Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attesteer API for requesting remote attestation #1180

Closed
2 tasks
clangenb opened this issue Feb 21, 2023 · 2 comments · Fixed by #1201
Closed
2 tasks

Attesteer API for requesting remote attestation #1180

clangenb opened this issue Feb 21, 2023 · 2 comments · Fixed by #1201

Comments

@clangenb
Copy link
Contributor

clangenb commented Feb 21, 2023
edited
Loading

So far we have only implemented the PoC for the Attesteer such that it can fetch the Marbles of Marblerun and fetch the enclave quote to send a remote attestation on chain. However, for non-security setups, we need to expose an endpoint to request forwarding of a remote attestation. This should be fairly simple:

  • Add RPC method to the trusted TLS server to request forwarding. One for IAS and one for DCAP.
  • We also need to check f the requester has subscribed to using the service. We will probably have a pro-rata billig, so we need a local DB that stores per subscriber: 1. Remaining quota, 2. How many requests have been sent. Not sure about the second though, all the remote attestations are already on the public blockchain.
@clangenb
Copy link
Contributor Author

Should we consider that this could also be a pull service?

@OverOrion OverOrion mentioned this issue Mar 2, 2023
Merged
@clangenb
Copy link
Contributor Author

clangenb commented Mar 9, 2023
edited
Loading

So summarizing about what we talked about: The Attesteer shall be used by clients who do not use our SDK; hence we should not use the TrustedOperation in the RPC, which will also remove the double encryption issue for this specific RPC. Steps to do:

  1. Add two commands here: https://github.com/integritee-network/worker/tree/b900e2da99c3d766a2adddd7b2bfb5f46c105f29/cli/src, in a new module attesteer similar to evm and oracle.
    Todo: in what format is it the easiest to supply the attestation to the CLI (hex, json)? in a first step, we could also read it from the file system if we have one available/or even hardcode it. -> Go for the quickest solution here, and refine later.
    • send_ias_attestation,
    • send_dcap_quote
  2. Let yourself inspire from send_request:

    worker/cli/src/trusted_operation.rs

    Line 105 in d71d2c5

    fn send_request(
    • but don't send an encrypted trusted operation, send and hex-encoded, unencrypted quote/attestation report
    • the result is not a trusted operation status, but simply an ok/error.
  3. Skip decrypting the rpc-params here, as you receive the quote directly:

    worker/enclave-runtime/src/rpc/worker_api_direct.rs

    Line 252 in b900e2d

    let request =

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Attesteer RPC additions OverOrion/worker
1 participant
@clangenb