miden_testing/mock_chain/
auth.rs

1// AUTH
2// ================================================================================================
3use alloc::vec::Vec;
4
5use miden_lib::account::auth::{
6    AuthRpoFalcon512,
7    AuthRpoFalcon512Acl,
8    AuthRpoFalcon512AclConfig,
9    AuthRpoFalcon512Multisig,
10    AuthRpoFalcon512MultisigConfig,
11};
12use miden_lib::testing::account_component::{ConditionalAuthComponent, IncrNonceAuthComponent};
13use miden_objects::Word;
14use miden_objects::account::AccountComponent;
15use miden_objects::account::auth::{AuthSecretKey, PublicKeyCommitment};
16use miden_objects::testing::noop_auth_component::NoopAuthComponent;
17use miden_tx::auth::BasicAuthenticator;
18use rand::SeedableRng;
19use rand_chacha::ChaCha20Rng;
20
21/// Specifies which authentication mechanism is desired for accounts
22#[derive(Debug, Clone)]
23pub enum Auth {
24    /// Creates a secret key for the account and creates a [BasicAuthenticator] used to
25    /// authenticate the account with [AuthRpoFalcon512].
26    BasicAuth,
27
28    /// Multisig
29    Multisig {
30        threshold: u32,
31        approvers: Vec<Word>,
32        proc_threshold_map: Vec<(Word, u32)>,
33    },
34
35    /// Creates a secret key for the account, and creates a [BasicAuthenticator] used to
36    /// authenticate the account with [AuthRpoFalcon512Acl]. Authentication will only be
37    /// triggered if any of the procedures specified in the list are called during execution.
38    Acl {
39        auth_trigger_procedures: Vec<Word>,
40        allow_unauthorized_output_notes: bool,
41        allow_unauthorized_input_notes: bool,
42    },
43
44    /// Creates a mock authentication mechanism for the account that only increments the nonce.
45    IncrNonce,
46
47    /// Creates a mock authentication mechanism for the account that does nothing.
48    Noop,
49
50    /// Creates a mock authentication mechanism for the account that conditionally succeeds and
51    /// conditionally increments the nonce based on the authentication arguments.
52    ///
53    /// The auth procedure expects the first three arguments as [99, 98, 97] to succeed.
54    /// In case it succeeds, it conditionally increments the nonce based on the fourth argument.
55    Conditional,
56}
57
58impl Auth {
59    /// Converts `self` into its corresponding authentication [`AccountComponent`] and an optional
60    /// [`BasicAuthenticator`]. The component is always returned, but the authenticator is only
61    /// `Some` when [`Auth::BasicAuth`] is passed."
62    pub fn build_component(&self) -> (AccountComponent, Option<BasicAuthenticator>) {
63        match self {
64            Auth::BasicAuth => {
65                let mut rng = ChaCha20Rng::from_seed(Default::default());
66                let sec_key = AuthSecretKey::new_rpo_falcon512_with_rng(&mut rng);
67                let pub_key = sec_key.public_key().to_commitment();
68
69                let component = AuthRpoFalcon512::new(pub_key).into();
70                let authenticator = BasicAuthenticator::new(&[sec_key]);
71
72                (component, Some(authenticator))
73            },
74            Auth::Multisig { threshold, approvers, proc_threshold_map } => {
75                let pub_keys: Vec<_> =
76                    approvers.iter().map(|word| PublicKeyCommitment::from(*word)).collect();
77
78                let config = AuthRpoFalcon512MultisigConfig::new(pub_keys, *threshold)
79                    .and_then(|cfg| cfg.with_proc_thresholds(proc_threshold_map.clone()))
80                    .expect("invalid multisig config");
81                let component = AuthRpoFalcon512Multisig::new(config)
82                    .expect("multisig component creation failed")
83                    .into();
84
85                (component, None)
86            },
87            Auth::Acl {
88                auth_trigger_procedures,
89                allow_unauthorized_output_notes,
90                allow_unauthorized_input_notes,
91            } => {
92                let mut rng = ChaCha20Rng::from_seed(Default::default());
93                let sec_key = AuthSecretKey::new_rpo_falcon512_with_rng(&mut rng);
94                let pub_key = sec_key.public_key().to_commitment();
95
96                let component = AuthRpoFalcon512Acl::new(
97                    pub_key,
98                    AuthRpoFalcon512AclConfig::new()
99                        .with_auth_trigger_procedures(auth_trigger_procedures.clone())
100                        .with_allow_unauthorized_output_notes(*allow_unauthorized_output_notes)
101                        .with_allow_unauthorized_input_notes(*allow_unauthorized_input_notes),
102                )
103                .expect("component creation failed")
104                .into();
105                let authenticator = BasicAuthenticator::new(&[sec_key]);
106
107                (component, Some(authenticator))
108            },
109            Auth::IncrNonce => (IncrNonceAuthComponent.into(), None),
110            Auth::Noop => (NoopAuthComponent.into(), None),
111            Auth::Conditional => (ConditionalAuthComponent.into(), None),
112        }
113    }
114}
115
116impl From<Auth> for AccountComponent {
117    fn from(auth: Auth) -> Self {
118        let (component, _) = auth.build_component();
119        component
120    }
121}