1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
use crate::{Error, Hash, Result};
use serde::{Deserialize, Serialize};
use std::collections::HashSet;
use threshold_crypto::{serde_impl::SerdeSecret, SecretKeyShare, SignatureShare};
pub use threshold_crypto::{PublicKey, PublicKeySet, Signature};
#[derive(Debug, Clone, Hash, PartialEq, Eq, Deserialize, Serialize)]
pub struct NodeSignature(u64, SignatureShare);
impl NodeSignature {
pub fn threshold_crypto(&self) -> (u64, &SignatureShare) {
(self.0, &self.1)
}
}
#[derive(Debug, Default, Clone, Serialize, Deserialize)]
pub struct KeyCache(HashSet<PublicKey>);
impl KeyCache {
pub fn verify(&self, msg: &Hash, key: &PublicKey, sig: &Signature) -> Result<()> {
self.verify_known_key(key)?;
if key.verify(&sig, msg) {
Ok(())
} else {
Err(Error::FailedSignature)
}
}
pub fn verify_known_key(&self, key: &PublicKey) -> Result<()> {
if self.0.contains(key) {
Ok(())
} else {
Err(Error::UnrecognisedAuthority)
}
}
pub fn add_known_key(&mut self, key: PublicKey) {
self.0.insert(key);
}
}
impl From<Vec<PublicKey>> for KeyCache {
fn from(keys: Vec<PublicKey>) -> Self {
Self(keys.into_iter().collect())
}
}
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct KeyManager {
public_key_set: PublicKeySet,
secret_key_share: (u64, SerdeSecret<SecretKeyShare>),
genesis_key: PublicKey,
cache: KeyCache,
}
impl KeyManager {
pub fn new(
public_key_set: PublicKeySet,
secret_key_share: (u64, SecretKeyShare),
genesis_key: PublicKey,
) -> Self {
let mut cache = KeyCache::default();
cache.add_known_key(genesis_key);
cache.add_known_key(public_key_set.public_key());
Self {
public_key_set,
secret_key_share: (secret_key_share.0, SerdeSecret(secret_key_share.1)),
genesis_key,
cache,
}
}
pub fn verify_we_are_a_genesis_node(&self) -> Result<()> {
if self.public_key_set.public_key() == self.genesis_key {
Ok(())
} else {
Err(Error::NotGenesisNode)
}
}
pub fn key_cache(&self) -> &KeyCache {
&self.cache
}
pub fn public_key_set(&self) -> PublicKeySet {
self.public_key_set.clone()
}
pub fn secret_key_share(&self) -> SecretKeyShare {
self.secret_key_share.1.inner().clone()
}
pub fn sign(&self, msg_hash: &Hash) -> NodeSignature {
NodeSignature(
self.secret_key_share.0,
self.secret_key_share.1.inner().sign(msg_hash),
)
}
pub fn verify(&self, msg_hash: &Hash, key: &PublicKey, signature: &Signature) -> Result<()> {
self.cache.verify(msg_hash, key, signature)
}
}