deltadevsde · smuu · Jan 9, 2025 · Dec 19, 2024 · Dec 19, 2024 · Dec 19, 2024
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/crates/cli/src/cfg.rs b/crates/cli/src/cfg.rs
@@ -36,6 +36,10 @@ pub struct CommandArgs {
     #[arg(long)]
     verifying_key: Option<String>,
 
+    /// Can be one of: ed25519, secp256k1, secp256r1
+    #[arg(long, default_value = "ed25519")]
+    verifying_key_algorithm: Option<String>,
+
     #[arg(long)]
     config_path: Option<String>,
 
@@ -97,6 +101,7 @@ pub struct Config {
     pub da_layer: DALayerOption,
     pub redis_config: Option<RedisConfig>,
     pub verifying_key: Option<String>,
+    pub verifying_key_algorithm: String,
 }
 
 impl Default for Config {
@@ -107,6 +112,7 @@ impl Default for Config {
             da_layer: DALayerOption::default(),
             redis_config: Some(RedisConfig::default()),
             verifying_key: None,
+            verifying_key_algorithm: "ed25519".to_string(),
         }
     }
 }
@@ -201,6 +207,7 @@ fn apply_command_line_args(config: Config, args: CommandArgs) -> Config {
         }),
         da_layer: config.da_layer,
         verifying_key: args.verifying_key.or(config.verifying_key),
+        verifying_key_algorithm: args.verifying_key_algorithm.unwrap_or(config.verifying_key_algorithm),
     }
 }
 

diff --git a/crates/cli/src/main.rs b/crates/cli/src/main.rs
@@ -4,7 +4,7 @@ mod node_types;
 use cfg::{initialize_da_layer, load_config, Cli, Commands};
 use clap::Parser;
 use keystore_rs::{KeyChain, KeyStore, KeyStoreType};
-use prism_keys::VerifyingKey;
+use prism_keys::{SigningKey, VerifyingKey};
 
 use node_types::NodeType;
 use prism_lightclient::LightClient;
@@ -37,14 +37,19 @@ async fn main() -> std::io::Result<()> {
                 )
             })?;
 
-            let prover_vk = config.verifying_key.and_then(|s| s.try_into().ok()).and_then(
-                |vk: VerifyingKey| match vk {
-                    VerifyingKey::Ed25519(key) => Some(key),
-                    _ => None,
-                },
-            );
+            let verifying_key_algorithm = config.verifying_key_algorithm.as_str();
+
+            if verifying_key_algorithm.is_empty() {
+                return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "verifying key algorithm is required"));
+            }
+
+            if !["ed25519", "secp256k1", "secp256r1"].contains(&verifying_key_algorithm) {
+                return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid verifying key algorithm"));
+            }
+
+            let prover_vk = VerifyingKey::from_algorithm_and_bytes(verifying_key_algorithm, config.verifying_key.unwrap().as_bytes()).unwrap();
 
-            Arc::new(LightClient::new(da, celestia_config, prover_vk))
+            Arc::new(LightClient::new(da, celestia_config, Some(prover_vk)))
         }
         Commands::Prover(args) => {
             let config = load_config(args.clone())
@@ -63,22 +68,34 @@ async fn main() -> std::io::Result<()> {
             let redis_connections = RedisConnection::new(&redis_config)
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
-            let signing_key = KeyStoreType::KeyChain(KeyChain)
+            let signing_key_chain = KeyStoreType::KeyChain(KeyChain)
                 .get_signing_key()
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
+            let verifying_key_algorithm = config.verifying_key_algorithm.as_str();
+            if verifying_key_algorithm.is_empty() {
+                return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "verifying key algorithm is required"));
+            }
+
+            if !["ed25519", "secp256k1", "secp256r1"].contains(&verifying_key_algorithm) {
+                return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid verifying key algorithm"));
+            }
+
+            let signing_key = SigningKey::from_algorithm_and_bytes(verifying_key_algorithm, signing_key_chain.as_bytes()).unwrap();
+            let verifying_key = signing_key.verifying_key();
+
             let prover_cfg = prism_prover::Config {
                 prover: true,
                 batcher: true,
                 webserver: config.webserver.unwrap_or_default(),
                 signing_key: signing_key.clone(),
-                verifying_key: signing_key.verification_key(),
+                verifying_key: verifying_key.clone(),
                 start_height: config.celestia_config.unwrap_or_default().start_height,
             };
 
             info!(
                 "prover verifying key: {}",
-                VerifyingKey::from(prover_cfg.verifying_key)
+                VerifyingKey::from(prover_cfg.verifying_key.clone())
             );
 
             Arc::new(
@@ -107,23 +124,37 @@ async fn main() -> std::io::Result<()> {
             let redis_connections = RedisConnection::new(&redis_config)
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
-            let signing_key = KeyStoreType::KeyChain(KeyChain)
+            let signing_key_chain = KeyStoreType::KeyChain(KeyChain)
                 .get_signing_key()
                 .map_err(|e| std::io::Error::new(std::io::ErrorKind::Other, e.to_string()))?;
 
+            // error if config.verifying_key_algorithm.as_str() is not present in config or invalid
+            if config.verifying_key_algorithm.is_empty() {
+              return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "verifying key algorithm is required"));
+            }
+
+            let verifying_key_algorithm = config.verifying_key_algorithm.as_str();
+
+            if !["ed25519", "secp256k1", "secp256r1"].contains(&verifying_key_algorithm) {
+              return Err(std::io::Error::new(std::io::ErrorKind::InvalidInput, "invalid verifying key algorithm"));
+            }
+
+            let signing_key = SigningKey::from_algorithm_and_bytes(verifying_key_algorithm, signing_key_chain.as_bytes()).unwrap();
+
             let prover_vk = config
                 .verifying_key
-                .and_then(|s| s.try_into().ok())
-                .and_then(|vk: VerifyingKey| match vk {
-                    VerifyingKey::Ed25519(key) => Some(key),
-                    _ => None,
-                })
                 .ok_or_else(|| {
                     std::io::Error::new(
                         std::io::ErrorKind::NotFound,
                         "prover verifying key not found",
                     )
-                })?;
+                })
+                .and_then(|vk| VerifyingKey::from_algorithm_and_bytes(verifying_key_algorithm, vk.as_bytes()).map_err(|_| {
+                    std::io::Error::new(
+                        std::io::ErrorKind::InvalidData,
+                        "invalid prover verifying key",
+                    )
+                }))?;
 
             let prover_cfg = prism_prover::Config {
                 prover: false,

diff --git a/crates/common/src/transaction_builder.rs b/crates/common/src/transaction_builder.rs
@@ -84,9 +84,13 @@ impl TransactionBuilder {
         self.hashchains.get(id)
     }
 
-    pub fn register_service_with_random_keys(&mut self, id: &str) -> UncommittedTransaction {
-        let random_service_challenge_key = SigningKey::new_ed25519();
-        let random_service_signing_key = SigningKey::new_ed25519();
+    pub fn register_service_with_random_keys(
+        &mut self,
+        algorithm: &str,
+        id: &str,
+    ) -> UncommittedTransaction {
+        let random_service_challenge_key = SigningKey::new_with_algorithm(algorithm);
+        let random_service_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.register_service(id, random_service_challenge_key, random_service_signing_key)
     }
 
@@ -116,10 +120,11 @@ impl TransactionBuilder {
 
     pub fn create_account_with_random_key_signed(
         &mut self,
+        algorithm: &str,
         id: &str,
         service_id: &str,
     ) -> UncommittedTransaction {
-        let account_signing_key = SigningKey::new_ed25519();
+        let account_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.create_account_signed(id, service_id, account_signing_key)
     }
 
@@ -138,11 +143,12 @@ impl TransactionBuilder {
 
     pub fn create_account_with_random_key(
         &mut self,
+        algorithm: &str,
         id: &str,
         service_id: &str,
         service_signing_key: &SigningKey,
     ) -> UncommittedTransaction {
-        let account_signing_key = SigningKey::new_ed25519();
+        let account_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.create_account(id, service_id, service_signing_key, account_signing_key)
     }
 
@@ -176,21 +182,22 @@ impl TransactionBuilder {
         }
     }
 
-    pub fn add_random_key_verified_with_root(&mut self, id: &str) -> UncommittedTransaction {
+    pub fn add_random_key_verified_with_root(&mut self, algorithm: &str, id: &str) -> UncommittedTransaction {
         let Some(account_signing_key) = self.account_keys.get(id).cloned() else {
             panic!("No existing account key for {}", id)
         };
 
-        self.add_random_key(id, &account_signing_key, 0)
+        self.add_random_key(algorithm, id, &account_signing_key, 0)
     }
 
     pub fn add_random_key(
         &mut self,
+        algorithm: &str,
         id: &str,
         signing_key: &SigningKey,
         key_idx: usize,
     ) -> UncommittedTransaction {
-        let random_key = SigningKey::new_ed25519().into();
+        let random_key = SigningKey::new_with_algorithm(algorithm).into();
         self.add_key(id, random_key, signing_key, key_idx)
     }
 
@@ -262,21 +269,23 @@ impl TransactionBuilder {
 
     pub fn add_randomly_signed_data(
         &mut self,
+        algorithm: &str,
         id: &str,
         value: Vec<u8>,
         signing_key: &SigningKey,
         key_idx: usize,
     ) -> UncommittedTransaction {
-        let value_signing_key = SigningKey::new_ed25519();
+        let value_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.add_signed_data(id, value, &value_signing_key, signing_key, key_idx)
     }
 
     pub fn add_randomly_signed_data_verified_with_root(
         &mut self,
+        algorithm: &str,
         id: &str,
         value: Vec<u8>,
     ) -> UncommittedTransaction {
-        let value_signing_key = SigningKey::new_ed25519();
+        let value_signing_key = SigningKey::new_with_algorithm(algorithm);
         self.add_signed_data_verified_with_root(id, value, &value_signing_key)
     }