From f90088be7683e08b6f1b07a1bf68333056aff852 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20B=C4=99za?= Date: Wed, 10 Jul 2024 12:09:56 +0200 Subject: [PATCH] SGX attestation & batch signature verification tool --- Cargo.lock | 11 +++ bin/verify-attestation-sgx/Cargo.toml | 15 ++++ bin/verify-attestation-sgx/src/main.rs | 83 +++++++++++++++++++ .../src/lib.rs | 2 +- packages/teepot/default.nix | 1 + 5 files changed, 111 insertions(+), 1 deletion(-) create mode 100644 bin/verify-attestation-sgx/Cargo.toml create mode 100644 bin/verify-attestation-sgx/src/main.rs diff --git a/Cargo.lock b/Cargo.lock index 0054c20..bafde04 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -3075,6 +3075,17 @@ dependencies = [ "teepot", ] +[[package]] +name = "verify-attestation-sgx" +version = "0.1.2-alpha.1" +dependencies = [ + "anyhow", + "clap", + "hex", + "secp256k1", + "teepot", +] + [[package]] name = "version_check" version = "0.9.4" diff --git a/bin/verify-attestation-sgx/Cargo.toml b/bin/verify-attestation-sgx/Cargo.toml new file mode 100644 index 0000000..cac3436 --- /dev/null +++ b/bin/verify-attestation-sgx/Cargo.toml @@ -0,0 +1,15 @@ +[package] +name = "verify-attestation-sgx" +version.workspace = true +edition.workspace = true +authors.workspace = true +license.workspace = true +repository.workspace = true +homepage.workspace = true + +[dependencies] +anyhow.workspace = true +clap.workspace = true +hex.workspace = true +secp256k1.workspace = true +teepot.workspace = true diff --git a/bin/verify-attestation-sgx/src/main.rs b/bin/verify-attestation-sgx/src/main.rs new file mode 100644 index 0000000..f5535eb --- /dev/null +++ b/bin/verify-attestation-sgx/src/main.rs @@ -0,0 +1,83 @@ +// SPDX-License-Identifier: Apache-2.0 +// Copyright (c) 2023-2024 Matter Labs + +//! Tool for SGX attestation and batch signature verification + +use anyhow::{bail, Context, Result}; +use clap::Parser; +use secp256k1::{ecdsa::Signature, Message, PublicKey}; +use std::fs; +use std::path::PathBuf; +use std::time::UNIX_EPOCH; +use teepot::client::TcbLevel; +use teepot::sgx::{tee_qv_get_collateral, verify_quote_with_collateral, QuoteVerificationResult}; + +#[derive(Parser, Debug)] +#[command(author = "Matter Labs", version, about = "TEE attestation verifier", long_about = None)] +struct Arguments { + /// File containing a batch signature signed within a TEE enclave. + #[clap(long)] + signature_file: Option, + /// File with attestation quote proving signature originated from a TEE enclave. + #[clap(long)] + attestation_file: PathBuf, +} + +fn main() -> Result<()> { + let args = Arguments::parse(); + let attestation_quote_bytes = fs::read(&args.attestation_file)?; + let quote_verification_result = verify_attestation_quote(&attestation_quote_bytes)?; + print_quote_verification_summary("e_verification_result); + if let Some(signature_file) = args.signature_file { + let reportdata = "e_verification_result.quote.report_body.reportdata; + let verifying_key = PublicKey::from_slice(reportdata)?; + // let signature_bytes = fs::read(&args.signature_file)?; + // let signature = Signature::from_compact(&signature_bytes)?; + let signature = fs::read(&args.signature_file)?.map(Signature::from_compact)?; + let message = Message::from_slice(reportdata)?; // TODO + if signature.verify(&message, &verifying_key).is_ok() { + println!("Signature verified successfully"); + } else { + println!("Failed to verify signature"); + } + } + Ok(()) +} + +fn verify_attestation_quote<'a>( + attestation_quote_bytes: &'a Vec, +) -> Result> { + println!( + "Verifying quote ({} bytes)...", + attestation_quote_bytes.len() + ); + let collateral = + tee_qv_get_collateral(&attestation_quote_bytes).context("Failed to get collateral")?; + let unix_time: i64 = std::time::SystemTime::now() + .duration_since(UNIX_EPOCH)? + .as_secs() as _; + verify_quote_with_collateral(&attestation_quote_bytes, Some(&collateral), unix_time) + .context("Failed to verify quote with collateral") +} + +fn print_quote_verification_summary<'a>(quote_verification_result: &QuoteVerificationResult<'a>) { + let QuoteVerificationResult { + collateral_expired, + result, + + quote, + advisories, + .. + } = quote_verification_result; + if *collateral_expired { + println!("Freshly fetched collateral expired"); + } + let tcblevel = TcbLevel::from(*result); + for advisory in advisories { + println!("\tInfo: Advisory ID: {advisory}"); + } + println!("Quote verification result: {}", tcblevel); + println!("mrsigner: {}", hex::encode(quote.report_body.mrsigner)); + println!("mrenclave: {}", hex::encode(quote.report_body.mrenclave)); + println!("reportdata: {}", hex::encode(quote.report_body.reportdata)); +} diff --git a/crates/teepot-tee-quote-verification-rs/src/lib.rs b/crates/teepot-tee-quote-verification-rs/src/lib.rs index 82922a3..22c8055 100644 --- a/crates/teepot-tee-quote-verification-rs/src/lib.rs +++ b/crates/teepot-tee-quote-verification-rs/src/lib.rs @@ -416,7 +416,7 @@ impl<'a> Deref for SgxQlQveCollateralT<'a> { /// SGX/TDX Quote, presented as u8 vector. /// /// # Return -/// Result type of quote_collecteral. +/// Result type of quote_collateral. /// /// - **quote_collateral**\ /// This is the Quote Certification Collateral retrieved based on Quote. diff --git a/packages/teepot/default.nix b/packages/teepot/default.nix index 1a8745c..8f04925 100644 --- a/packages/teepot/default.nix +++ b/packages/teepot/default.nix @@ -29,6 +29,7 @@ "vault_admin" "vault_unseal" "verify_attestation" + "verify_attestation_sgx" ]; postInstall = '' removeReferencesToVendoredSources "$out" "$cargoVendorDir"