From deca3962a74feb64a69dbb425cbf8fa1e2334415 Mon Sep 17 00:00:00 2001 From: JuArce <52429267+JuArce@users.noreply.github.com> Date: Wed, 4 Dec 2024 16:55:32 -0300 Subject: [PATCH 01/18] feat: support tls in batcher connections [wip] --- Makefile | 9 ++- batcher/Cargo.lock | 66 +++++++++++++++++++++ batcher/aligned-batcher/Cargo.toml | 2 + batcher/aligned-batcher/src/connection.rs | 3 +- batcher/aligned-batcher/src/lib.rs | 21 +++++-- batcher/aligned-batcher/src/main.rs | 13 ++-- batcher/aligned-batcher/src/types/errors.rs | 4 ++ 7 files changed, 106 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index cc42002816..b11651ab86 100644 --- a/Makefile +++ b/Makefile @@ -304,10 +304,15 @@ batcher_start: ./batcher/aligned-batcher/.env user_fund_payment_service @echo "Starting Batcher..." @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env -batcher_start_local: user_fund_payment_service +batcher_create_self_signed_cert: + @echo "Creating TLS certificate for localhost" + @openssl req -x509 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -nodes -subj '/CN=localhost' + @echo "TLS certificate created" + +batcher_start_local: user_fund_payment_service batcher_create_self_signed_cert @echo "Starting Batcher..." @$(MAKE) run_storage & - @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env.dev + @cargo run --manifest-path ./batcher/aligned-batcher/Cargo.toml --release -- --config ./config-files/config-batcher.yaml --env-file ./batcher/aligned-batcher/.env.dev --cert ./rootCA.crt --key ./rootCA.key batcher_start_local_no_fund: @echo "Starting Batcher..." diff --git a/batcher/Cargo.lock b/batcher/Cargo.lock index f04cb8c63c..6b58adce61 100644 --- a/batcher/Cargo.lock +++ b/batcher/Cargo.lock @@ -100,6 +100,7 @@ dependencies = [ "aws-sdk-s3", "backon", "bincode", + "boring", "bytes", "ciborium", "clap", @@ -121,6 +122,7 @@ dependencies = [ "sha3", "sp1-sdk", "tokio", + "tokio-boring", "tokio-tungstenite 0.21.0", "warp", ] @@ -1255,6 +1257,33 @@ dependencies = [ "thiserror 1.0.69", ] +[[package]] +name = "boring" +version = "4.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1f5aac023c3ba13725de1604aff621a9dbf9a4f3af1ea6fb712bca91ad729a8e" +dependencies = [ + "bitflags 2.6.0", + "boring-sys", + "foreign-types 0.5.0", + "libc", + "once_cell", + "openssl-macros", +] + +[[package]] +name = "boring-sys" +version = "4.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebabcc15924f3244f244cfb1dfe43c0b28236ea8c1f71dc8e5a146eae0342d79" +dependencies = [ + "autocfg", + "bindgen", + "cmake", + "fs_extra", + "fslock", +] + [[package]] name = "borsh" version = "1.5.3" @@ -1527,6 +1556,15 @@ version = "0.7.3" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "afb84c814227b90d6895e01398aee0d8033c00e7466aca416fb6a8e0eb19d8a7" +[[package]] +name = "cmake" +version = "0.1.52" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c682c223677e0e5b6b7f63a64b9351844c3f1b1678a68b7ee617e30fb082620e" +dependencies = [ + "cc", +] + [[package]] name = "coins-bip32" version = "0.8.7" @@ -2739,6 +2777,22 @@ dependencies = [ "winapi", ] +[[package]] +name = "fs_extra" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" + +[[package]] +name = "fslock" +version = "0.2.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb" +dependencies = [ + "libc", + "winapi", +] + [[package]] name = "funty" version = "2.0.0" @@ -7186,6 +7240,18 @@ dependencies = [ "windows-sys 0.52.0", ] +[[package]] +name = "tokio-boring" +version = "4.13.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e37b8f984fc360dee7b04fe901d10af3f4af08715ec21260cb600ac9cdad3a0c" +dependencies = [ + "boring", + "boring-sys", + "once_cell", + "tokio", +] + [[package]] name = "tokio-macros" version = "2.4.0" diff --git a/batcher/aligned-batcher/Cargo.toml b/batcher/aligned-batcher/Cargo.toml index 8aeb70541f..87699e557e 100644 --- a/batcher/aligned-batcher/Cargo.toml +++ b/batcher/aligned-batcher/Cargo.toml @@ -34,3 +34,5 @@ once_cell = "1.20.2" warp = "0.3.7" prometheus = { version = "0.13.4", features = ["process"] } backon = "1.2.0" +tokio-boring = "4.13.0" +boring = "4.13.0" diff --git a/batcher/aligned-batcher/src/connection.rs b/batcher/aligned-batcher/src/connection.rs index 9a87230abc..99fece3ce4 100644 --- a/batcher/aligned-batcher/src/connection.rs +++ b/batcher/aligned-batcher/src/connection.rs @@ -1,4 +1,5 @@ use std::sync::Arc; +use boring::ssl::{SslStream}; use crate::types::{batch_queue::BatchQueueEntry, errors::BatcherError}; use aligned_sdk::{ @@ -15,7 +16,7 @@ use tokio_tungstenite::{ WebSocketStream, }; -pub(crate) type WsMessageSink = Arc, Message>>>; +pub(crate) type WsMessageSink = Arc>, Message>>>; pub(crate) async fn send_batch_inclusion_data_responses( finalized_batch: Vec, diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index c6c8af65bb..704a9c9197 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -15,10 +15,11 @@ use retry::{retry_function, RetryError}; use tokio::time::{timeout, Instant}; use types::batch_state::BatchState; use types::user_state::UserState; - +use boring::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype}; use std::collections::HashMap; use std::env; use std::net::SocketAddr; +use std::path::PathBuf; use std::sync::Arc; use std::time::Duration; @@ -261,7 +262,14 @@ impl Batcher { } } - pub async fn listen_connections(self: Arc, address: &str) -> Result<(), BatcherError> { + pub async fn listen_connections(self: Arc, address: &str, cert: PathBuf, key: PathBuf) -> Result<(), BatcherError> { + let mut acceptor; + let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); + acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); + acceptor_builder.set_certificate_chain_file(cert).unwrap(); + acceptor_builder.check_private_key().unwrap(); + acceptor = Arc::new(acceptor_builder.build()); + // Create the event loop and TCP listener we'll accept connections on. let listener = TcpListener::bind(address) .await @@ -273,7 +281,7 @@ impl Batcher { Ok((stream, addr)) => { let batcher = self.clone(); // Let's spawn the handling of each connection in a separate task. - tokio::spawn(batcher.handle_connection(stream, addr)); + tokio::spawn(batcher.handle_connection(stream, addr, acceptor.clone())); } Err(e) => { self.metrics.user_error(&["connection_accept_error", ""]); @@ -367,11 +375,14 @@ impl Batcher { self: Arc, raw_stream: TcpStream, addr: SocketAddr, + acceptor: Arc, ) -> Result<(), BatcherError> { info!("Incoming TCP connection from: {}", addr); self.metrics.open_connections.inc(); - - let ws_stream_future = tokio_tungstenite::accept_async(raw_stream); + let tls_stream = tokio_boring::accept(&acceptor, raw_stream) + .await + .map_err(|e | BatcherError::TlsError(e.to_string()))?; + let ws_stream_future = tokio_tungstenite::accept_async(tls_stream); let ws_stream = match timeout(Duration::from_secs(CONNECTION_TIMEOUT), ws_stream_future).await { Ok(Ok(stream)) => stream, diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index bc13885052..b4fb7efff1 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -1,7 +1,7 @@ extern crate dotenvy; +use std::path::PathBuf; use std::sync::Arc; - use clap::Parser; use env_logger::Env; @@ -24,6 +24,12 @@ struct Cli { env_file: Option, #[arg(short, long)] port: Option, + /// cert file + #[argh(option, short = 'c')] + cert: PathBuf, + /// key file + #[argh(option, short = 'k')] + key: PathBuf, } #[tokio::main] @@ -40,8 +46,6 @@ async fn main() -> Result<(), BatcherError> { let batcher = Batcher::new(cli.config).await; let batcher = Arc::new(batcher); - let addr = format!("localhost:{}", port); - // spawn task to listening for incoming blocks tokio::spawn({ let app = batcher.clone(); @@ -54,7 +58,8 @@ async fn main() -> Result<(), BatcherError> { batcher.metrics.inc_batcher_restart(); - batcher.listen_connections(&addr).await?; + let addr = format!("localhost:{}", port); + batcher.listen_connections(&addr, cli.cert, cli.key).await?; Ok(()) } diff --git a/batcher/aligned-batcher/src/types/errors.rs b/batcher/aligned-batcher/src/types/errors.rs index 1262045d64..8d0ca1fef6 100644 --- a/batcher/aligned-batcher/src/types/errors.rs +++ b/batcher/aligned-batcher/src/types/errors.rs @@ -41,6 +41,7 @@ impl From for TransactionSendError { } pub enum BatcherError { + TlsError(String), TcpListenerError(String), ConnectionError(tungstenite::Error), BatchVerifiedEventStreamError(String), @@ -75,6 +76,9 @@ impl From for BatcherError { impl fmt::Debug for BatcherError { fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result { match self { + BatcherError::TlsError(e) => { + write!(f, "TLS Handshake error: {}", e) + } BatcherError::TcpListenerError(e) => { write!(f, "TCP Listener error: {}", e) } From 82c2173f5d620d610a614350c320243881db83fe Mon Sep 17 00:00:00 2001 From: JuArce <52429267+JuArce@users.noreply.github.com> Date: Wed, 4 Dec 2024 17:20:27 -0300 Subject: [PATCH 02/18] fix errors [wip] --- batcher/aligned-batcher/src/connection.rs | 2 +- batcher/aligned-batcher/src/lib.rs | 5 ++--- batcher/aligned-batcher/src/main.rs | 4 ++-- batcher/aligned/src/main.rs | 2 +- 4 files changed, 6 insertions(+), 7 deletions(-) diff --git a/batcher/aligned-batcher/src/connection.rs b/batcher/aligned-batcher/src/connection.rs index 99fece3ce4..8c231bc60d 100644 --- a/batcher/aligned-batcher/src/connection.rs +++ b/batcher/aligned-batcher/src/connection.rs @@ -1,5 +1,4 @@ use std::sync::Arc; -use boring::ssl::{SslStream}; use crate::types::{batch_queue::BatchQueueEntry, errors::BatcherError}; use aligned_sdk::{ @@ -11,6 +10,7 @@ use lambdaworks_crypto::merkle_tree::merkle::MerkleTree; use log::{debug, error}; use serde::Serialize; use tokio::{net::TcpStream, sync::RwLock}; +use tokio_boring::SslStream; use tokio_tungstenite::{ tungstenite::{Error, Message}, WebSocketStream, diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 704a9c9197..9abd748120 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -15,7 +15,7 @@ use retry::{retry_function, RetryError}; use tokio::time::{timeout, Instant}; use types::batch_state::BatchState; use types::user_state::UserState; -use boring::ssl::{SslMethod, SslAcceptor, SslStream, SslFiletype}; +use boring::ssl::{SslMethod, SslAcceptor, SslFiletype}; use std::collections::HashMap; use std::env; use std::net::SocketAddr; @@ -263,12 +263,11 @@ impl Batcher { } pub async fn listen_connections(self: Arc, address: &str, cert: PathBuf, key: PathBuf) -> Result<(), BatcherError> { - let mut acceptor; let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); acceptor_builder.set_certificate_chain_file(cert).unwrap(); acceptor_builder.check_private_key().unwrap(); - acceptor = Arc::new(acceptor_builder.build()); + let acceptor = Arc::new(acceptor_builder.build()); // Create the event loop and TCP listener we'll accept connections on. let listener = TcpListener::bind(address) diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index b4fb7efff1..d0b8bc1ee4 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -25,10 +25,10 @@ struct Cli { #[arg(short, long)] port: Option, /// cert file - #[argh(option, short = 'c')] + #[arg(long, short = 'c')] cert: PathBuf, /// key file - #[argh(option, short = 'k')] + #[arg(long, short = 'k')] key: PathBuf, } diff --git a/batcher/aligned/src/main.rs b/batcher/aligned/src/main.rs index 1153cacbda..17eb0c8c79 100644 --- a/batcher/aligned/src/main.rs +++ b/batcher/aligned/src/main.rs @@ -66,7 +66,7 @@ pub struct SubmitArgs { #[arg( name = "Batcher connection address", long = "batcher_url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] batcher_url: String, #[arg( From 37cadb0bcddea704d1ae085169ac875b20e7c523 Mon Sep 17 00:00:00 2001 From: Urix <43704209+uri-99@users.noreply.github.com> Date: Wed, 4 Dec 2024 20:56:54 -0300 Subject: [PATCH 03/18] fix: cargo.toml --- batcher/aligned-batcher/Cargo.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/batcher/aligned-batcher/Cargo.toml b/batcher/aligned-batcher/Cargo.toml index 87699e557e..5a9e85b3a3 100644 --- a/batcher/aligned-batcher/Cargo.toml +++ b/batcher/aligned-batcher/Cargo.toml @@ -28,7 +28,7 @@ bincode = "1.3.3" aligned-sdk = { path = "../aligned-sdk" } ciborium = "=0.2.2" priority-queue = "2.1.0" -reqwest = { version = "0.12", features = ["json"] } +reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls-native-roots"] } once_cell = "1.20.2" warp = "0.3.7" @@ -36,3 +36,4 @@ prometheus = { version = "0.13.4", features = ["process"] } backon = "1.2.0" tokio-boring = "4.13.0" boring = "4.13.0" +openssl = { version = "0.10", features = ["vendored"] } From 75d1c43158505ff8033d10ea6880d40d2ff043d5 Mon Sep 17 00:00:00 2001 From: Urix <43704209+uri-99@users.noreply.github.com> Date: Wed, 4 Dec 2024 22:29:42 -0300 Subject: [PATCH 04/18] fix: openssl version cargo --- batcher/aligned-batcher/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/batcher/aligned-batcher/Cargo.toml b/batcher/aligned-batcher/Cargo.toml index 5a9e85b3a3..d759a57c51 100644 --- a/batcher/aligned-batcher/Cargo.toml +++ b/batcher/aligned-batcher/Cargo.toml @@ -36,4 +36,4 @@ prometheus = { version = "0.13.4", features = ["process"] } backon = "1.2.0" tokio-boring = "4.13.0" boring = "4.13.0" -openssl = { version = "0.10", features = ["vendored"] } +openssl = { version = "0.10.68", features = ["vendored"] } From b3e72d3a0963ab1ef1754bf39cae7b5b5ca55116 Mon Sep 17 00:00:00 2001 From: Urix <43704209+uri-99@users.noreply.github.com> Date: Wed, 4 Dec 2024 22:39:02 -0300 Subject: [PATCH 05/18] fix: batcher listen on 0.0.0.0 --- batcher/aligned-batcher/src/main.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index d0b8bc1ee4..54689d4b92 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -55,10 +55,10 @@ async fn main() -> Result<(), BatcherError> { .expect("Error listening for new blocks exiting") } }); - + batcher.metrics.inc_batcher_restart(); - - let addr = format!("localhost:{}", port); + + let addr = format!("0.0.0.0:{}", port); batcher.listen_connections(&addr, cli.cert, cli.key).await?; Ok(()) From b8d2d7b9cfb3c5ed20af995eed9bf8481a9149fe Mon Sep 17 00:00:00 2001 From: Urix <43704209+uri-99@users.noreply.github.com> Date: Thu, 5 Dec 2024 13:52:52 -0300 Subject: [PATCH 06/18] fix: better error on batcher ws fail --- batcher/aligned-sdk/src/sdk.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/batcher/aligned-sdk/src/sdk.rs b/batcher/aligned-sdk/src/sdk.rs index 6045d84116..6e246fb88a 100644 --- a/batcher/aligned-sdk/src/sdk.rs +++ b/batcher/aligned-sdk/src/sdk.rs @@ -568,8 +568,8 @@ pub async fn get_nonce_from_batcher( batcher_ws_url: &str, address: Address, ) -> Result { - let (ws_stream, _) = connect_async(batcher_ws_url).await.map_err(|_| { - GetNonceError::ConnectionFailed("Ws connection to batcher failed".to_string()) + let (ws_stream, _) = connect_async(batcher_ws_url).await.map_err(|e| { + GetNonceError::ConnectionFailed(e.to_string()) })?; debug!("WebSocket handshake has been successfully completed"); From 8df8cb94eec8f23e743195c96490412db7583eeb Mon Sep 17 00:00:00 2001 From: JuArce <52429267+JuArce@users.noreply.github.com> Date: Fri, 6 Dec 2024 17:36:23 -0300 Subject: [PATCH 07/18] feat: use rustls [wip] --- batcher/Cargo.lock | 194 +++++++++++++++++++---------- batcher/aligned-batcher/Cargo.toml | 6 +- batcher/aligned-batcher/src/lib.rs | 23 +++- 3 files changed, 145 insertions(+), 78 deletions(-) diff --git a/batcher/Cargo.lock b/batcher/Cargo.lock index 6b58adce61..d193188238 100644 --- a/batcher/Cargo.lock +++ b/batcher/Cargo.lock @@ -1,6 +1,6 @@ # This file is automatically @generated by Cargo. # It is not intended for manual editing. -version = 3 +version = 4 [[package]] name = "Inflector" @@ -100,7 +100,6 @@ dependencies = [ "aws-sdk-s3", "backon", "bincode", - "boring", "bytes", "ciborium", "clap", @@ -116,13 +115,14 @@ dependencies = [ "prometheus", "reqwest 0.12.9", "risc0-zkvm", + "rustls 0.23.19", "serde", "serde_json", "serde_yaml", "sha3", "sp1-sdk", "tokio", - "tokio-boring", + "tokio-rustls 0.26.1", "tokio-tungstenite 0.21.0", "warp", ] @@ -650,6 +650,31 @@ dependencies = [ "zeroize", ] +[[package]] +name = "aws-lc-rs" +version = "1.12.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f409eb70b561706bf8abba8ca9c112729c481595893fd06a2dd9af8ed8441148" +dependencies = [ + "aws-lc-sys", + "paste", + "zeroize", +] + +[[package]] +name = "aws-lc-sys" +version = "0.24.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "923ded50f602b3007e5e63e3f094c479d9c8a9b42d7f4034e4afe456aa48bfd2" +dependencies = [ + "bindgen 0.69.5", + "cc", + "cmake", + "dunce", + "fs_extra", + "paste", +] + [[package]] name = "aws-runtime" version = "1.4.3" @@ -1125,6 +1150,29 @@ dependencies = [ "serde", ] +[[package]] +name = "bindgen" +version = "0.69.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088" +dependencies = [ + "bitflags 2.6.0", + "cexpr", + "clang-sys", + "itertools 0.12.1", + "lazy_static", + "lazycell", + "log", + "prettyplease", + "proc-macro2", + "quote", + "regex", + "rustc-hash 1.1.0", + "shlex", + "syn 2.0.90", + "which", +] + [[package]] name = "bindgen" version = "0.70.1" @@ -1257,33 +1305,6 @@ dependencies = [ "thiserror 1.0.69", ] -[[package]] -name = "boring" -version = "4.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1f5aac023c3ba13725de1604aff621a9dbf9a4f3af1ea6fb712bca91ad729a8e" -dependencies = [ - "bitflags 2.6.0", - "boring-sys", - "foreign-types 0.5.0", - "libc", - "once_cell", - "openssl-macros", -] - -[[package]] -name = "boring-sys" -version = "4.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ebabcc15924f3244f244cfb1dfe43c0b28236ea8c1f71dc8e5a146eae0342d79" -dependencies = [ - "autocfg", - "bindgen", - "cmake", - "fs_extra", - "fslock", -] - [[package]] name = "borsh" version = "1.5.3" @@ -1683,6 +1704,16 @@ dependencies = [ "libc", ] +[[package]] +name = "core-foundation" +version = "0.10.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b55271e5c8c478ad3f38ad24ef34923091e0548492a266d19b3c0b4d82574c63" +dependencies = [ + "core-foundation-sys", + "libc", +] + [[package]] name = "core-foundation-sys" version = "0.8.7" @@ -1696,7 +1727,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "45390e6114f68f718cc7a830514a96f903cccd70d02a8f6d9f643ac4ba45afaf" dependencies = [ "bitflags 1.3.2", - "core-foundation", + "core-foundation 0.9.4", "libc", ] @@ -2783,16 +2814,6 @@ version = "1.3.0" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c" -[[package]] -name = "fslock" -version = "0.2.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "04412b8935272e3a9bae6f48c7bfff74c2911f60525404edfdd28e49884c3bfb" -dependencies = [ - "libc", - "winapi", -] - [[package]] name = "funty" version = "2.0.0" @@ -3342,7 +3363,7 @@ dependencies = [ "hyper 0.14.31", "log", "rustls 0.21.12", - "rustls-native-certs", + "rustls-native-certs 0.6.3", "tokio", "tokio-rustls 0.24.1", ] @@ -3358,9 +3379,10 @@ dependencies = [ "hyper 1.5.1", "hyper-util", "rustls 0.23.19", + "rustls-native-certs 0.8.1", "rustls-pki-types", "tokio", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tower-service", "webpki-roots 0.26.7", ] @@ -3853,6 +3875,12 @@ dependencies = [ "spin 0.9.8", ] +[[package]] +name = "lazycell" +version = "1.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "830d08ce1d1d941e6b30645f1a0eb5643013d835ce3779a5fc208261dbe10f55" + [[package]] name = "libc" version = "0.2.167" @@ -4090,7 +4118,7 @@ dependencies = [ "openssl-probe", "openssl-sys", "schannel", - "security-framework", + "security-framework 2.11.1", "security-framework-sys", "tempfile", ] @@ -5466,6 +5494,7 @@ dependencies = [ "pin-project-lite", "quinn", "rustls 0.23.19", + "rustls-native-certs 0.8.1", "rustls-pemfile 2.2.0", "rustls-pki-types", "serde", @@ -5475,7 +5504,7 @@ dependencies = [ "system-configuration 0.6.1", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tokio-util", "tower-service", "url", @@ -5884,6 +5913,8 @@ version = "0.23.19" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "934b404430bb06b3fae2cba809eb45a1ab1aecd64491213d7c3301b88393f8d1" dependencies = [ + "aws-lc-rs", + "log", "once_cell", "ring 0.17.8", "rustls-pki-types", @@ -5901,7 +5932,19 @@ dependencies = [ "openssl-probe", "rustls-pemfile 1.0.4", "schannel", - "security-framework", + "security-framework 2.11.1", +] + +[[package]] +name = "rustls-native-certs" +version = "0.8.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7fcff2dd52b58a8d98a70243663a0d234c4e2b79235637849d15913394a247d3" +dependencies = [ + "openssl-probe", + "rustls-pki-types", + "schannel", + "security-framework 3.2.0", ] [[package]] @@ -5947,6 +5990,7 @@ version = "0.102.8" source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9" dependencies = [ + "aws-lc-rs", "ring 0.17.8", "rustls-pki-types", "untrusted 0.9.0", @@ -6111,7 +6155,20 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "897b2245f0b511c87893af39b033e5ca9cce68824c4d7e7630b5a1d339658d02" dependencies = [ "bitflags 2.6.0", - "core-foundation", + "core-foundation 0.9.4", + "core-foundation-sys", + "libc", + "security-framework-sys", +] + +[[package]] +name = "security-framework" +version = "3.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "271720403f46ca04f7ba6f55d438f8bd878d6b8ca0a1046e8228c4145bcbb316" +dependencies = [ + "bitflags 2.6.0", + "core-foundation 0.10.0", "core-foundation-sys", "libc", "security-framework-sys", @@ -6119,9 +6176,9 @@ dependencies = [ [[package]] name = "security-framework-sys" -version = "2.12.1" +version = "2.14.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "fa39c7303dc58b5543c94d22c1766b0d31f2ee58306363ea622b10bbc075eaa2" +checksum = "49db231d56a190491cb4aeda9527f1ad45345af50b0851622a7adb8c03b01c32" dependencies = [ "core-foundation-sys", "libc", @@ -6716,7 +6773,7 @@ source = "git+https://github.com/succinctlabs/sp1.git?rev=v3.0.0#ff8f482c3e135f1 dependencies = [ "anyhow", "bincode", - "bindgen", + "bindgen 0.70.1", "cc", "cfg-if", "hex", @@ -7021,7 +7078,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "ba3a3adc5c275d719af8cb4272ea1c4a6d668a777f37e115f6d11ddbc1c8e0e7" dependencies = [ "bitflags 1.3.2", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys 0.5.0", ] @@ -7032,7 +7089,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index" checksum = "3c879d448e9d986b661742763247d3693ed13609438cf3d006f51f5368a5ba6b" dependencies = [ "bitflags 2.6.0", - "core-foundation", + "core-foundation 0.9.4", "system-configuration-sys 0.6.0", ] @@ -7240,18 +7297,6 @@ dependencies = [ "windows-sys 0.52.0", ] -[[package]] -name = "tokio-boring" -version = "4.13.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e37b8f984fc360dee7b04fe901d10af3f4af08715ec21260cb600ac9cdad3a0c" -dependencies = [ - "boring", - "boring-sys", - "once_cell", - "tokio", -] - [[package]] name = "tokio-macros" version = "2.4.0" @@ -7285,12 +7330,11 @@ dependencies = [ [[package]] name = "tokio-rustls" -version = "0.26.0" +version = "0.26.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "0c7bc40d0e5a97695bb96e27995cd3a08538541b0a846f65bba7a359f36700d4" +checksum = "5f6d0975eaace0cf0fcadee4e4aaa5da15b5c079146f2cffb67c113be122bf37" dependencies = [ "rustls 0.23.19", - "rustls-pki-types", "tokio", ] @@ -7334,7 +7378,7 @@ dependencies = [ "rustls-pki-types", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tungstenite 0.23.0", "webpki-roots 0.26.7", ] @@ -7352,7 +7396,7 @@ dependencies = [ "rustls-pki-types", "tokio", "tokio-native-tls", - "tokio-rustls 0.26.0", + "tokio-rustls 0.26.1", "tungstenite 0.24.0", "webpki-roots 0.26.7", ] @@ -8006,6 +8050,18 @@ dependencies = [ "rustls-pki-types", ] +[[package]] +name = "which" +version = "4.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7" +dependencies = [ + "either", + "home", + "once_cell", + "rustix", +] + [[package]] name = "winapi" version = "0.3.9" diff --git a/batcher/aligned-batcher/Cargo.toml b/batcher/aligned-batcher/Cargo.toml index d759a57c51..388945d279 100644 --- a/batcher/aligned-batcher/Cargo.toml +++ b/batcher/aligned-batcher/Cargo.toml @@ -34,6 +34,6 @@ once_cell = "1.20.2" warp = "0.3.7" prometheus = { version = "0.13.4", features = ["process"] } backon = "1.2.0" -tokio-boring = "4.13.0" -boring = "4.13.0" -openssl = { version = "0.10.68", features = ["vendored"] } +rustls = "0.23.19" +tokio-rustls = "0.26.1" + diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 9abd748120..3e95c2436e 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -15,7 +15,6 @@ use retry::{retry_function, RetryError}; use tokio::time::{timeout, Instant}; use types::batch_state::BatchState; use types::user_state::UserState; -use boring::ssl::{SslMethod, SslAcceptor, SslFiletype}; use std::collections::HashMap; use std::env; use std::net::SocketAddr; @@ -45,8 +44,11 @@ use futures_util::{future, SinkExt, StreamExt, TryStreamExt}; use lambdaworks_crypto::merkle_tree::merkle::MerkleTree; use lambdaworks_crypto::merkle_tree::traits::IsMerkleTreeBackend; use log::{debug, error, info, warn}; +use rustls::pki_types::pem::PemObject; +use rustls::pki_types::{CertificateDer, PrivateKeyDer}; use tokio::net::{TcpListener, TcpStream}; use tokio::sync::{Mutex, MutexGuard, RwLock}; +use tokio_rustls::{rustls, TlsAcceptor}; use tokio_tungstenite::tungstenite::{Error, Message}; use types::batch_queue::{self, BatchQueueEntry, BatchQueueEntryPriority}; use types::errors::{BatcherError, TransactionSendError}; @@ -263,11 +265,20 @@ impl Batcher { } pub async fn listen_connections(self: Arc, address: &str, cert: PathBuf, key: PathBuf) -> Result<(), BatcherError> { - let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); - acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); - acceptor_builder.set_certificate_chain_file(cert).unwrap(); - acceptor_builder.check_private_key().unwrap(); - let acceptor = Arc::new(acceptor_builder.build()); + // let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); + // acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); + // acceptor_builder.set_certificate_chain_file(cert).unwrap(); + // acceptor_builder.check_private_key().unwrap(); + // let acceptor = Arc::new(acceptor_builder.build()); + // Reference: https://github.com/rustls/tokio-rustls/blob/main/examples/server.rs + let cert = vec![CertificateDer::from_pem_file(cert)?]; + let key = PrivateKeyDer::from_pem_file(key)?; + + let config = rustls::ServerConfig::builder() + .with_no_client_auth() + .with_single_cert(cert, key)?; + + let acceptor = TlsAcceptor::from(Arc::new(config)); // Create the event loop and TCP listener we'll accept connections on. let listener = TcpListener::bind(address) From b56624c0adccd39f88b955d836f2bfd572bccea6 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Fri, 6 Dec 2024 18:14:08 -0300 Subject: [PATCH 08/18] fix build with rustls --- batcher/aligned-batcher/src/connection.rs | 4 ++-- batcher/aligned-batcher/src/lib.rs | 19 ++++++++++++------- 2 files changed, 14 insertions(+), 9 deletions(-) diff --git a/batcher/aligned-batcher/src/connection.rs b/batcher/aligned-batcher/src/connection.rs index 8c231bc60d..d1f7c2fcfe 100644 --- a/batcher/aligned-batcher/src/connection.rs +++ b/batcher/aligned-batcher/src/connection.rs @@ -10,13 +10,13 @@ use lambdaworks_crypto::merkle_tree::merkle::MerkleTree; use log::{debug, error}; use serde::Serialize; use tokio::{net::TcpStream, sync::RwLock}; -use tokio_boring::SslStream; +use tokio_rustls::server::TlsStream; use tokio_tungstenite::{ tungstenite::{Error, Message}, WebSocketStream, }; -pub(crate) type WsMessageSink = Arc>, Message>>>; +pub(crate) type WsMessageSink = Arc>, Message>>>; pub(crate) async fn send_batch_inclusion_data_responses( finalized_batch: Vec, diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 3e95c2436e..9fcd614fa6 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -271,14 +271,19 @@ impl Batcher { // acceptor_builder.check_private_key().unwrap(); // let acceptor = Arc::new(acceptor_builder.build()); // Reference: https://github.com/rustls/tokio-rustls/blob/main/examples/server.rs - let cert = vec![CertificateDer::from_pem_file(cert)?]; - let key = PrivateKeyDer::from_pem_file(key)?; + let cert = vec![ + CertificateDer::from_pem_file(cert) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?, + ]; + let key = PrivateKeyDer::from_pem_file(key) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?; let config = rustls::ServerConfig::builder() .with_no_client_auth() - .with_single_cert(cert, key)?; + .with_single_cert(cert, key) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?; - let acceptor = TlsAcceptor::from(Arc::new(config)); + let acceptor = Arc::new(TlsAcceptor::from(Arc::new(config))); // Create the event loop and TCP listener we'll accept connections on. let listener = TcpListener::bind(address) @@ -385,13 +390,13 @@ impl Batcher { self: Arc, raw_stream: TcpStream, addr: SocketAddr, - acceptor: Arc, + acceptor: Arc, ) -> Result<(), BatcherError> { info!("Incoming TCP connection from: {}", addr); self.metrics.open_connections.inc(); - let tls_stream = tokio_boring::accept(&acceptor, raw_stream) + let tls_stream = acceptor.accept(raw_stream) .await - .map_err(|e | BatcherError::TlsError(e.to_string()))?; + .map_err(|e| BatcherError::TlsError(e.to_string()))?; let ws_stream_future = tokio_tungstenite::accept_async(tls_stream); let ws_stream = match timeout(Duration::from_secs(CONNECTION_TIMEOUT), ws_stream_future).await { From 1df5d72ddb8dcc86293e3ccfde6a4d51c5057131 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Fri, 6 Dec 2024 19:14:53 -0300 Subject: [PATCH 09/18] initialize crypto provider --- batcher/aligned-batcher/src/main.rs | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index 54689d4b92..693dffceb0 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -4,6 +4,7 @@ use std::path::PathBuf; use std::sync::Arc; use clap::Parser; use env_logger::Env; +use rustls::crypto::{CryptoProvider, aws_lc_rs}; use aligned_batcher::{types::errors::BatcherError, Batcher}; @@ -34,6 +35,9 @@ struct Cli { #[tokio::main] async fn main() -> Result<(), BatcherError> { + CryptoProvider::install_default(aws_lc_rs::default_provider()) + .expect("failed to initialize crypto provider"); + let cli = Cli::parse(); let port = cli.port.unwrap_or(8080); From c869a865ca3d3b9ef43362b4369aaba99621b631 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Tue, 10 Dec 2024 14:42:44 -0300 Subject: [PATCH 10/18] update senders to use wss --- batcher/aligned-task-sender/src/structs.rs | 4 ++-- batcher/aligned/generate_proof_and_send.sh | 2 +- .../send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh | 2 +- batcher/aligned/send_infinite_tasks.sh | 2 +- batcher/aligned/src/main.rs | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/batcher/aligned-task-sender/src/structs.rs b/batcher/aligned-task-sender/src/structs.rs index 7c5d36f6bb..e8937e2a76 100644 --- a/batcher/aligned-task-sender/src/structs.rs +++ b/batcher/aligned-task-sender/src/structs.rs @@ -91,7 +91,7 @@ pub struct TestConnectionsArgs { #[arg( name = "Batcher connection address", long = "batcher-url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] pub batcher_url: String, #[arg( @@ -114,7 +114,7 @@ pub struct SendInfiniteProofsArgs { #[arg( name = "Batcher connection address", long = "batcher-url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] pub batcher_url: String, #[arg( diff --git a/batcher/aligned/generate_proof_and_send.sh b/batcher/aligned/generate_proof_and_send.sh index bcfa684544..4bab1c2f20 100755 --- a/batcher/aligned/generate_proof_and_send.sh +++ b/batcher/aligned/generate_proof_and_send.sh @@ -26,7 +26,7 @@ go run scripts/test_files/gnark_groth16_bn254_infinite_script/cmd/main.go $x # Set default values for RPC and BATCHER if they are not set RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh b/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh index 079a8dcc57..1684c3de93 100755 --- a/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh +++ b/batcher/aligned/send_infinite_sp1_tasks/send_infinite_sp1_tasks.sh @@ -13,7 +13,7 @@ else fi RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/send_infinite_tasks.sh b/batcher/aligned/send_infinite_tasks.sh index d79ff8ab3b..93577f79e9 100755 --- a/batcher/aligned/send_infinite_tasks.sh +++ b/batcher/aligned/send_infinite_tasks.sh @@ -14,7 +14,7 @@ fi # Set default values for RPC and BATCHER if they are not set RPC=${RPC:-http://localhost:8545} -BATCHER_CONN=${BATCHER_CONN:-ws://localhost:8080} +BATCHER_CONN=${BATCHER_CONN:-wss://localhost:8080} if [ -z "$NETWORK" ]; then echo "NETWORK is not set. Setting it to devnet" NETWORK="devnet" diff --git a/batcher/aligned/src/main.rs b/batcher/aligned/src/main.rs index 17eb0c8c79..775b1c2a5b 100644 --- a/batcher/aligned/src/main.rs +++ b/batcher/aligned/src/main.rs @@ -207,7 +207,7 @@ pub struct GetUserNonceArgs { #[arg( name = "Batcher connection address", long = "batcher_url", - default_value = "ws://localhost:8080" + default_value = "wss://localhost:8080" )] batcher_url: String, #[arg( From e434f6ea1d0f5f8a210114f9b55300a2972d3ddf Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Wed, 18 Dec 2024 14:16:51 -0300 Subject: [PATCH 11/18] cargo fmt --- batcher/aligned-batcher/src/connection.rs | 3 ++- batcher/aligned-batcher/src/lib.rs | 22 +++++++++++++--------- batcher/aligned-batcher/src/main.rs | 10 +++++----- batcher/aligned-sdk/src/sdk.rs | 6 +++--- 4 files changed, 23 insertions(+), 18 deletions(-) diff --git a/batcher/aligned-batcher/src/connection.rs b/batcher/aligned-batcher/src/connection.rs index d1f7c2fcfe..d7630775b7 100644 --- a/batcher/aligned-batcher/src/connection.rs +++ b/batcher/aligned-batcher/src/connection.rs @@ -16,7 +16,8 @@ use tokio_tungstenite::{ WebSocketStream, }; -pub(crate) type WsMessageSink = Arc>, Message>>>; +pub(crate) type WsMessageSink = + Arc>, Message>>>; pub(crate) async fn send_batch_inclusion_data_responses( finalized_batch: Vec, diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 9fcd614fa6..5b2b11190f 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -12,15 +12,15 @@ use retry::batcher_retryables::{ user_balance_is_unlocked_retryable, }; use retry::{retry_function, RetryError}; -use tokio::time::{timeout, Instant}; -use types::batch_state::BatchState; -use types::user_state::UserState; use std::collections::HashMap; use std::env; use std::net::SocketAddr; use std::path::PathBuf; use std::sync::Arc; use std::time::Duration; +use tokio::time::{timeout, Instant}; +use types::batch_state::BatchState; +use types::user_state::UserState; use aligned_sdk::core::constants::{ ADDITIONAL_SUBMISSION_GAS_COST_PER_PROOF, AGGREGATOR_GAS_COST, BUMP_BACKOFF_FACTOR, @@ -264,17 +264,20 @@ impl Batcher { } } - pub async fn listen_connections(self: Arc, address: &str, cert: PathBuf, key: PathBuf) -> Result<(), BatcherError> { + pub async fn listen_connections( + self: Arc, + address: &str, + cert: PathBuf, + key: PathBuf, + ) -> Result<(), BatcherError> { // let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); // acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); // acceptor_builder.set_certificate_chain_file(cert).unwrap(); // acceptor_builder.check_private_key().unwrap(); // let acceptor = Arc::new(acceptor_builder.build()); // Reference: https://github.com/rustls/tokio-rustls/blob/main/examples/server.rs - let cert = vec![ - CertificateDer::from_pem_file(cert) - .map_err(|e| BatcherError::TlsError(format!("{e}")))?, - ]; + let cert = vec![CertificateDer::from_pem_file(cert) + .map_err(|e| BatcherError::TlsError(format!("{e}")))?]; let key = PrivateKeyDer::from_pem_file(key) .map_err(|e| BatcherError::TlsError(format!("{e}")))?; @@ -394,7 +397,8 @@ impl Batcher { ) -> Result<(), BatcherError> { info!("Incoming TCP connection from: {}", addr); self.metrics.open_connections.inc(); - let tls_stream = acceptor.accept(raw_stream) + let tls_stream = acceptor + .accept(raw_stream) .await .map_err(|e| BatcherError::TlsError(e.to_string()))?; let ws_stream_future = tokio_tungstenite::accept_async(tls_stream); diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index 693dffceb0..1dbc072ca1 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -1,10 +1,10 @@ extern crate dotenvy; -use std::path::PathBuf; -use std::sync::Arc; use clap::Parser; use env_logger::Env; -use rustls::crypto::{CryptoProvider, aws_lc_rs}; +use rustls::crypto::{aws_lc_rs, CryptoProvider}; +use std::path::PathBuf; +use std::sync::Arc; use aligned_batcher::{types::errors::BatcherError, Batcher}; @@ -59,9 +59,9 @@ async fn main() -> Result<(), BatcherError> { .expect("Error listening for new blocks exiting") } }); - + batcher.metrics.inc_batcher_restart(); - + let addr = format!("0.0.0.0:{}", port); batcher.listen_connections(&addr, cli.cert, cli.key).await?; diff --git a/batcher/aligned-sdk/src/sdk.rs b/batcher/aligned-sdk/src/sdk.rs index 6e246fb88a..99c00c9d51 100644 --- a/batcher/aligned-sdk/src/sdk.rs +++ b/batcher/aligned-sdk/src/sdk.rs @@ -568,9 +568,9 @@ pub async fn get_nonce_from_batcher( batcher_ws_url: &str, address: Address, ) -> Result { - let (ws_stream, _) = connect_async(batcher_ws_url).await.map_err(|e| { - GetNonceError::ConnectionFailed(e.to_string()) - })?; + let (ws_stream, _) = connect_async(batcher_ws_url) + .await + .map_err(|e| GetNonceError::ConnectionFailed(e.to_string()))?; debug!("WebSocket handshake has been successfully completed"); let (mut ws_write, mut ws_read) = ws_stream.split(); From 5449a2591c62f5cd15477424dfcdbc56899e6a94 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Wed, 18 Dec 2024 16:43:08 -0300 Subject: [PATCH 12/18] delete commented code --- batcher/aligned-batcher/src/lib.rs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/batcher/aligned-batcher/src/lib.rs b/batcher/aligned-batcher/src/lib.rs index 5b2b11190f..57f3bb15ea 100644 --- a/batcher/aligned-batcher/src/lib.rs +++ b/batcher/aligned-batcher/src/lib.rs @@ -270,11 +270,6 @@ impl Batcher { cert: PathBuf, key: PathBuf, ) -> Result<(), BatcherError> { - // let mut acceptor_builder = SslAcceptor::mozilla_intermediate_v5(SslMethod::tls()).unwrap(); - // acceptor_builder.set_private_key_file(key, SslFiletype::PEM).unwrap(); - // acceptor_builder.set_certificate_chain_file(cert).unwrap(); - // acceptor_builder.check_private_key().unwrap(); - // let acceptor = Arc::new(acceptor_builder.build()); // Reference: https://github.com/rustls/tokio-rustls/blob/main/examples/server.rs let cert = vec![CertificateDer::from_pem_file(cert) .map_err(|e| BatcherError::TlsError(format!("{e}")))?]; From b07920402edb2139383413309200ea1cef3f53f3 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Wed, 18 Dec 2024 16:44:24 -0300 Subject: [PATCH 13/18] avoid clash between `config` and `cert` flags --- batcher/aligned-batcher/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/batcher/aligned-batcher/src/main.rs b/batcher/aligned-batcher/src/main.rs index 1dbc072ca1..68e13421fb 100644 --- a/batcher/aligned-batcher/src/main.rs +++ b/batcher/aligned-batcher/src/main.rs @@ -26,7 +26,7 @@ struct Cli { #[arg(short, long)] port: Option, /// cert file - #[arg(long, short = 'c')] + #[arg(long, short = 'C')] cert: PathBuf, /// key file #[arg(long, short = 'k')] From 8d55205a00a6aa0c2181cff19e73911e24cd0077 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Thu, 19 Dec 2024 01:39:22 -0300 Subject: [PATCH 14/18] add missing params to docker command --- docker/batcher.Dockerfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker/batcher.Dockerfile b/docker/batcher.Dockerfile index 0f7689abb8..7c63c6f388 100644 --- a/docker/batcher.Dockerfile +++ b/docker/batcher.Dockerfile @@ -61,5 +61,6 @@ COPY ./config-files/config-batcher-docker.yaml ./config-files/ COPY ./config-files/anvil.batcher.ecdsa.key.json ./config-files/ RUN apt update -y && apt install -y libssl-dev ca-certificates +RUN openssl req -x509 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -nodes -subj '/CN=localhost' -CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml"] +CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml", "--cert", "./rootCA.crt", "--key", "./rootCA.key"] From ce296f7a287336d4e1aae87497fed74acebd494b Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Thu, 19 Dec 2024 01:54:13 -0300 Subject: [PATCH 15/18] use mkcert for the dockerfile that automatically adds a root authority --- docker/batcher.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/batcher.Dockerfile b/docker/batcher.Dockerfile index 7c63c6f388..dc8a3cb41c 100644 --- a/docker/batcher.Dockerfile +++ b/docker/batcher.Dockerfile @@ -60,7 +60,7 @@ COPY ../scripts/test_files/ ./scripts/test_files COPY ./config-files/config-batcher-docker.yaml ./config-files/ COPY ./config-files/anvil.batcher.ecdsa.key.json ./config-files/ -RUN apt update -y && apt install -y libssl-dev ca-certificates -RUN openssl req -x509 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -nodes -subj '/CN=localhost' +RUN apt update -y && apt install -y libssl-dev ca-certificates mkcert +RUN mkcert localhost -cert-file rootCA.crt -key-file rootCA.key CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml", "--cert", "./rootCA.crt", "--key", "./rootCA.key"] From 2368cb8c80a8c7029c4eea392fa3d6eb1da038bb Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Thu, 19 Dec 2024 02:04:50 -0300 Subject: [PATCH 16/18] fix mkcert command --- docker/batcher.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/batcher.Dockerfile b/docker/batcher.Dockerfile index dc8a3cb41c..9cf81d16c5 100644 --- a/docker/batcher.Dockerfile +++ b/docker/batcher.Dockerfile @@ -61,6 +61,6 @@ COPY ./config-files/config-batcher-docker.yaml ./config-files/ COPY ./config-files/anvil.batcher.ecdsa.key.json ./config-files/ RUN apt update -y && apt install -y libssl-dev ca-certificates mkcert -RUN mkcert localhost -cert-file rootCA.crt -key-file rootCA.key +RUN mkcert -cert-file rootCA.crt -key-file rootCA.key localhost CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml", "--cert", "./rootCA.crt", "--key", "./rootCA.key"] From 2b40276ac6afa84721df6bcee0bdb00bd4253c47 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Thu, 19 Dec 2024 02:07:34 -0300 Subject: [PATCH 17/18] fix mkcert command --- docker/batcher.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/batcher.Dockerfile b/docker/batcher.Dockerfile index 9cf81d16c5..013e98496e 100644 --- a/docker/batcher.Dockerfile +++ b/docker/batcher.Dockerfile @@ -61,6 +61,6 @@ COPY ./config-files/config-batcher-docker.yaml ./config-files/ COPY ./config-files/anvil.batcher.ecdsa.key.json ./config-files/ RUN apt update -y && apt install -y libssl-dev ca-certificates mkcert -RUN mkcert -cert-file rootCA.crt -key-file rootCA.key localhost +RUN mkcert -install -cert-file rootCA.crt -key-file rootCA.key localhost CMD ["aligned-batcher", "--config", "./config-files/config-batcher-docker.yaml", "--cert", "./rootCA.crt", "--key", "./rootCA.key"] From 4d7e93906319156c60869e0858228e7d9c2b4b46 Mon Sep 17 00:00:00 2001 From: Mario Rugiero Date: Thu, 19 Dec 2024 02:42:45 -0300 Subject: [PATCH 18/18] use mkcert everywhere, document dep --- Makefile | 2 +- docs/3_guides/6_setup_aligned.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b11651ab86..e17ce9fbaf 100644 --- a/Makefile +++ b/Makefile @@ -306,7 +306,7 @@ batcher_start: ./batcher/aligned-batcher/.env user_fund_payment_service batcher_create_self_signed_cert: @echo "Creating TLS certificate for localhost" - @openssl req -x509 -days 1825 -newkey rsa:2048 -keyout rootCA.key -out rootCA.crt -nodes -subj '/CN=localhost' + @mkcert -install -cert-file rootCA.crt -key-file rootCA.key localhost @echo "TLS certificate created" batcher_start_local: user_fund_payment_service batcher_create_self_signed_cert diff --git a/docs/3_guides/6_setup_aligned.md b/docs/3_guides/6_setup_aligned.md index 536deac049..477d184973 100644 --- a/docs/3_guides/6_setup_aligned.md +++ b/docs/3_guides/6_setup_aligned.md @@ -9,6 +9,7 @@ Ensure you have the following installed: - [Foundry](https://book.getfoundry.sh/getting-started/installation) - [jq](https://jqlang.github.io/jq/) - [yq](https://github.com/mikefarah/yq) +- [mkcert](https://github.com/FiloSottile/mkcert) After installing foundryup, you need to install a specific Foundry version: