From 16bc4d186bd50158e14cf72846ca2e23b3c6ad54 Mon Sep 17 00:00:00 2001 From: Aniket Dixit Date: Wed, 20 May 2026 00:10:30 +0530 Subject: [PATCH] testing registration --- tee_gateway/tee_manager.py | 42 +++++++------------------------------- 1 file changed, 7 insertions(+), 35 deletions(-) diff --git a/tee_gateway/tee_manager.py b/tee_gateway/tee_manager.py index 98deaa6..506bc81 100644 --- a/tee_gateway/tee_manager.py +++ b/tee_gateway/tee_manager.py @@ -38,9 +38,9 @@ def __init__(self, register=True): self.public_key_pem = None self.tee_id = None self.wallet_address = None - # HPKE keypair for OHTTP-style anonymous inference. Generated in the - # same enclave boot so the X25519 public key is covered by the same - # attestation that covers the RSA signing key. + # HPKE keypair for OHTTP-style anonymous inference. Generated inside + # the enclave, but not currently included in the on-chain nitriding + # user_data hash. self.hpke_private_key = None self.hpke_public_key_raw: bytes | None = None self._generate_keys() @@ -78,10 +78,7 @@ def _generate_keys(self): self.wallet_address = wallet_account.address # HPKE X25519 keypair — independent random material from the RSA - # signing key. Both public keys are bound to the enclave by the - # nitriding attestation transcript (register_with_nitriding below), - # so verifiers still get a single attested fingerprint covering both, - # without sharing private-key material between them. + # signing key. self.hpke_private_key, self.hpke_public_key_raw = ohttp.generate_keypair() logger.info("TEE key pair generated successfully") @@ -94,41 +91,16 @@ def _generate_keys(self): def register_with_nitriding(self): """Register public key hash with nitriding. - The hash covers both the RSA signing key (DER-encoded SPKI) and the - raw X25519 HPKE public key. Including both in a single attested digest - means a verifier who validates the attestation document automatically - gets binding for the HPKE config used for anonymous inference — no - separate trust anchor required. + The current on-chain Nitro verifier expects nitriding user_data to + contain SHA256(signing public key DER) as the second hash. """ - # Defensive check: the v2 transcript labels both keys, so refusing to - # register is the only safe behavior when one is missing. Falling back - # to b"" would produce a digest that's nominally v2 but only covers - # RSA, and a verifier trusting the label would accept an enclave whose - # HPKE key was never attested. Raise outside the broad try/except - # below so a real misconfiguration isn't masked as a non-TEE - # environment. - if not self.hpke_public_key_raw or len(self.hpke_public_key_raw) != 32: - raise RuntimeError( - "Refusing to register with nitriding: HPKE X25519 public key " - "is missing or wrong length; the v2 attestation transcript " - "requires both RSA and HPKE keys." - ) - try: public_key_der = self.public_key.public_bytes( encoding=serialization.Encoding.DER, format=serialization.PublicFormat.SubjectPublicKeyInfo, ) - # Domain-separated transcript so a future addition of more keys - # can't be confused with the existing layout. - transcript = ( - b"og-tee-keys|v2|rsa-spki=" - + public_key_der - + b"|hpke-x25519=" - + self.hpke_public_key_raw - ) - key_hash = hashlib.sha256(transcript).digest() + key_hash = hashlib.sha256(public_key_der).digest() key_hash_b64 = base64.b64encode(key_hash).decode("utf-8") logger.info(f"Public key DER length: {len(public_key_der)} bytes")