CCF
Loading...
Searching...
No Matches
enclave_lfs_access.h
Go to the documentation of this file.
1// Copyright (c) Microsoft Corporation. All rights reserved.
2// Licensed under the Apache 2.0 License.
3#pragma once
4
5#include "ccf/crypto/entropy.h"
6#include "ccf/crypto/sha256.h"
7#include "ccf/crypto/symmetric_key.h"
8#include "ccf/ds/hex.h"
9#include "ccf/pal/locking.h"
10#include "ds/messaging.h"
11#include "indexing/lfs_interface.h"
12#include "indexing/lfs_ringbuffer_types.h"
13
14#include <optional>
15#include <set>
16#include <unordered_map>
17
18// Uncomment to disable encryption and obfuscation, writing cache content
19// directly unencrypted to host disk
20// #define PLAINTEXT_CACHE
21
22#if defined(PLAINTEXT_CACHE)
23# pragma message( \
24 "PLAINTEXT_CACHE should only be used for debugging, and not enabled for enclave builds")
25#endif
26
27namespace ccf::indexing
28{
29 static inline bool verify_and_decrypt(
30 ccf::crypto::KeyAesGcm& encryption_key,
31 const LFSKey& key,
32 LFSEncryptedContents&& encrypted,
33 std::vector<uint8_t>& plaintext)
34 {
35 ccf::crypto::GcmCipher gcm;
36 gcm.deserialise(encrypted);
37
38#ifdef PLAINTEXT_CACHE
39 plaintext = gcm.cipher;
40 auto success = true;
41#else
42 auto success = encryption_key.decrypt(
43 gcm.hdr.get_iv(), gcm.hdr.tag, gcm.cipher, {}, plaintext);
44#endif
45
46 // Check key prefix in plaintext
47 {
48 const auto encoded_prefix_size = sizeof(key.size()) + key.size();
49 if (plaintext.size() < encoded_prefix_size)
50 {
51 return false;
52 }
53
54 const auto* data = reinterpret_cast<const uint8_t*>(plaintext.data());
55 auto size = plaintext.size();
56 const auto prefix_size = serialized::read<size_t>(data, size);
57 if (prefix_size != key.size())
58 {
59 success = false;
60 }
61 else
62 {
63 if (memcmp(data, key.data(), key.size()) != 0)
64 {
65 success = false;
66 }
67
68 plaintext.erase(
69 plaintext.begin(), plaintext.begin() + encoded_prefix_size);
70 }
71 }
72
73 if (success)
74 {
75 return true;
76 }
77
78 LOG_TRACE_FMT("Decryption failed for {}", key);
79 return false;
80 }
81
82 class EnclaveLFSAccess : public AbstractLFSAccess
83 {
84 protected:
85 using PendingResult = std::weak_ptr<FetchResult>;
86
87 std::unordered_map<LFSKey, PendingResult> pending;
88 ccf::pal::Mutex pending_access;
89
90 ringbuffer::WriterPtr to_host;
91
92 ccf::crypto::EntropyPtr entropy_src;
93 std::unique_ptr<ccf::crypto::KeyAesGcm> encryption_key;
94
95 LFSEncryptedContents encrypt(const LFSKey& key, LFSContents&& contents)
96 {
97 // Prefix the contents with the key, to be checked during decryption
98 {
99 std::vector<uint8_t> key_prefix(sizeof(key.size()) + key.size());
100 auto* data = key_prefix.data();
101 auto size = key_prefix.size();
102 serialized::write(data, size, key);
103 contents.insert(contents.begin(), key_prefix.begin(), key_prefix.end());
104 }
105
106 ccf::crypto::GcmCipher gcm(contents.size());
107
108 // Use a random IV for each call
109 gcm.hdr.set_random_iv();
110
111 encryption_key->encrypt(
112 gcm.hdr.get_iv(), contents, {}, gcm.cipher, gcm.hdr.tag);
113
114#ifdef PLAINTEXT_CACHE
115 gcm.cipher = contents;
116#endif
117
118 return gcm.serialise();
119 }
120
121 public:
122 EnclaveLFSAccess(ringbuffer::WriterPtr writer) :
123 to_host(std::move(writer)),
124 entropy_src(ccf::crypto::get_entropy())
125 {
126 // Generate a fresh random key. Only this specific instance, in this
127 // enclave, can read these files!
128 encryption_key = ccf::crypto::make_key_aes_gcm(
129 entropy_src->random(ccf::crypto::GCM_DEFAULT_KEY_SIZE));
130 }
131
132 void register_message_handlers(
133 messaging::Dispatcher<ringbuffer::Message>& dispatcher)
134 {
135 DISPATCHER_SET_MESSAGE_HANDLER(
136 dispatcher, LFSMsg::response, [this](const uint8_t* data, size_t size) {
137 auto [obfuscated, encrypted] =
138 ringbuffer::read_message<LFSMsg::response>(data, size);
139 std::lock_guard<ccf::pal::Mutex> guard(pending_access);
140 auto it = pending.find(obfuscated);
141 if (it != pending.end())
142 {
143 auto result = it->second.lock();
144 if (result != nullptr)
145 {
146 if (
147 result->fetch_result == FetchResult::FetchResultType::Fetching)
148 {
149 const auto success = verify_and_decrypt(
150 *encryption_key,
151 obfuscated,
152 std::move(encrypted),
153 result->contents);
154 if (success)
155 {
156 result->fetch_result = FetchResult::FetchResultType::Loaded;
157 }
158 else
159 {
160 result->fetch_result = FetchResult::FetchResultType::Corrupt;
161 LOG_TRACE_FMT(
162 "Cache was given invalid contents for {} (aka {})",
163 obfuscated,
164 result->key);
165 }
166 }
167 else
168 {
169 LOG_FAIL_FMT(
170 "Retained result for {} (aka {}) in state {}",
171 obfuscated,
172 result->key,
173 result->fetch_result);
174 }
175 }
176 else
177 {
178 LOG_TRACE_FMT(
179 "Received response for {}, but caller has already dropped "
180 "result",
181 obfuscated);
182 }
183 pending.erase(it);
184 }
185 else
186 {
187 LOG_TRACE_FMT(
188 "Ignoring response message for unrequested key {}", obfuscated);
189 }
190 });
191
192 DISPATCHER_SET_MESSAGE_HANDLER(
193 dispatcher,
194 LFSMsg::not_found,
195 [this](const uint8_t* data, size_t size) {
196 auto [obfuscated] =
197 ringbuffer::read_message<LFSMsg::not_found>(data, size);
198 std::lock_guard<ccf::pal::Mutex> guard(pending_access);
199 auto it = pending.find(obfuscated);
200 if (it != pending.end())
201 {
202 auto result = it->second.lock();
203 if (result != nullptr)
204 {
205 if (
206 result->fetch_result == FetchResult::FetchResultType::Fetching)
207 {
208 LOG_TRACE_FMT(
209 "Host has no contents for key {} (aka {})",
210 obfuscated,
211 result->key);
212 result->fetch_result = FetchResult::FetchResultType::NotFound;
213 }
214 else
215 {
216 LOG_FAIL_FMT(
217 "Retained result for {} (aka {}) in state {}",
218 obfuscated,
219 result->key,
220 result->fetch_result);
221 }
222 }
223 else
224 {
225 LOG_TRACE_FMT(
226 "Received not_found for {}, but caller has already dropped "
227 "result",
228 obfuscated);
229 }
230 pending.erase(it);
231 }
232 else
233 {
234 LOG_TRACE_FMT(
235 "Ignoring not_found message for unrequested key {}", obfuscated);
236 }
237 });
238 }
239
240 static LFSKey obfuscate_key(const LFSKey& key)
241 {
242#ifdef PLAINTEXT_CACHE
243 return key;
244#else
245 const auto h = ccf::crypto::sha256(
246 reinterpret_cast<const uint8_t*>(key.data()), key.size());
247 return ds::to_hex(h);
248#endif
249 }
250
251 void store(const LFSKey& key, LFSContents&& contents) override
252 {
253 const auto obfuscated = obfuscate_key(key);
254 RINGBUFFER_WRITE_MESSAGE(
255 LFSMsg::store,
256 to_host,
257 // To avoid leaking potentially confidential information to the host,
258 // all cached data is encrypted and stored at an obfuscated key
259 obfuscated,
260 encrypt(obfuscated, std::move(contents)));
261 }
262
263 FetchResultPtr fetch(const LFSKey& key) override
264 {
265 const auto obfuscated = obfuscate_key(key);
266 std::lock_guard<ccf::pal::Mutex> guard(pending_access);
267 auto it = pending.find(obfuscated);
268
269 FetchResultPtr result;
270
271 if (it != pending.end())
272 {
273 result = it->second.lock();
274 if (result != nullptr)
275 {
276 if (key != result->key)
277 {
278 throw std::runtime_error(fmt::format(
279 "Obfuscation collision for unique keys '{}' and '{}', both "
280 "obfuscated to '{}'",
281 key,
282 result->key,
283 obfuscated));
284 }
285
286 return result;
287 }
288
289 result = std::make_shared<FetchResult>();
290 it->second = result;
291 }
292 else
293 {
294 result = std::make_shared<FetchResult>();
295 pending.emplace(obfuscated, result);
296 }
297
298 result->fetch_result = FetchResult::FetchResultType::Fetching;
299 result->key = key;
300 RINGBUFFER_WRITE_MESSAGE(LFSMsg::get, to_host, obfuscated);
301 return result;
302 }
303 };
304}
ccf::crypto::KeyAesGcm
Definition symmetric_key.h:71
ccf::crypto::KeyAesGcm::decrypt
virtual bool decrypt(std::span< const uint8_t > iv, const uint8_t tag[GCM_SIZE_TAG], std::span< const uint8_t > cipher, std::span< const uint8_t > aad, std::vector< uint8_t > &plain) const =0
ccf::indexing::AbstractLFSAccess
Definition lfs_interface.h:40
ccf::indexing::EnclaveLFSAccess
Definition enclave_lfs_access.h:83
ccf::indexing::EnclaveLFSAccess::encryption_key
std::unique_ptr< ccf::crypto::KeyAesGcm > encryption_key
Definition enclave_lfs_access.h:93
ccf::indexing::EnclaveLFSAccess::PendingResult
std::weak_ptr< FetchResult > PendingResult
Definition enclave_lfs_access.h:85
ccf::indexing::EnclaveLFSAccess::store
void store(const LFSKey &key, LFSContents &&contents) override
Definition enclave_lfs_access.h:251
ccf::indexing::EnclaveLFSAccess::to_host
ringbuffer::WriterPtr to_host
Definition enclave_lfs_access.h:90
ccf::indexing::EnclaveLFSAccess::fetch
FetchResultPtr fetch(const LFSKey &key) override
Definition enclave_lfs_access.h:263
ccf::indexing::EnclaveLFSAccess::pending
std::unordered_map< LFSKey, PendingResult > pending
Definition enclave_lfs_access.h:87
ccf::indexing::EnclaveLFSAccess::pending_access
ccf::pal::Mutex pending_access
Definition enclave_lfs_access.h:88
ccf::indexing::EnclaveLFSAccess::entropy_src
ccf::crypto::EntropyPtr entropy_src
Definition enclave_lfs_access.h:92
ccf::indexing::EnclaveLFSAccess::register_message_handlers
void register_message_handlers(messaging::Dispatcher< ringbuffer::Message > &dispatcher)
Definition enclave_lfs_access.h:132
ccf::indexing::EnclaveLFSAccess::encrypt
LFSEncryptedContents encrypt(const LFSKey &key, LFSContents &&contents)
Definition enclave_lfs_access.h:95
ccf::indexing::EnclaveLFSAccess::EnclaveLFSAccess
EnclaveLFSAccess(ringbuffer::WriterPtr writer)
Definition enclave_lfs_access.h:122
ccf::indexing::EnclaveLFSAccess::obfuscate_key
static LFSKey obfuscate_key(const LFSKey &key)
Definition enclave_lfs_access.h:240
messaging::Dispatcher
Definition messaging.h:38
symmetric_key.h
LOG_TRACE_FMT
#define LOG_TRACE_FMT
Definition internal_logger.h:13
LOG_FAIL_FMT
#define LOG_FAIL_FMT
Definition internal_logger.h:16
lfs_interface.h
lfs_ringbuffer_types.h
DISPATCHER_SET_MESSAGE_HANDLER
#define DISPATCHER_SET_MESSAGE_HANDLER(DISP, MSG,...)
Definition messaging.h:316
ccf::crypto::make_key_aes_gcm
std::unique_ptr< KeyAesGcm > make_key_aes_gcm(std::span< const uint8_t > rawKey)
Free function implementation.
Definition symmetric_key.cpp:102
ccf::crypto::EntropyPtr
std::shared_ptr< Entropy > EntropyPtr
Definition entropy.h:32
ccf::crypto::sha256
HashBytes sha256(const std::span< uint8_t const > &data)
Definition hash.cpp:24
ccf::crypto::GCM_DEFAULT_KEY_SIZE
constexpr size_t GCM_DEFAULT_KEY_SIZE
Definition symmetric_key.h:12
ccf::indexing
Definition indexer_interface.h:14
ccf::indexing::LFSKey
std::string LFSKey
Definition lfs_interface.h:17
ccf::indexing::LFSContents
std::vector< uint8_t > LFSContents
Definition lfs_interface.h:19
ccf::indexing::FetchResultPtr
std::shared_ptr< FetchResult > FetchResultPtr
Definition lfs_interface.h:37
ccf::indexing::LFSEncryptedContents
std::vector< uint8_t > LFSEncryptedContents
Definition lfs_interface.h:18
ccf::js::extensions::kvhelpers::key
uint8_t * key
Definition kv_helpers.h:80
ccf::pal::Mutex
std::mutex Mutex
Definition locking.h:12
ccf
Definition app_interface.h:14
ringbuffer::WriterPtr
std::shared_ptr< AbstractWriter > WriterPtr
Definition ring_buffer_types.h:154
serialized::write
void write(uint8_t *&data, size_t &size, const T &v)
Definition serialized.h:105
std
STL namespace.
RINGBUFFER_WRITE_MESSAGE
#define RINGBUFFER_WRITE_MESSAGE(MSG,...)
Definition ring_buffer_types.h:259
ccf::crypto::FixedSizeGcmHeader::set_random_iv
void set_random_iv(EntropyPtr entropy=ccf::crypto::get_entropy())
Definition symmetric_key.h:47
ccf::crypto::GcmCipher
Definition symmetric_key.h:58
ccf::crypto::GcmCipher::deserialise
void deserialise(const std::vector< uint8_t > &serial)
Definition symmetric_key.cpp:93
ccf::crypto::GcmCipher::serialise
std::vector< uint8_t > serialise()
Definition symmetric_key.cpp:78
ccf::crypto::GcmCipher::hdr
StandardGcmHeader hdr
Definition symmetric_key.h:59
ccf::crypto::GcmCipher::cipher
std::vector< uint8_t > cipher
Definition symmetric_key.h:60
ccf::crypto::GcmHeader::tag
uint8_t tag[GCM_SIZE_TAG]
Definition symmetric_key.h:18
ccf::crypto::GcmHeader::get_iv
std::span< const uint8_t > get_iv() const
Definition symmetric_key.cpp:34
Generated by doxygen 1.9.8