mics: keygen + infra (#13)

- Most error types are never asserted, change to anyhow::Result accordingly.
- Use rust-toolchain "1.84.0"
- Add cli keygen
- Remove error types from energon, they are not finalized yet.

Author: version513

Diff for: Cargo.lock

@@ -33,6 +33,7 @@ rocksdb = { version = "0.23.0", optional = true, default-features = false, featu
     "lz4",
 ] }
 home = "0.5.11"
+anyhow = "1.0.95"
 
 [build-dependencies]
 tonic-build = "0.12.3"

Diff for: Cargo.toml

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "1.84.0"

Diff for: rust-toolchain.toml

@@ -1,12 +1,34 @@
+use crate::core::beacon;
+use crate::key::keys::Pair;
+use crate::key::store::FileStore;
+use crate::key::Scheme;
+use crate::net::control;
+use crate::net::utils::Address;
+
+use anyhow::bail;
+use anyhow::Result;
 use clap::arg;
 use clap::command;
 use clap::Parser;
+use energon::drand::schemes::*;
 
-/// Top-level error for CLI commands
-#[derive(thiserror::Error, Debug)]
-pub enum CliError {
-    #[error("could not initialize a logger")]
-    LogInitError,
+/// Generate the long-term keypair (drand.private, drand.public) for this node, and load it on the drand daemon if it is up and running
+#[derive(Debug, Parser, Clone)]
+pub struct KeyGenConfig {
+    /// Set the port you want to listen to for control port commands. If not specified, we will use the default value.
+    #[arg(long, default_value = control::DEFAULT_CONTROL_PORT)]
+    pub control: String,
+    /// Folder to keep all drand cryptographic information, with absolute path.
+    #[arg(long, default_value_t =  FileStore::drand_home())]
+    pub folder: String,
+    /// Indicates the id for the randomness generation process which the command applies to.
+    #[arg(long, default_value = beacon::DEFAULT_BEACON_ID)]
+    pub id: String,
+    /// Indicates a set of values drand will use to configure the randomness generation process
+    #[arg(long, default_value = DefaultScheme::ID)]
+    pub scheme: String,
+    /// The address other nodes will be able to contact this node on (specified as 'private-listen' to the daemon)
+    pub address: String,
 }
 
 #[derive(Debug, Parser)]
@@ -20,14 +42,57 @@ pub struct CLI {
 }
 
 #[derive(Debug, Parser)]
-pub enum Cmd {}
+pub enum Cmd {
+    GenerateKeypair(KeyGenConfig),
+}
 
 impl CLI {
-    pub async fn run(self) -> Result<(), CliError> {
+    pub async fn run(self) -> Result<()> {
         // Logs are disabled in tests by default.
         #[cfg(not(test))]
         crate::log::init_log(self.verbose)?;
 
+        match self.commands {
+            Cmd::GenerateKeypair(config) => keygen_cmd(&config).await?,
+        }
+
         Ok(())
     }
 }
+
+async fn keygen_cmd(config: &KeyGenConfig) -> Result<()> {
+    println!("Generating private / public key pair");
+    match config.scheme.as_str() {
+        DefaultScheme::ID => keygen::<DefaultScheme>(config).await?,
+        UnchainedScheme::ID => keygen::<UnchainedScheme>(config).await?,
+        SigsOnG1Scheme::ID => keygen::<SigsOnG1Scheme>(config).await?,
+        BN254UnchainedOnG1Scheme::ID => keygen::<BN254UnchainedOnG1Scheme>(config).await?,
+        _ => bail!("keygen: unknown scheme: {}", config.scheme),
+    }
+
+    // Note: Loading keys into the daemon at `keygen_cmd` is disabled in tests.
+    //       Testing [`ControlClient::load_beacon`] should be done outside this function.
+    #[cfg(not(test))]
+    // If keys were generated successfully, daemon needs to load them.
+    match control::ControlClient::new(&config.control).await {
+        Ok(mut client) => {
+            client.load_beacon(&config.id).await?;
+        }
+        Err(_) => {
+            // Just print, exit code 0
+            eprintln!("Keys couldn't be loaded on drand daemon. If it is not running, these new keys will be loaded on startup")
+        }
+    }
+
+    Ok(())
+}
+
+/// Generic helper for [`keygen_cmd`]
+async fn keygen<S: Scheme>(config: &KeyGenConfig) -> Result<()> {
+    let address = Address::precheck(&config.address)?;
+    let pair = Pair::<S>::generate(address)?;
+    let store = FileStore::new_checked(&config.folder, &config.id)?;
+    store.save_key_pair(&pair)?;
+
+    Ok(())
+}

Diff for: src/cli.rs

@@ -0,0 +1 @@
+pub const DEFAULT_BEACON_ID: &str = "default";

Diff for: src/core/beacon.rs

@@ -0,0 +1 @@
+pub mod beacon;

Diff for: src/core/mod.rs

@@ -1,15 +1,12 @@
-use super::Hash;
 use super::Scheme;
 use crate::net::utils::Address;
 
-use energon::backends::error::PointError;
-use energon::drand::SchemeError;
+use anyhow::Result;
 use energon::kyber::poly::PriShare;
 use energon::points::KeyPoint;
 use energon::points::SigPoint;
 use energon::traits::Affine;
 use energon::traits::ScalarField;
-use sha2::Digest;
 
 /// Pair is a wrapper around a random scalar and the corresponding public key
 #[derive(Debug, PartialEq)]
@@ -24,28 +21,17 @@ impl<S: Scheme> Pair<S> {
     }
 
     /// Returns a freshly created private / public key pair.
-    pub fn generate(address: Address) -> Result<Self, SchemeError> {
+    pub fn generate(address: Address) -> Result<Self> {
         let private = S::Scalar::random();
         let key = S::sk_to_pk(&private);
         let mut msg = S::ID.as_bytes().to_vec();
         msg.extend_from_slice(key.hash()?.as_slice());
-
         let signature = S::bls_sign(&msg, &private)?;
         let public = Identity::new(address, key, signature);
 
         Ok(Self::new(private, public))
     }
 
-    /// Signs the public key with the key pair
-    pub fn self_sign(&mut self) -> Result<(), SchemeError> {
-        let mut msg = S::ID.as_bytes().to_vec();
-        let pk_hash = self.public_identity().hash()?;
-        msg.extend_from_slice(&pk_hash);
-        self.public.signature = S::bls_sign(&msg, self.private_key())?;
-
-        Ok(())
-    }
-
     pub fn private_key(&self) -> &S::Scalar {
         &self.private
     }
@@ -89,8 +75,10 @@ impl<S: Scheme> Identity<S> {
     /// Hash returns the hash of the public key without signing the signature. The hash
     /// is the input to the signature Scheme. It does *not* hash the address field as
     /// this may need to change while the node keeps the same key.
-    pub fn hash(&self) -> Result<[u8; 32], PointError> {
-        self.key.hash()
+    pub fn hash(&self) -> Result<[u8; 32]> {
+        let hash = self.key.hash()?;
+
+        Ok(hash)
     }
 
     pub fn is_valid_signature(&self) -> bool {
@@ -99,23 +87,10 @@ impl<S: Scheme> Identity<S> {
             msg.extend_from_slice(hash.as_slice());
             return S::bls_verify(&self.key, &self.signature, &msg).is_ok();
         }
-
         false
     }
 }
 
-impl<S: Scheme> Hash for Identity<S> {
-    type Hasher = crev_common::Blake2b256;
-
-    fn hash(&self) -> Result<[u8; 32], PointError> {
-        let mut h = Self::Hasher::new();
-        let msg = self.key().serialize()?;
-        h.update(msg);
-
-        Ok(h.finalize().into())
-    }
-}
-
 // DistPublic represents the distributed public key generated during a DKG. This
 // is the information that can be safely exported to end users verifying a
 // drand signature. It is the list of all commitments of the coefficients of the
@@ -130,7 +105,7 @@ impl<S: Scheme> DistPublic<S> {
         Self { commits }
     }
 
-    pub fn from_bytes(bytes: &[Vec<u8>]) -> Result<Self, PointError> {
+    pub fn from_bytes(bytes: &[Vec<u8>]) -> Result<Self> {
         let mut commits = Vec::with_capacity(bytes.len());
 
         for commit in bytes.iter() {

Diff for: src/key/keys.rs

@@ -9,10 +9,8 @@ pub use energon::drand::traits::DrandScheme as Scheme;
 pub use energon::points::KeyPoint;
 pub use energon::points::SigPoint;
 
-use energon::backends::error::PointError;
-
 pub trait Hash {
     type Hasher;
 
-    fn hash(&self) -> Result<[u8; 32], PointError>;
+    fn hash(&self) -> anyhow::Result<[u8; 32]>;
 }

Diff for: src/key/mod.rs

@@ -31,15 +31,16 @@ const PRIVATE_PERM: u32 = 0o600;
 const PUBLIC_PERM: u32 = 0o664;
 
 #[derive(thiserror::Error, Debug)]
-#[error("file_store: ")]
+#[error("file_store: {0}")]
 pub enum FileStoreError {
     #[error(transparent)]
     IO(#[from] std::io::Error),
     #[error("file already exists in {0}")]
     FileAlreadyExists(PathBuf),
     #[error("file is not found at {0}")]
     FileNotFound(PathBuf),
-    #[error("toml error, this is not expected")]
+    // Normally should not be possible
+    #[error("toml error")]
     TomlError,
     #[error("key materials scheme is invalid")]
     InvalidScheme,
@@ -132,9 +133,7 @@ impl FileStore {
     }
 
     pub fn save_key_pair<S: Scheme>(&self, pair: &Pair<S>) -> Result<(), FileStoreError> {
-        let pair_toml = pair
-            .toml_encode()
-            .ok_or_else(|| FileStoreError::TomlError)?;
+        let pair_toml = pair.toml_encode().ok_or(FileStoreError::TomlError)?;
 
         // save private
         let mut f = File::create(self.private_id_file())?;
@@ -156,9 +155,7 @@ impl FileStore {
     }
 
     pub fn save_group<S: Scheme>(&self, group: &Group<S>) -> Result<(), FileStoreError> {
-        let group_toml = group
-            .toml_encode()
-            .ok_or_else(|| FileStoreError::TomlError)?;
+        let group_toml = group.toml_encode().ok_or(FileStoreError::TomlError)?;
         let mut f = File::create(self.group_file())?;
         f.set_permissions(Permissions::from_mode(PUBLIC_PERM))?;
         f.write_all(group_toml.to_string().as_bytes())?;
@@ -167,9 +164,7 @@ impl FileStore {
     }
 
     pub fn save_share<S: Scheme>(&self, share: &Share<S>) -> Result<(), FileStoreError> {
-        let share_toml = share
-            .toml_encode()
-            .ok_or_else(|| FileStoreError::TomlError)?;
+        let share_toml = share.toml_encode().ok_or(FileStoreError::TomlError)?;
         let mut f = File::create(self.private_share_file())?;
         f.set_permissions(Permissions::from_mode(PRIVATE_PERM))?;
         f.write_all(share_toml.to_string().as_bytes())?;
@@ -181,15 +176,16 @@ impl FileStore {
     pub fn load_key_pair_toml(&self) -> Result<PairToml, FileStoreError> {
         let private_str = std::fs::read_to_string(self.private_id_file())?;
         let public_str = std::fs::read_to_string(self.public_id_file())?;
+        let pair_toml = PairToml::parse(private_str.as_str(), public_str.as_str())
+            .ok_or(FileStoreError::TomlError)?;
 
-        PairToml::parse(private_str.as_str(), public_str.as_str())
-            .ok_or_else(|| FileStoreError::TomlError)
+        Ok(pair_toml)
     }
 
     pub fn load_share<S: Scheme>(&self) -> Result<Share<S>, FileStoreError> {
         let share_str = std::fs::read_to_string(self.private_share_file())?;
         Toml::toml_decode(&share_str.parse().map_err(|_| FileStoreError::TomlError)?)
-            .ok_or_else(|| FileStoreError::TomlError)
+            .ok_or(FileStoreError::TomlError)
     }
 
     pub fn drand_home() -> String {
@@ -244,7 +240,6 @@ mod tests {
     use super::*;
     use crate::net::utils::Address;
     use energon::drand::schemes::DefaultScheme;
-    use tempfile::tempdir;
 
     // #Required permissions
     //
@@ -261,7 +256,7 @@ mod tests {
     #[test]
     fn check_permissions_and_data() {
         // Build absolute path for base folder 'testnet'
-        let temp_dir = tempdir().unwrap();
+        let temp_dir = tempfile::TempDir::new().unwrap();
         let base_path = temp_dir
             .path()
             .join("testnet")

Diff for: src/key/store.rs

@@ -7,3 +7,4 @@ pub mod net;
 pub mod protobuf;
 pub mod store;
 pub mod transport;
+pub mod core;

Diff for: src/lib.rs

@@ -1,12 +1,11 @@
-use crate::cli::CliError;
 use std::sync::Arc;
 use tracing::Span;
 use tracing_subscriber::fmt::time;
 use tracing_subscriber::prelude::__tracing_subscriber_SubscriberExt;
 use tracing_subscriber::util::SubscriberInitExt;
 use tracing_subscriber::EnvFilter;
 
-pub fn init_log(verbose: bool) -> Result<(), CliError> {
+pub fn init_log(verbose: bool) -> anyhow::Result<()> {
     let filter = EnvFilter::builder().parse_lossy(match verbose {
         true => "drand=debug",
         false => "drand=info",
@@ -22,8 +21,9 @@ pub fn init_log(verbose: bool) -> Result<(), CliError> {
     tracing_subscriber::registry()
         .with(layer)
         .with(filter)
-        .try_init()
-        .map_err(|_| CliError::LogInitError)
+        .try_init()?;
+
+    Ok(())
 }
 
 pub struct Logger {

Diff for: src/log.rs

@@ -15,19 +15,8 @@
 #![warn(clippy::pedantic)]
 use clap::Parser;
 use drand::cli::CLI;
-use std::process::ExitCode;
 
 #[tokio::main]
-async fn main() -> ExitCode {
-    if let Err(err) = CLI::parse().run().await {
-        // Errors are expected to be well-formatted in release builds.
-        eprintln!("Error: {err}");
-
-        #[cfg(debug_assertions)]
-        eprintln!("Error: {err:?}");
-
-        ExitCode::FAILURE
-    } else {
-        ExitCode::SUCCESS
-    }
-}
+async fn main() -> anyhow::Result<()> {
+    CLI::parse().run().await
+}