feat: make validator key injectable by application developers (#21608)

runtime/app.go

@@ -6,6 +6,8 @@ import (
 	"slices"
 
 	abci "github.com/cometbft/cometbft/api/cometbft/abci/v1"
+	cmtcrypto "github.com/cometbft/cometbft/crypto"
+	cmted25519 "github.com/cometbft/cometbft/crypto/ed25519"
 	"google.golang.org/grpc"
 
 	runtimev1alpha1 "cosmossdk.io/api/cosmos/app/runtime/v1alpha1"
@@ -30,6 +32,9 @@ import (
 	authtx "github.com/cosmos/cosmos-sdk/x/auth/tx"
 )
 
+// KeyGenF is a function that generates a private key for use by comet.
+type KeyGenF = func() (cmtcrypto.PrivKey, error)
+
 // App is a wrapper around BaseApp and ModuleManager that can be used in hybrid
 // app.go/app config scenarios or directly as a servertypes.Application instance.
 // To get an instance of *App, *AppBuilder must be requested as a dependency
@@ -308,3 +313,10 @@ var _ servertypes.Application = &App{}
 type hasServicesV1 interface {
 	RegisterServices(grpc.ServiceRegistrar) error
 }
+
+// ValidatorKeyProvider returns a function that generates a private key for use by comet.
+func (a *App) ValidatorKeyProvider() KeyGenF {
+	return func() (cmtcrypto.PrivKey, error) {
+		return cmted25519.GenPrivKey(), nil
+	}
+}

schema/diff/diff_test.go

@@ -333,7 +333,6 @@ func TestCompareModuleSchemas(t *testing.T) {
 
 func requireModuleSchema(t *testing.T, types ...schema.Type) schema.ModuleSchema {
 	t.Helper()
-
 	s, err := schema.CompileModuleSchema(types...)
 	if err != nil {
 		t.Fatal(err)

server/start.go

@@ -374,9 +374,7 @@ func startCmtNode(
 		return nil, cleanupFn, err
 	}
 
-	pv, err := pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile(), func() (cmtcrypto.PrivKey, error) {
-		return cmted25519.GenPrivKey(), nil
-	}) // TODO:  make this modular
+	pv, err := pvm.LoadOrGenFilePV(cfg.PrivValidatorKeyFile(), cfg.PrivValidatorStateFile(), app.ValidatorKeyProvider())
 	if err != nil {
 		return nil, cleanupFn, err
 	}

server/types/app.go

@@ -5,6 +5,7 @@ import (
 	"io"
 
 	cmtproto "github.com/cometbft/cometbft/api/cometbft/types/v1"
+	cmtcrypto "github.com/cometbft/cometbft/crypto"
 	cmttypes "github.com/cometbft/cometbft/types"
 	"github.com/cosmos/gogoproto/grpc"
 
@@ -57,6 +58,9 @@ type (
 		// SnapshotManager return the snapshot manager
 		SnapshotManager() *snapshots.Manager
 
+		// ValidatorKeyProvider returns a function that generates a validator key
+		ValidatorKeyProvider() func() (cmtcrypto.PrivKey, error)
+
 		// Close is called in start cmd to gracefully cleanup resources.
 		// Must be safe to be called multiple times.
 		Close() error

server/v2/cometbft/options.go

@@ -1,20 +1,26 @@
 package cometbft
 
 import (
+	cmtcrypto "github.com/cometbft/cometbft/crypto"
+	cmted22519 "github.com/cometbft/cometbft/crypto/ed25519"
+
 	"cosmossdk.io/core/transaction"
 	"cosmossdk.io/server/v2/cometbft/handlers"
 	"cosmossdk.io/server/v2/cometbft/mempool"
 	"cosmossdk.io/server/v2/cometbft/types"
 	"cosmossdk.io/store/v2/snapshots"
 )
 
+type keyGenF = func() (cmtcrypto.PrivKey, error)
+
 // ServerOptions defines the options for the CometBFT server.
 // When an option takes a map[string]any, it can access the app.tom's cometbft section and the config.toml config.
 type ServerOptions[T transaction.Tx] struct {
 	PrepareProposalHandler     handlers.PrepareHandler[T]
 	ProcessProposalHandler     handlers.ProcessHandler[T]
 	VerifyVoteExtensionHandler handlers.VerifyVoteExtensionhandler
 	ExtendVoteHandler          handlers.ExtendVoteHandler
+	KeygenF                    keyGenF
 
 	Mempool         func(cfg map[string]any) mempool.Mempool[T]
 	SnapshotOptions func(cfg map[string]any) snapshots.SnapshotOptions
@@ -35,5 +41,6 @@ func DefaultServerOptions[T transaction.Tx]() ServerOptions[T] {
 		SnapshotOptions:            func(cfg map[string]any) snapshots.SnapshotOptions { return snapshots.NewSnapshotOptions(0, 0) },
 		AddrPeerFilter:             nil,
 		IdPeerFilter:               nil,
+		KeygenF:                    func() (cmtcrypto.PrivKey, error) { return cmted22519.GenPrivKey(), nil },
 	}
 }

server/v2/cometbft/server.go

@@ -11,8 +11,6 @@ import (
 	abciserver "github.com/cometbft/cometbft/abci/server"
 	cmtcmd "github.com/cometbft/cometbft/cmd/cometbft/commands"
 	cmtcfg "github.com/cometbft/cometbft/config"
-	cmtcrypto "github.com/cometbft/cometbft/crypto"
-	cmted25519 "github.com/cometbft/cometbft/crypto/ed25519"
 	"github.com/cometbft/cometbft/node"
 	"github.com/cometbft/cometbft/p2p"
 	pvm "github.com/cometbft/cometbft/privval"
@@ -159,9 +157,7 @@ func (s *CometBFTServer[T]) Start(ctx context.Context) error {
 	pv, err := pvm.LoadOrGenFilePV(
 		s.config.ConfigTomlConfig.PrivValidatorKeyFile(),
 		s.config.ConfigTomlConfig.PrivValidatorStateFile(),
-		func() (cmtcrypto.PrivKey, error) {
-			return cmted25519.GenPrivKey(), nil
-		},
+		s.serverOptions.KeygenF,
 	)
 	if err != nil {
 		return err

simapp/app.go

@@ -11,6 +11,8 @@ import (
 	"path/filepath"
 
 	abci "github.com/cometbft/cometbft/api/cometbft/abci/v1"
+	cmtcrypto "github.com/cometbft/cometbft/crypto"
+	cmted25519 "github.com/cometbft/cometbft/crypto/ed25519"
 	"github.com/cosmos/gogoproto/proto"
 	"github.com/spf13/cast"
 
@@ -831,6 +833,14 @@ func (app *SimApp) RegisterNodeService(clientCtx client.Context, cfg config.Conf
 	nodeservice.RegisterNodeService(clientCtx, app.GRPCQueryRouter(), cfg)
 }
 
+// ValidatorKeyProvider returns a function that generates a validator key
+// Supported key types are those supported by Comet: ed25519, secp256k1, bls12-381
+func (app *SimApp) ValidatorKeyProvider() runtime.KeyGenF {
+	return func() (cmtcrypto.PrivKey, error) {
+		return cmted25519.GenPrivKey(), nil
+	}
+}
+
 // GetMaccPerms returns a copy of the module account permissions
 //
 // NOTE: This is solely to be used for testing purposes.