Verify PoP(Nonce)
This commit is contained in:
hu55a1n1
parent
bed57e5185
commit
29bfe1c2c3
5 changed files with 94 additions and 7 deletions
8
Cargo.lock
generated
8
Cargo.lock
generated
|
|
@ -835,7 +835,7 @@ dependencies = [
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "cw-tee-mtcs"
|
name = "cw-tee-mtcs"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"cosmwasm-schema",
|
"cosmwasm-schema",
|
||||||
"cosmwasm-std",
|
"cosmwasm-std",
|
||||||
|
|
@ -2455,7 +2455,7 @@ dependencies = [
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "quartz-cw"
|
name = "quartz-cw"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"cosmwasm-schema",
|
"cosmwasm-schema",
|
||||||
"cosmwasm-std",
|
"cosmwasm-std",
|
||||||
|
|
@ -2475,6 +2475,7 @@ dependencies = [
|
||||||
"clap",
|
"clap",
|
||||||
"color-eyre",
|
"color-eyre",
|
||||||
"cosmwasm-std",
|
"cosmwasm-std",
|
||||||
|
"cw-proof",
|
||||||
"cw-tee-mtcs",
|
"cw-tee-mtcs",
|
||||||
"ecies",
|
"ecies",
|
||||||
"k256 0.13.3",
|
"k256 0.13.3",
|
||||||
|
|
@ -2489,6 +2490,7 @@ dependencies = [
|
||||||
"serde_json",
|
"serde_json",
|
||||||
"tendermint 0.34.0",
|
"tendermint 0.34.0",
|
||||||
"tendermint-light-client",
|
"tendermint-light-client",
|
||||||
|
"tm-stateless-verifier",
|
||||||
"tokio",
|
"tokio",
|
||||||
"tonic 0.11.0",
|
"tonic 0.11.0",
|
||||||
"tonic-build",
|
"tonic-build",
|
||||||
|
|
@ -2530,7 +2532,7 @@ dependencies = [
|
||||||
[[package]]
|
[[package]]
|
||||||
name = "quartz-tee-ra"
|
name = "quartz-tee-ra"
|
||||||
version = "0.1.0"
|
version = "0.1.0"
|
||||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||||
dependencies = [
|
dependencies = [
|
||||||
"cosmwasm-schema",
|
"cosmwasm-schema",
|
||||||
"cosmwasm-std",
|
"cosmwasm-std",
|
||||||
|
|
|
||||||
|
|
@ -18,12 +18,14 @@ tendermint-light-client = "0.34.0"
|
||||||
tonic = "0.11"
|
tonic = "0.11"
|
||||||
tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
|
tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
|
||||||
|
|
||||||
|
cw-proof = { path = "../../utils/cw-proof" }
|
||||||
cw-tee-mtcs = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
cw-tee-mtcs = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||||
mtcs = { git = "ssh://git@github.com/informalsystems/mtcs.git" }
|
mtcs = { git = "ssh://git@github.com/informalsystems/mtcs.git" }
|
||||||
quartz-cw = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
quartz-cw = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||||
quartz-proto = { path = "../../utils/quartz-proto" }
|
quartz-proto = { path = "../../utils/quartz-proto" }
|
||||||
quartz-relayer = { path = "../../utils/quartz-relayer" }
|
quartz-relayer = { path = "../../utils/quartz-relayer" }
|
||||||
quartz-tee-ra = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
quartz-tee-ra = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||||
|
tm-stateless-verifier = { path = "../../utils/tm-stateless-verifier" }
|
||||||
|
|
||||||
[build-dependencies]
|
[build-dependencies]
|
||||||
tonic-build = "0.11"
|
tonic-build = "0.11"
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,15 @@
|
||||||
use std::sync::{Arc, Mutex};
|
use std::{
|
||||||
|
sync::{Arc, Mutex},
|
||||||
|
time::Duration,
|
||||||
|
};
|
||||||
|
|
||||||
|
use cw_proof::{
|
||||||
|
error::ProofError,
|
||||||
|
proof::{
|
||||||
|
cw::{CwProof, RawCwProof},
|
||||||
|
Proof,
|
||||||
|
},
|
||||||
|
};
|
||||||
use k256::ecdsa::SigningKey;
|
use k256::ecdsa::SigningKey;
|
||||||
use quartz_cw::{
|
use quartz_cw::{
|
||||||
msg::{
|
msg::{
|
||||||
|
|
@ -17,6 +27,12 @@ use quartz_proto::quartz::{
|
||||||
};
|
};
|
||||||
use quartz_relayer::types::{InstantiateResponse, SessionCreateResponse, SessionSetPubKeyResponse};
|
use quartz_relayer::types::{InstantiateResponse, SessionCreateResponse, SessionSetPubKeyResponse};
|
||||||
use rand::Rng;
|
use rand::Rng;
|
||||||
|
use serde::{Deserialize, Serialize};
|
||||||
|
use tendermint_light_client::{
|
||||||
|
light_client::Options,
|
||||||
|
types::{LightBlock, TrustThreshold},
|
||||||
|
};
|
||||||
|
use tm_stateless_verifier::make_provider;
|
||||||
use tonic::{Request, Response, Result as TonicResult, Status};
|
use tonic::{Request, Response, Result as TonicResult, Status};
|
||||||
|
|
||||||
use crate::attestor::Attestor;
|
use crate::attestor::Attestor;
|
||||||
|
|
@ -83,11 +99,67 @@ where
|
||||||
|
|
||||||
async fn session_set_pub_key(
|
async fn session_set_pub_key(
|
||||||
&self,
|
&self,
|
||||||
_request: Request<RawSessionSetPubKeyRequest>,
|
request: Request<RawSessionSetPubKeyRequest>,
|
||||||
) -> TonicResult<Response<RawSessionSetPubKeyResponse>> {
|
) -> TonicResult<Response<RawSessionSetPubKeyResponse>> {
|
||||||
// FIXME(hu55a1n1) - disallow calling more than once
|
// FIXME(hu55a1n1) - disallow calling more than once
|
||||||
|
let proof: ProofOfPublication = serde_json::from_str(&request.into_inner().message)
|
||||||
|
.map_err(|e| Status::invalid_argument(e.to_string()))?;
|
||||||
|
|
||||||
|
let config_trust_threshold = self.config.light_client_opts().trust_threshold();
|
||||||
|
let trust_threshold =
|
||||||
|
TrustThreshold::new(config_trust_threshold.0, config_trust_threshold.1).unwrap();
|
||||||
|
|
||||||
|
let config_trusting_period = self.config.light_client_opts().trusting_period();
|
||||||
|
let trusting_period = Duration::from_secs(config_trusting_period);
|
||||||
|
|
||||||
|
let config_clock_drift = self.config.light_client_opts().max_clock_drift();
|
||||||
|
let clock_drift = Duration::from_secs(config_clock_drift);
|
||||||
|
let options = Options {
|
||||||
|
trust_threshold,
|
||||||
|
trusting_period,
|
||||||
|
clock_drift,
|
||||||
|
};
|
||||||
|
|
||||||
|
let target_height = proof.light_client_proof.last().unwrap().height();
|
||||||
|
|
||||||
|
let primary_block = make_provider(
|
||||||
|
self.config.light_client_opts().chain_id(),
|
||||||
|
self.config
|
||||||
|
.light_client_opts()
|
||||||
|
.trusted_height()
|
||||||
|
.try_into()
|
||||||
|
.unwrap(),
|
||||||
|
self.config
|
||||||
|
.light_client_opts()
|
||||||
|
.trusted_hash()
|
||||||
|
.to_vec()
|
||||||
|
.try_into()
|
||||||
|
.unwrap(),
|
||||||
|
proof.light_client_proof,
|
||||||
|
options,
|
||||||
|
)
|
||||||
|
.and_then(|mut primary| primary.verify_to_height(target_height))
|
||||||
|
.map_err(|e| Status::internal(e.to_string()))?;
|
||||||
|
|
||||||
|
let proof = CwProof::from(proof.merkle_proof);
|
||||||
|
proof
|
||||||
|
.verify(
|
||||||
|
primary_block
|
||||||
|
.signed_header
|
||||||
|
.header
|
||||||
|
.app_hash
|
||||||
|
.as_bytes()
|
||||||
|
.to_vec(),
|
||||||
|
)
|
||||||
|
.map_err(|e: ProofError| Status::internal(e.to_string()))?;
|
||||||
|
|
||||||
|
let nonce_onchain: Nonce = serde_json::from_slice(&proof.value).unwrap();
|
||||||
let nonce = self.nonce.lock().unwrap();
|
let nonce = self.nonce.lock().unwrap();
|
||||||
|
|
||||||
|
if nonce_onchain != *nonce {
|
||||||
|
return Err(Status::unauthenticated("nonce mismatch"));
|
||||||
|
}
|
||||||
|
|
||||||
let sk = SigningKey::random(&mut rand::thread_rng());
|
let sk = SigningKey::random(&mut rand::thread_rng());
|
||||||
*self.sk.lock().unwrap() = Some(sk.clone());
|
*self.sk.lock().unwrap() = Some(sk.clone());
|
||||||
let pk = sk.verifying_key();
|
let pk = sk.verifying_key();
|
||||||
|
|
@ -103,3 +175,9 @@ where
|
||||||
Ok(Response::new(response.into()))
|
Ok(Response::new(response.into()))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||||
|
pub struct ProofOfPublication {
|
||||||
|
light_client_proof: Vec<LightBlock>,
|
||||||
|
merkle_proof: RawCwProof,
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -20,7 +20,9 @@ message SessionCreateResponse {
|
||||||
string message = 1;
|
string message = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
message SessionSetPubKeyRequest {}
|
message SessionSetPubKeyRequest {
|
||||||
|
string message = 1;
|
||||||
|
}
|
||||||
|
|
||||||
message SessionSetPubKeyResponse {
|
message SessionSetPubKeyResponse {
|
||||||
string message = 1;
|
string message = 1;
|
||||||
|
|
|
||||||
|
|
@ -18,7 +18,10 @@ pub struct SessionCreateResponse {
|
||||||
}
|
}
|
||||||
#[allow(clippy::derive_partial_eq_without_eq)]
|
#[allow(clippy::derive_partial_eq_without_eq)]
|
||||||
#[derive(Clone, PartialEq, ::prost::Message)]
|
#[derive(Clone, PartialEq, ::prost::Message)]
|
||||||
pub struct SessionSetPubKeyRequest {}
|
pub struct SessionSetPubKeyRequest {
|
||||||
|
#[prost(string, tag = "1")]
|
||||||
|
pub message: ::prost::alloc::string::String,
|
||||||
|
}
|
||||||
#[allow(clippy::derive_partial_eq_without_eq)]
|
#[allow(clippy::derive_partial_eq_without_eq)]
|
||||||
#[derive(Clone, PartialEq, ::prost::Message)]
|
#[derive(Clone, PartialEq, ::prost::Message)]
|
||||||
pub struct SessionSetPubKeyResponse {
|
pub struct SessionSetPubKeyResponse {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue