search

intel / sgx-ra-sample

Other
178 stars 64 forks source link

need help with the use of sk, mk, vk, smk derived during the attestation process #76

Open xyz-scorpio opened 2 years ago

xyz-scorpio commented 2 years ago

hi, maybe this should not be an issue, but im really confused with the usage of sk, mk, vk, smk, the intel official website also dose not give a clear description of these keys, could anyone help me figure out what are these keys used for? thanks a lot

XNinety9 commented 2 years ago

I've been at your place a few months ago. Here are a few notes I gathered here and there.

Sk : session key, used to encrypt data between RA client and server. This is the key that's been generated by the DHKE during the attestation process, and the key you mus use to encrypt secrets the server will send to the client.

Mk: share key used to generate MAC

Vk: derives from KDK, used for report data

SMK: session mac key, used to encrypt data shared between client and server, used only during the DHKE.

xyz-scorpio commented 2 years ago

I've been at your place a few months ago. Here are a few notes I gathered here and there.

Sk : session key, used to encrypt data between RA client and server. This is the key that's been generated by the DHKE during the attestation process, and the key you mus use to encrypt secrets the server will send to the client.

Mk: share key used to generate MAC

Vk: derives from KDK, used for report data

SMK: session mac key, used to encrypt data shared between client and server, used only during the DHKE.

Hi Pierre, this is awesome and thanks for the answer.

I think you have made it very clear about the usage of SK, but i still have questions about the other three. Please correct me if I misunderstood.

As I can see, the SMK is derived from the KDK, and used to generate CMAC in msg2 and msg3, the CMAC is used for verification of msg integrity, after this the SMK can be abandoned.

I'm still confused about the use of MK and VK. When you say "share key used to generate MAC", do you mean the MAC of the secret data encrypted by the SK?

And what about the VK, is it only used for the verify of the report data in the client quote in msg3?

I would also wonder if the client enclave always change its ECC key every time it's started? If not, would it be insecure since all the derived keys stay unchanged(since the server might not change its ECC key)?

Thanks again.