Merge pull request #273 from rsksmart/feature/sgx-attestation-up-to-date

SGX attestation

README.md

@@ -37,7 +37,7 @@ powHSM is a solution designed specifically for the [RSK network](https://www.rsk
 1. The first implementation consists of a pair of applications for the [Ledger Nano S](https://shop.ledger.com/products/ledger-nano-s), namely a UI and a Signer, and it strongly depends on the device's security features to implement the aforementioned safekeeping. This implementation requires a physical Ledger Nano S device and a self-managed physical standalone server.
 2. The second implementation consists of both a host and an enclave binary targetting the Intel SGX architecture. Just as the Ledger Nano S implementation, it strongly depends on the Intel SGX security features in order to keep the private keys safe. This implementation can run both on standalone SGX-enabled servers as well as on SGX-enabled cloud computing providers (e.g., Microsoft Azure).
 
-Each powPeg member runs an individual physical device or SGX enclave on which a transparent installation and onboarding process is carried. Amongst other things, this process safely generates the root key, that either never leaves the device (Ledger) or can only ever be decrypted by the enclave (SGX). There is an [attestation process](./docs/attestation.md) that serves the purpose of testifying and guaranteeing this key generation process, and ultimately the fact that the key is only ever known to the device (attestation is currently only supported on the Ledger implementation).
+Each powPeg member runs an individual physical device or SGX enclave on which a transparent installation and onboarding process is carried. Amongst other things, this process safely generates the root key, that either never leaves the device (Ledger) or can only ever be decrypted by the enclave (SGX). There is an [attestation process](./docs/attestation.md) that serves the purpose of testifying and guaranteeing this key generation process, and ultimately the fact that the key is only ever known to the physical device or SGX enclave.
 
 After onboarding, each powHSM runs either on its host (SGX) or is physically connected to it (Ledger), and interacts with its corresponding powPeg node by means of a middleware layer that exposes a [high-level protocol](./docs/protocol.md) for its operation.
 

build-dist-sgx

@@ -53,6 +53,14 @@ $ROOT_DIR/firmware/build/build-sgx $CHECKPOINT $DIFFICULTY $NETWORK > /dev/null
 cp $ROOT_DIR/firmware/src/sgx/bin/hsmsgx $HSM_DIR/
 cp $ROOT_DIR/firmware/src/sgx/bin/hsmsgx_enclave.signed $HSM_DIR/
 
+HOST_HASH=$(sha256sum $ROOT_DIR/firmware/src/sgx/bin/hsmsgx | cut -d ' ' -f 1)
+ENCLAVE_HASH=$($ROOT_DIR/firmware/build/extract-mrenclave $ROOT_DIR/firmware/src/sgx/bin/hsmsgx_enclave.signed)
+echo "$HSM_DIR/hsmsgx:"
+echo $HOST_HASH
+echo
+echo "$HSM_DIR/hsmsgx_enclave.signed"
+echo "$ENCLAVE_HASH"
+
 echo
 echo -e "\e[32mBuild complete.\e[0m"
 

dist/sgx/Dockerfile

@@ -12,6 +12,12 @@ RUN curl -L -o libssl1.1.deb  https://ftp.debian.org/debian/pool/main/o/openssl/
 
 # Install SGX runtime dependencies
 RUN echo 'deb [arch=amd64] https://download.01.org/intel-sgx/sgx_repo/ubuntu focal main' | tee /etc/apt/sources.list.d/intel-sgx.list && \
+    echo 'deb [arch=amd64] http://azure.archive.ubuntu.com/ubuntu/ focal main restricted' | tee -a /etc/apt/sources.list.d/intel-sgx.list && \
+    echo 'deb [arch=amd64] https://packages.microsoft.com/ubuntu/20.04/prod focal main' | tee -a /etc/apt/sources.list.d/intel-sgx.list && \
+    gpg --keyserver keyserver.ubuntu.com --recv-keys 871920D1991BC93C 3B4FE6ACC0B21F32 EB3E94ADBE1229CF && \
+    gpg --export --armor 871920D1991BC93C | apt-key add - && \
+    gpg --export --armor 3B4FE6ACC0B21F32 | apt-key add - && \
+    gpg --export --armor EB3E94ADBE1229CF | apt-key add - && \
     curl -fsSL https://download.01.org/intel-sgx/sgx_repo/ubuntu/intel-sgx-deb.key | apt-key add - && \
     apt-get update && \
-    apt-get install -y libsgx-enclave-common
+    apt-get install -y libsgx-enclave-common libsgx-quote-ex libsgx-dcap-ql az-dcap-client

dist/sgx/scripts/setup

@@ -34,6 +34,19 @@ PIN_FILE="$ROOT_DIR/pin.txt"
 EXPORT_DIR="$ROOT_DIR/export"
 PUBLIC_KEY_FILE="$EXPORT_DIR/public-keys.txt"
 PUBLIC_KEY_FILE_JSON="$EXPORT_DIR/public-keys.json"
+ATTESTATION_FILE="$EXPORT_DIR/attestation.json"
+
+# HSM scripts directory
+SCRIPTS_DIR=$ROOT_DIR/scripts
+
+# Directory where the finalized systemd service unit will be saved
+SERVICE_DIR=$ROOT_DIR/service
+
+# HSM scripts directory
+SCRIPTS_DIR=$ROOT_DIR/scripts
+
+# Directory where the finalized systemd service unit will be saved
+SERVICE_DIR=$ROOT_DIR/service
 
 # HSM scripts directory
 SCRIPTS_DIR=$ROOT_DIR/scripts
@@ -139,7 +152,17 @@ function onboard() {
 }
 
 function keys() {
-    $ADMIN pubkeys -o $PUBLIC_KEY_FILE
+    $ADMIN pubkeys -uo $PUBLIC_KEY_FILE
+    error
+}
+
+function attestation() {
+    $ADMIN attestation -o $ATTESTATION_FILE
+    error
+}
+
+function verify_attestation() {
+    $ADMIN verify_attestation -t $ATTESTATION_FILE -b $PUBLIC_KEY_FILE_JSON
     error
 }
 
@@ -161,10 +184,16 @@ echo -e "\e[1;33mOnboarding the powHSM... \e[0m"
 onboard
 echo -e "\e[1;33mOnboarding complete.\e[0m"
 echo
-echo -e "\e[1;32mGathering public keys\e[0m"
+echo -e "\e[1;32mGathering attestation\e[0m"
 createOutputDir
+attestation
+echo
+echo -e "\e[1;32mGathering public keys\e[0m"
 keys
 echo
+echo -e "\e[1;32mVerifying attestation\e[0m"
+verify_attestation
+echo
 echo -e "\e[1;32mStopping the powHSM...\e[0m"
 stopPowHsm
 cleanBinaries

docker/mware/requirements.txt

@@ -810,3 +810,33 @@ yapf==0.40.2 \
 zipp==3.19.2 \
     --hash=sha256:bf1dcf6450f873a13e952a29504887c89e6de7506209e5b1bcc3460135d4de19 \
     --hash=sha256:f091755f667055f2d02b32c53771a7a6c8b47e1fdbc4b72a8b9072b3eef8015c
+cryptography==44.0.0 \
+    --hash=sha256:1923cb251c04be85eec9fda837661c67c1049063305d6be5721643c22dd4e2b7 \
+    --hash=sha256:37d76e6863da3774cd9db5b409a9ecfd2c71c981c38788d3fcfaf177f447b731 \
+    --hash=sha256:3c672a53c0fb4725a29c303be906d3c1fa99c32f58abe008a82705f9ee96f40b \
+    --hash=sha256:404fdc66ee5f83a1388be54300ae978b2efd538018de18556dde92575e05defc \
+    --hash=sha256:4ac4c9f37eba52cb6fbeaf5b59c152ea976726b865bd4cf87883a7e7006cc543 \
+    --hash=sha256:60eb32934076fa07e4316b7b2742fa52cbb190b42c2df2863dbc4230a0a9b385 \
+    --hash=sha256:62901fb618f74d7d81bf408c8719e9ec14d863086efe4185afd07c352aee1d2c \
+    --hash=sha256:660cb7312a08bc38be15b696462fa7cc7cd85c3ed9c576e81f4dc4d8b2b31591 \
+    --hash=sha256:708ee5f1bafe76d041b53a4f95eb28cdeb8d18da17e597d46d7833ee59b97ede \
+    --hash=sha256:761817a3377ef15ac23cd7834715081791d4ec77f9297ee694ca1ee9c2c7e5eb \
+    --hash=sha256:831c3c4d0774e488fdc83a1923b49b9957d33287de923d58ebd3cec47a0ae43f \
+    --hash=sha256:84111ad4ff3f6253820e6d3e58be2cc2a00adb29335d4cacb5ab4d4d34f2a123 \
+    --hash=sha256:8b3e6eae66cf54701ee7d9c83c30ac0a1e3fa17be486033000f2a73a12ab507c \
+    --hash=sha256:9abcc2e083cbe8dde89124a47e5e53ec38751f0d7dfd36801008f316a127d7ba \
+    --hash=sha256:9e6fc8a08e116fb7c7dd1f040074c9d7b51d74a8ea40d4df2fc7aa08b76b9e6c \
+    --hash=sha256:a01956ddfa0a6790d594f5b34fc1bfa6098aca434696a03cfdbe469b8ed79285 \
+    --hash=sha256:abc998e0c0eee3c8a1904221d3f67dcfa76422b23620173e28c11d3e626c21bd \
+    --hash=sha256:b15492a11f9e1b62ba9d73c210e2416724633167de94607ec6069ef724fad092 \
+    --hash=sha256:be4ce505894d15d5c5037167ffb7f0ae90b7be6f2a98f9a5c3442395501c32fa \
+    --hash=sha256:c5eb858beed7835e5ad1faba59e865109f3e52b3783b9ac21e7e47dc5554e289 \
+    --hash=sha256:cd4e834f340b4293430701e772ec543b0fbe6c2dea510a5286fe0acabe153a02 \
+    --hash=sha256:d2436114e46b36d00f8b72ff57e598978b37399d2786fd39793c36c6d5cb1c64 \
+    --hash=sha256:eb33480f1bad5b78233b0ad3e1b0be21e8ef1da745d8d2aecbb20671658b9053 \
+    --hash=sha256:eca27345e1214d1b9f9490d200f9db5a874479be914199194e746c893788d417 \
+    --hash=sha256:ed3534eb1090483c96178fcb0f8893719d96d5274dfde98aa6add34614e97c8e \
+    --hash=sha256:f3f6fdfa89ee2d9d496e2c087cebef9d4fcbb0ad63c40e821b39f74bf48d9c5e \
+    --hash=sha256:f53c2c87e0fb4b0c00fa9571082a057e37690a8f12233306161c8f4b819960b7 \
+    --hash=sha256:f5e7cb1e5e56ca0933b4873c0220a78b773b24d40d186b6738080b73d3d0a756 \
+    --hash=sha256:f677e1268c4e23420c3acade68fac427fffcb8d19d7df95ed7ad17cdef8404f4

docker/sgx/Dockerfile

@@ -1,23 +1,11 @@
-FROM openenclavedockerregistry.azurecr.io/oetools-20.04:2023.11.21100
+FROM openenclavedockerregistry.azurecr.io/oetools-20.04:2024.10.2391
 
 # Install dependencies
 RUN apt-get update && \
     apt-get install -y apt-utils vim && \
     apt-get install -y tar && \
-    apt-get install -y xz-utils && \
     apt-get install -y curl && \
-    apt-get install -y git && \
-    apt-get install -y clang-11 && \
-    apt-get install -y libssl-dev && \
-    apt-get install -y gdb && \
-    apt-get install -y libsgx-enclave-common && \
-    apt-get install -y libsgx-quote-ex && \
-    apt-get install -y libprotobuf17 && \
-    apt-get install -y libsgx-dcap-ql && \
-    apt-get install -y libsgx-dcap-ql-dev && \
-    apt-get install -y az-dcap-client && \
-    apt-get install -y open-enclave && \
-    apt-get install -y gcc && \
+    apt-get install -y open-enclave=0.19.4 && \
     apt-get install -y make
 
 # Create directory to host symlinks to Open Enclave static libraries