Compare commits
1 Commits
1497884ce6
...
impl-usera
| Author | SHA1 | Date | |
|---|---|---|---|
|
3aae3e1d83 |
11
mise.lock
11
mise.lock
@@ -48,10 +48,6 @@ backend = "cargo:cargo-features-manager"
|
||||
version = "1.46.3"
|
||||
backend = "cargo:cargo-insta"
|
||||
|
||||
[[tools."cargo:cargo-mutants"]]
|
||||
version = "27.0.0"
|
||||
backend = "cargo:cargo-mutants"
|
||||
|
||||
[[tools."cargo:cargo-nextest"]]
|
||||
version = "0.9.126"
|
||||
backend = "cargo:cargo-nextest"
|
||||
@@ -115,37 +111,30 @@ backend = "core:python"
|
||||
[tools.python."platforms.linux-arm64"]
|
||||
checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.linux-arm64-musl"]
|
||||
checksum = "sha256:53700338695e402a1a1fe22be4a41fbdacc70e22bb308a48eca8ed67cb7992be"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-unknown-linux-gnu-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.linux-x64"]
|
||||
checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.linux-x64-musl"]
|
||||
checksum = "sha256:d7a9f970914bb4c88756fe3bdcc186d4feb90e9500e54f1db47dae4dc9687e39"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-unknown-linux-gnu-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.macos-arm64"]
|
||||
checksum = "sha256:c43aecde4a663aebff99b9b83da0efec506479f1c3f98331442f33d2c43501f9"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-aarch64-apple-darwin-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.macos-x64"]
|
||||
checksum = "sha256:9ab41dbc2f100a2a45d1833b9c11165f51051c558b5213eda9a9731d5948a0c0"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-apple-darwin-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[tools.python."platforms.windows-x64"]
|
||||
checksum = "sha256:bbe19034b35b0267176a7442575ae7dc6343480fd4d35598cb7700173d431e09"
|
||||
url = "https://github.com/astral-sh/python-build-standalone/releases/download/20260324/cpython-3.14.3+20260324-x86_64-pc-windows-msvc-install_only_stripped.tar.gz"
|
||||
provenance = "github-attestations"
|
||||
|
||||
[[tools.rust]]
|
||||
version = "1.93.0"
|
||||
|
||||
@@ -12,7 +12,6 @@ protoc = "29.6"
|
||||
python = "3.14.3"
|
||||
ast-grep = "0.42.0"
|
||||
"cargo:cargo-edit" = "0.13.9"
|
||||
"cargo:cargo-mutants" = "27.0.0"
|
||||
|
||||
[tasks.codegen]
|
||||
sources = ['protobufs/*.proto', 'protobufs/**/*.proto']
|
||||
|
||||
@@ -36,10 +36,6 @@ message GasLimitExceededViolation {
|
||||
}
|
||||
|
||||
message EvalViolation {
|
||||
message ChainIdMismatch {
|
||||
uint64 expected = 1;
|
||||
uint64 actual = 2;
|
||||
}
|
||||
oneof kind {
|
||||
bytes invalid_target = 1; // 20-byte Ethereum address
|
||||
GasLimitExceededViolation gas_limit_exceeded = 2;
|
||||
@@ -47,8 +43,6 @@ message EvalViolation {
|
||||
google.protobuf.Empty volumetric_limit_exceeded = 4;
|
||||
google.protobuf.Empty invalid_time = 5;
|
||||
google.protobuf.Empty invalid_transaction_type = 6;
|
||||
|
||||
ChainIdMismatch chain_id_mismatch = 7;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
test_tool = "nextest"
|
||||
2
server/.gitignore
vendored
2
server/.gitignore
vendored
@@ -1,2 +0,0 @@
|
||||
mutants.out/
|
||||
mutants.out.old/
|
||||
91
server/Cargo.lock
generated
91
server/Cargo.lock
generated
@@ -743,24 +743,22 @@ dependencies = [
|
||||
"k256",
|
||||
"kameo",
|
||||
"memsafe",
|
||||
"mutants",
|
||||
"pem",
|
||||
"proptest",
|
||||
"postcard",
|
||||
"prost",
|
||||
"prost-types",
|
||||
"rand 0.10.0",
|
||||
"rcgen",
|
||||
"restructed",
|
||||
"rsa",
|
||||
"rstest",
|
||||
"rustls",
|
||||
"secrecy",
|
||||
"serde",
|
||||
"serde_with",
|
||||
"sha2 0.10.9",
|
||||
"smlang",
|
||||
"spki",
|
||||
"strum 0.28.0",
|
||||
"subtle",
|
||||
"test-log",
|
||||
"thiserror 2.0.18",
|
||||
"tokio",
|
||||
@@ -1059,6 +1057,15 @@ dependencies = [
|
||||
"syn 2.0.117",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "atomic-polyfill"
|
||||
version = "1.0.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "8cf2bce30dfe09ef0bfaef228b9d414faaf7e563035494d7fe092dba54b300f4"
|
||||
dependencies = [
|
||||
"critical-section",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "atomic-waker"
|
||||
version = "1.1.2"
|
||||
@@ -1449,6 +1456,15 @@ dependencies = [
|
||||
"cc",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "cobs"
|
||||
version = "0.3.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "0fa961b519f0b462e3a3b4a34b64d119eeaca1d59af726fe450bbba07a9fc0a1"
|
||||
dependencies = [
|
||||
"thiserror 2.0.18",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "console"
|
||||
version = "0.15.11"
|
||||
@@ -1556,6 +1572,12 @@ dependencies = [
|
||||
"cfg-if",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "critical-section"
|
||||
version = "1.2.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b"
|
||||
|
||||
[[package]]
|
||||
name = "crossbeam-utils"
|
||||
version = "0.8.21"
|
||||
@@ -2021,6 +2043,18 @@ dependencies = [
|
||||
"zeroize",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "embedded-io"
|
||||
version = "0.4.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "ef1a6892d9eef45c8fa6b9e0086428a2cca8491aca8f787c534a3d6d0bcb3ced"
|
||||
|
||||
[[package]]
|
||||
name = "embedded-io"
|
||||
version = "0.6.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "edd0f118536f44f5ccd48bcb8b111bdc3de888b58c74639dfb034a357d0f206d"
|
||||
|
||||
[[package]]
|
||||
name = "encode_unicode"
|
||||
version = "1.0.0"
|
||||
@@ -2438,6 +2472,15 @@ dependencies = [
|
||||
"tracing",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hash32"
|
||||
version = "0.2.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "b0c35f58762feb77d74ebe43bdbc3210f09be9fe6742234d573bacc26ed92b67"
|
||||
dependencies = [
|
||||
"byteorder",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "hashbrown"
|
||||
version = "0.12.3"
|
||||
@@ -2472,6 +2515,20 @@ dependencies = [
|
||||
"serde_core",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "heapless"
|
||||
version = "0.7.17"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "cdc6457c0eb62c71aac4bc17216026d8410337c4126773b9c5daba343f17964f"
|
||||
dependencies = [
|
||||
"atomic-polyfill",
|
||||
"hash32",
|
||||
"rustc_version 0.4.1",
|
||||
"serde",
|
||||
"spin",
|
||||
"stable_deref_trait",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "heck"
|
||||
version = "0.5.0"
|
||||
@@ -3179,12 +3236,6 @@ version = "0.10.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "1d87ecb2933e8aeadb3e3a02b828fed80a7528047e68b4f424523a0981a3a084"
|
||||
|
||||
[[package]]
|
||||
name = "mutants"
|
||||
version = "0.0.4"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "add0ac067452ff1aca8c5002111bd6b1c895baee6e45fcbc44e0193aea17be56"
|
||||
|
||||
[[package]]
|
||||
name = "nom"
|
||||
version = "7.1.3"
|
||||
@@ -3538,6 +3589,19 @@ version = "1.13.1"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
|
||||
|
||||
[[package]]
|
||||
name = "postcard"
|
||||
version = "1.1.3"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6764c3b5dd454e283a30e6dfe78e9b31096d9e32036b5d1eaac7a6119ccb9a24"
|
||||
dependencies = [
|
||||
"cobs",
|
||||
"embedded-io 0.4.0",
|
||||
"embedded-io 0.6.1",
|
||||
"heapless",
|
||||
"serde",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "potential_utf"
|
||||
version = "0.1.4"
|
||||
@@ -3649,9 +3713,9 @@ dependencies = [
|
||||
|
||||
[[package]]
|
||||
name = "proptest"
|
||||
version = "1.11.0"
|
||||
version = "1.10.0"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "4b45fcc2344c680f5025fe57779faef368840d0bd1f42f216291f0dc4ace4744"
|
||||
checksum = "37566cb3fdacef14c0737f9546df7cfeadbfbc9fef10991038bf5015d0c80532"
|
||||
dependencies = [
|
||||
"bit-set",
|
||||
"bit-vec",
|
||||
@@ -4726,6 +4790,9 @@ name = "spin"
|
||||
version = "0.9.8"
|
||||
source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
|
||||
dependencies = [
|
||||
"lock_api",
|
||||
]
|
||||
|
||||
[[package]]
|
||||
name = "spki"
|
||||
|
||||
@@ -44,4 +44,3 @@ sha2 = "0.10"
|
||||
spki = "0.7"
|
||||
prost = "0.14.3"
|
||||
miette = { version = "7.6.0", features = ["fancy", "serde"] }
|
||||
mutants = "0.0.4"
|
||||
|
||||
@@ -58,12 +58,10 @@ prost-types.workspace = true
|
||||
prost.workspace = true
|
||||
arbiter-tokens-registry.path = "../arbiter-tokens-registry"
|
||||
anyhow = "1.0.102"
|
||||
postcard = { version = "1.1.3", features = ["use-std"] }
|
||||
serde = { version = "1.0.228", features = ["derive"] }
|
||||
serde_with = "3.18.0"
|
||||
mutants.workspace = true
|
||||
subtle = "2.6.1"
|
||||
|
||||
[dev-dependencies]
|
||||
insta = "1.46.3"
|
||||
proptest = "1.11.0"
|
||||
rstest.workspace = true
|
||||
test-log = { version = "0.2", default-features = false, features = ["trace"] }
|
||||
|
||||
@@ -4,7 +4,6 @@ use diesel_async::RunQueryDsl;
|
||||
use kameo::{Actor, messages};
|
||||
|
||||
use rand::{RngExt, distr::Alphanumeric, make_rng, rngs::StdRng};
|
||||
use subtle::ConstantTimeEq as _;
|
||||
use thiserror::Error;
|
||||
|
||||
use crate::db::{self, DatabasePool, schema};
|
||||
@@ -45,14 +44,14 @@ pub struct Bootstrapper {
|
||||
|
||||
impl Bootstrapper {
|
||||
pub async fn new(db: &DatabasePool) -> Result<Self, Error> {
|
||||
let row_count: i64 = {
|
||||
let mut conn = db.get().await?;
|
||||
|
||||
schema::useragent_client::table
|
||||
let row_count: i64 = schema::useragent_client::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await?
|
||||
};
|
||||
.await?;
|
||||
|
||||
drop(conn);
|
||||
|
||||
let token = if row_count == 0 {
|
||||
let token = generate_token().await?;
|
||||
@@ -70,13 +69,7 @@ impl Bootstrapper {
|
||||
#[message]
|
||||
pub fn is_correct_token(&self, token: String) -> bool {
|
||||
match &self.token {
|
||||
Some(expected) => {
|
||||
let expected_bytes = expected.as_bytes();
|
||||
let token_bytes = token.as_bytes();
|
||||
|
||||
let choice = expected_bytes.ct_eq(token_bytes);
|
||||
bool::from(choice)
|
||||
}
|
||||
Some(expected) => *expected == token,
|
||||
None => false,
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,16 +9,14 @@ use diesel::{
|
||||
};
|
||||
use diesel_async::RunQueryDsl as _;
|
||||
use ed25519_dalek::{Signature, VerifyingKey};
|
||||
use kameo::{actor::ActorRef, error::SendError};
|
||||
use kameo::error::SendError;
|
||||
use tracing::error;
|
||||
|
||||
use crate::{
|
||||
actors::{
|
||||
client::{ClientConnection, ClientCredentials, ClientProfile},
|
||||
client::{ClientConnection, ClientProfile},
|
||||
flow_coordinator::{self, RequestClientApproval},
|
||||
keyholder::KeyHolder,
|
||||
},
|
||||
crypto::integrity::{self, AttestationStatus},
|
||||
db::{
|
||||
self,
|
||||
models::{ProgramClientMetadata, SqliteTimestamp},
|
||||
@@ -32,8 +30,6 @@ pub enum Error {
|
||||
DatabasePoolUnavailable,
|
||||
#[error("Database operation failed")]
|
||||
DatabaseOperationFailed,
|
||||
#[error("Integrity check failed")]
|
||||
IntegrityCheckFailed,
|
||||
#[error("Invalid challenge solution")]
|
||||
InvalidChallengeSolution,
|
||||
#[error("Client approval request failed")]
|
||||
@@ -42,13 +38,6 @@ pub enum Error {
|
||||
Transport,
|
||||
}
|
||||
|
||||
impl From<diesel::result::Error> for Error {
|
||||
fn from(e: diesel::result::Error) -> Self {
|
||||
error!(?e, "Database error");
|
||||
Self::DatabaseOperationFailed
|
||||
}
|
||||
}
|
||||
|
||||
#[derive(thiserror::Error, Debug, Clone, PartialEq, Eq)]
|
||||
pub enum ApproveError {
|
||||
#[error("Internal error")]
|
||||
@@ -76,78 +65,18 @@ pub enum Outbound {
|
||||
AuthSuccess,
|
||||
}
|
||||
|
||||
/// Returns the current nonce and client ID for a registered client.
|
||||
pub struct ClientInfo {
|
||||
pub id: i32,
|
||||
pub current_nonce: i32,
|
||||
}
|
||||
|
||||
/// Atomically reads and increments the nonce for a known client.
|
||||
/// Returns `None` if the pubkey is not registered.
|
||||
async fn get_current_nonce_and_id(
|
||||
async fn get_client_and_nonce(
|
||||
db: &db::DatabasePool,
|
||||
pubkey: &VerifyingKey,
|
||||
) -> Result<Option<(i32, i32)>, Error> {
|
||||
) -> Result<Option<ClientInfo>, Error> {
|
||||
let pubkey_bytes = pubkey.as_bytes().to_vec();
|
||||
let mut conn = db.get().await.map_err(|e| {
|
||||
error!(error = ?e, "Database pool error");
|
||||
Error::DatabasePoolUnavailable
|
||||
})?;
|
||||
program_client::table
|
||||
.filter(program_client::public_key.eq(&pubkey_bytes))
|
||||
.select((program_client::id, program_client::nonce))
|
||||
.first::<(i32, i32)>(&mut conn)
|
||||
.await
|
||||
.optional()
|
||||
.map_err(|e| {
|
||||
error!(error = ?e, "Database error");
|
||||
Error::DatabaseOperationFailed
|
||||
})
|
||||
}
|
||||
|
||||
async fn verify_integrity(
|
||||
db: &db::DatabasePool,
|
||||
keyholder: &ActorRef<KeyHolder>,
|
||||
pubkey: &VerifyingKey,
|
||||
) -> Result<(), Error> {
|
||||
let mut db_conn = db.get().await.map_err(|e| {
|
||||
error!(error = ?e, "Database pool error");
|
||||
Error::DatabasePoolUnavailable
|
||||
})?;
|
||||
|
||||
let (id, nonce) = get_current_nonce_and_id(db, pubkey)
|
||||
.await?
|
||||
.ok_or_else(|| {
|
||||
error!("Client not found during integrity verification");
|
||||
Error::DatabaseOperationFailed
|
||||
})?;
|
||||
|
||||
let attestation = integrity::verify_entity(
|
||||
&mut db_conn,
|
||||
keyholder,
|
||||
&ClientCredentials {
|
||||
pubkey: pubkey.clone(),
|
||||
nonce,
|
||||
},
|
||||
id,
|
||||
)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
error!(?e, "Integrity verification failed");
|
||||
Error::IntegrityCheckFailed
|
||||
})?;
|
||||
|
||||
if attestation != AttestationStatus::Attested {
|
||||
error!("Integrity attestation unavailable for client {id}");
|
||||
return Err(Error::IntegrityCheckFailed);
|
||||
}
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
/// Atomically increments the nonce and re-signs the integrity envelope.
|
||||
/// Returns the new nonce, which is used as the challenge nonce.
|
||||
async fn create_nonce(
|
||||
db: &db::DatabasePool,
|
||||
keyholder: &ActorRef<KeyHolder>,
|
||||
pubkey: &VerifyingKey,
|
||||
) -> Result<i32, Error> {
|
||||
let pubkey_bytes = pubkey.as_bytes().to_vec();
|
||||
let pubkey = pubkey.clone();
|
||||
|
||||
let mut conn = db.get().await.map_err(|e| {
|
||||
error!(error = ?e, "Database pool error");
|
||||
@@ -155,35 +84,34 @@ async fn create_nonce(
|
||||
})?;
|
||||
|
||||
conn.exclusive_transaction(|conn| {
|
||||
let keyholder = keyholder.clone();
|
||||
let pubkey = pubkey.clone();
|
||||
Box::pin(async move {
|
||||
let (id, new_nonce): (i32, i32) = update(program_client::table)
|
||||
let Some((client_id, current_nonce)) = program_client::table
|
||||
.filter(program_client::public_key.eq(&pubkey_bytes))
|
||||
.set(program_client::nonce.eq(program_client::nonce + 1))
|
||||
.returning((program_client::id, program_client::nonce))
|
||||
.get_result(conn)
|
||||
.select((program_client::id, program_client::nonce))
|
||||
.first::<(i32, i32)>(conn)
|
||||
.await
|
||||
.optional()?
|
||||
else {
|
||||
return Result::<_, diesel::result::Error>::Ok(None);
|
||||
};
|
||||
|
||||
update(program_client::table)
|
||||
.filter(program_client::public_key.eq(&pubkey_bytes))
|
||||
.set(program_client::nonce.eq(current_nonce + 1))
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
integrity::sign_entity(
|
||||
conn,
|
||||
&keyholder,
|
||||
&ClientCredentials {
|
||||
pubkey: pubkey.clone(),
|
||||
nonce: new_nonce,
|
||||
},
|
||||
id,
|
||||
)
|
||||
Ok(Some(ClientInfo {
|
||||
id: client_id,
|
||||
current_nonce,
|
||||
}))
|
||||
})
|
||||
})
|
||||
.await
|
||||
.map_err(|e| {
|
||||
error!(?e, "Integrity sign failed after nonce update");
|
||||
error!(error = ?e, "Database error");
|
||||
Error::DatabaseOperationFailed
|
||||
})?;
|
||||
|
||||
Ok(new_nonce)
|
||||
})
|
||||
})
|
||||
.await
|
||||
}
|
||||
|
||||
async fn approve_new_client(
|
||||
@@ -211,25 +139,15 @@ async fn approve_new_client(
|
||||
|
||||
async fn insert_client(
|
||||
db: &db::DatabasePool,
|
||||
keyholder: &ActorRef<KeyHolder>,
|
||||
pubkey: &VerifyingKey,
|
||||
metadata: &ClientMetadata,
|
||||
) -> Result<i32, Error> {
|
||||
use crate::db::schema::{client_metadata, program_client};
|
||||
let pubkey = pubkey.clone();
|
||||
let metadata = metadata.clone();
|
||||
|
||||
let mut conn = db.get().await.map_err(|e| {
|
||||
error!(error = ?e, "Database pool error");
|
||||
Error::DatabasePoolUnavailable
|
||||
})?;
|
||||
|
||||
conn.exclusive_transaction(|conn| {
|
||||
let keyholder = keyholder.clone();
|
||||
let pubkey = pubkey.clone();
|
||||
Box::pin(async move {
|
||||
const NONCE_START: i32 = 1;
|
||||
|
||||
let metadata_id = insert_into(client_metadata::table)
|
||||
.values((
|
||||
client_metadata::name.eq(&metadata.name),
|
||||
@@ -237,39 +155,29 @@ async fn insert_client(
|
||||
client_metadata::version.eq(&metadata.version),
|
||||
))
|
||||
.returning(client_metadata::id)
|
||||
.get_result::<i32>(conn)
|
||||
.await?;
|
||||
.get_result::<i32>(&mut conn)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
error!(error = ?e, "Failed to insert client metadata");
|
||||
Error::DatabaseOperationFailed
|
||||
})?;
|
||||
|
||||
let client_id = insert_into(program_client::table)
|
||||
.values((
|
||||
program_client::public_key.eq(pubkey.as_bytes().to_vec()),
|
||||
program_client::metadata_id.eq(metadata_id),
|
||||
program_client::nonce.eq(NONCE_START),
|
||||
program_client::nonce.eq(1), // pre-incremented; challenge uses 0
|
||||
))
|
||||
.on_conflict_do_nothing()
|
||||
.returning(program_client::id)
|
||||
.get_result::<i32>(conn)
|
||||
.await?;
|
||||
|
||||
integrity::sign_entity(
|
||||
conn,
|
||||
&keyholder,
|
||||
&ClientCredentials {
|
||||
pubkey: pubkey.clone(),
|
||||
nonce: NONCE_START,
|
||||
},
|
||||
client_id,
|
||||
)
|
||||
.get_result::<i32>(&mut conn)
|
||||
.await
|
||||
.map_err(|e| {
|
||||
error!(error = ?e, "Failed to sign integrity tag for new client key");
|
||||
error!(error = ?e, "Failed to insert client metadata");
|
||||
Error::DatabaseOperationFailed
|
||||
})?;
|
||||
|
||||
Ok(client_id)
|
||||
})
|
||||
})
|
||||
.await
|
||||
}
|
||||
|
||||
async fn sync_client_metadata(
|
||||
@@ -387,11 +295,8 @@ where
|
||||
return Err(Error::Transport);
|
||||
};
|
||||
|
||||
let client_id = match get_current_nonce_and_id(&props.db, &pubkey).await? {
|
||||
Some((id, _)) => {
|
||||
verify_integrity(&props.db, &props.actors.key_holder, &pubkey).await?;
|
||||
id
|
||||
}
|
||||
let info = match get_client_and_nonce(&props.db, &pubkey).await? {
|
||||
Some(nonce) => nonce,
|
||||
None => {
|
||||
approve_new_client(
|
||||
&props.actors,
|
||||
@@ -401,13 +306,16 @@ where
|
||||
},
|
||||
)
|
||||
.await?;
|
||||
insert_client(&props.db, &props.actors.key_holder, &pubkey, &metadata).await?
|
||||
let client_id = insert_client(&props.db, &pubkey, &metadata).await?;
|
||||
ClientInfo {
|
||||
id: client_id,
|
||||
current_nonce: 0,
|
||||
}
|
||||
}
|
||||
};
|
||||
|
||||
sync_client_metadata(&props.db, client_id, &metadata).await?;
|
||||
let challenge_nonce = create_nonce(&props.db, &props.actors.key_holder, &pubkey).await?;
|
||||
challenge_client(transport, pubkey, challenge_nonce).await?;
|
||||
sync_client_metadata(&props.db, info.id, &metadata).await?;
|
||||
challenge_client(transport, pubkey, info.current_nonce).await?;
|
||||
|
||||
transport
|
||||
.send(Ok(Outbound::AuthSuccess))
|
||||
@@ -417,5 +325,5 @@ where
|
||||
Error::Transport
|
||||
})?;
|
||||
|
||||
Ok(client_id)
|
||||
Ok(info.id)
|
||||
}
|
||||
|
||||
@@ -4,7 +4,6 @@ use tracing::{error, info};
|
||||
|
||||
use crate::{
|
||||
actors::{GlobalActors, client::session::ClientSession},
|
||||
crypto::integrity::{Integrable, hashing::Hashable},
|
||||
db,
|
||||
};
|
||||
|
||||
@@ -14,22 +13,6 @@ pub struct ClientProfile {
|
||||
pub metadata: ClientMetadata,
|
||||
}
|
||||
|
||||
pub struct ClientCredentials {
|
||||
pub pubkey: ed25519_dalek::VerifyingKey,
|
||||
pub nonce: i32,
|
||||
}
|
||||
|
||||
impl Integrable for ClientCredentials {
|
||||
const KIND: &'static str = "client_credentials";
|
||||
}
|
||||
|
||||
impl Hashable for ClientCredentials {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(self.pubkey.as_bytes());
|
||||
self.nonce.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
pub struct ClientConnection {
|
||||
pub(crate) db: db::DatabasePool,
|
||||
pub(crate) actors: GlobalActors,
|
||||
|
||||
@@ -1,17 +1,18 @@
|
||||
use alloy::{consensus::TxEip1559, primitives::Address, signers::Signature};
|
||||
use diesel::{
|
||||
ExpressionMethods, OptionalExtension as _, QueryDsl, SelectableHelper as _, dsl::insert_into,
|
||||
BoolExpressionMethods as _, ExpressionMethods, OptionalExtension as _, QueryDsl,
|
||||
SelectableHelper as _, dsl::insert_into,
|
||||
};
|
||||
use diesel_async::RunQueryDsl;
|
||||
use diesel_async::{AsyncConnection as _, RunQueryDsl};
|
||||
use kameo::{Actor, actor::ActorRef, messages};
|
||||
use rand::{SeedableRng, rng, rngs::StdRng};
|
||||
|
||||
use crate::{
|
||||
actors::keyholder::{CreateNew, Decrypt, GetState, KeyHolder, KeyHolderState},
|
||||
actors::keyholder::{CreateNew, Decrypt, KeyHolder},
|
||||
crypto::integrity,
|
||||
db::{
|
||||
DatabaseError, DatabasePool,
|
||||
models::{self, SqliteTimestamp},
|
||||
models::{self},
|
||||
schema,
|
||||
},
|
||||
evm::{
|
||||
@@ -159,27 +160,114 @@ impl EvmActor {
|
||||
|
||||
#[message]
|
||||
pub async fn useragent_delete_grant(&mut self, grant_id: i32) -> Result<(), Error> {
|
||||
// let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
|
||||
// let keyholder = self.keyholder.clone();
|
||||
let mut conn = self.db.get().await.map_err(DatabaseError::from)?;
|
||||
|
||||
// diesel_async::AsyncConnection::transaction(&mut conn, |conn| {
|
||||
// Box::pin(async move {
|
||||
// diesel::update(schema::evm_basic_grant::table)
|
||||
// .filter(schema::evm_basic_grant::id.eq(grant_id))
|
||||
// .set(schema::evm_basic_grant::revoked_at.eq(SqliteTimestamp::now()))
|
||||
// .execute(conn)
|
||||
// .await?;
|
||||
// We intentionally perform a hard delete here to avoid leaving revoked grants and their
|
||||
// related rows as long-lived DB garbage. We also don't rely on SQLite FK cascades because
|
||||
// they can be disabled per-connection.
|
||||
conn.transaction(|conn| {
|
||||
Box::pin(async move {
|
||||
// First, resolve policy-specific rows by basic grant id.
|
||||
let token_grant_id: Option<i32> = schema::evm_token_transfer_grant::table
|
||||
.select(schema::evm_token_transfer_grant::id)
|
||||
.filter(schema::evm_token_transfer_grant::basic_grant_id.eq(grant_id))
|
||||
.first::<i32>(conn)
|
||||
.await
|
||||
.optional()?;
|
||||
|
||||
// let signed = integrity::evm::load_signed_grant_by_basic_id(conn, grant_id).await?;
|
||||
let ether_grant: Option<(i32, i32)> = schema::evm_ether_transfer_grant::table
|
||||
.select((
|
||||
schema::evm_ether_transfer_grant::id,
|
||||
schema::evm_ether_transfer_grant::limit_id,
|
||||
))
|
||||
.filter(schema::evm_ether_transfer_grant::basic_grant_id.eq(grant_id))
|
||||
.first::<(i32, i32)>(conn)
|
||||
.await
|
||||
.optional()?;
|
||||
|
||||
// diesel::result::QueryResult::Ok(())
|
||||
// })
|
||||
// })
|
||||
// .await
|
||||
// .map_err(DatabaseError::from)?;
|
||||
// Token-transfer: logs must be deleted before transaction logs (FK restrict).
|
||||
if let Some(token_grant_id) = token_grant_id {
|
||||
diesel::delete(
|
||||
schema::evm_token_transfer_log::table
|
||||
.filter(schema::evm_token_transfer_log::grant_id.eq(token_grant_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
// Ok(())
|
||||
todo!()
|
||||
diesel::delete(schema::evm_token_transfer_volume_limit::table.filter(
|
||||
schema::evm_token_transfer_volume_limit::grant_id.eq(token_grant_id),
|
||||
))
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
diesel::delete(
|
||||
schema::evm_token_transfer_grant::table
|
||||
.filter(schema::evm_token_transfer_grant::id.eq(token_grant_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
}
|
||||
|
||||
// Shared transaction logs for any grant kind.
|
||||
diesel::delete(
|
||||
schema::evm_transaction_log::table
|
||||
.filter(schema::evm_transaction_log::grant_id.eq(grant_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
// Ether-transfer: delete targets, grant row, then its limit row.
|
||||
if let Some((ether_grant_id, limit_id)) = ether_grant {
|
||||
diesel::delete(schema::evm_ether_transfer_grant_target::table.filter(
|
||||
schema::evm_ether_transfer_grant_target::grant_id.eq(ether_grant_id),
|
||||
))
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
diesel::delete(
|
||||
schema::evm_ether_transfer_grant::table
|
||||
.filter(schema::evm_ether_transfer_grant::id.eq(ether_grant_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
diesel::delete(
|
||||
schema::evm_ether_transfer_limit::table
|
||||
.filter(schema::evm_ether_transfer_limit::id.eq(limit_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
}
|
||||
|
||||
// Integrity envelopes are not FK-constrained; delete only grant-related kinds to
|
||||
// avoid accidentally deleting other entities that share the same integer ID.
|
||||
let entity_id = grant_id.to_be_bytes().to_vec();
|
||||
diesel::delete(
|
||||
schema::integrity_envelope::table
|
||||
.filter(schema::integrity_envelope::entity_id.eq(entity_id))
|
||||
.filter(
|
||||
schema::integrity_envelope::entity_kind
|
||||
.eq("EtherTransfer")
|
||||
.or(schema::integrity_envelope::entity_kind.eq("TokenTransfer")),
|
||||
),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
// Finally remove the basic grant row itself (idempotent if it doesn't exist).
|
||||
diesel::delete(
|
||||
schema::evm_basic_grant::table.filter(schema::evm_basic_grant::id.eq(grant_id)),
|
||||
)
|
||||
.execute(conn)
|
||||
.await?;
|
||||
|
||||
diesel::result::QueryResult::Ok(())
|
||||
})
|
||||
})
|
||||
.await
|
||||
.map_err(DatabaseError::from)?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
#[message]
|
||||
@@ -271,3 +359,6 @@ impl EvmActor {
|
||||
Ok(signer.sign_transaction_sync(&mut transaction)?)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests;
|
||||
|
||||
283
server/crates/arbiter-server/src/actors/evm/tests.rs
Normal file
283
server/crates/arbiter-server/src/actors/evm/tests.rs
Normal file
@@ -0,0 +1,283 @@
|
||||
use diesel::{ExpressionMethods as _, QueryDsl as _, dsl::insert_into};
|
||||
use diesel_async::RunQueryDsl;
|
||||
use kameo::actor::Spawn as _;
|
||||
|
||||
use crate::{
|
||||
actors::{evm::EvmActor, keyholder::KeyHolder},
|
||||
db::{self, models, schema},
|
||||
};
|
||||
|
||||
#[tokio::test]
|
||||
async fn delete_ether_grant_cleans_related_tables() {
|
||||
let db = db::create_test_pool().await;
|
||||
let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
|
||||
let mut actor = EvmActor::new(keyholder, db.clone());
|
||||
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
|
||||
.values(&models::NewEvmBasicGrant {
|
||||
wallet_access_id: 1,
|
||||
chain_id: 1,
|
||||
valid_from: None,
|
||||
valid_until: None,
|
||||
max_gas_fee_per_gas: None,
|
||||
max_priority_fee_per_gas: None,
|
||||
rate_limit_count: None,
|
||||
rate_limit_window_secs: None,
|
||||
revoked_at: None,
|
||||
})
|
||||
.returning(schema::evm_basic_grant::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let limit_id: i32 = insert_into(schema::evm_ether_transfer_limit::table)
|
||||
.values(&models::NewEvmEtherTransferLimit {
|
||||
window_secs: 60,
|
||||
max_volume: vec![1],
|
||||
})
|
||||
.returning(schema::evm_ether_transfer_limit::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let ether_grant_id: i32 = insert_into(schema::evm_ether_transfer_grant::table)
|
||||
.values(&models::NewEvmEtherTransferGrant {
|
||||
basic_grant_id: basic_id,
|
||||
limit_id,
|
||||
})
|
||||
.returning(schema::evm_ether_transfer_grant::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::evm_ether_transfer_grant_target::table)
|
||||
.values(&models::NewEvmEtherTransferGrantTarget {
|
||||
grant_id: ether_grant_id,
|
||||
address: vec![0u8; 20],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::evm_transaction_log::table)
|
||||
.values(&models::NewEvmTransactionLog {
|
||||
grant_id: basic_id,
|
||||
wallet_access_id: 1,
|
||||
chain_id: 1,
|
||||
eth_value: vec![0],
|
||||
signed_at: models::SqliteTimestamp::now(),
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::integrity_envelope::table)
|
||||
.values(&models::NewIntegrityEnvelope {
|
||||
entity_kind: "EtherTransfer".to_owned(),
|
||||
entity_id: basic_id.to_be_bytes().to_vec(),
|
||||
payload_version: 1,
|
||||
key_version: 1,
|
||||
mac: vec![0u8; 32],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
drop(conn);
|
||||
|
||||
actor.useragent_delete_grant(basic_id).await.unwrap();
|
||||
|
||||
// Idempotency: second delete should be a no-op.
|
||||
actor.useragent_delete_grant(basic_id).await.unwrap();
|
||||
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let basic_count: i64 = schema::evm_basic_grant::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(basic_count, 0);
|
||||
|
||||
let ether_grant_count: i64 = schema::evm_ether_transfer_grant::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(ether_grant_count, 0);
|
||||
|
||||
let target_count: i64 = schema::evm_ether_transfer_grant_target::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(target_count, 0);
|
||||
|
||||
let limit_count: i64 = schema::evm_ether_transfer_limit::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(limit_count, 0);
|
||||
|
||||
let log_count: i64 = schema::evm_transaction_log::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(log_count, 0);
|
||||
|
||||
let envelope_count: i64 = schema::integrity_envelope::table
|
||||
.filter(schema::integrity_envelope::entity_kind.eq("EtherTransfer"))
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(envelope_count, 0);
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
async fn delete_token_grant_cleans_related_tables() {
|
||||
let db = db::create_test_pool().await;
|
||||
let keyholder = KeyHolder::spawn(KeyHolder::new(db.clone()).await.unwrap());
|
||||
let mut actor = EvmActor::new(keyholder, db.clone());
|
||||
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let basic_id: i32 = insert_into(schema::evm_basic_grant::table)
|
||||
.values(&models::NewEvmBasicGrant {
|
||||
wallet_access_id: 1,
|
||||
chain_id: 1,
|
||||
valid_from: None,
|
||||
valid_until: None,
|
||||
max_gas_fee_per_gas: None,
|
||||
max_priority_fee_per_gas: None,
|
||||
rate_limit_count: None,
|
||||
rate_limit_window_secs: None,
|
||||
revoked_at: None,
|
||||
})
|
||||
.returning(schema::evm_basic_grant::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let token_grant_id: i32 = insert_into(schema::evm_token_transfer_grant::table)
|
||||
.values(&models::NewEvmTokenTransferGrant {
|
||||
basic_grant_id: basic_id,
|
||||
token_contract: vec![1u8; 20],
|
||||
receiver: None,
|
||||
})
|
||||
.returning(schema::evm_token_transfer_grant::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::evm_token_transfer_volume_limit::table)
|
||||
.values(&models::NewEvmTokenTransferVolumeLimit {
|
||||
grant_id: token_grant_id,
|
||||
window_secs: 60,
|
||||
max_volume: vec![1],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::evm_token_transfer_volume_limit::table)
|
||||
.values(&models::NewEvmTokenTransferVolumeLimit {
|
||||
grant_id: token_grant_id,
|
||||
window_secs: 3600,
|
||||
max_volume: vec![2],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let tx_log_id: i32 = insert_into(schema::evm_transaction_log::table)
|
||||
.values(&models::NewEvmTransactionLog {
|
||||
grant_id: basic_id,
|
||||
wallet_access_id: 1,
|
||||
chain_id: 1,
|
||||
eth_value: vec![0],
|
||||
signed_at: models::SqliteTimestamp::now(),
|
||||
})
|
||||
.returning(schema::evm_transaction_log::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::evm_token_transfer_log::table)
|
||||
.values(&models::NewEvmTokenTransferLog {
|
||||
grant_id: token_grant_id,
|
||||
log_id: tx_log_id,
|
||||
chain_id: 1,
|
||||
token_contract: vec![1u8; 20],
|
||||
recipient_address: vec![2u8; 20],
|
||||
value: vec![3],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
insert_into(schema::integrity_envelope::table)
|
||||
.values(&models::NewIntegrityEnvelope {
|
||||
entity_kind: "TokenTransfer".to_owned(),
|
||||
entity_id: basic_id.to_be_bytes().to_vec(),
|
||||
payload_version: 1,
|
||||
key_version: 1,
|
||||
mac: vec![0u8; 32],
|
||||
})
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
drop(conn);
|
||||
|
||||
actor.useragent_delete_grant(basic_id).await.unwrap();
|
||||
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let basic_count: i64 = schema::evm_basic_grant::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(basic_count, 0);
|
||||
|
||||
let token_grant_count: i64 = schema::evm_token_transfer_grant::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(token_grant_count, 0);
|
||||
|
||||
let token_limits_count: i64 = schema::evm_token_transfer_volume_limit::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(token_limits_count, 0);
|
||||
|
||||
let token_logs_count: i64 = schema::evm_token_transfer_log::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(token_logs_count, 0);
|
||||
|
||||
let tx_logs_count: i64 = schema::evm_transaction_log::table
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(tx_logs_count, 0);
|
||||
|
||||
let envelope_count: i64 = schema::integrity_envelope::table
|
||||
.filter(schema::integrity_envelope::entity_kind.eq("TokenTransfer"))
|
||||
.count()
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
assert_eq!(envelope_count, 0);
|
||||
}
|
||||
@@ -103,6 +103,7 @@ async fn verify_integrity(
|
||||
})?;
|
||||
|
||||
Ok(())
|
||||
|
||||
}
|
||||
|
||||
async fn create_nonce(
|
||||
|
||||
@@ -1,23 +1,59 @@
|
||||
use crate::{
|
||||
actors::{GlobalActors, client::ClientProfile},
|
||||
crypto::integrity::Integrable,
|
||||
db::{self, models::KeyType},
|
||||
actors::{GlobalActors, client::ClientProfile}, crypto::integrity::Integrable, db::{self, models::KeyType}
|
||||
};
|
||||
|
||||
fn serialize_ecdsa<S>(key: &k256::ecdsa::VerifyingKey, serializer: S) -> Result<S::Ok, S::Error>
|
||||
where
|
||||
S: serde::Serializer,
|
||||
{
|
||||
// Serialize as hex string for easier debugging (33 bytes compressed SEC1 format)
|
||||
let key = key.to_encoded_point(true);
|
||||
let bytes = key.as_bytes();
|
||||
serializer.serialize_bytes(bytes)
|
||||
}
|
||||
|
||||
fn deserialize_ecdsa<'de, D>(deserializer: D) -> Result<k256::ecdsa::VerifyingKey, D::Error>
|
||||
where
|
||||
D: serde::Deserializer<'de>,
|
||||
{
|
||||
struct EcdsaVisitor;
|
||||
|
||||
impl<'de> serde::de::Visitor<'de> for EcdsaVisitor {
|
||||
type Value = k256::ecdsa::VerifyingKey;
|
||||
|
||||
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
|
||||
formatter.write_str("a compressed SEC1-encoded ECDSA public key")
|
||||
}
|
||||
|
||||
fn visit_bytes<E>(self, v: &[u8]) -> Result<Self::Value, E>
|
||||
where
|
||||
E: serde::de::Error,
|
||||
{
|
||||
let point = k256::EncodedPoint::from_bytes(v)
|
||||
.map_err(|_| E::custom("invalid compressed SEC1 format"))?;
|
||||
k256::ecdsa::VerifyingKey::from_encoded_point(&point)
|
||||
.map_err(|_| E::custom("invalid ECDSA public key"))
|
||||
}
|
||||
}
|
||||
|
||||
deserializer.deserialize_bytes(EcdsaVisitor)
|
||||
}
|
||||
|
||||
/// Abstraction over Ed25519 / ECDSA-secp256k1 / RSA public keys used during the auth handshake.
|
||||
#[derive(Clone, Debug)]
|
||||
#[derive(Clone, Debug, Serialize)]
|
||||
pub enum AuthPublicKey {
|
||||
Ed25519(ed25519_dalek::VerifyingKey),
|
||||
/// Compressed SEC1 public key; signature bytes are raw 64-byte (r||s).
|
||||
#[serde(serialize_with = "serialize_ecdsa", deserialize_with = "deserialize_ecdsa")]
|
||||
EcdsaSecp256k1(k256::ecdsa::VerifyingKey),
|
||||
/// RSA-2048+ public key (Windows Hello / KeyCredentialManager); signature bytes are PSS+SHA-256.
|
||||
Rsa(rsa::RsaPublicKey),
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Serialize)]
|
||||
pub struct UserAgentCredentials {
|
||||
pub pubkey: AuthPublicKey,
|
||||
pub nonce: i32,
|
||||
pub nonce: i32
|
||||
}
|
||||
|
||||
impl Integrable for UserAgentCredentials {
|
||||
@@ -102,19 +138,5 @@ pub mod auth;
|
||||
pub mod session;
|
||||
|
||||
pub use auth::authenticate;
|
||||
use serde::Serialize;
|
||||
pub use session::UserAgentSession;
|
||||
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
impl Hashable for AuthPublicKey {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(&self.to_stored_bytes());
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for UserAgentCredentials {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.pubkey.hash(hasher);
|
||||
self.nonce.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
use crate::{
|
||||
actors::keyholder, crypto::integrity::hashing::Hashable, safe_cell::SafeCellHandle as _,
|
||||
};
|
||||
use crate::{actors::keyholder, crypto::KeyCell,safe_cell::SafeCellHandle as _};
|
||||
use chacha20poly1305::Key;
|
||||
use hmac::{Hmac, Mac as _};
|
||||
use serde::Serialize;
|
||||
use sha2::Sha256;
|
||||
|
||||
use diesel::{ExpressionMethods as _, QueryDsl, dsl::insert_into, sqlite::Sqlite};
|
||||
@@ -9,8 +9,6 @@ use diesel_async::{AsyncConnection, RunQueryDsl};
|
||||
use kameo::{actor::ActorRef, error::SendError};
|
||||
use sha2::Digest as _;
|
||||
|
||||
pub mod hashing;
|
||||
|
||||
use crate::{
|
||||
actors::keyholder::{KeyHolder, SignIntegrity, VerifyIntegrity},
|
||||
db::{
|
||||
@@ -45,6 +43,9 @@ pub enum Error {
|
||||
|
||||
#[error("Integrity MAC mismatch for entity {entity_kind}")]
|
||||
MacMismatch { entity_kind: &'static str },
|
||||
|
||||
#[error("Payload serialization error: {0}")]
|
||||
PayloadSerialization(#[from] postcard::Error),
|
||||
}
|
||||
|
||||
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
||||
@@ -58,15 +59,13 @@ pub const INTEGRITY_SUBKEY_TAG: &[u8] = b"arbiter/db-integrity-key/v1";
|
||||
|
||||
pub type HmacSha256 = Hmac<Sha256>;
|
||||
|
||||
pub trait Integrable: Hashable {
|
||||
pub trait Integrable: Serialize {
|
||||
const KIND: &'static str;
|
||||
const VERSION: i32 = 1;
|
||||
}
|
||||
|
||||
fn payload_hash(payload: &impl Hashable) -> [u8; 32] {
|
||||
let mut hasher = Sha256::new();
|
||||
payload.hash(&mut hasher);
|
||||
hasher.finalize().into()
|
||||
fn payload_hash(payload: &[u8]) -> [u8; 32] {
|
||||
Sha256::digest(payload).into()
|
||||
}
|
||||
|
||||
fn push_len_prefixed(out: &mut Vec<u8>, bytes: &[u8]) {
|
||||
@@ -110,7 +109,8 @@ pub async fn sign_entity<E: Integrable>(
|
||||
entity: &E,
|
||||
entity_id: impl IntoId,
|
||||
) -> Result<(), Error> {
|
||||
let payload_hash = payload_hash(&entity);
|
||||
let payload = postcard::to_stdvec(entity)?;
|
||||
let payload_hash = payload_hash(&payload);
|
||||
|
||||
let entity_id = entity_id.into_id();
|
||||
|
||||
@@ -128,7 +128,7 @@ pub async fn sign_entity<E: Integrable>(
|
||||
.values(NewIntegrityEnvelope {
|
||||
entity_kind: E::KIND.to_owned(),
|
||||
entity_id: entity_id,
|
||||
payload_version: E::VERSION,
|
||||
payload_version: E::VERSION ,
|
||||
key_version,
|
||||
mac: mac.to_vec(),
|
||||
})
|
||||
@@ -162,9 +162,7 @@ pub async fn verify_entity<E: Integrable>(
|
||||
.first(conn)
|
||||
.await
|
||||
.map_err(|err| match err {
|
||||
diesel::result::Error::NotFound => Error::MissingEnvelope {
|
||||
entity_kind: E::KIND,
|
||||
},
|
||||
diesel::result::Error::NotFound => Error::MissingEnvelope { entity_kind: E::KIND },
|
||||
other => Error::Database(db::DatabaseError::from(other)),
|
||||
})?;
|
||||
|
||||
@@ -176,8 +174,14 @@ pub async fn verify_entity<E: Integrable>(
|
||||
});
|
||||
}
|
||||
|
||||
let payload_hash = payload_hash(&entity);
|
||||
let mac_input = build_mac_input(E::KIND, &entity_id, envelope.payload_version, &payload_hash);
|
||||
let payload = postcard::to_stdvec(entity)?;
|
||||
let payload_hash = payload_hash(&payload);
|
||||
let mac_input = build_mac_input(
|
||||
E::KIND,
|
||||
&entity_id,
|
||||
envelope.payload_version,
|
||||
&payload_hash,
|
||||
);
|
||||
|
||||
let result = keyholder
|
||||
.ask(VerifyIntegrity {
|
||||
@@ -185,16 +189,13 @@ pub async fn verify_entity<E: Integrable>(
|
||||
expected_mac: envelope.mac,
|
||||
key_version: envelope.key_version,
|
||||
})
|
||||
.await;
|
||||
.await
|
||||
;
|
||||
|
||||
match result {
|
||||
Ok(true) => Ok(AttestationStatus::Attested),
|
||||
Ok(false) => Err(Error::MacMismatch {
|
||||
entity_kind: E::KIND,
|
||||
}),
|
||||
Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => {
|
||||
Ok(AttestationStatus::Unavailable)
|
||||
}
|
||||
Ok(false) => Err(Error::MacMismatch { entity_kind: E::KIND }),
|
||||
Err(SendError::HandlerError(keyholder::Error::NotBootstrapped)) => Ok(AttestationStatus::Unavailable),
|
||||
Err(_) => Err(Error::KeyholderSend),
|
||||
}
|
||||
}
|
||||
@@ -204,10 +205,6 @@ mod tests {
|
||||
use diesel::{ExpressionMethods as _, QueryDsl};
|
||||
use diesel_async::RunQueryDsl;
|
||||
use kameo::{actor::ActorRef, prelude::Spawn};
|
||||
use rand::seq::SliceRandom;
|
||||
use sha2::Digest;
|
||||
|
||||
use proptest::prelude::*;
|
||||
|
||||
use crate::{
|
||||
actors::keyholder::{Bootstrap, KeyHolder},
|
||||
@@ -216,20 +213,13 @@ mod tests {
|
||||
};
|
||||
|
||||
use super::{Error, Integrable, sign_entity, verify_entity};
|
||||
use super::{hashing::Hashable, payload_hash};
|
||||
|
||||
#[derive(Clone)]
|
||||
#[derive(Clone, serde::Serialize)]
|
||||
struct DummyEntity {
|
||||
payload_version: i32,
|
||||
payload: Vec<u8>,
|
||||
}
|
||||
|
||||
impl Hashable for DummyEntity {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
self.payload_version.hash(hasher);
|
||||
self.payload.hash(hasher);
|
||||
}
|
||||
}
|
||||
impl Integrable for DummyEntity {
|
||||
const KIND: &'static str = "dummy_entity";
|
||||
}
|
||||
@@ -258,9 +248,7 @@ mod tests {
|
||||
payload: b"payload-v1".to_vec(),
|
||||
};
|
||||
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
|
||||
.await
|
||||
.unwrap();
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
|
||||
|
||||
let count: i64 = schema::integrity_envelope::table
|
||||
.filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
|
||||
@@ -271,9 +259,7 @@ mod tests {
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(count, 1, "envelope row must be created exactly once");
|
||||
verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
|
||||
.await
|
||||
.unwrap();
|
||||
verify_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
@@ -289,9 +275,7 @@ mod tests {
|
||||
payload: b"payload-v1".to_vec(),
|
||||
};
|
||||
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
|
||||
.await
|
||||
.unwrap();
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
|
||||
|
||||
diesel::update(schema::integrity_envelope::table)
|
||||
.filter(schema::integrity_envelope::entity_kind.eq("dummy_entity"))
|
||||
@@ -320,9 +304,7 @@ mod tests {
|
||||
payload: b"payload-v1".to_vec(),
|
||||
};
|
||||
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID)
|
||||
.await
|
||||
.unwrap();
|
||||
sign_entity(&mut conn, &keyholder, &entity, ENTITY_ID).await.unwrap();
|
||||
|
||||
let tampered = DummyEntity {
|
||||
payload: b"payload-v1-but-tampered".to_vec(),
|
||||
|
||||
@@ -1,107 +0,0 @@
|
||||
use hmac::digest::Digest;
|
||||
use std::collections::HashSet;
|
||||
|
||||
/// Deterministically hash a value by feeding its fields into the hasher in a consistent order.
|
||||
pub trait Hashable {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H);
|
||||
}
|
||||
|
||||
macro_rules! impl_numeric {
|
||||
($($t:ty),*) => {
|
||||
$(
|
||||
impl Hashable for $t {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(&self.to_be_bytes());
|
||||
}
|
||||
}
|
||||
)*
|
||||
};
|
||||
}
|
||||
|
||||
impl_numeric!(u8, u16, u32, u64, i8, i16, i32, i64);
|
||||
|
||||
impl Hashable for &[u8] {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(self);
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for String {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(self.as_bytes());
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Hashable + PartialOrd> Hashable for Vec<T> {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
let ref_sorted = {
|
||||
let mut sorted = self.iter().collect::<Vec<_>>();
|
||||
sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
|
||||
sorted
|
||||
};
|
||||
for item in ref_sorted {
|
||||
item.hash(hasher);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Hashable + PartialOrd> Hashable for HashSet<T> {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
let ref_sorted = {
|
||||
let mut sorted = self.iter().collect::<Vec<_>>();
|
||||
sorted.sort_by(|a, b| a.partial_cmp(b).unwrap());
|
||||
sorted
|
||||
};
|
||||
for item in ref_sorted {
|
||||
item.hash(hasher);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Hashable> Hashable for Option<T> {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
match self {
|
||||
Some(value) => {
|
||||
hasher.update(&[1]);
|
||||
value.hash(hasher);
|
||||
}
|
||||
None => hasher.update(&[0]),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Hashable> Hashable for Box<T> {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
self.as_ref().hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl<T: Hashable> Hashable for &T {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
(*self).hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for alloy::primitives::Address {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(self.as_slice());
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for alloy::primitives::U256 {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(self.to_be_bytes::<32>());
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for chrono::Duration {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(&self.num_seconds().to_be_bytes());
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for chrono::DateTime<chrono::Utc> {
|
||||
fn hash<H: Digest>(&self, hasher: &mut H) {
|
||||
hasher.update(&self.timestamp_millis().to_be_bytes());
|
||||
}
|
||||
}
|
||||
@@ -102,21 +102,11 @@ impl KeyCell {
|
||||
}
|
||||
}
|
||||
|
||||
/// User password might be of different length, have not enough entropy, etc...
|
||||
/// Derive a fixed-length key from the password using Argon2id, which is designed for password hashing and key derivation.
|
||||
pub fn derive_key(mut password: SafeCell<Vec<u8>>, salt: &Salt) -> KeyCell {
|
||||
let params = {
|
||||
#[cfg(debug_assertions)]
|
||||
{
|
||||
argon2::Params::new(8, 1, 1, None).unwrap()
|
||||
}
|
||||
|
||||
#[cfg(not(debug_assertions))]
|
||||
{
|
||||
argon2::Params::new(262_144, 3, 4, None).unwrap()
|
||||
}
|
||||
};
|
||||
|
||||
#[allow(clippy::unwrap_used)]
|
||||
let params = argon2::Params::new(262_144, 3, 4, None).unwrap();
|
||||
let hasher = Argon2::new(Algorithm::Argon2id, argon2::Version::V0x13, params);
|
||||
let mut key = SafeCell::new(Key::default());
|
||||
password.read_inline(|password_source| {
|
||||
|
||||
@@ -133,7 +133,6 @@ pub async fn create_pool(url: Option<&str>) -> Result<DatabasePool, DatabaseSetu
|
||||
Ok(pool)
|
||||
}
|
||||
|
||||
#[mutants::skip]
|
||||
pub async fn create_test_pool() -> DatabasePool {
|
||||
use rand::distr::{Alphanumeric, SampleString as _};
|
||||
|
||||
|
||||
@@ -21,8 +21,8 @@ use crate::{
|
||||
schema::{self, evm_transaction_log},
|
||||
},
|
||||
evm::policies::{
|
||||
CombinedSettings, DatabaseID, EvalContext, EvalViolation, Grant, Policy,
|
||||
SharedGrantSettings, SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
|
||||
DatabaseID, EvalContext, EvalViolation, Grant, Policy, CombinedSettings, SharedGrantSettings,
|
||||
SpecificGrant, SpecificMeaning, ether_transfer::EtherTransfer,
|
||||
token_transfers::TokenTransfer,
|
||||
},
|
||||
};
|
||||
@@ -90,14 +90,6 @@ async fn check_shared_constraints(
|
||||
let mut violations = Vec::new();
|
||||
let now = Utc::now();
|
||||
|
||||
if shared.chain != context.chain {
|
||||
violations.push(EvalViolation::MismatchingChainId {
|
||||
expected: shared.chain,
|
||||
actual: context.chain,
|
||||
});
|
||||
return Ok(violations);
|
||||
}
|
||||
|
||||
// Validity window
|
||||
if shared.valid_from.is_some_and(|t| now < t) || shared.valid_until.is_some_and(|t| now > t) {
|
||||
violations.push(EvalViolation::InvalidTime);
|
||||
@@ -258,7 +250,12 @@ impl Engine {
|
||||
|
||||
P::create_grant(&basic_grant, &full_grant.specific, conn).await?;
|
||||
|
||||
integrity::sign_entity(conn, &keyholder, &full_grant, basic_grant.id)
|
||||
integrity::sign_entity(
|
||||
conn,
|
||||
&keyholder,
|
||||
&full_grant,
|
||||
basic_grant.id,
|
||||
)
|
||||
.await
|
||||
.map_err(|_| diesel::result::Error::RollbackTransaction)?;
|
||||
|
||||
@@ -345,255 +342,3 @@ impl Engine {
|
||||
Err(VetError::UnsupportedTransactionType)
|
||||
}
|
||||
}
|
||||
|
||||
#[cfg(test)]
|
||||
mod tests {
|
||||
use alloy::primitives::{Address, Bytes, U256, address};
|
||||
use chrono::{Duration, Utc};
|
||||
use diesel::{SelectableHelper, insert_into};
|
||||
use diesel_async::RunQueryDsl;
|
||||
use rstest::rstest;
|
||||
|
||||
use crate::db::{
|
||||
self, DatabaseConnection,
|
||||
models::{
|
||||
EvmBasicGrant, EvmWalletAccess, NewEvmBasicGrant, NewEvmTransactionLog, SqliteTimestamp,
|
||||
},
|
||||
schema::{evm_basic_grant, evm_transaction_log},
|
||||
};
|
||||
use crate::evm::policies::{
|
||||
EvalContext, EvalViolation, SharedGrantSettings, TransactionRateLimit,
|
||||
};
|
||||
|
||||
use super::check_shared_constraints;
|
||||
|
||||
const WALLET_ACCESS_ID: i32 = 1;
|
||||
const CHAIN_ID: u64 = 1;
|
||||
const RECIPIENT: Address = address!("1111111111111111111111111111111111111111");
|
||||
|
||||
fn context() -> EvalContext {
|
||||
EvalContext {
|
||||
target: EvmWalletAccess {
|
||||
id: WALLET_ACCESS_ID,
|
||||
wallet_id: 10,
|
||||
client_id: 20,
|
||||
created_at: SqliteTimestamp(Utc::now()),
|
||||
},
|
||||
chain: CHAIN_ID,
|
||||
to: RECIPIENT,
|
||||
value: U256::ZERO,
|
||||
calldata: Bytes::new(),
|
||||
max_fee_per_gas: 100,
|
||||
max_priority_fee_per_gas: 10,
|
||||
}
|
||||
}
|
||||
|
||||
fn shared_settings() -> SharedGrantSettings {
|
||||
SharedGrantSettings {
|
||||
wallet_access_id: WALLET_ACCESS_ID,
|
||||
chain: CHAIN_ID,
|
||||
valid_from: None,
|
||||
valid_until: None,
|
||||
max_gas_fee_per_gas: None,
|
||||
max_priority_fee_per_gas: None,
|
||||
rate_limit: None,
|
||||
}
|
||||
}
|
||||
|
||||
async fn insert_basic_grant(
|
||||
conn: &mut DatabaseConnection,
|
||||
shared: &SharedGrantSettings,
|
||||
) -> EvmBasicGrant {
|
||||
insert_into(evm_basic_grant::table)
|
||||
.values(NewEvmBasicGrant {
|
||||
wallet_access_id: shared.wallet_access_id,
|
||||
chain_id: shared.chain as i32,
|
||||
valid_from: shared.valid_from.map(SqliteTimestamp),
|
||||
valid_until: shared.valid_until.map(SqliteTimestamp),
|
||||
max_gas_fee_per_gas: shared
|
||||
.max_gas_fee_per_gas
|
||||
.map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
|
||||
max_priority_fee_per_gas: shared
|
||||
.max_priority_fee_per_gas
|
||||
.map(|fee| super::utils::u256_to_bytes(fee).to_vec()),
|
||||
rate_limit_count: shared.rate_limit.as_ref().map(|limit| limit.count as i32),
|
||||
rate_limit_window_secs: shared
|
||||
.rate_limit
|
||||
.as_ref()
|
||||
.map(|limit| limit.window.num_seconds() as i32),
|
||||
revoked_at: None,
|
||||
})
|
||||
.returning(EvmBasicGrant::as_select())
|
||||
.get_result(conn)
|
||||
.await
|
||||
.unwrap()
|
||||
}
|
||||
|
||||
#[rstest]
|
||||
#[case::matching_chain(CHAIN_ID, false)]
|
||||
#[case::mismatching_chain(CHAIN_ID + 1, true)]
|
||||
#[tokio::test]
|
||||
async fn check_shared_constraints_enforces_chain_id(
|
||||
#[case] context_chain: u64,
|
||||
#[case] expect_mismatch: bool,
|
||||
) {
|
||||
let db = db::create_test_pool().await;
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let context = EvalContext {
|
||||
chain: context_chain,
|
||||
..context()
|
||||
};
|
||||
|
||||
let violations = check_shared_constraints(&context, &shared_settings(), 999, &mut *conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
violations
|
||||
.iter()
|
||||
.any(|violation| matches!(violation, EvalViolation::MismatchingChainId { .. })),
|
||||
expect_mismatch
|
||||
);
|
||||
|
||||
if expect_mismatch {
|
||||
assert_eq!(violations.len(), 1);
|
||||
} else {
|
||||
assert!(violations.is_empty());
|
||||
}
|
||||
}
|
||||
|
||||
#[rstest]
|
||||
#[case::valid_from_in_bounds(Some(Utc::now() - Duration::hours(1)), None, false)]
|
||||
#[case::valid_from_out_of_bounds(Some(Utc::now() + Duration::hours(1)), None, true)]
|
||||
#[case::valid_until_in_bounds(None, Some(Utc::now() + Duration::hours(1)), false)]
|
||||
#[case::valid_until_out_of_bounds(None, Some(Utc::now() - Duration::hours(1)), true)]
|
||||
#[tokio::test]
|
||||
async fn check_shared_constraints_enforces_validity_window(
|
||||
#[case] valid_from: Option<chrono::DateTime<Utc>>,
|
||||
#[case] valid_until: Option<chrono::DateTime<Utc>>,
|
||||
#[case] expect_invalid_time: bool,
|
||||
) {
|
||||
let db = db::create_test_pool().await;
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let shared = SharedGrantSettings {
|
||||
valid_from,
|
||||
valid_until,
|
||||
..shared_settings()
|
||||
};
|
||||
|
||||
let violations = check_shared_constraints(&context(), &shared, 999, &mut *conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
violations
|
||||
.iter()
|
||||
.any(|violation| matches!(violation, EvalViolation::InvalidTime)),
|
||||
expect_invalid_time
|
||||
);
|
||||
|
||||
if expect_invalid_time {
|
||||
assert_eq!(violations.len(), 1);
|
||||
} else {
|
||||
assert!(violations.is_empty());
|
||||
}
|
||||
}
|
||||
|
||||
#[rstest]
|
||||
#[case::max_fee_within_limit(Some(U256::from(100u64)), None, 100, 10, false)]
|
||||
#[case::max_fee_exceeded(Some(U256::from(99u64)), None, 100, 10, true)]
|
||||
#[case::priority_fee_within_limit(None, Some(U256::from(10u64)), 100, 10, false)]
|
||||
#[case::priority_fee_exceeded(None, Some(U256::from(9u64)), 100, 10, true)]
|
||||
#[tokio::test]
|
||||
async fn check_shared_constraints_enforces_gas_fee_caps(
|
||||
#[case] max_gas_fee_per_gas: Option<U256>,
|
||||
#[case] max_priority_fee_per_gas: Option<U256>,
|
||||
#[case] actual_max_fee_per_gas: u128,
|
||||
#[case] actual_max_priority_fee_per_gas: u128,
|
||||
#[case] expect_gas_limit_violation: bool,
|
||||
) {
|
||||
let db = db::create_test_pool().await;
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let context = EvalContext {
|
||||
max_fee_per_gas: actual_max_fee_per_gas,
|
||||
max_priority_fee_per_gas: actual_max_priority_fee_per_gas,
|
||||
..context()
|
||||
};
|
||||
|
||||
let shared = SharedGrantSettings {
|
||||
max_gas_fee_per_gas,
|
||||
max_priority_fee_per_gas,
|
||||
..shared_settings()
|
||||
};
|
||||
let violations = check_shared_constraints(&context, &shared, 999, &mut *conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
violations
|
||||
.iter()
|
||||
.any(|violation| matches!(violation, EvalViolation::GasLimitExceeded { .. })),
|
||||
expect_gas_limit_violation
|
||||
);
|
||||
|
||||
if expect_gas_limit_violation {
|
||||
assert_eq!(violations.len(), 1);
|
||||
} else {
|
||||
assert!(violations.is_empty());
|
||||
}
|
||||
}
|
||||
|
||||
#[rstest]
|
||||
#[case::under_rate_limit(2, false)]
|
||||
#[case::at_rate_limit(1, true)]
|
||||
#[tokio::test]
|
||||
async fn check_shared_constraints_enforces_rate_limit(
|
||||
#[case] rate_limit_count: u32,
|
||||
#[case] expect_rate_limit_violation: bool,
|
||||
) {
|
||||
let db = db::create_test_pool().await;
|
||||
let mut conn = db.get().await.unwrap();
|
||||
|
||||
let shared = SharedGrantSettings {
|
||||
rate_limit: Some(TransactionRateLimit {
|
||||
count: rate_limit_count,
|
||||
window: Duration::hours(1),
|
||||
}),
|
||||
..shared_settings()
|
||||
};
|
||||
|
||||
let basic_grant = insert_basic_grant(&mut conn, &shared).await;
|
||||
|
||||
insert_into(evm_transaction_log::table)
|
||||
.values(NewEvmTransactionLog {
|
||||
grant_id: basic_grant.id,
|
||||
wallet_access_id: WALLET_ACCESS_ID,
|
||||
chain_id: CHAIN_ID as i32,
|
||||
eth_value: super::utils::u256_to_bytes(U256::ZERO).to_vec(),
|
||||
signed_at: SqliteTimestamp(Utc::now()),
|
||||
})
|
||||
.execute(&mut *conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let violations = check_shared_constraints(&context(), &shared, basic_grant.id, &mut *conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
assert_eq!(
|
||||
violations
|
||||
.iter()
|
||||
.any(|violation| matches!(violation, EvalViolation::RateLimitExceeded)),
|
||||
expect_rate_limit_violation
|
||||
);
|
||||
|
||||
if expect_rate_limit_violation {
|
||||
assert_eq!(violations.len(), 1);
|
||||
} else {
|
||||
assert!(violations.is_empty());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -7,12 +7,11 @@ use diesel::{
|
||||
};
|
||||
use diesel_async::{AsyncConnection, RunQueryDsl};
|
||||
|
||||
use serde::Serialize;
|
||||
use thiserror::Error;
|
||||
|
||||
use crate::{
|
||||
crypto::integrity::v1::Integrable,
|
||||
db::models::{self, EvmBasicGrant, EvmWalletAccess},
|
||||
evm::utils,
|
||||
crypto::integrity::v1::Integrable, db::models::{self, EvmBasicGrant, EvmWalletAccess}, evm::utils
|
||||
};
|
||||
|
||||
pub mod ether_transfer;
|
||||
@@ -56,14 +55,11 @@ pub enum EvalViolation {
|
||||
|
||||
#[error("Transaction type is not allowed by this grant")]
|
||||
InvalidTransactionType,
|
||||
|
||||
#[error("Mismatching chain ID")]
|
||||
MismatchingChainId { expected: ChainId, actual: ChainId },
|
||||
}
|
||||
|
||||
pub type DatabaseID = i32;
|
||||
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Serialize)]
|
||||
pub struct Grant<PolicySettings> {
|
||||
pub id: DatabaseID,
|
||||
pub common_settings_id: DatabaseID, // ID of the basic grant for shared-logic checks like rate limits and validity periods
|
||||
@@ -127,19 +123,19 @@ pub enum SpecificMeaning {
|
||||
TokenTransfer(token_transfers::Meaning),
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
|
||||
pub struct TransactionRateLimit {
|
||||
pub count: u32,
|
||||
pub window: Duration,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord)]
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
|
||||
pub struct VolumeRateLimit {
|
||||
pub max_volume: U256,
|
||||
pub window: Duration,
|
||||
}
|
||||
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash)]
|
||||
#[derive(Clone, Debug, PartialEq, Eq, Hash, Serialize)]
|
||||
pub struct SharedGrantSettings {
|
||||
pub wallet_access_id: i32,
|
||||
pub chain: ChainId,
|
||||
@@ -200,7 +196,7 @@ pub enum SpecificGrant {
|
||||
TokenTransfer(token_transfers::Settings),
|
||||
}
|
||||
|
||||
#[derive(Debug)]
|
||||
#[derive(Debug, Serialize)]
|
||||
pub struct CombinedSettings<PolicyGrant> {
|
||||
pub shared: SharedGrantSettings,
|
||||
pub specific: PolicyGrant,
|
||||
@@ -220,37 +216,3 @@ impl<P: Integrable> Integrable for CombinedSettings<P> {
|
||||
const VERSION: i32 = P::VERSION;
|
||||
}
|
||||
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
impl Hashable for TransactionRateLimit {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.count.hash(hasher);
|
||||
self.window.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for VolumeRateLimit {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.max_volume.hash(hasher);
|
||||
self.window.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl Hashable for SharedGrantSettings {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.wallet_access_id.hash(hasher);
|
||||
self.chain.hash(hasher);
|
||||
self.valid_from.hash(hasher);
|
||||
self.valid_until.hash(hasher);
|
||||
self.max_gas_fee_per_gas.hash(hasher);
|
||||
self.max_priority_fee_per_gas.hash(hasher);
|
||||
self.rate_limit.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl<P: Hashable> Hashable for CombinedSettings<P> {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.shared.hash(hasher);
|
||||
self.specific.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -52,7 +52,7 @@ impl From<Meaning> for SpecificMeaning {
|
||||
}
|
||||
|
||||
// A grant for ether transfers, which can be scoped to specific target addresses and volume limits
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, serde::Serialize)]
|
||||
pub struct Settings {
|
||||
pub target: Vec<Address>,
|
||||
pub limit: VolumeRateLimit,
|
||||
@@ -61,15 +61,6 @@ impl Integrable for Settings {
|
||||
const KIND: &'static str = "EtherTransfer";
|
||||
}
|
||||
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
impl Hashable for Settings {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.target.hash(hasher);
|
||||
self.limit.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl From<Settings> for SpecificGrant {
|
||||
fn from(val: Settings) -> SpecificGrant {
|
||||
SpecificGrant::EtherTransfer(val)
|
||||
|
||||
@@ -84,6 +84,8 @@ fn shared() -> SharedGrantSettings {
|
||||
}
|
||||
}
|
||||
|
||||
// ── analyze ─────────────────────────────────────────────────────────────
|
||||
|
||||
#[test]
|
||||
fn analyze_matches_empty_calldata() {
|
||||
let m = EtherTransfer::analyze(&ctx(ALLOWED, U256::from(1_000u64))).unwrap();
|
||||
@@ -100,6 +102,8 @@ fn analyze_rejects_nonempty_calldata() {
|
||||
assert!(EtherTransfer::analyze(&context).is_none());
|
||||
}
|
||||
|
||||
// ── evaluate ────────────────────────────────────────────────────────────
|
||||
|
||||
#[tokio::test]
|
||||
async fn evaluate_passes_for_allowed_target() {
|
||||
let db = db::create_test_pool().await;
|
||||
@@ -272,6 +276,8 @@ async fn evaluate_passes_at_exactly_volume_limit() {
|
||||
);
|
||||
}
|
||||
|
||||
// ── try_find_grant ───────────────────────────────────────────────────────
|
||||
|
||||
#[tokio::test]
|
||||
async fn try_find_grant_roundtrip() {
|
||||
let db = db::create_test_pool().await;
|
||||
@@ -330,36 +336,7 @@ async fn try_find_grant_wrong_target_returns_none() {
|
||||
assert!(found.is_none());
|
||||
}
|
||||
|
||||
proptest::proptest! {
|
||||
#[test]
|
||||
fn target_order_does_not_affect_hash(
|
||||
raw_addrs in proptest::collection::vec(proptest::prelude::any::<[u8; 20]>(), 0..8),
|
||||
seed in proptest::prelude::any::<u64>(),
|
||||
max_volume in proptest::prelude::any::<u64>(),
|
||||
window_secs in 1i64..=86400,
|
||||
) {
|
||||
use rand::{SeedableRng, seq::SliceRandom};
|
||||
use sha2::Digest;
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
let addrs: Vec<Address> = raw_addrs.iter().map(|b| Address::from(*b)).collect();
|
||||
let mut shuffled = addrs.clone();
|
||||
shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
|
||||
|
||||
let limit = VolumeRateLimit {
|
||||
max_volume: U256::from(max_volume),
|
||||
window: Duration::seconds(window_secs),
|
||||
};
|
||||
|
||||
let mut h1 = sha2::Sha256::new();
|
||||
Settings { target: addrs, limit: limit.clone() }.hash(&mut h1);
|
||||
|
||||
let mut h2 = sha2::Sha256::new();
|
||||
Settings { target: shuffled, limit }.hash(&mut h2);
|
||||
|
||||
proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
|
||||
}
|
||||
}
|
||||
// ── find_all_grants ──────────────────────────────────────────────────────
|
||||
|
||||
#[tokio::test]
|
||||
async fn find_all_grants_empty_db() {
|
||||
|
||||
@@ -1,5 +1,17 @@
|
||||
use std::collections::HashMap;
|
||||
|
||||
use alloy::{
|
||||
primitives::{Address, U256},
|
||||
sol_types::SolCall,
|
||||
};
|
||||
use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
|
||||
use chrono::{DateTime, Duration, Utc};
|
||||
use diesel::dsl::{auto_type, insert_into};
|
||||
use diesel::sqlite::Sqlite;
|
||||
use diesel::{ExpressionMethods, prelude::*};
|
||||
use diesel_async::{AsyncConnection, RunQueryDsl};
|
||||
use serde::Serialize;
|
||||
|
||||
use crate::db::schema::{
|
||||
evm_basic_grant, evm_token_transfer_grant, evm_token_transfer_log,
|
||||
evm_token_transfer_volume_limit,
|
||||
@@ -20,16 +32,6 @@ use crate::{
|
||||
},
|
||||
evm::policies::CombinedSettings,
|
||||
};
|
||||
use alloy::{
|
||||
primitives::{Address, U256},
|
||||
sol_types::SolCall,
|
||||
};
|
||||
use arbiter_tokens_registry::evm::nonfungible::{self, TokenInfo};
|
||||
use chrono::{DateTime, Duration, Utc};
|
||||
use diesel::dsl::{auto_type, insert_into};
|
||||
use diesel::sqlite::Sqlite;
|
||||
use diesel::{ExpressionMethods, prelude::*};
|
||||
use diesel_async::{AsyncConnection, RunQueryDsl};
|
||||
|
||||
use super::{DatabaseID, EvalContext, EvalViolation};
|
||||
|
||||
@@ -62,7 +64,7 @@ impl From<Meaning> for SpecificMeaning {
|
||||
}
|
||||
|
||||
// A grant for token transfers, which can be scoped to specific target addresses and volume limits
|
||||
#[derive(Debug, Clone)]
|
||||
#[derive(Debug, Clone, Serialize)]
|
||||
pub struct Settings {
|
||||
pub token_contract: Address,
|
||||
pub target: Option<Address>,
|
||||
@@ -71,17 +73,6 @@ pub struct Settings {
|
||||
impl Integrable for Settings {
|
||||
const KIND: &'static str = "TokenTransfer";
|
||||
}
|
||||
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
impl Hashable for Settings {
|
||||
fn hash<H: sha2::Digest>(&self, hasher: &mut H) {
|
||||
self.token_contract.hash(hasher);
|
||||
self.target.hash(hasher);
|
||||
self.volume_limits.hash(hasher);
|
||||
}
|
||||
}
|
||||
|
||||
impl From<Settings> for SpecificGrant {
|
||||
fn from(val: Settings) -> SpecificGrant {
|
||||
SpecificGrant::TokenTransfer(val)
|
||||
|
||||
@@ -101,6 +101,8 @@ fn shared() -> SharedGrantSettings {
|
||||
}
|
||||
}
|
||||
|
||||
// ── analyze ─────────────────────────────────────────────────────────────
|
||||
|
||||
#[test]
|
||||
fn analyze_known_token_valid_calldata() {
|
||||
let calldata = transfer_calldata(RECIPIENT, U256::from(100u64));
|
||||
@@ -126,6 +128,8 @@ fn analyze_empty_calldata_returns_none() {
|
||||
assert!(TokenTransfer::analyze(&ctx(DAI, Bytes::new())).is_none());
|
||||
}
|
||||
|
||||
// ── evaluate ────────────────────────────────────────────────────────────
|
||||
|
||||
#[tokio::test]
|
||||
async fn evaluate_rejects_nonzero_eth_value() {
|
||||
let db = db::create_test_pool().await;
|
||||
@@ -408,39 +412,7 @@ async fn try_find_grant_unknown_token_returns_none() {
|
||||
assert!(found.is_none());
|
||||
}
|
||||
|
||||
proptest::proptest! {
|
||||
#[test]
|
||||
fn volume_limits_order_does_not_affect_hash(
|
||||
raw_limits in proptest::collection::vec(
|
||||
(proptest::prelude::any::<u64>(), 1i64..=86400),
|
||||
0..8,
|
||||
),
|
||||
seed in proptest::prelude::any::<u64>(),
|
||||
) {
|
||||
use rand::{SeedableRng, seq::SliceRandom};
|
||||
use sha2::Digest;
|
||||
use crate::crypto::integrity::hashing::Hashable;
|
||||
|
||||
let limits: Vec<VolumeRateLimit> = raw_limits
|
||||
.iter()
|
||||
.map(|(max_vol, window_secs)| VolumeRateLimit {
|
||||
max_volume: U256::from(*max_vol),
|
||||
window: Duration::seconds(*window_secs),
|
||||
})
|
||||
.collect();
|
||||
|
||||
let mut shuffled = limits.clone();
|
||||
shuffled.shuffle(&mut rand::rngs::StdRng::seed_from_u64(seed));
|
||||
|
||||
let mut h1 = sha2::Sha256::new();
|
||||
Settings { token_contract: DAI, target: None, volume_limits: limits }.hash(&mut h1);
|
||||
|
||||
let mut h2 = sha2::Sha256::new();
|
||||
Settings { token_contract: DAI, target: None, volume_limits: shuffled }.hash(&mut h2);
|
||||
|
||||
proptest::prop_assert_eq!(h1.finalize(), h2.finalize());
|
||||
}
|
||||
}
|
||||
// ── find_all_grants ──────────────────────────────────────────────────────
|
||||
|
||||
#[tokio::test]
|
||||
async fn find_all_grants_empty_db() {
|
||||
|
||||
@@ -68,7 +68,6 @@ impl<'a> AuthTransportAdapter<'a> {
|
||||
auth::Error::ApproveError(auth::ApproveError::Internal)
|
||||
| auth::Error::DatabasePoolUnavailable
|
||||
| auth::Error::DatabaseOperationFailed
|
||||
| auth::Error::IntegrityCheckFailed
|
||||
| auth::Error::Transport => ProtoAuthResult::Internal,
|
||||
}
|
||||
.into(),
|
||||
|
||||
@@ -8,7 +8,7 @@ use arbiter_proto::proto::{
|
||||
EvalViolation as ProtoEvalViolation, GasLimitExceededViolation, NoMatchingGrantError,
|
||||
PolicyViolationsError, SpecificMeaning as ProtoSpecificMeaning,
|
||||
TokenInfo as ProtoTokenInfo, TransactionEvalError as ProtoTransactionEvalError,
|
||||
eval_violation as proto_eval_violation, eval_violation::Kind as ProtoEvalViolationKind,
|
||||
eval_violation::Kind as ProtoEvalViolationKind,
|
||||
specific_meaning::Meaning as ProtoSpecificMeaningKind,
|
||||
transaction_eval_error::Kind as ProtoTransactionEvalErrorKind,
|
||||
},
|
||||
@@ -79,12 +79,6 @@ impl Convert for EvalViolation {
|
||||
EvalViolation::InvalidTransactionType => {
|
||||
ProtoEvalViolationKind::InvalidTransactionType(())
|
||||
}
|
||||
EvalViolation::MismatchingChainId { expected, actual } => {
|
||||
ProtoEvalViolationKind::ChainIdMismatch(proto_eval_violation::ChainIdMismatch {
|
||||
expected,
|
||||
actual,
|
||||
})
|
||||
}
|
||||
};
|
||||
|
||||
ProtoEvalViolation { kind: Some(kind) }
|
||||
@@ -114,7 +108,7 @@ impl Convert for VetError {
|
||||
violations: violations.into_iter().map(Convert::convert).collect(),
|
||||
})
|
||||
}
|
||||
PolicyError::Database(_) | PolicyError::Integrity(_) => {
|
||||
PolicyError::Database(_)| PolicyError::Integrity(_) => {
|
||||
return EvmSignTransactionResult::Error(ProtoEvmError::Internal.into());
|
||||
}
|
||||
},
|
||||
|
||||
@@ -10,7 +10,6 @@ use tracing::info;
|
||||
const PORT: u16 = 50051;
|
||||
|
||||
#[tokio::main]
|
||||
#[mutants::skip]
|
||||
async fn main() -> anyhow::Result<()> {
|
||||
aws_lc_rs::default_provider().install_default().unwrap();
|
||||
|
||||
|
||||
@@ -1,14 +1,9 @@
|
||||
use arbiter_proto::ClientMetadata;
|
||||
use arbiter_proto::transport::{Receiver, Sender};
|
||||
use arbiter_server::actors::GlobalActors;
|
||||
use arbiter_server::{
|
||||
actors::{
|
||||
GlobalActors,
|
||||
client::{ClientConnection, ClientCredentials, auth, connect_client},
|
||||
keyholder::Bootstrap,
|
||||
},
|
||||
crypto::integrity,
|
||||
db::{self, schema},
|
||||
safe_cell::{SafeCell, SafeCellHandle as _},
|
||||
actors::client::{ClientConnection, auth, connect_client},
|
||||
db,
|
||||
};
|
||||
use diesel::{ExpressionMethods as _, NullableExpressionMethods as _, QueryDsl as _, insert_into};
|
||||
use diesel_async::RunQueryDsl;
|
||||
@@ -26,8 +21,7 @@ fn metadata(name: &str, description: Option<&str>, version: Option<&str>) -> Cli
|
||||
|
||||
async fn insert_registered_client(
|
||||
db: &db::DatabasePool,
|
||||
actors: &GlobalActors,
|
||||
pubkey: ed25519_dalek::VerifyingKey,
|
||||
pubkey: Vec<u8>,
|
||||
metadata: &ClientMetadata,
|
||||
) {
|
||||
use arbiter_server::db::schema::{client_metadata, program_client};
|
||||
@@ -43,64 +37,23 @@ async fn insert_registered_client(
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
let client_id: i32 = insert_into(program_client::table)
|
||||
insert_into(program_client::table)
|
||||
.values((
|
||||
program_client::public_key.eq(pubkey.to_bytes().to_vec()),
|
||||
program_client::public_key.eq(pubkey),
|
||||
program_client::metadata_id.eq(metadata_id),
|
||||
))
|
||||
.returning(program_client::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
integrity::sign_entity(
|
||||
&mut conn,
|
||||
&actors.key_holder,
|
||||
&ClientCredentials { pubkey, nonce: 1 },
|
||||
client_id,
|
||||
)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
async fn insert_bootstrap_sentinel_useragent(db: &db::DatabasePool) {
|
||||
let mut conn = db.get().await.unwrap();
|
||||
let sentinel_key = ed25519_dalek::SigningKey::generate(&mut rand::rng())
|
||||
.verifying_key()
|
||||
.to_bytes()
|
||||
.to_vec();
|
||||
|
||||
insert_into(schema::useragent_client::table)
|
||||
.values((
|
||||
schema::useragent_client::public_key.eq(sentinel_key),
|
||||
schema::useragent_client::key_type.eq(1i32),
|
||||
))
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
async fn spawn_test_actors(db: &db::DatabasePool) -> GlobalActors {
|
||||
insert_bootstrap_sentinel_useragent(db).await;
|
||||
|
||||
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
|
||||
actors
|
||||
.key_holder
|
||||
.ask(Bootstrap {
|
||||
seal_key_raw: SafeCell::new(b"test-seal-key".to_vec()),
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
actors
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[test_log::test]
|
||||
pub async fn test_unregistered_pubkey_rejected() {
|
||||
let db = db::create_test_pool().await;
|
||||
|
||||
let (server_transport, mut test_transport) = ChannelTransport::new();
|
||||
let actors = spawn_test_actors(&db).await;
|
||||
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
let task = tokio::spawn(async move {
|
||||
let mut server_transport = server_transport;
|
||||
@@ -125,19 +78,20 @@ pub async fn test_unregistered_pubkey_rejected() {
|
||||
#[test_log::test]
|
||||
pub async fn test_challenge_auth() {
|
||||
let db = db::create_test_pool().await;
|
||||
let actors = spawn_test_actors(&db).await;
|
||||
|
||||
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
|
||||
let pubkey_bytes = new_key.verifying_key().to_bytes().to_vec();
|
||||
|
||||
insert_registered_client(
|
||||
&db,
|
||||
&actors,
|
||||
new_key.verifying_key(),
|
||||
pubkey_bytes.clone(),
|
||||
&metadata("client", Some("desc"), Some("1.0.0")),
|
||||
)
|
||||
.await;
|
||||
|
||||
let (server_transport, mut test_transport) = ChannelTransport::new();
|
||||
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
|
||||
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
let task = tokio::spawn(async move {
|
||||
let mut server_transport = server_transport;
|
||||
@@ -193,13 +147,34 @@ pub async fn test_challenge_auth() {
|
||||
#[test_log::test]
|
||||
pub async fn test_metadata_unchanged_does_not_append_history() {
|
||||
let db = db::create_test_pool().await;
|
||||
let actors = spawn_test_actors(&db).await;
|
||||
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
|
||||
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
|
||||
let requested = metadata("client", Some("desc"), Some("1.0.0"));
|
||||
|
||||
insert_registered_client(&db, &actors, new_key.verifying_key(), &requested).await;
|
||||
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
{
|
||||
use arbiter_server::db::schema::{client_metadata, program_client};
|
||||
let mut conn = db.get().await.unwrap();
|
||||
let metadata_id: i32 = insert_into(client_metadata::table)
|
||||
.values((
|
||||
client_metadata::name.eq(&requested.name),
|
||||
client_metadata::description.eq(&requested.description),
|
||||
client_metadata::version.eq(&requested.version),
|
||||
))
|
||||
.returning(client_metadata::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
insert_into(program_client::table)
|
||||
.values((
|
||||
program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
|
||||
program_client::metadata_id.eq(metadata_id),
|
||||
))
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let (server_transport, mut test_transport) = ChannelTransport::new();
|
||||
let task = tokio::spawn(async move {
|
||||
@@ -250,18 +225,33 @@ pub async fn test_metadata_unchanged_does_not_append_history() {
|
||||
#[test_log::test]
|
||||
pub async fn test_metadata_change_appends_history_and_repoints_binding() {
|
||||
let db = db::create_test_pool().await;
|
||||
let actors = spawn_test_actors(&db).await;
|
||||
let actors = GlobalActors::spawn(db.clone()).await.unwrap();
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
|
||||
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
|
||||
|
||||
insert_registered_client(
|
||||
&db,
|
||||
&actors,
|
||||
new_key.verifying_key(),
|
||||
&metadata("client", Some("old"), Some("1.0.0")),
|
||||
)
|
||||
.await;
|
||||
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
{
|
||||
use arbiter_server::db::schema::{client_metadata, program_client};
|
||||
let mut conn = db.get().await.unwrap();
|
||||
let metadata_id: i32 = insert_into(client_metadata::table)
|
||||
.values((
|
||||
client_metadata::name.eq("client"),
|
||||
client_metadata::description.eq(Some("old")),
|
||||
client_metadata::version.eq(Some("1.0.0")),
|
||||
))
|
||||
.returning(client_metadata::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
insert_into(program_client::table)
|
||||
.values((
|
||||
program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
|
||||
program_client::metadata_id.eq(metadata_id),
|
||||
))
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let (server_transport, mut test_transport) = ChannelTransport::new();
|
||||
let task = tokio::spawn(async move {
|
||||
@@ -332,59 +322,3 @@ pub async fn test_metadata_change_appends_history_and_repoints_binding() {
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
#[tokio::test]
|
||||
#[test_log::test]
|
||||
pub async fn test_challenge_auth_rejects_integrity_tag_mismatch() {
|
||||
let db = db::create_test_pool().await;
|
||||
let actors = spawn_test_actors(&db).await;
|
||||
|
||||
let new_key = ed25519_dalek::SigningKey::generate(&mut rand::rng());
|
||||
let requested = metadata("client", Some("desc"), Some("1.0.0"));
|
||||
|
||||
{
|
||||
use arbiter_server::db::schema::{client_metadata, program_client};
|
||||
let mut conn = db.get().await.unwrap();
|
||||
let metadata_id: i32 = insert_into(client_metadata::table)
|
||||
.values((
|
||||
client_metadata::name.eq(&requested.name),
|
||||
client_metadata::description.eq(&requested.description),
|
||||
client_metadata::version.eq(&requested.version),
|
||||
))
|
||||
.returning(client_metadata::id)
|
||||
.get_result(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
insert_into(program_client::table)
|
||||
.values((
|
||||
program_client::public_key.eq(new_key.verifying_key().to_bytes().to_vec()),
|
||||
program_client::metadata_id.eq(metadata_id),
|
||||
))
|
||||
.execute(&mut conn)
|
||||
.await
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
let (server_transport, mut test_transport) = ChannelTransport::new();
|
||||
let props = ClientConnection::new(db.clone(), actors);
|
||||
let task = tokio::spawn(async move {
|
||||
let mut server_transport = server_transport;
|
||||
connect_client(props, &mut server_transport).await;
|
||||
});
|
||||
|
||||
test_transport
|
||||
.send(auth::Inbound::AuthChallengeRequest {
|
||||
pubkey: new_key.verifying_key(),
|
||||
metadata: requested,
|
||||
})
|
||||
.await
|
||||
.unwrap();
|
||||
|
||||
let response = test_transport
|
||||
.recv()
|
||||
.await
|
||||
.expect("should receive auth rejection");
|
||||
assert!(matches!(response, Err(auth::Error::IntegrityCheckFailed)));
|
||||
|
||||
task.await.unwrap();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user