diff --git a/.changelog/5570.feature.md b/.changelog/5570.feature.md new file mode 100644 index 00000000000..c7718e7c0d5 --- /dev/null +++ b/.changelog/5570.feature.md @@ -0,0 +1 @@ +go/keymanager/churp: Add a flag which enables the extension diff --git a/go/consensus/cometbft/apps/keymanager/churp/ext.go b/go/consensus/cometbft/apps/keymanager/churp/ext.go index 4e7796e3aeb..7865ab6f2fa 100644 --- a/go/consensus/cometbft/apps/keymanager/churp/ext.go +++ b/go/consensus/cometbft/apps/keymanager/churp/ext.go @@ -9,6 +9,7 @@ import ( "github.com/oasisprotocol/oasis-core/go/consensus/api" "github.com/oasisprotocol/oasis-core/go/consensus/api/transaction" tmapi "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/api" + registryState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/registry/state" genesis "github.com/oasisprotocol/oasis-core/go/genesis/api" "github.com/oasisprotocol/oasis-core/go/keymanager/churp" ) @@ -40,6 +41,10 @@ func (ext *churpExt) OnRegister(state tmapi.ApplicationState, _ tmapi.MessageDis // ExecuteTx implements api.Extension. func (ext *churpExt) ExecuteTx(ctx *tmapi.Context, tx *transaction.Transaction) error { + if enabled, err := ext.enabled(ctx); err != nil || !enabled { + return fmt.Errorf("keymanager: invalid method: %s", tx.Method) + } + switch tx.Method { case churp.MethodCreate: var cfg churp.CreateRequest @@ -66,6 +71,10 @@ func (ext *churpExt) ExecuteTx(ctx *tmapi.Context, tx *transaction.Transaction) // BeginBlock implements api.Extension. func (ext *churpExt) BeginBlock(ctx *tmapi.Context) error { + if enabled, err := ext.enabled(ctx); err != nil || !enabled { + return nil + } + changed, epoch := ext.state.EpochChanged(ctx) if !changed { return nil @@ -79,6 +88,16 @@ func (*churpExt) EndBlock(*tmapi.Context) error { return nil } +// InitChain implements api.Extension. func (ext *churpExt) InitChain(*tmapi.Context, types.RequestInitChain, *genesis.Document) error { return nil } + +func (*churpExt) enabled(ctx *tmapi.Context) (bool, error) { + regState := registryState.NewMutableState(ctx.State()) + regParams, err := regState.ConsensusParameters(ctx) + if err != nil { + return false, fmt.Errorf("failed to load registry consensus parameters: %w", err) + } + return regParams.EnableKeyManagerCHURP, nil +} diff --git a/go/consensus/cometbft/apps/keymanager/keymanager.go b/go/consensus/cometbft/apps/keymanager/keymanager.go index 8a2f4063a33..0507bbadc4d 100644 --- a/go/consensus/cometbft/apps/keymanager/keymanager.go +++ b/go/consensus/cometbft/apps/keymanager/keymanager.go @@ -7,6 +7,7 @@ import ( "github.com/oasisprotocol/oasis-core/go/consensus/api/transaction" tmapi "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/api" + "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/churp" "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/secrets" registryapp "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/registry" registryState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/registry/state" @@ -179,6 +180,7 @@ func New() tmapi.Application { } app.registerExtensions(secrets.New(app.Name())) + app.registerExtensions(churp.New(app.Name())) return &app } diff --git a/go/oasis-node/cmd/genesis/genesis.go b/go/oasis-node/cmd/genesis/genesis.go index 840e29bc368..cf6ba4846a5 100644 --- a/go/oasis-node/cmd/genesis/genesis.go +++ b/go/oasis-node/cmd/genesis/genesis.go @@ -61,6 +61,7 @@ const ( CfgRegistryDebugAllowTestRuntimes = "registry.debug.allow_test_runtimes" cfgRegistryDebugBypassStake = "registry.debug.bypass_stake" // nolint: gosec CfgRegistryEnableRuntimeGovernanceModels = "registry.enable_runtime_governance_models" + CfgRegistryEnableKeyManagerCHURP = "registry.enable_key_manager_churp" CfgRegistryTEEFeaturesSGXPCS = "registry.tee_features.sgx.pcs" CfgRegistryTEEFeaturesSGXSignedAttestations = "registry.tee_features.sgx.signed_attestations" CfgRegistryTEEFeaturesSGXDefaultMaxAttestationAge = "registry.tee_features.sgx.default_max_attestation_age" @@ -376,6 +377,10 @@ func AppendRegistryState(doc *genesis.Document, entities, runtimes, nodes []stri regSt.Parameters.EnableRuntimeGovernanceModels[gm] = true } + if viper.GetBool(CfgRegistryEnableKeyManagerCHURP) { + regSt.Parameters.EnableKeyManagerCHURP = true + } + entMap := make(map[signature.PublicKey]bool) appendToEntities := func(signedEntity *entity.SignedEntity, ent *entity.Entity) error { if entMap[ent.ID] { @@ -794,6 +799,7 @@ func init() { initGenesisFlags.Bool(CfgRegistryDebugAllowTestRuntimes, false, "enable test runtime registration") initGenesisFlags.Bool(cfgRegistryDebugBypassStake, false, "bypass all stake checks and operations (UNSAFE)") initGenesisFlags.StringSlice(CfgRegistryEnableRuntimeGovernanceModels, []string{"entity"}, "set of enabled runtime governance models") + initGenesisFlags.Bool(CfgRegistryEnableKeyManagerCHURP, false, "enable key manager CHURP extension") initGenesisFlags.Bool(CfgRegistryTEEFeaturesSGXPCS, true, "enable PCS support for SGX TEEs") initGenesisFlags.Bool(CfgRegistryTEEFeaturesSGXSignedAttestations, true, "enable SGX RAK-signed attestations") initGenesisFlags.Uint64(CfgRegistryTEEFeaturesSGXDefaultMaxAttestationAge, 1200, "default max attestation age (SGX RAK-signed attestations must be enabled") // ~2 hours at 6 sec per block. diff --git a/go/oasis-test-runner/oasis/network.go b/go/oasis-test-runner/oasis/network.go index fc813585a0d..1f33c2ca13d 100644 --- a/go/oasis-test-runner/oasis/network.go +++ b/go/oasis-test-runner/oasis/network.go @@ -778,6 +778,7 @@ func (net *Network) MakeGenesis() error { "--" + genesis.CfgConsensusBackend, net.cfg.Consensus.Backend, "--" + genesis.CfgConsensusTimeoutCommit, net.cfg.Consensus.Parameters.TimeoutCommit.String(), "--" + genesis.CfgRegistryEnableRuntimeGovernanceModels, "entity,runtime", + "--" + genesis.CfgRegistryEnableKeyManagerCHURP, "true", "--" + genesis.CfgRegistryDebugAllowUnroutableAddresses, "true", "--" + genesis.CfgRegistryDebugAllowTestRuntimes, "true", "--" + genesis.CfgSchedulerMaxValidatorsPerEntity, strconv.Itoa(len(net.Validators())), diff --git a/go/registry/api/api.go b/go/registry/api/api.go index 6d7e29fae0d..b1f17072a46 100644 --- a/go/registry/api/api.go +++ b/go/registry/api/api.go @@ -1403,6 +1403,9 @@ type ConsensusParameters struct { // disabled outside of the genesis block. DisableKeyManagerRuntimeRegistration bool `json:"disable_km_runtime_registration,omitempty"` + // EnableKeyManagerCHURP is true iff the CHURP extension for the key manager is enabled. + EnableKeyManagerCHURP bool `json:"enable_km_churp,omitempty"` + // GasCosts are the registry transaction gas costs. GasCosts transaction.Costs `json:"gas_costs,omitempty"`