WIP
This commit is contained in:
parent
91769c0114
commit
f6770c2d0c
1 changed files with 58 additions and 37 deletions
|
|
@ -1,19 +1,18 @@
|
||||||
use quoted_string::strip_dquotes;
|
use cw_client::{CliClient, CwClient};
|
||||||
|
use der::DecodePem;
|
||||||
use mc_attestation_verifier::SignedTcbInfo;
|
use mc_attestation_verifier::SignedTcbInfo;
|
||||||
use p256::ecdsa::VerifyingKey;
|
use p256::ecdsa::VerifyingKey;
|
||||||
|
use quartz_tcbinfo_msgs::ExecuteMsg;
|
||||||
|
use quoted_string::strip_dquotes;
|
||||||
|
use reqwest::Url;
|
||||||
use serde_json::{json, Value};
|
use serde_json::{json, Value};
|
||||||
use std::collections::HashMap;
|
use std::collections::HashMap;
|
||||||
|
use std::{fs, path::Path};
|
||||||
use x509_cert::Certificate;
|
use x509_cert::Certificate;
|
||||||
use der::DecodePem;
|
|
||||||
use std::fs;
|
|
||||||
use cw_client::{CliClient, CwClient};
|
|
||||||
use reqwest::Url;
|
|
||||||
use quartz_tcbinfo_msgs::ExecuteMsg;
|
|
||||||
type TcbInfo = String;
|
type TcbInfo = String;
|
||||||
type Fmspc = String;
|
type Fmspc = String;
|
||||||
type Update = String;
|
type Update = String;
|
||||||
|
|
||||||
|
|
||||||
const TCB_SIGNER: &str = include_str!("../tcb_signer.pem");
|
const TCB_SIGNER: &str = include_str!("../tcb_signer.pem");
|
||||||
|
|
||||||
async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
|
async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
|
||||||
|
|
@ -25,16 +24,17 @@ async fn get_tcbinfo(fmspc: Fmspc, update: Update) -> String {
|
||||||
.await
|
.await
|
||||||
.expect("could not read https response");
|
.expect("could not read https response");
|
||||||
println!("{body}");
|
println!("{body}");
|
||||||
body
|
body
|
||||||
}
|
}
|
||||||
|
|
||||||
async fn get_fmspc_list() -> Vec<Fmspc> {
|
async fn get_fmspc_list() -> Vec<Fmspc> {
|
||||||
let body: String =
|
let body: String =
|
||||||
reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs").await
|
reqwest::get("https://api.trustedservices.intel.com/sgx/certification/v4/fmspcs")
|
||||||
.expect("url retrieval failed")
|
.await
|
||||||
.text()
|
.expect("url retrieval failed")
|
||||||
.await
|
.text()
|
||||||
.expect("could not read https response");
|
.await
|
||||||
|
.expect("could not read https response");
|
||||||
let fmspc_data: Vec<Value> = serde_json::from_str(&body).expect("could not convert to JSON");
|
let fmspc_data: Vec<Value> = serde_json::from_str(&body).expect("could not convert to JSON");
|
||||||
let mut fmspc_list: Vec<Fmspc> = Vec::new();
|
let mut fmspc_list: Vec<Fmspc> = Vec::new();
|
||||||
for item in fmspc_data.iter() {
|
for item in fmspc_data.iter() {
|
||||||
|
|
@ -45,14 +45,22 @@ async fn get_fmspc_list() -> Vec<Fmspc> {
|
||||||
fmspc_list
|
fmspc_list
|
||||||
}
|
}
|
||||||
|
|
||||||
|
async fn upsert_tcbinfo() -> Result<(), &'static str> {
|
||||||
|
|
||||||
async fn upsert_tcbinfo() -> Result<(), &'static str> {
|
let mut store: HashMap<Fmspc, TcbInfo> = if Path::new("./standard").exists() {
|
||||||
let data = fs::read_to_string("./standard").expect("Unable to read file");
|
let data = fs::read_to_string("./standard").expect("Unable to read file");
|
||||||
let mut store: HashMap<Fmspc, TcbInfo> = serde_json::from_str(&data).unwrap();
|
serde_json::from_str(&data).unwrap()
|
||||||
let certificate = TCB_SIGNER.to_string();
|
}
|
||||||
let parsed_certificate = Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");
|
else {
|
||||||
|
fs::File::create("./standard").expect("couldn't create file");
|
||||||
|
HashMap::new()
|
||||||
|
};
|
||||||
|
|
||||||
|
let certificate = TCB_SIGNER.to_string();
|
||||||
|
let parsed_certificate =
|
||||||
|
Certificate::from_pem(certificate.clone()).expect("failed to parse PEM");
|
||||||
let fmspc_list = get_fmspc_list().await;
|
let fmspc_list = get_fmspc_list().await;
|
||||||
let key = VerifyingKey::from_sec1_bytes(
|
let key = VerifyingKey::from_sec1_bytes(
|
||||||
parsed_certificate
|
parsed_certificate
|
||||||
.tbs_certificate
|
.tbs_certificate
|
||||||
.subject_public_key_info
|
.subject_public_key_info
|
||||||
|
|
@ -60,7 +68,7 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
|
||||||
.as_bytes()
|
.as_bytes()
|
||||||
.expect("Failed to parse public key"),
|
.expect("Failed to parse public key"),
|
||||||
)
|
)
|
||||||
.expect("Failed to decode public key");
|
.expect("Failed to decode public key");
|
||||||
|
|
||||||
for fmspc in fmspc_list {
|
for fmspc in fmspc_list {
|
||||||
let tcbinfo = get_tcbinfo(fmspc.clone(), "standard".to_string()).await;
|
let tcbinfo = get_tcbinfo(fmspc.clone(), "standard".to_string()).await;
|
||||||
|
|
@ -70,38 +78,51 @@ async fn upsert_tcbinfo() -> Result<(), &'static str> {
|
||||||
println!("updating local TCBInfo for FMSPC: {fmspc}");
|
println!("updating local TCBInfo for FMSPC: {fmspc}");
|
||||||
store.insert(fmspc.clone(), tcbinfo.clone());
|
store.insert(fmspc.clone(), tcbinfo.clone());
|
||||||
println!("updating on-chain TCBInfo for FMSPC: {fmspc}");
|
println!("updating on-chain TCBInfo for FMSPC: {fmspc}");
|
||||||
let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech").expect("couldn't parse network URL");
|
let testnet = Url::parse("https://rpc-falcron.pion-1.ntrn.tech")
|
||||||
let contract_address = "neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk".parse().expect("failed to parse contract address");
|
.expect("couldn't parse network URL");
|
||||||
|
let contract_address =
|
||||||
|
"neutron1r4m59786vmxrx866585ze5ugjx9egcyja0nuxhn2y6d7ht6680sspa89zk"
|
||||||
|
.parse()
|
||||||
|
.expect("failed to parse contract address");
|
||||||
let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id");
|
let chain_id = tendermint::chain::id::Id::try_from("pion-1").expect("invalid chain id");
|
||||||
let sender = "ajinkya";
|
let sender = "ajinkya";
|
||||||
let client = CliClient::neutrond(testnet);
|
let client = CliClient::neutrond(testnet);
|
||||||
let execute_msg = ExecuteMsg {
|
let execute_msg = ExecuteMsg {
|
||||||
tcb_info: tcbinfo.to_string(),
|
tcb_info: tcbinfo.to_string(),
|
||||||
certificate: certificate.clone(),
|
certificate: certificate.clone(),
|
||||||
time: None,
|
time: None,
|
||||||
};
|
};
|
||||||
let res =
|
let res = client
|
||||||
client.tx_execute(&contract_address, &chain_id, 400000, &sender, json!(execute_msg), "11000untrn").await;
|
.tx_execute(
|
||||||
|
&contract_address,
|
||||||
|
&chain_id,
|
||||||
|
400000,
|
||||||
|
&sender,
|
||||||
|
json!(execute_msg),
|
||||||
|
"11000untrn",
|
||||||
|
)
|
||||||
|
.await;
|
||||||
println!("done: {res:?}");
|
println!("done: {res:?}");
|
||||||
std::thread::sleep(std::time::Duration::from_secs(5));
|
std::thread::sleep(std::time::Duration::from_secs(5));
|
||||||
}
|
} else {
|
||||||
else {
|
|
||||||
println!("TCBInfo for FMSPC: {fmspc} up to date")
|
println!("TCBInfo for FMSPC: {fmspc} up to date")
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
let serialized = serde_json::to_string(&store).unwrap();
|
let serialized = serde_json::to_string(&store).unwrap();
|
||||||
fs::write("./standard", serialized).expect("Unable to write file");
|
fs::write("./standard", serialized).expect("Unable to write file");
|
||||||
|
|
||||||
Ok(())
|
Ok(())
|
||||||
// }
|
// }
|
||||||
// }
|
// }
|
||||||
}
|
}
|
||||||
|
|
||||||
fn verify_signature (tcbinfo: String, key: VerifyingKey) -> bool {
|
fn verify_signature(tcbinfo: String, key: VerifyingKey) -> bool {
|
||||||
|
let signed_tcbinfo =
|
||||||
let signed_tcbinfo = SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed");
|
SignedTcbInfo::try_from(tcbinfo.as_ref()).expect("tcbinfo string parsing failed");
|
||||||
signed_tcbinfo.verify(Some(&key), None).expect("could not verify signature");
|
signed_tcbinfo
|
||||||
true
|
.verify(Some(&key), None)
|
||||||
|
.expect("could not verify signature");
|
||||||
|
true
|
||||||
}
|
}
|
||||||
|
|
||||||
#[tokio::main]
|
#[tokio::main]
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue