refactor(crypto): CRP-2597 move MasterPublicKeyId protobuf from regis…

…try/crypto to types (#2406)

Moves the `MasterPublicKeyId` Protocol Buffers message definition, and
subsequently also the contained `EcdsaCurve`, `EcdsaKeyId`,
`SchnorrAlgorithm`, `SchnorrKeyId`, `VetKdCurve`, `VetKdKeyId`
definitions from the `registry.crypto.v1` package to the `types.v1`
package, without making any changes to the types in the process.

This step is necessary so that we can later add an `optional
MasterPublicKeyId key_id = 6;` field to the `types.v1.NiDkgId` message.
Without the move, this would create a circular dependency between
`registry/crypto/v1/crypto.proto` and `types/v1/types.proto` because
`registry/crypto/v1.crypto.proto` imports `types/v1/types.proto` (so as
to use `types.v1.SubnetId` in the `ChainKeySigningSubnetList`);

Given that all message definitions remain unchanged and we only change
the package, the _wire_ format of the messages is unchanged, which
should make this change safe. However, changes like this lead to the
`//pre-commit:buf-breaking` test to fail (even though `buf.yaml` is
configured to use WIRE), which is a known deficiancy in the underlying
`buf` compatibility-check library:
bufbuild/buf#2318. Because of this, we set the
`CI_OVERRIDE_BUF_BREAKING` flag to override this.

rs/crypto/temp_crypto/src/lib.rs

@@ -1,8 +1,8 @@
 use ic_crypto_internal_csp::Csp;
 use ic_interfaces::time_source::SysTimeSource;
 use ic_limits::INITIAL_NOTARY_DELAY;
-use ic_protobuf::registry::crypto::v1::{EcdsaCurve, EcdsaKeyId};
 use ic_protobuf::registry::subnet::v1::{ChainKeyConfig, KeyConfig, SubnetRecord, SubnetType};
+use ic_protobuf::types::v1 as pb_types;
 use ic_types::{NodeId, ReplicaVersion, SubnetId};
 use rand::rngs::OsRng;
 use rand::{CryptoRng, Rng};
@@ -1051,17 +1051,15 @@ impl EcdsaSubnetConfig {
                 ssh_readonly_access: vec![],
                 ssh_backup_access: vec![],
                 ecdsa_config: None,
-                chain_key_config:  Some(ChainKeyConfig {
+                chain_key_config: Some(ChainKeyConfig {
                     key_configs: vec![KeyConfig {
-                        key_id: Some(ic_protobuf::registry::crypto::v1::MasterPublicKeyId {
-                            key_id: Some(
-                                ic_protobuf::registry::crypto::v1::master_public_key_id::KeyId::Ecdsa(
-                                    EcdsaKeyId {
-                                        curve: EcdsaCurve::Secp256k1.into(),
-                                        name: "dummy_ecdsa_key_id".to_string(),
-                                    },
-                                ),
-                            ),
+                        key_id: Some(ic_protobuf::types::v1::MasterPublicKeyId {
+                            key_id: Some(pb_types::master_public_key_id::KeyId::Ecdsa(
+                                pb_types::EcdsaKeyId {
+                                    curve: pb_types::EcdsaCurve::Secp256k1.into(),
+                                    name: "dummy_ecdsa_key_id".to_string(),
+                                },
+                            )),
                         }),
                         pre_signatures_to_create_in_advance: Some(1),
                         max_queue_size: Some(20),

rs/protobuf/def/registry/crypto/v1/crypto.proto

@@ -56,44 +56,3 @@ message PublicKey {
 message X509PublicKeyCert {
   bytes certificate_der = 1;
 }
-
-// Types of curves that can be used for ECDSA signatures.
-enum EcdsaCurve {
-  ECDSA_CURVE_UNSPECIFIED = 0;
-  ECDSA_CURVE_SECP256K1 = 1;
-}
-
-message EcdsaKeyId {
-  EcdsaCurve curve = 1;
-  string name = 2;
-}
-
-// Types of curves that can be used for Schnorr signatures.
-enum SchnorrAlgorithm {
-  SCHNORR_ALGORITHM_UNSPECIFIED = 0;
-  SCHNORR_ALGORITHM_BIP340SECP256K1 = 1;
-  SCHNORR_ALGORITHM_ED25519 = 2;
-}
-
-message SchnorrKeyId {
-  SchnorrAlgorithm algorithm = 1;
-  string name = 2;
-}
-
-enum VetKdCurve {
-  VET_KD_CURVE_UNSPECIFIED = 0;
-  VET_KD_CURVE_BLS12_381_G2 = 1;
-}
-
-message VetKdKeyId {
-  VetKdCurve curve = 1;
-  string name = 2;
-}
-
-message MasterPublicKeyId {
-  oneof key_id {
-    EcdsaKeyId ecdsa = 1;
-    SchnorrKeyId schnorr = 2;
-    VetKdKeyId vetkd = 3;
-  }
-}

rs/protobuf/def/registry/subnet/v1/subnet.proto

@@ -92,12 +92,12 @@ message SubnetRecord {
 }
 
 message EcdsaInitialization {
-  registry.crypto.v1.EcdsaKeyId key_id = 1;
+  types.v1.EcdsaKeyId key_id = 1;
   InitialIDkgDealings dealings = 2;
 }
 
 message ChainKeyInitialization {
-  registry.crypto.v1.MasterPublicKeyId key_id = 1;
+  types.v1.MasterPublicKeyId key_id = 1;
   oneof initialization {
     InitialIDkgDealings dealings = 2;
     InitialNiDkgTranscriptRecord transcript_record = 3;
@@ -311,7 +311,7 @@ message EcdsaConfig {
   uint32 quadruples_to_create_in_advance = 1;
   reserved 2;
   // Identifiers for threshold ECDSA keys held by the subnet.
-  repeated registry.crypto.v1.EcdsaKeyId key_ids = 3;
+  repeated types.v1.EcdsaKeyId key_ids = 3;
   // The maximum number of signature requests that can be enqueued at once.
   uint32 max_queue_size = 4;
   // Signature requests will timeout after the given number of nano seconds.
@@ -323,7 +323,7 @@ message EcdsaConfig {
 
 message KeyConfig {
   // The key's identifier.
-  optional registry.crypto.v1.MasterPublicKeyId key_id = 1;
+  optional types.v1.MasterPublicKeyId key_id = 1;
   // Number of pre-signatures to create in advance.
   optional uint32 pre_signatures_to_create_in_advance = 3;
   // The maximum number of signature requests that can be enqueued at once.

rs/protobuf/def/state/metadata/v1/metadata.proto

@@ -3,7 +3,6 @@ package state.metadata.v1;
 
 import "bitcoin/v1/bitcoin.proto";
 import "google/protobuf/wrappers.proto";
-import "registry/crypto/v1/crypto.proto";
 import "registry/routing_table/v1/routing_table.proto";
 import "registry/subnet/v1/subnet.proto";
 import "state/canister_state_bits/v1/canister_state_bits.proto";
@@ -29,7 +28,7 @@ message SubnetTopology {
   registry.subnet.v1.SubnetFeatures subnet_features = 4;
   reserved 5;
   reserved "ecdsa_keys_held";
-  repeated registry.crypto.v1.MasterPublicKeyId idkg_keys_held = 6;
+  repeated types.v1.MasterPublicKeyId idkg_keys_held = 6;
 }
 
 message SubnetsEntry {
@@ -38,7 +37,7 @@ message SubnetsEntry {
 }
 
 message IDkgKeyEntry {
-  registry.crypto.v1.MasterPublicKeyId key_id = 1;
+  types.v1.MasterPublicKeyId key_id = 1;
   repeated types.v1.SubnetId subnet_ids = 2;
 }
 
@@ -70,12 +69,12 @@ message SetupInitialDkgContextTree {
 }
 
 message EcdsaArguments {
-  registry.crypto.v1.EcdsaKeyId key_id = 1;
+  types.v1.EcdsaKeyId key_id = 1;
   bytes message_hash = 2;
 }
 
 message SchnorrArguments {
-  registry.crypto.v1.SchnorrKeyId key_id = 1;
+  types.v1.SchnorrKeyId key_id = 1;
   bytes message = 2;
 }
 
@@ -134,7 +133,7 @@ message CanisterHttpRequestContextTree {
 
 message IDkgDealingsContext {
   state.queues.v1.Request request = 1;
-  registry.crypto.v1.MasterPublicKeyId key_id = 2;
+  types.v1.MasterPublicKeyId key_id = 2;
   repeated types.v1.NodeId nodes = 3;
   uint64 registry_version = 4;
   Time time = 5;
@@ -277,7 +276,7 @@ message ApiBoundaryNodeEntry {
 }
 
 message ThresholdSignatureAgreementsEntry {
-  registry.crypto.v1.MasterPublicKeyId key_id = 1;
+  types.v1.MasterPublicKeyId key_id = 1;
   uint64 count = 2;
 }
 

rs/protobuf/def/types/v1/idkg.proto

@@ -2,7 +2,6 @@ syntax = "proto3";
 
 package types.v1;
 
-import "registry/crypto/v1/crypto.proto";
 import "registry/subnet/v1/subnet.proto";
 import "state/queues/v1/queues.proto";
 import "types/v1/signature.proto";
@@ -34,7 +33,7 @@ message MasterKeyTranscript {
   reserved 1;
   UnmaskedTranscriptWithAttributes current = 2;
   KeyTranscriptCreation next_in_creation = 3;
-  registry.crypto.v1.MasterPublicKeyId master_key_id = 4;
+  types.v1.MasterPublicKeyId master_key_id = 4;
 }
 
 message AvailablePreSignature {
@@ -154,7 +153,7 @@ message QuadrupleInCreation {
   UnmaskedTimesMaskedParams kappa_times_lambda_config = 9;
   MaskedTranscript kappa_times_lambda = 10;
 
-  registry.crypto.v1.EcdsaKeyId key_id = 12;
+  types.v1.EcdsaKeyId key_id = 12;
 }
 
 message PreSignatureQuadrupleRef {
@@ -163,17 +162,17 @@ message PreSignatureQuadrupleRef {
   MaskedTranscript kappa_times_lambda_ref = 3;
   MaskedTranscript key_times_lambda_ref = 4;
   UnmaskedTranscript key_unmasked_ref = 5;
-  registry.crypto.v1.EcdsaKeyId key_id = 6;
+  types.v1.EcdsaKeyId key_id = 6;
 }
 
 message TranscriptInCreation {
-  registry.crypto.v1.SchnorrKeyId key_id = 1;
+  types.v1.SchnorrKeyId key_id = 1;
   RandomUnmaskedTranscriptParams blinder_unmasked_config = 2;
   UnmaskedTranscript blinder_unmasked = 3;
 }
 
 message PreSignatureTranscriptRef {
-  registry.crypto.v1.SchnorrKeyId key_id = 1;
+  types.v1.SchnorrKeyId key_id = 1;
   UnmaskedTranscript blinder_unmasked_ref = 2;
   UnmaskedTranscript key_unmasked_ref = 3;
 }
@@ -189,7 +188,7 @@ message IDkgReshareRequest {
   reserved 1, 4;
   repeated types.v1.NodeId receiving_node_ids = 2;
   uint64 registry_version = 3;
-  registry.crypto.v1.MasterPublicKeyId master_key_id = 5;
+  types.v1.MasterPublicKeyId master_key_id = 5;
 }
 
 enum KeyTranscriptCreationState {

rs/protobuf/def/types/v1/types.proto

@@ -45,3 +45,44 @@ message NominalCycles {
   uint64 high = 1;
   uint64 low = 2;
 }
+
+// Types of curves that can be used for ECDSA signatures.
+enum EcdsaCurve {
+  ECDSA_CURVE_UNSPECIFIED = 0;
+  ECDSA_CURVE_SECP256K1 = 1;
+}
+
+message EcdsaKeyId {
+  EcdsaCurve curve = 1;
+  string name = 2;
+}
+
+// Types of curves that can be used for Schnorr signatures.
+enum SchnorrAlgorithm {
+  SCHNORR_ALGORITHM_UNSPECIFIED = 0;
+  SCHNORR_ALGORITHM_BIP340SECP256K1 = 1;
+  SCHNORR_ALGORITHM_ED25519 = 2;
+}
+
+message SchnorrKeyId {
+  SchnorrAlgorithm algorithm = 1;
+  string name = 2;
+}
+
+enum VetKdCurve {
+  VET_KD_CURVE_UNSPECIFIED = 0;
+  VET_KD_CURVE_BLS12_381_G2 = 1;
+}
+
+message VetKdKeyId {
+  VetKdCurve curve = 1;
+  string name = 2;
+}
+
+message MasterPublicKeyId {
+  oneof key_id {
+    EcdsaKeyId ecdsa = 1;
+    SchnorrKeyId schnorr = 2;
+    VetKdKeyId vetkd = 3;
+  }
+}

rs/protobuf/generator/src/lib.rs

@@ -185,14 +185,6 @@ fn build_registry_proto(def: &Path, out: &Path) {
         ".registry.crypto.v1.X509PublicKeyCert",
         "#[derive(Eq, Hash, PartialOrd, Ord)]",
     );
-    config.type_attribute(
-        ".registry.crypto.v1.EcdsaCurve",
-        "#[derive(candid::CandidType)]",
-    );
-    config.type_attribute(
-        ".registry.crypto.v1.EcdsaKeyId",
-        "#[derive(candid::CandidType, Eq)]",
-    );
     config.type_attribute(
         ".registry.node_operator",
         "#[derive(candid::CandidType, serde::Serialize, candid::Deserialize, Eq, Hash)]",
@@ -345,13 +337,23 @@ fn build_types_proto(def: &Path, out: &Path) {
         ".types.v1.SubnetId",
         ".types.v1.ThresholdSignature",
         ".types.v1.ThresholdSignatureShare",
+        ".types.v1.EcdsaKeyId",
+        ".types.v1.SchnorrKeyId",
+        ".types.v1.VetKdKeyId",
+        ".types.v1.EcdsaCurve",
+        ".types.v1.SchnorrAlgorithm",
+        ".types.v1.VetKdCurve",
+        ".types.v1.MasterPublicKeyId",
     ] {
         config.type_attribute(path, "#[derive(serde::Serialize, serde::Deserialize)]");
     }
     config.type_attribute(".types.v1.CatchUpPackage", "#[derive(Eq, Hash)]");
     config.type_attribute(".types.v1.SubnetId", "#[derive(Eq, Hash)]");
     config.type_attribute(".types.v1.NiDkgId", "#[derive(Eq, Hash)]");
     config.type_attribute(".types.v1.PrincipalId", "#[derive(Eq, Hash)]");
+    config.type_attribute(".types.v1.EcdsaKeyId", "#[derive(Eq)]");
+    config.type_attribute(".types.v1.EcdsaCurve", "#[derive(candid::CandidType)]");
+    config.type_attribute(".types.v1.EcdsaKeyId", "#[derive(candid::CandidType)]");
     config.type_attribute(
         ".types.v1.ConsensusMessage",
         "#[allow(clippy::large_enum_variant)]",