dmq: using OCert from kes-agent library

We need to use since in the initial version of `dmq-node` because of its
own CBOR encoding.  It is not cryptographically checked.

Author: coot

cabal.project

@@ -59,3 +59,13 @@ package acts
   flags: -finitary
 
 allow-newer: quickcheck-instances:QuickCheck
+
+-- kes-agent is not yet in CHaP, so we pull it from its GitHub repo
+source-repository-package
+  type: git
+  location: https://github.com/input-output/kes-agent
+  tag: 2a9ac9c017aa33c4f64b052c2d91babbbed842d3
+  --sha256: sha256-ztllx/uDQqPeV8lcmapJTB9y5bjb9HEHYK+4+x5JxiI=
+  subdir: kes-agent
+
+allow-newer: kes-agent:typed-protocols

decentralized-message-queue/app/Main.hs

@@ -1,4 +1,5 @@
 {-# LANGUAGE ScopedTypeVariables #-}
+{-# LANGUAGE TypeApplications    #-}
 
 module Main where
 
@@ -12,6 +13,8 @@ import Data.Void (Void)
 import Options.Applicative
 import System.Random (newStdGen, split)
 
+import Cardano.KESAgent.Protocols.StandardCrypto (StandardCrypto)
+
 import DMQ.Configuration
 import DMQ.Configuration.CLIOptions (parseCLIOptions)
 import DMQ.Configuration.Topology (readTopologyFileOrError)
@@ -53,7 +56,6 @@ runDMQ commandLineConfig = do
         } = config' <> commandLineConfig
             `act`
             defaultConfiguration
-
     let tracer :: ToJSON ev => Tracer IO (WithEventType ev)
         tracer = dmqTracer prettyLog
 
@@ -64,7 +66,7 @@ runDMQ commandLineConfig = do
     stdGen <- newStdGen
     let (psRng, policyRng) = split stdGen
 
-    withNodeKernel psRng $ \nodeKernel -> do
+    withNodeKernel @StandardCrypto psRng $ \nodeKernel -> do
       dmqDiffusionConfiguration <- mkDiffusionConfiguration dmqConfig nt
 
       let dmqNtNApps =

decentralized-message-queue/decentralized-message-queue.cabal

@@ -55,6 +55,8 @@ library
     aeson-pretty,
     base >=4.14 && <4.22,
     bytestring >=0.10 && <0.13,
+    cardano-binary,
+    cardano-crypto-class,
     cborg >=0.2.1 && <0.3,
     containers >=0.5 && <0.8,
     contra-tracer >=0.1 && <0.3,
@@ -66,6 +68,7 @@ library
     hashable >=1.0 && <1.6,
     io-classes:{io-classes, si-timers, strict-mvar, strict-stm} ^>=1.8.0.1,
     iproute ^>=1.7.15,
+    kes-agent ^>=0.1,
     network ^>=3.2.7,
     network-mux ^>=0.9,
     optparse-applicative ^>=0.18,
@@ -95,6 +98,7 @@ executable dmq-node
     base,
     contra-tracer >=0.1 && <0.3,
     decentralized-message-queue,
+    kes-agent,
     optparse-applicative,
     ouroboros-network,
     ouroboros-network-api,
@@ -119,9 +123,13 @@ test-suite dmq-test
   build-depends:
     QuickCheck,
     base >=4.14 && <4.22,
-    cborg,
+    bytestring,
     cardano-binary,
+    cardano-crypto-class,
+    cardano-crypto-tests,
+    cborg,
     decentralized-message-queue,
+    kes-agent,
     ouroboros-network-api,
     ouroboros-network-protocols:testlib,
     quickcheck-instances,

decentralized-message-queue/src/DMQ/Diffusion/Applications.hs

@@ -22,10 +22,10 @@ import Ouroboros.Network.RethrowPolicy (ioErrorRethrowPolicy,
            muxErrorRethrowPolicy)
 
 diffusionApplications
-  :: NodeKernel ntnAddr m
+  :: NodeKernel crypto ntnAddr m
   -> Configuration
   -> Diffusion.Configuration NoExtraFlags m ntnFd ntnAddr ntcFd ntcAddr
-  -> NTN.LimitsAndTimeouts ntnAddr
+  -> NTN.LimitsAndTimeouts crypto ntnAddr
   -> NTN.Apps ntnAddr m a ()
   -> PeerSelectionPolicy ntnAddr m
   -> Diffusion.Applications ntnAddr NodeToNodeVersion   NodeToNodeVersionData

decentralized-message-queue/src/DMQ/Diffusion/NodeKernel.hs

@@ -36,7 +36,7 @@ import Ouroboros.Network.TxSubmission.Mempool.Simple qualified as Mempool
 import DMQ.Protocol.SigSubmission.Type (Sig (sigExpiresAt), SigId)
 
 
-data NodeKernel ntnAddr m =
+data NodeKernel crypto ntnAddr m =
   NodeKernel {
     -- | The fetch client registry, used for the keep alive clients.
     fetchClientRegistry :: FetchClientRegistry (ConnectionId ntnAddr) () () m
@@ -45,18 +45,18 @@ data NodeKernel ntnAddr m =
     -- the PeerSharing protocol
   , peerSharingRegistry :: PeerSharingRegistry ntnAddr m
   , peerSharingAPI      :: PeerSharingAPI ntnAddr StdGen m
-  , mempool             :: Mempool m Sig
-  , sigChannelVar       :: TxChannelsVar m ntnAddr SigId Sig
+  , mempool             :: Mempool m (Sig crypto)
+  , sigChannelVar       :: TxChannelsVar m ntnAddr SigId (Sig crypto)
   , sigMempoolSem       :: TxMempoolSem m
-  , sigSharedTxStateVar :: SharedTxStateVar m ntnAddr SigId Sig
+  , sigSharedTxStateVar :: SharedTxStateVar m ntnAddr SigId (Sig crypto)
   }
 
 newNodeKernel :: ( MonadLabelledSTM m
                  , MonadMVar m
                  , Ord ntnAddr
                  )
               => StdGen
-              -> m (NodeKernel ntnAddr m)
+              -> m (NodeKernel crypto ntnAddr m)
 newNodeKernel rng = do
   publicPeerSelectionStateVar <- makePublicPeerSelectionStateVar
 
@@ -86,7 +86,8 @@ newNodeKernel rng = do
                   }
 
 
-withNodeKernel :: ( MonadAsync       m
+withNodeKernel :: forall crypto ntnAddr m a.
+                  ( MonadAsync       m
                   , MonadFork        m
                   , MonadDelay       m
                   , MonadLabelledSTM m
@@ -96,7 +97,7 @@ withNodeKernel :: ( MonadAsync       m
                   , Ord ntnAddr
                   )
                => StdGen
-               -> (NodeKernel ntnAddr m -> m a)
+               -> (NodeKernel crypto ntnAddr m -> m a)
                -- ^ as soon as the callback exits the `mempoolWorker` will be
                -- killed
                -> m a
@@ -107,19 +108,20 @@ withNodeKernel rng k = do
               >> k nodeKernel
 
 
-mempoolWorker :: ( MonadDelay m
+mempoolWorker :: forall crypto m.
+                 ( MonadDelay m
                  , MonadSTM   m
                  , MonadTime  m
                  )
-              => Mempool m Sig
+              => Mempool m (Sig crypto)
               -> m Void
 mempoolWorker (Mempool v) = loop
   where
     loop = do
       now <- getCurrentPOSIXTime
       rt <- atomically $ do
-        (sigs :: Seq.Seq Sig) <- readTVar v
-        let sigs' :: Seq.Seq Sig
+        (sigs :: Seq.Seq (Sig crypto)) <- readTVar v
+        let sigs' :: Seq.Seq (Sig crypto)
             (resumeTime, sigs') =
               foldr (\a (rt, as) -> if sigExpiresAt a <= now
                                     then (rt, as)

decentralized-message-queue/src/DMQ/NodeToNode.hs

@@ -43,6 +43,7 @@ import Data.Aeson qualified as Aeson
 import Data.ByteString.Lazy qualified as BL
 import Data.Functor.Contravariant ((>$<))
 import Data.Hashable (Hashable)
+import Data.Typeable
 import Data.Void (Void)
 import System.Random (mkStdGen)
 
@@ -51,6 +52,8 @@ import Network.Mux.Types (Mode (..))
 import Network.Mux.Types qualified as Mx
 import Network.TypedProtocol.Codec (AnnotatedCodec, Codec)
 
+import Cardano.KESAgent.KES.Crypto (Crypto (..))
+
 import DMQ.Configuration (Configuration, Configuration' (..), I (..))
 import DMQ.Diffusion.NodeKernel (NodeKernel (..))
 import DMQ.NodeToNode.Version
@@ -142,8 +145,10 @@ data Apps addr m a b =
   }
 
 ntnApps
-  :: forall m addr .
-    ( Alternative (STM m)
+  :: forall crypto m addr .
+    ( Crypto crypto
+    , Typeable crypto
+    , Alternative (STM m)
     , MonadAsync m
     , MonadDelay m
     , MonadFork m
@@ -158,9 +163,9 @@ ntnApps
     )
  => (forall ev. Aeson.ToJSON ev => Tracer m (WithEventType ev))
  -> Configuration
- -> NodeKernel addr m
- -> Codecs addr m
- -> LimitsAndTimeouts addr
+ -> NodeKernel crypto addr m
+ -> Codecs crypto addr m
+ -> LimitsAndTimeouts crypto addr
  -> TxDecisionPolicy
  -> Apps addr m () ()
 ntnApps
@@ -206,18 +211,19 @@ ntnApps
     , aPeerSharingServer
     }
   where
-    sigSize :: Sig -> SizeInBytes
+    sigSize :: Sig crypto -> SizeInBytes
     sigSize _ = 0 -- TODO
 
     mempoolReader = Mempool.getReader sigId sigSize mempool
-    mempoolWriter = Mempool.getWriter sigId sigValid mempool
-      where
-        -- Note: invalid signatures are just omitted from the mempool. For DMQ
-        -- we need to validate signatures when we received them, and shutdown
-        -- connection if we receive one, rather than validate them in the
-        -- mempool.
-        sigValid :: Sig -> Bool
-        sigValid _ = True
+    -- TODO: invalid signatures are just omitted from the mempool. For DMQ
+    -- we need to validate signatures when we received them, and shutdown
+    -- connection if we receive one, rather than validate them in the
+    -- mempool.
+    mempoolWriter = Mempool.getWriter sigId
+                                      (pure ())
+                                      (\_ _ -> Right () :: Either Void ())
+                                      (\_ -> True)
+                                      mempool
 
     aSigSubmissionClient
       :: NodeToNodeVersion
@@ -262,7 +268,7 @@ ntnApps
           mempoolWriter
           sigSize
           (remoteAddress connId)
-          $ \(peerSigAPI :: PeerTxAPI m SigId Sig) ->
+          $ \(peerSigAPI :: PeerTxAPI m SigId (Sig crypto)) ->
             runPipelinedAnnotatedPeerWithLimits
               (if sigSubmissionServerTracer
                  then WithEventType "SigSubmissionServer" . Mx.WithBearer connId >$< tracer
@@ -273,7 +279,7 @@ ntnApps
               channel
               $ txSubmissionServerPeerPipelined
               $ txSubmissionInboundV2
-                  nullTracer
+                  nullTracer -- TODO
                   _SIG_SUBMISSION_INIT_DELAY
                   mempoolWriter
                   peerSigAPI
@@ -405,7 +411,7 @@ peerSharingMiniProtocolNum :: Mx.MiniProtocolNum
 peerSharingMiniProtocolNum = Mx.MiniProtocolNum 13
 
 nodeToNodeProtocols
-  :: LimitsAndTimeouts addr
+  :: LimitsAndTimeouts crypto addr
   -> Protocols appType initiatorCtx responderCtx bytes m a b
   -> NodeToNodeVersion
   -- ^ negotiated version number
@@ -463,7 +469,7 @@ nodeToNodeProtocols LimitsAndTimeouts {
       )
 
 initiatorProtocols
-  :: LimitsAndTimeouts addr
+  :: LimitsAndTimeouts crypto addr
   -> Apps addr m a b
   -> NodeToNodeVersion
   -> NodeToNodeVersionData
@@ -488,7 +494,7 @@ initiatorProtocols limitsAndTimeouts
     version
 
 initiatorAndResponderProtocols
-  :: LimitsAndTimeouts addr
+  :: LimitsAndTimeouts crypto addr
   -> Apps addr m a b
   -> NodeToNodeVersion
   -> NodeToNodeVersionData
@@ -521,36 +527,39 @@ initiatorAndResponderProtocols limitsAndTimeouts
     })
     version
 
-data Codecs addr m =
+data Codecs crypto addr m =
   Codecs {
-    sigSubmissionCodec :: AnnotatedCodec SigSubmission
+    sigSubmissionCodec :: AnnotatedCodec (SigSubmission crypto)
                             CBOR.DeserialiseFailure m BL.ByteString
   , keepAliveCodec     :: Codec KeepAlive
                             CBOR.DeserialiseFailure m BL.ByteString
   , peerSharingCodec   :: Codec (Protocol.PeerSharing addr)
                             CBOR.DeserialiseFailure m BL.ByteString
   }
 
-dmqCodecs :: MonadST m
+dmqCodecs :: ( Crypto crypto
+             , Typeable crypto
+             , MonadST m
+             )
           => (addr -> CBOR.Encoding)
           -> (forall s. CBOR.Decoder s addr)
-          -> Codecs addr m
+          -> Codecs crypto addr m
 dmqCodecs encodeAddr decodeAddr =
   Codecs {
     sigSubmissionCodec = codecSigSubmission
   , keepAliveCodec     = codecKeepAlive_v2
   , peerSharingCodec   = codecPeerSharing encodeAddr decodeAddr
   }
 
-data LimitsAndTimeouts addr =
+data LimitsAndTimeouts crypto addr =
   LimitsAndTimeouts {
     -- sig-submission
     sigSubmissionLimits
       :: MiniProtocolLimits
   , sigSubmissionSizeLimits
-      :: ProtocolSizeLimits SigSubmission BL.ByteString
+      :: ProtocolSizeLimits (SigSubmission crypto) BL.ByteString
   , sigSubmissionTimeLimits
-      :: ProtocolTimeLimits SigSubmission
+      :: ProtocolTimeLimits (SigSubmission crypto)
 
     -- keep-alive
   , keepAliveLimits
@@ -569,7 +578,7 @@ data LimitsAndTimeouts addr =
       :: ProtocolSizeLimits (Protocol.PeerSharing addr) BL.ByteString
   }
 
-dmqLimitsAndTimeouts :: LimitsAndTimeouts addr
+dmqLimitsAndTimeouts :: LimitsAndTimeouts crypto addr
 dmqLimitsAndTimeouts =
     LimitsAndTimeouts {
       sigSubmissionLimits =