oasis_runtime_sdk/modules/rofl/
types.rs

1use std::collections::BTreeMap;
2
3use crate::{
4    core::{
5        common::crypto::{signature, x25519},
6        consensus::{beacon::EpochTime, registry},
7    },
8    crypto::signature::PublicKey,
9    types::{address::Address, token},
10};
11
12use super::{app_id::AppId, policy::AppAuthPolicy};
13
14/// Create new ROFL application call.
15#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
16pub struct Create {
17    /// Application authentication policy.
18    pub policy: AppAuthPolicy,
19    /// Identifier generation scheme.
20    pub scheme: IdentifierScheme,
21    /// Metadata (arbitrary key/value pairs).
22    pub metadata: BTreeMap<String, String>,
23    // Note that we cannot pass secrets here as the SEK is not yet available.
24}
25
26/// ROFL application identifier generation scheme.
27#[derive(Clone, Copy, Debug, Default, cbor::Encode, cbor::Decode)]
28#[repr(u8)]
29pub enum IdentifierScheme {
30    #[default]
31    CreatorRoundIndex = 0,
32    CreatorNonce = 1,
33}
34
35/// Update an existing ROFL application call.
36#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
37pub struct Update {
38    /// ROFL application identifier.
39    pub id: AppId,
40    /// Authentication policy.
41    pub policy: AppAuthPolicy,
42    /// Application administrator address.
43    pub admin: Option<Address>,
44
45    /// Metadata (arbitrary key/value pairs).
46    pub metadata: BTreeMap<String, String>,
47    /// Secrets (arbitrary encrypted key/value pairs).
48    pub secrets: BTreeMap<String, Vec<u8>>,
49}
50
51/// Remove an existing ROFL application call.
52#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
53pub struct Remove {
54    /// ROFL application identifier.
55    pub id: AppId,
56}
57
58/// ROFL application configuration.
59///
60/// # Metadata
61///
62/// Metadata contains arbitrary key-value pairs.
63///
64/// # Secrets
65///
66/// In addition to metadata, the configuration can also contain secrets which are encrypted with a
67/// shared secret derived from the secret encryption key (SEK). Since the SEK is only available once
68/// the application has been registered, the initial create cannot contain secrets.
69#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
70#[cfg_attr(test, derive(PartialEq, Eq))]
71pub struct AppConfig {
72    /// ROFL application identifier.
73    pub id: AppId,
74    /// Authentication policy.
75    pub policy: AppAuthPolicy,
76    /// Application administrator address.
77    pub admin: Option<Address>,
78    /// Staked amount.
79    pub stake: token::BaseUnits,
80
81    /// Metadata (arbitrary key/value pairs).
82    pub metadata: BTreeMap<String, String>,
83    /// Secrets (arbitrary encrypted key/value pairs).
84    pub secrets: BTreeMap<String, Vec<u8>>,
85    /// Secret encryption public key. The key is used to derive a shared secret used for symmetric
86    /// encryption (e.g. using Deoxys-II or similar).
87    pub sek: x25519::PublicKey,
88}
89
90/// Register ROFL call.
91#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
92pub struct Register {
93    /// ROFL application identifier.
94    pub app: AppId,
95    /// Endorsed TEE capability.
96    pub ect: registry::EndorsedCapabilityTEE,
97    /// Epoch when the ROFL registration expires if not renewed.
98    pub expiration: EpochTime,
99    /// Extra public keys to endorse (e.g. secp256k1 keys).
100    ///
101    /// All of these keys need to co-sign the registration transaction to prove ownership.
102    pub extra_keys: Vec<PublicKey>,
103    /// Arbitrary app-specific metadata.
104    #[cbor(optional)]
105    pub metadata: BTreeMap<String, String>,
106}
107
108/// Kind of key for derivation.
109#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, Hash, cbor::Encode, cbor::Decode)]
110#[repr(u8)]
111pub enum KeyKind {
112    /// Raw entropy derivation.
113    #[default]
114    EntropyV0 = 0,
115
116    /// X25519 key pair.
117    X25519 = 1,
118}
119
120/// Scope of key for derivation.
121#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, Hash, cbor::Encode, cbor::Decode)]
122#[cbor(with_default)]
123#[repr(u8)]
124pub enum KeyScope {
125    /// Global application scope (e.g. all instances get the same key).
126    #[default]
127    Global = 0,
128
129    /// Node scope (e.g. all instances endorsed by the same node get the same key).
130    Node = 1,
131
132    /// Entity scope (e.g. all instances endorsed by nodes from the same entity get the same key).
133    Entity = 2,
134}
135
136impl KeyScope {
137    /// Whether this key scope is the global key scope.
138    pub fn is_global(&self) -> bool {
139        matches!(self, Self::Global)
140    }
141}
142
143/// Derive key call.
144#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
145pub struct DeriveKey {
146    /// ROFL application identifier.
147    pub app: AppId,
148    /// Key kind.
149    pub kind: KeyKind,
150    /// Key scope.
151    #[cbor(optional, skip_serializing_if = "KeyScope::is_global")]
152    pub scope: KeyScope,
153    /// Key generation.
154    pub generation: u64,
155    /// Key identifier.
156    pub key_id: Vec<u8>,
157}
158
159/// Response from the derive key call.
160#[derive(Clone, Default, cbor::Encode, cbor::Decode)]
161pub struct DeriveKeyResponse {
162    /// Derived key.
163    pub key: Vec<u8>,
164}
165
166/// ROFL registration descriptor.
167#[derive(Clone, Debug, Default, PartialEq, Eq, cbor::Encode, cbor::Decode)]
168pub struct Registration {
169    /// Application this enclave is registered for.
170    pub app: AppId,
171    /// Identifier of the endorsing node.
172    pub node_id: signature::PublicKey,
173    /// Optional identifier of the endorsing entity.
174    pub entity_id: Option<signature::PublicKey>,
175    /// Runtime Attestation Key.
176    pub rak: signature::PublicKey,
177    /// Runtime Encryption Key.
178    pub rek: x25519::PublicKey,
179    /// Epoch when the ROFL registration expires if not renewed.
180    pub expiration: EpochTime,
181    /// Extra public keys to endorse (e.g. secp256k1 keys).
182    pub extra_keys: Vec<PublicKey>,
183    /// Arbitrary app-specific metadata.
184    #[cbor(optional)]
185    pub metadata: BTreeMap<String, String>,
186}
187
188/// Application-related query.
189#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
190pub struct AppQuery {
191    /// ROFL application identifier.
192    pub id: AppId,
193}
194
195/// Application instance query.
196#[derive(Clone, Debug, cbor::Encode, cbor::Decode)]
197#[cbor(no_default)]
198pub struct AppInstanceQuery {
199    /// ROFL application identifier.
200    pub app: AppId,
201    /// Runtime Attestation Key.
202    pub rak: PublicKey,
203}
204
205/// Stake thresholds for managing ROFL.
206#[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
207pub struct StakeThresholds {
208    /// Required stake for creating new ROFL application.
209    pub app_create: token::BaseUnits,
210}