From 881d68cc53a9b35c9cd3c21446ee13c20c614b31 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Fri, 15 Nov 2024 15:51:27 +0000 Subject: [PATCH 1/7] ic00 --- .../src/canister_manager.rs | 3 + .../src/execution_environment.rs | 19 +++ .../src/execution_environment/tests.rs | 107 +++++++++++++++- .../src/execution_environment_metrics.rs | 3 + .../src/ic00_permissions.rs | 15 +++ rs/execution_environment/src/scheduler.rs | 6 + rs/execution_environment/tests/dts.rs | 3 + rs/system_api/src/routing.rs | 34 ++++- .../src/sandbox_safe_system_state.rs | 3 + rs/types/management_canister_types/src/lib.rs | 119 ++++++++++++++++++ .../types/src/messages/ingress_messages.rs | 3 + rs/types/types/src/messages/inter_canister.rs | 3 + 12 files changed, 314 insertions(+), 4 deletions(-) diff --git a/rs/execution_environment/src/canister_manager.rs b/rs/execution_environment/src/canister_manager.rs index 85d0f6016d5..5e1ad8738bd 100644 --- a/rs/execution_environment/src/canister_manager.rs +++ b/rs/execution_environment/src/canister_manager.rs @@ -465,8 +465,11 @@ impl CanisterManager { | Ok(Ic00Method::SetupInitialDKG) | Ok(Ic00Method::SignWithECDSA) | Ok(Ic00Method::ComputeInitialIDkgDealings) + | Ok(Ic00Method::ReshareChainKey) | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) + | Ok(Ic00Method::VetKdPublicKey) + | Ok(Ic00Method::VetKdDeriveEncryptedKey) // "DepositCycles" can be called by anyone however as ingress message // cannot carry cycles, it does not make sense to allow them from users. | Ok(Ic00Method::DepositCycles) diff --git a/rs/execution_environment/src/execution_environment.rs b/rs/execution_environment/src/execution_environment.rs index 2ebe90074c0..f7c49233461 100644 --- a/rs/execution_environment/src/execution_environment.rs +++ b/rs/execution_environment/src/execution_environment.rs @@ -1242,6 +1242,14 @@ impl ExecutionEnvironment { } }, + Ok(Ic00Method::ReshareChainKey) => Self::reject_due_to_api_not_implemented(&mut msg), + + Ok(Ic00Method::VetKdPublicKey) => Self::reject_due_to_api_not_implemented(&mut msg), + + Ok(Ic00Method::VetKdDeriveEncryptedKey) => { + Self::reject_due_to_api_not_implemented(&mut msg) + } + Ok(Ic00Method::ProvisionalCreateCanisterWithCycles) => { let res = ProvisionalCreateCanisterWithCyclesArgs::decode(payload).and_then(|args| { @@ -1517,6 +1525,17 @@ impl ExecutionEnvironment { (state, Some(NumInstructions::from(0))) } + // Rejects message because API is not implemented. + fn reject_due_to_api_not_implemented(msg: &mut CanisterCall) -> ExecuteSubnetMessageResult { + ExecuteSubnetMessageResult::Finished { + response: Err(UserError::new( + ErrorCode::CanisterRejectedMessage, + format!("{} API is not yet implemented.", msg.method_name()), + )), + refund: msg.take_cycles(), + } + } + /// Observes a subnet message metrics and outputs the given subnet response. fn finish_subnet_message_execution( &self, diff --git a/rs/execution_environment/src/execution_environment/tests.rs b/rs/execution_environment/src/execution_environment/tests.rs index 26c41de0aa0..8c856b582d2 100644 --- a/rs/execution_environment/src/execution_environment/tests.rs +++ b/rs/execution_environment/src/execution_environment/tests.rs @@ -7,7 +7,7 @@ use ic_management_canister_types::{ DerivationPath, EcdsaKeyId, EmptyBlob, FetchCanisterLogsRequest, HttpMethod, LogVisibilityV2, MasterPublicKeyId, Method, Payload as Ic00Payload, ProvisionalCreateCanisterWithCyclesArgs, ProvisionalTopUpCanisterArgs, SchnorrAlgorithm, SchnorrKeyId, TakeCanisterSnapshotArgs, - TransformContext, TransformFunc, IC_00, + TransformContext, TransformFunc, VetKdCurve, VetKdKeyId, IC_00, }; use ic_registry_routing_table::{canister_id_into_u64, CanisterIdRange, RoutingTable}; use ic_registry_subnet_type::SubnetType; @@ -173,6 +173,13 @@ fn sign_with_threshold_key_payload(method: Method, key_id: MasterPublicKeyId) -> key_id: into_inner_schnorr(key_id), } .encode(), + Method::VetKdDeriveEncryptedKey => ic00::VetKdDeriveEncryptedKeyArgs { + derivation_id: vec![], + encryption_public_key: vec![], + public_key_derivation_path: DerivationPath::new(vec![]), + key_id: into_inner_vet_kd(key_id), + } + .encode(), _ => panic!("unexpected method"), } } @@ -2284,6 +2291,13 @@ fn make_schnorr_key(name: &str) -> MasterPublicKeyId { }) } +fn make_vet_kd_key(name: &str) -> MasterPublicKeyId { + MasterPublicKeyId::VetKd(VetKdKeyId { + curve: VetKdCurve::Bls12_381_G2, + name: name.to_string(), + }) +} + fn into_inner_ecdsa(key_id: MasterPublicKeyId) -> EcdsaKeyId { match key_id { MasterPublicKeyId::Ecdsa(key) => key, @@ -2298,6 +2312,13 @@ fn into_inner_schnorr(key_id: MasterPublicKeyId) -> SchnorrKeyId { } } +fn into_inner_vet_kd(key_id: MasterPublicKeyId) -> VetKdKeyId { + match key_id { + MasterPublicKeyId::VetKd(key) => key, + _ => panic!("unexpected key_id type"), + } +} + #[test] fn canister_output_queue_does_not_overflow_when_calling_ic00() { let own_subnet = subnet_test_id(1); @@ -3147,3 +3168,87 @@ fn test_sign_with_schnorr_api_is_enabled() { 1 ); } + +#[test] +fn test_vet_kd_public_key_api_is_disabled() { + let own_subnet = subnet_test_id(1); + let nns_subnet = subnet_test_id(2); + let nns_canister = canister_test_id(0x10); + let mut test = ExecutionTestBuilder::new() + .with_own_subnet_id(own_subnet) + .with_nns_subnet_id(nns_subnet) + .with_caller(nns_subnet, nns_canister) + .build(); + test.inject_call_to_ic00( + Method::VetKdPublicKey, + ic00::VetKdPublicKeyArgs { + canister_id: None, + derivation_path: DerivationPath::new(vec![]), + key_id: into_inner_vet_kd(make_vet_kd_key("some_key")), + } + .encode(), + Cycles::new(0), + ); + test.execute_all(); + let response = test.xnet_messages()[0].clone(); + assert_eq!( + get_reject_message(response), + "vet_kd_public_key API is not yet implemented.", + ) +} + +#[test] +fn test_vet_kd_derive_encrypted_key_api_is_disabled() { + let own_subnet = subnet_test_id(1); + let nns_subnet = subnet_test_id(2); + let nns_canister = canister_test_id(0x10); + let mut test = ExecutionTestBuilder::new() + .with_own_subnet_id(own_subnet) + .with_nns_subnet_id(nns_subnet) + .with_caller(nns_subnet, nns_canister) + .build(); + let method = Method::VetKdDeriveEncryptedKey; + test.inject_call_to_ic00( + method, + sign_with_threshold_key_payload(method, make_vet_kd_key("some_key")), + Cycles::new(0), + ); + test.execute_all(); + let response = test.xnet_messages()[0].clone(); + assert_eq!( + get_reject_message(response), + "vet_kd_derive_encrypted_key API is not yet implemented.", + ) +} + +#[test] +fn reshare_chain_key_api_is_disabled() { + let own_subnet = subnet_test_id(1); + let nns_subnet = subnet_test_id(2); + let nns_canister = canister_test_id(0x10); + let nodes = vec![node_test_id(1), node_test_id(2)].into_iter().collect(); + let registry_version = RegistryVersion::from(100); + let mut test = ExecutionTestBuilder::new() + .with_own_subnet_id(own_subnet) + .with_nns_subnet_id(nns_subnet) + .with_caller(nns_subnet, nns_canister) + .build(); + let method = Method::VetKdDeriveEncryptedKey; + test.inject_call_to_ic00( + method, + ic00::ReshareChainKeyArgs::new( + make_vet_kd_key("some_key"), + nns_subnet, + nodes, + registry_version, + ) + .encode(), + Cycles::new(0), + ); + test.execute_all(); + let response = test.xnet_messages()[0].clone(); + assert_eq!( + get_reject_message(response), + "vet_kd_derive_encrypted_key API is not yet implemented.", + ) +} diff --git a/rs/execution_environment/src/execution_environment_metrics.rs b/rs/execution_environment/src/execution_environment_metrics.rs index 77d1f2cafea..3d6420c79a2 100644 --- a/rs/execution_environment/src/execution_environment_metrics.rs +++ b/rs/execution_environment/src/execution_environment_metrics.rs @@ -186,6 +186,7 @@ impl ExecutionEnvironmentMetrics { | ic00::Method::UninstallCode | ic00::Method::ECDSAPublicKey | ic00::Method::SchnorrPublicKey + | ic00::Method::VetKdPublicKey | ic00::Method::UpdateSettings | ic00::Method::BitcoinGetBalance | ic00::Method::BitcoinGetUtxos @@ -216,7 +217,9 @@ impl ExecutionEnvironmentMetrics { | ic00::Method::HttpRequest | ic00::Method::SignWithECDSA | ic00::Method::SignWithSchnorr + | ic00::Method::VetKdDeriveEncryptedKey | ic00::Method::ComputeInitialIDkgDealings + | ic00::Method::ReshareChainKey | ic00::Method::BitcoinSendTransactionInternal | ic00::Method::BitcoinGetSuccessors => String::from("slow"), }; diff --git a/rs/execution_environment/src/ic00_permissions.rs b/rs/execution_environment/src/ic00_permissions.rs index 3aef0204944..4020f67043f 100644 --- a/rs/execution_environment/src/ic00_permissions.rs +++ b/rs/execution_environment/src/ic00_permissions.rs @@ -103,6 +103,11 @@ impl Ic00MethodPermissions { allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: true, }, + Ic00Method::ReshareChainKey => Self { + method, + allow_remote_subnet_sender: true, + allow_only_nns_subnet_sender: true, + }, Ic00Method::SchnorrPublicKey => Self { method, allow_remote_subnet_sender: true, @@ -113,6 +118,16 @@ impl Ic00MethodPermissions { allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: false, }, + Ic00Method::VetKdPublicKey => Self { + method, + allow_remote_subnet_sender: true, + allow_only_nns_subnet_sender: false, + }, + Ic00Method::VetKdDeriveEncryptedKey => Self { + method, + allow_remote_subnet_sender: true, + allow_only_nns_subnet_sender: false, + }, Ic00Method::BitcoinGetBalance => Self { method, allow_remote_subnet_sender: true, diff --git a/rs/execution_environment/src/scheduler.rs b/rs/execution_environment/src/scheduler.rs index 44ba7128008..8e89f0a8e8e 100644 --- a/rs/execution_environment/src/scheduler.rs +++ b/rs/execution_environment/src/scheduler.rs @@ -2203,8 +2203,11 @@ fn can_execute_subnet_msg( | Ic00Method::UninstallCode | Ic00Method::UpdateSettings | Ic00Method::ComputeInitialIDkgDealings + | Ic00Method::ReshareChainKey | Ic00Method::SchnorrPublicKey | Ic00Method::SignWithSchnorr + | Ic00Method::VetKdPublicKey + | Ic00Method::VetKdDeriveEncryptedKey | Ic00Method::BitcoinGetBalance | Ic00Method::BitcoinGetUtxos | Ic00Method::BitcoinGetBlockHeaders @@ -2263,8 +2266,11 @@ fn get_instructions_limits_for_subnet_message( | SetupInitialDKG | SignWithECDSA | ComputeInitialIDkgDealings + | ReshareChainKey | SchnorrPublicKey | SignWithSchnorr + | VetKdPublicKey + | VetKdDeriveEncryptedKey | StartCanister | StopCanister | UninstallCode diff --git a/rs/execution_environment/tests/dts.rs b/rs/execution_environment/tests/dts.rs index 713af2c276f..5f230404890 100644 --- a/rs/execution_environment/tests/dts.rs +++ b/rs/execution_environment/tests/dts.rs @@ -1154,8 +1154,11 @@ fn dts_aborted_execution_does_not_block_subnet_messages() { | Method::SetupInitialDKG | Method::SignWithECDSA | Method::ComputeInitialIDkgDealings + | Method::ReshareChainKey | Method::SchnorrPublicKey | Method::SignWithSchnorr + | Method::VetKdPublicKey + | Method::VetKdDeriveEncryptedKey | Method::BitcoinGetBalance | Method::BitcoinGetUtxos | Method::BitcoinGetBlockHeaders diff --git a/rs/system_api/src/routing.rs b/rs/system_api/src/routing.rs index ff798b4071a..e04d60b36fd 100644 --- a/rs/system_api/src/routing.rs +++ b/rs/system_api/src/routing.rs @@ -10,9 +10,10 @@ use ic_management_canister_types::{ ClearChunkStoreArgs, ComputeInitialIDkgDealingsArgs, DeleteCanisterSnapshotArgs, ECDSAPublicKeyArgs, InstallChunkedCodeArgs, InstallCodeArgsV2, ListCanisterSnapshotArgs, LoadCanisterSnapshotArgs, MasterPublicKeyId, Method as Ic00Method, NodeMetricsHistoryArgs, - Payload, ProvisionalTopUpCanisterArgs, SchnorrPublicKeyArgs, SignWithECDSAArgs, - SignWithSchnorrArgs, StoredChunksArgs, SubnetInfoArgs, TakeCanisterSnapshotArgs, - UninstallCodeArgs, UpdateSettingsArgs, UploadChunkArgs, + Payload, ProvisionalTopUpCanisterArgs, ReshareChainKeyArgs, SchnorrPublicKeyArgs, + SignWithECDSAArgs, SignWithSchnorrArgs, StoredChunksArgs, SubnetInfoArgs, + TakeCanisterSnapshotArgs, UninstallCodeArgs, UpdateSettingsArgs, UploadChunkArgs, + VetKdDeriveEncryptedKeyArgs, VetKdPublicKeyArgs, }; use ic_replicated_state::NetworkTopology; use itertools::Itertools; @@ -205,6 +206,15 @@ pub(super) fn resolve_destination( IDkgSubnetKind::OnlyHoldsKey, ) } + Ok(Ic00Method::ReshareChainKey) => { + let args = ReshareChainKeyArgs::decode(payload)?; + route_idkg_message( + &args.key_id, + network_topology, + &Some(args.subnet_id), + IDkgSubnetKind::OnlyHoldsKey, + ) + } Ok(Ic00Method::SchnorrPublicKey) => { let args = SchnorrPublicKeyArgs::decode(payload)?; route_idkg_message( @@ -223,6 +233,24 @@ pub(super) fn resolve_destination( IDkgSubnetKind::HoldsAndSignWithKey, ) } + Ok(Ic00Method::VetKdPublicKey) => { + let args = VetKdPublicKeyArgs::decode(payload)?; + route_idkg_message( + &MasterPublicKeyId::VetKd(args.key_id), + network_topology, + &None, + IDkgSubnetKind::OnlyHoldsKey, + ) + } + Ok(Ic00Method::VetKdDeriveEncryptedKey) => { + let args = VetKdDeriveEncryptedKeyArgs::decode(payload)?; + route_idkg_message( + &MasterPublicKeyId::VetKd(args.key_id), + network_topology, + &None, + IDkgSubnetKind::HoldsAndSignWithKey, + ) + } Ok(Ic00Method::UploadChunk) => { let args = UploadChunkArgs::decode(payload)?; let canister_id = args.get_canister_id(); diff --git a/rs/system_api/src/sandbox_safe_system_state.rs b/rs/system_api/src/sandbox_safe_system_state.rs index 94fe9272501..32c169d4732 100644 --- a/rs/system_api/src/sandbox_safe_system_state.rs +++ b/rs/system_api/src/sandbox_safe_system_state.rs @@ -249,8 +249,11 @@ impl SystemStateChanges { | Ok(Ic00Method::SetupInitialDKG) | Ok(Ic00Method::ECDSAPublicKey) | Ok(Ic00Method::ComputeInitialIDkgDealings) + | Ok(Ic00Method::ReshareChainKey) | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) + | Ok(Ic00Method::VetKdPublicKey) + | Ok(Ic00Method::VetKdDeriveEncryptedKey) | Ok(Ic00Method::ProvisionalTopUpCanister) | Ok(Ic00Method::BitcoinSendTransactionInternal) | Ok(Ic00Method::BitcoinGetSuccessors) diff --git a/rs/types/management_canister_types/src/lib.rs b/rs/types/management_canister_types/src/lib.rs index 6359d74f620..b77606b98aa 100644 --- a/rs/types/management_canister_types/src/lib.rs +++ b/rs/types/management_canister_types/src/lib.rs @@ -83,11 +83,16 @@ pub enum Method { UninstallCode, UpdateSettings, ComputeInitialIDkgDealings, + ReshareChainKey, // Schnorr interface. SchnorrPublicKey, SignWithSchnorr, + // VetKd interface. + VetKdPublicKey, + VetKdDeriveEncryptedKey, + // Bitcoin Interface. BitcoinGetBalance, BitcoinGetUtxos, @@ -2612,6 +2617,59 @@ impl ComputeInitialIDkgDealingsArgs { } } +/// Argument of the reshare_chain_key API. +/// `(record { +/// key_id: master_public_key_id; +/// subnet_id: principal; +/// nodes: vec principal; +/// registry_version: nat64; +/// })` +#[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] +pub struct ReshareChainKeyArgs { + pub key_id: MasterPublicKeyId, + pub subnet_id: SubnetId, + nodes: BoundedNodes, + registry_version: u64, +} + +impl Payload<'_> for ReshareChainKeyArgs {} + +impl ReshareChainKeyArgs { + pub fn new( + key_id: MasterPublicKeyId, + subnet_id: SubnetId, + nodes: BTreeSet, + registry_version: RegistryVersion, + ) -> Self { + Self { + key_id, + subnet_id, + nodes: BoundedNodes::new(nodes.iter().map(|id| id.get()).collect()), + registry_version: registry_version.get(), + } + } + + pub fn get_set_of_nodes(&self) -> Result, UserError> { + let mut set = BTreeSet::::new(); + for node_id in self.nodes.get().iter() { + if !set.insert(NodeId::new(*node_id)) { + return Err(UserError::new( + ErrorCode::InvalidManagementPayload, + format!( + "Expected a set of NodeIds. The NodeId {} is repeated", + node_id + ), + )); + } + } + Ok(set) + } + + pub fn get_registry_version(&self) -> RegistryVersion { + RegistryVersion::new(self.registry_version) + } +} + /// Represents the argument of the sign_with_schnorr API. /// ```text /// (record { @@ -2705,6 +2763,67 @@ impl ComputeInitialIDkgDealingsResponse { } } +// Represents the argument of the vet_kd_derive_encrypted_key API. +/// ```text +/// (record { +/// public_key_derivation_path : vec blob; +/// derivation_id: blob; +/// key_id : vet_kd_key_id; +/// encryption_public_key: blob; +/// }) +/// ``` +#[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] +pub struct VetKdDeriveEncryptedKeyArgs { + pub public_key_derivation_path: DerivationPath, + #[serde(with = "serde_bytes")] + pub derivation_id: Vec, + pub key_id: VetKdKeyId, + #[serde(with = "serde_bytes")] + pub encryption_public_key: Vec, +} + +impl Payload<'_> for VetKdDeriveEncryptedKeyArgs {} + +/// Struct used to return vet KD result. +#[derive(Debug, CandidType, Deserialize)] +pub struct VetKdDeriveEncryptedKeyResult { + #[serde(with = "serde_bytes")] + pub encrypted_key: Vec, +} + +impl Payload<'_> for VetKdDeriveEncryptedKeyResult {} + +/// Represents the argument of the vet_kd_public_key API. +/// ```text +/// (record { +/// canister_id : opt canister_id; +/// derivation_path : vec blob; +/// key_id : vet_kd_key_id; +/// }) +/// ``` +#[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] +pub struct VetKdPublicKeyArgs { + pub canister_id: Option, + pub derivation_path: DerivationPath, + pub key_id: VetKdKeyId, +} + +impl Payload<'_> for VetKdPublicKeyArgs {} + +/// Represents the response of the vet_kd_public_key API. +/// ```text +/// (record { +/// public_key : blob; +/// }) +/// ``` +#[derive(Debug, CandidType, Deserialize)] +pub struct VetKdPublicKeyResult { + #[serde(with = "serde_bytes")] + pub public_key: Vec, +} + +impl Payload<'_> for VetKdPublicKeyResult {} + // Export the bitcoin types. pub use ic_btc_interface::{ GetBalanceRequest as BitcoinGetBalanceArgs, diff --git a/rs/types/types/src/messages/ingress_messages.rs b/rs/types/types/src/messages/ingress_messages.rs index d94911c8ef5..212bb2d285b 100644 --- a/rs/types/types/src/messages/ingress_messages.rs +++ b/rs/types/types/src/messages/ingress_messages.rs @@ -560,8 +560,11 @@ pub fn extract_effective_canister_id( | Ok(Method::ECDSAPublicKey) | Ok(Method::SignWithECDSA) | Ok(Method::ComputeInitialIDkgDealings) + | Ok(Method::ReshareChainKey) | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) + | Ok(Method::VetKdPublicKey) + | Ok(Method::VetKdDeriveEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders) diff --git a/rs/types/types/src/messages/inter_canister.rs b/rs/types/types/src/messages/inter_canister.rs index 24d562bc159..f4ac78cc6ab 100644 --- a/rs/types/types/src/messages/inter_canister.rs +++ b/rs/types/types/src/messages/inter_canister.rs @@ -211,8 +211,11 @@ impl Request { | Ok(Method::ECDSAPublicKey) | Ok(Method::SignWithECDSA) | Ok(Method::ComputeInitialIDkgDealings) + | Ok(Method::ReshareChainKey) | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) + | Ok(Method::VetKdPublicKey) + | Ok(Method::VetKdDeriveEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders) From 29344b37127e0b83ac6bc118827a036a66a282b5 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Fri, 15 Nov 2024 16:45:44 +0000 Subject: [PATCH 2/7] reshare response --- rs/types/management_canister_types/src/lib.rs | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/rs/types/management_canister_types/src/lib.rs b/rs/types/management_canister_types/src/lib.rs index b77606b98aa..516e7cef334 100644 --- a/rs/types/management_canister_types/src/lib.rs +++ b/rs/types/management_canister_types/src/lib.rs @@ -2670,6 +2670,35 @@ impl ReshareChainKeyArgs { } } +/// Struct used to return the chain key resharing. +#[derive(Debug, Deserialize, Serialize)] +pub enum ReshareChainKeyResponse { + IDkg(InitialIDkgDealings), + NiDkg(InitialNiDkgTranscriptRecord), +} + +impl ReshareChainKeyResponse { + pub fn encode(&self) -> Vec { + let serde_encoded_bytes = self.encode_with_serde_cbor(); + Encode!(&serde_encoded_bytes).unwrap() + } + + fn encode_with_serde_cbor(&self) -> Vec { + serde_cbor::to_vec(self).unwrap() + } + + pub fn decode(blob: &[u8]) -> Result { + let serde_encoded_bytes = + Decode!([decoder_config()]; blob, Vec).map_err(candid_error_to_user_error)?; + serde_cbor::from_slice::(&serde_encoded_bytes).map_err(|err| { + UserError::new( + ErrorCode::InvalidManagementPayload, + format!("Payload deserialization error: '{}'", err), + ) + }) + } +} + /// Represents the argument of the sign_with_schnorr API. /// ```text /// (record { From ff456922ec78670bdcd43cac5d9a732036295a87 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Sun, 17 Nov 2024 13:32:24 +0000 Subject: [PATCH 3/7] exec --- .../src/execution_environment.rs | 27 +++++++------------ 1 file changed, 9 insertions(+), 18 deletions(-) diff --git a/rs/execution_environment/src/execution_environment.rs b/rs/execution_environment/src/execution_environment.rs index f7c49233461..20de3749013 100644 --- a/rs/execution_environment/src/execution_environment.rs +++ b/rs/execution_environment/src/execution_environment.rs @@ -1242,13 +1242,15 @@ impl ExecutionEnvironment { } }, - Ok(Ic00Method::ReshareChainKey) => Self::reject_due_to_api_not_implemented(&mut msg), - - Ok(Ic00Method::VetKdPublicKey) => Self::reject_due_to_api_not_implemented(&mut msg), - - Ok(Ic00Method::VetKdDeriveEncryptedKey) => { - Self::reject_due_to_api_not_implemented(&mut msg) - } + Ok(Ic00Method::ReshareChainKey) + | Ok(Ic00Method::VetKdPublicKey) + | Ok(Ic00Method::VetKdDeriveEncryptedKey) => ExecuteSubnetMessageResult::Finished { + response: Err(UserError::new( + ErrorCode::CanisterRejectedMessage, + format!("{} API is not yet implemented.", msg.method_name()), + )), + refund: msg.take_cycles(), + }, Ok(Ic00Method::ProvisionalCreateCanisterWithCycles) => { let res = @@ -1525,17 +1527,6 @@ impl ExecutionEnvironment { (state, Some(NumInstructions::from(0))) } - // Rejects message because API is not implemented. - fn reject_due_to_api_not_implemented(msg: &mut CanisterCall) -> ExecuteSubnetMessageResult { - ExecuteSubnetMessageResult::Finished { - response: Err(UserError::new( - ErrorCode::CanisterRejectedMessage, - format!("{} API is not yet implemented.", msg.method_name()), - )), - refund: msg.take_cycles(), - } - } - /// Observes a subnet message metrics and outputs the given subnet response. fn finish_subnet_message_execution( &self, From 14533f3d9dbd6849fd2bf33bc16de0a17a9d3b52 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Sun, 17 Nov 2024 13:36:22 +0000 Subject: [PATCH 4/7] todos --- rs/system_api/src/routing.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rs/system_api/src/routing.rs b/rs/system_api/src/routing.rs index e04d60b36fd..a17a4235bb1 100644 --- a/rs/system_api/src/routing.rs +++ b/rs/system_api/src/routing.rs @@ -307,11 +307,15 @@ pub(super) fn resolve_destination( )), } } + +/// TODO(CRP-2614): Rename to include VetKD enum IDkgSubnetKind { OnlyHoldsKey, HoldsAndSignWithKey, } +/// TODO(CRP-2614): Rename to include VetKD +/// TODO(CRP-2615): Unit tests for VetKD routing /// Routes to the `requested_subnet` if it holds the key (and fails if that /// subnet doesn't hold the key). If a `requested_subnet` is not provided, /// route to the first subnet enabled to sign with the given key. From 713258415d0ebb3b673bd712710e958576a05da4 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Mon, 18 Nov 2024 08:54:50 +0000 Subject: [PATCH 5/7] fix test --- rs/execution_environment/src/execution_environment/tests.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rs/execution_environment/src/execution_environment/tests.rs b/rs/execution_environment/src/execution_environment/tests.rs index 8c856b582d2..3d0decb3f91 100644 --- a/rs/execution_environment/src/execution_environment/tests.rs +++ b/rs/execution_environment/src/execution_environment/tests.rs @@ -3233,7 +3233,7 @@ fn reshare_chain_key_api_is_disabled() { .with_nns_subnet_id(nns_subnet) .with_caller(nns_subnet, nns_canister) .build(); - let method = Method::VetKdDeriveEncryptedKey; + let method = Method::ReshareChainKey; test.inject_call_to_ic00( method, ic00::ReshareChainKeyArgs::new( @@ -3249,6 +3249,6 @@ fn reshare_chain_key_api_is_disabled() { let response = test.xnet_messages()[0].clone(); assert_eq!( get_reject_message(response), - "vet_kd_derive_encrypted_key API is not yet implemented.", + "reshare_chain_key API is not yet implemented.", ) } From 6f1a57543e5f5adf646154cb03d3a23868f2ca19 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Mon, 18 Nov 2024 09:40:50 +0000 Subject: [PATCH 6/7] rename --- rs/execution_environment/src/canister_manager.rs | 2 +- .../src/execution_environment.rs | 2 +- .../src/execution_environment/tests.rs | 8 ++++---- .../src/execution_environment_metrics.rs | 2 +- rs/execution_environment/src/ic00_permissions.rs | 2 +- rs/execution_environment/src/scheduler.rs | 4 ++-- rs/execution_environment/tests/dts.rs | 2 +- rs/system_api/src/routing.rs | 6 +++--- rs/system_api/src/sandbox_safe_system_state.rs | 2 +- rs/types/management_canister_types/src/lib.rs | 12 ++++++------ rs/types/types/src/messages/ingress_messages.rs | 2 +- rs/types/types/src/messages/inter_canister.rs | 2 +- 12 files changed, 23 insertions(+), 23 deletions(-) diff --git a/rs/execution_environment/src/canister_manager.rs b/rs/execution_environment/src/canister_manager.rs index 5e1ad8738bd..5075599cefe 100644 --- a/rs/execution_environment/src/canister_manager.rs +++ b/rs/execution_environment/src/canister_manager.rs @@ -469,7 +469,7 @@ impl CanisterManager { | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdDeriveEncryptedKey) + | Ok(Ic00Method::VetKdEncryptedKey) // "DepositCycles" can be called by anyone however as ingress message // cannot carry cycles, it does not make sense to allow them from users. | Ok(Ic00Method::DepositCycles) diff --git a/rs/execution_environment/src/execution_environment.rs b/rs/execution_environment/src/execution_environment.rs index 20de3749013..0fcd9376849 100644 --- a/rs/execution_environment/src/execution_environment.rs +++ b/rs/execution_environment/src/execution_environment.rs @@ -1244,7 +1244,7 @@ impl ExecutionEnvironment { Ok(Ic00Method::ReshareChainKey) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdDeriveEncryptedKey) => ExecuteSubnetMessageResult::Finished { + | Ok(Ic00Method::VetKdEncryptedKey) => ExecuteSubnetMessageResult::Finished { response: Err(UserError::new( ErrorCode::CanisterRejectedMessage, format!("{} API is not yet implemented.", msg.method_name()), diff --git a/rs/execution_environment/src/execution_environment/tests.rs b/rs/execution_environment/src/execution_environment/tests.rs index 3d0decb3f91..1aca565d5a6 100644 --- a/rs/execution_environment/src/execution_environment/tests.rs +++ b/rs/execution_environment/src/execution_environment/tests.rs @@ -173,7 +173,7 @@ fn sign_with_threshold_key_payload(method: Method, key_id: MasterPublicKeyId) -> key_id: into_inner_schnorr(key_id), } .encode(), - Method::VetKdDeriveEncryptedKey => ic00::VetKdDeriveEncryptedKeyArgs { + Method::VetKdEncryptedKey => ic00::VetKdEncryptedKeyArgs { derivation_id: vec![], encryption_public_key: vec![], public_key_derivation_path: DerivationPath::new(vec![]), @@ -3198,7 +3198,7 @@ fn test_vet_kd_public_key_api_is_disabled() { } #[test] -fn test_vet_kd_derive_encrypted_key_api_is_disabled() { +fn test_vet_kd_encrypted_key_api_is_disabled() { let own_subnet = subnet_test_id(1); let nns_subnet = subnet_test_id(2); let nns_canister = canister_test_id(0x10); @@ -3207,7 +3207,7 @@ fn test_vet_kd_derive_encrypted_key_api_is_disabled() { .with_nns_subnet_id(nns_subnet) .with_caller(nns_subnet, nns_canister) .build(); - let method = Method::VetKdDeriveEncryptedKey; + let method = Method::VetKdEncryptedKey; test.inject_call_to_ic00( method, sign_with_threshold_key_payload(method, make_vet_kd_key("some_key")), @@ -3217,7 +3217,7 @@ fn test_vet_kd_derive_encrypted_key_api_is_disabled() { let response = test.xnet_messages()[0].clone(); assert_eq!( get_reject_message(response), - "vet_kd_derive_encrypted_key API is not yet implemented.", + "vet_kd_encrypted_key API is not yet implemented.", ) } diff --git a/rs/execution_environment/src/execution_environment_metrics.rs b/rs/execution_environment/src/execution_environment_metrics.rs index 3d6420c79a2..c8d660c33c9 100644 --- a/rs/execution_environment/src/execution_environment_metrics.rs +++ b/rs/execution_environment/src/execution_environment_metrics.rs @@ -217,7 +217,7 @@ impl ExecutionEnvironmentMetrics { | ic00::Method::HttpRequest | ic00::Method::SignWithECDSA | ic00::Method::SignWithSchnorr - | ic00::Method::VetKdDeriveEncryptedKey + | ic00::Method::VetKdEncryptedKey | ic00::Method::ComputeInitialIDkgDealings | ic00::Method::ReshareChainKey | ic00::Method::BitcoinSendTransactionInternal diff --git a/rs/execution_environment/src/ic00_permissions.rs b/rs/execution_environment/src/ic00_permissions.rs index 4020f67043f..e136eb7b49c 100644 --- a/rs/execution_environment/src/ic00_permissions.rs +++ b/rs/execution_environment/src/ic00_permissions.rs @@ -123,7 +123,7 @@ impl Ic00MethodPermissions { allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: false, }, - Ic00Method::VetKdDeriveEncryptedKey => Self { + Ic00Method::VetKdEncryptedKey => Self { method, allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: false, diff --git a/rs/execution_environment/src/scheduler.rs b/rs/execution_environment/src/scheduler.rs index 8e89f0a8e8e..63b6a84673e 100644 --- a/rs/execution_environment/src/scheduler.rs +++ b/rs/execution_environment/src/scheduler.rs @@ -2207,7 +2207,7 @@ fn can_execute_subnet_msg( | Ic00Method::SchnorrPublicKey | Ic00Method::SignWithSchnorr | Ic00Method::VetKdPublicKey - | Ic00Method::VetKdDeriveEncryptedKey + | Ic00Method::VetKdEncryptedKey | Ic00Method::BitcoinGetBalance | Ic00Method::BitcoinGetUtxos | Ic00Method::BitcoinGetBlockHeaders @@ -2270,7 +2270,7 @@ fn get_instructions_limits_for_subnet_message( | SchnorrPublicKey | SignWithSchnorr | VetKdPublicKey - | VetKdDeriveEncryptedKey + | VetKdEncryptedKey | StartCanister | StopCanister | UninstallCode diff --git a/rs/execution_environment/tests/dts.rs b/rs/execution_environment/tests/dts.rs index 5f230404890..818d9fe694d 100644 --- a/rs/execution_environment/tests/dts.rs +++ b/rs/execution_environment/tests/dts.rs @@ -1158,7 +1158,7 @@ fn dts_aborted_execution_does_not_block_subnet_messages() { | Method::SchnorrPublicKey | Method::SignWithSchnorr | Method::VetKdPublicKey - | Method::VetKdDeriveEncryptedKey + | Method::VetKdEncryptedKey | Method::BitcoinGetBalance | Method::BitcoinGetUtxos | Method::BitcoinGetBlockHeaders diff --git a/rs/system_api/src/routing.rs b/rs/system_api/src/routing.rs index a17a4235bb1..b75f58885cb 100644 --- a/rs/system_api/src/routing.rs +++ b/rs/system_api/src/routing.rs @@ -13,7 +13,7 @@ use ic_management_canister_types::{ Payload, ProvisionalTopUpCanisterArgs, ReshareChainKeyArgs, SchnorrPublicKeyArgs, SignWithECDSAArgs, SignWithSchnorrArgs, StoredChunksArgs, SubnetInfoArgs, TakeCanisterSnapshotArgs, UninstallCodeArgs, UpdateSettingsArgs, UploadChunkArgs, - VetKdDeriveEncryptedKeyArgs, VetKdPublicKeyArgs, + VetKdEncryptedKeyArgs, VetKdPublicKeyArgs, }; use ic_replicated_state::NetworkTopology; use itertools::Itertools; @@ -242,8 +242,8 @@ pub(super) fn resolve_destination( IDkgSubnetKind::OnlyHoldsKey, ) } - Ok(Ic00Method::VetKdDeriveEncryptedKey) => { - let args = VetKdDeriveEncryptedKeyArgs::decode(payload)?; + Ok(Ic00Method::VetKdEncryptedKey) => { + let args = VetKdEncryptedKeyArgs::decode(payload)?; route_idkg_message( &MasterPublicKeyId::VetKd(args.key_id), network_topology, diff --git a/rs/system_api/src/sandbox_safe_system_state.rs b/rs/system_api/src/sandbox_safe_system_state.rs index 32c169d4732..2f29fe8dec6 100644 --- a/rs/system_api/src/sandbox_safe_system_state.rs +++ b/rs/system_api/src/sandbox_safe_system_state.rs @@ -253,7 +253,7 @@ impl SystemStateChanges { | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdDeriveEncryptedKey) + | Ok(Ic00Method::VetKdEncryptedKey) | Ok(Ic00Method::ProvisionalTopUpCanister) | Ok(Ic00Method::BitcoinSendTransactionInternal) | Ok(Ic00Method::BitcoinGetSuccessors) diff --git a/rs/types/management_canister_types/src/lib.rs b/rs/types/management_canister_types/src/lib.rs index ad094f8b85d..ed15647f676 100644 --- a/rs/types/management_canister_types/src/lib.rs +++ b/rs/types/management_canister_types/src/lib.rs @@ -91,7 +91,7 @@ pub enum Method { // VetKd interface. VetKdPublicKey, - VetKdDeriveEncryptedKey, + VetKdEncryptedKey, // Bitcoin Interface. BitcoinGetBalance, @@ -2802,7 +2802,7 @@ impl ComputeInitialIDkgDealingsResponse { } } -// Represents the argument of the vet_kd_derive_encrypted_key API. +// Represents the argument of the vet_kd_encrypted_key API. /// ```text /// (record { /// public_key_derivation_path : vec blob; @@ -2812,7 +2812,7 @@ impl ComputeInitialIDkgDealingsResponse { /// }) /// ``` #[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] -pub struct VetKdDeriveEncryptedKeyArgs { +pub struct VetKdEncryptedKeyArgs { pub public_key_derivation_path: DerivationPath, #[serde(with = "serde_bytes")] pub derivation_id: Vec, @@ -2821,16 +2821,16 @@ pub struct VetKdDeriveEncryptedKeyArgs { pub encryption_public_key: Vec, } -impl Payload<'_> for VetKdDeriveEncryptedKeyArgs {} +impl Payload<'_> for VetKdEncryptedKeyArgs {} /// Struct used to return vet KD result. #[derive(Debug, CandidType, Deserialize)] -pub struct VetKdDeriveEncryptedKeyResult { +pub struct VetKdEncryptedKeyResult { #[serde(with = "serde_bytes")] pub encrypted_key: Vec, } -impl Payload<'_> for VetKdDeriveEncryptedKeyResult {} +impl Payload<'_> for VetKdEncryptedKeyResult {} /// Represents the argument of the vet_kd_public_key API. /// ```text diff --git a/rs/types/types/src/messages/ingress_messages.rs b/rs/types/types/src/messages/ingress_messages.rs index 212bb2d285b..a497f3052fe 100644 --- a/rs/types/types/src/messages/ingress_messages.rs +++ b/rs/types/types/src/messages/ingress_messages.rs @@ -564,7 +564,7 @@ pub fn extract_effective_canister_id( | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) | Ok(Method::VetKdPublicKey) - | Ok(Method::VetKdDeriveEncryptedKey) + | Ok(Method::VetKdEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders) diff --git a/rs/types/types/src/messages/inter_canister.rs b/rs/types/types/src/messages/inter_canister.rs index f4ac78cc6ab..781d31fe53d 100644 --- a/rs/types/types/src/messages/inter_canister.rs +++ b/rs/types/types/src/messages/inter_canister.rs @@ -215,7 +215,7 @@ impl Request { | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) | Ok(Method::VetKdPublicKey) - | Ok(Method::VetKdDeriveEncryptedKey) + | Ok(Method::VetKdEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders) From 132ed2cfad2595f70ab4b212bdcee623e5e4fc31 Mon Sep 17 00:00:00 2001 From: Leo Eichhorn Date: Mon, 18 Nov 2024 17:09:31 +0000 Subject: [PATCH 7/7] rename --- .../src/canister_manager.rs | 2 +- .../src/execution_environment.rs | 2 +- .../src/execution_environment/tests.rs | 26 ++++++++-------- .../src/execution_environment_metrics.rs | 2 +- .../src/ic00_permissions.rs | 2 +- rs/execution_environment/src/scheduler.rs | 4 +-- rs/execution_environment/tests/dts.rs | 2 +- rs/system_api/src/routing.rs | 6 ++-- .../src/sandbox_safe_system_state.rs | 2 +- rs/types/management_canister_types/src/lib.rs | 31 ++++++++++++------- .../types/src/messages/ingress_messages.rs | 2 +- rs/types/types/src/messages/inter_canister.rs | 2 +- 12 files changed, 45 insertions(+), 38 deletions(-) diff --git a/rs/execution_environment/src/canister_manager.rs b/rs/execution_environment/src/canister_manager.rs index 5075599cefe..5e1ad8738bd 100644 --- a/rs/execution_environment/src/canister_manager.rs +++ b/rs/execution_environment/src/canister_manager.rs @@ -469,7 +469,7 @@ impl CanisterManager { | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdEncryptedKey) + | Ok(Ic00Method::VetKdDeriveEncryptedKey) // "DepositCycles" can be called by anyone however as ingress message // cannot carry cycles, it does not make sense to allow them from users. | Ok(Ic00Method::DepositCycles) diff --git a/rs/execution_environment/src/execution_environment.rs b/rs/execution_environment/src/execution_environment.rs index 0fcd9376849..20de3749013 100644 --- a/rs/execution_environment/src/execution_environment.rs +++ b/rs/execution_environment/src/execution_environment.rs @@ -1244,7 +1244,7 @@ impl ExecutionEnvironment { Ok(Ic00Method::ReshareChainKey) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdEncryptedKey) => ExecuteSubnetMessageResult::Finished { + | Ok(Ic00Method::VetKdDeriveEncryptedKey) => ExecuteSubnetMessageResult::Finished { response: Err(UserError::new( ErrorCode::CanisterRejectedMessage, format!("{} API is not yet implemented.", msg.method_name()), diff --git a/rs/execution_environment/src/execution_environment/tests.rs b/rs/execution_environment/src/execution_environment/tests.rs index 1aca565d5a6..aef67db214f 100644 --- a/rs/execution_environment/src/execution_environment/tests.rs +++ b/rs/execution_environment/src/execution_environment/tests.rs @@ -173,11 +173,11 @@ fn sign_with_threshold_key_payload(method: Method, key_id: MasterPublicKeyId) -> key_id: into_inner_schnorr(key_id), } .encode(), - Method::VetKdEncryptedKey => ic00::VetKdEncryptedKeyArgs { + Method::VetKdDeriveEncryptedKey => ic00::VetKdDeriveEncryptedKeyArgs { derivation_id: vec![], encryption_public_key: vec![], - public_key_derivation_path: DerivationPath::new(vec![]), - key_id: into_inner_vet_kd(key_id), + derivation_path: DerivationPath::new(vec![]), + key_id: into_inner_vetkd(key_id), } .encode(), _ => panic!("unexpected method"), @@ -2291,7 +2291,7 @@ fn make_schnorr_key(name: &str) -> MasterPublicKeyId { }) } -fn make_vet_kd_key(name: &str) -> MasterPublicKeyId { +fn make_vetkd_key(name: &str) -> MasterPublicKeyId { MasterPublicKeyId::VetKd(VetKdKeyId { curve: VetKdCurve::Bls12_381_G2, name: name.to_string(), @@ -2312,7 +2312,7 @@ fn into_inner_schnorr(key_id: MasterPublicKeyId) -> SchnorrKeyId { } } -fn into_inner_vet_kd(key_id: MasterPublicKeyId) -> VetKdKeyId { +fn into_inner_vetkd(key_id: MasterPublicKeyId) -> VetKdKeyId { match key_id { MasterPublicKeyId::VetKd(key) => key, _ => panic!("unexpected key_id type"), @@ -3170,7 +3170,7 @@ fn test_sign_with_schnorr_api_is_enabled() { } #[test] -fn test_vet_kd_public_key_api_is_disabled() { +fn test_vetkd_public_key_api_is_disabled() { let own_subnet = subnet_test_id(1); let nns_subnet = subnet_test_id(2); let nns_canister = canister_test_id(0x10); @@ -3184,7 +3184,7 @@ fn test_vet_kd_public_key_api_is_disabled() { ic00::VetKdPublicKeyArgs { canister_id: None, derivation_path: DerivationPath::new(vec![]), - key_id: into_inner_vet_kd(make_vet_kd_key("some_key")), + key_id: into_inner_vetkd(make_vetkd_key("some_key")), } .encode(), Cycles::new(0), @@ -3193,12 +3193,12 @@ fn test_vet_kd_public_key_api_is_disabled() { let response = test.xnet_messages()[0].clone(); assert_eq!( get_reject_message(response), - "vet_kd_public_key API is not yet implemented.", + "vetkd_public_key API is not yet implemented.", ) } #[test] -fn test_vet_kd_encrypted_key_api_is_disabled() { +fn test_vetkd_derive_encrypted_key_api_is_disabled() { let own_subnet = subnet_test_id(1); let nns_subnet = subnet_test_id(2); let nns_canister = canister_test_id(0x10); @@ -3207,17 +3207,17 @@ fn test_vet_kd_encrypted_key_api_is_disabled() { .with_nns_subnet_id(nns_subnet) .with_caller(nns_subnet, nns_canister) .build(); - let method = Method::VetKdEncryptedKey; + let method = Method::VetKdDeriveEncryptedKey; test.inject_call_to_ic00( method, - sign_with_threshold_key_payload(method, make_vet_kd_key("some_key")), + sign_with_threshold_key_payload(method, make_vetkd_key("some_key")), Cycles::new(0), ); test.execute_all(); let response = test.xnet_messages()[0].clone(); assert_eq!( get_reject_message(response), - "vet_kd_encrypted_key API is not yet implemented.", + "vetkd_derive_encrypted_key API is not yet implemented.", ) } @@ -3237,7 +3237,7 @@ fn reshare_chain_key_api_is_disabled() { test.inject_call_to_ic00( method, ic00::ReshareChainKeyArgs::new( - make_vet_kd_key("some_key"), + make_vetkd_key("some_key"), nns_subnet, nodes, registry_version, diff --git a/rs/execution_environment/src/execution_environment_metrics.rs b/rs/execution_environment/src/execution_environment_metrics.rs index c8d660c33c9..3d6420c79a2 100644 --- a/rs/execution_environment/src/execution_environment_metrics.rs +++ b/rs/execution_environment/src/execution_environment_metrics.rs @@ -217,7 +217,7 @@ impl ExecutionEnvironmentMetrics { | ic00::Method::HttpRequest | ic00::Method::SignWithECDSA | ic00::Method::SignWithSchnorr - | ic00::Method::VetKdEncryptedKey + | ic00::Method::VetKdDeriveEncryptedKey | ic00::Method::ComputeInitialIDkgDealings | ic00::Method::ReshareChainKey | ic00::Method::BitcoinSendTransactionInternal diff --git a/rs/execution_environment/src/ic00_permissions.rs b/rs/execution_environment/src/ic00_permissions.rs index e136eb7b49c..4020f67043f 100644 --- a/rs/execution_environment/src/ic00_permissions.rs +++ b/rs/execution_environment/src/ic00_permissions.rs @@ -123,7 +123,7 @@ impl Ic00MethodPermissions { allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: false, }, - Ic00Method::VetKdEncryptedKey => Self { + Ic00Method::VetKdDeriveEncryptedKey => Self { method, allow_remote_subnet_sender: true, allow_only_nns_subnet_sender: false, diff --git a/rs/execution_environment/src/scheduler.rs b/rs/execution_environment/src/scheduler.rs index 63b6a84673e..8e89f0a8e8e 100644 --- a/rs/execution_environment/src/scheduler.rs +++ b/rs/execution_environment/src/scheduler.rs @@ -2207,7 +2207,7 @@ fn can_execute_subnet_msg( | Ic00Method::SchnorrPublicKey | Ic00Method::SignWithSchnorr | Ic00Method::VetKdPublicKey - | Ic00Method::VetKdEncryptedKey + | Ic00Method::VetKdDeriveEncryptedKey | Ic00Method::BitcoinGetBalance | Ic00Method::BitcoinGetUtxos | Ic00Method::BitcoinGetBlockHeaders @@ -2270,7 +2270,7 @@ fn get_instructions_limits_for_subnet_message( | SchnorrPublicKey | SignWithSchnorr | VetKdPublicKey - | VetKdEncryptedKey + | VetKdDeriveEncryptedKey | StartCanister | StopCanister | UninstallCode diff --git a/rs/execution_environment/tests/dts.rs b/rs/execution_environment/tests/dts.rs index 818d9fe694d..5f230404890 100644 --- a/rs/execution_environment/tests/dts.rs +++ b/rs/execution_environment/tests/dts.rs @@ -1158,7 +1158,7 @@ fn dts_aborted_execution_does_not_block_subnet_messages() { | Method::SchnorrPublicKey | Method::SignWithSchnorr | Method::VetKdPublicKey - | Method::VetKdEncryptedKey + | Method::VetKdDeriveEncryptedKey | Method::BitcoinGetBalance | Method::BitcoinGetUtxos | Method::BitcoinGetBlockHeaders diff --git a/rs/system_api/src/routing.rs b/rs/system_api/src/routing.rs index b75f58885cb..a17a4235bb1 100644 --- a/rs/system_api/src/routing.rs +++ b/rs/system_api/src/routing.rs @@ -13,7 +13,7 @@ use ic_management_canister_types::{ Payload, ProvisionalTopUpCanisterArgs, ReshareChainKeyArgs, SchnorrPublicKeyArgs, SignWithECDSAArgs, SignWithSchnorrArgs, StoredChunksArgs, SubnetInfoArgs, TakeCanisterSnapshotArgs, UninstallCodeArgs, UpdateSettingsArgs, UploadChunkArgs, - VetKdEncryptedKeyArgs, VetKdPublicKeyArgs, + VetKdDeriveEncryptedKeyArgs, VetKdPublicKeyArgs, }; use ic_replicated_state::NetworkTopology; use itertools::Itertools; @@ -242,8 +242,8 @@ pub(super) fn resolve_destination( IDkgSubnetKind::OnlyHoldsKey, ) } - Ok(Ic00Method::VetKdEncryptedKey) => { - let args = VetKdEncryptedKeyArgs::decode(payload)?; + Ok(Ic00Method::VetKdDeriveEncryptedKey) => { + let args = VetKdDeriveEncryptedKeyArgs::decode(payload)?; route_idkg_message( &MasterPublicKeyId::VetKd(args.key_id), network_topology, diff --git a/rs/system_api/src/sandbox_safe_system_state.rs b/rs/system_api/src/sandbox_safe_system_state.rs index 2f29fe8dec6..32c169d4732 100644 --- a/rs/system_api/src/sandbox_safe_system_state.rs +++ b/rs/system_api/src/sandbox_safe_system_state.rs @@ -253,7 +253,7 @@ impl SystemStateChanges { | Ok(Ic00Method::SchnorrPublicKey) | Ok(Ic00Method::SignWithSchnorr) | Ok(Ic00Method::VetKdPublicKey) - | Ok(Ic00Method::VetKdEncryptedKey) + | Ok(Ic00Method::VetKdDeriveEncryptedKey) | Ok(Ic00Method::ProvisionalTopUpCanister) | Ok(Ic00Method::BitcoinSendTransactionInternal) | Ok(Ic00Method::BitcoinGetSuccessors) diff --git a/rs/types/management_canister_types/src/lib.rs b/rs/types/management_canister_types/src/lib.rs index ed15647f676..63a06d95bc2 100644 --- a/rs/types/management_canister_types/src/lib.rs +++ b/rs/types/management_canister_types/src/lib.rs @@ -90,8 +90,10 @@ pub enum Method { SignWithSchnorr, // VetKd interface. + #[strum(serialize = "vetkd_public_key")] VetKdPublicKey, - VetKdEncryptedKey, + #[strum(serialize = "vetkd_derive_encrypted_key")] + VetKdDeriveEncryptedKey, // Bitcoin Interface. BitcoinGetBalance, @@ -2802,18 +2804,18 @@ impl ComputeInitialIDkgDealingsResponse { } } -// Represents the argument of the vet_kd_encrypted_key API. +// Represents the argument of the vetkd_derive_encrypted_key API. /// ```text /// (record { -/// public_key_derivation_path : vec blob; /// derivation_id: blob; -/// key_id : vet_kd_key_id; +/// derivation_path : vec blob; +/// key_id : record { curve : vetkd_curve; name : text }; /// encryption_public_key: blob; /// }) /// ``` #[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] -pub struct VetKdEncryptedKeyArgs { - pub public_key_derivation_path: DerivationPath, +pub struct VetKdDeriveEncryptedKeyArgs { + pub derivation_path: DerivationPath, #[serde(with = "serde_bytes")] pub derivation_id: Vec, pub key_id: VetKdKeyId, @@ -2821,23 +2823,28 @@ pub struct VetKdEncryptedKeyArgs { pub encryption_public_key: Vec, } -impl Payload<'_> for VetKdEncryptedKeyArgs {} +impl Payload<'_> for VetKdDeriveEncryptedKeyArgs {} /// Struct used to return vet KD result. +/// ```text +/// (record { +/// encrypted_key : blob; +/// }) +/// ``` #[derive(Debug, CandidType, Deserialize)] -pub struct VetKdEncryptedKeyResult { +pub struct VetKdDeriveEncryptedKeyResult { #[serde(with = "serde_bytes")] pub encrypted_key: Vec, } -impl Payload<'_> for VetKdEncryptedKeyResult {} +impl Payload<'_> for VetKdDeriveEncryptedKeyResult {} -/// Represents the argument of the vet_kd_public_key API. +/// Represents the argument of the vetkd_public_key API. /// ```text /// (record { /// canister_id : opt canister_id; /// derivation_path : vec blob; -/// key_id : vet_kd_key_id; +/// key_id : record { curve : vetkd_curve; name : text }; /// }) /// ``` #[derive(Eq, PartialEq, Debug, CandidType, Deserialize)] @@ -2849,7 +2856,7 @@ pub struct VetKdPublicKeyArgs { impl Payload<'_> for VetKdPublicKeyArgs {} -/// Represents the response of the vet_kd_public_key API. +/// Represents the response of the vetkd_public_key API. /// ```text /// (record { /// public_key : blob; diff --git a/rs/types/types/src/messages/ingress_messages.rs b/rs/types/types/src/messages/ingress_messages.rs index a497f3052fe..212bb2d285b 100644 --- a/rs/types/types/src/messages/ingress_messages.rs +++ b/rs/types/types/src/messages/ingress_messages.rs @@ -564,7 +564,7 @@ pub fn extract_effective_canister_id( | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) | Ok(Method::VetKdPublicKey) - | Ok(Method::VetKdEncryptedKey) + | Ok(Method::VetKdDeriveEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders) diff --git a/rs/types/types/src/messages/inter_canister.rs b/rs/types/types/src/messages/inter_canister.rs index 781d31fe53d..f4ac78cc6ab 100644 --- a/rs/types/types/src/messages/inter_canister.rs +++ b/rs/types/types/src/messages/inter_canister.rs @@ -215,7 +215,7 @@ impl Request { | Ok(Method::SchnorrPublicKey) | Ok(Method::SignWithSchnorr) | Ok(Method::VetKdPublicKey) - | Ok(Method::VetKdEncryptedKey) + | Ok(Method::VetKdDeriveEncryptedKey) | Ok(Method::BitcoinGetBalance) | Ok(Method::BitcoinGetUtxos) | Ok(Method::BitcoinGetBlockHeaders)