-
Notifications
You must be signed in to change notification settings - Fork 3.6k
/
jwk.rs
162 lines (146 loc) · 5.56 KB
/
jwk.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
// Copyright © Aptos Foundation
use crate::{
aptos_vm::get_or_vm_startup_failure,
errors::expect_only_successful_execution,
move_vm_ext::{AptosMoveResolver, SessionId},
system_module_names::{JWKS_MODULE, UPSERT_INTO_OBSERVED_JWKS},
validator_txns::jwk::{
ExecutionFailure::{Expected, Unexpected},
ExpectedFailure::{
IncorrectVersion, MissingResourceObservedJWKs, MissingResourceValidatorSet,
MultiSigVerificationFailed, NotEnoughVotingPower,
},
},
AptosVM,
};
use aptos_logger::debug;
use aptos_types::{
fee_statement::FeeStatement,
jwks,
jwks::{Issuer, ObservedJWKs, ProviderJWKs, QuorumCertifiedUpdate},
move_utils::as_move_value::AsMoveValue,
on_chain_config::{OnChainConfig, ValidatorSet},
transaction::{ExecutionStatus, TransactionStatus},
validator_verifier::ValidatorVerifier,
};
use aptos_vm_logging::log_schema::AdapterLogSchema;
use aptos_vm_types::output::VMOutput;
use move_core_types::{
account_address::AccountAddress,
value::{serialize_values, MoveValue},
vm_status::{AbortLocation, StatusCode, VMStatus},
};
use move_vm_types::gas::UnmeteredGasMeter;
use std::collections::HashMap;
#[derive(Debug)]
enum ExpectedFailure {
// Move equivalent: `errors::invalid_argument(*)`
IncorrectVersion = 0x010103,
MultiSigVerificationFailed = 0x010104,
NotEnoughVotingPower = 0x010105,
// Move equivalent: `errors::invalid_state(*)`
MissingResourceValidatorSet = 0x30101,
MissingResourceObservedJWKs = 0x30102,
}
enum ExecutionFailure {
Expected(ExpectedFailure),
Unexpected(VMStatus),
}
impl AptosVM {
pub(crate) fn process_jwk_update(
&self,
resolver: &impl AptosMoveResolver,
log_context: &AdapterLogSchema,
session_id: SessionId,
update: jwks::QuorumCertifiedUpdate,
) -> Result<(VMStatus, VMOutput), VMStatus> {
debug!("Processing jwk transaction");
match self.process_jwk_update_inner(resolver, log_context, session_id, update) {
Ok((vm_status, vm_output)) => {
debug!("Processing jwk transaction ok.");
Ok((vm_status, vm_output))
},
Err(Expected(failure)) => {
// Pretend we are inside Move, and expected failures are like Move aborts.
debug!("Processing dkg transaction expected failure: {:?}", failure);
Ok((
VMStatus::MoveAbort(AbortLocation::Script, failure as u64),
VMOutput::empty_with_status(TransactionStatus::Discard(StatusCode::ABORTED)),
))
},
Err(Unexpected(vm_status)) => {
debug!(
"Processing jwk transaction unexpected failure: {:?}",
vm_status
);
Err(vm_status)
},
}
}
fn process_jwk_update_inner(
&self,
resolver: &impl AptosMoveResolver,
log_context: &AdapterLogSchema,
session_id: SessionId,
update: jwks::QuorumCertifiedUpdate,
) -> Result<(VMStatus, VMOutput), ExecutionFailure> {
// Load resources.
let validator_set = ValidatorSet::fetch_config(resolver)
.ok_or_else(|| Expected(MissingResourceValidatorSet))?;
let observed_jwks = ObservedJWKs::fetch_config(resolver)
.ok_or_else(|| Expected(MissingResourceObservedJWKs))?;
let mut jwks_by_issuer: HashMap<Issuer, ProviderJWKs> =
observed_jwks.into_providers_jwks().into();
let issuer = update.update.issuer.clone();
let on_chain = jwks_by_issuer
.entry(issuer.clone())
.or_insert_with(|| ProviderJWKs::new(issuer));
let verifier = ValidatorVerifier::from(&validator_set);
let QuorumCertifiedUpdate {
update: observed,
multi_sig,
} = update;
// Check version.
if on_chain.version + 1 != observed.version {
return Err(Expected(IncorrectVersion));
}
let authors = multi_sig.get_signers_addresses(&verifier.get_ordered_account_addresses());
// Check voting power.
verifier
.check_voting_power(authors.iter(), true)
.map_err(|_| Expected(NotEnoughVotingPower))?;
// Verify multi-sig.
verifier
.verify_multi_signatures(&observed, &multi_sig)
.map_err(|_| Expected(MultiSigVerificationFailed))?;
// All verification passed. Apply the `observed`.
let mut gas_meter = UnmeteredGasMeter;
let mut session = self.new_session(resolver, session_id);
let args = vec![
MoveValue::Signer(AccountAddress::ONE),
vec![observed].as_move_value(),
];
session
.execute_function_bypass_visibility(
&JWKS_MODULE,
UPSERT_INTO_OBSERVED_JWKS,
vec![],
serialize_values(&args),
&mut gas_meter,
)
.map_err(|e| {
expect_only_successful_execution(e, UPSERT_INTO_OBSERVED_JWKS.as_str(), log_context)
})
.map_err(|r| Unexpected(r.unwrap_err()))?;
let output = crate::aptos_vm::get_transaction_output(
session,
FeeStatement::zero(),
ExecutionStatus::Success,
&get_or_vm_startup_failure(&self.storage_gas_params, log_context)
.map_err(Unexpected)?
.change_set_configs,
)
.map_err(Unexpected)?;
Ok((VMStatus::Executed, output))
}
}