From fb12793482a6f1b2e1e084dc53a070baaf8596e4 Mon Sep 17 00:00:00 2001 From: Kim De Mey Date: Mon, 4 Jul 2022 09:38:02 +0200 Subject: [PATCH] Bump nim-eth and nim-bearssl and accompanying fixes (#1150) --- fluffy/common/common_utils.nim | 2 +- fluffy/network/wire/portal_stream.nim | 6 +-- fluffy/tests/test_content_db.nim | 5 +-- fluffy/tests/test_discovery_rpc.nim | 2 +- fluffy/tests/test_helpers.nim | 4 +- fluffy/tests/test_portal_wire_protocol.nim | 4 +- fluffy/tools/portalcli.nim | 7 +-- fluffy/tools/utp_testing/utp_test.nim | 51 ++++++++++------------ hive_integration/nodocker/rpc/vault.nim | 2 +- nimbus/context.nim | 2 +- nimbus/rpc/jwt_auth.nim | 10 ++--- nimbus/utils/pow.nim | 15 +++---- vendor/nim-bearssl | 2 +- vendor/nim-eth | 2 +- 14 files changed, 52 insertions(+), 62 deletions(-) diff --git a/fluffy/common/common_utils.nim b/fluffy/common/common_utils.nim index 2b7edf027..4c40714ae 100644 --- a/fluffy/common/common_utils.nim +++ b/fluffy/common/common_utils.nim @@ -50,7 +50,7 @@ proc loadBootstrapFile*(bootstrapFile: string, # However that would require the pull the keystore.nim and parts of # keystore_management.nim out of nimbus-eth2. proc getPersistentNetKey*( - rng: var BrHmacDrbgContext, keyFilePath: string, dataDir: string): + rng: var HmacDrbgContext, keyFilePath: string, dataDir: string): PrivateKey = logScope: key_file = keyFilePath diff --git a/fluffy/network/wire/portal_stream.nim b/fluffy/network/wire/portal_stream.nim index f57ae96ee..c058755ae 100644 --- a/fluffy/network/wire/portal_stream.nim +++ b/fluffy/network/wire/portal_stream.nim @@ -78,7 +78,7 @@ type contentOffers: seq[ContentOffer] connectionTimeout: Duration contentReadTimeout*: Duration - rng: ref BrHmacDrbgContext + rng: ref HmacDrbgContext udata: pointer contentHandler: ContentHandlerCallback @@ -102,7 +102,7 @@ proc addContentOffer*( # TODO: Should we check if `NodeId` & `connectionId` combo already exists? # What happens if we get duplicates? var connectionId: Bytes2 - brHmacDrbgGenerate(stream.rng[], connectionId) + stream.rng[].generate(connectionId) # uTP protocol uses BE for all values in the header, incl. connection id. let id = uint16.fromBytesBE(connectionId) @@ -122,7 +122,7 @@ proc addContentRequest*( # TODO: Should we check if `NodeId` & `connectionId` combo already exists? # What happens if we get duplicates? var connectionId: Bytes2 - brHmacDrbgGenerate(stream.rng[], connectionId) + stream.rng[].generate(connectionId) # uTP protocol uses BE for all values in the header, incl. connection id. let id = uint16.fromBytesBE(connectionId) diff --git a/fluffy/tests/test_content_db.nim b/fluffy/tests/test_content_db.nim index 12fb441d5..b32677ea1 100644 --- a/fluffy/tests/test_content_db.nim +++ b/fluffy/tests/test_content_db.nim @@ -15,12 +15,11 @@ import ../content_db, ./test_helpers -proc generateNRandomU256(rng: var BrHmacDrbgContext, n: int): seq[UInt256] = +proc generateNRandomU256(rng: var HmacDrbgContext, n: int): seq[UInt256] = var i = 0 var res = newSeq[Uint256]() while i < n: - var bytes = newSeq[byte](32) - brHmacDrbgGenerate(rng, bytes) + let bytes = rng.generateBytes(32) let num = Uint256.fromBytesBE(bytes) res.add(num) inc i diff --git a/fluffy/tests/test_discovery_rpc.nim b/fluffy/tests/test_discovery_rpc.nim index c360d8904..149c377b1 100644 --- a/fluffy/tests/test_discovery_rpc.nim +++ b/fluffy/tests/test_discovery_rpc.nim @@ -20,7 +20,7 @@ type TestCase = ref object server: RpcProxy client: RpcHttpClient -proc setupTest(rng: ref BrHmacDrbgContext): Future[TestCase] {.async.} = +proc setupTest(rng: ref HmacDrbgContext): Future[TestCase] {.async.} = let localSrvAddress = "127.0.0.1" localSrvPort = 8545 diff --git a/fluffy/tests/test_helpers.nim b/fluffy/tests/test_helpers.nim index 5cc5620b7..cb700d1f9 100644 --- a/fluffy/tests/test_helpers.nim +++ b/fluffy/tests/test_helpers.nim @@ -15,7 +15,7 @@ proc localAddress*(port: int): Address = Address(ip: ValidIpAddress.init("127.0.0.1"), port: Port(port)) proc initDiscoveryNode*( - rng: ref BrHmacDrbgContext, + rng: ref HmacDrbgContext, privKey: PrivateKey, address: Address, bootstrapRecords: openArray[Record] = [], @@ -36,7 +36,7 @@ proc initDiscoveryNode*( result.open() -proc genByteSeq*(length: int): seq[byte] = +proc genByteSeq*(length: int): seq[byte] = var i = 0 var resultSeq = newSeq[byte](length) while i < length: diff --git a/fluffy/tests/test_portal_wire_protocol.nim b/fluffy/tests/test_portal_wire_protocol.nim index a287a3b3f..083836e76 100644 --- a/fluffy/tests/test_portal_wire_protocol.nim +++ b/fluffy/tests/test_portal_wire_protocol.nim @@ -29,7 +29,7 @@ proc validateContent(content: openArray[byte], contentKey: ByteList): bool = true proc initPortalProtocol( - rng: ref BrHmacDrbgContext, + rng: ref HmacDrbgContext, privKey: PrivateKey, address: Address, bootstrapRecords: openArray[Record] = []): PortalProtocol = @@ -57,7 +57,7 @@ proc stopPortalProtocol(proto: PortalProtocol) {.async.} = proto.stop() await proto.baseProtocol.closeWait() -proc defaultTestSetup(rng: ref BrHmacDrbgContext): +proc defaultTestSetup(rng: ref HmacDrbgContext): (PortalProtocol, PortalProtocol) = let proto1 = diff --git a/fluffy/tools/portalcli.nim b/fluffy/tools/portalcli.nim index 2556e4ebf..71f77df76 100644 --- a/fluffy/tools/portalcli.nim +++ b/fluffy/tools/portalcli.nim @@ -268,11 +268,8 @@ proc run(config: PortalCliConf) = else: echo nodes.error of findcontent: - proc random(T: type UInt256, rng: var BrHmacDrbgContext): T = - var key: UInt256 - brHmacDrbgGenerate(addr rng, addr key, csize_t(sizeof(key))) - - key + proc random(T: type UInt256, rng: var HmacDrbgContext): T = + rng.generate(T) # For now just some random bytes let contentKey = ByteList.init(@[1'u8]) diff --git a/fluffy/tools/utp_testing/utp_test.nim b/fluffy/tools/utp_testing/utp_test.nim index e83465e66..de1fe8189 100644 --- a/fluffy/tools/utp_testing/utp_test.nim +++ b/fluffy/tools/utp_testing/utp_test.nim @@ -12,20 +12,15 @@ import eth/keys, ./utp_test_client -proc generateByteSeq(rng: var BrHmacDrbgContext, length: int): seq[byte] = - var bytes = newSeq[byte](length) - brHmacDrbgGenerate(rng, bytes) - return bytes - -proc generateByteSeqHex(rng: var BrHmacDrbgContext, length: int): string = - generateByteSeq(rng, length).toHex() +proc generateBytesHex(rng: var HmacDrbgContext, length: int): string = + rng.generateBytes(length).toHex() # Before running the suit, there need to be two instances of utp_test_app running # under provided ports (9042, 9041). # Those could be launched locally by running either # ./utp_test_app --udp-listen-address=127.0.0.1 --rpc-listen-address=0.0.0.0 --udp-port=9041 --rpc-port=9041 # ./utp_test_app --udp-listen-address=127.0.0.1 --rpc-listen-address=0.0.0.0 --udp-port=9042 --rpc-port=9042 -# or +# or # 1. running in docker dir: docker build -t test-utp --no-cache --build-arg BRANCH_NAME=branch-name . # 2. running in docker dir: SCENARIO="scenario name and params " docker-compose up procSuite "Utp integration tests": @@ -35,10 +30,10 @@ procSuite "Utp integration tests": let serverContainerAddress = "127.0.0.1" let serverContainerPort = Port(9041) - - type + + type FutureCallback[A] = proc (): Future[A] {.gcsafe, raises: [Defect].} - # combinator which repeatadly calls passed closure until returned future is + # combinator which repeatedly calls passed closure until returned future is # successfull # TODO: currently works only for non void types proc repeatTillSuccess[A](f: FutureCallback[A], maxTries: int = 20): Future[A] {.async.} = @@ -61,8 +56,8 @@ procSuite "Utp integration tests": proc findServerConnection( connections: openArray[SKey], clientId: NodeId, - clientConnectionId: uint16): Option[Skey] = - let conns: seq[SKey] = + clientConnectionId: uint16): Option[Skey] = + let conns: seq[SKey] = connections.filter((key:Skey) => key.id == (clientConnectionId + 1) and key.nodeId == clientId) if len(conns) == 0: none[Skey]() @@ -83,13 +78,13 @@ procSuite "Utp integration tests": # nodes need to have established session before the utp try discard await repeatTillSuccess(() => client.discv5_ping(serverInfo.nodeEnr)) - + return (client, clientInfo, server, serverInfo) asyncTest "Transfer 100k bytes of data over utp stream from client to server": let (client, clientInfo, server, serverInfo) = await setupTest() let numOfBytes = 100000 - let + let clientConnectionKey = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) serverConnections = await repeatTillSuccess(() => server.utp_get_connections()) maybeServerConnectionKey = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey.id) @@ -100,7 +95,7 @@ procSuite "Utp integration tests": let serverConnectionKey = maybeServerConnectionKey.unsafeGet() let - bytesToWrite = generateByteSeqHex(rng[], numOfBytes) + bytesToWrite = generateBytesHex(rng[], numOfBytes) writeRes = await client.utp_write(clientConnectionKey, bytesToWrite) readData = await server.utp_read(serverConnectionKey, numOfBytes) @@ -109,12 +104,12 @@ procSuite "Utp integration tests": readData == bytesToWrite asyncTest "Transfer 100k bytes of data over utp stream from server to client": - # In classic uTP this would not be possible, as when uTP works over udp + # In classic uTP this would not be possible, as when uTP works over udp # client needs to transfer first, but when working over discv5 it should be possible # to transfer data from server to client from the start let (client, clientInfo, server, serverInfo) = await setupTest() let numOfBytes = 100000 - let + let clientConnectionKey = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) serverConnections = await repeatTillSuccess(() => server.utp_get_connections()) maybeServerConnectionKey = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey.id) @@ -125,7 +120,7 @@ procSuite "Utp integration tests": let serverConnectionKey = maybeServerConnectionKey.unsafeGet() let - bytesToWrite = generateByteSeqHex(rng[], numOfBytes) + bytesToWrite = generateBytesHex(rng[], numOfBytes) writeRes = await server.utp_write(serverConnectionKey, bytesToWrite) readData = await client.utp_read(clientConnectionKey, numOfBytes) @@ -136,7 +131,7 @@ procSuite "Utp integration tests": asyncTest "Multiple 10k bytes transfers over utp stream": let (client, clientInfo, server, serverInfo) = await setupTest() let numOfBytes = 10000 - let + let clientConnectionKey = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) serverConnections = await repeatTillSuccess(() => server.utp_get_connections()) maybeServerConnectionKey = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey.id) @@ -147,9 +142,9 @@ procSuite "Utp integration tests": let serverConnectionKey = maybeServerConnectionKey.unsafeGet() let - bytesToWrite = generateByteSeqHex(rng[], numOfBytes) - bytesToWrite1 = generateByteSeqHex(rng[], numOfBytes) - bytesToWrite2 = generateByteSeqHex(rng[], numOfBytes) + bytesToWrite = generateBytesHex(rng[], numOfBytes) + bytesToWrite1 = generateBytesHex(rng[], numOfBytes) + bytesToWrite2 = generateBytesHex(rng[], numOfBytes) writeRes = await client.utp_write(clientConnectionKey, bytesToWrite) writeRes1 = await client.utp_write(clientConnectionKey, bytesToWrite1) writeRes2 = await client.utp_write(clientConnectionKey, bytesToWrite2) @@ -166,12 +161,12 @@ procSuite "Utp integration tests": asyncTest "Handle mulitplie sockets over one utp server instance ": let (client, clientInfo, server, serverInfo) = await setupTest() let numOfBytes = 10000 - let + let clientConnectionKey1 = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) clientConnectionKey2 = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) clientConnectionKey3 = await repeatTillSuccess(() => client.utp_connect(serverInfo.nodeEnr)) serverConnections = await repeatTillSuccess(() => server.utp_get_connections()) - + maybeServerConnectionKey1 = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey1.id) maybeServerConnectionKey2 = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey2.id) maybeServerConnectionKey3 = serverConnections.findServerConnection(clientInfo.nodeId, clientConnectionKey3.id) @@ -186,9 +181,9 @@ procSuite "Utp integration tests": let serverConnectionKey3 = maybeServerConnectionKey3.unsafeGet() let - bytesToWrite1 = generateByteSeqHex(rng[], numOfBytes) - bytesToWrite2 = generateByteSeqHex(rng[], numOfBytes) - bytesToWrite3 = generateByteSeqHex(rng[], numOfBytes) + bytesToWrite1 = generateBytesHex(rng[], numOfBytes) + bytesToWrite2 = generateBytesHex(rng[], numOfBytes) + bytesToWrite3 = generateBytesHex(rng[], numOfBytes) writeRes1 = await client.utp_write(clientConnectionKey1, bytesToWrite1) writeRes2 = await client.utp_write(clientConnectionKey2, bytesToWrite2) diff --git a/hive_integration/nodocker/rpc/vault.nim b/hive_integration/nodocker/rpc/vault.nim index ec190df78..68ea04daf 100644 --- a/hive_integration/nodocker/rpc/vault.nim +++ b/hive_integration/nodocker/rpc/vault.nim @@ -40,7 +40,7 @@ type # Created accounts are tracked in this map. accounts: Table[EthAddress, PrivateKey] - rng: ref BrHmacDrbgContext + rng: ref HmacDrbgContext chainID: ChainID gasPrice: GasInt vaultKey: PrivateKey diff --git a/nimbus/context.nim b/nimbus/context.nim index 66bde6b81..70ec4ed46 100644 --- a/nimbus/context.nim +++ b/nimbus/context.nim @@ -19,7 +19,7 @@ type am*: AccountsManager # You should only create one instance of the RNG per application / library # Ref is used so that it can be shared between components - rng*: ref BrHmacDrbgContext + rng*: ref HmacDrbgContext proc newEthContext*(): EthContext = result = new(EthContext) diff --git a/nimbus/rpc/jwt_auth.nim b/nimbus/rpc/jwt_auth.nim index 28e889fd4..44457b102 100644 --- a/nimbus/rpc/jwt_auth.nim +++ b/nimbus/rpc/jwt_auth.nim @@ -14,7 +14,7 @@ import std/[base64, json, options, os, strutils, times], - bearssl, + bearssl/rand, chronicles, chronos, chronos/apps/http/httptable, @@ -54,7 +54,7 @@ type JwtGenSecret* = ##\ ## Random generator function producing a shared key. Typically, this\ ## will be a wrapper around a random generator type, such as\ - ## `BrHmacDrbgContext`. + ## `HmacDrbgContext`. proc(): JwtSharedKey {.gcsafe.} JwtExcept* = object of CatchableError @@ -183,7 +183,7 @@ proc fromHex*(key: var JwtSharedKey, src: string): Result[void,JwtError] = except ValueError: err(jwtKeyInvalidHexString) -proc jwtGenSecret*(rng: ref BrHmacDrbgContext): JwtGenSecret = +proc jwtGenSecret*(rng: ref HmacDrbgContext): JwtGenSecret = ## Standard shared key random generator. If a fixed key is needed, a ## function like ## :: @@ -195,7 +195,7 @@ proc jwtGenSecret*(rng: ref BrHmacDrbgContext): JwtGenSecret = ## only. result = proc: JwtSharedKey = var data: array[jwtMinSecretLen,byte] - rng[].brHmacDrbgGenerate(data) + rng[].generate(data) data.JwtSharedKey proc jwtSharedSecret*(rndSecret: JwtGenSecret; config: NimbusConf): @@ -255,7 +255,7 @@ proc jwtSharedSecret*(rndSecret: JwtGenSecret; config: NimbusConf): except ValueError: return err(jwtKeyInvalidHexString) -proc jwtSharedSecret*(rng: ref BrHmacDrbgContext; config: NimbusConf): +proc jwtSharedSecret*(rng: ref HmacDrbgContext; config: NimbusConf): Result[JwtSharedKey, JwtError] {.gcsafe, raises: [Defect,JwtExcept].} = ## Variant of `jwtSharedSecret()` with explicit random generator argument. diff --git a/nimbus/utils/pow.nim b/nimbus/utils/pow.nim index b013bf1cf..d7c57b0bc 100644 --- a/nimbus/utils/pow.nim +++ b/nimbus/utils/pow.nim @@ -16,7 +16,6 @@ import std/[options, strutils], ../utils, ./pow/[pow_cache, pow_dataset], - bearssl, eth/[common, keys, p2p, rlp], ethash, nimcrypto, @@ -63,7 +62,7 @@ type # You should only create one instance of the RNG per application / library # Ref is used so that it can be shared between components - rng: ref BrHmacDrbgContext + rng: ref HmacDrbgContext # ------------------------------------------------------------------------------ # Private functions: RLP support @@ -161,7 +160,7 @@ proc mineFull(tm: PowRef; blockNumber: BlockNumber; powHeaderDigest: Hash256, # --------------- proc init(tm: PowRef; - rng: Option[ref BrHmacDrbgContext]; + rng: Option[ref HmacDrbgContext]; light: Option[PowCacheRef]; full: Option[PowDatasetRef]) = ## Constructor @@ -185,7 +184,7 @@ proc init(tm: PowRef; # ------------------------------------------------------------------------------ proc new*(T: type PowRef; - rng: ref BrHmacDrbgContext; + rng: ref HmacDrbgContext; cache: PowCacheRef; dataset: PowDatasetRef): T = ## Constructor @@ -197,9 +196,9 @@ proc new*(T: type PowRef; cache: PowCacheRef; dataset: PowDatasetRef): T = ## Constructor new result result.init( - none(ref BrHmacDrbgContext), some(cache), some(dataset)) + none(ref HmacDrbgContext), some(cache), some(dataset)) -proc new*(T: type PowRef; rng: ref BrHmacDrbgContext): T = +proc new*(T: type PowRef; rng: ref HmacDrbgContext): T = ## Constructor new result result.init( @@ -209,7 +208,7 @@ proc new*(T: type PowRef): T = ## Constructor new result result.init( - none(ref BrHmacDrbgContext), none(PowCacheRef), none(PowDatasetRef)) + none(ref HmacDrbgContext), none(PowCacheRef), none(PowDatasetRef)) # ------------------------------------------------------------------------------ # Public functions @@ -298,7 +297,7 @@ proc getNonce*(tm: PowRef; number: BlockNumber; powHeaderDigest: Hash256; {.gcsafe,raises: [Defect,CatchableError].} = ## Variant of `getNonce()` var startNonce: array[8,byte] - tm.rng[].brHmacDrbgGenerate(startNonce) + tm.rng[].generate(startNonce) tm.getNonce(number, powHeaderDigest, difficulty, startNonce) proc getNonce*(tm: PowRef; header: BlockHeader): BlockNonce diff --git a/vendor/nim-bearssl b/vendor/nim-bearssl index 65b74302e..32e125015 160000 --- a/vendor/nim-bearssl +++ b/vendor/nim-bearssl @@ -1 +1 @@ -Subproject commit 65b74302e03912ab5bde64b6da10d05896139007 +Subproject commit 32e125015ae4251675763842366380795a91b722 diff --git a/vendor/nim-eth b/vendor/nim-eth index 8761ea322..2c08626ed 160000 --- a/vendor/nim-eth +++ b/vendor/nim-eth @@ -1 +1 @@ -Subproject commit 8761ea3222f8d4fbd7ebae6755665e791499d7f2 +Subproject commit 2c08626ed8261fa18adc22eaf465b57931b88a65