Problem (WIP #1996): no support for genesis build procedure involving…

… TDBE Solution: - preliminary try implemented in build.sh
crypto-com · Aug 27, 2020 · d9e512d · d9e512d
1 parent 4427431
commit d9e512d
Show file tree

Hide file tree

Showing 9 changed files with 104 additions and 16 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/chain-core/src/init/config.rs b/chain-core/src/init/config.rs
@@ -6,7 +6,7 @@ use crate::state::account::{
  ConfidentialInit, CouncilNodeMeta, MLSInit, NodeName, NodeSecurityContact, StakedState,
  StakedStateAddress, StakedStateDestination,
 };
-use crate::state::tendermint::TendermintValidatorPubKey;
+use crate::state::tendermint::{TendermintValidatorPubKey, TendermintVotePower};
 use crate::state::RewardsPoolState;
 use mls::{error::KeyPackageError, Codec, DefaultCipherSuite, KeyPackage};
 use ra_client::ENCLAVE_CERT_VERIFIER;
@@ -245,3 +245,35 @@ fn verify_keypackage(genesis_time: Timespec, keypackage: &[u8]) -> Result<u16, D
  .map_err(DistributionError::KeyPackageVerifyError)?;
  Ok(info.quote.report_body.isv_svn)
 }
+
+/// Compiled into tdbe enclave as genesis
+#[derive(Debug, PartialEq, Eq, Clone, Serialize, Deserialize)]
+pub struct LightGenesis {
+ ///
+ #[serde(with = "map_as_vec")]
+ pub validators: BTreeMap<TendermintValidatorPubKey, TendermintVotePower>,
+}
+
+mod map_as_vec {
+ use serde::{Deserialize, Deserializer, Serialize, Serializer};
+ use std::collections::BTreeMap;
+
+ pub fn serialize<S: Serializer, K: Ord + Serialize, V: Serialize>(
+ value: &BTreeMap<K, V>,
+ serializer: S,
+ ) -> Result<S::Ok, S::Error> {
+ let vec = value.iter().collect::<Vec<_>>();
+ vec.serialize(serializer)
+ }
+
+ pub fn deserialize<'de, D, K: Ord + Deserialize<'de>, V: Deserialize<'de>>(
+ deserializer: D,
+ ) -> Result<BTreeMap<K, V>, D::Error>
+ where
+ D: Deserializer<'de>,
+ {
+ Ok(Vec::<(K, V)>::deserialize(deserializer)?
+ .into_iter()
+ .collect::<BTreeMap<_, _>>())
+ }
+}
diff --git a/chain-tx-enclave-next/tdbe/enclave-app/Cargo.toml b/chain-tx-enclave-next/tdbe/enclave-app/Cargo.toml
@@ -18,6 +18,7 @@ thread-pool = "0.1"
 webpki = "0.21"
 zeroize = "1.1"
 chrono = "0.4"
+serde_json = "1.0"
 
 chain-core = { path = "../../../chain-core", default-features = false, features = ["edp"] }
 enclave-protocol = { path = "../../../enclave-protocol", features = ["edp"] }

diff --git a/chain-tx-enclave-next/tdbe/enclave-app/src/sgx_module.rs b/chain-tx-enclave-next/tdbe/enclave-app/src/sgx_module.rs
@@ -15,6 +15,7 @@ use sgx_isa::Report;
 use thread_pool::ThreadPool;
 use webpki::DNSNameRef;
 
+use chain_core::init::config::LightGenesis;
 use chain_core::tx::data::TxId;
 use enclave_macro::mock_key;
 use enclave_protocol::{
@@ -28,6 +29,12 @@ use ra_enclave::{EnclaveRaConfig, EnclaveRaContext, DEFAULT_EXPIRATION_SECS};
 use tdbe_common::TdbeStartupConfig;
 
 const THREAD_POOL_SIZE: usize = 4;
+const LIGHT_GENESIS: &str = include_str!("light_genesis.json");
+
+/// returns the compiled in light client genesis trust basis
+pub fn get_light_genesis() -> LightGenesis {
+ serde_json::from_str(LIGHT_GENESIS).unwrap()
+}
 
 pub fn entry() -> std::io::Result<()> {
  // Initialize logger

diff --git a/chain-tx-enclave-next/tx-validation-next/src/sgx_module.rs b/chain-tx-enclave-next/tx-validation-next/src/sgx_module.rs
@@ -10,7 +10,7 @@ use aes_gcm_siv::Aes128GcmSiv;
 use chain_core::tx::TX_AUX_SIZE;
 use chain_tx_filter::BlockFilter;
 use chain_tx_validation::Error;
-use enclave_macro::{get_network_id, get_tdbe_mrenclave};
+use enclave_macro::get_network_id;
 use enclave_protocol::{IntraEnclaveRequest, IntraEnclaveResponse, IntraEnclaveResponseOk};
 use enclave_utils::tls::{create_ra_context, create_tls_client_stream};
 use parity_scale_codec::{Decode, Encode};
@@ -24,6 +24,7 @@ use std::sync::Arc;
 
 /// FIXME: genesis app hash etc.?
 pub const NETWORK_HEX_ID: u8 = get_network_id!();
+pub const TDBE_MRENCLAVE: &[u8; 32] = include_bytes!("tdbe.mrenclave");
 
 pub(crate) fn write_response<I: Write>(response: IntraEnclaveResponse, output: &mut I) {
  if let Err(e) = output.write_all(&response.encode()) {
@@ -35,7 +36,7 @@ fn get_tdbe_enclave_verifier() -> EnclaveCertVerifier {
  log::info!("Creating enclave certificate verifier for transaction data bootstrapping");
 
  let enclave_info =
- EnclaveInfo::from_report_other_enclave(Report::for_self(), Some(get_tdbe_mrenclave!()));
+ EnclaveInfo::from_report_other_enclave(Report::for_self(), Some(*TDBE_MRENCLAVE));
  let verifier_config = EnclaveCertVerifierConfig::new_with_enclave_info(enclave_info);
  let verifier = EnclaveCertVerifier::new(verifier_config)
  .expect("Unable to create enclave certificate verifier");

diff --git a/chain-tx-enclave/enclave-macro/src/lib.rs b/chain-tx-enclave/enclave-macro/src/lib.rs
@@ -30,9 +30,3 @@ pub fn get_mrsigner(_input: TokenStream) -> TokenStream {
 pub fn get_tqe_mrenclave(_input: TokenStream) -> TokenStream {
  get_32byte_from_hex(env! {"TQE_MRENCLAVE"})
 }
-
-#[proc_macro]
-#[cfg(feature = "tdbe-macro")]
-pub fn get_tdbe_mrenclave(_input: TokenStream) -> TokenStream {
- get_32byte_from_hex(env! {"TDBE_MRENCLAVE"})
-}
diff --git a/dev-utils/src/commands/genesis_command.rs b/dev-utils/src/commands/genesis_command.rs
@@ -97,6 +97,19 @@ pub enum GenesisCommand {
  )]
  tendermint_genesis_path: Option<PathBuf>,
  },
+ #[structopt(
+ name = "light",
+ about = "Calculate the light genesis information from dev-conf.json"
+ )]
+ Light {
+ #[structopt(
+ name = "genesis_dev_config_path",
+ short,
+ long,
+ help = "Path to a file containing the genesis-related configuration (e.g. ERC20 holdership) -- see example-dev-conf.json"
+ )]
+ genesis_dev_config_path: PathBuf,
+ },
 }
 
 impl GenesisCommand {
@@ -123,6 +136,9 @@ impl GenesisCommand {
  GenesisCommand::Fingerprint {
  tendermint_genesis_path,
  } => get_genesis_fingerprint(tendermint_genesis_path),
+ GenesisCommand::Light {
+ genesis_dev_config_path,
+ } => generate_light_genesis(genesis_dev_config_path),
  }
  }
 }
@@ -274,6 +290,27 @@ fn generate_genesis_command(
  Ok(())
 }
 
+fn generate_light_genesis(genesis_dev_config_path: &PathBuf) -> Result<()> {
+ let genesis_dev_config_string = fs::read_to_string(genesis_dev_config_path).chain(|| {
+ (
+ ErrorKind::InvalidInput,
+ "Something went wrong reading the genesis dev config file",
+ )
+ })?;
+ let genesis_dev_config: GenesisDevConfig = serde_json::from_str(&genesis_dev_config_string)
+ .chain(|| {
+ (
+ ErrorKind::DeserializationError,
+ "failed to parse genesis dev config",
+ )
+ })?;
+ println!(
+ "{}",
+ serde_json::to_string(&genesis_dev_config.light_genesis()).unwrap()
+ );
+ Ok(())
+}
+
 fn find_default_tendermint_path() -> Option<PathBuf> {
  find_tendermint_path_from_tmhome().or_else(find_tendermint_path_from_home)
 }

diff --git a/dev-utils/src/commands/genesis_dev_config.rs b/dev-utils/src/commands/genesis_dev_config.rs
@@ -5,7 +5,7 @@ use serde::{Deserialize, Serialize};
 use chain_core::init::{
  address::RedeemAddress,
  coin::Coin,
- config::{JailingParameters, RewardsParameters, SlashRatio, SlashingParameters},
+ config::{JailingParameters, LightGenesis, RewardsParameters, SlashRatio, SlashingParameters},
 };
 use chain_core::state::account::{ConfidentialInit, NodeName, NodeSecurityContact};
 use chain_core::state::tendermint::TendermintValidatorPubKey;
@@ -64,6 +64,16 @@ impl GenesisDevConfig {
  council_nodes: BTreeMap::new(),
  }
  }
+
+ pub fn light_genesis(&self) -> LightGenesis {
+ LightGenesis {
+ validators: self
+ .council_nodes
+ .iter()
+ .map(|(addr, (_, _, pubkey, _))| (pubkey.clone(), self.distribution[addr].into()))
+ .collect::<BTreeMap<_, _>>(),
+ }
+ }
 }
 
 #[derive(Serialize, Deserialize, Debug)]

diff --git a/docker/build.sh b/docker/build.sh
@@ -8,8 +8,10 @@ fi
 
 BUILD_PROFILE=${BUILD_PROFILE:-debug}
 BUILD_MODE=${BUILD_MODE:-sgx}
-CARGO_TARGET_DIR=${CARGO_TARGET_DIR:-"../target"}
+CARGO_TARGET_DIR=${CARGO_TARGET_DIR:-"target"}
 EDP_TARGET_DIR=$CARGO_TARGET_DIR/x86_64-fortanix-unknown-sgx/$BUILD_PROFILE
+DEV_CONF=${DEV_CONF:-"dev-utils/example-dev-conf.json"}
+export NETWORK_ID=${NETWORK_ID:-AB}
 
 if [ $BUILD_PROFILE == "debug" ]; then
  export SGX_DEBUG=1
@@ -37,13 +39,16 @@ if [ $BUILD_MODE == "sgx" ]; then
  export TQE_MRENCLAVE=$(od -A none -t x1 --read-bytes=32 -j 960 -w32 $TQE_SIGSTRUCT | tr -d ' ')
  export MRSIGNER=$(dd if=$TQE_SIGSTRUCT bs=1 skip=128 count=384 status=none | sha256sum | awk '{print $1}')
 
+ cargo build $CARGO_ARGS -p dev-utils
+ $CARGO_TARGET_DIR/$BUILD_PROFILE/dev-utils genesis light --genesis_dev_config_path $DEV_CONF > chain-tx-enclave-next/tdbe/enclave-app/src/light_genesis.json
+
  # tdbe
  RUSTFLAGS="-Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3,+pclmul" cargo build --target x86_64-fortanix-unknown-sgx --package tdb-enclave-app
  ftxsgx-elf2sgxs $EDP_TARGET_DIR/tdb-enclave-app --heap-size 0x2000000 --stack-size 0x80000 --threads 6 $EDP_ARGS
  sgxs-sign --key DEV_ONLY_KEY.kem $EDP_TARGET_DIR/tdb-enclave-app.sgxs $EDP_TARGET_DIR/tdb-enclave-app.sig -d --xfrm 7/0 --isvprodid $(( 16#$NETWORK_ID )) --isvsvn 0
 
  export TDBE_SIGSTRUCT=$EDP_TARGET_DIR/tdb-enclave-app.sig
- export TDBE_MRENCLAVE=$(od -A none -t x1 --read-bytes=32 -j 960 -w32 $TDBE_SIGSTRUCT | tr -d ' ')
+ dd if=$TDBE_SIGSTRUCT bs=960 skip=1 | dd bs=32 count=1 > chain-tx-enclave-next/tx-validation-next/src/tdbe.mrenclave
 
  # tx-validation enclave
  RUSTFLAGS="-Ctarget-feature=+aes,+sse2,+sse4.1,+ssse3,+pclmul,+sha" cargo build --target x86_64-fortanix-unknown-sgx --package tx-validation-next