feat: add new 'genesis generate-keypair' command to aggregator

Author: jpraynaud

mithril-aggregator/src/commands/genesis_command.rs

@@ -45,6 +45,9 @@ pub enum GenesisSubCommand {
 
     /// Genesis certificate bootstrap command.
     Bootstrap(BootstrapGenesisSubCommand),
+
+    /// Genesis certificate keypair generation command.
+    GenerateKeypair(GenerateKeypairGenesisSubCommand),
 }
 
 impl GenesisSubCommand {
@@ -58,6 +61,7 @@ impl GenesisSubCommand {
             Self::Export(cmd) => cmd.execute(root_logger, config_builder).await,
             Self::Import(cmd) => cmd.execute(root_logger, config_builder).await,
             Self::Sign(cmd) => cmd.execute(root_logger, config_builder).await,
+            Self::GenerateKeypair(cmd) => cmd.execute(root_logger, config_builder).await,
         }
     }
 }
@@ -229,3 +233,30 @@ impl BootstrapGenesisSubCommand {
         Ok(())
     }
 }
+
+/// Genesis certificate keypair generation command.
+#[derive(Parser, Debug, Clone)]
+pub struct GenerateKeypairGenesisSubCommand {
+    /// Target Path for the generated keypair
+    #[clap(long)]
+    target_path: PathBuf,
+}
+
+impl GenerateKeypairGenesisSubCommand {
+    pub async fn execute(
+        &self,
+        root_logger: Logger,
+        _config_builder: ConfigBuilder<DefaultState>,
+    ) -> StdResult<()> {
+        debug!(root_logger, "GENERATE KEYPAIR GENESIS command");
+        println!(
+            "Generating genesis keypair to {}",
+            self.target_path.to_string_lossy()
+        );
+
+        GenesisTools::create_and_save_genesis_keypair(&self.target_path)
+            .with_context(|| "genesis-tools: keypair generation error")?;
+
+        Ok(())
+    }
+}

mithril-aggregator/src/tools/genesis.rs

@@ -1,5 +1,10 @@
 use anyhow::{anyhow, Context};
-use std::{fs::File, io::prelude::*, io::Write, path::Path, sync::Arc};
+use std::{
+    fs::File,
+    io::{prelude::*, Write},
+    path::{Path, PathBuf},
+    sync::Arc,
+};
 
 use mithril_common::{
     certificate_chain::{CertificateGenesisProducer, CertificateVerifier},
@@ -201,16 +206,25 @@ impl GenesisTools {
             })?;
         Ok(())
     }
+
+    /// Export the genesis keypair to a folder and returns the paths to the files (secret key, verification_key)
+    pub fn create_and_save_genesis_keypair(keypair_path: &Path) -> StdResult<(PathBuf, PathBuf)> {
+        let genesis_signer = ProtocolGenesisSigner::create_non_deterministic_genesis_signer();
+
+        genesis_signer.export_keypair_to_files(keypair_path)
+    }
 }
 
 #[cfg(test)]
 mod tests {
     use mithril_common::{
         certificate_chain::MithrilCertificateVerifier,
-        crypto_helper::ProtocolGenesisSigner,
+        crypto_helper::{
+            ProtocolGenesisSecretKey, ProtocolGenesisSigner, ProtocolGenesisVerificationKey,
+        },
         test_utils::{fake_data, MithrilFixtureBuilder, TempDir},
     };
-    use std::path::PathBuf;
+    use std::{fs::read_to_string, path::PathBuf};
 
     use crate::database::test_helper::main_db_connection;
     use crate::test_tools::TestLogger;
@@ -266,14 +280,13 @@ mod tests {
         let test_dir = get_temp_dir("export_payload_to_sign");
         let payload_path = test_dir.join("payload.txt");
         let signed_payload_path = test_dir.join("payload-signed.txt");
-        let genesis_secret_key_path = test_dir.join("genesis.sk");
         let genesis_signer = ProtocolGenesisSigner::create_deterministic_genesis_signer();
         let (genesis_tools, certificate_store, genesis_verifier, certificate_verifier) =
             build_tools(&genesis_signer);
 
-        genesis_signer
-            .export_to_file(&genesis_secret_key_path)
-            .expect("exporting the secret key should not fail");
+        let (genesis_secret_key_path, _) = genesis_signer
+            .export_keypair_to_files(&test_dir)
+            .expect("exporting the keypair should not fail");
         genesis_tools
             .export_payload_to_sign(&payload_path)
             .expect("export_payload_to_sign should not fail");
@@ -327,4 +340,27 @@ mod tests {
                 "verify_genesis_certificate should successfully validate the genesis certificate",
             );
     }
+
+    #[test]
+    fn test_create_and_save_genesis_keypair() {
+        let temp_dir = get_temp_dir("test_create_and_save_genesis_keypair");
+        let (genesis_secret_key_path, genesis_verification_key_path) =
+            GenesisTools::create_and_save_genesis_keypair(&temp_dir)
+                .expect("Failed to create and save genesis keypair");
+        let genesis_secret_key = ProtocolGenesisSecretKey::from_json_hex(
+            &read_to_string(&genesis_secret_key_path)
+                .expect("Failed to read genesis secret key file"),
+        )
+        .expect("Failed to parse genesis secret key");
+        let genesis_verification_key = ProtocolGenesisVerificationKey::from_json_hex(
+            &read_to_string(&genesis_verification_key_path)
+                .expect("Failed to read genesis verification key file"),
+        )
+        .expect("Failed to parse genesis verification key");
+        let genesis_verifier =
+            ProtocolGenesisSigner::from_secret_key(genesis_secret_key).create_genesis_verifier();
+
+        let expected_genesis_verification_key = genesis_verifier.to_verification_key();
+        assert_eq!(expected_genesis_verification_key, genesis_verification_key);
+    }
 }

mithril-common/src/crypto_helper/genesis.rs

@@ -6,7 +6,11 @@ use rand_chacha::rand_core;
 use rand_chacha::rand_core::{CryptoRng, RngCore, SeedableRng};
 use rand_chacha::ChaCha20Rng;
 use serde::{Deserialize, Serialize};
-use std::{fs::File, io::Write, path::Path};
+use std::{
+    fs::File,
+    io::Write,
+    path::{Path, PathBuf},
+};
 use thiserror::Error;
 
 use super::{ProtocolGenesisSecretKey, ProtocolGenesisSignature, ProtocolGenesisVerificationKey};
@@ -63,13 +67,25 @@ impl ProtocolGenesisSigner {
         self.secret_key.sign(message).into()
     }
 
-    /// Export the secret key from the genesis verifier to a file. TEST ONLY
-    #[doc(hidden)]
-    pub fn export_to_file(&self, secret_key_path: &Path) -> StdResult<()> {
-        let mut genesis_secret_key_file = File::create(secret_key_path)?;
-        genesis_secret_key_file.write_all(self.secret_key.to_json_hex().unwrap().as_bytes())?;
+    /// Export the keypair from the genesis verifier to files
+    pub fn export_keypair_to_files(&self, keypair_path: &Path) -> StdResult<(PathBuf, PathBuf)> {
+        let genesis_secret_key_path = keypair_path.join("genesis.sk");
+        {
+            let genesis_secret_key_payload = self.secret_key.to_json_hex().unwrap();
+            let mut genesis_secret_key_file = File::create(&genesis_secret_key_path)?;
+            genesis_secret_key_file.write_all(genesis_secret_key_payload.as_bytes())?;
+        }
+
+        let genesis_verification_key_path = keypair_path.join("genesis.vk");
+        {
+            let genesis_verification_key: ProtocolGenesisVerificationKey =
+                self.secret_key.verifying_key().into();
+            let genesis_verification_key_payload = genesis_verification_key.to_json_hex().unwrap();
+            let mut genesis_verification_key_file = File::create(&genesis_verification_key_path)?;
+            genesis_verification_key_file.write_all(genesis_verification_key_payload.as_bytes())?;
+        }
 
-        Ok(())
+        Ok((genesis_secret_key_path, genesis_verification_key_path))
     }
 }