Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

WIP DNM: Joy/move attestation #20859

Closed
wants to merge 3 commits into from
Closed

WIP DNM: Joy/move attestation #20859

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cbb1b1f
feat: add base verify and parse attestation functions
joyqvq Jan 13, 2025
733f438
feat: add attestation verify in sui-types
joyqvq Dec 5, 2024
55e7db4
feat: add verify_nitro_attestation to move
joyqvq Jan 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 4 additions & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -539,7 +539,7 @@ webpki = { version = "0.102", package = "rustls-webpki", features = [
"std",
] }
wiremock = "0.5"
x509-parser = "0.14.0"
x509-parser = { version = "0.14.0", features = ["verify"] }
zstd = "0.12.3"
zeroize = "1.6.0"
versions = "4.1.0"
Expand Down Expand Up @@ -585,6 +585,9 @@ passkey-authenticator = { version = "0.2.0" }
coset = "0.3"
p256 = { version = "0.13.2", features = ["ecdsa"] }

p384 = { version = "0.13.0", default-features = false, features = ["ecdsa","sha384"] }
ciborium = "0.2"

# anemo dependencies
anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "e609f7697ed6169bf0760882a0b6c032a57e4f3b" }
anemo-build = { git = "https://github.com/mystenlabs/anemo.git", rev = "e609f7697ed6169bf0760882a0b6c032a57e4f3b" }
Expand Down
71 changes: 71 additions & 0 deletions crates/sui-framework/docs/sui-framework/nitro_attestation.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,71 @@
---
title: Module `0x2::nitro_attestation`
---



- [Function `verify_nitro_attestation_internal`](#0x2_nitro_attestation_verify_nitro_attestation_internal)
- [Function `verify_nitro_attestation`](#0x2_nitro_attestation_verify_nitro_attestation)


<pre><code><b>use</b> <a href="clock.md#0x2_clock">0x2::clock</a>;
</code></pre>



<a name="0x2_nitro_attestation_verify_nitro_attestation_internal"></a>

## Function `verify_nitro_attestation_internal`

Internal native function


<pre><code><b>fun</b> <a href="nitro_attestation.md#0x2_nitro_attestation_verify_nitro_attestation_internal">verify_nitro_attestation_internal</a>(attestation: &<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;, current_timestamp: <a href="../move-stdlib/u64.md#0x1_u64">u64</a>): <a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>native</b> <b>fun</b> <a href="nitro_attestation.md#0x2_nitro_attestation_verify_nitro_attestation_internal">verify_nitro_attestation_internal</a>(
attestation: &<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
current_timestamp: <a href="../move-stdlib/u64.md#0x1_u64">u64</a>
): <a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;;
</code></pre>



</details>

<a name="0x2_nitro_attestation_verify_nitro_attestation"></a>

## Function `verify_nitro_attestation`

@param attestation: attesttaion documents bytes data.
@param clock: the clock object.

Returns parsed pcrs after verifying the attestation.


<pre><code><b>public</b> <b>fun</b> <a href="nitro_attestation.md#0x2_nitro_attestation_verify_nitro_attestation">verify_nitro_attestation</a>(attestation: &<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;, <a href="clock.md#0x2_clock">clock</a>: &<a href="clock.md#0x2_clock_Clock">clock::Clock</a>): <a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt;
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="nitro_attestation.md#0x2_nitro_attestation_verify_nitro_attestation">verify_nitro_attestation</a>(
attestation: &<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;,
<a href="clock.md#0x2_clock">clock</a>: &Clock
): <a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;<a href="../move-stdlib/vector.md#0x1_vector">vector</a>&lt;u8&gt;&gt; {
<a href="nitro_attestation.md#0x2_nitro_attestation_verify_nitro_attestation_internal">verify_nitro_attestation_internal</a>(attestation, <a href="clock.md#0x2_clock_timestamp_ms">clock::timestamp_ms</a>(<a href="clock.md#0x2_clock">clock</a>))
}
</code></pre>



</details>
23 changes: 23 additions & 0 deletions crates/sui-framework/packages/sui-framework/sources/crypto/nitro_attestation.move
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
// Copyright (c) Mysten Labs, Inc.
// SPDX-License-Identifier: Apache-2.0

module sui::nitro_attestation;

use sui::clock::{Self, Clock};

/// Internal native function
native fun verify_nitro_attestation_internal(
attestation: &vector<u8>,
current_timestamp: u64
): vector<vector<u8>>;

/// @param attestation: attesttaion documents bytes data.
/// @param clock: the clock object.
///
/// Returns parsed pcrs after verifying the attestation.
public fun verify_nitro_attestation(
attestation: &vector<u8>,
clock: &Clock
): vector<vector<u8>> {
verify_nitro_attestation_internal(attestation, clock::timestamp_ms(clock))
}
21 changes: 21 additions & 0 deletions crates/sui-framework/packages/sui-framework/tests/crypto/nitro_attestation_test.move
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
// Copyright (c) Mysten Labs, Inc.
// SPDX-License-Identifier: Apache-2.0

#[test_only]
module sui::nitro_attestation_tests {
use sui::nitro_attestation;
use sui::test_scenario;

#[test]
fun test_nitro_attestation() {
let mut scenario = test_scenario::begin(@0x0);
let ctx = scenario.ctx();
let payload = x"8444a1013822a0591121a9696d6f64756c655f69647827692d30663733613462346362373463633966322d656e633031393265343138386665663738316466646967657374665348413338346974696d657374616d701b000001932d1239ca6470637273b0005830000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000015830000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025830000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000035830639a8b65f68b0223cbb14a0032487e5656d260434e3d1a10e7ec1407fb86143860717fc8afee90df7a1604111709af460458309ab5a1aba055ee41ee254b9b251a58259b29fa1096859762744e9ac73b5869b25e51223854d9f86adbb37fe69f3e5d1c0558300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000658300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000758300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000858300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000958300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000b58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000e58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f58300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006b636572746966696361746559027e3082027a30820201a00302010202100192e4188fef781d0000000067366a8d300a06082a8648ce3d04030330818e310b30090603550406130255533113301106035504080c0a57617368696e67746f6e3110300e06035504070c0753656174746c65310f300d060355040a0c06416d617a6f6e310c300a060355040b0c034157533139303706035504030c30692d30663733613462346362373463633966322e75732d656173742d312e6177732e6e6974726f2d656e636c61766573301e170d3234313131343231323432365a170d3234313131353030323432395a308193310b30090603550406130255533113301106035504080c0a57617368696e67746f6e3110300e06035504070c0753656174746c65310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753313e303c06035504030c35692d30663733613462346362373463633966322d656e63303139326534313838666566373831642e75732d656173742d312e6177733076301006072a8648ce3d020106052b810400220362000442e0526fc41af71feac64fc6f68a8ac8aae831a9e945ab7d482b842acaf05d6b762d00cbc2115da270187c44597b1c16dcf497c70e543b41612e9041ea143d11d58bd1c847496e5d41ec78a49fe445348cf9a47af9387e0451d9ec145b56ec12a31d301b300c0603551d130101ff04023000300b0603551d0f0404030206c0300a06082a8648ce3d0403030367003064023078001466c0c64293b9bde3d0834edb67ff18417f6075a8f7d137701e10164ce6cf45c508bf383ed0d8d41c51a5977a43023033cb8e4a6ad2686b86c2533accbab5dd5e98cf25d3612b1a48502f327ce00acc921641242d5a3a27d222df1f7dfc3e2c68636162756e646c65845902153082021130820196a003020102021100f93175681b90afe11d46ccb4e4e7f856300a06082a8648ce3d0403033049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c61766573301e170d3139313032383133323830355a170d3439313032383134323830355a3049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c617665733076301006072a8648ce3d020106052b8104002203620004fc0254eba608c1f36870e29ada90be46383292736e894bfff672d989444b5051e534a4b1f6dbe3c0bc581a32b7b176070ede12d69a3fea211b66e752cf7dd1dd095f6f1370f4170843d9dc100121e4cf63012809664487c9796284304dc53ff4a3423040300f0603551d130101ff040530030101ff301d0603551d0e041604149025b50dd90547e796c396fa729dcf99a9df4b96300e0603551d0f0101ff040403020186300a06082a8648ce3d0403030369003066023100a37f2f91a1c9bd5ee7b8627c1698d255038e1f0343f95b63a9628c3d39809545a11ebcbf2e3b55d8aeee71b4c3d6adf3023100a2f39b1605b27028a5dd4ba069b5016e65b4fbde8fe0061d6a53197f9cdaf5d943bc61fc2beb03cb6fee8d2302f3dff65902c2308202be30820245a003020102021100ab314210a819b4842e3be045e7daddbe300a06082a8648ce3d0403033049310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c03415753311b301906035504030c126177732e6e6974726f2d656e636c61766573301e170d3234313131333037333235355a170d3234313230333038333235355a3064310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c034157533136303406035504030c2d343834633637303131656563376235332e75732d656173742d312e6177732e6e6974726f2d656e636c617665733076301006072a8648ce3d020106052b8104002203620004cbd3e3fe8793852d952a214ee1c7f17e13eff238c5952ffc6c48f2b8e70beec10194585089829f4818d012a6061cdc9f4d8c5a67aada1233f75b65d3f7704e1c02460cfcc74f0e94193c8d4030f6d1662de0427836c1d32c571c919230fae73aa381d53081d230120603551d130101ff040830060101ff020102301f0603551d230418301680149025b50dd90547e796c396fa729dcf99a9df4b96301d0603551d0e04160414b5f0f617140aa7057c7977f361eee896fd9a58b4300e0603551d0f0101ff040403020186306c0603551d1f046530633061a05fa05d865b687474703a2f2f6177732d6e6974726f2d656e636c617665732d63726c2e73332e616d617a6f6e6177732e636f6d2f63726c2f61623439363063632d376436332d343262642d396539662d3539333338636236376638342e63726c300a06082a8648ce3d04030303670030640230038362cf11e189755d6a2306d728a7f356740eefe623d5e0e9e7c33c1b061ade2224127ac3a2e4bce60b43fc8c53326902306aceccf6f45a8d5c066bd10ce3ffaeeebdee56eedb86deb18ea22172c07196750924dd8f4656c70bd95eb6714cb8ecdd59031a308203163082029ba0030201020211009a0f4f29c1649826edb5b5f9f93b6326300a06082a8648ce3d0403033064310b3009060355040613025553310f300d060355040a0c06416d617a6f6e310c300a060355040b0c034157533136303406035504030c2d343834633637303131656563376235332e75732d656173742d312e6177732e6e6974726f2d656e636c61766573301e170d3234313131343034323230325a170d3234313132303033323230325a308189313c303a06035504030c33373532313933346262636164353432622e7a6f6e616c2e75732d656173742d312e6177732e6e6974726f2d656e636c61766573310c300a060355040b0c03415753310f300d060355040a0c06416d617a6f6e310b3009060355040613025553310b300906035504080c0257413110300e06035504070c0753656174746c653076301006072a8648ce3d020106052b810400220362000496f4565c489625767e8e2d3006ba06bd48ba3e384027a205b93d1ad4958128887c38ddbb2f4922888708ef0985e1e5d3bd73b33f86785ac66a204eed3a6b663686434f64e19fb39cd7b33068edb2108b79774a961e7080cb1b4eaa60a5e63e22a381ea3081e730120603551d130101ff040830060101ff020101301f0603551d23041830168014b5f0f617140aa7057c7977f361eee896fd9a58b4301d0603551d0e0416041484b6dc9994365b56081f5d1bc8ee21f58e45d7df300e0603551d0f0101ff0404030201863081800603551d1f047930773075a073a071866f687474703a2f2f63726c2d75732d656173742d312d6177732d6e6974726f2d656e636c617665732e73332e75732d656173742d312e616d617a6f6e6177732e636f6d2f63726c2f34396230376261342d303533622d346435622d616434612d3364626533653065396637652e63726c300a06082a8648ce3d0403030369003066023100d00c2999e66fbcce624d91aedf41f5532b04c300c86a61d78ed968716a7f7ff565e2c361f4f46fe5c5486a9d2bfe0d60023100bc46872a45820fb552b926d420d4f6a1be831bb26821d374e95bff5ed042b3313465b5b4cde79f16f6a57bd5b541353c5902c3308202bf30820245a003020102021500eaa3f0b662c2a61c96f94194fa33d5baf26eeb84300a06082a8648ce3d040303308189313c303a06035504030c33373532313933346262636164353432622e7a6f6e616c2e75732d656173742d312e6177732e6e6974726f2d656e636c61766573310c300a060355040b0c03415753310f300d060355040a0c06416d617a6f6e310b3009060355040613025553310b300906035504080c0257413110300e06035504070c0753656174746c65301e170d3234313131343130313032345a170d3234313131353130313032345a30818e310b30090603550406130255533113301106035504080c0a57617368696e67746f6e3110300e06035504070c0753656174746c65310f300d060355040a0c06416d617a6f6e310c300a060355040b0c034157533139303706035504030c30692d30663733613462346362373463633966322e75732d656173742d312e6177732e6e6974726f2d656e636c617665733076301006072a8648ce3d020106052b81040022036200040fe46adf864a558a00a9ca4b64ece5ba124ed1d29656a1f16ca71d0dc8fca56b0fb15aafd309f6258374e8c7b4a5b0521c76d1812a7873474dae9322aef1cd782db19fc2ece4d36fa08acbe65e4bec2a3cfe70960d179778ea7e7711f827b36ea366306430120603551d130101ff040830060101ff020100300e0603551d0f0101ff040403020204301d0603551d0e041604143e40d423bf86e9565c378487843389bd2f471a56301f0603551d2304183016801484b6dc9994365b56081f5d1bc8ee21f58e45d7df300a06082a8648ce3d0403030368003065023100c2767f29cc6e40e087617cf680d81e3b77962c29d8ace426b3c4a62a560354da73de6f80986d44da2593a3c268fea94302306056e2f3c88c30170c4940f578acc279a01fe689123e81def4f8c313e1f0cbc44a562a171d12810e847e441aee233f676a7075626c69635f6b6579f669757365725f6461746158205a264748a62368075d34b9494634a3e096e0e48f6647f965b81d2a653de684f2656e6f6e6365f65860284d57f029e1b3beb76455a607b9a86360d6451370f718a0d7bdcad729eea248c25461166ab684ad31fb52713918ee3e401d1b56251d6f9d85bf870e850e0b47559d17091778dbafc3d1989a94bd54c0991053675dcc3686402b189172aae196";
let mut clock = sui::clock::create_for_testing(ctx);
clock.set_for_testing(1731627987382);
let res = nitro_attestation::verify_nitro_attestation(&payload, &clock);
assert!(vector::length(&res) == 16);
scenario.end();
clock.destroy_for_testing();
}
}
Binary file modified crates/sui-framework/packages_compiled/sui-framework
View file
Open in desktop
Binary file not shown.
6 changes: 6 additions & 0 deletions crates/sui-framework/published_api.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2788,6 +2788,12 @@ sqrt_u128
divide_and_round_up
public fun
0x2::math
verify_nitro_attestation_internal
fun
0x2::nitro_attestation
verify_nitro_attestation
public fun
0x2::nitro_attestation
ObjectBag
public struct
0x2::object_bag
Expand Down
23 changes: 23 additions & 0 deletions crates/sui-protocol-config/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -598,6 +598,10 @@ struct FeatureFlags {
// Properly convert certain type argument errors in the execution layer.
#[serde(skip_serializing_if = "is_false")]
convert_type_argument_error: bool,

// Enable native functions for nitro attestation.
#[serde(skip_serializing_if = "is_false")]
enable_nitro_attestation: bool,
}

fn is_false(b: &bool) -> bool {
Expand Down Expand Up @@ -1206,6 +1210,10 @@ pub struct ProtocolConfig {
vdf_verify_vdf_cost: Option<u64>,
vdf_hash_to_input_cost: Option<u64>,

nitro_attestation_parse_cost: Option<u64>,
nitro_attestation_verify_base_cost: Option<u64>,
nitro_attestation_verify_cost_per_cert: Option<u64>,

// Stdlib costs
bcs_per_byte_serialized_cost: Option<u64>,
bcs_legacy_min_output_size_cost: Option<u64>,
Expand Down Expand Up @@ -1755,6 +1763,10 @@ impl ProtocolConfig {
pub fn convert_type_argument_error(&self) -> bool {
self.feature_flags.convert_type_argument_error
}

pub fn enable_nitro_attestation(&self) -> bool {
self.feature_flags.enable_nitro_attestation
}
}

#[cfg(not(msim))]
Expand Down Expand Up @@ -2189,6 +2201,10 @@ impl ProtocolConfig {
vdf_verify_vdf_cost: None,
vdf_hash_to_input_cost: None,

nitro_attestation_parse_cost: None,
nitro_attestation_verify_base_cost: None,
nitro_attestation_verify_cost_per_cert: None,

bcs_per_byte_serialized_cost: None,
bcs_legacy_min_output_size_cost: None,
bcs_failure_cost: None,
Expand Down Expand Up @@ -3130,6 +3146,13 @@ impl ProtocolConfig {
}
72 => {
cfg.feature_flags.convert_type_argument_error = true;
if chain != Chain::Mainnet && chain != Chain::Testnet {
cfg.feature_flags.enable_nitro_attestation = true;
// todo: change this
cfg.nitro_attestation_parse_cost = Some(100);
cfg.nitro_attestation_verify_base_cost = Some(300);
cfg.nitro_attestation_verify_cost_per_cert = Some(100);
}
}
// Use this template when making changes:
//
Expand Down
Loading
Loading