Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hmac all the things #1523

Merged
merged 9 commits into from
Aug 28, 2023
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
19 changes: 10 additions & 9 deletions cosmwasm/enclaves/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion cosmwasm/enclaves/execute/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "secret-enclave"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"
description = "An enclave running wasmi, to be used by cosmwasm-sgx-vm"
Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/block-verifier/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ edition = "2018"
[features]
default = ["random"]
test = ["base64"]
random = []
random = ["enclave_utils/random"]
production = []
verify-validator-whitelist = []

Expand Down
33 changes: 6 additions & 27 deletions cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs
Original file line number Diff line number Diff line change
@@ -1,34 +1,11 @@
#![cfg(feature = "random")]

use enclave_crypto::{sha_256, SIVEncryptable, KEY_MANAGER};
use log::{debug, error, trace};
use enclave_crypto::{SIVEncryptable, KEY_MANAGER};
use log::{debug, error};
use sgx_types::sgx_status_t;
use tendermint::Hash;
use enclave_utils::random::create_random_proof;

pub fn create_proof(height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] {
trace!(
"Height: {:?}\nRandom: {:?}\nApphash: {:?}",
height,
random,
block_hash
);
let irs = KEY_MANAGER.initial_randomness_seed.unwrap();

let height_bytes = height.to_be_bytes();
let irs_bytes = irs.get();

let data_len = height_bytes.len() + random.len() + block_hash.len() + irs_bytes.len();
let mut data = Vec::with_capacity(data_len);

data.extend_from_slice(&height_bytes);
data.extend_from_slice(random);
data.extend_from_slice(block_hash);
data.extend_from_slice(irs_bytes);

sha_256(data.as_slice())
}

#[cfg(feature = "random")]
pub fn validate_encrypted_random(
random_and_proof: &[u8],
validator_set_hash: Hash,
Expand All @@ -42,7 +19,9 @@ pub fn validate_encrypted_random(
.get(48..)
.ok_or(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)?;

let calculated_proof = create_proof(height, encrypted_random_slice, app_hash);

let irs = KEY_MANAGER.initial_randomness_seed.unwrap();
let calculated_proof = create_random_proof(&irs, height, encrypted_random_slice, app_hash);

if calculated_proof != rand_proof {
error!(
Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/contract-engine/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "enclave_contract_engine"
version = "1.6.0"
version = "1.11.0"
authors = ["Cashmaney <[email protected]>"]
edition = "2018"

Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/cosmos-proto/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cosmos_proto"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/cosmos-types/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "enclave_cosmos_types"
version = "1.6.0"
version = "1.11.0"
authors = ["Cashmaney <[email protected]>"]
edition = "2018"

Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cw_types_generic"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/cosmwasm-types/v0.10/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cw_types_v010"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/cosmwasm-types/v1.0/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "cw_types_v1"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

Expand Down
2 changes: 1 addition & 1 deletion cosmwasm/enclaves/shared/crypto/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
[package]
name = "enclave_crypto"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

Expand Down
5 changes: 4 additions & 1 deletion cosmwasm/enclaves/shared/utils/Cargo.toml
Original file line number Diff line number Diff line change
@@ -1,11 +1,12 @@
[package]
name = "enclave_utils"
version = "1.6.0"
version = "1.11.0"
authors = ["SCRT Labs <[email protected]>"]
edition = "2018"

[features]
production = []
random = []

# This annotation is here to trick the IDE into showing us type information about this crate.
# We always compile to the "sgx" target, so this will always be false.
Expand All @@ -28,3 +29,5 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [
"derive"
] }
serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" }

enclave_crypto = { path = "../crypto" }
3 changes: 3 additions & 0 deletions cosmwasm/enclaves/shared/utils/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,3 +17,6 @@ mod results;
pub mod storage;
pub mod tx_bytes;
pub mod validator_set;

#[cfg(feature = "random")]
pub mod random;
24 changes: 24 additions & 0 deletions cosmwasm/enclaves/shared/utils/src/random.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
#![cfg(feature = "random")]

use enclave_crypto::{AESKey, Hmac};
use log::{trace};

pub fn create_random_proof(key: &AESKey, height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] {
trace!(
"Height: {:?}\nRandom: {:?}\nApphash: {:?}",
height,
random,
block_hash
);

let height_bytes = height.to_be_bytes();

let data_len = height_bytes.len() + random.len() + block_hash.len();
let mut data = Vec::with_capacity(data_len);

data.extend_from_slice(&height_bytes);
data.extend_from_slice(random);
data.extend_from_slice(block_hash);

key.sign_sha_256(&data)
}
39 changes: 16 additions & 23 deletions deployment/dockerfiles/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -24,19 +24,7 @@ ENV PATH="/root/.cargo/bin:$PATH"
# Set working directory for the build
WORKDIR /go/src/github.com/enigmampc/SecretNetwork/

COPY rust-toolchain rust-toolchain
RUN rustup component add rust-src
RUN cargo install xargo --version 0.3.25

# Add submodules
COPY third_party third_party

# Add source files
COPY go-cosmwasm go-cosmwasm/
COPY cosmwasm cosmwasm/

# ***************** COMPILE ENCLAVE ************** #

FROM prepare-compile-enclave AS compile-enclave

ARG BUILD_VERSION="v0.0.0"
Expand All @@ -51,42 +39,48 @@ ENV FEATURES=${FEATURES}
ENV FEATURES_U=${FEATURES_U}
ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}

COPY rust-toolchain rust-toolchain
RUN rustup component add rust-src
RUN cargo install xargo --version 0.3.25

# Add submodules
COPY third_party third_party

# Add source files
COPY go-cosmwasm go-cosmwasm/
COPY cosmwasm cosmwasm/

COPY rust-toolchain rust-toolchain
RUN rustup component add rust-src
RUN cargo install xargo --version 0.3.25


WORKDIR /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm

RUN . /opt/sgxsdk/environment && env \
&& MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} VERSION=${VERSION} FEATURES=${FEATURES} FEATURES_U=${FEATURES_U} SGX_MODE=${SGX_MODE} make build-rust

ENTRYPOINT ["/bin/bash"]

FROM prepare-compile-enclave AS compile-tendermint-enclave

ARG BUILD_VERSION="v0.0.0"
ARG SGX_MODE=SW
ARG FEATURES
ARG FEATURES_U
ARG MITIGATION_CVE_2020_0551=LOAD

ARG SGX_MODE=${SGX_MODE}
ENV VERSION=${BUILD_VERSION}
ENV SGX_MODE=${SGX_MODE}
ENV FEATURES=${FEATURES}
ENV FEATURES_U=${FEATURES_U}
ENV MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551}

RUN git clone --branch v1.9.3 --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git
RUN git clone --branch main --depth 1 https://github.com/scrtlabs/tm-secret-enclave.git

WORKDIR tm-secret-enclave

RUN git submodule init
RUN git submodule update --remote

RUN rustup component add rust-src
RUN cargo install xargo --version 0.3.25

RUN . /opt/sgxsdk/environment && env && MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} SGX_MODE=${SGX_MODE} FEATURES_U="$(echo \"${FEATURES_U}\" | perl -pe 's/go-tests|debug-print//g')" make build
RUN . /opt/sgxsdk/environment && env && LD_LIBRARY_PATH=/opt/sgxsdk/lib64 FEATURES=${FEATURES} MITIGATION_CVE_2020_0551=${MITIGATION_CVE_2020_0551} SGX_MODE=${SGX_MODE} FEATURES_U="$(echo \"${FEATURES_U}\" | perl -pe 's/go-tests|debug-print//g')" make build

# ***************** COMPILE SECRETD ************** #
FROM $SCRT_BASE_IMAGE_ENCLAVE AS compile-secretd
Expand Down Expand Up @@ -137,7 +131,6 @@ RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/relea

COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/target/release/libgo_cosmwasm.so
COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_enclave.signed.so
# COPY --from=compile-enclave /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so /go/src/github.com/enigmampc/SecretNetwork/go-cosmwasm/librust_cosmwasm_query_enclave.signed.so

RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/develop
RUN mkdir -p /go/src/github.com/enigmampc/SecretNetwork/ias_keys/sw_dummy
Expand Down Expand Up @@ -188,7 +181,6 @@ ENV SCRT_ENCLAVE_DIR=/usr/lib/
# workaround because paths seem kind of messed up
RUN ln -s /opt/sgxsdk/lib64/libsgx_urts_sim.so /usr/lib/x86_64-linux-gnu/libsgx_urts_sim.so
RUN ln -s /opt/sgxsdk/lib64/libsgx_uae_service_sim.so /usr/lib/x86_64-linux-gnu/libsgx_uae_service_sim.so

# Install ca-certificates
WORKDIR /root

Expand All @@ -211,6 +203,7 @@ RUN chmod +x bootstrap_init.sh
RUN chmod +x startup.sh
RUN chmod +x node_init.sh


RUN secretd completion > /root/secretd_completion

# RUN echo "SECRET_NODE_TYPE=${SECRET_NODE_TYPE}" >> ~/.bashrc
Expand Down
12 changes: 6 additions & 6 deletions go-cosmwasm/Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading