Merge pull request oasisprotocol#2148 from oasisprotocol/kostko/feature/rofl-kd-scopes

runtime-sdk/modules/rofl: Add key scope in rofl.DeriveKey

Author: kostko

Cargo.lock

@@ -1,6 +1,6 @@
 [package]
 name = "oasis-runtime-sdk"
-version = "0.10.0"
+version = "0.10.1"
 authors = ["Oasis Protocol Foundation <info@oasisprotocol.org>"]
 edition = "2021"
 license = "Apache-2.0"

contract-sdk/specs/access/oas173/Cargo.lock

@@ -71,6 +71,8 @@ impl Default for SubmitTxOpts {
 pub struct DeriveKeyRequest {
     /// Key kind.
     pub kind: modules::rofl::types::KeyKind,
+    /// Key scope.
+    pub scope: modules::rofl::types::KeyScope,
     /// Key generation.
     pub generation: u64,
     /// Key identifier.
@@ -198,6 +200,7 @@ where
             modules::rofl::types::DeriveKey {
                 app: A::id(),
                 kind: request.kind,
+                scope: request.scope,
                 generation: request.generation,
                 key_id: request.key_id,
             },

contract-sdk/specs/token/oas20/Cargo.lock

@@ -1,5 +1,5 @@
 //! On-chain coordination for ROFL components.
-use std::collections::BTreeSet;
+use std::collections::{BTreeMap, BTreeSet};
 
 use once_cell::sync::Lazy;
 
@@ -217,9 +217,16 @@ impl<Cfg: Config> Module<Cfg> {
         )?;
 
         // Generate the secret encryption (public) key.
-        let sek = Self::derive_app_key(ctx, &app_id, types::KeyKind::X25519, ROFL_KEY_ID_SEK)?
-            .input_keypair
-            .pk;
+        let sek = Self::derive_app_key(
+            ctx,
+            &app_id,
+            types::KeyKind::X25519,
+            types::KeyScope::Global,
+            ROFL_KEY_ID_SEK,
+            None,
+        )?
+        .input_keypair
+        .pk;
 
         // Register the application.
         let cfg = types::AppConfig {
@@ -263,9 +270,16 @@ impl<Cfg: Config> Module<Cfg> {
 
         // If there is no SEK defined, regenerate it.
         if cfg.sek == Default::default() {
-            cfg.sek = Self::derive_app_key(ctx, &body.id, types::KeyKind::X25519, ROFL_KEY_ID_SEK)?
-                .input_keypair
-                .pk;
+            cfg.sek = Self::derive_app_key(
+                ctx,
+                &body.id,
+                types::KeyKind::X25519,
+                types::KeyScope::Global,
+                ROFL_KEY_ID_SEK,
+                None,
+            )?
+            .input_keypair
+            .pk;
         }
 
         cfg.policy = body.policy;
@@ -403,17 +417,27 @@ impl<Cfg: Config> Module<Cfg> {
             return Err(Error::InvalidArgument);
         }
 
+        // Disallow invocation from subcalls.
+        if CurrentState::with_env(|env| env.is_internal()) {
+            return Err(Error::Forbidden);
+        }
+
         if CurrentState::with_env(|env| env.is_check_only()) {
             return Ok(Default::default());
         }
 
         // Ensure caller is an authorized instance of the given application.
-        if !Self::is_authorized_origin(body.app) {
-            return Err(Error::Forbidden);
-        }
+        let reg = Self::get_origin_registration(body.app).ok_or(Error::Forbidden)?;
 
         // Derive application key.
-        let key = Self::derive_app_key(ctx, &body.app, body.kind, &body.key_id)?;
+        let key = Self::derive_app_key(
+            ctx,
+            &body.app,
+            body.kind,
+            body.scope,
+            &body.key_id,
+            Some(reg),
+        )?;
         let key = match body.kind {
             types::KeyKind::EntropyV0 => key.state_key.0.into(),
             types::KeyKind::X25519 => key.input_keypair.sk.as_ref().into(),
@@ -422,18 +446,75 @@ impl<Cfg: Config> Module<Cfg> {
         Ok(types::DeriveKeyResponse { key })
     }
 
+    fn derive_app_key_id(
+        app: &app_id::AppId,
+        kind: types::KeyKind,
+        scope: types::KeyScope,
+        key_id: &[u8],
+        reg: Option<types::Registration>,
+    ) -> Result<keymanager::KeyPairId, Error> {
+        // Build the base key identifier.
+        //
+        // We use the following tuple elements which are fed into TupleHash to derive the final key
+        // identifier, in order:
+        //
+        // - V1 context domain separator.
+        // - App ID.
+        // - Encoded kind.
+        // - Key ID.
+        // - Optional CBOR-serialized extra domain separation.
+        //
+        let kind_id = &[kind as u8];
+        let mut key_id = vec![ROFL_DERIVE_KEY_CONTEXT, app.as_ref(), kind_id, key_id];
+        let mut extra_dom: BTreeMap<&str, Vec<u8>> = BTreeMap::new();
+
+        match scope {
+            types::KeyScope::Global => {
+                // Nothing to do here, global keys don't include an explicit scope for backwards
+                // compatibility.
+            }
+            types::KeyScope::Node => {
+                // Fetch node identifier corresponding to the application instance.
+                let node_id = reg.ok_or(Error::InvalidArgument)?.node_id;
+
+                extra_dom.insert("scope", [scope as u8].to_vec());
+                extra_dom.insert("node_id", node_id.as_ref().to_vec());
+            }
+            types::KeyScope::Entity => {
+                // Fetch entity identifier corresponding to the application instance.
+                let entity_id = reg
+                    .ok_or(Error::InvalidArgument)?
+                    .entity_id
+                    .ok_or(Error::InvalidArgument)?;
+
+                extra_dom.insert("scope", [scope as u8].to_vec());
+                extra_dom.insert("entity_id", entity_id.as_ref().to_vec());
+            }
+        };
+
+        // Add optional extra domain separation.
+        let extra_dom = if !extra_dom.is_empty() {
+            cbor::to_vec(extra_dom)
+        } else {
+            vec![]
+        };
+        if !extra_dom.is_empty() {
+            key_id.push(&extra_dom)
+        }
+
+        // Finalize the key identifier.
+        Ok(keymanager::get_key_pair_id(key_id))
+    }
+
     fn derive_app_key<C: Context>(
         ctx: &C,
         app: &app_id::AppId,
         kind: types::KeyKind,
+        scope: types::KeyScope,
         key_id: &[u8],
+        reg: Option<types::Registration>,
     ) -> Result<keymanager::KeyPair, Error> {
-        let key_id = keymanager::get_key_pair_id([
-            ROFL_DERIVE_KEY_CONTEXT,
-            app.as_ref(),
-            &[kind as u8],
-            key_id,
-        ]);
+        let key_id = Self::derive_app_key_id(app, kind, scope, key_id, reg)?;
 
         let km = ctx
             .key_manager()

examples/runtime-sdk/rofl-oracle-tdx/Cargo.lock

@@ -242,6 +242,70 @@ fn test_create_scheme() {
     );
 }
 
+#[test]
+fn test_derive_app_key_id() {
+    // Ensure that app key identifier derivation is stable.
+    let tcs = [
+        (
+            "rofl1qqfuf7u556prwv0wkdt398prhrpat7r3rvr97khf",
+            types::KeyKind::EntropyV0,
+            types::KeyScope::Global,
+            b"test key",
+            None,
+            "d5c2af4a445f893f3cc395fd7ed3aca53ecc98f4ff93401f03d8e17b9dac563f",
+        ),
+        (
+            "rofl1qqfuf7u556prwv0wkdt398prhrpat7r3rvr97khf",
+            types::KeyKind::X25519,
+            types::KeyScope::Global,
+            b"test key",
+            None,
+            "e1ad6dfca49ca3449642a8334c97120bbdeaf778e2c5b44f06b3584d9d77edbb",
+        ),
+        (
+            "rofl1qqfuf7u556prwv0wkdt398prhrpat7r3rvr97khf",
+            types::KeyKind::EntropyV0,
+            types::KeyScope::Node,
+            b"test key",
+            Some(types::Registration {
+                node_id: "0000000000000000000000000000000000000000000000000000000000000000".into(),
+                ..Default::default()
+            }),
+            "90725fe1f83e647f2a6ae917e076b5c42cf64944efa79fa4707a39583ff89b26",
+        ),
+        (
+            "rofl1qqfuf7u556prwv0wkdt398prhrpat7r3rvr97khf",
+            types::KeyKind::EntropyV0,
+            types::KeyScope::Node,
+            b"test key",
+            Some(types::Registration {
+                node_id: "1111111111111111111111111111111111111111111111111111111111111111".into(),
+                ..Default::default()
+            }),
+            "06374f036728adfbd64a2bb10d55a3d8ea8de122305383ea27064e12caafba71",
+        ),
+        (
+            "rofl1qqfuf7u556prwv0wkdt398prhrpat7r3rvr97khf",
+            types::KeyKind::EntropyV0,
+            types::KeyScope::Entity,
+            b"test key",
+            Some(types::Registration {
+                entity_id: Some(
+                    "1111111111111111111111111111111111111111111111111111111111111111".into(),
+                ),
+                ..Default::default()
+            }),
+            "5e3ec31fb6648b48fa8e721796fb1d01d11fee50303fd382118ddf9e69d6f77b",
+        ),
+    ];
+    for tc in tcs {
+        let key_id =
+            Module::<Config>::derive_app_key_id(&tc.0.into(), tc.1, tc.2, tc.3, tc.4.clone())
+                .unwrap();
+        assert_eq!(key_id, tc.5.into(), "{:?}", tc);
+    }
+}
+
 #[test]
 fn test_key_derivation() {
     let mut mock = mock::Mock::default();
@@ -262,6 +326,7 @@ fn test_key_derivation() {
     let derive = types::DeriveKey {
         app,
         kind: types::KeyKind::EntropyV0,
+        scope: types::KeyScope::Global,
         generation: 0,
         key_id: b"my test key".into(),
     };
@@ -292,7 +357,7 @@ fn test_key_derivation() {
         extra_keys: vec![keys::alice::pk()],
         ..Default::default()
     };
-    state::update_registration(fake_registration).unwrap();
+    state::update_registration(fake_registration.clone()).unwrap();
 
     // The call should succeed now.
     let dispatch_result = signer_alice.call_opts(
@@ -343,4 +408,62 @@ fn test_key_derivation() {
     let (err_module, err_code) = dispatch_result.result.unwrap_failed();
     assert_eq!(&err_module, "rofl");
     assert_eq!(err_code, 1);
+
+    // Try different scopes.
+    let dispatch_result = signer_alice.call_opts(
+        &ctx,
+        "rofl.DeriveKey",
+        types::DeriveKey {
+            scope: types::KeyScope::Node,
+            ..derive.clone()
+        },
+        CallOptions {
+            encrypted: true,
+            ..Default::default()
+        },
+    );
+    let dispatch_result = dispatch_result.result.unwrap();
+    let result: types::DeriveKeyResponse = cbor::from_value(dispatch_result).unwrap();
+    assert!(!result.key.is_empty());
+
+    // Entity scope should fail as the registration doesn't have an entity set.
+    let dispatch_result = signer_alice.call_opts(
+        &ctx,
+        "rofl.DeriveKey",
+        types::DeriveKey {
+            scope: types::KeyScope::Entity,
+            ..derive.clone()
+        },
+        CallOptions {
+            encrypted: true,
+            ..Default::default()
+        },
+    );
+    let (err_module, err_code) = dispatch_result.result.unwrap_failed();
+    assert_eq!(&err_module, "rofl");
+    assert_eq!(err_code, 1);
+
+    // Update registration to include an entity.
+    state::update_registration(types::Registration {
+        entity_id: Some(Default::default()),
+        ..fake_registration.clone()
+    })
+    .unwrap();
+
+    // Entity scope should now work.
+    let dispatch_result = signer_alice.call_opts(
+        &ctx,
+        "rofl.DeriveKey",
+        types::DeriveKey {
+            scope: types::KeyScope::Entity,
+            ..derive.clone()
+        },
+        CallOptions {
+            encrypted: true,
+            ..Default::default()
+        },
+    );
+    let dispatch_result = dispatch_result.result.unwrap();
+    let result: types::DeriveKeyResponse = cbor::from_value(dispatch_result).unwrap();
+    assert!(!result.key.is_empty());
 }

examples/runtime-sdk/rofl-oracle/Cargo.lock

@@ -117,13 +117,39 @@ pub enum KeyKind {
     X25519 = 1,
 }
 
+/// Scope of key for derivation.
+#[derive(Clone, Copy, Debug, Default, PartialEq, Eq, Hash, cbor::Encode, cbor::Decode)]
+#[cbor(with_default)]
+#[repr(u8)]
+pub enum KeyScope {
+    /// Global application scope (e.g. all instances get the same key).
+    #[default]
+    Global = 0,
+
+    /// Node scope (e.g. all instances endorsed by the same node get the same key).
+    Node = 1,
+
+    /// Entity scope (e.g. all instances endorsed by nodes from the same entity get the same key).
+    Entity = 2,
+}
+
+impl KeyScope {
+    /// Whether this key scope is the global key scope.
+    pub fn is_global(&self) -> bool {
+        matches!(self, Self::Global)
+    }
+}
+
 /// Derive key call.
 #[derive(Clone, Debug, Default, cbor::Encode, cbor::Decode)]
 pub struct DeriveKey {
     /// ROFL application identifier.
     pub app: AppId,
     /// Key kind.
     pub kind: KeyKind,
+    /// Key scope.
+    #[cbor(optional, skip_serializing_if = "KeyScope::is_global")]
+    pub scope: KeyScope,
     /// Key generation.
     pub generation: u64,
     /// Key identifier.