From 559d0156a7006021fb3529acc48ae421ce8dbe2a Mon Sep 17 00:00:00 2001 From: peg Date: Sat, 7 Sep 2024 23:28:18 +0200 Subject: [PATCH] In production, generate TDX quote using configfs-tsm --- Cargo.lock | 6 +++++ crates/threshold-signature-server/Cargo.toml | 1 + .../src/attestation/api.rs | 24 +++++++++++++------ .../src/attestation/errors.rs | 6 ++--- 4 files changed, 27 insertions(+), 10 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 818ef5b09..89fb8ae4d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1398,6 +1398,11 @@ dependencies = [ "crossbeam-utils", ] +[[package]] +name = "configfs-tsm" +version = "0.1.0" +source = "git+https://github.com/entropyxyz/configfs-tsm#11fb34ce920b6a2f667e62f41e9311d428969577" + [[package]] name = "console" version = "0.15.8" @@ -2765,6 +2770,7 @@ dependencies = [ "blake3", "bytes", "clap", + "configfs-tsm", "entropy-client", "entropy-kvdb", "entropy-programs-runtime", diff --git a/crates/threshold-signature-server/Cargo.toml b/crates/threshold-signature-server/Cargo.toml index 6d52c3ee7..57f4f3957 100644 --- a/crates/threshold-signature-server/Cargo.toml +++ b/crates/threshold-signature-server/Cargo.toml @@ -72,6 +72,7 @@ sha2 ="0.10.8" hkdf ="0.12.4" project-root ={ version="0.2.2", optional=true } tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", optional=true, features=["mock"] } +configfs-tsm ={ git="https://github.com/entropyxyz/configfs-tsm" } [dev-dependencies] serial_test ="3.1.1" diff --git a/crates/threshold-signature-server/src/attestation/api.rs b/crates/threshold-signature-server/src/attestation/api.rs index ae97b2fab..98ee6c168 100644 --- a/crates/threshold-signature-server/src/attestation/api.rs +++ b/crates/threshold-signature-server/src/attestation/api.rs @@ -97,14 +97,24 @@ pub async fn create_quote( Ok(quote) } -/// Once implemented, this will create a TDX quote in production +/// Create a TDX quote in production #[cfg(not(any(test, feature = "unsafe")))] pub async fn create_quote( - _block_number: u32, - _nonce: [u8; 32], - _signer: &PairSigner, - _x25519_secret: &StaticSecret, + block_number: u32, + nonce: [u8; 32], + signer: &PairSigner, + x25519_secret: &StaticSecret, ) -> Result, AttestationErr> { - // Non-mock attestation (the real thing) will go here - Err(AttestationErr::NotImplemented) + let public_key = x25519_dalek::PublicKey::from(x25519_secret); + + let input_data = entropy_shared::QuoteInputData::new( + signer.signer().public(), + *public_key.as_bytes(), + nonce, + block_number, + ); + + Ok(configfs_tsm::create_quote(input_data.0)?) + // // Non-mock attestation (the real thing) will go here + // Err(AttestationErr::NotImplemented) } diff --git a/crates/threshold-signature-server/src/attestation/errors.rs b/crates/threshold-signature-server/src/attestation/errors.rs index 0a6d52098..9e46f20b3 100644 --- a/crates/threshold-signature-server/src/attestation/errors.rs +++ b/crates/threshold-signature-server/src/attestation/errors.rs @@ -27,9 +27,6 @@ pub enum AttestationErr { GenericSubstrate(#[from] subxt::error::Error), #[error("User Error: {0}")] UserErr(#[from] crate::user::UserErr), - #[cfg(not(any(test, feature = "unsafe")))] - #[error("Not yet implemented")] - NotImplemented, #[error("Input must be 32 bytes: {0}")] TryFromSlice(#[from] TryFromSliceError), #[error("Could not get block number")] @@ -40,6 +37,9 @@ pub enum AttestationErr { Unexpected, #[error("Could not decode message: {0}")] Codec(#[from] parity_scale_codec::Error), + #[cfg(not(any(test, feature = "unsafe")))] + #[error("Quote generation: {0}")] + QuoteGeneration(#[from] std::io::Error), } impl IntoResponse for AttestationErr {