nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add local signature verification

Browse source
This commit is contained in:
Ajinkya Kulkarni 2024-12-04 20:22:13 +01:00
parent cac16b1e7c
commit 7dc0312be3
3 changed files with 55 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
Cargo.lock generated
View file

@ -5710,12 +5710,16 @@ dependencies = [
"bincode",
"cosmrs",
"cw-client",
"der",
"mc-attestation-verifier",
"p256",
"quartz-tcbinfo-msgs 0.1.0",
"quoted-string",
"reqwest 0.12.8",
"serde_json",
"tendermint",
"tokio",
"x509-cert",
]
[[package]]
@ -6012,6 +6016,27 @@ version = "0.1.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
name = "tls_codec"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a"
dependencies = [
"tls_codec_derive",
"zeroize",
]
[[package]]
name = "tls_codec_derive"
version = "0.4.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.85",
]
[[package]]
name = "tokio"
version = "1.41.0"
@ -6970,6 +6995,7 @@ dependencies = [
"const-oid",
"der",
"spki",
"tls_codec",
]
[[package]]

6
crates/utils/tcbinfo-updater/Cargo.toml
View file

@ -18,4 +18,8 @@ bincode = {version = "1.3.3"}
quartz-tcbinfo-msgs = {path = "../../contracts/tcbinfo/msgs"}
tendermint.workspace = true
cosmrs.workspace = true
tokio = {version = "1", features = ["full"]}
tokio = {version = "1", features = ["full"]}
mc-attestation-verifier.workspace = true
p256.workspace = true
x509-cert = "0.2.5"
der.workspace = true

27
crates/utils/tcbinfo-updater/src/main.rs
View file

@ -1,6 +1,10 @@
use quoted_string::strip_dquotes;
use mc_attestation_verifier::SignedTcbInfo;
use p256::ecdsa::VerifyingKey;
use serde_json::{json, Value};
use std::collections::HashMap;
use x509_cert::Certificate;
use der::DecodePem;
use std::fs;
use cw_client::{CliClient, CwClient};
use reqwest::Url;
@ -45,11 +49,22 @@ async fn get_fmspc_list() -> Vec<Fmspc> {
async fn upsert_tcbinfo() -> Result<(), &'static str> {
let data = fs::read_to_string("./standard").expect("Unable to read file");
let mut store: HashMap<Fmspc, TcbInfo> = serde_json::from_str(&data).unwrap();
let certificate = TCB_SIGNER.to_string();
let parsed_certificate = Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");
let fmspc_list = get_fmspc_list().await;
let key = VerifyingKey::from_sec1_bytes(
parsed_certificate
.tbs_certificate
.subject_public_key_info
.subject_public_key
.as_bytes()
.expect("Failed to parse public key"),
)
.expect("Failed to decode public key");
for fmspc in fmspc_list {
let tcbinfo = get_tcbinfo(fmspc.clone(), "standard".to_string()).await;
println!("{tcbinfo:?}");
verify_signature(tcbinfo.clone(), key);
let store_entry = &store[&fmspc];
if *store_entry != tcbinfo {
println!("updating local TCBInfo for FMSPC: {fmspc}");
@ -62,7 +77,7 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
let client = CliClient::neutrond(testnet);
let execute_msg = ExecuteMsg {
tcb_info: tcbinfo.to_string(),
certificate: TCB_SIGNER.to_string(),
certificate: certificate.clone(),
time: None,
};
let res =
@ -82,6 +97,12 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
// }
}
fn verify_signature (tcbinfo: Value, key: VerifyingKey) {
let signed_tcbinfo = SignedTcbInfo::try_from(tcbinfo.as_str().expect("failed to parse tcbinfo json")).expect("tcbinfo string parsing failed");
signed_tcbinfo.verify(Some(&key), None).expect("could not verify signature");
}
#[tokio::main]
pub async fn main() {
upsert_tcbinfo().await.expect("TCBInfo update failed");