From a3de04088d81a5ee64226e02482f95e67a92c85a Mon Sep 17 00:00:00 2001 From: vlad Date: Wed, 6 Nov 2024 18:23:40 +0000 Subject: [PATCH] moved tm-secret-enclave functionality into our enclave --- cosmwasm/enclaves/execute/Enclave.edl | 2 +- cosmwasm/packages/sgx-vm/src/enclave.rs | 140 ++++++++++++++++++++++++ go.mod | 2 +- go.sum | 4 +- 4 files changed, 144 insertions(+), 4 deletions(-) diff --git a/cosmwasm/enclaves/execute/Enclave.edl b/cosmwasm/enclaves/execute/Enclave.edl index 6cea277e2..4a42b22a9 100644 --- a/cosmwasm/enclaves/execute/Enclave.edl +++ b/cosmwasm/enclaves/execute/Enclave.edl @@ -159,7 +159,7 @@ enclave { public uint32_t ecall_run_tests(); - public int64_t ecall_generate_random( + public sgx_status_t ecall_generate_random( [in, count=block_hash_len] const uint8_t* block_hash, uint32_t block_hash_len, uint64_t height, diff --git a/cosmwasm/packages/sgx-vm/src/enclave.rs b/cosmwasm/packages/sgx-vm/src/enclave.rs index 08b18ac3b..b109b4405 100644 --- a/cosmwasm/packages/sgx-vm/src/enclave.rs +++ b/cosmwasm/packages/sgx-vm/src/enclave.rs @@ -11,6 +11,8 @@ use lazy_static::lazy_static; use log::*; use parking_lot::{Condvar, Mutex}; +use sgx_types::sgx_enclave_id_t; + #[cfg(feature = "production")] const ENCLAVE_DEBUG: i32 = 0; @@ -156,3 +158,141 @@ impl Drop for EnclaveAccessToken { } } } + +extern "C" { + + pub fn ecall_generate_random( + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + block_hash: *const u8, + block_hash_len: u32, + height: u64, + random: *mut u8, + proof: *mut u8, + ) -> sgx_status_t; + + pub fn ecall_submit_validator_set( + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + val_set: *const u8, + val_set_len: u32, + height: u64, + ) -> sgx_status_t; + + pub fn ecall_validate_random( + eid: sgx_enclave_id_t, + retval: *mut sgx_status_t, + random: *const u8, + random_len: u32, + proof: *const u8, + proof_len: u32, + block_hash: *const u8, + block_hash_len: u32, + height: u64, + ) -> sgx_status_t; + +} + +fn get_secret_eid() -> Result { + match &ENCLAVE_DOORBELL.enclave { + Ok(encl) => Ok(encl.geteid()), + Err(status) => Err(*status), + } +} + +#[no_mangle] +pub extern "C" fn secret_impl_random_number( + block_hash: &[u8], + height: u64, +) -> Result, sgx_status_t> { + let eid = get_secret_eid()?; + let mut retval = sgx_status_t::SGX_SUCCESS; + + let mut random = [0u8; 48]; + let mut proof = [0u8; 32]; + + let status = unsafe { + ecall_generate_random( + eid, + &mut retval, + block_hash.as_ptr(), + block_hash.len() as u32, + height, + random.as_mut_ptr(), + proof.as_mut_ptr(), + ) + }; + + if retval != sgx_status_t::SGX_SUCCESS { + return Err(retval); + } + + if status != sgx_status_t::SGX_SUCCESS { + return Err(status); + } + + let mut return_val = vec![]; + return_val.extend_from_slice(&random); + return_val.extend_from_slice(&proof); + return Ok(return_val); +} + +#[no_mangle] +pub extern "C" fn secret_impl_next_validator_set(val_set: &[u8], height: u64) -> SgxResult<()> { + let eid = get_secret_eid()?; + let mut retval = sgx_status_t::SGX_SUCCESS; + + let status = unsafe { + ecall_submit_validator_set( + eid, + &mut retval, + val_set.as_ptr(), + val_set.len() as u32, + height, + ) + }; + + if status != sgx_status_t::SGX_SUCCESS { + return Err(status); + } + + if retval != sgx_status_t::SGX_SUCCESS { + return Err(retval); + } + + return Ok(()); +} + +#[no_mangle] +pub extern "C" fn secret_impl_validate_random( + random: &[u8], + proof: &[u8], + block_hash: &[u8], + height: u64, +) -> SgxResult<()> { + let eid = get_secret_eid()?; + let mut retval = sgx_status_t::SGX_SUCCESS; + let status = unsafe { + ecall_validate_random( + eid, + &mut retval, + random.as_ptr(), + random.len() as u32, + proof.as_ptr(), + proof.len() as u32, + block_hash.as_ptr(), + block_hash.len() as u32, + height, + ) + }; + + if status != sgx_status_t::SGX_SUCCESS { + return Err(status); + } + + if retval != sgx_status_t::SGX_SUCCESS { + return Err(retval); + } + + return Ok(()); +} diff --git a/go.mod b/go.mod index a9344e948..4a2cac3d0 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/cosmos/cosmos-proto v1.0.0-beta.5 github.com/cosmos/rosetta v0.50.4 github.com/gogo/protobuf v1.3.2 - github.com/scrtlabs/tm-secret-enclave v1.11.8 + github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02 golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 ) diff --git a/go.sum b/go.sum index 5c78e2797..8232a9327 100644 --- a/go.sum +++ b/go.sum @@ -962,8 +962,8 @@ github.com/scrtlabs/iavl v1.2.0-secret.1 h1:HVBDVrD/bMwbat+8W6DUkt2BhaCBRb0bZBXg github.com/scrtlabs/iavl v1.2.0-secret.1/go.mod h1:HidWWLVAtODJqFD6Hbne2Y0q3SdxByJepHUOeoH4LiI= github.com/scrtlabs/tendermint v0.38.12-secret.1 h1:3Cr1PBYjq7Pv5e29wJOe8m3yRbsLdJhodxF3Ie9tgtc= github.com/scrtlabs/tendermint v0.38.12-secret.1/go.mod h1:FiEh6an4djGKHoMyMVnNwXv5FU0bNOuKUeVHr6OfGU4= -github.com/scrtlabs/tm-secret-enclave v1.11.8 h1:fctIfJDHGl8D+fcXlZLX6S4yDeePIsuyzdG5HngFNPQ= -github.com/scrtlabs/tm-secret-enclave v1.11.8/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= +github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02 h1:MqKAOILH6sv9D1Yg4wkIQ6c1riBfjoygaxbTeKhC3qQ= +github.com/scrtlabs/tm-secret-enclave v1.11.9-0.20241106181222-964c7d7e9f02/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=