diff --git a/tee-worker/enclave-runtime/src/attestation.rs b/tee-worker/enclave-runtime/src/attestation.rs
index 45f3a4b2ef..5b7f7ded3a 100644
--- a/tee-worker/enclave-runtime/src/attestation.rs
+++ b/tee-worker/enclave-runtime/src/attestation.rs
@@ -58,7 +58,6 @@ use sgx_types::*;
use sp_core::Pair;
use sp_runtime::OpaqueExtrinsic;
use std::{prelude::v1::*, slice, vec::Vec};
-use teerex_primitives::SgxAttestationMethod;
#[no_mangle]
pub unsafe extern "C" fn get_mrenclave(mrenclave: *mut u8, mrenclave_size: usize) -> sgx_status_t {
@@ -322,12 +321,11 @@ pub fn generate_dcap_ra_extrinsic_from_quote_internal(
.get_from_metadata(|m| m.register_enclave_call_indexes())?
.map_err(MetadataProviderError::MetadataError)?;
info!(" [Enclave] Compose register enclave call DCAP IDs: {:?}", call_ids);
- let call = OpaqueCall::from_tuple(&(
- call_ids,
- quote,
- Some(url),
- SgxAttestationMethod::Dcap { proxied: false },
- ));
+
+ let shielding_pubkey = get_shielding_pubkey()?;
+ let vc_pubkey = get_vc_pubkey()?;
+
+ let call = OpaqueCall::from_tuple(&(call_ids, quote, url, shielding_pubkey, vc_pubkey));
info!(" [Enclave] Compose register enclave got extrinsic, returning");
create_extrinsics(call)
@@ -344,12 +342,11 @@ pub fn generate_dcap_skip_ra_extrinsic_from_mr_enclave(
.get_from_metadata(|m| m.register_enclave_call_indexes())?
.map_err(MetadataProviderError::MetadataError)?;
info!(" [Enclave] Compose register enclave (skip-ra) call DCAP IDs: {:?}", call_ids);
- let call = OpaqueCall::from_tuple(&(
- call_ids,
- quote,
- Some(url),
- SgxAttestationMethod::Skip { proxied: false },
- ));
+
+ let shielding_pubkey = get_shielding_pubkey()?;
+ let vc_pubkey = get_vc_pubkey()?;
+
+ let call = OpaqueCall::from_tuple(&(call_ids, quote, url, shielding_pubkey, vc_pubkey));
info!(" [Enclave] Compose register enclave (skip-ra) got extrinsic, returning");
create_extrinsics(call)
@@ -376,29 +373,8 @@ pub fn generate_ias_ra_extrinsic_from_der_cert_internal(
.get_from_metadata(|m| m.register_enclave_call_indexes())?
.map_err(MetadataProviderError::MetadataError)?;
- let shielding_pubkey = GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT
- .get()?
- .retrieve_key()
- .and_then(|keypair| {
- keypair
- .export_pubkey()
- .and_then(|pubkey| {
- serde_json::to_vec(&pubkey).map_err(|e| SgxCryptoError::Serialization(e).into())
- })
- .map_err(|e| SgxCryptoError::Other(Box::new(e)))
- })
- .ok();
- debug!("[Enclave] shielding_pubkey size: {:?}", shielding_pubkey.clone().map(|key| key.len()));
-
- let vc_pubkey = GLOBAL_SHIELDING_KEY_REPOSITORY_COMPONENT
- .get()?
- .retrieve_key()
- .and_then(|keypair| {
- // vc signing pubkey
- keypair.derive_ed25519().map(|keypair| keypair.public().to_vec())
- })
- .ok();
- debug!("[Enclave] VC pubkey: {:?}", vc_pubkey);
+ let shielding_pubkey = get_shielding_pubkey()?;
+ let vc_pubkey = get_vc_pubkey()?;
let call = OpaqueCall::from_tuple(&(call_ids, cert_der, url, shielding_pubkey, vc_pubkey));
@@ -542,3 +518,37 @@ pub unsafe extern "C" fn dump_dcap_collateral_to_disk(
collateral.dump_to_disk();
sgx_status_t::SGX_SUCCESS
}
+
+fn get_shielding_pubkey() -> EnclaveResult