Shielding parentchain transfers (#1378)

* Adding in the balance transfer filters

* clippy and fmt

* taplo

* adding polkadot js transfer script for various transfer tests and some logging

* cleanup for pr

* adding privacy sidechain shielding to indirect executor

* Adding in privacy shielding with runtime crash

* fix merge error

* [stf] migrate deprecated `set_balance` to `force_set_balance`

* renaming and refactor

* reorganizing and refactor for better code seperation

* bump api-client after master merge

* cargo fmt

* making indirect_executor refactored to avoid cycles

* make itp-utils purely no-std

* make itp-utils purely no-std

* code fixes after itp-utils change

* fix enclave build

* [itp-utils] fix test compilation

* Fix enclave build in shielding parentchain transfer branch (#1482)

* make itp-utils purely no-std

* make itp-utils purely no-std

* code fixes after itp-utils change

* fix enclave build

* [itp-utils] fix test compilation

* adding integration test

* clippy taplo fmt

* avoid clash between //Alice unshielding and //Alice vault for shielding.

* WIP causing cyclic dependency

* plenty of refactoring. now no_std clash remaining

* mostly fixed the mess. now failing high-level when build

* mock for indirect call executor tests

* fixed cargo test

* cleanups

* fixes

* cargo fix in root

* taplo fmt

* toml feature cleanup. no effect

* revert bogus fix

* taplo fmt

* fix trait bound build errors

* cleanup

* get rid of extern crate core again

* get rid of sgx_tstd in itp-types

* add enhancement todo comment

---------

Co-authored-by: Christian Langenbacher <[email protected]>
Co-authored-by: clangenb <[email protected]>
Co-authored-by: Alain Brenzikofer <[email protected]>
Co-authored-by: brenzi <[email protected]>

Cargo.lock

@@ -3002,6 +3002,41 @@ dependencies = [
  "url 2.4.0",
 ]
 
+[[package]]
+name = "ita-parentchain-interface"
+version = "0.9.0"
+dependencies = [
+ "binary-merkle-tree",
+ "bs58",
+ "env_logger",
+ "frame-support",
+ "futures 0.3.28",
+ "futures 0.3.8",
+ "ita-sgx-runtime",
+ "ita-stf",
+ "itc-parentchain-indirect-calls-executor",
+ "itc-parentchain-test",
+ "itp-api-client-types",
+ "itp-node-api",
+ "itp-ocall-api",
+ "itp-sgx-crypto",
+ "itp-sgx-runtime-primitives",
+ "itp-stf-executor",
+ "itp-stf-primitives",
+ "itp-test",
+ "itp-top-pool-author",
+ "itp-types",
+ "itp-utils",
+ "log 0.4.19",
+ "parity-scale-codec",
+ "sgx_tstd",
+ "sgx_types",
+ "sp-core",
+ "sp-runtime",
+ "thiserror 1.0.40",
+ "thiserror 1.0.9",
+]
+
 [[package]]
 name = "ita-sgx-runtime"
 version = "0.9.0"
@@ -3047,8 +3082,10 @@ dependencies = [
  "derive_more",
  "frame-support",
  "frame-system",
+ "hex",
  "integritee-node-runtime",
  "ita-sgx-runtime",
+ "itc-parentchain-indirect-calls-executor",
  "itp-hashing",
  "itp-node-api",
  "itp-node-api-metadata",
@@ -3177,7 +3214,6 @@ dependencies = [
  "env_logger",
  "futures 0.3.28",
  "futures 0.3.8",
- "ita-stf",
  "itc-parentchain-test",
  "itp-api-client-types",
  "itp-node-api",
@@ -3913,6 +3949,8 @@ dependencies = [
  "frame-system",
  "integritee-node-runtime",
  "itp-sgx-runtime-primitives",
+ "itp-stf-primitives",
+ "itp-utils",
  "pallet-balances",
  "parity-scale-codec",
  "primitive-types",
@@ -3921,6 +3959,7 @@ dependencies = [
  "sp-core",
  "sp-runtime",
  "sp-std",
+ "substrate-api-client",
  "teerex-primitives",
 ]
 

Cargo.toml

@@ -2,6 +2,7 @@
 
 members = [
     "app-libs/oracle",
+    "app-libs/parentchain-interface",
     "app-libs/sgx-runtime",
     "app-libs/stf",
     "cli",

app-libs/parentchain-interface/Cargo.toml

@@ -0,0 +1,93 @@
+[package]
+name = "ita-parentchain-interface"
+version = "0.9.0"
+authors = ["Integritee AG <[email protected]>"]
+edition = "2021"
+
+[dependencies]
+# sgx dependencies
+sgx_tstd = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git", optional = true }
+sgx_types = { branch = "master", git = "https://github.com/apache/teaclave-sgx-sdk.git" }
+
+# local dependencies
+ita-sgx-runtime = { path = "../sgx-runtime", default-features = false }
+ita-stf = { path = "../stf", default-features = false }
+itc-parentchain-indirect-calls-executor = { path = "../../core/parentchain/indirect-calls-executor", default-features = false }
+itp-api-client-types = { path = "../../core-primitives/node-api/api-client-types", default-features = false }
+itp-node-api = { path = "../../core-primitives/node-api", default-features = false }
+itp-ocall-api = { path = "../../core-primitives/ocall-api", default-features = false }
+itp-sgx-crypto = { path = "../../core-primitives/sgx/crypto", default-features = false }
+itp-sgx-runtime-primitives = { path = "../../core-primitives/sgx-runtime-primitives", default-features = false }
+itp-stf-executor = { path = "../../core-primitives/stf-executor", default-features = false }
+itp-stf-primitives = { path = "../../core-primitives/stf-primitives", default-features = false }
+itp-top-pool-author = { path = "../../core-primitives/top-pool-author", default-features = false }
+itp-types = { path = "../../core-primitives/types", default-features = false }
+itp-utils = { path = "../../core-primitives/utils", default-features = false }
+
+# sgx enabled external libraries
+futures_sgx = { package = "futures", git = "https://github.com/mesalock-linux/futures-rs-sgx", optional = true }
+thiserror_sgx = { package = "thiserror", git = "https://github.com/mesalock-linux/thiserror-sgx", tag = "sgx_1.1.3", optional = true }
+
+# std compatible external libraries (make sure these versions match with the sgx-enabled ones above)
+futures = { version = "0.3.8", optional = true }
+thiserror = { version = "1.0", optional = true }
+
+# no-std compatible libraries
+bs58 = { version = "0.4.0", default-features = false, features = ["alloc"] }
+codec = { package = "parity-scale-codec", version = "3.0.0", default-features = false, features = ["derive"] }
+log = { version = "0.4", default-features = false }
+
+# substrate dep
+binary-merkle-tree = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+frame-support = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-core = { default-features = false, features = ["full_crypto"], git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+sp-runtime = { default-features = false, git = "https://github.com/paritytech/substrate.git", branch = "polkadot-v0.9.42" }
+
+[dev-dependencies]
+env_logger = "0.9.0"
+itp-node-api = { path = "../../core-primitives/node-api", features = ["mocks"] }
+itp-sgx-crypto = { path = "../../core-primitives/sgx/crypto", features = ["mocks"] }
+itp-stf-executor = { path = "../../core-primitives/stf-executor", features = ["mocks"] }
+itp-test = { path = "../../core-primitives/test" }
+itp-top-pool-author = { path = "../../core-primitives/top-pool-author", features = ["mocks"] }
+itc-parentchain-test = { path = "../../core/parentchain/test" }
+
+
+[features]
+default = ["std"]
+std = [
+    "bs58/std",
+    "codec/std",
+    "futures",
+    "ita-sgx-runtime/std",
+    "ita-stf/std",
+    "itc-parentchain-indirect-calls-executor/std",
+    "itp-api-client-types/std",
+    "itp-node-api/std",
+    "itp-ocall-api/std",
+    "itp-sgx-crypto/std",
+    "itp-sgx-runtime-primitives/std",
+    "itp-stf-executor/std",
+    "itp-stf-primitives/std",
+    "itp-top-pool-author/std",
+    "itp-types/std",
+    "itp-utils/std",
+    "log/std",
+    #substrate
+    "binary-merkle-tree/std",
+    "sp-core/std",
+    "sp-runtime/std",
+    "frame-support/std",
+    "thiserror",
+]
+sgx = [
+    "sgx_tstd",
+    "futures_sgx",
+    "ita-stf/sgx",
+    "itc-parentchain-indirect-calls-executor/sgx",
+    "itp-node-api/sgx",
+    "itp-sgx-crypto/sgx",
+    "itp-stf-executor/sgx",
+    "itp-top-pool-author/sgx",
+    "thiserror_sgx",
+]

core/parentchain/indirect-calls-executor/src/indirect_calls/invoke.rs → app-libs/parentchain-interface/src/indirect_calls/invoke.rs

@@ -15,16 +15,23 @@
 
 */
 
-use crate::{error::Result, IndirectDispatch, IndirectExecutor};
 use codec::{Decode, Encode};
+use ita_stf::TrustedCallSigned;
+use itc_parentchain_indirect_calls_executor::{
+	error::{Error, Result},
+	IndirectDispatch,
+};
+use itp_stf_primitives::traits::IndirectExecutor;
 use itp_types::Request;
 
 #[derive(Debug, Clone, Encode, Decode, Eq, PartialEq)]
 pub struct InvokeArgs {
 	request: Request,
 }
 
-impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for InvokeArgs {
+impl<Executor: IndirectExecutor<TrustedCallSigned, Error>>
+	IndirectDispatch<Executor, TrustedCallSigned> for InvokeArgs
+{
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		log::debug!("Found trusted call extrinsic, submitting it to the top pool");
 		executor.submit_trusted_call(self.request.shard, self.request.cyphertext.clone());

core/parentchain/indirect-calls-executor/src/indirect_calls/mod.rs → app-libs/parentchain-interface/src/indirect_calls/mod.rs

@@ -15,9 +15,9 @@
 
 */
 
-mod invoke;
-mod shield_funds;
-mod transfer_to_alice_shields_funds;
+pub mod invoke;
+pub mod shield_funds;
+pub mod transfer_to_alice_shields_funds;
 
 pub use invoke::InvokeArgs;
 pub use shield_funds::ShieldFundsArgs;

core/parentchain/indirect-calls-executor/src/indirect_calls/shield_funds.rs → app-libs/parentchain-interface/src/indirect_calls/shield_funds.rs

@@ -15,10 +15,16 @@
 
 */
 
-use crate::{error::Result, IndirectDispatch, IndirectExecutor};
 use codec::{Decode, Encode};
 use ita_stf::{Getter, TrustedCall, TrustedCallSigned};
-use itp_stf_primitives::types::{AccountId, TrustedOperation};
+use itc_parentchain_indirect_calls_executor::{
+	error::{Error, Result},
+	IndirectDispatch,
+};
+use itp_stf_primitives::{
+	traits::IndirectExecutor,
+	types::{AccountId, TrustedOperation},
+};
 use itp_types::{Balance, ShardIdentifier};
 use log::{debug, info};
 use std::vec::Vec;
@@ -30,7 +36,9 @@ pub struct ShieldFundsArgs {
 	amount: Balance,
 }
 
-impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for ShieldFundsArgs {
+impl<Executor: IndirectExecutor<TrustedCallSigned, Error>>
+	IndirectDispatch<Executor, TrustedCallSigned> for ShieldFundsArgs
+{
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		info!("Found ShieldFunds extrinsic in block: \nAccount Encrypted {:?} \nAmount: {} \nShard: {}",
         	self.account_encrypted, self.amount, bs58::encode(self.shard.encode()).into_string());

core/parentchain/indirect-calls-executor/src/indirect_calls/transfer_to_alice_shields_funds.rs → app-libs/parentchain-interface/src/indirect_calls/transfer_to_alice_shields_funds.rs

@@ -15,14 +15,20 @@
 
 */
 
-use crate::{error::Result, IndirectDispatch, IndirectExecutor};
 use codec::{Decode, Encode};
+use core::fmt::Debug;
 use ita_stf::{Getter, TrustedCall, TrustedCallSigned};
-use itp_stf_primitives::types::{AccountId, TrustedOperation};
+use itc_parentchain_indirect_calls_executor::{
+	error::{Error, Result},
+	IndirectDispatch,
+};
+use itp_stf_primitives::{
+	traits::IndirectExecutor,
+	types::{AccountId, TrustedOperation},
+};
 use itp_types::Balance;
 use log::info;
 use sp_runtime::MultiAddress;
-
 /// Arguments of a parentchains `transfer` or `transfer_allow_death` dispatchable.
 ///
 /// This is a simple demo indirect call where a transfer to alice on chain will transfer
@@ -41,8 +47,7 @@ pub struct TransferToAliceShieldsFundsArgs {
 ///
 /// ```
 /// use sp_core::{sr25519, Pair};
-/// use itc_parentchain_indirect_calls_executor::indirect_calls::ALICE_ACCOUNT_ID;
-///
+/// use ita_parentchain_interface::indirect_calls::ALICE_ACCOUNT_ID;
 /// let alice = sr25519::Pair::from_string_with_seed("//Alice", None).unwrap();
 /// println!("{:?}", alice.0.public().to_vec());
 /// assert_eq!(ALICE_ACCOUNT_ID, alice.0.public().into())
@@ -52,7 +57,9 @@ pub const ALICE_ACCOUNT_ID: AccountId = AccountId::new([
 	76, 205, 227, 154, 86, 132, 231, 165, 109, 162, 125,
 ]);
 
-impl<Executor: IndirectExecutor> IndirectDispatch<Executor> for TransferToAliceShieldsFundsArgs {
+impl<Executor: IndirectExecutor<TrustedCallSigned, Error>>
+	IndirectDispatch<Executor, TrustedCallSigned> for TransferToAliceShieldsFundsArgs
+{
 	fn dispatch(&self, executor: &Executor) -> Result<()> {
 		if self.destination == ALICE_ACCOUNT_ID.into() {
 			info!("Found Transfer to Alice extrinsic in block: \nAmount: {}", self.value);

app-libs/parentchain-interface/src/integritee/event_filter.rs

@@ -0,0 +1,90 @@
+/*
+	Copyright 2021 Integritee AG
+
+	Licensed under the Apache License, Version 2.0 (the "License");
+	you may not use this file except in compliance with the License.
+	You may obtain a copy of the License at
+
+		http://www.apache.org/licenses/LICENSE-2.0
+
+	Unless required by applicable law or agreed to in writing, software
+	distributed under the License is distributed on an "AS IS" BASIS,
+	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+	See the License for the specific language governing permissions and
+	limitations under the License.
+
+*/
+//! Various way to filter Parentchain events
+
+use itc_parentchain_indirect_calls_executor::event_filter::ToEvents;
+use itp_api_client_types::Events;
+
+use itp_types::{
+	parentchain::{
+		BalanceTransfer, ExtrinsicFailed, ExtrinsicStatus, ExtrinsicSuccess, FilterEvents,
+	},
+	H256,
+};
+use std::vec::Vec;
+
+#[derive(Clone)]
+pub struct FilterableEvents(pub Events<H256>);
+
+// todo: improve: https://github.com/integritee-network/worker/pull/1378#discussion_r1393933766
+impl ToEvents<Events<H256>> for FilterableEvents {
+	fn to_events(&self) -> &Events<H256> {
+		&self.0
+	}
+}
+
+impl From<Events<H256>> for FilterableEvents {
+	fn from(ev: Events<H256>) -> Self {
+		Self(ev)
+	}
+}
+
+impl FilterEvents for FilterableEvents {
+	type Error = itc_parentchain_indirect_calls_executor::Error;
+
+	fn get_extrinsic_statuses(&self) -> core::result::Result<Vec<ExtrinsicStatus>, Self::Error> {
+		Ok(self
+			.to_events()
+			.iter()
+			.filter_map(|ev| {
+				ev.and_then(|ev| {
+					if (ev.as_event::<ExtrinsicSuccess>()?).is_some() {
+						return Ok(Some(ExtrinsicStatus::Success))
+					}
+
+					if (ev.as_event::<ExtrinsicFailed>()?).is_some() {
+						return Ok(Some(ExtrinsicStatus::Failed))
+					}
+
+					Ok(None)
+				})
+				.ok()
+				.flatten()
+			})
+			.collect())
+	}
+
+	fn get_transfer_events(&self) -> core::result::Result<Vec<BalanceTransfer>, Self::Error> {
+		Ok(self
+			.to_events()
+			.iter()
+			.flatten() // flatten filters out the nones
+			.filter_map(|ev| match ev.as_event::<BalanceTransfer>() {
+				Ok(maybe_event) => {
+					if maybe_event.is_none() {
+						log::warn!("Transfer event does not exist in parentchain metadata");
+					};
+					maybe_event
+				},
+				Err(e) => {
+					log::error!("Could not decode event: {:?}", e);
+					None
+				},
+			})
+			.collect())
+	}
+}