From 3040e98d9fe8451ba2cc807cd2f2c61e1678748d Mon Sep 17 00:00:00 2001 From: benesjan Date: Tue, 21 May 2024 09:59:20 +0000 Subject: [PATCH] refactor:nuking KeyStore and KeyPair interfaces --- yarn-project/circuit-types/src/index.ts | 1 - yarn-project/circuit-types/src/keys/index.ts | 2 - .../circuit-types/src/keys/key_pair.ts | 20 --- .../circuit-types/src/keys/key_store.ts | 120 ------------------ yarn-project/key-store/src/index.ts | 2 +- ...st_key_store.test.ts => key_store.test.ts} | 8 +- .../src/{test_key_store.ts => key_store.ts} | 7 +- yarn-project/pxe/src/kernel_oracle/index.ts | 3 +- .../src/note_processor/note_processor.test.ts | 2 +- .../pxe/src/note_processor/note_processor.ts | 2 +- .../pxe/src/pxe_service/create_pxe_service.ts | 8 +- .../pxe/src/pxe_service/pxe_service.ts | 2 +- .../src/pxe_service/test/pxe_service.test.ts | 8 +- yarn-project/pxe/src/simulator/index.ts | 3 +- .../pxe/src/simulator_oracle/index.ts | 2 +- .../pxe/src/synchronizer/synchronizer.test.ts | 4 +- .../pxe/src/synchronizer/synchronizer.ts | 10 +- 17 files changed, 27 insertions(+), 177 deletions(-) delete mode 100644 yarn-project/circuit-types/src/keys/index.ts delete mode 100644 yarn-project/circuit-types/src/keys/key_pair.ts delete mode 100644 yarn-project/circuit-types/src/keys/key_store.ts rename yarn-project/key-store/src/{test_key_store.test.ts => key_store.test.ts} (97%) rename yarn-project/key-store/src/{test_key_store.ts => key_store.ts} (97%) diff --git a/yarn-project/circuit-types/src/index.ts b/yarn-project/circuit-types/src/index.ts index 67763d4d6d3..7a0b84d677c 100644 --- a/yarn-project/circuit-types/src/index.ts +++ b/yarn-project/circuit-types/src/index.ts @@ -1,5 +1,4 @@ export * from './function_call.js'; -export * from './keys/index.js'; export * from './notes/index.js'; export * from './messaging/index.js'; export * from './l2_block.js'; diff --git a/yarn-project/circuit-types/src/keys/index.ts b/yarn-project/circuit-types/src/keys/index.ts deleted file mode 100644 index f137b0d567a..00000000000 --- a/yarn-project/circuit-types/src/keys/index.ts +++ /dev/null @@ -1,2 +0,0 @@ -export * from './key_pair.js'; -export * from './key_store.js'; diff --git a/yarn-project/circuit-types/src/keys/key_pair.ts b/yarn-project/circuit-types/src/keys/key_pair.ts deleted file mode 100644 index 2f4c0c1e3d3..00000000000 --- a/yarn-project/circuit-types/src/keys/key_pair.ts +++ /dev/null @@ -1,20 +0,0 @@ -import { type GrumpkinPrivateKey, type PublicKey } from '@aztec/circuits.js'; - -/** - * Represents a cryptographic public-private key pair. - * Provides functionality to generate, access, and sign messages using the key pair. - */ -export interface KeyPair { - /** - * Retrieve the public key from the KeyPair instance. - * The returned public key is a PublicKey object which represents a point on an elliptic curve. - * @returns The public key as an elliptic curve point. - */ - getPublicKey(): PublicKey; - /** - * Retrieves the private key of the KeyPair instance. - * The function returns a Promise that resolves to a Buffer containing the private key. - * @returns A Promise that resolves to a Buffer containing the private key. - */ - getPrivateKey(): GrumpkinPrivateKey; -} diff --git a/yarn-project/circuit-types/src/keys/key_store.ts b/yarn-project/circuit-types/src/keys/key_store.ts deleted file mode 100644 index 62b5874c55b..00000000000 --- a/yarn-project/circuit-types/src/keys/key_store.ts +++ /dev/null @@ -1,120 +0,0 @@ -import { - type AztecAddress, - type CompleteAddress, - type Fq, - type Fr, - type GrumpkinPrivateKey, - type KeyGenerator, - type KeyValidationRequest, - type PartialAddress, - type PublicKey, -} from '@aztec/circuits.js'; - -/** - * Represents a secure storage for managing keys. - */ -export interface KeyStore { - /** - * Creates a new account from a randomly generated secret key. - * @returns A promise that resolves to the newly created account's CompleteAddress. - */ - createAccount(): Promise; - - /** - * Adds an account to the key store from the provided secret key. - * @param sk - The secret key of the account. - * @param partialAddress - The partial address of the account. - * @returns The account's complete address. - */ - addAccount(sk: Fr, partialAddress: PartialAddress): Promise; - - /** - * Retrieves addresses of accounts stored in the key store. - * @returns A Promise that resolves to an array of account addresses. - */ - getAccounts(): Promise; - - /** - * Gets the master incoming viewing public key for a given account. - * @throws If the account does not exist in the key store. - * @param account - The account address for which to retrieve the master incoming viewing public key. - * @returns The master incoming viewing public key for the account. - */ - getMasterIncomingViewingPublicKey(account: AztecAddress): Promise; - - /** - * Retrieves the master outgoing viewing key. - * @throws If the account does not exist in the key store. - * @param account - The account to retrieve the master outgoing viewing key for. - * @returns A Promise that resolves to the master outgoing viewing key. - */ - getMasterOutgoingViewingPublicKey(account: AztecAddress): Promise; - - /** - * Retrieves the master tagging key. - * @throws If the account does not exist in the key store. - * @param account - The account to retrieve the master tagging key for. - * @returns A Promise that resolves to the master tagging key. - */ - getMasterTaggingPublicKey(account: AztecAddress): Promise; - - /** - * Retrieves application incoming viewing secret key. - * @throws If the account does not exist in the key store. - * @param account - The account to retrieve the application incoming viewing secret key for. - * @param app - The application address to retrieve the incoming viewing secret key for. - * @returns A Promise that resolves to the application incoming viewing secret key. - */ - getAppIncomingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise; - - /** - * Retrieves application outgoing viewing secret key. - * @throws If the account does not exist in the key store. - * @param account - The account to retrieve the application outgoing viewing secret key for. - * @param app - The application address to retrieve the outgoing viewing secret key for. - * @returns A Promise that resolves to the application outgoing viewing secret key. - */ - getAppOutgoingViewingSecretKey(account: AztecAddress, app: AztecAddress): Promise; - - /** - * Retrieves the sk_m for the pk_m and a generator index of the key type. - * @throws If the provided public key is not associated with any of the registered accounts. - * @param masterPublicKey - The master public key to get secret key for. - * @returns A Promise that resolves to sk_m. - * @dev Used when feeding the sk_m to the kernel circuit for keys verification. - */ - getMasterSecretKeyAndAppKeyGenerator(masterPublicKey: PublicKey): Promise<[GrumpkinPrivateKey, KeyGenerator]>; - - /** - * Retrieves the master incoming viewing secret key (ivsk_m) corresponding to the specified master incoming viewing - * public key (Ivpk_m). - * @throws If the provided public key is not associated with any of the registered accounts. - * @param masterIncomingViewingPublicKey - The master nullifier public key to get secret key for. - * @returns A Promise that resolves to the master nullifier secret key. - * @dev Used when feeding the master nullifier secret key to the kernel circuit for nullifier keys verification. - */ - getMasterIncomingViewingSecretKeyForPublicKey(masterIncomingViewingPublicKey: PublicKey): Promise; - - /** - * Gets the key validation request for a given master public key hash and contract address. - * @throws If the account corresponding to the master public key hash does not exist in the key store. - * @param pkMHash - The master public key hash. - * @param contractAddress - The contract address to silo the secret key in the the key validation request with. - * @returns The key validation request. - */ - getKeyValidationRequest(pkMHash: Fr, contractAddress: AztecAddress): Promise; - - /** - * Rotates the master nullifier key for the specified account. - * - * @dev This function updates the secret and public keys associated with the account. - * It appends a new secret key to the existing secret keys, derives the - * corresponding public key, and updates the stored keys accordingly. - * - * @param account - The account address for which the master nullifier key is being rotated. - * @param newSecretKey - (Optional) A new secret key of type Fq. If not provided, a random key is generated. - * @throws If the account does not have existing nullifier secret keys or public keys. - * @returns A Promise that resolves when the key rotation is complete. - */ - rotateMasterNullifierKey(account: AztecAddress, secretKey: Fq): Promise; -} diff --git a/yarn-project/key-store/src/index.ts b/yarn-project/key-store/src/index.ts index e4ae5ce271c..7969b66bac4 100644 --- a/yarn-project/key-store/src/index.ts +++ b/yarn-project/key-store/src/index.ts @@ -1 +1 @@ -export * from './test_key_store.js'; +export * from './key_store.js'; diff --git a/yarn-project/key-store/src/test_key_store.test.ts b/yarn-project/key-store/src/key_store.test.ts similarity index 97% rename from yarn-project/key-store/src/test_key_store.test.ts rename to yarn-project/key-store/src/key_store.test.ts index 436b71771e5..319b6142f16 100644 --- a/yarn-project/key-store/src/test_key_store.test.ts +++ b/yarn-project/key-store/src/key_store.test.ts @@ -9,11 +9,11 @@ import { } from '@aztec/circuits.js'; import { openTmpStore } from '@aztec/kv-store/utils'; -import { TestKeyStore } from './test_key_store.js'; +import { KeyStore } from './key_store.js'; -describe('TestKeyStore', () => { +describe('KeyStore', () => { it('Adds account and returns keys', async () => { - const keyStore = new TestKeyStore(openTmpStore()); + const keyStore = new KeyStore(openTmpStore()); // Arbitrary fixed values const sk = new Fr(8923n); @@ -97,7 +97,7 @@ describe('TestKeyStore', () => { }); it('nullifier key rotation tests', async () => { - const keyStore = new TestKeyStore(openTmpStore()); + const keyStore = new KeyStore(openTmpStore()); // Arbitrary fixed values const sk = new Fr(8923n); diff --git a/yarn-project/key-store/src/test_key_store.ts b/yarn-project/key-store/src/key_store.ts similarity index 97% rename from yarn-project/key-store/src/test_key_store.ts rename to yarn-project/key-store/src/key_store.ts index 9877e8181cd..76aac6d9280 100644 --- a/yarn-project/key-store/src/test_key_store.ts +++ b/yarn-project/key-store/src/key_store.ts @@ -1,4 +1,4 @@ -import { type KeyStore, type PublicKey } from '@aztec/circuit-types'; +import { type PublicKey } from '@aztec/circuit-types'; import { AztecAddress, CompleteAddress, @@ -24,10 +24,9 @@ import { type Bufferable, serializeToBuffer } from '@aztec/foundation/serialize' import { type AztecKVStore, type AztecMap } from '@aztec/kv-store'; /** - * TestKeyStore is an implementation of the KeyStore interface, used for managing key pairs in a testing environment. - * It should be utilized in testing scenarios where secure key management is not required, and ease-of-use is prioritized. + * Used for managing keys. Can hold keys of multiple accounts and allows for key rotation. */ -export class TestKeyStore implements KeyStore { +export class KeyStore { #keys: AztecMap; constructor(database: AztecKVStore) { diff --git a/yarn-project/pxe/src/kernel_oracle/index.ts b/yarn-project/pxe/src/kernel_oracle/index.ts index 3a3d1010997..7fd428b2c65 100644 --- a/yarn-project/pxe/src/kernel_oracle/index.ts +++ b/yarn-project/pxe/src/kernel_oracle/index.ts @@ -1,4 +1,4 @@ -import { type AztecNode, type KeyStore } from '@aztec/circuit-types'; +import { type AztecNode } from '@aztec/circuit-types'; import { type AztecAddress, type Fr, @@ -13,6 +13,7 @@ import { } from '@aztec/circuits.js'; import { createDebugLogger } from '@aztec/foundation/log'; import { type Tuple } from '@aztec/foundation/serialize'; +import { type KeyStore } from '@aztec/key-store'; import { type ContractDataOracle } from '../contract_data_oracle/index.js'; import { type ProvingDataOracle } from './../kernel_prover/proving_data_oracle.js'; diff --git a/yarn-project/pxe/src/note_processor/note_processor.test.ts b/yarn-project/pxe/src/note_processor/note_processor.test.ts index e9c656c09d3..e0cb2339294 100644 --- a/yarn-project/pxe/src/note_processor/note_processor.test.ts +++ b/yarn-project/pxe/src/note_processor/note_processor.test.ts @@ -4,7 +4,6 @@ import { EncryptedL2BlockL2Logs, EncryptedL2Log, EncryptedTxL2Logs, - type KeyStore, type L1NotePayload, L2Block, TaggedNote, @@ -20,6 +19,7 @@ import { } from '@aztec/circuits.js'; import { pedersenHash } from '@aztec/foundation/crypto'; import { GrumpkinScalar, Point } from '@aztec/foundation/fields'; +import { type KeyStore } from '@aztec/key-store'; import { openTmpStore } from '@aztec/kv-store/utils'; import { type AcirSimulator } from '@aztec/simulator'; diff --git a/yarn-project/pxe/src/note_processor/note_processor.ts b/yarn-project/pxe/src/note_processor/note_processor.ts index f8b4c13b571..8f8fffeada1 100644 --- a/yarn-project/pxe/src/note_processor/note_processor.ts +++ b/yarn-project/pxe/src/note_processor/note_processor.ts @@ -1,7 +1,6 @@ import { type AztecNode, type EncryptedL2BlockL2Logs, - type KeyStore, L1NotePayload, type L2Block, TaggedNote, @@ -11,6 +10,7 @@ import { INITIAL_L2_BLOCK_NUM, MAX_NEW_NOTE_HASHES_PER_TX, type PublicKey } from import { type Fr } from '@aztec/foundation/fields'; import { createDebugLogger } from '@aztec/foundation/log'; import { Timer } from '@aztec/foundation/timer'; +import { type KeyStore } from '@aztec/key-store'; import { ContractNotFoundError } from '@aztec/simulator'; import { DeferredNoteDao } from '../database/deferred_note_dao.js'; diff --git a/yarn-project/pxe/src/pxe_service/create_pxe_service.ts b/yarn-project/pxe/src/pxe_service/create_pxe_service.ts index 2a33dd3dd66..41aaea2589a 100644 --- a/yarn-project/pxe/src/pxe_service/create_pxe_service.ts +++ b/yarn-project/pxe/src/pxe_service/create_pxe_service.ts @@ -2,7 +2,7 @@ import { BBNativeProofCreator } from '@aztec/bb-prover'; import { type AztecNode, type ProofCreator } from '@aztec/circuit-types'; import { randomBytes } from '@aztec/foundation/crypto'; import { createDebugLogger } from '@aztec/foundation/log'; -import { TestKeyStore } from '@aztec/key-store'; +import { KeyStore } from '@aztec/key-store'; import { AztecLmdbStore } from '@aztec/kv-store/lmdb'; import { initStoreForRollup } from '@aztec/kv-store/utils'; import { getCanonicalClassRegisterer } from '@aztec/protocol-contracts/class-registerer'; @@ -20,7 +20,7 @@ import { PXEService } from './pxe_service.js'; /** * Create and start an PXEService instance with the given AztecNode. - * If no keyStore or database is provided, it will use TestKeyStore and MemoryDB as default values. + * If no keyStore or database is provided, it will use KeyStore and MemoryDB as default values. * Returns a Promise that resolves to the started PXEService instance. * * @param aztecNode - The AztecNode instance to be used by the server. @@ -42,9 +42,7 @@ export async function createPXEService( const keyStorePath = config.dataDirectory ? join(config.dataDirectory, 'pxe_key_store') : undefined; const l1Contracts = await aztecNode.getL1ContractAddresses(); - const keyStore = new TestKeyStore( - await initStoreForRollup(AztecLmdbStore.open(keyStorePath), l1Contracts.rollupAddress), - ); + const keyStore = new KeyStore(await initStoreForRollup(AztecLmdbStore.open(keyStorePath), l1Contracts.rollupAddress)); const db = new KVPxeDatabase(await initStoreForRollup(AztecLmdbStore.open(pxeDbPath), l1Contracts.rollupAddress)); // (@PhilWindle) Temporary validation until WASM is implemented diff --git a/yarn-project/pxe/src/pxe_service/pxe_service.ts b/yarn-project/pxe/src/pxe_service/pxe_service.ts index c94dd96973a..e7139f5c86a 100644 --- a/yarn-project/pxe/src/pxe_service/pxe_service.ts +++ b/yarn-project/pxe/src/pxe_service/pxe_service.ts @@ -5,7 +5,6 @@ import { ExtendedNote, type FunctionCall, type GetUnencryptedLogsResponse, - type KeyStore, type L2Block, type LogFilter, MerkleTreeId, @@ -42,6 +41,7 @@ import { Fq, Fr } from '@aztec/foundation/fields'; import { SerialQueue } from '@aztec/foundation/fifo'; import { type DebugLogger, createDebugLogger } from '@aztec/foundation/log'; import { Timer } from '@aztec/foundation/timer'; +import { type KeyStore } from '@aztec/key-store'; import { type AcirSimulator, type ExecutionResult, diff --git a/yarn-project/pxe/src/pxe_service/test/pxe_service.test.ts b/yarn-project/pxe/src/pxe_service/test/pxe_service.test.ts index ba00fbefa1f..3728d8683d3 100644 --- a/yarn-project/pxe/src/pxe_service/test/pxe_service.test.ts +++ b/yarn-project/pxe/src/pxe_service/test/pxe_service.test.ts @@ -2,7 +2,7 @@ import { type AztecNode, type PXE, TxEffect, mockTx } from '@aztec/circuit-types import { INITIAL_L2_BLOCK_NUM } from '@aztec/circuits.js/constants'; import { type L1ContractAddresses } from '@aztec/ethereum'; import { EthAddress } from '@aztec/foundation/eth-address'; -import { TestKeyStore } from '@aztec/key-store'; +import { KeyStore } from '@aztec/key-store'; import { openTmpStore } from '@aztec/kv-store/utils'; import { type MockProxy, mock } from 'jest-mock-extended'; @@ -16,7 +16,7 @@ import { pxeTestSuite } from './pxe_test_suite.js'; function createPXEService(): Promise { const kvStore = openTmpStore(); - const keyStore = new TestKeyStore(kvStore); + const keyStore = new KeyStore(kvStore); const node = mock(); const db = new KVPxeDatabase(kvStore); const config: PXEServiceConfig = { l2BlockPollingIntervalMS: 100, l2StartingBlock: INITIAL_L2_BLOCK_NUM }; @@ -42,14 +42,14 @@ function createPXEService(): Promise { pxeTestSuite('PXEService', createPXEService); describe('PXEService', () => { - let keyStore: TestKeyStore; + let keyStore: KeyStore; let node: MockProxy; let db: PxeDatabase; let config: PXEServiceConfig; beforeEach(() => { const kvStore = openTmpStore(); - keyStore = new TestKeyStore(kvStore); + keyStore = new KeyStore(kvStore); node = mock(); db = new KVPxeDatabase(kvStore); config = { l2BlockPollingIntervalMS: 100, l2StartingBlock: INITIAL_L2_BLOCK_NUM, proverEnabled: false }; diff --git a/yarn-project/pxe/src/simulator/index.ts b/yarn-project/pxe/src/simulator/index.ts index e1a4c898578..0a4dc3abf73 100644 --- a/yarn-project/pxe/src/simulator/index.ts +++ b/yarn-project/pxe/src/simulator/index.ts @@ -1,4 +1,5 @@ -import { type AztecNode, type KeyStore } from '@aztec/circuit-types'; +import { type AztecNode } from '@aztec/circuit-types'; +import { type KeyStore } from '@aztec/key-store'; import { AcirSimulator } from '@aztec/simulator'; import { ContractDataOracle } from '../contract_data_oracle/index.js'; diff --git a/yarn-project/pxe/src/simulator_oracle/index.ts b/yarn-project/pxe/src/simulator_oracle/index.ts index 8e81ce7974a..738af3673eb 100644 --- a/yarn-project/pxe/src/simulator_oracle/index.ts +++ b/yarn-project/pxe/src/simulator_oracle/index.ts @@ -1,6 +1,5 @@ import { type AztecNode, - type KeyStore, type L2Block, MerkleTreeId, type NoteStatus, @@ -20,6 +19,7 @@ import { import { computeL1ToL2MessageNullifier } from '@aztec/circuits.js/hash'; import { type FunctionArtifact, getFunctionArtifact } from '@aztec/foundation/abi'; import { createDebugLogger } from '@aztec/foundation/log'; +import { type KeyStore } from '@aztec/key-store'; import { type DBOracle, MessageLoadOracleInputs } from '@aztec/simulator'; import { type ContractInstance } from '@aztec/types/contracts'; diff --git a/yarn-project/pxe/src/synchronizer/synchronizer.test.ts b/yarn-project/pxe/src/synchronizer/synchronizer.test.ts index 01b1fedb289..36c0590a51e 100644 --- a/yarn-project/pxe/src/synchronizer/synchronizer.test.ts +++ b/yarn-project/pxe/src/synchronizer/synchronizer.test.ts @@ -3,7 +3,7 @@ import { Fr, type Header, INITIAL_L2_BLOCK_NUM } from '@aztec/circuits.js'; import { makeHeader } from '@aztec/circuits.js/testing'; import { randomInt } from '@aztec/foundation/crypto'; import { SerialQueue } from '@aztec/foundation/fifo'; -import { TestKeyStore } from '@aztec/key-store'; +import { KeyStore } from '@aztec/key-store'; import { openTmpStore } from '@aztec/kv-store/utils'; import { type MockProxy, mock } from 'jest-mock-extended'; @@ -126,7 +126,7 @@ describe('Synchronizer', () => { expect(await synchronizer.isGlobalStateSynchronized()).toBe(true); // Manually adding account to database so that we can call synchronizer.isAccountStateSynchronized - const keyStore = new TestKeyStore(openTmpStore()); + const keyStore = new KeyStore(openTmpStore()); const addAddress = async (startingBlockNum: number) => { const secretKey = Fr.random(); const partialAddress = Fr.random(); diff --git a/yarn-project/pxe/src/synchronizer/synchronizer.ts b/yarn-project/pxe/src/synchronizer/synchronizer.ts index f85a7cf3a7d..8c5bd7588d9 100644 --- a/yarn-project/pxe/src/synchronizer/synchronizer.ts +++ b/yarn-project/pxe/src/synchronizer/synchronizer.ts @@ -1,16 +1,10 @@ -import { - type AztecNode, - type KeyStore, - type L2Block, - L2BlockL2Logs, - MerkleTreeId, - type TxHash, -} from '@aztec/circuit-types'; +import { type AztecNode, type L2Block, L2BlockL2Logs, MerkleTreeId, type TxHash } from '@aztec/circuit-types'; import { type NoteProcessorCaughtUpStats } from '@aztec/circuit-types/stats'; import { type AztecAddress, type Fr, INITIAL_L2_BLOCK_NUM, type PublicKey } from '@aztec/circuits.js'; import { type SerialQueue } from '@aztec/foundation/fifo'; import { type DebugLogger, createDebugLogger } from '@aztec/foundation/log'; import { RunningPromise } from '@aztec/foundation/running-promise'; +import { type KeyStore } from '@aztec/key-store'; import { type DeferredNoteDao } from '../database/deferred_note_dao.js'; import { type PxeDatabase } from '../database/index.js';