diff --git a/dkg/frost/instance.go b/dkg/frost/instance.go index aa9d325e0..a7069eefe 100644 --- a/dkg/frost/instance.go +++ b/dkg/frost/instance.go @@ -9,8 +9,6 @@ import ( "github.com/coinbase/kryptology/pkg/core/curves" "github.com/coinbase/kryptology/pkg/dkg/frost" ecies "github.com/ecies/go/v2" - ethcommon "github.com/ethereum/go-ethereum/common" - "github.com/ethereum/go-ethereum/crypto" "github.com/pkg/errors" ) @@ -211,13 +209,7 @@ func (fr *Instance) validateSignedMessage(msg *dkg.SignedMessage) error { return errors.Wrap(err, "failed to get root") } - pk, err := crypto.Ecrecover(root, msg.Signature) - if err != nil { - return errors.Wrap(err, "unable to recover public key") - } - - addr := ethcommon.BytesToAddress(crypto.Keccak256(pk[1:])[12:]) - if addr != operator.ETHAddress { + if !types.Verify(operator.EncryptionPubKey, root, msg.Signature) { return errors.New("invalid signature") } return nil diff --git a/dkg/frost/messages.go b/dkg/frost/messages.go index 532eb1758..5830209de 100644 --- a/dkg/frost/messages.go +++ b/dkg/frost/messages.go @@ -2,6 +2,7 @@ package frost import ( "encoding/json" + "fmt" "github.com/bloxapp/ssv-spec/dkg" "github.com/bloxapp/ssv-spec/dkg/common" @@ -91,8 +92,11 @@ func (msg *ProtocolMsg) ToSignedMessage(id dkg.RequestID, operatorID types.Opera if !exist { return nil, errors.Errorf("operator with id %d not found", operatorID) } + if operator.EncryptionPrivateKey == nil { + return nil, fmt.Errorf("failed to retrieve operator's private key for signature: %w", err) + } - sig, err := signer.SignDKGOutput(bcastMessage, operator.ETHAddress) + sig, err := signer.SignDKGOutput(bcastMessage, operator.EncryptionPrivateKey) if err != nil { return nil, err } diff --git a/dkg/frost/testing_utils.go b/dkg/frost/testing_utils.go index 6910154a5..857081de5 100644 --- a/dkg/frost/testing_utils.go +++ b/dkg/frost/testing_utils.go @@ -11,7 +11,7 @@ import ( ) func testSignedMessage(round common.ProtocolRound, operatorID types.OperatorID) *dkg.SignedMessage { - sk := testingutils.TestingKeygenKeySet().DKGOperators[operatorID].SK + sk := testingutils.TestingKeygenKeySet().DKGOperators[operatorID].EncryptionKey msg := &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: dkg.NewRequestID(testingutils.TestingKeygenKeySet().DKGOperators[operatorID].ETHAddress, uint32(operatorID)), diff --git a/dkg/keysign/instance.go b/dkg/keysign/instance.go index 54c4d4595..8dcf6e9c0 100644 --- a/dkg/keysign/instance.go +++ b/dkg/keysign/instance.go @@ -6,8 +6,6 @@ import ( "github.com/bloxapp/ssv-spec/dkg" "github.com/bloxapp/ssv-spec/dkg/common" "github.com/bloxapp/ssv-spec/types" - ethcommon "github.com/ethereum/go-ethereum/common" - "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" "github.com/pkg/errors" ) @@ -107,7 +105,7 @@ func (instance *Instance) ProcessMsg(msg *dkg.SignedMessage) (finished bool, pro _, err = instance.state.msgContainer.SaveMsg(protocolMessage.Round, msg) if err != nil { - return true, nil, err // message already exists or err with saving msg + return false, nil, err // message already exists or err with saving msg } switch protocolMessage.Round { @@ -116,7 +114,7 @@ func (instance *Instance) ProcessMsg(msg *dkg.SignedMessage) (finished bool, pro case common.Round1: return instance.processKeysignOutput() default: - return true, nil, dkg.ErrInvalidRound{} + return false, nil, dkg.ErrInvalidRound{} } } @@ -148,13 +146,7 @@ func (instance *Instance) validateSignedMessage(msg *dkg.SignedMessage) error { return errors.Wrap(err, "failed to get root") } - pk, err := crypto.Ecrecover(root, msg.Signature) - if err != nil { - return errors.Wrap(err, "unable to recover public key") - } - - addr := ethcommon.BytesToAddress(crypto.Keccak256(pk[1:])[12:]) - if addr != operator.ETHAddress { + if !types.Verify(operator.EncryptionPubKey, root, msg.Signature) { return errors.New("invalid signature") } return nil diff --git a/dkg/keysign/messages.go b/dkg/keysign/messages.go index af6e2f859..f48a2e586 100644 --- a/dkg/keysign/messages.go +++ b/dkg/keysign/messages.go @@ -2,6 +2,7 @@ package keysign import ( "encoding/json" + "fmt" "github.com/bloxapp/ssv-spec/dkg" "github.com/bloxapp/ssv-spec/dkg/common" @@ -74,10 +75,13 @@ func (msg *ProtocolMsg) ToSignedMessage(id dkg.RequestID, operatorID types.Opera return nil, err } if !exist { - return nil, errors.Errorf("operator with id %d not found", operatorID) + return nil, fmt.Errorf("operator with id %d not found", operatorID) + } + if operator.EncryptionPrivateKey == nil { + return nil, fmt.Errorf("failed to retrieve operator's private key for signature: %w", err) } - sig, err := signer.SignDKGOutput(bcastMessage, operator.ETHAddress) + sig, err := signer.SignDKGOutput(bcastMessage, operator.EncryptionPrivateKey) if err != nil { return nil, err } diff --git a/dkg/node.go b/dkg/node.go index 97013a55f..b6fe49376 100644 --- a/dkg/node.go +++ b/dkg/node.go @@ -158,14 +158,6 @@ func (n *Node) ProcessMessage(msg *types.SSVMessage) error { } } -func (n *Node) validateSignedMessage(message *SignedMessage) error { - if err := message.Validate(); err != nil { - return errors.Wrap(err, "message invalid") - } - - return nil -} - func (n *Node) startNewDKGMsg(message *SignedMessage) error { initMsg, err := n.validateInitMsg(message) if err != nil { @@ -218,11 +210,6 @@ func (n *Node) startKeySign(message *SignedMessage) error { } func (n *Node) validateInitMsg(message *SignedMessage) (*Init, error) { - // validate identifier.GetEthAddress is the signer for message - if err := message.Signature.ECRecover(message, n.config.SignatureDomainType, types.DKGSignatureType, message.Message.Identifier.GetETHAddress()); err != nil { - return nil, errors.Wrap(err, "signed message invalid") - } - initMsg := &Init{} if err := initMsg.Decode(message.Message.Data); err != nil { return nil, errors.Wrap(err, "could not get dkg init Message from signed Messages") @@ -236,16 +223,10 @@ func (n *Node) validateInitMsg(message *SignedMessage) (*Init, error) { if n.runners.RunnerForID(message.Message.Identifier) != nil { return nil, errors.New("dkg started already") } - return initMsg, nil } func (n *Node) validateReshareMsg(message *SignedMessage) (*Reshare, error) { - // validate identifier.GetEthAddress is the signer for message - if err := message.Signature.ECRecover(message, n.config.SignatureDomainType, types.DKGSignatureType, message.Message.Identifier.GetETHAddress()); err != nil { - return nil, errors.Wrap(err, "signed message invalid") - } - reshareMsg := &Reshare{} if err := reshareMsg.Decode(message.Message.Data); err != nil { return nil, errors.Wrap(err, "could not get reshare Message from signed Messages") @@ -259,16 +240,10 @@ func (n *Node) validateReshareMsg(message *SignedMessage) (*Reshare, error) { if n.runners.RunnerForID(message.Message.Identifier) != nil { return nil, errors.New("dkg started already") } - return reshareMsg, nil } func (n *Node) validateKeySignMsg(message *SignedMessage) (*KeySign, error) { - // validate identifier.GetEthAddress is the signer for message - if err := message.Signature.ECRecover(message, n.config.SignatureDomainType, types.DKGSignatureType, message.Message.Identifier.GetETHAddress()); err != nil { - return nil, errors.Wrap(err, "signed message invalid") - } - keySign := &KeySign{} if err := keySign.Decode(message.Message.Data); err != nil { return nil, errors.Wrap(err, "could not get validator exit msg params from signed message") @@ -282,46 +257,47 @@ func (n *Node) validateKeySignMsg(message *SignedMessage) (*KeySign, error) { if n.runners.RunnerForID(message.Message.Identifier) != nil { return nil, errors.New("signature protocol started already") } - return keySign, nil } func (n *Node) processDKGMsg(message *SignedMessage) error { + if !n.runners.Exists(message.Message.Identifier) { return errors.New("could not find dkg runner") } - - if err := n.validateDKGMsg(message); err != nil { - return errors.Wrap(err, "dkg msg not valid") - } - r := n.runners.RunnerForID(message.Message.Identifier) + finished, err := r.ProcessMsg(message) if err != nil { return errors.Wrap(err, "could not process dkg message") } + if finished { n.runners.DeleteRunner(message.Message.Identifier) } - return nil } -func (n *Node) validateDKGMsg(message *SignedMessage) error { - - // find signing operator and verify sig - found, signingOperator, err := n.config.Storage.GetDKGOperator(message.Signer) +func (n *Node) validateSignedMessage(message *SignedMessage) error { + found, operator, err := n.config.Storage.GetDKGOperator(message.Signer) if err != nil { - return errors.Wrap(err, "can't fetch operator") + return fmt.Errorf("failed to retrieve operator info for signer %d: %w", message.Signer, err) } if !found { - return errors.New("can't find operator") + return fmt.Errorf("operator %d not found", message.Signer) } - if err := message.Signature.ECRecover(message, n.config.SignatureDomainType, types.DKGSignatureType, signingOperator.ETHAddress); err != nil { + + root, _ := types.ComputeSigningRoot(&SignedMessage{ + Message: message.Message, + Signer: message.Signer, + }, types.ComputeSignatureDomain(n.config.SignatureDomainType, types.DKGSignatureType)) + + isValid := types.Verify(operator.EncryptionPubKey, root, message.Signature) + if !isValid { return errors.Wrap(err, "signed message invalid") } - return nil + return message.Message.Validate() } func (n *Node) GetConfig() *Config { diff --git a/dkg/protocol.go b/dkg/protocol.go index a435f7a3c..41fcb6ef0 100644 --- a/dkg/protocol.go +++ b/dkg/protocol.go @@ -5,7 +5,6 @@ import ( "github.com/ethereum/go-ethereum/accounts/abi" "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" - "github.com/pkg/errors" ) type ProtocolOutcome struct { @@ -14,14 +13,26 @@ type ProtocolOutcome struct { BlameOutput *BlameOutput } -func (o *ProtocolOutcome) IsFailedWithBlame() (bool, error) { - if o.ProtocolOutput == nil && o.BlameOutput == nil { - return false, errors.New("invalid outcome - missing KeyGenOutput and BlameOutput") - } - if o.ProtocolOutput != nil && o.BlameOutput != nil { - return false, errors.New("invalid outcome - has both KeyGenOutput and BlameOutput") - } - return o.BlameOutput != nil, nil +func (o *ProtocolOutcome) IsFinishedWithKeygen() bool { + return o.ProtocolOutput != nil +} + +func (o *ProtocolOutcome) IsFinishedWithKeySign() bool { + return o.KeySignOutput != nil +} + +func (o *ProtocolOutcome) IsFailedWithBlame() bool { + return o.BlameOutput != nil +} + +func (o *ProtocolOutcome) isValid() bool { + a := o.ProtocolOutput + b := o.KeySignOutput + c := o.BlameOutput + hasA := a != nil && b == nil && c == nil + hasB := a == nil && b != nil && c == nil + hasC := a == nil && b == nil && c != nil + return hasA || hasB || hasC } // KeyGenOutput is the bare minimum output from the protocol diff --git a/dkg/runner.go b/dkg/runner.go index ff2bb89fe..6b15fbe3e 100644 --- a/dkg/runner.go +++ b/dkg/runner.go @@ -2,10 +2,9 @@ package dkg import ( "bytes" + "fmt" "github.com/bloxapp/ssv-spec/types" - "github.com/ethereum/go-ethereum/common" - "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" "github.com/pkg/errors" ) @@ -41,108 +40,203 @@ type runner struct { // ProcessMsg processes a DKG signed message and returns true and stream keygen output or blame if finished func (r *runner) ProcessMsg(msg *SignedMessage) (bool, error) { // TODO - validate message + m := map[MsgType]func(*SignedMessage) (bool, error){ + ProtocolMsgType: r.processProtocolMsg, + DepositDataMsgType: r.processDepositDataMsg, + OutputMsgType: r.processOutputMsg, + } + f, ok := m[msg.Message.MsgType] + if !ok { + return false, fmt.Errorf("msg type invalid") + } + return f(msg) +} - switch msg.Message.MsgType { - case ProtocolMsgType: - if r.DepositDataSignatures[r.Operator.OperatorID] != nil { - return false, errors.New("keygen has already completed") - } +func (r *runner) processProtocolMsg(msg *SignedMessage) (bool, error) { - finished, o, err := r.protocol.ProcessMsg(msg) - if err != nil { - return false, errors.Wrap(err, "failed to process dkg msg") - } + if r.KeygenOutcome != nil && r.KeygenOutcome.isValid() { + return false, nil + } - if finished { - r.KeygenOutcome = o - } + finished, o, err := r.protocol.ProcessMsg(msg) + if err != nil { + return false, fmt.Errorf("failed to process dkg msg: %w", err) + } + if !finished { + return false, nil + } + if !o.isValid() { + fmt.Printf("o=%+v\n", o) + return false, fmt.Errorf("protcol outcome is invalid") + } - if finished && o.KeySignOutput != nil { - if err := r.prepareAndBroadcastOutput(); err != nil { - return false, err - } - } + r.KeygenOutcome = o - if finished && o.KeySignOutput == nil { - isBlame, err := r.KeygenOutcome.IsFailedWithBlame() - if err != nil { - return true, errors.Wrap(err, "invalid KeygenOutcome") - } - if isBlame { - err := r.config.Network.StreamDKGBlame(r.KeygenOutcome.BlameOutput) - return true, errors.Wrap(err, "failed to stream blame output") - } - if r.KeygenOutcome.ProtocolOutput == nil { - return true, errors.Wrap(err, "protocol finished without blame or keygen result") - } + if r.KeygenOutcome.IsFinishedWithKeygen() { + if err := r.config.Storage.SaveKeyGenOutput(o.ProtocolOutput); err != nil { + return false, err + } - if err := r.config.Storage.SaveKeyGenOutput(o.ProtocolOutput); err != nil { + if r.isResharing() { + if err := r.prepareAndBroadcastKeyGenOutput(); err != nil { return false, err } - - if r.isResharing() { - if err := r.prepareAndBroadcastOutput(); err != nil { - return false, err - } - } else { - if err := r.prepareAndBroadcastDepositData(); err != nil { - return false, err - } + } else { + if err := r.prepareAndBroadcastDepositData(); err != nil { + return false, err } } - return false, nil - case DepositDataMsgType: - depSig := &PartialDepositData{} - if err := depSig.Decode(msg.Message.Data); err != nil { - return false, errors.Wrap(err, "could not decode PartialDepositData") - } + } - if err := r.validateDepositDataSig(depSig); err != nil { - return false, errors.Wrap(err, "PartialDepositData invalid") + if r.KeygenOutcome.IsFinishedWithKeySign() { + if err := r.prepareAndBroadcastKeySignOutput(); err != nil { + return false, err } + } - if found := r.DepositDataSignatures[msg.Signer]; found == nil { - r.DepositDataSignatures[msg.Signer] = depSig - } else if !bytes.Equal(found.Signature, msg.Signature) { - return false, errors.New("inconsistent partial signature received") + if r.KeygenOutcome.IsFailedWithBlame() { + if err := r.config.Network.StreamDKGBlame(r.KeygenOutcome.BlameOutput); err != nil { + return true, errors.Wrap(err, "failed to stream blame output") //TODO: revisit this logic } + } - if len(r.DepositDataSignatures) == int(r.InitMsg.Threshold) { - if err := r.prepareAndBroadcastOutput(); err != nil { - return false, err - } - } - return false, nil - case OutputMsgType: - output := &SignedOutput{} - if err := output.Decode(msg.Message.Data); err != nil { - return false, errors.Wrap(err, "could not decode SignedOutput") - } + return false, nil +} - if err := r.validateSignedOutput(output); err != nil { - return false, errors.Wrap(err, "signed output invali") - } +func (r *runner) processDepositDataMsg(msg *SignedMessage) (bool, error) { - r.OutputMsgs[msg.Signer] = output - // GLNOTE: Actually we need every operator to sign instead only the quorum! - finished := false - if r.isKeySign() { - finished = len(r.OutputMsgs) == len(r.KeySign.Operators) - } else if !r.isResharing() { - finished = len(r.OutputMsgs) == len(r.InitMsg.OperatorIDs) - } else { - finished = len(r.OutputMsgs) == len(r.ReshareMsg.OperatorIDs) - } + depSig := &PartialDepositData{} + if err := depSig.Decode(msg.Message.Data); err != nil { + return false, errors.Wrap(err, "could not decode PartialDepositData") + } - if finished { - err := r.config.Network.StreamDKGOutput(r.OutputMsgs) - return true, errors.Wrap(err, "failed to stream dkg output") + if err := r.validateDepositDataSig(depSig); err != nil { + return false, errors.Wrap(err, "PartialDepositData invalid") + } + + if found := r.DepositDataSignatures[msg.Signer]; found == nil { + r.DepositDataSignatures[msg.Signer] = depSig + } else if !bytes.Equal(found.Signature, msg.Signature) { + return false, errors.New("inconsistent partial signature received") + } + + if len(r.DepositDataSignatures) == int(r.InitMsg.Threshold) { + if err := r.prepareAndBroadcastKeyGenOutput(); err != nil { + return false, err } + } + return false, nil +} - return false, nil - default: - return false, errors.New("msg type invalid") +func (r *runner) processOutputMsg(msg *SignedMessage) (bool, error) { + output := &SignedOutput{} + if err := output.Decode(msg.Message.Data); err != nil { + return false, errors.Wrap(err, "could not decode SignedOutput") + } + + if err := r.validateSignedOutput(output); err != nil { + return false, errors.Wrap(err, "signed output invalid") + } + + r.OutputMsgs[msg.Signer] = output + + // GLNOTE: Actually we need every operator to sign instead only the quorum! + finished := false + if r.isKeySign() { + finished = len(r.OutputMsgs) == len(r.KeySign.Operators) + } else if !r.isResharing() { + finished = len(r.OutputMsgs) == len(r.InitMsg.OperatorIDs) + } else { + finished = len(r.OutputMsgs) == len(r.ReshareMsg.OperatorIDs) + } + + if finished { + err := r.config.Network.StreamDKGOutput(r.OutputMsgs) + return true, errors.Wrap(err, "failed to stream dkg output") } + + return false, nil +} + +func (r *runner) validateDepositDataSig(msg *PartialDepositData) error { + + if r.KeygenOutcome == nil || + r.KeygenOutcome.ProtocolOutput == nil || + r.KeygenOutcome.ProtocolOutput.OperatorPubKeys == nil { + + return errors.New("missing keygen outcome or operator public keys") + } + + // find operator and verify msg + sharePK, found := r.KeygenOutcome.ProtocolOutput.OperatorPubKeys[msg.Signer] + if !found { + return errors.New("signer not part of committee") + } + sig := &bls.Sign{} + if err := sig.Deserialize(msg.Signature); err != nil { + return errors.Wrap(err, "could not deserialize partial sig") + } + if !sig.VerifyByte(sharePK, r.DepositDataRoot) { + return errors.New("partial deposit data sig invalid") + } + + return nil +} + +func (r *runner) validateSignedOutput(msg *SignedOutput) error { + // TODO: Separate fields match and signature validation + // output := r.ownOutput() + // if output == nil { + // return fmt.Errorf("own output not found") + // } + + // if output.Data != nil { + // if output.Data.RequestID != msg.Data.RequestID { + // return errors.New("got mismatching RequestID") + // } + // if !bytes.Equal(output.Data.ValidatorPubKey, msg.Data.ValidatorPubKey) { + // return errors.New("got mismatching ValidatorPubKey") + // } + // } else if output.BlameData != nil { + // if output.BlameData.RequestID != msg.BlameData.RequestID { + // return errors.New("got mismatching RequestID") + // } + // } else { + // if output.KeySignData.RequestID != msg.KeySignData.RequestID { + // return errors.New("got mismatching RequestID") + // } + // } + + found, operator, err := r.config.Storage.GetDKGOperator(msg.Signer) + if !found { + return errors.New("unable to find signer") + } + if err != nil { + return errors.Wrap(err, "unable to find signer") + } + + var ( + data types.Root + ) + + if msg.Data != nil { + data = msg.Data + } else if msg.BlameData != nil { + data = msg.BlameData + } else { + data = msg.KeySignData + } + + root, err := types.ComputeSigningRoot(data, types.ComputeSignatureDomain(r.config.SignatureDomainType, types.DKGSignatureType)) + if err != nil { + return errors.Wrap(err, "fail to get root") + } + + isValid := types.Verify(operator.EncryptionPubKey, root, msg.Signature) + if !isValid { + return errors.New("invalid signature") + } + return nil } func (r *runner) prepareAndBroadcastDepositData() error { @@ -177,7 +271,7 @@ func (r *runner) prepareAndBroadcastDepositData() error { func (r *runner) prepareAndBroadcastKeySignOutput() error { o := r.KeygenOutcome.KeySignOutput - sig, err := r.config.Signer.SignDKGOutput(o, r.Operator.ETHAddress) + sig, err := r.config.Signer.SignDKGOutput(o, r.Operator.EncryptionPrivateKey) if err != nil { return errors.Wrap(err, "could not sign output") } @@ -197,11 +291,7 @@ func (r *runner) prepareAndBroadcastKeySignOutput() error { return nil } -func (r *runner) prepareAndBroadcastOutput() error { - if r.KeygenOutcome.KeySignOutput != nil { - return r.prepareAndBroadcastKeySignOutput() - } - +func (r *runner) prepareAndBroadcastKeyGenOutput() error { var ( depositSig types.Signature err error @@ -237,6 +327,8 @@ func (r *runner) prepareAndBroadcastOutput() error { } r.OutputMsgs[r.Operator.OperatorID] = ret + fmt.Println(r.Operator.OperatorID, "own output set") + if err := r.signAndBroadcastMsg(ret, OutputMsgType); err != nil { return errors.Wrap(err, "could not broadcast SignedOutput") } @@ -258,7 +350,7 @@ func (r *runner) signAndBroadcastMsg(msg types.Encoder, msgType MsgType) error { Signature: nil, } // GLNOTE: Should we use SignDKGOutput? - sig, err := r.config.Signer.SignDKGOutput(signedMessage, r.Operator.ETHAddress) + sig, err := r.config.Signer.SignDKGOutput(signedMessage, r.Operator.EncryptionPrivateKey) if err != nil { return errors.Wrap(err, "failed to sign message") } @@ -272,8 +364,8 @@ func (r *runner) signAndBroadcastMsg(msg types.Encoder, msgType MsgType) error { func (r *runner) reconstructDepositDataSignature() (types.Signature, error) { sigBytes := map[types.OperatorID][]byte{} for id, d := range r.DepositDataSignatures { - if err := r.validateDepositDataRoot(d); err != nil { - return nil, errors.Wrap(err, "PartialDepositData invalid") + if !bytes.Equal(r.DepositDataRoot, d.Root) { + return nil, errors.New("PartialDepositData invalid: deposit data root mismatch") } sigBytes[id] = d.Signature } @@ -285,99 +377,8 @@ func (r *runner) reconstructDepositDataSignature() (types.Signature, error) { return sig.Serialize(), nil } -func (r *runner) validateSignedOutput(msg *SignedOutput) error { - // TODO: Separate fields match and signature validation - output := r.ownOutput() - if output != nil { - if output.Data != nil { - if output.Data.RequestID != msg.Data.RequestID { - return errors.New("got mismatching RequestID") - } - if !bytes.Equal(output.Data.ValidatorPubKey, msg.Data.ValidatorPubKey) { - return errors.New("got mismatching ValidatorPubKey") - } - } else if output.BlameData != nil { - if output.BlameData.RequestID != msg.BlameData.RequestID { - return errors.New("got mismatching RequestID") - } - } else { - if output.KeySignData.RequestID != msg.KeySignData.RequestID { - return errors.New("got mismatching RequestID") - } - } - } - - found, operator, err := r.config.Storage.GetDKGOperator(msg.Signer) - if !found { - return errors.New("unable to find signer") - } - if err != nil { - return errors.Wrap(err, "unable to find signer") - } - - var ( - root []byte - data types.Root - ) - - if msg.Data != nil { - data = msg.Data - } else if msg.BlameData != nil { - data = msg.BlameData - } else { - data = msg.KeySignData - } - - root, err = types.ComputeSigningRoot(data, types.ComputeSignatureDomain(r.config.SignatureDomainType, types.DKGSignatureType)) - if err != nil { - return errors.Wrap(err, "fail to get root") - } - - pk, err := crypto.Ecrecover(root, msg.Signature) - if err != nil { - return errors.New("unable to recover public key") - } - addr := common.BytesToAddress(crypto.Keccak256(pk[1:])[12:]) - if addr != operator.ETHAddress { - return errors.New("invalid signature") - } - return nil -} - -func (r *runner) validateDepositDataRoot(msg *PartialDepositData) error { - if !bytes.Equal(r.DepositDataRoot, msg.Root) { - return errors.New("deposit data roots not equal") - } - return nil -} - -func (r *runner) validateDepositDataSig(msg *PartialDepositData) error { - - if r.KeygenOutcome == nil || - r.KeygenOutcome.ProtocolOutput == nil || - r.KeygenOutcome.ProtocolOutput.OperatorPubKeys == nil { - - return errors.New("missing keygen outcome or operator public keys") - } - - // find operator and verify msg - sharePK, found := r.KeygenOutcome.ProtocolOutput.OperatorPubKeys[msg.Signer] - if !found { - return errors.New("signer not part of committee") - } - sig := &bls.Sign{} - if err := sig.Deserialize(msg.Signature); err != nil { - return errors.Wrap(err, "could not deserialize partial sig") - } - if !sig.VerifyByte(sharePK, r.DepositDataRoot) { - return errors.New("partial deposit data sig invalid") - } - - return nil -} - func (r *runner) generateSignedOutput(o *Output) (*SignedOutput, error) { - sig, err := r.config.Signer.SignDKGOutput(o, r.Operator.ETHAddress) + sig, err := r.config.Signer.SignDKGOutput(o, r.Operator.EncryptionPrivateKey) if err != nil { return nil, errors.Wrap(err, "could not sign output") } @@ -389,10 +390,6 @@ func (r *runner) generateSignedOutput(o *Output) (*SignedOutput, error) { }, nil } -func (r *runner) ownOutput() *SignedOutput { - return r.OutputMsgs[r.Operator.OperatorID] -} - func (r *runner) isResharing() bool { return r.ReshareMsg != nil } diff --git a/dkg/spectest/all_tests.go b/dkg/spectest/all_tests.go index 07ce82efe..c456e68cd 100644 --- a/dkg/spectest/all_tests.go +++ b/dkg/spectest/all_tests.go @@ -3,7 +3,11 @@ package spectest import ( "testing" + "github.com/bloxapp/ssv-spec/dkg/spectest/tests/frost/blame" + "github.com/bloxapp/ssv-spec/dkg/spectest/tests/frost/keygen" "github.com/bloxapp/ssv-spec/dkg/spectest/tests/frost/keysign" + "github.com/bloxapp/ssv-spec/dkg/spectest/tests/frost/resharing" + "github.com/bloxapp/ssv-spec/dkg/spectest/tests/frost/timeout" ) type SpecTest interface { @@ -15,17 +19,17 @@ var AllTests = []SpecTest{ // tests.HappyFlow(), // tests.ResharingHappyFlow(), - // keygen.HappyFlow(), - // resharing.HappyFlow(), - // blame.BlameTypeInvalidCommitment_HappyFlow(), - // blame.BlameTypeInvalidScalar_HappyFlow(), - // blame.BlameTypeInconsistentMessage_HappyFlow(), - // blame.BlameTypeInvalidShare_HappyFlow(), - // blame.BlameTypeInvalidShare_FailedDecrypt_HappyFlow(), + keygen.HappyFlow(), + resharing.HappyFlow(), + blame.BlameTypeInvalidCommitment_HappyFlow(), + blame.BlameTypeInvalidScalar_HappyFlow(), + blame.BlameTypeInconsistentMessage_HappyFlow(), + blame.BlameTypeInvalidShare_HappyFlow(), + blame.BlameTypeInvalidShare_FailedDecrypt_HappyFlow(), - // timeout.Timeout_Preparation(), - // timeout.Timeout_Round1(), - // timeout.Timeout_Round2(), + timeout.Timeout_Preparation(), + timeout.Timeout_Round1(), + timeout.Timeout_Round2(), keysign.HappyFlow(), } diff --git a/dkg/spectest/tests/frost/blame/inconsistent_message__happy_flow.go b/dkg/spectest/tests/frost/blame/inconsistent_message__happy_flow.go index d39e20213..46f3a1a40 100644 --- a/dkg/spectest/tests/frost/blame/inconsistent_message__happy_flow.go +++ b/dkg/spectest/tests/frost/blame/inconsistent_message__happy_flow.go @@ -24,9 +24,10 @@ func BlameTypeInconsistentMessage_HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,58 +43,58 @@ func BlameTypeInconsistentMessage_HappyFlow() *tests.MsgProcessingSpecTest { Name: "blame/inconsistent message/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInconsistentMessage(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.BlameMessageBytes(2, frost.InconsistentMessage, []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInconsistentMessage(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), diff --git a/dkg/spectest/tests/frost/blame/invalid_commitment__happy_flow.go b/dkg/spectest/tests/frost/blame/invalid_commitment__happy_flow.go index 2828c3c17..d8147f870 100644 --- a/dkg/spectest/tests/frost/blame/invalid_commitment__happy_flow.go +++ b/dkg/spectest/tests/frost/blame/invalid_commitment__happy_flow.go @@ -24,9 +24,10 @@ func BlameTypeInvalidCommitment_HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,48 +43,48 @@ func BlameTypeInvalidCommitment_HappyFlow() *tests.MsgProcessingSpecTest { Name: "blame/invalid commitment/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidCommitment(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.BlameMessageBytes(2, frost.InvalidMessage, []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidCommitment(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), diff --git a/dkg/spectest/tests/frost/blame/invalid_scalar__happy_flow.go b/dkg/spectest/tests/frost/blame/invalid_scalar__happy_flow.go index 6743c805a..2469a037b 100644 --- a/dkg/spectest/tests/frost/blame/invalid_scalar__happy_flow.go +++ b/dkg/spectest/tests/frost/blame/invalid_scalar__happy_flow.go @@ -24,9 +24,10 @@ func BlameTypeInvalidScalar_HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,48 +43,48 @@ func BlameTypeInvalidScalar_HappyFlow() *tests.MsgProcessingSpecTest { Name: "blame/invalid scalar/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidScalar(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.BlameMessageBytes(2, frost.InvalidMessage, []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidScalar(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), diff --git a/dkg/spectest/tests/frost/blame/invalid_share__happy_flow.go b/dkg/spectest/tests/frost/blame/invalid_share__happy_flow.go index 277f94951..0715bfde2 100644 --- a/dkg/spectest/tests/frost/blame/invalid_share__happy_flow.go +++ b/dkg/spectest/tests/frost/blame/invalid_share__happy_flow.go @@ -24,9 +24,10 @@ func BlameTypeInvalidShare_HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,58 +43,58 @@ func BlameTypeInvalidShare_HappyFlow() *tests.MsgProcessingSpecTest { Name: "blame/invalid share/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidShare(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(4, testingutils.KeygenMsgStore), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.BlameMessageBytes(2, frost.InvalidShare, []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidShare(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), diff --git a/dkg/spectest/tests/frost/blame/invalid_share_failed_decrypt__happy_flow.go b/dkg/spectest/tests/frost/blame/invalid_share_failed_decrypt__happy_flow.go index 5fe795d9f..a181b3302 100644 --- a/dkg/spectest/tests/frost/blame/invalid_share_failed_decrypt__happy_flow.go +++ b/dkg/spectest/tests/frost/blame/invalid_share_failed_decrypt__happy_flow.go @@ -24,9 +24,10 @@ func BlameTypeInvalidShare_FailedDecrypt_HappyFlow() *tests.MsgProcessingSpecTes testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,58 +43,58 @@ func BlameTypeInvalidShare_FailedDecrypt_HappyFlow() *tests.MsgProcessingSpecTes Name: "blame/invalid share/failed decrypt/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidShare_FailedDecrypt(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(4, testingutils.KeygenMsgStore), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.BlameMessageBytes(2, frost.InvalidShare, []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: makeInvalidForInvalidShare_FailedDecrypt(frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore)), diff --git a/dkg/spectest/tests/frost/keygen/heppy_flow.go b/dkg/spectest/tests/frost/keygen/heppy_flow.go index 36c7feb30..3655e6454 100644 --- a/dkg/spectest/tests/frost/keygen/heppy_flow.go +++ b/dkg/spectest/tests/frost/keygen/heppy_flow.go @@ -26,9 +26,10 @@ func HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -44,109 +45,109 @@ func HappyFlow() *tests.MsgProcessingSpecTest { Name: "keygen/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(2, root, ks.Shares[2]), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(3, root, ks.Shares[3]), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(4, root, ks.Shares[4]), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 2, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 3, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 4, root), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(1, root, ks.Shares[1]), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 1, root), diff --git a/dkg/spectest/tests/frost/keysign/happy_flow.go b/dkg/spectest/tests/frost/keysign/happy_flow.go index f6a708822..418fc585b 100644 --- a/dkg/spectest/tests/frost/keysign/happy_flow.go +++ b/dkg/spectest/tests/frost/keysign/happy_flow.go @@ -45,9 +45,10 @@ func HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -64,69 +65,69 @@ func HappyFlow() *tests.MsgProcessingSpecTest { Name: "keysign/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.KeySignMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_PreparationMessageBytes(2, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_PreparationMessageBytes(3, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_PreparationMessageBytes(4, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_Round1MessageBytes(2, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_Round1MessageBytes(3, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_Round1MessageBytes(4, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedKeySignOutputBytes(identifier, 2, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedKeySignOutputBytes(identifier, 3, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedKeySignOutputBytes(identifier, 4, signingRoot), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_PreparationMessageBytes(1, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: keysign.Testing_Round1MessageBytes(1, ks, signingRoot), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedKeySignOutputBytes(identifier, 1, signingRoot), diff --git a/dkg/spectest/tests/frost/resharing/happy_flow.go b/dkg/spectest/tests/frost/resharing/happy_flow.go index dba5ff0c6..daf066794 100644 --- a/dkg/spectest/tests/frost/resharing/happy_flow.go +++ b/dkg/spectest/tests/frost/resharing/happy_flow.go @@ -24,9 +24,10 @@ func HappyFlow() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 5, - ETHAddress: ks.DKGOperators[5].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[5].EncryptionKey.PublicKey, + OperatorID: 5, + ETHAddress: ks.DKGOperators[5].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[5].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -42,84 +43,84 @@ func HappyFlow() *tests.MsgProcessingSpecTest { Name: "resharing/happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[5].SK, 5, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[5].EncryptionKey, 5, &dkg.Message{ MsgType: dkg.ReshareMsgType, Identifier: identifier, Data: reshareBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[6].SK, 6, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[6].EncryptionKey, 6, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(6, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[7].SK, 7, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[7].EncryptionKey, 7, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(7, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[8].SK, 8, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[8].EncryptionKey, 8, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(8, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[6].SK, 6, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[6].EncryptionKey, 6, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(6, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[7].SK, 7, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[7].EncryptionKey, 7, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(7, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[8].SK, 8, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[8].EncryptionKey, 8, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(8, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[6].SK, 6, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[6].EncryptionKey, 6, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 6, nil), }), - testingutils.SignDKGMsg(ks.DKGOperators[7].SK, 7, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[7].EncryptionKey, 7, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 7, nil), }), - testingutils.SignDKGMsg(ks.DKGOperators[8].SK, 8, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[8].EncryptionKey, 8, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 8, nil), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[5].SK, 5, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[5].EncryptionKey, 5, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(5, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[5].SK, 5, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[5].EncryptionKey, 5, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(5, testingutils.ResharingMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[5].SK, 5, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[5].EncryptionKey, 5, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 5, nil), diff --git a/dkg/spectest/tests/frost/timeout/timeout_preparation.go b/dkg/spectest/tests/frost/timeout/timeout_preparation.go index a0ffd3961..b202439df 100644 --- a/dkg/spectest/tests/frost/timeout/timeout_preparation.go +++ b/dkg/spectest/tests/frost/timeout/timeout_preparation.go @@ -32,9 +32,10 @@ func Timeout_Preparation() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -50,34 +51,34 @@ func Timeout_Preparation() *tests.MsgProcessingSpecTest { Name: "timeout/preparation round", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_TimeoutMessageBytes(common.Preparation), diff --git a/dkg/spectest/tests/frost/timeout/timeout_round1.go b/dkg/spectest/tests/frost/timeout/timeout_round1.go index 39c2bfe06..5cf5c3e5c 100644 --- a/dkg/spectest/tests/frost/timeout/timeout_round1.go +++ b/dkg/spectest/tests/frost/timeout/timeout_round1.go @@ -26,9 +26,10 @@ func Timeout_Round1() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -44,54 +45,54 @@ func Timeout_Round1() *tests.MsgProcessingSpecTest { Name: "timeout/round-1", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(4, testingutils.KeygenMsgStore), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_TimeoutMessageBytes(common.Round1), diff --git a/dkg/spectest/tests/frost/timeout/timeout_round2.go b/dkg/spectest/tests/frost/timeout/timeout_round2.go index 80784e04f..b0f3c71cf 100644 --- a/dkg/spectest/tests/frost/timeout/timeout_round2.go +++ b/dkg/spectest/tests/frost/timeout/timeout_round2.go @@ -26,9 +26,10 @@ func Timeout_Round2() *tests.MsgProcessingSpecTest { testingNode := dkg.NewNode( &dkg.Operator{ - OperatorID: 1, - ETHAddress: ks.DKGOperators[1].ETHAddress, - EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: ks.DKGOperators[1].ETHAddress, + EncryptionPubKey: &ks.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: ks.DKGOperators[1].EncryptionKey, }, &dkg.Config{ KeygenProtocol: frost.New, @@ -44,74 +45,74 @@ func Timeout_Round2() *tests.MsgProcessingSpecTest { Name: "timeout/round-2", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(4, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(2, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(3, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(4, testingutils.KeygenMsgStore), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_PreparationMessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round1MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_Round2MessageBytes(1, testingutils.KeygenMsgStore), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: frost.Testing_TimeoutMessageBytes(common.Round2), diff --git a/dkg/spectest/tests/happy_flow.go b/dkg/spectest/tests/happy_flow.go index d70aaabe6..3f6a411ea 100644 --- a/dkg/spectest/tests/happy_flow.go +++ b/dkg/spectest/tests/happy_flow.go @@ -25,54 +25,54 @@ func HappyFlow() *MsgProcessingSpecTest { Name: "happy flow", TestingNode: testingNode, InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.InitMsgType, Identifier: identifier, Data: initBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: nil, // GLNOTE: Dummy message simulating the Protocol to complete }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(2, root, ks.Shares[2]), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(3, root, ks.Shares[3]), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(4, root, ks.Shares[4]), }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 2, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 3, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 4, root), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.DepositDataMsgType, Identifier: identifier, Data: testingutils.PartialDepositDataBytes(1, root, ks.Shares[1]), }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 1, root), diff --git a/dkg/spectest/tests/msg_process_spectest.go b/dkg/spectest/tests/msg_process_spectest.go index a8d483aa9..03ad9ffd7 100644 --- a/dkg/spectest/tests/msg_process_spectest.go +++ b/dkg/spectest/tests/msg_process_spectest.go @@ -49,6 +49,7 @@ func (test *MsgProcessingSpecTest) Run(t *testing.T) { }) if err != nil { + t.Logf("node failed to process msg at idx %d with err: %s", idx, err) lastErr = err } } diff --git a/dkg/spectest/tests/resharing.go b/dkg/spectest/tests/resharing.go index c2830e7f1..017f36666 100644 --- a/dkg/spectest/tests/resharing.go +++ b/dkg/spectest/tests/resharing.go @@ -22,34 +22,34 @@ func ResharingHappyFlow() *MsgProcessingSpecTest { return &MsgProcessingSpecTest{ Name: "resharing happy flow", InputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ReshareMsgType, Identifier: identifier, Data: reshareBytes, }), - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.ProtocolMsgType, Identifier: identifier, Data: nil, // GLNOTE: Dummy message simulating the Protocol to complete }), - testingutils.SignDKGMsg(ks.DKGOperators[2].SK, 2, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[2].EncryptionKey, 2, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 2, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[3].SK, 3, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[3].EncryptionKey, 3, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 3, root), }), - testingutils.SignDKGMsg(ks.DKGOperators[4].SK, 4, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[4].EncryptionKey, 4, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 4, root), }), }, OutputMessages: []*dkg.SignedMessage{ - testingutils.SignDKGMsg(ks.DKGOperators[1].SK, 1, &dkg.Message{ + testingutils.SignDKGMsg(ks.DKGOperators[1].EncryptionKey, 1, &dkg.Message{ MsgType: dkg.OutputMsgType, Identifier: identifier, Data: ks.SignedOutputBytes(identifier, 1, root), diff --git a/dkg/types.go b/dkg/types.go index f622a9bbc..33cd49f64 100644 --- a/dkg/types.go +++ b/dkg/types.go @@ -32,6 +32,8 @@ type Operator struct { ETHAddress common.Address // EncryptionPubKey encryption pubkey for shares EncryptionPubKey *rsa.PublicKey + // EncryptionPrivateKey encryption private key for signing dkg message + EncryptionPrivateKey *rsa.PrivateKey } type IConfig interface { diff --git a/types/encryption.go b/types/encryption.go index 25717fd72..5652f904c 100644 --- a/types/encryption.go +++ b/types/encryption.go @@ -1,10 +1,13 @@ package types import ( + "crypto" "crypto/rand" "crypto/rsa" + "crypto/sha256" "crypto/x509" "encoding/pem" + "github.com/pkg/errors" ) @@ -45,6 +48,21 @@ func Encrypt(pk *rsa.PublicKey, plainText []byte) ([]byte, error) { return encrypted, nil } +func Sign(sk *rsa.PrivateKey, data []byte) ([]byte, error) { + hashed := sha256.Sum256(data) + signature, err := rsa.SignPKCS1v15(rand.Reader, sk, crypto.SHA256, hashed[:]) + if err != nil { + return nil, err + } + return signature, nil +} + +func Verify(pk *rsa.PublicKey, data, signature []byte) bool { + hashed := sha256.Sum256(data) + err := rsa.VerifyPKCS1v15(pk, crypto.SHA256, hashed[:], signature) + return err == nil +} + // PemToPrivateKey return rsa private key from pem func PemToPrivateKey(skPem []byte) (*rsa.PrivateKey, error) { block, _ := pem.Decode(skPem) diff --git a/types/signer.go b/types/signer.go index 7a242b5aa..20f7d5892 100644 --- a/types/signer.go +++ b/types/signer.go @@ -57,7 +57,8 @@ type SSVSigner interface { type DKGSigner interface { SSVSigner // SignDKGOutput signs output according to the SIP https://docs.google.com/document/d/1TRVUHjFyxINWW2H9FYLNL2pQoLy6gmvaI62KL_4cREQ/edit - SignDKGOutput(output Root, address common.Address) (Signature, error) + // SignDKGOutput(output Root, address common.Address) (Signature, error) + SignDKGOutput(output Root, privateKey *rsa.PrivateKey) ([]byte, error) // SignETHDepositRoot signs an ethereum deposit root SignETHDepositRoot(root []byte, address common.Address) (Signature, error) } diff --git a/types/testingutils/dkg.go b/types/testingutils/dkg.go index 2807c6d53..9aaa31cac 100644 --- a/types/testingutils/dkg.go +++ b/types/testingutils/dkg.go @@ -1,7 +1,6 @@ package testingutils import ( - "crypto/ecdsa" "crypto/rsa" "encoding/hex" "fmt" @@ -11,7 +10,6 @@ import ( "github.com/bloxapp/ssv-spec/dkg" "github.com/bloxapp/ssv-spec/dkg/stubdkg" "github.com/bloxapp/ssv-spec/types" - "github.com/ethereum/go-ethereum/crypto" "github.com/herumi/bls-eth-go-binary/bls" ) @@ -39,18 +37,19 @@ var TestingDKGNode = func(keySet *TestKeySet) *dkg.Node { } return dkg.NewNode(&dkg.Operator{ - OperatorID: 1, - ETHAddress: keySet.DKGOperators[1].ETHAddress, - EncryptionPubKey: &keySet.DKGOperators[1].EncryptionKey.PublicKey, + OperatorID: 1, + ETHAddress: keySet.DKGOperators[1].ETHAddress, + EncryptionPubKey: &keySet.DKGOperators[1].EncryptionKey.PublicKey, + EncryptionPrivateKey: keySet.DKGOperators[1].EncryptionKey, }, config) } -var SignDKGMsg = func(sk *ecdsa.PrivateKey, id types.OperatorID, msg *dkg.Message) *dkg.SignedMessage { +var SignDKGMsg = func(sk *rsa.PrivateKey, id types.OperatorID, msg *dkg.Message) *dkg.SignedMessage { domain := types.PrimusTestnet sigType := types.DKGSignatureType r, _ := types.ComputeSigningRoot(msg, types.ComputeSignatureDomain(domain, sigType)) - sig, _ := crypto.Sign(r, sk) + sig, _ := types.Sign(sk, r) return &dkg.SignedMessage{ Message: msg, @@ -155,7 +154,8 @@ func (ks *TestKeySet) KeyGenOutput(opId types.OperatorID) *dkg.KeyGenOutput { } var ( - signedOutputCache = map[string]*dkg.SignedOutput{} + signedOutputCache = map[string]*dkg.SignedOutput{} + keySignOutputCache = map[string]*dkg.SignedOutput{} ) func (ks *TestKeySet) SignedOutputObject(requestID dkg.RequestID, opId types.OperatorID, root []byte) *dkg.SignedOutput { @@ -176,7 +176,8 @@ func (ks *TestKeySet) SignedOutputObject(requestID dkg.RequestID, opId types.Ope // root1, _ := o.GetRoot() root1, _ := types.ComputeSigningRoot(o, types.ComputeSignatureDomain(types.PrimusTestnet, types.DKGSignatureType)) - sig, _ := crypto.Sign(root1, ks.DKGOperators[opId].SK) + sig, _ := types.Sign(ks.DKGOperators[opId].EncryptionKey, root1) + // sig, _ := crypto.Sign(root1, ks.DKGOperators[opId].SK) ret := &dkg.SignedOutput{ Data: o, @@ -195,7 +196,7 @@ func (ks *TestKeySet) SignedOutputBytes(requestID dkg.RequestID, opId types.Oper func (ks *TestKeySet) SignedKeySignOutputObject(requestID dkg.RequestID, opID types.OperatorID, signingRoot []byte) *dkg.SignedOutput { id := hex.EncodeToString(requestID[:]) + strconv.FormatUint(uint64(opID), 10) + hex.EncodeToString(signingRoot) - if found := signedOutputCache[id]; found != nil { + if found := keySignOutputCache[id]; found != nil { return found } @@ -207,14 +208,14 @@ func (ks *TestKeySet) SignedKeySignOutputObject(requestID dkg.RequestID, opID ty } root, _ := types.ComputeSigningRoot(o, types.ComputeSignatureDomain(types.PrimusTestnet, types.DKGSignatureType)) - sig, _ := crypto.Sign(root, ks.DKGOperators[opID].SK) + sig, _ := types.Sign(ks.DKGOperators[opID].EncryptionKey, root) ret := &dkg.SignedOutput{ KeySignData: o, Signer: opID, Signature: sig, } - signedOutputCache[id] = ret + keySignOutputCache[id] = ret return ret } diff --git a/types/testingutils/keymanager.go b/types/testingutils/keymanager.go index d73f8caaa..79854e1e4 100644 --- a/types/testingutils/keymanager.go +++ b/types/testingutils/keymanager.go @@ -5,13 +5,11 @@ import ( "crypto/ecdsa" "crypto/rsa" "encoding/hex" - "fmt" "github.com/attestantio/go-eth2-client/spec/bellatrix" spec "github.com/attestantio/go-eth2-client/spec/phase0" "github.com/bloxapp/ssv-spec/types" "github.com/ethereum/go-ethereum/common" - "github.com/ethereum/go-ethereum/crypto" ssz "github.com/ferranbt/fastssz" "github.com/herumi/bls-eth-go-binary/bls" "github.com/pkg/errors" @@ -129,20 +127,12 @@ func (km *testingKeyManager) Encrypt(pk *rsa.PublicKey, data []byte) ([]byte, er } // SignDKGOutput signs output according to the SIP https://docs.google.com/document/d/1TRVUHjFyxINWW2H9FYLNL2pQoLy6gmvaI62KL_4cREQ/edit -func (km *testingKeyManager) SignDKGOutput(output types.Root, address common.Address) (types.Signature, error) { +func (km *testingKeyManager) SignDKGOutput(output types.Root, sk *rsa.PrivateKey) ([]byte, error) { root, err := types.ComputeSigningRoot(output, types.ComputeSignatureDomain(km.domain, types.DKGSignatureType)) if err != nil { return nil, err } - sk := km.ecdsaKeys[address.String()] - if sk == nil { - return nil, errors.New(fmt.Sprintf("unable to find ecdsa key for address %v", address.String())) - } - sig, err := crypto.Sign(root, sk) - if err != nil { - return nil, err - } - return sig, nil + return types.Sign(sk, root) } func (km *testingKeyManager) SignETHDepositRoot(root []byte, address common.Address) (types.Signature, error) { diff --git a/types/testingutils/storage.go b/types/testingutils/storage.go index 33190baed..1d6e11902 100644 --- a/types/testingutils/storage.go +++ b/types/testingutils/storage.go @@ -20,9 +20,10 @@ func NewTestingStorage() *testingStorage { for i, s := range Testing13SharesSet().DKGOperators { ret.operators[i] = &dkg.Operator{ - OperatorID: i, - ETHAddress: s.ETHAddress, - EncryptionPubKey: &s.EncryptionKey.PublicKey, + OperatorID: i, + ETHAddress: s.ETHAddress, + EncryptionPubKey: &s.EncryptionKey.PublicKey, + EncryptionPrivateKey: s.EncryptionKey, } }