From 94c9b75860782dc4fe690080a0e55d29ef90c875 Mon Sep 17 00:00:00 2001 From: Peter Nose Date: Tue, 27 Feb 2024 10:40:03 +0100 Subject: [PATCH 1/3] go/keymanager/churp: Add method ConsensusParameters to the backend --- .../cometbft/apps/keymanager/churp/query.go | 24 ++++++++--- .../cometbft/apps/keymanager/secrets/query.go | 28 +++++++----- .../cometbft/keymanager/churp/client.go | 10 +++++ go/keymanager/churp/backend.go | 5 ++- go/keymanager/churp/grpc.go | 43 +++++++++++++++++-- 5 files changed, 88 insertions(+), 22 deletions(-) diff --git a/go/consensus/cometbft/apps/keymanager/churp/query.go b/go/consensus/cometbft/apps/keymanager/churp/query.go index 15345477c87..3580b0e1faa 100644 --- a/go/consensus/cometbft/apps/keymanager/churp/query.go +++ b/go/consensus/cometbft/apps/keymanager/churp/query.go @@ -8,8 +8,9 @@ import ( "github.com/oasisprotocol/oasis-core/go/keymanager/churp" ) -// Query is the key manager query interface. +// Query is the key manager CHURP query interface. type Query interface { + ConsensusParameters(context.Context) (*churp.ConsensusParameters, error) Status(context.Context, common.Namespace, uint8) (*churp.Status, error) Statuses(context.Context, common.Namespace) ([]*churp.Status, error) AllStatuses(context.Context) ([]*churp.Status, error) @@ -19,18 +20,27 @@ type querier struct { state *churpState.ImmutableState } -func (kq *querier) Status(ctx context.Context, runtimeID common.Namespace, churpID uint8) (*churp.Status, error) { - return kq.state.Status(ctx, runtimeID, churpID) +// ConsensusParameters implements Query. +func (q *querier) ConsensusParameters(ctx context.Context) (*churp.ConsensusParameters, error) { + return q.state.ConsensusParameters(ctx) } -func (kq *querier) Statuses(ctx context.Context, runtimeID common.Namespace) ([]*churp.Status, error) { - return kq.state.Statuses(ctx, runtimeID) +// Status implements Query. +func (q *querier) Status(ctx context.Context, runtimeID common.Namespace, churpID uint8) (*churp.Status, error) { + return q.state.Status(ctx, runtimeID, churpID) } -func (kq *querier) AllStatuses(ctx context.Context) ([]*churp.Status, error) { - return kq.state.AllStatuses(ctx) +// Statuses implements Query. +func (q *querier) Statuses(ctx context.Context, runtimeID common.Namespace) ([]*churp.Status, error) { + return q.state.Statuses(ctx, runtimeID) } +// AllStatuses implements Query. +func (q *querier) AllStatuses(ctx context.Context) ([]*churp.Status, error) { + return q.state.AllStatuses(ctx) +} + +// NewQuery creates a new key manager CHURP query. func NewQuery(state *churpState.ImmutableState) Query { return &querier{state} } diff --git a/go/consensus/cometbft/apps/keymanager/secrets/query.go b/go/consensus/cometbft/apps/keymanager/secrets/query.go index 02461ebd5eb..fedaca1171f 100644 --- a/go/consensus/cometbft/apps/keymanager/secrets/query.go +++ b/go/consensus/cometbft/apps/keymanager/secrets/query.go @@ -8,7 +8,7 @@ import ( "github.com/oasisprotocol/oasis-core/go/keymanager/secrets" ) -// Query is the key manager query interface. +// Query is the key manager secrets query interface. type Query interface { Status(context.Context, common.Namespace) (*secrets.Status, error) Statuses(context.Context) ([]*secrets.Status, error) @@ -21,24 +21,29 @@ type querier struct { state *secretsState.ImmutableState } -func (kq *querier) Status(ctx context.Context, runtimeID common.Namespace) (*secrets.Status, error) { - return kq.state.Status(ctx, runtimeID) +// Status implements Query. +func (q *querier) Status(ctx context.Context, runtimeID common.Namespace) (*secrets.Status, error) { + return q.state.Status(ctx, runtimeID) } -func (kq *querier) Statuses(ctx context.Context) ([]*secrets.Status, error) { - return kq.state.Statuses(ctx) +// Statuses implements Query. +func (q *querier) Statuses(ctx context.Context) ([]*secrets.Status, error) { + return q.state.Statuses(ctx) } -func (kq *querier) MasterSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedMasterSecret, error) { - return kq.state.MasterSecret(ctx, runtimeID) +// MasterSecret implements Query. +func (q *querier) MasterSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedMasterSecret, error) { + return q.state.MasterSecret(ctx, runtimeID) } -func (kq *querier) EphemeralSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedEphemeralSecret, error) { - return kq.state.EphemeralSecret(ctx, runtimeID) +// EphemeralSecret implements Query. +func (q *querier) EphemeralSecret(ctx context.Context, runtimeID common.Namespace) (*secrets.SignedEncryptedEphemeralSecret, error) { + return q.state.EphemeralSecret(ctx, runtimeID) } -func (kq *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) { - statuses, err := kq.state.Statuses(ctx) +// Genesis implements Query. +func (q *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) { + statuses, err := q.state.Statuses(ctx) if err != nil { return nil, err } @@ -52,6 +57,7 @@ func (kq *querier) Genesis(ctx context.Context) (*secrets.Genesis, error) { return &gen, nil } +// NewQuery creates a new key manager secrets query. func NewQuery(state *secretsState.ImmutableState) Query { return &querier{state} } diff --git a/go/consensus/cometbft/keymanager/churp/client.go b/go/consensus/cometbft/keymanager/churp/client.go index 5d267d40d60..dd99e9cedb3 100644 --- a/go/consensus/cometbft/keymanager/churp/client.go +++ b/go/consensus/cometbft/keymanager/churp/client.go @@ -22,6 +22,16 @@ type ServiceClient struct { statusNotifier *pubsub.Broker } +// ConsensusParameters implements churp.Backend. +func (sc *ServiceClient) ConsensusParameters(ctx context.Context, height int64) (*churp.ConsensusParameters, error) { + q, err := sc.querier.QueryAt(ctx, height) + if err != nil { + return nil, err + } + + return q.Churp().ConsensusParameters(ctx) +} + // Status implements churp.Backend. func (sc *ServiceClient) Status(ctx context.Context, query *churp.StatusQuery) (*churp.Status, error) { q, err := sc.querier.QueryAt(ctx, query.Height) diff --git a/go/keymanager/churp/backend.go b/go/keymanager/churp/backend.go index e475411c151..bf3ad7f8f7f 100644 --- a/go/keymanager/churp/backend.go +++ b/go/keymanager/churp/backend.go @@ -9,8 +9,11 @@ import ( // Backend is a CHURP management implementation. type Backend interface { + // ConsensusParameters returns the CHURP consensus parameters. + ConsensusParameters(context.Context, int64) (*ConsensusParameters, error) + // Status returns the CHURP status for the specified runtime and CHURP - // instance. + // scheme. Status(context.Context, *StatusQuery) (*Status, error) // Statuses returns the CHURP statuses for the specified runtime. diff --git a/go/keymanager/churp/grpc.go b/go/keymanager/churp/grpc.go index fa383f9471b..da887a3d478 100644 --- a/go/keymanager/churp/grpc.go +++ b/go/keymanager/churp/grpc.go @@ -14,11 +14,13 @@ var ( // serviceName is the gRPC service name. serviceName = cmnGrpc.NewServiceName("KeyManager.Churp") - // methodGetStatus is the GetStatus method. + // methodConsensusParameters is the ConsensusParameters method. + methodConsensusParameters = serviceName.NewMethod("ConsensusParameters", int64(0)) + // methodStatus is the Status method. methodStatus = serviceName.NewMethod("Status", StatusQuery{}) - // methodGetStatuses is the GetStatuses method. + // methodStatuses is the Statuses method. methodStatuses = serviceName.NewMethod("Statuses", registry.NamespaceQuery{}) - // methodGetStatuses is the GetStatuses method. + // methodAllStatuses is the AllStatuses method. methodAllStatuses = serviceName.NewMethod("AllStatuses", int64(0)) // methodWatchStatuses is the WatchStatuses method. @@ -29,6 +31,10 @@ var ( ServiceName: string(serviceName), HandlerType: (*Backend)(nil), Methods: []grpc.MethodDesc{ + { + MethodName: methodConsensusParameters.ShortName(), + Handler: handlerConsensusParameters, + }, { MethodName: methodStatus.ShortName(), Handler: handlerStatus, @@ -52,6 +58,29 @@ var ( } ) +func handlerConsensusParameters( + srv interface{}, + ctx context.Context, + dec func(interface{}) error, + interceptor grpc.UnaryServerInterceptor, +) (interface{}, error) { + var height int64 + if err := dec(&height); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(Backend).ConsensusParameters(ctx, height) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: methodConsensusParameters.FullName(), + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(Backend).ConsensusParameters(ctx, req.(int64)) + } + return interceptor(ctx, height, info, handler) +} + func handlerStatus( srv interface{}, ctx context.Context, @@ -156,6 +185,14 @@ type Client struct { conn *grpc.ClientConn } +func (c *Client) ConsensusParameters(ctx context.Context, height int64) (*ConsensusParameters, error) { + var resp ConsensusParameters + if err := c.conn.Invoke(ctx, methodConsensusParameters.FullName(), height, &resp); err != nil { + return nil, err + } + return &resp, nil +} + func (c *Client) Status(ctx context.Context, query *StatusQuery) (*Status, error) { var resp Status if err := c.conn.Invoke(ctx, methodStatus.FullName(), query, &resp); err != nil { From 7b04a87b876277ad379101589309e0fe02c3799a Mon Sep 17 00:00:00 2001 From: Peter Nose Date: Tue, 27 Feb 2024 10:19:50 +0100 Subject: [PATCH 2/3] go/upgrade/migrations: Remove obsolete upgrade handlers --- go/oasis-test-runner/scenario/e2e/scenario.go | 2 - go/oasis-test-runner/scenario/e2e/upgrade.go | 50 ----------- .../migrations/consensus_max_allowances.go | 51 ----------- go/upgrade/migrations/consensus_v62.go | 84 ------------------- 4 files changed, 187 deletions(-) delete mode 100644 go/upgrade/migrations/consensus_max_allowances.go delete mode 100644 go/upgrade/migrations/consensus_v62.go diff --git a/go/oasis-test-runner/scenario/e2e/scenario.go b/go/oasis-test-runner/scenario/e2e/scenario.go index d68cdc75249..f1dc60637c8 100644 --- a/go/oasis-test-runner/scenario/e2e/scenario.go +++ b/go/oasis-test-runner/scenario/e2e/scenario.go @@ -135,8 +135,6 @@ func RegisterScenarios() error { GenesisFile, // Node upgrade tests. NodeUpgradeDummy, - NodeUpgradeMaxAllowances, - NodeUpgradeV62, NodeUpgradeEmpty, NodeUpgradeCancel, // Debonding entries from genesis test. diff --git a/go/oasis-test-runner/scenario/e2e/upgrade.go b/go/oasis-test-runner/scenario/e2e/upgrade.go index 287b43d88fa..2820bf3777f 100644 --- a/go/oasis-test-runner/scenario/e2e/upgrade.go +++ b/go/oasis-test-runner/scenario/e2e/upgrade.go @@ -80,59 +80,9 @@ func (n *noOpUpgradeChecker) PostUpgradeFn(context.Context, *oasis.Controller) e return nil } -type upgradeV62Checker struct{} - -func (n *upgradeV62Checker) PreUpgradeFn(context.Context, *oasis.Controller) error { - return nil -} - -func (n *upgradeV62Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { - // Check updated registry parameters. - registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest) - if err != nil { - return fmt.Errorf("can't get registry consensus parameters: %w", err) - } - if registryParams.TEEFeatures == nil { - return fmt.Errorf("TEE features are unset") - } - if !registryParams.TEEFeatures.SGX.PCS { - return fmt.Errorf("PCS SGX TEE feature is disabled") - } - if !registryParams.TEEFeatures.FreshnessProofs { - return fmt.Errorf("freshness proofs TEE feature is disabled") - } - if !registryParams.TEEFeatures.SGX.SignedAttestations { - return fmt.Errorf("signed attestations TEE feature is disabled") - } - if registryParams.TEEFeatures.SGX.DefaultMaxAttestationAge != 1200 { - return fmt.Errorf("default max attestation age is not set correctly") - } - if registryParams.GasCosts[registry.GasOpProveFreshness] != registry.DefaultGasCosts[registry.GasOpProveFreshness] { - return fmt.Errorf("default gas cost for freshness proofs is not set") - } - if registryParams.MaxRuntimeDeployments != 5 { - return fmt.Errorf("maximum number of runtime deployments is not set correctly") - } - - // Check updated governance parameters. - govParams, err := ctrl.Governance.ConsensusParameters(ctx, consensus.HeightLatest) - if err != nil { - return fmt.Errorf("can't get governance consensus parameters: %w", err) - } - if !govParams.EnableChangeParametersProposal { - return fmt.Errorf("change parameters proposal is disabled") - } - - return nil -} - var ( // NodeUpgradeDummy is the node upgrade dummy scenario. NodeUpgradeDummy scenario.Scenario = newNodeUpgradeImpl(migrations.DummyUpgradeHandler, &dummyUpgradeChecker{}) - // NodeUpgradeMaxAllowances is the node upgrade max allowances scenario. - NodeUpgradeMaxAllowances scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusMaxAllowances16Handler, &noOpUpgradeChecker{}) - // NodeUpgradeV62 is the node consensus V61 migration scenario. - NodeUpgradeV62 scenario.Scenario = newNodeUpgradeImpl(migrations.ConsensusV62, &upgradeV62Checker{}) // NodeUpgradeEmpty is the empty node upgrade scenario. NodeUpgradeEmpty scenario.Scenario = newNodeUpgradeImpl(migrations.EmptyHandler, &noOpUpgradeChecker{}) diff --git a/go/upgrade/migrations/consensus_max_allowances.go b/go/upgrade/migrations/consensus_max_allowances.go deleted file mode 100644 index 313aa87401f..00000000000 --- a/go/upgrade/migrations/consensus_max_allowances.go +++ /dev/null @@ -1,51 +0,0 @@ -package migrations - -import ( - "fmt" - - abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/api" - stakingState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/staking/state" -) - -const ( - // ConsensusMaxAllowances16Handler is the name of the upgrade that sets the - // staking max allowances consensus parameter to 16. - ConsensusMaxAllowances16Handler = "consensus-max-allowances-16" -) - -var _ Handler = (*maxAllowances16Handler)(nil) - -type maxAllowances16Handler struct{} - -func (th *maxAllowances16Handler) StartupUpgrade() error { - return nil -} - -func (th *maxAllowances16Handler) ConsensusUpgrade(privateCtx interface{}) error { - abciCtx := privateCtx.(*abciAPI.Context) - switch abciCtx.Mode() { - case abciAPI.ContextBeginBlock: - // Nothing to do during begin block. - case abciAPI.ContextEndBlock: - // Update a consensus parameter during EndBlock. - state := stakingState.NewMutableState(abciCtx.State()) - - params, err := state.ConsensusParameters(abciCtx) - if err != nil { - return fmt.Errorf("unable to load staking consensus parameters: %w", err) - } - - params.MaxAllowances = 16 - - if err = state.SetConsensusParameters(abciCtx, params); err != nil { - return fmt.Errorf("failed to update staking consensus parameters: %w", err) - } - default: - return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) - } - return nil -} - -func init() { - Register(ConsensusMaxAllowances16Handler, &maxAllowances16Handler{}) -} diff --git a/go/upgrade/migrations/consensus_v62.go b/go/upgrade/migrations/consensus_v62.go deleted file mode 100644 index d8f8883fd0a..00000000000 --- a/go/upgrade/migrations/consensus_v62.go +++ /dev/null @@ -1,84 +0,0 @@ -package migrations - -import ( - "fmt" - - "github.com/oasisprotocol/oasis-core/go/common/node" - abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/api" - governanceState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/governance/state" - registryState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/registry/state" - registry "github.com/oasisprotocol/oasis-core/go/registry/api" -) - -const ( - // ConsensusV62 is the name of the upgrade that enables multiple features added in Oasis Core - // version 22.2.x, specifically PCS support for Intel SGX, remote attestation binding to node - // identities and client freshness proofs. - ConsensusV62 = "consensus-v62" -) - -var _ Handler = (*v62Handler)(nil) - -type v62Handler struct{} - -func (th *v62Handler) StartupUpgrade() error { - return nil -} - -func (th *v62Handler) ConsensusUpgrade(privateCtx interface{}) error { - abciCtx := privateCtx.(*abciAPI.Context) - switch abciCtx.Mode() { - case abciAPI.ContextBeginBlock: - // Nothing to do during begin block. - case abciAPI.ContextEndBlock: - // Update a consensus parameters during EndBlock. - - // Registry. - regState := registryState.NewMutableState(abciCtx.State()) - - regParams, err := regState.ConsensusParameters(abciCtx) - if err != nil { - return fmt.Errorf("unable to load registry consensus parameters: %w", err) - } - - regParams.TEEFeatures = &node.TEEFeatures{ - SGX: node.TEEFeaturesSGX{ - PCS: true, - SignedAttestations: true, - DefaultMaxAttestationAge: 1200, // ~2 hours at 6 sec per block. - }, - FreshnessProofs: true, - } - - // Configure the default gas cost for freshness proofs. - regParams.GasCosts[registry.GasOpProveFreshness] = registry.DefaultGasCosts[registry.GasOpProveFreshness] - - // Configure maximum number of runtime deployments. - regParams.MaxRuntimeDeployments = 5 - - if err = regState.SetConsensusParameters(abciCtx, regParams); err != nil { - return fmt.Errorf("failed to update registry consensus parameters: %w", err) - } - - // Governance. - govState := governanceState.NewMutableState(abciCtx.State()) - - govParams, err := govState.ConsensusParameters(abciCtx) - if err != nil { - return fmt.Errorf("unable to load governance consensus parameters: %w", err) - } - - govParams.EnableChangeParametersProposal = true - - if err = govState.SetConsensusParameters(abciCtx, govParams); err != nil { - return fmt.Errorf("failed to update governance consensus parameters: %w", err) - } - default: - return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) - } - return nil -} - -func init() { - Register(ConsensusV62, &v62Handler{}) -} From 950bfbca7ce734a06e572d751e3548fbee3e2da7 Mon Sep 17 00:00:00 2001 From: Peter Nose Date: Mon, 26 Feb 2024 15:18:27 +0100 Subject: [PATCH 3/3] go/upgrade/migrations: Prepare handler for version 24.0.0 The handler enables the key manager CHURP extension. --- .changelog/5571.feature.md | 3 + go/oasis-test-runner/oasis/network.go | 9 ++- go/oasis-test-runner/scenario/e2e/scenario.go | 1 + go/oasis-test-runner/scenario/e2e/upgrade.go | 47 ++++++++++++++ go/upgrade/migrations/consensus_240.go | 65 +++++++++++++++++++ 5 files changed, 124 insertions(+), 1 deletion(-) create mode 100644 .changelog/5571.feature.md create mode 100644 go/upgrade/migrations/consensus_240.go diff --git a/.changelog/5571.feature.md b/.changelog/5571.feature.md new file mode 100644 index 00000000000..68a61aefb5f --- /dev/null +++ b/.changelog/5571.feature.md @@ -0,0 +1,3 @@ +go/upgrade/migrations: Prepare handler for version 24.0.0 + +The handler enables the key manager CHURP extension. diff --git a/go/oasis-test-runner/oasis/network.go b/go/oasis-test-runner/oasis/network.go index 1f33c2ca13d..bb75254d271 100644 --- a/go/oasis-test-runner/oasis/network.go +++ b/go/oasis-test-runner/oasis/network.go @@ -174,6 +174,9 @@ type NetworkCfg struct { // nolint: maligned // left empty. Nodes are started in the order in which they appear here (automatically created // nodes are appended). Nodes []string + + // EnableKeyManagerCHURP is the enable key manager CHURP extension flag. + EnableKeyManagerCHURP bool `json:"enable_km_churp,omitempty"` } // SetMockEpoch force-enables the mock epoch time keeping. @@ -778,7 +781,6 @@ func (net *Network) MakeGenesis() error { "--" + genesis.CfgConsensusBackend, net.cfg.Consensus.Backend, "--" + genesis.CfgConsensusTimeoutCommit, net.cfg.Consensus.Parameters.TimeoutCommit.String(), "--" + genesis.CfgRegistryEnableRuntimeGovernanceModels, "entity,runtime", - "--" + genesis.CfgRegistryEnableKeyManagerCHURP, "true", "--" + genesis.CfgRegistryDebugAllowUnroutableAddresses, "true", "--" + genesis.CfgRegistryDebugAllowTestRuntimes, "true", "--" + genesis.CfgSchedulerMaxValidatorsPerEntity, strconv.Itoa(len(net.Validators())), @@ -789,6 +791,11 @@ func (net *Network) MakeGenesis() error { "--" + genesis.CfgStakingTokenValueExponent, strconv.FormatUint(uint64(genesisTestHelpers.TestStakingTokenValueExponent), 10), "--" + genesis.CfgBeaconBackend, net.cfg.Beacon.Backend, } + if net.cfg.EnableKeyManagerCHURP { + args = append(args, []string{ + "--" + genesis.CfgRegistryEnableKeyManagerCHURP, "true", + }...) + } switch net.cfg.Beacon.Backend { case beacon.BackendInsecure: args = append(args, []string{ diff --git a/go/oasis-test-runner/scenario/e2e/scenario.go b/go/oasis-test-runner/scenario/e2e/scenario.go index f1dc60637c8..4435891f882 100644 --- a/go/oasis-test-runner/scenario/e2e/scenario.go +++ b/go/oasis-test-runner/scenario/e2e/scenario.go @@ -137,6 +137,7 @@ func RegisterScenarios() error { NodeUpgradeDummy, NodeUpgradeEmpty, NodeUpgradeCancel, + NodeUpgradeConsensus240, // Debonding entries from genesis test. Debond, // Consensus state sync. diff --git a/go/oasis-test-runner/scenario/e2e/upgrade.go b/go/oasis-test-runner/scenario/e2e/upgrade.go index 2820bf3777f..b9d19a80c35 100644 --- a/go/oasis-test-runner/scenario/e2e/upgrade.go +++ b/go/oasis-test-runner/scenario/e2e/upgrade.go @@ -8,6 +8,7 @@ import ( "os" "path" "path/filepath" + "reflect" "sync" "time" @@ -17,6 +18,7 @@ import ( "github.com/oasisprotocol/oasis-core/go/common/pubsub" "github.com/oasisprotocol/oasis-core/go/common/version" consensus "github.com/oasisprotocol/oasis-core/go/consensus/api" + "github.com/oasisprotocol/oasis-core/go/keymanager/churp" "github.com/oasisprotocol/oasis-core/go/oasis-test-runner/env" "github.com/oasisprotocol/oasis-core/go/oasis-test-runner/log" "github.com/oasisprotocol/oasis-core/go/oasis-test-runner/oasis" @@ -80,11 +82,56 @@ func (n *noOpUpgradeChecker) PostUpgradeFn(context.Context, *oasis.Controller) e return nil } +type upgrade240Checker struct{} + +func (c *upgrade240Checker) PreUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { + // Check registry parameters. + registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest) + if err != nil { + return fmt.Errorf("can't get registry consensus parameters: %w", err) + } + if registryParams.EnableKeyManagerCHURP { + return fmt.Errorf("key manager CHURP extension is enabled") + } + + // Check CHURP parameters. + _, err = ctrl.Keymanager.Churp().ConsensusParameters(ctx, consensus.HeightLatest) + if err == nil { + return fmt.Errorf("key manager CHURP consensus parameters shouldn't be set: %w", err) + } + + return nil +} + +func (c *upgrade240Checker) PostUpgradeFn(ctx context.Context, ctrl *oasis.Controller) error { + // Check updated registry parameters. + registryParams, err := ctrl.Registry.ConsensusParameters(ctx, consensus.HeightLatest) + if err != nil { + return fmt.Errorf("can't get registry consensus parameters: %w", err) + } + if !registryParams.EnableKeyManagerCHURP { + return fmt.Errorf("key manager CHURP extension is disabled") + } + + // Check updated CHURP parameters. + churpParams, err := ctrl.Keymanager.Churp().ConsensusParameters(ctx, consensus.HeightLatest) + if err != nil { + return fmt.Errorf("can't get key manager CHURP consensus parameters: %w", err) + } + if !reflect.DeepEqual(*churpParams, churp.DefaultConsensusParameters) { + return fmt.Errorf("key manager CHURP consensus parameters are not default") + } + + return nil +} + var ( // NodeUpgradeDummy is the node upgrade dummy scenario. NodeUpgradeDummy scenario.Scenario = newNodeUpgradeImpl(migrations.DummyUpgradeHandler, &dummyUpgradeChecker{}) // NodeUpgradeEmpty is the empty node upgrade scenario. NodeUpgradeEmpty scenario.Scenario = newNodeUpgradeImpl(migrations.EmptyHandler, &noOpUpgradeChecker{}) + // NodeUpgradeConsensus240 is the node upgrade scenario for migrating to consensus 24.0. + NodeUpgradeConsensus240 scenario.Scenario = newNodeUpgradeImpl(migrations.Consensus240, &upgrade240Checker{}) malformedDescriptor = []byte(`{ "v": 1, diff --git a/go/upgrade/migrations/consensus_240.go b/go/upgrade/migrations/consensus_240.go new file mode 100644 index 00000000000..f118bd4492a --- /dev/null +++ b/go/upgrade/migrations/consensus_240.go @@ -0,0 +1,65 @@ +package migrations + +import ( + "fmt" + + abciAPI "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/api" + churpState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/keymanager/churp/state" + registryState "github.com/oasisprotocol/oasis-core/go/consensus/cometbft/apps/registry/state" + "github.com/oasisprotocol/oasis-core/go/keymanager/churp" +) + +const ( + // Consensus240 is the name of the upgrade that transitions Oasis Core + // from version 23.0.x to 24.0.0. + // + // This upgrade enables the key manager CHURP extension. + Consensus240 = "consensus240" +) + +var _ Handler = (*Handler240)(nil) + +// Handler240 is the upgrade handler that transitions Oasis Core +// from version 23.0.x to 24.0.0. +type Handler240 struct{} + +// StartupUpgrade implements Handler. +func (h *Handler240) StartupUpgrade() error { + return nil +} + +// ConsensusUpgrade implements Handler. +func (h *Handler240) ConsensusUpgrade(privateCtx interface{}) error { + abciCtx := privateCtx.(*abciAPI.Context) + switch abciCtx.Mode() { + case abciAPI.ContextBeginBlock: + // Nothing to do. + case abciAPI.ContextEndBlock: + // Registry. + regState := registryState.NewMutableState(abciCtx.State()) + + regParams, err := regState.ConsensusParameters(abciCtx) + if err != nil { + return fmt.Errorf("failed to load registry consensus parameters: %w", err) + } + regParams.EnableKeyManagerCHURP = true + + if err = regState.SetConsensusParameters(abciCtx, regParams); err != nil { + return fmt.Errorf("failed to update registry consensus parameters: %w", err) + } + + // CHURP. + state := churpState.NewMutableState(abciCtx.State()) + + if err := state.SetConsensusParameters(abciCtx, &churp.DefaultConsensusParameters); err != nil { + return fmt.Errorf("failed to set CHURP consensus parameters: %w", err) + } + default: + return fmt.Errorf("upgrade handler called in unexpected context: %s", abciCtx.Mode()) + } + return nil +} + +func init() { + Register(Consensus240, &Handler240{}) +}