Verify PoP(Nonce)
This commit is contained in:
hu55a1n1
parent
bed57e5185
commit
29bfe1c2c3
5 changed files with 94 additions and 7 deletions
8
Cargo.lock
generated
8
Cargo.lock
generated
|
|
@ -835,7 +835,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "cw-tee-mtcs"
|
||||
version = "0.1.0"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||
dependencies = [
|
||||
"cosmwasm-schema",
|
||||
"cosmwasm-std",
|
||||
|
|
@ -2455,7 +2455,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "quartz-cw"
|
||||
version = "0.1.0"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||
dependencies = [
|
||||
"cosmwasm-schema",
|
||||
"cosmwasm-std",
|
||||
|
|
@ -2475,6 +2475,7 @@ dependencies = [
|
|||
"clap",
|
||||
"color-eyre",
|
||||
"cosmwasm-std",
|
||||
"cw-proof",
|
||||
"cw-tee-mtcs",
|
||||
"ecies",
|
||||
"k256 0.13.3",
|
||||
|
|
@ -2489,6 +2490,7 @@ dependencies = [
|
|||
"serde_json",
|
||||
"tendermint 0.34.0",
|
||||
"tendermint-light-client",
|
||||
"tm-stateless-verifier",
|
||||
"tokio",
|
||||
"tonic 0.11.0",
|
||||
"tonic-build",
|
||||
|
|
@ -2530,7 +2532,7 @@ dependencies = [
|
|||
[[package]]
|
||||
name = "quartz-tee-ra"
|
||||
version = "0.1.0"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#48508d739427bd3f2a983c8e8d4c6eb2e677aff2"
|
||||
source = "git+ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git?branch=hu55a1n1/11-use-quartz#e2ce14cb275e9668739b63659535ea721f95b0ff"
|
||||
dependencies = [
|
||||
"cosmwasm-schema",
|
||||
"cosmwasm-std",
|
||||
|
|
|
|||
|
|
@ -18,12 +18,14 @@ tendermint-light-client = "0.34.0"
|
|||
tonic = "0.11"
|
||||
tokio = { version = "1.0", features = ["macros", "rt-multi-thread"] }
|
||||
|
||||
cw-proof = { path = "../../utils/cw-proof" }
|
||||
cw-tee-mtcs = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||
mtcs = { git = "ssh://git@github.com/informalsystems/mtcs.git" }
|
||||
quartz-cw = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||
quartz-proto = { path = "../../utils/quartz-proto" }
|
||||
quartz-relayer = { path = "../../utils/quartz-relayer" }
|
||||
quartz-tee-ra = { git = "ssh://git@github.com/informalsystems/bisenzone-cw-mvp.git", branch = "hu55a1n1/11-use-quartz" }
|
||||
tm-stateless-verifier = { path = "../../utils/tm-stateless-verifier" }
|
||||
|
||||
[build-dependencies]
|
||||
tonic-build = "0.11"
|
||||
|
|
|
|||
|
|
@ -1,5 +1,15 @@
|
|||
use std::sync::{Arc, Mutex};
|
||||
use std::{
|
||||
sync::{Arc, Mutex},
|
||||
time::Duration,
|
||||
};
|
||||
|
||||
use cw_proof::{
|
||||
error::ProofError,
|
||||
proof::{
|
||||
cw::{CwProof, RawCwProof},
|
||||
Proof,
|
||||
},
|
||||
};
|
||||
use k256::ecdsa::SigningKey;
|
||||
use quartz_cw::{
|
||||
msg::{
|
||||
|
|
@ -17,6 +27,12 @@ use quartz_proto::quartz::{
|
|||
};
|
||||
use quartz_relayer::types::{InstantiateResponse, SessionCreateResponse, SessionSetPubKeyResponse};
|
||||
use rand::Rng;
|
||||
use serde::{Deserialize, Serialize};
|
||||
use tendermint_light_client::{
|
||||
light_client::Options,
|
||||
types::{LightBlock, TrustThreshold},
|
||||
};
|
||||
use tm_stateless_verifier::make_provider;
|
||||
use tonic::{Request, Response, Result as TonicResult, Status};
|
||||
|
||||
use crate::attestor::Attestor;
|
||||
|
|
@ -83,11 +99,67 @@ where
|
|||
|
||||
async fn session_set_pub_key(
|
||||
&self,
|
||||
_request: Request<RawSessionSetPubKeyRequest>,
|
||||
request: Request<RawSessionSetPubKeyRequest>,
|
||||
) -> TonicResult<Response<RawSessionSetPubKeyResponse>> {
|
||||
// FIXME(hu55a1n1) - disallow calling more than once
|
||||
let proof: ProofOfPublication = serde_json::from_str(&request.into_inner().message)
|
||||
.map_err(|e| Status::invalid_argument(e.to_string()))?;
|
||||
|
||||
let config_trust_threshold = self.config.light_client_opts().trust_threshold();
|
||||
let trust_threshold =
|
||||
TrustThreshold::new(config_trust_threshold.0, config_trust_threshold.1).unwrap();
|
||||
|
||||
let config_trusting_period = self.config.light_client_opts().trusting_period();
|
||||
let trusting_period = Duration::from_secs(config_trusting_period);
|
||||
|
||||
let config_clock_drift = self.config.light_client_opts().max_clock_drift();
|
||||
let clock_drift = Duration::from_secs(config_clock_drift);
|
||||
let options = Options {
|
||||
trust_threshold,
|
||||
trusting_period,
|
||||
clock_drift,
|
||||
};
|
||||
|
||||
let target_height = proof.light_client_proof.last().unwrap().height();
|
||||
|
||||
let primary_block = make_provider(
|
||||
self.config.light_client_opts().chain_id(),
|
||||
self.config
|
||||
.light_client_opts()
|
||||
.trusted_height()
|
||||
.try_into()
|
||||
.unwrap(),
|
||||
self.config
|
||||
.light_client_opts()
|
||||
.trusted_hash()
|
||||
.to_vec()
|
||||
.try_into()
|
||||
.unwrap(),
|
||||
proof.light_client_proof,
|
||||
options,
|
||||
)
|
||||
.and_then(|mut primary| primary.verify_to_height(target_height))
|
||||
.map_err(|e| Status::internal(e.to_string()))?;
|
||||
|
||||
let proof = CwProof::from(proof.merkle_proof);
|
||||
proof
|
||||
.verify(
|
||||
primary_block
|
||||
.signed_header
|
||||
.header
|
||||
.app_hash
|
||||
.as_bytes()
|
||||
.to_vec(),
|
||||
)
|
||||
.map_err(|e: ProofError| Status::internal(e.to_string()))?;
|
||||
|
||||
let nonce_onchain: Nonce = serde_json::from_slice(&proof.value).unwrap();
|
||||
let nonce = self.nonce.lock().unwrap();
|
||||
|
||||
if nonce_onchain != *nonce {
|
||||
return Err(Status::unauthenticated("nonce mismatch"));
|
||||
}
|
||||
|
||||
let sk = SigningKey::random(&mut rand::thread_rng());
|
||||
*self.sk.lock().unwrap() = Some(sk.clone());
|
||||
let pk = sk.verifying_key();
|
||||
|
|
@ -103,3 +175,9 @@ where
|
|||
Ok(Response::new(response.into()))
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, Serialize, Deserialize)]
|
||||
pub struct ProofOfPublication {
|
||||
light_client_proof: Vec<LightBlock>,
|
||||
merkle_proof: RawCwProof,
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,9 @@ message SessionCreateResponse {
|
|||
string message = 1;
|
||||
}
|
||||
|
||||
message SessionSetPubKeyRequest {}
|
||||
message SessionSetPubKeyRequest {
|
||||
string message = 1;
|
||||
}
|
||||
|
||||
message SessionSetPubKeyResponse {
|
||||
string message = 1;
|
||||
|
|
|
|||
|
|
@ -18,7 +18,10 @@ pub struct SessionCreateResponse {
|
|||
}
|
||||
#[allow(clippy::derive_partial_eq_without_eq)]
|
||||
#[derive(Clone, PartialEq, ::prost::Message)]
|
||||
pub struct SessionSetPubKeyRequest {}
|
||||
pub struct SessionSetPubKeyRequest {
|
||||
#[prost(string, tag = "1")]
|
||||
pub message: ::prost::alloc::string::String,
|
||||
}
|
||||
#[allow(clippy::derive_partial_eq_without_eq)]
|
||||
#[derive(Clone, PartialEq, ::prost::Message)]
|
||||
pub struct SessionSetPubKeyResponse {
|
||||
|
|
|
|||
Loading…
Reference in a new issue