Merge pull request #105 from datachainlab/multiple-operators

Multiple operators

Signed-off-by: Jun Kimura <jun.kimura@datachain.jp>

Author: bluele

Cargo.lock

@@ -7,6 +7,7 @@ use clap::Parser;
 use crypto::Address;
 use ecall_commands::IASRemoteAttestationInput;
 use enclave_api::{Enclave, EnclaveCommandAPI, EnclaveProtoAPI};
+use log::info;
 use store::transaction::CommitStore;
 
 /// `attestation` subcommand
@@ -63,6 +64,22 @@ pub struct IASRemoteAttestation {
         help = "An enclave key attested by Remote Attestation"
     )]
     pub enclave_key: String,
+    /// An operator address to perform `registerEnclaveKey` transaction on-chain
+    #[clap(
+        long = "operator",
+        help = "An operator address to perform `registerEnclaveKey` transaction on-chain"
+    )]
+    pub operator: Option<String>,
+}
+
+impl IASRemoteAttestation {
+    fn get_operator(&self) -> Result<Option<Address>> {
+        if let Some(operator) = &self.operator {
+            Ok(Some(Address::from_hex_string(operator)?))
+        } else {
+            Ok(None)
+        }
+    }
 }
 
 fn run_ias_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
@@ -74,10 +91,18 @@ fn run_ias_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
     let target_enclave_key = Address::from_hex_string(&cmd.enclave_key)?;
     match enclave.ias_remote_attestation(IASRemoteAttestationInput {
         target_enclave_key,
+        operator: cmd.get_operator()?,
         spid: spid.as_bytes().to_vec(),
         ias_key: ias_key.as_bytes().to_vec(),
     }) {
-        Ok(_) => Ok(()),
+        Ok(res) => {
+            info!("AVR: {:?}", res.report.avr);
+            info!(
+                "report_data: {}",
+                res.report.get_avr()?.parse_quote()?.report_data()
+            );
+            Ok(())
+        }
         Err(e) => bail!("failed to perform IAS Remote Attestation: {:?}!", e),
     }
 }
@@ -96,6 +121,13 @@ pub struct SimulateRemoteAttestation {
     )]
     pub enclave_key: String,
 
+    /// An operator address to perform `registerEnclaveKey` transaction on-chain
+    #[clap(
+        long = "operator",
+        help = "An operator address to perform `registerEnclaveKey` transaction on-chain"
+    )]
+    pub operator: Option<String>,
+
     /// Path to a der-encoded file that contains X.509 certificate
     #[clap(
         long = "signing_cert_path",
@@ -135,6 +167,17 @@ pub struct SimulateRemoteAttestation {
     pub isv_enclave_quote_status: String,
 }
 
+#[cfg(feature = "sgx-sw")]
+impl SimulateRemoteAttestation {
+    fn get_operator(&self) -> Result<Option<Address>> {
+        if let Some(operator) = &self.operator {
+            Ok(Some(Address::from_hex_string(operator)?))
+        } else {
+            Ok(None)
+        }
+    }
+}
+
 #[cfg(feature = "sgx-sw")]
 fn run_simulate_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
     enclave: E,
@@ -187,13 +230,18 @@ fn run_simulate_remote_attestation<E: EnclaveCommandAPI<S>, S: CommitStore>(
     match enclave.simulate_remote_attestation(
         ecall_commands::SimulateRemoteAttestationInput {
             target_enclave_key,
+            operator: cmd.get_operator()?,
             advisory_ids: cmd.advisory_ids.clone(),
             isv_enclave_quote_status: cmd.isv_enclave_quote_status.clone(),
         },
         signing_key,
         signing_cert,
     ) {
-        Ok(_) => Ok(()),
+        Ok(res) => {
+            info!("AVR: {:?}", res.avr);
+            info!("report_data: {}", res.avr.parse_quote()?.report_data());
+            Ok(())
+        }
         Err(e) => bail!("failed to simulate Remote Attestation: {:?}!", e),
     }
 }

app/src/commands/attestation.rs

@@ -104,9 +104,11 @@ fn run_list_keys<E: EnclaveCommandAPI<S>, S: CommitStore>(
         match eki.avr {
             Some(eavr) => {
                 let avr = eavr.get_avr()?;
+                let report_data = avr.parse_quote()?.report_data();
                 list_json.push(json! {{
                     "address": eki.address.to_hex_string(),
                     "attested": true,
+                    "report_data": report_data.to_string(),
                     "isv_enclave_quote_status": avr.isv_enclave_quote_status,
                     "advisory_ids": avr.advisory_ids,
                     "attested_at": avr.timestamp

app/src/commands/enclave.rs

@@ -1,6 +1,6 @@
 use crate::enclave_manage::errors::Error;
 use crate::prelude::*;
-use attestation_report::verify_report;
+use attestation_report::{verify_report, ReportData};
 use crypto::{EnclaveKey, SealingKey};
 use ecall_commands::{CommandContext, IASRemoteAttestationInput, IASRemoteAttestationResponse};
 use enclave_remote_attestation::{
@@ -18,7 +18,7 @@ pub(crate) fn ias_remote_attestation(
     let report = {
         let spid = decode_spid(&input.spid);
         let report = create_attestation_report(
-            pub_key.as_report_data(),
+            ReportData::new(pub_key.as_address(), input.operator).into(),
             sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE,
             spid,
             &input.ias_key,
@@ -39,7 +39,7 @@ pub(crate) fn simulate_remote_attestation(
     let pub_key =
         EnclaveKey::unseal(&cctx.sealed_ek.ok_or(Error::enclave_key_not_found())?)?.get_pubkey();
     let avr = enclave_remote_attestation::simulate::create_attestation_report(
-        pub_key.as_report_data(),
+        ReportData::new(pub_key.as_address(), input.operator).into(),
         sgx_quote_sign_type_t::SGX_UNLINKABLE_SIGNATURE,
         input.advisory_ids,
         input.isv_enclave_quote_status,

enclave-modules/ecall-handler/src/enclave_manage/attestation.rs

@@ -44,7 +44,7 @@ pub fn aggregate_messages<R: LightClientResolver, S: KVStore, K: Signer>(
         .collect::<Result<Vec<_>, _>>()?;
 
     let message = ProxyMessage::from(commitments::aggregate_messages(messages)?);
-    let proof = prove_commitment(ek, input.signer, message)?;
+    let proof = prove_commitment(ek, message)?;
 
     Ok(LightClientResponse::AggregateMessages(
         AggregateMessagesResponse(proof),

enclave-modules/ecall-handler/src/light_client/aggregate_messages.rs

@@ -32,7 +32,7 @@ pub fn init_client<R: LightClientResolver, S: KVStore, K: Signer>(
     ctx.store_any_consensus_state(client_id.clone(), res.height, any_consensus_state)?;
 
     let proof = if res.prove {
-        prove_commitment(ek, input.signer, res.message)?
+        prove_commitment(ek, res.message)?
     } else {
         CommitmentProof::new_with_no_signature(res.message.to_bytes())
     };

enclave-modules/ecall-handler/src/light_client/init_client.rs

@@ -34,7 +34,7 @@ pub fn update_client<R: LightClientResolver, S: KVStore, K: Signer>(
             )?;
 
             let proof = if data.prove {
-                prove_commitment(ek, input.signer, message)?
+                prove_commitment(ek, message)?
             } else {
                 CommitmentProof::new_with_no_signature(message.to_bytes())
             };
@@ -45,7 +45,7 @@ pub fn update_client<R: LightClientResolver, S: KVStore, K: Signer>(
         UpdateClientResult::Misbehaviour(data) => {
             ctx.store_any_client_state(input.client_id, data.new_any_client_state)?;
 
-            let proof = prove_commitment(ek, input.signer, data.message.into())?;
+            let proof = prove_commitment(ek, data.message.into())?;
             Ok(LightClientResponse::UpdateClient(UpdateClientResponse(
                 proof,
             )))

enclave-modules/ecall-handler/src/light_client/update_client.rs

@@ -28,7 +28,7 @@ pub fn verify_membership<R: LightClientResolver, S: KVStore, K: Signer>(
     )?;
 
     Ok(LightClientResponse::VerifyMembership(
-        VerifyMembershipResponse(prove_commitment(ek, input.signer, res.message.into())?),
+        VerifyMembershipResponse(prove_commitment(ek, res.message.into())?),
     ))
 }
 
@@ -49,6 +49,6 @@ pub fn verify_non_membership<R: LightClientResolver, S: KVStore, K: Signer>(
     )?;
 
     Ok(LightClientResponse::VerifyNonMembership(
-        VerifyNonMembershipResponse(prove_commitment(ek, input.signer, res.message.into())?),
+        VerifyNonMembershipResponse(prove_commitment(ek, res.message.into())?),
     ))
 }

enclave-modules/ecall-handler/src/light_client/verify_state.rs

@@ -15,8 +15,7 @@ use sgx_tstd::{
     net::TcpStream,
     sync::Arc,
 };
-use sgx_types::{c_int, sgx_spid_t};
-use sgx_types::{sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_report_data_t};
+use sgx_types::{c_int, sgx_quote_nonce_t, sgx_quote_sign_type_t, sgx_report_data_t, sgx_spid_t};
 
 pub const REPORT_DATA_SIZE: usize = 32;