diff --git a/.gitignore b/.gitignore index af12467..861b611 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ target/ *.pdb .vscode .DS_Store +.idea \ No newline at end of file diff --git a/Cargo.lock b/Cargo.lock index ca05c60..3fad4bd 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -977,6 +977,7 @@ version = "0.1.0" dependencies = [ "fc-traits-authn-proc", "frame-support", + "log", "parity-scale-codec", "scale-info", ] diff --git a/traits/authn/Cargo.toml b/traits/authn/Cargo.toml index c627bc9..d42e1c0 100644 --- a/traits/authn/Cargo.toml +++ b/traits/authn/Cargo.toml @@ -10,6 +10,7 @@ version = "0.1.0" codec.workspace = true frame-support.workspace = true fc-traits-authn-proc.workspace = true +log.workspace = true scale-info.workspace = true [features] diff --git a/traits/authn/src/lib.rs b/traits/authn/src/lib.rs index d946b4e..809d4db 100644 --- a/traits/authn/src/lib.rs +++ b/traits/authn/src/lib.rs @@ -8,6 +8,8 @@ pub mod util; pub use fc_traits_authn_proc::composite_authenticator; +const LOG_TARGET: &'static str = "authn"; + pub mod composite_prelude { pub use crate::{ Authenticator, AuthorityId, Challenge, Challenger, DeviceChallengeResponse, DeviceId, @@ -36,7 +38,7 @@ macro_rules! composite_authenticators { } } -// A reasonabily sized secure challenge +// A reasonably sized secure challenge const CHALLENGE_SIZE: usize = 32; pub type Challenge = [u8; CHALLENGE_SIZE]; type CxOf = ::Context; @@ -65,13 +67,24 @@ pub trait Authenticator { type Device: UserAuthenticator; fn verify_device(attestation: Self::DeviceAttestation) -> Option { + log::trace!(target: LOG_TARGET, "Verifying device with attestation: {:?}", attestation); + + log::trace!(target: LOG_TARGET, "Assert authority {:?}", attestation.authority()); attestation .authority() .eq(&Self::Authority::get()) .then_some(())?; + log::trace!(target: LOG_TARGET, "Authority verified"); + let (cx, challenge) = attestation.used_challenge(); + log::trace!(target: LOG_TARGET, "Check challenge for context ({:?}): {:?}", &cx, &challenge); Self::Challenger::check_challenge(&cx, &challenge)?; + log::trace!(target: LOG_TARGET, "Challenge checked"); + + log::trace!(target: LOG_TARGET, "Validate attestation"); attestation.is_valid().then_some(())?; + + log::trace!(target: LOG_TARGET, "Retrieve device"); Some(Self::unpack_device(attestation)) } @@ -86,13 +99,24 @@ pub trait UserAuthenticator: FullCodec + MaxEncodedLen + TypeInfo { type Credential: UserChallengeResponse>; fn verify_user(&self, credential: &Self::Credential) -> Option<()> { + log::trace!(target: LOG_TARGET, "Verifying user for credential: {:?}", credential); + + log::trace!(target: LOG_TARGET, "Assert authority {:?}", credential.authority()); credential .authority() .eq(&Self::Authority::get()) .then_some(())?; + log::trace!(target: LOG_TARGET, "Authority verified"); + let (cx, challenge) = credential.used_challenge(); + log::trace!(target: LOG_TARGET, "Check challenge for context ({:?}): {:?}", &cx, &challenge); Self::Challenger::check_challenge(&cx, &challenge)?; + log::trace!(target: LOG_TARGET, "Challenge checked"); + + log::trace!(target: LOG_TARGET, "Credential verified"); credential.is_valid().then_some(())?; + + log::trace!(target: LOG_TARGET, "Verify credential"); self.verify_credential(credential) } diff --git a/traits/authn/src/util.rs b/traits/authn/src/util.rs index 905cb1e..5087038 100644 --- a/traits/authn/src/util.rs +++ b/traits/authn/src/util.rs @@ -20,7 +20,7 @@ impl> Get for AuthorityFromPalletId { } } -/// Convenient auto-implemtator of the Authenticator trait +/// Convenient auto-implementor of the Authenticator trait pub struct Auth(PhantomData<(Dev, Att)>); impl Authenticator for Auth