Skip to content

chore(tee): remove account key from report data#869

Merged
pbeza merged 17 commits intomainfrom
pab/tee/866-remove-account-key-from-report-data
Aug 19, 2025
Merged

chore(tee): remove account key from report data#869
pbeza merged 17 commits intomainfrom
pab/tee/866-remove-account-key-from-report-data

Conversation

@pbeza
Copy link
Copy Markdown
Contributor

@pbeza pbeza commented Aug 18, 2025

Fixes #866

@pbeza pbeza force-pushed the pab/tee/866-remove-account-key-from-report-data branch from 1ffaf27 to 847c24e Compare August 18, 2025 13:27
@pbeza pbeza force-pushed the pab/tee/866-remove-account-key-from-report-data branch from 847c24e to 9ed1173 Compare August 18, 2025 13:55
@pbeza pbeza requested a review from a user August 18, 2025 14:05
@pbeza pbeza marked this pull request as ready for review August 18, 2025 14:05
@barakeinav1 barakeinav1 self-requested a review August 18, 2025 14:20
ghost
ghost suggested changes Aug 18, 2025
View reviewed changes
Copy link
Copy Markdown

@ghost ghost left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need to update the assets for quote/collateral/etc. in the tests instead of commenting out the tests.

@pbeza
Copy link
Copy Markdown
Contributor Author

pbeza commented Aug 18, 2025
edited
Loading

We'll need to update the assets for quote/collateral/etc. in the tests instead of commenting out the tests.

@barakeinav1 @gilcu3 we need a new quote for this test:

mpc/attestation/tests/test_attestation_verification.rs

Lines 83 to 85 in 9ed1173

// TODO: generate a new quote using the near_p2p_public_key as report data
// #[test]
// fn test_verify_method_signature() {

It needs to be generated the way we do it in this PR:

mpc/tee_authority/src/tee_authority.rs

Lines 259 to 280 in 9ed1173

#[rstest]
#[tokio::test]
async fn test_generate_and_verify_attestation_local(
#[values(true, false)] quote_verification_result: bool,
) {
let tls_key = "ed25519:DcA2MzgpJbrUATQLLceocVckhhAqrkingax4oJ9kZ847"
.parse()
.unwrap();
let report_data = ReportData::V1(ReportDataV1::new(tls_key));
let authority =
TeeAuthority::Local(LocalTeeAuthorityConfig::new(quote_verification_result));
let attestation = authority
.generate_attestation(report_data.clone())
.await
.unwrap();
let timestamp_s = 0u64;
assert_eq!(
attestation.verify(report_data, timestamp_s, &[], &[]),
quote_verification_result
);
}

Could you help me with that, or point me to how I can do it myself?

DSharifi
DSharifi reviewed Aug 19, 2025
View reviewed changes
Comment thread attestation/src/report_data.rs
Comment on lines -137 to -143
let expected_rtmr3 = [
0x90, 0x5f, 0x81, 0x71, 0x7d, 0x9, 0x5f, 0x14, 0xf5, 0x94, 0x47, 0xed, 0xff, 0xe3,
0x3e, 0x1e, 0x3c, 0xe4, 0x85, 0xda, 0xaa, 0x95, 0x3a, 0xc6, 0xfe, 0xb8, 0x21, 0x7f,
0xc6, 0x5a, 0x3d, 0x50, 0xb2, 0x96, 0x2e, 0x41, 0x15, 0xe, 0xb8, 0x53, 0x3b, 0xda,
0xbe, 0xb2, 0x35, 0x49, 0x31, 0x34,
];
assert_eq!(td_report.rt_mr3, expected_rtmr3,);
Copy link
Copy Markdown
Contributor

@DSharifi DSharifi Aug 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I removed this sanity check, as it was effectively testing the dcap crate, and not our code.

DSharifi
DSharifi approved these changes Aug 19, 2025
View reviewed changes
Comment thread attestation/tests/assets/create_assets.sh Outdated
@DSharifi DSharifi enabled auto-merge August 19, 2025 14:07
DSharifi
DSharifi reviewed Aug 19, 2025
View reviewed changes
Comment thread attestation/tests/assets/create_assets.sh Outdated
@DSharifi DSharifi disabled auto-merge August 19, 2025 14:20
pbeza
pbeza commented Aug 19, 2025
View reviewed changes
Comment thread attestation/tests/app_compose.rs Outdated
@pbeza pbeza enabled auto-merge August 19, 2025 14:58
@pbeza pbeza added this pull request to the merge queue Aug 19, 2025
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Aug 19, 2025
@pbeza pbeza added this pull request to the merge queue Aug 19, 2025
Merged via the queue into main with commit 3c9ea0e Aug 19, 2025
15 checks passed
@pbeza pbeza deleted the pab/tee/866-remove-account-key-from-report-data branch August 19, 2025 17:15
barakeinav1 added a commit that referenced this pull request Aug 25, 2025
@pbeza @barakeinav1 @DSharifi
chore(tee): remove account key from report data (#869)
591a894 
Co-authored-by: barakeinav1 <barakeinav@gmail.com>
Co-authored-by: Daniel Sharifi <daniel.sharifi@nearone.org>
Co-authored-by: Daniel Sharifi <40335219+DSharifi@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@DSharifi DSharifi DSharifi approved these changes

@barakeinav1 barakeinav1 barakeinav1 approved these changes

+1 more reviewer
Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Remove account_key from the report_data

3 participants

@pbeza @DSharifi @barakeinav1