#4817

Committed 19 Apr 2024 11:14AM UTC coverage: 46.95% (-2.2%) from 49.113%

Build # #4817

Build Type

Committed by

Commit Message

go/worker/keymanager/churp: Authorize RPC requests

Pull Request Pull Request #5640: go/worker/keymanager/churp: Orchestrate handoffs

Run Details

63 of 526 new or added lines in 10 files covered. (11.98%)

2 existing lines in 1 file now uncovered.

3879 of 8262 relevant lines covered (46.95%)

0.97 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/keymanager/src/client/interface.rs

//! Key manager client.
use std::sync::Arc;

use async_trait::async_trait;

use oasis_core_runtime::{common::crypto::signature::PublicKey, consensus::beacon::EpochTime};

use crate::{
    api::KeyManagerError,
    churp::EncodedSecretShare,
    crypto::{KeyPair, KeyPairId, Secret, SignedPublicKey, VerifiableSecret},
};

/// Key manager client interface.
#[async_trait]
pub trait KeyManagerClient: Send + Sync {
    /// Clear local key cache.
    ///
    /// This will make the client re-fetch the keys from the key manager.
    fn clear_cache(&self);

    /// Get or create named long-term key pair.
    ///
    /// If the key does not yet exist, the key manager will generate one. If
    /// the key has already been cached locally, it will be retrieved from
    /// cache.
    async fn get_or_create_keys(
        &self,
        key_pair_id: KeyPairId,
        generation: u64,
    ) -> Result<KeyPair, KeyManagerError>;

    /// Get long-term public key for a key pair id.
    async fn get_public_key(
        &self,
        key_pair_id: KeyPairId,
        generation: u64,
    ) -> Result<SignedPublicKey, KeyManagerError>;

    /// Get or create named ephemeral key pair for given epoch.
    ///
    /// If the key does not yet exist, the key manager will generate one. If
    /// the key has already been cached locally, it will be retrieved from
    /// cache.
    async fn get_or_create_ephemeral_keys(
        &self,
        key_pair_id: KeyPairId,
        epoch: EpochTime,
    ) -> Result<KeyPair, KeyManagerError>;

    /// Get ephemeral public key for an epoch and a key pair id.
    async fn get_public_ephemeral_key(
        &self,
        key_pair_id: KeyPairId,
        epoch: EpochTime,
    ) -> Result<SignedPublicKey, KeyManagerError>;

    /// Get a copy of the master secret for replication.
    async fn replicate_master_secret(
        &self,
        generation: u64,
    ) -> Result<VerifiableSecret, KeyManagerError>;

    /// Get a copy of the ephemeral secret for replication.
    async fn replicate_ephemeral_secret(&self, epoch: EpochTime)
        -> Result<Secret, KeyManagerError>;

    /// Returns the verification matrix for the given handoff.
    async fn verification_matrix(
        &self,
        churp_id: u8,
        epoch: EpochTime,
    ) -> Result<Vec<u8>, KeyManagerError>;

    /// Returns a switch point for the share reduction phase
    /// of the given handoff.
    async fn share_reduction_point(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<Vec<u8>, KeyManagerError>;

    /// Returns a switch point for the share distribution phase
    /// of the given handoff.
    async fn share_distribution_point(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<Vec<u8>, KeyManagerError>;

    /// Returns a bivariate share for the given handoff.
    async fn bivariate_share(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<EncodedSecretShare, KeyManagerError>;
}

#[async_trait]
impl<T: ?Sized + KeyManagerClient> KeyManagerClient for Arc<T> {
    fn clear_cache(&self) {
        KeyManagerClient::clear_cache(&**self)
    }

    async fn get_or_create_keys(
        &self,
        key_pair_id: KeyPairId,
        generation: u64,
    ) -> Result<KeyPair, KeyManagerError> {
        KeyManagerClient::get_or_create_keys(&**self, key_pair_id, generation).await
    }

    async fn get_public_key(
        &self,
        key_pair_id: KeyPairId,
        generation: u64,
    ) -> Result<SignedPublicKey, KeyManagerError> {
        KeyManagerClient::get_public_key(&**self, key_pair_id, generation).await
    }

    async fn get_or_create_ephemeral_keys(
        &self,
        key_pair_id: KeyPairId,
        epoch: EpochTime,
    ) -> Result<KeyPair, KeyManagerError> {
        KeyManagerClient::get_or_create_ephemeral_keys(&**self, key_pair_id, epoch).await
    }

    async fn get_public_ephemeral_key(
        &self,
        key_pair_id: KeyPairId,
        epoch: EpochTime,
    ) -> Result<SignedPublicKey, KeyManagerError> {
        KeyManagerClient::get_public_ephemeral_key(&**self, key_pair_id, epoch).await
    }

    async fn replicate_master_secret(
        &self,
        generation: u64,
    ) -> Result<VerifiableSecret, KeyManagerError> {
        KeyManagerClient::replicate_master_secret(&**self, generation).await
    }

    async fn replicate_ephemeral_secret(
        &self,
        epoch: EpochTime,
    ) -> Result<Secret, KeyManagerError> {
        KeyManagerClient::replicate_ephemeral_secret(&**self, epoch).await
    }

    async fn verification_matrix(
        &self,
        churp_id: u8,
        epoch: EpochTime,
    ) -> Result<Vec<u8>, KeyManagerError> {
        KeyManagerClient::verification_matrix(&**self, churp_id, epoch).await
    }

    async fn share_reduction_point(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<Vec<u8>, KeyManagerError> {
        KeyManagerClient::share_reduction_point(&**self, churp_id, epoch, node_id).await
    }

    async fn share_distribution_point(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<Vec<u8>, KeyManagerError> {
        KeyManagerClient::share_distribution_point(&**self, churp_id, epoch, node_id).await
    }

    async fn bivariate_share(
        &self,
        churp_id: u8,
        epoch: EpochTime,
        node_id: PublicKey,
    ) -> Result<EncodedSecretShare, KeyManagerError> {
        KeyManagerClient::bivariate_share(&**self, churp_id, epoch, node_id).await
    }
}

1	//! Key manager client.
2	use std::sync::Arc;
3
4	use async_trait::async_trait;
5
6	use oasis_core_runtime::{common::crypto::signature::PublicKey, consensus::beacon::EpochTime};
7
8	use crate::{
9	api::KeyManagerError,
10	churp::EncodedSecretShare,
11	crypto::{KeyPair, KeyPairId, Secret, SignedPublicKey, VerifiableSecret},
12	};
13
14	/// Key manager client interface.
15	#[async_trait]
16	pub trait KeyManagerClient: Send + Sync {
17	/// Clear local key cache.
18	///
19	/// This will make the client re-fetch the keys from the key manager.
20	fn clear_cache(&self);
21
22	/// Get or create named long-term key pair.
23	///
24	/// If the key does not yet exist, the key manager will generate one. If
25	/// the key has already been cached locally, it will be retrieved from
26	/// cache.
27	async fn get_or_create_keys(
28	&self,
29	key_pair_id: KeyPairId,
30	generation: u64,
31	) -> Result<KeyPair, KeyManagerError>;
32
33	/// Get long-term public key for a key pair id.
34	async fn get_public_key(
35	&self,
36	key_pair_id: KeyPairId,
37	generation: u64,
38	) -> Result<SignedPublicKey, KeyManagerError>;
39
40	/// Get or create named ephemeral key pair for given epoch.
41	///
42	/// If the key does not yet exist, the key manager will generate one. If
43	/// the key has already been cached locally, it will be retrieved from
44	/// cache.
45	async fn get_or_create_ephemeral_keys(
46	&self,
47	key_pair_id: KeyPairId,
48	epoch: EpochTime,
49	) -> Result<KeyPair, KeyManagerError>;
50
51	/// Get ephemeral public key for an epoch and a key pair id.
52	async fn get_public_ephemeral_key(
53	&self,
54	key_pair_id: KeyPairId,
55	epoch: EpochTime,
56	) -> Result<SignedPublicKey, KeyManagerError>;
57
58	/// Get a copy of the master secret for replication.
59	async fn replicate_master_secret(
60	&self,
61	generation: u64,
62	) -> Result<VerifiableSecret, KeyManagerError>;
63
64	/// Get a copy of the ephemeral secret for replication.
65	async fn replicate_ephemeral_secret(&self, epoch: EpochTime)
66	-> Result<Secret, KeyManagerError>;
67
68	/// Returns the verification matrix for the given handoff.
69	async fn verification_matrix(
70	&self,
71	churp_id: u8,
72	epoch: EpochTime,
73	) -> Result<Vec<u8>, KeyManagerError>;
74
75	/// Returns a switch point for the share reduction phase
76	/// of the given handoff.
77	async fn share_reduction_point(
78	&self,
79	churp_id: u8,
80	epoch: EpochTime,
81	node_id: PublicKey,
82	) -> Result<Vec<u8>, KeyManagerError>;
83
84	/// Returns a switch point for the share distribution phase
85	/// of the given handoff.
86	async fn share_distribution_point(
87	&self,
88	churp_id: u8,
89	epoch: EpochTime,
90	node_id: PublicKey,
91	) -> Result<Vec<u8>, KeyManagerError>;
92
93	/// Returns a bivariate share for the given handoff.
94	async fn bivariate_share(
95	&self,
96	churp_id: u8,
97	epoch: EpochTime,
98	node_id: PublicKey,
99	) -> Result<EncodedSecretShare, KeyManagerError>;
100	}
101
102	#[async_trait]
103	impl<T: ?Sized + KeyManagerClient> KeyManagerClient for Arc<T> {
104	fn clear_cache(&self) {	×
105	KeyManagerClient::clear_cache(&**self)	×
106	}
107
108	async fn get_or_create_keys(
109	&self,
110	key_pair_id: KeyPairId,
111	generation: u64,
112	) -> Result<KeyPair, KeyManagerError> {
113	KeyManagerClient::get_or_create_keys(&**self, key_pair_id, generation).await	×
114	}
115
116	async fn get_public_key(
117	&self,
118	key_pair_id: KeyPairId,
119	generation: u64,
120	) -> Result<SignedPublicKey, KeyManagerError> {
121	KeyManagerClient::get_public_key(&**self, key_pair_id, generation).await	×
122	}
123
124	async fn get_or_create_ephemeral_keys(
125	&self,
126	key_pair_id: KeyPairId,
127	epoch: EpochTime,
128	) -> Result<KeyPair, KeyManagerError> {
129	KeyManagerClient::get_or_create_ephemeral_keys(&**self, key_pair_id, epoch).await	×
130	}
131
132	async fn get_public_ephemeral_key(
133	&self,
134	key_pair_id: KeyPairId,
135	epoch: EpochTime,
136	) -> Result<SignedPublicKey, KeyManagerError> {
137	KeyManagerClient::get_public_ephemeral_key(&**self, key_pair_id, epoch).await	×
138	}
139
140	async fn replicate_master_secret(
141	&self,
142	generation: u64,
143	) -> Result<VerifiableSecret, KeyManagerError> {
144	KeyManagerClient::replicate_master_secret(&**self, generation).await	×
145	}
146
147	async fn replicate_ephemeral_secret(
148	&self,
149	epoch: EpochTime,
150	) -> Result<Secret, KeyManagerError> {
151	KeyManagerClient::replicate_ephemeral_secret(&**self, epoch).await	×
152	}
153
154	async fn verification_matrix(
155	&self,
156	churp_id: u8,
157	epoch: EpochTime,
158	) -> Result<Vec<u8>, KeyManagerError> {
NEW 159	KeyManagerClient::verification_matrix(&**self, churp_id, epoch).await	×
160	}
161
162	async fn share_reduction_point(
163	&self,
164	churp_id: u8,
165	epoch: EpochTime,
166	node_id: PublicKey,
167	) -> Result<Vec<u8>, KeyManagerError> {
NEW 168	KeyManagerClient::share_reduction_point(&**self, churp_id, epoch, node_id).await	×
169	}
170
171	async fn share_distribution_point(
172	&self,
173	churp_id: u8,
174	epoch: EpochTime,
175	node_id: PublicKey,
176	) -> Result<Vec<u8>, KeyManagerError> {
NEW 177	KeyManagerClient::share_distribution_point(&**self, churp_id, epoch, node_id).await	×
178	}
179
180	async fn bivariate_share(
181	&self,
182	churp_id: u8,
183	epoch: EpochTime,
184	node_id: PublicKey,
185	) -> Result<EncodedSecretShare, KeyManagerError> {
NEW 186	KeyManagerClient::bivariate_share(&**self, churp_id, epoch, node_id).await	×
187	}
188	}

oasisprotocol / oasis-core / #4817

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous