nologies/cycles-quartz
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

WIP

Browse source
This commit is contained in:
Ajinkya Kulkarni 2024-12-04 21:35:35 +01:00
parent 91769c0114
commit f6770c2d0c
1 changed files with 58 additions and 37 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

63
crates/utils/tcbinfo-updater/src/main.rs
View file

@ -1,19 +1,18 @@
use quoted_string::strip_dquotes; use cw_client::{CliClient, CwClient};
use der::DecodePem;
use mc_attestation_verifier::SignedTcbInfo; use mc_attestation_verifier::SignedTcbInfo;
use p256::ecdsa::VerifyingKey; use p256::ecdsa::VerifyingKey;
use quartz_tcbinfo_msgs::ExecuteMsg;
use quoted_string::strip_dquotes;
use reqwest::Url;
use serde_json::{json, Value}; use serde_json::{json, Value};
use std::collections::HashMap; use std::collections::HashMap;
use std::{fs, path::Path};
use x509_cert::Certificate; use x509_cert::Certificate;
use der::DecodePem;
use std::fs;
use cw_client::{CliClient, CwClient};
use reqwest::Url;
use quartz_tcbinfo_msgs::ExecuteMsg;
type TcbInfo = String; type TcbInfo = String;
type Fmspc = String; type Fmspc = String;
type Update = String; type Update = String;
const TCB_SIGNER: &str = include_str!("../tcb_signer.pem"); const TCB_SIGNER: &str = include_str!("../tcb_signer.pem");
async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String { async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
@ -30,7 +29,8 @@ async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
async fn get_fmspc_list() -> Vec<Fmspc> { async fn get_fmspc_list() -> Vec<Fmspc> {
let body: String = let body: String =
reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs").await reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs")
.await
.expect("url retrieval failed") .expect("url retrieval failed")
.text() .text()
.await .await
@ -45,12 +45,20 @@ async fn get_fmspc_list() -> Vec<Fmspc> {
fmspc_list fmspc_list
} }
async fn upsert_tcbinfo() -> Result<(), &'static str> { async fn upsert_tcbinfo() -> Result<(), &'static str> {
let mut store: HashMap<Fmspc, TcbInfo> = if Path::new("./standard").exists() {
let data = fs::read_to_string("./standard").expect("Unable to read file"); let data = fs::read_to_string("./standard").expect("Unable to read file");
let mut store: HashMap<Fmspc, TcbInfo> = serde_json::from_str(&data).unwrap(); serde_json::from_str(&data).unwrap()
}
else {
fs::File::create("./standard").expect("couldn't create file");
HashMap::new()
};
let certificate = TCB_SIGNER.to_string(); let certificate = TCB_SIGNER.to_string();
let parsed_certificate = Certificate::from_pem(certificate.clone()).expect("failed to parse PEM"); let parsed_certificate =
Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");
let fmspc_list = get_fmspc_list().await; let fmspc_list = get_fmspc_list().await;
let key = VerifyingKey::from_sec1_bytes( let key = VerifyingKey::from_sec1_bytes(
parsed_certificate parsed_certificate
@ -70,8 +78,12 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
println!("updating local TCBInfo for FMSPC: {fmspc}"); println!("updating local TCBInfo for FMSPC: {fmspc}");
store.insert(fmspc.clone(), tcbinfo.clone()); store.insert(fmspc.clone(), tcbinfo.clone());
println!("updating on-chain TCBInfo for FMSPC: {fmspc}"); println!("updating on-chain TCBInfo for FMSPC: {fmspc}");
let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech").expect("couldn't parse network URL"); let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech")
let contract_address = "neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk".parse().expect("failed to parse contract address"); .expect("couldn't parse network URL");
let contract_address =
"neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk"
.parse()
.expect("failed to parse contract address");
let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id"); let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id");
let sender = "ajinkya"; let sender = "ajinkya";
let client = CliClient::neutrond(testnet); let client = CliClient::neutrond(testnet);
@ -80,12 +92,19 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
certificate: certificate.clone(), certificate: certificate.clone(),
time: None, time: None,
}; };
let res = let res = client
client.tx_execute(&contract_address, &chain_id, 400000, &sender, json!(execute_msg), "11000untrn").await; .tx_execute(
&contract_address,
&chain_id,
400000,
&sender,
json!(execute_msg),
"11000untrn",
)
.await;
println!("done: {res:?}"); println!("done: {res:?}");
std::thread::sleep(std::time::Duration::from_secs(5)); std::thread::sleep(std::time::Duration::from_secs(5));
} } else {
else {
println!("TCBInfo for FMSPC: {fmspc} up to date") println!("TCBInfo for FMSPC: {fmspc} up to date")
} }
} }
@ -97,10 +116,12 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
// } // }
} }
fn verify_signature (tcbinfo: String, key: VerifyingKey) -> bool { fn verify_signature(tcbinfo: String, key: VerifyingKey) -> bool {
let signed_tcbinfo =
let signed_tcbinfo = SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed"); SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed");
signed_tcbinfo.verify(Some(&key), None).expect("could not verify signature"); signed_tcbinfo
.verify(Some(&key), None)
.expect("could not verify signature");
true true
} }