Machine swap

app/keepers/keepers.go

@@ -381,9 +381,10 @@ func (ak *SecretAppKeepers) InitCustomKeepers(
 		reg.EnclaveApi{},
 		homePath,
 		bootstrap,
+		app,
 	)
 	ak.RegKeeper = &regKeeper
-	ak.CronKeeper.SetRegKeeper(regKeeper)
+	ak.CronKeeper.SetRegKeeper(&regKeeper)
 
 	// Assaf:
 	// Rules:
@@ -539,6 +540,7 @@ func (ak *SecretAppKeepers) InitCustomKeepers(
 		ak.TransferKeeper,
 		ak.IbcKeeper.ChannelKeeper,
 		ak.IbcSwitchKeeper,
+		ak.RegKeeper,
 		app.MsgServiceRouter(),
 		app.GRPCQueryRouter(),
 		computeDir,

cmd/secretd/attestation.go

@@ -35,6 +35,7 @@ const (
 	flag_no_epid                  = "no-epid"
 	flag_no_dcap                  = "no-dcap"
 	flag_is_migration_report      = "migration"
+	flag_unbound_attestation      = "unbound-attestation"
 )
 
 const (
@@ -47,6 +48,47 @@ const (
 	pulsarRegistrationService  = "https://registration-service-testnet.azurewebsites.net/api/registernode"
 )
 
+type PrivValidatorKey struct {
+	PrivKey struct {
+		Value string `json:"value"`
+	} `json:"priv_key"`
+}
+
+func CreateAttestationReportEx(cmd *cobra.Command, is_migration_report bool) error {
+	var ext_sk []byte
+
+	unbound_attestation, _ := cmd.Flags().GetBool(flag_unbound_attestation)
+	if !unbound_attestation {
+		path := app.DefaultNodeHome + "/config/priv_validator_key.json"
+
+		data, err := os.ReadFile(path)
+		if err != nil {
+			fmt.Errorf("couldn't read the validator key: %w", err)
+			return err
+		}
+
+		var key PrivValidatorKey
+		if err := json.Unmarshal(data, &key); err != nil {
+			fmt.Errorf("couldn't decode the validator key: %w", err)
+			return err
+		}
+
+		decoded, err := base64.StdEncoding.DecodeString(key.PrivKey.Value)
+		if err != nil {
+			fmt.Errorf("couldn't decode the validator key: %w", err)
+			return err
+		}
+
+		ext_sk = decoded[:32]
+	}
+
+	_, err := api.CreateAttestationReport(ext_sk, is_migration_report)
+	if err != nil {
+		return fmt.Errorf("failed to create attestation report: %w", err)
+	}
+	return err
+}
+
 func InitAttestation() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "init-enclave [output-file]",
@@ -96,8 +138,7 @@ blockchain. Writes the certificate in DER format to ~/attestation_cert
 			}
 
 			is_migration_report, _ := cmd.Flags().GetBool(flag_is_migration_report)
-
-			_, err = api.CreateAttestationReport(is_migration_report)
+			err = CreateAttestationReportEx(cmd, is_migration_report)
 			if err != nil {
 				return fmt.Errorf("failed to create attestation report: %w", err)
 			}
@@ -108,6 +149,7 @@ blockchain. Writes the certificate in DER format to ~/attestation_cert
 	cmd.Flags().Bool(flag_no_epid, false, "Optional flag to disable EPID attestation")
 	cmd.Flags().Bool(flag_no_dcap, false, "Optional flag to disable DCAP attestation")
 	cmd.Flags().Bool(flag_is_migration_report, false, "Create migration report rather then attestation")
+	cmd.Flags().Bool(flag_unbound_attestation, false, "Optional flag to disable attestation to user binding")
 
 	return cmd
 }
@@ -490,7 +532,7 @@ Please report any issues with this command
 				}
 			}
 
-			_, err = api.CreateAttestationReport(false)
+			err = CreateAttestationReportEx(cmd, false)
 			if err != nil {
 				return fmt.Errorf("failed to create attestation report: %w", err)
 			}
@@ -638,6 +680,7 @@ Please report any issues with this command
 
 	cmd.Flags().Bool(flag_no_epid, false, "Optional flag to disable EPID attestation")
 	cmd.Flags().Bool(flag_no_dcap, false, "Optional flag to disable DCAP attestation")
+	cmd.Flags().Bool(flag_unbound_attestation, false, "Optional flag to disable attestation to user binding")
 
 	return cmd
 }

cosmwasm/enclaves/execute/Cargo.toml

@@ -95,7 +95,7 @@ tendermint-proto = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v
 tendermint-light-client-verifier = { git = "https://github.com/scrtlabs/tendermint-rs", tag = "v0.38.0-secret.7", default-features = false, features = ["rust-crypto"] }
 rsa = { version = "0.9", default-features = false, features = ["sha2"] }
 base64ct = { version = "1.6", default-features = false, features = ["alloc"] }
-
+hex-literal = "0.4"
 
 [dependencies.webpki]
 git = "https://github.com/mesalock-linux/webpki"

cosmwasm/enclaves/execute/Enclave.edl

@@ -51,12 +51,20 @@ enclave {
 
         public sgx_status_t ecall_onchain_approve_machine_id(
             [in, count=n_id] const uint8_t* p_id,
-            uint32_t n_id,
-            [in, out, count=32] uint8_t* p_proof,
-            bool is_on_chain
+            uint32_t n_id
+        );
+
+        public sgx_status_t ecall_submit_machine_swap(
+            uint32_t index,
+            [in, count=n_machine_info] const uint8_t* p_machine_info,
+            uint32_t n_machine_info,
+            [in, count=n_proof] const uint8_t* p_proof,
+            uint32_t n_proof
         );
 
         public sgx_status_t ecall_get_attestation_report(
+            [in, count=n_sk] const uint8_t* p_sk,
+            uint32_t n_sk,
             uint32_t flags
         );
 
@@ -65,7 +73,9 @@ enclave {
             uintptr_t cert_len,
             [out, count=n_seeds] uint8_t* p_seeds,
             uintptr_t n_seeds,
-            [out] uintptr_t* p_seeds_size
+            [out] uintptr_t* p_seeds_size,
+            [in, count=20] const uint8_t* p_machine_pop,
+            [out, count=52] uint8_t* p_machine_info
         );
 
         public NodeAuthResult ecall_check_patch_level(