From dddafd98a28a97034126f53edbb030feb87ee02b Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 8 Feb 2024 18:36:42 -0300 Subject: [PATCH 01/16] fix certificate validation --- protocols/v2/noise-sv2/src/initiator.rs | 2 +- protocols/v2/noise-sv2/src/signature_message.rs | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/protocols/v2/noise-sv2/src/initiator.rs b/protocols/v2/noise-sv2/src/initiator.rs index f3996abe2a..fd9a13ce08 100644 --- a/protocols/v2/noise-sv2/src/initiator.rs +++ b/protocols/v2/noise-sv2/src/initiator.rs @@ -226,7 +226,7 @@ impl Initiator { .0 .serialize(); let rs_pk_xonly = XOnlyPublicKey::from_slice(&rs_pub_key).unwrap(); - if signature_message.verify(&rs_pk_xonly) { + if signature_message.verify(&rs_pk_xonly, &self.pk) { let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); let c1 = ChaCha20Poly1305::new(&temp_k1.into()); let c2 = ChaCha20Poly1305::new(&temp_k2.into()); diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index cacc9a7c61..ec9e3703dc 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -24,7 +24,7 @@ impl From<[u8; 74]> for SignatureNoiseMessage { } impl SignatureNoiseMessage { - pub fn verify(self, pk: &XOnlyPublicKey) -> bool { + pub fn verify(self, pk: &XOnlyPublicKey, authority_pk: &XOnlyPublicKey) -> bool { let now = SystemTime::now() .duration_since(SystemTime::UNIX_EPOCH) .unwrap() @@ -32,11 +32,13 @@ impl SignatureNoiseMessage { if self.valid_from <= now && self.not_valid_after >= now { let secp = Secp256k1::verification_only(); let (m, s) = self.split(); - let m = Message::from_hashed_data::(&m[0..10]); + let m = [&m[0..10], &pk.serialize()].concat(); + let m = Message::from_hashed_data::(&m); let s = match Signature::from_slice(&s) { Ok(s) => s, _ => return false, }; + // secp.verify_schnorr(&s, &m, authority_pk).is_ok() secp.verify_schnorr(&s, &m, pk).is_ok() } else { false From ec0785cd342e56db3f685f9d21a4c9e37c901f1f Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 9 Feb 2024 13:03:42 -0300 Subject: [PATCH 02/16] add clarification comment for certificate verification --- protocols/v2/noise-sv2/src/signature_message.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index ec9e3703dc..a6e320b4f1 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -32,6 +32,7 @@ impl SignatureNoiseMessage { if self.valid_from <= now && self.not_valid_after >= now { let secp = Secp256k1::verification_only(); let (m, s) = self.split(); + // m = SHA-256(version || valid_from || not_valid_after || server_public_key) let m = [&m[0..10], &pk.serialize()].concat(); let m = Message::from_hashed_data::(&m); let s = match Signature::from_slice(&s) { From b5492f413ae226b1ea7b43016f825ac096de8a9c Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 9 Feb 2024 13:39:40 -0300 Subject: [PATCH 03/16] rename tp_authority_public_key variables --- protocols/v2/noise-sv2/src/initiator.rs | 6 +++--- .../pool/config-examples/pool-config-hosted-tp-example.toml | 1 + .../pool/config-examples/pool-config-local-tp-example.toml | 1 + roles/pool/src/lib/mining_pool/mod.rs | 1 + roles/pool/src/lib/template_receiver/mod.rs | 5 ++--- roles/pool/src/main.rs | 4 ++-- 6 files changed, 10 insertions(+), 8 deletions(-) diff --git a/protocols/v2/noise-sv2/src/initiator.rs b/protocols/v2/noise-sv2/src/initiator.rs index fd9a13ce08..26f3216bab 100644 --- a/protocols/v2/noise-sv2/src/initiator.rs +++ b/protocols/v2/noise-sv2/src/initiator.rs @@ -31,7 +31,7 @@ pub struct Initiator { e: Keypair, // upstream pub key #[allow(unused)] - pk: XOnlyPublicKey, + expected_responder_pk: XOnlyPublicKey, c1: Option, c2: Option, } @@ -107,7 +107,7 @@ impl Initiator { ck: [0; 32], h: [0; 32], e: Self::generate_key(), - pk, + expected_responder_pk: pk, c1: None, c2: None, }; @@ -226,7 +226,7 @@ impl Initiator { .0 .serialize(); let rs_pk_xonly = XOnlyPublicKey::from_slice(&rs_pub_key).unwrap(); - if signature_message.verify(&rs_pk_xonly, &self.pk) { + if signature_message.verify(&rs_pk_xonly, &self.expected_responder_pk) { let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); let c1 = ChaCha20Poly1305::new(&temp_k1.into()); let c2 = ChaCha20Poly1305::new(&temp_k2.into()); diff --git a/roles/pool/config-examples/pool-config-hosted-tp-example.toml b/roles/pool/config-examples/pool-config-hosted-tp-example.toml index bc0f915da4..a86c600d59 100644 --- a/roles/pool/config-examples/pool-config-hosted-tp-example.toml +++ b/roles/pool/config-examples/pool-config-hosted-tp-example.toml @@ -25,3 +25,4 @@ pool_signature = "Stratum v2 SRI Pool" #tp_address = "127.0.0.1:8442" # Hosted testnet TP tp_address = "75.119.150.111:8442" +tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" \ No newline at end of file diff --git a/roles/pool/config-examples/pool-config-local-tp-example.toml b/roles/pool/config-examples/pool-config-local-tp-example.toml index 5c94d56087..c0e2692f63 100644 --- a/roles/pool/config-examples/pool-config-local-tp-example.toml +++ b/roles/pool/config-examples/pool-config-local-tp-example.toml @@ -24,5 +24,6 @@ pool_signature = "Stratum v2 SRI Pool" # Template Provider config # Local TP (this is pointing to localhost so you must run a TP locally for this configuration to work) tp_address = "127.0.0.1:8442" +tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" # Hosted testnet TP # tp_address = "75.119.150.111:8442" diff --git a/roles/pool/src/lib/mining_pool/mod.rs b/roles/pool/src/lib/mining_pool/mod.rs index d7a6c15fb2..4aeb4bffcb 100644 --- a/roles/pool/src/lib/mining_pool/mod.rs +++ b/roles/pool/src/lib/mining_pool/mod.rs @@ -83,6 +83,7 @@ impl TryFrom<&CoinbaseOutput> for CoinbaseOutput_ { pub struct Configuration { pub listen_address: String, pub tp_address: String, + pub tp_authority_public_key: Secp256k1PublicKey, pub authority_public_key: Secp256k1PublicKey, pub authority_secret_key: Secp256k1SecretKey, pub cert_validity_sec: u64, diff --git a/roles/pool/src/lib/template_receiver/mod.rs b/roles/pool/src/lib/template_receiver/mod.rs index 5ab06c56a3..000d863a8c 100644 --- a/roles/pool/src/lib/template_receiver/mod.rs +++ b/roles/pool/src/lib/template_receiver/mod.rs @@ -43,13 +43,12 @@ impl TemplateRx { message_received_signal: Receiver<()>, status_tx: status::Sender, coinbase_out_len: u32, - authority_public_key: Secp256k1PublicKey, + expected_tp_authority_public_key: Secp256k1PublicKey, ) -> PoolResult<()> { let stream = TcpStream::connect(address).await?; info!("Connected to template distribution server at {}", address); - let pub_key: Secp256k1PublicKey = authority_public_key; - let initiator = Initiator::from_raw_k(pub_key.into_bytes())?; + let initiator = Initiator::from_raw_k(expected_tp_authority_public_key.into_bytes())?; let (mut receiver, mut sender, _, _) = Connection::new(stream, HandshakeRole::Initiator(initiator)) .await diff --git a/roles/pool/src/main.rs b/roles/pool/src/main.rs index 73280852c5..95e6278df5 100644 --- a/roles/pool/src/main.rs +++ b/roles/pool/src/main.rs @@ -115,7 +115,7 @@ async fn main() { return; } }; - let authority_public_key = config.authority_public_key; + let tp_authority_public_key = config.tp_authority_public_key.clone(); let template_rx_res = TemplateRx::connect( config.tp_address.parse().unwrap(), s_new_t, @@ -124,7 +124,7 @@ async fn main() { r_message_recv_signal, status::Sender::Upstream(status_tx.clone()), coinbase_output_len, - authority_public_key, + tp_authority_public_key, ) .await; From 095dc8729e8d637979f447fb06b6227d932a3171 Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 9 Feb 2024 13:51:58 -0300 Subject: [PATCH 04/16] fix comment --- protocols/v2/noise-sv2/src/signature_message.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index a6e320b4f1..7faf21ed97 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -32,7 +32,7 @@ impl SignatureNoiseMessage { if self.valid_from <= now && self.not_valid_after >= now { let secp = Secp256k1::verification_only(); let (m, s) = self.split(); - // m = SHA-256(version || valid_from || not_valid_after || server_public_key) + // m = SHA-256(version || valid_from || not_valid_after || server_static_key) let m = [&m[0..10], &pk.serialize()].concat(); let m = Message::from_hashed_data::(&m); let s = match Signature::from_slice(&s) { From 251baa481480ad2d355fd729648ee04b10abc957 Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 9 Feb 2024 13:55:28 -0300 Subject: [PATCH 05/16] verify certificate against authority_pk --- protocols/v2/noise-sv2/src/signature_message.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index 7faf21ed97..d58083ba95 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -39,8 +39,7 @@ impl SignatureNoiseMessage { Ok(s) => s, _ => return false, }; - // secp.verify_schnorr(&s, &m, authority_pk).is_ok() - secp.verify_schnorr(&s, &m, pk).is_ok() + secp.verify_schnorr(&s, &m, authority_pk).is_ok() } else { false } From 7f5387438c873e9f5396ca1dac02f1091bf2d873 Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 9 Feb 2024 13:57:09 -0300 Subject: [PATCH 06/16] rename responder_authority_pk --- protocols/v2/noise-sv2/src/initiator.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/protocols/v2/noise-sv2/src/initiator.rs b/protocols/v2/noise-sv2/src/initiator.rs index 26f3216bab..d7c06f6e56 100644 --- a/protocols/v2/noise-sv2/src/initiator.rs +++ b/protocols/v2/noise-sv2/src/initiator.rs @@ -31,7 +31,7 @@ pub struct Initiator { e: Keypair, // upstream pub key #[allow(unused)] - expected_responder_pk: XOnlyPublicKey, + responder_authority_pk: XOnlyPublicKey, c1: Option, c2: Option, } @@ -107,7 +107,7 @@ impl Initiator { ck: [0; 32], h: [0; 32], e: Self::generate_key(), - expected_responder_pk: pk, + responder_authority_pk: pk, c1: None, c2: None, }; @@ -226,7 +226,7 @@ impl Initiator { .0 .serialize(); let rs_pk_xonly = XOnlyPublicKey::from_slice(&rs_pub_key).unwrap(); - if signature_message.verify(&rs_pk_xonly, &self.expected_responder_pk) { + if signature_message.verify(&rs_pk_xonly, &self.responder_authority_pk) { let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); let c1 = ChaCha20Poly1305::new(&temp_k1.into()); let c2 = ChaCha20Poly1305::new(&temp_k2.into()); From 559b789aceab8b50e9722f74ccbfd062f201b911 Mon Sep 17 00:00:00 2001 From: plebhash Date: Sat, 10 Feb 2024 12:40:29 -0300 Subject: [PATCH 07/16] fix jd-client for new TP authority certificate validation --- protocols/v2/noise-sv2/src/responder.rs | 10 +++++++--- protocols/v2/noise-sv2/src/signature_message.rs | 5 +++-- .../config-examples/jdc-config-hosted-example.toml | 2 +- .../config-examples/jdc-config-local-example.toml | 2 +- roles/jd-client/src/lib/proxy_config.rs | 2 +- roles/jd-client/src/main.rs | 4 ++-- 6 files changed, 15 insertions(+), 10 deletions(-) diff --git a/protocols/v2/noise-sv2/src/responder.rs b/protocols/v2/noise-sv2/src/responder.rs index 15ebe190b2..f5a3ddcc2c 100644 --- a/protocols/v2/noise-sv2/src/responder.rs +++ b/protocols/v2/noise-sv2/src/responder.rs @@ -29,6 +29,8 @@ pub struct Responder { e: Keypair, // Static pub keypair s: Keypair, + // Authority pub keypair + a: Keypair, c1: Option, c2: Option, cert_validity: u32, @@ -107,7 +109,7 @@ impl Responder { } } - pub fn new(s: Keypair, cert_validity: u32) -> Box { + pub fn new(a: Keypair, cert_validity: u32) -> Box { let mut self_ = Self { handshake_cipher: None, k: None, @@ -115,7 +117,8 @@ impl Responder { ck: [0; 32], h: [0; 32], e: Self::generate_key(), - s, + s: Self::generate_key(), + a, c1: None, c2: None, cert_validity, @@ -270,7 +273,7 @@ impl Responder { ret[7] = not_valid_after[1]; ret[8] = not_valid_after[2]; ret[9] = not_valid_after[3]; - SignatureNoiseMessage::sign(&mut ret, &self.s); + SignatureNoiseMessage::sign(&mut ret, &self.s.x_only_public_key().0, &self.a); ret } @@ -294,6 +297,7 @@ impl Responder { } self.e.non_secure_erase(); self.s.non_secure_erase(); + self.a.non_secure_erase(); } } diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index d58083ba95..23393eab2c 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -44,9 +44,10 @@ impl SignatureNoiseMessage { false } } - pub fn sign(msg: &mut [u8; 74], kp: &Keypair) { + pub fn sign(msg: &mut [u8; 74], static_pk: &XOnlyPublicKey, kp: &Keypair) { let secp = Secp256k1::signing_only(); - let m = Message::from_hashed_data::(&msg[0..10]); + let m = [&msg[0..10], &static_pk.serialize()].concat(); + let m = Message::from_hashed_data::(&m); let signature = secp.sign_schnorr(&m, kp); for (i, b) in signature.as_ref().iter().enumerate() { msg[10 + i] = *b; diff --git a/roles/jd-client/config-examples/jdc-config-hosted-example.toml b/roles/jd-client/config-examples/jdc-config-hosted-example.toml index be04e74a45..e2bebaa44e 100644 --- a/roles/jd-client/config-examples/jdc-config-hosted-example.toml +++ b/roles/jd-client/config-examples/jdc-config-hosted-example.toml @@ -28,7 +28,7 @@ retry = 10 # tp_address = "127.0.0.1:8442" # Hosted testnet TP tp_address = "75.119.150.111:8442" -tp_authority_pub_key = "9auqWEzQDVyd2oe1JVGFLMLHZtCo2FFqZwtKA5gd9xbuEu7PH72" +tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" # Solo Mining config # List of coinbase outputs used to build the coinbase tx in case of Solo Mining (as last-resort solution of the pools fallback system) diff --git a/roles/jd-client/config-examples/jdc-config-local-example.toml b/roles/jd-client/config-examples/jdc-config-local-example.toml index 06c878514f..6308a831cd 100644 --- a/roles/jd-client/config-examples/jdc-config-local-example.toml +++ b/roles/jd-client/config-examples/jdc-config-local-example.toml @@ -28,7 +28,7 @@ retry = 10 tp_address = "127.0.0.1:8442" # Hosted testnet TP # tp_address = "75.119.150.111:8442" -tp_authority_pub_key = "9auqWEzQDVyd2oe1JVGFLMLHZtCo2FFqZwtKA5gd9xbuEu7PH72" +tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" # Solo Mining config # List of coinbase outputs used to build the coinbase tx in case of Solo Mining (as last-resort solution of the pools fallback system) diff --git a/roles/jd-client/src/lib/proxy_config.rs b/roles/jd-client/src/lib/proxy_config.rs index ec456b1a2a..ac15d1cb55 100644 --- a/roles/jd-client/src/lib/proxy_config.rs +++ b/roles/jd-client/src/lib/proxy_config.rs @@ -36,7 +36,7 @@ pub struct ProxyConfig { pub authority_secret_key: Secp256k1SecretKey, pub cert_validity_sec: u64, pub tp_address: String, - pub tp_authority_pub_key: Secp256k1PublicKey, + pub tp_authority_public_key: Secp256k1PublicKey, pub retry: u32, pub upstreams: Vec, #[serde(deserialize_with = "duration_from_toml")] diff --git a/roles/jd-client/src/main.rs b/roles/jd-client/src/main.rs index 9a6ba2dbe8..ac246987ed 100644 --- a/roles/jd-client/src/main.rs +++ b/roles/jd-client/src/main.rs @@ -249,7 +249,7 @@ async fn initialize_jd_as_solo_miner( task_collector, Arc::new(Mutex::new(PoolChangerTrigger::new(timeout))), miner_tx_out.clone(), - proxy_config.tp_authority_pub_key, + proxy_config.tp_authority_public_key, false, ) .await; @@ -384,7 +384,7 @@ async fn initialize_jd( task_collector, Arc::new(Mutex::new(PoolChangerTrigger::new(timeout))), vec![], - proxy_config.tp_authority_pub_key, + proxy_config.tp_authority_public_key, test_only_do_not_send_solution_to_tp, ) .await; From 570d827b52d6041249c00622de2ceea1cd478c1c Mon Sep 17 00:00:00 2001 From: plebhash Date: Tue, 13 Feb 2024 12:00:33 -0300 Subject: [PATCH 08/16] add comments for TP authority key --- .../jd-client/config-examples/jdc-config-local-example.toml | 5 ++++- roles/pool/config-examples/pool-config-local-tp-example.toml | 4 +++- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/roles/jd-client/config-examples/jdc-config-local-example.toml b/roles/jd-client/config-examples/jdc-config-local-example.toml index 6308a831cd..57d6f06a1c 100644 --- a/roles/jd-client/config-examples/jdc-config-local-example.toml +++ b/roles/jd-client/config-examples/jdc-config-local-example.toml @@ -28,7 +28,10 @@ retry = 10 tp_address = "127.0.0.1:8442" # Hosted testnet TP # tp_address = "75.119.150.111:8442" -tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" + +# You'll need to get tp_authority_public_key from the logs of your TP, for example: +# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd +tp_authority_public_key = "" # Solo Mining config # List of coinbase outputs used to build the coinbase tx in case of Solo Mining (as last-resort solution of the pools fallback system) diff --git a/roles/pool/config-examples/pool-config-local-tp-example.toml b/roles/pool/config-examples/pool-config-local-tp-example.toml index c0e2692f63..0b3b05126e 100644 --- a/roles/pool/config-examples/pool-config-local-tp-example.toml +++ b/roles/pool/config-examples/pool-config-local-tp-example.toml @@ -24,6 +24,8 @@ pool_signature = "Stratum v2 SRI Pool" # Template Provider config # Local TP (this is pointing to localhost so you must run a TP locally for this configuration to work) tp_address = "127.0.0.1:8442" -tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" +# You'll need to get tp_authority_public_key from the logs of your TP, for example: +# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd +tp_authority_public_key = "" # Hosted testnet TP # tp_address = "75.119.150.111:8442" From bb1a1c2733ab56101904b6930cdb2657588117d6 Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 15 Feb 2024 15:54:56 -0300 Subject: [PATCH 09/16] add tp_authority_public_key to test configs --- test/config/pool-mock-tp-bad-coinbase.toml | 1 + test/config/pool-mock-tp-bad-config.toml | 1 + test/config/pool-mock-tp.toml | 1 + 3 files changed, 3 insertions(+) diff --git a/test/config/pool-mock-tp-bad-coinbase.toml b/test/config/pool-mock-tp-bad-coinbase.toml index 36c6b466b1..cd88b02380 100644 --- a/test/config/pool-mock-tp-bad-coinbase.toml +++ b/test/config/pool-mock-tp-bad-coinbase.toml @@ -13,3 +13,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" +tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" diff --git a/test/config/pool-mock-tp-bad-config.toml b/test/config/pool-mock-tp-bad-config.toml index d0dd8694ab..535c209e4b 100644 --- a/test/config/pool-mock-tp-bad-config.toml +++ b/test/config/pool-mock-tp-bad-config.toml @@ -22,3 +22,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" +tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" \ No newline at end of file diff --git a/test/config/pool-mock-tp.toml b/test/config/pool-mock-tp.toml index 252d0637a6..99d7f25e15 100644 --- a/test/config/pool-mock-tp.toml +++ b/test/config/pool-mock-tp.toml @@ -13,3 +13,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" +tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" From 310d4e4592d15506f8abc6d101383760c149c826 Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 15 Feb 2024 15:59:28 -0300 Subject: [PATCH 10/16] clippy --- roles/pool/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/pool/src/main.rs b/roles/pool/src/main.rs index 95e6278df5..169243c235 100644 --- a/roles/pool/src/main.rs +++ b/roles/pool/src/main.rs @@ -115,7 +115,7 @@ async fn main() { return; } }; - let tp_authority_public_key = config.tp_authority_public_key.clone(); + let tp_authority_public_key = config.tp_authority_public_key; let template_rx_res = TemplateRx::connect( config.tp_address.parse().unwrap(), s_new_t, From ef75b40c17fdfb221062ed2eb32ff938b99d7a30 Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 15 Feb 2024 16:17:17 -0300 Subject: [PATCH 11/16] change tp_authority_public_key for tests --- test/config/pool-mock-tp-bad-coinbase.toml | 2 +- test/config/pool-mock-tp-bad-config.toml | 2 +- test/config/pool-mock-tp.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/test/config/pool-mock-tp-bad-coinbase.toml b/test/config/pool-mock-tp-bad-coinbase.toml index cd88b02380..c3a3a20ef3 100644 --- a/test/config/pool-mock-tp-bad-coinbase.toml +++ b/test/config/pool-mock-tp-bad-coinbase.toml @@ -13,4 +13,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" +tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" diff --git a/test/config/pool-mock-tp-bad-config.toml b/test/config/pool-mock-tp-bad-config.toml index 535c209e4b..9717daec46 100644 --- a/test/config/pool-mock-tp-bad-config.toml +++ b/test/config/pool-mock-tp-bad-config.toml @@ -22,4 +22,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" \ No newline at end of file +tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" \ No newline at end of file diff --git a/test/config/pool-mock-tp.toml b/test/config/pool-mock-tp.toml index 99d7f25e15..e2d1c13369 100644 --- a/test/config/pool-mock-tp.toml +++ b/test/config/pool-mock-tp.toml @@ -13,4 +13,4 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "3VANfft6ei6jQq1At7d8nmiZzVhBFS4CiQujdgim1ign" +tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" From b654473e98a5d73c0401af5d56a0e438004c98ed Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 15 Feb 2024 17:54:28 -0300 Subject: [PATCH 12/16] allow null tp_authority_public_key --- protocols/v2/noise-sv2/src/initiator.rs | 70 +++++++++++++------ protocols/v2/noise-sv2/src/test.rs | 2 +- .../jdc-config-local-example.toml | 2 +- roles/jd-client/src/lib/proxy_config.rs | 2 +- .../src/lib/template_receiver/mod.rs | 9 ++- .../pool-config-local-tp-example.toml | 2 +- roles/pool/src/lib/mining_pool/mod.rs | 2 +- roles/pool/src/lib/template_receiver/mod.rs | 9 ++- 8 files changed, 66 insertions(+), 32 deletions(-) diff --git a/protocols/v2/noise-sv2/src/initiator.rs b/protocols/v2/noise-sv2/src/initiator.rs index d7c06f6e56..11d4b1b767 100644 --- a/protocols/v2/noise-sv2/src/initiator.rs +++ b/protocols/v2/noise-sv2/src/initiator.rs @@ -31,7 +31,7 @@ pub struct Initiator { e: Keypair, // upstream pub key #[allow(unused)] - responder_authority_pk: XOnlyPublicKey, + responder_authority_pk: Option, c1: Option, c2: Option, } @@ -96,10 +96,14 @@ impl Initiator { pub fn from_raw_k(key: [u8; 32]) -> Result, Error> { let pk = secp256k1::XOnlyPublicKey::from_slice(&key).map_err(|_| Error::InvalidRawPublicKey)?; - Ok(Self::new(pk)) + Ok(Self::new(Some(pk))) } - pub fn new(pk: XOnlyPublicKey) -> Box { + pub fn without_pk() -> Result, Error> { + Ok(Self::new(None)) + } + + pub fn new(pk: Option) -> Box { let mut self_ = Self { handshake_cipher: None, k: None, @@ -226,25 +230,47 @@ impl Initiator { .0 .serialize(); let rs_pk_xonly = XOnlyPublicKey::from_slice(&rs_pub_key).unwrap(); - if signature_message.verify(&rs_pk_xonly, &self.responder_authority_pk) { - let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); - let c1 = ChaCha20Poly1305::new(&temp_k1.into()); - let c2 = ChaCha20Poly1305::new(&temp_k2.into()); - let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); - let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); - self.c1 = None; - self.c2 = None; - let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); - let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); - encryptor.erase_k(); - decryptor.erase_k(); - let codec = crate::NoiseCodec { - encryptor, - decryptor, - }; - Ok(codec) - } else { - Err(Error::InvalidCertificate(plaintext)) + match &self.responder_authority_pk { + Some(responder_authority_pk) => { + if signature_message.verify(&rs_pk_xonly, responder_authority_pk) { + let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); + let c1 = ChaCha20Poly1305::new(&temp_k1.into()); + let c2 = ChaCha20Poly1305::new(&temp_k2.into()); + let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); + let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); + self.c1 = None; + self.c2 = None; + let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); + let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); + encryptor.erase_k(); + decryptor.erase_k(); + let codec = crate::NoiseCodec { + encryptor, + decryptor, + }; + Ok(codec) + } else { + Err(Error::InvalidCertificate(plaintext)) + } + } + None => { + let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); + let c1 = ChaCha20Poly1305::new(&temp_k1.into()); + let c2 = ChaCha20Poly1305::new(&temp_k2.into()); + let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); + let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); + self.c1 = None; + self.c2 = None; + let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); + let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); + encryptor.erase_k(); + decryptor.erase_k(); + let codec = crate::NoiseCodec { + encryptor, + decryptor, + }; + Ok(codec) + } } } diff --git a/protocols/v2/noise-sv2/src/test.rs b/protocols/v2/noise-sv2/src/test.rs index d6925f0a31..3c287fc6a0 100644 --- a/protocols/v2/noise-sv2/src/test.rs +++ b/protocols/v2/noise-sv2/src/test.rs @@ -4,7 +4,7 @@ use crate::{handshake::HandshakeOp, initiator::Initiator, responder::Responder}; fn test_1() { let key_pair = Responder::generate_key(); - let mut initiator = Initiator::new(key_pair.public_key().into()); + let mut initiator = Initiator::new(Some(key_pair.public_key().into())); let mut responder = Responder::new(key_pair, 31449600); let first_message = initiator.step_0().unwrap(); let (second_message, mut codec_responder) = responder.step_1(first_message).unwrap(); diff --git a/roles/jd-client/config-examples/jdc-config-local-example.toml b/roles/jd-client/config-examples/jdc-config-local-example.toml index 57d6f06a1c..00342c0047 100644 --- a/roles/jd-client/config-examples/jdc-config-local-example.toml +++ b/roles/jd-client/config-examples/jdc-config-local-example.toml @@ -31,7 +31,7 @@ tp_address = "127.0.0.1:8442" # You'll need to get tp_authority_public_key from the logs of your TP, for example: # 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd -tp_authority_public_key = "" +# tp_authority_public_key = "" # Solo Mining config # List of coinbase outputs used to build the coinbase tx in case of Solo Mining (as last-resort solution of the pools fallback system) diff --git a/roles/jd-client/src/lib/proxy_config.rs b/roles/jd-client/src/lib/proxy_config.rs index ac15d1cb55..89c97a7beb 100644 --- a/roles/jd-client/src/lib/proxy_config.rs +++ b/roles/jd-client/src/lib/proxy_config.rs @@ -36,7 +36,7 @@ pub struct ProxyConfig { pub authority_secret_key: Secp256k1SecretKey, pub cert_validity_sec: u64, pub tp_address: String, - pub tp_authority_public_key: Secp256k1PublicKey, + pub tp_authority_public_key: Option, pub retry: u32, pub upstreams: Vec, #[serde(deserialize_with = "duration_from_toml")] diff --git a/roles/jd-client/src/lib/template_receiver/mod.rs b/roles/jd-client/src/lib/template_receiver/mod.rs index aad2f1ac37..93e299b0c9 100644 --- a/roles/jd-client/src/lib/template_receiver/mod.rs +++ b/roles/jd-client/src/lib/template_receiver/mod.rs @@ -53,7 +53,7 @@ impl TemplateRx { task_collector: Arc>>, pool_chaneger_trigger: Arc>, miner_coinbase_outputs: Vec, - authority_public_key: Secp256k1PublicKey, + authority_public_key: Option, test_only_do_not_send_solution_to_tp: bool, ) { let mut encoded_outputs = vec![]; @@ -62,8 +62,11 @@ impl TemplateRx { .expect("Invalid coinbase output in config"); let stream = tokio::net::TcpStream::connect(address).await.unwrap(); - let pub_key: Secp256k1PublicKey = authority_public_key; - let initiator = Initiator::from_raw_k(pub_key.into_bytes()).unwrap(); + let initiator = match authority_public_key { + Some(pub_key) => Initiator::from_raw_k(pub_key.into_bytes()), + None => Initiator::without_pk(), + } + .unwrap(); let (mut receiver, mut sender, _, _) = Connection::new(stream, HandshakeRole::Initiator(initiator)) .await diff --git a/roles/pool/config-examples/pool-config-local-tp-example.toml b/roles/pool/config-examples/pool-config-local-tp-example.toml index 0b3b05126e..f1ca9f901f 100644 --- a/roles/pool/config-examples/pool-config-local-tp-example.toml +++ b/roles/pool/config-examples/pool-config-local-tp-example.toml @@ -26,6 +26,6 @@ pool_signature = "Stratum v2 SRI Pool" tp_address = "127.0.0.1:8442" # You'll need to get tp_authority_public_key from the logs of your TP, for example: # 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd -tp_authority_public_key = "" +# tp_authority_public_key = "" # Hosted testnet TP # tp_address = "75.119.150.111:8442" diff --git a/roles/pool/src/lib/mining_pool/mod.rs b/roles/pool/src/lib/mining_pool/mod.rs index 4aeb4bffcb..86c85e80aa 100644 --- a/roles/pool/src/lib/mining_pool/mod.rs +++ b/roles/pool/src/lib/mining_pool/mod.rs @@ -83,7 +83,7 @@ impl TryFrom<&CoinbaseOutput> for CoinbaseOutput_ { pub struct Configuration { pub listen_address: String, pub tp_address: String, - pub tp_authority_public_key: Secp256k1PublicKey, + pub tp_authority_public_key: Option, pub authority_public_key: Secp256k1PublicKey, pub authority_secret_key: Secp256k1SecretKey, pub cert_validity_sec: u64, diff --git a/roles/pool/src/lib/template_receiver/mod.rs b/roles/pool/src/lib/template_receiver/mod.rs index 000d863a8c..a996852a86 100644 --- a/roles/pool/src/lib/template_receiver/mod.rs +++ b/roles/pool/src/lib/template_receiver/mod.rs @@ -43,12 +43,17 @@ impl TemplateRx { message_received_signal: Receiver<()>, status_tx: status::Sender, coinbase_out_len: u32, - expected_tp_authority_public_key: Secp256k1PublicKey, + expected_tp_authority_public_key: Option, ) -> PoolResult<()> { let stream = TcpStream::connect(address).await?; info!("Connected to template distribution server at {}", address); - let initiator = Initiator::from_raw_k(expected_tp_authority_public_key.into_bytes())?; + let initiator = match expected_tp_authority_public_key { + Some(expected_tp_authority_public_key) => { + Initiator::from_raw_k(expected_tp_authority_public_key.into_bytes()) + } + None => Initiator::without_pk(), + }?; let (mut receiver, mut sender, _, _) = Connection::new(stream, HandshakeRole::Initiator(initiator)) .await From f61cc950f8f40851858fa780c545790101fc82c1 Mon Sep 17 00:00:00 2001 From: plebhash Date: Thu, 15 Feb 2024 18:33:59 -0300 Subject: [PATCH 13/16] remove tp_authority_public_key from test configs --- test/config/pool-mock-tp-bad-coinbase.toml | 1 - test/config/pool-mock-tp-bad-config.toml | 1 - test/config/pool-mock-tp.toml | 1 - 3 files changed, 3 deletions(-) diff --git a/test/config/pool-mock-tp-bad-coinbase.toml b/test/config/pool-mock-tp-bad-coinbase.toml index c3a3a20ef3..36c6b466b1 100644 --- a/test/config/pool-mock-tp-bad-coinbase.toml +++ b/test/config/pool-mock-tp-bad-coinbase.toml @@ -13,4 +13,3 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" diff --git a/test/config/pool-mock-tp-bad-config.toml b/test/config/pool-mock-tp-bad-config.toml index 9717daec46..d0dd8694ab 100644 --- a/test/config/pool-mock-tp-bad-config.toml +++ b/test/config/pool-mock-tp-bad-config.toml @@ -22,4 +22,3 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" \ No newline at end of file diff --git a/test/config/pool-mock-tp.toml b/test/config/pool-mock-tp.toml index e2d1c13369..252d0637a6 100644 --- a/test/config/pool-mock-tp.toml +++ b/test/config/pool-mock-tp.toml @@ -13,4 +13,3 @@ coinbase_outputs = [ ] # Pool signature (string to be included in coinbase tx) pool_signature = "Stratum v2 SRI Pool" -tp_authority_public_key = "EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd" From e3712be384dd41659c57bf701551f0b873a38e3f Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 16 Feb 2024 08:37:41 -0300 Subject: [PATCH 14/16] move match inside verify --- protocols/v2/noise-sv2/src/initiator.rs | 60 ++++++------------- .../v2/noise-sv2/src/signature_message.rs | 41 +++++++------ 2 files changed, 42 insertions(+), 59 deletions(-) diff --git a/protocols/v2/noise-sv2/src/initiator.rs b/protocols/v2/noise-sv2/src/initiator.rs index 11d4b1b767..d789aef201 100644 --- a/protocols/v2/noise-sv2/src/initiator.rs +++ b/protocols/v2/noise-sv2/src/initiator.rs @@ -230,47 +230,25 @@ impl Initiator { .0 .serialize(); let rs_pk_xonly = XOnlyPublicKey::from_slice(&rs_pub_key).unwrap(); - match &self.responder_authority_pk { - Some(responder_authority_pk) => { - if signature_message.verify(&rs_pk_xonly, responder_authority_pk) { - let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); - let c1 = ChaCha20Poly1305::new(&temp_k1.into()); - let c2 = ChaCha20Poly1305::new(&temp_k2.into()); - let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); - let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); - self.c1 = None; - self.c2 = None; - let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); - let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); - encryptor.erase_k(); - decryptor.erase_k(); - let codec = crate::NoiseCodec { - encryptor, - decryptor, - }; - Ok(codec) - } else { - Err(Error::InvalidCertificate(plaintext)) - } - } - None => { - let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); - let c1 = ChaCha20Poly1305::new(&temp_k1.into()); - let c2 = ChaCha20Poly1305::new(&temp_k2.into()); - let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); - let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); - self.c1 = None; - self.c2 = None; - let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); - let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); - encryptor.erase_k(); - decryptor.erase_k(); - let codec = crate::NoiseCodec { - encryptor, - decryptor, - }; - Ok(codec) - } + if signature_message.verify(&rs_pk_xonly, &self.responder_authority_pk) { + let (temp_k1, temp_k2) = Self::hkdf_2(self.get_ck(), &[]); + let c1 = ChaCha20Poly1305::new(&temp_k1.into()); + let c2 = ChaCha20Poly1305::new(&temp_k2.into()); + let c1: Cipher = Cipher::from_key_and_cipher(temp_k1, c1); + let c2: Cipher = Cipher::from_key_and_cipher(temp_k2, c2); + self.c1 = None; + self.c2 = None; + let mut encryptor = GenericCipher::ChaCha20Poly1305(c1); + let mut decryptor = GenericCipher::ChaCha20Poly1305(c2); + encryptor.erase_k(); + decryptor.erase_k(); + let codec = crate::NoiseCodec { + encryptor, + decryptor, + }; + Ok(codec) + } else { + Err(Error::InvalidCertificate(plaintext)) } } diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index 23393eab2c..5cd96db5e6 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -24,24 +24,29 @@ impl From<[u8; 74]> for SignatureNoiseMessage { } impl SignatureNoiseMessage { - pub fn verify(self, pk: &XOnlyPublicKey, authority_pk: &XOnlyPublicKey) -> bool { - let now = SystemTime::now() - .duration_since(SystemTime::UNIX_EPOCH) - .unwrap() - .as_secs() as u32; - if self.valid_from <= now && self.not_valid_after >= now { - let secp = Secp256k1::verification_only(); - let (m, s) = self.split(); - // m = SHA-256(version || valid_from || not_valid_after || server_static_key) - let m = [&m[0..10], &pk.serialize()].concat(); - let m = Message::from_hashed_data::(&m); - let s = match Signature::from_slice(&s) { - Ok(s) => s, - _ => return false, - }; - secp.verify_schnorr(&s, &m, authority_pk).is_ok() - } else { - false + pub fn verify(self, pk: &XOnlyPublicKey, authority_pk: &Option) -> bool { + match authority_pk { + Some(authority_pk) => { + let now = SystemTime::now() + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap() + .as_secs() as u32; + if self.valid_from <= now && self.not_valid_after >= now { + let secp = Secp256k1::verification_only(); + let (m, s) = self.split(); + // m = SHA-256(version || valid_from || not_valid_after || server_static_key) + let m = [&m[0..10], &pk.serialize()].concat(); + let m = Message::from_hashed_data::(&m); + let s = match Signature::from_slice(&s) { + Ok(s) => s, + _ => return false, + }; + secp.verify_schnorr(&s, &m, authority_pk).is_ok() + } else { + false + } + } + None => true, } } pub fn sign(msg: &mut [u8; 74], static_pk: &XOnlyPublicKey, kp: &Keypair) { From a1cf7b324e8a4212a6c6c193ef552adcee7521c6 Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 16 Feb 2024 10:18:22 -0300 Subject: [PATCH 15/16] improve comments around tp_authority_public_key --- roles/jd-client/README.md | 8 ++++++-- .../config-examples/jdc-config-local-example.toml | 4 ---- roles/pool/README.md | 4 ++++ .../config-examples/pool-config-local-tp-example.toml | 5 ----- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/roles/jd-client/README.md b/roles/jd-client/README.md index fea7878263..efc5d8d2a1 100644 --- a/roles/jd-client/README.md +++ b/roles/jd-client/README.md @@ -17,8 +17,12 @@ The configuration file contains the following information: 1. The Upstream connection information which includes the SV2 Pool authority public key (`upstream_authority_pubkey`) and the SV2 Pool connection address (`upstream_address`) and port (`upstream_port`). -1. The maximum and minimum SV2 versions (`max_supported_version` and `min_supported_version`) -1. The Job Declarator information which includes the Pool JD connection address (`jd_address`) and the Template Provider connection address to which to connect (`tp_address`). +2. The maximum and minimum SV2 versions (`max_supported_version` and `min_supported_version`) +3. The Job Declarator information which includes the Pool JD connection address (`jd_address`) and the Template Provider connection address to which to connect (`tp_address`). +4. Optionally, you may want to verify that your TP connection is authentic. You may get `tp_authority_public_key` from the logs of your TP, for example: +``` +# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd +``` ### Run 1. Copy the `jdc-config-example.toml` into `conf/` directory. diff --git a/roles/jd-client/config-examples/jdc-config-local-example.toml b/roles/jd-client/config-examples/jdc-config-local-example.toml index 00342c0047..66f19bcb04 100644 --- a/roles/jd-client/config-examples/jdc-config-local-example.toml +++ b/roles/jd-client/config-examples/jdc-config-local-example.toml @@ -29,10 +29,6 @@ tp_address = "127.0.0.1:8442" # Hosted testnet TP # tp_address = "75.119.150.111:8442" -# You'll need to get tp_authority_public_key from the logs of your TP, for example: -# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd -# tp_authority_public_key = "" - # Solo Mining config # List of coinbase outputs used to build the coinbase tx in case of Solo Mining (as last-resort solution of the pools fallback system) # ! Put your Extended Public Key or Script as output_script_value ! diff --git a/roles/pool/README.md b/roles/pool/README.md index 359020f0eb..5d7bd5b507 100644 --- a/roles/pool/README.md +++ b/roles/pool/README.md @@ -27,6 +27,10 @@ The configuration file contains the following information: 1. The SRI Pool information which includes the SRI Pool authority public key (`authority_pubkey`), the SRI Pool authority secret key (`authority_secret_key`), along with its certificate validity (`cert_validity_sec`). In addition to this, it contains the address which it will use to listen to new connection from downstream roles (`listen_address`) and the list of uncompressed pubkeys for coinbase payout (`coinbase_outputs`). 2. The SRI Pool Job Negatiator information which includes the Template Provider address (`tp_address`) and the address it uses to listen new request from the downstream JDs (`jd_address`). +3. Optionally, you may want to verify that your TP connection is authentic. You may get `tp_authority_public_key` from the logs of your TP, for example: +``` +# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd +``` ### Run 1. Copy the `pool-config-example.toml` into `conf/` directory. diff --git a/roles/pool/config-examples/pool-config-local-tp-example.toml b/roles/pool/config-examples/pool-config-local-tp-example.toml index f1ca9f901f..016c372f59 100644 --- a/roles/pool/config-examples/pool-config-local-tp-example.toml +++ b/roles/pool/config-examples/pool-config-local-tp-example.toml @@ -24,8 +24,3 @@ pool_signature = "Stratum v2 SRI Pool" # Template Provider config # Local TP (this is pointing to localhost so you must run a TP locally for this configuration to work) tp_address = "127.0.0.1:8442" -# You'll need to get tp_authority_public_key from the logs of your TP, for example: -# 2024-02-13T14:59:24Z Template Provider authority key: EguTM8URcZDQVeEBsM4B5vg9weqEUnufA8pm85fG4bZd -# tp_authority_public_key = "" -# Hosted testnet TP -# tp_address = "75.119.150.111:8442" From b4a4387f647831f57ac8f75ce8ebdd8c8d46983a Mon Sep 17 00:00:00 2001 From: plebhash Date: Fri, 16 Feb 2024 12:41:52 -0300 Subject: [PATCH 16/16] replace match with if let --- .../v2/noise-sv2/src/signature_message.rs | 41 +++++++++---------- 1 file changed, 20 insertions(+), 21 deletions(-) diff --git a/protocols/v2/noise-sv2/src/signature_message.rs b/protocols/v2/noise-sv2/src/signature_message.rs index 5cd96db5e6..827199bed9 100644 --- a/protocols/v2/noise-sv2/src/signature_message.rs +++ b/protocols/v2/noise-sv2/src/signature_message.rs @@ -25,28 +25,27 @@ impl From<[u8; 74]> for SignatureNoiseMessage { impl SignatureNoiseMessage { pub fn verify(self, pk: &XOnlyPublicKey, authority_pk: &Option) -> bool { - match authority_pk { - Some(authority_pk) => { - let now = SystemTime::now() - .duration_since(SystemTime::UNIX_EPOCH) - .unwrap() - .as_secs() as u32; - if self.valid_from <= now && self.not_valid_after >= now { - let secp = Secp256k1::verification_only(); - let (m, s) = self.split(); - // m = SHA-256(version || valid_from || not_valid_after || server_static_key) - let m = [&m[0..10], &pk.serialize()].concat(); - let m = Message::from_hashed_data::(&m); - let s = match Signature::from_slice(&s) { - Ok(s) => s, - _ => return false, - }; - secp.verify_schnorr(&s, &m, authority_pk).is_ok() - } else { - false - } + if let Some(authority_pk) = authority_pk { + let now = SystemTime::now() + .duration_since(SystemTime::UNIX_EPOCH) + .unwrap() + .as_secs() as u32; + if self.valid_from <= now && self.not_valid_after >= now { + let secp = Secp256k1::verification_only(); + let (m, s) = self.split(); + // m = SHA-256(version || valid_from || not_valid_after || server_static_key) + let m = [&m[0..10], &pk.serialize()].concat(); + let m = Message::from_hashed_data::(&m); + let s = match Signature::from_slice(&s) { + Ok(s) => s, + _ => return false, + }; + secp.verify_schnorr(&s, &m, authority_pk).is_ok() + } else { + false } - None => true, + } else { + true } } pub fn sign(msg: &mut [u8; 74], static_pk: &XOnlyPublicKey, kp: &Keypair) {