diff --git a/Cargo.lock b/Cargo.lock index a9360bf7..c7889389 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -990,7 +990,7 @@ dependencies = [ [[package]] name = "frame-benchmarking" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support", "frame-support-procedural", @@ -1027,7 +1027,7 @@ dependencies = [ [[package]] name = "frame-support" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bitflags", "environmental", @@ -1060,7 +1060,7 @@ dependencies = [ [[package]] name = "frame-support-procedural" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "cfg-expr", @@ -1076,7 +1076,7 @@ dependencies = [ [[package]] name = "frame-support-procedural-tools" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support-procedural-tools-derive", "proc-macro-crate", @@ -1088,7 +1088,7 @@ dependencies = [ [[package]] name = "frame-support-procedural-tools-derive" version = "3.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -1098,7 +1098,7 @@ dependencies = [ [[package]] name = "frame-system" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-support", "log", @@ -2111,7 +2111,7 @@ checksum = "ff011a302c396a5197692431fc1948019154afc178baf7d8e37367442a4601cf" [[package]] name = "pallet-balances" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -2277,7 +2277,7 @@ dependencies = [ [[package]] name = "pallet-timestamp" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -2295,7 +2295,7 @@ dependencies = [ [[package]] name = "pallet-vesting" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-benchmarking", "frame-support", @@ -3385,7 +3385,7 @@ dependencies = [ [[package]] name = "sp-api" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "hash-db", "log", @@ -3405,7 +3405,7 @@ dependencies = [ [[package]] name = "sp-api-proc-macro" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "blake2", @@ -3419,7 +3419,7 @@ dependencies = [ [[package]] name = "sp-application-crypto" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3432,7 +3432,7 @@ dependencies = [ [[package]] name = "sp-arithmetic" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "integer-sqrt", "num-traits", @@ -3446,7 +3446,7 @@ dependencies = [ [[package]] name = "sp-authority-discovery" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3459,7 +3459,7 @@ dependencies = [ [[package]] name = "sp-consensus-slots" version = "0.10.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3471,7 +3471,7 @@ dependencies = [ [[package]] name = "sp-core" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "array-bytes", "bitflags", @@ -3515,7 +3515,7 @@ dependencies = [ [[package]] name = "sp-core-hashing" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "blake2b_simd", "byteorder", @@ -3544,7 +3544,7 @@ dependencies = [ [[package]] name = "sp-core-hashing-proc-macro" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -3555,7 +3555,7 @@ dependencies = [ [[package]] name = "sp-debug-derive" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "proc-macro2", "quote", @@ -3565,7 +3565,7 @@ dependencies = [ [[package]] name = "sp-externalities" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "environmental", "parity-scale-codec", @@ -3576,7 +3576,7 @@ dependencies = [ [[package]] name = "sp-inherents" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "async-trait", "impl-trait-for-tuples", @@ -3591,7 +3591,7 @@ dependencies = [ [[package]] name = "sp-io" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bytes", "ed25519", @@ -3617,7 +3617,7 @@ dependencies = [ [[package]] name = "sp-keyring" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "lazy_static", "sp-core", @@ -3628,7 +3628,7 @@ dependencies = [ [[package]] name = "sp-keystore" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "futures", "parity-scale-codec", @@ -3642,7 +3642,7 @@ dependencies = [ [[package]] name = "sp-metadata-ir" version = "0.1.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "frame-metadata", "parity-scale-codec", @@ -3653,7 +3653,7 @@ dependencies = [ [[package]] name = "sp-panic-handler" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "backtrace", "lazy_static", @@ -3663,7 +3663,7 @@ dependencies = [ [[package]] name = "sp-runtime" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "either", "hash256-std-hasher", @@ -3685,7 +3685,7 @@ dependencies = [ [[package]] name = "sp-runtime-interface" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "bytes", "impl-trait-for-tuples", @@ -3703,7 +3703,7 @@ dependencies = [ [[package]] name = "sp-runtime-interface-proc-macro" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "Inflector", "proc-macro-crate", @@ -3715,7 +3715,7 @@ dependencies = [ [[package]] name = "sp-staking" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", @@ -3728,7 +3728,7 @@ dependencies = [ [[package]] name = "sp-state-machine" version = "0.13.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "hash-db", "log", @@ -3748,7 +3748,7 @@ dependencies = [ [[package]] name = "sp-std" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" [[package]] name = "sp-std" @@ -3759,7 +3759,7 @@ checksum = "1de8eef39962b5b97478719c493bed2926cf70cb621005bbf68ebe58252ff986" [[package]] name = "sp-storage" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "impl-serde", "parity-scale-codec", @@ -3772,7 +3772,7 @@ dependencies = [ [[package]] name = "sp-timestamp" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "async-trait", "futures-timer", @@ -3787,7 +3787,7 @@ dependencies = [ [[package]] name = "sp-tracing" version = "6.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "sp-std 5.0.0", @@ -3799,7 +3799,7 @@ dependencies = [ [[package]] name = "sp-trie" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "ahash 0.8.3", "hash-db", @@ -3822,7 +3822,7 @@ dependencies = [ [[package]] name = "sp-version" version = "5.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "impl-serde", "parity-scale-codec", @@ -3839,7 +3839,7 @@ dependencies = [ [[package]] name = "sp-version-proc-macro" version = "4.0.0-dev" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "proc-macro2", @@ -3850,7 +3850,7 @@ dependencies = [ [[package]] name = "sp-wasm-interface" version = "7.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "anyhow", "impl-trait-for-tuples", @@ -3864,7 +3864,7 @@ dependencies = [ [[package]] name = "sp-weights" version = "4.0.0" -source = "git+https://github.com/paritytech/substrate?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" +source = "git+https://github.com/paritytech/substrate.git?branch=polkadot-v0.9.42#569aae5341ea0c1d10426fa1ec13a36c0b64393b" dependencies = [ "parity-scale-codec", "scale-info", diff --git a/enclave-bridge/src/mock.rs b/enclave-bridge/src/mock.rs index e1d5fa31..58292c5d 100644 --- a/enclave-bridge/src/mock.rs +++ b/enclave-bridge/src/mock.rs @@ -152,7 +152,10 @@ pub fn new_test_ext() -> sp_io::TestExternalities { } .assimilate_storage(&mut t) .unwrap(); - let teerex_config = pallet_teerex::GenesisConfig { allow_sgx_debug_mode: true }; + let teerex_config = pallet_teerex::GenesisConfig { + allow_sgx_debug_mode: true, + allow_skipping_attestation: true, + }; GenesisBuild::::assimilate_storage(&teerex_config, &mut t).unwrap(); let mut ext: sp_io::TestExternalities = t.into(); diff --git a/sidechain/Cargo.toml b/sidechain/Cargo.toml index fa1e7735..f486f268 100644 --- a/sidechain/Cargo.toml +++ b/sidechain/Cargo.toml @@ -74,8 +74,5 @@ runtime-benchmarks = [ "pallet-timestamp/runtime-benchmarks", "test-utils", ] -# Allow workers to register without remote attestation for dev purposes. -# This pallet needs the flag only to run the tests, otherwise skip-ias-check should only be set in the pallet-teerex. -skip-ias-check = [] try-runtime = ["frame-support/try-runtime"] diff --git a/sidechain/src/lib.rs b/sidechain/src/lib.rs index c659f4fc..e1f3a0fb 100644 --- a/sidechain/src/lib.rs +++ b/sidechain/src/lib.rs @@ -153,6 +153,6 @@ impl Pallet { mod benchmarking; #[cfg(test)] mod mock; -#[cfg(all(test, not(feature = "skip-ias-check")))] +#[cfg(test)] mod tests; pub mod weights; diff --git a/sidechain/src/mock.rs b/sidechain/src/mock.rs index d0f8dedc..cbbe1b9d 100644 --- a/sidechain/src/mock.rs +++ b/sidechain/src/mock.rs @@ -162,7 +162,10 @@ pub fn new_test_ext() -> sp_io::TestExternalities { } .assimilate_storage(&mut t) .unwrap(); - let teerex_config = pallet_teerex::GenesisConfig { allow_sgx_debug_mode: true }; + let teerex_config = pallet_teerex::GenesisConfig { + allow_sgx_debug_mode: true, + allow_skipping_attestation: true, + }; GenesisBuild::::assimilate_storage(&teerex_config, &mut t).unwrap(); let mut ext: sp_io::TestExternalities = t.into(); diff --git a/teeracle/src/benchmarking.rs b/teeracle/src/benchmarking.rs index a34ff640..eb0516ed 100644 --- a/teeracle/src/benchmarking.rs +++ b/teeracle/src/benchmarking.rs @@ -35,16 +35,9 @@ use test_utils::{ test_data::{consts::*, ias::*}, }; -fn ensure_not_skipping_ra_check() { - #[cfg(not(test))] - if cfg!(feature = "skip-ias-check") { - panic!("Benchmark does not allow the `skip-ias-check` flag."); - }; -} benchmarks! { where_clause { where T::AccountId: From<[u8; 32]>, T::Hash: From<[u8; 32]> } update_exchange_rate { - ensure_not_skipping_ra_check(); timestamp::Pallet::::set_timestamp(TEST4_SETUP.timestamp.checked_into().unwrap()); let signer: T::AccountId = get_signer(TEST4_SETUP.signer_pub); let trading_pair: TradingPairString = "DOT/USD".into(); @@ -67,7 +60,6 @@ benchmarks! { } update_oracle { - ensure_not_skipping_ra_check(); timestamp::Pallet::::set_timestamp(TEST4_SETUP.timestamp.checked_into().unwrap()); let signer: T::AccountId = get_signer(TEST4_SETUP.signer_pub); let oracle_name = OracleDataName::from("Test_Oracle_Name"); diff --git a/teeracle/src/mock.rs b/teeracle/src/mock.rs index 4109003e..4cf17574 100644 --- a/teeracle/src/mock.rs +++ b/teeracle/src/mock.rs @@ -153,7 +153,10 @@ pub fn new_test_ext() -> sp_io::TestExternalities { } .assimilate_storage(&mut t) .unwrap(); - let teerex_config = pallet_teerex::GenesisConfig { allow_sgx_debug_mode: true }; + let teerex_config = pallet_teerex::GenesisConfig { + allow_sgx_debug_mode: true, + allow_skipping_attestation: true, + }; GenesisBuild::::assimilate_storage(&teerex_config, &mut t).unwrap(); let mut ext: sp_io::TestExternalities = t.into(); diff --git a/teerex/src/benchmarking.rs b/teerex/src/benchmarking.rs index ff19b722..12581d19 100644 --- a/teerex/src/benchmarking.rs +++ b/teerex/src/benchmarking.rs @@ -35,13 +35,6 @@ use test_utils::{ const MAX_SILENCE_TIME: u64 = 172_800_000; // 48h -fn ensure_not_skipping_ra_check() { - #[cfg(not(test))] - if cfg!(feature = "skip-ias-check") { - panic!("Benchmark does not allow the `skip-ias-check` flag."); - }; -} - fn generate_accounts(amount: u32) -> Vec { (0..amount).map(|n| account("dummy name", n, n)).collect() } @@ -57,7 +50,6 @@ benchmarks! { // Benchmark `register_sgx_enclave` with the worst possible conditions (DCAP sovereign is more involved than Ias or proxied DCAP): // * dcap registration succeeds with `proxied: false` register_sgx_enclave { - ensure_not_skipping_ra_check(); timestamp::Pallet::::set_timestamp(TEST_VALID_COLLATERAL_TIMESTAMP.checked_into().unwrap()); let signer: T::AccountId = get_signer(&TEST1_DCAP_QUOTE_SIGNER); @@ -74,7 +66,6 @@ benchmarks! { // Benchmark `register_quoting_enclave` with the worst possible conditions: // * quoting enclave registration succeeds register_quoting_enclave { - ensure_not_skipping_ra_check(); timestamp::Pallet::::set_timestamp(TEST_VALID_COLLATERAL_TIMESTAMP.checked_into().unwrap()); let signer: T::AccountId = get_signer(&TEST1_DCAP_QUOTE_SIGNER); @@ -87,7 +78,6 @@ benchmarks! { // Benchmark `register_tcb_info` with the worst possible conditions: // * tcb registration succeeds register_tcb_info { - ensure_not_skipping_ra_check(); timestamp::Pallet::::set_timestamp(TEST_VALID_COLLATERAL_TIMESTAMP.checked_into().unwrap()); let signer: T::AccountId = get_signer(&TEST1_DCAP_QUOTE_SIGNER); register_test_quoting_enclave::(signer.clone()); @@ -127,6 +117,13 @@ benchmarks! { verify { assert!(!crate::ProxiedEnclaves::::contains_key(&key0)); } + + set_security_flags { + }: _(RawOrigin::Root, false, true) + verify { + assert_eq!(crate::AllowSkippingAttestation::::get(), false); + assert_eq!(crate::SgxAllowDebugMode::::get(), true); + } } fn add_sovereign_enclaves_to_registry(accounts: &[T::AccountId]) { diff --git a/teerex/src/lib.rs b/teerex/src/lib.rs index baa267af..5a4160ee 100644 --- a/teerex/src/lib.rs +++ b/teerex/src/lib.rs @@ -88,6 +88,10 @@ pub mod pallet { SgxQuotingEnclaveRegistered { quoting_enclave: SgxQuotingEnclave, }, + UpdatedSecurityFlags { + allow_skipping_attestation: bool, + sgx_allow_debug_mode: bool, + }, } #[pallet::storage] @@ -114,20 +118,38 @@ pub mod pallet { pub type SgxTcbInfo = StorageMap<_, Blake2_128Concat, Fmspc, SgxTcbInfoOnChain, ValueQuery>; + #[pallet::type_value] + pub fn DefaultSgxAllowDebugMode() -> bool { + false + } + #[pallet::storage] #[pallet::getter(fn allow_sgx_debug_mode)] - pub type SgxAllowDebugMode = StorageValue<_, bool, ValueQuery>; + pub type SgxAllowDebugMode = + StorageValue<_, bool, ValueQuery, DefaultSgxAllowDebugMode>; + + #[pallet::type_value] + pub fn DefaultAllowSkippingAttestation() -> bool { + false + } + + #[pallet::storage] + #[pallet::getter(fn allow_skipping_attestation)] + pub type AllowSkippingAttestation = + StorageValue<_, bool, ValueQuery, DefaultAllowSkippingAttestation>; #[pallet::genesis_config] #[cfg_attr(feature = "std", derive(Default))] pub struct GenesisConfig { pub allow_sgx_debug_mode: bool, + pub allow_skipping_attestation: bool, } #[pallet::genesis_build] impl GenesisBuild for GenesisConfig { fn build(&self) { SgxAllowDebugMode::::put(self.allow_sgx_debug_mode); + AllowSkippingAttestation::::put(self.allow_skipping_attestation); } } @@ -231,17 +253,24 @@ pub mod pallet { ) .with_attestation_method(SgxAttestationMethod::Dcap { proxied }) }, - SgxAttestationMethod::Skip { proxied } => SgxEnclave::new( - SgxReportData::default(), - // insert mrenclave if the ra_report represents one, otherwise insert default - ::decode(&mut proof.as_slice()).unwrap_or_default(), - MrSigner::default(), - >::get().saturated_into(), - SgxBuildMode::default(), - SgxStatus::Invalid, - ) - .with_pubkey(sender.encode().as_ref()) - .with_attestation_method(SgxAttestationMethod::Skip { proxied }), + SgxAttestationMethod::Skip { proxied } => { + if !Self::allow_skipping_attestation() { + log::debug!(target: TEEREX, "skipping attestation not allowed",); + return Err(>::SkippingAttestationNotAllowed.into()) + } + log::debug!(target: TEEREX, "skipping attestation verification",); + SgxEnclave::new( + SgxReportData::default(), + // insert mrenclave if the ra_report represents one, otherwise insert default + ::decode(&mut proof.as_slice()).unwrap_or_default(), + MrSigner::default(), + >::get().saturated_into(), + SgxBuildMode::default(), + SgxStatus::Invalid, + ) + .with_pubkey(sender.encode().as_ref()) + .with_attestation_method(SgxAttestationMethod::Skip { proxied }) + }, }; if !>::get() && enclave.build_mode == SgxBuildMode::Debug { @@ -360,6 +389,25 @@ pub mod pallet { Self::deposit_event(Event::SgxTcbInfoRegistered { fmspc, on_chain_info }); Ok(().into()) } + + #[pallet::call_index(5)] + #[pallet::weight((::WeightInfo::set_security_flags(), DispatchClass::Normal, Pays::Yes))] + pub fn set_security_flags( + origin: OriginFor, + allow_skipping_attestation: bool, + sgx_allow_debug_mode: bool, + ) -> DispatchResultWithPostInfo { + log::debug!(target: TEEREX, "Called into runtime call set_security_flags()"); + ensure_root(origin)?; + >::set(allow_skipping_attestation); + >::set(sgx_allow_debug_mode); + log::info!(target: TEEREX, "set security flags"); + Self::deposit_event(Event::UpdatedSecurityFlags { + allow_skipping_attestation, + sgx_allow_debug_mode, + }); + Ok(().into()) + } } #[pallet::error] @@ -385,6 +433,8 @@ pub mod pallet { CollateralInvalid, /// It is not allowed to unregister enclaves with recent activity UnregisterActiveEnclaveNotAllowed, + /// skipping attestation not allowed by configuration + SkippingAttestationNotAllowed, } } diff --git a/teerex/src/mock.rs b/teerex/src/mock.rs index c7082758..56246486 100644 --- a/teerex/src/mock.rs +++ b/teerex/src/mock.rs @@ -145,7 +145,8 @@ pub fn new_test_ext() -> sp_io::TestExternalities { } .assimilate_storage(&mut t) .unwrap(); - let teerex_config = crate::GenesisConfig { allow_sgx_debug_mode: true }; + let teerex_config = + crate::GenesisConfig { allow_sgx_debug_mode: true, allow_skipping_attestation: true }; GenesisBuild::::assimilate_storage(&teerex_config, &mut t).unwrap(); let mut ext: sp_io::TestExternalities = t.into(); @@ -154,7 +155,6 @@ pub fn new_test_ext() -> sp_io::TestExternalities { } //Build genesis storage for mockup, where RA from enclave compiled in debug mode is NOT allowed -#[cfg(not(feature = "skip-ias-check"))] pub fn new_test_production_ext() -> sp_io::TestExternalities { let mut t = system::GenesisConfig::default().build_storage::().unwrap(); pallet_balances::GenesisConfig:: { @@ -163,7 +163,8 @@ pub fn new_test_production_ext() -> sp_io::TestExternalities { .assimilate_storage(&mut t) .unwrap(); - let teerex_config = crate::GenesisConfig { allow_sgx_debug_mode: false }; + let teerex_config = + crate::GenesisConfig { allow_sgx_debug_mode: false, allow_skipping_attestation: false }; GenesisBuild::::assimilate_storage(&teerex_config, &mut t).unwrap(); let mut ext: sp_io::TestExternalities = t.into(); @@ -172,7 +173,6 @@ pub fn new_test_production_ext() -> sp_io::TestExternalities { } /// Helper method for the OnTimestampSet to be called -#[cfg(not(feature = "skip-ias-check"))] pub fn set_timestamp(t: u64) { let _ = timestamp::Pallet::::set(RuntimeOrigin::none(), t); } diff --git a/teerex/src/tests/mod.rs b/teerex/src/tests/mod.rs index cda1fd15..538a48f0 100644 --- a/teerex/src/tests/mod.rs +++ b/teerex/src/tests/mod.rs @@ -14,7 +14,4 @@ limitations under the License. */ -#[cfg(feature = "skip-ias-check")] -mod skip_ias_check_tests; -#[cfg(not(feature = "skip-ias-check"))] mod test_cases; diff --git a/teerex/src/tests/skip_ias_check_tests.rs b/teerex/src/tests/skip_ias_check_tests.rs deleted file mode 100644 index fcd5049a..00000000 --- a/teerex/src/tests/skip_ias_check_tests.rs +++ /dev/null @@ -1,95 +0,0 @@ -/* - Copyright 2021 Integritee AG and Supercomputing Systems AG - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - -*/ - -use crate::{mock::*, EnclaveRegistry, SgxEnclave}; -use frame_support::assert_ok; -use sp_keyring::AccountKeyring; -use test_utils::{ - test_data::consts::{TEST4_MRENCLAVE, URL}, - TestEnclave, -}; - -fn now() -> u64 { - >::get() -} - -fn test_enclave() -> SgxEnclave> { - SgxEnclave::test_enclave() - .with_pubkey(&AccountKeyring::Alice.public().to_vec()) - .with_timestamp(now()) - .with_url(URL.to_vec()) -} - -#[test] -fn register_ias_enclave_with_empty_mrenclave_works() { - new_test_ext().execute_with(|| { - assert_ok!(Teerex::register_ias_enclave( - RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()), - Vec::new(), - URL.to_vec() - )); - - assert_eq!(Teerex::enclave_count(), 1); - assert_eq!(>::get(1).unwrap(), test_enclave()); - }) -} - -#[test] -fn register_ias_enclave_with_mrenclave_works() { - new_test_ext().execute_with(|| { - assert_ok!(Teerex::register_ias_enclave( - RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()), - TEST4_MRENCLAVE.to_vec(), - URL.to_vec() - )); - - let enc = test_enclave().with_mr_enclave(TEST4_MRENCLAVE); - - assert_eq!(Teerex::enclave_count(), 1); - assert_eq!(>::get(1).unwrap(), enc); - }) -} - -#[test] -fn register_ias_enclave_with_faulty_mrenclave_inserts_default() { - new_test_ext().execute_with(|| { - assert_ok!(Teerex::register_ias_enclave( - RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()), - [1u8, 2].to_vec(), - URL.to_vec() - )); - - assert_eq!(Teerex::enclave_count(), 1); - assert_eq!(>::get(1).unwrap(), test_enclave()); - }) -} - -#[test] -fn register_ias_enclave_with_empty_url_inserts_default() { - new_test_ext().execute_with(|| { - assert_ok!(Teerex::register_ias_enclave( - RuntimeOrigin::signed(AccountKeyring::Alice.to_account_id()), - Vec::new(), - Vec::new(), - )); - - let enc = test_enclave().with_url(Default::default()); - - assert_eq!(Teerex::enclave_count(), 1); - assert_eq!(>::get(1).unwrap(), enc); - }) -} diff --git a/teerex/src/tests/test_cases.rs b/teerex/src/tests/test_cases.rs index f7f4eef1..e8b0971e 100644 --- a/teerex/src/tests/test_cases.rs +++ b/teerex/src/tests/test_cases.rs @@ -18,7 +18,8 @@ use crate::{ mock::*, test_helpers::{register_test_quoting_enclave, register_test_tcb_info}, - Error, Event as TeerexEvent, ProxiedEnclaves, SgxEnclave, SovereignEnclaves, + AllowSkippingAttestation, Error, Event as TeerexEvent, ProxiedEnclaves, SgxAllowDebugMode, + SgxEnclave, SovereignEnclaves, }; use frame_support::{assert_err, assert_ok}; use hex_literal::hex; @@ -47,6 +48,28 @@ fn get_signer(pubkey: &[u8; 32]) -> AccountId { test_utils::get_signer(pubkey) } +#[test] +fn set_security_flags_works() { + new_test_ext().execute_with(|| { + assert_ok!(Teerex::set_security_flags(RuntimeOrigin::root(), true, false)); + assert_eq!(>::get(), true); + assert_eq!(>::get(), false); + let expected_event = RuntimeEvent::Teerex(TeerexEvent::UpdatedSecurityFlags { + allow_skipping_attestation: true, + sgx_allow_debug_mode: false, + }); + assert!(System::events().iter().any(|a| a.event == expected_event)) + }) +} + +#[test] +fn set_security_flags_as_non_root_fails() { + new_test_ext().execute_with(|| { + let alice = AccountKeyring::Alice.to_account_id(); + assert!(Teerex::set_security_flags(RuntimeOrigin::signed(alice), true, false).is_err()); + }) +} + #[test] fn add_and_remove_dcap_enclave_works() { new_test_ext().execute_with(|| { @@ -115,6 +138,84 @@ fn add_and_remove_dcap_proxied_enclave_works() { }) } +#[test] +fn skip_attestation_add_sovereign_enclave_works_if_allowed() { + new_test_ext().execute_with(|| { + Timestamp::set_timestamp(TEST_VALID_COLLATERAL_TIMESTAMP); + >::set(true); + let alice = AccountKeyring::Alice.to_account_id(); + assert_ok!(Teerex::register_sgx_enclave( + RuntimeOrigin::signed(alice.clone()), + TEST1_DCAP_QUOTE.to_vec(), + Some(URL.to_vec()), + SgxAttestationMethod::Skip { proxied: false } + )); + assert!(>::contains_key(&alice)); + if let MultiEnclave::Sgx(sgx_enclave) = Teerex::sovereign_enclaves(&alice).unwrap() { + assert_eq!( + sgx_enclave.attestation_method, + SgxAttestationMethod::Skip { proxied: false } + ); + } else { + panic!("wrong enclave type") + } + + >::set(false); + assert_err!( + Teerex::register_sgx_enclave( + RuntimeOrigin::signed(alice.clone()), + TEST1_DCAP_QUOTE.to_vec(), + Some(URL.to_vec()), + SgxAttestationMethod::Skip { proxied: false } + ), + Error::::SkippingAttestationNotAllowed + ); + }) +} + +#[test] +fn skip_attestation_add_proxied_enclave_works_if_allowed() { + new_test_ext().execute_with(|| { + Timestamp::set_timestamp(TEST_VALID_COLLATERAL_TIMESTAMP); + >::set(true); + let alice = AccountKeyring::Alice.to_account_id(); + let instance_address = EnclaveInstanceAddress { + fingerprint: TEST1_DCAP_QUOTE_MRENCLAVE.into(), + registrar: alice.clone(), + signer: AnySigner::from(AccountKeyring::Alice.public().0), + }; + + assert_ok!(Teerex::register_sgx_enclave( + RuntimeOrigin::signed(alice.clone()), + TEST1_DCAP_QUOTE_MRENCLAVE.to_vec(), + None, + SgxAttestationMethod::Skip { proxied: true } + )); + assert_eq!(list_proxied_enclaves()[0].0, instance_address); + assert!(>::contains_key(&instance_address)); + if let MultiEnclave::Sgx(sgx_enclave) = Teerex::proxied_enclaves(&instance_address).unwrap() + { + assert_eq!( + sgx_enclave.attestation_method, + SgxAttestationMethod::Skip { proxied: true } + ); + } else { + panic!("wrong enclave type") + } + + >::set(false); + assert_err!( + Teerex::register_sgx_enclave( + RuntimeOrigin::signed(alice.clone()), + TEST1_DCAP_QUOTE.to_vec(), + Some(URL.to_vec()), + SgxAttestationMethod::Skip { proxied: false } + ), + Error::::SkippingAttestationNotAllowed + ); + }) +} + #[test] fn unregister_active_sovereign_enclave_fails() { new_test_ext().execute_with(|| { diff --git a/teerex/src/weights.rs b/teerex/src/weights.rs index 8691178b..524bb589 100644 --- a/teerex/src/weights.rs +++ b/teerex/src/weights.rs @@ -55,6 +55,7 @@ pub trait WeightInfo { fn register_tcb_info() -> Weight; fn unregister_sovereign_enclave() -> Weight; fn unregister_proxied_enclave() -> Weight; + fn set_security_flags() -> Weight; } /// Weights for pallet_teerex using the Integritee parachain node and recommended hardware. @@ -136,6 +137,9 @@ impl WeightInfo for IntegriteeWeight { .saturating_add(T::DbWeight::get().reads(2)) .saturating_add(T::DbWeight::get().writes(1)) } + fn set_security_flags() -> Weight { + Weight::from_parts(46_200_000, 0u64) + } } /// For tests, weights have been generated with the integritee-node. @@ -214,4 +218,7 @@ impl WeightInfo for () { .saturating_add(RocksDbWeight::get().reads(2)) .saturating_add(RocksDbWeight::get().writes(1)) } + fn set_security_flags() -> Weight { + Weight::from_parts(46_200_000, 0u64) + } }