runtime: Add conditional SGX attestation parsing for rofl.Register txs

oasisprotocol · Jan 8, 2025 · 69c0c89 · 69c0c89
1 parent 171ab2a
commit 69c0c89
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 1 deletion.
diff --git a/.changelog/876.feature.md b/.changelog/876.feature.md
@@ -0,0 +1 @@
+runtime: Add conditional SGX attestation parsing for rofl.Register txs
diff --git a/analyzer/runtime/extract.go b/analyzer/runtime/extract.go
@@ -17,6 +17,7 @@ import (
 	"github.com/ethereum/go-ethereum/accounts/abi"
 	ethCommon "github.com/ethereum/go-ethereum/common"
 	"github.com/oasisprotocol/oasis-core/go/common/cbor"
+	"github.com/oasisprotocol/oasis-core/go/common/crypto/signature"
 	"github.com/oasisprotocol/oasis-core/go/common/quantity"
 	sdkConfig "github.com/oasisprotocol/oasis-sdk/client-sdk/go/config"
 	"github.com/oasisprotocol/oasis-sdk/client-sdk/go/modules/accounts"
@@ -35,6 +36,7 @@ import (
 	"github.com/oasisprotocol/nexus/analyzer/util/eth"
 	apiTypes "github.com/oasisprotocol/nexus/api/v1/types"
 	"github.com/oasisprotocol/nexus/common"
+	"github.com/oasisprotocol/nexus/coreapi/v24.0/common/node"
 	"github.com/oasisprotocol/nexus/log"
 	"github.com/oasisprotocol/nexus/storage"
 	"github.com/oasisprotocol/nexus/storage/oasis/nodeapi"
@@ -534,7 +536,42 @@ func ExtractRound(blockHeader nodeapi.RuntimeBlockHeader, txrs []nodeapi.Runtime
 					return nil
 				},
 				RoflRegister: func(body *rofl.Register) error {
-					blockTransactionData.Body = body
+					// Serialize the transaction body with enhanced attestation parsing for SGX hardware.
+					// If the CapabilityTEE's hardware type is SGX, attempts to parse the attestation field,
+					// replacing it with a structured SGXAttestation. If parsing fails or the hardware type
+					// is not SGX, the original transaction body is returned unchanged.
+					customSerialize := func(body *rofl.Register) interface{} {
+						// If not SGX attestation, return original body.
+						if uint8(body.EndorsedCapability.CapabilityTEE.Hardware) != uint8(node.TEEHardwareIntelSGX) {
+							return body
+						}
+
+						// Try parsing the SGX Attestation.
+						var sa node.SGXAttestation
+						if err := cbor.Unmarshal(body.EndorsedCapability.CapabilityTEE.Attestation, &sa); err != nil {
+							logger.Error("error unmarshalling SGX attestation", "err", err)
+							return body
+						}
+
+						wrapper := struct {
+							rofl.Register
+							// Override Attestation field.
+							EndorsedCapability struct {
+								CapabilityTEE struct {
+									node.CapabilityTEE
+									Attestation node.SGXAttestation `json:"attestation"`
+								} `json:"capability_tee"`
+								NodeEndorsement signature.Signature `json:"node_endorsement"`
+							} `json:"ect"` //nolint: misspell
+						}{
+							Register: *body,
+						}
+						wrapper.EndorsedCapability.CapabilityTEE.Attestation = sa
+
+						return wrapper
+					}
+
+					blockTransactionData.Body = customSerialize(body)
 					return nil
 				},
 				UnknownMethod: func(methodName string) error {
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		runtime: Add conditional SGX attestation parsing for rofl.Register txs