Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement ACP-20 #3242

Open
1 task
StephenButtolph opened this issue Jul 29, 2024 · 1 comment
Open
1 task

Implement ACP-20 #3242

StephenButtolph opened this issue Jul 29, 2024 · 1 comment
Assignees
Labels
acp20 enhancement New feature or request

Comments

@StephenButtolph
Copy link
Contributor

StephenButtolph commented Jul 29, 2024

Currently NodeIDs are generated based on ripemd160(sha256(TLS_CERT_DER)):

func NodeIDFromCert(cert *staking.Certificate) NodeID {
return hashing.ComputeHash160Array(
hashing.ComputeHash256(cert.Raw),
)
}

Only RSA and ECDSA keys are currently allowed to be used. This restriction means that we can use the public key in the TLS certificate to switch on the NodeID format:

func parsePublicKey(oid asn1.ObjectIdentifier, publicKey asn1.BitString) (crypto.PublicKey, error) {
der := cryptobyte.String(publicKey.RightAlign())
switch {
case oid.Equal(oidPublicKeyRSA):
pub := &rsa.PublicKey{N: new(big.Int)}
if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
return nil, ErrInvalidRSAPublicKey
}
if !der.ReadASN1Integer(pub.N) {
return nil, ErrInvalidRSAModulus
}
if !der.ReadASN1Integer(&pub.E) {
return nil, ErrInvalidRSAPublicExponent
}
if pub.N.Sign() <= 0 {
return nil, ErrRSAModulusNotPositive
}
if bitLen := pub.N.BitLen(); bitLen != allowedRSALargeModulusLen && bitLen != allowedRSASmallModulusLen {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAModulusBitLen, bitLen)
}
if pub.N.Bit(0) == 0 {
return nil, ErrRSAModulusIsEven
}
if pub.E != allowedRSAPublicExponentValue {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAPublicExponent, pub.E)
}
return pub, nil
case oid.Equal(oidPublicKeyECDSA):
namedCurve := elliptic.P256()
x, y := elliptic.Unmarshal(namedCurve, der)
if x == nil {
return nil, ErrFailedUnmarshallingEllipticCurvePoint
}
return &ecdsa.PublicKey{
Curve: namedCurve,
X: x,
Y: y,
}, nil
default:
return nil, ErrUnknownPublicKeyAlgorithm
}
}

In the Etna upgrade, Ed25519 keys should be supported: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/20-ed25519-p2p

The NodeID representation of these Ed25519 keys should be the 32-byte public key representation.

The Ed25519 keys will be used for ACP-77 subnet validators: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/77-reinventing-subnets#step-2-issue-a-registersubnetvalidatortx-on-the-p-chain

We must retain support for prior P-chain transactions which encode the fixed 20-byte ids.NodeID type:

The following PRs are related to this issue:

Copy link

github-actions bot commented Oct 6, 2024

This issue has become stale because it has been open 60 days with no activity. Adding the lifecycle/frozen label will cause this issue to ignore lifecycle events.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
acp20 enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants