Upgrade cardano-base dependency #4699
Conversation
There was a problem hiding this comment.
@tdammers Please get rid of any changes related to serialization.
I wish you would have asked me before you went on wasting a lot of time on introducing all those changes.
We need to get rid of all KES related serialization form ledger, since ledger codebase does not depend on KES at all. So, please revert all of the additions with respect to KES and get rid of any serialization functionality for KES that was provided before
| withSK :: KESAlgorithm v | ||
| => PinnedSizedBytes (SeedSizeKES v) -> (SignKeyKES v -> IO b) -> IO b | ||
| withSK seedPSB action = | ||
| bracket | ||
| (fmap MLockedSeed . mlsbFromByteString . psbToByteString $ seedPSB) | ||
| mlockedSeedFinalize | ||
| $ \seed -> | ||
| bracket | ||
| (genKeyKES seed) | ||
| forgetSignKeyKES | ||
| action | ||
|
|
||
| mkVerKeyKES :: KESAlgorithm v | ||
| => PinnedSizedBytes (SeedSizeKES v) | ||
| -> IO (VerKeyKES v) | ||
| mkVerKeyKES seedPSB = | ||
| withSK seedPSB deriveVerKeyKES | ||
|
|
||
| mkSigKES :: (KESAlgorithm v, ContextKES v ~ (), Signable v BS.ByteString) | ||
| => (PinnedSizedBytes (SeedSizeKES v), [Word8]) | ||
| -> IO (SigKES v) | ||
| mkSigKES (seedPSB, msg) = | ||
| withSK seedPSB $ \sk -> (signKES () 0 (BS.pack msg) sk) | ||
|
|
There was a problem hiding this comment.
All KES tests can be removed. Again. We don't need them, if we do not provide those serialization instances
There was a problem hiding this comment.
I believe we do need ser/deser on verification keys, because that is used to ser/deser OCerts. And in order to generate a verification key for testing, we need to derive it from a signing key, so we need these helpers here.
There was a problem hiding this comment.
I think you missed my point. We need to remove all this new KES keys serialization related functionality from cardano-ledger-binary, because ledger does not rely on it. The fact that OCert contains KES does not interfere with that point, because the cardano-protocol-tpraos is really a consensus package. We hope to move it some day into the consensus repo. We can continue using the serialization mechanism provided by cardano-crypto-class and cardano-binary in those places where KES serialization is needed.
In places like OCert we can rely on serialization provided by unsound serialization, it just doesn't need to come from cardano-ledger-binary. All you need is fromPlainDecoder to lift the regular Decoder from cborg to the Decoder provided by the cardano-ledger-library package.
The only reason why serialization for KES was provided by cardano-ledegr-binary was for completeness. In other words we do not need to provide unsound support, since it will be removed at some point later.
Description
Upgrade dependency on
cardano-basein order to be compatible with upcoming versions ofouroboros-consensus.In current versions of
cardano-base, KES sign keys are stored in mlocked memory, and all operations involving them must now happen inIOorST. In order to facilitate existing pure code that isn't security-critical (e.g., generating mock data for testing purposes), the previous pure KES API is now provided asUnsoundPureKES, which we use here.Checklist
CHANGELOG.mdfor the affected packages.New section is never added with the code changes. (See RELEASING.md)
.cabalandCHANGELOG.mdfiles according to theversioning process.
.cabalfiles for all affected packages are updated.If you change the bounds in a cabal file, that package itself must have a version increase. (See RELEASING.md)
fourmolu(usescripts/fourmolize.sh)scripts/cabal-format.sh)hie.yamlhas been updated (usescripts/gen-hie.sh)