diff --git a/common/primitives/core/Cargo.toml b/common/primitives/core/Cargo.toml index 385072795f..0734ba84c8 100644 --- a/common/primitives/core/Cargo.toml +++ b/common/primitives/core/Cargo.toml @@ -6,9 +6,19 @@ version = '0.1.0' [dependencies] base58 = { version = "0.2", default-features = false } +base64 = { version = "0.13", default-features = false, features = ["alloc"] } parity-scale-codec = { version = "3.6", default-features = false, features = ["derive", "max-encoded-len"] } strum = { version = "0.26", default-features = false } strum_macros = { version = "0.26", default-features = false } +serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] } +serde_json = { version = "=1.0.120", default-features = false } +der = { version = "0.6.0", default-features = false } +hex = { version = "0.4", default-features = false } +hex-literal = { version = "0.4.1", default-features = false } +chrono = { version = "0.4", default-features = false, features = ["serde"] } +ring = { version = "0.16.20", default-features = false, features = ["alloc"] } +x509-cert = { version = "0.1.0", default-features = false, features = ["alloc"] } +webpki = { version = "=0.102.0-alpha.3", git = "https://github.com/rustls/webpki", rev = "da923ed", package = "rustls-webpki", default-features = false, features = ["alloc", "ring"] } frame-support = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false } pallet-evm = { git = "https://github.com/paritytech/frontier", branch = "polkadot-v1.1.0", default-features = false } @@ -16,6 +26,7 @@ scale-info = { version = "2.11", default-features = false, features = ["derive"] sp-core = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false } sp-io = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false } sp-runtime = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false } +sp-std = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false } litentry-hex-utils = { path = "../../utils/hex", default-features = false } litentry-macros = { path = "macros" } @@ -24,6 +35,14 @@ litentry-proc-macros = { path = "proc-macros" } [features] default = ["std"] std = [ + "chrono/std", + "der/std", + "hex/std", + "ring/std", + "webpki/std", + "x509-cert/std", + "serde/std", + "serde_json/std", "strum/std", "parity-scale-codec/std", "scale-info/std", @@ -31,6 +50,7 @@ std = [ "sp-core/std", "sp-runtime/std", "sp-io/std", + "sp-std/std", "pallet-evm/std", "litentry-hex-utils/std", ] diff --git a/common/primitives/core/src/lib.rs b/common/primitives/core/src/lib.rs index acea7e721f..1ef747b5f0 100644 --- a/common/primitives/core/src/lib.rs +++ b/common/primitives/core/src/lib.rs @@ -23,16 +23,19 @@ pub use error::*; mod vc; pub use vc::*; +pub mod teebag; +pub use teebag::*; + pub mod assertion; pub use assertion::Assertion; pub mod identity; pub use identity::*; -extern crate alloc; extern crate core; use alloc::{format, str, str::FromStr, string::String, vec, vec::Vec}; use core::hash::Hash as CoreHash; +use sp_core::H256; use sp_runtime::{traits::ConstU32, BoundedVec}; pub use constants::*; @@ -44,10 +47,12 @@ pub type ParameterString = BoundedVec>; /// Common types of parachains. mod types { + use super::H256; use sp_runtime::{ traits::{IdentifyAccount, Verify}, MultiSignature, }; + /// Alias to 512-bit hash when used in the context of a transaction signature on the chain. pub type Signature = MultiSignature; @@ -68,7 +73,7 @@ mod types { pub type Nonce = u32; /// A hash of some data used by the chain. - pub type Hash = sp_core::H256; + pub type Hash = H256; /// An index to a block. pub type BlockNumber = u32; diff --git a/common/primitives/core/src/teebag/mod.rs b/common/primitives/core/src/teebag/mod.rs new file mode 100644 index 0000000000..a728adb6e4 --- /dev/null +++ b/common/primitives/core/src/teebag/mod.rs @@ -0,0 +1,27 @@ +// Copyright 2020-2024 Trust Computing GmbH. +// This file is part of Litentry. +// +// Litentry is free software: you can redistribute it and/or modify +// it under the terms of the GNU General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// Litentry is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with Litentry. If not, see . + +mod types; +pub use types::*; + +mod tcb; +pub use tcb::*; + +mod sgx_verify; +pub use sgx_verify::*; + +mod quoting_enclave; +pub use quoting_enclave::*; diff --git a/common/primitives/core/src/teebag/quoting_enclave.rs b/common/primitives/core/src/teebag/quoting_enclave.rs new file mode 100644 index 0000000000..049ecef164 --- /dev/null +++ b/common/primitives/core/src/teebag/quoting_enclave.rs @@ -0,0 +1,78 @@ +/* +Copyright 2021 Integritee AG and Supercomputing Systems AG + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +*/ + +// `QuotingEnclave` primitive part, copied from Integritee + +use crate::{MrSigner, QeTcb, Vec}; +use parity_scale_codec::{Decode, Encode}; +use scale_info::TypeInfo; +use sp_core::RuntimeDebug; + +/// This represents all the collateral data that we need to store on chain in order to verify +/// the quoting enclave validity of another enclave that wants to register itself on chain +#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] +pub struct QuotingEnclave { + // Todo: make timestamp: Moment + pub issue_date: u64, // unix epoch in milliseconds + // Todo: make timestamp: Moment + pub next_update: u64, // unix epoch in milliseconds + pub miscselect: [u8; 4], + pub miscselect_mask: [u8; 4], + pub attributes: [u8; 16], + pub attributes_mask: [u8; 16], + pub mrsigner: MrSigner, + pub isvprodid: u16, + /// Contains only the TCB versions that are considered UpToDate + pub tcb: Vec, +} + +impl QuotingEnclave { + #[allow(clippy::too_many_arguments)] + pub fn new( + issue_date: u64, + next_update: u64, + miscselect: [u8; 4], + miscselect_mask: [u8; 4], + attributes: [u8; 16], + attributes_mask: [u8; 16], + mrsigner: MrSigner, + isvprodid: u16, + tcb: Vec, + ) -> Self { + Self { + issue_date, + next_update, + miscselect, + miscselect_mask, + attributes, + attributes_mask, + mrsigner, + isvprodid, + tcb, + } + } + + pub fn attributes_flags_mask_as_u64(&self) -> u64 { + let slice_as_array: [u8; 8] = self.attributes_mask[0..8].try_into().unwrap(); + u64::from_le_bytes(slice_as_array) + } + + pub fn attributes_flags_as_u64(&self) -> u64 { + let slice_as_array: [u8; 8] = self.attributes[0..8].try_into().unwrap(); + u64::from_le_bytes(slice_as_array) + } +} diff --git a/parachain/pallets/teebag/src/sgx_verify/AttestationReportSigningCACert.pem b/common/primitives/core/src/teebag/sgx_verify/AttestationReportSigningCACert.pem similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/AttestationReportSigningCACert.pem rename to common/primitives/core/src/teebag/sgx_verify/AttestationReportSigningCACert.pem diff --git a/common/primitives/core/src/teebag/sgx_verify/collateral.rs b/common/primitives/core/src/teebag/sgx_verify/collateral.rs new file mode 100644 index 0000000000..1cb349ffe0 --- /dev/null +++ b/common/primitives/core/src/teebag/sgx_verify/collateral.rs @@ -0,0 +1,282 @@ +/* + Copyright 2022 Integritee AG and Supercomputing Systems AG + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +pub extern crate alloc; + +use crate::{Fmspc, MrSigner, Pcesvn, QeTcb, QuotingEnclave, TcbInfoOnChain, TcbVersionStatus}; +use alloc::string::String; +use chrono::prelude::{DateTime, Utc}; +use serde::{de::Error, Deserialize, Deserializer, Serialize, Serializer}; +use sp_std::prelude::*; + +/// The data structures in here are designed such that they can be used to serialize/deserialize +/// the "TCB info" and "enclave identity" collateral data in JSON format provided by intel +/// See https://api.portal.trustedservices.intel.com/documentation for further information and examples + +#[derive(Serialize, Deserialize)] +pub struct Tcb { + isvsvn: u16, +} + +impl Tcb { + pub fn is_valid(&self) -> bool { + // At the time of writing this code everything older than 6 is outdated + // Intel does the same check in their DCAP implementation + self.isvsvn >= 6 + } +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct TcbLevel { + tcb: Tcb, + /// Intel does not verify the tcb_date in their code and their API documentation also does + /// not mention it needs verification. + tcb_date: DateTime, + tcb_status: String, + #[serde(rename = "advisoryIDs")] + #[serde(skip_serializing_if = "Option::is_none")] + advisory_ids: Option>, +} + +impl TcbLevel { + pub fn is_valid(&self) -> bool { + // UpToDate is the only valid status (the other being OutOfDate and Revoked) + // A possible extension would be to also verify that the advisory_ids list is empty, + // but I think this could also lead to all TcbLevels being invalid + self.tcb.is_valid() && self.tcb_status == "UpToDate" + } +} + +#[derive(Serialize, Deserialize)] +struct TcbComponent { + svn: u8, + #[serde(skip_serializing_if = "Option::is_none")] + category: Option, + #[serde(rename = "type")] //type is a keyword so we rename the field + #[serde(skip_serializing_if = "Option::is_none")] + tcb_type: Option, +} + +#[derive(Serialize, Deserialize)] +pub struct TcbFull { + sgxtcbcomponents: [TcbComponent; 16], + pcesvn: Pcesvn, +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct TcbLevelFull { + tcb: TcbFull, + /// Intel does not verify the tcb_date in their code and their API documentation also does + /// not mention it needs verification. + tcb_date: DateTime, + tcb_status: String, + #[serde(rename = "advisoryIDs")] + #[serde(skip_serializing_if = "Option::is_none")] + advisory_ids: Option>, +} + +impl TcbLevelFull { + pub fn is_valid(&self) -> bool { + // A possible extension would be to also verify that the advisory_ids list is empty, + // but I think this could also lead to all TcbLevels being invalid + // + // Litentry: be more lenient with it + self.tcb_status == "UpToDate" + || self.tcb_status == "SWHardeningNeeded" + || self.tcb_status == "ConfigurationNeeded" + || self.tcb_status == "ConfigurationAndSWHardeningNeeded" + } +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct EnclaveIdentity { + id: String, + version: u16, + issue_date: DateTime, + next_update: DateTime, + tcb_evaluation_data_number: u16, + #[serde(deserialize_with = "deserialize_from_hex::<_, 4>")] + #[serde(serialize_with = "serialize_to_hex::<_, 4>")] + miscselect: [u8; 4], + #[serde(deserialize_with = "deserialize_from_hex::<_, 4>")] + #[serde(serialize_with = "serialize_to_hex::<_, 4>")] + miscselect_mask: [u8; 4], + #[serde(deserialize_with = "deserialize_from_hex::<_, 16>")] + #[serde(serialize_with = "serialize_to_hex::<_, 16>")] + attributes: [u8; 16], + #[serde(deserialize_with = "deserialize_from_hex::<_, 16>")] + #[serde(serialize_with = "serialize_to_hex::<_, 16>")] + attributes_mask: [u8; 16], + #[serde(deserialize_with = "deserialize_from_hex::<_, 32>")] + #[serde(serialize_with = "serialize_to_hex::<_, 32>")] + mrsigner: MrSigner, + pub isvprodid: u16, + pub tcb_levels: Vec, +} + +fn serialize_to_hex(x: &[u8; N], s: S) -> Result +where + S: Serializer, +{ + s.serialize_str(&hex::encode(x).to_uppercase()) +} + +fn deserialize_from_hex<'de, D, const N: usize>(deserializer: D) -> Result<[u8; N], D::Error> +where + D: Deserializer<'de>, +{ + let s: &str = Deserialize::deserialize(deserializer)?; + let hex = hex::decode(s).map_err(|_| D::Error::custom("Failed to deserialize hex string"))?; + hex.try_into() + .map_err(|_| D::Error::custom("Invalid hex length")) +} + +impl EnclaveIdentity { + /// This extracts the necessary information into the struct that we actually store in the chain + pub fn to_quoting_enclave(&self) -> QuotingEnclave { + let mut valid_tcbs: Vec = Vec::new(); + for tcb in &self.tcb_levels { + if tcb.is_valid() { + valid_tcbs.push(QeTcb::new(tcb.tcb.isvsvn)); + } + } + QuotingEnclave::new( + self.issue_date + .timestamp_millis() + .try_into() + .expect("no support for negative unix timestamps"), + self.next_update + .timestamp_millis() + .try_into() + .expect("no support for negative unix timestamps"), + self.miscselect, + self.miscselect_mask, + self.attributes, + self.attributes_mask, + self.mrsigner, + self.isvprodid, + valid_tcbs, + ) + } + + pub fn is_valid(&self, timestamp_millis: i64) -> bool { + self.id == "QE" + && self.version == 2 + && self.issue_date.timestamp_millis() < timestamp_millis + && timestamp_millis < self.next_update.timestamp_millis() + } +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct TcbInfo { + id: String, + version: u8, + issue_date: DateTime, + next_update: DateTime, + #[serde(deserialize_with = "deserialize_from_hex::<_, 6>")] + #[serde(serialize_with = "serialize_to_hex::<_, 6>")] + pub fmspc: Fmspc, + pce_id: String, + tcb_type: u16, + tcb_evaluation_data_number: u16, + tcb_levels: Vec, +} + +impl TcbInfo { + /// This extracts the necessary information into a tuple (`(Key, Value)`) that we actually store + /// in the chain + pub fn to_chain_tcb_info(&self) -> (Fmspc, TcbInfoOnChain) { + let valid_tcbs: Vec = self + .tcb_levels + .iter() + // Only store TCB levels on chain that are currently valid + .filter(|tcb| tcb.is_valid()) + .map(|tcb| { + let mut components = [0u8; 16]; + for (i, t) in tcb.tcb.sgxtcbcomponents.iter().enumerate() { + components[i] = t.svn; + } + TcbVersionStatus::new(components, tcb.tcb.pcesvn) + }) + .collect(); + ( + self.fmspc, + TcbInfoOnChain::new( + self.issue_date + .timestamp_millis() + .try_into() + .expect("no support for negative unix timestamps"), + self.next_update + .timestamp_millis() + .try_into() + .expect("no support for negative unix timestamps"), + valid_tcbs, + ), + ) + } + + pub fn is_valid(&self, timestamp_millis: i64) -> bool { + self.id == "SGX" + && self.version == 3 + && self.issue_date.timestamp_millis() < timestamp_millis + && timestamp_millis < self.next_update.timestamp_millis() + } +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct TcbInfoSigned { + pub tcb_info: TcbInfo, + pub signature: String, +} + +#[derive(Serialize, Deserialize)] +#[serde(rename_all = "camelCase")] +pub struct EnclaveIdentitySigned { + pub enclave_identity: EnclaveIdentity, + pub signature: String, +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn tcb_level_is_valid() { + let t: TcbLevel = serde_json::from_str( + r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#, + ) + .unwrap(); + assert!(t.is_valid()); + + let t: TcbLevel = serde_json::from_str( + r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"OutOfDate" }"#, + ) + .unwrap(); + assert!(!t.is_valid()); + + let t: TcbLevel = serde_json::from_str( + r#"{"tcb":{"isvsvn":5}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#, + ) + .unwrap(); + assert!(!t.is_valid()); + } +} diff --git a/common/primitives/core/src/teebag/sgx_verify/ephemeral_key.rs b/common/primitives/core/src/teebag/sgx_verify/ephemeral_key.rs new file mode 100644 index 0000000000..5fb62967b2 --- /dev/null +++ b/common/primitives/core/src/teebag/sgx_verify/ephemeral_key.rs @@ -0,0 +1,34 @@ +use super::{utils::length_from_raw_data, CertDer}; +use sp_std::convert::TryFrom; + +#[allow(dead_code)] +pub struct EphemeralKey<'a>(&'a [u8]); + +pub const PRIME256V1_OID: &[u8; 10] = &[0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07]; +impl<'a> TryFrom> for EphemeralKey<'a> { + type Error = &'static str; + + fn try_from(value: CertDer<'a>) -> Result { + let cert_der = value.0; + + let mut offset = cert_der + .windows(PRIME256V1_OID.len()) + .position(|window| window == PRIME256V1_OID) + .ok_or("Certificate does not contain 'PRIME256V1_OID'")?; + + offset += PRIME256V1_OID.len() + 1; // OID length + TAG (0x03) + + // Obtain Public Key length + let len = length_from_raw_data(cert_der, &mut offset)?; + + // Obtain Public Key + offset += 1; + let pub_k = cert_der + .get(offset + 2..offset + len) + .ok_or("Index out of bounds")?; // skip "00 04" + + #[cfg(test)] + println!("verifyRA ephemeral public key: {:x?}", pub_k); + Ok(EphemeralKey(pub_k)) + } +} diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/Cargo.lock b/common/primitives/core/src/teebag/sgx_verify/fuzz/Cargo.lock similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/Cargo.lock rename to common/primitives/core/src/teebag/sgx_verify/fuzz/Cargo.lock diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/Cargo.toml b/common/primitives/core/src/teebag/sgx_verify/fuzz/Cargo.toml similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/Cargo.toml rename to common/primitives/core/src/teebag/sgx_verify/fuzz/Cargo.toml diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/decode_quote.rs b/common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/decode_quote.rs similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/decode_quote.rs rename to common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/decode_quote.rs diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/deserialize_json.rs b/common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/deserialize_json.rs similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/deserialize_json.rs rename to common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/deserialize_json.rs diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/extract_tcb_info.rs b/common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/extract_tcb_info.rs similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/extract_tcb_info.rs rename to common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/extract_tcb_info.rs diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/signature_check.rs b/common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/signature_check.rs similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/signature_check.rs rename to common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/signature_check.rs diff --git a/parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/verify_ias_report.rs b/common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/verify_ias_report.rs similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/fuzz/fuzz_targets/verify_ias_report.rs rename to common/primitives/core/src/teebag/sgx_verify/fuzz/fuzz_targets/verify_ias_report.rs diff --git a/common/primitives/core/src/teebag/sgx_verify/mod.rs b/common/primitives/core/src/teebag/sgx_verify/mod.rs new file mode 100644 index 0000000000..d07583dc14 --- /dev/null +++ b/common/primitives/core/src/teebag/sgx_verify/mod.rs @@ -0,0 +1,907 @@ +/* + Copyright 2021 Integritee AG and Supercomputing Systems AG + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +*/ + +//! Contains all the logic for understanding and verifying SGX remote attestation reports. +//! +//! Intel's documentation is scattered across different documents: +//! +//! "Intel® Software Guard Extensions: PCK Certificate and Certificate Revocation List Profile +//! Specification", further denoted as `PCK_Certificate_CRL_Spec-1.1`. +//! +//! * https://download.01.org/intel-sgx/dcap-1.2/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.1.pdf +//! +//! Intel® SGX Developer Guide, further denoted as `SGX_Developer_Guide`: +//! +//! * https://download.01.org/intel-sgx/linux-1.5/docs/Intel_SGX_Developer_Guide.pdf + +pub extern crate alloc; + +use self::{ + collateral::{EnclaveIdentity, TcbInfo}, + netscape_comment::NetscapeComment, + utils::length_from_raw_data, +}; +use crate::{ + Cpusvn, Fmspc, MrEnclave, MrSigner, Pcesvn, QuotingEnclave, SgxBuildMode, TcbVersionStatus, +}; +use alloc::string::String; +use chrono::DateTime; +use core::time::Duration; +use der::asn1::ObjectIdentifier; +use frame_support::{ensure, traits::Len}; +use parity_scale_codec::{Decode, Encode, Input}; +use ring::signature::{self}; +use scale_info::TypeInfo; +use serde_json::Value; +use sp_std::{ + convert::{TryFrom, TryInto}, + prelude::*, + vec, +}; +use x509_cert::Certificate; + +pub mod collateral; +mod ephemeral_key; +mod netscape_comment; +#[cfg(test)] +mod tests; +mod utils; + +const SGX_REPORT_DATA_SIZE: usize = 64; +#[derive(Debug, Encode, Decode, PartialEq, Eq, Copy, Clone, TypeInfo)] +#[repr(C)] +pub struct SgxReportData { + d: [u8; SGX_REPORT_DATA_SIZE], +} + +#[derive(Debug, Encode, Decode, PartialEq, Eq, Copy, Clone, TypeInfo)] +#[repr(C)] +pub struct SGXAttributes { + flags: u64, + xfrm: u64, +} + +/// This is produced by an SGX platform, when it wants to be attested. +#[derive(Debug, Decode, Clone, TypeInfo)] +#[repr(C)] +pub struct DcapQuote { + header: DcapQuoteHeader, + body: SgxReportBody, + signature_data_len: u32, + quote_signature_data: EcdsaQuoteSignature, +} + +/// All the documentation about this can be found in the `PCK_Certificate_CRL_Spec-1.1` page 62. +#[derive(Debug, Encode, Decode, Copy, Clone, TypeInfo)] +#[repr(C)] +pub struct DcapQuoteHeader { + /// Version of the Quote data structure. + /// + /// This is version 3 for the DCAP ECDSA attestation. + version: u16, + /// Type of the Attestation Key used by the Quoting Enclave. + /// • Supported values: + /// - 2 (ECDSA-256-with-P-256 curve) + /// - 3 (ECDSA-384-with-P-384 curve) (Note: currently not supported) + attestation_key_type: u16, + /// Reserved field, value 0. + reserved: u32, + /// Security Version of the Quoting Enclave currently loaded on the platform. + qe_svn: u16, + /// Security Version of the Provisioning Certification Enclave currently loaded on the + /// platform. + pce_svn: u16, + /// Unique identifier of the QE Vendor. + /// + /// This will usually be Intel's Quoting enclave with the ID: 939A7233F79C4CA9940A0DB3957F0607. + qe_vendor_id: [u8; 16], + /// Custom user-defined data. + user_data: [u8; 20], +} + +const ATTESTATION_KEY_SIZE: usize = 64; +const REPORT_SIGNATURE_SIZE: usize = 64; + +#[derive(Debug, Decode, Clone, TypeInfo)] +#[repr(C)] +pub struct EcdsaQuoteSignature { + isv_enclave_report_signature: [u8; REPORT_SIGNATURE_SIZE], + ecdsa_attestation_key: [u8; ATTESTATION_KEY_SIZE], + qe_report: SgxReportBody, + qe_report_signature: [u8; REPORT_SIGNATURE_SIZE], + qe_authentication_data: QeAuthenticationData, + qe_certification_data: QeCertificationData, +} + +#[derive(Debug, Clone, TypeInfo)] +#[repr(C)] +pub struct QeAuthenticationData { + size: u16, + certification_data: Vec, +} + +impl Decode for QeAuthenticationData { + fn decode(input: &mut I) -> Result { + let mut size_buf: [u8; 2] = [0; 2]; + input.read(&mut size_buf)?; + let size = u16::from_le_bytes(size_buf); + + let mut certification_data = vec![0; size.into()]; + input.read(&mut certification_data)?; + + Ok(Self { + size, + certification_data, + }) + } +} + +#[derive(Debug, Clone, TypeInfo)] +#[repr(C)] +pub struct QeCertificationData { + certification_data_type: u16, + size: u32, + certification_data: Vec, +} + +impl Decode for QeCertificationData { + fn decode(input: &mut I) -> Result { + let mut certification_data_type_buf: [u8; 2] = [0; 2]; + input.read(&mut certification_data_type_buf)?; + let certification_data_type = u16::from_le_bytes(certification_data_type_buf); + + let mut size_buf: [u8; 4] = [0; 4]; + input.read(&mut size_buf)?; + let size = u32::from_le_bytes(size_buf); + // This is an arbitrary limit to prevent out of memory issues. Intel does not specify a max + // value + if size > 65_000 { + return Result::Err(parity_scale_codec::Error::from( + "Certification data too long. Max 65000 bytes are allowed", + )); + } + + // Safety: The try_into() can only fail due to overflow on a 16-bit system, but we anyway + // ensure the value is small enough above. + let mut certification_data = vec![0; size.try_into().unwrap()]; + input.read(&mut certification_data)?; + + Ok(Self { + certification_data_type, + size, + certification_data, + }) + } +} + +// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_report.h +const SGX_REPORT_BODY_RESERVED1_BYTES: usize = 12; +const SGX_REPORT_BODY_RESERVED2_BYTES: usize = 32; +const SGX_REPORT_BODY_RESERVED3_BYTES: usize = 32; +const SGX_REPORT_BODY_RESERVED4_BYTES: usize = 42; +const SGX_FLAGS_DEBUG: u64 = 0x0000000000000002; + +/// SGX report about an enclave. +/// +/// We don't verify all of the fields, as some contain business logic specific data that is +/// not related to the overall validity of an enclave. We only check security related fields. The +/// only exception to this is the quoting enclave, where we validate specific fields against known +/// values. +#[derive(Debug, Encode, Decode, Copy, Clone, TypeInfo)] +#[repr(C)] +pub struct SgxReportBody { + /// Security version of the CPU. + /// + /// Reflects the processors microcode update version. + cpu_svn: [u8; 16], /* ( 0) Security Version of the CPU */ + /// State Save Area (SSA) extended feature set. Flags used for specific exception handling + /// settings. Unless, you know what you are doing these should all be 0. + /// + /// See: https://cdrdv2-public.intel.com/671544/exception-handling-in-intel-sgx.pdf. + misc_select: [u8; 4], /* ( 16) Which fields defined in SSA.MISC */ + /// Unused reserved bytes. + reserved1: [u8; SGX_REPORT_BODY_RESERVED1_BYTES], /* ( 20) */ + /// Extended Product ID of an enclave. + isv_ext_prod_id: [u8; 16], /* ( 32) ISV assigned Extended Product ID */ + /// Attributes, defines features that should be enabled for an enclave. + /// + /// Here, we only check if the Debug mode is enabled. + /// + /// More details in `SGX_Developer_Guide` under `Debug (Opt-in) Enclave Consideration` on page + /// 24. + attributes: SGXAttributes, /* ( 48) Any special Capabilities the Enclave possess */ + /// Enclave measurement. + /// + /// A single 256-bit hash that identifies the code and initial data to + /// be placed inside the enclave, the expected order and position in which they are to be + /// placed, and the security properties of those pages. More details in `SGX_Developer_Guide` + /// page 6. + mr_enclave: MrEnclave, /* ( 64) The value of the enclave's ENCLAVE measurement */ + /// Unused reserved bytes. + reserved2: [u8; SGX_REPORT_BODY_RESERVED2_BYTES], /* ( 96) */ + /// The enclave author’s public key. + /// + /// More details in `SGX_Developer_Guide` page 6. + mr_signer: MrSigner, /* (128) The value of the enclave's SIGNER measurement */ + /// Unused reserved bytes. + reserved3: [u8; SGX_REPORT_BODY_RESERVED3_BYTES], /* (160) */ + /// Config ID of an enclave. + /// + /// Todo: #142 - Investigate the relevancy of this value. + config_id: [u8; 64], /* (192) CONFIGID */ + /// The Product ID of the enclave. + /// + /// The Independent Software Vendor (ISV) should configure a unique ISVProdID for each product + /// that may want to share sealed data between enclaves signed with a specific `MRSIGNER`. + isv_prod_id: u16, /* (256) Product ID of the Enclave */ + /// ISV security version of the enclave. + /// + /// This is the enclave author's responsibility to increase it whenever a security related + /// update happened. Here, we will only check it for the `Quoting Enclave` to ensure that the + /// quoting enclave is recent enough. + /// + /// More details in `SGX_Developer_Guide` page 6. + isv_svn: u16, /* (258) Security Version of the Enclave */ + /// Config Security version of the enclave. + config_svn: u16, /* (260) CONFIGSVN */ + /// Unused reserved bytes. + reserved4: [u8; SGX_REPORT_BODY_RESERVED4_BYTES], /* (262) */ + /// Family ID assigned by the ISV. + /// + /// Todo: #142 - Investigate the relevancy of this value. + isv_family_id: [u8; 16], /* (304) ISV assigned Family ID */ + /// Custom data to be defined by the enclave author. + /// + /// We use this to provide the public key of the enclave that is to be registered on the chain. + /// Doing this, will prove that the public key is from a legitimate SGX enclave when it is + /// verified together with the remote attestation. + report_data: SgxReportData, /* (320) Data provided by the user */ +} + +impl SgxReportBody { + pub fn sgx_build_mode(&self) -> SgxBuildMode { + if self.attributes.flags & SGX_FLAGS_DEBUG == SGX_FLAGS_DEBUG { + SgxBuildMode::Debug + } else { + SgxBuildMode::Production + } + } + + fn verify_misc_select_field(&self, o: &QuotingEnclave) -> bool { + for i in 0..self.misc_select.len() { + if (self.misc_select[i] & o.miscselect_mask[i]) + != (o.miscselect[i] & o.miscselect_mask[i]) + { + return false; + } + } + true + } + + fn verify_attributes_field(&self, o: &QuotingEnclave) -> bool { + let attributes_flags = self.attributes.flags; + + let quoting_enclave_attributes_mask = o.attributes_flags_mask_as_u64(); + let quoting_enclave_attributes_flags = o.attributes_flags_as_u64(); + + (attributes_flags & quoting_enclave_attributes_mask) == quoting_enclave_attributes_flags + } + + pub fn verify(&self, o: &QuotingEnclave) -> bool { + if self.isv_prod_id != o.isvprodid || self.mr_signer != o.mrsigner { + return false; + } + if !self.verify_misc_select_field(o) { + return false; + } + if !self.verify_attributes_field(o) { + return false; + } + for tcb in &o.tcb { + // If the enclave isvsvn is bigger than one of the + if self.isv_svn >= tcb.isvsvn { + return true; + } + } + false + } +} +// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_quote.h +#[derive(Encode, Decode, Copy, Clone, TypeInfo)] +#[repr(C)] +pub struct SgxQuote { + version: u16, /* 0 */ + sign_type: u16, /* 2 */ + epid_group_id: u32, /* 4 */ + qe_svn: u16, /* 8 */ + pce_svn: u16, /* 10 */ + xeid: u32, /* 12 */ + basename: [u8; 32], /* 16 */ + report_body: SgxReportBody, /* 48 */ +} + +#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo, Default)] +pub enum SgxStatus { + #[default] + #[codec(index = 0)] + Invalid, + #[codec(index = 1)] + Ok, + #[codec(index = 2)] + GroupOutOfDate, + #[codec(index = 3)] + GroupRevoked, + #[codec(index = 4)] + ConfigurationNeeded, +} + +#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)] +pub struct SgxReport { + pub mr_enclave: MrEnclave, + pub pubkey: [u8; 32], + pub status: SgxStatus, + pub timestamp: u64, // unix timestamp in milliseconds + pub build_mode: SgxBuildMode, +} + +type SignatureAlgorithms = &'static [&'static dyn webpki::types::SignatureVerificationAlgorithm]; +static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ + webpki::ring::RSA_PKCS1_2048_8192_SHA256, + webpki::ring::RSA_PKCS1_2048_8192_SHA384, + webpki::ring::RSA_PKCS1_2048_8192_SHA512, + webpki::ring::RSA_PKCS1_3072_8192_SHA384, +]; + +//pub const IAS_REPORT_CA: &[u8] = include_bytes!("../AttestationReportSigningCACert.pem"); + +pub static IAS_SERVER_ROOTS: &[webpki::types::TrustAnchor<'static>; 1] = &[ + /* + * -----BEGIN CERTIFICATE----- + * MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV + * BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV + * BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 + * YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy + * MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL + * U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD + * DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G + * CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e + * LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh + * rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT + * L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe + * NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ + * byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H + * afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf + * 6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM + * RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX + * MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50 + * L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW + * BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr + * NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq + * hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir + * IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ + * sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi + * zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra + * Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA + * 152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB + * 3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O + * DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv + * DaVzWh5aiEx+idkSGMnX + * -----END CERTIFICATE----- + */ + webpki::types::TrustAnchor { + subject: webpki::types::Der::from_slice(b"1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\x07\x0c\x0bSanta Clara1\x1a0\x18\x06\x03U\x04\n\x0c\x11Intel Corporation100.\x06\x03U\x04\x03\x0c\'Intel SGX Attestation Report Signing CA"), + subject_public_key_info: webpki::types::Der::from_slice(b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\x9f@u1@N6\xb3\x15b7\x99\xaa\x82Pt@\x97T\xa2\xdf\xe8\xf5\xaf\xd5\xfec\x1e\x1f\xc2\xaf8\x08\x90o(\xa7\x90\xd9\xdd\x9f\xe0`\x93\x9b\x12W\x90\xc5\x80]\x03}\xf5j\x99S\x1b\x96\xdei\xde3\xed\"l\xc1 }\x10B\xb5\xc9\xab\x7f@O\xc7\x11\xc0\xfeGi\xfb\x95x\xb1\xdc\x0e\xc4i\xea\x1a%\xe0\xff\x99\x14\x88n\xf2i\x9b#[\xb4\x84}\xd6\xff@\xb6\x06\xe6\x17\x07\x93\xc2\xfb\x98\xb3\x14X\x7f\x9c\xfd%sb\xdf\xea\xb1\x0b;\xd2\xd9vs\xa1\xa4\xbdD\xc4S\xaa\xf4\x7f\xc1\xf2\xd3\xd0\xf3\x84\xf7J\x06\xf8\x9c\x08\x9f\r\xa6\xcd\xb7\xfc\xee\xe8\xc9\x82\x1a\x8eT\xf2\\\x04\x16\xd1\x8cF\x83\x9a_\x80\x12\xfb\xdd=\xc7M%by\xad\xc2\xc0\xd5Z\xffo\x06\"B]\x1b\x02\x03\x01\x00\x01"), + name_constraints: None + }, +]; + +/// The needed code for a trust anchor can be extracted using `webpki` with something like this: +/// println!("{:?}", webpki::TrustAnchor::try_from_cert_der(&root_cert)); +#[allow(clippy::zero_prefixed_literal)] +pub static DCAP_SERVER_ROOTS: &[webpki::types::TrustAnchor<'static>; 1] = + &[webpki::types::TrustAnchor { + subject: webpki::types::Der::from_slice(&[ + 49, 26, 48, 24, 06, 03, 85, 04, 03, 12, 17, 73, 110, 116, 101, 108, 32, 83, 71, 88, 32, + 82, 111, 111, 116, 32, 67, 65, 49, 26, 48, 24, 06, 03, 85, 04, 10, 12, 17, 73, 110, + 116, 101, 108, 32, 67, 111, 114, 112, 111, 114, 97, 116, 105, 111, 110, 49, 20, 48, 18, + 06, 03, 85, 04, 07, 12, 11, 83, 97, 110, 116, 97, 32, 67, 108, 97, 114, 97, 49, 11, 48, + 09, 06, 03, 85, 04, 08, 12, 02, 67, 65, 49, 11, 48, 09, 06, 03, 85, 04, 06, 19, 02, 85, + 83, + ]), + subject_public_key_info: webpki::types::Der::from_slice(&[ + 48, 19, 06, 07, 42, 134, 72, 206, 61, 02, 01, 06, 08, 42, 134, 72, 206, 61, 03, 01, 07, + 03, 66, 00, 04, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218, + 16, 168, 187, 212, 232, 142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103, + 145, 142, 46, 220, 136, 228, 13, 134, 11, 208, 204, 78, 226, 106, 172, 201, 136, 229, + 05, 169, 83, 85, 140, 69, 63, 107, 09, 04, 174, 115, 148, + ]), + name_constraints: None, + }]; + +/// Contains an unvalidated ias remote attestation certificate. +/// +/// Wrapper to implemented parsing and verification traits on it. +pub struct CertDer<'a>(&'a [u8]); + +/// Encode two 32-byte values in DER format +/// This is meant for 256 bit ECC signatures or public keys +pub fn encode_as_der(data: &[u8]) -> Result, &'static str> { + if data.len() != 64 { + return Result::Err("Key must be 64 bytes long"); + } + let mut sequence = der::asn1::SequenceOf::::new(); + sequence + .add(der::asn1::UIntRef::new(&data[0..32]).map_err(|_| "Invalid public key")?) + .map_err(|_| "Invalid public key")?; + sequence + .add(der::asn1::UIntRef::new(&data[32..]).map_err(|_| "Invalid public key")?) + .map_err(|_| "Invalid public key")?; + // 72 should be enough in all cases. 2 + 2 x (32 + 3) + let mut asn1 = vec![0u8; 72]; + let mut writer = der::SliceWriter::new(&mut asn1); + writer + .encode(&sequence) + .map_err(|_| "Could not encode public key to DER")?; + Ok(writer + .finish() + .map_err(|_| "Could not convert public key to DER")? + .to_vec()) +} + +/// Extracts the specified data into a `EnclaveIdentity` instance. +/// Also verifies that the data matches the given signature, was produced by the given certificate +/// and matches the data +pub fn deserialize_enclave_identity( + data: &[u8], + signature: &[u8], + certificate: &webpki::EndEntityCert, +) -> Result { + let signature = encode_as_der(signature)?; + verify_signature( + certificate, + data, + &signature, + webpki::ring::ECDSA_P256_SHA256, + )?; + serde_json::from_slice(data).map_err(|_| "Deserialization failed") +} + +/// Extracts the specified data into a `TcbInfo` instance. +/// Also verifies that the data matches the given signature, was produced by the given certificate +/// and matches the data +pub fn deserialize_tcb_info( + data: &[u8], + signature: &[u8], + certificate: &webpki::EndEntityCert, +) -> Result { + let signature = encode_as_der(signature)?; + verify_signature( + certificate, + data, + &signature, + webpki::ring::ECDSA_P256_SHA256, + )?; + serde_json::from_slice(data).map_err(|_| "Deserialization failed") +} + +/// Extract a list of certificates from a byte vec. The certificates must be separated by +/// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` markers +pub fn extract_certs(cert_chain: &[u8]) -> Vec> { + // The certificates should be valid UTF-8 but if not we continue. The certificate verification + // will fail at a later point. + let certs_concat = String::from_utf8_lossy(cert_chain); + let certs_concat = certs_concat.replace('\n', ""); + let certs_concat = certs_concat.replace("-----BEGIN CERTIFICATE-----", ""); + // Use the end marker to split the string into certificates + let parts = certs_concat.split("-----END CERTIFICATE-----"); + parts + .filter(|p| !p.is_empty()) + .filter_map(|p| base64::decode(p).ok()) + .collect() +} + +/// Verifies that the `leaf_cert` in combination with the `intermediate_certs` establishes +/// a valid certificate chain that is rooted in one of the trust anchors that was compiled into to +/// the pallet +pub fn verify_certificate_chain<'a>( + leaf_cert: &webpki::EndEntityCert<'a>, + intermediate_certs: &[webpki::types::CertificateDer<'a>], + verification_time: u64, +) -> Result<(), &'static str> { + let time = + webpki::types::UnixTime::since_unix_epoch(Duration::from_secs(verification_time / 1000)); + let sig_algs = &[webpki::ring::ECDSA_P256_SHA256]; + leaf_cert + .verify_for_usage( + sig_algs, + DCAP_SERVER_ROOTS, + intermediate_certs, + time, + webpki::KeyUsage::client_auth(), + None, + ) + .map_err(|_| "Invalid certificate chain")?; + Ok(()) +} +#[allow(unused)] +pub fn extract_tcb_info_from_raw_dcap_quote( + dcap_quote_raw: &[u8], +) -> Result<(Fmspc, TcbVersionStatus), &'static str> { + let mut dcap_quote_clone = dcap_quote_raw; + let quote: DcapQuote = + Decode::decode(&mut dcap_quote_clone).map_err(|_| "Failed to decode attestation report")?; + + ensure!(quote.header.version == 3, "Only support for version 3"); + ensure!( + quote.header.attestation_key_type == 2, + "Only support for ECDSA-256" + ); + ensure!( + quote + .quote_signature_data + .qe_certification_data + .certification_data_type + == 5, + "Only support for PEM formatted PCK Cert Chain" + ); + + let certs = extract_certs( + "e + .quote_signature_data + .qe_certification_data + .certification_data, + ); + + let (fmspc, tcb_info) = extract_tcb_info(&certs[0])?; + + Ok((fmspc, tcb_info)) +} + +pub fn verify_dcap_quote( + dcap_quote_raw: &[u8], + verification_time: u64, + qe: &QuotingEnclave, +) -> Result<(Fmspc, TcbVersionStatus, SgxReport), &'static str> { + let mut dcap_quote_clone = dcap_quote_raw; + let quote: DcapQuote = + Decode::decode(&mut dcap_quote_clone).map_err(|_| "Failed to decode attestation report")?; + + ensure!(quote.header.version == 3, "Only support for version 3"); + ensure!( + quote.header.attestation_key_type == 2, + "Only support for ECDSA-256" + ); + ensure!( + quote + .quote_signature_data + .qe_certification_data + .certification_data_type + == 5, + "Only support for PEM formatted PCK Cert Chain" + ); + ensure!( + quote.quote_signature_data.qe_report.verify(qe), + "Enclave rejected by quoting enclave" + ); + let mut xt_signer_array = [0u8; 32]; + xt_signer_array.copy_from_slice("e.body.report_data.d[..32]); + + let certs = extract_certs( + "e + .quote_signature_data + .qe_certification_data + .certification_data, + ); + ensure!( + certs.len() >= 2, + "Certificate chain must have at least two certificates" + ); + let intermediate_certificate_slices: Vec = + certs[1..].iter().map(|c| c.as_slice().into()).collect(); + let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); + let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der) + .map_err(|_| "Failed to parse leaf certificate")?; + verify_certificate_chain( + &leaf_cert, + &intermediate_certificate_slices, + verification_time, + )?; + + let (fmspc, tcb_info) = extract_tcb_info(&certs[0])?; + + // For this part some understanding of the document (Especially chapter A.4: Quote Format) + // Intel® Software Guard Extensions (Intel® SGX) Data Center Attestation Primitives: ECDSA Quote + // Library API https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf + + const AUTHENTICATION_DATA_SIZE: usize = 32; // This is actually variable but assume 32 for now. This is also hard-coded to 32 in the Intel + // DCAP repo + const DCAP_QUOTE_HEADER_SIZE: usize = core::mem::size_of::(); + const REPORT_SIZE: usize = core::mem::size_of::(); + const QUOTE_SIGNATURE_DATA_LEN_SIZE: usize = core::mem::size_of::(); + + let attestation_key_offset = DCAP_QUOTE_HEADER_SIZE + + REPORT_SIZE + + QUOTE_SIGNATURE_DATA_LEN_SIZE + + REPORT_SIGNATURE_SIZE; + let authentication_data_offset = attestation_key_offset + + ATTESTATION_KEY_SIZE + + REPORT_SIZE + + REPORT_SIGNATURE_SIZE + + core::mem::size_of::(); //Size of the QE authentication data. We ignore this for now and assume 32. See + // AUTHENTICATION_DATA_SIZE + let mut hash_data = [0u8; ATTESTATION_KEY_SIZE + AUTHENTICATION_DATA_SIZE]; + hash_data[0..ATTESTATION_KEY_SIZE].copy_from_slice( + &dcap_quote_raw[attestation_key_offset..(attestation_key_offset + ATTESTATION_KEY_SIZE)], + ); + hash_data[ATTESTATION_KEY_SIZE..].copy_from_slice( + &dcap_quote_raw + [authentication_data_offset..(authentication_data_offset + AUTHENTICATION_DATA_SIZE)], + ); + // Ensure that the hash matches the intel signed hash in the QE report. This establishes trust + // into the attestation key. + let hash = ring::digest::digest(&ring::digest::SHA256, &hash_data); + ensure!( + hash.as_ref() == "e.quote_signature_data.qe_report.report_data.d[0..32], + "Hashes must match" + ); + + let qe_report_offset = attestation_key_offset + ATTESTATION_KEY_SIZE; + let qe_report_slice = &dcap_quote_raw[qe_report_offset..(qe_report_offset + REPORT_SIZE)]; + let mut pub_key = [0x04u8; 65]; //Prepend 0x04 to specify uncompressed format + pub_key[1..].copy_from_slice("e.quote_signature_data.ecdsa_attestation_key); + + let peer_public_key = + signature::UnparsedPublicKey::new(&signature::ECDSA_P256_SHA256_FIXED, pub_key); + let isv_report_slice = &dcap_quote_raw[0..(DCAP_QUOTE_HEADER_SIZE + REPORT_SIZE)]; + // Verify that the enclave data matches the signature generated by the trusted attestation key. + // This establishes trust into the data of the enclave we actually want to verify + peer_public_key + .verify( + isv_report_slice, + "e.quote_signature_data.isv_enclave_report_signature, + ) + .map_err(|_| "Failed to verify report signature")?; + + // Verify that the QE report was signed by Intel. This establishes trust into the QE report. + let asn1_signature = encode_as_der("e.quote_signature_data.qe_report_signature)?; + verify_signature( + &leaf_cert, + qe_report_slice, + &asn1_signature, + webpki::ring::ECDSA_P256_SHA256, + )?; + + ensure!( + dcap_quote_clone.is_empty(), + "There should be no bytes left over after decoding" + ); + let report = SgxReport { + mr_enclave: quote.body.mr_enclave, + status: SgxStatus::Ok, + pubkey: xt_signer_array, + timestamp: verification_time, + build_mode: quote.body.sgx_build_mode(), + }; + Ok((fmspc, tcb_info, report)) +} + +// make sure this function doesn't panic! +pub fn verify_ias_report(cert_der: &[u8]) -> Result { + // Before we reach here, the runtime already verified the extrinsic is properly signed by the + // extrinsic sender Hence, we skip: EphemeralKey::try_from(cert)?; + let cert = CertDer(cert_der); + let netscape = NetscapeComment::try_from(cert)?; + let sig_cert_der = webpki::types::CertificateDer::from(netscape.sig_cert.as_slice()); + let sig_cert = webpki::EndEntityCert::try_from(&sig_cert_der).map_err(|_| "Bad der")?; + + verify_signature( + &sig_cert, + netscape.attestation_raw, + &netscape.sig, + webpki::ring::RSA_PKCS1_2048_8192_SHA256, + )?; + + // FIXME: now hardcoded. but certificate renewal would have to be done manually anyway... + // chain wasm update or by some sudo call + let valid_until = webpki::types::UnixTime::since_unix_epoch(Duration::from_secs(1573419050)); + verify_server_cert(&sig_cert, valid_until)?; + + parse_report(&netscape) +} + +fn parse_report(netscape: &NetscapeComment) -> Result { + let report_raw: &[u8] = netscape.attestation_raw; + // parse attestation report + let attn_report: Value = match serde_json::from_slice(report_raw) { + Ok(report) => report, + Err(_) => return Err("RA report parsing error"), + }; + + let _ra_timestamp = match &attn_report["timestamp"] { + Value::String(time) => { + let time_fixed = time.clone() + "+0000"; + match DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z") { + Ok(d) => d.timestamp(), + Err(_) => return Err("RA report timestamp parsing error"), + } + } + _ => return Err("Failed to fetch timestamp from attestation report"), + }; + + // in milliseconds + let ra_timestamp: u64 = (_ra_timestamp * 1000) + .try_into() + .map_err(|_| "Error converting report.timestamp to u64")?; + + // get quote status (mandatory field) + let ra_status = match &attn_report["isvEnclaveQuoteStatus"] { + Value::String(quote_status) => match quote_status.as_ref() { + "OK" => SgxStatus::Ok, + "GROUP_OUT_OF_DATE" => SgxStatus::GroupOutOfDate, + "GROUP_REVOKED" => SgxStatus::GroupRevoked, + "CONFIGURATION_NEEDED" => SgxStatus::ConfigurationNeeded, + _ => SgxStatus::Invalid, + }, + _ => return Err("Failed to fetch isvEnclaveQuoteStatus from attestation report"), + }; + + // parse quote body + if let Value::String(quote_raw) = &attn_report["isvEnclaveQuoteBody"] { + let quote = match base64::decode(quote_raw) { + Ok(q) => q, + Err(_) => return Err("Quote Decoding Error"), + }; + // TODO: lack security check here + let sgx_quote: SgxQuote = match Decode::decode(&mut "e[..]) { + Ok(q) => q, + Err(_) => return Err("could not decode quote"), + }; + + let mut xt_signer_array = [0u8; 32]; + xt_signer_array.copy_from_slice(&sgx_quote.report_body.report_data.d[..32]); + Ok(SgxReport { + mr_enclave: sgx_quote.report_body.mr_enclave, + status: ra_status, + pubkey: xt_signer_array, + timestamp: ra_timestamp, + build_mode: sgx_quote.report_body.sgx_build_mode(), + }) + } else { + Err("Failed to parse isvEnclaveQuoteBody from attestation report") + } +} + +/// * `signature` - Must be encoded in DER format. +pub fn verify_signature( + entity_cert: &webpki::EndEntityCert, + data: &[u8], + signature: &[u8], + signature_algorithm: &dyn webpki::types::SignatureVerificationAlgorithm, +) -> Result<(), &'static str> { + match entity_cert.verify_signature(signature_algorithm, data, signature) { + Ok(()) => Ok(()), + Err(_e) => Err("bad signature"), + } +} + +pub fn verify_server_cert( + sig_cert: &webpki::EndEntityCert, + timestamp_valid_until: webpki::types::UnixTime, +) -> Result<(), &'static str> { + let chain: Vec = Vec::new(); + match sig_cert.verify_for_usage( + SUPPORTED_SIG_ALGS, + IAS_SERVER_ROOTS, + &chain, + timestamp_valid_until, + webpki::KeyUsage::server_auth(), + None, + ) { + Ok(()) => Ok(()), + Err(_e) => Err("CA verification failed"), + } +} + +/// See document "Intel® Software Guard Extensions: PCK Certificate and Certificate Revocation List +/// Profile Specification" https://download.01.org/intel-sgx/dcap-1.2/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.1.pdf +const INTEL_SGX_EXTENSION_OID: ObjectIdentifier = + ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1"); +const OID_FMSPC: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4"); +const OID_PCESVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.17"); +const OID_CPUSVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.18"); + +pub fn extract_tcb_info(cert: &[u8]) -> Result<(Fmspc, TcbVersionStatus), &'static str> { + let extension_section = get_intel_extension(cert)?; + + let fmspc = get_fmspc(&extension_section)?; + let cpusvn = get_cpusvn(&extension_section)?; + let pcesvn = get_pcesvn(&extension_section)?; + + Ok((fmspc, TcbVersionStatus::new(cpusvn, pcesvn))) +} + +fn get_intel_extension(der_encoded: &[u8]) -> Result, &'static str> { + let cert: Certificate = + der::Decode::from_der(der_encoded).map_err(|_| "Error parsing certificate")?; + let mut extension_iter = cert + .tbs_certificate + .extensions + .as_deref() + .unwrap_or(&[]) + .iter() + .filter(|e| e.extn_id == INTEL_SGX_EXTENSION_OID) + .map(|e| e.extn_value); + + let extension = extension_iter.next(); + ensure!( + extension.is_some() && extension_iter.next().is_none(), + "There should only be one section containing Intel extensions" + ); + // SAFETY: Ensured above that extension.is_some() == true + Ok(extension.unwrap().to_vec()) +} + +fn get_fmspc(der: &[u8]) -> Result { + let bytes_oid = OID_FMSPC.as_bytes(); + let mut offset = der + .windows(bytes_oid.len()) + .position(|window| window == bytes_oid) + .ok_or("Certificate does not contain 'FMSPC_OID'")?; + offset += 12; // length oid (10) + asn1 tag (1) + asn1 length10 (1) + + let fmspc_size = core::mem::size_of::() / core::mem::size_of::(); + let data = der + .get(offset..offset + fmspc_size) + .ok_or("Index out of bounds")?; + data.try_into().map_err(|_| "FMSPC must be 6 bytes long") +} + +fn get_cpusvn(der: &[u8]) -> Result { + let bytes_oid = OID_CPUSVN.as_bytes(); + let mut offset = der + .windows(bytes_oid.len()) + .position(|window| window == bytes_oid) + .ok_or("Certificate does not contain 'CPUSVN_OID'")?; + offset += 13; // length oid (11) + asn1 tag (1) + asn1 length10 (1) + + // CPUSVN is specified to have length 16 + let len = 16; + let data = der.get(offset..offset + len).ok_or("Index out of bounds")?; + data.try_into().map_err(|_| "CPUSVN must be 16 bytes long") +} + +fn get_pcesvn(der: &[u8]) -> Result { + let bytes_oid = OID_PCESVN.as_bytes(); + let mut offset = der + .windows(bytes_oid.len()) + .position(|window| window == bytes_oid) + .ok_or("Certificate does not contain 'PCESVN_OID'")?; + // length oid + asn1 tag (1 byte) + offset += bytes_oid.len() + 1; + // PCESVN can be 1 or 2 bytes + let len = length_from_raw_data(der, &mut offset)?; + offset += 1; // length_from_raw_data does not move the offset when the length is encoded in a single byte + ensure!(len == 1 || len == 2, "PCESVN must be 1 or 2 bytes"); + let data = der.get(offset..offset + len).ok_or("Index out of bounds")?; + if data.len() == 1 { + Ok(u16::from(data[0])) + } else { + // Unwrap is fine here as we check the length above + // DER integers are encoded in big endian + Ok(u16::from_be_bytes(data.try_into().unwrap())) + } +} diff --git a/common/primitives/core/src/teebag/sgx_verify/netscape_comment.rs b/common/primitives/core/src/teebag/sgx_verify/netscape_comment.rs new file mode 100644 index 0000000000..731a21eb0d --- /dev/null +++ b/common/primitives/core/src/teebag/sgx_verify/netscape_comment.rs @@ -0,0 +1,51 @@ +use super::{utils::length_from_raw_data, CertDer}; +use frame_support::ensure; +use sp_std::{convert::TryFrom, prelude::Vec}; + +pub struct NetscapeComment<'a> { + pub attestation_raw: &'a [u8], + pub sig: Vec, + pub sig_cert: Vec, +} + +pub const NS_CMT_OID: &[u8; 11] = &[ + 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x0D, +]; + +impl<'a> TryFrom> for NetscapeComment<'a> { + type Error = &'static str; + + fn try_from(value: CertDer<'a>) -> Result { + // Search for Netscape Comment OID + let cert_der = value.0; + + let mut offset = cert_der + .windows(NS_CMT_OID.len()) + .position(|window| window == NS_CMT_OID) + .ok_or("Certificate does not contain 'ns_cmt_oid'")?; + + offset += 12; // 11 + TAG (0x04) + + // Obtain Netscape Comment length + let len = length_from_raw_data(cert_der, &mut offset)?; + // Obtain Netscape Comment + offset += 1; + let netscape_raw = cert_der + .get(offset..offset + len) + .ok_or("Index out of bounds")? + .split(|x| *x == 0x7C) // 0x7C is the character '|' + .collect::>(); + ensure!(netscape_raw.len() == 3, "Invalid netscape payload"); + + let sig = base64::decode(netscape_raw[1]).map_err(|_| "Signature Decoding Error")?; + + let sig_cert = base64::decode_config(netscape_raw[2], base64::STANDARD) + .map_err(|_| "Cert Decoding Error")?; + + Ok(NetscapeComment { + attestation_raw: netscape_raw[0], + sig, + sig_cert, + }) + } +} diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/dcap_quote_cert.der b/common/primitives/core/src/teebag/sgx_verify/test/dcap/dcap_quote_cert.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/dcap_quote_cert.der rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/dcap_quote_cert.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/pck_crl.der b/common/primitives/core/src/teebag/sgx_verify/test/dcap/pck_crl.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/pck_crl.der rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/pck_crl.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/pck_crl_issuer_chain.pem b/common/primitives/core/src/teebag/sgx_verify/test/dcap/pck_crl_issuer_chain.pem similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/pck_crl_issuer_chain.pem rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/pck_crl_issuer_chain.pem diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity.json b/common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity.json similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity.json rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity.json diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity_cert.pem b/common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_cert.pem similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity_cert.pem rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_cert.pem diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity_issuer_chain.pem b/common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_issuer_chain.pem similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/qe_identity_issuer_chain.pem rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_issuer_chain.pem diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/root_ca_crl.der b/common/primitives/core/src/teebag/sgx_verify/test/dcap/root_ca_crl.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/root_ca_crl.der rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/root_ca_crl.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/tcb_info.json b/common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info.json similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/tcb_info.json rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info.json diff --git a/parachain/pallets/teebag/src/sgx_verify/test/dcap/tcb_info_issuer_chain.pem b/common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info_issuer_chain.pem similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/dcap/tcb_info_issuer_chain.pem rename to common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info_issuer_chain.pem diff --git a/parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST4.bin b/common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST4.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST4.bin rename to common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST4.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST5.bin b/common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST5.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST5.bin rename to common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST5.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST6.bin b/common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST6.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST6.bin rename to common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST6.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST7.bin b/common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST7.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST7.bin rename to common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST7.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin b/common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin rename to common/primitives/core/src/teebag/sgx_verify/test/enclave-signing-pubkey-TEST8-PRODUCTION.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST4.der b/common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST4.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST4.der rename to common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST4.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST5.der b/common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST5.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST5.der rename to common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST5.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST6.der b/common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST6.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST6.der rename to common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST6.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST7.der b/common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST7.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST7.der rename to common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST7.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST8_PRODUCTION.der b/common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST8_PRODUCTION.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/ra_dump_cert_TEST8_PRODUCTION.der rename to common/primitives/core/src/teebag/sgx_verify/test/ra_dump_cert_TEST8_PRODUCTION.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER1_MRENCLAVE1.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER2_MRENCLAVE2.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_cert_MRSIGNER3_MRENCLAVE2.der diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin b/common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin similarity index 100% rename from parachain/pallets/teebag/src/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin rename to common/primitives/core/src/teebag/sgx_verify/test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin diff --git a/parachain/pallets/teebag/src/sgx_verify/tests.rs b/common/primitives/core/src/teebag/sgx_verify/tests.rs similarity index 59% rename from parachain/pallets/teebag/src/sgx_verify/tests.rs rename to common/primitives/core/src/teebag/sgx_verify/tests.rs index 58916016c7..f2459838a9 100644 --- a/parachain/pallets/teebag/src/sgx_verify/tests.rs +++ b/common/primitives/core/src/teebag/sgx_verify/tests.rs @@ -1,8 +1,8 @@ #![allow(dead_code, unused_imports, const_item_mutation)] use super::{ - collateral::{EnclaveIdentitySigned, TcbInfoSigned}, - *, + collateral::{EnclaveIdentitySigned, TcbInfoSigned}, + *, }; use frame_support::assert_err; use hex_literal::hex; @@ -19,19 +19,19 @@ const TEST7_CERT: &[u8] = include_bytes!("./test/ra_dump_cert_TEST7.der"); const TEST8_CERT: &[u8] = include_bytes!("./test/ra_dump_cert_TEST8_PRODUCTION.der"); const TEST1_SIGNER_ATTN: &[u8] = - include_bytes!("./test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin"); + include_bytes!("./test/test_ra_signer_attn_MRSIGNER1_MRENCLAVE1.bin"); const TEST2_SIGNER_ATTN: &[u8] = - include_bytes!("./test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin"); + include_bytes!("./test/test_ra_signer_attn_MRSIGNER2_MRENCLAVE2.bin"); const TEST3_SIGNER_ATTN: &[u8] = - include_bytes!("./test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin"); + include_bytes!("./test/test_ra_signer_attn_MRSIGNER3_MRENCLAVE2.bin"); // reproduce with "litentry-worker signing-key" const TEST1_SIGNER_PUB: &[u8] = - include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin"); + include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER1_MRENCLAVE1.bin"); const TEST2_SIGNER_PUB: &[u8] = - include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin"); + include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER2_MRENCLAVE2.bin"); const TEST3_SIGNER_PUB: &[u8] = - include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin"); + include_bytes!("./test/test_ra_signer_pubkey_MRSIGNER3_MRENCLAVE2.bin"); const TEST4_SIGNER_PUB: &[u8] = include_bytes!("./test/enclave-signing-pubkey-TEST4.bin"); // equal to TEST4! const TEST5_SIGNER_PUB: &[u8] = include_bytes!("./test/enclave-signing-pubkey-TEST5.bin"); @@ -43,34 +43,34 @@ const PCK_CRL: &[u8] = include_bytes!("./test/dcap/pck_crl.der"); // reproduce with "make mrenclave" in worker repo root const TEST1_MRENCLAVE: &[u8] = &[ - 62, 252, 187, 232, 60, 135, 108, 204, 87, 78, 35, 169, 241, 237, 106, 217, 251, 241, 99, 189, - 138, 157, 86, 136, 77, 91, 93, 23, 192, 104, 140, 167, + 62, 252, 187, 232, 60, 135, 108, 204, 87, 78, 35, 169, 241, 237, 106, 217, 251, 241, 99, 189, + 138, 157, 86, 136, 77, 91, 93, 23, 192, 104, 140, 167, ]; const TEST2_MRENCLAVE: &[u8] = &[ - 4, 190, 230, 132, 211, 129, 59, 237, 101, 78, 55, 174, 144, 177, 91, 134, 1, 240, 27, 174, 81, - 139, 8, 22, 32, 241, 228, 103, 189, 43, 44, 102, + 4, 190, 230, 132, 211, 129, 59, 237, 101, 78, 55, 174, 144, 177, 91, 134, 1, 240, 27, 174, 81, + 139, 8, 22, 32, 241, 228, 103, 189, 43, 44, 102, ]; const TEST3_MRENCLAVE: &[u8] = &[ - 4, 190, 230, 132, 211, 129, 59, 237, 101, 78, 55, 174, 144, 177, 91, 134, 1, 240, 27, 174, 81, - 139, 8, 22, 32, 241, 228, 103, 189, 43, 44, 102, + 4, 190, 230, 132, 211, 129, 59, 237, 101, 78, 55, 174, 144, 177, 91, 134, 1, 240, 27, 174, 81, + 139, 8, 22, 32, 241, 228, 103, 189, 43, 44, 102, ]; // MRSIGNER is 83d719e77deaca1470f6baf62a4d774303c899db69020f9c70ee1dfc08c7ce9e const TEST4_MRENCLAVE: MrEnclave = - hex!("7a3454ec8f42e265cb5be7dfd111e1d95ac6076ed82a0948b2e2a45cf17b62a0"); + hex!("7a3454ec8f42e265cb5be7dfd111e1d95ac6076ed82a0948b2e2a45cf17b62a0"); const TEST5_MRENCLAVE: MrEnclave = - hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); + hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); // equal to TEST5! const TEST6_MRENCLAVE: MrEnclave = - hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); + hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); // equal to TEST6! const TEST7_MRENCLAVE: MrEnclave = - hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); + hex!("f4dedfc9e5fcc48443332bc9b23161c34a3c3f5a692eaffdb228db27b704d9d1"); // production mode // MRSIGNER is 117f95f65f06afb5764b572156b8b525c6230db7d6b1c94e8ebdb7fba068f4e8 const TEST8_MRENCLAVE: MrEnclave = - hex!("bcf66abfc6b3ef259e9ecfe4cf8df667a7f5a546525dee16822741b38f6e6050"); + hex!("bcf66abfc6b3ef259e9ecfe4cf8df667a7f5a546525dee16822741b38f6e6050"); // unix epoch. must be later than this const TEST1_TIMESTAMP: i64 = 1580587262i64; @@ -115,150 +115,174 @@ const CERT_TOO_SHORT2: &[u8] = b"0\x82\x0c\x8c0"; #[test] fn verify_ias_report_should_work() { - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - let report = verify_ias_report(TEST4_CERT); - let report = report.unwrap(); - assert_eq!(report.mr_enclave, TEST4_MRENCLAVE); - assert!(report.timestamp >= TEST1_TIMESTAMP.try_into().unwrap()); - assert_eq!(report.pubkey, TEST4_SIGNER_PUB); - //assert_eq!(report.status, SgxStatus::GroupOutOfDate); - assert_eq!(report.status, SgxStatus::ConfigurationNeeded); - assert_eq!(report.build_mode, SgxBuildMode::Debug); + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + let report = verify_ias_report(TEST4_CERT); + let report = report.unwrap(); + assert_eq!(report.mr_enclave, TEST4_MRENCLAVE); + assert!(report.timestamp >= TEST1_TIMESTAMP.try_into().unwrap()); + assert_eq!(report.pubkey, TEST4_SIGNER_PUB); + //assert_eq!(report.status, SgxStatus::GroupOutOfDate); + assert_eq!(report.status, SgxStatus::ConfigurationNeeded); + assert_eq!(report.build_mode, SgxBuildMode::Debug); } #[test] fn verify_zero_length_cert_returns_err() { - // CERT empty, argument 2 and 3 are wrong too! - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - assert!(verify_ias_report(&Vec::new()[..]).is_err()) + // CERT empty, argument 2 and 3 are wrong too! + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + assert!(verify_ias_report(&Vec::new()[..]).is_err()) } #[test] fn verify_wrong_cert_is_err() { - // CERT wrong, argument 2 and 3 are wrong too! - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - assert!(verify_ias_report(CERT_WRONG_PLATFORM_BLOB).is_err()) + // CERT wrong, argument 2 and 3 are wrong too! + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + assert!(verify_ias_report(CERT_WRONG_PLATFORM_BLOB).is_err()) } #[test] fn verify_wrong_fake_enclave_quote_is_err() { - // quote wrong, argument 2 and 3 are wrong too! - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - assert!(verify_ias_report(CERT_FAKE_QUOTE_STATUS).is_err()) + // quote wrong, argument 2 and 3 are wrong too! + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + assert!(verify_ias_report(CERT_FAKE_QUOTE_STATUS).is_err()) } #[test] fn verify_wrong_sig_is_err() { - // sig wrong, argument 2 and 3 are wrong too! - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - assert!(verify_ias_report(CERT_WRONG_SIG).is_err()) + // sig wrong, argument 2 and 3 are wrong too! + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + assert!(verify_ias_report(CERT_WRONG_SIG).is_err()) } #[test] fn verify_short_cert_is_err() { - let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); - assert!(verify_ias_report(CERT_TOO_SHORT1).is_err()); - assert!(verify_ias_report(CERT_TOO_SHORT2).is_err()); + let _signer_attn: [u32; 16] = Decode::decode(&mut TEST1_SIGNER_ATTN).unwrap(); + assert!(verify_ias_report(CERT_TOO_SHORT1).is_err()); + assert!(verify_ias_report(CERT_TOO_SHORT2).is_err()); } #[test] fn fix_incorrect_handling_of_iterator() { - // In `verify_ias_report` we called `iter.next()` with unwrap three times, which could fail - // for certain invalid reports as the one in this test. This test verifies that the issue - // has been fixed. - // - // For context, see: https://github.com/integritee-network/pallet-teerex/issues/35 - - let report: [u8; 56] = [ - 224, 224, 224, 224, 224, 224, 224, 224, 235, 2, 0, 1, 5, 40, 0, 8, 255, 6, 8, 42, 134, 72, - 206, 61, 3, 1, 7, 0, 2, 183, 64, 48, 48, 0, 1, 10, 23, 3, 6, 9, 96, 134, 72, 1, 134, 248, - 66, 1, 13, 0, 0, 0, 13, 1, 14, 177, - ]; - - assert_err!(verify_ias_report(&report), "Invalid netscape payload"); + // In `verify_ias_report` we called `iter.next()` with unwrap three times, which could fail + // for certain invalid reports as the one in this test. This test verifies that the issue + // has been fixed. + // + // For context, see: https://github.com/integritee-network/pallet-teerex/issues/35 + + let report: [u8; 56] = [ + 224, 224, 224, 224, 224, 224, 224, 224, 235, 2, 0, 1, 5, 40, 0, 8, 255, 6, 8, 42, 134, 72, + 206, 61, 3, 1, 7, 0, 2, 183, 64, 48, 48, 0, 1, 10, 23, 3, 6, 9, 96, 134, 72, 1, 134, 248, + 66, 1, 13, 0, 0, 0, 13, 1, 14, 177, + ]; + + assert_err!(verify_ias_report(&report), "Invalid netscape payload"); } #[test] fn verify_sgx_build_mode_works() { - //verify report from enclave in debug mode - let report = verify_ias_report(TEST4_CERT); - let report = report.unwrap(); - assert_eq!(report.build_mode, SgxBuildMode::Debug); - //verify report from enclave in production mode - let report = verify_ias_report(TEST8_CERT); - let report = report.unwrap(); - assert_eq!(report.build_mode, SgxBuildMode::Production); + //verify report from enclave in debug mode + let report = verify_ias_report(TEST4_CERT); + let report = report.unwrap(); + assert_eq!(report.build_mode, SgxBuildMode::Debug); + //verify report from enclave in production mode + let report = verify_ias_report(TEST8_CERT); + let report = report.unwrap(); + assert_eq!(report.build_mode, SgxBuildMode::Production); } #[test] fn decode_qe_authentication_data() { - assert!(QeAuthenticationData::decode(&mut &[0u8][..]).is_err()); - assert!(QeAuthenticationData::decode(&mut &[1u8][..]).is_err()); - assert_eq!(0, QeAuthenticationData::decode(&mut &[0u8, 0][..]).unwrap().size); - let d = QeAuthenticationData::decode(&mut &[1u8, 0, 5][..]).unwrap(); - assert_eq!(1, d.size); - assert_eq!(5, d.certification_data[0]); + assert!(QeAuthenticationData::decode(&mut &[0u8][..]).is_err()); + assert!(QeAuthenticationData::decode(&mut &[1u8][..]).is_err()); + assert_eq!( + 0, + QeAuthenticationData::decode(&mut &[0u8, 0][..]) + .unwrap() + .size + ); + let d = QeAuthenticationData::decode(&mut &[1u8, 0, 5][..]).unwrap(); + assert_eq!(1, d.size); + assert_eq!(5, d.certification_data[0]); } #[test] fn decode_qe_certification_data() { - assert!(QeCertificationData::decode(&mut &[0u8][..]).is_err()); - assert!(QeCertificationData::decode(&mut &[1u8, 0, 0, 0, 0][..]).is_err()); - assert_eq!(0, QeCertificationData::decode(&mut &[0u8, 0, 0, 0, 0, 0][..]).unwrap().size); - let d = QeCertificationData::decode(&mut &[0u8, 0, 1, 0, 0, 0, 5][..]).unwrap(); - assert_eq!(1, d.size); - assert_eq!(5, d.certification_data[0]); - assert!(QeCertificationData::decode(&mut &[0u8, 0, 2, 0, 0, 0, 5][..]).is_err()); + assert!(QeCertificationData::decode(&mut &[0u8][..]).is_err()); + assert!(QeCertificationData::decode(&mut &[1u8, 0, 0, 0, 0][..]).is_err()); + assert_eq!( + 0, + QeCertificationData::decode(&mut &[0u8, 0, 0, 0, 0, 0][..]) + .unwrap() + .size + ); + let d = QeCertificationData::decode(&mut &[0u8, 0, 1, 0, 0, 0, 5][..]).unwrap(); + assert_eq!(1, d.size); + assert_eq!(5, d.certification_data[0]); + assert!(QeCertificationData::decode(&mut &[0u8, 0, 2, 0, 0, 0, 5][..]).is_err()); } #[test] fn deserialize_qe_identity_works() { - let certs = extract_certs(include_bytes!("./test/dcap/qe_identity_issuer_chain.pem")); - let intermediate_slices: Vec = - certs[1..].iter().map(|c| c.as_slice().into()).collect(); - let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); - let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); - verify_certificate_chain(&leaf_cert, &intermediate_slices, COLLATERAL_VERIFICATION_TIMESTAMP) - .unwrap(); - let json: EnclaveIdentitySigned = - serde_json::from_slice(include_bytes!("./test/dcap/qe_identity.json")).unwrap(); - let json_data = serde_json::to_vec(&json.enclave_identity).unwrap(); - let signature = hex::decode(json.signature).unwrap(); - - let e = deserialize_enclave_identity(&json_data, &signature, &leaf_cert).unwrap(); - assert_eq!(1, e.isvprodid); - assert_eq!(5, e.tcb_levels.len()); + let certs = extract_certs(include_bytes!("./test/dcap/qe_identity_issuer_chain.pem")); + let intermediate_slices: Vec = + certs[1..].iter().map(|c| c.as_slice().into()).collect(); + let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); + let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); + verify_certificate_chain( + &leaf_cert, + &intermediate_slices, + COLLATERAL_VERIFICATION_TIMESTAMP, + ) + .unwrap(); + let json: EnclaveIdentitySigned = + serde_json::from_slice(include_bytes!("./test/dcap/qe_identity.json")).unwrap(); + let json_data = serde_json::to_vec(&json.enclave_identity).unwrap(); + let signature = hex::decode(json.signature).unwrap(); + + let e = deserialize_enclave_identity(&json_data, &signature, &leaf_cert).unwrap(); + assert_eq!(1, e.isvprodid); + assert_eq!(5, e.tcb_levels.len()); } #[test] fn deserialize_tcb_info_works() { - let certs = extract_certs(include_bytes!("./test/dcap/tcb_info_issuer_chain.pem")); - let intermediate_slices: Vec = - certs[1..].iter().map(|c| c.as_slice().into()).collect(); - let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); - let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); - verify_certificate_chain(&leaf_cert, &intermediate_slices, COLLATERAL_VERIFICATION_TIMESTAMP) - .unwrap(); - let json: TcbInfoSigned = - serde_json::from_slice(include_bytes!("./test/dcap/tcb_info.json")).unwrap(); - - let json_data = serde_json::to_vec(&json.tcb_info).unwrap(); - let signature = hex::decode(json.signature).unwrap(); - - let _e = deserialize_tcb_info(&json_data, &signature, &leaf_cert).unwrap(); - assert_eq!(hex!("00906EA10000"), json.tcb_info.fmspc); + let certs = extract_certs(include_bytes!("./test/dcap/tcb_info_issuer_chain.pem")); + let intermediate_slices: Vec = + certs[1..].iter().map(|c| c.as_slice().into()).collect(); + let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); + let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); + verify_certificate_chain( + &leaf_cert, + &intermediate_slices, + COLLATERAL_VERIFICATION_TIMESTAMP, + ) + .unwrap(); + let json: TcbInfoSigned = + serde_json::from_slice(include_bytes!("./test/dcap/tcb_info.json")).unwrap(); + + let json_data = serde_json::to_vec(&json.tcb_info).unwrap(); + let signature = hex::decode(json.signature).unwrap(); + + let _e = deserialize_tcb_info(&json_data, &signature, &leaf_cert).unwrap(); + assert_eq!(hex!("00906EA10000"), json.tcb_info.fmspc); } #[test] fn verify_tcb_info_signature() { - let cert = QE_IDENTITY_CERT.replace('\n', ""); - let leaf_cert = base64::decode(cert).unwrap(); - let leaf_cert_der = webpki::types::CertificateDer::from(leaf_cert.as_slice()); - let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); - let data = br#"{"version":2,"issueDate":"2022-10-18T21:45:02Z","nextUpdate":"2022-11-17T21:45:02Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":3,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":4,"sgxtcbcomp02svn":4,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":2,"sgxtcbcomp02svn":2,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate"}]}"#; - let signature = hex!("e0cc3102e9ffdb21cf156ba30f13d027210ab11f3bff349e670e4c49b2f0cb6889c7eeb436149c7efe53e15c97e6ec3fc9f34c3440e732a4c760f8eb91834a36"); - let signature = encode_as_der(&signature).unwrap(); - verify_signature(&leaf_cert, data, &signature, webpki::ring::ECDSA_P256_SHA256).unwrap(); + let cert = QE_IDENTITY_CERT.replace('\n', ""); + let leaf_cert = base64::decode(cert).unwrap(); + let leaf_cert_der = webpki::types::CertificateDer::from(leaf_cert.as_slice()); + let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der).unwrap(); + let data = br#"{"version":2,"issueDate":"2022-10-18T21:45:02Z","nextUpdate":"2022-11-17T21:45:02Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded"},{"tcb":{"sgxtcbcomp01svn":17,"sgxtcbcomp02svn":17,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":15,"sgxtcbcomp02svn":15,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":7,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":14,"sgxtcbcomp02svn":14,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":3,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":13,"sgxtcbcomp02svn":13,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":6,"sgxtcbcomp02svn":6,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":1,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":5,"sgxtcbcomp02svn":5,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded"},{"tcb":{"sgxtcbcomp01svn":4,"sgxtcbcomp02svn":4,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate"},{"tcb":{"sgxtcbcomp01svn":2,"sgxtcbcomp02svn":2,"sgxtcbcomp03svn":2,"sgxtcbcomp04svn":4,"sgxtcbcomp05svn":1,"sgxtcbcomp06svn":128,"sgxtcbcomp07svn":0,"sgxtcbcomp08svn":0,"sgxtcbcomp09svn":0,"sgxtcbcomp10svn":0,"sgxtcbcomp11svn":0,"sgxtcbcomp12svn":0,"sgxtcbcomp13svn":0,"sgxtcbcomp14svn":0,"sgxtcbcomp15svn":0,"sgxtcbcomp16svn":0,"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate"}]}"#; + let signature = hex!("e0cc3102e9ffdb21cf156ba30f13d027210ab11f3bff349e670e4c49b2f0cb6889c7eeb436149c7efe53e15c97e6ec3fc9f34c3440e732a4c760f8eb91834a36"); + let signature = encode_as_der(&signature).unwrap(); + verify_signature( + &leaf_cert, + data, + &signature, + webpki::ring::ECDSA_P256_SHA256, + ) + .unwrap(); } /// This is demo code of how a CRL certificate can be parsed and how the revoked serials can be @@ -266,33 +290,33 @@ fn verify_tcb_info_signature() { /// TODO: Implement CRL handling #[test] fn parse_pck_crl() { - let crl_decoded = hex::decode(PCK_CRL).unwrap(); - let crl: x509_cert::crl::CertificateList = der::Decode::from_der(&crl_decoded).unwrap(); - - let mut serials = vec![]; - if let Some(certs) = crl.tbs_cert_list.revoked_certificates { - for c in certs { - let serial = c.serial_number.as_bytes().to_vec(); - serials.push(serial); - } - } - assert_eq!(3, serials.len()); + let crl_decoded = hex::decode(PCK_CRL).unwrap(); + let crl: x509_cert::crl::CertificateList = der::Decode::from_der(&crl_decoded).unwrap(); + + let mut serials = vec![]; + if let Some(certs) = crl.tbs_cert_list.revoked_certificates { + for c in certs { + let serial = c.serial_number.as_bytes().to_vec(); + serials.push(serial); + } + } + assert_eq!(3, serials.len()); } #[test] fn parse_pck_certificate() { - let der = DCAP_QUOTE_CERT.replace('\n', ""); - let der = base64::decode(der).unwrap(); + let der = DCAP_QUOTE_CERT.replace('\n', ""); + let der = base64::decode(der).unwrap(); - let ext = get_intel_extension(&der).unwrap(); - assert_eq!(453, ext.len()); + let ext = get_intel_extension(&der).unwrap(); + assert_eq!(453, ext.len()); - let fmspc = get_fmspc(&ext).unwrap(); - assert_eq!(hex!("00906EA10000"), fmspc); + let fmspc = get_fmspc(&ext).unwrap(); + assert_eq!(hex!("00906EA10000"), fmspc); - let cpusvn = get_cpusvn(&ext).unwrap(); - assert_eq!(hex!("11110204018007000000000000000000"), cpusvn); + let cpusvn = get_cpusvn(&ext).unwrap(); + assert_eq!(hex!("11110204018007000000000000000000"), cpusvn); - let pcesvn = get_pcesvn(&ext).unwrap(); - assert_eq!(u16::from_be_bytes(hex!("000B")), pcesvn); + let pcesvn = get_pcesvn(&ext).unwrap(); + assert_eq!(u16::from_be_bytes(hex!("000B")), pcesvn); } diff --git a/common/primitives/core/src/teebag/sgx_verify/utils.rs b/common/primitives/core/src/teebag/sgx_verify/utils.rs new file mode 100644 index 0000000000..71389c9ce5 --- /dev/null +++ b/common/primitives/core/src/teebag/sgx_verify/utils.rs @@ -0,0 +1,38 @@ +fn safe_indexing_one(data: &[u8], idx: usize) -> Result { + let elt = data.get(idx).ok_or("Index out of bounds")?; + Ok(*elt as usize) +} + +pub fn length_from_raw_data(data: &[u8], offset: &mut usize) -> Result { + let mut len = safe_indexing_one(data, *offset)?; + if len > 0x80 { + len = (safe_indexing_one(data, *offset + 1)?) * 0x100 + + (safe_indexing_one(data, *offset + 2)?); + *offset += 2; + } + Ok(len) +} + +#[cfg(test)] +mod test { + use super::*; + use frame_support::assert_err; + + #[test] + fn index_equal_length_returns_err() { + // It was discovered a panic occurs if `index == data.len()` due to out of bound + // indexing. Here the fix is tested. + // + // For context see: https://github.com/integritee-network/pallet-teerex/issues/34 + let data: [u8; 7] = [0, 1, 2, 3, 4, 5, 6]; + assert_err!(safe_indexing_one(&data, data.len()), "Index out of bounds"); + } + + #[test] + fn safe_indexing_works() { + let data: [u8; 7] = [0, 1, 2, 3, 4, 5, 6]; + assert_eq!(safe_indexing_one(&data, 0), Ok(0)); + assert_eq!(safe_indexing_one(&data, 3), Ok(3)); + assert!(safe_indexing_one(&data, 10).is_err()); + } +} diff --git a/common/primitives/core/src/teebag/tcb.rs b/common/primitives/core/src/teebag/tcb.rs new file mode 100644 index 0000000000..10cb39c44c --- /dev/null +++ b/common/primitives/core/src/teebag/tcb.rs @@ -0,0 +1,115 @@ +/* +Copyright 2021 Integritee AG and Supercomputing Systems AG + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +*/ + +// `Tcb...` primitive part, copied from Integritee + +use crate::{Cpusvn, Pcesvn, Vec}; +use parity_scale_codec::{Decode, Encode}; +use scale_info::TypeInfo; +use sp_core::RuntimeDebug; + +/// The list of valid TCBs for an enclave. +#[derive(Encode, Decode, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] +pub struct QeTcb { + pub isvsvn: u16, +} + +impl QeTcb { + pub fn new(isvsvn: u16) -> Self { + Self { isvsvn } + } +} + +#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] +pub struct TcbVersionStatus { + pub cpusvn: Cpusvn, + pub pcesvn: Pcesvn, +} + +impl TcbVersionStatus { + pub fn new(cpusvn: Cpusvn, pcesvn: Pcesvn) -> Self { + Self { cpusvn, pcesvn } + } + + pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool { + for (v, r) in self.cpusvn.iter().zip(examinee.cpusvn.iter()) { + if *v > *r { + return false; + } + } + self.pcesvn <= examinee.pcesvn + } +} + +/// This represents all the collateral data that we need to store on chain in order to verify +/// the quoting enclave validity of another enclave that wants to register itself on chain +#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] +pub struct TcbInfoOnChain { + // Todo: make timestamp: Moment + pub issue_date: u64, // unix epoch in milliseconds + // Todo: make timestamp: Moment + pub next_update: u64, // unix epoch in milliseconds + tcb_levels: Vec, +} + +impl TcbInfoOnChain { + pub fn new(issue_date: u64, next_update: u64, tcb_levels: Vec) -> Self { + Self { + issue_date, + next_update, + tcb_levels, + } + } + + pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool { + for tb in &self.tcb_levels { + if tb.verify_examinee(examinee) { + return true; + } + } + false + } +} + +#[cfg(test)] +mod tests { + use super::*; + use hex_literal::hex; + + #[test] + fn tcb_full_is_valid() { + // The strings are the hex encodings of the 16-byte CPUSVN numbers + let reference = TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7); + assert!(reference.verify_examinee(&reference)); + assert!(reference.verify_examinee(&TcbVersionStatus::new( + hex!("11110204018007000000000000000000"), + 7 + ))); + assert!(reference.verify_examinee(&TcbVersionStatus::new( + hex!("21110204018007000000000000000001"), + 7 + ))); + assert!(!reference.verify_examinee(&TcbVersionStatus::new( + hex!("10110204018007000000000000000000"), + 6 + ))); + assert!(!reference.verify_examinee(&TcbVersionStatus::new( + hex!("11110204018007000000000000000000"), + 6 + ))); + } +} diff --git a/parachain/pallets/teebag/src/types.rs b/common/primitives/core/src/teebag/types.rs similarity index 51% rename from parachain/pallets/teebag/src/types.rs rename to common/primitives/core/src/teebag/types.rs index fdecc582af..5920d539ee 100644 --- a/parachain/pallets/teebag/src/types.rs +++ b/common/primitives/core/src/teebag/types.rs @@ -14,21 +14,21 @@ // You should have received a copy of the GNU General Public License // along with Litentry. If not, see . -use crate::Ed25519Public; +use crate::H256; use parity_scale_codec::{Decode, Encode}; use scale_info::TypeInfo; use serde::{Deserialize, Serialize}; -use sp_core::{RuntimeDebug, H256}; +use sp_core::{ed25519::Public as Ed25519Public, RuntimeDebug}; use sp_std::prelude::*; pub type MrSigner = [u8; 32]; pub type MrEnclave = [u8; 32]; -pub type Fmspc = [u8; 6]; pub type Cpusvn = [u8; 16]; pub type Pcesvn = u16; +pub type Fmspc = [u8; 6]; pub type ShardIdentifier = H256; -pub type EnclaveFingerprint = H256; pub type SidechainBlockNumber = u64; +pub type EnclaveFingerprint = H256; /// Different modes that control enclave registration and running: /// - `Production`: default value. It perfroms all checks for enclave registration and runtime @@ -39,140 +39,143 @@ pub type SidechainBlockNumber = u64; /// `Attestation::Ignore` is only possible under `OperationalMode::Development`, but not vice versa. /// So if you define `Attestation::Ias`, the attestation will be verified even in `Development` mode #[derive( - PartialEq, Eq, Clone, Copy, Default, Encode, Decode, Debug, TypeInfo, Serialize, Deserialize, + PartialEq, Eq, Clone, Copy, Default, Encode, Decode, Debug, TypeInfo, Serialize, Deserialize, )] pub enum OperationalMode { - #[default] - #[codec(index = 0)] - Production, - #[codec(index = 1)] - Development, - #[codec(index = 2)] - Maintenance, + #[default] + #[codec(index = 0)] + Production, + #[codec(index = 1)] + Development, + #[codec(index = 2)] + Maintenance, } #[derive(Encode, Decode, Default, Clone, Copy, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub enum DcapProvider { - #[default] - Intel, - MAA, - Local, - Integritee, + #[default] + Intel, + MAA, + Local, + Integritee, } #[derive(Encode, Decode, Clone, Copy, Default, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub enum AttestationType { - #[default] - Ignore, - Ias, - Dcap(DcapProvider), + #[default] + Ignore, + Ias, + Dcap(DcapProvider), } #[derive(Encode, Decode, Clone, Copy, Default, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub enum WorkerType { - #[default] - Identity, - BitAcross, + #[default] + Identity, + BitAcross, } #[derive(Encode, Decode, Clone, Copy, Default, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub enum WorkerMode { - #[default] - OffChainWorker, - Sidechain, + #[default] + OffChainWorker, + Sidechain, } #[derive(Encode, Decode, Copy, Clone, Default, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub enum SgxBuildMode { - #[default] - #[codec(index = 0)] - Production, - #[codec(index = 1)] - Debug, + #[default] + #[codec(index = 0)] + Production, + #[codec(index = 1)] + Debug, } #[derive(PartialEq, Eq, Clone, Encode, Decode, Debug, Copy, Default, TypeInfo)] #[cfg_attr(feature = "std", derive(Serialize, Deserialize))] pub struct SidechainBlockConfirmation { - pub block_number: SidechainBlockNumber, - pub block_header_hash: H256, + pub block_number: SidechainBlockNumber, + pub block_header_hash: H256, } #[derive(Encode, Decode, Clone, Default, PartialEq, Eq, RuntimeDebug, TypeInfo)] pub struct Enclave { - pub worker_type: WorkerType, - pub worker_mode: WorkerMode, - pub mrenclave: MrEnclave, - pub last_seen_timestamp: u64, // unix epoch in milliseconds when it's last seen - pub url: Vec, // utf8 encoded url - pub shielding_pubkey: Option>, // JSON serialised enclave shielding pub key - pub vc_pubkey: Option, - pub sgx_build_mode: SgxBuildMode, - pub attestation_type: AttestationType, + pub worker_type: WorkerType, + pub worker_mode: WorkerMode, + pub mrenclave: MrEnclave, + pub last_seen_timestamp: u64, // unix epoch in milliseconds when it's last seen + pub url: Vec, // utf8 encoded url + pub shielding_pubkey: Option>, // JSON serialised enclave shielding pub key + pub vc_pubkey: Option, + pub sgx_build_mode: SgxBuildMode, + pub attestation_type: AttestationType, } impl Enclave { - pub fn new(worker_type: WorkerType) -> Self { - Enclave { worker_type, ..Default::default() } - } - - pub fn with_worker_mode(mut self, worker_mode: WorkerMode) -> Self { - self.worker_mode = worker_mode; - self - } - - pub fn with_mrenclave(mut self, mrenclave: MrEnclave) -> Self { - self.mrenclave = mrenclave; - self - } - - pub fn with_url(mut self, url: Vec) -> Self { - self.url = url; - self - } - - pub fn with_shielding_pubkey(mut self, shielding_pubkey: Option>) -> Self { - self.shielding_pubkey = shielding_pubkey; - self - } - - pub fn with_vc_pubkey(mut self, vc_pubkey: Option) -> Self { - self.vc_pubkey = vc_pubkey; - self - } - - pub fn with_last_seen_timestamp(mut self, t: u64) -> Self { - self.last_seen_timestamp = t; - self - } - - pub fn with_attestation_type(mut self, attestation_type: AttestationType) -> Self { - self.attestation_type = attestation_type; - self - } - - pub fn with_sgx_build_mode(mut self, sgx_build_mode: SgxBuildMode) -> Self { - self.sgx_build_mode = sgx_build_mode; - self - } + pub fn new(worker_type: WorkerType) -> Self { + Enclave { + worker_type, + ..Default::default() + } + } + + pub fn with_worker_mode(mut self, worker_mode: WorkerMode) -> Self { + self.worker_mode = worker_mode; + self + } + + pub fn with_mrenclave(mut self, mrenclave: MrEnclave) -> Self { + self.mrenclave = mrenclave; + self + } + + pub fn with_url(mut self, url: Vec) -> Self { + self.url = url; + self + } + + pub fn with_shielding_pubkey(mut self, shielding_pubkey: Option>) -> Self { + self.shielding_pubkey = shielding_pubkey; + self + } + + pub fn with_vc_pubkey(mut self, vc_pubkey: Option) -> Self { + self.vc_pubkey = vc_pubkey; + self + } + + pub fn with_last_seen_timestamp(mut self, t: u64) -> Self { + self.last_seen_timestamp = t; + self + } + + pub fn with_attestation_type(mut self, attestation_type: AttestationType) -> Self { + self.attestation_type = attestation_type; + self + } + + pub fn with_sgx_build_mode(mut self, sgx_build_mode: SgxBuildMode) -> Self { + self.sgx_build_mode = sgx_build_mode; + self + } } // use the name `RsaRequest` to differentiate from `AesRequest` (see aes_request.rs in // tee-worker) `Rsa` implies that the payload is RSA-encrypted (using enclave's shielding key) #[macro_export] macro_rules! decl_rsa_request { - ($($t:meta),*) => { - #[derive(Encode, Decode, Default, Clone, PartialEq, Eq, $($t),*)] - pub struct RsaRequest { - pub shard: ShardIdentifier, - pub payload: Vec, - } - impl RsaRequest { - pub fn new(shard: ShardIdentifier, payload: Vec) -> Self { - Self { shard, payload } - } - } - }; + ($($t:meta),*) => { + #[derive(Encode, Decode, Default, Clone, PartialEq, Eq, $($t),*)] + pub struct RsaRequest { + pub shard: ShardIdentifier, + pub payload: Vec, + } + impl RsaRequest { + pub fn new(shard: ShardIdentifier, payload: Vec) -> Self { + Self { shard, payload } + } + } + }; } decl_rsa_request!(TypeInfo, RuntimeDebug); diff --git a/parachain/Cargo.lock b/parachain/Cargo.lock index dfde196e33..a83af27e12 100644 --- a/parachain/Cargo.lock +++ b/parachain/Cargo.lock @@ -1440,18 +1440,29 @@ name = "core-primitives" version = "0.1.0" dependencies = [ "base58", + "base64 0.13.1", + "chrono", + "der 0.6.1", "frame-support", + "hex", + "hex-literal", "litentry-hex-utils", "litentry-macros", "litentry-proc-macros", "pallet-evm", "parity-scale-codec", + "ring 0.16.20", + "rustls-webpki 0.102.0-alpha.3", "scale-info", + "serde", + "serde_json", "sp-core", "sp-io", "sp-runtime", + "sp-std", "strum 0.26.3", "strum_macros 0.26.4", + "x509-cert", ] [[package]] @@ -8121,6 +8132,7 @@ version = "0.1.0" dependencies = [ "base64 0.13.1", "chrono", + "core-primitives", "der 0.6.1", "env_logger 0.10.2", "frame-benchmarking", diff --git a/parachain/pallets/identity-management/Cargo.toml b/parachain/pallets/identity-management/Cargo.toml index 8973e277aa..82917f6882 100644 --- a/parachain/pallets/identity-management/Cargo.toml +++ b/parachain/pallets/identity-management/Cargo.toml @@ -18,7 +18,7 @@ sp-runtime = { workspace = true } sp-std = { workspace = true } core-primitives = { workspace = true } -pallet-teebag = { workspace = true } +pallet-teebag = { workspace = true, optional = true } [dev-dependencies] pallet-balances = { workspace = true, features = ["std"] } diff --git a/parachain/pallets/identity-management/src/lib.rs b/parachain/pallets/identity-management/src/lib.rs index 8e85376841..da36011793 100644 --- a/parachain/pallets/identity-management/src/lib.rs +++ b/parachain/pallets/identity-management/src/lib.rs @@ -43,7 +43,6 @@ pub mod weights; pub use crate::weights::WeightInfo; pub use pallet::*; -use pallet_teebag::ShardIdentifier; use sp_core::H256; use sp_std::vec::Vec; @@ -51,8 +50,8 @@ const MAX_REDIRECT_URL_LEN: u32 = 256; #[frame_support::pallet] pub mod pallet { - use super::{ShardIdentifier, Vec, WeightInfo, H256, MAX_REDIRECT_URL_LEN}; - use core_primitives::{ErrorDetail, IMPError, Identity}; + use super::{Vec, WeightInfo, H256, MAX_REDIRECT_URL_LEN}; + use core_primitives::{ErrorDetail, IMPError, Identity, ShardIdentifier}; use frame_support::pallet_prelude::*; use frame_system::pallet_prelude::*; diff --git a/parachain/pallets/identity-management/src/mock.rs b/parachain/pallets/identity-management/src/mock.rs index 900dd41dfc..31291d7b4f 100644 --- a/parachain/pallets/identity-management/src/mock.rs +++ b/parachain/pallets/identity-management/src/mock.rs @@ -64,7 +64,7 @@ where if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(pallet_teebag::Pallet::::add_enclave( &signer, - &pallet_teebag::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), + &core_primitives::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), )); } Ok(frame_system::RawOrigin::Signed(signer).into()) @@ -188,20 +188,20 @@ pub fn new_test_ext() -> sp_io::TestExternalities { assert_ok!(Teebag::set_admin(RuntimeOrigin::root(), signer.clone())); assert_ok!(Teebag::set_mode( RuntimeOrigin::signed(signer.clone()), - pallet_teebag::OperationalMode::Development + core_primitives::OperationalMode::Development )); Timestamp::set_timestamp(TEST8_TIMESTAMP); if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(Teebag::register_enclave( RuntimeOrigin::signed(signer), - pallet_teebag::WorkerType::Identity, - pallet_teebag::WorkerMode::Sidechain, + core_primitives::WorkerType::Identity, + core_primitives::WorkerMode::Sidechain, TEST8_CERT.to_vec(), URL.to_vec(), None, None, - pallet_teebag::AttestationType::Ias, + core_primitives::AttestationType::Ias, )); } }); diff --git a/parachain/pallets/identity-management/src/tests.rs b/parachain/pallets/identity-management/src/tests.rs index 4063e5a5f3..28bb4c8494 100644 --- a/parachain/pallets/identity-management/src/tests.rs +++ b/parachain/pallets/identity-management/src/tests.rs @@ -14,8 +14,8 @@ // You should have received a copy of the GNU General Public License // along with Litentry. If not, see . #[allow(unused)] -use crate::{mock::*, Error, OIDCClients, ShardIdentifier}; -use core_primitives::{ErrorDetail, IMPError}; +use crate::{mock::*, Error, OIDCClients}; +use core_primitives::{ErrorDetail, IMPError, ShardIdentifier}; use frame_support::{assert_noop, assert_ok}; use sp_core::H256; diff --git a/parachain/pallets/omni-account/src/mock.rs b/parachain/pallets/omni-account/src/mock.rs index 9bc1f4bc73..056d754096 100644 --- a/parachain/pallets/omni-account/src/mock.rs +++ b/parachain/pallets/omni-account/src/mock.rs @@ -63,7 +63,7 @@ where if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(pallet_teebag::Pallet::::add_enclave( &signer, - &pallet_teebag::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), + &core_primitives::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), )); } Ok(frame_system::RawOrigin::Signed(signer).into()) @@ -194,20 +194,20 @@ pub fn new_test_ext() -> sp_io::TestExternalities { assert_ok!(Teebag::set_admin(RuntimeOrigin::root(), signer.clone())); assert_ok!(Teebag::set_mode( RuntimeOrigin::signed(signer.clone()), - pallet_teebag::OperationalMode::Development + core_primitives::OperationalMode::Development )); Timestamp::set_timestamp(TEST8_TIMESTAMP); if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(Teebag::register_enclave( RuntimeOrigin::signed(signer), - pallet_teebag::WorkerType::Identity, - pallet_teebag::WorkerMode::Sidechain, + core_primitives::WorkerType::Identity, + core_primitives::WorkerMode::Sidechain, TEST8_CERT.to_vec(), URL.to_vec(), None, None, - pallet_teebag::AttestationType::Ias, + core_primitives::AttestationType::Ias, )); } }); diff --git a/parachain/pallets/teebag/Cargo.toml b/parachain/pallets/teebag/Cargo.toml index 6ab25e821c..3fc4cf3815 100644 --- a/parachain/pallets/teebag/Cargo.toml +++ b/parachain/pallets/teebag/Cargo.toml @@ -34,6 +34,8 @@ sp-io = { workspace = true } sp-runtime = { workspace = true } sp-std = { workspace = true } +core-primitives = { workspace = true } + [dev-dependencies] env_logger = { workspace = true } frame-benchmarking = { workspace = true, features = ["std"] } diff --git a/parachain/pallets/teebag/src/benchmarking.rs b/parachain/pallets/teebag/src/benchmarking.rs index 4c6b635c30..653d623caf 100644 --- a/parachain/pallets/teebag/src/benchmarking.rs +++ b/parachain/pallets/teebag/src/benchmarking.rs @@ -42,11 +42,12 @@ const PUBKEY: [u8; 32] = [ const QUOTING_ENCLAVE: &[u8; 1038] = br#"{"id":"QE","version":2,"issueDate":"2022-12-04T22:45:33Z","nextUpdate":"2023-01-03T22:45:33Z","tcbEvaluationDataNumber":13,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2022-11-09T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477"]},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00202","INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]}]}"#; const QUOTING_ENCLAVE_SIGNATURE: [u8; 64] = hex!("47accba321e57c20722a0d3d1db11c9b52661239857dc578ca1bde13976ee288cf39f72111ffe445c7389ef56447c79e30e6b83a8863ed9880de5bde4a8d5c91"); const QUOTING_ENCLAVE_CERTIFICATE_CHAIN: &[u8; 1891] = - include_bytes!("./sgx_verify/test/dcap/qe_identity_issuer_chain.pem"); + include_bytes!("../../../../common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_issuer_chain.pem"); const TCB_INFO: &[u8; 8359] = br#"{"id":"SGX","version":3,"issueDate":"2022-11-17T12:45:32Z","nextUpdate":"2023-04-16T12:45:32Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded","advisoryIDs":["INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":3},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00233","INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":4},{"svn":4},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":2},{"svn":2},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00088","INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]}]}"#; const TCB_SIGNATURE: [u8; 64] = hex!("71746f2148ecba04e35cf1ac77a7e6267ce99f6781c1031f724bb5bd94b8c1b6e4c07c01dc151692aa75be80dfba7350bb80c58314a6975189597e28e9bbc75c"); -const TCB_CERTIFICATE_CHAIN: &[u8; 1891] = - include_bytes!("./sgx_verify/test/dcap/tcb_info_issuer_chain.pem"); +const TCB_CERTIFICATE_CHAIN: &[u8; 1891] = include_bytes!( + "../../../../common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info_issuer_chain.pem" +); fn register_quoting_enclave_for_testing() where diff --git a/parachain/pallets/teebag/src/lib.rs b/parachain/pallets/teebag/src/lib.rs index 8ae095b3e3..1d23f24bdf 100644 --- a/parachain/pallets/teebag/src/lib.rs +++ b/parachain/pallets/teebag/src/lib.rs @@ -31,27 +31,13 @@ use sp_core::{ed25519::Public as Ed25519Public, H256}; use sp_runtime::traits::{CheckedSub, SaturatedConversion}; use sp_std::{prelude::*, str}; -mod sgx_verify; -pub use sgx_verify::{ - deserialize_enclave_identity, deserialize_tcb_info, extract_certs, - extract_tcb_info_from_raw_dcap_quote, verify_certificate_chain, verify_dcap_quote, - verify_ias_report, SgxReport, -}; +use core_primitives::*; pub use pallet::*; pub mod weights; pub use crate::weights::WeightInfo; -mod types; -pub use types::*; - -mod quoting_enclave; -pub use quoting_enclave::*; - -mod tcb; -pub use tcb::*; - const MAX_RA_REPORT_LEN: usize = 5244; const MAX_DCAP_QUOTE_LEN: usize = 5000; const MAX_URL_LEN: usize = 256; diff --git a/parachain/pallets/teebag/src/quoting_enclave.rs b/parachain/pallets/teebag/src/quoting_enclave.rs deleted file mode 100644 index 8804f928a6..0000000000 --- a/parachain/pallets/teebag/src/quoting_enclave.rs +++ /dev/null @@ -1,78 +0,0 @@ -/* -Copyright 2021 Integritee AG and Supercomputing Systems AG - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -*/ - -// `QuotingEnclave` primitive part, copied from Integritee - -use crate::{MrSigner, QeTcb, Vec}; -use parity_scale_codec::{Decode, Encode}; -use scale_info::TypeInfo; -use sp_core::RuntimeDebug; - -/// This represents all the collateral data that we need to store on chain in order to verify -/// the quoting enclave validity of another enclave that wants to register itself on chain -#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] -pub struct QuotingEnclave { - // Todo: make timestamp: Moment - pub issue_date: u64, // unix epoch in milliseconds - // Todo: make timestamp: Moment - pub next_update: u64, // unix epoch in milliseconds - pub miscselect: [u8; 4], - pub miscselect_mask: [u8; 4], - pub attributes: [u8; 16], - pub attributes_mask: [u8; 16], - pub mrsigner: MrSigner, - pub isvprodid: u16, - /// Contains only the TCB versions that are considered UpToDate - pub tcb: Vec, -} - -impl QuotingEnclave { - #[allow(clippy::too_many_arguments)] - pub fn new( - issue_date: u64, - next_update: u64, - miscselect: [u8; 4], - miscselect_mask: [u8; 4], - attributes: [u8; 16], - attributes_mask: [u8; 16], - mrsigner: MrSigner, - isvprodid: u16, - tcb: Vec, - ) -> Self { - Self { - issue_date, - next_update, - miscselect, - miscselect_mask, - attributes, - attributes_mask, - mrsigner, - isvprodid, - tcb, - } - } - - pub fn attributes_flags_mask_as_u64(&self) -> u64 { - let slice_as_array: [u8; 8] = self.attributes_mask[0..8].try_into().unwrap(); - u64::from_le_bytes(slice_as_array) - } - - pub fn attributes_flags_as_u64(&self) -> u64 { - let slice_as_array: [u8; 8] = self.attributes[0..8].try_into().unwrap(); - u64::from_le_bytes(slice_as_array) - } -} diff --git a/parachain/pallets/teebag/src/sgx_verify/collateral.rs b/parachain/pallets/teebag/src/sgx_verify/collateral.rs deleted file mode 100644 index 9b15e40bfc..0000000000 --- a/parachain/pallets/teebag/src/sgx_verify/collateral.rs +++ /dev/null @@ -1,281 +0,0 @@ -/* - Copyright 2022 Integritee AG and Supercomputing Systems AG - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -*/ - -pub extern crate alloc; - -use crate::{Fmspc, MrSigner, Pcesvn, QeTcb, QuotingEnclave, TcbInfoOnChain, TcbVersionStatus}; -use alloc::string::String; -use chrono::prelude::{DateTime, Utc}; -use serde::{de::Error, Deserialize, Deserializer, Serialize, Serializer}; -use sp_std::prelude::*; - -/// The data structures in here are designed such that they can be used to serialize/deserialize -/// the "TCB info" and "enclave identity" collateral data in JSON format provided by intel -/// See https://api.portal.trustedservices.intel.com/documentation for further information and examples - -#[derive(Serialize, Deserialize)] -pub struct Tcb { - isvsvn: u16, -} - -impl Tcb { - pub fn is_valid(&self) -> bool { - // At the time of writing this code everything older than 6 is outdated - // Intel does the same check in their DCAP implementation - self.isvsvn >= 6 - } -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct TcbLevel { - tcb: Tcb, - /// Intel does not verify the tcb_date in their code and their API documentation also does - /// not mention it needs verification. - tcb_date: DateTime, - tcb_status: String, - #[serde(rename = "advisoryIDs")] - #[serde(skip_serializing_if = "Option::is_none")] - advisory_ids: Option>, -} - -impl TcbLevel { - pub fn is_valid(&self) -> bool { - // UpToDate is the only valid status (the other being OutOfDate and Revoked) - // A possible extension would be to also verify that the advisory_ids list is empty, - // but I think this could also lead to all TcbLevels being invalid - self.tcb.is_valid() && self.tcb_status == "UpToDate" - } -} - -#[derive(Serialize, Deserialize)] -struct TcbComponent { - svn: u8, - #[serde(skip_serializing_if = "Option::is_none")] - category: Option, - #[serde(rename = "type")] //type is a keyword so we rename the field - #[serde(skip_serializing_if = "Option::is_none")] - tcb_type: Option, -} - -#[derive(Serialize, Deserialize)] -pub struct TcbFull { - sgxtcbcomponents: [TcbComponent; 16], - pcesvn: Pcesvn, -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct TcbLevelFull { - tcb: TcbFull, - /// Intel does not verify the tcb_date in their code and their API documentation also does - /// not mention it needs verification. - tcb_date: DateTime, - tcb_status: String, - #[serde(rename = "advisoryIDs")] - #[serde(skip_serializing_if = "Option::is_none")] - advisory_ids: Option>, -} - -impl TcbLevelFull { - pub fn is_valid(&self) -> bool { - // A possible extension would be to also verify that the advisory_ids list is empty, - // but I think this could also lead to all TcbLevels being invalid - // - // Litentry: be more lenient with it - self.tcb_status == "UpToDate" - || self.tcb_status == "SWHardeningNeeded" - || self.tcb_status == "ConfigurationNeeded" - || self.tcb_status == "ConfigurationAndSWHardeningNeeded" - } -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct EnclaveIdentity { - id: String, - version: u16, - issue_date: DateTime, - next_update: DateTime, - tcb_evaluation_data_number: u16, - #[serde(deserialize_with = "deserialize_from_hex::<_, 4>")] - #[serde(serialize_with = "serialize_to_hex::<_, 4>")] - miscselect: [u8; 4], - #[serde(deserialize_with = "deserialize_from_hex::<_, 4>")] - #[serde(serialize_with = "serialize_to_hex::<_, 4>")] - miscselect_mask: [u8; 4], - #[serde(deserialize_with = "deserialize_from_hex::<_, 16>")] - #[serde(serialize_with = "serialize_to_hex::<_, 16>")] - attributes: [u8; 16], - #[serde(deserialize_with = "deserialize_from_hex::<_, 16>")] - #[serde(serialize_with = "serialize_to_hex::<_, 16>")] - attributes_mask: [u8; 16], - #[serde(deserialize_with = "deserialize_from_hex::<_, 32>")] - #[serde(serialize_with = "serialize_to_hex::<_, 32>")] - mrsigner: MrSigner, - pub isvprodid: u16, - pub tcb_levels: Vec, -} - -fn serialize_to_hex(x: &[u8; N], s: S) -> Result -where - S: Serializer, -{ - s.serialize_str(&hex::encode(x).to_uppercase()) -} - -fn deserialize_from_hex<'de, D, const N: usize>(deserializer: D) -> Result<[u8; N], D::Error> -where - D: Deserializer<'de>, -{ - let s: &str = Deserialize::deserialize(deserializer)?; - let hex = hex::decode(s).map_err(|_| D::Error::custom("Failed to deserialize hex string"))?; - hex.try_into().map_err(|_| D::Error::custom("Invalid hex length")) -} - -impl EnclaveIdentity { - /// This extracts the necessary information into the struct that we actually store in the chain - pub fn to_quoting_enclave(&self) -> QuotingEnclave { - let mut valid_tcbs: Vec = Vec::new(); - for tcb in &self.tcb_levels { - if tcb.is_valid() { - valid_tcbs.push(QeTcb::new(tcb.tcb.isvsvn)); - } - } - QuotingEnclave::new( - self.issue_date - .timestamp_millis() - .try_into() - .expect("no support for negative unix timestamps"), - self.next_update - .timestamp_millis() - .try_into() - .expect("no support for negative unix timestamps"), - self.miscselect, - self.miscselect_mask, - self.attributes, - self.attributes_mask, - self.mrsigner, - self.isvprodid, - valid_tcbs, - ) - } - - pub fn is_valid(&self, timestamp_millis: i64) -> bool { - self.id == "QE" - && self.version == 2 - && self.issue_date.timestamp_millis() < timestamp_millis - && timestamp_millis < self.next_update.timestamp_millis() - } -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct TcbInfo { - id: String, - version: u8, - issue_date: DateTime, - next_update: DateTime, - #[serde(deserialize_with = "deserialize_from_hex::<_, 6>")] - #[serde(serialize_with = "serialize_to_hex::<_, 6>")] - pub fmspc: Fmspc, - pce_id: String, - tcb_type: u16, - tcb_evaluation_data_number: u16, - tcb_levels: Vec, -} - -impl TcbInfo { - /// This extracts the necessary information into a tuple (`(Key, Value)`) that we actually store - /// in the chain - pub fn to_chain_tcb_info(&self) -> (Fmspc, TcbInfoOnChain) { - let valid_tcbs: Vec = self - .tcb_levels - .iter() - // Only store TCB levels on chain that are currently valid - .filter(|tcb| tcb.is_valid()) - .map(|tcb| { - let mut components = [0u8; 16]; - for (i, t) in tcb.tcb.sgxtcbcomponents.iter().enumerate() { - components[i] = t.svn; - } - TcbVersionStatus::new(components, tcb.tcb.pcesvn) - }) - .collect(); - ( - self.fmspc, - TcbInfoOnChain::new( - self.issue_date - .timestamp_millis() - .try_into() - .expect("no support for negative unix timestamps"), - self.next_update - .timestamp_millis() - .try_into() - .expect("no support for negative unix timestamps"), - valid_tcbs, - ), - ) - } - - pub fn is_valid(&self, timestamp_millis: i64) -> bool { - self.id == "SGX" - && self.version == 3 - && self.issue_date.timestamp_millis() < timestamp_millis - && timestamp_millis < self.next_update.timestamp_millis() - } -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct TcbInfoSigned { - pub tcb_info: TcbInfo, - pub signature: String, -} - -#[derive(Serialize, Deserialize)] -#[serde(rename_all = "camelCase")] -pub struct EnclaveIdentitySigned { - pub enclave_identity: EnclaveIdentity, - pub signature: String, -} - -#[cfg(test)] -mod tests { - use super::*; - - #[test] - fn tcb_level_is_valid() { - let t: TcbLevel = serde_json::from_str( - r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#, - ) - .unwrap(); - assert!(t.is_valid()); - - let t: TcbLevel = serde_json::from_str( - r#"{"tcb":{"isvsvn":6}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"OutOfDate" }"#, - ) - .unwrap(); - assert!(!t.is_valid()); - - let t: TcbLevel = serde_json::from_str( - r#"{"tcb":{"isvsvn":5}, "tcbDate":"2021-11-10T00:00:00Z", "tcbStatus":"UpToDate" }"#, - ) - .unwrap(); - assert!(!t.is_valid()); - } -} diff --git a/parachain/pallets/teebag/src/sgx_verify/ephemeral_key.rs b/parachain/pallets/teebag/src/sgx_verify/ephemeral_key.rs deleted file mode 100644 index 29bc989704..0000000000 --- a/parachain/pallets/teebag/src/sgx_verify/ephemeral_key.rs +++ /dev/null @@ -1,31 +0,0 @@ -use super::{utils::length_from_raw_data, CertDer}; -use sp_std::convert::TryFrom; - -pub struct EphemeralKey<'a>(&'a [u8]); - -pub const PRIME256V1_OID: &[u8; 10] = &[0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07]; -impl<'a> TryFrom> for EphemeralKey<'a> { - type Error = &'static str; - - fn try_from(value: CertDer<'a>) -> Result { - let cert_der = value.0; - - let mut offset = cert_der - .windows(PRIME256V1_OID.len()) - .position(|window| window == PRIME256V1_OID) - .ok_or("Certificate does not contain 'PRIME256V1_OID'")?; - - offset += PRIME256V1_OID.len() + 1; // OID length + TAG (0x03) - - // Obtain Public Key length - let len = length_from_raw_data(cert_der, &mut offset)?; - - // Obtain Public Key - offset += 1; - let pub_k = cert_der.get(offset + 2..offset + len).ok_or("Index out of bounds")?; // skip "00 04" - - #[cfg(test)] - println!("verifyRA ephemeral public key: {:x?}", pub_k); - Ok(EphemeralKey(pub_k)) - } -} diff --git a/parachain/pallets/teebag/src/sgx_verify/mod.rs b/parachain/pallets/teebag/src/sgx_verify/mod.rs deleted file mode 100644 index aba0aefd96..0000000000 --- a/parachain/pallets/teebag/src/sgx_verify/mod.rs +++ /dev/null @@ -1,840 +0,0 @@ -/* - Copyright 2021 Integritee AG and Supercomputing Systems AG - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -*/ - -//! Contains all the logic for understanding and verifying SGX remote attestation reports. -//! -//! Intel's documentation is scattered across different documents: -//! -//! "Intel® Software Guard Extensions: PCK Certificate and Certificate Revocation List Profile -//! Specification", further denoted as `PCK_Certificate_CRL_Spec-1.1`. -//! -//! * https://download.01.org/intel-sgx/dcap-1.2/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.1.pdf -//! -//! Intel® SGX Developer Guide, further denoted as `SGX_Developer_Guide`: -//! -//! * https://download.01.org/intel-sgx/linux-1.5/docs/Intel_SGX_Developer_Guide.pdf - -pub extern crate alloc; - -use self::{ - collateral::{EnclaveIdentity, TcbInfo}, - netscape_comment::NetscapeComment, - utils::length_from_raw_data, -}; -use crate::{ - Cpusvn, Fmspc, MrEnclave, MrSigner, Pcesvn, QuotingEnclave, SgxBuildMode, TcbVersionStatus, -}; -use alloc::string::String; -use chrono::DateTime; -use core::time::Duration; -use der::asn1::ObjectIdentifier; -use frame_support::{ensure, traits::Len}; -use parity_scale_codec::{Decode, Encode, Input}; -use ring::signature::{self}; -use scale_info::TypeInfo; -use serde_json::Value; -use sp_std::{ - convert::{TryFrom, TryInto}, - prelude::*, - vec, -}; -use x509_cert::Certificate; - -pub mod collateral; -mod ephemeral_key; -mod netscape_comment; -#[cfg(test)] -mod tests; -mod utils; - -const SGX_REPORT_DATA_SIZE: usize = 64; -#[derive(Debug, Encode, Decode, PartialEq, Eq, Copy, Clone, TypeInfo)] -#[repr(C)] -pub struct SgxReportData { - d: [u8; SGX_REPORT_DATA_SIZE], -} - -#[derive(Debug, Encode, Decode, PartialEq, Eq, Copy, Clone, TypeInfo)] -#[repr(C)] -pub struct SGXAttributes { - flags: u64, - xfrm: u64, -} - -/// This is produced by an SGX platform, when it wants to be attested. -#[derive(Debug, Decode, Clone, TypeInfo)] -#[repr(C)] -pub struct DcapQuote { - header: DcapQuoteHeader, - body: SgxReportBody, - signature_data_len: u32, - quote_signature_data: EcdsaQuoteSignature, -} - -/// All the documentation about this can be found in the `PCK_Certificate_CRL_Spec-1.1` page 62. -#[derive(Debug, Encode, Decode, Copy, Clone, TypeInfo)] -#[repr(C)] -pub struct DcapQuoteHeader { - /// Version of the Quote data structure. - /// - /// This is version 3 for the DCAP ECDSA attestation. - version: u16, - /// Type of the Attestation Key used by the Quoting Enclave. - /// • Supported values: - /// - 2 (ECDSA-256-with-P-256 curve) - /// - 3 (ECDSA-384-with-P-384 curve) (Note: currently not supported) - attestation_key_type: u16, - /// Reserved field, value 0. - reserved: u32, - /// Security Version of the Quoting Enclave currently loaded on the platform. - qe_svn: u16, - /// Security Version of the Provisioning Certification Enclave currently loaded on the - /// platform. - pce_svn: u16, - /// Unique identifier of the QE Vendor. - /// - /// This will usually be Intel's Quoting enclave with the ID: 939A7233F79C4CA9940A0DB3957F0607. - qe_vendor_id: [u8; 16], - /// Custom user-defined data. - user_data: [u8; 20], -} - -const ATTESTATION_KEY_SIZE: usize = 64; -const REPORT_SIGNATURE_SIZE: usize = 64; - -#[derive(Debug, Decode, Clone, TypeInfo)] -#[repr(C)] -pub struct EcdsaQuoteSignature { - isv_enclave_report_signature: [u8; REPORT_SIGNATURE_SIZE], - ecdsa_attestation_key: [u8; ATTESTATION_KEY_SIZE], - qe_report: SgxReportBody, - qe_report_signature: [u8; REPORT_SIGNATURE_SIZE], - qe_authentication_data: QeAuthenticationData, - qe_certification_data: QeCertificationData, -} - -#[derive(Debug, Clone, TypeInfo)] -#[repr(C)] -pub struct QeAuthenticationData { - size: u16, - certification_data: Vec, -} - -impl Decode for QeAuthenticationData { - fn decode(input: &mut I) -> Result { - let mut size_buf: [u8; 2] = [0; 2]; - input.read(&mut size_buf)?; - let size = u16::from_le_bytes(size_buf); - - let mut certification_data = vec![0; size.into()]; - input.read(&mut certification_data)?; - - Ok(Self { size, certification_data }) - } -} - -#[derive(Debug, Clone, TypeInfo)] -#[repr(C)] -pub struct QeCertificationData { - certification_data_type: u16, - size: u32, - certification_data: Vec, -} - -impl Decode for QeCertificationData { - fn decode(input: &mut I) -> Result { - let mut certification_data_type_buf: [u8; 2] = [0; 2]; - input.read(&mut certification_data_type_buf)?; - let certification_data_type = u16::from_le_bytes(certification_data_type_buf); - - let mut size_buf: [u8; 4] = [0; 4]; - input.read(&mut size_buf)?; - let size = u32::from_le_bytes(size_buf); - // This is an arbitrary limit to prevent out of memory issues. Intel does not specify a max - // value - if size > 65_000 { - return Result::Err(parity_scale_codec::Error::from( - "Certification data too long. Max 65000 bytes are allowed", - )); - } - - // Safety: The try_into() can only fail due to overflow on a 16-bit system, but we anyway - // ensure the value is small enough above. - let mut certification_data = vec![0; size.try_into().unwrap()]; - input.read(&mut certification_data)?; - - Ok(Self { certification_data_type, size, certification_data }) - } -} - -// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_report.h -const SGX_REPORT_BODY_RESERVED1_BYTES: usize = 12; -const SGX_REPORT_BODY_RESERVED2_BYTES: usize = 32; -const SGX_REPORT_BODY_RESERVED3_BYTES: usize = 32; -const SGX_REPORT_BODY_RESERVED4_BYTES: usize = 42; -const SGX_FLAGS_DEBUG: u64 = 0x0000000000000002; - -/// SGX report about an enclave. -/// -/// We don't verify all of the fields, as some contain business logic specific data that is -/// not related to the overall validity of an enclave. We only check security related fields. The -/// only exception to this is the quoting enclave, where we validate specific fields against known -/// values. -#[derive(Debug, Encode, Decode, Copy, Clone, TypeInfo)] -#[repr(C)] -pub struct SgxReportBody { - /// Security version of the CPU. - /// - /// Reflects the processors microcode update version. - cpu_svn: [u8; 16], /* ( 0) Security Version of the CPU */ - /// State Save Area (SSA) extended feature set. Flags used for specific exception handling - /// settings. Unless, you know what you are doing these should all be 0. - /// - /// See: https://cdrdv2-public.intel.com/671544/exception-handling-in-intel-sgx.pdf. - misc_select: [u8; 4], /* ( 16) Which fields defined in SSA.MISC */ - /// Unused reserved bytes. - reserved1: [u8; SGX_REPORT_BODY_RESERVED1_BYTES], /* ( 20) */ - /// Extended Product ID of an enclave. - isv_ext_prod_id: [u8; 16], /* ( 32) ISV assigned Extended Product ID */ - /// Attributes, defines features that should be enabled for an enclave. - /// - /// Here, we only check if the Debug mode is enabled. - /// - /// More details in `SGX_Developer_Guide` under `Debug (Opt-in) Enclave Consideration` on page - /// 24. - attributes: SGXAttributes, /* ( 48) Any special Capabilities the Enclave possess */ - /// Enclave measurement. - /// - /// A single 256-bit hash that identifies the code and initial data to - /// be placed inside the enclave, the expected order and position in which they are to be - /// placed, and the security properties of those pages. More details in `SGX_Developer_Guide` - /// page 6. - mr_enclave: MrEnclave, /* ( 64) The value of the enclave's ENCLAVE measurement */ - /// Unused reserved bytes. - reserved2: [u8; SGX_REPORT_BODY_RESERVED2_BYTES], /* ( 96) */ - /// The enclave author’s public key. - /// - /// More details in `SGX_Developer_Guide` page 6. - mr_signer: MrSigner, /* (128) The value of the enclave's SIGNER measurement */ - /// Unused reserved bytes. - reserved3: [u8; SGX_REPORT_BODY_RESERVED3_BYTES], /* (160) */ - /// Config ID of an enclave. - /// - /// Todo: #142 - Investigate the relevancy of this value. - config_id: [u8; 64], /* (192) CONFIGID */ - /// The Product ID of the enclave. - /// - /// The Independent Software Vendor (ISV) should configure a unique ISVProdID for each product - /// that may want to share sealed data between enclaves signed with a specific `MRSIGNER`. - isv_prod_id: u16, /* (256) Product ID of the Enclave */ - /// ISV security version of the enclave. - /// - /// This is the enclave author's responsibility to increase it whenever a security related - /// update happened. Here, we will only check it for the `Quoting Enclave` to ensure that the - /// quoting enclave is recent enough. - /// - /// More details in `SGX_Developer_Guide` page 6. - isv_svn: u16, /* (258) Security Version of the Enclave */ - /// Config Security version of the enclave. - config_svn: u16, /* (260) CONFIGSVN */ - /// Unused reserved bytes. - reserved4: [u8; SGX_REPORT_BODY_RESERVED4_BYTES], /* (262) */ - /// Family ID assigned by the ISV. - /// - /// Todo: #142 - Investigate the relevancy of this value. - isv_family_id: [u8; 16], /* (304) ISV assigned Family ID */ - /// Custom data to be defined by the enclave author. - /// - /// We use this to provide the public key of the enclave that is to be registered on the chain. - /// Doing this, will prove that the public key is from a legitimate SGX enclave when it is - /// verified together with the remote attestation. - report_data: SgxReportData, /* (320) Data provided by the user */ -} - -impl SgxReportBody { - pub fn sgx_build_mode(&self) -> SgxBuildMode { - if self.attributes.flags & SGX_FLAGS_DEBUG == SGX_FLAGS_DEBUG { - SgxBuildMode::Debug - } else { - SgxBuildMode::Production - } - } - - fn verify_misc_select_field(&self, o: &QuotingEnclave) -> bool { - for i in 0..self.misc_select.len() { - if (self.misc_select[i] & o.miscselect_mask[i]) - != (o.miscselect[i] & o.miscselect_mask[i]) - { - return false; - } - } - true - } - - fn verify_attributes_field(&self, o: &QuotingEnclave) -> bool { - let attributes_flags = self.attributes.flags; - - let quoting_enclave_attributes_mask = o.attributes_flags_mask_as_u64(); - let quoting_enclave_attributes_flags = o.attributes_flags_as_u64(); - - (attributes_flags & quoting_enclave_attributes_mask) == quoting_enclave_attributes_flags - } - - pub fn verify(&self, o: &QuotingEnclave) -> bool { - if self.isv_prod_id != o.isvprodid || self.mr_signer != o.mrsigner { - return false; - } - if !self.verify_misc_select_field(o) { - return false; - } - if !self.verify_attributes_field(o) { - return false; - } - for tcb in &o.tcb { - // If the enclave isvsvn is bigger than one of the - if self.isv_svn >= tcb.isvsvn { - return true; - } - } - false - } -} -// see Intel SGX SDK https://github.com/intel/linux-sgx/blob/master/common/inc/sgx_quote.h -#[derive(Encode, Decode, Copy, Clone, TypeInfo)] -#[repr(C)] -pub struct SgxQuote { - version: u16, /* 0 */ - sign_type: u16, /* 2 */ - epid_group_id: u32, /* 4 */ - qe_svn: u16, /* 8 */ - pce_svn: u16, /* 10 */ - xeid: u32, /* 12 */ - basename: [u8; 32], /* 16 */ - report_body: SgxReportBody, /* 48 */ -} - -#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo, Default)] -pub enum SgxStatus { - #[default] - #[codec(index = 0)] - Invalid, - #[codec(index = 1)] - Ok, - #[codec(index = 2)] - GroupOutOfDate, - #[codec(index = 3)] - GroupRevoked, - #[codec(index = 4)] - ConfigurationNeeded, -} - -#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)] -pub struct SgxReport { - pub mr_enclave: MrEnclave, - pub pubkey: [u8; 32], - pub status: SgxStatus, - pub timestamp: u64, // unix timestamp in milliseconds - pub build_mode: SgxBuildMode, -} - -type SignatureAlgorithms = &'static [&'static dyn webpki::types::SignatureVerificationAlgorithm]; -static SUPPORTED_SIG_ALGS: SignatureAlgorithms = &[ - webpki::ring::RSA_PKCS1_2048_8192_SHA256, - webpki::ring::RSA_PKCS1_2048_8192_SHA384, - webpki::ring::RSA_PKCS1_2048_8192_SHA512, - webpki::ring::RSA_PKCS1_3072_8192_SHA384, -]; - -//pub const IAS_REPORT_CA: &[u8] = include_bytes!("../AttestationReportSigningCACert.pem"); - -pub static IAS_SERVER_ROOTS: &[webpki::types::TrustAnchor<'static>; 1] = &[ - /* - * -----BEGIN CERTIFICATE----- - * MIIFSzCCA7OgAwIBAgIJANEHdl0yo7CUMA0GCSqGSIb3DQEBCwUAMH4xCzAJBgNV - * BAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwLU2FudGEgQ2xhcmExGjAYBgNV - * BAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQDDCdJbnRlbCBTR1ggQXR0ZXN0 - * YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwIBcNMTYxMTE0MTUzNzMxWhgPMjA0OTEy - * MzEyMzU5NTlaMH4xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEUMBIGA1UEBwwL - * U2FudGEgQ2xhcmExGjAYBgNVBAoMEUludGVsIENvcnBvcmF0aW9uMTAwLgYDVQQD - * DCdJbnRlbCBTR1ggQXR0ZXN0YXRpb24gUmVwb3J0IFNpZ25pbmcgQ0EwggGiMA0G - * CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCfPGR+tXc8u1EtJzLA10Feu1Wg+p7e - * LmSRmeaCHbkQ1TF3Nwl3RmpqXkeGzNLd69QUnWovYyVSndEMyYc3sHecGgfinEeh - * rgBJSEdsSJ9FpaFdesjsxqzGRa20PYdnnfWcCTvFoulpbFR4VBuXnnVLVzkUvlXT - * L/TAnd8nIZk0zZkFJ7P5LtePvykkar7LcSQO85wtcQe0R1Raf/sQ6wYKaKmFgCGe - * NpEJUmg4ktal4qgIAxk+QHUxQE42sxViN5mqglB0QJdUot/o9a/V/mMeH8KvOAiQ - * byinkNndn+Bgk5sSV5DFgF0DffVqmVMblt5p3jPtImzBIH0QQrXJq39AT8cRwP5H - * afuVeLHcDsRp6hol4P+ZFIhu8mmbI1u0hH3W/0C2BuYXB5PC+5izFFh/nP0lc2Lf - * 6rELO9LZdnOhpL1ExFOq9H/B8tPQ84T3Sgb4nAifDabNt/zu6MmCGo5U8lwEFtGM - * RoOaX4AS+909x00lYnmtwsDVWv9vBiJCXRsCAwEAAaOByTCBxjBgBgNVHR8EWTBX - * MFWgU6BRhk9odHRwOi8vdHJ1c3RlZHNlcnZpY2VzLmludGVsLmNvbS9jb250ZW50 - * L0NSTC9TR1gvQXR0ZXN0YXRpb25SZXBvcnRTaWduaW5nQ0EuY3JsMB0GA1UdDgQW - * BBR4Q3t2pn680K9+QjfrNXw7hwFRPDAfBgNVHSMEGDAWgBR4Q3t2pn680K9+Qjfr - * NXw7hwFRPDAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBADANBgkq - * hkiG9w0BAQsFAAOCAYEAeF8tYMXICvQqeXYQITkV2oLJsp6J4JAqJabHWxYJHGir - * IEqucRiJSSx+HjIJEUVaj8E0QjEud6Y5lNmXlcjqRXaCPOqK0eGRz6hi+ripMtPZ - * sFNaBwLQVV905SDjAzDzNIDnrcnXyB4gcDFCvwDFKKgLRjOB/WAqgscDUoGq5ZVi - * zLUzTqiQPmULAQaB9c6Oti6snEFJiCQ67JLyW/E83/frzCmO5Ru6WjU4tmsmy8Ra - * Ud4APK0wZTGtfPXU7w+IBdG5Ez0kE1qzxGQaL4gINJ1zMyleDnbuS8UicjJijvqA - * 152Sq049ESDz+1rRGc2NVEqh1KaGXmtXvqxXcTB+Ljy5Bw2ke0v8iGngFBPqCTVB - * 3op5KBG3RjbF6RRSzwzuWfL7QErNC8WEy5yDVARzTA5+xmBc388v9Dm21HGfcC8O - * DD+gT9sSpssq0ascmvH49MOgjt1yoysLtdCtJW/9FZpoOypaHx0R+mJTLwPXVMrv - * DaVzWh5aiEx+idkSGMnX - * -----END CERTIFICATE----- - */ - webpki::types::TrustAnchor { - subject: webpki::types::Der::from_slice(b"1\x0b0\t\x06\x03U\x04\x06\x13\x02US1\x0b0\t\x06\x03U\x04\x08\x0c\x02CA1\x140\x12\x06\x03U\x04\x07\x0c\x0bSanta Clara1\x1a0\x18\x06\x03U\x04\n\x0c\x11Intel Corporation100.\x06\x03U\x04\x03\x0c\'Intel SGX Attestation Report Signing CA"), - subject_public_key_info: webpki::types::Der::from_slice(b"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x8f\x000\x82\x01\x8a\x02\x82\x01\x81\x00\x9f@u1@N6\xb3\x15b7\x99\xaa\x82Pt@\x97T\xa2\xdf\xe8\xf5\xaf\xd5\xfec\x1e\x1f\xc2\xaf8\x08\x90o(\xa7\x90\xd9\xdd\x9f\xe0`\x93\x9b\x12W\x90\xc5\x80]\x03}\xf5j\x99S\x1b\x96\xdei\xde3\xed\"l\xc1 }\x10B\xb5\xc9\xab\x7f@O\xc7\x11\xc0\xfeGi\xfb\x95x\xb1\xdc\x0e\xc4i\xea\x1a%\xe0\xff\x99\x14\x88n\xf2i\x9b#[\xb4\x84}\xd6\xff@\xb6\x06\xe6\x17\x07\x93\xc2\xfb\x98\xb3\x14X\x7f\x9c\xfd%sb\xdf\xea\xb1\x0b;\xd2\xd9vs\xa1\xa4\xbdD\xc4S\xaa\xf4\x7f\xc1\xf2\xd3\xd0\xf3\x84\xf7J\x06\xf8\x9c\x08\x9f\r\xa6\xcd\xb7\xfc\xee\xe8\xc9\x82\x1a\x8eT\xf2\\\x04\x16\xd1\x8cF\x83\x9a_\x80\x12\xfb\xdd=\xc7M%by\xad\xc2\xc0\xd5Z\xffo\x06\"B]\x1b\x02\x03\x01\x00\x01"), - name_constraints: None - }, -]; - -/// The needed code for a trust anchor can be extracted using `webpki` with something like this: -/// println!("{:?}", webpki::TrustAnchor::try_from_cert_der(&root_cert)); -#[allow(clippy::zero_prefixed_literal)] -pub static DCAP_SERVER_ROOTS: &[webpki::types::TrustAnchor<'static>; 1] = - &[webpki::types::TrustAnchor { - subject: webpki::types::Der::from_slice(&[ - 49, 26, 48, 24, 06, 03, 85, 04, 03, 12, 17, 73, 110, 116, 101, 108, 32, 83, 71, 88, 32, - 82, 111, 111, 116, 32, 67, 65, 49, 26, 48, 24, 06, 03, 85, 04, 10, 12, 17, 73, 110, - 116, 101, 108, 32, 67, 111, 114, 112, 111, 114, 97, 116, 105, 111, 110, 49, 20, 48, 18, - 06, 03, 85, 04, 07, 12, 11, 83, 97, 110, 116, 97, 32, 67, 108, 97, 114, 97, 49, 11, 48, - 09, 06, 03, 85, 04, 08, 12, 02, 67, 65, 49, 11, 48, 09, 06, 03, 85, 04, 06, 19, 02, 85, - 83, - ]), - subject_public_key_info: webpki::types::Der::from_slice(&[ - 48, 19, 06, 07, 42, 134, 72, 206, 61, 02, 01, 06, 08, 42, 134, 72, 206, 61, 03, 01, 07, - 03, 66, 00, 04, 11, 169, 196, 192, 192, 200, 97, 147, 163, 254, 35, 214, 176, 44, 218, - 16, 168, 187, 212, 232, 142, 72, 180, 69, 133, 97, 163, 110, 112, 85, 37, 245, 103, - 145, 142, 46, 220, 136, 228, 13, 134, 11, 208, 204, 78, 226, 106, 172, 201, 136, 229, - 05, 169, 83, 85, 140, 69, 63, 107, 09, 04, 174, 115, 148, - ]), - name_constraints: None, - }]; - -/// Contains an unvalidated ias remote attestation certificate. -/// -/// Wrapper to implemented parsing and verification traits on it. -pub struct CertDer<'a>(&'a [u8]); - -/// Encode two 32-byte values in DER format -/// This is meant for 256 bit ECC signatures or public keys -pub fn encode_as_der(data: &[u8]) -> Result, &'static str> { - if data.len() != 64 { - return Result::Err("Key must be 64 bytes long"); - } - let mut sequence = der::asn1::SequenceOf::::new(); - sequence - .add(der::asn1::UIntRef::new(&data[0..32]).map_err(|_| "Invalid public key")?) - .map_err(|_| "Invalid public key")?; - sequence - .add(der::asn1::UIntRef::new(&data[32..]).map_err(|_| "Invalid public key")?) - .map_err(|_| "Invalid public key")?; - // 72 should be enough in all cases. 2 + 2 x (32 + 3) - let mut asn1 = vec![0u8; 72]; - let mut writer = der::SliceWriter::new(&mut asn1); - writer.encode(&sequence).map_err(|_| "Could not encode public key to DER")?; - Ok(writer.finish().map_err(|_| "Could not convert public key to DER")?.to_vec()) -} - -/// Extracts the specified data into a `EnclaveIdentity` instance. -/// Also verifies that the data matches the given signature, was produced by the given certificate -/// and matches the data -pub fn deserialize_enclave_identity( - data: &[u8], - signature: &[u8], - certificate: &webpki::EndEntityCert, -) -> Result { - let signature = encode_as_der(signature)?; - verify_signature(certificate, data, &signature, webpki::ring::ECDSA_P256_SHA256)?; - serde_json::from_slice(data).map_err(|_| "Deserialization failed") -} - -/// Extracts the specified data into a `TcbInfo` instance. -/// Also verifies that the data matches the given signature, was produced by the given certificate -/// and matches the data -pub fn deserialize_tcb_info( - data: &[u8], - signature: &[u8], - certificate: &webpki::EndEntityCert, -) -> Result { - let signature = encode_as_der(signature)?; - verify_signature(certificate, data, &signature, webpki::ring::ECDSA_P256_SHA256)?; - serde_json::from_slice(data).map_err(|_| "Deserialization failed") -} - -/// Extract a list of certificates from a byte vec. The certificates must be separated by -/// `-----BEGIN CERTIFICATE-----` and `-----END CERTIFICATE-----` markers -pub fn extract_certs(cert_chain: &[u8]) -> Vec> { - // The certificates should be valid UTF-8 but if not we continue. The certificate verification - // will fail at a later point. - let certs_concat = String::from_utf8_lossy(cert_chain); - let certs_concat = certs_concat.replace('\n', ""); - let certs_concat = certs_concat.replace("-----BEGIN CERTIFICATE-----", ""); - // Use the end marker to split the string into certificates - let parts = certs_concat.split("-----END CERTIFICATE-----"); - parts.filter(|p| !p.is_empty()).filter_map(|p| base64::decode(p).ok()).collect() -} - -/// Verifies that the `leaf_cert` in combination with the `intermediate_certs` establishes -/// a valid certificate chain that is rooted in one of the trust anchors that was compiled into to -/// the pallet -pub fn verify_certificate_chain<'a>( - leaf_cert: &webpki::EndEntityCert<'a>, - intermediate_certs: &[webpki::types::CertificateDer<'a>], - verification_time: u64, -) -> Result<(), &'static str> { - let time = - webpki::types::UnixTime::since_unix_epoch(Duration::from_secs(verification_time / 1000)); - let sig_algs = &[webpki::ring::ECDSA_P256_SHA256]; - leaf_cert - .verify_for_usage( - sig_algs, - DCAP_SERVER_ROOTS, - intermediate_certs, - time, - webpki::KeyUsage::client_auth(), - None, - ) - .map_err(|_| "Invalid certificate chain")?; - Ok(()) -} -#[allow(unused)] -pub fn extract_tcb_info_from_raw_dcap_quote( - dcap_quote_raw: &[u8], -) -> Result<(Fmspc, TcbVersionStatus), &'static str> { - let mut dcap_quote_clone = dcap_quote_raw; - let quote: DcapQuote = - Decode::decode(&mut dcap_quote_clone).map_err(|_| "Failed to decode attestation report")?; - - ensure!(quote.header.version == 3, "Only support for version 3"); - ensure!(quote.header.attestation_key_type == 2, "Only support for ECDSA-256"); - ensure!( - quote.quote_signature_data.qe_certification_data.certification_data_type == 5, - "Only support for PEM formatted PCK Cert Chain" - ); - - let certs = extract_certs("e.quote_signature_data.qe_certification_data.certification_data); - - let (fmspc, tcb_info) = extract_tcb_info(&certs[0])?; - - Ok((fmspc, tcb_info)) -} - -pub fn verify_dcap_quote( - dcap_quote_raw: &[u8], - verification_time: u64, - qe: &QuotingEnclave, -) -> Result<(Fmspc, TcbVersionStatus, SgxReport), &'static str> { - let mut dcap_quote_clone = dcap_quote_raw; - let quote: DcapQuote = - Decode::decode(&mut dcap_quote_clone).map_err(|_| "Failed to decode attestation report")?; - - ensure!(quote.header.version == 3, "Only support for version 3"); - ensure!(quote.header.attestation_key_type == 2, "Only support for ECDSA-256"); - ensure!( - quote.quote_signature_data.qe_certification_data.certification_data_type == 5, - "Only support for PEM formatted PCK Cert Chain" - ); - ensure!(quote.quote_signature_data.qe_report.verify(qe), "Enclave rejected by quoting enclave"); - let mut xt_signer_array = [0u8; 32]; - xt_signer_array.copy_from_slice("e.body.report_data.d[..32]); - - let certs = extract_certs("e.quote_signature_data.qe_certification_data.certification_data); - ensure!(certs.len() >= 2, "Certificate chain must have at least two certificates"); - let intermediate_certificate_slices: Vec = - certs[1..].iter().map(|c| c.as_slice().into()).collect(); - let leaf_cert_der = webpki::types::CertificateDer::from(certs[0].as_slice()); - let leaf_cert = webpki::EndEntityCert::try_from(&leaf_cert_der) - .map_err(|_| "Failed to parse leaf certificate")?; - verify_certificate_chain(&leaf_cert, &intermediate_certificate_slices, verification_time)?; - - let (fmspc, tcb_info) = extract_tcb_info(&certs[0])?; - - // For this part some understanding of the document (Especially chapter A.4: Quote Format) - // Intel® Software Guard Extensions (Intel® SGX) Data Center Attestation Primitives: ECDSA Quote - // Library API https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_SGX_ECDSA_QuoteLibReference_DCAP_API.pdf - - const AUTHENTICATION_DATA_SIZE: usize = 32; // This is actually variable but assume 32 for now. This is also hard-coded to 32 in the Intel - // DCAP repo - const DCAP_QUOTE_HEADER_SIZE: usize = core::mem::size_of::(); - const REPORT_SIZE: usize = core::mem::size_of::(); - const QUOTE_SIGNATURE_DATA_LEN_SIZE: usize = core::mem::size_of::(); - - let attestation_key_offset = DCAP_QUOTE_HEADER_SIZE - + REPORT_SIZE - + QUOTE_SIGNATURE_DATA_LEN_SIZE - + REPORT_SIGNATURE_SIZE; - let authentication_data_offset = attestation_key_offset - + ATTESTATION_KEY_SIZE - + REPORT_SIZE - + REPORT_SIGNATURE_SIZE - + core::mem::size_of::(); //Size of the QE authentication data. We ignore this for now and assume 32. See - // AUTHENTICATION_DATA_SIZE - let mut hash_data = [0u8; ATTESTATION_KEY_SIZE + AUTHENTICATION_DATA_SIZE]; - hash_data[0..ATTESTATION_KEY_SIZE].copy_from_slice( - &dcap_quote_raw[attestation_key_offset..(attestation_key_offset + ATTESTATION_KEY_SIZE)], - ); - hash_data[ATTESTATION_KEY_SIZE..].copy_from_slice( - &dcap_quote_raw - [authentication_data_offset..(authentication_data_offset + AUTHENTICATION_DATA_SIZE)], - ); - // Ensure that the hash matches the intel signed hash in the QE report. This establishes trust - // into the attestation key. - let hash = ring::digest::digest(&ring::digest::SHA256, &hash_data); - ensure!( - hash.as_ref() == "e.quote_signature_data.qe_report.report_data.d[0..32], - "Hashes must match" - ); - - let qe_report_offset = attestation_key_offset + ATTESTATION_KEY_SIZE; - let qe_report_slice = &dcap_quote_raw[qe_report_offset..(qe_report_offset + REPORT_SIZE)]; - let mut pub_key = [0x04u8; 65]; //Prepend 0x04 to specify uncompressed format - pub_key[1..].copy_from_slice("e.quote_signature_data.ecdsa_attestation_key); - - let peer_public_key = - signature::UnparsedPublicKey::new(&signature::ECDSA_P256_SHA256_FIXED, pub_key); - let isv_report_slice = &dcap_quote_raw[0..(DCAP_QUOTE_HEADER_SIZE + REPORT_SIZE)]; - // Verify that the enclave data matches the signature generated by the trusted attestation key. - // This establishes trust into the data of the enclave we actually want to verify - peer_public_key - .verify(isv_report_slice, "e.quote_signature_data.isv_enclave_report_signature) - .map_err(|_| "Failed to verify report signature")?; - - // Verify that the QE report was signed by Intel. This establishes trust into the QE report. - let asn1_signature = encode_as_der("e.quote_signature_data.qe_report_signature)?; - verify_signature( - &leaf_cert, - qe_report_slice, - &asn1_signature, - webpki::ring::ECDSA_P256_SHA256, - )?; - - ensure!(dcap_quote_clone.is_empty(), "There should be no bytes left over after decoding"); - let report = SgxReport { - mr_enclave: quote.body.mr_enclave, - status: SgxStatus::Ok, - pubkey: xt_signer_array, - timestamp: verification_time, - build_mode: quote.body.sgx_build_mode(), - }; - Ok((fmspc, tcb_info, report)) -} - -// make sure this function doesn't panic! -pub fn verify_ias_report(cert_der: &[u8]) -> Result { - // Before we reach here, the runtime already verified the extrinsic is properly signed by the - // extrinsic sender Hence, we skip: EphemeralKey::try_from(cert)?; - let cert = CertDer(cert_der); - let netscape = NetscapeComment::try_from(cert)?; - let sig_cert_der = webpki::types::CertificateDer::from(netscape.sig_cert.as_slice()); - let sig_cert = webpki::EndEntityCert::try_from(&sig_cert_der).map_err(|_| "Bad der")?; - - verify_signature( - &sig_cert, - netscape.attestation_raw, - &netscape.sig, - webpki::ring::RSA_PKCS1_2048_8192_SHA256, - )?; - - // FIXME: now hardcoded. but certificate renewal would have to be done manually anyway... - // chain wasm update or by some sudo call - let valid_until = webpki::types::UnixTime::since_unix_epoch(Duration::from_secs(1573419050)); - verify_server_cert(&sig_cert, valid_until)?; - - parse_report(&netscape) -} - -fn parse_report(netscape: &NetscapeComment) -> Result { - let report_raw: &[u8] = netscape.attestation_raw; - // parse attestation report - let attn_report: Value = match serde_json::from_slice(report_raw) { - Ok(report) => report, - Err(_) => return Err("RA report parsing error"), - }; - - let _ra_timestamp = match &attn_report["timestamp"] { - Value::String(time) => { - let time_fixed = time.clone() + "+0000"; - match DateTime::parse_from_str(&time_fixed, "%Y-%m-%dT%H:%M:%S%.f%z") { - Ok(d) => d.timestamp(), - Err(_) => return Err("RA report timestamp parsing error"), - } - }, - _ => return Err("Failed to fetch timestamp from attestation report"), - }; - - // in milliseconds - let ra_timestamp: u64 = (_ra_timestamp * 1000) - .try_into() - .map_err(|_| "Error converting report.timestamp to u64")?; - - // get quote status (mandatory field) - let ra_status = match &attn_report["isvEnclaveQuoteStatus"] { - Value::String(quote_status) => match quote_status.as_ref() { - "OK" => SgxStatus::Ok, - "GROUP_OUT_OF_DATE" => SgxStatus::GroupOutOfDate, - "GROUP_REVOKED" => SgxStatus::GroupRevoked, - "CONFIGURATION_NEEDED" => SgxStatus::ConfigurationNeeded, - _ => SgxStatus::Invalid, - }, - _ => return Err("Failed to fetch isvEnclaveQuoteStatus from attestation report"), - }; - - // parse quote body - if let Value::String(quote_raw) = &attn_report["isvEnclaveQuoteBody"] { - let quote = match base64::decode(quote_raw) { - Ok(q) => q, - Err(_) => return Err("Quote Decoding Error"), - }; - // TODO: lack security check here - let sgx_quote: SgxQuote = match Decode::decode(&mut "e[..]) { - Ok(q) => q, - Err(_) => return Err("could not decode quote"), - }; - - let mut xt_signer_array = [0u8; 32]; - xt_signer_array.copy_from_slice(&sgx_quote.report_body.report_data.d[..32]); - Ok(SgxReport { - mr_enclave: sgx_quote.report_body.mr_enclave, - status: ra_status, - pubkey: xt_signer_array, - timestamp: ra_timestamp, - build_mode: sgx_quote.report_body.sgx_build_mode(), - }) - } else { - Err("Failed to parse isvEnclaveQuoteBody from attestation report") - } -} - -/// * `signature` - Must be encoded in DER format. -pub fn verify_signature( - entity_cert: &webpki::EndEntityCert, - data: &[u8], - signature: &[u8], - signature_algorithm: &dyn webpki::types::SignatureVerificationAlgorithm, -) -> Result<(), &'static str> { - match entity_cert.verify_signature(signature_algorithm, data, signature) { - Ok(()) => Ok(()), - Err(_e) => Err("bad signature"), - } -} - -pub fn verify_server_cert( - sig_cert: &webpki::EndEntityCert, - timestamp_valid_until: webpki::types::UnixTime, -) -> Result<(), &'static str> { - let chain: Vec = Vec::new(); - match sig_cert.verify_for_usage( - SUPPORTED_SIG_ALGS, - IAS_SERVER_ROOTS, - &chain, - timestamp_valid_until, - webpki::KeyUsage::server_auth(), - None, - ) { - Ok(()) => Ok(()), - Err(_e) => Err("CA verification failed"), - } -} - -/// See document "Intel® Software Guard Extensions: PCK Certificate and Certificate Revocation List -/// Profile Specification" https://download.01.org/intel-sgx/dcap-1.2/linux/docs/Intel_SGX_PCK_Certificate_CRL_Spec-1.1.pdf -const INTEL_SGX_EXTENSION_OID: ObjectIdentifier = - ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1"); -const OID_FMSPC: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.4"); -const OID_PCESVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.17"); -const OID_CPUSVN: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113741.1.13.1.2.18"); - -pub fn extract_tcb_info(cert: &[u8]) -> Result<(Fmspc, TcbVersionStatus), &'static str> { - let extension_section = get_intel_extension(cert)?; - - let fmspc = get_fmspc(&extension_section)?; - let cpusvn = get_cpusvn(&extension_section)?; - let pcesvn = get_pcesvn(&extension_section)?; - - Ok((fmspc, TcbVersionStatus::new(cpusvn, pcesvn))) -} - -fn get_intel_extension(der_encoded: &[u8]) -> Result, &'static str> { - let cert: Certificate = - der::Decode::from_der(der_encoded).map_err(|_| "Error parsing certificate")?; - let mut extension_iter = cert - .tbs_certificate - .extensions - .as_deref() - .unwrap_or(&[]) - .iter() - .filter(|e| e.extn_id == INTEL_SGX_EXTENSION_OID) - .map(|e| e.extn_value); - - let extension = extension_iter.next(); - ensure!( - extension.is_some() && extension_iter.next().is_none(), - "There should only be one section containing Intel extensions" - ); - // SAFETY: Ensured above that extension.is_some() == true - Ok(extension.unwrap().to_vec()) -} - -fn get_fmspc(der: &[u8]) -> Result { - let bytes_oid = OID_FMSPC.as_bytes(); - let mut offset = der - .windows(bytes_oid.len()) - .position(|window| window == bytes_oid) - .ok_or("Certificate does not contain 'FMSPC_OID'")?; - offset += 12; // length oid (10) + asn1 tag (1) + asn1 length10 (1) - - let fmspc_size = core::mem::size_of::() / core::mem::size_of::(); - let data = der.get(offset..offset + fmspc_size).ok_or("Index out of bounds")?; - data.try_into().map_err(|_| "FMSPC must be 6 bytes long") -} - -fn get_cpusvn(der: &[u8]) -> Result { - let bytes_oid = OID_CPUSVN.as_bytes(); - let mut offset = der - .windows(bytes_oid.len()) - .position(|window| window == bytes_oid) - .ok_or("Certificate does not contain 'CPUSVN_OID'")?; - offset += 13; // length oid (11) + asn1 tag (1) + asn1 length10 (1) - - // CPUSVN is specified to have length 16 - let len = 16; - let data = der.get(offset..offset + len).ok_or("Index out of bounds")?; - data.try_into().map_err(|_| "CPUSVN must be 16 bytes long") -} - -fn get_pcesvn(der: &[u8]) -> Result { - let bytes_oid = OID_PCESVN.as_bytes(); - let mut offset = der - .windows(bytes_oid.len()) - .position(|window| window == bytes_oid) - .ok_or("Certificate does not contain 'PCESVN_OID'")?; - // length oid + asn1 tag (1 byte) - offset += bytes_oid.len() + 1; - // PCESVN can be 1 or 2 bytes - let len = length_from_raw_data(der, &mut offset)?; - offset += 1; // length_from_raw_data does not move the offset when the length is encoded in a single byte - ensure!(len == 1 || len == 2, "PCESVN must be 1 or 2 bytes"); - let data = der.get(offset..offset + len).ok_or("Index out of bounds")?; - if data.len() == 1 { - Ok(u16::from(data[0])) - } else { - // Unwrap is fine here as we check the length above - // DER integers are encoded in big endian - Ok(u16::from_be_bytes(data.try_into().unwrap())) - } -} diff --git a/parachain/pallets/teebag/src/sgx_verify/netscape_comment.rs b/parachain/pallets/teebag/src/sgx_verify/netscape_comment.rs deleted file mode 100644 index e5791e2e56..0000000000 --- a/parachain/pallets/teebag/src/sgx_verify/netscape_comment.rs +++ /dev/null @@ -1,46 +0,0 @@ -use super::{utils::length_from_raw_data, CertDer}; -use frame_support::ensure; -use sp_std::{convert::TryFrom, prelude::Vec}; - -pub struct NetscapeComment<'a> { - pub attestation_raw: &'a [u8], - pub sig: Vec, - pub sig_cert: Vec, -} - -pub const NS_CMT_OID: &[u8; 11] = - &[0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x42, 0x01, 0x0D]; - -impl<'a> TryFrom> for NetscapeComment<'a> { - type Error = &'static str; - - fn try_from(value: CertDer<'a>) -> Result { - // Search for Netscape Comment OID - let cert_der = value.0; - - let mut offset = cert_der - .windows(NS_CMT_OID.len()) - .position(|window| window == NS_CMT_OID) - .ok_or("Certificate does not contain 'ns_cmt_oid'")?; - - offset += 12; // 11 + TAG (0x04) - - // Obtain Netscape Comment length - let len = length_from_raw_data(cert_der, &mut offset)?; - // Obtain Netscape Comment - offset += 1; - let netscape_raw = cert_der - .get(offset..offset + len) - .ok_or("Index out of bounds")? - .split(|x| *x == 0x7C) // 0x7C is the character '|' - .collect::>(); - ensure!(netscape_raw.len() == 3, "Invalid netscape payload"); - - let sig = base64::decode(netscape_raw[1]).map_err(|_| "Signature Decoding Error")?; - - let sig_cert = base64::decode_config(netscape_raw[2], base64::STANDARD) - .map_err(|_| "Cert Decoding Error")?; - - Ok(NetscapeComment { attestation_raw: netscape_raw[0], sig, sig_cert }) - } -} diff --git a/parachain/pallets/teebag/src/sgx_verify/utils.rs b/parachain/pallets/teebag/src/sgx_verify/utils.rs deleted file mode 100644 index 6a0d66b0b4..0000000000 --- a/parachain/pallets/teebag/src/sgx_verify/utils.rs +++ /dev/null @@ -1,38 +0,0 @@ -fn safe_indexing_one(data: &[u8], idx: usize) -> Result { - let elt = data.get(idx).ok_or("Index out of bounds")?; - Ok(*elt as usize) -} - -pub fn length_from_raw_data(data: &[u8], offset: &mut usize) -> Result { - let mut len = safe_indexing_one(data, *offset)?; - if len > 0x80 { - len = (safe_indexing_one(data, *offset + 1)?) * 0x100 - + (safe_indexing_one(data, *offset + 2)?); - *offset += 2; - } - Ok(len) -} - -#[cfg(test)] -mod test { - use super::*; - use frame_support::assert_err; - - #[test] - fn index_equal_length_returns_err() { - // It was discovered a panic occurs if `index == data.len()` due to out of bound - // indexing. Here the fix is tested. - // - // For context see: https://github.com/integritee-network/pallet-teerex/issues/34 - let data: [u8; 7] = [0, 1, 2, 3, 4, 5, 6]; - assert_err!(safe_indexing_one(&data, data.len()), "Index out of bounds"); - } - - #[test] - fn safe_indexing_works() { - let data: [u8; 7] = [0, 1, 2, 3, 4, 5, 6]; - assert_eq!(safe_indexing_one(&data, 0), Ok(0)); - assert_eq!(safe_indexing_one(&data, 3), Ok(3)); - assert!(safe_indexing_one(&data, 10).is_err()); - } -} diff --git a/parachain/pallets/teebag/src/tcb.rs b/parachain/pallets/teebag/src/tcb.rs deleted file mode 100644 index 59fcefe6b3..0000000000 --- a/parachain/pallets/teebag/src/tcb.rs +++ /dev/null @@ -1,103 +0,0 @@ -/* -Copyright 2021 Integritee AG and Supercomputing Systems AG - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. - -*/ - -// `Tcb...` primitive part, copied from Integritee - -use crate::{Cpusvn, Pcesvn, Vec}; -use parity_scale_codec::{Decode, Encode}; -use scale_info::TypeInfo; -use sp_core::RuntimeDebug; - -/// The list of valid TCBs for an enclave. -#[derive(Encode, Decode, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] -pub struct QeTcb { - pub isvsvn: u16, -} - -impl QeTcb { - pub fn new(isvsvn: u16) -> Self { - Self { isvsvn } - } -} - -#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] -pub struct TcbVersionStatus { - pub cpusvn: Cpusvn, - pub pcesvn: Pcesvn, -} - -impl TcbVersionStatus { - pub fn new(cpusvn: Cpusvn, pcesvn: Pcesvn) -> Self { - Self { cpusvn, pcesvn } - } - - pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool { - for (v, r) in self.cpusvn.iter().zip(examinee.cpusvn.iter()) { - if *v > *r { - return false; - } - } - self.pcesvn <= examinee.pcesvn - } -} - -/// This represents all the collateral data that we need to store on chain in order to verify -/// the quoting enclave validity of another enclave that wants to register itself on chain -#[derive(Encode, Decode, Default, Clone, PartialEq, Eq, RuntimeDebug, TypeInfo)] -pub struct TcbInfoOnChain { - // Todo: make timestamp: Moment - pub issue_date: u64, // unix epoch in milliseconds - // Todo: make timestamp: Moment - pub next_update: u64, // unix epoch in milliseconds - tcb_levels: Vec, -} - -impl TcbInfoOnChain { - pub fn new(issue_date: u64, next_update: u64, tcb_levels: Vec) -> Self { - Self { issue_date, next_update, tcb_levels } - } - - pub fn verify_examinee(&self, examinee: &TcbVersionStatus) -> bool { - for tb in &self.tcb_levels { - if tb.verify_examinee(examinee) { - return true; - } - } - false - } -} - -#[cfg(test)] -mod tests { - use super::*; - use hex_literal::hex; - - #[test] - fn tcb_full_is_valid() { - // The strings are the hex encodings of the 16-byte CPUSVN numbers - let reference = TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7); - assert!(reference.verify_examinee(&reference)); - assert!(reference - .verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 7))); - assert!(reference - .verify_examinee(&TcbVersionStatus::new(hex!("21110204018007000000000000000001"), 7))); - assert!(!reference - .verify_examinee(&TcbVersionStatus::new(hex!("10110204018007000000000000000000"), 6))); - assert!(!reference - .verify_examinee(&TcbVersionStatus::new(hex!("11110204018007000000000000000000"), 6))); - } -} diff --git a/parachain/pallets/teebag/src/tests.rs b/parachain/pallets/teebag/src/tests.rs index 9c1359f7de..0c0d02f0da 100644 --- a/parachain/pallets/teebag/src/tests.rs +++ b/parachain/pallets/teebag/src/tests.rs @@ -42,7 +42,7 @@ fn default_enclave() -> Enclave { fn register_quoting_enclave() { let quoting_enclave = br#"{"id":"QE","version":2,"issueDate":"2022-12-04T22:45:33Z","nextUpdate":"2023-01-03T22:45:33Z","tcbEvaluationDataNumber":13,"miscselect":"00000000","miscselectMask":"FFFFFFFF","attributes":"11000000000000000000000000000000","attributesMask":"FBFFFFFFFFFFFFFF0000000000000000","mrsigner":"8C4F5775D796503E96137F77C68A829A0056AC8DED70140B081B094490C57BFF","isvprodid":1,"tcbLevels":[{"tcb":{"isvsvn":6},"tcbDate":"2022-11-09T00:00:00Z","tcbStatus":"UpToDate"},{"tcb":{"isvsvn":5},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00477"]},{"tcb":{"isvsvn":4},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":2},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]},{"tcb":{"isvsvn":1},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00202","INTEL-SA-00219","INTEL-SA-00293","INTEL-SA-00334","INTEL-SA-00477"]}]}"#; let signature = hex!("47accba321e57c20722a0d3d1db11c9b52661239857dc578ca1bde13976ee288cf39f72111ffe445c7389ef56447c79e30e6b83a8863ed9880de5bde4a8d5c91"); - let certificate_chain = include_bytes!("./sgx_verify/test/dcap/qe_identity_issuer_chain.pem"); + let certificate_chain = include_bytes!("../../../../common/primitives/core/src/teebag/sgx_verify/test/dcap/qe_identity_issuer_chain.pem"); let pubkey: [u8; 32] = [ 65, 89, 193, 118, 86, 172, 17, 149, 206, 160, 174, 75, 219, 151, 51, 235, 110, 135, 20, 55, @@ -60,7 +60,7 @@ fn register_quoting_enclave() { fn register_tcb_info() { let tcb_info = br#"{"id":"SGX","version":3,"issueDate":"2022-11-17T12:45:32Z","nextUpdate":"2023-04-16T12:45:32Z","fmspc":"00906EA10000","pceId":"0000","tcbType":0,"tcbEvaluationDataNumber":12,"tcbLevels":[{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"SWHardeningNeeded","advisoryIDs":["INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":11},"tcbDate":"2021-11-10T00:00:00Z","tcbStatus":"ConfigurationAndSWHardeningNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":17},{"svn":17},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-11-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":15},{"svn":15},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2020-06-10T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":7},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":14},{"svn":14},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":10},"tcbDate":"2019-12-11T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":3},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":13},{"svn":13},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":9},"tcbDate":"2019-11-13T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00161","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":6},{"svn":6},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-05-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00233","INTEL-SA-00161","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":1},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":7},"tcbDate":"2019-01-09T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":5},{"svn":5},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":6},"tcbDate":"2018-08-15T00:00:00Z","tcbStatus":"OutOfDateConfigurationNeeded","advisoryIDs":["INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":4},{"svn":4},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":5},"tcbDate":"2018-01-04T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]},{"tcb":{"sgxtcbcomponents":[{"svn":2},{"svn":2},{"svn":2},{"svn":4},{"svn":1},{"svn":128},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0},{"svn":0}],"pcesvn":4},"tcbDate":"2017-07-26T00:00:00Z","tcbStatus":"OutOfDate","advisoryIDs":["INTEL-SA-00088","INTEL-SA-00106","INTEL-SA-00115","INTEL-SA-00135","INTEL-SA-00203","INTEL-SA-00161","INTEL-SA-00233","INTEL-SA-00220","INTEL-SA-00270","INTEL-SA-00293","INTEL-SA-00219","INTEL-SA-00289","INTEL-SA-00320","INTEL-SA-00329","INTEL-SA-00381","INTEL-SA-00389","INTEL-SA-00477","INTEL-SA-00334"]}]}"#; let signature = hex!("71746f2148ecba04e35cf1ac77a7e6267ce99f6781c1031f724bb5bd94b8c1b6e4c07c01dc151692aa75be80dfba7350bb80c58314a6975189597e28e9bbc75c"); - let certificate_chain = include_bytes!("./sgx_verify/test/dcap/tcb_info_issuer_chain.pem"); + let certificate_chain = include_bytes!("../../../../common/primitives/core/src/teebag/sgx_verify/test/dcap/tcb_info_issuer_chain.pem"); let pubkey: [u8; 32] = [ 65, 89, 193, 118, 86, 172, 17, 149, 206, 160, 174, 75, 219, 151, 51, 235, 110, 135, 20, 55, diff --git a/parachain/pallets/vc-management/Cargo.toml b/parachain/pallets/vc-management/Cargo.toml index 60cff00356..423d323f61 100644 --- a/parachain/pallets/vc-management/Cargo.toml +++ b/parachain/pallets/vc-management/Cargo.toml @@ -18,7 +18,7 @@ sp-runtime = { workspace = true } sp-std = { workspace = true } core-primitives = { workspace = true } -pallet-teebag = { workspace = true } +pallet-teebag = { workspace = true, optional = true } [dev-dependencies] frame-benchmarking = { workspace = true, features = ["std"] } diff --git a/parachain/pallets/vc-management/src/lib.rs b/parachain/pallets/vc-management/src/lib.rs index d9d5b21bbf..098d1b48e7 100644 --- a/parachain/pallets/vc-management/src/lib.rs +++ b/parachain/pallets/vc-management/src/lib.rs @@ -36,7 +36,6 @@ pub mod weights; pub use crate::weights::WeightInfo; pub use pallet::*; -use pallet_teebag::ShardIdentifier; use sp_core::H256; use sp_std::vec::Vec; @@ -49,7 +48,8 @@ pub type VCIndex = H256; pub mod pallet { use super::*; use core_primitives::{ - Assertion, ErrorDetail, Identity, SchemaIndex, VCMPError, SCHEMA_CONTENT_LEN, SCHEMA_ID_LEN, + Assertion, ErrorDetail, Identity, SchemaIndex, ShardIdentifier, VCMPError, + SCHEMA_CONTENT_LEN, SCHEMA_ID_LEN, }; use frame_support::pallet_prelude::*; use frame_system::pallet_prelude::*; diff --git a/parachain/pallets/vc-management/src/mock.rs b/parachain/pallets/vc-management/src/mock.rs index 3e9f9b10fa..5b569c2ace 100644 --- a/parachain/pallets/vc-management/src/mock.rs +++ b/parachain/pallets/vc-management/src/mock.rs @@ -63,7 +63,7 @@ where if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(pallet_teebag::Pallet::::add_enclave( &signer, - &pallet_teebag::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), + &core_primitives::Enclave::default().with_mrenclave(TEST8_MRENCLAVE), )); } Ok(frame_system::RawOrigin::Signed(signer).into()) @@ -187,20 +187,20 @@ pub fn new_test_ext() -> sp_io::TestExternalities { assert_ok!(Teebag::set_admin(RuntimeOrigin::root(), alice.clone())); assert_ok!(Teebag::set_mode( RuntimeOrigin::signed(alice.clone()), - pallet_teebag::OperationalMode::Development + core_primitives::OperationalMode::Development )); Timestamp::set_timestamp(TEST8_TIMESTAMP); let signer: SystemAccountId = get_signer(TEST8_SIGNER_PUB); if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(Teebag::register_enclave( RuntimeOrigin::signed(signer), - pallet_teebag::WorkerType::Identity, - pallet_teebag::WorkerMode::Sidechain, + core_primitives::WorkerType::Identity, + core_primitives::WorkerMode::Sidechain, TEST8_CERT.to_vec(), URL.to_vec(), None, None, - pallet_teebag::AttestationType::Ias, + core_primitives::AttestationType::Ias, )); } }); diff --git a/parachain/pallets/vc-management/src/tests.rs b/parachain/pallets/vc-management/src/tests.rs index a8b3952b6e..647a875fa2 100644 --- a/parachain/pallets/vc-management/src/tests.rs +++ b/parachain/pallets/vc-management/src/tests.rs @@ -14,8 +14,8 @@ // You should have received a copy of the GNU General Public License // along with Litentry. If not, see . -use crate::{mock::*, Error, ShardIdentifier, Status}; -use core_primitives::{Assertion, Identity}; +use crate::{mock::*, Error, Status}; +use core_primitives::{Assertion, Identity, ShardIdentifier}; use frame_support::{assert_noop, assert_ok}; use sp_core::H256; use sp_std::{vec, vec::Vec}; diff --git a/parachain/runtime/common/src/lib.rs b/parachain/runtime/common/src/lib.rs index 316fcc1ca1..2260900e05 100644 --- a/parachain/runtime/common/src/lib.rs +++ b/parachain/runtime/common/src/lib.rs @@ -320,7 +320,7 @@ where fn try_successful_origin() -> Result { use pallet_teebag::test_util::{get_signer, TEST8_MRENCLAVE, TEST8_SIGNER_PUB}; let signer: ::AccountId = get_signer(TEST8_SIGNER_PUB); - let enclave = pallet_teebag::Enclave::default().with_mrenclave(TEST8_MRENCLAVE); + let enclave = core_primitives::Enclave::default().with_mrenclave(TEST8_MRENCLAVE); if !pallet_teebag::EnclaveRegistry::::contains_key(signer.clone()) { assert_ok!(pallet_teebag::Pallet::::add_enclave(&signer, &enclave)); } diff --git a/parachain/runtime/litentry/src/lib.rs b/parachain/runtime/litentry/src/lib.rs index a1cc08d949..63ff46a5c6 100644 --- a/parachain/runtime/litentry/src/lib.rs +++ b/parachain/runtime/litentry/src/lib.rs @@ -59,8 +59,9 @@ use xcm_executor::XcmExecutor; pub use constants::currency::deposit; pub use core_primitives::{ - opaque, AccountId, Amount, AssetId, Balance, BlockNumber, Hash, Header, Identity, Nonce, - Signature, DAYS, HOURS, LITENTRY_PARA_ID, MINUTES, SLOT_DURATION, + opaque, teebag::OperationalMode as TeebagOperationalMode, AccountId, Amount, AssetId, Balance, + BlockNumber, Hash, Header, Identity, Nonce, Signature, DAYS, HOURS, LITENTRY_PARA_ID, MINUTES, + SLOT_DURATION, }; pub use runtime_common::currency::*; use runtime_common::{ @@ -84,7 +85,6 @@ use pallet_evm::{ // for TEE pub use pallet_balances::Call as BalancesCall; -pub use pallet_teebag::{self, OperationalMode as TeebagOperationalMode}; // Make the WASM binary available. #[cfg(feature = "std")] diff --git a/parachain/runtime/paseo/src/lib.rs b/parachain/runtime/paseo/src/lib.rs index b3967f00cf..887408ebd7 100644 --- a/parachain/runtime/paseo/src/lib.rs +++ b/parachain/runtime/paseo/src/lib.rs @@ -43,7 +43,6 @@ use parity_scale_codec::{Decode, Encode, MaxEncodedLen}; use runtime_common::EnsureEnclaveSigner; // for TEE pub use pallet_balances::Call as BalancesCall; -pub use pallet_teebag::{self, OperationalMode as TeebagOperationalMode}; use sp_api::impl_runtime_apis; pub use sp_consensus_aura::sr25519::AuthorityId as AuraId; @@ -69,8 +68,8 @@ use xcm_executor::XcmExecutor; pub use constants::currency::deposit; pub use core_primitives::{ - opaque, AccountId, Amount, AssetId, Balance, BlockNumber, Hash, Header, Identity, Nonce, - Signature, DAYS, HOURS, MINUTES, SLOT_DURATION, + opaque, teebag::OperationalMode as TeebagOperationalMode, AccountId, Amount, AssetId, Balance, + BlockNumber, Hash, Header, Identity, Nonce, Signature, DAYS, HOURS, MINUTES, SLOT_DURATION, }; pub use runtime_common::currency::*; diff --git a/parachain/runtime/rococo/src/lib.rs b/parachain/runtime/rococo/src/lib.rs index e186597e0b..1325f53191 100644 --- a/parachain/runtime/rococo/src/lib.rs +++ b/parachain/runtime/rococo/src/lib.rs @@ -42,7 +42,6 @@ use parity_scale_codec::{Decode, Encode, MaxEncodedLen}; use runtime_common::EnsureEnclaveSigner; // for TEE pub use pallet_balances::Call as BalancesCall; -pub use pallet_teebag::{self, OperationalMode as TeebagOperationalMode}; use sp_api::impl_runtime_apis; pub use sp_consensus_aura::sr25519::AuthorityId as AuraId; @@ -68,8 +67,9 @@ use xcm_executor::XcmExecutor; pub use constants::currency::deposit; pub use core_primitives::{ - opaque, AccountId, Amount, AssetId, Balance, BlockNumber, Hash, Header, Identity, Nonce, - Signature, DAYS, HOURS, MINUTES, ROCOCO_PARA_ID, SLOT_DURATION, + opaque, teebag::OperationalMode as TeebagOperationalMode, AccountId, Amount, AssetId, Balance, + BlockNumber, Hash, Header, Identity, Nonce, Signature, DAYS, HOURS, MINUTES, ROCOCO_PARA_ID, + SLOT_DURATION, }; pub use runtime_common::currency::*; diff --git a/tee-worker/Cargo.lock b/tee-worker/Cargo.lock index db04271794..26fbc1ea62 100644 --- a/tee-worker/Cargo.lock +++ b/tee-worker/Cargo.lock @@ -39,8 +39,8 @@ dependencies = [ "scale-decode 0.8.0", "scale-encode", "scale-info", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-runtime", @@ -59,11 +59,11 @@ dependencies = [ "parity-scale-codec", "primitive-types", "scale-info", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", - "sp-core-hashing 5.0.0", + "sp-core-hashing", "sp-runtime", "sp-runtime-interface", "sp-staking", @@ -250,7 +250,7 @@ checksum = "cc6dde6e4ed435a4c1ee4e73592f5ba9da2151af10076cc04858746af9352d09" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -377,7 +377,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "sgx_tstd", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", "thiserror 1.0.9", ] @@ -408,7 +408,7 @@ dependencies = [ "sgx_tstd", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "substrate-api-client", ] @@ -430,7 +430,7 @@ dependencies = [ "sp-api", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-version", ] @@ -451,7 +451,7 @@ dependencies = [ "itp-storage", "itp-types", "itp-utils", - "litentry-macros 0.1.0", + "litentry-macros", "litentry-primitives", "log 0.4.20", "pallet-balances", @@ -463,7 +463,7 @@ dependencies = [ "sp-io 7.0.0", "sp-keyring", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -476,7 +476,7 @@ dependencies = [ "log 0.4.20", "rustls 0.19.0 (git+https://github.com/mesalock-linux/rustls?tag=sgx_1.1.3)", "rustls 0.19.1", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "tungstenite 0.14.0", "tungstenite 0.15.0", @@ -497,7 +497,7 @@ dependencies = [ "jsonrpc-core 18.0.0 (git+https://github.com/scs/jsonrpc?branch=no_std_v18)", "log 0.4.20", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "sp-runtime", "thiserror 1.0.44", @@ -620,9 +620,8 @@ dependencies = [ "itp-storage", "itp-types", "log 0.4.20", - "pallet-teebag", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_crypto_helper", "sgx_types", "sgx_urts", @@ -686,7 +685,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "parity-util-mem", - "serde 1.0.193", + "serde 1.0.210", "sgx_tstd", "sp-application-crypto", "sp-core", @@ -774,7 +773,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "sgx_tstd", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", "thiserror 1.0.9", ] @@ -790,7 +789,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "sgx_tstd", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", "thiserror 1.0.9", ] @@ -853,7 +852,7 @@ version = "0.5.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3a8241f3ebb85c056b509d4327ad0358fbbba6ffb340bf388f26350aeda225b1" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -871,7 +870,7 @@ version = "1.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b1f45e9417d87227c7a56d22e471c6206462cba514c7590c09aff4cf6d1ddcad" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -928,8 +927,8 @@ dependencies = [ "rayon", "regex 1.9.5", "reqwest", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_crypto_helper", "sp-application-crypto", "sp-core", @@ -986,9 +985,9 @@ dependencies = [ "rayon", "regex 1.9.5", "scale-info", - "serde 1.0.193", - "serde_derive 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_derive 1.0.210", + "serde_json 1.0.120", "sgx_crypto_helper", "sgx_types", "sp-consensus-grandpa", @@ -1136,7 +1135,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -1152,7 +1151,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "542f33a8835a0884b006a0c3df3dadd99c0c3f296ed26c2fdc8028e01ad6230c" dependencies = [ "memchr 2.6.3", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -1234,7 +1233,7 @@ version = "0.19.1" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3dc9f7a067415ab5058020f04c60ec7b557084dbec0e021217bbabc7a8d38d14" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", "toml 0.8.2", ] @@ -1299,7 +1298,7 @@ dependencies = [ "iana-time-zone", "js-sys", "num-traits 0.2.16", - "serde 1.0.193", + "serde 1.0.210", "time", "wasm-bindgen", "winapi 0.3.9", @@ -1406,8 +1405,8 @@ dependencies = [ "pathdiff", "ron", "rust-ini", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "toml 0.5.11", "yaml-rust 0.4.5", ] @@ -1455,22 +1454,31 @@ checksum = "e496a50fda8aacccc86d7529e2c1e0892dbd0f898a6b5645b5561b89c3210efa" [[package]] name = "core-primitives" version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" dependencies = [ "base58", + "base64 0.13.1", + "chrono 0.4.26", + "der 0.6.1", "frame-support", - "litentry-hex-utils 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "litentry-macros 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", + "hex", + "hex-literal", + "litentry-hex-utils", + "litentry-macros", "litentry-proc-macros", - "pallet-evm 6.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", + "pallet-evm", "parity-scale-codec", + "ring 0.16.20", + "rustls-webpki", "scale-info", + "serde 1.0.210", + "serde_json 1.0.120", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "strum 0.26.1", "strum_macros 0.26.1", + "x509-cert", ] [[package]] @@ -1506,7 +1514,7 @@ version = "0.93.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f42ea692c7b450ad18b8c9889661505d51c09ec4380cf1c2d278dbb2da22cae1" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -2031,7 +2039,7 @@ dependencies = [ "parity-scale-codec", "rlp", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sha3", "triehash", ] @@ -2078,35 +2086,15 @@ dependencies = [ "auto_impl", "environmental 1.1.4", "ethereum 0.14.0", - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-gasometer 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-runtime 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", + "evm-core 0.39.0", + "evm-gasometer 0.39.0", + "evm-runtime 0.39.0", "log 0.4.20", "parity-scale-codec", "primitive-types", "rlp", "scale-info", - "serde 1.0.193", - "sha3", -] - -[[package]] -name = "evm" -version = "0.39.1" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "auto_impl", - "environmental 1.1.4", - "ethereum 0.14.0", - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-gasometer 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-runtime 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "log 0.4.20", - "parity-scale-codec", - "primitive-types", - "rlp", - "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sha3", ] @@ -2138,18 +2126,7 @@ dependencies = [ "parity-scale-codec", "primitive-types", "scale-info", - "serde 1.0.193", -] - -[[package]] -name = "evm-core" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "parity-scale-codec", - "primitive-types", - "scale-info", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -2170,19 +2147,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d43eadc395bd1a52990787ca1495c26b0248165444912be075c28909a853b8c" dependencies = [ "environmental 1.1.4", - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-runtime 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "primitive-types", -] - -[[package]] -name = "evm-gasometer" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "environmental 1.1.4", - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-runtime 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm-core 0.39.0", + "evm-runtime 0.39.0", "primitive-types", ] @@ -2205,19 +2171,7 @@ checksum = "2aa5b32f59ec582a5651978004e5c784920291263b7dcb6de418047438e37f4f" dependencies = [ "auto_impl", "environmental 1.1.4", - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "primitive-types", - "sha3", -] - -[[package]] -name = "evm-runtime" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "auto_impl", - "environmental 1.1.4", - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm-core 0.39.0", "primitive-types", "sha3", ] @@ -2327,9 +2281,9 @@ dependencies = [ [[package]] name = "flagset" -version = "0.4.3" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cda653ca797810c02f7ca4b804b40b8b95ae046eb989d356bce17919a8c25499" +checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" [[package]] name = "flate2" @@ -2407,7 +2361,7 @@ dependencies = [ [[package]] name = "fp-account" version = "1.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ "hex", "impl-serde", @@ -2415,60 +2369,26 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", -] - -[[package]] -name = "fp-account" -version = "1.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" -dependencies = [ - "hex", - "impl-serde", - "libsecp256k1", - "log 0.4.20", - "parity-scale-codec", - "scale-info", - "serde 1.0.193", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-runtime", - "sp-runtime-interface", - "sp-std 5.0.0", -] - -[[package]] -name = "fp-evm" -version = "3.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" -dependencies = [ - "evm 0.39.1 (registry+https://github.com/rust-lang/crates.io-index)", - "frame-support", - "parity-scale-codec", - "scale-info", - "serde 1.0.193", - "sp-core", - "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] name = "fp-evm" version = "3.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ - "evm 0.39.1 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm 0.39.1", "frame-support", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -2490,14 +2410,14 @@ dependencies = [ "parity-scale-codec", "paste", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-api", "sp-application-crypto", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", "sp-runtime-interface", - "sp-std 5.0.0", + "sp-std", "sp-storage", "static_assertions", ] @@ -2514,7 +2434,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-tracing", ] @@ -2527,7 +2447,7 @@ dependencies = [ "cfg-if 1.0.0", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -2546,7 +2466,7 @@ dependencies = [ "parity-scale-codec", "paste", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "smallvec 1.11.0", "sp-api", "sp-arithmetic", @@ -2557,7 +2477,7 @@ dependencies = [ "sp-runtime", "sp-staking", "sp-state-machine", - "sp-std 5.0.0", + "sp-std", "sp-tracing", "sp-weights", "tt-call", @@ -2576,7 +2496,7 @@ dependencies = [ "proc-macro-warning", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -2588,7 +2508,7 @@ dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -2598,7 +2518,7 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -2610,11 +2530,11 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-version", "sp-weights", ] @@ -2768,7 +2688,7 @@ checksum = "89ca545a94061b6365f2c7355b4b32bd20df3ff95f02da9329b34ccc3bd6ee72" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -3020,6 +2940,12 @@ dependencies = [ "allocator-api2", ] +[[package]] +name = "hashbrown" +version = "0.15.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1e087f84d4f86bf4b218b927129862374b72199ae7d8657835f1e89000eea4fb" + [[package]] name = "hashbrown_tstd" version = "0.12.0" @@ -3353,7 +3279,7 @@ dependencies = [ "sgx_tstd", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "substrate-api-client", ] @@ -3366,7 +3292,7 @@ dependencies = [ "frame-system", "itp-sgx-runtime-primitives", "pallet-balances", - "pallet-evm 6.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", + "pallet-evm", "pallet-identity-management-tee", "pallet-parentchain", "pallet-sudo", @@ -3377,7 +3303,7 @@ dependencies = [ "sp-api", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-version", ] @@ -3401,8 +3327,8 @@ dependencies = [ "itp-types", "itp-utils", "lc-stf-task-sender", - "litentry-hex-utils 0.1.0", - "litentry-macros 0.1.0", + "litentry-hex-utils", + "litentry-macros", "litentry-primitives", "log 0.4.20", "pallet-balances", @@ -3416,7 +3342,7 @@ dependencies = [ "sp-io 7.0.0", "sp-keyring", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -3429,7 +3355,7 @@ dependencies = [ "log 0.4.20", "rustls 0.19.0 (git+https://github.com/mesalock-linux/rustls?tag=sgx_1.1.3)", "rustls 0.19.1", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "tungstenite 0.14.0", "tungstenite 0.15.0", @@ -3450,7 +3376,7 @@ dependencies = [ "jsonrpc-core 18.0.0 (git+https://github.com/scs/jsonrpc?branch=no_std_v18)", "log 0.4.20", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "sp-runtime", "thiserror 1.0.44", @@ -3573,9 +3499,8 @@ dependencies = [ "itp-storage", "itp-types", "log 0.4.20", - "pallet-teebag", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_crypto_helper", "sgx_types", "sgx_urts", @@ -3640,7 +3565,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "parity-util-mem", - "serde 1.0.193", + "serde 1.0.210", "sgx_tstd", "sp-application-crypto", "sp-core", @@ -3735,7 +3660,7 @@ version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ebc88fc67028ae3db0c853baa36269d398d5f45b6982f95549ff5def78c935cd" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -3767,17 +3692,17 @@ checksum = "bd070e393353796e801d209ad339e89596eb4c8d430d18ede6a1cced8fafbd99" dependencies = [ "autocfg 1.1.0", "hashbrown 0.12.3", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] name = "indexmap" -version = "2.0.0" +version = "2.6.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d5477fe2230a79769d8dc68e0eabf5437907c0457a5614a9e8dddb67f65eb65d" +checksum = "707907fe3c25f5424cce2cb7e1cbcafee6bdbe735ca90ef77c29e84591e5b9da" dependencies = [ "equivalent", - "hashbrown 0.14.0", + "hashbrown 0.15.0", ] [[package]] @@ -3841,8 +3766,8 @@ dependencies = [ "hyper-multipart-rfc7578", "hyper-tls", "parity-multiaddr", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "serde_urlencoded", "tokio", "tokio-util 0.6.10", @@ -3923,8 +3848,8 @@ dependencies = [ "http_req 0.8.1 (git+https://github.com/integritee-network/http_req?branch=master)", "http_req 0.8.1 (git+https://github.com/integritee-network/http_req)", "log 0.4.20", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_tstd", "thiserror 1.0.44", "thiserror 1.0.9", @@ -3951,7 +3876,7 @@ dependencies = [ "parity-scale-codec", "parking_lot 0.12.1", "rustls 0.19.1", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_crypto_helper", "sp-core", "thiserror 1.0.44", @@ -4076,7 +4001,7 @@ dependencies = [ "parity-scale-codec", "rustls 0.19.0 (git+https://github.com/mesalock-linux/rustls?tag=sgx_1.1.3)", "rustls 0.19.1", - "serde_json 1.0.103", + "serde_json 1.0.120", "serde_json 1.0.60 (git+https://github.com/mesalock-linux/serde-json-sgx?tag=sgx_1.1.3)", "sgx_rand", "sgx_tcrypto", @@ -4098,7 +4023,7 @@ version = "0.8.0" dependencies = [ "binary-merkle-tree", "parity-scale-codec", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -4224,7 +4149,7 @@ dependencies = [ "sgx_types", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -4243,8 +4168,8 @@ version = "0.1.0" dependencies = [ "itp-types", "parity-scale-codec", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_tstd", ] @@ -4269,7 +4194,7 @@ dependencies = [ "ofb", "parity-scale-codec", "secp256k1 0.28.0", - "serde_json 1.0.103", + "serde_json 1.0.120", "serde_json 1.0.60 (git+https://github.com/mesalock-linux/serde-json-sgx?tag=sgx_1.1.3)", "sgx_crypto_helper", "sgx_rand", @@ -4289,7 +4214,7 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "postcard", - "serde 1.0.193", + "serde 1.0.210", "sgx_tstd", "sp-core", ] @@ -4341,7 +4266,7 @@ dependencies = [ "parity-scale-codec", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -4394,7 +4319,7 @@ dependencies = [ "sp-core", "sp-runtime", "sp-state-machine", - "sp-std 5.0.0", + "sp-std", "sp-trie", "thiserror 1.0.44", "thiserror 1.0.9", @@ -4426,7 +4351,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -4450,11 +4375,11 @@ dependencies = [ "litentry-primitives", "pallet-balances", "parity-scale-codec", - "serde 1.0.193", + "serde 1.0.210", "sp-consensus-grandpa", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "substrate-api-client", ] @@ -4463,7 +4388,7 @@ name = "itp-utils" version = "0.1.0" dependencies = [ "hex", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "parity-scale-codec", ] @@ -4543,7 +4468,7 @@ dependencies = [ "its-state", "its-test", "its-validateer-fetch", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "log 0.4.20", "parity-scale-codec", "sgx_tstd", @@ -4575,7 +4500,7 @@ dependencies = [ "its-primitives", "its-state", "its-test", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "log 0.4.20", "parity-scale-codec", "sgx_tstd", @@ -4627,8 +4552,8 @@ dependencies = [ "its-test", "jsonrpsee", "log 0.4.20", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "thiserror 1.0.44", "tokio", ] @@ -4640,10 +4565,10 @@ dependencies = [ "itp-types", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -4717,7 +4642,7 @@ dependencies = [ "parity-scale-codec", "parking_lot 0.12.1", "rocksdb", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "temp-dir", "thiserror 1.0.44", @@ -4746,7 +4671,7 @@ dependencies = [ "parity-scale-codec", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -4775,7 +4700,7 @@ checksum = "96b0db21af676c1ce64250b5f40f3ce2cf27e4e47cb91ed91eb6fe9350b430c1" dependencies = [ "pest", "pest_derive", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -4788,9 +4713,9 @@ dependencies = [ "futures-executor 0.3.28", "futures-util 0.3.28", "log 0.4.20", - "serde 1.0.193", - "serde_derive 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_derive 1.0.210", + "serde_json 1.0.120", ] [[package]] @@ -4833,8 +4758,8 @@ dependencies = [ "jsonrpsee-types", "jsonrpsee-utils", "log 0.4.20", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "thiserror 1.0.44", "url 2.5.0 (registry+https://github.com/rust-lang/crates.io-index)", ] @@ -4853,8 +4778,8 @@ dependencies = [ "jsonrpsee-utils", "lazy_static", "log 0.4.20", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "socket2", "thiserror 1.0.44", "tokio", @@ -4886,8 +4811,8 @@ dependencies = [ "futures-util 0.3.28", "hyper", "log 0.4.20", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "soketto", "thiserror 1.0.44", ] @@ -4906,8 +4831,8 @@ dependencies = [ "parking_lot 0.11.2", "rand 0.8.5", "rustc-hash", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "thiserror 1.0.44", ] @@ -4925,8 +4850,8 @@ dependencies = [ "pin-project", "rustls 0.19.1", "rustls-native-certs", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "soketto", "thiserror 1.0.44", "tokio", @@ -4947,8 +4872,8 @@ dependencies = [ "jsonrpsee-utils", "log 0.4.20", "rustc-hash", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "soketto", "thiserror 1.0.44", "tokio", @@ -5030,16 +4955,15 @@ dependencies = [ "lc-dynamic-assertion", "lc-evm-dynamic-assertions", "lc-mock-server", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "litentry-primitives", "log 0.4.20", - "pallet-parachain-staking", "parity-scale-codec", "primitive-types", "rust-base58 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", "rust-base58 0.0.4 (git+https://github.com/mesalock-linux/rust-base58-sgx)", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_tstd", "sp-core", "ss58-registry", @@ -5062,7 +4986,7 @@ dependencies = [ "lc-credentials-v2", "lc-mock-server", "lc-service", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "litentry-primitives", "log 0.4.20", "parity-scale-codec", @@ -5098,8 +5022,8 @@ dependencies = [ "rust-base58 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", "rust-base58 0.0.4 (git+https://github.com/mesalock-linux/rust-base58-sgx)", "scale-info", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "serde_json 1.0.60 (git+https://github.com/mesalock-linux/serde-json-sgx?tag=sgx_1.1.3)", "sgx_tstd", "sp-core", @@ -5137,8 +5061,8 @@ dependencies = [ "litentry-primitives", "log 0.4.20", "parity-scale-codec", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_tstd", "thiserror 1.0.44", "thiserror 1.0.9", @@ -5196,12 +5120,12 @@ dependencies = [ "itp-sgx-temp-dir", "lc-dynamic-assertion", "lc-mock-server", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "litentry-primitives", "log 0.4.20", "parity-scale-codec", "rust_decimal", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "ss58-registry", "thiserror 1.0.44", @@ -5230,8 +5154,8 @@ dependencies = [ "lru", "parity-scale-codec", "rand 0.8.5", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_rand", "sgx_tstd", "sp-core", @@ -5249,7 +5173,7 @@ dependencies = [ "lc-data-providers", "litentry-primitives", "log 0.4.20", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-core", "tokio", "warp", @@ -5342,7 +5266,7 @@ dependencies = [ "parity-scale-codec", "sgx_tstd", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", "thiserror 1.0.9", ] @@ -5353,7 +5277,7 @@ version = "0.1.0" dependencies = [ "itp-storage", "itp-types", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -5382,7 +5306,7 @@ dependencies = [ "lc-stf-task-receiver", "lc-stf-task-sender", "lc-vc-task-sender", - "litentry-macros 0.1.0", + "litentry-macros", "litentry-primitives", "log 0.4.20", "pallet-identity-management-tee", @@ -5451,7 +5375,7 @@ dependencies = [ "libsecp256k1-gen-ecmult", "libsecp256k1-gen-genmult", "rand 0.8.5", - "serde 1.0.193", + "serde 1.0.210", "sha2 0.9.9", "typenum", ] @@ -5559,22 +5483,21 @@ dependencies = [ "itp-stf-primitives", "itp-types", "itp-utils", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "litentry-primitives", "log 0.4.20", - "pallet-evm 6.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", + "pallet-evm", "parity-scale-codec", "rand 0.8.5", "rayon", "regex 1.9.5", "reqwest", "scale-value", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sgx_crypto_helper", "sp-application-crypto", "sp-core", - "sp-core-hashing 6.0.0", "sp-keyring", "sp-keystore", "sp-runtime", @@ -5591,23 +5514,10 @@ dependencies = [ "hex", ] -[[package]] -name = "litentry-hex-utils" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "hex", -] - [[package]] name = "litentry-macros" version = "0.1.0" -[[package]] -name = "litentry-macros" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" - [[package]] name = "litentry-primitives" version = "0.1.0" @@ -5619,30 +5529,28 @@ dependencies = [ "itp-sgx-crypto", "itp-sgx-runtime-primitives", "log 0.4.20", - "pallet-teebag", "parity-scale-codec", "rand 0.7.3 (registry+https://github.com/rust-lang/crates.io-index)", "rand 0.7.3 (git+https://github.com/mesalock-linux/rand-sgx?tag=sgx_1.1.3)", "ring 0.16.20", "scale-info", "secp256k1 0.28.0", - "serde 1.0.193", + "serde 1.0.210", "sgx_tstd", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] name = "litentry-proc-macros" version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" dependencies = [ "cargo_toml", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -5686,7 +5594,7 @@ dependencies = [ "lazy_static", "lc-data-providers", "lc-mock-server", - "litentry-macros 0.1.0", + "litentry-macros", "litentry-primitives", "log 0.4.20", "mockall", @@ -5698,9 +5606,9 @@ dependencies = [ "rayon", "regex 1.9.5", "scale-info", - "serde 1.0.193", - "serde_derive 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_derive 1.0.210", + "serde_json 1.0.120", "sgx_crypto_helper", "sgx_types", "sp-consensus-grandpa", @@ -6507,7 +6415,7 @@ checksum = "a948666b637a0f465e8564c73e89d4dde00d72d4d473cc972f390fc3dcee7d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -6556,21 +6464,7 @@ dependencies = [ "scale-info", "sp-core", "sp-runtime", - "sp-std 5.0.0", -] - -[[package]] -name = "pallet-authorship" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "frame-support", - "frame-system", - "impl-trait-for-tuples", - "parity-scale-codec", - "scale-info", - "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -6585,47 +6479,22 @@ dependencies = [ "parity-scale-codec", "scale-info", "sp-runtime", - "sp-std 5.0.0", -] - -[[package]] -name = "pallet-evm" -version = "6.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" -dependencies = [ - "environmental 1.1.4", - "evm 0.39.1 (registry+https://github.com/rust-lang/crates.io-index)", - "fp-account 1.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", - "fp-evm 3.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", - "frame-benchmarking", - "frame-support", - "frame-system", - "hex", - "impl-trait-for-tuples", - "log 0.4.20", - "parity-scale-codec", - "rlp", - "scale-info", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] name = "pallet-evm" version = "6.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ "environmental 1.1.4", - "evm 0.39.1 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "fp-account 1.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", - "fp-evm 3.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", + "evm 0.39.1", + "fp-account", + "fp-evm", "frame-benchmarking", "frame-support", "frame-system", "hex", - "hex-literal", "impl-trait-for-tuples", "log 0.4.20", "parity-scale-codec", @@ -6634,7 +6503,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -6652,27 +6521,7 @@ dependencies = [ "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", -] - -[[package]] -name = "pallet-parachain-staking" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "core-primitives", - "frame-support", - "frame-system", - "log 0.4.20", - "pallet-authorship", - "pallet-balances", - "pallet-session", - "parity-scale-codec", - "scale-info", - "sp-runtime", - "sp-staking", - "sp-std 5.0.0", - "substrate-fixed", + "sp-std", ] [[package]] @@ -6691,26 +6540,6 @@ dependencies = [ "sp-runtime", ] -[[package]] -name = "pallet-session" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "frame-support", - "frame-system", - "impl-trait-for-tuples", - "log 0.4.20", - "pallet-timestamp", - "parity-scale-codec", - "scale-info", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-runtime", - "sp-session", - "sp-staking", - "sp-std 5.0.0", -] - [[package]] name = "pallet-sudo" version = "4.0.0-dev" @@ -6722,35 +6551,7 @@ dependencies = [ "scale-info", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", -] - -[[package]] -name = "pallet-teebag" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "base64 0.13.1", - "chrono 0.4.26", - "der 0.6.1", - "frame-support", - "frame-system", - "hex", - "hex-literal", - "log 0.4.20", - "pallet-balances", - "pallet-timestamp", - "parity-scale-codec", - "ring 0.16.20", - "rustls-webpki", - "scale-info", - "serde 1.0.193", - "serde_json 1.0.103", - "sp-core", - "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-runtime", - "sp-std 5.0.0", - "x509-cert", + "sp-std", ] [[package]] @@ -6767,7 +6568,7 @@ dependencies = [ "sp-inherents", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-timestamp", ] @@ -6780,11 +6581,11 @@ dependencies = [ "frame-system", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -6799,7 +6600,7 @@ dependencies = [ "data-encoding", "multihash", "percent-encoding 2.3.1 (registry+https://github.com/rust-lang/crates.io-index)", - "serde 1.0.193", + "serde 1.0.210", "static_assertions", "unsigned-varint 0.7.1", "url 2.5.0 (registry+https://github.com/rust-lang/crates.io-index)", @@ -6817,7 +6618,7 @@ dependencies = [ "bytes 1.4.0", "impl-trait-for-tuples", "parity-scale-codec-derive", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -7023,7 +6824,7 @@ dependencies = [ "pest_meta", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -7054,7 +6855,7 @@ checksum = "ec2e072ecce94ec471b13398d5402c188e76ac03cf74dd1a975161b23a3f6d9c" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -7092,7 +6893,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "a25c0b0ae06fcffe600ad392aabfa535696c8973f2253d9ac83171924c58a858" dependencies = [ "postcard-cobs", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -7210,14 +7011,14 @@ checksum = "0e99670bafb56b9a106419397343bdbc8b8742c3cc449fec6345f86173f47cd4" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] name = "proc-macro2" -version = "1.0.66" +version = "1.0.87" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "18fb31db3f9bddb2ea821cde30a9f70117e3f119938b5ee630b7403aa6e2ead9" +checksum = "b3e4daa0dcf6feba26f985457cdf104d4b4256fc5a09547140f3631bb076b19a" dependencies = [ "unicode-ident", ] @@ -7262,9 +7063,9 @@ dependencies = [ [[package]] name = "quote" -version = "1.0.33" +version = "1.0.37" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5267fca4496028628a95160fc423a33e8b2e6af8a5302579e322e4b520293cae" +checksum = "b5b9d34b8991d19d98081b46eacdd8eb58c6f2b201139f7c5f643cc155a633af" dependencies = [ "proc-macro2", ] @@ -7488,7 +7289,7 @@ checksum = "2dfaf0c85b766276c797f3791f5bc6d5bd116b41d53049af2789666b0c0bc9fa" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -7576,8 +7377,8 @@ dependencies = [ "once_cell 1.19.0", "percent-encoding 2.3.1 (registry+https://github.com/rust-lang/crates.io-index)", "pin-project-lite", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "serde_urlencoded", "tokio", "tokio-native-tls", @@ -7665,7 +7466,7 @@ checksum = "88073939a61e5b7680558e6be56b419e208420c2adb92be54921fa6b72283f1a" dependencies = [ "base64 0.13.1", "bitflags 1.3.2", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -7903,7 +7704,7 @@ dependencies = [ "array-bytes 4.2.0", "async-trait", "parking_lot 0.12.1", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-keystore", @@ -7918,7 +7719,7 @@ checksum = "8dd7aca73785181cc41f0bbe017263e682b585ca660540ba569133901d013ecf" dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -7929,7 +7730,7 @@ checksum = "036575c29af9b6e4866ffb7fa055dbf623fe7a9cc159b33786de6013a6969d89" dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -8009,7 +7810,7 @@ dependencies = [ "derive_more", "parity-scale-codec", "scale-info-derive", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -8036,7 +7837,7 @@ dependencies = [ "scale-bits 0.3.0", "scale-decode 0.4.0", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "thiserror 1.0.44", "yap", ] @@ -8237,11 +8038,11 @@ dependencies = [ [[package]] name = "serde" -version = "1.0.193" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "25dd9975e68d0cb5aa1120c288333fc98731bd1dd12f561e468ea4728c042b89" +checksum = "c8e3592472072e6e22e0a54d5904d9febf8508f65fb8552499a1abc7d1078c3a" dependencies = [ - "serde_derive 1.0.193", + "serde_derive 1.0.210", ] [[package]] @@ -8250,8 +8051,8 @@ version = "0.1.5" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "b926cfbabfe8011609dda0350cb24d884955d294909ac71c0db7027366c77e3e" dependencies = [ - "serde 1.0.193", - "serde_derive 1.0.193", + "serde 1.0.210", + "serde_derive 1.0.210", ] [[package]] @@ -8275,13 +8076,13 @@ dependencies = [ [[package]] name = "serde_derive" -version = "1.0.193" +version = "1.0.210" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "43576ca501357b9b071ac53cdc7da8ef0cbd9493d8df094cd821777ea6e894d3" +checksum = "243902eda00fad750862fc144cea25caca5e20d615af0a81bee94ca738f1df1f" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -8309,14 +8110,14 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.103" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d03b412469450d4404fe8499a268edd7f8b79fecb074b0d812ad64ca21f4031b" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ - "indexmap 2.0.0", + "indexmap 2.6.0", "itoa 1.0.9", "ryu", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -8325,7 +8126,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "96426c9936fd7a0124915f9185ea1d20aa9445cc9821142f0a73bc9207a2e186" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -8337,7 +8138,7 @@ dependencies = [ "form_urlencoded 1.2.1 (registry+https://github.com/rust-lang/crates.io-index)", "itoa 1.0.9", "ryu", - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -8368,11 +8169,11 @@ dependencies = [ "itertools 0.11.0", "libc", "serde 1.0.118", - "serde 1.0.193", + "serde 1.0.210", "serde-big-array 0.1.5", "serde-big-array 0.3.0", "serde_derive 1.0.118", - "serde_derive 1.0.193", + "serde_derive 1.0.210", "sgx_tcrypto", "sgx_tstd", "sgx_types", @@ -8706,7 +8507,7 @@ dependencies = [ "sp-metadata-ir", "sp-runtime", "sp-state-machine", - "sp-std 5.0.0", + "sp-std", "sp-trie", "sp-version", "thiserror 1.0.44", @@ -8723,7 +8524,7 @@ dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -8733,10 +8534,10 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -8748,8 +8549,8 @@ dependencies = [ "num-traits 0.2.16", "parity-scale-codec", "scale-info", - "serde 1.0.193", - "sp-std 5.0.0", + "serde 1.0.210", + "sp-std", "static_assertions", ] @@ -8762,13 +8563,13 @@ dependencies = [ "log 0.4.20", "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-api", "sp-application-crypto", "sp-core", "sp-keystore", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -8778,8 +8579,8 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", - "sp-std 5.0.0", + "serde 1.0.210", + "sp-std", "sp-timestamp", ] @@ -8813,12 +8614,12 @@ dependencies = [ "schnorrkel", "secp256k1 0.24.3", "secrecy", - "serde 1.0.193", - "sp-core-hashing 5.0.0", + "serde 1.0.210", + "sp-core-hashing", "sp-debug-derive", "sp-externalities", "sp-runtime-interface", - "sp-std 5.0.0", + "sp-std", "sp-storage", "ss58-registry", "substrate-bip39", @@ -8837,22 +8638,7 @@ dependencies = [ "digest 0.10.7", "sha2 0.10.8", "sha3", - "sp-std 5.0.0", - "twox-hash", -] - -[[package]] -name = "sp-core-hashing" -version = "6.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "cbc2d1947252b7a4e403b0a260f596920443742791765ec111daa2bbf98eff25" -dependencies = [ - "blake2", - "byteorder 1.4.3", - "digest 0.10.7", - "sha2 0.10.8", - "sha3", - "sp-std 6.0.0", + "sp-std", "twox-hash", ] @@ -8863,8 +8649,8 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "proc-macro2", "quote", - "sp-core-hashing 5.0.0", - "syn 2.0.32", + "sp-core-hashing", + "syn 2.0.79", ] [[package]] @@ -8874,7 +8660,7 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -8884,7 +8670,7 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "environmental 1.1.4", "parity-scale-codec", - "sp-std 5.0.0", + "sp-std", "sp-storage", ] @@ -8899,7 +8685,7 @@ dependencies = [ "scale-info", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", ] @@ -8934,7 +8720,7 @@ dependencies = [ "sp-keystore", "sp-runtime-interface", "sp-state-machine", - "sp-std 5.0.0", + "sp-std", "sp-tracing", "sp-trie", "tracing", @@ -8960,7 +8746,7 @@ dependencies = [ "futures 0.3.28", "parity-scale-codec", "parking_lot 0.12.1", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-externalities", "thiserror 1.0.44", @@ -8974,7 +8760,7 @@ dependencies = [ "frame-metadata", "parity-scale-codec", "scale-info", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -9000,12 +8786,12 @@ dependencies = [ "paste", "rand 0.8.5", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-application-crypto", "sp-arithmetic", "sp-core", "sp-io 7.0.0 (git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42)", - "sp-std 5.0.0", + "sp-std", "sp-weights", ] @@ -9020,7 +8806,7 @@ dependencies = [ "primitive-types", "sp-externalities", "sp-runtime-interface-proc-macro", - "sp-std 5.0.0", + "sp-std", "sp-storage", "sp-tracing", "sp-wasm-interface", @@ -9036,20 +8822,7 @@ dependencies = [ "proc-macro-crate", "proc-macro2", "quote", - "syn 2.0.32", -] - -[[package]] -name = "sp-session" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "parity-scale-codec", - "scale-info", - "sp-api", - "sp-core", - "sp-staking", - "sp-std 5.0.0", + "syn 2.0.79", ] [[package]] @@ -9059,10 +8832,10 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core", "sp-runtime", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -9079,7 +8852,7 @@ dependencies = [ "sp-core", "sp-externalities", "sp-panic-handler", - "sp-std 5.0.0", + "sp-std", "sp-trie", "thiserror 1.0.44", "tracing", @@ -9090,12 +8863,6 @@ name = "sp-std" version = "5.0.0" source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -[[package]] -name = "sp-std" -version = "6.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "af0ee286f98455272f64ac5bb1384ff21ac029fbb669afbaf48477faff12760e" - [[package]] name = "sp-storage" version = "7.0.0" @@ -9104,9 +8871,9 @@ dependencies = [ "impl-serde", "parity-scale-codec", "ref-cast", - "serde 1.0.193", + "serde 1.0.210", "sp-debug-derive", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -9120,7 +8887,7 @@ dependencies = [ "parity-scale-codec", "sp-inherents", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", ] @@ -9130,7 +8897,7 @@ version = "6.0.0" source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" dependencies = [ "parity-scale-codec", - "sp-std 5.0.0", + "sp-std", "tracing", "tracing-core", "tracing-subscriber", @@ -9152,7 +8919,7 @@ dependencies = [ "scale-info", "schnellru", "sp-core", - "sp-std 5.0.0", + "sp-std", "thiserror 1.0.44", "tracing", "trie-db", @@ -9168,10 +8935,10 @@ dependencies = [ "parity-scale-codec", "parity-wasm", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "sp-core-hashing-proc-macro", "sp-runtime", - "sp-std 5.0.0", + "sp-std", "sp-version-proc-macro", "thiserror 1.0.44", ] @@ -9184,7 +8951,7 @@ dependencies = [ "parity-scale-codec", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -9196,7 +8963,7 @@ dependencies = [ "impl-trait-for-tuples", "log 0.4.20", "parity-scale-codec", - "sp-std 5.0.0", + "sp-std", "wasmi", "wasmtime", ] @@ -9208,12 +8975,12 @@ source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff dependencies = [ "parity-scale-codec", "scale-info", - "serde 1.0.193", + "serde 1.0.210", "smallvec 1.11.0", "sp-arithmetic", "sp-core", "sp-debug-derive", - "sp-std 5.0.0", + "sp-std", ] [[package]] @@ -9258,8 +9025,8 @@ dependencies = [ "num-format", "proc-macro2", "quote", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "unicode-xid", ] @@ -9325,7 +9092,7 @@ dependencies = [ "proc-macro2", "quote", "rustversion", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -9344,8 +9111,8 @@ dependencies = [ "log 0.4.20", "maybe-async", "parity-scale-codec", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sp-core", "sp-runtime", "sp-runtime-interface", @@ -9375,33 +9142,13 @@ dependencies = [ "async-trait", "parking_lot 0.12.1", "sc-keystore", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-keyring", "sp-keystore", ] -[[package]] -name = "substrate-fixed" -version = "0.5.9" -source = "git+https://github.com/encointer/substrate-fixed#879c58bcc6fd676a74315dcd38b598f28708b0b5" -dependencies = [ - "parity-scale-codec", - "scale-info", - "substrate-typenum", -] - -[[package]] -name = "substrate-typenum" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0f0091e93c2c75b233ae39424c52cb8a662c0811fb68add149e20e5d7e8a788" -dependencies = [ - "parity-scale-codec", - "scale-info", -] - [[package]] name = "subtle" version = "2.5.0" @@ -9429,9 +9176,9 @@ dependencies = [ [[package]] name = "syn" -version = "2.0.32" +version = "2.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "239814284fd6f1a4ffe4ca893952cdd93c224b6a1571c9a9eadd670295c0c9e2" +checksum = "89132cd0bf050864e1d38dc3bbc07a0eb8e7530af26344d3d2bbbef83499f590" dependencies = [ "proc-macro2", "quote", @@ -9541,7 +9288,7 @@ checksum = "090198534930841fab3a5d1bb637cde49e339654e606195f8d9c76eeb081dc96" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -9653,7 +9400,7 @@ checksum = "630bdcf245f78637c13ec01ffae6187cca34625e8c63150d424b59e55af2675e" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -9735,7 +9482,7 @@ version = "0.5.11" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "f4f7f0dd8d50a853a531c426359045b1998f04219d88799810762cd4ad314234" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -9744,7 +9491,7 @@ version = "0.8.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "185d8ab0dfbb35cf1399a6344d8484209c088f75f8f68230da55d48d95d43e3d" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", "serde_spanned", "toml_datetime", "toml_edit 0.20.2", @@ -9756,7 +9503,7 @@ version = "0.6.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "7cda73e2f1397b1262d6dfdcef8aafae14d1de7748d66822d3bfeeb6d03e5e4b" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", ] [[package]] @@ -9765,7 +9512,7 @@ version = "0.19.15" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "1b5bb770da30e5cbfde35a2d7b9b8a2c4b8ef89548a7a6aeab5c9a576e3e7421" dependencies = [ - "indexmap 2.0.0", + "indexmap 2.6.0", "toml_datetime", "winnow", ] @@ -9776,8 +9523,8 @@ version = "0.20.2" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "396e4d48bbb2b7554c944bde63101b5ae446cff6ec4a24227428f15eb72ef338" dependencies = [ - "indexmap 2.0.0", - "serde 1.0.193", + "indexmap 2.6.0", + "serde 1.0.210", "serde_spanned", "toml_datetime", "winnow", @@ -9810,7 +9557,7 @@ checksum = "5f4f31f56159e98206da9efd823404b79b6ef3143b4a7ab76e67b1751b25a4ab" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] [[package]] @@ -9840,7 +9587,7 @@ version = "0.1.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "bc6b213177105856957181934e4920de57730fc69bf42c37ee5bb664d406d9e1" dependencies = [ - "serde 1.0.193", + "serde 1.0.210", "tracing-core", ] @@ -9855,8 +9602,8 @@ dependencies = [ "lazy_static", "matchers", "regex 1.9.5", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "sharded-slab", "smallvec 1.11.0", "thread_local", @@ -10229,8 +9976,8 @@ dependencies = [ "pin-project", "rustls-pemfile", "scoped-tls", - "serde 1.0.193", - "serde_json 1.0.103", + "serde 1.0.210", + "serde_json 1.0.120", "serde_urlencoded", "tokio", "tokio-stream", @@ -10279,7 +10026,7 @@ dependencies = [ "once_cell 1.19.0", "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", "wasm-bindgen-shared", ] @@ -10313,7 +10060,7 @@ checksum = "54681b18a46765f095758388f2d0cf16eb8d4169b639ab575a8f5693af210c7b" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", "wasm-bindgen-backend", "wasm-bindgen-shared", ] @@ -10383,7 +10130,7 @@ dependencies = [ "once_cell 1.19.0", "paste", "psm", - "serde 1.0.193", + "serde 1.0.210", "target-lexicon", "wasmparser", "wasmtime-environ", @@ -10413,7 +10160,7 @@ dependencies = [ "indexmap 1.9.3", "log 0.4.20", "object 0.29.0", - "serde 1.0.193", + "serde 1.0.210", "target-lexicon", "thiserror 1.0.44", "wasmparser", @@ -10435,7 +10182,7 @@ dependencies = [ "log 0.4.20", "object 0.29.0", "rustc-demangle", - "serde 1.0.193", + "serde 1.0.210", "target-lexicon", "wasmtime-environ", "wasmtime-jit-icache-coherence", @@ -10494,7 +10241,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "83e5572c5727c1ee7e8f28717aaa8400e4d22dcbd714ea5457d85b5005206568" dependencies = [ "cranelift-entity", - "serde 1.0.193", + "serde 1.0.210", "thiserror 1.0.44", "wasmparser", ] @@ -10894,5 +10641,5 @@ checksum = "ce36e65b0d2999d2aafac989fb249189a141aee1f53c612c1f37d72631959f69" dependencies = [ "proc-macro2", "quote", - "syn 2.0.32", + "syn 2.0.79", ] diff --git a/tee-worker/Cargo.toml b/tee-worker/Cargo.toml index 07f58471b0..a7db27633d 100644 --- a/tee-worker/Cargo.toml +++ b/tee-worker/Cargo.toml @@ -178,6 +178,7 @@ pallet-balances = { git = "https://github.com/paritytech/substrate", branch = "p pallet-sudo = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42", default-features = false } pallet-timestamp = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42", default-features = false } pallet-transaction-payment = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42", default-features = false } +pallet-evm = { git = "https://github.com/polkadot-evm/frontier", branch = "bar/polkadot-v0.9.42", default-features = false } # SGX SDK sgx_alloc = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk", branch = "master" } @@ -279,10 +280,7 @@ lc-parachain-extrinsic-task-sender = { path = "common/litentry/core/parachain-ex lc-parachain-extrinsic-task-receiver = { path = "common/litentry/core/parachain-extrinsic-task/receiver", default-features = false } litentry-hex-utils = { path = "../common/utils/hex", default-features = false } litentry-macros = { path = "../common/primitives/core/macros" } - -pallet-teebag = { git = "https://github.com/litentry/litentry-parachain", branch = "release-v0.9.19", default-features = false } -pallet-parachain-staking = { git = "https://github.com/litentry/litentry-parachain", branch = "release-v0.9.19", default-features = false } -parentchain-primitives = { package = "core-primitives", git = "https://github.com/litentry/litentry-parachain", branch = "release-v0.9.19", default-features = false } +parentchain-primitives = { package = "core-primitives", path = "../common/primitives/core", default-features = false } # identity lc-assertion-build = { path = "identity/litentry/core/assertion-build", default-features = false } @@ -319,6 +317,16 @@ its-storage = { path = "identity/sidechain/storage" } its-test = { path = "identity/sidechain/test", default-features = false } its-validateer-fetch = { path = "identity/sidechain/validateer-fetch", default-features = false } +[patch."https://github.com/paritytech/polkadot-sdk"] +frame-support = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-io = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } + +[patch."https://github.com/paritytech/frontier"] +pallet-evm = { git = "https://github.com/polkadot-evm/frontier", branch = "bar/polkadot-v0.9.42" } + [patch."https://github.com/apache/teaclave-sgx-sdk.git"] sgx_alloc = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk", branch = "master" } sgx_crypto_helper = { git = "https://github.com/apache/incubator-teaclave-sgx-sdk", branch = "master" } diff --git a/tee-worker/bitacross/core-primitives/enclave-api/Cargo.toml b/tee-worker/bitacross/core-primitives/enclave-api/Cargo.toml index f4277bee46..ca364fa05d 100644 --- a/tee-worker/bitacross/core-primitives/enclave-api/Cargo.toml +++ b/tee-worker/bitacross/core-primitives/enclave-api/Cargo.toml @@ -26,8 +26,6 @@ itp-stf-interface = { workspace = true } itp-storage = { workspace = true } itp-types = { workspace = true } -pallet-teebag = { workspace = true } - [features] default = [] implement-ffi = [ diff --git a/tee-worker/bitacross/core-primitives/enclave-api/src/enclave_base.rs b/tee-worker/bitacross/core-primitives/enclave-api/src/enclave_base.rs index d615895eff..61ce8f2ba9 100644 --- a/tee-worker/bitacross/core-primitives/enclave-api/src/enclave_base.rs +++ b/tee-worker/bitacross/core-primitives/enclave-api/src/enclave_base.rs @@ -23,9 +23,8 @@ use itp_sgx_crypto::{ecdsa, schnorr}; use itp_stf_interface::ShardCreationInfo; use itp_types::{ parentchain::{Header, ParentchainId, ParentchainInitParams}, - ShardIdentifier, + EnclaveFingerprint, ShardIdentifier, }; -use pallet_teebag::EnclaveFingerprint; use sgx_crypto_helper::rsa3072::Rsa3072PubKey; use sp_core::ed25519; @@ -113,10 +112,9 @@ mod impl_ffi { use itp_stf_interface::ShardCreationInfo; use itp_types::{ parentchain::{Header, ParentchainId, ParentchainInitParams}, - ShardIdentifier, + EnclaveFingerprint, ShardIdentifier, }; use log::*; - use pallet_teebag::EnclaveFingerprint; use sgx_crypto_helper::rsa3072::Rsa3072PubKey; use sgx_types::*; use sp_core::{ed25519, Pair}; diff --git a/tee-worker/bitacross/core-primitives/enclave-api/src/remote_attestation.rs b/tee-worker/bitacross/core-primitives/enclave-api/src/remote_attestation.rs index 618928a311..15691f7172 100644 --- a/tee-worker/bitacross/core-primitives/enclave-api/src/remote_attestation.rs +++ b/tee-worker/bitacross/core-primitives/enclave-api/src/remote_attestation.rs @@ -17,8 +17,7 @@ */ use crate::EnclaveResult; -use itp_types::ShardIdentifier; -use pallet_teebag::Fmspc; +use itp_types::{Fmspc, ShardIdentifier}; use sgx_types::*; /// Struct that unites all relevant data reported by the QVE @@ -126,9 +125,8 @@ mod impl_ffi { use frame_support::ensure; use itp_enclave_api_ffi as ffi; use itp_settings::worker::EXTRINSIC_MAX_SIZE; - use itp_types::ShardIdentifier; + use itp_types::{Fmspc, ShardIdentifier}; use log::*; - use pallet_teebag::Fmspc; use sgx_types::*; const OS_SYSTEM_PATH: &str = "/usr/lib/x86_64-linux-gnu/"; diff --git a/tee-worker/bitacross/enclave-runtime/Cargo.lock b/tee-worker/bitacross/enclave-runtime/Cargo.lock index 0062a3972d..7c196c4cd8 100644 --- a/tee-worker/bitacross/enclave-runtime/Cargo.lock +++ b/tee-worker/bitacross/enclave-runtime/Cargo.lock @@ -40,7 +40,7 @@ dependencies = [ "scale-encode", "scale-info", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-runtime", @@ -57,7 +57,7 @@ dependencies = [ "primitive-types", "scale-info", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-core-hashing", @@ -330,7 +330,7 @@ dependencies = [ "itp-storage", "itp-types", "itp-utils", - "litentry-macros 0.1.0", + "litentry-macros", "litentry-primitives", "log 0.4.21", "pallet-balances", @@ -353,7 +353,7 @@ dependencies = [ "itp-utils", "log 0.4.21", "rustls 0.19.0 (git+https://github.com/mesalock-linux/rustls?tag=sgx_1.1.3)", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "tungstenite", "url 2.5.0", @@ -371,7 +371,7 @@ dependencies = [ "jsonrpc-core", "log 0.4.21", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "sp-runtime", "thiserror", @@ -969,22 +969,31 @@ checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" [[package]] name = "core-primitives" version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#ea133d42f915d6e3cbbc51304f534d0b9f42e5d3" dependencies = [ "base58", + "base64 0.13.1", + "chrono 0.4.31", + "der 0.6.1", "frame-support", - "litentry-hex-utils 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "litentry-macros 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "litentry-proc-macros 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", + "hex", + "hex-literal", + "litentry-hex-utils", + "litentry-macros", + "litentry-proc-macros", "pallet-evm", "parity-scale-codec", + "ring 0.16.20", + "rustls-webpki", "scale-info", + "serde 1.0.204", + "serde_json 1.0.120", "sp-core", "sp-io", "sp-runtime", "sp-std", "strum", "strum_macros", + "x509-cert", ] [[package]] @@ -1300,10 +1309,10 @@ dependencies = [ "jsonrpc-core", "lazy_static", "lc-direct-call", - "litentry-hex-utils 0.1.0", - "litentry-macros 0.1.0", + "litentry-hex-utils", + "litentry-macros", "litentry-primitives", - "litentry-proc-macros 0.1.0", + "litentry-proc-macros", "log 0.4.17", "multibase", "once_cell 1.4.0 (git+https://github.com/mesalock-linux/once_cell-sgx)", @@ -1409,7 +1418,8 @@ dependencies = [ [[package]] name = "evm" version = "0.39.1" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a49a4e11987c51220aa89dbe1a5cc877f5079fa6864c0a5b4533331db44e9365" dependencies = [ "auto_impl", "ethereum", @@ -1427,7 +1437,8 @@ dependencies = [ [[package]] name = "evm-core" version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f1f13264b044cb66f0602180f0bc781c29accb41ff560669a3ec15858d5b606" dependencies = [ "parity-scale-codec", "primitive-types", @@ -1437,7 +1448,8 @@ dependencies = [ [[package]] name = "evm-gasometer" version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8d43eadc395bd1a52990787ca1495c26b0248165444912be075c28909a853b8c" dependencies = [ "evm-core", "evm-runtime", @@ -1447,7 +1459,8 @@ dependencies = [ [[package]] name = "evm-runtime" version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2aa5b32f59ec582a5651978004e5c784920291263b7dcb6de418047438e37f4f" dependencies = [ "auto_impl", "evm-core", @@ -1510,9 +1523,9 @@ dependencies = [ [[package]] name = "flagset" -version = "0.4.4" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a7e408202050813e6f1d9addadcaafef3dca7530c7ddfb005d4081cce6779" +checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" [[package]] name = "fnv" @@ -1547,7 +1560,7 @@ dependencies = [ [[package]] name = "fp-account" version = "1.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ "hex", "libsecp256k1", @@ -1557,14 +1570,13 @@ dependencies = [ "sp-core", "sp-io", "sp-runtime", - "sp-runtime-interface", "sp-std", ] [[package]] name = "fp-evm" version = "3.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ "evm", "frame-support", @@ -2405,7 +2417,7 @@ dependencies = [ "itp-types", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", ] @@ -2615,7 +2627,7 @@ name = "itp-utils" version = "0.1.0" dependencies = [ "hex", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "parity-scale-codec", ] @@ -2761,23 +2773,10 @@ dependencies = [ "hex", ] -[[package]] -name = "litentry-hex-utils" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#ea133d42f915d6e3cbbc51304f534d0b9f42e5d3" -dependencies = [ - "hex", -] - [[package]] name = "litentry-macros" version = "0.1.0" -[[package]] -name = "litentry-macros" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#ea133d42f915d6e3cbbc51304f534d0b9f42e5d3" - [[package]] name = "litentry-primitives" version = "0.1.0" @@ -2788,7 +2787,6 @@ dependencies = [ "itp-sgx-crypto", "itp-sgx-runtime-primitives", "log 0.4.21", - "pallet-teebag", "parity-scale-codec", "rand 0.7.3", "ring 0.16.20", @@ -2812,17 +2810,6 @@ dependencies = [ "syn 2.0.72", ] -[[package]] -name = "litentry-proc-macros" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#ea133d42f915d6e3cbbc51304f534d0b9f42e5d3" -dependencies = [ - "cargo_toml", - "proc-macro2", - "quote 1.0.36", - "syn 2.0.72", -] - [[package]] name = "log" version = "0.4.17" @@ -3139,16 +3126,14 @@ dependencies = [ [[package]] name = "pallet-evm" version = "6.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ - "environmental 1.1.4", "evm", "fp-account", "fp-evm", "frame-support", "frame-system", "hex", - "hex-literal", "impl-trait-for-tuples", "log 0.4.21", "parity-scale-codec", @@ -3187,33 +3172,6 @@ dependencies = [ "sp-std", ] -[[package]] -name = "pallet-teebag" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#ea133d42f915d6e3cbbc51304f534d0b9f42e5d3" -dependencies = [ - "base64 0.13.1", - "chrono 0.4.31", - "der 0.6.1", - "frame-support", - "frame-system", - "hex", - "hex-literal", - "log 0.4.21", - "pallet-timestamp", - "parity-scale-codec", - "ring 0.16.20", - "rustls-webpki", - "scale-info", - "serde 1.0.204", - "serde_json 1.0.103", - "sp-core", - "sp-io", - "sp-runtime", - "sp-std", - "x509-cert", -] - [[package]] name = "pallet-timestamp" version = "4.0.0-dev" @@ -4044,9 +4002,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.103" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d03b412469450d4404fe8499a268edd7f8b79fecb074b0d812ad64ca21f4031b" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa 1.0.9", "ryu", @@ -4736,7 +4694,7 @@ dependencies = [ "proc-macro2", "quote 1.0.36", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "unicode-xid 0.2.4", ] @@ -4787,7 +4745,7 @@ dependencies = [ "maybe-async", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-core", "sp-runtime", "sp-runtime-interface", diff --git a/tee-worker/bitacross/enclave-runtime/Cargo.toml b/tee-worker/bitacross/enclave-runtime/Cargo.toml index 064b3b8181..b7bf21eaaf 100644 --- a/tee-worker/bitacross/enclave-runtime/Cargo.toml +++ b/tee-worker/bitacross/enclave-runtime/Cargo.toml @@ -153,6 +153,16 @@ ring = { git = "https://github.com/betrusted-io/ring-xous", branch = "0.16.20-cl [patch."https://github.com/mesalock-linux/log-sgx"] log = { git = "https://github.com/integritee-network/log-sgx" } +[patch."https://github.com/paritytech/polkadot-sdk"] +frame-support = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-io = { path = "../../common/core-primitives/substrate-sgx/sp-io" } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } + +[patch."https://github.com/paritytech/frontier"] +pallet-evm = { git = "https://github.com/polkadot-evm/frontier", branch = "bar/polkadot-v0.9.42" } + [patch."https://github.com/paritytech/substrate"] sp-io = { path = "../../common/core-primitives/substrate-sgx/sp-io" } diff --git a/tee-worker/common/core-primitives/types/src/lib.rs b/tee-worker/common/core-primitives/types/src/lib.rs index b224381f63..d60fa6f08a 100644 --- a/tee-worker/common/core-primitives/types/src/lib.rs +++ b/tee-worker/common/core-primitives/types/src/lib.rs @@ -21,7 +21,6 @@ use crate::storage::StorageEntry; use codec::{Decode, Encode}; use itp_sgx_crypto::ShieldingCryptoDecrypt; -use litentry_primitives::decl_rsa_request; use sp_std::{boxed::Box, fmt::Debug, vec::Vec}; pub mod parentchain; @@ -31,8 +30,8 @@ pub use sidechain::SidechainBlockHash; pub use itp_sgx_runtime_primitives::types::*; pub use litentry_primitives::{ - Assertion, AttestationType, DcapProvider, DecryptableRequest, Enclave, EnclaveFingerprint, - MrEnclave, SidechainBlockNumber, WorkerType, + decl_rsa_request, Assertion, AttestationType, DcapProvider, DecryptableRequest, Enclave, + EnclaveFingerprint, Fmspc, MrEnclave, SidechainBlockNumber, WorkerType, }; pub use sp_core::{crypto::AccountId32 as AccountId, H256}; diff --git a/tee-worker/common/litentry/primitives/Cargo.toml b/tee-worker/common/litentry/primitives/Cargo.toml index 9a1c2bd38b..c47357c7bf 100644 --- a/tee-worker/common/litentry/primitives/Cargo.toml +++ b/tee-worker/common/litentry/primitives/Cargo.toml @@ -25,7 +25,6 @@ sgx_tstd = { workspace = true, features = ["net", "thread"], optional = true } itp-sgx-crypto = { workspace = true } itp-sgx-runtime-primitives = { workspace = true } -pallet-teebag = { workspace = true } parentchain-primitives = { workspace = true } [dev-dependencies] @@ -54,7 +53,6 @@ std = [ "sp-runtime/std", "ring/std", "parentchain-primitives/std", - "pallet-teebag/std", "rand", "log/std", "bitcoin/std", diff --git a/tee-worker/common/litentry/primitives/src/lib.rs b/tee-worker/common/litentry/primitives/src/lib.rs index 2a14a12b82..298d8090ed 100644 --- a/tee-worker/common/litentry/primitives/src/lib.rs +++ b/tee-worker/common/litentry/primitives/src/lib.rs @@ -45,10 +45,6 @@ use bitcoin::sign_message::{signed_msg_hash, MessageSignature}; use codec::{Decode, Encode, MaxEncodedLen}; use itp_sgx_crypto::ShieldingCryptoDecrypt; use log::error; -pub use pallet_teebag::{ - decl_rsa_request, extract_tcb_info_from_raw_dcap_quote, AttestationType, DcapProvider, Enclave, - EnclaveFingerprint, MrEnclave, ShardIdentifier, SidechainBlockNumber, WorkerMode, WorkerType, -}; pub use parentchain_primitives::{ assertion::{ achainable::{ @@ -74,10 +70,12 @@ pub use parentchain_primitives::{ web3_token::Web3TokenType, Assertion, }, + decl_rsa_request, identity::*, + teebag::*, AccountId as ParentchainAccountId, Balance as ParentchainBalance, BlockNumber as ParentchainBlockNumber, ErrorDetail, ErrorString, Hash as ParentchainHash, - Header as ParentchainHeader, IMPError, Index as ParentchainIndex, IntoErrorDetail, + Header as ParentchainHeader, IMPError, IntoErrorDetail, Nonce as ParentchainIndex, ParameterString, SchemaContentString, SchemaIdString, Signature as ParentchainSignature, VCMPError, MINUTES, }; diff --git a/tee-worker/identity/app-libs/sgx-runtime/Cargo.toml b/tee-worker/identity/app-libs/sgx-runtime/Cargo.toml index fef1a94e42..4844bbcf22 100644 --- a/tee-worker/identity/app-libs/sgx-runtime/Cargo.toml +++ b/tee-worker/identity/app-libs/sgx-runtime/Cargo.toml @@ -26,7 +26,7 @@ sp-runtime = { workspace = true } sp-std = { workspace = true } sp-version = { workspace = true } -pallet-evm = { git = "https://github.com/integritee-network/frontier", branch = "bar/polkadot-v0.9.42", default-features = false, optional = true } +pallet-evm = { workspace = true, optional = true } pallet-identity-management-tee = { workspace = true } pallet-parentchain = { workspace = true } diff --git a/tee-worker/identity/cli/Cargo.toml b/tee-worker/identity/cli/Cargo.toml index b0f273b20d..c2046700ac 100644 --- a/tee-worker/identity/cli/Cargo.toml +++ b/tee-worker/identity/cli/Cargo.toml @@ -23,7 +23,7 @@ serde_json = { workspace = true, features = ["std"] } thiserror = { workspace = true } urlencoding = "2.1.3" -pallet-evm = { git = "https://github.com/integritee-network/frontier", branch = "bar/polkadot-v0.9.42", optional = true } +pallet-evm = { workspace = true, features = ["std"], optional = true } sgx_crypto_helper = { workspace = true } substrate-api-client = { workspace = true } @@ -50,7 +50,6 @@ frame-metadata = "15.0.0" litentry-hex-utils = { workspace = true } litentry-primitives = { workspace = true, features = ["std"] } scale-value = "0.6.0" -sp-core-hashing = "6.0.0" [features] default = [] diff --git a/tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/get_storage.rs b/tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/get_storage.rs index 66ce2e6a57..4b30b0320d 100644 --- a/tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/get_storage.rs +++ b/tee-worker/identity/cli/src/trusted_base_cli/commands/litentry/get_storage.rs @@ -202,24 +202,24 @@ fn send_get_storage_request( } fn write_storage_address_root_bytes(pallet_name: &str, storage_name: &str, out: &mut Vec) { - out.extend(sp_core_hashing::twox_128(pallet_name.as_bytes())); - out.extend(sp_core_hashing::twox_128(storage_name.as_bytes())); + out.extend(sp_core::hashing::twox_128(pallet_name.as_bytes())); + out.extend(sp_core::hashing::twox_128(storage_name.as_bytes())); } /// Take some SCALE encoded bytes and a [`StorageHasher`] and hash the bytes accordingly. fn hash_bytes(input: &[u8], hasher: &StorageHasher, bytes: &mut Vec) { match hasher { StorageHasher::Identity => bytes.extend(input), - StorageHasher::Blake2_128 => bytes.extend(sp_core_hashing::blake2_128(input)), + StorageHasher::Blake2_128 => bytes.extend(sp_core::hashing::blake2_128(input)), StorageHasher::Blake2_128Concat => { - bytes.extend(sp_core_hashing::blake2_128(input)); + bytes.extend(sp_core::hashing::blake2_128(input)); bytes.extend(input); }, - StorageHasher::Blake2_256 => bytes.extend(sp_core_hashing::blake2_256(input)), - StorageHasher::Twox128 => bytes.extend(sp_core_hashing::twox_128(input)), - StorageHasher::Twox256 => bytes.extend(sp_core_hashing::twox_256(input)), + StorageHasher::Blake2_256 => bytes.extend(sp_core::hashing::blake2_256(input)), + StorageHasher::Twox128 => bytes.extend(sp_core::hashing::twox_128(input)), + StorageHasher::Twox256 => bytes.extend(sp_core::hashing::twox_256(input)), StorageHasher::Twox64Concat => { - bytes.extend(sp_core_hashing::twox_64(input)); + bytes.extend(sp_core::hashing::twox_64(input)); bytes.extend(input); }, } diff --git a/tee-worker/identity/core-primitives/enclave-api/Cargo.toml b/tee-worker/identity/core-primitives/enclave-api/Cargo.toml index 9eab618dd0..f260adbc6a 100644 --- a/tee-worker/identity/core-primitives/enclave-api/Cargo.toml +++ b/tee-worker/identity/core-primitives/enclave-api/Cargo.toml @@ -26,8 +26,6 @@ itp-stf-interface = { workspace = true } itp-storage = { workspace = true } itp-types = { workspace = true } -pallet-teebag = { workspace = true } - [features] default = [] implement-ffi = [ diff --git a/tee-worker/identity/core-primitives/enclave-api/src/enclave_base.rs b/tee-worker/identity/core-primitives/enclave-api/src/enclave_base.rs index 3287c7b967..47f0bfa08f 100644 --- a/tee-worker/identity/core-primitives/enclave-api/src/enclave_base.rs +++ b/tee-worker/identity/core-primitives/enclave-api/src/enclave_base.rs @@ -22,9 +22,8 @@ use core::fmt::Debug; use itp_stf_interface::ShardCreationInfo; use itp_types::{ parentchain::{Header, ParentchainId, ParentchainInitParams}, - ShardIdentifier, + EnclaveFingerprint, ShardIdentifier, }; -use pallet_teebag::EnclaveFingerprint; use sgx_crypto_helper::rsa3072::Rsa3072PubKey; use sp_core::ed25519; @@ -100,10 +99,9 @@ mod impl_ffi { use itp_stf_interface::ShardCreationInfo; use itp_types::{ parentchain::{Header, ParentchainId, ParentchainInitParams}, - ShardIdentifier, + EnclaveFingerprint, ShardIdentifier, }; use log::*; - use pallet_teebag::EnclaveFingerprint; use sgx_crypto_helper::rsa3072::Rsa3072PubKey; use sgx_types::*; use sp_core::ed25519; diff --git a/tee-worker/identity/core-primitives/enclave-api/src/remote_attestation.rs b/tee-worker/identity/core-primitives/enclave-api/src/remote_attestation.rs index 11da5530bd..e37d410bd0 100644 --- a/tee-worker/identity/core-primitives/enclave-api/src/remote_attestation.rs +++ b/tee-worker/identity/core-primitives/enclave-api/src/remote_attestation.rs @@ -17,8 +17,7 @@ */ use crate::EnclaveResult; -use itp_types::ShardIdentifier; -use pallet_teebag::Fmspc; +use itp_types::{Fmspc, ShardIdentifier}; use sgx_types::*; /// Struct that unites all relevant data reported by the QVE @@ -126,9 +125,8 @@ mod impl_ffi { use frame_support::ensure; use itp_enclave_api_ffi as ffi; use itp_settings::worker::EXTRINSIC_MAX_SIZE; - use itp_types::ShardIdentifier; + use itp_types::{Fmspc, ShardIdentifier}; use log::*; - use pallet_teebag::Fmspc; use sgx_types::*; const OS_SYSTEM_PATH: &str = "/usr/lib/x86_64-linux-gnu/"; diff --git a/tee-worker/identity/enclave-runtime/Cargo.lock b/tee-worker/identity/enclave-runtime/Cargo.lock index de7a5089bf..07c5998291 100644 --- a/tee-worker/identity/enclave-runtime/Cargo.lock +++ b/tee-worker/identity/enclave-runtime/Cargo.lock @@ -40,7 +40,7 @@ dependencies = [ "scale-encode", "scale-info", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-runtime", @@ -57,7 +57,7 @@ dependencies = [ "primitive-types", "scale-info", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-application-crypto", "sp-core", "sp-core-hashing", @@ -612,22 +612,31 @@ checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e" [[package]] name = "core-primitives" version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" dependencies = [ "base58", + "base64 0.13.1", + "chrono 0.4.31", + "der 0.6.1", "frame-support", - "litentry-hex-utils 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "litentry-macros 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "litentry-proc-macros 0.1.0 (git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19)", - "pallet-evm 6.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", + "hex", + "hex-literal", + "litentry-hex-utils", + "litentry-macros", + "litentry-proc-macros", + "pallet-evm", "parity-scale-codec", + "ring 0.16.20", + "rustls-webpki", "scale-info", + "serde 1.0.204", + "serde_json 1.0.120", "sp-core", "sp-io", "sp-runtime", "sp-std", "strum", "strum_macros", + "x509-cert", ] [[package]] @@ -946,10 +955,10 @@ dependencies = [ "lc-parachain-extrinsic-task-receiver", "lc-stf-task-receiver", "lc-vc-task-receiver", - "litentry-hex-utils 0.1.0", - "litentry-macros 0.1.0", + "litentry-hex-utils", + "litentry-macros", "litentry-primitives", - "litentry-proc-macros 0.1.0", + "litentry-proc-macros", "log", "multibase", "once_cell 1.4.0", @@ -1088,27 +1097,9 @@ checksum = "a49a4e11987c51220aa89dbe1a5cc877f5079fa6864c0a5b4533331db44e9365" dependencies = [ "auto_impl", "ethereum 0.14.0", - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-gasometer 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-runtime 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "log", - "parity-scale-codec", - "primitive-types", - "rlp", - "scale-info", - "sha3 0.10.8", -] - -[[package]] -name = "evm" -version = "0.39.1" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "auto_impl", - "ethereum 0.14.0", - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-gasometer 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-runtime 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm-core 0.39.0", + "evm-gasometer 0.39.0", + "evm-runtime 0.39.0", "log", "parity-scale-codec", "primitive-types", @@ -1147,16 +1138,6 @@ dependencies = [ "scale-info", ] -[[package]] -name = "evm-core" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "parity-scale-codec", - "primitive-types", - "scale-info", -] - [[package]] name = "evm-core" version = "0.41.0" @@ -1174,18 +1155,8 @@ version = "0.39.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "8d43eadc395bd1a52990787ca1495c26b0248165444912be075c28909a853b8c" dependencies = [ - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "evm-runtime 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "primitive-types", -] - -[[package]] -name = "evm-gasometer" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "evm-runtime 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm-core 0.39.0", + "evm-runtime 0.39.0", "primitive-types", ] @@ -1207,18 +1178,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "2aa5b32f59ec582a5651978004e5c784920291263b7dcb6de418047438e37f4f" dependencies = [ "auto_impl", - "evm-core 0.39.0 (registry+https://github.com/rust-lang/crates.io-index)", - "primitive-types", - "sha3 0.10.8", -] - -[[package]] -name = "evm-runtime" -version = "0.39.0" -source = "git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65#b7b82c7e1fc57b7449d6dfa6826600de37cc1e65" -dependencies = [ - "auto_impl", - "evm-core 0.39.0 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm-core 0.39.0", "primitive-types", "sha3 0.10.8", ] @@ -1290,9 +1250,9 @@ dependencies = [ [[package]] name = "flagset" -version = "0.4.4" +version = "0.4.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d52a7e408202050813e6f1d9addadcaafef3dca7530c7ddfb005d4081cce6779" +checksum = "b3ea1ec5f8307826a5b71094dd91fc04d4ae75d5709b20ad351c7fb4815c86ec" [[package]] name = "fnv" @@ -1319,23 +1279,7 @@ dependencies = [ [[package]] name = "fp-account" version = "1.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" -dependencies = [ - "hex", - "libsecp256k1", - "log", - "parity-scale-codec", - "scale-info", - "sp-core", - "sp-io", - "sp-runtime", - "sp-std", -] - -[[package]] -name = "fp-account" -version = "1.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ "hex", "libsecp256k1", @@ -1345,30 +1289,15 @@ dependencies = [ "sp-core", "sp-io", "sp-runtime", - "sp-runtime-interface", "sp-std", ] [[package]] name = "fp-evm" version = "3.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ - "evm 0.39.1 (registry+https://github.com/rust-lang/crates.io-index)", - "frame-support", - "parity-scale-codec", - "scale-info", - "sp-core", - "sp-runtime", - "sp-std", -] - -[[package]] -name = "fp-evm" -version = "3.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" -dependencies = [ - "evm 0.39.1 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", + "evm 0.39.1", "frame-support", "parity-scale-codec", "scale-info", @@ -1896,7 +1825,7 @@ dependencies = [ "frame-system", "itp-sgx-runtime-primitives", "pallet-balances", - "pallet-evm 6.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", + "pallet-evm", "pallet-identity-management-tee", "pallet-parentchain", "pallet-sudo", @@ -1931,8 +1860,8 @@ dependencies = [ "itp-types", "itp-utils", "lc-stf-task-sender", - "litentry-hex-utils 0.1.0", - "litentry-macros 0.1.0", + "litentry-hex-utils", + "litentry-macros", "litentry-primitives", "log", "pallet-balances", @@ -1957,7 +1886,7 @@ dependencies = [ "itp-utils", "log", "rustls 0.19.0 (git+https://github.com/mesalock-linux/rustls?tag=sgx_1.1.3)", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "tungstenite", "url 2.5.0", @@ -1975,7 +1904,7 @@ dependencies = [ "jsonrpc-core", "log", "parity-scale-codec", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "sp-runtime", "thiserror", @@ -2311,7 +2240,7 @@ dependencies = [ "http_req", "log", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "thiserror", "url 2.5.0", @@ -2528,7 +2457,7 @@ dependencies = [ "itp-types", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", ] @@ -2738,7 +2667,7 @@ name = "itp-utils" version = "0.1.0" dependencies = [ "hex", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "parity-scale-codec", ] @@ -2808,7 +2737,7 @@ dependencies = [ "its-primitives", "its-state", "its-validateer-fetch", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "log", "parity-scale-codec", "sgx_tstd", @@ -2834,7 +2763,7 @@ dependencies = [ "its-block-verification", "its-primitives", "its-state", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "log", "parity-scale-codec", "sgx_tstd", @@ -3012,12 +2941,11 @@ dependencies = [ "lc-evm-dynamic-assertions", "litentry-primitives", "log", - "pallet-parachain-staking", "parity-scale-codec", "primitive-types", "rust-base58 0.0.4 (git+https://github.com/mesalock-linux/rust-base58-sgx)", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "sp-core", "ss58-registry", @@ -3038,7 +2966,7 @@ dependencies = [ "lc-common", "lc-credentials-v2", "lc-service", - "litentry-hex-utils 0.1.0", + "litentry-hex-utils", "litentry-primitives", "log", "parity-scale-codec", @@ -3072,7 +3000,7 @@ dependencies = [ "rust-base58 0.0.4 (git+https://github.com/mesalock-linux/rust-base58-sgx)", "scale-info", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "serde_json 1.0.60 (git+https://github.com/mesalock-linux/serde-json-sgx?tag=sgx_1.1.3)", "sgx_tstd", "sp-core", @@ -3104,7 +3032,7 @@ dependencies = [ "log", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "thiserror", "url 2.5.0", @@ -3140,7 +3068,7 @@ dependencies = [ "log", "parity-scale-codec", "rust_decimal", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_tstd", "ss58-registry", "thiserror", @@ -3166,7 +3094,7 @@ dependencies = [ "lru", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sgx_rand", "sgx_tstd", "sp-core", @@ -3291,7 +3219,7 @@ dependencies = [ "lc-stf-task-receiver", "lc-stf-task-sender", "lc-vc-task-sender", - "litentry-macros 0.1.0", + "litentry-macros", "litentry-primitives", "log", "pallet-identity-management-tee", @@ -3376,22 +3304,9 @@ dependencies = [ "hex", ] -[[package]] -name = "litentry-hex-utils" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "hex", -] - -[[package]] -name = "litentry-macros" -version = "0.1.0" - [[package]] name = "litentry-macros" version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" [[package]] name = "litentry-primitives" @@ -3403,7 +3318,6 @@ dependencies = [ "itp-sgx-crypto", "itp-sgx-runtime-primitives", "log", - "pallet-teebag", "parity-scale-codec", "rand 0.7.3", "ring 0.16.20", @@ -3427,17 +3341,6 @@ dependencies = [ "syn 2.0.72", ] -[[package]] -name = "litentry-proc-macros" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "cargo_toml", - "proc-macro2", - "quote 1.0.36", - "syn 2.0.72", -] - [[package]] name = "log" version = "0.4.17" @@ -3729,20 +3632,6 @@ version = "0.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "624a8340c38c1b80fd549087862da4ba43e08858af025b236e509b6649fc13d5" -[[package]] -name = "pallet-authorship" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "frame-support", - "frame-system", - "impl-trait-for-tuples", - "parity-scale-codec", - "scale-info", - "sp-runtime", - "sp-std", -] - [[package]] name = "pallet-balances" version = "4.0.0-dev" @@ -3760,11 +3649,11 @@ dependencies = [ [[package]] name = "pallet-evm" version = "6.0.0-dev" -source = "git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" +source = "git+https://github.com/polkadot-evm/frontier?branch=bar/polkadot-v0.9.42#a5a5e1e6ec08cd542a6084c310863150fb8841b1" dependencies = [ - "evm 0.39.1 (registry+https://github.com/rust-lang/crates.io-index)", - "fp-account 1.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", - "fp-evm 3.0.0-dev (git+https://github.com/integritee-network/frontier?branch=bar/polkadot-v0.9.42)", + "evm 0.39.1", + "fp-account", + "fp-evm", "frame-support", "frame-system", "hex", @@ -3779,30 +3668,6 @@ dependencies = [ "sp-std", ] -[[package]] -name = "pallet-evm" -version = "6.0.0-dev" -source = "git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42#2499d18c936edbcb7fcb711827db7abb9b4f4da4" -dependencies = [ - "environmental 1.1.4", - "evm 0.39.1 (git+https://github.com/rust-blockchain/evm?rev=b7b82c7e1fc57b7449d6dfa6826600de37cc1e65)", - "fp-account 1.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", - "fp-evm 3.0.0-dev (git+https://github.com/paritytech/frontier?branch=polkadot-v0.9.42)", - "frame-support", - "frame-system", - "hex", - "hex-literal", - "impl-trait-for-tuples", - "log", - "parity-scale-codec", - "rlp", - "scale-info", - "sp-core", - "sp-io", - "sp-runtime", - "sp-std", -] - [[package]] name = "pallet-identity-management-tee" version = "0.1.0" @@ -3820,26 +3685,6 @@ dependencies = [ "sp-std", ] -[[package]] -name = "pallet-parachain-staking" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "core-primitives", - "frame-support", - "frame-system", - "log", - "pallet-authorship", - "pallet-balances", - "pallet-session", - "parity-scale-codec", - "scale-info", - "sp-runtime", - "sp-staking", - "sp-std", - "substrate-fixed", -] - [[package]] name = "pallet-parentchain" version = "0.1.0" @@ -3853,26 +3698,6 @@ dependencies = [ "sp-runtime", ] -[[package]] -name = "pallet-session" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "frame-support", - "frame-system", - "impl-trait-for-tuples", - "log", - "pallet-timestamp", - "parity-scale-codec", - "scale-info", - "sp-core", - "sp-io", - "sp-runtime", - "sp-session", - "sp-staking", - "sp-std", -] - [[package]] name = "pallet-sudo" version = "4.0.0-dev" @@ -3887,33 +3712,6 @@ dependencies = [ "sp-std", ] -[[package]] -name = "pallet-teebag" -version = "0.1.0" -source = "git+https://github.com/litentry/litentry-parachain?branch=release-v0.9.19#cdbe9b02c1c58ca3d0063bf2eaf26a1f9da314e9" -dependencies = [ - "base64 0.13.1", - "chrono 0.4.31", - "der 0.6.1", - "frame-support", - "frame-system", - "hex", - "hex-literal", - "log", - "pallet-timestamp", - "parity-scale-codec", - "ring 0.16.20", - "rustls-webpki", - "scale-info", - "serde 1.0.204", - "serde_json 1.0.103", - "sp-core", - "sp-io", - "sp-runtime", - "sp-std", - "x509-cert", -] - [[package]] name = "pallet-timestamp" version = "4.0.0-dev" @@ -4758,9 +4556,9 @@ dependencies = [ [[package]] name = "serde_json" -version = "1.0.103" +version = "1.0.120" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d03b412469450d4404fe8499a268edd7f8b79fecb074b0d812ad64ca21f4031b" +checksum = "4e0d21c9a8cae1235ad58a00c11cb40d4b1e5c784f1ef2c537876ed6ffd8b7c5" dependencies = [ "itoa 1.0.9", "ryu", @@ -5319,19 +5117,6 @@ dependencies = [ "syn 2.0.72", ] -[[package]] -name = "sp-session" -version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#ff24c60ac7d9f87727ecdd0ded9a80c56e4f4b65" -dependencies = [ - "parity-scale-codec", - "scale-info", - "sp-api", - "sp-core", - "sp-staking", - "sp-std", -] - [[package]] name = "sp-staking" version = "4.0.0-dev" @@ -5480,7 +5265,7 @@ dependencies = [ "proc-macro2", "quote 1.0.36", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "unicode-xid 0.2.4", ] @@ -5531,32 +5316,12 @@ dependencies = [ "maybe-async", "parity-scale-codec", "serde 1.0.204", - "serde_json 1.0.103", + "serde_json 1.0.120", "sp-core", "sp-runtime", "sp-runtime-interface", ] -[[package]] -name = "substrate-fixed" -version = "0.5.9" -source = "git+https://github.com/encointer/substrate-fixed#a75f3ba3f7c7893fb420500639cc055f964b1b88" -dependencies = [ - "parity-scale-codec", - "scale-info", - "substrate-typenum", -] - -[[package]] -name = "substrate-typenum" -version = "1.16.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "f0f0091e93c2c75b233ae39424c52cb8a662c0811fb68add149e20e5d7e8a788" -dependencies = [ - "parity-scale-codec", - "scale-info", -] - [[package]] name = "subtle" version = "2.4.1" diff --git a/tee-worker/identity/enclave-runtime/Cargo.toml b/tee-worker/identity/enclave-runtime/Cargo.toml index 283d1fcedf..35b9c47107 100644 --- a/tee-worker/identity/enclave-runtime/Cargo.toml +++ b/tee-worker/identity/enclave-runtime/Cargo.toml @@ -172,6 +172,16 @@ ring = { git = "https://github.com/betrusted-io/ring-xous", branch = "0.16.20-cl [patch."https://github.com/mesalock-linux/log-sgx"] log = { git = "https://github.com/integritee-network/log-sgx" } +[patch."https://github.com/paritytech/polkadot-sdk"] +frame-support = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-core = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-io = { path = "../../common/core-primitives/substrate-sgx/sp-io" } +sp-runtime = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } +sp-std = { git = "https://github.com/paritytech/substrate", branch = "polkadot-v0.9.42" } + +[patch."https://github.com/paritytech/frontier"] +pallet-evm = { git = "https://github.com/polkadot-evm/frontier", branch = "bar/polkadot-v0.9.42" } + [patch."https://github.com/paritytech/substrate"] sp-io = { path = "../../common/core-primitives/substrate-sgx/sp-io" } diff --git a/tee-worker/identity/litentry/core/assertion-build/Cargo.toml b/tee-worker/identity/litentry/core/assertion-build/Cargo.toml index 09fc7d1fda..00457e5713 100644 --- a/tee-worker/identity/litentry/core/assertion-build/Cargo.toml +++ b/tee-worker/identity/litentry/core/assertion-build/Cargo.toml @@ -39,7 +39,6 @@ lc-data-providers = { workspace = true } lc-dynamic-assertion = { workspace = true } lc-evm-dynamic-assertions = { workspace = true } litentry-primitives = { workspace = true } -pallet-parachain-staking = { workspace = true } [dev-dependencies] chrono = { workspace = true, features = ["std", "alloc"] } diff --git a/tee-worker/identity/litentry/core/assertion-build/src/lit_staking.rs b/tee-worker/identity/litentry/core/assertion-build/src/lit_staking.rs index 463b27f9e6..6d695668aa 100644 --- a/tee-worker/identity/litentry/core/assertion-build/src/lit_staking.rs +++ b/tee-worker/identity/litentry/core/assertion-build/src/lit_staking.rs @@ -32,7 +32,6 @@ use lc_credentials::{ }; use lc_data_providers::build_client_with_cert; use litentry_primitives::ParentchainBalance; -use pallet_parachain_staking::types::Delegator; use serde::{Deserialize, Serialize}; use std::string::ToString; @@ -117,6 +116,47 @@ impl QueryParachainStaking for LitentryStakingClient { } } +// primitive types copied from pallet-parachain-staking +// +// it's to break the cargo deps to the whole pallet, especially when we +// expect a `polkadot-v0.9.42` version of pallet within the worker +mod parachain_staking_primitives { + use super::*; + use codec::{Decode, Encode}; + + #[derive(Clone, Encode, Decode)] + pub struct OrderedSet(pub Vec); + + #[derive(Clone, Encode, Decode)] + pub struct Bond { + pub owner: AccountId, + pub amount: ParentchainBalance, + } + + #[derive(Clone, PartialEq, Eq, Encode, Decode)] + pub enum DelegatorStatus { + /// Active with no scheduled exit + #[codec(index = 0)] + Active, + } + + #[derive(Clone, Encode, Decode)] + /// Delegator state + pub struct Delegator { + /// Delegator account + pub id: AccountId, + /// All current delegations + pub delegations: OrderedSet, + /// Total balance locked for this delegator + pub total: ParentchainBalance, + /// Sum of pending revocation amounts + bond less amounts + pub less_total: ParentchainBalance, + /// Status for this delegator + pub status: DelegatorStatus, + } +} +use parachain_staking_primitives::*; + pub struct DelegatorState; impl DelegatorState { pub fn query_lit_staking( @@ -159,13 +199,11 @@ impl DelegatorState { Ok(params.to_string() + &hex::encode(&cocat)) } - fn decode_delegator(storage_in_hex: &str) -> Result> { + fn decode_delegator(storage_in_hex: &str) -> Result { // Remove 0x if let Some(storage_in_hex_without_prefix) = storage_in_hex.strip_prefix("0x") { if let Ok(decoded) = hex::decode(storage_in_hex_without_prefix) { - if let Ok(delegator) = - Delegator::::decode(&mut decoded.as_bytes_ref()) - { + if let Ok(delegator) = Delegator::decode(&mut decoded.as_bytes_ref()) { return Ok(delegator) } }