In production, generate TDX quote using configfs-tsm

entropyxyz · Sep 7, 2024 · 559d015 · 559d015
1 parent 837aa55
commit 559d015
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 10 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/threshold-signature-server/Cargo.toml b/crates/threshold-signature-server/Cargo.toml
@@ -72,6 +72,7 @@ sha2             ="0.10.8"
 hkdf             ="0.12.4"
 project-root     ={ version="0.2.2", optional=true }
 tdx-quote        ={ git="https://github.com/entropyxyz/tdx-quote", optional=true, features=["mock"] }
+configfs-tsm     ={ git="https://github.com/entropyxyz/configfs-tsm" }
 
 [dev-dependencies]
 serial_test ="3.1.1"

diff --git a/crates/threshold-signature-server/src/attestation/api.rs b/crates/threshold-signature-server/src/attestation/api.rs
@@ -97,14 +97,24 @@ pub async fn create_quote(
     Ok(quote)
 }
 
-/// Once implemented, this will create a TDX quote in production
+/// Create a TDX quote in production
 #[cfg(not(any(test, feature = "unsafe")))]
 pub async fn create_quote(
-    _block_number: u32,
-    _nonce: [u8; 32],
-    _signer: &PairSigner<EntropyConfig, sp_core::sr25519::Pair>,
-    _x25519_secret: &StaticSecret,
+    block_number: u32,
+    nonce: [u8; 32],
+    signer: &PairSigner<EntropyConfig, sp_core::sr25519::Pair>,
+    x25519_secret: &StaticSecret,
 ) -> Result<Vec<u8>, AttestationErr> {
-    // Non-mock attestation (the real thing) will go here
-    Err(AttestationErr::NotImplemented)
+    let public_key = x25519_dalek::PublicKey::from(x25519_secret);
+
+    let input_data = entropy_shared::QuoteInputData::new(
+        signer.signer().public(),
+        *public_key.as_bytes(),
+        nonce,
+        block_number,
+    );
+
+    Ok(configfs_tsm::create_quote(input_data.0)?)
+    // // Non-mock attestation (the real thing) will go here
+    // Err(AttestationErr::NotImplemented)
 }
diff --git a/crates/threshold-signature-server/src/attestation/errors.rs b/crates/threshold-signature-server/src/attestation/errors.rs
@@ -27,9 +27,6 @@ pub enum AttestationErr {
     GenericSubstrate(#[from] subxt::error::Error),
     #[error("User Error: {0}")]
     UserErr(#[from] crate::user::UserErr),
-    #[cfg(not(any(test, feature = "unsafe")))]
-    #[error("Not yet implemented")]
-    NotImplemented,
     #[error("Input must be 32 bytes: {0}")]
     TryFromSlice(#[from] TryFromSliceError),
     #[error("Could not get block number")]
@@ -40,6 +37,9 @@ pub enum AttestationErr {
     Unexpected,
     #[error("Could not decode message: {0}")]
     Codec(#[from] parity_scale_codec::Error),
+    #[cfg(not(any(test, feature = "unsafe")))]
+    #[error("Quote generation: {0}")]
+    QuoteGeneration(#[from] std::io::Error),
 }
 
 impl IntoResponse for AttestationErr {