[feature] hyperledger#4285: Verifiable Random Function in Sumeragi

Signed-off-by: Sam H. Smith <sam.henning.smith@protonmail.com>
SamHSmith · Apr 22, 2024 · 1dcd8eb · 1dcd8eb
1 parent 7cec705
commit 1dcd8eb
Show file tree

Hide file tree

Showing 32 changed files with 375 additions and 190 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/cli/src/lib.rs b/cli/src/lib.rs
@@ -638,14 +638,15 @@ mod tests {
 
         use assertables::{assert_contains, assert_contains_as_result};
         use iroha_config::parameters::user::RootPartial as PartialUserConfig;
-        use iroha_crypto::KeyPair;
+        use iroha_crypto::{Algorithm, KeyPair};
         use iroha_primitives::addr::socket_addr;
         use path_absolutize::Absolutize as _;
 
         use super::*;
 
         fn config_factory() -> PartialUserConfig {
-            let (pubkey, privkey) = KeyPair::random().into_parts();
+            let (pubkey, privkey) =
+                KeyPair::random_with_algorithm(Algorithm::Secp256k1).into_parts();
 
             let mut base = PartialUserConfig::default();
 

diff --git a/client/tests/integration/extra_functional/offline_peers.rs b/client/tests/integration/extra_functional/offline_peers.rs
@@ -7,7 +7,7 @@ use iroha_client::{
     },
 };
 use iroha_config::parameters::actual::Root as Config;
-use iroha_crypto::KeyPair;
+use iroha_crypto::{Algorithm, KeyPair};
 use iroha_primitives::addr::socket_addr;
 use test_network::*;
 use tokio::runtime::Runtime;
@@ -53,7 +53,7 @@ fn register_offline_peer() -> Result<()> {
     check_status(&peer_clients, 1);
 
     let address = socket_addr!(128.0.0.2:8085);
-    let key_pair = KeyPair::random();
+    let key_pair = KeyPair::random_with_algorithm(Algorithm::Secp256k1);
     let public_key = key_pair.public_key().clone();
     let peer_id = PeerId::new(address, public_key);
     let register_peer = Register::peer(DataModelPeer::new(peer_id));

diff --git a/config/iroha_test_config.toml b/config/iroha_test_config.toml
@@ -1,6 +1,6 @@
 chain_id = "00000000-0000-0000-0000-000000000000"
-public_key = "ed01201C61FAF8FE94E253B93114240394F79A607B7FA55F9E5A41EBEC74B88055768B"
-private_key = { algorithm = "ed25519", payload = "282ED9F3CF92811C3818DBC4AE594ED59DC1A2F78E4241E31924E101D6B1FB831C61FAF8FE94E253B93114240394F79A607B7FA55F9E5A41EBEC74B88055768B" }
+public_key = "e70121039B861E76EBC90B3348142E3ED6C82DE4F6223A003E19159397D93008CEDB2CF3"
+private_key = { algorithm = "secp256k1", payload = "D9CAA39CD8DF8E20BDE9E21CB2A8DFF3DC3F152954E651D96F03E1EC94DFE581" }
 
 [network]
 address = "127.0.0.1:1337"
@@ -15,19 +15,19 @@ address = "127.0.0.1:8080"
 
 [[sumeragi.trusted_peers]]
 address = "127.0.0.1:1337"
-public_key = "ed01201C61FAF8FE94E253B93114240394F79A607B7FA55F9E5A41EBEC74B88055768B"
+public_key = "e7012102E7A461547D04FF0EA7E9A473D67B51A58C41E53F7D9583096052492ABDB430D4"
 
 [[sumeragi.trusted_peers]]
 address = "127.0.0.1:1338"
-public_key = "ed0120CC25624D62896D3A0BFD8940F928DC2ABF27CC57CEFEB442AA96D9081AAE58A1"
+public_key = "e7012103F8DE33E3B492CE14346BCD330A0044FE8C03BFCA03168B513722CCB00BE42734"
 
 [[sumeragi.trusted_peers]]
 address = "127.0.0.1:1339"
-public_key = "ed0120FACA9E8AA83225CB4D16D67F27DD4F93FC30FFA11ADC1F5C88FD5495ECC91020"
+public_key = "e701210390292D847084F39975E805DF70CEEBDF1FEC61C1547C77DC0B2A353C29DD3B97"
 
 [[sumeragi.trusted_peers]]
 address = "127.0.0.1:1340"
-public_key = "ed01208E351A70B6A603ED285D666B8D689B680865913BA03CE29FB7D13A166C4E7F1F"
+public_key = "e701210360E53577CDA472A8873ABFF96376E0A82A5123D718F91499D284A45D57A322EC"
 
 [logger]
 format = "pretty"

diff --git a/config/src/parameters/user.rs b/config/src/parameters/user.rs
@@ -142,6 +142,12 @@ impl Root {
         let key_pair =
             KeyPair::new(self.public_key, self.private_key)
                 .wrap_err("failed to construct a key pair from `iroha.public_key` and `iroha.private_key` configuration parameters")
+            .map(|key| {
+                if key.algorithm() != iroha_crypto::Algorithm::Secp256k1 {
+                    emitter.emit(eyre!("Peer key pair must use algorithm Secp256k1. Problematic public key = {}", key.public_key()));
+                }
+                key
+            })
             .map_or_else(|err| {
             emitter.emit(err);
             None
@@ -426,6 +432,11 @@ impl Sumeragi {
         } = self;
 
         let trusted_peers = construct_unique_vec(trusted_peers.unwrap_or(vec![]))?;
+        for peer in &trusted_peers {
+            if peer.public_key.algorithm() != iroha_crypto::Algorithm::Secp256k1 {
+                return Err(eyre!("Only Secp256k1 key pairs are allowed in the trusted peers. Problematic public key = {}", peer.public_key));
+            }
+        }
 
         Ok(actual::Sumeragi {
             trusted_peers,

diff --git a/config/tests/fixtures.rs b/config/tests/fixtures.rs
@@ -59,13 +59,24 @@ fn minimal_config_snapshot() -> Result<()> {
                 ),
                 key_pair: KeyPair {
                     public_key: PublicKey(
-                        ed25519(
-                            "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
+                        secp256k1(
+                            "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55",
                         ),
                     ),
                     private_key: "[REDACTED PrivateKey]",
                 },
-                p2p_address: 127.0.0.1:1337,
+                peer_id: PeerId {
+                    address: 127.0.0.1:1337,
+                    public_key: PublicKey(
+                        secp256k1(
+                            "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55",
+                        ),
+                    ),
+                },
+            },
+            network: Network {
+                address: 127.0.0.1:1337,
+                idle_timeout: 60s,
             },
             genesis: Partial {
                 public_key: PublicKey(
@@ -89,8 +100,16 @@ fn minimal_config_snapshot() -> Result<()> {
                         PeerId {
                             address: 127.0.0.1:1338,
                             public_key: PublicKey(
-                                ed25519(
-                                    "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
+                                secp256k1(
+                                    "e7012103756A6D80129A39E94D40E91826D96FE9DAE6F0EE153ADE3BE1246E019394F445",
+                                ),
+                            ),
+                        },
+                        PeerId {
+                            address: 127.0.0.1:1337,
+                            public_key: PublicKey(
+                                secp256k1(
+                                    "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55",
                                 ),
                             ),
                         },
@@ -301,8 +320,8 @@ fn full_envs_set_is_consumed() -> Result<()> {
             ),
             public_key: Some(
                 PublicKey(
-                    ed25519(
-                        "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB",
+                    secp256k1(
+                        "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55",
                     ),
                 ),
             ),
@@ -363,6 +382,7 @@ fn full_envs_set_is_consumed() -> Result<()> {
                 block_gossip_period: None,
                 transaction_gossip_max_size: None,
                 transaction_gossip_period: None,
+                idle_timeout: None,
             },
             logger: LoggerPartial {
                 level: Some(

diff --git a/config/tests/fixtures/base.toml b/config/tests/fixtures/base.toml
@@ -1,7 +1,7 @@
 chain_id = "0"
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
-private_key.algorithm = "ed25519"
-private_key.payload = "8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f8ba62848cf767d72e7f7f4b9d2d7ba07fee33760f79abe5597a51520e292a0cb"
+public_key = "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55"
+private_key.algorithm = "secp256k1"
+private_key.payload = "BB52C74DC56A2E9028F3BC5B42ECEC6CDDF19DBD3CD11F2A23A0477670944E52"
 
 [network]
 address = "127.0.0.1:1337"

diff --git a/config/tests/fixtures/base_trusted_peers.toml b/config/tests/fixtures/base_trusted_peers.toml
@@ -1,3 +1,3 @@
 [[sumeragi.trusted_peers]]
 address = "127.0.0.1:1338"
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
+public_key = "e7012103756A6D80129A39E94D40E91826D96FE9DAE6F0EE153ADE3BE1246E019394F445"
diff --git a/config/tests/fixtures/full.env b/config/tests/fixtures/full.env
@@ -1,7 +1,7 @@
 CHAIN_ID=0-0
-PUBLIC_KEY=ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB
-PRIVATE_KEY_ALGORITHM=ed25519
-PRIVATE_KEY_PAYLOAD=8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f8ba62848cf767d72e7f7f4b9d2d7ba07fee33760f79abe5597a51520e292a0cb
+PUBLIC_KEY=e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55
+PRIVATE_KEY_ALGORITHM=secp256k1
+PRIVATE_KEY_PAYLOAD=BB52C74DC56A2E9028F3BC5B42ECEC6CDDF19DBD3CD11F2A23A0477670944E52
 P2P_ADDRESS=127.0.0.1:5432
 GENESIS_PUBLIC_KEY=ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB
 GENESIS_PRIVATE_KEY_ALGORITHM=ed25519

diff --git a/config/tests/fixtures/full.toml b/config/tests/fixtures/full.toml
@@ -1,8 +1,8 @@
 # This config has ALL fields specified (except `extends`)
 
 chain_id = "0"
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
-private_key = { algorithm = "ed25519", payload = "8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f8ba62848cf767d72e7f7f4b9d2d7ba07fee33760f79abe5597a51520e292a0cb" }
+public_key = "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55"
+private_key = { algorithm = "secp256k1", payload = "BB52C74DC56A2E9028F3BC5B42ECEC6CDDF19DBD3CD11F2A23A0477670944E52" }
 
 [genesis]
 file = "genesis.json"
@@ -30,7 +30,7 @@ output_new_blocks = true
 
 [[sumeragi.trusted_peers]]
 address = "localhost:8081"
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
+public_key = "e7012103DD678497624AF3F3A3F59F4F0AD3861751E7F3B16CA402E864A1499DD6358C55"
 
 [sumeragi.debug]
 force_soft_fork = true

diff --git a/config/tests/fixtures/minimal_file_and_env.toml b/config/tests/fixtures/minimal_file_and_env.toml
@@ -1,14 +1,14 @@
 extends = "base_trusted_peers.toml"
 
 chain_id = "0"
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
-private_key.algorithm = "ed25519"
-private_key.payload = "8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f8ba62848cf767d72e7f7f4b9d2d7ba07fee33760f79abe5597a51520e292a0cb"
+public_key = "e7012103756A6D80129A39E94D40E91826D96FE9DAE6F0EE153ADE3BE1246E019394F445"
+private_key.algorithm = "secp256k1"
+private_key.payload = "1D39F2378F01F87F32AA830B7ABC4262EFEB44C67D7EA7BE277F1EA97C470CAE"
 
 [network]
 address = "127.0.0.1:1337"
 
 [genesis]
-public_key = "ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"
+public_key = "e7012103756A6D80129A39E94D40E91826D96FE9DAE6F0EE153ADE3BE1246E019394F445"
 
 # `torii.address` should be in ENV
diff --git a/configs/swarm/docker-compose.local.yml b/configs/swarm/docker-compose.local.yml
@@ -8,16 +8,16 @@ services:
     platform: linux/amd64
     environment:
       CHAIN_ID: 00000000-0000-0000-0000-000000000000
-      PUBLIC_KEY: ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB
-      PRIVATE_KEY_ALGORITHM: ed25519
-      PRIVATE_KEY_PAYLOAD: 8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f8ba62848cf767d72e7f7f4b9d2d7ba07fee33760f79abe5597a51520e292a0cb
+      PUBLIC_KEY: e7012102ACB0C88B96BCCD979A31E26967BEC6A2926512B29A753611F6F3CD1350B998F2
+      PRIVATE_KEY_ALGORITHM: secp256k1
+      PRIVATE_KEY_PAYLOAD: 8f4c15e5d664da3f13778801d23d4e89b76e94c1b94b389544168b6cb894f84f
       P2P_ADDRESS: 0.0.0.0:1337
       API_ADDRESS: 0.0.0.0:8080
       GENESIS_PUBLIC_KEY: ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4
       GENESIS_PRIVATE_KEY_ALGORITHM: ed25519
       GENESIS_PRIVATE_KEY_PAYLOAD: 82b3bde54aebeca4146257da0de8d59d8e46d5fe34887dcd8072866792fcb3ad4164bf554923ece1fd412d241036d863a6ae430476c898248b8237d77534cfc4
       GENESIS_FILE: /config/genesis.json
-      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha1:1338","public_key":"ed0120815BBDC9775D28C3633269B25F22D048E2AA2E36017CBE5AD85F15220BEB6F6F"},{"address":"iroha3:1340","public_key":"ed0120A66522370D60B9C09E79ADE2E9BB1EF2E78733A944B999B3A6AEE687CE476D61"},{"address":"iroha2:1339","public_key":"ed0120F417E0371E6ADB32FD66749477402B1AB67F84A8E9B082E997980CC91F327736"}]'
+      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha2:1339","public_key":"e70121034C80148A515A2BD68C8A7F9501287783565B419331335A45A516C4A681C62DCE"},{"address":"iroha1:1338","public_key":"e70121036813D9B08E4BBC6B29F9106BE53F19702C1E769E3C989C2372A93523622C1EAB"},{"address":"iroha3:1340","public_key":"e701210378BF47D91E4975AF19CFA00278FE1323B9F653DFCFD4DE57B594EA1DB5885B7A"}]'
     ports:
     - 1337:1337
     - 8080:8080
@@ -36,13 +36,13 @@ services:
     platform: linux/amd64
     environment:
       CHAIN_ID: 00000000-0000-0000-0000-000000000000
-      PUBLIC_KEY: ed0120815BBDC9775D28C3633269B25F22D048E2AA2E36017CBE5AD85F15220BEB6F6F
-      PRIVATE_KEY_ALGORITHM: ed25519
-      PRIVATE_KEY_PAYLOAD: c02ffad5e455e7ec620d74de5769681e4d8385906bce5a437eb67452a9efbbc2815bbdc9775d28c3633269b25f22d048e2aa2e36017cbe5ad85f15220beb6f6f
+      PUBLIC_KEY: e70121036813D9B08E4BBC6B29F9106BE53F19702C1E769E3C989C2372A93523622C1EAB
+      PRIVATE_KEY_ALGORITHM: secp256k1
+      PRIVATE_KEY_PAYLOAD: c02ffad5e455e7ec620d74de5769681e4d8385906bce5a437eb67452a9efbbc2
       P2P_ADDRESS: 0.0.0.0:1338
       API_ADDRESS: 0.0.0.0:8081
       GENESIS_PUBLIC_KEY: ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4
-      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha0:1337","public_key":"ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"},{"address":"iroha3:1340","public_key":"ed0120A66522370D60B9C09E79ADE2E9BB1EF2E78733A944B999B3A6AEE687CE476D61"},{"address":"iroha2:1339","public_key":"ed0120F417E0371E6ADB32FD66749477402B1AB67F84A8E9B082E997980CC91F327736"}]'
+      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha0:1337","public_key":"e7012102ACB0C88B96BCCD979A31E26967BEC6A2926512B29A753611F6F3CD1350B998F2"},{"address":"iroha2:1339","public_key":"e70121034C80148A515A2BD68C8A7F9501287783565B419331335A45A516C4A681C62DCE"},{"address":"iroha3:1340","public_key":"e701210378BF47D91E4975AF19CFA00278FE1323B9F653DFCFD4DE57B594EA1DB5885B7A"}]'
     ports:
     - 1338:1338
     - 8081:8081
@@ -60,13 +60,13 @@ services:
     platform: linux/amd64
     environment:
       CHAIN_ID: 00000000-0000-0000-0000-000000000000
-      PUBLIC_KEY: ed0120F417E0371E6ADB32FD66749477402B1AB67F84A8E9B082E997980CC91F327736
-      PRIVATE_KEY_ALGORITHM: ed25519
-      PRIVATE_KEY_PAYLOAD: 29c5ed1409cb10fd791bc4ff8a6cb5e22a5fae7e36f448ef3ea2988b1319a88bf417e0371e6adb32fd66749477402b1ab67f84a8e9b082e997980cc91f327736
+      PUBLIC_KEY: e70121034C80148A515A2BD68C8A7F9501287783565B419331335A45A516C4A681C62DCE
+      PRIVATE_KEY_ALGORITHM: secp256k1
+      PRIVATE_KEY_PAYLOAD: 29c5ed1409cb10fd791bc4ff8a6cb5e22a5fae7e36f448ef3ea2988b1319a88b
       P2P_ADDRESS: 0.0.0.0:1339
       API_ADDRESS: 0.0.0.0:8082
       GENESIS_PUBLIC_KEY: ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4
-      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha1:1338","public_key":"ed0120815BBDC9775D28C3633269B25F22D048E2AA2E36017CBE5AD85F15220BEB6F6F"},{"address":"iroha0:1337","public_key":"ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"},{"address":"iroha3:1340","public_key":"ed0120A66522370D60B9C09E79ADE2E9BB1EF2E78733A944B999B3A6AEE687CE476D61"}]'
+      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha0:1337","public_key":"e7012102ACB0C88B96BCCD979A31E26967BEC6A2926512B29A753611F6F3CD1350B998F2"},{"address":"iroha1:1338","public_key":"e70121036813D9B08E4BBC6B29F9106BE53F19702C1E769E3C989C2372A93523622C1EAB"},{"address":"iroha3:1340","public_key":"e701210378BF47D91E4975AF19CFA00278FE1323B9F653DFCFD4DE57B594EA1DB5885B7A"}]'
     ports:
     - 1339:1339
     - 8082:8082
@@ -84,13 +84,13 @@ services:
     platform: linux/amd64
     environment:
       CHAIN_ID: 00000000-0000-0000-0000-000000000000
-      PUBLIC_KEY: ed0120A66522370D60B9C09E79ADE2E9BB1EF2E78733A944B999B3A6AEE687CE476D61
-      PRIVATE_KEY_ALGORITHM: ed25519
-      PRIVATE_KEY_PAYLOAD: 5eed4855fad183c451aac39dfc50831607e4cf408c98e2b977f3ce4a2df42ce2a66522370d60b9c09e79ade2e9bb1ef2e78733a944b999b3a6aee687ce476d61
+      PUBLIC_KEY: e701210378BF47D91E4975AF19CFA00278FE1323B9F653DFCFD4DE57B594EA1DB5885B7A
+      PRIVATE_KEY_ALGORITHM: secp256k1
+      PRIVATE_KEY_PAYLOAD: 5eed4855fad183c451aac39dfc50831607e4cf408c98e2b977f3ce4a2df42ce2
       P2P_ADDRESS: 0.0.0.0:1340
       API_ADDRESS: 0.0.0.0:8083
       GENESIS_PUBLIC_KEY: ed01204164BF554923ECE1FD412D241036D863A6AE430476C898248B8237D77534CFC4
-      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha1:1338","public_key":"ed0120815BBDC9775D28C3633269B25F22D048E2AA2E36017CBE5AD85F15220BEB6F6F"},{"address":"iroha0:1337","public_key":"ed01208BA62848CF767D72E7F7F4B9D2D7BA07FEE33760F79ABE5597A51520E292A0CB"},{"address":"iroha2:1339","public_key":"ed0120F417E0371E6ADB32FD66749477402B1AB67F84A8E9B082E997980CC91F327736"}]'
+      SUMERAGI_TRUSTED_PEERS: '[{"address":"iroha0:1337","public_key":"e7012102ACB0C88B96BCCD979A31E26967BEC6A2926512B29A753611F6F3CD1350B998F2"},{"address":"iroha2:1339","public_key":"e70121034C80148A515A2BD68C8A7F9501287783565B419331335A45A516C4A681C62DCE"},{"address":"iroha1:1338","public_key":"e70121036813D9B08E4BBC6B29F9106BE53F19702C1E769E3C989C2372A93523622C1EAB"}]'
     ports:
     - 1340:1340
     - 8083:8083