wrap submitBlockSignatures ecall

Author: cboh4

go-cosmwasm/api/ecall_record.go

@@ -17,6 +17,7 @@ import (
 	v1types "github.com/scrtlabs/SecretNetwork/go-cosmwasm/types/v1"
 
 	"github.com/scrtlabs/SecretNetwork/go-cosmwasm/types"
+	tmapi "github.com/scrtlabs/tm-secret-enclave/api"
 )
 
 // nice aliases to the rust names
@@ -48,6 +49,32 @@ func HealthCheck() ([]byte, error) {
 }
 
 func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom []byte /* valSet []byte, nextValSet []byte */) ([]byte, []byte, error) {
+	recorder := tmapi.GetRecorder()
+
+	// Create combined input for recording/replay (hash all inputs together)
+	input := make([]byte, 0, len(header)+len(commit)+len(txs)+len(encRandom))
+	input = append(input, header...)
+	input = append(input, commit...)
+	input = append(input, txs...)
+	input = append(input, encRandom...)
+
+	// In replay mode, try to get from recorded data
+	if recorder.IsReplayMode() {
+		if output, err, found := recorder.Replay("SubmitBlockSignatures", input); found {
+			fmt.Printf("[SubmitBlockSignatures] Replay mode: returning recorded result\n")
+			if err != nil {
+				return nil, nil, err
+			}
+			// Output is 64 bytes: [32 bytes decrypted][32 bytes next_validator_set_evidence]
+			if len(output) == 64 {
+				return output[:32], output[32:], nil
+			}
+			return nil, nil, fmt.Errorf("SubmitBlockSignatures: invalid recorded data (expected 64 bytes, got %d)", len(output))
+		}
+		return nil, nil, fmt.Errorf("SubmitBlockSignatures: no recorded data found for input (replay mode)")
+	}
+
+	// SGX mode: call the actual enclave
 	errmsg := C.Buffer{}
 	spidSlice := sendSlice(header)
 	defer freeAfterSend(spidSlice)
@@ -59,10 +86,33 @@ func SubmitBlockSignatures(header []byte, commit []byte, txs []byte, encRandom [
 	defer freeAfterSend(txsSlice)
 
 	res, err := C.submit_block_signatures(spidSlice, apiKeySlice, txsSlice, encRandomSlice /* valSetSlice, nextValSetSlice,*/, &errmsg)
+
+	var buf1, buf2 []byte
+	var callErr error
 	if err != nil {
-		return nil, nil, errorWithMessage(err, errmsg)
+		callErr = errorWithMessage(err, errmsg)
+	} else {
+		buf1 = receiveVector(res.buf1)
+		buf2 = receiveVector(res.buf2)
+	}
+
+	// Record the result - 64 bytes: [32 bytes buf1][32 bytes buf2]
+	if callErr == nil {
+		output := make([]byte, 64)
+		copy(output[:32], buf1)
+		copy(output[32:], buf2)
+		if recordErr := recorder.Record("SubmitBlockSignatures", input, output, nil); recordErr != nil {
+			fmt.Printf("[SubmitBlockSignatures] Warning: failed to record ecall: %v\n", recordErr)
+		} else {
+			fmt.Printf("[SubmitBlockSignatures] SGX mode: recorded ecall result\n")
+		}
+	} else {
+		if recordErr := recorder.Record("SubmitBlockSignatures", input, nil, callErr); recordErr != nil {
+			fmt.Printf("[SubmitBlockSignatures] Warning: failed to record ecall error: %v\n", recordErr)
+		}
 	}
-	return receiveVector(res.buf1), receiveVector(res.buf2), nil
+
+	return buf1, buf2, callErr
 }
 
 func SubmitValidatorSetEvidence(evidence []byte) error {
@@ -175,6 +225,12 @@ func ReleaseCache(cache Cache) {
 }
 
 func InitEnclaveRuntime(moduleCacheSize uint16) error {
+	// Skip in non-SGX replay mode - there's no enclave
+	if tmapi.GetRecorder().IsReplayMode() {
+		fmt.Println("[InitEnclaveRuntime] Non-SGX replay mode: skipping (no enclave)")
+		return nil
+	}
+
 	errmsg := C.Buffer{}
 
 	config := C.EnclaveRuntimeConfig{
@@ -536,11 +592,11 @@ func CreateAttestationReport(no_epid bool, no_dcap bool, is_migration_report boo
 }
 
 func GetEncryptedSeed(cert []byte) ([]byte, error) {
-	recorder := GetRecorder()
+	recorder := tmapi.GetRecorder()
 
 	// In replay mode, try to get from recorded data
 	if recorder.IsReplayMode() {
-		if output, err, found := ReplayGetEncryptedSeed(cert); found {
+		if output, err, found := recorder.Replay("GetEncryptedSeed", cert); found {
 			fmt.Printf("[GetEncryptedSeed] Replay mode: returning recorded result\n")
 			return output, err
 		}
@@ -562,7 +618,7 @@ func GetEncryptedSeed(cert []byte) ([]byte, error) {
 	}
 
 	// Record the result for non-SGX nodes
-	if recordErr := RecordGetEncryptedSeed(cert, output, callErr); recordErr != nil {
+	if recordErr := recorder.Record("GetEncryptedSeed", cert, output, callErr); recordErr != nil {
 		fmt.Printf("[GetEncryptedSeed] Warning: failed to record ecall: %v\n", recordErr)
 	} else {
 		fmt.Printf("[GetEncryptedSeed] SGX mode: recorded ecall result\n")

go-cosmwasm/api/lib.go

@@ -8,9 +8,12 @@ replace (
 	cosmossdk.io/api => github.com/scrtlabs/cosmos-sdk-api v0.7.6-secret.0
 	cosmossdk.io/store => github.com/scrtlabs/cosmos-sdk-store v1.1.1-secret.1
 	cosmossdk.io/x/tx => github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0
-	github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.1
+	github.com/cometbft/cometbft => github.com/scrtlabs/tendermint v0.38.19-secret.1-non-sgx.0
 	github.com/cosmos/cosmos-sdk => github.com/scrtlabs/cosmos-sdk v0.50.14-secret.7
 	github.com/cosmos/iavl => github.com/scrtlabs/iavl v1.2.2-secret.0
+
+	// Use local tm-secret-enclave with recorder support
+	github.com/scrtlabs/tm-secret-enclave => ../tm-secret-enclave
 	github.com/syndtr/goleveldb => github.com/syndtr/goleveldb v1.0.1-0.20210819022825-2ae1ddf74ef7
 
 	github.com/zondax/ledger-go => github.com/zondax/ledger-go v1.0.0
@@ -76,7 +79,7 @@ require (
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/mock v1.6.0
 	github.com/hashicorp/go-metrics v0.5.3
-	github.com/scrtlabs/tm-secret-enclave v1.13.1
+	github.com/scrtlabs/tm-secret-enclave v1.13.1-non-sgx.0
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028
 	gopkg.in/yaml.v2 v2.4.0
 )

go.mod

@@ -1619,10 +1619,8 @@ github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0 h1:i3k5706sDHKhaCvzokB+n33/
 github.com/scrtlabs/cosmos-sdk-x-tx v0.13.7-secret.0/go.mod h1:V6DImnwJMTq5qFjeGWpXNiT/fjgE4HtmclRmTqRVM3w=
 github.com/scrtlabs/iavl v1.2.2-secret.0 h1:P96PL1Lf8OBSW9pMrlaRxhceZ4z9Hc7jk12g9ShWeHw=
 github.com/scrtlabs/iavl v1.2.2-secret.0/go.mod h1:GiM43q0pB+uG53mLxLDzimxM9l/5N9UuSY3/D0huuVw=
-github.com/scrtlabs/tendermint v0.38.19-secret.1 h1:NxZ21CS6INBjL2QCL087/BJLb1NAIeoY07mHasTuqKs=
-github.com/scrtlabs/tendermint v0.38.19-secret.1/go.mod h1:CZUJG1djTJUVbpjGS9JmQx9CFfF4goKi3LzYUQtxWO8=
-github.com/scrtlabs/tm-secret-enclave v1.13.1 h1:0mXcBdoWyqEGhQEdbXMjSuTi9LKKMld2BqEj0eNpoxU=
-github.com/scrtlabs/tm-secret-enclave v1.13.1/go.mod h1:nxZQtzzAqBNBLOEXSv4cKlUnVA4vRmHOn6ujr3kxVME=
+github.com/scrtlabs/tendermint v0.38.19-secret.1-non-sgx.0 h1:Xcr8LzUDqFEZBs+9bezrOfRS+4eHShGYT9wQ8JdGMo0=
+github.com/scrtlabs/tendermint v0.38.19-secret.1-non-sgx.0/go.mod h1:o8pxZlFnd7pwJ/awZi1wi1+9guKu7NpE97/iijSFNvk=
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=

go.sum

@@ -20,6 +20,7 @@ import (
 	"github.com/scrtlabs/SecretNetwork/x/compute/internal/keeper"
 	"github.com/scrtlabs/SecretNetwork/x/compute/internal/types"
 	tmenclave "github.com/scrtlabs/tm-secret-enclave"
+	tmapi "github.com/scrtlabs/tm-secret-enclave/api"
 
 	crontypes "github.com/scrtlabs/SecretNetwork/x/cron/types"
 )
@@ -207,8 +208,9 @@ func (am AppModule) BeginBlock(c context.Context) error {
 				ctx.Logger().Error("Failed to execute cron message", "error", err)
 			}
 		}
-
-		am.keeper.SetRandomSeed(ctx, random, validator_set_evidence)
+		if tmapi.GetRecorder().IsSGXMode() {
+			am.keeper.SetRandomSeed(ctx, random, validator_set_evidence)
+		}
 	} else {
 		ctx.Logger().Debug("Non-encrypted block", "Block_hash", block_header.LastBlockId.Hash, "Height", ctx.BlockHeight(), "Txs", len(x2_data))
 	}
@@ -217,6 +219,9 @@ func (am AppModule) BeginBlock(c context.Context) error {
 
 // EndBlock returns the end blocker for the compute module.
 func (am AppModule) EndBlock(c context.Context) error {
+	if tmapi.GetRecorder().IsReplayMode() {
+		return nil
+	}
 	ctx := c.(sdk.Context)
 
 	_, bytesCronMsgs, err := am.keeper.GetScheduledMsgs(ctx, crontypes.ExecutionStage_EXECUTION_STAGE_END_BLOCKER)

x/compute/module.go

@@ -5,7 +5,6 @@ import (
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
-	"os"
 	"path/filepath"
 
 	"cosmossdk.io/core/store"
@@ -15,6 +14,7 @@ import (
 	sdk "github.com/cosmos/cosmos-sdk/types"
 	"github.com/scrtlabs/SecretNetwork/x/registration/internal/types"
 	ra "github.com/scrtlabs/SecretNetwork/x/registration/remote_attestation"
+	tmapi "github.com/scrtlabs/tm-secret-enclave/api"
 )
 
 // Keeper will have a reference to Wasmer with it's own data directory.
@@ -25,16 +25,11 @@ type Keeper struct {
 	router       baseapp.MessageRouter
 }
 
-// isNonSGXReplayMode returns true if running in non-SGX replay mode
-func isNonSGXReplayMode() bool {
-	return os.Getenv("SECRET_NODE_MODE") == "replay"
-}
-
 // NewKeeper creates a new contract Keeper instance
 func NewKeeper(cdc codec.Codec, storeService store.KVStoreService, router baseapp.MessageRouter, enclave EnclaveInterface, homeDir string, bootstrap bool) Keeper {
 	if !bootstrap {
 		// Skip seed initialization in non-SGX replay mode - there's no enclave to load seeds into
-		if isNonSGXReplayMode() {
+		if tmapi.GetRecorder().IsReplayMode() {
 			fmt.Println("[Registration] Non-SGX replay mode: skipping seed initialization (no enclave)")
 		} else {
 			InitializeNode(homeDir, enclave)