Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lkg init #5

Open
wants to merge 6 commits into
base: j-main
Choose a base branch
from
Open

lkg init #5

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
0b480d4
lkg init
jonathanMweiss Dec 8, 2024
f029e55
fx: names
jonathanMweiss Dec 16, 2024
70d84ba
added comment to the main file
jonathanMweiss Dec 16, 2024
fa5123d
commenting about simulateDKG method
jonathanMweiss Dec 16, 2024
f5a3d78
fx: renamed file
jonathanMweiss Dec 16, 2024
1b5ed5a
fx: where-to-save correct usage
jonathanMweiss Dec 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 27 additions & 0 deletions node/pkg/tss/implementation_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,10 +2,14 @@ package tss

import (
"context"
crand "crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"errors"
"fmt"
"math/big"
"math/rand"
"net"
"sync"
"testing"
"time"
Expand Down Expand Up @@ -493,6 +497,29 @@ func TestBadInputs(t *testing.T) {
})
}

func createX509Cert(dnsName string) *x509.Certificate {
// using random serial number
var serialNumberLimit = new(big.Int).Lsh(big.NewInt(1), 128)

serialNumber, err := crand.Int(crand.Reader, serialNumberLimit)
if err != nil {
panic(err)
}

tmpl := x509.Certificate{
SerialNumber: serialNumber,
Subject: pkix.Name{Organization: []string{"tsscomm"}},
SignatureAlgorithm: x509.ECDSAWithSHA256,
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 366 * 40), // valid for > 40 years used for tests...
BasicConstraintsValid: true,

DNSNames: []string{"localhost", dnsName},
IPAddresses: []net.IP{net.IPv4(127, 0, 0, 1)},
}
return &tmpl
}

func TestFetchPartyId(t *testing.T) {
a := assert.New(t)
engines := load5GuardiansSetupForBroadcastChecks(a)
Expand Down
83 changes: 83 additions & 0 deletions node/pkg/tss/internal/cmd/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
Please read the entire document before running the protocol.


# Running 'local' DKG

The following binary runs the DKG protocol to
generate secrets for guardians to use by the threshold signing scheme (TSS).

The script expects a config file (similar to the cnfg.json) provided
in this package.
The config file contains a few key fields:
```
"NumParticipants": int,
"WantedThreshold": int,
"GuardianSpecifics" : array
```
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think there should be a cfg.example.json with actual numbers





Where `NumParticipants` is the number of guardians in the system,
`WantedThreshold` is the wanted threshold (For instance, `NumParticipants=19` and `WantedThreshold=13`).
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WantedThreshold is the number of guardians that need to approve a VAA?


The following is an example of the `GuardianSpecifics` array (for a working example, please see `cnfg.json`):


```
"GuardianSpecifics": [
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JS
UgvVENDQmVXZ0F3SUJBZ0lRYUJZRTMvTTA4WEhZQ25OVm1jRkJja
kFOQmdrcWhraUc5dzBCQVFzRkFEQnkKTVFzd0NRWURWUVFHRXdKV
.
.
.
FlscWNPbWVYMXVGbUtiZGkvWG9yR2xrQ29NRjNURHg4cm1wOURCa
UIvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0="

},
"WhereToSaveSecrets": "/Path/To/File/NameWithoutPrefix"
},
{
"Identifier": {...},
"WhereToSaveSecrets": "..."
},
{...},
.
.
.
]
```

The DKG protocol is used to generate secrets to TSS,
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is for DKG. This binary runs it locally, so we should clarify that in the local setting, certs are only used for assigning names since there's no communication to encrypt. (thus, no need to provide the secret key that will be used to protect future communication).

and it assumes a public key infrastructure.
These public keys are x509 certificates (and stored inside `GuardianSpecifics[i].Identifier.TlsX509`),
and are used later by the TSS to establish TLS channels between the participants.
As a result, the x509 certificate provided by you should be self-signed root-level certificates.
In addition, you should safely store the signing key you've used to sign your certificate in a known location ([see after running the protocol](#after-running-the-local-dkg-protocol))


When creating the X509 certificates, be aware that the DNS name you set
in the certificate will be used as the hostname of
servers participating in the TSS protocol.
As a result, please refrain from using hostnames that are
unreachable.


# After running the local DKG protocol.

Once you run the protocol, expect numerous files containing secret keys and
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

where are these files created? are they placed in some directory structure? (e.g., one directory per guardian?). numerous seems under specified.

additional configurations.
Each guardian operator should take the file saved by the given name they
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps: those files may be used in a guardian's config to point to its key shard.

provided in the config.

The file each operator holds should be kept like other files containing secret keys.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

could you rephrase these sentences? I didn't quite get it.
Perhaps the config should also include the TLS secret key that this program doesn't have access to?

og -> of?

This file contains the result og the DKG, before this file is usable, one should provide the signing key used to sign the x509 certificate used by the DKG protocol.






38 changes: 38 additions & 0 deletions node/pkg/tss/internal/cmd/cnfg.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is the cfg.example.json I was asking about earlier. It should be in a separate file that the README points to.

"NumParticipants": 5,
"WantedThreshold": 3,

"GuardianSpecifics": [
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUgvVENDQmVXZ0F3SUJBZ0lRYUJZRTMvTTA4WEhZQ25OVm1jRkJjakFOQmdrcWhraUc5dzBCQVFzRkFEQnkKTVFzd0NRWURWUVFHRXdKVlV6RU9NQXdHQTFVRUNBd0ZWR1Y0WVhNeEVEQU9CZ05WQkFjTUIwaHZkWE4wYjI0eApFVEFQQmdOVkJBb01DRk5UVENCRGIzSndNUzR3TEFZRFZRUUREQ1ZUVTB3dVkyOXRJRVZXSUZOVFRDQkpiblJsCmNtMWxaR2xoZEdVZ1EwRWdVbE5CSUZJek1CNFhEVEl3TURRd01UQXdOVGd6TTFvWERUSXhNRGN4TmpBd05UZ3oKTTFvd2diMHhDekFKQmdOVkJBWVRBbFZUTVE0d0RBWURWUVFJREFWVVpYaGhjekVRTUE0R0ExVUVCd3dIU0c5MQpjM1J2YmpFUk1BOEdBMVVFQ2d3SVUxTk1JRU52Y25BeEZqQVVCZ05WQkFVVERVNVdNakF3T0RFMk1UUXlORE14CkZEQVNCZ05WQkFNTUMzZDNkeTV6YzJ3dVkyOXRNUjB3R3dZRFZRUVBEQlJRY21sMllYUmxJRTl5WjJGdWFYcGgKZEdsdmJqRVhNQlVHQ3lzR0FRUUJnamM4QWdFQ0RBWk9aWFpoWkdFeEV6QVJCZ3NyQmdFRUFZSTNQQUlCQXhNQwpWVk13Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRREhoZVJrYmIxRkNjN3hSS3N0CndLMEpJR2FLWTh0N0piUzJiUTJiNllJSkRnbkh1SVlIcUJyQ1VWNzlvZWxpa2tva1JrRnZjdnBhS2luRkhEUUgKVXBXRUk2UlVFUlltU0NnM084V2k0MnVPY1YyQjVaYWJtWENrd2R4WTVFY2w1MUJiTThVbkdkb0FHYmRObWlSbQpTbVRqY3MrbGhNeGc0ZkZZNmxCcGlFVkZpR1VqR1JSKzYxUjY3THo2VTRLSmVMTmNDbTA3UXdGWUtCbXBpMDhnCmR5Z1N2UmRVdzU1Sm9wcmVkaitWR3RqVWtCNGhGVDRHUVgvZ2h0NjlSbHF6Lys4dTBkRVFraHVVdXVjcnFhbG0KU0d5NDNIUndCZkRLRndZZVdNN0NQTWQ1ZS9kTyt0MDh0OFBianpWVFR2NWhRRENzRVlJVjJUN0FGSTlTY054TQpraDcvQWdNQkFBR2pnZ05CTUlJRFBUQWZCZ05WSFNNRUdEQVdnQlMvd1ZxSC95ajZRVDM5dDAva0hhK2dZVmdwCnZUQi9CZ2dyQmdFRkJRY0JBUVJ6TUhFd1RRWUlLd1lCQlFVSE1BS0dRV2gwZEhBNkx5OTNkM2N1YzNOc0xtTnYKYlM5eVpYQnZjMmwwYjNKNUwxTlRUR052YlMxVGRXSkRRUzFGVmkxVFUwd3RVbE5CTFRRd09UWXRVak11WTNKMApNQ0FHQ0NzR0FRVUZCekFCaGhSb2RIUndPaTh2YjJOemNITXVjM05zTG1OdmJUQWZCZ05WSFJFRUdEQVdnZ3QzCmQzY3VjM05zTG1OdmJZSUhjM05zTG1OdmJUQmZCZ05WSFNBRVdEQldNQWNHQldlQkRBRUJNQTBHQ3lxRWFBR0cKOW5jQ0JRRUJNRHdHRENzR0FRUUJncWt3QVFNQkJEQXNNQ29HQ0NzR0FRVUZCd0lCRmg1b2RIUndjem92TDNkMwpkeTV6YzJ3dVkyOXRMM0psY0c5emFYUnZjbmt3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGCkJ3TUJNRWdHQTFVZEh3UkJNRDh3UGFBN29EbUdOMmgwZEhBNkx5OWpjbXh6TG5OemJDNWpiMjB2VTFOTVkyOXQKTFZOMVlrTkJMVVZXTFZOVFRDMVNVMEV0TkRBNU5pMVNNeTVqY213d0hRWURWUjBPQkJZRUZBREFGVUlhenc1cgpaSUhhcG5SeElVbnB3K0dMTUE0R0ExVWREd0VCL3dRRUF3SUZvRENDQVgwR0Npc0dBUVFCMW5rQ0JBSUVnZ0Z0CkJJSUJhUUZuQUhjQTlseVVMOUYzTUNJVVZCZ0lNSlJXanVOTkV4a3p2OThNTHlBTHpFN3haT01BQUFGeE0waG8KYndBQUJBTUFTREJHQWlFQTZ4ZWxpTlI4R2svNjNwWWRuUy92T3gvQ2pwdEVNRXY4OVdXaDEvdXJXSUVDSVFEeQpCcmVIVTI1RHp3dWtRYVJRandXNjU1WkxrcUNueGJ4UVdSaU9lbWo5SkFCMUFKUWd2QjZPMVkxc2lITWZnb3NpCkxBM1IyazFlYkUrVVBXSGJUaTlZVGFMQ0FBQUJjVE5JYU53QUFBUURBRVl3UkFJZ0dSRTR3emFiTlJkRDhrcS8KdkZQM3RRZTJobTB4NW5YdWxvd2g0SWJ3M2xrQ0lGWWIvM2xTRHBsUzdBY1I0citYcFd0RUtTVEZXSm1OQ1JiYwpYSnVyMlJHQkFIVUE3c0NWN28xeVpBK1M0OE81RzhjU28ybHFDWHRMYWhvVU9PWkhzc3Z0eGZrQUFBRnhNMGhvCjh3QUFCQU1BUmpCRUFpQjZJdmJvV3NzM1I0SXRWd2plYmw3RDN5b0ZhWDBORGgyZFdoaGd3Q3hySHdJZ0NmcTcKb2NNQzV0KzFqaTVNNXhhTG1QQzRJK1dYM0kvQVJrV1N5aU83SVFjd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQgpBQ2V1dXI0UW51anFtZ3VTckhVM21oZitjSm9kelRRTnFvNHRkZStQRDEvZUZkWUFFTHU4eEYrMEF0N3hKaVBZCmk1Ukt3aWx5UDU2diszaVkyVDlsdzdTOFRKMDQxVkxoYUlLcDE0TXpTVXpSeWVvT0FzSjdRQURNQ2xIS1VEbEgKVVUycE51bzg4WTZpZ292VDNic253Sk5pRVFOcXltU1NZaGt0dzB0YWR1b3FqcVhuMDZnc1Zpb1dUVkRYeXNkNQpxRXg0dDZzSWdJY01tMjZZSDF2SnBDUUVoS3BjMnkwN2dSa2tsQlpSdE1qVGh2NGNYeXlNWDd1VGNkVDdBSkJQCnVlaWZDb1YyNUp4WHVvOGQ1MTM5Z3dQMUJBZTdJQlZQeDJ1N0tOL1V5T1hkWm13TWYvVG1GR3dEZENmc3lIZi8KWnNCMndMSG96VFlvQVZtUTlGb1UxSkxnY1ZpdnFKK3ZObEJoSFhobHhNZE4wajgwUjlOejZFSWdsUWplSzNPOApJL2NGR20vQjgrNDJoT2xDSWQ5WmR0bmRKY1JKVmppMHdEMHF3ZXZDYWZBOWpKbEh2L2pzRStJOVV6NmNwQ3loCnN3K2xyRmR4VWdxVTU4YXhxZUs4OUZSK05vNHEwSUlPK0ppMXJKS3I5bmtTQjBCcVhvelZuRTFZQi9LTHZkSXMKdVlaSnVxYjJwS2t1K3p6VDZnVXdIVVRadkJpTk90WEw0Tnh3Yy9LVDdXek9TZDJ3UDEwUUk4REtnNHZmaU5EcwpIV21CMWM0S2ppNmdPZ0E1dVNVemFHbXEvdjRWbmNLNVVyK245TGJmbmZMYzI4SjVmdC9Hb3Rpbk15RGszaWFyCkYxMFlscWNPbWVYMXVGbUtiZGkvWG9yR2xrQ29NRjNURHg4cm1wOURCaUIvCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0="
},
"WhereToSaveSecrets": "Alex"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is Alex a directory? I'm not sure what this argument means

Also, why not use the standard Alice, Bob, Carol, Dave,... for names?

},
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJvVENDQVVlZ0F3SUJBZ0lRVkNTcndsY1hnWnJrTWRzbFYwamk1VEFLQmdncWhrak9QUVFEQWpBU01SQXcKRGdZRFZRUUtFd2QwYzNOamIyMXRNQ0FYRFRJME1Ea3lNakEzTVRjeU1sb1lEekl3TmpReE1ESXlNRGN4TnpJeQpXakFTTVJBd0RnWURWUVFLRXdkMGMzTmpiMjF0TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFCkhXd3B0YWk2WGRidW5JSmR2cUc2QTZMU3pTSFZRSkNoYWU3ZkNLNnR3ZlhvSFdMVE1jeklaa2RzMTZHZnh3Sy8KY1JFbUM4Y2JsYytsREFFcVIzR0UzcU45TUhzd0RnWURWUjBQQVFIL0JBUURBZ0tFTUIwR0ExVWRKUVFXTUJRRwpDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlRMCmtJSU95R2p4bGNIaHRnbWFxNm9PZS92WmhEQWFCZ05WSFJFRUV6QVJnZ2xzYjJOaGJHaHZjM1NIQkg4QUFBRXcKQ2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnUkVUSEhyZXNhRndoOW1udm9UZWNlNGFoWGJBWnFnSmFwVWdDSTF0YgovTXNDSVFDTVM4M25hRGNTL2lNVkc2Y3pqT3JiQnkyT3ZITnc5YUhDSm04V29MUWhDZz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"WhereToSaveSecrets": "Sierra"
},
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJvVENDQVVpZ0F3SUJBZ0lSQUlxZ2NqN29zeWg3Y0VZb1RtdTB4cTB3Q2dZSUtvWkl6ajBFQXdJd0VqRVEKTUE0R0ExVUVDaE1IZEhOelkyOXRiVEFnRncweU5EQTVNakl3TnpFM01qSmFHQTh5TURZME1UQXlNakEzTVRjeQpNbG93RWpFUU1BNEdBMVVFQ2hNSGRITnpZMjl0YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBCkJFOFQvanhieEVHZHFDQnFDNUQ4RDBPa0NXeSthMHJqQVUxRHJaYmxyWVFlUktYbHdLWXdGa2pOVjZNVlBROUIKbjFtcG9hNitIMmhJRnZudnNEdjAyVFdqZlRCN01BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVQpCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVCkpya1E4ZzA4WDVFcGI4T1JsalUyb2l0WTJMd3dHZ1lEVlIwUkJCTXdFWUlKYkc5allXeG9iM04waHdSL0FBQUIKTUFvR0NDcUdTTTQ5QkFNQ0EwY0FNRVFDSUJ1VnA3VE9xZXBlOEpvSnZxQTk2bnFIYzVHME9ucHZQa0t6dzJucgo2d3ExQWlCSXlJaHlpL0xVK1RWUDd3Z2JJVXpjMlJXeXZpSklDL0h0YW1ua3FxYWQ2QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"WhereToSaveSecrets": "Veronica"

},
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJvakNDQVVpZ0F3SUJBZ0lSQUxieVduSHQ2aHpRaDZMb2Q5bzBQemt3Q2dZSUtvWkl6ajBFQXdJd0VqRVEKTUE0R0ExVUVDaE1IZEhOelkyOXRiVEFnRncweU5EQTVNakl3TnpFM01qSmFHQTh5TURZME1UQXlNakEzTVRjeQpNbG93RWpFUU1BNEdBMVVFQ2hNSGRITnpZMjl0YlRCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBCkJGTk9sRHkvRS8wOERtRHdzMVVwaVh5TGV3UkJBUEYvUXRQbm5GR0dvcS9aeFNtZDM2U08vNGs0TnRkWFFKdkEKS05SOVpZNklmclRYUDloNTZOWVlLSTJqZlRCN01BNEdBMVVkRHdFQi93UUVBd0lDaERBZEJnTlZIU1VFRmpBVQpCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVClF4R3ZBOHVNTjF5NUFRRGMweTc2QjMrQ256OHdHZ1lEVlIwUkJCTXdFWUlKYkc5allXeG9iM04waHdSL0FBQUIKTUFvR0NDcUdTTTQ5QkFNQ0EwZ0FNRVVDSUdSUS9UdTRFQWtZRFhtWW5LeHRnR0JlQjhYT2ZIa2dOWGhGM1NXTApyRzQ2QWlFQXpHTzJlWklmenVlQytFQ05XWXBzdkFwK2F0emxXQlNkNmVUdDdKZGMwczQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"WhereToSaveSecrets": "Jameson"
},
{
"Identifier": {
"TlsX509":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJvakNDQVVlZ0F3SUJBZ0lRUXg2NUhRRjB0Q3I2VmxVWXo2VWEzekFLQmdncWhrak9QUVFEQWpBU01SQXcKRGdZRFZRUUtFd2QwYzNOamIyMXRNQ0FYRFRJME1Ea3lNakEzTVRjeU1sb1lEekl3TmpReE1ESXlNRGN4TnpJeQpXakFTTVJBd0RnWURWUVFLRXdkMGMzTmpiMjF0TUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFCit5ZlV2ZVBvMG1zZGxLS0FwcDM4TzR4ckJzRGN2cEFRblhmSUFDQk1ycjIzU056QnhFWVYwOGZYZ1Z2dXVGSkQKRTRRc29CRzdSb2lBZ3ZGWk5Rb055cU45TUhzd0RnWURWUjBQQVFIL0JBUURBZ0tFTUIwR0ExVWRKUVFXTUJRRwpDQ3NHQVFVRkJ3TUJCZ2dyQmdFRkJRY0RBakFQQmdOVkhSTUJBZjhFQlRBREFRSC9NQjBHQTFVZERnUVdCQlJMCnByNHdWZ0FEeVVNZXNiVVJFWWJ3N215bDB6QWFCZ05WSFJFRUV6QVJnZ2xzYjJOaGJHaHZjM1NIQkg4QUFBRXcKQ2dZSUtvWkl6ajBFQXdJRFNRQXdSZ0loQVBVejY3Q3lKb0lLclNDSlJQcCtNQktFWkkvUTFtK3JlS0RqYzNBVQpXZkhBQWlFQWxIOXpJZjNoZ2hBS3dCcCt1MlB6L05TLzZYSm96UGQ5ZFpnR1dqeHdSM2c9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K"
},
"WhereToSaveSecrets": "Riad"
}
]
}
Loading