Comments (5)
manojgop
commented on August 27, 2024
@kubasiemion This is a good catch. This behavior of signMessage() function is due to a legacy code taken from https://github.com/hyperledger-labs/private-data-objects/. Though signMessage() function documents about this behaviour, it's confusing to TCF clients. I've raised a PR #127 to avoid hashing twice.
from avalon.
arsulegai
commented on August 27, 2024
I am curious here and would like to understand in greater detail, why is this done like the way it is there today. Correct me as I am new to this framework
-
concatenate the relevant parts of a request
-
calculate sha256 of this extract --> h1
-
encrypt the resulting hash and include it in the request
[Arun] I guess the encryption key spoken about here is a symmetric key, and is shared only with the enclave. This is a proof to the enclave about message integrity. -
calculate sha256 of the hash h1 --> h2
-
sign the hashed hash h2 with some private key
-
include the signature and the public key in the request
[Arun] Generally public key of the requester should be known to the enclave as a priori. Otherwise, it is possible to attack the enclave (at least DoS) and fail the requests. The signature is sent along with the public key to verify it. It would at least help if the signature is calculated on encrypted(hash(message)) which is encrypted(h1). This way there is link between message -> digest -> encrypted digest -> signature. The final information gained by the enclave is the public key of the requester.
Another question out of curiosity, what is the public key of the requester used for?
from avalon.
manojgop
commented on August 27, 2024
@arsulegai You can refer to https://entethalliance.github.io/trusted-computing/spec.html#work-order-signing.
from avalon.
arsulegai
commented on August 27, 2024
Right! the line "Distribution of the corresponding public keys is outside of the scope of this specification" clarifies. So, in case of HL Avalon/TCF the implementation is to rely on the encryptedSessionKey to share the public key.
i.e. Instead of sign(message), it should be sign(encrypted(hash(message))). In other words sign(encrypted(h1)) from previous comment I pasted. This way public key can be safely shared.
from avalon.
manojgop
commented on August 27, 2024
As mentioned in spec, there are two mechanisms ensuring the integrity of a work order request:
-
encryptedRequestHash contains the hash of the work order request encrypted with a key from encryptedSessionKey. This mechanism ensures the request integrity even in the case of an anonymous requester. The hash value in this case is verified by the worker.
-
requesterSignature is an optional signature that uses the same calculated hash value and signs it with the requester's private signing key
from avalon.
Related Issues (20)
- core dumped enclave_manager --lmdb_url http://avalon-lmdb:9090 HOT 1
- docker-compose build failed
- name 'signup_cpp_obj' is not defined HOT 1
- error when install chaincode by fabric HOT 2
- problem when running 'sudo docker-compose -f docker-compose.yaml -f docker-compose-sgx.yaml up --build' HOT 4
- The parameter updateIndex
- Redundant work_order_receipt_update in work_order_receipt interface
- Which document to read about proxy model with fabric?
- Which document to read about proxy model with fabric? HOT 3
- Error when following Testing Hyperledger Avalon Proxy Model with Hyperledger Fabric HOT 1
- Testing Proxy Model with Fabric failed HOT 1
- Avalon does not work with the master branch of Graphene HOT 2
- How to create and register a new worker in Avalon? HOT 1
- Error occured during a load test with JMeter.
- ModuleNotFoundError: No module named 'tkinter'
- Connection error when setup worker pool in HW mode
- Rename master branch to main
- TestingBesuProxyModel.rst failed
- ImportError: /usr/lib/x86_64-linux-gnu/libsgx_dcap_quoteverify.so.1: undefined symbol: pthread_create_ocall
- Docker build fails HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from avalon.