Skip to content

chore: replace chainkey testing canister with the pocket IC's vetkd #93

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
altkdf merged 12 commits into from
May 9, 2025
Merged

chore: replace chainkey testing canister with the pocket IC's vetkd #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
1f23c7d
replace chainkey testing canister with the pocket IC's vetkd
altkdf May 8, 2025
c44268c
reorder and simplify deployment
altkdf May 8, 2025
72d942d
more automatic frontend tests
altkdf May 8, 2025
7665cbd
start dfx if needed
altkdf May 8, 2025
21fd5c2
vetkd is only available with --replica right now
altkdf May 8, 2025
80a83e8
wait for the key to be created
altkdf May 8, 2025
70cc4ec
use dfx with pic
altkdf May 9, 2025
34b6253
minor improvements to npm test script
altkdf May 9, 2025
5d256a5
Merge branch 'main' into alex/rm-chainkey-testing-canister
altkdf May 9, 2025
1400d19
use pocket IC instead of replica
altkdf May 9, 2025
3f8c29d
dfx start from the project folder
altkdf May 9, 2025
e753900
shared dfx
altkdf May 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions .github/workflows/backend-rust.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ jobs:
run: |
set -eExuo pipefail
export CARGO_TERM_COLOR=always # ensure output has colors
cargo build --release --target wasm32-unknown-unknown --features expose-testing-api -p ic-vetkeys-manager-canister -p ic-vetkeys-encrypted-maps-canister
cargo build --release --target wasm32-unknown-unknown -p ic-vetkeys-manager-canister -p ic-vetkeys-encrypted-maps-canister
cargo test
cargo-test-backend-darwin:
runs-on: macos-15
Expand All @@ -38,5 +38,5 @@ jobs:
run: |
set -eExuo pipefail
export CARGO_TERM_COLOR=always # ensure output has colors
cargo build --release --target wasm32-unknown-unknown --features expose-testing-api -p ic-vetkeys-manager-canister -p ic-vetkeys-encrypted-maps-canister
cargo build --release --target wasm32-unknown-unknown -p ic-vetkeys-manager-canister -p ic-vetkeys-encrypted-maps-canister
cargo test
18 changes: 0 additions & 18 deletions .github/workflows/frontend.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,15 +25,6 @@ jobs:
run: |
set -eExuo pipefail
npm install
pushd backend/rs/canisters/ic_vetkeys_encrypted_maps_canister
dfx start --background
make mock
eval $(make export-cmd)
popd
pushd backend/rs/canisters/ic_vetkeys_manager_canister
make mock
eval $(make export-cmd)
popd
cd frontend/ic_vetkeys
npm run build
npm run test
Expand All @@ -49,15 +40,6 @@ jobs:
run: |
set -eExuo pipefail
npm install
pushd backend/rs/canisters/ic_vetkeys_encrypted_maps_canister
dfx start --background
make mock
eval $(make export-cmd)
popd
pushd backend/rs/canisters/ic_vetkeys_manager_canister
make mock
eval $(make export-cmd)
popd
cd frontend/ic_vetkeys
npm run build
npm run test
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/provision-darwin.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ brew install nodejs

# Install DFINITY SDK.
curl --location --output install-dfx.sh "https://raw.githubusercontent.com/dfinity/sdk/master/public/install-dfxvm.sh"
DFX_VERSION=${DFX_VERSION:=0.25.0} DFXVM_INIT_YES=true bash install-dfx.sh
DFX_VERSION=${DFX_VERSION:=0.26.1} DFXVM_INIT_YES=true bash install-dfx.sh
rm install-dfx.sh
echo "$HOME/Library/Application Support/org.dfinity.dfx/bin" >> $GITHUB_PATH
source "$HOME/Library/Application Support/org.dfinity.dfx/env"
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/provision-linux.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ sudo apt-get install nodejs

# Install DFINITY SDK.
wget --output-document install-dfx.sh "https://raw.githubusercontent.com/dfinity/sdk/master/public/install-dfxvm.sh"
DFX_VERSION=${DFX_VERSION:=0.25.0} DFXVM_INIT_YES=true bash install-dfx.sh
DFX_VERSION=${DFX_VERSION:=0.26.1} DFXVM_INIT_YES=true bash install-dfx.sh
rm install-dfx.sh
echo "$HOME/.local/share/dfx/bin" >>$GITHUB_PATH
source "$HOME/.local/share/dfx/env"
Expand Down
17 changes: 15 additions & 2 deletions Cargo.lock
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ ic-cdk-macros = "0.17.1"
ic-stable-structures = "0.6.8"
ic-vetkd-utils = { version = "0.1.0", git = "https://github.com/dfinity/ic.git" }
lazy_static = "1.5.0"
pocket-ic = "7.0.0"
pocket-ic = "9.0.0"
rand = "0.9.0"
rand_chacha = "0.9.0"
serde = "1.0.217"
Expand Down
7 changes: 3 additions & 4 deletions backend/mo/ic_vetkeys/src/key_manager/KeyManager.mo
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,6 @@ module {
public class KeyManager<T>(domainSeparator : Text, accessRightsOperations : Types.AccessControlOperations<T>) {
public var accessControl : OrderedMap.Map<Principal, [(KeyId, T)]> = accessControlMapOps().empty();
public var sharedKeys : OrderedMap.Map<KeyId, [Principal]> = sharedKeysMapOps().empty();
public var managementCanisterPrincipalText = "aaaaa-aa";
let domainSeparatorBytes = Text.encodeUtf8(domainSeparator);

// Get accessible shared key IDs for a caller
Expand Down Expand Up @@ -106,7 +105,7 @@ module {
key_id = bls12_381TestKey1();
};

let (reply) = await (actor (managementCanisterPrincipalText) : VetkdSystemApi).vetkd_public_key(request);
let (reply) = await (actor ("aaaaa-aa") : VetkdSystemApi).vetkd_public_key(request);
reply.public_key;
};

Expand All @@ -129,7 +128,7 @@ module {
transport_public_key = transportKey;
};

let (reply) = await (actor (managementCanisterPrincipalText) : VetkdSystemApi).vetkd_derive_key(request);
let (reply) = await (actor ("aaaaa-aa") : VetkdSystemApi).vetkd_derive_key(request);
#ok(reply.encrypted_key);
};
};
Expand Down Expand Up @@ -340,6 +339,6 @@ module {

// Helper function for BLS12-381 test key
func bls12_381TestKey1() : { curve : { #bls12_381_g2 }; name : Text } {
{ curve = #bls12_381_g2; name = "insecure_text_key_1" };
{ curve = #bls12_381_g2; name = "dfx_test_key" };
};
};
3 changes: 0 additions & 3 deletions backend/rs/canisters/ic_vetkeys_encrypted_maps_canister/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,3 @@ pocket-ic = { workspace = true }
rand = { workspace = true }
rand_chacha = { workspace = true }
reqwest = "0.12.12"

[features]
expose-testing-api = ["ic-vetkeys/expose-testing-api"]
29 changes: 0 additions & 29 deletions backend/rs/canisters/ic_vetkeys_encrypted_maps_canister/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,35 +10,6 @@ compile-wasm:
extract-candid: compile-wasm
candid-extractor $(ROOT_DIR)/target/wasm32-unknown-unknown/release/ic_vetkeys_encrypted_maps_canister.wasm > ic_vetkeys_encrypted_maps_canister.did

.PHONY: compile-wasm-test
.SILENT: compile-wasm-test
compile-wasm-test:
cargo build --release --target wasm32-unknown-unknown --features expose-testing-api

.PHONY: deploy-test
.SILENT: deploy-test
deploy-test: compile-wasm-test
dfx canister create chainkey_testing_canister && \
dfx canister create ic_vetkeys_encrypted_maps_canister && \
dfx build chainkey_testing_canister && \
dfx canister install --upgrade-unchanged --mode auto chainkey_testing_canister && \
dfx canister install --upgrade-unchanged --mode auto --wasm $(ROOT_DIR)/target/wasm32-unknown-unknown/release/ic_vetkeys_encrypted_maps_canister.wasm ic_vetkeys_encrypted_maps_canister

.PHONY: mock
.SILENT: mock
mock: deploy-test
VETKD_MOCK_CANISTER_ID=$(shell dfx canister id chainkey_testing_canister); \
echo "Changing to using mock canister instead of management canister for vetkd to "$${VETKD_MOCK_CANISTER_ID}""; \
CMD="dfx canister call ic_vetkeys_encrypted_maps_canister set_vetkd_testing_canister_id '(principal "\"$${VETKD_MOCK_CANISTER_ID}\"")'"; \
eval "$${CMD}"

.PHONY: export-cmd
.SILENT: export-cmd
export-cmd:
CANISTER_ID_IC_VETKEYS_ENCRYPTED_MAPS_CANISTER=$(shell dfx canister id ic_vetkeys_encrypted_maps_canister); \
CMD="export CANISTER_ID_IC_VETKEYS_ENCRYPTED_MAPS_CANISTER=$${CANISTER_ID_IC_VETKEYS_ENCRYPTED_MAPS_CANISTER}"; \
echo "$${CMD}"

.PHONY: clean
.SILENT: clean
clean:
Expand Down
8 changes: 2 additions & 6 deletions backend/rs/canisters/ic_vetkeys_encrypted_maps_canister/dfx.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@
"candid": "ic_vetkeys_encrypted_maps_canister.did",
"package": "ic-vetkeys-encrypted-maps-canister",
"type": "rust"
},
"chainkey_testing_canister": {
"type": "custom",
"candid": "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.did",
"wasm": "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.wasm.gz"
}
}
},
"output_env_file": ".env"
}
6 changes: 0 additions & 6 deletions backend/rs/canisters/ic_vetkeys_encrypted_maps_canister/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,12 +220,6 @@ fn remove_user(
})
}

#[cfg(feature = "expose-testing-api")]
#[update]
fn set_vetkd_testing_canister_id(vetkd_testing_canister: Principal) {
ic_vetkeys::key_manager::set_vetkd_testing_canister_id(vetkd_testing_canister)
}

fn bytebuf_to_blob(buf: ByteBuf) -> Result<Blob<32>, String> {
Blob::try_from(buf.as_ref()).map_err(|_| "too large input".to_string())
}
Expand Down
26 changes: 2 additions & 24 deletions backend/rs/canisters/ic_vetkeys_encrypted_maps_canister/tests/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -174,14 +174,9 @@ impl TestEnvironment {
.with_application_subnet()
.with_ii_subnet()
.with_fiduciary_subnet()
.with_nonmainnet_features(true)
.build();

let vetkd_mock_canister_id = pic.create_canister();
pic.add_cycles(vetkd_mock_canister_id, 2_000_000_000_000);

let vetkd_mock_wasm_bytes = load_vetkd_mock_canister_wasm();
pic.install_canister(vetkd_mock_canister_id, vetkd_mock_wasm_bytes, vec![], None);

let example_canister_id = pic.create_canister();
pic.add_cycles(example_canister_id, 2_000_000_000_000);

Expand All @@ -198,14 +193,6 @@ impl TestEnvironment {
principal_1: random_self_authenticating_principal(rng),
};

// Set the vetkd mock canister ID in the example canister, requires the
// `--features expose-testing-api`.
let _: () = env.update(
vetkd_mock_canister_id,
"set_vetkd_testing_canister_id",
encode_one(vetkd_mock_canister_id).unwrap(),
);

env
}

Expand Down Expand Up @@ -247,20 +234,11 @@ fn load_key_manager_example_canister_wasm() -> Vec<u8> {
);
let wasm_path = Path::new(&wasm_path_string);
let wasm_bytes = std::fs::read(wasm_path).expect(
"wasm does not exist - run `cargo build --release --target wasm32-unknown-unknown --features expose-testing-api`",
"wasm does not exist - run `cargo build --release --target wasm32-unknown-unknown`",
);
wasm_bytes
}

fn load_vetkd_mock_canister_wasm() -> Vec<u8> {
let wasm_url = "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.wasm.gz";
reqwest::blocking::get(wasm_url)
.unwrap()
.bytes()
.unwrap()
.to_vec()
}

fn random_transport_key<R: Rng + CryptoRng>(rng: &mut R) -> TransportSecretKey {
let mut seed = vec![0u8; 32];
rng.fill_bytes(&mut seed);
Expand Down
4 changes: 0 additions & 4 deletions backend/rs/canisters/ic_vetkeys_manager_canister/Cargo.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,3 @@ pocket-ic = { workspace = true }
rand = { workspace = true }
rand_chacha = { workspace = true }
reqwest = "0.12.12"

[features]
expose-testing-api = ["ic-vetkeys/expose-testing-api"]

22 changes: 0 additions & 22 deletions backend/rs/canisters/ic_vetkeys_manager_canister/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,28 +10,6 @@ compile-wasm:
extract-candid: compile-wasm
candid-extractor $(ROOT_DIR)/target/wasm32-unknown-unknown/release/ic_vetkeys_manager_canister.wasm > ic_vetkeys_manager_canister.did

.PHONY: compile-wasm-test
.SILENT: compile-wasm-test
compile-wasm-test:
cargo build --release --target wasm32-unknown-unknown --features expose-testing-api

.PHONY: deploy-test
.SILENT: deploy-test
deploy-test: compile-wasm-test
dfx canister create chainkey_testing_canister && \
dfx canister create ic_vetkeys_manager_canister && \
dfx build chainkey_testing_canister && \
dfx canister install chainkey_testing_canister && \
dfx canister install --wasm $(ROOT_DIR)/target/wasm32-unknown-unknown/release/ic_vetkeys_manager_canister.wasm ic_vetkeys_manager_canister

.PHONY: mock
.SILENT: mock
mock: deploy-test
VETKD_MOCK_CANISTER_ID=$(shell dfx canister id chainkey_testing_canister); \
echo "Changing to using mock canister instead of management canister for vetkd to "$${VETKD_MOCK_CANISTER_ID}""; \
CMD="dfx canister call ic_vetkeys_manager_canister set_vetkd_testing_canister_id '(principal "\"$${VETKD_MOCK_CANISTER_ID}\"")'"; \
eval "$${CMD}"

.PHONY: export-cmd
.SILENT: export-cmd
export-cmd:
Expand Down
8 changes: 2 additions & 6 deletions backend/rs/canisters/ic_vetkeys_manager_canister/dfx.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,7 @@
"candid": "ic_vetkeys_manager_canister.did",
"package": "ic-vetkeys-manager-canister",
"type": "rust"
},
"chainkey_testing_canister": {
"type": "custom",
"candid": "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.did",
"wasm": "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.wasm.gz"
}
}
},
"output_env_file": ".env"
}
6 changes: 0 additions & 6 deletions backend/rs/canisters/ic_vetkeys_manager_canister/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,12 +91,6 @@ fn remove_user(
KEY_MANAGER.with_borrow_mut(|km| km.remove_user(ic_cdk::caller(), key_id, user))
}

#[cfg(feature = "expose-testing-api")]
#[update]
fn set_vetkd_testing_canister_id(vetkd_testing_canister: Principal) {
ic_vetkeys::key_manager::set_vetkd_testing_canister_id(vetkd_testing_canister)
}

fn bytebuf_to_blob(buf: ByteBuf) -> Result<Blob<32>, String> {
Blob::try_from(buf.as_ref()).map_err(|_| "too large input".to_string())
}
Expand Down
26 changes: 2 additions & 24 deletions backend/rs/canisters/ic_vetkeys_manager_canister/tests/tests.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,14 +178,9 @@ impl TestEnvironment {
.with_application_subnet()
.with_ii_subnet()
.with_fiduciary_subnet()
.with_nonmainnet_features(true)
.build();

let vetkd_mock_canister_id = pic.create_canister();
pic.add_cycles(vetkd_mock_canister_id, 2_000_000_000_000);

let vetkd_mock_wasm_bytes = load_vetkd_mock_canister_wasm();
pic.install_canister(vetkd_mock_canister_id, vetkd_mock_wasm_bytes, vec![], None);

let example_canister_id = pic.create_canister();
pic.add_cycles(example_canister_id, 2_000_000_000_000);

Expand All @@ -202,14 +197,6 @@ impl TestEnvironment {
principal_1: random_self_authenticating_principal(rng),
};

// Set the vetkd mock canister ID in the example canister, requires the
// `--features expose-testing-api`.
let _: () = env.update(
vetkd_mock_canister_id,
"set_vetkd_testing_canister_id",
encode_one(vetkd_mock_canister_id).unwrap(),
);

env
}

Expand Down Expand Up @@ -251,20 +238,11 @@ fn load_key_manager_example_canister_wasm() -> Vec<u8> {
);
let wasm_path = Path::new(&wasm_path_string);
let wasm_bytes = std::fs::read(wasm_path).expect(
"wasm does not exist - run `cargo build --release --target wasm32-unknown-unknown --features expose-testing-api`",
"wasm does not exist - run `cargo build --release --target wasm32-unknown-unknown`",
);
wasm_bytes
}

fn load_vetkd_mock_canister_wasm() -> Vec<u8> {
let wasm_url = "https://github.com/dfinity/chainkey-testing-canister/releases/download/v0.2.0/chainkey_testing_canister.wasm.gz";
reqwest::blocking::get(wasm_url)
.unwrap()
.bytes()
.unwrap()
.to_vec()
}

fn random_transport_key<R: Rng + CryptoRng>(rng: &mut R) -> TransportSecretKey {
let mut seed = vec![0u8; 32];
rng.fill_bytes(&mut seed);
Expand Down
Loading