Fix updating of contract_key after a migrate & refactor contract_key …

…to be more explicit

cosmwasm/enclaves/shared/contract-engine/src/contract_operations.rs

@@ -298,7 +298,7 @@ pub fn migrate(
     let canonical_sender_address = to_canonical(sender)?;
     let canonical_admin_address = CanonicalAddr::from_vec(admin.to_vec());
 
-    let og_contract_key = base_env.get_original_contract_key()?;
+    let og_contract_key = base_env.get_og_contract_key()?;
 
     let sender_admin_proof = generate_admin_proof(&canonical_sender_address.0 .0, &og_contract_key);
 
@@ -440,7 +440,7 @@ pub fn update_admin(
     let canonical_sender_address = to_canonical(sender)?;
     let canonical_admin_address = CanonicalAddr::from_vec(admin.to_vec());
 
-    let og_contract_key = base_env.get_original_contract_key()?;
+    let og_contract_key = base_env.get_og_contract_key()?;
 
     let sender_admin_proof = generate_admin_proof(&canonical_sender_address.0 .0, &og_contract_key);
 

cosmwasm/enclaves/shared/contract-engine/src/contract_validation.rs

@@ -209,8 +209,8 @@ pub fn validate_contract_key(
     if base_env.was_migrated() {
         println!("Contract was migrated, validating proof");
 
-        let og_contract_key: [u8; CONTRACT_KEY_LENGTH] = base_env.get_original_contract_key()?;
-        let sent_contract_key_proof = base_env.get_contract_key_proof()?;
+        let og_contract_key: [u8; CONTRACT_KEY_LENGTH] = base_env.get_og_contract_key()?;
+        let sent_contract_key_proof = base_env.get_current_contract_key_proof()?;
 
         let contract_key_proof = generate_contract_key_proof(
             &canonical_contract_address.0 .0,

cosmwasm/enclaves/shared/cosmwasm-types/generic/src/lib.rs

@@ -40,53 +40,93 @@ pub type BaseCanoncalAddr = v010types::CanonicalAddr;
 pub struct BaseEnv(pub V010Env);
 
 impl BaseEnv {
-    pub fn get_current_contract_key(&self) -> Result<[u8; CONTRACT_KEY_LENGTH], EnclaveError> {
-        let contract_key = if let Some(contract_key) = &self.0.contract_key {
-            &contract_key.key.0
+    pub fn was_migrated(&self) -> bool {
+        if let Some(contract_key) = &self.0.contract_key {
+            contract_key.current_contract_key.is_some()
+                && contract_key.current_contract_key_proof.is_some()
+                && contract_key.og_contract_key.is_some() // this one might be unnecessary
         } else {
-            warn!("Contract execute with empty contract key");
-            return Err(EnclaveError::FailedContractAuthentication);
-        };
-
-        if contract_key.len() != CONTRACT_KEY_LENGTH {
-            warn!("Contract execute with empty contract key");
-            return Err(EnclaveError::FailedContractAuthentication);
+            false
         }
+    }
 
-        let mut key_as_bytes = [0u8; CONTRACT_KEY_LENGTH];
-        key_as_bytes.copy_from_slice(contract_key);
+    pub fn get_og_contract_key(&self) -> Result<[u8; CONTRACT_KEY_LENGTH], EnclaveError> {
+        if let Some(contract_key) = &self.0.contract_key {
+            let og_contract_key = if let Some(og_contract_key) = &contract_key.og_contract_key {
+                &og_contract_key.0
+            } else {
+                warn!("Tried to get an empty og_contract_key");
+                return Err(EnclaveError::FailedContractAuthentication);
+            };
 
-        Ok(key_as_bytes)
-    }
+            if og_contract_key.len() != CONTRACT_KEY_LENGTH {
+                warn!("Tried to get an empty og_contract_key");
+                return Err(EnclaveError::FailedContractAuthentication);
+            }
 
-    pub fn was_migrated(&self) -> bool {
-        if let Some(key) = &self.0.contract_key {
-            key.original.is_some()
+            let mut as_bytes: [u8; CONTRACT_KEY_LENGTH] = [0u8; CONTRACT_KEY_LENGTH];
+            as_bytes.copy_from_slice(og_contract_key);
+
+            Ok(as_bytes)
         } else {
-            false
+            warn!("Tried to get og_contract_key from an empty contract_key");
+            Err(EnclaveError::FailedContractAuthentication)
         }
     }
 
-    pub fn get_original_contract_key(&self) -> Result<[u8; CONTRACT_KEY_LENGTH], EnclaveError> {
-        if let Some(key) = &self.0.contract_key {
-            if self.was_migrated() {
-                Ok(key.original.clone().unwrap().get_key())
-            } else {
-                self.get_current_contract_key()
+    pub fn get_current_contract_key(&self) -> Result<[u8; CONTRACT_KEY_LENGTH], EnclaveError> {
+        if let Some(contract_key) = &self.0.contract_key {
+            let current_contract_key =
+                if let Some(current_contract_key) = &contract_key.current_contract_key {
+                    &current_contract_key.0
+                } else {
+                    if let Some(og_contract_key) = &contract_key.og_contract_key {
+                        &og_contract_key.0
+                    } else {
+                        warn!("Tried to get an empty current_contract_key & og_contract_key");
+                        return Err(EnclaveError::FailedContractAuthentication);
+                    }
+                };
+
+            if current_contract_key.len() != CONTRACT_KEY_LENGTH {
+                warn!("Tried to get an empty current_contract_key");
+                return Err(EnclaveError::FailedContractAuthentication);
             }
+
+            let mut as_bytes: [u8; CONTRACT_KEY_LENGTH] = [0u8; CONTRACT_KEY_LENGTH];
+            as_bytes.copy_from_slice(current_contract_key);
+
+            Ok(as_bytes)
         } else {
+            warn!("Tried to get current_contract_key from an empty contract_key");
             Err(EnclaveError::FailedContractAuthentication)
         }
     }
 
-    pub fn get_contract_key_proof(&self) -> Result<[u8; CONTRACT_KEY_PROOF_LENGTH], EnclaveError> {
-        if let Some(key) = &self.0.contract_key {
-            if self.was_migrated() {
-                Ok(key.original.clone().unwrap().get_proof())
+    pub fn get_current_contract_key_proof(
+        &self,
+    ) -> Result<[u8; CONTRACT_KEY_PROOF_LENGTH], EnclaveError> {
+        if let Some(contract_key) = &self.0.contract_key {
+            let current_contract_key_proof = if let Some(current_contract_key_proof) =
+                &contract_key.current_contract_key_proof
+            {
+                &current_contract_key_proof.0
             } else {
-                Err(EnclaveError::FailedContractAuthentication)
+                warn!("Tried to get an empty current_contract_key_proof");
+                return Err(EnclaveError::FailedContractAuthentication);
+            };
+
+            if current_contract_key_proof.len() != CONTRACT_KEY_PROOF_LENGTH {
+                warn!("Tried to get an empty current_contract_key_proof");
+                return Err(EnclaveError::FailedContractAuthentication);
             }
+
+            let mut as_bytes: [u8; CONTRACT_KEY_PROOF_LENGTH] = [0u8; CONTRACT_KEY_PROOF_LENGTH];
+            as_bytes.copy_from_slice(current_contract_key_proof);
+
+            Ok(as_bytes)
         } else {
+            warn!("Tried to get current_contract_key_proof from an empty contract_key");
             Err(EnclaveError::FailedContractAuthentication)
         }
     }
@@ -136,7 +176,7 @@ impl BaseEnv {
                 contract: v010types::ContractInfo {
                     address: self.0.contract.address,
                 },
-                // to maintain compatability with v010 we just return none here - no contract would care
+                // to maintain compatability with v010 we just return none here - no contract should care
                 // about this anyway
                 contract_key: None,
                 contract_code_hash: self.0.contract_code_hash,

cosmwasm/enclaves/shared/cosmwasm-types/v0.10/src/types.rs

@@ -105,30 +105,12 @@ impl fmt::Display for CanonicalAddr {
 
 #[derive(Serialize, Deserialize, Clone, Default, Debug, PartialEq)]
 pub struct ContractKey {
-    pub key: Binary,
-    pub original: Option<ContractKeyWithProof>,
-}
-
-#[derive(Serialize, Deserialize, Clone, Default, Debug, PartialEq)]
-pub struct ContractKeyWithProof {
-    pub key: Binary,
-    pub proof: Binary,
-}
-
-impl ContractKeyWithProof {
-    pub fn get_key(&self) -> [u8; CONTRACT_KEY_LENGTH] {
-        let mut output = [0u8; CONTRACT_KEY_LENGTH];
-        output.copy_from_slice(&self.key.0);
-
-        output
-    }
-
-    pub fn get_proof(&self) -> [u8; CONTRACT_KEY_PROOF_LENGTH] {
-        let mut output = [0u8; CONTRACT_KEY_PROOF_LENGTH];
-        output.copy_from_slice(&self.proof.0);
-
-        output
-    }
+    #[serde(default)]
+    pub og_contract_key: Option<Binary>,
+    #[serde(default)]
+    pub current_contract_key: Option<Binary>,
+    #[serde(default)]
+    pub current_contract_key_proof: Option<Binary>,
 }
 
 #[derive(Serialize, Deserialize, Clone, Debug, PartialEq)]

go-cosmwasm/types/env.go

@@ -11,19 +11,15 @@ type Env struct {
 	Block       BlockInfo        `json:"block"`
 	Message     MessageInfo      `json:"message"`
 	Contract    ContractInfo     `json:"contract"`
-	Key         *ContractKey     `json:"contract_key,omitempty"`
+	Key         ContractKey      `json:"contract_key"`
 	QueryDepth  uint32           `json:"query_depth"`
 	Transaction *TransactionInfo `json:"transaction,omitempty"`
 }
 
 type ContractKey struct {
-	Key      []byte                `json:"key"`
-	Original *ContractKeyWithProof `json:"original,omitempty"`
-}
-
-type ContractKeyWithProof struct {
-	Key   []byte `json:"key,omitempty"`
-	Proof []byte `json:"proof,omitempty"`
+	OgContractKey           []byte `protobuf:"bytes,1,opt,name=og_contract_key,json=ogContractKey,proto3" json:"og_contract_key,omitempty"`
+	CurrentContractKey      []byte `protobuf:"bytes,2,opt,name=current_contract_key,json=currentContractKey,proto3" json:"current_contract_key,omitempty"`
+	CurrentContractKeyProof []byte `protobuf:"bytes,3,opt,name=current_contract_key_proof,json=currentContractKeyProof,proto3" json:"current_contract_key_proof,omitempty"`
 }
 
 type TransactionInfo struct {

proto/secret/compute/v1beta1/types.proto

@@ -35,13 +35,9 @@ message ContractCustomInfo {
 }
 
 message ContractKey {
-  bytes key = 1;
-  ContractKeyWithProof original = 2;
-}
-
-message ContractKeyWithProof {
-  bytes key = 1;
-  bytes proof = 2;
+  bytes og_contract_key = 1;
+  bytes current_contract_key = 2;
+  bytes current_contract_key_proof = 3;
 }
 
 // ContractInfo stores a WASM contract instance

x/compute/internal/keeper/ibc_test.go

@@ -94,7 +94,7 @@ func ibcChannelConnectHelper(
 		return ctx, nil, cosmwasm.StdError{GenericErr: &cosmwasm.GenericErr{Msg: err.Error()}}
 	}
 
-	// wasmEvents comes from all the callbacks as well
+	// wasmEvents come from all the callbacks as well
 	wasmEvents := tryDecryptWasmEvents(ctx, []byte{}, true)
 
 	return ctx, wasmEvents, cosmwasm.StdError{}
@@ -250,7 +250,7 @@ func ibcChannelCloseHelper(
 		return ctx, nil, cosmwasm.StdError{GenericErr: &cosmwasm.GenericErr{Msg: err.Error()}}
 	}
 
-	// wasmEvents comes from all the callbacks as well
+	// wasmEvents come from all the callbacks as well
 	wasmEvents := tryDecryptWasmEvents(ctx, []byte{}, true)
 
 	return ctx, wasmEvents, cosmwasm.StdError{}
@@ -348,7 +348,7 @@ func ibcPacketReceiveHelper(
 
 	require.NotZero(t, gasMeter.GetWasmCounter(), err)
 
-	// wasmEvents comes from all the callbacks as well
+	// wasmEvents come from all the callbacks as well
 	wasmEvents := tryDecryptWasmEvents(ctx, nonce, !shouldEncryptMsg)
 
 	if err != nil {
@@ -424,7 +424,7 @@ func ibcPacketAckHelper(
 		return ctx, nil, cosmwasm.StdError{GenericErr: &cosmwasm.GenericErr{Msg: err.Error()}}
 	}
 
-	// wasmEvents comes from all the callbacks as well
+	// wasmEvents come from all the callbacks as well
 	wasmEvents := tryDecryptWasmEvents(ctx, []byte{}, true)
 
 	return ctx, wasmEvents, cosmwasm.StdError{}
@@ -483,7 +483,7 @@ func ibcPacketTimeoutHelper(
 		return ctx, nil, cosmwasm.StdError{GenericErr: &cosmwasm.GenericErr{Msg: err.Error()}}
 	}
 
-	// wasmEvents comes from all the callbacks as well
+	// wasmEvents come from all the callbacks as well
 	wasmEvents := tryDecryptWasmEvents(ctx, []byte{}, true)
 
 	return ctx, wasmEvents, cosmwasm.StdError{}