Construct new sender key in initialization

calimero-network · Nov 8, 2024 · c891866 · c891866
1 parent d6c6afe
commit c891866
Show file tree

Hide file tree

Showing 4 changed files with 30 additions and 57 deletions.
diff --git a/crates/context/src/lib.rs b/crates/context/src/lib.rs
@@ -475,7 +475,7 @@ impl ContextManager {
                             &key,
                             &ContextIdentityValue {
                                 private_key: None,
-                                sender_key: None,
+                                sender_key: Some(*self.new_private_key()),
                             },
                         )?;
                     }
@@ -766,10 +766,7 @@ impl ContextManager {
             .get(&ContextIdentityKey::new(*context_id, *own_public_key))?
             .and_then(|ctx_identity| ctx_identity.sender_key);
 
-        match key {
-            Some(key) => Ok(Some(PrivateKey::from(key))),
-            None => Ok(None),
-        }
+        Ok(key.map(PrivateKey::from))
     }
 
     pub fn get_context_members_identities(

diff --git a/crates/crypto/src/lib.rs b/crates/crypto/src/lib.rs
@@ -1,5 +1,5 @@
 use calimero_primitives::identity::{PrivateKey, PublicKey};
-use ed25519_dalek::hazmat::ExpandedSecretKey;
+use curve25519_dalek::Scalar;
 use ed25519_dalek::SecretKey;
 use ring::aead;
 use serde::{Deserialize, Serialize};
@@ -18,7 +18,7 @@ pub struct Record {
 impl SharedKey {
     pub fn new(sk: &PrivateKey, pk: &PublicKey) -> Self {
         SharedKey {
-            key: (ExpandedSecretKey::from(&**sk).scalar
+            key: (Scalar::from_bytes_mod_order(**sk)
                 * curve25519_dalek::edwards::CompressedEdwardsY(**pk)
                     .decompress()
                     .expect("pk should be guaranteed to be the y coordinate"))
@@ -69,7 +69,6 @@ impl SharedKey {
 
 #[cfg(test)]
 mod tests {
-    use ed25519_dalek::SigningKey;
     use eyre::OptionExt;
 
     use super::*;
@@ -78,17 +77,11 @@ mod tests {
     fn test_encrypt_decrypt() -> eyre::Result<()> {
         let mut csprng = rand::thread_rng();
 
-        let signer = SigningKey::generate(&mut csprng);
-        let verifier = SigningKey::generate(&mut csprng);
+        let signer = PrivateKey::random(&mut csprng);
+        let verifier = PrivateKey::random(&mut csprng);
 
-        let signer_shared_key = SharedKey::new(
-            &PrivateKey::from(signer.to_bytes()),
-            &(*verifier.verifying_key().as_bytes()).into(),
-        );
-        let verifier_shared_key = SharedKey::new(
-            &PrivateKey::from(verifier.to_bytes()),
-            &(*signer.verifying_key().as_bytes()).into(),
-        );
+        let signer_shared_key = SharedKey::new(&signer, &verifier.public_key());
+        let verifier_shared_key = SharedKey::new(&verifier, &signer.public_key());
 
         let payload = b"privacy is important";
         let nonce = [0u8; aead::NONCE_LEN];
@@ -111,18 +104,12 @@ mod tests {
     fn test_decrypt_with_invalid_key() -> eyre::Result<()> {
         let mut csprng = rand::thread_rng();
 
-        let signer = SigningKey::generate(&mut csprng);
-        let verifier = SigningKey::generate(&mut csprng);
-        let invalid = SigningKey::generate(&mut csprng);
-
-        let signer_shared_key = SharedKey::new(
-            &PrivateKey::from(signer.to_bytes()),
-            &(*verifier.verifying_key().as_bytes()).into(),
-        );
-        let invalid_shared_key = SharedKey::new(
-            &PrivateKey::from(invalid.to_bytes()),
-            &(*invalid.verifying_key().as_bytes()).into(),
-        );
+        let signer = PrivateKey::random(&mut csprng);
+        let verifier = PrivateKey::random(&mut csprng);
+        let invalid = PrivateKey::random(&mut csprng);
+
+        let signer_shared_key = SharedKey::new(&signer, &verifier.public_key());
+        let invalid_shared_key = SharedKey::new(&invalid, &invalid.public_key());
 
         let token = b"privacy is important";
         let nonce = [0u8; aead::NONCE_LEN];

diff --git a/crates/node/src/lib.rs b/crates/node/src/lib.rs
@@ -33,7 +33,7 @@ use calimero_store::db::RocksDB;
 use calimero_store::key::ContextMeta as ContextMetaKey;
 use calimero_store::Store;
 use camino::Utf8PathBuf;
-use eyre::{bail, eyre, Result as EyreResult};
+use eyre::{bail, eyre, OptionExt, Result as EyreResult};
 use libp2p::gossipsub::{IdentTopic, Message, TopicHash};
 use libp2p::identity::Keypair;
 use rand::seq::IteratorRandom;
@@ -305,19 +305,16 @@ impl Node {
                 root_hash,
                 artifact,
             } => {
-                let possible_sending_key =
-                    self.ctx_manager.get_sender_key(&context_id, &author_id)?;
-
-                let sending_key = match possible_sending_key {
-                    Some(key) => key,
-                    None => todo!(), //initiate sync
+                let Some(sender_key) = self.ctx_manager.get_sender_key(&context_id, &author_id)?
+                else {
+                    return self.initiate_sync(context_id, source).await;
                 };
 
-                let shared_key = SharedKey::from_sk(&sending_key);
+                let shared_key = SharedKey::from_sk(&sender_key);
 
                 let artifact = &shared_key
                     .decrypt(artifact.into_owned(), [0; aead::NONCE_LEN])
-                    .ok_or_else(|| eyre!("Failed to decrypt message"))?;
+                    .ok_or_eyre("failed to decrypt message")?;
 
                 self.handle_state_delta(
                     source,
@@ -383,20 +380,16 @@ impl Node {
             .await
             != 0
         {
-            let possible_sending_key = self
+            let sender_key = self
                 .ctx_manager
-                .get_sender_key(&context.id, &executor_public_key)?;
-
-            let sending_key = match possible_sending_key {
-                Some(key) => key,
-                None => todo!(), // initiate sync
-            };
+                .get_sender_key(&context.id, &executor_public_key)?
+                .ok_or_eyre("expected own identity to have sender key")?;
 
-            let shared_key = SharedKey::from_sk(&sending_key);
+            let shared_key = SharedKey::from_sk(&sender_key);
 
             let artifact_encrypted = shared_key
                 .encrypt(outcome.artifact.clone(), [0; aead::NONCE_LEN])
-                .ok_or(eyre!("Encryption failed"))?;
+                .ok_or_eyre("encryption failed")?;
 
             let message = to_vec(&BroadcastMessage::StateDelta {
                 context_id: context.id,

diff --git a/crates/node/src/sync/blobs.rs b/crates/node/src/sync/blobs.rs
@@ -3,7 +3,7 @@ use calimero_network::stream::Stream;
 use calimero_primitives::blobs::BlobId;
 use calimero_primitives::context::Context;
 use calimero_primitives::identity::PublicKey;
-use eyre::bail;
+use eyre::{bail, OptionExt};
 use futures_util::stream::poll_fn;
 use futures_util::TryStreamExt;
 use rand::seq::IteratorRandom;
@@ -65,16 +65,12 @@ impl Node {
             }
         };
 
-        let possible_sending_key = self
+        let sender_key = self
             .ctx_manager
-            .get_sender_key(&context.id, &our_identity)?;
-
-        let sending_key = match possible_sending_key {
-            Some(key) => key,
-            None => todo!(),
-        };
+            .get_sender_key(&context.id, &our_identity)?
+            .ok_or_eyre("expected own identity to have sender key")?;
 
-        let shared_key = SharedKey::new(&sending_key, &their_identity);
+        let shared_key = SharedKey::new(&sender_key, &their_identity);
 
         let (tx, mut rx) = mpsc::channel(1);