Roll up 4-14-20 (#1)

* only generate enclave pem when needed, use absolute path (#1)

* switch local network to not use ssl (#6)

* This commit moves mobilecoin to the mobilecoinofficial fork of prost (mobilecoinfoundation#8)

* This commit moves mobilecoin to the mobilecoinofficial fork of prost

Removing cbeck88 permissions controls
I have ensured that there are branch protection rules covering the
commits

* Fix view enclave cargo toml to have the same revision as others

* Fix cargo.lock files

* Remove selfsigned from README (mobilecoinfoundation#9)

* Adds Java namespaces to protocol buffers (mobilecoinfoundation#12)

* fix ecies MC-1216 (mobilecoinfoundation#11)

* fix ecies MC-1216

was mobilecoinofficial/mobilecoin-internal#321

changes since then:
- Removed alloc feature
- Added *_in_place_detached api (like aead crate)
  This reduces the amount of noise in the actual crypto part,
  the noise being "which bytes go where in the buffer"
- Marked the `encrypt_into` and `decrypt_into` apis as not public,
  because those APIs suck, it should really be as much like aead
  crate as possible, which is a better thought-out API

* add comments about fixing part of API

* those APIs have to be public for now, sigh. maybe they aren't so bad

* Add comments about API

* [MC-1172] rm tranasction::encoders

* Reorganize SCP to Cargo standards (mobilecoinfoundation#18)

* Make /opt/intel/sgxsdk/lib64 part of LD_LIBRARY_PATH in dockerfile (mobilecoinfoundation#21)

* Make /opt/intel/sgxsdk/lib64 part of LD_LIBRARY_PATH in dockerfile

and uprev the dockerfile.

This intended to fix ci in PR 14

This fixes issues like `...epid_sim.so` not being found by the test
targets. It is not getting installed in `/opt/intel/sgxsdk/sdk_libs`,
it is getting installed in the path mentioned

```
     Running target/debug/deps/tx_recovery-3449d1ea71010602
/tmp/mobilenode/target/debug/deps/tx_recovery-3449d1ea71010602: error while loading shared libraries: libsgx_epid_sim.so: cannot open shared object file: No such file or directory
error: test failed, to rerun pass '-p fog_ingest_server --test tx_recovery'
root@cb7f949bccb2:/tmp/mobilenode# ldd /tmp/mobilenode/target/debug/deps/tx_recovery-3449d1ea71010602
	linux-vdso.so.1 (0x00007ffc62df8000)
	libsgx_epid_sim.so => not found
	libsgx_urts_sim.so => /opt/intel/sgxsdk/sdk_libs/libsgx_urts_sim.so (0x00007fc5c8061000)
	libstdc++.so.6 => /usr/lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007fc5c5fd9000)
	libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fc5c5dd5000)
	librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fc5c5bcd000)
	libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fc5c59ae000)
	libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007fc5c5796000)
	libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fc5c53a5000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fc5c7e6c000)
	libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007fc5c5007000)
	libcrypto.so.1.1 => /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 (0x00007fc5c4b3c000)
	libsgx_uae_service_sim.so => /opt/intel/sgxsdk/sdk_libs/libsgx_uae_service_sim.so (0x00007fc5c8059000)
root@cb7f949bccb2:/tmp/mobilenode# ls /opt/intel/sgxsdk/sdk_libs/libsgx_u
libsgx_uae_service_sim.so  libsgx_urts_sim.so
root@cb7f949bccb2:/tmp/mobilenode# ls /opt/intel/sgxsdk/sdk_libs/
libsgx_uae_service_sim.so  libsgx_urts_sim.so
root@cb7f949bccb2:/tmp/mobilenode#
```

* Make circle ci not source the intel sgx environment

As much as possible, the setting up of the build enviornment should
be done in the Dockerfile. Not duplicating these lines throughout
jenkins, k8s, mob tool, and README is a good thing. (they can be
in readme for people who don't want to use the container.)

* mobilecoind: b58 endpoints (mobilecoinfoundation#22)

* mobilecoind b58 rpc endpoints

* mobilecoind2: implement generate transfer code tx

* test_generate_transfer_code_tx

* Basic framework for Java mobilecoind client based on Gradle (mobilecoinfoundation#23)

* Fixes class name in build (mobilecoinfoundation#24)

* Replaces "Mobilenode" with "MobileCoin" in several READMEs (#4)

* Replaces Mobilenode with MobileCoin in several READMEs

* Adds src/README.md

* avoid "consensus node" language

* Update cloudbuild/README.md

Co-Authored-By: Robb Walters <[email protected]>

Co-authored-by: Robb Walters <[email protected]>

* Move ledger_enclave_server.proto from mobilecoin_api to fog_api (mobilecoinfoundation#25)

* Move ledger_enclave_server.proto from mobilecoin_api to fog_api

* fix build

* Actually fix build

* Check outbuf_used for null in mobileenclave_call (mobilecoinfoundation#17)

Merging this.

* Tx uses SignatureRctBulletproofs (#2)

* Applies patch from mobilecoin-internal

* unit tests encodings

* Removes unwrap in validate_transaction_signature

* Re-enables test_validate_key_images_are_unique_rejects_duplicate

* Removes unwraps in TransactionBuilder::build

* fmt

* Increases proptest cases, reorders imports

* Adds CL params to Java code along with monitors and balance check (mobilecoinfoundation#33)

* Adds CL params to Java code along with monitors and balance check

* Fix help message

* Build comments

* Prettify

* Unused import

* Added a README, changed the language and flags around entropy

* parameter fix

* README format

* Update proto to reflect current mobilecoind API

* First round of suggested fixes

* Adds ssl flag

* Fix the 'no-vars-given' case. (mobilecoinfoundation#38)

* Upgrade sentry to 0.18 (mobilecoinfoundation#36)

* upgrade sentry to 0.18

* lock files

* Implement mob client python session (mobilecoinfoundation#30)

* Implement mob client python session

* Reference sign up rather than create account

* Start testnet client script

* Rename and introduce exchange

* start-testnet-mobilecoind

* Add public_address

* Transfer to public address

* Versioned ecies (mobilecoinfoundation#28)

* Do another pass on ecies API, `encrypt_into` -> `encrypt_in_place`

This also allows `encrypt` to return an error, previously I didn't
allow that, but I looked in tarcieri's actual aes-gcm crate, and
it does return an error if the plaintext is larger than a huge number.

I think it might be more sensible to panic there, but anyways,
I'd like to make the `ecies` API close to `aead` and make it generic.

In order to make that change, I needed to fix the places that were
doing `encrypt_into` and `decrypt_into`, which were in the fog hints
in transaction crate. So this is a good case study of how the API
wokrs out.

I also added a special wrapper over `&mut [u8]` called `FixedBuffer`
to try to make using it nicer and close to how it worked without
the `encrypt_into` functions.

If we like `FixedBuffer` then I think we should try to open a PR
to `aead` crate and see if Tony wants it.

LMK what you think -- if we're happy with this, then in the next
PR I'm going to turn this into a trait, then make a version of it
that includes two "version tag" bytes so that we can have a nice
forwards-and-backwards-compatible wire format for the ECIES
ciphertexts. Once they get into the blockchain and into the recovery
db we cannot easliy change the algorithm if we don't have that.

* fix bug

* fix tests

* fix clippy

* Create versioned Ecies wire format, integrated with Ecies trait

* Add and use encrypt_fixed_length APIs for ECIES

This is much cleaner than the FixedBuffer thing

* Add better docu, references, naming, per code review comments

trait ECIES -> RistrettoEcies

* fixup previous

* Rename `ecies` to `ristretto-box`, and better README / docu

* Rename again per @jcape

* Move crate `public/crypto/mc-crypto-box` to `public/crypto/box` per discussion

* Additional functions in Java client for request codes and transfers (mobilecoinfoundation#42)

* Additional functions in Java client for request codes and transfers

* Document transfer function

* Change target to recipient

* 'host' = 'server'

* Client subaddress (mobilecoinfoundation#40)

* Use account/subaddress syntax

* Flesh out new account

* introduce mc-grpc-build and use it mobilecoind-api (mobilecoinfoundation#41)

* introduce mc-grpc-build and use it mobilecoind-api

* delete old autogenerated code

* build issue fix and comments

* grpc-build -> build-grpc

* comment and lock file

* readme and lock file

* use mcbuild-utils

Co-authored-by: Eran Rundstein <[email protected]>
Co-authored-by: Chris Beck <[email protected]>
Co-authored-by: tsegaran <[email protected]>
Co-authored-by: Robb Walters <[email protected]>
Co-authored-by: m a t t f a u l k n e r <[email protected]>
Co-authored-by: Brian Anderson <[email protected]>
Co-authored-by: James Cape <[email protected]>

.circleci/config.yml

@@ -3,7 +3,7 @@
 version: 2.1
 
 defaults:
-  builder-install: &builder-install gcr.io/mobilenode-211420/builder-install:1_8
+  builder-install: &builder-install gcr.io/mobilenode-211420/builder-install:1_9
 
 executors:
   build-executor:
@@ -202,7 +202,6 @@ jobs:
 
             # Crates that define macros (e.g. `digestible_derive`) link dynamically against libtest*.so, which sits here.
             export LD_LIBRARY_PATH="$HOME/.rustup/toolchains/$(rustup show active-toolchain | awk '{print $1}')/lib"
-            source /opt/intel/sgxsdk/environment
             echo "LD_LIBRARY_PATH = $LD_LIBRARY_PATH"
 
             # Run the test binaries for all the packages we're assigned by CircleCI's test splitting mechanism,

.gitignore

@@ -50,8 +50,6 @@ consensus/api/src/ledger_enclave_server.rs
 consensus/api/src/ledger_enclave_server_grpc.rs
 consensus/api/src/ledger_server.rs
 consensus/api/src/ledger_server_grpc.rs
-mobilecoind/api/src/mobilecoind_api.rs
-mobilecoind/api/src/mobilecoind_api_grpc.rs
 
 # Random junk
 .DS_Store

Cargo.toml

@@ -18,8 +18,8 @@ members = [
     "consensus/scp/play",
     "consensus/service",
     "crypto/ake/mcnoise",
+    "crypto/box",
     "crypto/digestible",
-    "crypto/ecies",
     "crypto/keys",
     "crypto/mcrand",
     "crypto/message-cipher",
@@ -49,6 +49,7 @@ members = [
     "transaction/core/test-utils",
     "transaction/std",
     "util/b58-payloads",
+    "util/build-grpc",
     "util/encodings",
     "util/generate-sample-ledger",
     "util/grpc",
@@ -86,5 +87,5 @@ rpath = true
 
 [patch.crates-io]
 rouille = { git = "https://github.com/tomaka/rouille/", rev = "db66a3b47af4271939e1aba21d0f36ccba3d1b70" }
-prost = { git = "https://github.com/cbeck88/prost", rev = "4e1905329369ca7a1cac3eda978ee9379167ee95" }
-prost-derive = { git = "https://github.com/cbeck88/prost", rev = "4e1905329369ca7a1cac3eda978ee9379167ee95" }
+prost = { git = "https://github.com/mobilecoinofficial/prost", rev = "4e1905329369ca7a1cac3eda978ee9379167ee95" }
+prost-derive = { git = "https://github.com/mobilecoinofficial/prost", rev = "4e1905329369ca7a1cac3eda978ee9379167ee95" }

attest/untrusted/README.md

@@ -1,6 +1,6 @@
-# Mobilenode Enclave API
+# MobileCoin Enclave API
 
-This crate contains the untrusted-facing APIs for a Mobilenode enclave. The goal is to provide an API to the enclave that interacts as a special-case of the more commonly understood object remoting. In particular, there should be an "untrusted" implementation of these APIs which lives in the node, and a "trusted" implementation of these APIs which lives in the enclave.
+This crate contains the untrusted-facing APIs for a MobileCoin enclave. The goal is to provide an API to the enclave that interacts as a special-case of the more commonly understood object remoting. In particular, there should be an "untrusted" implementation of these APIs which lives in the node, and a "trusted" implementation of these APIs which lives in the enclave.
 
 This particular use of remoting, where we simply want to cross a trust boundary that lives within the same process on the same machine, is significantly simplified from the typically-maligned *networked* remoting, and is therefore significantly less insane than most remoting frameworks. In this model, the typical workflow is something akin to this:
 

common/Cargo.toml

@@ -55,7 +55,7 @@ chrono = { version = "0.4", optional = true }
 hostname = { version = "0.1", optional = true }
 lazy_static = { version = "1.4", optional = true }
 mclogger-macros = { path = "../util/mclogger-macros", optional = true }
-sentry = { version = "0.16", optional = true, default-features = false, features = ["with_client_implementation", "with_default_transport", "with_panic", "with_failure", "with_device_info", "with_rust_info", "with_rustls"] }
+sentry = { version = "0.18", optional = true, default-features = false, features = ["with_client_implementation", "with_reqwest_transport", "with_panic", "with_failure", "with_device_info", "with_rust_info", "with_rustls"] }
 slog = { version = "2.5", features = ["dynamic-keys", "max_level_trace", "release_max_level_trace"], optional = true }
 slog-async = { version = "2.3", optional = true }
 slog-atomic = { version = "3.0", optional = true }

consensus/api/build.rs

@@ -8,7 +8,6 @@ fn compile_protos() {
         "transaction.proto",
         "blockchain.proto",
         "external.proto",
-        "ledger_enclave_server.proto",
         "consensus_client.proto",
         "consensus_common.proto",
         "consensus_peer.proto",

consensus/api/proto/external.proto

@@ -6,6 +6,9 @@ syntax = "proto3";
 
 package external;
 
+option java_package = "com.mobilecoin.consensus";
+option java_outer_classname = "ConsensusAPI";
+
 ///////////////////////////////////////////////////////////////////////////////
 // `keys` crate
 ///////////////////////////////////////////////////////////////////////////////
@@ -22,6 +25,10 @@ message CurvePoint {
     bytes data = 1;
 }
 
+message CompressedRistretto {
+    bytes data = 1;
+}
+
 message CurveScalar {
     bytes data = 1;
 }
@@ -47,29 +54,21 @@ message EncryptedFogHint {
 }
 
 ///////////////////////////////////////////////////////////////////////////////
-// `ringct` crate
+// Ring Signature
 ///////////////////////////////////////////////////////////////////////////////
 
-message RingCtInput {
-    RistrettoPublic address = 1;
-    CurvePoint commitment = 2;
-}
-
-message RingCtInputRow {
-    repeated RingCtInput row = 1;
-}
-
-message RingCtChallengeResponse {
-    repeated CurveScalar response = 1;
+message RingMLSAG {
+    CurveScalar c_zero = 1;
+    repeated CurveScalar responses = 2;
+    KeyImage key_image = 3;
 }
 
-message RingCtSignature {
-    repeated KeyImage key_images = 1;
-    repeated RingCtChallengeResponse challenge_responses = 2;
-    CurveScalar challenge = 3;
+message SignatureRctBulletproofs {
+    repeated RingMLSAG ring_signatures = 1;
+    repeated CompressedRistretto pseudo_output_commitments = 2;
+    bytes range_proofs = 3;
 }
 
-
 ///////////////////////////////////////////////////////////////////////////////
 // `ledger` crate
 ///////////////////////////////////////////////////////////////////////////////
@@ -145,12 +144,9 @@ message Tx {
     // The actual contents of the transaction
     TxPrefix prefix = 1;
 
-    // The RingCT signature on the prefix
-    RingCtSignature signature = 2;
-
-    // The range proofs to show the values are in the proper range
-    bytes range_proofs = 3;
-
     // The block index past which this submitted transaction is no longer valid
-    uint64 tombstone_block = 4;
+    uint64 tombstone_block = 2;
+
+    // The RingCT signature on the prefix
+    SignatureRctBulletproofs signature = 3;
 }