pallet_enclave_bridge spinout from teerex

Cargo.toml

@@ -1,6 +1,7 @@
 [workspace]
 members = [
     "claims",
+    "enclave-bridge",
     "teerex",
     "parentchain",
     "sidechain",
@@ -9,6 +10,7 @@ members = [
     "test-utils",
     "xcm-transactor",
     "primitives/claims",
+    "primitives/enclave-bridge",
     "primitives/teerex",
     "primitives/teeracle",
     "primitives/common",

enclave-bridge/Cargo.toml

@@ -0,0 +1,73 @@
+[package]
+name = "pallet-enclave-bridge"
+description = "The bridge between L1(integritee network) and L2(enclaves) for integritee blockchains and parachains"
+version = "0.9.0"
+authors = ["Integritee AG <[email protected]>"]
+homepage = "https://integritee.network/"
+repository = "https://github.com/integritee-network/pallets/"
+license = "MS-RSL"
+edition = "2021"
+
+[dependencies]
+codec = { version = "3.0.0", default-features = false, features = ["derive"], package = "parity-scale-codec" }
+log = { version = "0.4.14", default-features = false }
+scale-info = { version = "2.0.1", default-features = false, features = ["derive"] }
+serde = { version = "1.0", features = ["derive"], optional = true }
+
+# local
+pallet-teerex = { path = "../teerex", default-features = false }
+teerex-primitives = { path = "../primitives/teerex", default-features = false }
+enclave-bridge-primitives = { path = "../primitives/enclave-bridge", default-features = false }
+
+# substrate dependencies
+frame-support = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+frame-system = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-core = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-io = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-runtime = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-std = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+timestamp = { package = "pallet-timestamp", default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+
+# benchmarking
+frame-benchmarking = { default-features = false, optional = true, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+hex-literal = { version = "0.3.2", optional = true }
+pallet-balances = { default-features = false, optional = true, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+test-utils = { path = "../test-utils", default-features = false, optional = true }
+
+[dev-dependencies]
+env_logger = "0.9.0"
+externalities = { package = "sp-externalities", git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+frame-benchmarking = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+hex-literal = "0.3.2"
+pallet-balances = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-keyring = { git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+test-utils = { path = "../test-utils" }
+
+[features]
+default = ["std"]
+std = [
+    "codec/std",
+    "log/std",
+    "scale-info/std",
+    "serde",
+    # local
+    "pallet-teerex/std",
+    "enclave-bridge-primitives/std",
+    # substrate
+    "frame-support/std",
+    "frame-system/std",
+    "sp-core/std",
+    "sp-io/std",
+    "sp-runtime/std",
+    "sp-std/std",
+    "timestamp/std",
+]
+runtime-benchmarks = [
+    "frame-benchmarking",
+    "hex-literal",
+    "pallet-balances",
+    "test-utils",
+    "timestamp/runtime-benchmarks",
+]
+
+try-runtime = ["frame-support/try-runtime"]

enclave-bridge/LICENSE

@@ -0,0 +1,26 @@
+MICROSOFT REFERENCE SOURCE LICENSE (MS-RSL)
+
+This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.
+
+1. Definitions
+The terms "reproduce," "reproduction" and "distribution" have the same meaning here as under U.S. copyright law.
+
+"You" means the licensee of the software.
+
+"Your company" means the company you worked for when you downloaded the software.
+
+"Reference use" means use of the software within your company as a reference, in read only form, for the sole purposes of debugging your products, maintaining your products, or enhancing the interoperability of your products with the software, and specifically excludes the right to distribute the software outside of your company.
+
+"Licensed patents" means any Licensor patent claims which read directly on the software as distributed by the Licensor under this license.
+
+2. Grant of Rights
+(A) Copyright Grant- Subject to the terms of this license, the Licensor grants you a non-transferable, non-exclusive, worldwide, royalty-free copyright license to reproduce the software for reference use.
+
+(B) Patent Grant- Subject to the terms of this license, the Licensor grants you a non-transferable, non-exclusive, worldwide, royalty-free patent license under licensed patents for reference use.
+
+3. Limitations
+(A) No Trademark License- This license does not grant you any rights to use the Licensor's name, logo, or trademarks.
+
+(B) If you begin patent litigation against the Licensor over patents that you think may apply to the software (including a cross-claim or counterclaim in a lawsuit), your license to the software ends automatically.
+
+(C) The software is licensed "as-is." You bear the risk of using it. The Licensor gives no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the Licensor excludes the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

enclave-bridge/README.md

@@ -0,0 +1,19 @@
+# pallet-teerex
+
+Please note this pallet has a different [license](./LICENSE) than the rest of this repository: MS-RSL
+
+A pallet for [Integritee](https://integritee.network) that acts as a bridge between L1(integritee network) and L2(enclaves). 
+* indirect-invocation proxy for calls to the confidential state transition function executed in SGX enclaves off-chain.
+
+More documentation available at:
+* High-level: https://www.integritee.network/for-developer
+* In-depth: https://book.integritee.network/
+
+## Test
+
+Run all unit tests with 
+
+```
+cargo test --all
+```
+

enclave-bridge/src/benchmarking.rs

@@ -0,0 +1,126 @@
+/*
+	Copyright 2021 Integritee AG and Supercomputing Systems AG
+
+	Licensed under the MICROSOFT REFERENCE SOURCE LICENSE (MS-RSL) (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		https://referencesource.microsoft.com/license.html
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+
+//! Teerex pallet benchmarking
+
+#![cfg(any(test, feature = "runtime-benchmarks"))]
+
+use super::*;
+
+use codec::Encode;
+use frame_benchmarking::{account, benchmarks};
+use frame_system::RawOrigin;
+use pallet_teerex::Pallet as Teerex;
+use sp_runtime::traits::Hash;
+use sp_std::vec;
+use teerex_primitives::{MultiEnclave, SgxEnclave};
+use test_utils::test_data::ias::*;
+
+fn generate_accounts<T: Config>(amount: u32) -> Vec<T::AccountId> {
+	(0..amount).map(|n| account("dummy name", n, n)).collect()
+}
+
+benchmarks! {
+	// Note: The storage-map structure has the following complexity for updating:
+	//   DB Reads: O(1) Encoding: O(1) DB Writes: O(1)
+	//
+	// Hence, it does not matter how many other enclaves are registered for the benchmark.
+
+	where_clause {  where T::AccountId: From<[u8; 32]>, T::Hash: From<[u8; 32]>,}
+
+	// Benchmark `call_worker`. There are no worst conditions. The benchmark showed that
+	// execution time is constant irrespective of cyphertext size.
+	invoke {
+		let accounts: Vec<T::AccountId> = generate_accounts::<T>(1);
+		let req = Request { shard:H256::from_slice(&TEST4_SETUP.mrenclave), cyphertext: vec![1u8; 2000]};
+	}: _(RawOrigin::Signed(accounts[0].clone()), req)
+
+	// Benchmark `confirm_processed_parentchain_block` with the worst possible conditions:
+	// * sender enclave is registered
+	confirm_processed_parentchain_block {
+		let accounts: Vec<T::AccountId> = generate_accounts::<T>(1);
+		add_sovereign_enclaves_to_registry::<T>(&accounts);
+
+		let block_hash: H256 = [2; 32].into();
+		let merkle_root: H256 = [4; 32].into();
+		let block_number: u32 = 0;
+		let shard = ShardIdentifier::from(EnclaveFingerprint::default());
+
+	}: _(RawOrigin::Signed(accounts[0].clone()), shard, block_hash, block_number.into(), merkle_root)
+
+	// Benchmark `publish_hash` with the worst possible conditions:
+	// * sender enclave is registered
+	//
+	// and parametrize the benchmark with the variably sized parameters. Note: The initialization
+	// of `l`/`t` includes the upper borders.
+	publish_hash {
+		let l in 0 .. DATA_LENGTH_LIMIT as u32;
+		let t in 1 .. TOPICS_LIMIT as u32;
+
+		// There are no events emitted at the genesis block.
+		frame_system::Pallet::<T>::set_block_number(1u32.into());
+		frame_system::Pallet::<T>::reset_events();
+
+		let accounts: Vec<T::AccountId> = generate_accounts::<T>(1);
+		add_sovereign_enclaves_to_registry::<T>(&accounts);
+		let account = accounts[0].clone();
+
+	}: _(RawOrigin::Signed(account), [1u8; 32].into(), topics::<T>(t), get_data(l))
+	verify {
+		// Event comparison in an actual node is way too cumbersome as the `RuntimeEvent`
+		// does not implement `PartialEq`. So we only verify that the event is emitted here,
+		// and we do more thorough checks in the normal cargo tests.
+		assert_eq!(frame_system::Pallet::<T>::events().len(), 1);
+	}
+}
+
+fn add_sovereign_enclaves_to_registry<T: Config>(accounts: &[T::AccountId]) {
+	for a in accounts.iter() {
+		Teerex::<T>::add_enclave(
+			a,
+			MultiEnclave::from(SgxEnclave::test_enclave().with_pubkey(&a.encode()[..])),
+		)
+		.unwrap();
+	}
+}
+
+fn get_data(x: u32) -> Vec<u8> {
+	vec![0u8; x.try_into().unwrap()]
+}
+
+/// Returns [number] unique topics.
+fn topics<T: frame_system::Config>(number: u32) -> Vec<T::Hash> {
+	let vec = vec![
+		T::Hashing::hash(&[0u8; 32]),
+		T::Hashing::hash(&[1u8; 32]),
+		T::Hashing::hash(&[2u8; 32]),
+		T::Hashing::hash(&[3u8; 32]),
+		T::Hashing::hash(&[4u8; 32]),
+	];
+
+	vec[..number.try_into().unwrap()].to_vec()
+}
+
+#[cfg(test)]
+use crate::{Config, Pallet as PalletModule};
+
+#[cfg(test)]
+use frame_benchmarking::impl_benchmark_test_suite;
+use test_utils::TestEnclave;
+
+#[cfg(test)]
+impl_benchmark_test_suite!(PalletModule, crate::mock::new_test_ext(), crate::mock::Test,);