updating bitacross executor types

litentry · Oct 9, 2024 · ad058bb · ad058bb
1 parent 12cb305
commit ad058bb
Show file tree

Hide file tree

Showing 22 changed files with 426 additions and 108 deletions.
diff --git a/tee-worker/Cargo.lock b/tee-worker/Cargo.lock
diff --git a/tee-worker/bitacross/app-libs/stf/Cargo.toml b/tee-worker/bitacross/app-libs/stf/Cargo.toml
@@ -15,6 +15,8 @@ sgx_tstd = { workspace = true, features = ["untrusted_fs", "net", "backtrace"],
 itp-hashing = { workspace = true }
 itp-node-api = { workspace = true }
 itp-sgx-externalities = { workspace = true }
+itp-ocall-api = { workspace = true }
+itp-sgx-crypto = { workspace = true }
 itp-stf-interface = { workspace = true }
 itp-stf-primitives = { workspace = true }
 itp-storage = { workspace = true }
@@ -47,6 +49,7 @@ sgx = [
     "sp-io/sgx",
     "itp-node-api/sgx",
     "litentry-primitives/sgx",
+    "itp-sgx-crypto/sgx",
 ]
 std = [
     # crates.io
@@ -68,6 +71,7 @@ std = [
     "pallet-parentchain/std",
     "sp-io/std",
     "litentry-primitives/std",
+    "itp-sgx-crypto/std",
 ]
 test = []
 development = [

diff --git a/tee-worker/bitacross/app-libs/stf/src/stf_sgx.rs b/tee-worker/bitacross/app-libs/stf/src/stf_sgx.rs
@@ -27,6 +27,9 @@ use ita_sgx_runtime::{
 	Executive, ParentchainInstanceLitentry, ParentchainInstanceTargetA, ParentchainInstanceTargetB,
 };
 use itp_node_api::metadata::{provider::AccessNodeMetadata, NodeMetadataTrait};
+use itp_ocall_api::EnclaveOnChainOCallApi;
+// TODO: use use Aes256 when available
+use itp_sgx_crypto::{key_repository::AccessKey, Aes};
 use itp_sgx_externalities::SgxExternalitiesTrait;
 use itp_stf_interface::{
 	parentchain_pallet::ParentchainPalletInstancesInterface,
@@ -46,7 +49,7 @@ use itp_types::{
 };
 use itp_utils::stringify::account_id_to_string;
 use log::*;
-use sp_runtime::traits::StaticLookup;
+use sp_runtime::traits::{Header as HeaderTrait, StaticLookup};
 use std::{fmt::Debug, format, prelude::v1::*, sync::Arc, vec};
 
 impl<TCS, G, State, Runtime, AccountId> InitState<State, AccountId> for Stf<TCS, G, State, Runtime>
@@ -135,11 +138,27 @@ where
 	}
 }
 
-impl<TCS, G, State, Runtime, NodeMetadataRepository>
-	StateCallInterface<TCS, State, NodeMetadataRepository> for Stf<TCS, G, State, Runtime>
+impl<
+		TCS,
+		G,
+		State,
+		Runtime,
+		NodeMetadataRepository,
+		OCallApi,
+		PH,
+		OnChainEncryptionKeyRepository,
+	>
+	StateCallInterface<
+		TCS,
+		State,
+		NodeMetadataRepository,
+		OCallApi,
+		PH,
+		OnChainEncryptionKeyRepository,
+	> for Stf<TCS, G, State, Runtime>
 where
 	TCS: PartialEq
-		+ ExecuteCall<NodeMetadataRepository>
+		+ ExecuteCall<NodeMetadataRepository, OCallApi, PH, OnChainEncryptionKeyRepository>
 		+ Encode
 		+ Decode
 		+ Debug
@@ -150,6 +169,9 @@ where
 	State: SgxExternalitiesTrait + Debug,
 	NodeMetadataRepository: AccessNodeMetadata,
 	NodeMetadataRepository::MetadataType: NodeMetadataTrait,
+	OCallApi: EnclaveOnChainOCallApi,
+	PH: HeaderTrait<Hash = H256>,
+	OnChainEncryptionKeyRepository: AccessKey<KeyType = Aes>,
 {
 	type Error = TCS::Error;
 	type Result = TCS::Result;
@@ -161,8 +183,21 @@ where
 		top_hash: H256,
 		calls: &mut Vec<ParentchainCall>,
 		node_metadata_repo: Arc<NodeMetadataRepository>,
+		ocall_api: Arc<OCallApi>,
+		parentchain_header: &PH,
+		on_chain_encryption_key_repo: Arc<OnChainEncryptionKeyRepository>,
 	) -> Result<Self::Result, Self::Error> {
-		state.execute_with(|| call.execute(shard, top_hash, calls, node_metadata_repo))
+		state.execute_with(|| {
+			call.execute(
+				shard,
+				top_hash,
+				calls,
+				node_metadata_repo,
+				ocall_api,
+				parentchain_header,
+				on_chain_encryption_key_repo,
+			)
+		})
 	}
 }
 

diff --git a/tee-worker/bitacross/app-libs/stf/src/stf_sgx_tests.rs b/tee-worker/bitacross/app-libs/stf/src/stf_sgx_tests.rs
@@ -18,21 +18,30 @@
 use crate::{Getter, State, Stf, TrustedCall, TrustedCallSigned};
 use ita_sgx_runtime::Runtime;
 use itp_node_api::metadata::{metadata_mocks::NodeMetadataMock, provider::NodeMetadataRepository};
+use itp_ocall_api::mock::OnchainMock;
+use itp_sgx_crypto::{key_repository::AccessKey, mocks::KeyRepositoryMock, Aes};
 use itp_stf_interface::{
 	sudo_pallet::SudoPalletInterface, system_pallet::SystemPalletAccountInterface, InitState,
 	StateCallInterface,
 };
 use itp_stf_primitives::types::{AccountId, ShardIdentifier};
-use itp_types::parentchain::ParentchainId;
+use itp_types::{parentchain::ParentchainId, Header};
 use litentry_primitives::LitentryMultiSignature;
 use sp_core::{
 	ed25519::{Pair as Ed25519Pair, Signature as Ed25519Signature},
 	Pair,
 };
+use sp_runtime::traits::Header as HeaderTrait;
 use std::{sync::Arc, vec::Vec};
 
+type EncryptionKeyRepositoryMock = KeyRepositoryMock<Aes>;
+
 pub type StfState = Stf<TrustedCallSigned, Getter, State, Runtime>;
 
+pub fn latest_parentchain_header() -> Header {
+	Header::new(1, Default::default(), Default::default(), [69; 32].into(), Default::default())
+}
+
 pub fn enclave_account_initialization_works() {
 	let enclave_account = AccountId::new([2u8; 32]);
 	let mut state = StfState::init_state(enclave_account.clone());
@@ -48,6 +57,7 @@ pub fn shield_funds_increments_signer_account_nonce() {
 	let enclave_call_signer = Ed25519Pair::from_seed(b"14672678901234567890123456789012");
 	let enclave_signer_account_id: AccountId = enclave_call_signer.public().into();
 	let mut state = StfState::init_state(enclave_signer_account_id.clone());
+	let ocall_api = Arc::new(OnchainMock::default());
 
 	let shield_funds_call = TrustedCallSigned::new(
 		TrustedCall::balance_shield(
@@ -62,13 +72,17 @@ pub fn shield_funds_increments_signer_account_nonce() {
 
 	let repo = Arc::new(NodeMetadataRepository::new(NodeMetadataMock::new()));
 	let shard = ShardIdentifier::default();
+	let encryption_key_repository = Arc::new(EncryptionKeyRepositoryMock::new(Aes::default()));
 	StfState::execute_call(
 		&mut state,
 		&shard,
 		shield_funds_call,
 		Default::default(),
 		&mut Vec::new(),
 		repo,
+		ocall_api.clone(),
+		&latest_parentchain_header(),
+		encryption_key_repository.clone(),
 	)
 	.unwrap();
 	assert_eq!(1, StfState::get_account_nonce(&mut state, &enclave_signer_account_id));

diff --git a/tee-worker/bitacross/app-libs/stf/src/trusted_call.rs b/tee-worker/bitacross/app-libs/stf/src/trusted_call.rs
@@ -24,6 +24,9 @@ use codec::{Decode, Encode};
 use frame_support::{ensure, traits::UnfilteredDispatchable};
 pub use ita_sgx_runtime::{Balance, Index, Runtime, System};
 use itp_node_api::metadata::{provider::AccessNodeMetadata, NodeMetadataTrait};
+use itp_ocall_api::EnclaveOnChainOCallApi;
+// TODO: use use Aes256 when available
+use itp_sgx_crypto::{key_repository::AccessKey, Aes};
 
 use itp_stf_interface::ExecuteCall;
 use itp_stf_primitives::{
@@ -46,7 +49,7 @@ use sp_core::{
 	ed25519,
 };
 use sp_io::hashing::blake2_256;
-use sp_runtime::MultiAddress;
+use sp_runtime::{traits::Header as HeaderTrait, MultiAddress};
 use std::{format, prelude::v1::*, sync::Arc};
 
 #[derive(Encode, Decode, Clone, Debug, PartialEq, Eq)]
@@ -156,10 +159,15 @@ impl TrustedCallVerification for TrustedCallSigned {
 	}
 }
 
-impl<NodeMetadataRepository> ExecuteCall<NodeMetadataRepository> for TrustedCallSigned
+impl<NodeMetadataRepository, OCallApi, PH, OnChainEncryptionKeyRepository>
+	ExecuteCall<NodeMetadataRepository, OCallApi, PH, OnChainEncryptionKeyRepository>
+	for TrustedCallSigned
 where
 	NodeMetadataRepository: AccessNodeMetadata,
 	NodeMetadataRepository::MetadataType: NodeMetadataTrait,
+	OCallApi: EnclaveOnChainOCallApi,
+	PH: HeaderTrait<Hash = H256>,
+	OnChainEncryptionKeyRepository: AccessKey<KeyType = Aes>,
 {
 	type Error = StfError;
 	type Result = TrustedCallResult;
@@ -203,6 +211,9 @@ where
 		_top_hash: H256,
 		_calls: &mut Vec<ParentchainCall>,
 		_node_metadata_repo: Arc<NodeMetadataRepository>,
+		_ocall_api: Arc<OCallApi>,
+		_parentchain_header: &PH,
+		_on_chain_encryption_key_repo: Arc<OnChainEncryptionKeyRepository>,
 	) -> Result<Self::Result, Self::Error> {
 		let sender = self.call.sender_identity().clone();
 		let account_id: AccountId = sender.to_account_id().ok_or(Self::Error::InvalidAccount)?;