testnet/detee-cli
3
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

removed some of the unwraps; more testing required

Browse Source
This commit is contained in:
ghe0 2025-03-21 03:49:16 +02:00
parent 422e04a538
commit a3d604845b
Signed by: ghe0
GPG Key ID: 451028EE56A0FBB4
4 changed files with 72 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

124
src/config.rs
View File

@ -17,7 +17,7 @@ pub struct AccountData {
wallet_address: String,
wallet_path: String,
hratls_pubkey: String,
hratls_path: String,
hratls_key_path: String,
mrsigner: String,
mrsigner_key_path: String,
}
@ -43,6 +43,9 @@ impl super::HumanOutput for AccountData {
println!("Hop on discord to get an airdrop: https://discord.gg/DcfYczAMtD \n")
}
}
if !self.mrsigner.is_empty() {
println!("The MRSIGNER for apps is: {}", self.mrsigner);
}
}
}
@ -59,13 +62,19 @@ pub enum Error {
#[error("Parsing of the yaml config file failed: {0}")]
YamlFormat(#[from] serde_yaml::Error),
#[error("The private key of the DeTEE account got corrupted.")]
CorruptedKey,
CorruptedWalletKey,
#[error("The private ED25519 key used for HRATLS got corrupted: {0}")]
CorruptedHratlsKey(String),
#[error("The MRSIGNER key (used for signing apps) got corrupted: {0}")]
CorruptedMrSigner(String),
#[error("Failed to generate key using openssl: {0}")]
Openssl(String),
#[error{"Failed to retrive/download the artefact"}]
ArtefactError,
#[error{"SSH key not defined. Run `detee-cli account` for more info."}]
SshKeyNoDefined,
#[error{"RSA Error: {0}"}]
RSAError(#[from] openssl::error::ErrorStack),
}
impl Config {
@ -227,9 +236,9 @@ impl Config {
Ok(SigningKey::from_bytes(
&bs58::decode(std::fs::read_to_string(Self::detee_wallet_key_path()?)?.trim())
.into_vec()
.map_err(|_| Error::CorruptedKey)?
.map_err(|_| Error::CorruptedWalletKey)?
.try_into()
.map_err(|_| Error::CorruptedKey)?,
.map_err(|_| Error::CorruptedWalletKey)?,
))
}
@ -345,103 +354,100 @@ impl Config {
Err(_) => log::error!("This error should never happen. Please report this bug."),
}
// TODO: Also populate these fields:
// hratls_pubkey: String,
// hratls_path: String,
// mrsigner: String,
// signing_key_path: String,
match Self::mrsigner_key_path() {
Ok(path) => {
account_data.mrsigner_key_path = path;
match Self::get_mrsigner() {
Ok(mrsigner) => account_data.mrsigner = mrsigner,
Err(e) => {
log::error!("Could not load MRSIGNER key: {e}")
}
}
}
Err(e) => log::error!("Please report this bug. Could not get MRSIGNER path: {e}"),
}
match Self::hratls_key_path() {
Ok(path) => {
account_data.hratls_key_path = path;
match Self::get_hratls_pubkey_hex() {
Ok(pubkey) => account_data.hratls_pubkey = pubkey,
Err(e) => {
log::error!("Could not load HRATLS key: {e}")
}
}
}
Err(e) => log::error!("Please report this bug. Could not get HRATLS key path: {e}"),
}
account_data
}
}
impl Config {
pub fn get_hratls_private_key() -> String {
std::fs::read_to_string(Self::hratls_private_key_path())
.unwrap_or_else(|_| Self::create_hratls_key().expect("Failed to create HRATLS key"))
}
fn create_hratls_key() -> Result<String, Box<dyn std::error::Error>> {
let private_key_path = Self::hratls_private_key_path();
pub fn get_hratls_private_key() -> Result<String, Error> {
let private_key_path = Self::hratls_key_path()?;
if Path::new(&private_key_path).exists() {
log::debug!("Found HRaTLS private key at {private_key_path}");
return Err("Key already exists.".into());
return Ok(std::fs::read_to_string(private_key_path)
.map_err(|e| Error::CorruptedHratlsKey(e.to_string()))?);
}
let key = PKey::generate_ed25519()?;
let mut key_file = File::create(private_key_path)?;
let pem_pkcs8 = key.private_key_to_pem_pkcs8()?;
key_file.write_all(&pem_pkcs8)?;
Ok(String::from_utf8(pem_pkcs8)?)
Ok(String::from_utf8(pem_pkcs8).map_err(|e| Error::CorruptedHratlsKey(e.to_string()))?)
}
pub fn get_hratls_pubkey_hex() -> String {
let private_key_pem_str = Self::get_hratls_private_key();
let private_key = PKey::private_key_from_pem(private_key_pem_str.as_ref()).unwrap();
let pubkey = private_key.raw_public_key().unwrap();
pubkey.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x))
pub fn get_hratls_pubkey_hex() -> Result<String, Error> {
let private_key_pem_str = Self::get_hratls_private_key()?;
let private_key = PKey::private_key_from_pem(private_key_pem_str.as_ref())?;
let pubkey = private_key.raw_public_key()?;
Ok(pubkey.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x)))
}
pub fn hratls_private_key_path() -> String {
Self::path_dir().unwrap() + ("/hratls_private_key.pem")
pub fn hratls_key_path() -> Result<String, Error> {
Ok(Self::path_dir()? + ("/hratls_private_key.pem"))
}
}
impl Config {
pub fn get_mrsigner() -> String {
let mut signing_key_mod = Self::get_mrsigner_rsa_key().n().to_vec();
pub fn get_mrsigner() -> Result<String, Error> {
let mut signing_key_mod = Self::get_mrsigner_rsa_key()?.n().to_vec();
signing_key_mod.reverse(); // make it little endian
// TODO: double check if hasher can actually fail
let mut hasher = Hasher::new(MessageDigest::sha256()).unwrap();
hasher.update(&signing_key_mod).unwrap();
let mr_signer_raw = hasher.finish().unwrap();
let mut mr_signer = [0u8; 32];
mr_signer.copy_from_slice(&mr_signer_raw[..32]);
mr_signer.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x))
Ok(mr_signer.iter().fold(String::new(), |acc, x| acc + &format!("{:02X?}", x)))
}
fn get_mrsigner_rsa_key() -> Rsa<Private> {
let signing_key_pem_str = std::fs::read_to_string(Self::mrsigner_key_path())
.unwrap_or_else(|_| {
Self::create_mrsigner_rsa_key().expect("Failed to create enclave signing key")
});
Rsa::private_key_from_pem(signing_key_pem_str.as_ref()).unwrap()
fn get_mrsigner_rsa_key() -> Result<Rsa<Private>, Error> {
let signing_key_pem_str = Self::create_mrsigner_rsa_key()?;
Ok(Rsa::private_key_from_pem(signing_key_pem_str.as_ref())
.map_err(|e| Error::CorruptedMrSigner(e.to_string()))?)
}
fn create_mrsigner_rsa_key() -> Result<String, Box<dyn std::error::Error>> {
let signing_key_path = Self::mrsigner_key_path();
fn create_mrsigner_rsa_key() -> Result<String, Error> {
let signing_key_path = Self::mrsigner_key_path()?;
if Path::new(&signing_key_path).exists() {
log::debug!("Found signing_key at {signing_key_path}");
return Err("Key already exists.".into());
return Ok(std::fs::read_to_string(signing_key_path)
.map_err(|e| Error::CorruptedMrSigner(e.to_string()))?);
}
let key = Rsa::generate_with_e(3072, BigNum::from_u32(3)?.as_ref())?;
let mut key_file = File::create(signing_key_path)?;
let pem_pkcs8 = key.private_key_to_pem()?;
key_file.write_all(&pem_pkcs8)?;
Ok(String::from_utf8(pem_pkcs8)?)
Ok(String::from_utf8(pem_pkcs8).map_err(|e| Error::CorruptedMrSigner(e.to_string()))?)
}
pub fn mrsigner_key_path() -> String {
Self::path_dir().unwrap() + ("/app_signing_key.pem")
}
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn test_hratls_private_key() {
let hratls_private_key = Config::get_hratls_private_key();
println!("hratls_private_key:\n{hratls_private_key}");
}
#[test]
fn test_mr_signer() {
let mr_signer = Config::get_mrsigner();
println!("mr_signer: {mr_signer}",);
pub fn mrsigner_key_path() -> Result<String, Error> {
Ok(Self::path_dir()? + ("/app_signing_key.pem"))
}
}

2
src/sgx/grpc_brain.rs
View File

@ -39,7 +39,7 @@ pub async fn new_app(app_deploy_config: AppDeployConfig) -> Result<NewAppRes> {
req.uuid = "".to_string();
req.locked_nano = locked_nano;
req.admin_pubkey = Config::get_detee_wallet()?;
req.hratls_pubkey = Config::get_hratls_pubkey_hex();
req.hratls_pubkey = Config::get_hratls_pubkey_hex()?;
let mut daemon_serivce = BrainAppCliClient::connect(Config::get_brain_url()).await?;
let res = daemon_serivce.deploy_app(sign_request(req)?).await?;

6
src/sgx/grpc_dtpm.rs
View File

@ -29,6 +29,8 @@ pub enum Error {
SgxHRatls(#[from] detee_sgx::error::SgxError),
#[error("DtpmConfig: {0}")]
DtpmConfig(String),
#[error(transparent)]
ConfigError(#[from] crate::config::Error),
}
type Result<T> = std::result::Result<T, Error>;
@ -37,9 +39,9 @@ pub async fn connect_dtpm_grpc_client(
hratls_uri: String,
package_mr_enclave: Option<[u8; 32]>,
) -> Result<DtpmConfigManagerClient<Channel>> {
let private_key_pem = Config::get_hratls_private_key();
let private_key_pem = Config::get_hratls_private_key()?;
let mut mr_signer = [0u8; 32];
hex::decode_to_slice(Config::get_mrsigner(), &mut mr_signer)?;
hex::decode_to_slice(Config::get_mrsigner()?, &mut mr_signer)?;
let mr_signers = vec![mr_signer];
let _ = rustls::crypto::aws_lc_rs::default_provider().install_default();

4
src/sgx/packaging.rs
View File

@ -11,8 +11,8 @@ pub fn package_enclave(
.collect::<Vec<_>>()
.join(" ");
let signing_key_path = Config::mrsigner_key_path();
let hratls_key_path = Config::hratls_private_key_path();
let signing_key_path = Config::mrsigner_key_path()?;
let hratls_key_path = Config::hratls_key_path()?;
let docker_package_str = if package_type == "public" {
format!(