Merge pull request #36 from integritee-network/ec_runtime_from_metadata

Parentchain's metadata in enclave

Cargo.lock

@@ -15,7 +15,7 @@ dependencies = [
 [[package]]
 name = "ac-compose-macros"
 version = "0.1.0"
-source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#5d52257df0386562e9c3b7cb6cbf06f8f9df1861"
+source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#d576bdc23caaf16b6e707fb756b3ab6279dba89a"
 dependencies = [
  "ac-primitives",
  "log 0.4.17",
@@ -27,11 +27,11 @@ dependencies = [
 [[package]]
 name = "ac-node-api"
 version = "0.1.0"
-source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#5d52257df0386562e9c3b7cb6cbf06f8f9df1861"
+source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#d576bdc23caaf16b6e707fb756b3ab6279dba89a"
 dependencies = [
  "ac-primitives",
  "derive_more",
- "frame-metadata",
+ "frame-metadata 15.0.0 (git+https://github.com/integritee-network/frame-metadata)",
  "frame-support",
  "frame-system",
  "hex",
@@ -50,7 +50,7 @@ dependencies = [
 [[package]]
 name = "ac-primitives"
 version = "0.1.0"
-source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#5d52257df0386562e9c3b7cb6cbf06f8f9df1861"
+source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#d576bdc23caaf16b6e707fb756b3ab6279dba89a"
 dependencies = [
  "hex",
  "parity-scale-codec",
@@ -1213,13 +1213,24 @@ dependencies = [
  "serde 1.0.137",
 ]
 
+[[package]]
+name = "frame-metadata"
+version = "15.0.0"
+source = "git+https://github.com/integritee-network/frame-metadata#3b43da9821238681f9431276d55b92a079142083"
+dependencies = [
+ "cfg-if 1.0.0",
+ "parity-scale-codec",
+ "scale-info",
+ "serde 1.0.137",
+]
+
 [[package]]
 name = "frame-support"
 version = "4.0.0-dev"
 source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.24#814752f60ab8cce7e2ece3ce0c1b10799b4eab28"
 dependencies = [
  "bitflags",
- "frame-metadata",
+ "frame-metadata 15.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "frame-support-procedural",
  "impl-trait-for-tuples",
  "k256",
@@ -2279,7 +2290,6 @@ dependencies = [
  "frame-support",
  "frame-system",
  "integritee-node-runtime",
- "itp-settings",
  "itp-storage",
  "itp-types",
  "itp-utils",
@@ -2364,7 +2374,6 @@ dependencies = [
  "sp-runtime",
  "thiserror 1.0.31",
  "thiserror 1.0.9",
- "tiny-keccak 2.0.2",
 ]
 
 [[package]]
@@ -2377,8 +2386,8 @@ dependencies = [
  "futures 0.3.8",
  "ita-stf",
  "itp-extrinsics-factory",
+ "itp-node-api-extensions",
  "itp-ocall-api",
- "itp-settings",
  "itp-sgx-crypto",
  "itp-stf-executor",
  "itp-test",
@@ -2394,6 +2403,7 @@ dependencies = [
  "substrate-api-client",
  "thiserror 1.0.31",
  "thiserror 1.0.9",
+ "tiny-keccak 2.0.2",
 ]
 
 [[package]]
@@ -2614,8 +2624,8 @@ dependencies = [
 name = "itp-extrinsics-factory"
 version = "0.8.0"
 dependencies = [
+ "itp-node-api-extensions",
  "itp-nonce-cache",
- "itp-settings",
  "itp-types",
  "log 0.4.17",
  "parity-scale-codec",
@@ -2634,11 +2644,14 @@ version = "0.8.0"
 dependencies = [
  "itp-types",
  "parity-scale-codec",
+ "sgx_tstd",
+ "sgx_types",
  "sp-core",
  "sp-finality-grandpa",
  "sp-runtime",
  "substrate-api-client",
  "thiserror 1.0.31",
+ "thiserror 1.0.9",
 ]
 
 [[package]]
@@ -2726,6 +2739,7 @@ name = "itp-stf-executor"
 version = "0.8.0"
 dependencies = [
  "ita-stf",
+ "itp-node-api-extensions",
  "itp-ocall-api",
  "itp-sgx-crypto",
  "itp-stf-state-handler",
@@ -2742,6 +2756,7 @@ dependencies = [
  "sgx_types",
  "sp-core",
  "sp-runtime",
+ "substrate-api-client",
  "thiserror 1.0.31",
  "thiserror 1.0.9",
 ]
@@ -2775,7 +2790,7 @@ name = "itp-storage"
 version = "0.8.0"
 dependencies = [
  "derive_more",
- "frame-metadata",
+ "frame-metadata 15.0.0 (registry+https://github.com/rust-lang/crates.io-index)",
  "frame-support",
  "hash-db",
  "itp-types",
@@ -2924,7 +2939,7 @@ name = "its-block-composer"
 version = "0.8.0"
 dependencies = [
  "ita-stf",
- "itp-settings",
+ "itp-node-api-extensions",
  "itp-sgx-crypto",
  "itp-stf-executor",
  "itp-time-utils",
@@ -6906,12 +6921,12 @@ dependencies = [
 [[package]]
 name = "substrate-api-client"
 version = "0.6.0"
-source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#5d52257df0386562e9c3b7cb6cbf06f8f9df1861"
+source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#d576bdc23caaf16b6e707fb756b3ab6279dba89a"
 dependencies = [
  "ac-compose-macros",
  "ac-node-api",
  "ac-primitives",
- "frame-metadata",
+ "frame-metadata 15.0.0 (git+https://github.com/integritee-network/frame-metadata)",
  "frame-support",
  "frame-system",
  "hex",
@@ -6926,6 +6941,7 @@ dependencies = [
  "sp-core",
  "sp-rpc",
  "sp-runtime",
+ "sp-runtime-interface",
  "sp-std 4.0.0 (git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.24)",
  "sp-version",
  "thiserror 1.0.31",
@@ -6948,7 +6964,7 @@ dependencies = [
 [[package]]
 name = "substrate-client-keystore"
 version = "0.6.0"
-source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#081d98ec22bad60abf9373fabf5d2ee8270c1d5d"
+source = "git+https://github.com/scs/substrate-api-client?branch=polkadot-v0.9.24#d576bdc23caaf16b6e707fb756b3ab6279dba89a"
 dependencies = [
  "async-trait",
  "hex",

app-libs/exchange-oracle/src/certificates/amazon_root_ca_a.pem

@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsF
+ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6
+b24gUm9vdCBDQSAxMB4XDTE1MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTEL
+MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv
+b3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALJ4gHHKeNXj
+ca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgHFzZM
+9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qw
+IFAGbHrQgLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6
+VOujw5H5SNz/0egwLX0tdHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L
+93FcXmn/6pUCyziKrlA4b9v7LWIbxcceVOF34GfID5yHI9Y/QCB/IIDEgEw+OyQm
+jgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3DQEBCwUA
+A4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDI
+U5PMCCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUs
+N+gDS63pYaACbvXy8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vv
+o/ufQJVtMVT8QtPHRh8jrdkPSHCa2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU
+5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2xJNDd2ZhwLnoQdeXeGADbkpy
+rqXRfboQnoZsG4q5WTP468SQvvG5
+-----END CERTIFICATE-----

app-libs/exchange-oracle/src/coin_market_cap.rs

@@ -43,8 +43,7 @@ const FIAT_CURRENCY_PARAM: &str = "convert_id";
 const CRYPTO_CURRENCY_PARAM: &str = "id";
 const COINMARKETCAP_PATH: &str = "v2/cryptocurrency/quotes/latest"; // API endpoint to get the exchange rate with a basic API plan (free)
 const COINMARKETCAP_TIMEOUT: Duration = Duration::from_secs(3u64);
-const COINMARKETCAP_ROOT_CERTIFICATE: &str =
-	include_str!("certificates/baltimore_cyber_trust_root_v3.pem");
+const COINMARKETCAP_ROOT_CERTIFICATE: &str = include_str!("certificates/amazon_root_ca_a.pem");
 
 lazy_static! {
 	static ref CRYPTO_SYMBOL_ID_MAP: HashMap<&'static str, &'static str> =

app-libs/stf/Cargo.toml

@@ -14,7 +14,6 @@ log = { version = "0.4", default-features = false }
 sgx_tstd = { branch = "master", features = ["untrusted_fs","net","backtrace"], git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
 
 # local crates
-itp-settings = { path = "../../core-primitives/settings" }
 itp-storage = { default-features = false, path = "../../core-primitives/storage" }
 its-state = { default-features = false, optional = true, path = "../../sidechain/state" }
 
@@ -74,7 +73,7 @@ std = [
     "sidechain-primitives/std",
     "sgx-externalities/std",
     "sp-io/std",
-    "substrate-api-client",
+    "substrate-api-client/std",
     "substrate-client-keystore",
 ]
 test = []

app-libs/stf/src/helpers.rs

@@ -60,6 +60,7 @@ pub fn get_storage_double_map<K: Encode, Q: Encode, V: Decode + Clone>(
 	get_storage_by_key_hash(key)
 }
 
+/// Get value in storage.
 pub fn get_storage_by_key_hash<V: Decode>(key: Vec<u8>) -> Option<V> {
 	if let Some(value_encoded) = sp_io::storage::get(&key) {
 		if let Ok(value) = Decode::decode(&mut value_encoded.as_slice()) {
@@ -74,7 +75,7 @@ pub fn get_storage_by_key_hash<V: Decode>(key: Vec<u8>) -> Option<V> {
 	}
 }
 
-// get the AccountInfo key where the account is stored
+/// Get the AccountInfo key where the account is stored.
 pub fn account_key_hash(account: &AccountId) -> Vec<u8> {
 	storage_map_key("System", "Account", account, &StorageHasher::Blake2_128Concat)
 }
@@ -149,11 +150,11 @@ pub fn account_data(account: &AccountId) -> Option<AccountData> {
 }
 
 pub fn root() -> AccountId {
-	get_storage_value("Sudo", "Key").unwrap()
+	get_storage_value("Sudo", "Key").expect("No root account")
 }
 
 pub fn enclave_signer_account() -> AccountId {
-	get_storage_value("Sudo", ENCLAVE_ACCOUNT_KEY).unwrap()
+	get_storage_value("Sudo", ENCLAVE_ACCOUNT_KEY).expect("No enclave account")
 }
 
 // FIXME: Use Option<ParentchainHeader:Hash> as return type after fixing sgx-runtime issue #37

app-libs/stf/src/stf_sgx.rs

@@ -28,7 +28,6 @@ use crate::{
 	ENCLAVE_ACCOUNT_KEY,
 };
 use codec::Encode;
-use itp_settings::node::{TEEREX_MODULE, UNSHIELD_FUNDS};
 use itp_storage::storage_value_key;
 use itp_types::OpaqueCall;
 use itp_utils::stringify::account_id_to_string;
@@ -41,7 +40,6 @@ use sp_io::hashing::blake2_256;
 use sp_runtime::MultiAddress;
 use std::{format, prelude::v1::*, vec};
 use support::traits::UnfilteredDispatchable;
-
 impl Stf {
 	pub fn init_state(enclave_account: AccountId) -> State {
 		debug!("initializing stf state, account id {}", account_id_to_string(&enclave_account));
@@ -127,6 +125,7 @@ impl Stf {
 		ext: &mut impl SgxExternalitiesTrait,
 		call: TrustedCallSigned,
 		calls: &mut Vec<OpaqueCall>,
+		unshield_funds_fn: [u8; 2],
 	) -> StfResult<()> {
 		let call_hash = blake2_256(&call.encode());
 		ext.execute_with(|| {
@@ -186,7 +185,7 @@ impl Stf {
 
 					Self::unshield_funds(account_incognito, value)?;
 					calls.push(OpaqueCall::from_tuple(&(
-						[TEEREX_MODULE, UNSHIELD_FUNDS],
+						unshield_funds_fn,
 						beneficiary,
 						value,
 						shard,

app-libs/stf/src/stf_sgx_tests.rs

@@ -50,7 +50,7 @@ pub fn shield_funds_increments_signer_account_nonce() {
 		Signature::Ed25519(Ed25519Signature([0u8; 64])),
 	);
 
-	Stf::execute(&mut state, shield_funds_call, &mut Vec::new()).unwrap();
+	Stf::execute(&mut state, shield_funds_call, &mut Vec::new(), [0u8, 1u8]).unwrap();
 	assert_eq!(1, Stf::account_nonce(&mut state, &enclave_signer_account_id));
 }
 

core-primitives/component-container/src/component_container.rs

@@ -95,6 +95,6 @@ impl<Component> ComponentGetter for ComponentContainer<Component> {
 			.container
 			.load()
 			.ok_or_else(|| Error::ComponentNotInitialized(self.to_string()))?;
-		Ok(component_mutex.lock().unwrap().clone())
+		Ok(component_mutex.lock().expect("Lock poisoning").clone())
 	}
 }

core-primitives/enclave-api/ffi/src/lib.rs

@@ -78,6 +78,13 @@ extern "C" {
 		nonce: *const u32,
 	) -> sgx_status_t;
 
+	pub fn set_node_metadata(
+		eid: sgx_enclave_id_t,
+		retval: *mut sgx_status_t,
+		node_metadata: *const u8,
+		node_metadata_size: u32,
+	) -> sgx_status_t;
+
 	pub fn get_rsa_encryption_pubkey(
 		eid: sgx_enclave_id_t,
 		retval: *mut sgx_status_t,

core-primitives/enclave-api/src/enclave_base.rs

@@ -56,6 +56,8 @@ pub trait EnclaveBase: Send + Sync + 'static {
 
 	fn set_nonce(&self, nonce: u32) -> EnclaveResult<()>;
 
+	fn set_node_metadata(&self, metadata: Vec<u8>) -> EnclaveResult<()>;
+
 	fn get_state(&self, cyphertext: Vec<u8>, shard: Vec<u8>) -> EnclaveResult<Vec<u8>>;
 
 	fn get_rsa_shielding_pubkey(&self) -> EnclaveResult<Rsa3072PubKey>;
@@ -127,7 +129,8 @@ impl EnclaveBase for Enclave {
 	) -> EnclaveResult<SpHeader> {
 		let latest_header_encoded = init_light_client_ffi(self.eid, params.encode())?;
 
-		let latest: SpHeader = Decode::decode(&mut latest_header_encoded.as_slice()).unwrap();
+		let latest: SpHeader =
+			Decode::decode(&mut latest_header_encoded.as_slice()).expect("Invalid header");
 		info!("Latest Header {:?}", latest);
 
 		Ok(latest)
@@ -167,6 +170,19 @@ impl EnclaveBase for Enclave {
 		Ok(())
 	}
 
+	fn set_node_metadata(&self, metadata: Vec<u8>) -> EnclaveResult<()> {
+		let mut retval = sgx_status_t::SGX_SUCCESS;
+
+		let result = unsafe {
+			ffi::set_node_metadata(self.eid, &mut retval, metadata.as_ptr(), metadata.len() as u32)
+		};
+
+		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
+		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
+
+		Ok(())
+	}
+
 	fn get_state(&self, cyphertext: Vec<u8>, shard: Vec<u8>) -> EnclaveResult<Vec<u8>> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 
@@ -210,7 +226,8 @@ impl EnclaveBase for Enclave {
 		ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
 		ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
 
-		let rsa_pubkey: Rsa3072PubKey = serde_json::from_slice(pubkey.as_slice()).unwrap();
+		let rsa_pubkey: Rsa3072PubKey =
+			serde_json::from_slice(pubkey.as_slice()).expect("Invalid public key");
 		debug!("got RSA pubkey {:?}", rsa_pubkey);
 		Ok(rsa_pubkey)
 	}