Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Add 5 retries before moving on to rotate keys #239

Merged
merged 2 commits into from
Aug 3, 2023
Merged

fix: Add 5 retries before moving on to rotate keys #239

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4e13d2c
Add 5 retries before moving on to rotate keys
ChaoticTempest Aug 2, 2023
101e82a
Merge branch 'develop' of github.com:near/mpc-recovery into phuong/fi…
ChaoticTempest Aug 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions integration-tests/src/containers.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -382,7 +382,7 @@ pub struct SignerNodeApi {
pub address: String,
pub node_id: usize,
pub sk_share: ExpandedKeyPair,
pub cipher_key: Aes256Gcm,
pub cipher_key: GenericArray<u8, U32>,
pub gcp_project_id: String,
pub gcp_datastore_local_url: String,
}
Expand Down Expand Up @@ -464,7 +464,7 @@ impl<'a> SignerNode<'a> {
address: self.local_address.clone(),
node_id: self.node_id,
sk_share: self.sk_share.clone(),
cipher_key: Aes256Gcm::new(&self.cipher_key),
cipher_key: self.cipher_key,
gcp_project_id: self.gcp_project_id.clone(),
gcp_datastore_local_url: self.gcp_datastore_local_url.clone(),
}
Expand Down Expand Up @@ -492,12 +492,12 @@ impl SignerNodeApi {
.await?;

let new_cipher = Aes256Gcm::new(new_cipher_key);
let old_cipher = &self.cipher_key;
let old_cipher = Aes256Gcm::new(&self.cipher_key);

// Do inplace rotation of node key
mpc_recovery::sign_node::migration::rotate_cipher(
self.node_id,
old_cipher,
&old_cipher,
&new_cipher,
&gcp_service,
&gcp_service,
Expand Down
17 changes: 16 additions & 1 deletion integration-tests/tests/mpc/positive.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,22 @@ async fn test_rotate_node_keys() -> anyhow::Result<()> {
.collect::<HashMap<_, _>>();

// Generate a new set of ciphers to rotate out each node:
let mpc_recovery::GenerateResult { secrets, .. } = mpc_recovery::generate(3);
let mut counter = 0;
let mpc_recovery::GenerateResult { secrets, .. } = loop {
let result = mpc_recovery::generate(3);
let all_diff = result.secrets.iter().zip(ctx.signer_nodes.iter()).all(|((_, new_cipher), signer_node)| {
signer_node.cipher_key != *new_cipher
});

if all_diff {
break result;
}

counter += 1;
if counter == 5 {
panic!("Failed to generate a new set of ciphers after 5 tries");
}
};

let mut ciphers = HashMap::new();
// Rotate out with new the cipher.
Expand Down