Communication is working

scrtlabs · Nov 29, 2022 · bfb3a7c · bfb3a7c
1 parent a8b98fd
commit bfb3a7c
Show file tree

Hide file tree

Showing 7 changed files with 465 additions and 201 deletions.
diff --git a/Makefile b/Makefile
@@ -254,7 +254,7 @@ build-testnet-bootstrap:
 				 --build-arg SECRET_NODE_TYPE=BOOTSTRAP \
 				 --build-arg CGO_LDFLAGS=${DOCKER_CGO_LDFLAGS} \
 				 -f deployment/dockerfiles/Dockerfile \
-				 -t ghcr.io/scrtlabs/secret-network-bootstrap-testnet:v$(VERSION) \
+				 -t ghcr.io/scrtlabs/testnet:${DOCKER_TAG} \
 				 --target release-image .
 
 build-testnet:
@@ -268,7 +268,7 @@ build-testnet:
 				 --build-arg SECRET_NODE_TYPE=NODE \
 				 --build-arg CGO_LDFLAGS=${DOCKER_CGO_LDFLAGS} \
 				 -f deployment/dockerfiles/Dockerfile \
-				 -t ghcr.io/scrtlabs/secret-network-node-testnet:v$(VERSION) \
+				 -t ghcr.io/scrtlabs/testnet:${DOCKER_TAG} \
 				 --target release-image .
 	DOCKER_BUILDKIT=1 docker build --build-arg BUILDKIT_INLINE_CACHE=1 \
 				 --secret id=API_KEY,src=api_key.txt \
@@ -277,7 +277,7 @@ build-testnet:
 				 --build-arg SGX_MODE=HW \
 				 --build-arg CGO_LDFLAGS=${DOCKER_CGO_LDFLAGS} \
 				 --build-arg DB_BACKEND=${DB_BACKEND} \
-				 --cache-from ghcr.io/scrtlabs/secret-network-node-testnet:v$(VERSION) \
+				 --cache-from ghcr.io/scrtlabs/testnet:${DOCKER_TAG} \
 				 -f deployment/dockerfiles/Dockerfile \
 				 -t deb_build \
 				 --target build-deb .

diff --git a/cosmwasm/enclaves/execute/src/registration/attestation.rs b/cosmwasm/enclaves/execute/src/registration/attestation.rs
@@ -46,8 +46,9 @@ use enclave_crypto::consts::SigningMethod;
 
 #[cfg(all(feature = "SGX_MODE_HW"))]
 use enclave_crypto::consts::{
-    CONSENSUS_SEED_SEALING_PATH, DEFAULT_SGX_SECRET_PATH, NODE_ENCRYPTED_SEED_KEY_FILE,
-    NODE_EXCHANGE_KEY_FILE, REGISTRATION_KEY_SEALING_PATH,
+    CURRENT_CONSENSUS_SEED_SEALING_PATH, DEFAULT_SGX_SECRET_PATH,
+    GENESIS_CONSENSUS_SEED_SEALING_PATH, NODE_ENCRYPTED_SEED_KEY_CURRENT_FILE,
+    NODE_ENCRYPTED_SEED_KEY_GENESIS_FILE, NODE_EXCHANGE_KEY_FILE, REGISTRATION_KEY_SEALING_PATH,
 };
 #[cfg(all(feature = "SGX_MODE_HW"))]
 use std::sgxfs::remove as SgxFsRemove;
@@ -92,6 +93,7 @@ pub fn create_attestation_certificate(
     kp: &KeyPair,
     _sign_type: sgx_quote_sign_type_t,
     _api_key: &[u8],
+    _challenge: Option<[u8; 4]>,
 ) -> Result<(Vec<u8>, Vec<u8>), sgx_status_t> {
     // init sgx ecc
     let ecc_handle = SgxEccHandle::new();
@@ -115,6 +117,7 @@ pub fn create_attestation_certificate(
     kp: &KeyPair,
     sign_type: sgx_quote_sign_type_t,
     api_key: &[u8],
+    challenge: Option<&[u8]>,
 ) -> Result<(Vec<u8>, Vec<u8>), sgx_status_t> {
     // extract private key from KeyPair
     let ecc_handle = SgxEccHandle::new();
@@ -124,13 +127,14 @@ pub fn create_attestation_certificate(
     let (prv_k, pub_k) = ecc_handle.create_key_pair().unwrap();
 
     // call create_report using the secp256k1 public key, and __not__ the P256 one
-    let signed_report = match create_attestation_report(&kp.get_pubkey(), sign_type, api_key) {
-        Ok(r) => r,
-        Err(e) => {
-            error!("Error creating attestation report");
-            return Err(e);
-        }
-    };
+    let signed_report =
+        match create_attestation_report(&kp.get_pubkey(), sign_type, api_key, challenge) {
+            Ok(r) => r,
+            Err(e) => {
+                error!("Error creating attestation report");
+                return Err(e);
+            }
+        };
 
     let payload: String = serde_json::to_string(&signed_report).map_err(|_| {
         error!("Error serializing report. May be malformed, or badly encoded");
@@ -148,11 +152,17 @@ pub fn create_attestation_certificate(
 pub fn validate_report(cert: &[u8], _override_verify: Option<SigningMethod>) {
     let _ = verify_ra_cert(cert, None).map_err(|e| {
         info!("Error validating created certificate: {:?}", e);
-        let _ = SgxFsRemove(CONSENSUS_SEED_SEALING_PATH.as_str());
+        let _ = SgxFsRemove(GENESIS_CONSENSUS_SEED_SEALING_PATH.as_str());
+        let _ = SgxFsRemove(CURRENT_CONSENSUS_SEED_SEALING_PATH.as_str());
         let _ = SgxFsRemove(REGISTRATION_KEY_SEALING_PATH.as_str());
         let _ = SgxFsRemove(
             std::path::Path::new(DEFAULT_SGX_SECRET_PATH)
-                .join(NODE_ENCRYPTED_SEED_KEY_FILE)
+                .join(NODE_ENCRYPTED_SEED_KEY_GENESIS_FILE)
+                .as_path(),
+        );
+        let _ = SgxFsRemove(
+            std::path::Path::new(DEFAULT_SGX_SECRET_PATH)
+                .join(NODE_ENCRYPTED_SEED_KEY_CURRENT_FILE)
                 .as_path(),
         );
         let _ = SgxFsRemove(
@@ -175,6 +185,7 @@ pub fn create_attestation_report(
     pub_k: &[u8; 32],
     sign_type: sgx_quote_sign_type_t,
     api_key_file: &[u8],
+    challenge: Option<&[u8]>,
 ) -> Result<EndorsedAttestationReport, sgx_status_t> {
     // Workflow:
     // (1) ocall to get the target_info structure (ti) and epid group id (eg)
@@ -231,6 +242,9 @@ pub fn create_attestation_report(
     let mut report_data: sgx_report_data_t = sgx_report_data_t::default();
 
     report_data.d[..32].copy_from_slice(pub_k);
+    if let Some(c) = challenge {
+        report_data.d[32..36].copy_from_slice(c);
+    }
 
     let rep = match rsgx_create_report(&ti, &report_data) {
         Ok(r) => {