sign ton (#3035)

Co-authored-by: Kai <7630809+Kailai-Wang@users.noreply.github.com>
litentry · Sep 6, 2024 · a505468 · a505468
1 parent 4692f73
commit a505468
Show file tree

Hide file tree

Showing 20 changed files with 394 additions and 56 deletions.
diff --git a/bitacross-worker/bitacross/core/bc-task-processor/src/lib.rs b/bitacross-worker/bitacross/core/bc-task-processor/src/lib.rs
@@ -78,7 +78,7 @@ use lc_direct_call::{
 	handler::{
 		kill_ceremony, nonce_share, partial_signature_share,
 		sign_bitcoin::{self, SignBitcoinError},
-		sign_ethereum,
+		sign_ethereum, sign_ton,
 	},
 	CeremonyRoundCall, CeremonyRoundCallSigned, DirectCall, DirectCallSigned,
 };
@@ -109,6 +109,7 @@ pub struct BitAcrossTaskContext<
 	SIGNINGAK,
 	EKR,
 	BKR,
+	TKR,
 	S: StfEnclaveSigning<TrustedCallSigned>,
 	H: HandleState,
 	O: EnclaveOnChainOCallApi,
@@ -121,13 +122,15 @@ pub struct BitAcrossTaskContext<
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair>,
 	EKR: AccessKey<KeyType = EcdsaPair>,
 	BKR: AccessKey<KeyType = SchnorrPair>,
+	TKR: AccessKey<KeyType = ed25519::Pair>,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + 'static,
 	Responder: SendRpcResponse<Hash = H256>,
 {
 	pub shielding_key: Arc<SKR>,
 	pub signing_key_access: Arc<SIGNINGAK>,
 	pub ethereum_key_repository: Arc<EKR>,
 	pub bitcoin_key_repository: Arc<BKR>,
+	pub ton_key_repository: Arc<TKR>,
 	pub enclave_signer: Arc<S>,
 	pub state_handler: Arc<H>,
 	pub ocall_api: Arc<O>,
@@ -145,19 +148,21 @@ impl<
 		SIGNINGAK,
 		EKR,
 		BKR,
+		TKR,
 		S: StfEnclaveSigning<TrustedCallSigned>,
 		H: HandleState,
 		O: EnclaveOnChainOCallApi,
 		RRL: RelayerRegistryLookup,
 		ERL: EnclaveRegistryLookup,
 		SRL: SignerRegistryLookup,
 		Responder,
-	> BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>
+	> BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>
 where
 	SKR: AccessKey + AccessPubkey<KeyType = Rsa3072PubKey>,
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair>,
 	EKR: AccessKey<KeyType = EcdsaPair>,
 	BKR: AccessKey<KeyType = SchnorrPair>,
+	TKR: AccessKey<KeyType = ed25519::Pair>,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + 'static,
 	H::StateT: SgxExternalitiesTrait,
 	Responder: SendRpcResponse<Hash = H256>,
@@ -168,6 +173,7 @@ where
 		signing_key_access: Arc<SIGNINGAK>,
 		ethereum_key_repository: Arc<EKR>,
 		bitcoin_key_repository: Arc<BKR>,
+		ton_key_repository: Arc<TKR>,
 		enclave_signer: Arc<S>,
 		state_handler: Arc<H>,
 		ocall_api: Arc<O>,
@@ -184,6 +190,7 @@ where
 			signing_key_access,
 			ethereum_key_repository,
 			bitcoin_key_repository,
+			ton_key_repository,
 			enclave_signer,
 			state_handler,
 			ocall_api,
@@ -199,15 +206,31 @@ where
 }
 
 #[allow(clippy::type_complexity)]
-pub fn run_bit_across_handler_runner<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+pub fn run_bit_across_handler_runner<
+	SKR,
+	SIGNINGAK,
+	EKR,
+	BKR,
+	TKR,
+	S,
+	H,
+	O,
+	RRL,
+	ERL,
+	SRL,
+	Responder,
+>(
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 	ceremony_commands_thread_count: u8,
 	ceremony_events_thread_count: u8,
 ) where
 	SKR: AccessKey + AccessPubkey<KeyType = Rsa3072PubKey> + Send + Sync + 'static,
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	EKR: AccessKey<KeyType = EcdsaPair> + Send + Sync + 'static,
 	BKR: AccessKey<KeyType = SchnorrPair> + Send + Sync + 'static,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,
@@ -287,8 +310,10 @@ pub fn run_bit_across_handler_runner<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL
 }
 
 #[allow(clippy::type_complexity)]
-fn handle_ceremony_command<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+fn handle_ceremony_command<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>(
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 	ceremony_id: CeremonyId,
 	command: CeremonyCommand,
 	event_threads_pool: ThreadPool,
@@ -298,6 +323,7 @@ fn handle_ceremony_command<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Res
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	EKR: AccessKey<KeyType = EcdsaPair> + Send + Sync + 'static,
 	BKR: AccessKey<KeyType = SchnorrPair> + Send + Sync + 'static,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,
@@ -429,8 +455,10 @@ fn handle_ceremony_command<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Res
 }
 
 #[allow(clippy::type_complexity)]
-fn process_command<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+fn process_command<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>(
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 	ceremony_id: CeremonyId,
 	command: CeremonyCommand,
 ) -> Option<CeremonyEvent>
@@ -439,6 +467,7 @@ where
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	EKR: AccessKey<KeyType = EcdsaPair> + Send + Sync + 'static,
 	BKR: AccessKey<KeyType = SchnorrPair> + Send + Sync + 'static,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,
@@ -531,15 +560,18 @@ where
 }
 
 #[allow(clippy::type_complexity)]
-fn handle_request<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
+fn handle_request<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>(
 	request: BitAcrossRequest,
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 ) -> Option<(CeremonyId, CeremonyCommand)>
 where
 	SKR: AccessKey + AccessPubkey<KeyType = Rsa3072PubKey>,
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair>,
 	EKR: AccessKey<KeyType = EcdsaPair>,
 	BKR: AccessKey<KeyType = SchnorrPair>,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,
@@ -572,15 +604,18 @@ where
 }
 
 #[allow(clippy::type_complexity)]
-fn handle_direct_call<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
+fn handle_direct_call<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>(
 	request: PlainRequest,
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 ) -> Result<(Option<BitAcrossProcessingResult>, Option<(CeremonyId, CeremonyCommand)>), Vec<u8>>
 where
 	SKR: AccessKey + AccessPubkey<KeyType = Rsa3072PubKey>,
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair>,
 	EKR: AccessKey<KeyType = EcdsaPair>,
 	BKR: AccessKey<KeyType = SchnorrPair>,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,
@@ -652,19 +687,33 @@ where
 			e.encode()
 		})
 		.map(|r| (Some(BitAcrossProcessingResult::Ok(r.encode())), None)),
+		DirectCall::SignTon(signer, payload) => sign_ton::handle(
+			signer,
+			payload,
+			context.relayer_registry_lookup.deref(),
+			context.ton_key_repository.deref(),
+		)
+		.map_err(|e| {
+			error!("SignTon error: {:?}", e);
+			e.encode()
+		})
+		.map(|r| (Some(BitAcrossProcessingResult::Ok(r.encode())), None)),
 	}
 }
 
 #[allow(clippy::type_complexity)]
-fn handle_ceremony_round_call<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>(
+fn handle_ceremony_round_call<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>(
 	request: PlainRequest,
-	context: Arc<BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, S, H, O, RRL, ERL, SRL, Responder>>,
+	context: Arc<
+		BitAcrossTaskContext<SKR, SIGNINGAK, EKR, BKR, TKR, S, H, O, RRL, ERL, SRL, Responder>,
+	>,
 ) -> Result<Option<(CeremonyId, CeremonyCommand)>, Vec<u8>>
 where
 	SKR: AccessKey + AccessPubkey<KeyType = Rsa3072PubKey>,
 	SIGNINGAK: AccessKey<KeyType = ed25519::Pair>,
 	EKR: AccessKey<KeyType = EcdsaPair>,
 	BKR: AccessKey<KeyType = SchnorrPair>,
+	TKR: AccessKey<KeyType = ed25519::Pair> + Send + Sync + 'static,
 	<SKR as AccessKey>::KeyType: ShieldingCryptoEncrypt + ShieldingCryptoDecrypt + 'static,
 	S: StfEnclaveSigning<TrustedCallSigned> + Send + Sync + 'static,
 	H: HandleState + Send + Sync + 'static,

diff --git a/bitacross-worker/core-primitives/enclave-api/ffi/src/lib.rs b/bitacross-worker/core-primitives/enclave-api/ffi/src/lib.rs
@@ -134,6 +134,13 @@ extern "C" {
 		pair_size: u32,
 	) -> sgx_status_t;
 
+	pub fn get_ton_wallet_pair(
+		eid: sgx_enclave_id_t,
+		retval: *mut sgx_status_t,
+		pair: *mut u8,
+		pair_size: u32,
+	) -> sgx_status_t;
+
 	pub fn get_mrenclave(
 		eid: sgx_enclave_id_t,
 		retval: *mut sgx_status_t,

diff --git a/bitacross-worker/core-primitives/enclave-api/src/enclave_base.rs b/bitacross-worker/core-primitives/enclave-api/src/enclave_base.rs
@@ -78,6 +78,9 @@ pub trait EnclaveBase: Send + Sync + 'static {
 	/// retrieve the eth wallet key pair, only works in non-prod
 	fn get_ethereum_wallet_pair(&self) -> EnclaveResult<ecdsa::Pair>;
 
+	/// retrieve the ton wallet key pair, only works in non-prod
+	fn get_ton_wallet_pair(&self) -> EnclaveResult<ed25519::Pair>;
+
 	fn get_fingerprint(&self) -> EnclaveResult<EnclaveFingerprint>;
 
 	// litentry
@@ -112,7 +115,7 @@ mod impl_ffi {
 	use pallet_teebag::EnclaveFingerprint;
 	use sgx_crypto_helper::rsa3072::Rsa3072PubKey;
 	use sgx_types::*;
-	use sp_core::ed25519;
+	use sp_core::{ed25519, Pair};
 
 	impl EnclaveBase for Enclave {
 		fn init(
@@ -378,6 +381,25 @@ mod impl_ffi {
 				.map_err(|e| Error::Other(format!("{:?}", e).into()))
 		}
 
+		fn get_ton_wallet_pair(&self) -> EnclaveResult<ed25519::Pair> {
+			let mut retval = sgx_status_t::SGX_SUCCESS;
+			let mut private_key = [0u8; 32];
+
+			let result = unsafe {
+				ffi::get_ton_wallet_pair(
+					self.eid,
+					&mut retval,
+					private_key.as_mut_ptr(),
+					private_key.len() as u32,
+				)
+			};
+
+			ensure!(result == sgx_status_t::SGX_SUCCESS, Error::Sgx(result));
+			ensure!(retval == sgx_status_t::SGX_SUCCESS, Error::Sgx(retval));
+
+			Ok(ed25519::Pair::from_seed(&private_key))
+		}
+
 		fn get_fingerprint(&self) -> EnclaveResult<EnclaveFingerprint> {
 			let mut retval = sgx_status_t::SGX_SUCCESS;
 			let mut mr_enclave = [0u8; MR_ENCLAVE_SIZE];

diff --git a/bitacross-worker/core-primitives/node-api/metadata/src/metadata_mocks.rs b/bitacross-worker/core-primitives/node-api/metadata/src/metadata_mocks.rs
@@ -72,6 +72,7 @@ pub struct NodeMetadataMock {
 	bitacross_remove_relayer: u8,
 	btc_wallet_generated: u8,
 	eth_wallet_generated: u8,
+	ton_wallet_generated: u8,
 }
 
 impl NodeMetadataMock {
@@ -113,6 +114,7 @@ impl NodeMetadataMock {
 			bitacross_remove_relayer: 1u8,
 			btc_wallet_generated: 2u8,
 			eth_wallet_generated: 3u8,
+			ton_wallet_generated: 4u8,
 		}
 	}
 }
@@ -221,6 +223,10 @@ impl BitAcrossCallIndexes for NodeMetadataMock {
 	fn eth_wallet_generated_indexes(&self) -> Result<[u8; 2]> {
 		Ok([self.bitacross_module, self.eth_wallet_generated])
 	}
+
+	fn ton_wallet_generated_indexes(&self) -> Result<[u8; 2]> {
+		Ok([self.bitacross_module, self.ton_wallet_generated])
+	}
 }
 
 impl TimestampCallIndexes for NodeMetadataMock {

diff --git a/bitacross-worker/core-primitives/node-api/metadata/src/pallet_bitacross.rs b/bitacross-worker/core-primitives/node-api/metadata/src/pallet_bitacross.rs
@@ -24,6 +24,7 @@ pub trait BitAcrossCallIndexes {
 	fn remove_relayer_call_indexes(&self) -> Result<[u8; 2]>;
 	fn btc_wallet_generated_indexes(&self) -> Result<[u8; 2]>;
 	fn eth_wallet_generated_indexes(&self) -> Result<[u8; 2]>;
+	fn ton_wallet_generated_indexes(&self) -> Result<[u8; 2]>;
 }
 
 impl BitAcrossCallIndexes for NodeMetadata {
@@ -42,4 +43,8 @@ impl BitAcrossCallIndexes for NodeMetadata {
 	fn eth_wallet_generated_indexes(&self) -> Result<[u8; 2]> {
 		self.call_indexes(BITACROSS, "eth_wallet_generated")
 	}
+
+	fn ton_wallet_generated_indexes(&self) -> Result<[u8; 2]> {
+		self.call_indexes(BITACROSS, "ton_wallet_generated")
+	}
 }