additional fixes

Author: barakeinav1

crates/attestation/src/report_data.rs

@@ -1,9 +1,9 @@
+use alloc::vec;
 use borsh::{BorshDeserialize, BorshSerialize};
 use derive_more::Constructor;
 use near_sdk::PublicKey;
 use serde::{Deserialize, Serialize};
 use sha3::{Digest, Sha3_384};
-use alloc::vec;
 
 /// Number of bytes for the report data.
 const REPORT_DATA_SIZE: usize = 64;
@@ -108,10 +108,11 @@ pub enum ReportData {
 }
 
 impl ReportData {
-   pub fn new(tls_public_key: PublicKey, account_public_key: Option<PublicKey>) -> Self {
+    pub fn new(tls_public_key: PublicKey, account_public_key: Option<PublicKey>) -> Self {
         let account_pk = account_public_key.unwrap_or_else(|| {
-            //TODO (#823) Construct a "zero" public key. will not be used in practice, only for backward compatibility. remove this code once that network enforces real attestation  
-            PublicKey::from_parts(near_sdk::CurveType::ED25519, vec![0u8; 32]).expect("valid zero PublicKey")
+            //TODO (#823) Construct a "zero" public key. will not be used in practice, only for backward compatibility. remove this code once that network enforces real attestation
+            PublicKey::from_parts(near_sdk::CurveType::ED25519, vec![0u8; 32])
+                .expect("valid zero PublicKey")
         });
 
         ReportData::V1(ReportDataV1::new(tls_public_key, account_pk))

crates/attestation/tests/test_attestation_verification.rs

@@ -6,7 +6,7 @@ use mpc_primitives::hash::{LauncherDockerComposeHash, MpcDockerImageHash};
 use near_sdk::PublicKey;
 use rstest::rstest;
 use test_utils::attestation::{
-    image_digest, launcher_compose_digest, mock_dstack_attestation, p2p_tls_key, account_key,
+    account_key, image_digest, launcher_compose_digest, mock_dstack_attestation, p2p_tls_key,
 };
 
 #[rstest]
@@ -23,7 +23,7 @@ fn test_mock_attestation_verify(
     let account_key = "ed25519:5v8Y8ZLoxZzCVtYpjh1cYdFrRh1p9EXAMPLEaQJ5sP4o"
         .parse()
         .unwrap();
-    let report_data = ReportData::V1(ReportDataV1::new(tls_key,account_key));
+    let report_data = ReportData::V1(ReportDataV1::new(tls_key, account_key));
     let attestation = Attestation::Mock(local_attestation);
 
     assert_eq!(
@@ -38,7 +38,7 @@ fn test_verify_method_signature() {
     let tls_key: PublicKey = p2p_tls_key();
     let account_key: PublicKey = account_key();
 
-    let report_data = ReportData::V1(ReportDataV1::new(tls_key,account_key));
+    let report_data = ReportData::V1(ReportDataV1::new(tls_key, account_key));
     let timestamp_s = 1755186041_u64;
 
     let allowed_mpc_image_digest: MpcDockerImageHash = image_digest();

crates/contract/src/lib.rs

@@ -518,7 +518,7 @@ impl MpcContract {
     pub fn respond_ckd(&mut self, request: CKDRequest, response: CKDResponse) -> Result<(), Error> {
         let signer = env::signer_account_id();
         log!("respond_ckd: signer={}, request={:?}", &signer, &request);
-        
+
         self.tee_state.assert_caller_is_attested_node();
 
         if !self.protocol_state.is_running_or_resharing() {
@@ -720,7 +720,7 @@ impl MpcContract {
     #[handle_result]
     pub fn start_keygen_instance(&mut self, key_event_id: KeyEventId) -> Result<(), Error> {
         log!("start_keygen_instance: signer={}", env::signer_account_id(),);
-        
+
         self.tee_state.assert_caller_is_attested_node();
 
         self.protocol_state
@@ -754,7 +754,7 @@ impl MpcContract {
             key_event_id,
             public_key,
         );
-        
+
         self.tee_state.assert_caller_is_attested_node();
 
         let extended_key =
@@ -779,7 +779,7 @@ impl MpcContract {
             "start_reshare_instance: signer={}",
             env::signer_account_id()
         );
-        
+
         self.tee_state.assert_caller_is_attested_node();
         self.protocol_state
             .start_reshare_instance(key_event_id, self.config.key_event_timeout_blocks)
@@ -805,7 +805,7 @@ impl MpcContract {
             env::signer_account_id(),
             key_event_id,
         );
-        
+
         self.tee_state.assert_caller_is_attested_node();
         let resharing_concluded =
             if let Some(new_state) = self.protocol_state.vote_reshared(key_event_id)? {
@@ -883,7 +883,7 @@ impl MpcContract {
             "vote_abort_key_event_instance: signer={}",
             env::signer_account_id()
         );
-        
+
         self.tee_state.assert_caller_is_attested_node();
         self.protocol_state
             .vote_abort_key_event_instance(key_event_id)

crates/contract/src/primitives/participants.rs

@@ -203,7 +203,9 @@ impl Participants {
             self.participants.remove(pos);
         }
     }
-
+    /// Returns the set of NodeIds corresponding to the participants.
+    /// Note that the account_public_key field in NodeId is None.
+    /// This is because NodeId is used in contexts where account_public_key is not needed.  
     pub fn get_node_ids(&self) -> BTreeSet<NodeId> {
         self.participants()
             .iter()

crates/contract/src/state/key_event.rs

@@ -105,7 +105,7 @@ impl KeyEvent {
             .as_mut()
             .unwrap()
             .vote_success(candidate, public_key)?
-        {   
+        {
             VoteSuccessResult::Voted(count) => {
                 if count == self.parameters.participants().len() {
                     Ok(true)

crates/contract/src/tee/tee_state.rs

@@ -96,7 +96,7 @@ impl TeeState {
                 let node_id = NodeId {
                     account_id: account_id.clone(),
                     tls_public_key: participant_info.sign_pk.clone(),
-                    account_public_key: None, 
+                    account_public_key: None,
                 };
 
                 participants_attestations
@@ -285,7 +285,7 @@ impl TeeState {
             .map(|(account_id, _, p_info)| NodeId {
                 account_id: account_id.clone(),
                 tls_public_key: p_info.sign_pk.clone(),
-                account_public_key: None,
+                account_public_key: None, //mapping to NodeId without account_public_key.
             })
             .collect();
 

crates/contract/tests/inprocess/expired_attestation.rs

@@ -183,7 +183,7 @@ fn test_participant_kickout_after_expiration() {
     let third_node = NodeId {
         account_id: setup.participants_list[2].0.clone(),
         tls_public_key: setup.participants_list[2].2.sign_pk.clone(),
-        account_public_key: Some(bogus_ed25519_near_public_key()),   
+        account_public_key: Some(bogus_ed25519_near_public_key()),
     };
 
     setup.submit_attestation_for_node(&third_node, expiring_attestation);

crates/node/src/cli.rs

@@ -238,14 +238,15 @@ impl StartCmd {
         let secrets =
             SecretsConfig::from_parts(&self.secret_store_key_hex, persistent_secrets.clone())?;
 
-                 
         // Generate attestation
         let tee_authority = TeeAuthority::try_from(self.tee_authority.clone())?;
         let tls_public_key = &secrets.persistent_secrets.p2p_private_key.verifying_key();
-        let account_public_key =  &secrets.persistent_secrets.near_signer_key.verifying_key();
-          
-        let report_data = ReportData::new(tls_public_key.clone().to_near_sdk_public_key()?,
-         Some(account_public_key.clone().to_near_sdk_public_key()?));
+        let account_public_key = &secrets.persistent_secrets.near_signer_key.verifying_key();
+
+        let report_data = ReportData::new(
+            tls_public_key.clone().to_near_sdk_public_key()?,
+            Some(account_public_key.clone().to_near_sdk_public_key()?),
+        );
         let attestation = tee_authority.generate_attestation(report_data).await?;
 
         // Create communication channels and runtime
@@ -394,9 +395,13 @@ impl StartCmd {
         // Spawn periodic attestation submission task
         let tx_sender_clone = indexer_api.txn_sender.clone();
         tokio::spawn(async move {
-            if let Err(e) =
-                periodic_attestation_submission(tee_authority, tx_sender_clone, tls_public_key,account_public_key)
-                    .await
+            if let Err(e) = periodic_attestation_submission(
+                tee_authority,
+                tx_sender_clone,
+                tls_public_key,
+                account_public_key,
+            )
+            .await
             {
                 tracing::error!(
                     error = ?e,

crates/node/src/indexer/fake.rs

@@ -256,7 +256,6 @@ pub fn participant_info_from_config(info: &config::ParticipantInfo) -> Participa
     ParticipantInfo {
         sign_pk: info.p2p_public_key.to_near_sdk_public_key().unwrap(),
         url: format!("http://{}:{}", info.address, info.port),
-        
     }
 }
 

crates/node/src/tee/remote_attestation.rs

@@ -117,7 +117,10 @@ async fn periodic_attestation_submission_with_interval<T: TransactionSender + Cl
         let tls_sdk_public_key = tls_public_key.to_near_sdk_public_key()?;
         let account_sdk_public_key = account_public_key.to_near_sdk_public_key()?;
 
-        let report_data = ReportData::new(tls_sdk_public_key.clone(),Some(account_sdk_public_key.clone()));
+        let report_data = ReportData::new(
+            tls_sdk_public_key.clone(),
+            Some(account_sdk_public_key.clone()),
+        );
         let fresh_attestation = match tee_authority.generate_attestation(report_data).await {
             Ok(attestation) => attestation,
             Err(error) => {
@@ -223,10 +226,13 @@ mod tests {
         let mut rng = rand::rngs::StdRng::seed_from_u64(42);
         let key = SigningKey::generate(&mut rng).verifying_key();
 
+        let account_key = SigningKey::generate(&mut rng).verifying_key();
+
         let handle = tokio::spawn(periodic_attestation_submission_with_interval(
             tee_authority,
             sender.clone(),
             key,
+            account_key,
             MockTicker::new(TEST_SUBMISSION_COUNT),
         ));