Merge branch 'master' of github.com:entropyxyz/entropy-core into add-…

…oracle-data-to-store-program
entropyxyz · Dec 19, 2024 · cfc2407 · cfc2407
2 parents 67f3f1d + 1c1bc75
commit cfc2407
Show file tree

Hide file tree

Showing 57 changed files with 881 additions and 694 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -24,18 +24,28 @@ At the moment this project **does not** adhere to
 - In [#1153](https://github.com/entropyxyz/entropy-core/pull/1153/) the program runtime was updated to accept
 multiple oracle inputs, this means any programs that were compiled and used need to be recompiled to the new
 runtime
+- In [#1128](https://github.com/entropyxyz/entropy-core/pull/1128) mnemonics can no longer be passed
+  in to `entropy-tss` via the `--mnemonic` command line argument, a file, or an environment variable.
+  Instead they are randomly generated internally and can be retrieved with the `/info` HTTP route.
 - In [#1179](https://github.com/entropyxyz/entropy-core/pull/1179) the format of TDX Quote input data has
   been changed.
 - In [#1147](https://github.com/entropyxyz/entropy-core/pull/1147) a field is added to the
   chainspec: `jump_started_signers` which allows the chain to be started in a pre-jumpstarted state
   for testing. If this is not desired it should be set to `None`.
+- In [#1209](https://github.com/entropyxyz/entropy-core/pull/1209) the `validate` and `change_threshold_accounts`
+  extrinsics no longer take a PCK certificate chain. Rather, the certificate chain is extracted from the
+  provided quote. The test CLI `change-threshold-accounts` command also no longer takes a PCK
+  certificate chain.
 
 ### Added
+- In [#1128](https://github.com/entropyxyz/entropy-core/pull/1128) an `/info` route was added to `entropy-tss`
+  which can be used to get the TSS account ID and x25519 public key.
 - Protocol message versioning ([#1140](https://github.com/entropyxyz/entropy-core/pull/1140))
 - CLI command to get oracle headings ([#1170](https://github.com/entropyxyz/entropy-core/pull/1170))
 - Add TSS endpoint to get TDX quote ([#1173](https://github.com/entropyxyz/entropy-core/pull/1173))
 - Add TDX test network chainspec ([#1204](https://github.com/entropyxyz/entropy-core/pull/1204))
 - Test CLI command to retrieve quote and change endpoint / TSS account in one command ([#1198](https://github.com/entropyxyz/entropy-core/pull/1198))
+- On-chain unresponsiveness reporting [(#1215)](https://github.com/entropyxyz/entropy-core/pull/1215)
 
 ### Changed
 - Use correct key rotation endpoint in OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104))
@@ -46,6 +56,7 @@ runtime
 - Update programs to accept multiple oracle data ([#1153](https://github.com/entropyxyz/entropy-core/pull/1153/))
 - Use context, not block number in TDX quote input data ([#1179](https://github.com/entropyxyz/entropy-core/pull/1179))
 - Allow offchain worker requests to all TSS nodes in entropy-tss test environment ([#1147](https://github.com/entropyxyz/entropy-core/pull/1147))
+- Extract PCK certificate chain from quotes ([#1209](https://github.com/entropyxyz/entropy-core/pull/1209))
 
 ### Fixed
 

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/client/Cargo.toml b/crates/client/Cargo.toml
@@ -14,7 +14,7 @@ serde         ={ version="1.0", default-features=false, features=["derive"] }
 entropy-shared={ version="0.3.0", path="../shared", default-features=false }
 subxt         ={ version="0.35.3", default-features=false, features=["jsonrpsee"] }
 num           ="0.4.3"
-thiserror     ="2.0.7"
+thiserror     ="2.0.8"
 futures       ="0.3"
 sp-core       ={ version="31.0.0", default-features=false, features=["full_crypto", "serde"] }
 tracing       ="0.1.41"
@@ -38,10 +38,12 @@ js-sys={ version="0.3.74", optional=true }
 tokio ={ version="1.42", features=["time"] }
 
 [dev-dependencies]
-serial_test          ="3.2.0"
-sp-keyring           ="34.0.0"
+serial_test="3.2.0"
+sp-keyring="34.0.0"
 entropy-testing-utils={ path="../testing-utils" }
-tdx-quote            ={ version="0.0.1", features=["mock"] }
+tdx-quote={ git="https://github.com/entropyxyz/tdx-quote.git", rev="67a9d011809d0c9109d1ac42aeb809a84b663be6", features=[
+  "mock",
+] }
 
 [features]
 default=["native", "full-client-native"]

diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale
diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs
@@ -372,7 +372,6 @@ pub async fn get_quote_and_change_threshold_accounts(
     validator_keypair: sr25519::Pair,
     new_tss_account: SubxtAccountId32,
     new_x25519_public_key: [u8; 32],
-    new_pck_certificate_chain: Vec<Vec<u8>>,
 ) -> Result<ThresholdAccountChanged, ClientError> {
     let quote = get_tdx_quote_with_validator_id(
         api,
@@ -387,7 +386,6 @@ pub async fn get_quote_and_change_threshold_accounts(
         validator_keypair,
         new_tss_account,
         new_x25519_public_key,
-        new_pck_certificate_chain,
         quote,
     )
     .await
@@ -400,13 +398,11 @@ pub async fn change_threshold_accounts(
     validator_keypair: sr25519::Pair,
     new_tss_account: SubxtAccountId32,
     new_x25519_public_key: [u8; 32],
-    new_pck_certificate_chain: Vec<Vec<u8>>,
     quote: Vec<u8>,
 ) -> Result<ThresholdAccountChanged, ClientError> {
     let change_threshold_accounts = entropy::tx().staking_extension().change_threshold_accounts(
         new_tss_account,
         new_x25519_public_key,
-        new_pck_certificate_chain,
         quote,
     );
     let in_block = submit_transaction_with_pair(

diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs
@@ -59,8 +59,11 @@ async fn test_change_endpoint() {
 
         let mut pck_seeder = StdRng::from_seed(public_key.0);
         let pck = tdx_quote::SigningKey::random(&mut pck_seeder);
+        let pck_encoded = tdx_quote::encode_verifying_key(pck.verifying_key()).unwrap().to_vec();
 
-        tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0).as_bytes().to_vec()
+        tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0, pck_encoded)
+            .as_bytes()
+            .to_vec()
     };
 
     let result =
@@ -116,14 +119,12 @@ async fn test_change_threshold_accounts() {
     let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer()).await.unwrap();
     let nonce: [u8; 32] = nonce.try_into().unwrap();
 
-    let mut pck_seeder = StdRng::from_seed(tss_public_key.0.clone());
-    let pck = tdx_quote::SigningKey::random(&mut pck_seeder);
-    let encoded_pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec();
-
     // Our runtime is using the mock `PckCertChainVerifier`, which means that the expected
     // "certificate" basically is just our TSS account ID. This account needs to match the one
     // used to sign the following `quote`.
-    let pck_certificate_chain = vec![tss_public_key.0.to_vec()];
+    let mut pck_seeder = StdRng::from_seed(tss_public_key.0.clone());
+    let pck = tdx_quote::SigningKey::random(&mut pck_seeder);
+    let encoded_pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec();
 
     let quote = {
         let input_data = entropy_shared::QuoteInputData::new(
@@ -134,7 +135,10 @@ async fn test_change_threshold_accounts() {
         );
 
         let signing_key = tdx_quote::SigningKey::random(&mut OsRng);
-        tdx_quote::Quote::mock(signing_key.clone(), pck.clone(), input_data.0).as_bytes().to_vec()
+
+        tdx_quote::Quote::mock(signing_key.clone(), pck.clone(), input_data.0, encoded_pck.clone())
+            .as_bytes()
+            .to_vec()
     };
 
     let result = change_threshold_accounts(
@@ -143,7 +147,6 @@ async fn test_change_threshold_accounts() {
         one.into(),
         tss_public_key.into(),
         *x25519_public_key.as_bytes(),
-        pck_certificate_chain,
         quote,
     )
     .await

diff --git a/crates/kvdb/Cargo.toml b/crates/kvdb/Cargo.toml
@@ -12,7 +12,7 @@ edition    ='2021'
 # Common
 rand     ={ version="0.8", default-features=false }
 serde    ={ version="1.0", features=["derive"] }
-thiserror="2.0.7"
+thiserror="2.0.8"
 hex      ="0.4.3"
 
 # Substrate

diff --git a/crates/protocol/Cargo.toml b/crates/protocol/Cargo.toml
@@ -20,7 +20,7 @@ x25519-dalek       ={ version="2.0.1", features=["static_secrets"] }
 futures            ="0.3"
 hex                ="0.4.3"
 blake2             ="0.10.4"
-thiserror          ="2.0.7"
+thiserror          ="2.0.8"
 snow               ="0.9.6"
 getrandom          ={ version="0.2", features=["js"] }
 rand_core          ={ version="0.6.4", features=["getrandom"] }
@@ -35,7 +35,7 @@ num                ="0.4.3"
 
 # Used only with the `server` feature to implement the WsConnection trait
 axum             ={ version="0.7.9", features=["ws"], optional=true }
-tokio-tungstenite={ version="0.24.0", optional=true }
+tokio-tungstenite={ version="0.26.0", optional=true }
 
 # Used only with the `wasm` feature
 gloo-net            ={ version="0.6.0", default-features=false, features=["websocket"], optional=true }