diff --git a/rust/lit-actions/docs/api_docs.md b/rust/lit-actions/docs/api_docs.md index 59633979..c95cb6fe 100644 --- a/rust/lit-actions/docs/api_docs.md +++ b/rust/lit-actions/docs/api_docs.md @@ -102,6 +102,7 @@ Ask the Lit Node to sign any data using the ECDSA Algorithm with it's private ke * `params.toSign` **[Uint8Array][83]** The data to sign. Should be an array of 8-bit integers. * `params.publicKey` **[string][84]** The public key of the PKP you wish to sign with * `params.sigName` **[string][84]** You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[string][84]>** This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. @@ -116,6 +117,7 @@ Ask the Lit Node to sign a message using the eth\_personalSign algorithm. The r * `params.message` **[string][84]** The message to sign. Should be a string. * `params.publicKey` **[string][84]** The public key of the PKP you wish to sign with * `params.sigName` **[string][84]** You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[string][84]>** This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. @@ -180,6 +182,7 @@ Sign with ECDSA and automatically combine signature shares from all nodes into a * `params.toSign` **[Uint8Array][83]** The message to sign * `params.publicKey` **[string][84]** The public key of the PKP * `params.sigName` **[string][84]** The name of the signature + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[Uint8Array][83]>** The resulting combined signature @@ -195,6 +198,7 @@ Sign with any signing scheme and automatically combine signature shares from all * `params.publicKey` **[string][84]** The public key of the PKP * `params.sigName` **[string][84]** The name of the signature * `params.signingScheme` **[string][84]** The signing scheme. Must be one of: + * `params.keySetId` **[string][84]** The key set id to use "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -239,6 +243,7 @@ Check if a given IPFS ID is permitted to sign using a given PKP tokenId * `params.tokenId` **[string][84]** The tokenId to check * `params.ipfsId` **[string][84]** The IPFS ID of some JS code (a lit action) + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[boolean][86]>** A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId @@ -252,6 +257,7 @@ Check if a given wallet address is permitted to sign using a given PKP tokenId * `params.tokenId` **[string][84]** The tokenId to check * `params.address` **[string][84]** The wallet address to check + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[boolean][86]>** A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId @@ -266,6 +272,7 @@ Check if a given auth method is permitted to sign using a given PKP tokenId * `params.tokenId` **[string][84]** The tokenId to check * `params.authMethodType` **[number][87]** The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: [https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25][88] * `params.userId` **[Uint8Array][83]** The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[boolean][86]>** A boolean indicating whether the auth method is permitted to sign using the PKP tokenId @@ -278,6 +285,7 @@ Get the full list of actions that are permitted to sign using a given PKP tokenI * `params` **[Object][82]** * `params.tokenId` **[string][84]** The tokenId to check + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[Array][89]<[string][84]>>** An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId @@ -290,6 +298,7 @@ Get the full list of addresses that are permitted to sign using a given PKP toke * `params` **[Object][82]** * `params.tokenId` **[string][84]** The tokenId to check + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[Array][89]<[string][84]>>** An array of addresses that are permitted to sign using the PKP tokenId @@ -302,6 +311,7 @@ Get the full list of auth methods that are permitted to sign using a given PKP t * `params` **[Object][82]** * `params.tokenId` **[string][84]** The tokenId to check + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[Array][89]<[Object][82]>>** An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth\_method\_type, id, and user\_pubkey (used for web authn, this is the pubkey of the user's authentication keypair) @@ -317,6 +327,7 @@ Get the permitted auth method scopes for a given PKP tokenId and auth method typ * `params.authMethodType` **[string][84]** The auth method type to look up * `params.userId` **[Uint8Array][83]** The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) * `params.maxScopeId` **[number][87]** The maximum scope id to check. This is an integer. + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[Array][89]<[boolean][86]>>** An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is \[true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off. @@ -380,6 +391,7 @@ Converts a PKP public key to a PKP token ID by hashing it with keccak256 * `params` **[Object][82]** * `params.publicKey` **[string][84]** The public key to convert + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[string][84]>** The token ID as a string @@ -486,6 +498,7 @@ Encrypt data using BLS encryption with access control conditions * `params.accessControlConditions` **[Array][89]<[Object][82]>** The access control conditions that must be met to decrypt * `params.to_encrypt` **[string][84]** The message to encrypt + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<{ciphertext: [string][84], dataToEncryptHash: [string][84]}>** An object containing the ciphertext and the hash of the data that was encrypted @@ -509,6 +522,7 @@ Important Considerations: * `params.dataToEncryptHash` **[string][84]** The hash of the data to encrypt * `params.authSig` **[Object][82]** The auth signature * `params.chain` **[string][84]** The chain + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[string][84]>** The decrypted and combined data @@ -525,6 +539,7 @@ Decrypt to a single node * `params.dataToEncryptHash` **[string][84]** The hash of the data to encrypt * `params.authSig` **[Object][82]** The auth signature * `params.chain` **[string][84]** The chain + * `params.keySetId` **[string][84]** The key set id to use Returns **[Promise][85]<[string][84]>** The decrypted data diff --git a/rust/lit-actions/docs/api_docs_html/index.html b/rust/lit-actions/docs/api_docs_html/index.html index 311ed581..4f337cfc 100644 --- a/rust/lit-actions/docs/api_docs_html/index.html +++ b/rust/lit-actions/docs/api_docs_html/index.html @@ -636,6 +636,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -750,6 +759,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1100,6 +1118,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1218,6 +1245,15 @@

params.signingScheme string The signing scheme. Must be one of: + + + + + + + params.keySetId string + + The key set id to use "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -1476,6 +1512,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1581,6 +1626,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1696,6 +1750,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1792,6 +1855,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1888,6 +1960,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -1984,6 +2065,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -2107,6 +2197,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -2525,6 +2624,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -3371,6 +3479,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -3510,6 +3627,15 @@

+ + params.keySetId string + + The key set id to use + + + + + @@ -3642,6 +3768,15 @@

+ + params.keySetId string + + The key set id to use + + + + + diff --git a/rust/lit-actions/docs/api_docs_html/types.d.ts b/rust/lit-actions/docs/api_docs_html/types.d.ts index 7a76e991..1425c1e3 100644 --- a/rust/lit-actions/docs/api_docs_html/types.d.ts +++ b/rust/lit-actions/docs/api_docs_html/types.d.ts @@ -7,14 +7,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.ipfsId The IPFS ID of some JS code (a lit action) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId */ function isPermittedAction({ tokenId, ipfsId, + keySetId, }: { tokenId: string; ipfsId: string; + keySetId: string; }): Promise; /** * Check if a given wallet address is permitted to sign using a given PKP tokenId @@ -23,14 +26,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.address The wallet address to check + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId */ function isPermittedAddress({ tokenId, address, + keySetId, }: { tokenId: string; address: string; + keySetId: string; }): Promise; /** * Check if a given auth method is permitted to sign using a given PKP tokenId @@ -40,16 +46,19 @@ export declare namespace Lit { * @param {string} params.tokenId The tokenId to check * @param {number} params.authMethodType The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25 * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the auth method is permitted to sign using the PKP tokenId */ function isPermittedAuthMethod({ tokenId, authMethodType, userId, + keySetId, }: { tokenId: string; authMethodType: number; userId: Uint8Array; + keySetId: string; }): Promise; /** * Get the full list of actions that are permitted to sign using a given PKP tokenId @@ -57,12 +66,15 @@ export declare namespace Lit { * @function getPermittedActions * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId */ function getPermittedActions({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of addresses that are permitted to sign using a given PKP tokenId @@ -70,12 +82,15 @@ export declare namespace Lit { * @function getPermittedAddresses * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of addresses that are permitted to sign using the PKP tokenId */ function getPermittedAddresses({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of auth methods that are permitted to sign using a given PKP tokenId @@ -83,12 +98,15 @@ export declare namespace Lit { * @function getPermittedAuthMethods * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth_method_type, id, and user_pubkey (used for web authn, this is the pubkey of the user's authentication keypair) */ function getPermittedAuthMethods({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the permitted auth method scopes for a given PKP tokenId and auth method type + id @@ -99,6 +117,7 @@ export declare namespace Lit { * @param {string} params.authMethodType The auth method type to look up * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) * @param {number} params.maxScopeId The maximum scope id to check. This is an integer. + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is [true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off. */ function getPermittedAuthMethodScopes({ @@ -106,11 +125,13 @@ export declare namespace Lit { authMethodType, userId, maxScopeId, + keySetId, }: { tokenId: string; authMethodType: string; userId: Uint8Array; maxScopeId: number; + keySetId: string; }): Promise>; /** * Converts a PKP public key to a PKP token ID by hashing it with keccak256 @@ -118,12 +139,15 @@ export declare namespace Lit { * @function pubkeyToTokenId * @param {Object} params * @param {string} params.publicKey The public key to convert + * @param {string} params.keySetId The key set id to use * @returns {Promise} The token ID as a string */ function pubkeyToTokenId({ publicKey, + keySetId, }: { publicKey: string; + keySetId: string; }): Promise; /** * Gets latest nonce for the given address on a supported chain @@ -149,16 +173,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The data to sign. Should be an array of 8-bit integers. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function signEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * @param {Uint8array} toSign the message to sign @@ -180,6 +207,7 @@ export declare namespace Lit { * "SchnorrRedDecaf377Blake2b512" * "SchnorrkelSubstrate" * "Bls12381G1ProofOfPossession" + * @param {string} params.keySetId The key set id to use * @name Lit.Actions.sign * @function sign * @returns {Uint8array} The resulting signature share @@ -189,6 +217,7 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: Uint8array): Uint8array; /** * Sign data using the Lit Action's own cryptographic identity derived from its IPFS CID. @@ -285,16 +314,19 @@ export declare namespace Lit { * @param {string} params.message The message to sign. Should be a string. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function ethPersonalSignMessageEcdsa({ message, publicKey, sigName, + keySetId, }: { message: string; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Checks a condition using the Lit condition checking engine. This is the same engine that powers our Access Control product. You can use this to check any condition that you can express in our condition language. This is a powerful tool that allows you to build complex conditions that can be checked in a decentralized way. Visit https://developer.litprotocol.com and click on the "Access Control" section to learn more. @@ -431,6 +463,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted and combined data */ function decryptAndCombine({ @@ -439,12 +472,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Decrypt to a single node @@ -456,6 +491,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted data */ function decryptToSingleNode({ @@ -464,12 +500,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Sign with ECDSA and automatically combine signature shares from all nodes into a complete signature @@ -479,16 +517,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The message to sign * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature + * @param {string} params.keySetId The key set id to use * @returns {Promise} The resulting combined signature */ function signAndCombineEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Sign with any signing scheme and automatically combine signature shares from all nodes into a complete signature @@ -499,6 +540,7 @@ export declare namespace Lit { * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature * @param {string} params.signingScheme The signing scheme. Must be one of: + * @param {string} params.keySetId The key set id to use * "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", * "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", * "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -511,11 +553,13 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; signingScheme: string; + keySetId: string; }): Promise; /** * Run a function only once across all nodes using leader election @@ -553,14 +597,17 @@ export declare namespace Lit { * @param {Object} params * @param {Array} params.accessControlConditions The access control conditions that must be met to decrypt * @param {string} params.to_encrypt The message to encrypt + * @param {string} params.keySetId The key set id to use * @returns {Promise<{ciphertext: string, dataToEncryptHash: string}>} An object containing the ciphertext and the hash of the data that was encrypted */ function encrypt({ accessControlConditions, to_encrypt, + keySetId, }: { accessControlConditions: Array; to_encrypt: string; + keySetId: string; }): Promise<{ ciphertext: string; dataToEncryptHash: string; diff --git a/rust/lit-actions/docs/types.d.ts b/rust/lit-actions/docs/types.d.ts index 7a76e991..1425c1e3 100644 --- a/rust/lit-actions/docs/types.d.ts +++ b/rust/lit-actions/docs/types.d.ts @@ -7,14 +7,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.ipfsId The IPFS ID of some JS code (a lit action) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId */ function isPermittedAction({ tokenId, ipfsId, + keySetId, }: { tokenId: string; ipfsId: string; + keySetId: string; }): Promise; /** * Check if a given wallet address is permitted to sign using a given PKP tokenId @@ -23,14 +26,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.address The wallet address to check + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId */ function isPermittedAddress({ tokenId, address, + keySetId, }: { tokenId: string; address: string; + keySetId: string; }): Promise; /** * Check if a given auth method is permitted to sign using a given PKP tokenId @@ -40,16 +46,19 @@ export declare namespace Lit { * @param {string} params.tokenId The tokenId to check * @param {number} params.authMethodType The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25 * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the auth method is permitted to sign using the PKP tokenId */ function isPermittedAuthMethod({ tokenId, authMethodType, userId, + keySetId, }: { tokenId: string; authMethodType: number; userId: Uint8Array; + keySetId: string; }): Promise; /** * Get the full list of actions that are permitted to sign using a given PKP tokenId @@ -57,12 +66,15 @@ export declare namespace Lit { * @function getPermittedActions * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId */ function getPermittedActions({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of addresses that are permitted to sign using a given PKP tokenId @@ -70,12 +82,15 @@ export declare namespace Lit { * @function getPermittedAddresses * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of addresses that are permitted to sign using the PKP tokenId */ function getPermittedAddresses({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of auth methods that are permitted to sign using a given PKP tokenId @@ -83,12 +98,15 @@ export declare namespace Lit { * @function getPermittedAuthMethods * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth_method_type, id, and user_pubkey (used for web authn, this is the pubkey of the user's authentication keypair) */ function getPermittedAuthMethods({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the permitted auth method scopes for a given PKP tokenId and auth method type + id @@ -99,6 +117,7 @@ export declare namespace Lit { * @param {string} params.authMethodType The auth method type to look up * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) * @param {number} params.maxScopeId The maximum scope id to check. This is an integer. + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is [true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off. */ function getPermittedAuthMethodScopes({ @@ -106,11 +125,13 @@ export declare namespace Lit { authMethodType, userId, maxScopeId, + keySetId, }: { tokenId: string; authMethodType: string; userId: Uint8Array; maxScopeId: number; + keySetId: string; }): Promise>; /** * Converts a PKP public key to a PKP token ID by hashing it with keccak256 @@ -118,12 +139,15 @@ export declare namespace Lit { * @function pubkeyToTokenId * @param {Object} params * @param {string} params.publicKey The public key to convert + * @param {string} params.keySetId The key set id to use * @returns {Promise} The token ID as a string */ function pubkeyToTokenId({ publicKey, + keySetId, }: { publicKey: string; + keySetId: string; }): Promise; /** * Gets latest nonce for the given address on a supported chain @@ -149,16 +173,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The data to sign. Should be an array of 8-bit integers. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function signEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * @param {Uint8array} toSign the message to sign @@ -180,6 +207,7 @@ export declare namespace Lit { * "SchnorrRedDecaf377Blake2b512" * "SchnorrkelSubstrate" * "Bls12381G1ProofOfPossession" + * @param {string} params.keySetId The key set id to use * @name Lit.Actions.sign * @function sign * @returns {Uint8array} The resulting signature share @@ -189,6 +217,7 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: Uint8array): Uint8array; /** * Sign data using the Lit Action's own cryptographic identity derived from its IPFS CID. @@ -285,16 +314,19 @@ export declare namespace Lit { * @param {string} params.message The message to sign. Should be a string. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function ethPersonalSignMessageEcdsa({ message, publicKey, sigName, + keySetId, }: { message: string; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Checks a condition using the Lit condition checking engine. This is the same engine that powers our Access Control product. You can use this to check any condition that you can express in our condition language. This is a powerful tool that allows you to build complex conditions that can be checked in a decentralized way. Visit https://developer.litprotocol.com and click on the "Access Control" section to learn more. @@ -431,6 +463,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted and combined data */ function decryptAndCombine({ @@ -439,12 +472,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Decrypt to a single node @@ -456,6 +491,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted data */ function decryptToSingleNode({ @@ -464,12 +500,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Sign with ECDSA and automatically combine signature shares from all nodes into a complete signature @@ -479,16 +517,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The message to sign * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature + * @param {string} params.keySetId The key set id to use * @returns {Promise} The resulting combined signature */ function signAndCombineEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Sign with any signing scheme and automatically combine signature shares from all nodes into a complete signature @@ -499,6 +540,7 @@ export declare namespace Lit { * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature * @param {string} params.signingScheme The signing scheme. Must be one of: + * @param {string} params.keySetId The key set id to use * "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", * "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", * "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -511,11 +553,13 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; signingScheme: string; + keySetId: string; }): Promise; /** * Run a function only once across all nodes using leader election @@ -553,14 +597,17 @@ export declare namespace Lit { * @param {Object} params * @param {Array} params.accessControlConditions The access control conditions that must be met to decrypt * @param {string} params.to_encrypt The message to encrypt + * @param {string} params.keySetId The key set id to use * @returns {Promise<{ciphertext: string, dataToEncryptHash: string}>} An object containing the ciphertext and the hash of the data that was encrypted */ function encrypt({ accessControlConditions, to_encrypt, + keySetId, }: { accessControlConditions: Array; to_encrypt: string; + keySetId: string; }): Promise<{ ciphertext: string; dataToEncryptHash: string; diff --git a/rust/lit-actions/ext/bindings.rs b/rust/lit-actions/ext/bindings.rs index 0d94e26e..ffc62d5e 100644 --- a/rust/lit-actions/ext/bindings.rs +++ b/rust/lit-actions/ext/bindings.rs @@ -92,6 +92,7 @@ async fn op_pkp_permissions_get_permitted( state: Rc>, #[string] method: String, #[string] token_id: String, + #[string] key_set_id: String, ) -> Result, JsErrorBox> { ensure_one_of!( method, @@ -105,7 +106,7 @@ async fn op_pkp_permissions_get_permitted( remote_op_async!(op_pkp_permissions_get_permitted, state, - PkpPermissionsGetPermittedRequest { method, token_id }, + PkpPermissionsGetPermittedRequest { method, token_id, key_set_id }, UnionRequest::PkpPermissionsGetPermitted(resp) => serde_json::from_slice(&resp.resources).map_err(JsErrorBox::from_err) ) } @@ -119,6 +120,7 @@ async fn op_pkp_permissions_get_permitted_auth_method_scopes( #[string] method: String, #[buffer(copy)] user_id: Vec, #[bigint] max_scope_id: u64, + #[string] key_set_id: String, ) -> Result, JsErrorBox> { ensure_u256!(&token_id, "tokenId"); ensure_u256!(&method, "authMethodType"); @@ -131,6 +133,7 @@ async fn op_pkp_permissions_get_permitted_auth_method_scopes( method, user_id, max_scope_id, + key_set_id, }, UnionRequest::PkpPermissionsGetPermittedAuthMethodScopes(resp) => Ok(resp.scopes) ) @@ -143,6 +146,7 @@ async fn op_pkp_permissions_is_permitted( #[string] method: String, #[string] token_id: String, #[serde] params: Vec, + #[string] key_set_id: String, ) -> Result { ensure_one_of!(method, ["isPermittedAction", "isPermittedAddress"]); ensure_u256!(&token_id, "tokenId"); @@ -154,6 +158,7 @@ async fn op_pkp_permissions_is_permitted( method, token_id, params: serde_json::to_vec(¶ms).map_err(JsErrorBox::from_err)?, + key_set_id, }, UnionRequest::PkpPermissionsIsPermitted(resp) => Ok(resp.is_permitted) ) @@ -166,6 +171,7 @@ async fn op_pkp_permissions_is_permitted_auth_method( #[string] token_id: String, #[string] method: String, #[buffer(copy)] user_id: Vec, + #[string] key_set_id: String, ) -> Result { ensure_u256!(&token_id, "tokenId"); ensure_u256!(&method, "authMethodType"); @@ -177,6 +183,7 @@ async fn op_pkp_permissions_is_permitted_auth_method( token_id, method, user_id, + key_set_id, }, UnionRequest::PkpPermissionsIsPermittedAuthMethod(resp) => Ok(resp.is_permitted) ) @@ -212,12 +219,13 @@ async fn op_check_conditions( fn op_pubkey_to_token_id( state: &mut OpState, #[string] public_key: String, + #[string] key_set_id: String, ) -> Result { ensure_not_blank!(public_key, "publicKey"); remote_op!(op_pubkey_to_token_id, state, - PubkeyToTokenIdRequest { public_key }, + PubkeyToTokenIdRequest { public_key, key_set_id }, UnionRequest::PubkeyToTokenId(resp) => Ok(resp.token_id) ) } @@ -230,6 +238,7 @@ async fn op_sign_ecdsa( #[buffer(copy)] to_sign: Vec, #[string] public_key: String, #[string] sig_name: String, + #[string] key_set_id: String, ) -> Result { ensure_not_empty!(to_sign, "toSign"); ensure_not_blank!(public_key, "publicKey"); @@ -242,6 +251,7 @@ async fn op_sign_ecdsa( public_key, sig_name, eth_personal_sign: false, + key_set_id, }, UnionRequest::SignEcdsa(resp) => Ok(resp.success) ) @@ -255,6 +265,7 @@ async fn op_sign_ecdsa_eth_personal_sign_message( #[buffer(copy)] to_sign: Vec, #[string] public_key: String, #[string] sig_name: String, + #[string] key_set_id: String, ) -> Result { ensure_not_empty!(to_sign, "toSign"); ensure_not_blank!(public_key, "publicKey"); @@ -267,6 +278,7 @@ async fn op_sign_ecdsa_eth_personal_sign_message( public_key, sig_name, eth_personal_sign: true, + key_set_id, }, UnionRequest::SignEcdsa(resp) => Ok(resp.success) ) @@ -281,6 +293,7 @@ async fn op_sign( #[string] public_key: String, #[string] sig_name: String, #[string] signing_scheme: String, + #[string] key_set_id: String, ) -> Result { ensure_not_empty!(to_sign, "toSign"); ensure_not_blank!(public_key, "publicKey"); @@ -294,6 +307,7 @@ async fn op_sign( public_key, sig_name, signing_scheme, + key_set_id, }, UnionRequest::Sign(resp) => Ok(resp.success) ) @@ -487,6 +501,7 @@ async fn op_decrypt_and_combine( #[string] data_to_encrypt_hash: String, #[serde] auth_sig: Option, // AuthSigItem #[string] chain: String, + #[string] key_set_id: String, ) -> Result { remote_op_async!(op_decrypt_and_combine, state, @@ -496,6 +511,7 @@ async fn op_decrypt_and_combine( data_to_encrypt_hash, auth_sig: auth_sig.as_ref().map(serde_json::to_vec).transpose().map_err(JsErrorBox::from_err)?, chain, + key_set_id, }, UnionRequest::DecryptAndCombine(resp) => Ok(resp.result) ) @@ -509,10 +525,11 @@ async fn op_sign_and_combine_ecdsa( #[buffer(copy)] to_sign: Vec, #[string] public_key: String, #[string] sig_name: String, + #[string] key_set_id: String, ) -> Result { remote_op_async!(op_sign_and_combine_ecdsa, state, - SignAndCombineEcdsaRequest { to_sign, public_key, sig_name }, + SignAndCombineEcdsaRequest { to_sign, public_key, sig_name, key_set_id }, UnionRequest::SignAndCombineEcdsa(resp) => Ok(resp.result) ) } @@ -526,10 +543,11 @@ async fn op_sign_and_combine( #[string] public_key: String, #[string] sig_name: String, #[string] signing_scheme: String, + #[string] key_set_id: String, ) -> Result { remote_op_async!(op_sign_and_combine, state, - SignAndCombineRequest { to_sign, public_key, sig_name, signing_scheme }, + SignAndCombineRequest { to_sign, public_key, sig_name, signing_scheme, key_set_id }, UnionRequest::SignAndCombine(resp) => Ok(resp.result) ) } @@ -593,12 +611,14 @@ async fn op_encrypt_bls( state: Rc>, #[serde] access_control_conditions: Vec, // Vec #[buffer(copy)] to_encrypt: Vec, + #[string] key_set_id: String, ) -> Result { remote_op_async!(op_encrypt_bls, state, EncryptBlsRequest { access_control_conditions: serde_json::to_vec(&access_control_conditions).map_err(JsErrorBox::from_err)?, to_encrypt, + key_set_id, }, UnionRequest::EncryptBls(resp) => Ok(json!({"ciphertext": resp.ciphertext, "dataToEncryptHash": resp.data_to_encrypt_hash})) ) @@ -614,6 +634,7 @@ async fn op_decrypt_to_single_node( #[string] data_to_encrypt_hash: String, #[serde] auth_sig: Option, // AuthSigItem #[string] chain: String, + #[string] key_set_id: String, ) -> Result { let auth_sig = match auth_sig { Some(auth_sig) => Some(serde_json::to_vec(&auth_sig).map_err(JsErrorBox::from_err)?), @@ -627,6 +648,7 @@ async fn op_decrypt_to_single_node( data_to_encrypt_hash, auth_sig, chain, + key_set_id, }, UnionRequest::DecryptToSingleNode(resp) => Ok(resp.result) ) diff --git a/rust/lit-actions/ext/js/02_litActionsSDK.js b/rust/lit-actions/ext/js/02_litActionsSDK.js index f8953fc3..c94599a9 100644 --- a/rust/lit-actions/ext/js/02_litActionsSDK.js +++ b/rust/lit-actions/ext/js/02_litActionsSDK.js @@ -1,6 +1,5 @@ import * as ops from 'ext:core/ops'; import { Uint8arrays } from 'ext:lit_actions/01_uint8arrays.js'; - /** * Check if a given IPFS ID is permitted to sign using a given PKP tokenId * @name Lit.Actions.isPermittedAction @@ -8,12 +7,16 @@ import { Uint8arrays } from 'ext:lit_actions/01_uint8arrays.js'; * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.ipfsId The IPFS ID of some JS code (a lit action) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId */ -function isPermittedAction({ tokenId, ipfsId }) { - return ops.op_pkp_permissions_is_permitted('isPermittedAction', tokenId, [ - ipfsId, - ]); +function isPermittedAction({ tokenId, ipfsId, keySetId }) { + return ops.op_pkp_permissions_is_permitted( + 'isPermittedAction', + tokenId, + [ipfsId], + keySetId + ); } /** @@ -23,12 +26,16 @@ function isPermittedAction({ tokenId, ipfsId }) { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.address The wallet address to check + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId */ -function isPermittedAddress({ tokenId, address }) { - return ops.op_pkp_permissions_is_permitted('isPermittedAddress', tokenId, [ - address, - ]); +function isPermittedAddress({ tokenId, address, keySetId }) { + return ops.op_pkp_permissions_is_permitted( + 'isPermittedAddress', + tokenId, + [address], + keySetId + ); } /** @@ -39,13 +46,20 @@ function isPermittedAddress({ tokenId, address }) { * @param {string} params.tokenId The tokenId to check * @param {number} params.authMethodType The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25 * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the auth method is permitted to sign using the PKP tokenId */ -function isPermittedAuthMethod({ tokenId, authMethodType, userId }) { +function isPermittedAuthMethod({ + tokenId, + authMethodType, + userId, + keySetId, +}) { return ops.op_pkp_permissions_is_permitted_auth_method( tokenId, authMethodType, - new Uint8Array(userId) + new Uint8Array(userId), + keySetId ); } @@ -55,10 +69,15 @@ function isPermittedAuthMethod({ tokenId, authMethodType, userId }) { * @function getPermittedActions * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId */ -function getPermittedActions({ tokenId }) { - return ops.op_pkp_permissions_get_permitted('getPermittedActions', tokenId); +function getPermittedActions({ tokenId, keySetId }) { + return ops.op_pkp_permissions_get_permitted( + 'getPermittedActions', + tokenId, + keySetId + ); } /** @@ -67,10 +86,15 @@ function getPermittedActions({ tokenId }) { * @function getPermittedAddresses * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of addresses that are permitted to sign using the PKP tokenId */ -function getPermittedAddresses({ tokenId }) { - return ops.op_pkp_permissions_get_permitted('getPermittedAddresses', tokenId); +function getPermittedAddresses({ tokenId, keySetId }) { + return ops.op_pkp_permissions_get_permitted( + 'getPermittedAddresses', + tokenId, + keySetId + ); } /** @@ -79,12 +103,14 @@ function getPermittedAddresses({ tokenId }) { * @function getPermittedAuthMethods * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth_method_type, id, and user_pubkey (used for web authn, this is the pubkey of the user's authentication keypair) */ -function getPermittedAuthMethods({ tokenId }) { +function getPermittedAuthMethods({ tokenId, keySetId }) { return ops.op_pkp_permissions_get_permitted( 'getPermittedAuthMethods', - tokenId + tokenId, + keySetId ); } @@ -97,6 +123,7 @@ function getPermittedAuthMethods({ tokenId }) { * @param {string} params.authMethodType The auth method type to look up * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) * @param {number} params.maxScopeId The maximum scope id to check. This is an integer. + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is [true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off. */ function getPermittedAuthMethodScopes({ @@ -104,12 +131,14 @@ function getPermittedAuthMethodScopes({ authMethodType, userId, maxScopeId = 100, + keySetId, }) { return ops.op_pkp_permissions_get_permitted_auth_method_scopes( tokenId, authMethodType, new Uint8Array(userId), - maxScopeId + maxScopeId, + keySetId ); } @@ -119,10 +148,11 @@ function getPermittedAuthMethodScopes({ * @function pubkeyToTokenId * @param {Object} params * @param {string} params.publicKey The public key to convert + * @param {string} params.keySetId The key set id to use * @returns {Promise} The token ID as a string */ -function pubkeyToTokenId({ publicKey }) { - return ops.op_pubkey_to_token_id(publicKey); +function pubkeyToTokenId({ publicKey, keySetId }) { + return ops.op_pubkey_to_token_id(publicKey, keySetId); } /** @@ -146,10 +176,16 @@ function getLatestNonce({ address, chain }) { * @param {Uint8Array} params.toSign The data to sign. Should be an array of 8-bit integers. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ -function signEcdsa({ toSign, publicKey, sigName }) { - return ops.op_sign_ecdsa(new Uint8Array(toSign), publicKey, sigName); +function signEcdsa({ toSign, publicKey, sigName, keySetId }) { + return ops.op_sign_ecdsa( + new Uint8Array(toSign), + publicKey, + sigName, + keySetId + ); } /** @@ -172,22 +208,29 @@ function signEcdsa({ toSign, publicKey, sigName }) { * "SchnorrRedDecaf377Blake2b512" * "SchnorrkelSubstrate" * "Bls12381G1ProofOfPossession" + * @param {string} params.keySetId The key set id to use * @name Lit.Actions.sign * @function sign * @returns {Uint8array} The resulting signature share */ -function sign({ toSign, publicKey, sigName, signingScheme }) { - return ops.op_sign(new Uint8Array(toSign), publicKey, sigName, signingScheme); +function sign({ toSign, publicKey, sigName, signingScheme, keySetId }) { + return ops.op_sign( + new Uint8Array(toSign), + publicKey, + sigName, + signingScheme, + keySetId + ); } /** * Sign data using the Lit Action's own cryptographic identity derived from its IPFS CID. * This allows actions to sign as themselves (not as a PKP), enabling autonomous agent behavior, * action-to-action authentication, and verifiable computation results. - * + * * The action's keypair is deterministically derived from: keccak256("lit_action_" + actionIpfsCid) * The same action IPFS CID always generates the same keypair across all nodes. - * + * * @name Lit.Actions.signAsAction * @function signAsAction * @param {Object} params @@ -209,10 +252,10 @@ function signAsAction({ toSign, sigName, signingScheme }) { * Get the public key for a Lit Action's cryptographic identity. * This can be used to verify signatures created by signAsAction, or to get the public key * of any action (including actions you didn't create) for verification purposes. - * + * * The public key is deterministically derived from: keccak256("lit_action_" + actionIpfsCid) * and will always be the same for a given action IPFS CID and signing scheme. - * + * * @name Lit.Actions.getActionPublicKey * @function getActionPublicKey * @param {Object} params @@ -233,7 +276,7 @@ function getActionPublicKey({ signingScheme, actionIpfsCid }) { * Verify that a signature was created by a specific Lit Action using signAsAction. * This enables action-to-action authentication, verifiable computation, and building trust chains * between actions without requiring PKP ownership. - * + * * @name Lit.Actions.verifyActionSignature * @function verifyActionSignature * @param {Object} params @@ -248,8 +291,18 @@ function getActionPublicKey({ signingScheme, actionIpfsCid }) { * @param {string} params.signOutput The signature output from signAsAction (as a string) * @returns {Promise} true if the signature was created by the specified action, false otherwise */ -function verifyActionSignature({ signingScheme, actionIpfsCid, toSign, signOutput }) { - return ops.op_verify_action_signature(signingScheme, actionIpfsCid, new Uint8Array(toSign), signOutput); +function verifyActionSignature({ + signingScheme, + actionIpfsCid, + toSign, + signOutput, +}) { + return ops.op_verify_action_signature( + signingScheme, + actionIpfsCid, + new Uint8Array(toSign), + signOutput + ); } /** @@ -260,13 +313,20 @@ function verifyActionSignature({ signingScheme, actionIpfsCid, toSign, signOutpu * @param {string} params.message The message to sign. Should be a string. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ -function ethPersonalSignMessageEcdsa({ message, publicKey, sigName }) { +function ethPersonalSignMessageEcdsa({ + message, + publicKey, + sigName, + keySetId, +}) { return ops.op_sign_ecdsa_eth_personal_sign_message( uint8arrayFromString(message), publicKey, - sigName + sigName, + keySetId ); } @@ -403,6 +463,7 @@ function broadcastAndCollect({ name, value }) { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted and combined data */ function decryptAndCombine({ @@ -411,13 +472,15 @@ function decryptAndCombine({ dataToEncryptHash, authSig, chain, + keySetId, }) { return ops.op_decrypt_and_combine( accessControlConditions, ciphertext, dataToEncryptHash, authSig, - chain + chain, + keySetId ); } @@ -431,6 +494,7 @@ function decryptAndCombine({ * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted data */ function decryptToSingleNode({ @@ -439,13 +503,15 @@ function decryptToSingleNode({ dataToEncryptHash, authSig, chain, + keySetId, }) { return ops.op_decrypt_to_single_node( accessControlConditions, ciphertext, dataToEncryptHash, authSig, - chain + chain, + keySetId ); } @@ -457,13 +523,20 @@ function decryptToSingleNode({ * @param {Uint8Array} params.toSign The message to sign * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature + * @param {string} params.keySetId The key set id to use * @returns {Promise} The resulting combined signature */ -function signAndCombineEcdsa({ toSign, publicKey, sigName }) { +function signAndCombineEcdsa({ + toSign, + publicKey, + sigName, + keySetId, +}) { return ops.op_sign_and_combine_ecdsa( new Uint8Array(toSign), publicKey, - sigName + sigName, + keySetId ); } @@ -476,6 +549,7 @@ function signAndCombineEcdsa({ toSign, publicKey, sigName }) { * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature * @param {string} params.signingScheme The signing scheme. Must be one of: + * @param {string} params.keySetId The key set id to use * "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", * "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", * "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -483,13 +557,20 @@ function signAndCombineEcdsa({ toSign, publicKey, sigName }) { * "Bls12381G1ProofOfPossession" * @returns {Promise} The resulting combined signature */ -function signAndCombine({ toSign, publicKey, sigName, signingScheme }) { +function signAndCombine({ + toSign, + publicKey, + sigName, + signingScheme, + keySetId, +}) { return ops.op_sign_and_combine( new Uint8Array(toSign), publicKey, sigName, - signingScheme - ) + signingScheme, + keySetId + ); } /** @@ -523,7 +604,6 @@ async function runOnce({ waitForResponse, name }, async_fn) { response = ''; } - if (waitForResponse) { ops.op_p2p_broadcast(bc_id, response); } @@ -557,10 +637,15 @@ function getRpcUrl({ chain }) { * @param {Object} params * @param {Array} params.accessControlConditions The access control conditions that must be met to decrypt * @param {string} params.to_encrypt The message to encrypt + * @param {string} params.keySetId The key set id to use * @returns {Promise<{ciphertext: string, dataToEncryptHash: string}>} An object containing the ciphertext and the hash of the data that was encrypted */ -function encrypt({ accessControlConditions, to_encrypt }) { - return ops.op_encrypt_bls(accessControlConditions, to_encrypt); +function encrypt({ + accessControlConditions, + to_encrypt, + keySetId, +}) { + return ops.op_encrypt_bls(accessControlConditions, to_encrypt, keySetId); } globalThis.LitActions = { isPermittedAction, diff --git a/rust/lit-actions/grpc/schema/lit_actions.proto b/rust/lit-actions/grpc/schema/lit_actions.proto index 0c7ccb68..322a3f1c 100644 --- a/rust/lit-actions/grpc/schema/lit_actions.proto +++ b/rust/lit-actions/grpc/schema/lit_actions.proto @@ -226,11 +226,13 @@ message ExecuteJsResponse { message PubkeyToTokenIdRequest { string public_key = 1; + string key_set_id = 2; } message PkpPermissionsGetPermittedRequest { string method = 1; string token_id = 2; + string key_set_id = 3; } message PkpPermissionsGetPermittedAuthMethodScopesRequest { @@ -238,18 +240,21 @@ message ExecuteJsResponse { string method = 2; bytes user_id = 3; uint64 max_scope_id = 4; + string key_set_id = 5; } message PkpPermissionsIsPermittedRequest { string method = 1; string token_id = 2; bytes params = 3; // Vec + string key_set_id = 4; } message PkpPermissionsIsPermittedAuthMethodRequest { string token_id = 1; string method = 2; bytes user_id = 3; + string key_set_id = 4; } message SignEcdsaRequest { @@ -257,6 +262,7 @@ message ExecuteJsResponse { string public_key = 2; string sig_name = 3; bool eth_personal_sign = 4; + string key_set_id = 5; } message SignRequest { @@ -264,6 +270,7 @@ message ExecuteJsResponse { string public_key = 2; string sig_name = 3; string signing_scheme = 4; + string key_set_id = 5; } message AesDecryptRequest { @@ -307,6 +314,7 @@ message ExecuteJsResponse { string data_to_encrypt_hash = 3; optional bytes auth_sig = 4; string chain = 5; + string key_set_id = 6; } message DecryptToSingleNodeRequest { @@ -315,12 +323,14 @@ message ExecuteJsResponse { string data_to_encrypt_hash = 3; optional bytes auth_sig = 4; string chain = 5; + string key_set_id = 6; } message SignAndCombineEcdsaRequest { bytes to_sign = 1; string public_key = 2; string sig_name = 3; + string key_set_id = 4; } message SignAndCombineRequest { @@ -328,6 +338,7 @@ message ExecuteJsResponse { string public_key = 2; string sig_name = 3; string signing_scheme = 4; + string key_set_id = 5; } message GetRpcUrlRequest { @@ -346,6 +357,7 @@ message ExecuteJsResponse { message EncryptBlsRequest { bytes access_control_conditions = 1; bytes to_encrypt = 2; + string key_set_id = 3; } message UpdateResourceUsageRequest { diff --git a/rust/lit-actions/packages/naga-la-types/types.d.ts b/rust/lit-actions/packages/naga-la-types/types.d.ts index 7a76e991..1425c1e3 100644 --- a/rust/lit-actions/packages/naga-la-types/types.d.ts +++ b/rust/lit-actions/packages/naga-la-types/types.d.ts @@ -7,14 +7,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.ipfsId The IPFS ID of some JS code (a lit action) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the IPFS ID is permitted to sign using the PKP tokenId */ function isPermittedAction({ tokenId, ipfsId, + keySetId, }: { tokenId: string; ipfsId: string; + keySetId: string; }): Promise; /** * Check if a given wallet address is permitted to sign using a given PKP tokenId @@ -23,14 +26,17 @@ export declare namespace Lit { * @param {Object} params * @param {string} params.tokenId The tokenId to check * @param {string} params.address The wallet address to check + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the wallet address is permitted to sign using the PKP tokenId */ function isPermittedAddress({ tokenId, address, + keySetId, }: { tokenId: string; address: string; + keySetId: string; }): Promise; /** * Check if a given auth method is permitted to sign using a given PKP tokenId @@ -40,16 +46,19 @@ export declare namespace Lit { * @param {string} params.tokenId The tokenId to check * @param {number} params.authMethodType The auth method type. This is an integer. This mapping shows the initial set but this set may be expanded over time without updating this contract: https://github.com/LIT-Protocol/LitNodeContracts/blob/main/contracts/PKPPermissions.sol#L25 * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) + * @param {string} params.keySetId The key set id to use * @returns {Promise} A boolean indicating whether the auth method is permitted to sign using the PKP tokenId */ function isPermittedAuthMethod({ tokenId, authMethodType, userId, + keySetId, }: { tokenId: string; authMethodType: number; userId: Uint8Array; + keySetId: string; }): Promise; /** * Get the full list of actions that are permitted to sign using a given PKP tokenId @@ -57,12 +66,15 @@ export declare namespace Lit { * @function getPermittedActions * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of IPFS IDs of lit actions that are permitted to sign using the PKP tokenId */ function getPermittedActions({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of addresses that are permitted to sign using a given PKP tokenId @@ -70,12 +82,15 @@ export declare namespace Lit { * @function getPermittedAddresses * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of addresses that are permitted to sign using the PKP tokenId */ function getPermittedAddresses({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the full list of auth methods that are permitted to sign using a given PKP tokenId @@ -83,12 +98,15 @@ export declare namespace Lit { * @function getPermittedAuthMethods * @param {Object} params * @param {string} params.tokenId The tokenId to check + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of auth methods that are permitted to sign using the PKP tokenId. Each auth method is an object with the following properties: auth_method_type, id, and user_pubkey (used for web authn, this is the pubkey of the user's authentication keypair) */ function getPermittedAuthMethods({ tokenId, + keySetId, }: { tokenId: string; + keySetId: string; }): Promise>; /** * Get the permitted auth method scopes for a given PKP tokenId and auth method type + id @@ -99,6 +117,7 @@ export declare namespace Lit { * @param {string} params.authMethodType The auth method type to look up * @param {Uint8Array} params.userId The id of the auth method to check expressed as an array of unsigned 8-bit integers (a Uint8Array) * @param {number} params.maxScopeId The maximum scope id to check. This is an integer. + * @param {string} params.keySetId The key set id to use * @returns {Promise>} An array of booleans that define if a given scope id is turned on. The index of the array is the scope id. For example, if the array is [true, false, true], then scope ids 0 and 2 are turned on, but scope id 1 is turned off. */ function getPermittedAuthMethodScopes({ @@ -106,11 +125,13 @@ export declare namespace Lit { authMethodType, userId, maxScopeId, + keySetId, }: { tokenId: string; authMethodType: string; userId: Uint8Array; maxScopeId: number; + keySetId: string; }): Promise>; /** * Converts a PKP public key to a PKP token ID by hashing it with keccak256 @@ -118,12 +139,15 @@ export declare namespace Lit { * @function pubkeyToTokenId * @param {Object} params * @param {string} params.publicKey The public key to convert + * @param {string} params.keySetId The key set id to use * @returns {Promise} The token ID as a string */ function pubkeyToTokenId({ publicKey, + keySetId, }: { publicKey: string; + keySetId: string; }): Promise; /** * Gets latest nonce for the given address on a supported chain @@ -149,16 +173,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The data to sign. Should be an array of 8-bit integers. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function signEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * @param {Uint8array} toSign the message to sign @@ -180,6 +207,7 @@ export declare namespace Lit { * "SchnorrRedDecaf377Blake2b512" * "SchnorrkelSubstrate" * "Bls12381G1ProofOfPossession" + * @param {string} params.keySetId The key set id to use * @name Lit.Actions.sign * @function sign * @returns {Uint8array} The resulting signature share @@ -189,6 +217,7 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: Uint8array): Uint8array; /** * Sign data using the Lit Action's own cryptographic identity derived from its IPFS CID. @@ -285,16 +314,19 @@ export declare namespace Lit { * @param {string} params.message The message to sign. Should be a string. * @param {string} params.publicKey The public key of the PKP you wish to sign with * @param {string} params.sigName You can put any string here. This is used to identify the signature in the response by the Lit JS SDK. This is useful if you are signing multiple messages at once. When you get the final signature out, it will be in an object with this signature name as the key. + * @param {string} params.keySetId The key set id to use * @returns {Promise} This function will return the string "success" if it works. The signature share is returned behind the scenes to the Lit JS SDK which will automatically combine the shares and give you the full signature to use. */ function ethPersonalSignMessageEcdsa({ message, publicKey, sigName, + keySetId, }: { message: string; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Checks a condition using the Lit condition checking engine. This is the same engine that powers our Access Control product. You can use this to check any condition that you can express in our condition language. This is a powerful tool that allows you to build complex conditions that can be checked in a decentralized way. Visit https://developer.litprotocol.com and click on the "Access Control" section to learn more. @@ -431,6 +463,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted and combined data */ function decryptAndCombine({ @@ -439,12 +472,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Decrypt to a single node @@ -456,6 +491,7 @@ export declare namespace Lit { * @param {string} params.dataToEncryptHash The hash of the data to encrypt * @param {Object} params.authSig The auth signature * @param {string} params.chain The chain + * @param {string} params.keySetId The key set id to use * @returns {Promise} The decrypted data */ function decryptToSingleNode({ @@ -464,12 +500,14 @@ export declare namespace Lit { dataToEncryptHash, authSig, chain, + keySetId, }: { accessControlConditions: Array; ciphertext: string; dataToEncryptHash: string; authSig: any; chain: string; + keySetId: string; }): Promise; /** * Sign with ECDSA and automatically combine signature shares from all nodes into a complete signature @@ -479,16 +517,19 @@ export declare namespace Lit { * @param {Uint8Array} params.toSign The message to sign * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature + * @param {string} params.keySetId The key set id to use * @returns {Promise} The resulting combined signature */ function signAndCombineEcdsa({ toSign, publicKey, sigName, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; + keySetId: string; }): Promise; /** * Sign with any signing scheme and automatically combine signature shares from all nodes into a complete signature @@ -499,6 +540,7 @@ export declare namespace Lit { * @param {string} params.publicKey The public key of the PKP * @param {string} params.sigName The name of the signature * @param {string} params.signingScheme The signing scheme. Must be one of: + * @param {string} params.keySetId The key set id to use * "EcdsaK256Sha256", "EcdsaP256Sha256", "EcdsaP384Sha384", * "SchnorrEd25519Sha512", "SchnorrK256Sha256", "SchnorrP256Sha256", "SchnorrP384Sha384", * "SchnorrRistretto25519Sha512", "SchnorrEd448Shake256", "SchnorrRedJubjubBlake2b512", @@ -511,11 +553,13 @@ export declare namespace Lit { publicKey, sigName, signingScheme, + keySetId, }: { toSign: Uint8Array; publicKey: string; sigName: string; signingScheme: string; + keySetId: string; }): Promise; /** * Run a function only once across all nodes using leader election @@ -553,14 +597,17 @@ export declare namespace Lit { * @param {Object} params * @param {Array} params.accessControlConditions The access control conditions that must be met to decrypt * @param {string} params.to_encrypt The message to encrypt + * @param {string} params.keySetId The key set id to use * @returns {Promise<{ciphertext: string, dataToEncryptHash: string}>} An object containing the ciphertext and the hash of the data that was encrypted */ function encrypt({ accessControlConditions, to_encrypt, + keySetId, }: { accessControlConditions: Array; to_encrypt: string; + keySetId: string; }): Promise<{ ciphertext: string; dataToEncryptHash: string; diff --git a/rust/lit-actions/scripts/gen_docs.sh b/rust/lit-actions/scripts/gen_docs.sh index ce6c6973..028e86c0 100755 --- a/rust/lit-actions/scripts/gen_docs.sh +++ b/rust/lit-actions/scripts/gen_docs.sh @@ -9,6 +9,7 @@ LIT_SDK=ext/js/02_litActionsSDK.js LIT_AUTH_SDK=ext/js/04_litAuthDocs.js LIT_GLOBALS=ext/js/05_globalsDocs.js +echo "Building API docs... Run `npm install` to install the dependencies if you get an error about not finding the documentation tool." # Build API docs documentation build "$LIT_SDK" "$LIT_AUTH_SDK" "$LIT_GLOBALS" -f md --config documentation.yml -o docs/api_docs.md --project-name "Lit Actions SDK" documentation build "$LIT_SDK" "$LIT_AUTH_SDK" "$LIT_GLOBALS" -f html --config documentation.yml -o docs/api_docs_html --project-name "Lit Actions SDK" diff --git a/rust/lit-actions/tests/it.rs b/rust/lit-actions/tests/it.rs index e77fe216..b996e545 100644 --- a/rust/lit-actions/tests/it.rs +++ b/rust/lit-actions/tests/it.rs @@ -487,6 +487,7 @@ async fn pkp_get_permitted(mut client: TestClient) { PkpPermissionsGetPermittedRequest { method: method.to_string(), token_id: "0x1234".to_string(), + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -511,6 +512,7 @@ async fn pkp_get_permitted(mut client: TestClient) { method: "5".to_string(), user_id: vec![1, 2, 3], max_scope_id: 100, + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -536,6 +538,7 @@ async fn pkp_is_permitted(mut client: TestClient) { method: "isPermittedAction".to_string(), token_id: "0x1234".to_string(), params: b"[\"some-id\"]".into(), + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -557,6 +560,7 @@ async fn pkp_is_permitted(mut client: TestClient) { method: "isPermittedAddress".to_string(), token_id: "0x1234".to_string(), params: b"[\"some-address\"]".into(), + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -578,6 +582,7 @@ async fn pkp_is_permitted(mut client: TestClient) { token_id: "0x1234".to_string(), method: "5".to_string(), user_id: vec![1, 2, 3], + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -604,6 +609,7 @@ async fn sign_ecdsa(mut client: TestClient) { public_key: "some-key".to_string(), sig_name: "some-sig".to_string(), eth_personal_sign: false, + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -626,6 +632,7 @@ async fn sign_ecdsa(mut client: TestClient) { public_key: "some-key".to_string(), sig_name: "some-sig".to_string(), eth_personal_sign: true, + key_set_id: "".to_string(), } ); assert!(client.received::().success); @@ -800,6 +807,7 @@ async fn pubkey_to_token_id(mut client: TestClient) { client.received::(), PubkeyToTokenIdRequest { public_key: "some-key".to_string(), + key_set_id: "".to_string(), } ); assert!(client.received::().success); diff --git a/rust/lit-node/lit-node-core/src/models/request.rs b/rust/lit-node/lit-node-core/src/models/request.rs index e4a8e79b..f824fc54 100644 --- a/rust/lit-node/lit-node-core/src/models/request.rs +++ b/rust/lit-node/lit-node-core/src/models/request.rs @@ -127,7 +127,6 @@ impl std::fmt::Debug for JsonExecutionRequest { .field("epoch", &self.epoch) .field("node_set", &self.node_set) .field("invocation", &self.invocation) - .field("key_set_id", &self.key_set_id) .finish() } } diff --git a/rust/lit-node/lit-node-testnet/src/end_user/datil_pkp.rs b/rust/lit-node/lit-node-testnet/src/end_user/datil_pkp.rs index 60a4fc8b..9d947233 100644 --- a/rust/lit-node/lit-node-testnet/src/end_user/datil_pkp.rs +++ b/rust/lit-node/lit-node-testnet/src/end_user/datil_pkp.rs @@ -1,3 +1,4 @@ +use crate::DEFAULT_DATIL_KEY_SET_NAME; use crate::end_user::EndUser; use ethers::middleware::SignerMiddleware; use ethers::types::{Address, Bytes, H160, U256}; @@ -84,7 +85,7 @@ impl Pkp { pubkey: pubkey.clone(), token_id, eth_address, - key_set_id: "".to_string(), + key_set_id: DEFAULT_DATIL_KEY_SET_NAME.to_string(), is_datil: true, }) } diff --git a/rust/lit-node/lit-node-testnet/src/end_user/pkp/datil.rs b/rust/lit-node/lit-node-testnet/src/end_user/pkp/datil.rs index 80a2df21..55a40299 100644 --- a/rust/lit-node/lit-node-testnet/src/end_user/pkp/datil.rs +++ b/rust/lit-node/lit-node-testnet/src/end_user/pkp/datil.rs @@ -1,4 +1,5 @@ use crate::end_user::EndUser; +use ethers::abi::AbiEncode; use ethers::types::{Address, Bytes, H160, U256}; use lit_blockchain::util::decode_revert; use lit_blockchain_lite::contracts::pkp_permissions::{AuthMethod, PKPPermissions}; @@ -117,7 +118,8 @@ impl Pkp { ) -> Result { info!( "ipfs_cid to permit for token id: {} is: {}", - self.token_id, ipfs_cid + self.token_id.encode_hex(), + ipfs_cid ); let pkp_permissions_address = self.actions.contracts().pkp_permissions.address(); @@ -132,24 +134,43 @@ impl Pkp { let tx = pacc.send().await; if tx.is_err() { error!("Error adding action to pkp: {:?}", tx.unwrap_err()); - return Err(anyhow::anyhow!("Error minting PKP")); + return Err(anyhow::anyhow!("Error adding permitted action to PKP")); } let tx = tx.unwrap(); let tr = tx.await; if tr.is_err() { error!("Error adding action to pkp: {:?}", tr.unwrap_err()); - return Err(anyhow::anyhow!("Error minting PKP")); + return Err(anyhow::anyhow!("Error adding permitted action to PKP")); } let tr = tr.unwrap(); if tr.is_none() { error!("Error adding action to pkp: No transaction receipt?"); - return Err(anyhow::anyhow!("Error minting PKP")); + return Err(anyhow::anyhow!("Error adding permitted action to PKP")); } Ok(true) } + pub async fn is_permitted_action_datil(&self, ipfs_cid: &str) -> Result { + info!( + "ipfs_cid to check for permission for token id: {} is: {}", + self.token_id, ipfs_cid + ); + + let pkp_permissions_address = self.actions.contracts().pkp_permissions.address(); + let pkp_permissions = + PKPPermissions::new(pkp_permissions_address, self.signing_provider.clone()); + let is_permitted = pkp_permissions + .is_permitted_action( + self.token_id, + Bytes::from(bs58::decode(ipfs_cid).into_vec().unwrap()), + ) + .call() + .await?; + Ok(is_permitted) + } + #[doc = "Grant a Address Authmethod permission to use a PKP"] pub async fn add_permitted_address_auth_method_to_pkp_datil( &self, diff --git a/rust/lit-node/lit-node-testnet/src/end_user/pkp/mainnet.rs b/rust/lit-node/lit-node-testnet/src/end_user/pkp/mainnet.rs index b9c446f8..3d93ecc1 100644 --- a/rust/lit-node/lit-node-testnet/src/end_user/pkp/mainnet.rs +++ b/rust/lit-node/lit-node-testnet/src/end_user/pkp/mainnet.rs @@ -1,4 +1,5 @@ use crate::end_user::EndUser; +use ethers::abi::AbiEncode; use ethers::middleware::SignerMiddleware; use ethers::types::{Address, Bytes, H160, U256}; use lit_blockchain::contracts::pkp_permissions::{AuthMethod, PKPPermissions}; @@ -190,7 +191,8 @@ impl Pkp { ) -> Result { info!( "ipfs_cid to permit for token id: {} is: {}", - self.token_id, ipfs_cid + self.token_id.encode_hex(), + ipfs_cid ); let pkp_permissions_address = self.actions.contracts().pkp_permissions.address(); @@ -223,6 +225,25 @@ impl Pkp { Ok(true) } + pub async fn is_permitted_action_mainnet(&self, ipfs_cid: &str) -> Result { + info!( + "ipfs_cid to check for permission for token id: {} is: {}", + self.token_id, ipfs_cid + ); + + let pkp_permissions_address = self.actions.contracts().pkp_permissions.address(); + let pkp_permissions = + PKPPermissions::new(pkp_permissions_address, self.signing_provider.clone()); + let is_permitted = pkp_permissions + .is_permitted_action( + self.token_id, + Bytes::from(bs58::decode(ipfs_cid).into_vec().unwrap()), + ) + .call() + .await?; + Ok(is_permitted) + } + #[doc = "Grant a Address Authmethod permission to use a PKP"] pub async fn add_permitted_address_auth_method_to_pkp_mainnet( &self, diff --git a/rust/lit-node/lit-node-testnet/src/end_user/pkp/mod.rs b/rust/lit-node/lit-node-testnet/src/end_user/pkp/mod.rs index b279ebd1..91345c04 100644 --- a/rust/lit-node/lit-node-testnet/src/end_user/pkp/mod.rs +++ b/rust/lit-node/lit-node-testnet/src/end_user/pkp/mod.rs @@ -2,6 +2,7 @@ mod datil; mod mainnet; use crate::end_user::EndUser; +use ethers::abi::AbiEncode; use ethers::middleware::SignerMiddleware; use ethers::types::{Address, Bytes, H160, U256}; use lit_blockchain::contracts::pkpnft::PKPNFT; @@ -71,7 +72,9 @@ impl Pkp { info!( "Minted PKP with token id: {} / pubkey : {} / eth address: {:?}", - token_id, &pubkey, eth_address + token_id.encode_hex(), + &pubkey, + eth_address ); Ok(Pkp { @@ -136,6 +139,14 @@ impl Pkp { } } + pub async fn is_permitted_action(&self, ipfs_cid: &str) -> Result { + if self.is_datil { + self.is_permitted_action_datil(ipfs_cid).await + } else { + self.is_permitted_action_mainnet(ipfs_cid).await + } + } + #[doc = "Grant a Address Authmethod permission to use a PKP"] pub async fn add_permitted_address_auth_method_to_pkp( &self, diff --git a/rust/lit-node/lit-node-testnet/src/lib.rs b/rust/lit-node/lit-node-testnet/src/lib.rs index 11c1cb75..eb059dde 100644 --- a/rust/lit-node/lit-node-testnet/src/lib.rs +++ b/rust/lit-node/lit-node-testnet/src/lib.rs @@ -285,7 +285,7 @@ impl TestSetupBuilder { if self.low_kick_tolerance { testnet .actions() - .update_all_complaint_configs(Some(5), Some(3), Some(1), Some(10)) + .update_all_complaint_configs(Some(30), Some(3), Some(1), Some(10)) .await .expect("Failed to update complaint configs"); } diff --git a/rust/lit-node/lit-node-testnet/src/testnet/contracts_repo.rs b/rust/lit-node/lit-node-testnet/src/testnet/contracts_repo.rs index adb069e0..b9e024f7 100644 --- a/rust/lit-node/lit-node-testnet/src/testnet/contracts_repo.rs +++ b/rust/lit-node/lit-node-testnet/src/testnet/contracts_repo.rs @@ -22,8 +22,6 @@ use regex::Regex; use serde::{Deserialize, Serialize}; use serde_json::Value; use std::process::Command; -use tokio::fs::File; -use tokio::io::{AsyncReadExt, AsyncWriteExt}; use tracing::{debug, error, info, trace}; @@ -658,19 +656,29 @@ pub async fn check_and_load_test_state_cache( let filename = "anvil_state.hex".to_string(); let path = dir.join(&filename); - let mut file = File::open(&path).await.unwrap(); - let mut contents = String::new(); - file.read_to_string(&mut contents).await.unwrap(); + if !path.exists() { + error!("anvil_state.hex file does not exist in the cache"); + return false; + }; + + let contents = match fs::read_to_string(&path) { + Ok(contents) => contents, + Err(e) => { + error!("Failed to read anvil_state.hex file: {}", e); + return false; + } + }; + + info!("Contents of anvil_state.hex length: {} ", contents.len()); let params: Vec = vec![contents]; - let res: bool = provider - .request("anvil_loadState", params.clone()) - .await - .unwrap(); - if !res { - error!("Couldn't load chain state into anvil..."); + let res: Result = + provider.request("anvil_loadState", params.clone()).await; + + if let Err(e) = res { + error!("Failed to load chain state into anvil: {}", e); return false; - } + }; let block_number = provider.get_block_number().await.unwrap(); trace!("Block number after loading chain state: {}", block_number); @@ -790,9 +798,7 @@ pub async fn save_to_test_state_cache( let filename = "anvil_state.hex".to_string(); let path = dir.join(&filename); - let mut file = File::create(&path).await.unwrap(); - file.write_all(res.as_bytes()).await.unwrap(); - file.sync_all().await.unwrap(); + fs::write(&path, res).expect("Failed to write anvil_state.hex file"); // also save the node configs info!("Getting node configs to cache..."); diff --git a/rust/lit-node/lit-node/src/functions/action_client.rs b/rust/lit-node/lit-node/src/functions/action_client.rs index 184203cb..1323bdfa 100644 --- a/rust/lit-node/lit-node/src/functions/action_client.rs +++ b/rust/lit-node/lit-node/src/functions/action_client.rs @@ -18,12 +18,15 @@ use crate::payment::dynamic::DynamicPayment; use crate::peers::{grpc_client_pool::GrpcClientPool, peer_state::models::SimplePeerCollection}; use crate::pkp; use crate::tasks::utils::generate_hash; +use crate::tss::common::curve_state::CurveState; use crate::tss::common::hd_keys::get_derived_keyshare; use crate::tss::common::tss_state::TssState; -use crate::tss::util::DEFAULT_KEY_SET_NAME; use crate::utils::encoding; +use crate::utils::keysets::get_default_keyset_id; use crate::utils::tracing::inject_tracing_metadata; -use crate::utils::web::{get_default_bls_root_pubkey, hash_access_control_conditions}; +use crate::utils::web::{ + get_bls_root_pubkey, get_default_bls_root_pubkey, hash_access_control_conditions, +}; use anyhow::{Context as _, Result, bail}; use base64_light::base64_decode; use derive_builder::Builder; @@ -39,12 +42,6 @@ use lit_blockchain::resolver::rpc::{ENDPOINT_MANAGER, RpcHealthcheckPoller}; use lit_core::config::LitConfig; use lit_core::error::Unexpected; use lit_core::utils::binary::bytes_to_hex; -use moka::future::Cache; -use serde::{Deserialize, Serialize}; -use tokio::time::Duration; -use tracing::{debug, instrument}; - -use crate::tss::common::curve_state::CurveState; use lit_node_common::config::LitNodeConfig as _; use lit_node_core::{ AccessControlConditionResource, AuthSigItem, BeHex, CompressedBytes, EndpointVersion, @@ -61,6 +58,10 @@ use lit_rust_crypto::{ jubjub, k256, p256, p384, vsss_rs, }; use lit_sdk::signature::{SignedDataOutput, combine_and_verify_signature_shares}; +use moka::future::Cache; +use serde::{Deserialize, Serialize}; +use tokio::time::Duration; +use tracing::{debug, instrument}; const DEFAULT_TIMEOUT_MS: u64 = 30_000; // 30s const DEFAULT_ASYNC_TIMEOUT_MS: u64 = 300_000; // 5m @@ -99,7 +100,8 @@ pub struct Client { endpoint_version: EndpointVersion, #[builder(default, setter(into))] node_set: Vec, - + #[builder(default, setter(into))] + key_set_id: String, // Limits #[builder(default = "DEFAULT_TIMEOUT_MS")] timeout_ms: u64, @@ -528,8 +530,11 @@ impl Client { UnionResponse::PkpPermissionsGetPermitted(PkpPermissionsGetPermittedRequest { method, token_id, + key_set_id, }) => { self.pay(LitActionPriceComponent::ContractCalls, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); + let resources = pkp::utils::pkp_permissions_get_permitted(method, self.lit_config(), token_id) .await?; @@ -544,9 +549,12 @@ impl Client { method, user_id, max_scope_id, + key_set_id, }, ) => { self.pay(LitActionPriceComponent::ContractCalls, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); + let scopes = pkp::utils::pkp_permissions_get_permitted_auth_method_scopes( token_id, self.lit_config(), @@ -561,13 +569,23 @@ impl Client { method, token_id, params, + key_set_id, }) => { self.pay(LitActionPriceComponent::ContractCalls, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); + let cdm = self + .tss_state_and_txn_prefix()? + .0 + .chain_data_config_manager + .clone(); + let is_permitted = pkp::utils::pkp_permissions_is_permitted( token_id, self.lit_config(), method, serde_json::from_slice(¶ms)?, + &key_set_id, + &cdm, ) .await?; PkpPermissionsIsPermittedResponse { is_permitted }.into() @@ -577,21 +595,34 @@ impl Client { token_id, method, user_id, + key_set_id, }, ) => { self.pay(LitActionPriceComponent::ContractCalls, 1).await?; - use lit_blockchain::resolver::contract::ContractResolver; + let key_set_id = self.ensure_key_set_id(key_set_id); + let cdm = self + .tss_state_and_txn_prefix()? + .0 + .chain_data_config_manager + .clone(); - let cfg = self.lit_config(); - let resolver = ContractResolver::try_from(cfg)?; - let contract = resolver.pkp_permissions_contract(cfg).await?; let is_permitted = pkp::utils::pkp_permissions_is_permitted_auth_method( - token_id, cfg, method, user_id, + token_id, + self.lit_config(), + method, + user_id, + &key_set_id, + &cdm, ) .await?; PkpPermissionsIsPermittedAuthMethodResponse { is_permitted }.into() } - UnionResponse::PubkeyToTokenId(PubkeyToTokenIdRequest { public_key }) => { + UnionResponse::PubkeyToTokenId(PubkeyToTokenIdRequest { + public_key, + key_set_id, + }) => { + let key_set_id = self.ensure_key_set_id(key_set_id); + let bytes = encoding::hex_to_bytes(public_key)?; let token_id = format!("0x{}", bytes_to_hex(keccak256(bytes).as_slice())); PubkeyToTokenIdResponse { token_id }.into() @@ -601,7 +632,10 @@ impl Client { public_key, sig_name, eth_personal_sign, + key_set_id, }) => { + let key_set_id = self.ensure_key_set_id(key_set_id); + self.pay(LitActionPriceComponent::Signatures, 1).await?; let success = if eth_personal_sign { @@ -621,7 +655,7 @@ impl Client { self.epoch, action_ipfs_id, SigningScheme::EcdsaK256Sha256, - DEFAULT_KEY_SET_NAME, + &key_set_id, ) .await } else { @@ -633,7 +667,7 @@ impl Client { self.epoch, action_ipfs_id, SigningScheme::EcdsaK256Sha256, - DEFAULT_KEY_SET_NAME, + &key_set_id, ) .await }?; @@ -644,8 +678,10 @@ impl Client { public_key, sig_name, signing_scheme, + key_set_id, }) => { self.pay(LitActionPriceComponent::Signatures, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); let scheme = signing_scheme .parse::() @@ -659,7 +695,7 @@ impl Client { self.epoch, action_ipfs_id, scheme, - DEFAULT_KEY_SET_NAME, + &key_set_id, ) .await?; SignResponse { success }.into() @@ -867,10 +903,12 @@ impl Client { data_to_encrypt_hash, auth_sig, chain, + key_set_id, }) => { self.increment_broad_and_collect_counter()?; self.pay(LitActionPriceComponent::Broadcasts, 1).await?; self.pay(LitActionPriceComponent::Decrypts, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); let (tss_state, txn_prefix) = self.tss_state_and_txn_prefix()?; let json_auth_sig = self.parse_json_authsig_helper(auth_sig)?; @@ -907,7 +945,7 @@ impl Client { // Sign the identity parameter using the blsful secret key share. let (signature_share, share_id) = match cipher_state - .sign(&identity_parameter, DEFAULT_KEY_SET_NAME, self.epoch) + .sign(&identity_parameter, &key_set_id, self.epoch) .await { Ok(signature_share) => signature_share, @@ -976,12 +1014,14 @@ impl Client { data_to_encrypt_hash, auth_sig, chain, + key_set_id, }) => { trace!("Ciphertext: {:?}", &ciphertext); self.increment_broad_and_collect_counter()?; self.pay(LitActionPriceComponent::Broadcasts, 1).await?; self.pay(LitActionPriceComponent::Decrypts, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); let json_auth_sig = self.parse_json_authsig_helper(auth_sig)?; @@ -1026,7 +1066,7 @@ impl Client { // Sign the identity parameter using the blsful secret key share. let (signature_share, share_index) = match cipher_state - .sign(&identity_parameter, DEFAULT_KEY_SET_NAME, self.epoch) + .sign(&identity_parameter, &key_set_id, self.epoch) .await { Ok(signature_share) => signature_share, @@ -1102,10 +1142,12 @@ impl Client { to_sign, public_key, sig_name, + key_set_id, }) => { // we both the signatures and the broadcasts for this operation. self.pay(LitActionPriceComponent::Signatures, 1).await?; self.pay(LitActionPriceComponent::Broadcasts, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); self.increment_broad_and_collect_counter()?; let (tss_state, txn_prefix) = self.tss_state_and_txn_prefix()?; @@ -1121,7 +1163,7 @@ impl Client { self.epoch, action_ipfs_id, SigningScheme::EcdsaK256Sha256, - DEFAULT_KEY_SET_NAME, + &key_set_id, ) .await?; @@ -1191,10 +1233,12 @@ impl Client { public_key, sig_name, signing_scheme, + key_set_id, }) => { // we both the signatures and the broadcasts for this operation. self.pay(LitActionPriceComponent::Signatures, 1).await?; self.pay(LitActionPriceComponent::Broadcasts, 1).await?; + let key_set_id = self.ensure_key_set_id(key_set_id); let scheme = signing_scheme .parse::() @@ -1221,7 +1265,7 @@ impl Client { self.epoch, action_ipfs_id, scheme, - DEFAULT_KEY_SET_NAME, + &key_set_id, ) .await?; @@ -1388,10 +1432,13 @@ impl Client { UnionResponse::EncryptBls(EncryptBlsRequest { access_control_conditions, to_encrypt, + key_set_id, }) => { + let key_set_id = self.ensure_key_set_id(key_set_id); + let (tss_state, txn_prefix) = self.tss_state_and_txn_prefix()?; let tss_state = Arc::new(tss_state); - let network_pubkey = get_default_bls_root_pubkey(&tss_state)?; + let network_pubkey = get_bls_root_pubkey(&tss_state, &key_set_id)?; let network_pubkey = blsful::PublicKey::try_from(&hex::decode(&network_pubkey)?)?; use sha2::{Digest, Sha256}; @@ -1505,14 +1552,15 @@ impl Client { } let (tss_state, txn_prefix) = self.tss_state_and_txn_prefix()?; + + let cdm = &tss_state.chain_data_config_manager; + let key_set_id = get_default_keyset_id(cdm)?; + let txn_prefix = format!("{txn_prefix}_signasaction_{scheme}"); let tss_state = Arc::new(tss_state); let curve_type = scheme.curve_type(); - let curve_state = CurveState::new( - tss_state.peer_state.clone(), - curve_type, - DEFAULT_KEY_SET_NAME, - ); + let curve_state = + CurveState::new(tss_state.peer_state.clone(), curve_type, &key_set_id); let root_keys = curve_state.root_keys()?; let pubkey = lit_sdk::signature::get_lit_action_public_key( scheme, @@ -1548,13 +1596,12 @@ impl Client { let curve_type = scheme.curve_type(); let (tss_state, txn_prefix) = self.tss_state_and_txn_prefix()?; + let cdm = &tss_state.chain_data_config_manager; + let key_set_id = get_default_keyset_id(cdm)?; let txn_prefix = format!("{txn_prefix}_signasaction_{scheme}"); let tss_state = Arc::new(tss_state); - let curve_state = CurveState::new( - tss_state.peer_state.clone(), - curve_type, - DEFAULT_KEY_SET_NAME, - ); + let curve_state = + CurveState::new(tss_state.peer_state.clone(), curve_type, &key_set_id); let root_keys = curve_state.root_keys()?; let pubkey = lit_sdk::signature::get_lit_action_public_key( scheme, @@ -1663,10 +1710,8 @@ impl Client { } debug!( - "sign_helper() called with to_sign: {:?}, pubkey: {}, sig_name: {}", + "sign_helper() called with to_sign: {:?}, pubkey: {pubkey}, sig_name: {sig_name}, key_set_id: {key_set_id}", bytes_to_hex(to_sign.clone()), - pubkey, - sig_name ); let tss_state = self @@ -1789,6 +1834,14 @@ impl Client { .map_err(|e| anyhow::anyhow!(format!("Error checking access control conditions: {e:?}"))) } + fn ensure_key_set_id(&self, key_set_id: String) -> String { + if key_set_id.is_empty() { + self.key_set_id.clone() + } else { + key_set_id + } + } + async fn get_bls_root_pubkey(&self) -> Result { let tss_state = match &self.js_env.tss_state { Some(tss_state) => Arc::new(tss_state.clone()), @@ -1834,20 +1887,19 @@ impl Client { signing_scheme ); + let cdm = &tss_state.chain_data_config_manager; + let key_set_id = get_default_keyset_id(cdm)?; + let curve_type = signing_scheme.curve_type(); let mut sign_state = tss_state.get_signing_state(signing_scheme)?; - let curve_state = CurveState::new( - tss_state.peer_state.clone(), - curve_type, - DEFAULT_KEY_SET_NAME, - ); + let curve_state = CurveState::new(tss_state.peer_state.clone(), curve_type, &key_set_id); let key_id = keccak256(format!("lit_action_{action_ipfs_id}")); let epoch = tss_state.get_keyshare_epoch().await; let pubkey = self .get_action_pubkey( tss_state.clone(), action_ipfs_id, - DEFAULT_KEY_SET_NAME, + &key_set_id, signing_scheme, ) .await?; @@ -1857,7 +1909,7 @@ impl Client { pubkey, Some(key_id.to_vec()), self.request_id().as_bytes().to_vec(), - DEFAULT_KEY_SET_NAME, + &key_set_id, Some(epoch), &self.node_set, ) diff --git a/rust/lit-node/lit-node/src/git_info.rs b/rust/lit-node/lit-node/src/git_info.rs index d03f8018..7f15cc8a 100644 --- a/rust/lit-node/lit-node/src/git_info.rs +++ b/rust/lit-node/lit-node/src/git_info.rs @@ -1 +1 @@ -pub const GIT_COMMIT_HASH: &str = "3bd5a01612eab6a530c25cd65e6efdc6c6a3a420"; +pub const GIT_COMMIT_HASH: &str = "4cb2a5f692eb6f8d83637b0806a4df743d5ee8e1"; diff --git a/rust/lit-node/lit-node/src/pkp/auth/datil.rs b/rust/lit-node/lit-node/src/pkp/auth/datil.rs index e846996b..e09a86ce 100644 --- a/rust/lit-node/lit-node/src/pkp/auth/datil.rs +++ b/rust/lit-node/lit-node/src/pkp/auth/datil.rs @@ -39,7 +39,8 @@ pub async fn datil_check_pkp_auth( ) -> Result { use std::io::Error; - let datil_contracts = DatilContracts::new(tss_state, key_set_id).await?; + let datil_contracts = + DatilContracts::new(&tss_state.chain_data_config_manager, key_set_id).await?; let pkp_permissions_contract = datil_contracts.pkp_permissions; let pkp_nft_contract = datil_contracts.pkp_nft; diff --git a/rust/lit-node/lit-node/src/pkp/auth/mod.rs b/rust/lit-node/lit-node/src/pkp/auth/mod.rs index 59911fd4..0b49c1c5 100644 --- a/rust/lit-node/lit-node/src/pkp/auth/mod.rs +++ b/rust/lit-node/lit-node/src/pkp/auth/mod.rs @@ -4,6 +4,7 @@ use crate::error::{self, Error, unexpected_err_code, validation_err, validation_ use crate::error::{EC, unexpected_err}; use crate::models; use crate::tss::common::tss_state::TssState; +use crate::utils::datil_contract::is_datil_key_set_id; use crate::utils::encoding; use anyhow::Result; use ethers::abi::AbiEncode; @@ -344,7 +345,7 @@ pub async fn check_pkp_auth( key_set_id: &str, tss_state: &TssState, ) -> Result { - if key_set_id.contains("datil") { + if is_datil_key_set_id(key_set_id) { return datil::datil_check_pkp_auth( ipfs_id_option, auth_sig, diff --git a/rust/lit-node/lit-node/src/pkp/mod.rs b/rust/lit-node/lit-node/src/pkp/mod.rs index 04af1fe4..b8bd2963 100644 --- a/rust/lit-node/lit-node/src/pkp/mod.rs +++ b/rust/lit-node/lit-node/src/pkp/mod.rs @@ -1,2 +1,3 @@ pub mod auth; pub mod utils; +pub mod utils_datil; diff --git a/rust/lit-node/lit-node/src/pkp/utils.rs b/rust/lit-node/lit-node/src/pkp/utils.rs index ad370056..863bb603 100644 --- a/rust/lit-node/lit-node/src/pkp/utils.rs +++ b/rust/lit-node/lit-node/src/pkp/utils.rs @@ -1,11 +1,18 @@ use crate::{ + config::chain::ChainDataConfigManager, error::validation_err_code, models::AuthContext, peers::PeerState, - pkp::auth::verify_auth_method_for_claim, + pkp::{ + auth::verify_auth_method_for_claim, + utils_datil::{ + datil_get_pubkey_routing_data_from_pubkey, + datil_pkp_permissions_is_permitted_auth_method, + }, + }, tss::common::{storage::any_key_share_exists, tss_state::TssState}, utils::{ - datil_contract::DatilContracts, + datil_contract::is_datil_key_set_id, encoding::{self, ipfs_cid_to_bytes, string_to_eth_address, string_to_u256}, }, }; @@ -19,7 +26,7 @@ use lit_blockchain::{ contracts::pubkey_router::RootKey, resolver::contract::ContractResolver, util::decode_revert, }; use lit_core::{config::LitConfig, error::Unexpected}; -use lit_node_core::{CurveType, JsonAuthSig}; +use lit_node_core::JsonAuthSig; use serde_json::{Value, json}; use std::sync::Arc; use tracing::instrument; @@ -39,6 +46,8 @@ pub async fn pkp_permissions_is_permitted( cfg: &LitConfig, method: String, params: Vec, + key_set_id: &str, + cdm: &ChainDataConfigManager, ) -> Result { let resolver = ContractResolver::try_from(cfg) .map_err(|e| unexpected_err_code(e, EC::NodeContractResolverConversionFailed, None))?; @@ -179,7 +188,21 @@ pub async fn pkp_permissions_is_permitted_auth_method( cfg: &LitConfig, auth_method_type_str: String, user_id_vec: Vec, + key_set_id: &str, + cdm: &ChainDataConfigManager, ) -> Result { + if is_datil_key_set_id(key_set_id) { + return datil_pkp_permissions_is_permitted_auth_method( + token_id_str, + cfg, + auth_method_type_str, + user_id_vec, + key_set_id, + cdm, + ) + .await; + } + let resolver = ContractResolver::try_from(cfg) .map_err(|e| unexpected_err_code(e, EC::NodeContractResolverConversionFailed, None))?; let contract = resolver.pkp_permissions_contract(cfg).await?; @@ -371,8 +394,13 @@ pub async fn sign( )); } - let pubkey_routing_data = - get_pubkey_routing_data_from_pubkey(&tss_state, cfg, &pubkey, key_set_id).await; + let pubkey_routing_data = get_pubkey_routing_data_from_pubkey( + &tss_state.chain_data_config_manager, + cfg, + &pubkey, + key_set_id, + ) + .await; // if this is an HD key, we need to get the root pubkeys, otherwise check the fs for the key share let pubkey_routing_data = match pubkey_routing_data { @@ -460,14 +488,15 @@ pub async fn sign( #[instrument(skip(cfg), level = "debug")] pub async fn get_pubkey_routing_data_from_pubkey( - tss_state: &TssState, + cdm: &ChainDataConfigManager, cfg: &LitConfig, pubkey: &str, key_set_id: &str, ) -> Result { - if key_set_id.contains("datil") { - return get_datil_pubkey_routing_data_from_pubkey(tss_state, cfg, pubkey, key_set_id).await; + if is_datil_key_set_id(key_set_id) { + return datil_get_pubkey_routing_data_from_pubkey(cdm, cfg, pubkey, key_set_id).await; } + let resolver = ContractResolver::try_from(cfg) .map_err(|e| unexpected_err_code(e, EC::NodeContractResolverConversionFailed, None))?; let contract = resolver.pub_key_router_contract(cfg).await?; @@ -487,38 +516,6 @@ pub async fn get_pubkey_routing_data_from_pubkey( pubkey_routing_data.try_into() } -#[instrument(skip(cfg), level = "debug")] -pub async fn get_datil_pubkey_routing_data_from_pubkey( - tss_state: &TssState, - cfg: &LitConfig, - pubkey: &str, - key_set_id: &str, -) -> Result { - let datil_contracts = DatilContracts::new(tss_state, key_set_id).await?; - let contract = datil_contracts.pubkey_router; - let pubkey_bytes = encoding::hex_to_bytes(pubkey)?; - let hashed_pubkey = keccak256(pubkey_bytes); - let token_id = U256::from_big_endian(hashed_pubkey.as_slice()); - - trace!("token_id: {}", token_id); - let datil_pubkey_routing_data : lit_blockchain_lite::contracts::pubkey_router::PubkeyRoutingData = contract.pubkeys(token_id).call().await.map_err(|e| { - unexpected_err_code( - e, - NodeUnknownError, - Some("Could not find token id in pubkey routing contract.".to_string()), - ) - })?; - - let pubkey_routing_data = PubKeyRoutingData { - pubkey: datil_pubkey_routing_data.pubkey.to_vec(), - curve_type: CurveType::try_from(datil_pubkey_routing_data.key_type) - .expect("Failed to convert curve type"), - tweak_preimage: datil_pubkey_routing_data.derived_key_id, - key_set_identifier: key_set_id.to_string(), - }; - Ok(pubkey_routing_data) -} - pub async fn vote_for_root_key( cfg: &LitConfig, key_set_id: &str, diff --git a/rust/lit-node/lit-node/src/pkp/utils_datil.rs b/rust/lit-node/lit-node/src/pkp/utils_datil.rs new file mode 100644 index 00000000..1b3fd0bc --- /dev/null +++ b/rust/lit-node/lit-node/src/pkp/utils_datil.rs @@ -0,0 +1,344 @@ +use crate::{ + config::chain::ChainDataConfigManager, + utils::{ + datil_contract::DatilContracts, + encoding::{self, ipfs_cid_to_bytes, string_to_eth_address, string_to_u256}, + }, +}; + +use crate::error::{EC::NodeUnknownError, Result, unexpected_err_code}; +use crate::models::PubKeyRoutingData; +use ethers::types::U256; +use ethers::{prelude::*, utils::keccak256}; +use lit_core::config::LitConfig; +use lit_node_core::CurveType; +use serde_json::{Value, json}; +use tracing::instrument; + +pub async fn datil_pkp_permissions_is_permitted( + token_id_str: String, + cfg: &LitConfig, + method: String, + params: Vec, + key_set_id: &str, + cdm: &ChainDataConfigManager, +) -> Result { + let datil_contracts = DatilContracts::new(cdm, key_set_id).await?; + let contract = datil_contracts.pkp_permissions; + + let token_id = match string_to_u256(token_id_str) { + Ok(token_id) => token_id, + Err(e) => { + let msg = "Could not convert token id to u256"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + let res; + + if method == "isPermittedAction" { + let param_str = match params[0].as_str() { + Some(param_str) => param_str, + None => { + let msg = "ipfs_id is not a string"; + error!("{}", msg); + return Err(unexpected_err_code(msg, NodeUnknownError, None)); + } + }; + let ipfs_id = match ipfs_cid_to_bytes(param_str.to_string()) { + Ok(ipfs_id) => ipfs_id, + Err(e) => { + let msg = "Could not convert ipfs id to bytes"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + + res = contract + .is_permitted_action(token_id, Bytes::from(ipfs_id.to_vec())) + .call() + .await; + } else if method == "isPermittedAddress" { + let param_str = match params[0].as_str() { + Some(param_str) => param_str, + None => { + let msg = "address is not a string"; + error!("{}", msg); + return Err(unexpected_err_code(msg, NodeUnknownError, None)); + } + }; + let address = match string_to_eth_address(param_str) { + Ok(address) => address, + Err(e) => { + let msg = "Could not convert eth address to bytes"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + + res = contract + .is_permitted_address(token_id, address) + .call() + .await; + } else if method == "isPermittedAuthMethod" { + let param_str = match params[0].as_str() { + Some(param_str) => param_str, + None => { + let msg = "auth_method_type is not a string"; + error!("{}", msg); + return Err(unexpected_err_code(msg, NodeUnknownError, None)); + } + }; + let auth_method_type = match string_to_u256(param_str) { + Ok(auth_method_type) => auth_method_type, + Err(e) => { + let msg = "Could not convert auth_method_type to u256"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + let param_array = match params[1].as_array() { + Some(param_array) => param_array, + None => { + let msg = "user_id is not an array"; + error!("{}", msg); + return Err(unexpected_err_code(msg, NodeUnknownError, None)); + } + }; + + let mut user_id: Vec = Vec::new(); + for _user_id in param_array { + match _user_id.as_u64() { + Some(_user_id_u64) => user_id.push(_user_id_u64 as u8), + None => { + return Err(unexpected_err_code( + "user_id is not an array of u8 bytes", + NodeUnknownError, + None, + )); + } + } + } + + let user_id = Bytes::from(user_id); + res = contract + .is_permitted_auth_method(token_id, auth_method_type, user_id) + .call() + .await; + } else { + return Err(unexpected_err_code( + format!("Method not found: {method}"), + NodeUnknownError, + None, + )); + } + + res.map_err(|e| { + let msg = format!("Error calling {method}: {e}"); + error!("{}", msg); + unexpected_err_code(e, NodeUnknownError, Some(msg)) + }) +} + +pub async fn datil_pkp_permissions_is_permitted_auth_method( + token_id_str: String, + cfg: &LitConfig, + auth_method_type_str: String, + user_id_vec: Vec, + key_set_id: &str, + cdm: &ChainDataConfigManager, +) -> Result { + let datil_contracts = DatilContracts::new(cdm, key_set_id).await?; + let contract = datil_contracts.pkp_permissions; + + let token_id = match string_to_u256(token_id_str) { + Ok(token_id) => token_id, + Err(e) => { + let msg = "Could not convert token id to u256"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + + let auth_method_type = match string_to_u256(auth_method_type_str) { + Ok(auth_method_type) => auth_method_type, + Err(e) => { + let msg = "Could not convert auth_method_type to u256"; + error!("{}", msg); + return Err(unexpected_err_code( + e, + NodeUnknownError, + Some(msg.to_owned()), + )); + } + }; + + let user_id = Bytes::from(user_id_vec); + contract + .is_permitted_auth_method(token_id, auth_method_type, user_id) + .call() + .await + .map_err(|e| { + let msg = format!("Error calling isPermittedAuthMethod: {e}"); + error!("{}", msg); + unexpected_err_code(e, NodeUnknownError, Some(msg)) + }) +} + +pub async fn datil_pkp_permissions_get_permitted( + method: String, + cfg: &LitConfig, + token_id_str: String, + key_set_id: &str, + cdm: &ChainDataConfigManager, +) -> Result> { + let datil_contracts = DatilContracts::new(cdm, key_set_id).await?; + let contract = datil_contracts.pkp_permissions; + + let token_id = string_to_u256(token_id_str).map_err(|e| { + unexpected_err_code( + e, + NodeUnknownError, + Some("Could not convert token id to u256".into()), + ) + })?; + let ret_val; + + if method == "getPermittedAddresses" { + let res = contract + .get_permitted_addresses(token_id) + .call() + .await + .map_err(|e| { + unexpected_err_code(e, NodeUnknownError, Some(format!("Error calling {method}"))) + })?; + ret_val = res + .iter() + .map(|x| json!(format!("0x{}", encoding::bytes_to_hex(x.as_bytes())))) + .collect::>(); + } else if method == "getPermittedActions" { + let res = contract + .get_permitted_actions(token_id) + .call() + .await + .map_err(|e| { + unexpected_err_code(e, NodeUnknownError, Some(format!("Error calling {method}"))) + })?; + ret_val = res + .iter() + .map(|x| { + json!(encoding::bytes_to_ipfs_cid(x).expect("Could not convert bytes to ipfs cid")) + }) + .collect::>(); + } else if method == "getPermittedAuthMethods" { + let res = contract + .get_permitted_auth_methods(token_id) + .call() + .await + .map_err(|e| { + unexpected_err_code(e, NodeUnknownError, Some(format!("Error calling {method}"))) + })?; + ret_val = res.iter().map(|x| json!(x)).collect::>(); + } else { + return Err(unexpected_err_code( + format!("Method not found: {method}"), + NodeUnknownError, + None, + )); + } + + Ok(ret_val) +} + +pub async fn datil_pkp_permissions_get_permitted_auth_method_scopes( + token_id_str: String, + cfg: &LitConfig, + auth_method_type_str: String, + id_vec: Vec, + max_scope_id_int: u64, + key_set_id: &str, + cdm: &ChainDataConfigManager, +) -> Result> { + let datil_contracts = DatilContracts::new(cdm, key_set_id).await?; + let contract = datil_contracts.pkp_permissions; + + let token_id = string_to_u256(token_id_str).map_err(|e| { + unexpected_err_code( + e, + NodeUnknownError, + Some("Could not convert token id to u256".into()), + ) + })?; + + let auth_method_type = string_to_u256(auth_method_type_str).map_err(|e| { + unexpected_err_code( + e, + NodeUnknownError, + Some("Could not convert auth_method_type to u256".into()), + ) + })?; + let id = Bytes::from(id_vec); + let max_scope_id = U256::from(max_scope_id_int); + + contract + .get_permitted_auth_method_scopes(token_id, auth_method_type, id, max_scope_id) + .call() + .await + .map_err(|e| { + let msg = format!("Error calling get_permitted_auth_method_scopes: {e}"); + error!("{}", msg); + unexpected_err_code(e, NodeUnknownError, Some(msg)) + }) +} + +#[instrument(skip(cfg), level = "debug")] +pub async fn datil_get_pubkey_routing_data_from_pubkey( + cdm: &ChainDataConfigManager, + cfg: &LitConfig, + pubkey: &str, + key_set_id: &str, +) -> Result { + let datil_contracts = DatilContracts::new(cdm, key_set_id).await?; + let contract = datil_contracts.pubkey_router; + let pubkey_bytes = encoding::hex_to_bytes(pubkey)?; + let hashed_pubkey = keccak256(pubkey_bytes); + let token_id = U256::from_big_endian(hashed_pubkey.as_slice()); + + trace!("token_id: {}", token_id); + let datil_pubkey_routing_data : lit_blockchain_lite::contracts::pubkey_router::PubkeyRoutingData = contract.pubkeys(token_id).call().await.map_err(|e| { + unexpected_err_code( + e, + NodeUnknownError, + Some("Could not find token id in pubkey routing contract.".to_string()), + ) + })?; + + let pubkey_routing_data = PubKeyRoutingData { + pubkey: datil_pubkey_routing_data.pubkey.to_vec(), + curve_type: CurveType::try_from(datil_pubkey_routing_data.key_type) + .expect("Failed to convert curve type"), + tweak_preimage: datil_pubkey_routing_data.derived_key_id, + key_set_identifier: key_set_id.to_string(), + }; + Ok(pubkey_routing_data) +} diff --git a/rust/lit-node/lit-node/src/tasks/fsm/epoch_change.rs b/rust/lit-node/lit-node/src/tasks/fsm/epoch_change.rs index c515d1d7..b2f00410 100644 --- a/rust/lit-node/lit-node/src/tasks/fsm/epoch_change.rs +++ b/rust/lit-node/lit-node/src/tasks/fsm/epoch_change.rs @@ -9,6 +9,8 @@ use crate::tss::common::key_persistence::RECOVERY_DKG_EPOCH; use crate::tss::common::traits::fsm_worker_metadata::FSMWorkerMetadata; use crate::tss::dkg::engine::DkgAfterRestore; use crate::tss::dkg::manager::DkgManager; +use crate::utils::datil_contract::is_datil_key_set_id; +use crate::utils::version_update::peers_not_at_version_2_1_8; use crate::version::DataVersionReader; use ethers::types::U256; use lit_core::error::Result; @@ -138,7 +140,7 @@ pub(crate) async fn perform_epoch_change( let restore_key_sets = if dkg_manager.next_dkg_after_restore.value() { let mut restore_key_sets: Vec = existing_key_sets.clone(); - restore_key_sets.retain(|ks| ks.identifier.to_lowercase().contains("datil")); // this will need to be updated to use the actual keyset identifier. + restore_key_sets.retain(|ks| is_datil_key_set_id(&ks.identifier)); // this will need to be updated to use the actual keyset identifier. if !restore_key_sets.is_empty() { existing_key_sets.retain(|ks| !restore_key_sets.contains(ks)); } @@ -392,7 +394,7 @@ async fn process_epoch_for_key_set( }; let lifecycle_id = fsm_worker_metadata.get_lifecycle_id(realm_id); - if new_peers.has_version_lower_than("2.1.8") { + if peers_not_at_version_2_1_8(new_peers) { match key_share_proofs_check(&dkg_manager.tss_state, &res, new_peers, latest_dkg_id, realm_id, epoch, lifecycle_id).await { Err(e) => { warn!("Key share proofs check failed in realm {}: {}", realm_id, e); diff --git a/rust/lit-node/lit-node/src/tasks/fsm/utils.rs b/rust/lit-node/lit-node/src/tasks/fsm/utils.rs index 511fee25..ad570715 100644 --- a/rust/lit-node/lit-node/src/tasks/fsm/utils.rs +++ b/rust/lit-node/lit-node/src/tasks/fsm/utils.rs @@ -8,6 +8,7 @@ use crate::tss::common::tss_state::TssState; use crate::utils::key_share_proof::{ KeyShareProofs, compute_key_share_proofs, verify_key_share_proofs, }; +use crate::utils::version_update::peers_not_at_version_2_1_8; use crate::version::{DataVersionReader, get_version}; use ethers::types::U256; use lit_blockchain::contracts::staking::Version; @@ -192,7 +193,7 @@ pub(crate) async fn key_share_proofs_check( trace!("Key share proof check - root keys: {:?}", root_keys_map); for (identifier, map) in &root_keys_map { - let noonce = if peers.has_version_lower_than("2.1.8") { + let noonce = if peers_not_at_version_2_1_8(peers) { format!("{epoch}-{lifecycle_id}") } else { format!("{epoch}-{lifecycle_id}-{identifier}") diff --git a/rust/lit-node/lit-node/src/tss/dkg/manager.rs b/rust/lit-node/lit-node/src/tss/dkg/manager.rs index ca37c3a1..af2fac74 100644 --- a/rust/lit-node/lit-node/src/tss/dkg/manager.rs +++ b/rust/lit-node/lit-node/src/tss/dkg/manager.rs @@ -7,6 +7,7 @@ use crate::tss::common::dkg_type::DkgType; use crate::tss::common::tss_state::TssState; use crate::tss::dkg::engine::{DkgAfterRestore, DkgEngine}; use crate::tss::dkg::models::Mode; +use crate::utils::version_update::peers_not_at_version_2_1_8; use crate::version::DataVersionWriter; use lit_core::error::Unexpected; use std::collections::HashMap; @@ -78,8 +79,8 @@ impl DkgManager { DkgType::Standard => hd_root_key_count, }; // this is temporary code, while we upgrade from 2.1.5->2.1.8 - let epoch_dkg_id = if new_peers.has_version_lower_than("2.1.8") - || current_peers.has_version_lower_than("2.1.8") + let epoch_dkg_id = if peers_not_at_version_2_1_8(new_peers) + || peers_not_at_version_2_1_8(current_peers) { format!("{}.{}.{}", dkg_id, curve_type, self.dkg_type) } else { diff --git a/rust/lit-node/lit-node/src/utils/datil_contract.rs b/rust/lit-node/lit-node/src/utils/datil_contract.rs index 76957149..6b7e2c79 100644 --- a/rust/lit-node/lit-node/src/utils/datil_contract.rs +++ b/rust/lit-node/lit-node/src/utils/datil_contract.rs @@ -1,5 +1,5 @@ +use crate::config::chain::ChainDataConfigManager; use crate::error::{Result, unexpected_err}; -use crate::tss::common::tss_state::TssState; use crate::version::DataVersionReader; use ethers::prelude::*; use lit_blockchain::resolver::rpc::{ENDPOINT_MANAGER, RpcHealthcheckPoller}; @@ -15,8 +15,7 @@ pub struct DatilContracts { } impl DatilContracts { - pub async fn new(tss_state: &TssState, key_set_id: &str) -> Result { - let cdm = tss_state.chain_data_config_manager.clone(); + pub async fn new(cdm: &ChainDataConfigManager, key_set_id: &str) -> Result { let key_set_config = DataVersionReader::read_field_unchecked(&cdm.key_sets, |key_sets| { key_sets.get(key_set_id).cloned().ok_or_else(|| { unexpected_err( @@ -100,3 +99,7 @@ impl DatilContracts { }) } } + +pub fn is_datil_key_set_id(key_set_id: &str) -> bool { + key_set_id.to_lowercase().contains("datil") +} diff --git a/rust/lit-node/lit-node/src/utils/mod.rs b/rust/lit-node/lit-node/src/utils/mod.rs index 2425d17c..3a9e0599 100644 --- a/rust/lit-node/lit-node/src/utils/mod.rs +++ b/rust/lit-node/lit-node/src/utils/mod.rs @@ -14,5 +14,6 @@ pub mod serde_encrypt; pub mod siwe; pub mod tracing; pub mod traits; +pub mod version_update; #[allow(dead_code)] pub mod web; diff --git a/rust/lit-node/lit-node/src/utils/version_update.rs b/rust/lit-node/lit-node/src/utils/version_update.rs new file mode 100644 index 00000000..c713df82 --- /dev/null +++ b/rust/lit-node/lit-node/src/utils/version_update.rs @@ -0,0 +1,8 @@ +// note - this file contains code that can be deleted after the version upgrade tests are enabled. +// we put these here, because they may have some custom logic that is more complex than just checking the version. + +use crate::peers::peer_state::models::SimplePeerCollection; + +pub fn peers_not_at_version_2_1_8(peers: &SimplePeerCollection) -> bool { + peers.has_version_lower_than("2.1.8") +} diff --git a/rust/lit-node/lit-node/tests/common/lit_actions.rs b/rust/lit-node/lit-node/tests/common/lit_actions.rs index b374d823..b18096aa 100644 --- a/rust/lit-node/lit-node/tests/common/lit_actions.rs +++ b/rust/lit-node/lit-node/tests/common/lit_actions.rs @@ -33,7 +33,7 @@ pub const HELLO_WORLD_LIT_ACTION_CODE: &str = "const go = async () => { let utf8Encode = new TextEncoder(); const toSign = utf8Encode.encode('This message is exactly 32 bytes'); - const sigShare = await Lit.Actions.signEcdsa({ toSign, publicKey, sigName }); + const sigShare = await Lit.Actions.signEcdsa({ toSign, publicKey, sigName, keySetId }); }; go();"; @@ -43,7 +43,8 @@ const CALL_CHILD_LIT_ACTION_CODE: &str = "const go = async () => { const _ = await Lit.Actions.call({ ipfsId: 'QmRwN9GKHvCn4Vk7biqtr6adjXMs7PzzYPCzNCRjPFiDjm', params: { toSign: Array.from(toSign), publicKey, - sigName + sigName, + keySetId }}); }; go();"; @@ -95,20 +96,19 @@ pub async fn lit_action_params( Option, Option, Option>, - String, )> { let lit_action_code = data_encoding::BASE64.encode(lit_action_code.as_bytes()); let mut js_params = serde_json::Map::new(); js_params.insert("publicKey".to_string(), pubkey.into()); js_params.insert("sigName".to_string(), "sig1".into()); + js_params.insert("keySetId".to_string(), key_set_id.clone().into()); Ok(( lit_action_code, None, Some(serde_json::Value::Object(js_params)), None, - key_set_id, )) } @@ -124,7 +124,7 @@ pub async fn sign_using_child_lit_action( let (pubkey, _token_id, _eth_address, key_set_id) = end_user.first_pkp().info(); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params(lit_action_code, pubkey, key_set_id.clone()).await?; let node_set = validator_collection.random_threshold_nodeset().await; @@ -140,7 +140,7 @@ pub async fn sign_using_child_lit_action( js_params, auth_methods, epoch, - &key_set_id, + key_set_id, ) .await?; @@ -184,7 +184,7 @@ pub async fn sign_from_file_system( js_params, auth_methods, epoch, - &key_set_id, + key_set_id, ) .await?; @@ -202,7 +202,7 @@ pub async fn generate_session_sigs_and_execute_lit_action( js_params: Option, auth_methods: Option>, epoch: u64, - key_set_id: &str, + key_set_id: String, ) -> Result>> { info!("lit_action_code: {:?}", lit_action_code); let session_sigs_and_node_set = get_session_sigs_for_auth( @@ -240,7 +240,7 @@ pub async fn execute_lit_action_session_sigs( auth_methods: Option>, session_sigs_and_node_set: &[SessionSigAndNodeSet], epoch: u64, - key_set_id: &str, + key_set_id: String, ) -> Result>> { info!("executing lit action with session sigs"); // Generate JSON body for each port @@ -264,7 +264,7 @@ pub async fn execute_lit_action_session_sigs( epoch, node_set: nodes.clone(), invocation: Invocation::Sync, - key_set_id: key_set_id.to_string(), + key_set_id: key_set_id.clone(), }; lit_sdk::EndpointRequest { node_set: sig_and_nodeset.node.clone(), @@ -295,7 +295,8 @@ pub async fn prepare_sign_from_file_parameters( let (pubkey, _token_id, _eth_address, key_set_id) = end_user.first_pkp().info(); - lit_action_params(lit_action_code, pubkey, key_set_id).await + let params = lit_action_params(lit_action_code, pubkey, key_set_id.clone()).await?; + Ok((params.0, params.1, params.2, params.3, key_set_id)) } pub async fn execute_lit_action_auth_sig( @@ -306,7 +307,7 @@ pub async fn execute_lit_action_auth_sig( auth_methods: Option>, auth_sig_item: AuthSigItem, epoch: u64, - key_set_id: &str, + key_set_id: String, ) -> Vec> { let execute_request = JsonExecutionRequest { auth_sig: auth_sig_item, @@ -317,7 +318,7 @@ pub async fn execute_lit_action_auth_sig( epoch, node_set: node_set.keys().cloned().collect(), invocation: Invocation::Sync, - key_set_id: key_set_id.to_string(), + key_set_id: key_set_id.clone(), }; let my_private_key = OsRng.r#gen(); let response = lit_sdk::ExecuteFunctionRequest::new() @@ -478,14 +479,7 @@ pub async fn generate_pkp_check_is_permitted_pkp_action( .await; assert!(res.is_ok()); - let res = lit_node::pkp::utils::pkp_permissions_is_permitted( - token_id.to_string(), - loaded_config.as_ref(), - String::from("isPermittedAction"), - [serde_json::Value::from(ipfs_cid)].to_vec(), - ) - .await - .map_err(|e| anyhow::anyhow!("Error getting permitted actions: {e:?}")); + let res = pkp.is_permitted_action(ipfs_cid).await; assert!(res.is_ok()); res diff --git a/rust/lit-node/lit-node/tests/common/web_user_tests.rs b/rust/lit-node/lit-node/tests/common/web_user_tests.rs index c5f87f36..84f60def 100644 --- a/rust/lit-node/lit-node/tests/common/web_user_tests.rs +++ b/rust/lit-node/lit-node/tests/common/web_user_tests.rs @@ -466,7 +466,6 @@ pub async fn test_lit_action_session_sigs( pub async fn generate_session_sigs_execute_lit_action( validator_collection: &ValidatorCollection, lit_action_code: &str, - end_user: &EndUser, ) -> Result>> { let (pubkey, _token_id, pkp_eth_address, key_set_id) = end_user.first_pkp().info(); @@ -503,11 +502,12 @@ pub async fn generate_session_sigs_execute_lit_action( .expect("Could not get session sigs"); // run - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params(lit_action_code.to_string(), pubkey, key_set_id.clone()) .await .expect("Could not get lit action params"); + info!("Executing lit action with session sigs"); execute_lit_action_session_sigs( Some(lit_action_code), ipfs_id, @@ -515,7 +515,7 @@ pub async fn generate_session_sigs_execute_lit_action( auth_methods, &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await } diff --git a/rust/lit-node/lit-node/tests/integration/lit_actions.rs b/rust/lit-node/lit-node/tests/integration/lit_actions.rs index 8ef989e0..31f96939 100644 --- a/rust/lit-node/lit-node/tests/integration/lit_actions.rs +++ b/rust/lit-node/lit-node/tests/integration/lit_actions.rs @@ -19,6 +19,7 @@ pub mod litactions { LitResourcePrefix, SigningScheme, UnifiedAccessControlCondition, UnifiedAccessControlConditionItem, constants::CHAIN_LOCALCHAIN, }; + use lit_node_testnet::DatilTestnetType; use lit_node_testnet::end_user::EndUser; use lit_node_testnet::testnet::Testnet; use lit_node_testnet::validator::ValidatorCollection; @@ -52,31 +53,37 @@ pub mod litactions { &[LaPC::Broadcasts, LaPC::Decrypts, LaPC::ContractCalls]; const LAPC_BC: &[LitActionPriceComponent] = &[LaPC::Broadcasts, LaPC::ContractCalls]; const LAPC_SB: &[LitActionPriceComponent] = &[LaPC::Signatures, LaPC::Broadcasts]; + const LA_DATIL: DatilTestnetType = DatilTestnetType::Default; + const LA_NAGA: DatilTestnetType = DatilTestnetType::None; // Notes: // - The 2 tests inside test_pkp_permissions_is_cid_registered_and_can_it_sign, is covered by "sign_child_lit_action" & "fail_sign_non_hashed_message". // - The original encrypt test wasn't a good integration test - it attempted to compare against a known pubkey, but integration tests generate new keys each time. encrypt & decrypt tests cover this functionality. - #[test_case("broadcast_and_collect", &[LaPC::Broadcasts], &all_response_match, &standard_acc, true, "*", true)] /* Success */ - #[test_case("check_conditions_with_auth_sig", &[LaPC::ContractCalls], &all_response_match, &standard_acc, true, "true", true)] /* Success */ - #[test_case("check_conditions_without_auth_sig", &[LaPC::ContractCalls], &all_response_match, &standard_acc, false, "true", true)] /* Success <<< BUT CHECK */ - #[test_case("current_ipfs_id_substitution", LAPC_DBC, &all_response_match, &ipfs_acc, true, "hello this is a test", true)] /* Success */ - #[test_case("decrypt_and_combine_with_access_denied",LAPC_BC, &action_failed_with_error, &impossible_acc, true, "Access control conditions check failed", false)] /* Success */ - #[test_case("decrypt_and_combine_with_auth_sig", LAPC_DBC, &all_response_match, &standard_acc, true, "hello this is a test", true)] /* Success */ - #[test_case("decrypt_and_combine_without_auth_sig", LAPC_DBC, &all_response_match, &standard_acc, false, "*", true)] - #[test_case("decrypt_to_single_node", LAPC_DBC, &single_valid, &standard_acc, true, "hello this is a test", true)] - #[test_case("get_rpc_url", &[], &all_response_match, &standard_acc,true, "https://api.node.glif.io/rpc/v1", true)] /* local rpc config */ - #[test_case("multiple_sign_and_combine_ecdsa", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] - #[test_case("multiple_sign_and_combine_ed25519", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] - #[test_case("multiple_sign_and_combine_blsg1", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] - #[test_case("run_once_and_collect_responses", &[LaPC::Broadcasts, LaPC::Fetches], &all_response_match, &standard_acc,true, "*", true)] - #[test_case("run_once", &[LaPC::Fetches], &all_response_match, &standard_acc,true, "*", true)] - #[test_case("sign_and_combine_ecdsa", LAPC_SB, &all_response_match, &standard_acc,true, "*", true)] - #[test_case("sign_hello_world", &[LaPC::Signatures], &valid_sign_no_combine, &standard_acc, true, "", false)] - #[test_case("sign_child_lit_action", &[LaPC::Signatures, LaPC::CallDepth], &valid_sign_no_combine, &standard_acc, true, "", false)] - #[test_case("fail_sign_non_hashed_message", &[LaPC::Signatures], &action_failed_with_error, &standard_acc, true, "Message length to be signed is not 32 bytes", false)] + #[test_case(LA_NAGA,"broadcast_and_collect", &[LaPC::Broadcasts], &all_response_match, &standard_acc, true, "*", true)] + #[test_case(LA_NAGA,"check_conditions_with_auth_sig", &[LaPC::ContractCalls], &all_response_match, &standard_acc, true, "true", true)] + #[test_case(LA_NAGA,"check_conditions_without_auth_sig", &[LaPC::ContractCalls], &all_response_match, &standard_acc, false, "true", true)] + #[test_case(LA_NAGA,"current_ipfs_id_substitution", LAPC_DBC, &all_response_match, &ipfs_acc, true, "hello this is a test", true)] + #[test_case(LA_NAGA,"decrypt_and_combine_with_access_denied",LAPC_BC, &action_failed_with_error, &impossible_acc, true, "Access control conditions check failed", false)] + #[test_case(LA_NAGA,"decrypt_and_combine_with_auth_sig", LAPC_DBC, &all_response_match, &standard_acc, true, "hello this is a test", true)] + #[test_case(LA_NAGA,"decrypt_and_combine_without_auth_sig", LAPC_DBC, &all_response_match, &standard_acc, false, "*", true)] + #[test_case(LA_NAGA,"decrypt_to_single_node", LAPC_DBC, &single_valid, &standard_acc, true, "hello this is a test", true)] + #[test_case(LA_NAGA,"get_rpc_url", &[], &all_response_match, &standard_acc,true, "https://api.node.glif.io/rpc/v1", true)] + #[test_case(LA_NAGA,"multiple_sign_and_combine_ecdsa", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] + #[test_case(LA_DATIL,"multiple_sign_and_combine_ecdsa", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] + #[test_case(LA_NAGA,"multiple_sign_and_combine_ed25519", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] + #[test_case(LA_NAGA,"multiple_sign_and_combine_blsg1", LAPC_SB, &valid_sign_and_combine, &standard_acc, true, "", false)] + #[test_case(LA_NAGA,"run_once_and_collect_responses", &[LaPC::Broadcasts, LaPC::Fetches], &all_response_match, &standard_acc,true, "*", true)] + #[test_case(LA_NAGA,"run_once", &[LaPC::Fetches], &all_response_match, &standard_acc,true, "*", true)] + #[test_case(LA_NAGA,"sign_and_combine_ecdsa", LAPC_SB, &all_response_match, &standard_acc,true, "*", true)] + #[test_case(LA_DATIL,"sign_and_combine_ecdsa", LAPC_SB, &all_response_match, &standard_acc,true, "*", true)] + #[test_case(LA_NAGA,"sign_hello_world", &[LaPC::Signatures], &valid_sign_no_combine, &standard_acc, true, "", false)] + #[test_case(LA_DATIL,"sign_hello_world", &[LaPC::Signatures], &valid_sign_no_combine, &standard_acc, true, "", false)] + #[test_case(LA_NAGA,"sign_child_lit_action", &[LaPC::Signatures, LaPC::CallDepth], &valid_sign_no_combine, &standard_acc, true, "", false)] + #[test_case(LA_NAGA,"fail_sign_non_hashed_message", &[LaPC::Signatures], &action_failed_with_error, &standard_acc, true, "Message length to be signed is not 32 bytes", false)] #[tokio::test] // #[ignore] pub async fn lit_action_from_file( + datil_testnet_type: DatilTestnetType, file_name: &str, price_components: &[LitActionPriceComponent], fn_assertion: &dyn Fn( @@ -90,9 +97,21 @@ pub mod litactions { wrap_in_quotes: bool, ) { setup_logging(); - let (testnet, validator_collection, mut end_user) = - TestSetupBuilder::default().force_deploy(true).build().await; + + let is_datil = match datil_testnet_type.clone() { + DatilTestnetType::Default => true, + DatilTestnetType::None => false, + DatilTestnetType::NoKeyOverride => true, + }; + + let (testnet, validator_collection, mut end_user) = TestSetupBuilder::default() + .include_datil_testnet(datil_testnet_type) + .force_deploy(true) // this can be removed once datil is the default. + .build() + .await; + lit_action_from_file_preloaded( + is_datil, price_components, &validator_collection, &testnet, @@ -108,6 +127,7 @@ pub mod litactions { } pub async fn lit_action_from_file_preloaded( + is_datil: bool, price_components: &[LitActionPriceComponent], validator_collection: &ValidatorCollection, _testnet: &Testnet, @@ -149,9 +169,16 @@ pub mod litactions { ) .await; - let (pubkey, _token_id, _eth_address, key_set_id) = end_user.first_pkp().info(); + let (pubkey, _token_id, _eth_address, key_set_id) = match is_datil { + true => { + let pubkey = end_user.new_datil_pkp().await.unwrap().0; + + end_user.pkp_by_pubkey(pubkey).info() + } + false => end_user.first_pkp().info(), + }; - // let (pubkey, _token_id, _eth_address) = end_user.new_datil_pkp().await.unwrap(); + info!("key_set_id: {}", key_set_id); let lit_action_code = data_encoding::BASE64.encode(lit_action_code.as_bytes()); // per above, there are more params than needed for some actions, but they are ignored @@ -160,6 +187,7 @@ pub mod litactions { js_params.insert("sigName".to_string(), "sig1".into()); js_params.insert("ciphertext".to_string(), ciphertext.into()); js_params.insert("dataToEncryptHash".to_string(), data_to_encrypt_hash.into()); + js_params.insert("keySetId".to_string(), key_set_id.clone().into()); js_params.insert( "accessControlConditions".to_string(), serde_json::to_value(access_control_conditions.unwrap()).unwrap(), @@ -186,7 +214,7 @@ pub mod litactions { js_params, auth_methods, epoch, - &key_set_id, + key_set_id, ) .await; @@ -678,7 +706,8 @@ pub mod litactions { let ipfs_cid = "QmRwN9GKHvCn4Vk7biqtr6adjXMs7PzzYPCzNCRjPFiDjm"; - let (testnet, validator_collection, end_user) = TestSetupBuilder::default().build().await; + let (testnet, validator_collection, end_user) = + TestSetupBuilder::default().force_deploy(true).build().await; let node_set = validator_collection.random_threshold_nodeset().await; let node_set = get_identity_pubkeys_from_node_set(&node_set).await; let realm_id = ethers::types::U256::from(1); @@ -707,6 +736,7 @@ pub mod litactions { ); js_params.insert("publicKey".to_string(), mgb_pubkey.into()); js_params.insert("sigName".to_string(), "sig1".into()); + js_params.insert("keySetId".to_string(), key_set_id.clone().into()); let params = js_params.clone(); let js_params = Some(serde_json::Value::Object(js_params)); @@ -794,7 +824,7 @@ pub mod litactions { None, &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -805,7 +835,8 @@ pub mod litactions { #[tokio::test] async fn sign_as_action() { setup_logging(); - let (_testnet, validator_collection, end_user) = TestSetupBuilder::default().build().await; + let (_testnet, validator_collection, end_user) = + TestSetupBuilder::default().force_deploy(true).build().await; let file_with_path = "./tests/lit_action_scripts/sign_as_lit_action.js"; let lit_action_code = std::fs::read_to_string(file_with_path).unwrap(); let action_ipfs_id = lit_sdk::compute_ipfs_hash(&lit_action_code); @@ -863,6 +894,7 @@ pub mod litactions { } else { 32 }; + let key_set_id = key_set_id.clone(); let mut js_params = js_params.clone(); js_params.insert( "signingScheme".to_string(), @@ -879,7 +911,7 @@ pub mod litactions { js_params, None, epoch.as_u64(), - &key_set_id, + key_set_id.clone(), ) .await .unwrap(); @@ -952,7 +984,7 @@ pub mod litactions { pk_params, None, epoch.as_u64(), - &key_set_id, + key_set_id.clone(), ) .await .unwrap(); @@ -1000,7 +1032,7 @@ pub mod litactions { pk_params, None, epoch.as_u64(), - &key_set_id, + key_set_id.clone(), ) .await .unwrap(); diff --git a/rust/lit-node/lit-node/tests/integration/session_sigs.rs b/rust/lit-node/lit-node/tests/integration/session_sigs.rs index 8ca6dd78..756a0c16 100644 --- a/rust/lit-node/lit-node/tests/integration/session_sigs.rs +++ b/rust/lit-node/lit-node/tests/integration/session_sigs.rs @@ -391,7 +391,7 @@ async fn sign_lit_actions_with_lit_action_session_sig() { .unwrap() ); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( VALID_PKP_SIGNING_LIT_ACTION_CODE.to_string(), pubkey, key_set_id.clone(), @@ -406,7 +406,7 @@ async fn sign_lit_actions_with_lit_action_session_sig() { auth_methods, // None &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -485,7 +485,7 @@ async fn only_permitted_can_sign_with_lit_action_session_sig() { .await .expect("Could not get session sigs"); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( VALID_PKP_SIGNING_LIT_ACTION_CODE.to_string(), pubkey.clone(), key_set_id.clone(), @@ -500,7 +500,7 @@ async fn only_permitted_can_sign_with_lit_action_session_sig() { auth_methods, // None &session_sigs_and_node_set, epoch, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -586,6 +586,11 @@ async fn sign_lit_actions_with_custom_auth_resource_lit_action_session_sig() { .await .expect("Could not get session sigs"); + info!( + "Session sigs returned: {:?}", + session_sigs_and_node_set.len() + ); + // For signing inside Lit Actions i.e. signing anything assert!( pkp.add_permitted_action_to_pkp( @@ -596,7 +601,7 @@ async fn sign_lit_actions_with_custom_auth_resource_lit_action_session_sig() { .unwrap() ); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( CUSTOM_AUTH_RESOURCE_VALID_PKP_SIGNING_LIT_ACTION_CODE.to_string(), pubkey, key_set_id.clone(), @@ -611,7 +616,7 @@ async fn sign_lit_actions_with_custom_auth_resource_lit_action_session_sig() { auth_methods, // None &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -770,7 +775,7 @@ async fn sign_lit_actions_with_no_auth_method_lit_action_session_sig() { .unwrap() ); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( NO_AUTH_METHOD_PKP_SIGNING_LIT_ACTION_CODE.to_string(), pubkey, key_set_id.clone(), @@ -785,7 +790,7 @@ async fn sign_lit_actions_with_no_auth_method_lit_action_session_sig() { auth_methods, // None &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -883,7 +888,7 @@ async fn execute_js_with_eoa_session_sigs() { None, ); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( HELLO_WORLD_LIT_ACTION_CODE.to_string(), pubkey, key_set_id.clone(), @@ -898,7 +903,7 @@ async fn execute_js_with_eoa_session_sigs() { auth_methods, // None &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id, ) .await .expect("Could not execute lit action"); @@ -1107,7 +1112,7 @@ async fn test_v1_endpoints_api_constraints() { ); info!("Starting test: Can't provide Authsig to execute_js"); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( HELLO_WORLD_LIT_ACTION_CODE.to_string(), pubkey.clone(), key_set_id.clone(), @@ -1130,14 +1135,14 @@ async fn test_v1_endpoints_api_constraints() { auth_methods, // None auth_sig.clone(), epoch, - &key_set_id, + key_set_id.clone(), ) .await; assert!(!execute_resp[0].ok); info!("Starting test: Can't provide AuthMethod to execute_js"); - let (lit_action_code, ipfs_id, js_params, _auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, _auth_methods) = lit_action_params( HELLO_WORLD_LIT_ACTION_CODE.to_string(), pubkey, key_set_id.clone(), @@ -1158,7 +1163,7 @@ async fn test_v1_endpoints_api_constraints() { auth_methods, auth_sig, epoch, - &key_set_id, + key_set_id.clone(), ) .await; @@ -1341,8 +1346,8 @@ pub async fn session_sig_only_mbg_pkp() { end_user.deposit_to_pkp_ledger(&mgb_pkp, fund_balance).await; let auth_pubkey = mgb_pkp.pubkey; - let key_set_id = mgb_pkp.key_set_id; let auth_eth_address = mgb_pkp.eth_address; + let key_set_id = mgb_pkp.key_set_id; info!( "Funded MGB PKP {:?} with {:?}", @@ -1438,7 +1443,7 @@ pub async fn session_sig_only_mbg_pkp() { None, &session_sigs_and_node_set, 2, - &key_set_id, + key_set_id.clone(), ) .await .expect("Could not execute lit action"); @@ -1501,7 +1506,7 @@ async fn explicit_resource_permission_required_for_lit_action() { None, ); - let (lit_action_code, ipfs_id, js_params, auth_methods, key_set_id) = lit_action_params( + let (lit_action_code, ipfs_id, js_params, auth_methods) = lit_action_params( SIGN_ECDSA_LIT_ACTION_CODE.to_string(), pubkey.clone(), key_set_id.clone(), @@ -1516,7 +1521,7 @@ async fn explicit_resource_permission_required_for_lit_action() { auth_methods, // None &session_sigs, 2, - &key_set_id, + key_set_id.clone(), ) .await .expect("Could not execute lit action"); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/current_ipfs_id_substitution.js b/rust/lit-node/lit-node/tests/lit_action_scripts/current_ipfs_id_substitution.js index 18fbe7ad..ef0782a5 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/current_ipfs_id_substitution.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/current_ipfs_id_substitution.js @@ -5,6 +5,7 @@ dataToEncryptHash, authSig: null, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(resp) }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_access_denied.js b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_access_denied.js index 18fbe7ad..ef0782a5 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_access_denied.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_access_denied.js @@ -5,6 +5,7 @@ dataToEncryptHash, authSig: null, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(resp) }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_auth_sig.js b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_auth_sig.js index ccb8bd64..c82c9ce3 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_auth_sig.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_with_auth_sig.js @@ -5,6 +5,7 @@ dataToEncryptHash, authSig, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(resp) }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_without_auth_sig.js b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_without_auth_sig.js index 86e3f787..aa4b384e 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_without_auth_sig.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_and_combine_without_auth_sig.js @@ -6,6 +6,7 @@ dataToEncryptHash, authSig: null, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(resp) }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_to_single_node.js b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_to_single_node.js index 7da6f424..2ad4fb94 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_to_single_node.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/decrypt_to_single_node.js @@ -6,6 +6,7 @@ dataToEncryptHash, authSig, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(resp) }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt.js b/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt.js index 146cce1b..b546a1e2 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt.js @@ -5,6 +5,7 @@ const { ciphertext, dataToEncryptHash } = await Lit.Actions.encrypt({ accessControlConditions, to_encrypt, + keySetId, }); Lit.Actions.setResponse({ response: ciphertext }); })(); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt_and_decrypt.js b/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt_and_decrypt.js index 9b812815..af42431f 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt_and_decrypt.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/encrypt_and_decrypt.js @@ -10,6 +10,7 @@ const { ciphertext, dataToEncryptHash } = await Lit.Actions.encrypt({ accessControlConditions, to_encrypt, + keySetId, }); // console.log('ciphertext in runOnce:', ciphertext); // console.log('dataToEncryptHash in runOnce:', dataToEncryptHash); @@ -27,6 +28,7 @@ dataToEncryptHash, authSig: null, chain: 'ethereum', + keySetId, }); Lit.Actions.setResponse({ response: decrypted }); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/fail_sign_non_hashed_message.js b/rust/lit-node/lit-node/tests/lit_action_scripts/fail_sign_non_hashed_message.js index c1a2c928..696b88a8 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/fail_sign_non_hashed_message.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/fail_sign_non_hashed_message.js @@ -3,6 +3,7 @@ const go = async () => { let utf8Encode = new TextEncoder(); const toSign = utf8Encode.encode('Hello World'); - const sigShare = await LitActions.signEcdsa({ toSign, publicKey, sigName }); + const sigShare = await LitActions.signEcdsa({ toSign, publicKey, sigName, keySetId }); + Lit.Actions.setResponse({ response: JSON.stringify(sigShare) }); }; go(); \ No newline at end of file diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_blsg1.js b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_blsg1.js index 329d11c4..9b2599f0 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_blsg1.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_blsg1.js @@ -4,6 +4,7 @@ publicKey, sigName: 'sig1', signingScheme: 'Bls12381G1ProofOfPossession', + keySetId, }); const sig2 = await Lit.Actions.signAndCombine({ @@ -11,6 +12,7 @@ publicKey, sigName: 'sig2', signingScheme: 'Bls12381G1ProofOfPossession', + keySetId, }); const sigs = { diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ecdsa.js b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ecdsa.js index f62a62b5..c601daf3 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ecdsa.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ecdsa.js @@ -5,6 +5,7 @@ ), publicKey, sigName: 'sig1', + keySetId, }); const sig2 = await Lit.Actions.signAndCombineEcdsa({ @@ -13,6 +14,7 @@ ), publicKey, sigName: 'sig2', + keySetId, }); const sigs = { diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ed25519.js b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ed25519.js index 3ba6def8..6a4abf2a 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ed25519.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/multiple_sign_and_combine_ed25519.js @@ -4,6 +4,7 @@ publicKey, sigName: 'sig1', signingScheme: 'SchnorrEd25519Sha512', + keySetId, }); const sig2 = await Lit.Actions.signAndCombine({ @@ -11,6 +12,7 @@ publicKey, sigName: 'sig2', signingScheme: 'SchnorrEd25519Sha512', + keySetId, }); const sigs = { diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_and_combine_ecdsa.js b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_and_combine_ecdsa.js index b9b590e0..6747492f 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_and_combine_ecdsa.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_and_combine_ecdsa.js @@ -7,6 +7,7 @@ toSign, publicKey, sigName, + keySetId, }); Lit.Actions.setResponse({ response: JSON.stringify(signature) }); diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_child_lit_action.js b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_child_lit_action.js index 834ea6f2..d5b446ec 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_child_lit_action.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_child_lit_action.js @@ -4,7 +4,7 @@ const go = async () => { const _ = await Lit.Actions.call({ ipfsId: 'QmRwN9GKHvCn4Vk7biqtr6adjXMs7PzzYPCzNCRjPFiDjm', params: { toSign: Array.from(toSign), publicKey, - sigName + sigName, }}); }; go(); \ No newline at end of file diff --git a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_hello_world.js b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_hello_world.js index 6f440162..d6d26106 100644 --- a/rust/lit-node/lit-node/tests/lit_action_scripts/sign_hello_world.js +++ b/rust/lit-node/lit-node/tests/lit_action_scripts/sign_hello_world.js @@ -10,6 +10,7 @@ const go = async () => { const toSign = ethers.utils.arrayify( ethers.utils.keccak256(utf8Encode.encode('Hello World')) ); - const sigShare = await LitActions.signEcdsa({ toSign, publicKey, sigName }); + const sigShare = await LitActions.signEcdsa({ toSign, publicKey, sigName, keySetId }); + Lit.Actions.setResponse({ response: JSON.stringify(sigShare) }); }; go(); \ No newline at end of file