TSS attestation endpoint

CHANGELOG.md

@@ -23,6 +23,7 @@ At the moment this project **does not** adhere to
 - Reshare confirmation ([#965](https://github.com/entropyxyz/entropy-core/pull/965))
 - Set inital signers ([#971](https://github.com/entropyxyz/entropy-core/pull/971))
 - Add parent key threshold dynamically ([#974](https://github.com/entropyxyz/entropy-core/pull/974))
+- TSS attestation endpoint ([#1001](https://github.com/entropyxyz/entropy-core/pull/1001)
 
 ### Changed
 - Fix TSS `AccountId` keys in chainspec ([#993](https://github.com/entropyxyz/entropy-core/pull/993))

crates/shared/Cargo.toml

@@ -15,6 +15,7 @@ serde       ={ version="1.0", default-features=false, features=["derive"] }
 serde_derive="1.0.147"
 strum       ="0.26.3"
 strum_macros="0.26.4"
+blake2      ={ version="0.10.4", default-features=false }
 
 sp-runtime ={ version="32.0.0", default-features=false, optional=true, features=["serde"] }
 sp-std     ={ version="12.0.0", default-features=false }

crates/shared/src/types.rs

@@ -14,6 +14,7 @@
 
 #![allow(dead_code)]
 use super::constants::VERIFICATION_KEY_LENGTH;
+use blake2::{Blake2b512, Digest};
 #[cfg(not(feature = "wasm"))]
 use codec::alloc::vec::Vec;
 use codec::{Decode, Encode};
@@ -99,3 +100,22 @@ pub enum HashingAlgorithm {
 
 /// A compressed, serialized [synedrion::ecdsa::VerifyingKey<k256::Secp256k1>]
 pub type EncodedVerifyingKey = [u8; VERIFICATION_KEY_LENGTH as usize];
+
+/// Input data to be included in a TDX attestation
+pub struct QuoteInputData(pub [u8; 64]);
+
+impl QuoteInputData {
+    pub fn new(
+        tss_account_id: [u8; 32],
+        x25519_public_key: X25519PublicKey,
+        nonce: [u8; 32],
+        block_number: u32,
+    ) -> Self {
+        let mut hasher = Blake2b512::new();
+        hasher.update(tss_account_id);
+        hasher.update(x25519_public_key);
+        hasher.update(nonce);
+        hasher.update(block_number.to_be_bytes());
+        Self(hasher.finalize().into())
+    }
+}

crates/threshold-signature-server/Cargo.toml

@@ -70,6 +70,7 @@ sha1             ="0.10.6"
 sha2             ="0.10.8"
 hkdf             ="0.12.4"
 project-root     ={ version="0.2.2", optional=true }
+tdx-quote        ={ git="https://github.com/entropyxyz/tdx-quote", optional=true, features=["mock"] }
 
 [dev-dependencies]
 serial_test ="3.1.1"
@@ -83,6 +84,7 @@ ethers-core ="2.0.14"
 schnorrkel  ={ version="0.11.4", default-features=false, features=["std"] }
 schemars    ={ version="0.8.21" }
 subxt-signer="0.35.3"
+tdx-quote   ={ git="https://github.com/entropyxyz/tdx-quote", features=["mock"] }
 
 # Note: We don't specify versions here because otherwise we run into a cyclical dependency between
 # `entropy-tss` and `entropy-testing-utils` when we try and publish the `entropy-tss` crate.
@@ -102,7 +104,7 @@ vergen={ version="8.3.2", features=["build", "git", "gitcl"] }
 default     =['std']
 std         =["sp-core/std"]
 test_helpers=["dep:project-root"]
-unsafe      =[]
+unsafe      =["dep:tdx-quote"]
 alice       =[]
 bob         =[]
 # Enable this feature to run the integration tests for the wasm API of entropy-protocol

crates/threshold-signature-server/src/lib.rs

@@ -155,7 +155,7 @@ use crate::{
     r#unsafe::api::{delete, put, remove_keys, unsafe_get},
     signing_client::{api::*, ListenerState},
     user::api::*,
-    validator::api::new_reshare,
+    validator::api::{attest, new_reshare},
 };
 
 #[derive(Clone)]
@@ -178,6 +178,7 @@ pub fn app(app_state: AppState) -> Router {
         .route("/user/sign_tx", post(sign_tx))
         .route("/signer/proactive_refresh", post(proactive_refresh))
         .route("/validator/reshare", post(new_reshare))
+        .route("/attest", post(attest))
         .route("/healthz", get(healthz))
         .route("/version", get(get_version))
         .route("/hashes", get(hashes))

crates/threshold-signature-server/src/validator/api.rs

@@ -360,3 +360,47 @@ pub async fn prune_old_holders(
         validators_info.clone()
     })
 }
+
+#[cfg(not(any(test, feature = "unsafe")))]
+pub async fn attest(
+    State(_app_state): State<AppState>,
+    _input: Bytes,
+) -> Result<StatusCode, ValidatorErr> {
+    // Non-mock attestation (the real thing) will go here
+    Err(ValidatorErr::NotImplemented)
+}
+
+#[cfg(any(test, feature = "unsafe"))]
+pub async fn attest(
+    State(app_state): State<AppState>,
+    input: Bytes,
+) -> Result<(StatusCode, Bytes), ValidatorErr> {
+    // TODO #982 confirm with the chain that an attestation should be happenning
+    let nonce = input[..].try_into()?;
+
+    let rpc = get_rpc(&app_state.configuration.endpoint).await?;
+
+    let block_number = rpc
+        .chain_get_header(None)
+        .await?
+        .ok_or_else(|| ValidatorErr::OptionUnwrapError("Failed to get block number".to_string()))?
+        .number;
+
+    // In the real thing this is the hardware key used in the quoting enclave
+    let signing_key = tdx_quote::SigningKey::random(&mut OsRng);
+
+    let (signer, x25519_secret) = get_signer_and_x25519_secret(&app_state.kv_store).await?;
+    let public_key = x25519_dalek::PublicKey::from(&x25519_secret);
+
+    let input_data = entropy_shared::QuoteInputData::new(
+        signer.signer().public().into(),
+        *public_key.as_bytes(),
+        nonce,
+        block_number,
+    );
+
+    let quote = tdx_quote::Quote::mock(signing_key.clone(), input_data.0);
+    // Here we would submit an attest extrinsic to the chain - but for now we just include it in the
+    // response
+    Ok((StatusCode::OK, Bytes::from(quote.as_bytes().to_vec())))
+}

crates/threshold-signature-server/src/validator/errors.rs

@@ -13,7 +13,7 @@
 // You should have received a copy of the GNU Affero General Public License
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-use std::string::FromUtf8Error;
+use std::{array::TryFromSliceError, string::FromUtf8Error};
 
 use crate::signing_client::ProtocolErr;
 use axum::{
@@ -93,6 +93,10 @@ pub enum ValidatorErr {
     InvalidData,
     #[error("Data is repeated")]
     RepeatedData,
+    #[error("Not yet implemented")]
+    NotImplemented,
+    #[error("Input must be 32 bytes: {0}")]
+    TryFromSlice(#[from] TryFromSliceError),
 }
 
 impl IntoResponse for ValidatorErr {

crates/threshold-signature-server/src/validator/tests.rs

@@ -255,3 +255,25 @@ async fn test_forbidden_keys() {
     let should_pass = check_forbidden_key("test");
     assert_eq!(should_pass.unwrap(), ());
 }
+
+#[tokio::test]
+#[serial]
+async fn test_attest() {
+    initialize_test_logger().await;
+    clean_tests();
+
+    let _cxt = test_node_process_testing_state(false).await;
+    let (_validator_ips, _validator_ids) = spawn_testing_validators(false).await;
+
+    let client = reqwest::Client::new();
+    let res = client
+        .post(format!("http://127.0.0.1:3001/attest"))
+        .body([0; 32].to_vec())
+        .send()
+        .await
+        .unwrap();
+    assert_eq!(res.status(), 200);
+    let quote = res.bytes().await.unwrap();
+    // This verifies the signature in the quote
+    tdx_quote::Quote::from_bytes(&quote).unwrap();
+}

deny.toml

@@ -39,6 +39,7 @@ exceptions=[
   { allow=["AGPL-3.0"], name="entropy-programs-core" },
   { allow=["AGPL-3.0"], name="entropy-programs-runtime" },
   { allow=["AGPL-3.0"], name="synedrion" },
+  { allow=["AGPL-3.0"], name="tdx-quote" },
 
   # These are the only crates using these licenses, put them here instead of globally allowing
   # them