nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Read mrenclave from quote

Browse source
This commit is contained in:
hu55a1n1 2024-02-27 14:30:36 -08:00
parent 59fbf665e1
commit c7eddffc2c
5 changed files with 33 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
enclaves/quartz/README.md
View file

@ -25,7 +25,6 @@ gramine-sgx ./quartz
```bash ```bash
cargo run -- --chain-id testing \ cargo run -- --chain-id testing \
--sigfile "quartz.sig" \
--trusted-height 1 \ --trusted-height 1 \
--trusted-hash "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869" --trusted-hash "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869"
``` ```

1
enclaves/quartz/quartz.manifest.template
View file

@ -21,7 +21,6 @@ loader.env.MYAPP_DATA = { passthrough = true }
loader.argv = ["quartz-enclave", loader.argv = ["quartz-enclave",
"--chain-id", "testing", "--chain-id", "testing",
"--sigfile", "quartz.sig",
"--trusted-height", "1", "--trusted-height", "1",
"--trusted-hash", "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869"] "--trusted-hash", "A1D115BA3A5E9FCC12ED68A9D8669159E9085F6F96EC26619F5C7CEB4EE02869"]

26
enclaves/quartz/src/attestor.rs
View file

@ -3,12 +3,17 @@ use std::{
io::{Error as IoError, Write}, io::{Error as IoError, Write},
}; };
use quartz_cw::msg::execute::attested::HasUserData; use quartz_cw::{
msg::execute::attested::HasUserData,
state::{MrEnclave, UserData},
};
pub trait Attestor { pub trait Attestor {
type Error: ToString; type Error: ToString;
fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error>; fn quote(&self, user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error>;
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error>;
} }
#[derive(Clone, PartialEq, Debug)] #[derive(Clone, PartialEq, Debug)]
@ -24,6 +29,13 @@ impl Attestor for EpidAttestor {
user_report_data.flush()?; user_report_data.flush()?;
read("/dev/attestation/quote") read("/dev/attestation/quote")
} }
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
let quote = self.quote(NullUserData)?;
Ok(quote[112..(112 + 32)]
.try_into()
.expect("hardcoded array size"))
}
} }
#[derive(Clone, PartialEq, Debug)] #[derive(Clone, PartialEq, Debug)]
@ -35,4 +47,16 @@ impl Attestor for MockAttestor {
fn quote(&self, _user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> { fn quote(&self, _user_data: impl HasUserData) -> Result<Vec<u8>, Self::Error> {
Ok(vec![]) Ok(vec![])
} }
fn mr_enclave(&self) -> Result<MrEnclave, Self::Error> {
Ok([0u8; 32])
}
}
struct NullUserData;
impl HasUserData for NullUserData {
fn user_data(&self) -> UserData {
[0u8; 64]
}
} }

6
enclaves/quartz/src/cli.rs
View file

@ -1,4 +1,4 @@
use std::{net::SocketAddr, path::PathBuf}; use std::net::SocketAddr;
use clap::Parser; use clap::Parser;
use color_eyre::eyre::{eyre, Result}; use color_eyre::eyre::{eyre, Result};
@ -22,10 +22,6 @@ pub struct Cli {
#[clap(long, default_value = "127.0.0.1:11090")] #[clap(long, default_value = "127.0.0.1:11090")]
pub rpc_addr: SocketAddr, pub rpc_addr: SocketAddr,
/// Gramine SIGFILE for this enclave (to read MRENCLAVE from)
#[clap(long)]
pub sigfile: PathBuf,
/// Identifier of the chain /// Identifier of the chain
#[clap(long)] #[clap(long)]
pub chain_id: String, pub chain_id: String,

19
enclaves/quartz/src/main.rs
View file

@ -18,28 +18,23 @@ mod attestor;
mod cli; mod cli;
mod server; mod server;
use std::{process::Command, time::Duration}; use std::time::Duration;
use clap::Parser; use clap::Parser;
use cosmwasm_std::HexBinary;
use quartz_cw::state::{Config, LightClientOpts}; use quartz_cw::state::{Config, LightClientOpts};
use quartz_proto::quartz::core_server::CoreServer; use quartz_proto::quartz::core_server::CoreServer;
use tonic::transport::Server; use tonic::transport::Server;
use crate::{attestor::EpidAttestor, cli::Cli, server::CoreService}; use crate::{
attestor::{Attestor, EpidAttestor},
cli::Cli,
server::CoreService,
};
#[tokio::main(flavor = "current_thread")] #[tokio::main(flavor = "current_thread")]
async fn main() -> Result<(), Box<dyn std::error::Error>> { async fn main() -> Result<(), Box<dyn std::error::Error>> {
let args = Cli::parse(); let args = Cli::parse();
let gramine_sgx_sigstruct_view = Command::new("gramine-sgx-sigstruct-view")
.args(["--output-format", "json"])
.arg(args.sigfile)
.output()?;
let sigstruct_json: serde_json::Value =
serde_json::from_str(&String::from_utf8(gramine_sgx_sigstruct_view.stdout)?)?;
let mr_enclave = HexBinary::from_hex(&sigstruct_json["mr_enclave"].to_string())?.to_array()?;
let light_client_opts = LightClientOpts::new( let light_client_opts = LightClientOpts::new(
args.chain_id, args.chain_id,
args.trusted_height, args.trusted_height,
@ -50,7 +45,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
args.max_block_lag, args.max_block_lag,
); );
let config = Config::new( let config = Config::new(
mr_enclave, EpidAttestor.mr_enclave()?,
Duration::from_secs(30 * 24 * 60), Duration::from_secs(30 * 24 * 60),
light_client_opts, light_client_opts,
); );