mirror of
https://github.com/matter-labs/teepot.git
synced 2025-07-21 15:13:56 +02:00
Merge branch 'main' into missing_recoverid_two
This commit is contained in:
Harald Hoyer
GitHub
commit
bece17f7bf
6 changed files with 70 additions and 52 deletions
|
|
@ -1,5 +1,5 @@
|
|||
// SPDX-License-Identifier: Apache-2.0
|
||||
// Copyright (c) 2023-2024 Matter Labs
|
||||
// Copyright (c) 2023-2025 Matter Labs
|
||||
|
||||
//! Server to handle requests to the Vault TEE
|
||||
|
||||
|
|
@ -9,26 +9,27 @@ mod command;
|
|||
mod digest;
|
||||
mod sign;
|
||||
|
||||
use actix_web::web::Data;
|
||||
use actix_web::{web, App, HttpServer};
|
||||
use actix_web::{web, web::Data, App, HttpServer};
|
||||
use anyhow::{Context, Result};
|
||||
use clap::Parser;
|
||||
use command::post_command;
|
||||
use digest::get_digest;
|
||||
use rustls::ServerConfig;
|
||||
use sign::post_sign;
|
||||
use std::net::Ipv6Addr;
|
||||
use std::sync::Arc;
|
||||
use teepot::json::http::{SignRequest, VaultCommandRequest, DIGEST_URL};
|
||||
use teepot::server::attestation::{get_quote_and_collateral, VaultAttestationArgs};
|
||||
use teepot::server::new_json_cfg;
|
||||
use teepot::server::pki::make_self_signed_cert;
|
||||
use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
|
||||
use std::{net::Ipv6Addr, sync::Arc};
|
||||
use teepot::{
|
||||
json::http::{SignRequest, VaultCommandRequest, DIGEST_URL},
|
||||
server::{
|
||||
attestation::{get_quote_and_collateral, VaultAttestationArgs},
|
||||
new_json_cfg,
|
||||
pki::make_self_signed_cert,
|
||||
},
|
||||
sgx::{parse_tcb_levels, EnumSet, TcbLevel},
|
||||
};
|
||||
use tracing::{error, info};
|
||||
use tracing_actix_web::TracingLogger;
|
||||
use tracing_log::LogTracer;
|
||||
use tracing_subscriber::Registry;
|
||||
use tracing_subscriber::{fmt, prelude::*, EnvFilter};
|
||||
use tracing_subscriber::{fmt, prelude::*, EnvFilter, Registry};
|
||||
|
||||
/// Server state
|
||||
pub struct ServerState {
|
||||
|
|
@ -70,6 +71,8 @@ async fn main() -> Result<()> {
|
|||
// don't return for now, we can still serve requests but we won't be able to attest
|
||||
}
|
||||
|
||||
let _ = rustls::crypto::ring::default_provider().install_default();
|
||||
|
||||
// init server config builder with safe defaults
|
||||
let config = ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
|
|
@ -78,8 +81,6 @@ async fn main() -> Result<()> {
|
|||
|
||||
info!("Starting HTTPS server at port {}", args.port);
|
||||
|
||||
info!("Quote verified! Connection secure!");
|
||||
|
||||
let server_state = Arc::new(ServerState {
|
||||
report_data,
|
||||
vault_attestation: args.attestation,
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// SPDX-License-Identifier: Apache-2.0
|
||||
// Copyright (c) 2023-2024 Matter Labs
|
||||
// Copyright (c) 2023-2025 Matter Labs
|
||||
|
||||
//! Server to initialize and unseal the Vault TEE.
|
||||
|
||||
|
|
@ -9,27 +9,33 @@
|
|||
mod init;
|
||||
mod unseal;
|
||||
|
||||
use actix_web::rt::time::sleep;
|
||||
use actix_web::web::Data;
|
||||
use actix_web::{web, App, HttpServer};
|
||||
use actix_web::{rt::time::sleep, web, web::Data, App, HttpServer};
|
||||
use anyhow::{bail, Context, Result};
|
||||
use awc::Client;
|
||||
use clap::Parser;
|
||||
use init::post_init;
|
||||
use rustls::ServerConfig;
|
||||
use std::fmt::Debug;
|
||||
use std::io::Read;
|
||||
use std::net::Ipv6Addr;
|
||||
use std::path::PathBuf;
|
||||
use std::sync::{Arc, RwLock};
|
||||
use std::time::Duration;
|
||||
use teepot::client::{AttestationArgs, TeeConnection};
|
||||
use teepot::json::http::{Init, Unseal};
|
||||
use teepot::json::secrets::AdminConfig;
|
||||
use teepot::server::attestation::{get_quote_and_collateral, VaultAttestationArgs};
|
||||
use teepot::server::new_json_cfg;
|
||||
use teepot::server::pki::make_self_signed_cert;
|
||||
use teepot::sgx::{parse_tcb_levels, EnumSet, TcbLevel};
|
||||
use std::{
|
||||
fmt::Debug,
|
||||
io::Read,
|
||||
net::Ipv6Addr,
|
||||
path::PathBuf,
|
||||
sync::{Arc, RwLock},
|
||||
time::Duration,
|
||||
};
|
||||
use teepot::{
|
||||
client::{AttestationArgs, TeeConnection},
|
||||
json::{
|
||||
http::{Init, Unseal},
|
||||
secrets::AdminConfig,
|
||||
},
|
||||
server::{
|
||||
attestation::{get_quote_and_collateral, VaultAttestationArgs},
|
||||
new_json_cfg,
|
||||
pki::make_self_signed_cert,
|
||||
},
|
||||
sgx::{parse_tcb_levels, EnumSet, TcbLevel},
|
||||
};
|
||||
use tracing::{error, info};
|
||||
use tracing_log::LogTracer;
|
||||
use tracing_subscriber::{fmt, prelude::*, EnvFilter, Registry};
|
||||
|
|
@ -136,6 +142,8 @@ async fn main() -> Result<()> {
|
|||
|
||||
let (report_data, cert_chain, priv_key) = make_self_signed_cert("CN=localhost", None)?;
|
||||
|
||||
let _ = rustls::crypto::ring::default_provider().install_default();
|
||||
|
||||
// init server config builder with safe defaults
|
||||
let config = ServerConfig::builder()
|
||||
.with_no_client_auth()
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@
|
|||
Verified signature for `81A312C59D679D930FA9E8B06D728F29A2DBABF8`
|
||||
|
||||
❯ RUST_LOG=info cargo run -p vault-admin -- \
|
||||
send \
|
||||
command \
|
||||
--sgx-mrsigner c5591a72b8b86e0d8814d6e8750e3efe66aea2d102b8ba2405365559b858697d \
|
||||
--sgx-allowed-tcb-levels SwHardeningNeeded \
|
||||
--server https://127.0.0.1:8444 \
|
||||
|
|
|
|||
|
|
@ -1,5 +1,5 @@
|
|||
// SPDX-License-Identifier: Apache-2.0
|
||||
// Copyright (c) 2023-2024 Matter Labs
|
||||
// Copyright (c) 2023-2025 Matter Labs
|
||||
|
||||
use anyhow::{anyhow, bail, Context, Result};
|
||||
use clap::{Args, Parser, Subcommand};
|
||||
|
|
@ -117,8 +117,6 @@ async fn main() -> Result<()> {
|
|||
&args.log_level,
|
||||
)?)?;
|
||||
|
||||
info!("Quote verified! Connection secure!");
|
||||
|
||||
match args.cmd {
|
||||
SubCommands::Command(args) => send_commands(args).await?,
|
||||
SubCommands::SignTee(args) => send_sig_request(args).await?,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue