Store full BIP-32 derivation path on-chain

entropyxyz · Aug 12, 2024 · 80e315f · 80e315f
1 parent 95416f8
commit 80e315f
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 13 deletions.
diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale
diff --git a/crates/threshold-signature-server/src/helpers/signing.rs b/crates/threshold-signature-server/src/helpers/signing.rs
@@ -45,7 +45,7 @@ pub async fn do_signing(
     app_state: &AppState,
     signing_session_info: SigningSessionInfo,
     request_limit: u32,
-    derivation_path: Option<String>,
+    derivation_path: Option<bip32::DerivationPath>,
 ) -> Result<RecoverableSignature, ProtocolErr> {
     tracing::debug!("Preparing to perform signing");
 

diff --git a/crates/threshold-signature-server/src/signing_client/protocol_execution/mod.rs b/crates/threshold-signature-server/src/signing_client/protocol_execution/mod.rs
@@ -66,7 +66,7 @@ impl<'a> ThresholdSigningService<'a> {
     pub async fn get_sign_context(
         &self,
         sign_init: SignInit,
-        derivation_path: Option<String>,
+        derivation_path: Option<bip32::DerivationPath>,
     ) -> Result<SignContext, ProtocolErr> {
         tracing::debug!("Getting signing context");
 
@@ -86,7 +86,6 @@ impl<'a> ThresholdSigningService<'a> {
             .ok_or_else(|| ProtocolErr::Deserialization("Failed to load KeyShare".into()))?;
 
         let key_share = if let Some(path) = derivation_path {
-            let path = path.parse()?;
             key_share.derive_bip32(&path)?
         } else {
             key_share

diff --git a/crates/threshold-signature-server/src/user/api.rs b/crates/threshold-signature-server/src/user/api.rs
@@ -161,7 +161,7 @@ pub async fn sign_tx(
         return Err(UserErr::NoProgramPointerDefined());
     }
 
-    // handle aux data padding, if it is not explicit by client for ease send through None, error
+    // Handle aux data padding, if it is not explicit by client for ease send through None, error
     // if incorrect length
     let auxilary_data_vec;
     if let Some(auxilary_data) = user_sig_req.clone().auxilary_data {
@@ -219,8 +219,14 @@ pub async fn sign_tx(
         let _has_key = check_for_key(&string_verifying_key, &app_state.kv_store).await?;
     }
 
-    // TODO (Nando): We're hardcoding this for now since we know the path used on-chain
-    let derivation_path = user_details.derivation_path.map(|count| format!("m/0/{}", count));
+    let derivation_path = if let Some(path) = user_details.derivation_path {
+        let decoded_path = String::decode(&mut path.as_ref())?;
+        let path = bip32::DerivationPath::from_str(&decoded_path)?;
+
+        Some(path)
+    } else {
+        None
+    };
 
     let (mut response_tx, response_rx) = mpsc::channel(1);
 

diff --git a/crates/threshold-signature-server/src/user/errors.rs b/crates/threshold-signature-server/src/user/errors.rs
@@ -167,6 +167,8 @@ pub enum UserErr {
     SubgroupGet(#[from] entropy_client::user::SubgroupGetError),
     #[error("Unknown hashing algorthim - user is using a newer version than us")]
     UnknownHashingAlgorithm,
+    #[error("Failed to derive BIP-32 account: {0}")]
+    Bip32DerivationError(#[from] bip32::Error),
 }
 
 impl From<hkdf::InvalidLength> for UserErr {

diff --git a/pallets/registry/src/lib.rs b/pallets/registry/src/lib.rs
@@ -119,9 +119,8 @@ pub mod pallet {
     pub struct RegisteredInfo<T: Config> {
         pub programs_data: BoundedVec<ProgramInstance<T>, T::MaxProgramHashes>,
         pub program_modification_account: T::AccountId,
-        /// TODO (Nando): We're just going to store the `count` for now, but we should consider
-        /// storing the full derivation path here in the future (as a `Vec<u8>`).
-        pub derivation_path: Option<u32>,
+        /// The SCALE encoded BIP-32 `DerivationPath` used to register this account.
+        pub derivation_path: Option<Vec<u8>>,
         pub version_number: u8,
     }
 
@@ -756,9 +755,9 @@ pub mod pallet {
             // For a V1 of this flow it's fine, but we'll need to think about a better solution
             // down the line.
             let count = RegisteredOnChain::<T>::count();
-            let path =
-                bip32::DerivationPath::from_str(&scale_info::prelude::format!("m/0/{}", count))
-                    .map_err(|_| Error::<T>::InvalidBip32DerivationPath)?;
+            let inner_path = scale_info::prelude::format!("m/0/{}", count);
+            let path = bip32::DerivationPath::from_str(&inner_path)
+                .map_err(|_| Error::<T>::InvalidBip32DerivationPath)?;
             let child_verifying_key = network_verifying_key
                 .derive_verifying_key_bip32(&path)
                 .map_err(|_| Error::<T>::Bip32AccountDerivationFailed)?;
@@ -773,8 +772,8 @@ pub mod pallet {
                 RegisteredInfo {
                     programs_data,
                     program_modification_account: program_modification_account.clone(),
+                    derivation_path: Some(inner_path.encode()),
                     version_number: T::KeyVersionNumber::get(),
-                    derivation_path: Some(count),
                 },
             );