fix(enclave): make tcbinfo-contract deployable on cosmwasm (#194)

Co-authored-by: Peppi Littera <giuseppe@informal.systems>
2024-09-12 13:10:24 +04:00 · 2024-09-12 13:10:24 +04:00 · 072bb4dc63
commit 072bb4dc63
parent 53c10273fa
16 changed files with 71 additions and 50 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -1684,7 +1684,6 @@ dependencies = [
 "ff",
 "generic-array",
 "group",
- "pem-rfc7468",
 "pkcs8",
 "rand_core",
 "sec1",
@ -2432,7 +2431,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 dependencies = [
 "ahash",
 "allocator-api2",
- "serde",
 ]

 [[package]]
@ -5240,8 +5238,6 @@ dependencies = [
 "cw-storage-plus",
 "cw2",
 "der",
- "getrandom",
- "hashbrown 0.14.5",
 "hex",
 "mc-attestation-verifier",
 "p256",
@ -5251,7 +5247,6 @@ dependencies = [
 "serde_json",
 "thiserror",
 "x509-cert",
- "x509-parser",
 ]

 [[package]]
--- a/Cargo.toml
+++ b/Cargo.toml
@ -77,11 +77,12 @@ mc-attestation-verifier = { git = "https://github.com/informalsystems/attestatio

 # quartz
 cw-proof = { path = "core/light-client-proofs/cw-proof", default-features = false }
-quartz-common = { path = "core/quartz-common"}
+quartz-common = { path = "core/quartz-common" }
 quartz-cw = { path = "cosmwasm/packages/quartz-cw", default-features = false }
 quartz-enclave = { path = "core/quartz", default-features = false }
 quartz-proto = { path = "core/quartz-proto", default-features = false }
 quartz-tee-ra = { path = "cosmwasm/packages/quartz-tee-ra", default-features = false }
+tcbinfo = { path = "cosmwasm/packages/tcbinfo", features = ["library"] }
 tm-prover = { path = "utils/tm-prover", default-features = false }
 tm-stateless-verifier = { path = "core/light-client-proofs/tm-stateless-verifier", default-features = false }
 wasmd-client = { path = "cosmwasm/packages/wasmd-client", default-features = false }
--- a/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock
+++ b/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock
@ -771,7 +771,6 @@ dependencies = [
 "ff",
 "generic-array",
 "group",
- "pem-rfc7468",
 "pkcs8",
 "rand_core",
 "sec1",
@ -859,7 +858,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 dependencies = [
 "ahash",
 "allocator-api2",
- "serde",
 ]

 [[package]]
@ -1578,8 +1576,6 @@ dependencies = [
 "cw-storage-plus",
 "cw2",
 "der",
- "getrandom",
- "hashbrown 0.14.5",
 "hex",
 "mc-attestation-verifier",
 "p256",
@ -1589,7 +1585,6 @@ dependencies = [
 "serde_json",
 "thiserror",
 "x509-cert",
- "x509-parser",
 ]

 [[package]]
--- a/apps/mtcs/enclave/Cargo.toml
+++ b/apps/mtcs/enclave/Cargo.toml
@ -44,7 +44,7 @@ cw-tee-mtcs.workspace = true
 mtcs.workspace = true

 # quartz
-quartz-common = { workspace = true, features = ["full"]}
+quartz-common = { workspace = true, features = ["full"] }

 [dev-dependencies]
 cw-multi-test = "2.1.0"
--- a/apps/mtcs/enclave/src/cli.rs
+++ b/apps/mtcs/enclave/src/cli.rs
@ -28,7 +28,7 @@ pub struct Cli {

    /// TcbInfo contract address
    #[clap(long)]
-    pub tcbinfo_contract: AccountId,
+    pub tcbinfo_contract: Option<AccountId>,

    /// Height of the trusted header (AKA root-of-trust)
    #[clap(long)]
--- a/apps/mtcs/enclave/src/main.rs
+++ b/apps/mtcs/enclave/src/main.rs
@ -61,7 +61,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
        attestor.mr_enclave()?,
        Duration::from_secs(30 * 24 * 60),
        light_client_opts,
-        args.tcbinfo_contract.to_string(),
+        args.tcbinfo_contract.map(|c| c.to_string()),
    );

    let sk = Arc::new(Mutex::new(None));
--- a/apps/transfers/contracts/Cargo.lock
+++ b/apps/transfers/contracts/Cargo.lock
@ -1176,7 +1176,6 @@ dependencies = [
 [[package]]
 name = "quartz-common"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
 "quartz-cw",
 ]
@ -1184,7 +1183,6 @@ dependencies = [
 [[package]]
 name = "quartz-cw"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
 "cosmwasm-schema",
 "cosmwasm-std",
@ -1196,13 +1194,13 @@ dependencies = [
 "serde_json",
 "serde_with",
 "sha2",
+ "tcbinfo",
 "thiserror",
 ]

 [[package]]
 name = "quartz-tee-ra"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
 "cosmwasm-schema",
 "cosmwasm-std",
@ -1548,6 +1546,26 @@ dependencies = [
 "syn 2.0.75",
 ]

+[[package]]
+name = "tcbinfo"
+version = "0.1.0"
+dependencies = [
+ "cosmwasm-schema",
+ "cosmwasm-std",
+ "cw-storage-plus",
+ "cw2",
+ "der",
+ "hex",
+ "mc-attestation-verifier",
+ "p256",
+ "quartz-tee-ra",
+ "schemars",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "x509-cert",
+]
+
 [[package]]
 name = "thiserror"
 version = "1.0.63"
--- a/apps/transfers/contracts/Cargo.toml
+++ b/apps/transfers/contracts/Cargo.toml
@ -44,7 +44,7 @@ cw20-base = { version = "2.0.0", default-features = false, features = ["library"
 cw-utils = { version = "2.0.0", default-features = false }

 # quartz
-quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["contract"]}
+quartz-common = { path = "../../../core/quartz-common", features = ["contract"] }

 # patch indirect deps
 getrandom = { version = "0.2.15", default-features = false, features = ["js"] }
--- a/apps/transfers/enclave/Cargo.lock
+++ b/apps/transfers/enclave/Cargo.lock
@ -870,7 +870,6 @@ dependencies = [
 [[package]]
 name = "cw-proof"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "clap",
 "cosmrs",
@ -2507,7 +2506,6 @@ dependencies = [
 [[package]]
 name = "quartz-common"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "quartz-cw",
 "quartz-enclave",
@ -2517,24 +2515,24 @@ dependencies = [
 [[package]]
 name = "quartz-cw"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "cosmwasm-schema",
 "cosmwasm-std",
 "cw-storage-plus",
+ "hex",
 "k256",
 "quartz-tee-ra",
 "serde",
 "serde_json",
 "serde_with",
 "sha2 0.10.8",
+ "tcbinfo",
 "thiserror",
 ]

 [[package]]
 name = "quartz-enclave"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "clap",
 "color-eyre",
@ -2562,7 +2560,6 @@ dependencies = [
 [[package]]
 name = "quartz-proto"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "prost 0.13.1",
 "tonic",
@ -2572,7 +2569,6 @@ dependencies = [
 [[package]]
 name = "quartz-tee-ra"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "cosmwasm-schema",
 "cosmwasm-std",
@ -3279,6 +3275,26 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "tcbinfo"
+version = "0.1.0"
+dependencies = [
+ "cosmwasm-schema",
+ "cosmwasm-std",
+ "cw-storage-plus",
+ "cw2",
+ "der",
+ "hex",
+ "mc-attestation-verifier",
+ "p256",
+ "quartz-tee-ra",
+ "schemars",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "x509-cert",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.12.0"
@ -3537,7 +3553,6 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tm-stateless-verifier"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
 "displaydoc",
 "tendermint 0.38.1",
--- a/apps/transfers/enclave/Cargo.toml
+++ b/apps/transfers/enclave/Cargo.toml
@ -37,7 +37,7 @@ tendermint-light-client = { version = "=0.38.1", default-features = false, featu
 transfers-contract = { path = "../contracts", default-features = false }

 # quartz
-quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["full"]}
+quartz-common = { path = "../../../core/quartz-common", features = ["full"] }

 [dev-dependencies]
 cw-multi-test = "2.1.0"
--- a/apps/transfers/enclave/src/cli.rs
+++ b/apps/transfers/enclave/src/cli.rs
@ -28,7 +28,7 @@ pub struct Cli {

    /// TcbInfo contract address
    #[clap(long)]
-    pub tcbinfo_contract: AccountId,
+    pub tcbinfo_contract: Option<AccountId>,

    /// Height of the trusted header (AKA root-of-trust)
    #[clap(long)]
--- a/apps/transfers/enclave/src/main.rs
+++ b/apps/transfers/enclave/src/main.rs
@ -61,7 +61,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
        attestor.mr_enclave()?,
        Duration::from_secs(30 * 24 * 60),
        light_client_opts,
-        args.tcbinfo_contract.to_string(),
+        args.tcbinfo_contract.map(|c| c.to_string()),
    );

    let sk = Arc::new(Mutex::new(None));
--- a/cosmwasm/packages/quartz-cw/Cargo.toml
+++ b/cosmwasm/packages/quartz-cw/Cargo.toml
@ -23,6 +23,7 @@ serde_with.workspace = true
 sha2.workspace = true
 thiserror.workspace = true
 hex.workspace = true
+
 # cosmos
 cw-storage-plus.workspace = true
 cosmwasm-schema.workspace = true
@ -30,9 +31,7 @@ cosmwasm-std.workspace = true

 # quartz
 quartz-tee-ra.workspace = true
-
-# tcbinfo
-tcbinfo = { path = "../tcbinfo", features = ["library"] }
+tcbinfo.workspace = true

 [dev-dependencies]
 serde_json.workspace = true
--- a/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs
+++ b/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs
@ -20,7 +20,9 @@ use crate::{

 pub fn query_tcbinfo(deps: Deps<'_>, fmspc: String) -> Result<Binary, Error> {
    let config = CONFIG.load(deps.storage).map_err(Error::Std)?;
-    let tcbinfo_addr = config.tcb_info();
+    let tcbinfo_addr = config
+        .tcb_info()
+        .expect("TcbInfo contract address is required for DCAP");

    let fmspc_bytes =
        hex::decode(&fmspc).map_err(|_| Error::InvalidFmspc("Invalid FMSPC format".to_string()))?;
--- a/cosmwasm/packages/quartz-cw/src/state.rs
+++ b/cosmwasm/packages/quartz-cw/src/state.rs
@ -17,7 +17,7 @@ pub struct Config {
    mr_enclave: MrEnclave,
    epoch_duration: Duration,
    light_client_opts: LightClientOpts,
-    tcbinfo_contract: String,
+    tcbinfo_contract: Option<String>,
 }

 impl Config {
@ -25,7 +25,7 @@ impl Config {
        mr_enclave: MrEnclave,
        epoch_duration: Duration,
        light_client_opts: LightClientOpts,
-        tcbinfo_contract: String,
+        tcbinfo_contract: Option<String>,
    ) -> Self {
        Self {
            mr_enclave,
@ -43,8 +43,8 @@ impl Config {
        self.mr_enclave
    }

-    pub fn tcbinfo_contract(&self) -> &str {
-        &self.tcbinfo_contract
+    pub fn tcbinfo_contract(&self) -> Option<&str> {
+        self.tcbinfo_contract.as_deref()
    }
 }

@ -53,7 +53,7 @@ pub struct RawConfig {
    mr_enclave: HexBinary,
    epoch_duration: Duration,
    light_client_opts: RawLightClientOpts,
-    tcbinfo_contract: String,
+    tcbinfo_contract: Option<String>,
 }

 impl RawConfig {
@ -61,8 +61,8 @@ impl RawConfig {
        self.mr_enclave.as_slice()
    }

-    pub fn tcb_info(&self) -> String {
-        self.tcbinfo_contract.to_string()
+    pub fn tcb_info(&self) -> Option<String> {
+        self.tcbinfo_contract.clone().map(|c| c.to_string())
    }
 }

--- a/cosmwasm/packages/tcbinfo/Cargo.toml
+++ b/cosmwasm/packages/tcbinfo/Cargo.toml
@ -32,28 +32,24 @@ optimize = """docker run --rm -v "$(pwd)":/code \
 """

 [dependencies]
-
 cosmwasm-schema = "2.0.1"
-cosmwasm-std = { version = "2.0.1", features = [
-  "cosmwasm_1_3",
-  # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher
-  # "cosmwasm_1_4",
+cosmwasm-std = { version = "2.0.1", default-features = false, features = [
+    "cosmwasm_1_3",
+    # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher
+    # "cosmwasm_1_4",
 ] }
 cw-storage-plus = "2.0.0"
 cw2 = "2.0.0"
-getrandom = { version = "0.2", features = ["js"] }
 schemars = "0.8.16"
 serde = { version = "1.0.197", default-features = false, features = ["derive"] }
 thiserror = { version = "1.0.58" }
 x509-cert = { version = "0.2.5", default-features = false, features = ["pem"] }
-x509-parser = {version = "0.16.0", features = ["verify"] }
 der = { version = "0.7.9" }
 quartz-tee-ra = { path = "../quartz-tee-ra" }
-mc-attestation-verifier = {git = "https://github.com/informalsystems/attestation", default-features = false}
-p256 = "0.13.2"
+mc-attestation-verifier = { git = "https://github.com/informalsystems/attestation", default-features = false }
+p256 = { version = "0.13.2", default-features = false }
 serde_json = { version = "1.0", default-features = false }
-hashbrown = {version = "0.14.5", features = ["serde"]}
-hex = {version = "0.4.3", default-features = false, features = ["serde"]}
+hex = { version = "0.4.3", default-features = false, features = ["serde"] }

 [dev-dependencies]
 cw-multi-test = "2.0.0"