moved tm-secret-enclave functionality into our enclave

scrtlabs · Nov 6, 2024 · a3de040 · a3de040
1 parent 05b8f1d
commit a3de040
Show file tree

Hide file tree

Showing 4 changed files with 144 additions and 4 deletions.
diff --git a/cosmwasm/enclaves/execute/Enclave.edl b/cosmwasm/enclaves/execute/Enclave.edl
@@ -159,7 +159,7 @@ enclave {
 
         public uint32_t ecall_run_tests();
 
-        public int64_t ecall_generate_random(
+        public sgx_status_t ecall_generate_random(
               [in, count=block_hash_len] const uint8_t* block_hash,
               uint32_t block_hash_len,
               uint64_t height,

diff --git a/cosmwasm/packages/sgx-vm/src/enclave.rs b/cosmwasm/packages/sgx-vm/src/enclave.rs
@@ -11,6 +11,8 @@ use lazy_static::lazy_static;
 use log::*;
 use parking_lot::{Condvar, Mutex};
 
+use sgx_types::sgx_enclave_id_t;
+
 #[cfg(feature = "production")]
 const ENCLAVE_DEBUG: i32 = 0;
 
@@ -156,3 +158,141 @@ impl Drop for EnclaveAccessToken {
         }
     }
 }
+
+extern "C" {
+
+    pub fn ecall_generate_random(
+        eid: sgx_enclave_id_t,
+        retval: *mut sgx_status_t,
+        block_hash: *const u8,
+        block_hash_len: u32,
+        height: u64,
+        random: *mut u8,
+        proof: *mut u8,
+    ) -> sgx_status_t;
+
+    pub fn ecall_submit_validator_set(
+        eid: sgx_enclave_id_t,
+        retval: *mut sgx_status_t,
+        val_set: *const u8,
+        val_set_len: u32,
+        height: u64,
+    ) -> sgx_status_t;
+
+    pub fn ecall_validate_random(
+        eid: sgx_enclave_id_t,
+        retval: *mut sgx_status_t,
+        random: *const u8,
+        random_len: u32,
+        proof: *const u8,
+        proof_len: u32,
+        block_hash: *const u8,
+        block_hash_len: u32,
+        height: u64,
+    ) -> sgx_status_t;
+
+}
+
+fn get_secret_eid() -> Result<u64, sgx_status_t> {
+    match &ENCLAVE_DOORBELL.enclave {
+        Ok(encl) => Ok(encl.geteid()),
+        Err(status) => Err(*status),
+    }
+}
+
+#[no_mangle]
+pub extern "C" fn secret_impl_random_number(
+    block_hash: &[u8],
+    height: u64,
+) -> Result<Vec<u8>, sgx_status_t> {
+    let eid = get_secret_eid()?;
+    let mut retval = sgx_status_t::SGX_SUCCESS;
+
+    let mut random = [0u8; 48];
+    let mut proof = [0u8; 32];
+
+    let status = unsafe {
+        ecall_generate_random(
+            eid,
+            &mut retval,
+            block_hash.as_ptr(),
+            block_hash.len() as u32,
+            height,
+            random.as_mut_ptr(),
+            proof.as_mut_ptr(),
+        )
+    };
+
+    if retval != sgx_status_t::SGX_SUCCESS {
+        return Err(retval);
+    }
+
+    if status != sgx_status_t::SGX_SUCCESS {
+        return Err(status);
+    }
+
+    let mut return_val = vec![];
+    return_val.extend_from_slice(&random);
+    return_val.extend_from_slice(&proof);
+    return Ok(return_val);
+}
+
+#[no_mangle]
+pub extern "C" fn secret_impl_next_validator_set(val_set: &[u8], height: u64) -> SgxResult<()> {
+    let eid = get_secret_eid()?;
+    let mut retval = sgx_status_t::SGX_SUCCESS;
+
+    let status = unsafe {
+        ecall_submit_validator_set(
+            eid,
+            &mut retval,
+            val_set.as_ptr(),
+            val_set.len() as u32,
+            height,
+        )
+    };
+
+    if status != sgx_status_t::SGX_SUCCESS {
+        return Err(status);
+    }
+
+    if retval != sgx_status_t::SGX_SUCCESS {
+        return Err(retval);
+    }
+
+    return Ok(());
+}
+
+#[no_mangle]
+pub extern "C" fn secret_impl_validate_random(
+    random: &[u8],
+    proof: &[u8],
+    block_hash: &[u8],
+    height: u64,
+) -> SgxResult<()> {
+    let eid = get_secret_eid()?;
+    let mut retval = sgx_status_t::SGX_SUCCESS;
+    let status = unsafe {
+        ecall_validate_random(
+            eid,
+            &mut retval,
+            random.as_ptr(),
+            random.len() as u32,
+            proof.as_ptr(),
+            proof.len() as u32,
+            block_hash.as_ptr(),
+            block_hash.len() as u32,
+            height,
+        )
+    };
+
+    if status != sgx_status_t::SGX_SUCCESS {
+        return Err(status);
+    }
+
+    if retval != sgx_status_t::SGX_SUCCESS {
+        return Err(retval);
+    }
+
+    return Ok(());
+}
diff --git a/go.mod b/go.mod
@@ -64,7 +64,7 @@ require (
 	github.com/cosmos/cosmos-proto v1.0.0-beta.5
 	github.com/cosmos/rosetta v0.50.4
 	github.com/gogo/protobuf v1.3.2
-	github.com/scrtlabs/tm-secret-enclave v1.11.8
+	github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 )
 

diff --git a/go.sum b/go.sum
@@ -962,8 +962,8 @@ github.com/scrtlabs/iavl v1.2.0-secret.1 h1:HVBDVrD/bMwbat+8W6DUkt2BhaCBRb0bZBXg
 github.com/scrtlabs/iavl v1.2.0-secret.1/go.mod h1:HidWWLVAtODJqFD6Hbne2Y0q3SdxByJepHUOeoH4LiI=
 github.com/scrtlabs/tendermint v0.38.12-secret.1 h1:3Cr1PBYjq7Pv5e29wJOe8m3yRbsLdJhodxF3Ie9tgtc=
 github.com/scrtlabs/tendermint v0.38.12-secret.1/go.mod h1:FiEh6an4djGKHoMyMVnNwXv5FU0bNOuKUeVHr6OfGU4=
-github.com/scrtlabs/tm-secret-enclave v1.11.8 h1:fctIfJDHGl8D+fcXlZLX6S4yDeePIsuyzdG5HngFNPQ=
-github.com/scrtlabs/tm-secret-enclave v1.11.8/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME=
+github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02 h1:MqKAOILH6sv9D1Yg4wkIQ6c1riBfjoygaxbTeKhC3qQ=
+github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=