consensus_config/
crypto.rs

1// Copyright (c) Mysten Labs, Inc.
2// SPDX-License-Identifier: Apache-2.0
3
4//! Here we select the cryptographic types that are used by default in the code base.
5//! The whole code base should only:
6//! - refer to those aliases and not use the individual scheme implementations
7//! - not use the schemes in a way that break genericity (e.g. using their Struct impl functions)
8//! - swap one of those aliases to point to another type if necessary
9//!
10//! Beware: if you change those aliases to point to another scheme implementation, you will have
11//! to change all four aliases to point to concrete types that work with each other. Failure to do
12//! so will result in a ton of compilation errors, and worse: it will not make sense!
13
14use fastcrypto::{
15    bls12381, ed25519,
16    error::FastCryptoError,
17    hash::{Blake2b256, HashFunction},
18    traits::{KeyPair as _, Signer as _, ToFromBytes as _, VerifyingKey as _},
19};
20use serde::{Deserialize, Serialize};
21use shared_crypto::intent::INTENT_PREFIX_LENGTH;
22
23/// Network key is used for TLS and as the network identity of the authority.
24#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
25pub struct NetworkPublicKey(ed25519::Ed25519PublicKey);
26pub struct NetworkPrivateKey(ed25519::Ed25519PrivateKey);
27pub struct NetworkKeyPair(ed25519::Ed25519KeyPair);
28
29impl NetworkPublicKey {
30    pub fn new(key: ed25519::Ed25519PublicKey) -> Self {
31        Self(key)
32    }
33
34    pub fn into_inner(self) -> ed25519::Ed25519PublicKey {
35        self.0
36    }
37
38    pub fn to_bytes(&self) -> [u8; 32] {
39        self.0.0.to_bytes()
40    }
41}
42
43impl NetworkPrivateKey {
44    pub fn into_inner(self) -> ed25519::Ed25519PrivateKey {
45        self.0
46    }
47}
48
49impl NetworkKeyPair {
50    pub fn new(keypair: ed25519::Ed25519KeyPair) -> Self {
51        Self(keypair)
52    }
53
54    pub fn generate<R: rand::Rng + fastcrypto::traits::AllowedRng>(rng: &mut R) -> Self {
55        Self(ed25519::Ed25519KeyPair::generate(rng))
56    }
57
58    pub fn public(&self) -> NetworkPublicKey {
59        NetworkPublicKey(self.0.public().clone())
60    }
61
62    pub fn private_key(self) -> NetworkPrivateKey {
63        NetworkPrivateKey(self.0.copy().private())
64    }
65
66    pub fn private_key_bytes(self) -> [u8; 32] {
67        self.0.private().0.to_bytes()
68    }
69}
70
71impl Clone for NetworkKeyPair {
72    fn clone(&self) -> Self {
73        Self(self.0.copy())
74    }
75}
76
77/// Protocol key is used for signing blocks and verifying block signatures.
78#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
79pub struct ProtocolPublicKey(ed25519::Ed25519PublicKey);
80pub struct ProtocolKeyPair(ed25519::Ed25519KeyPair);
81pub struct ProtocolKeySignature(ed25519::Ed25519Signature);
82
83impl ProtocolPublicKey {
84    pub fn new(key: ed25519::Ed25519PublicKey) -> Self {
85        Self(key)
86    }
87
88    pub fn verify(
89        &self,
90        message: &[u8],
91        signature: &ProtocolKeySignature,
92    ) -> Result<(), FastCryptoError> {
93        self.0.verify(message, &signature.0)
94    }
95
96    pub fn to_bytes(&self) -> &[u8] {
97        self.0.as_bytes()
98    }
99}
100
101impl ProtocolKeyPair {
102    pub fn new(keypair: ed25519::Ed25519KeyPair) -> Self {
103        Self(keypair)
104    }
105
106    pub fn generate<R: rand::Rng + fastcrypto::traits::AllowedRng>(rng: &mut R) -> Self {
107        Self(ed25519::Ed25519KeyPair::generate(rng))
108    }
109
110    pub fn public(&self) -> ProtocolPublicKey {
111        ProtocolPublicKey(self.0.public().clone())
112    }
113
114    pub fn sign(&self, message: &[u8]) -> ProtocolKeySignature {
115        ProtocolKeySignature(self.0.sign(message))
116    }
117}
118
119impl Clone for ProtocolKeyPair {
120    fn clone(&self) -> Self {
121        Self(self.0.copy())
122    }
123}
124
125impl ProtocolKeySignature {
126    pub fn from_bytes(bytes: &[u8]) -> Result<Self, FastCryptoError> {
127        Ok(Self(ed25519::Ed25519Signature::from_bytes(bytes)?))
128    }
129
130    pub fn to_bytes(&self) -> &[u8] {
131        self.0.as_bytes()
132    }
133}
134
135/// Authority key represents the identity of an authority. It is only used for identity sanity
136/// checks and not used for verification.
137#[derive(Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Serialize, Deserialize)]
138pub struct AuthorityPublicKey(bls12381::min_sig::BLS12381PublicKey);
139pub struct AuthorityKeyPair(bls12381::min_sig::BLS12381KeyPair);
140
141impl AuthorityPublicKey {
142    pub fn new(key: bls12381::min_sig::BLS12381PublicKey) -> Self {
143        Self(key)
144    }
145
146    pub fn inner(&self) -> &bls12381::min_sig::BLS12381PublicKey {
147        &self.0
148    }
149
150    pub fn to_bytes(&self) -> &[u8] {
151        self.0.as_bytes()
152    }
153}
154
155impl AuthorityKeyPair {
156    pub fn new(keypair: bls12381::min_sig::BLS12381KeyPair) -> Self {
157        Self(keypair)
158    }
159
160    pub fn generate<R: rand::Rng + fastcrypto::traits::AllowedRng>(rng: &mut R) -> Self {
161        Self(bls12381::min_sig::BLS12381KeyPair::generate(rng))
162    }
163
164    pub fn public(&self) -> AuthorityPublicKey {
165        AuthorityPublicKey(self.0.public().clone())
166    }
167}
168
169/// Defines algorithm and format of block and commit digests.
170pub type DefaultHashFunction = Blake2b256;
171pub const DIGEST_LENGTH: usize = DefaultHashFunction::OUTPUT_SIZE;
172pub const INTENT_MESSAGE_LENGTH: usize = INTENT_PREFIX_LENGTH + DIGEST_LENGTH;
consensus_config/crypto.rs

consensus_config/
crypto.rs
