Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: sapphire-dev: Fix key manager initialization #469

Merged
merged 3 commits into from
Oct 30, 2023
Merged

fix: sapphire-dev: Fix key manager initialization #469

merged 3 commits into from
Oct 30, 2023

Conversation

matevz
Copy link
Member

@matevz matevz commented Oct 25, 2023
edited
Loading

This PR:

  • waits for the key manager to generate the ephemeral secret (the first possible epoch for this is 3) and then transitions to that epoch so the ephemeral key can be used by dApps (this behavior was new in Oasis Core 23.x)
  • sets the beacon interval to 2. This interval determines among how many KM nodes the KM will propose the new ephemeral key. The previous value was 50 meaning there is 1/50 chance KM proposing the ephemeral secret every block, the block time is 1 second. On the Mainnet/Testnet this number is computed by taking the epoch length into account, but since we use mock epochs in the Docker image, the beacon interval needs to be hardcoded.
  • bumps ci-test to use the new sapphire-runtime 7.0.0-testnet and emerald-runtime 11.0.0-testnet
  • uses the localnet version of emerald-runtime in ci-test as well for consistency with sapphire
  • adds a test to sapphire-dev and emerald-dev for eth_getBalance which checks if the testing account was funded
  • emerald-dev tests currently disabled due to Fix emerald-dev image #471
  • adds a test for sapphire-dev, if oasis_callDataPublicKey works
  • builds Docker images and tests them on pull requests too now, not just when pushed to main

@codecov
Copy link

codecov bot commented Oct 25, 2023
edited
Loading

Codecov Report

Merging #469 (80802b8) into main (bb3b0ab) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #469   +/-   ##
=======================================
  Coverage   61.86%   61.86%           
=======================================
  Files          37       37           
  Lines        3920     3920           
=======================================
  Hits         2425     2425           
  Misses       1288     1288           
  Partials      207      207

@matevz matevz force-pushed the matevz/fix/docker-km-startup branch 5 times, most recently from d787d67 to 058333a Compare October 26, 2023 15:36
@matevz matevz marked this pull request as ready for review October 26, 2023 15:40
@matevz matevz requested review from kostko and ptrus as code owners October 26, 2023 15:40
@matevz matevz requested a review from CedarMist October 26, 2023 15:40
kostko
kostko approved these changes Oct 26, 2023
View reviewed changes
docker/common/start.sh Outdated Show resolved Hide resolved
@matevz matevz force-pushed the matevz/fix/docker-km-startup branch 3 times, most recently from a1a02cc to a1b604d Compare October 26, 2023 17:23
@CedarMist CedarMist mentioned this pull request Oct 26, 2023
Merged
@matevz matevz force-pushed the matevz/fix/docker-km-startup branch 2 times, most recently from 18406df to 7a343a3 Compare October 30, 2023 12:59
@matevz matevz mentioned this pull request Oct 30, 2023
Closed
@matevz matevz force-pushed the matevz/fix/docker-km-startup branch from 7a343a3 to 80802b8 Compare October 30, 2023 13:08
@matevz matevz merged commit b31d35e into main Oct 30, 2023
@matevz matevz deleted the matevz/fix/docker-km-startup branch October 30, 2023 13:50
@matevz matevz mentioned this pull request Oct 30, 2023
Merged
@peternose
Copy link
Contributor

In E2E tests, the first ephemeral secret is available in epoch 2, not in epoch 3.

  • Epoch 0:
    • Key manager nodes register.
  • Epoch 1:
    • Key manager status changes, nodes are added to the committee.
    • All nodes try to generate ephemeral secret for the next epoch. The first secret published is accepted, others rejected.
    • All nodes send the secret to the key manager enclave which verifies and stores the secret in memory.
  • Epoch 2:
    • Ephemeral secret for epoch 2 is available, keys can be derived.
    • All nodes try to generate ephemeral secret for the next epoch...

@ptrus ptrus mentioned this pull request Dec 20, 2024
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CedarMist CedarMist CedarMist approved these changes

@ptrus ptrus ptrus approved these changes

@kostko kostko kostko approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@matevz @peternose @kostko @ptrus @CedarMist