Skip to content

Commit

Permalink
feat: remove insecured keypair [NET-633] (#1906)
Browse files Browse the repository at this point in the history
  • Loading branch information
justprosh authored Nov 15, 2023
1 parent 6660934 commit 32e938c
Show file tree
Hide file tree
Showing 4 changed files with 1 addition and 120 deletions.
10 changes: 0 additions & 10 deletions crates/key-manager/src/key_manager.rs
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@
use fluence_keypair::{KeyFormat, KeyPair};
use libp2p::PeerId;
use std::collections::HashMap;
use std::ops::Range;
use std::path::PathBuf;
use std::str::FromStr;
use std::sync::Arc;
Expand All @@ -29,8 +28,6 @@ use crate::persistence::{
use crate::KeyManagerError::{WorkerAlreadyExists, WorkerNotFound, WorkerNotFoundByDeal};
use parking_lot::RwLock;

pub const INSECURE_KEYPAIR_SEED: Range<u8> = 0..32;

type DealId = String;
type WorkerId = PeerId;

Expand All @@ -48,8 +45,6 @@ pub struct KeyManager {
worker_infos: Arc<RwLock<HashMap<WorkerId, WorkerInfo>>>,
keypairs_dir: PathBuf,
host_peer_id: PeerId,
// temporary public, will refactor
pub insecure_keypair: KeyPair,
pub root_keypair: KeyPair,
management_peer_id: PeerId,
builtins_management_peer_id: PeerId,
Expand All @@ -68,11 +63,6 @@ impl KeyManager {
worker_infos: Arc::new(Default::default()),
keypairs_dir,
host_peer_id: root_keypair.get_peer_id(),
insecure_keypair: KeyPair::from_secret_key(
INSECURE_KEYPAIR_SEED.collect(),
KeyFormat::Ed25519,
)
.expect("error creating insecure keypair"),
root_keypair,
management_peer_id,
builtins_management_peer_id,
Expand Down
1 change: 0 additions & 1 deletion crates/key-manager/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,3 @@ mod persistence;

pub use error::KeyManagerError;
pub use key_manager::KeyManager;
pub use key_manager::INSECURE_KEYPAIR_SEED;
59 changes: 1 addition & 58 deletions crates/nox-tests/tests/builtin.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,12 +22,11 @@ use created_swarm::{
make_swarms_with_transport_and_mocked_vm,
};
use eyre::{Report, WrapErr};
use fluence_keypair::{KeyFormat, KeyPair, Signature};
use fluence_keypair::KeyPair;
use fluence_libp2p::RandomPeerId;
use fluence_libp2p::Transport;
use itertools::Itertools;
use json_utils::into_array;
use key_manager::INSECURE_KEYPAIR_SEED;
use libp2p::core::Multiaddr;
use libp2p::kad::KBucketKey;
use libp2p::PeerId;
Expand Down Expand Up @@ -2062,62 +2061,6 @@ async fn json_builtins() {
}
}

#[tokio::test]
async fn insecure_sign_verify() {
let kp = KeyPair::from_secret_key(INSECURE_KEYPAIR_SEED.collect(), KeyFormat::Ed25519).unwrap();
let swarms = make_swarms_with_cfg(1, |mut cfg| {
cfg.enabled_system_services = vec!["registry".to_string()];
cfg
})
.await;

let mut client = ConnectedClient::connect_to(swarms[0].multiaddr.clone())
.await
.wrap_err("connect client")
.unwrap();

client.send_particle(
r#"
(seq
(seq
(call relay ("registry" "get_record_metadata_bytes") ["key_id" "" 0 "" "" [] [] []] data)
(seq
(call relay ("insecure_sig" "sign") [data] sig_result)
(call relay ("insecure_sig" "verify") [sig_result.$.signature.[0]! data] result)
)
)
(call %init_peer_id% ("op" "return") [data sig_result result])
)
"#,
hashmap! {
"relay" => json!(client.node.to_string()),
},
).await;

use serde_json::Value::Array;
use serde_json::Value::Bool;
use serde_json::Value::Object;

if let [Array(data), Object(sig_result), Bool(result)] =
client.receive_args().await.unwrap().as_slice()
{
let data: Vec<_> = data.iter().map(|n| n.as_u64().unwrap() as u8).collect();

assert!(sig_result["success"].as_bool().unwrap());
let signature = sig_result["signature"].as_array().unwrap()[0]
.as_array()
.unwrap()
.iter()
.map(|n| n.as_u64().unwrap() as u8)
.collect();
let signature = Signature::from_bytes(kp.public().get_key_format(), signature);
assert!(result);
assert!(kp.public().verify(&data, &signature).is_ok());
} else {
panic!("incorrect args: expected three arguments")
}
}

async fn binary(
service: &str,
func: &str,
Expand Down
51 changes: 0 additions & 51 deletions particle-builtins/src/builtins.rs
Original file line number Diff line number Diff line change
Expand Up @@ -264,10 +264,6 @@ where
("sig", "verify") => wrap(self.verify(args, particle)),
("sig", "get_peer_id") => wrap(self.get_peer_id(particle)),

("insecure_sig", "sign") => wrap(self.insecure_sign(args)),
("insecure_sig", "verify") => wrap(self.insecure_verify(args)),
("insecure_sig", "get_peer_id") => wrap(self.insecure_get_peer_id()),

("json", "obj") => wrap(json::obj(args)),
("json", "put") => wrap(json::put(args)),
("json", "puts") => wrap(json::puts(args)),
Expand Down Expand Up @@ -937,53 +933,6 @@ where
fn get_peer_id(&self, params: ParticleParams) -> Result<JValue, JError> {
Ok(JValue::String(params.host_id.to_base58()))
}

fn insecure_sign(&self, args: Args) -> Result<JValue, JError> {
let mut args = args.function_args.into_iter();
let result: Result<JValue, JError> = try {
let data: Vec<u8> = Args::next("data", &mut args)?;
json!(self.key_manager.insecure_keypair.sign(&data)?.to_vec())
};

match result {
Ok(sig) => Ok(json!({
"success": true,
"error": [],
"signature": vec![sig]
})),

Err(error) => Ok(json!({
"success": false,
"error": vec![JValue::from(error)],
"signature": []
})),
}
}

fn insecure_verify(&self, args: Args) -> Result<JValue, JError> {
let mut args = args.function_args.into_iter();
let signature: Vec<u8> = Args::next("signature", &mut args)?;
let data: Vec<u8> = Args::next("data", &mut args)?;
let signature = Signature::from_bytes(
self.key_manager.insecure_keypair.public().get_key_format(),
signature,
);

Ok(JValue::Bool(
self.key_manager
.insecure_keypair
.public()
.verify(&data, &signature)
.is_ok(),
))
}

fn insecure_get_peer_id(&self) -> Result<JValue, JError> {
Ok(JValue::String(
self.key_manager.insecure_keypair.get_peer_id().to_base58(),
))
}

fn vault_put(&self, args: Args, params: ParticleParams) -> Result<JValue, JError> {
let mut args = args.function_args.into_iter();
let data: String = Args::next("data", &mut args)?;
Expand Down

0 comments on commit 32e938c

Please sign in to comment.