Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Secret sharing after mutual RA with first registered enclave #28

Closed
electronix opened this issue Jun 17, 2019 · 1 comment
Closed

Secret sharing after mutual RA with first registered enclave #28

electronix opened this issue Jun 17, 2019 · 1 comment
Assignees
@clangenb

Comments

@electronix
Copy link
Contributor

electronix commented Jun 17, 2019
edited by brenzi

When a new worker enclave (WE2) wants to join the set of enclaves, the following needs to happen:

prepare:

  • One worker enclave (WE1) is registered and a new state and secrets are created

success scenario:

  1. WE2 registers with the on-chain enclave registry
  2. WE2 queries the registry and picks the first registered enclave (being WE1). WE1 URL and signing pubkey are remembered for next steps
  3. WE2 opens a TLS connection to WE1 and the two perform mutual-ra involving IAS
  4. WE1 verifies WE2's MRENCLAVE. must be equal to self.
  5. WE1 queries the onchain enclave registry verifies that the requesting enclave is registered
  6. WE1 verifies that WE2 pubkey for mutual-ra is equal to pubkey registered onchain for WE2.
  7. WE1 sends shielding key and state_encryption_key to WE2 over TLS, signed by it's signing_key
  8. WE2 verifies that the secrets have been signed by the same key that is registered for WE1
  9. WE2 persists secrets in SGX sealed storage.
@brenzi brenzi mentioned this issue Jun 28, 2019
Closed
@brenzi brenzi changed the title Mutual RA between two enclaves Secret sharing after mutual RA with first registered enclave Jun 28, 2019
This was referenced Jun 28, 2019
Closed
Closed
This was referenced Jul 9, 2019
Closed
Closed
@clangenb
Copy link
Contributor

clangenb commented Jul 9, 2019

Substask 4. and 8. not yet solved. Closing this now in favor focusing on M4 workflow.
Remaining issues are now in #47 , #48

@clangenb clangenb closed this as completed Jul 9, 2019
clangenb pushed a commit that referenced this issue Jun 21, 2023
@m-yahya
Remove unwrap Calls
76ec327 
close #28 

This pull request includes the following major changes:

* `unwrap` calls have been removed.
* Code refactoring has been applied.

Details of commits are as follows:

* remove unwrap

* remove unused import

* fix mismatched types

* fix mismatched types

* reset to unwrap for orders

* apply code refactoring

* apply code formatting

* remove extra variable casting
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@clangenb clangenb

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@electronix @clangenb