On chain DCAP verification #134

Niederb · 2023-01-03T09:21:52Z

No description provided.

clangenb

I just realized that I am reviewing the wrong PR. So I halfway now and change to the one from the worker. :D

primitives/teerex/Cargo.toml

primitives/teerex/src/lib.rs

teerex/sgx-verify/Cargo.toml

teerex/sgx-verify/fuzz/Cargo.lock

teerex/sgx-verify/fuzz/fuzz_targets/signature_check.rs

clangenb

Looks very good, at few places I was tempted to check suggest some functional recommendations for rust, as it was fun to do. :D

teerex/sgx-verify/src/collateral.rs

teerex/sgx-verify/src/lib.rs

teerex/sgx-verify/src/netscape_comment.rs

teerex/src/lib.rs

teerex/sgx-verify/src/collateral.rs

OverOrion

Overall a very nice job 💯 , I did the review commit-by-commit, so if a note no longer applies, please comment on it and I will double check!

teerex/ias-verify/src/lib.rs

teerex/src/tests/test_cases.rs

teerex/sgx-verify/src/lib.rs

teerex/sgx-verify/src/tests.rs

teerex/sgx-verify/src/lib.rs

Niederb · 2023-01-19T15:39:40Z

@clangenb @OverOrion I think I addressed all the issues. If I did not reply I either thought that the comment was outdated or that I fixed it in code. Please check if you agree.

clangenb

Thanks for all these meticulous fixes! I am very happy about how this looks!

teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs

OverOrion

Overall LGTM (there is a commented out fuzzing test case), thank you so much for it! 🚀

OverOrion

LGTM, thanks for the note!

* Initial version of on chain verification * Rename from report to quote * Add unit tests for decoding * Implement signature check for TcbInfo and QeIdentity * Cleanup * Documentation * Use size_of from core instead of std * Deserialize EnclaveIdentity * Refactor into smaller methods * Add collateral data and improve tests * Improve test * Work on CRL parsing * Make hex compatible to no_std * Change license just in case... * Cleanup * Cleanup * Cleanup * Add data structures for TcbInfo collateral * Work towards registering the quoting enclave * Work towards registering the tcb info * Adjust weights to polkadot-v0.9.29 * Switch to ring-xous * Improve error handling and logging * Cleanups and documentation * Get rid of dangerous unwrap * Error handling and cleanup * Switch to collateral version v4 * Switch to DateTime instead of String * Move collateral data to separate file * Add more validation logic and tests * Improve collateral handling and work towards registering the quoting enclave * Switch license to GPL-3.0 * Register quoting enclave * Add check for mrenclave * More checks and error-handling * Deserialize more parts of the collateral * Remove unneccessary check * Expand checks for quoting enclave * Add dummy support to register TCB info * Add code to extract certificate information * Rename ias-verify crate to sgx-verify as it verifies dcap as well * Work towards storing TCB info on chain * Store TCB info on chain * Store TCB info on chain * Define fmspc as byte array * Store the correct FMSPC * Verify TCB info * Verify TCB info * Add register_quoting_enclave unittest * Add register_tcb_info unittest * Make the add_and_remove_dcap_enclave_works test work again * Add a check to prevent out of memory issues * Cleanup * Clippy fixes * Deal with potential errors that happen during DER encoding * Separate verification and putting collateral on chain more strictly * Cleanup log messages * Add some fuzz tests * Remove unnecessary pub * Update Cargo.lock after merge and fix clippy issues * Fix clippy issue * Fix test issues * Remove unused code * Move the code for the unfinished CRL handling into a unit test * Make clippy happy * Add comment on how to extract the code for a certificate anchor * Add fuzz test for extract_tcb_info * Cleanup and documentation * Incorporate review feedback * Introduce type alias for mrsigner and mrenclave * Incorporate review feedback * Incorporate review feedback * Incorporate review feedback * Add another fuzz test * Enable std features for std-compilation * Cleanup * Incorporate review feedback * Add clarifying comment (cherry picked from commit 20f7318)

Niederb added 30 commits November 29, 2022 09:53

Initial version of on chain verification

b357766

Rename from report to quote

79ef017

Add unit tests for decoding

c23602d

Implement signature check for TcbInfo and QeIdentity

c92fee2

Cleanup

95b0fa8

Documentation

31a92d4

Use size_of from core instead of std

cb22546

Deserialize EnclaveIdentity

d4ff21e

Refactor into smaller methods

f140785

Add collateral data and improve tests

e978941

Improve test

59ea772

Work on CRL parsing

d8f27f7

Make hex compatible to no_std

3617bdc

Change license just in case...

9e92430

Cleanup

d61f9f7

Cleanup

6855ab2

Cleanup

9f6d7e9

Add data structures for TcbInfo collateral

5f635e7

Work towards registering the quoting enclave

b7f027c

Work towards registering the tcb info

5d213cc

Adjust weights to polkadot-v0.9.29

16bbafc

Switch to ring-xous

d533fb4

Improve error handling and logging

f5d7045

Cleanups and documentation

cac38fe

Get rid of dangerous unwrap

e52877f

Error handling and cleanup

f3f5335

Switch to collateral version v4

aed6aca

Switch to DateTime instead of String

cec768e

Move collateral data to separate file

aebbd8d

Add more validation logic and tests

8ba58ce

Niederb added 2 commits January 11, 2023 15:40

Add comment on how to extract the code for a certificate anchor

6c2c2d7

Add fuzz test for extract_tcb_info

21a18fc

clangenb reviewed Jan 12, 2023

View reviewed changes

Cleanup and documentation

41b91e4

Niederb requested a review from OverOrion January 12, 2023 08:07

clangenb reviewed Jan 13, 2023

View reviewed changes

OverOrion reviewed Jan 16, 2023

View reviewed changes

Niederb added 9 commits January 18, 2023 13:21

Incorporate review feedback

8239373

Introduce type alias for mrsigner and mrenclave

a30d027

Incorporate review feedback

05f6e14

Incorporate review feedback

76bedfb

Incorporate review feedback

771d404

Add another fuzz test

a9e183e

Enable std features for std-compilation

cf736bc

Cleanup

0d0d3d9

Incorporate review feedback

3865a53

Niederb requested review from OverOrion and clangenb January 19, 2023 15:39

clangenb approved these changes Jan 19, 2023

View reviewed changes

OverOrion reviewed Jan 23, 2023

View reviewed changes

teerex/sgx-verify/fuzz/fuzz_targets/decode_quote.rs Show resolved Hide resolved

OverOrion approved these changes Jan 23, 2023

View reviewed changes

Add clarifying comment

5b715ea

OverOrion approved these changes Jan 25, 2023

View reviewed changes

Niederb marked this pull request as ready for review January 26, 2023 06:36

Merge branch 'master' into tn/continue-verification

4151aa5

Niederb self-assigned this Jan 26, 2023

Niederb added the enhancement New feature or request label Jan 26, 2023

clangenb merged commit 20f7318 into master Jan 26, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

On chain DCAP verification #134

On chain DCAP verification #134

Niederb commented Jan 3, 2023

clangenb left a comment

clangenb left a comment

OverOrion left a comment

Niederb commented Jan 19, 2023 •

edited

Loading

clangenb left a comment •

edited

Loading

OverOrion left a comment

OverOrion left a comment

On chain DCAP verification #134

On chain DCAP verification #134

Conversation

Niederb commented Jan 3, 2023

clangenb left a comment

Choose a reason for hiding this comment

clangenb left a comment

Choose a reason for hiding this comment

OverOrion left a comment

Choose a reason for hiding this comment

Niederb commented Jan 19, 2023 • edited Loading

clangenb left a comment • edited Loading

Choose a reason for hiding this comment

OverOrion left a comment

Choose a reason for hiding this comment

OverOrion left a comment

Choose a reason for hiding this comment

Niederb commented Jan 19, 2023 •

edited

Loading

clangenb left a comment •

edited

Loading