Integrate unsound kes interface

cabal.project

@@ -44,3 +44,46 @@ package ouroboros-network
 if(os(windows))
   constraints:
     bitvec -simd
+
+source-repository-package
+  type: git
+  location: https://github.com/input-output-hk/cardano-base
+  tag: b2cec3fbcde4bacb9c961e5510d5a1d3754c4e2b
+  --sha256: sha256-TDEBINZ3SkhpRNomMdt53bR3gdzgkWR9jIlAr8yrU6o=
+  subdir:
+      cardano-crypto-class
+
+source-repository-package
+  type: git
+  location: https://github.com/input-output-hk/cardano-ledger
+  tag: 9d380ab7d6ae52ff66aae9a19dbb3036b1b13c94
+  --sha256: sha256-N4XRVqC+UgWej+J16RPh3EO6MSIE3wmJvmP5/nRgIuw=
+  subdir:
+      eras/allegra/impl
+      eras/alonzo/impl
+      eras/alonzo/test-suite
+      eras/babbage/impl
+      eras/babbage/test-suite
+      eras/byron/chain/executable-spec
+      eras/byron/crypto
+      eras/byron/crypto/test
+      eras/byron/ledger/executable-spec
+      eras/byron/ledger/impl
+      eras/byron/ledger/impl/test
+      eras/conway/impl
+      eras/conway/test-suite
+      eras/mary/impl
+      eras/shelley/impl
+      eras/shelley-ma/test-suite
+      eras/shelley/test-suite
+      libs/cardano-data
+      libs/cardano-ledger-api
+      libs/cardano-ledger-binary
+      libs/cardano-ledger-core
+      libs/cardano-ledger-test
+      libs/cardano-protocol-tpraos
+      libs/constrained-generators
+      libs/non-integral
+      libs/set-algebra
+      libs/small-steps
+      libs/vector-map

ouroboros-consensus-cardano/ouroboros-consensus-cardano.cabal

@@ -129,16 +129,16 @@ library
     bytestring >=0.10 && <0.13,
     cardano-binary,
     cardano-crypto,
-    cardano-crypto-class,
+    cardano-crypto-class ^>= 2.2,
     cardano-crypto-wrapper,
     cardano-ledger-allegra ^>=1.6,
     cardano-ledger-alonzo ^>=1.12,
     cardano-ledger-api ^>=1.10,
     cardano-ledger-babbage ^>=1.10,
-    cardano-ledger-binary ^>=1.5,
+    cardano-ledger-binary ^>=1.6,
     cardano-ledger-byron ^>=1.0.1,
     cardano-ledger-conway ^>=1.18,
-    cardano-ledger-core ^>=1.16,
+    cardano-ledger-core ^>=1.17,
     cardano-ledger-mary ^>=1.7,
     cardano-ledger-shelley ^>=1.15,
     cardano-prelude,
@@ -147,7 +147,7 @@ library
     cardano-strict-containers,
     cborg ^>=0.2.2,
     containers >=0.5 && <0.8,
-    cryptonite >=0.25 && <0.31,
+    crypton,
     deepseq,
     formatting >=6.3 && <7.3,
     measures,

ouroboros-consensus-cardano/src/byron/Ouroboros/Consensus/Byron/Crypto/DSIGN.hs

@@ -92,7 +92,7 @@ instance DSIGNAlgorithm ByronDSIGN where
       where
         seedBytes = case getBytesFromSeed 32 seed of
           Just (x,_) -> x
-          Nothing    -> throw $ SeedBytesExhausted (-1) -- TODO We can't get the seed size!
+          Nothing    -> throw $ SeedBytesExhausted (-1) (-1) -- TODO We can't get the seed size!
 
     deriveVerKeyDSIGN (SignKeyByronDSIGN sk) = VerKeyByronDSIGN $ toVerification sk
 

ouroboros-consensus-cardano/src/shelley/Ouroboros/Consensus/Shelley/Node/Common.hs

@@ -20,6 +20,8 @@ module Ouroboros.Consensus.Shelley.Node.Common (
   , shelleyBlockIssuerVKey
   ) where
 
+import           Cardano.Crypto.KES (UnsoundPureSignKeyKES)
+import           Cardano.Ledger.Crypto
 import qualified Cardano.Ledger.Keys as SL
 import qualified Cardano.Ledger.Shelley.API as SL
 import           Cardano.Ledger.Slot
@@ -52,7 +54,7 @@ data ShelleyLeaderCredentials c = ShelleyLeaderCredentials
     --
     -- Note that this is not inside 'ShelleyCanBeLeader' since it gets evolved
     -- automatically, whereas 'ShelleyCanBeLeader' does not change.
-    shelleyLeaderCredentialsInitSignKey :: SL.SignKeyKES c,
+    shelleyLeaderCredentialsInitSignKey :: UnsoundPureSignKeyKES (KES c),
     shelleyLeaderCredentialsCanBeLeader :: PraosCanBeLeader c,
     -- | Identifier for this set of credentials.
     --

ouroboros-consensus-cardano/src/unstable-cardano-tools/Cardano/Api/KeysPraos.hs

@@ -31,7 +31,7 @@ import qualified Cardano.Crypto.DSIGN.Class as Crypto
 import qualified Cardano.Crypto.Hash.Class as Crypto
 import qualified Cardano.Crypto.KES.Class as Crypto
 import qualified Cardano.Crypto.VRF.Class as Crypto
-import           Cardano.Ledger.Crypto (StandardCrypto)
+import           Cardano.Ledger.Crypto (Crypto(..), StandardCrypto)
 import qualified Cardano.Ledger.Crypto as Shelley (KES, VRF)
 import qualified Cardano.Ledger.Keys as Shelley
 import           Data.String (IsString (..))
@@ -56,15 +56,15 @@ instance Key KesKey where
       deriving anyclass SerialiseAsCBOR
 
     newtype SigningKey KesKey =
-        KesSigningKey (Shelley.SignKeyKES StandardCrypto)
+        KesSigningKey (Crypto.UnsoundPureSignKeyKES (KES StandardCrypto))
       deriving (Show, IsString) via UsingRawBytesHex (SigningKey KesKey)
-      deriving newtype (EncCBOR, DecCBOR, ToCBOR, FromCBOR)
-      deriving anyclass SerialiseAsCBOR
+      deriving newtype (ToCBOR, FromCBOR)
+      deriving anyclass (EncCBOR, DecCBOR, SerialiseAsCBOR)
 
     --This loses the mlock safety of the seed, since it starts from a normal in-memory seed.
     deterministicSigningKey :: AsType KesKey -> Crypto.Seed -> SigningKey KesKey
     deterministicSigningKey AsKesKey =
-        KesSigningKey . Crypto.genKeyKES
+        KesSigningKey . Crypto.unsoundPureGenKeyKES
 
     deterministicSigningKeySeedSize :: AsType KesKey -> Word
     deterministicSigningKeySeedSize AsKesKey =
@@ -75,7 +75,7 @@ instance Key KesKey where
 
     getVerificationKey :: SigningKey KesKey -> VerificationKey KesKey
     getVerificationKey (KesSigningKey sk) =
-        KesVerificationKey (Crypto.deriveVerKeyKES sk)
+        KesVerificationKey (Crypto.unsoundPureDeriveVerKeyKES sk)
 
     verificationKeyHash :: VerificationKey KesKey -> Hash KesKey
     verificationKeyHash (KesVerificationKey vkey) =
@@ -92,10 +92,10 @@ instance SerialiseAsRawBytes (VerificationKey KesKey) where
 
 instance SerialiseAsRawBytes (SigningKey KesKey) where
     serialiseToRawBytes (KesSigningKey sk) =
-      Crypto.rawSerialiseSignKeyKES sk
+      Crypto.rawSerialiseUnsoundPureSignKeyKES sk
 
     deserialiseFromRawBytes (AsSigningKey AsKesKey) bs =
-      KesSigningKey <$> Crypto.rawDeserialiseSignKeyKES bs
+      KesSigningKey <$> Crypto.rawDeserialiseUnsoundPureSignKeyKES bs
 
 instance SerialiseAsBech32 (VerificationKey KesKey) where
     bech32PrefixFor         _ =  "kes_vk"

ouroboros-consensus-cardano/src/unstable-shelley-testlib/Test/ThreadNet/Infra/Shelley.hs

@@ -37,7 +37,8 @@ module Test.ThreadNet.Infra.Shelley (
 
 import           Cardano.Crypto.DSIGN (DSIGNAlgorithm (..), seedSizeDSIGN)
 import           Cardano.Crypto.Hash (HashAlgorithm)
-import           Cardano.Crypto.KES (KESAlgorithm (..))
+import           Cardano.Crypto.KES (UnsoundPureSignKeyKES, KESAlgorithm (..),
+                     seedSizeKES, unsoundPureGenKeyKES, unsoundPureDeriveVerKeyKES)
 import           Cardano.Crypto.Seed (mkSeedFromBytes)
 import qualified Cardano.Crypto.Seed as Cardano.Crypto
 import           Cardano.Crypto.VRF (SignKeyVRF, deriveVerKeyVRF, genKeyVRF,
@@ -138,7 +139,7 @@ data CoreNode c = CoreNode {
       -- ^ The hash of the corresponding verification (public) key will be
       -- used as the staking credential.
     , cnVRF         :: !(SL.SignKeyVRF   c)
-    , cnKES         :: !(SL.SignKeyKES   c)
+    , cnKES         :: !(UnsoundPureSignKeyKES (KES c))
     , cnOCert       :: !(SL.OCert        c)
     }
 
@@ -180,8 +181,8 @@ genCoreNode startKESPeriod = do
     delKey <- genKeyDSIGN <$> genSeed (seedSizeDSIGN (Proxy @(DSIGN c)))
     stkKey <- genKeyDSIGN <$> genSeed (seedSizeDSIGN (Proxy @(DSIGN c)))
     vrfKey <- genKeyVRF   <$> genSeed (seedSizeVRF   (Proxy @(VRF   c)))
-    kesKey <- genKeyKES   <$> genSeed (seedSizeKES   (Proxy @(KES   c)))
-    let kesPub = deriveVerKeyKES kesKey
+    kesKey <- unsoundPureGenKeyKES <$> genSeed (seedSizeKES   (Proxy @(KES   c)))
+    let kesPub = unsoundPureDeriveVerKeyKES kesKey
         sigma  = LK.signedDSIGN
           @c
           delKey

ouroboros-consensus-diffusion/ouroboros-consensus-diffusion.cabal

@@ -174,8 +174,8 @@ library unstable-mock-testlib
     QuickCheck,
     base,
     bytestring,
-    cardano-crypto-class,
-    cardano-crypto-tests,
+    cardano-crypto-class ^>= 2.2,
+    cardano-crypto-tests ^>= 2.2,
     containers,
     ouroboros-consensus:{ouroboros-consensus, unstable-consensus-testlib, unstable-mock-block},
     ouroboros-network-protocols:testlib,
@@ -281,7 +281,7 @@ test-suite consensus-test
     base,
     binary,
     bytestring,
-    cardano-crypto-class,
+    cardano-crypto-class ^>= 2.2,
     cardano-slotting:{cardano-slotting, testlib},
     cardano-strict-containers,
     containers,

ouroboros-consensus-protocol/ouroboros-consensus-protocol.cabal

@@ -66,7 +66,7 @@ library
     base >=4.14 && <4.21,
     bytestring,
     cardano-binary,
-    cardano-crypto-class,
+    cardano-crypto-class ^>= 2.2,
     cardano-ledger-binary,
     cardano-ledger-core,
     cardano-ledger-shelley,
@@ -94,9 +94,9 @@ library unstable-protocol-testlib
     base,
     base16-bytestring,
     bytestring,
-    cardano-crypto-class,
-    cardano-crypto-praos,
-    cardano-crypto-tests,
+    cardano-crypto-class ^>= 2.2,
+    cardano-crypto-praos ^>= 2.2,
+    cardano-crypto-tests ^>= 2.2,
     cardano-ledger-binary,
     cardano-ledger-core,
     cardano-ledger-shelley-test,
@@ -117,9 +117,9 @@ test-suite protocol-test
   build-depends:
     QuickCheck,
     base,
-    cardano-crypto-class,
+    cardano-crypto-class ^>= 2.2,
     cardano-ledger-binary:testlib,
-    cardano-ledger-core ^>=1.16,
+    cardano-ledger-core ^>=1.17,
     containers,
     ouroboros-consensus:{ouroboros-consensus, unstable-consensus-testlib},
     ouroboros-consensus-protocol,

ouroboros-consensus-protocol/src/ouroboros-consensus-protocol/Ouroboros/Consensus/Protocol/Ledger/HotKey.hs

@@ -25,7 +25,8 @@ module Ouroboros.Consensus.Protocol.Ledger.HotKey (
   ) where
 
 import qualified Cardano.Crypto.KES as Relative (Period)
-import           Cardano.Ledger.Crypto (Crypto)
+import           Cardano.Crypto.KES
+import           Cardano.Ledger.Crypto (Crypto (..))
 import qualified Cardano.Ledger.Keys as SL
 import qualified Cardano.Protocol.TPraos.OCert as Absolute (KESPeriod (..))
 import           Data.Word (Word64)
@@ -148,7 +149,7 @@ sign = sign_
 -- | The actual KES key, unless it expired, in which case it is replaced by
 -- \"poison\".
 data KESKey c =
-    KESKey !(SL.SignKeyKES c)
+    KESKey !(UnsoundPureSignKeyKES (KES c))
   | KESKeyPoisoned
   deriving (Generic)
 
@@ -168,7 +169,7 @@ instance Crypto c => NoThunks (KESState c)
 
 mkHotKey ::
      forall m c. (Crypto c, IOLike m)
-  => SL.SignKeyKES c
+  => UnsoundPureSignKeyKES (KES c)
   -> Absolute.KESPeriod  -- ^ Start period
   -> Word64              -- ^ Max KES evolutions
   -> m (HotKey c m)
@@ -184,7 +185,7 @@ mkHotKey initKey startPeriod@(Absolute.KESPeriod start) maxKESEvolutions = do
             KESKeyPoisoned -> error "trying to sign with a poisoned key"
             KESKey key     -> do
               let evolution = kesEvolution kesStateInfo
-                  signed    = SL.signedKES () evolution toSign key
+                  signed    = unsoundPureSignedKES () evolution toSign key
               -- Force the signature to WHNF (for 'SignedKES', WHNF implies
               -- NF) so that we don't have any thunks holding on to a key that
               -- might be destructively updated when evolved.
@@ -260,17 +261,18 @@ evolveKey varKESState targetPeriod = modifyMVar varKESState $ \kesState -> do
     -- | PRECONDITION:
     --
     -- > targetEvolution >= curEvolution
-    go :: KESEvolution -> KESInfo -> SL.SignKeyKES c -> m (KESState c)
+    go :: KESEvolution -> KESInfo -> UnsoundPureSignKeyKES (KES c) -> m (KESState c)
     go targetEvolution info key
       | targetEvolution <= curEvolution
       = return $ KESState { kesStateInfo = info, kesStateKey = KESKey key }
       | otherwise
-      = case SL.updateKES () key curEvolution of
+      = case unsoundPureUpdateKES () key curEvolution of
           -- This cannot happen
           Nothing    -> error "Could not update KES key"
           Just !key' -> do
             -- Clear the memory associated with the old key
-            forgetSignKeyKES key
+            -- FIXME: Here we want to forget, but it was never implemented
+            -- forgetSignKeyKES key
             let info' = info { kesEvolution = curEvolution + 1 }
             go targetEvolution info' key'
       where

ouroboros-consensus-protocol/src/unstable-protocol-testlib/Test/Consensus/Protocol/Serialisation/Generators.hs

@@ -6,7 +6,7 @@
 -- to be semantically correct at all, only structurally correct.
 module Test.Consensus.Protocol.Serialisation.Generators () where
 
-import           Cardano.Crypto.KES (signedKES)
+import           Cardano.Crypto.KES (unsoundPureSignedKES)
 import           Cardano.Crypto.VRF (evalCertified)
 import           Cardano.Protocol.TPraos.BHeader (HashHeader, PrevHash (..))
 import           Cardano.Protocol.TPraos.OCert (KESPeriod (KESPeriod),
@@ -60,7 +60,7 @@ instance Praos.PraosCrypto c => Arbitrary (Header c) where
     hBody <- arbitrary
     period <- arbitrary
     sKey <- arbitrary
-    let hSig = signedKES () period hBody sKey
+    let hSig = unsoundPureSignedKES () period hBody sKey
     pure $ Header hBody hSig
 
 instance Praos.PraosCrypto c => Arbitrary (PraosState c) where