diff --git a/.github/workflows/test-deploy-network.yml b/.github/workflows/test-deploy-network.yml index 04996133bb9..819da5744f9 100644 --- a/.github/workflows/test-deploy-network.yml +++ b/.github/workflows/test-deploy-network.yml @@ -89,7 +89,7 @@ jobs: { "1" = { type = "unverified-cardano-passive-norelay", - pool_id = "pool1y0uxkqyplyx6ld25e976t0s35va3ysqcscatwvy2sd2cwcareq7", + pool_id = "pool13zafxlpfgymf474uv52qt557z5k5frn9p83yr55zp267wj5mpu4", }, } mithril_leader_aggregator_endpoint: https://aggregator.dev-preview.api.mithril.network/aggregator diff --git a/internal/mithril-dmq/src/model/network.rs b/internal/mithril-dmq/src/model/network.rs index 5924037a1cc..d72ab2b55dd 100644 --- a/internal/mithril-dmq/src/model/network.rs +++ b/internal/mithril-dmq/src/model/network.rs @@ -27,9 +27,9 @@ impl DmqNetwork { /// Preprod magic ID pub const PREPROD_MAGIC_ID: MagicId = 1; // TODO: Update magic ids for networks /// Preview magic ID - pub const PREVIEW_MAGIC_ID: MagicId = 2; // TODO: Update magic ids for networks + pub const PREVIEW_MAGIC_ID: MagicId = 3141592; // TODO: Update magic ids for networks /// Devnet magic ID - pub(crate) const DEVNET_MAGIC_ID: MagicId = 3141592; // TODO: Update magic ids for networks + pub(crate) const DEVNET_MAGIC_ID: MagicId = 0; // TODO: Update magic ids for networks /// Instantiates a DmqNetwork from its code and magic id pub fn from_code( diff --git a/mithril-aggregator/src/services/signature_processor.rs b/mithril-aggregator/src/services/signature_processor.rs index 100ec9e2551..ee97718932a 100644 --- a/mithril-aggregator/src/services/signature_processor.rs +++ b/mithril-aggregator/src/services/signature_processor.rs @@ -1,4 +1,4 @@ -use std::sync::Arc; +use std::{sync::Arc, time::Duration}; use slog::{Logger, error, trace, warn}; @@ -34,6 +34,8 @@ pub struct SequentialSignatureProcessor { } impl SequentialSignatureProcessor { + const ERROR_DELAY_IN_SECONDS: Duration = Duration::from_secs(1); + /// Creates a new `SignatureProcessor` instance. pub fn new( consumer: Arc, @@ -111,7 +113,13 @@ impl SignatureProcessor for SequentialSignatureProcessor { return Ok(()); } - _ = self.process_signatures() => {} + res = self.process_signatures() => { + if let Err(e) = res { + error!(self.logger, "Error processing signatures"; "error" => ?e); + error!(self.logger, "Sleep for {} seconds", Self::ERROR_DELAY_IN_SECONDS.as_secs()); + tokio::time::sleep(Self::ERROR_DELAY_IN_SECONDS).await; + } + } } } } diff --git a/mithril-common/Cargo.toml b/mithril-common/Cargo.toml index d094ba4656c..12017de4773 100644 --- a/mithril-common/Cargo.toml +++ b/mithril-common/Cargo.toml @@ -19,7 +19,7 @@ rustdoc-args = ["--cfg", "docsrs"] ignored = ["serde_bytes"] [features] -default = ["rug-backend"] +default = ["rug-backend", "allow_skip_signer_certification"] # Enables `rug-backend` features for `mithril-stm` dependency rug-backend = ["mithril-stm/rug-backend"] diff --git a/mithril-common/src/crypto_helper/cardano/kes/error.rs b/mithril-common/src/crypto_helper/cardano/kes/error.rs index 6dd3be3984f..0fc0244391d 100644 --- a/mithril-common/src/crypto_helper/cardano/kes/error.rs +++ b/mithril-common/src/crypto_helper/cardano/kes/error.rs @@ -18,7 +18,7 @@ pub enum KesVerifyError { #[derive(Error, Debug)] pub enum KesSignError { /// Error raised when a KES update error occurs - #[error("KES key cannot be updated for period {0}")] + #[error("KES key cannot be updated for evolution {0}")] UpdateKey(KesPeriod), /// Period of key file does not match with period provided by user diff --git a/mithril-common/src/crypto_helper/cardano/kes/interface.rs b/mithril-common/src/crypto_helper/cardano/kes/interface.rs index d71e02e155b..6036129291d 100644 --- a/mithril-common/src/crypto_helper/cardano/kes/interface.rs +++ b/mithril-common/src/crypto_helper/cardano/kes/interface.rs @@ -11,7 +11,13 @@ use crate::{ #[cfg_attr(test, mockall::automock)] pub trait KesSigner: Send + Sync { /// Return signed bytes with the KES secret key and the associated Operational Certificate - fn sign(&self, message: &[u8], kes_period: KesPeriod) -> StdResult<(Sum6KesSig, OpCert)>; + /// + /// current_kes_period: The KES period used to sign the message (absolute period computed from the chain at the moment of signature) + fn sign( + &self, + message: &[u8], + current_kes_period: KesPeriod, + ) -> StdResult<(Sum6KesSig, OpCert)>; } /// Trait for KES (Key Evolving Signature) verification operation. diff --git a/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs b/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs index dab36bb1e59..aff0958bc16 100644 --- a/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs +++ b/mithril-common/src/crypto_helper/cardano/kes/signer_with_key.rs @@ -31,27 +31,32 @@ impl KesSignerStandard { } impl KesSigner for KesSignerStandard { - fn sign(&self, message: &[u8], kes_period: KesPeriod) -> StdResult<(Sum6KesSig, OpCert)> { + fn sign( + &self, + message: &[u8], + current_kes_period: KesPeriod, + ) -> StdResult<(Sum6KesSig, OpCert)> { let mut kes_sk_bytes = Sum6KesBytes::from_file(&self.kes_sk_path) .with_context(|| "StandardKesSigner can not read KES secret key from file")?; let mut kes_sk = Sum6Kes::try_from(&mut kes_sk_bytes) .with_context(|| "StandardKesSigner can not use KES secret key")?; + let operational_certificate = OpCert::from_file(&self.operational_certificate_path) + .with_context(|| "StandardKesSigner can not read operational certificate from file")?; + let kes_period_start = operational_certificate.get_start_kes_period() as u32; let kes_sk_period = kes_sk.get_period(); - if kes_sk_period > kes_period { + let kes_evolutions = current_kes_period.saturating_sub(kes_period_start); + if kes_sk_period > kes_evolutions { return Err(anyhow!(KesSignError::PeriodMismatch( kes_sk_period, - kes_period + kes_evolutions ))); } // We need to perform the evolutions - for period in kes_sk_period..kes_period { - kes_sk.update().map_err(|_| KesSignError::UpdateKey(period))?; + for evolution in kes_sk_period..kes_evolutions { + kes_sk.update().map_err(|_| KesSignError::UpdateKey(evolution))?; } - let operational_certificate = OpCert::from_file(&self.operational_certificate_path) - .with_context(|| "StandardKesSigner can not read operational certificate from file")?; - Ok((kes_sk.sign(message), operational_certificate)) } } @@ -119,7 +124,8 @@ mod tests { } #[test] - fn create_invalid_signature_for_invalid_kes_period() { + fn create_invalid_signature_for_invalid_kes_evolution() { + const MAX_KES_EVOLUTIONS: KesPeriod = 63; let kes_period_start = 5 as KesPeriod; let KesCryptographicMaterialForTest { party_id: _, @@ -132,11 +138,7 @@ mod tests { ); let message = b"Test message for KES signing"; let kes_signer = KesSignerStandard::new(kes_secret_key_file, operational_certificate_file); - let kes_signing_period = 2; - assert!( - kes_signing_period < kes_period_start, - "KES signing period should be less than the KES period of the key" - ); + let kes_signing_period = kes_period_start + MAX_KES_EVOLUTIONS + 1; kes_signer .sign(message, kes_signing_period) diff --git a/mithril-common/src/crypto_helper/cardano/key_certification.rs b/mithril-common/src/crypto_helper/cardano/key_certification.rs index cdaebfec1e2..e585cd298c1 100644 --- a/mithril-common/src/crypto_helper/cardano/key_certification.rs +++ b/mithril-common/src/crypto_helper/cardano/key_certification.rs @@ -88,7 +88,7 @@ pub enum ProtocolInitializerErrorWrapper { ProtocolInitializer(#[source] StdError), /// Error raised when a KES update error occurs - #[error("KES key cannot be updated for period {0}")] + #[error("KES key cannot be updated for evolution {0}")] KesUpdate(KesPeriod), /// Period of key file does not match with period provided by user diff --git a/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs b/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs index 1e46905d8dc..3b15c98710a 100644 --- a/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs +++ b/mithril-common/src/test/crypto_helper/cardano/kes/setup.rs @@ -21,7 +21,7 @@ pub(crate) struct KesCryptographicMaterialForTest { /// Create KES cryptographic material for testing purposes. pub fn create_kes_cryptographic_material( party_idx: KesPartyIndexForTest, - kes_period: KesPeriod, + start_kes_period: KesPeriod, test_directory: &str, ) -> KesCryptographicMaterialForTest { let temp_dir = std::env::temp_dir() @@ -31,16 +31,12 @@ pub fn create_kes_cryptographic_material( let keypair = ColdKeyGenerator::create_deterministic_keypair([party_idx as u8; 32]); let mut dummy_buffer = [0u8; Sum6Kes::SIZE + 4]; let mut dummy_seed = [party_idx as u8; 32]; - let (mut kes_secret_key, kes_verification_key) = + let (kes_secret_key, kes_verification_key) = Sum6Kes::keygen(&mut dummy_buffer, &mut dummy_seed); - for _ in 0..kes_period { - kes_secret_key - .update() - .expect("KES secret key update should not fail"); - } let mut kes_bytes = Sum6KesBytes([0u8; Sum6Kes::SIZE + 4]); kes_bytes.0.copy_from_slice(&kes_secret_key.clone_sk()); - let operational_certificate = OpCert::new(kes_verification_key, 0, 0, keypair); + let operational_certificate = + OpCert::new(kes_verification_key, 0, start_kes_period as u64, keypair); let kes_secret_key_file = temp_dir.join(format!("kes{party_idx}.skey")); kes_bytes .to_file(&kes_secret_key_file) diff --git a/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs b/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs index 87b5cac4fcc..aeca6e14ca0 100644 --- a/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs +++ b/mithril-common/src/test/crypto_helper/cardano/kes/signer_fake.rs @@ -63,7 +63,7 @@ impl KesSignerFake { } impl KesSigner for KesSignerFake { - fn sign(&self, message: &[u8], _kes_period: KesPeriod) -> KesSignatureResult { + fn sign(&self, message: &[u8], _current_kes_period: KesPeriod) -> KesSignatureResult { let mut messages = self.signed_messages.lock().unwrap(); messages.push_back(message.to_vec()); diff --git a/mithril-signer/src/runtime/runner.rs b/mithril-signer/src/runtime/runner.rs index 234b0d4fca9..021a3e168d6 100644 --- a/mithril-signer/src/runtime/runner.rs +++ b/mithril-signer/src/runtime/runner.rs @@ -5,7 +5,7 @@ use thiserror::Error; use tokio::sync::RwLockReadGuard; use mithril_common::StdResult; -use mithril_common::crypto_helper::{KesPeriod, OpCert, ProtocolOpCert, SerDeShelleyFileFormat}; +use mithril_common::crypto_helper::{OpCert, ProtocolOpCert, SerDeShelleyFileFormat}; use mithril_common::entities::{ Epoch, PartyId, ProtocolMessage, SignedEntityType, Signer, TimePoint, }; @@ -184,7 +184,7 @@ impl Runner for SignerRunner { let stake = stake_distribution .get(&self.services.single_signer.get_party_id()) .ok_or_else(RunnerError::NoStakeForSelf)?; - let (operational_certificate, protocol_operational_certificate) = match &self + let (_operational_certificate, protocol_operational_certificate) = match &self .config .operational_certificate_path { @@ -198,18 +198,7 @@ impl Runner for SignerRunner { } _ => (None, None), }; - - let kes_period = match operational_certificate { - Some(operational_certificate) => Some( - self.services - .chain_observer - .get_current_kes_period() - .await? - .unwrap_or_default() - - operational_certificate.get_start_kes_period() as KesPeriod, - ), - None => None, - }; + let kes_period = self.services.chain_observer.get_current_kes_period().await?; let protocol_initializer = self .services