From bcea10e9e370260f5258a22e26be7381d3c0419e Mon Sep 17 00:00:00 2001 From: smtmfft Date: Mon, 13 May 2024 03:50:52 +0000 Subject: [PATCH 1/3] chore(protocol): update sgx test & config script Signed-off-by: smtmfft --- packages/protocol/script/SetDcapParams.s.sol | 35 +++++--- .../script/config_dcap_sgx_verifier.sh | 26 +++++- .../AutomataDcapV3AttestationTest.t.sol | 88 ++++++++++++++++++- .../common/AttestationBase.t.sol | 23 +++-- 4 files changed, 147 insertions(+), 25 deletions(-) diff --git a/packages/protocol/script/SetDcapParams.s.sol b/packages/protocol/script/SetDcapParams.s.sol index a3ca6ecedde..9f65aa2eaa1 100644 --- a/packages/protocol/script/SetDcapParams.s.sol +++ b/packages/protocol/script/SetDcapParams.s.sol @@ -11,43 +11,50 @@ contract SetDcapParams is Script, AttestationBase { address public dcapAttestationAddress = vm.envAddress("ATTESTATION_ADDRESS"); address public sgxVerifier = vm.envAddress("SGX_VERIFIER_ADDRESS"); address public pemCertChainLibAddr = vm.envAddress("PEM_CERTCHAIN_ADDRESS"); - // TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote] - bool[] internal defaultTaskFlags = [true, true, true, true, true]; - bool[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags); + // TASK_FLAG: + // [setMrEnclave,setMrSigner,configQE,configTCB,enableMrCheck,registerSgxInstanceWithQuote] + uint256[] internal defaultTaskFlags = [1, 1, 1, 1, 1, 1]; + uint256[] public taskFlags = vm.envOr("TASK_ENABLE", ",", defaultTaskFlags); function run() external { require(ownerPrivateKey != 0, "PRIVATE_KEY not set"); require(dcapAttestationAddress != address(0), "ATTESTATION_ADDRESS not set"); vm.startBroadcast(ownerPrivateKey); - if (taskFlags[0]) { - _setMrEnclave(); + if (taskFlags[0] != 0) { + bool enable = (taskFlags[0] == 1); + _setMrEnclave(enable); } - if (taskFlags[1]) { - _setMrSigner(); + if (taskFlags[1] != 0) { + bool enable = (taskFlags[1] == 1); + _setMrSigner(enable); } - if (taskFlags[2]) { + if (taskFlags[2] != 0) { _configureQeIdentityJson(); } - if (taskFlags[3]) { + if (taskFlags[3] != 0) { _configureTcbInfoJson(); } - if (taskFlags[4]) { + if (taskFlags[4] != 0) { + toggleCheckQuoteValidity(dcapAttestationAddress); + } + if (taskFlags[5] != 0) { _registerSgxInstanceWithQuoteBytes(); } vm.stopBroadcast(); } - function _setMrEnclave() internal { + function _setMrEnclave(bool enable) internal { mrEnclave = vm.envBytes32("MR_ENCLAVE"); - setMrEnclave(dcapAttestationAddress, mrEnclave); + console2.log("_setMrEnclave set: ", uint256(mrEnclave)); + setMrEnclave(dcapAttestationAddress, mrEnclave, enable); console2.log("MR_ENCLAVE set: ", uint256(mrEnclave)); } - function _setMrSigner() internal { + function _setMrSigner(bool enable) internal { mrSigner = vm.envBytes32("MR_SIGNER"); - setMrSigner(dcapAttestationAddress, mrSigner); + setMrSigner(dcapAttestationAddress, mrSigner, enable); console2.log("MR_SIGNER set: ", uint256(mrSigner)); } diff --git a/packages/protocol/script/config_dcap_sgx_verifier.sh b/packages/protocol/script/config_dcap_sgx_verifier.sh index 1869d2df4ce..8d46326358e 100755 --- a/packages/protocol/script/config_dcap_sgx_verifier.sh +++ b/packages/protocol/script/config_dcap_sgx_verifier.sh @@ -7,6 +7,9 @@ usage() { --eq file_path: config qe --mrenclave hex_string: config mrenclave --mrsigner hex_string: config mrsigner + --toggle-mr-check: toggle mrenclave/mrsigner check + --unset-mrenclave hex_string: disable mrenclave + --unset-mrsigner hex_string: disable mrsigner --quote string: register sgx instance with quote" to configure the dcap verifier contract. @@ -49,6 +52,7 @@ config_qe=0 set_mrenclave=0 set_mrsigner=0 verify_quote=0 +toggle_check=0 # helper function for trimming the file path to vm root vm_file_path() { @@ -76,6 +80,26 @@ while [[ $# -gt 0 ]]; do shift shift ;; + --unset-mrenclave) + MR_ENCLAVE="$2" + echo "Unset MR_ENCLAVE: $MR_ENCLAVE" + set_mrenclave=2 + shift + shift + ;; + --unset-mrsigner) + MR_SIGNER="$2" + echo "Unset MR_SIGNER: $MR_SIGNER" + set_mrsigner=2 + shift + shift + ;; + --toggle-mr-check) + echo "toogle mr check" + toggle_check=1 + shift + shift + ;; --qeid) QEID_PATH=$(vm_file_path "$2") echo "Config QE file: $QEID_PATH" @@ -109,7 +133,7 @@ if [ -z $FORK_URL ]; then fi # TASK_FLAG: [setMrEnclave,setMrSigner,configQE,configTCB,registerSgxInstanceWithQuote] -TASK_ENABLE_MASK="$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$verify_quote" +TASK_ENABLE_MASK=$set_mrenclave,$set_mrsigner,$config_qe,$config_tcb,$toggle_check,$verify_quote # config the contract TASK_ENABLE=$TASK_ENABLE_MASK \ diff --git a/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol b/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol index d74fb887b13..0983fbe0071 100644 --- a/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol +++ b/packages/protocol/test/automata-attestation/AutomataDcapV3AttestationTest.t.sol @@ -23,6 +23,29 @@ contract AutomataDcapV3AttestationTest is Test, AttestationBase { assertTrue(verified); } + function testSetMrEnclave() public { + vm.startPrank(admin); + setMrEnclave( + address(attestation), + bytes32(0x94a32d95b2f85a53084f1d4af2244bcf472b6026390938d4eada1d53e7ea476d), + true + ); + } + + function testSetMrSigner() public { + vm.startPrank(admin); + setMrSigner( + address(attestation), + bytes32(0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5), + true + ); + } + + function testToggleCheckQuoteValidity() public { + vm.startPrank(admin); + toggleCheckQuoteValidity(address(attestation)); + } + function testParsedQuoteJsonAttestation() public { vm.prank(user); string memory v3QuoteJsonStr = vm.readFile(string.concat(vm.projectRoot(), v3QuoteJsonPath)); @@ -35,10 +58,70 @@ contract AutomataDcapV3AttestationTest is Test, AttestationBase { assertTrue(verified); } + function testParsedQuoteBinAttestationWithCheck() public { + vm.startPrank(admin); + setMrEnclave( + address(attestation), + bytes32(0x94a32d95b2f85a53084f1d4af2244bcf472b6026390938d4eada1d53e7ea476d), + true + ); + setMrSigner( + address(attestation), + bytes32(0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5), + true + ); + toggleCheckQuoteValidity(address(attestation)); + + bytes memory v3QuoteBytes = + hex"03000200000000000a000f00939a7233f79c4ca9940a0db3957f060712ce6af1e4a81e0ecdac427b99bb0295000000000b0b100fffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000500000000000000e70000000000000094a32d95b2f85a53084f1d4af2244bcf472b6026390938d4eada1d53e7ea476d0000000000000000000000000000000000000000000000000000000000000000ca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fecf437744a6b5680ca60692eaa4b1a9320e82400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ca1000002bac1ce433d833ddaa022966869fbe8de10eaf11336f1732bebbf4583fb95a8469c44e60ad89e0036ec1d46f63dc5b039156e4843d3bc8092d7a3cd408aedda6c7277e139f5f2982256989fb65198701d836f8d6f15256ff05d4891bcadae813757a7c09fd1ce02297783baf66b9d97662b5fc38053c34970280bea0eb6e1a7e0b0b100fffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000001500000000000000e70000000000000096b347a64e5a045e27369c26e6dcda51fd7c850e9b3a3a79e718f43261dee1e400000000000000000000000000000000000000000000000000000000000000008c4f5775d796503e96137f77c68a829a0056ac8ded70140b081b094490c57bff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035b9ea12f4cf90ec68e8f4b0cbeb15ab6c70e858f1ed8b00c6f3b8471bf1146600000000000000000000000000000000000000000000000000000000000000002a88a769f8865bb1f5aa1a112396618865c9de7da437960ec883dba41d7d6c60a9f81b1e41697fd961f56a1dba150f79cfe30390254ee959c635ebf506020fe22000000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f0500620e00002d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d494945387a4343424a6d674177494241674956414c7a2b6a596a7863582b664a6f6d415562434a71676966496f6c364d416f4743437147534d343942414d430a4d484178496a416742674e5642414d4d47556c756447567349464e4857434251513073675547786864475a76636d306751304578476a415942674e5642416f4d0a45556c756447567349454e76636e4276636d4630615739754d5251774567594456515148444174545957353059534244624746795954454c4d416b47413155450a4341774351304578437a414a42674e5642415954416c56544d4234584454497a4d4467794f4445784d544d774e566f5844544d774d4467794f4445784d544d770a4e566f77634445694d434147413155454177775a535735305a5777675530645949464244537942445a584a3061575a70593246305a5445614d426747413155450a43677752535735305a577767513239796347397959585270623234784644415342674e564241634d43314e68626e526849454e7359584a684d517377435159440a5651514944414a445154454c4d416b474131554542684d4356564d775754415442676371686b6a4f5051494242676771686b6a4f50514d4242774e43414151790a734153725336726b656a31344866314a537075504f314e445556797a5842437670316834324631305555304146555767315934386f6542673774764e355832490a54474542357a48426a7a6a76396b755779556a556f344944446a434341776f77487759445652306a42426777466f41556c5739647a62306234656c4153636e550a3944504f4156634c336c5177617759445652306642475177596a42676f46366758495a616148523063484d364c79396863476b7564484a316333526c5a484e6c0a636e5a705932567a4c6d6c75644756734c6d4e766253397a5a3367765932567964476c6d61574e6864476c76626939324e4339775932746a636d772f593245390a6347786864475a76636d306d5a57356a62325270626d63395a4756794d42304741315564446751574242525456365a6c7a31764a6b5953666b4a6a384e69667a0a716761775744414f42674e56485138424166384542414d434273417744415944565230544151482f4241497741444343416a734743537147534962345451454e0a41515343416977776767496f4d42344743697147534962345451454e4151454545503547726745637a6f704e626f4d3073493062744145776767466c42676f710a686b69472b453042445145434d4949425654415142677371686b69472b4530424451454341514942437a415142677371686b69472b45304244514543416749420a437a415142677371686b69472b4530424451454341774942417a415142677371686b69472b4530424451454342414942417a415242677371686b69472b4530420a4451454342514943415038774551594c4b6f5a496876684e41513042416759434167442f4d42414743797147534962345451454e41514948416745414d4241470a43797147534962345451454e41514949416745414d42414743797147534962345451454e4151494a416745414d42414743797147534962345451454e4151494b0a416745414d42414743797147534962345451454e4151494c416745414d42414743797147534962345451454e4151494d416745414d42414743797147534962340a5451454e4151494e416745414d42414743797147534962345451454e4151494f416745414d42414743797147534962345451454e41514950416745414d4241470a43797147534962345451454e41514951416745414d42414743797147534962345451454e415149524167454e4d42384743797147534962345451454e415149530a4242414c43774d442f2f38414141414141414141414141414d42414743697147534962345451454e41514d45416741414d42514743697147534962345451454e0a4151514542674267616741414144415042676f71686b69472b45304244514546436745424d42344743697147534962345451454e415159454545574a7a4f76790a5a45384b336b6a2f48685845612f73775241594b4b6f5a496876684e41513042427a41324d42414743797147534962345451454e415163424151482f4d4241470a43797147534962345451454e415163434151482f4d42414743797147534962345451454e415163444151482f4d416f4743437147534d343942414d43413067410a4d45554349427133767832444e616d5142466d55644d652b6d5059454375383458676f4643674977534a5634634a61544169454134337037747277423830732b0a32697761686d4464416e434d774a56504c69534575774451463856456753773d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d4949436c6a4343416a32674177494241674956414a567658633239472b487051456e4a3150517a7a674658433935554d416f4743437147534d343942414d430a4d476778476a415942674e5642414d4d45556c756447567349464e48574342536232393049454e424d526f77474159445651514b4442464a626e526c624342440a62334a7762334a6864476c76626a45554d424947413155454277774c553246756447456751327868636d4578437a414a42674e564241674d416b4e424d5173770a435159445651514745774a56557a4165467730784f4441314d6a45784d4455774d5442614677307a4d7a41314d6a45784d4455774d5442614d484178496a41670a42674e5642414d4d47556c756447567349464e4857434251513073675547786864475a76636d306751304578476a415942674e5642416f4d45556c75644756730a49454e76636e4276636d4630615739754d5251774567594456515148444174545957353059534244624746795954454c4d416b474131554543417743513045780a437a414a42674e5642415954416c56544d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a304441516344516741454e53422f377432316c58534f0a3243757a7078773734654a423732457944476757357258437478327456544c7136684b6b367a2b5569525a436e71523770734f766771466553786c6d546c4a6c0a65546d693257597a33714f42757a43427544416642674e5648534d4547444157674251695a517a575770303069664f44744a5653763141624f536347724442530a42674e5648523845537a424a4d45656752614244686b466f64485277637a6f764c324e6c636e52705a6d6c6a5958526c63793530636e567a6447566b633256790a646d6c6a5a584d75615735305a577775593239744c306c756447567355306459556d397664454e424c6d526c636a416442674e5648513445466751556c5739640a7a62306234656c4153636e553944504f4156634c336c517744675944565230504151482f42415144416745474d42494741315564457745422f7751494d4159420a4166384341514177436759494b6f5a497a6a30454177494452774177524149675873566b6930772b6936565947573355462f32327561586530594a446a3155650a6e412b546a44316169356343494359623153416d4435786b66545670766f34556f79695359787244574c6d5552344349394e4b7966504e2b0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a2d2d2d2d2d424547494e2043455254494649434154452d2d2d2d2d0a4d4949436a7a4343416a53674177494241674955496d554d316c71644e496e7a6737535655723951477a6b6e42717777436759494b6f5a497a6a3045417749770a614445614d4267474131554541777752535735305a5777675530645949464a766233516751304578476a415942674e5642416f4d45556c756447567349454e760a636e4276636d4630615739754d5251774567594456515148444174545957353059534244624746795954454c4d416b47413155454341774351304578437a414a0a42674e5642415954416c56544d423458445445344d4455794d5445774e4455784d466f58445451354d54497a4d54497a4e546b314f566f77614445614d4267470a4131554541777752535735305a5777675530645949464a766233516751304578476a415942674e5642416f4d45556c756447567349454e76636e4276636d46300a615739754d5251774567594456515148444174545957353059534244624746795954454c4d416b47413155454341774351304578437a414a42674e56424159540a416c56544d466b77457759484b6f5a497a6a3043415159494b6f5a497a6a3044415163445167414543366e45774d4449595a4f6a2f69505773437a61454b69370a314f694f534c52466857476a626e42564a66566e6b59347533496a6b4459594c304d784f346d717379596a6c42616c54565978465032734a424b357a6c4b4f420a757a43427544416642674e5648534d4547444157674251695a517a575770303069664f44744a5653763141624f5363477244425342674e5648523845537a424a0a4d45656752614244686b466f64485277637a6f764c324e6c636e52705a6d6c6a5958526c63793530636e567a6447566b63325679646d6c6a5a584d75615735300a5a577775593239744c306c756447567355306459556d397664454e424c6d526c636a416442674e564851344546675155496d554d316c71644e496e7a673753560a55723951477a6b6e4271777744675944565230504151482f42415144416745474d42494741315564457745422f7751494d4159424166384341514577436759490a4b6f5a497a6a3045417749445351417752674968414f572f35516b522b533943695344634e6f6f774c7550524c735747662f59693747535839344267775477670a41694541344a306c72486f4d732b586f356f2f7358364f39515778485241765a55474f6452513763767152586171493d0a2d2d2d2d2d454e442043455254494649434154452d2d2d2d2d0a00"; + V3Struct.ParsedV3QuoteStruct memory v3quote = + verifyParsedQuoteAttestation(v3QuoteBytes, true); + address parsedInstanceAddr = + address(bytes20(Bytes.slice(v3quote.localEnclaveReport.reportData, 0, 20))); + // console.log("[log] parsed instance addr = %s", parsedInstanceAddr); + assertTrue(parsedInstanceAddr == address(0xFECF437744A6b5680cA60692eaA4b1A9320e8240)); + } + + function testParsedQuoteBinAttestationWithCheckFail() public { + vm.startPrank(admin); + setMrEnclave( + address(attestation), + bytes32(0x94a32d95b2f85a53084f1d4af2244bcf472b6026390938d4eada1d53e7ea476d), + true + ); + setMrSigner( + address(attestation), + bytes32(0xca0583a715534a8c981b914589a7f0dc5d60959d9ae79fb5353299a4231673d5), + true + ); + toggleCheckQuoteValidity(address(attestation)); + + bytes memory v3QuoteBytes = sampleQuote; + verifyParsedQuoteAttestation(v3QuoteBytes, false); + + setMrEnclave( + address(attestation), + bytes32(0xae9bd17e36f8bf636cb03fc2a63873ee8d0887fdd596ca6144f82cfa0ee32620), + true + ); + setMrSigner( + address(attestation), + bytes32(0x1d3d2b8e78a9081c4d7865026f984b265197696dfe4a0598a2d0ef0764f700f5), + true + ); + V3Struct.ParsedV3QuoteStruct memory v3quote = + verifyParsedQuoteAttestation(v3QuoteBytes, true); + address parsedInstanceAddr = + address(bytes20(Bytes.slice(v3quote.localEnclaveReport.reportData, 0, 20))); + console.log("[log] parsed instance addr = %s", parsedInstanceAddr); + assertTrue(parsedInstanceAddr == address(0xC2D4564358139C90C17B744FE837F4DDc503EEdF)); + } + function testParsedQuoteBinAttestation() public { vm.prank(user); bytes memory v3QuoteBytes = sampleQuote; - V3Struct.ParsedV3QuoteStruct memory v3quote = parsedQuoteAttestation(v3QuoteBytes); + V3Struct.ParsedV3QuoteStruct memory v3quote = + verifyParsedQuoteAttestation(v3QuoteBytes, true); address parsedInstanceAddr = address(bytes20(Bytes.slice(v3quote.localEnclaveReport.reportData, 0, 20))); // console.log("[log] parsed instance addr = %s", parsedInstanceAddr); @@ -49,7 +132,8 @@ contract AutomataDcapV3AttestationTest is Test, AttestationBase { string memory v3QuoteB64Str = "AwACAAAAAAAKAA8Ak5pyM/ecTKmUCg2zlX8GBxLOavHkqB4OzaxCe5m7ApUAAAAACwsQD///AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQAAAAAAAADnAAAAAAAAADAx1Y7sROJljY0p6/ptbdwC841C1n7aq7S/qjSGeOa6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdPSuOeKkIHE14ZQJvmEsmUZdpbf5KBZii0O8HZPcA9QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdC5oqY9mLGLKIiJy2EWABZTTIFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyhAAAEDWo4+gcMfB8oCHFOW95E3dDzSJmZxRjEPY6SLfsAxxmdL1E9tpPreSh37ItjqcFJQ6gYaaITdFjh1JUAIXGkDHJ34Tn18pgiVpiftlGYcB2Db41vFSVv8F1IkbytroE3V6fAn9HOAil3g7r2a52XZitfw4BTw0lwKAvqDrbhp+CwsQD///AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFQAAAAAAAADnAAAAAAAAAJazR6ZOWgReJzacJubc2lH9fIUOmzo6eecY9DJh3uHkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACMT1d115ZQPpYTf3fGioKaAFasje1wFAsIGwlEkMV7/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEACgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1ueoS9M+Q7Gjo9LDL6xWrbHDoWPHtiwDG87hHG/EUZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXsD5UvPvZXKx36JrvQfjbUe/9s+nMccmvZd/k77abt+DaUSo3diPOAmrh0ahh1zxMInkgdjDYnXR+3H1g3xY8SAAAAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8FAGIOAAAtLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRTh6Q0NCSm1nQXdJQkFnSVZBTHorallqeGNYK2ZKb21BVWJDSnFnaWZJb2w2TUFvR0NDcUdTTTQ5QkFNQwpNSEF4SWpBZ0JnTlZCQU1NR1VsdWRHVnNJRk5IV0NCUVEwc2dVR3hoZEdadmNtMGdRMEV4R2pBWUJnTlZCQW9NCkVVbHVkR1ZzSUVOdmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUUKQ0F3Q1EwRXhDekFKQmdOVkJBWVRBbFZUTUI0WERUSXpNRGd5T0RFeE1UTXdOVm9YRFRNd01EZ3lPREV4TVRNdwpOVm93Y0RFaU1DQUdBMVVFQXd3WlNXNTBaV3dnVTBkWUlGQkRTeUJEWlhKMGFXWnBZMkYwWlRFYU1CZ0dBMVVFCkNnd1JTVzUwWld3Z1EyOXljRzl5WVhScGIyNHhGREFTQmdOVkJBY01DMU5oYm5SaElFTnNZWEpoTVFzd0NRWUQKVlFRSURBSkRRVEVMTUFrR0ExVUVCaE1DVlZNd1dUQVRCZ2NxaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFReQpzQVNyUzZya2VqMTRIZjFKU3B1UE8xTkRVVnl6WEJDdnAxaDQyRjEwVVUwQUZVV2cxWTQ4b2VCZzd0dk41WDJJClRHRUI1ekhCanpqdjlrdVd5VWpVbzRJRERqQ0NBd293SHdZRFZSMGpCQmd3Rm9BVWxXOWR6YjBiNGVsQVNjblUKOURQT0FWY0wzbFF3YXdZRFZSMGZCR1F3WWpCZ29GNmdYSVphYUhSMGNITTZMeTloY0drdWRISjFjM1JsWkhObApjblpwWTJWekxtbHVkR1ZzTG1OdmJTOXpaM2d2WTJWeWRHbG1hV05oZEdsdmJpOTJOQzl3WTJ0amNtdy9ZMkU5CmNHeGhkR1p2Y20wbVpXNWpiMlJwYm1jOVpHVnlNQjBHQTFVZERnUVdCQlJUVjZabHoxdkprWVNma0pqOE5pZnoKcWdhd1dEQU9CZ05WSFE4QkFmOEVCQU1DQnNBd0RBWURWUjBUQVFIL0JBSXdBRENDQWpzR0NTcUdTSWI0VFFFTgpBUVNDQWl3d2dnSW9NQjRHQ2lxR1NJYjRUUUVOQVFFRUVQNUdyZ0Vjem9wTmJvTTBzSTBidEFFd2dnRmxCZ29xCmhraUcrRTBCRFFFQ01JSUJWVEFRQmdzcWhraUcrRTBCRFFFQ0FRSUJDekFRQmdzcWhraUcrRTBCRFFFQ0FnSUIKQ3pBUUJnc3Foa2lHK0UwQkRRRUNBd0lCQXpBUUJnc3Foa2lHK0UwQkRRRUNCQUlCQXpBUkJnc3Foa2lHK0UwQgpEUUVDQlFJQ0FQOHdFUVlMS29aSWh2aE5BUTBCQWdZQ0FnRC9NQkFHQ3lxR1NJYjRUUUVOQVFJSEFnRUFNQkFHCkN5cUdTSWI0VFFFTkFRSUlBZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSUpBZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSUsKQWdFQU1CQUdDeXFHU0liNFRRRU5BUUlMQWdFQU1CQUdDeXFHU0liNFRRRU5BUUlNQWdFQU1CQUdDeXFHU0liNApUUUVOQVFJTkFnRUFNQkFHQ3lxR1NJYjRUUUVOQVFJT0FnRUFNQkFHQ3lxR1NJYjRUUUVOQVFJUEFnRUFNQkFHCkN5cUdTSWI0VFFFTkFRSVFBZ0VBTUJBR0N5cUdTSWI0VFFFTkFRSVJBZ0VOTUI4R0N5cUdTSWI0VFFFTkFRSVMKQkJBTEN3TUQvLzhBQUFBQUFBQUFBQUFBTUJBR0NpcUdTSWI0VFFFTkFRTUVBZ0FBTUJRR0NpcUdTSWI0VFFFTgpBUVFFQmdCZ2FnQUFBREFQQmdvcWhraUcrRTBCRFFFRkNnRUJNQjRHQ2lxR1NJYjRUUUVOQVFZRUVFV0p6T3Z5ClpFOEsza2ovSGhYRWEvc3dSQVlLS29aSWh2aE5BUTBCQnpBMk1CQUdDeXFHU0liNFRRRU5BUWNCQVFIL01CQUcKQ3lxR1NJYjRUUUVOQVFjQ0FRSC9NQkFHQ3lxR1NJYjRUUUVOQVFjREFRSC9NQW9HQ0NxR1NNNDlCQU1DQTBnQQpNRVVDSUJxM3Z4MkROYW1RQkZtVWRNZSttUFlFQ3U4NFhnb0ZDZ0l3U0pWNGNKYVRBaUVBNDNwN3Ryd0I4MHMrCjJpd2FobURkQW5DTXdKVlBMaVNFdXdEUUY4VkVnU3c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNsakNDQWoyZ0F3SUJBZ0lWQUpWdlhjMjlHK0hwUUVuSjFQUXp6Z0ZYQzk1VU1Bb0dDQ3FHU000OUJBTUMKTUdneEdqQVlCZ05WQkFNTUVVbHVkR1ZzSUZOSFdDQlNiMjkwSUVOQk1Sb3dHQVlEVlFRS0RCRkpiblJsYkNCRApiM0p3YjNKaGRHbHZiakVVTUJJR0ExVUVCd3dMVTJGdWRHRWdRMnhoY21FeEN6QUpCZ05WQkFnTUFrTkJNUXN3CkNRWURWUVFHRXdKVlV6QWVGdzB4T0RBMU1qRXhNRFV3TVRCYUZ3MHpNekExTWpFeE1EVXdNVEJhTUhBeElqQWcKQmdOVkJBTU1HVWx1ZEdWc0lGTkhXQ0JRUTBzZ1VHeGhkR1p2Y20wZ1EwRXhHakFZQmdOVkJBb01FVWx1ZEdWcwpJRU52Y25CdmNtRjBhVzl1TVJRd0VnWURWUVFIREF0VFlXNTBZU0JEYkdGeVlURUxNQWtHQTFVRUNBd0NRMEV4CkN6QUpCZ05WQkFZVEFsVlRNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVOU0IvN3QyMWxYU08KMkN1enB4dzc0ZUpCNzJFeURHZ1c1clhDdHgydFZUTHE2aEtrNnorVWlSWkNucVI3cHNPdmdxRmVTeGxtVGxKbAplVG1pMldZejNxT0J1ekNCdURBZkJnTlZIU01FR0RBV2dCUWlaUXpXV3AwMGlmT0R0SlZTdjFBYk9TY0dyREJTCkJnTlZIUjhFU3pCSk1FZWdSYUJEaGtGb2RIUndjem92TDJObGNuUnBabWxqWVhSbGN5NTBjblZ6ZEdWa2MyVnkKZG1salpYTXVhVzUwWld3dVkyOXRMMGx1ZEdWc1UwZFlVbTl2ZEVOQkxtUmxjakFkQmdOVkhRNEVGZ1FVbFc5ZAp6YjBiNGVsQVNjblU5RFBPQVZjTDNsUXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CSUdBMVVkRXdFQi93UUlNQVlCCkFmOENBUUF3Q2dZSUtvWkl6ajBFQXdJRFJ3QXdSQUlnWHNWa2kwdytpNlZZR1czVUYvMjJ1YVhlMFlKRGoxVWUKbkErVGpEMWFpNWNDSUNZYjFTQW1ENXhrZlRWcHZvNFVveWlTWXhyRFdMbVVSNENJOU5LeWZQTisKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQ2p6Q0NBalNnQXdJQkFnSVVJbVVNMWxxZE5JbnpnN1NWVXI5UUd6a25CcXd3Q2dZSUtvWkl6ajBFQXdJdwphREVhTUJnR0ExVUVBd3dSU1c1MFpXd2dVMGRZSUZKdmIzUWdRMEV4R2pBWUJnTlZCQW9NRVVsdWRHVnNJRU52CmNuQnZjbUYwYVc5dU1SUXdFZ1lEVlFRSERBdFRZVzUwWVNCRGJHRnlZVEVMTUFrR0ExVUVDQXdDUTBFeEN6QUoKQmdOVkJBWVRBbFZUTUI0WERURTRNRFV5TVRFd05EVXhNRm9YRFRRNU1USXpNVEl6TlRrMU9Wb3dhREVhTUJnRwpBMVVFQXd3UlNXNTBaV3dnVTBkWUlGSnZiM1FnUTBFeEdqQVlCZ05WQkFvTUVVbHVkR1ZzSUVOdmNuQnZjbUYwCmFXOXVNUlF3RWdZRFZRUUhEQXRUWVc1MFlTQkRiR0Z5WVRFTE1Ba0dBMVVFQ0F3Q1EwRXhDekFKQmdOVkJBWVQKQWxWVE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdBRUM2bkV3TURJWVpPai9pUFdzQ3phRUtpNwoxT2lPU0xSRmhXR2pibkJWSmZWbmtZNHUzSWprRFlZTDBNeE80bXFzeVlqbEJhbFRWWXhGUDJzSkJLNXpsS09CCnV6Q0J1REFmQmdOVkhTTUVHREFXZ0JRaVpReldXcDAwaWZPRHRKVlN2MUFiT1NjR3JEQlNCZ05WSFI4RVN6QkoKTUVlZ1JhQkRoa0ZvZEhSd2N6b3ZMMk5sY25ScFptbGpZWFJsY3k1MGNuVnpkR1ZrYzJWeWRtbGpaWE11YVc1MApaV3d1WTI5dEwwbHVkR1ZzVTBkWVVtOXZkRU5CTG1SbGNqQWRCZ05WSFE0RUZnUVVJbVVNMWxxZE5JbnpnN1NWClVyOVFHemtuQnF3d0RnWURWUjBQQVFIL0JBUURBZ0VHTUJJR0ExVWRFd0VCL3dRSU1BWUJBZjhDQVFFd0NnWUkKS29aSXpqMEVBd0lEU1FBd1JnSWhBT1cvNVFrUitTOUNpU0RjTm9vd0x1UFJMc1dHZi9ZaTdHU1g5NEJnd1R3ZwpBaUVBNEowbHJIb01zK1hvNW8vc1g2TzlRV3hIUkF2WlVHT2RSUTdjdnFSWGFxST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQoA"; bytes memory v3QuoteBytes = Base64.decode(v3QuoteB64Str); - V3Struct.ParsedV3QuoteStruct memory v3quote = parsedQuoteAttestation(v3QuoteBytes); + V3Struct.ParsedV3QuoteStruct memory v3quote = + verifyParsedQuoteAttestation(v3QuoteBytes, true); address parsedInstanceAddr = address(bytes20(Bytes.slice(v3quote.localEnclaveReport.reportData, 0, 20))); // console.log("[log] parsed instance addr = %s", parsedInstanceAddr); diff --git a/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol b/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol index 453d7d66470..62016721950 100644 --- a/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol +++ b/packages/protocol/test/automata-attestation/common/AttestationBase.t.sol @@ -65,8 +65,8 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils { }) ); - setMrEnclave(address(attestation), mrEnclave); - setMrSigner(address(attestation), mrSigner); + setMrEnclave(address(attestation), mrEnclave, true); + setMrSigner(address(attestation), mrSigner, true); string memory tcbInfoJson = vm.readFile(string.concat(vm.projectRoot(), tcbInfoPath)); string memory enclaveIdJson = vm.readFile(string.concat(vm.projectRoot(), idPath)); @@ -81,12 +81,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils { vm.stopPrank(); } - function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave) internal { - AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, true); + function setMrEnclave(address _attestationAddress, bytes32 _mrEnclave, bool enable) internal { + AutomataDcapV3Attestation(_attestationAddress).setMrEnclave(_mrEnclave, enable); } - function setMrSigner(address _attestationAddress, bytes32 _mrSigner) internal { - AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, true); + function setMrSigner(address _attestationAddress, bytes32 _mrSigner, bool enable) internal { + AutomataDcapV3Attestation(_attestationAddress).setMrSigner(_mrSigner, enable); + } + + function toggleCheckQuoteValidity(address _attestationAddress) internal { + AutomataDcapV3Attestation(_attestationAddress).toggleLocalReportCheck(); } function configureQeIdentityJson( @@ -114,13 +118,16 @@ contract AttestationBase is Test, DcapTestUtils, V3QuoteParseUtils { console.log("tcbParsedSuccess: %s", tcbParsedSuccess); } - function parsedQuoteAttestation(bytes memory v3QuoteBytes) + function verifyParsedQuoteAttestation( + bytes memory v3QuoteBytes, + bool expected + ) internal returns (V3Struct.ParsedV3QuoteStruct memory v3quote) { v3quote = ParseV3QuoteBytes(address(pemCertChainLib), v3QuoteBytes); (bool verified,) = attestation.verifyParsedQuote(v3quote); - assertTrue(verified); + assertEq(verified, expected); } function registerSgxInstanceWithQuoteBytes( From c47eb7445ae4a6965f95e213caaaa83c053c45b1 Mon Sep 17 00:00:00 2001 From: smtmfft Date: Mon, 13 May 2024 07:27:08 +0000 Subject: [PATCH 2/3] fix typo --- packages/protocol/script/config_dcap_sgx_verifier.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/protocol/script/config_dcap_sgx_verifier.sh b/packages/protocol/script/config_dcap_sgx_verifier.sh index 8d46326358e..e3039ca3a24 100755 --- a/packages/protocol/script/config_dcap_sgx_verifier.sh +++ b/packages/protocol/script/config_dcap_sgx_verifier.sh @@ -95,7 +95,7 @@ while [[ $# -gt 0 ]]; do shift ;; --toggle-mr-check) - echo "toogle mr check" + echo "toggle mr check" toggle_check=1 shift shift From 303a952b838818808446837a747e4c4889cc125d Mon Sep 17 00:00:00 2001 From: smtmfft Date: Tue, 14 May 2024 09:39:49 +0000 Subject: [PATCH 3/3] update script address Signed-off-by: smtmfft --- packages/protocol/script/config_dcap_sgx_verifier.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/protocol/script/config_dcap_sgx_verifier.sh b/packages/protocol/script/config_dcap_sgx_verifier.sh index e3039ca3a24..7ddc731134a 100755 --- a/packages/protocol/script/config_dcap_sgx_verifier.sh +++ b/packages/protocol/script/config_dcap_sgx_verifier.sh @@ -30,9 +30,9 @@ if [ $# -eq 0 ]; then fi # replace with the correct address of the verifier/attester/pemCertChain. -export SGX_VERIFIER_ADDRESS=0x532EFBf6D62720D0B2a2Bb9d11066E8588cAE6D9 -export ATTESTATION_ADDRESS=0xC6cD3878Fc56F2b2BaB0769C580fc230A95e1398 -export PEM_CERTCHAIN_ADDRESS=0x08d7865e7F534d743Aba5874A9AD04bcB223a92E +export SGX_VERIFIER_ADDRESS=0xb0f3186FC1963f774f52ff455DC86aEdD0b31F81 +export ATTESTATION_ADDRESS=0x8d7C954960a36a7596d7eA4945dDf891967ca8A3 +export PEM_CERTCHAIN_ADDRESS=0x02772b7B3a5Bea0141C993Dbb8D0733C19F46169 # default value # for setMrEnclave which should be called by the owner of the verifier