Bump tendermint, cosmos sdk & rust & sgx-sdk to latest versions

.github/workflows/ci.yaml

@@ -14,8 +14,8 @@ jobs:
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.20.100.4.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Cache cargo registry
@@ -43,27 +43,17 @@ jobs:
           rustc --version  
           cargo +stable install xargo --version 0.3.25
           xargo --version
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Test enclave
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"
           export SGX_MODE=SW
-          RUSTC_WRAPPER="$HOME/sccache" make enclave-tests
+          make enclave-tests
           make clean-enclave
 
   Build-Contracts:
     runs-on: ubuntu-20.04
     steps:
       - uses: actions/checkout@v3
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Install Requirements
         run: |
           rustup target add wasm32-unknown-unknown
@@ -120,8 +110,8 @@ jobs:
         run: |
           mkdir -p "$HOME/.sgxsdk"
           cd "$HOME/.sgxsdk"
-          SDK_BIN=sgx_linux_x64_sdk_2.17.101.1.bin
-          wget https://download.01.org/intel-sgx/sgx-linux/2.17.1/distro/ubuntu20.04-server/"$SDK_BIN"
+          SDK_BIN=sgx_linux_x64_sdk_2.20.100.4.bin
+          wget https://download.01.org/intel-sgx/sgx-linux/2.20/distro/ubuntu20.04-server/"$SDK_BIN"
           chmod +x "$SDK_BIN"
           echo yes | ./"$SDK_BIN"
       - name: Download LocalSecret
@@ -140,9 +130,11 @@ jobs:
       - uses: actions/download-artifact@v3
         with:
           name: contract.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: contract-v2.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: v1-contract.wasm
@@ -154,24 +146,20 @@ jobs:
       - uses: actions/download-artifact@v3
         with:
           name: contract_with_floats.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: too-high-initial-memory.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - uses: actions/download-artifact@v3
         with:
           name: static-too-high-initial-memory.wasm
+          path: ./x/compute/internal/keeper/testdata/
       - name: Setup Files
         run: |
           find "$(pwd)" -name \*.wasm
           cp libgo_cosmwasm.so ./go-cosmwasm/api/libgo_cosmwasm.so
           cp librust_cosmwasm_enclave.signed.so ./go-cosmwasm/librust_cosmwasm_enclave.signed.so
-          # cp /opt/mount/librandom_api.so /usr/lib/librandom_api.so
-          # cp /opt/mount/tendermint_enclave.signed.so /usr/lib/tendermint_enclave.signed.so
-          cp contract.wasm ./x/compute/internal/keeper/testdata/contract.wasm
-          cp contract-v2.wasm ./x/compute/internal/keeper/testdata/contract-v2.wasm
-          cp too-high-initial-memory.wasm ./x/compute/internal/keeper/testdata/too-high-initial-memory.wasm
-          cp contract_with_floats.wasm ./x/compute/internal/keeper/testdata/contract_with_floats.wasm
-          cp static-too-high-initial-memory.wasm ./x/compute/internal/keeper/testdata/static-too-high-initial-memory.wasm
           find "$(pwd)" -name \*.wasm
       - name: Test x/registration
         run: |
@@ -232,11 +220,6 @@ jobs:
           rustc --version  
           cargo +stable install xargo --version 0.3.25
           xargo --version
-      - name: Download sccache
-        run: |
-          wget https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz
-          tar xf ./sccache-*.tar.gz
-          mv ./sccache*/sccache "$HOME/sccache"
       - name: Clippy
         run: |
           source "$HOME/.sgxsdk/sgxsdk/environment"

.github/workflows/go-lint.yml

@@ -5,7 +5,6 @@ on:
       - "*"
     branches:
       - "*"
-  pull_request:
 permissions:
   contents: read
   # Optional: allow read access to pull request. Use with `only-new-issues` option.

.gitmodules

@@ -1,4 +1,4 @@
 [submodule "third_party/incubator-teaclave-sgx-sdk"]
 	path = third_party/incubator-teaclave-sgx-sdk
 	url = https://github.com/scrtlabs/incubator-teaclave-sgx-sdk
-	branch = secret-new-1.1.5
+	branch = secret-1.x

check-hw/build.rs

@@ -1,7 +1,7 @@
 use std::env;
 
 fn main() {
-    let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/intel/sgxsdk".to_string());
+    let sdk_dir = env::var("SGX_SDK").unwrap_or_else(|_| "/opt/sgxsdk".to_string());
 
     println!("cargo:rustc-link-search=native=../go-cosmwasm/lib");
     println!("cargo:rustc-link-lib=static=Enclave_u");

cosmwasm/contracts/v010/compute-tests/test-compute-contract/rust-toolchain

@@ -0,0 +1 @@
+1.61

cosmwasm/contracts/v010/compute-tests/test-compute-contract/src/contract.rs

@@ -13,6 +13,7 @@ use core::time;
 use mem::MaybeUninit;
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
+use std::ptr::null;
 use std::{mem, thread};
 
 //// consts
@@ -1697,9 +1698,11 @@ fn pass_null_pointer_to_imports_should_throw<S: Storage, A: Api, Q: Querier>(
 ) -> HandleResponse {
     let null_ptr_slice: &[u8] = unsafe { MaybeUninit::zeroed().assume_init() };
 
+    use std::ptr;
+
     match &pass_type[..] {
         "read_db_key" => {
-            deps.storage.get(null_ptr_slice);
+            unsafe { deps.storage.get(null_ptr_slice) };
         }
         "write_db_key" => {
             deps.storage.set(null_ptr_slice, b"write value");

cosmwasm/enclaves/Xargo.toml

@@ -15,7 +15,7 @@ panic_unwind = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_panic_
 sgx_tdh = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tdh", stage = 4 }
 sgx_tseal = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tseal", stage = 4 }
 sgx_tprotected_fs = { path = "../../third_party/incubator-teaclave-sgx-sdk/sgx_tprotected_fs", stage = 4 }
-std = { git = "https://github.com/apache/teaclave-sgx-sdk.git", rev = "c70a82f708fd20e9fd0377990dde097d14024f7a", stage = 5, features = [
+std = { path = "../../third_party/incubator-teaclave-sgx-sdk/xargo/sgx_tstd", stage = 5, features = [
     "net",
     "backtrace",
     "untrusted_fs",

cosmwasm/enclaves/execute/Makefile

@@ -1,7 +1,7 @@
 ######## SGX SDK Settings ########
 
 FEATURES ?=
-SGX_SDK ?= $(HOME)/.sgxsdk/sgxsdk
+SGX_SDK ?= /opt/sgxsdk
 SGX_MODE ?= HW
 SGX_ARCH ?= x64
 BUILD_PROFILE ?= release

cosmwasm/enclaves/execute/src/registration/attestation.rs

@@ -103,7 +103,7 @@ pub fn create_attestation_certificate(
     let (prv_k, pub_k) = ecc_handle.create_key_pair().unwrap();
 
     // this is the ed25519 public key we want to encode
-    let encoded_pubkey = base64::encode(&kp.get_pubkey());
+    let encoded_pubkey = base64::encode(kp.get_pubkey());
 
     let (key_der, cert_der) =
         super::cert::gen_ecc_cert(encoded_pubkey, &prv_k, &pub_k, &ecc_handle)?;
@@ -181,7 +181,6 @@ pub fn get_mr_enclave() -> [u8; 32] {
 
 //input: pub_k: &sgx_ec256_public_t, todo: make this the pubkey of the node
 #[cfg(feature = "SGX_MODE_HW")]
-#[allow(const_err)]
 pub fn create_attestation_report(
     pub_k: &[u8; 32],
     sign_type: sgx_quote_sign_type_t,

cosmwasm/enclaves/execute/src/registration/offchain.rs

@@ -458,7 +458,7 @@ pub unsafe extern "C" fn ecall_key_gen(
 pub unsafe extern "C" fn ecall_get_genesis_seed(
     pk: *const u8,
     pk_len: u32,
-    seed: &mut [u8; SINGLE_ENCRYPTED_SEED_SIZE as usize],
+    seed: &mut [u8; SINGLE_ENCRYPTED_SEED_SIZE],
 ) -> sgx_types::sgx_status_t {
     validate_mut_ptr!(
         seed.as_mut_ptr(),

cosmwasm/enclaves/execute/src/registration/persistency.rs

@@ -4,21 +4,11 @@ use enclave_utils::storage::rewrite_on_untrusted;
 use sgx_types::SgxResult;
 
 pub fn write_public_key(kp: &KeyPair, save_path: &str) -> SgxResult<()> {
-    if let Err(status) =
-        rewrite_on_untrusted(base64::encode(&kp.get_pubkey()).as_bytes(), save_path)
-    {
-        return Err(status);
-    }
-
-    Ok(())
+    rewrite_on_untrusted(base64::encode(kp.get_pubkey()).as_bytes(), save_path)
 }
 
 pub fn write_seed(seed: &[u8], save_path: &str) -> SgxResult<()> {
-    if let Err(status) = rewrite_on_untrusted(base64::encode(seed).as_bytes(), save_path) {
-        return Err(status);
-    }
-
-    Ok(())
+    rewrite_on_untrusted(base64::encode(seed).as_bytes(), save_path)
 }
 
 pub fn write_master_pub_keys(key_manager: &Keychain) -> SgxResult<()> {

cosmwasm/enclaves/execute/src/registration/report.rs

@@ -703,7 +703,7 @@ impl AttestationReport {
                 warn!("Error unpacking enclave quote body");
                 Error::ReportParseError
             })?;
-            let quote_raw = base64::decode(&quote_encoded.as_bytes()).map_err(|_| {
+            let quote_raw = base64::decode(quote_encoded.as_bytes()).map_err(|_| {
                 warn!("Error decoding encoded quote body");
                 Error::ReportParseError
             })?;

cosmwasm/enclaves/execute/src/registration/seed_exchange.rs

@@ -44,7 +44,7 @@ pub fn encrypt_seed(
         .encrypt_siv(seed_to_share.as_slice(), Some(&authenticated_data))
     {
         Ok(r) => {
-            if r.len() != SINGLE_ENCRYPTED_SEED_SIZE as usize {
+            if r.len() != SINGLE_ENCRYPTED_SEED_SIZE {
                 error!(
                     "Seed encryption failed. Got seed of unexpected length: {:?}",
                     r.len()

cosmwasm/enclaves/execute/src/registration/seed_service.rs

@@ -36,7 +36,7 @@ fn create_socket_to_service(host_name: &str) -> Result<c_int, CryptoError> {
         return Err(CryptoError::IPv4LookupError);
     }
 
-    let sock = TcpStream::connect(&addr.unwrap()).map_err(|err| {
+    let sock = TcpStream::connect(addr.unwrap()).map_err(|err| {
         trace!(
             "Error while trying to connect to service with addr: {:?}, err: {:?}",
             addr,
@@ -311,10 +311,6 @@ pub fn get_next_consensus_seed_from_service(
         }
     };
 
-    if let Err(e) = opt_seed {
-        return Err(e);
-    }
-
     let mut seed = opt_seed?;
 
     // XOR the seed with the genesis seed

cosmwasm/enclaves/rust-toolchain

@@ -1 +1 @@
-nightly-2022-02-23
+nightly-2022-10-22

cosmwasm/enclaves/shared/contract-engine/src/contract_validation.rs

@@ -117,7 +117,7 @@ pub fn check_tx_in_current_block(tx_sign_bytes: &[u8]) -> bool {
     // this isn't an attack vector since this can happen anyway by manipulating the state between executions
     while verified_msgs.remaining() > 0 {
         if let Some(verified_msg) = verified_msgs.get_next() {
-            trace!("input tx_sign_bytes: {:?}", hex::encode(&tx_sign_bytes));
+            trace!("input tx_sign_bytes: {:?}", hex::encode(tx_sign_bytes));
             trace!("light client msg: {:?}", hex::encode(&verified_msg));
             if is_subslice(tx_sign_bytes, &verified_msg) {
                 return true;