Skip to content

Commit

Permalink
server: misc cleanups (#407)
Browse files Browse the repository at this point in the history
  • Loading branch information
conradoplg authored Dec 26, 2024
1 parent 3385036 commit d7b6ab7
Show file tree
Hide file tree
Showing 13 changed files with 49 additions and 59 deletions.
2 changes: 1 addition & 1 deletion coordinator/src/args.rs
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ pub struct Args {

/// Port to bind to, if using socket comms.
/// Port to connect to, if using HTTP mode.
#[arg(short, long, default_value_t = 2744)]
#[arg(short, long, default_value_t = 443)]
pub port: u16,
}

Expand Down
8 changes: 2 additions & 6 deletions coordinator/src/comms/http.rs
Original file line number Diff line number Diff line change
Expand Up @@ -267,7 +267,6 @@ pub struct HTTPComms<C: Ciphersuite> {
host_port: String,
session_id: Option<Uuid>,
access_token: Option<String>,
num_signers: u16,
args: ProcessedArgs<C>,
state: SessionState<C>,
pubkeys: HashMap<Vec<u8>, Identifier<C>>,
Expand All @@ -286,7 +285,6 @@ impl<C: Ciphersuite> HTTPComms<C> {
host_port: format!("https://{}:{}", args.ip, args.port),
session_id: None,
access_token: None,
num_signers: 0,
args: args.clone(),
state: SessionState::new(args.messages.len(), args.num_signers as usize),
pubkeys: Default::default(),
Expand Down Expand Up @@ -340,7 +338,7 @@ impl<C: Ciphersuite + 'static> Comms<C> for HTTPComms<C> {
_input: &mut dyn BufRead,
_output: &mut dyn Write,
_pub_key_package: &PublicKeyPackage<C>,
num_signers: u16,
_num_signers: u16,
) -> Result<BTreeMap<Identifier<C>, SigningCommitments<C>>, Box<dyn Error>> {
let mut rng = thread_rng();
let challenge = self
Expand Down Expand Up @@ -368,7 +366,7 @@ impl<C: Ciphersuite + 'static> Comms<C> for HTTPComms<C> {
self.client
.post(format!("{}/login", self.host_port))
.json(&server::KeyLoginArgs {
uuid: challenge,
challenge,
pubkey: self
.args
.comm_pubkey
Expand All @@ -390,7 +388,6 @@ impl<C: Ciphersuite + 'static> Comms<C> for HTTPComms<C> {
.bearer_auth(self.access_token.as_ref().expect("was just set"))
.json(&server::CreateNewSessionArgs {
pubkeys: self.args.signers.iter().cloned().map(PublicKey).collect(),
num_signers,
message_count: 1,
})
.send()
Expand All @@ -405,7 +402,6 @@ impl<C: Ciphersuite + 'static> Comms<C> for HTTPComms<C> {
);
}
self.session_id = Some(r.session_id);
self.num_signers = num_signers;

let (Some(comm_privkey), Some(comm_participant_pubkey_getter)) = (
&self.args.comm_privkey,
Expand Down
4 changes: 2 additions & 2 deletions frost-client/src/session.rs
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ pub(crate) async fn list(args: &Command) -> Result<(), Box<dyn Error>> {
let access_token = client
.post(format!("{}/login", host_port))
.json(&server::KeyLoginArgs {
uuid: challenge,
challenge,
pubkey: comm_pubkey.clone(),
signature: signature.to_vec(),
})
Expand Down Expand Up @@ -102,7 +102,7 @@ pub(crate) async fn list(args: &Command) -> Result<(), Box<dyn Error>> {
let participants: Vec<_> = r
.pubkeys
.iter()
.map(|pubkey| config.contact_by_pubkey(pubkey))
.map(|pubkey| config.contact_by_pubkey(&pubkey.0))
.collect();
eprintln!("Session with ID {}", session_id);
eprintln!(
Expand Down
2 changes: 1 addition & 1 deletion participant/src/args.rs
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ pub struct Args {
pub ip: String,

/// Port to connect to, if using online comms
#[arg(short, long, default_value_t = 2744)]
#[arg(short, long, default_value_t = 443)]
pub port: u16,

/// Optional Session ID
Expand Down
2 changes: 1 addition & 1 deletion participant/src/comms/http.rs
Original file line number Diff line number Diff line change
Expand Up @@ -203,7 +203,7 @@ where
self.client
.post(format!("{}/login", self.host_port))
.json(&server::KeyLoginArgs {
uuid: challenge,
challenge,
pubkey: self
.args
.comm_pubkey
Expand Down
2 changes: 1 addition & 1 deletion server/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ derivative = "2.2.0"
eyre = "0.6.11"
frost-core = { version = "2.0.0", features = ["serde"] }
frost-rerandomized = { version = "2.0.0-rc.0", features = ["serde"] }
hex = "0.4"
rand = "0.8"
rcgen = "0.13.1"
serde = { version = "1.0", features = ["derive"] }
Expand All @@ -32,7 +33,6 @@ xeddsa = "1.0.2"
futures-util = "0.3.31"
futures = "0.3.31"
thiserror = "2.0.3"
hex = "0.4.3"

[dev-dependencies]
axum-test = "16.4.0"
Expand Down
29 changes: 11 additions & 18 deletions server/README.md
Original file line number Diff line number Diff line change
@@ -1,14 +1,12 @@
# FROST Server


This is a HTTP server that allow clients (Coordinator and Participants) to
run FROST without needing to directly connect to one another.
This is a JSON-HTTPS server that allow FROST clients (Coordinator and
Participants) to run FROST without needing to directly connect to one another.


## Status ⚠

This is a prototype which is NOT SECURE since messages are not encrypted nor
authenticated. DO NOT USE this for anything other than testing.
This project has not being audited.


## Usage
Expand All @@ -17,19 +15,14 @@ NOTE: This is for demo purposes only and should not be used in production.

You will need to have [Rust and Cargo](https://doc.rust-lang.org/cargo/getting-started/installation.html) installed.

To run:
1. Clone the repo. Run `git clone https://github.com/ZcashFoundation/frost-zcash-demo.git`
2. Run `cargo install`
3. Run `cargo run --bin server`
To compile and run:

You can specify the IP and port to bind to using `--ip` and `--port`, e.g.
`cargo run --bin server -- --ip 127.0.0.1 --port 2744`.
1. Clone the repo. Run `git clone https://github.com/ZcashFoundation/frost-zcash-demo.git`
2. Run `cargo build --release --bin server`
3. Run `./target/release/server -h` to learn about the command line arguments.

## TODO
You will need to specify a TLS certificate and key with the `--tls-cert`
and `--tls-key` arguments.

- Add specific error codes
- Remove frost-specific types (when data is encrypted)
- Session timeouts
- Encryption/authentication
- DoS protections and other production-ready requirements
-
For more details on using and deploying, refer to the [ZF FROST
Book](https://frost.zfnd.org/).
26 changes: 12 additions & 14 deletions server/src/functions.rs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ use crate::{
};

/// Implement the challenge API.
#[tracing::instrument(ret, err(Debug), skip(state, _args))]
#[tracing::instrument(level = "debug", err(Debug), skip(state, _args))]
pub(crate) async fn challenge(
State(state): State<SharedState>,
Json(_args): Json<ChallengeArgs>,
Expand All @@ -25,7 +25,7 @@ pub(crate) async fn challenge(
}

/// Implement the key_login API.
#[tracing::instrument(ret, err(Debug), skip(state, args))]
#[tracing::instrument(level = "debug", err(Debug), skip(state, args))]
pub(crate) async fn login(
State(state): State<SharedState>,
Json(args): Json<KeyLoginArgs>,
Expand All @@ -41,11 +41,11 @@ pub(crate) async fn login(
let signature = TryInto::<[u8; 64]>::try_into(args.signature)
.map_err(|_| AppError::InvalidArgument("signature".into()))?;
pubkey
.verify(args.uuid.as_bytes(), &signature)
.verify(args.challenge.as_bytes(), &signature)
.map_err(|_| AppError::Unauthorized)?;

let mut challenges = state.challenges.write().unwrap();
if !challenges.remove(&args.uuid) {
if !challenges.remove(&args.challenge) {
return Err(AppError::Unauthorized);
}
drop(challenges);
Expand All @@ -61,7 +61,7 @@ pub(crate) async fn login(
}

/// Implement the logout API.
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn logout(
State(state): State<SharedState>,
user: User,
Expand All @@ -75,7 +75,7 @@ pub(crate) async fn logout(
}

/// Implement the create_new_session API.
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn create_new_session(
State(state): State<SharedState>,
user: User,
Expand All @@ -94,15 +94,14 @@ pub(crate) async fn create_new_session(
// Save session ID in global state
for pubkey in &args.pubkeys {
sessions_by_pubkey
.entry(pubkey.0.clone())
.entry(pubkey.clone().0)
.or_default()
.insert(id);
}
// Create Session object
let session = Session {
pubkeys: args.pubkeys.into_iter().map(|p| p.0).collect(),
coordinator_pubkey: user.pubkey,
num_signers: args.num_signers,
message_count: args.message_count,
queue: Default::default(),
};
Expand All @@ -114,7 +113,7 @@ pub(crate) async fn create_new_session(
}

/// Implement the create_new_session API.
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn list_sessions(
State(state): State<SharedState>,
user: User,
Expand All @@ -130,7 +129,7 @@ pub(crate) async fn list_sessions(
}

/// Implement the get_session_info API
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn get_session_info(
State(state): State<SharedState>,
user: User,
Expand All @@ -152,7 +151,6 @@ pub(crate) async fn get_session_info(
.ok_or(AppError::SessionNotFound)?;

Ok(Json(GetSessionInfoOutput {
num_signers: session.num_signers,
message_count: session.message_count,
pubkeys: session.pubkeys.iter().cloned().map(PublicKey).collect(),
coordinator_pubkey: session.coordinator_pubkey.clone(),
Expand All @@ -161,7 +159,7 @@ pub(crate) async fn get_session_info(

/// Implement the send API
// TODO: get identifier from channel rather from arguments
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn send(
State(state): State<SharedState>,
user: User,
Expand Down Expand Up @@ -197,7 +195,7 @@ pub(crate) async fn send(
}

/// Implement the recv API
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn receive(
State(state): State<SharedState>,
user: User,
Expand Down Expand Up @@ -240,7 +238,7 @@ pub(crate) async fn receive(
}

/// Implement the close_session API.
#[tracing::instrument(ret, err(Debug), skip(state, user))]
#[tracing::instrument(level = "debug", ret, err(Debug), skip(state, user))]
pub(crate) async fn close_session(
State(state): State<SharedState>,
user: User,
Expand Down
7 changes: 4 additions & 3 deletions server/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,10 @@ pub async fn run(args: &Args) -> Result<(), Box<dyn std::error::Error>> {

if args.no_tls_very_insecure {
tracing::warn!(
"starting an INSECURE HTTP server. This should be done only for \
testing or if you are providing TLS/HTTPS with a separate \
mechanism (e.g. reverse proxy such as nginx)"
"starting an INSECURE HTTP server at {}. This should be done only \
for testing or if you are providing TLS/HTTPS with a separate \
mechanism (e.g. reverse proxy such as nginx)",
addr,
);
let listener = tokio::net::TcpListener::bind(addr).await?;
Ok(axum::serve(listener, app).await?)
Expand Down
10 changes: 9 additions & 1 deletion server/src/main.rs
Original file line number Diff line number Diff line change
@@ -1,12 +1,20 @@
use clap::Parser;
use server::args::Args;
use server::run;
use tracing::level_filters::LevelFilter;
use tracing_subscriber::EnvFilter;

#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let args = Args::parse();
// initialize tracing
tracing_subscriber::fmt::init();
tracing_subscriber::fmt()
.with_env_filter(
EnvFilter::builder()
.with_default_directive(LevelFilter::INFO.into())
.from_env_lossy(),
)
.init();
tracing::event!(tracing::Level::INFO, "server running");
run(&args).await
}
2 changes: 0 additions & 2 deletions server/src/state.rs
Original file line number Diff line number Diff line change
Expand Up @@ -42,8 +42,6 @@ pub struct Session {
pub(crate) pubkeys: Vec<Vec<u8>>,
/// The public key of the coordinator
pub(crate) coordinator_pubkey: Vec<u8>,
/// The number of signers in the session.
pub(crate) num_signers: u16,
/// The number of messages being simultaneously signed.
pub(crate) message_count: u8,
/// The message queue.
Expand Down
4 changes: 1 addition & 3 deletions server/src/types.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ pub struct ChallengeOutput {

#[derive(Debug, Serialize, Deserialize)]
pub struct KeyLoginArgs {
pub uuid: Uuid,
pub challenge: Uuid,
#[serde(
serialize_with = "serdect::slice::serialize_hex_lower_or_bin",
deserialize_with = "serdect::slice::deserialize_hex_or_bin_vec"
Expand Down Expand Up @@ -64,7 +64,6 @@ pub struct LoginArgs {
#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct CreateNewSessionArgs {
pub pubkeys: Vec<PublicKey>,
pub num_signers: u16,
pub message_count: u8,
}

Expand All @@ -85,7 +84,6 @@ pub struct GetSessionInfoArgs {

#[derive(Clone, Debug, Serialize, Deserialize)]
pub struct GetSessionInfoOutput {
pub num_signers: u16,
pub message_count: u8,
pub pubkeys: Vec<PublicKey>,
pub coordinator_pubkey: Vec<u8>,
Expand Down
10 changes: 4 additions & 6 deletions server/tests/integration_tests.rs
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ async fn test_main_router<
let res = server
.post("/login")
.json(&server::KeyLoginArgs {
uuid: alice_challenge,
challenge: alice_challenge,
pubkey: alice_keypair.public.clone(),
signature: alice_signature.to_vec(),
})
Expand All @@ -104,7 +104,7 @@ async fn test_main_router<
let res = server
.post("/login")
.json(&server::KeyLoginArgs {
uuid: bob_challenge,
challenge: bob_challenge,
pubkey: bob_keypair.public.clone(),
signature: bob_signature.to_vec(),
})
Expand All @@ -124,7 +124,6 @@ async fn test_main_router<
server::PublicKey(alice_keypair.public.clone()),
server::PublicKey(bob_keypair.public.clone()),
],
num_signers: 2,
message_count: 2,
})
.await;
Expand Down Expand Up @@ -463,7 +462,7 @@ async fn test_http() -> Result<(), Box<dyn std::error::Error>> {
let r = client
.post("https://127.0.0.1:2744/login")
.json(&server::KeyLoginArgs {
uuid: alice_challenge,
challenge: alice_challenge,
pubkey: alice_keypair.public.clone(),
signature: alice_signature.to_vec(),
})
Expand All @@ -485,7 +484,6 @@ async fn test_http() -> Result<(), Box<dyn std::error::Error>> {
server::PublicKey(bob_keypair.public.clone()),
],
message_count: 1,
num_signers: 2,
})
.send()
.await?;
Expand Down Expand Up @@ -528,7 +526,7 @@ async fn test_http() -> Result<(), Box<dyn std::error::Error>> {
let r = client
.post("https://127.0.0.1:2744/login")
.json(&server::KeyLoginArgs {
uuid: bob_challenge,
challenge: bob_challenge,
pubkey: bob_keypair.public.clone(),
signature: bob_signature.to_vec(),
})
Expand Down

0 comments on commit d7b6ab7

Please sign in to comment.