From b9d0ef22139b229bddef8eedec8350c87e0b1554 Mon Sep 17 00:00:00 2001 From: Ethan Buchman Date: Fri, 28 Jun 2024 06:56:50 -0400 Subject: [PATCH] transfers: add scripts and readme (#63) Co-authored-by: Daniel Gushchyan Co-authored-by: hu55a1n1 Co-authored-by: David Kajpust Co-authored-by: Daniel Gushchyan <39884512+dangush@users.noreply.github.com> --- .gitignore | 5 + apps/mtcs/enclave/src/mtcs_server.rs | 7 +- apps/transfers/README.md | 96 +++++++++++++++ apps/transfers/contracts/build.sh | 1 + apps/transfers/contracts/deploy-contract.sh | 75 +++++++++++ apps/transfers/contracts/src/contract.rs | 17 ++- .../enclave/quartz.manifest.template | 57 +++++++++ apps/transfers/scripts/build.sh | 18 +++ apps/transfers/scripts/deploy.sh | 23 ++++ apps/transfers/scripts/handshake.sh | 116 ++++++++++++++++++ apps/transfers/scripts/listen.sh | 73 +++++++++++ apps/transfers/scripts/start.sh | 64 ++++++++++ relayer/scripts/relay.sh | 2 +- utils/tm-prover/light-client-proof.json | 1 - 14 files changed, 543 insertions(+), 12 deletions(-) create mode 100644 apps/transfers/README.md create mode 100644 apps/transfers/contracts/build.sh create mode 100755 apps/transfers/contracts/deploy-contract.sh create mode 100644 apps/transfers/enclave/quartz.manifest.template create mode 100644 apps/transfers/scripts/build.sh create mode 100755 apps/transfers/scripts/deploy.sh create mode 100755 apps/transfers/scripts/handshake.sh create mode 100755 apps/transfers/scripts/listen.sh create mode 100755 apps/transfers/scripts/start.sh delete mode 100644 utils/tm-prover/light-client-proof.json diff --git a/.gitignore b/.gitignore index 2cbad53..cb9ef84 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,11 @@ *~ *.manifest *.manifest.sgx +*.sig +*.hash +*.height +*light-client-proof.json +*output .idea/ target/ artifacts/ diff --git a/apps/mtcs/enclave/src/mtcs_server.rs b/apps/mtcs/enclave/src/mtcs_server.rs index f748ba6..0674210 100644 --- a/apps/mtcs/enclave/src/mtcs_server.rs +++ b/apps/mtcs/enclave/src/mtcs_server.rs @@ -38,12 +38,6 @@ pub struct RunClearingMessage { liquidity_sources: Vec, } -#[derive(Clone, Debug, Serialize, Deserialize)] -struct AttestedMsg { - msg: M, - quote: Vec, -} - impl MtcsService where A: Attestor, @@ -119,6 +113,7 @@ where let attested_msg = RawAttested { msg, attestation }; let message = serde_json::to_string(&attested_msg).unwrap(); + Ok(Response::new(RunClearingResponse { message })) } } diff --git a/apps/transfers/README.md b/apps/transfers/README.md new file mode 100644 index 0000000..643189f --- /dev/null +++ b/apps/transfers/README.md @@ -0,0 +1,96 @@ +# Transfers + +This is a simple Quartz demo app. It allows users to deposit funds to a contract, transfer them around privately within the contract's encrypted state, +and withdraw whatever funds they have. + +## Run + +First set the `NODE_URL` variable to the address of the blockchain node. If it's a local node, set it to `localhost:26657`. If it's a remote node, set it to that node's address. + +The `scripts` dir contains some bash scripts to help run the app. +These scripts should be replaced by a new `quartz` tool. See [issue](https://github.com/informalsystems/cycles-quartz/issues/61). + +### Build the Binaries + +Build the enclave binary and the smart contract binary: + +``` +bash scripts/build.sh +``` + +### Configure and Run Gramine + +Setup and sign the Gramine config, and then start the gramine process, which will run the +grpc server that hosts the transfer application. + +``` +bash scripts/start.sh +``` + +The enclave binary is now running, waiting for commands. + + +### Contract Setup + +With the enclave running in one window, open another window to deploy the contract and start the listener. + +In the new window, set the NODE_URL env variable again (eg. `export NODE_URL=143.244.186.205:26657`) + +Now we can deploy the contract: + +``` +bash scripts/deploy.sh +``` + +Note the deployed contract address and save it into the `CONTRACT` env variable. + +Now run the quartz handshake between contract and enclave: + +``` +bash scripts/handshake.sh $CONTRACT +``` + +This should output the pubkey and nonce. + +### Run the Listener + +Finally, we're ready to listen to events from the contract and trigger execution on the enclave: + +``` +bash scripts/listen.sh $CONTRACT +``` + +Now we can interact with the contract, and we'll see the events and contract data come through. + + +### Run the Frontend + +Now on your own machine, checkout the https://github.com/informalsystems/cycles-hackathon-app. + + +Make sure to create a `.env.local` file and set the contract address and TEE pubkey (see the output from `init.sh` and `handshake.sh`). For example: + +``` +#.env.local +NEXT_PUBLIC_TRANSFERS_CONTRACT_ADDRESS=wasm1ch9ed27cdu3a4fkx37gnagm7jcthj0rggnmmjwwwe4xhwmk0d65q8fn9pz +NEXT_PUBLIC_ENCLAVE_PUBLIC_KEY=030c25e39743fd4c7553d87873919281d567b5c328fb903cbfbe9541518736a2d2 +``` + +Install and run the app: + +``` +npm install -f +npm run dev +``` + +Note the frontend app is currently hardcoded to talk to our remote digital ocean node. + +Make sure you have Keplr installed in your browser and you should now be able to use the app! + +You may have to go to "Manage Chain Visibility" in Keplr settings to add the `My Testing Chain`. + +Then you should be able to deposit, transfer, and withdraw using different Keplr accounts. And everything will get processed automatically by the transfer.sh script we have running on the enclave host! + + + + diff --git a/apps/transfers/contracts/build.sh b/apps/transfers/contracts/build.sh new file mode 100644 index 0000000..b49e272 --- /dev/null +++ b/apps/transfers/contracts/build.sh @@ -0,0 +1 @@ +RUSTFLAGS='-C link-arg=-s' cargo wasm diff --git a/apps/transfers/contracts/deploy-contract.sh b/apps/transfers/contracts/deploy-contract.sh new file mode 100755 index 0000000..a573366 --- /dev/null +++ b/apps/transfers/contracts/deploy-contract.sh @@ -0,0 +1,75 @@ +#!/bin/bash + +# Deploy the specified contract's `WASM_BIN` to the chain specified by `CHAIN_ID` using the `USER_ADDR` account. + +set -eo pipefail + +usage() { + echo "Usage: $0 WASM_BIN [COUNT]" + echo "Example: $0 artifacts/cofi_karma_game.wasm" + exit 1 +} + +if [ -z "$1" ]; then + echo "❌ Error: Missing WASM_BIN parameter. Please check if all parameters were specified." + usage +fi + +if [ "$#" -gt 9 ]; then + echo "❌ Error: Incorrect number of parameters." + usage +fi + +USER_ADDR=${USER_ADDR:-$(wasmd keys show -a admin)} +WASM_BIN="$1" +CHAIN_ID=${CHAIN_ID:-testing} +NODE_URL=${NODE_URL:-127.0.0.1:26657} +LABEL=${LABEL:-bisenzone-mvp} +COUNT=${COUNT:-0} +INSTANTIATE_MSG=${INSTANTIATE_MSG:-"null"} + +TXFLAG="--chain-id ${CHAIN_ID} --gas-prices 0.0025ucosm --gas auto --gas-adjustment 1.3" + +CMD="wasmd --node http://$NODE_URL" + +echo "🚀 Deploying WASM contract '${WASM_BIN}' on chain '${CHAIN_ID}' using account '${USER_ADDR}'..." +echo " with cmd : $CMD" +echo "====================================================================" + +RES=$($CMD tx wasm store "$WASM_BIN" --from "$USER_ADDR" $TXFLAG -y --output json) +echo $RES +TX_HASH=$(echo $RES | jq -r '.["txhash"]') + +while ! $CMD query tx $TX_HASH &> /dev/null; do + echo "... 🕐 waiting for contract to deploy from tx hash $TX_HASH" + sleep 1 +done + +RES=$($CMD query tx "$TX_HASH" --output json) +CODE_ID=$(echo $RES | jq -r '.logs[0].events[1].attributes[1].value') + +echo "" +echo "🚀 Instantiating contract with the following parameters:" +echo "--------------------------------------------------------" +echo "Label: ${LABEL}" +echo "--------------------------------------------------------" + +RES=$($CMD tx wasm instantiate "$CODE_ID" "$INSTANTIATE_MSG" --from "$USER_ADDR" --label $LABEL $TXFLAG -y --no-admin --output json) +TX_HASH=$(echo $RES | jq -r '.["txhash"]') + + +echo "" +while ! $CMD query tx $TX_HASH &> /dev/null; do + echo "... 🕐 waiting for contract to be queryable" + sleep 1 +done + +RES=$($CMD query wasm list-contract-by-code "$CODE_ID" --output json) +CONTRACT=$(echo $RES | jq -r '.contracts[0]') + +echo "🚀 Successfully deployed and instantiated contract!" +echo "🔗 Chain ID: ${CHAIN_ID}" +echo "🆔 Code ID: ${CODE_ID}" +echo "📌 Contract Address: ${CONTRACT}" +echo "🔑 Contract Key: ${KEY}" +echo "🔖 Contract Label: ${LABEL}" diff --git a/apps/transfers/contracts/src/contract.rs b/apps/transfers/contracts/src/contract.rs index bd2bf62..8db2017 100644 --- a/apps/transfers/contracts/src/contract.rs +++ b/apps/transfers/contracts/src/contract.rs @@ -60,7 +60,7 @@ pub fn execute( } pub mod execute { - use cosmwasm_std::{coins, BankMsg, DepsMut, Env, MessageInfo, Response}; + use cosmwasm_std::{coins, BankMsg, DepsMut, Env, Event, MessageInfo, Response}; use cw_utils::must_pay; use crate::{ @@ -81,7 +81,10 @@ pub mod execute { REQUESTS.save(deps.storage, &requests)?; - Ok(Response::new()) + let event = Event::new("transfer").add_attribute("action", "user"); + let resp = Response::new().add_event(event); + + Ok(resp) } pub fn update( @@ -127,7 +130,10 @@ pub mod execute { REQUESTS.save(deps.storage, &requests)?; - Ok(Response::new()) + let event = Event::new("transfer").add_attribute("action", "user"); + let resp = Response::new().add_event(event); + + Ok(resp) } pub fn withdraw( @@ -143,6 +149,9 @@ pub mod execute { REQUESTS.save(deps.storage, &requests)?; - Ok(Response::new()) + let event = Event::new("transfer").add_attribute("action", "user"); + let resp = Response::new().add_event(event); + + Ok(resp) } } diff --git a/apps/transfers/enclave/quartz.manifest.template b/apps/transfers/enclave/quartz.manifest.template new file mode 100644 index 0000000..4b8814d --- /dev/null +++ b/apps/transfers/enclave/quartz.manifest.template @@ -0,0 +1,57 @@ +# Quartz manifest file + +loader.entrypoint = "file:{{ gramine.libos }}" +libos.entrypoint = "{{ quartz_dir }}/target/release/enclave" + +loader.log_level = "{{ log_level }}" + +loader.env.LD_LIBRARY_PATH = "/lib:{{ arch_libdir }}:/usr/{{ arch_libdir }}" +loader.env.HOME = "{{ home }}" +loader.env.INSIDE_SGX = "1" +loader.env.TLS = { passthrough = true } +loader.env.RA_TYPE = { passthrough = true } +loader.env.RA_TLS_ALLOW_DEBUG_ENCLAVE_INSECURE = { passthrough = true } +loader.env.RA_TLS_ALLOW_OUTDATED_TCB_INSECURE = { passthrough = true } +loader.env.RA_TLS_MRENCLAVE = { passthrough = true } +loader.env.RA_TLS_MRSIGNER = { passthrough = true } +loader.env.RA_TLS_ISV_SVN = { passthrough = true } +loader.env.RA_TLS_ISV_PROD_ID = { passthrough = true } +loader.env.RA_TLS_EPID_API_KEY = { passthrough = true } +loader.env.MYAPP_DATA = { passthrough = true } + +loader.argv = ["enclave", + "--chain-id", "testing", + "--trusted-height", "1", + "--trusted-hash", "9A5627F601CA82FF4C3967BAE6521B67B6CECB8FF6FCBAE11A1DF563192E7EB9"] + +fs.mounts = [ + { uri = "file:{{ gramine.runtimedir() }}", path = "/lib" }, + { uri = "file:{{ arch_libdir }}", path = "{{ arch_libdir }}" }, + { uri = "file:/usr/{{ arch_libdir }}", path = "/usr{{ arch_libdir }}" }, + { uri = "file:{{ quartz_dir }}", path = "{{ quartz_dir }}" }, +] + +# sgx.debug = true +sgx.enclave_size = "512M" +sgx.max_threads = 4 +sgx.edmm_enable = {{ 'true' if env.get('EDMM', '0') == '1' else 'false' }} + +sgx.remote_attestation = "{{ ra_type }}" +sgx.ra_client_spid = "{{ ra_client_spid }}" +sgx.ra_client_linkable = {{ 'true' if ra_client_linkable == '1' else 'false' }} + +sgx.trusted_files = [ + "file:{{ gramine.libos }}", + "file:{{ quartz_dir }}/target/release/enclave", + "file:{{ gramine.runtimedir() }}/", + "file:{{ arch_libdir }}/", + "file:/usr/{{ arch_libdir }}/", +] + +sgx.allowed_files = [ + "file:{{ quartz_dir }}/exchange.sk", + "file:{{ quartz_dir }}/request.json", +] + +sys.insecure__allow_eventfd = true +sys.enable_sigterm_injection = true diff --git a/apps/transfers/scripts/build.sh b/apps/transfers/scripts/build.sh new file mode 100644 index 0000000..ffa72ef --- /dev/null +++ b/apps/transfers/scripts/build.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +set -eo pipefail + +ROOT=${ROOT:-$HOME} + +echo "--------------------------------------------------------" +echo "building enclave binary" + +cd $ROOT/cycles-quartz/apps/transfers/enclave +CARGO_TARGET_DIR=./target cargo build --release + +echo "--------------------------------------------------------" +echo "building cosmwasm contract binary" + + +cd $ROOT/cycles-quartz/apps/transfers/contracts +bash build.sh diff --git a/apps/transfers/scripts/deploy.sh b/apps/transfers/scripts/deploy.sh new file mode 100755 index 0000000..b76327d --- /dev/null +++ b/apps/transfers/scripts/deploy.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +set -eo pipefail + +ROOT=${ROOT:-$HOME} + + +echo "--------------------------------------------------------" +echo "instantiate" +cd $ROOT/cycles-quartz/relayer/ +export INSTANTIATE_MSG=$(./scripts/relay.sh Instantiate | jq '{quartz: .} + {denom: "ucosm"}' ) +echo "--------------------------------------------------------" + +echo "deploy contract" +cd $ROOT/cycles-quartz/apps/transfers/contracts/ + +bash deploy-contract.sh target/wasm32-unknown-unknown/release/transfers_contracts.wasm |& tee output +export CONTRACT=$(cat output | grep Address | awk '{print $NF}' | sed 's/\x1b\[[0-9;]*m//g') +echo $CONTRACT + + + + diff --git a/apps/transfers/scripts/handshake.sh b/apps/transfers/scripts/handshake.sh new file mode 100755 index 0000000..0242166 --- /dev/null +++ b/apps/transfers/scripts/handshake.sh @@ -0,0 +1,116 @@ +#!/bin/bash +# +# Perform the SessionCreate and SessionSetPubKey handshake between the contract and the sgx node +# Expects: +# - enclave is already initialized +# - contract is already deployed +# - apps/transfers/trusted.hash exists +# + +set -eo pipefail + +ROOT=${ROOT:-$HOME} + +NODE_URL=${NODE_URL:-127.0.0.1:26657} + +if [ "$#" -eq 0 ]; then + echo "Usage: $0 " + exit 1 # Exit with a non-zero status to indicate an error +fi + +CONTRACT="$1" + +CMD="wasmd --node http://$NODE_URL" + +cd "$ROOT/cycles-quartz/apps/transfers" +export TRUSTED_HASH=$(cat trusted.hash) + +echo "using CMD: $CMD" +echo "--------------------------------------------------------" + +echo "create session" + +# change to relay dir +cd $ROOT/cycles-quartz/relayer + +# execute SessionCreate on enclave +export EXECUTE_CREATE=$(./scripts/relay.sh SessionCreate) + +# submit SessionCreate to contract +RES=$($CMD tx wasm execute "$CONTRACT" "$EXECUTE_CREATE" --from admin --chain-id testing -y --output json) +TX_HASH=$(echo $RES | jq -r '.["txhash"]') + +# wait for tx to commit +while ! $CMD query tx $TX_HASH &> /dev/null; do + echo "... 🕐 waiting for tx" + sleep 1 +done + +# need to wait another block for light client proof +BLOCK_HEIGHT=$($CMD query block | jq .block.header.height) + +echo "at heigh $BLOCK_HEIGHT. need to wait for a block" +while [[ $BLOCK_HEIGHT == $($CMD query block | jq .block.header.height) ]]; do + echo "... 🕐 waiting for another block" + sleep 1 +done + +# need to wait another block for light client proof +BLOCK_HEIGHT=$($CMD query block | jq .block.header.height) +echo "at heigh $BLOCK_HEIGHT. need to wait for a block" +while [[ $BLOCK_HEIGHT == $($CMD query block | jq .block.header.height) ]]; do + echo "... 🕐 waiting for another block" + sleep 1 +done + +echo "--------------------------------------------------------" + +echo "set session pk" + +# change to prover dir +cd $ROOT/cycles-quartz/utils/tm-prover +export PROOF_FILE="light-client-proof.json" +if [ -f "$PROOF_FILE" ]; then + rm "$PROOF_FILE" + echo "removed old $PROOF_FILE" +fi + +# TODO: pass this in? +echo "trusted hash $TRUSTED_HASH" +echo "contract $CONTRACT" + +# run prover to get light client proof +# TODO: assume this binary is pre-built? +# TODO: pass in addresses and chain id +cargo run -vvv -- --chain-id testing \ + --primary "http://$NODE_URL" \ + --witnesses "http://$NODE_URL" \ + --trusted-height 1 \ + --trusted-hash $TRUSTED_HASH \ + --contract-address $CONTRACT \ + --storage-key "quartz_session" \ + --trace-file $PROOF_FILE + +export POP=$(cat $PROOF_FILE) +export POP_MSG=$(jq -nc --arg message "$POP" '$ARGS.named') + +# execute SessionSetPubKey on enclave +cd $ROOT/cycles-quartz/relayer +export EXECUTE_SETPUB=$(./scripts/relay.sh SessionSetPubKey "$POP_MSG") + +RES=$($CMD tx wasm execute "$CONTRACT" "$EXECUTE_SETPUB" --from admin --chain-id testing -y --output json) +TX_HASH=$(echo $RES | jq -r '.["txhash"]') + +# wait for tx to commit +while ! $CMD query tx $TX_HASH &> /dev/null; do + echo "... 🕐 waiting for tx" + sleep 1 +done + +echo "--------------------------------------------------------" + +echo "check session success" +export NONCE_AND_KEY=$($CMD query wasm contract-state raw "$CONTRACT" $(printf '%s' "quartz_session" | hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) +echo $NONCE_AND_KEY +export PUBKEY=$(echo $NONCE_AND_KEY | jq -r .pub_key) + diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh new file mode 100755 index 0000000..34045fe --- /dev/null +++ b/apps/transfers/scripts/listen.sh @@ -0,0 +1,73 @@ + + +ROOT=${ROOT:-$HOME} + +DEFAULT_NODE="127.0.0.1:26657" +NODE_URL=${NODE_URL:-$DEFAULT_NODE} + +if [ "$#" -eq 0 ]; then + echo "Usage: $0 " + exit 1 # Exit with a non-zero status to indicate an error +fi + +CONTRACT=$1 + +CMD="wasmd --node http://$NODE_URL" + +WSURL="ws://$NODE_URL/websocket" + +SUBSCRIBE="{\"jsonrpc\":\"2.0\",\"method\":\"subscribe\",\"params\":[\"execute._contract_address = '$CONTRACT' AND wasm-transfer.action = 'user'\"],\"id\":1}" + +echo $SUBSCRIBE + +echo "--------------------------------------------------------" +echo "subscribe to events" + +# cat keeps the stdin open so websocat doesnt close +(echo "$SUBSCRIBE"; cat) | websocat $WSURL | while read msg; do + if [[ "$msg" == '{"jsonrpc":"2.0","id":1,"result":{}}' ]]; then + echo "... subscribed" + echo "---------------------------------------------------------" + echo "... waiting for event" + continue + fi + + if echo "$msg" | jq 'has("error")' > /dev/null; then + echo "... error msg $msg" + echo "---------------------------------------------------------" + echo "... waiting for event" + continue + fi + + + echo "... received event! " + echo $msg + + echo "... fetching requests" + + REQUESTS=$($CMD query wasm contract-state raw $CONTRACT $(printf '%s' "requests" | hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) + STATE=$($CMD query wasm contract-state raw $CONTRACT $(printf '%s' "state" | hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) + + export ENCLAVE_REQUEST=$(jq -nc --argjson requests "$REQUESTS" --argjson state $STATE '$ARGS.named') + echo $ENCLAVE_REQUEST | jq . + + export REQUEST_MSG=$(jq -nc --arg message "$ENCLAVE_REQUEST" '$ARGS.named') + + cd $ROOT/cycles-quartz/apps/transfers/enclave + + echo "... executing transfer" + export UPDATE=$(grpcurl -plaintext -import-path ./proto/ -proto transfers.proto -d "$REQUEST_MSG" '127.0.0.1:11090' transfers.Settlement/Run | jq .message | jq -R 'fromjson | fromjson' | jq -c ) + + + + echo "... submitting update" + + $CMD tx wasm execute $CONTRACT "{\"update\": "$UPDATE" }" --chain-id testing --from admin --node http://$NODE_URL -y + + + echo " ... done" + echo "---------------------------------------------------------" + echo "... waiting for event" +done + + diff --git a/apps/transfers/scripts/start.sh b/apps/transfers/scripts/start.sh new file mode 100755 index 0000000..d5c8fd3 --- /dev/null +++ b/apps/transfers/scripts/start.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +#set -eo pipefail + +ROOT=${ROOT:-$HOME} +DIR_QUARTZ="$ROOT/cycles-quartz" +DIR_QUARTZ_APP="$DIR_QUARTZ/apps/transfers" +DIR_QUARTZ_ENCLAVE="$DIR_QUARTZ_APP/enclave" +DIR_QUARTZ_TM_PROVER="$DIR_QUARTZ/utils/tm-prover" + +NODE_URL=${NODE_URL:-127.0.0.1:26657} +CMD="wasmd --node http://$NODE_URL" + + +echo "--------------------------------------------------------" +echo "set trusted hash" + +cd "$DIR_QUARTZ_TM_PROVER" +cargo run -- --chain-id testing \ +--primary "http://$NODE_URL" \ +--witnesses "http://$NODE_URL" \ +--trusted-height 1 \ +--trusted-hash "5237772462A41C0296ED688A0327B8A60DF310F08997AD760EB74A70D0176C27" \ +--contract-address "wasm14hj2tavq8fpesdwxxcu44rty3hh90vhujrvcmstl4zr3txmfvw9s0phg4d" \ +--storage-key "quartz_session" \ +--trace-file light-client-proof.json &> $DIR_QUARTZ_APP/output + +cd $DIR_QUARTZ_APP +cat output | grep found | head -1 | awk '{print $NF}' | sed 's/\x1b\[[0-9;]*m//g' > trusted.hash +export TRUSTED_HASH=$(cat trusted.hash) +echo "... $TRUSTED_HASH" +rm output + +echo "--------------------------------------------------------" +echo "configure gramine" +cd "$DIR_QUARTZ_ENCLAVE" + +echo "... gen priv key if it doesnt exist" +gramine-sgx-gen-private-key > /dev/null 2>&1 || : # may fail + +echo "... update manifest template with trusted hash $TRUSTED_HASH" +sed -i -r "s/(\"--trusted-hash\", \")[A-Z0-9]+(\"])/\1$TRUSTED_HASH\2/" quartz.manifest.template + + +echo "... create manifest" +gramine-manifest \ +-Dlog_level="error" \ +-Dhome="$HOME" \ +-Darch_libdir="/lib/$(gcc -dumpmachine)" \ +-Dra_type="epid" \ +-Dra_client_spid="51CAF5A48B450D624AEFE3286D314894" \ +-Dra_client_linkable=1 \ +-Dquartz_dir="$(pwd)" \ +-Dtrusted_height="$TRUSTED_HEIGHT" \ +-Dtrusted_hash="$TRUSTED_HASH" \ +quartz.manifest.template quartz.manifest + +echo "... sign manifest" +gramine-sgx-sign --manifest quartz.manifest --output quartz.manifest.sgx + + +echo "--------------------------------------------------------" +echo "... start gramine" +gramine-sgx ./quartz diff --git a/relayer/scripts/relay.sh b/relayer/scripts/relay.sh index d22d156..f0e99ce 100755 --- a/relayer/scripts/relay.sh +++ b/relayer/scripts/relay.sh @@ -8,7 +8,7 @@ usage() { exit 1 } -ROOT=${ROOT:-$(pwd)} +ROOT=${ROOT:-$HOME} DIR_QUARTZ="$ROOT/cycles-quartz" DIR_PROTO="$DIR_QUARTZ/core/quartz-proto/proto" IAS_API_KEY="669244b3e6364b5888289a11d2a1726d" diff --git a/utils/tm-prover/light-client-proof.json b/utils/tm-prover/light-client-proof.json deleted file mode 100644 index 2d60632..0000000 --- a/utils/tm-prover/light-client-proof.json +++ /dev/null @@ -1 +0,0 @@ -{"light_client_proof":[{"signed_header":{"header":{"version":{"block":"11","app":"0"},"chain_id":"testing","height":"1","time":"2024-02-29T10:31:41.978364008Z","last_block_id":null,"last_commit_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","data_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","validators_hash":"93543064D77D740239A8454F2586E92064CF9EBB3701E037B656A29CC3F82819","next_validators_hash":"93543064D77D740239A8454F2586E92064CF9EBB3701E037B656A29CC3F82819","consensus_hash":"048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F","app_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","last_results_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","evidence_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","proposer_address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C"},"commit":{"height":"1","round":0,"block_id":{"hash":"2EF0E6F9BDDF5DEAA6FCD6492C3DB26D7C62BFFC01B538A958D04376E0B67185","parts":{"total":1,"hash":"F4F0C31D6EFD2B8F85FD208A66AC22B1B4DC77732E5F342BA8E56C021E41FBE5"}},"signatures":[{"block_id_flag":2,"validator_address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","timestamp":"2024-02-29T10:32:04.83875824Z","signature":"ZCWcsrLqZT4vcGythMYHFWhFJJiQQpcNZtw6MyL/SoiyqfQJipyL01IbCj0vR6MnDJMTEpHesue5B8M7V22MDw=="}]}},"validator_set":{"validators":[{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null}],"proposer":{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null},"total_voting_power":"250"},"next_validator_set":{"validators":[{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null}],"proposer":null,"total_voting_power":"250"},"provider":"fcd91a360d566b908ba6f1f904f689d10d9547b0"},{"signed_header":{"header":{"version":{"block":"11","app":"0"},"chain_id":"testing","height":"4906","time":"2024-02-29T17:31:16.4993207Z","last_block_id":{"hash":"D5CBA83AD346BB1E1D1EDBB975C904CA493B27B647416040311A25D86D1887EF","parts":{"total":1,"hash":"336EFBCB32C71A0760C4E3588B9D6953F486CA266FDF750CD436813621CF87DA"}},"last_commit_hash":"12E651BB8B88BB87926BC3AA1FEF54D1D499898F543CF16F3CFBC05B400C1910","data_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","validators_hash":"93543064D77D740239A8454F2586E92064CF9EBB3701E037B656A29CC3F82819","next_validators_hash":"93543064D77D740239A8454F2586E92064CF9EBB3701E037B656A29CC3F82819","consensus_hash":"048091BC7DDC283F77BFBF91D73C44DA58C3DF8A9CBC867405D8B7F3DAADA22F","app_hash":"FC24242400B2615EA09B579DAF71397881235DF9675971B206A8FA2353341549","last_results_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","evidence_hash":"E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855","proposer_address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C"},"commit":{"height":"4906","round":0,"block_id":{"hash":"4C9774D531A2EBE592A1E4A2A13AA2BEE178490465E12A40722338BD73E014BD","parts":{"total":1,"hash":"F8E5F1661333A6C5C0B6FE9E58AB6AF3D7FE4E3F407AFE8347D616947259572D"}},"signatures":[{"block_id_flag":2,"validator_address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","timestamp":"2024-02-29T17:31:21.624527037Z","signature":"7GrmP+g++BA0TCfCJSGd7vUvB9u8jApHcVqGzVxECJglL1k2eeukg0lx1bQ9jYOx9JfktLdb78eXF+41Eo2eBg=="}]}},"validator_set":{"validators":[{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null}],"proposer":{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null},"total_voting_power":"250"},"next_validator_set":{"validators":[{"address":"09A2F2EE18D2D1A8E90B5DCB94072F5F4A2C4D5C","pub_key":{"type":"tendermint/PubKeyEd25519","value":"LHmUOWNnOYDfKI5fEQojrwVE9oMbuwgUgmtnIvV0MmI="},"power":"250","name":null}],"proposer":null,"total_voting_power":"250"},"provider":"fcd91a360d566b908ba6f1f904f689d10d9547b0"}],"merkle_proof":{"key":"0345dbea4617971d93188eda21530bc6503d153313b6f575048c2c35dbc6e4fb0671756172747a5f73657373696f6e","value":"7b226e6f6e6365223a2238333665633263656432336336346238316138346436386462306634336631303730343939353638373466316562616537653665333235623232396330613632222c227075625f6b6579223a6e756c6c7d","proof":{"ops":[{"field_type":"ics23:iavl","key":"A0Xb6kYXlx2TGI7aIVMLxlA9FTMTtvV1BIwsNdvG5PsGcXVhcnR6X3Nlc3Npb24=","data":"CtgDCi8DRdvqRheXHZMYjtohUwvGUD0VMxO29XUEjCw128bk+wZxdWFydHpfc2Vzc2lvbhJbeyJub25jZSI6IjgzNmVjMmNlZDIzYzY0YjgxYTg0ZDY4ZGIwZjQzZjEwNzA0OTk1Njg3NGYxZWJhZTdlNmUzMjViMjI5YzBhNjIiLCJwdWJfa2V5IjpudWxsfRoMCAEYASABKgQAArZMIioIARImAgS2TCAYXQHbsS8wEbCEc/L0EtL1WvGUlZv1SMDdq5hetWwlGCAiKggBEiYEBrZMIOqwrTIyaJy6bWmSPduUQmLTHe0CoBG2+u4PHKt2FDUHICIsCAESBQYKtkwgGiEgkEk8SyVJd/i79HCAnPoDYwhRdUEkxdljcvlC/JCfHQYiLAgBEgUIFLZMIBohIKPyviB9p4e+IeJjJvizce4ETMkwA/P8mhEDpnAWirq/IioIARImCii2TCCb35luv/9FAVQVTzQNUStRwjfx3vZ6Qkk9AMElKtWpiCAiLAgBEgUMQLZMIBohIEFCwTEL9LpqYf+YhpQQCT5eImBRDzn+T0Q1o+ktRM1RIiwIARIFDmC2TCAaISBhA95IWEvmWpLKXKgeWFjVHccfi6n0EocBzVeYeRZg4Q=="},{"field_type":"ics23:simple","key":"d2FzbQ==","data":"CqgBCgR3YXNtEiA696LyVGI6ZdTDX4xbq465Kr5/3oRLM6HVBbrPbwq1cxoJCAEYASABKgEAIiUIARIhAWLU8PgnJ/EMp4BYvtTN9MX/rS70dNQ3ZAzrJLssrLjRIiUIARIhARgpEKVXdhJlFtfJxfMswUUDn0KoMHu1vZ5ACNng633SIiUIARIhAVoejJ3Hb5cHxRylM7rCRD83y8fmOMXb39OFwXCCKH15"}]}}} \ No newline at end of file