Skip to content

Js/tdammers/kes agent conectivity #1487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Js/tdammers/kes agent conectivity #1487

wants to merge 7 commits into from

Conversation

jasagredo
Copy link
Contributor

@jasagredo jasagredo commented Apr 30, 2025
edited
Loading

This changes Consensus such that mlocked KES keys are used internally.

This is important groundwork for supporting KES agents in the future. In this form, the code will still load KES keys from disk, which is unsound, but the internal machinery is ready to also accept KES keys from other sources, and once loaded, KES keys will be handled appropriately (kept in mlocked RAM at all times, securely erased when expired).

This also involves a restructuring of the HotKey data structure, which now manages not only a KES SignKey, but also the corresponding OpCert. This is necessary for two reasons:

  • With a KES agent, the OpCert will be provided along with the SignKey; this is the easiest way to make sure that the OpCert always matches the SignKey it is used with
  • With the new structure, KES keys can be replaced in a live node kernel, without having to restart it and reload the entire configuration. Because of this, the HotKey, which manages the dynamic part of the node kernel's signing mechanism, needs to be able to replace not just the SignKey (which it already did, in order to handle key evolution), but also the OpCert (which will not change when a SignKey evolves, but it will change when a new SignKey is provided).

Supersedes #1284.

Issue #558.

This adds KES Agent connectivity to consensus.

To use a KES Agent to source KES SignKeys and OpCerts, the praosCredentialsSource in the PraosCanBeLeader data structure can now be pointed to a domain socket address where it will look for a KES Agent.

Also covers #1077.

jasagredo
jasagredo commented Apr 30, 2025
View reviewed changes
ouroboros-consensus-cardano/src/shelley/Ouroboros/Consensus/Shelley/Node/TPraos.hs
Comment on lines +175 to +177
, SerDoc.HasInfo (Agent.DirectCodec m) (KES.VerKeyKES (KES c))
, SerDoc.HasInfo (Agent.DirectCodec m) (KES.SignKeyKES (KES c))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this doc stuff needed at all?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SerDoc is a library for semi-automatically generating serialization documentation from types; this can then be used to generate documentation for typed-protocols. In a perfect world, we wouldn't need this here, but the KES agent protocols (or at least, some of them) are generic in the crypto, and if we want to be able to generate protocol documentation for those, we need to demand those SerDoc classes on them. This constraint then propagates up to the KES Agent API, and anything that uses it.
If this is a major complaint, I can restructure the code such that the protocols are no longer parametrized over the crypto, but always use the StandardCrypto. This would make it impossible to test the KES agent protocols against MockCrypto, but I don't think that would be a major concern to be honest.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My concern here is that we don't use SerDoc anywhere else, so even if it is a nice feature we might not leverage it in the end. Shouldn't some documentation be generated somewhere making use of this feature? Or couldn't this be attached to the kes-agent executable instead of to the library and used there to generate whatever docs you want, leaving Consensus free of these constraints?

@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from a10939e to 1cf35e6 Compare April 30, 2025 10:46
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from ceb0550 to 4ca03a3 Compare April 30, 2025 11:11
@jasagredo jasagredo linked an issue Apr 30, 2025 that may be closed by this pull request
Adapt KES usage to new, non-pure, interface #558
Open
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from 108bfcb to 833650d Compare May 5, 2025 12:23
@jasagredo jasagredo force-pushed the js/tdammers/kes-agent-conectivity branch from 833650d to 4828699 Compare May 5, 2025 12:24
@jasagredo jasagredo marked this pull request as ready for review May 5, 2025 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tdammers tdammers tdammers left review comments

@nfrisby nfrisby Awaiting requested review from nfrisby nfrisby is a code owner

@amesgen amesgen Awaiting requested review from amesgen amesgen is a code owner

@fraser-iohk fraser-iohk Awaiting requested review from fraser-iohk fraser-iohk is a code owner

@dnadales dnadales Awaiting requested review from dnadales dnadales is a code owner

@geo2a geo2a Awaiting requested review from geo2a geo2a is a code owner

@jorisdral jorisdral Awaiting requested review from jorisdral jorisdral is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adapt KES usage to new, non-pure, interface
3 participants
@jasagredo @tdammers @lehins