-
Notifications
You must be signed in to change notification settings - Fork 284
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: initial authwit cancellation support
- Loading branch information
Showing
22 changed files
with
391 additions
and
142 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,78 +1,56 @@ | ||
use dep::aztec::protocol_types::{ | ||
abis::function_selector::FunctionSelector, address::AztecAddress, | ||
constants::{GENERATOR_INDEX__AUTHWIT}, hash::{hash_args, pedersen_hash} | ||
constants::{GENERATOR_INDEX__AUTHWIT_INNER, GENERATOR_INDEX__AUTHWIT_OUTER}, | ||
hash::{hash_args, pedersen_hash} | ||
}; | ||
use dep::aztec::context::{PrivateContext, PublicContext, Context}; | ||
|
||
global IS_VALID_SELECTOR = 0xe86ab4ff; | ||
global IS_VALID_PUBLIC_SELECTOR = 0xf3661153; | ||
|
||
// @todo #2676 Should use different generator than the payload to limit probability of collisions. | ||
|
||
// docs:start:assert_valid_authwit | ||
// Assert that `on_behalf_of` have authorized `message_hash` with a valid authentication witness | ||
pub fn assert_valid_authwit( | ||
context: &mut PrivateContext, | ||
on_behalf_of: AztecAddress, | ||
message_hash: Field | ||
) { | ||
let is_valid_selector = FunctionSelector::from_field(IS_VALID_SELECTOR); | ||
let result = context.call_private_function(on_behalf_of, is_valid_selector, [message_hash])[0]; | ||
context.push_new_nullifier(message_hash, 0); | ||
assert(result == IS_VALID_SELECTOR, "Message not authorized by account"); | ||
} | ||
// docs:end:assert_valid_authwit | ||
global IS_VALID_SELECTOR = 0xabf64ad4; // 4 first bytes of keccak256("IS_VALID()") | ||
|
||
// docs:start:assert_current_call_valid_authwit | ||
// Assert that `on_behalf_of` have authorized the current call with a valid authentication witness | ||
pub fn assert_current_call_valid_authwit(context: &mut PrivateContext, on_behalf_of: AztecAddress) { | ||
// message_hash = H(caller, contract_this, selector, args_hash) | ||
let message_hash = pedersen_hash( | ||
[ | ||
context.msg_sender().to_field(), context.this_address().to_field(), context.selector().to_field(), context.args_hash | ||
], | ||
GENERATOR_INDEX__AUTHWIT | ||
let function_selector = FunctionSelector::from_signature("spend_private_authwit(Field)"); | ||
let inner_hash = pedersen_hash( | ||
[context.msg_sender().to_field(), context.selector().to_field(), context.args_hash], | ||
GENERATOR_INDEX__AUTHWIT_INNER | ||
); | ||
assert_valid_authwit(context, on_behalf_of, message_hash); | ||
} | ||
// docs:end:assert_current_call_valid_authwit | ||
|
||
// docs:start:assert_valid_authwit_public | ||
// Assert that `on_behalf_of` have authorized `message_hash` in a public context | ||
pub fn assert_valid_authwit_public(context: &mut PublicContext, on_behalf_of: AztecAddress, message_hash: Field) { | ||
let is_valid_public_selector = FunctionSelector::from_field(IS_VALID_PUBLIC_SELECTOR); | ||
let result = context.call_public_function(on_behalf_of, is_valid_public_selector, [message_hash])[0]; | ||
context.push_new_nullifier(message_hash, 0); | ||
let result = context.call_private_function(on_behalf_of, function_selector, [inner_hash])[0]; | ||
assert(result == IS_VALID_SELECTOR, "Message not authorized by account"); | ||
} | ||
// docs:end:assert_valid_authwit_public | ||
// docs:end:assert_current_call_valid_authwit | ||
|
||
// docs:start:assert_current_call_valid_authwit_public | ||
// Assert that `on_behalf_of` have authorized the current call in a public context | ||
pub fn assert_current_call_valid_authwit_public(context: &mut PublicContext, on_behalf_of: AztecAddress) { | ||
// message_hash = H(caller, contract_this, selector, args_hash) | ||
let message_hash = pedersen_hash( | ||
[ | ||
context.msg_sender().to_field(), context.this_address().to_field(), context.selector().to_field(), context.args_hash | ||
], | ||
GENERATOR_INDEX__AUTHWIT | ||
let function_selector = FunctionSelector::from_signature("spend_public_authwit(Field)"); | ||
let inner_hash = pedersen_hash( | ||
[context.msg_sender().to_field(), context.selector().to_field(), context.args_hash], | ||
GENERATOR_INDEX__AUTHWIT_INNER | ||
); | ||
assert_valid_authwit_public(context, on_behalf_of, message_hash); | ||
let result = context.call_public_function(on_behalf_of, function_selector, [inner_hash])[0]; | ||
assert(result == IS_VALID_SELECTOR, "Message not authorized by account"); | ||
} | ||
// docs:end:assert_current_call_valid_authwit_public | ||
|
||
// docs:start:compute_authwit_message_hash | ||
// Compute the message hash to be used by an authentication witness | ||
pub fn compute_authwit_message_hash<N>( | ||
caller: AztecAddress, | ||
target: AztecAddress, | ||
selector: FunctionSelector, | ||
args: [Field; N] | ||
) -> Field { | ||
pub fn compute_call_authwit_hash<N>(caller: AztecAddress, consumer: AztecAddress, selector: FunctionSelector, args: [Field; N]) -> Field { | ||
let args_hash = hash_args(args); | ||
pedersen_hash( | ||
[caller.to_field(), target.to_field(), selector.to_field(), args_hash], | ||
GENERATOR_INDEX__AUTHWIT | ||
compute_outer_authwit_hash( | ||
consumer, | ||
compute_inner_authwit_hash([caller.to_field(), selector.to_field(), args_hash]) | ||
) | ||
} | ||
// docs:end:compute_authwit_message_hash | ||
|
||
pub fn compute_inner_authwit_hash<N>(args: [Field; N]) -> Field { | ||
pedersen_hash(args, GENERATOR_INDEX__AUTHWIT_OUTER) | ||
} | ||
|
||
pub fn compute_outer_authwit_hash(consumer: AztecAddress, msg_hash: Field) -> Field { | ||
pedersen_hash( | ||
[consumer.to_field(), msg_hash], | ||
GENERATOR_INDEX__AUTHWIT_OUTER | ||
) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.