Skip to content

KES agent integration #1487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 8 commits into from
Closed

KES agent integration #1487

wants to merge 8 commits into from

Conversation

@jasagredo
Copy link
Contributor

@jasagredo jasagredo commented Apr 30, 2025
edited
Loading

This changes Consensus such that mlocked KES keys are used internally.

This is important groundwork for supporting KES agents in the future. In this form, the code will still load KES keys from disk, which is unsound, but the internal machinery is ready to also accept KES keys from other sources, and once loaded, KES keys will be handled appropriately (kept in mlocked RAM at all times, securely erased when expired).

This also involves a restructuring of the HotKey data structure, which now manages not only a KES SignKey, but also the corresponding OpCert. This is necessary for two reasons:

  • With a KES agent, the OpCert will be provided along with the SignKey; this is the easiest way to make sure that the OpCert always matches the SignKey it is used with
  • With the new structure, KES keys can be replaced in a live node kernel, without having to restart it and reload the entire configuration. Because of this, the HotKey, which manages the dynamic part of the node kernel's signing mechanism, needs to be able to replace not just the SignKey (which it already did, in order to handle key evolution), but also the OpCert (which will not change when a SignKey evolves, but it will change when a new SignKey is provided).

Supersedes #1284.

Issue #558.

This adds KES Agent connectivity to consensus.

To use a KES Agent to source KES SignKeys and OpCerts, the praosCredentialsSource in the PraosCanBeLeader data structure can now be pointed to a domain socket address where it will look for a KES Agent.

Also covers #1077.

jasagredo
jasagredo commented Apr 30, 2025
View reviewed changes
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from a10939e to 1cf35e6 Compare April 30, 2025 10:46
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from ceb0550 to 4ca03a3 Compare April 30, 2025 11:11
@jasagredo jasagredo linked an issue Apr 30, 2025 that may be closed by this pull request
Adapt KES usage to new, non-pure, interface #558
Open
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from 108bfcb to 833650d Compare May 5, 2025 12:23
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from 833650d to 4828699 Compare May 5, 2025 12:24
@jasagredo jasagredo marked this pull request as ready for review May 5, 2025 12:26
@tdammers tdammers self-requested a review May 15, 2025 08:55
tdammers
tdammers requested changes May 15, 2025
View reviewed changes
Copy link
Contributor

@tdammers tdammers left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changelog needs to be fixed, rest looks good.

ouroboros-consensus-cardano/src/unstable-shelley-testlib/Test/ThreadNet/Infra/Shelley.hs
Comment on lines +190 to +191
vrfKey <- genKeyVRF <$> genSeed (seedSizeVRF (Proxy @(VRF c)))
kesKey <- unsoundPureGenKeyKES <$> genSeed (seedSizeKES (Proxy @(KES c)))
Copy link
Contributor

@tdammers tdammers May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why the extra spaces?

ouroboros-consensus-protocol/changelog.d/20250130_101128_tdammers_mlocked_kes_rebase.md
Comment on lines +14 to +18
specifies how to obtain the actual credentials (OpCert and KES SignKey). For
now, the only supported method is passing an OpCert and an
UnsoundPureSignKeyKES, presumably loaded from disk
(`PraosCredentialsUnsound`); future iterations will add support for
connecting to a KES agent.
Copy link
Contributor

@tdammers tdammers May 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
specifies how to obtain the actual credentials (OpCert and KES SignKey). For
now, the only supported method is passing an OpCert and an
UnsoundPureSignKeyKES, presumably loaded from disk
(`PraosCredentialsUnsound`); future iterations will add support for
connecting to a KES agent.
specifies how to obtain the actual credentials (OpCert and KES SignKey).
Two methods are supported:
- Directly passing an OpCert and an UnsoundPureSignKeyKES, presumably loaded
from disk (`PraosCredentialsUnsound`)
- Passing a socket address to a KES Agent from which OpCerts and (sound)
SignKeyKES can be obtained (`PraosCredentialsAgent`)

@jasagredo jasagredo mentioned this pull request May 13, 2025
Open
39 tasks
@jasagredo jasagredo changed the title Js/tdammers/kes agent conectivity KES agent integration May 15, 2025
@fraser-iohk fraser-iohk force-pushed the js/tdammers/kes-agent-conectivity branch from 4208ea1 to 3228821 Compare June 2, 2025 12:33
@fraser-iohk fraser-iohk force-pushed the js/tdammers/kes-agent-conectivity branch from 6c5adc4 to 3228821 Compare June 20, 2025 16:21
@fraser-iohk fraser-iohk mentioned this pull request Aug 5, 2025
Merged
@fraser-iohk
Copy link
Contributor

fraser-iohk commented Aug 7, 2025

This PR has been superceded by #1620

@fraser-iohk fraser-iohk closed this Aug 7, 2025
github-merge-queue bot pushed a commit that referenced this pull request Sep 10, 2025
@fraser-iohk
Integrate KES agent functionality into ouroboros-consensus (#1620)
6002345 
This PR supercedes #1487

includes the following squashed commit messages:

- Update to use newest cardano-crypto-class with unsound pure KES
implementation

- Use mlocked KES

- Add KES agent connectivity

- Rebase cleanup

- Handle drop-key messages from KES Agent

- Provide KESAgentClientTrace to BlockForging

- Revert change to MockCrypto and require DSIGN only when running the
KES agent

- Bump kes-agent SRP to remove SerDoc dependency

# Description

Please include a meaningful description of the PR and link the relevant
issues
this PR might resolve.

Also note that:

- New code should be properly tested (even if it does not add new
features).
- The fix for a regression should include a test that reproduces said
regression.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tdammers tdammers tdammers requested changes

@nfrisby nfrisby Awaiting requested review from nfrisby nfrisby is a code owner

@amesgen amesgen Awaiting requested review from amesgen amesgen is a code owner

@fraser-iohk fraser-iohk Awaiting requested review from fraser-iohk fraser-iohk is a code owner

@dnadales dnadales Awaiting requested review from dnadales dnadales is a code owner

@geo2a geo2a Awaiting requested review from geo2a geo2a is a code owner

@jorisdral jorisdral Awaiting requested review from jorisdral

Assignees

@fraser-iohk fraser-iohk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Adapt KES usage to new, non-pure, interface

5 participants

@jasagredo @fraser-iohk @tdammers @lehins