From c7baf35919376a8f07bd84920b28b972d7ab40d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 12 Sep 2024 07:57:29 +0000 Subject: [PATCH 1/4] Bump anyhow from 1.0.87 to 1.0.88 in the patch-dependencies group (#1046) Bumps the patch-dependencies group with 1 update: [anyhow](https://github.com/dtolnay/anyhow). Updates `anyhow` from 1.0.87 to 1.0.88 - [Release notes](https://github.com/dtolnay/anyhow/releases) - [Commits](https://github.com/dtolnay/anyhow/compare/1.0.87...1.0.88) --- updated-dependencies: - dependency-name: anyhow dependency-type: direct:production update-type: version-update:semver-patch dependency-group: patch-dependencies ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Cargo.lock | 4 ++-- crates/client/Cargo.toml | 2 +- crates/protocol/Cargo.toml | 2 +- crates/test-cli/Cargo.toml | 2 +- crates/threshold-signature-server/Cargo.toml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index d9db6a482..bfad18e9b 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -215,9 +215,9 @@ dependencies = [ [[package]] name = "anyhow" -version = "1.0.87" +version = "1.0.88" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "10f00e1f6e58a40e807377c75c6a7f97bf9044fab57816f2414e6f5f4499d7b8" +checksum = "4e1496f8fb1fbf272686b8d37f523dab3e4a7443300055e74cdaa449f3114356" [[package]] name = "approx" diff --git a/crates/client/Cargo.toml b/crates/client/Cargo.toml index e985bfcba..552d0960e 100644 --- a/crates/client/Cargo.toml +++ b/crates/client/Cargo.toml @@ -29,7 +29,7 @@ reqwest ={ version="0.12.7", features=["json", "stream"], optional=true base64 ={ version="0.22.0", optional=true } synedrion ={ git="https://github.com/entropyxyz/synedrion", rev="1d210d149dfeb0dca1dd41d7fac4d0bf03c686fa", optional=true } hex ={ version="0.4.3", optional=true } -anyhow ="1.0.87" +anyhow ="1.0.88" # Only for the browser js-sys={ version="0.3.70", optional=true } diff --git a/crates/protocol/Cargo.toml b/crates/protocol/Cargo.toml index 313e273ec..eaad17a8b 100644 --- a/crates/protocol/Cargo.toml +++ b/crates/protocol/Cargo.toml @@ -49,7 +49,7 @@ schnorrkel ={ version="0.11.4", default-features=false, features=["std" [dev-dependencies] serial_test="3.1.1" sp-keyring ="34.0.0" -anyhow ="1.0.87" +anyhow ="1.0.88" num_cpus ="1.16.0" [features] diff --git a/crates/test-cli/Cargo.toml b/crates/test-cli/Cargo.toml index b027455c2..67a269673 100644 --- a/crates/test-cli/Cargo.toml +++ b/crates/test-cli/Cargo.toml @@ -14,7 +14,7 @@ clap ={ version="4.5.17", features=["derive"] } colored ="2.0.4" subxt ="0.35.3" sp-core ="31.0.0" -anyhow ="1.0.87" +anyhow ="1.0.88" tokio ={ version="1.40", features=["macros", "rt-multi-thread", "io-util", "process"] } hex ="0.4.3" bincode ="1.3.3" diff --git a/crates/threshold-signature-server/Cargo.toml b/crates/threshold-signature-server/Cargo.toml index 01f9fc5c8..d5d165f83 100644 --- a/crates/threshold-signature-server/Cargo.toml +++ b/crates/threshold-signature-server/Cargo.toml @@ -12,7 +12,7 @@ edition ='2021' # Common serde ={ version="1.0", default-features=false, features=["derive"] } serde_json ="1.0" -anyhow ="1.0.87" +anyhow ="1.0.88" thiserror ="1.0.63" blake2 ="0.10.4" x25519-dalek ={ version="2.0.1", features=["static_secrets"] } From b900c6dc5f94cbbdd2e3c769578b98f51d1d6841 Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 12 Sep 2024 11:34:00 +0200 Subject: [PATCH 2/4] Add test helper function which stores a program and registers a user (#1036) * WIP test helper fn * Update tests and improve test helper fn * Suggestions from review --- .../src/helpers/tests.rs | 42 +++++ .../src/user/tests.rs | 170 +++++------------- 2 files changed, 84 insertions(+), 128 deletions(-) diff --git a/crates/threshold-signature-server/src/helpers/tests.rs b/crates/threshold-signature-server/src/helpers/tests.rs index e754a8f88..07d25c070 100644 --- a/crates/threshold-signature-server/src/helpers/tests.rs +++ b/crates/threshold-signature-server/src/helpers/tests.rs @@ -40,6 +40,8 @@ use crate::{ use axum::{routing::IntoMakeService, Router}; use entropy_kvdb::{encrypted_sled::PasswordMethod, get_db_path, kv_manager::KvManager}; use entropy_protocol::PartyId; +#[cfg(test)] +use entropy_shared::EncodedVerifyingKey; use entropy_shared::{DAVE_VERIFYING_KEY, EVE_VERIFYING_KEY, NETWORK_PARENT_KEY}; use std::time::Duration; use subxt::{ @@ -291,3 +293,43 @@ pub async fn jump_start_network_with_signer( submit_transaction(api, rpc, &tss_signer, &jump_start_confirm_request, None).await.unwrap(); } } + +/// Helper to store a program and register a user. Returns the verify key and program hash. +#[cfg(test)] +pub async fn store_program_and_register( + api: &OnlineClient, + rpc: &LegacyRpcMethods, + user: &sr25519::Pair, + deployer: &sr25519::Pair, +) -> (EncodedVerifyingKey, sp_core::H256) { + use entropy_client::{ + self as test_client, + chain_api::entropy::runtime_types::pallet_registry::pallet::ProgramInstance, + }; + use entropy_testing_utils::constants::TEST_PROGRAM_WASM_BYTECODE; + use sp_core::Pair; + + let program_hash = test_client::store_program( + api, + rpc, + deployer, + TEST_PROGRAM_WASM_BYTECODE.to_owned(), + vec![], + vec![], + vec![], + ) + .await + .unwrap(); + + let (verifying_key, _registered_info) = test_client::register( + api, + rpc, + user.clone(), + SubxtAccountId32(deployer.public().0), // Program modification account + BoundedVec(vec![ProgramInstance { program_pointer: program_hash, program_config: vec![] }]), + ) + .await + .unwrap(); + + (verifying_key, program_hash) +} diff --git a/crates/threshold-signature-server/src/user/tests.rs b/crates/threshold-signature-server/src/user/tests.rs index 7ae0cd3b6..d0ff96501 100644 --- a/crates/threshold-signature-server/src/user/tests.rs +++ b/crates/threshold-signature-server/src/user/tests.rs @@ -122,7 +122,8 @@ use crate::{ substrate::{get_oracle_data, query_chain, submit_transaction}, tests::{ create_clients, initialize_test_logger, jump_start_network_with_signer, remove_program, - run_to_block, setup_client, spawn_testing_validators, unsafe_get, ChainSpecType, + run_to_block, setup_client, spawn_testing_validators, store_program_and_register, + unsafe_get, ChainSpecType, }, user::compute_hash, validator::get_signer_and_x25519_secret_from_mnemonic, @@ -183,37 +184,16 @@ async fn test_signature_requests_fail_on_different_conditions() { // for later jump_start_network(&entropy_api, &rpc).await; - // We need to store a program in order to be able to register succesfully - let program_hash = test_client::store_program( - &entropy_api, - &rpc, - &two.pair(), // This is our program deployer - TEST_PROGRAM_WASM_BYTECODE.to_owned(), - vec![], - vec![], - vec![], - ) - .await - .unwrap(); - - let (verifying_key, _registered_info) = test_client::register( - &entropy_api, - &rpc, - one.clone().into(), // This is our program modification account - subxtAccountId32(two.public().0), // This is our signature request account - BoundedVec(vec![ProgramInstance { program_pointer: program_hash, program_config: vec![] }]), - ) - .await - .unwrap(); + // Register the user with a test program + let (verifying_key, program_hash) = + store_program_and_register(&entropy_api, &rpc, &one.pair(), &two.pair()).await; // Test: We check that an account with a program succeeds in submiting a signature request let (validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; + get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key) + .await; // The account we registered does have a program pointer, so this should succeed - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; - signature_request.signature_verifying_key = verifying_key.to_vec(); - let test_user_res = submit_transaction_requests(validator_ips_and_keys.clone(), signature_request.clone(), one) .await; @@ -341,35 +321,13 @@ async fn signature_request_with_derived_account_works() { // for later jump_start_network(&entropy_api, &rpc).await; - // We need to store a program in order to be able to register succesfully - let program_hash = test_client::store_program( - &entropy_api, - &rpc, - &bob.pair(), // This is our program deployer - TEST_PROGRAM_WASM_BYTECODE.to_owned(), - vec![], - vec![], - vec![], - ) - .await - .unwrap(); + // Register the user with a test program + let (verifying_key, _program_hash) = + store_program_and_register(&entropy_api, &rpc, &charlie.pair(), &bob.pair()).await; - let (verifying_key, _registered_info) = test_client::register( - &entropy_api, - &rpc, - charlie.clone().into(), // This is our program modification account - subxtAccountId32(alice.public().0), // This is our signature request account - BoundedVec(vec![ProgramInstance { program_pointer: program_hash, program_config: vec![] }]), - ) - .await - .unwrap(); - - let (validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; - - // We'll use the actual verifying key we registered for the signature request - signature_request.signature_verifying_key = verifying_key.to_vec(); - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; + let (validators_info, signature_request, validator_ips_and_keys) = + get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key) + .await; let signature_request_responses = submit_transaction_requests( validator_ips_and_keys.clone(), @@ -411,8 +369,13 @@ async fn test_signing_fails_if_wrong_participants_are_used() { let mock_client = reqwest::Client::new(); - let (_validators_info, signature_request, _validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; + let (_validators_info, signature_request, _validator_ips_and_keys) = get_sign_tx_data( + &entropy_api, + &rpc, + hex::encode(PREIMAGE_SHOULD_SUCCEED), + DAVE_VERIFYING_KEY, + ) + .await; // fails verification tests // wrong key for wrong validator @@ -484,36 +447,16 @@ async fn test_request_limit_are_updated_during_signing() { jump_start_network(&entropy_api, &rpc).await; - let program_hash = test_client::store_program( - &entropy_api, - &rpc, - &two.pair(), // This is our program deployer - TEST_PROGRAM_WASM_BYTECODE.to_owned(), - vec![], - vec![], - vec![], - ) - .await - .unwrap(); - - let (verifying_key, _registered_info) = test_client::register( - &entropy_api, - &rpc, - one.clone().into(), // This is our program modification account - subxtAccountId32(two.public().0), // This is our signature request account - BoundedVec(vec![ProgramInstance { program_pointer: program_hash, program_config: vec![] }]), - ) - .await - .unwrap(); + // Register the user with a test program + let (verifying_key, _program_hash) = + store_program_and_register(&entropy_api, &rpc, &one.pair(), &two.pair()).await; // Test: We check that the rate limiter changes as expected when signature requests are sent // First we need to get a signature request to populate the KVDB for our verifying key let (validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; - - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; - signature_request.signature_verifying_key = verifying_key.to_vec(); + get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key) + .await; let test_user_res = submit_transaction_requests(validator_ips_and_keys.clone(), signature_request.clone(), one) @@ -607,30 +550,13 @@ async fn test_fails_to_sign_if_non_signing_group_participants_are_used() { jump_start_network(&entropy_api, &rpc).await; - let program_hash = test_client::store_program( - &entropy_api, - &rpc, - &two.pair(), // This is our program deployer - TEST_PROGRAM_WASM_BYTECODE.to_owned(), - vec![], - vec![], - vec![], - ) - .await - .unwrap(); - - let (verifying_key, _registered_info) = test_client::register( - &entropy_api, - &rpc, - one.clone().into(), // This is our program modification account - subxtAccountId32(two.public().0), // This is our signature request account - BoundedVec(vec![ProgramInstance { program_pointer: program_hash, program_config: vec![] }]), - ) - .await - .unwrap(); + // Register the user with a test program + let (verifying_key, _program_hash) = + store_program_and_register(&entropy_api, &rpc, &one.pair(), &two.pair()).await; - let (_validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; + let (_validators_info, signature_request, validator_ips_and_keys) = + get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key) + .await; let message_hash = Hasher::keccak(PREIMAGE_SHOULD_SUCCEED); let signature_request_account = subxtAccountId32(one.pair().public().0); @@ -676,12 +602,9 @@ async fn test_fails_to_sign_if_non_signing_group_participants_are_used() { encrypted_connection.recv().await.is_err() }); - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; - signature_request.signature_verifying_key = verifying_key.to_vec(); - let test_user_bad_connection_res = submit_transaction_requests( vec![validator_ips_and_keys[0].clone()], - signature_request.clone(), + signature_request, one, ) .await; @@ -767,12 +690,8 @@ async fn test_program_with_config() { .unwrap(); // Now we'll send off a signature request using the new program - let (validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(message)).await; - - // We'll use the actual verifying key we registered for the signature request - signature_request.signature_verifying_key = verifying_key.to_vec(); - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; + let (validators_info, signature_request, validator_ips_and_keys) = + get_sign_tx_data(&entropy_api, &rpc, hex::encode(message), verifying_key).await; // Here we check that the signature request was indeed completed successfully let signature_request_responses = @@ -1043,12 +962,8 @@ async fn test_fail_infinite_program() { .unwrap(); // Now we'll send off a signature request using the new program - let (_validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; - - // We'll use the actual verifying key we registered for the signature request - signature_request.signature_verifying_key = verifying_key.to_vec(); - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; + let (_validators_info, signature_request, validator_ips_and_keys) = + get_sign_tx_data(&api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key).await; let test_infinite_loop = submit_transaction_requests(validator_ips_and_keys.clone(), signature_request.clone(), one) @@ -1186,11 +1101,9 @@ async fn test_device_key_proxy() { // Now we'll send off a signature request using the new program with auxilary data let (validators_info, mut signature_request, validator_ips_and_keys) = - get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED)).await; + get_sign_tx_data(&entropy_api, &rpc, hex::encode(PREIMAGE_SHOULD_SUCCEED), verifying_key) + .await; - // We'll use the actual verifying key we registered for the signature request - signature_request.signature_verifying_key = verifying_key.to_vec(); - signature_request.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; signature_request.auxilary_data = auxilary_data; let test_user_res = @@ -1396,7 +1309,7 @@ async fn test_faucet() { #[tokio::test] #[serial] -async fn test_new_registration_flow() { +async fn test_registration_flow() { initialize_test_logger().await; clean_tests(); @@ -1594,6 +1507,7 @@ pub async fn get_sign_tx_data( api: &OnlineClient, rpc: &LegacyRpcMethods, message: String, + signature_verifying_key: [u8; 33], ) -> (Vec, UserSignatureRequest, Vec<(String, [u8; 32])>) { let validators_info = get_signers_from_chain(api, rpc).await.unwrap(); @@ -1604,9 +1518,9 @@ pub async fn get_sign_tx_data( Some(hex::encode(AUXILARY_DATA_SHOULD_SUCCEED)), ]), validators_info: validators_info.clone(), - block_number: 0, + block_number: rpc.chain_get_header(None).await.unwrap().unwrap().number, hash: HashingAlgorithm::Keccak, - signature_verifying_key: DAVE_VERIFYING_KEY.to_vec(), + signature_verifying_key: signature_verifying_key.to_vec(), }; let validator_ips_and_keys = From 766e9b9beb041ec0a687ec82bf47ff2c71c31425 Mon Sep 17 00:00:00 2001 From: peg Date: Thu, 12 Sep 2024 18:55:04 +0200 Subject: [PATCH 3/4] Bump tdx-quote - and specify a version (#1047) * Bump tdx-quote - and specify a version * Taplo --- Cargo.lock | 3 +- crates/threshold-signature-server/Cargo.toml | 34 +++++++++++--------- pallets/attestation/Cargo.toml | 4 +-- 3 files changed, 22 insertions(+), 19 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index bfad18e9b..520bb046d 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -14130,10 +14130,11 @@ checksum = "e1fc403891a21bcfb7c37834ba66a547a8f402146eba7265b5a6d88059c9ff2f" [[package]] name = "tdx-quote" version = "0.1.0" -source = "git+https://github.com/entropyxyz/tdx-quote#785cd6680e857cc527037befba185fb5f84ab806" +source = "git+https://github.com/entropyxyz/tdx-quote?rev=f7968ff#f7968ff35ff744ff8c007cffe6ec8d709d7f18d9" dependencies = [ "nom", "p256", + "sha2 0.10.8", ] [[package]] diff --git a/crates/threshold-signature-server/Cargo.toml b/crates/threshold-signature-server/Cargo.toml index d5d165f83..a449540d8 100644 --- a/crates/threshold-signature-server/Cargo.toml +++ b/crates/threshold-signature-server/Cargo.toml @@ -57,21 +57,23 @@ uuid ={ version="1.10.0", features=["v4"] } # Misc tokio-tungstenite="0.23.1" -bincode ="1.3.3" -bip32 ={ version="0.5.2" } -bip39 ={ version="2.0.0", features=["zeroize"] } -bytes ={ version="1.7", default-features=false, features=["serde"] } -base64 ="0.22.1" -clap ={ version="4.5.17", features=["derive"] } -num ="0.4.3" -snow ="0.9.6" -sha3 ="0.10.8" -hostname ="0.4" -sha1 ="0.10.6" -sha2 ="0.10.8" -hkdf ="0.12.4" -project-root ={ version="0.2.2", optional=true } -tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", optional=true, features=["mock"] } +bincode="1.3.3" +bip32={ version="0.5.2" } +bip39={ version="2.0.0", features=["zeroize"] } +bytes={ version="1.7", default-features=false, features=["serde"] } +base64="0.22.1" +clap={ version="4.5.17", features=["derive"] } +num="0.4.3" +snow="0.9.6" +sha3="0.10.8" +hostname="0.4" +sha1="0.10.6" +sha2="0.10.8" +hkdf="0.12.4" +project-root={ version="0.2.2", optional=true } +tdx-quote={ git="https://github.com/entropyxyz/tdx-quote", rev="f7968ff", optional=true, features=[ + "mock", +] } [dev-dependencies] serial_test ="3.1.1" @@ -85,7 +87,7 @@ ethers-core ="2.0.14" schnorrkel ={ version="0.11.4", default-features=false, features=["std"] } schemars ={ version="0.8.21" } subxt-signer="0.35.3" -tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", features=["mock"] } +tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", rev="f7968ff", features=["mock"] } # Note: We don't specify versions here because otherwise we run into a cyclical dependency between # `entropy-tss` and `entropy-testing-utils` when we try and publish the `entropy-tss` crate. diff --git a/pallets/attestation/Cargo.toml b/pallets/attestation/Cargo.toml index 6149b527c..44d63ae1c 100644 --- a/pallets/attestation/Cargo.toml +++ b/pallets/attestation/Cargo.toml @@ -27,7 +27,7 @@ entropy-shared={ version="0.2.0", path="../../crates/shared", features=[ "wasm-no-std", ], default-features=false } pallet-staking-extension={ version="0.2.0", path="../staking", default-features=false } -tdx-quote={ git="https://github.com/entropyxyz/tdx-quote" } +tdx-quote={ git="https://github.com/entropyxyz/tdx-quote", rev="f7968ff" } [dev-dependencies] pallet-session ={ version="29.0.0", default-features=false } @@ -38,7 +38,7 @@ pallet-timestamp ={ version="28.0.0", default-features=false } sp-npos-elections ={ version="27.0.0", default-features=false } frame-election-provider-support={ version="29.0.0", default-features=false } pallet-staking-reward-curve ={ version="11.0.0" } -tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", features=["mock"] } +tdx-quote ={ git="https://github.com/entropyxyz/tdx-quote", rev="f7968ff", features=["mock"] } rand_core ="0.6.4" [features] From 815c35676e22c454de086032ea6c6ef9f0a1bd7c Mon Sep 17 00:00:00 2001 From: JesseAbram <33698952+JesseAbram@users.noreply.github.com> Date: Thu, 12 Sep 2024 17:18:04 -0400 Subject: [PATCH 4/4] Fix hardcoded threshold amount (#1048) * Fix hardcoded threshold amount * fmt * lint --- crates/client/src/user.rs | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/crates/client/src/user.rs b/crates/client/src/user.rs index 99dc1a67a..1c018fad2 100644 --- a/crates/client/src/user.rs +++ b/crates/client/src/user.rs @@ -49,11 +49,14 @@ pub async fn get_signers_from_chain( .await? .ok_or_else(|| SubgroupGetError::ChainFetch("Get all validators error"))?; - // TODO #898 For now we use a fix proportion of the number of validators as the threshold - let threshold = (validators.len() as f32 * 0.75) as usize; + let key_info_query = entropy::storage().parameters().signers_info(); + let threshold = query_chain(api, rpc, key_info_query, None) + .await? + .ok_or_else(|| SubgroupGetError::ChainFetch("Failed to get signers info"))? + .threshold; // TODO #899 For now we just take the first t validators as the ones to perform signing - validators.truncate(threshold); + validators.truncate(threshold as usize); let block_hash = rpc.chain_get_block_hash(None).await?; let mut handles = Vec::new();