crypto: Add multisig as an authenticator

MystenLabs · Jan 11, 2023 · 4c14cbd · 4c14cbd
1 parent 012b2d0
commit 4c14cbd
Show file tree

Hide file tree

Showing 20 changed files with 993 additions and 84 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -126,8 +126,8 @@ move-prover-boogie-backend = { git = "https://github.com/move-language/move", re
 move-stackless-bytecode = { git = "https://github.com/move-language/move", rev = "a8e95cbae69564d8928c9873b8acfabc50e642cf" }
 move-symbol-pool = { git = "https://github.com/move-language/move", rev = "a8e95cbae69564d8928c9873b8acfabc50e642cf" }
 
-fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "f451422b7f15e75e055a1830cbe5d1547fa87b74" }
-fastcrypto-zkp = { git = "https://github.com/MystenLabs/fastcrypto", rev = "f451422b7f15e75e055a1830cbe5d1547fa87b74", package = "fastcrypto-zkp" }
+fastcrypto = { git = "https://github.com/MystenLabs/fastcrypto", rev = "2a1763b98ba6951f6eba88a3010e5af6a4482b65" }
+fastcrypto-zkp = { git = "https://github.com/MystenLabs/fastcrypto", rev = "2a1763b98ba6951f6eba88a3010e5af6a4482b65", package = "fastcrypto-zkp" }
 
 # anemo dependencies
 anemo = { git = "https://github.com/mystenlabs/anemo.git", rev = "ccfb77628ec1883121079f1ae9c65e9c716709c8" }

diff --git a/crates/sui-core/src/consensus_validator.rs b/crates/sui-core/src/consensus_validator.rs
@@ -116,20 +116,22 @@ impl SuiTxValidatorMetrics {
 
 #[cfg(test)]
 mod tests {
-    use fastcrypto::traits::KeyPair;
-    use narwhal_types::Batch;
-    use narwhal_worker::TransactionValidator;
-    use sui_types::{base_types::AuthorityName, messages::ConsensusTransaction};
-
     use crate::{
         authority::authority_tests::init_state_with_objects_and_committee,
         consensus_adapter::consensus_tests::{test_certificates, test_gas_objects},
         consensus_validator::SuiTxValidator,
     };
+    use fastcrypto::traits::{KeyPair, ToFromBytes};
+    use narwhal_types::Batch;
+    use narwhal_worker::TransactionValidator;
+    use sui_types::crypto::SuiSignatureInner;
+    use sui_types::{
+        base_types::AuthorityName, messages::ConsensusTransaction, multisig::GenericSignature,
+    };
 
     use sui_macros::sim_test;
+    use sui_types::crypto::Ed25519SuiSignature;
     use sui_types::object::Object;
-
     #[sim_test]
     async fn accept_valid_transaction() {
         // Initialize an authority with a (owned) gas object and a shared object; then
@@ -177,7 +179,12 @@ mod tests {
         let bogus_transaction_bytes: Vec<_> = certificates
             .into_iter()
             .map(|mut cert| {
-                cert.tx_signature.as_mut()[2] = cert.tx_signature.as_mut()[2].wrapping_add(1);
+                // set it to an all-zero user signature
+                cert.tx_signature = GenericSignature::Signature(
+                    Ed25519SuiSignature::from_bytes(&[0; Ed25519SuiSignature::LENGTH])
+                        .unwrap()
+                        .into(),
+                );
                 bincode::serialize(&ConsensusTransaction::new_certificate_message(&name1, cert))
                     .unwrap()
             })

diff --git a/crates/sui-core/src/unit_tests/authority_tests.rs b/crates/sui-core/src/unit_tests/authority_tests.rs
@@ -894,7 +894,7 @@ async fn test_handle_transfer_transaction_bad_signature() {
     bad_signature_transfer_transaction
         .data_mut_for_testing()
         .tx_signature =
-        Signature::new_secure(&transfer_transaction.data().intent_message, &unknown_key);
+        Signature::new_secure(&transfer_transaction.data().intent_message, &unknown_key).into();
 
     assert!(client
         .handle_transaction(bad_signature_transfer_transaction)

diff --git a/crates/sui-json-rpc-types/src/lib.rs b/crates/sui-json-rpc-types/src/lib.rs
@@ -38,7 +38,7 @@ use sui_types::base_types::{
 };
 use sui_types::coin::CoinMetadata;
 use sui_types::committee::EpochId;
-use sui_types::crypto::{Signature, SuiAuthorityStrongQuorumSignInfo};
+use sui_types::crypto::SuiAuthorityStrongQuorumSignInfo;
 use sui_types::dynamic_field::DynamicFieldInfo;
 use sui_types::error::{ExecutionError, SuiError};
 use sui_types::event::{BalanceChangeType, Event, EventID};
@@ -54,6 +54,7 @@ use sui_types::messages::{
 };
 use sui_types::messages_checkpoint::CheckpointSequenceNumber;
 use sui_types::move_package::{disassemble_modules, MovePackage};
+use sui_types::multisig::GenericSignature;
 use sui_types::object::{
     Data, MoveObject, Object, ObjectFormatOptions, ObjectRead, Owner, PastObjectRead,
 };
@@ -1777,7 +1778,7 @@ pub struct SuiCertifiedTransaction {
     pub transaction_digest: TransactionDigest,
     pub data: SuiTransactionData,
     /// tx_signature is signed by the transaction sender, committing to the intent message containing the transaction data and intent.
-    pub tx_signature: Signature,
+    pub tx_signature: GenericSignature,
     /// authority signature information, if available, is signed by an authority, applied on `data`.
     pub auth_sign_info: SuiAuthorityStrongQuorumSignInfo,
 }

diff --git a/crates/sui-json-rpc/src/transaction_execution_api.rs b/crates/sui-json-rpc/src/transaction_execution_api.rs
@@ -6,20 +6,21 @@ use crate::SuiRpcModule;
 use anyhow::anyhow;
 use async_trait::async_trait;
 use fastcrypto::encoding::Base64;
+use fastcrypto::traits::ToFromBytes;
 use jsonrpsee::core::RpcResult;
 use jsonrpsee::RpcModule;
 use move_bytecode_utils::module_cache::SyncModuleCache;
 use mysten_metrics::spawn_monitored_task;
-use signature::Signature;
 use std::sync::Arc;
 use sui_core::authority::{AuthorityStore, ResolverWrapper};
 use sui_core::authority_client::NetworkAuthorityClient;
 use sui_core::transaction_orchestrator::TransactiondOrchestrator;
 use sui_json_rpc_types::SuiExecuteTransactionResponse;
 use sui_open_rpc::Module;
 use sui_types::intent::Intent;
+use sui_types::messages::Transaction;
 use sui_types::messages::{ExecuteTransactionRequest, ExecuteTransactionRequestType};
-use sui_types::{crypto, messages::Transaction};
+use sui_types::multisig::GenericSignature;
 pub struct FullNodeTransactionExecutionApi {
     pub transaction_orchestrator: Arc<TransactiondOrchestrator<NetworkAuthorityClient>>,
     pub module_cache: Arc<SyncModuleCache<ResolverWrapper<AuthorityStore>>>,
@@ -47,10 +48,9 @@ impl TransactionExecutionApiServer for FullNodeTransactionExecutionApi {
     ) -> RpcResult<SuiExecuteTransactionResponse> {
         let tx_data =
             bcs::from_bytes(&tx_bytes.to_vec().map_err(|e| anyhow!(e))?).map_err(|e| anyhow!(e))?;
-        let signature = crypto::Signature::from_bytes(&signature.to_vec().map_err(|e| anyhow!(e))?)
+        let signature = GenericSignature::from_bytes(&signature.to_vec().map_err(|e| anyhow!(e))?)
             .map_err(|e| anyhow!(e))?;
-
-        let txn = Transaction::from_data(tx_data, Intent::default(), signature);
+        let txn = Transaction::from_generic_sig_data(tx_data, Intent::default(), signature);
 
         let transaction_orchestrator = self.transaction_orchestrator.clone();
         let response = spawn_monitored_task!(transaction_orchestrator.execute_transaction(
@@ -78,11 +78,9 @@ impl TransactionExecutionApiServer for FullNodeTransactionExecutionApi {
     ) -> RpcResult<SuiExecuteTransactionResponse> {
         let tx_data =
             bcs::from_bytes(&tx_bytes.to_vec().map_err(|e| anyhow!(e))?).map_err(|e| anyhow!(e))?;
-        let signature = crypto::Signature::from_bytes(&signature.to_vec().map_err(|e| anyhow!(e))?)
+        let signature = GenericSignature::from_bytes(&signature.to_vec().map_err(|e| anyhow!(e))?)
             .map_err(|e| anyhow!(e))?;
-
-        let txn = Transaction::from_data(tx_data, Intent::default(), signature);
-
+        let txn = Transaction::from_generic_sig_data(tx_data, Intent::default(), signature);
         let transaction_orchestrator = self.transaction_orchestrator.clone();
         let response = spawn_monitored_task!(transaction_orchestrator.execute_transaction(
             ExecuteTransactionRequest {

diff --git a/crates/sui-keys/src/key_derive.rs b/crates/sui-keys/src/key_derive.rs
@@ -61,9 +61,11 @@ pub fn derive_key_pair_from_path(
             );
             Ok((kp.public().into(), SuiKeyPair::Secp256r1(kp)))
         }
-        SignatureScheme::BLS12381 => Err(SuiError::UnsupportedFeatureError {
-            error: "BLS12381 key derivation is currently not supported".to_string(),
-        }),
+        SignatureScheme::BLS12381 | SignatureScheme::Multisig => {
+            Err(SuiError::UnsupportedFeatureError {
+                error: format!("key derivation not supported {:?}", key_scheme),
+            })
+        }
     }
 }
 
@@ -156,9 +158,11 @@ pub fn validate_path(
                 .map_err(|_| SuiError::SignatureKeyGenError("Cannot parse path".to_string()))?),
             }
         }
-        SignatureScheme::BLS12381 => Err(SuiError::UnsupportedFeatureError {
-            error: "BLS12381 key derivation is currently not supported".to_string(),
-        }),
+        SignatureScheme::BLS12381 | SignatureScheme::Multisig => {
+            Err(SuiError::UnsupportedFeatureError {
+                error: format!("key derivation not supported {:?}", key_scheme),
+            })
+        }
     }
 }