Remove teku BLS dependency (#16)

-- Pass public key to encrypt method rather than calculating it from private key -- Change version to 0.0.2-SNAPSHOT as this is a breaking change with 0.0.1-SNAPSHOT -- Fix errorprone checks to allow build with JDK12+ Signed-off-by: Usman Saleem <[email protected]>
Consensys · Mar 25, 2020 · 8998ff1 · 8998ff1
1 parent 0158b56
commit 8998ff1
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 13 deletions.
diff --git a/bls-keystore/build.gradle b/bls-keystore/build.gradle
@@ -21,7 +21,6 @@ jar {
 }
 
 dependencies {
-  implementation 'tech.pegasys.teku.internal:bls'
   implementation 'com.fasterxml.jackson.core:jackson-databind'
   implementation 'org.bouncycastle:bcprov-jdk15on'
   implementation 'com.google.guava:guava'

diff --git a/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java b/bls-keystore/src/main/java/tech/pegasys/signers/bls/keystore/KeyStore.java
@@ -18,8 +18,6 @@
 import static org.apache.tuweni.bytes.Bytes.concatenate;
 import static org.apache.tuweni.crypto.Hash.sha2_256;
 
-import tech.pegasys.artemis.util.mikuli.PublicKey;
-import tech.pegasys.artemis.util.mikuli.SecretKey;
 import tech.pegasys.signers.bls.keystore.model.Checksum;
 import tech.pegasys.signers.bls.keystore.model.Cipher;
 import tech.pegasys.signers.bls.keystore.model.Crypto;
@@ -33,7 +31,6 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.apache.tuweni.bytes.Bytes;
-import org.apache.tuweni.bytes.Bytes48;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 
 /**
@@ -47,7 +44,9 @@ public class KeyStore {
   /**
    * Encrypt the given BLS12-381 key with specified password.
    *
-   * @param blsPrivateKey BLS12-381 private key in Bytes
+   * @param blsPrivateKey BLS12-381 private key in Bytes to encrypt. It is not validated to be a
+   *     valid BLS12-381 key.
+   * @param blsPublicKey BLS12-381 public key in Bytes. It is not validated and stored as it is.
    * @param password The password to use for encryption
    * @param path Path as defined in EIP-2334. Can be empty String.
    * @param kdfParam crypto function such as scrypt or PBKDF2 and related parameters such as dklen,
@@ -58,12 +57,14 @@ public class KeyStore {
    */
   public static KeyStoreData encrypt(
       final Bytes blsPrivateKey,
+      final Bytes blsPublicKey,
       final String password,
       final String path,
       final KdfParam kdfParam,
       final Cipher cipher) {
 
     checkNotNull(blsPrivateKey, "PrivateKey cannot be null");
+    checkNotNull(blsPublicKey, "PublicKey cannot be null");
     checkNotNull(password, "Password cannot be null");
     checkNotNull(path, "Path cannot be null");
     checkNotNull(kdfParam, "KDFParam cannot be null");
@@ -73,9 +74,7 @@ public static KeyStoreData encrypt(
     cipher.validate();
 
     final Crypto crypto = encryptUsingCipherFunction(blsPrivateKey, password, kdfParam, cipher);
-    final Bytes pubKey =
-        new PublicKey(SecretKey.fromBytes(Bytes48.leftPad(blsPrivateKey))).toBytesCompressed();
-    return new KeyStoreData(crypto, pubKey, path);
+    return new KeyStoreData(crypto, blsPublicKey, path);
   }
 
   private static Crypto encryptUsingCipherFunction(

diff --git a/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java b/bls-keystore/src/test/java/tech/pegasys/signers/bls/keystore/KeyStoreTest.java
@@ -124,7 +124,7 @@ private KeyStoreData loadKeyStoreFromResource(final String resourcePath) {
   void encryptWithKdfAndCipherFunction(
       final KdfParam kdfParam, final Bytes expectedChecksum, final Bytes encryptedCipherMessage) {
     final KeyStoreData keyStoreData =
-        KeyStore.encrypt(BLS_PRIVATE_KEY, PASSWORD, "", kdfParam, CIPHER);
+        KeyStore.encrypt(BLS_PRIVATE_KEY, BLS_PUB_KEY, PASSWORD, "", kdfParam, CIPHER);
     assertThat(keyStoreData.getCrypto().getChecksum().getMessage()).isEqualTo(expectedChecksum);
     assertThat(keyStoreData.getCrypto().getCipher().getMessage()).isEqualTo(encryptedCipherMessage);
     assertThat(keyStoreData.getVersion()).isEqualTo(KeyStoreData.KEYSTORE_VERSION);
@@ -207,7 +207,7 @@ void encryptUsingPBKDF2AndSaveKeyStore(@TempDir final Path tempDir) throws IOExc
   private void encryptSaveAndReloadKeyStore(final Path tempDir, final KdfParam kdfParam)
       throws IOException {
     final KeyStoreData keyStoreData =
-        KeyStore.encrypt(BLS_PRIVATE_KEY, PASSWORD, "", kdfParam, CIPHER);
+        KeyStore.encrypt(BLS_PRIVATE_KEY, BLS_PUB_KEY, PASSWORD, "", kdfParam, CIPHER);
     final Path tempKeyStoreFile = Files.createTempFile(tempDir, "keystore", ".json");
     assertThatCode(() -> KeyStoreLoader.saveToFile(tempKeyStoreFile, keyStoreData))
         .doesNotThrowAnyException();

diff --git a/build.gradle b/build.gradle
@@ -180,6 +180,15 @@ allprojects {
 
       check('InsecureCryptoUsage', CheckSeverity.WARN)
       check('WildcardImport', CheckSeverity.WARN)
+
+      // This check is broken in Java 12.  See https://github.com/google/error-prone/issues/1257
+      if (JavaVersion.current() == JavaVersion.VERSION_12) {
+        check('Finally', net.ltgt.gradle.errorprone.CheckSeverity.OFF)
+      }
+      // This check is broken after Java 12.  See https://github.com/google/error-prone/issues/1352
+      if (JavaVersion.current() > JavaVersion.VERSION_12) {
+        check('TypeParameterUnusedInFormals', net.ltgt.gradle.errorprone.CheckSeverity.OFF)
+      }
     }
 
     options.encoding = 'UTF-8'

diff --git a/gradle.properties b/gradle.properties
@@ -1,2 +1,2 @@
 org.gradle.jvmargs=-Xmx1g
-version=0.0.1-SNAPSHOT
+version=0.0.2-SNAPSHOT
diff --git a/gradle/versions.gradle b/gradle/versions.gradle
@@ -58,7 +58,5 @@ dependencyManagement {
     dependency 'org.mockito:mockito-core:3.2.4'
     dependency 'org.mockito:mockito-inline:3.2.4'
     dependency 'org.mockito:mockito-junit-jupiter:3.2.4'
-
-    dependency 'tech.pegasys.teku.internal:bls:0.8.2-SNAPSHOT'
   }
 }