From d6b1a72b6830c83a6c71bb5bd1e653da52bfdad6 Mon Sep 17 00:00:00 2001 From: Elden Young <59600396+ytqaljn@users.noreply.github.com> Date: Wed, 24 Jan 2024 11:47:04 +0800 Subject: [PATCH] fix: payload (#291) --- crates/cestory/api/src/proto_generated/mod.rs | 4 +- crates/cestory/src/ceseal_service.rs | 5 ++- pallets/tee-worker/src/lib.rs | 13 +++++- standalone/chain/node/src/chain_spec.rs | 6 +-- standalone/chain/runtime/src/lib.rs | 2 +- standalone/teeworker/cifrost/src/endpoint.rs | 43 +++++++++++-------- 6 files changed, 44 insertions(+), 29 deletions(-) diff --git a/crates/cestory/api/src/proto_generated/mod.rs b/crates/cestory/api/src/proto_generated/mod.rs index a929debd..a34cb159 100644 --- a/crates/cestory/api/src/proto_generated/mod.rs +++ b/crates/cestory/api/src/proto_generated/mod.rs @@ -254,14 +254,14 @@ impl crate::crpc::SetEndpointRequest { impl crate::crpc::GetEndpointResponse { pub fn decode_endpoint_payload( &self, - ) -> Result, ScaleDecodeError> { + ) -> Result, ScaleDecodeError> { self.encoded_endpoint_payload .as_ref() .map(|v| Decode::decode(&mut &v[..])) .transpose() } pub fn new( - endpoint_payload: Option, + endpoint_payload: Option, signature: Option<::prost::alloc::vec::Vec>, ) -> Self { Self { diff --git a/crates/cestory/src/ceseal_service.rs b/crates/cestory/src/ceseal_service.rs index d0c570bb..a28f5211 100644 --- a/crates/cestory/src/ceseal_service.rs +++ b/crates/cestory/src/ceseal_service.rs @@ -2,7 +2,7 @@ use super::*; use crate::system::System; use ces_crypto::{key_share, sr25519::KDF, SecretKey}; use ces_types::{ - attestation::{validate as validate_attestation_report, IasFields}, messaging::EncryptedKey, wrap_content_to_sign, AttestationReport, BasePayload, ChallengeHandlerInfo, EncryptedWorkerKey, HandoverChallenge, SignedContentType, WorkerEndpointPayload, WorkerRegistrationInfo + attestation::{validate as validate_attestation_report, IasFields}, messaging::EncryptedKey, wrap_content_to_sign, AttestationReport, BasePayload, ChallengeHandlerInfo, EncryptedWorkerKey, HandoverChallenge, SignedContentType, WorkerAction, WorkerEndpointPayload, WorkerRegistrationInfo }; use cestory_api::{ blocks::{self, StorageState}, @@ -934,6 +934,7 @@ impl Ceseal { let endpoint = self.endpoint.clone(); let base_payload = BasePayload { pubkey: public_key, signing_time: block_time }; let endpoint_payload = WorkerEndpointPayload { endpoint, base: base_payload }; + let endpoint_payload = WorkerAction::UpdateEndpoint(endpoint_payload); let signature = self.sign_endpoint_payload(&endpoint_payload)?; let resp = pb::GetEndpointResponse::new(Some(endpoint_payload.clone()), Some(signature)); self.signed_endpoint = Some(resp.clone()); @@ -951,7 +952,7 @@ impl Ceseal { } } - fn sign_endpoint_payload(&mut self, payload: &WorkerEndpointPayload) -> CesealResult> { + fn sign_endpoint_payload(&mut self, payload: &WorkerAction) -> CesealResult> { const MAX_PAYLOAD_SIZE: usize = 512; let data_to_sign = payload.encode(); if data_to_sign.len() > MAX_PAYLOAD_SIZE { diff --git a/pallets/tee-worker/src/lib.rs b/pallets/tee-worker/src/lib.rs index aa62424d..18ddc737 100644 --- a/pallets/tee-worker/src/lib.rs +++ b/pallets/tee-worker/src/lib.rs @@ -13,7 +13,7 @@ pub mod benchmarking; use codec::{Decode, Encode}; use frame_support::{ - dispatch::DispatchResult, pallet_prelude::*, traits::ReservableCurrency, transactional, BoundedVec, PalletId, + dispatch::DispatchResult, pallet_prelude::*, traits::ReservableCurrency, BoundedVec, PalletId, traits::{Get, StorageVersion, UnixTime}, }; pub use pallet::*; @@ -46,7 +46,6 @@ pub mod pallet { use codec::{Decode, Encode}; use frame_support::{ dispatch::DispatchResult, - Blake2_128Concat, }; use scale_info::TypeInfo; @@ -331,6 +330,16 @@ pub mod pallet { ensure_signed(origin)?; if let WorkerAction::Exit(payload) = payload { + ensure!(sig.len() == 64, Error::::InvalidSignatureLength); + let sig = + sp_core::sr25519::Signature::try_from(sig.as_slice()).or(Err(Error::::MalformedSignature))?; + let encoded_data = payload.encode(); + let data_to_sign = wrap_content_to_sign(&encoded_data, SignedContentType::EndpointInfo); + ensure!( + sp_io::crypto::sr25519_verify(&sig, &data_to_sign, &payload.pubkey), + Error::::InvalidSignature + ); + ensure!(>::count() > 1, Error::::LastWorker); ensure!(>::contains_key(&payload.pubkey), Error::::WorkerNotFound); diff --git a/standalone/chain/node/src/chain_spec.rs b/standalone/chain/node/src/chain_spec.rs index 4c61c924..bda5611f 100644 --- a/standalone/chain/node/src/chain_spec.rs +++ b/standalone/chain/node/src/chain_spec.rs @@ -364,7 +364,7 @@ pub fn cess_testnet_generate_config() -> ChainSpec { // Properties Some( serde_json::from_str( - "{\"tokenDecimals\": 12, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", + "{\"tokenDecimals\": 18, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", ) .expect("Provided valid json map"), ), @@ -395,7 +395,7 @@ pub fn cess_main() -> ChainSpec { // Properties Some( serde_json::from_str( - "{\"tokenDecimals\": 12, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", + "{\"tokenDecimals\": 18, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", ) .expect("Provided valid json map"), ), @@ -431,7 +431,7 @@ pub fn development_config() -> ChainSpec { // Properties Some( serde_json::from_str( - "{\"tokenDecimals\": 12, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", + "{\"tokenDecimals\": 18, \"tokenSymbol\": \"TCESS\", \"SS58Prefix\": 11330}", ) .expect("Provided valid json map"), ), diff --git a/standalone/chain/runtime/src/lib.rs b/standalone/chain/runtime/src/lib.rs index 21fae8b3..25f4825b 100644 --- a/standalone/chain/runtime/src/lib.rs +++ b/standalone/chain/runtime/src/lib.rs @@ -209,7 +209,7 @@ impl OnUnbalanced for DealWithFees { } } -pub const MILLICENTS: Balance = 10_000_000; +pub const MILLICENTS: Balance = 10_000_000_000_000; pub const CENTS: Balance = 1_000 * MILLICENTS; // assume this is worth about a cent. pub const DOLLARS: Balance = 100 * CENTS; diff --git a/standalone/teeworker/cifrost/src/endpoint.rs b/standalone/teeworker/cifrost/src/endpoint.rs index 9e669b2d..cc182375 100644 --- a/standalone/teeworker/cifrost/src/endpoint.rs +++ b/standalone/teeworker/cifrost/src/endpoint.rs @@ -4,7 +4,7 @@ use crate::{ Args, }; use anyhow::{anyhow, Context, Result}; -use ces_types::WorkerEndpointPayload; +use ces_types::{WorkerAction}; use cestory_api::crpc::SetEndpointRequest; use cesxt::subxt::config::polkadot::PolkadotExtrinsicParamsBuilder as Params; use log::{error, info}; @@ -69,29 +69,34 @@ pub async fn try_update_worker_endpoint( } Some(payload) => { // update endpoint if the public_endpoint arg changed - let former: WorkerEndpointPayload = + let former: WorkerAction = Decode::decode(&mut &payload[..]).context("decode payload error")?; - match args.public_endpoint.clone() { - Some(endpoint) => { - if former.endpoint != Some(endpoint.clone()) || former.endpoint.is_none() { - match cc - .set_endpoint(Request::new(SetEndpointRequest::new(endpoint))) - .await - { - Ok(resp) => resp - .into_inner() - .encoded_endpoint_payload - .ok_or(anyhow!("BUG: can't be None"))?, - Err(e) => { - error!("call ceseal.set_endpoint() response error: {:?}", e); - return Ok(false); + if let WorkerAction::UpdateEndpoint(former) = former { + match args.public_endpoint.clone() { + Some(endpoint) => { + if former.endpoint != Some(endpoint.clone()) || former.endpoint.is_none() { + match cc + .set_endpoint(Request::new(SetEndpointRequest::new(endpoint))) + .await + { + Ok(resp) => resp + .into_inner() + .encoded_endpoint_payload + .ok_or(anyhow!("BUG: can't be None"))?, + Err(e) => { + error!("call ceseal.set_endpoint() response error: {:?}", e); + return Ok(false); + } } + } else { + payload } - } else { - payload } + None => payload, } - None => payload, + } else { + error!("call ceseal.set_endpoint() payload type error"); + return Ok(false); } } };