feat: secp256k1 account (#2598)

# Description Currently `dfx nns install` creates a test account with ICP, however it uses an ed25519 key. Command line tools typically use secp256k1 keys. It would be useful to have an account that can be used easily with cli tools. # Changes Initialize an account controlled by a secp256k1 key.
dfinity · Sep 27, 2022 · af74ba7 · af74ba7
1 parent a44adb4
commit af74ba7
Show file tree

Hide file tree

Showing 5 changed files with 81 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,22 @@
 ### fix: Only kill main process on `dfx stop`
 Removes misleading panics when running `dfx stop`.
 
+### feat: Initialise the nns with an account controlled by a secp256k1 key
+
+This enables easy access to toy ICP using command line tools and this key:
+```
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEICJxApEbuZznKFpV+VKACRK30i6+7u5Z13/DOl18cIC+oAcGBSuBBAAK
+oUQDQgAEPas6Iag4TUx+Uop+3NhE6s3FlayFtbwdhRVjvOar0kPTfE/N8N6btRnd
+74ly5xXEBNSXiENyxhEuzOZrIWMCNQ==
+-----END EC PRIVATE KEY-----
+```
+For example, you can create an identity in dfx by putting this key in the file `ident-1.pem` and importing it:
+```
+dfx identity import ident-1 ident-1.pem
+dfx --identity ident-1 ledger balance
+```
+
 ### feat: default to run ic-wasm shrink when build canisters
 This behavior applies to Motoko, Rust and Custom canisters.
 If you want to disable this behavior, you can config it in dfx.json:

diff --git a/e2e/assets/nns/ident-1/identity.pem b/e2e/assets/nns/ident-1/identity.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHQCAQEEICJxApEbuZznKFpV+VKACRK30i6+7u5Z13/DOl18cIC+oAcGBSuBBAAK
+oUQDQgAEPas6Iag4TUx+Uop+3NhE6s3FlayFtbwdhRVjvOar0kPTfE/N8N6btRnd
+74ly5xXEBNSXiENyxhEuzOZrIWMCNQ==
+-----END EC PRIVATE KEY-----
diff --git a/e2e/tests-dfx/nns.bash b/e2e/tests-dfx/nns.bash
@@ -116,7 +116,8 @@ assert_nns_canister_id_matches() {
     dfx_start_for_nns_install
     dfx nns install
 
-    echo Checking that the install worked...
+    echo "Checking that the install worked..."
+    echo "   The expected wasms should be installed..."
     # Note:  The installation is quite expensive, so we test extensively on one installation
     #        rather than doing a separate installation for every test.  The tests are read-only
     #        so no test should affect the output of another.
@@ -145,6 +146,22 @@ assert_nns_canister_id_matches() {
     wasm_matches internet_identity internet_identity_dev.wasm
     wasm_matches nns-dapp nns-dapp_local.wasm
 
+    echo "   Accounts should have funds..."
+    account_has_funds() {
+        assert_command dfx ledger balance "$1"
+        assert_eq "1000000000.00000000 ICP"
+    }
+    SECP256K1_ACCOUNT_ID="2b8fbde99de881f695f279d2a892b1137bfe81a42d7694e064b1be58701e1138"
+    ED25519_ACCOUNT_ID="5b315d2f6702cb3a27d826161797d7b2c2e131cd312aece51d4d5574d1247087"
+    account_has_funds "$SECP256K1_ACCOUNT_ID"
+    account_has_funds "$ED25519_ACCOUNT_ID"
+
+    echo "    The secp256k1 account can be controlled from the command line"
+    install_asset nns
+    dfx identity import --force --disable-encryption ident-1 ident-1/identity.pem
+    assert_command dfx ledger account-id --identity ident-1
+    assert_eq "$SECP256K1_ACCOUNT_ID"
+
     echo Stopping dfx...
     dfx stop
 }

diff --git a/src/dfx/src/lib/nns/install_nns.rs b/src/dfx/src/lib/nns/install_nns.rs
@@ -26,6 +26,7 @@ use ic_agent::Agent;
 use ic_utils::interfaces::management_canister::builders::InstallMode;
 use ic_utils::interfaces::ManagementCanister;
 use reqwest::Url;
+use std::ffi::OsStr;
 use std::fs;
 use std::io::Write;
 use std::path::Component;
@@ -75,7 +76,10 @@ pub async fn install_nns(
     let ic_nns_init_opts = IcNnsInitOpts {
         wasm_dir: nns_wasm_dir(env),
         nns_url: nns_url.to_string(),
-        test_accounts: Some(canisters::TEST_ACCOUNT.to_string()),
+        test_accounts: vec![
+            canisters::ED25519_TEST_ACCOUNT.to_string(),
+            canisters::SECP256K1_TEST_ACCOUNT.to_string(),
+        ],
         sns_subnets: Some(subnet_id.to_string()),
     };
     ic_nns_init(ic_nns_init_path, &ic_nns_init_opts).await?;
@@ -450,7 +454,7 @@ pub struct IcNnsInitOpts {
     wasm_dir: PathBuf,
     /// The ID of a test account that ic-nns-init will create and to initialise with tokens.
     /// Note: At present only one test account is supported.
-    test_accounts: Option<String>,
+    test_accounts: Vec<String>,
     /// A subnet for SNS canisters.
     /// Note: In this context we support at most one subnet.
     sns_subnets: Option<String>,
@@ -477,6 +481,12 @@ pub async fn ic_nns_init(ic_nns_init_path: &Path, opts: &IcNnsInitOpts) -> anyho
         cmd.arg("--sns-subnet");
         cmd.arg(subnet);
     });
+    let args: Vec<_> = cmd
+        .get_args()
+        .into_iter()
+        .map(OsStr::to_string_lossy)
+        .collect();
+    println!("ic-nns-init {}", args.join(" "));
     cmd.stdout(std::process::Stdio::inherit());
     cmd.stderr(std::process::Stdio::inherit());
     let output = cmd

diff --git a/src/dfx/src/lib/nns/install_nns/canisters.rs b/src/dfx/src/lib/nns/install_nns/canisters.rs
@@ -189,4 +189,33 @@ pub const SNS_CANISTERS: [&SnsCanisterInstallation; 5] = [
 ];
 
 /// Test account with well known public & private keys, used in NNS_LEDGER, NNS_DAPP and third party projects.
-pub const TEST_ACCOUNT: &str = "5b315d2f6702cb3a27d826161797d7b2c2e131cd312aece51d4d5574d1247087";
+/// The keys use the ED25519 curve, used for BasicIdentity on th eInternet Computer.
+/// The keys are as follows, in the tweetnacl format used by agent-js:
+/// ```
+/// const publicKey = "Uu8wv55BKmk9ZErr6OIt5XR1kpEGXcOSOC1OYzrAwuk=";
+/// const privateKey =
+///    "N3HB8Hh2PrWqhWH2Qqgr1vbU9T3gb1zgdBD8ZOdlQnVS7zC/nkEqaT1kSuvo4i3ldHWSkQZdw5I4LU5jOsDC6Q==";
+/// const identity = Ed25519KeyIdentity.fromKeyPair(
+///  base64ToUInt8Array(publicKey),
+///  base64ToUInt8Array(privateKey)
+/// );
+/// ```
+pub const ED25519_TEST_ACCOUNT: &str =
+    "5b315d2f6702cb3a27d826161797d7b2c2e131cd312aece51d4d5574d1247087";
+
+/// Test account for command line usage.  The test account is typically called ident-1
+/// The keys use the secp256k1 curve.  To use:
+/// ```
+/// $ cat ~/.config/dfx/identity/ident-1/identity.pem
+/// -----BEGIN EC PRIVATE KEY-----
+/// MHQCAQEEICJxApEbuZznKFpV+VKACRK30i6+7u5Z13/DOl18cIC+oAcGBSuBBAAK
+/// oUQDQgAEPas6Iag4TUx+Uop+3NhE6s3FlayFtbwdhRVjvOar0kPTfE/N8N6btRnd
+/// 74ly5xXEBNSXiENyxhEuzOZrIWMCNQ==
+/// -----END EC PRIVATE KEY-----
+/// ```
+/// The test account should match the output of:
+/// ```
+/// $ dfx --identity ident-1 ledger account-id
+/// ```
+pub const SECP256K1_TEST_ACCOUNT: &str =
+    "2b8fbde99de881f695f279d2a892b1137bfe81a42d7694e064b1be58701e1138";