mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 07:03:56 +02:00
chore: cargo deps update
with code fixes for the new versions. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>
This commit is contained in:
Harald Hoyer
parent
99ab2f2b76
commit
45309e58f4
GPG key ID:
F519A1143B3FBE32
6 changed files with 447 additions and 393 deletions
794
Cargo.lock
generated
794
Cargo.lock
generated
File diff suppressed because it is too large
Load diff
13
Cargo.toml
13
Cargo.toml
|
|
@ -25,28 +25,27 @@ bytemuck = { version = "1.15.0", features = ["derive", "min_const_generics", "ex
|
||||||
bytes = "1"
|
bytes = "1"
|
||||||
clap = { version = "4.5", features = ["std", "derive", "env", "error-context", "help", "usage", "wrap_help"], default-features = false }
|
clap = { version = "4.5", features = ["std", "derive", "env", "error-context", "help", "usage", "wrap_help"], default-features = false }
|
||||||
const-oid = { version = "0.9", default-features = false }
|
const-oid = { version = "0.9", default-features = false }
|
||||||
ctrlc = "3.4"
|
|
||||||
enumset = { version = "1.1", features = ["serde"] }
|
enumset = { version = "1.1", features = ["serde"] }
|
||||||
futures-core = { version = "0.3.30", features = ["alloc"], default-features = false }
|
futures-core = { version = "0.3.30", features = ["alloc"], default-features = false }
|
||||||
getrandom = "0.2.14"
|
getrandom = { version = "0.3.1", features = ["std"] }
|
||||||
gpt = "4.0.0"
|
gpt = "4.0.0"
|
||||||
hex = { version = "0.4.3", features = ["std"], default-features = false }
|
hex = { version = "0.4.3", features = ["std"], default-features = false }
|
||||||
intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.3.0" }
|
intel-tee-quote-verification-rs = { package = "teepot-tee-quote-verification-rs", path = "crates/teepot-tee-quote-verification-rs", version = "0.3.0" }
|
||||||
intel-tee-quote-verification-sys = { version = "0.2.1" }
|
intel-tee-quote-verification-sys = { version = "0.2.1" }
|
||||||
jsonrpsee-types = { version = "0.23", default-features = false }
|
jsonrpsee-types = { version = "0.24", default-features = false }
|
||||||
num-integer = "0.1.46"
|
num-integer = "0.1.46"
|
||||||
num-traits = "0.2.18"
|
num-traits = "0.2.18"
|
||||||
p256 = "0.13.2"
|
p256 = "0.13.2"
|
||||||
pe-sign = "0.1.10"
|
pe-sign = "0.1.10"
|
||||||
pgp = "0.14.2"
|
pgp = "0.15"
|
||||||
pkcs8 = { version = "0.10" }
|
pkcs8 = { version = "0.10" }
|
||||||
rand = "0.8"
|
rand = { version = "0.8", features = ["std", "std_rng"] }
|
||||||
reqwest = { version = "0.12", features = ["json"] }
|
reqwest = { version = "0.12", features = ["json"] }
|
||||||
reqwest-middleware = "0.4.0"
|
reqwest-middleware = "0.4.0"
|
||||||
reqwest-retry = "0.7.0"
|
reqwest-retry = "0.7.0"
|
||||||
rsa = { version = "0.9.6", features = ["sha2", "pem"] }
|
rsa = { version = "0.9.6", features = ["sha2", "pem"] }
|
||||||
rustls = { version = "0.23.20" }
|
rustls = { version = "0.23.20" }
|
||||||
secp256k1 = { version = "0.29", features = ["rand-std", "global-context"] }
|
secp256k1 = { version = "0.30", features = ["rand", "global-context"] }
|
||||||
serde = { version = "1", features = ["derive", "rc"] }
|
serde = { version = "1", features = ["derive", "rc"] }
|
||||||
serde_json = "1"
|
serde_json = "1"
|
||||||
serde_with = { version = "3.8", features = ["base64", "hex"] }
|
serde_with = { version = "3.8", features = ["base64", "hex"] }
|
||||||
|
|
@ -56,7 +55,7 @@ signature = "2.2.0"
|
||||||
tdx-attest-rs = { version = "0.1.2", git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", rev = "aa239d25a437a28f3f4de92c38f5b6809faac842" }
|
tdx-attest-rs = { version = "0.1.2", git = "https://github.com/intel/SGXDataCenterAttestationPrimitives.git", rev = "aa239d25a437a28f3f4de92c38f5b6809faac842" }
|
||||||
teepot = { path = "crates/teepot" }
|
teepot = { path = "crates/teepot" }
|
||||||
testaso = "0.1.0"
|
testaso = "0.1.0"
|
||||||
thiserror = "1.0.59"
|
thiserror = "2.0.11"
|
||||||
tokio = { version = "1", features = ["sync", "macros", "rt-multi-thread", "fs", "time"] }
|
tokio = { version = "1", features = ["sync", "macros", "rt-multi-thread", "fs", "time"] }
|
||||||
tracing = "0.1"
|
tracing = "0.1"
|
||||||
tracing-actix-web = "0.7"
|
tracing-actix-web = "0.7"
|
||||||
|
|
|
||||||
|
|
@ -10,7 +10,6 @@ version.workspace = true
|
||||||
[dependencies]
|
[dependencies]
|
||||||
anyhow.workspace = true
|
anyhow.workspace = true
|
||||||
clap.workspace = true
|
clap.workspace = true
|
||||||
ctrlc.workspace = true
|
|
||||||
hex.workspace = true
|
hex.workspace = true
|
||||||
jsonrpsee-types.workspace = true
|
jsonrpsee-types.workspace = true
|
||||||
reqwest.workspace = true
|
reqwest.workspace = true
|
||||||
|
|
@ -20,7 +19,6 @@ serde_with = { workspace = true, features = ["hex"] }
|
||||||
teepot.workspace = true
|
teepot.workspace = true
|
||||||
tokio.workspace = true
|
tokio.workspace = true
|
||||||
tracing.workspace = true
|
tracing.workspace = true
|
||||||
tracing-log.workspace = true
|
|
||||||
tracing-subscriber.workspace = true
|
tracing-subscriber.workspace = true
|
||||||
url.workspace = true
|
url.workspace = true
|
||||||
zksync_basic_types.workspace = true
|
zksync_basic_types.workspace = true
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
// Copyright (c) 2023-2024 Matter Labs
|
// Copyright (c) 2023-2025 Matter Labs
|
||||||
|
|
||||||
//! Ethereum-specific helper functions for on-chain verification of Intel SGX attestation.
|
//! Ethereum-specific helper functions for on-chain verification of Intel SGX attestation.
|
||||||
|
|
||||||
|
|
@ -15,7 +15,7 @@ use sha3::{Digest, Keccak256};
|
||||||
pub fn recover_signer(sig: &[u8; 65], root_hash: &Message) -> Result<[u8; 20]> {
|
pub fn recover_signer(sig: &[u8; 65], root_hash: &Message) -> Result<[u8; 20]> {
|
||||||
let sig = RecoverableSignature::from_compact(
|
let sig = RecoverableSignature::from_compact(
|
||||||
&sig[0..64],
|
&sig[0..64],
|
||||||
RecoveryId::from_i32(sig[64] as i32 - 27)?,
|
RecoveryId::try_from(sig[64] as i32 - 27)?,
|
||||||
)?;
|
)?;
|
||||||
let public = SECP256K1.recover_ecdsa(root_hash, &sig)?;
|
let public = SECP256K1.recover_ecdsa(root_hash, &sig)?;
|
||||||
Ok(public_key_to_ethereum_address(&public))
|
Ok(public_key_to_ethereum_address(&public))
|
||||||
|
|
@ -50,7 +50,7 @@ mod tests {
|
||||||
signature[..64].copy_from_slice(&data);
|
signature[..64].copy_from_slice(&data);
|
||||||
// as defined in the Ethereum Yellow Paper (Appendix F)
|
// as defined in the Ethereum Yellow Paper (Appendix F)
|
||||||
// https://ethereum.github.io/yellowpaper/paper.pdf
|
// https://ethereum.github.io/yellowpaper/paper.pdf
|
||||||
signature[64] = 27 + rec_id.to_i32() as u8;
|
signature[64] = 27 + i32::from(rec_id) as u8;
|
||||||
|
|
||||||
Ok(signature)
|
Ok(signature)
|
||||||
}
|
}
|
||||||
|
|
@ -63,7 +63,8 @@ mod tests {
|
||||||
let secret_key_bytes =
|
let secret_key_bytes =
|
||||||
hex::decode("c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3")
|
hex::decode("c87509a1c067bbde78beb793e6fa76530b6382a4c0241e5e4a9ec0a0f44dc0d3")
|
||||||
.unwrap();
|
.unwrap();
|
||||||
let secret_key = SecretKey::from_slice(&secret_key_bytes).unwrap();
|
let secret_key =
|
||||||
|
SecretKey::from_byte_array(secret_key_bytes.as_slice().try_into().unwrap()).unwrap();
|
||||||
let public_key = PublicKey::from_secret_key(&secp, &secret_key);
|
let public_key = PublicKey::from_secret_key(&secp, &secret_key);
|
||||||
let expected_address = hex::decode("627306090abaB3A6e1400e9345bC60c78a8BEf57").unwrap();
|
let expected_address = hex::decode("627306090abaB3A6e1400e9345bC60c78a8BEf57").unwrap();
|
||||||
let address = public_key_to_ethereum_address(&public_key);
|
let address = public_key_to_ethereum_address(&public_key);
|
||||||
|
|
@ -74,7 +75,7 @@ mod tests {
|
||||||
// the secret key
|
// the secret key
|
||||||
let root_hash = H256::random();
|
let root_hash = H256::random();
|
||||||
let root_hash_bytes = root_hash.as_bytes();
|
let root_hash_bytes = root_hash.as_bytes();
|
||||||
let msg_to_sign = Message::from_digest_slice(root_hash_bytes).unwrap();
|
let msg_to_sign = Message::from_digest(root_hash_bytes.try_into().unwrap());
|
||||||
let signature = sign_message(&secret_key, msg_to_sign).unwrap();
|
let signature = sign_message(&secret_key, msg_to_sign).unwrap();
|
||||||
|
|
||||||
// Recover the signer's Ethereum address from the signature and the message, and verify it
|
// Recover the signer's Ethereum address from the signature and the message, and verify it
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
// Copyright (c) 2023-2024 Matter Labs
|
// Copyright (c) 2023-2025 Matter Labs
|
||||||
|
|
||||||
//! Create a private key and a signed and self-signed certificates
|
//! Create a private key and a signed and self-signed certificates
|
||||||
|
|
||||||
|
|
@ -10,10 +10,10 @@ use const_oid::{
|
||||||
db::rfc5280::{ID_KP_CLIENT_AUTH, ID_KP_SERVER_AUTH},
|
db::rfc5280::{ID_KP_CLIENT_AUTH, ID_KP_SERVER_AUTH},
|
||||||
AssociatedOid,
|
AssociatedOid,
|
||||||
};
|
};
|
||||||
use getrandom::getrandom;
|
|
||||||
use intel_tee_quote_verification_rs::tee_qv_get_collateral;
|
use intel_tee_quote_verification_rs::tee_qv_get_collateral;
|
||||||
use p256::{ecdsa::DerSignature, pkcs8::EncodePrivateKey};
|
use p256::{ecdsa::DerSignature, pkcs8::EncodePrivateKey};
|
||||||
use pkcs8::der;
|
use pkcs8::der;
|
||||||
|
use rand::rngs::OsRng;
|
||||||
use rustls::pki_types::PrivatePkcs8KeyDer;
|
use rustls::pki_types::PrivatePkcs8KeyDer;
|
||||||
use sha2::{Digest, Sha256};
|
use sha2::{Digest, Sha256};
|
||||||
use signature::Signer;
|
use signature::Signer;
|
||||||
|
|
@ -136,7 +136,7 @@ pub fn make_self_signed_cert(
|
||||||
rustls::pki_types::PrivateKeyDer<'static>,
|
rustls::pki_types::PrivateKeyDer<'static>,
|
||||||
)> {
|
)> {
|
||||||
// Generate a keypair.
|
// Generate a keypair.
|
||||||
let mut rng = rand::thread_rng();
|
let mut rng = OsRng;
|
||||||
let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
|
let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
|
||||||
let verifying_key = signing_key.verifying_key();
|
let verifying_key = signing_key.verifying_key();
|
||||||
let verifying_key_der = verifying_key
|
let verifying_key_der = verifying_key
|
||||||
|
|
@ -154,7 +154,7 @@ pub fn make_self_signed_cert(
|
||||||
let collateral = tee_qv_get_collateral("e).context("Failed to get own collateral")?;
|
let collateral = tee_qv_get_collateral("e).context("Failed to get own collateral")?;
|
||||||
|
|
||||||
let mut serial = [0u8; 16];
|
let mut serial = [0u8; 16];
|
||||||
getrandom(&mut serial)?;
|
getrandom::fill(&mut serial)?;
|
||||||
|
|
||||||
let mut builder = CertificateBuilder::new(
|
let mut builder = CertificateBuilder::new(
|
||||||
Profile::Leaf {
|
Profile::Leaf {
|
||||||
|
|
@ -223,7 +223,7 @@ where
|
||||||
S::VerifyingKey: EncodePublicKey,
|
S::VerifyingKey: EncodePublicKey,
|
||||||
{
|
{
|
||||||
// Generate a keypair.
|
// Generate a keypair.
|
||||||
let mut rng = rand::thread_rng();
|
let mut rng = rand::rngs::OsRng;
|
||||||
let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
|
let signing_key = p256::ecdsa::SigningKey::random(&mut rng);
|
||||||
let verifying_key = signing_key.verifying_key();
|
let verifying_key = signing_key.verifying_key();
|
||||||
let verifying_key_der = verifying_key
|
let verifying_key_der = verifying_key
|
||||||
|
|
@ -240,7 +240,7 @@ where
|
||||||
let subject = Name::from_str(dn)?;
|
let subject = Name::from_str(dn)?;
|
||||||
|
|
||||||
let mut serial = [0u8; 16];
|
let mut serial = [0u8; 16];
|
||||||
getrandom(&mut serial)?;
|
getrandom::fill(&mut serial)?;
|
||||||
|
|
||||||
let mut builder = CertificateBuilder::new(
|
let mut builder = CertificateBuilder::new(
|
||||||
Profile::Leaf {
|
Profile::Leaf {
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
// SPDX-License-Identifier: Apache-2.0
|
// SPDX-License-Identifier: Apache-2.0
|
||||||
// Copyright (c) 2023-2024 Matter Labs
|
// Copyright (c) 2023-2025 Matter Labs
|
||||||
|
|
||||||
// Copyright (c) The Enarx Project Developers https://github.com/enarx/sgx
|
// Copyright (c) The Enarx Project Developers https://github.com/enarx/sgx
|
||||||
|
|
||||||
|
|
@ -12,14 +12,12 @@
|
||||||
use bytemuck::{bytes_of, Pod, Zeroable};
|
use bytemuck::{bytes_of, Pod, Zeroable};
|
||||||
use num_integer::Integer;
|
use num_integer::Integer;
|
||||||
use num_traits::ToPrimitive;
|
use num_traits::ToPrimitive;
|
||||||
use rand::thread_rng;
|
|
||||||
use rsa::{
|
use rsa::{
|
||||||
pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey, LineEnding},
|
pkcs1::{DecodeRsaPrivateKey, EncodeRsaPrivateKey, LineEnding},
|
||||||
traits::PublicKeyParts,
|
traits::PublicKeyParts,
|
||||||
BigUint, Pkcs1v15Sign, RsaPrivateKey,
|
BigUint, Pkcs1v15Sign, RsaPrivateKey,
|
||||||
};
|
};
|
||||||
use sha2::Digest as _;
|
use sha2::{Digest as _, Sha256};
|
||||||
use sha2::Sha256;
|
|
||||||
pub use zeroize::Zeroizing;
|
pub use zeroize::Zeroizing;
|
||||||
|
|
||||||
/// Enclave CPU attributes
|
/// Enclave CPU attributes
|
||||||
|
|
@ -270,7 +268,7 @@ impl PrivateKey for RS256PrivateKey {
|
||||||
type Error = rsa::errors::Error;
|
type Error = rsa::errors::Error;
|
||||||
|
|
||||||
fn generate(exponent: u8) -> Result<Self, Self::Error> {
|
fn generate(exponent: u8) -> Result<Self, Self::Error> {
|
||||||
let mut rng = thread_rng();
|
let mut rng = rand::rngs::OsRng;
|
||||||
let exp = BigUint::from(exponent);
|
let exp = BigUint::from(exponent);
|
||||||
let key = RsaPrivateKey::new_with_exp(&mut rng, 384 * 8, &exp)?;
|
let key = RsaPrivateKey::new_with_exp(&mut rng, 384 * 8, &exp)?;
|
||||||
Ok(Self::new(key))
|
Ok(Self::new(key))
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue