Host-enclave separation & redesign (#283)

Author: hu55a1n1

Cargo.lock

@@ -24,6 +24,7 @@ authors = ["Informal Systems <[email protected]>"]
 # external
 anyhow = { version = "1.0.86", features = ["std", "backtrace"] }
 async-trait = { version = "0.1.79", default-features = false }
+bincode = { version = "2.0.0-rc.3", default-features = false, features = ["alloc"] }
 bip32 = { version = "0.5.1", default-features = false, features = [
     "alloc",
     "secp256k1",
@@ -47,6 +48,7 @@ k256 = { version = "0.13.2", default-features = false, features = [
     "ecdsa",
     "alloc",
 ] }
+log = { version = "0.4.25", default-features = false }
 num-bigint = { version = "0.4.4", default-features = false }
 p256 = { version = "0.13.2", default-features = false }
 prost = { version = "0.13.1", default-features = false }

Cargo.toml

@@ -21,13 +21,16 @@ mock-sgx = ["quartz-contract-core/mock-sgx"]
 # external
 anyhow.workspace = true
 async-trait.workspace = true
+bincode.workspace = true
 sha2 = { workspace = true }
 clap.workspace = true
 color-eyre.workspace = true
+displaydoc.workspace = true
 ecies.workspace = true
 futures-util.workspace = true
 hex.workspace = true
 k256.workspace = true
+log.workspace = true
 rand.workspace = true
 reqwest = { workspace = true, features = ["blocking"] }
 serde.workspace = true
@@ -49,8 +52,10 @@ tendermint-light-client.workspace = true
 tendermint-rpc = { workspace = true, features = ["websocket-client", "http-client"] }
 
 # quartz
+cw-client.workspace = true
 quartz-cw-proof.workspace = true
 quartz-contract-core.workspace = true
 quartz-proto.workspace = true
+quartz-tm-prover.workspace = true
 quartz-tee-ra.workspace = true
 quartz-tm-stateless-verifier.workspace = true

crates/enclave/core/Cargo.toml

@@ -0,0 +1,36 @@
+use std::fmt::Display;
+
+use serde::{de::DeserializeOwned, Serialize};
+
+pub mod default;
+
+#[async_trait::async_trait]
+pub trait ChainClient: Send + Sync + 'static {
+    type Contract: Send + Sync + 'static;
+    type Error: Display + Send + Sync + 'static;
+    type Proof: Serialize + Send + Sync + 'static;
+    type Query: Send + Sync + 'static;
+    type TxConfig: Send + Sync + 'static;
+    type TxOutput: Send + Sync + 'static;
+
+    async fn query_contract<R: DeserializeOwned + Default + Send>(
+        &self,
+        contract: &Self::Contract,
+        query: impl Into<Self::Query> + Send,
+    ) -> Result<R, Self::Error>;
+
+    async fn existence_proof(
+        &self,
+        contract: &Self::Contract,
+        storage_key: &str,
+    ) -> Result<Self::Proof, Self::Error>;
+
+    async fn send_tx<T: Serialize + Send + Sync>(
+        &self,
+        contract: &Self::Contract,
+        tx: T,
+        config: Self::TxConfig,
+    ) -> Result<Self::TxOutput, Self::Error>;
+
+    async fn wait_for_blocks(&self, blocks: u8) -> Result<(), Self::Error>;
+}

crates/enclave/core/src/chain_client.rs

@@ -0,0 +1,163 @@
+use anyhow::anyhow;
+use cosmrs::{crypto::secp256k1::SigningKey, AccountId};
+use cw_client::{CwClient, GrpcClient};
+use futures_util::StreamExt;
+use quartz_tm_prover::{
+    config::{Config as TmProverConfig, ProofOutput},
+    prover::prove,
+};
+use reqwest::Url;
+use serde::{de::DeserializeOwned, Serialize};
+use serde_json::{json, Value};
+use tendermint::{block::Height, chain::Id as TmChainId, Hash};
+use tendermint_rpc::{query::EventType, SubscriptionClient, WebSocketClient};
+
+use crate::chain_client::ChainClient;
+
+pub struct DefaultChainClient {
+    chain_id: TmChainId,
+    grpc_client: GrpcClient,
+    node_url: Url,
+    ws_url: Url,
+    trusted_height: Height,
+    trusted_hash: Hash,
+}
+
+impl DefaultChainClient {
+    pub fn new(
+        chain_id: TmChainId,
+        signer: SigningKey,
+        grpc_url: Url,
+        node_url: Url,
+        ws_url: Url,
+        trusted_height: Height,
+        trusted_hash: Hash,
+    ) -> Self {
+        DefaultChainClient {
+            chain_id,
+            grpc_client: GrpcClient::new(signer, grpc_url),
+            node_url,
+            ws_url,
+            trusted_height,
+            trusted_hash,
+        }
+    }
+}
+
+pub enum Query {
+    Json(Value),
+    String(String),
+}
+
+impl From<Value> for Query {
+    fn from(value: Value) -> Self {
+        Self::Json(value)
+    }
+}
+
+impl From<String> for Query {
+    fn from(value: String) -> Self {
+        Self::String(value)
+    }
+}
+
+#[async_trait::async_trait]
+impl ChainClient for DefaultChainClient {
+    type Contract = AccountId;
+    type Error = anyhow::Error;
+    type Proof = ProofOutput;
+    type Query = Query;
+    type TxConfig = DefaultTxConfig;
+    type TxOutput = String;
+
+    async fn query_contract<R: DeserializeOwned + Default + Send>(
+        &self,
+        contract: &Self::Contract,
+        query: impl Into<Self::Query> + Send,
+    ) -> Result<R, Self::Error> {
+        match query.into() {
+            Query::Json(q) => self.grpc_client.query_smart(contract, q).await,
+            Query::String(q) => self.grpc_client.query_raw(contract, q).await,
+        }
+    }
+
+    async fn existence_proof(
+        &self,
+        contract: &Self::Contract,
+        storage_key: &str,
+    ) -> Result<Self::Proof, Self::Error> {
+        let prover_config = TmProverConfig {
+            primary: self.node_url.as_str().parse()?,
+            witnesses: self.node_url.as_str().parse()?,
+            trusted_height: self.trusted_height,
+            trusted_hash: self.trusted_hash,
+            verbose: "1".parse()?,
+            contract_address: contract.clone(),
+            storage_key: storage_key.to_string(),
+            chain_id: self.chain_id.to_string(),
+            ..Default::default()
+        };
+
+        let proof_output = tokio::task::spawn_blocking(move || {
+            // Create a new runtime inside the blocking thread.
+            let rt = tokio::runtime::Runtime::new()?;
+            rt.block_on(async {
+                prove(prover_config)
+                    .await
+                    .map_err(|report| anyhow!("Tendermint prover failed. Report: {}", report))
+            })
+        })
+        .await??; // Handle both JoinError and your custom error
+        Ok(proof_output)
+    }
+
+    async fn send_tx<T: Serialize + Send + Sync>(
+        &self,
+        contract: &Self::Contract,
+        tx: T,
+        config: Self::TxConfig,
+    ) -> Result<Self::TxOutput, Self::Error> {
+        self.grpc_client
+            .tx_execute(
+                contract,
+                &self.chain_id,
+                config.gas,
+                "",
+                json!(tx),
+                &config.amount,
+            )
+            .await
+    }
+
+    async fn wait_for_blocks(&self, _blocks: u8) -> Result<(), Self::Error> {
+        let (client, driver) = WebSocketClient::new(self.ws_url.to_string().as_str()).await?;
+
+        let driver_handle = tokio::spawn(async move { driver.run().await });
+
+        // Subscription functionality
+        let mut subs = client.subscribe(EventType::NewBlock.into()).await?;
+
+        // Wait 2 NewBlock events
+        let mut ev_count = 2_i32;
+
+        while let Some(res) = subs.next().await {
+            let _ev = res?;
+            ev_count -= 1;
+            if ev_count == 0 {
+                break;
+            }
+        }
+
+        // Signal to the driver to terminate.
+        client.close()?;
+        // Await the driver's termination to ensure proper connection closure.
+        let _ = driver_handle.await?;
+
+        Ok(())
+    }
+}
+
+pub struct DefaultTxConfig {
+    pub gas: u64,
+    pub amount: String,
+}

crates/enclave/core/src/chain_client/default.rs

@@ -0,0 +1,51 @@
+use anyhow::{anyhow, Error as AnyhowError};
+use cosmrs::AccountId;
+use tendermint_rpc::event::Event as TmEvent;
+
+use crate::{chain_client::ChainClient, handler::Handler};
+
+#[derive(Clone, Debug)]
+pub struct QuartzEvent<E> {
+    pub contract: AccountId,
+    inner: E,
+}
+
+impl<E> TryFrom<TmEvent> for QuartzEvent<E>
+where
+    E: TryFrom<TmEvent, Error = AnyhowError>,
+{
+    type Error = AnyhowError;
+
+    fn try_from(event: TmEvent) -> Result<Self, Self::Error> {
+        let Some(events) = &event.events else {
+            return Err(anyhow!("no events in tx"));
+        };
+
+        let contract = events
+            .get("execute._contract_address")
+            .ok_or_else(|| anyhow!("missing execute._contract_address in events"))?
+            .first()
+            .ok_or_else(|| anyhow!("execute._contract_address is empty"))?
+            .parse::<AccountId>()
+            .map_err(|e| anyhow!("failed to parse contract address: {}", e))?;
+
+        Ok(QuartzEvent {
+            contract,
+            inner: event.try_into()?,
+        })
+    }
+}
+
+#[async_trait::async_trait]
+impl<C, E> Handler<C> for QuartzEvent<E>
+where
+    C: ChainClient<Contract = AccountId>,
+    E: Handler<C, Error = AnyhowError>,
+{
+    type Error = AnyhowError;
+    type Response = <E as Handler<C>>::Response;
+
+    async fn handle(self, ctx: &C) -> Result<Self::Response, Self::Error> {
+        self.inner.handle(ctx).await
+    }
+}