From fefde6f76381fc82fb9ac2c645cf0b9284036e46 Mon Sep 17 00:00:00 2001 From: vlad Date: Sun, 3 Nov 2024 11:40:39 +0000 Subject: [PATCH] build fixes --- .../execute/src/registration/attestation.rs | 19 +++++++++--------- .../execute/src/registration/offchain.rs | 20 +++++++++++++++---- 2 files changed, 26 insertions(+), 13 deletions(-) diff --git a/cosmwasm/enclaves/execute/src/registration/attestation.rs b/cosmwasm/enclaves/execute/src/registration/attestation.rs index c179ed0c9..8bd3e326f 100644 --- a/cosmwasm/enclaves/execute/src/registration/attestation.rs +++ b/cosmwasm/enclaves/execute/src/registration/attestation.rs @@ -74,6 +74,7 @@ use super::ocalls::{ #[cfg(feature = "SGX_MODE_HW")] use super::{hex, report::EndorsedAttestationReport}; +#[cfg(feature = "SGX_MODE_HW")] use ::hex as orig_hex; #[cfg(feature = "SGX_MODE_HW")] @@ -411,15 +412,15 @@ pub fn verify_quote_ecdsa( let my_p_quote = vec_quote.as_ptr() as *const sgx_quote_t; let report_body = unsafe { (*my_p_quote).report_body }; -// trace!( -// "body.mr_signer = {}", -// orig_hex::encode(&report_body.mr_signer.m) -// ); -// trace!( -// "body.mr_enclave = {}", -// orig_hex::encode(&report_body.mr_enclave.m) -// ); -// trace!("body.report_data = {}", orig_hex::encode(&report_body.report_data.d)); + // trace!( + // "body.mr_signer = {}", + // orig_hex::encode(&report_body.mr_signer.m) + // ); + // trace!( + // "body.mr_enclave = {}", + // orig_hex::encode(&report_body.mr_enclave.m) + // ); + // trace!("body.report_data = {}", orig_hex::encode(&report_body.report_data.d)); Ok((report_body, qv_result)) } diff --git a/cosmwasm/enclaves/execute/src/registration/offchain.rs b/cosmwasm/enclaves/execute/src/registration/offchain.rs index 7057a9e05..87fa177f2 100644 --- a/cosmwasm/enclaves/execute/src/registration/offchain.rs +++ b/cosmwasm/enclaves/execute/src/registration/offchain.rs @@ -47,7 +47,10 @@ use validator_whitelist::ValidatorList; use super::persistency::{write_master_pub_keys, write_seed}; use super::seed_exchange::{decrypt_seed, encrypt_seed, SeedType}; + +#[cfg(feature = "light-client-validation")] use block_verifier::VERIFIED_BLOCK_MESSAGES; + use enclave_utils::storage::write_to_untrusted; /// /// `ecall_init_bootstrap` @@ -717,7 +720,7 @@ impl MigrationApprovalData { } fn is_msg_mrenclave(msg_in_block: &[u8], mrenclave: &[u8]) -> bool { - trace!("*** block msg: {:?}", hex::encode(&msg_in_block)); + trace!("*** block msg: {:?}", hex::encode(msg_in_block)); // we expect a message of the form: // 0a 2d (addr, len=45 bytes) 12 20 (mrenclave 32 bytes) @@ -727,12 +730,12 @@ fn is_msg_mrenclave(msg_in_block: &[u8], mrenclave: &[u8]) -> bool { return false; } - if &msg_in_block[0..2] != [0x0a as u8, 0x2d as u8].as_slice() { + if &msg_in_block[0..2] != [0x0a, 0x2d].as_slice() { trace!("wrong sub1"); return false; } - if &msg_in_block[47..49] != [0x12 as u8, 0x20 as u8].as_slice() { + if &msg_in_block[47..49] != [0x12, 0x20].as_slice() { trace!("wrong sub2"); return false; } @@ -745,6 +748,7 @@ fn is_msg_mrenclave(msg_in_block: &[u8], mrenclave: &[u8]) -> bool { true } +#[cfg(feature = "light-client-validation")] fn check_mrenclave_in_block(msg_slice: &[u8]) -> bool { let mut verified_msgs = VERIFIED_BLOCK_MESSAGES.lock().unwrap(); @@ -758,6 +762,11 @@ fn check_mrenclave_in_block(msg_slice: &[u8]) -> bool { false } +#[cfg(not(feature = "light-client-validation"))] +fn check_mrenclave_in_block(_msg_slice: &[u8]) -> bool { + true +} + #[no_mangle] pub unsafe extern "C" fn ecall_onchain_approve_upgrade( msg: *const u8, @@ -863,7 +872,10 @@ fn is_export_approved_offchain(mut f_in: File, report: &sgx_report_body_t) -> bo let sig_bytes = base64::decode(sig_str).unwrap(); let sig_obj = Signature::from_bytes(&sig_bytes).unwrap(); - if let Err(_) = pubkey_obj.verify_strict(&report.mr_enclave.m, &sig_obj) { + if pubkey_obj + .verify_strict(&report.mr_enclave.m, &sig_obj) + .is_err() + { panic!("Incorrect signature for address: {}", addr_str); }