From 7d5d0bb50db6f59c0c9bd5b5e140e4525d197be1 Mon Sep 17 00:00:00 2001 From: Jernej Kos Date: Wed, 12 Oct 2022 17:19:43 +0200 Subject: [PATCH] go/upgrade: Merge TEE PCS/change parameters upgrade handlers --- .changelog/4978.trivial.md | 0 go/oasis-test-runner/scenario/e2e/e2e.go | 2 +- go/oasis-test-runner/scenario/e2e/upgrade.go | 19 +++-- .../migrations/consensus_change_parameters.go | 51 ------------ go/upgrade/migrations/consensus_tee_pcs.go | 63 --------------- go/upgrade/migrations/consensus_v61.go | 81 +++++++++++++++++++ 6 files changed, 96 insertions(+), 120 deletions(-) create mode 100644 .changelog/4978.trivial.md delete mode 100644 go/upgrade/migrations/consensus_change_parameters.go delete mode 100644 go/upgrade/migrations/consensus_tee_pcs.go create mode 100644 go/upgrade/migrations/consensus_v61.go diff --git a/.changelog/4978.trivial.md b/.changelog/4978.trivial.md new file mode 100644 index 00000000000..e69de29bb2d diff --git a/go/oasis-test-runner/scenario/e2e/e2e.go b/go/oasis-test-runner/scenario/e2e/e2e.go index 3c71e029a42..4c598a2dd58 100644 --- a/go/oasis-test-runner/scenario/e2e/e2e.go +++ b/go/oasis-test-runner/scenario/e2e/e2e.go @@ -466,7 +466,7 @@ func RegisterScenarios() error { // Node upgrade tests. NodeUpgradeDummy, NodeUpgradeMaxAllowances, - NodeUpgradeTEEPCS, + NodeUpgradeV61, NodeUpgradeEmpty, NodeUpgradeCancel, // Debonding entries from genesis test. diff --git a/go/oasis-test-runner/scenario/e2e/upgrade.go b/go/oasis-test-runner/scenario/e2e/upgrade.go index 6269905358d..523c8859e77 100644 --- a/go/oasis-test-runner/scenario/e2e/upgrade.go +++ b/go/oasis-test-runner/scenario/e2e/upgrade.go @@ -80,13 +80,13 @@ func (n *noOpUpgradeChecker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Cont return nil } -type upgradeTeePcsChecker struct{} +type upgradeV61Checker struct{} -func (n *upgradeTeePcsChecker) PreUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { +func (n *upgradeV61Checker) PreUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { return nil } -func (n *upgradeTeePcsChecker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { +func (n *upgradeV61Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { // Check updated registry parameters. registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest) if err != nil { @@ -111,6 +111,15 @@ func (n *upgradeTeePcsChecker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Co return fmt.Errorf("default gas cost for freshness proofs is not set") } + // Check updated governance parameters. + govParams, err := ctrl.Governance.ConsensusParameters(ctx, consensus.HeightLatest) + if err != nil { + return fmt.Errorf("can't get governance consensus parameters: %w", err) + } + if !govParams.EnableChangeParametersProposal { + return fmt.Errorf("change parameters proposal is disabled") + } + return nil } @@ -119,8 +128,8 @@ var ( NodeUpgradeDummy scenario.Scenario = newNodeUpgradeImpl(migrations.DummyUpgradeHandler, &dummyUpgradeChecker{}) // NodeUpgradeMaxAllowances is the node upgrade max allowances scenario. NodeUpgradeMaxAllowances scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusMaxAllowances16Handler, &noOpUpgradeChecker{}) - // NodeUpgradeTEEPCS is the node consensus TEE PCS enablement scenario. - NodeUpgradeTEEPCS scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusTEEPCSHandler, &upgradeTeePcsChecker{}) + // NodeUpgradeV61 is the node consensus V61 migration scenario. + NodeUpgradeV61 scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusV61, &upgradeV61Checker{}) // NodeUpgradeEmpty is the empty node upgrade scenario. NodeUpgradeEmpty scenario.Scenario = newNodeUpgradeImpl(migrations.EmptyHandler, &noOpUpgradeChecker{}) diff --git a/go/upgrade/migrations/consensus_change_parameters.go b/go/upgrade/migrations/consensus_change_parameters.go deleted file mode 100644 index a1f52a470ff..00000000000 --- a/go/upgrade/migrations/consensus_change_parameters.go +++ /dev/null @@ -1,51 +0,0 @@ -package migrations - -import ( - "fmt" - - abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/api" - governanceState "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/apps/governance/state" -) - -const ( - // ChangeParametersProposalHandler is the name of the upgrade that enables change - // parameters proposal. - ChangeParametersProposalHandler = "change-parameters-proposal" -) - -var _ Handler = (*changeParametersProposalHandler)(nil) - -type changeParametersProposalHandler struct{} - -func (h *changeParametersProposalHandler) StartupUpgrade(ctx *Context) error { - return nil -} - -func (h *changeParametersProposalHandler) ConsensusUpgrade(ctx *Context, privateCtx interface{}) error { - abciCtx := privateCtx.(*abciAPI.Context) - switch abciCtx.Mode() { - case abciAPI.ContextBeginBlock: - // Nothing to do during begin block. - case abciAPI.ContextEndBlock: - // Update a consensus parameter during EndBlock. - state := governanceState.NewMutableState(abciCtx.State()) - - params, err := state.ConsensusParameters(abciCtx) - if err != nil { - return fmt.Errorf("unable to load governance consensus parameters: %w", err) - } - - params.EnableChangeParametersProposal = true - - if err = state.SetConsensusParameters(abciCtx, params); err != nil { - return fmt.Errorf("failed to update governance consensus parameters: %w", err) - } - default: - return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) - } - return nil -} - -func init() { - Register(ChangeParametersProposalHandler, &changeParametersProposalHandler{}) -} diff --git a/go/upgrade/migrations/consensus_tee_pcs.go b/go/upgrade/migrations/consensus_tee_pcs.go deleted file mode 100644 index 2d0b92f2fc5..00000000000 --- a/go/upgrade/migrations/consensus_tee_pcs.go +++ /dev/null @@ -1,63 +0,0 @@ -package migrations - -import ( - "fmt" - - "github.com/oasisprotocol/oasis-core/go/common/node" - abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/api" - registryState "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/apps/registry/state" - registry "github.com/oasisprotocol/oasis-core/go/registry/api" -) - -const ( - // ConsensusTEEPCSHandler is the name of the upgrade that enables PCS-based attestation support - // for Intel SGX-based TEEs. - ConsensusTEEPCSHandler = "consensus-tee-pcs" -) - -var _ Handler = (*teePcsHandler)(nil) - -type teePcsHandler struct{} - -func (th *teePcsHandler) StartupUpgrade(ctx *Context) error { - return nil -} - -func (th *teePcsHandler) ConsensusUpgrade(ctx *Context, privateCtx interface{}) error { - abciCtx := privateCtx.(*abciAPI.Context) - switch abciCtx.Mode() { - case abciAPI.ContextBeginBlock: - // Nothing to do during begin block. - case abciAPI.ContextEndBlock: - // Update a consensus parameter during EndBlock. - state := registryState.NewMutableState(abciCtx.State()) - - params, err := state.ConsensusParameters(abciCtx) - if err != nil { - return fmt.Errorf("unable to load registry consensus parameters: %w", err) - } - - params.TEEFeatures = &node.TEEFeatures{ - SGX: node.TEEFeaturesSGX{ - PCS: true, - SignedAttestations: true, - DefaultMaxAttestationAge: 1200, // ~2 hours at 6 sec per block. - }, - FreshnessProofs: true, - } - - // Configure the default gas cost for freshness proofs. - params.GasCosts[registry.GasOpProveFreshness] = registry.DefaultGasCosts[registry.GasOpProveFreshness] - - if err = state.SetConsensusParameters(abciCtx, params); err != nil { - return fmt.Errorf("failed to update registry consensus parameters: %w", err) - } - default: - return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) - } - return nil -} - -func init() { - Register(ConsensusTEEPCSHandler, &teePcsHandler{}) -} diff --git a/go/upgrade/migrations/consensus_v61.go b/go/upgrade/migrations/consensus_v61.go new file mode 100644 index 00000000000..79bf36e09d5 --- /dev/null +++ b/go/upgrade/migrations/consensus_v61.go @@ -0,0 +1,81 @@ +package migrations + +import ( + "fmt" + + "github.com/oasisprotocol/oasis-core/go/common/node" + abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/api" + governanceState "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/apps/governance/state" + registryState "github.com/oasisprotocol/oasis-core/go/consensus/tendermint/apps/registry/state" + registry "github.com/oasisprotocol/oasis-core/go/registry/api" +) + +const ( + // ConsensusV61 is the name of the upgrade that enables multiple features added in Oasis Core + // version 22.2.x, specifically PCS support for Intel SGX, remote attestation binding to node + // identities and client freshness proofs. + ConsensusV61 = "consensus-v61" +) + +var _ Handler = (*v61Handler)(nil) + +type v61Handler struct{} + +func (th *v61Handler) StartupUpgrade(ctx *Context) error { + return nil +} + +func (th *v61Handler) ConsensusUpgrade(ctx *Context, privateCtx interface{}) error { + abciCtx := privateCtx.(*abciAPI.Context) + switch abciCtx.Mode() { + case abciAPI.ContextBeginBlock: + // Nothing to do during begin block. + case abciAPI.ContextEndBlock: + // Update a consensus parameters during EndBlock. + + // Registry. + regState := registryState.NewMutableState(abciCtx.State()) + + regParams, err := regState.ConsensusParameters(abciCtx) + if err != nil { + return fmt.Errorf("unable to load registry consensus parameters: %w", err) + } + + regParams.TEEFeatures = &node.TEEFeatures{ + SGX: node.TEEFeaturesSGX{ + PCS: true, + SignedAttestations: true, + DefaultMaxAttestationAge: 1200, // ~2 hours at 6 sec per block. + }, + FreshnessProofs: true, + } + + // Configure the default gas cost for freshness proofs. + regParams.GasCosts[registry.GasOpProveFreshness] = registry.DefaultGasCosts[registry.GasOpProveFreshness] + + if err = regState.SetConsensusParameters(abciCtx, regParams); err != nil { + return fmt.Errorf("failed to update registry consensus parameters: %w", err) + } + + // Governance. + govState := governanceState.NewMutableState(abciCtx.State()) + + govParams, err := govState.ConsensusParameters(abciCtx) + if err != nil { + return fmt.Errorf("unable to load governance consensus parameters: %w", err) + } + + govParams.EnableChangeParametersProposal = true + + if err = govState.SetConsensusParameters(abciCtx, govParams); err != nil { + return fmt.Errorf("failed to update governance consensus parameters: %w", err) + } + default: + return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) + } + return nil +} + +func init() { + Register(ConsensusV61, &v61Handler{}) +}