Check build-time measurement (MRTD) values when verifying TDX quotes (#…

…1024) * Check MRTD value * Comment * Add accepted MRTD values parameter to parameters pallet * Use parameter from parameters pallet * Rm constant from entropy-shared * Add accepted MRTD values parameters to chainspec * Clippy * Use vec from sp_std * Rm unused dependency * Import vec, update staking pallet mock * Update mock for registry pallet * Update mock for attestation pallet * Add accepted MRTD values parameters to testnet chainspec * Import BoundedVec * Update weights and rename benchmark to match extrinsic * Suggestion from review * Update weights * Update weights
entropyxyz · Aug 30, 2024 · 519440e · 519440e
1 parent b5cd90a
commit 519440e
Show file tree

Hide file tree

Showing 13 changed files with 238 additions and 127 deletions.
diff --git a/node/cli/src/chain_spec/dev.rs b/node/cli/src/chain_spec/dev.rs
@@ -308,6 +308,10 @@ pub fn development_genesis_config(
             max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM,
             total_signers: TOTAL_SIGNERS,
             threshold: SIGNER_THRESHOLD,
+            accepted_mrtd_values: vec![
+                BoundedVec::try_from([0; 48].to_vec()).unwrap(),
+                BoundedVec::try_from([1; 48].to_vec()).unwrap(),
+            ],
             ..Default::default()
         },
         "programs": ProgramsConfig {

diff --git a/node/cli/src/chain_spec/integration_tests.rs b/node/cli/src/chain_spec/integration_tests.rs
@@ -247,6 +247,10 @@ pub fn integration_tests_genesis_config(
             max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM,
             total_signers: TOTAL_SIGNERS,
             threshold: SIGNER_THRESHOLD,
+            accepted_mrtd_values: vec![
+                BoundedVec::try_from([0; 48].to_vec()).unwrap(),
+                BoundedVec::try_from([1; 48].to_vec()).unwrap(),
+            ],
             ..Default::default()
         },
         "programs": ProgramsConfig {

diff --git a/node/cli/src/chain_spec/testnet.rs b/node/cli/src/chain_spec/testnet.rs
@@ -37,7 +37,7 @@ use sc_telemetry::TelemetryEndpoints;
 use sp_authority_discovery::AuthorityId as AuthorityDiscoveryId;
 use sp_consensus_babe::AuthorityId as BabeId;
 use sp_core::{crypto::UncheckedInto, sr25519};
-use sp_runtime::Perbill;
+use sp_runtime::{BoundedVec, Perbill};
 
 /// The AccountID of a Threshold Signature server. This is to meant to be registered on-chain.
 type TssAccountId = sp_runtime::AccountId32;
@@ -446,6 +446,10 @@ pub fn testnet_genesis_config(
             max_instructions_per_programs: INITIAL_MAX_INSTRUCTIONS_PER_PROGRAM,
             total_signers: TOTAL_SIGNERS,
             threshold: SIGNER_THRESHOLD,
+            accepted_mrtd_values: vec![
+                BoundedVec::try_from([0; 48].to_vec()).unwrap(),
+                BoundedVec::try_from([1; 48].to_vec()).unwrap(),
+            ],
             ..Default::default()
         },
         "programs": ProgramsConfig {

diff --git a/pallets/attestation/Cargo.toml b/pallets/attestation/Cargo.toml
@@ -22,6 +22,7 @@ frame-benchmarking={ version="29.0.0", default-features=false, optional=true }
 sp-std            ={ version="14.0.0", default-features=false }
 pallet-session    ={ version="29.0.0", default-features=false, optional=true }
 
+pallet-parameters={ version="0.2.0", path="../parameters", default-features=false }
 entropy-shared={ version="0.2.0", path="../../crates/shared", features=[
   "wasm-no-std",
 ], default-features=false }
@@ -37,7 +38,6 @@ pallet-timestamp               ={ version="28.0.0", default-features=false }
 sp-npos-elections              ={ version="27.0.0", default-features=false }
 frame-election-provider-support={ version="29.0.0", default-features=false }
 pallet-staking-reward-curve    ={ version="11.0.0" }
-pallet-parameters              ={ version="0.2.0", path="../parameters", default-features=false }
 tdx-quote                      ={ git="https://github.com/entropyxyz/tdx-quote", features=["mock"] }
 rand_core                      ="0.6.4"
 
@@ -51,6 +51,7 @@ std=[
   'log/std',
   'pallet-staking-extension/std',
   'pallet-balances/std',
+  'pallet-parameters/std',
   'sp-io/std',
   "sp-runtime/std",
 ]

diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs
@@ -121,6 +121,8 @@ pub mod pallet {
         NoStashAccount,
         /// Cannot lookup associated TS server info
         NoServerInfo,
+        /// Unacceptable VM image running
+        BadMrtdValue,
     }
 
     #[pallet::call]
@@ -167,8 +169,11 @@ pub mod pallet {
                 Error::<T>::IncorrectInputData
             );
 
-            // TODO #982 Check measurements match current release of entropy-tss
-            let _mrtd = quote.mrtd();
+            // Check build-time measurement matches a current-supported release of entropy-tss
+            let mrtd_value = BoundedVec::try_from(quote.mrtd().to_vec())
+                .map_err(|_| Error::<T>::BadMrtdValue)?;
+            let accepted_mrtd_values = pallet_parameters::Pallet::<T>::accepted_mrtd_values();
+            ensure!(accepted_mrtd_values.contains(&mrtd_value), Error::<T>::BadMrtdValue);
 
             // TODO #982 Check that the attestation public key matches that from PCK certificate
             let _attestation_key = quote.attestation_key;

diff --git a/pallets/attestation/src/mock.rs b/pallets/attestation/src/mock.rs
@@ -29,7 +29,7 @@ use sp_runtime::{
     curve::PiecewiseLinear,
     testing::{TestXt, UintAuthorityId},
     traits::{BlakeTwo256, ConvertInto, IdentityLookup},
-    BuildStorage, Perbill,
+    BoundedVec, BuildStorage, Perbill,
 };
 use sp_staking::{EraIndex, SessionIndex};
 use std::cell::RefCell;
@@ -352,5 +352,16 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
     };
     pallet_staking_extension.assimilate_storage(&mut t).unwrap();
 
+    let pallet_parameters = pallet_parameters::GenesisConfig::<Test> {
+        request_limit: 5u32,
+        max_instructions_per_programs: 5u64,
+        total_signers: 3u8,
+        threshold: 2u8,
+        accepted_mrtd_values: vec![BoundedVec::try_from([0; 48].to_vec()).unwrap()],
+        _config: Default::default(),
+    };
+
+    pallet_parameters.assimilate_storage(&mut t).unwrap();
+
     t.into()
 }
diff --git a/pallets/parameters/src/benchmarking.rs b/pallets/parameters/src/benchmarking.rs
@@ -16,6 +16,7 @@
 use frame_benchmarking::benchmarks;
 use frame_support::assert_ok;
 use frame_system::EventRecord;
+use sp_std::vec;
 
 use super::*;
 #[allow(unused)]
@@ -65,6 +66,17 @@ benchmarks! {
     assert_last_event::<T>(Event::SignerInfoChanged{ signer_info }.into());
   }
 
+  change_accepted_mrtd_values {
+    let origin = T::UpdateOrigin::try_successful_origin().unwrap();
+    let accepted_mrtd_values = vec![BoundedVec::try_from([0; 48].to_vec()).unwrap()];
+  }: {
+    assert_ok!(
+      <Parameters<T>>::change_accepted_mrtd_values(origin, accepted_mrtd_values.clone())
+    );
+  }
+  verify {
+    assert_last_event::<T>(Event::AcceptedMrtdValuesChanged{ accepted_mrtd_values }.into());
+  }
 
   impl_benchmark_test_suite!(Parameters, crate::mock::new_test_ext(), crate::mock::Runtime);
 }
diff --git a/pallets/parameters/src/lib.rs b/pallets/parameters/src/lib.rs
@@ -13,7 +13,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-//! # Programs Parameters
+//! # Parameters Pallet
 //!
 //! ## Overview
 //!
@@ -37,6 +37,7 @@ use entropy_shared::MAX_SIGNERS;
 use frame_support::pallet_prelude::*;
 use frame_system::pallet_prelude::*;
 use sp_runtime::DispatchResult;
+use sp_std::vec::Vec;
 
 #[cfg(test)]
 mod mock;
@@ -67,13 +68,16 @@ pub mod module {
         type WeightInfo: WeightInfo;
     }
 
+    pub type MrtdValues = Vec<BoundedVec<u8, ConstU32<48>>>;
+
     #[pallet::genesis_config]
     #[derive(frame_support::DefaultNoBound)]
     pub struct GenesisConfig<T: Config> {
         pub request_limit: u32,
         pub max_instructions_per_programs: u64,
         pub threshold: u8,
         pub total_signers: u8,
+        pub accepted_mrtd_values: MrtdValues,
         #[serde(skip)]
         pub _config: sp_std::marker::PhantomData<T>,
     }
@@ -83,6 +87,10 @@ pub mod module {
         fn build(&self) {
             assert!(self.threshold > 0, "Threhsold too low");
             assert!(self.total_signers >= self.threshold, "Threshold is larger then signer");
+            assert!(
+                !self.accepted_mrtd_values.is_empty(),
+                "At least one accepted MRTD value is required"
+            );
             RequestLimit::<T>::put(self.request_limit);
             MaxInstructionsPerPrograms::<T>::put(self.max_instructions_per_programs);
             let signer_info = SignersSize {
@@ -91,6 +99,7 @@ pub mod module {
                 last_session_change: 0,
             };
             SignersInfo::<T>::put(signer_info);
+            AcceptedMrtdValues::<T>::put(self.accepted_mrtd_values.clone());
         }
     }
 
@@ -128,6 +137,8 @@ pub mod module {
         MaxInstructionsPerProgramsChanged { max_instructions_per_programs: u64 },
         /// Signer Info changed
         SignerInfoChanged { signer_info: SignersSize },
+        /// Accepted MRTD values changed
+        AcceptedMrtdValuesChanged { accepted_mrtd_values: MrtdValues },
     }
 
     /// The request limit a user can ask to a specific set of TSS in a block
@@ -145,6 +156,12 @@ pub mod module {
     #[pallet::getter(fn signers_info)]
     pub type SignersInfo<T: Config> = StorageValue<_, SignersSize, ValueQuery>;
 
+    /// Accepted values of the TDX build-time measurement register - from the currently-supported
+    /// releases of entropy-tss
+    #[pallet::storage]
+    #[pallet::getter(fn accepted_mrtd_values)]
+    pub type AcceptedMrtdValues<T: Config> = StorageValue<_, MrtdValues, ValueQuery>;
+
     #[pallet::pallet]
     #[pallet::without_storage_info]
     pub struct Pallet<T>(_);
@@ -205,5 +222,17 @@ pub mod module {
             Self::deposit_event(Event::SignerInfoChanged { signer_info });
             Ok(())
         }
+
+        #[pallet::call_index(3)]
+        #[pallet::weight( <T as Config>::WeightInfo::change_accepted_mrtd_values())]
+        pub fn change_accepted_mrtd_values(
+            origin: OriginFor<T>,
+            accepted_mrtd_values: MrtdValues,
+        ) -> DispatchResult {
+            T::UpdateOrigin::ensure_origin(origin)?;
+            AcceptedMrtdValues::<T>::put(&accepted_mrtd_values);
+            Self::deposit_event(Event::AcceptedMrtdValuesChanged { accepted_mrtd_values });
+            Ok(())
+        }
     }
 }
diff --git a/pallets/parameters/src/mock.rs b/pallets/parameters/src/mock.rs
@@ -138,6 +138,7 @@ pub fn new_test_ext() -> sp_io::TestExternalities {
         max_instructions_per_programs: 5u64,
         total_signers: 5u8,
         threshold: 3u8,
+        accepted_mrtd_values: vec![BoundedVec::try_from([0; 48].to_vec()).unwrap()],
         _config: Default::default(),
     };
     pallet_parameters.assimilate_storage(&mut t).unwrap();