refactor: Unify root seed sealing / unsealing

Author: MaxFangX

common/src/api/provision.rs

@@ -1,4 +1,4 @@
-use anyhow::Context;
+use anyhow::{ensure, Context};
 use bitcoin::secp256k1::PublicKey;
 use secrecy::ExposeSecret;
 use serde::{Deserialize, Serialize};
@@ -21,6 +21,13 @@ pub struct ProvisionRequest {
     pub root_seed: RootSeed,
 }
 
+#[derive(Serialize, Deserialize)]
+pub struct NodeInstanceSeed {
+    pub node: Node,
+    pub instance: Instance,
+    pub sealed_seed: SealedSeed,
+}
+
 #[derive(Serialize, Deserialize)]
 pub struct Node {
     pub user_pk: UserPk,
@@ -34,22 +41,39 @@ pub struct Instance {
 }
 
 /// Uniquely identifies a sealed seed using its primary key fields.
-#[derive(Serialize, Deserialize)]
+#[derive(Clone, Serialize, Deserialize)]
 pub struct SealedSeedId {
     pub node_pk: PublicKey,
     pub measurement: Measurement,
     pub machine_id: MachineId,
     pub min_cpusvn: MinCpusvn,
 }
 
-#[derive(Serialize, Deserialize)]
+/// The user node's provisioned seed that is sealed and persisted using its
+/// platform enclave keys that are software and version specific.
+///
+/// This struct is returned directly from the DB so it should be considered as
+/// untrusted and not-yet-validated. To validate and convert a [`SealedSeed`]
+/// into a [`RootSeed`], use [`unseal_and_validate`]. To encrypt an existing
+/// [`RootSeed`] into a [`SealedSeed`], use [`seal_from_root_seed`].
+///
+/// See [`crate::enclave::seal`] for more implementation details.
+///
+/// [`unseal_and_validate`]: Self::unseal_and_validate
+/// [`seal_from_root_seed`]: Self::seal_from_root_seed
+#[derive(Clone, Serialize, Deserialize)]
 pub struct SealedSeed {
     #[serde(flatten)]
     pub id: SealedSeedId,
+    /// The fully serialized + sealed root seed.
+    // NOTE: This should probably be renamed to `raw` or `ciphertext` or smth
+    // but that requires a DB migration
     pub seed: Vec<u8>,
 }
 
 impl SealedSeed {
+    const LABEL: &'static [u8] = b"sealed seed";
+
     pub fn new(
         node_pk: PublicKey,
         measurement: Measurement,
@@ -67,38 +91,101 @@ impl SealedSeed {
             seed,
         }
     }
-}
 
-/// The enclave's provisioned secrets that it will seal and persist using its
-/// platform enclave keys that are software and version specific.
-///
-/// See: [`crate::enclave::seal`]
-// TODO(phlip9): rename this or SealedSeed?
-pub struct ProvisionedSecrets {
-    pub root_seed: RootSeed,
-}
+    pub fn seal_from_root_seed<R: Crng>(
+        rng: &mut R,
+        root_seed: &RootSeed,
+    ) -> anyhow::Result<Self> {
+        // Construct the root seed ciphertext
+        let root_seed_ref = root_seed.expose_secret().as_slice();
+        let sealed = enclave::seal(rng, Self::LABEL, root_seed_ref.into())
+            .context("Failed to seal root seed")?;
+        let sealed_bytes = sealed.serialize();
 
-impl ProvisionedSecrets {
-    const LABEL: &'static [u8] = b"provisioned secrets";
+        // Derive / compute the other fields
+        let node_pk = root_seed.derive_node_pk(rng);
+        let measurement = enclave::measurement();
+        let machine_id = enclave::machine_id();
+        let min_cpusvn = enclave::MIN_SGX_CPUSVN;
 
-    pub fn seal(&self, rng: &mut dyn Crng) -> anyhow::Result<Sealed<'_>> {
-        let root_seed_ref = self.root_seed.expose_secret().as_slice();
-        enclave::seal(rng, Self::LABEL, root_seed_ref.into())
-            .context("Failed to seal provisioned secrets")
+        Ok(Self::new(
+            node_pk,
+            measurement,
+            machine_id,
+            min_cpusvn,
+            sealed_bytes,
+        ))
     }
 
-    pub fn unseal(sealed: Sealed<'_>) -> anyhow::Result<Self> {
-        let bytes = enclave::unseal(Self::LABEL, sealed)
+    pub fn unseal_and_validate<R: Crng>(
+        self,
+        rng: &mut R,
+    ) -> anyhow::Result<RootSeed> {
+        // Compute the SGX fields
+        let measurement = enclave::measurement();
+        let machine_id = enclave::machine_id();
+        let min_cpusvn = enclave::MIN_SGX_CPUSVN;
+
+        // Validate SGX fields
+        ensure!(
+            self.id.measurement == measurement,
+            "Saved measurement doesn't match current measurement",
+        );
+        ensure!(
+            self.id.machine_id == machine_id,
+            "Saved machine id doesn't match current machine id",
+        );
+        ensure!(
+            self.id.min_cpusvn == min_cpusvn,
+            "Saved min CPUSVN doesn't match current min CPUSVN",
+        );
+
+        // Unseal
+        let sealed = Sealed::deserialize(&self.seed)
+            .context("Failed to deserialize sealed seed")?;
+        let unsealed_bytes = enclave::unseal(Self::LABEL, sealed)
             .context("Failed to unseal provisioned secrets")?;
-        let root_seed = RootSeed::try_from(bytes.as_slice())
+
+        // Reconstruct root seed
+        let root_seed = RootSeed::try_from(unsealed_bytes.as_slice())
             .context("Failed to deserialize root seed")?;
-        Ok(Self { root_seed })
+
+        // Validate node_pk
+        let derived_node_pk = root_seed.derive_node_pk(rng);
+        ensure!(
+            self.id.node_pk == derived_node_pk,
+            "Saved node pk doesn't match derived node pk"
+        );
+
+        // Validation complete, everything OK.
+        Ok(root_seed)
     }
 }
 
-#[derive(Serialize, Deserialize)]
-pub struct NodeInstanceSeed {
-    pub node: Node,
-    pub instance: Instance,
-    pub sealed_seed: SealedSeed,
+#[cfg(test)]
+mod test {
+    use proptest::arbitrary::any;
+    use proptest::proptest;
+    use secrecy::ExposeSecret;
+
+    use super::*;
+    use crate::rng::SysRng;
+
+    proptest! {
+        #[test]
+        fn seal_unseal_roundtrip(root_seed1 in any::<RootSeed>()) {
+            let mut rng = SysRng::new();
+
+            let root_seed2 =
+                SealedSeed::seal_from_root_seed(&mut rng, &root_seed1)
+                    .unwrap()
+                    .unseal_and_validate(&mut rng)
+                    .unwrap();
+
+            assert_eq!(
+                root_seed1.expose_secret(),
+                root_seed2.expose_secret(),
+            );
+        }
+    }
 }

node/src/api/mock.rs

@@ -8,8 +8,7 @@ use bitcoin::secp256k1::PublicKey;
 use common::api::def::{NodeBackendApi, NodeRunnerApi};
 use common::api::error::{BackendApiError, RunnerApiError};
 use common::api::provision::{
-    Instance, Node, NodeInstanceSeed, ProvisionedSecrets, SealedSeed,
-    SealedSeedId,
+    Instance, Node, NodeInstanceSeed, SealedSeed, SealedSeedId,
 };
 use common::api::runner::UserPorts;
 use common::api::vfs::{NodeDirectory, NodeFile, NodeFileId};
@@ -18,7 +17,7 @@ use common::enclave::{self, Measurement};
 use common::rng::SysRng;
 use common::root_seed::RootSeed;
 use once_cell::sync::Lazy;
-use secrecy::{ExposeSecret, Secret};
+use secrecy::Secret;
 use tokio::sync::mpsc;
 
 use crate::api::ApiClient;
@@ -29,29 +28,27 @@ type Data = Vec<u8>;
 
 // --- test fixtures --- //
 
-fn make_seed(bytes: [u8; 32]) -> RootSeed {
+fn make_root_seed(bytes: [u8; 32]) -> RootSeed {
     RootSeed::new(Secret::new(bytes))
 }
-fn make_node_pk(seed: &RootSeed) -> PublicKey {
-    PublicKey::from_keypair(&seed.derive_node_key_pair(&mut SysRng::new()))
+fn make_node_pk(root_seed: &RootSeed) -> PublicKey {
+    root_seed.derive_node_pk(&mut SysRng::new())
 }
-fn make_sealed_seed(seed: &RootSeed) -> Vec<u8> {
-    let seed = make_seed(*seed.expose_secret());
-    let provisioned_secrets = ProvisionedSecrets { root_seed: seed };
-    let sealed_secrets = provisioned_secrets.seal(&mut SysRng::new()).unwrap();
-    sealed_secrets.serialize()
+fn make_sealed_seed(root_seed: &RootSeed) -> SealedSeed {
+    SealedSeed::seal_from_root_seed(&mut SysRng::new(), root_seed)
+        .expect("Failed to seal test root seed")
 }
 
-static SEED1: Lazy<RootSeed> = Lazy::new(|| make_seed([0x42; 32]));
-static SEED2: Lazy<RootSeed> = Lazy::new(|| make_seed([0x69; 32]));
+static SEED1: Lazy<RootSeed> = Lazy::new(|| make_root_seed([0x42; 32]));
+static SEED2: Lazy<RootSeed> = Lazy::new(|| make_root_seed([0x69; 32]));
 
 static NODE_PK1: Lazy<PublicKey> = Lazy::new(|| make_node_pk(&SEED1));
 static NODE_PK2: Lazy<PublicKey> = Lazy::new(|| make_node_pk(&SEED2));
 
-static SEALED_SEED1: Lazy<Vec<u8>> = Lazy::new(|| make_sealed_seed(&SEED1));
-static SEALED_SEED2: Lazy<Vec<u8>> = Lazy::new(|| make_sealed_seed(&SEED2));
+static SEALED_SEED1: Lazy<SealedSeed> = Lazy::new(|| make_sealed_seed(&SEED1));
+static SEALED_SEED2: Lazy<SealedSeed> = Lazy::new(|| make_sealed_seed(&SEED2));
 
-pub fn sealed_seed(node_pk: &PublicKey) -> Vec<u8> {
+pub fn sealed_seed(node_pk: &PublicKey) -> SealedSeed {
     if node_pk == &*NODE_PK1 {
         SEALED_SEED1.clone()
     } else if node_pk == &*NODE_PK2 {
@@ -155,14 +152,7 @@ impl NodeBackendApi for MockApiClient {
         &self,
         data: SealedSeedId,
     ) -> Result<Option<SealedSeed>, BackendApiError> {
-        let sealed_seed = SealedSeed::new(
-            data.node_pk,
-            data.measurement,
-            data.machine_id,
-            data.min_cpusvn,
-            sealed_seed(&data.node_pk),
-        );
-        Ok(Some(sealed_seed))
+        Ok(Some(sealed_seed(&data.node_pk)))
     }
 
     async fn create_node_instance_seed(

node/src/init.rs

@@ -6,15 +6,16 @@ use std::time::Duration;
 use anyhow::{bail, ensure, Context};
 use bitcoin::blockdata::constants::genesis_block;
 use bitcoin::BlockHash;
-use common::api::provision::{Node, ProvisionedSecrets, SealedSeedId};
+use common::api::provision::{Node, SealedSeedId};
 use common::api::runner::{Port, UserPorts};
 use common::api::UserPk;
 use common::cli::{Network, RunArgs};
 use common::client::tls::node_run_tls_config;
 use common::enclave::{
-    self, MachineId, Measurement, MinCpusvn, Sealed, MIN_SGX_CPUSVN,
+    self, MachineId, Measurement, MinCpusvn, MIN_SGX_CPUSVN,
 };
 use common::rng::Crng;
+use common::root_seed::RootSeed;
 use common::shutdown::ShutdownChannel;
 use common::task::LxTask;
 use futures::future;
@@ -119,14 +120,15 @@ impl UserNode {
         let (channel_monitor_updated_tx, channel_monitor_updated_rx) =
             mpsc::channel(DEFAULT_CHANNEL_SIZE);
 
-        // Initialize LexeBitcoind, fetch provisioned data
+        // Initialize LexeBitcoind while fetching provisioned secrets
         let (bitcoind_res, fetch_res) = tokio::join!(
             LexeBitcoind::init(
                 args.bitcoind_rpc.clone(),
                 args.network,
                 shutdown.clone(),
             ),
             fetch_provisioned_secrets(
+                rng,
                 api.as_ref(),
                 user_pk,
                 measurement,
@@ -136,9 +138,8 @@ impl UserNode {
         );
         let bitcoind =
             bitcoind_res.context("Failed to init bitcoind client")?;
-        let (node, provisioned_secrets) =
+        let (node, root_seed) =
             fetch_res.context("Failed to fetch provisioned secrets")?;
-        let root_seed = &provisioned_secrets.root_seed;
         let bitcoind = Arc::new(bitcoind);
 
         // Collect all handles to spawned tasks
@@ -148,8 +149,9 @@ impl UserNode {
         tasks.push(("refresh fees", bitcoind.spawn_refresh_fees_task()));
 
         // Build LexeKeysManager from node init data
-        let keys_manager = LexeKeysManager::init(rng, &node.node_pk, root_seed)
-            .context("Failed to construct keys manager")?;
+        let keys_manager =
+            LexeKeysManager::init(rng, &node.node_pk, &root_seed)
+                .context("Failed to construct keys manager")?;
         let node_pk = keys_manager.derive_pk(rng);
 
         // LexeBitcoind implements BlockSource, FeeEstimator and
@@ -252,7 +254,7 @@ impl UserNode {
 
         // Build owner service TLS config for authenticating owner
         let node_dns = args.node_dns_name.clone();
-        let owner_tls = node_run_tls_config(rng, root_seed, vec![node_dns])
+        let owner_tls = node_run_tls_config(rng, &root_seed, vec![node_dns])
             .context("Failed to build owner service TLS config")?;
 
         // Start warp service for owner
@@ -514,13 +516,14 @@ fn init_api(args: &RunArgs) -> ApiClientType {
 }
 
 /// Fetches previously provisioned secrets from the API.
-async fn fetch_provisioned_secrets(
+async fn fetch_provisioned_secrets<R: Crng>(
+    rng: &mut R,
     api: &dyn ApiClient,
     user_pk: UserPk,
     measurement: Measurement,
     machine_id: MachineId,
     min_cpusvn: MinCpusvn,
-) -> anyhow::Result<(Node, ProvisionedSecrets)> {
+) -> anyhow::Result<(Node, RootSeed)> {
     debug!(%user_pk, %measurement, %machine_id, %min_cpusvn, "fetching provisioned secrets");
 
     let (node_res, instance_res) = tokio::join!(
@@ -557,20 +560,17 @@ async fn fetch_provisioned_secrets(
                 min_cpusvn,
             };
 
-            let raw_sealed_data = api
+            let sealed_seed = api
                 .get_sealed_seed(sealed_seed_id)
                 .await
                 .context("Error while fetching sealed seed")?
                 .context("Sealed seed wasn't persisted with node & instance")?;
 
-            let sealed_data = Sealed::deserialize(&raw_sealed_data.seed)
-                .context("Failed to deserialize sealed seed")?;
+            let root_seed = sealed_seed
+                .unseal_and_validate(rng)
+                .context("Could not validate or unseal sealed seed")?;
 
-            let provisioned_secrets =
-                ProvisionedSecrets::unseal(sealed_data)
-                    .context("Failed to unseal provisioned secrets")?;
-
-            Ok((node, provisioned_secrets))
+            Ok((node, root_seed))
         }
         (None, None) => bail!("Enclave version has not been provisioned yet"),
         _ => bail!("Node and instance should have been persisted together"),