Refactor random proof creation to be common to both enclaves

scrtlabs · Aug 27, 2023 · 05cc0ff · 05cc0ff
1 parent 7113545
commit 05cc0ff
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 28 deletions.
diff --git a/cosmwasm/enclaves/Cargo.lock b/cosmwasm/enclaves/Cargo.lock
diff --git a/cosmwasm/enclaves/shared/block-verifier/Cargo.toml b/cosmwasm/enclaves/shared/block-verifier/Cargo.toml
@@ -6,7 +6,7 @@ edition = "2018"
 [features]
 default = ["random"]
 test = ["base64"]
-random = []
+random = ["enclave_utils/random"]
 production = []
 verify-validator-whitelist = []
 

diff --git a/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs b/cosmwasm/enclaves/shared/block-verifier/src/verify/random.rs
@@ -1,34 +1,11 @@
 #![cfg(feature = "random")]
 
-use enclave_crypto::{sha_256, SIVEncryptable, KEY_MANAGER};
-use log::{debug, error, trace};
+use enclave_crypto::{SIVEncryptable, KEY_MANAGER};
+use log::{debug, error};
 use sgx_types::sgx_status_t;
 use tendermint::Hash;
+use enclave_utils::random::create_random_proof;
 
-pub fn create_proof(height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] {
-    trace!(
-        "Height: {:?}\nRandom: {:?}\nApphash: {:?}",
-        height,
-        random,
-        block_hash
-    );
-    let irs = KEY_MANAGER.initial_randomness_seed.unwrap();
-
-    let height_bytes = height.to_be_bytes();
-    let irs_bytes = irs.get();
-
-    let data_len = height_bytes.len() + random.len() + block_hash.len() + irs_bytes.len();
-    let mut data = Vec::with_capacity(data_len);
-
-    data.extend_from_slice(&height_bytes);
-    data.extend_from_slice(random);
-    data.extend_from_slice(block_hash);
-    data.extend_from_slice(irs_bytes);
-
-    sha_256(data.as_slice())
-}
-
-#[cfg(feature = "random")]
 pub fn validate_encrypted_random(
     random_and_proof: &[u8],
     validator_set_hash: Hash,
@@ -42,7 +19,9 @@ pub fn validate_encrypted_random(
         .get(48..)
         .ok_or(sgx_status_t::SGX_ERROR_INVALID_PARAMETER)?;
 
-    let calculated_proof = create_proof(height, encrypted_random_slice, app_hash);
+
+    let irs = KEY_MANAGER.initial_randomness_seed.unwrap();
+    let calculated_proof = create_random_proof(&irs, height, encrypted_random_slice, app_hash);
 
     if calculated_proof != rand_proof {
         error!(

diff --git a/cosmwasm/enclaves/shared/utils/Cargo.toml b/cosmwasm/enclaves/shared/utils/Cargo.toml
@@ -6,6 +6,7 @@ edition = "2018"
 
 [features]
 production = []
+random = []
 
 # This annotation is here to trick the IDE into showing us type information about this crate.
 # We always compile to the "sgx" target, so this will always be false.
@@ -28,3 +29,5 @@ serde = { git = "https://github.com/mesalock-linux/serde-sgx", features = [
   "derive"
 ] }
 serde_json = { git = "https://github.com/mesalock-linux/serde-json-sgx" }
+
+enclave_crypto = {path = "../crypto"}
diff --git a/cosmwasm/enclaves/shared/utils/src/lib.rs b/cosmwasm/enclaves/shared/utils/src/lib.rs
@@ -17,3 +17,6 @@ mod results;
 pub mod storage;
 pub mod tx_bytes;
 pub mod validator_set;
+
+#[cfg(feature = "random")]
+pub mod random;
diff --git a/cosmwasm/enclaves/shared/utils/src/random.rs b/cosmwasm/enclaves/shared/utils/src/random.rs
@@ -0,0 +1,24 @@
+#![cfg(feature = "random")]
+
+use enclave_crypto::{AESKey, Hmac};
+use log::{trace};
+
+pub fn create_random_proof(key: &AESKey, height: u64, random: &[u8], block_hash: &[u8]) -> [u8; 32] {
+    trace!(
+        "Height: {:?}\nRandom: {:?}\nApphash: {:?}",
+        height,
+        random,
+        block_hash
+    );
+
+    let height_bytes = height.to_be_bytes();
+
+    let data_len = height_bytes.len() + random.len() + block_hash.len();
+    let mut data = Vec::with_capacity(data_len);
+
+    data.extend_from_slice(&height_bytes);
+    data.extend_from_slice(random);
+    data.extend_from_slice(block_hash);
+
+    key.sign_sha_256(&data)
+}