thrumdev
diff --git a/‎Cargo.lock
Lines changed: 36 additions & 1 deletion b/‎Cargo.lock
Lines changed: 36 additions & 1 deletion
diff --git a/‎sugondat-chain/pallets/blobs/Cargo.toml
Lines changed: 3 additions & 1 deletion b/‎sugondat-chain/pallets/blobs/Cargo.toml
Lines changed: 3 additions & 1 deletion
diff --git a/‎sugondat-chain/pallets/blobs/src/lib.rs
Lines changed: 29 additions & 8 deletions b/‎sugondat-chain/pallets/blobs/src/lib.rs
Lines changed: 29 additions & 8 deletions
diff --git a/‎sugondat-chain/pallets/blobs/src/namespace_param.rs
Lines changed: 99 additions & 0 deletions b/‎sugondat-chain/pallets/blobs/src/namespace_param.rs
Lines changed: 99 additions & 0 deletions
diff --git a/‎sugondat-chain/pallets/blobs/src/tests.rs
Lines changed: 13 additions & 13 deletions b/‎sugondat-chain/pallets/blobs/src/tests.rs
Lines changed: 13 additions & 13 deletions
diff --git a/‎sugondat-chain/primitives/Cargo.toml
Lines changed: 3 additions & 1 deletion b/‎sugondat-chain/primitives/Cargo.toml
Lines changed: 3 additions & 1 deletion
@@ -29,10 +29,12 @@ sugondat-nmt = { path = "../../../sugondat-nmt", default-features = false }
 
 [dev-dependencies]
 serde = { version = "1.0.132" }
-sp-io = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0"}
+quickcheck = "1.0.3"
+quickcheck_macros = "1.0.0"
 
 # Substrate
 sp-core = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0" }
+sp-io = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0"}
 
 [features]
 default = ["std"]
 
@@ -5,6 +5,8 @@
 /// <https://docs.substrate.io/v3/runtime/frame>
 pub use pallet::*;
 
+mod namespace_param;
+
 #[cfg(test)]
 mod mock;
 #[cfg(test)]
@@ -28,6 +30,7 @@ use frame_support::traits::{Get, IsSubType};
 
 #[frame_support::pallet]
 pub mod pallet {
+    use crate::namespace_param::UnvalidatedNamespace;
     pub use crate::weights::WeightInfo;
     use frame_support::{
         dispatch::DispatchResultWithPostInfo,
@@ -74,7 +77,7 @@ pub mod pallet {
     pub struct SubmittedBlobMetadata<AccountId> {
         pub who: AccountId,
         pub extrinsic_index: u32,
-        pub namespace_id: u32,
+        pub namespace_id: u128,
         pub blob_hash: [u8; 32],
     }
 
@@ -95,7 +98,7 @@ pub mod pallet {
             /// The extrinsic index at which the blob was submitted.
             extrinsic_index: u32,
             /// The namespace ID the blob was submitted in.
-            namespace_id: u32,
+            namespace_id: u128,
             /// The length of the blob data.
             blob_len: u32,
             /// The SHA256 hash of the blob.
@@ -137,7 +140,7 @@ pub mod pallet {
             let blobs = BlobList::<T>::take()
                 .iter()
                 .map(|blob| sugondat_nmt::BlobMetadata {
-                    namespace: sugondat_nmt::Namespace::from_u32_be(blob.namespace_id),
+                    namespace: sugondat_nmt::Namespace::from_u128_be(blob.namespace_id),
                     leaf: sugondat_nmt::NmtLeaf {
                         extrinsic_index: blob.extrinsic_index,
                         who: blob.who.encode().try_into().unwrap(),
@@ -170,11 +173,16 @@ pub mod pallet {
         )]
         pub fn submit_blob(
             origin: OriginFor<T>,
-            namespace_id: u32,
+            namespace_id: UnvalidatedNamespace,
             blob: Vec<u8>,
         ) -> DispatchResultWithPostInfo {
             let who = ensure_signed(origin)?;
 
+            let namespace_id = match namespace_id.validate() {
+                Ok(id) => id,
+                Err(_) => panic!("Invalid namespace"),
+            };
+
             let blob_len = blob.len() as u32;
             if blob_len > T::MaxBlobSize::get() {
                 panic!("Blob size limit exceeded");
@@ -304,11 +312,24 @@ where
         // This is what's called when evaluating transactions within the pool.
 
         if let Some(local_call) = call.is_sub_type() {
-            if let Call::submit_blob { blob, .. } = local_call {
+            // Failures here are intended to expunge the transaction from the pool
+            // entirely.
+            if let Call::submit_blob {
+                namespace_id, blob, ..
+            } = local_call
+            {
+                if namespace_id.validate().is_err() {
+                    // This could become valid later when accepting new namespace ID
+                    // formats, but that is rare.
+                    return Err(InvalidTransaction::Custom(
+                        InvalidTransactionCustomError::InvalidNamespaceId as u8,
+                    )
+                    .into());
+                }
+
                 if blob.len() as u32 > T::MaxBlobSize::get() {
-                    // This causes the transaction to be expunged from the transaction pool.
-                    // It will not be valid unless the configured limit is increased by governance,
-                    // which is a rare event.
+                    // This could become valid later, but only if the configured limit is
+                    // increased by governance, which is a rare event.
                     return Err(InvalidTransaction::Custom(
                         InvalidTransactionCustomError::BlobExceedsSizeLimit as u8,
                     )
 
@@ -0,0 +1,99 @@
+//! Namespaces as a parameter.
+//!
+//! Namespaces are encoded as 16-byte arrays, with the following schema:
+//!   - The first byte is reserved for a version byte which determines the format
+//!     of the following 15 bytes. At the moment, the only supported value for this byte
+//!     is `0x00`, which indicates version 0.
+//!   - In version 0, bytes 1 through 5 are required to be equal to `0x00` and bytes 6 through
+//!     15 are allowed to hold any value.
+
+use codec::{Decode, Encode, MaxEncodedLen};
+use scale_info::TypeInfo;
+use sp_runtime::RuntimeDebug;
+
+/// An error in namespace validation.
+pub enum NamespaceValidationError {
+    /// Unrecognized version.
+    UnrecognizedVersion(u8),
+    /// V0: reserved bytes are non-zero.
+    V0NonZeroReserved,
+}
+
+/// Validate a namespace against known schemas.
+pub fn validate(namespace: &[u8; 16]) -> Result<(), NamespaceValidationError> {
+    if namespace[0] != 0 {
+        return Err(NamespaceValidationError::UnrecognizedVersion(namespace[0]));
+    }
+    if &namespace[1..6] != &[0, 0, 0, 0, 0] {
+        return Err(NamespaceValidationError::V0NonZeroReserved);
+    }
+
+    Ok(())
+}
+
+/// Type-safe wrapper around an unvalidated blob namespace.
+#[derive(Encode, Decode, TypeInfo, MaxEncodedLen, Clone, PartialEq, RuntimeDebug)]
+pub struct UnvalidatedNamespace([u8; 16]);
+
+impl UnvalidatedNamespace {
+    /// Validate the namespace, extracting the full data.
+    pub fn validate(&self) -> Result<u128, NamespaceValidationError> {
+        validate(&self.0).map(|()| u128::from_be_bytes(self.0))
+    }
+}
+
+impl From<[u8; 16]> for UnvalidatedNamespace {
+    fn from(x: [u8; 16]) -> Self {
+        UnvalidatedNamespace(x)
+    }
+}
+
+impl From<u128> for UnvalidatedNamespace {
+    fn from(x: u128) -> Self {
+        UnvalidatedNamespace(x.to_be_bytes())
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use quickcheck::TestResult;
+    use quickcheck_macros::quickcheck;
+    use std::matches;
+
+    #[quickcheck]
+    fn namespace_validation_not_v0_fails(version_byte: u8) -> TestResult {
+        if version_byte == 0x00 {
+            return TestResult::discard();
+        }
+        TestResult::from_bool(matches!(
+            validate(&[version_byte, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
+            Err(NamespaceValidationError::UnrecognizedVersion(v)) if v == version_byte,
+        ))
+    }
+
+    #[quickcheck]
+    fn namespace_validation_v0_reserved_occupied_fails(
+        reserved: (u8, u8, u8, u8, u8),
+    ) -> TestResult {
+        if reserved == (0, 0, 0, 0, 0) {
+            return TestResult::discard();
+        }
+        let (a, b, c, d, e) = reserved;
+        TestResult::from_bool(matches!(
+            validate(&[0u8, a, b, c, d, e, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]),
+            Err(NamespaceValidationError::V0NonZeroReserved),
+        ))
+    }
+
+    #[quickcheck]
+    fn namespace_validation_v0_works(namespace: Vec<u8>) -> TestResult {
+        if namespace.len() < 10 {
+            return TestResult::discard();
+        }
+
+        let mut n = [0u8; 16];
+        n[6..].copy_from_slice(&namespace[..10]);
+        TestResult::from_bool(matches!(validate(&n), Ok(())))
+    }
+}
@@ -2,7 +2,7 @@ use crate as pallet_blobs;
 use crate::{mock::*, *};
 use codec::Encode;
 use frame_support::traits::Hooks;
-use frame_support::{assert_noop, assert_ok, traits::Get, BoundedVec};
+use frame_support::{assert_noop, assert_ok, traits::Get};
 use sha2::Digest;
 use sp_core::{crypto::Pair, sr25519};
 use sp_runtime::transaction_validity::{
@@ -30,7 +30,7 @@ fn test_correct_submitted_blob() {
 
         assert_ok!(Blobs::submit_blob(
             RuntimeOrigin::signed(alice()),
-            namespace_id,
+            namespace_id.into(),
             blob.clone()
         ));
 
@@ -51,7 +51,7 @@ fn test_no_extrinsic_index() {
     new_test_ext().execute_with(|| {
         sp_io::storage::clear(b":extrinsic_index");
         assert_noop!(
-            Blobs::submit_blob(RuntimeOrigin::signed(alice()), 0, get_blob(10)),
+            Blobs::submit_blob(RuntimeOrigin::signed(alice()), 0.into(), get_blob(10)),
             Error::<Test>::NoExtrinsicIndex
         );
     });
@@ -63,7 +63,7 @@ macro_rules! submit_blobs {
         for i in 0..$n_blobs {
             assert_ok!(Blobs::submit_blob(
                 RuntimeOrigin::signed(alice()),
-                i,
+                (i as u128).into(),
                 blob.clone()
             ));
         }
@@ -118,11 +118,11 @@ fn test_blob_appended_to_blob_list() {
         let blob_hash: [u8; 32] = sha2::Sha256::digest(blob.clone()).into();
         let mut blobs_metadata = vec![];
 
-        let mut submit_blob_and_assert = |namespace_id, extrinsic_index: u32| {
+        let mut submit_blob_and_assert = |namespace_id: u128, extrinsic_index: u32| {
             sp_io::storage::set(b":extrinsic_index", &(extrinsic_index).encode());
             assert_ok!(Blobs::submit_blob(
                 RuntimeOrigin::signed(alice()),
-                namespace_id,
+                namespace_id.into(),
                 blob.clone()
             ));
 
@@ -154,7 +154,7 @@ fn test_namespace_order() {
 
         let mut push_leaf = |namespace_id, extrinsic_index| {
             tree.push_leaf(
-                Namespace::from_u32_be(namespace_id),
+                Namespace::from_u128_be(namespace_id),
                 NmtLeaf {
                     extrinsic_index,
                     who: alice().into(),
@@ -164,11 +164,11 @@ fn test_namespace_order() {
             .expect("Impossible push leaf into nmt-tree");
         };
 
-        let mut submit_blob = |namespace_id, extrinsic_index: u32| {
+        let mut submit_blob = |namespace_id: u128, extrinsic_index: u32| {
             sp_io::storage::set(b":extrinsic_index", &(extrinsic_index).encode());
             assert_ok!(Blobs::submit_blob(
                 RuntimeOrigin::signed(alice()),
-                namespace_id,
+                namespace_id.into(),
                 blob.clone()
             ));
 
@@ -223,7 +223,7 @@ fn test_deposited_event() {
 
         assert_ok!(Blobs::submit_blob(
             RuntimeOrigin::signed(alice()),
-            namespace_id,
+            namespace_id.into(),
             blob.clone()
         ));
 
@@ -254,7 +254,7 @@ fn test_on_finalize() {
     for n_blob_to_test in (0..max_blobs).step_by((max_blobs / 10) as usize) {
         for extrinsic_index in added_leaf..n_blob_to_test {
             tree.push_leaf(
-                Namespace::from_u32_be(extrinsic_index),
+                Namespace::from_u128_be(extrinsic_index as u128),
                 NmtLeaf {
                     extrinsic_index,
                     who: alice().into(),
@@ -271,7 +271,7 @@ fn test_on_finalize() {
                 sp_io::storage::set(b":extrinsic_index", &(extrinsic_index).encode());
                 assert_ok!(Blobs::submit_blob(
                     RuntimeOrigin::signed(alice()),
-                    extrinsic_index,
+                    (extrinsic_index as u128).into(),
                     blob.clone()
                 ));
             }
@@ -296,7 +296,7 @@ macro_rules! submit_blob_call {
     ([blob_size] $blob_size: expr) => {
         RuntimeCall::Blobs(
             Call::submit_blob {
-                namespace_id: 0,
+                namespace_id: 0.into(),
                 blob: get_blob($blob_size),
             }
             .into(),
 
@@ -7,10 +7,12 @@ license = "MIT OR Apache-2.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
+codec = { package = "parity-scale-codec", version = "3.0.0", features = ["derive"], default-features = false }
+
 sp-runtime = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0" }
 sp-core = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0" }
 sp-consensus-aura = { git = "https://github.com/paritytech/polkadot-sdk", default-features = false, branch = "release-polkadot-v1.4.0" }
 
 [features]
 default = ["std"]
-std = ["sp-runtime/std", "sp-core/std", "sp-consensus-aura/std"]
+std = ["codec/std", "sp-runtime/std", "sp-core/std", "sp-consensus-aura/std"]