x/motr-enclave
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

refactor(enclave): migrate to enclave signing with MPC

Browse Source
This commit is contained in:
Prad Nu
2026-01-10 16:49:23 -05:00
parent b6a01a07ae
commit 659736ade0
10 changed files with 283 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
cmd/enclave/main.go
View File

@@ -52,7 +52,7 @@ func ping() int32 {
//go:wasmexport generate
func generate() int32 {
pdk.Log(pdk.LogInfo, "generate: starting database initialization")
pdk.Log(pdk.LogInfo, "generate: starting")
var input types.GenerateInput
if err := pdk.InputJSON(&input); err != nil {
@@ -71,44 +71,32 @@ func generate() int32 {
return 1
}
pdk.Log(pdk.LogInfo, "generate: opening keybase")
kb, err := keybase.Open()
result, err := initializeWithMPC(credentialBytes)
if err != nil {
pdk.SetError(fmt.Errorf("generate: open database: %w", err))
pdk.SetError(fmt.Errorf("generate: %w", err))
return 1
}
pdk.Log(pdk.LogInfo, "generate: initializing DID")
ctx := context.Background()
did, err := kb.Initialize(ctx, credentialBytes)
if err != nil {
pdk.SetError(fmt.Errorf("generate: initialize DID: %w", err))
return 1
}
pdk.Log(pdk.LogInfo, fmt.Sprintf("generate: DID created: %s", did))
state.SetInitialized(true)
state.SetDID(did)
state.SetDID(result.DID)
pdk.Log(pdk.LogInfo, "generate: serializing database")
dbBytes, err := serializeDatabase()
if err != nil {
pdk.SetError(fmt.Errorf("generate: failed to serialize database: %w", err))
pdk.SetError(fmt.Errorf("generate: serialize: %w", err))
return 1
}
output := types.GenerateOutput{
DID: did,
DID: result.DID,
Database: dbBytes,
}
if err := pdk.OutputJSON(output); err != nil {
pdk.SetError(fmt.Errorf("generate: failed to output result: %w", err))
pdk.SetError(fmt.Errorf("generate: output: %w", err))
return 1
}
pdk.Log(pdk.LogInfo, fmt.Sprintf("generate: created DID %s (no MPC)", did))
pdk.Log(pdk.LogInfo, fmt.Sprintf("generate: created DID %s with enclave %s", result.DID, result.EnclaveID))
return 0
}
@@ -262,28 +250,21 @@ type initResult struct {
}
func initializeWithMPC(credentialBytes []byte) (*initResult, error) {
pdk.Log(pdk.LogInfo, "initializeWithMPC: step 1 - opening database")
kb, err := keybase.Open()
if err != nil {
return nil, fmt.Errorf("open database: %w", err)
}
pdk.Log(pdk.LogInfo, "initializeWithMPC: step 2 - database opened")
ctx := context.Background()
pdk.Log(pdk.LogInfo, "initializeWithMPC: step 3 - initializing DID")
did, err := kb.Initialize(ctx, credentialBytes)
if err != nil {
return nil, fmt.Errorf("initialize: %w", err)
return nil, fmt.Errorf("initialize DID: %w", err)
}
pdk.Log(pdk.LogInfo, fmt.Sprintf("initializeWithMPC: step 4 - DID initialized: %s", did))
pdk.Log(pdk.LogInfo, "initializeWithMPC: step 5 - generating simple enclave")
simpleEnc, err := mpc.NewSimpleEnclave()
if err != nil {
pdk.Log(pdk.LogError, fmt.Sprintf("initializeWithMPC: enclave generation failed: %v", err))
return nil, fmt.Errorf("generate enclave: %w", err)
}
pdk.Log(pdk.LogInfo, "initializeWithMPC: step 6 - enclave generated")
enclaveID := fmt.Sprintf("enc_%x", credentialBytes[:8])
@@ -305,11 +286,9 @@ func initializeWithMPC(credentialBytes []byte) (*initResult, error) {
return nil, fmt.Errorf("store enclave: %w", err)
}
pdk.Log(pdk.LogInfo, fmt.Sprintf("initializeWithMPC: stored enclave %s", enclaveID))
accounts, err := createDefaultAccounts(ctx, am, enc.ID, simpleEnc.PubKeyBytes())
if err != nil {
pdk.Log(pdk.LogWarn, fmt.Sprintf("initializeWithMPC: failed to create accounts: %s", err))
pdk.Log(pdk.LogWarn, fmt.Sprintf("createDefaultAccounts: %s", err))
accounts = []types.AccountInfo{}
}
@@ -322,7 +301,7 @@ func initializeWithMPC(credentialBytes []byte) (*initResult, error) {
}
func createDefaultAccounts(ctx context.Context, am *keybase.ActionManager, enclaveID int64, pubKeyBytes []byte) ([]types.AccountInfo, error) {
chains := []string{"bitcoin", "ethereum", "sonr"}
chains := []string{"sonr", "ethereum", "bitcoin"}
derivedAccounts, err := bip44.DeriveAccounts(pubKeyBytes, chains)
if err != nil {
return nil, fmt.Errorf("derive accounts: %w", err)
@@ -346,7 +325,6 @@ func createDefaultAccounts(ctx context.Context, am *keybase.ActionManager, encla
IsDefault: isDefault,
})
if err != nil {
pdk.Log(pdk.LogWarn, fmt.Sprintf("createDefaultAccounts: failed for %s: %s", derived.ChainID, err))
continue
}
@@ -538,15 +516,9 @@ func matchResource(pattern, resource string) bool {
}
func executeAction(params *types.FilterParams) (json.RawMessage, error) {
if params.Resource == "accounts" {
switch params.Action {
case "balances":
return fetchAccountBalances(params.Subject)
case "sign":
return json.Marshal(map[string]string{"signature": "placeholder"})
}
if params.Resource == "accounts" && params.Action == "balances" {
return fetchAccountBalances(params.Subject)
}
return keybase.Exec(context.Background(), params.Resource, params.Action, params.Subject)
}