fix(enclave): make tcbinfo-contract deployable on cosmwasm (#194)

Co-authored-by: Peppi Littera <giuseppe@informal.systems>

Cargo.lock

@@ -1684,7 +1684,6 @@ dependencies = [
  "ff",
  "generic-array",
  "group",
- "pem-rfc7468",
  "pkcs8",
  "rand_core",
  "sec1",
@@ -2432,7 +2431,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 dependencies = [
  "ahash",
  "allocator-api2",
- "serde",
 ]
 
 [[package]]
@@ -5240,8 +5238,6 @@ dependencies = [
  "cw-storage-plus",
  "cw2",
  "der",
- "getrandom",
- "hashbrown 0.14.5",
  "hex",
  "mc-attestation-verifier",
  "p256",
@@ -5251,7 +5247,6 @@ dependencies = [
  "serde_json",
  "thiserror",
  "x509-cert",
- "x509-parser",
 ]
 
 [[package]]

Cargo.toml

@@ -77,11 +77,12 @@ mc-attestation-verifier = { git = "https://github.com/informalsystems/attestatio
 
 # quartz
 cw-proof = { path = "core/light-client-proofs/cw-proof", default-features = false }
-quartz-common = { path = "core/quartz-common"}
+quartz-common = { path = "core/quartz-common" }
 quartz-cw = { path = "cosmwasm/packages/quartz-cw", default-features = false }
 quartz-enclave = { path = "core/quartz", default-features = false }
 quartz-proto = { path = "core/quartz-proto", default-features = false }
 quartz-tee-ra = { path = "cosmwasm/packages/quartz-tee-ra", default-features = false }
+tcbinfo = { path = "cosmwasm/packages/tcbinfo", features = ["library"] }
 tm-prover = { path = "utils/tm-prover", default-features = false }
 tm-stateless-verifier = { path = "core/light-client-proofs/tm-stateless-verifier", default-features = false }
 wasmd-client = { path = "cosmwasm/packages/wasmd-client", default-features = false }

apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock

@@ -771,7 +771,6 @@ dependencies = [
  "ff",
  "generic-array",
  "group",
- "pem-rfc7468",
  "pkcs8",
  "rand_core",
  "sec1",
@@ -859,7 +858,6 @@ checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
 dependencies = [
  "ahash",
  "allocator-api2",
- "serde",
 ]
 
 [[package]]
@@ -1578,8 +1576,6 @@ dependencies = [
  "cw-storage-plus",
  "cw2",
  "der",
- "getrandom",
- "hashbrown 0.14.5",
  "hex",
  "mc-attestation-verifier",
  "p256",
@@ -1589,7 +1585,6 @@ dependencies = [
  "serde_json",
  "thiserror",
  "x509-cert",
- "x509-parser",
 ]
 
 [[package]]

apps/mtcs/enclave/Cargo.toml

@@ -44,7 +44,7 @@ cw-tee-mtcs.workspace = true
 mtcs.workspace = true
 
 # quartz
-quartz-common = { workspace = true, features = ["full"]}
+quartz-common = { workspace = true, features = ["full"] }
 
 [dev-dependencies]
 cw-multi-test = "2.1.0"

apps/mtcs/enclave/src/cli.rs

@@ -28,7 +28,7 @@ pub struct Cli {
 
     /// TcbInfo contract address
     #[clap(long)]
-    pub tcbinfo_contract: AccountId,
+    pub tcbinfo_contract: Option<AccountId>,
 
     /// Height of the trusted header (AKA root-of-trust)
     #[clap(long)]

apps/mtcs/enclave/src/main.rs

@@ -61,7 +61,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         attestor.mr_enclave()?,
         Duration::from_secs(30 * 24 * 60),
         light_client_opts,
-        args.tcbinfo_contract.to_string(),
+        args.tcbinfo_contract.map(|c| c.to_string()),
     );
 
     let sk = Arc::new(Mutex::new(None));

apps/transfers/contracts/Cargo.lock

@@ -1176,7 +1176,6 @@ dependencies = [
 [[package]]
 name = "quartz-common"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
  "quartz-cw",
 ]
@@ -1184,7 +1183,6 @@ dependencies = [
 [[package]]
 name = "quartz-cw"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
  "cosmwasm-schema",
  "cosmwasm-std",
@@ -1196,13 +1194,13 @@ dependencies = [
  "serde_json",
  "serde_with",
  "sha2",
+ "tcbinfo",
  "thiserror",
 ]
 
 [[package]]
 name = "quartz-tee-ra"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#302008c337b58fcad0373922a2787b9341eafd58"
 dependencies = [
  "cosmwasm-schema",
  "cosmwasm-std",
@@ -1548,6 +1546,26 @@ dependencies = [
  "syn 2.0.75",
 ]
 
+[[package]]
+name = "tcbinfo"
+version = "0.1.0"
+dependencies = [
+ "cosmwasm-schema",
+ "cosmwasm-std",
+ "cw-storage-plus",
+ "cw2",
+ "der",
+ "hex",
+ "mc-attestation-verifier",
+ "p256",
+ "quartz-tee-ra",
+ "schemars",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "x509-cert",
+]
+
 [[package]]
 name = "thiserror"
 version = "1.0.63"

apps/transfers/contracts/Cargo.toml

@@ -44,7 +44,7 @@ cw20-base = { version = "2.0.0", default-features = false, features = ["library"
 cw-utils = { version = "2.0.0", default-features = false }
 
 # quartz
-quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["contract"]}
+quartz-common = { path = "../../../core/quartz-common", features = ["contract"] }
 
 # patch indirect deps
 getrandom = { version = "0.2.15", default-features = false, features = ["js"] }

apps/transfers/enclave/Cargo.lock

@@ -870,7 +870,6 @@ dependencies = [
 [[package]]
 name = "cw-proof"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "clap",
  "cosmrs",
@@ -2507,7 +2506,6 @@ dependencies = [
 [[package]]
 name = "quartz-common"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "quartz-cw",
  "quartz-enclave",
@@ -2517,24 +2515,24 @@ dependencies = [
 [[package]]
 name = "quartz-cw"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "cosmwasm-schema",
  "cosmwasm-std",
  "cw-storage-plus",
+ "hex",
  "k256",
  "quartz-tee-ra",
  "serde",
  "serde_json",
  "serde_with",
  "sha2 0.10.8",
+ "tcbinfo",
  "thiserror",
 ]
 
 [[package]]
 name = "quartz-enclave"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "clap",
  "color-eyre",
@@ -2562,7 +2560,6 @@ dependencies = [
 [[package]]
 name = "quartz-proto"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "prost 0.13.1",
  "tonic",
@@ -2572,7 +2569,6 @@ dependencies = [
 [[package]]
 name = "quartz-tee-ra"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "cosmwasm-schema",
  "cosmwasm-std",
@@ -3279,6 +3275,26 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "tcbinfo"
+version = "0.1.0"
+dependencies = [
+ "cosmwasm-schema",
+ "cosmwasm-std",
+ "cw-storage-plus",
+ "cw2",
+ "der",
+ "hex",
+ "mc-attestation-verifier",
+ "p256",
+ "quartz-tee-ra",
+ "schemars",
+ "serde",
+ "serde_json",
+ "thiserror",
+ "x509-cert",
+]
+
 [[package]]
 name = "tempfile"
 version = "3.12.0"
@@ -3537,7 +3553,6 @@ checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
 [[package]]
 name = "tm-stateless-verifier"
 version = "0.1.0"
-source = "git+ssh://git@github.com/informalsystems/cycles-quartz.git#a9ea3fa9aee52e4dd7bcbe641762de187187b855"
 dependencies = [
  "displaydoc",
  "tendermint 0.38.1",

apps/transfers/enclave/Cargo.toml

@@ -37,7 +37,7 @@ tendermint-light-client = { version = "=0.38.1", default-features = false, featu
 transfers-contract = { path = "../contracts", default-features = false }
 
 # quartz
-quartz-common = { git = "ssh://git@github.com/informalsystems/cycles-quartz.git", features=["full"]}
+quartz-common = { path = "../../../core/quartz-common", features = ["full"] }
 
 [dev-dependencies]
 cw-multi-test = "2.1.0"

apps/transfers/enclave/src/cli.rs

@@ -28,7 +28,7 @@ pub struct Cli {
 
     /// TcbInfo contract address
     #[clap(long)]
-    pub tcbinfo_contract: AccountId,
+    pub tcbinfo_contract: Option<AccountId>,
 
     /// Height of the trusted header (AKA root-of-trust)
     #[clap(long)]

apps/transfers/enclave/src/main.rs

@@ -61,7 +61,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
         attestor.mr_enclave()?,
         Duration::from_secs(30 * 24 * 60),
         light_client_opts,
-        args.tcbinfo_contract.to_string(),
+        args.tcbinfo_contract.map(|c| c.to_string()),
     );
 
     let sk = Arc::new(Mutex::new(None));

cosmwasm/packages/quartz-cw/Cargo.toml

@@ -23,6 +23,7 @@ serde_with.workspace = true
 sha2.workspace = true
 thiserror.workspace = true
 hex.workspace = true
+
 # cosmos
 cw-storage-plus.workspace = true
 cosmwasm-schema.workspace = true
@@ -30,9 +31,7 @@ cosmwasm-std.workspace = true
 
 # quartz
 quartz-tee-ra.workspace = true
-
+tcbinfo.workspace = true
-# tcbinfo
-tcbinfo = { path = "../tcbinfo", features = ["library"] }
 
 [dev-dependencies]
 serde_json.workspace = true

cosmwasm/packages/quartz-cw/src/handler/execute/attested.rs

@@ -20,7 +20,9 @@ use crate::{
 
 pub fn query_tcbinfo(deps: Deps<'_>, fmspc: String) -> Result<Binary, Error> {
     let config = CONFIG.load(deps.storage).map_err(Error::Std)?;
-    let tcbinfo_addr = config.tcb_info();
+    let tcbinfo_addr = config
+        .tcb_info()
+        .expect("TcbInfo contract address is required for DCAP");
 
     let fmspc_bytes =
         hex::decode(&fmspc).map_err(|_| Error::InvalidFmspc("Invalid FMSPC format".to_string()))?;

cosmwasm/packages/quartz-cw/src/state.rs

@@ -17,7 +17,7 @@ pub struct Config {
     mr_enclave: MrEnclave,
     epoch_duration: Duration,
     light_client_opts: LightClientOpts,
-    tcbinfo_contract: String,
+    tcbinfo_contract: Option<String>,
 }
 
 impl Config {
@@ -25,7 +25,7 @@ impl Config {
         mr_enclave: MrEnclave,
         epoch_duration: Duration,
         light_client_opts: LightClientOpts,
-        tcbinfo_contract: String,
+        tcbinfo_contract: Option<String>,
     ) -> Self {
         Self {
             mr_enclave,
@@ -43,8 +43,8 @@ impl Config {
         self.mr_enclave
     }
 
-    pub fn tcbinfo_contract(&self) -> &str {
+    pub fn tcbinfo_contract(&self) -> Option<&str> {
-        &self.tcbinfo_contract
+        self.tcbinfo_contract.as_deref()
     }
 }
 
@@ -53,7 +53,7 @@ pub struct RawConfig {
     mr_enclave: HexBinary,
     epoch_duration: Duration,
     light_client_opts: RawLightClientOpts,
-    tcbinfo_contract: String,
+    tcbinfo_contract: Option<String>,
 }
 
 impl RawConfig {
@@ -61,8 +61,8 @@ impl RawConfig {
         self.mr_enclave.as_slice()
     }
 
-    pub fn tcb_info(&self) -> String {
+    pub fn tcb_info(&self) -> Option<String> {
-        self.tcbinfo_contract.to_string()
+        self.tcbinfo_contract.clone().map(|c| c.to_string())
     }
 }
 

cosmwasm/packages/tcbinfo/Cargo.toml

@@ -32,28 +32,24 @@ optimize = """docker run --rm -v "$(pwd)":/code \
 """
 
 [dependencies]
-
 cosmwasm-schema = "2.0.1"
-cosmwasm-std = { version = "2.0.1", features = [
+cosmwasm-std = { version = "2.0.1", default-features = false, features = [
-  "cosmwasm_1_3",
+    "cosmwasm_1_3",
-  # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher
+    # Enable this if you only deploy to chains that have CosmWasm 1.4 or higher
-  # "cosmwasm_1_4",
+    # "cosmwasm_1_4",
 ] }
 cw-storage-plus = "2.0.0"
 cw2 = "2.0.0"
-getrandom = { version = "0.2", features = ["js"] }
 schemars = "0.8.16"
 serde = { version = "1.0.197", default-features = false, features = ["derive"] }
 thiserror = { version = "1.0.58" }
 x509-cert = { version = "0.2.5", default-features = false, features = ["pem"] }
-x509-parser = {version = "0.16.0", features = ["verify"] }
 der = { version = "0.7.9" }
 quartz-tee-ra = { path = "../quartz-tee-ra" }
-mc-attestation-verifier = {git = "https://github.com/informalsystems/attestation", default-features = false}
+mc-attestation-verifier = { git = "https://github.com/informalsystems/attestation", default-features = false }
-p256 = "0.13.2"
+p256 = { version = "0.13.2", default-features = false }
 serde_json = { version = "1.0", default-features = false }
-hashbrown = {version = "0.14.5", features = ["serde"]}
+hex = { version = "0.4.3", default-features = false, features = ["serde"] }
-hex = {version = "0.4.3", default-features = false, features = ["serde"]}
 
 [dev-dependencies]
 cw-multi-test = "2.0.0"