Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

1471 check shielding key inside pallet #1479

Merged
merged 13 commits into from
Mar 19, 2023
Merged

1471 check shielding key inside pallet #1479

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
6e1ebde
move checking valid user shielding key into pallet extrinsics: create…
BillyWooo Mar 16, 2023
b495baa
pass the unit test
BillyWooo Mar 16, 2023
02dbc22
update ts test
BillyWooo Mar 16, 2023
23bb59a
revert back checking user shielding key
BillyWooo Mar 17, 2023
57a61c3
add ts test
BillyWooo Mar 17, 2023
9a3583f
Merge remote-tracking branch 'origin/dev' into 1471_check_shielding_k…
BillyWooo Mar 17, 2023
2bb3b77
use runtime network type
BillyWooo Mar 18, 2023
32927fe
fix unit test
BillyWooo Mar 18, 2023
97a1c23
simply rename
BillyWooo Mar 18, 2023
f568ce4
only log is enough
BillyWooo Mar 18, 2023
a3e61f6
add extra unit test to check InvalidUserShieldingKey
BillyWooo Mar 18, 2023
059a7f6
refactor: move duplicate code
BillyWooo Mar 18, 2023
28bdb17
refactor to remove duplicate code
BillyWooo Mar 19, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
89 changes: 37 additions & 52 deletions tee-worker/app-libs/stf/src/trusted_call.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -495,24 +495,19 @@ where
) {
Ok(code) => {
debug!("create_identity_runtime {} OK", account_id_to_string(&who));
if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_created_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &code.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
} else {
add_call_from_imp_error(
calls,
node_metadata_repo,
IMPError::InvalidUserShieldingKey,
);
}
// For sure to get key here. It's already checked in pallet:
// ita_sgx_runtime::IdentityManagementCall::<Runtime>::create_identity
let key = IdentityManagement::user_shielding_keys(&who).unwrap();
BillyWooo marked this conversation as resolved.
Show resolved Hide resolved
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_created_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &code.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
},
Err(e) => {
debug!(
Expand All @@ -535,23 +530,18 @@ where
{
Ok(()) => {
debug!("remove_identity_runtime {} OK", account_id_to_string(&who));
if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_removed_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
} else {
add_call_from_imp_error(
calls,
node_metadata_repo,
IMPError::InvalidUserShieldingKey,
);
}
// For sure to get key here. It's already checked in pallet:
// ita_sgx_runtime::IdentityManagementCall::<Runtime>::remove_identity
let key = IdentityManagement::user_shielding_keys(&who).unwrap();
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_removed_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
},
Err(e) => {
debug!(
Expand Down Expand Up @@ -599,23 +589,18 @@ where
) {
Ok(()) => {
debug!("verify_identity_runtime {} OK", account_id_to_string(&who));
if let Some(key) = IdentityManagement::user_shielding_keys(&who) {
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_verified_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
} else {
add_call_from_imp_error(
calls,
node_metadata_repo,
IMPError::InvalidUserShieldingKey,
);
}
// For sure to get key here. It's already checked in pallet:
// ita_sgx_runtime::IdentityManagementCall::<Runtime>::verify_identity
let key = IdentityManagement::user_shielding_keys(&who).unwrap();
let id_graph =
ita_sgx_runtime::pallet_imt::Pallet::<Runtime>::get_id_graph(&who);
calls.push(OpaqueCall::from_tuple(&(
node_metadata_repo
.get_from_metadata(|m| m.identity_verified_call_indexes())??,
SgxParentchainTypeConverter::convert(who),
aes_encrypt_default(&key, &identity.encode()),
aes_encrypt_default(&key, &id_graph.encode()),
)));
},
Err(e) => {
debug!(
Expand Down
6 changes: 6 additions & 0 deletions tee-worker/litentry/pallets/identity-management/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,8 @@ pub mod pallet {
pub enum Error<T> {
/// challenge code doesn't exist
ChallengeCodeNotExist,
/// Invalid user shielding Key
InvalidUserShieldingKey,
/// the pair (litentry-account, identity) already verified when creating an identity
IdentityAlreadyVerified,
/// the pair (litentry-account, identity) doesn't exist
Expand Down Expand Up @@ -200,6 +202,8 @@ pub mod pallet {
parent_ss58_prefix: u16,
) -> DispatchResult {
T::ManageOrigin::ensure_origin(origin)?;
ensure!(Self::user_shielding_keys(&who).is_some(), Error::<T>::InvalidUserShieldingKey);
BillyWooo marked this conversation as resolved.
Show resolved Hide resolved

if let Some(c) = IDGraphs::<T>::get(&who, &identity) {
ensure!(
!(c.is_verified && c.creation_request_block != Some(0)),
Expand Down Expand Up @@ -250,6 +254,7 @@ pub mod pallet {
identity: Identity,
) -> DispatchResult {
T::ManageOrigin::ensure_origin(origin)?;
ensure!(Self::user_shielding_keys(&who).is_some(), Error::<T>::InvalidUserShieldingKey);
ensure!(IDGraphs::<T>::contains_key(&who, &identity), Error::<T>::IdentityNotExist);
if let Some(IdentityContext::<T> {
metadata,
Expand Down Expand Up @@ -281,6 +286,7 @@ pub mod pallet {
verification_request_block: ParentchainBlockNumber,
) -> DispatchResult {
T::ManageOrigin::ensure_origin(origin)?;
ensure!(Self::user_shielding_keys(&who).is_some(), Error::<T>::InvalidUserShieldingKey);
IDGraphs::<T>::try_mutate(&who, &identity, |context| -> DispatchResult {
let mut c = context.take().ok_or(Error::<T>::IdentityNotExist)?;

Expand Down
43 changes: 42 additions & 1 deletion tee-worker/litentry/pallets/identity-management/src/tests.rs
View file
Open in desktop
BillyWooo marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ use crate::{
identity_context::IdentityContext, mock::*, Error, MetadataOf, ParentchainBlockNumber,
UserShieldingKeyType,
};
use frame_support::{assert_err, assert_noop, assert_ok};
use frame_support::{assert_noop, assert_ok};
use litentry_primitives::{Identity, IdentityString, Web2Network, USER_SHIELDING_KEY_LEN};
use sp_runtime::AccountId32;

Expand Down Expand Up @@ -46,6 +46,13 @@ fn set_user_shielding_key_works() {
#[test]
fn create_identity_works() {
new_test_ext().execute_with(|| {
let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BillyWooo marked this conversation as resolved.
Show resolved Hide resolved
BOB,
shielding_key.clone()
));

BillyWooo marked this conversation as resolved.
Show resolved Hide resolved
let ss58_prefix = 131_u16;
let metadata: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
assert_ok!(IMT::create_identity(
Expand All @@ -71,6 +78,13 @@ fn create_identity_works() {
#[test]
fn remove_identity_works() {
new_test_ext().execute_with(|| {
let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BOB,
shielding_key.clone()
));

let metadata: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
let ss58_prefix = 131_u16;
assert_noop!(
Expand Down Expand Up @@ -115,6 +129,13 @@ fn remove_identity_works() {
#[test]
fn verify_identity_works() {
new_test_ext().execute_with(|| {
let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BOB,
shielding_key.clone()
));

let metadata: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
let ss58_prefix = 131_u16;
assert_ok!(IMT::create_identity(
Expand Down Expand Up @@ -146,6 +167,13 @@ fn verify_identity_works() {
#[test]
fn get_id_graph_works() {
new_test_ext().execute_with(|| {
let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BOB,
shielding_key.clone()
));

let metadata3: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
let ss58_prefix = 131_u16;
assert_ok!(IMT::create_identity(
Expand Down Expand Up @@ -195,6 +223,13 @@ fn verify_identity_fails_when_too_early() {
const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 2;
const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 1;

let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BOB,
shielding_key.clone()
));

let metadata: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
let ss58_prefix = 131_u16;
assert_ok!(IMT::create_identity(
Expand Down Expand Up @@ -232,6 +267,12 @@ fn verify_identity_fails_when_too_late() {
const CREATION_REQUEST_BLOCK: ParentchainBlockNumber = 1;
const VERIFICATION_REQUEST_BLOCK: ParentchainBlockNumber = 5;

let shielding_key: UserShieldingKeyType = [0u8; USER_SHIELDING_KEY_LEN];
assert_ok!(IMT::set_user_shielding_key(
RuntimeOrigin::signed(ALICE),
BOB,
shielding_key.clone()
));
let metadata: MetadataOf<Test> = vec![0u8; 16].try_into().unwrap();
let ss58_prefix = 131_u16;
assert_ok!(IMT::create_identity(
Expand Down
2 changes: 2 additions & 0 deletions tee-worker/ts-tests/identity.test.ts
View file
Open in desktop
BillyWooo marked this conversation as resolved.
Show resolved Hide resolved
Original file line number Diff line number Diff line change
Expand Up @@ -374,6 +374,8 @@ describeLitentry('Test Identity', (context) => {
});

//remove a challenge code before the code is set
const bob = await setUserShieldingKey(context, context.defaultSigner[2], aesKey, true);
assert.equal(bob, u8aToHex(context.defaultSigner[2].addressRaw), 'check caller error');
const resp_not_created_identities = (await removeErrorIdentities(context, context.defaultSigner[2], true, [
twitterIdentity,
ethereumIdentity,
Expand Down