From cc62f7dcf25400eddc68e186308280486da25291 Mon Sep 17 00:00:00 2001
From: Zeke Mostov <zeke@turnkey.io>
Date: Sat, 20 Apr 2024 22:40:23 -0600
Subject: [PATCH] ensure deterministic reshard input

---
 src/qos_client/src/cli/services.rs                | 3 ++-
 src/qos_core/src/protocol/services/attestation.rs | 3 ++-
 src/qos_core/src/protocol/services/reshard.rs     | 6 ++++--
 3 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/qos_client/src/cli/services.rs b/src/qos_client/src/cli/services.rs
index 0ecfa19f..67aae96a 100644
--- a/src/qos_client/src/cli/services.rs
+++ b/src/qos_client/src/cli/services.rs
@@ -1552,7 +1552,8 @@ pub(crate) fn reshard_re_encrypt_share(
 		unsafe_auto_confirm,
 	}: ReshardReEncryptShareArgs,
 ) -> Result<(), Error> {
-	let reshard_input = read_reshard_input(reshard_input_path)?;
+	let mut reshard_input = read_reshard_input(reshard_input_path)?;
+	reshard_input.deterministic();
 	let attestation_doc =
 		read_attestation_doc(&attestation_doc_path, unsafe_skip_attestation)?;
 	let mut new_share_set = get_share_set(&new_share_set_dir);
diff --git a/src/qos_core/src/protocol/services/attestation.rs b/src/qos_core/src/protocol/services/attestation.rs
index d3a402d4..df261a6a 100644
--- a/src/qos_core/src/protocol/services/attestation.rs
+++ b/src/qos_core/src/protocol/services/attestation.rs
@@ -27,10 +27,11 @@ pub(in crate::protocol) fn reshard_attestation_doc(
 ) -> Result<NsmResponse, ProtocolError> {
 	let ephemeral_public_key =
 		state.handles.get_ephemeral_key()?.public_key().to_bytes();
-	let reshard_input = state
+	let mut reshard_input = state
 		.reshard_input
 		.clone()
 		.ok_or(ProtocolError::MissingReshardInput)?;
+	reshard_input.deterministic();
 
 	Ok(get_post_boot_attestation_doc(
 		&*state.attestor,
diff --git a/src/qos_core/src/protocol/services/reshard.rs b/src/qos_core/src/protocol/services/reshard.rs
index fce811ca..a2ea8c4a 100644
--- a/src/qos_core/src/protocol/services/reshard.rs
+++ b/src/qos_core/src/protocol/services/reshard.rs
@@ -85,7 +85,8 @@ pub struct ReshardInput {
 }
 
 impl ReshardInput {
-	fn deterministic(&mut self) {
+	/// Make sure reshard input is deterministic
+	pub fn deterministic(&mut self) {
 		self.quorum_keys.sort();
 	}
 
@@ -249,12 +250,13 @@ pub(in crate::protocol) fn reshard_provision(
 	input: ReshardProvisionInput,
 	state: &mut ProtocolState,
 ) -> Result<bool, ProtocolError> {
-	let reshard_input = state
+	let mut reshard_input = state
 		.reshard_input
 		.as_ref()
 		.ok_or(ProtocolError::MissingReshardInput)?
 		.clone();
 
+	reshard_input.deterministic();
 	input.approval.verify(&reshard_input.qos_hash())?;
 
 	if !reshard_input.old_share_set.members.contains(&input.approval.member) {