Eth keys (#482)

* bump nim-eth, fix deprecated calls

nimbus/config.nim

@@ -190,7 +190,7 @@ proc privateChainConfig*(): ChainConfig =
     constantinopleBlock: config.customGenesis.constantinopleBlock,
   )
   trace "Custom genesis block configuration loaded", configuration=result
-  
+
 proc publicChainConfig*(id: PublicNetwork): ChainConfig =
   result = case id
   of MainNet:
@@ -254,7 +254,7 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
 
   proc parseConfig(T: type, c: JsonNode, field: string): T =
     when T is string:
-      c[field].getStr()    
+      c[field].getStr()
     elif T is Uint256:
       parseHexInt(c[field].getStr()).u256
     elif T is bool:
@@ -273,7 +273,7 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
       hexToSeqByte(c[field].getStr())
     elif T is int64:
       fromHex[int64](c[field].getStr())
-    
+
 
   template validateConfigValue(chainDetails, field, jtype, T: untyped, checkError: static[bool] = true) =
     let fieldName = field.astToStr()
@@ -287,10 +287,10 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
       when checkError:
         error "No value found in genesis block for", fieldName
         quit(1)
-  
+
-  let config = getConfiguration() 
+  let config = getConfiguration()
   result = Success
-  var 
+  var
     chainId = 0.uint
     homesteadBlock, daoForkblock, eip150Block, eip155Block, eip158Block, byzantiumBlock, constantinopleBlock = 0.toBlockNumber
     eip150Hash, mixHash : MDigest[256]
@@ -313,7 +313,7 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
     validateConfigValue(forkDetails, daoForkSupport, JBool, bool, checkError=false)
     if daoForkSupport == true:
       checkForFork(forkDetails, daoForkBlock, 0.toBlockNumber)
-  
+
     checkForFork(forkDetails, eip150Block, homesteadBlock)
     validateConfigValue(forkDetails, eip150Hash, JString, Hash256)
     checkForFork(forkDetails, eip155Block, eip150Block)
@@ -333,7 +333,7 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
   validateConfigValue(customGenesis, mixHash, JString, Hash256)
   validateConfigValue(customGenesis, coinbase, JString, EthAddress, checkError = false)
   validateConfigValue(customGenesis, timestamp, JString, EthTime, checkError = false)
-  
+
   config.customGenesis = CustomGenesisConfig(
     chainId:          chainId,
     homesteadBlock:   homesteadBlock,
@@ -353,7 +353,7 @@ proc processCustomGenesisConfig(customGenesis: JsonNode): ConfigStatus =
     coinbase:         coinbase,
     timestamp:        timestamp
   )
-  
+
 proc processList(v: string, o: var seq[string]) =
   ## Process comma-separated list of strings.
   if len(v) > 0:
@@ -450,11 +450,12 @@ proc processENodesList(v: string, o: var seq[ENode]): ConfigStatus =
 
 proc processPrivateKey(v: string, o: var PrivateKey): ConfigStatus =
   ## Convert hexadecimal string to private key object.
-  try:
+  let seckey = PrivateKey.fromHex(v)
-    o = initPrivateKey(v)
+  if seckey.isOk():
-    result = Success
+    o = seckey[]
-  except CatchableError:
+    return Success
-    result = ErrorParseOption
+
+  result = ErrorParseOption
 
 # proc processHexBytes(v: string, o: var seq[byte]): ConfigStatus =
 #   ## Convert hexadecimal string to seq[byte].

nimbus/nimbus.nim

@@ -75,12 +75,10 @@ proc start() =
     setupCommonRpc(nimbus.rpcServer)
 
   ## Creating P2P Server
-  if conf.net.nodekey.isZeroKey():
+  if not conf.net.nodekey.verify():
-    conf.net.nodekey = newPrivateKey()
+    conf.net.nodekey = PrivateKey.random().tryGet()
 
-  var keypair: KeyPair
+  let keypair = conf.net.nodekey.toKeyPair().tryGet()
-  keypair.seckey = conf.net.nodekey
-  keypair.pubkey = conf.net.nodekey.getPublicKey()
 
   var address: Address
   address.ip = parseIpAddress("0.0.0.0")
@@ -113,7 +111,7 @@ proc start() =
   if canonicalHeadHashKey().toOpenArray notin trieDB:
     initializeEmptyDb(chainDb)
     doAssert(canonicalHeadHashKey().toOpenArray in trieDB)
-  
+
   nimbus.ethNode = newEthereumNode(keypair, address, conf.net.networkId,
                                    nil, nimbusClientId,
                                    addAllCapabilities = false,
@@ -145,7 +143,7 @@ proc start() =
         nimbus.state = Stopping
       result = "EXITING"
     nimbus.rpcServer.start()
- 
+
   # metrics server
   when defined(insecure):
     if conf.net.metricsServer:

nimbus/rpc/hexstrings.nim

@@ -211,10 +211,10 @@ proc `%`*(value: Bytes): JsonNode =
 # Helpers for the fromJson procs
 
 proc toPublicKey*(key: string): PublicKey {.inline.} =
-  result = initPublicKey(key[4 .. ^1])
+  result = PublicKey.fromHex(key[4 .. ^1]).tryGet()
 
 proc toPrivateKey*(key: string): PrivateKey {.inline.} =
-  result = initPrivateKey(key[2 .. ^1])
+  result = PrivateKey.fromHex(key[2 .. ^1]).tryGet()
 
 proc toSymKey*(key: string): SymKey {.inline.} =
   hexToByteArray(key[2 .. ^1], result)

nimbus/rpc/p2p.nim

@@ -226,7 +226,7 @@ proc setupEthRpc*(node: EthereumNode, chain: BaseChainDB, rpcsrv: RpcServer) =
   template sign(privateKey: PrivateKey, message: string): string =
     # TODO: Is message length encoded as bytes or characters?
     let msgData = "\x19Ethereum Signed Message:\n" & $message.len & message
-    $signMessage(privateKey, msgData)
+    $sign(privateKey, msgData.toBytes()).tryGet()
 
   rpcsrv.rpc("eth_sign") do(data: EthAddressStr, message: HexDataStr) -> HexDataStr:
     ## The sign method calculates an Ethereum specific signature with: sign(keccak256("\x19Ethereum Signed Message:\n" + len(message) + message))).

nimbus/rpc/waku.nim

@@ -1,5 +1,5 @@
 import
-  json_rpc/rpcserver, tables, options, sequtils,
+  json_rpc/rpcserver, tables, options,
   eth/[common, rlp, keys, p2p], eth/p2p/rlpx_protocols/waku_protocol,
   nimcrypto/[sysrand, hmac, sha2, pbkdf2],
   rpc_types, hexstrings, key_storage
@@ -70,7 +70,7 @@ proc setupWakuRPC*(node: EthereumNode, keys: KeyStorage, rpcsrv: RpcServer) =
     ##
     ## Returns key identifier on success and an error on failure.
     result = generateRandomID().Identifier
-    keys.asymKeys.add(result.string, newKeyPair())
+    keys.asymKeys.add(result.string, KeyPair.random().tryGet())
 
   rpcsrv.rpc("waku_addPrivateKey") do(key: PrivateKey) -> Identifier:
     ## Stores the key pair, and returns its ID.
@@ -80,7 +80,7 @@ proc setupWakuRPC*(node: EthereumNode, keys: KeyStorage, rpcsrv: RpcServer) =
     ## Returns key identifier on success and an error on failure.
     result = generateRandomID().Identifier
 
-    keys.asymKeys.add(result.string, key.toKeyPair())
+    keys.asymKeys.add(result.string, key.toKeyPair().tryGet())
 
   rpcsrv.rpc("waku_deleteKeyPair") do(id: Identifier) -> bool:
     ## Deletes the specifies key if it exists.

nimbus/rpc/whisper.nim

@@ -71,7 +71,7 @@ proc setupWhisperRPC*(node: EthereumNode, keys: KeyStorage, rpcsrv: RpcServer) =
     ##
     ## Returns key identifier on success and an error on failure.
     result = generateRandomID().Identifier
-    keys.asymKeys.add(result.string, newKeyPair())
+    keys.asymKeys.add(result.string, KeyPair.random().tryGet())
 
   rpcsrv.rpc("shh_addPrivateKey") do(key: PrivateKey) -> Identifier:
     ## Stores the key pair, and returns its ID.
@@ -81,7 +81,7 @@ proc setupWhisperRPC*(node: EthereumNode, keys: KeyStorage, rpcsrv: RpcServer) =
     ## Returns key identifier on success and an error on failure.
     result = generateRandomID().Identifier
 
-    keys.asymKeys.add(result.string, key.toKeyPair())
+    keys.asymKeys.add(result.string, key.toKeyPair().tryGet())
 
   rpcsrv.rpc("shh_deleteKeyPair") do(id: Identifier) -> bool:
     ## Deletes the specifies key if it exists.

nimbus/transaction.nim

@@ -44,7 +44,11 @@ proc getSignature*(transaction: Transaction, output: var Signature): bool =
     return false
 
   bytes[64] = byte(v - 27)
-  result = recoverSignature(bytes, output) == EthKeysStatus.Success
+  let sig = Signature.fromRaw(bytes)
+  if sig.isOk:
+    output = sig[]
+    return true
+  return false
 
 proc toSignature*(transaction: Transaction): Signature =
   if not getSignature(transaction, result):
@@ -54,10 +58,10 @@ proc getSender*(transaction: Transaction, output: var EthAddress): bool =
   ## Find the address the transaction was sent from.
   var sig: Signature
   if transaction.getSignature(sig):
-    var pubKey: PublicKey
     var txHash = transaction.txHashNoSignature
-    if recoverSignatureKey(sig, txHash.data, pubKey) == EthKeysStatus.Success:
+    let pubkey = recover(sig, txHash)
-      output = pubKey.toCanonicalAddress()
+    if pubkey.isOk:
+      output = pubkey[].toCanonicalAddress()
       result = true
 
 proc getSender*(transaction: Transaction): EthAddress =

nimbus/vm/precompiles.nim

@@ -42,8 +42,10 @@ proc getSignature(computation: Computation): (array[32, byte], Signature) =
       # Copy message data to buffer
       bytes[0..(maxPos-64)] = data[64..maxPos]
 
-    if recoverSignature(bytes, result[1]) != EthKeysStatus.Success:
+    let sig = Signature.fromRaw(bytes)
+    if sig.isErr:
       raise newException(ValidationError, "Could not recover signature computation")
+    result[1] = sig[]
 
     # extract message hash, only need to copy when there is a valid signature
     result[0][0..31] = data[0..31]
@@ -98,14 +100,14 @@ proc ecRecover*(computation: Computation) =
 
   var
     (msgHash, sig) = computation.getSignature()
-    pubKey: PublicKey
 
-  if sig.recoverSignatureKey(msgHash, pubKey) != EthKeysStatus.Success:
+  var pubkey = recover(sig, SkMessage(data: msgHash))
+  if pubkey.isErr:
     raise newException(ValidationError, "Could not derive public key from computation")
 
   computation.output.setLen(32)
-  computation.output[12..31] = pubKey.toCanonicalAddress()
+  computation.output[12..31] = pubkey[].toCanonicalAddress()
-  trace "ECRecover precompile", derivedKey = pubKey.toCanonicalAddress()
+  trace "ECRecover precompile", derivedKey = pubkey[].toCanonicalAddress()
 
 proc sha256*(computation: Computation) =
   let

tests/test_helpers.nim

@@ -192,9 +192,9 @@ proc getFixtureTransaction*(j: JsonNode, dataIndex, gasIndex, valueIndex: int):
 
   var secretKey = j["secretKey"].getStr
   removePrefix(secretKey, "0x")
-  let privateKey = initPrivateKey(secretKey)
+  let privateKey = PrivateKey.fromHex(secretKey).tryGet()
-  let sig = signMessage(privateKey, result.rlpEncode)
+  let sig = sign(privateKey, result.rlpEncode).tryGet()
-  let raw = sig.getRaw()
+  let raw = sig.toRaw()
 
   result.R = fromBytesBE(Uint256, raw[0..31])
   result.S = fromBytesBE(Uint256, raw[32..63])
@@ -206,15 +206,16 @@ proc hashLogEntries*(logs: seq[Log]): string =
 proc setupEthNode*(capabilities: varargs[ProtocolInfo, `protocolInfo`]): EthereumNode =
   var
     conf = getConfiguration()
-    keypair: KeyPair
+  if not conf.net.nodekey.verify():
-  keypair.seckey = conf.net.nodekey
+    conf.net.nodekey = PrivateKey.random().tryGet()
-  keypair.pubkey = conf.net.nodekey.getPublicKey()
+  let keypair = conf.net.nodekey.toKeyPair().tryGet()
 
   var srvAddress: Address
   srvAddress.ip = parseIpAddress("0.0.0.0")
   srvAddress.tcpPort = Port(conf.net.bindPort)
   srvAddress.udpPort = Port(conf.net.discPort)
-  result = newEthereumNode(keypair, srvAddress, conf.net.networkId,
+  result = newEthereumNode(
-                              nil, "nimbus 0.1.0", addAllCapabilities = false)
+    keypair, srvAddress, conf.net.networkId, nil, "nimbus 0.1.0",
+    addAllCapabilities = false)
   for capability in capabilities:
     result.addCapability capability

tests/test_rpc_whisper.nim

@@ -65,7 +65,7 @@ proc doTests {.async.} =
       let keyID2 = await client.shh_addPrivateKey(privkey)
       check:
         await(client.shh_getPublicKey(keyID2)) == pubkey.toPublicKey
-        await(client.shh_getPrivateKey(keyID2)) == privkey.toPrivateKey
+        await(client.shh_getPrivateKey(keyID2)).toRaw() == privkey.toPrivateKey.toRaw()
         await(client.shh_hasKeyPair(keyID2)) == true
         await(client.shh_deleteKeyPair(keyID2)) == true
         await(client.shh_hasKeyPair(keyID2)) == false

vendor/nim-eth

@@ -1 +1 @@
-Subproject commit 9c442bf65b52a4c857cc6e51efe901352e8b6ebf
+Subproject commit ac5bbe4d3d04ca1baf455f5a7e22a04692bcc73a

vendor/nim-stew

@@ -1 +1 @@
-Subproject commit 76beeb769e30adc912d648c014fd95bf748fef24
+Subproject commit 9414202d53fac99a0b1af33acac816ff9236e6d0

waku/config.nim

@@ -84,7 +84,7 @@ type
 
     nodekey* {.
       desc: "P2P node private key as hex.",
-      defaultValue: newKeyPair()
+      defaultValue: KeyPair.random().tryGet()
       name: "nodekey" }: KeyPair
     # TODO: Add nodekey file option
 
@@ -135,8 +135,8 @@ type
 proc parseCmdArg*(T: type KeyPair, p: TaintedString): T =
   try:
     # TODO: add isValidPrivateKey check from Nimbus?
-    result.seckey = initPrivateKey(p)
+    result.seckey = PrivateKey.fromHex(string(p)).tryGet()
-    result.pubkey = result.seckey.getPublicKey()
+    result.pubkey = result.seckey.toPublicKey()[]
   except CatchableError as e:
     raise newException(ConfigurationError, "Invalid private key")
 

waku/start_network.nim

@@ -45,7 +45,7 @@ proc initNodeCmd(nodeType: NodeType, shift: int, staticNodes: seq[string] = @[],
     discovery = false, bootNodes: seq[string] = @[], topicInterest = false,
     master = false, label: string): NodeInfo =
   let
-    keypair = newKeyPair()
+    keypair = KeyPair.random().tryGet()
     address = Address(ip: parseIpAddress("127.0.0.1"),
       udpPort: (30303 + shift).Port, tcpPort: (30303 + shift).Port)
     enode = ENode(pubkey: keypair.pubkey, address: address)

wrappers/libnimbus.nim

@@ -95,16 +95,21 @@ proc nimbus_start(port: uint16, startListening: bool, enableDiscovery: bool,
 
   var keypair: KeyPair
   if privateKey.isNil:
-    keypair = newKeyPair()
+    var kp = KeyPair.random()
+    if kp.isErr:
+      error "Can't generate keypair", err = kp.error
+      return false
+    keypair = kp[]
   else:
-    try:
+    let
-      let privKey = initPrivateKey(makeOpenArray(privateKey, 32))
+      privKey = PrivateKey.fromRaw(makeOpenArray(privateKey, 32))
-      keypair = privKey.toKeyPair()
+      kp = privKey and privKey[].toKeyPair()
-
+    if kp.isErr:
-    except EthKeysException:
       error "Passed an invalid private key."
       return false
 
+    keypair = kp[]
+
   node = newEthereumNode(keypair, address, 1, nil, addAllCapabilities = false)
   node.addCapability Whisper
 
@@ -135,7 +140,7 @@ proc nimbus_add_peer(nodeId: cstring): bool {.exportc, dynlib.} =
   discard initENode($nodeId, whisperENode)
   try:
     whisperNode = newNode(whisperENode)
-  except Secp256k1Exception:
+  except CatchableError:
     return false
 
   # TODO: call can create `Exception`, why?
@@ -145,7 +150,7 @@ proc nimbus_add_peer(nodeId: cstring): bool {.exportc, dynlib.} =
 # Whisper API (Similar to Whisper JSON-RPC API)
 
 proc nimbus_channel_to_topic(channel: cstring): CTopic
-    {.exportc, dynlib, raises: [].} =
+    {.exportc, dynlib, raises: [Defect].} =
   # Only used for the example, to conveniently convert channel to topic.
   doAssert(not channel.isNil, "Channel cannot be nil.")
 
@@ -156,32 +161,41 @@ proc nimbus_channel_to_topic(channel: cstring): CTopic
 # Asymmetric Keys
 
 proc nimbus_new_keypair(id: var Identifier): bool
-    {.exportc, dynlib, raises: [].} =
+    {.exportc, dynlib, raises: [Defect].} =
   ## Caller needs to provide as id a pointer to 32 bytes allocation.
   doAssert(not (unsafeAddr id).isNil, "Key id cannot be nil.")
 
   id = generateRandomID()
   try:
-    whisperKeys.asymKeys.add(id.toHex(), newKeyPair())
+    whisperKeys.asymKeys.add(id.toHex(), KeyPair.random().tryGet())
     result = true
-  except Secp256k1Exception:
+  except CatchableError:
     # Don't think this can actually happen, comes from the `getPublicKey` part
     # in `newKeyPair`
     discard
 
 proc nimbus_add_keypair(privateKey: ptr byte, id: var Identifier):
-    bool {.exportc, dynlib, raises: [OSError, IOError, ValueError].} =
+    bool {.exportc, dynlib, raises: [Defect, OSError, IOError, ValueError].} =
   ## Caller needs to provide as id a pointer to 32 bytes allocation.
   doAssert(not (unsafeAddr id).isNil, "Key id cannot be nil.")
   doAssert(not privateKey.isNil, "Private key cannot be nil.")
 
   var keypair: KeyPair
-  try:
+  if privateKey.isNil:
-    let privKey = initPrivateKey(makeOpenArray(privateKey, 32))
+    var kp = KeyPair.random()
-    keypair = privKey.toKeyPair()
+    if kp.isErr:
-  except EthKeysException, Secp256k1Exception:
+      error "Can't generate keypair", err = kp.error
-    error "Passed an invalid private key."
+      return false
-    return false
+    keypair = kp[]
+  else:
+    let
+      privKey = PrivateKey.fromRaw(makeOpenArray(privateKey, 32))
+      kp = privKey and privKey[].toKeyPair()
+    if kp.isErr:
+      error "Passed an invalid private key."
+      return false
+
+    keypair = kp[]
 
   result = true
   id = generateRandomID()
@@ -277,11 +291,11 @@ proc nimbus_post(message: ptr CPostMessage): bool {.exportc, dynlib.} =
     return false
 
   if not message.pubKey.isNil():
-    try:
+    let pubkey = PublicKey.fromRaw(makeOpenArray(message.pubKey, 64))
-      asymKey = some(initPublicKey(makeOpenArray(message.pubKey, 64)))
+    if pubkey.isErr:
-    except EthKeysException:
       error "Passed an invalid public key for encryption."
       return false
+    asymKey = some(pubkey[])
 
   try:
     if not message.symKeyID.isNil():
@@ -340,11 +354,11 @@ proc nimbus_subscribe_filter(options: ptr CFilterOptions,
     return false
 
   if not options.source.isNil():
-    try:
+    let pubkey = PublicKey.fromRaw(makeOpenArray(options.source, 64))
-      src = some(initPublicKey(makeOpenArray(options.source, 64)))
+    if pubkey.isErr:
-    except EthKeysException:
       error "Passed an invalid public key as source."
       return false
+    src = some(pubkey[])
 
   try:
     if not options.symKeyID.isNil():
@@ -377,11 +391,11 @@ proc nimbus_subscribe_filter(options: ptr CFilterOptions,
       recipientPublicKey: array[RawPublicKeySize, byte]
     if msg.decoded.src.isSome():
       # Need to pass the serialized form
-      source = msg.decoded.src.get().getRaw()
+      source = msg.decoded.src.get().toRaw()
       cmsg.source = addr source[0]
     if msg.dst.isSome():
       # Need to pass the serialized form
-      recipientPublicKey = msg.decoded.src.get().getRaw()
+      recipientPublicKey = msg.decoded.src.get().toRaw()
       cmsg.recipientPublicKey = addr recipientPublicKey[0]
 
     handler(addr cmsg, udata)
@@ -456,7 +470,7 @@ proc nimbus_join_public_chat(channel: cstring,
 # TODO: How would we do key management? In nimbus (like in rpc) or in status go?
 proc nimbus_post_public(channel: cstring, payload: cstring)
     {.exportc, dynlib.} =
-  let encPrivateKey = initPrivateKey("5dc5381cae54ba3174dc0d46040fe11614d0cc94d41185922585198b4fcef9d3")
+  let encPrivateKey = PrivateKey.fromHex("5dc5381cae54ba3174dc0d46040fe11614d0cc94d41185922585198b4fcef9d3")[]
 
   var ctx: HMAC[sha256]
   var symKey: SymKey