This repository was archived by the owner on Nov 15, 2023. It is now read-only.
Refactor key management #3296
Merged
Refactor key management #3296
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Cleanup some naming
This will eventually allow for dynamic determination of authority keys and avoid having to set them directly on CLI.
Experiment with modular consensus API.
with validator IDs
gnunicorn
approved these changes
Aug 7, 2019
Contributor
gnunicorn
left a comment
gnunicorn
left a comment
There was a problem hiding this comment.
A few remarks, but nothing major.
Note: I only glanced over the macros and superficially looked at the SRML changes, as I missing the context to understand the design behind the changes - but nothing bad jumped out.
core/application-crypto/src/lib.rs
Outdated
| #[cfg_attr(feature = "std", derive(Debug, Hash))] | ||
| pub struct Public($public); | ||
| } | ||
| // TODO: needed for verify since it takes an AsRef, but should be removed once that is |
Contributor
There was a problem hiding this comment.
No TODO without a link to the issue pls.
core/primitives/src/crypto.rs
Outdated
| /// A type of supported crypto. | ||
| #[derive(Clone, Copy, PartialEq, Eq, Encode, Decode)] | ||
| #[cfg_attr(feature = "std", derive(Debug))] | ||
| #[repr(u32)] |
Contributor
There was a problem hiding this comment.
any particular reason this is a u32 and not, for e.g. a u8? Are we expecting to ever have more than 255 known values in here?
node-template/src/service.rs
Outdated
| AuthoritySetup = { | ||
| |service: Self::FullService| { | ||
| if let Some(key) = service.authority_key() { | ||
| if let Some(key) = None::<aura_primitives::sr25519::AuthorityPair> /* service.authority_key() */ { |
Contributor
There was a problem hiding this comment.
I suppose that is not the template that we want to hand out after this PR, is it?....
node/cli/src/chain_spec.rs
Outdated
| // for i in 1 2 3 4 ; do for j in session; do subkey --ed25519 inspect "$secret"//fir//$j//$i; done; done | ||
|
|
||
| let initial_authorities: Vec<(AccountId, AccountId, BabeId, GrandpaId)> = vec
Co-Authored-By: Benjamin Kampmann <[email protected]>
Also, rename traits::KeyStore* -> traits::BareCryptoStore*
4 tasks
kianenigma
pushed a commit
that referenced
this pull request
Aug 9, 2019
* Add Call type to extensible transactions. Cleanup some naming * Merge Resource and BlockExhausted into just Exhausted * Fix * Another fix * Call * Some fixes * Fix srml tests. * Fix all tests. * Refactor crypto so each application of it has its own type. * Introduce new AuthorityProvider API into Aura This will eventually allow for dynamic determination of authority keys and avoid having to set them directly on CLI. * Introduce authority determinator for Babe. Experiment with modular consensus API. * Work in progress to introduce KeyTypeId and avoid polluting API with validator IDs * Finish up drafting imonline * Rework offchain workers API. * Rework API implementation. * Make it compile for wasm, simplify app_crypto. * Fix compilation of im-online. * Fix compilation of im-online. * Fix more compilation errors. * Make it compile. * Fixing tests. * Rewrite `keystore` * Fix session tests * Bring back `TryFrom`'s' * Fix `srml-grandpa` * Fix `srml-aura` * Fix consensus babe * More fixes * Make service generate keys from dev_seed * Build fixes * Remove offchain tests * More fixes and cleanups * Fixes finality grandpa * Fix `consensus-aura` * Fix cli * Fix `node-cli` * Fix chain_spec builder * Fix doc tests * Add authority getter for grandpa. * Test fix * Fixes * Make keystore accessible from the runtime * Move app crypto to its own crate * Update `Cargo.lock` * Make the crypto stuff usable from the runtime * Adds some runtime crypto tests * Use last finalized block for grandpa authority * Fix warning * Adds `SessionKeys` runtime api * Remove `FinalityPair` and `ConsensusPair` * Minor governance tweaks to get it inline with docs. * Make the governance be up to date with the docs. * Build fixes. * Generate the inital session keys * Failing keystore is a hard error * Make babe work again * Fix grandpa * Fix tests * Disable `keystore` in consensus critical stuff * Build fix. * ImOnline supports multiple authorities at once. * Update core/application-crypto/src/ed25519.rs * Merge branch 'master' into gav-in-progress * Remove unneeded code for now. * Some `session` testing * Support querying the public keys * Cleanup offchain * Remove warnings * More cleanup * Apply suggestions from code review Co-Authored-By: Benjamin Kampmann <[email protected]> * More cleanups * JSONRPC API for setting keys. Also, rename traits::KeyStore* -> traits::BareCryptoStore* * Bad merge * Fix integration tests * Fix test build * Test fix * Fixes * Warnings * Another warning * Bump version.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Supersedes #3213
This PR is turning into a major refactoring over the crypto and key management system, which seems both long overdue and somewhat inescapable.
I'll want to integrate the general changes in (but not merge) #3034 and possibly #3193 together with #3137.
The main issues that this PR aims to solve are:
fn fg_authority_key()all the way through the codebase). Though they do now, they won't forever and it shouldn't be an assumption that we bake in to internal APIs.TODO:
Refactor
ImOnline:Dynamic key selection:
--validatorto enable active validation process; remove any validator key-management stuff from the CLI (--key). (A second--workerarg can enable off-chain workers.)--keyall the way down to key-choice).authority_key/fg_authority_keyAPIs completely.--passwordwork (should accept a manually-entered password and use it for everything in the keystore).author_rotateKeyswhich creates a new set of session keys, saves them to the key-store and returns their public keys, so that a rotation-transaction can be constructed. There should be no pollution of the APIs with session keys: the rotation API should be wholly independent of each of the individual keys. This may mean new APIs in theOpaqueKeystrait.Refactor
Client:Clienttrait that provides all the basic APIs and hasBlockas an associated item. Probably a separate PR.I would also like to solve the fact that service construction is highly monolithic and polluted by consensus-module-specific code. Really it should just be a case of specifying the block production and finality systems and letting it do the rest. Code for set-up, take-down, RPC and key-store integration should be provided through traits that the consensus modules (Babe, Aura, Grandpa and eventually Rho and PoW) implement within their module's scope. There shouldn't be any consensus-module-specific logic dirtying up
service.rs.service:service.rsinto the respective consensus modules. Provide a single API endpoint (i.e. a type that implements someConsensusSystemtrait and have that as the only resource that service needs know of. Probably a separate PR.This also adds:
swapto allow two storage items in the same map to be swapped.