You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Adds AWS Nitro attestation verification support to aptos_framework::aws_nitro_utils. The Move API keeps trusted Nitro root certificates in framework-managed on-chain storage and wraps deterministic native verification that takes explicit trusted roots plus an explicit Unix timestamp.
The native implementation validates the attestation document certificate chain, verifies the COSE signature, and exposes parsed PCR, public key, user data, and nonce fields so Move policy can authorize TEE jobs before ACE-style key release flows.
Also updates the poker Move example to use Shelby/TEE-style table registration semantics: the table enclave must submit a Nitro attestation whose user_data is bound to b"APTOS_POKER_TABLE_V1" || bcs(table_address). The example clients and docs now describe the chain-managed Nitro root store and real attestation document path.
How Has This Been Tested?
cargo check -p aptos-framework-natives --lib
cargo build -p aptos --bin aptos
target/debug/aptos move test --package-dir aptos-move/framework/aptos-framework --skip-fetch-latest-git-deps --filter aws_nitro
cargo test -p aptos-move-examples test_poker -- --nocapture
Poker example's table registration binding via Nitro user_data
Gas parameter placement and dependency wiring after the latest framework native split
Type of Change
New feature
Bug fix
Breaking change
Performance improvement
Refactoring
Dependency update
Tests
Which Components or Systems Does This Change Impact?
Validator Node
Full Node (API, Indexer, etc.)
Move/Aptos Virtual Machine
Aptos Framework
Aptos CLI/SDK
Developer Infrastructure
Move Compiler
Other (specify)
Note
High Risk
Adds security-critical attestation and PKIX/COSE verification in the VM and framework-managed trust roots; misconfiguration or bugs could allow bogus TEE authorization or break legitimate enclave flows.
Overview
Adds aptos_framework::aws_nitro_utils, a new framework module for verifying AWS Nitro COSE attestation documents on-chain. Governance (or testnet-only helpers) can store trusted Nitro root DER certs; public APIs verify against that store or caller-supplied roots and consensus time, with optional parsing of PCRs, nonce, user_data, and public key plus helpers like verify_attestation_user_data and verify_attestation_matches.
VM natives implement certificate-chain validation (webpki), COSE signature checks, and structured AttestationDoc return values. Gas for verify vs verify-and-parse is calibrated from a ~5KB attestation benchmark. New crypto crates and a criterion bench support the native path.
The poker example is extended so table registration requires a valid attestation whose user_data is APTOS_POKER_TABLE_V1 || bcs(table_address), with JS clients, a Go Nitro attester, and LOCAL_AWS_E2E.md documenting localnet + AWS smoke flow. Move example tests gain a larger-stack test_poker harness.
Reviewed by Cursor Bugbot for commit cd7ff02. Bugbot is set up for automated code reviews on this repo. Configure here.
The reason will be displayed to describe this comment to others. Learn more.
Table fees locked in pool
Medium Severity
Leave settlement moves the 5% fee into TableInfo.fee_pool, but no entry function withdraws or transfers those coins to the table operator. Documented table fees accumulate in the resource and stay unusable for the TEE table account.
The reason will be displayed to describe this comment to others. Learn more.
Medium severity: players can be locked in escrow indefinitely after requesting leave.request_leave only records intent, and actual payout happens only if the table later calls settle_leaving_players with that address in leaving_players. A malicious or unavailable table can therefore leave exit requests unprocessed forever, trapping the player's APT in escrow with no player-initiated recovery path.
The reason will be displayed to describe this comment to others. Learn more.
Duplicate leave request aborts
Medium Severity
request_leave always calls table::add on pending_leave, which aborts when the player key is already present. A second leave request (retry, double submit, or client bug) fails the transaction instead of being a no-op.
The reason will be displayed to describe this comment to others. Learn more.
Medium severity: this helper authorizes any Nitro enclave that can choose the expected user_data. After verify_and_parse_attestation_with_roots(...) succeeds, the only policy check here is user_data_equals(&doc, expected_user_data). user_data is caller-controlled input to GetAttestationDocument, so this does not pin PCRs, debug mode, or an attested public key. Any contract that uses verify_attestation_user_data*() as its gate, including the new poker example, can therefore be satisfied by an attacker-built Nitro enclave that simply emits the same user_data, defeating the intended "expected enclave" authorization model.
The reason will be displayed to describe this comment to others. Learn more.
High severity: post-registration authority is not bound to the attested enclave.register_table verifies an attestation once, but TableInfo stores no attested public_key, PCR, or other enclave identity, and the privileged paths later authorize solely by signer::address_of(table) == table_addr. In the shipped flow, that signer is just TABLE_PRIVATE_KEY supplied on the parent host, so anyone who compromises the ordinary table account key can arbitrarily call settle_hand / settle_leaving_players and redirect player escrow without ever controlling the enclave that was originally attested.
The reason will be displayed to describe this comment to others. Learn more.
For all errors there have to be doc strings so error messages look nice, consider using new `assert!(..., "Your message here"), see https://aptos-labs.github.io/move-book/abort-and-assert.html#abort-messages - maybe no need for constants unless you have some off chain client that needs to parse these.
The reason will be displayed to describe this comment to others. Learn more.
This is a copy paste of native below, with only difference as we check is_ok and there we convert to option. Why does this need to be a native? Instead, Move code can use result.is_some() simply?
The reason will be displayed to describe this comment to others. Learn more.
Low severity: very large player balances can make exit settlement revert and trap funds. The fee is computed as (balance * FEE_BPS) / BPS_DENOM using checked u64 arithmetic. Once a player's chip balance exceeds u64::MAX / 500 (36,893,488,147,419,103 octas, about 368.9M APT), that multiplication aborts before any payout happens, so settle_leaving_players cannot process that player and their escrow remains stuck on-chain.
The reason will be displayed to describe this comment to others. Learn more.
Medium severity: caller-controlled validation time lets on-chain modules accept expired attestations. These new _from_store helpers expose unix_time_secs to Move callers, and the native uses that value directly for X.509 validity checks. A module that passes a stale but in-range timestamp can therefore make an attestation whose signing certificate is expired at chain time verify again, reopening authorization or replay of old attestations. The top-level verify_attestation* wrappers pin consensus time, but this newly exposed API surface does not.
The reason will be displayed to describe this comment to others. Learn more.
Stale attestation documents accepted
Medium Severity
validate_and_parse_attestation_doc_with_roots checks the signing certificate only against unix_time_secs and never compares the decoded document’s millisecond timestamp to consensus time. A previously issued document can stay valid for replay while its chain is still within cert validity, which weakens ACE-style and key-release policies that rely on this helper alone.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
Description
Supersedes #18801.
Adds AWS Nitro attestation verification support to
aptos_framework::aws_nitro_utils. The Move API keeps trusted Nitro root certificates in framework-managed on-chain storage and wraps deterministic native verification that takes explicit trusted roots plus an explicit Unix timestamp.The native implementation validates the attestation document certificate chain, verifies the COSE signature, and exposes parsed PCR, public key, user data, and nonce fields so Move policy can authorize TEE jobs before ACE-style key release flows.
Also updates the poker Move example to use Shelby/TEE-style table registration semantics: the table enclave must submit a Nitro attestation whose
user_datais bound tob"APTOS_POKER_TABLE_V1" || bcs(table_address). The example clients and docs now describe the chain-managed Nitro root store and real attestation document path.How Has This Been Tested?
cargo check -p aptos-framework-natives --libcargo build -p aptos --bin aptostarget/debug/aptos move test --package-dir aptos-move/framework/aptos-framework --skip-fetch-latest-git-deps --filter aws_nitrocargo test -p aptos-move-examples test_poker -- --nocapturegit diff --checkrustfmt --check --config skip_children=true aptos-move/framework/natives/src/aws_nitro_utils.rs aptos-move/framework/natives/src/lib.rs aptos-move/move-examples/tests/move_unit_tests.rsKey Areas to Review
aptos_framework::aws_nitro_utilsaptos-move/framework/natives/src/aws_nitro_utils.rsverify_attestation_user_data*user_dataType of Change
Which Components or Systems Does This Change Impact?
Note
High Risk
Adds security-critical attestation and PKIX/COSE verification in the VM and framework-managed trust roots; misconfiguration or bugs could allow bogus TEE authorization or break legitimate enclave flows.
Overview
Adds
aptos_framework::aws_nitro_utils, a new framework module for verifying AWS Nitro COSE attestation documents on-chain. Governance (or testnet-only helpers) can store trusted Nitro root DER certs; public APIs verify against that store or caller-supplied roots and consensus time, with optional parsing of PCRs, nonce,user_data, and public key plus helpers likeverify_attestation_user_dataandverify_attestation_matches.VM natives implement certificate-chain validation (webpki), COSE signature checks, and structured
AttestationDocreturn values. Gas for verify vs verify-and-parse is calibrated from a ~5KB attestation benchmark. New crypto crates and a criterion bench support the native path.The poker example is extended so table registration requires a valid attestation whose
user_dataisAPTOS_POKER_TABLE_V1 || bcs(table_address), with JS clients, a Go Nitro attester, andLOCAL_AWS_E2E.mddocumenting localnet + AWS smoke flow. Move example tests gain a larger-stacktest_pokerharness.Reviewed by Cursor Bugbot for commit cd7ff02. Bugbot is set up for automated code reviews on this repo. Configure here.