From 36243a7eb9e55d6cf0725f7d8b57eda4f40b7852 Mon Sep 17 00:00:00 2001 From: pavel-raykov Date: Tue, 19 Nov 2024 16:56:41 +0100 Subject: [PATCH 1/3] Remove unused ocr1 key files. --- .changeset/forty-foxes-rescue.md | 5 + .../keystore/keys/ocrkey/key_bundle.go | 259 ------------------ .../keystore/keys/ocrkey/key_bundle_test.go | 102 ------- 3 files changed, 5 insertions(+), 361 deletions(-) create mode 100644 .changeset/forty-foxes-rescue.md delete mode 100644 core/services/keystore/keys/ocrkey/key_bundle.go delete mode 100644 core/services/keystore/keys/ocrkey/key_bundle_test.go diff --git a/.changeset/forty-foxes-rescue.md b/.changeset/forty-foxes-rescue.md new file mode 100644 index 00000000000..c94885099cc --- /dev/null +++ b/.changeset/forty-foxes-rescue.md @@ -0,0 +1,5 @@ +--- +"chainlink": minor +--- + +#deleted Remove unused ocr1 key files. diff --git a/core/services/keystore/keys/ocrkey/key_bundle.go b/core/services/keystore/keys/ocrkey/key_bundle.go deleted file mode 100644 index a73d8d5bd1e..00000000000 --- a/core/services/keystore/keys/ocrkey/key_bundle.go +++ /dev/null @@ -1,259 +0,0 @@ -package ocrkey - -import ( - "crypto/ecdsa" - "crypto/ed25519" - cryptorand "crypto/rand" - "crypto/sha256" - "encoding/hex" - "encoding/json" - "fmt" - "io" - "log" - "time" - - "github.com/ethereum/go-ethereum/accounts/keystore" - "github.com/pkg/errors" - ocrtypes "github.com/smartcontractkit/libocr/offchainreporting/types" - "golang.org/x/crypto/curve25519" - - "github.com/smartcontractkit/chainlink/v2/core/store/models" - "github.com/smartcontractkit/chainlink/v2/core/utils" -) - -type ( - // KeyBundle represents the bundle of keys needed for OCR - KeyBundle struct { - ID models.Sha256Hash - onChainSigning *onChainPrivateKey - offChainSigning *offChainPrivateKey - offChainEncryption *[curve25519.ScalarSize]byte - } - - // EncryptedKeyBundle holds an encrypted KeyBundle - EncryptedKeyBundle struct { - ID models.Sha256Hash - OnChainSigningAddress OnChainSigningAddress - OffChainPublicKey OffChainPublicKey - ConfigPublicKey ConfigPublicKey - EncryptedPrivateKeys []byte - CreatedAt time.Time - UpdatedAt time.Time - DeletedAt *time.Time - } -) - -func (ekb EncryptedKeyBundle) GetID() string { - return ekb.ID.String() -} - -func (ekb *EncryptedKeyBundle) SetID(value string) error { - var result models.Sha256Hash - decodedString, err := hex.DecodeString(value) - - if err != nil { - return err - } - - copy(result[:], decodedString[:32]) - ekb.ID = result - return nil -} - -// New makes a new set of OCR key bundles from cryptographically secure entropy -func New() (*KeyBundle, error) { - return NewFrom(cryptorand.Reader, cryptorand.Reader, cryptorand.Reader) -} - -// NewFrom makes a new set of OCR key bundles from cryptographically secure entropy -func NewFrom(onChainSigning io.Reader, offChainSigning io.Reader, offChainEncryption io.Reader) (*KeyBundle, error) { - ecdsaKey, err := ecdsa.GenerateKey(curve, onChainSigning) - if err != nil { - return nil, err - } - onChainPriv := (*onChainPrivateKey)(ecdsaKey) - - _, offChainPriv, err := ed25519.GenerateKey(offChainSigning) - if err != nil { - return nil, err - } - var encryptionPriv [curve25519.ScalarSize]byte - _, err = offChainEncryption.Read(encryptionPriv[:]) - if err != nil { - return nil, err - } - k := &KeyBundle{ - onChainSigning: onChainPriv, - offChainSigning: (*offChainPrivateKey)(&offChainPriv), - offChainEncryption: &encryptionPriv, - } - marshalledPrivK, err := json.Marshal(k) - if err != nil { - return nil, err - } - k.ID = sha256.Sum256(marshalledPrivK) - return k, nil -} - -// SignOnChain returns an ethereum-style ECDSA secp256k1 signature on msg. -func (pk *KeyBundle) SignOnChain(msg []byte) (signature []byte, err error) { - return pk.onChainSigning.Sign(msg) -} - -// SignOffChain returns an EdDSA-Ed25519 signature on msg. -func (pk *KeyBundle) SignOffChain(msg []byte) (signature []byte, err error) { - return pk.offChainSigning.Sign(msg) -} - -// ConfigDiffieHellman returns the shared point obtained by multiplying someone's -// public key by a secret scalar ( in this case, the offChainEncryption key.) -func (pk *KeyBundle) ConfigDiffieHellman(base *[curve25519.PointSize]byte) ( - sharedPoint *[curve25519.PointSize]byte, err error, -) { - p, err := curve25519.X25519(pk.offChainEncryption[:], base[:]) - if err != nil { - return nil, err - } - sharedPoint = new([ed25519.PublicKeySize]byte) - copy(sharedPoint[:], p) - return sharedPoint, nil -} - -// PublicKeyAddressOnChain returns public component of the keypair used in -// SignOnChain -func (pk *KeyBundle) PublicKeyAddressOnChain() ocrtypes.OnChainSigningAddress { - return ocrtypes.OnChainSigningAddress(pk.onChainSigning.Address()) -} - -// PublicKeyOffChain returns the public component of the keypair used in SignOffChain -func (pk *KeyBundle) PublicKeyOffChain() ocrtypes.OffchainPublicKey { - return ocrtypes.OffchainPublicKey(pk.offChainSigning.PublicKey()) -} - -// PublicKeyConfig returns the public component of the keypair used in ConfigKeyShare -func (pk *KeyBundle) PublicKeyConfig() [curve25519.PointSize]byte { - rv, err := curve25519.X25519(pk.offChainEncryption[:], curve25519.Basepoint) - if err != nil { - log.Println("failure while computing public key: " + err.Error()) - } - var rvFixed [curve25519.PointSize]byte - copy(rvFixed[:], rv) - return rvFixed -} - -// Encrypt combines the KeyBundle into a single json-serialized -// bytes array and then encrypts -func (pk *KeyBundle) Encrypt(auth string, scryptParams utils.ScryptParams) (*EncryptedKeyBundle, error) { - return pk.encrypt(auth, scryptParams) -} - -// encrypt combines the KeyBundle into a single json-serialized -// bytes array and then encrypts, using the provided scrypt params -// separated into a different function so that scryptParams can be -// weakened in tests -func (pk *KeyBundle) encrypt(auth string, scryptParams utils.ScryptParams) (*EncryptedKeyBundle, error) { - marshalledPrivK, err := json.Marshal(&pk) - if err != nil { - return nil, err - } - cryptoJSON, err := keystore.EncryptDataV3( - marshalledPrivK, - []byte(adulteratedPassword(auth)), - scryptParams.N, - scryptParams.P, - ) - if err != nil { - return nil, errors.Wrapf(err, "could not encrypt ocr key") - } - encryptedPrivKeys, err := json.Marshal(&cryptoJSON) - if err != nil { - return nil, errors.Wrapf(err, "could not encode cryptoJSON") - } - return &EncryptedKeyBundle{ - ID: pk.ID, - OnChainSigningAddress: pk.onChainSigning.Address(), - OffChainPublicKey: pk.offChainSigning.PublicKey(), - ConfigPublicKey: pk.PublicKeyConfig(), - EncryptedPrivateKeys: encryptedPrivKeys, - }, nil -} - -// Decrypt returns the PrivateKeys in e, decrypted via auth, or an error -func (ekb *EncryptedKeyBundle) Decrypt(auth string) (*KeyBundle, error) { - var cryptoJSON keystore.CryptoJSON - err := json.Unmarshal(ekb.EncryptedPrivateKeys, &cryptoJSON) - if err != nil { - return nil, errors.Wrapf(err, "invalid cryptoJSON for OCR key bundle") - } - marshalledPrivK, err := keystore.DecryptDataV3(cryptoJSON, adulteratedPassword(auth)) - if err != nil { - return nil, errors.Wrapf(err, "could not decrypt OCR key bundle") - } - var pk KeyBundle - err = json.Unmarshal(marshalledPrivK, &pk) - if err != nil { - return nil, errors.Wrapf(err, "could not unmarshal OCR key bundle") - } - return &pk, nil -} - -// MarshalJSON marshals the private keys into json -func (pk *KeyBundle) MarshalJSON() ([]byte, error) { - rawKeyData := keyBundleRawData{ - EcdsaD: *pk.onChainSigning.D, - Ed25519PrivKey: []byte(*pk.offChainSigning), - OffChainEncryption: *pk.offChainEncryption, - } - return json.Marshal(&rawKeyData) -} - -// UnmarshalJSON constructs KeyBundle from raw json -func (pk *KeyBundle) UnmarshalJSON(b []byte) (err error) { - var rawKeyData keyBundleRawData - err = json.Unmarshal(b, &rawKeyData) - if err != nil { - return err - } - ecdsaDSize := len(rawKeyData.EcdsaD.Bytes()) - if ecdsaDSize > curve25519.PointSize { - return errors.Wrapf(ErrScalarTooBig, "got %d byte ecdsa scalar", ecdsaDSize) - } - - publicKey := ecdsa.PublicKey{Curve: curve} - publicKey.X, publicKey.Y = curve.ScalarBaseMult(rawKeyData.EcdsaD.Bytes()) - privateKey := ecdsa.PrivateKey{ - PublicKey: publicKey, - D: &rawKeyData.EcdsaD, - } - onChainSigning := onChainPrivateKey(privateKey) - offChainSigning := offChainPrivateKey(rawKeyData.Ed25519PrivKey) - pk.onChainSigning = &onChainSigning - pk.offChainSigning = &offChainSigning - pk.offChainEncryption = &rawKeyData.OffChainEncryption - pk.ID = sha256.Sum256(b) - return nil -} - -// String reduces the risk of accidentally logging the private key -func (pk KeyBundle) String() string { - addressOnChain := pk.PublicKeyAddressOnChain() - return fmt.Sprintf( - "KeyBundle{PublicKeyAddressOnChain: %s, PublicKeyOffChain: %s}", - hex.EncodeToString(addressOnChain[:]), - hex.EncodeToString(pk.PublicKeyOffChain()), - ) -} - -// GoString reduces the risk of accidentally logging the private key -func (pk KeyBundle) GoString() string { - return pk.String() -} - -// GoString reduces the risk of accidentally logging the private key -func (pk KeyBundle) ToV2() KeyV2 { - return KeyV2{ - OnChainSigning: pk.onChainSigning, - OffChainSigning: pk.offChainSigning, - OffChainEncryption: pk.offChainEncryption, - } -} diff --git a/core/services/keystore/keys/ocrkey/key_bundle_test.go b/core/services/keystore/keys/ocrkey/key_bundle_test.go deleted file mode 100644 index fe9391735a1..00000000000 --- a/core/services/keystore/keys/ocrkey/key_bundle_test.go +++ /dev/null @@ -1,102 +0,0 @@ -package ocrkey_test - -import ( - "math/big" - "testing" - - "github.com/stretchr/testify/assert" - "github.com/stretchr/testify/require" - - "github.com/smartcontractkit/chainlink/v2/core/services/keystore/keys/ocrkey" - "github.com/smartcontractkit/chainlink/v2/core/utils" -) - -func assertKeyBundlesNotEqual(t *testing.T, pk1 ocrkey.KeyV2, pk2 ocrkey.KeyV2) { - assert.NotEqual(t, pk1.ID(), pk2.ID()) - assert.NotEqual(t, pk1.ExportedOnChainSigning().X, pk2.ExportedOnChainSigning().X) - assert.NotEqual(t, pk1.ExportedOnChainSigning().Y, pk2.ExportedOnChainSigning().Y) - assert.NotEqual(t, pk1.ExportedOnChainSigning().D, pk2.ExportedOnChainSigning().D) - assert.NotEqual(t, pk1.ExportedOffChainSigning().PublicKey(), pk2.ExportedOffChainSigning().PublicKey()) - assert.NotEqual(t, pk1.ExportedOffChainEncryption(), pk2.ExportedOffChainEncryption()) -} - -func TestOCRKeys_New(t *testing.T) { - t.Parallel() - pk1, err := ocrkey.NewV2() - require.NoError(t, err) - pk2, err := ocrkey.NewV2() - require.NoError(t, err) - pk3, err := ocrkey.NewV2() - require.NoError(t, err) - assertKeyBundlesNotEqual(t, pk1, pk2) - assertKeyBundlesNotEqual(t, pk1, pk3) - assertKeyBundlesNotEqual(t, pk2, pk3) -} - -func TestOCRKeys_NewBundleIDMatchesOld(t *testing.T) { - t.Parallel() - oldKey, err := ocrkey.New() - require.NoError(t, err) - newKey := oldKey.ToV2() - require.Equal(t, oldKey.ID.String(), newKey.ID()) -} - -func TestOCRKeys_Raw_Key(t *testing.T) { - t.Parallel() - key := ocrkey.MustNewV2XXXTestingOnly(big.NewInt(1)) - require.Equal(t, key.ID(), key.Raw().Key().ID()) -} - -func TestOCRKeys_BundleSetID(t *testing.T) { - t.Parallel() - - k, err := ocrkey.New() - require.NoError(t, err) - ek, err := k.Encrypt("test", utils.FastScryptParams) - require.NoError(t, err) - - oldId := ek.GetID() - err = ek.SetID("48656c6c6f20476f7068657221") - require.NoError(t, err) - - assert.NotEqual(t, oldId, ek.GetID()) - - err = ek.SetID("invalid id") - assert.Error(t, err) -} - -func TestOCRKeys_BundleDecrypt(t *testing.T) { - t.Parallel() - - k, err := ocrkey.New() - require.NoError(t, err) - ek, err := k.Encrypt("test", utils.FastScryptParams) - require.NoError(t, err) - - _, err = ek.Decrypt("wrongpass") - assert.Error(t, err) - - dk, err := ek.Decrypt("test") - require.NoError(t, err) - - dk.GoString() - assert.Equal(t, k.GoString(), dk.GoString()) - assert.Equal(t, k.ID.String(), dk.ID.String()) -} - -func TestOCRKeys_BundleMarshalling(t *testing.T) { - t.Parallel() - - k, err := ocrkey.New() - require.NoError(t, err) - k2, err := ocrkey.New() - require.NoError(t, err) - - mk, err := k.MarshalJSON() - require.NoError(t, err) - - err = k2.UnmarshalJSON(mk) - require.NoError(t, err) - - assert.Equal(t, k.String(), k2.String()) -} From 29f054a9221b783fe521ac3da5da165d6c8c8261 Mon Sep 17 00:00:00 2001 From: pavel-raykov Date: Tue, 19 Nov 2024 17:38:30 +0100 Subject: [PATCH 2/3] Minor --- ...chan_private_key_test.go => off_chain_private_key_test.go} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename core/services/keystore/keys/ocrkey/{off_chan_private_key_test.go => off_chain_private_key_test.go} (77%) diff --git a/core/services/keystore/keys/ocrkey/off_chan_private_key_test.go b/core/services/keystore/keys/ocrkey/off_chain_private_key_test.go similarity index 77% rename from core/services/keystore/keys/ocrkey/off_chan_private_key_test.go rename to core/services/keystore/keys/ocrkey/off_chain_private_key_test.go index 0c0f6a96957..a7eadc72860 100644 --- a/core/services/keystore/keys/ocrkey/off_chan_private_key_test.go +++ b/core/services/keystore/keys/ocrkey/off_chain_private_key_test.go @@ -10,10 +10,10 @@ import ( func TestOCRKeys_OffChainPrivateKey(t *testing.T) { t.Parallel() - k, err := New() + k, err := NewV2() require.NoError(t, err) - sig, err := k.offChainSigning.Sign([]byte("hello world")) + sig, err := k.OffChainSigning.Sign([]byte("hello world")) assert.NoError(t, err) assert.NotEmpty(t, sig) From a65ae05208f709800882c1c076e4c5083d59296e Mon Sep 17 00:00:00 2001 From: pavel-raykov Date: Tue, 19 Nov 2024 17:41:57 +0100 Subject: [PATCH 3/3] Minor --- .changeset/forty-foxes-rescue.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.changeset/forty-foxes-rescue.md b/.changeset/forty-foxes-rescue.md index c94885099cc..9456ebe5e36 100644 --- a/.changeset/forty-foxes-rescue.md +++ b/.changeset/forty-foxes-rescue.md @@ -2,4 +2,4 @@ "chainlink": minor --- -#deleted Remove unused ocr1 key files. +#removed Remove unused ocr1 key files.