diff --git a/crates/shared/src/constants.rs b/crates/shared/src/constants.rs index 0f529d822..4f77487be 100644 --- a/crates/shared/src/constants.rs +++ b/crates/shared/src/constants.rs @@ -31,8 +31,6 @@ lazy_static! { pub static ref DEVICE_KEY_CONFIG_TYPE: Vec = vec![123, 34, 36, 115, 99, 104, 101, 109, 97, 34, 58, 34, 104, 116, 116, 112, 58, 47, 47, 106, 115, 111, 110, 45, 115, 99, 104, 101, 109, 97, 46, 111, 114, 103, 47, 100, 114, 97, 102, 116, 45, 48, 55, 47, 115, 99, 104, 101, 109, 97, 35, 34, 44, 34, 116, 105, 116, 108, 101, 34, 58, 34, 85, 115, 101, 114, 67, 111, 110, 102, 105, 103, 34, 44, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 74, 83, 79, 78, 45, 100, 101, 115, 101, 114, 105, 97, 108, 105, 122, 97, 98, 108, 101, 32, 115, 116, 114, 117, 99, 116, 32, 116, 104, 97, 116, 32, 119, 105, 108, 108, 32, 98, 101, 32, 117, 115, 101, 100, 32, 116, 111, 32, 100, 101, 114, 105, 118, 101, 32, 116, 104, 101, 32, 112, 114, 111, 103, 114, 97, 109, 45, 74, 83, 79, 78, 32, 105, 110, 116, 101, 114, 102, 97, 99, 101, 46, 32, 78, 111, 116, 101, 32, 104, 111, 119, 32, 116, 104, 105, 115, 32, 117, 115, 101, 115, 32, 74, 83, 79, 78, 45, 110, 97, 116, 105, 118, 101, 32, 116, 121, 112, 101, 115, 32, 111, 110, 108, 121, 46, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 111, 98, 106, 101, 99, 116, 34, 44, 34, 112, 114, 111, 112, 101, 114, 116, 105, 101, 115, 34, 58, 123, 34, 101, 99, 100, 115, 97, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 99, 111, 109, 112, 114, 101, 115, 115, 101, 100, 32, 112, 111, 105, 110, 116, 32, 40, 51, 51, 45, 98, 121, 116, 101, 41, 32, 69, 67, 68, 83, 65, 32, 112, 117, 98, 108, 105, 99, 32, 107, 101, 121, 115, 44, 32, 40, 101, 103, 46, 32, 92, 34, 65, 53, 55, 50, 100, 113, 111, 117, 101, 53, 79, 121, 119, 89, 47, 52, 56, 100, 116, 121, 116, 81, 105, 109, 76, 57, 87, 79, 48, 100, 112, 83, 79, 98, 97, 70, 98, 65, 120, 111, 69, 87, 87, 57, 92, 34, 41, 34, 44, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 44, 34, 101, 100, 50, 53, 53, 49, 57, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 44, 34, 115, 114, 50, 53, 53, 49, 57, 95, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 91, 34, 97, 114, 114, 97, 121, 34, 44, 34, 110, 117, 108, 108, 34, 93, 44, 34, 105, 116, 101, 109, 115, 34, 58, 123, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 125, 125]; // Device key aux data struct seralized by generate types in programs repo pub static ref DEVICE_KEY_AUX_DATA_TYPE: Vec = vec![123, 34, 36, 115, 99, 104, 101, 109, 97, 34, 58, 34, 104, 116, 116, 112, 58, 47, 47, 106, 115, 111, 110, 45, 115, 99, 104, 101, 109, 97, 46, 111, 114, 103, 47, 100, 114, 97, 102, 116, 45, 48, 55, 47, 115, 99, 104, 101, 109, 97, 35, 34, 44, 34, 116, 105, 116, 108, 101, 34, 58, 34, 65, 117, 120, 68, 97, 116, 97, 34, 44, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 74, 83, 79, 78, 32, 114, 101, 112, 114, 101, 115, 101, 110, 116, 97, 116, 105, 111, 110, 32, 111, 102, 32, 116, 104, 101, 32, 97, 117, 120, 105, 108, 105, 97, 114, 121, 32, 100, 97, 116, 97, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 111, 98, 106, 101, 99, 116, 34, 44, 34, 114, 101, 113, 117, 105, 114, 101, 100, 34, 58, 91, 34, 99, 111, 110, 116, 101, 120, 116, 34, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 34, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 95, 116, 121, 112, 101, 34, 44, 34, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 93, 44, 34, 112, 114, 111, 112, 101, 114, 116, 105, 101, 115, 34, 58, 123, 34, 99, 111, 110, 116, 101, 120, 116, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 84, 104, 101, 32, 99, 111, 110, 116, 101, 120, 116, 32, 102, 111, 114, 32, 116, 104, 101, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 111, 110, 108, 121, 32, 110, 101, 101, 100, 101, 100, 32, 105, 110, 32, 115, 114, 50, 53, 53, 49, 57, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 32, 116, 121, 112, 101, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 112, 117, 98, 108, 105, 99, 32, 107, 101, 121, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 112, 117, 98, 108, 105, 99, 95, 107, 101, 121, 95, 116, 121, 112, 101, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 92, 34, 101, 99, 100, 115, 97, 92, 34, 44, 32, 92, 34, 101, 100, 50, 53, 53, 49, 57, 92, 34, 44, 32, 92, 34, 115, 114, 50, 53, 53, 49, 57, 92, 34, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 44, 34, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 58, 123, 34, 100, 101, 115, 99, 114, 105, 112, 116, 105, 111, 110, 34, 58, 34, 98, 97, 115, 101, 54, 52, 45, 101, 110, 99, 111, 100, 101, 100, 32, 115, 105, 103, 110, 97, 116, 117, 114, 101, 34, 44, 34, 116, 121, 112, 101, 34, 58, 34, 115, 116, 114, 105, 110, 103, 34, 125, 125, 125]; - // Network parent key - pub static ref NETWORK_PARENT_KEY: H256 = H256::zero(); } pub const SIGNING_PARTY_SIZE: usize = 2; @@ -61,3 +59,6 @@ pub const VERIFICATION_KEY_LENGTH: u32 = 33; /// `device_key_proxy.wasm` from the `programs` repo. pub const DEVICE_KEY_PROXY: &[u8] = include_bytes!("../device_key_proxy.wasm"); + +/// Network parent key specific size to fit into [u8; 32] to save extra code +pub const NETWORK_PARENT_KEY: &str = "NETWORK_PARENT_KEY_FOR_ENTROPY_"; diff --git a/crates/threshold-signature-server/src/helpers/launch.rs b/crates/threshold-signature-server/src/helpers/launch.rs index 09f4c754c..2ca7a9b42 100644 --- a/crates/threshold-signature-server/src/helpers/launch.rs +++ b/crates/threshold-signature-server/src/helpers/launch.rs @@ -22,6 +22,7 @@ use entropy_kvdb::{ encrypted_sled::PasswordMethod, kv_manager::{error::KvError, KvManager}, }; +use entropy_shared::NETWORK_PARENT_KEY; use serde::Deserialize; use serde_json::json; use subxt::ext::sp_core::{ @@ -49,8 +50,12 @@ pub const LATEST_BLOCK_NUMBER_PROACTIVE_REFRESH: &str = "LATEST_BLOCK_NUMBER_PRO #[cfg(any(test, feature = "test_helpers"))] pub const DEFAULT_ENDPOINT: &str = "ws://localhost:9944"; -pub const FORBIDDEN_KEYS: [&str; 3] = - [FORBIDDEN_KEY_MNEMONIC, FORBIDDEN_KEY_SHARED_SECRET, FORBIDDEN_KEY_DIFFIE_HELLMAN_PUBLIC]; +pub const FORBIDDEN_KEYS: [&str; 4] = [ + FORBIDDEN_KEY_MNEMONIC, + FORBIDDEN_KEY_SHARED_SECRET, + FORBIDDEN_KEY_DIFFIE_HELLMAN_PUBLIC, + NETWORK_PARENT_KEY, +]; pub const FORBIDDEN_KEY_MNEMONIC: &str = "MNEMONIC"; pub const FORBIDDEN_KEY_SHARED_SECRET: &str = "SHARED_SECRET"; diff --git a/crates/threshold-signature-server/src/user/api.rs b/crates/threshold-signature-server/src/user/api.rs index 35d2c6a6a..bc75bef38 100644 --- a/crates/threshold-signature-server/src/user/api.rs +++ b/crates/threshold-signature-server/src/user/api.rs @@ -140,7 +140,7 @@ pub async fn sign_tx( check_stale(user_sig_req.block_number, block_number).await?; // Probably impossible but block signing from parent key anyways - if user_sig_req.signature_verifying_key == NETWORK_PARENT_KEY.encode() { + if string_verifying_key == hex::encode(NETWORK_PARENT_KEY) { return Err(UserErr::NoSigningFromParentKey); } @@ -310,7 +310,7 @@ async fn setup_dkg( .await?; let verifying_key = key_share.verifying_key().to_encoded_point(true).as_bytes().to_vec(); let string_verifying_key = if sig_request_account == NETWORK_PARENT_KEY.encode() { - hex::encode(*NETWORK_PARENT_KEY) + hex::encode(NETWORK_PARENT_KEY) } else { hex::encode(verifying_key.clone()) } diff --git a/crates/threshold-signature-server/src/user/tests.rs b/crates/threshold-signature-server/src/user/tests.rs index 20917a591..dd3677dd3 100644 --- a/crates/threshold-signature-server/src/user/tests.rs +++ b/crates/threshold-signature-server/src/user/tests.rs @@ -340,7 +340,7 @@ async fn test_sign_tx_no_chain() { } generic_msg.block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number; - generic_msg.signature_verifying_key = NETWORK_PARENT_KEY.0.to_vec(); + generic_msg.signature_verifying_key = NETWORK_PARENT_KEY.as_bytes().to_vec(); let test_user_sign_with_parent_key = submit_transaction_requests( vec![validator_ips_and_keys[1].clone()], generic_msg.clone(), @@ -742,7 +742,7 @@ async fn test_jumpstart_network() { }, ]; let onchain_user_request = OcwMessageDkg { - sig_request_accounts: vec![H256::zero().encode()], + sig_request_accounts: vec![NETWORK_PARENT_KEY.encode()], block_number, validators_info, }; @@ -771,7 +771,7 @@ async fn test_jumpstart_network() { } } - let get_query = UnsafeQuery::new(hex::encode(H256::zero()), [].to_vec()).to_json(); + let get_query = UnsafeQuery::new(hex::encode(NETWORK_PARENT_KEY), [].to_vec()).to_json(); // check get key before registration to see if key gets replaced let response_key = client .post("http://127.0.0.1:3001/unsafe/get") diff --git a/pallets/registry/src/lib.rs b/pallets/registry/src/lib.rs index a40b55d41..a07205e76 100644 --- a/pallets/registry/src/lib.rs +++ b/pallets/registry/src/lib.rs @@ -286,7 +286,7 @@ pub mod pallet { }; // TODO (#923): Add checks for network state. Dkg::::try_mutate(current_block_number, |messages| -> Result<_, DispatchError> { - messages.push(NETWORK_PARENT_KEY.clone().encode()); + messages.push(NETWORK_PARENT_KEY.encode()); Ok(()) })?; JumpStartProgress::::put(JumpStartDetails { diff --git a/pallets/registry/src/tests.rs b/pallets/registry/src/tests.rs index e4dc7ba2a..76cb960da 100644 --- a/pallets/registry/src/tests.rs +++ b/pallets/registry/src/tests.rs @@ -14,7 +14,7 @@ // along with this program. If not, see . use codec::Encode; -use entropy_shared::VERIFICATION_KEY_LENGTH; +use entropy_shared::{KeyVisibility, NETWORK_PARENT_KEY, VERIFICATION_KEY_LENGTH}; use frame_support::{ assert_noop, assert_ok, dispatch::{GetDispatchInfo, Pays}, @@ -98,7 +98,7 @@ fn it_jumps_the_network() { assert_ok!(Registry::jump_start_network(RuntimeOrigin::signed(1))); assert_eq!( Registry::dkg(0), - vec![H256::zero().encode()], + vec![NETWORK_PARENT_KEY.encode()], "ensures a dkg message for the jump start network is prepped" ); assert_eq!(