Pass events and events proof to enclave

Cargo.lock

@@ -2761,6 +2761,7 @@ dependencies = [
  "itp-enclave-metrics",
  "itp-node-api",
  "itp-settings",
+ "itp-storage",
  "itp-types",
  "itp-utils",
  "its-consensus-slots",
@@ -3338,6 +3339,7 @@ dependencies = [
  "itc-parentchain",
  "itp-enclave-api-ffi",
  "itp-settings",
+ "itp-storage",
  "itp-types",
  "log 0.4.17",
  "parity-scale-codec",
@@ -7980,9 +7982,9 @@ checksum = "6e63cff320ae2c57904679ba7cb63280a3dc4613885beafb148ee7bf9aa9042d"
 
 [[package]]
 name = "spin"
-version = "0.9.7"
+version = "0.9.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0959fd6f767df20b231736396e4f602171e00d95205676286e79d4a4eb67bef"
+checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
 
 [[package]]
 name = "spki"
@@ -9078,7 +9080,7 @@ version = "0.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "01bf50edb2ea9d922aa75a7bf3c15e26a6c9e2d18c56e862b49737a582901729"
 dependencies = [
- "spin 0.9.7",
+ "spin 0.9.8",
  "wasmi_arena",
  "wasmi_core 0.5.0",
  "wasmparser-nostd",

core-primitives/enclave-api/Cargo.toml

@@ -22,4 +22,5 @@ sp-runtime = { git = "https://github.com/paritytech/substrate.git", branch = "po
 itc-parentchain = { path = "../../core/parentchain/parentchain-crate" }
 itp-enclave-api-ffi = { path = "ffi" }
 itp-settings = { path = "../settings" }
+itp-storage = { path = "../storage" }
 itp-types = { path = "../types" }

core-primitives/enclave-api/ffi/src/lib.rs

@@ -67,6 +67,10 @@ extern "C" {
 		retval: *mut sgx_status_t,
 		blocks: *const u8,
 		blocks_size: usize,
+		events: *const u8,
+		events_size: usize,
+		events_proofs: *const u8,
+		events_proofs_size: usize,
 		nonce: *const u32,
 	) -> sgx_status_t;
 

core-primitives/enclave-api/src/sidechain.rs

@@ -20,15 +20,19 @@ use crate::{error::Error, Enclave, EnclaveResult};
 use codec::Encode;
 use frame_support::ensure;
 use itp_enclave_api_ffi as ffi;
+use itp_storage::StorageProof;
 use sgx_types::sgx_status_t;
 use sp_runtime::{generic::SignedBlock, traits::Block as ParentchainBlockTrait};
 
 /// trait for handling blocks on the side chain
 pub trait Sidechain: Send + Sync + 'static {
-	/// Sync parentchain blocks and execute pending tops in the enclave
+	/// Sync parentchain blocks and events. Execute pending tops
+	/// and events proof in the enclave.
 	fn sync_parentchain<ParentchainBlock: ParentchainBlockTrait>(
 		&self,
 		blocks: &[SignedBlock<ParentchainBlock>],
+		events: &[Vec<u8>],
+		events_proofs: &[StorageProof],
 		nonce: u32,
 	) -> EnclaveResult<()>;
 
@@ -39,17 +43,25 @@ impl Sidechain for Enclave {
 	fn sync_parentchain<ParentchainBlock: ParentchainBlockTrait>(
 		&self,
 		blocks: &[SignedBlock<ParentchainBlock>],
+		events: &[Vec<u8>],
+		events_proofs: &[StorageProof],
 		nonce: u32,
 	) -> EnclaveResult<()> {
 		let mut retval = sgx_status_t::SGX_SUCCESS;
 		let blocks_enc = blocks.encode();
+		let events_enc = events.encode();
+		let events_proofs_enc = events_proofs.encode();
 
 		let result = unsafe {
 			ffi::sync_parentchain(
 				self.eid,
 				&mut retval,
 				blocks_enc.as_ptr(),
 				blocks_enc.len(),
+				events_enc.as_ptr(),
+				events_enc.len(),
+				events_proofs_enc.as_ptr(),
+				events_proofs_enc.len(),
 				&nonce,
 			)
 		};

core-primitives/node-api/api-client-extensions/src/chain.rs

@@ -17,14 +17,19 @@
 
 use crate::{ApiClientError, ApiResult};
 use itp_api_client_types::{Block, SignedBlock};
-use itp_types::parentchain::{BlockNumber, Hash, Header, StorageProof};
+use itp_types::{
+	parentchain::{BlockNumber, Hash, Header, StorageProof},
+	H256,
+};
 use sp_finality_grandpa::{AuthorityList, VersionedAuthorityList, GRANDPA_AUTHORITIES_KEY};
 use sp_runtime::traits::GetRuntimeBlockType;
 use substrate_api_client::{
-	primitives::StorageKey, rpc::Request, Api, ExtrinsicParams, FrameSystemConfig, GetBlock,
+	rpc::Request, serde_impls::StorageKey, Api, ExtrinsicParams, FrameSystemConfig, GetBlock,
 	GetHeader, GetStorage,
 };
 
+pub type Events = Vec<u8>;
+
 /// ApiClient extension that simplifies chain data access.
 pub trait ChainApi {
 	fn last_finalized_block(&self) -> ApiResult<Option<SignedBlock>>;
@@ -36,8 +41,10 @@ pub trait ChainApi {
 	/// Returns an empty vector if from is greater than to.
 	fn get_blocks(&self, from: BlockNumber, to: BlockNumber) -> ApiResult<Vec<SignedBlock>>;
 	fn is_grandpa_available(&self) -> ApiResult<bool>;
-	fn grandpa_authorities(&self, hash: Option<Hash>) -> ApiResult<AuthorityList>;
-	fn grandpa_authorities_proof(&self, hash: Option<Hash>) -> ApiResult<StorageProof>;
+	fn grandpa_authorities(&self, hash: Option<H256>) -> ApiResult<AuthorityList>;
+	fn grandpa_authorities_proof(&self, hash: Option<H256>) -> ApiResult<StorageProof>;
+	fn get_events_value_proof(&self, block_hash: Option<H256>) -> ApiResult<StorageProof>;
+	fn get_events_for_block(&self, block_hash: Option<H256>) -> ApiResult<Events>;
 }
 
 impl<Signer, Client, Params, Runtime> ChainApi for Api<Signer, Client, Params, Runtime>
@@ -100,4 +107,15 @@ where
 			.map(|read_proof| read_proof.proof.into_iter().map(|bytes| bytes.0).collect())
 			.unwrap_or_default())
 	}
+
+	fn get_events_value_proof(&self, block_hash: Option<H256>) -> ApiResult<StorageProof> {
+		Ok(self
+			.get_storage_value_proof("System", "Events", block_hash)?
+			.map(|read_proof| read_proof.proof.into_iter().map(|bytes| bytes.0).collect())
+			.unwrap_or_default())
+	}
+
+	fn get_events_for_block(&self, block_hash: Option<H256>) -> ApiResult<Events> {
+		Ok(self.get_storage_value("System", "Events", block_hash)?.unwrap_or_default())
+	}
 }

enclave-runtime/Enclave.edl

@@ -63,6 +63,8 @@ enclave {
 
 		public sgx_status_t sync_parentchain(
 			[in, size=blocks_size] uint8_t* blocks, size_t blocks_size,
+			[in, size=events_size] uint8_t* events, size_t events_size,
+			[in, size=events_proofs_size] uint8_t* events_proofs, size_t events_proofs_size,
 			[in] uint32_t* nonce
 		);
 

enclave-runtime/src/lib.rs

@@ -52,6 +52,7 @@ use itp_nonce_cache::{MutateNonce, Nonce, GLOBAL_NONCE_CACHE};
 use itp_settings::worker_mode::{ProvideWorkerMode, WorkerMode, WorkerModeProvider};
 use itp_sgx_crypto::{ed25519, Ed25519Seal, Rsa3072Seal};
 use itp_sgx_io::StaticSealedIO;
+use itp_storage::StorageProof;
 use itp_types::{ShardIdentifier, SignedBlock};
 use itp_utils::write_slice_and_whitespace_pad;
 use log::*;
@@ -338,13 +339,32 @@ pub unsafe extern "C" fn init_shard(shard: *const u8, shard_size: u32) -> sgx_st
 pub unsafe extern "C" fn sync_parentchain(
 	blocks_to_sync: *const u8,
 	blocks_to_sync_size: usize,
+	_events_to_sync: *const u8,
+	_events_to_sync_size: *const u8,
+	events_proofs_to_sync: *const u8,
+	events_proofs_to_sync_size: usize,
 	_nonce: *const u32,
 ) -> sgx_status_t {
 	let blocks_to_sync = match Vec::<SignedBlock>::decode_raw(blocks_to_sync, blocks_to_sync_size) {
 		Ok(blocks) => blocks,
 		Err(e) => return Error::Codec(e).into(),
 	};
 
+	let events_proofs_to_sync =
+		match Vec::<StorageProof>::decode_raw(events_proofs_to_sync, events_proofs_to_sync_size) {
+			Ok(events_proofs) => events_proofs,
+			Err(e) => return Error::Codec(e).into(),
+		};
+
+	let blocks_to_sync_merkle_roots: Vec<sp_core::H256> =
+		blocks_to_sync.iter().map(|block| block.block.header.state_root).collect();
+
+	if let Err(e) = validate_events(&events_proofs_to_sync, &blocks_to_sync_merkle_roots) {
+		return e.into()
+	}
+
+	// TODO: Need to pass validated events down this path or store them somewhere such that
+	// the `indirect_calls_executor` can access them to verify extrinsics in each block have succeeded or not.
 	if let Err(e) = dispatch_parentchain_blocks_for_import::<WorkerModeProvider>(blocks_to_sync) {
 		return e.into()
 	}
@@ -381,6 +401,20 @@ fn dispatch_parentchain_blocks_for_import<WorkerModeProvider: ProvideWorkerMode>
 	Ok(())
 }
 
+// ANDREW
+/// Validates the events coming from the parentchain
+fn validate_events(
+	events_proofs: &Vec<StorageProof>,
+	blocks_merkle_roots: &Vec<sp_core::H256>,
+) -> Result<()> {
+	info!(
+		"Validating events, events_proofs_length: {:?}, blocks_merkle_roots_lengths: {:?}",
+		events_proofs.len(),
+		blocks_merkle_roots.len()
+	);
+	Ok(())
+}
+
 /// Triggers the import of parentchain blocks when using a queue to sync parentchain block import
 /// with sidechain block production.
 ///

service/Cargo.toml

@@ -48,6 +48,7 @@ itp-enclave-api = { path = "../core-primitives/enclave-api" }
 itp-enclave-metrics = { path = "../core-primitives/enclave-metrics" }
 itp-node-api = { path = "../core-primitives/node-api" }
 itp-settings = { path = "../core-primitives/settings" }
+itp-storage = { path = "../core-primitives/storage" }
 itp-types = { path = "../core-primitives/types" }
 itp-utils = { path = "../core-primitives/utils" }
 its-consensus-slots = { path = "../sidechain/consensus/slots" }

service/src/parentchain_handler.rs

@@ -23,6 +23,7 @@ use itc_parentchain::{
 };
 use itp_enclave_api::{enclave_base::EnclaveBase, sidechain::Sidechain};
 use itp_node_api::api_client::ChainApi;
+use itp_storage::StorageProof;
 use log::*;
 use my_node_runtime::Header;
 use sp_finality_grandpa::VersionedAuthorityList;
@@ -140,7 +141,26 @@ where
 				return Ok(until_synced_header)
 			}
 
-			self.enclave_api.sync_parentchain(block_chunk_to_sync.as_slice(), 0)?;
+			let events_chunk_to_sync: Vec<Vec<u8>> = block_chunk_to_sync
+				.iter()
+				.map(|block| {
+					self.parentchain_api.get_events_for_block(Some(block.block.header.hash()))
+				})
+				.collect::<Result<Vec<_>, _>>()?;
+
+			let events_proofs_chunk_to_sync: Vec<StorageProof> = block_chunk_to_sync
+				.iter()
+				.map(|block| {
+					self.parentchain_api.get_events_value_proof(Some(block.block.header.hash()))
+				})
+				.collect::<Result<Vec<_>, _>>()?;
+
+			self.enclave_api.sync_parentchain(
+				block_chunk_to_sync.as_slice(),
+				events_chunk_to_sync.as_slice(),
+				events_proofs_chunk_to_sync.as_slice(),
+				0,
+			)?;
 
 			until_synced_header = block_chunk_to_sync
 				.last()

service/src/tests/mocks/enclave_api_mock.rs

@@ -24,6 +24,7 @@ use itc_parentchain::primitives::{
 };
 use itp_enclave_api::{enclave_base::EnclaveBase, sidechain::Sidechain, EnclaveResult};
 use itp_settings::worker::MR_ENCLAVE_SIZE;
+use itp_storage::StorageProof;
 use sgx_crypto_helper::rsa3072::Rsa3072PubKey;
 use sp_core::ed25519;
 
@@ -88,6 +89,8 @@ impl Sidechain for EnclaveMock {
 	fn sync_parentchain<ParentchainBlock: ParentchainBlockTrait>(
 		&self,
 		_blocks: &[sp_runtime::generic::SignedBlock<ParentchainBlock>],
+		_events: &[Vec<u8>],
+		_events_proofs: &[StorageProof],
 		_nonce: u32,
 	) -> EnclaveResult<()> {
 		Ok(())

service/src/tests/mocks/parentchain_api_mock.rs

@@ -20,7 +20,10 @@ use itc_parentchain_test::{
 	parentchain_header_builder::ParentchainHeaderBuilder,
 };
 use itp_node_api::api_client::{ApiResult, ChainApi, SignedBlock};
-use itp_types::parentchain::{Hash, Header, StorageProof};
+use itp_types::{
+	parentchain::{Hash, Header, StorageProof},
+	H256,
+};
 use sp_finality_grandpa::AuthorityList;
 
 pub struct ParentchainApiMock {
@@ -84,4 +87,15 @@ impl ChainApi for ParentchainApiMock {
 	fn grandpa_authorities_proof(&self, _hash: Option<Hash>) -> ApiResult<StorageProof> {
 		todo!()
 	}
+
+	fn get_events_value_proof(&self, _block_hash: Option<H256>) -> ApiResult<StorageProof> {
+		Ok(Default::default())
+	}
+
+	fn get_events_for_block(
+		&self,
+		_block_hash: Option<H256>,
+	) -> ApiResult<itp_node_api::api_client::Events> {
+		Ok(Default::default())
+	}
 }