diff --git a/go/consensus/cometbft/apps/keymanager/churp/state/interop/interop.go b/go/consensus/cometbft/apps/keymanager/churp/state/interop/interop.go new file mode 100644 index 00000000000..133e877384d --- /dev/null +++ b/go/consensus/cometbft/apps/keymanager/churp/state/interop/interop.go @@ -0,0 +1,122 @@ +package interop + +import ( + "context" + "fmt" + + "github.com/oasisprotocol/oasis-core/go/common" + "github.com/oasisprotocol/oasis-core/go/common/cbor" + "github.com/oasisprotocol/oasis-core/go/common/crypto/hash" + "github.com/oasisprotocol/oasis-core/go/common/crypto/signature" + memorySigner "github.com/oasisprotocol/oasis-core/go/common/crypto/signature/signers/memory" + "github.com/oasisprotocol/oasis-core/go/common/sgx" + churpState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/churp/state" + "github.com/oasisprotocol/oasis-core/go/keymanager/churp" + "github.com/oasisprotocol/oasis-core/go/keymanager/secrets" + "github.com/oasisprotocol/oasis-core/go/storage/mkvs" +) + +// InitializeTestKeyManagerSecretsState must be kept in sync with tests in runtimes/consensus/state/keymanager/churp.rs. +func InitializeTestKeyManagerSecretsState(ctx context.Context, mkvs mkvs.Tree) error { + state := churpState.NewMutableState(mkvs) + + // One runtime. + var runtime common.Namespace + if err := runtime.UnmarshalHex("8000000000000000000000000000000000000000000000000000000000000000"); err != nil { + return err + } + + // Two enclave identities. + var enclave1, enclave2 sgx.EnclaveIdentity + if err := enclave1.MrEnclave.UnmarshalHex("c9a589851b1f35627177fd70378ed778170f737611e4dfbf0b6d25bdff55b474"); err != nil { + return err + } + if err := enclave1.MrSigner.UnmarshalHex("7d310664780931ae103ab30a90171c201af385a72757bb4683578fdebde9adf5"); err != nil { + return err + } + if err := enclave2.MrEnclave.UnmarshalHex("756eaf76f5482c5345808b1eaccdd5c60f864bb2aa2d2b870df00ce435af4e23"); err != nil { + return err + } + if err := enclave2.MrSigner.UnmarshalHex("3597a2ff0743016f28e5d7e129304ee1c43dbdae3dba94e19cee3549038a5a32"); err != nil { + return err + } + + // CHURP identity. + identity := churp.Identity{ + ID: 1, + RuntimeID: runtime, + } + + // Signed policy. + policy := churp.PolicySGX{ + Identity: identity, + Serial: 6, + MayShare: []sgx.EnclaveIdentity{enclave1}, + MayJoin: []sgx.EnclaveIdentity{enclave2}, + } + sigPolicy := churp.SignedPolicySGX{ + Policy: policy, + Signatures: []signature.Signature{}, + } + + // Two signers. + signers := []signature.Signer{ + memorySigner.NewTestSigner("first signer"), + memorySigner.NewTestSigner("second signer"), + } + + for _, signer := range signers { + sig, err := signature.Sign(signer, secrets.PolicySGXSignatureContext, cbor.Marshal(policy)) + if err != nil { + return fmt.Errorf("failed to sign policy: %w", err) + } + sigPolicy.Signatures = append(sigPolicy.Signatures, *sig) + } + + // Random checksum. + var checksum hash.Hash + if err := checksum.UnmarshalHex("1bff211fae98c88ba82388ae954b88a71d3bbe327e162e9fa711fe7a1b759c3e"); err != nil { + return err + } + + // Committee. + committee := []signature.PublicKey{signers[0].Public(), signers[1].Public()} + + // Applications. + applications := map[signature.PublicKey]churp.Application{ + signers[0].Public(): { + Checksum: checksum, + Reconstructed: false, + }, + signers[1].Public(): { + Checksum: checksum, + Reconstructed: true, + }, + } + + // Empty status. + var status churp.Status + if err := state.SetStatus(ctx, &status); err != nil { + return fmt.Errorf("failed to set key CHURP status: %w", err) + } + + // Non-empty status. + status = churp.Status{ + Identity: identity, + GroupID: churp.EccNistP384, + Threshold: 2, + Round: 3, + NextHandoff: 4, + HandoffInterval: 5, + Policy: sigPolicy, + Committee: committee, + Applications: applications, + Checksum: &checksum, + } + + if err := state.SetStatus(ctx, &status); err != nil { + return fmt.Errorf("failed to set key CHURP status: %w", err) + } + + return nil +} diff --git a/go/consensus/cometbft/apps/keymanager/secrets/state/interop/interop.go b/go/consensus/cometbft/apps/keymanager/secrets/state/interop/interop.go index 280f6cdb5dc..2c573c2cf92 100644 --- a/go/consensus/cometbft/apps/keymanager/secrets/state/interop/interop.go +++ b/go/consensus/cometbft/apps/keymanager/secrets/state/interop/interop.go @@ -125,7 +125,7 @@ func InitializeTestKeyManagerSecretsState(ctx context.Context, mkvs mkvs.Tree) e }, } { if err = state.SetStatus(ctx, status); err != nil { - return fmt.Errorf("setting key manager status: %w", err) + return fmt.Errorf("failed to set key manager status: %w", err) } } diff --git a/go/consensus/cometbft/apps/keymanager/state/interop/interop.go b/go/consensus/cometbft/apps/keymanager/state/interop/interop.go index dfa616070c1..82d55ddb0f8 100644 --- a/go/consensus/cometbft/apps/keymanager/state/interop/interop.go +++ b/go/consensus/cometbft/apps/keymanager/state/interop/interop.go @@ -3,10 +3,14 @@ package interop import ( "context" + churpInterop "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/churp/state/interop" secretsInterop "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/secrets/state/interop" "github.com/oasisprotocol/oasis-core/go/storage/mkvs" ) func InitializeTestKeyManagerState(ctx context.Context, mkvs mkvs.Tree) error { - return secretsInterop.InitializeTestKeyManagerSecretsState(ctx, mkvs) + if err := secretsInterop.InitializeTestKeyManagerSecretsState(ctx, mkvs); err != nil { + return err + } + return churpInterop.InitializeTestKeyManagerSecretsState(ctx, mkvs) } diff --git a/runtime/src/consensus/state/beacon.rs b/runtime/src/consensus/state/beacon.rs index b590c898b14..4efeb7c90db 100644 --- a/runtime/src/consensus/state/beacon.rs +++ b/runtime/src/consensus/state/beacon.rs @@ -154,7 +154,7 @@ mod test { let mock_consensus_root = Root { version: 1, root_type: RootType::State, - hash: Hash::from("f637a80b24e3ffaaf3de0da96f1dfd94d0a135348f40006d578d557d70d5fa42"), + hash: Hash::from("b13652616801aaac81697445b16d75cfa5dd96d53df6fd96dff9cd29c0ee0725"), ..Default::default() }; let mkvs = Tree::builder() diff --git a/runtime/src/consensus/state/keymanager.rs b/runtime/src/consensus/state/keymanager.rs index bc33d7e8abb..926187c494c 100644 --- a/runtime/src/consensus/state/keymanager.rs +++ b/runtime/src/consensus/state/keymanager.rs @@ -166,7 +166,7 @@ mod test { let mock_consensus_root = Root { version: 1, root_type: RootType::State, - hash: Hash::from("f637a80b24e3ffaaf3de0da96f1dfd94d0a135348f40006d578d557d70d5fa42"), + hash: Hash::from("b13652616801aaac81697445b16d75cfa5dd96d53df6fd96dff9cd29c0ee0725"), ..Default::default() }; let mkvs = Tree::builder() diff --git a/runtime/src/consensus/state/registry.rs b/runtime/src/consensus/state/registry.rs index d259cd257c1..df0b4aa5ce8 100644 --- a/runtime/src/consensus/state/registry.rs +++ b/runtime/src/consensus/state/registry.rs @@ -131,7 +131,7 @@ mod test { let mock_consensus_root = Root { version: 1, root_type: RootType::State, - hash: Hash::from("f637a80b24e3ffaaf3de0da96f1dfd94d0a135348f40006d578d557d70d5fa42"), + hash: Hash::from("b13652616801aaac81697445b16d75cfa5dd96d53df6fd96dff9cd29c0ee0725"), ..Default::default() }; let mkvs = Tree::builder() diff --git a/runtime/src/consensus/state/roothash.rs b/runtime/src/consensus/state/roothash.rs index 26dd7f5329b..3ad9732fadd 100644 --- a/runtime/src/consensus/state/roothash.rs +++ b/runtime/src/consensus/state/roothash.rs @@ -123,7 +123,7 @@ mod test { let mock_consensus_root = Root { version: 1, root_type: RootType::State, - hash: Hash::from("f637a80b24e3ffaaf3de0da96f1dfd94d0a135348f40006d578d557d70d5fa42"), + hash: Hash::from("b13652616801aaac81697445b16d75cfa5dd96d53df6fd96dff9cd29c0ee0725"), ..Default::default() }; let mkvs = Tree::builder() diff --git a/runtime/src/consensus/state/staking.rs b/runtime/src/consensus/state/staking.rs index 8728cba9730..94d252989cf 100644 --- a/runtime/src/consensus/state/staking.rs +++ b/runtime/src/consensus/state/staking.rs @@ -221,7 +221,7 @@ mod test { let mock_consensus_root = Root { version: 1, root_type: RootType::State, - hash: Hash::from("f637a80b24e3ffaaf3de0da96f1dfd94d0a135348f40006d578d557d70d5fa42"), + hash: Hash::from("b13652616801aaac81697445b16d75cfa5dd96d53df6fd96dff9cd29c0ee0725"), ..Default::default() }; let mkvs = Tree::builder()