From 1534dd5c3815568573ee1b0667e80aa3298204a5 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Mon, 1 Jul 2024 23:58:39 +0200 Subject: [PATCH 01/25] Extract light client verification code --- core/quartz/src/server.rs | 98 +++++++++++++++++++++------------------ 1 file changed, 52 insertions(+), 46 deletions(-) diff --git a/core/quartz/src/server.rs b/core/quartz/src/server.rs index 45e2bf50..c0ba5818 100644 --- a/core/quartz/src/server.rs +++ b/core/quartz/src/server.rs @@ -4,7 +4,6 @@ use std::{ }; use cw_proof::{ - error::ProofError, proof::{ cw::{CwProof, RawCwProof}, Proof, @@ -16,7 +15,7 @@ use quartz_cw::{ execute::{session_create::SessionCreate, session_set_pub_key::SessionSetPubKey}, instantiate::CoreInstantiate, }, - state::{Config, Nonce, Session}, + state::{Config, LightClientOpts, Nonce, Session}, }; use quartz_proto::quartz::{ core_server::Core, InstantiateRequest as RawInstantiateRequest, @@ -102,17 +101,54 @@ where request: Request, ) -> TonicResult> { // FIXME(hu55a1n1) - disallow calling more than once - let proof: ProofOfPublication = serde_json::from_str(&request.into_inner().message) - .map_err(|e| Status::invalid_argument(e.to_string()))?; + let proof: ProofOfPublication> = + serde_json::from_str(&request.into_inner().message) + .map_err(|e| Status::invalid_argument(e.to_string()))?; - let config_trust_threshold = self.config.light_client_opts().trust_threshold(); + let (value, _msg) = proof + .verify(self.config.light_client_opts()) + .map_err(Status::failed_precondition)?; + + let session: Session = serde_json::from_slice(&value).unwrap(); + let nonce = self.nonce.lock().unwrap(); + + if session.nonce() != *nonce { + return Err(Status::unauthenticated("nonce mismatch")); + } + + let sk = SigningKey::random(&mut rand::thread_rng()); + *self.sk.lock().unwrap() = Some(sk.clone()); + let pk = sk.verifying_key(); + + let session_set_pub_key_msg = SessionSetPubKey::new(*nonce, *pk); + + let quote = self + .attestor + .quote(session_set_pub_key_msg) + .map_err(|e| Status::internal(e.to_string()))?; + + let response = SessionSetPubKeyResponse::new(*nonce, *pk, quote); + Ok(Response::new(response.into())) + } +} + +#[derive(Clone, Debug, Serialize, Deserialize)] +pub struct ProofOfPublication { + light_client_proof: Vec, + merkle_proof: RawCwProof, + msg: M, +} + +impl ProofOfPublication { + pub fn verify(self, light_client_opts: &LightClientOpts) -> Result<(Vec, M), String> { + let config_trust_threshold = light_client_opts.trust_threshold(); let trust_threshold = TrustThreshold::new(config_trust_threshold.0, config_trust_threshold.1).unwrap(); - let config_trusting_period = self.config.light_client_opts().trusting_period(); + let config_trusting_period = light_client_opts.trusting_period(); let trusting_period = Duration::from_secs(config_trusting_period); - let config_clock_drift = self.config.light_client_opts().max_clock_drift(); + let config_clock_drift = light_client_opts.max_clock_drift(); let clock_drift = Duration::from_secs(config_clock_drift); let options = Options { trust_threshold, @@ -120,28 +156,23 @@ where clock_drift, }; - let target_height = proof.light_client_proof.last().unwrap().height(); + let target_height = self.light_client_proof.last().unwrap().height(); let primary_block = make_provider( - self.config.light_client_opts().chain_id(), - self.config - .light_client_opts() - .trusted_height() - .try_into() - .unwrap(), - self.config - .light_client_opts() + light_client_opts.chain_id(), + light_client_opts.trusted_height().try_into().unwrap(), + light_client_opts .trusted_hash() .to_vec() .try_into() .unwrap(), - proof.light_client_proof, + self.light_client_proof, options, ) .and_then(|mut primary| primary.verify_to_height(target_height)) - .map_err(|e| Status::internal(e.to_string()))?; + .map_err(|e| e.to_string())?; - let proof = CwProof::from(proof.merkle_proof); + let proof = CwProof::from(self.merkle_proof); proof .verify( primary_block @@ -151,33 +182,8 @@ where .as_bytes() .to_vec(), ) - .map_err(|e: ProofError| Status::internal(e.to_string()))?; - - let session: Session = serde_json::from_slice(&proof.value).unwrap(); - let nonce = self.nonce.lock().unwrap(); - - if session.nonce() != *nonce { - return Err(Status::unauthenticated("nonce mismatch")); - } + .map_err(|e| e.to_string())?; - let sk = SigningKey::random(&mut rand::thread_rng()); - *self.sk.lock().unwrap() = Some(sk.clone()); - let pk = sk.verifying_key(); - - let session_set_pub_key_msg = SessionSetPubKey::new(*nonce, *pk); - - let quote = self - .attestor - .quote(session_set_pub_key_msg) - .map_err(|e| Status::internal(e.to_string()))?; - - let response = SessionSetPubKeyResponse::new(*nonce, *pk, quote); - Ok(Response::new(response.into())) + Ok((proof.value, self.msg)) } } - -#[derive(Clone, Debug, Serialize, Deserialize)] -pub struct ProofOfPublication { - light_client_proof: Vec, - merkle_proof: RawCwProof, -} From 81a6df9ddc3efb9b56319bdbd98b528fac3aa498 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 00:10:03 +0200 Subject: [PATCH 02/25] cargo fmt --- core/quartz/src/server.rs | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/core/quartz/src/server.rs b/core/quartz/src/server.rs index c0ba5818..f51d48bf 100644 --- a/core/quartz/src/server.rs +++ b/core/quartz/src/server.rs @@ -3,11 +3,9 @@ use std::{ time::Duration, }; -use cw_proof::{ - proof::{ - cw::{CwProof, RawCwProof}, - Proof, - }, +use cw_proof::proof::{ + cw::{CwProof, RawCwProof}, + Proof, }; use k256::ecdsa::SigningKey; use quartz_cw::{ From 0c6181da4cc973f97341e13ffd31447ffe7ed48d Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 00:10:51 +0200 Subject: [PATCH 03/25] Implement light client check for mtcs.run --- Cargo.lock | 1 + apps/mtcs/enclave/Cargo.toml | 7 +++-- apps/mtcs/enclave/src/main.rs | 6 +++- apps/mtcs/enclave/src/mtcs_server.rs | 42 +++++++++++++--------------- 4 files changed, 30 insertions(+), 26 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index be443736..9caebbc6 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1049,6 +1049,7 @@ dependencies = [ "cosmrs", "cosmwasm-std", "cw-multi-test", + "cw-proof", "cw-tee-mtcs", "cycles-sync", "ecies", diff --git a/apps/mtcs/enclave/Cargo.toml b/apps/mtcs/enclave/Cargo.toml index 791c805f..04bcee2a 100644 --- a/apps/mtcs/enclave/Cargo.toml +++ b/apps/mtcs/enclave/Cargo.toml @@ -21,9 +21,9 @@ k256 = { version = "0.13.2", default-features = false, features = ["ecdsa"] } schemars = "0.8.15" serde = { version = "1.0.189", default-features = false, features = ["derive"] } thiserror = { version = "1.0.49" } -tonic = { version = "0.11.0"} +tonic = { version = "0.11.0" } tonic-build = "0.11.0" -cosmrs = { version = "0.16.0"} +cosmrs = { version = "0.16.0" } cosmwasm-std = { version = "1.5.2", default-features = false } serde_json = { version = "1.0.94", default-features = false } ecies = { version = "0.2.3", default-features = false, features = ["pure"] } @@ -40,9 +40,10 @@ cycles-sync.workspace = true mtcs.workspace = true # quartz +cw-proof = { path = "../../../core/light-client-proofs/cw-proof" } quartz-cw = { path = "../../../cosmwasm/packages/quartz-cw" } quartz-proto = { path = "../../../core/quartz-proto" } -quartz-enclave = { path = "../../../core/quartz"} +quartz-enclave = { path = "../../../core/quartz" } [dev-dependencies] cw-multi-test = "0.17.0" diff --git a/apps/mtcs/enclave/src/main.rs b/apps/mtcs/enclave/src/main.rs index d408a6a1..51df2fd1 100644 --- a/apps/mtcs/enclave/src/main.rs +++ b/apps/mtcs/enclave/src/main.rs @@ -63,11 +63,15 @@ async fn main() -> Result<(), Box> { Server::builder() .add_service(CoreServer::new(CoreService::new( + config.clone(), + sk.clone(), + EpidAttestor, + ))) + .add_service(MtcsServer::new(MtcsService::new( config, sk.clone(), EpidAttestor, ))) - .add_service(MtcsServer::new(MtcsService::new(sk.clone(), EpidAttestor))) .serve(args.rpc_addr) .await?; diff --git a/apps/mtcs/enclave/src/mtcs_server.rs b/apps/mtcs/enclave/src/mtcs_server.rs index 0674210d..9b8e7796 100644 --- a/apps/mtcs/enclave/src/mtcs_server.rs +++ b/apps/mtcs/enclave/src/mtcs_server.rs @@ -17,8 +17,8 @@ use mtcs::{ algo::mcmf::primal_dual::PrimalDual, impls::complex_id::ComplexIdMtcs, obligation::SimpleObligation, prelude::DefaultMtcs, setoff::SimpleSetoff, Mtcs, }; -use quartz_cw::msg::execute::attested::RawAttested; -use quartz_enclave::attestor::Attestor; +use quartz_cw::{msg::execute::attested::RawAttested, state::Config}; +use quartz_enclave::{attestor::Attestor, server::ProofOfPublication}; use serde::{Deserialize, Serialize}; use tonic::{Request, Response, Result as TonicResult, Status}; @@ -28,6 +28,7 @@ pub type RawCipherText = HexBinary; #[derive(Clone, Debug)] pub struct MtcsService { + config: Config, sk: Arc>>, attestor: A, } @@ -42,8 +43,12 @@ impl MtcsService where A: Attestor, { - pub fn new(sk: Arc>>, attestor: A) -> Self { - Self { sk, attestor } + pub fn new(config: Config, sk: Arc>>, attestor: A) -> Self { + Self { + config, + sk, + attestor, + } } } @@ -56,28 +61,21 @@ where &self, request: Request, ) -> TonicResult> { - // Pass in JSON of Requests vector and the STATE - - // Serialize into Requests enum - // Loop through, decrypt the ciphertexts - - // Read the state blob from chain - - // Decrypt and deserialize - - // Loop through requests and apply onto state - - // Encrypt state - - // Create withdraw requests - - // Send to chain - - let message: RunClearingMessage = { + let message: ProofOfPublication = { let message = request.into_inner().message; serde_json::from_str(&message).map_err(|e| Status::invalid_argument(e.to_string()))? }; + let (value, message) = message + .verify(self.config.light_client_opts()) + .map_err(Status::failed_precondition)?; + + let value_matches_msg = + serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == &value); + if !value_matches_msg { + return Err(Status::failed_precondition("proof verification")); + } + let digests_ciphertexts = message.intents; let (digests, ciphertexts): (Vec<_>, Vec<_>) = digests_ciphertexts.into_iter().unzip(); From fadf927bc09a6ee898df88021ca9875cd2078e13 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 21:53:29 +0200 Subject: [PATCH 04/25] Remove #![warn(missing_docs)] from enclaves --- apps/mtcs/enclave/src/main.rs | 1 - apps/transfers/enclave/src/main.rs | 1 - core/quartz/src/lib.rs | 1 - 3 files changed, 3 deletions(-) diff --git a/apps/mtcs/enclave/src/main.rs b/apps/mtcs/enclave/src/main.rs index 51df2fd1..dba11734 100644 --- a/apps/mtcs/enclave/src/main.rs +++ b/apps/mtcs/enclave/src/main.rs @@ -4,7 +4,6 @@ clippy::checked_conversions, clippy::panic, clippy::panic_in_result_fn, - missing_docs, trivial_casts, trivial_numeric_casts, rust_2018_idioms, diff --git a/apps/transfers/enclave/src/main.rs b/apps/transfers/enclave/src/main.rs index 663ed577..63f0b3de 100644 --- a/apps/transfers/enclave/src/main.rs +++ b/apps/transfers/enclave/src/main.rs @@ -4,7 +4,6 @@ clippy::checked_conversions, clippy::panic, clippy::panic_in_result_fn, - missing_docs, trivial_casts, trivial_numeric_casts, rust_2018_idioms, diff --git a/core/quartz/src/lib.rs b/core/quartz/src/lib.rs index b95d9c54..0c6f8578 100644 --- a/core/quartz/src/lib.rs +++ b/core/quartz/src/lib.rs @@ -4,7 +4,6 @@ clippy::checked_conversions, clippy::panic, clippy::panic_in_result_fn, - missing_docs, trivial_casts, trivial_numeric_casts, rust_2018_idioms, From 92490bcbd42dcde0a26aa6bb89f5d111a85d4aec Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 21:54:00 +0200 Subject: [PATCH 05/25] Rename value -> proof_value --- apps/mtcs/enclave/src/mtcs_server.rs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/apps/mtcs/enclave/src/mtcs_server.rs b/apps/mtcs/enclave/src/mtcs_server.rs index 9b8e7796..11ae7865 100644 --- a/apps/mtcs/enclave/src/mtcs_server.rs +++ b/apps/mtcs/enclave/src/mtcs_server.rs @@ -66,13 +66,13 @@ where serde_json::from_str(&message).map_err(|e| Status::invalid_argument(e.to_string()))? }; - let (value, message) = message + let (proof_value, message) = message .verify(self.config.light_client_opts()) .map_err(Status::failed_precondition)?; - let value_matches_msg = - serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == &value); - if !value_matches_msg { + let proof_value_matches_msg = + serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == &proof_value); + if !proof_value_matches_msg { return Err(Status::failed_precondition("proof verification")); } From 754dcf186270f9b3c6e55d14f951ae01c494ec34 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 21:54:49 +0200 Subject: [PATCH 06/25] Impl light client check for transfers enclave --- apps/transfers/enclave/src/main.rs | 3 +- .../transfers/enclave/src/transfers_server.rs | 32 +++++++++++++------ 2 files changed, 24 insertions(+), 11 deletions(-) diff --git a/apps/transfers/enclave/src/main.rs b/apps/transfers/enclave/src/main.rs index 63f0b3de..c9bfba70 100644 --- a/apps/transfers/enclave/src/main.rs +++ b/apps/transfers/enclave/src/main.rs @@ -63,11 +63,12 @@ async fn main() -> Result<(), Box> { Server::builder() .add_service(CoreServer::new(CoreService::new( - config, + config.clone(), sk.clone(), EpidAttestor, ))) .add_service(TransfersServer::new(TransfersService::::new( + config.clone(), sk.clone(), EpidAttestor, ))) diff --git a/apps/transfers/enclave/src/transfers_server.rs b/apps/transfers/enclave/src/transfers_server.rs index b1c08c82..381b7189 100644 --- a/apps/transfers/enclave/src/transfers_server.rs +++ b/apps/transfers/enclave/src/transfers_server.rs @@ -4,16 +4,13 @@ use std::{ }; use cosmwasm_std::{Addr, HexBinary, Uint128}; - -pub type RawCipherText = HexBinary; - use ecies::{decrypt, encrypt}; use k256::ecdsa::{SigningKey, VerifyingKey}; use quartz_cw::{ msg::execute::attested::{HasUserData, RawAttested}, - state::UserData, + state::{Config, UserData}, }; -use quartz_enclave::attestor::Attestor; +use quartz_enclave::{attestor::Attestor, server::ProofOfPublication}; use serde::{Deserialize, Serialize}; use sha2::{Digest, Sha256}; use tonic::{Request, Response, Result as TonicResult, Status}; @@ -24,8 +21,11 @@ use crate::{ state::{RawState, State}, }; +pub type RawCipherText = HexBinary; + #[derive(Clone, Debug)] pub struct TransfersService { + config: Config, sk: Arc>>, attestor: A, } @@ -59,8 +59,12 @@ impl TransfersService where A: Attestor, { - pub fn new(sk: Arc>>, attestor: A) -> Self { - Self { sk, attestor } + pub fn new(config: Config, sk: Arc>>, attestor: A) -> Self { + Self { + config, + sk, + attestor, + } } } @@ -74,13 +78,21 @@ where request: Request, ) -> TonicResult> { // Request contains a serialized json string - - // Serialize request into struct containing State and the Requests vec - let message: RunTransfersRequestMessage = { + let message: ProofOfPublication = { let message = request.into_inner().message; serde_json::from_str(&message).map_err(|e| Status::invalid_argument(e.to_string()))? }; + let (proof_value, message) = message + .verify(self.config.light_client_opts()) + .map_err(Status::failed_precondition)?; + + let proof_value_matches_msg = + serde_json::to_string(&message.requests).is_ok_and(|s| s.as_bytes() == proof_value); + if !proof_value_matches_msg { + return Err(Status::failed_precondition("proof verification")); + } + // Decrypt and deserialize the state let mut state = { if message.state.len() == 1 && message.state[0] == 0 { From f1c5495554ec72f1dbae3cc4a574a278622f1f79 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 21:55:29 +0200 Subject: [PATCH 07/25] Clippy fix --- apps/transfers/enclave/bin/encrypt.rs | 12 ++++-------- apps/transfers/enclave/src/state.rs | 2 +- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/apps/transfers/enclave/bin/encrypt.rs b/apps/transfers/enclave/bin/encrypt.rs index b37e3bfd..faaa2178 100644 --- a/apps/transfers/enclave/bin/encrypt.rs +++ b/apps/transfers/enclave/bin/encrypt.rs @@ -1,12 +1,8 @@ -use std::collections::{BTreeMap, HashMap}; +use std::collections::BTreeMap; -use anyhow; use cosmwasm_std::{Addr, HexBinary, Uint128}; -use ecies::{decrypt, encrypt}; -use k256::{ - ecdsa::{SigningKey, VerifyingKey}, - pkcs8::DecodePublicKey, -}; +use ecies::encrypt; +use k256::ecdsa::VerifyingKey; use serde::{Deserialize, Serialize}; use transfers_contracts::msg::execute::ClearTextTransferRequestMsg; @@ -45,7 +41,7 @@ fn main() { let msg = ClearTextTransferRequestMsg { sender: Addr::unchecked("alice"), receiver: Addr::unchecked("bob"), - amount: Uint128::from(100 as u32), + amount: Uint128::from(100_u32), }; let decoded: Vec = diff --git a/apps/transfers/enclave/src/state.rs b/apps/transfers/enclave/src/state.rs index 932029d1..d5de4260 100644 --- a/apps/transfers/enclave/src/state.rs +++ b/apps/transfers/enclave/src/state.rs @@ -1,4 +1,4 @@ -use std::collections::{BTreeMap, HashMap}; +use std::collections::BTreeMap; use anyhow; use cosmwasm_std::{Addr, HexBinary, Uint128}; From 5ea2ff1132386cd377bbf49d7b9b5fc1aeacd78a Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 21:55:44 +0200 Subject: [PATCH 08/25] Update Cargo.lock --- apps/transfers/enclave/Cargo.lock | 2 ++ 1 file changed, 2 insertions(+) diff --git a/apps/transfers/enclave/Cargo.lock b/apps/transfers/enclave/Cargo.lock index e479355c..73e95658 100644 --- a/apps/transfers/enclave/Cargo.lock +++ b/apps/transfers/enclave/Cargo.lock @@ -713,6 +713,8 @@ dependencies = [ "quartz-cw", "schemars", "serde", + "serde_json", + "sha2 0.10.8", "thiserror", ] From b2125eafdc6ad7f0b2b15a88e8d7b2f22aae6c69 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 22:02:37 +0200 Subject: [PATCH 09/25] Fix workspace --- Cargo.lock | 108 +++++++++++++++++++++--------- Cargo.toml | 6 +- apps/mtcs/enclave/Cargo.toml | 2 +- apps/transfers/enclave/Cargo.toml | 2 +- 4 files changed, 83 insertions(+), 35 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 9caebbc6..490c9e38 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1040,37 +1040,6 @@ dependencies = [ "zeroize", ] -[[package]] -name = "enclave" -version = "0.1.0" -dependencies = [ - "clap", - "color-eyre", - "cosmrs", - "cosmwasm-std", - "cw-multi-test", - "cw-proof", - "cw-tee-mtcs", - "cycles-sync", - "ecies", - "hex", - "k256", - "mtcs", - "prost", - "quartz-cw", - "quartz-enclave", - "quartz-proto", - "schemars", - "serde", - "serde_json", - "tendermint 0.36.0", - "tendermint-light-client", - "thiserror", - "tokio", - "tonic", - "tonic-build", -] - [[package]] name = "encoding_rs" version = "0.8.34" @@ -2342,6 +2311,67 @@ dependencies = [ "prost", ] +[[package]] +name = "quartz-app-mtcs-enclave" +version = "0.1.0" +dependencies = [ + "clap", + "color-eyre", + "cosmrs", + "cosmwasm-std", + "cw-multi-test", + "cw-proof", + "cw-tee-mtcs", + "cycles-sync", + "ecies", + "hex", + "k256", + "mtcs", + "prost", + "quartz-cw", + "quartz-enclave", + "quartz-proto", + "schemars", + "serde", + "serde_json", + "tendermint 0.36.0", + "tendermint-light-client", + "thiserror", + "tokio", + "tonic", + "tonic-build", +] + +[[package]] +name = "quartz-app-transfers-enclave" +version = "0.1.0" +dependencies = [ + "anyhow", + "clap", + "color-eyre", + "cosmrs", + "cosmwasm-std", + "cw-multi-test", + "ecies", + "hex", + "k256", + "prost", + "quartz-cw", + "quartz-enclave", + "quartz-proto", + "schemars", + "serde", + "serde_json", + "sha2 0.10.8", + "tendermint 0.36.0", + "tendermint-light-client", + "thiserror", + "tokio", + "tonic", + "tonic-build", + "transfers_contracts", +] + [[package]] name = "quartz-cw" version = "0.1.0" @@ -3733,6 +3763,22 @@ dependencies = [ "tracing-core", ] +[[package]] +name = "transfers_contracts" +version = "0.1.0" +dependencies = [ + "cosmwasm-schema", + "cosmwasm-std", + "cw-storage-plus", + "cw-utils", + "cw2", + "cw20-base", + "quartz-cw", + "serde_json", + "sha2 0.10.8", + "thiserror", +] + [[package]] name = "try-lock" version = "0.2.5" diff --git a/Cargo.toml b/Cargo.toml index dacfaa20..8ad17def 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -1,12 +1,14 @@ [workspace] resolver = "2" -members = [ "apps/mtcs/enclave", +members = [ + "apps/mtcs/enclave", + "apps/transfers/enclave", "core/light-client-proofs/*", "core/quartz", "cosmwasm/packages/*", "utils/*", ] -exclude = ["apps/mtcs/contracts/cw-tee-mtcs", "apps/mtcs/enclave", "apps/transfers", "apps/transfers/enclave"] +exclude = ["apps/mtcs/contracts/cw-tee-mtcs", "apps/mtcs/contracts/cw-tee-mtcs"] [workspace.package] version = "0.1.0" diff --git a/apps/mtcs/enclave/Cargo.toml b/apps/mtcs/enclave/Cargo.toml index 04bcee2a..e6a2b681 100644 --- a/apps/mtcs/enclave/Cargo.toml +++ b/apps/mtcs/enclave/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "enclave" +name = "quartz-app-mtcs-enclave" version = "0.1.0" edition = "2021" diff --git a/apps/transfers/enclave/Cargo.toml b/apps/transfers/enclave/Cargo.toml index a736b9e8..c2856989 100644 --- a/apps/transfers/enclave/Cargo.toml +++ b/apps/transfers/enclave/Cargo.toml @@ -1,5 +1,5 @@ [package] -name = "enclave" +name = "quartz-app-transfers-enclave" version = "0.1.0" edition = "2021" From b0125ea6b3034f6112c65ec77339383877ae4dd3 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 22:12:47 +0200 Subject: [PATCH 10/25] Clippy fix --- apps/mtcs/enclave/src/mtcs_server.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/mtcs/enclave/src/mtcs_server.rs b/apps/mtcs/enclave/src/mtcs_server.rs index 11ae7865..c0db86d1 100644 --- a/apps/mtcs/enclave/src/mtcs_server.rs +++ b/apps/mtcs/enclave/src/mtcs_server.rs @@ -71,7 +71,7 @@ where .map_err(Status::failed_precondition)?; let proof_value_matches_msg = - serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == &proof_value); + serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == proof_value); if !proof_value_matches_msg { return Err(Status::failed_precondition("proof verification")); } From de58478507e531596e110bf96319013ba432d7e6 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 22:13:11 +0200 Subject: [PATCH 11/25] Pin rust to v1.78 --- rust-toolchain.toml | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 rust-toolchain.toml diff --git a/rust-toolchain.toml b/rust-toolchain.toml new file mode 100644 index 00000000..51985806 --- /dev/null +++ b/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "1.78.0" From 4fa1bc982e1d7a0b779a50995ade59ea1accab45 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 22:49:01 +0200 Subject: [PATCH 12/25] Rename .cargo/config to config.toml --- apps/transfers/contracts/.cargo/{config => config.toml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename apps/transfers/contracts/.cargo/{config => config.toml} (100%) diff --git a/apps/transfers/contracts/.cargo/config b/apps/transfers/contracts/.cargo/config.toml similarity index 100% rename from apps/transfers/contracts/.cargo/config rename to apps/transfers/contracts/.cargo/config.toml From e75475ce8d50f28b542b57d4ca57f384049b25ed Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 22:56:41 +0200 Subject: [PATCH 13/25] Update CI to pick pinned toolchain --- .github/workflows/cosmwasm-basic.yml | 4 ++-- .github/workflows/rust.yml | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cosmwasm-basic.yml b/.github/workflows/cosmwasm-basic.yml index 372dd8e1..01e5fea2 100644 --- a/.github/workflows/cosmwasm-basic.yml +++ b/.github/workflows/cosmwasm-basic.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@v2 - name: Install wasm32-unknown-unknown toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1.78.0 with: target: wasm32-unknown-unknown @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@v2 - name: Install stable toolchain - uses: dtolnay/rust-toolchain@stable + uses: dtolnay/rust-toolchain@1.78.0 with: target: wasm32-unknown-unknown diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index e159221a..e374478e 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -57,7 +57,6 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: - toolchain: stable components: clippy override: true - uses: Swatinem/rust-cache@v1 @@ -78,7 +77,6 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: - toolchain: stable override: true - uses: Swatinem/rust-cache@v1 - uses: webfactory/ssh-agent@v0.9.0 From 84df58cad2a13a34ea5efb773b41bec1193d8047 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 23:01:18 +0200 Subject: [PATCH 14/25] Add rust-toolchain file --- rust-toolchain | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 rust-toolchain diff --git a/rust-toolchain b/rust-toolchain new file mode 100644 index 00000000..51985806 --- /dev/null +++ b/rust-toolchain @@ -0,0 +1,2 @@ +[toolchain] +channel = "1.78.0" From 52392c8b227b6b92565fafecb4326632f30845a3 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 23:17:44 +0200 Subject: [PATCH 15/25] Use old-style rust-toolchain --- rust-toolchain | 3 +-- rust-toolchain.toml | 2 -- 2 files changed, 1 insertion(+), 4 deletions(-) delete mode 100644 rust-toolchain.toml diff --git a/rust-toolchain b/rust-toolchain index 51985806..3c4c7c2d 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1,2 +1 @@ -[toolchain] -channel = "1.78.0" +1.78.0 \ No newline at end of file diff --git a/rust-toolchain.toml b/rust-toolchain.toml deleted file mode 100644 index 51985806..00000000 --- a/rust-toolchain.toml +++ /dev/null @@ -1,2 +0,0 @@ -[toolchain] -channel = "1.78.0" From 210d4f014b9e4204063057bcd04b218abb49d10c Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 2 Jul 2024 23:28:43 +0200 Subject: [PATCH 16/25] Fix Cargo.toml exclusion for transfers contract --- Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Cargo.toml b/Cargo.toml index 8ad17def..c6647f97 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,7 +8,7 @@ members = [ "cosmwasm/packages/*", "utils/*", ] -exclude = ["apps/mtcs/contracts/cw-tee-mtcs", "apps/mtcs/contracts/cw-tee-mtcs"] +exclude = ["apps/mtcs/contracts/cw-tee-mtcs", "apps/transfers/contracts"] [workspace.package] version = "0.1.0" From 62dd959f81f4b35398490f1cadab6edde78b3f9f Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Mon, 15 Jul 2024 14:31:21 +0200 Subject: [PATCH 17/25] Revert CI modifications --- .github/workflows/cosmwasm-basic.yml | 6 +++--- .github/workflows/rust.yml | 4 +++- rust-toolchain | 1 - 3 files changed, 6 insertions(+), 5 deletions(-) delete mode 100644 rust-toolchain diff --git a/.github/workflows/cosmwasm-basic.yml b/.github/workflows/cosmwasm-basic.yml index 01e5fea2..2e625429 100644 --- a/.github/workflows/cosmwasm-basic.yml +++ b/.github/workflows/cosmwasm-basic.yml @@ -38,7 +38,7 @@ jobs: uses: actions/checkout@v2 - name: Install wasm32-unknown-unknown toolchain - uses: dtolnay/rust-toolchain@1.78.0 + uses: dtolnay/rust-toolchain@stable with: target: wasm32-unknown-unknown @@ -66,7 +66,7 @@ jobs: uses: actions/checkout@v2 - name: Install stable toolchain - uses: dtolnay/rust-toolchain@1.78.0 + uses: dtolnay/rust-toolchain@stable with: target: wasm32-unknown-unknown @@ -81,4 +81,4 @@ jobs: - name: Schema Changes # fails if any changes not committed - run: git diff --exit-code schema + run: git diff --exit-code schema \ No newline at end of file diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index e374478e..d564c7db 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -57,6 +57,7 @@ jobs: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: + toolchain: stable components: clippy override: true - uses: Swatinem/rust-cache@v1 @@ -77,6 +78,7 @@ jobs: - uses: actions/checkout@v2 - uses: actions-rs/toolchain@v1 with: + toolchain: stable override: true - uses: Swatinem/rust-cache@v1 - uses: webfactory/ssh-agent@v0.9.0 @@ -96,4 +98,4 @@ jobs: - uses: actions-rs/cargo@v1 with: command: test - args: --no-default-features --no-fail-fast --no-run --workspace + args: --no-default-features --no-fail-fast --no-run --workspace \ No newline at end of file diff --git a/rust-toolchain b/rust-toolchain deleted file mode 100644 index 3c4c7c2d..00000000 --- a/rust-toolchain +++ /dev/null @@ -1 +0,0 @@ -1.78.0 \ No newline at end of file From bfb139e30e7c097ff8e66f0a22c55ffb21273688 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Mon, 15 Jul 2024 14:31:48 +0200 Subject: [PATCH 18/25] Update CosmWasm dev-deps --- apps/mtcs/enclave/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/mtcs/enclave/Cargo.toml b/apps/mtcs/enclave/Cargo.toml index 70df4917..4d3abb27 100644 --- a/apps/mtcs/enclave/Cargo.toml +++ b/apps/mtcs/enclave/Cargo.toml @@ -34,7 +34,7 @@ quartz-enclave.workspace = true quartz-proto.workspace = true [dev-dependencies] -cw-multi-test = "0.17.0" +cw-multi-test = "2.0.0" serde_json = "1.0.113" [build-dependencies] From f40d7ae416d99cca0d3d78edfc8cd7f49da047f6 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 23 Jul 2024 12:36:37 +0200 Subject: [PATCH 19/25] Update listen.sh to include query --- apps/transfers/scripts/listen.sh | 34 +++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index aa934ff6..83861ebe 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -44,8 +44,40 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) STATE=$($CMD query wasm contract-state raw $CONTRACT $(printf '%s' "state" | \ hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) + + cd "$ROOT/cycles-quartz/apps/transfers" + export TRUSTED_HASH=$(cat trusted.hash) + export TRUSTED_HEIGHT=$(cat trusted.height) + + cd $ROOT/cycles-quartz/utils/tm-prover + export PROOF_FILE="light-client-proof.json" + if [ -f "$PROOF_FILE" ]; then + rm "$PROOF_FILE" + echo "removed old $PROOF_FILE" + fi + + # TODO: pass this in? + echo "trusted hash $TRUSTED_HASH" + echo "trusted hash $TRUSTED_HEIGHT" + echo "contract $CONTRACT" + + # run prover to get light client proof + # TODO: assume this binary is pre-built? + # TODO: pass in addresses and chain id + cargo run -- --chain-id testing \ + --primary "http://$NODE_URL" \ + --witnesses "http://$NODE_URL" \ + --trusted-height $TRUSTED_HEIGHT \ + --trusted-hash $TRUSTED_HASH \ + --contract-address $CONTRACT \ + --storage-key "requests" \ + --trace-file $PROOF_FILE + + export POP=$(cat $PROOF_FILE) + export POP_MSG=$(jq -nc --arg message "$POP" '$ARGS.named') + export ENCLAVE_REQUEST=$(jq -nc --argjson requests "$REQUESTS" --argjson state $STATE '$ARGS.named') - export REQUEST_MSG=$(jq -nc --arg message "$ENCLAVE_REQUEST" '$ARGS.named') + export REQUEST_MSG=$(jq --argjson msg "$ENCLAVE_REQUEST" '. + {msg: $msg}' <<< "$POP_MSG") cd $ROOT/cycles-quartz/apps/transfers/enclave From 2fb019773c29f2d804d1d580dc0f2050b7c718c9 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 23 Jul 2024 18:27:00 +0200 Subject: [PATCH 20/25] Fix bug in request msg creation --- apps/transfers/scripts/listen.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index 83861ebe..a223eafd 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -74,16 +74,16 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" --trace-file $PROOF_FILE export POP=$(cat $PROOF_FILE) - export POP_MSG=$(jq -nc --arg message "$POP" '$ARGS.named') export ENCLAVE_REQUEST=$(jq -nc --argjson requests "$REQUESTS" --argjson state $STATE '$ARGS.named') - export REQUEST_MSG=$(jq --argjson msg "$ENCLAVE_REQUEST" '. + {msg: $msg}' <<< "$POP_MSG") + export REQUEST_MSG=$(jq --argjson msg "$ENCLAVE_REQUEST" '. + {msg: $msg}' <<< "$POP") + export PROTO_MSG=$(jq -nc --arg message "$REQUEST_MSG" '$ARGS.named') cd $ROOT/cycles-quartz/apps/transfers/enclave echo "... executing transfer" export ATTESTED_MSG=$(grpcurl -plaintext -import-path ./proto/ -proto transfers.proto \ - -d "$REQUEST_MSG" "127.0.0.1:$QUARTZ_PORT" transfers.Settlement/Run | \ + -d "$PROTO_MSG" "127.0.0.1:$QUARTZ_PORT" transfers.Settlement/Run | \ jq .message | jq -R 'fromjson | fromjson' | jq -c) QUOTE=$(echo "$ATTESTED_MSG" | jq -c '.attestation') MSG=$(echo "$ATTESTED_MSG" | jq -c '.msg') From 586164022a7f4089104dd7dd3b0045a9e06d5245 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 23 Jul 2024 18:27:31 +0200 Subject: [PATCH 21/25] Add delay to wait for block --- apps/transfers/scripts/listen.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index a223eafd..441e9530 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -39,6 +39,10 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" if echo "$CLEAN_MSG" | grep -q 'wasm-transfer'; then echo "---------------------------------------------------------" echo "... received wasm-transfer event!" + + echo "waiting for next block" + sleep 10; + echo "... fetching requests" REQUESTS=$($CMD query wasm contract-state raw $CONTRACT $(printf '%s' "requests" | \ hexdump -ve '/1 "%02X"') -o json | jq -r .data | base64 -d) From b8fbb11797c1f23ef8fea351687f859c1e6df752 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 23 Jul 2024 18:33:40 +0200 Subject: [PATCH 22/25] Undo remove newline from workflow .ymls --- .github/workflows/cosmwasm-basic.yml | 2 +- .github/workflows/rust.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cosmwasm-basic.yml b/.github/workflows/cosmwasm-basic.yml index 2e625429..372dd8e1 100644 --- a/.github/workflows/cosmwasm-basic.yml +++ b/.github/workflows/cosmwasm-basic.yml @@ -81,4 +81,4 @@ jobs: - name: Schema Changes # fails if any changes not committed - run: git diff --exit-code schema \ No newline at end of file + run: git diff --exit-code schema diff --git a/.github/workflows/rust.yml b/.github/workflows/rust.yml index d564c7db..e159221a 100644 --- a/.github/workflows/rust.yml +++ b/.github/workflows/rust.yml @@ -98,4 +98,4 @@ jobs: - uses: actions-rs/cargo@v1 with: command: test - args: --no-default-features --no-fail-fast --no-run --workspace \ No newline at end of file + args: --no-default-features --no-fail-fast --no-run --workspace From 6c42c640e295b8f6f57016f6f8c9c53225a38691 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Tue, 23 Jul 2024 18:38:16 +0200 Subject: [PATCH 23/25] Replace sleep with `wasmd status` based delay --- apps/transfers/scripts/listen.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index 441e9530..3c38efbb 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -40,8 +40,13 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" echo "---------------------------------------------------------" echo "... received wasm-transfer event!" - echo "waiting for next block" - sleep 10; + current_height=$(wasmd status 2>&1 | jq -r .SyncInfo.latest_block_height) + next_height=$((current_height + 1)) + + while [ "$(wasmd status 2>&1 | jq -r .SyncInfo.latest_block_height)" -lt "$next_height" ]; do + echo "waiting for next block" + sleep 1 + done echo "... fetching requests" REQUESTS=$($CMD query wasm contract-state raw $CONTRACT $(printf '%s' "requests" | \ From 268f6751c543369c4c2ff12c991a2f4f28afe556 Mon Sep 17 00:00:00 2001 From: dave Date: Wed, 24 Jul 2024 14:06:57 -0500 Subject: [PATCH 24/25] Fix listen.sh bug for wasmd commmand --- apps/transfers/scripts/listen.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index 3c38efbb..7da90469 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -40,10 +40,10 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" echo "---------------------------------------------------------" echo "... received wasm-transfer event!" - current_height=$(wasmd status 2>&1 | jq -r .SyncInfo.latest_block_height) + current_height=$($CMD status | jq -r .SyncInfo.latest_block_height) next_height=$((current_height + 1)) - while [ "$(wasmd status 2>&1 | jq -r .SyncInfo.latest_block_height)" -lt "$next_height" ]; do + while [ "$($CMD status 2>&1 | jq -r .SyncInfo.latest_block_height)" -lt "$next_height" ]; do echo "waiting for next block" sleep 1 done From b3df4084ce5eb49c3c221748cbd7f709676daa83 Mon Sep 17 00:00:00 2001 From: hu55a1n1 Date: Wed, 24 Jul 2024 21:18:21 +0200 Subject: [PATCH 25/25] Remove redundant TODOs --- apps/transfers/scripts/listen.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/apps/transfers/scripts/listen.sh b/apps/transfers/scripts/listen.sh index 3c38efbb..c1c2b76a 100755 --- a/apps/transfers/scripts/listen.sh +++ b/apps/transfers/scripts/listen.sh @@ -65,14 +65,11 @@ REPORT_SIG_FILE="/tmp/${USER}_datareportsig" echo "removed old $PROOF_FILE" fi - # TODO: pass this in? echo "trusted hash $TRUSTED_HASH" echo "trusted hash $TRUSTED_HEIGHT" echo "contract $CONTRACT" # run prover to get light client proof - # TODO: assume this binary is pre-built? - # TODO: pass in addresses and chain id cargo run -- --chain-id testing \ --primary "http://$NODE_URL" \ --witnesses "http://$NODE_URL" \