add TUN interface to enclave + NAT on parent

mkmks · mkmks · commit 25c3181ec8cc · 2026-04-01T16:35:51.000+02:00
diff --git a/charts/kms-core/Chart.yaml b/charts/kms-core/Chart.yaml
@@ -1,6 +1,6 @@
 name: kms-core
 description: A helm chart to distribute and deploy the Zama KMS core service.
-version: 1.6.0-0
+version: 1.6.1-0
 appVersion: 0.13.20   # Minimum kms version to run this chart
 apiVersion: v2
 keywords:
diff --git a/charts/kms-core/templates/kms-core-configmap.yaml b/charts/kms-core/templates/kms-core-configmap.yaml
@@ -19,17 +19,7 @@ data:
     s3_endpoint = "{{ .Values.minio.endpoint }}"
     {{- else }}
     role_arn = "${AWS_ROLE_ARN}"
-      {{- if .Values.kmsCore.nitroEnclave.enabled }}
-        {{- if .Values.kmsCore.nitroEnclave.ports.imds }}
-    imds_endpoint = "http://localhost:{{ .Values.kmsCore.nitroEnclave.ports.imds }}"
-        {{- end }}
-        {{- if .Values.kmsCore.nitroEnclave.ports.sts }}
-    sts_endpoint = "https://localhost:{{ .Values.kmsCore.nitroEnclave.ports.sts }}"
-        {{- end }}
-    s3_endpoint = "https://localhost:{{ .Values.kmsCore.nitroEnclave.ports.s3 }}"
-    awskms_endpoint = "https://localhost:{{ .Values.kmsCore.nitroEnclave.ports.awskms }}"
-      {{- end }}
-    {{- end }}
+    {{ end }}
   vaults.toml: |
     {{- if .Values.kmsCore.publicVault.s3.enabled }}
     [public_vault.storage.s3]
@@ -166,11 +156,8 @@ data:
     party_id = {{ int .id }}
     mpc_identity = {{ .host | quote }}
     address = {{ .host | quote }}
-          {{- if $.Values.kmsCore.nitroEnclave.enabled }}
-    port = {{ add $.Values.kmsCore.nitroEnclave.ports.peer .id }}
-          {{- else }}
     port = {{ int .port }}
-          {{- end }}
+
           {{- if $.Values.kmsCore.thresholdMode.tls.enabled }}
             {{- if (default dict $.Values.kmsCore.thresholdMode.tls.ca_certificate).path }}
     tls_cert.path = {{ $.Values.kmsCore.thresholdMode.tls.ca_certificate.path | quote }}
@@ -185,11 +172,7 @@ data:
     party_id = {{ int $i }}
     mpc_identity = {{ .host | quote }}
     address = {{ (printf "%s-%d" $kmsCoreName $i) | quote }}
-          {{- if $.Values.kmsCore.nitroEnclave.enabled }}
-    port = {{ add $.Values.kmsCore.nitroEnclave.ports.peer $i }}
-            {{- else }}
     port = {{ int $.Values.kmsCore.ports.peer }}
-          {{- end }}
         {{- end }}
       {{- end }}
 
@@ -202,11 +185,7 @@ data:
     [telemetry]
     tracing_service_name = {{ include "kmsCoreName" . | quote }}
     {{- if .Values.tracing.enabled }}
-      {{- if .Values.kmsCore.nitroEnclave.enabled }}
-    tracing_endpoint = "http://localhost:{{ .Values.kmsCore.nitroEnclave.ports.tracing }}"
-      {{- else }}
     tracing_endpoint = {{ .Values.tracing.endpoint | quote }}
-      {{- end }}
     {{- end }}
 
     tracing_otlp_timeout_ms = 10000
diff --git a/charts/kms-core/templates/kms-core-statefulset.yaml b/charts/kms-core/templates/kms-core-statefulset.yaml
@@ -174,7 +174,7 @@ spec:
               name: config-files
             - mountPath: {{ .Values.kmsCore.workdir }}
               name: workdir
-        {{- if .Values.kmsCore.nitroEnclave.enabled }}
+        {{- if .Values.kmsCore.nitroEnclave.enabled }}        
         {{- /* Init Enclave Config Socket, hardcoded to 4000 in https://github.com/zama-ai/kms-core/blob/main/docker/core/service/init_enclave.sh */}}
         - {{ include "proxyFromEnclave"
                (dict "name" "enclave-config"
@@ -193,63 +193,27 @@ spec:
                      "vsockPort" 3000
                      "to" "STDOUT"
                ) | indent 10 | trim }}
-        {{- if .Values.kmsCore.nitroEnclave.ports.imds }}
-        {{- /* Init AWS IMDS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-imds-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.imds
-                     "address" "169.254.169.254"
-                     "port" 80
-                ) | indent 10 | trim }}
-        {{- end }}
-        {{- if .Values.kmsCore.nitroEnclave.ports.sts }}
+        {{- /* Init Enclave Network Tunnel Socket, hardcoded to 2000 in https://github.com/zama-ai/kms-core/blob/main/docker/core/service/init_enclave.sh */}}
+        - {{ include "proxyFromEnclave"
+               (dict "name" "enclave-network-tunnel"
+               "image" .Values.kubeUtils.image
+               "vsockPort" 2000
+               "to" "TUN:10.118.0.1/24,iff-up"
+               ) | indent 10 | trim }}
         {{- /* Init Enclave Web Identity Token Socket, hardcoded to 4100 in https://github.com/zama-ai/kms-core/blob/main/docker/core/service/init_enclave.sh */}}
         - {{ include "proxyFromEnclave"
                (dict "name" "enclave-web-identity-token"
                      "image" .Values.kubeUtils.image
                      "vsockPort" 4100
-                    "to" "OPEN:/var/run/secrets/eks.amazonaws.com/serviceaccount/token,rdonly"
-                    ) | indent 10 | trim }}
-        {{- /* Init AWS STS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-sts-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.sts
-                     "address" (printf "sts.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
-        {{- end }}
-        {{- /* Init AWS S3 Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-s3-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.s3
-                     "address" (printf "s3.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
-        {{- /* Init AWS KMS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-kms-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.awskms
-                     "address" (printf "kms.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
+          "to" "OPEN:/var/run/secrets/eks.amazonaws.com/serviceaccount/token,rdonly"
+          ) | indent 10 | trim }}
         {{- /* Init Metrics Endpoint Proxy Socket */}}
         - {{ include "proxyToEnclaveTcp"
                (dict "name" "metrics-endpoint-proxy"
                      "image" .Values.kubeUtils.image
                      "cid" .Values.kmsCore.nitroEnclave.cid
                      "port" .Values.kmsCore.ports.metrics
                 ) | indent 10 | trim }}
-        {{- /* Init Enclave Tracing Socket */}}
-        - {{ include "proxyFromEnclave"
-               (dict "name" "kms-core-enclave-tracing"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.tracing
-                     "to" (printf "TCP:%s" (urlParse .Values.tracing.endpoint).host)
-                ) | indent 10 | trim }}
         {{- /* Init GRPC Client Proxy Socket */}}
         - {{ include "proxyToEnclaveTcp"
                (dict "name" "grpc-client-proxy"
@@ -270,36 +234,6 @@ spec:
           resources:
           {{- toYaml . | nindent 12 }}
           {{- end }}
-        {{- /* Init GRPC External Peers Proxy Sockets */}}
-        {{- if .Values.kmsCore.thresholdMode.peersList }}
-          {{- range .Values.kmsCore.thresholdMode.peersList }}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" (printf "enclave-peer-proxy-%d" (int .id))
-                     "image" $.Values.kubeUtils.image
-                     "vsockPort" (add $.Values.kmsCore.nitroEnclave.ports.peer .id)
-                     "address" .host
-                     "port" .port
-                ) | indent 10 | trim }}
-          {{- with $.Values.kmsCore.nitroEnclave.enclavePeerProxy.resources }}
-          resources:
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- end }}
-        {{- else }}
-          {{- range $i := $peersIDList }}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" (printf "enclave-peer-proxy-%d" (int $i))
-                     "image" $.Values.kubeUtils.image
-                     "vsockPort" (add $.Values.kmsCore.nitroEnclave.ports.peer $i)
-                     "address" (printf "%s-%d" $kmsCoreName (int $i))
-                     "port" $.Values.kmsCore.ports.peer
-                ) | indent 10 | trim }}
-          {{- with $.Values.kmsCore.nitroEnclave.enclavePeerProxy.resources }}
-          resources:
-          {{- toYaml . | nindent 12 }}
-          {{- end }}
-          {{- end }}
-        {{- end }}
         {{- end }}
         {{- else }}
         {{- /* Generate init keys for non-enclave kms-core service */}}
@@ -489,6 +423,10 @@ spec:
           args:
             - -c
             - |
+              sudo sysctl -w net.ipv4.ip_forward=1
+              sudo iptables -t nat -A POSTROUTING -s 10.118.0.2 -j MASQUERADE
+
+              cd
               echo "### BEGIN - enclave.json ###"
               cat /var/lib/kms-core/config/enclave.json
               echo "### END - enclave.json ###"
diff --git a/charts/kms-core/templates/kms-gen-cert-and-keys-job.yaml b/charts/kms-core/templates/kms-gen-cert-and-keys-job.yaml
@@ -107,45 +107,20 @@ spec:
                      "vsockPort" 3000
                      "to" "STDOUT"
                ) | indent 10 | trim }}
-        {{- /* Init AWS IMDS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-imds-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.imds
-                     "address" "169.254.169.254"
-                     "port" 80
-                ) | indent 10 | trim }}
+        {{- /* Init Enclave Network Tunnel Socket, hardcoded to 2000 in https://github.com/zama-ai/kms-core/blob/main/docker/core/service/init_enclave.sh */}}
+        - {{ include "proxyFromEnclave"
+               (dict "name" "enclave-network-tunnel"
+               "image" .Values.kubeUtils.image
+               "vsockPort" 2000
+               "to" "TUN:10.118.0.1/24,iff-up"
+               ) | indent 10 | trim }}
         {{- /* Init Enclave Web Identity Token Socket, hardcoded to 4100 in https://github.com/zama-ai/kms-core/blob/main/docker/core/service/init_enclave.sh */}}
         - {{ include "proxyFromEnclave"
                (dict "name" "enclave-web-identity-token"
                      "image" .Values.kubeUtils.image
                      "vsockPort" 4100
           "to" "OPEN:/var/run/secrets/eks.amazonaws.com/serviceaccount/token,rdonly"
           ) | indent 10 | trim }}
-        {{- /* Init AWS STS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-sts-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.sts
-                     "address" (printf "sts.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
-        {{- /* Init AWS S3 Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-s3-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.s3
-                     "address" (printf "s3.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
-        {{- /* Init AWS KMS Proxy Socket */}}
-        - {{ include "proxyFromEnclaveTcp"
-               (dict "name" "aws-kms-proxy"
-                     "image" .Values.kubeUtils.image
-                     "vsockPort" .Values.kmsCore.nitroEnclave.ports.awskms
-                     "address" (printf "kms.%s.amazonaws.com" .Values.kmsCore.aws.region)
-                     "port" 443
-                ) | indent 10 | trim }}
       {{- end }}
       {{- /* initContainers section for non-enclave */}}
       {{- if not .Values.kmsCore.nitroEnclave.enabled }}
@@ -411,4 +386,4 @@ spec:
         - name: certs
           emptyDir: {}
         {{- end }}
-{{- end -}}
+{{- end -}}
diff --git a/charts/kms-core/values.yaml b/charts/kms-core/values.yaml
@@ -144,16 +144,6 @@ kmsCore:
     eifSignKey: 00000000-0000-0000-0000-000000000000
     userId: 10003
     groupId: 10002
-    ports:
-      tracing: 4317
-      # For AWS authentication, set the `imds` or `sts` ports
-      # To authenticate using either IMDS (with the Kubernetes node EC2 instance role) or STS (with the IRSA)
-      imds: 5000
-      sts: 5500
-      s3: 6000
-      awskms: 7000
-      peer: 10000
-      # Important, don't bind to port 9000 as it is reserved by Nitro for communicating with the enclave.
   publicVault:
     s3:
       enabled: true
diff --git a/core/service/src/bin/kms-server.rs b/core/service/src/bin/kms-server.rs
@@ -662,17 +662,6 @@ async fn main_exec() -> anyhow::Result<()> {
                 }
             };
 
-            #[cfg(not(feature = "insecure"))]
-            let need_peer_tcp_proxy = need_security_module;
-            #[cfg(feature = "insecure")]
-            let need_peer_tcp_proxy =
-                need_security_module && !core_config.mock_enclave.is_some_and(|m| m);
-
-            if need_peer_tcp_proxy {
-                tracing::warn!("KMS server will connect to peers through vsock proxies");
-            } else {
-                tracing::warn!("KMS server will connect to peers directly");
-            };
             let service_config = core_config.service.clone();
             let (kms, (health_reporter, health_service), metastore_status_service) =
                 new_real_threshold_kms(
@@ -684,7 +673,6 @@ async fn main_exec() -> anyhow::Result<()> {
                     mpc_listener,
                     base_kms,
                     tls_identity,
-                    need_peer_tcp_proxy,
                     false,
                     std::future::pending(),
                 )
diff --git a/core/service/src/client/test_tools.rs b/core/service/src/client/test_tools.rs
@@ -158,7 +158,6 @@ pub async fn setup_threshold_no_client<
                 mpc_listener,
                 base_kms,
                 None,
-                false,
                 ensure_default_prss,
                 mpc_core_rx.map(drop),
             )
@@ -391,7 +390,6 @@ pub async fn setup_threshold_with_custom_peers<
                 mpc_listener,
                 base_kms,
                 None,
-                false,
                 ensure_default_prss,
                 mpc_core_rx.map(drop),
             )
diff --git a/core/service/src/engine/threshold/service/kms_impl.rs b/core/service/src/engine/threshold/service/kms_impl.rs
@@ -345,7 +345,6 @@ pub async fn new_real_threshold_kms<PubS, PrivS, F>(
     mpc_listener: TcpListener,
     base_kms: BaseKmsStruct,
     tls_config: Option<(ServerConfig, ClientConfig, Arc<AttestedVerifier>)>,
-    peer_tcp_proxy: bool,
     ensure_default_prss: bool,
     shutdown_signal: F,
 ) -> anyhow::Result<(
@@ -415,7 +414,6 @@ where
             .as_ref()
             .map(|(_, client_config, _)| client_config.clone()),
         threshold_config.core_to_core_net,
-        peer_tcp_proxy,
     )?));
 
     // the initial MPC node might not accept any peers because initially there's no context
diff --git a/core/service/src/engine/threshold/service/session.rs b/core/service/src/engine/threshold/service/session.rs
@@ -148,9 +148,8 @@ impl SessionMaker {
 
     #[cfg(test)]
     pub(crate) fn empty_dummy_session(rng: AesRng) -> Self {
-        let networking_manager = Arc::new(RwLock::new(
-            GrpcNetworkingManager::new(None, None, false).unwrap(),
-        ));
+        let networking_manager =
+            Arc::new(RwLock::new(GrpcNetworkingManager::new(None, None).unwrap()));
         Self {
             networking_manager,
             context_map: Arc::new(RwLock::new(HashMap::new())),
@@ -175,9 +174,8 @@ impl SessionMaker {
                 )
             })),
         };
-        let networking_manager = Arc::new(RwLock::new(
-            GrpcNetworkingManager::new(None, None, false).unwrap(),
-        ));
+        let networking_manager =
+            Arc::new(RwLock::new(GrpcNetworkingManager::new(None, None).unwrap()));
 
         let default_context_id = *crate::consts::DEFAULT_MPC_CONTEXT;
         let default_context = Context {
diff --git a/core/threshold-networking/src/grpc.rs b/core/threshold-networking/src/grpc.rs
@@ -325,7 +325,6 @@ impl GrpcNetworkingManager {
     pub fn new(
         tls_conf: Option<tokio_rustls::rustls::client::ClientConfig>,
         conf: Option<CoreToCoreNetworkConfig>,
-        peer_tcp_proxy: bool,
     ) -> anyhow::Result<Self> {
         #[cfg(feature = "testing")]
         let force_tls = tls_conf.is_some();
@@ -366,7 +365,7 @@ impl GrpcNetworkingManager {
             active_session_count,
             opened_sessions_tracker: Arc::new(DashMap::new()),
             conf,
-            sending_service: GrpcSendingService::new(tls_conf, conf, peer_tcp_proxy)?,
+            sending_service: GrpcSendingService::new(tls_conf, conf)?,
             #[cfg(feature = "testing")]
             force_tls,
         })
diff --git a/core/threshold-networking/src/sending_service.rs b/core/threshold-networking/src/sending_service.rs
diff --git a/core/threshold/src/grpc/server.rs b/core/threshold/src/grpc/server.rs
diff --git a/docker/core/service/Dockerfile b/docker/core/service/Dockerfile
diff --git a/docker/core/service/init_enclave.sh b/docker/core/service/init_enclave.sh
diff --git a/docker/core/service/start_parent_proxies.sh b/docker/core/service/start_parent_proxies.sh
