From f6770c2d0c1557d6fc09c418a2c66d6813d80685 Mon Sep 17 00:00:00 2001 From: Ajinkya Kulkarni Date: Wed, 4 Dec 2024 21:35:35 +0100 Subject: [PATCH] WIP --- crates/utils/tcbinfo-updater/src/main.rs | 95 +++++++++++++++--------- 1 file changed, 58 insertions(+), 37 deletions(-) diff --git a/crates/utils/tcbinfo-updater/src/main.rs b/crates/utils/tcbinfo-updater/src/main.rs index ca907cd..c206ff1 100644 --- a/crates/utils/tcbinfo-updater/src/main.rs +++ b/crates/utils/tcbinfo-updater/src/main.rs @@ -1,19 +1,18 @@ -use quoted_string::strip_dquotes; +use cw_client::{CliClient, CwClient}; +use der::DecodePem; use mc_attestation_verifier::SignedTcbInfo; use p256::ecdsa::VerifyingKey; +use quartz_tcbinfo_msgs::ExecuteMsg; +use quoted_string::strip_dquotes; +use reqwest::Url; use serde_json::{json, Value}; use std::collections::HashMap; +use std::{fs, path::Path}; use x509_cert::Certificate; -use der::DecodePem; -use std::fs; -use cw_client::{CliClient, CwClient}; -use reqwest::Url; -use quartz_tcbinfo_msgs::ExecuteMsg; type TcbInfo = String; type Fmspc = String; type Update = String; - const TCB_SIGNER: &str = include_str!("../tcb_signer.pem"); async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String { @@ -25,16 +24,17 @@ async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String { .await .expect("could not read https response"); println!("{body}"); - body + body } async fn get_fmspc_list() -> Vec { let body: String = - reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs").await - .expect("url retrieval failed") - .text() - .await - .expect("could not read https response"); + reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs") + .await + .expect("url retrieval failed") + .text() + .await + .expect("could not read https response"); let fmspc_data: Vec = serde_json::from_str(&body).expect("could not convert to JSON"); let mut fmspc_list: Vec = Vec::new(); for item in fmspc_data.iter() { @@ -45,14 +45,22 @@ async fn get_fmspc_list() -> Vec { fmspc_list } - -async fn upsert_tcbinfo() -> Result<(), &'static str> { - let data = fs::read_to_string("./standard").expect("Unable to read file"); - let mut store: HashMap = serde_json::from_str(&data).unwrap(); - let certificate = TCB_SIGNER.to_string(); - let parsed_certificate = Certificate::from_pem(certificate.clone()).expect("failed to parse PEM"); +async fn upsert_tcbinfo() -> Result<(), &'static str> { + + let mut store: HashMap = if Path::new("./standard").exists() { + let data = fs::read_to_string("./standard").expect("Unable to read file"); + serde_json::from_str(&data).unwrap() + } + else { + fs::File::create("./standard").expect("couldn't create file"); + HashMap::new() + }; + + let certificate = TCB_SIGNER.to_string(); + let parsed_certificate = + Certificate::from_pem(certificate.clone()).expect("failed to parse PEM"); let fmspc_list = get_fmspc_list().await; - let key = VerifyingKey::from_sec1_bytes( + let key = VerifyingKey::from_sec1_bytes( parsed_certificate .tbs_certificate .subject_public_key_info @@ -60,8 +68,8 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> { .as_bytes() .expect("Failed to parse public key"), ) - .expect("Failed to decode public key"); - + .expect("Failed to decode public key"); + for fmspc in fmspc_list { let tcbinfo = get_tcbinfo(fmspc.clone(), "standard".to_string()).await; assert!(verify_signature(tcbinfo.clone(), key)); @@ -70,38 +78,51 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> { println!("updating local TCBInfo for FMSPC: {fmspc}"); store.insert(fmspc.clone(), tcbinfo.clone()); println!("updating on-chain TCBInfo for FMSPC: {fmspc}"); - let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech").expect("couldn't parse network URL"); - let contract_address = "neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk".parse().expect("failed to parse contract address"); + let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech") + .expect("couldn't parse network URL"); + let contract_address = + "neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk" + .parse() + .expect("failed to parse contract address"); let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id"); let sender = "ajinkya"; let client = CliClient::neutrond(testnet); let execute_msg = ExecuteMsg { tcb_info: tcbinfo.to_string(), - certificate: certificate.clone(), + certificate: certificate.clone(), time: None, }; - let res = - client.tx_execute(&contract_address, &chain_id, 400000, &sender, json!(execute_msg), "11000untrn").await; + let res = client + .tx_execute( + &contract_address, + &chain_id, + 400000, + &sender, + json!(execute_msg), + "11000untrn", + ) + .await; println!("done: {res:?}"); std::thread::sleep(std::time::Duration::from_secs(5)); - } - else { + } else { println!("TCBInfo for FMSPC: {fmspc} up to date") } } - let serialized = serde_json::to_string(&store).unwrap(); - fs::write("./standard", serialized).expect("Unable to write file"); - + let serialized = serde_json::to_string(&store).unwrap(); + fs::write("./standard", serialized).expect("Unable to write file"); + Ok(()) // } // } } -fn verify_signature (tcbinfo: String, key: VerifyingKey) -> bool { - - let signed_tcbinfo = SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed"); - signed_tcbinfo.verify(Some(&key), None).expect("could not verify signature"); - true +fn verify_signature(tcbinfo: String, key: VerifyingKey) -> bool { + let signed_tcbinfo = + SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed"); + signed_tcbinfo + .verify(Some(&key), None) + .expect("could not verify signature"); + true } #[tokio::main]