diff --git a/ci_scripts/test-ubuntu.sh b/ci_scripts/test-ubuntu.sh index 78761df..2aeba86 100755 --- a/ci_scripts/test-ubuntu.sh +++ b/ci_scripts/test-ubuntu.sh @@ -4,7 +4,7 @@ curl -L https://risczero.com/install | bash /home/runner/.risc0/bin/rzup install source env.sh -RISC0_DEV_MODE=1 cargo test --release +RISC0_DEV_MODE=1 cargo test --release --features no_docker cd integration_tests export NSSA_WALLET_HOME_DIR=$(pwd)/configs/debug/wallet/ diff --git a/common/src/rpc_primitives/requests.rs b/common/src/rpc_primitives/requests.rs index 94c2ddc..91596e6 100644 --- a/common/src/rpc_primitives/requests.rs +++ b/common/src/rpc_primitives/requests.rs @@ -1,8 +1,11 @@ +use std::collections::HashMap; + use crate::parse_request; use super::errors::RpcParseError; use super::parser::RpcRequest; use super::parser::parse_params; +use nssa_core::program::ProgramId; use serde::{Deserialize, Serialize}; use serde_json::Value; @@ -58,6 +61,9 @@ pub struct GetProofForCommitmentRequest { pub commitment: nssa_core::Commitment, } +#[derive(Serialize, Deserialize, Debug)] +pub struct GetProgramIdsRequest {} + parse_request!(HelloRequest); parse_request!(RegisterAccountRequest); parse_request!(SendTxRequest); @@ -70,6 +76,7 @@ parse_request!(GetTransactionByHashRequest); parse_request!(GetAccountsNoncesRequest); parse_request!(GetProofForCommitmentRequest); parse_request!(GetAccountRequest); +parse_request!(GetProgramIdsRequest); #[derive(Serialize, Deserialize, Debug)] pub struct HelloResponse { @@ -126,3 +133,8 @@ pub struct GetAccountResponse { pub struct GetProofForCommitmentResponse { pub membership_proof: Option, } + +#[derive(Serialize, Deserialize, Debug)] +pub struct GetProgramIdsResponse { + pub program_ids: HashMap, +} diff --git a/common/src/sequencer_client/mod.rs b/common/src/sequencer_client/mod.rs index 3c27cae..ac5a64b 100644 --- a/common/src/sequencer_client/mod.rs +++ b/common/src/sequencer_client/mod.rs @@ -1,16 +1,20 @@ +use std::collections::HashMap; + use super::rpc_primitives::requests::{ GetAccountBalanceRequest, GetAccountBalanceResponse, GetBlockDataRequest, GetBlockDataResponse, GetGenesisIdRequest, GetGenesisIdResponse, GetInitialTestnetAccountsRequest, }; use anyhow::Result; use json::{SendTxRequest, SendTxResponse, SequencerRpcRequest, SequencerRpcResponse}; +use nssa_core::program::ProgramId; use reqwest::Client; use serde_json::Value; use crate::rpc_primitives::requests::{ GetAccountRequest, GetAccountResponse, GetAccountsNoncesRequest, GetAccountsNoncesResponse, - GetLastBlockRequest, GetLastBlockResponse, GetProofForCommitmentRequest, - GetProofForCommitmentResponse, GetTransactionByHashRequest, GetTransactionByHashResponse, + GetLastBlockRequest, GetLastBlockResponse, GetProgramIdsRequest, GetProgramIdsResponse, + GetProofForCommitmentRequest, GetProofForCommitmentResponse, GetTransactionByHashRequest, + GetTransactionByHashResponse, }; use crate::sequencer_client::json::AccountInitialData; use crate::transaction::{EncodedTransaction, NSSATransaction}; @@ -250,4 +254,24 @@ impl SequencerClient { Ok(resp_deser) } + + // Get Ids of the programs used by the node + pub async fn get_program_ids( + &self, + ) -> Result, SequencerClientError> { + let acc_req = GetProgramIdsRequest {}; + + let req = serde_json::to_value(acc_req).unwrap(); + + let resp = self + .call_method_with_payload("get_program_ids", req) + .await + .unwrap(); + + let resp_deser = serde_json::from_value::(resp) + .unwrap() + .program_ids; + + Ok(resp_deser) + } } diff --git a/common/src/transaction.rs b/common/src/transaction.rs index fd38138..5332e5c 100644 --- a/common/src/transaction.rs +++ b/common/src/transaction.rs @@ -1,11 +1,8 @@ use borsh::{BorshDeserialize, BorshSerialize}; -use generic_array::GenericArray; use k256::ecdsa::{Signature, SigningKey, VerifyingKey}; use log::info; use serde::{Deserialize, Serialize}; -use sha2::digest::typenum::{B0, B1}; -use sha2::digest::typenum::{UInt, UTerm}; use sha2::{Digest, digest::FixedOutput}; #[derive(Debug, Clone, PartialEq, Eq)] @@ -29,7 +26,6 @@ impl From for NSSATransaction { use crate::TreeHashType; pub type CipherText = Vec; -pub type Nonce = GenericArray, B1>, B0>, B0>>; pub type Tag = u8; #[derive( diff --git a/integration_tests/Cargo.toml b/integration_tests/Cargo.toml index db2dfeb..f7bd131 100644 --- a/integration_tests/Cargo.toml +++ b/integration_tests/Cargo.toml @@ -36,3 +36,4 @@ path = "../common" [dependencies.nssa] path = "../nssa" +features = ["no_docker"] diff --git a/integration_tests/src/lib.rs b/integration_tests/src/lib.rs index 2c89fbd..02ac7ba 100644 --- a/integration_tests/src/lib.rs +++ b/integration_tests/src/lib.rs @@ -1402,6 +1402,36 @@ pub async fn test_pinata() { info!("Success!"); } +pub async fn test_authenticated_transfer_initialize_function() { + info!("test initialize account for authenticated transfer"); + let command = Command::AuthenticatedTransferInitializePublicAccount {}; + + let SubcommandReturnValue::RegisterAccount { addr } = + wallet::execute_subcommand(command).await.unwrap() + else { + panic!("Error creating account"); + }; + + info!("Checking correct execution"); + let wallet_config = fetch_config().await.unwrap(); + let seq_client = SequencerClient::new(wallet_config.sequencer_addr.clone()).unwrap(); + let account = seq_client + .get_account(addr.to_string()) + .await + .unwrap() + .account; + + let expected_program_owner = Program::authenticated_transfer_program().id(); + let expected_nonce = 1; + let expected_balance = 0; + + assert_eq!(account.program_owner, expected_program_owner); + assert_eq!(account.balance, expected_balance); + assert_eq!(account.nonce, expected_nonce); + assert!(account.data.is_empty()); + info!("Success!"); +} + pub async fn test_pinata_private_receiver() { info!("test_pinata_private_receiver"); let pinata_addr = "cafe".repeat(16); @@ -1606,6 +1636,9 @@ pub async fn main_tests_runner() -> Result<()> { "test_pinata" => { test_cleanup_wrap!(home_dir, test_pinata); } + "test_authenticated_transfer_initialize_function" => { + test_cleanup_wrap!(home_dir, test_authenticated_transfer_initialize_function); + } "test_pinata_private_receiver" => { test_cleanup_wrap!(home_dir, test_pinata_private_receiver); } @@ -1634,6 +1667,7 @@ pub async fn main_tests_runner() -> Result<()> { test_cleanup_wrap!(home_dir, test_success_move_to_another_account); test_cleanup_wrap!(home_dir, test_success); test_cleanup_wrap!(home_dir, test_failure); + test_cleanup_wrap!(home_dir, test_get_account); test_cleanup_wrap!(home_dir, test_success_two_transactions); test_cleanup_wrap!(home_dir, test_success_token_program); test_cleanup_wrap!( @@ -1660,9 +1694,12 @@ pub async fn main_tests_runner() -> Result<()> { home_dir, test_success_private_transfer_to_another_owned_account_claiming_path ); + test_cleanup_wrap!(home_dir, test_success_token_program_shielded_owned); test_cleanup_wrap!(home_dir, test_pinata); + test_cleanup_wrap!(home_dir, test_authenticated_transfer_initialize_function); test_cleanup_wrap!(home_dir, test_pinata_private_receiver); test_cleanup_wrap!(home_dir, test_success_token_program_private_owned); + test_cleanup_wrap!(home_dir, test_success_token_program_deshielded_owned); test_cleanup_wrap!(home_dir, test_success_token_program_private_claiming_path); test_cleanup_wrap!(home_dir, test_pinata_private_receiver_new_account); test_cleanup_wrap!( diff --git a/nssa/Cargo.toml b/nssa/Cargo.toml index 93553a8..a86bd98 100644 --- a/nssa/Cargo.toml +++ b/nssa/Cargo.toml @@ -7,7 +7,7 @@ edition = "2024" thiserror = "2.0.12" risc0-zkvm = { version = "3.0.3", features = ['std'] } nssa-core = { path = "core", features = ["host"] } -program-methods = { path = "program_methods" } +program-methods = { path = "program_methods", optional = true } serde = "1.0.219" sha2 = "0.10.9" secp256k1 = "0.31.1" @@ -15,9 +15,14 @@ rand = "0.8" borsh = "1.5.7" hex = "0.4.3" +[build-dependencies] +risc0-build = "3.0.3" +risc0-binfmt = "3.0.2" + [dev-dependencies] test-program-methods = { path = "test_program_methods" } hex-literal = "1.0.0" [features] default = [] +no_docker = ["program-methods"] diff --git a/nssa/build.rs b/nssa/build.rs new file mode 100644 index 0000000..cc4608e --- /dev/null +++ b/nssa/build.rs @@ -0,0 +1,63 @@ +fn main() { + if cfg!(feature = "no_docker") { + println!("cargo:warning=NO_DOCKER feature enabled – deterministic build skipped"); + return; + } + + build_deterministic().expect("Deterministic build failed"); +} + +fn build_deterministic() -> Result<(), Box> { + use std::{env, fs, path::PathBuf, process::Command}; + + let manifest_dir = PathBuf::from(env::var("CARGO_MANIFEST_DIR")?); + let out_dir = PathBuf::from(env::var("OUT_DIR")?); + let mod_dir = out_dir.join("program_methods"); + let mod_file = mod_dir.join("mod.rs"); + + println!("cargo:rerun-if-changed=program_methods/guest/src"); + println!("cargo:rerun-if-changed=program_methods/guest/Cargo.toml"); + + let guest_manifest = manifest_dir.join("program_methods/guest/Cargo.toml"); + + let status = Command::new("cargo") + .args(["risczero", "build", "--manifest-path"]) + .arg(&guest_manifest) + .status()?; + if !status.success() { + return Err("Risc0 deterministic build failed".into()); + } + + let target_dir = + manifest_dir.join("program_methods/guest/target/riscv32im-risc0-zkvm-elf/docker/"); + + let bins = fs::read_dir(&target_dir)? + .filter_map(Result::ok) + .filter(|e| e.path().extension().is_some_and(|ext| ext == "bin")) + .collect::>(); + + if bins.is_empty() { + return Err(format!("No .bin files found in {:?}", target_dir).into()); + } + + fs::create_dir_all(&mod_dir)?; + let mut src = String::new(); + for entry in bins { + let path = entry.path(); + let name = path.file_stem().unwrap().to_string_lossy(); + let bytecode = fs::read(&path)?; + let image_id: [u32; 8] = risc0_binfmt::compute_image_id(&bytecode)?.into(); + src.push_str(&format!( + "pub const {}_ELF: &[u8] = include_bytes!(r#\"{}\"#);\n\ + pub const {}_ID: [u32; 8] = {:?};\n", + name.to_uppercase(), + path.display(), + name.to_uppercase(), + image_id + )); + } + fs::write(&mod_file, src)?; + println!("cargo:warning=Generated module at {}", mod_file.display()); + + Ok(()) +} diff --git a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs index 210e3f0..df8a38e 100644 --- a/nssa/program_methods/guest/src/bin/authenticated_transfer.rs +++ b/nssa/program_methods/guest/src/bin/authenticated_transfer.rs @@ -1,21 +1,30 @@ -use nssa_core::program::{ProgramInput, read_nssa_inputs, write_nssa_outputs}; +use nssa_core::{ + account::{Account, AccountWithMetadata}, + program::{ProgramInput, read_nssa_inputs, write_nssa_outputs}, +}; -/// A transfer of balance program. -/// To be used both in public and private contexts. -fn main() { - // Read input accounts. - // It is expected to receive only two accounts: [sender_account, receiver_account] - let ProgramInput { - pre_states, - instruction: balance_to_move, - } = read_nssa_inputs(); +/// Initializes a default account under the ownership of this program. +/// This is achieved by a noop. +fn initialize_account(pre_state: AccountWithMetadata) { + let account_to_claim = pre_state.account.clone(); + let is_authorized = pre_state.is_authorized; - // Continue only if input_accounts is an array of two elements - let [sender, receiver] = match pre_states.try_into() { - Ok(array) => array, - Err(_) => return, - }; + // Continue only if the account to claim has default values + if account_to_claim != Account::default() { + return; + } + // Continue only if the owner authorized this operation + if !is_authorized { + return; + } + + // Noop will result in account being claimed for this program + write_nssa_outputs(vec![pre_state], vec![account_to_claim]); +} + +/// Transfers `balance_to_move` native balance from `sender` to `recipient`. +fn transfer(sender: AccountWithMetadata, recipient: AccountWithMetadata, balance_to_move: u128) { // Continue only if the sender has authorized this operation if !sender.is_authorized { return; @@ -28,10 +37,27 @@ fn main() { // Create accounts post states, with updated balances let mut sender_post = sender.account.clone(); - let mut receiver_post = receiver.account.clone(); + let mut recipient_post = recipient.account.clone(); sender_post.balance -= balance_to_move; - receiver_post.balance += balance_to_move; + recipient_post.balance += balance_to_move; - write_nssa_outputs(vec![sender, receiver], vec![sender_post, receiver_post]); + write_nssa_outputs(vec![sender, recipient], vec![sender_post, recipient_post]); } +/// A transfer of balance program. +/// To be used both in public and private contexts. +fn main() { + // Read input accounts. + let ProgramInput { + pre_states, + instruction: balance_to_move, + } = read_nssa_inputs(); + + match (pre_states.as_slice(), balance_to_move) { + ([account_to_claim], 0) => initialize_account(account_to_claim.clone()), + ([sender, recipient], balance_to_move) => { + transfer(sender.clone(), recipient.clone(), balance_to_move) + } + _ => panic!("invalid params"), + } +} diff --git a/nssa/src/lib.rs b/nssa/src/lib.rs index 21defa9..dc6bb15 100644 --- a/nssa/src/lib.rs +++ b/nssa/src/lib.rs @@ -1,3 +1,12 @@ +#[cfg(not(feature = "no_docker"))] +pub mod program_methods { + include!(concat!(env!("OUT_DIR"), "/program_methods/mod.rs")); +} + +#[cfg(feature = "no_docker")] +#[allow(clippy::single_component_path_imports)] +use program_methods; + pub mod encoding; pub mod error; mod merkle_tree; @@ -12,6 +21,7 @@ pub use nssa_core::address::Address; pub use privacy_preserving_transaction::{ PrivacyPreservingTransaction, circuit::execute_and_prove, }; +pub use program_methods::PRIVACY_PRESERVING_CIRCUIT_ID; pub use public_transaction::PublicTransaction; pub use signature::PrivateKey; pub use signature::PublicKey; diff --git a/nssa/src/privacy_preserving_transaction/circuit.rs b/nssa/src/privacy_preserving_transaction/circuit.rs index 3a98723..9ce0610 100644 --- a/nssa/src/privacy_preserving_transaction/circuit.rs +++ b/nssa/src/privacy_preserving_transaction/circuit.rs @@ -8,7 +8,7 @@ use risc0_zkvm::{ExecutorEnv, InnerReceipt, Receipt, default_prover}; use crate::{error::NssaError, program::Program}; -use program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID}; +use crate::program_methods::{PRIVACY_PRESERVING_CIRCUIT_ELF, PRIVACY_PRESERVING_CIRCUIT_ID}; /// Proof of the privacy preserving execution circuit #[derive(Debug, Clone, PartialEq, Eq)] diff --git a/nssa/src/program.rs b/nssa/src/program.rs index 5abc153..f6df8fe 100644 --- a/nssa/src/program.rs +++ b/nssa/src/program.rs @@ -1,11 +1,11 @@ +use crate::program_methods::{ + AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID, PINATA_ELF, PINATA_ID, TOKEN_ELF, + TOKEN_ID, +}; use nssa_core::{ account::{Account, AccountWithMetadata}, program::{InstructionData, ProgramId, ProgramOutput}, }; -use program_methods::{ - AUTHENTICATED_TRANSFER_ELF, AUTHENTICATED_TRANSFER_ID, PINATA_ELF, PINATA_ID, TOKEN_ELF, - TOKEN_ID, -}; use risc0_zkvm::{ExecutorEnv, ExecutorEnvBuilder, default_executor, serde::to_vec}; use serde::Serialize; diff --git a/sequencer_rpc/src/process.rs b/sequencer_rpc/src/process.rs index f376f94..d8c3c01 100644 --- a/sequencer_rpc/src/process.rs +++ b/sequencer_rpc/src/process.rs @@ -1,6 +1,8 @@ +use std::collections::HashMap; + use actix_web::Error as HttpError; use base64::{Engine, engine::general_purpose}; -use nssa; +use nssa::{self, program::Program}; use sequencer_core::config::AccountInitialData; use serde_json::Value; @@ -14,9 +16,9 @@ use common::{ requests::{ GetAccountBalanceRequest, GetAccountBalanceResponse, GetAccountRequest, GetAccountResponse, GetAccountsNoncesRequest, GetAccountsNoncesResponse, - GetInitialTestnetAccountsRequest, GetProofForCommitmentRequest, - GetProofForCommitmentResponse, GetTransactionByHashRequest, - GetTransactionByHashResponse, + GetInitialTestnetAccountsRequest, GetProgramIdsRequest, GetProgramIdsResponse, + GetProofForCommitmentRequest, GetProofForCommitmentResponse, + GetTransactionByHashRequest, GetTransactionByHashResponse, }, }, transaction::EncodedTransaction, @@ -40,6 +42,7 @@ pub const GET_TRANSACTION_BY_HASH: &str = "get_transaction_by_hash"; pub const GET_ACCOUNTS_NONCES: &str = "get_accounts_nonces"; pub const GET_ACCOUNT: &str = "get_account"; pub const GET_PROOF_FOR_COMMITMENT: &str = "get_proof_for_commitment"; +pub const GET_PROGRAM_IDS: &str = "get_program_ids"; pub const HELLO_FROM_SEQUENCER: &str = "HELLO_FROM_SEQUENCER"; @@ -267,6 +270,24 @@ impl JsonHandler { respond(helperstruct) } + async fn process_get_program_ids(&self, request: Request) -> Result { + let _get_proof_req = GetProgramIdsRequest::parse(Some(request.params))?; + + let mut program_ids = HashMap::new(); + program_ids.insert( + "authenticated_transfer".to_string(), + Program::authenticated_transfer_program().id(), + ); + program_ids.insert("token".to_string(), Program::token().id()); + program_ids.insert("pinata".to_string(), Program::pinata().id()); + program_ids.insert( + "privacy_preserving_circuit".to_string(), + nssa::PRIVACY_PRESERVING_CIRCUIT_ID, + ); + let helperstruct = GetProgramIdsResponse { program_ids }; + respond(helperstruct) + } + pub async fn process_request_internal(&self, request: Request) -> Result { match request.method.as_ref() { HELLO => self.process_temp_hello(request).await, @@ -280,6 +301,7 @@ impl JsonHandler { GET_ACCOUNT => self.process_get_account(request).await, GET_TRANSACTION_BY_HASH => self.process_get_transaction_by_hash(request).await, GET_PROOF_FOR_COMMITMENT => self.process_get_proof_by_commitment(request).await, + GET_PROGRAM_IDS => self.process_get_program_ids(request).await, _ => Err(RpcErr(RpcError::method_not_found(request.method))), } } diff --git a/wallet/src/lib.rs b/wallet/src/lib.rs index 501d096..5adfa39 100644 --- a/wallet/src/lib.rs +++ b/wallet/src/lib.rs @@ -11,7 +11,10 @@ use anyhow::Result; use chain_storage::WalletChainStore; use config::WalletConfig; use log::info; -use nssa::{Account, Address, privacy_preserving_transaction::message::EncryptedAccountData}; +use nssa::{ + Account, Address, privacy_preserving_transaction::message::EncryptedAccountData, + program::Program, +}; use clap::{Parser, Subcommand}; use nssa_core::{Commitment, MembershipProof}; @@ -202,6 +205,10 @@ pub enum Command { ///Token command #[command(subcommand)] TokenProgram(TokenProgramSubcommand), + AuthenticatedTransferInitializePublicAccount {}, + // Check the wallet can connect to the node and builtin local programs + // match the remote versions + CheckHealth {}, } ///To execute commands, env var NSSA_WALLET_HOME_DIR must be set into directory with config @@ -247,6 +254,55 @@ pub async fn execute_subcommand(command: Command) -> Result { + let remote_program_ids = wallet_core + .sequencer_client + .get_program_ids() + .await + .expect("Error fetching program ids"); + let Some(authenticated_transfer_id) = remote_program_ids.get("authenticated_transfer") + else { + panic!("Missing authenticated transfer ID from remote"); + }; + if authenticated_transfer_id != &Program::authenticated_transfer_program().id() { + panic!("Local ID for authenticated transfer program is different from remote"); + } + let Some(token_id) = remote_program_ids.get("token") else { + panic!("Missing token program ID from remote"); + }; + if token_id != &Program::token().id() { + panic!("Local ID for token program is different from remote"); + } + let Some(circuit_id) = remote_program_ids.get("privacy_preserving_circuit") else { + panic!("Missing privacy preserving circuit ID from remote"); + }; + if circuit_id != &nssa::PRIVACY_PRESERVING_CIRCUIT_ID { + panic!("Local ID for privacy preserving circuit is different from remote"); + } + + println!("✅All looks good!"); + + SubcommandReturnValue::Empty + } + Command::AuthenticatedTransferInitializePublicAccount {} => { + let addr = wallet_core.create_new_account_public(); + + println!("Generated new account with addr {addr}"); + + let path = wallet_core.store_persistent_accounts().await?; + + println!("Stored persistent accounts at {path:#?}"); + + let res = wallet_core + .register_account_under_authenticated_transfers_programs(addr) + .await?; + + println!("Results of tx send is {res:#?}"); + + let _transfer_tx = wallet_core.poll_native_token_transfer(res.tx_hash).await?; + + SubcommandReturnValue::RegisterAccount { addr } + } Command::TokenProgram(token_subcommand) => { token_subcommand.handle_subcommand(&mut wallet_core).await? } diff --git a/wallet/src/token_transfers/public.rs b/wallet/src/token_transfers/public.rs index 22d50eb..3e6df44 100644 --- a/wallet/src/token_transfers/public.rs +++ b/wallet/src/token_transfers/public.rs @@ -42,4 +42,30 @@ impl WalletCore { Err(ExecutionFailureKind::InsufficientFundsError) } } + + pub async fn register_account_under_authenticated_transfers_programs( + &self, + from: Address, + ) -> Result { + let Ok(nonces) = self.get_accounts_nonces(vec![from]).await else { + return Err(ExecutionFailureKind::SequencerError); + }; + + let instruction: u128 = 0; + let addresses = vec![from]; + let program_id = Program::authenticated_transfer_program().id(); + let message = Message::try_new(program_id, addresses, nonces, instruction).unwrap(); + + let signing_key = self.storage.user_data.get_pub_account_signing_key(&from); + + let Some(signing_key) = signing_key else { + return Err(ExecutionFailureKind::KeyNotFoundError); + }; + + let witness_set = WitnessSet::for_message(&message, &[signing_key]); + + let tx = PublicTransaction::new(message, witness_set); + + Ok(self.sequencer_client.send_tx_public(tx).await?) + } }