Skip to content

Commit b4002d0

Browse files
preston4896preston4896
authored
Merge pull request #19 from automata-network/DEV-3733
[TOB] DEV-3733: ID-3
2 parents 33baea4 + b811738 commit b4002d0

File tree

5 files changed

+31
-20
lines changed

5 files changed

+31
-20
lines changed

script/automata/ConfigAutomataDao.s.sol

+2-2
Original file line numberDiff line numberDiff line change
@@ -23,11 +23,11 @@ contract ConfigAutomataDao is Script {
2323
address enclaveIdentityHelper = vm.envAddress("ENCLAVE_IDENTITY_HELPER");
2424
address fmspcTcbHelper = vm.envAddress("FMSPC_TCB_HELPER");
2525

26-
function updateStorageDao() public {
26+
function grantDao(address dao) public {
2727
vm.broadcast(privateKey);
2828

2929
AutomataDaoStorage pccsStorage = AutomataDaoStorage(pccsStorageAddr);
30-
pccsStorage.updateDao(pcsDaoAddr, pckDaoAddr, fmspcTcbDaoAddr, enclaveIdDaoAddr);
30+
pccsStorage.grantDao(dao);
3131
}
3232

3333
function revokeDao(address dao) public {

script/automata/DeployAutomataDao.s.sol

+5-1
Original file line numberDiff line numberDiff line change
@@ -53,7 +53,11 @@ contract DeployAutomataDao is P256Configuration {
5353
new AutomataFmspcTcbDao(address(pccsStorage), simulateVerify(), address(pcsDao), fmspcTcbHelper, x509);
5454
console.log("AutomataFmspcTcbDao deployed at: ", address(fmspcTcbDao));
5555

56-
pccsStorage.updateDao(address(pcsDao), address(pckDao), address(fmspcTcbDao), address(enclaveIdDao));
56+
// grants the DAOs permission to write to storage
57+
pccsStorage.grantDao(address(pcsDao));
58+
pccsStorage.grantDao(address(pckDao));
59+
pccsStorage.grantDao(address(enclaveIdDao));
60+
pccsStorage.grantDao(address(fmspcTcbDao));
5761
}
5862

5963
function deployStorage() public broadcastKey(privateKey) {

src/automata_pccs/shared/AutomataDaoStorage.sol

+18-15
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
1717
mapping(address => bool) _authorized_readers;
1818
mapping(bytes32 attId => bytes collateral) _db;
1919

20+
event SetAuthorizedWriter(address caller, bool authorized);
21+
event SetAuthorizedReader(address caller, bool authorized);
22+
2023
modifier onlyDao(address dao) {
2124
require(_authorized_writers[dao], "FORBIDDEN");
2225
_;
@@ -26,15 +29,15 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
2629
_initializeOwner(msg.sender);
2730

2831
// adding address(0) as an authorized_reader to allow eth_call
29-
_authorized_readers[address(0)] = true;
32+
_setAuthorizedReader(address(0), true);
3033
}
3134

3235
function isAuthorizedCaller(address caller) external view returns (bool) {
3336
return _authorized_readers[caller];
3437
}
3538

3639
function setCallerAuthorization(address caller, bool authorized) external onlyOwner {
37-
_authorized_readers[caller] = authorized;
40+
_setAuthorizedReader(caller, authorized);
3841
}
3942

4043
function pauseCallerRestriction() external onlyOwner whenNotPaused {
@@ -45,15 +48,12 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
4548
_unpause();
4649
}
4750

48-
function updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao)
49-
external
50-
onlyOwner
51-
{
52-
_updateDao(_pcsDao, _pckDao, _fmspcTcbDao, _enclaveIdDao);
51+
function grantDao(address granted) external onlyOwner {
52+
_setAuthorizedWriter(granted, true);
5353
}
5454

5555
function revokeDao(address revoked) external onlyOwner {
56-
_authorized_writers[revoked] = false;
56+
_setAuthorizedWriter(revoked, false);
5757
}
5858

5959
function collateralPointer(bytes32 key) external pure override returns (bytes32 collateralAttId) {
@@ -93,13 +93,6 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
9393
}
9494
}
9595

96-
function _updateDao(address _pcsDao, address _pckDao, address _fmspcTcbDao, address _enclaveIdDao) private {
97-
_authorized_writers[_pcsDao] = true;
98-
_authorized_writers[_pckDao] = true;
99-
_authorized_writers[_fmspcTcbDao] = true;
100-
_authorized_writers[_enclaveIdDao] = true;
101-
}
102-
10396
/// Attestation ID Computation
10497
bytes4 constant DATA_ATTESTATION_MAGIC = 0x54a09e9a;
10598
bytes4 constant HASH_ATTESTATION_MAGIC = 0x628ab4d2;
@@ -109,6 +102,16 @@ contract AutomataDaoStorage is AutomataTCBManager, IDaoAttestationResolver, Paus
109102
attestationId = keccak256(abi.encodePacked(magic, key));
110103
}
111104

105+
function _setAuthorizedWriter(address caller, bool authorized) private {
106+
_authorized_writers[caller] = authorized;
107+
emit SetAuthorizedWriter(caller, authorized);
108+
}
109+
110+
function _setAuthorizedReader(address caller, bool authorized) private {
111+
_authorized_readers[caller] = authorized;
112+
emit SetAuthorizedReader(caller, authorized);
113+
}
114+
112115
/// TCB Management
113116
using EnumerableSet for EnumerableSet.Bytes32Set;
114117

test/TestSetupBase.t.sol

+5-1
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,11 @@ abstract contract TestSetupBase is Test {
6666
pck =
6767
new AutomataPckDao(address(pccsStorage), P256_VERIFIER, address(pcs), address(x509Lib), address(x509CrlLib));
6868

69-
pccsStorage.updateDao(address(pcs), address(pck), address(fmspcTcbDao), address(enclaveIdDao));
69+
// grants dao permissions to write to the storage
70+
pccsStorage.grantDao(address(pcs));
71+
pccsStorage.grantDao(address(pck));
72+
pccsStorage.grantDao(address(fmspcTcbDao));
73+
pccsStorage.grantDao(address(enclaveIdDao));
7074

7175
// grants admin address permission to read collaterals
7276
pccsStorage.setCallerAuthorization(admin, true);

test/tcb/TCBMockTest.t.sol

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@ contract TcbMockTest is PCSSetupBase, TCBConstants {
2020
);
2121

2222
vm.prank(admin);
23-
pccsStorage.updateDao(address(pcs), address(pck), address(tcb), address(enclaveIdDao));
23+
pccsStorage.grantDao(address(tcb));
2424
}
2525

2626
function testMockFmspcTcbTdxV3() public {

0 commit comments

Comments
 (0)