Skip to content

crypto/tls: add support for RA-TLS 0xFFBB custom extension for SGX attestation#78247

Draft
bfoing wants to merge 2 commits intogolang:release-branch.go1.25from
Privasys:privasys-ratls-extension
Draft

crypto/tls: add support for RA-TLS 0xFFBB custom extension for SGX attestation#78247
bfoing wants to merge 2 commits intogolang:release-branch.go1.25from
Privasys:privasys-ratls-extension

Conversation

@bfoing
Copy link
Copy Markdown

@bfoing bfoing commented Mar 20, 2026

Summary

This PR adds support for a custom TLS extension (type 0xFFBB) to the Go standard library's crypto/tls package. The extension enables Remote Attestation TLS (RA-TLS) for Intel SGX enclaves, allowing the TLS handshake to carry attestation challenges and quotes.

Motivation

In confidential computing environments, the TLS handshake is a natural place to perform remote attestation. The RA-TLS protocol uses a custom TLS extension to:

  1. Client → Server: Send an attestation challenge nonce in the ClientHello (0xFFBB extension)
  2. Server → Client: Respond with an SGX quote in EncryptedExtensions (0xFFBB extension)

This allows clients to verify they are communicating with a genuine SGX enclave before exchanging any application data, without requiring a separate attestation protocol.

Changes

  • Added RATLSChallenge field to tls.Config for clients to specify a challenge
  • Added GetRATLSResponse callback to tls.Config for servers to generate attestation quotes
  • Added PeerRATLSResponse field to tls.ConnectionState for clients to retrieve the server's quote
  • Added PeerRATLSChallenge field to tls.ConnectionState for servers to retrieve the client's challenge
  • Extension uses the private-use range (0xFFBB) and is only active when explicitly configured

Related

Compatibility

  • No changes to default behaviour — existing applications are unaffected
  • The extension is only negotiated when RATLSChallenge or GetRATLSResponse is set
  • Uses TLS 1.3 encrypted extensions for the server response (no plaintext attestation data)

@bfoing
crypto/tls: add RA-TLS challenge extension (0xFFBB)
cd1dafe 
Add support for carrying an RA-TLS challenge nonce in ClientHello and
CertificateRequest TLS extensions using extension type 0xFFBB.

This enables remote attestation flows where:
- The TLS client sends a challenge nonce in the ClientHello.
- The TLS server (e.g. an SGX/TDX enclave) binds the nonce into
  the attestation report_data via SHA-512(pubkey_sha256 || nonce).
- The verifier confirms the quote was freshly generated for that
  specific TLS session.

Changes:
- Config.RATLSChallenge field and ClientHelloInfo.RATLSChallenge
- ClientHello marshal/unmarshal for extensionRATLS
- CertificateRequest marshal/unmarshal for extensionRATLS
- Propagation through handshake_client, handshake_server paths
- Unit tests for marshal round-trip, boundary lengths, and omission
- GitHub Actions workflow for CI build and test
@google-cla
Copy link
Copy Markdown

google-cla bot commented Mar 20, 2026

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

@bfoing bfoing changed the base branch from master to release-branch.go1.25 March 20, 2026 13:01
@bfoing
ci: upgrade GitHub Actions to Node.js 24-compatible versions
ea259f1 
- actions/checkout v4 → v6
- actions/setup-go v5 → v6
- actions/upload-artifact v4 → v7
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bfoing