Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement ACP-20 #3242

Open
1 task
StephenButtolph opened this issue Jul 29, 2024 · 1 comment
Open
1 task

Implement ACP-20 #3242

StephenButtolph opened this issue Jul 29, 2024 · 1 comment
Assignees
@abi87 @tsachiherman
Labels
acp20 enhancement New feature or request

Comments

@StephenButtolph
Copy link
Contributor

StephenButtolph commented Jul 29, 2024
edited
Loading

Currently NodeIDs are generated based on ripemd160(sha256(TLS_CERT_DER)):

avalanchego/ids/node_id.go

Lines 79 to 83 in ccf785c

func NodeIDFromCert(cert *staking.Certificate) NodeID {
return hashing.ComputeHash160Array(
hashing.ComputeHash256(cert.Raw),
)
}

Only RSA and ECDSA keys are currently allowed to be used. This restriction means that we can use the public key in the TLS certificate to switch on the NodeID format:

avalanchego/staking/parse.go

Lines 124 to 167 in ccf785c

func parsePublicKey(oid asn1.ObjectIdentifier, publicKey asn1.BitString) (crypto.PublicKey, error) {
der := cryptobyte.String(publicKey.RightAlign())
switch {
case oid.Equal(oidPublicKeyRSA):
pub := &rsa.PublicKey{N: new(big.Int)}
if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
return nil, ErrInvalidRSAPublicKey
}
if !der.ReadASN1Integer(pub.N) {
return nil, ErrInvalidRSAModulus
}
if !der.ReadASN1Integer(&pub.E) {
return nil, ErrInvalidRSAPublicExponent
}
if pub.N.Sign() <= 0 {
return nil, ErrRSAModulusNotPositive
}
if bitLen := pub.N.BitLen(); bitLen != allowedRSALargeModulusLen && bitLen != allowedRSASmallModulusLen {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAModulusBitLen, bitLen)
}
if pub.N.Bit(0) == 0 {
return nil, ErrRSAModulusIsEven
}
if pub.E != allowedRSAPublicExponentValue {
return nil, fmt.Errorf("%w: %d", ErrUnsupportedRSAPublicExponent, pub.E)
}
return pub, nil
case oid.Equal(oidPublicKeyECDSA):
namedCurve := elliptic.P256()
x, y := elliptic.Unmarshal(namedCurve, der)
if x == nil {
return nil, ErrFailedUnmarshallingEllipticCurvePoint
}
return &ecdsa.PublicKey{
Curve: namedCurve,
X: x,
Y: y,
}, nil
default:
return nil, ErrUnknownPublicKeyAlgorithm
}
}

In the Etna upgrade, Ed25519 keys should be supported: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/20-ed25519-p2p

The NodeID representation of these Ed25519 keys should be the 32-byte public key representation.

The Ed25519 keys will be used for ACP-77 subnet validators: https://github.com/avalanche-foundation/ACPs/tree/main/ACPs/77-reinventing-subnets#step-2-issue-a-registersubnetvalidatortx-on-the-p-chain

We must retain support for prior P-chain transactions which encode the fixed 20-byte ids.NodeID type:

The following PRs are related to this issue:
@StephenButtolph StephenButtolph added enhancement New feature or request acp77 acp20 labels Jul 29, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Oct 6, 2024

This issue has become stale because it has been open 60 days with no activity. Adding the lifecycle/frozen label will cause this issue to ignore lifecycle events.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@abi87 abi87

@tsachiherman tsachiherman

Labels
acp20 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@abi87 @StephenButtolph @tsachiherman