search

edgebitio / enclaver

Open source toolkit created to enable easy adoption of software enclaves
https://edgebit.io/enclaver
Apache License 2.0
138 stars 14 forks source link

Adds /v1/attestation endpoint #126

Closed eyakubovich closed 2 years ago

eyakubovich commented 2 years ago

This introduces enclave internal API with its first endpoint -- attestation. The api can be enabled in enclaver.yaml as follows:

api:
  listen_port: 7777

POST /v1/attestation expects a JSON payload of the form:

{
  nonce: <base64-encoded-string>,
  user_data: <base64-encoded-string>,
  public_key: <PEM-encoded-key>,
}

All fields are optional. It returns the attestation document in CBOR format (NOT base64 encoded).

eyakubovich commented 2 years ago

This endpoint can be used to generate an attestation to be inspected by a different service. The attestation should either be "bound" to an established TLS connection (and use nonce as a challenge to avoid replay) or bound to a public key (provided the private key is only available in the enclave) as is done with KMS.

Enclaver component that implements this endpoint already generates a keypair for the use with KMS. I am thinking of adding to this API to have the ability to auto-fill into the attestation request (e.g. if /v1/attestation?pk_fill=1). Then I would also provide a /v1/decrypt endpoint to decrypt the data using this key. Feedback welcome.

This API can also be used as a poor-man's way of signing data generated by the enclave. Take the hash of the data to sign and put it into the user_data field. However it has the downside that the verification now requires two pieces of data: AWS public key and a list of trusted PCR values (trusted hashes of the images). It maybe easier to sign the data using something like JWT or X.509. This way only a public key is needed. The private key can be encrypted using the KMS and decrypted when the enclave starts. The KMS key policy can be restricted to trusted PCR values.

eyakubovich commented 2 years ago

Fixes #119