update deps

Cargo.toml

@@ -1,58 +1,59 @@
 [package]
 name = "tofnd"
-version = "0.11.0"
+version = "1.0.0"
 authors = ["Gus Gutoski <gus@axelar.network>", "Stelios Daveas <stelios@axelar.network>"]
 edition = "2021"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-tonic = "0.6"
 tofn = { git = "https://github.com/axelarnetwork/tofn", branch = "update-deps"}
 
 # logging
-log = {version = "0.4",default-features = false }
-tracing = {version = "0.1", default-features = false}
-tracing-subscriber= {version = "0.3", features = ["json", "env-filter"]}
-atty = {version = "0.2", default-features = false}
+log = { version = "0.4",default-features = false }
+tracing = { version = "0.1", default-features = false }
+tracing-subscriber = { version = "0.3", features = ["json", "env-filter"] }
+atty = { version = "0.2", default-features = false }
 
-# config
-clap = {version = "3.2", default-features = false, features = ["std", "cargo", "env"]}
+# CLI args
+clap = { version = "3.2", default-features = false, features = ["std", "cargo", "env"] }
 
-# sled dependency
-sled = {version = "0.34", default-features = false}
+# kv store
+sled = { version = "0.34", default-features = false }
 serde = { version = "1.0", features = ["derive"], default-features = false }
-# sled encryption
-chacha20poly1305 = { version = "0.9", features = ["alloc"], default-features = false }
-rand = {version = "0.8", default-features = false }
+dirs = { version = "5.0", default-features = false }
 
-rpassword = { version = "5.0", default-features = false }
+# kv store encryption
+chacha20poly1305 = { version = "0.10", features = ["alloc"], default-features = false }
+rand = { version = "0.8", default-features = false }
+rpassword = { version = "7.3", default-features = false }
 scrypt = { version = "0.11", default-features = false, features = ["std"] }
 
-# tonic dependencies
-prost = {version = "0.9", default-features = false}
-tokio = { version = "1.8", features = ["rt-multi-thread", "macros", "signal", "net", "sync"], default-features = false }
-tokio-stream = {version = "0.1.7", features = ["net"], default-features = false}
-futures-util = {version = "0.3", default-features = false}
+# gRPC server
+tonic = { version = "0.6" } # ensure tonic-build version matches this
+prost = { version = "0.9" }
+
+# async runtime
+tokio = { version = "1.38", features = ["rt-multi-thread", "macros", "signal", "net", "sync"], default-features = false }
+tokio-stream = { version = "0.1.15", features = ["net"], default-features = false }
+futures-util = { version = "0.3", default-features = false }
 
 # mnemonic
-tiny-bip39 = { version = "0.8.2", default-features = false}
+tiny-bip39 = { version = "1.0.0", default-features = false}
 zeroize = { version = "1.8", features = ["zeroize_derive"], default-features = false}
 
-#error handling
+# error handling
 thiserror = { version = "1.0", default-features = false }
 anyhow = { version = "1.0", default-features = false }
 
-dirs = { version = "4.0", default-features = false }
-
 [build-dependencies]
-tonic-build = {version = "0.6"}
+tonic-build = { version = "0.6" }
 
 [dev-dependencies]
-lazy_static = { version = "1.4", default-features = false}
+lazy_static = { version = "1.5", default-features = false}
 # enable logging for tests
-tracing-test = {version = "0.2", default-features = false}
+tracing-test = { version = "0.2", default-features = false }
 
-testdir = {version = "0.4", default-features = false}
+testdir = { version = "0.9", default-features = false }
 
 # Don't abort in case there is a panic to clean up data
 [profile.dev]

README.md

@@ -91,12 +91,13 @@ OPTIONS:
     -a, --address <ip>              [default: 0.0.0.0]
     -d, --directory <directory>     [env: TOFND_HOME=]  [default: .tofnd]
     -m, --mnemonic <mnemonic>       [default: existing]  [possible values: existing, create, import, export]
-    -p, --port <port>               [default: 50051]]
+    -p, --port <port>               [default: 50051]
 ```
 
 ## Docker
 
-### Setup
+### Docker Setup
+
 To setup a `tofnd` container, use the `create` mnemonic command:
 
 ```bash

build.rs

@@ -1,8 +1,5 @@
 fn main() -> Result<(), Box<dyn std::error::Error>> {
-    // Use [`compile_protos`] only if you don't need to tweak anything
-    // tonic_build::compile_protos("proto/tofnd.proto")?;
-
-    // client build needed only for tests https://github.com/rust-lang/cargo/issues/1581
+    // TODO: client build is needed only for tests https://github.com/rust-lang/cargo/issues/1581
     tonic_build::configure()
         // .build_client(false)
         // .out_dir(".") // if you want to peek at the generated code

src/config/mod.rs

@@ -89,14 +89,17 @@ pub fn parse_args() -> TofndResult<Config> {
 
     let ip = matches
         .get_one::<String>("ip")
-        .ok_or_else(|| anyhow!("ip value"))?.clone();
+        .ok_or_else(|| anyhow!("ip value"))?
+        .clone();
     let port = matches
         .get_one::<String>("port")
         .ok_or_else(|| anyhow!("port value"))?
         .parse::<u16>()?;
-    let mnemonic_cmd = Cmd::from_string(matches
-        .get_one::<String>("mnemonic")
-        .ok_or_else(|| anyhow!("cmd value"))?)?;
+    let mnemonic_cmd = Cmd::from_string(
+        matches
+            .get_one::<String>("mnemonic")
+            .ok_or_else(|| anyhow!("cmd value"))?,
+    )?;
     let tofnd_path = matches
         .get_one::<String>("directory")
         .ok_or_else(|| anyhow!("directory value"))?

src/encrypted_sled/kv.rs

@@ -6,7 +6,7 @@
 
 use std::convert::TryInto;
 
-use chacha20poly1305::aead::{AeadInPlace, NewAead};
+use chacha20poly1305::aead::{AeadInPlace, KeyInit};
 use chacha20poly1305::{self, XChaCha20Poly1305};
 use rand::RngCore;
 

src/encrypted_sled/tests.rs

@@ -3,7 +3,7 @@ use testdir::testdir;
 
 #[test]
 fn test_encrypted_sled() {
-    let db_path = testdir!("encrypted_db");
+    let db_path = testdir!("encrypted_sled");
     let db = EncryptedDb::open(db_path, get_test_password()).unwrap();
 
     // insert <key: value> -> returns None
@@ -45,7 +45,7 @@ fn test_encrypted_sled() {
 
 #[test]
 fn test_use_existing_salt() {
-    let db_path = testdir!("encrypted_db");
+    let db_path = testdir!("use_existing_salt");
     let db = EncryptedDb::open(&db_path, get_test_password()).unwrap();
     drop(db);
     // open existing db

src/main.rs

@@ -1,3 +1,5 @@
+use multisig::service::MultisigService;
+use proto::multisig_server::MultisigServer;
 use std::net::SocketAddr;
 use tokio::net::TcpListener;
 use tokio_stream::wrappers::TcpListenerStream;
@@ -56,14 +58,12 @@ async fn main() -> TofndResult<()> {
         .handle_mnemonic(&cfg.mnemonic_cmd)
         .await?;
 
-    let multisig_service = multisig::service::new_service(kv_manager);
-
     if cmd.exit_after_cmd() {
         info!("Tofnd exited after using command <{:?}>. Run `./tofnd -m existing` to execute gRPC daemon.", cmd);
         return Ok(());
     }
 
-    let multisig_service = proto::multisig_server::MultisigServer::new(multisig_service);
+    let service = MultisigServer::new(MultisigService::new(kv_manager));
 
     let incoming = TcpListener::bind(socket_address).await?;
     info!(
@@ -72,7 +72,7 @@ async fn main() -> TofndResult<()> {
     );
 
     tonic::transport::Server::builder()
-        .add_service(multisig_service)
+        .add_service(service)
         .serve_with_incoming_shutdown(TcpListenerStream::new(incoming), shutdown_signal())
         .await?;
 

src/multisig/key_presence.rs

@@ -18,10 +18,13 @@ impl MultisigService {
         &self,
         request: proto::KeyPresenceRequest,
     ) -> TofndResult<proto::key_presence_response::Response> {
-        // check if mnemonic is available
-        let algorithm = Algorithm::from_i32(request.algorithm)
-            .ok_or(anyhow!("Invalid algorithm: {}", request.algorithm))?;
+        let algorithm = match request.algorithm {
+            0 => Algorithm::Ecdsa,
+            1 => Algorithm::Ed25519,
+            _ => return Err(anyhow!("Invalid algorithm: {}", request.algorithm)),
+        };
 
+        // check if mnemonic is available
         let _ = self
             .find_matching_seed(&request.key_uid, &request.pub_key, algorithm)
             .await?;

src/multisig/keygen.rs

@@ -7,12 +7,15 @@ use anyhow::anyhow;
 
 impl MultisigService {
     pub(super) async fn handle_keygen(&self, request: &KeygenRequest) -> TofndResult<Vec<u8>> {
-        let algorithm = Algorithm::from_i32(request.algorithm)
-            .ok_or(anyhow!("Invalid algorithm: {}", request.algorithm))?;
+        let algorithm = match request.algorithm {
+            0 => Algorithm::Ecdsa,
+            1 => Algorithm::Ed25519,
+            _ => return Err(anyhow!("Invalid algorithm: {}", request.algorithm)),
+        };
         let secret_recovery_key = self.kv_manager.seed().await?;
 
         Ok(
-            KeyPair::generate(&secret_recovery_key, request.key_uid.as_bytes(), algorithm)?
+            KeyPair::new(&secret_recovery_key, request.key_uid.as_bytes(), algorithm)?
                 .encoded_verifying_key(),
         )
     }

src/multisig/keypair.rs

@@ -11,7 +11,8 @@ pub enum KeyPair {
 }
 
 impl KeyPair {
-    pub fn generate(
+    /// Create a new `KeyPair` from the provided `SecretRecoveryKey` and `session_nonce` deterministically, for the given `algorithm`.
+    pub fn new(
         secret_recovery_key: &SecretRecoveryKey,
         session_nonce: &[u8],
         algorithm: Algorithm,
@@ -35,18 +36,16 @@ impl KeyPair {
 
     pub fn encoded_verifying_key(&self) -> Vec<u8> {
         match self {
-            Self::Ecdsa(key_pair) => key_pair.encoded_verifying_key().to_vec(),
-            Self::Ed25519(key_pair) => key_pair.encoded_verifying_key().to_vec(),
+            Self::Ecdsa(key_pair) => key_pair.encoded_verifying_key().into(),
+            Self::Ed25519(key_pair) => key_pair.encoded_verifying_key().into(),
         }
     }
 
     pub fn sign(&self, msg_to_sign: &MessageDigest) -> TofndResult<Vec<u8>> {
         match self {
-            Self::Ecdsa(key_pair) => ecdsa::sign(key_pair.signing_key(), msg_to_sign)
-                .map_err(|_| anyhow!("signing failed")),
-            Self::Ed25519(key_pair) => {
-                ed25519::sign(key_pair, msg_to_sign).map_err(|_| anyhow!("signing failed"))
-            }
+            Self::Ecdsa(key_pair) => ecdsa::sign(key_pair.signing_key(), msg_to_sign),
+            Self::Ed25519(key_pair) => ed25519::sign(key_pair, msg_to_sign),
         }
+        .map_err(|_| anyhow!("signing failed"))
     }
 }

src/multisig/service.rs

@@ -6,15 +6,17 @@ use crate::proto;
 
 use tracing::{error, info};
 
-/// Gg20Service
+/// `MultisigService` is a gRPC service wrapper around tofn's keygen and signing functions
 #[derive(Clone)]
 pub struct MultisigService {
     pub(super) kv_manager: KvManager,
 }
 
-/// create a new Multisig gRPC server
-pub fn new_service(kv_manager: KvManager) -> impl proto::multisig_server::Multisig {
-    MultisigService { kv_manager }
+/// Create a new Multisig gRPC server
+impl MultisigService {
+    pub fn new(kv_manager: KvManager) -> Self {
+        Self { kv_manager }
+    }
 }
 
 #[tonic::async_trait]

src/multisig/sign.rs

@@ -9,17 +9,19 @@ use tofn::sdk::api::SecretRecoveryKey;
 
 impl MultisigService {
     pub(super) async fn handle_sign(&self, request: &SignRequest) -> TofndResult<Vec<u8>> {
-        // re-generate secret key from seed, then sign
-        let algorithm = Algorithm::from_i32(request.algorithm)
-            .ok_or(anyhow!("Invalid algorithm: {}", request.algorithm))?;
+        let algorithm = match request.algorithm {
+            0 => Algorithm::Ecdsa,
+            1 => Algorithm::Ed25519,
+            _ => return Err(anyhow!("Invalid algorithm: {}", request.algorithm)),
+        };
 
+        // re-generate secret key from seed, then sign
         let secret_recovery_key = self
             .find_matching_seed(&request.key_uid, &request.pub_key, algorithm)
             .await?;
 
-        let key_pair =
-            KeyPair::generate(&secret_recovery_key, request.key_uid.as_bytes(), algorithm)
-                .map_err(|_| anyhow!("key re-generation failed"))?;
+        let key_pair = KeyPair::new(&secret_recovery_key, request.key_uid.as_bytes(), algorithm)
+            .map_err(|_| anyhow!("key re-generation failed"))?;
 
         let signature = key_pair
             .sign(&request.msg_to_sign.as_slice().try_into()?)
@@ -53,7 +55,7 @@ impl MultisigService {
         for seed_key in seed_key_iter {
             let secret_recovery_key = self.kv_manager.get_seed(&seed_key).await?;
 
-            let key_pair = KeyPair::generate(&secret_recovery_key, key_uid.as_bytes(), algorithm)
+            let key_pair = KeyPair::new(&secret_recovery_key, key_uid.as_bytes(), algorithm)
                 .map_err(|_| anyhow!("key re-generation failed"))?;
 
             if pub_key == key_pair.encoded_verifying_key() {

src/multisig/tests.rs

@@ -13,7 +13,7 @@ use tokio::{
 use tokio_stream::wrappers::TcpListenerStream;
 use tonic::transport::Channel;
 
-use super::service::new_service;
+use super::service::MultisigService;
 
 use testdir::testdir;
 use tracing::error;
@@ -40,8 +40,7 @@ async fn spin_test_service_and_client() -> (MultisigClient<Channel>, Sender<()>)
         .unwrap();
 
     // create service
-    let service = new_service(kv_manager);
-    let service = MultisigServer::new(service);
+    let service = MultisigServer::new(MultisigService::new(kv_manager));
 
     // create incoming tcp server for service
     let incoming = TcpListener::bind(addr(DEFAULT_TEST_IP, DEFAULT_TEST_PORT).unwrap())

src/tests/tofnd_party.rs

@@ -5,7 +5,8 @@ use crate::{
     encrypted_sled::{get_test_password, PasswordMethod},
     kv_manager::KvManager,
     mnemonic::Cmd,
-    multisig, proto,
+    multisig::service::MultisigService,
+    proto::{self, multisig_server::MultisigServer},
     tests::SLEEP_TIME,
 };
 
@@ -74,13 +75,12 @@ impl TofndParty {
         };
         let kv_manager = kv_manager.handle_mnemonic(&cfg.mnemonic_cmd).await.unwrap();
 
-        let my_service = multisig::service::new_service(kv_manager);
+        let service = MultisigServer::new(MultisigService::new(kv_manager));
 
-        let proto_service = proto::multisig_server::MultisigServer::new(my_service);
         // let (startup_sender, startup_receiver) = tokio::sync::oneshot::channel::<()>();
         let server_handle = tokio::spawn(async move {
             tonic::transport::Server::builder()
-                .add_service(proto_service)
+                .add_service(service)
                 .serve_with_incoming_shutdown(TcpListenerStream::new(incoming), async {
                     shutdown_receiver.await.unwrap();
                 })