Claude/add enclave verify endpoint ac vqi#261
Closed
jplock wants to merge 10 commits intoaws-samples:mainfrom
Closed
Claude/add enclave verify endpoint ac vqi#261jplock wants to merge 10 commits intoaws-samples:mainfrom
jplock wants to merge 10 commits intoaws-samples:mainfrom
Conversation
Plan for adding a new endpoint to verify Nitro Enclave environment: - Phase 1: Enclave NSM attestation document generation - Phase 2: Parent /verify endpoint with vsock communication - Phase 3: PCR configuration and validation Features: - Returns raw COSE Sign1 attestation for client-side verification - Accepts optional nonce parameter for freshness - Optional parent-side PCR validation against configured values
Changes from client-only to defense-in-depth approach: - Parent performs full COSE signature verification - Parent validates certificate chain to AWS Nitro root - Parent optionally validates PCRs against configured values - Raw attestation document still returned for client verification New dependencies for parent: - aws-nitro-enclaves-cose: COSE Sign1 parsing/verification - webpki: Certificate chain validation - ciborium: CBOR parsing - hex: PCR value encoding Response now includes: - verified: overall verification status - signature_valid: COSE signature check result - certificate_chain_valid: cert chain to AWS root result - pcr_validation: PCR comparison results - document_info: extracted metadata (module_id, timestamp, nonce, etc.)
Key change: Parent no longer stores or validates expected PCR values. This simplifies deployment significantly. Parent responsibilities (cryptographic only): - Verify COSE Sign1 signature - Validate certificate chain to AWS Nitro root - Extract and return PCR values Client responsibilities: - Validate PCR values against their expected values - Verify nonce matches what was sent - Optionally re-verify raw attestation document Removed: - expected_pcr0/1/2 config options - validate_pcrs flag - PcrValidationResult.valid field - All PCR comparison logic in parent No changes needed to parent/src/configuration.rs
Major security improvements following Trail of Bits recommendations: 1. Reconstruct-verify for PCR validation - Instead of parsing PCRs and comparing (vulnerable to parsing bugs) - Rebuild attestation payload with expected PCRs - Verify signature against reconstructed payload - If signature valid → PCRs cryptographically match 2. Client provides expected PCRs per-request - No parent-side PCR configuration needed - Client sends expected_pcrs in request body - Parent uses reconstruct-verify to check match 3. Additional security measures - Minimum nonce length: 16 bytes (128 bits) - Timestamp validation with configurable max_age_ms - Nonce echo verification - AWS root cert hash verification 4. Clear trust model documentation - Parent is explicitly untrusted - Raw attestation always returned for client re-verification - Parent verification is convenience only References: - Trail of Bits: Images and Attestation (Feb 2024) - Trail of Bits: Attack Surface (Sept 2024)
Implements a new POST /verify endpoint on the parent application that: - Requests attestation documents from running Nitro Enclaves - Verifies using Trail of Bits recommended reconstruct-verify approach - Returns both raw attestation document and verification result Key features: - Client provides expected PCRs for reconstruct-verify validation - Enforces minimum 16-byte nonce per Trail of Bits recommendations - Validates attestation timestamp for freshness - Returns raw document for client-side re-verification (defense-in-depth) Enclave changes: - Add NSM (Nitro Secure Module) wrapper in nsm.rs - Add AttestationRequest/AttestationResponse models - Update main.rs to handle both decrypt and attestation requests - Backward compatible: legacy requests without "type" tag still work Parent changes: - Add attestation.rs with reconstruct-verify logic - Add nitro_root_cert.rs with embedded AWS Nitro root certificate - Add VerifyRequest/VerifyResponse models with validation - Add attest() method to enclaves.rs for vsock communication - Register /verify route in application.rs Reference: https://blog.trailofbits.com/2024/02/16/a-few-notes-on-aws-nitro-enclaves-images-and-attestation/
The VerifyRequest validation in models.rs expects PCR keys as numeric
strings ("0", "1", "2"), but parse_expected_pcrs in attestation.rs
expected "PCR" prefixed keys ("PCR0", "PCR1", "PCR2").
Updated parse_expected_pcrs to accept numeric keys to match validation:
- Changed key parsing from strip_prefix("PCR") to direct parse()
- Added index range validation (0-23)
- Updated tests to use numeric key format
- Added additional tests for multiple PCRs and out-of-range index
Merged changes from main branch: - Multi-threaded connection handling with limits - Sanitize error messages for security - Generic stream types for better testability - Updated vsock API (bind_with_cid_port) - Rayon for parallel field decryption Additional fixes: - Implement full certificate chain validation in attestation.rs - Verify certificates against AWS Nitro root - Check certificate validity periods - Verify signature chain from enclave to root - Fix clippy warnings by using windows() iterator - Box EnclaveRequest variant to reduce enum size difference
- Move MIN_NONCE_LENGTH, MAX_NONCE_LENGTH, MAX_USER_DATA_LENGTH, MAX_PUBLIC_KEY_LENGTH from nsm.rs to constants.rs - Reorder musl target dependencies alphabetically (aws-nitro-enclaves-nsm-api before mimalloc) - Use cfg attribute for musl-only imports to avoid unused import warnings
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue #, if available:
Description of changes:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.