Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dcap 04 #1629

Merged
merged 77 commits into from
Apr 11, 2024
Merged

Dcap 04 #1629

merged 77 commits into from
Apr 11, 2024

Conversation

valdok
Copy link
Contributor

@valdok valdok commented Mar 7, 2024

No description provided.

valdok added 28 commits February 8, 2024 08:18
DCAP attestation WIP, implemented relevant ecall/ocalls
d8016e1
ecall_get_attestation_report producing both epid and dcap quotes
6b83605
added internal dcap quote verification method
869a5d8
Added dcap quote collateral retrieval + usage
267855b
Saving dcap collateral to file
773bcd6
ocall_verify_quote_ecdsa: explicit time argument (optional)
4d467ed
ecall_get_attestation_report - producing "combined" attestation
b8e5ccb
Implemented split of combined attestation
5d67634
verify_ra_cert: extracted verify_ra_report
ac809ac
ecall_authenticate_new_node - handling combined cert
62940e7
ecall_authenticate_new_node - fixes, using block time
6c58a8f
Build pipeline updated (dcap link fix)
8ee38ea
Build pipeline updated (2)
d03ce6b
build fix when light-client-validation is not set
37677c3
updated SCRT_RELEASE_BASE_IMAGE
fdfc55a
app.Dockerfile updated. Including dcap runtime
64fa8f1
updated docker reference
f7cf357
warnings fix
e5edfac
node_init script fix (wrt epid+dcap attestation)
f3ce601
ocall_mocks: added new ocall_* methods
c539047
enclave_test build fix
e36f631
node: saving attestation pubkey in a file
62c6672
node: added "dump" command
2ff6e73
node_init script updated
6392792
tests: added dcap attestation
1b7e162
enclave-test build fix
9bdcb6e
enclave_test build fix (2)
a5b57b4
enclave-test build fix (3)
97738f2
Cashmaney
Cashmaney previously requested changes Mar 10, 2024
View reviewed changes
Copy link
Member

@Cashmaney Cashmaney left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, it's quite a bit of code but I think I reviewed most of it. I focused mainly on the stuff inside the enclave since that should be most of the critical path. Either way, I think these comments are a good place to start.

For the most part it looks good - I think especially for someone that hasn't had much experience with Rust it's in a pretty good state.

Some general stuff:

I suggest splitting all the dcap and EPID stuff into different files - it's not entirely clear where one ends and where another begins, and so it's hard to see whether all the code paths that currently rely on epid have been ported to dcap.

We could also use a bit more comments on what exactly is going on here, as all the validation stuff isn't trivial.

Try to use more informative naming where possible (size_dcap_q or size_dcap_s are not great)

If you're using unsafe anywhere you should comment on why you're doing that, and why it's okay - if you're not specifically doing FFI a lot of the times you might find that you're doing something unnecessary

@valdok valdok dismissed Cashmaney’s stale review April 11, 2024 13:26

fixed (mostly)

@valdok valdok marked this pull request as ready for review April 11, 2024 13:27
@valdok valdok merged commit 819f054 into master Apr 11, 2024
12 of 13 checks passed
@valdok valdok deleted the dcap-04 branch April 11, 2024 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Cashmaney Cashmaney Cashmaney left review comments

@toml01 toml01 Awaiting requested review from toml01 toml01 is a code owner

@assafmo assafmo Awaiting requested review from assafmo

@liorbond liorbond Awaiting requested review from liorbond liorbond is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@valdok @Cashmaney