Skip to content

Add support for signed output from runtime#256

Merged
bendecoste merged 12 commits intomainfrom
ben/verified-results
Mar 27, 2023
Merged

Add support for signed output from runtime#256
bendecoste merged 12 commits intomainfrom
ben/verified-results

Conversation

@bendecoste
Copy link
Member

@bendecoste bendecoste commented Mar 27, 2023
edited
Loading

Runtime now returns a PSS-signed bundle of checksums with a run result. The bundle looks like

{
  ...
  "checksums": {
    "input": sha-256,
    "output": sha-256,
    "function": sha-256,
  }
}

Where the input is the input into the function, the output is the result from the function, and the function is the function itself. All of these are hashed with sha-256.

That checksum bundle (as json) is then hashed with sha-256 and pss-signed using a private key that is generated by the enclave for the purpose of signing. The public key is returned in the user data field of the attestation document as signature_verification_public_key (it is not the key in the public key field of the attestation document).

This verification will automatically happen when a function is ran now.

You can also use -o json to see all of this information. E.g.,

$ cape run bendecoste/isprime 13 -o json -v
{
  "output": "13 is prime",
  "checksums": {
    "input": "P9ujXwTcjEYphsmSvPh1VGJXETByqQnBYvfkcOWB4ng=",
    "function": "ZnMeXM8iZoDdXJih0a1St6TJhphAQtBnLY8xUxMLNKg=",
    "output": "42kYy2Cf1YAOs3sdYIA1lKTWzclzPTCK1xVLBG6CQ6c="
  },
  "signed_results": "1tAEd4/RZNEFTDA+tinyd3idiWkPVxxHjgraNCH14dWDRMP3YpW0Em1DKI28YhyTESJqXDQPtBxyi6jJPuQj3qQVAtoItfamOeOotvR4hg0qmYcDn1CG5mlQlGIFRrW9zxJaBKg/zcaYhMeMeQS+cZ3U/C7R/ft8ejtJIddjj4wiMlCSBC2Ad5ESXNTug/rx1VBucD0f0GNrT9O0x/B59N/l/uyvTamNoRoFhD2LGtwnDHw8ykhp62CN7aAu5nNK8mfexblhDeOW8HPIYyEVVO0cH+KtHN+5/FRQbKzqxrETdDzD+F8rYwmTABsvwWpYxLnh5Kg3C5s3DFafhgh+jw==",
  "attestation_doc": {
    "ModuleID": "i-052a8c27984ef88ca-enc018723790c2c521d",
    "Timestamp": 1679927403526,
    "Digest": "SHA384",
    "PCRs": {
      "0": "4yLjGdE4ej0y2ml35t7qzNVOPwpYkAa+xFMXnkqCvST3JddU6oMh0mVbEPDHixVq",
      "1": "vN8F/vzKqOVb8sjW3unnm7/zHjS/KKmaoZ5rKcN+6AshSkFLdgcjbt8m/LeGVOY/",
      "10": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "11": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "12": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "13": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "14": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "15": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "2": "ydi9MvpCn+NTDWqmsMVlCTtEK0x1KqJTaHxFaeGyopBNv4ztg2OTis25B4OULRSX",
      "3": "wQR+bevEgkHMlE1ltymBRU1A5buIWdW3QWGq64r7PqYf5AA/gsYAbe0lXZ4knq27",
      "4": "9ET1xUbL5Sh11Qudz7wx+MmlghGlbOwixKs03kQTUiNzlLsNTwpuNdBgOolQryfj",
      "5": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "6": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "7": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",
      "8": "bx/w8qegscTgKjpUTrD/Lf+4spIriQjUY2XA8BIJNAkhSew1gUyNlE7xuPtWS0bH",
      "9": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
    },
    "Certificate": "MIICejCCAgGgAwIBAgIQAYcjeQwsUh0AAAAAZCGoajAKBggqhkjOPQQDAzCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTkwNwYDVQQDDDBpLTA1MmE4YzI3OTg0ZWY4OGNhLnVzLWVhc3QtMS5hd3Mubml0cm8tZW5jbGF2ZXMwHhcNMjMwMzI3MTQyOTU5WhcNMjMwMzI3MTczMDAyWjCBkzELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMT4wPAYDVQQDDDVpLTA1MmE4YzI3OTg0ZWY4OGNhLWVuYzAxODcyMzc5MGMyYzUyMWQudXMtZWFzdC0xLmF3czB2MBAGByqGSM49AgEGBSuBBAAiA2IABLN1nuyYiv6OFlFf+eXn2wPJ6XQ9hkZoeQbqL6eP39h/clTuoiB9xh+n+qB14GbRKOgfCdJKJnflAiN29JyXF/mQWq7F+ZSNXasgKiobby5mpWpYzqTyPv4EVzC9t+Jy/aMdMBswDAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCBsAwCgYIKoZIzj0EAwMDZwAwZAIwPjvi9VhudZblPR3G0ISAvPkGjldBQe77Z6uLXIjU1n7JQTjToZVirEJurI72b/5HAjBXnRzRCK1KFA3BSzUPoKQOGAkBx2jxqgIAMBocT2lseIuzTm2GrxIj+gyvyqRa+zM=",
    "Cabundle": [
      "MIICETCCAZagAwIBAgIRAPkxdWgbkK/hHUbMtOTn+FYwCgYIKoZIzj0EAwMwSTELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRswGQYDVQQDDBJhd3Mubml0cm8tZW5jbGF2ZXMwHhcNMTkxMDI4MTMyODA1WhcNNDkxMDI4MTQyODA1WjBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczB2MBAGByqGSM49AgEGBSuBBAAiA2IABPwCVOumCMHzaHDimtqQvkY4MpJzbolL//Zy2YlES1BR5TSksfbb48C8WBoyt7F2Bw7eEtaaP+ohG2bnUs990d0JX28TcPQXCEPZ3BABIeTPYwEoCWZEh8l5YoQwTcU/9KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUkCW1DdkFR+eWw5b6cp3PmanfS5YwDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMDA2kAMGYCMQCjfy+Rocm9Xue4YnwWmNJVA44fA0P5W2OpYow9OYCVRaEevL8uO1XYru5xtMPWrfMCMQCi85sWBbJwKKXdS6BptQFuZbT73o/gBh1qUxl/nNr12UO8Yfwr6wPLb+6NIwLz3/Y=",
      "MIICvzCCAkWgAwIBAgIRAKa6HsshxbV494xFZb+YTcswCgYIKoZIzj0EAwMwSTELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMRswGQYDVQQDDBJhd3Mubml0cm8tZW5jbGF2ZXMwHhcNMjMwMzIxMjAwNzQ1WhcNMjMwNDEwMjEwNzQ1WjBkMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxNjA0BgNVBAMMLWJhNDQxZDdjODdiMTZmYzYudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczB2MBAGByqGSM49AgEGBSuBBAAiA2IABF7IFhaX0bf+vCOspd/wQ5XlafWY+IKgo2Z0oKy768G7IkVY/dU9IEMvoCjSvsb/RWWeBKiCO80BJ9O2jm31Bq6MG0I06v+nCFE+NcqEHVYTOX4mT/Gjkg8H4XtJDi4t2qOB1TCB0jASBgNVHRMBAf8ECDAGAQH/AgECMB8GA1UdIwQYMBaAFJAltQ3ZBUfnlsOW+nKdz5mp30uWMB0GA1UdDgQWBBRMzctbj6D15pn52Cl4XKTl9LNXFTAOBgNVHQ8BAf8EBAMCAYYwbAYDVR0fBGUwYzBhoF+gXYZbaHR0cDovL2F3cy1uaXRyby1lbmNsYXZlcy1jcmwuczMuYW1hem9uYXdzLmNvbS9jcmwvYWI0OTYwY2MtN2Q2My00MmJkLTllOWYtNTkzMzhjYjY3Zjg0LmNybDAKBggqhkjOPQQDAwNoADBlAjAbiW8Wa2HqGUYtxXz50N0kIrdYonXOFWHWgZsjs2kqXl3BC7+p5u3CMGMxr4UQR8UCMQCB83aeUGuFRUS4jQW1bgtPyRNmpkXH3ZRvuqXzRKwmH5q33hBUePziW1K7j94cXGA=",
      "MIIDEzCCApmgAwIBAgIQUdRZ7yRYNMs/fZGI1RVx/jAKBggqhkjOPQQDAzBkMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxNjA0BgNVBAMMLWJhNDQxZDdjODdiMTZmYzYudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczAeFw0yMzAzMjYxNjAzNDRaFw0yMzA0MDEwNTAzNDRaMIGIMTswOQYDVQQDDDIyNmM1ZGVhM2U5M2Y1MDYuem9uYWwudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczEMMAoGA1UECwwDQVdTMQ8wDQYDVQQKDAZBbWF6b24xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABHZNteit0Fq7BqTukkiPEE4EFrgrQGyQIq+/hTGqS5/UlyplhXP3f6e8YA1Rc5nHU+uIGMxz3X29gtoVB5fsnCJLHn32jMsTHfEIOoAk/QkjfBC8VQKdTMMezi1dMcNOCKOB6jCB5zASBgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFEzNy1uPoPXmmfnYKXhcpOX0s1cVMB0GA1UdDgQWBBSib6mnK9xx4980nDnxkUH1TdOMNTAOBgNVHQ8BAf8EBAMCAYYwgYAGA1UdHwR5MHcwdaBzoHGGb2h0dHA6Ly9jcmwtdXMtZWFzdC0xLWF3cy1uaXRyby1lbmNsYXZlcy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9jcmwvOWRmNjYyY2ItNDAyZi00YmRmLTkzMjUtMDVlZjliYzUwMTA4LmNybDAKBggqhkjOPQQDAwNoADBlAjEAwaW6rXIYr49pqadHhGAnPJan7F9meojh4zpwIww9+Sm8zIZQ4N8gyC4+0f3TNPGjAjAk9kzQYtQiuxu5YUxLgbH6HsZhUkxDPZW+rxCmRTIkR0iDOJosNw+URWNTeyZW0u0=",
      "MIICfTCCAgOgAwIBAgIUILG0precAiHF7fQMQeSCeHGioTAwCgYIKoZIzj0EAwMwgYgxOzA5BgNVBAMMMjI2YzVkZWEzZTkzZjUwNi56b25hbC51cy1lYXN0LTEuYXdzLm5pdHJvLWVuY2xhdmVzMQwwCgYDVQQLDANBV1MxDzANBgNVBAoMBkFtYXpvbjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMB4XDTIzMDMyNzAyMzYwNVoXDTIzMDMyODAyMzYwNVowgY4xCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzE5MDcGA1UEAwwwaS0wNTJhOGMyNzk4NGVmODhjYS51cy1lYXN0LTEuYXdzLm5pdHJvLWVuY2xhdmVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEjbuOjnPxTm7N7/gGDy4xlgunhNhmKLMekYotzUYObviiWiB9JGD7Ckn2/oEkeuB2GkDtgUFyJrKlAWw3YZdnRxQbVWFvUgYf1s9yCy3uk1WBuavUcCMrfYQl+T+Jd8bYoyYwJDASBgNVHRMBAf8ECDAGAQH/AgEAMA4GA1UdDwEB/wQEAwICBDAKBggqhkjOPQQDAwNoADBlAjEAp+5rFGAbdgeR263AoBpMLP6HC5KG4Yiz5MWlpL4nhzlO/aV/PEpd8gdtjVUoRmwDAjAqIa3E0YJS84AEdBBzvHp9TfnHHKwqPxKr1yC+dscnYY+/mFsiBM2qYyiLSwNv8yE="
    ],
    "PublicKey": "2P5SmT86r6PnUbblWXQe1Xshhq76e/SAIODTrXhWcD4=",
    "UserData": "eyJmdW5jX2NoZWNrc3VtIjoiWm5NZVhNOGlab0RkWEppaDBhMVN0NlRKaHBoQVF0Qm5MWTh4VXhNTE5LZz0iLCJrZXlfY2hlY2tzdW0iOiJOeHRMM1EzMVRVMWJnc2NXMTI0MEFPR0ZUVnZSdVpMeGFrVFlBbThJZVBjPSIsInNpZ25hdHVyZV92ZXJpZmljYXRpb25fcHVibGljX2tleSI6Ik1JSUJDZ0tDQVFFQTdRNWovSEV3WFpxKzE3VGx1Vm8yZTc2Q2FPWmtsR09iQ0VvdlRuOERmT0FFVVc1RkczTldsRUUvc2REc0VhK3EvamwwMUxqQ2hPU3ROamJVTDVFRndnL1pFek83NFFwbU1rRUdkV2U0V3FjeXJORWVlWmJmSXR5OGc4WTJpMERTZG5ZRGRrNU5nNmZqWkI4cHIzaTBTWkdQNE5ZV0NFQkcrUFVqZm91WHB4cFBtZEJkcFUxcUdISGJHaDF1d1lEbExTTzkwUXdpRUdQNlpmbmt4YVEwMmk5QlloUWQ1L2VLTERPOTVpY3dwd2dXeFlXNXNKb3ZSbmtYUDZwZ0g0TzhoVi9yNG0xMGdjc3VLY3puM0tIdHR1UjBwd3VCZXRQRXpyY3NuWlQzdmFFY3lzQ1pRb1p0STA3RGVJVTYwRitYeE1aYnVrN042QS9xQXpkT0o5dm5XUUlEQVFBQiJ9",
    "Nonce": "WEoyK1dwRFJlMG9mVDZTa0t4UmtpUT09"
  },
  "raw_attestation_doc": "hEShATgioFkTBalpbW9kdWxlX2lkeCdpLTA1MmE4YzI3OTg0ZWY4OGNhLWVuYzAxODcyMzc5MGMyYzUyMWRmZGlnZXN0ZlNIQTM4NGl0aW1lc3RhbXAbAAABhyN55AZkcGNyc7AAWDDjIuMZ0Th6PTLaaXfm3urM1U4/CliQBr7EUxeeSoK9JPcl11TqgyHSZVsQ8MeLFWoBWDC83wX+/Mqo5VvyyNbe6eebv/MeNL8oqZqhnmspw37oCyFKQUt2ByNu3yb8t4ZU5j8CWDDJ2L0y+kKf41MNaqawxWUJO0QrTHUqolNofEVp4bKikE2/jO2DY5OKzbkHg5QtFJcDWDDBBH5t68SCQcyUTWW3KYFFTUDlu4hZ1bdBYarrivs+ph/kAD+CxgBt7SVdniSerbsEWDD0RPXFRsvlKHXVC53PvDH4yaWCEaVs7CLEqzTeRBNSI3OUuw1PCm410GA6iVCvJ+MFWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIWDBvH/Dyp6CxxOAqOlROsP8t/7iykiuJCNRjZcDwEgk0CSFJ7DWBTI2UTvG4+1ZLRscJWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPWDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABrY2VydGlmaWNhdGVZAn4wggJ6MIICAaADAgECAhABhyN5DCxSHQAAAABkIahqMAoGCCqGSM49BAMDMIGOMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxOTA3BgNVBAMMMGktMDUyYThjMjc5ODRlZjg4Y2EudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczAeFw0yMzAzMjcxNDI5NTlaFw0yMzAzMjcxNzMwMDJaMIGTMQswCQYDVQQGEwJVUzETMBEGA1UECAwKV2FzaGluZ3RvbjEQMA4GA1UEBwwHU2VhdHRsZTEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxPjA8BgNVBAMMNWktMDUyYThjMjc5ODRlZjg4Y2EtZW5jMDE4NzIzNzkwYzJjNTIxZC51cy1lYXN0LTEuYXdzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEs3We7JiK/o4WUV/55efbA8npdD2GRmh5Buovp4/f2H9yVO6iIH3GH6f6oHXgZtEo6B8J0komd+UCI3b0nJcX+ZBarsX5lI1dqyAqKhtvLmalaljOpPI+/gRXML234nL9ox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIGwDAKBggqhkjOPQQDAwNnADBkAjA+O+L1WG51luU9HcbQhIC8+QaOV0FB7vtnq4tciNTWfslBONOhlWKsQm6sjvZv/kcCMFedHNEIrUoUDcFLNQ+gpA4YCQHHaPGqAgAwGhxPaWx4i7NObYavEiP6DK/KpFr7M2hjYWJ1bmRsZYRZAhUwggIRMIIBlqADAgECAhEA+TF1aBuQr+EdRsy05Of4VjAKBggqhkjOPQQDAzBJMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxGzAZBgNVBAMMEmF3cy5uaXRyby1lbmNsYXZlczAeFw0xOTEwMjgxMzI4MDVaFw00OTEwMjgxNDI4MDVaMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE/AJU66YIwfNocOKa2pC+RjgyknNuiUv/9nLZiURLUFHlNKSx9tvjwLxYGjK3sXYHDt4S1po/6iEbZudSz33R3QlfbxNw9BcIQ9ncEAEh5M9jASgJZkSHyXlihDBNxT/0o0IwQDAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQJbUN2QVH55bDlvpync+Zqd9LljAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaQAwZgIxAKN/L5Ghyb1e57hifBaY0lUDjh8DQ/lbY6lijD05gJVFoR68vy47Vdiu7nG0w9at8wIxAKLzmxYFsnAopd1LoGm1AW5ltPvej+AGHWpTGX+c2vXZQ7xh/CvrA8tv7o0jAvPf9lkCwzCCAr8wggJFoAMCAQICEQCmuh7LIcW1ePeMRWW/mE3LMAoGCCqGSM49BAMDMEkxCzAJBgNVBAYTAlVTMQ8wDQYDVQQKDAZBbWF6b24xDDAKBgNVBAsMA0FXUzEbMBkGA1UEAwwSYXdzLm5pdHJvLWVuY2xhdmVzMB4XDTIzMDMyMTIwMDc0NVoXDTIzMDQxMDIxMDc0NVowZDELMAkGA1UEBhMCVVMxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTYwNAYDVQQDDC1iYTQ0MWQ3Yzg3YjE2ZmM2LnVzLWVhc3QtMS5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAReyBYWl9G3/rwjrKXf8EOV5Wn1mPiCoKNmdKCsu+vBuyJFWP3VPSBDL6Ao0r7G/0VlngSogjvNASfTto5t9QaujBtCNOr/pwhRPjXKhB1WEzl+Jk/xo5IPB+F7SQ4uLdqjgdUwgdIwEgYDVR0TAQH/BAgwBgEB/wIBAjAfBgNVHSMEGDAWgBSQJbUN2QVH55bDlvpync+Zqd9LljAdBgNVHQ4EFgQUTM3LW4+g9eaZ+dgpeFyk5fSzVxUwDgYDVR0PAQH/BAQDAgGGMGwGA1UdHwRlMGMwYaBfoF2GW2h0dHA6Ly9hd3Mtbml0cm8tZW5jbGF2ZXMtY3JsLnMzLmFtYXpvbmF3cy5jb20vY3JsL2FiNDk2MGNjLTdkNjMtNDJiZC05ZTlmLTU5MzM4Y2I2N2Y4NC5jcmwwCgYIKoZIzj0EAwMDaAAwZQIwG4lvFmth6hlGLcV8+dDdJCK3WKJ1zhVh1oGbI7NpKl5dwQu/qebtwjBjMa+FEEfFAjEAgfN2nlBrhUVEuI0FtW4LT8kTZqZFx92Ub7ql80SsJh+at94QVHj84ltSu4/eHFxgWQMXMIIDEzCCApmgAwIBAgIQUdRZ7yRYNMs/fZGI1RVx/jAKBggqhkjOPQQDAzBkMQswCQYDVQQGEwJVUzEPMA0GA1UECgwGQW1hem9uMQwwCgYDVQQLDANBV1MxNjA0BgNVBAMMLWJhNDQxZDdjODdiMTZmYzYudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczAeFw0yMzAzMjYxNjAzNDRaFw0yMzA0MDEwNTAzNDRaMIGIMTswOQYDVQQDDDIyNmM1ZGVhM2U5M2Y1MDYuem9uYWwudXMtZWFzdC0xLmF3cy5uaXRyby1lbmNsYXZlczEMMAoGA1UECwwDQVdTMQ8wDQYDVQQKDAZBbWF6b24xCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJXQTEQMA4GA1UEBwwHU2VhdHRsZTB2MBAGByqGSM49AgEGBSuBBAAiA2IABHZNteit0Fq7BqTukkiPEE4EFrgrQGyQIq+/hTGqS5/UlyplhXP3f6e8YA1Rc5nHU+uIGMxz3X29gtoVB5fsnCJLHn32jMsTHfEIOoAk/QkjfBC8VQKdTMMezi1dMcNOCKOB6jCB5zASBgNVHRMBAf8ECDAGAQH/AgEBMB8GA1UdIwQYMBaAFEzNy1uPoPXmmfnYKXhcpOX0s1cVMB0GA1UdDgQWBBSib6mnK9xx4980nDnxkUH1TdOMNTAOBgNVHQ8BAf8EBAMCAYYwgYAGA1UdHwR5MHcwdaBzoHGGb2h0dHA6Ly9jcmwtdXMtZWFzdC0xLWF3cy1uaXRyby1lbmNsYXZlcy5zMy51cy1lYXN0LTEuYW1hem9uYXdzLmNvbS9jcmwvOWRmNjYyY2ItNDAyZi00YmRmLTkzMjUtMDVlZjliYzUwMTA4LmNybDAKBggqhkjOPQQDAwNoADBlAjEAwaW6rXIYr49pqadHhGAnPJan7F9meojh4zpwIww9+Sm8zIZQ4N8gyC4+0f3TNPGjAjAk9kzQYtQiuxu5YUxLgbH6HsZhUkxDPZW+rxCmRTIkR0iDOJosNw+URWNTeyZW0u1ZAoEwggJ9MIICA6ADAgECAhQgsbSmt5wCIcXt9AxB5IJ4caKhMDAKBggqhkjOPQQDAzCBiDE7MDkGA1UEAwwyMjZjNWRlYTNlOTNmNTA2LnpvbmFsLnVzLWVhc3QtMS5hd3Mubml0cm8tZW5jbGF2ZXMxDDAKBgNVBAsMA0FXUzEPMA0GA1UECgwGQW1hem9uMQswCQYDVQQGEwJVUzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUwHhcNMjMwMzI3MDIzNjA1WhcNMjMwMzI4MDIzNjA1WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxDzANBgNVBAoMBkFtYXpvbjEMMAoGA1UECwwDQVdTMTkwNwYDVQQDDDBpLTA1MmE4YzI3OTg0ZWY4OGNhLnVzLWVhc3QtMS5hd3Mubml0cm8tZW5jbGF2ZXMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASNu46Oc/FObs3v+AYPLjGWC6eE2GYosx6Rii3NRg5u+KJaIH0kYPsKSfb+gSR64HYaQO2BQXImsqUBbDdhl2dHFBtVYW9SBh/Wz3ILLe6TVYG5q9RwIyt9hCX5P4l3xtijJjAkMBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgIEMAoGCCqGSM49BAMDA2gAMGUCMQCn7msUYBt2B5HbrcCgGkws/ocLkobhiLPkxaWkvieHOU79pX88Sl3yB22NVShGbAMCMCohrcTRglLzgAR0EHO8en1N+cccrCo/EqvXIL52xydhj7+YWyIEzapjKItLA2/zIWpwdWJsaWNfa2V5WCDY/lKZPzqvo+dRtuVZdB7VeyGGrvp79IAg4NOteFZwPml1c2VyX2RhdGFZAg17ImZ1bmNfY2hlY2tzdW0iOiJabk1lWE04aVpvRGRYSmloMGExU3Q2VEpocGhBUXRCbkxZOHhVeE1MTktnPSIsImtleV9jaGVja3N1bSI6Ik54dEwzUTMxVFUxYmdzY1cxMjQwQU9HRlRWdlJ1Wkx4YWtUWUFtOEllUGM9Iiwic2lnbmF0dXJlX3ZlcmlmaWNhdGlvbl9wdWJsaWNfa2V5IjoiTUlJQkNnS0NBUUVBN1E1ai9IRXdYWnErMTdUbHVWbzJlNzZDYU9aa2xHT2JDRW92VG44RGZPQUVVVzVGRzNOV2xFRS9zZERzRWErcS9qbDAxTGpDaE9TdE5qYlVMNUVGd2cvWkV6Tzc0UXBtTWtFR2RXZTRXcWN5ck5FZWVaYmZJdHk4ZzhZMmkwRFNkbllEZGs1Tmc2ZmpaQjhwcjNpMFNaR1A0TllXQ0VCRytQVWpmb3VYcHhwUG1kQmRwVTFxR0hIYkdoMXV3WURsTFNPOTBRd2lFR1A2WmZua3hhUTAyaTlCWWhRZDUvZUtMRE85NWljd3B3Z1d4WVc1c0pvdlJua1hQNnBnSDRPOGhWL3I0bTEwZ2NzdUtjem4zS0h0dHVSMHB3dUJldFBFenJjc25aVDN2YUVjeXNDWlFvWnRJMDdEZUlVNjBGK1h4TVpidWs3TjZBL3FBemRPSjl2bldRSURBUUFCIn1lbm9uY2VYGFhKMitXcERSZTBvZlQ2U2tLeFJraVE9PVhgwAfcxjZTXXRf3ASYoM3hBFOoP0SnAiW2dtQQW2m2b9kk6RzsLGyHHpLt2JdBF1sy4s+IfH5JSP2pLAZQdxcV4a3y8PcYW6FdzURAxnrMEFDkdu/NyAYNVHzxHGKLe51/"
}

The feature could be considered "incubating". The flow still needs to be audited by a 3rd party and is subject to change as we play with it.

@bendecoste bendecoste requested a review from justin1121 as a code owner March 27, 2023 14:30
justin1121
justin1121 reviewed Mar 27, 2023
View reviewed changes
sdk/run.go
}
log.Debugf("< Received Function Results.")
resData.DecodedAttestationDocument = attestDoc.decoded
resData.RawAttestationDocument = attestDoc.raw
Copy link
Contributor

@justin1121 justin1121 Mar 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a specific reason we're returning the raw attestation document?

justin1121
justin1121 previously approved these changes Mar 27, 2023
View reviewed changes
gavinuhma
gavinuhma reviewed Mar 27, 2023
View reviewed changes
sdk/run.go Outdated
return nil, err
}

if err := rsa.VerifyPSS(publicKey, crypto.SHA256, c.Sum(nil), resData.SignedResults, nil); err != nil {
Copy link
Member

@gavinuhma gavinuhma Mar 27, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PCRs use Sha384, we could use that as well to be consistent. Not a big deal though

kitschysynq
kitschysynq previously approved these changes Mar 27, 2023
View reviewed changes
@bendecoste bendecoste dismissed stale reviews from kitschysynq and justin1121 via d53d6cf March 27, 2023 20:32
@bendecoste bendecoste merged commit b155b6f into main Mar 27, 2023
@bendecoste bendecoste deleted the ben/verified-results branch March 27, 2023 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gavinuhma gavinuhma gavinuhma left review comments

+2 more reviewers

@kitschysynq kitschysynq kitschysynq approved these changes

@justin1121 justin1121 justin1121 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@bendecoste @kitschysynq @gavinuhma @justin1121