Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

session-proxy for delegate signing and key storage #1655

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

session-proxy for delegate signing and key storage #1655

wants to merge 3 commits into from

Conversation

brenzi
Copy link
Collaborator

@brenzi brenzi commented Nov 28, 2024
edited
Loading

closes #1654

store session key secrets in runtime state and serve them to authenticated owners to allow sessions with less (or no) signing by the owner

  • add send_note trusted call to allow NonTransfer proxies to send notes
  • each proxy costs a deposit of 0.5 TEER
  • cli tools to do delegate calls and getters

question:

  • the naming of session_proxy may be less intuitive than i.e. delegates. it works very different from frame pallet proxy

@brenzi brenzi changed the title basic session-proxy pallet session-proxy for delegate signing and key storage Nov 29, 2024
@brenzi brenzi requested a review from clangenb November 29, 2024 09:59
@brenzi brenzi marked this pull request as ready for review November 29, 2024 10:03
clangenb
clangenb reviewed Nov 29, 2024
View reviewed changes
Copy link
Contributor

@clangenb clangenb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nice, I like the design. 💪

app-libs/sgx-runtime/pallets/session-proxy/src/lib.rs
credentials: SessionProxyCredentials<BalanceOf<T>>,
) -> DispatchResultWithPostInfo {
let delegator = ensure_signed(origin)?;
ensure!(delegator != delegate, Error::<T>::NoSelfProxy);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Probably better to call it SelfProxyForbidden

app-libs/stf/src/getter.rs Show resolved Hide resolved
app-libs/stf/src/getter.rs
Comment on lines +185 to +186
let signer = self.delegate.clone().unwrap_or(self.getter.sender_account().clone());
if self.signature.verify(encoded.as_slice(), &signer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let signer = self.delegate.clone().unwrap_or(self.getter.sender_account().clone());
if self.signature.verify(encoded.as_slice(), &signer) {
let signer = self.delegate.as_ref().unwrap_or(self.getter.sender_account());
if self.signature.verify(encoded.as_slice(), signer) {

app-libs/stf/src/trusted_call.rs
Comment on lines +242 to +243
let signer = self.delegate.clone().unwrap_or(self.call.sender_account().clone());
if self.signature.verify(payload.as_slice(), &signer) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
let signer = self.delegate.clone().unwrap_or(self.call.sender_account().clone());
if self.signature.verify(payload.as_slice(), &signer) {
let signer = self.delegate.as_ref().unwrap_or(self.call.sender_account());
if self.signature.verify(payload.as_slice(), signer) {

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@clangenb clangenb clangenb left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

serve session keys as proxies with roles
2 participants
@brenzi @clangenb