Attesteer RPC additions

cli/src/attesteer/commands/mod.rs

@@ -0,0 +1,23 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+mod send_dcap_quote;
+mod send_ias_attestation;
+
+pub use self::{
+	send_dcap_quote::SendDCAPQuoteCmd, send_ias_attestation::SendIASAttestationReportCmd,
+};

cli/src/attesteer/commands/send_dcap_quote.rs

@@ -0,0 +1,62 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use crate::{command_utils::get_worker_api_direct, Cli};
+use itc_rpc_client::direct_client::DirectApi;
+use itp_rpc::{RpcRequest, RpcResponse, RpcReturnValue};
+use itp_types::DirectRequestStatus;
+use itp_utils::FromHexPrefixed;
+use log::*;
+use std::fs::read_to_string;
+
+/// Forward DCAP quote for verification.
+#[derive(Debug, Clone, Parser)]
+pub struct SendDCAPQuoteCmd {
+	/// Hex encoded DCAP quote filename.
+	quote: String,
+}
+
+impl SendDCAPQuoteCmd {
+	pub fn run(&self, cli: &Cli) {
+		let direct_api = get_worker_api_direct(cli);
+		let hex_encoded_quote = read_to_string(&self.quote)
+			.map_err(|e| error!("Opening hex encoded DCAP quote file failed: {:#?}", e))
+			.unwrap();
+
+		let rpc_method = "attesteer_callForwardDCAPQuote".to_owned();
+		let jsonrpc_call: String =
+			RpcRequest::compose_jsonrpc_call(rpc_method, vec![hex_encoded_quote]).unwrap();
+
+		let rpc_response_str = direct_api.get(&jsonrpc_call).unwrap();
+
+		// Decode RPC response.
+		let rpc_response: RpcResponse = serde_json::from_str(&rpc_response_str).ok().unwrap();
+		let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|e| {
+				error!("Failed to decode RpcReturnValue: {:?}", e);
+				e
+			})
+			.ok()
+			.unwrap();
+
+		match rpc_return_value.status {
+			DirectRequestStatus::Ok => println!("DCAP quote verification succeded."),
+			_ => error!("DCAP quote verification failed"),
+		}
+	}
+}

cli/src/attesteer/commands/send_ias_attestation.rs

@@ -0,0 +1,65 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use itc_rpc_client::direct_client::DirectApi;
+use itp_rpc::{RpcRequest, RpcResponse, RpcReturnValue};
+use itp_types::DirectRequestStatus;
+use itp_utils::FromHexPrefixed;
+use log::error;
+use std::fs::read_to_string;
+
+use crate::{command_utils::get_worker_api_direct, Cli};
+
+/// Forward IAS attestation report for verification.
+#[derive(Debug, Clone, Parser)]
+pub struct SendIASAttestationReportCmd {
+	/// Hex encoded IAS attestation report filename.
+	report: String,
+}
+
+impl SendIASAttestationReportCmd {
+	pub fn run(&self, cli: &Cli) {
+		let direct_api = get_worker_api_direct(cli);
+		let hex_encoded_report = read_to_string(&self.report)
+			.map_err(|e| error!("Opening hex encoded IAS attestation report file failed: {:#?}", e))
+			.unwrap();
+
+		//let request = Request { shard, cyphertext: hex_encoded_quote.to_vec() };
+
+		let rpc_method = "attesteer_callForwardIASAttestationReport".to_owned();
+		let jsonrpc_call: String =
+			RpcRequest::compose_jsonrpc_call(rpc_method, vec![hex_encoded_report]).unwrap();
+
+		let rpc_response_str = direct_api.get(&jsonrpc_call).unwrap();
+
+		// Decode RPC response.
+		let rpc_response: RpcResponse = serde_json::from_str(&rpc_response_str).ok().unwrap();
+		let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
+			// Replace with `inspect_err` once it's stable.
+			.map_err(|e| {
+				error!("Failed to decode RpcReturnValue: {:?}", e);
+				e
+			})
+			.ok()
+			.unwrap();
+
+		match rpc_return_value.status {
+			DirectRequestStatus::Ok => println!("IAS attestation report verification succeded."),
+			_ => error!("IAS attestation report verification failed"),
+		}
+	}
+}

cli/src/attesteer/mod.rs

@@ -0,0 +1,41 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+use crate::Cli;
+
+use self::commands::{SendDCAPQuoteCmd, SendIASAttestationReportCmd};
+
+mod commands;
+
+/// Attesteer subcommands for the CLI.
+#[derive(Debug, clap::Subcommand)]
+pub enum AttesteerCommand {
+	/// Forward DCAP quote for verification.
+	SendDCAPQuote(SendDCAPQuoteCmd),
+
+	/// Forward IAS attestation report for verification.
+	SendIASAttestationReport(SendIASAttestationReportCmd),
+}
+
+impl AttesteerCommand {
+	pub fn run(&self, cli: &Cli) {
+		match self {
+			AttesteerCommand::SendDCAPQuote(cmd) => cmd.run(cli),
+			AttesteerCommand::SendIASAttestationReport(cmd) => cmd.run(cli),
+		}
+	}
+}

cli/src/commands.rs

@@ -22,6 +22,8 @@ use clap::Subcommand;
 #[cfg(feature = "teeracle")]
 use crate::oracle::OracleCommand;
 
+use crate::attesteer::AttesteerCommand;
+
 #[derive(Subcommand)]
 pub enum Commands {
 	#[clap(flatten)]
@@ -35,6 +37,10 @@ pub enum Commands {
 	#[cfg(feature = "teeracle")]
 	#[clap(subcommand)]
 	Oracle(OracleCommand),
+
+	/// Subcommand for the attesteer.
+	#[clap(subcommand)]
+	Attesteer(AttesteerCommand),
 }
 
 pub fn match_command(cli: &Cli) {
@@ -43,5 +49,6 @@ pub fn match_command(cli: &Cli) {
 		Commands::Trusted(trusted_cli) => trusted_cli.run(cli),
 		#[cfg(feature = "teeracle")]
 		Commands::Oracle(cmd) => cmd.run(cli),
+		Commands::Attesteer(cmd) => cmd.run(cli),
 	};
 }

cli/src/main.rs

@@ -27,6 +27,7 @@ extern crate chrono;
 extern crate env_logger;
 extern crate log;
 
+mod attesteer;
 mod base_cli;
 mod benchmark;
 mod command_utils;

enclave-runtime/src/attestation.rs

@@ -177,17 +177,7 @@ pub fn generate_dcap_ra_extrinsic_internal(
 		skip_ra,
 	)?;
 
-	let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?;
-	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
-
-	let call_ids = node_metadata_repo
-		.get_from_metadata(|m| m.register_dcap_enclave_call_indexes())?
-		.map_err(MetadataProviderError::MetadataError)?;
-	info!("    [Enclave] Compose register enclave call DCAP IDs: {:?}", call_ids);
-	let call = OpaqueCall::from_tuple(&(call_ids, dcap_quote, url));
-
-	let extrinsic = extrinsics_factory.create_extrinsics(&[call], None)?;
-	Ok(extrinsic[0].clone())
+	generate_dcap_ra_extrinsic_from_quote_internal(url, &dcap_quote)
 }
 
 #[no_mangle]
@@ -270,7 +260,6 @@ pub fn generate_dcap_ra_extrinsic_from_quote_internal(
 	url: String,
 	quote: &[u8],
 ) -> EnclaveResult<OpaqueExtrinsic> {
-	let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?;
 	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
 	info!("    [Enclave] Compose register enclave getting callIDs:");
 
@@ -280,28 +269,38 @@ pub fn generate_dcap_ra_extrinsic_from_quote_internal(
 	info!("    [Enclave] Compose register enclave call DCAP IDs: {:?}", call_ids);
 	let call = OpaqueCall::from_tuple(&(call_ids, quote, url));
 
-	let extrinsic = extrinsics_factory.create_extrinsics(&[call], None)?;
 	info!("    [Enclave] Compose register enclave got extrinsic, returning");
-	Ok(extrinsic[0].clone())
+	create_extrinsics(call)
 }
 
 fn generate_ias_ra_extrinsic_internal(
 	url: String,
 	skip_ra: bool,
 ) -> EnclaveResult<OpaqueExtrinsic> {
 	let attestation_handler = GLOBAL_ATTESTATION_HANDLER_COMPONENT.get()?;
-	let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?;
-	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
-
 	let cert_der = attestation_handler.generate_ias_ra_cert(skip_ra)?;
 
+	generate_ias_ra_extrinsic_from_der_cert_internal(url, &cert_der)
+}
+
+pub fn generate_ias_ra_extrinsic_from_der_cert_internal(
+	url: String,
+	cert_der: &[u8],
+) -> EnclaveResult<OpaqueExtrinsic> {
+	let node_metadata_repo = get_node_metadata_repository_from_solo_or_parachain()?;
+
 	info!("    [Enclave] Compose register enclave call");
 	let call_ids = node_metadata_repo
 		.get_from_metadata(|m| m.register_ias_enclave_call_indexes())?
 		.map_err(MetadataProviderError::MetadataError)?;
 
 	let call = OpaqueCall::from_tuple(&(call_ids, cert_der, url));
 
+	create_extrinsics(call)
+}
+
+fn create_extrinsics(call: OpaqueCall) -> EnclaveResult<OpaqueExtrinsic> {
+	let extrinsics_factory = get_extrinsic_factory_from_solo_or_parachain()?;
 	let extrinsics = extrinsics_factory.create_extrinsics(&[call], None)?;
 
 	Ok(extrinsics[0].clone())

enclave-runtime/src/rpc/worker_api_direct.rs

@@ -15,6 +15,10 @@
 
 */
 
+use crate::attestation::{
+	generate_dcap_ra_extrinsic_from_quote_internal,
+	generate_ias_ra_extrinsic_from_der_cert_internal,
+};
 use codec::Encode;
 use core::result::Result;
 use ita_sgx_runtime::Runtime;
@@ -28,6 +32,7 @@ use itp_utils::{FromHexPrefixed, ToHexPrefixed};
 use its_primitives::types::block::SignedBlock;
 use its_sidechain::rpc_handler::{direct_top_pool_api, import_block_api};
 use jsonrpc_core::{serde_json::json, IoHandler, Params, Value};
+use sp_runtime::OpaqueExtrinsic;
 use std::{borrow::ToOwned, format, str, string::String, sync::Arc, vec::Vec};
 
 fn compute_hex_encoded_return_error(error_msg: &str) -> String {
@@ -143,6 +148,39 @@ where
 		Ok(json!(json_value))
 	});
 
+	// attesteer_forward_dcap_quote
+	let attesteer_forward_dcap_quote: &str = "attesteer_callForwardDCAPQuote";
+	io.add_sync_method(attesteer_forward_dcap_quote, move |params: Params| {
+		let json_value = match forward_dcap_quote_inner(params) {
+			Ok(val) => RpcReturnValue {
+				do_watch: false,
+				value: val.encode(),
+				status: DirectRequestStatus::Ok,
+			}
+			.to_hex(),
+			Err(error) => compute_hex_encoded_return_error(error.as_str()),
+		};
+
+		Ok(json!(json_value))
+	});
+
+	// attesteer_forward_ias_attestation_report
+	let attesteer_forward_ias_attestation_report: &str =
+		"attesteer_callForwardIASAttestationReport";
+	io.add_sync_method(attesteer_forward_ias_attestation_report, move |params: Params| {
+		let json_value = match attesteer_forward_ias_attestation_report_inner(params) {
+			Ok(val) => RpcReturnValue {
+				do_watch: false,
+				value: val.encode(),
+				status: DirectRequestStatus::Ok,
+			}
+			.to_hex(),
+			Err(error) => compute_hex_encoded_return_error(error.as_str()),
+		};
+
+		Ok(json!(json_value))
+	});
+
 	// system_health
 	let state_health_name: &str = "system_health";
 	io.add_sync_method(state_health_name, |_: Params| {
@@ -192,6 +230,38 @@ fn execute_getter_inner<G: ExecuteGetter>(
 	Ok(getter_result)
 }
 
+fn forward_dcap_quote_inner(params: Params) -> Result<OpaqueExtrinsic, String> {
+	let hex_encoded_params = params.parse::<Vec<String>>().map_err(|e| format!("{:?}", e))?;
+
+	let request =
+		Request::from_hex(&hex_encoded_params[0].clone()).map_err(|e| format!("{:?}", e))?;
+
+	let encoded_quote_to_forward: Vec<u8> = request.cyphertext;
+
+	let url = String::new();
+	let ext = generate_dcap_ra_extrinsic_from_quote_internal(url, &encoded_quote_to_forward)
+		.map_err(|e| format!("{:?}", e))?;
+
+	Ok(ext)
+}
+
+fn attesteer_forward_ias_attestation_report_inner(
+	params: Params,
+) -> Result<OpaqueExtrinsic, String> {
+	let hex_encoded_params = params.parse::<Vec<String>>().map_err(|e| format!("{:?}", e))?;
+
+	let request =
+		Request::from_hex(&hex_encoded_params[0].clone()).map_err(|e| format!("{:?}", e))?;
+
+	let ias_attestation_report: Vec<u8> = request.cyphertext;
+
+	let url = String::new();
+	let ext = generate_ias_ra_extrinsic_from_der_cert_internal(url, &ias_attestation_report)
+		.map_err(|e| format!("{:?}", e))?;
+
+	Ok(ext)
+}
+
 pub fn sidechain_io_handler<ImportFn, Error>(import_fn: ImportFn) -> IoHandler
 where
 	ImportFn: Fn(SignedBlock) -> Result<(), Error> + Sync + Send + 'static,