feat: Sign TeeProof in notary
#477
Conversation
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
5 times, most recently
from
caf3c24 to
ae9adf2
Compare
There was a problem hiding this comment.
Left some feedback for you. Good work! I think that this cleaned up a lot.
I also think another review would be good from @mattes or @lonerapier perhaps to make sure I'm not missing anything.
|
|
||
| let response = ManifestResponse::from_payload(&response_header, &response_body)?; | ||
| debug!("{:?}", response); | ||
| // TODO: Should TeeProof and other proofs be moved to `proofs` crate? |
There was a problem hiding this comment.
proofs crate is really for working with client-side-prover and doing NIVC folding proofs. So, no, not in my opinion.
We're going to pull that crate out of here eventually (probably)
| let response = ManifestResponse::from_payload(&response_header, &response_body)?; | ||
| debug!("{:?}", response); | ||
| // TODO: Should TeeProof and other proofs be moved to `proofs` crate? | ||
| // Otherwise, adding TeeProof::manifest necessitates extra dependencies on the client |
There was a problem hiding this comment.
maybe we need something like a web-prover-core crate or something. I see what you mean. Given the way we want to abstract the proofs crate, we wouldn't want any of our specific manifest stuff in there anyway. Good comments
There was a problem hiding this comment.
Created: #490
|
|
||
| /// Check if `manifest`, `request`, and `response` all fulfill requirements necessary for | ||
| /// a proof to be created | ||
| fn validate_notarization_legal( |
There was a problem hiding this comment.
in here we also need to check the JSON path exists and contains a value?
There was a problem hiding this comment.
I think this is what should happen in <Request|Response>.is_subset_of. Currently, they match the existence of keys and not the value. I can address this one case in this PR but I'd rather start working on the "condition DSL" straight away instead:
web-prover/proofs/src/program/http.rs
Lines 188 to 195 in ae9adf2
There was a problem hiding this comment.
Created: #491
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
3 times, most recently
from
49968a1 to
e844774
Compare
notary/src/tee.rs
Outdated
| let to_sign = VerifyReply { | ||
| value: format!("0x{}", hex::encode(manifest_hash)), | ||
| manifest: manifest.clone(), | ||
| }; | ||
| let origo_sig = sign_verification(to_sign, State(state)).unwrap(); | ||
| let as_bytes = hex::decode(&origo_sig.signature[2..]).unwrap(); | ||
| let signature = hex::encode(&as_bytes); | ||
| Ok(TeeProof { data, signature }) |
There was a problem hiding this comment.
This is pretty close to what I was using for verification in the contracts for the origo flow. Is there a change we could match it up? Essentially we return this object here:
web-prover/client/src/origo.rs
Line 35 in 586c8ab
where the leaves are a 32byte hash of the value and a 32byte hash of the manifest, Then the digest is the root.
There was a problem hiding this comment.
Should this be the same struct, SignedVerificationReply for some reason (compatibility between modes, onchain verification, etc)?
There was a problem hiding this comment.
If we are able to keep it the same struct our on-chain logic will work with it which is nice. If we can use the same hashing and signing logic we used for the origo mode to populate the struct then it should work with the contract verification seamlessly
There was a problem hiding this comment.
So we should have the Tee proof return a SignedVerificationReply and the Data
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
3 times, most recently
from
440ac27 to
a9f74ca
Compare
|
The wasm issue is resolved by merging latest main. |
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
from
a9f74ca to
170fb96
Compare
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
2 times, most recently
from
ebc259b to
f500c5d
Compare
notary/src/origo.rs
Outdated
| .unwrap() | ||
| .insert(query.session_id.to_string(), VerifierInputs { request_messages, response_messages }); | ||
| state.verifier_sessions.lock().unwrap().insert(query.session_id.to_string(), VerifierInputs { | ||
| request_messages: request_messages.clone(), |
There was a problem hiding this comment.
why needing a clone here?
There was a problem hiding this comment.
Good catch, it's not needed. Probably an artifact of some refactor I missed.
| @@ -82,6 +82,24 @@ pub struct Manifest { | |||
| pub response: ManifestResponse, | |||
There was a problem hiding this comment.
do you think we can move manifest completely out of proofs into a web-prover-core as @Autoparallel mentioned, and just keep origo related inputs code in proofs crate?
maybe we can create a origoManifest on top of Manifest separately?
There was a problem hiding this comment.
I think the separation between Origo and TEE/Proxy manifest makes sense.
Created: #490
piotr-roslaniec
force-pushed
the
feat/sign-tee-proof
branch
from
f500c5d to
393b1d3
Compare
|
Thanks everyone for looking into this. I received more feedback for the draft than I anticipated, so if there are no other comments (and the tests pass) we are good to merge. |
mainwith a bunch of squashed commits, hence the commit history may look weird (first few)TeeProofby re-using signing logic from Origotokio::codecweb-prover-corecrate #490