From 072bb4dc638af1b712e00d288e5af6b2a37f121d Mon Sep 17 00:00:00 2001 From: Shoaib Ahmed Date: Thu, 12 Sep 2024 13:10:24 +0400 Subject: [PATCH] fix(enclave): make tcbinfo-contract deployable on cosmwasm (#194) Co-authored-by: Peppi Littera --- Cargo.lock | 5 ---- Cargo.toml | 3 +- apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock | 5 ---- apps/mtcs/enclave/Cargo.toml | 2 +- apps/mtcs/enclave/src/cli.rs | 2 +- apps/mtcs/enclave/src/main.rs | 2 +- apps/transfers/contracts/Cargo.lock | 24 +++++++++++++-- apps/transfers/contracts/Cargo.toml | 2 +- apps/transfers/enclave/Cargo.lock | 29 ++++++++++++++----- apps/transfers/enclave/Cargo.toml | 2 +- apps/transfers/enclave/src/cli.rs | 2 +- apps/transfers/enclave/src/main.rs | 2 +- cosmwasm/packages/quartz-cw/Cargo.toml | 5 ++-- .../quartz-cw/src/handler/execute/attested.rs | 4 ++- cosmwasm/packages/quartz-cw/src/state.rs | 14 ++++----- cosmwasm/packages/tcbinfo/Cargo.toml | 18 +++++------- 16 files changed, 71 insertions(+), 50 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 4d937c8..5b6da7f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1684,7 +1684,6 @@ dependencies = [ "ff", "generic-array", "group", - "pem-rfc7468", "pkcs8", "rand_core", "sec1", @@ -2432,7 +2431,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", "allocator-api2", - "serde", ] [[package]] @@ -5240,8 +5238,6 @@ dependencies = [ "cw-storage-plus", "cw2", "der", - "getrandom", - "hashbrown 0.14.5", "hex", "mc-attestation-verifier", "p256", @@ -5251,7 +5247,6 @@ dependencies = [ "serde_json", "thiserror", "x509-cert", - "x509-parser", ] [[package]] diff --git a/Cargo.toml b/Cargo.toml index dbd4ca8..bb5b097 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -77,11 +77,12 @@ mc-attestation-verifier = { git = "https://github.com/informalsystems/attestatio # quartz cw-proof = { path = "core/light-client-proofs/cw-proof", default-features = false } -quartz-common = { path = "core/quartz-common"} +quartz-common = { path = "core/quartz-common" } quartz-cw = { path = "cosmwasm/packages/quartz-cw", default-features = false } quartz-enclave = { path = "core/quartz", default-features = false } quartz-proto = { path = "core/quartz-proto", default-features = false } quartz-tee-ra = { path = "cosmwasm/packages/quartz-tee-ra", default-features = false } +tcbinfo = { path = "cosmwasm/packages/tcbinfo", features = ["library"] } tm-prover = { path = "utils/tm-prover", default-features = false } tm-stateless-verifier = { path = "core/light-client-proofs/tm-stateless-verifier", default-features = false } wasmd-client = { path = "cosmwasm/packages/wasmd-client", default-features = false } diff --git a/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock b/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock index 1e74213..e110151 100644 --- a/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock +++ b/apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock @@ -771,7 +771,6 @@ dependencies = [ "ff", "generic-array", "group", - "pem-rfc7468", "pkcs8", "rand_core", "sec1", @@ -859,7 +858,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1" dependencies = [ "ahash", "allocator-api2", - "serde", ] [[package]] @@ -1578,8 +1576,6 @@ dependencies = [ "cw-storage-plus", "cw2", "der", - "getrandom", - "hashbrown 0.14.5", "hex", "mc-attestation-verifier", "p256", @@ -1589,7 +1585,6 @@ dependencies = [ "serde_json", "thiserror", "x509-cert", - "x509-parser", ] [[package]] diff --git a/apps/mtcs/enclave/Cargo.toml b/apps/mtcs/enclave/Cargo.toml index 26415e9..95659f5 100644 --- a/apps/mtcs/enclave/Cargo.toml +++ b/apps/mtcs/enclave/Cargo.toml @@ -44,7 +44,7 @@ cw-tee-mtcs.workspace = true mtcs.workspace = true # quartz -quartz-common = { workspace = true, features = ["full"]} +quartz-common = { workspace = true, features = ["full"] } [dev-dependencies] cw-multi-test = "2.1.0" diff --git a/apps/mtcs/enclave/src/cli.rs b/apps/mtcs/enclave/src/cli.rs index 1e00732..a062afc 100644 --- a/apps/mtcs/enclave/src/cli.rs +++ b/apps/mtcs/enclave/src/cli.rs @@ -28,7 +28,7 @@ pub struct Cli { /// TcbInfo contract address #[clap(long)] - pub tcbinfo_contract: AccountId, + pub tcbinfo_contract: Option, /// Height of the trusted header (AKA root-of-trust) #[clap(long)] diff --git a/apps/mtcs/enclave/src/main.rs b/apps/mtcs/enclave/src/main.rs index 500fe53..7a0e3ef 100644 --- a/apps/mtcs/enclave/src/main.rs +++ b/apps/mtcs/enclave/src/main.rs @@ -61,7 +61,7 @@ async fn main() -> Result<(), Box> { attestor.mr_enclave()?, Duration::from_secs(30 * 24 * 60), light_client_opts, - args.tcbinfo_contract.to_string(), + args.tcbinfo_contract.map(|c| c.to_string()), ); let sk = Arc::new(Mutex::new(None)); diff --git a/apps/transfers/contracts/Cargo.lock b/apps/transfers/contracts/Cargo.lock index 2e00708..6c810ad 100644 --- a/apps/transfers/contracts/Cargo.lock +++ b/apps/transfers/contracts/Cargo.lock @@ -1176,7 +1176,6 @@ dependencies = [ [[package]] name = "quartz-common" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58" dependencies = [ "quartz-cw", ] @@ -1184,7 +1183,6 @@ dependencies = [ [[package]] name = "quartz-cw" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58" dependencies = [ "cosmwasm-schema", "cosmwasm-std", @@ -1196,13 +1194,13 @@ dependencies = [ "serde_json", "serde_with", "sha2", + "tcbinfo", "thiserror", ] [[package]] name = "quartz-tee-ra" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58" dependencies = [ "cosmwasm-schema", "cosmwasm-std", @@ -1548,6 +1546,26 @@ dependencies = [ "syn 2.0.75", ] +[[package]] +name = "tcbinfo" +version = "0.1.0" +dependencies = [ + "cosmwasm-schema", + "cosmwasm-std", + "cw-storage-plus", + "cw2", + "der", + "hex", + "mc-attestation-verifier", + "p256", + "quartz-tee-ra", + "schemars", + "serde", + "serde_json", + "thiserror", + "x509-cert", +] + [[package]] name = "thiserror" version = "1.0.63" diff --git a/apps/transfers/contracts/Cargo.toml b/apps/transfers/contracts/Cargo.toml index 4567e15..a8a9903 100644 --- a/apps/transfers/contracts/Cargo.toml +++ b/apps/transfers/contracts/Cargo.toml @@ -44,7 +44,7 @@ cw20-base = { version = "2.0.0", default-features = false, features = ["library" cw-utils = { version = "2.0.0", default-features = false } # quartz -quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["contract"]} +quartz-common = { path = "../../../core/quartz-common", features = ["contract"] } # patch indirect deps getrandom = { version = "0.2.15", default-features = false, features = ["js"] } diff --git a/apps/transfers/enclave/Cargo.lock b/apps/transfers/enclave/Cargo.lock index b6df0f1..887cadf 100644 --- a/apps/transfers/enclave/Cargo.lock +++ b/apps/transfers/enclave/Cargo.lock @@ -870,7 +870,6 @@ dependencies = [ [[package]] name = "cw-proof" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "clap", "cosmrs", @@ -2507,7 +2506,6 @@ dependencies = [ [[package]] name = "quartz-common" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "quartz-cw", "quartz-enclave", @@ -2517,24 +2515,24 @@ dependencies = [ [[package]] name = "quartz-cw" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "cosmwasm-schema", "cosmwasm-std", "cw-storage-plus", + "hex", "k256", "quartz-tee-ra", "serde", "serde_json", "serde_with", "sha2 0.10.8", + "tcbinfo", "thiserror", ] [[package]] name = "quartz-enclave" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "clap", "color-eyre", @@ -2562,7 +2560,6 @@ dependencies = [ [[package]] name = "quartz-proto" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "prost 0.13.1", "tonic", @@ -2572,7 +2569,6 @@ dependencies = [ [[package]] name = "quartz-tee-ra" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "cosmwasm-schema", "cosmwasm-std", @@ -3279,6 +3275,26 @@ dependencies = [ "libc", ] +[[package]] +name = "tcbinfo" +version = "0.1.0" +dependencies = [ + "cosmwasm-schema", + "cosmwasm-std", + "cw-storage-plus", + "cw2", + "der", + "hex", + "mc-attestation-verifier", + "p256", + "quartz-tee-ra", + "schemars", + "serde", + "serde_json", + "thiserror", + "x509-cert", +] + [[package]] name = "tempfile" version = "3.12.0" @@ -3537,7 +3553,6 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20" [[package]] name = "tm-stateless-verifier" version = "0.1.0" -source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855" dependencies = [ "displaydoc", "tendermint 0.38.1", diff --git a/apps/transfers/enclave/Cargo.toml b/apps/transfers/enclave/Cargo.toml index 1e5567b..ae16946 100644 --- a/apps/transfers/enclave/Cargo.toml +++ b/apps/transfers/enclave/Cargo.toml @@ -37,7 +37,7 @@ tendermint-light-client = { version = "=0.38.1", default-features = false, featu transfers-contract = { path = "../contracts", default-features = false } # quartz -quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["full"]} +quartz-common = { path = "../../../core/quartz-common", features = ["full"] } [dev-dependencies] cw-multi-test = "2.1.0" diff --git a/apps/transfers/enclave/src/cli.rs b/apps/transfers/enclave/src/cli.rs index 958d2a3..46d82e2 100644 --- a/apps/transfers/enclave/src/cli.rs +++ b/apps/transfers/enclave/src/cli.rs @@ -28,7 +28,7 @@ pub struct Cli { /// TcbInfo contract address #[clap(long)] - pub tcbinfo_contract: AccountId, + pub tcbinfo_contract: Option, /// Height of the trusted header (AKA root-of-trust) #[clap(long)] diff --git a/apps/transfers/enclave/src/main.rs b/apps/transfers/enclave/src/main.rs index 64f62f1..b16c7e9 100644 --- a/apps/transfers/enclave/src/main.rs +++ b/apps/transfers/enclave/src/main.rs @@ -61,7 +61,7 @@ async fn main() -> Result<(), Box> { attestor.mr_enclave()?, Duration::from_secs(30 * 24 * 60), light_client_opts, - args.tcbinfo_contract.to_string(), + args.tcbinfo_contract.map(|c| c.to_string()), ); let sk = Arc::new(Mutex::new(None)); diff --git a/cosmwasm/packages/quartz-cw/Cargo.toml b/cosmwasm/packages/quartz-cw/Cargo.toml index 889f13f..0e4c276 100644 --- a/cosmwasm/packages/quartz-cw/Cargo.toml +++ b/cosmwasm/packages/quartz-cw/Cargo.toml @@ -23,6 +23,7 @@ serde_with.workspace = true sha2.workspace = true thiserror.workspace = true hex.workspace = true + # cosmos cw-storage-plus.workspace = true cosmwasm-schema.workspace = true @@ -30,9 +31,7 @@ cosmwasm-std.workspace = true # quartz quartz-tee-ra.workspace = true - -# tcbinfo -tcbinfo = { path = "../tcbinfo", features = ["library"] } +tcbinfo.workspace = true [dev-dependencies] serde_json.workspace = true diff --git a/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs b/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs index 319b4fb..a68ce66 100644 --- a/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs +++ b/cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs @@ -20,7 +20,9 @@ use crate::{ pub fn query_tcbinfo(deps: Deps<'_>, fmspc: String) -> Result { let config = CONFIG.load(deps.storage).map_err(Error::Std)?; - let tcbinfo_addr = config.tcb_info(); + let tcbinfo_addr = config + .tcb_info() + .expect("TcbInfo contract address is required for DCAP"); let fmspc_bytes = hex::decode(&fmspc).map_err(|_| Error::InvalidFmspc("Invalid FMSPC format".to_string()))?; diff --git a/cosmwasm/packages/quartz-cw/src/state.rs b/cosmwasm/packages/quartz-cw/src/state.rs index d8c2a7a..dff604a 100644 --- a/cosmwasm/packages/quartz-cw/src/state.rs +++ b/cosmwasm/packages/quartz-cw/src/state.rs @@ -17,7 +17,7 @@ pub struct Config { mr_enclave: MrEnclave, epoch_duration: Duration, light_client_opts: LightClientOpts, - tcbinfo_contract: String, + tcbinfo_contract: Option, } impl Config { @@ -25,7 +25,7 @@ impl Config { mr_enclave: MrEnclave, epoch_duration: Duration, light_client_opts: LightClientOpts, - tcbinfo_contract: String, + tcbinfo_contract: Option, ) -> Self { Self { mr_enclave, @@ -43,8 +43,8 @@ impl Config { self.mr_enclave } - pub fn tcbinfo_contract(&self) -> &str { - &self.tcbinfo_contract + pub fn tcbinfo_contract(&self) -> Option<&str> { + self.tcbinfo_contract.as_deref() } } @@ -53,7 +53,7 @@ pub struct RawConfig { mr_enclave: HexBinary, epoch_duration: Duration, light_client_opts: RawLightClientOpts, - tcbinfo_contract: String, + tcbinfo_contract: Option, } impl RawConfig { @@ -61,8 +61,8 @@ impl RawConfig { self.mr_enclave.as_slice() } - pub fn tcb_info(&self) -> String { - self.tcbinfo_contract.to_string() + pub fn tcb_info(&self) -> Option { + self.tcbinfo_contract.clone().map(|c| c.to_string()) } } diff --git a/cosmwasm/packages/tcbinfo/Cargo.toml b/cosmwasm/packages/tcbinfo/Cargo.toml index 6384d67..faa811d 100644 --- a/cosmwasm/packages/tcbinfo/Cargo.toml +++ b/cosmwasm/packages/tcbinfo/Cargo.toml @@ -32,28 +32,24 @@ optimize = """docker run --rm -v "$(pwd)":/code \ """ [dependencies] - cosmwasm-schema = "2.0.1" -cosmwasm-std = { version = "2.0.1", features = [ - "cosmwasm_1_3", - # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher - # "cosmwasm_1_4", +cosmwasm-std = { version = "2.0.1", default-features = false, features = [ + "cosmwasm_1_3", + # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher + # "cosmwasm_1_4", ] } cw-storage-plus = "2.0.0" cw2 = "2.0.0" -getrandom = { version = "0.2", features = ["js"] } schemars = "0.8.16" serde = { version = "1.0.197", default-features = false, features = ["derive"] } thiserror = { version = "1.0.58" } x509-cert = { version = "0.2.5", default-features = false, features = ["pem"] } -x509-parser = {version = "0.16.0", features = ["verify"] } der = { version = "0.7.9" } quartz-tee-ra = { path = "../quartz-tee-ra" } -mc-attestation-verifier = {git = "https://github.com/informalsystems/attestation", default-features = false} -p256 = "0.13.2" +mc-attestation-verifier = { git = "https://github.com/informalsystems/attestation", default-features = false } +p256 = { version = "0.13.2", default-features = false } serde_json = { version = "1.0", default-features = false } -hashbrown = {version = "0.14.5", features = ["serde"]} -hex = {version = "0.4.3", default-features = false, features = ["serde"]} +hex = { version = "0.4.3", default-features = false, features = ["serde"] } [dev-dependencies] cw-multi-test = "2.0.0"