time lock example

Author: amiller

timelock-nts/README.md

@@ -0,0 +1,14 @@
+Timelock example using cloudflare's time service
+#
+
+Cloudflare provides a secure time oracle service.
+Roughly it lets you connect over TLS and it gives you the current time.
+
+Read more about this service here:
+https://blog.cloudflare.com/secure-time/
+https://developers.cloudflare.com/time-services/nts/
+
+So, this example functions pretty simply:
+- first it generates a public key
+- it also outputs a remote attestation, where the `report_data` includes the public key and the release time (5 minutes in the future)
+- after the release time is reached according to the oralce, it outputs the private key

timelock-nts/docker-compose.yml

@@ -0,0 +1,46 @@
+services:
+  tapp:
+    configs:
+      - source: run.sh
+        target: run.sh
+    ports:
+      - "8080:8080"
+    volumes:
+      - /var/run/tappd.sock:/var/run/tappd.sock
+    build:
+      dockerfile_inline: |
+        FROM ubuntu:22.04
+        RUN apt-get update
+        RUN apt install -y curl openssl ntpsec-ntpdate
+    command: bash -c "bash run.sh | tee -a /root/log.txt"
+
+configs:
+  run.sh:
+    content: |
+      #!/bin/bash
+      key=$$(openssl genpkey -algorithm Ed25519)
+      echo "Public Key:"; echo "$$key" | openssl pkey -pubout
+
+      # Serve the log file (TODO: dashboard not working?)
+      (cd /root && python3 -m http.server 8080) &
+      
+      # Get timestamp from cloudflare and add 5 minutes
+      get_time() { ntpdate -4q time.cloudflare.com 2>/dev/null | head -1 | cut -d' ' -f1,2 | date +%s -f -; }
+      deadline=$$(($$(get_time) + 300))
+      deadline_str=$$(date -d @$${deadline})
+      echo "Release: $$deadline_str"
+
+      # Fetch the quote
+      get_quote() {         
+         PAYLOAD="{\"report_data\": \"$$(echo -n $$1 | od -A n -t x1 | tr -d ' \n')\"}"
+         curl -X POST --unix-socket /var/run/tappd.sock -d "$$PAYLOAD" http://localhost/prpc/Tappd.TdxQuote?json
+      }
+      get_quote $$(echo $$key $$deadline_str | sha256sum)
+      echo
+
+      # Loop until it's time to release the key
+      while [ $$(get_time) -lt $$deadline ]; do
+        echo "$$((deadline - $$(get_time)))s left"
+        sleep 60
+      done
+      echo "Private Key:"; echo "$$key"