Skip to content

Commit

Permalink
Pseudo ops (#503)
Browse files Browse the repository at this point in the history
* gotez version bump

* gotez v2.0.6

* CLI test updated

* handle pseudo-ops

* make binaries PHONY in Makefile to skip timestamp check

* List all available ops including pseudo-ops in example config

* chore: fix go.mod

---------

Co-authored-by: GImbrailo <ginoimbrailo@gmail.com>
  • Loading branch information
e-asphyx and GImbrailo authored Oct 25, 2024
1 parent e4ff429 commit cb93f83
Show file tree
Hide file tree
Showing 9 changed files with 76 additions and 25 deletions.
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@ GOLANG_CROSS_VERSION ?= v1.21.0

all: signatory signatory-cli

# build is controlled by Go build system, so mark phony to ignore file timestamps
.PHONY: signatory signatory-cli
signatory:
CGO_ENABLED=1 go build -ldflags "-X $(COLLECTOR_PKG).GitRevision=$(GIT_REVISION) -X $(COLLECTOR_PKG).GitBranch=$(GIT_BRANCH)" ./cmd/signatory
signatory-cli:
Expand Down
5 changes: 4 additions & 1 deletion cmd/commands/list_ops.go
Original file line number Diff line number Diff line change
Expand Up @@ -51,9 +51,12 @@ func NewListOps(c *Context) *cobra.Command {
Short: "Print possible operation types inside the `generic` request",
RunE: func(cmd *cobra.Command, args []string) error {
var ops []string
for _, k := range encoding.ListVariants[latest.OperationContents]() {
for _, k := range latest.ListOperations() {
ops = append(ops, k.OperationKind())
}
for _, op := range latest.ListPseudoOperations() {
ops = append(ops, op.PseudoOperation())
}
sort.Strings(ops)
return listOpsTpl.Execute(os.Stdout, ops)
},
Expand Down
1 change: 0 additions & 1 deletion docs/aws_kms.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,6 @@ tezos:
- block
- endorsement
allowed_kinds:
# List of [endorsement, ballot, reveal, transaction, origination, delegation, seed_nonce_revelation, activate_account]
- transaction
- endorsement
- reveal
Expand Down
8 changes: 4 additions & 4 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ require (
github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
github.com/ecadlabs/goblst v1.0.0
github.com/ecadlabs/gotez/v2 v2.1.3
github.com/go-playground/validator/v10 v10.16.0
github.com/go-playground/validator/v10 v10.22.0
github.com/google/tink/go v1.7.0
github.com/google/uuid v1.4.0
github.com/gorilla/mux v1.8.1
Expand Down Expand Up @@ -54,7 +54,7 @@ require (
github.com/cenkalti/backoff/v3 v3.2.2 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/ecadlabs/pretty v0.0.0-20230412124801-f948fc689a04 // indirect
github.com/gabriel-vasile/mimetype v1.4.3 // indirect
github.com/gabriel-vasile/mimetype v1.4.5 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/google/s2a-go v0.1.7 // indirect
github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
Expand Down Expand Up @@ -93,14 +93,14 @@ require (
github.com/golang/protobuf v1.5.3 // indirect
github.com/googleapis/gax-go/v2 v2.12.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/leodido/go-urn v1.2.4 // indirect
github.com/leodido/go-urn v1.4.0 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/client_model v0.5.0 // indirect
github.com/prometheus/common v0.45.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/spf13/pflag v1.0.5 // indirect
go.opencensus.io v0.24.0 // indirect
golang.org/x/net v0.21.0 // indirect
golang.org/x/net v0.27.0 // indirect
golang.org/x/sys v0.26.0 // indirect
golang.org/x/term v0.25.0
golang.org/x/text v0.19.0 // indirect
Expand Down
17 changes: 8 additions & 9 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -81,8 +81,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4=
github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4=
github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
Expand All @@ -92,8 +92,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
Expand Down Expand Up @@ -185,8 +185,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
Expand Down Expand Up @@ -242,7 +242,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
Expand Down Expand Up @@ -274,8 +273,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=
Expand Down
4 changes: 2 additions & 2 deletions pkg/signatory/signatory.go
Original file line number Diff line number Diff line change
Expand Up @@ -193,7 +193,7 @@ func matchFilter(policy *PublicKeyPolicy, req *SignRequest, msg protocol.SignReq

if ops, ok := msg.(*protocol.GenericOperationSignRequest); ok {
for _, op := range ops.Contents {
kind := op.OperationKind()
kind := core.GetOperationKind(op)
allowed = false
for _, k := range policy.AllowedOps {
if kind == k {
Expand Down Expand Up @@ -399,7 +399,7 @@ func (s *Signatory) Sign(ctx context.Context, req *SignRequest) (crypt.Signature
l.Error(err)
return nil, err
}
return p.vault.SignMessage(ctx, message, p.key)
return p.vault.SignMessage(ctx, message, key)
}

var sig crypt.Signature
Expand Down
47 changes: 46 additions & 1 deletion pkg/signatory/signatory_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,19 @@
package signatory_test

import (
"bytes"
"context"
"encoding/hex"
"fmt"
"testing"

tz "github.com/ecadlabs/gotez/v2"
"github.com/ecadlabs/gotez/v2/crypt"
"github.com/ecadlabs/gotez/v2/encoding"
"github.com/ecadlabs/gotez/v2/protocol"
"github.com/ecadlabs/gotez/v2/protocol/core"
"github.com/ecadlabs/gotez/v2/protocol/core/expression"
"github.com/ecadlabs/gotez/v2/protocol/latest"
"github.com/ecadlabs/signatory/pkg/config"
"github.com/ecadlabs/signatory/pkg/hashmap"
"github.com/ecadlabs/signatory/pkg/signatory"
Expand Down Expand Up @@ -59,6 +66,7 @@ func TestPolicy(t *testing.T) {
type testCase struct {
title string
msg []byte
req protocol.SignRequest
policy signatory.PublicKeyPolicy
expected string
}
Expand Down Expand Up @@ -301,6 +309,34 @@ func TestPolicy(t *testing.T) {
},
expected: "operation `update_consensus_key' is not allowed",
},
{
title: "Stake allowed",
req: &protocol.GenericOperationSignRequest{
Branch: &tz.BlockHash{},
Contents: []latest.OperationContents{
&latest.Transaction{
ManagerOperation: latest.ManagerOperation{
Source: &tz.Ed25519PublicKeyHash{1, 2, 3},
Fee: tz.BigUint{0x00},
Counter: tz.BigUint{0x00},
GasLimit: tz.BigUint{0x00},
StorageLimit: tz.BigUint{0x00},
},
Amount: tz.BigUint{0x00},
Destination: core.ImplicitContract{PublicKeyHash: &tz.Ed25519PublicKeyHash{1, 2, 3}},
Parameters: tz.Some(latest.Parameters{
Entrypoint: latest.EpStake{},
Value: expression.Prim00(expression.Prim_Unit),
}),
},
},
},
policy: signatory.PublicKeyPolicy{
AllowedRequests: []string{"generic"},
AllowedOps: []string{"stake"},
LogPayloads: true,
},
},
}

priv, err := crypt.ParsePrivateKey([]byte(privateKey))
Expand All @@ -322,7 +358,16 @@ func TestPolicy(t *testing.T) {
require.NoError(t, err)
require.NoError(t, s.Unlock(context.Background()))

_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: pk.Hash(), Message: c.msg})
var msg []byte
if c.req != nil {
var buf bytes.Buffer
require.NoError(t, encoding.Encode(&buf, &c.req))
msg = buf.Bytes()
} else {
msg = c.msg
}

_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: pk.Hash(), Message: msg})
if c.expected != "" {
require.EqualError(t, err, c.expected)
} else {
Expand Down
3 changes: 2 additions & 1 deletion pkg/signatory/utils.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ import (

"github.com/ecadlabs/gotez/v2/encoding"
"github.com/ecadlabs/gotez/v2/protocol"
"github.com/ecadlabs/gotez/v2/protocol/core"
)

func AuthenticatedBytesToSign(req *SignRequest) ([]byte, error) {
Expand All @@ -27,7 +28,7 @@ type operationsStat map[string]int
func getOperationsStat(u *protocol.GenericOperationSignRequest) operationsStat {
ops := make(operationsStat)
for _, o := range u.Contents {
ops[o.OperationKind()]++
ops[core.GetOperationKind(o)]++
}
return ops
}
14 changes: 8 additions & 6 deletions signatory.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -66,12 +66,14 @@ tezos:
allow:
# List of [block, endorsement, failing_noop, generic, preendorsement]
generic:
# List of [activate_account, ballot, delegation, double_baking_evidence, double_endorsement_evidence,
# double_preendorsement_evidence, endorsement, failing_noop, origination, preendorsement, proposals,
# register_global_constant, reveal, sc_rollup_add_messages, sc_rollup_cement, sc_rollup_originate,
# sc_rollup_publish, seed_nonce_revelation, set_deposits_limit, transaction, transfer_ticket,
# tx_rollup_commit, tx_rollup_dispatch_tickets, tx_rollup_finalize_commitment, tx_rollup_origination,
# tx_rollup_rejection, tx_rollup_remove_commitment, tx_rollup_return_bond, tx_rollup_submit_batch]
# List of
# [activate_account, attestation, attestation_with_dal, ballot, dal_publish_commitment, delegation, double_attestation_evidence,
# double_baking_evidence, double_preattestation_evidence, drain_delegate, failing_noop, finalize_unstake, increase_paid_storage,
# origination, preattestation, proposals, register_global_constant, reveal, seed_nonce_revelation, set_delegate_parameters,
# set_deposits_limit, signature_prefix, smart_rollup_add_messages, smart_rollup_cement, smart_rollup_execute_outbox_message,
# smart_rollup_originate, smart_rollup_publish, smart_rollup_recover_bond, smart_rollup_refute, smart_rollup_timeout, stake,
# transaction, transfer_ticket, unstake, update_consensus_key, vdf_revelation, zk_rollup_origination, zk_rollup_publish,
# zk_rollup_update]
- transaction
- endorsement
block:
Expand Down

0 comments on commit cb93f83

Please sign in to comment.