Extract PCK certificate chain from quotes #1209
Conversation
runtime/Cargo.toml
Outdated
| @@ -273,3 +273,6 @@ try-runtime=[ | |||
| "pallet-utility/try-runtime", | |||
| "pallet-vesting/try-runtime", | |||
| ] | |||
| # Enables real PCK certificate chain verification - which means TSS nodes much be runnning on TDX | |||
There was a problem hiding this comment.
| # Enables real PCK certificate chain verification - which means TSS nodes much be runnning on TDX | |
| # Enables real PCK certificate chain verification - which means TSS nodes must be runnning on TDX |
Cargo.lock
Outdated
There was a problem hiding this comment.
Did you do a full cargo update here? This seems like a lot of changes
There was a problem hiding this comment.
Yeah that was an accident. I couldn't update the git version tdx-quote with cargo update tdx-quote because some crates were using the git version and others the release version. So i lazily just did cargo update without thinking of the implications. Im not sure whether to revert it or just see if things still work and leave it in if the do.
There was a problem hiding this comment.
In the end i have reverted the lockfile as there was cargo-deny related license issues popping up
Co-authored-by: Hernando Castano <[email protected]>
crates/client/Cargo.toml
Outdated
| entropy-testing-utils={ path="../testing-utils" } | ||
| tdx-quote ={ version="0.0.1", features=["mock"] } | ||
| tdx-quote={ git="https://github.com/entropyxyz/tdx-quote.git", branch="peg/cert-chain-parse", features=[ |
There was a problem hiding this comment.
I'm planning to re-publish this crate if this PR gets approved. Ideally i would also like to fix entropyxyz/tdx-quote#13 and entropyxyz/tdx-quote#11 before publishing.
| /// An error when verifying a quote | ||
| #[cfg(not(feature = "wasm"))] | ||
| #[derive(Eq, PartialEq)] | ||
| pub enum VerifyQuoteError { |
There was a problem hiding this comment.
I added this custom error type because i couldn't figure out how to get the useful information out of a sp_runtime::DispathError without adding a lot of extra code.
| } | ||
|
|
||
| impl<T> From<pck::PckParseVerifyError> for Error<T> { | ||
| fn from(error: pck::PckParseVerifyError) -> Self { | ||
| impl<T> From<VerifyQuoteError> for Error<T> { |
There was a problem hiding this comment.
Maybe its possible to remove the need for this impl by implementing PalletError for VerifyQuoteError, so that we can have a tuple enum variant of pallet::<T>::Error containing it. I would maybe try this in a followup - but i am afraid of going over the maximum encoded size of 4 bytes.
There was a problem hiding this comment.
It seems like it's a compile time check anyways, so yeah would be worth trying
There was a problem hiding this comment.
Nice work, looks good 👍
I'd need to double check the diff with v0.3.0 to be sure, but this probably needs a CHANGELOG entry and a "Bump spec_version" tag.
Which means we can have the attestation pallet be a dependency of the staking extension pallet, and move the AttestationHandler trait from entropy-shared to the attestation pallet.
It would be nice to keep this flexible using associated types, but I'd be curious to see what you have in mind for this first before commenting further.
crates/shared/src/types.rs
Outdated
| ) -> Result<(), sp_runtime::DispatchError> { | ||
| Ok(()) | ||
| ) -> Result<BoundedVecEncodedVerifyingKey, VerifyQuoteError> { | ||
| Ok(sp_runtime::BoundedVec::new()) |
There was a problem hiding this comment.
We may want to specify a size of 33 bytes here in case a caller is assuming a "valid"-ish key back
| impl<T> From<pck::PckParseVerifyError> for Error<T> { | ||
| fn from(error: pck::PckParseVerifyError) -> Self { | ||
| impl<T> From<VerifyQuoteError> for Error<T> { | ||
| fn from(error: VerifyQuoteError) -> Self { |
There was a problem hiding this comment.
Ah, so it was really frustrating trying to debug errors stemming from the quote verification code because they'd all basically be type erased into the pallet error. While this is pretty ugly it is quite useful.
Maybe worth a comment explaining this for future readers.
| } | ||
|
|
||
| impl<T> From<pck::PckParseVerifyError> for Error<T> { | ||
| fn from(error: pck::PckParseVerifyError) -> Self { | ||
| impl<T> From<VerifyQuoteError> for Error<T> { |
There was a problem hiding this comment.
It seems like it's a compile time check anyways, so yeah would be worth trying
ameba23
added
the
Bump `spec_version`
Im still not super clear exactly what kinds of runtime changes mean we need to bump the spec version but i added that label for now as i figured better to have it and not need it than need it and not have it. |
| ) -> Result<(), sp_runtime::DispatchError> { | ||
| Ok(()) | ||
| ) -> Result<BoundedVecEncodedVerifyingKey, VerifyQuoteError> { | ||
| // Ok(sp_runtime::BoundedVec::new()) |
There was a problem hiding this comment.
| // Ok(sp_runtime::BoundedVec::new()) |
| - In ([#1209]()) a `production` feature flag was added to `entropy` which if enabled will use | ||
| non-mock verification of PCK certificate chains in TDX quotes, meaning TSS servers must be running | ||
| on TDX hardware |
There was a problem hiding this comment.
| - In ([#1209]()) a `production` feature flag was added to `entropy` which if enabled will use | |
| non-mock verification of PCK certificate chains in TDX quotes, meaning TSS servers must be running | |
| on TDX hardware |
These sections should just have PR titles.
If anything we could maybe mention it in the Breaking Changes, but nbd. Can always add it later when prepping the release.
I recently figured out the PCK certificate chain is actually included in the quote, encoded as PEM. I have an open PR to tdx-quote which allows getting the certificate chain from a quote, and i have moved the cert chain parsing logic over there: entropyxyz/tdx-quote#12
This means that the extrinsics
validateandchange_threshold_accountsdon't need to take both a quote and a certificate chain - just the quote.My proposal is to change
AttestationHandler::verify_quoteto validate the quote with whatever PCK can be extracted from its certificate chain, and return the PCK upon successful verification - the staking pallet can then store it in theServerInfo.This also adds a
productionfeature flag toentropywhich propagates down topallet-attestation. If present, real PCK cert chain verification will be used (previously we always mocked certificate chain verification). By default it is not used.Closes #1208 by adding a custom error type to the attestation handler trait.
If this gets approved, i think there is maybe some refactoring that could be done as a followup - i'm not totally sure but i don't think the staking extension pallet needs to be a dependency of the attestation pallet anymore. Which means we can have the attestation pallet be a dependency of the staking extension pallet, and move the
AttestationHandlertrait fromentropy-sharedto the attestation pallet.