Adding abstractions for the omni-account in the worker (#3116)

common/primitives/core/Cargo.toml

@@ -7,18 +7,18 @@ version = '0.1.0'
 [dependencies]
 base58 = { version = "0.2", default-features = false }
 base64 = { version = "0.13", default-features = false, features = ["alloc"] }
-parity-scale-codec = { version = "3.6", default-features = false, features = ["derive", "max-encoded-len"] }
-strum = { version = "0.26", default-features = false }
-strum_macros = { version = "0.26", default-features = false }
-serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] }
-serde_json = { version = "=1.0.120", default-features = false }
+chrono = { version = "0.4", default-features = false, features = ["serde"] }
 der = { version = "0.6.0", default-features = false }
 hex = { version = "0.4", default-features = false }
 hex-literal = { version = "0.4.1", default-features = false }
-chrono = { version = "0.4", default-features = false, features = ["serde"] }
+parity-scale-codec = { version = "3.6", default-features = false, features = ["derive", "max-encoded-len"] }
 ring = { version = "0.16.20", default-features = false, features = ["alloc"] }
-x509-cert = { version = "0.1.0", default-features = false, features = ["alloc"] }
+serde = { version = "1.0", default-features = false, features = ["derive", "alloc"] }
+serde_json = { version = "=1.0.120", default-features = false }
+strum = { version = "0.26", default-features = false }
+strum_macros = { version = "0.26", default-features = false }
 webpki = { version = "=0.102.0-alpha.3", git = "https://github.com/rustls/webpki", rev = "da923ed", package = "rustls-webpki", default-features = false, features = ["alloc", "ring"] }
+x509-cert = { version = "0.1.0", default-features = false, features = ["alloc"] }
 
 frame-support = { git = "https://github.com/paritytech/polkadot-sdk", branch = "release-polkadot-v1.1.0", default-features = false }
 pallet-evm = { git = "https://github.com/paritytech/frontier", branch = "polkadot-v1.1.0", default-features = false }

common/primitives/core/src/lib.rs

@@ -32,9 +32,11 @@ pub use assertion::Assertion;
 pub mod identity;
 pub use identity::*;
 
-mod omni_account;
+pub mod omni_account;
 pub use omni_account::*;
 
+extern crate alloc;
+extern crate core;
 use alloc::{format, str, str::FromStr, string::String, vec, vec::Vec};
 use sp_runtime::{traits::ConstU32, BoundedVec};
 

common/primitives/core/src/teebag/sgx_verify/mod.rs

@@ -28,8 +28,6 @@
 //!
 //! * https://download.01.org/intel-sgx/linux-1.5/docs/Intel_SGX_Developer_Guide.pdf
 
-pub extern crate alloc;
-
 use self::{
     collateral::{EnclaveIdentity, TcbInfo},
     netscape_comment::NetscapeComment,

parachain/pallets/omni-account/Cargo.toml

@@ -13,7 +13,7 @@ scale-info = { workspace = true }
 frame-support = { workspace = true }
 frame-system = { workspace = true }
 sp-core = { workspace = true }
-sp-core-hashing = { workspace = true }
+
 sp-io = { workspace = true }
 sp-runtime = { workspace = true }
 sp-std = { workspace = true }

tee-worker/Cargo.toml

@@ -56,6 +56,7 @@ members = [
     "identity/litentry/core/native-task/sender",
     "identity/litentry/core/native-task/receiver",
     "identity/litentry/core/identity-verification",
+    "identity/litentry/core/omni-account",
     "identity/litentry/core/stf-task/sender",
     "identity/litentry/core/stf-task/receiver",
     "identity/litentry/core/service",
@@ -300,6 +301,7 @@ lc-stf-task-sender = { path = "identity/litentry/core/stf-task/sender", default-
 lc-stf-task-receiver = { path = "identity/litentry/core/stf-task/receiver", default-features = false }
 lc-vc-task-sender = { path = "identity/litentry/core/vc-task/sender", default-features = false }
 lc-vc-task-receiver = { path = "identity/litentry/core/vc-task/receiver", default-features = false }
+lc-omni-account = { path = "identity/app-libs/omni-account", default-features = false }
 lc-native-task-sender = { path = "identity/litentry/core/native-task/sender", default-features = false }
 lc-native-task-receiver = { path = "identity/litentry/core/native-task/receiver", default-features = false }
 

tee-worker/bitacross/enclave-runtime/src/ocall/on_chain_ocall.rs

@@ -125,9 +125,13 @@ impl EnclaveOnChainOCallApi for OcallApi {
 		Ok(storage_entries)
 	}
 
-	fn get_storage_keys(&self, key_prefix: Vec<u8>) -> Result<Vec<Vec<u8>>> {
-		// always using the latest state - we need to support optional header
-		let requests = vec![WorkerRequest::ChainStorageKeys(key_prefix, None)];
+	fn get_storage_keys<H: Header<Hash = H256>>(
+		&self,
+		key_prefix: Vec<u8>,
+		header: Option<&H>,
+	) -> Result<Vec<Vec<u8>>> {
+		let header_hash = header.map(|h| h.hash());
+		let requests = vec![WorkerRequest::ChainStorageKeys(key_prefix, header_hash)];
 
 		let responses: Vec<Vec<Vec<u8>>> = self
 			.worker_request::<Vec<u8>>(requests, &ParentchainId::Litentry)?

tee-worker/common/core-primitives/ocall-api/src/lib.rs

@@ -118,7 +118,11 @@ pub trait EnclaveOnChainOCallApi: Clone + Send + Sync {
 
 	// Litentry
 	// given a key prefix, get all storage keys
-	fn get_storage_keys(&self, key_prefix: Vec<u8>) -> Result<Vec<Vec<u8>>>;
+	fn get_storage_keys<H: Header<Hash = H256>>(
+		&self,
+		key_prefix: Vec<u8>,
+		header: Option<&H>,
+	) -> Result<Vec<Vec<u8>>>;
 }
 
 /// Trait for sending metric updates.

tee-worker/common/core-primitives/storage/Cargo.toml

@@ -23,6 +23,8 @@ sp-trie = { workspace = true }
 
 itp-types = { workspace = true }
 
+litentry-hex-utils = { workspace = true }
+
 [dev-dependencies]
 sp-state-machine = { workspace = true, features = ["std"] }
 

tee-worker/common/core-primitives/storage/src/keys.rs

@@ -15,9 +15,11 @@
 
 */
 
-use codec::Encode;
+use alloc::{string::String, vec::Vec};
+use codec::{Decode, Encode};
 use frame_metadata::v14::StorageHasher;
-use sp_std::vec::Vec;
+use frame_support::{Blake2_128Concat, ReversibleStorageHasher};
+use litentry_hex_utils::decode_hex;
 
 pub fn storage_value_key(module_prefix: &str, storage_prefix: &str) -> Vec<u8> {
 	let mut bytes = sp_core::twox_128(module_prefix.as_bytes()).to_vec();
@@ -37,6 +39,16 @@ pub fn storage_map_key<K: Encode>(
 	bytes
 }
 
+pub fn extract_blake2_128concat_key<K: Decode>(raw_storage_key: &[u8]) -> Option<K> {
+	let mut raw_key = Blake2_128Concat::reverse(raw_storage_key);
+	K::decode(&mut raw_key).ok()
+}
+
+pub fn decode_storage_key(raw_key: Vec<u8>) -> Option<Vec<u8>> {
+	let hex_key = String::decode(&mut raw_key.as_slice()).unwrap_or_default();
+	decode_hex(hex_key).ok()
+}
+
 pub fn storage_double_map_key<K: Encode, Q: Encode>(
 	module_prefix: &str,
 	storage_prefix: &str,

tee-worker/common/core-primitives/storage/src/lib.rs

@@ -23,6 +23,8 @@ compile_error!("feature \"std\" and feature \"sgx\" cannot be enabled at the sam
 #[cfg(all(not(feature = "std"), feature = "sgx"))]
 extern crate sgx_tstd as std;
 
+extern crate alloc;
+
 pub use error::Error;
 pub use frame_metadata::v14::StorageHasher;
 pub use keys::*;

tee-worker/common/core-primitives/test/src/mock/onchain_mock.rs

@@ -223,7 +223,11 @@ impl EnclaveOnChainOCallApi for OnchainMock {
 		Ok(entries)
 	}
 
-	fn get_storage_keys(&self, _key_prefix: Vec<u8>) -> Result<Vec<Vec<u8>>, itp_ocall_api::Error> {
+	fn get_storage_keys<H: HeaderTrait<Hash = H256>>(
+		&self,
+		_key_prefix: Vec<u8>,
+		_header: Option<&H>,
+	) -> Result<Vec<Vec<u8>>, itp_ocall_api::Error> {
 		Ok(Default::default())
 	}
 }

tee-worker/common/litentry/primitives/src/lib.rs

@@ -72,6 +72,7 @@ pub use parentchain_primitives::{
 	},
 	decl_rsa_request,
 	identity::*,
+	omni_account::*,
 	teebag::*,
 	AccountId as ParentchainAccountId, Balance as ParentchainBalance,
 	BlockNumber as ParentchainBlockNumber, ErrorDetail, ErrorString, Hash as ParentchainHash,

tee-worker/identity/core-primitives/stf-executor/Cargo.toml

@@ -15,6 +15,7 @@ itp-node-api = { workspace = true }
 itp-ocall-api = { workspace = true }
 itp-sgx-crypto = { workspace = true }
 itp-sgx-externalities = { workspace = true }
+itp-sgx-io = { workspace = true }
 itp-stf-interface = { workspace = true }
 itp-stf-primitives = { workspace = true }
 itp-stf-state-handler = { workspace = true }

tee-worker/identity/enclave-runtime/src/ocall/on_chain_ocall.rs

@@ -125,9 +125,13 @@ impl EnclaveOnChainOCallApi for OcallApi {
 		Ok(storage_entries)
 	}
 
-	fn get_storage_keys(&self, key_prefix: Vec<u8>) -> Result<Vec<Vec<u8>>> {
-		// always using the latest state - we need to support optional header
-		let requests = vec![WorkerRequest::ChainStorageKeys(key_prefix, None)];
+	fn get_storage_keys<H: Header<Hash = H256>>(
+		&self,
+		key_prefix: Vec<u8>,
+		header: Option<&H>,
+	) -> Result<Vec<Vec<u8>>> {
+		let header_hash = header.map(|h| h.hash());
+		let requests = vec![WorkerRequest::ChainStorageKeys(key_prefix, header_hash)];
 
 		let responses: Vec<Vec<Vec<u8>>> = self
 			.worker_request::<Vec<u8>>(requests, &ParentchainId::Litentry)?

tee-worker/identity/enclave-runtime/src/test/mocks/propose_to_import_call_mock.rs

@@ -84,7 +84,11 @@ impl EnclaveOnChainOCallApi for ProposeToImportOCallApi {
 		todo!()
 	}
 
-	fn get_storage_keys(&self, _key_prefix: Vec<u8>) -> Result<Vec<Vec<u8>>> {
+	fn get_storage_keys<H: ParentchainHeaderTrait<Hash = H256>>(
+		&self,
+		_key_prefix: Vec<u8>,
+		_header: Option<&H>,
+	) -> Result<Vec<Vec<u8>>> {
 		todo!()
 	}
 }

tee-worker/identity/litentry/core/assertion-build/src/a13.rs

@@ -24,6 +24,7 @@ use crate::*;
 use codec::Decode;
 use frame_support::storage::storage_prefix;
 use itp_ocall_api::EnclaveOnChainOCallApi;
+use itp_types::parentchain::Header;
 use lc_credentials::IssuerRuntimeVersion;
 use litentry_primitives::Address32;
 
@@ -39,7 +40,7 @@ pub fn build<O: EnclaveOnChainOCallApi>(
 	debug!("Assertion A13 build, who: {:?}", account_id_to_string(&who));
 
 	let key_prefix = storage_prefix(b"VCManagement", b"Delegatee");
-	let response = ocall_api.get_storage_keys(key_prefix.into()).map_err(|_| {
+	let response = ocall_api.get_storage_keys::<Header>(key_prefix.into(), None).map_err(|_| {
 		Error::RequestVCFailed(Assertion::A13(who.clone()), ErrorDetail::ParseError)
 	})?;
 	let keys: Vec<String> = response

tee-worker/identity/litentry/core/omni-account/Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+authors = ["Trust Computing GmbH <[email protected]>"]
+edition = "2021"
+name = "lc-omni-account"
+version = "0.1.0"
+
+[dependencies]
+litentry-primitives = { workspace = true }
+
+itp-ocall-api = { workspace = true }
+itp-storage = { workspace = true }
+itp-types = { workspace = true }
+
+frame-support = { workspace = true }
+lazy_static = { workspace = true }
+log = { workspace = true }
+sp-core = { workspace = true }
+
+sgx_tstd = { workspace = true, features = ["net", "thread"], optional = true }
+
+[features]
+default = ["std"]
+std = [
+    "litentry-primitives/std",
+    "frame-support/std",
+    "itp-storage/std",
+    "itp-types/std",
+]
+sgx = [
+    "litentry-primitives/sgx",
+    "sgx_tstd",
+]