feat(sealing-enclave): initial implementation #14
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Ignore build artifacts, environment files and keys.
tshepang
reviewed
Mar 1, 2023
| let user_data_buf = unsafe { slice::from_raw_parts(user_data, sealed_user_data_size) }; | ||
|
|
||
| let mut rng = SgxRng::new().expect("SGX: RDRAND instruction failed"); | ||
| let mut user_sealing_key = SecretKey::new([0u8; 32]); |
There was a problem hiding this comment.
32 feels like it should an associated type of SecretKey, such that...
SecretKey::new([0u8; SecretKey::SIZE])Maybe even better is to do a Default derive on SecretKey, so that you could just...
SecretKey::default()I have not tested if it would work, so just a guess.
tshepang
reviewed
Mar 1, 2023
| let mut user_sealing_key = SecretKey::new([0u8; 32]); | ||
| rng.fill_bytes(user_sealing_key.as_mut()); | ||
|
|
||
| let user_data_nonce = Nonce::new([0u8; Nonce::SIZE]); |
There was a problem hiding this comment.
Perhaps another candidate for a Default derive.
tshepang
reviewed
Mar 1, 2023
| let sealed_user_data = | ||
| match sealing::seal(user_data_buf, user_sealing_key, user_data_nonce, user_id) { | ||
| Ok(sealed_data) => sealed_data, | ||
| Err(_) => { |
There was a problem hiding this comment.
I don't expect the seal function would reveal sensitive info, easpecially since the error ultimately comes from ring_compat::aead::Error, which I believe practices good hygiene :)
tshepang
reviewed
Mar 1, 2023
| ) | ||
| .unwrap(); // never panics due to array usage | ||
|
|
||
| let enclave_key_nonce = Nonce::new([0u8; Nonce::SIZE]); |
There was a problem hiding this comment.
One more candidate for Default derive.
tshepang
reviewed
Mar 1, 2023
| let enclave_key_nonce = Nonce::new([0u8; Nonce::SIZE]); | ||
| let sealed_key = match sealing::seal(user_data_buf, enclave_key, enclave_key_nonce, user_id) { | ||
| Ok(sealed_key) => sealed_key, | ||
| Err(_) => { |
jdvlio
force-pushed
the
feat-initial-sealing-enclave
branch
from
09e6e8c to
76b166e
Compare
jdvlio
force-pushed
the
feat-initial-sealing-enclave
branch
from
76b166e to
7d0da0b
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Initial implementation of the sealing enclave