstraction for private keys that:

  • Removes the private key from the memory on drop()
  • Allows encrypting a private key for Key Provisioning
  • Also allows sending the private key via an RPC

Though we also don't want to reimplement Tink.

We also currently have 2 abstractions for the Encryption Private Key:

oak/oak_crypto/src/encryptor.rs

Lines 35 to 37 in 28b91c9

pub struct EncryptionKeyProvider {
key_pair: KeyPair,
}

oak/oak_crypto/src/hpke/mod.rs

Lines 47 to 50 in 28b91c9

pub struct KeyPair {
pub(crate) private_key: PrivateKey,
pub(crate) public_key: PublicKey,
}

We need to merge these implementations into one EncryptionKey, and keep it a low level abstraction, since enclave applications don't need to use it.
@ipetr0v
Copy link
Contributor Author

ipetr0v commented Nov 28, 2023

cc @tiziano88 @conradgrobler

@tiziano88
Copy link
Collaborator

Manually zeroing out memory is actually quite hard, because the compiler will probably optimize it away. We should look for some off the shelf solution to that problem, e.g. https://crates.io/crates/zeroize seems to solve that.

@conradgrobler
Copy link
Collaborator

Yes, we should replace all instances where we implement Drop and use .fill(0) to try to zero out keys manually with the zeroize crate.

@ipetr0v
Copy link
Contributor Author

ipetr0v commented Jan 9, 2024

As an addition, we should probably also use OPENSSL_cleanse for our C++ (with Java) code on the client side.

@tiziano88 tiziano88 mentioned this issue Jan 12, 2024
Merged
@ipetr0v ipetr0v mentioned this issue Feb 8, 2024
Merged
ipetr0v added a commit that referenced this issue Feb 9, 2024
@ipetr0v
Merge Rust EncryptionKeyProvider and KeyPair (#4771)
9e03dea 
This PR:
- Merges `oak_crypto::encryptor::EncryptionKeyProvider` and `oak_crypto::hpke::KeyPair` into `oak_crypto::encryption_key::EncryptionKey`
- Implements serialization/deserialization
- Implements encryping the private key for Key Provisioning.
- Removes public keys from `EncryptionKey` struct (it's only used to be put into the evidence)

Ref #4513
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lang/Rust
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tiziano88 @ipetr0v @conradgrobler