feat: add move entry function for verify attestation #20870
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
2 Skipped Deployments
|
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
55e7db4 to
b723402
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
sui-execution/latest/sui-move-natives/src/crypto/nitro_attestation.rs
Outdated
Show resolved
Hide resolved
crates/sui-framework/packages/sui-framework/sources/crypto/nitro_attestation.move
Show resolved
Hide resolved
joyqvq
force-pushed
the
joy/attestation
branch
4 times, most recently
from
fe48069 to
0808288
Compare
joyqvq
force-pushed
the
joy/move-attestation
branch
from
b723402 to
dd15b47
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
dd15b47 to
844babe
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/attestation
branch
from
0808288 to
391f1a4
Compare
joyqvq
force-pushed
the
joy/attestation
branch
2 times, most recently
from
ae78b72 to
4079db6
Compare
joyqvq
force-pushed
the
joy/move-attestation
branch
from
279ca0f to
958992f
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
3da6bd7 to
d8e4a47
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
sui-execution/latest/sui-move-natives/src/crypto/nitro_attestation.rs
Outdated
Show resolved
Hide resolved
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
changed the title
joyqvq
force-pushed
the
joy/move-attestation
branch
from
d8e4a47 to
3bcae14
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
3bcae14 to
085d87e
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
085d87e to
6922f31
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
joyqvq
force-pushed
the
joy/move-attestation
branch
from
6922f31 to
4d77ed7
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
crates/sui-framework/packages/sui-framework/sources/crypto/nitro_attestation.move
Outdated
Show resolved
Hide resolved
crates/sui-framework/packages/sui-framework/sources/crypto/nitro_attestation.move
Outdated
Show resolved
Hide resolved
| module_id: vector<u8>, | ||
| timestamp: u64, | ||
| digest: vector<u8>, | ||
| pcrs: vector<vector<u8>>, |
There was a problem hiding this comment.
there is some meaning to the order, no? if simple, let's document it, else let's define this type explicitly
There was a problem hiding this comment.
are we sure that PCR6 for example won't be added in the future? if not, should we store a vector of PCR { index: u8, data: vector}
There was a problem hiding this comment.
let pcrs = match document_map
.iter()
.find(|(k, _)| matches!(k, ciborium::value::Value::Text(s) if s == "pcrs"))
{
Some((_, ciborium::value::Value::Map(pcr_map))) => {
let mut pcr_vec = Vec::new();
// Valid PCR indices are 0, 1, 2, 3, 4, 8 for AWS.
for i in [0, 1, 2, 3, 4, 8] {
if let Some((_, ciborium::value::Value::Bytes(val))) = pcr_map.iter().find(
|(k, _)| matches!(k, ciborium::value::Value::Integer(n) if *n == i.into()),
) {
pcr_vec.push(val.clone());
} else {
return Err(NitroAttestationVerifyError::InvalidAttestationDoc(
"invalid PCR format".to_string(),
));
}
}
pcr_vec
}
_ => {
return Err(NitroAttestationVerifyError::InvalidAttestationDoc(
"cannot parse PCRs".to_string(),
))
}
};
we currently hardcode the index for 0, 1, 2, 3, 4, 8. there are all zero values in other indices and there are 26 of them. while we can parse all of them and return, this will be a quadratic lookup to look at all pcr values, my worry is that there is no limit on the number of pcr values.
| /// @param clock: the clock object. | ||
| /// | ||
| /// Returns parsed NitroAttestationDocument after verifying the attestation. | ||
| public fun verify_nitro_attestation( |
There was a problem hiding this comment.
| public fun verify_nitro_attestation( | |
| entry fun load_nitro_attestation( |
There was a problem hiding this comment.
iiuc this forbids other move module to call this? i would think its useful to expose it?
There was a problem hiding this comment.
yes, other modules cannot call it, but in which use case do we need that? it's a user provided data.
as an entry function we have the flexibility to change the interface later if we like
There was a problem hiding this comment.
its user provided data, but the output are consumed by the caller module which should check the rest like verifying the public key == user data and the signature verifies, and all pcrs match the registry?
https://github.com/MystenLabs/enclave-twitter/blob/main/move/sources/twitter.move#L25
There was a problem hiding this comment.
that function could receive NitroAttestationDocument as an output a previous PTB command
| /// @param attestation: attesttaion documents bytes data. | ||
| /// @param clock: the clock object. | ||
| /// | ||
| /// Returns parsed NitroAttestationDocument after verifying the attestation. |
There was a problem hiding this comment.
also document the errors in case of expired cert, etc
There was a problem hiding this comment.
all verify error is currently casted to a generic VerifyError. any reason this should be more specific?
There was a problem hiding this comment.
sounds ok, let's have that error documented here
| use sui::test_scenario; | ||
|
|
||
| #[test] | ||
| fun test_nitro_attestation() { |
There was a problem hiding this comment.
once we stabilize the move interface, let's test also:
- old cert
- invalid structs
- invalid cert sig
There was a problem hiding this comment.
a related question, do you think the tests should exist twice in both move and sui-type? or we should port all sui-types tests here? agreed to add more tests. it will be quite involved (i need a mock signer in cert) so good to do it in a separate pr
There was a problem hiding this comment.
I see, if we cover those cases in the Rust tests then indeed it's enough. Let's only test here the flows of the native call, i.e.,:
- parsing fails (with a hardcoded string)
- parsing succeeds, verification fails
- everything is good
| // Encapsulate as a lambda and call to allow us to capture any `Err` returns. | ||
| // Could do this with `and_then` as well if desired. | ||
| let result = || { | ||
| Ok(Value::struct_(Struct::pack(vec
joyqvq
force-pushed
the
joy/move-attestation
branch
from
4d77ed7 to
63ca043
Compare
joyqvq
temporarily deployed
to
sui-typescript-aws-kms-test-env
GitHub Actions
Inactive
| module_id: vector<u8>, | ||
| timestamp: u64, | ||
| digest: vector<u8>, | ||
| pcrs: vector<vector<u8>>, |
There was a problem hiding this comment.
are we sure that PCR6 for example won't be added in the future? if not, should we store a vector of PCR { index: u8, data: vector}
| verify_nitro_attestation_internal(attestation, clock::timestamp_ms(clock)) | ||
| } | ||
|
|
||
| public fun module_id(attestation: &NitroAttestationDocument): vector<u8> { |
There was a problem hiding this comment.
should this (and below) be ref?
Description
Describe the changes or additions included in this PR.
Test plan
sui replay:
Release notes
Check each box that your changes affect. If none of the boxes relate to your changes, release notes aren't required.
For each box you select, include information after the relevant heading that describes the impact of your changes that a user might notice and any actions they must take to implement updates.