Attested/verified SubmitSetoffsMsg (#57)

Cargo.lock

@@ -708,6 +708,8 @@ dependencies = [
  "quartz-cw",
  "schemars",
  "serde",
+ "serde_json",
+ "sha2 0.10.8",
  "thiserror",
 ]
 

apps/mtcs/contracts/cw-tee-mtcs/Cargo.lock

@@ -263,6 +263,7 @@ dependencies = [
  "schemars",
  "serde",
  "serde_json",
+ "sha2 0.10.8",
  "thiserror",
 ]
 

apps/mtcs/contracts/cw-tee-mtcs/Cargo.toml

@@ -28,6 +28,8 @@ hex = { version = "0.4.3", default-features = false }
 k256 = { version = "0.13.2", default-features = false, features = ["ecdsa"] }
 schemars = "0.8.15"
 serde = { version = "1.0.189", default-features = false, features = ["derive"] }
+sha2 = "0.10.8"
+serde_json = "1.0.117"
 thiserror = { version = "1.0.49" }
 
 # cosmwasm

apps/mtcs/contracts/cw-tee-mtcs/src/contract.rs

@@ -99,7 +99,11 @@ pub fn execute(
             execute::append_liquidity_sources(deps, liquidity_sources)?;
             Ok(Response::new())
         }
-        ExecuteMsg::SubmitSetoffs(SubmitSetoffsMsg { setoffs_enc }) => {
+        ExecuteMsg::SubmitSetoffs(attested_msg) => {
+            let _ = attested_msg
+                .clone()
+                .handle_raw(deps.branch(), &env, &info)?;
+            let SubmitSetoffsMsg { setoffs_enc } = attested_msg.msg.0;
             execute::submit_setoffs(deps, env, setoffs_enc)
         }
         ExecuteMsg::InitClearing => execute::init_clearing(deps),

apps/mtcs/contracts/cw-tee-mtcs/src/msg.rs

@@ -2,10 +2,15 @@ use std::collections::BTreeMap;
 
 use cosmwasm_schema::{cw_serde, QueryResponses};
 use cosmwasm_std::HexBinary;
-use quartz_cw::prelude::*;
+use quartz_cw::{
+    msg::execute::attested::{RawAttested, RawAttestedMsgSansHandler, RawEpidAttestation},
+    prelude::*,
+};
 
 use crate::state::{RawHash, SettleOff};
 
+type AttestedMsg<M> = RawAttested<RawAttestedMsgSansHandler<M>, RawEpidAttestation>;
+
 #[cw_serde]
 pub struct InstantiateMsg(pub QuartzInstantiateMsg);
 
@@ -17,11 +22,14 @@ pub enum ExecuteMsg {
     Transfer(execute::Cw20Transfer),
     SubmitObligation(execute::SubmitObligationMsg),
     SubmitObligations(execute::SubmitObligationsMsg),
-    SubmitSetoffs(execute::SubmitSetoffsMsg),
+    SubmitSetoffs(AttestedMsg<execute::SubmitSetoffsMsg>),
     InitClearing,
 }
 
 pub mod execute {
+    use quartz_cw::{msg::execute::attested::HasUserData, state::UserData};
+    use sha2::{Digest, Sha256};
+
     use super::*;
 
     #[cw_serde]
@@ -62,6 +70,18 @@ pub mod execute {
         pub setoffs_enc: BTreeMap<RawHash, SettleOff>,
         // pub proof: π,
     }
+
+    impl HasUserData for SubmitSetoffsMsg {
+        fn user_data(&self) -> UserData {
+            let mut hasher = Sha256::new();
+            hasher.update(serde_json::to_string(&self).expect("infallible serializer"));
+            let digest: [u8; 32] = hasher.finalize().into();
+
+            let mut user_data = [0u8; 64];
+            user_data[0..32].copy_from_slice(&digest);
+            user_data
+        }
+    }
 }
 
 #[cw_serde]

core/quartz/src/mtcs_server.rs

@@ -27,7 +27,7 @@ use crate::{
 #[derive(Clone, Debug)]
 pub struct MtcsService<A> {
     sk: Arc<Mutex<Option<SigningKey>>>,
-    _attestor: A,
+    attestor: A,
 }
 
 #[derive(Clone, Debug, Serialize, Deserialize)]
@@ -36,12 +36,18 @@ pub struct RunClearingMessage {
     liquidity_sources: Vec<HexBinary>,
 }
 
+#[derive(Clone, Debug, Serialize, Deserialize)]
+struct AttestedMsg<M> {
+    msg: M,
+    quote: Vec<u8>,
+}
+
 impl<A> MtcsService<A>
 where
     A: Attestor,
 {
-    pub fn new(sk: Arc<Mutex<Option<SigningKey>>>, _attestor: A) -> Self {
-        Self { sk, _attestor }
+    pub fn new(sk: Arc<Mutex<Option<SigningKey>>>, attestor: A) -> Self {
+        Self { sk, attestor }
     }
 }
 
@@ -85,7 +91,15 @@ where
             .map(|(settle_off, digest)| (digest, settle_off))
             .collect();
 
-        let message = serde_json::to_string(&SubmitSetoffsMsg { setoffs_enc }).unwrap();
+        let msg = SubmitSetoffsMsg { setoffs_enc };
+
+        let quote = self
+            .attestor
+            .quote(msg.clone())
+            .map_err(|e| Status::internal(e.to_string()))?;
+
+        let attested_msg = AttestedMsg { msg, quote };
+        let message = serde_json::to_string(&attested_msg).unwrap();
         Ok(Response::new(RunClearingResponse { message }))
     }
 }