Signing flow with derived accounts #990
Conversation
HCastano
force-pushed
the
hc/new-signing-flow
branch
from
1a4a39c to
117d420
Compare
| @@ -119,6 +119,8 @@ pub mod pallet { | |||
| pub struct RegisteredInfo<T: Config> { | |||
| pub programs_data: BoundedVec<ProgramInstance<T>, T::MaxProgramHashes>, | |||
| pub program_modification_account: T::AccountId, | |||
| /// The SCALE encoded BIP-32 `DerivationPath` used to register this account. | |||
| pub derivation_path: Option<Vec<u8>>, | |||
There was a problem hiding this comment.
@JesseAbram do you know what kind of runtime version bump we'd need for this? For the release it doesn't make a difference since we're bumping everything anyways, but I'm more curious in case we ever do this as a one-off thing
There was a problem hiding this comment.
tbh I just click all of them and let you tell me which one it was
| pub signature_verifying_key: Vec<u8>, | ||
| } | ||
|
|
||
| pub async fn get_signers_from_chain( | ||
| api: &OnlineClient<EntropyConfig>, | ||
| rpc: &LegacyRpcMethods<EntropyConfig>, | ||
| with_parent_key: bool, |
There was a problem hiding this comment.
ehhh maybe a get signers from chain and a get validators from chain function makes more sense
There was a problem hiding this comment.
I don't disagree, but for the case of this function it is always getting the signers. The difference between both arms here is that the signers are either: queried directly or grabbed from the validator set.
| @@ -119,6 +119,8 @@ pub mod pallet { | |||
| pub struct RegisteredInfo<T: Config> { | |||
| pub programs_data: BoundedVec<ProgramInstance<T>, T::MaxProgramHashes>, | |||
| pub program_modification_account: T::AccountId, | |||
| /// The SCALE encoded BIP-32 `DerivationPath` used to register this account. | |||
| pub derivation_path: Option<Vec<u8>>, | |||
There was a problem hiding this comment.
tbh I just click all of them and let you tell me which one it was
There was a problem hiding this comment.
Great to see this working. This all happened faster than i imagined it would.
And im looking forwards to seeing the old stuff removed and hopefully everything a bit cleaner. Also looking forwards to being able to try this out with docker-compose and the test cli.
| // TODO #899 For now we just take the first t validators as the ones to perform signing | ||
| validators.sort(); |
There was a problem hiding this comment.
Fine for now to not sort - but the reason we have this was because of query results coming back in a different order with polkadot js vs subxt. So the idea was to sort before truncating.
If the plan is that this fn should no longer be called by both the client and the TS server then we need to remove it from entropy-client.
There was a problem hiding this comment.
I think it will still be called by both. Probably safer to keep the sorting
There was a problem hiding this comment.
@ameba23 when I sorted the signers coming from the on-chain flow the signing test started failing. Not entirely sure why 🤷
| @@ -207,22 +213,41 @@ pub async fn sign_tx( | |||
| request_author, | |||
| }; | |||
|
|
|||
| let _has_key = check_for_key(&string_verifying_key, &app_state.kv_store).await?; | |||
| // In the new registration flow we don't store the verifying key in the KVDB, so we only do this | |||
| // check if we're using the old registration flow | |||
There was a problem hiding this comment.
But we could still check here if we are currently in the signing committee. But i guess theres no point as we are about to attempt to get the parent keyshare in get_sign_context anyway
There was a problem hiding this comment.
We weren't checking for inclusion in the signing committee here anyways, so maybe I'm misunderstanding your comment
| @@ -362,6 +364,134 @@ async fn test_sign_tx_no_chain() { | |||
| clean_tests(); | |||
| } | |||
|
|
|||
| #[tokio::test] | |||
| #[serial] | |||
| async fn signature_request_with_derived_account_works() { | |||
There was a problem hiding this comment.
Could we now remove the new registration flow test below? Is there anything in it which is not repeated here?
There was a problem hiding this comment.
I want to keep them separate. We already have enough tests that conflate what their actual purpose is. What I'd want to do instead is trim down some of the code in the signing test to be the bare minimum setup we need - but I wasn't sure what the best way to do that yet so I left it in full.
HCastano
added
the
Bump `spec_version`
Turns out this breaks the signing flow for some reason 🤷
* master: Bump serde_json from 1.0.124 to 1.0.125 in the patch-dependencies group (#1007) Signing flow with derived accounts (#990) Add `network-jumpstart` command to `entropy-test-cli` (#1004) Refactor reshare (#994) Migrate circle-ci workflow to github actions (#991) Delete old keyshare if not in next_signers (#999)
This PR allows signature requests to happen using the new derived account flow that was
implemented in #955. I've implemented it in such a way that the old registration and signing
flow is also valid as I didn't want to break everything.
I want to have a few follow up PRs related to this in order to keep the review queue
manageable:
entropy-test-clito support the newderived flows and ensure everything works
both the registration and signing flows, using the tests from the old flows as a
reference to try and avoid losing coverage