Merge pull request #4758 from ElrondNetwork/consensus-private-keys-re…

…factor Refactored private keys usage in consensus
multiversx · Dec 6, 2022 · 60cc70d · 60cc70d
2 parents e0493fe + c8af06f
commit 60cc70d
Show file tree

Hide file tree

Showing 21 changed files with 173 additions and 229 deletions.
diff --git a/consensus/interface.go b/consensus/interface.go
@@ -152,8 +152,8 @@ type ScheduledProcessor interface {
 // SignatureHandler defines the behaviour of a component that handles signatures in consensus
 type SignatureHandler interface {
 	Reset(pubKeys []string) error
-	CreateSignatureShare(msg []byte, index uint16, epoch uint32) ([]byte, error)
-	CreateSignatureShareWithPrivateKey(message []byte, index uint16, epoch uint32, privateKeyBytes []byte) ([]byte, error)
+	CreateSignatureShareForPublicKey(message []byte, index uint16, epoch uint32, publicKeyBytes []byte) ([]byte, error)
+	CreateSignatureForPublicKey(message []byte, publicKeyBytes []byte) ([]byte, error)
 	StoreSignatureShare(index uint16, sig []byte) error
 	SignatureShare(index uint16) ([]byte, error)
 	VerifySignatureShare(index uint16, sig []byte, msg []byte, epoch uint32) error

diff --git a/consensus/mock/consensusDataContainerMock.go b/consensus/mock/consensusDataContainerMock.go
@@ -4,7 +4,6 @@ import (
 	"github.com/ElrondNetwork/elrond-go-core/data"
 	"github.com/ElrondNetwork/elrond-go-core/hashing"
 	"github.com/ElrondNetwork/elrond-go-core/marshal"
-	crypto "github.com/ElrondNetwork/elrond-go-crypto"
 	cryptoCommon "github.com/ElrondNetwork/elrond-go/common/crypto"
 	"github.com/ElrondNetwork/elrond-go/consensus"
 	"github.com/ElrondNetwork/elrond-go/epochStart"
@@ -24,8 +23,6 @@ type ConsensusCoreMock struct {
 	chronologyHandler       consensus.ChronologyHandler
 	hasher                  hashing.Hasher
 	marshalizer             marshal.Marshalizer
-	blsPrivateKey           crypto.PrivateKey
-	blsSingleSigner         crypto.SingleSigner
 	multiSignerContainer    cryptoCommon.MultiSignerContainer
 	roundHandler            consensus.RoundHandler
 	shardCoordinator        sharding.Coordinator
@@ -121,11 +118,6 @@ func (ccm *ConsensusCoreMock) SetBlockchain(blockChain data.ChainHandler) {
 	ccm.blockChain = blockChain
 }
 
-// SetSingleSigner -
-func (ccm *ConsensusCoreMock) SetSingleSigner(signer crypto.SingleSigner) {
-	ccm.blsSingleSigner = signer
-}
-
 // SetBlockProcessor -
 func (ccm *ConsensusCoreMock) SetBlockProcessor(blockProcessor process.BlockProcessor) {
 	ccm.blockProcessor = blockProcessor
@@ -181,16 +173,6 @@ func (ccm *ConsensusCoreMock) SetValidatorGroupSelector(validatorGroupSelector n
 	ccm.validatorGroupSelector = validatorGroupSelector
 }
 
-// PrivateKey -
-func (ccm *ConsensusCoreMock) PrivateKey() crypto.PrivateKey {
-	return ccm.blsPrivateKey
-}
-
-// SingleSigner returns the bls single signer stored in the ConsensusStore
-func (ccm *ConsensusCoreMock) SingleSigner() crypto.SingleSigner {
-	return ccm.blsSingleSigner
-}
-
 // PeerHonestyHandler -
 func (ccm *ConsensusCoreMock) PeerHonestyHandler() consensus.PeerHonestyHandler {
 	return ccm.peerHonestyHandler

diff --git a/consensus/mock/mockTestInitializer.go b/consensus/mock/mockTestInitializer.go
@@ -171,12 +171,6 @@ func InitConsensusCoreWithMultiSigner(multiSigner crypto.MultiSigner) *Consensus
 	chronologyHandlerMock := InitChronologyHandlerMock()
 	hasherMock := &hashingMocks.HasherMock{}
 	marshalizerMock := MarshalizerMock{}
-	blsPrivateKeyMock := &PrivateKeyMock{}
-	blsSingleSignerMock := &SingleSignerMock{
-		SignStub: func(private crypto.PrivateKey, msg []byte) (bytes []byte, e error) {
-			return make([]byte, 0), nil
-		},
-	}
 	roundHandlerMock := &RoundHandlerMock{}
 	shardCoordinatorMock := ShardCoordinatorMock{}
 	syncTimerMock := &SyncTimerMock{}
@@ -216,8 +210,6 @@ func InitConsensusCoreWithMultiSigner(multiSigner crypto.MultiSigner) *Consensus
 		chronologyHandler:       chronologyHandlerMock,
 		hasher:                  hasherMock,
 		marshalizer:             marshalizerMock,
-		blsPrivateKey:           blsPrivateKeyMock,
-		blsSingleSigner:         blsSingleSignerMock,
 		multiSignerContainer:    multiSignerContainer,
 		roundHandler:            roundHandlerMock,
 		shardCoordinator:        shardCoordinatorMock,

diff --git a/consensus/mock/signatureHandlerStub.go b/consensus/mock/signatureHandlerStub.go
@@ -2,15 +2,15 @@ package mock
 
 // SignatureHandlerStub implements SignatureHandler interface
 type SignatureHandlerStub struct {
-	ResetCalled                              func(pubKeys []string) error
-	CreateSignatureShareCalled               func(msg []byte, index uint16, epoch uint32) ([]byte, error)
-	CreateSignatureShareWithPrivateKeyCalled func(message []byte, index uint16, epoch uint32, privateKeyBytes []byte) ([]byte, error)
-	StoreSignatureShareCalled                func(index uint16, sig []byte) error
-	SignatureShareCalled                     func(index uint16) ([]byte, error)
-	VerifySignatureShareCalled               func(index uint16, sig []byte, msg []byte, epoch uint32) error
-	AggregateSigsCalled                      func(bitmap []byte, epoch uint32) ([]byte, error)
-	SetAggregatedSigCalled                   func(_ []byte) error
-	VerifyCalled                             func(msg []byte, bitmap []byte, epoch uint32) error
+	ResetCalled                            func(pubKeys []string) error
+	CreateSignatureShareForPublicKeyCalled func(message []byte, index uint16, epoch uint32, publicKeyBytes []byte) ([]byte, error)
+	CreateSignatureForPublicKeyCalled      func(message []byte, publicKeyBytes []byte) ([]byte, error)
+	StoreSignatureShareCalled              func(index uint16, sig []byte) error
+	SignatureShareCalled                   func(index uint16) ([]byte, error)
+	VerifySignatureShareCalled             func(index uint16, sig []byte, msg []byte, epoch uint32) error
+	AggregateSigsCalled                    func(bitmap []byte, epoch uint32) ([]byte, error)
+	SetAggregatedSigCalled                 func(_ []byte) error
+	VerifyCalled                           func(msg []byte, bitmap []byte, epoch uint32) error
 }
 
 // Reset -
@@ -22,19 +22,19 @@ func (stub *SignatureHandlerStub) Reset(pubKeys []string) error {
 	return nil
 }
 
-// CreateSignatureShare -
-func (stub *SignatureHandlerStub) CreateSignatureShare(msg []byte, index uint16, epoch uint32) ([]byte, error) {
-	if stub.CreateSignatureShareCalled != nil {
-		return stub.CreateSignatureShareCalled(msg, index, epoch)
+// CreateSignatureShareForPublicKey -
+func (stub *SignatureHandlerStub) CreateSignatureShareForPublicKey(message []byte, index uint16, epoch uint32, publicKeyBytes []byte) ([]byte, error) {
+	if stub.CreateSignatureShareForPublicKeyCalled != nil {
+		return stub.CreateSignatureShareForPublicKeyCalled(message, index, epoch, publicKeyBytes)
 	}
 
-	return []byte("sigShare"), nil
+	return make([]byte, 0), nil
 }
 
-// CreateSignatureShareWithPrivateKey -
-func (stub *SignatureHandlerStub) CreateSignatureShareWithPrivateKey(message []byte, index uint16, epoch uint32, privateKeyBytes []byte) ([]byte, error) {
-	if stub.CreateSignatureShareWithPrivateKeyCalled != nil {
-		return stub.CreateSignatureShareWithPrivateKeyCalled(message, index, epoch, privateKeyBytes)
+// CreateSignatureForPublicKey -
+func (stub *SignatureHandlerStub) CreateSignatureForPublicKey(message []byte, publicKeyBytes []byte) ([]byte, error) {
+	if stub.CreateSignatureForPublicKeyCalled != nil {
+		return stub.CreateSignatureForPublicKeyCalled(message, publicKeyBytes)
 	}
 
 	return make([]byte, 0), nil

diff --git a/consensus/signing/errors.go b/consensus/signing/errors.go
@@ -8,14 +8,11 @@ var ErrInvalidSignature = errors.New("invalid signature was provided")
 // ErrNilElement is raised when searching for a specific element but found nil
 var ErrNilElement = errors.New("element is nil")
 
-// ErrIndexNotSelected is raised when a not selected index is used for multi-signing
-var ErrIndexNotSelected = errors.New("index is not selected")
-
 // ErrNilBitmap is raised when a nil bitmap is used
 var ErrNilBitmap = errors.New("bitmap is nil")
 
-// ErrNoPrivateKeySet is raised when no private key was set
-var ErrNoPrivateKeySet = errors.New("no private key was set")
+// ErrNilKeysHandler is raised when a nil keys handler was provided
+var ErrNilKeysHandler = errors.New("nil keys handler")
 
 // ErrNoPublicKeySet is raised when no public key was set for a multisignature
 var ErrNoPublicKeySet = errors.New("no public key was set")
@@ -29,6 +26,9 @@ var ErrNilPublicKeys = errors.New("public keys are nil")
 // ErrNilMultiSignerContainer is raised when a nil multi signer container has been provided
 var ErrNilMultiSignerContainer = errors.New("multi signer container is nil")
 
+// ErrNilSingleSigner signals that a nil single signer was provided
+var ErrNilSingleSigner = errors.New("nil single signer")
+
 // ErrIndexOutOfBounds is raised when an out of bound index is used
 var ErrIndexOutOfBounds = errors.New("index is out of bounds")
 

diff --git a/consensus/signing/signing.go b/consensus/signing/signing.go
@@ -6,19 +6,20 @@ import (
 	"github.com/ElrondNetwork/elrond-go-core/core/check"
 	crypto "github.com/ElrondNetwork/elrond-go-crypto"
 	cryptoCommon "github.com/ElrondNetwork/elrond-go/common/crypto"
+	"github.com/ElrondNetwork/elrond-go/consensus"
 )
 
 // ArgsSignatureHolder defines the arguments needed to create a new signature holder component
 type ArgsSignatureHolder struct {
 	PubKeys              []string
-	PrivKeyBytes         []byte
 	MultiSignerContainer cryptoCommon.MultiSignerContainer
+	SingleSigner         crypto.SingleSigner
 	KeyGenerator         crypto.KeyGenerator
+	KeysHandler          consensus.KeysHandler
 }
 
 type signatureHolderData struct {
 	pubKeys   [][]byte
-	privKey   []byte
 	sigShares [][]byte
 	aggSig    []byte
 }
@@ -27,7 +28,9 @@ type signatureHolder struct {
 	data                 *signatureHolderData
 	mutSigningData       sync.RWMutex
 	multiSignerContainer cryptoCommon.MultiSignerContainer
+	singleSigner         crypto.SingleSigner
 	keyGen               crypto.KeyGenerator
+	keysHandler          consensus.KeysHandler
 }
 
 // NewSignatureHolder will create a new signature holder component
@@ -47,24 +50,28 @@ func NewSignatureHolder(args ArgsSignatureHolder) (*signatureHolder, error) {
 
 	data := &signatureHolderData{
 		pubKeys:   pubKeysBytes,
-		privKey:   args.PrivKeyBytes,
 		sigShares: sigShares,
 	}
 
 	return &signatureHolder{
 		data:                 data,
 		mutSigningData:       sync.RWMutex{},
 		multiSignerContainer: args.MultiSignerContainer,
+		singleSigner:         args.SingleSigner,
 		keyGen:               args.KeyGenerator,
+		keysHandler:          args.KeysHandler,
 	}, nil
 }
 
 func checkArgs(args ArgsSignatureHolder) error {
 	if check.IfNil(args.MultiSignerContainer) {
 		return ErrNilMultiSignerContainer
 	}
-	if len(args.PrivKeyBytes) == 0 {
-		return ErrNoPrivateKeySet
+	if check.IfNil(args.SingleSigner) {
+		return ErrNilSingleSigner
+	}
+	if check.IfNil(args.KeysHandler) {
+		return ErrNilKeysHandler
 	}
 	if check.IfNil(args.KeyGenerator) {
 		return ErrNilKeyGenerator
@@ -78,14 +85,11 @@ func checkArgs(args ArgsSignatureHolder) error {
 
 // Create generates a signature holder component and initializes corresponding fields
 func (sh *signatureHolder) Create(pubKeys []string) (*signatureHolder, error) {
-	sh.mutSigningData.RLock()
-	privKey := sh.data.privKey
-	sh.mutSigningData.RUnlock()
-
 	args := ArgsSignatureHolder{
 		PubKeys:              pubKeys,
-		PrivKeyBytes:         privKey,
+		KeysHandler:          sh.keysHandler,
 		MultiSignerContainer: sh.multiSignerContainer,
+		SingleSigner:         sh.singleSigner,
 		KeyGenerator:         sh.keyGen,
 	}
 	return NewSignatureHolder(args)
@@ -107,11 +111,8 @@ func (sh *signatureHolder) Reset(pubKeys []string) error {
 	sh.mutSigningData.Lock()
 	defer sh.mutSigningData.Unlock()
 
-	privKey := sh.data.privKey
-
 	data := &signatureHolderData{
 		pubKeys:   pubKeysBytes,
-		privKey:   privKey,
 		sigShares: sigShares,
 	}
 
@@ -120,21 +121,19 @@ func (sh *signatureHolder) Reset(pubKeys []string) error {
 	return nil
 }
 
-// CreateSignatureShare returns a signature over a message
-func (sh *signatureHolder) CreateSignatureShare(message []byte, selfIndex uint16, epoch uint32) ([]byte, error) {
-	sh.mutSigningData.RLock()
-	privateKeyBytes := sh.data.privKey
-	sh.mutSigningData.RUnlock()
-
-	return sh.CreateSignatureShareWithPrivateKey(message, selfIndex, epoch, privateKeyBytes)
-}
-
-// CreateSignatureShareWithPrivateKey returns a signature over a message providing the private key bytes
-func (sh *signatureHolder) CreateSignatureShareWithPrivateKey(message []byte, index uint16, epoch uint32, privateKeyBytes []byte) ([]byte, error) {
+// CreateSignatureShareForPublicKey returns a signature over a message using the managed private key that was selected based on the provided
+// publicKeyBytes argument
+func (sh *signatureHolder) CreateSignatureShareForPublicKey(message []byte, index uint16, epoch uint32, publicKeyBytes []byte) ([]byte, error) {
 	if message == nil {
 		return nil, ErrNilMessage
 	}
 
+	privateKey := sh.keysHandler.GetHandledPrivateKey(publicKeyBytes)
+	privateKeyBytes, err := privateKey.ToByteArray()
+	if err != nil {
+		return nil, err
+	}
+
 	sh.mutSigningData.Lock()
 	defer sh.mutSigningData.Unlock()
 
@@ -153,6 +152,14 @@ func (sh *signatureHolder) CreateSignatureShareWithPrivateKey(message []byte, in
 	return sigShareBytes, nil
 }
 
+// CreateSignatureForPublicKey returns a signature over a message using the managed private key that was selected based on the provided
+// publicKeyBytes argument
+func (sh *signatureHolder) CreateSignatureForPublicKey(message []byte, publicKeyBytes []byte) ([]byte, error) {
+	privateKey := sh.keysHandler.GetHandledPrivateKey(publicKeyBytes)
+
+	return sh.singleSigner.Sign(privateKey, message)
+}
+
 // VerifySignatureShare will verify the signature share based on the specified index
 func (sh *signatureHolder) VerifySignatureShare(index uint16, sig []byte, message []byte, epoch uint32) error {
 	if len(sig) == 0 {