From 67a5ad70ff4e9ebd547a2a99e5a3629a54e3dac5 Mon Sep 17 00:00:00 2001 From: orion Date: Tue, 10 Jan 2023 16:32:37 +0100 Subject: [PATCH 01/39] citadel mods --- Cargo.lock | 139 ++++++++++++++++++++++---------------------- Makefile | 2 +- service/src/main.rs | 12 ++-- 3 files changed, 78 insertions(+), 75 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 81378608b2..6e382a8787 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -78,7 +78,7 @@ version = "0.19.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a76fd60b23679b7d19bd066031410fb7e458ccc5e958eb5c325888ce4baedc97" dependencies = [ - "gimli 0.27.1", + "gimli 0.27.2", ] [[package]] @@ -125,7 +125,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" dependencies = [ "getrandom 0.2.8", - "once_cell 1.17.0", + "once_cell 1.17.1", "version_check", ] @@ -682,9 +682,9 @@ dependencies = [ [[package]] name = "clang-sys" -version = "1.4.0" +version = "1.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa2e27ae6ab525c3d369ded447057bca5438d86dc3a68f6faafb8269ba82ebf3" +checksum = "77ed9a53e5d4d9c573ae844bfac6872b159cb1d1585a83b29e7a64b7eef7332a" dependencies = [ "glob", "libc", @@ -718,7 +718,7 @@ dependencies = [ "clap_derive", "clap_lex", "indexmap 1.9.2", - "once_cell 1.17.0", + "once_cell 1.17.1", "strsim 0.10.0", "termcolor", "textwrap 0.16.0", @@ -764,7 +764,7 @@ checksum = "76d0a7a42b9c13f2b2a1a7e64b949a19bcb56a49b190076e60261001ceaa5304" dependencies = [ "bytes 1.4.0", "futures 0.3.26", - "http 0.2.8", + "http 0.2.9", "mime", "mime_guess", "rand 0.8.5", @@ -977,9 +977,9 @@ dependencies = [ [[package]] name = "cxx" -version = "1.0.89" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc831ee6a32dd495436e317595e639a587aa9907bef96fe6e6abc290ab6204e9" +checksum = "86d3488e7665a7a483b57e25bdd90d0aeb2bc7608c8d0346acf2ad3f1caf1d62" dependencies = [ "cc", "cxxbridge-flags", @@ -989,13 +989,13 @@ dependencies = [ [[package]] name = "cxx-build" -version = "1.0.89" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "94331d54f1b1a8895cd81049f7eaaaef9d05a7dcb4d1fd08bf3ff0806246789d" +checksum = "48fcaf066a053a41a81dfb14d57d99738b767febb8b735c3016e469fac5da690" dependencies = [ "cc", "codespan-reporting", - "once_cell 1.17.0", + "once_cell 1.17.1", "proc-macro2", "quote", "scratch", @@ -1004,15 +1004,15 @@ dependencies = [ [[package]] name = "cxxbridge-flags" -version = "1.0.89" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "48dcd35ba14ca9b40d6e4b4b39961f23d835dbb8eed74565ded361d93e1feb8a" +checksum = "a2ef98b8b717a829ca5603af80e1f9e2e48013ab227b68ef37872ef84ee479bf" [[package]] name = "cxxbridge-macro" -version = "1.0.89" +version = "1.0.91" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "81bbeb29798b407ccd82a3324ade1a7286e0d29851475990b612670f6f5124d2" +checksum = "086c685979a698443656e5cf7856c95c642295a38599f12fb1ff76fb28d19892" dependencies = [ "proc-macro2", "quote", @@ -1440,9 +1440,9 @@ checksum = "4443176a9f2c162692bd3d352d745ef9413eec5782a80d8fd6f8a1ac692a07f7" [[package]] name = "fastrand" -version = "1.8.0" +version = "1.9.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a7a407cfaa3385c4ae6b23e84623d48c2798d06e3e6a1878f7f59f17b3f86499" +checksum = "e51093e27b0797c359783294ca4f0a911c270184cb10f85783b118614a1501be" dependencies = [ "instant", ] @@ -1652,7 +1652,7 @@ dependencies = [ "impl-trait-for-tuples", "k256", "log 0.4.17", - "once_cell 1.17.0", + "once_cell 1.17.1", "parity-scale-codec", "paste", "scale-info", @@ -1963,7 +1963,7 @@ dependencies = [ "memchr 2.5.0", "pin-project-lite", "pin-utils", - "slab 0.4.7", + "slab 0.4.8", ] [[package]] @@ -2039,9 +2039,9 @@ dependencies = [ [[package]] name = "gimli" -version = "0.27.1" +version = "0.27.2" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "221996f774192f0f718773def8201c4ae31f02616a54ccfc2d358bb0e5cefdec" +checksum = "ad0a93d233ebf96623465aad4046a8d3aa4da22d4f4beba5388838c8a434bbb4" [[package]] name = "glob" @@ -2084,11 +2084,11 @@ dependencies = [ "futures-core 0.3.26", "futures-sink 0.3.26", "futures-util 0.3.26", - "http 0.2.8", + "http 0.2.9", "indexmap 1.9.2", - "slab 0.4.7", + "slab 0.4.8", "tokio", - "tokio-util 0.7.6", + "tokio-util 0.7.7", "tracing", ] @@ -2157,7 +2157,7 @@ dependencies = [ "bitflags", "bytes 1.4.0", "headers-core", - "http 0.2.8", + "http 0.2.9", "httpdate", "mime", "sha1 0.10.5", @@ -2169,7 +2169,7 @@ version = "0.2.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "e7f66481bfee273957b1f20485a4ff3362987f85b2c236580d81b4eb7a326429" dependencies = [ - "http 0.2.8", + "http 0.2.9", ] [[package]] @@ -2267,9 +2267,9 @@ dependencies = [ [[package]] name = "http" -version = "0.2.8" +version = "0.2.9" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399" +checksum = "bd6effc99afb63425aff9b05836f029929e345a6148a14b7ecd5ab67af944482" dependencies = [ "bytes 1.4.0", "fnv 1.0.7", @@ -2283,7 +2283,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "d5f38f16d184e36f2408a55281cd658ecbd3ca05cce6d6510a176eca393e26d1" dependencies = [ "bytes 1.4.0", - "http 0.2.8", + "http 0.2.9", "pin-project-lite", ] @@ -2349,7 +2349,7 @@ dependencies = [ "futures-core 0.3.26", "futures-util 0.3.26", "h2", - "http 0.2.8", + "http 0.2.9", "http-body", "httparse 1.8.0", "httpdate", @@ -2371,7 +2371,7 @@ dependencies = [ "bytes 1.4.0", "common-multipart-rfc7578", "futures 0.3.26", - "http 0.2.8", + "http 0.2.9", "hyper", ] @@ -2717,7 +2717,7 @@ dependencies = [ "dirs", "failure", "futures 0.3.26", - "http 0.2.8", + "http 0.2.9", "hyper", "hyper-multipart-rfc7578", "hyper-tls", @@ -3013,7 +3013,7 @@ version = "0.9.0" dependencies = [ "base64 0.13.1", "http 0.2.1", - "http 0.2.8", + "http 0.2.9", "http_req 0.8.1 (git+https://github.com/integritee-network/http_req?branch=master)", "http_req 0.8.1 (git+https://github.com/integritee-network/http_req)", "log 0.4.17", @@ -4501,20 +4501,20 @@ dependencies = [ "log 0.4.17", "miow", "net2 0.2.38", - "slab 0.4.7", + "slab 0.4.8", "winapi 0.2.8", ] [[package]] name = "mio" -version = "0.8.5" +version = "0.8.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5d732bc30207a6423068df043e3d02e0735b155ad7ce1a6f76fe2baa5b158de" +checksum = "5b9d9a46eff5b4ff64b45a9e316a6d1e0bc719ef429cbec4dc630684212bfdf9" dependencies = [ "libc", "log 0.4.17", "wasi 0.11.0+wasi-snapshot-preview1", - "windows-sys 0.42.0", + "windows-sys 0.45.0", ] [[package]] @@ -4526,7 +4526,7 @@ dependencies = [ "lazycell", "log 0.4.17", "mio 0.6.23", - "slab 0.4.7", + "slab 0.4.8", ] [[package]] @@ -4540,7 +4540,7 @@ dependencies = [ "mio 0.6.23", "sgx_tstd", "sgx_types", - "slab 0.4.7", + "slab 0.4.8", ] [[package]] @@ -5000,9 +5000,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.17.0" +version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66" +checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" [[package]] name = "opaque-debug" @@ -5026,7 +5026,7 @@ dependencies = [ "cfg-if 1.0.0", "foreign-types", "libc", - "once_cell 1.17.0", + "once_cell 1.17.1", "openssl-macros", "openssl-sys", ] @@ -5780,7 +5780,7 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "66618389e4ec1c7afe67d51a9bf34ff9236480f8d51e7489b7d5ab0303c13f34" dependencies = [ - "once_cell 1.17.0", + "once_cell 1.17.1", "toml_edit", ] @@ -6216,7 +6216,7 @@ checksum = "3053cf52e236a3ed746dfc745aa9cacf1b791d846bdaf412f60a8d7d6e17c8fc" dependencies = [ "cc", "libc", - "once_cell 1.17.0", + "once_cell 1.17.1", "spin", "untrusted", "web-sys", @@ -6231,7 +6231,7 @@ dependencies = [ "cc", "libc", "log 0.4.17", - "once_cell 1.17.0", + "once_cell 1.17.1", "rkyv", "spin", "untrusted", @@ -7114,9 +7114,9 @@ dependencies = [ [[package]] name = "signal-hook-registry" -version = "1.4.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e51e73328dc4ac0c7ccbda3a494dfa03df1de2f46018127f60c693f2648455b0" +checksum = "d8229b473baa5980ac72ef434c4415e70c4b5e71b423043adb4ba059f89c99a1" dependencies = [ "libc", ] @@ -7153,9 +7153,9 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" +checksum = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d" dependencies = [ "autocfg 1.1.0", ] @@ -8042,9 +8042,9 @@ checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369" [[package]] name = "target-lexicon" -version = "0.12.5" +version = "0.12.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "9410d0f6853b1d94f0e519fb95df60f29d2c1eff2d921ffdf01a4c8a3b54f12d" +checksum = "8ae9980cab1db3fceee2f6c6f643d5d8de2997c58ee8d25fb0cc8a9e9e7348e5" [[package]] name = "teeracle-primitives" @@ -8161,11 +8161,12 @@ dependencies = [ [[package]] name = "thread_local" -version = "1.1.4" +version = "1.1.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5516c27b78311c50bf42c071425c560ac799b11c30b31f87e3081965fe5e0180" +checksum = "3fdd6f064ccff2d6567adcb3873ca630700f00b5ad3f060c25b5dcfd9a4ce152" dependencies = [ - "once_cell 1.17.0", + "cfg-if 1.0.0", + "once_cell 1.17.1", ] [[package]] @@ -8187,7 +8188,7 @@ checksum = "62cc94d358b5a1e84a5cb9109f559aa3c4d634d2b1b4de3d0fa4adc7c78e2861" dependencies = [ "anyhow", "hmac 0.12.1", - "once_cell 1.17.0", + "once_cell 1.17.1", "pbkdf2 0.11.0", "rand 0.8.5", "rustc-hash", @@ -8232,7 +8233,7 @@ dependencies = [ "bytes 1.4.0", "libc", "memchr 2.5.0", - "mio 0.8.5", + "mio 0.8.6", "num_cpus", "parking_lot 0.12.1", "pin-project-lite", @@ -8276,9 +8277,9 @@ dependencies = [ [[package]] name = "tokio-stream" -version = "0.1.11" +version = "0.1.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d660770404473ccd7bc9f8b28494a811bc18542b915c0855c51e8f419d5223ce" +checksum = "8fb52b74f05dbf495a8fba459fdc331812b96aa086d9eb78101fa0d4569c3313" dependencies = [ "futures-core 0.3.26", "pin-project-lite", @@ -8314,9 +8315,9 @@ dependencies = [ [[package]] name = "tokio-util" -version = "0.7.6" +version = "0.7.7" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "bc6a3b08b64e6dfad376fa2432c7b1f01522e37a623c3050bc95db2d3ff21583" +checksum = "5427d89453009325de0d8f342c9490009f76e999cb7672d77e46267448f7e6b2" dependencies = [ "bytes 1.4.0", "futures-core 0.3.26", @@ -8388,7 +8389,7 @@ version = "0.1.30" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "24eb03ba0eab1fd845050058ce5e616558e8f8d8fca633e6b163fe25c797213a" dependencies = [ - "once_cell 1.17.0", + "once_cell 1.17.1", "valuable", ] @@ -8510,7 +8511,7 @@ dependencies = [ "base64 0.13.1", "byteorder 1.4.3", "bytes 1.4.0", - "http 0.2.8", + "http 0.2.9", "httparse 1.8.0", "log 0.4.17", "rand 0.8.5", @@ -8532,7 +8533,7 @@ dependencies = [ "base64 0.13.1", "byteorder 1.4.3", "bytes 1.4.0", - "http 0.2.8", + "http 0.2.9", "httparse 1.8.0", "log 0.4.17", "rand 0.8.5", @@ -8778,7 +8779,7 @@ dependencies = [ "futures-channel 0.3.26", "futures-util 0.3.26", "headers", - "http 0.2.8", + "http 0.2.9", "hyper", "log 0.4.17", "mime", @@ -8794,7 +8795,7 @@ dependencies = [ "tokio", "tokio-stream", "tokio-tungstenite", - "tokio-util 0.7.6", + "tokio-util 0.7.7", "tower-service", "tracing", ] @@ -8835,7 +8836,7 @@ checksum = "95ce90fd5bcc06af55a641a86428ee4229e44e07033963a2290a8e241607ccb9" dependencies = [ "bumpalo", "log 0.4.17", - "once_cell 1.17.0", + "once_cell 1.17.1", "proc-macro2", "quote", "syn", @@ -8967,7 +8968,7 @@ dependencies = [ "libc", "log 0.4.17", "object 0.29.0", - "once_cell 1.17.0", + "once_cell 1.17.1", "paste", "psm", "serde 1.0.152", @@ -9037,7 +9038,7 @@ version = "1.0.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f671b588486f5ccec8c5a3dba6b4c07eac2e66ab8c60e6f4e53717c77f709731" dependencies = [ - "once_cell 1.17.0", + "once_cell 1.17.1", ] [[package]] @@ -9325,7 +9326,7 @@ dependencies = [ "openssl", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", "sha-1 0.8.2", - "slab 0.4.7", + "slab 0.4.8", "url 2.3.1", ] diff --git a/Makefile b/Makefile index 492e7a35d6..4a7d34ae34 100755 --- a/Makefile +++ b/Makefile @@ -103,7 +103,7 @@ Enclave_EDL_Files := enclave-runtime/Enclave_t.c enclave-runtime/Enclave_t.h ser ######## Integritee-service settings ######## SRC_Files := $(shell find . -type f -name '*.rs') $(shell find . -type f -name 'Cargo.toml') -Worker_Rust_Flags := $(CARGO_TARGET) $(WORKER_FEATURES) +Worker_Rust_Flags := $(CARGO_TARGET) $(WORKER_FEATURES),dcap Worker_Include_Paths := -I ./service -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) Worker_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(Worker_Include_Paths) diff --git a/service/src/main.rs b/service/src/main.rs index 742937344d..1d81e94aaf 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -227,8 +227,9 @@ fn main() { // Hard coded 6-byte FMSPC that represents the state of devsgx03 // TODO: either fetch this value from a list of pre-configured FMSPC values or // extract the information out of the RA certificate - let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; - enclave.dump_dcap_collateral_to_disk(fmspc).unwrap(); + //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; + let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; + enclave.dump_dcap_collateral_to_disk(fmspc_citadel).unwrap(); enclave.dump_dcap_ra_cert_to_disk().unwrap(); } } else if matches.is_present("mrenclave") { @@ -701,11 +702,12 @@ fn register_collateral( accountid: &AccountId32, is_development_mode: bool, ) { - let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; - let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc).unwrap(); + //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; + let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; + let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); - let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc).unwrap(); + let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); } From d74d9de3c20e874fee6434c077f94699d771c424 Mon Sep 17 00:00:00 2001 From: orion Date: Wed, 11 Jan 2023 11:49:42 +0100 Subject: [PATCH 02/39] use ldconfig --- .../enclave-api/src/remote_attestation.rs | 32 ++++++++++++++++++- 1 file changed, 31 insertions(+), 1 deletion(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 92cb68a0e0..c5624e36b2 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -148,9 +148,14 @@ impl RemoteAttestation for Enclave { fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; + info!( + "inside of itp_enclave_api::remote_attestation::Enclave::generate_dcap_ra_extrinsic" + ); self.set_ql_qe_enclave_paths()?; + info!("set_ql_qe_enclave_paths succeeded"); let quoting_enclave_target_info = self.qe_get_target_info()?; + info!("quoting_enclave_target_info succeeded"); let quote_size = self.qe_get_quote_size()?; info!("Retrieved quote size of {:?}", quote_size); @@ -587,7 +592,32 @@ impl TlsRemoteAttestation for Enclave { } fn create_system_path(file_name: &str) -> String { - format!("{}{}{}", OS_SYSTEM_PATH, file_name, C_STRING_ENDING) + info!("create_system_path:: file_name={}", &file_name); + let default_path = format!("{}{}", OS_SYSTEM_PATH, file_name); + + let full_path = find_library_by_name(file_name).unwrap_or_else(|| default_path); + + let c_terminated_path = format!("{}{}", full_path, C_STRING_ENDING); + info!("create_system_path:: created path={}", &c_terminated_path); + c_terminated_path +} +fn find_library_by_name(lib_name: &str) -> Option { + use std::process::Command; + // ldconfig -p | grep libsgx_pce_logic.so.1 + + let ldconfig_output = Command::new("ldconfig").args(["-p"]).output().ok()?; + let possible_path = String::from_utf8(ldconfig_output.stdout) + .ok()? + .lines() + .filter(|line| line.contains(lib_name)) + .map(|lib_name_and_path| { + lib_name_and_path + .rsplit_once("=>") + .and_then(|(_, lib_path)| Some(lib_path.trim().to_owned())) + }) + .nth(0)?; + + possible_path } fn set_ql_path(path_type: sgx_ql_path_type_t, path: &str) -> EnclaveResult<()> { From 9091acad9d1f186b1997ac6698a6df38280f7d73 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 16 Jan 2023 16:36:53 +0100 Subject: [PATCH 03/39] service: skip check_files if dcap attestation is used --- service/src/main.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/service/src/main.rs b/service/src/main.rs index 1d81e94aaf..b33cd908cd 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -303,6 +303,7 @@ fn start_worker( // ------------------------------------------------------------------------ // check for required files if !skip_ra { + #[cfg(not(feature = "dcap"))] check_files(); } // ------------------------------------------------------------------------ From d9a0ccfd8c99a1acc88871c761e575e24fad82c5 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 16 Jan 2023 16:39:53 +0100 Subject: [PATCH 04/39] worker: move feature check to check_files() to silence unused warning (temporary fix) --- service/src/main.rs | 1 - service/src/utils.rs | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/service/src/main.rs b/service/src/main.rs index b33cd908cd..1d81e94aaf 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -303,7 +303,6 @@ fn start_worker( // ------------------------------------------------------------------------ // check for required files if !skip_ra { - #[cfg(not(feature = "dcap"))] check_files(); } // ------------------------------------------------------------------------ diff --git a/service/src/utils.rs b/service/src/utils.rs index e5e83cb9ae..36052079e2 100644 --- a/service/src/utils.rs +++ b/service/src/utils.rs @@ -46,6 +46,7 @@ pub fn check_files() { debug!("*** Check files"); let files = [ENCLAVE_FILE, RA_SPID_FILE, RA_API_KEY_FILE]; for f in files.iter() { + #[cfg(not(feature = "dcap"))] assert!(Path::new(f).exists(), "File doesn't exist: {}", f); } } From a29a0e3accb70666947c26eb2b7b5a0faf3edb32 Mon Sep 17 00:00:00 2001 From: orion Date: Tue, 24 Jan 2023 16:09:29 +0100 Subject: [PATCH 05/39] Add function to verify quote from the outside --- Cargo.lock | 1 + .../src/attestation_handler.rs | 1 + core-primitives/enclave-api/ffi/src/lib.rs | 12 ++++ .../enclave-api/src/remote_attestation.rs | 33 +++++++++++ core/rest-client/src/rest_client.rs | 6 +- enclave-runtime/Cargo.lock | 14 ++--- enclave-runtime/Enclave.edl | 6 ++ enclave-runtime/src/attestation.rs | 57 ++++++++++++++++++- service/Cargo.toml | 2 + service/src/main.rs | 32 ++++++++++- service/src/prometheus_metrics.rs | 54 ++++++++++++++++++ 11 files changed, 206 insertions(+), 12 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 6e382a8787..41c94a3110 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2632,6 +2632,7 @@ dependencies = [ "ipfs-api", "itc-parentchain", "itc-parentchain-test", + "itc-rest-client", "itc-rpc-client", "itc-rpc-server", "itp-enclave-api", diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index 7e6023dd8d..56b4e3a3b4 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -728,6 +728,7 @@ where return Err(sgx_status_t::SGX_ERROR_UNEXPECTED) } + println!("szilard: it works"); Ok(()) } diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs index 5dcf464324..369875564c 100644 --- a/core-primitives/enclave-api/ffi/src/lib.rs +++ b/core-primitives/enclave-api/ffi/src/lib.rs @@ -7,6 +7,17 @@ use sgx_types::{ extern "C" { + pub fn generate_dcap_ra_extrinsic_with_quote( + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + w_url: *const u8, + w_url_size: u32, + quote: *const u8, + quote_size: u32, + unchecked_extrinsic: *mut u8, + unchecked_extrinsic_size: u32, + ) -> sgx_status_t; + pub fn init( eid: sgx_enclave_id_t, retval: *mut sgx_status_t, @@ -199,4 +210,5 @@ extern "C" { shard_size: u32, skip_ra: c_int, ) -> sgx_status_t; + } diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index c5624e36b2..a97be7a215 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -48,6 +48,11 @@ pub trait RemoteAttestation { fn generate_ias_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult>; fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult>; + fn generate_dcap_ra_extrinsic_internal_with_quote( + &self, + url: String, + quote: &[u8], + ) -> EnclaveResult>; fn generate_register_quoting_enclave_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult>; @@ -145,6 +150,34 @@ impl RemoteAttestation for Enclave { Ok(unchecked_extrinsic) } + fn generate_dcap_ra_extrinsic_internal_with_quote( + &self, + url: String, + quote: &[u8], + ) -> EnclaveResult> { + let mut retval = sgx_status_t::SGX_SUCCESS; + let mut unchecked_extrinsic: Vec = vec![0u8; EXTRINSIC_MAX_SIZE]; + let url = url.encode(); + + let result = unsafe { + ffi::generate_dcap_ra_extrinsic_with_quote( + self.eid, + &mut retval, + url.as_ptr(), + url.len() as u32, + quote.as_ptr(), + quote.len() as u32, + unchecked_extrinsic.as_mut_ptr(), + unchecked_extrinsic.len() as u32, + ) + }; + + ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); + ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); + println!("ensured 2x"); + + Ok(quote.to_vec()) + } fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; diff --git a/core/rest-client/src/rest_client.rs b/core/rest-client/src/rest_client.rs index 36309331f4..187553abc6 100644 --- a/core/rest-client/src/rest_client.rs +++ b/core/rest-client/src/rest_client.rs @@ -18,14 +18,16 @@ #[cfg(all(not(feature = "std"), feature = "sgx"))] use crate::sgx_reexport_prelude::*; +pub use http_req::{request::Method, response::Headers}; +pub use url::Url; + use crate::{ error::Error, http_client::SendHttpRequest, Query, RestDelete, RestGet, RestPatch, RestPath, RestPost, RestPut, }; -use http_req::{request::Method, response::Headers}; + use log::*; use std::string::{String, ToString}; -use url::Url; /// REST client to make HTTP GET and POST requests. pub struct RestClient { diff --git a/enclave-runtime/Cargo.lock b/enclave-runtime/Cargo.lock index 76816a220c..b7c91fde19 100644 --- a/enclave-runtime/Cargo.lock +++ b/enclave-runtime/Cargo.lock @@ -101,7 +101,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "fcb51a0695d8f838b1ee009b3fbf66bda078cd64590202a864a8f3e8c4315c47" dependencies = [ "getrandom 0.2.3", - "once_cell 1.17.0", + "once_cell 1.17.1", "version_check", ] @@ -2556,7 +2556,7 @@ dependencies = [ "mio", "sgx_tstd", "sgx_types", - "slab 0.4.7", + "slab 0.4.8", ] [[package]] @@ -2715,9 +2715,9 @@ dependencies = [ [[package]] name = "once_cell" -version = "1.17.0" +version = "1.17.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66" +checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" [[package]] name = "opaque-debug" @@ -3028,7 +3028,7 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "66618389e4ec1c7afe67d51a9bf34ff9236480f8d51e7489b7d5ab0303c13f34" dependencies = [ - "once_cell 1.17.0", + "once_cell 1.17.1", "toml_edit", ] @@ -3838,9 +3838,9 @@ dependencies = [ [[package]] name = "slab" -version = "0.4.7" +version = "0.4.8" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4614a76b2a8be0058caa9dbbaf66d988527d86d003c11a94fbd335d7661edcef" +checksum = "6528351c9bc8ab22353f9d776db39a20288e8d6c37ef8cfe3317cf875eecfc2d" dependencies = [ "autocfg 1.1.0", ] diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl index dffd2dd139..d424676176 100644 --- a/enclave-runtime/Enclave.edl +++ b/enclave-runtime/Enclave.edl @@ -89,6 +89,12 @@ enclave { int skip_ra ); + public sgx_status_t generate_dcap_ra_extrinsic_with_quote( + [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, + [in, size=quote_size] uint8_t* quote, uint32_t quote_size, + [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size + ); + public sgx_status_t generate_dcap_ra_extrinsic( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size, diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 116885c9fd..31d83ccae3 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -163,7 +163,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic( sgx_status_t::SGX_SUCCESS } -fn generate_dcap_ra_extrinsic_internal( +pub fn generate_dcap_ra_extrinsic_internal( url: String, skip_ra: bool, quoting_enclave_target_info: &sgx_target_info_t, @@ -191,6 +191,61 @@ fn generate_dcap_ra_extrinsic_internal( Ok(extrinsic[0].clone()) } +#[no_mangle] +pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( + w_url: *const u8, + w_url_size: u32, + quote: *const u8, + quote_size: u32, + unchecked_extrinsic: *mut u8, + unchecked_extrinsic_size: u32, +) -> sgx_status_t { + if w_url.is_null() || unchecked_extrinsic.is_null() { + return sgx_status_t::SGX_ERROR_INVALID_PARAMETER + } + let mut url_slice = slice::from_raw_parts(w_url, w_url_size as usize); + println!("url_slice is: {:#?}", &url_slice); + + let url = String::decode(&mut url_slice).expect("Could not decode url slice to a valid String"); + println!("url is: {:#?}", &url); + let extrinsic_slice = + slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); + + let quote_slice = slice::from_raw_parts(quote, quote_size as usize); + + let extrinsic = match generate_dcap_ra_extrinsic_with_quote_internal(url, quote_slice) { + Ok(xt) => xt, + Err(e) => return e.into(), + }; + println!("got extrinsic"); + + if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { + return EnclaveError::Other(Box::new(e)).into() + }; + sgx_status_t::SGX_SUCCESS +} + +pub fn generate_dcap_ra_extrinsic_with_quote_internal( + url: String, + quote: &[u8], +) -> EnclaveResult { + // TODO Need to send this to the teerex pallet (something similar to perform_ra_internal) + let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?; + let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?; + info!(" [Enclave] Compose register enclave gettins callIDs:"); + + let call_ids = node_metadata_repo + .get_from_metadata(|m| m.register_dcap_enclave_call_indexes())? + .map_err(MetadataProviderError::MetadataError)?; + info!(" [Enclave] Compose register enclave call DCAP IDs: {:?}", call_ids); + let call = OpaqueCall::from_tuple(&(call_ids, quote, url)); + info!(" [Enclave] Compose register enclave got call: {:#?}", &call); + + let extrinsic = extrinsics_factory.create_extrinsics(&[call], None)?; + info!(" [Enclave] Compose register enclave got extrinsic, returning"); + Ok(extrinsic[0].clone()) +} + fn generate_ias_ra_extrinsic_internal( url: String, skip_ra: bool, diff --git a/service/Cargo.toml b/service/Cargo.toml index cefe4a72da..df3451ea23 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -26,6 +26,7 @@ thiserror = "1.0" tokio = { version = "1.6.1", features = ["full"] } warp = "0.3" + # ipfs ipfs-api = "0.11.0" sha2 = { version = "0.7", default-features = false } @@ -39,6 +40,7 @@ sgx_urts = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sd # local itc-parentchain = { path = "../core/parentchain/parentchain-crate" } +itc-rest-client = { path = "../core/rest-client" } itc-rpc-client = { path = "../core/rpc-client" } itc-rpc-server = { path = "../core/rpc-server" } itp-enclave-api = { path = "../core-primitives/enclave-api" } diff --git a/service/src/main.rs b/service/src/main.rs index 1d81e94aaf..658ec8b85a 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -424,12 +424,19 @@ fn start_worker( ) .expect("Could not set the node metadata in the enclave"); + let trusted_url = config.trusted_worker_url_external(); #[cfg(feature = "dcap")] - register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode); + register_collateral( + &node_api, + &*enclave, + &tee_accountid, + is_development_mode, + trusted_url.clone(), + ); // ------------------------------------------------------------------------ // Perform a remote attestation and get an unchecked extrinsic back. - let trusted_url = config.trusted_worker_url_external(); + if skip_ra { println!( "[!] skipping remote attestation. Registering enclave without attestation report." @@ -701,14 +708,35 @@ fn register_collateral( enclave: &dyn RemoteAttestation, accountid: &AccountId32, is_development_mode: bool, + url: String, ) { //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; + let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; + // let events = prometheus_metrics::fetch_stuff().unwrap(); + // let events: Vec = serde_json::from_str(&events).unwrap(); + let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); + + //verify_dcap_quote(); + //attestation_handler. + let events = prometheus_metrics::fetch_stuff_with_itc_rest_client().unwrap(); + let quotes: Vec<&[u8]> = + events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); + println!("quotes is: {:#?}", quotes); + + for quote in quotes { + //enclave.ecdsa_quote_verification(quote_split.to_vec()).unwrap(); + + let ext = enclave + .generate_dcap_ra_extrinsic_internal_with_quote(url.clone(), "e) + .expect("you shall pass"); + send_extrinsic(&ext, api, accountid, is_development_mode); + } } fn send_extrinsic( diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 6d41e120f0..63b8c05866 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -25,6 +25,7 @@ use crate::{ error::{Error, ServiceResult}, }; use async_trait::async_trait; +use core::time::Duration; use itp_enclave_metrics::EnclaveMetric; use lazy_static::lazy_static; use log::*; @@ -170,3 +171,56 @@ impl ReceiveEnclaveMetrics for EnclaveMetricsReceiver { Ok(()) } } + +// Data structure that matches with REST API JSON +use itc_rest_client::{ + http_client::{DefaultSend, HttpClient, SendHttpRequest}, + rest_client::{Method, Url as URL}, + RestGet, RestPath, +}; +use serde::{Deserialize, Serialize}; + +struct PrometheusMarblerunEvents(pub Vec); + +impl RestPath<()> for PrometheusMarblerunEvents { + fn get_path(_: ()) -> Result { + Ok(format!("events")) + } +} + +pub fn fetch_stuff_with_itc_rest_client() -> Result, Error> { + let http_client = + HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(15u64)), None, None); + let mut base_url = URL::parse("http://localhost:9944").unwrap(); + base_url.set_path("events"); + + let (response, encoded_body) = http_client + .send_request::<(), PrometheusMarblerunEvents>(base_url, Method::GET, (), None, None) + .unwrap(); + + let encoded_body = String::from_utf8_lossy(&encoded_body); + + let events: Vec = serde_json::from_str(&encoded_body).unwrap(); + println!("events is: {:#?}", &events); + Ok(events) +} + +#[derive(Serialize, Deserialize, Debug)] +pub struct PrometheusMarblerunEvent { + pub time: String, + pub activation: PrometheusMarblerunEventActivation, +} + +impl PrometheusMarblerunEvent { + pub fn get_quote_without_prepended_bytes(&self) -> &[u8] { + let marblerun_magic_prepended_header_size = 16usize; + &self.activation.quote.as_bytes()[marblerun_magic_prepended_header_size..] + } +} +#[derive(Serialize, Deserialize, Debug)] +#[serde(rename_all = "camelCase")] +pub struct PrometheusMarblerunEventActivation { + pub marble_type: String, + pub uuid: String, + pub quote: String, +} From b493c14e38a3fe02048485007ead9cb9b1ab1f2b Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 13:09:07 +0100 Subject: [PATCH 06/39] fix invalid extrinsic return parameter --- core-primitives/enclave-api/src/remote_attestation.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index a97be7a215..223f749c01 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -176,7 +176,7 @@ impl RemoteAttestation for Enclave { ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); println!("ensured 2x"); - Ok(quote.to_vec()) + Ok(unchecked_extrinsic.to_vec()) } fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { From 15461be539e24bf6b1ebad7a40643ebf7e2e7faf Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 13:18:22 +0100 Subject: [PATCH 07/39] cleanup --- service/src/main.rs | 7 ------- service/src/prometheus_metrics.rs | 4 +--- 2 files changed, 1 insertion(+), 10 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index 658ec8b85a..755d3cccdf 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -713,8 +713,6 @@ fn register_collateral( //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - // let events = prometheus_metrics::fetch_stuff().unwrap(); - // let events: Vec = serde_json::from_str(&events).unwrap(); let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); @@ -722,16 +720,11 @@ fn register_collateral( let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); - //verify_dcap_quote(); - //attestation_handler. let events = prometheus_metrics::fetch_stuff_with_itc_rest_client().unwrap(); let quotes: Vec<&[u8]> = events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); - println!("quotes is: {:#?}", quotes); for quote in quotes { - //enclave.ecdsa_quote_verification(quote_split.to_vec()).unwrap(); - let ext = enclave .generate_dcap_ra_extrinsic_internal_with_quote(url.clone(), "e) .expect("you shall pass"); diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 63b8c05866..4669946ef4 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -191,8 +191,7 @@ impl RestPath<()> for PrometheusMarblerunEvents { pub fn fetch_stuff_with_itc_rest_client() -> Result, Error> { let http_client = HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(15u64)), None, None); - let mut base_url = URL::parse("http://localhost:9944").unwrap(); - base_url.set_path("events"); + let base_url = URL::parse("http://localhost:9944").unwrap(); let (response, encoded_body) = http_client .send_request::<(), PrometheusMarblerunEvents>(base_url, Method::GET, (), None, None) @@ -201,7 +200,6 @@ pub fn fetch_stuff_with_itc_rest_client() -> Result = serde_json::from_str(&encoded_body).unwrap(); - println!("events is: {:#?}", &events); Ok(events) } From de97b6d51aed8746cadb8dca2c7c513dd9346223 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 13:25:20 +0100 Subject: [PATCH 08/39] rename fetch_stuff --- service/src/main.rs | 2 +- service/src/prometheus_metrics.rs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index 755d3cccdf..c1db2adb14 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -720,7 +720,7 @@ fn register_collateral( let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); - let events = prometheus_metrics::fetch_stuff_with_itc_rest_client().unwrap(); + let events = prometheus_metrics::fetch_marblerun_events().unwrap(); let quotes: Vec<&[u8]> = events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 4669946ef4..72ac5ee57d 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -188,7 +188,7 @@ impl RestPath<()> for PrometheusMarblerunEvents { } } -pub fn fetch_stuff_with_itc_rest_client() -> Result, Error> { +pub fn fetch_marblerun_events() -> Result, Error> { let http_client = HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(15u64)), None, None); let base_url = URL::parse("http://localhost:9944").unwrap(); From f6cc3a58fb18820814554a7eca3049b8331e8ebb Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 13:39:45 +0100 Subject: [PATCH 09/39] extract timeout --- service/src/prometheus_metrics.rs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 72ac5ee57d..10e552461a 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -189,8 +189,9 @@ impl RestPath<()> for PrometheusMarblerunEvents { } pub fn fetch_marblerun_events() -> Result, Error> { + let timeout = 3u64; let http_client = - HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(15u64)), None, None); + HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(timeout)), None, None); let base_url = URL::parse("http://localhost:9944").unwrap(); let (response, encoded_body) = http_client @@ -199,7 +200,7 @@ pub fn fetch_marblerun_events() -> Result, Error> let encoded_body = String::from_utf8_lossy(&encoded_body); - let events: Vec = serde_json::from_str(&encoded_body).unwrap(); + let events: Vec = serde_json::from_str(&encoded_body)?; Ok(events) } From 9c3908cd5a4ea488bc792435272c277d5a17437a Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 14:53:37 +0100 Subject: [PATCH 10/39] remove comment 2x --- core-primitives/enclave-api/src/remote_attestation.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 223f749c01..1b54bf8426 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -174,7 +174,6 @@ impl RemoteAttestation for Enclave { ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - println!("ensured 2x"); Ok(unchecked_extrinsic.to_vec()) } From 192a14f365f0b44893569d090c961d9921440f9c Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 15:13:47 +0100 Subject: [PATCH 11/39] extract function --- service/src/main.rs | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index c1db2adb14..88e0486082 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -426,7 +426,9 @@ fn start_worker( let trusted_url = config.trusted_worker_url_external(); #[cfg(feature = "dcap")] - register_collateral( + register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode); + #[cfg(feature = "dcap")] + register_quotes_from_marblerun( &node_api, &*enclave, &tee_accountid, @@ -703,23 +705,13 @@ fn print_events(events: Events, _sender: Sender) { } #[cfg(feature = "dcap")] -fn register_collateral( +fn register_quotes_from_marblerun( api: &ParentchainApi, enclave: &dyn RemoteAttestation, accountid: &AccountId32, is_development_mode: bool, url: String, ) { - //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; - - let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - - let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); - send_extrinsic(&uxt, api, accountid, is_development_mode); - - let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); - send_extrinsic(&uxt, api, accountid, is_development_mode); - let events = prometheus_metrics::fetch_marblerun_events().unwrap(); let quotes: Vec<&[u8]> = events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); @@ -731,6 +723,23 @@ fn register_collateral( send_extrinsic(&ext, api, accountid, is_development_mode); } } +#[cfg(feature = "dcap")] +fn register_collateral( + api: &ParentchainApi, + enclave: &dyn RemoteAttestation, + accountid: &AccountId32, + is_development_mode: bool, +) { + //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; + + let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; + + let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); + send_extrinsic(&uxt, api, accountid, is_development_mode); + + let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); + send_extrinsic(&uxt, api, accountid, is_development_mode); +} fn send_extrinsic( extrinsic: &[u8], From 129eb76ca6e76f17cfb7896eeb6a45149f32e7b9 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 15:50:48 +0100 Subject: [PATCH 12/39] add flag for prometheus endpoint base url --- service/src/config.rs | 10 +++++++++- service/src/main.rs | 10 ++++++++-- service/src/prometheus_metrics.rs | 9 +++++++-- 3 files changed, 24 insertions(+), 5 deletions(-) diff --git a/service/src/config.rs b/service/src/config.rs index 36365fd5d9..51eb076c6f 100644 --- a/service/src/config.rs +++ b/service/src/config.rs @@ -16,6 +16,7 @@ */ use clap::ArgMatches; +use itc_rest_client::rest_client::Url; use parse_duration::parse; use serde::{Deserialize, Serialize}; use std::time::Duration; @@ -183,6 +184,8 @@ pub struct RunConfig { pub shard: Option, /// Optional teeracle update interval pub teeracle_update_interval: Option, + /// Marblerun's Prometheus endpoint base URL + pub marblerun_base_url: Option, } impl From<&ArgMatches<'_>> for RunConfig { @@ -194,8 +197,13 @@ impl From<&ArgMatches<'_>> for RunConfig { let teeracle_update_interval = m.value_of("teeracle-interval").map(|i| { parse(i).unwrap_or_else(|e| panic!("teeracle-interval parsing error {:?}", e)) }); + let marblerun_base_url = m.value_of("marblerun-url").map(|i| { + Url::parse(i) + .unwrap_or_else(|e| panic!("marblerun-url parsing error: {:?}", e)) + .to_string() + }); - Self { skip_ra, dev, request_state, shard, teeracle_update_interval } + Self { skip_ra, dev, request_state, shard, teeracle_update_interval, marblerun_base_url } } } diff --git a/service/src/main.rs b/service/src/main.rs index 88e0486082..b0d8296e0a 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -424,9 +424,12 @@ fn start_worker( ) .expect("Could not set the node metadata in the enclave"); - let trusted_url = config.trusted_worker_url_external(); #[cfg(feature = "dcap")] register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode); + + let trusted_url = config.trusted_worker_url_external(); + let marblerun_base_url = + run_config.marblerun_base_url.unwrap_or("http://localhost:9944".to_owned()); #[cfg(feature = "dcap")] register_quotes_from_marblerun( &node_api, @@ -434,6 +437,7 @@ fn start_worker( &tee_accountid, is_development_mode, trusted_url.clone(), + marblerun_base_url.clone(), ); // ------------------------------------------------------------------------ @@ -704,6 +708,7 @@ fn print_events(events: Events, _sender: Sender) { } } +use itc_rest_client::rest_client::Url; #[cfg(feature = "dcap")] fn register_quotes_from_marblerun( api: &ParentchainApi, @@ -711,8 +716,9 @@ fn register_quotes_from_marblerun( accountid: &AccountId32, is_development_mode: bool, url: String, + marblerun_base_url: String, ) { - let events = prometheus_metrics::fetch_marblerun_events().unwrap(); + let events = prometheus_metrics::fetch_marblerun_events(&marblerun_base_url).unwrap(); let quotes: Vec<&[u8]> = events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 10e552461a..b8bc3babb7 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -188,11 +188,16 @@ impl RestPath<()> for PrometheusMarblerunEvents { } } -pub fn fetch_marblerun_events() -> Result, Error> { +pub fn fetch_marblerun_events(base_url: &str) -> Result, Error> { + let base_url = URL::parse(&base_url).map_err(|e| { + Error::Custom( + format!("Failed to parse marblerun promethes endpoint base URL: {:?}", e).into(), + ) + })?; + let timeout = 3u64; let http_client = HttpClient::new(DefaultSend {}, true, Some(Duration::from_secs(timeout)), None, None); - let base_url = URL::parse("http://localhost:9944").unwrap(); let (response, encoded_body) = http_client .send_request::<(), PrometheusMarblerunEvents>(base_url, Method::GET, (), None, None) From 6090f91fac30f090755b787f42fe23191d6c9986 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 16:11:42 +0100 Subject: [PATCH 13/39] dcap vs ias check_files --- service/src/main.rs | 7 +++++-- service/src/prometheus_metrics.rs | 4 ++-- service/src/utils.rs | 7 ++++--- 3 files changed, 11 insertions(+), 7 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index b0d8296e0a..0133fa7523 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -20,6 +20,9 @@ #[cfg(feature = "teeracle")] use crate::teeracle::start_interval_market_update; +#[cfg(not(feature = "dcap"))] +use crate::utils::check_files; + use crate::{ account_funding::{setup_account_funding, EnclaveAccountInfoProvider}, error::Error, @@ -34,7 +37,7 @@ use crate::{ prometheus_metrics::{start_metrics_server, EnclaveMetricsReceiver, MetricsHandler}, sidechain_setup::{sidechain_init_block_production, sidechain_start_untrusted_rpc_server}, sync_block_broadcaster::SyncBlockBroadcaster, - utils::{check_files, extract_shard}, + utils::extract_shard, worker::Worker, worker_peers_updater::WorkerPeersUpdater, }; @@ -303,6 +306,7 @@ fn start_worker( // ------------------------------------------------------------------------ // check for required files if !skip_ra { + #[cfg(not(feature = "dcap"))] check_files(); } // ------------------------------------------------------------------------ @@ -708,7 +712,6 @@ fn print_events(events: Events, _sender: Sender) { } } -use itc_rest_client::rest_client::Url; #[cfg(feature = "dcap")] fn register_quotes_from_marblerun( api: &ParentchainApi, diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index b8bc3babb7..2e61b277a0 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -176,7 +176,7 @@ impl ReceiveEnclaveMetrics for EnclaveMetricsReceiver { use itc_rest_client::{ http_client::{DefaultSend, HttpClient, SendHttpRequest}, rest_client::{Method, Url as URL}, - RestGet, RestPath, + RestPath, }; use serde::{Deserialize, Serialize}; @@ -199,7 +199,7 @@ pub fn fetch_marblerun_events(base_url: &str) -> Result(base_url, Method::GET, (), None, None) .unwrap(); diff --git a/service/src/utils.rs b/service/src/utils.rs index 36052079e2..350c63214d 100644 --- a/service/src/utils.rs +++ b/service/src/utils.rs @@ -19,8 +19,7 @@ use base58::{FromBase58, ToBase58}; use itp_enclave_api::enclave_base::EnclaveBase; use itp_types::ShardIdentifier; -use log::{debug, info}; -use std::path::Path; +use log::info; pub fn extract_shard( maybe_shard_str: &Option, @@ -41,12 +40,14 @@ pub fn extract_shard( } } +#[cfg(not(feature = "dcap"))] pub fn check_files() { use itp_settings::files::{ENCLAVE_FILE, RA_API_KEY_FILE, RA_SPID_FILE}; + use log::debug; + use std::path::Path; debug!("*** Check files"); let files = [ENCLAVE_FILE, RA_SPID_FILE, RA_API_KEY_FILE]; for f in files.iter() { - #[cfg(not(feature = "dcap"))] assert!(Path::new(f).exists(), "File doesn't exist: {}", f); } } From cc4420275deda781e979b736a90ef150f9af863b Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 16:34:59 +0100 Subject: [PATCH 14/39] switch to rest_client --- service/src/prometheus_metrics.rs | 35 ++++++++++++++++--------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 2e61b277a0..68c3fafba8 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -26,10 +26,16 @@ use crate::{ }; use async_trait::async_trait; use core::time::Duration; +use itc_rest_client::{ + http_client::{DefaultSend, HttpClient}, + rest_client::{RestClient, Url as URL}, + RestGet, RestPath, +}; use itp_enclave_metrics::EnclaveMetric; use lazy_static::lazy_static; use log::*; use prometheus::{proto::MetricFamily, register_int_gauge, IntGauge}; +use serde::{Deserialize, Serialize}; use std::{net::SocketAddr, sync::Arc}; use warp::{Filter, Rejection, Reply}; @@ -173,18 +179,13 @@ impl ReceiveEnclaveMetrics for EnclaveMetricsReceiver { } // Data structure that matches with REST API JSON -use itc_rest_client::{ - http_client::{DefaultSend, HttpClient, SendHttpRequest}, - rest_client::{Method, Url as URL}, - RestPath, -}; -use serde::{Deserialize, Serialize}; +#[derive(Serialize, Deserialize, Debug)] struct PrometheusMarblerunEvents(pub Vec); -impl RestPath<()> for PrometheusMarblerunEvents { - fn get_path(_: ()) -> Result { - Ok(format!("events")) +impl RestPath<&str> for PrometheusMarblerunEvents { + fn get_path(path: &str) -> Result { + Ok(format!("{}", path)) } } @@ -194,19 +195,19 @@ pub fn fetch_marblerun_events(base_url: &str) -> Result(base_url, Method::GET, (), None, None) - .unwrap(); - - let encoded_body = String::from_utf8_lossy(&encoded_body); + let mut rest_client = RestClient::new(http_client, base_url.clone()); + let events: PrometheusMarblerunEvents = rest_client.get("events").map_err(|e| { + Error::Custom( + format!("Failed to fetch marblerun prometheus events from: {}, error: {}", base_url, e) + .into(), + ) + })?; - let events: Vec = serde_json::from_str(&encoded_body)?; - Ok(events) + Ok(events.0) } #[derive(Serialize, Deserialize, Debug)] From f49978ac48724683ea0c84a08a2e5f92ef5dfc7e Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 16:35:13 +0100 Subject: [PATCH 15/39] fix typo --- service/src/prometheus_metrics.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 68c3fafba8..40f8d19c0c 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -192,7 +192,7 @@ impl RestPath<&str> for PrometheusMarblerunEvents { pub fn fetch_marblerun_events(base_url: &str) -> Result, Error> { let base_url = URL::parse(&base_url).map_err(|e| { Error::Custom( - format!("Failed to parse marblerun promethes endpoint base URL: {:?}", e).into(), + format!("Failed to parse marblerun prometheus endpoint base URL: {:?}", e).into(), ) })?; let timeout = 3u64; From ec20be4464f8b712476f85d4fb241100861bc9d4 Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 30 Jan 2023 16:38:53 +0100 Subject: [PATCH 16/39] remove comment by me --- .../attestation-handler/src/attestation_handler.rs | 1 - core-primitives/enclave-api/src/remote_attestation.rs | 5 ----- 2 files changed, 6 deletions(-) diff --git a/core-primitives/attestation-handler/src/attestation_handler.rs b/core-primitives/attestation-handler/src/attestation_handler.rs index 56b4e3a3b4..7e6023dd8d 100644 --- a/core-primitives/attestation-handler/src/attestation_handler.rs +++ b/core-primitives/attestation-handler/src/attestation_handler.rs @@ -728,7 +728,6 @@ where return Err(sgx_status_t::SGX_ERROR_UNEXPECTED) } - println!("szilard: it works"); Ok(()) } diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 1b54bf8426..269cc0d486 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -180,14 +180,9 @@ impl RemoteAttestation for Enclave { fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; - info!( - "inside of itp_enclave_api::remote_attestation::Enclave::generate_dcap_ra_extrinsic" - ); self.set_ql_qe_enclave_paths()?; - info!("set_ql_qe_enclave_paths succeeded"); let quoting_enclave_target_info = self.qe_get_target_info()?; - info!("quoting_enclave_target_info succeeded"); let quote_size = self.qe_get_quote_size()?; info!("Retrieved quote size of {:?}", quote_size); From 1c6bdc20fdf4f3871223582fdf23b70eac80b223 Mon Sep 17 00:00:00 2001 From: orion Date: Tue, 31 Jan 2023 11:41:56 +0100 Subject: [PATCH 17/39] fetch events every hour --- service/src/main.rs | 43 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 38 insertions(+), 5 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index 0133fa7523..711d1371ef 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -434,11 +434,12 @@ fn start_worker( let trusted_url = config.trusted_worker_url_external(); let marblerun_base_url = run_config.marblerun_base_url.unwrap_or("http://localhost:9944".to_owned()); + #[cfg(feature = "dcap")] - register_quotes_from_marblerun( - &node_api, - &*enclave, - &tee_accountid, + fetch_marblerun_events_every_hour( + node_api.clone(), + enclave.clone(), + tee_accountid.clone(), is_development_mode, trusted_url.clone(), marblerun_base_url.clone(), @@ -712,15 +713,47 @@ fn print_events(events: Events, _sender: Sender) { } } +#[cfg(feature = "dcap")] +fn fetch_marblerun_events_every_hour( + api: ParentchainApi, + enclave: Arc, + accountid: AccountId32, + is_development_mode: bool, + url: String, + marblerun_base_url: String, +) where + E: RemoteAttestation + Clone + Sync + Send + 'static, +{ + let enclave = enclave.clone(); + let handle = thread::spawn(move || { + const POLL_INTERVAL_1_HOUR_IN_SECS: u64 = 1 * 30; + loop { + info!("Polling marblerun evenets for quotes to register"); + register_quotes_from_marblerun( + &api, + enclave.clone(), + &accountid, + is_development_mode, + url.clone(), + marblerun_base_url.clone(), + ); + + thread::sleep(Duration::from_secs(POLL_INTERVAL_1_HOUR_IN_SECS)); + } + }); + + handle.join().unwrap() +} #[cfg(feature = "dcap")] fn register_quotes_from_marblerun( api: &ParentchainApi, - enclave: &dyn RemoteAttestation, + enclave: Arc, accountid: &AccountId32, is_development_mode: bool, url: String, marblerun_base_url: String, ) { + let enclave = enclave.as_ref(); let events = prometheus_metrics::fetch_marblerun_events(&marblerun_base_url).unwrap(); let quotes: Vec<&[u8]> = events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); From 1ef93c9c7038eb9e4863439d6e8071e6343ee37c Mon Sep 17 00:00:00 2001 From: orion Date: Tue, 31 Jan 2023 12:20:59 +0100 Subject: [PATCH 18/39] remove unnecessary comment --- enclave-runtime/src/attestation.rs | 1 - 1 file changed, 1 deletion(-) diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 31d83ccae3..e434cee8db 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -217,7 +217,6 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( Ok(xt) => xt, Err(e) => return e.into(), }; - println!("got extrinsic"); if let Err(e) = write_slice_and_whitespace_pad(extrinsic_slice, extrinsic.encode()) { return EnclaveError::Other(Box::new(e)).into() From 072d49288de2cbf7554e36d0c434e3f180cd20ad Mon Sep 17 00:00:00 2001 From: orion Date: Tue, 31 Jan 2023 18:19:49 +0100 Subject: [PATCH 19/39] fetch fmspc from dcap_quote --- Cargo.lock | 1 + core-primitives/enclave-api/ffi/src/lib.rs | 14 +++++ .../enclave-api/src/remote_attestation.rs | 51 +++++++++++++++++ enclave-runtime/Enclave.edl | 7 +++ enclave-runtime/src/attestation.rs | 56 +++++++++++++++++++ service/Cargo.toml | 1 + service/src/main.rs | 13 +++-- 7 files changed, 138 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 41c94a3110..84637fcaef 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2660,6 +2660,7 @@ dependencies = [ "serde 1.0.152", "serde_derive 1.0.152", "serde_json 1.0.93", + "sgx-verify", "sgx_crypto_helper", "sgx_types", "sgx_urts", diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs index 369875564c..6be62276b5 100644 --- a/core-primitives/enclave-api/ffi/src/lib.rs +++ b/core-primitives/enclave-api/ffi/src/lib.rs @@ -126,6 +126,20 @@ extern "C" { quote_size: u32, ) -> sgx_status_t; + pub fn generate_dcap_ra( + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + skip_ra: c_int, + quoting_enclave_target_info: &sgx_target_info_t, + quote_size: u32, + cert_der_p: *mut u8, + cert_der_size: *mut u32, + cert_der_capacity: *mut u32, + dcap_quote_p: *mut u8, + dcap_quote_size: *mut u32, + dcap_quote_capacity: *mut u32, + ) -> sgx_status_t; + pub fn generate_register_quoting_enclave_extrinsic( eid: sgx_enclave_id_t, retval: *mut sgx_status_t, diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 269cc0d486..637b2fb03b 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -53,6 +53,7 @@ pub trait RemoteAttestation { url: String, quote: &[u8], ) -> EnclaveResult>; + fn generate_dcap_ra(&self, skip_ra: bool) -> EnclaveResult<(Vec, Vec)>; fn generate_register_quoting_enclave_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult>; @@ -178,6 +179,56 @@ impl RemoteAttestation for Enclave { Ok(unchecked_extrinsic.to_vec()) } + fn generate_dcap_ra(&self, skip_ra: bool) -> EnclaveResult<(Vec, Vec)> { + let mut retval = sgx_status_t::SGX_SUCCESS; + let quoting_enclave_target_info = self.qe_get_target_info()?; + let quote_size = self.qe_get_quote_size()?; + + let mut cert_der: u8 = 0u8; + let cert_der_p: *mut u8 = &mut cert_der; + let mut cert_der_size = 0u32; + let mut cert_der_capacity = 0u32; + + let mut dcap_quote: u8 = 0u8; + let dcap_quote_p: *mut u8 = &mut dcap_quote; + let mut dcap_quote_size = 0u32; + let mut dcap_quote_capacity = 0u32; + + let result = unsafe { + ffi::generate_dcap_ra( + self.eid, + &mut retval, + skip_ra.into(), + "ing_enclave_target_info, + quote_size, + cert_der_p, + &mut cert_der_size, + &mut cert_der_capacity, + dcap_quote_p, + &mut dcap_quote_size, + &mut dcap_quote_capacity, + ) + }; + + ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); + ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); + + // TODO add some sanity checks regarding the vector to be built. + + let cert_der = unsafe { + Vec::from_raw_parts(cert_der_p, cert_der_size as usize, cert_der_capacity as usize) + }; + let dcap_quote = unsafe { + Vec::from_raw_parts( + dcap_quote_p, + dcap_quote_size as usize, + dcap_quote_capacity as usize, + ) + }; + + Ok((cert_der, dcap_quote)) + } + fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl index d424676176..416548240c 100644 --- a/enclave-runtime/Enclave.edl +++ b/enclave-runtime/Enclave.edl @@ -88,6 +88,13 @@ enclave { [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size, int skip_ra ); + public sgx_status_t generate_dcap_ra( + int skip_ra, + [in] const sgx_target_info_t* quoting_enclave_target_info, + uint32_t quote_size, + [out] uint8_t* cert_der_p, [out] uint32_t* cert_der_size, [out] uint32_t* cert_der_capacity, + [out] uint8_t* dcap_quote_p, [out] uint32_t* dcap_quote_size, [out] uint32_t* dcap_quote_capacity + ); public sgx_status_t generate_dcap_ra_extrinsic_with_quote( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index e434cee8db..3479d094f2 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -36,6 +36,7 @@ use crate::{ Error as EnclaveError, Result as EnclaveResult, }; use codec::{Decode, Encode}; +use core::mem; use itp_attestation_handler::{AttestationHandler, SgxQlQveCollateral}; use itp_component_container::ComponentGetter; use itp_extrinsics_factory::CreateExtrinsics; @@ -191,6 +192,61 @@ pub fn generate_dcap_ra_extrinsic_internal( Ok(extrinsic[0].clone()) } +#[no_mangle] +pub unsafe extern "C" fn generate_dcap_ra( + skip_ra: c_int, + quoting_enclave_target_info: &sgx_target_info_t, + quote_size: u32, + cert_der_p: *mut u8, + cert_der_size: *mut u32, + cert_der_capacity: *mut u32, + dcap_quote_p: *mut u8, + dcap_quote_size: *mut u32, + dcap_quote_capacity: *mut u32, +) -> sgx_status_t { + let (cert_der, dcap_quote) = + match generate_dcap_ra_internal(skip_ra == 1, quoting_enclave_target_info, quote_size) { + Ok(cert_and_dcap) => cert_and_dcap, + Err(e) => return e.into(), + }; + + // We will be deconstructing the 2 vectors and they must be reconstructed later with `Vec::from_raw_parts`. + // See https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#examples-3 for details. + + let mut cert_der = mem::ManuallyDrop::new(cert_der); + let (cert_der_ptr, cert_der_len, cert_der_cap) = + (cert_der.as_mut_ptr(), cert_der.len(), cert_der.capacity()); + cert_der_p = cert_der_ptr; + *cert_der_size = cert_der_len as u32; + *cert_der_capacity = cert_der_cap as u32; + // TODO switch to `into_raw_parts` once it is stabilized. + + let mut dcap_quote = mem::ManuallyDrop::new(dcap_quote); + let (dcap_quote_ptr, dcap_quote_len, dcap_quote_cap) = + (dcap_quote.as_mut_ptr(), dcap_quote.len(), dcap_quote.capacity()); + dcap_quote_p = dcap_quote_ptr; + *dcap_quote_size = dcap_quote_len as u32; + *dcap_quote_capacity = dcap_quote_cap as u32; + + sgx_status_t::SGX_SUCCESS +} + +pub fn generate_dcap_ra_internal( + skip_ra: bool, + quoting_enclave_target_info: &sgx_target_info_t, + quote_size: u32, +) -> EnclaveResult<(Vec, Vec)> { + let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?; + + let (cert_der, dcap_quote) = attestation_handler.generate_dcap_ra_cert( + quoting_enclave_target_info, + quote_size, + skip_ra, + )?; + + Ok((cert_der, dcap_quote)) +} + #[no_mangle] pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( w_url: *const u8, diff --git a/service/Cargo.toml b/service/Cargo.toml index df3451ea23..b6a9964448 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -59,6 +59,7 @@ its-storage = { path = "../sidechain/storage" } my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } substrate-api-client = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } +sgx-verify = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } # Substrate dependencies frame-support = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } diff --git a/service/src/main.rs b/service/src/main.rs index 711d1371ef..467a437e02 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -75,6 +75,7 @@ use its_storage::{interface::FetchBlocks, BlockPruner, SidechainStorageLock}; use log::*; use my_node_runtime::{Hash, Header, RuntimeEvent}; use sgx_types::*; + use sp_core::crypto::{AccountId32, Ss58Codec}; use sp_keyring::AccountKeyring; use std::{ @@ -429,7 +430,7 @@ fn start_worker( .expect("Could not set the node metadata in the enclave"); #[cfg(feature = "dcap")] - register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode); + register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode, skip_ra); let trusted_url = config.trusted_worker_url_external(); let marblerun_base_url = @@ -771,15 +772,17 @@ fn register_collateral( enclave: &dyn RemoteAttestation, accountid: &AccountId32, is_development_mode: bool, + skip_ra: bool, ) { - //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; - let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc_citadel).unwrap(); + let (_cert_der, dcap_quote) = enclave.generate_dcap_ra(skip_ra).unwrap(); + let (fmspc, _tcb_info) = extract_tcb_info_from_raw_dcap_quote(&dcap_quote).unwrap(); + + let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); - let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc_citadel).unwrap(); + let uxt = enclave.generate_register_tcb_info_extrinsic(fmspc).unwrap(); send_extrinsic(&uxt, api, accountid, is_development_mode); } From a11e6073277dbce37ea12466e712e314ca643a1f Mon Sep 17 00:00:00 2001 From: orion Date: Wed, 1 Feb 2023 09:50:26 +0100 Subject: [PATCH 20/39] fixes --- app-libs/stf/Cargo.toml | 21 ++++--- core-primitives/enclave-api/ffi/src/lib.rs | 8 +-- .../enclave-api/src/remote_attestation.rs | 39 +++---------- enclave-runtime/Enclave.edl | 5 +- enclave-runtime/src/attestation.rs | 57 ++++++++----------- service/src/main.rs | 5 +- 6 files changed, 52 insertions(+), 83 deletions(-) diff --git a/app-libs/stf/Cargo.toml b/app-libs/stf/Cargo.toml index bf36b5ea29..fd505bc160 100644 --- a/app-libs/stf/Cargo.toml +++ b/app-libs/stf/Cargo.toml @@ -6,14 +6,20 @@ edition = "2021" [dependencies] # crates.io -codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" } +codec = { version = "3.0.0", default-features = false, features = [ + "derive", +], package = "parity-scale-codec" } derive_more = { version = "0.99.5" } log = { version = "0.4", default-features = false } rlp = { version = "0.5", default-features = false } sha3 = { version = "0.10", default-features = false } # sgx deps -sgx_tstd = { branch = "master", features = ["untrusted_fs", "net", "backtrace"], git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true } +sgx_tstd = { branch = "master", features = [ + "untrusted_fs", + "net", + "backtrace", +], git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true } # local crates ita-sgx-runtime = { default-features = false, path = "../sgx-runtime" } @@ -27,7 +33,11 @@ itp-stf-primitives = { default-features = false, path = "../../core-primitives/s itp-storage = { default-features = false, path = "../../core-primitives/storage" } itp-types = { default-features = false, path = "../../core-primitives/types" } itp-utils = { default-features = false, path = "../../core-primitives/utils" } -sp-io = { default-features = false, features = ["disable_oom", "disable_panic_handler", "disable_allocator"], path = "../../core-primitives/substrate-sgx/sp-io" } +sp-io = { default-features = false, features = [ + "disable_oom", + "disable_panic_handler", + "disable_allocator", +], path = "../../core-primitives/substrate-sgx/sp-io" } # Substrate dependencies frame-support = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } @@ -49,10 +59,7 @@ sp-keyring = { git = "https://github.com/paritytech/substrate.git", branch = "po [features] default = ["std"] evm = ["ita-sgx-runtime/evm"] -evm_std = [ - "evm", - "ita-sgx-runtime/evm_std", -] +evm_std = ["evm", "ita-sgx-runtime/evm_std"] sgx = [ "sgx_tstd", "itp-sgx-externalities/sgx", diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs index 6be62276b5..683383d2c1 100644 --- a/core-primitives/enclave-api/ffi/src/lib.rs +++ b/core-primitives/enclave-api/ffi/src/lib.rs @@ -126,18 +126,14 @@ extern "C" { quote_size: u32, ) -> sgx_status_t; - pub fn generate_dcap_ra( + pub fn generate_dcap_ra_quote( eid: sgx_enclave_id_t, retval: *mut sgx_status_t, skip_ra: c_int, quoting_enclave_target_info: &sgx_target_info_t, quote_size: u32, - cert_der_p: *mut u8, - cert_der_size: *mut u32, - cert_der_capacity: *mut u32, dcap_quote_p: *mut u8, - dcap_quote_size: *mut u32, - dcap_quote_capacity: *mut u32, + dcap_quote_size: u32, ) -> sgx_status_t; pub fn generate_register_quoting_enclave_extrinsic( diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 637b2fb03b..7a9ecd675f 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -53,7 +53,7 @@ pub trait RemoteAttestation { url: String, quote: &[u8], ) -> EnclaveResult>; - fn generate_dcap_ra(&self, skip_ra: bool) -> EnclaveResult<(Vec, Vec)>; + fn generate_dcap_ra_quote(&self, skip_ra: bool) -> EnclaveResult>; fn generate_register_quoting_enclave_extrinsic(&self, fmspc: Fmspc) -> EnclaveResult>; @@ -179,54 +179,31 @@ impl RemoteAttestation for Enclave { Ok(unchecked_extrinsic.to_vec()) } - fn generate_dcap_ra(&self, skip_ra: bool) -> EnclaveResult<(Vec, Vec)> { + fn generate_dcap_ra_quote(&self, skip_ra: bool) -> EnclaveResult> { let mut retval = sgx_status_t::SGX_SUCCESS; let quoting_enclave_target_info = self.qe_get_target_info()?; let quote_size = self.qe_get_quote_size()?; - let mut cert_der: u8 = 0u8; - let cert_der_p: *mut u8 = &mut cert_der; - let mut cert_der_size = 0u32; - let mut cert_der_capacity = 0u32; - - let mut dcap_quote: u8 = 0u8; - let dcap_quote_p: *mut u8 = &mut dcap_quote; - let mut dcap_quote_size = 0u32; - let mut dcap_quote_capacity = 0u32; + let mut dcap_quote_vec: Vec = vec![0; quote_size as usize]; + let (dcap_quote_p, dcap_quote_size) = + (dcap_quote_vec.as_mut_ptr(), dcap_quote_vec.len() as u32); let result = unsafe { - ffi::generate_dcap_ra( + ffi::generate_dcap_ra_quote( self.eid, &mut retval, skip_ra.into(), "ing_enclave_target_info, quote_size, - cert_der_p, - &mut cert_der_size, - &mut cert_der_capacity, dcap_quote_p, - &mut dcap_quote_size, - &mut dcap_quote_capacity, + dcap_quote_size, ) }; ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result)); ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval)); - // TODO add some sanity checks regarding the vector to be built. - - let cert_der = unsafe { - Vec::from_raw_parts(cert_der_p, cert_der_size as usize, cert_der_capacity as usize) - }; - let dcap_quote = unsafe { - Vec::from_raw_parts( - dcap_quote_p, - dcap_quote_size as usize, - dcap_quote_capacity as usize, - ) - }; - - Ok((cert_der, dcap_quote)) + Ok(dcap_quote_vec) } fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult> { diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl index 416548240c..2e0bf3715d 100644 --- a/enclave-runtime/Enclave.edl +++ b/enclave-runtime/Enclave.edl @@ -88,12 +88,11 @@ enclave { [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size, int skip_ra ); - public sgx_status_t generate_dcap_ra( + public sgx_status_t generate_dcap_ra_quote( int skip_ra, [in] const sgx_target_info_t* quoting_enclave_target_info, uint32_t quote_size, - [out] uint8_t* cert_der_p, [out] uint32_t* cert_der_size, [out] uint32_t* cert_der_capacity, - [out] uint8_t* dcap_quote_p, [out] uint32_t* dcap_quote_size, [out] uint32_t* dcap_quote_capacity + [out, size=dcap_quote_size] uint8_t* dcap_quote_p, uint32_t dcap_quote_size ); public sgx_status_t generate_dcap_ra_extrinsic_with_quote( diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 3479d094f2..614831607a 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -36,7 +36,6 @@ use crate::{ Error as EnclaveError, Result as EnclaveResult, }; use codec::{Decode, Encode}; -use core::mem; use itp_attestation_handler::{AttestationHandler, SgxQlQveCollateral}; use itp_component_container::ComponentGetter; use itp_extrinsics_factory::CreateExtrinsics; @@ -193,58 +192,48 @@ pub fn generate_dcap_ra_extrinsic_internal( } #[no_mangle] -pub unsafe extern "C" fn generate_dcap_ra( +pub unsafe extern "C" fn generate_dcap_ra_quote( skip_ra: c_int, quoting_enclave_target_info: &sgx_target_info_t, quote_size: u32, - cert_der_p: *mut u8, - cert_der_size: *mut u32, - cert_der_capacity: *mut u32, dcap_quote_p: *mut u8, - dcap_quote_size: *mut u32, - dcap_quote_capacity: *mut u32, + dcap_quote_size: u32, ) -> sgx_status_t { - let (cert_der, dcap_quote) = - match generate_dcap_ra_internal(skip_ra == 1, quoting_enclave_target_info, quote_size) { - Ok(cert_and_dcap) => cert_and_dcap, - Err(e) => return e.into(), - }; - - // We will be deconstructing the 2 vectors and they must be reconstructed later with `Vec::from_raw_parts`. - // See https://doc.rust-lang.org/stable/std/vec/struct.Vec.html#examples-3 for details. - - let mut cert_der = mem::ManuallyDrop::new(cert_der); - let (cert_der_ptr, cert_der_len, cert_der_cap) = - (cert_der.as_mut_ptr(), cert_der.len(), cert_der.capacity()); - cert_der_p = cert_der_ptr; - *cert_der_size = cert_der_len as u32; - *cert_der_capacity = cert_der_cap as u32; - // TODO switch to `into_raw_parts` once it is stabilized. - - let mut dcap_quote = mem::ManuallyDrop::new(dcap_quote); - let (dcap_quote_ptr, dcap_quote_len, dcap_quote_cap) = - (dcap_quote.as_mut_ptr(), dcap_quote.len(), dcap_quote.capacity()); - dcap_quote_p = dcap_quote_ptr; - *dcap_quote_size = dcap_quote_len as u32; - *dcap_quote_capacity = dcap_quote_cap as u32; + if dcap_quote_p.is_null() { + return sgx_status_t::SGX_ERROR_INVALID_PARAMETER + } + let dcap_quote = match generate_dcap_ra_quote_internal( + skip_ra == 1, + quoting_enclave_target_info, + quote_size, + ) { + Ok(dcap_quote) => dcap_quote, + Err(e) => return e.into(), + }; + + let mut dcap_quote_slice = slice::from_raw_parts_mut(dcap_quote_p, dcap_quote_size as usize); + + if let Err(e) = write_slice_and_whitespace_pad(dcap_quote_slice, dcap_quote) { + return EnclaveError::Other(Box::new(e)).into() + }; sgx_status_t::SGX_SUCCESS } -pub fn generate_dcap_ra_internal( +pub fn generate_dcap_ra_quote_internal( skip_ra: bool, quoting_enclave_target_info: &sgx_target_info_t, quote_size: u32, -) -> EnclaveResult<(Vec, Vec)> { +) -> EnclaveResult> { let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?; - let (cert_der, dcap_quote) = attestation_handler.generate_dcap_ra_cert( + let (_, dcap_quote) = attestation_handler.generate_dcap_ra_cert( quoting_enclave_target_info, quote_size, skip_ra, )?; - Ok((cert_der, dcap_quote)) + Ok(dcap_quote) } #[no_mangle] diff --git a/service/src/main.rs b/service/src/main.rs index 467a437e02..deac58a701 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -75,6 +75,7 @@ use its_storage::{interface::FetchBlocks, BlockPruner, SidechainStorageLock}; use log::*; use my_node_runtime::{Hash, Header, RuntimeEvent}; use sgx_types::*; +use sgx_verify::extract_tcb_info_from_raw_dcap_quote; use sp_core::crypto::{AccountId32, Ss58Codec}; use sp_keyring::AccountKeyring; @@ -774,9 +775,9 @@ fn register_collateral( is_development_mode: bool, skip_ra: bool, ) { - let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; + let _fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - let (_cert_der, dcap_quote) = enclave.generate_dcap_ra(skip_ra).unwrap(); + let dcap_quote = enclave.generate_dcap_ra_quote(skip_ra).unwrap(); let (fmspc, _tcb_info) = extract_tcb_info_from_raw_dcap_quote(&dcap_quote).unwrap(); let uxt = enclave.generate_register_quoting_enclave_extrinsic(fmspc).unwrap(); From 1e87fbeef8ac26a2382137a53a333ec7a317d44b Mon Sep 17 00:00:00 2001 From: orion Date: Wed, 1 Feb 2023 15:24:10 +0100 Subject: [PATCH 21/39] worker: fetch FMSPC from RA certificate --- service/src/main.rs | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index deac58a701..db7ed464ef 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -229,12 +229,10 @@ fn main() { enclave.dump_ias_ra_cert_to_disk().unwrap(); #[cfg(feature = "dcap")] { - // Hard coded 6-byte FMSPC that represents the state of devsgx03 - // TODO: either fetch this value from a list of pre-configured FMSPC values or - // extract the information out of the RA certificate - //let fmspc = [00u8, 0x90, 0x6E, 0xA1, 00, 00]; - let fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - enclave.dump_dcap_collateral_to_disk(fmspc_citadel).unwrap(); + let skip_ra = false; + let dcap_quote = enclave.generate_dcap_ra_quote(skip_ra).unwrap(); + let (fmspc, _tcb_info) = extract_tcb_info_from_raw_dcap_quote(&dcap_quote).unwrap(); + enclave.dump_dcap_collateral_to_disk(fmspc).unwrap(); enclave.dump_dcap_ra_cert_to_disk().unwrap(); } } else if matches.is_present("mrenclave") { @@ -775,8 +773,6 @@ fn register_collateral( is_development_mode: bool, skip_ra: bool, ) { - let _fmspc_citadel = [00u8, 0xA0, 0x65, 0x51, 00, 00]; - let dcap_quote = enclave.generate_dcap_ra_quote(skip_ra).unwrap(); let (fmspc, _tcb_info) = extract_tcb_info_from_raw_dcap_quote(&dcap_quote).unwrap(); From 334c8ebf8cdd473ed2e03ce314245386a748f2d9 Mon Sep 17 00:00:00 2001 From: orion Date: Thu, 2 Feb 2023 11:44:46 +0100 Subject: [PATCH 22/39] cleanup2 --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 4a7d34ae34..492e7a35d6 100755 --- a/Makefile +++ b/Makefile @@ -103,7 +103,7 @@ Enclave_EDL_Files := enclave-runtime/Enclave_t.c enclave-runtime/Enclave_t.h ser ######## Integritee-service settings ######## SRC_Files := $(shell find . -type f -name '*.rs') $(shell find . -type f -name 'Cargo.toml') -Worker_Rust_Flags := $(CARGO_TARGET) $(WORKER_FEATURES),dcap +Worker_Rust_Flags := $(CARGO_TARGET) $(WORKER_FEATURES) Worker_Include_Paths := -I ./service -I./include -I$(SGX_SDK)/include -I$(CUSTOM_EDL_PATH) Worker_C_Flags := $(SGX_COMMON_CFLAGS) -fPIC -Wno-attributes $(Worker_Include_Paths) From 7974e94d94a8c3fc608b57a1a2241cff8cb672f3 Mon Sep 17 00:00:00 2001 From: orion Date: Thu, 2 Feb 2023 12:29:36 +0100 Subject: [PATCH 23/39] fix typo --- service/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/src/main.rs b/service/src/main.rs index db7ed464ef..bcba9a00b1 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -728,7 +728,7 @@ fn fetch_marblerun_events_every_hour( let handle = thread::spawn(move || { const POLL_INTERVAL_1_HOUR_IN_SECS: u64 = 1 * 30; loop { - info!("Polling marblerun evenets for quotes to register"); + info!("Polling marblerun events for quotes to register"); register_quotes_from_marblerun( &api, enclave.clone(), From 68fff49f69ef79d8a864d32f3ada3b31bde3e4cd Mon Sep 17 00:00:00 2001 From: orion Date: Thu, 2 Feb 2023 16:05:14 +0100 Subject: [PATCH 24/39] Placeholder commit for updating pallets/node after .37 polkadot update has been merged --- Cargo.lock | 36 +++++++++++++++++++++++++++++------- cli/Cargo.toml | 11 +++++------ 2 files changed, 34 insertions(+), 13 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 84637fcaef..5c80bef2d1 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -779,6 +779,14 @@ dependencies = [ "sp-std", ] +[[package]] +name = "common-primitives" +version = "0.1.0" +source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" +dependencies = [ + "sp-std", +] + [[package]] name = "const-oid" version = "0.9.1" @@ -2566,7 +2574,7 @@ dependencies = [ "sp-runtime", "substrate-api-client", "substrate-client-keystore", - "teerex-primitives", + "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", "ws", ] @@ -2670,7 +2678,7 @@ dependencies = [ "sp-keyring", "sp-runtime", "substrate-api-client", - "teerex-primitives", + "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "thiserror 1.0.38", "tokio", "warp", @@ -5312,7 +5320,7 @@ dependencies = [ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-runtime", "sp-std", - "teerex-primitives", + "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", ] [[package]] @@ -5365,7 +5373,7 @@ dependencies = [ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-runtime", "sp-std", - "teerex-primitives", + "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", ] [[package]] @@ -6822,7 +6830,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-std", - "teerex-primitives", + "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "webpki 0.21.0", "x509-cert", ] @@ -8053,7 +8061,7 @@ name = "teeracle-primitives" version = "0.1.0" source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" dependencies = [ - "common-primitives", + "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "sp-std", "substrate-fixed", ] @@ -8063,7 +8071,21 @@ name = "teerex-primitives" version = "0.1.0" source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" dependencies = [ - "common-primitives", + "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "parity-scale-codec", + "scale-info", + "serde 1.0.152", + "sp-core", + "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", + "sp-std", +] + +[[package]] +name = "teerex-primitives" +version = "0.1.0" +source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" +dependencies = [ + "common-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", "parity-scale-codec", "scale-info", "serde 1.0.152", diff --git a/cli/Cargo.toml b/cli/Cargo.toml index df15685ed2..80c6bedb05 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -9,7 +9,9 @@ base58 = "0.2" blake2-rfc = { version = "0.2.18" } chrono = "*" clap = { version = "3.1.6", features = ["derive"] } -codec = { version = "3.0.0", package = "parity-scale-codec", features = ["derive"] } +codec = { version = "3.0.0", package = "parity-scale-codec", features = [ + "derive", +] } env_logger = "0.9" hdrhistogram = "7.5.0" hex = "0.4.2" @@ -27,7 +29,7 @@ my-node-runtime = { package = "integritee-node-runtime", git = "https://github.c pallet-evm = { optional = true, git = "https://github.com/integritee-network/frontier.git", branch = "polkadot-v0.9.37" } substrate-api-client = { features = ["ws-client"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } substrate-client-keystore = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } -teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } +teerex-primitives = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } # substrate dependencies frame-system = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } @@ -51,10 +53,7 @@ itp-utils = { path = "../core-primitives/utils" } [features] default = [] -evm = [ - "ita-stf/evm_std", - "pallet-evm", -] +evm = ["ita-stf/evm_std", "pallet-evm"] teeracle = [] sidechain = [] offchain-worker = [] From 02de806f121e1fb6333f75de73847e1d1f1a0412 Mon Sep 17 00:00:00 2001 From: orion Date: Thu, 2 Feb 2023 16:34:08 +0100 Subject: [PATCH 25/39] Clippy fixes --- core-primitives/enclave-api/src/remote_attestation.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 7a9ecd675f..b26037ed2c 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -650,7 +650,7 @@ fn create_system_path(file_name: &str) -> String { info!("create_system_path:: file_name={}", &file_name); let default_path = format!("{}{}", OS_SYSTEM_PATH, file_name); - let full_path = find_library_by_name(file_name).unwrap_or_else(|| default_path); + let full_path = find_library_by_name(file_name).unwrap_or(default_path); let c_terminated_path = format!("{}{}", full_path, C_STRING_ENDING); info!("create_system_path:: created path={}", &c_terminated_path); @@ -668,9 +668,9 @@ fn find_library_by_name(lib_name: &str) -> Option { .map(|lib_name_and_path| { lib_name_and_path .rsplit_once("=>") - .and_then(|(_, lib_path)| Some(lib_path.trim().to_owned())) + .map(|(_, lib_path)| lib_path.trim().to_owned()) }) - .nth(0)?; + .next()?; possible_path } From 0b5bb49d944c27131a7fef1e69d2223dfdf3316b Mon Sep 17 00:00:00 2001 From: orion Date: Mon, 6 Feb 2023 10:45:56 +0100 Subject: [PATCH 26/39] add feature flags for dcap, use pallets fork --- Cargo.lock | 31 ++++++++++++++++++++++++++---- app-libs/sgx-runtime/Cargo.toml | 2 +- app-libs/stf/Cargo.toml | 2 +- enclave-runtime/Cargo.lock | 2 +- enclave-runtime/src/attestation.rs | 2 +- service/Cargo.toml | 5 +++-- service/src/main.rs | 3 +++ service/src/prometheus_metrics.rs | 5 +++++ 8 files changed, 42 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 5c80bef2d1..cd6b4a1f4e 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2668,7 +2668,7 @@ dependencies = [ "serde 1.0.152", "serde_derive 1.0.152", "serde_json 1.0.93", - "sgx-verify", + "sgx-verify 0.1.4 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", "sgx_crypto_helper", "sgx_types", "sgx_urts", @@ -2678,7 +2678,7 @@ dependencies = [ "sp-keyring", "sp-runtime", "substrate-api-client", - "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", "thiserror 1.0.38", "tokio", "warp", @@ -5206,7 +5206,7 @@ dependencies = [ [[package]] name = "pallet-parentchain" version = "0.9.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" dependencies = [ "frame-support", "frame-system", @@ -5368,7 +5368,7 @@ dependencies = [ "parity-scale-codec", "scale-info", "serde 1.0.152", - "sgx-verify", + "sgx-verify 0.1.4 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-runtime", @@ -6835,6 +6835,29 @@ dependencies = [ "x509-cert", ] +[[package]] +name = "sgx-verify" +version = "0.1.4" +source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" +dependencies = [ + "base64 0.13.1", + "chrono 0.4.23", + "der", + "frame-support", + "hex", + "parity-scale-codec", + "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)", + "scale-info", + "serde 1.0.152", + "serde_json 1.0.93", + "sp-core", + "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", + "sp-std", + "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "webpki 0.21.0", + "x509-cert", +] + [[package]] name = "sgx_alloc" version = "1.1.6" diff --git a/app-libs/sgx-runtime/Cargo.toml b/app-libs/sgx-runtime/Cargo.toml index 80a6c8199f..ce0e0eec3e 100644 --- a/app-libs/sgx-runtime/Cargo.toml +++ b/app-libs/sgx-runtime/Cargo.toml @@ -46,7 +46,7 @@ sp-version = { default-features = false, git = "https://github.com/paritytech/su # Integritee dependencies pallet-evm = { default-features = false, optional = true, git = "https://github.com/integritee-network/frontier.git", branch = "polkadot-v0.9.37" } -pallet-parentchain = { default-features = false, git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } +pallet-parentchain = { default-features = false, git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } [features] default = ["std"] diff --git a/app-libs/stf/Cargo.toml b/app-libs/stf/Cargo.toml index fd505bc160..71dbf6ff09 100644 --- a/app-libs/stf/Cargo.toml +++ b/app-libs/stf/Cargo.toml @@ -50,7 +50,7 @@ sp-runtime = { default-features = false, git = "https://github.com/paritytech/su # scs / integritee my-node-runtime = { package = "integritee-node-runtime", optional = true, git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } -pallet-parentchain = { default-features = false, git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } +pallet-parentchain = { default-features = false, git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } [dev-dependencies] diff --git a/enclave-runtime/Cargo.lock b/enclave-runtime/Cargo.lock index b7c91fde19..9ee37913b3 100644 --- a/enclave-runtime/Cargo.lock +++ b/enclave-runtime/Cargo.lock @@ -2822,7 +2822,7 @@ dependencies = [ [[package]] name = "pallet-parentchain" version = "0.9.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" dependencies = [ "frame-support", "frame-system", diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 614831607a..729a19457f 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -211,7 +211,7 @@ pub unsafe extern "C" fn generate_dcap_ra_quote( Err(e) => return e.into(), }; - let mut dcap_quote_slice = slice::from_raw_parts_mut(dcap_quote_p, dcap_quote_size as usize); + let dcap_quote_slice = slice::from_raw_parts_mut(dcap_quote_p, dcap_quote_size as usize); if let Err(e) = write_slice_and_whitespace_pad(dcap_quote_slice, dcap_quote) { return EnclaveError::Other(Box::new(e)).into() diff --git a/service/Cargo.toml b/service/Cargo.toml index b6a9964448..646eda668c 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -56,10 +56,11 @@ its-rpc-handler = { path = "../sidechain/rpc-handler" } its-storage = { path = "../sidechain/storage" } # scs / integritee + my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } substrate-api-client = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } -teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } -sgx-verify = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } +teerex-primitives = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +sgx-verify = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } # Substrate dependencies frame-support = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } diff --git a/service/src/main.rs b/service/src/main.rs index bcba9a00b1..8eafd46d05 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -75,6 +75,8 @@ use its_storage::{interface::FetchBlocks, BlockPruner, SidechainStorageLock}; use log::*; use my_node_runtime::{Hash, Header, RuntimeEvent}; use sgx_types::*; + +#[cfg(feature = "dcap")] use sgx_verify::extract_tcb_info_from_raw_dcap_quote; use sp_core::crypto::{AccountId32, Ss58Codec}; @@ -432,6 +434,7 @@ fn start_worker( register_collateral(&node_api, &*enclave, &tee_accountid, is_development_mode, skip_ra); let trusted_url = config.trusted_worker_url_external(); + #[cfg(feature = "dcap")] let marblerun_base_url = run_config.marblerun_base_url.unwrap_or("http://localhost:9944".to_owned()); diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 40f8d19c0c..42f183dc5f 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -25,7 +25,9 @@ use crate::{ error::{Error, ServiceResult}, }; use async_trait::async_trait; +#[cfg(feature = "dcap")] use core::time::Duration; +#[cfg(feature = "dcap")] use itc_rest_client::{ http_client::{DefaultSend, HttpClient}, rest_client::{RestClient, Url as URL}, @@ -183,12 +185,14 @@ impl ReceiveEnclaveMetrics for EnclaveMetricsReceiver { #[derive(Serialize, Deserialize, Debug)] struct PrometheusMarblerunEvents(pub Vec); +#[cfg(feature = "dcap")] impl RestPath<&str> for PrometheusMarblerunEvents { fn get_path(path: &str) -> Result { Ok(format!("{}", path)) } } +#[cfg(feature = "dcap")] pub fn fetch_marblerun_events(base_url: &str) -> Result, Error> { let base_url = URL::parse(&base_url).map_err(|e| { Error::Custom( @@ -216,6 +220,7 @@ pub struct PrometheusMarblerunEvent { pub activation: PrometheusMarblerunEventActivation, } +#[cfg(feature = "dcap")] impl PrometheusMarblerunEvent { pub fn get_quote_without_prepended_bytes(&self) -> &[u8] { let marblerun_magic_prepended_header_size = 16usize; From f189e0057dc84538248199aa44738e8bfc939085 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Mon, 20 Feb 2023 11:48:53 +0100 Subject: [PATCH 27/39] ci: taplo fmt --- service/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/Cargo.toml b/service/Cargo.toml index 646eda668c..18f662834d 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -58,9 +58,9 @@ its-storage = { path = "../sidechain/storage" } # scs / integritee my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } +sgx-verify = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } substrate-api-client = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } teerex-primitives = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } -sgx-verify = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } # Substrate dependencies frame-support = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } From 4da47df361ef7f606debda6d3e7c3b4dff52cc2d Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 08:51:49 +0100 Subject: [PATCH 28/39] revert accidental Cargo.toml style changes --- app-libs/stf/Cargo.toml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/app-libs/stf/Cargo.toml b/app-libs/stf/Cargo.toml index 71dbf6ff09..67ebe23bfb 100644 --- a/app-libs/stf/Cargo.toml +++ b/app-libs/stf/Cargo.toml @@ -15,11 +15,7 @@ rlp = { version = "0.5", default-features = false } sha3 = { version = "0.10", default-features = false } # sgx deps -sgx_tstd = { branch = "master", features = [ - "untrusted_fs", - "net", - "backtrace", -], git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true } +sgx_tstd = { branch = "master", features = ["untrusted_fs", "net", "backtrace"], git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true } # local crates ita-sgx-runtime = { default-features = false, path = "../sgx-runtime" } From b03d645617ca45c3a34c53da7f6d6c9ee3c8444b Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 09:04:52 +0100 Subject: [PATCH 29/39] service: add handy derives to PrometheusMarblerRunEvent and PrometheusMarblerunEventActivation --- Cargo.lock | 29 +++++++++++++++-------------- service/Cargo.toml | 1 + service/src/prometheus_metrics.rs | 6 ++++-- 3 files changed, 20 insertions(+), 16 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index cd6b4a1f4e..2416ca1299 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -463,9 +463,9 @@ checksum = "771fe0050b883fcc3ea2359b1a96bcfbc090b7116eae7c3c512c7a083fdf23d3" [[package]] name = "bstr" -version = "1.2.0" +version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b7f0778972c64420fdedc63f09919c8a88bda7b25135357fd25a5d9f3257e832" +checksum = "5ffdb39cb703212f3c11973452c2861b972f757b021158f3516ba10f2fa8b2c1" dependencies = [ "memchr 2.5.0", "serde 1.0.152", @@ -554,9 +554,9 @@ checksum = "89b2fd2a0dcf38d7971e2194b6b6eebab45ae01067456a7fd93d5547a61b70be" [[package]] name = "camino" -version = "1.1.2" +version = "1.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c77df041dc383319cc661b428b6961a005db4d6808d5e12536931b1ca9556055" +checksum = "6031a462f977dd38968b6f23378356512feeace69cef817e1a4475108093cec3" dependencies = [ "serde 1.0.152", ] @@ -669,7 +669,7 @@ dependencies = [ [[package]] name = "claims-primitives" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "parity-scale-codec", "rustc-hex", @@ -774,7 +774,7 @@ dependencies = [ [[package]] name = "common-primitives" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "sp-std", ] @@ -2665,6 +2665,7 @@ dependencies = [ "parse_duration", "primitive-types", "prometheus", + "scale-info", "serde 1.0.152", "serde_derive 1.0.152", "serde_json 1.0.93", @@ -5126,7 +5127,7 @@ dependencies = [ [[package]] name = "pallet-claims" version = "0.9.12" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "claims-primitives", "frame-support", @@ -5305,7 +5306,7 @@ dependencies = [ [[package]] name = "pallet-sidechain" version = "0.9.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "frame-support", "frame-system", @@ -5340,7 +5341,7 @@ dependencies = [ [[package]] name = "pallet-teeracle" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "frame-support", "frame-system", @@ -5359,7 +5360,7 @@ dependencies = [ [[package]] name = "pallet-teerex" version = "0.9.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "frame-support", "frame-system", @@ -6815,7 +6816,7 @@ dependencies = [ [[package]] name = "sgx-verify" version = "0.1.4" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "base64 0.13.1", "chrono 0.4.23", @@ -7134,7 +7135,7 @@ checksum = "43b2853a4d09f215c24cc5489c992ce46052d359b5109343cbafbf26bc62f8a3" [[package]] name = "sidechain-primitives" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "parity-scale-codec", "scale-info", @@ -8082,7 +8083,7 @@ checksum = "8ae9980cab1db3fceee2f6c6f643d5d8de2997c58ee8d25fb0cc8a9e9e7348e5" [[package]] name = "teeracle-primitives" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "sp-std", @@ -8092,7 +8093,7 @@ dependencies = [ [[package]] name = "teerex-primitives" version = "0.1.0" -source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#50cac490de02a6484751c193da9f8080477b885c" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", "parity-scale-codec", diff --git a/service/Cargo.toml b/service/Cargo.toml index 18f662834d..cc8732e5ca 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -19,6 +19,7 @@ log = "0.4" parking_lot = "0.12.1" parse_duration = "2.1.1" prometheus = { version = "0.13.0", features = ["process"] } +scale-info = { version = "2.0.1", default-features = false, features = ["derive"] } serde = "1.0" serde_derive = "1.0" serde_json = "1.0" diff --git a/service/src/prometheus_metrics.rs b/service/src/prometheus_metrics.rs index 42f183dc5f..63a70bc83d 100644 --- a/service/src/prometheus_metrics.rs +++ b/service/src/prometheus_metrics.rs @@ -25,8 +25,10 @@ use crate::{ error::{Error, ServiceResult}, }; use async_trait::async_trait; +use codec::{Decode, Encode}; #[cfg(feature = "dcap")] use core::time::Duration; +use frame_support::scale_info::TypeInfo; #[cfg(feature = "dcap")] use itc_rest_client::{ http_client::{DefaultSend, HttpClient}, @@ -214,7 +216,7 @@ pub fn fetch_marblerun_events(base_url: &str) -> Result Date: Wed, 22 Feb 2023 09:16:59 +0100 Subject: [PATCH 30/39] service: add proper reasoning to expect() in register_quotes_from_marblerun() --- service/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/src/main.rs b/service/src/main.rs index 8eafd46d05..85728b3650 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -764,7 +764,7 @@ fn register_quotes_from_marblerun( for quote in quotes { let ext = enclave .generate_dcap_ra_extrinsic_internal_with_quote(url.clone(), "e) - .expect("you shall pass"); + .expect("Extracting information from valid valid quotes should never fail; qed"); send_extrinsic(&ext, api, accountid, is_development_mode); } } From 43476fd89f3302a50bd4f9d0e4d309f9f11c0d7f Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 09:18:11 +0100 Subject: [PATCH 31/39] enclave-runtime/attestation: remove leftover debug output --- enclave-runtime/src/attestation.rs | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 729a19457f..e9415a43f0 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -249,10 +249,8 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( return sgx_status_t::SGX_ERROR_INVALID_PARAMETER } let mut url_slice = slice::from_raw_parts(w_url, w_url_size as usize); - println!("url_slice is: {:#?}", &url_slice); - let url = String::decode(&mut url_slice).expect("Could not decode url slice to a valid String"); - println!("url is: {:#?}", &url); + let extrinsic_slice = slice::from_raw_parts_mut(unchecked_extrinsic, unchecked_extrinsic_size as usize); From fa96687831901d2b9cc8f77063fe62259d3247e6 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 10:34:15 +0100 Subject: [PATCH 32/39] pallets: use updated polkadot branch --- Cargo.lock | 65 +++++---------------------------- app-libs/sgx-runtime/Cargo.toml | 2 +- app-libs/stf/Cargo.toml | 2 +- cli/Cargo.toml | 2 +- enclave-runtime/Cargo.lock | 2 +- service/Cargo.toml | 4 +- 6 files changed, 16 insertions(+), 61 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2416ca1299..65d73c4d42 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -779,14 +779,6 @@ dependencies = [ "sp-std", ] -[[package]] -name = "common-primitives" -version = "0.1.0" -source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" -dependencies = [ - "sp-std", -] - [[package]] name = "const-oid" version = "0.9.1" @@ -2574,7 +2566,7 @@ dependencies = [ "sp-runtime", "substrate-api-client", "substrate-client-keystore", - "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "teerex-primitives", "ws", ] @@ -2669,7 +2661,7 @@ dependencies = [ "serde 1.0.152", "serde_derive 1.0.152", "serde_json 1.0.93", - "sgx-verify 0.1.4 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "sgx-verify", "sgx_crypto_helper", "sgx_types", "sgx_urts", @@ -2679,7 +2671,7 @@ dependencies = [ "sp-keyring", "sp-runtime", "substrate-api-client", - "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "teerex-primitives", "thiserror 1.0.38", "tokio", "warp", @@ -5207,7 +5199,7 @@ dependencies = [ [[package]] name = "pallet-parentchain" version = "0.9.0" -source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "frame-support", "frame-system", @@ -5321,7 +5313,7 @@ dependencies = [ "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-runtime", "sp-std", - "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "teerex-primitives", ] [[package]] @@ -5369,12 +5361,12 @@ dependencies = [ "parity-scale-codec", "scale-info", "serde 1.0.152", - "sgx-verify 0.1.4 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "sgx-verify", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-runtime", "sp-std", - "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "teerex-primitives", ] [[package]] @@ -6831,30 +6823,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", "sp-std", - "teerex-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", - "webpki 0.21.0", - "x509-cert", -] - -[[package]] -name = "sgx-verify" -version = "0.1.4" -source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" -dependencies = [ - "base64 0.13.1", - "chrono 0.4.23", - "der", - "frame-support", - "hex", - "parity-scale-codec", - "ring 0.16.20 (git+https://github.com/Niederb/ring-xous.git?branch=0.16.20-cleanup)", - "scale-info", - "serde 1.0.152", - "serde_json 1.0.93", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", - "sp-std", - "teerex-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "teerex-primitives", "webpki 0.21.0", "x509-cert", ] @@ -8085,7 +8054,7 @@ name = "teeracle-primitives" version = "0.1.0" source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ - "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", + "common-primitives", "sp-std", "substrate-fixed", ] @@ -8095,21 +8064,7 @@ name = "teerex-primitives" version = "0.1.0" source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ - "common-primitives 0.1.0 (git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37)", - "parity-scale-codec", - "scale-info", - "serde 1.0.152", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.37)", - "sp-std", -] - -[[package]] -name = "teerex-primitives" -version = "0.1.0" -source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" -dependencies = [ - "common-primitives 0.1.0 (git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info)", + "common-primitives", "parity-scale-codec", "scale-info", "serde 1.0.152", diff --git a/app-libs/sgx-runtime/Cargo.toml b/app-libs/sgx-runtime/Cargo.toml index ce0e0eec3e..80a6c8199f 100644 --- a/app-libs/sgx-runtime/Cargo.toml +++ b/app-libs/sgx-runtime/Cargo.toml @@ -46,7 +46,7 @@ sp-version = { default-features = false, git = "https://github.com/paritytech/su # Integritee dependencies pallet-evm = { default-features = false, optional = true, git = "https://github.com/integritee-network/frontier.git", branch = "polkadot-v0.9.37" } -pallet-parentchain = { default-features = false, git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +pallet-parentchain = { default-features = false, git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } [features] default = ["std"] diff --git a/app-libs/stf/Cargo.toml b/app-libs/stf/Cargo.toml index 67ebe23bfb..7533ecae31 100644 --- a/app-libs/stf/Cargo.toml +++ b/app-libs/stf/Cargo.toml @@ -46,7 +46,7 @@ sp-runtime = { default-features = false, git = "https://github.com/paritytech/su # scs / integritee my-node-runtime = { package = "integritee-node-runtime", optional = true, git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } -pallet-parentchain = { default-features = false, git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +pallet-parentchain = { default-features = false, git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } [dev-dependencies] diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 80c6bedb05..12b88ca93b 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -29,7 +29,7 @@ my-node-runtime = { package = "integritee-node-runtime", git = "https://github.c pallet-evm = { optional = true, git = "https://github.com/integritee-network/frontier.git", branch = "polkadot-v0.9.37" } substrate-api-client = { features = ["ws-client"], git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } substrate-client-keystore = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } -teerex-primitives = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } # substrate dependencies frame-system = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } diff --git a/enclave-runtime/Cargo.lock b/enclave-runtime/Cargo.lock index 9ee37913b3..e8fa72ab05 100644 --- a/enclave-runtime/Cargo.lock +++ b/enclave-runtime/Cargo.lock @@ -2822,7 +2822,7 @@ dependencies = [ [[package]] name = "pallet-parentchain" version = "0.9.0" -source = "git+https://github.com/OverOrion/pallets.git?branch=szp/extract-tcb-info#fb57261d1d6e4b2da12e90f563a5a3f5e6a50b88" +source = "git+https://github.com/integritee-network/pallets.git?branch=polkadot-v0.9.37#824c9a50dd8902697bd3e75ab6b5f7c3d663167f" dependencies = [ "frame-support", "frame-system", diff --git a/service/Cargo.toml b/service/Cargo.toml index cc8732e5ca..e0bcf4fd53 100644 --- a/service/Cargo.toml +++ b/service/Cargo.toml @@ -59,9 +59,9 @@ its-storage = { path = "../sidechain/storage" } # scs / integritee my-node-runtime = { package = "integritee-node-runtime", git = "https://github.com/integritee-network/integritee-node.git", branch = "polkadot-v0.9.37" } -sgx-verify = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +sgx-verify = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } substrate-api-client = { git = "https://github.com/scs/substrate-api-client.git", branch = "polkadot-v0.9.37-tag-v0.7.0" } -teerex-primitives = { git = "https://github.com/OverOrion/pallets.git", branch = "szp/extract-tcb-info" } +teerex-primitives = { git = "https://github.com/integritee-network/pallets.git", branch = "polkadot-v0.9.37" } # Substrate dependencies frame-support = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } From 174b4e259222aa08565fc317eb7f453b41e0701a Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 10:39:28 +0100 Subject: [PATCH 33/39] rename generate_dcap_ra_extrinsic_internal_with_quote() to generate_dcap_ra_extrinsic_from_quote() --- core-primitives/enclave-api/src/remote_attestation.rs | 4 ++-- service/src/main.rs | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index b26037ed2c..a0cdb3f9fc 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -48,7 +48,7 @@ pub trait RemoteAttestation { fn generate_ias_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult>; fn generate_dcap_ra_extrinsic(&self, w_url: &str, skip_ra: bool) -> EnclaveResult>; - fn generate_dcap_ra_extrinsic_internal_with_quote( + fn generate_dcap_ra_extrinsic_from_quote( &self, url: String, quote: &[u8], @@ -151,7 +151,7 @@ impl RemoteAttestation for Enclave { Ok(unchecked_extrinsic) } - fn generate_dcap_ra_extrinsic_internal_with_quote( + fn generate_dcap_ra_extrinsic_from_quote( &self, url: String, quote: &[u8], diff --git a/service/src/main.rs b/service/src/main.rs index 85728b3650..1cf9a6db0b 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -763,7 +763,7 @@ fn register_quotes_from_marblerun( for quote in quotes { let ext = enclave - .generate_dcap_ra_extrinsic_internal_with_quote(url.clone(), "e) + .generate_dcap_ra_extrinsic_from_quote(url.clone(), "e) .expect("Extracting information from valid valid quotes should never fail; qed"); send_extrinsic(&ext, api, accountid, is_development_mode); } From 2e7c7e226151fbfd594ef57565ea4f33abc56d60 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 10:53:10 +0100 Subject: [PATCH 34/39] rename methods to generate_dcap_ra_extrinsic_from_quote{_internal} --- core-primitives/enclave-api/ffi/src/lib.rs | 2 +- core-primitives/enclave-api/src/remote_attestation.rs | 2 +- enclave-runtime/Enclave.edl | 2 +- enclave-runtime/src/attestation.rs | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs index 683383d2c1..27b5580f56 100644 --- a/core-primitives/enclave-api/ffi/src/lib.rs +++ b/core-primitives/enclave-api/ffi/src/lib.rs @@ -7,7 +7,7 @@ use sgx_types::{ extern "C" { - pub fn generate_dcap_ra_extrinsic_with_quote( + pub fn generate_dcap_ra_extrinsic_from_quote_internal( eid: sgx_enclave_id_t, retval: *mut sgx_status_t, w_url: *const u8, diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index a0cdb3f9fc..7ae66dc78a 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -161,7 +161,7 @@ impl RemoteAttestation for Enclave { let url = url.encode(); let result = unsafe { - ffi::generate_dcap_ra_extrinsic_with_quote( + ffi::generate_dcap_ra_extrinsic_from_quote_internal( self.eid, &mut retval, url.as_ptr(), diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl index 2e0bf3715d..72e5fe102f 100644 --- a/enclave-runtime/Enclave.edl +++ b/enclave-runtime/Enclave.edl @@ -95,7 +95,7 @@ enclave { [out, size=dcap_quote_size] uint8_t* dcap_quote_p, uint32_t dcap_quote_size ); - public sgx_status_t generate_dcap_ra_extrinsic_with_quote( + public sgx_status_t generate_dcap_ra_extrinsic_from_quote_internal( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, [in, size=quote_size] uint8_t* quote, uint32_t quote_size, [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index e9415a43f0..b371ce9453 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -237,7 +237,7 @@ pub fn generate_dcap_ra_quote_internal( } #[no_mangle] -pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( +pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote_internal( w_url: *const u8, w_url_size: u32, quote: *const u8, @@ -256,7 +256,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( let quote_slice = slice::from_raw_parts(quote, quote_size as usize); - let extrinsic = match generate_dcap_ra_extrinsic_with_quote_internal(url, quote_slice) { + let extrinsic = match generate_dcap_ra_extrinsic_from_quote(url, quote_slice) { Ok(xt) => xt, Err(e) => return e.into(), }; @@ -267,7 +267,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_with_quote( sgx_status_t::SGX_SUCCESS } -pub fn generate_dcap_ra_extrinsic_with_quote_internal( +pub fn generate_dcap_ra_extrinsic_from_quote( url: String, quote: &[u8], ) -> EnclaveResult { From 00c8b7b62ee6e0836252b1bcf2f1ebdfd9decb7e Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 11:08:41 +0100 Subject: [PATCH 35/39] remove obsolete todo --- enclave-runtime/src/attestation.rs | 2 -- 1 file changed, 2 deletions(-) diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index b371ce9453..8ac9a90e8a 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -177,7 +177,6 @@ pub fn generate_dcap_ra_extrinsic_internal( skip_ra, )?; - // TODO Need to send this to the teerex pallet (something similar to perform_ra_internal) let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?; let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?; @@ -271,7 +270,6 @@ pub fn generate_dcap_ra_extrinsic_from_quote( url: String, quote: &[u8], ) -> EnclaveResult { - // TODO Need to send this to the teerex pallet (something similar to perform_ra_internal) let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?; let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?; info!(" [Enclave] Compose register enclave gettins callIDs:"); From 70d859bdec8769dc1a3fc7ce468bd7107ad11754 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 14:14:57 +0100 Subject: [PATCH 36/39] fix typo in expect message --- service/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/service/src/main.rs b/service/src/main.rs index 1cf9a6db0b..3f23d2d8b6 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -764,7 +764,7 @@ fn register_quotes_from_marblerun( for quote in quotes { let ext = enclave .generate_dcap_ra_extrinsic_from_quote(url.clone(), "e) - .expect("Extracting information from valid valid quotes should never fail; qed"); + .expect("Extracting information from valid quotes should never fail; qed"); send_extrinsic(&ext, api, accountid, is_development_mode); } } From f15568bebbb18feb5fe95cafa868c7aa0661b761 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 14:19:16 +0100 Subject: [PATCH 37/39] *.toml: fix accidental formatting --- app-libs/stf/Cargo.toml | 10 ++-------- cli/Cargo.toml | 4 +--- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/app-libs/stf/Cargo.toml b/app-libs/stf/Cargo.toml index 7533ecae31..5bc93fcef5 100644 --- a/app-libs/stf/Cargo.toml +++ b/app-libs/stf/Cargo.toml @@ -6,9 +6,7 @@ edition = "2021" [dependencies] # crates.io -codec = { version = "3.0.0", default-features = false, features = [ - "derive", -], package = "parity-scale-codec" } +codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" } derive_more = { version = "0.99.5" } log = { version = "0.4", default-features = false } rlp = { version = "0.5", default-features = false } @@ -29,11 +27,7 @@ itp-stf-primitives = { default-features = false, path = "../../core-primitives/s itp-storage = { default-features = false, path = "../../core-primitives/storage" } itp-types = { default-features = false, path = "../../core-primitives/types" } itp-utils = { default-features = false, path = "../../core-primitives/utils" } -sp-io = { default-features = false, features = [ - "disable_oom", - "disable_panic_handler", - "disable_allocator", -], path = "../../core-primitives/substrate-sgx/sp-io" } +sp-io = { default-features = false, features = ["disable_oom", "disable_panic_handler", "disable_allocator"], path = "../../core-primitives/substrate-sgx/sp-io" } # Substrate dependencies frame-support = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.37" } diff --git a/cli/Cargo.toml b/cli/Cargo.toml index 12b88ca93b..667b77ca2b 100644 --- a/cli/Cargo.toml +++ b/cli/Cargo.toml @@ -9,9 +9,7 @@ base58 = "0.2" blake2-rfc = { version = "0.2.18" } chrono = "*" clap = { version = "3.1.6", features = ["derive"] } -codec = { version = "3.0.0", package = "parity-scale-codec", features = [ - "derive", -] } +codec = { version = "3.0.0", package = "parity-scale-codec", features = ["derive"] } env_logger = "0.9" hdrhistogram = "7.5.0" hex = "0.4.2" From a5c90632fb8265cff6db1b13da2f4488b8cc1c16 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 16:08:19 +0100 Subject: [PATCH 38/39] service: handle registering marblerun quotes failure with error logging --- service/src/main.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/service/src/main.rs b/service/src/main.rs index 3f23d2d8b6..1598d802d8 100644 --- a/service/src/main.rs +++ b/service/src/main.rs @@ -762,10 +762,12 @@ fn register_quotes_from_marblerun( events.iter().map(|event| event.get_quote_without_prepended_bytes()).collect(); for quote in quotes { - let ext = enclave - .generate_dcap_ra_extrinsic_from_quote(url.clone(), "e) - .expect("Extracting information from valid quotes should never fail; qed"); - send_extrinsic(&ext, api, accountid, is_development_mode); + match enclave.generate_dcap_ra_extrinsic_from_quote(url.clone(), "e) { + Ok(xts) => send_extrinsic(&xts, api, accountid, is_development_mode), + Err(e) => { + error!("Extracting information from quote failed: {}", e.into()) + }, + } } } #[cfg(feature = "dcap")] From 06e15ff1bf9ec0395568673f346ca7ac212b9a57 Mon Sep 17 00:00:00 2001 From: OverOrion Date: Wed, 22 Feb 2023 16:10:16 +0100 Subject: [PATCH 39/39] ffi: remove _internal suffix from generate_dcap_ra_extrinsic_from_quote_internal() --- core-primitives/enclave-api/ffi/src/lib.rs | 2 +- core-primitives/enclave-api/src/remote_attestation.rs | 2 +- enclave-runtime/Enclave.edl | 2 +- enclave-runtime/src/attestation.rs | 6 +++--- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/core-primitives/enclave-api/ffi/src/lib.rs b/core-primitives/enclave-api/ffi/src/lib.rs index 27b5580f56..5e14b7b904 100644 --- a/core-primitives/enclave-api/ffi/src/lib.rs +++ b/core-primitives/enclave-api/ffi/src/lib.rs @@ -7,7 +7,7 @@ use sgx_types::{ extern "C" { - pub fn generate_dcap_ra_extrinsic_from_quote_internal( + pub fn generate_dcap_ra_extrinsic_from_quote( eid: sgx_enclave_id_t, retval: *mut sgx_status_t, w_url: *const u8, diff --git a/core-primitives/enclave-api/src/remote_attestation.rs b/core-primitives/enclave-api/src/remote_attestation.rs index 7ae66dc78a..fd087682d2 100644 --- a/core-primitives/enclave-api/src/remote_attestation.rs +++ b/core-primitives/enclave-api/src/remote_attestation.rs @@ -161,7 +161,7 @@ impl RemoteAttestation for Enclave { let url = url.encode(); let result = unsafe { - ffi::generate_dcap_ra_extrinsic_from_quote_internal( + ffi::generate_dcap_ra_extrinsic_from_quote( self.eid, &mut retval, url.as_ptr(), diff --git a/enclave-runtime/Enclave.edl b/enclave-runtime/Enclave.edl index 72e5fe102f..924c002c5e 100644 --- a/enclave-runtime/Enclave.edl +++ b/enclave-runtime/Enclave.edl @@ -95,7 +95,7 @@ enclave { [out, size=dcap_quote_size] uint8_t* dcap_quote_p, uint32_t dcap_quote_size ); - public sgx_status_t generate_dcap_ra_extrinsic_from_quote_internal( + public sgx_status_t generate_dcap_ra_extrinsic_from_quote( [in, size=w_url_size] uint8_t* w_url, uint32_t w_url_size, [in, size=quote_size] uint8_t* quote, uint32_t quote_size, [out, size=unchecked_extrinsic_size] uint8_t* unchecked_extrinsic, uint32_t unchecked_extrinsic_size diff --git a/enclave-runtime/src/attestation.rs b/enclave-runtime/src/attestation.rs index 8ac9a90e8a..ddca4b958f 100644 --- a/enclave-runtime/src/attestation.rs +++ b/enclave-runtime/src/attestation.rs @@ -236,7 +236,7 @@ pub fn generate_dcap_ra_quote_internal( } #[no_mangle] -pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote_internal( +pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote( w_url: *const u8, w_url_size: u32, quote: *const u8, @@ -255,7 +255,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote_internal( let quote_slice = slice::from_raw_parts(quote, quote_size as usize); - let extrinsic = match generate_dcap_ra_extrinsic_from_quote(url, quote_slice) { + let extrinsic = match generate_dcap_ra_extrinsic_from_quote_internal(url, quote_slice) { Ok(xt) => xt, Err(e) => return e.into(), }; @@ -266,7 +266,7 @@ pub unsafe extern "C" fn generate_dcap_ra_extrinsic_from_quote_internal( sgx_status_t::SGX_SUCCESS } -pub fn generate_dcap_ra_extrinsic_from_quote( +pub fn generate_dcap_ra_extrinsic_from_quote_internal( url: String, quote: &[u8], ) -> EnclaveResult {