feat(cdh): add aliyun KMS attestation client to fetch resources by remote attestation#100
Open
jialez0 wants to merge 1 commit into
Open
feat(cdh): add aliyun KMS attestation client to fetch resources by remote attestation#100jialez0 wants to merge 1 commit into
jialez0 wants to merge 1 commit into
Conversation
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
…mote attestation Add a new `attestation` client type to the aliyun KMS plugin that fetches confidential resources from a KMS instance with the Trustee Attestation Service integrated, authorized by TEE remote attestation instead of a pre-provisioned client key. The client: - fetches a temporary STS credential from the ECS RAM role via IMDS, so no long-term secret is stored in the TEE; - calls GetChallenge, generates an ephemeral RSA-2048 key pair, and binds its public key into the TEE evidence through the canonical SHA-384 of the structured runtime data; - retrieves the secret via GetSecretValue with a Trustee Recipient and decrypts the returned CiphertextForRecipient (RSAES-OAEP-SHA256) with the ephemeral private key. It plugs into the existing vault sealed-secret Getter path, so no routing change is needed: a Vault secret with provider "aliyun" and `client_type: "attestation"` in its provider settings is served by this client. Verified end-to-end on a real Intel TDX ECS instance against a KMS instance with the integrated attestation service: sealing a Vault secret and unsealing it returns the provisioned plaintext. Signed-off-by: Jiale Zhang <zhangjiale@linux.alibaba.com>
jialez0
force-pushed
the
feat/cdh-kms-trustee
branch
from
July 17, 2026 02:02
f28ba4a to
ec69627
Compare
Collaborator
|
@jialez0 ,您好,您的请求已接收,请耐心等待结果。 |
Collaborator
|
@jialez0 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start 。 |
Xynnn007
reviewed
Jul 17, 2026
|
|
||
| /// `Recipient.KeyEncryptionAlgorithm` understood by the KMS Trustee integration. | ||
| /// The secret is wrapped with RSAES-OAEP using SHA-256 for both the hash and MGF1. | ||
| const KEY_ENCRYPTION_ALGORITHM: &str = "RSAES_OAEP_SHA_256"; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this PR does
Adds a new
attestationclient type to the aliyun KMS plugin inconfidential-data-hub. It lets a confidential guest fetch confidential
resources (KMS secrets) from an Aliyun KMS instance that has the Trustee
Attestation Service integrated, authorized by TEE remote attestation
instead of a pre-provisioned client key or any long-term credential.
Background
Besides serving secrets over the RCAR protocol from a standalone Trustee KBS,
the Trustee Attestation Service can now be integrated inside an Aliyun KMS
instance. In that model the KMS itself verifies the TEE evidence and returns
the secret encrypted to a public key that is bound into the evidence, so the
plaintext is only recoverable inside the attested TEE. This client implements
the guest side of that flow.
How it works
All requests are RPC-style
POST /form bodies signed with the Aliyun POPHMAC-SHA1 scheme, sent to the dedicated instance endpoint
(
{instance}.cryptoservice.kms.aliyuncs.com) over its private CA.long-term secret is stored in the TEE.
GetChallenge→{ Nonce, ChallengeToken }.structuredruntimedata
{ challenge_token, nonce, tee-pubkey }, hash it canonically withSHA-384 (via
canon-json, matching the AS), and let the attestation-agentembed the hash into the TEE evidence report data.
GetSecretValuewith a TrusteeRecipientcarrying the evidence; the KMSverifies it and returns
CiphertextForRecipient= RSAES-OAEP-SHA256(secret).CiphertextForRecipientwith the ephemeral private key.Integration
The client plugs into the existing vault sealed-secret
Getterpath, so norouting change is needed. A Vault secret whose provider is
aliyunand whoseprovider settings carry
client_type: "attestation"is served by this client:{ "client_type": "attestation", "kms_instance_id": "kst-xxxxxxxx", "region_id": "cn-hangzhou", "ecs_ram_role_name": "your-ecs-ram-role" }The KMS instance private CA is read from
{ALIYUN_IN_GUEST_KEY_PATH}/PrivateKmsCA_{instance}.pem, mirroring theexisting
client_keylayout.Testing
round-trip with the ephemeral key, exported public exponent is
AQAB.integrated attestation service: sealing a Vault secret and unsealing it
returns the provisioned plaintext.
Note on the OAEP backend
The ephemeral key uses the
rsacrate directly to guarantee OAEP with SHA-256for both the digest and MGF1. The shared
cryptocrate's OpenSSL backend stillmaps
PaddingMode::OAEPto OpenSSL's default (SHA-1) OAEP, which would notinteroperate with the KMS
RSAES_OAEP_SHA_256wrapping.