miden_testing/mock_chain/
auth.rs

1// AUTH
2// ================================================================================================
3use alloc::vec::Vec;
4
5use miden_lib::account::auth::{
6    AuthRpoFalcon512,
7    AuthRpoFalcon512Acl,
8    AuthRpoFalcon512AclConfig,
9    AuthRpoFalcon512Multisig,
10};
11use miden_lib::testing::account_component::{ConditionalAuthComponent, IncrNonceAuthComponent};
12use miden_objects::Word;
13use miden_objects::account::{AccountComponent, AuthSecretKey};
14use miden_objects::crypto::dsa::rpo_falcon512::{PublicKey, SecretKey};
15use miden_objects::testing::noop_auth_component::NoopAuthComponent;
16use miden_tx::auth::BasicAuthenticator;
17use rand::SeedableRng;
18use rand_chacha::ChaCha20Rng;
19
20/// Specifies which authentication mechanism is desired for accounts
21#[derive(Debug, Clone)]
22pub enum Auth {
23    /// Creates a [SecretKey] for the account and creates a [BasicAuthenticator] used to
24    /// authenticate the account with [AuthRpoFalcon512].
25    BasicAuth,
26
27    /// Multisig
28    Multisig { threshold: u32, approvers: Vec<Word> },
29
30    /// Creates a [SecretKey] for the account, and creates a [BasicAuthenticator] used to
31    /// authenticate the account with [AuthRpoFalcon512Acl]. Authentication will only be
32    /// triggered if any of the procedures specified in the list are called during execution.
33    Acl {
34        auth_trigger_procedures: Vec<Word>,
35        allow_unauthorized_output_notes: bool,
36        allow_unauthorized_input_notes: bool,
37    },
38
39    /// Creates a mock authentication mechanism for the account that only increments the nonce.
40    IncrNonce,
41
42    /// Creates a mock authentication mechanism for the account that does nothing.
43    Noop,
44
45    /// Creates a mock authentication mechanism for the account that conditionally succeeds and
46    /// conditionally increments the nonce based on the authentication arguments.
47    ///
48    /// The auth procedure expects the first three arguments as [99, 98, 97] to succeed.
49    /// In case it succeeds, it conditionally increments the nonce based on the fourth argument.
50    Conditional,
51}
52
53impl Auth {
54    /// Converts `self` into its corresponding authentication [`AccountComponent`] and an optional
55    /// [`BasicAuthenticator`]. The component is always returned, but the authenticator is only
56    /// `Some` when [`Auth::BasicAuth`] is passed."
57    pub fn build_component(&self) -> (AccountComponent, Option<BasicAuthenticator<ChaCha20Rng>>) {
58        match self {
59            Auth::BasicAuth => {
60                let mut rng = ChaCha20Rng::from_seed(Default::default());
61                let sec_key = SecretKey::with_rng(&mut rng);
62                let pub_key = sec_key.public_key();
63
64                let component = AuthRpoFalcon512::new(pub_key).into();
65                let authenticator = BasicAuthenticator::<ChaCha20Rng>::new_with_rng(
66                    &[(pub_key.into(), AuthSecretKey::RpoFalcon512(sec_key))],
67                    rng,
68                );
69
70                (component, Some(authenticator))
71            },
72            Auth::Multisig { threshold, approvers } => {
73                let pub_keys: Vec<_> = approvers.iter().map(|word| PublicKey::new(*word)).collect();
74
75                let component = AuthRpoFalcon512Multisig::new(*threshold, pub_keys)
76                    .expect("multisig component creation failed")
77                    .into();
78
79                (component, None)
80            },
81            Auth::Acl {
82                auth_trigger_procedures,
83                allow_unauthorized_output_notes,
84                allow_unauthorized_input_notes,
85            } => {
86                let mut rng = ChaCha20Rng::from_seed(Default::default());
87                let sec_key = SecretKey::with_rng(&mut rng);
88                let pub_key = sec_key.public_key();
89
90                let component = AuthRpoFalcon512Acl::new(
91                    pub_key,
92                    AuthRpoFalcon512AclConfig::new()
93                        .with_auth_trigger_procedures(auth_trigger_procedures.clone())
94                        .with_allow_unauthorized_output_notes(*allow_unauthorized_output_notes)
95                        .with_allow_unauthorized_input_notes(*allow_unauthorized_input_notes),
96                )
97                .expect("component creation failed")
98                .into();
99                let authenticator = BasicAuthenticator::<ChaCha20Rng>::new_with_rng(
100                    &[(pub_key.into(), AuthSecretKey::RpoFalcon512(sec_key))],
101                    rng,
102                );
103
104                (component, Some(authenticator))
105            },
106            Auth::IncrNonce => (IncrNonceAuthComponent.into(), None),
107            Auth::Noop => (NoopAuthComponent.into(), None),
108            Auth::Conditional => (ConditionalAuthComponent.into(), None),
109        }
110    }
111}
112
113impl From<Auth> for AccountComponent {
114    fn from(auth: Auth) -> Self {
115        let (component, _) = auth.build_component();
116        component
117    }
118}