Handle PCK certificates (#1068)

* Add x509-parser dependency and helper fns * Add pck cert chain parser * Doccomments * Use x509 crate that works with no-std * Tidy, comments * WIP - handle PCK certs in staking pallet * Rm pck cert stuff from attestation pallet * Fix mock pck cert chain verifying * Taplo * Compress verifying key * Add missing import * Add missing implementations of PckCertVerifyier * Fix staking pallet benchmarks * Validate cert chain of arbitrary length * Tidy, fix tests * Lockfile * Clippy * Error handling * Add test for production cert verifyer * Rm commented code in test * Changelog * update metadata * Hopefully fix staking extension pallet benchmarking for validate extrinsic * Update pallets/staking/src/lib.rs Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com> * Update pallets/staking/src/tests.rs Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com> * Update pallets/staking/src/pck/production.rs Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com> * Update pallets/staking/src/pck/production.rs Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com> * Typo in struct name and improve test readablilty * Rm calls to mock_attest_validate in staking pallet test as fn is now removed * Handle errors in production verify_cert fn * Doccomments * Alphabetically sort runtime config types * Changelog * derive serialize and deserialize for JoiningServerInfo * Rename struct (typo) * Make it clearer what is happenning with the PCK generation in staking pallet benchmark * Use intel root cert from web link and link to it in doccomments * Fix staking pallet benchmarks in always generate a mock quote before validate * Slightly improve error conversion --------- Co-authored-by: Jesse Abramowitz <jesse@entropy.xyz> Co-authored-by: Hernando Castano <HCastano@users.noreply.github.com>
entropyxyz · Oct 28, 2024 · 5afd3f8 · 5afd3f8
1 parent c1a2233
commit 5afd3f8
Show file tree

Hide file tree

Showing 18 changed files with 516 additions and 94 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -15,10 +15,14 @@ At the moment this project **does not** adhere to
   structure, and the `NodeInfoChanged` event were removed from the Staking Extension pallet. The
   `AttestationHandler` config type was added to the Staking Extension pallet. The `KeyProvider` and
   `AttestationQueue` config types were removed from the Attestation pallet.
+- In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type `PckCertChainVerifier`
+  was added to the staking extension pallet's `Config` trait.
 - In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the ```no-sync``` option was removed
+
 ### Changed
 - Use correct key rotation endpoint in OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104))
 - Change attestation flow to be pull based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/))
+- Handle PCK certificates ([#1068](https://github.com/entropyxyz/entropy-core/pull/1068))
 - Remove declare synced ([#1134](https://github.com/entropyxyz/entropy-core/pull/1134/))
 
 ## [0.3.0-rc.1](https://github.com/entropyxyz/entropy-core/compare/release/v0.2.0...release/v0.3.0-rc.1) - 2024-10-04

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale
diff --git a/pallets/attestation/src/mock.rs b/pallets/attestation/src/mock.rs
@@ -315,6 +315,7 @@ impl pallet_staking_extension::Config for Test {
     type AttestationHandler = ();
     type Currency = Balances;
     type MaxEndpointLength = MaxEndpointLength;
+    type PckCertChainVerifier = pallet_staking_extension::pck::MockPckCertChainVerifier;
     type Randomness = TestPastRandomness;
     type RuntimeEvent = RuntimeEvent;
     type WeightInfo = ();

diff --git a/pallets/propagation/src/mock.rs b/pallets/propagation/src/mock.rs
@@ -309,6 +309,7 @@ impl pallet_staking_extension::Config for Test {
     type AttestationHandler = ();
     type Currency = Balances;
     type MaxEndpointLength = MaxEndpointLength;
+    type PckCertChainVerifier = pallet_staking_extension::pck::MockPckCertChainVerifier;
     type Randomness = TestPastRandomness;
     type RuntimeEvent = RuntimeEvent;
     type WeightInfo = ();

diff --git a/pallets/registry/src/mock.rs b/pallets/registry/src/mock.rs
@@ -306,6 +306,7 @@ impl pallet_staking_extension::Config for Test {
     type AttestationHandler = ();
     type Currency = Balances;
     type MaxEndpointLength = MaxEndpointLength;
+    type PckCertChainVerifier = pallet_staking_extension::pck::MockPckCertChainVerifier;
     type Randomness = TestPastRandomness;
     type RuntimeEvent = RuntimeEvent;
     type WeightInfo = ();

diff --git a/pallets/staking/Cargo.toml b/pallets/staking/Cargo.toml
@@ -28,6 +28,10 @@ sp-runtime        ={ version="32.0.0", default-features=false }
 sp-staking        ={ version="27.0.0", default-features=false }
 sp-std            ={ version="14.0.0", default-features=false }
 sp-consensus-babe ={ version="0.33.0", default-features=false }
+x509-verify       ={ version="0.4.6", features=["x509"] }
+spki              ="0.7.3"
+p256              ={ version="0.13.2", default-features=false, features=["ecdsa"] }
+rand              ={ version="0.8.5", default-features=false, features=["alloc"] }
 
 pallet-parameters={ version="0.3.0-rc.1", path="../parameters", default-features=false }
 entropy-shared={ version="0.3.0-rc.1", path="../../crates/shared", features=[