From e13865a7b3a3d38c4802a5926de70ad2b4a4eb62 Mon Sep 17 00:00:00 2001
From: Christian Langenbacher <clangenb+gh@protonmail.ch>
Date: Sat, 6 Apr 2024 18:48:56 +0800
Subject: [PATCH] [worker] try to encrypt the trusted call upon sending

---
 packages/worker-api/src/interface.ts   |  3 +++
 packages/worker-api/src/sendRequest.ts |  4 +++-
 packages/worker-api/src/worker.ts      | 33 +++++++++++++++++++++++---
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/packages/worker-api/src/interface.ts b/packages/worker-api/src/interface.ts
index 9d6ddb2a..71ec531d 100644
--- a/packages/worker-api/src/interface.ts
+++ b/packages/worker-api/src/interface.ts
@@ -1,6 +1,8 @@
 import type { KeyringPair } from '@polkadot/keyring/types';
 import WebSocketAsPromised from 'websocket-as-promised';
 import {Keyring} from "@polkadot/keyring";
+import type {u8} from "@polkadot/types-codec";
+import type {Vec} from "@polkadot/types";
 
 export interface IEncointerWorker extends WebSocketAsPromised {
   rsCount: number;
@@ -8,6 +10,7 @@ export interface IEncointerWorker extends WebSocketAsPromised {
   keyring: () => Keyring | undefined;
   createType: (apiType: string, obj?: any) => any;
   open: () => Promise<Event>;
+  encrypt: (data: Uint8Array) => Vec<u8>
 }
 
 export interface JsonRpcRequest {
diff --git a/packages/worker-api/src/sendRequest.ts b/packages/worker-api/src/sendRequest.ts
index c2fadf7d..f7264c6f 100644
--- a/packages/worker-api/src/sendRequest.ts
+++ b/packages/worker-api/src/sendRequest.ts
@@ -64,8 +64,10 @@ export const sendTrustedCall = async <T>(self: IEncointerWorker, call: TrustedCa
 
   console.log(`TrustedCall: ${JSON.stringify(call)}`);
 
+  const cyphertext = self.encrypt(call.toU8a());
+
   const r = self.createType(
-      'Request', { shard, cyphertext: call.toHex() }
+      'Request', { shard, cyphertext: cyphertext }
   );
 
   result = sendWorkerRequest(self, createJsonRpcRequest('author_submitExtrinsic', [r.toHex()], 1), parserType, options)
diff --git a/packages/worker-api/src/worker.ts b/packages/worker-api/src/worker.ts
index 952168d6..08cf810c 100644
--- a/packages/worker-api/src/worker.ts
+++ b/packages/worker-api/src/worker.ts
@@ -2,7 +2,7 @@ import type {u32, u64, Vec} from '@polkadot/types';
 import {TypeRegistry} from '@polkadot/types';
 import type {RegistryTypes} from '@polkadot/types/types';
 import {Keyring} from '@polkadot/keyring'
-import {hexToU8a} from '@polkadot/util';
+import {bufferToU8a, compactAddLength, hexToU8a, u8aToBuffer} from '@polkadot/util';
 
 import WebSocketAsPromised from 'websocket-as-promised';
 
@@ -21,7 +21,7 @@ import type {
   CommunityIdentifier,
   MeetupIndexType,
   ParticipantIndexType,
-  SchedulerState, ShardIdentifier,
+  SchedulerState, ShardIdentifier, TrustedCallSigned,
   Vault
 } from '@encointer/types';
 
@@ -30,6 +30,7 @@ import {parseBalance, parseNodeRSA} from './parsers.js';
 import {callGetter, sendTrustedCall} from './sendRequest.js';
 import {createTrustedCall} from "@encointer/worker-api/requests.js";
 import {PubKeyPinPair, toAccount} from "@encointer/util/common";
+import type {u8} from "@polkadot/types-codec";
 
 const unwrapWorkerResponse = (self: IEncointerWorker, data: string) => {
   /// Defaults to return `[]`, which is fine as `createType(api.registry, <type>, [])`
@@ -97,6 +98,8 @@ export class EncointerWorker extends WebSocketAsPromised implements IEncointerWo
 
   #keyring?: Keyring;
 
+  #shieldingKey?: NodeRSA
+
   rsCount: number;
 
   rqStack: string[];
@@ -123,6 +126,13 @@ export class EncointerWorker extends WebSocketAsPromised implements IEncointerWo
     }
   }
 
+  public encrypt(data: Uint8Array): Vec<u8> {
+    const buffer = u8aToBuffer(data);
+    const cypherTextBuffer = this.shieldingKey().encrypt(buffer);
+    const cypherArray = bufferToU8a(cypherTextBuffer);
+    return this.createType('Vec<u8>', compactAddLength(cypherArray))
+  }
+
   public createType(apiType: string, obj?: any): any {
     return this.#registry.createType(apiType as never, obj)
   }
@@ -135,6 +145,14 @@ export class EncointerWorker extends WebSocketAsPromised implements IEncointerWo
     this.#keyring = keyring;
   }
 
+  public shieldingKey(): NodeRSA | undefined {
+    return this.#shieldingKey;
+  }
+
+  public setShieldingKey(shieldingKey: NodeRSA): void {
+    this.#shieldingKey = shieldingKey;
+  }
+
   public cidFromStr(cidStr: String): CommunityIdentifier {
     return communityIdentifierFromString(this.#registry, cidStr);
   }
@@ -220,6 +238,15 @@ export class EncointerWorker extends WebSocketAsPromised implements IEncointerWo
   public async trustedBalanceTransfer(accountOrPubKey: KeyringPair | PubKeyPinPair, shard: ShardIdentifier, mrenclave: string, params: BalanceTransferArgs, options: CallOptions = {} as CallOptions): Promise<any> {
         const nonce = await this.getNonce(accountOrPubKey, mrenclave, options);
         const call = createTrustedCall(this, ['balance_transfer', 'BalanceTransferArgs'], accountOrPubKey, shard, mrenclave, nonce, params);
-        return sendTrustedCall<u32>(this, call, shard, 'u32', options);
+        return this.sendTrustedCall<u32>(call, shard, 'u32', options);
+  }
+
+  async sendTrustedCall<T>(call: TrustedCallSigned, shard: ShardIdentifier, parser: string, options: CallOptions = {} as CallOptions):  Promise<T> {
+    if (this.shieldingKey() == undefined) {
+      const key = await this.getShieldingKey(options);
+      this.setShieldingKey(key);
+    }
+
+    return sendTrustedCall(this, call, shard, parser, options);
   }
 }