teepot

mirror of https://github.com/matter-labs/teepot.git synced 2025-07-21 15:13:56 +02:00

Author	SHA1	Message	Date
Harald Hoyer	af3ab51320	feat(logging): centralize logging setup in teepot crate - Added a new logging module in `teepot` crate. - Removed redundant logging setup code from individual projects. - Updated dependencies and references for logging setup. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-18 16:08:13 +02:00
Patryk Bęza	9bf40c9cb9	feat(tee): use hex deserialization for RPC requests Following Anton's suggestion, we have switched to hex serialization for API/RPC requests and responses. Previously, we used default JSON serialization for Vec<u8>, which resulted in a lengthy comma-separated list of integers. This change standardizes serialization, making it more efficient and reducing the size of the responses. The previous format, with a series of comma-separated integers for pubkey-like fields, looked odd. Then: ``` curl -X POST\ -H "Content-Type: application/json" \ --data '{"jsonrpc": "2.0", "id": 1, "method": "unstable_getTeeProofs", "params": [491882, "Sgx"] }' \ https://mainnet.era.zksync.io {"jsonrpc":"2.0","result":[{"attestation":[3,0,2,0,0,0,0,0,10,<dozens of comma-separated integers here> ``` Now: ``` $ curl -X POST \ -H "Content-Type: application/json" \ --data '{"jsonrpc": "2.0", "id": 1, "method": "unstable_getTeeProofs", "params": [1, "sgx"] }' \ http://localhost:3050 {"jsonrpc":"2.0","result":[{"l1BatchNumber":1,"teeType":"sgx","pubkey":"0506070809","signature":"0001020304","proof":"0a0b0c0d0e","provedAt":"2024-09-16T11:53:38.253033Z","attestation":"0403020100"}],"id":1} ``` This change needs to be deployed in lockstep with: https://github.com/matter-labs/zksync-era/pull/2887.	2024-09-18 14:10:21 +02:00
Harald Hoyer	77818cffef	chore: Release	2024-09-16 17:01:14 +02:00
Harald Hoyer	7743c1321a	chore: prepare release tags * set `publish = false` for multiple Cargo.toml files * cargo update * fix taplo.toml * sort `workspace.dependencies` * add `cargo-release` to nix shell Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-16 16:14:26 +02:00
Patryk Bęza	4fcaaa7398	feat(verify-era-proof-attestation): continuous mode with attestation policies This PR introduces TEE Prover continuous mode with attestation policies. Attestation policies are a set of criteria that determine whether an SGX attestation should be considered valid or invalid. In practice, this means checking against a specified set of mrsigners, mrenclaves, and TCB levels. If the attestation’s mrenclave/mrsigner/TCB levels matches those in the provided --sgx-mrenclaves/--sgx-mrsigners/--sgx-allowed-tcb-levels, we treat the attestation as successfully verified. Otherwise, the attestation is considered invalid. The --continuous mode for the TEE Prover allows it to run continuously, verifying new batches exposed by the node's RPC API in real-time. To try it out, run the following commands: $ nix build -L .#container-verify-era-proof-attestation-sgx $ export IMAGE_TAG=$(docker load -i result \| grep -Po 'Loaded image.: \K.') $ docker run -i --init --rm $IMAGE_TAG --continuous 11505 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug $ docker run -i --init --rm $IMAGE_TAG --batch 11509 --rpc https://sepolia.era.zksync.dev --sgx-allowed-tcb-levels Ok,SwHardeningNeeded --log-level debug	2024-09-13 19:34:37 +02:00
Harald Hoyer	b0ac83b78e	chore: update Cargo.lock Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 13:24:18 +02:00
Harald Hoyer	c94912d832	feat(tee-key-preexec): add cmdline arg for env prefix - Introduced `clap` for command-line argument parsing. - Replaced manual argument handling with `clap`'s derived `Args` struct. - Updated environmental variables to use dynamic prefixes. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-09-03 10:42:42 +02:00
Patryk Bęza	5e4b8901b0	feat(verify-attestation): RPC attestation and batch signature verification binary This is another variant of the binary tool for verifying attestation and the signature of a given batch. Unlike the existing tool, this variant does not require you to provide two separate files—one for the attestation and one for the signature. Instead, it automatically fetches both from the RPC node. Unfortunately, after discussing with @popzxc, we found that there is no way to reuse the RPC client because our published crates on crates.io are outdated and do not include the recently merged TEE-specific code changes. To be fixed in the future.	2024-08-30 12:14:55 +02:00
renovate[bot]	6b7e1b09cb	chore(deps): update rust crate serde to v1.0.205	2024-08-08 02:33:26 +00:00
Harald Hoyer	0bdc3425e4	chore: cargo update and fix `cargo clippy` issues. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-08-07 15:26:20 +02:00
renovate[bot]	6b3a60c3d1	chore(deps): update rust crate tokio to v1.39.1	2024-07-23 16:34:36 +00:00
Patryk Bęza	ad6ce872f8	fix(verify-attestation): simplify dependencies The zksync crates have recently been published on crates.io. Let's take advantage of them! Specifically, we are replacing alloy-primitives with zksync_basic_types to avoid the additional transitive dependencies introduced by alloy.	2024-07-22 14:45:27 +02:00
Patryk Bęza	78447ea307	Unify verify-attestation-sgx and verify-attestation Rationale: too much copy-paste	2024-07-11 17:13:11 +02:00
Patryk Bęza	f3f6ea1dba	Introduce root_hash option	2024-07-11 11:29:37 +02:00
Patryk Bęza	f90088be76	SGX attestation & batch signature verification tool	2024-07-10 14:47:07 +02:00
renovate[bot]	50bf6bd57b	chore(deps): update rust crate serde_with to v3.8.2	2024-07-02 14:59:45 +00:00
renovate[bot]	4d10b7368e	chore(deps): update rust crate pgp to v0.13.1	2024-07-02 14:15:24 +00:00
renovate[bot]	cce76133e0	chore(deps): update rust crate clap to v4.5.8	2024-07-02 13:42:52 +00:00
renovate[bot]	c0b49359b0	chore(deps): update rust crate serde_json to v1.0.120	2024-07-02 12:44:20 +00:00
Patryk Bęza	4c76318702	Replace secp256k1 with k256 crate Rationale: we already have secp256k1 in our dependencies, as suggested by Igor: https://github.com/matter-labs/zksync-era/pull/2333#discussion_r1656531731	2024-07-01 14:17:13 +02:00
renovate[bot]	1737f2d149	chore(deps): update rust crate log to v0.4.22	2024-06-28 01:01:27 +00:00
renovate[bot]	b77f130ffa	chore(deps): update rust crate serde_json to v1.0.118	2024-06-27 14:58:33 +00:00
renovate[bot]	6a3d2eaaa7	chore(deps): update rust crate bitflags to v2.6.0	2024-06-25 01:46:09 +00:00
Harald Hoyer	df7973c501	chore: cargo update + taplo fmt Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-20 14:00:18 +02:00
renovate[bot]	0a01ae50e2	chore(deps): update rust crate pgp to 0.13	2024-06-18 09:15:55 +00:00
Harald Hoyer	795965dbbd	chore(deps): update deps and licenses add `Unicode-3.0` as approved license. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-06-12 15:00:10 +02:00
Harald Hoyer	81d4077a6e	chore(deps): cargo update Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-05-21 13:26:29 +02:00
renovate[bot]	5dd131c078	chore(deps): update rust crate bytemuck to v1.16.0	2024-05-21 10:58:39 +00:00
renovate[bot]	1ee5f10eb3	chore(deps): update rust crate anyhow to v1.0.83	2024-05-07 20:12:16 +00:00
renovate[bot]	3549a79bb6	chore(deps): update rust crate serde to v1.0.200	2024-05-07 18:45:29 +00:00
renovate[bot]	39ce83ffca	chore(deps): update rust crate bytes to v1.6.0	2024-05-07 15:31:30 +00:00
renovate[bot]	1d3e51594b	chore(deps): update rust crate tokio to v1.37.0	2024-05-07 15:26:11 +00:00
renovate[bot]	118bb076af	chore(deps): update rust crate rustls to v0.22.4 [security]	2024-04-29 10:57:16 +00:00
renovate[bot]	603cf9b38d	chore(deps): update rust crate thiserror to 1.0.59	2024-04-29 09:50:50 +00:00
renovate[bot]	e61e970e16	chore(deps): update rust crate serde_with to 3.8	2024-04-29 08:51:25 +00:00
renovate[bot]	e315d057a3	chore(deps): update rust crate getrandom to 0.2.14	2024-04-18 12:07:26 +00:00
renovate[bot]	5d29dc0cba	chore(deps): update rust crate der to 0.7.9	2024-04-17 08:43:33 +00:00
renovate[bot]	c1874c16f6	chore(deps): update rust crate anyhow to 1.0.82	2024-04-10 08:24:47 +00:00
renovate[bot]	0cd832aca3	chore(deps): update rust crate bitflags to 2.5	2024-03-28 09:09:55 +00:00
renovate[bot]	992d97e836	chore(deps): update rust crate bytemuck to 1.15.0	2024-03-13 08:10:13 +00:00
Harald Hoyer	af5df7864c	chore: Release	2024-03-12 15:23:51 +01:00
Harald Hoyer	2f71d4b42e	chore: Release	2024-03-12 15:10:22 +01:00
Harald Hoyer	ec553240c2	chore: Release	2024-03-12 15:09:31 +01:00
Harald Hoyer	8dd4c1292a	chore: rename intel-tee-quote-verification-rs to teepot-tee-quote-verification-rs and prepare to publish on crates.io Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-12 11:57:21 +01:00
renovate[bot]	fbae6b3027	chore(deps): update rust crate serde_with to 3.7	2024-03-12 09:50:19 +00:00
renovate[bot]	a27aebcd4a	chore(deps): update rust crate anyhow to 1.0.81	2024-03-12 09:39:04 +00:00
renovate[bot]	46580fd85b	chore(deps): update rust crate thiserror to 1.0.58	2024-03-12 09:32:52 +00:00
Harald Hoyer	0654bacdb5	ci: use `crane` flake to build with nix This enables to add cargo `fmt`, `clippy` and `deny` to nix, using cached results. Move the `teepot` crate to the `crates` subdir to make the life easier for the `crane` flake. Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-11 10:01:59 +01:00
Harald Hoyer	97420df006	feat: attestation test on azure and default dcap ``` ❯ docker run -i --rm --privileged --device /dev/sgx_enclave --net host \ matterlabsrobot/teepot-self-attestation-test-sgx-azure:latest \ \| base64 -d --ignore-garbage \ \| docker run -i --rm --net host matterlabsrobot/verify-attestation-sgx-azure:latest ``` Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-07 16:05:27 +01:00
Harald Hoyer	f875e7a6e4	chore(deps): update rust crate base64 to 0.22.0 Signed-off-by: Harald Hoyer <harald@matterlabs.dev>	2024-03-05 11:10:41 +01:00

1 2

63 commits