Skip to content

Commit

Permalink
[gas] permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@lightmark @igor-aptos
lightmark authored and igor-aptos committed Jan 17, 2025
1 parent 773d254 commit 9d06506
Show file tree
Hide file tree
Showing 6 changed files with 352 additions and 25 deletions.
45 changes: 35 additions & 10 deletions aptos-move/framework/aptos-framework/doc/permissioned_delegation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
- [Enum `DelegationKey`](#0x1_permissioned_delegation_DelegationKey)
- [Resource `RegisteredDelegations`](#0x1_permissioned_delegation_RegisteredDelegations)
- [Constants](#@Constants_0)
- [Function `gen_ed25519_key`](#0x1_permissioned_delegation_gen_ed25519_key)
- [Function `fetch_handle`](#0x1_permissioned_delegation_fetch_handle)
- [Function `add_permissioned_handle`](#0x1_permissioned_delegation_add_permissioned_handle)
- [Function `remove_permissioned_handle`](#0x1_permissioned_delegation_remove_permissioned_handle)
Expand Down Expand Up @@ -165,11 +166,11 @@



<a id="0x1_permissioned_delegation_EHANDLE_EXISTENCE"></a>
<a id="0x1_permissioned_delegation_EDELEGATION_EXISTENCE"></a>



<pre><code><b>const</b> <a href="permissioned_delegation.md#0x1_permissioned_delegation_EHANDLE_EXISTENCE">EHANDLE_EXISTENCE</a>: u64 = 5;
<pre><code><b>const</b> <a href="permissioned_delegation.md#0x1_permissioned_delegation_EDELEGATION_EXISTENCE">EDELEGATION_EXISTENCE</a>: u64 = 5;
</code></pre>


Expand Down Expand Up @@ -201,6 +202,30 @@



<a id="0x1_permissioned_delegation_gen_ed25519_key"></a>

## Function `gen_ed25519_key`



<pre><code><b>public</b> <b>fun</b> <a href="permissioned_delegation.md#0x1_permissioned_delegation_gen_ed25519_key">gen_ed25519_key</a>(key: <a href="../../aptos-stdlib/doc/ed25519.md#0x1_ed25519_UnvalidatedPublicKey">ed25519::UnvalidatedPublicKey</a>): <a href="permissioned_delegation.md#0x1_permissioned_delegation_DelegationKey">permissioned_delegation::DelegationKey</a>
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="permissioned_delegation.md#0x1_permissioned_delegation_gen_ed25519_key">gen_ed25519_key</a>(key: UnvalidatedPublicKey): <a href="permissioned_delegation.md#0x1_permissioned_delegation_DelegationKey">DelegationKey</a> {
DelegationKey::Ed25519PublicKey(key)
}
</code></pre>



</details>

<a id="0x1_permissioned_delegation_fetch_handle"></a>

## Function `fetch_handle`
Expand Down Expand Up @@ -258,7 +283,7 @@
});
};
<b>let</b> handles = &<b>mut</b> <b>borrow_global_mut</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(addr).delegations;
<b>assert</b>!(!handles.contains(&key), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_already_exists">error::already_exists</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_EHANDLE_EXISTENCE">EHANDLE_EXISTENCE</a>));
<b>assert</b>!(!handles.contains(&key), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_already_exists">error::already_exists</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_EDELEGATION_EXISTENCE">EDELEGATION_EXISTENCE</a>));
<b>let</b> handle = <a href="permissioned_signer.md#0x1_permissioned_signer_create_storable_permissioned_handle">permissioned_signer::create_storable_permissioned_handle</a>(master, expiration_time);
<b>let</b> <a href="permissioned_signer.md#0x1_permissioned_signer">permissioned_signer</a> = <a href="permissioned_signer.md#0x1_permissioned_signer_signer_from_storable_permissioned_handle">permissioned_signer::signer_from_storable_permissioned_handle</a>(&handle);
handles.add(key, AccountDelegation::V1 { handle, <a href="rate_limiter.md#0x1_rate_limiter">rate_limiter</a> });
Expand Down Expand Up @@ -291,10 +316,10 @@
) <b>acquires</b> <a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a> {
<b>assert</b>!(!is_permissioned_signer(master), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_permission_denied">error::permission_denied</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_ENOT_MASTER_SIGNER">ENOT_MASTER_SIGNER</a>));
<b>let</b> addr = <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer_address_of">signer::address_of</a>(master);
<b>let</b> handle_bundles = &<b>mut</b> <b>borrow_global_mut</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(addr).delegations;
<b>assert</b>!(handle_bundles.contains(&key), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_not_found">error::not_found</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_EHANDLE_EXISTENCE">EHANDLE_EXISTENCE</a>));
<b>let</b> bundle = handle_bundles.remove(&key);
match (bundle) {
<b>let</b> delegations = &<b>mut</b> <b>borrow_global_mut</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(addr).delegations;
<b>assert</b>!(delegations.contains(&key), <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_not_found">error::not_found</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_EDELEGATION_EXISTENCE">EDELEGATION_EXISTENCE</a>));
<b>let</b> delegation = delegations.remove(&key);
match (delegation) {
AccountDelegation::V1 { handle, <a href="rate_limiter.md#0x1_rate_limiter">rate_limiter</a>: _ } =&gt; {
<a href="permissioned_signer.md#0x1_permissioned_signer_destroy_storable_permissioned_handle">permissioned_signer::destroy_storable_permissioned_handle</a>(handle);
}
Expand Down Expand Up @@ -427,9 +452,9 @@ Authorization function for account abstraction.
count_rate: bool
): &StorablePermissionedHandle {
<b>if</b> (<b>exists</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(master)) {
<b>let</b> bundles = &<b>mut</b> <b>borrow_global_mut</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(master).delegations;
<b>if</b> (bundles.contains(&key)) {
<a href="permissioned_delegation.md#0x1_permissioned_delegation_fetch_handle">fetch_handle</a>(bundles.borrow_mut(&key), count_rate)
<b>let</b> delegations = &<b>mut</b> <b>borrow_global_mut</b>&lt;<a href="permissioned_delegation.md#0x1_permissioned_delegation_RegisteredDelegations">RegisteredDelegations</a>&gt;(master).delegations;
<b>if</b> (delegations.contains(&key)) {
<a href="permissioned_delegation.md#0x1_permissioned_delegation_fetch_handle">fetch_handle</a>(delegations.borrow_mut(&key), count_rate)
} <b>else</b> {
<b>abort</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_permission_denied">error::permission_denied</a>(<a href="permissioned_delegation.md#0x1_permissioned_delegation_EINVALID_SIGNATURE">EINVALID_SIGNATURE</a>)
}
Expand Down
134 changes: 132 additions & 2 deletions aptos-move/framework/aptos-framework/doc/transaction_validation.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,10 @@


- [Resource `TransactionValidation`](#0x1_transaction_validation_TransactionValidation)
- [Struct `GasPermission`](#0x1_transaction_validation_GasPermission)
- [Constants](#@Constants_0)
- [Function `grant_gas_permission`](#0x1_transaction_validation_grant_gas_permission)
- [Function `revoke_gas_permission`](#0x1_transaction_validation_revoke_gas_permission)
- [Function `initialize`](#0x1_transaction_validation_initialize)
- [Function `prologue_common`](#0x1_transaction_validation_prologue_common)
- [Function `script_prologue`](#0x1_transaction_validation_script_prologue)
Expand Down Expand Up @@ -57,6 +60,7 @@
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error">0x1::error</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features">0x1::features</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/option.md#0x1_option">0x1::option</a>;
<b>use</b> <a href="permissioned_signer.md#0x1_permissioned_signer">0x1::permissioned_signer</a>;
<b>use</b> <a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">0x1::signer</a>;
<b>use</b> <a href="system_addresses.md#0x1_system_addresses">0x1::system_addresses</a>;
<b>use</b> <a href="timestamp.md#0x1_timestamp">0x1::timestamp</a>;
Expand Down Expand Up @@ -123,6 +127,33 @@ correct chain-specific prologue and epilogue functions
</dl>


</details>

<a id="0x1_transaction_validation_GasPermission"></a>

## Struct `GasPermission`



<pre><code><b>struct</b> <a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> <b>has</b> <b>copy</b>, drop, store
</code></pre>



<details>
<summary>Fields</summary>


<dl>
<dt>
<code>dummy_field: bool</code>
</dt>
<dd>

</dd>
</dl>


</details>

<a id="@Constants_0"></a>
Expand Down Expand Up @@ -243,6 +274,76 @@ important to the semantics of the system.



<a id="0x1_transaction_validation_PROLOGUE_PERMISSIONED_GAS_LIMIT_INSUFFICIENT"></a>



<pre><code><b>const</b> <a href="transaction_validation.md#0x1_transaction_validation_PROLOGUE_PERMISSIONED_GAS_LIMIT_INSUFFICIENT">PROLOGUE_PERMISSIONED_GAS_LIMIT_INSUFFICIENT</a>: u64 = 1011;
</code></pre>



<a id="0x1_transaction_validation_grant_gas_permission"></a>

## Function `grant_gas_permission`

Permission management

Master signer grant permissioned signer ability to consume a given amount of gas in octas.


<pre><code><b>public</b> <b>fun</b> <a href="transaction_validation.md#0x1_transaction_validation_grant_gas_permission">grant_gas_permission</a>(master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, permissioned: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>, gas_amount: u64)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="transaction_validation.md#0x1_transaction_validation_grant_gas_permission">grant_gas_permission</a>(
master: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>,
permissioned: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>,
gas_amount: u64
) {
<a href="permissioned_signer.md#0x1_permissioned_signer_authorize_increase">permissioned_signer::authorize_increase</a>(
master,
permissioned,
(gas_amount <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
)
}
</code></pre>



</details>

<a id="0x1_transaction_validation_revoke_gas_permission"></a>

## Function `revoke_gas_permission`

Removing permissions from permissioned signer.


<pre><code><b>public</b> <b>fun</b> <a href="transaction_validation.md#0x1_transaction_validation_revoke_gas_permission">revoke_gas_permission</a>(permissioned: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>)
</code></pre>



<details>
<summary>Implementation</summary>


<pre><code><b>public</b> <b>fun</b> <a href="transaction_validation.md#0x1_transaction_validation_revoke_gas_permission">revoke_gas_permission</a>(permissioned: &<a href="../../aptos-stdlib/../move-stdlib/doc/signer.md#0x1_signer">signer</a>) {
<a href="permissioned_signer.md#0x1_permissioned_signer_revoke_permission">permissioned_signer::revoke_permission</a>(permissioned, <a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {})
}
</code></pre>



</details>

<a id="0x1_transaction_validation_initialize"></a>

## Function `initialize`
Expand Down Expand Up @@ -382,6 +483,14 @@ Only called during genesis to initialize system resources for this module.
is_simulation,
gas_payer_address
)) {
<b>assert</b>!(
<a href="permissioned_signer.md#0x1_permissioned_signer_check_permission_capacity_above">permissioned_signer::check_permission_capacity_above</a>(
gas_payer,
(max_transaction_fee <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
),
<a href="../../aptos-stdlib/../move-stdlib/doc/error.md#0x1_error_permission_denied">error::permission_denied</a>(<a href="transaction_validation.md#0x1_transaction_validation_PROLOGUE_PERMISSIONED_GAS_LIMIT_INSUFFICIENT">PROLOGUE_PERMISSIONED_GAS_LIMIT_INSUFFICIENT</a>)
);
<b>if</b> (<a href="../../aptos-stdlib/../move-stdlib/doc/features.md#0x1_features_operations_default_to_fa_apt_store_enabled">features::operations_default_to_fa_apt_store_enabled</a>()) {
<b>assert</b>!(
<a href="aptos_account.md#0x1_aptos_account_is_fungible_balance_at_least">aptos_account::is_fungible_balance_at_least</a>(gas_payer_address, max_transaction_fee),
Expand Down Expand Up @@ -960,12 +1069,23 @@ Called by the Adapter
);
};

<b>let</b> gas_payer_signer = &<a href="create_signer.md#0x1_create_signer_create_signer">create_signer::create_signer</a>(gas_payer);
<b>if</b> (transaction_fee_amount &gt; storage_fee_refunded) {
<b>let</b> burn_amount = transaction_fee_amount - storage_fee_refunded;
<a href="transaction_fee.md#0x1_transaction_fee_burn_fee">transaction_fee::burn_fee</a>(gas_payer, burn_amount);
<a href="permissioned_signer.md#0x1_permissioned_signer_check_permission_consume">permissioned_signer::check_permission_consume</a>(
gas_payer_signer,
(burn_amount <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
);
} <b>else</b> <b>if</b> (transaction_fee_amount &lt; storage_fee_refunded) {
<b>let</b> mint_amount = storage_fee_refunded - transaction_fee_amount;
<a href="transaction_fee.md#0x1_transaction_fee_mint_and_refund">transaction_fee::mint_and_refund</a>(gas_payer, mint_amount)
<a href="transaction_fee.md#0x1_transaction_fee_mint_and_refund">transaction_fee::mint_and_refund</a>(gas_payer, mint_amount);
<a href="permissioned_signer.md#0x1_permissioned_signer_increase_limit">permissioned_signer::increase_limit</a>(
gas_payer_signer,
(mint_amount <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
);
};
};

Expand Down Expand Up @@ -1195,9 +1315,19 @@ If there is no fee_payer, fee_payer = sender
<b>if</b> (transaction_fee_amount &gt; storage_fee_refunded) {
<b>let</b> burn_amount = transaction_fee_amount - storage_fee_refunded;
<a href="transaction_fee.md#0x1_transaction_fee_burn_fee">transaction_fee::burn_fee</a>(gas_payer_address, burn_amount);
<a href="permissioned_signer.md#0x1_permissioned_signer_check_permission_consume">permissioned_signer::check_permission_consume</a>(
&gas_payer,
(burn_amount <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
);
} <b>else</b> <b>if</b> (transaction_fee_amount &lt; storage_fee_refunded) {
<b>let</b> mint_amount = storage_fee_refunded - transaction_fee_amount;
<a href="transaction_fee.md#0x1_transaction_fee_mint_and_refund">transaction_fee::mint_and_refund</a>(gas_payer_address, mint_amount)
<a href="transaction_fee.md#0x1_transaction_fee_mint_and_refund">transaction_fee::mint_and_refund</a>(gas_payer_address, mint_amount);
<a href="permissioned_signer.md#0x1_permissioned_signer_increase_limit">permissioned_signer::increase_limit</a>(
&gas_payer,
(mint_amount <b>as</b> u256),
<a href="transaction_validation.md#0x1_transaction_validation_GasPermission">GasPermission</a> {}
);
};
};

Expand Down
30 changes: 19 additions & 11 deletions aptos-move/framework/aptos-framework/sources/account/permissioned_delegation.move
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,12 @@ module aptos_framework::permissioned_delegation {
use std::error;
use std::option::Option;
use std::signer;
use aptos_std::ed25519;
use aptos_std::ed25519::{new_signature_from_bytes, new_unvalidated_public_key_from_bytes, UnvalidatedPublicKey};
use aptos_std::ed25519::{
Self,
new_signature_from_bytes,
new_unvalidated_public_key_from_bytes,
UnvalidatedPublicKey
};
use aptos_std::big_ordered_map::{Self, BigOrderedMap};
use aptos_framework::auth_data::{Self, AbstractionAuthData};
use aptos_framework::bcs_stream::{Self, deserialize_u8};
Expand All @@ -19,7 +23,7 @@ module aptos_framework::permissioned_delegation {
const EINVALID_PUBLIC_KEY: u64 = 2;
const EPUBLIC_KEY_NOT_FOUND: u64 = 3;
const EINVALID_SIGNATURE: u64 = 4;
const EHANDLE_EXISTENCE: u64 = 5;
const EDELEGATION_EXISTENCE: u64 = 5;
const ERATE_LIMITED: u64 = 6;

enum AccountDelegation has store {
Expand All @@ -30,6 +34,10 @@ module aptos_framework::permissioned_delegation {
Ed25519PublicKey(UnvalidatedPublicKey)
}

public fun gen_ed25519_key(key: UnvalidatedPublicKey): DelegationKey {
DelegationKey::Ed25519PublicKey(key)
}

struct RegisteredDelegations has key {
delegations: BigOrderedMap<DelegationKey, AccountDelegation>
}
Expand All @@ -56,7 +64,7 @@ module aptos_framework::permissioned_delegation {
});
};
let handles = &mut borrow_global_mut<RegisteredDelegations>(addr).delegations;
assert!(!handles.contains(&key), error::already_exists(EHANDLE_EXISTENCE));
assert!(!handles.contains(&key), error::already_exists(EDELEGATION_EXISTENCE));
let handle = permissioned_signer::create_storable_permissioned_handle(master, expiration_time);
let permissioned_signer = permissioned_signer::signer_from_storable_permissioned_handle(&handle);
handles.add(key, AccountDelegation::V1 { handle, rate_limiter });
Expand All @@ -69,10 +77,10 @@ module aptos_framework::permissioned_delegation {
) acquires RegisteredDelegations {
assert!(!is_permissioned_signer(master), error::permission_denied(ENOT_MASTER_SIGNER));
let addr = signer::address_of(master);
let handle_bundles = &mut borrow_global_mut<RegisteredDelegations>(addr).delegations;
assert!(handle_bundles.contains(&key), error::not_found(EHANDLE_EXISTENCE));
let bundle = handle_bundles.remove(&key);
match (bundle) {
let delegations = &mut borrow_global_mut<RegisteredDelegations>(addr).delegations;
assert!(delegations.contains(&key), error::not_found(EDELEGATION_EXISTENCE));
let delegation = delegations.remove(&key);
match (delegation) {
AccountDelegation::V1 { handle, rate_limiter: _ } => {
permissioned_signer::destroy_storable_permissioned_handle(handle);
}
Expand Down Expand Up @@ -125,9 +133,9 @@ module aptos_framework::permissioned_delegation {
count_rate: bool
): &StorablePermissionedHandle {
if (exists<RegisteredDelegations>(master)) {
let bundles = &mut borrow_global_mut<RegisteredDelegations>(master).delegations;
if (bundles.contains(&key)) {
fetch_handle(bundles.borrow_mut(&key), count_rate)
let delegations = &mut borrow_global_mut<RegisteredDelegations>(master).delegations;
if (delegations.contains(&key)) {
fetch_handle(delegations.borrow_mut(&key), count_rate)
} else {
abort error::permission_denied(EINVALID_SIGNATURE)
}
Expand Down
Loading

0 comments on commit 9d06506

Please sign in to comment.