Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Attesteer RPC additions #1201

Merged
merged 22 commits into from
Apr 3, 2023

Conversation

OverOrion
Copy link
Contributor

This PR extends the RPC methods with attesteer_forward_dcap_quote call and attesteer_forward_ias_attestation_report.

Fixes #1180.

@OverOrion OverOrion added A0-core Affects a core part B1-releasenotes C1-low 📌 Does not elevate a release containing this beyond "low priority" E0-breaksnothing A7-somethingelse labels Mar 2, 2023
@OverOrion OverOrion requested a review from clangenb March 2, 2023 16:06
Copy link
Contributor

@clangenb clangenb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, this turned out to be not that much of an effort! However, I have a comment and an question. :)

enclave-runtime/src/rpc/worker_api_direct.rs Outdated Show resolved Hide resolved
enclave-runtime/src/rpc/worker_api_direct.rs Outdated Show resolved Hide resolved
@OverOrion OverOrion force-pushed the szp/attesteer-rpc branch 2 times, most recently from 9988ba9 to 2649c5a Compare March 13, 2023 12:43
@OverOrion
Copy link
Contributor Author

OverOrion commented Mar 13, 2023

To convert a file to hex-encoded format which is only one line:

xxd -plain quote.dat | tr -d '[[:blank:][:space:]]' > quote_single_line.hex

The current implementation takes a filename / path as an argument, where the file should be a hex-encoded single-line of a DCAP quote / IAS attestation report.


I think for the automated testing something like demo-teeracle.yml could be used here as well. What do you think @clangenb ?

@OverOrion OverOrion requested a review from clangenb March 13, 2023 13:02
Copy link
Contributor

@clangenb clangenb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks nice in general, happy that you could figure out on your own, how to use the implement the CLI and talk to the worker, but we are missing an important piece ;)

cli/src/attesteer/commands/mod.rs Outdated Show resolved Hide resolved
cli/src/attesteer/commands/send_ias_attestation.rs Outdated Show resolved Hide resolved
Comment on lines 51 to 58
let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
// Replace with `inspect_err` once it's stable.
.map_err(|e| {
error!("Failed to decode RpcReturnValue: {:?}", e);
e
})
.ok()
.unwrap();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Btw. I know this is a pattern that you find in our codebase, but I honestly don't know how brought this into existence. And with rust v1.6.5 we can use a beautiful pattern here:

Suggested change
let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
// Replace with `inspect_err` once it's stable.
.map_err(|e| {
error!("Failed to decode RpcReturnValue: {:?}", e);
e
})
.ok()
.unwrap();
let Ok(rpc_return_value) = match RpcReturnValue::from_hex(&rpc_response.result) else {
panic!("Failed to decode RpcReturnValue: {:?}", e);
};

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I could not use the let-else pattern in some places (where the error would be reported as e would not be defined otherwise). I used match expressions there, hope that's alright.

.map_err(|e| error!("Opening hex encoded DCAP quote file failed: {:#?}", e))
.unwrap();

let rpc_method = "attesteer_callForwardDCAPQuote".to_owned();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as explained below for the other command.

Comment on lines 47 to 56
let rpc_response: RpcResponse = serde_json::from_str(&rpc_response_str).ok().unwrap();
let rpc_return_value = RpcReturnValue::from_hex(&rpc_response.result)
// Replace with `inspect_err` once it's stable.
.map_err(|e| {
error!("Failed to decode RpcReturnValue: {:?}", e);
e
})
.ok()
.unwrap();

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as explained below for the other command.

Comment on lines 248 to 263
fn attesteer_forward_ias_attestation_report_inner(
params: Params,
) -> Result<OpaqueExtrinsic, String> {
let hex_encoded_params = params.parse::<Vec<String>>().map_err(|e| format!("{:?}", e))?;

let request =
Request::from_hex(&hex_encoded_params[0].clone()).map_err(|e| format!("{:?}", e))?;

let ias_attestation_report: Vec<u8> = request.cyphertext;

let url = String::new();
let ext = generate_ias_ra_extrinsic_from_der_cert_internal(url, &ias_attestation_report)
.map_err(|e| format!("{:?}", e))?;

Ok(ext)
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you messed up some stuff here:

  1. The request will be decoded into the wrong thing because the first few bytes are interpreted as the ShardIdentifier, which you don't pass in the request (which is fine). So the hex encoded params does only contain the hex encoded remote attestation. Hence, what you need to do is simply:
// also check that `hex_encoded_params.length == 1`
let ias_attestation_report = itp_utils::hex::decode_hex(hex_encoded_params[0]).map_err(...);

Where are you sending the remote attestation to the chain? You just send back the ready to send extrinsic to the client. The attesteer should send it to the chain, though. Is this a programmatic error, or do we have a misunderstanding about what the attesteer should do?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was the former, I fixed it accordingly in c920561.

Copy link
Contributor

@clangenb clangenb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great, thanks for the fixes! It looks great now! There is only one little thing left about the naming of the RPC.


let rpc_method = "attesteer_callForwardDCAPQuote".to_owned();
let rpc_method = "attesteer_ForwardDcapQuote".to_owned();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

small 'f' please :)


//let request = Request { shard, cyphertext: hex_encoded_quote.to_vec() };

let rpc_method = "attesteer_callForwardIASAttestationReport".to_owned();
let rpc_method = "attesteer_ForwardIasAttestationReport".to_owned();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same, small 'f' please :)

enclave-runtime/src/rpc/worker_api_direct.rs Outdated Show resolved Hide resolved
enclave-runtime/src/rpc/worker_api_direct.rs Outdated Show resolved Hide resolved
enclave-runtime/src/rpc/worker_api_direct.rs Show resolved Hide resolved
cli/src/attesteer/commands/send_dcap_quote.rs Show resolved Hide resolved
@clangenb
Copy link
Contributor

Integration testing shall be done in another task: integritee-network/attesteer#6

@OverOrion OverOrion requested a review from clangenb March 31, 2023 06:22
@OverOrion OverOrion merged commit 945571a into integritee-network:master Apr 3, 2023
m-yahya pushed a commit to olisystems/BEST-Energy that referenced this pull request Jul 4, 2023
* Several improvements for the local-setup (integritee-network#1182)

* [local-setup] use default ports for the node and worker1

* [local-setup] re-organize configs and use default ports in configs.

* [local-setup] update readme

* [local-setup] also add external flags for the node in the benchmark settings

* [local-setup] also add external flags for the worker

* Fetch quotes from Marblerun Prometheus REST API endpoint (integritee-network#1159)

* citadel mods

* use ldconfig

* service: skip check_files if dcap attestation is used

* worker: move feature check to check_files() to silence unused warning (temporary fix)

* Add function to verify quote from the outside

* fix invalid extrinsic return parameter

* cleanup

* rename fetch_stuff

* extract timeout

* remove comment 2x

* extract function

* add flag for prometheus endpoint base url

* dcap vs ias check_files

* switch to rest_client

* fix typo

* remove comment by me

* fetch events every hour

* remove unnecessary comment

* fetch fmspc from dcap_quote

* fixes

* worker: fetch FMSPC from RA certificate

* cleanup2

* fix typo

* Placeholder commit for updating pallets/node after .37 polkadot update has been merged

* Clippy fixes

* add feature flags for dcap, use pallets fork

* ci: taplo fmt

* revert accidental Cargo.toml style changes

* service: add handy derives to PrometheusMarblerRunEvent and PrometheusMarblerunEventActivation

* service: add proper reasoning to expect() in register_quotes_from_marblerun()

* enclave-runtime/attestation: remove leftover debug output

* pallets: use updated polkadot branch

* rename generate_dcap_ra_extrinsic_internal_with_quote() to generate_dcap_ra_extrinsic_from_quote()

* rename methods to generate_dcap_ra_extrinsic_from_quote{_internal}

* remove obsolete todo

* fix typo in expect message

* *.toml: fix accidental formatting

* service: handle registering marblerun quotes failure with error logging

* ffi: remove _internal suffix from generate_dcap_ra_extrinsic_from_quote_internal()

* Fix tests and CI (integritee-network#1184)

* stf_sgx_tests: make sure NodeMetadataRepository is initialized with Some() value, rather than the
default None.

* tests: fix formatting

* disable test_verify_get_exchange_rate_from_coin_gecko_works() for now

* fixup! disable test_verify_get_exchange_rate_from_coin_gecko_works() for now

* Reduce docker image size (integritee-network#1185)

* docker: copy sgx libs only

* docker: add DCAP libs

* Adding fork tree to worker (integritee-network#1196)

* Adding fork-tree to worker

* Cargo fmt and clippy

* taplo fmt

* adding in default impl for clippy and removing senseless comments

* minor fmt

* Adding queue builder helpers (integritee-network#1197)

* Adding fork-tree to worker

* Cargo fmt and clippy

* taplo fmt

* adding in default impl for clippy and removing senseless comments

* minor fmt

* Cherry picking and merging

* Cherry picking test of is_descendent_builder

* Removing comments and cleanup

* Adding in build_queue_header helper

* Adding in imports for SidechainBlockBuilderTrait

* Cargo fmt taplo fmt and clippy

* Adding some documentation to new structures

* cargo fmt

* Addressing comments

* Marblerun prometheus integration fixes (integritee-network#1189)

* service: fix register_quotes_from_marblerun after refactor

* service: change marblerun prometheus endpoint poll interval to 5 minutes

* enclave-runtime: attestation.rs: fix typo

* enclave-runtime: move enclave call log to trace level in attestation.rs

* fixup! service: change marblerun prometheus endpoint poll interval to 5 minutes

* fixup! enclave-runtime: attestation.rs: fix typo

* fixup! enclave-runtime: move enclave call log to trace level in attestation.rs

* Makefile: remove hardcoded dcap flag

* Makefile: WORKER_FEATURES should not overwrite user supplied value

* fixup! Makefile: WORKER_FEATURES should not overwrite user supplied value

* teeracle: change coingecko root certificate as they moved to Let's Encrypt (integritee-network#1204)

* teeracle: change coingecko root certificate as they moved to Let's Encrypt

* teeracle: remove obsolete comment about test case failure

* Restore debuggability (integritee-network#1200)

* make: add real debug

add __assert_fail implementation for ring

* cli: remove duplicate -s flag clap

* make: remove obsolete comment

* fixup! make: add real debug

* clippy: remove unnecessary unsafe block

* enclave-runtime: add __assert_fail implementation for ring / ring-xous

This is a necessary addition to have ring / ring-xous compile in debug
mode. Teaclave added their implementation, but it no longer gets linked
for some reason.
See integritee-network#1200 for more
details.

* Adding is_descendent_of defenitions and fork tree testing with blockqueues (integritee-network#1198)

* Adding fork-tree to worker

* Cargo fmt and clippy

* taplo fmt

* adding in default impl for clippy and removing senseless comments

* minor fmt

* Cherry picking and merging

* Cherry picking test of is_descendent_builder

* Removing comments and cleanup

* Adding in build_queue_header helper

* Adding in imports for SidechainBlockBuilderTrait

* Cargo fmt taplo fmt and clippy

* Adding some documentation to new structures

* cargo fmt

* Addressing comments

* Refactoring for pr

* Fix incorrect comment

* fixing docstring

* cargo fmt

* Moving errors to correct file

* refactor from comments half

* Refactoring for Chris comments

* Missing import

* cargo fmt

* Minor fixes for `is_descendant_builder` (integritee-network#1206)

* properly feature gate the `is_descendant_of_builder`

* [header_db] improve traitbounds

* Update sidechain/consensus/common/src/is_descendant_of_builder.rs

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

* Update sidechain/consensus/common/src/is_descendant_of_builder.rs

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

* Update sidechain/consensus/common/src/is_descendant_of_builder.rs

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

* Update sidechain/consensus/common/src/is_descendant_of_builder.rs

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

---------

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

* Bump `integritee-dev` image, switch to Ubuntu 22.04 Jammy (integritee-network#1207)

* build: bump integritee-dev docker image, .13 is based on Ubuntu 22.04 (Jammy)

* GHA: change runs-on to Ubuntu 22.04 (Jammy) as well

* GHA: use explicit Ubuntu version instead of latest

* service: handle not running Marblerun Prometheus metrics server more gracefully (integritee-network#1209)

* gha: Node.js 12 depracation, bump cancel-action (integritee-network#1217)

* Fix unchecked indexing in decode_hex (integritee-network#1218)

* core-primitives/utils: fix crash if slice.len() < 2 in decode_hex()

* its-consensus-common: fix unused doc comment warning

* fixup! core-primitives/utils: fix crash if slice.len() < 2 in decode_hex()

* Refactor indirect executor: make interpetation of parentchain extrinsics configurable (integritee-network#1223)

* wip of indirect executor refactoring

* [indirect-executor] provide a filter implementation

* [indirect-executor] fix mock feature flag

* [indirect-executor] tests runs, but if fails to find the call

* [indirect-executor] shield funds indirect call works now.

* [indirect-executor] call worker works too

* [indirect-executor] add `ParentchainExtrinsic` associated type, which must implement `ExtractCallIndex`

* [global-components] add indirect filter to initialization

* [indirect-calls-executor] make filter trait definition less constraining

* [enclave-runtime] fix top_pool_tests.rs

* minor cleanup

* minor cleanup

* minor cleanup

* [indirect-executor] move `create_processed_parentchain_block_call` to the trait definition.

* [indirect-executor] move trait definitions to separate module.

* [indirect-executor] re-organise crate

* [indirect-executor] remove obsolete todo

* [indirect-executor] add comment about app-libs

* [indirect-executor] minor cleanup

* [api-client-types] also return the signature of the extrinsic.

* typo

* minor cleanup

* [api-client-types] fix import of  MultiSignature in no-std.

* [indirect-execution] trait does not take mutable reference anymore.

* fix clippy warnings.

* fix clippy warnings.

* [api-clients] added `Signature` associated type.

* [indirect-executor] `IndirectDispatch` rename method to `dispatch`

* [indirect-executor] add minimal crate level doc.

* [indirect-executor] introduce extrinsic parser and make the filters generic over it.

* minor cleanup

* remove obsolete comment

* fix clippy

* fix comment!

* add todo

* Polkadot v0.9.39 (integritee-network#1234)

* only bump up the version number

* cargo update

* cargo build and clippy

* GHA: fix teeracle failure by increasing the update interval of the API (integritee-network#1230)

* GHA: fix teeracle failure by increasing the update interval of the API

Co-authored-by: Zoltan Mosonyi <zoltan@integritee.network>

* teeracle: fix coingecko test failure by increasing the timeout

* fixup! teeracle: fix coingecko test failure by increasing the timeout

* teeracle: increase coingecko timeout further

* teeracle: increase coingecko timeout further (20 seconds)

* teeracle: try fetching exchange_rates 3 times before giving up

* teeracle: add descriptive error message if fetching exchange rates fails

* clippy: fix

* clippy: fix, remove leftover code

* teeracle: use plain loop with breaks instead of for

---------

Co-authored-by: Zoltan Mosonyi <zoltan@integritee.network>

* update sidechain block production rate to one second to see if it fixes the flaky M6. (integritee-network#1261)

* Revert "teeracle: change coingecko root certificate as they moved to Let's Encrypt" (integritee-network#1268)

This reverts commit 3fb6801.

* Attesteer RPC additions (integritee-network#1201)

* rpc: add attesteer_forward_dcap_quote call

* rpc: add attesteer_forward_ias_attestation_report

* remove unused variables

* enclave-runtime/attestation: remove duplicate code

* enclave-runtime/attestation: extract extrinsic sending

* enclave-runtime/attestaion: refactor generate_dcap_ra_extrinsic_internal to reduce code duplication

* attesteer: add attesteer RPC calls to the CLI

* compiling

* cli: attesteer dcap quote verification takes a filename (to a hex encoded quote) instead of contents

* cli: attesteer ias attestation report takes a filename (to a hex encoded report) instead of its contents

* clippy: fix needless borrow

* rename: match substrate convention for RPC method names

* rename: SendDCAPQuoteCmd -> SendDcapQuoteCmd

* rename: SendIASAttestationReportCmd -> SendIasAttestationReportCmd

* rename: attesteer_callForwardIASAttestationReport -> attesteer_ForwardIasAttestationReport

* rename: attesteer_callForwardDCAPQuote -> attesteer_ForwardDcapQuote

* cli: refactor attesteer comamnds to use a neat match expressions

* cli: attesteer commands use let-else pattern

* cli: attesteer commands send to chain

* rename: attesteer_Forward -> attesteer_forward

* Update api-client to tag v0.9.0 (integritee-network#1263)

* update to v0.9.0 tag

* fix api-types

* some more changes

* fix metadata

* fix it all

* fix submit extrinsic

* fix palletteerex api

* one step further

* some more uptadates

* seems to work

* oh yes

* and compiled

* readd comment

* add comment

* cargo fmt

* taplo fmt

* fix rpc-client mock

* fix tests

* fix clippy

* fix clippy

* fix teeracle

* fix teeracel

* fix clippy

* lets try

* lets try that

* simplify account.rs

* simplfy pallet teerex

* simplify signedblock

* remove clone

* fmt

* fix clippy

* clean SignedBlock

* Update api-client to tag v0.10.0 (integritee-network#1265)

* update to tag v0.10.0

switch to generic extrinsic params

some more changes

add SignExtrinisc trait

update extrinisc factory

fix error

rename event subscription

fix events

fix whatever possible

we're getting there

compiling!

fix tests

fix teeracle

fmt

clippy

fix evm

fmt

* fix compilation

* clean up extrinisc V4

* fix typos

* fix typo

* favor imports from `api-client-types` crate & fix api-client features; remove unused jsonrpsee dependency (integritee-network#1271)

* update api-client feature flags to remove unused jsonrpsee dependency.

* update enclave Cargo.lock

* [itp-api-client-types] re-export extrinsic params trait.

* [itp-node-api-metadata] use Metadata from itp-api-client-types instead of from api-client

* [enclave-runtime] remove unnecessary dependency on the substrate-api-client

* [itc-rpc-client] uses now the types from itp-api-client-types

* [enclave-runtime] fix api-client dependencies in tests.

* Revert "Revert "teeracle: change coingecko root certificate as they moved to Let's Encrypt" (integritee-network#1268)" (integritee-network#1276)

This reverts commit d794987.

* Sgx runner (integritee-network#1222)

* Added self hosted runner integritee-network#386

---------

Co-authored-by: Szilard Parrag <szilard.parrag@gmail.com>
Co-authored-by: Christian Langenbacher <clangenb+gh@protonmail.ch>

* Pass events and events proof to enclave (integritee-network#1264)

* Initial addition of retrieving event proof from parent-chain

* Adding in events retrieval

* removing old comments

* Passing in events and proofs per block to enclave

* refactoring a bit

* Fixing compiler errors

* slight refactor plus comment

* Clippy and fmt

* Addressing clippy concerns

* Taplo

* fixing mock import

* Better error logs for remote attestation + make skip_ra work for dcap (integritee-network#1229)

* service: fix DCAP and --skip-ra flag

* attestation_handler: handle HTTP status code 400 - bad request

* attestation_handler: handle unknown error better

* attestation_handler: make the error messages format uniform

* gha: remove unnecessary dockerhub login

* Teeracle: have updates run at start as well (integritee-network#1283)

* teeracle: rename market update method to be consistent with weather update

* teeracle: execute updates at start as well

* Using docker cache (integritee-network#1280)

* First trial to use docker cache

* Added back cargo test release

* Remove debugging commands

* Add sccache to try

* Added sccache status

* Be sure that build has unique id

* Add force run that line

* Remove commented out line

* Pull dev image if not exist

---------

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>

* Minor light-client refactor (integritee-network#1287)

* [itc-light-client] refactor

* [itc-light-client] remove obsolete `NoSuchRelayExists` error

* [itc-light-client] make `submit_xt_to_be_included` infallible and remove expect statement.

* [itc-light-client] remove error that is not used yet.

* [itc-light-client] Remove `Default` derive, which can't be satisfied

* [itc-parentchain-test] better re-exports (integritee-network#1294)

* integritee-cli: separate into library and binary (integritee-network#1183)

* integritee-cli:

- refactor: add a lib.rs
- make the commands return something
- Wrap all cli commands into a `CliResult`
- Hopefully complete error handling

* remove superfluous clippy allow

`#[allow(non_snake_case, unused_variables)]`

* replace Snafu by thiserror

* Configurable light-client db (integritee-network#1288)

* [itc-light-client] light-client db is now a generic parameter to facilitate multiple db entries.

* [itc-light-client] fix import paths

* [itc-light-client] add no-genesis error, which was lost in rebase

* [itc-light-client] `LightClientSeal` does no longer refer to a static path. It has a `path` field now.

* [itc-light-client] remove obsolete fixme

* [itc-light-client] better naming for generic type parameter

* Cargo.lock

* [itc-parentchain-light-client] fix test compilation

* [itc-parentchain-light-client] fix `cargo test -p itc-parentchain-light-client`

* add sgx compatible temp-dir implementation

* [itc-parentchain-light-client] the path is now a `Path` instead of a `&'static str`

* [itp-sgx-tempdir] add process-id like behaviour

* [itc-parentchain-light-client] fix: enable std feature in sgx-temp-dir.

* more accurate docs.

* typos

* add doc

* fix clippy

* taplo fmt

* add debug logs for CI

* [itp-test] better re-exports

* [itc-parentchain-test] better re-exports

* [itc-parentchain-light-client] add seal test

* [itc-parentchain-light-client] fix seal test

* [itc-parentchain-light-client] better naming

* add todo for more light-client tests

* Revert "add debug logs for CI"

This reverts commit d53bbe3.

* taplo fmt

* [itc-parentchain-light-client] use `PathBuf` instead of `Box<Path>`

* add temp-dir deprecation note

* Enable Remote Attesation (EPID) in the CI  (integritee-network#1286)

* docker: remove --skip-ra flags

* attestation-handler: load SPID from env var if set

* attestation-handler: use IAS API key from env if set

* gha: use secrets for EPID remote attestation

* docker: allow runtime flags to be added from the outside

* docker: move EPID RA environment variables to their proper place

* docker: switch to integritee-node built with IAS checking

* docker: switch to integritee-node-dev-ias image for enabled attestation

* attestation-handler: accept SW_HARDENING_NEEDED SGX status as well

* Update core-primitives/attestation-handler/src/attestation_handler.rs

Co-authored-by: Andrew <andrewburger1991@gmail.com>

* Update core-primitives/attestation-handler/src/attestation_handler.rs

Co-authored-by: Andrew <andrewburger1991@gmail.com>

---------

Co-authored-by: Andrew <andrewburger1991@gmail.com>

* Comment out weather oracle start with fixit todo and gh issue (integritee-network#1301)

* Comment out weather oracle start with fixit todo and gh issue

* clippy fix

* Fix DCAP build in docker (integritee-network#1306)

* docker: add WORKER_FEATURES_ARG needed for DCAP

* docker: fix LD_LIBRARY_PATH from aesmd service

LD_LIBRARY_PATH must NOT contain the urts library of the aesmd_service, it will override the default one, which will result in a weird SGX enclave initialization errors.

* service/main: follow-up for send_extrinsic signature changes in DCAP only methods

* fixup! docker: fix LD_LIBRARY_PATH from aesmd service

* Pallets followup regarding register_enclave renaming (integritee-network#1307)

* itp-node-api-metadata: rename register_enclave followup

* itp-node-api-metadata: use Fmspc definition from teerex-primitives

* docker: bump integritee-node to 1.0.35

* fixup! itp-node-api-metadata: use Fmspc definition from teerex-primitives

* Validate and Access all Parentchain Events in Enclave (integritee-network#1272)

* Initial addition of retrieving event proof from parent-chain

* Adding in events retrieval

* removing old comments

* Passing in events and proofs per block to enclave

* refactoring a bit

* Fixing compiler errors

* slight refactor plus comment

* Clippy and fmt

* Addressing clippy concerns

* Taplo

* unpack events

* validated events

* adding in NodeMetaData extrinsic success and failed requests

* Refactor and implement groundwork

* passing events to correct place

* Adding in infra for events

* importing api client types and decoding events to log per block

* refactoring for passing events to triggered dispatcher

* Renaming module refactoring for triggered dispatcher refactor

* adding in queue methods for events queue

* cargo fmt

* fixing bug with chris on generic type

* Debugging decoding issue

* Was using storage key call incorrectly...

* small refactoring

* cargo fmt and taplo fmt

* adding in filtering of events for extrinsics

* cargo fmt

* taplo and cargo fmt in enclave

* refactoring for clippy

* cargo fmt

* changing log back

* minor comment removal

* refactoring to include new traits for testing

* cargo fmt

* refactoring for addressing comments

* cargo fmt

* clippy satisfaction

* cargo fmt

* fix for top pool tests

* cargo fmt

* refactor for comments

* making clippy happy

* adding back pallet system

* addressing comments

* refactor for comments

* adding some space

* add debug trait for logging

* cargo fmt

* addressing comments

* trace logs

* name changes

* couple log changes

* indentation fix

* itp-attestation-handler: make sure the production flag gets activated when needed (integritee-network#1319)

* Allow setting a base path for shielding-key file IO (integritee-network#1318)

* [itp-sgx-crypto] add `ToPubkey` and `AccessPubkey` traits

* [itp-sgx-crypto] refactor the Rsa3072 stuff to no longer use static file IO.

* [itp-sgx-crypto] set-base-path to the PWD

* [enclave-runtime] more explanation about using the PWD

* [enclave-runtime] add todo for replacing the once-cell.

* taplo fmt

* add some doc

* typo

* [sgx-crypto] log full path instead of just filename.

* [enclave-runtime] add todo for replacing `once_cell`

* [itp-sgx-crypto] log the pubKey of the RSA key when it is generated.

* fix clippy

* [itp-sgx-crypto] move the file name of the rsa-key from itp-settings to the rsa file.

* [itp-sgx-crypto] remove unnecessary clone.

* Add missing return to avoid closing the connection twice (integritee-network#1320)

Co-authored-by: Kailai Wang <Kailai.Wang@hotmail.com>

* Introduce signing key repo and allow setting the base path of the signing key file IO (integritee-network#1321)

* [itp-sgx-crypto] add `ToPubkey` and `AccessPubkey` traits

* [itp-sgx-crypto] refactor the Rsa3072 stuff to no longer use static file IO.

* [itp-sgx-crypto] set-base-path to the PWD

* [enclave-runtime] more explanation about using the PWD

* [enclave-runtime] add todo for replacing the once-cell.

* taplo fmt

* add some doc

* typo

* [sgx-crypto] log full path instead of just filename.

* [itp-sgx-io] fix standalone compilation

* [itp-sgx-crypto] put some functions behind a trait.

* [enclave-runtime/attestation_handler] add signing key repo to struct

* [itp-sgx-crypto] impl `ToPubkey` for `ed25511::Pair`

* introduce `SigningKeyRepository` and remove all instances of `StaticFile` IO.

* [itp-sgx-crypto] change `exists()` implementations to use `self.path().exists()`

* [itp-sgx-crypto] fix clippy warnings

* taplo fmt

* [itp-sgx-crypto] add tests for ed25519 module.

* [itp-sgx-crypto] add tests for rsa3072 module.

* [itp-sgx-crypto] move seed file constant from settings to the ed25519 module.

* typo

* [itp-sgx-crypto] tests: ensure that the keys don't exist initially

* [itp-sgx-crypto] tests: fix tempdir prefixes.

* Add docker release for teeracle (integritee-network#1295)

* Add docker release for teeracle

* Fix release teeracle

* Use ref_name instead of tag_name

* Fix downloading binary

* Fix upload binary

* Added file to the release

* Add prod build

* Fix syntax

* Add release-build dependency

* Pass production mode arg

* Added vault import secrets

* Added vault import secrets

* Added vault import secrets

* Added vault import secrets

* Remove tabs

* Hardcoded path

* Back to path secret

* Back to path secret

* Runs on self hosted

* Fix run all command

* Fix run all command

* Added ssl pubout

* Added ssl pubout

* itp-attestation-handler: make sure the production flag gets activated when needed

* Revert back tests

* Revert back tests

* Update .github/workflows/build_and_test.yml

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>

* Update .github/workflows/build_and_test.yml

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>

* Update build.Dockerfile

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>

* Rename COMMERCIAL KEY to SIGN KEY

* Put back release binaries

* Rename SIGN Key to COMMERCIAL Key

* Comment out release binaries

* Try to get tag name

* Remove unneeded file

---------

Co-authored-by: Szilard Parrag <szilard.parrag@gmail.com>

* Allow setting path of the State Key (AES) (integritee-network#1324)

* [itp-sgx-crypto] add `ToPubkey` and `AccessPubkey` traits

* [itp-sgx-crypto] refactor the Rsa3072 stuff to no longer use static file IO.

* [itp-sgx-crypto] set-base-path to the PWD

* [enclave-runtime] more explanation about using the PWD

* [enclave-runtime] add todo for replacing the once-cell.

* taplo fmt

* add some doc

* typo

* [sgx-crypto] log full path instead of just filename.

* [itp-sgx-io] fix standalone compilation

* [itp-sgx-crypto] put some functions behind a trait.

* [enclave-runtime/attestation_handler] add signing key repo to struct

* [itp-sgx-crypto] impl `ToPubkey` for `ed25511::Pair`

* introduce `SigningKeyRepository` and remove all instances of `StaticFile` IO.

* [itp-sgx-crypto] add base path to AESSeal

* [itp-state-handler] wip update tests

* [itp-state-handler] add debug log for existing files in shard

* [itp-state-handler] fix tests by creating a unique key-repo per test

* fix merge errors

* [itp-sgx-crypto] add tests for aes

* taplo fmt

* clippy

* move aes key file name constant to the aes module

* [stf-state-handle] rename `TestKeyRepositoryMock` to `TestKeyRepositoryMock` to reflect that it is no longer the mock

* [itp-sgx-crypto] more accurate name for the AES key file

* Allow setting the `BasePath` by adding `StateDir` abstraction that helps with fs operations relevant for the state  (integritee-network#1325)

* [itp-sgx-crypto] add `ToPubkey` and `AccessPubkey` traits

* [itp-sgx-crypto] refactor the Rsa3072 stuff to no longer use static file IO.

* [itp-sgx-crypto] set-base-path to the PWD

* [enclave-runtime] more explanation about using the PWD

* [enclave-runtime] add todo for replacing the once-cell.

* taplo fmt

* add some doc

* typo

* [sgx-crypto] log full path instead of just filename.

* [itp-sgx-io] fix standalone compilation

* [itp-sgx-crypto] put some functions behind a trait.

* [enclave-runtime/attestation_handler] add signing key repo to struct

* [itp-sgx-crypto] impl `ToPubkey` for `ed25511::Pair`

* introduce `SigningKeyRepository` and remove all instances of `StaticFile` IO.

* [itp-sgx-crypto] add base path to AESSeal

* [itp-state-handler] wip update tests

* [itp-state-handler] add debug log for existing files in shard

* [itp-state-handler] fix tests by creating a unique key-repo per test

* fix merge errors

* [itp-sgx-crypto] add tests for aes

* taplo fmt

* clippy

* move aes key file name constant to the aes module

* [stf-state-handle] rename `TestKeyRepositoryMock` to `TestKeyRepositoryMock` to reflect that it is no longer the mock

* [itp-stf-state-handler] introduce `StatePathProvider`

* [itp-stf-state-handler] add more methods to path provider

* [itp-stf-state-handler/sgx-tests] remove obsolete `ShardDirectoryHandle` and fix all tests except for `test_in_memory_state_initializes_from_shard_directory`

* [itp-sgx-crypto] more accurate name for the AES key file

* [itp-sgx-crypto] minor test fixes

* [itp-state-handler/sgx_test] extract setup method

* [itp-state-handler/sgx_test] fix last test

* minor cleanup

* [itp-stf-staten-handler] add minor docs.

* fix unused import

* fix clippy

* minor typos

* [itp-stf-state-handler] rename `StatePathHelper` to `StateDir`

* [itp-stf-state-handler] move test methods of `StateDir` to its definition

* [itp-stf-state-handler] replace flat_map with filter_map

* [itp-stf-state-handler] fix: make `StateDir` test methods public

* [itp-stf-state-handler] remove unnecessary method.

* [itp-stf-state-handler] annotate todo with issue number

* [itp-stf-state-handler/file_io] refactor methods to be more ergonomic and fix redundant `iter.collects()`

* [itp-stf-state-handler/file_io] rename `directory_contains_state` to `directory_contains_valid_state_id`

* [itp-stf-state-handler/file_io] fix test by defaulting to empty vec in case the shard directory does not exist

* [itp-stf-state-handler/file_io] remove unnecessary nesting

* [itp-stf-state-handler/file_io] typo

* [itp-stf-state-handler/file_io] minor improvement in function

* [itp-stf-state-handler/sgx_tests] rename setup -> test_setup

* Add basepath to sidechain db (integritee-network#1327)

* [its-sidechain-storage] add base_path to sidechain storage

* [its-sidechain-storage] better documentation

* [service/main] remove unused imports

* last slot is no longer persisted to file but just a static ref (integritee-network#1328)

* [its-consensus] move `ConsensusError::Other` to the end of the enum.

* [its-consensus-slots] slots is no longer persisted to file, as it is not necessary.

* [enclave-runtime] fix missing rename of `LastSlotSeal`

* Add base path to light-client initialization (integritee-network#1330)

* [itp-utils] create standalone buffer error

* add base-path to light-client initialization

* fix clippy

* remove outdated documentation

* [enclave-runtime] cleanup imports

* minor optimizations

* Remove remnants of `last_slot.bin` (integritee-network#1334)

* [local-setup] remove obsolete `purge_last_slot_seal`

* remove remnants of the `last_slot.bin`

* Fix backup of light-client db and introduce light-client-db subdirectory (integritee-network#1333)

* [itc-light-client] derive Eq, PartialEq on some state stuff

* [itc-light-client] create tests that confirms that the backup fails

* [itp-settings] rename light `LIGHT_CLIENT_DB` to `LIGHT_CLIENT_DB_PATH`

* [itc-light-client] fix backup

* [itc-light-client] remove unnecessary borrow

* [integritee-service] fix: create light-client-db directory if it doesn't exist

* Introduce CLI for a configurable data-dir (integritee-network#1331)

* [service/config] add base_dir and make config fields private favoring getters

* pass base_dir into the enclave

* [enclave-runtime] set the base_path

* [service/config] use `pwd()` instead of `std::env::current_dir()`

* [service] rename base-dir to data-dir in the cli

* [enclave-runtime] fix rebase error: re-add env logger init in enclave

* [enclave-runtime] create data-dir if it does not exist

* [service/config] rename base_dir -> data_dir and return a Path instead of a PathBuf

* [service] use data-dir instead of pwd for the sidechain storage

* [service/config] rename forgotten base_dir's to data_dir

* [service/enclave] fix wrongly copied documentation

* [integritee-service] fix: use correct path for purging files

* [integritee-service] fix: unnecessary reference

* [integritee-service] fix: documentation

* [integritee-service] fix tests

* [integritee-service] remove warning in tests

* Detect extrinsic failures on untrusted side (integritee-network#1329)

* waiting for extrinsic success

* fixes for clippy

---------

Co-authored-by: clangenb <37865735+clangenb@users.noreply.github.com>

* Add trace logs for FMSPC and collateral (integritee-network#1332)

* Add trace logs for FMSPC and collateral

* more logs and fixing build

* Adding more logs

* taplo

* itp-enclave-api: enhance DCAP related tracing

* itp-enclave-api: print values at memory addresses instead of raw addresses

---------

Co-authored-by: Szilard Parrag <szilard.parrag@gmail.com>

* Revert "Revert "Revert "teeracle: change coingecko root certificate as they moved to Let's Encrypt" (integritee-network#1268)" (integritee-network#1276)" (integritee-network#1340)

This reverts commit ef443f6.

* Teeracle: add support for multiple root certificates (integritee-network#1342)

* itc-rest-client: change SendWithCertificateVerification to support multiple root certificates

* teeracle: support multiple root certificates

* Save only registry cache and index (integritee-network#1341)

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>

* Dcap debugging helpers (integritee-network#1346)

* introduce attesteer compiler flag

* panic if DCAP collateral registration fails

* revert and just leave logging

* try to get err from null

* try to get err from null...

* cosmetics

* cosmetics

* cosmetics

* cosmetics

* cosmetics

* introduce attesteer compiler flag to avoid marblerun in pure dcap mode (integritee-network#1345)

* introduce attesteer compiler flag

* get rid of warnings

* [integritee-service] fix clean-reset flag (integritee-network#1347)

* [integritee-service] introduce getters for `RunConfig` and make fields private (integritee-network#1349)

* [integritee-service] improve `RunConfig` handling

* [integritee-service] fix attesteer flag

* [integritee-service] fix teeracle build

* [integritee-service] fix clippy

* [integritee-service] add documentation about the default marblerun port.

* Reregister Teeracle after a CLI configurable period (integritee-network#1348)

* [integritee-service/teeracle] minor code simplifications by introducing results

* [integritee-service/teeracle] make `execute_market_update` generic over the oracle data to be fetched from the enclave

* [integritee-service/teeracle] disable the wheather oracle again

* [integritee-service/teeracle] slightly simplify code

* [integritee-service] add `reregister_teeracle-interval` CLI

* [integritee-service] extract method to re-register the teeracle

* [integritee-service] fix test compilation

* [integritee-service] group teeracle imports

* [integritee-service] fix blocking sleep: spawn a re-registration thread

* [integritee-service/config] fix pass correct flag to re-registration field

* [integritee-service] fix compilation

* [integritee-service] format cli.yml

* add documentation

* [teeracle] print success of the reregistration

* [integritee-service/teeracle] make `schedule_on_repeating_intervals` private again

* [integritee-service/teeracle] fix thread name

* [integritee-service/teeracle] consistent naming

* [integritee-service/teeracle] better loggin

* [integritee-service/teeracle] renamed interval to periodic/period to align with the substrate terms used in the scheduler pallet.

* [integritee-service/teeracle] add comment about automatic reregistration period

* [integritee-service/teeracle] better naming for periodic reregistration

* [integritee-service/teeracle] better logging

* Intermediate release won't make SDK release (integritee-network#1353)

* Intermediate release won't make SDK release

* Extended explanation about the change

* Added new tag pattern (integritee-network#1354)

* polkadot update v0.9.42

* followup for Keystore overhaul (final) (#13683)

* implement missing trait methods

* substrate-api-client: explicitly use synchronous mode instead of the default async

* susbtrate-api-client followup regarding keystore overhaul

* taplo fmt

* followup for sidechain-evm

* cargo clippy

* fixup! followup for sidechain-evm

* update integritee-node image

* integritee-node: update branch

* integritee-node: update branch

* main: AddedEnclave change followup made in pallets/pull/180

* attesteer: fix warnings where DCAP was activated, but not with attesteer

* evm: followup made in pallets/pull/180

* add debug! logs

* remove commented out code

* remove empty features

* ita-sgx-runtime: fixup for freezing implementation in fungible trait

* fixup! ita-sgx-runtime: fixup for freezing implementation in fungible trait

* docker: private caching, for details see `sharing`: https://github.com/moby/buildkit/blob/master/frontend/dockerfile/docs/reference.md?plain=1#L650 (integritee-network#1356)

* minor fixes and more logging (integritee-network#1367)

* [local-setup] fix setup with two workers: avoid using the same data dirs. (integritee-network#1358)

* [ita_stf/test_genesis] remove reserved balance from state, as it doesn't exist anymore

* [enclave-runtime/top_pool_execution] downgrade logs to trace

* [state_handler] add debug and trace logs

* add additional flags for the worker setup

* [its-consensus-aura/block_importer] add some more logs

* local setup add some more logging

* run CI on GitHub hosted hardware

* fix cargo lock after upstream merge

* [cli] hotfix to make it compile

* remove sccache as it makes the native GA runners overflow

* try fix running out of space

* Revert "try fix running out of space"

This reverts commit 877f516.

* [GHA] try fix memory issue by passing the fingerprint

* Revert "Revert "try fix running out of space""

This reverts commit 0488d2b.

* [best_energy_helpers] add path for which the file was not found into the error.

* [best_energy_demo.sh] fix the timestamp

* [GA] add timeout

* [docker] add `--skip-ra`

* [docker] add comments and use node that skips RA

* [GHA] fix local tag of the integritee-node

* cli: fix keystore KeyTypeId inconsistency

* fix clippy

---------

Co-authored-by: Szilárd Parrag <szilard.parrag@gmail.com>
Co-authored-by: Andrew <andrewburger1991@gmail.com>
Co-authored-by: BillyWooo <thedreamofbilly@gmail.com>
Co-authored-by: Zoltan Mosonyi <zoltan@integritee.network>
Co-authored-by: Bigna Härdi <73821294+haerdib@users.noreply.github.com>
Co-authored-by: N. Prat <1504071+n-prat@users.noreply.github.com>
Co-authored-by: Kailai Wang <Kailai.Wang@hotmail.com>
Co-authored-by: brenzi <brenzi@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
A0-core Affects a core part A7-somethingelse B1-releasenotes C1-low 📌 Does not elevate a release containing this beyond "low priority" E0-breaksnothing
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Attesteer API for requesting remote attestation
2 participants