Skip to content

Commit

Permalink
feat: tsukino => proper pem export of pubkey
Browse files Browse the repository at this point in the history
  • Loading branch information
maceip committed Oct 18, 2024
1 parent 0c9767a commit 8930529
Show file tree
Hide file tree
Showing 2 changed files with 39 additions and 10 deletions.
15 changes: 13 additions & 2 deletions crates/notary/server/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,15 @@ version = "0.1.0-alpha.7"
edition = "2021"

[features]
tee_quote = ["dep:mc-sgx-dcap-types", "dep:hex", "dep:rand_chacha", "dep:once_cell"]
tee_quote = [
"dep:mc-sgx-dcap-types",
"dep:hex",
"dep:rand_chacha",
"dep:once_cell",
"dep:simple_asn1",
"dep:pem",
"dep:lazy_static",
]

[dependencies]
tlsn-core = { workspace = true }
Expand Down Expand Up @@ -57,4 +65,7 @@ zeroize = { workspace = true }
mc-sgx-dcap-types = { version = "0.11.0", optional = true }
hex = { workspace = true, optional = true }
rand_chacha = { workspace = true, optional = true }
once_cell = { workspace = true, optional =true }
once_cell = { workspace = true, optional =true }
simple_asn1 = {version = "0.6.2", optional = true }
pem = { version = "1.1.0", optional = true }
lazy_static = { version = "1.4", optional = true }
34 changes: 26 additions & 8 deletions crates/notary/server/src/tee.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
use base64::{engine::general_purpose::STANDARD, Engine};
use mc_sgx_dcap_types::{QlError, Quote3};
use once_cell::sync::OnceCell;
use serde::{Deserialize, Serialize};
Expand All @@ -18,6 +17,11 @@ use std::{
};
use tracing::{debug, error, instrument};

lazy_static::lazy_static! {
static ref SECP256K1_OID: simple_asn1::OID = simple_asn1::oid!(1, 3, 132, 0, 10);
static ref ECDSA_OID: simple_asn1::OID = simple_asn1::oid!(1, 2, 840, 10045, 2, 1);
}

#[derive(Debug, Clone, Serialize, Deserialize)]

Check warning on line 25 in crates/notary/server/src/tee.rs

View check run for this annotation

Codecov / codecov/patch

crates/notary/server/src/tee.rs#L25

Added line #L25 was not covered by tests
#[serde(rename_all = "camelCase")]
pub struct Quote {
Expand Down Expand Up @@ -68,6 +72,25 @@ impl From<QlError> for QuoteError {

static PUBLIC_KEY: OnceCell<PublicKey> = OnceCell::new();

fn pem_der_encode_with_asn1(public_point: &[u8]) -> String {

Check warning on line 75 in crates/notary/server/src/tee.rs

View check run for this annotation

Codecov / codecov/patch

crates/notary/server/src/tee.rs#L75

Added line #L75 was not covered by tests
use simple_asn1::*;

let ecdsa_oid = ASN1Block::ObjectIdentifier(0, ECDSA_OID.clone());
let secp256k1_oid = ASN1Block::ObjectIdentifier(0, SECP256K1_OID.clone());
let alg_id = ASN1Block::Sequence(0, vec![ecdsa_oid, secp256k1_oid]);
let key_bytes = ASN1Block::BitString(0, public_point.len() * 8, public_point.to_vec());

let blocks = vec![alg_id, key_bytes];

let der_out = simple_asn1::to_der(&ASN1Block::Sequence(0, blocks))
.expect("Failed to encode ECDSA private key as DER");

pem::encode(&pem::Pem {
tag: "PUBLIC KEY".to_string(),
contents: der_out,
})
}

Check warning on line 92 in crates/notary/server/src/tee.rs

View check run for this annotation

Codecov / codecov/patch

crates/notary/server/src/tee.rs#L78-L92

Added lines #L78 - L92 were not covered by tests

#[instrument(level = "debug", skip_all)]

Check warning on line 94 in crates/notary/server/src/tee.rs

View check run for this annotation

Codecov / codecov/patch

crates/notary/server/src/tee.rs#L94

Added line #L94 was not covered by tests
async fn gramine_quote() -> Result<Quote, QuoteError> {
//// Check if the the gramine pseudo-hardware exists
Expand Down Expand Up @@ -131,16 +154,11 @@ pub fn ephemeral_keypair() -> (AttestationKey, String) {
.verifying_key()
.to_encoded_point(true)
.to_bytes();
let b64k = STANDARD.encode(derk.as_ref());
let pem = format!(
"-----BEGIN PUBLIC KEY-----\n{}\n-----END PUBLIC KEY-----\n",
b64k
);

let pem_spki_pub = pem_der_encode_with_asn1(&derk);
let _ = PUBLIC_KEY
.set(*signing_key.verifying_key())
.map_err(|_| "Public key has already been set");
(attkey, pem)
(attkey, pem_spki_pub)
}

Check warning on line 162 in crates/notary/server/src/tee.rs

View check run for this annotation

Codecov / codecov/patch

crates/notary/server/src/tee.rs#L145-L162

Added lines #L145 - L162 were not covered by tests

pub async fn quote() -> Quote {
Expand Down

0 comments on commit 8930529

Please sign in to comment.