topic Hi, in Intel® Software Guard Extensions (Intel® SGX)

Key Derivation - MK, SK, VK, SMK

Joe63 — Thu, 02 Feb 2017 14:23:53 GMT

Hey,

does anyone know what these multiple key in the RemoteAttestation SampelCode are used for?

What does SK, VK, MK and SMK mean? Does SK stand for Storage-Key or Signing-Key? What are the use, cases for all of that 4 key-types? In dont find online any detailed information!

Thanks!

Hi,

Surenthar_S_Intel — Fri, 03 Feb 2017 06:48:25 GMT

Hi,

SK (Signing Key/Symmetric Key)
MK (Master Key/Masking Key)
SMK (SIGMA protocol)
ISV can use the sgx_ra_init_ex API to provide a callback function to generate the remote attestation keys used in the SIGMA protocol (SMK) and returned by the API sgx_ra_get_keys (SK, MK, and VK). The decision to use a different KDF is a policy of the ISV, but it should be approved by the ISV’s security process.
sgx_ ra_derive_secret_keys_t function takes the Diffie-Hellman shared secret as input to allow the ISV enclave to generate their own derived shared keys (SMK, SK, MK and VK).
Remote Attestation context was generated by sgx_ra_init, the returned SGX_RA_ KEY_MK, SGX_RA_KEY_SK or SGX_RA_VK is derived from the Diffie-Hellman shared secret elliptic curve field element between the service provider and the application enclave using the following Key Derivation Function (KDF):
- KDK = AES-CMAC(key0, gab x-coordinate)
- SGX_RA_KEY_VK = AES-CMAC(KDK, 0x01||’VK’||0x00||0x80||0x00)
- SGX_RA_KEY_MK = AES-CMAC(KDK, 0x01||’MK’||0x00||0x80||0x00)
- SGX_RA_KEY_SK = AES-CMAC(KDK, 0x01||’SK’||0x00||0x80||0x00)
The key0 used in the key extraction operation is 16 bytes of 0x00. The plain text used in the Key derivation calculation is the Diffie-Hellman shared secret elliptic curve field element in Little Endian format.
The plain text used in each key calculation includes:
- a counter (0x01)
- a label: the ASCII representation of one of the strings 'VK', 'MK' or 'SK' in Little Endian format
- a bit length (0x80)

-Surenthar

Okay thanks, for that

Joe63 — Sat, 04 Feb 2017 11:31:00 GMT

Okay thanks, for that information.

I have another question. I saw the RemoteAttestation example. If i wanna communicate over the secure communication channel (established in the Remot-Attestation process), should i therefor use the SK-Key to sign the data? The background is: i wanna communicate information after the result-message (sent from SP to Enclave), back from the enclave to the SP. The Enclave has received a so called secret from the SP (which is in the result message). As i see it the message was only to demonstrate, that i can protect information with the sk-key right? So if i wanna send a message back to the SP afterward, there are no advantages to put the secret in that message, right? My message has only a payload field and a MAC-field (mac over payload with sk-key). i dont wanna encrypt my payload but i wanna ensure i is from the enclave, so am i processing right?

Hi,

Surenthar_S_Intel — Mon, 06 Feb 2017 11:22:36 GMT

Hi,

Please refer the link for more info about remote attestation https://software.intel.com/en-us/articles/intel-software-guard-extensions-remote-attestation-end-to-end-example

-Surenthar

Hi,

Adrian_D_ — Wed, 12 Apr 2017 11:18:57 GMT

Hi,

Selvaraj, Surenthar (Intel) wrote:

SK (Signing Key/Symmetric Key)

MK (Master Key/Masking Key)

SMK (SIGMA protocol)

you explained what SK, MK and SMK stand for, but left out VK. What does VK mean?

Hi,

Anusha_K_Intel — Wed, 12 Apr 2017 13:22:35 GMT

Hi,

VK: Verification key
VK is derived from the Diffie-Hellman shared secret elliptic curve field element between the service provider and the application enclave.
VK = AES-CMAC (0x00, gab x coordinate|| 0x03)