From 811771f01351106d6745c7797fb3b8fe279794df Mon Sep 17 00:00:00 2001 From: Shoaib Ahmed Date: Thu, 17 Oct 2024 12:43:50 +0400 Subject: [PATCH] fix(enclave): remove core build.rs and copy data files (#259) --- Cargo.lock | 4 ++-- Cargo.toml | 2 +- crates/common/Cargo.toml | 2 +- crates/enclave/core/Cargo.toml | 2 +- crates/enclave/core/build.rs | 24 ---------------------- crates/enclave/core/data/qe_identity.json | 1 + crates/enclave/core/data/root_ca.pem | 16 +++++++++++++++ crates/enclave/core/data/root_crl.der | Bin 0 -> 293 bytes crates/enclave/core/data/tcb_signer.pem | 16 +++++++++++++++ crates/enclave/core/src/attestor.rs | 8 ++++---- 10 files changed, 42 insertions(+), 33 deletions(-) delete mode 100644 crates/enclave/core/build.rs create mode 100644 crates/enclave/core/data/qe_identity.json create mode 100644 crates/enclave/core/data/root_ca.pem create mode 100644 crates/enclave/core/data/root_crl.der create mode 100644 crates/enclave/core/data/tcb_signer.pem diff --git a/Cargo.lock b/Cargo.lock index 371cd98..c208619 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4255,7 +4255,7 @@ dependencies = [ [[package]] name = "quartz-common" -version = "0.1.0" +version = "0.1.1" dependencies = [ "quartz-contract-core", "quartz-enclave-core", @@ -4334,7 +4334,7 @@ dependencies = [ [[package]] name = "quartz-enclave-core" -version = "0.1.0" +version = "0.1.1" dependencies = [ "anyhow", "async-trait", diff --git a/Cargo.toml b/Cargo.toml index d5bd1f7..e9e97e2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -129,7 +129,7 @@ quartz-cw-proof = { version = "0.1.0", path = "crates/enclave/cw-proof", default quartz-common = { version = "0.1.0", path = "crates/common", default-features = false } quartz-contract-core = { version = "0.1.0", path = "crates/contracts/core", default-features = false } quartz-dcap-verifier-msgs = { version = "0.1.0", path = "crates/contracts/dcap-verifier/msgs", default-features = false } -quartz-enclave-core = { version = "0.1.0", path = "crates/enclave/core", default-features = false } +quartz-enclave-core = { version = "0.1.1", path = "crates/enclave/core", default-features = false } quartz-proto = { version = "0.1.0", path = "crates/enclave/proto", default-features = false } quartz-tee-ra = { version = "0.1.0", path = "crates/contracts/tee-ra", default-features = false } quartz-tcbinfo = { version = "0.1.0", path = "crates/contracts/tcbinfo", default-features = false, features = [ diff --git a/crates/common/Cargo.toml b/crates/common/Cargo.toml index 70521a3..5e9f4d6 100644 --- a/crates/common/Cargo.toml +++ b/crates/common/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "quartz-common" -version.workspace = true +version = "0.1.1" authors.workspace = true edition.workspace = true rust-version.workspace = true diff --git a/crates/enclave/core/Cargo.toml b/crates/enclave/core/Cargo.toml index 76a50e4..4f91688 100644 --- a/crates/enclave/core/Cargo.toml +++ b/crates/enclave/core/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "quartz-enclave-core" -version.workspace = true +version = "0.1.1" authors.workspace = true edition.workspace = true rust-version.workspace = true diff --git a/crates/enclave/core/build.rs b/crates/enclave/core/build.rs deleted file mode 100644 index 47f7904..0000000 --- a/crates/enclave/core/build.rs +++ /dev/null @@ -1,24 +0,0 @@ -use std::{env, fs, path::PathBuf}; - -fn main() { - let out_dir = PathBuf::from(env::var("OUT_DIR").unwrap()); - let source_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR").unwrap()) - .join("../../../crates/contracts/tee-ra/data"); - - fs::create_dir_all(&out_dir).unwrap(); - - let files_to_copy = [ - "qe_identity.json", - "root_ca.pem", - "root_crl.der", - "tcb_signer.pem", - ]; - - for file in &files_to_copy { - let source_path = source_dir.join(file); - let target_path = out_dir.join(file); - - fs::copy(&source_path, &target_path) - .unwrap_or_else(|_| panic!("Failed to copy {:?}", source_path)); - } -} diff --git a/crates/enclave/core/data/qe_identity.json b/crates/enclave/core/data/qe_identity.json new file mode 100644 index 0000000..356e202 --- /dev/null +++ b/crates/enclave/core/data/qe_identity.json @@ -0,0 +1 @@ +{"enclaveIdentity":{"id":"QE","version":2,"issueDate":"2023-07-12T20:48:25Z","nextUpdate":"2023-08-11T20:48:25Z","tcbEvaluationDataNumber":15,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":8},"tcbDate":"2023-02-15T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":6},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00615"]},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00615"]},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00334","INTEL-SA-00477","INTEL-SA-00615"]},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477","INTEL-SA-00615"]},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00202","INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477","INTEL-SA-00615"]}]},"signature":"953add69a564b80c43adb9c9dbc888da81aad8af240cd7dfd751f0209d262a71d9240603a528cb766e9fc3278722e59a43f2a2e43b55c776a7b48acbe8cd61a3"} \ No newline at end of file diff --git a/crates/enclave/core/data/root_ca.pem b/crates/enclave/core/data/root_ca.pem new file mode 100644 index 0000000..408bd93 --- /dev/null +++ b/crates/enclave/core/data/root_ca.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICjzCCAjSgAwIBAgIUImUM1lqdNInzg7SVUr9QGzknBqwwCgYIKoZIzj0EAwIw +aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv +cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ +BgNVBAYTAlVTMB4XDTE4MDUyMTEwNDUxMFoXDTQ5MTIzMTIzNTk1OVowaDEaMBgG +A1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0 +aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJBgNVBAYT +AlVTMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEC6nEwMDIYZOj/iPWsCzaEKi7 +1OiOSLRFhWGjbnBVJfVnkY4u3IjkDYYL0MxO4mqsyYjlBalTVYxFP2sJBK5zlKOB +uzCBuDAfBgNVHSMEGDAWgBQiZQzWWp00ifODtJVSv1AbOScGrDBSBgNVHR8ESzBJ +MEegRaBDhkFodHRwczovL2NlcnRpZmljYXRlcy50cnVzdGVkc2VydmljZXMuaW50 +ZWwuY29tL0ludGVsU0dYUm9vdENBLmRlcjAdBgNVHQ4EFgQUImUM1lqdNInzg7SV +Ur9QGzknBqwwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQEwCgYI +KoZIzj0EAwIDSQAwRgIhAOW/5QkR+S9CiSDcNoowLuPRLsWGf/Yi7GSX94BgwTwg +AiEA4J0lrHoMs+Xo5o/sX6O9QWxHRAvZUGOdRQ7cvqRXaqI= +-----END CERTIFICATE----- \ No newline at end of file diff --git a/crates/enclave/core/data/root_crl.der b/crates/enclave/core/data/root_crl.der new file mode 100644 index 0000000000000000000000000000000000000000..4716247d51028dc7927eec58a667a986a360b8c5 GIT binary patch literal 293 zcmXqLVpKF}Ji)}sXu!qBq1EPb&X$Fl$sof}%0PmRIh2K&N6<5`BsE7N*gZlaC_leM z!PyZe#|4vf&Mzv+FG?)Q%+E6vF%SajW9Q)xPRuJwRB+BoEJ`%wHsAz_a_}$#wL>{< z!c3vT;=D%21||l^h6YAPriM{Kt_hH91m!N!H_!#Ti#b$Q1n4TD8|6W4Wflnou?7*P zRGw>5b4@xwH*c95v_C-FQk`uLvL~257z|vQ6avF*-EaP07``oDZtIuS>OFB`XVw=- zF@M~de4V8sYNG^`BE#efqHn~^p1=AP@026wpyqz8SXetF;MCrXbKiDd&(LB90I3d8 ALI3~& literal 0 HcmV?d00001 diff --git a/crates/enclave/core/data/tcb_signer.pem b/crates/enclave/core/data/tcb_signer.pem new file mode 100644 index 0000000..d7763ab --- /dev/null +++ b/crates/enclave/core/data/tcb_signer.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE----- +MIICizCCAjKgAwIBAgIUfjiC1ftVKUpASY5FhAPpFJG99FUwCgYIKoZIzj0EAwIw +aDEaMBgGA1UEAwwRSW50ZWwgU0dYIFJvb3QgQ0ExGjAYBgNVBAoMEUludGVsIENv +cnBvcmF0aW9uMRQwEgYDVQQHDAtTYW50YSBDbGFyYTELMAkGA1UECAwCQ0ExCzAJ +BgNVBAYTAlVTMB4XDTE4MDUyMTEwNTAxMFoXDTI1MDUyMTEwNTAxMFowbDEeMBwG +A1UEAwwVSW50ZWwgU0dYIFRDQiBTaWduaW5nMRowGAYDVQQKDBFJbnRlbCBDb3Jw +b3JhdGlvbjEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQswCQYD +VQQGEwJVUzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABENFG8xzydWRfK92bmGv +P+mAh91PEyV7Jh6FGJd5ndE9aBH7R3E4A7ubrlh/zN3C4xvpoouGlirMba+W2lju +ypajgbUwgbIwHwYDVR0jBBgwFoAUImUM1lqdNInzg7SVUr9QGzknBqwwUgYDVR0f +BEswSTBHoEWgQ4ZBaHR0cHM6Ly9jZXJ0aWZpY2F0ZXMudHJ1c3RlZHNlcnZpY2Vz +LmludGVsLmNvbS9JbnRlbFNHWFJvb3RDQS5kZXIwHQYDVR0OBBYEFH44gtX7VSlK +QEmORYQD6RSRvfRVMA4GA1UdDwEB/wQEAwIGwDAMBgNVHRMBAf8EAjAAMAoGCCqG +SM49BAMCA0cAMEQCIB9C8wOAN/ImxDtGACV246KcqjagZOR0kyctyBrsGGJVAiAj +ftbrNGsGU8YH211dRiYNoPPu19Zp/ze8JmhujB0oBw== +-----END CERTIFICATE----- diff --git a/crates/enclave/core/src/attestor.rs b/crates/enclave/core/src/attestor.rs index e922f42..96a8c3b 100644 --- a/crates/enclave/core/src/attestor.rs +++ b/crates/enclave/core/src/attestor.rs @@ -27,10 +27,10 @@ pub type DefaultAttestor = DcapAttestor; #[cfg(feature = "mock-sgx")] pub type DefaultAttestor = MockAttestor; -const QE_IDENTITY_JSON: &str = include_str!(concat!(env!("OUT_DIR"), "/qe_identity.json")); -const ROOT_CA: &str = include_str!(concat!(env!("OUT_DIR"), "/root_ca.pem")); -const ROOT_CRL: &[u8] = include_bytes!(concat!(env!("OUT_DIR"), "/root_crl.der")); -const TCB_SIGNER: &str = include_str!(concat!(env!("OUT_DIR"), "/tcb_signer.pem")); +const QE_IDENTITY_JSON: &str = include_str!("../data/qe_identity.json"); +const ROOT_CA: &str = include_str!("../data/root_ca.pem"); +const ROOT_CRL: &[u8] = include_bytes!("../data/root_crl.der"); +const TCB_SIGNER: &str = include_str!("../data/tcb_signer.pem"); /// The trait defines the interface for generating attestations from within an enclave. pub trait Attestor: Send + Sync + 'static {