From fe47faa40fa0a466838f03e4803f8d8429c3e909 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 21 Oct 2024 16:05:46 -0400 Subject: [PATCH 01/31] Add quote guard to `change_endpoint` extrinsic --- pallets/staking/src/lib.rs | 33 +++++++++++++++++++++++++-- pallets/staking/src/mock.rs | 2 +- pallets/staking/src/tests.rs | 44 ++++++++++++++++++++++++++++++++---- 3 files changed, 71 insertions(+), 8 deletions(-) diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index fab92e76e..7ba1cfe1b 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -356,9 +356,22 @@ pub mod pallet { impl Pallet { /// Allows a validator to change their endpoint so signers can find them when they are coms /// manager `endpoint`: nodes's endpoint + /// + /// # Expects TDX Quote + /// + /// A valid TDX quote must be passed along in order to ensure that the validator is running + /// TDX hardware. In order for the chain to be aware that a quote is expected from the + /// validator `pallet_attestation::request_attestation()` must be called first. + /// + /// The quote format is specified in: + /// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf #[pallet::call_index(0)] #[pallet::weight(::WeightInfo::change_endpoint())] - pub fn change_endpoint(origin: OriginFor, endpoint: Vec) -> DispatchResult { + pub fn change_endpoint( + origin: OriginFor, + endpoint: Vec, + quote: Vec, + ) -> DispatchResult { let who = ensure_signed(origin)?; ensure!( endpoint.len() as u32 <= T::MaxEndpointLength::get(), @@ -372,12 +385,26 @@ pub mod pallet { ThresholdServers::::try_mutate(&validator_id, |maybe_server_info| { if let Some(server_info) = maybe_server_info { + // Before we modify the `server_info`, we want to check that the validator is + // still running TDX hardware. + ensure!( + >::verify_quote( + &server_info.tss_account.clone(), + server_info.x25519_public_key, + server_info.provisioning_certification_key.clone(), + quote + ) + .is_ok(), + Error::::FailedAttestationCheck + ); + server_info.endpoint.clone_from(&endpoint); Ok(()) } else { Err(Error::::NoBond) } })?; + Self::deposit_event(Event::EndpointChanged(who, endpoint)); Ok(()) } @@ -498,9 +525,11 @@ pub mod pallet { /// Wrap's Substrate's `staking_pallet::validate()` extrinsic, but enforces that /// information about a validator's threshold server is provided. /// + /// # Expects TDX Quote + /// /// A valid TDX quote must be passed along in order to ensure that the validator candidate /// is running TDX hardware. In order for the chain to be aware that a quote is expected - /// from the candidate, `pallet_attestation::request_attestation()` must be called first. + /// from the candidate `pallet_attestation::request_attestation()` must be called first. /// /// The quote format is specified in: /// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf diff --git a/pallets/staking/src/mock.rs b/pallets/staking/src/mock.rs index 6c593d622..58898d137 100644 --- a/pallets/staking/src/mock.rs +++ b/pallets/staking/src/mock.rs @@ -385,7 +385,7 @@ impl pallet_parameters::Config for Test { } parameter_types! { - pub const MaxEndpointLength: u32 = 3; + pub const MaxEndpointLength: u32 = 25; } pub(crate) const VALID_QUOTE: [u8; 32] = [0; 32]; diff --git a/pallets/staking/src/tests.rs b/pallets/staking/src/tests.rs index c753ffc59..52a8858e7 100644 --- a/pallets/staking/src/tests.rs +++ b/pallets/staking/src/tests.rs @@ -84,7 +84,7 @@ fn it_takes_in_an_endpoint() { let server_info = ServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, - endpoint: vec![20, 20, 20, 20], + endpoint: [20; (crate::tests::MaxEndpointLength::get() + 1) as usize].to_vec(), provisioning_certification_key: BoundedVec::with_max_capacity(), }; assert_noop!( @@ -158,6 +158,8 @@ fn it_will_not_allow_validator_to_use_existing_tss_account() { #[test] fn it_changes_endpoint() { new_test_ext().execute_with(|| { + let endpoint = b"http://localhost:3001".to_vec(); + assert_ok!(FrameStaking::bond( RuntimeOrigin::signed(1), 100u64, @@ -167,7 +169,7 @@ fn it_changes_endpoint() { let server_info = ServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, - endpoint: vec![20], + endpoint: endpoint.clone(), provisioning_certification_key: BoundedVec::with_max_capacity(), }; assert_ok!(Staking::validate( @@ -177,16 +179,48 @@ fn it_changes_endpoint() { VALID_QUOTE.to_vec(), )); - assert_ok!(Staking::change_endpoint(RuntimeOrigin::signed(1), vec![30])); - assert_eq!(Staking::threshold_server(1).unwrap().endpoint, vec![30]); + assert_ok!(Staking::change_endpoint(RuntimeOrigin::signed(1), endpoint.clone(), VALID_QUOTE.to_vec())); + assert_eq!(Staking::threshold_server(1).unwrap().endpoint, endpoint); assert_noop!( - Staking::change_endpoint(RuntimeOrigin::signed(3), vec![30]), + Staking::change_endpoint(RuntimeOrigin::signed(3), endpoint, VALID_QUOTE.to_vec()), Error::::NoBond ); }); } +#[test] +fn it_doesnt_change_endpoint_with_invalid_quote() { + new_test_ext().execute_with(|| { + let endpoint = b"http://localhost:3001".to_vec(); + + assert_ok!(FrameStaking::bond( + RuntimeOrigin::signed(1), + 100u64, + pallet_staking::RewardDestination::Account(1), + )); + + let server_info = ServerInfo { + tss_account: 3, + x25519_public_key: NULL_ARR, + endpoint: endpoint.clone(), + provisioning_certification_key: BoundedVec::with_max_capacity(), + }; + + assert_ok!(Staking::validate( + RuntimeOrigin::signed(1), + pallet_staking::ValidatorPrefs::default(), + server_info.clone(), + VALID_QUOTE.to_vec(), + )); + + assert_noop!( + Staking::change_endpoint(RuntimeOrigin::signed(1), endpoint, INVALID_QUOTE.to_vec()), + Error::::FailedAttestationCheck + ); + }) +} + #[test] fn it_changes_threshold_account() { new_test_ext().execute_with(|| { From 6c1843445b744d988de8ab22cea734016a8c93d5 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 21 Oct 2024 16:19:16 -0400 Subject: [PATCH 02/31] Add quote guard to `change_threshold_accounts` extrinsic --- pallets/staking/src/lib.rs | 41 +++++++++++++++++--- pallets/staking/src/tests.rs | 75 +++++++++++++++++++++++++++++++++--- 2 files changed, 105 insertions(+), 11 deletions(-) diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 7ba1cfe1b..47f4eac3f 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -373,6 +373,7 @@ pub mod pallet { quote: Vec, ) -> DispatchResult { let who = ensure_signed(origin)?; + ensure!( endpoint.len() as u32 <= T::MaxEndpointLength::get(), Error::::EndpointTooLong @@ -399,6 +400,7 @@ pub mod pallet { ); server_info.endpoint.clone_from(&endpoint); + Ok(()) } else { Err(Error::::NoBond) @@ -409,21 +411,34 @@ pub mod pallet { Ok(()) } - /// Allows a validator to change their threshold key so can confirm done when coms manager - /// `new_account`: nodes's threshold account + /// Allows a validator to change their assocated threshold server AccountID and X25519 + /// public key. + /// + /// # Expects TDX Quote + /// + /// A valid TDX quote must be passed along in order to ensure that the validator is running + /// TDX hardware. In order for the chain to be aware that a quote is expected from the + /// validator `pallet_attestation::request_attestation()` must be called first. + /// + /// The **new** TSS AccountID must be used when requesting this quote. + /// + /// The quote format is specified in: + /// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf #[pallet::call_index(1)] #[pallet::weight(::WeightInfo::change_threshold_accounts(MAX_SIGNERS as u32))] pub fn change_threshold_accounts( origin: OriginFor, tss_account: T::AccountId, x25519_public_key: X25519PublicKey, + quote: Vec, ) -> DispatchResultWithPostInfo { + let who = ensure_signed(origin)?; + ensure!( !ThresholdToStash::::contains_key(&tss_account), Error::::TssAccountAlreadyExists ); - let who = ensure_signed(origin)?; let stash = Self::get_stash(&who)?; let validator_id = ::ValidatorId::try_from(stash) .or(Err(Error::::InvalidValidatorId))?; @@ -437,17 +452,33 @@ pub mod pallet { let new_server_info: ServerInfo = ThresholdServers::::try_mutate(&validator_id, |maybe_server_info| { if let Some(server_info) = maybe_server_info { + // Before we modify the `server_info`, we want to check that the validator is + // still running TDX hardware. + ensure!( + >::verify_quote( + &tss_account.clone(), + x25519_public_key, + server_info.provisioning_certification_key.clone(), + quote + ) + .is_ok(), + Error::::FailedAttestationCheck + ); + server_info.tss_account = tss_account.clone(); server_info.x25519_public_key = x25519_public_key; ThresholdToStash::::insert(&tss_account, &validator_id); + Ok(server_info.clone()) } else { Err(Error::::NoBond) } })?; + Self::deposit_event(Event::ThresholdAccountChanged(validator_id, new_server_info)); - Ok(Some(::WeightInfo::change_threshold_accounts(signers.len() as u32)) - .into()) + + let actual_weight = ::WeightInfo::change_threshold_accounts(signers.len() as u32); + Ok(Some(actual_weight).into()) } /// Wraps's Substrate's `unbond` extrinsic but checks to make sure targeted account is not a signer or next signer diff --git a/pallets/staking/src/tests.rs b/pallets/staking/src/tests.rs index 52a8858e7..0a410c7e4 100644 --- a/pallets/staking/src/tests.rs +++ b/pallets/staking/src/tests.rs @@ -179,7 +179,11 @@ fn it_changes_endpoint() { VALID_QUOTE.to_vec(), )); - assert_ok!(Staking::change_endpoint(RuntimeOrigin::signed(1), endpoint.clone(), VALID_QUOTE.to_vec())); + assert_ok!(Staking::change_endpoint( + RuntimeOrigin::signed(1), + endpoint.clone(), + VALID_QUOTE.to_vec() + )); assert_eq!(Staking::threshold_server(1).unwrap().endpoint, endpoint); assert_noop!( @@ -243,12 +247,22 @@ fn it_changes_threshold_account() { VALID_QUOTE.to_vec(), )); - assert_ok!(Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 4, NULL_ARR)); + assert_ok!(Staking::change_threshold_accounts( + RuntimeOrigin::signed(1), + 4, + NULL_ARR, + VALID_QUOTE.to_vec() + )); assert_eq!(Staking::threshold_server(1).unwrap().tss_account, 4); assert_eq!(Staking::threshold_to_stash(4).unwrap(), 1); assert_noop!( - Staking::change_threshold_accounts(RuntimeOrigin::signed(4), 5, NULL_ARR), + Staking::change_threshold_accounts( + RuntimeOrigin::signed(4), + 5, + NULL_ARR, + VALID_QUOTE.to_vec() + ), Error::::NotController ); @@ -273,18 +287,62 @@ fn it_changes_threshold_account() { )); assert_noop!( - Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 5, NULL_ARR), + Staking::change_threshold_accounts( + RuntimeOrigin::signed(1), + 5, + NULL_ARR, + VALID_QUOTE.to_vec() + ), Error::::TssAccountAlreadyExists ); Signers::::put(vec![1]); assert_noop!( - Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 9, NULL_ARR,), + Staking::change_threshold_accounts( + RuntimeOrigin::signed(1), + 9, + NULL_ARR, + VALID_QUOTE.to_vec() + ), Error::::NoChangingThresholdAccountWhenSigner ); }); } +#[test] +fn it_doesnt_allow_changing_threshold_account_with_invalid_quote() { + new_test_ext().execute_with(|| { + assert_ok!(FrameStaking::bond( + RuntimeOrigin::signed(1), + 100u64, + pallet_staking::RewardDestination::Account(1), + )); + + let server_info = ServerInfo { + tss_account: 3, + x25519_public_key: NULL_ARR, + endpoint: vec![20], + provisioning_certification_key: BoundedVec::with_max_capacity(), + }; + assert_ok!(Staking::validate( + RuntimeOrigin::signed(1), + pallet_staking::ValidatorPrefs::default(), + server_info.clone(), + VALID_QUOTE.to_vec(), + )); + + assert_noop!( + Staking::change_threshold_accounts( + RuntimeOrigin::signed(1), + 4, + NULL_ARR, + INVALID_QUOTE.to_vec() + ), + Error::::FailedAttestationCheck + ); + }) +} + #[test] fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { new_test_ext().execute_with(|| { @@ -328,7 +386,12 @@ fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { )); assert_noop!( - Staking::change_threshold_accounts(RuntimeOrigin::signed(1), 5, NULL_ARR), + Staking::change_threshold_accounts( + RuntimeOrigin::signed(1), + 5, + NULL_ARR, + VALID_QUOTE.to_vec() + ), Error::::TssAccountAlreadyExists ); }); From 641134b45aa004b262184befddc501175436939c Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 21 Oct 2024 16:23:09 -0400 Subject: [PATCH 03/31] Bump metadata --- crates/client/entropy_metadata.scale | Bin 209574 -> 209610 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale index a49f28a026a6438447308eb4588c445283da3991..a5cfa30edd4722a2f95b46ecefcefdaba7a8a672 100644 GIT binary patch delta 79 zcmZ4Xl;_k_o(&x@WH}fWQu9&@@-y>FOc-UtQj={;E$kQ=MG8yvOHwCKe&NB$Gx^R7 Y7XgR>LP@jS%XYb!jN9d2GIe+Y0IoqDg8%>k delta 52 zcmV-40L%Z%4#hC K0k>P}0&huQG!|q4 From b2e5d014c742bc8f4ad3d9cec8f8056e22f5a355 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 11:30:11 -0400 Subject: [PATCH 04/31] RustFmt --- pallets/staking/src/lib.rs | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 312245d13..d8ba6ec2e 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -473,8 +473,9 @@ pub mod pallet { Error::::NoChangingThresholdAccountWhenSigner ); - let new_server_info: ServerInfo = - ThresholdServers::::try_mutate(&validator_id, |maybe_server_info| { + let new_server_info: ServerInfo = ThresholdServers::::try_mutate( + &validator_id, + |maybe_server_info| { if let Some(server_info) = maybe_server_info { // Before we modify the `server_info`, we want to check that the validator is // still running TDX hardware. @@ -497,11 +498,13 @@ pub mod pallet { } else { Err(Error::::NoBond) } - })?; + }, + )?; Self::deposit_event(Event::ThresholdAccountChanged(validator_id, new_server_info)); - let actual_weight = ::WeightInfo::change_threshold_accounts(signers.len() as u32); + let actual_weight = + ::WeightInfo::change_threshold_accounts(signers.len() as u32); Ok(Some(actual_weight).into()) } From 8613c80733b66693c75742734855be25bbae3923 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 12:37:37 -0400 Subject: [PATCH 05/31] Get `entropy-client` test for `change_endpoint` working --- Cargo.lock | 1 + crates/client/Cargo.toml | 1 + crates/client/src/client.rs | 5 ++++- crates/client/src/tests.rs | 39 +++++++++++++++++++++++++++++++++++-- pallets/staking/src/lib.rs | 4 ++-- 5 files changed, 45 insertions(+), 5 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 2ad521315..94217c2f3 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2533,6 +2533,7 @@ dependencies = [ "sp-keyring 34.0.0", "subxt", "synedrion", + "tdx-quote", "thiserror", "tokio", "tracing", diff --git a/crates/client/Cargo.toml b/crates/client/Cargo.toml index 14403aca7..5814cfe0d 100644 --- a/crates/client/Cargo.toml +++ b/crates/client/Cargo.toml @@ -40,6 +40,7 @@ tokio ={ version="1.41", features=["time"] } serial_test ="3.1.1" sp-keyring ="34.0.0" entropy-testing-utils={ path="../testing-utils" } +tdx-quote = { version = "0.0.1", features = ["mock"]} [features] default=["native", "full-client-native"] diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 5e5ace6e0..9824c8b1d 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -341,8 +341,9 @@ pub async fn change_endpoint( rpc: &LegacyRpcMethods, user_keypair: sr25519::Pair, new_endpoint: String, + quote: Vec ) -> anyhow::Result { - let change_endpoint_tx = entropy::tx().staking_extension().change_endpoint(new_endpoint.into()); + let change_endpoint_tx = entropy::tx().staking_extension().change_endpoint(new_endpoint.into(), quote); let in_block = submit_transaction_with_pair(api, rpc, &user_keypair, &change_endpoint_tx, None).await?; let result_event = in_block @@ -358,6 +359,7 @@ pub async fn change_threshold_accounts( user_keypair: sr25519::Pair, new_tss_account: String, new_x25519_public_key: String, + quote: Vec, ) -> anyhow::Result { let tss_account = SubxtAccountId32::from_str(&new_tss_account)?; let change_threshold_accounts = entropy::tx().staking_extension().change_threshold_accounts( @@ -365,6 +367,7 @@ pub async fn change_threshold_accounts( hex::decode(new_x25519_public_key)? .try_into() .map_err(|_| anyhow!("X25519 pub key needs to be 32 bytes"))?, + quote, ); let in_block = submit_transaction_with_pair(api, rpc, &user_keypair, &change_threshold_accounts, None) diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 819bf8bae..8673be5cb 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -16,7 +16,7 @@ use crate::{ update_programs, }; use entropy_testing_utils::{ - constants::{TEST_PROGRAM_WASM_BYTECODE, TSS_ACCOUNTS}, + constants::{TEST_PROGRAM_WASM_BYTECODE, TSS_ACCOUNTS, X25519_PUBLIC_KEYS}, helpers::{derive_mock_pck_verifying_key, encode_verifying_key}, jump_start_network, spawn_testing_validators, substrate_context::test_context_stationary, @@ -30,13 +30,48 @@ use subxt::{tx::PairSigner, utils::AccountId32}; #[tokio::test] #[serial] async fn test_change_endpoint() { + use rand::{ + rngs::{OsRng, StdRng}, + SeedableRng, + }; + let one = AccountKeyring::AliceStash; let substrate_context = test_context_stationary().await; let api = get_api(&substrate_context.node_proc.ws_url).await.unwrap(); let rpc = get_rpc(&substrate_context.node_proc.ws_url).await.unwrap(); - let result = change_endpoint(&api, &rpc, one.into(), "new_endpoint".to_string()).await.unwrap(); + // By using this `Alice` account we can skip the `request_attestation` step since this is + // already set up at genesis. + let tss_account_id = &TSS_ACCOUNTS[0]; + let x25519_public_key = X25519_PUBLIC_KEYS[0]; + + // This nonce is what was used in the genesis config for `Alice`. + let nonce = [0; 32]; + + let quote = { + let signing_key = tdx_quote::SigningKey::random(&mut OsRng); + let public_key = sr25519::Public(tss_account_id.0); + + // We need to add `1` here since the quote is being checked in the next block + let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; + + let input_data = entropy_shared::QuoteInputData::new( + public_key, + x25519_public_key, + nonce, + block_number, + ); + + let mut pck_seeder = StdRng::from_seed(public_key.0); + let pck = tdx_quote::SigningKey::random(&mut pck_seeder); + + tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0).as_bytes().to_vec() + }; + + let result = + change_endpoint(&api, &rpc, one.into(), "new_endpoint".to_string(), quote).await.unwrap(); + assert_eq!( format!("{:?}", result), format!( diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index d8ba6ec2e..8c201d4fa 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -378,8 +378,8 @@ pub mod pallet { #[pallet::call] impl Pallet { - /// Allows a validator to change their endpoint so signers can find them when they are coms - /// manager `endpoint`: nodes's endpoint + /// Allows a validator to change the endpoint used by their Threshold Siganture Scheme + /// (TSS) server. /// /// # Expects TDX Quote /// From fdff83a2c1a16e0d2cafe21a9349c7aeffd97b88 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 14:27:07 -0400 Subject: [PATCH 06/31] Get `change_threshold_account` test compiling Doesn't work yet though, but this is at least a good checkpoint --- crates/client/src/tests.rs | 64 +++++++++++++++++++++++++-------- crates/testing-utils/src/lib.rs | 2 ++ 2 files changed, 51 insertions(+), 15 deletions(-) diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 8673be5cb..268f925e8 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -15,6 +15,7 @@ use crate::{ substrate::query_chain, update_programs, }; + use entropy_testing_utils::{ constants::{TEST_PROGRAM_WASM_BYTECODE, TSS_ACCOUNTS, X25519_PUBLIC_KEYS}, helpers::{derive_mock_pck_verifying_key, encode_verifying_key}, @@ -22,6 +23,10 @@ use entropy_testing_utils::{ substrate_context::test_context_stationary, test_node_process_testing_state, ChainSpecType, }; +use rand::{ + rngs::{OsRng, StdRng}, + SeedableRng, +}; use serial_test::serial; use sp_core::{sr25519, Pair, H256}; use sp_keyring::AccountKeyring; @@ -30,11 +35,6 @@ use subxt::{tx::PairSigner, utils::AccountId32}; #[tokio::test] #[serial] async fn test_change_endpoint() { - use rand::{ - rngs::{OsRng, StdRng}, - SeedableRng, - }; - let one = AccountKeyring::AliceStash; let substrate_context = test_context_stationary().await; @@ -56,12 +56,8 @@ async fn test_change_endpoint() { // We need to add `1` here since the quote is being checked in the next block let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; - let input_data = entropy_shared::QuoteInputData::new( - public_key, - x25519_public_key, - nonce, - block_number, - ); + let input_data = + entropy_shared::QuoteInputData::new(public_key, x25519_public_key, nonce, block_number); let mut pck_seeder = StdRng::from_seed(public_key.0); let pck = tdx_quote::SigningKey::random(&mut pck_seeder); @@ -92,13 +88,51 @@ async fn test_change_threshold_accounts() { let api = get_api(&substrate_context.node_proc.ws_url).await.unwrap(); let rpc = get_rpc(&substrate_context.node_proc.ws_url).await.unwrap(); - let x25519_public_key = [0u8; 32]; + + // By using this `Alice` account we can skip the `request_attestation` step since this is + // already set up at genesis. + // let tss_account_id = &TSS_ACCOUNTS[0]; + // let x25519_public_key = X25519_PUBLIC_KEYS[0]; + + use entropy_testing_utils::get_signer_and_x25519_secret_from_mnemonic; + let (tss_signer_pair, x25519_secret) = get_signer_and_x25519_secret_from_mnemonic( + "gospel prosper cactus remember snap enact refuse review bind rescue guard sock", + ) + .unwrap(); + + let public_key = tss_signer_pair.signer().public(); + let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); + + // This nonce is what was used in the genesis config for `Alice`. + let nonce = [0; 32]; + + let quote = { + let signing_key = tdx_quote::SigningKey::random(&mut OsRng); + // let public_key = sr25519::Public(tss_account_id.0); + + // We need to add `1` here since the quote is being checked in the next block + let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; + + let input_data = entropy_shared::QuoteInputData::new( + public_key, + *x25519_public_key.as_bytes(), + nonce, + block_number, + ); + + let mut pck_seeder = StdRng::from_seed(public_key.0); + let pck = tdx_quote::SigningKey::random(&mut pck_seeder); + + tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0).as_bytes().to_vec() + }; + let result = change_threshold_accounts( &api, &rpc, one.into(), - AccountId32(one.pair().public().0.into()).to_string(), - hex::encode(x25519_public_key), + public_key.to_string(), // AccountId32(one.pair().public().0.into()).to_string(), // Nando: Change this account? + hex::encode(*x25519_public_key.as_bytes()), + quote, ) .await .unwrap(); @@ -116,7 +150,7 @@ async fn test_change_threshold_accounts() { AccountId32(one.pair().public().0), ServerInfo { tss_account: AccountId32(one.pair().public().0), - x25519_public_key, + x25519_public_key: *x25519_public_key.as_bytes(), endpoint: "127.0.0.1:3001".as_bytes().to_vec(), provisioning_certification_key, } diff --git a/crates/testing-utils/src/lib.rs b/crates/testing-utils/src/lib.rs index 22329cb1c..435cd9afa 100644 --- a/crates/testing-utils/src/lib.rs +++ b/crates/testing-utils/src/lib.rs @@ -27,3 +27,5 @@ pub use entropy_tss::helpers::tests::{ }; pub use node_proc::TestNodeProcess; pub use substrate_context::*; + +pub use entropy_tss::helpers::validator::get_signer_and_x25519_secret_from_mnemonic; From abec5a91289dc31662fad061d3b5009974e43808 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 15:28:26 -0400 Subject: [PATCH 07/31] Add way to `request_attestation` from client --- crates/client/src/client.rs | 18 ++++++++++++++++++ crates/client/src/tests.rs | 27 ++++++++++++++++++++++++--- 2 files changed, 42 insertions(+), 3 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 9824c8b1d..d7a842e34 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -417,3 +417,21 @@ async fn jumpstart_inner( Ok(()) } + +pub async fn request_attestation( + api: &OnlineClient, + rpc: &LegacyRpcMethods, + signer: sr25519::Pair, +) -> Result, ClientError> { + let request_attestation = entropy::tx().attestation().request_attestation(); + + let result = + submit_transaction_with_pair(api, rpc, &signer, &request_attestation, None).await?; + let result_event = result + .find_first::()?; + + let nonce = result_event.unwrap().0; + dbg!(&nonce); + + Ok(nonce) +} diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 268f925e8..c21c11109 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -11,7 +11,8 @@ use crate::{ }, get_api, get_rpc, EntropyConfig, }, - change_endpoint, change_threshold_accounts, register, remove_program, store_program, + change_endpoint, change_threshold_accounts, register, remove_program, request_attestation, + store_program, substrate::query_chain, update_programs, }; @@ -103,8 +104,28 @@ async fn test_change_threshold_accounts() { let public_key = tss_signer_pair.signer().public(); let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); + // Build a balance transfer extrinsic. + let dest = public_key; // dev::bob().public_key().into(); + let balance_transfer_tx = entropy::tx() + .balances() + .transfer_allow_death((tss_signer_pair.account_id().clone()).into(), 100_000_000_000); + let result = crate::substrate::submit_transaction_with_pair( + &api, + &rpc, + &one.pair(), + &balance_transfer_tx, + None, + ) + .await; + dbg!(&result); + + // let balance_transfer_tx = + // entropy::tx().balances().transfer_allow_death(one.to_account_id().into(), aux_data.amount); + + let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); + // This nonce is what was used in the genesis config for `Alice`. - let nonce = [0; 32]; + let nonce:[u8; 32] = nonce.try_into().unwrap(); let quote = { let signing_key = tdx_quote::SigningKey::random(&mut OsRng); @@ -149,7 +170,7 @@ async fn test_change_threshold_accounts() { events::ThresholdAccountChanged( AccountId32(one.pair().public().0), ServerInfo { - tss_account: AccountId32(one.pair().public().0), + tss_account: AccountId32(public_key.0), // AccountId32(one.pair().public().0), x25519_public_key: *x25519_public_key.as_bytes(), endpoint: "127.0.0.1:3001".as_bytes().to_vec(), provisioning_certification_key, From 9296095aecda7b2e08524104e86f8911c1dea07f Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 15:52:55 -0400 Subject: [PATCH 08/31] Almost have `change_threshold_account` test working Faling to verify the PCK though... --- crates/client/src/client.rs | 8 ++++---- crates/client/src/tests.rs | 11 +++-------- pallets/attestation/src/lib.rs | 7 ++++--- 3 files changed, 11 insertions(+), 15 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index d7a842e34..38547c8db 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -341,9 +341,10 @@ pub async fn change_endpoint( rpc: &LegacyRpcMethods, user_keypair: sr25519::Pair, new_endpoint: String, - quote: Vec + quote: Vec, ) -> anyhow::Result { - let change_endpoint_tx = entropy::tx().staking_extension().change_endpoint(new_endpoint.into(), quote); + let change_endpoint_tx = + entropy::tx().staking_extension().change_endpoint(new_endpoint.into(), quote); let in_block = submit_transaction_with_pair(api, rpc, &user_keypair, &change_endpoint_tx, None).await?; let result_event = in_block @@ -427,8 +428,7 @@ pub async fn request_attestation( let result = submit_transaction_with_pair(api, rpc, &signer, &request_attestation, None).await?; - let result_event = result - .find_first::()?; + let result_event = result.find_first::()?; let nonce = result_event.unwrap().0; dbg!(&nonce); diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index c21c11109..c1195ce0a 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -104,8 +104,8 @@ async fn test_change_threshold_accounts() { let public_key = tss_signer_pair.signer().public(); let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); - // Build a balance transfer extrinsic. - let dest = public_key; // dev::bob().public_key().into(); + // We need to give our new TSS account some funds before it can request an attestation. + let dest = public_key; let balance_transfer_tx = entropy::tx() .balances() .transfer_allow_death((tss_signer_pair.account_id().clone()).into(), 100_000_000_000); @@ -119,13 +119,8 @@ async fn test_change_threshold_accounts() { .await; dbg!(&result); - // let balance_transfer_tx = - // entropy::tx().balances().transfer_allow_death(one.to_account_id().into(), aux_data.amount); - let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); - - // This nonce is what was used in the genesis config for `Alice`. - let nonce:[u8; 32] = nonce.try_into().unwrap(); + let nonce: [u8; 32] = nonce.try_into().unwrap(); let quote = { let signing_key = tdx_quote::SigningKey::random(&mut OsRng); diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs index d51887fd2..d48080712 100644 --- a/pallets/attestation/src/lib.rs +++ b/pallets/attestation/src/lib.rs @@ -243,9 +243,10 @@ pub mod pallet { ) .map_err(|_| Error::::CannotDecodeVerifyingKey)?; - quote - .verify_with_pck(provisioning_certification_key) - .map_err(|_| Error::::PckVerification)?; + // Nando: This line is failing + // quote + // .verify_with_pck(provisioning_certification_key) + // .map_err(|_| Error::::PckVerification)?; PendingAttestations::::remove(attestee); From d5f15455c7fc4787478ec74f75822f0954cad2bb Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 15:54:22 -0400 Subject: [PATCH 09/31] TaploFmt --- crates/client/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crates/client/Cargo.toml b/crates/client/Cargo.toml index 5814cfe0d..63fa6dee1 100644 --- a/crates/client/Cargo.toml +++ b/crates/client/Cargo.toml @@ -40,7 +40,7 @@ tokio ={ version="1.41", features=["time"] } serial_test ="3.1.1" sp-keyring ="34.0.0" entropy-testing-utils={ path="../testing-utils" } -tdx-quote = { version = "0.0.1", features = ["mock"]} +tdx-quote ={ version="0.0.1", features=["mock"] } [features] default=["native", "full-client-native"] From 8daaa24d953a629550f829e04e9695585363011a Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 28 Oct 2024 16:01:46 -0400 Subject: [PATCH 10/31] Be a bit more descriptive with the TSS public key variable --- crates/client/src/tests.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index c1195ce0a..a96be2a56 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -101,11 +101,11 @@ async fn test_change_threshold_accounts() { ) .unwrap(); - let public_key = tss_signer_pair.signer().public(); + let tss_public_key = tss_signer_pair.signer().public(); let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); // We need to give our new TSS account some funds before it can request an attestation. - let dest = public_key; + let dest = tss_public_key; let balance_transfer_tx = entropy::tx() .balances() .transfer_allow_death((tss_signer_pair.account_id().clone()).into(), 100_000_000_000); @@ -130,13 +130,13 @@ async fn test_change_threshold_accounts() { let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; let input_data = entropy_shared::QuoteInputData::new( - public_key, + tss_public_key, *x25519_public_key.as_bytes(), nonce, block_number, ); - let mut pck_seeder = StdRng::from_seed(public_key.0); + let mut pck_seeder = StdRng::from_seed(tss_public_key.0); let pck = tdx_quote::SigningKey::random(&mut pck_seeder); tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0).as_bytes().to_vec() @@ -146,7 +146,7 @@ async fn test_change_threshold_accounts() { &api, &rpc, one.into(), - public_key.to_string(), // AccountId32(one.pair().public().0.into()).to_string(), // Nando: Change this account? + tss_public_key.to_string(), hex::encode(*x25519_public_key.as_bytes()), quote, ) @@ -165,7 +165,7 @@ async fn test_change_threshold_accounts() { events::ThresholdAccountChanged( AccountId32(one.pair().public().0), ServerInfo { - tss_account: AccountId32(public_key.0), // AccountId32(one.pair().public().0), + tss_account: AccountId32(tss_public_key.0), x25519_public_key: *x25519_public_key.as_bytes(), endpoint: "127.0.0.1:3001".as_bytes().to_vec(), provisioning_certification_key, From 2e39ce9c1b59a2cd6a248536e9c1df5ddfa2fa5e Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Wed, 30 Oct 2024 14:32:24 -0400 Subject: [PATCH 11/31] Make `update_threshold_account()` use updated PCK It looks like if the TSS Account ID and X25519 public keys are changing then we're probably on different hardware so the PCK will also change. This also gets the client test for the extrisnic passing. --- crates/client/entropy_metadata.scale | Bin 209734 -> 209782 bytes crates/client/src/client.rs | 8 +++-- crates/client/src/tests.rs | 46 +++++++++++++++------------ pallets/attestation/src/lib.rs | 13 ++++---- pallets/staking/src/lib.rs | 5 ++- 5 files changed, 41 insertions(+), 31 deletions(-) diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale index b9648fac0dab68aec3a3ce045960e0df3b30ab90..0e9b6c904c8a120551a7b9bf9b72cc7f10d9fecd 100644 GIT binary patch delta 32 qcmV+*0N?+{<_z}c46x4V0T7eV=tPr}I4^?|>4y^O0k;zA0yIh-VGm^h delta 28 kcmezNjOW-ho(<<-F!D@3|H7r&`DMHFOUCWaFPV(J0OmaoX8-^I diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 38547c8db..d23caa83c 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -87,9 +87,9 @@ pub async fn register( program_account, programs_data, ) - .await?; + .await?; - let verifying_key = registration_event.1 .0; + let verifying_key = registration_event.1.0; let registered_info = get_registered_details(api, rpc, verifying_key.clone()).await?; let verifying_key = verifying_key.try_into().map_err(|_| ClientError::BadVerifyingKeyLength)?; @@ -360,14 +360,18 @@ pub async fn change_threshold_accounts( user_keypair: sr25519::Pair, new_tss_account: String, new_x25519_public_key: String, + new_pck: Vec, quote: Vec, ) -> anyhow::Result { + dbg!(new_pck.len()); + let tss_account = SubxtAccountId32::from_str(&new_tss_account)?; let change_threshold_accounts = entropy::tx().staking_extension().change_threshold_accounts( tss_account, hex::decode(new_x25519_public_key)? .try_into() .map_err(|_| anyhow!("X25519 pub key needs to be 32 bytes"))?, + BoundedVec(new_pck), quote, ); let in_block = diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index a96be2a56..811432aa3 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -99,7 +99,7 @@ async fn test_change_threshold_accounts() { let (tss_signer_pair, x25519_secret) = get_signer_and_x25519_secret_from_mnemonic( "gospel prosper cactus remember snap enact refuse review bind rescue guard sock", ) - .unwrap(); + .unwrap(); let tss_public_key = tss_signer_pair.signer().public(); let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); @@ -116,12 +116,16 @@ async fn test_change_threshold_accounts() { &balance_transfer_tx, None, ) - .await; + .await; dbg!(&result); let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); let nonce: [u8; 32] = nonce.try_into().unwrap(); + let mut pck_seeder = StdRng::from_seed(tss_public_key.0); + let pck = tdx_quote::SigningKey::random(&mut pck_seeder); + dbg!(&pck); + let quote = { let signing_key = tdx_quote::SigningKey::random(&mut OsRng); // let public_key = sr25519::Public(tss_account_id.0); @@ -136,27 +140,27 @@ async fn test_change_threshold_accounts() { block_number, ); - let mut pck_seeder = StdRng::from_seed(tss_public_key.0); - let pck = tdx_quote::SigningKey::random(&mut pck_seeder); - - tdx_quote::Quote::mock(signing_key.clone(), pck, input_data.0).as_bytes().to_vec() + tdx_quote::Quote::mock(signing_key.clone(), pck.clone(), input_data.0).as_bytes().to_vec() }; + let pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec(); + let result = change_threshold_accounts( &api, &rpc, one.into(), tss_public_key.to_string(), hex::encode(*x25519_public_key.as_bytes()), + pck.clone(), quote, ) - .await - .unwrap(); + .await + .unwrap(); - let provisioning_certification_key = { - let key = derive_mock_pck_verifying_key(&TSS_ACCOUNTS[0]); - BoundedVec(encode_verifying_key(&key).unwrap().to_vec()) - }; + // let provisioning_certification_key = { + // let key = derive_mock_pck_verifying_key(&TSS_ACCOUNTS[0]); + // BoundedVec(encode_verifying_key(&key).unwrap().to_vec()) + // }; assert_eq!( format!("{:?}", result), @@ -168,7 +172,7 @@ async fn test_change_threshold_accounts() { tss_account: AccountId32(tss_public_key.0), x25519_public_key: *x25519_public_key.as_bytes(), endpoint: "127.0.0.1:3001".as_bytes().to_vec(), - provisioning_certification_key, + provisioning_certification_key: BoundedVec(pck), } ) ) @@ -195,8 +199,8 @@ async fn test_store_and_remove_program() { vec![], 0u8, ) - .await - .unwrap(); + .await + .unwrap(); // Check that the program was stored let program_query = entropy::storage().programs().programs(program_hash); @@ -243,8 +247,8 @@ async fn test_remove_program_reference_counter() { vec![], 0u8, ) - .await - .unwrap(); + .await + .unwrap(); // Register, using that program let (verifying_key, _registered_info) = register( @@ -254,8 +258,8 @@ async fn test_remove_program_reference_counter() { AccountId32(program_owner.public().0), BoundedVec(vec![ProgramInstance { program_pointer, program_config: vec![] }]), ) - .await - .unwrap(); + .await + .unwrap(); // Removing program fails because program is being used assert!(remove_program(&api, &rpc, &program_owner, program_pointer).await.is_err()); @@ -271,8 +275,8 @@ async fn test_remove_program_reference_counter() { program_config: vec![], }]), ) - .await - .unwrap(); + .await + .unwrap(); // We can now remove the program because no-one is using it remove_program(&api, &rpc, &program_owner, program_pointer).await.unwrap(); diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs index d48080712..db9f7f13e 100644 --- a/pallets/attestation/src/lib.rs +++ b/pallets/attestation/src/lib.rs @@ -102,14 +102,14 @@ pub mod pallet { #[pallet::storage] #[pallet::getter(fn pending_attestations)] pub type PendingAttestations = - StorageMap<_, Blake2_128Concat, T::AccountId, Nonce, OptionQuery>; + StorageMap<_, Blake2_128Concat, T::AccountId, Nonce, OptionQuery>; /// A mapping between block numbers and TSS nodes for who we want to make a request for /// attestation, used to make attestation requests via an offchain worker #[pallet::storage] #[pallet::getter(fn attestation_requests)] pub type AttestationRequests = - StorageMap<_, Blake2_128Concat, BlockNumberFor, Vec>, OptionQuery>; + StorageMap<_, Blake2_128Concat, BlockNumberFor, Vec>, OptionQuery>; #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] @@ -241,12 +241,11 @@ pub mod pallet { .try_into() .map_err(|_| Error::::CannotDecodeVerifyingKey)?, ) - .map_err(|_| Error::::CannotDecodeVerifyingKey)?; + .map_err(|_| Error::::CannotDecodeVerifyingKey)?; - // Nando: This line is failing - // quote - // .verify_with_pck(provisioning_certification_key) - // .map_err(|_| Error::::PckVerification)?; + quote + .verify_with_pck(provisioning_certification_key) + .map_err(|_| Error::::PckVerification)?; PendingAttestations::::remove(attestee); diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 8c201d4fa..45ec24ff0 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -454,6 +454,7 @@ pub mod pallet { origin: OriginFor, tss_account: T::AccountId, x25519_public_key: X25519PublicKey, + provisioning_certification_key: VerifyingKey, quote: Vec, ) -> DispatchResultWithPostInfo { let who = ensure_signed(origin)?; @@ -483,7 +484,7 @@ pub mod pallet { >::verify_quote( &tss_account.clone(), x25519_public_key, - server_info.provisioning_certification_key.clone(), + provisioning_certification_key.clone(), quote ) .is_ok(), @@ -492,6 +493,8 @@ pub mod pallet { server_info.tss_account = tss_account.clone(); server_info.x25519_public_key = x25519_public_key; + server_info.provisioning_certification_key = provisioning_certification_key; + ThresholdToStash::::insert(&tss_account, &validator_id); Ok(server_info.clone()) From edc2f7c7c4ab187c9d77189d507e8c0fa2c9635e Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Wed, 30 Oct 2024 15:00:28 -0400 Subject: [PATCH 12/31] Clean up `change_threshold_account()` test --- crates/client/src/client.rs | 10 ++-- crates/client/src/tests.rs | 49 +++++++------------ .../src/helpers/validator.rs | 2 +- 3 files changed, 23 insertions(+), 38 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index d23caa83c..2819ca157 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -363,14 +363,13 @@ pub async fn change_threshold_accounts( new_pck: Vec, quote: Vec, ) -> anyhow::Result { - dbg!(new_pck.len()); - let tss_account = SubxtAccountId32::from_str(&new_tss_account)?; + let x25519_public_key = hex::decode(new_x25519_public_key)? + .try_into() + .map_err(|_| anyhow!("X25519 pub key needs to be 32 bytes"))?; let change_threshold_accounts = entropy::tx().staking_extension().change_threshold_accounts( tss_account, - hex::decode(new_x25519_public_key)? - .try_into() - .map_err(|_| anyhow!("X25519 pub key needs to be 32 bytes"))?, + x25519_public_key, BoundedVec(new_pck), quote, ); @@ -435,7 +434,6 @@ pub async fn request_attestation( let result_event = result.find_first::()?; let nonce = result_event.unwrap().0; - dbg!(&nonce); Ok(nonce) } diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 811432aa3..f0be022df 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -19,7 +19,7 @@ use crate::{ use entropy_testing_utils::{ constants::{TEST_PROGRAM_WASM_BYTECODE, TSS_ACCOUNTS, X25519_PUBLIC_KEYS}, - helpers::{derive_mock_pck_verifying_key, encode_verifying_key}, + helpers::encode_verifying_key, jump_start_network, spawn_testing_validators, substrate_context::test_context_stationary, test_node_process_testing_state, ChainSpecType, @@ -90,46 +90,39 @@ async fn test_change_threshold_accounts() { let api = get_api(&substrate_context.node_proc.ws_url).await.unwrap(); let rpc = get_rpc(&substrate_context.node_proc.ws_url).await.unwrap(); - // By using this `Alice` account we can skip the `request_attestation` step since this is - // already set up at genesis. - // let tss_account_id = &TSS_ACCOUNTS[0]; - // let x25519_public_key = X25519_PUBLIC_KEYS[0]; - - use entropy_testing_utils::get_signer_and_x25519_secret_from_mnemonic; - let (tss_signer_pair, x25519_secret) = get_signer_and_x25519_secret_from_mnemonic( - "gospel prosper cactus remember snap enact refuse review bind rescue guard sock", - ) - .unwrap(); + // We need to use an account that's not a validator (so not our default development/test accounts) + // otherwise we're not able to update the TSS and X25519 keys for our existing validator. + let non_validator_seed = + "gospel prosper cactus remember snap enact refuse review bind rescue guard sock"; + let (tss_signer_pair, x25519_secret) = + entropy_testing_utils::get_signer_and_x25519_secret_from_mnemonic(non_validator_seed) + .unwrap(); let tss_public_key = tss_signer_pair.signer().public(); let x25519_public_key = x25519_dalek::PublicKey::from(&x25519_secret); // We need to give our new TSS account some funds before it can request an attestation. - let dest = tss_public_key; - let balance_transfer_tx = entropy::tx() - .balances() - .transfer_allow_death((tss_signer_pair.account_id().clone()).into(), 100_000_000_000); - let result = crate::substrate::submit_transaction_with_pair( + let dest = tss_signer_pair.account_id().clone().into(); + let balance_transfer_tx = entropy::tx().balances().transfer_allow_death(dest, 100_000_000_000); + let _transfer_result = crate::substrate::submit_transaction_with_pair( &api, &rpc, &one.pair(), &balance_transfer_tx, None, ) - .await; - dbg!(&result); + .await + .unwrap(); + // When we request an attestation we get a nonce back that we must use when generating our quote. let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); let nonce: [u8; 32] = nonce.try_into().unwrap(); let mut pck_seeder = StdRng::from_seed(tss_public_key.0); let pck = tdx_quote::SigningKey::random(&mut pck_seeder); - dbg!(&pck); + let encoded_pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec(); let quote = { - let signing_key = tdx_quote::SigningKey::random(&mut OsRng); - // let public_key = sr25519::Public(tss_account_id.0); - // We need to add `1` here since the quote is being checked in the next block let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; @@ -140,28 +133,22 @@ async fn test_change_threshold_accounts() { block_number, ); + let signing_key = tdx_quote::SigningKey::random(&mut OsRng); tdx_quote::Quote::mock(signing_key.clone(), pck.clone(), input_data.0).as_bytes().to_vec() }; - let pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec(); - let result = change_threshold_accounts( &api, &rpc, one.into(), tss_public_key.to_string(), hex::encode(*x25519_public_key.as_bytes()), - pck.clone(), + encoded_pck.clone(), quote, ) .await .unwrap(); - // let provisioning_certification_key = { - // let key = derive_mock_pck_verifying_key(&TSS_ACCOUNTS[0]); - // BoundedVec(encode_verifying_key(&key).unwrap().to_vec()) - // }; - assert_eq!( format!("{:?}", result), format!( @@ -172,7 +159,7 @@ async fn test_change_threshold_accounts() { tss_account: AccountId32(tss_public_key.0), x25519_public_key: *x25519_public_key.as_bytes(), endpoint: "127.0.0.1:3001".as_bytes().to_vec(), - provisioning_certification_key: BoundedVec(pck), + provisioning_certification_key: BoundedVec(encoded_pck), } ) ) diff --git a/crates/threshold-signature-server/src/helpers/validator.rs b/crates/threshold-signature-server/src/helpers/validator.rs index b571e0181..3811b0414 100644 --- a/crates/threshold-signature-server/src/helpers/validator.rs +++ b/crates/threshold-signature-server/src/helpers/validator.rs @@ -88,7 +88,7 @@ fn get_x25519_secret_from_hkdf(hkdf: &Hkdf) -> Result Date: Wed, 30 Oct 2024 15:19:22 -0400 Subject: [PATCH 13/31] Clean up the `request_attestation` client method a bit --- crates/client/src/client.rs | 26 ++++++++++++++++++++------ crates/client/src/tests.rs | 24 ++++++++++++------------ pallets/attestation/src/lib.rs | 6 +++--- 3 files changed, 35 insertions(+), 21 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 2819ca157..6cede4f5e 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -87,9 +87,9 @@ pub async fn register( program_account, programs_data, ) - .await?; + .await?; - let verifying_key = registration_event.1.0; + let verifying_key = registration_event.1 .0; let registered_info = get_registered_details(api, rpc, verifying_key.clone()).await?; let verifying_key = verifying_key.try_into().map_err(|_| ClientError::BadVerifyingKeyLength)?; @@ -422,18 +422,32 @@ async fn jumpstart_inner( Ok(()) } +/// An extrinsic to indicate to the chain that it should expect an attestation from the `signer` at +/// some point in the near future. +/// +/// The returned `nonce` must be used when generating a `quote` for the chain. +#[tracing::instrument( + skip_all, + fields( + attestee = ?attestee.public(), + ) +)] pub async fn request_attestation( api: &OnlineClient, rpc: &LegacyRpcMethods, - signer: sr25519::Pair, + attestee: sr25519::Pair, ) -> Result, ClientError> { + tracing::debug!("{} is requesting an attestation.", attestee.public()); + let request_attestation = entropy::tx().attestation().request_attestation(); let result = - submit_transaction_with_pair(api, rpc, &signer, &request_attestation, None).await?; - let result_event = result.find_first::()?; + submit_transaction_with_pair(api, rpc, &attestee, &request_attestation, None).await?; + let result_event = result + .find_first::()? + .ok_or(crate::errors::SubstrateError::NoEvent)?; - let nonce = result_event.unwrap().0; + let nonce = result_event.0; Ok(nonce) } diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index f0be022df..14febeb03 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -111,8 +111,8 @@ async fn test_change_threshold_accounts() { &balance_transfer_tx, None, ) - .await - .unwrap(); + .await + .unwrap(); // When we request an attestation we get a nonce back that we must use when generating our quote. let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); @@ -146,8 +146,8 @@ async fn test_change_threshold_accounts() { encoded_pck.clone(), quote, ) - .await - .unwrap(); + .await + .unwrap(); assert_eq!( format!("{:?}", result), @@ -186,8 +186,8 @@ async fn test_store_and_remove_program() { vec![], 0u8, ) - .await - .unwrap(); + .await + .unwrap(); // Check that the program was stored let program_query = entropy::storage().programs().programs(program_hash); @@ -234,8 +234,8 @@ async fn test_remove_program_reference_counter() { vec![], 0u8, ) - .await - .unwrap(); + .await + .unwrap(); // Register, using that program let (verifying_key, _registered_info) = register( @@ -245,8 +245,8 @@ async fn test_remove_program_reference_counter() { AccountId32(program_owner.public().0), BoundedVec(vec![ProgramInstance { program_pointer, program_config: vec![] }]), ) - .await - .unwrap(); + .await + .unwrap(); // Removing program fails because program is being used assert!(remove_program(&api, &rpc, &program_owner, program_pointer).await.is_err()); @@ -262,8 +262,8 @@ async fn test_remove_program_reference_counter() { program_config: vec![], }]), ) - .await - .unwrap(); + .await + .unwrap(); // We can now remove the program because no-one is using it remove_program(&api, &rpc, &program_owner, program_pointer).await.unwrap(); diff --git a/pallets/attestation/src/lib.rs b/pallets/attestation/src/lib.rs index db9f7f13e..d51887fd2 100644 --- a/pallets/attestation/src/lib.rs +++ b/pallets/attestation/src/lib.rs @@ -102,14 +102,14 @@ pub mod pallet { #[pallet::storage] #[pallet::getter(fn pending_attestations)] pub type PendingAttestations = - StorageMap<_, Blake2_128Concat, T::AccountId, Nonce, OptionQuery>; + StorageMap<_, Blake2_128Concat, T::AccountId, Nonce, OptionQuery>; /// A mapping between block numbers and TSS nodes for who we want to make a request for /// attestation, used to make attestation requests via an offchain worker #[pallet::storage] #[pallet::getter(fn attestation_requests)] pub type AttestationRequests = - StorageMap<_, Blake2_128Concat, BlockNumberFor, Vec>, OptionQuery>; + StorageMap<_, Blake2_128Concat, BlockNumberFor, Vec>, OptionQuery>; #[pallet::event] #[pallet::generate_deposit(pub(super) fn deposit_event)] @@ -241,7 +241,7 @@ pub mod pallet { .try_into() .map_err(|_| Error::::CannotDecodeVerifyingKey)?, ) - .map_err(|_| Error::::CannotDecodeVerifyingKey)?; + .map_err(|_| Error::::CannotDecodeVerifyingKey)?; quote .verify_with_pck(provisioning_certification_key) From cc71358f9fd9cc78fedf7c3970b15d37a6a65c20 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Wed, 30 Oct 2024 15:28:26 -0400 Subject: [PATCH 14/31] Get `entropy-test-cli` compiling again --- crates/test-cli/src/lib.rs | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/crates/test-cli/src/lib.rs b/crates/test-cli/src/lib.rs index 9bc063167..b34fd9072 100644 --- a/crates/test-cli/src/lib.rs +++ b/crates/test-cli/src/lib.rs @@ -443,7 +443,10 @@ pub async fn run_command( let user_keypair = ::from_string(&mnemonic, None)?; println!("User account for current call: {}", user_keypair.public()); - let result_event = change_endpoint(&api, &rpc, user_keypair, new_endpoint).await?; + // TODO (Nando) + let quote = vec![0]; + let result_event = + change_endpoint(&api, &rpc, user_keypair, new_endpoint, quote).await?; println!("Event result: {:?}", result_event); Ok("Endpoint changed".to_string()) }, @@ -460,12 +463,17 @@ pub async fn run_command( let user_keypair = ::from_string(&mnemonic, None)?; println!("User account for current call: {}", user_keypair.public()); + // TODO (Nando) + let quote = vec![0]; + let new_pck = vec![0]; let result_event = change_threshold_accounts( &api, &rpc, user_keypair, new_tss_account, new_x25519_public_key, + new_pck, + quote, ) .await?; println!("Event result: {:?}", result_event); From 68c8f4c4651b921a4c0c87c8444a15ab0268d70f Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Wed, 30 Oct 2024 15:39:27 -0400 Subject: [PATCH 15/31] Remove unnecessary `.clone()` --- pallets/staking/src/lib.rs | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 45ec24ff0..bfc00f30d 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -491,11 +491,11 @@ pub mod pallet { Error::::FailedAttestationCheck ); - server_info.tss_account = tss_account.clone(); + server_info.tss_account = tss_account; server_info.x25519_public_key = x25519_public_key; server_info.provisioning_certification_key = provisioning_certification_key; - ThresholdToStash::::insert(&tss_account, &validator_id); + ThresholdToStash::::insert(&server_info.tss_account, &validator_id); Ok(server_info.clone()) } else { @@ -513,7 +513,8 @@ pub mod pallet { /// Wraps's Substrate's `unbond` extrinsic but checks to make sure targeted account is not a signer or next signer #[pallet::call_index(2)] - #[pallet::weight(::WeightInfo::unbond(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] + #[pallet::weight(::WeightInfo::unbond(MAX_SIGNERS as u32, MaxNominationsOf::::get()) + )] pub fn unbond( origin: OriginFor, #[pallet::compact] value: BalanceOf, @@ -533,7 +534,8 @@ pub mod pallet { /// Wraps's Substrate's `chill` extrinsic but checks to make sure the targeted account is not a signer or next signer #[pallet::call_index(3)] - #[pallet::weight(::WeightInfo::chill(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] + #[pallet::weight(::WeightInfo::chill(MAX_SIGNERS as u32, MaxNominationsOf::::get()) + )] pub fn chill(origin: OriginFor) -> DispatchResultWithPostInfo { let controller = ensure_signed(origin.clone())?; let ledger = @@ -550,7 +552,8 @@ pub mod pallet { /// Wraps's Substrate's `withdraw_unbonded` extrinsic but clears extra state if fully unbonded #[pallet::call_index(4)] - #[pallet::weight(::WeightInfo::withdraw_unbonded(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] + #[pallet::weight(::WeightInfo::withdraw_unbonded(MAX_SIGNERS as u32, MaxNominationsOf::::get()) + )] pub fn withdraw_unbonded( origin: OriginFor, num_slashing_spans: u32, From f7571c5019f8d33224e55aa9f58ad2251ff9ef1e Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Fri, 1 Nov 2024 12:59:36 -0400 Subject: [PATCH 16/31] Update `test-cli` for new extrinsic arguments --- crates/test-cli/src/lib.rs | 27 ++++++++++++++++++--------- pallets/staking/src/lib.rs | 2 +- 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/crates/test-cli/src/lib.rs b/crates/test-cli/src/lib.rs index b34fd9072..3faeac997 100644 --- a/crates/test-cli/src/lib.rs +++ b/crates/test-cli/src/lib.rs @@ -145,6 +145,11 @@ enum CliCommand { ChangeEndpoint { /// New endpoint to change to (ex. "127.0.0.1:3001") new_endpoint: String, + /// The Intel TDX quote used to prove that this TSS is running on TDX hardware. + /// + /// The quote format is specified in: + /// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf + quote: String, /// The mnemonic for the validator stash account to use for the call, should be stash address #[arg(short, long)] mnemonic_option: Option, @@ -155,6 +160,13 @@ enum CliCommand { new_tss_account: String, /// New x25519 public key new_x25519_public_key: String, + /// The new Provisioning Certifiction Key (PCK) to be used for the TSS. + new_provisioning_certification_key: String, + /// The Intel TDX quote used to prove that this TSS is running on TDX hardware. + /// + /// The quote format is specified in: + /// https://download.01.org/intel-sgx/latest/dcap-latest/linux/docs/Intel_TDX_DCAP_Quoting_Library_API.pdf + quote: String, /// The mnemonic for the validator stash account to use for the call, should be stash address #[arg(short, long)] mnemonic_option: Option, @@ -433,7 +445,7 @@ pub async fn run_command( Ok("Got status".to_string()) }, - CliCommand::ChangeEndpoint { new_endpoint, mnemonic_option } => { + CliCommand::ChangeEndpoint { new_endpoint, quote, mnemonic_option } => { let mnemonic = if let Some(mnemonic_option) = mnemonic_option { mnemonic_option } else { @@ -443,16 +455,16 @@ pub async fn run_command( let user_keypair = ::from_string(&mnemonic, None)?; println!("User account for current call: {}", user_keypair.public()); - // TODO (Nando) - let quote = vec![0]; let result_event = - change_endpoint(&api, &rpc, user_keypair, new_endpoint, quote).await?; + change_endpoint(&api, &rpc, user_keypair, new_endpoint, quote.into()).await?; println!("Event result: {:?}", result_event); Ok("Endpoint changed".to_string()) }, CliCommand::ChangeThresholdAccounts { new_tss_account, new_x25519_public_key, + new_provisioning_certification_key, + quote, mnemonic_option, } => { let mnemonic = if let Some(mnemonic_option) = mnemonic_option { @@ -463,17 +475,14 @@ pub async fn run_command( let user_keypair = ::from_string(&mnemonic, None)?; println!("User account for current call: {}", user_keypair.public()); - // TODO (Nando) - let quote = vec![0]; - let new_pck = vec![0]; let result_event = change_threshold_accounts( &api, &rpc, user_keypair, new_tss_account, new_x25519_public_key, - new_pck, - quote, + new_provisioning_certification_key.into(), + quote.into(), ) .await?; println!("Event result: {:?}", result_event); diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index bfc00f30d..4e7012756 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -435,7 +435,7 @@ pub mod pallet { Ok(()) } - /// Allows a validator to change their assocated threshold server AccountID and X25519 + /// Allows a validator to change their associated threshold server AccountID and X25519 /// public key. /// /// # Expects TDX Quote From 5a0283ca7dbc099c69af820b123699ebca54c7c5 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Fri, 1 Nov 2024 13:21:59 -0400 Subject: [PATCH 17/31] Get staking tests working again --- pallets/staking/src/tests.rs | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/pallets/staking/src/tests.rs b/pallets/staking/src/tests.rs index 8214ca992..a35edb601 100644 --- a/pallets/staking/src/tests.rs +++ b/pallets/staking/src/tests.rs @@ -202,17 +202,17 @@ fn it_doesnt_change_endpoint_with_invalid_quote() { pallet_staking::RewardDestination::Account(1), )); - let server_info = ServerInfo { + let joining_server_info = JoiningServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, endpoint: endpoint.clone(), - provisioning_certification_key: BoundedVec::with_max_capacity(), + pck_certificate_chain: vec![[0u8; 32].to_vec()], }; assert_ok!(Staking::validate( RuntimeOrigin::signed(1), pallet_staking::ValidatorPrefs::default(), - server_info.clone(), + joining_server_info.clone(), VALID_QUOTE.to_vec(), )); @@ -249,6 +249,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 4, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), VALID_QUOTE.to_vec() )); assert_eq!(Staking::threshold_server(1).unwrap().tss_account, 4); @@ -259,6 +260,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(4), 5, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), VALID_QUOTE.to_vec() ), Error::::NotController @@ -289,6 +291,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 5, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), VALID_QUOTE.to_vec() ), Error::::TssAccountAlreadyExists @@ -300,6 +303,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 9, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), VALID_QUOTE.to_vec() ), Error::::NoChangingThresholdAccountWhenSigner @@ -316,16 +320,16 @@ fn it_doesnt_allow_changing_threshold_account_with_invalid_quote() { pallet_staking::RewardDestination::Account(1), )); - let server_info = ServerInfo { + let joining_server_info = JoiningServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, endpoint: vec![20], - provisioning_certification_key: BoundedVec::with_max_capacity(), + pck_certificate_chain: vec![[0u8; 32].to_vec()], }; assert_ok!(Staking::validate( RuntimeOrigin::signed(1), pallet_staking::ValidatorPrefs::default(), - server_info.clone(), + joining_server_info.clone(), VALID_QUOTE.to_vec(), )); @@ -334,6 +338,7 @@ fn it_doesnt_allow_changing_threshold_account_with_invalid_quote() { RuntimeOrigin::signed(1), 4, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), INVALID_QUOTE.to_vec() ), Error::::FailedAttestationCheck @@ -388,6 +393,7 @@ fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { RuntimeOrigin::signed(1), 5, NULL_ARR, + MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), VALID_QUOTE.to_vec() ), Error::::TssAccountAlreadyExists From 3518cd094a0fd801e707df43bd9aa3b60af5e45d Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Fri, 1 Nov 2024 13:27:45 -0400 Subject: [PATCH 18/31] Get Staking benchmarks compiling --- pallets/staking/src/benchmarking.rs | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index 7969acbd3..2bf1b94e6 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -172,13 +172,18 @@ benchmarks! { let caller: T::AccountId = whitelisted_caller(); let bonder: T::AccountId = account("bond", 0, SEED); let threshold: T::AccountId = account("threshold", 0, SEED); + + let endpoint = b"http://localhost:3001"; let x25519_public_key = NULL_ARR; + let quote = vec![0]; - prep_bond_and_validate::(true, caller.clone(), bonder.clone(), threshold, NULL_ARR); + let validate_also = true; + prep_bond_and_validate::(validate_also, caller.clone(), bonder.clone(), threshold, + x25519_public_key.clone()); - }: _(RawOrigin::Signed(bonder.clone()), vec![30]) + }: _(RawOrigin::Signed(bonder.clone()), endpoint.to_vec(), quote) verify { - assert_last_event::(Event::::EndpointChanged(bonder, vec![30]).into()); + assert_last_event::(Event::::EndpointChanged(bonder, endpoint.to_vec()).into()); } change_threshold_accounts { @@ -189,12 +194,18 @@ benchmarks! { let validator_id_signers = ::ValidatorId::try_from(caller.clone()).or(Err(Error::::InvalidValidatorId)).unwrap(); let bonder: T::ValidatorId = validator_id_res.expect("Issue converting account id into validator id"); let threshold: T::AccountId = account("threshold", 0, SEED); + let x25519_public_key: [u8; 32] = NULL_ARR; - prep_bond_and_validate::(true, caller.clone(), _bonder.clone(), threshold, NULL_ARR); + let pck = BoundedVec::try_from(MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec()).unwrap(); + let quote = vec![0]; + + let validate_also = true; + prep_bond_and_validate::(validate_also, caller.clone(), _bonder.clone(), threshold, x25519_public_key.clone()); + let signers = vec![validator_id_signers.clone(); s as usize]; Signers::::put(signers.clone()); - }: _(RawOrigin::Signed(_bonder.clone()), _bonder.clone(), NULL_ARR) + }: _(RawOrigin::Signed(_bonder.clone()), _bonder.clone(), x25519_public_key.clone(), pck, quote) verify { let server_info = ServerInfo { endpoint: vec![20, 20], From 70da5e30bdf17f828c945d49f3f2492555e459b5 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Fri, 1 Nov 2024 13:59:07 -0400 Subject: [PATCH 19/31] Get `change_endpoint` benchmark working --- pallets/staking/src/benchmarking.rs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index 2bf1b94e6..b12a1c954 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -175,12 +175,23 @@ benchmarks! { let endpoint = b"http://localhost:3001"; let x25519_public_key = NULL_ARR; - let quote = vec![0]; let validate_also = true; - prep_bond_and_validate::(validate_also, caller.clone(), bonder.clone(), threshold, - x25519_public_key.clone()); + prep_bond_and_validate::( + validate_also,caller.clone(), + bonder.clone(), + threshold.clone(), + x25519_public_key.clone() + ); + // For quote verification this needs to be the _next_ block, and right now we're at block `0`. + let block_number = 1; + let quote = prepare_attestation_for_validate::( + threshold, + x25519_public_key, + endpoint.clone().to_vec(), + block_number, + ).0; }: _(RawOrigin::Signed(bonder.clone()), endpoint.to_vec(), quote) verify { assert_last_event::(Event::::EndpointChanged(bonder, endpoint.to_vec()).into()); @@ -341,6 +352,7 @@ benchmarks! { x25519_public_key.clone() ); + // For quote verification this needs to be the _next_ block, and right now we're at block `0`. let block_number = 1; let (quote, joining_server_info) = prepare_attestation_for_validate::(threshold_account.clone(), x25519_public_key, endpoint.clone(), block_number); From a4f41c7eb63b15cd3f8e3b47d8b0c7e108e541c8 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Fri, 1 Nov 2024 14:58:52 -0400 Subject: [PATCH 20/31] Get `change_threshold_accounts` benchmark working --- pallets/staking/src/benchmarking.rs | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index b12a1c954..352ed00ce 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -201,26 +201,40 @@ benchmarks! { let s in 0 .. MAX_SIGNERS as u32; let caller: T::AccountId = whitelisted_caller(); let _bonder: T::AccountId = account("bond", 0, SEED); + let validator_id_res = ::ValidatorId::try_from(_bonder.clone()).or(Err(Error::::InvalidValidatorId)); let validator_id_signers = ::ValidatorId::try_from(caller.clone()).or(Err(Error::::InvalidValidatorId)).unwrap(); let bonder: T::ValidatorId = validator_id_res.expect("Issue converting account id into validator id"); + let threshold: T::AccountId = account("threshold", 0, SEED); + let new_threshold: T::AccountId = account("new_threshold", 0, SEED); let x25519_public_key: [u8; 32] = NULL_ARR; + let endpoint = vec![20, 20]; // TODO: b"http://localhost:3001"; let pck = BoundedVec::try_from(MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec()).unwrap(); - let quote = vec![0]; let validate_also = true; - prep_bond_and_validate::(validate_also, caller.clone(), _bonder.clone(), threshold, x25519_public_key.clone()); + prep_bond_and_validate::(validate_also, caller.clone(), _bonder.clone(), threshold.clone(), + x25519_public_key.clone()); + + // For quote verification this needs to be the _next_ block, and right now we're at block `0`. + let block_number = 1; + let quote = prepare_attestation_for_validate::( + new_threshold.clone(), + x25519_public_key, + endpoint.clone().to_vec(), + block_number, + ).0; let signers = vec![validator_id_signers.clone(); s as usize]; Signers::::put(signers.clone()); - }: _(RawOrigin::Signed(_bonder.clone()), _bonder.clone(), x25519_public_key.clone(), pck, quote) + }: _(RawOrigin::Signed(_bonder.clone()), new_threshold.clone(), x25519_public_key.clone(), pck, + quote) verify { let server_info = ServerInfo { endpoint: vec![20, 20], - tss_account: _bonder.clone(), + tss_account: new_threshold.clone(), x25519_public_key: NULL_ARR, provisioning_certification_key: MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), }; From f70db4b2647219131775650f9fc16e3dea90599b Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 14:50:34 -0500 Subject: [PATCH 21/31] RustFmt benches --- pallets/staking/src/benchmarking.rs | 54 ++++++++++++++++++----------- 1 file changed, 33 insertions(+), 21 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index 352ed00ce..cf7c7662f 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -178,20 +178,22 @@ benchmarks! { let validate_also = true; prep_bond_and_validate::( - validate_also,caller.clone(), - bonder.clone(), - threshold.clone(), - x25519_public_key.clone() - ); + validate_also, + caller.clone(), + bonder.clone(), + threshold.clone(), + x25519_public_key.clone(), + ); // For quote verification this needs to be the _next_ block, and right now we're at block `0`. let block_number = 1; let quote = prepare_attestation_for_validate::( - threshold, - x25519_public_key, - endpoint.clone().to_vec(), - block_number, - ).0; + threshold, + x25519_public_key, + endpoint.clone().to_vec(), + block_number, + ) + .0; }: _(RawOrigin::Signed(bonder.clone()), endpoint.to_vec(), quote) verify { assert_last_event::(Event::::EndpointChanged(bonder, endpoint.to_vec()).into()); @@ -199,12 +201,17 @@ benchmarks! { change_threshold_accounts { let s in 0 .. MAX_SIGNERS as u32; + let caller: T::AccountId = whitelisted_caller(); let _bonder: T::AccountId = account("bond", 0, SEED); - let validator_id_res = ::ValidatorId::try_from(_bonder.clone()).or(Err(Error::::InvalidValidatorId)); - let validator_id_signers = ::ValidatorId::try_from(caller.clone()).or(Err(Error::::InvalidValidatorId)).unwrap(); - let bonder: T::ValidatorId = validator_id_res.expect("Issue converting account id into validator id"); + let validator_id_res = ::ValidatorId::try_from(_bonder.clone()) + .or(Err(Error::::InvalidValidatorId)); + let validator_id_signers = ::ValidatorId::try_from(caller.clone()) + .or(Err(Error::::InvalidValidatorId)) + .unwrap(); + let bonder: T::ValidatorId = + validator_id_res.expect("Issue converting account id into validator id"); let threshold: T::AccountId = account("threshold", 0, SEED); let new_threshold: T::AccountId = account("new_threshold", 0, SEED); @@ -214,21 +221,26 @@ benchmarks! { let pck = BoundedVec::try_from(MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec()).unwrap(); let validate_also = true; - prep_bond_and_validate::(validate_also, caller.clone(), _bonder.clone(), threshold.clone(), - x25519_public_key.clone()); + prep_bond_and_validate::( + validate_also, + caller.clone(), + _bonder.clone(), + threshold.clone(), + x25519_public_key.clone(), + ); // For quote verification this needs to be the _next_ block, and right now we're at block `0`. let block_number = 1; let quote = prepare_attestation_for_validate::( - new_threshold.clone(), - x25519_public_key, - endpoint.clone().to_vec(), - block_number, - ).0; + new_threshold.clone(), + x25519_public_key, + endpoint.clone().to_vec(), + block_number, + ) + .0; let signers = vec![validator_id_signers.clone(); s as usize]; Signers::::put(signers.clone()); - }: _(RawOrigin::Signed(_bonder.clone()), new_threshold.clone(), x25519_public_key.clone(), pck, quote) verify { From c68a4ed5467ce3867ff1c13d5e829fde5da4085b Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 15:00:27 -0500 Subject: [PATCH 22/31] Use better mock endpoint --- pallets/staking/src/benchmarking.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index cf7c7662f..51118e577 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -133,7 +133,7 @@ fn prep_bond_and_validate( if validate_also { let block_number = 0; - let endpoint = vec![20, 20]; + let endpoint = b"http://localhost:3001".to_vec(); let (quote, joining_server_info) = prepare_attestation_for_validate::( threshold, x25519_public_key, @@ -217,7 +217,7 @@ benchmarks! { let new_threshold: T::AccountId = account("new_threshold", 0, SEED); let x25519_public_key: [u8; 32] = NULL_ARR; - let endpoint = vec![20, 20]; // TODO: b"http://localhost:3001"; + let endpoint = b"http://localhost:3001".to_vec(); let pck = BoundedVec::try_from(MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec()).unwrap(); let validate_also = true; @@ -245,7 +245,7 @@ benchmarks! { quote) verify { let server_info = ServerInfo { - endpoint: vec![20, 20], + endpoint: b"http://localhost:3001".to_vec(), tss_account: new_threshold.clone(), x25519_public_key: NULL_ARR, provisioning_certification_key: MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), From f237a739407eface9cf234e0d8e729a61d9633a3 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 15:25:29 -0500 Subject: [PATCH 23/31] Switch to requiring a PCK chain instead of a certificate directly This matches what `validate()` does and prevents us from having an invalid PCK become part of `ServerInfo`. --- pallets/staking/src/benchmarking.rs | 17 +++++++++++------ pallets/staking/src/lib.rs | 9 ++++++++- pallets/staking/src/tests.rs | 25 ++++++++++++++----------- 3 files changed, 33 insertions(+), 18 deletions(-) diff --git a/pallets/staking/src/benchmarking.rs b/pallets/staking/src/benchmarking.rs index 51118e577..411806a84 100644 --- a/pallets/staking/src/benchmarking.rs +++ b/pallets/staking/src/benchmarking.rs @@ -218,7 +218,6 @@ benchmarks! { let x25519_public_key: [u8; 32] = NULL_ARR; let endpoint = b"http://localhost:3001".to_vec(); - let pck = BoundedVec::try_from(MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec()).unwrap(); let validate_also = true; prep_bond_and_validate::( @@ -231,18 +230,24 @@ benchmarks! { // For quote verification this needs to be the _next_ block, and right now we're at block `0`. let block_number = 1; - let quote = prepare_attestation_for_validate::( + let (quote , joining_server_info) = prepare_attestation_for_validate::( new_threshold.clone(), x25519_public_key, endpoint.clone().to_vec(), block_number, - ) - .0; + ); + + let pck_certificate_chain = joining_server_info.pck_certificate_chain; let signers = vec![validator_id_signers.clone(); s as usize]; Signers::::put(signers.clone()); - }: _(RawOrigin::Signed(_bonder.clone()), new_threshold.clone(), x25519_public_key.clone(), pck, - quote) + }: _( + RawOrigin::Signed(_bonder.clone()), + new_threshold.clone(), + x25519_public_key.clone(), + pck_certificate_chain, + quote + ) verify { let server_info = ServerInfo { endpoint: b"http://localhost:3001".to_vec(), diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 4e7012756..54adad9b6 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -454,7 +454,7 @@ pub mod pallet { origin: OriginFor, tss_account: T::AccountId, x25519_public_key: X25519PublicKey, - provisioning_certification_key: VerifyingKey, + pck_certificate_chain: Vec>, quote: Vec, ) -> DispatchResultWithPostInfo { let who = ensure_signed(origin)?; @@ -474,6 +474,13 @@ pub mod pallet { Error::::NoChangingThresholdAccountWhenSigner ); + let provisioning_certification_key = + T::PckCertChainVerifier::verify_pck_certificate_chain(pck_certificate_chain) + .map_err(|error| { + let e: Error = error.into(); + e + })?; + let new_server_info: ServerInfo = ThresholdServers::::try_mutate( &validator_id, |maybe_server_info| { diff --git a/pallets/staking/src/tests.rs b/pallets/staking/src/tests.rs index a35edb601..01eef85a6 100644 --- a/pallets/staking/src/tests.rs +++ b/pallets/staking/src/tests.rs @@ -232,11 +232,12 @@ fn it_changes_threshold_account() { pallet_staking::RewardDestination::Account(1), )); + let pck_certificate_chain = vec![vec![0u8; 32]]; let joining_server_info = JoiningServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, endpoint: vec![20], - pck_certificate_chain: vec![[0u8; 32].to_vec()], + pck_certificate_chain: pck_certificate_chain.clone(), }; assert_ok!(Staking::validate( RuntimeOrigin::signed(1), @@ -249,7 +250,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 4, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), VALID_QUOTE.to_vec() )); assert_eq!(Staking::threshold_server(1).unwrap().tss_account, 4); @@ -260,7 +261,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(4), 5, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), VALID_QUOTE.to_vec() ), Error::::NotController @@ -277,7 +278,7 @@ fn it_changes_threshold_account() { tss_account: 5, x25519_public_key: NULL_ARR, endpoint: vec![20], - pck_certificate_chain: vec![[0u8; 32].to_vec()], + pck_certificate_chain: pck_certificate_chain.clone(), }; assert_ok!(Staking::validate( RuntimeOrigin::signed(2), @@ -291,7 +292,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 5, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), VALID_QUOTE.to_vec() ), Error::::TssAccountAlreadyExists @@ -303,7 +304,7 @@ fn it_changes_threshold_account() { RuntimeOrigin::signed(1), 9, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), VALID_QUOTE.to_vec() ), Error::::NoChangingThresholdAccountWhenSigner @@ -320,11 +321,12 @@ fn it_doesnt_allow_changing_threshold_account_with_invalid_quote() { pallet_staking::RewardDestination::Account(1), )); + let pck_certificate_chain = vec![[0u8; 32].to_vec()]; let joining_server_info = JoiningServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, endpoint: vec![20], - pck_certificate_chain: vec![[0u8; 32].to_vec()], + pck_certificate_chain: pck_certificate_chain.clone(), }; assert_ok!(Staking::validate( RuntimeOrigin::signed(1), @@ -338,7 +340,7 @@ fn it_doesnt_allow_changing_threshold_account_with_invalid_quote() { RuntimeOrigin::signed(1), 4, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), INVALID_QUOTE.to_vec() ), Error::::FailedAttestationCheck @@ -355,11 +357,12 @@ fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { pallet_staking::RewardDestination::Account(1), )); + let pck_certificate_chain = vec![[0u8; 32].to_vec()]; let joining_server_info = JoiningServerInfo { tss_account: 3, x25519_public_key: NULL_ARR, endpoint: vec![20], - pck_certificate_chain: vec![[0u8; 32].to_vec()], + pck_certificate_chain: pck_certificate_chain.clone(), }; assert_ok!(Staking::validate( RuntimeOrigin::signed(1), @@ -379,7 +382,7 @@ fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { tss_account: 5, x25519_public_key: NULL_ARR, endpoint: vec![20], - pck_certificate_chain: vec![[0u8; 32].to_vec()], + pck_certificate_chain: pck_certificate_chain.clone(), }; assert_ok!(Staking::validate( RuntimeOrigin::signed(2), @@ -393,7 +396,7 @@ fn it_will_not_allow_existing_tss_account_when_changing_threshold_account() { RuntimeOrigin::signed(1), 5, NULL_ARR, - MOCK_PCK_DERIVED_FROM_NULL_ARRAY.to_vec().try_into().unwrap(), + pck_certificate_chain.clone(), VALID_QUOTE.to_vec() ), Error::::TssAccountAlreadyExists From 212628d2d4302f50e761293bcccf77b4c049dba5 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 15:38:03 -0500 Subject: [PATCH 24/31] Bump metadata --- crates/client/entropy_metadata.scale | Bin 209782 -> 209774 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/crates/client/entropy_metadata.scale b/crates/client/entropy_metadata.scale index 0e9b6c904c8a120551a7b9bf9b72cc7f10d9fecd..00e10f14ada10341859b6eaa12033d6e59070578 100644 GIT binary patch delta 26 icmezNjOX1mo(;k;C*ORn-t6?U-RULccBhw2CSCx}EDg2* delta 30 mcmaF&jOW`ko(;k;Cr`4_pWO6HsM+UbyU$C;?LIG=l)M1_5Dwu0 From 21bdfa7de3997fd71f846e8fdcfb88838f538b75 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 15:56:57 -0500 Subject: [PATCH 25/31] Update `client` to use PCK certificate chains --- crates/client/src/client.rs | 4 ++-- crates/client/src/tests.rs | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/crates/client/src/client.rs b/crates/client/src/client.rs index 6cede4f5e..98e73bda6 100644 --- a/crates/client/src/client.rs +++ b/crates/client/src/client.rs @@ -360,7 +360,7 @@ pub async fn change_threshold_accounts( user_keypair: sr25519::Pair, new_tss_account: String, new_x25519_public_key: String, - new_pck: Vec, + new_pck_certificate_chain: Vec>, quote: Vec, ) -> anyhow::Result { let tss_account = SubxtAccountId32::from_str(&new_tss_account)?; @@ -370,7 +370,7 @@ pub async fn change_threshold_accounts( let change_threshold_accounts = entropy::tx().staking_extension().change_threshold_accounts( tss_account, x25519_public_key, - BoundedVec(new_pck), + new_pck_certificate_chain, quote, ); let in_block = diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 14febeb03..6370ffe6d 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -118,10 +118,15 @@ async fn test_change_threshold_accounts() { let nonce = request_attestation(&api, &rpc, tss_signer_pair.signer().clone()).await.unwrap(); let nonce: [u8; 32] = nonce.try_into().unwrap(); - let mut pck_seeder = StdRng::from_seed(tss_public_key.0); + let mut pck_seeder = StdRng::from_seed(tss_public_key.0.clone()); let pck = tdx_quote::SigningKey::random(&mut pck_seeder); let encoded_pck = encode_verifying_key(&pck.verifying_key()).unwrap().to_vec(); + // Our runtime is using the mock `PckCertChainVerifier`, which means that the expected + // "certificate" basically is just our TSS account ID. This account needs to match the one + // used to sign the following `quote`. + let pck_certificate_chain = vec![tss_public_key.0.to_vec()]; + let quote = { // We need to add `1` here since the quote is being checked in the next block let block_number = rpc.chain_get_header(None).await.unwrap().unwrap().number + 1; @@ -143,7 +148,7 @@ async fn test_change_threshold_accounts() { one.into(), tss_public_key.to_string(), hex::encode(*x25519_public_key.as_bytes()), - encoded_pck.clone(), + pck_certificate_chain, quote, ) .await From 492b9d6391bd79046066a433d757bd507c49d2b8 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 15:57:06 -0500 Subject: [PATCH 26/31] Update the `test-cli` to use PCK certificate chains --- crates/test-cli/src/lib.rs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/crates/test-cli/src/lib.rs b/crates/test-cli/src/lib.rs index 3faeac997..6a9007861 100644 --- a/crates/test-cli/src/lib.rs +++ b/crates/test-cli/src/lib.rs @@ -160,8 +160,8 @@ enum CliCommand { new_tss_account: String, /// New x25519 public key new_x25519_public_key: String, - /// The new Provisioning Certifiction Key (PCK) to be used for the TSS. - new_provisioning_certification_key: String, + /// The new Provisioning Certification Key (PCK) certificate chain to be used for the TSS. + new_pck_certificate_chain: Vec, /// The Intel TDX quote used to prove that this TSS is running on TDX hardware. /// /// The quote format is specified in: @@ -463,7 +463,7 @@ pub async fn run_command( CliCommand::ChangeThresholdAccounts { new_tss_account, new_x25519_public_key, - new_provisioning_certification_key, + new_pck_certificate_chain, quote, mnemonic_option, } => { @@ -475,13 +475,15 @@ pub async fn run_command( let user_keypair = ::from_string(&mnemonic, None)?; println!("User account for current call: {}", user_keypair.public()); + let new_pck_certificate_chain = + new_pck_certificate_chain.iter().cloned().map(|i| i.into()).collect::<_>(); let result_event = change_threshold_accounts( &api, &rpc, user_keypair, new_tss_account, new_x25519_public_key, - new_provisioning_certification_key.into(), + new_pck_certificate_chain, quote.into(), ) .await?; From 2434d4da55b24ad02be8e05f7dfc8a446745f6dc Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 16:07:47 -0500 Subject: [PATCH 27/31] Undo some formatting changes --- pallets/staking/src/lib.rs | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/pallets/staking/src/lib.rs b/pallets/staking/src/lib.rs index 54adad9b6..8154f3bde 100644 --- a/pallets/staking/src/lib.rs +++ b/pallets/staking/src/lib.rs @@ -520,8 +520,7 @@ pub mod pallet { /// Wraps's Substrate's `unbond` extrinsic but checks to make sure targeted account is not a signer or next signer #[pallet::call_index(2)] - #[pallet::weight(::WeightInfo::unbond(MAX_SIGNERS as u32, MaxNominationsOf::::get()) - )] + #[pallet::weight(::WeightInfo::unbond(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] pub fn unbond( origin: OriginFor, #[pallet::compact] value: BalanceOf, @@ -541,8 +540,7 @@ pub mod pallet { /// Wraps's Substrate's `chill` extrinsic but checks to make sure the targeted account is not a signer or next signer #[pallet::call_index(3)] - #[pallet::weight(::WeightInfo::chill(MAX_SIGNERS as u32, MaxNominationsOf::::get()) - )] + #[pallet::weight(::WeightInfo::chill(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] pub fn chill(origin: OriginFor) -> DispatchResultWithPostInfo { let controller = ensure_signed(origin.clone())?; let ledger = @@ -559,8 +557,7 @@ pub mod pallet { /// Wraps's Substrate's `withdraw_unbonded` extrinsic but clears extra state if fully unbonded #[pallet::call_index(4)] - #[pallet::weight(::WeightInfo::withdraw_unbonded(MAX_SIGNERS as u32, MaxNominationsOf::::get()) - )] + #[pallet::weight(::WeightInfo::withdraw_unbonded(MAX_SIGNERS as u32, MaxNominationsOf::::get()))] pub fn withdraw_unbonded( origin: OriginFor, num_slashing_spans: u32, From 1628f8a428eba7b215700a7357ea0e6aeb7cdcf2 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 16:14:41 -0500 Subject: [PATCH 28/31] Variables mystery amount --- crates/client/src/tests.rs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/crates/client/src/tests.rs b/crates/client/src/tests.rs index 6370ffe6d..93e406037 100644 --- a/crates/client/src/tests.rs +++ b/crates/client/src/tests.rs @@ -103,7 +103,8 @@ async fn test_change_threshold_accounts() { // We need to give our new TSS account some funds before it can request an attestation. let dest = tss_signer_pair.account_id().clone().into(); - let balance_transfer_tx = entropy::tx().balances().transfer_allow_death(dest, 100_000_000_000); + let amount = 10 * entropy_shared::MIN_BALANCE; + let balance_transfer_tx = entropy::tx().balances().transfer_allow_death(dest, amount); let _transfer_result = crate::substrate::submit_transaction_with_pair( &api, &rpc, From fe7aadd6b01dcb839f3026ed5bdb57042a64f588 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 16:22:53 -0500 Subject: [PATCH 29/31] Add `CHANGELOG` entry --- CHANGELOG.md | 352 +++++++++++++++++++++++++++++++++++---------------- 1 file changed, 246 insertions(+), 106 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be9f22026..4edc81bd7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,24 +10,37 @@ At the moment this project **does not** adhere to ## [Unreleased](https://github.com/entropyxyz/entropy-core/compare/release/v0.3.0-rc.1...master) ### Breaking Changes -- In [#1104](https://github.com/entropyxyz/entropy-core/pull/1104) the `/validator/rotate_network_key` endpoint was renamed to `rotate_network_key` -- In [#1109](https://github.com/entropyxyz/entropy-core/pull/1109/), the `MaxPendingAttestations` config type, the `ValidationQueue` storage + +- In [#1104](https://github.com/entropyxyz/entropy-core/pull/1104) the + `/validator/rotate_network_key` endpoint was renamed to `rotate_network_key` +- In [#1109](https://github.com/entropyxyz/entropy-core/pull/1109/), the `MaxPendingAttestations` + config type, the `ValidationQueue` storage structure, and the `NodeInfoChanged` event were removed from the Staking Extension pallet. The `AttestationHandler` config type was added to the Staking Extension pallet. The `KeyProvider` and `AttestationQueue` config types were removed from the Attestation pallet. -- In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type `PckCertChainVerifier` +- In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type + `PckCertChainVerifier` was added to the staking extension pallet's `Config` trait. -- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the ```no-sync``` option was removed +- In [#1123](https://github.com/entropyxyz/entropy-core/pull/1123/) the `change_endpoint()` and + `change_threshold_accounts()` extrinsics got new TDX `quote` related parameters added. +- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the `--no-sync` option was + removed. ### Changed -- Use correct key rotation endpoint in OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104)) -- Change attestation flow to be pull based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/)) + +- Use correct key rotation endpoint in + OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104)) +- Change attestation flow to be pull + based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/)) - Handle PCK certificates ([#1068](https://github.com/entropyxyz/entropy-core/pull/1068)) +- Add quote guards to `ServerInfo` related + extrinsics ([#1123](https://github.com/entropyxyz/entropy-core/pull/1123/)) - Remove declare synced ([#1134](https://github.com/entropyxyz/entropy-core/pull/1134/)) ## [0.3.0-rc.1](https://github.com/entropyxyz/entropy-core/compare/release/v0.2.0...release/v0.3.0-rc.1) - 2024-10-04 ### Breaking Changes + - In [#799](https://github.com/entropyxyz/entropy-core/pull/799) the concept of subgroups was removed in favour of a single pool of signers. - In [#801](https://github.com/entropyxyz/entropy-core/pull/801) permissioned access mode was @@ -48,7 +61,8 @@ At the moment this project **does not** adhere to and `withdraw_unbonded` - In [#1045](https://github.com/entropyxyz/entropy-core/pull/1045), `ProgramsInfo` now takes `version_number` to maintain backwards compatibility if programs runtime is updated -- In [#1050](https://github.com/entropyxyz/entropy-core/pull/1050), the flow for signing has changed. +- In [#1050](https://github.com/entropyxyz/entropy-core/pull/1050), the flow for signing has + changed. A user now sends their request to any validator that is not a signer. This will act as a relayer. As such, `UserSignatureRequest` no longer requires the `validators_info` field since the the relayer adds that in after. The response received from the validator is now a `Vec` @@ -62,6 +76,7 @@ At the moment this project **does not** adhere to from the `devnet-local` chainspec and replaced with `Charlie`. ### Added + - Jumpstart network ([#918](https://github.com/entropyxyz/entropy-core/pull/918)) - Add Signer groups and rotation ([#938](https://github.com/entropyxyz/entropy-core/pull/938)) - Split jumpstart and register flows ([#952](https://github.com/entropyxyz/entropy-core/pull/952)) @@ -72,33 +87,46 @@ At the moment this project **does not** adhere to - Signing flow with derived accounts ([#990](https://github.com/entropyxyz/entropy-core/pull/990)) - TSS attestation endpoint ([#1001](https://github.com/entropyxyz/entropy-core/pull/1001)) - Attestation pallet ([#1003](https://github.com/entropyxyz/entropy-core/pull/1003)) -- Add `network-jumpstart` command to `entropy-test-cli` ([#1004](https://github.com/entropyxyz/entropy-core/pull/1004)) -- Update test CLI for new registration and signing flows ([#1008](https://github.com/entropyxyz/entropy-core/pull/1008)) -- Add remove program function to entropy-client ([#1023](https://github.com/entropyxyz/entropy-core/pull/1023)) +- Add `network-jumpstart` command to + `entropy-test-cli` ([#1004](https://github.com/entropyxyz/entropy-core/pull/1004)) +- Update test CLI for new registration and signing + flows ([#1008](https://github.com/entropyxyz/entropy-core/pull/1008)) +- Add remove program function to + entropy-client ([#1023](https://github.com/entropyxyz/entropy-core/pull/1023)) - Select validators for jumpstart DKG [#1053](https://github.com/entropyxyz/entropy-core/pull/1053)) - Add a programs version ([#1045](https://github.com/entropyxyz/entropy-core/pull/1045)) -- Handle Provisioning Certification Keys (PCKs) ([#1051](https://github.com/entropyxyz/entropy-core/pull/1051)) +- Handle Provisioning Certification Keys ( + PCKs) ([#1051](https://github.com/entropyxyz/entropy-core/pull/1051)) - Block tss chain when signer ([#1078](https://github.com/entropyxyz/entropy-core/pull/1078)) ### Changed + - Migrate to threshold signing ([#800](https://github.com/entropyxyz/entropy-core/pull/800)) - Use t of n signing in `entropy-tss` ([#879](https://github.com/entropyxyz/entropy-core/pull/879)) -- Fix TSS `AccountId` keys in chainspec ([#993](https://github.com/entropyxyz/entropy-core/pull/993)) -- No unbonding when signer or next signer ([#1031](https://github.com/entropyxyz/entropy-core/pull/1031)) +- Fix TSS `AccountId` keys in + chainspec ([#993](https://github.com/entropyxyz/entropy-core/pull/993)) +- No unbonding when signer or next + signer ([#1031](https://github.com/entropyxyz/entropy-core/pull/1031)) - Add relay tx endpoint ([#1050](https://github.com/entropyxyz/entropy-core/pull/1050)) -- Trigger attestation check during validate ([#1063](https://github.com/entropyxyz/entropy-core/pull/1063)) -- Add fourth node to `devnet-local` configuration ([#1086](https://github.com/entropyxyz/entropy-core/pull/1086)) +- Trigger attestation check during + validate ([#1063](https://github.com/entropyxyz/entropy-core/pull/1063)) +- Add fourth node to `devnet-local` + configuration ([#1086](https://github.com/entropyxyz/entropy-core/pull/1086)) ### Removed + - Remove subgroups ([#799](https://github.com/entropyxyz/entropy-core/pull/799)) - Remove permission from chain ([#801](https://github.com/entropyxyz/entropy-core/pull/801)) -- Remove `prune_registration` extrinsic ([#1022](https://github.com/entropyxyz/entropy-core/pull/1022)) -- Remove `confirm_registered` extrinsic ([#1025](https://github.com/entropyxyz/entropy-core/pull/1025)) +- Remove `prune_registration` + extrinsic ([#1022](https://github.com/entropyxyz/entropy-core/pull/1022)) +- Remove `confirm_registered` + extrinsic ([#1025](https://github.com/entropyxyz/entropy-core/pull/1025)) - Remove old registration flow ([#1030](https://github.com/entropyxyz/entropy-core/pull/1030)) ## [0.2.0](https://github.com/entropyxyz/entropy-core/compare/release/v0.1.0...release/v0.2.0) - 2024-07-11 ### Breaking Changes + - In [#853](https://github.com/entropyxyz/entropy-core/pull/853) the responsibility of generating a TSS mnemonic was shifted to operators, which can be done using the `--mnemonic` flag during process startup. This also allows operators to back up the mnemonic for their TSS. @@ -119,17 +147,25 @@ At the moment this project **does not** adhere to accounts (e.g development accounts like `//Alice`). ### Added -- Add a way to change program modification account ([#843](https://github.com/entropyxyz/entropy-core/pull/843)) -- Add support for `--mnemonic-file` and `THRESHOLD_SERVER_MNEMONIC` ([#864](https://github.com/entropyxyz/entropy-core/pull/864)) + +- Add a way to change program modification + account ([#843](https://github.com/entropyxyz/entropy-core/pull/843)) +- Add support for `--mnemonic-file` and + `THRESHOLD_SERVER_MNEMONIC` ([#864](https://github.com/entropyxyz/entropy-core/pull/864)) - Add validator helpers to cli ([#870](https://github.com/entropyxyz/entropy-core/pull/870)) -- Add `blake2` as built in hash function and make `HashingAlgorithm` non-exhaustive ([#881](https://github.com/entropyxyz/entropy-core/pull/881)) -- Add sort to subgroup signer selection ([#900](https://github.com/entropyxyz/entropy-core/pull/900)) -- Create four node Docker Compose chainspec ([#902](https://github.com/entropyxyz/entropy-core/pull/902)) +- Add `blake2` as built in hash function and make `HashingAlgorithm` + non-exhaustive ([#881](https://github.com/entropyxyz/entropy-core/pull/881)) +- Add sort to subgroup signer + selection ([#900](https://github.com/entropyxyz/entropy-core/pull/900)) +- Create four node Docker Compose + chainspec ([#902](https://github.com/entropyxyz/entropy-core/pull/902)) - Oracle data integration ([#922](https://github.com/entropyxyz/entropy-core/pull/922)) ### Changed + - Move TSS mnemonic out of keystore ([#853](https://github.com/entropyxyz/entropy-core/pull/853)) -- Prepare test CLI for use in Programs repo ([#856](https://github.com/entropyxyz/entropy-core/pull/856)) +- Prepare test CLI for use in Programs + repo ([#856](https://github.com/entropyxyz/entropy-core/pull/856)) - Replace timestamp with block number ([#866](https://github.com/entropyxyz/entropy-core/pull/866)) - Change currency units ([#901](https://github.com/entropyxyz/entropy-core/pull/901)) @@ -141,12 +177,18 @@ There aren't a lot of new features compared to the `v0.12.0` release. However, o is that crates related to the threshold server (`entropy-tss`) are now published on crates.io. ### Changed -- Make full version of entropy-client possible to compile on wasm ([#816](https://github.com/entropyxyz/entropy-core/pull/816)) -- Remove certain endowed accounts from chain ([#819](https://github.com/entropyxyz/entropy-core/pull/819)) -- Updates for test-cli before publishing and to work nicely with v0.0.12 ([#830](https://github.com/entropyxyz/entropy-core/pull/830)) + +- Make full version of entropy-client possible to compile on + wasm ([#816](https://github.com/entropyxyz/entropy-core/pull/816)) +- Remove certain endowed accounts from + chain ([#819](https://github.com/entropyxyz/entropy-core/pull/819)) +- Updates for test-cli before publishing and to work nicely with + v0.0.12 ([#830](https://github.com/entropyxyz/entropy-core/pull/830)) ### Fixed -- Fix `Account Deserialization` error from verifying key mismatch ([#831](https://github.com/entropyxyz/entropy-core/pull/831)) + +- Fix `Account Deserialization` error from verifying key + mismatch ([#831](https://github.com/entropyxyz/entropy-core/pull/831)) ## [0.0.12](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.11...release/v0.0.12) - 2024-05-02 @@ -156,7 +198,8 @@ is that crates related to the threshold server (`entropy-tss`) are now published `programs::set_program` extrinsic now takes an additional argument `oracle_data_pointer` of type `Vec` (`Uint8Array` on JS). Since oracles are not completely implemented this should be passed an empty vector/array. -- In [#762](https://github.com/entropyxyz/entropy-core/pull/762) 'Update Substrate to Polkadot 1.7.0' +- In [#762](https://github.com/entropyxyz/entropy-core/pull/762) 'Update Substrate to Polkadot + 1.7.0' the genesis chainspec builder has been updated for sc_service 0.36.0, which affects both the runtime and chainspec. - In [#709](https://github.com/entropyxyz/entropy-core/pull/709) 'Derive the threshold account @@ -171,23 +214,30 @@ is that crates related to the threshold server (`entropy-tss`) are now published the chainspec. ### Added + - Add testnet account JSON ([#769](https://github.com/entropyxyz/entropy-core/pull/769)) -- Make common crate for TSS and test client ([#775](https://github.com/entropyxyz/entropy-core/pull/775)) +- Make common crate for TSS and test + client ([#775](https://github.com/entropyxyz/entropy-core/pull/775)) ### Changed -- Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF ([#709](https://github.com/entropyxyz/entropy-core/pull/709)) + +- Derive the threshold account keypair and x25519 keypair from mnemonic using + HKDF ([#709](https://github.com/entropyxyz/entropy-core/pull/709)) - TSS servers sync by default ([#784](https://github.com/entropyxyz/entropy-core/pull/784)) -- Improve test-cli following removal of permissioned mode ([#770](https://github.com/entropyxyz/entropy-core/pull/770)) +- Improve test-cli following removal of permissioned + mode ([#770](https://github.com/entropyxyz/entropy-core/pull/770)) ## [0.0.11](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.10...release/v0.0.11) - 2024-04-XX ### Breaking Changes + - In [#623](https://github.com/entropyxyz/entropy-core/pull/623), 'Public Access Mode', the `UserSignatureRequest` given when requesting a signature with the 'sign_tx' http endpoint must now contain an additional field, `signature_request_account: AccountId32`. In private and permissioned modes, this must be identical to the account used to sign the `SignedMessage` containing the signature request. In public access mode this may be an Entropy account owned by someone else. -- In [#629](https://github.com/entropyxyz/entropy-core/pull/629), 'Add proactive refresh keys on-chain', +- In [#629](https://github.com/entropyxyz/entropy-core/pull/629), 'Add proactive refresh keys + on-chain', the `StakingExtensionConfig::proactive_refresh_validators` field used by the chain spec is now `StakingExtensionConfig::proactive_refresh_data` and takes a tuple of `Vec`. Both should be empty at genesis for production. @@ -229,33 +279,48 @@ is that crates related to the threshold server (`entropy-tss`) are now published the Parameters pallet was added, `max_instructions_per_program`. ### Added + - Add ValidatorSubgroupRotated event ([#618](https://github.com/entropyxyz/entropy-core/pull/618)) - Public access mode ([#623](https://github.com/entropyxyz/entropy-core/pull/623)) - Emit events on TSS server errors ([#625](https://github.com/entropyxyz/entropy-core/pull/625)) -- Add direct query for a validator's subgroup ([#642](https://github.com/entropyxyz/entropy-core/pull/642)) +- Add direct query for a validator's + subgroup ([#642](https://github.com/entropyxyz/entropy-core/pull/642)) - Add version number to registered ([#658](https://github.com/entropyxyz/entropy-core/pull/658)) - Request limit check ([#660](https://github.com/entropyxyz/entropy-core/pull/660)) -- Add helper for checking if a validator is in the signing committee ([#678](https://github.com/entropyxyz/entropy-core/pull/678)) -- Note unresponsiveness reports in Slashing pallet ([#679](https://github.com/entropyxyz/entropy-core/pull/679)) -- Add device key program to initial chainstate ([#680](https://github.com/entropyxyz/entropy-core/pull/680)) +- Add helper for checking if a validator is in the signing + committee ([#678](https://github.com/entropyxyz/entropy-core/pull/678)) +- Note unresponsiveness reports in Slashing + pallet ([#679](https://github.com/entropyxyz/entropy-core/pull/679)) +- Add device key program to initial + chainstate ([#680](https://github.com/entropyxyz/entropy-core/pull/680)) - Add aux data to program info ([#681](https://github.com/entropyxyz/entropy-core/pull/681)) - Add HPKE implementation ([#674](https://github.com/entropyxyz/entropy-core/pull/674)) -- Add max instructions parameters onchain ([#703](https://github.com/entropyxyz/entropy-core/pull/703)) +- Add max instructions parameters + onchain ([#703](https://github.com/entropyxyz/entropy-core/pull/703)) ### Changed -- Test CLI - dont send hardcoded auxiliary data by default when signing ([#614](https://github.com/entropyxyz/entropy-core/pull/614)) + +- Test CLI - dont send hardcoded auxiliary data by default when + signing ([#614](https://github.com/entropyxyz/entropy-core/pull/614)) - Add proactive refresh keys on-chain ([#629](https://github.com/entropyxyz/entropy-core/pull/629)) -- Rename ProgramInfo.config_interface to interface_description ([#631](https://github.com/entropyxyz/entropy-core/pull/631)) -- Change test-cli default access mode and update readme for recent changes ([#643](https://github.com/entropyxyz/entropy-core/pull/643)) -- Add additional checks to TSS server's `/user/receive_key` endpoint ([#655](https://github.com/entropyxyz/entropy-core/pull/655)) -- Disallow using existing TSS account IDs in Staking pallet ([#657](https://github.com/entropyxyz/entropy-core/pull/657)) -- Clean ups around Staking Extension's `validate()` extrinsic ([#659](https://github.com/entropyxyz/entropy-core/pull/659)) -- Rename `pallet_relayer` to `pallet_registry` ([#661](https://github.com/entropyxyz/entropy-core/pull/661)) +- Rename ProgramInfo.config_interface to + interface_description ([#631](https://github.com/entropyxyz/entropy-core/pull/631)) +- Change test-cli default access mode and update readme for recent + changes ([#643](https://github.com/entropyxyz/entropy-core/pull/643)) +- Add additional checks to TSS server's `/user/receive_key` + endpoint ([#655](https://github.com/entropyxyz/entropy-core/pull/655)) +- Disallow using existing TSS account IDs in Staking + pallet ([#657](https://github.com/entropyxyz/entropy-core/pull/657)) +- Clean ups around Staking Extension's `validate()` + extrinsic ([#659](https://github.com/entropyxyz/entropy-core/pull/659)) +- Rename `pallet_relayer` to + `pallet_registry` ([#661](https://github.com/entropyxyz/entropy-core/pull/661)) - Remove permissioned access type ([#666](https://github.com/entropyxyz/entropy-core/pull/666)) - Use SessionID in shared randomness ([#676](https://github.com/entropyxyz/entropy-core/pull/676)) - Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF ### Removed + - Remove `pallet-free-tx` ([#662](https://github.com/entropyxyz/entropy-core/pull/662)) ## [0.0.10](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.9...release/v0.0.10) - 2024-01-24 @@ -278,6 +343,7 @@ signing step. We provide some common ones out of the box, but custom user-provid algorithms are also supported. ### Breaking Changes + - In [#561](https://github.com/entropyxyz/entropy-core/pull/561) several crates were renamed in order to ensure consistent naming across the repo. The most impactful of these is that the `server` binary is now the `entropy-tss` binary. From this it follows that the Docker images @@ -302,7 +368,8 @@ algorithms are also supported. - In [#566](https://github.com/entropyxyz/entropy-core/pull/566) the Wasm API to `entropy-protocol` was changed to use `camelCase` function names. - In [#563](https://github.com/entropyxyz/entropy-core/pull/563) the Wasm API to functions formerly - in the [`x25515chacha20poly1305` repository](https://github.com/entropyxyz/x25519-chacha20poly1305/) + in the [ + `x25515chacha20poly1305` repository](https://github.com/entropyxyz/x25519-chacha20poly1305/) was changed to use `camelCase` function names. - In [#568](https://github.com/entropyxyz/entropy-core/pull/568) the registration and program update interfaces were changes to accept a vector of program hashes. @@ -322,35 +389,47 @@ algorithms are also supported. this account. ### Added -- Test CLI which calls the same code as in integration tests ([#417](https://github.com/entropyxyz/entropy-core/pull/417)) + +- Test CLI which calls the same code as in integration + tests ([#417](https://github.com/entropyxyz/entropy-core/pull/417)) - Pointer for Programs ([#536](https://github.com/entropyxyz/entropy-core/pull/536/)) - Add password file option ([#555](https://github.com/entropyxyz/entropy-core/pull/555)) -- Include contents of x25515chacha20poly1305 repo in entropy-protocol ([#563](https://github.com/entropyxyz/entropy-core/pull/563)) +- Include contents of x25515chacha20poly1305 repo in + entropy-protocol ([#563](https://github.com/entropyxyz/entropy-core/pull/563)) - Custom Hashing Algorithms ([#553](https://github.com/entropyxyz/entropy-core/pull/553/)) - Add ref counter to programs ([#585](https://github.com/entropyxyz/entropy-core/pull/585/)) - Add `--setup-only` flag ([#588](https://github.com/entropyxyz/entropy-core/pull/588/)) -- Add --version flag and about field to TSS ([#590](https://github.com/entropyxyz/entropy-core/pull/590/)) +- Add --version flag and about field to + TSS ([#590](https://github.com/entropyxyz/entropy-core/pull/590/)) - Program config storage ([#593](https://github.com/entropyxyz/entropy-core/pull/593)) - Add a hashes endpoint ([#600](https://github.com/entropyxyz/entropy-core/pull/600)) - Public access mode ([#623](https://github.com/entropyxyz/entropy-core/pull/623)) ### Changed + - Crate name refactor ([#561](https://github.com/entropyxyz/entropy-core/pull/561)) -- Only run wasm integration tests when a feature is enabled ([#565](https://github.com/entropyxyz/entropy-core/pull/565)) +- Only run wasm integration tests when a feature is + enabled ([#565](https://github.com/entropyxyz/entropy-core/pull/565)) - Protocol sessions are now identified by a `SessionID` type rather than a `String` ([#549](https://github.com/entropyxyz/entropy-core/pull/549)) - Change bip39 implementation ([#562](https://github.com/entropyxyz/entropy-core/pull/562)) - Additive programs ([#568](https://github.com/entropyxyz/entropy-core/pull/568)) -- Additional `hash` field in `/sign_tx` JSON body indicates which hashing algorithm to use for signing ([#553](https://github.com/entropyxyz/entropy-core/pull/553)) +- Additional `hash` field in `/sign_tx` JSON body indicates which hashing algorithm to use for + signing ([#553](https://github.com/entropyxyz/entropy-core/pull/553)) - Additive aux data ([#577](https://github.com/entropyxyz/entropy-core/pull/577)) - Refactor Rust-based chain specs ([#592](https://github.com/entropyxyz/entropy-core/pull/592)) -- Fix test CLI for additive program pointers and update / refactor tests ([#591](https://github.com/entropyxyz/entropy-core/pull/591)) -- Change `program_modification_account` to `program_deploy_key` ([#604](https://github.com/entropyxyz/entropy-core/pull/604)) +- Fix test CLI for additive program pointers and update / refactor + tests ([#591](https://github.com/entropyxyz/entropy-core/pull/591)) +- Change `program_modification_account` to + `program_deploy_key` ([#604](https://github.com/entropyxyz/entropy-core/pull/604)) ### Fixed -- Fix inconsistency between interactive and file based passwords ([#589](https://github.com/entropyxyz/entropy-core/pull/589)) + +- Fix inconsistency between interactive and file based + passwords ([#589](https://github.com/entropyxyz/entropy-core/pull/589)) ### Removed + - Remove pallet-helpers ([#581](https://github.com/entropyxyz/entropy-core/pull/581/)) ## [0.0.9](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.8...release/v0.0.9) - 2023-11-30 @@ -373,30 +452,47 @@ visualization. `string`. ### Added -- Wasm bindings for user to participate in DKG and signing protocols ([#414](https://github.com/entropyxyz/entropy-core/pull/414/)) -- Auxiliary data for program evaluation ([#475](https://github.com/entropyxyz/entropy-core/pull/475/)) -- Add a keyshare type for wasm which wraps `synedrion::KeyShare` ([#512](https://github.com/entropyxyz/entropy-core/pull/512/)) + +- Wasm bindings for user to participate in DKG and signing + protocols ([#414](https://github.com/entropyxyz/entropy-core/pull/414/)) +- Auxiliary data for program + evaluation ([#475](https://github.com/entropyxyz/entropy-core/pull/475/)) +- Add a keyshare type for wasm which wraps + `synedrion::KeyShare` ([#512](https://github.com/entropyxyz/entropy-core/pull/512/)) - Add versioning to server ([#516](https://github.com/entropyxyz/entropy-core/pull/516/)) -- Cross-compile for `linux/arm64` and push multi-platform Docker images. ([#518](https://github.com/entropyxyz/entropy-core/pull/518/)) -- Allow logger to be configured from CLI ([#520](https://github.com/entropyxyz/entropy-core/pull/520/)) +- Cross-compile for `linux/arm64` and push multi-platform Docker + images. ([#518](https://github.com/entropyxyz/entropy-core/pull/518/)) +- Allow logger to be configured from + CLI ([#520](https://github.com/entropyxyz/entropy-core/pull/520/)) - Add `bunyan` JSON formatter ([#524](https://github.com/entropyxyz/entropy-core/pull/524/)) - Add Loki logging layer ([#528](https://github.com/entropyxyz/entropy-core/pull/528/)) ### Changed + - Validate proactive refresh endpoint ([#483](https://github.com/entropyxyz/entropy-core/pull/483/)) -- No proactive refresh on private key visibility ([#485](https://github.com/entropyxyz/entropy-core/pull/485/)) -- Use bincode rather than JSON for protocol and subscribe messages ([#492](https://github.com/entropyxyz/entropy-core/pull/492/)) +- No proactive refresh on private key + visibility ([#485](https://github.com/entropyxyz/entropy-core/pull/485/)) +- Use bincode rather than JSON for protocol and subscribe + messages ([#492](https://github.com/entropyxyz/entropy-core/pull/492/)) - Allow big protocol messages ([#495](https://github.com/entropyxyz/entropy-core/pull/495/)) -- Change `SocketAddr` type for `String` ([#496](https://github.com/entropyxyz/entropy-core/pull/496/)) +- Change `SocketAddr` type for + `String` ([#496](https://github.com/entropyxyz/entropy-core/pull/496/)) - Partition proactive refresh ([#504](https://github.com/entropyxyz/entropy-core/pull/504/)) -- Add `#[tracing::instrument]` macro to routes ([#515](https://github.com/entropyxyz/entropy-core/pull/515/)) -- Make `server` a library, and add integration test for testing protocol crate on wasm ([#517](https://github.com/entropyxyz/entropy-core/pull/517/)) -- Remove subxt-signer from server and entropy-protocol ([#526](https://github.com/entropyxyz/entropy-core/pull/526/)) -- `ec-runtime` now errors for zero-sized programs ([#529](https://github.com/entropyxyz/entropy-core/pull/529/)) -- `entropy-protocol` - polkadot-js compatible sr25519 key generation for wasm API ([#533](https://github.com/entropyxyz/entropy-core/pull/533/)) +- Add `#[tracing::instrument]` macro to + routes ([#515](https://github.com/entropyxyz/entropy-core/pull/515/)) +- Make `server` a library, and add integration test for testing protocol crate on + wasm ([#517](https://github.com/entropyxyz/entropy-core/pull/517/)) +- Remove subxt-signer from server and + entropy-protocol ([#526](https://github.com/entropyxyz/entropy-core/pull/526/)) +- `ec-runtime` now errors for zero-sized + programs ([#529](https://github.com/entropyxyz/entropy-core/pull/529/)) +- `entropy-protocol` - polkadot-js compatible sr25519 key generation for wasm + API ([#533](https://github.com/entropyxyz/entropy-core/pull/533/)) ### Fixed -- Return package version instead of rustc version ([#523](https://github.com/entropyxyz/entropy-core/pull/523/)) + +- Return package version instead of rustc + version ([#523](https://github.com/entropyxyz/entropy-core/pull/523/)) ## [0.0.8](https://github.com/entropyxyz/entropy-core/compare/v0.0.7...release/v0.0.8) - 2023-11-06 @@ -413,21 +509,28 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - The extrinsic arguments remain unchanged - The Constraint pallet's `ConstraintsV2Updated` event has been renamed to `ProgramUpdated` and now has two fields instead of a single tuple for its body -- The Constraint pallet's `V2ConstraintLengthExceeded` error has been renamed to `ProgramLengthExceeded` +- The Constraint pallet's `V2ConstraintLengthExceeded` error has been renamed to + `ProgramLengthExceeded` - The Relayer pallet's `register` extrinsic now takes a `Vec` as a program instead of an `Option` - The Constraints pallet has been renamed to the Programs pallet - The `entropy-constraints` crate has been removed ### Added -- Separate `entropy-protocol` crate with protocol execution logic ([#404](https://github.com/entropyxyz/entropy-core/pull/404)) + +- Separate `entropy-protocol` crate with protocol execution + logic ([#404](https://github.com/entropyxyz/entropy-core/pull/404)) - Proactive refresh ([#413](https://github.com/entropyxyz/entropy-core/pull/413)) -- Write a Dockerfile that can build both `entropy` and `server`. ([#430](https://github.com/entropyxyz/entropy-core/pull/430)) +- Write a Dockerfile that can build both `entropy` and + `server`. ([#430](https://github.com/entropyxyz/entropy-core/pull/430)) - Developer experience improvements: SSH auth from workstations, entirely local "devnet" functionality with Compose ([#434](https://github.com/entropyxyz/entropy-core/pull/434)) -- Allow local host pass for offchain url ([#443](https://github.com/entropyxyz/entropy-core/pull/443)) -- Add way for validators to resolve diff verifying keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) - - This introduces a new `FailedRegistration` event which might be of interest to consumers of this +- Allow local host pass for offchain + url ([#443](https://github.com/entropyxyz/entropy-core/pull/443)) +- Add way for validators to resolve diff verifying + keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) + - This introduces a new `FailedRegistration` event which might be of interest to consumers of + this pallet. - Add `prune_registration` extrinsic ([#472](https://github.com/entropyxyz/entropy-core/pull/472)) - Allows for accounts to be moved out of registering state (e.g if DKG fails). @@ -435,21 +538,34 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy this pallet. ### Changed -- Replace outdated `--ws-external` with `--rpc-external` ([#424](https://github.com/entropyxyz/entropy-core/pull/424)) -- Ensure correct validator order by using ValidatorInfo from chain rather than from user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) -- Place `demo_offence` dispatchable behind root origin check ([#426](https://github.com/entropyxyz/entropy-core/pull/426)) -- Update `pallet-relayer` to use Contraints V2 ([#433](https://github.com/entropyxyz/entropy-core/pull/433)) -- Rename `pallet-constraints` to `pallet-programs` ([#451](https://github.com/entropyxyz/entropy-core/pull/451)) -- Add way for validators to resolve diff verifying keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) + +- Replace outdated `--ws-external` with + `--rpc-external` ([#424](https://github.com/entropyxyz/entropy-core/pull/424)) +- Ensure correct validator order by using ValidatorInfo from chain rather than from + user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) +- Place `demo_offence` dispatchable behind root origin + check ([#426](https://github.com/entropyxyz/entropy-core/pull/426)) +- Update `pallet-relayer` to use Contraints + V2 ([#433](https://github.com/entropyxyz/entropy-core/pull/433)) +- Rename `pallet-constraints` to + `pallet-programs` ([#451](https://github.com/entropyxyz/entropy-core/pull/451)) +- Add way for validators to resolve diff verifying + keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) - Fix socket address type ([#469](https://github.com/entropyxyz/entropy-core/pull/469)) ### Removed -- Remove `is_swapping` from registration details ([#437](https://github.com/entropyxyz/entropy-core/pull/437)) -- Remove V1 constraints from `pallet_constraints` ([#428](https://github.com/entropyxyz/entropy-core/pull/428)) + +- Remove `is_swapping` from registration + details ([#437](https://github.com/entropyxyz/entropy-core/pull/437)) +- Remove V1 constraints from + `pallet_constraints` ([#428](https://github.com/entropyxyz/entropy-core/pull/428)) ### Fixed -- Ensure correct validator order by using ValidatorInfo from chain rather than from user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) -- Take a storage deposit for programs during registration ([#447](https://github.com/entropyxyz/entropy-core/pull/447)) + +- Ensure correct validator order by using ValidatorInfo from chain rather than from + user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) +- Take a storage deposit for programs during + registration ([#447](https://github.com/entropyxyz/entropy-core/pull/447)) ## [0.0.7](https://github.com/entropyxyz/entropy-core/compare/v0.0.6..v0.0.7) - 2023-09-22 @@ -457,25 +573,31 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy ### ⚙️ Miscellaneous Tasks -- User can participate in DKG (second try) ([#396](https://github.com/entropyxyz/entropy-core/pull/396)) +- User can participate in DKG (second + try) ([#396](https://github.com/entropyxyz/entropy-core/pull/396)) - User can participate in signing ([#379](https://github.com/entropyxyz/entropy-core/pull/379)) - Dkg ([#381](https://github.com/entropyxyz/entropy-core/pull/381)) -- Add noise handshake to websocket connections for signing protocol ([#371](https://github.com/entropyxyz/entropy-core/pull/371)) -- Working proof of concept for generated API docs automatically publishable to Vercel Project. ([#373](https://github.com/entropyxyz/entropy-core/pull/373)) -- Use websockets rather than server sent events for signing protocol messages ([#364](https://github.com/entropyxyz/entropy-core/pull/364)) +- Add noise handshake to websocket connections for signing + protocol ([#371](https://github.com/entropyxyz/entropy-core/pull/371)) +- Working proof of concept for generated API docs automatically publishable to Vercel + Project. ([#373](https://github.com/entropyxyz/entropy-core/pull/373)) +- Use websockets rather than server sent events for signing protocol + messages ([#364](https://github.com/entropyxyz/entropy-core/pull/364)) ## [0.0.5](https://github.com/entropyxyz/entropy-core/compare/v0.0.2-devnet..v0.0.5) - 2023-06-23 -### ⛰️ Features +### ⛰️ Features -- Feat: server deserializes and stores client tx reqs ([#291](https://github.com/entropyxyz/entropy-core/pull/291)) +- Feat: server deserializes and stores client tx + reqs ([#291](https://github.com/entropyxyz/entropy-core/pull/291)) ### 🐛 Bug Fixes - Fix toolchain version ([#344](https://github.com/entropyxyz/entropy-core/pull/344)) - Fix signing ([#306](https://github.com/entropyxyz/entropy-core/pull/306)) - Fix typos in readme ([#276](https://github.com/entropyxyz/entropy-core/pull/276)) -- Fix: fix sdk testing scripts to clean tss db ([#283](https://github.com/entropyxyz/entropy-core/pull/283)) +- Fix: fix sdk testing scripts to clean tss + db ([#283](https://github.com/entropyxyz/entropy-core/pull/283)) - Fix batch size error ([#259](https://github.com/entropyxyz/entropy-core/pull/259)) ### 🚜 Refactor @@ -483,18 +605,25 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - Refactor tests ([#320](https://github.com/entropyxyz/entropy-core/pull/320)) - Refactor tests ([#320](https://github.com/entropyxyz/entropy-core/pull/320)) - Refactor ([#290](https://github.com/entropyxyz/entropy-core/pull/290)) -- Refactor substrate-common to entropy-shared ([#272](https://github.com/entropyxyz/entropy-core/pull/272)) +- Refactor substrate-common to + entropy-shared ([#272](https://github.com/entropyxyz/entropy-core/pull/272)) ### ⚙️ Miscellaneous Tasks - Replace Rocket with Axum ([#358](https://github.com/entropyxyz/entropy-core/pull/358)) -- Add curl examples to documentation of user-facing http API endpoint ([#361](https://github.com/entropyxyz/entropy-core/pull/361)) -- Improve doc comments relating to HTTP endpoints ([#351](https://github.com/entropyxyz/entropy-core/pull/351)) -- Set the Rust toolchain explicitly for this project. ([#322](https://github.com/entropyxyz/entropy-core/pull/322)) -- `/user/tx` validates user's constraints ([#300](https://github.com/entropyxyz/entropy-core/pull/300)) -- `/user/tx` starts the signing process when user submits valid EVM Transaction Request ([#299](https://github.com/entropyxyz/entropy-core/pull/299)) +- Add curl examples to documentation of user-facing http API + endpoint ([#361](https://github.com/entropyxyz/entropy-core/pull/361)) +- Improve doc comments relating to HTTP + endpoints ([#351](https://github.com/entropyxyz/entropy-core/pull/351)) +- Set the Rust toolchain explicitly for this + project. ([#322](https://github.com/entropyxyz/entropy-core/pull/322)) +- `/user/tx` validates user's + constraints ([#300](https://github.com/entropyxyz/entropy-core/pull/300)) +- `/user/tx` starts the signing process when user submits valid EVM Transaction + Request ([#299](https://github.com/entropyxyz/entropy-core/pull/299)) - Validator key encryption ([#267](https://github.com/entropyxyz/entropy-core/pull/267)) -- Add function to rotate signing selectors ([#263](https://github.com/entropyxyz/entropy-core/pull/263)) +- Add function to rotate signing + selectors ([#263](https://github.com/entropyxyz/entropy-core/pull/263)) - Add more explicit expect errors ([#264](https://github.com/entropyxyz/entropy-core/pull/264)) ## [0.0.2-devnet](https://github.com/entropyxyz/entropy-core/compare/v0.0.1-devnet..v0.0.2-devnet) - 2022-12-16 @@ -507,35 +636,46 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - Add is syncing in ([#254](https://github.com/entropyxyz/entropy-core/pull/254)) - Sig error refactor ([#220](https://github.com/entropyxyz/entropy-core/pull/220)) -- Upgrade Substrate to follow Polkadot releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) +- Upgrade Substrate to follow Polkadot + releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) - Fix CI pipeline ([#223](https://github.com/entropyxyz/entropy-core/pull/223)) - Add scripts for running devnet ([#222](https://github.com/entropyxyz/entropy-core/pull/222)) - Fix CI pipeline ([#223](https://github.com/entropyxyz/entropy-core/pull/223)) -- Upgrade Substrate to follow Polkadot releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) +- Upgrade Substrate to follow Polkadot + releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) ## [0.0.1-devnet] - 2022-10-26 ### 🐛 Bug Fixes - Fix tests ([#170](https://github.com/entropyxyz/entropy-core/pull/170)) -- Fix: refactor substrate<>client types; fix master ([#155](https://github.com/entropyxyz/entropy-core/pull/155)) -- Fix: solve unknown media type warning ([#154](https://github.com/entropyxyz/entropy-core/pull/154)) +- Fix: refactor substrate<>client types; fix + master ([#155](https://github.com/entropyxyz/entropy-core/pull/155)) +- Fix: solve unknown media type + warning ([#154](https://github.com/entropyxyz/entropy-core/pull/154)) - Fix non deterministic tests ([#145](https://github.com/entropyxyz/entropy-core/pull/145)) - Fix benchmark builds ([#60](https://github.com/entropyxyz/entropy-core/pull/60)) ### ⚙️ Miscellaneous Tasks -- Free TX - council can update free tx per era, fixed benchmarks ([#177](https://github.com/entropyxyz/entropy-core/pull/177)) +- Free TX - council can update free tx per era, fixed + benchmarks ([#177](https://github.com/entropyxyz/entropy-core/pull/177)) - CI speedups ([#171](https://github.com/entropyxyz/entropy-core/pull/171)) -- Crypto-signing-client: spec rest of flow & remove unnec. common crate ([#166](https://github.com/entropyxyz/entropy-core/pull/166)) -* Fix master -- misc warnings and errors not caught in previous PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) -- Fix master -- misc warnings and errors not caught in previous PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) +- Crypto-signing-client: spec rest of flow & remove unnec. common + crate ([#166](https://github.com/entropyxyz/entropy-core/pull/166)) + +* Fix master -- misc warnings and errors not caught in previous + PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) + +- Fix master -- misc warnings and errors not caught in previous + PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) - Conditional ci ([#152](https://github.com/entropyxyz/entropy-core/pull/152)) - Crypto comm manager ([#153](https://github.com/entropyxyz/entropy-core/pull/153)) - fix non deterministic tests ([#145](https://github.com/entropyxyz/entropy-core/pull/145)) - Add CircleCI configuration ([#142](https://github.com/entropyxyz/entropy-core/pull/142)) - Add starter CircleCI configuration ([#141](https://github.com/entropyxyz/entropy-core/pull/141)) -- Clean up and DRY up CircleCI configuration ([#143](https://github.com/entropyxyz/entropy-core/pull/143)) +- Clean up and DRY up CircleCI + configuration ([#143](https://github.com/entropyxyz/entropy-core/pull/143)) - Fix CircleCI config ([#146](https://github.com/entropyxyz/entropy-core/pull/146)) - Add no_output_timeout: 45m ([#148](https://github.com/entropyxyz/entropy-core/pull/148)) - Fix syntax on timeout clause ([#149](https://github.com/entropyxyz/entropy-core/pull/149)) From 5a7ab4dbfd9c5ed116a5efffab8dc3f0e737f660 Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 16:23:51 -0500 Subject: [PATCH 30/31] Revert "Add `CHANGELOG` entry" This reverts commit fe7aadd6b01dcb839f3026ed5bdb57042a64f588. --- CHANGELOG.md | 352 ++++++++++++++++----------------------------------- 1 file changed, 106 insertions(+), 246 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4edc81bd7..be9f22026 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,37 +10,24 @@ At the moment this project **does not** adhere to ## [Unreleased](https://github.com/entropyxyz/entropy-core/compare/release/v0.3.0-rc.1...master) ### Breaking Changes - -- In [#1104](https://github.com/entropyxyz/entropy-core/pull/1104) the - `/validator/rotate_network_key` endpoint was renamed to `rotate_network_key` -- In [#1109](https://github.com/entropyxyz/entropy-core/pull/1109/), the `MaxPendingAttestations` - config type, the `ValidationQueue` storage +- In [#1104](https://github.com/entropyxyz/entropy-core/pull/1104) the `/validator/rotate_network_key` endpoint was renamed to `rotate_network_key` +- In [#1109](https://github.com/entropyxyz/entropy-core/pull/1109/), the `MaxPendingAttestations` config type, the `ValidationQueue` storage structure, and the `NodeInfoChanged` event were removed from the Staking Extension pallet. The `AttestationHandler` config type was added to the Staking Extension pallet. The `KeyProvider` and `AttestationQueue` config types were removed from the Attestation pallet. -- In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type - `PckCertChainVerifier` +- In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type `PckCertChainVerifier` was added to the staking extension pallet's `Config` trait. -- In [#1123](https://github.com/entropyxyz/entropy-core/pull/1123/) the `change_endpoint()` and - `change_threshold_accounts()` extrinsics got new TDX `quote` related parameters added. -- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the `--no-sync` option was - removed. +- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the ```no-sync``` option was removed ### Changed - -- Use correct key rotation endpoint in - OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104)) -- Change attestation flow to be pull - based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/)) +- Use correct key rotation endpoint in OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104)) +- Change attestation flow to be pull based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/)) - Handle PCK certificates ([#1068](https://github.com/entropyxyz/entropy-core/pull/1068)) -- Add quote guards to `ServerInfo` related - extrinsics ([#1123](https://github.com/entropyxyz/entropy-core/pull/1123/)) - Remove declare synced ([#1134](https://github.com/entropyxyz/entropy-core/pull/1134/)) ## [0.3.0-rc.1](https://github.com/entropyxyz/entropy-core/compare/release/v0.2.0...release/v0.3.0-rc.1) - 2024-10-04 ### Breaking Changes - - In [#799](https://github.com/entropyxyz/entropy-core/pull/799) the concept of subgroups was removed in favour of a single pool of signers. - In [#801](https://github.com/entropyxyz/entropy-core/pull/801) permissioned access mode was @@ -61,8 +48,7 @@ At the moment this project **does not** adhere to and `withdraw_unbonded` - In [#1045](https://github.com/entropyxyz/entropy-core/pull/1045), `ProgramsInfo` now takes `version_number` to maintain backwards compatibility if programs runtime is updated -- In [#1050](https://github.com/entropyxyz/entropy-core/pull/1050), the flow for signing has - changed. +- In [#1050](https://github.com/entropyxyz/entropy-core/pull/1050), the flow for signing has changed. A user now sends their request to any validator that is not a signer. This will act as a relayer. As such, `UserSignatureRequest` no longer requires the `validators_info` field since the the relayer adds that in after. The response received from the validator is now a `Vec` @@ -76,7 +62,6 @@ At the moment this project **does not** adhere to from the `devnet-local` chainspec and replaced with `Charlie`. ### Added - - Jumpstart network ([#918](https://github.com/entropyxyz/entropy-core/pull/918)) - Add Signer groups and rotation ([#938](https://github.com/entropyxyz/entropy-core/pull/938)) - Split jumpstart and register flows ([#952](https://github.com/entropyxyz/entropy-core/pull/952)) @@ -87,46 +72,33 @@ At the moment this project **does not** adhere to - Signing flow with derived accounts ([#990](https://github.com/entropyxyz/entropy-core/pull/990)) - TSS attestation endpoint ([#1001](https://github.com/entropyxyz/entropy-core/pull/1001)) - Attestation pallet ([#1003](https://github.com/entropyxyz/entropy-core/pull/1003)) -- Add `network-jumpstart` command to - `entropy-test-cli` ([#1004](https://github.com/entropyxyz/entropy-core/pull/1004)) -- Update test CLI for new registration and signing - flows ([#1008](https://github.com/entropyxyz/entropy-core/pull/1008)) -- Add remove program function to - entropy-client ([#1023](https://github.com/entropyxyz/entropy-core/pull/1023)) +- Add `network-jumpstart` command to `entropy-test-cli` ([#1004](https://github.com/entropyxyz/entropy-core/pull/1004)) +- Update test CLI for new registration and signing flows ([#1008](https://github.com/entropyxyz/entropy-core/pull/1008)) +- Add remove program function to entropy-client ([#1023](https://github.com/entropyxyz/entropy-core/pull/1023)) - Select validators for jumpstart DKG [#1053](https://github.com/entropyxyz/entropy-core/pull/1053)) - Add a programs version ([#1045](https://github.com/entropyxyz/entropy-core/pull/1045)) -- Handle Provisioning Certification Keys ( - PCKs) ([#1051](https://github.com/entropyxyz/entropy-core/pull/1051)) +- Handle Provisioning Certification Keys (PCKs) ([#1051](https://github.com/entropyxyz/entropy-core/pull/1051)) - Block tss chain when signer ([#1078](https://github.com/entropyxyz/entropy-core/pull/1078)) ### Changed - - Migrate to threshold signing ([#800](https://github.com/entropyxyz/entropy-core/pull/800)) - Use t of n signing in `entropy-tss` ([#879](https://github.com/entropyxyz/entropy-core/pull/879)) -- Fix TSS `AccountId` keys in - chainspec ([#993](https://github.com/entropyxyz/entropy-core/pull/993)) -- No unbonding when signer or next - signer ([#1031](https://github.com/entropyxyz/entropy-core/pull/1031)) +- Fix TSS `AccountId` keys in chainspec ([#993](https://github.com/entropyxyz/entropy-core/pull/993)) +- No unbonding when signer or next signer ([#1031](https://github.com/entropyxyz/entropy-core/pull/1031)) - Add relay tx endpoint ([#1050](https://github.com/entropyxyz/entropy-core/pull/1050)) -- Trigger attestation check during - validate ([#1063](https://github.com/entropyxyz/entropy-core/pull/1063)) -- Add fourth node to `devnet-local` - configuration ([#1086](https://github.com/entropyxyz/entropy-core/pull/1086)) +- Trigger attestation check during validate ([#1063](https://github.com/entropyxyz/entropy-core/pull/1063)) +- Add fourth node to `devnet-local` configuration ([#1086](https://github.com/entropyxyz/entropy-core/pull/1086)) ### Removed - - Remove subgroups ([#799](https://github.com/entropyxyz/entropy-core/pull/799)) - Remove permission from chain ([#801](https://github.com/entropyxyz/entropy-core/pull/801)) -- Remove `prune_registration` - extrinsic ([#1022](https://github.com/entropyxyz/entropy-core/pull/1022)) -- Remove `confirm_registered` - extrinsic ([#1025](https://github.com/entropyxyz/entropy-core/pull/1025)) +- Remove `prune_registration` extrinsic ([#1022](https://github.com/entropyxyz/entropy-core/pull/1022)) +- Remove `confirm_registered` extrinsic ([#1025](https://github.com/entropyxyz/entropy-core/pull/1025)) - Remove old registration flow ([#1030](https://github.com/entropyxyz/entropy-core/pull/1030)) ## [0.2.0](https://github.com/entropyxyz/entropy-core/compare/release/v0.1.0...release/v0.2.0) - 2024-07-11 ### Breaking Changes - - In [#853](https://github.com/entropyxyz/entropy-core/pull/853) the responsibility of generating a TSS mnemonic was shifted to operators, which can be done using the `--mnemonic` flag during process startup. This also allows operators to back up the mnemonic for their TSS. @@ -147,25 +119,17 @@ At the moment this project **does not** adhere to accounts (e.g development accounts like `//Alice`). ### Added - -- Add a way to change program modification - account ([#843](https://github.com/entropyxyz/entropy-core/pull/843)) -- Add support for `--mnemonic-file` and - `THRESHOLD_SERVER_MNEMONIC` ([#864](https://github.com/entropyxyz/entropy-core/pull/864)) +- Add a way to change program modification account ([#843](https://github.com/entropyxyz/entropy-core/pull/843)) +- Add support for `--mnemonic-file` and `THRESHOLD_SERVER_MNEMONIC` ([#864](https://github.com/entropyxyz/entropy-core/pull/864)) - Add validator helpers to cli ([#870](https://github.com/entropyxyz/entropy-core/pull/870)) -- Add `blake2` as built in hash function and make `HashingAlgorithm` - non-exhaustive ([#881](https://github.com/entropyxyz/entropy-core/pull/881)) -- Add sort to subgroup signer - selection ([#900](https://github.com/entropyxyz/entropy-core/pull/900)) -- Create four node Docker Compose - chainspec ([#902](https://github.com/entropyxyz/entropy-core/pull/902)) +- Add `blake2` as built in hash function and make `HashingAlgorithm` non-exhaustive ([#881](https://github.com/entropyxyz/entropy-core/pull/881)) +- Add sort to subgroup signer selection ([#900](https://github.com/entropyxyz/entropy-core/pull/900)) +- Create four node Docker Compose chainspec ([#902](https://github.com/entropyxyz/entropy-core/pull/902)) - Oracle data integration ([#922](https://github.com/entropyxyz/entropy-core/pull/922)) ### Changed - - Move TSS mnemonic out of keystore ([#853](https://github.com/entropyxyz/entropy-core/pull/853)) -- Prepare test CLI for use in Programs - repo ([#856](https://github.com/entropyxyz/entropy-core/pull/856)) +- Prepare test CLI for use in Programs repo ([#856](https://github.com/entropyxyz/entropy-core/pull/856)) - Replace timestamp with block number ([#866](https://github.com/entropyxyz/entropy-core/pull/866)) - Change currency units ([#901](https://github.com/entropyxyz/entropy-core/pull/901)) @@ -177,18 +141,12 @@ There aren't a lot of new features compared to the `v0.12.0` release. However, o is that crates related to the threshold server (`entropy-tss`) are now published on crates.io. ### Changed - -- Make full version of entropy-client possible to compile on - wasm ([#816](https://github.com/entropyxyz/entropy-core/pull/816)) -- Remove certain endowed accounts from - chain ([#819](https://github.com/entropyxyz/entropy-core/pull/819)) -- Updates for test-cli before publishing and to work nicely with - v0.0.12 ([#830](https://github.com/entropyxyz/entropy-core/pull/830)) +- Make full version of entropy-client possible to compile on wasm ([#816](https://github.com/entropyxyz/entropy-core/pull/816)) +- Remove certain endowed accounts from chain ([#819](https://github.com/entropyxyz/entropy-core/pull/819)) +- Updates for test-cli before publishing and to work nicely with v0.0.12 ([#830](https://github.com/entropyxyz/entropy-core/pull/830)) ### Fixed - -- Fix `Account Deserialization` error from verifying key - mismatch ([#831](https://github.com/entropyxyz/entropy-core/pull/831)) +- Fix `Account Deserialization` error from verifying key mismatch ([#831](https://github.com/entropyxyz/entropy-core/pull/831)) ## [0.0.12](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.11...release/v0.0.12) - 2024-05-02 @@ -198,8 +156,7 @@ is that crates related to the threshold server (`entropy-tss`) are now published `programs::set_program` extrinsic now takes an additional argument `oracle_data_pointer` of type `Vec` (`Uint8Array` on JS). Since oracles are not completely implemented this should be passed an empty vector/array. -- In [#762](https://github.com/entropyxyz/entropy-core/pull/762) 'Update Substrate to Polkadot - 1.7.0' +- In [#762](https://github.com/entropyxyz/entropy-core/pull/762) 'Update Substrate to Polkadot 1.7.0' the genesis chainspec builder has been updated for sc_service 0.36.0, which affects both the runtime and chainspec. - In [#709](https://github.com/entropyxyz/entropy-core/pull/709) 'Derive the threshold account @@ -214,30 +171,23 @@ is that crates related to the threshold server (`entropy-tss`) are now published the chainspec. ### Added - - Add testnet account JSON ([#769](https://github.com/entropyxyz/entropy-core/pull/769)) -- Make common crate for TSS and test - client ([#775](https://github.com/entropyxyz/entropy-core/pull/775)) +- Make common crate for TSS and test client ([#775](https://github.com/entropyxyz/entropy-core/pull/775)) ### Changed - -- Derive the threshold account keypair and x25519 keypair from mnemonic using - HKDF ([#709](https://github.com/entropyxyz/entropy-core/pull/709)) +- Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF ([#709](https://github.com/entropyxyz/entropy-core/pull/709)) - TSS servers sync by default ([#784](https://github.com/entropyxyz/entropy-core/pull/784)) -- Improve test-cli following removal of permissioned - mode ([#770](https://github.com/entropyxyz/entropy-core/pull/770)) +- Improve test-cli following removal of permissioned mode ([#770](https://github.com/entropyxyz/entropy-core/pull/770)) ## [0.0.11](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.10...release/v0.0.11) - 2024-04-XX ### Breaking Changes - - In [#623](https://github.com/entropyxyz/entropy-core/pull/623), 'Public Access Mode', the `UserSignatureRequest` given when requesting a signature with the 'sign_tx' http endpoint must now contain an additional field, `signature_request_account: AccountId32`. In private and permissioned modes, this must be identical to the account used to sign the `SignedMessage` containing the signature request. In public access mode this may be an Entropy account owned by someone else. -- In [#629](https://github.com/entropyxyz/entropy-core/pull/629), 'Add proactive refresh keys - on-chain', +- In [#629](https://github.com/entropyxyz/entropy-core/pull/629), 'Add proactive refresh keys on-chain', the `StakingExtensionConfig::proactive_refresh_validators` field used by the chain spec is now `StakingExtensionConfig::proactive_refresh_data` and takes a tuple of `Vec`. Both should be empty at genesis for production. @@ -279,48 +229,33 @@ is that crates related to the threshold server (`entropy-tss`) are now published the Parameters pallet was added, `max_instructions_per_program`. ### Added - - Add ValidatorSubgroupRotated event ([#618](https://github.com/entropyxyz/entropy-core/pull/618)) - Public access mode ([#623](https://github.com/entropyxyz/entropy-core/pull/623)) - Emit events on TSS server errors ([#625](https://github.com/entropyxyz/entropy-core/pull/625)) -- Add direct query for a validator's - subgroup ([#642](https://github.com/entropyxyz/entropy-core/pull/642)) +- Add direct query for a validator's subgroup ([#642](https://github.com/entropyxyz/entropy-core/pull/642)) - Add version number to registered ([#658](https://github.com/entropyxyz/entropy-core/pull/658)) - Request limit check ([#660](https://github.com/entropyxyz/entropy-core/pull/660)) -- Add helper for checking if a validator is in the signing - committee ([#678](https://github.com/entropyxyz/entropy-core/pull/678)) -- Note unresponsiveness reports in Slashing - pallet ([#679](https://github.com/entropyxyz/entropy-core/pull/679)) -- Add device key program to initial - chainstate ([#680](https://github.com/entropyxyz/entropy-core/pull/680)) +- Add helper for checking if a validator is in the signing committee ([#678](https://github.com/entropyxyz/entropy-core/pull/678)) +- Note unresponsiveness reports in Slashing pallet ([#679](https://github.com/entropyxyz/entropy-core/pull/679)) +- Add device key program to initial chainstate ([#680](https://github.com/entropyxyz/entropy-core/pull/680)) - Add aux data to program info ([#681](https://github.com/entropyxyz/entropy-core/pull/681)) - Add HPKE implementation ([#674](https://github.com/entropyxyz/entropy-core/pull/674)) -- Add max instructions parameters - onchain ([#703](https://github.com/entropyxyz/entropy-core/pull/703)) +- Add max instructions parameters onchain ([#703](https://github.com/entropyxyz/entropy-core/pull/703)) ### Changed - -- Test CLI - dont send hardcoded auxiliary data by default when - signing ([#614](https://github.com/entropyxyz/entropy-core/pull/614)) +- Test CLI - dont send hardcoded auxiliary data by default when signing ([#614](https://github.com/entropyxyz/entropy-core/pull/614)) - Add proactive refresh keys on-chain ([#629](https://github.com/entropyxyz/entropy-core/pull/629)) -- Rename ProgramInfo.config_interface to - interface_description ([#631](https://github.com/entropyxyz/entropy-core/pull/631)) -- Change test-cli default access mode and update readme for recent - changes ([#643](https://github.com/entropyxyz/entropy-core/pull/643)) -- Add additional checks to TSS server's `/user/receive_key` - endpoint ([#655](https://github.com/entropyxyz/entropy-core/pull/655)) -- Disallow using existing TSS account IDs in Staking - pallet ([#657](https://github.com/entropyxyz/entropy-core/pull/657)) -- Clean ups around Staking Extension's `validate()` - extrinsic ([#659](https://github.com/entropyxyz/entropy-core/pull/659)) -- Rename `pallet_relayer` to - `pallet_registry` ([#661](https://github.com/entropyxyz/entropy-core/pull/661)) +- Rename ProgramInfo.config_interface to interface_description ([#631](https://github.com/entropyxyz/entropy-core/pull/631)) +- Change test-cli default access mode and update readme for recent changes ([#643](https://github.com/entropyxyz/entropy-core/pull/643)) +- Add additional checks to TSS server's `/user/receive_key` endpoint ([#655](https://github.com/entropyxyz/entropy-core/pull/655)) +- Disallow using existing TSS account IDs in Staking pallet ([#657](https://github.com/entropyxyz/entropy-core/pull/657)) +- Clean ups around Staking Extension's `validate()` extrinsic ([#659](https://github.com/entropyxyz/entropy-core/pull/659)) +- Rename `pallet_relayer` to `pallet_registry` ([#661](https://github.com/entropyxyz/entropy-core/pull/661)) - Remove permissioned access type ([#666](https://github.com/entropyxyz/entropy-core/pull/666)) - Use SessionID in shared randomness ([#676](https://github.com/entropyxyz/entropy-core/pull/676)) - Derive the threshold account keypair and x25519 keypair from mnemonic using HKDF ### Removed - - Remove `pallet-free-tx` ([#662](https://github.com/entropyxyz/entropy-core/pull/662)) ## [0.0.10](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.9...release/v0.0.10) - 2024-01-24 @@ -343,7 +278,6 @@ signing step. We provide some common ones out of the box, but custom user-provid algorithms are also supported. ### Breaking Changes - - In [#561](https://github.com/entropyxyz/entropy-core/pull/561) several crates were renamed in order to ensure consistent naming across the repo. The most impactful of these is that the `server` binary is now the `entropy-tss` binary. From this it follows that the Docker images @@ -368,8 +302,7 @@ algorithms are also supported. - In [#566](https://github.com/entropyxyz/entropy-core/pull/566) the Wasm API to `entropy-protocol` was changed to use `camelCase` function names. - In [#563](https://github.com/entropyxyz/entropy-core/pull/563) the Wasm API to functions formerly - in the [ - `x25515chacha20poly1305` repository](https://github.com/entropyxyz/x25519-chacha20poly1305/) + in the [`x25515chacha20poly1305` repository](https://github.com/entropyxyz/x25519-chacha20poly1305/) was changed to use `camelCase` function names. - In [#568](https://github.com/entropyxyz/entropy-core/pull/568) the registration and program update interfaces were changes to accept a vector of program hashes. @@ -389,47 +322,35 @@ algorithms are also supported. this account. ### Added - -- Test CLI which calls the same code as in integration - tests ([#417](https://github.com/entropyxyz/entropy-core/pull/417)) +- Test CLI which calls the same code as in integration tests ([#417](https://github.com/entropyxyz/entropy-core/pull/417)) - Pointer for Programs ([#536](https://github.com/entropyxyz/entropy-core/pull/536/)) - Add password file option ([#555](https://github.com/entropyxyz/entropy-core/pull/555)) -- Include contents of x25515chacha20poly1305 repo in - entropy-protocol ([#563](https://github.com/entropyxyz/entropy-core/pull/563)) +- Include contents of x25515chacha20poly1305 repo in entropy-protocol ([#563](https://github.com/entropyxyz/entropy-core/pull/563)) - Custom Hashing Algorithms ([#553](https://github.com/entropyxyz/entropy-core/pull/553/)) - Add ref counter to programs ([#585](https://github.com/entropyxyz/entropy-core/pull/585/)) - Add `--setup-only` flag ([#588](https://github.com/entropyxyz/entropy-core/pull/588/)) -- Add --version flag and about field to - TSS ([#590](https://github.com/entropyxyz/entropy-core/pull/590/)) +- Add --version flag and about field to TSS ([#590](https://github.com/entropyxyz/entropy-core/pull/590/)) - Program config storage ([#593](https://github.com/entropyxyz/entropy-core/pull/593)) - Add a hashes endpoint ([#600](https://github.com/entropyxyz/entropy-core/pull/600)) - Public access mode ([#623](https://github.com/entropyxyz/entropy-core/pull/623)) ### Changed - - Crate name refactor ([#561](https://github.com/entropyxyz/entropy-core/pull/561)) -- Only run wasm integration tests when a feature is - enabled ([#565](https://github.com/entropyxyz/entropy-core/pull/565)) +- Only run wasm integration tests when a feature is enabled ([#565](https://github.com/entropyxyz/entropy-core/pull/565)) - Protocol sessions are now identified by a `SessionID` type rather than a `String` ([#549](https://github.com/entropyxyz/entropy-core/pull/549)) - Change bip39 implementation ([#562](https://github.com/entropyxyz/entropy-core/pull/562)) - Additive programs ([#568](https://github.com/entropyxyz/entropy-core/pull/568)) -- Additional `hash` field in `/sign_tx` JSON body indicates which hashing algorithm to use for - signing ([#553](https://github.com/entropyxyz/entropy-core/pull/553)) +- Additional `hash` field in `/sign_tx` JSON body indicates which hashing algorithm to use for signing ([#553](https://github.com/entropyxyz/entropy-core/pull/553)) - Additive aux data ([#577](https://github.com/entropyxyz/entropy-core/pull/577)) - Refactor Rust-based chain specs ([#592](https://github.com/entropyxyz/entropy-core/pull/592)) -- Fix test CLI for additive program pointers and update / refactor - tests ([#591](https://github.com/entropyxyz/entropy-core/pull/591)) -- Change `program_modification_account` to - `program_deploy_key` ([#604](https://github.com/entropyxyz/entropy-core/pull/604)) +- Fix test CLI for additive program pointers and update / refactor tests ([#591](https://github.com/entropyxyz/entropy-core/pull/591)) +- Change `program_modification_account` to `program_deploy_key` ([#604](https://github.com/entropyxyz/entropy-core/pull/604)) ### Fixed - -- Fix inconsistency between interactive and file based - passwords ([#589](https://github.com/entropyxyz/entropy-core/pull/589)) +- Fix inconsistency between interactive and file based passwords ([#589](https://github.com/entropyxyz/entropy-core/pull/589)) ### Removed - - Remove pallet-helpers ([#581](https://github.com/entropyxyz/entropy-core/pull/581/)) ## [0.0.9](https://github.com/entropyxyz/entropy-core/compare/release/v0.0.8...release/v0.0.9) - 2023-11-30 @@ -452,47 +373,30 @@ visualization. `string`. ### Added - -- Wasm bindings for user to participate in DKG and signing - protocols ([#414](https://github.com/entropyxyz/entropy-core/pull/414/)) -- Auxiliary data for program - evaluation ([#475](https://github.com/entropyxyz/entropy-core/pull/475/)) -- Add a keyshare type for wasm which wraps - `synedrion::KeyShare` ([#512](https://github.com/entropyxyz/entropy-core/pull/512/)) +- Wasm bindings for user to participate in DKG and signing protocols ([#414](https://github.com/entropyxyz/entropy-core/pull/414/)) +- Auxiliary data for program evaluation ([#475](https://github.com/entropyxyz/entropy-core/pull/475/)) +- Add a keyshare type for wasm which wraps `synedrion::KeyShare` ([#512](https://github.com/entropyxyz/entropy-core/pull/512/)) - Add versioning to server ([#516](https://github.com/entropyxyz/entropy-core/pull/516/)) -- Cross-compile for `linux/arm64` and push multi-platform Docker - images. ([#518](https://github.com/entropyxyz/entropy-core/pull/518/)) -- Allow logger to be configured from - CLI ([#520](https://github.com/entropyxyz/entropy-core/pull/520/)) +- Cross-compile for `linux/arm64` and push multi-platform Docker images. ([#518](https://github.com/entropyxyz/entropy-core/pull/518/)) +- Allow logger to be configured from CLI ([#520](https://github.com/entropyxyz/entropy-core/pull/520/)) - Add `bunyan` JSON formatter ([#524](https://github.com/entropyxyz/entropy-core/pull/524/)) - Add Loki logging layer ([#528](https://github.com/entropyxyz/entropy-core/pull/528/)) ### Changed - - Validate proactive refresh endpoint ([#483](https://github.com/entropyxyz/entropy-core/pull/483/)) -- No proactive refresh on private key - visibility ([#485](https://github.com/entropyxyz/entropy-core/pull/485/)) -- Use bincode rather than JSON for protocol and subscribe - messages ([#492](https://github.com/entropyxyz/entropy-core/pull/492/)) +- No proactive refresh on private key visibility ([#485](https://github.com/entropyxyz/entropy-core/pull/485/)) +- Use bincode rather than JSON for protocol and subscribe messages ([#492](https://github.com/entropyxyz/entropy-core/pull/492/)) - Allow big protocol messages ([#495](https://github.com/entropyxyz/entropy-core/pull/495/)) -- Change `SocketAddr` type for - `String` ([#496](https://github.com/entropyxyz/entropy-core/pull/496/)) +- Change `SocketAddr` type for `String` ([#496](https://github.com/entropyxyz/entropy-core/pull/496/)) - Partition proactive refresh ([#504](https://github.com/entropyxyz/entropy-core/pull/504/)) -- Add `#[tracing::instrument]` macro to - routes ([#515](https://github.com/entropyxyz/entropy-core/pull/515/)) -- Make `server` a library, and add integration test for testing protocol crate on - wasm ([#517](https://github.com/entropyxyz/entropy-core/pull/517/)) -- Remove subxt-signer from server and - entropy-protocol ([#526](https://github.com/entropyxyz/entropy-core/pull/526/)) -- `ec-runtime` now errors for zero-sized - programs ([#529](https://github.com/entropyxyz/entropy-core/pull/529/)) -- `entropy-protocol` - polkadot-js compatible sr25519 key generation for wasm - API ([#533](https://github.com/entropyxyz/entropy-core/pull/533/)) +- Add `#[tracing::instrument]` macro to routes ([#515](https://github.com/entropyxyz/entropy-core/pull/515/)) +- Make `server` a library, and add integration test for testing protocol crate on wasm ([#517](https://github.com/entropyxyz/entropy-core/pull/517/)) +- Remove subxt-signer from server and entropy-protocol ([#526](https://github.com/entropyxyz/entropy-core/pull/526/)) +- `ec-runtime` now errors for zero-sized programs ([#529](https://github.com/entropyxyz/entropy-core/pull/529/)) +- `entropy-protocol` - polkadot-js compatible sr25519 key generation for wasm API ([#533](https://github.com/entropyxyz/entropy-core/pull/533/)) ### Fixed - -- Return package version instead of rustc - version ([#523](https://github.com/entropyxyz/entropy-core/pull/523/)) +- Return package version instead of rustc version ([#523](https://github.com/entropyxyz/entropy-core/pull/523/)) ## [0.0.8](https://github.com/entropyxyz/entropy-core/compare/v0.0.7...release/v0.0.8) - 2023-11-06 @@ -509,28 +413,21 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - The extrinsic arguments remain unchanged - The Constraint pallet's `ConstraintsV2Updated` event has been renamed to `ProgramUpdated` and now has two fields instead of a single tuple for its body -- The Constraint pallet's `V2ConstraintLengthExceeded` error has been renamed to - `ProgramLengthExceeded` +- The Constraint pallet's `V2ConstraintLengthExceeded` error has been renamed to `ProgramLengthExceeded` - The Relayer pallet's `register` extrinsic now takes a `Vec` as a program instead of an `Option` - The Constraints pallet has been renamed to the Programs pallet - The `entropy-constraints` crate has been removed ### Added - -- Separate `entropy-protocol` crate with protocol execution - logic ([#404](https://github.com/entropyxyz/entropy-core/pull/404)) +- Separate `entropy-protocol` crate with protocol execution logic ([#404](https://github.com/entropyxyz/entropy-core/pull/404)) - Proactive refresh ([#413](https://github.com/entropyxyz/entropy-core/pull/413)) -- Write a Dockerfile that can build both `entropy` and - `server`. ([#430](https://github.com/entropyxyz/entropy-core/pull/430)) +- Write a Dockerfile that can build both `entropy` and `server`. ([#430](https://github.com/entropyxyz/entropy-core/pull/430)) - Developer experience improvements: SSH auth from workstations, entirely local "devnet" functionality with Compose ([#434](https://github.com/entropyxyz/entropy-core/pull/434)) -- Allow local host pass for offchain - url ([#443](https://github.com/entropyxyz/entropy-core/pull/443)) -- Add way for validators to resolve diff verifying - keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) - - This introduces a new `FailedRegistration` event which might be of interest to consumers of - this +- Allow local host pass for offchain url ([#443](https://github.com/entropyxyz/entropy-core/pull/443)) +- Add way for validators to resolve diff verifying keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) + - This introduces a new `FailedRegistration` event which might be of interest to consumers of this pallet. - Add `prune_registration` extrinsic ([#472](https://github.com/entropyxyz/entropy-core/pull/472)) - Allows for accounts to be moved out of registering state (e.g if DKG fails). @@ -538,34 +435,21 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy this pallet. ### Changed - -- Replace outdated `--ws-external` with - `--rpc-external` ([#424](https://github.com/entropyxyz/entropy-core/pull/424)) -- Ensure correct validator order by using ValidatorInfo from chain rather than from - user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) -- Place `demo_offence` dispatchable behind root origin - check ([#426](https://github.com/entropyxyz/entropy-core/pull/426)) -- Update `pallet-relayer` to use Contraints - V2 ([#433](https://github.com/entropyxyz/entropy-core/pull/433)) -- Rename `pallet-constraints` to - `pallet-programs` ([#451](https://github.com/entropyxyz/entropy-core/pull/451)) -- Add way for validators to resolve diff verifying - keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) +- Replace outdated `--ws-external` with `--rpc-external` ([#424](https://github.com/entropyxyz/entropy-core/pull/424)) +- Ensure correct validator order by using ValidatorInfo from chain rather than from user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) +- Place `demo_offence` dispatchable behind root origin check ([#426](https://github.com/entropyxyz/entropy-core/pull/426)) +- Update `pallet-relayer` to use Contraints V2 ([#433](https://github.com/entropyxyz/entropy-core/pull/433)) +- Rename `pallet-constraints` to `pallet-programs` ([#451](https://github.com/entropyxyz/entropy-core/pull/451)) +- Add way for validators to resolve diff verifying keys ([#460](https://github.com/entropyxyz/entropy-core/pull/460)) - Fix socket address type ([#469](https://github.com/entropyxyz/entropy-core/pull/469)) ### Removed - -- Remove `is_swapping` from registration - details ([#437](https://github.com/entropyxyz/entropy-core/pull/437)) -- Remove V1 constraints from - `pallet_constraints` ([#428](https://github.com/entropyxyz/entropy-core/pull/428)) +- Remove `is_swapping` from registration details ([#437](https://github.com/entropyxyz/entropy-core/pull/437)) +- Remove V1 constraints from `pallet_constraints` ([#428](https://github.com/entropyxyz/entropy-core/pull/428)) ### Fixed - -- Ensure correct validator order by using ValidatorInfo from chain rather than from - user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) -- Take a storage deposit for programs during - registration ([#447](https://github.com/entropyxyz/entropy-core/pull/447)) +- Ensure correct validator order by using ValidatorInfo from chain rather than from user ([#425](https://github.com/entropyxyz/entropy-core/pull/425)) +- Take a storage deposit for programs during registration ([#447](https://github.com/entropyxyz/entropy-core/pull/447)) ## [0.0.7](https://github.com/entropyxyz/entropy-core/compare/v0.0.6..v0.0.7) - 2023-09-22 @@ -573,31 +457,25 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy ### ⚙️ Miscellaneous Tasks -- User can participate in DKG (second - try) ([#396](https://github.com/entropyxyz/entropy-core/pull/396)) +- User can participate in DKG (second try) ([#396](https://github.com/entropyxyz/entropy-core/pull/396)) - User can participate in signing ([#379](https://github.com/entropyxyz/entropy-core/pull/379)) - Dkg ([#381](https://github.com/entropyxyz/entropy-core/pull/381)) -- Add noise handshake to websocket connections for signing - protocol ([#371](https://github.com/entropyxyz/entropy-core/pull/371)) -- Working proof of concept for generated API docs automatically publishable to Vercel - Project. ([#373](https://github.com/entropyxyz/entropy-core/pull/373)) -- Use websockets rather than server sent events for signing protocol - messages ([#364](https://github.com/entropyxyz/entropy-core/pull/364)) +- Add noise handshake to websocket connections for signing protocol ([#371](https://github.com/entropyxyz/entropy-core/pull/371)) +- Working proof of concept for generated API docs automatically publishable to Vercel Project. ([#373](https://github.com/entropyxyz/entropy-core/pull/373)) +- Use websockets rather than server sent events for signing protocol messages ([#364](https://github.com/entropyxyz/entropy-core/pull/364)) ## [0.0.5](https://github.com/entropyxyz/entropy-core/compare/v0.0.2-devnet..v0.0.5) - 2023-06-23 -### ⛰️ Features +### ⛰️ Features -- Feat: server deserializes and stores client tx - reqs ([#291](https://github.com/entropyxyz/entropy-core/pull/291)) +- Feat: server deserializes and stores client tx reqs ([#291](https://github.com/entropyxyz/entropy-core/pull/291)) ### 🐛 Bug Fixes - Fix toolchain version ([#344](https://github.com/entropyxyz/entropy-core/pull/344)) - Fix signing ([#306](https://github.com/entropyxyz/entropy-core/pull/306)) - Fix typos in readme ([#276](https://github.com/entropyxyz/entropy-core/pull/276)) -- Fix: fix sdk testing scripts to clean tss - db ([#283](https://github.com/entropyxyz/entropy-core/pull/283)) +- Fix: fix sdk testing scripts to clean tss db ([#283](https://github.com/entropyxyz/entropy-core/pull/283)) - Fix batch size error ([#259](https://github.com/entropyxyz/entropy-core/pull/259)) ### 🚜 Refactor @@ -605,25 +483,18 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - Refactor tests ([#320](https://github.com/entropyxyz/entropy-core/pull/320)) - Refactor tests ([#320](https://github.com/entropyxyz/entropy-core/pull/320)) - Refactor ([#290](https://github.com/entropyxyz/entropy-core/pull/290)) -- Refactor substrate-common to - entropy-shared ([#272](https://github.com/entropyxyz/entropy-core/pull/272)) +- Refactor substrate-common to entropy-shared ([#272](https://github.com/entropyxyz/entropy-core/pull/272)) ### ⚙️ Miscellaneous Tasks - Replace Rocket with Axum ([#358](https://github.com/entropyxyz/entropy-core/pull/358)) -- Add curl examples to documentation of user-facing http API - endpoint ([#361](https://github.com/entropyxyz/entropy-core/pull/361)) -- Improve doc comments relating to HTTP - endpoints ([#351](https://github.com/entropyxyz/entropy-core/pull/351)) -- Set the Rust toolchain explicitly for this - project. ([#322](https://github.com/entropyxyz/entropy-core/pull/322)) -- `/user/tx` validates user's - constraints ([#300](https://github.com/entropyxyz/entropy-core/pull/300)) -- `/user/tx` starts the signing process when user submits valid EVM Transaction - Request ([#299](https://github.com/entropyxyz/entropy-core/pull/299)) +- Add curl examples to documentation of user-facing http API endpoint ([#361](https://github.com/entropyxyz/entropy-core/pull/361)) +- Improve doc comments relating to HTTP endpoints ([#351](https://github.com/entropyxyz/entropy-core/pull/351)) +- Set the Rust toolchain explicitly for this project. ([#322](https://github.com/entropyxyz/entropy-core/pull/322)) +- `/user/tx` validates user's constraints ([#300](https://github.com/entropyxyz/entropy-core/pull/300)) +- `/user/tx` starts the signing process when user submits valid EVM Transaction Request ([#299](https://github.com/entropyxyz/entropy-core/pull/299)) - Validator key encryption ([#267](https://github.com/entropyxyz/entropy-core/pull/267)) -- Add function to rotate signing - selectors ([#263](https://github.com/entropyxyz/entropy-core/pull/263)) +- Add function to rotate signing selectors ([#263](https://github.com/entropyxyz/entropy-core/pull/263)) - Add more explicit expect errors ([#264](https://github.com/entropyxyz/entropy-core/pull/264)) ## [0.0.2-devnet](https://github.com/entropyxyz/entropy-core/compare/v0.0.1-devnet..v0.0.2-devnet) - 2022-12-16 @@ -636,46 +507,35 @@ Some notables changes introduced in [#428](https://github.com/entropyxyz/entropy - Add is syncing in ([#254](https://github.com/entropyxyz/entropy-core/pull/254)) - Sig error refactor ([#220](https://github.com/entropyxyz/entropy-core/pull/220)) -- Upgrade Substrate to follow Polkadot - releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) +- Upgrade Substrate to follow Polkadot releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) - Fix CI pipeline ([#223](https://github.com/entropyxyz/entropy-core/pull/223)) - Add scripts for running devnet ([#222](https://github.com/entropyxyz/entropy-core/pull/222)) - Fix CI pipeline ([#223](https://github.com/entropyxyz/entropy-core/pull/223)) -- Upgrade Substrate to follow Polkadot - releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) +- Upgrade Substrate to follow Polkadot releases ([#207](https://github.com/entropyxyz/entropy-core/pull/207)) ## [0.0.1-devnet] - 2022-10-26 ### 🐛 Bug Fixes - Fix tests ([#170](https://github.com/entropyxyz/entropy-core/pull/170)) -- Fix: refactor substrate<>client types; fix - master ([#155](https://github.com/entropyxyz/entropy-core/pull/155)) -- Fix: solve unknown media type - warning ([#154](https://github.com/entropyxyz/entropy-core/pull/154)) +- Fix: refactor substrate<>client types; fix master ([#155](https://github.com/entropyxyz/entropy-core/pull/155)) +- Fix: solve unknown media type warning ([#154](https://github.com/entropyxyz/entropy-core/pull/154)) - Fix non deterministic tests ([#145](https://github.com/entropyxyz/entropy-core/pull/145)) - Fix benchmark builds ([#60](https://github.com/entropyxyz/entropy-core/pull/60)) ### ⚙️ Miscellaneous Tasks -- Free TX - council can update free tx per era, fixed - benchmarks ([#177](https://github.com/entropyxyz/entropy-core/pull/177)) +- Free TX - council can update free tx per era, fixed benchmarks ([#177](https://github.com/entropyxyz/entropy-core/pull/177)) - CI speedups ([#171](https://github.com/entropyxyz/entropy-core/pull/171)) -- Crypto-signing-client: spec rest of flow & remove unnec. common - crate ([#166](https://github.com/entropyxyz/entropy-core/pull/166)) - -* Fix master -- misc warnings and errors not caught in previous - PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) - -- Fix master -- misc warnings and errors not caught in previous - PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) +- Crypto-signing-client: spec rest of flow & remove unnec. common crate ([#166](https://github.com/entropyxyz/entropy-core/pull/166)) +* Fix master -- misc warnings and errors not caught in previous PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) +- Fix master -- misc warnings and errors not caught in previous PR's ([#164](https://github.com/entropyxyz/entropy-core/pull/164)) - Conditional ci ([#152](https://github.com/entropyxyz/entropy-core/pull/152)) - Crypto comm manager ([#153](https://github.com/entropyxyz/entropy-core/pull/153)) - fix non deterministic tests ([#145](https://github.com/entropyxyz/entropy-core/pull/145)) - Add CircleCI configuration ([#142](https://github.com/entropyxyz/entropy-core/pull/142)) - Add starter CircleCI configuration ([#141](https://github.com/entropyxyz/entropy-core/pull/141)) -- Clean up and DRY up CircleCI - configuration ([#143](https://github.com/entropyxyz/entropy-core/pull/143)) +- Clean up and DRY up CircleCI configuration ([#143](https://github.com/entropyxyz/entropy-core/pull/143)) - Fix CircleCI config ([#146](https://github.com/entropyxyz/entropy-core/pull/146)) - Add no_output_timeout: 45m ([#148](https://github.com/entropyxyz/entropy-core/pull/148)) - Fix syntax on timeout clause ([#149](https://github.com/entropyxyz/entropy-core/pull/149)) From dd695c9c3b8d283acf06284d5b8997afc15f8b5b Mon Sep 17 00:00:00 2001 From: Hernando Castano Date: Mon, 4 Nov 2024 16:25:47 -0500 Subject: [PATCH 31/31] Updated `CHANGELOG` without formatting --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index be9f22026..747857b96 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -17,12 +17,16 @@ At the moment this project **does not** adhere to `AttestationQueue` config types were removed from the Attestation pallet. - In [#1068](https://github.com/entropyxyz/entropy-core/pull/1068) an extra type `PckCertChainVerifier` was added to the staking extension pallet's `Config` trait. -- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the ```no-sync``` option was removed +- In [#1123](https://github.com/entropyxyz/entropy-core/pull/1123/) the `change_endpoint()` and + `change_threshold_accounts()` extrinsics got new TDX `quote` related parameters added. +- In [#1134](https://github.com/entropyxyz/entropy-core/pull/1134/) the `--no-sync` option was + removed. ### Changed - Use correct key rotation endpoint in OCW ([#1104](https://github.com/entropyxyz/entropy-core/pull/1104)) - Change attestation flow to be pull based ([#1109](https://github.com/entropyxyz/entropy-core/pull/1109/)) - Handle PCK certificates ([#1068](https://github.com/entropyxyz/entropy-core/pull/1068)) +- Add quote guards to `ServerInfo` related extrinsics ([#1123](https://github.com/entropyxyz/entropy-core/pull/1123/)) - Remove declare synced ([#1134](https://github.com/entropyxyz/entropy-core/pull/1134/)) ## [0.3.0-rc.1](https://github.com/entropyxyz/entropy-core/compare/release/v0.2.0...release/v0.3.0-rc.1) - 2024-10-04