crypto library

[remyut]

Hi,

What crytpo lib do you recommend for ECDSA 256 p1 to run inside the enclave? I can only find libsodium, but it only support eddsa (ed25519)

Thanks

[asyarifstudio]

Hy @dayeol

I'm a bit confused with the ed25519 implementation in the bootrom, sm, and the sdk.

1. dev boot private key (_sanctum_dev_secret_key) length is 64 bytes, but according to RFC 8032 , it should be 32 bytes. generated key pair from ed25519_create_keypair() also generate 64 bytes private key from 32 bytes seed. Can you explain why the private key is 64 bytes?
2. I tried to verify the sm signature using python PyNaCl but the verification is failed. but the same signature is successfully verified using Report::verify() method. when I use PyNaCl to verify the test vector from RFC, the result is okey.

So I was wondering if the keystone EDDSA has some modification compared to RFC defined EDDSA. it will be difficult to perform remote attestation againts external entity (some server in the cloud) that uses standard ED25519.

[dayeol]

Yes, thank you for bringing this up. Our ed25519 was modified and is non-standard. Rohit was working on switching to standard (and more common) SHA256 + ECDSA (https://github.com/keystone-enclave/keystone/tree/dev-rohit-sha256) for the measured boot + attestation, but I don't know how far he got.

[dayeol]

FYI, our measured boot is based on MIT Sanctum's secure bootloader (https://github.com/ilebedev/secure_bootloader/)

[asyarifstudio]

Thanks for the clarification @dayeol

just wondering why you need to implement modified ED25519. why not use standard library like libsodium, libgcrypt or other lib? I think it's better to use existing and well-tested library, especially crypto to ensure the security for the crypto computation.