Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Show quote in bootstrap command and make loading bootsrap testable. #109

Merged
merged 2 commits into from
Apr 20, 2024
Merged

Show quote in bootstrap command and make loading bootsrap testable. #109

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a361dbd
Show proof in bootstrap command and make loading bootsrap testable.
smtmfft Apr 19, 2024
278dfd6
fix review comments
smtmfft Apr 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 21 additions & 10 deletions provers/sgx/guest/src/one_shot.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ use raiko_lib::{
protocol_instance::{assemble_protocol_instance, EvidenceType},
};
use raiko_primitives::Address;
use secp256k1::KeyPair;
use secp256k1::{KeyPair, SecretKey};
use serde::Serialize;
base64_serde_type!(Base64Standard, base64::engine::general_purpose::STANDARD);

Expand Down Expand Up @@ -67,6 +67,8 @@ fn save_bootstrap_details(
new_instance,
quote: hex::encode(quote),
};

println!("{}", serde_json::json!(&bootstrap_details));
let json = serde_json::to_string_pretty(&bootstrap_details)?;
fs::write(bootstrap_details_file_path, json).context(format!(
"Saving bootstrap data file {} failed",
Expand Down Expand Up @@ -101,16 +103,12 @@ pub fn bootstrap(global_opts: GlobalOpts) -> Result<()> {

pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()> {
// Make sure this SGX instance was bootstrapped
if !is_bootstrapped(&global_opts.secrets_dir) {
bail!("Application was not bootstrapped. Bootstrap it first.");
}
let prev_privkey = load_bootstrap(&global_opts.secrets_dir)
.or_else(|_| bail!("Application was not bootstrapped or has a deprecated bootstrap."))
.unwrap();

println!("Global options: {global_opts:?}, OneShot options: {args:?}");

// Load the signing data
let privkey_path = global_opts.secrets_dir.join(PRIV_KEY_FILENAME);
let prev_privkey = load_private_key(privkey_path)?;
// let (new_privkey, new_pubkey) = generate_new_keypair()?;
let new_pubkey = public_key(&prev_privkey);
let new_instance = public_key_to_address(&new_pubkey);

Expand Down Expand Up @@ -156,9 +154,22 @@ pub async fn one_shot(global_opts: GlobalOpts, args: OneShotArgs) -> Result<()>
print_sgx_info()
}

fn is_bootstrapped(secrets_dir: &Path) -> bool {
fn load_bootstrap(secrets_dir: &Path) -> Result<SecretKey, Error> {
let privkey_path = secrets_dir.join(PRIV_KEY_FILENAME);
privkey_path.is_file() && !privkey_path.metadata().unwrap().permissions().readonly()
if privkey_path.is_file() && !privkey_path.metadata().unwrap().permissions().readonly() {
load_private_key(&privkey_path).map_err(|e| {
anyhow!(
"Failed to load private key from {}: {}",
privkey_path.display(),
e
)
})
} else {
Err(anyhow!(
"No readable private key found in {}",
privkey_path.display()
))
}
}

fn save_attestation_user_report_data(pubkey: Address) -> Result<()> {
Expand Down
23 changes: 13 additions & 10 deletions provers/sgx/prover/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -109,18 +109,18 @@ impl Prover for SgxProver {
setup(&cur_dir, direct_mode).await?;
}

if config.bootstrap {
bootstrap(cur_dir.clone(), gramine_cmd()).await?;
}

// Prove: run for each block
let sgx_proof = if config.prove {
prove(gramine_cmd(), input.clone(), config.instance_id).await
let mut sgx_proof = if config.bootstrap {
bootstrap(cur_dir.clone(), gramine_cmd()).await
} else {
// Dummy proof: it's ok when only setup/bootstrap was requested
Ok(SgxResponse::default())
};

if config.prove {
// overwirte sgx_proof as the bootstrap quote stays the same in bootstrap & prove.
sgx_proof = prove(gramine_cmd(), input.clone(), config.instance_id).await
}

to_proof(sgx_proof)
}

Expand Down Expand Up @@ -202,7 +202,10 @@ async fn setup(cur_dir: &PathBuf, direct_mode: bool) -> ProverResult<(), String>
Ok(())
}

async fn bootstrap(dir: PathBuf, mut gramine_cmd: StdCommand) -> ProverResult<(), String> {
async fn bootstrap(
dir: PathBuf,
mut gramine_cmd: StdCommand,
) -> ProverResult<SgxResponse, ProverError> {
tokio::task::spawn_blocking(move || {
// Bootstrap with new private key for signing proofs
// First delete the private key if it already exists
Expand All @@ -218,10 +221,10 @@ async fn bootstrap(dir: PathBuf, mut gramine_cmd: StdCommand) -> ProverResult<()
.map_err(|e| handle_gramine_error("Could not run SGX guest bootstrap", e))?;
handle_output(&output, "SGX bootstrap")?;

Ok(())
Ok(parse_sgx_result(output.stdout)?)
})
.await
.map_err(|e| e.to_string())?
.map_err(|e| ProverError::GuestError(e.to_string()))?
}

async fn prove(
Expand Down
Loading