diff --git a/parentchain/src/lib.rs b/parentchain/src/lib.rs index 597b5aa2..bf864e87 100644 --- a/parentchain/src/lib.rs +++ b/parentchain/src/lib.rs @@ -14,9 +14,16 @@ pub mod pallet { /// Configuration trait. #[pallet::config] pub trait Config: frame_system::Config { + type RuntimeEvent: From> + IsType<::RuntimeEvent>; type WeightInfo: WeightInfo; } + #[pallet::event] + #[pallet::generate_deposit(pub(super) fn deposit_event)] + pub enum Event { + SetBlock { block_number: T::BlockNumber, parent_hash: T::Hash, block_hash: T::Hash }, + } + /// The current block number being processed. Set by `set_block`. #[pallet::storage] #[pallet::getter(fn block_number)] @@ -44,6 +51,11 @@ pub mod pallet { >::put(header.number()); >::put(header.parent_hash()); >::put(header.hash()); + Self::deposit_event(Event::SetBlock { + block_number: *header.number(), + parent_hash: *header.parent_hash(), + block_hash: header.hash(), + }); Ok(()) } } diff --git a/parentchain/src/mock.rs b/parentchain/src/mock.rs index a5345403..3e7af712 100644 --- a/parentchain/src/mock.rs +++ b/parentchain/src/mock.rs @@ -52,11 +52,12 @@ frame_support::construct_runtime!( { System: frame_system::{Pallet, Call, Config, Storage, Event}, Balances: pallet_balances::{Pallet, Call, Storage, Config, Event}, - Parentchain: pallet_parentchain::{Pallet, Call, Storage}, + Parentchain: pallet_parentchain::{Pallet, Call, Storage, Event}, } ); impl Config for Test { + type RuntimeEvent = RuntimeEvent; type WeightInfo = (); } diff --git a/parentchain/src/tests.rs b/parentchain/src/tests.rs index cef98f3a..79a858f2 100644 --- a/parentchain/src/tests.rs +++ b/parentchain/src/tests.rs @@ -14,7 +14,7 @@ limitations under the License. */ -use crate::mock::*; +use crate::{mock::*, Event as ParentchainEvent}; use frame_support::{assert_err, assert_ok}; use sp_core::H256; use sp_keyring::AccountKeyring; @@ -45,6 +45,10 @@ fn verify_storage_works() { assert_eq!(Parentchain::block_number(), block_number); assert_eq!(Parentchain::parent_hash(), parent_hash); assert_eq!(Parentchain::block_hash(), hash); + + System::assert_last_event( + ParentchainEvent::SetBlock { block_number, parent_hash, block_hash: hash }.into(), + ); }) } diff --git a/primitives/teerex/src/lib.rs b/primitives/teerex/src/lib.rs index 7707d4ba..11680673 100644 --- a/primitives/teerex/src/lib.rs +++ b/primitives/teerex/src/lib.rs @@ -34,6 +34,13 @@ impl Default for SgxBuildMode { } } +#[derive(Encode, Decode, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)] +pub enum AttestationMethod { + Dcap, + Ias, + Skip, +} + #[derive(Encode, Decode, Default, Copy, Clone, PartialEq, Eq, sp_core::RuntimeDebug, TypeInfo)] pub struct Enclave { pub pubkey: PubKey, // FIXME: this is redundant information diff --git a/teerex/src/lib.rs b/teerex/src/lib.rs index 533837f4..d25233de 100644 --- a/teerex/src/lib.rs +++ b/teerex/src/lib.rs @@ -26,6 +26,7 @@ use frame_support::{ use frame_system::{self, ensure_signed}; use sgx_verify::{ deserialize_enclave_identity, deserialize_tcb_info, extract_certs, verify_certificate_chain, + SgxStatus, }; use sp_core::H256; use sp_runtime::{traits::SaturatedConversion, Saturating}; @@ -80,7 +81,12 @@ pub mod pallet { #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] pub enum Event { - AddedEnclave(T::AccountId, Vec), + AddedEnclave { + registered_by: T::AccountId, + worker_url: Vec, + tcb_status: Option, + attestation_method: AttestationMethod, + }, RemovedEnclave(T::AccountId), Forwarded(ShardIdentifier), ShieldFunds(Vec), @@ -92,6 +98,13 @@ pub mod pallet { hash: H256, data: Vec, }, + TcbInfoRegistered { + fmspc: Fmspc, + on_chain_info: TcbInfoOnChain, + }, + QuotingEnclaveRegistered { + quoting_enclave: QuotingEnclave, + }, } // Watch out: we start indexing with 1 instead of zero in order to @@ -162,13 +175,16 @@ pub mod pallet { log::info!("teerex: parameter length ok"); #[cfg(not(feature = "skip-ias-check"))] - let enclave = Self::verify_report(&sender, ra_report).map(|report| { - Enclave::new( - sender.clone(), - report.mr_enclave, - report.timestamp, - worker_url.clone(), - report.build_mode, + let (enclave, report) = Self::verify_report(&sender, ra_report).map(|report| { + ( + Enclave::new( + sender.clone(), + report.mr_enclave, + report.timestamp, + worker_url.clone(), + report.build_mode, + ), + report, ) })?; @@ -192,7 +208,22 @@ pub mod pallet { ); Self::add_enclave(&sender, &enclave)?; - Self::deposit_event(Event::AddedEnclave(sender, worker_url)); + + #[cfg(not(feature = "skip-ias-check"))] + Self::deposit_event(Event::AddedEnclave { + registered_by: sender, + worker_url, + tcb_status: Some(report.status), + attestation_method: AttestationMethod::Ias, + }); + + #[cfg(feature = "skip-ias-check")] + Self::deposit_event(Event::AddedEnclave { + registered_by: sender, + worker_url, + tcb_status: None, + attestation_method: AttestationMethod::Skip, + }); Ok(().into()) } @@ -314,13 +345,16 @@ pub mod pallet { log::info!("teerex: parameter length ok"); #[cfg(not(feature = "skip-ias-check"))] - let enclave = Self::verify_dcap_quote(&sender, dcap_quote).map(|report| { - Enclave::new( - sender.clone(), - report.mr_enclave, - report.timestamp, - worker_url.clone(), - report.build_mode, + let (enclave, report) = Self::verify_dcap_quote(&sender, dcap_quote).map(|report| { + ( + Enclave::new( + sender.clone(), + report.mr_enclave, + report.timestamp, + worker_url.clone(), + report.build_mode, + ), + report, ) })?; @@ -344,7 +378,22 @@ pub mod pallet { ); Self::add_enclave(&sender, &enclave)?; - Self::deposit_event(Event::AddedEnclave(sender, worker_url)); + + #[cfg(not(feature = "skip-ias-check"))] + Self::deposit_event(Event::AddedEnclave { + registered_by: sender, + worker_url, + tcb_status: Some(report.status), + attestation_method: AttestationMethod::Dcap, + }); + + #[cfg(feature = "skip-ias-check")] + Self::deposit_event(Event::AddedEnclave { + registered_by: sender, + worker_url, + tcb_status: None, + attestation_method: AttestationMethod::Skip, + }); Ok(().into()) } @@ -359,9 +408,13 @@ pub mod pallet { log::info!("teerex: called into runtime call register_quoting_enclave()"); // Quoting enclaves are registered globally and not for a specific sender let _sender = ensure_signed(origin)?; - let quoting_enclave = - Self::verify_quoting_enclave(enclave_identity, signature, certificate_chain)?; - >::put(quoting_enclave); + let quoting_enclave = Self::verify_quoting_enclave( + enclave_identity.clone(), + signature, + certificate_chain, + )?; + >::put("ing_enclave); + Self::deposit_event(Event::QuotingEnclaveRegistered { quoting_enclave }); Ok(().into()) } @@ -378,7 +431,8 @@ pub mod pallet { let _sender = ensure_signed(origin)?; let (fmspc, on_chain_info) = Self::verify_tcb_info(tcb_info, signature, certificate_chain)?; - >::insert(fmspc, on_chain_info); + >::insert(fmspc, &on_chain_info); + Self::deposit_event(Event::TcbInfoRegistered { fmspc, on_chain_info }); Ok(().into()) } diff --git a/teerex/src/tests/test_cases.rs b/teerex/src/tests/test_cases.rs index c9d28705..ab1ab345 100644 --- a/teerex/src/tests/test_cases.rs +++ b/teerex/src/tests/test_cases.rs @@ -75,6 +75,10 @@ fn register_quoting_enclave_works() { register_test_quoting_enclave::(alice); let qe = Teerex::quoting_enclave(); assert_eq!(qe.isvprodid, 1); + + let expected_event = + RuntimeEvent::Teerex(TeerexEvent::QuotingEnclaveRegistered { quoting_enclave: qe }); + assert!(System::events().iter().any(|a| a.event == expected_event)) }) } @@ -88,6 +92,10 @@ fn register_tcb_info_works() { let tcb_info = Teerex::tcb_info(fmspc); // This is the date that the is registered in register_tcb_info and represents the date 2023-04-16T12:45:32Z assert_eq!(tcb_info.next_update, 1681649132000); + + let expected_event = + RuntimeEvent::Teerex(TeerexEvent::TcbInfoRegistered { fmspc, on_chain_info: tcb_info }); + assert!(System::events().iter().any(|a| a.event == expected_event)) }) }