axelar-cgp-sui

Module axelar_gateway::auth

• Struct AxelarSigners
• Struct MessageToSign
• Constants
• Function new
• Function setup
• Function validate_proof
• Function rotate_signers
• Function update_rotation_timestamp

use axelar_gateway::bytes32;
use axelar_gateway::events;
use axelar_gateway::message;
use axelar_gateway::proof;
use axelar_gateway::weighted_signer;
use axelar_gateway::weighted_signers;
use std::ascii;
use std::bcs;
use std::option;
use std::string;
use std::vector;
use sui::address;
use sui::bcs;
use sui::clock;
use sui::dynamic_field;
use sui::ecdsa_k1;
use sui::event;
use sui::hash;
use sui::hex;
use sui::object;
use sui::party;
use sui::table;
use sui::transfer;
use sui::tx_context;
use sui::vec_map;

Struct AxelarSigners

public struct AxelarSigners has store

Fields

epoch: u64

Epoch of the signers.

epoch_by_signers_hash: sui::table::Table<axelar_gateway::bytes32::Bytes32, u64>

Epoch for the signers hash.

domain_separator: axelar_gateway::bytes32::Bytes32

Domain separator between chains.

minimum_rotation_delay: u64

Minimum rotation delay.

last_rotation_timestamp: u64

Timestamp of the last rotation.

previous_signers_retention: u64

Number of previous signers retained (latest signer isn't included in the count).

Struct MessageToSign

public struct MessageToSign has copy, drop, store

Fields

domain_separator: axelar_gateway::bytes32::Bytes32

signers_hash: axelar_gateway::bytes32::Bytes32

data_hash: axelar_gateway::bytes32::Bytes32

Constants

#[error]
const EInsufficientRotationDelay: vector<u8> = b"insufficient rotation delay";

#[error]
const EInvalidEpoch: vector<u8> = b"the difference between current_epoch and signers_epoch exceeds the allowed retention period";

Function new

public(package) fun new(ctx: &mut sui::tx_context::TxContext): axelar_gateway::auth::AxelarSigners

Implementation

public(package) fun new(ctx: &mut TxContext): AxelarSigners {
    AxelarSigners {
        epoch: 0,
        epoch_by_signers_hash: table::new(ctx),
        domain_separator: bytes32::default(),
        minimum_rotation_delay: 0,
        last_rotation_timestamp: 0,
        previous_signers_retention: 0,
    }
}

Function setup

public(package) fun setup(domain_separator: axelar_gateway::bytes32::Bytes32, minimum_rotation_delay: u64, previous_signers_retention: u64, initial_signers: axelar_gateway::weighted_signers::WeightedSigners, clock: &sui::clock::Clock, ctx: &mut sui::tx_context::TxContext): axelar_gateway::auth::AxelarSigners

Implementation

public(package) fun setup(
    domain_separator: Bytes32,
    minimum_rotation_delay: u64,
    previous_signers_retention: u64,
    initial_signers: WeightedSigners,
    clock: &Clock,
    ctx: &mut TxContext,
): AxelarSigners {
    let mut signers = AxelarSigners {
        epoch: 0,
        epoch_by_signers_hash: table::new(ctx),
        domain_separator,
        minimum_rotation_delay,
        last_rotation_timestamp: 0,
        previous_signers_retention,
    };
    signers.rotate_signers(clock, initial_signers, false);
    signers
}

Function validate_proof

public(package) fun validate_proof(self: &axelar_gateway::auth::AxelarSigners, data_hash: axelar_gateway::bytes32::Bytes32, proof: axelar_gateway::proof::Proof): bool

Implementation

public(package) fun validate_proof(self: &AxelarSigners, data_hash: Bytes32, proof: Proof): bool {
    let signers = proof.signers();
    let signers_hash = signers.hash();
    let signers_epoch = self.epoch_by_signers_hash[signers_hash];
    let current_epoch = self.epoch;
    let is_latest_signers = current_epoch == signers_epoch;
    assert!(signers_epoch != 0 &&
    (current_epoch - signers_epoch) <= self.previous_signers_retention, EInvalidEpoch);
    proof.validate(
        bcs::to_bytes(
            &MessageToSign {
                domain_separator: self.domain_separator,
                signers_hash,
                data_hash,
            },
        ),
    );
    is_latest_signers
}

Function rotate_signers

public(package) fun rotate_signers(self: &mut axelar_gateway::auth::AxelarSigners, clock: &sui::clock::Clock, new_signers: axelar_gateway::weighted_signers::WeightedSigners, enforce_rotation_delay: bool)

Implementation

public(package) fun rotate_signers(
    self: &mut AxelarSigners,
    clock: &Clock,
    new_signers: WeightedSigners,
    enforce_rotation_delay: bool,
) {
    new_signers.validate();
    self.update_rotation_timestamp(clock, enforce_rotation_delay);
    let new_signers_hash = new_signers.hash();
    let epoch = self.epoch + 1;
    // Aborts if the signers already exist
    self.epoch_by_signers_hash.add(new_signers_hash, epoch);
    self.epoch = epoch;
    events::signers_rotated(
        epoch,
        new_signers_hash,
        new_signers,
    );
}

Function update_rotation_timestamp

fun update_rotation_timestamp(self: &mut axelar_gateway::auth::AxelarSigners, clock: &sui::clock::Clock, enforce_rotation_delay: bool)

Implementation

fun update_rotation_timestamp(self: &mut AxelarSigners, clock: &Clock, enforce_rotation_delay: bool) {
    let current_timestamp = clock.timestamp_ms();
    // If the rotation delay is enforced, the current timestamp should be
    // greater than the last rotation timestamp plus the minimum rotation delay.
    assert!(
        !enforce_rotation_delay ||
    current_timestamp >=
    self.last_rotation_timestamp + self.minimum_rotation_delay,
        EInsufficientRotationDelay,
    );
    self.last_rotation_timestamp = current_timestamp;
}