feat: get current unix time for verification with NTS (#35)

otherwise it could have been faked from the host.

go.mod

@@ -9,6 +9,8 @@ require (
 	github.com/hashicorp/vault/api v1.11.0
 	github.com/hashicorp/vault/sdk v0.11.0
 	github.com/stretchr/testify v1.8.4
+	gitlab.com/hacklunch/ntp v0.2.1-0.20200714090752-d286380a85fb
+	gitlab.com/hacklunch/ntske v0.0.0-20201006122939-e09fea38c855
 	golang.org/x/crypto v0.18.0
 )
 
@@ -44,6 +46,7 @@ require (
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/aead/cmac v0.0.0-20160719120800-7af84192f0b1 // indirect
 	github.com/aliyun/alibaba-cloud-sdk-go v1.62.676 // indirect
 	github.com/armon/go-metrics v0.4.1 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
@@ -224,6 +227,7 @@ require (
 	github.com/renier/xmlrpc v0.0.0-20170708154548-ce4a1a486c03 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sasha-s/go-deadlock v0.2.0 // indirect
+	github.com/secure-io/siv-go v0.0.0-20180922214919-5ff40651e2c4 // indirect
 	github.com/segmentio/fasthash v1.0.3 // indirect
 	github.com/sethvargo/go-limiter v0.7.1 // indirect
 	github.com/shirou/gopsutil/v3 v3.22.6 // indirect

go.sum

@@ -160,6 +160,8 @@ github.com/SAP/go-hdb v0.14.1 h1:hkw4ozGZ/i4eak7ZuGkY5e0hxiXFdNUBNhr4AvZVNFE=
 github.com/SAP/go-hdb v0.14.1/go.mod h1:7fdQLVC2lER3urZLjZCm0AuMQfApof92n3aylBPEkMo=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af h1:DBNMBMuMiWYu0b+8KMJuWmfCkcxl09JwdlqwDZZ6U14=
 github.com/abdullin/seq v0.0.0-20160510034733-d5467c17e7af/go.mod h1:5Jv4cbFiHJMsVxt52+i0Ha45fjshj6wxYr1r19tB9bw=
+github.com/aead/cmac v0.0.0-20160719120800-7af84192f0b1 h1:+JkXLHME8vLJafGhOH4aoV2Iu8bR55nU6iKMVfYVLjY=
+github.com/aead/cmac v0.0.0-20160719120800-7af84192f0b1/go.mod h1:nuudZmJhzWtx2212z+pkuy7B6nkBqa+xwNXZHL1j8cg=
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
@@ -1234,6 +1236,8 @@ github.com/sean-/conswriter v0.0.0-20180208195008-f5ae3917a627/go.mod h1:7zjs06q
 github.com/sean-/pager v0.0.0-20180208200047-666be9bf53b5/go.mod h1:BeybITEsBEg6qbIiqJ6/Bqeq25bCLbL7YFmpaFfJDuM=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
+github.com/secure-io/siv-go v0.0.0-20180922214919-5ff40651e2c4 h1:zOjq+1/uLzn/Xo40stbvjIY/yehG0+mfmlsiEmc0xmQ=
+github.com/secure-io/siv-go v0.0.0-20180922214919-5ff40651e2c4/go.mod h1:aI+8yClBW+1uovkHw6HM01YXnYB8vohtB9C83wzx34E=
 github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM=
 github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY=
 github.com/sethvargo/go-limiter v0.7.1 h1:wWNhTj0pxjyJ7wuJHpRJpYwJn+bUnjYfw2a85eu5w9U=
@@ -1351,6 +1355,10 @@ github.com/yusufpapurcu/wmi v1.2.2/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
 github.com/zeebo/xxh3 v1.0.2 h1:xZmwmqxHZA8AI603jOQ0tMqmBr9lPeFwGg6d+xy9DC0=
 github.com/zeebo/xxh3 v1.0.2/go.mod h1:5NWz9Sef7zIDm2JHfFlcQvNekmcEl9ekUZQQKCYaDcA=
 github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
+gitlab.com/hacklunch/ntp v0.2.1-0.20200714090752-d286380a85fb h1:uJsHeNfr81+gh0PQTOks0BjVh0Sr7qKet4AMnq7kGZU=
+gitlab.com/hacklunch/ntp v0.2.1-0.20200714090752-d286380a85fb/go.mod h1:pkNhJZ7jcdCc3oziVctcNvwRilWbmhY0nEZDr15lEfY=
+gitlab.com/hacklunch/ntske v0.0.0-20201006122939-e09fea38c855 h1:CkS5VI+6uY5YYNFcaf63VbyZHUcTq+oOvPbaAPDoJi0=
+gitlab.com/hacklunch/ntske v0.0.0-20201006122939-e09fea38c855/go.mod h1:QyZVYV7pa5YbRb5aJ9yWPdEC2XRsxcTlex6ghDmXLbg=
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.3.7 h1:j+zJOnnEjF/kyHlDDgGnVL/AIqIJPq8UoB2GSNfkUfQ=
 go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw=
@@ -1416,6 +1424,7 @@ golang.org/x/crypto v0.0.0-20190411191339-88737f569e3a/go.mod h1:WFFai1msRO1wXaE
 golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
@@ -1570,6 +1579,7 @@ golang.org/x/sys v0.0.0-20190515120540-06a5c4944438/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190523142557-0e01d883c5c5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190712062909-fae7ac547cb7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -1670,6 +1680,7 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn
 golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190719005602-e377ae9d6386/go.mod h1:jcCCGcm9btYwXyDqrUWc6MKQKKGJCWEQ3AfLSRIbEuI=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190823170909-c4a336ef6a2f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=

path_login.go

@@ -23,7 +23,9 @@ import (
 	"github.com/hashicorp/vault/sdk/logical"
 )
 
-var timeNowFunc = time.Now
+var timeNowFunc = func() (time.Time, error) {
+	return getRoughNtsUnixTime()
+}
 
 func pathLogin(b *backend) *framework.Path {
 	return &framework.Path{
@@ -262,8 +264,13 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
 		return logical.ErrorResponse("collateral unmarshal error"), nil
 	}
 
+	now, err := timeNowFunc()
+	if err != nil {
+		return logical.ErrorResponse("time error"), nil
+	}
+
 	// Do the actual remote attestation verification
-	result, err := SgxVerifyRemoteReportCollateral(quoteBytes, collateral, timeNowFunc().Unix())
+	result, err := SgxVerifyRemoteReportCollateral(quoteBytes, collateral, now.Unix())
 	if err != nil {
 		return logical.ErrorResponse("sgx verify error"), nil
 	}
@@ -303,8 +310,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, data *fra
 
 	entry.PopulateTokenAuth(auth)
 
-	now := timeNowFunc()
-
 	if !now.Add(auth.TTL).After(expirationDate) {
 		auth.TTL = expirationDate.Sub(now)
 	}
@@ -388,7 +393,10 @@ func (b *backend) pathLoginRenew(ctx context.Context, req *logical.Request, d *f
 		return logical.ErrorResponse("error parsing `collateral_expiration_date` metadata"), nil
 	}
 
-	now := timeNowFunc()
+	now, err := timeNowFunc()
+	if err != nil {
+		return logical.ErrorResponse("time error"), nil
+	}
 
 	if expirationDate.Before(now) {
 		return logical.ErrorResponse("Collateral expired"), nil

roughntstime.go

@@ -0,0 +1,116 @@
+// SPDX-License-Identifier: MPL-2.0
+// Copyright (c) Matter Labs
+//
+// Gets the rough network time using NTS-KE.
+// It queries a number of servers and returns the time from the last server that responds.
+// It returns an error if it fails to query enough servers or if the time fluctuates too much.
+
+package vault_auth_tee
+
+import (
+	"crypto/tls"
+	"fmt"
+	"gitlab.com/hacklunch/ntp"
+	"gitlab.com/hacklunch/ntske"
+	"log"
+	"math/rand"
+	"time"
+)
+
+// Gets the rough network time using NTS-KE.
+// It queries a number of servers and returns the time from the last server that responds.
+// It returns an error if it fails to query enough servers or if the time fluctuates too much.
+func getRoughNtsUnixTime() (time.Time, error) {
+	tlsconfig := &tls.Config{}
+	servers := []string{
+		"time.cloudflare.com",
+		"nts.ntp.se",
+		"gps.ntp.br",
+		"paris.time.system76.com",
+		"ntp3.fau.de",
+		"ptbtime1.ptb.de",
+		"ntppool1.time.nl",
+		"nts.netnod.se",
+		"time.txryan.com",
+		"ntpmon.dcs1.biz",
+	}
+
+	// Shuffle the servers to avoid always querying the same servers.
+	for i := range servers {
+		j := rand.Intn(i + 1)
+		servers[i], servers[j] = servers[j], servers[i]
+	}
+
+	numToQuery := 3
+	queried := 0
+	sumOffset := time.Duration(0)
+	retTime := time.Unix(0, 0)
+
+	for _, server := range servers {
+		ke, err := ntske.Connect(server, tlsconfig, false)
+		if err != nil {
+			log.Printf("Failed to connect to %v: %v\n", server, err)
+			continue
+		}
+
+		err = ke.Exchange()
+		if err != nil {
+			log.Printf("Key exchange failed for %v: %v\n", server, err)
+			continue
+		}
+
+		if len(ke.Meta.Cookie) == 0 {
+			log.Printf("No Cookies from %v: %v\n", server, err)
+			continue
+		}
+
+		if ke.Meta.Algo != ntske.AES_SIV_CMAC_256 {
+			log.Printf("Algorithm mismatch for %v: %v\n", server, err)
+			continue
+		}
+
+		err = ke.ExportKeys()
+		if err != nil {
+			log.Printf("Failed to export keys from %v: %v\n", server, err)
+			continue
+		}
+
+		var opt ntp.QueryOptions
+		opt.Port = int(ke.Meta.Port)
+		opt.NTS = true
+		opt.C2s = ke.Meta.C2sKey
+		opt.S2c = ke.Meta.S2cKey
+		opt.Cookie = ke.Meta.Cookie[0]
+		opt.Debug = false
+
+		resp, err := ntp.QueryWithOptions(ke.Meta.Server, opt)
+		if err != nil {
+			log.Printf("Failed query NTP for %v: %v\n", server, err)
+			continue
+		}
+
+		err = resp.Validate()
+		if err != nil {
+			log.Printf("Failed to validate NTP response for %v: %v\n", server, err)
+			continue
+		}
+
+		sumOffset += resp.ClockOffset.Abs()
+
+		queried++
+		if queried >= numToQuery {
+			retTime = resp.Time
+			break
+		}
+	}
+
+	if queried < numToQuery {
+		return retTime, fmt.Errorf("failed to query enough servers")
+	}
+
+	if sumOffset > time.Minute {
+		return retTime, fmt.Errorf("queried time fluctuates too much")
+	}
+
+	return retTime, nil
+}