Pseudo ops (#503)

* gotez version bump * gotez v2.0.6 * CLI test updated * handle pseudo-ops * make binaries PHONY in Makefile to skip timestamp check * List all available ops including pseudo-ops in example config * chore: fix go.mod --------- Co-authored-by: GImbrailo <[email protected]>
ecadlabs · Oct 25, 2024 · cb93f83 · cb93f83
1 parent e4ff429
commit cb93f83
Show file tree

Hide file tree

Showing 9 changed files with 76 additions and 25 deletions.
diff --git a/Makefile b/Makefile
@@ -9,6 +9,8 @@ GOLANG_CROSS_VERSION  ?= v1.21.0
 
 all: signatory signatory-cli
 
+# build is controlled by Go build system, so mark phony to ignore file timestamps
+.PHONY: signatory signatory-cli
 signatory:
 	CGO_ENABLED=1 go build -ldflags "-X $(COLLECTOR_PKG).GitRevision=$(GIT_REVISION) -X $(COLLECTOR_PKG).GitBranch=$(GIT_BRANCH)" ./cmd/signatory
 signatory-cli:

diff --git a/cmd/commands/list_ops.go b/cmd/commands/list_ops.go
@@ -51,9 +51,12 @@ func NewListOps(c *Context) *cobra.Command {
 		Short: "Print possible operation types inside the `generic` request",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			var ops []string
-			for _, k := range encoding.ListVariants[latest.OperationContents]() {
+			for _, k := range latest.ListOperations() {
 				ops = append(ops, k.OperationKind())
 			}
+			for _, op := range latest.ListPseudoOperations() {
+				ops = append(ops, op.PseudoOperation())
+			}
 			sort.Strings(ops)
 			return listOpsTpl.Execute(os.Stdout, ops)
 		},

diff --git a/docs/aws_kms.md b/docs/aws_kms.md
@@ -75,7 +75,6 @@ tezos:
       - block
       - endorsement
     allowed_kinds:
-      # List of [endorsement, ballot, reveal, transaction, origination, delegation, seed_nonce_revelation, activate_account]
       - transaction
       - endorsement
       - reveal

diff --git a/go.mod b/go.mod
@@ -16,7 +16,7 @@ require (
 	github.com/decred/dcrd/dcrec/secp256k1/v4 v4.2.0
 	github.com/ecadlabs/goblst v1.0.0
 	github.com/ecadlabs/gotez/v2 v2.1.3
-	github.com/go-playground/validator/v10 v10.16.0
+	github.com/go-playground/validator/v10 v10.22.0
 	github.com/google/tink/go v1.7.0
 	github.com/google/uuid v1.4.0
 	github.com/gorilla/mux v1.8.1
@@ -54,7 +54,7 @@ require (
 	github.com/cenkalti/backoff/v3 v3.2.2 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/ecadlabs/pretty v0.0.0-20230412124801-f948fc689a04 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.5 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -93,14 +93,14 @@ require (
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
+	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/prometheus/client_model v0.5.0 // indirect
 	github.com/prometheus/common v0.45.0 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/net v0.27.0 // indirect
 	golang.org/x/sys v0.26.0 // indirect
 	golang.org/x/term v0.25.0
 	golang.org/x/text v0.19.0 // indirect

diff --git a/go.sum b/go.sum
@@ -81,8 +81,8 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
-github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
+github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4=
+github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4=
 github.com/go-jose/go-jose/v3 v3.0.0/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
 github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
 github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
@@ -92,8 +92,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
 github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY=
-github.com/go-playground/validator/v10 v10.16.0 h1:x+plE831WK4vaKHO/jpgUGsvLKIqRRkz6M78GuJAfGE=
-github.com/go-playground/validator/v10 v10.16.0/go.mod h1:9iXMNT7sEkjXb0I+enO7QXmzG6QCsPWY4zveKFVRSyU=
+github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao=
+github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM=
 github.com/go-test/deep v1.0.2 h1:onZX1rnHT3Wv6cqNgYyFOOlgVKJrksuCMCRvJStbMYw=
 github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
 github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY=
@@ -185,8 +185,8 @@ github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
 github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
-github.com/leodido/go-urn v1.2.4 h1:XlAE/cm/ms7TE/VMVoduSpNBoyc2dOxHs5MZSwAN63Q=
-github.com/leodido/go-urn v1.2.4/go.mod h1:7ZrI8mTSeBSHl/UaRyKQW1qZeMgak41ANeCNaVckg+4=
+github.com/leodido/go-urn v1.4.0 h1:WT9HwE9SGECu3lg4d/dIA+jxlljEa1/ffXKmRjqdmIQ=
+github.com/leodido/go-urn v1.4.0/go.mod h1:bvxc+MVxLKB4z00jd1z+Dvzr47oO32F/QSNjSBOlFxI=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
 github.com/mattn/go-colorable v0.1.6 h1:6Su7aK7lXmJ/U79bYtBjLNaha4Fs1Rg9plHpcH+vvnE=
@@ -242,7 +242,6 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
 github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
 github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -274,8 +273,8 @@ golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
 golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
 golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
-golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
-golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.15.0 h1:s8pnnxNVzjWyrvYdFUQq5llS1PX2zhPXmccZv99h7uQ=
 golang.org/x/oauth2 v0.15.0/go.mod h1:q48ptWNTY5XWf+JNten23lcvHpLJ0ZSxF5ttTHKVCAM=

diff --git a/pkg/signatory/signatory.go b/pkg/signatory/signatory.go
@@ -193,7 +193,7 @@ func matchFilter(policy *PublicKeyPolicy, req *SignRequest, msg protocol.SignReq
 
 	if ops, ok := msg.(*protocol.GenericOperationSignRequest); ok {
 		for _, op := range ops.Contents {
-			kind := op.OperationKind()
+			kind := core.GetOperationKind(op)
 			allowed = false
 			for _, k := range policy.AllowedOps {
 				if kind == k {
@@ -399,7 +399,7 @@ func (s *Signatory) Sign(ctx context.Context, req *SignRequest) (crypt.Signature
 			l.Error(err)
 			return nil, err
 		}
-		return p.vault.SignMessage(ctx, message, p.key)
+		return p.vault.SignMessage(ctx, message, key)
 	}
 
 	var sig crypt.Signature

diff --git a/pkg/signatory/signatory_test.go b/pkg/signatory/signatory_test.go
@@ -3,12 +3,19 @@
 package signatory_test
 
 import (
+	"bytes"
 	"context"
 	"encoding/hex"
 	"fmt"
 	"testing"
 
+	tz "github.com/ecadlabs/gotez/v2"
 	"github.com/ecadlabs/gotez/v2/crypt"
+	"github.com/ecadlabs/gotez/v2/encoding"
+	"github.com/ecadlabs/gotez/v2/protocol"
+	"github.com/ecadlabs/gotez/v2/protocol/core"
+	"github.com/ecadlabs/gotez/v2/protocol/core/expression"
+	"github.com/ecadlabs/gotez/v2/protocol/latest"
 	"github.com/ecadlabs/signatory/pkg/config"
 	"github.com/ecadlabs/signatory/pkg/hashmap"
 	"github.com/ecadlabs/signatory/pkg/signatory"
@@ -59,6 +66,7 @@ func TestPolicy(t *testing.T) {
 	type testCase struct {
 		title    string
 		msg      []byte
+		req      protocol.SignRequest
 		policy   signatory.PublicKeyPolicy
 		expected string
 	}
@@ -301,6 +309,34 @@ func TestPolicy(t *testing.T) {
 			},
 			expected: "operation `update_consensus_key' is not allowed",
 		},
+		{
+			title: "Stake allowed",
+			req: &protocol.GenericOperationSignRequest{
+				Branch: &tz.BlockHash{},
+				Contents: []latest.OperationContents{
+					&latest.Transaction{
+						ManagerOperation: latest.ManagerOperation{
+							Source:       &tz.Ed25519PublicKeyHash{1, 2, 3},
+							Fee:          tz.BigUint{0x00},
+							Counter:      tz.BigUint{0x00},
+							GasLimit:     tz.BigUint{0x00},
+							StorageLimit: tz.BigUint{0x00},
+						},
+						Amount:      tz.BigUint{0x00},
+						Destination: core.ImplicitContract{PublicKeyHash: &tz.Ed25519PublicKeyHash{1, 2, 3}},
+						Parameters: tz.Some(latest.Parameters{
+							Entrypoint: latest.EpStake{},
+							Value:      expression.Prim00(expression.Prim_Unit),
+						}),
+					},
+				},
+			},
+			policy: signatory.PublicKeyPolicy{
+				AllowedRequests: []string{"generic"},
+				AllowedOps:      []string{"stake"},
+				LogPayloads:     true,
+			},
+		},
 	}
 
 	priv, err := crypt.ParsePrivateKey([]byte(privateKey))
@@ -322,7 +358,16 @@ func TestPolicy(t *testing.T) {
 			require.NoError(t, err)
 			require.NoError(t, s.Unlock(context.Background()))
 
-			_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: pk.Hash(), Message: c.msg})
+			var msg []byte
+			if c.req != nil {
+				var buf bytes.Buffer
+				require.NoError(t, encoding.Encode(&buf, &c.req))
+				msg = buf.Bytes()
+			} else {
+				msg = c.msg
+			}
+
+			_, err = s.Sign(context.Background(), &signatory.SignRequest{PublicKeyHash: pk.Hash(), Message: msg})
 			if c.expected != "" {
 				require.EqualError(t, err, c.expected)
 			} else {

diff --git a/pkg/signatory/utils.go b/pkg/signatory/utils.go
@@ -5,6 +5,7 @@ import (
 
 	"github.com/ecadlabs/gotez/v2/encoding"
 	"github.com/ecadlabs/gotez/v2/protocol"
+	"github.com/ecadlabs/gotez/v2/protocol/core"
 )
 
 func AuthenticatedBytesToSign(req *SignRequest) ([]byte, error) {
@@ -27,7 +28,7 @@ type operationsStat map[string]int
 func getOperationsStat(u *protocol.GenericOperationSignRequest) operationsStat {
 	ops := make(operationsStat)
 	for _, o := range u.Contents {
-		ops[o.OperationKind()]++
+		ops[core.GetOperationKind(o)]++
 	}
 	return ops
 }
diff --git a/signatory.yaml b/signatory.yaml
@@ -66,12 +66,14 @@ tezos:
     allow:
       # List of [block, endorsement, failing_noop, generic, preendorsement]
       generic:
-        # List of [activate_account, ballot, delegation, double_baking_evidence, double_endorsement_evidence,
-        # double_preendorsement_evidence, endorsement, failing_noop, origination, preendorsement, proposals,
-        # register_global_constant, reveal, sc_rollup_add_messages, sc_rollup_cement, sc_rollup_originate,
-        # sc_rollup_publish, seed_nonce_revelation, set_deposits_limit, transaction, transfer_ticket,
-        # tx_rollup_commit, tx_rollup_dispatch_tickets, tx_rollup_finalize_commitment, tx_rollup_origination,
-        # tx_rollup_rejection, tx_rollup_remove_commitment, tx_rollup_return_bond, tx_rollup_submit_batch]
+        # List of
+        # [activate_account, attestation, attestation_with_dal, ballot, dal_publish_commitment, delegation, double_attestation_evidence,
+        # double_baking_evidence, double_preattestation_evidence, drain_delegate, failing_noop, finalize_unstake, increase_paid_storage,
+        # origination, preattestation, proposals, register_global_constant, reveal, seed_nonce_revelation, set_delegate_parameters,
+        # set_deposits_limit, signature_prefix, smart_rollup_add_messages, smart_rollup_cement, smart_rollup_execute_outbox_message,
+        # smart_rollup_originate, smart_rollup_publish, smart_rollup_recover_bond, smart_rollup_refute, smart_rollup_timeout, stake,
+        # transaction, transfer_ticket, unstake, update_consensus_key, vdf_revelation, zk_rollup_origination, zk_rollup_publish,
+        # zk_rollup_update]
         - transaction
         - endorsement
       block: