Add rpc method for checking sign_bitcoin (#2871)

* rpc method for checking musig2 ceremony correctness

* test sign_bitcoin by enclave account

* review suggestions

bitacross-worker/bitacross/core/bc-musig2-ceremony/src/lib.rs

@@ -106,7 +106,7 @@ pub enum CeremonyEvent {
 	FirstRoundStarted(Signers, CeremonyId, PubNonce),
 	SecondRoundStarted(Signers, CeremonyId, PartialSignature),
 	CeremonyError(Signers, CeremonyError, RequestAesKey),
-	CeremonyEnded([u8; 64], RequestAesKey),
+	CeremonyEnded([u8; 64], RequestAesKey, bool, bool),
 	CeremonyTimedOut(Signers, RequestAesKey),
 }
 
@@ -136,10 +136,13 @@ pub struct MuSig2Ceremony<AK: AccessKey<KeyType = SchnorrPair>> {
 	second_round: Option<musig2::SecondRound<SignaturePayload>>,
 	ticks_left: u32,
 	agg_key: Option<PublicKey>,
+	// indicates whether it's check run - signature verification result is returned instead of signature
+	check_run: bool,
 }
 
 impl<AK: AccessKey<KeyType = SchnorrPair>> MuSig2Ceremony<AK> {
 	// Creates new ceremony and starts first round
+	#[allow(clippy::too_many_arguments)]
 	pub fn new(
 		me: SignerId,
 		aes_key: RequestAesKey,
@@ -148,6 +151,7 @@ impl<AK: AccessKey<KeyType = SchnorrPair>> MuSig2Ceremony<AK> {
 		commands: Vec<CeremonyCommand>,
 		signing_key_access: Arc<AK>,
 		ttl: u32,
+		check_run: bool,
 	) -> Result<Self, String> {
 		info!("Creating new ceremony {:?} and events {:?}", payload, commands);
 		if signers.len() < 3 {
@@ -216,6 +220,7 @@ impl<AK: AccessKey<KeyType = SchnorrPair>> MuSig2Ceremony<AK> {
 			second_round: None,
 			ticks_left: ttl,
 			agg_key: Some(agg_key_copy),
+			check_run,
 		})
 	}
 
@@ -388,15 +393,13 @@ impl<AK: AccessKey<KeyType = SchnorrPair>> MuSig2Ceremony<AK> {
 						SignBitcoinPayload::TaprootSpendable(p, _) => p,
 						SignBitcoinPayload::WithTweaks(p, _) => p,
 					};
-
-					info!("Message {:?}", message);
-
-					info!("Verification result: ");
-					match verify_single(self.agg_key.unwrap(), signature, message) {
-						Ok(_) => info!("OK!"),
-						Err(_) => info!("NOK!"),
-					};
-					self.events.push(CeremonyEnded(signature.to_bytes(), self.aes_key));
+					let result = verify_single(self.agg_key.unwrap(), signature, message).is_ok();
+					self.events.push(CeremonyEnded(
+						signature.to_bytes(),
+						self.aes_key,
+						self.check_run,
+						result,
+					));
 				}
 			}
 			Ok(())
@@ -555,6 +558,7 @@ pub mod test {
 			vec![],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		);
 
 		// then
@@ -575,6 +579,7 @@ pub mod test {
 			vec![],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		);
 
 		// then
@@ -595,6 +600,7 @@ pub mod test {
 			vec![],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -623,6 +629,7 @@ pub mod test {
 			vec![],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -649,6 +656,7 @@ pub mod test {
 			vec![save_signer1_nonce_cmd()],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -679,6 +687,7 @@ pub mod test {
 			],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -708,6 +717,7 @@ pub mod test {
 			vec![unknown_signer_nonce_cmd()],
 			Arc::new(signing_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -770,6 +780,7 @@ pub mod sgx_tests {
 			vec![],
 			Arc::new(my_signer_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 		// signer 1
@@ -782,6 +793,7 @@ pub mod sgx_tests {
 			vec![],
 			Arc::new(signer1_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 		// signer 2
@@ -794,6 +806,7 @@ pub mod sgx_tests {
 			vec![],
 			Arc::new(signer2_key_access),
 			10,
+			false,
 		)
 		.unwrap();
 
@@ -883,21 +896,21 @@ pub mod sgx_tests {
 		let signer2_ceremony_ceremony_ended_ev = signer2_ceremony_events.get(0).unwrap();
 
 		let my_ceremony_final_signature = match my_ceremony_ceremony_ended_ev {
-			CeremonyEvent::CeremonyEnded(signature, _) => signature.clone(),
+			CeremonyEvent::CeremonyEnded(signature, _, _, _) => signature.clone(),
 			_ => {
 				panic!("Ceremony should be ended")
 			},
 		};
 
 		let signer1_ceremony_final_signature = match signer1_ceremony_ceremony_ended_ev {
-			CeremonyEvent::CeremonyEnded(signature, _) => signature.clone(),
+			CeremonyEvent::CeremonyEnded(signature, _, _, _) => signature.clone(),
 			_ => {
 				panic!("Ceremony should be ended")
 			},
 		};
 
 		let signer2_ceremony_final_signature = match signer2_ceremony_ceremony_ended_ev {
-			CeremonyEvent::CeremonyEnded(signature, _) => signature.clone(),
+			CeremonyEvent::CeremonyEnded(signature, _, _, _) => signature.clone(),
 			_ => {
 				panic!("Ceremony should be ended")
 			},

bitacross-worker/bitacross/core/bc-musig2-runner/src/lib.rs

@@ -189,26 +189,35 @@ pub fn init_ceremonies_thread<ClientFactory, AK, ER, OCallApi, SIGNINGAK, SHIELD
 									);
 								});
 							},
-							CeremonyEvent::CeremonyEnded(signature, request_aes_key) => {
+							CeremonyEvent::CeremonyEnded(
+								signature,
+								request_aes_key,
+								is_check_run,
+								verification_result,
+							) => {
 								debug!(
 									"Ceremony {:?} ended, signature {:?}",
 									ceremony_id_to_process, signature
 								);
 								let hash = blake2_256(&ceremony_id_to_process.encode());
-								let result = signature;
-								let encrypted_result =
-									aes_encrypt_default(&request_aes_key, &result.encode())
-										.encode();
+								let result = if is_check_run {
+									verification_result.encode()
+								} else {
+									let result = signature;
+
+									aes_encrypt_default(&request_aes_key, &result.encode()).encode()
+								};
 								if let Err(e) = responder.send_state_with_status(
 									Hash::from_slice(&hash),
-									encrypted_result,
+									result,
 									DirectRequestStatus::Ok,
 								) {
 									error!(
 										"Could not send response to {:?}, reason: {:?}",
 										&hash, e
 									);
 								}
+
 								ceremonies_to_remove.push(ceremony_id_to_process.clone());
 							},
 							CeremonyEvent::CeremonyError(signers, error, request_aes_key) => {

bitacross-worker/bitacross/core/bc-relayer-registry/src/lib.rs

@@ -130,7 +130,7 @@ pub trait RelayerRegistryUpdater {
 }
 
 pub trait RelayerRegistryLookup {
-	fn contains_key(&self, account: Identity) -> bool;
+	fn contains_key(&self, account: &Identity) -> bool;
 }
 
 impl RelayerRegistryUpdater for RelayerRegistry {
@@ -192,15 +192,15 @@ impl RelayerRegistryUpdater for RelayerRegistry {
 
 impl RelayerRegistryLookup for RelayerRegistry {
 	#[cfg(feature = "std")]
-	fn contains_key(&self, account: Identity) -> bool {
+	fn contains_key(&self, account: &Identity) -> bool {
 		let registry = self.registry.read().unwrap();
-		registry.contains_key(&account)
+		registry.contains_key(account)
 	}
 
 	#[cfg(feature = "sgx")]
-	fn contains_key(&self, account: Identity) -> bool {
+	fn contains_key(&self, account: &Identity) -> bool {
 		// Using unwrap becaused poisoned locks are unrecoverable errors
 		let registry = self.registry.read().unwrap();
-		registry.contains_key(&account)
+		registry.contains_key(account)
 	}
 }

bitacross-worker/bitacross/core/bc-task-receiver/src/lib.rs

@@ -42,7 +42,7 @@ use std::sync::SgxMutex as Mutex;
 
 use core::ops::Deref;
 
-use bc_musig2_ceremony::{CeremonyCommandsRegistry, CeremonyRegistry};
+use bc_musig2_ceremony::{CeremonyCommandsRegistry, CeremonyRegistry, SignBitcoinPayload};
 use bc_task_sender::{init_bit_across_task_sender_storage, BitAcrossProcessingResult};
 use codec::{Decode, Encode};
 use frame_support::{ensure, sp_runtime::app_crypto::sp_core::blake2_256};
@@ -245,10 +245,12 @@ where
 				signer,
 				payload,
 				aes_key,
+				false,
 				context.relayer_registry_lookup.deref(),
 				context.musig2_ceremony_registry.clone(),
 				context.musig2_ceremony_pending_commands.clone(),
 				context.signer_registry_lookup.clone(),
+				context.enclave_registry_lookup.as_ref(),
 				&context.signing_key_pub,
 				context.bitcoin_key_repository.clone(),
 			)
@@ -258,6 +260,29 @@ where
 			})?;
 			Ok(BitAcrossProcessingResult::Submitted(hash))
 		},
+		DirectCall::CheckSignBitcoin(signer) => {
+			let payload = SignBitcoinPayload::Derived([0u8; 32].to_vec());
+			let aes_key = [0u8; 32];
+			let hash = blake2_256(&payload.encode());
+			sign_bitcoin::handle(
+				signer,
+				payload,
+				aes_key,
+				true,
+				context.relayer_registry_lookup.deref(),
+				context.musig2_ceremony_registry.clone(),
+				context.musig2_ceremony_pending_commands.clone(),
+				context.signer_registry_lookup.clone(),
+				context.enclave_registry_lookup.as_ref(),
+				&context.signing_key_pub,
+				context.bitcoin_key_repository.clone(),
+			)
+			.map_err(|e| {
+				error!("SignBitcoinCheck error: {:?}", e);
+				aes_encrypt_default(&aes_key, &e.encode()).encode()
+			})?;
+			Ok(BitAcrossProcessingResult::Submitted(hash))
+		},
 		DirectCall::SignEthereum(signer, aes_key, msg) => sign_ethereum::handle(
 			signer,
 			msg,

bitacross-worker/enclave-runtime/Cargo.toml

@@ -135,6 +135,7 @@ bc-musig2-runner = { path = "../bitacross/core/bc-musig2-runner", default-featur
 bc-relayer-registry = { path = "../bitacross/core/bc-relayer-registry", default-features = false, features = ["sgx"] }
 bc-signer-registry = { path = "../bitacross/core/bc-signer-registry", default-features = false, features = ["sgx"] }
 bc-task-sender = { path = "../bitacross/core/bc-task-sender", default-features = false, features = ["sgx"] }
+lc-direct-call = { path = "../litentry/core/direct-call", default-features = false }
 litentry-hex-utils = { path = "../../primitives/hex", default-features = false }
 litentry-macros = { path = "../../primitives/core/macros", default-features = false }
 litentry-primitives = { path = "../litentry/primitives", default-features = false, features = ["sgx"] }