mirror of https://github.com/matter-labs/vault-auth-tee.git synced 2025-07-21 15:53:55 +02:00

Hashicorp Vault plugin for authenticating Trusted Execution Environments (TEE) like SGX enclaves

Find a file

renovate[bot] 744fe75acd chore(deps): update actions/setup-go action to v5 (#23 ) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: \| Package \| Type \| Update \| Change \| \|---\|---\|---\|---\| \| [actions/setup-go](https://togithub.com/actions/setup-go) \| action \| major \| `v4` -> `v5` \| --- ### Release Notes <details> <summary>actions/setup-go (actions/setup-go)</summary> ### [`v5`](https://togithub.com/actions/setup-go/compare/v4...v5) [Compare Source](https://togithub.com/actions/setup-go/compare/v4...v5) </details> --- ### Configuration 📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied. ♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 Ignore: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/matter-labs/vault-auth-tee). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy44Ny4yIiwidXBkYXRlZEluVmVyIjoiMzcuODcuMiIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>		2023-12-21 19:54:09 +01:00
.github	chore(deps): update actions/setup-go action to v5 (#23 )	2023-12-21 19:54:09 +01:00
ratee	feat: initial commit	2023-10-26 14:15:52 +02:00
tee	feat: initial commit	2023-10-26 14:15:52 +02:00
version	feat: initial commit	2023-10-26 14:15:52 +02:00
.gitignore	feat: initial commit	2023-10-26 14:15:52 +02:00
CONTRIBUTING.md	feat: initial commit	2023-10-26 14:15:52 +02:00
Dockerfile	feat: initial commit	2023-10-26 14:15:52 +02:00
flake.nix	feat: initial commit	2023-10-26 14:15:52 +02:00
go.mod	fix(deps): update module github.com/hashicorp/go-hclog to v1.6.2 (#21 )	2023-12-21 16:33:18 +01:00
go.sum	fix(deps): update module github.com/hashicorp/go-hclog to v1.6.2 (#21 )	2023-12-21 16:33:18 +01:00
LICENSE	feat: initial commit	2023-10-26 14:15:52 +02:00
main.go	feat: initial commit	2023-10-26 14:15:52 +02:00
README.md	feat: initial commit	2023-10-26 14:15:52 +02:00
renovate.json	feat: initial commit	2023-10-26 14:15:52 +02:00
SECURITY.md	feat: initial commit	2023-10-26 14:15:52 +02:00

README.md

vault-auth-tee

TEE remote attestation plugin for Hashicorp Vault

⚠️☢️☣️ WARNING: not yet for production use ☣️☢️⚠️

License

All of the code is licensed under the Mozilla Public License 2.0 unless otherwise specified. Most of the vault plugin code is based on the vault builtin/credential/cert plugin.

Build Setup

$ wget -qO - https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | sudo apt-key add -
$ sudo bash -c 'echo "deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main" > /etc/apt/sources.list.d/intel-sgx.list'
$ sudo apt update
$ sudo apt install -y --no-install-recommends \
    libsgx-headers \
    libsgx-enclave-common \
    libsgx-urts \
    libsgx-dcap-quote-verify \
    libsgx-dcap-quote-verify-dev

Configuration

Create or Update via the ${plugin}/tees/$name endpoint

{
    "name": "TEE_role_name",
    "token_policies": "policy1,policy2,...",
    "types": "sgx",
    "sgx_mrsigner": "298037d88782e022e019b3020745b78aa40ed95c77da4bf7f3253d3a44c4fd7e",
    "sgx_mrenclave": "18946b3547d3ca036f4df7b516857e28fd512d69fed3411dc660537912faabf8",
    "sgx_isv_prodid": 0,
    "sgx_min_isv_svn": 0,
    "sgx_allowed_tcb_levels": "Ok,ConfigNeeded,OutOfDate,OutOfDateConfigNeeded,SwHardeningNeeded,ConfigAndSwHardeningNeeded"
}

At least one of sgx_mrsigner or sgx_mrenclave must be set. If both are set, both are used for matching.
sgx_isv_prodid is optional and defaults to 0.
sgx_min_isv_svn is optional and defaults to 0.
sgx_allowed_tcb_levels is optional and defaults to Ok.

Authentication

Client TEE generates a self-signed TLS client certificate
Client TEE generates an attestation report, which includes the hash of the public key of the client certificate (in case of SGX, a sha256 sum of the public key)
Client TEE fetches all collateral material via e.g. Intel DCAP (tee_qv_get_collateral)
Client TEE sends POST request with a TLS connection using the client certificate to Vault via the ${plugin}/login endpoint with the name, attestation report and the attestation collateral material
An optional challenge can be included in the POST request, which is then included in the attestation report of the vault response

{
    "name": "The name of the TEE role to authenticate against.",
    "quote": "The quote Base64 encoded.",
    "collateral": "The collateral Json string encoded.",
    "challenge": "An optional challenge hex encoded."
}

The response contains the Vault token and, if a challenge was included, the vault attestation report, which must contain the challenge bytes in the report_data of the quote.

{
    "auth": {
        "client_token": "The Vault token.",
        "....": "...."
    },
    "data": {
        "quote": "The vault quote Base64 encoded.",
        "collateral": "The vault collateral Json string encoded."
    }
}

Collateral Json encoding

See sgx_ql_lib_common.h

{
    "major_version": uint16,
    "minor_version": uint16,
    "tee_type": uint32,
    "pck_crl_issuer_chain": []byte,
    "root_ca_crl": []byte,
    "pck_crl": []byte,
    "tcb_info_issuer_chain": []byte,
    "tcb_info": []byte,
    "qe_identity_issuer_chain": []byte,
    "qe_identity": []byte
}