Merge branch 'master' into Migrate-to-Threshold

crates/shared/src/constants.rs

@@ -31,8 +31,6 @@ lazy_static! {
     pub static ref DEVICE_KEY_CONFIG_TYPE: Vec<u8> = vec![123, 34, 36, 115, 99, 104, 101, 109, 97, 34, 58, 34, 104, 116, 116, 112, 58, 47, 47, 106, 115, 111, 110, 45, 115, 99, 104, 101, 109, 97, 46, 111, 114, 103, 47, 100, 114, 97, 102, 116, 45, 48, 55, 47, 115, 99, 104, 101, 109, 97, 35, 34, 44, 34, 116, 105, 116, 108, 101, 34, 58, 34, 85, 115, 101, 114, 67, 111, 110, 102, 105, 103, 34, 44, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 74, 83, 79, 78, 45, 100, 101, 115, 101, 114, 105, 97, 108, 105, 122, 97, 98, 108, 101, 32, 115, 116, 114, 117, 99, 116, 32, 116, 104, 97, 116, 32, 119, 105, 108, 108, 32, 98, 101, 32, 117, 115, 101, 100, 32, 116, 111, 32, 100, 101, 114, 105, 118, 101, 32, 116, 104, 101, 32, 112, 114, 111, 103, 114, 97, 109, 45, 74, 83, 79, 78, 32, 105, 110, 116, 101, 114, 102, 97, 99, 101, 46, 32, 78, 111, 116, 101, 32, 104, 111, 119, 32, 116, 104, 105, 115, 32, 117, 115, 101, 115, 32, 74, 83, 79, 78, 45, 110, 97, 116, 105, 118, 101, 32, 116, 121, 112, 101, 115, 32, 111, 110, 108, 121, 46, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 111, 98, 106, 101, 99, 116, 34, 44, 34, 112, 114, 111, 112, 101, 114, 116, 105, 101, 115, 34, 58, 123, 34, 101, 99, 100, 115, 97, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 99, 111, 109, 112, 114, 101, 115, 115, 101, 100, 32, 112, 111, 105, 110, 116, 32, 40, 51, 51, 45, 98, 121, 116, 101, 41, 32, 69, 67, 68, 83, 65, 32, 112, 117, 98, 108, 105, 99, 32, 107, 101, 121, 115, 44, 32, 40, 101, 103, 46, 32, 92, 34, 65, 53, 55, 50, 100, 113, 111, 117, 101, 53, 79, 121, 119, 89, 47, 52, 56, 100, 116, 121, 116, 81, 105, 109, 76, 57, 87, 79, 48, 100, 112, 83, 79, 98, 97, 70, 98, 65, 120, 111, 69, 87, 87, 57, 92, 34, 41, 34, 44, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 44, 34, 101, 100, 50, 53, 53, 49, 57, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 44, 34, 115, 114, 50, 53, 53, 49, 57, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 125, 125];
     // Device key aux data struct seralized by generate types in programs repo
     pub static ref DEVICE_KEY_AUX_DATA_TYPE: Vec<u8> = vec![123, 34, 36, 115, 99, 104, 101, 109, 97, 34, 58, 34, 104, 116, 116, 112, 58, 47, 47, 106, 115, 111, 110, 45, 115, 99, 104, 101, 109, 97, 46, 111, 114, 103, 47, 100, 114, 97, 102, 116, 45, 48, 55, 47, 115, 99, 104, 101, 109, 97, 35, 34, 44, 34, 116, 105, 116, 108, 101, 34, 58, 34, 65, 117, 120, 68, 97, 116, 97, 34, 44, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 74, 83, 79, 78, 32, 114, 101, 112, 114, 101, 115, 101, 110, 116, 97, 116, 105, 111, 110, 32, 111, 102, 32, 116, 104, 101, 32, 97, 117, 120, 105, 108, 105, 97, 114, 121, 32, 100, 97, 116, 97, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 111, 98, 106, 101, 99, 116, 34, 44, 34, 114, 101, 113, 117, 105, 114, 101, 100, 34, 58, 91, 34, 99, 111, 110, 116, 101, 120, 116, 34, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 34, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 95, 116, 121, 112, 101, 34, 44, 34, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 93, 44, 34, 112, 114, 111, 112, 101, 114, 116, 105, 101, 115, 34, 58, 123, 34, 99, 111, 110, 116, 101, 120, 116, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 84, 104, 101, 32, 99, 111, 110, 116, 101, 120, 116, 32, 102, 111, 114, 32, 116, 104, 101, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 111, 110, 108, 121, 32, 110, 101, 101, 100, 101, 100, 32, 105, 110, 32, 115, 114, 50, 53, 53, 49, 57, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 116, 121, 112, 101, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 112, 117, 98, 108, 105, 99, 32, 107, 101, 121, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 95, 116, 121, 112, 101, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 92, 34, 101, 99, 100, 115, 97, 92, 34, 44, 32, 92, 34, 101, 100, 50, 53, 53, 49, 57, 92, 34, 44, 32, 92, 34, 115, 114, 50, 53, 53, 49, 57, 92, 34, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 125];
-    // Network parent key
-    pub static ref NETWORK_PARENT_KEY: H256 = H256::zero();
 }
 
 pub const SIGNING_PARTY_SIZE: usize = 2;
@@ -61,3 +59,6 @@ pub const VERIFICATION_KEY_LENGTH: u32 = 33;
 
 /// `device_key_proxy.wasm` from the `programs` repo.
 pub const DEVICE_KEY_PROXY: &[u8] = include_bytes!("../device_key_proxy.wasm");
+
+/// Network parent key specific size to fit into [u8; 32] to save extra code
+pub const NETWORK_PARENT_KEY: &str = "NETWORK_PARENT_KEY_FOR_ENTROPY_";

crates/threshold-signature-server/src/helpers/launch.rs

@@ -22,6 +22,7 @@ use entropy_kvdb::{
     encrypted_sled::PasswordMethod,
     kv_manager::{error::KvError, KvManager},
 };
+use entropy_shared::NETWORK_PARENT_KEY;
 use serde::Deserialize;
 use serde_json::json;
 use subxt::ext::sp_core::{
@@ -49,8 +50,12 @@ pub const LATEST_BLOCK_NUMBER_PROACTIVE_REFRESH: &str = "LATEST_BLOCK_NUMBER_PRO
 #[cfg(any(test, feature = "test_helpers"))]
 pub const DEFAULT_ENDPOINT: &str = "ws://localhost:9944";
 
-pub const FORBIDDEN_KEYS: [&str; 3] =
-    [FORBIDDEN_KEY_MNEMONIC, FORBIDDEN_KEY_SHARED_SECRET, FORBIDDEN_KEY_DIFFIE_HELLMAN_PUBLIC];
+pub const FORBIDDEN_KEYS: [&str; 4] = [
+    FORBIDDEN_KEY_MNEMONIC,
+    FORBIDDEN_KEY_SHARED_SECRET,
+    FORBIDDEN_KEY_DIFFIE_HELLMAN_PUBLIC,
+    NETWORK_PARENT_KEY,
+];
 
 pub const FORBIDDEN_KEY_MNEMONIC: &str = "MNEMONIC";
 pub const FORBIDDEN_KEY_SHARED_SECRET: &str = "SHARED_SECRET";

crates/threshold-signature-server/src/user/api.rs

@@ -140,7 +140,7 @@ pub async fn sign_tx(
 
     check_stale(user_sig_req.block_number, block_number).await?;
     // Probably impossible but block signing from parent key anyways
-    if user_sig_req.signature_verifying_key == NETWORK_PARENT_KEY.encode() {
+    if string_verifying_key == hex::encode(NETWORK_PARENT_KEY) {
         return Err(UserErr::NoSigningFromParentKey);
     }
 
@@ -318,7 +318,7 @@ async fn setup_dkg(
         .await?;
         let verifying_key = key_share.verifying_key().to_encoded_point(true).as_bytes().to_vec();
         let string_verifying_key = if sig_request_account == NETWORK_PARENT_KEY.encode() {
-            hex::encode(*NETWORK_PARENT_KEY)
+            hex::encode(NETWORK_PARENT_KEY)
         } else {
             hex::encode(verifying_key.clone())
         }

crates/threshold-signature-server/src/user/tests.rs

@@ -340,7 +340,7 @@ async fn test_sign_tx_no_chain() {
     }
 
     generic_msg.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number;
-    generic_msg.signature_verifying_key = NETWORK_PARENT_KEY.0.to_vec();
+    generic_msg.signature_verifying_key = NETWORK_PARENT_KEY.as_bytes().to_vec();
     let test_user_sign_with_parent_key = submit_transaction_requests(
         vec![validator_ips_and_keys[1].clone()],
         generic_msg.clone(),
@@ -743,7 +743,7 @@ async fn test_jumpstart_network() {
         },
     ];
     let onchain_user_request = OcwMessageDkg {
-        sig_request_accounts: vec![H256::zero().encode()],
+        sig_request_accounts: vec![NETWORK_PARENT_KEY.encode()],
         block_number,
         validators_info,
     };
@@ -772,7 +772,7 @@ async fn test_jumpstart_network() {
         }
     }
 
-    let get_query = UnsafeQuery::new(hex::encode(H256::zero()), [].to_vec()).to_json();
+    let get_query = UnsafeQuery::new(hex::encode(NETWORK_PARENT_KEY), [].to_vec()).to_json();
     // check get key before registration to see if key gets replaced
     let response_key = client
         .post("http://127.0.0.1:3001/unsafe/get")

pallets/registry/src/lib.rs

@@ -277,7 +277,7 @@ pub mod pallet {
             };
             // TODO (#923): Add checks for network state.
             Dkg::<T>::try_mutate(current_block_number, |messages| -> Result<_, DispatchError> {
-                messages.push(NETWORK_PARENT_KEY.clone().encode());
+                messages.push(NETWORK_PARENT_KEY.encode());
                 Ok(())
             })?;
             JumpStartProgress::<T>::put(JumpStartDetails {

pallets/registry/src/tests.rs

@@ -14,7 +14,7 @@
 // along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 use codec::Encode;
-use entropy_shared::VERIFICATION_KEY_LENGTH;
+use entropy_shared::{KeyVisibility, NETWORK_PARENT_KEY, VERIFICATION_KEY_LENGTH};
 use frame_support::{
     assert_noop, assert_ok,
     dispatch::{GetDispatchInfo, Pays},
@@ -98,7 +98,7 @@ fn it_jumps_the_network() {
         assert_ok!(Registry::jump_start_network(RuntimeOrigin::signed(1)));
         assert_eq!(
             Registry::dkg(0),
-            vec![H256::zero().encode()],
+            vec![NETWORK_PARENT_KEY.encode()],
             "ensures a dkg message for the jump start network is prepped"
         );
         assert_eq!(