Files
nym/nym-api/src/ecash/dkg/controller/keys.rs
T
Jędrzej Stuczyński 51b511b27e Rebased the branch one more time
WIP; rebasing

Another branch squash

Squashing the v3 branch

changing min pledge amounts

logic for adding new nymnode into the contract

converting mixnode/gateway bonding into nym-node bonding

logic for migrating gateways into nymnodes

ibid for mixnodes

further nym-node work + fixed most existing unit tests

forbid nymnode migration with pending cost params changes

preassign nodeid for gateways

changing role assignment and epoch progression

changing role assignment and epoch progression

optional custom http port

logic for unbonding a nym-node

updating Delegation struct

logic for increasing pledge of either mixnode or nymnode

logic for decreasing pledge of either mixnode or a nym node

logic for changing cost params of either mixnode or a nym node

wip

initialise nymnodes storage

fixing transaction tests

fixed naive family tests

reward-compatibility related works

resolving delegation events

introduced rewarded set metadata

another iteration of restoring old tests

updated rewarding part of nym-api

parking the branch

unparking the branch

wip

purged families

added 'ExitGateway' role

passing explicit work factor for rewarding function

remove legacy layers storage

wip: node description queries

added announced ports to self-described api

step1 in gruelling journey of adding node_id to gateways

ensure epoch work never goes above 1.0

changed active set to contain role distribution

[theoretically] sending rewarding messages for the new rewarded set

[theoretically] assigning new rewarded set

reimplementing more nym-api features

remove legacy types

re-implement legacy network monitor

restoring further routes + minor refactor of NodeStatusCache

skimmed routes now return legacy nodes alongside nym-nodes

seemingly restored all functionalities in nym-api

removing more legacy things from the contract

initial contract cleanup

added nym-api endpoints to return generic annotations regardless of type

updated simulator to use new rewarding parameters

more contract cleanup

made existing mixnet contract tests compile

extra validation of nym-node bonding parameters

fixed additional compilation issues

fixed nym-api v3 database migration failure

added additional nym-node contract queries

updated the schema

made additional delegation/rewards queries compatible with both legacy mixnodes and nym-nodes

fixing existing unit tests in mixnet contract

wip

resolved first batch of 500 compiler errors

re-deprecating routes

making wallet's rust backend compile

fixed non-determinism in contract + nym-api build

fixes to the build

populating cotracts-cache with nym-nodes data

more missing nymnodes queries

temp mixnet contract methods + restored result submission in nym-api

allow deprecated routes

submitting correct results for mixnode results

removed deprecated re-export of AxumAppState and removed smurf naming

moved axum modules into support::http

cleaning up nym-api warnings

determine entry gateways before exits

exposed transaction to update nym-node config

missing memo for updating node config

 new routes

added routes to swagger and fixed relative paths

fixed some macro derivations

added nym-node commands to nym-cli
2024-10-10 13:27:05 +01:00

119 lines
4.3 KiB
Rust

// Copyright 2024 - Nym Technologies SA <contact@nymtech.net>
// SPDX-License-Identifier: GPL-3.0-only
use crate::ecash::client::Client;
use crate::ecash::keys::{KeyPairWithEpoch, LegacyCoconutKeyWithEpoch};
use crate::support::{config, nyxd};
use anyhow::{anyhow, bail, Context};
use nym_coconut_dkg_common::types::{EpochId, EpochState};
use nym_dkg::bte::keys::KeyPair as DkgKeyPair;
use rand::{CryptoRng, RngCore};
use std::path::Path;
use thiserror::__private::AsDisplay;
use tracing::warn;
pub(crate) fn init_bte_keypair<R: RngCore + CryptoRng>(
rng: &mut R,
config: &config::EcashSigner,
) -> anyhow::Result<()> {
let dkg_params = nym_dkg::bte::setup();
let kp = DkgKeyPair::new(&dkg_params, rng);
nym_pemstore::store_keypair(
&kp,
&nym_pemstore::KeyPairPath::new(
&config.storage_paths.decryption_key_path,
&config.storage_paths.public_key_with_proof_path,
),
)
.context("DKG BTE keypair store failure")
}
pub(crate) fn load_bte_keypair(config: &config::EcashSigner) -> anyhow::Result<DkgKeyPair> {
nym_pemstore::load_keypair(&nym_pemstore::KeyPairPath::new(
&config.storage_paths.decryption_key_path,
&config.storage_paths.public_key_with_proof_path,
))
.context("bte keypair load failure")
}
pub(crate) fn load_ecash_keypair_if_exists(
config: &config::EcashSigner,
) -> anyhow::Result<Option<KeyPairWithEpoch>> {
if !config.storage_paths.ecash_key_path.exists() {
return Ok(None);
}
// first attempt to load ecash keys directly,
// if that fails fallback to coconut keys and perform migration
if let Ok(ecash_key) =
nym_pemstore::load_key::<KeyPairWithEpoch, _>(&config.storage_paths.ecash_key_path)
{
return Ok(Some(ecash_key));
}
if let Ok(legacy_coconut_key) =
nym_pemstore::load_key::<LegacyCoconutKeyWithEpoch, _>(&config.storage_paths.ecash_key_path)
{
let migrated_key: KeyPairWithEpoch = legacy_coconut_key.into();
nym_pemstore::store_key(&migrated_key, &config.storage_paths.ecash_key_path)
.context("migrated key storage failure")?;
return Ok(Some(migrated_key));
}
bail!("ecash key load failure")
}
// the keys can be considered valid if they were generated for the current dkg epoch
// and we're either in the "in progress" or "key finalization" states of the DKG
pub(crate) async fn can_validate_coconut_keys(
nyxd_client: &nyxd::Client,
issued_for: EpochId,
) -> anyhow::Result<bool> {
// validate the keys if they were generated for the current dkg epoch
// and we're either in the "in progress" or "key finalization" states of the DKG
let current_dkg_epoch = nyxd_client.get_current_epoch().await?;
if issued_for != current_dkg_epoch.epoch_id {
warn!("managed to load coconut keys, but they were generated for epoch {issued_for}. The current epoch is {}. the keys won't be used for credential issuance", current_dkg_epoch.epoch_id);
Ok(false)
} else if !matches!(
current_dkg_epoch.state,
EpochState::InProgress | EpochState::VerificationKeyFinalization { .. }
) {
warn!("managed to load coconut keys, but the current DKG epoch is at {}. the keys won't (yet) be used for credential issuance", current_dkg_epoch.state);
Ok(false)
} else {
Ok(true)
}
}
pub(crate) fn persist_coconut_keypair<P: AsRef<Path>>(
keys: &KeyPairWithEpoch,
store_path: P,
) -> anyhow::Result<()> {
nym_pemstore::store_key(keys, store_path).context("coconut key store failure")
}
pub(crate) fn archive_coconut_keypair<P: AsRef<Path>>(
store_path: P,
epoch_id: EpochId,
) -> anyhow::Result<()> {
let store_path = store_path.as_ref();
if !store_path.exists() {
bail!("coconut key does not exist at {}", store_path.as_display())
}
let dir = store_path
.parent()
.ok_or(anyhow!("the coconut key does not have a valid parent"))?;
let filename = store_path
.file_name()
.ok_or(anyhow!("the coconut key does not have a valid filename"))?
.to_str()
.ok_or(anyhow!("the coconut key filename is not valid UTF8"))?;
let archive_path = dir.join(format!("epoch-{epoch_id}-{filename}.archived"));
std::fs::rename(store_path, archive_path)?;
Ok(())
}