chore(crypto): CRP-2005 and CRP-1694: remove `ThresholdSignatureCspCl…

…ient::threshold_keygen` and `ThresholdSignatureCspVault::threshold_keygen_for_test`

rs/crypto/internal/crypto_service_provider/src/api/threshold.rs

@@ -2,10 +2,6 @@
 
 use crate::api::CspThresholdSignError;
 use crate::types::{CspPublicCoefficients, CspSecretKeyConversionError, CspSignature};
-
-#[cfg(test)]
-use crate::KeyId;
-
 use ic_crypto_internal_threshold_sig_bls12381::api::ni_dkg_errors;
 use ic_crypto_internal_types::sign::threshold_sig::ni_dkg::{
     CspFsEncryptionPop, CspFsEncryptionPublicKey, CspNiDkgDealing, CspNiDkgTranscript, Epoch,
@@ -39,39 +35,6 @@ pub mod threshold_sign_error;
 /// intentionally made non-static (i.e., they take a `&self` parameter) so that
 /// mocking of this trait (for testing purposes) is possible.
 pub trait ThresholdSignatureCspClient {
-    /// Generates threshold keys.
-    ///
-    /// This interface is primarily of interest for testing and demos.
-    ///
-    /// # Arguments
-    /// * `algorithm_id` indicates the algorithms to be used in the key
-    ///   generation.
-    /// * `threshold` is the minimum number of signatures that can be combined
-    ///   to make a valid threshold signature.
-    /// * `receivers` is the number of receivers who receive a share
-    /// # Returns
-    /// * `CspPublicCoefficients` can be used by the caller to verify
-    ///   signatures.
-    /// * `Vec<KeyId>` contains key identifiers.  The vector has the
-    ///   same length as `receivers`.
-    /// # Panics
-    /// * An implementation MAY panic if it is unable to access the secret key
-    ///   store to save keys or if it cannot access a suitable random number
-    ///   generator.
-    /// # Errors
-    /// * If `threshold > receivers` then it is impossible for
-    ///   the signatories to create a valid combined signature, so
-    ///   implementations MUST return an error.
-    /// * An implementation MAY return an error if it is temporarily unable to
-    ///   generate and store keys.
-    #[cfg(test)]
-    fn threshold_keygen(
-        &self,
-        algorithm_id: AlgorithmId,
-        threshold: NumberOfNodes,
-        receivers: NumberOfNodes,
-    ) -> CryptoResult<(CspPublicCoefficients, Vec<KeyId>)>;
-
     /// Signs with a threshold key
     fn threshold_sign(
         &self,

rs/crypto/internal/crypto_service_provider/src/threshold/mod.rs

@@ -20,18 +20,6 @@ pub mod ni_dkg;
 mod tests;
 
 impl ThresholdSignatureCspClient for Csp {
-    #[cfg(test)]
-    fn threshold_keygen(
-        &self,
-        algorithm_id: AlgorithmId,
-        threshold: ic_types::NumberOfNodes,
-        receivers: ic_types::NumberOfNodes,
-    ) -> CryptoResult<(CspPublicCoefficients, Vec<KeyId>)> {
-        self.csp_vault
-            .threshold_keygen_for_test(algorithm_id, threshold, receivers)
-            .map_err(CryptoError::from)
-    }
-
     fn threshold_sign(
         &self,
         algorithm_id: AlgorithmId,

rs/crypto/internal/crypto_service_provider/src/threshold/tests.rs

@@ -248,11 +248,15 @@ pub mod util {
         let threshold = NumberOfNodes::from(rng.gen_range(0..10));
         let number_of_signers = NumberOfNodes::from(rng.gen_range(0..10));
 
-        let csp = Csp::builder()
-            .with_vault(LocalCspVault::builder().with_rng(rng).build())
-            .build();
+        let vault = LocalCspVault::builder().with_rng(rng).build();
+        let threshold_keygen = vault.threshold_keygen_for_test(
+            AlgorithmId::ThresBls12_381,
+            threshold,
+            number_of_signers,
+        );
+        let csp = Csp::builder().with_vault(vault).build();
 
-        match csp.threshold_keygen(AlgorithmId::ThresBls12_381, threshold, number_of_signers) {
+        match threshold_keygen {
             Ok((public_coefficients, key_ids)) => {
                 assert!(
                     number_of_signers >= threshold,

rs/crypto/internal/crypto_service_provider/src/vault/api.rs

@@ -1,6 +1,5 @@
 use crate::api::{CspCreateMEGaKeyError, CspThresholdSignError};
 use crate::key_id::{KeyId, KeyIdInstantiationError};
-use crate::types::CspPublicCoefficients;
 use crate::types::{CspPop, CspPublicKey, CspSignature};
 use crate::ExternalPublicKeys;
 use ic_crypto_internal_logmon::metrics::KeyCounts;
@@ -498,38 +497,6 @@ pub trait MultiSignatureCspVault {
 /// Operations of `CspVault` related to threshold signatures
 /// (cf. `ThresholdSignatureCspClient`).
 pub trait ThresholdSignatureCspVault {
-    /// Generates threshold keys.
-    ///
-    /// This interface is primarily of interest for testing and demos.
-    ///
-    /// # Arguments
-    /// * `algorithm_id` indicates the algorithms to be used in the key
-    ///   generation.
-    /// * `threshold` is the minimum number of signatures that can be combined
-    ///   to make a valid threshold signature.
-    /// * `receivers` is the total number of receivers
-    /// # Returns
-    /// * `CspPublicCoefficients` can be used by the caller to verify
-    ///   signatures.
-    /// * `Vec<KeyId>` contains key identifiers.  The vector has the
-    ///   same length as the number of `receivers`.
-    /// # Panics
-    /// * An implementation MAY panic if it is unable to access the secret key
-    ///   store to save keys or if it cannot access a suitable random number
-    ///   generator.
-    /// # Errors
-    /// * If `threshold > receivers` then it is impossible for
-    ///   the signatories to create a valid combined signature, so
-    ///   implementations MUST return an error.
-    /// * An implementation MAY return an error if it is temporarily unable to
-    ///   generate and store keys.
-    fn threshold_keygen_for_test(
-        &self,
-        algorithm_id: AlgorithmId,
-        threshold: NumberOfNodes,
-        receivers: NumberOfNodes,
-    ) -> Result<(CspPublicCoefficients, Vec<KeyId>), CspThresholdSignatureKeygenError>;
-
     /// Signs the given message using the specified algorithm and key ID.
     ///
     /// # Arguments

rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/basic_sig/tests.rs

@@ -255,8 +255,6 @@ fn should_fail_to_sign_with_non_existent_key() {
 
 #[test]
 fn should_fail_to_sign_if_secret_key_in_store_has_wrong_type() {
-    use crate::vault::api::ThresholdSignatureCspVault;
-
     let csp_vault = LocalCspVault::builder().build();
 
     let threshold = NumberOfNodes::from(1);

rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/threshold_sig/mod.rs

@@ -56,13 +56,37 @@ impl From<CspThresholdSignatureKeygenError> for CryptoError {
 }
 
 impl<R: Rng + CryptoRng, S: SecretKeyStore, C: SecretKeyStore, P: PublicKeyStore>
-    ThresholdSignatureCspVault for LocalCspVault<R, S, C, P>
+    LocalCspVault<R, S, C, P>
 {
-    /// See the trait for documentation.
+    /// Generates threshold keys.
+    ///
+    /// This interface is primarily of interest for testing and demos.
+    ///
+    /// # Arguments
+    /// * `algorithm_id` indicates the algorithms to be used in the key
+    ///   generation.
+    /// * `threshold` is the minimum number of signatures that can be combined
+    ///   to make a valid threshold signature.
+    /// * `receivers` is the total number of receivers
+    /// # Returns
+    /// * `CspPublicCoefficients` can be used by the caller to verify
+    ///   signatures.
+    /// * `Vec<KeyId>` contains key identifiers.  The vector has the
+    ///   same length as the number of `receivers`.
+    /// # Panics
+    /// * An implementation MAY panic if it is unable to access the secret key
+    ///   store to save keys or if it cannot access a suitable random number
+    ///   generator.
+    /// # Errors
+    /// * If `threshold > receivers` then it is impossible for
+    ///   the signatories to create a valid combined signature, so
+    ///   implementations MUST return an error.
+    /// * An implementation MAY return an error if it is temporarily unable to
+    ///   generate and store keys.
     ///
     /// Warning: The secret key store has no transactions, so in the event of
     /// a failure it is possible that some but not all keys are written.
-    fn threshold_keygen_for_test(
+    pub fn threshold_keygen_for_test(
         &self,
         algorithm_id: AlgorithmId,
         threshold: ic_types::NumberOfNodes,
@@ -92,7 +116,11 @@ impl<R: Rng + CryptoRng, S: SecretKeyStore, C: SecretKeyStore, P: PublicKeyStore
             }),
         }
     }
+}
 
+impl<R: Rng + CryptoRng, S: SecretKeyStore, C: SecretKeyStore, P: PublicKeyStore>
+    ThresholdSignatureCspVault for LocalCspVault<R, S, C, P>
+{
     fn threshold_sign(
         &self,
         algorithm_id: AlgorithmId,

rs/crypto/internal/crypto_service_provider/src/vault/local_csp_vault/threshold_sig/tests.rs

@@ -1,14 +1,12 @@
 #![allow(clippy::unwrap_used)]
 //! Tests for threshold signature implementations
 
-use crate::vault::api::CspVault;
 use crate::vault::local_csp_vault::LocalCspVault;
 use crate::vault::test_utils;
 use ic_crypto_internal_seed::Seed;
 use proptest::prelude::*;
 use rand::{Rng, SeedableRng};
 use rand_chacha::ChaChaRng;
-use std::sync::Arc;
 
 // Slow tests
 proptest! {
@@ -20,9 +18,9 @@ proptest! {
     #[test]
     fn test_threshold_scheme_with_basic_keygen(seed: [u8;32], message in proptest::collection::vec(any::<u8>(), 0..100)) {
         let mut rng = ChaChaRng::from_seed(seed);
-        let csp_vault : Arc<dyn CspVault> = {
+        let csp_vault  = {
             let csprng = ChaChaRng::from_seed(rng.gen::<[u8; 32]>());
-            LocalCspVault::builder().with_rng(csprng) .build_into_arc()
+            LocalCspVault::builder().with_rng(csprng).build_into_arc()
         };
         test_utils::threshold_sig::test_threshold_scheme_with_basic_keygen(Seed::from_rng(&mut rng), csp_vault, &message);
     }

rs/crypto/internal/crypto_service_provider/src/vault/remote_csp_vault/codec.rs

@@ -139,7 +139,6 @@ enum CspVaultMethod {
     MultiSign,
     GenCommitteeSigningKeyPair,
     ThresholdSign,
-    ThresholdKeygenForTest,
     GenDealingEncryptionKeyPair,
     UpdateForwardSecureEpoch,
     CreateDealing,
@@ -177,10 +176,6 @@ impl CspVaultMethod {
                 "gen_committee_signing_key_pair",
             ),
             CspVaultMethod::ThresholdSign => (MetricsDomain::ThresholdSignature, "threshold_sign"),
-            CspVaultMethod::ThresholdKeygenForTest => (
-                MetricsDomain::ThresholdSignature,
-                "threshold_keygen_for_test",
-            ),
             CspVaultMethod::GenDealingEncryptionKeyPair => (
                 MetricsDomain::NiDkgAlgorithm,
                 "gen_dealing_encryption_key_pair",
@@ -250,7 +245,6 @@ impl From<&TarpcCspVaultRequest> for CspVaultMethod {
             Req::MultiSign { .. } => Method::MultiSign,
             Req::GenCommitteeSigningKeyPair { .. } => Method::GenCommitteeSigningKeyPair,
             Req::ThresholdSign { .. } => Method::ThresholdSign,
-            Req::ThresholdKeygenForTest { .. } => Method::ThresholdKeygenForTest,
             Req::GenDealingEncryptionKeyPair { .. } => Method::GenDealingEncryptionKeyPair,
             Req::UpdateForwardSecureEpoch { .. } => Method::UpdateForwardSecureEpoch,
             Req::CreateDealing { .. } => Method::CreateDealing,
@@ -289,7 +283,6 @@ impl From<&TarpcCspVaultResponse> for CspVaultMethod {
             Resp::MultiSign { .. } => Method::MultiSign,
             Resp::GenCommitteeSigningKeyPair { .. } => Method::GenCommitteeSigningKeyPair,
             Resp::ThresholdSign { .. } => Method::ThresholdSign,
-            Resp::ThresholdKeygenForTest { .. } => Method::ThresholdKeygenForTest,
             Resp::GenDealingEncryptionKeyPair { .. } => Method::GenDealingEncryptionKeyPair,
             Resp::UpdateForwardSecureEpoch { .. } => Method::UpdateForwardSecureEpoch,
             Resp::CreateDealing { .. } => Method::CreateDealing,

rs/crypto/internal/crypto_service_provider/src/vault/remote_csp_vault/mod.rs

@@ -1,10 +1,9 @@
 use crate::api::{CspCreateMEGaKeyError, CspThresholdSignError};
-use crate::types::{CspPop, CspPublicCoefficients, CspPublicKey, CspSignature};
+use crate::types::{CspPop, CspPublicKey, CspSignature};
 use crate::vault::api::{
     CspBasicSignatureError, CspBasicSignatureKeygenError, CspMultiSignatureError,
     CspMultiSignatureKeygenError, CspPublicKeyStoreError, CspSecretKeyStoreContainsError,
-    CspThresholdSignatureKeygenError, CspTlsKeygenError, CspTlsSignError, PksAndSksContainsErrors,
-    ValidatePksAndSksError,
+    CspTlsKeygenError, CspTlsSignError, PksAndSksContainsErrors, ValidatePksAndSksError,
 };
 use ic_crypto_internal_seed::Seed;
 use ic_crypto_internal_threshold_sig_bls12381::api::ni_dkg_errors;
@@ -87,13 +86,6 @@ pub trait TarpcCspVault {
         key_id: KeyId,
     ) -> Result<CspSignature, CspThresholdSignError>;
 
-    // Corresponds to `ThresholdSignatureCspVault.threshold_keygen_for_test()`.
-    async fn threshold_keygen_for_test(
-        algorithm_id: AlgorithmId,
-        threshold: NumberOfNodes,
-        receivers: NumberOfNodes,
-    ) -> Result<(CspPublicCoefficients, Vec<KeyId>), CspThresholdSignatureKeygenError>;
-
     // Corresponds to `NiDkgCspVault.gen_dealing_encryption_key_pair()`.
     async fn gen_dealing_encryption_key_pair(
         node_id: NodeId,

rs/crypto/internal/crypto_service_provider/src/vault/remote_csp_vault/tarpc_csp_vault_client.rs

@@ -1,14 +1,14 @@
 use crate::api::{CspCreateMEGaKeyError, CspThresholdSignError};
 use crate::key_id::KeyId;
-use crate::types::{CspPop, CspPublicCoefficients, CspPublicKey, CspSignature};
+use crate::types::{CspPop, CspPublicKey, CspSignature};
 use crate::vault::api::{
     BasicSignatureCspVault, CspBasicSignatureError, CspBasicSignatureKeygenError,
     CspMultiSignatureError, CspMultiSignatureKeygenError, CspPublicKeyStoreError,
-    CspSecretKeyStoreContainsError, CspThresholdSignatureKeygenError, CspTlsKeygenError,
-    CspTlsSignError, IDkgProtocolCspVault, MultiSignatureCspVault, NiDkgCspVault,
-    PksAndSksContainsErrors, PublicAndSecretKeyStoreCspVault, PublicKeyStoreCspVault,
-    PublicRandomSeedGenerator, PublicRandomSeedGeneratorError, SecretKeyStoreCspVault,
-    ThresholdEcdsaSignerCspVault, ThresholdSignatureCspVault, ValidatePksAndSksError,
+    CspSecretKeyStoreContainsError, CspTlsKeygenError, CspTlsSignError, IDkgProtocolCspVault,
+    MultiSignatureCspVault, NiDkgCspVault, PksAndSksContainsErrors,
+    PublicAndSecretKeyStoreCspVault, PublicKeyStoreCspVault, PublicRandomSeedGenerator,
+    PublicRandomSeedGeneratorError, SecretKeyStoreCspVault, ThresholdEcdsaSignerCspVault,
+    ThresholdSignatureCspVault, ValidatePksAndSksError,
 };
 use crate::vault::remote_csp_vault::codec::{CspVaultClientObserver, ObservableCodec};
 use crate::vault::remote_csp_vault::{
@@ -302,25 +302,6 @@ impl MultiSignatureCspVault for RemoteCspVault {
 }
 
 impl ThresholdSignatureCspVault for RemoteCspVault {
-    fn threshold_keygen_for_test(
-        &self,
-        algorithm_id: AlgorithmId,
-        threshold: NumberOfNodes,
-        receivers: NumberOfNodes,
-    ) -> Result<(CspPublicCoefficients, Vec<KeyId>), CspThresholdSignatureKeygenError> {
-        self.tokio_block_on(self.tarpc_csp_client.threshold_keygen_for_test(
-            context_with_timeout(self.rpc_timeout),
-            algorithm_id,
-            threshold,
-            receivers,
-        ))
-        .unwrap_or_else(|rpc_error: tarpc::client::RpcError| {
-            Err(CspThresholdSignatureKeygenError::InternalError {
-                internal_error: rpc_error.to_string(),
-            })
-        })
-    }
-
     fn threshold_sign(
         &self,
         algorithm_id: AlgorithmId,

rs/crypto/internal/crypto_service_provider/src/vault/remote_csp_vault/tarpc_csp_vault_server.rs

@@ -1,10 +1,10 @@
 use crate::api::{CspCreateMEGaKeyError, CspThresholdSignError};
 use crate::key_id::KeyId;
-use crate::types::{CspPop, CspPublicCoefficients, CspPublicKey, CspSignature};
+use crate::types::{CspPop, CspPublicKey, CspSignature};
 use crate::vault::api::{
     CspBasicSignatureError, CspBasicSignatureKeygenError, CspMultiSignatureError,
-    CspMultiSignatureKeygenError, CspSecretKeyStoreContainsError, CspThresholdSignatureKeygenError,
-    CspTlsKeygenError, CspTlsSignError, PublicRandomSeedGeneratorError, ValidatePksAndSksError,
+    CspMultiSignatureKeygenError, CspSecretKeyStoreContainsError, CspTlsKeygenError,
+    CspTlsSignError, PublicRandomSeedGeneratorError, ValidatePksAndSksError,
 };
 use crate::vault::api::{CspPublicKeyStoreError, CspVault};
 use crate::vault::local_csp_vault::{LocalCspVault, ProdLocalCspVault};
@@ -163,18 +163,6 @@ impl<C: CspVault + 'static> TarpcCspVault for TarpcCspVaultServerWorker<C> {
         execute_on_thread_pool(self.thread_pool_handle, job).await
     }
 
-    async fn threshold_keygen_for_test(
-        self,
-        _: context::Context,
-        algorithm_id: AlgorithmId,
-        threshold: NumberOfNodes,
-        receivers: NumberOfNodes,
-    ) -> Result<(CspPublicCoefficients, Vec<KeyId>), CspThresholdSignatureKeygenError> {
-        let vault = self.local_csp_vault;
-        let job = move || vault.threshold_keygen_for_test(algorithm_id, threshold, receivers);
-        execute_on_thread_pool(self.thread_pool_handle, job).await
-    }
-
     // `NiDkgCspVault`-methods.
     async fn gen_dealing_encryption_key_pair(
         self,