From c7eddffc2c851a4c347d0ec4229e4b07d31c8ced Mon Sep 17 00:00:00 2001
From: hu55a1n1 <sufialhussaini@gmail.com>
Date: Tue, 27 Feb 2024 14:30:36 -0800
Subject: [PATCH] Read mrenclave from quote

---
 enclaves/quartz/README.md                |  1 -
 enclaves/quartz/quartz.manifest.template |  1 -
 enclaves/quartz/src/attestor.rs          | 26 +++++++++++++++++++++++-
 enclaves/quartz/src/cli.rs               |  6 +-----
 enclaves/quartz/src/main.rs              | 19 +++++++----------
 5 files changed, 33 insertions(+), 20 deletions(-)

diff --git a/enclaves/quartz/README.md b/enclaves/quartz/README.md
index 57b7c49..59920a9 100644
--- a/enclaves/quartz/README.md
+++ b/enclaves/quartz/README.md
@@ -25,7 +25,6 @@ gramine-sgx ./quartz
 
 ```bash
 cargo run -- --chain-id testing \
-    --sigfile "quartz.sig" \
     --trusted-height 1 \
     --trusted-hash "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869"
 ```
diff --git a/enclaves/quartz/quartz.manifest.template b/enclaves/quartz/quartz.manifest.template
index 91b352f..11017a7 100644
--- a/enclaves/quartz/quartz.manifest.template
+++ b/enclaves/quartz/quartz.manifest.template
@@ -21,7 +21,6 @@ loader.env.MYAPP_DATA = { passthrough = true }
 
 loader.argv = ["quartz-enclave",
                 "--chain-id", "testing",
-                "--sigfile", "quartz.sig",
                 "--trusted-height", "1",
                 "--trusted-hash", "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869"]
 
diff --git a/enclaves/quartz/src/attestor.rs b/enclaves/quartz/src/attestor.rs
index 626dbe6..5ae0c04 100644
--- a/enclaves/quartz/src/attestor.rs
+++ b/enclaves/quartz/src/attestor.rs
@@ -3,12 +3,17 @@ use std::{
     io::{Error as IoError, Write},
 };
 
-use quartz_cw::msg::execute::attested::HasUserData;
+use quartz_cw::{
+    msg::execute::attested::HasUserData,
+    state::{MrEnclave, UserData},
+};
 
 pub trait Attestor {
     type Error: ToString;
 
     fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error>;
+
+    fn mr_enclave(&self) -> Result<MrEnclave, Self::Error>;
 }
 
 #[derive(Clone, PartialEq, Debug)]
@@ -24,6 +29,13 @@ impl Attestor for EpidAttestor {
         user_report_data.flush()?;
         read("/dev/attestation/quote")
     }
+
+    fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
+        let quote = self.quote(NullUserData)?;
+        Ok(quote[112..(112 + 32)]
+            .try_into()
+            .expect("hardcoded array size"))
+    }
 }
 
 #[derive(Clone, PartialEq, Debug)]
@@ -35,4 +47,16 @@ impl Attestor for MockAttestor {
     fn quote(&self, _user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> {
         Ok(vec![])
     }
+
+    fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
+        Ok([0u8; 32])
+    }
+}
+
+struct NullUserData;
+
+impl HasUserData for NullUserData {
+    fn user_data(&self) -> UserData {
+        [0u8; 64]
+    }
 }
diff --git a/enclaves/quartz/src/cli.rs b/enclaves/quartz/src/cli.rs
index 3f9c0fb..30c5035 100644
--- a/enclaves/quartz/src/cli.rs
+++ b/enclaves/quartz/src/cli.rs
@@ -1,4 +1,4 @@
-use std::{net::SocketAddr, path::PathBuf};
+use std::net::SocketAddr;
 
 use clap::Parser;
 use color_eyre::eyre::{eyre, Result};
@@ -22,10 +22,6 @@ pub struct Cli {
     #[clap(long, default_value = "127.0.0.1:11090")]
     pub rpc_addr: SocketAddr,
 
-    /// Gramine SIGFILE for this enclave (to read MRENCLAVE from)
-    #[clap(long)]
-    pub sigfile: PathBuf,
-
     /// Identifier of the chain
     #[clap(long)]
     pub chain_id: String,
diff --git a/enclaves/quartz/src/main.rs b/enclaves/quartz/src/main.rs
index 6c04829..569c67e 100644
--- a/enclaves/quartz/src/main.rs
+++ b/enclaves/quartz/src/main.rs
@@ -18,28 +18,23 @@ mod attestor;
 mod cli;
 mod server;
 
-use std::{process::Command, time::Duration};
+use std::time::Duration;
 
 use clap::Parser;
-use cosmwasm_std::HexBinary;
 use quartz_cw::state::{Config, LightClientOpts};
 use quartz_proto::quartz::core_server::CoreServer;
 use tonic::transport::Server;
 
-use crate::{attestor::EpidAttestor, cli::Cli, server::CoreService};
+use crate::{
+    attestor::{Attestor, EpidAttestor},
+    cli::Cli,
+    server::CoreService,
+};
 
 #[tokio::main(flavor = "current_thread")]
 async fn main() -> Result<(), Box<dyn std::error::Error>> {
     let args = Cli::parse();
 
-    let gramine_sgx_sigstruct_view = Command::new("gramine-sgx-sigstruct-view")
-        .args(["--output-format", "json"])
-        .arg(args.sigfile)
-        .output()?;
-
-    let sigstruct_json: serde_json::Value =
-        serde_json::from_str(&String::from_utf8(gramine_sgx_sigstruct_view.stdout)?)?;
-    let mr_enclave = HexBinary::from_hex(&sigstruct_json["mr_enclave"].to_string())?.to_array()?;
     let light_client_opts = LightClientOpts::new(
         args.chain_id,
         args.trusted_height,
@@ -50,7 +45,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         args.max_block_lag,
     );
     let config = Config::new(
-        mr_enclave,
+        EpidAttestor.mr_enclave()?,
         Duration::from_secs(30 * 24 * 60),
         light_client_opts,
     );