Revert change to MockCrypto and require DSIGN only when running the KES agent

Author: jasagredo

ouroboros-consensus-cardano/src/unstable-shelley-testlib/Test/Consensus/Shelley/MockCrypto.hs

@@ -15,11 +15,14 @@ module Test.Consensus.Shelley.MockCrypto (
   , MockCrypto
   ) where
 
+import           Cardano.Crypto.DSIGN (MockDSIGN)
 import           Cardano.Crypto.KES (MockKES)
 import qualified Cardano.Crypto.KES as KES (Signable)
 import           Cardano.Crypto.Util (SignableRepresentation)
 import           Cardano.Crypto.VRF (MockVRF)
-import           Cardano.KESAgent.Protocols.StandardCrypto (MockCrypto)
+import qualified Cardano.KESAgent.KES.Crypto as Agent
+import qualified Cardano.KESAgent.Processes.ServiceClient as Agent
+import qualified Cardano.KESAgent.Protocols.VersionedProtocol as Agent
 import           Cardano.Ledger.BaseTypes (Seed)
 import qualified Cardano.Ledger.Shelley.API as SL
 import qualified Cardano.Ledger.Shelley.Core as Core
@@ -40,8 +43,16 @@ import           Ouroboros.Consensus.Shelley.Ledger (ShelleyBlock,
 import           Ouroboros.Consensus.Shelley.Protocol.Abstract (ProtoCrypto)
 import           Test.QuickCheck (Arbitrary)
 
+-- | A mock replacement for 'StandardCrypto'
+--
+-- We run the tests with this mock crypto, as it is easier to generate and
+-- debug things. The code is parametric in the crypto, so it shouldn't make
+-- much of a difference. This also has the important advantage
+-- that we can reuse the generators from cardano-ledger-specs.
+data MockCrypto
+
 instance Crypto MockCrypto where
-  type KES      MockCrypto = MockKES 128
+  type KES      MockCrypto = MockKES 10
   type VRF      MockCrypto = MockVRF
 
 instance SL.PraosCrypto MockCrypto
@@ -76,5 +87,15 @@ type CanMock proto era =
   , Arbitrary (SL.CertState era)
   )
 
+instance Agent.NamedCrypto MockCrypto where
+  cryptoName _ = Agent.CryptoName "Mock"
+
+instance Agent.ServiceClientDrivers MockCrypto where
+  availableServiceClientDrivers = []
+
+instance Agent.Crypto MockCrypto where
+  type KES MockCrypto = MockKES 10
+  type DSIGN MockCrypto = MockDSIGN
+
 instance AgentCrypto MockCrypto where
   type ACrypto MockCrypto = MockCrypto

ouroboros-consensus-protocol/src/ouroboros-consensus-protocol/Ouroboros/Consensus/Protocol/Praos/AgentClient.hs

@@ -68,7 +68,7 @@ class ( Crypto c
       , Agent.Crypto (ACrypto c)
       , Agent.NamedCrypto (ACrypto c)
       , Agent.KES (ACrypto c) ~ KES c
-      , Agent.DSIGN (ACrypto c) ~ DSIGN
+
       , ContextKES (KES c) ~ ()
       , ContextVRF (VRF c) ~ ()
       , Typeable (ACrypto c)
@@ -77,25 +77,23 @@ class ( Crypto c
       , DirectDeserialise (SignKeyKES (KES c))
       )
   => AgentCrypto c where
-        type ACrypto c :: Type
+  type ACrypto c :: Type
 
 instance AgentCrypto StandardCrypto where
   type ACrypto StandardCrypto = Agent.StandardCrypto
 
+convertOCert :: (AgentCrypto c, Agent.DSIGN (ACrypto c) ~ DSIGN) => Agent.OCert (ACrypto c) -> OCert.OCert c
+convertOCert oca =
+    OCert.OCert
+      { OCert.ocertVkHot = Agent.ocertVkHot oca
+      , OCert.ocertN = Agent.ocertN oca
+      , OCert.ocertKESPeriod = OCert.KESPeriod (Agent.unKESPeriod $ Agent.ocertKESPeriod oca)
+      , OCert.ocertSigma = coerce (Agent.ocertSigma oca)
+      }
+
 convertPeriod :: Agent.KESPeriod -> OCert.KESPeriod
 convertPeriod (Agent.KESPeriod p) = OCert.KESPeriod p
 
-convertOCert :: ( AgentCrypto c
-                )
-              => Agent.OCert (ACrypto c) -> OCert.OCert c
-convertOCert oca =
-  OCert.OCert
-    { OCert.ocertVkHot = Agent.ocertVkHot oca
-    , OCert.ocertN = Agent.ocertN oca
-    , OCert.ocertKESPeriod = OCert.KESPeriod (Agent.unKESPeriod $ Agent.ocertKESPeriod oca)
-    , OCert.ocertSigma = coerce (Agent.ocertSigma oca)
-    }
-
 class (MonadFail m, Show (Addr m)) => MonadKESAgent m where
   type FD m :: Type
   type Addr m :: Type
@@ -130,6 +128,7 @@ instance SimSnocket.GlobalAddressScheme FilePath where
 
 runKESAgentClient :: forall m c.
                      ( KESAgentContext c m
+                     , Agent.DSIGN (ACrypto c) ~ DSIGN
                      )
                   => Tracer m KESAgentClientTrace
                   -> FilePath

ouroboros-consensus-protocol/src/ouroboros-consensus-protocol/Ouroboros/Consensus/Protocol/Praos/Common.hs

@@ -3,7 +3,9 @@
 {-# LANGUAGE DeriveGeneric #-}
 {-# LANGUAGE DerivingVia #-}
 {-# LANGUAGE FlexibleContexts #-}
+{-# LANGUAGE GADTs #-}
 {-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE LambdaCase #-}
 {-# LANGUAGE ScopedTypeVariables #-}
 {-# LANGUAGE TypeApplications #-}
 {-# LANGUAGE TypeFamilies #-}
@@ -26,9 +28,10 @@ module Ouroboros.Consensus.Protocol.Praos.Common (
 import qualified Cardano.Crypto.KES.Class as KES
 import           Cardano.Crypto.VRF
 import qualified Cardano.Crypto.VRF as VRF
+import qualified Cardano.KESAgent.KES.Crypto as Agent
 import           Cardano.Ledger.BaseTypes (Nonce)
 import qualified Cardano.Ledger.BaseTypes as SL
-import           Cardano.Ledger.Keys (KeyHash, KeyRole (BlockIssuer))
+import           Cardano.Ledger.Keys (DSIGN, KeyHash, KeyRole (BlockIssuer))
 import qualified Cardano.Ledger.Shelley.API as SL
 import           Cardano.Protocol.Crypto (Crypto, KES, VRF)
 import qualified Cardano.Protocol.TPraos.OCert as OCert
@@ -40,6 +43,7 @@ import           Data.Map.Strict (Map)
 import           Data.Ord (Down (Down))
 import           Data.Word (Word64)
 import           GHC.Generics (Generic)
+import           NoThunks.Class
 import           Ouroboros.Consensus.Protocol.Abstract
 import qualified Ouroboros.Consensus.Protocol.Ledger.HotKey as HotKey
 import           Ouroboros.Consensus.Protocol.Praos.AgentClient
@@ -267,18 +271,25 @@ instance (NoThunks (SignKeyVRF (VRF c)), NoThunks (KES.UnsoundPureSignKeyKES (KE
 
 -- | Defines a method for obtaining Praos credentials (opcert + KES signing
 -- key).
-data PraosCredentialsSource c
-  = -- | Pass an opcert and sign key directly. This uses
+data PraosCredentialsSource c where
+   -- | Pass an opcert and sign key directly. This uses
     -- 'KES.UnsoundPureSignKeyKES', which does not provide mlocking guarantees,
     -- violating the rule that KES secrets must never be stored on disk, but
     -- allows the sign key to be loaded from a local file. This method is
     -- provided for backwards compatibility.
-    PraosCredentialsUnsound (OCert.OCert c) (KES.UnsoundPureSignKeyKES (KES c))
-  | -- | Connect to a KES agent listening on a service socket at the given path.
-    PraosCredentialsAgent FilePath
-  deriving (Generic)
+    PraosCredentialsUnsound :: OCert.OCert c -> KES.UnsoundPureSignKeyKES (KES c) -> PraosCredentialsSource c
+    -- | Connect to a KES agent listening on a service socket at the given path.
+    PraosCredentialsAgent :: Agent.DSIGN (ACrypto c) ~ DSIGN => FilePath -> PraosCredentialsSource c
+
+instance (NoThunks (KES.UnsoundPureSignKeyKES (KES c)), Crypto c) => NoThunks (PraosCredentialsSource c) where
+  wNoThunks ctxt = \case
+    PraosCredentialsUnsound oca k -> allNoThunks [
+        noThunks ctxt oca
+      , noThunks ctxt k
+      ]
+    PraosCredentialsAgent fp -> noThunks ctxt fp
 
-instance (NoThunks (KES.UnsoundPureSignKeyKES (KES c)), Crypto c) => NoThunks (PraosCredentialsSource c)
+  showTypeOf _ = "PraosCredentialsSource"
 
 instantiatePraosCredentials :: forall m c.
                                ( KESAgentContext c m