SecretStore: store joint_public in key_storage

secret_store/src/key_server_cluster/admin_sessions/key_version_negotiation_session.rs

@@ -700,6 +700,7 @@ mod tests {
 		nodes.values().nth(0).unwrap().insert(Default::default(), DocumentKeyShare {
 			author: Default::default(),
 			threshold: 1,
+			public: Default::default(),
 			common_point: None,
 			encrypted_point: None,
 			versions: vec![DocumentKeyShareVersion {

secret_store/src/key_server_cluster/admin_sessions/share_add_session.rs

@@ -90,6 +90,8 @@ struct SessionData<T: SessionTransport> {
 	pub key_share_threshold: Option<usize>,
 	/// NewKeyShare: author.
 	pub key_share_author: Option<Public>,
+	/// NewKeyShare: joint public.
+	pub key_share_joint_public: Option<Public>,
 	/// NewKeyShare: Common (shared) encryption point.
 	pub key_share_common_point: Option<Public>,
 	/// NewKeyShare: Encrypted point.
@@ -167,6 +169,7 @@ impl<T> SessionImpl<T> where T: SessionTransport {
 				consensus_session: None,
 				key_share_threshold: None,
 				key_share_author: None,
+				key_share_joint_public: None,
 				key_share_common_point: None,
 				key_share_encrypted_point: None,
 				id_numbers: None,
@@ -435,7 +438,9 @@ impl<T> SessionImpl<T> where T: SessionTransport {
 		}
 
 		// we only expect this message once
-		if data.key_share_threshold.is_some() || data.key_share_author.is_some() || data.key_share_common_point.is_some() || data.key_share_encrypted_point.is_some() {
+		if data.key_share_threshold.is_some() || data.key_share_author.is_some() ||
+			data.key_share_common_point.is_some() || data.key_share_encrypted_point.is_some() ||
+			data.key_share_joint_public.is_some() {
 			return Err(Error::InvalidStateForRequest);
 		}
 
@@ -452,6 +457,7 @@ impl<T> SessionImpl<T> where T: SessionTransport {
 		data.state = SessionState::WaitingForKeysDissemination;
 		data.key_share_threshold = Some(message.threshold);
 		data.key_share_author = Some(message.author.clone().into());
+		data.key_share_joint_public = Some(message.joint_public.clone().into());
 		data.key_share_common_point = message.common_point.clone().map(Into::into);
 		data.key_share_encrypted_point = message.encrypted_point.clone().map(Into::into);
 
@@ -624,6 +630,7 @@ impl<T> SessionImpl<T> where T: SessionTransport {
 				session_nonce: core.nonce,
 				threshold: old_key_share.threshold,
 				author: old_key_share.author.clone().into(),
+				joint_public: old_key_share.public.clone().into(),
 				common_point: old_key_share.common_point.clone().map(Into::into),
 				encrypted_point: old_key_share.encrypted_point.clone().map(Into::into),
 				id_numbers: old_key_version.id_numbers.iter().map(|(k, v)| (k.clone().into(), v.clone().into())).collect(),
@@ -703,6 +710,8 @@ impl<T> SessionImpl<T> where T: SessionTransport {
 				.expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"),
 			threshold: data.key_share_threshold.clone()
 				.expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"),
+			public: data.key_share_joint_public.clone()
+				.expect("this is new node; on new nodes this field is filled before KRD; session is completed after KRD; qed"),
 			common_point: data.key_share_common_point.clone(),
 			encrypted_point: data.key_share_encrypted_point.clone(),
 			versions: Vec::new(),

secret_store/src/key_server_cluster/client_sessions/decryption_session.rs

@@ -685,6 +685,7 @@ mod tests {
 		let encrypted_datas: Vec<_> = (0..5).map(|i| DocumentKeyShare {
 			author: Public::default(),
 			threshold: 3,
+			public: Default::default(),
 			common_point: Some(common_point.clone()),
 			encrypted_point: Some(encrypted_point.clone()),
 			versions: vec![DocumentKeyShareVersion {
@@ -756,6 +757,7 @@ mod tests {
 			key_share: Some(DocumentKeyShare {
 				author: Public::default(),
 				threshold: 0,
+				public: Default::default(),
 				common_point: Some(Random.generate().unwrap().public().clone()),
 				encrypted_point: Some(Random.generate().unwrap().public().clone()),
 				versions: vec![DocumentKeyShareVersion {
@@ -809,6 +811,7 @@ mod tests {
 			key_share: Some(DocumentKeyShare {
 				author: Public::default(),
 				threshold: 2,
+				public: Default::default(),
 				common_point: Some(Random.generate().unwrap().public().clone()),
 				encrypted_point: Some(Random.generate().unwrap().public().clone()),
 				versions: vec![DocumentKeyShareVersion {

secret_store/src/key_server_cluster/client_sessions/generation_session.rs

@@ -517,10 +517,17 @@ impl SessionImpl {
 				return Err(Error::InvalidMessage);
 			}
 
+			// calculate joint public key
+			let joint_public = {
+				let public_shares = data.nodes.values().map(|n| n.public_share.as_ref().expect("keys received on KD phase; KG phase follows KD phase; qed"));
+				math::compute_joint_public(public_shares)?
+			};
+
 			// save encrypted data to key storage
 			let encrypted_data = DocumentKeyShare {
 				author: data.author.as_ref().expect("author is filled in initialization phase; KG phase follows initialization phase; qed").clone(),
 				threshold: data.threshold.expect("threshold is filled in initialization phase; KG phase follows initialization phase; qed"),
+				public: joint_public,
 				common_point: None,
 				encrypted_point: None,
 				versions: vec![DocumentKeyShareVersion::new(
@@ -677,7 +684,7 @@ impl SessionImpl {
 	fn complete_generation(&self) -> Result<(), Error> {
 		let mut data = self.data.lock();
 		
-		// else - calculate joint public key
+		// calculate joint public key
 		let joint_public = {
 			let public_shares = data.nodes.values().map(|n| n.public_share.as_ref().expect("keys received on KD phase; KG phase follows KD phase; qed"));
 			math::compute_joint_public(public_shares)?
@@ -687,6 +694,7 @@ impl SessionImpl {
 		let encrypted_data = DocumentKeyShare {
 			author: data.author.as_ref().expect("author is filled in initialization phase; KG phase follows initialization phase; qed").clone(),
 			threshold: data.threshold.expect("threshold is filled in initialization phase; KG phase follows initialization phase; qed"),
+			public: joint_public.clone(),
 			common_point: None,
 			encrypted_point: None,
 			versions: vec![DocumentKeyShareVersion::new(

secret_store/src/key_server_cluster/client_sessions/signing_session.rs

@@ -978,6 +978,7 @@ mod tests {
 			key_share: Some(DocumentKeyShare {
 				author: Public::default(),
 				threshold: 0,
+				public: Default::default(),
 				common_point: Some(Random.generate().unwrap().public().clone()),
 				encrypted_point: Some(Random.generate().unwrap().public().clone()),
 				versions: vec![DocumentKeyShareVersion {
@@ -1031,6 +1032,7 @@ mod tests {
 			key_share: Some(DocumentKeyShare {
 				author: Public::default(),
 				threshold: 2,
+				public: Default::default(),
 				common_point: Some(Random.generate().unwrap().public().clone()),
 				encrypted_point: Some(Random.generate().unwrap().public().clone()),
 				versions: vec![DocumentKeyShareVersion {

secret_store/src/key_server_cluster/message.rs

@@ -773,6 +773,8 @@ pub struct KeyShareCommon {
 	pub threshold: usize,
 	/// Author of key share entry.
 	pub author: SerializablePublic,
+	/// Joint public.
+	pub joint_public: SerializablePublic,
 	/// Common (shared) encryption point.
 	pub common_point: Option<SerializablePublic>,
 	/// Encrypted point.

secret_store/src/key_storage.rs

@@ -40,6 +40,8 @@ pub struct DocumentKeyShare {
 	pub author: Public,
 	/// Decryption threshold (at least threshold + 1 nodes are required to decrypt data).
 	pub threshold: usize,
+	/// Server public key.
+	pub public: Public,
 	/// Common (shared) encryption point.
 	pub common_point: Option<Public>,
 	/// Encrypted point.
@@ -122,10 +124,12 @@ struct SerializableDocumentKeyShareV1 {
 /// V2 of encrypted key share, as it is stored by key storage on the single key server.
 #[derive(Serialize, Deserialize)]
 struct SerializableDocumentKeyShareV2 {
-	/// Authore of the entry.
+	/// Author of the entry.
 	pub author: SerializablePublic,
 	/// Decryption threshold (at least threshold + 1 nodes are required to decrypt data).
 	pub threshold: usize,
+	/// Server public.
+	pub public: SerializablePublic,
 	/// Common (shared) encryption point.
 	pub common_point: Option<SerializablePublic>,
 	/// Encrypted point.
@@ -174,6 +178,7 @@ fn upgrade_db(db: Database) -> Result<Database, Error> {
 					// in v0 there have been only simultaneous GenEnc sessions.
 					author: Public::default().into(), // added in v1
 					threshold: v0_key.threshold,
+					public: Public::default().into(), // addded in v2
 					common_point: Some(v0_key.common_point),
 					encrypted_point: Some(v0_key.encrypted_point),
 					versions: vec![CurrentSerializableDocumentKeyVersion {
@@ -196,6 +201,7 @@ fn upgrade_db(db: Database) -> Result<Database, Error> {
 				let current_key = CurrentSerializableDocumentKeyShare {
 					author: v1_key.author, // added in v1
 					threshold: v1_key.threshold,
+					public: Public::default().into(), // addded in v2
 					common_point: v1_key.common_point,
 					encrypted_point: v1_key.encrypted_point,
 					versions: vec![CurrentSerializableDocumentKeyVersion {
@@ -329,6 +335,7 @@ impl From<DocumentKeyShare> for SerializableDocumentKeyShareV2 {
 		SerializableDocumentKeyShareV2 {
 			author: key.author.into(),
 			threshold: key.threshold,
+			public: key.public.into(),
 			common_point: key.common_point.map(Into::into),
 			encrypted_point: key.encrypted_point.map(Into::into),
 			versions: key.versions.into_iter().map(Into::into).collect(),
@@ -351,6 +358,7 @@ impl From<SerializableDocumentKeyShareV2> for DocumentKeyShare {
 		DocumentKeyShare {
 			author: key.author.into(),
 			threshold: key.threshold,
+			public: key.public.into(),
 			common_point: key.common_point.map(Into::into),
 			encrypted_point: key.encrypted_point.map(Into::into),
 			versions: key.versions.into_iter()
@@ -442,6 +450,7 @@ pub mod tests {
 		let value1 = DocumentKeyShare {
 			author: Public::default(),
 			threshold: 100,
+			public: Public::default(),
 			common_point: Some(Random.generate().unwrap().public().clone()),
 			encrypted_point: Some(Random.generate().unwrap().public().clone()),
 			versions: vec![DocumentKeyShareVersion {
@@ -456,6 +465,7 @@ pub mod tests {
 		let value2 = DocumentKeyShare {
 			author: Public::default(),
 			threshold: 200,
+			public: Public::default(),
 			common_point: Some(Random.generate().unwrap().public().clone()),
 			encrypted_point: Some(Random.generate().unwrap().public().clone()),
 			versions: vec![DocumentKeyShareVersion {