logos-blockchain/lssa
1
0
Fork 0
mirror of https://github.com/logos-blockchain/lssa.git synced 2026-05-16 14:49:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
lssa/test_program_methods/guest/src/bin/auth_asserting_noop.rs

41 lines
1.1 KiB
Rust
Raw Normal View History

test: exercise callee authorization in private-PDA delegation tests Addresses the following review comments: - "Shouldn't we use a program that checks authorization in this test as callee? If not, I'm not sure if we are fully testing what the test docs describe (namely, that the callee got the input account with is_authorized=true). Maybe add a variant of the noop that checks the input account is authorized." I added test_program_methods/guest/src/bin/auth_asserting_noop.rs: same shape as noop.rs except it asserts pre.is_authorized == true for every pre_state before echoing the post_states. Any unauthorized pre_state panics the guest, failing the whole circuit proof. I added Program::auth_asserting_noop() as the matching helper. In caller_pda_seeds_authorize_private_pda_for_callee and caller_pda_seeds_with_wrong_seed_rejects_private_pda_for_callee, I swapped Program::noop() for Program::auth_asserting_noop() as the callee. The positive test now proves the callee actually sees is_authorized=true, not just that the circuit's consistency check did not reject. The negative test doubles its evidence, both the circuit's authorization reconciliation and the callee guest would now reject a wrong-seed delegation. - "This branching logic is only correct because we are not supporting non-authorized private accounts with non-default values. Likely to be changed in the future. I'm sure there's use cases for this. For example the multisig program if ran completely private it would need a private non-default and non-authorized input account." Agreed. Supporting this needs wallet-supplied `(seed, owner)` side input so the npk-to-account_id binding can be re-verified for an existing private PDA without a fresh Claim::Pda or a caller pda_seeds match. I handled this in the second PR. I added a TODO(private-pdas-pr-2/3) marker on the `else` branch in privacy_preserving_circuit.rs:3 => { ... } so the constraint is visible to future maintainers, along with a comment noting the multisig use case.
2026-04-21 02:08:02 +02:00
use nssa_core::program::{AccountPostState, ProgramInput, ProgramOutput, read_nssa_inputs};
/// A variant of `noop` that asserts every `pre_state.is_authorized == true` before echoing
/// the `post_states`. Any unauthorized `pre_state` panics the guest, failing the whole
/// circuit proof. Used as a callee in private-PDA delegation tests to actually exercise the
/// authorization propagated through `ChainedCall.pda_seeds`.
type Instruction = ();
fn main() {
let (
ProgramInput {
self_program_id,
caller_program_id,
pre_states,
..
},
instruction_words,
) = read_nssa_inputs::<Instruction>();
for pre in &pre_states {
assert!(
pre.is_authorized,
"auth_asserting_noop: pre_state {} is not authorized",
pre.account_id
);
}
let post_states = pre_states
.iter()
.map(|account| AccountPostState::new(account.account.clone()))
.collect();
ProgramOutput::new(
self_program_id,
caller_program_id,
instruction_words,
pre_states,
post_states,
)
.write();
}
Reference in New Issue Copy Permalink