feat: remove insecured keypair [NET-633] (#1906)

fluencelabs · Nov 15, 2023 · 32e938c · 32e938c
1 parent 6660934
commit 32e938c
Show file tree

Hide file tree

Showing 4 changed files with 1 addition and 120 deletions.
diff --git a/crates/key-manager/src/key_manager.rs b/crates/key-manager/src/key_manager.rs
@@ -17,7 +17,6 @@
 use fluence_keypair::{KeyFormat, KeyPair};
 use libp2p::PeerId;
 use std::collections::HashMap;
-use std::ops::Range;
 use std::path::PathBuf;
 use std::str::FromStr;
 use std::sync::Arc;
@@ -29,8 +28,6 @@ use crate::persistence::{
 use crate::KeyManagerError::{WorkerAlreadyExists, WorkerNotFound, WorkerNotFoundByDeal};
 use parking_lot::RwLock;
 
-pub const INSECURE_KEYPAIR_SEED: Range<u8> = 0..32;
-
 type DealId = String;
 type WorkerId = PeerId;
 
@@ -48,8 +45,6 @@ pub struct KeyManager {
     worker_infos: Arc<RwLock<HashMap<WorkerId, WorkerInfo>>>,
     keypairs_dir: PathBuf,
     host_peer_id: PeerId,
-    // temporary public, will refactor
-    pub insecure_keypair: KeyPair,
     pub root_keypair: KeyPair,
     management_peer_id: PeerId,
     builtins_management_peer_id: PeerId,
@@ -68,11 +63,6 @@ impl KeyManager {
             worker_infos: Arc::new(Default::default()),
             keypairs_dir,
             host_peer_id: root_keypair.get_peer_id(),
-            insecure_keypair: KeyPair::from_secret_key(
-                INSECURE_KEYPAIR_SEED.collect(),
-                KeyFormat::Ed25519,
-            )
-            .expect("error creating insecure keypair"),
             root_keypair,
             management_peer_id,
             builtins_management_peer_id,

diff --git a/crates/key-manager/src/lib.rs b/crates/key-manager/src/lib.rs
@@ -6,4 +6,3 @@ mod persistence;
 
 pub use error::KeyManagerError;
 pub use key_manager::KeyManager;
-pub use key_manager::INSECURE_KEYPAIR_SEED;
diff --git a/crates/nox-tests/tests/builtin.rs b/crates/nox-tests/tests/builtin.rs
@@ -22,12 +22,11 @@ use created_swarm::{
     make_swarms_with_transport_and_mocked_vm,
 };
 use eyre::{Report, WrapErr};
-use fluence_keypair::{KeyFormat, KeyPair, Signature};
+use fluence_keypair::KeyPair;
 use fluence_libp2p::RandomPeerId;
 use fluence_libp2p::Transport;
 use itertools::Itertools;
 use json_utils::into_array;
-use key_manager::INSECURE_KEYPAIR_SEED;
 use libp2p::core::Multiaddr;
 use libp2p::kad::KBucketKey;
 use libp2p::PeerId;
@@ -2062,62 +2061,6 @@ async fn json_builtins() {
     }
 }
 
-#[tokio::test]
-async fn insecure_sign_verify() {
-    let kp = KeyPair::from_secret_key(INSECURE_KEYPAIR_SEED.collect(), KeyFormat::Ed25519).unwrap();
-    let swarms = make_swarms_with_cfg(1, |mut cfg| {
-        cfg.enabled_system_services = vec!["registry".to_string()];
-        cfg
-    })
-    .await;
-
-    let mut client = ConnectedClient::connect_to(swarms[0].multiaddr.clone())
-        .await
-        .wrap_err("connect client")
-        .unwrap();
-
-    client.send_particle(
-        r#"
-            (seq
-                (seq
-                    (call relay ("registry" "get_record_metadata_bytes") ["key_id" "" 0 "" "" [] [] []] data)
-                    (seq
-                        (call relay ("insecure_sig" "sign") [data] sig_result)
-                        (call relay ("insecure_sig" "verify") [sig_result.$.signature.[0]! data] result)
-                    )
-                )
-                (call %init_peer_id% ("op" "return") [data sig_result result])
-            )
-        "#,
-        hashmap! {
-            "relay" => json!(client.node.to_string()),
-        },
-    ).await;
-
-    use serde_json::Value::Array;
-    use serde_json::Value::Bool;
-    use serde_json::Value::Object;
-
-    if let [Array(data), Object(sig_result), Bool(result)] =
-        client.receive_args().await.unwrap().as_slice()
-    {
-        let data: Vec<_> = data.iter().map(|n| n.as_u64().unwrap() as u8).collect();
-
-        assert!(sig_result["success"].as_bool().unwrap());
-        let signature = sig_result["signature"].as_array().unwrap()[0]
-            .as_array()
-            .unwrap()
-            .iter()
-            .map(|n| n.as_u64().unwrap() as u8)
-            .collect();
-        let signature = Signature::from_bytes(kp.public().get_key_format(), signature);
-        assert!(result);
-        assert!(kp.public().verify(&data, &signature).is_ok());
-    } else {
-        panic!("incorrect args: expected three arguments")
-    }
-}
-
 async fn binary(
     service: &str,
     func: &str,

diff --git a/particle-builtins/src/builtins.rs b/particle-builtins/src/builtins.rs
@@ -264,10 +264,6 @@ where
             ("sig", "verify") => wrap(self.verify(args, particle)),
             ("sig", "get_peer_id") => wrap(self.get_peer_id(particle)),
 
-            ("insecure_sig", "sign") => wrap(self.insecure_sign(args)),
-            ("insecure_sig", "verify") => wrap(self.insecure_verify(args)),
-            ("insecure_sig", "get_peer_id") => wrap(self.insecure_get_peer_id()),
-
             ("json", "obj") => wrap(json::obj(args)),
             ("json", "put") => wrap(json::put(args)),
             ("json", "puts") => wrap(json::puts(args)),
@@ -937,53 +933,6 @@ where
     fn get_peer_id(&self, params: ParticleParams) -> Result<JValue, JError> {
         Ok(JValue::String(params.host_id.to_base58()))
     }
-
-    fn insecure_sign(&self, args: Args) -> Result<JValue, JError> {
-        let mut args = args.function_args.into_iter();
-        let result: Result<JValue, JError> = try {
-            let data: Vec<u8> = Args::next("data", &mut args)?;
-            json!(self.key_manager.insecure_keypair.sign(&data)?.to_vec())
-        };
-
-        match result {
-            Ok(sig) => Ok(json!({
-                "success": true,
-                "error": [],
-                "signature": vec![sig]
-            })),
-
-            Err(error) => Ok(json!({
-                "success": false,
-                "error": vec![JValue::from(error)],
-                "signature": []
-            })),
-        }
-    }
-
-    fn insecure_verify(&self, args: Args) -> Result<JValue, JError> {
-        let mut args = args.function_args.into_iter();
-        let signature: Vec<u8> = Args::next("signature", &mut args)?;
-        let data: Vec<u8> = Args::next("data", &mut args)?;
-        let signature = Signature::from_bytes(
-            self.key_manager.insecure_keypair.public().get_key_format(),
-            signature,
-        );
-
-        Ok(JValue::Bool(
-            self.key_manager
-                .insecure_keypair
-                .public()
-                .verify(&data, &signature)
-                .is_ok(),
-        ))
-    }
-
-    fn insecure_get_peer_id(&self) -> Result<JValue, JError> {
-        Ok(JValue::String(
-            self.key_manager.insecure_keypair.get_peer_id().to_base58(),
-        ))
-    }
-
     fn vault_put(&self, args: Args, params: ParticleParams) -> Result<JValue, JError> {
         let mut args = args.function_args.into_iter();
         let data: String = Args::next("data", &mut args)?;