mirror of
https://github.com/matter-labs/vault-auth-tee.git
synced 2025-07-20 15:23:56 +02:00
Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves
| .github | ||
| cmd/vault-auth-tee | ||
| packages | ||
| test-fixtures/keys | ||
| .gitignore | ||
| backend.go | ||
| backend_test.go | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| flake.lock | ||
| flake.nix | ||
| go.mod | ||
| go.sum | ||
| LICENSE | ||
| path_info.go | ||
| path_login.go | ||
| path_login_test.go | ||
| path_tees.go | ||
| README.md | ||
| renovate.json | ||
| roughntstime.go | ||
| SECURITY.md | ||
| sgxquote.go | ||
| sgxquote_test.go | ||
| test_responder.go | ||
| version.go | ||
vault-auth-tee
TEE remote attestation plugin for Hashicorp Vault
Disclaimer
This plugin has not yet received an audit. Use at your own risk.
License
All of the code is licensed under the Mozilla Public License 2.0 unless otherwise specified.
Most of the vault plugin code is based on the vault builtin/credential/cert plugin.
Build Setup
$ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
$ sudo bash -c 'echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list'
$ sudo apt update
$ sudo apt install -y --no-install-recommends \
libsgx-headers \
libsgx-enclave-common \
libsgx-urts \
libsgx-dcap-quote-verify \
libsgx-dcap-quote-verify-dev
Configuration
Create or Update via the ${plugin}/tees/$name endpoint
{
"name": "TEE_role_name",
"token_policies": "policy1,policy2,...",
"types": "sgx",
"sgx_mrsigner": "298037d88782e022e019b3020745b78aa40ed95c77da4bf7f3253d3a44c4fd7e",
"sgx_mrenclave": "18946b3547d3ca036f4df7b516857e28fd512d69fed3411dc660537912faabf8",
"sgx_isv_prodid": 0,
"sgx_min_isv_svn": 0,
"sgx_allowed_tcb_levels": "Ok,ConfigNeeded,OutOfDate,OutOfDateConfigNeeded,SwHardeningNeeded,ConfigAndSwHardeningNeeded"
}
- At least one of
sgx_mrsignerorsgx_mrenclavemust be set. If both are set, both are used for matching. sgx_isv_prodidis optional and defaults to0.sgx_min_isv_svnis optional and defaults to0.sgx_allowed_tcb_levelsis optional and defaults toOk.
Authentication
- Client TEE generates a self-signed TLS client certificate
- Client TEE generates an attestation report, which includes the hash of the public key of the client certificate (in case of SGX, a sha256 sum of the public key)
- Client TEE fetches all collateral material via e.g. Intel DCAP (
tee_qv_get_collateral) - Client TEE sends POST request with a TLS connection using the client certificate
to Vault via the
${plugin}/loginendpoint with the name, attestation report and the attestation collateral material - An optional challenge can be included in the POST request, which is then included in the attestation report of the vault response
{
"name": "The name of the TEE role to authenticate against.",
"quote": "The quote Base64 encoded.",
"collateral": "The collateral Json string encoded.",
"challenge": "An optional challenge hex encoded."
}
The response contains the Vault token and, if a challenge was included, the vault attestation report, which must contain the challenge bytes in the report_data of the quote.
{
"auth": {
"client_token": "The Vault token.",
"....": "...."
},
"data": {
"quote": "The vault quote Base64 encoded.",
"collateral": "The vault collateral Json string encoded."
}
}
Collateral Json encoding
{
"major_version": uint16,
"minor_version": uint16,
"tee_type": uint32,
"pck_crl_issuer_chain": []byte,
"root_ca_crl": []byte,
"pck_crl": []byte,
"tcb_info_issuer_chain": []byte,
"tcb_info": []byte,
"qe_identity_issuer_chain": []byte,
"qe_identity": []byte
}