Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ACP-20 #3242

Open
1 task
StephenButtolph opened this issue Jul 29, 2024 · 0 comments
Open
1 task

Implement ACP-20 #3242

StephenButtolph opened this issue Jul 29, 2024 · 0 comments
Assignees
@abi87 @tsachiherman
Labels
acp20 acp77 enhancement New feature or request

Comments

@StephenButtolph
Copy link
Contributor

StephenButtolph commented Jul 29, 2024
edited
Loading

Currently NodeIDs are generated based on ripemd160(sha256(TLS_CERT_DER)):

avalanchego/ids/node_id.go

Lines 79 to 83 in ccf785c

func NodeIDFromCert(cert *staking.Certificate) NodeID {
return hashing.ComputeHash160Array(
hashing.ComputeHash256(cert.Raw),
)
}

Only RSA and ECDSA keys are currently allowed to be used. This restriction means that we can use the public key in the TLS certificate to switch on the NodeID format:

avalanchego/staking/parse.go

Lines 124 to 167 in ccf785c

func parsePublicKey(oid asn1.ObjectIdentifier, publicKey asn1.BitString) (crypto.PublicKey, error) {
der := cryptobyte.String(publicKey.RightAlign())
switch {
case oid.Equal(oidPublicKeyRSA):
pub := &rsa.PublicKey{N: new(big.Int)}
if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
return nil, ErrInvalidRSAPublicKey
}
if !der.ReadASN1Integer(pub.N) {
return nil, ErrInvalidRSAModulus
}
if !der.ReadASN1Integer(&pub.E) {
return nil, ErrInvalidRSAPublicExponent
}
if pub.N.Sign() <= 0 {
return nil, ErrRSAModulusNotPositive
}
if bitLen := pub.N.BitLen(); bitLen != allowedRSALargeModulusLen && bitLen != allowedRSASmallModulusLen {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAModulusBitLen, bitLen)
}
if pub.N.Bit(0) == 0 {
return nil, ErrRSAModulusIsEven
}
if pub.E != allowedRSAPublicExponentValue {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAPublicExponent, pub.E)
}
return pub, nil
case oid.Equal(oidPublicKeyECDSA):
namedCurve := elliptic.P256()
x, y := elliptic.Unmarshal(namedCurve, der)
if x == nil {
return nil, ErrFailedUnmarshallingEllipticCurvePoint
}
return &ecdsa.PublicKey{
Curve: namedCurve,
X: x,
Y: y,
}, nil
default:
return nil, ErrUnknownPublicKeyAlgorithm
}
}

In the Etna upgrade, Ed25519 keys should be supported: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/20-ed25519-p2p

The NodeID representation of these Ed25519 keys should be the 32-byte public key representation.

The Ed25519 keys will be used for ACP-77 subnet validators: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/77-reinventing-subnets#step-2-issue-a-registersubnetvalidatortx-on-the-p-chain

We must retain support for prior P-chain transactions which encode the fixed 20-byte ids.NodeID type:

The following PRs are related to this issue:
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abi87 abi87

@tsachiherman tsachiherman

Labels
acp20 acp77 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abi87 @StephenButtolph @tsachiherman