[feature] #4225: Remove genesis signing

cli/Cargo.toml

@@ -61,6 +61,7 @@ tokio = { workspace = true, features = ["macros", "signal"] }
 once_cell = { workspace = true }
 owo-colors = { workspace = true, features = ["supports-colors"] }
 supports-color = { workspace = true }
+serde_json = { workspace = true }
 
 thread-local-panic-hook = { version = "0.1.0", optional = true }
 

cli/src/lib.rs

@@ -521,14 +521,18 @@ pub fn read_config_and_genesis(
     )
     .wrap_err("failed to load configuration")?;
 
-    let genesis = if let Genesis::Full { key_pair, file } = &config.genesis {
-        let raw_block = RawGenesisBlock::from_path(file)?;
-
-        Some(GenesisNetwork::new(
-            raw_block,
-            &config.common.chain_id,
-            key_pair,
-        ))
+    let genesis = if let Genesis::Full {
+        public_key: _,
+        file,
+        signature: signature_config,
+    } = &config.genesis
+    {
+        let raw_genesis = RawGenesisBlock::from_path(file)?;
+
+        Some(GenesisNetwork::try_parse(
+            raw_genesis,
+            signature_config.clone().into_genesis_signature(),
+        )?)
     } else {
         None
     };
@@ -637,7 +641,9 @@ mod tests {
         use std::path::PathBuf;
 
         use assertables::{assert_contains, assert_contains_as_result};
-        use iroha_config::parameters::user::RootPartial as PartialUserConfig;
+        use iroha_config::parameters::{
+            actual::GenesisSignatureConfig, user::RootPartial as PartialUserConfig,
+        };
         use iroha_crypto::KeyPair;
         use iroha_primitives::addr::socket_addr;
         use path_absolutize::Absolutize as _;
@@ -654,8 +660,7 @@ mod tests {
             base.private_key.set(privkey.clone());
             base.network.address.set(socket_addr!(127.0.0.1:1337));
 
-            base.genesis.public_key.set(pubkey);
-            base.genesis.private_key.set(privkey);
+            base.genesis.public_key.set(pubkey.clone());
 
             base.torii.address.set(socket_addr!(127.0.0.1:8080));
 
@@ -680,28 +685,47 @@ mod tests {
         fn relative_file_paths_resolution() -> Result<()> {
             // Given
 
+            let dir = tempfile::tempdir()?;
+
             let genesis = RawGenesisBlockBuilder::default()
-                .executor_file(PathBuf::from("./executor.wasm"))
+                .executor_file(PathBuf::from(
+                    dir.path().join("config/genesis/executor.wasm"),
+                ))
                 .build();
 
+            let genesis_path = dir.path().join("config/genesis/gen.json");
+            let executor_path = dir.path().join("config/genesis/executor.wasm");
+            let config_path = dir.path().join("config/config.toml");
+            std::fs::create_dir(dir.path().join("config"))?;
+            std::fs::create_dir(dir.path().join("config/genesis"))?;
+            std::fs::write(genesis_path, json5::to_string(&genesis)?)?;
+            std::fs::write(executor_path, "")?;
+
             let config = {
                 let mut cfg = config_factory();
                 cfg.genesis.file.set("./genesis/gen.json".into());
+
+                let keypair = KeyPair::new(
+                    cfg.public_key.clone().get().unwrap(),
+                    cfg.private_key.clone().get().unwrap(),
+                )?;
+                let genesis_block = RawGenesisBlock::try_from(genesis.clone())?;
+                let genesis_signature = GenesisNetwork::new_genesis_signature(
+                    genesis_block,
+                    &cfg.chain_id.clone().get().unwrap(),
+                    &keypair,
+                );
+                cfg.genesis
+                    .signature
+                    .set(GenesisSignatureConfig::new(genesis_signature));
+
                 cfg.kura.store_dir.set("../storage".into());
                 cfg.snapshot.store_dir.set("../snapshots".into());
                 cfg.dev_telemetry.out_file.set("../logs/telemetry".into());
                 config_to_toml_value(cfg)?
             };
 
-            let dir = tempfile::tempdir()?;
-            let genesis_path = dir.path().join("config/genesis/gen.json");
-            let executor_path = dir.path().join("config/genesis/executor.wasm");
-            let config_path = dir.path().join("config/config.toml");
-            std::fs::create_dir(dir.path().join("config"))?;
-            std::fs::create_dir(dir.path().join("config/genesis"))?;
             std::fs::write(config_path, toml::to_string(&config)?)?;
-            std::fs::write(genesis_path, json5::to_string(&genesis)?)?;
-            std::fs::write(executor_path, "")?;
 
             let config_path = dir.path().join("config/config.toml");
 

cli/src/samples.rs

@@ -4,13 +4,14 @@ use std::{collections::HashSet, path::Path, str::FromStr, time::Duration};
 use iroha_config::{
     base::{HumanDuration, UnwrapPartial},
     parameters::{
-        actual::Root as Config,
+        actual::{GenesisSignatureConfig, Root as Config},
         user::{CliContext, RootPartial as UserConfig},
     },
     snapshot::Mode as SnapshotMode,
 };
 use iroha_crypto::{KeyPair, PublicKey};
 use iroha_data_model::{peer::PeerId, prelude::*, ChainId};
+use iroha_genesis::GenesisSignature;
 use iroha_primitives::{
     addr::{socket_addr, SocketAddr},
     unique_vec::UniqueVec,
@@ -63,6 +64,7 @@ pub fn get_user_config(
     peers: &UniqueVec<PeerId>,
     chain_id: Option<ChainId>,
     key_pair: Option<KeyPair>,
+    genesis_signature: &GenesisSignature,
 ) -> UserConfig {
     let chain_id = chain_id.unwrap_or_else(|| ChainId::from("0"));
 
@@ -89,9 +91,12 @@ pub fn get_user_config(
         .network
         .block_gossip_period
         .set(HumanDuration(Duration::from_millis(500)));
-    config.genesis.private_key.set(private_key);
     config.genesis.public_key.set(public_key);
     config.genesis.file.set("./genesis.json".into());
+    config
+        .genesis
+        .signature
+        .set(GenesisSignatureConfig::new(genesis_signature.clone()));
     // There is no need in persistency in tests
     // If required to should be set explicitly not to overlap with other existing tests
     config.snapshot.mode.set(SnapshotMode::Disabled);
@@ -110,8 +115,9 @@ pub fn get_config(
     trusted_peers: &UniqueVec<PeerId>,
     chain_id: Option<ChainId>,
     key_pair: Option<KeyPair>,
+    genesis_signature: &GenesisSignature,
 ) -> Config {
-    get_user_config(trusted_peers, chain_id, key_pair)
+    get_user_config(trusted_peers, chain_id, key_pair, genesis_signature)
         .unwrap_partial()
         .expect("config should build as all required fields were provided")
         .parse(CliContext {

client/benches/torii.rs

@@ -12,7 +12,9 @@ use iroha_client::{
 use iroha_genesis::{GenesisNetwork, RawGenesisBlockBuilder};
 use iroha_primitives::unique_vec;
 use iroha_version::Encode;
-use test_network::{get_chain_id, get_key_pair, Peer as TestPeer, PeerBuilder, TestRuntime};
+use test_network::{
+    get_chain_id, get_genesis_signature, get_key_pair, Peer as TestPeer, PeerBuilder, TestRuntime,
+};
 use tokio::runtime::Runtime;
 
 const MINIMUM_SUCCESS_REQUEST_RATIO: f32 = 0.9;
@@ -25,6 +27,7 @@ fn query_requests(criterion: &mut Criterion) {
         &unique_vec![peer.id.clone()],
         Some(chain_id.clone()),
         Some(get_key_pair()),
+        &get_genesis_signature(),
     );
 
     let rt = Runtime::test();
@@ -41,10 +44,7 @@ fn query_requests(criterion: &mut Criterion) {
             )
             .build(),
         &chain_id,
-        configuration
-            .genesis
-            .key_pair()
-            .expect("genesis config should be full, probably a bug"),
+        &get_key_pair(),
     );
 
     let builder = PeerBuilder::new()
@@ -133,6 +133,7 @@ fn instruction_submits(criterion: &mut Criterion) {
         &unique_vec![peer.id.clone()],
         Some(chain_id.clone()),
         Some(get_key_pair()),
+        &get_genesis_signature(),
     );
     let genesis = GenesisNetwork::new(
         RawGenesisBlockBuilder::default()
@@ -147,10 +148,7 @@ fn instruction_submits(criterion: &mut Criterion) {
             )
             .build(),
         &chain_id,
-        configuration
-            .genesis
-            .key_pair()
-            .expect("config should be full; probably a bug"),
+        &get_key_pair(),
     );
     let builder = PeerBuilder::new()
         .with_config(configuration)

client/examples/million_accounts_genesis.rs

@@ -8,12 +8,12 @@ use iroha_data_model::isi::InstructionBox;
 use iroha_genesis::{GenesisNetwork, RawGenesisBlock, RawGenesisBlockBuilder};
 use iroha_primitives::unique_vec;
 use test_network::{
-    get_chain_id, get_key_pair, wait_for_genesis_committed, Peer as TestPeer, PeerBuilder,
-    TestRuntime,
+    get_chain_id, get_genesis_signature, get_key_pair, wait_for_genesis_committed,
+    Peer as TestPeer, PeerBuilder, TestRuntime,
 };
 use tokio::runtime::Runtime;
 
-fn generate_genesis(num_domains: u32) -> RawGenesisBlock {
+fn generate_genesis(num_domains: u32) -> (RawGenesisBlock, KeyPair) {
     let mut builder = RawGenesisBlockBuilder::default();
 
     let key_pair = get_key_pair();
@@ -31,11 +31,14 @@ fn generate_genesis(num_domains: u32) -> RawGenesisBlock {
             .finish_domain();
     }
 
-    builder
-        .executor_blob(
-            construct_executor("../default_executor").expect("Failed to construct executor"),
-        )
-        .build()
+    (
+        builder
+            .executor_blob(
+                construct_executor("../default_executor").expect("Failed to construct executor"),
+            )
+            .build(),
+        key_pair,
+    )
 }
 
 fn main_genesis() {
@@ -46,16 +49,11 @@ fn main_genesis() {
         &unique_vec![peer.id.clone()],
         Some(chain_id.clone()),
         Some(get_key_pair()),
+        &get_genesis_signature(),
     );
     let rt = Runtime::test();
-    let genesis = GenesisNetwork::new(
-        generate_genesis(1_000_000_u32),
-        &chain_id,
-        configuration
-            .genesis
-            .key_pair()
-            .expect("should be available in the config; probably a bug"),
-    );
+    let (genesis, key_pair) = generate_genesis(1_000_000_u32);
+    let genesis = GenesisNetwork::new(genesis, &chain_id, &key_pair);
 
     let builder = PeerBuilder::new()
         .with_into_genesis(genesis)

config/iroha_test_config.toml

@@ -8,7 +8,7 @@ address = "127.0.0.1:1337"
 [genesis]
 public_key = "ed01204CFFD0EE429B1BDD36B3910EC570852B8BB63F18750341772FB46BC856C5CAAF"
 file = "./genesis.json"
-private_key = { algorithm = "ed25519", payload = "D748E18CE60CB30DEA3E73C9019B7AF45A8D465E3D71BCC9A5EF99A008205E534CFFD0EE429B1BDD36B3910EC570852B8BB63F18750341772FB46BC856C5CAAF" }
+signature = "04306dab1d6600000000404890140400804cffd0ee429b1bdd36b3910ec570852b8bb63f18750341772fb46bc856c5caaf010167b7a7476889cccf49ed2adc1ceb8d5e09d9bed237a71e5bd18fcd90c5de2a45c17db202d2be0e9d961a41e9a7d6590f14247c184ac41dd1cc0413051ca13d06"
 
 [torii]
 address = "127.0.0.1:8080"

config/src/parameters/actual.rs

@@ -4,6 +4,7 @@
 use std::{
     num::NonZeroU32,
     path::{Path, PathBuf},
+    str::FromStr,
     time::Duration,
 };
 
@@ -90,6 +91,31 @@ pub struct Network {
     pub idle_timeout: Duration,
 }
 
+/// Wrapper around `iroha_genesis::GenesisSignature` for type-checking
+#[derive(Debug, Clone, PartialEq, Eq, Deserialize, Serialize)]
+pub struct GenesisSignatureConfig(iroha_genesis::GenesisSignature);
+
+impl GenesisSignatureConfig {
+    /// Constructs `GenesisSignatureConfig` from `GenesisSignature`
+    pub fn new(genesis_signature: iroha_genesis::GenesisSignature) -> Self {
+        Self(genesis_signature)
+    }
+    /// Converts `GenesisSignatureConfig` into `iroha_genesis::GenesisSignature`
+    pub fn into_genesis_signature(self) -> iroha_genesis::GenesisSignature {
+        self.0
+    }
+}
+
+impl FromStr for GenesisSignatureConfig {
+    type Err = iroha_genesis::GenesisSignatureParseError;
+
+    fn from_str(s: &str) -> Result<Self, Self::Err> {
+        Ok(GenesisSignatureConfig(
+            iroha_genesis::GenesisSignature::from_hex_string(&s.as_bytes())?,
+        ))
+    }
+}
+
 /// Parsed genesis configuration
 #[derive(Debug, Clone)]
 pub enum Genesis {
@@ -100,27 +126,20 @@ pub enum Genesis {
     },
     /// The peer is responsible for submitting the genesis block
     Full {
-        /// Genesis account key pair
-        key_pair: KeyPair,
-        /// Path to the [`RawGenesisBlock`]
+        /// Genesis account public key
+        public_key: PublicKey,
+        /// Path to the genesis file
         file: PathBuf,
+        /// Genesis signature config with the data to reconstruct signed genesis block
+        signature: GenesisSignatureConfig,
     },
 }
 
 impl Genesis {
     /// Access the public key, which is always present in the genesis config
     pub fn public_key(&self) -> &PublicKey {
         match self {
-            Self::Partial { public_key } => public_key,
-            Self::Full { key_pair, .. } => key_pair.public_key(),
-        }
-    }
-
-    /// Access the key pair, if present
-    pub fn key_pair(&self) -> Option<&KeyPair> {
-        match self {
-            Self::Partial { .. } => None,
-            Self::Full { key_pair, .. } => Some(key_pair),
+            Self::Full { public_key, .. } | Self::Partial { public_key } => public_key,
         }
     }
 }