mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-04-27 08:07:58 +00:00
Remove support for secp256k1 for network keys (#3897)
This commit is contained in:
Pierre Krieger
committed by
Gavin Wood
Gavin Wood
parent
311be1d071
commit
eabdcbdd4f
@@ -68,11 +68,6 @@ use substrate_telemetry::TelemetryEndpoints;
|
||||
/// The maximum number of characters for a node name.
|
||||
const NODE_NAME_MAX_LENGTH: usize = 32;
|
||||
|
||||
/// The file name of the node's Secp256k1 secret key inside the chain-specific
|
||||
/// network config directory, if neither `--node-key` nor `--node-key-file`
|
||||
/// is specified in combination with `--node-key-type=secp256k1`.
|
||||
const NODE_KEY_SECP256K1_FILE: &str = "secret";
|
||||
|
||||
/// The file name of the node's Ed25519 secret key inside the chain-specific
|
||||
/// network config directory, if neither `--node-key` nor `--node-key-file`
|
||||
/// is specified in combination with `--node-key-type=ed25519`.
|
||||
@@ -494,14 +489,6 @@ where
|
||||
P: AsRef<Path>
|
||||
{
|
||||
match params.node_key_type {
|
||||
NodeKeyType::Secp256k1 =>
|
||||
params.node_key.as_ref().map(parse_secp256k1_secret).unwrap_or_else(||
|
||||
Ok(params.node_key_file
|
||||
.or_else(|| net_config_file(net_config_dir, NODE_KEY_SECP256K1_FILE))
|
||||
.map(network::config::Secret::File)
|
||||
.unwrap_or(network::config::Secret::New)))
|
||||
.map(NodeKeyConfig::Secp256k1),
|
||||
|
||||
NodeKeyType::Ed25519 =>
|
||||
params.node_key.as_ref().map(parse_ed25519_secret).unwrap_or_else(||
|
||||
Ok(params.node_key_file
|
||||
@@ -524,14 +511,6 @@ fn invalid_node_key(e: impl std::fmt::Display) -> error::Error {
|
||||
error::Error::Input(format!("Invalid node key: {}", e))
|
||||
}
|
||||
|
||||
/// Parse a Secp256k1 secret key from a hex string into a `network::Secret`.
|
||||
fn parse_secp256k1_secret(hex: &String) -> error::Result<network::config::Secp256k1Secret> {
|
||||
H256::from_str(hex).map_err(invalid_node_key).and_then(|bytes|
|
||||
network::config::identity::secp256k1::SecretKey::from_bytes(bytes)
|
||||
.map(network::config::Secret::Input)
|
||||
.map_err(invalid_node_key))
|
||||
}
|
||||
|
||||
/// Parse a Ed25519 secret key from a hex string into a `network::Secret`.
|
||||
fn parse_ed25519_secret(hex: &String) -> error::Result<network::config::Ed25519Secret> {
|
||||
H256::from_str(&hex).map_err(invalid_node_key).and_then(|bytes|
|
||||
@@ -952,7 +931,7 @@ fn kill_color(s: &str) -> String {
|
||||
mod tests {
|
||||
use super::*;
|
||||
use tempdir::TempDir;
|
||||
use network::config::identity::{secp256k1, ed25519};
|
||||
use network::config::identity::ed25519;
|
||||
|
||||
#[test]
|
||||
fn tests_node_name_good() {
|
||||
@@ -975,7 +954,6 @@ mod tests {
|
||||
NodeKeyType::variants().into_iter().try_for_each(|t| {
|
||||
let node_key_type = NodeKeyType::from_str(t).unwrap();
|
||||
let sk = match node_key_type {
|
||||
NodeKeyType::Secp256k1 => secp256k1::SecretKey::generate().to_bytes().to_vec(),
|
||||
NodeKeyType::Ed25519 => ed25519::SecretKey::generate().as_ref().to_vec()
|
||||
};
|
||||
let params = NodeKeyParams {
|
||||
@@ -984,9 +962,6 @@ mod tests {
|
||||
node_key_file: None
|
||||
};
|
||||
node_key_config(params, &net_config_dir).and_then(|c| match c {
|
||||
NodeKeyConfig::Secp256k1(network::config::Secret::Input(ref ski))
|
||||
if node_key_type == NodeKeyType::Secp256k1 &&
|
||||
&sk[..] == ski.to_bytes() => Ok(()),
|
||||
NodeKeyConfig::Ed25519(network::config::Secret::Input(ref ski))
|
||||
if node_key_type == NodeKeyType::Ed25519 &&
|
||||
&sk[..] == ski.as_ref() => Ok(()),
|
||||
@@ -1012,8 +987,6 @@ mod tests {
|
||||
node_key_file: Some(file.clone())
|
||||
};
|
||||
node_key_config(params, &net_config_dir).and_then(|c| match c {
|
||||
NodeKeyConfig::Secp256k1(network::config::Secret::File(ref f))
|
||||
if node_key_type == NodeKeyType::Secp256k1 && f == &file => Ok(()),
|
||||
NodeKeyConfig::Ed25519(network::config::Secret::File(ref f))
|
||||
if node_key_type == NodeKeyType::Ed25519 && f == &file => Ok(()),
|
||||
_ => Err(error::Error::Input("Unexpected node key config".into()))
|
||||
@@ -1046,8 +1019,6 @@ mod tests {
|
||||
let typ = params.node_key_type;
|
||||
node_key_config::<String>(params, &None)
|
||||
.and_then(|c| match c {
|
||||
NodeKeyConfig::Secp256k1(network::config::Secret::New)
|
||||
if typ == NodeKeyType::Secp256k1 => Ok(()),
|
||||
NodeKeyConfig::Ed25519(network::config::Secret::New)
|
||||
if typ == NodeKeyType::Ed25519 => Ok(()),
|
||||
_ => Err(error::Error::Input("Unexpected node key config".into()))
|
||||
@@ -1061,9 +1032,6 @@ mod tests {
|
||||
let typ = params.node_key_type;
|
||||
node_key_config(params, &Some(net_config_dir.clone()))
|
||||
.and_then(move |c| match c {
|
||||
NodeKeyConfig::Secp256k1(network::config::Secret::File(ref f))
|
||||
if typ == NodeKeyType::Secp256k1 &&
|
||||
f == &dir.join(NODE_KEY_SECP256K1_FILE) => Ok(()),
|
||||
NodeKeyConfig::Ed25519(network::config::Secret::File(ref f))
|
||||
if typ == NodeKeyType::Ed25519 &&
|
||||
f == &dir.join(NODE_KEY_ED25519_FILE) => Ok(()),
|
||||
|
||||
@@ -150,7 +150,6 @@ arg_enum! {
|
||||
#[allow(missing_docs)]
|
||||
#[derive(Debug, Copy, Clone, PartialEq, Eq)]
|
||||
pub enum NodeKeyType {
|
||||
Secp256k1,
|
||||
Ed25519
|
||||
}
|
||||
}
|
||||
@@ -164,10 +163,6 @@ pub struct NodeKeyParams {
|
||||
/// The value is a string that is parsed according to the choice of
|
||||
/// `--node-key-type` as follows:
|
||||
///
|
||||
/// `secp256k1`:
|
||||
/// The value is parsed as a hex-encoded Secp256k1 32 bytes secret key,
|
||||
/// i.e. 64 hex characters.
|
||||
///
|
||||
/// `ed25519`:
|
||||
/// The value is parsed as a hex-encoded Ed25519 32 bytes secret key,
|
||||
/// i.e. 64 hex characters.
|
||||
@@ -198,10 +193,6 @@ pub struct NodeKeyParams {
|
||||
///
|
||||
/// The node's secret key determines the corresponding public key and hence the
|
||||
/// node's peer ID in the context of libp2p.
|
||||
///
|
||||
/// NOTE: The current default key type is `secp256k1` for a transition period only
|
||||
/// but will eventually change to `ed25519` in a future release. To continue using
|
||||
/// `secp256k1` keys, use `--node-key-type=secp256k1`.
|
||||
#[structopt(
|
||||
long = "node-key-type",
|
||||
value_name = "TYPE",
|
||||
@@ -216,9 +207,6 @@ pub struct NodeKeyParams {
|
||||
/// The contents of the file are parsed according to the choice of `--node-key-type`
|
||||
/// as follows:
|
||||
///
|
||||
/// `secp256k1`:
|
||||
/// The file must contain an unencoded 32 bytes Secp256k1 secret key.
|
||||
///
|
||||
/// `ed25519`:
|
||||
/// The file must contain an unencoded 32 bytes Ed25519 secret key.
|
||||
///
|
||||
|
||||
@@ -22,7 +22,7 @@ linked_hash_set = "0.1.3"
|
||||
lru-cache = "0.1.2"
|
||||
rustc-hex = "2.0.1"
|
||||
rand = "0.7.2"
|
||||
libp2p = { version = "0.12.0", default-features = false, features = ["secp256k1", "libp2p-websocket"] }
|
||||
libp2p = { version = "0.12.0", default-features = false, features = ["libp2p-websocket"] }
|
||||
fork-tree = { path = "../../core/utils/fork-tree" }
|
||||
consensus = { package = "substrate-consensus-common", path = "../../core/consensus/common" }
|
||||
client = { package = "substrate-client", path = "../../core/client" }
|
||||
|
||||
@@ -29,7 +29,7 @@ use bitflags::bitflags;
|
||||
use consensus::{block_validation::BlockAnnounceValidator, import_queue::ImportQueue};
|
||||
use sr_primitives::traits::{Block as BlockT};
|
||||
use std::sync::Arc;
|
||||
use libp2p::identity::{Keypair, secp256k1, ed25519};
|
||||
use libp2p::identity::{Keypair, ed25519};
|
||||
use libp2p::wasm_ext;
|
||||
use libp2p::{PeerId, Multiaddr, multiaddr};
|
||||
use std::error::Error;
|
||||
@@ -364,15 +364,10 @@ impl NonReservedPeerMode {
|
||||
/// the evaluation of the node key configuration.
|
||||
#[derive(Clone)]
|
||||
pub enum NodeKeyConfig {
|
||||
/// A Secp256k1 secret key configuration.
|
||||
Secp256k1(Secret<secp256k1::SecretKey>),
|
||||
/// A Ed25519 secret key configuration.
|
||||
Ed25519(Secret<ed25519::SecretKey>)
|
||||
}
|
||||
|
||||
/// The options for obtaining a Secp256k1 secret key.
|
||||
pub type Secp256k1Secret = Secret<secp256k1::SecretKey>;
|
||||
|
||||
/// The options for obtaining a Ed25519 secret key.
|
||||
pub type Ed25519Secret = Secret<ed25519::SecretKey>;
|
||||
|
||||
@@ -385,7 +380,6 @@ pub enum Secret<K> {
|
||||
/// it is created with a newly generated secret key `K`. The format
|
||||
/// of the file is determined by `K`:
|
||||
///
|
||||
/// * `secp256k1::SecretKey`: An unencoded 32 bytes Secp256k1 secret key.
|
||||
/// * `ed25519::SecretKey`: An unencoded 32 bytes Ed25519 secret key.
|
||||
File(PathBuf),
|
||||
/// Always generate a new secret key `K`.
|
||||
@@ -406,20 +400,6 @@ impl NodeKeyConfig {
|
||||
pub fn into_keypair(self) -> io::Result<Keypair> {
|
||||
use NodeKeyConfig::*;
|
||||
match self {
|
||||
Secp256k1(Secret::New) =>
|
||||
Ok(Keypair::generate_secp256k1()),
|
||||
|
||||
Secp256k1(Secret::Input(k)) =>
|
||||
Ok(Keypair::Secp256k1(k.into())),
|
||||
|
||||
Secp256k1(Secret::File(f)) =>
|
||||
get_secret(f,
|
||||
|mut b| secp256k1::SecretKey::from_bytes(&mut b),
|
||||
secp256k1::SecretKey::generate,
|
||||
|b| b.to_bytes().to_vec())
|
||||
.map(secp256k1::Keypair::from)
|
||||
.map(Keypair::Secp256k1),
|
||||
|
||||
Ed25519(Secret::New) =>
|
||||
Ok(Keypair::generate_ed25519()),
|
||||
|
||||
@@ -526,9 +506,9 @@ mod tests {
|
||||
|
||||
#[test]
|
||||
fn test_secret_input() {
|
||||
let sk = secp256k1::SecretKey::generate();
|
||||
let kp1 = NodeKeyConfig::Secp256k1(Secret::Input(sk.clone())).into_keypair().unwrap();
|
||||
let kp2 = NodeKeyConfig::Secp256k1(Secret::Input(sk)).into_keypair().unwrap();
|
||||
let sk = ed25519::SecretKey::generate();
|
||||
let kp1 = NodeKeyConfig::Ed25519(Secret::Input(sk.clone())).into_keypair().unwrap();
|
||||
let kp2 = NodeKeyConfig::Ed25519(Secret::Input(sk)).into_keypair().unwrap();
|
||||
assert!(secret_bytes(&kp1) == secret_bytes(&kp2));
|
||||
}
|
||||
|
||||
|
||||
@@ -24,9 +24,7 @@
|
||||
//! # Node identities and addresses
|
||||
//!
|
||||
//! In a decentralized network, each node possesses a network private key and a network public key.
|
||||
//! In Substrate, the keys are based on the ed25519 curve. As of the writing of this documentation,
|
||||
//! the secp256k1 curve can also be used, but is deprecated. Our local node's keypair must be
|
||||
//! passed as part of the network configuration.
|
||||
//! In Substrate, the keys are based on the ed25519 curve.
|
||||
//!
|
||||
//! From a node's public key, we can derive its *identity*. In Substrate and libp2p, a node's
|
||||
//! identity is represented with the [`PeerId`] struct. All network communications between nodes on
|
||||
|
||||
@@ -42,7 +42,7 @@ use sr_primitives::{traits::{Block as BlockT, NumberFor}, ConsensusEngineId};
|
||||
|
||||
use crate::{behaviour::{Behaviour, BehaviourOut}, config::{parse_str_addr, parse_addr}};
|
||||
use crate::{NetworkState, NetworkStateNotConnectedPeer, NetworkStatePeer};
|
||||
use crate::{transport, config::NodeKeyConfig, config::NonReservedPeerMode};
|
||||
use crate::{transport, config::NonReservedPeerMode};
|
||||
use crate::config::{Params, TransportConfig};
|
||||
use crate::error::Error;
|
||||
use crate::protocol::{self, Protocol, Context, CustomMessageOutcome, PeerInfo};
|
||||
@@ -185,9 +185,6 @@ impl<B: BlockT + 'static, S: NetworkSpecialization<B>, H: ExHashT> NetworkWorker
|
||||
};
|
||||
|
||||
// Private and public keys configuration.
|
||||
if let NodeKeyConfig::Secp256k1(_) = params.network_config.node_key {
|
||||
warn!(target: "sub-libp2p", "Secp256k1 keys are deprecated in favour of ed25519");
|
||||
}
|
||||
let local_identity = params.network_config.node_key.clone().into_keypair()?;
|
||||
let local_public = local_identity.public();
|
||||
let local_peer_id = local_public.clone().into_peer_id();
|
||||
|
||||
Reference in New Issue
Block a user