Machine swap

app/app.go

@@ -3,8 +3,10 @@ package app
 import (
 	"bytes"
 	"encoding/base64"
+	"fmt"
 	"io"
 	"net/http"
+	"os"
 	"path/filepath"
 	"syscall"
 
@@ -72,6 +74,7 @@ import (
 	v1_23_1 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.23.1"
 	v1_23_2 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.23.2"
 	v1_24 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.24"
+	v1_25 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.25"
 	v1_4 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.4"
 	v1_5 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.5"
 	v1_6 "github.com/scrtlabs/SecretNetwork/app/upgrades/v1.6"
@@ -154,6 +157,7 @@ var (
 		v1_23_1.Upgrade,
 		v1_23_2.Upgrade,
 		v1_24.Upgrade,
+		v1_25.Upgrade,
 	}
 )
 

app/keepers/keepers.go

@@ -381,9 +381,10 @@ func (ak *SecretAppKeepers) InitCustomKeepers(
 		reg.EnclaveApi{},
 		homePath,
 		bootstrap,
+		app,
 	)
 	ak.RegKeeper = &regKeeper
-	ak.CronKeeper.SetRegKeeper(regKeeper)
+	ak.CronKeeper.SetRegKeeper(&regKeeper)
 
 	// Assaf:
 	// Rules:
@@ -539,6 +540,7 @@ func (ak *SecretAppKeepers) InitCustomKeepers(
 		ak.TransferKeeper,
 		ak.IbcKeeper.ChannelKeeper,
 		ak.IbcSwitchKeeper,
+		ak.RegKeeper,
 		app.MsgServiceRouter(),
 		app.GRPCQueryRouter(),
 		computeDir,

app/upgrades/v1.25/upgrade.go

@@ -0,0 +1,39 @@
+package v1_25
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"cosmossdk.io/log"
+	store "cosmossdk.io/store/types"
+	upgradetypes "cosmossdk.io/x/upgrade/types"
+	"github.com/cosmos/cosmos-sdk/types/module"
+	"github.com/scrtlabs/SecretNetwork/app/keepers"
+	"github.com/scrtlabs/SecretNetwork/app/upgrades"
+)
+
+const upgradeName = "v1.25"
+
+var Upgrade = upgrades.Upgrade{
+	UpgradeName:          upgradeName,
+	CreateUpgradeHandler: createUpgradeHandler,
+	StoreUpgrades:        store.StoreUpgrades{},
+}
+
+func createUpgradeHandler(mm *module.Manager, _ *keepers.SecretAppKeepers, configurator module.Configurator,
+) upgradetypes.UpgradeHandler {
+	return func(ctx context.Context, _ upgradetypes.Plan, vm module.VersionMap) (module.VersionMap, error) {
+		logger := log.NewLogger(os.Stderr)
+		logger.Info(` _    _ _____   _____ _____            _____  ______ `)
+		logger.Info(`| |  | |  __ \ / ____|  __ \     /\   |  __ \|  ____|`)
+		logger.Info(`| |  | | |__) | |  __| |__) |   /  \  | |  | | |__   `)
+		logger.Info(`| |  | |  ___/| | |_ |  _  /   / /\ \ | |  | |  __|  `)
+		logger.Info(`| |__| | |    | |__| | | \ \  / ____ \| |__| | |____ `)
+		logger.Info(` \____/|_|     \_____|_|  \_\/_/    \_\_____/|______|`)
+
+		logger.Info(fmt.Sprintf("Running module migrations for %s...", upgradeName))
+
+		return mm.RunMigrations(ctx, configurator, vm)
+	}
+}

client/docs/static/swagger/swagger.yaml

@@ -66537,3 +66537,6 @@ definitions:
       encrypted_seed:
         type: string
         format: byte
+      machine_binding:
+        type: string
+        format: byte

cmd/secretd/attestation.go

@@ -35,6 +35,7 @@ const (
 	flag_no_epid                  = "no-epid"
 	flag_no_dcap                  = "no-dcap"
 	flag_is_migration_report      = "migration"
+	flag_unbound_attestation      = "unbound-attestation"
 )
 
 const (
@@ -47,6 +48,47 @@ const (
 	pulsarRegistrationService  = "https://registration-service-testnet.azurewebsites.net/api/registernode"
 )
 
+type PrivValidatorKey struct {
+	PrivKey struct {
+		Value string `json:"value"`
+	} `json:"priv_key"`
+}
+
+func CreateAttestationReportEx(cmd *cobra.Command, is_migration_report bool) error {
+	var ext_sk []byte
+
+	unbound_attestation, _ := cmd.Flags().GetBool(flag_unbound_attestation)
+	if !unbound_attestation {
+		path := app.DefaultNodeHome + "/config/priv_validator_key.json"
+
+		data, err := os.ReadFile(path)
+		if err != nil {
+			fmt.Errorf("couldn't read the validator key: %w", err)
+			return err
+		}
+
+		var key PrivValidatorKey
+		if err := json.Unmarshal(data, &key); err != nil {
+			fmt.Errorf("couldn't decode the validator key: %w", err)
+			return err
+		}
+
+		decoded, err := base64.StdEncoding.DecodeString(key.PrivKey.Value)
+		if err != nil {
+			fmt.Errorf("couldn't decode the validator key: %w", err)
+			return err
+		}
+
+		ext_sk = decoded[:32]
+	}
+
+	_, err := api.CreateAttestationReport(ext_sk, is_migration_report)
+	if err != nil {
+		return fmt.Errorf("failed to create attestation report: %w", err)
+	}
+	return err
+}
+
 func InitAttestation() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "init-enclave [output-file]",
@@ -96,8 +138,7 @@ blockchain. Writes the certificate in DER format to ~/attestation_cert
 			}
 
 			is_migration_report, _ := cmd.Flags().GetBool(flag_is_migration_report)
-
-			_, err = api.CreateAttestationReport(is_migration_report)
+			err = CreateAttestationReportEx(cmd, is_migration_report)
 			if err != nil {
 				return fmt.Errorf("failed to create attestation report: %w", err)
 			}
@@ -108,6 +149,7 @@ blockchain. Writes the certificate in DER format to ~/attestation_cert
 	cmd.Flags().Bool(flag_no_epid, false, "Optional flag to disable EPID attestation")
 	cmd.Flags().Bool(flag_no_dcap, false, "Optional flag to disable DCAP attestation")
 	cmd.Flags().Bool(flag_is_migration_report, false, "Create migration report rather then attestation")
+	cmd.Flags().Bool(flag_unbound_attestation, false, "Optional flag to disable attestation to user binding")
 
 	return cmd
 }
@@ -490,7 +532,7 @@ Please report any issues with this command
 				}
 			}
 
-			_, err = api.CreateAttestationReport(false)
+			err = CreateAttestationReportEx(cmd, false)
 			if err != nil {
 				return fmt.Errorf("failed to create attestation report: %w", err)
 			}
@@ -638,6 +680,7 @@ Please report any issues with this command
 
 	cmd.Flags().Bool(flag_no_epid, false, "Optional flag to disable EPID attestation")
 	cmd.Flags().Bool(flag_no_dcap, false, "Optional flag to disable DCAP attestation")
+	cmd.Flags().Bool(flag_unbound_attestation, false, "Optional flag to disable attestation to user binding")
 
 	return cmd
 }

cosmwasm/enclaves/execute/Cargo.toml

@@ -95,7 +95,7 @@ tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v
 tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7", default-features = false, features = ["rust-crypto"] }
 rsa = { version = "0.9", default-features = false, features = ["sha2"] }
 base64ct = { version = "1.6", default-features = false, features = ["alloc"] }
-
+hex-literal = "0.4"
 
 [dependencies.webpki]
 git = "https://github.com/mesalock-linux/webpki"

cosmwasm/enclaves/execute/Enclave.edl

@@ -51,12 +51,20 @@ enclave {
 
         public sgx_status_t ecall_onchain_approve_machine_id(
             [in, count=n_id] const uint8_t* p_id,
-            uint32_t n_id,
-            [in, out, count=32] uint8_t* p_proof,
-            bool is_on_chain
+            uint32_t n_id
+        );
+
+        public sgx_status_t ecall_submit_machine_swap(
+            uint32_t index,
+            [in, count=n_machine_info] const uint8_t* p_machine_info,
+            uint32_t n_machine_info,
+            [in, count=n_proof] const uint8_t* p_proof,
+            uint32_t n_proof
         );
 
         public sgx_status_t ecall_get_attestation_report(
+            [in, count=n_sk] const uint8_t* p_sk,
+            uint32_t n_sk,
             uint32_t flags
         );
 
@@ -65,7 +73,9 @@ enclave {
             uintptr_t cert_len,
             [out, count=n_seeds] uint8_t* p_seeds,
             uintptr_t n_seeds,
-            [out] uintptr_t* p_seeds_size
+            [out] uintptr_t* p_seeds_size,
+            [in, count=20] const uint8_t* p_machine_pop,
+            [out, count=52] uint8_t* p_machine_info
         );
 
         public NodeAuthResult ecall_check_patch_level(