From d0759fb60703c89186357bd0b9c53c8df374422c Mon Sep 17 00:00:00 2001 From: Kasper Ziemianek Date: Fri, 19 Jan 2024 15:48:10 +0100 Subject: [PATCH] Use whole unsigned VC as VC proof signature payload (#2404) * Use whole unsigned VC as VC proof signature payload * fix fmt * fix ii-vc ts-test * improve test * remove VCRegistry and events * [benchmarking bot] Auto commit generated weights files (#2409) Co-authored-by: kziemianek --------- Co-authored-by: BillyWooo Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: kziemianek --- pallets/vc-management/src/benchmarking.rs | 89 +----- pallets/vc-management/src/lib.rs | 117 +------- pallets/vc-management/src/schema.rs | 11 +- pallets/vc-management/src/tests.rs | 244 +---------------- pallets/vc-management/src/vc_context.rs | 51 ---- pallets/vc-management/src/weights.rs | 101 ------- .../src/weights/pallet_vc_management.rs | 256 ------------------ .../src/weights/pallet_vc_management.rs | 128 ++------- tee-worker/app-libs/stf/src/trusted_call.rs | 17 +- .../app-libs/stf/src/trusted_call_result.rs | 2 - .../interfaces/vc/definitions.ts | 2 - .../stf-executor/src/enclave_signer.rs | 2 +- .../core-primitives/stf-executor/src/mocks.rs | 2 +- .../stf-executor/src/traits.rs | 4 +- .../litentry/core/credentials/src/lib.rs | 7 - .../receiver/src/handler/assertion.rs | 28 +- .../lc-vc-task-receiver/src/lib.rs | 8 +- .../lc-vc-task-receiver/src/vc_handling.rs | 21 +- .../vc-issuance/lc-vc-task-sender/src/lib.rs | 4 +- .../common/utils/assertion.ts | 60 ++-- .../common/utils/vc-helper.ts | 11 +- .../ts-tests/integration-tests/ii_vc.test.ts | 82 +----- 22 files changed, 99 insertions(+), 1148 deletions(-) delete mode 100644 pallets/vc-management/src/vc_context.rs delete mode 100644 runtime/litmus/src/weights/pallet_vc_management.rs diff --git a/pallets/vc-management/src/benchmarking.rs b/pallets/vc-management/src/benchmarking.rs index a6bde4b77b..1f740d083f 100644 --- a/pallets/vc-management/src/benchmarking.rs +++ b/pallets/vc-management/src/benchmarking.rs @@ -28,26 +28,11 @@ use sp_std::vec; use test_utils::ias::consts::TEST8_MRENCLAVE; const USER_SEED: u32 = 9966; -const VC_HASH: H256 = H256::zero(); -const VC_INDEX: H256 = H256::zero(); fn assert_last_event(generic_event: ::RuntimeEvent) { frame_system::Pallet::::assert_last_event(generic_event.into()); } -fn convert_u32_array_to_u8_array(u32_array: [u32; 8]) -> [u8; 32] { - let mut u8_array = [0u8; 32]; - let mut index = 0; - - for u32_element in &u32_array { - let u8_slice = u32_element.to_le_bytes(); - u8_array[index..index + 4].copy_from_slice(&u8_slice); - index += 4; - } - - u8_array -} - benchmarks! { // Benchmark `add_delegatee`. There are no worst conditions. The benchmark showed that // execution time is constant irrespective of encrypted_data size. @@ -78,34 +63,6 @@ benchmarks! { assert_last_event::(Event::VCRequested{ account, shard, assertion }.into()); } - // Benchmark `disable_vc`. There are no worst conditions. The benchmark showed that - // execution time is constant irrespective of encrypted_data size. - disable_vc { - let account: T::AccountId = frame_benchmarking::account("TEST_A", 0u32, USER_SEED); - let identity: Identity = frame_benchmarking::account::("TEST_A", 0u32, USER_SEED).into(); - let assertion = Assertion::A1; - let req_ext_hash = H256::default(); - let tee_origin = T::TEECallOrigin::try_successful_origin().map_err(|_| BenchmarkError::Weightless)?; - VCManagement::::vc_issued(tee_origin, identity, assertion, VC_INDEX, VC_HASH, req_ext_hash)?; - }: _(RawOrigin::Signed(account.clone()), VC_INDEX) - verify{ - assert_last_event::(Event::VCDisabled{ account, index: VC_HASH }.into()); - } - - // Benchmark `revoke_vc`. There are no worst conditions. The benchmark showed that - // execution time is constant irrespective of encrypted_data size. - revoke_vc { - let account: T::AccountId = frame_benchmarking::account("TEST_A", 0u32, USER_SEED); - let identity: Identity = frame_benchmarking::account::("TEST_A", 0u32, USER_SEED).into(); - let assertion = Assertion::A1; - let req_ext_hash = H256::default(); - let tee_origin = T::TEECallOrigin::try_successful_origin().map_err(|_| BenchmarkError::Weightless)?; - VCManagement::::vc_issued(tee_origin, identity, assertion, VC_INDEX, VC_HASH, req_ext_hash)?; - }: _(RawOrigin::Signed(account.clone()), VC_INDEX) - verify{ - assert_last_event::(Event::VCRevoked{ account, index: VC_HASH }.into()); - } - // Benchmark `vc_issued`. There are no worst conditions. The benchmark showed that // execution time is constant irrespective of encrypted_data size. vc_issued { @@ -113,9 +70,9 @@ benchmarks! { let identity: Identity = frame_benchmarking::account::("TEST_A", 0u32, USER_SEED).into(); let assertion = Assertion::A1; let req_ext_hash = H256::default(); - }: _(call_origin, identity.clone(), assertion.clone(), VC_INDEX, VC_HASH, req_ext_hash) + }: _(call_origin, identity.clone(), assertion.clone(), req_ext_hash) verify{ - assert_last_event::(Event::VCIssued{ identity, assertion, index: VC_INDEX, req_ext_hash}.into()); + assert_last_event::(Event::VCIssued{ identity, assertion, req_ext_hash}.into()); } // Benchmark `some_error`. There are no worst conditions. The benchmark showed that @@ -199,48 +156,6 @@ benchmarks! { assert_last_event::(Event::SchemaRevoked { account, shard, index: 0 }.into()) } - // Benchmark `add_vc_registry_item`. There are no worst conditions. The benchmark showed that - // execution time is constant irrespective of encrypted_data size. - add_vc_registry_item { - let account: T::AccountId = frame_benchmarking::account("TEST_A", 0u32, USER_SEED); - let identity: Identity = frame_benchmarking::account::("TEST_B", 0u32, USER_SEED).into(); - VCManagement::::set_admin(RawOrigin::Root.into(), account.clone())?; - let assertion = Assertion::A1; - }: _(RawOrigin::Signed(account.clone()), VC_INDEX, identity.clone(), assertion.clone(), VC_HASH) - verify { - assert_last_event::(Event::VCRegistryItemAdded { identity, assertion, index: VC_INDEX }.into()) - } - - // Benchmark `remove_vc_registry_item`. There are no worst conditions. The benchmark showed that - // execution time is constant irrespective of encrypted_data size. - remove_vc_registry_item { - let account: T::AccountId = frame_benchmarking::account("TEST_A", 0u32, USER_SEED); - let identity: Identity = frame_benchmarking::account::("TEST_B", 0u32, USER_SEED).into(); - VCManagement::::set_admin(RawOrigin::Root.into(), account.clone())?; - let assertion = Assertion::A1; - VCManagement::::add_vc_registry_item(RawOrigin::Signed(account.clone()).into(), VC_INDEX, identity, assertion, VC_HASH)?; - }: _(RawOrigin::Signed(account), VC_INDEX) - verify { - assert_last_event::(Event::VCRegistryItemRemoved { index: VC_INDEX }.into()) - } - - // Benchmark `clear_vc_registry`. - clear_vc_registry { - let x in 0..100u32; - let account: T::AccountId = frame_benchmarking::account("TEST_A", 0u32, USER_SEED); - VCManagement::::set_admin(RawOrigin::Root.into(), account.clone())?; - let assertion = Assertion::A1; - for i in 0..x { - let seed = USER_SEED - i; - let identity: Identity = frame_benchmarking::account::("TEST_A", 0u32, seed).into(); - let seed_hash_u8_32 = convert_u32_array_to_u8_array([seed; 8]); - let hash: H256 = seed_hash_u8_32.into(); - VCManagement::::add_vc_registry_item(RawOrigin::Signed(account.clone()).into(), hash, identity, assertion.clone(), VC_HASH)?; - } - }: _(RawOrigin::Signed(account)) - verify { - assert_last_event::(Event::VCRegistryCleared.into()) - } } #[cfg(test)] diff --git a/pallets/vc-management/src/lib.rs b/pallets/vc-management/src/lib.rs index ec62b54282..e031200756 100644 --- a/pallets/vc-management/src/lib.rs +++ b/pallets/vc-management/src/lib.rs @@ -39,9 +39,6 @@ use sp_core::H256; use sp_std::vec::Vec; use teerex_primitives::ShardIdentifier; -mod vc_context; -pub use vc_context::*; - mod schema; pub use schema::*; @@ -73,12 +70,6 @@ pub mod pallet { type ExtrinsicWhitelistOrigin: EnsureOrigin; } - // a map VCIndex -> VC context - // TODO: to be removed in P-350 - #[pallet::storage] - #[pallet::getter(fn vc_registry)] - pub type VCRegistry = StorageMap<_, Blake2_128Concat, VCIndex, VCContext>; - // the admin account #[pallet::storage] #[pallet::getter(fn admin)] @@ -87,7 +78,7 @@ pub mod pallet { // delegatees who can request (and receive) VCs on users' behalf, // some VCs can only be requested by delegatee accounts (e.g. A13) // delegatees and admins are different: - // - admins are meant to manage the pallet state manually, e.g. schema, vcRegistry + // - admins are meant to manage the pallet state manually, e.g. schema // - delegatees can request VCs for users, similar to `proxied account` #[pallet::storage] #[pallet::getter(fn delegatee)] @@ -117,22 +108,11 @@ pub mod pallet { shard: ShardIdentifier, assertion: Assertion, }, - // a VC is disabled on chain - VCDisabled { - account: T::AccountId, - index: VCIndex, - }, - // a VC is revoked on chain - VCRevoked { - account: T::AccountId, - index: VCIndex, - }, // event that should be triggered by TEECallOrigin // a VC is just issued VCIssued { identity: Identity, assertion: Assertion, - index: VCIndex, req_ext_hash: H256, }, // Admin account was changed @@ -178,15 +158,6 @@ pub mod pallet { detail: ErrorDetail, req_ext_hash: H256, }, - VCRegistryItemAdded { - identity: Identity, - assertion: Assertion, - index: VCIndex, - }, - VCRegistryItemRemoved { - index: VCIndex, - }, - VCRegistryCleared, } #[pallet::error] @@ -276,38 +247,6 @@ pub mod pallet { Ok(().into()) } - #[pallet::call_index(3)] - #[pallet::weight(::WeightInfo::disable_vc())] - pub fn disable_vc(origin: OriginFor, index: VCIndex) -> DispatchResultWithPostInfo { - let who = T::ExtrinsicWhitelistOrigin::ensure_origin(origin)?; - VCRegistry::::try_mutate(index, |context| { - let mut c = context.take().ok_or(Error::::VCNotExist)?; - ensure!( - Some(who.clone()).encode() == c.subject.to_account_id().encode(), - Error::::VCSubjectMismatch - ); - ensure!(c.status == Status::Active, Error::::VCAlreadyDisabled); - c.status = Status::Disabled; - *context = Some(c); - Self::deposit_event(Event::VCDisabled { account: who, index }); - Ok(().into()) - }) - } - - #[pallet::call_index(4)] - #[pallet::weight(::WeightInfo::revoke_vc())] - pub fn revoke_vc(origin: OriginFor, index: VCIndex) -> DispatchResultWithPostInfo { - let who = T::ExtrinsicWhitelistOrigin::ensure_origin(origin)?; - let context = VCRegistry::::get(index).ok_or(Error::::VCNotExist)?; - ensure!( - Some(who.clone()).encode() == context.subject.to_account_id().encode(), - Error::::VCSubjectMismatch - ); - VCRegistry::::remove(index); - Self::deposit_event(Event::VCRevoked { account: who, index }); - Ok(().into()) - } - #[pallet::call_index(5)] #[pallet::weight(::WeightInfo::set_admin())] pub fn set_admin(origin: OriginFor, new: T::AccountId) -> DispatchResultWithPostInfo { @@ -399,51 +338,6 @@ pub mod pallet { Ok(().into()) } - #[pallet::call_index(10)] - #[pallet::weight(::WeightInfo::add_vc_registry_item())] - pub fn add_vc_registry_item( - origin: OriginFor, - index: VCIndex, - identity: Identity, - assertion: Assertion, - hash: H256, - ) -> DispatchResultWithPostInfo { - let sender = ensure_signed(origin)?; - ensure!(Some(sender) == Self::admin(), Error::::RequireAdmin); - ensure!(!VCRegistry::::contains_key(index), Error::::VCAlreadyExists); - VCRegistry::::insert( - index, - VCContext::new(identity.clone(), assertion.clone(), hash), - ); - Self::deposit_event(Event::VCRegistryItemAdded { identity, assertion, index }); - Ok(().into()) - } - - #[pallet::call_index(11)] - #[pallet::weight(::WeightInfo::remove_vc_registry_item())] - pub fn remove_vc_registry_item( - origin: OriginFor, - index: VCIndex, - ) -> DispatchResultWithPostInfo { - let sender = ensure_signed(origin)?; - ensure!(Some(sender) == Self::admin(), Error::::RequireAdmin); - let _ = VCRegistry::::get(index).ok_or(Error::::VCNotExist)?; - VCRegistry::::remove(index); - Self::deposit_event(Event::VCRegistryItemRemoved { index }); - Ok(().into()) - } - - #[pallet::call_index(12)] - #[pallet::weight(::WeightInfo::clear_vc_registry(u32::max_value()))] - pub fn clear_vc_registry(origin: OriginFor) -> DispatchResultWithPostInfo { - let sender = ensure_signed(origin)?; - ensure!(Some(sender) == Self::admin(), Error::::RequireAdmin); - // If more than u32 max, the map itself is overflow, so no worry - let _ = VCRegistry::::clear(u32::max_value(), None); - Self::deposit_event(Event::VCRegistryCleared); - Ok(Pays::No.into()) - } - /// --------------------------------------------------- /// The following extrinsics are supposed to be called by TEE only /// --------------------------------------------------- @@ -453,17 +347,10 @@ pub mod pallet { origin: OriginFor, identity: Identity, assertion: Assertion, - index: H256, - hash: H256, req_ext_hash: H256, ) -> DispatchResultWithPostInfo { let _ = T::TEECallOrigin::ensure_origin(origin)?; - ensure!(!VCRegistry::::contains_key(index), Error::::VCAlreadyExists); - VCRegistry::::insert( - index, - VCContext::new(identity.clone(), assertion.clone(), hash), - ); - Self::deposit_event(Event::VCIssued { identity, assertion, index, req_ext_hash }); + Self::deposit_event(Event::VCIssued { identity, assertion, req_ext_hash }); Ok(Pays::No.into()) } diff --git a/pallets/vc-management/src/schema.rs b/pallets/vc-management/src/schema.rs index b16ce2582c..394eb73218 100644 --- a/pallets/vc-management/src/schema.rs +++ b/pallets/vc-management/src/schema.rs @@ -17,12 +17,21 @@ // VC Schema // According to https://w3c-ccg.github.io/vc-json-schemas/, it defines JSON Schema for W3C Verifiable Credential. -use crate::{vc_context::Status, Config}; +use crate::Config; use codec::{Decode, Encode, MaxEncodedLen}; use core_primitives::{SchemaContentString, SchemaIdString}; use scale_info::TypeInfo; use sp_std::vec::Vec; +#[derive(Encode, Decode, Clone, Debug, PartialEq, Eq, TypeInfo, MaxEncodedLen)] +pub enum Status { + #[codec(index = 0)] + Active, + #[codec(index = 1)] + Disabled, + // Revoked, // commented out for now, we can delete the VC entry when revoked +} + #[derive(Clone, Eq, PartialEq, Debug, Encode, Decode, TypeInfo, MaxEncodedLen)] #[scale_info(skip_type_params(T))] #[codec(mel_bound())] diff --git a/pallets/vc-management/src/tests.rs b/pallets/vc-management/src/tests.rs index 32507d15a7..e4995bc0c7 100644 --- a/pallets/vc-management/src/tests.rs +++ b/pallets/vc-management/src/tests.rs @@ -20,8 +20,6 @@ use frame_support::{assert_noop, assert_ok}; use sp_core::H256; use test_utils::ias::consts::{TEST8_MRENCLAVE, TEST8_SIGNER_PUB}; -const VC_HASH: H256 = H256::zero(); -const VC_INDEX: H256 = H256::zero(); type SystemAccountId = ::AccountId; const ALICE_PUBKEY: &[u8; 32] = &[1u8; 32]; @@ -89,17 +87,10 @@ fn vc_issued_works() { let alice: Identity = test_utils::get_signer(ALICE_PUBKEY); assert_ok!(VCManagement::vc_issued( RuntimeOrigin::signed(teerex_signer), - alice.clone(), + alice, Assertion::A1, - VC_INDEX, - VC_HASH, H256::default(), )); - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - let context = VCManagement::vc_registry(VC_INDEX).unwrap(); - assert_eq!(context.subject, alice); - assert_eq!(context.assertion, Assertion::A1); - assert_eq!(context.status, Status::Active); }); } @@ -114,150 +105,12 @@ fn vc_issued_with_unpriviledged_origin_fails() { alice.into(), Assertion::A1, H256::default(), - H256::default(), - H256::default(), ), sp_runtime::DispatchError::BadOrigin ); }); } -#[test] -fn vc_issued_with_duplicated_index_fails() { - new_test_ext().execute_with(|| { - let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB); - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - assert_ok!(VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer.clone()), - alice.clone().into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - )); - assert_noop!( - VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer), - alice.into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - ), - Error::::VCAlreadyExists - ); - }); -} - -#[test] -fn disable_vc_works() { - new_test_ext().execute_with(|| { - let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - assert_ok!(VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer), - bob.clone().into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - )); - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - assert_ok!(VCManagement::disable_vc(RuntimeOrigin::signed(bob), VC_INDEX)); - // vc is not deleted - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - let context = VCManagement::vc_registry(VC_INDEX).unwrap(); - assert_eq!(context.status, Status::Disabled); - }); -} - -#[test] -fn disable_vc_with_non_existent_vc_event() { - new_test_ext().execute_with(|| { - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - assert_noop!( - VCManagement::disable_vc(RuntimeOrigin::signed(alice), VC_INDEX), - Error::::VCNotExist - ); - }); -} - -#[test] -fn disable_vc_with_other_subject_fails() { - new_test_ext().execute_with(|| { - let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB); - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - assert_ok!(VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer), - bob.into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - )); - assert_noop!( - VCManagement::disable_vc(RuntimeOrigin::signed(alice), VC_HASH), - Error::::VCSubjectMismatch - ); - - assert_eq!(VCManagement::vc_registry(VC_INDEX).unwrap().status, Status::Active); - }); -} - -#[test] -fn revoke_vc_works() { - new_test_ext().execute_with(|| { - let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - assert_ok!(VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer), - bob.clone().into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - )); - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - assert_ok!(VCManagement::revoke_vc(RuntimeOrigin::signed(bob), VC_INDEX)); - // vc is deleted - assert!(VCManagement::vc_registry(VC_INDEX).is_none()); - }); -} - -#[test] -fn revokevc_with_non_existent_vc_fails() { - new_test_ext().execute_with(|| { - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - assert_noop!( - VCManagement::revoke_vc(RuntimeOrigin::signed(alice), VC_INDEX), - Error::::VCNotExist - ); - }); -} - -#[test] -fn revoke_vc_with_other_subject_fails() { - new_test_ext().execute_with(|| { - let teerex_signer: SystemAccountId = test_utils::get_signer(TEST8_SIGNER_PUB); - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - assert_ok!(VCManagement::vc_issued( - RuntimeOrigin::signed(teerex_signer), - bob.into(), - Assertion::A1, - VC_INDEX, - VC_HASH, - H256::default(), - )); - assert_noop!( - VCManagement::revoke_vc(RuntimeOrigin::signed(alice), VC_HASH), - Error::::VCSubjectMismatch - ); - assert_eq!(VCManagement::vc_registry(VC_INDEX).unwrap().status, Status::Active); - }); -} - #[test] fn set_admin_works() { new_test_ext().execute_with(|| { @@ -493,98 +346,3 @@ fn revoke_schema_with_unprivileged_origin_fails() { ); }); } - -#[test] -fn manual_add_remove_vc_registry_item_works() { - new_test_ext().execute_with(|| { - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - // Can not remove non-existing vc - assert_noop!( - VCManagement::remove_vc_registry_item(RuntimeOrigin::signed(alice.clone()), VC_INDEX), - Error::::VCNotExist - ); - // Unauthorized party can not add vc - assert_noop!( - VCManagement::add_vc_registry_item( - RuntimeOrigin::signed(bob.clone()), - VC_INDEX, - bob.clone().into(), - Assertion::A1, - VC_HASH - ), - Error::::RequireAdmin - ); - // Successfully add vc - assert_ok!(VCManagement::add_vc_registry_item( - RuntimeOrigin::signed(alice.clone()), - VC_INDEX, - alice.clone().into(), - Assertion::A1, - VC_HASH - )); - // Check result - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - System::assert_last_event(RuntimeEvent::VCManagement(crate::Event::VCRegistryItemAdded { - identity: alice.clone().into(), - assertion: Assertion::A1, - index: VC_INDEX, - })); - // Unauthorized party can not remove vc - assert_noop!( - VCManagement::remove_vc_registry_item(RuntimeOrigin::signed(bob), VC_INDEX), - Error::::RequireAdmin - ); - // Successfully remove vc - assert_ok!(VCManagement::remove_vc_registry_item(RuntimeOrigin::signed(alice), VC_INDEX)); - // Check result and events - assert!(VCManagement::vc_registry(VC_INDEX).is_none()); - System::assert_last_event(RuntimeEvent::VCManagement( - crate::Event::VCRegistryItemRemoved { index: VC_INDEX }, - )); - }); -} - -#[test] -fn manual_add_clear_vc_registry_item_works() { - new_test_ext().execute_with(|| { - let alice: SystemAccountId = test_utils::get_signer(ALICE_PUBKEY); - let bob: SystemAccountId = test_utils::get_signer(BOB_PUBKEY); - // Unauthorized party can not add vc - assert_noop!( - VCManagement::add_vc_registry_item( - RuntimeOrigin::signed(bob.clone()), - VC_INDEX, - bob.clone().into(), - Assertion::A1, - VC_HASH - ), - Error::::RequireAdmin - ); - // Successfully add vc - assert_ok!(VCManagement::add_vc_registry_item( - RuntimeOrigin::signed(alice.clone()), - VC_INDEX, - alice.clone().into(), - Assertion::A1, - VC_HASH - )); - // Check result - assert!(VCManagement::vc_registry(VC_INDEX).is_some()); - System::assert_last_event(RuntimeEvent::VCManagement(crate::Event::VCRegistryItemAdded { - identity: alice.clone().into(), - assertion: Assertion::A1, - index: VC_INDEX, - })); - // Unauthorized party can not clear vc - assert_noop!( - VCManagement::clear_vc_registry(RuntimeOrigin::signed(bob)), - Error::::RequireAdmin - ); - // Successfully clear vc - assert_ok!(VCManagement::clear_vc_registry(RuntimeOrigin::signed(alice))); - // Check result and events - assert!(VCManagement::vc_registry(VC_INDEX).is_none()); - System::assert_last_event(RuntimeEvent::VCManagement(crate::Event::VCRegistryCleared)); - }); -} diff --git a/pallets/vc-management/src/vc_context.rs b/pallets/vc-management/src/vc_context.rs deleted file mode 100644 index 24815cbd51..0000000000 --- a/pallets/vc-management/src/vc_context.rs +++ /dev/null @@ -1,51 +0,0 @@ -// Copyright 2020-2023 Trust Computing GmbH. -// This file is part of Litentry. -// -// Litentry is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// Litentry is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with Litentry. If not, see . - -use codec::{Decode, Encode, MaxEncodedLen}; -use core_primitives::{Assertion, Identity}; -use scale_info::TypeInfo; -use sp_core::H256; - -#[derive(Encode, Decode, Clone, Debug, PartialEq, Eq, TypeInfo, MaxEncodedLen)] -pub enum Status { - #[codec(index = 0)] - Active, - #[codec(index = 1)] - Disabled, - // Revoked, // commented out for now, we can delete the VC entry when revoked -} - -#[derive(Clone, Eq, PartialEq, Debug, Encode, Decode, TypeInfo, MaxEncodedLen)] -pub struct VCContext { - // To be discussed: shall we make it public? - // pros: easier for the user to disable/revoke VCs, we'll need the AccountId to verify - // the owner of VC. An alternative is to store such information within TEE. - // cons: this information is then public, everyone knows e.g. ALICE owns VC ID 1234 + 4321 - // It's not bad though as it helps to verify the ownership of VC - pub subject: Identity, - // requested assertion type - pub assertion: Assertion, - // hash of the VC, computed via blake2_256 - pub hash: H256, - // status of the VC - pub status: Status, -} - -impl VCContext { - pub fn new(subject: Identity, assertion: Assertion, hash: H256) -> Self { - Self { subject, assertion, hash, status: Status::Active } - } -} diff --git a/pallets/vc-management/src/weights.rs b/pallets/vc-management/src/weights.rs index c33d96a652..10f541d305 100644 --- a/pallets/vc-management/src/weights.rs +++ b/pallets/vc-management/src/weights.rs @@ -50,8 +50,6 @@ pub trait WeightInfo { fn add_delegatee() -> Weight; fn remove_delegatee() -> Weight; fn request_vc() -> Weight; - fn disable_vc() -> Weight; - fn revoke_vc() -> Weight; fn vc_issued() -> Weight; fn some_error() -> Weight; fn set_admin() -> Weight; @@ -59,9 +57,6 @@ pub trait WeightInfo { fn disable_schema() -> Weight; fn activate_schema() -> Weight; fn revoke_schema() -> Weight; - fn add_vc_registry_item() -> Weight; - fn remove_vc_registry_item() -> Weight; - fn clear_vc_registry(x: u32, ) -> Weight; } /// Weights for pallet_vc_management using the Litentry node and recommended hardware. @@ -86,24 +81,6 @@ impl WeightInfo for LitentryWeight { Weight::from_parts(35_640_000 as u64, 0) .saturating_add(T::DbWeight::get().reads(1 as u64)) } - // Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - // Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn disable_vc() -> Weight { - Weight::from_parts(24_542_000 as u64, 0) - .saturating_add(T::DbWeight::get().reads(2 as u64)) - .saturating_add(T::DbWeight::get().writes(1 as u64)) - } - // Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - // Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn revoke_vc() -> Weight { - Weight::from_parts(53_908_000 as u64, 0) - .saturating_add(T::DbWeight::get().reads(2 as u64)) - .saturating_add(T::DbWeight::get().writes(1 as u64)) - } // Storage: Teerex EnclaveIndex (r:1 w:0) // Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) // Storage: VCManagement VCRegistry (r:1 w:1) @@ -164,36 +141,6 @@ impl WeightInfo for LitentryWeight { .saturating_add(T::DbWeight::get().reads(2 as u64)) .saturating_add(T::DbWeight::get().writes(1 as u64)) } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn add_vc_registry_item() -> Weight { - Weight::from_parts(22_937_000 as u64, 0) - .saturating_add(T::DbWeight::get().reads(2 as u64)) - .saturating_add(T::DbWeight::get().writes(1 as u64)) - } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn remove_vc_registry_item() -> Weight { - Weight::from_parts(23_555_000 as u64, 0) - .saturating_add(T::DbWeight::get().reads(2 as u64)) - .saturating_add(T::DbWeight::get().writes(1 as u64)) - } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:100 w:100) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn clear_vc_registry(x: u32, ) -> Weight { - Weight::from_parts(22_760_592 as u64, 0) - // Standard Error: 3_714 - .saturating_add(Weight::from_parts(856_025 as u64, 0).saturating_mul(x as u64)) - .saturating_add(T::DbWeight::get().reads(1 as u64)) - .saturating_add(T::DbWeight::get().reads((1 as u64).saturating_mul(x as u64))) - .saturating_add(T::DbWeight::get().writes((1 as u64).saturating_mul(x as u64))) - } } // For backwards compatibility and tests @@ -217,24 +164,6 @@ impl WeightInfo for () { Weight::from_parts(35_640_000 as u64, 0) .saturating_add(RocksDbWeight::get().reads(1 as u64)) } - // Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - // Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn disable_vc() -> Weight { - Weight::from_parts(24_542_000 as u64, 0) - .saturating_add(RocksDbWeight::get().reads(2 as u64)) - .saturating_add(RocksDbWeight::get().writes(1 as u64)) - } - // Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - // Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn revoke_vc() -> Weight { - Weight::from_parts(53_908_000 as u64, 0) - .saturating_add(RocksDbWeight::get().reads(2 as u64)) - .saturating_add(RocksDbWeight::get().writes(1 as u64)) - } // Storage: Teerex EnclaveIndex (r:1 w:0) // Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) // Storage: VCManagement VCRegistry (r:1 w:1) @@ -295,35 +224,5 @@ impl WeightInfo for () { .saturating_add(RocksDbWeight::get().reads(2 as u64)) .saturating_add(RocksDbWeight::get().writes(1 as u64)) } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn add_vc_registry_item() -> Weight { - Weight::from_parts(22_937_000 as u64, 0) - .saturating_add(RocksDbWeight::get().reads(2 as u64)) - .saturating_add(RocksDbWeight::get().writes(1 as u64)) - } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:1 w:1) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn remove_vc_registry_item() -> Weight { - Weight::from_parts(23_555_000 as u64, 0) - .saturating_add(RocksDbWeight::get().reads(2 as u64)) - .saturating_add(RocksDbWeight::get().writes(1 as u64)) - } - // Storage: VCManagement Admin (r:1 w:0) - // Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - // Storage: VCManagement VCRegistry (r:100 w:100) - // Proof: VCManagement VCRegistry (max_values: None, max_size: Some(312), added: 2787, mode: MaxEncodedLen) - fn clear_vc_registry(x: u32, ) -> Weight { - Weight::from_parts(22_760_592 as u64, 0) - // Standard Error: 3_714 - .saturating_add(Weight::from_parts(856_025 as u64, 0).saturating_mul(x as u64)) - .saturating_add(RocksDbWeight::get().reads(1 as u64)) - .saturating_add(RocksDbWeight::get().reads((1 as u64).saturating_mul(x as u64))) - .saturating_add(RocksDbWeight::get().writes((1 as u64).saturating_mul(x as u64))) - } } diff --git a/runtime/litmus/src/weights/pallet_vc_management.rs b/runtime/litmus/src/weights/pallet_vc_management.rs deleted file mode 100644 index 154689b869..0000000000 --- a/runtime/litmus/src/weights/pallet_vc_management.rs +++ /dev/null @@ -1,256 +0,0 @@ -// Copyright 2020-2023 Trust Computing GmbH. -// This file is part of Litentry. -// -// Litentry is free software: you can redistribute it and/or modify -// it under the terms of the GNU General Public License as published by -// the Free Software Foundation, either version 3 of the License, or -// (at your option) any later version. -// -// Litentry is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with Litentry. If not, see . - -//! Autogenerated weights for `pallet_vc_management` -//! -//! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev -//! DATE: 2023-10-17, STEPS: `20`, REPEAT: `50`, LOW RANGE: `[]`, HIGH RANGE: `[]` -//! WORST CASE MAP SIZE: `1000000` -//! HOSTNAME: `parachain-benchmark`, CPU: `Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz` -//! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("litmus-dev"), DB CACHE: 20 - -// Executed Command: -// ./litentry-collator -// benchmark -// pallet -// --chain=litmus-dev -// --execution=wasm -// --db-cache=20 -// --wasm-execution=compiled -// --pallet=pallet_vc_management -// --extrinsic=* -// --heap-pages=4096 -// --steps=20 -// --repeat=50 -// --header=./LICENSE_HEADER -// --output=./runtime/litmus/src/weights/pallet_vc_management.rs - -#![cfg_attr(rustfmt, rustfmt_skip)] -#![allow(unused_parens)] -#![allow(unused_imports)] -#![allow(missing_docs)] - -use frame_support::{traits::Get, weights::Weight}; -use core::marker::PhantomData; - -/// Weight functions for `pallet_vc_management`. -pub struct WeightInfo(PhantomData); -impl pallet_vc_management::WeightInfo for WeightInfo { - /// Storage: VCManagement Delegatee (r:0 w:1) - /// Proof: VCManagement Delegatee (max_values: None, max_size: Some(48), added: 2523, mode: MaxEncodedLen) - fn add_delegatee() -> Weight { - // Proof Size summary in bytes: - // Measured: `0` - // Estimated: `0` - // Minimum execution time: 12_420_000 picoseconds. - Weight::from_parts(12_862_000, 0) - .saturating_add(Weight::from_parts(0, 0)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Delegatee (r:1 w:1) - /// Proof: VCManagement Delegatee (max_values: None, max_size: Some(48), added: 2523, mode: MaxEncodedLen) - fn remove_delegatee() -> Weight { - // Proof Size summary in bytes: - // Measured: `79` - // Estimated: `3513` - // Minimum execution time: 18_536_000 picoseconds. - Weight::from_parts(19_100_000, 0) - .saturating_add(Weight::from_parts(0, 3513)) - .saturating_add(T::DbWeight::get().reads(1)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - /// Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - fn request_vc() -> Weight { - // Proof Size summary in bytes: - // Measured: `42` - // Estimated: `1527` - // Minimum execution time: 15_114_000 picoseconds. - Weight::from_parts(15_520_000, 0) - .saturating_add(Weight::from_parts(0, 1527)) - .saturating_add(T::DbWeight::get().reads(1)) - } - /// Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - /// Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn disable_vc() -> Weight { - // Proof Size summary in bytes: - // Measured: `190` - // Estimated: `3846` - // Minimum execution time: 23_205_000 picoseconds. - Weight::from_parts(23_614_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - /// Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn revoke_vc() -> Weight { - // Proof Size summary in bytes: - // Measured: `190` - // Estimated: `3846` - // Minimum execution time: 23_322_000 picoseconds. - Weight::from_parts(23_776_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: Teerex EnclaveIndex (r:1 w:0) - /// Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn vc_issued() -> Weight { - // Proof Size summary in bytes: - // Measured: `248` - // Estimated: `3846` - // Minimum execution time: 26_213_000 picoseconds. - Weight::from_parts(26_792_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: Teerex EnclaveIndex (r:1 w:0) - /// Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) - fn some_error() -> Weight { - // Proof Size summary in bytes: - // Measured: `242` - // Estimated: `3707` - // Minimum execution time: 20_214_000 picoseconds. - Weight::from_parts(20_829_000, 0) - .saturating_add(Weight::from_parts(0, 3707)) - .saturating_add(T::DbWeight::get().reads(1)) - } - /// Storage: VCManagement Admin (r:1 w:1) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - fn set_admin() -> Weight { - // Proof Size summary in bytes: - // Measured: `61` - // Estimated: `1517` - // Minimum execution time: 16_575_000 picoseconds. - Weight::from_parts(17_339_000, 0) - .saturating_add(Weight::from_parts(0, 1517)) - .saturating_add(T::DbWeight::get().reads(1)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement SchemaRegistryIndex (r:1 w:1) - /// Proof: VCManagement SchemaRegistryIndex (max_values: Some(1), max_size: Some(8), added: 503, mode: MaxEncodedLen) - /// Storage: VCManagement SchemaRegistry (r:0 w:1) - /// Proof: VCManagement SchemaRegistry (max_values: None, max_size: Some(2621), added: 5096, mode: MaxEncodedLen) - fn add_schema() -> Weight { - // Proof Size summary in bytes: - // Measured: `61` - // Estimated: `1517` - // Minimum execution time: 20_658_000 picoseconds. - Weight::from_parts(21_536_000, 0) - .saturating_add(Weight::from_parts(0, 1517)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(2)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement SchemaRegistry (r:1 w:1) - /// Proof: VCManagement SchemaRegistry (max_values: None, max_size: Some(2621), added: 5096, mode: MaxEncodedLen) - fn disable_schema() -> Weight { - // Proof Size summary in bytes: - // Measured: `179` - // Estimated: `6086` - // Minimum execution time: 21_217_000 picoseconds. - Weight::from_parts(21_760_000, 0) - .saturating_add(Weight::from_parts(0, 6086)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement SchemaRegistry (r:1 w:1) - /// Proof: VCManagement SchemaRegistry (max_values: None, max_size: Some(2621), added: 5096, mode: MaxEncodedLen) - fn activate_schema() -> Weight { - // Proof Size summary in bytes: - // Measured: `179` - // Estimated: `6086` - // Minimum execution time: 21_325_000 picoseconds. - Weight::from_parts(22_705_000, 0) - .saturating_add(Weight::from_parts(0, 6086)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement SchemaRegistry (r:1 w:1) - /// Proof: VCManagement SchemaRegistry (max_values: None, max_size: Some(2621), added: 5096, mode: MaxEncodedLen) - fn revoke_schema() -> Weight { - // Proof Size summary in bytes: - // Measured: `179` - // Estimated: `6086` - // Minimum execution time: 22_043_000 picoseconds. - Weight::from_parts(22_697_000, 0) - .saturating_add(Weight::from_parts(0, 6086)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn add_vc_registry_item() -> Weight { - // Proof Size summary in bytes: - // Measured: `61` - // Estimated: `3846` - // Minimum execution time: 20_945_000 picoseconds. - Weight::from_parts(22_169_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn remove_vc_registry_item() -> Weight { - // Proof Size summary in bytes: - // Measured: `200` - // Estimated: `3846` - // Minimum execution time: 22_357_000 picoseconds. - Weight::from_parts(23_090_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:100 w:100) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - /// The range of component `x` is `[0, 100]`. - fn clear_vc_registry(x: u32, ) -> Weight { - // Proof Size summary in bytes: - // Measured: `91 + x * (85 ±0)` - // Estimated: `1517 + x * (2856 ±0)` - // Minimum execution time: 18_150_000 picoseconds. - Weight::from_parts(19_859_373, 0) - .saturating_add(Weight::from_parts(0, 1517)) - // Standard Error: 2_963 - .saturating_add(Weight::from_parts(1_438_870, 0).saturating_mul(x.into())) - .saturating_add(T::DbWeight::get().reads(1)) - .saturating_add(T::DbWeight::get().reads((1_u64).saturating_mul(x.into()))) - .saturating_add(T::DbWeight::get().writes((1_u64).saturating_mul(x.into()))) - .saturating_add(Weight::from_parts(0, 2856).saturating_mul(x.into())) - } -} diff --git a/runtime/rococo/src/weights/pallet_vc_management.rs b/runtime/rococo/src/weights/pallet_vc_management.rs index 1407b9c3a5..6bc8f6e6aa 100644 --- a/runtime/rococo/src/weights/pallet_vc_management.rs +++ b/runtime/rococo/src/weights/pallet_vc_management.rs @@ -17,7 +17,7 @@ //! Autogenerated weights for `pallet_vc_management` //! //! THIS FILE WAS AUTO-GENERATED USING THE SUBSTRATE BENCHMARK CLI VERSION 4.0.0-dev -//! DATE: 2023-10-17, STEPS: `20`, REPEAT: `50`, LOW RANGE: `[]`, HIGH RANGE: `[]` +//! DATE: 2024-01-19, STEPS: `20`, REPEAT: `50`, LOW RANGE: `[]`, HIGH RANGE: `[]` //! WORST CASE MAP SIZE: `1000000` //! HOSTNAME: `parachain-benchmark`, CPU: `Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz` //! EXECUTION: Some(Wasm), WASM-EXECUTION: Compiled, CHAIN: Some("rococo-dev"), DB CACHE: 20 @@ -55,8 +55,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `0` // Estimated: `0` - // Minimum execution time: 12_852_000 picoseconds. - Weight::from_parts(13_659_000, 0) + // Minimum execution time: 12_994_000 picoseconds. + Weight::from_parts(13_371_000, 0) .saturating_add(Weight::from_parts(0, 0)) .saturating_add(T::DbWeight::get().writes(1)) } @@ -66,8 +66,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `113` // Estimated: `3513` - // Minimum execution time: 19_272_000 picoseconds. - Weight::from_parts(20_217_000, 0) + // Minimum execution time: 18_939_000 picoseconds. + Weight::from_parts(19_373_000, 0) .saturating_add(Weight::from_parts(0, 3513)) .saturating_add(T::DbWeight::get().reads(1)) .saturating_add(T::DbWeight::get().writes(1)) @@ -78,52 +78,21 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `42` // Estimated: `1527` - // Minimum execution time: 15_305_000 picoseconds. - Weight::from_parts(15_766_000, 0) + // Minimum execution time: 15_031_000 picoseconds. + Weight::from_parts(16_267_000, 0) .saturating_add(Weight::from_parts(0, 1527)) .saturating_add(T::DbWeight::get().reads(1)) } - /// Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - /// Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn disable_vc() -> Weight { - // Proof Size summary in bytes: - // Measured: `224` - // Estimated: `3846` - // Minimum execution time: 23_455_000 picoseconds. - Weight::from_parts(23_974_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCMPExtrinsicWhitelist GroupControlOn (r:1 w:0) - /// Proof Skipped: VCMPExtrinsicWhitelist GroupControlOn (max_values: Some(1), max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn revoke_vc() -> Weight { - // Proof Size summary in bytes: - // Measured: `224` - // Estimated: `3846` - // Minimum execution time: 23_458_000 picoseconds. - Weight::from_parts(24_091_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } /// Storage: Teerex EnclaveIndex (r:1 w:0) /// Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) fn vc_issued() -> Weight { // Proof Size summary in bytes: - // Measured: `298` - // Estimated: `3846` - // Minimum execution time: 26_449_000 picoseconds. - Weight::from_parts(27_004_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) + // Measured: `255` + // Estimated: `3720` + // Minimum execution time: 19_878_000 picoseconds. + Weight::from_parts(20_219_000, 0) + .saturating_add(Weight::from_parts(0, 3720)) + .saturating_add(T::DbWeight::get().reads(1)) } /// Storage: Teerex EnclaveIndex (r:1 w:0) /// Proof Skipped: Teerex EnclaveIndex (max_values: None, max_size: None, mode: Measured) @@ -131,8 +100,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `255` // Estimated: `3720` - // Minimum execution time: 19_959_000 picoseconds. - Weight::from_parts(20_416_000, 0) + // Minimum execution time: 20_075_000 picoseconds. + Weight::from_parts(20_681_000, 0) .saturating_add(Weight::from_parts(0, 3720)) .saturating_add(T::DbWeight::get().reads(1)) } @@ -142,8 +111,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `61` // Estimated: `1517` - // Minimum execution time: 16_502_000 picoseconds. - Weight::from_parts(16_925_000, 0) + // Minimum execution time: 16_327_000 picoseconds. + Weight::from_parts(16_714_000, 0) .saturating_add(Weight::from_parts(0, 1517)) .saturating_add(T::DbWeight::get().reads(1)) .saturating_add(T::DbWeight::get().writes(1)) @@ -158,8 +127,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `61` // Estimated: `1517` - // Minimum execution time: 20_992_000 picoseconds. - Weight::from_parts(21_499_000, 0) + // Minimum execution time: 20_968_000 picoseconds. + Weight::from_parts(21_334_000, 0) .saturating_add(Weight::from_parts(0, 1517)) .saturating_add(T::DbWeight::get().reads(2)) .saturating_add(T::DbWeight::get().writes(2)) @@ -172,8 +141,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `179` // Estimated: `6086` - // Minimum execution time: 21_718_000 picoseconds. - Weight::from_parts(22_198_000, 0) + // Minimum execution time: 21_697_000 picoseconds. + Weight::from_parts(22_113_000, 0) .saturating_add(Weight::from_parts(0, 6086)) .saturating_add(T::DbWeight::get().reads(2)) .saturating_add(T::DbWeight::get().writes(1)) @@ -186,8 +155,8 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `179` // Estimated: `6086` - // Minimum execution time: 21_612_000 picoseconds. - Weight::from_parts(21_998_000, 0) + // Minimum execution time: 21_328_000 picoseconds. + Weight::from_parts(21_743_000, 0) .saturating_add(Weight::from_parts(0, 6086)) .saturating_add(T::DbWeight::get().reads(2)) .saturating_add(T::DbWeight::get().writes(1)) @@ -200,57 +169,10 @@ impl pallet_vc_management::WeightInfo for WeightInfo // Proof Size summary in bytes: // Measured: `179` // Estimated: `6086` - // Minimum execution time: 22_351_000 picoseconds. - Weight::from_parts(22_811_000, 0) + // Minimum execution time: 22_141_000 picoseconds. + Weight::from_parts(22_502_000, 0) .saturating_add(Weight::from_parts(0, 6086)) .saturating_add(T::DbWeight::get().reads(2)) .saturating_add(T::DbWeight::get().writes(1)) } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn add_vc_registry_item() -> Weight { - // Proof Size summary in bytes: - // Measured: `61` - // Estimated: `3846` - // Minimum execution time: 20_999_000 picoseconds. - Weight::from_parts(21_508_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:1 w:1) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - fn remove_vc_registry_item() -> Weight { - // Proof Size summary in bytes: - // Measured: `200` - // Estimated: `3846` - // Minimum execution time: 22_423_000 picoseconds. - Weight::from_parts(22_897_000, 0) - .saturating_add(Weight::from_parts(0, 3846)) - .saturating_add(T::DbWeight::get().reads(2)) - .saturating_add(T::DbWeight::get().writes(1)) - } - /// Storage: VCManagement Admin (r:1 w:0) - /// Proof: VCManagement Admin (max_values: Some(1), max_size: Some(32), added: 527, mode: MaxEncodedLen) - /// Storage: VCManagement VCRegistry (r:100 w:100) - /// Proof: VCManagement VCRegistry (max_values: None, max_size: Some(381), added: 2856, mode: MaxEncodedLen) - /// The range of component `x` is `[0, 100]`. - fn clear_vc_registry(x: u32, ) -> Weight { - // Proof Size summary in bytes: - // Measured: `91 + x * (85 ±0)` - // Estimated: `1517 + x * (2856 ±0)` - // Minimum execution time: 18_216_000 picoseconds. - Weight::from_parts(21_216_060, 0) - .saturating_add(Weight::from_parts(0, 1517)) - // Standard Error: 1_701 - .saturating_add(Weight::from_parts(1_385_070, 0).saturating_mul(x.into())) - .saturating_add(T::DbWeight::get().reads(1)) - .saturating_add(T::DbWeight::get().reads((1_u64).saturating_mul(x.into()))) - .saturating_add(T::DbWeight::get().writes((1_u64).saturating_mul(x.into()))) - .saturating_add(Weight::from_parts(0, 2856).saturating_mul(x.into())) - } } diff --git a/tee-worker/app-libs/stf/src/trusted_call.rs b/tee-worker/app-libs/stf/src/trusted_call.rs index 3168d9bc16..cb732571d8 100644 --- a/tee-worker/app-libs/stf/src/trusted_call.rs +++ b/tee-worker/app-libs/stf/src/trusted_call.rs @@ -131,16 +131,7 @@ pub enum TrustedCall { H256, ), #[codec(index = 21)] - request_vc_callback( - Identity, - Identity, - Assertion, - H256, - H256, - Vec, - Option, - H256, - ), + request_vc_callback(Identity, Identity, Assertion, Vec, Option, H256), #[codec(index = 22)] handle_imp_error(Identity, Option, IMPError, H256), #[codec(index = 23)] @@ -868,8 +859,6 @@ where signer, who, assertion, - vc_index, - vc_hash, vc_payload, maybe_key, req_ext_hash, @@ -904,15 +893,11 @@ where call_index, who, assertion, - vc_index, - vc_hash, req_ext_hash, )))); if let Some(key) = maybe_key { Ok(TrustedCallResult::RequestVC(RequestVCResult { - vc_index, - vc_hash, vc_payload: aes_encrypt_default(&key, &vc_payload), })) } else { diff --git a/tee-worker/app-libs/stf/src/trusted_call_result.rs b/tee-worker/app-libs/stf/src/trusted_call_result.rs index 7589a80ed0..d15286d216 100644 --- a/tee-worker/app-libs/stf/src/trusted_call_result.rs +++ b/tee-worker/app-libs/stf/src/trusted_call_result.rs @@ -95,7 +95,5 @@ pub struct SetIdentityNetworksResult { #[derive(Encode, Decode, Clone, Debug, PartialEq, Eq)] pub struct RequestVCResult { - pub vc_index: H256, - pub vc_hash: H256, pub vc_payload: AesOutput, } diff --git a/tee-worker/client-api/parachain-api/prepare-build/interfaces/vc/definitions.ts b/tee-worker/client-api/parachain-api/prepare-build/interfaces/vc/definitions.ts index 4f29666552..71d11cd3f2 100644 --- a/tee-worker/client-api/parachain-api/prepare-build/interfaces/vc/definitions.ts +++ b/tee-worker/client-api/parachain-api/prepare-build/interfaces/vc/definitions.ts @@ -37,8 +37,6 @@ export default { _enum: ["Litentry", "Litmus", "LitentryRococo", "Polkadot", "Kusama", "Khala", "Ethereum", "TestNet"], }, RequestVCResult: { - vc_index: "H256", - vc_hash: "H256", vc_payload: "AesOutput", }, // Achainable diff --git a/tee-worker/core-primitives/stf-executor/src/enclave_signer.rs b/tee-worker/core-primitives/stf-executor/src/enclave_signer.rs index 5f8f830753..7de6a1ff4c 100644 --- a/tee-worker/core-primitives/stf-executor/src/enclave_signer.rs +++ b/tee-worker/core-primitives/stf-executor/src/enclave_signer.rs @@ -145,7 +145,7 @@ where )) } - fn sign_vc_with_self(&self, payload: &[u8]) -> Result<(AccountId, Vec)> { + fn sign(&self, payload: &[u8]) -> Result<(AccountId, Vec)> { let enclave_account = self.get_enclave_account()?; let enclave_call_signing_key = self.get_enclave_call_signing_key()?; diff --git a/tee-worker/core-primitives/stf-executor/src/mocks.rs b/tee-worker/core-primitives/stf-executor/src/mocks.rs index db52adc39c..fb4079a331 100644 --- a/tee-worker/core-primitives/stf-executor/src/mocks.rs +++ b/tee-worker/core-primitives/stf-executor/src/mocks.rs @@ -142,7 +142,7 @@ impl StfEnclaveSigning for StfEnclaveSigne Ok(trusted_call.sign(&KeyPair::Ed25519(Box::new(self.signer)), 1, &self.mr_enclave, shard)) } - fn sign_vc_with_self(&self, _payload: &[u8]) -> Result<(AccountId, Vec)> { + fn sign(&self, _payload: &[u8]) -> Result<(AccountId, Vec)> { Ok((self.signer.public().into(), [0u8; 32].to_vec())) } } diff --git a/tee-worker/core-primitives/stf-executor/src/traits.rs b/tee-worker/core-primitives/stf-executor/src/traits.rs index accacc6ccd..4f7efd1532 100644 --- a/tee-worker/core-primitives/stf-executor/src/traits.rs +++ b/tee-worker/core-primitives/stf-executor/src/traits.rs @@ -33,7 +33,7 @@ pub enum StatePostProcessing { Prune, } -/// Allows signing of a trusted call or a credential with the enclave account that is registered in the STF. +/// Allows signing of a trusted call or a raw bytes with the enclave account that is registered in the STF. /// /// The signing key is derived from the shielding key, which guarantees that all enclaves sign the same key. pub trait StfEnclaveSigning @@ -49,7 +49,7 @@ where ) -> Result; // litentry - fn sign_vc_with_self(&self, payload: &[u8]) -> Result<(AccountId, Vec)>; + fn sign(&self, payload: &[u8]) -> Result<(AccountId, Vec)>; } pub trait StfShardVaultQuery { diff --git a/tee-worker/litentry/core/credentials/src/lib.rs b/tee-worker/litentry/core/credentials/src/lib.rs index d8fa42071a..19d76ea977 100644 --- a/tee-worker/litentry/core/credentials/src/lib.rs +++ b/tee-worker/litentry/core/credentials/src/lib.rs @@ -281,13 +281,6 @@ impl Credential { Ok(json_str) } - pub fn get_index(&self) -> Result<[u8; 32], Error> { - let bytes = &self.id.as_bytes()[b"0x".len()..]; - let index = hex::decode(bytes).map_err(|err| Error::ParseError(format!("{}", err)))?; - let vi: [u8; 32] = index.try_into().unwrap(); - Ok(vi) - } - pub fn validate_unsigned(&self) -> Result<(), Error> { if !self.types.contains(&CredentialType::VerifiableCredential) { return Err(Error::EmptyCredentialType) diff --git a/tee-worker/litentry/core/stf-task/receiver/src/handler/assertion.rs b/tee-worker/litentry/core/stf-task/receiver/src/handler/assertion.rs index 3a720057d2..58a69f5697 100644 --- a/tee-worker/litentry/core/stf-task/receiver/src/handler/assertion.rs +++ b/tee-worker/litentry/core/stf-task/receiver/src/handler/assertion.rs @@ -32,7 +32,6 @@ use litentry_primitives::{ VCMPError, }; use log::*; -use sp_core::hashing::blake2_256; use std::{format, sync::Arc, vec::Vec}; pub(crate) struct AssertionHandler< @@ -56,7 +55,7 @@ where O: EnclaveOnChainOCallApi, { type Error = VCMPError; - type Result = (H256, H256, Vec); // (vc_index, vc_hash, vc_byte_array) + type Result = Vec; // vc_byte_array fn on_process(&self) -> Result { // create the initial credential @@ -162,8 +161,12 @@ where ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), ) })?; - let payload = credential.issuer.mrenclave.clone(); - let (enclave_account, sig) = signer.sign_vc_with_self(payload.as_bytes()).map_err(|e| { + + let json_string = credential.to_json().map_err(|_| { + VCMPError::RequestVCFailed(self.req.assertion.clone(), ErrorDetail::ParseError) + })?; + let payload = json_string.as_bytes(); + let (enclave_account, sig) = signer.sign(payload).map_err(|e| { VCMPError::RequestVCFailed( self.req.assertion.clone(), ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), @@ -179,22 +182,11 @@ where ) })?; - let vc_index = credential - .get_index() - .map_err(|e| { - VCMPError::RequestVCFailed( - self.req.assertion.clone(), - ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), - ) - })? - .into(); let credential_str = credential.to_json().map_err(|_| { VCMPError::RequestVCFailed(self.req.assertion.clone(), ErrorDetail::ParseError) })?; debug!("Credential: {}, length: {}", credential_str, credential_str.len()); - let vc_hash = blake2_256(credential_str.as_bytes()).into(); - debug!("VC hash: {:?}", vc_hash); - Ok((vc_index, vc_hash, credential_str.as_bytes().to_vec())) + Ok(credential_str.as_bytes().to_vec()) } fn on_success( @@ -205,14 +197,12 @@ where debug!("Assertion build OK"); // we shouldn't have the maximum text length limit in normal RSA3072 encryption, as the payload // using enclave's shielding key is encrypted in chunks - let (vc_index, vc_hash, vc_payload) = result; + let vc_payload = result; if let Ok(enclave_signer) = self.context.enclave_signer.get_enclave_account() { let c = TrustedCall::request_vc_callback( enclave_signer.into(), self.req.who.clone(), self.req.assertion.clone(), - vc_index, - vc_hash, vc_payload, self.req.maybe_key, self.req.req_ext_hash, diff --git a/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/lib.rs b/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/lib.rs index 4155fd20e5..bda9c702eb 100644 --- a/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/lib.rs +++ b/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/lib.rs @@ -216,15 +216,9 @@ where call_index, response.assertion_request.who, response.assertion_request.assertion, - response.vc_index, - response.vc_hash, H256::zero(), )); - let res = RequestVCResult { - vc_index: response.vc_index, - vc_hash: response.vc_hash, - vc_payload: result, - }; + let res = RequestVCResult { vc_payload: result }; // This internally fetches nonce from a Mutex and then updates it thereby ensuring ordering let xt = extrinsic_factory .create_extrinsics(&[call], None) diff --git a/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/vc_handling.rs b/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/vc_handling.rs index 1ad285938d..ed16501cb0 100644 --- a/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/vc_handling.rs +++ b/tee-worker/litentry/core/vc-issuance/lc-vc-task-receiver/src/vc_handling.rs @@ -9,7 +9,6 @@ use itp_sgx_externalities::SgxExternalitiesTrait; use itp_stf_executor::traits::StfEnclaveSigning; use itp_stf_state_handler::handle_state::HandleState; use itp_top_pool_author::traits::AuthorApi; -use itp_types::H256; use lc_data_providers::{DataProviderConfigReader, ReadDataProviderConfig}; use lc_stf_task_receiver::StfTaskContext; use lc_stf_task_sender::AssertionBuildRequest; @@ -18,7 +17,6 @@ use litentry_primitives::{ AmountHoldingTimeType, Assertion, ErrorDetail, ErrorString, Identity, ParameterString, VCMPError, }; -use sp_core::hashing::blake2_256; use std::{format, sync::Arc}; pub(crate) struct VCRequestHandler< @@ -133,8 +131,11 @@ where ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), ) })?; - let payload = credential.issuer.mrenclave.clone(); - let (enclave_account, sig) = signer.sign_vc_with_self(payload.as_bytes()).map_err(|e| { + let json_string = credential.to_json().map_err(|_| { + VCMPError::RequestVCFailed(self.req.assertion.clone(), ErrorDetail::ParseError) + })?; + let payload = json_string.as_bytes(); + let (enclave_account, sig) = signer.sign(payload).map_err(|e| { VCMPError::RequestVCFailed( self.req.assertion.clone(), ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), @@ -149,25 +150,13 @@ where ) })?; - let vc_index: H256 = credential - .get_index() - .map_err(|e| { - VCMPError::RequestVCFailed( - self.req.assertion.clone(), - ErrorDetail::StfError(ErrorString::truncate_from(format!("{e:?}").into())), - ) - })? - .into(); let credential_str = credential.to_json().map_err(|_| { VCMPError::RequestVCFailed(self.req.assertion.clone(), ErrorDetail::ParseError) })?; - let vc_hash: H256 = blake2_256(credential_str.as_bytes()).into(); let vc_response = VCResponse { assertion_request: self.req.clone(), - vc_hash, vc_payload: credential_str.as_bytes().to_vec(), - vc_index, }; Ok(vc_response) diff --git a/tee-worker/litentry/core/vc-issuance/lc-vc-task-sender/src/lib.rs b/tee-worker/litentry/core/vc-issuance/lc-vc-task-sender/src/lib.rs index 9ca4e36df8..7721ecde09 100644 --- a/tee-worker/litentry/core/vc-issuance/lc-vc-task-sender/src/lib.rs +++ b/tee-worker/litentry/core/vc-issuance/lc-vc-task-sender/src/lib.rs @@ -20,7 +20,7 @@ pub use crate::sgx_reexport_prelude::*; use codec::{Decode, Encode}; use futures::channel::oneshot; -use itp_types::{ShardIdentifier, H256}; +use itp_types::ShardIdentifier; use lazy_static::lazy_static; use lc_stf_task_sender::AssertionBuildRequest; use litentry_primitives::AesOutput; @@ -50,9 +50,7 @@ pub struct VCRequest { #[derive(Encode, Decode, Clone)] pub struct VCResponse { pub assertion_request: AssertionBuildRequest, - pub vc_hash: H256, pub vc_payload: Vec, - pub vc_index: H256, } pub type VcSender = Sender; diff --git a/tee-worker/ts-tests/integration-tests/common/utils/assertion.ts b/tee-worker/ts-tests/integration-tests/common/utils/assertion.ts index bc5853364e..a9cf3176ca 100644 --- a/tee-worker/ts-tests/integration-tests/common/utils/assertion.ts +++ b/tee-worker/ts-tests/integration-tests/common/utils/assertion.ts @@ -18,7 +18,6 @@ import { FrameSystemEventRecord, WorkerRpcReturnValue, RequestVCResult, - PalletVcManagementVcContext, StfError, } from 'parachain-api'; import { Bytes } from '@polkadot/types-codec'; @@ -26,6 +25,7 @@ import { Signer, decryptWithAes } from './crypto'; import { blake2AsHex } from '@polkadot/util-crypto'; import { PalletIdentityManagementTeeIdentityContext } from 'sidechain-api'; import { KeyObject } from 'crypto'; +import * as base58 from 'micro-base58'; export async function assertFailedEvent( context: IntegrationTestContext, @@ -244,64 +244,72 @@ export async function assertIdGraphMutationResult( export async function assertVc(context: IntegrationTestContext, subject: CorePrimitivesIdentity, data: Bytes) { const results = context.api.createType('RequestVCResult', data) as unknown as RequestVCResult; - const vcHash = results.vc_hash.toString(); - // step 1 - const vcIndex = results.vc_index.toString(); - const vcRegistry = (await context.api.query.vcManagement.vcRegistry( - vcIndex - )) as unknown as PalletVcManagementVcContext; - const vcStatus = vcRegistry.toHuman()['status']; - assert.equal(vcStatus, 'Active', 'Check VcRegistry error:status should be equal to Active'); - - // step 2 // decryptWithAes function added 0x prefix const vcPayload = results.vc_payload; const decryptVcPayload = decryptWithAes(aesKey, vcPayload, 'utf-8').replace('0x', ''); - const vcPayloadHash = blake2AsHex(Buffer.from(decryptVcPayload)); - assert.equal(vcPayloadHash, vcHash, 'Check VcPayload error: vcPayloadHash should be equal to vcHash'); - /* DID format did:litentry:substrate:0x12345... did:litentry:evm:0x123456... did:litentry:twitter:my_twitter_handle */ - // step 3 + // step 2 + // check credential subject's DID const credentialSubjectId = JSON.parse(decryptVcPayload).credentialSubject.id; const expectSubject = Object.entries(JSON.parse(subject.toString())); + // step 3 // convert to DID format const expectDid = 'did:litentry:' + expectSubject[0][0] + ':' + expectSubject[0][1]; assert.equal( expectDid, credentialSubjectId, - 'Check credentialSubjec error: expectDid should be equal to credentialSubject id' + 'Check credentialSubject error: expectDid should be equal to credentialSubject id' ); // step 4 + // extrac proof and vc without proof json const vcPayloadJson = JSON.parse(decryptVcPayload); const { proof, ...vcWithoutProof } = vcPayloadJson; - assert.equal(vcIndex, vcPayloadJson.id, 'Check VcIndex error: VcIndex should be equal to vcPayload id'); // step 5 - const enclaveCount = await context.api.query.teerex.enclaveCount(); + // prepare teerex enclave registry data for further checks + const parachainBlockHash = await context.api.query.system.blockHash(vcPayloadJson.parachainBlockNumber); + const apiAtVcIssuedBlock = await context.api.at(parachainBlockHash); + const enclaveCount = await apiAtVcIssuedBlock.query.teerex.enclaveCount(); - const enclaveRegistry = (await context.api.query.teerex.enclaveRegistry( - enclaveCount - )) as unknown as TeerexPrimitivesEnclave; + const lastRegisteredEnclave = (await apiAtVcIssuedBlock.query.teerex.enclaveRegistry(enclaveCount)) + .value as TeerexPrimitivesEnclave; + // step 6 + // check vc signature const signature = Buffer.from(hexToU8a(`0x${proof.proofValue}`)); - - const message = Buffer.from(vcWithoutProof.issuer.mrenclave); - - const vcPubkey = Buffer.from(hexToU8a(enclaveRegistry.toHuman()['vcPubkey'] as HexString)); + const message = Buffer.from(JSON.stringify(vcWithoutProof)); + const vcPubkey = Buffer.from(lastRegisteredEnclave.vcPubkey.value); const signatureStatus = await ed.verify(signature, message, vcPubkey); assert.isTrue(signatureStatus, 'Check Vc signature error: signature should be valid'); - // step 6 + // step 7 + // check VC mrenclave with enclave's mrenclave from registry + assert.equal( + base58.encode(lastRegisteredEnclave.mrEnclave), + vcPayloadJson.issuer.mrenclave, + 'Check VC mrenclave: it should equals enclaves mrenclave from parachains enclave registry' + ); + + // step 8 + // check vc issuer id + assert.equal( + `did:litentry:substrate:${lastRegisteredEnclave.vcPubkey.value.toHex()}`, + vcPayloadJson.issuer.id, + 'Check VC id: it should equals enclaves pubkey from parachains enclave registry' + ); + + // step 9 + // validate VC aganist schema const ajv = new Ajv(); const validate = ajv.compile(jsonSchema); diff --git a/tee-worker/ts-tests/integration-tests/common/utils/vc-helper.ts b/tee-worker/ts-tests/integration-tests/common/utils/vc-helper.ts index 1feeb3b883..9ad26dda1d 100644 --- a/tee-worker/ts-tests/integration-tests/common/utils/vc-helper.ts +++ b/tee-worker/ts-tests/integration-tests/common/utils/vc-helper.ts @@ -1,7 +1,4 @@ -export async function handleVcEvents( - events: any[], - method: 'VCIssued' | 'VCDisabled' | 'VCRevoked' | 'Failed' -): Promise { +export async function handleVcEvents(events: any[], method: 'VCIssued' | 'Failed'): Promise { const results: any = []; for (let k = 0; k < events.length; k++) { switch (method) { @@ -11,12 +8,6 @@ export async function handleVcEvents( index: events[k].data.index.toHex(), }); break; - case 'VCDisabled': - results.push(events[k].data.index.toHex()); - break; - case 'VCRevoked': - results.push(events[k].data.index.toHex()); - break; case 'Failed': results.push(events[k].data.detail.toHuman()); break; diff --git a/tee-worker/ts-tests/integration-tests/ii_vc.test.ts b/tee-worker/ts-tests/integration-tests/ii_vc.test.ts index d4b78418bb..516309ba65 100644 --- a/tee-worker/ts-tests/integration-tests/ii_vc.test.ts +++ b/tee-worker/ts-tests/integration-tests/ii_vc.test.ts @@ -1,8 +1,7 @@ -import { describeLitentry, handleVcEvents } from './common/utils'; +import { describeLitentry } from './common/utils'; import { step } from 'mocha-steps'; -import type { HexString } from '@polkadot/util/types'; import { assert } from 'chai'; -import { sendTxsWithUtility, sendTxUntilInBlockList } from './common/transactions'; +import { sendTxsWithUtility } from './common/transactions'; import { ApiTypes, SubmittableExtrinsic } from '@polkadot/api/types'; // TODO: keep the list short, the manual types will be solved in #1878 @@ -16,7 +15,6 @@ const allAssertions = [ // It doesn't make much difference test A1 only vs test A1 - A11, one VC type is enough. // So only use A1 to trigger the wrong event describeLitentry('VC ii test', async (context) => { - const indexList: HexString[] = []; step('Request VC', async () => { // request all vc const txs: { @@ -36,80 +34,6 @@ describeLitentry('VC ii test', async (context) => { ['VCIssued'], 30 ); - const res = await handleVcEvents(events, 'VCIssued'); - - for (let k = 0; k < res.length; k++) { - const registry = (await context.api.query.vcManagement.vcRegistry(res[k].index)) as any; - assert.equal(registry.toHuman()!['status'], 'Active', 'check registry error'); - indexList.push(res[k].index); - } - }); - step('Disable VC', async () => { - const txs: { - tx: SubmittableExtrinsic; - }[] = []; - for (let i = 0; i < indexList.length; i++) { - const tx = context.api.tx.vcManagement.disableVc(indexList[i]); - txs.push({ tx }); - } - const events = await sendTxsWithUtility(context, context.substrateWallet.alice, txs, 'vcManagement', [ - 'VCDisabled', - ]); - const res = await handleVcEvents(events, 'VCDisabled'); - - for (let k = 0; k < res.length; k++) { - assert.equal(res[k], indexList[k], 'check index error'); - const registry = (await context.api.query.vcManagement.vcRegistry(indexList[k])) as any; - assert.equal(registry.toHuman()!['status'], 'Disabled'); - } - }); - step('Disable error VC(A1)', async () => { - // Alice has already disabled the A1 VC - const tx = context.api.tx.vcManagement.disableVc(indexList[0]); - const nonce = (await context.api.rpc.system.accountNextIndex(context.substrateWallet.alice.address)).toNumber(); - - const [error] = await sendTxUntilInBlockList(context.api, [{ tx, nonce }], context.substrateWallet.alice); - - assert.equal( - error, - 'vcManagement.VCAlreadyDisabled', - 'check disable vc error: error should be equal to vcManagement.VCAlreadyDisabled' - ); - }); - - step('Revoke VC', async () => { - const txs: { - tx: SubmittableExtrinsic; - }[] = []; - - for (let i = 0; i < indexList.length; i++) { - const tx = context.api.tx.vcManagement.revokeVc(indexList[i]); - txs.push({ tx }); - } - const events = await sendTxsWithUtility(context, context.substrateWallet.alice, txs, 'vcManagement', [ - 'VCRevoked', - ]); - - const res = await handleVcEvents(events, 'VCRevoked'); - - for (let k = 0; k < indexList.length; k++) { - assert.equal(res[k], indexList[k], 'check index error'); - const registry = (await context.api.query.vcManagement.vcRegistry(indexList[k])) as any; - - assert.equal(registry.toHuman(), null); - } - }); - - step('Revoke Error VC(A1)', async () => { - // Alice has already revoked the A1 VC - const tx = context.api.tx.vcManagement.revokeVc(indexList[0]); - const nonce = (await context.api.rpc.system.accountNextIndex(context.substrateWallet.alice.address)).toNumber(); - const [error] = await sendTxUntilInBlockList(context.api, [{ tx, nonce }], context.substrateWallet.alice); - - assert.equal( - error, - 'vcManagement.VCNotExist', - 'check revoke vc error: error should be equal to vcManagement.VCNotExist' - ); + assert.equal(events.length, 1); }); });