Merge branch 'main' into jihwan/silence-ulxly-help

Author: jhkimqd

.dockerignore

@@ -0,0 +1 @@
+tmp/

Dockerfile

@@ -1,31 +1,25 @@
-FROM golang:1.22 AS builder
+# Build stage
+FROM --platform=${BUILDPLATFORM} golang:1.22 AS builder
+
+# Set the workspace for the build
 WORKDIR /workspace
+
+# Copy only necessary Go module files for caching dependencies
 COPY go.mod go.sum ./
 RUN go mod download
 
-COPY abi/ abi/
-COPY bindings/ bindings/
-COPY cmd/ cmd/
-COPY dashboard/ dashboard/
-COPY gethkeystore/ gethkeystore/
-COPY hdwallet/ hdwallet/
-COPY metrics/ metrics/
-COPY p2p/ p2p/
-COPY proto/ proto/
-COPY rpctypes/ rpctypes/
-COPY util/ util/
-COPY main.go ./
-RUN CGO_ENABLED=0 go build -o polycli main.go
+# Copy the necessary source code
+COPY . ./
+
+# Build the Go binary
+RUN go build -o /workspace/polycli main.go
+
+# Final stage: minimal base image
+FROM --platform=${BUILDPLATFORM} debian:bookworm-slim
 
-# Use distroless as minimal base image to package the manager binary
-# Refer to https://github.com/GoogleContainerTools/distroless for more details
-FROM gcr.io/distroless/static:nonroot
-WORKDIR /
+# Copy only the necessary files from the builder image
 COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
 COPY --from=builder /workspace/polycli /usr/bin/polycli
-USER 65532:65532
-ENTRYPOINT ["polycli"]
-CMD ["--help"]
 
-# How to test this image?
-# https://github.com/0xPolygon/polygon-cli/pull/189#discussion_r1464486344
+# Default cmd for the container
+ENTRYPOINT ["polycli"]

Makefile

@@ -29,6 +29,10 @@ $(BUILD_DIR): ## Create the build folder.
 build: $(BUILD_DIR) ## Build go binary.
 	go build -ldflags "$(VERSION_FLAGS)" -o $(BUILD_DIR)/$(BIN_NAME) main.go
 
+.PHONY: build-docker
+build-docker: ## Builds a docker image with the polycli binary
+	docker build -t polycli -f ./Dockerfile .
+
 .PHONY: install
 install: build ## Install the go binary.
 	$(RM) $(INSTALL_DIR)/$(BIN_NAME)

cmd/fund/fund.go

@@ -158,7 +158,7 @@ func deployOrInstantiateFunderContract(ctx context.Context, c *ethclient.Client,
 	return contract, nil
 }
 
-// deriveWallets generates and exports a specified number of HD wallet addresses.
+// deriveHDWallets generates and exports a specified number of HD wallet addresses.
 func deriveHDWallets(n int) ([]common.Address, error) {
 	wallet, err := hdwallet.NewPolyWallet(defaultMnemonic, defaultPassword)
 	if err != nil {

cmd/nodekey/nodekey.go

@@ -2,6 +2,7 @@ package nodekey
 
 import (
 	"bytes"
+	"crypto/ecdsa"
 	"crypto/ed25519"
 	"crypto/rand"
 	"encoding/binary"
@@ -10,6 +11,7 @@ import (
 	"fmt"
 	"io"
 	"net"
+	"strings"
 
 	_ "embed"
 
@@ -42,6 +44,7 @@ var (
 	inputNodeKeyTCP             *int
 	inputNodeKeyUDP             *int
 	inputNodeKeyFile            *string
+	inputNodeKeyPrivateKey      *string
 	inputNodeKeySign            *bool
 	inputNodeKeySeed            *uint64
 	inputNodeKeyMarshalProtobuf *bool
@@ -67,11 +70,22 @@ var NodekeyCmd = &cobra.Command{
 		var withSeed bool
 		switch *inputNodeKeyProtocol {
 		case "devp2p":
-			var err error
-			nko, err = generateDevp2pNodeKey()
-			if err != nil {
-				return err
+			switch *inputNodeKeyType {
+			case "ed25519":
+				var err error
+				nko, err = generateDevp2pNodeKey()
+				if err != nil {
+					return err
+				}
+			case "secp256k1":
+				secret := []byte(strings.TrimPrefix(*inputNodeKeyPrivateKey, "0x"))
+				secp256k1PrivateKey := generateSecp256k1PrivateKey(secret)
+				if err := displayHeimdallV2PrivValidatorKey(secp256k1PrivateKey); err != nil {
+					return err
+				}
+				return nil
 			}
+
 		case "seed-libp2p":
 			withSeed = true
 			fallthrough
@@ -100,14 +114,15 @@ var NodekeyCmd = &cobra.Command{
 		if len(args) != 0 {
 			return fmt.Errorf("this command expects no arguments")
 		}
+
 		validProtocols := []string{"devp2p", "libp2p", "seed-libp2p"}
 		ok := slices.Contains(validProtocols, *inputNodeKeyProtocol)
 		if !ok {
 			return fmt.Errorf("the protocol %s is not implemented", *inputNodeKeyProtocol)
 		}
 
 		if *inputNodeKeyProtocol == "devp2p" {
-			invalidFlags := []string{"key-type", "seed", "marshal-protobuf"}
+			invalidFlags := []string{"seed", "marshal-protobuf"}
 			err := validateNodeKeyFlags(cmd, invalidFlags)
 			if err != nil {
 				return err
@@ -169,13 +184,26 @@ func keyTypeToInt(keyType string) (int, error) {
 }
 
 func generateDevp2pNodeKey() (nodeKeyOut, error) {
-	nodeKey, err := gethcrypto.GenerateKey()
+	var nodeKey *ecdsa.PrivateKey
+	var err error
 
-	if *inputNodeKeyFile != "" {
+	switch {
+	case *inputNodeKeyPrivateKey != "":
+		privateKey := strings.TrimPrefix(*inputNodeKeyPrivateKey, "0x")
+		nodeKey, err = gethcrypto.HexToECDSA(privateKey)
+		if err != nil {
+			return nodeKeyOut{}, fmt.Errorf("could not create ECDSA private key from given value: %s: %w", *inputNodeKeyPrivateKey, err)
+		}
+	case *inputNodeKeyFile != "":
 		nodeKey, err = gethcrypto.LoadECDSA(*inputNodeKeyFile)
-	}
-	if err != nil {
-		return nodeKeyOut{}, fmt.Errorf("could not generate key: %w", err)
+		if err != nil {
+			return nodeKeyOut{}, fmt.Errorf("could not load ECDSA private key from file %s: %w", *inputNodeKeyFile, err)
+		}
+	default:
+		nodeKey, err = gethcrypto.GenerateKey()
+		if err != nil {
+			return nodeKeyOut{}, fmt.Errorf("could not generate ECDSA private key: %w", err)
+		}
 	}
 
 	nko := nodeKeyOut{}
@@ -250,6 +278,10 @@ func generateLibp2pNodeKey(keyType int, seed bool) (nodeKeyOut, error) {
 }
 
 func init() {
+	inputNodeKeyPrivateKey = NodekeyCmd.PersistentFlags().String("private-key", "", "Use the provided private key (in hex format)")
+	inputNodeKeyFile = NodekeyCmd.PersistentFlags().StringP("file", "f", "", "A file with the private nodekey (in hex format)")
+	NodekeyCmd.MarkFlagsMutuallyExclusive("private-key", "file")
+
 	inputNodeKeyProtocol = NodekeyCmd.PersistentFlags().String("protocol", "devp2p", "devp2p|libp2p|pex|seed-libp2p")
 	inputNodeKeyType = NodekeyCmd.PersistentFlags().String("key-type", "ed25519", "ed25519|secp256k1|ecdsa|rsa")
 	inputNodeKeyIP = NodekeyCmd.PersistentFlags().StringP("ip", "i", "0.0.0.0", "The IP to be associated with this address")
@@ -258,6 +290,4 @@ func init() {
 	inputNodeKeySign = NodekeyCmd.PersistentFlags().BoolP("sign", "s", false, "Should the node record be signed?")
 	inputNodeKeySeed = NodekeyCmd.PersistentFlags().Uint64P("seed", "S", 271828, "A numeric seed value")
 	inputNodeKeyMarshalProtobuf = NodekeyCmd.PersistentFlags().BoolP("marshal-protobuf", "m", false, "If true the libp2p key will be marshaled to protobuf format rather than raw")
-
-	inputNodeKeyFile = NodekeyCmd.PersistentFlags().StringP("file", "f", "", "A file with the private nodekey in hex format")
 }

cmd/nodekey/secp256k1.go

@@ -0,0 +1,167 @@
+package nodekey
+
+import (
+	"bytes"
+	"crypto/sha256"
+	"crypto/subtle"
+	"fmt"
+	"math/big"
+
+	secp256k1 "github.com/btcsuite/btcd/btcec/v2"
+	"github.com/cometbft/cometbft/crypto"
+	"github.com/cometbft/cometbft/privval"
+
+	cmtjson "github.com/cometbft/cometbft/libs/json"
+	gethcrypto "github.com/ethereum/go-ethereum/crypto"
+)
+
+const (
+	PrivKeyName = "comet/PrivKeySecp256k1Uncompressed"
+	PubKeyName  = "comet/PubKeySecp256k1Uncompressed"
+
+	KeyType     = "secp256k1"
+	PrivKeySize = 32
+	// PubKeySize (uncompressed) is composed of 65 bytes for two field elements (x and y)
+	// and a prefix byte (0x04) to indicate that it is uncompressed.
+	PubKeySize = 65
+	// SigSize is the size of the ECDSA signature.
+	SigSize = 65
+)
+
+var _ crypto.PrivKey = PrivKey{}
+var _ crypto.PubKey = PubKey{}
+
+// -------------------------------------
+// PrivKey type
+// -------------------------------------
+
+type PrivKey []byte
+
+// Bytes marshals the private key using amino encoding.
+func (privKey PrivKey) Bytes() []byte {
+	return []byte(privKey)
+}
+
+// PubKey performs the point-scalar multiplication from the privKey on the
+// generator point to get the pubkey.
+func (privKey PrivKey) PubKey() crypto.PubKey {
+	privateObject, err := gethcrypto.ToECDSA(privKey)
+	if err != nil {
+		panic(err)
+	}
+
+	pk := gethcrypto.FromECDSAPub(&privateObject.PublicKey)
+
+	return PubKey(pk)
+}
+
+// Equals - you probably don't need to use this.
+// Runs in constant time based on length of the keys.
+func (privKey PrivKey) Equals(other crypto.PrivKey) bool {
+	if otherSecp, ok := other.(PrivKey); ok {
+		return subtle.ConstantTimeCompare(privKey[:], otherSecp[:]) == 1
+	}
+	return false
+}
+
+func (privKey PrivKey) Type() string {
+	return KeyType
+}
+
+// Sign creates an ECDSA signature on curve Secp256k1, using SHA256 on the msg.
+// The returned signature will be of the form R || S || V (in lower-S form).
+func (privKey PrivKey) Sign(msg []byte) ([]byte, error) {
+	privateObject, err := gethcrypto.ToECDSA(privKey)
+	if err != nil {
+		return nil, err
+	}
+
+	return gethcrypto.Sign(gethcrypto.Keccak256(msg), privateObject)
+}
+
+// -------------------------------------
+// PubKey type
+// -------------------------------------
+
+type PubKey []byte
+
+// Bytes returns the pubkey marshaled with amino encoding.
+func (pubKey PubKey) Bytes() []byte {
+	return []byte(pubKey)
+}
+
+// Address returns a Ethereym style addresses: Last_20_Bytes(KECCAK256(pubkey))
+func (pubKey PubKey) Address() crypto.Address {
+	if len(pubKey) != PubKeySize {
+		panic(fmt.Sprintf("length of pubkey is incorrect %d != %d", len(pubKey), PubKeySize))
+	}
+	return gethcrypto.Keccak256(pubKey[1:])[12:]
+}
+
+func (pubKey PubKey) Equals(other crypto.PubKey) bool {
+	if otherSecp, ok := other.(PubKey); ok {
+		return bytes.Equal(pubKey[:], otherSecp[:])
+	}
+	return false
+}
+
+func (pubKey PubKey) Type() string {
+	return KeyType
+}
+
+// VerifySignature verifies a signature of the form R || S || V.
+// It rejects signatures which are not in lower-S form.
+func (pubKey PubKey) VerifySignature(msg []byte, sigStr []byte) bool {
+	if len(sigStr) != SigSize {
+
+		return false
+	}
+
+	hash := gethcrypto.Keccak256(msg)
+	return gethcrypto.VerifySignature(pubKey, hash, sigStr[:64])
+}
+
+func init() {
+	cmtjson.RegisterType(PubKey{}, PubKeyName)
+	cmtjson.RegisterType(PrivKey{}, PrivKeyName)
+}
+
+// Generate an secp256k1 private key from a secret.
+// Most of the logic has been copy/pasted from 0xPolygon/cometbft's fork.
+// https://github.com/0xPolygon/cometbft/blob/v0.1.2-beta-polygon/crypto/secp256k1/secp256k1.go
+// Notes:
+// - It is not possible to import the package yet because go.mod declares its path as github.com/cometbft/cometbft instead of github.com/0xpolygon/cometbft.
+// - This logic will need to be updated to support newer versions.
+func generateSecp256k1PrivateKey(secret []byte) PrivKey {
+	// To guarantee that we have a valid field element, we use the approach of: "Suite B Implementer’s Guide to FIPS 186-3", A.2.1
+	// https://apps.nsa.gov/iaarchive/library/ia-guidance/ia-solutions-for-classified/algorithm-guidance/suite-b-implementers-guide-to-fips-186-3-ecdsa.cfm
+	// See also https://github.com/golang/go/blob/0380c9ad38843d523d9c9804fe300cb7edd7cd3c/src/crypto/ecdsa/ecdsa.go#L89-L101
+	secretHash := sha256.Sum256(secret)
+	fe := new(big.Int).SetBytes(secretHash[:])
+
+	one := new(big.Int).SetInt64(1)
+	n := new(big.Int).Sub(secp256k1.S256().N, one)
+	fe.Mod(fe, n)
+	fe.Add(fe, one)
+
+	feB := fe.Bytes()
+	privKey32 := make([]byte, PrivKeySize)
+	// Copy feB over to fixed 32 byte privKey32 and pad (if necessary).
+	copy(privKey32[32-len(feB):32], feB)
+
+	return PrivKey(privKey32)
+}
+
+func displayHeimdallV2PrivValidatorKey(privKey crypto.PrivKey) error {
+	nodeKey := privval.FilePVKey{
+		Address: privKey.PubKey().Address(),
+		PubKey:  privKey.PubKey(),
+		PrivKey: privKey,
+	}
+	jsonBytes, err := cmtjson.MarshalIndent(nodeKey, "", "  ")
+	if err != nil {
+		return err
+	}
+	fmt.Println(string(jsonBytes))
+	return nil
+}

cmd/nodekey/usage.md

@@ -15,3 +15,37 @@ $ polycli nodekey --protocol libp2p
 # Generate a networking keypair for edge.
 $ polycli nodekey --protocol libp2p --key-type secp256k1 --marshal-protobuf
 ```
+
+Generate an [ED25519](https://en.wikipedia.org/wiki/Curve25519) nodekey from a private key (in hex format).
+
+```bash
+polycli nodekey --private-key 2a4ae8c4c250917781d38d95dafbb0abe87ae2c9aea02ed7c7524685358e49c2 | jq
+```
+
+```json
+{
+  "PublicKey": "93e8717f46b146ebfb99159eb13a5d044c191998656c8b79007b16051bb1ff762d09884e43783d898dd47f6220af040206cabbd45c9a26bb278a522c3d538a1f",
+  "PrivateKey": "2a4ae8c4c250917781d38d95dafbb0abe87ae2c9aea02ed7c7524685358e49c2",
+  "ENR": "enode://93e8717f46b146ebfb99159eb13a5d044c191998656c8b79007b16051bb1ff762d09884e43783d898dd47f6220af040206cabbd45c9a26bb278a522c3d538a1f@0.0.0.0:30303?discport=0"
+}
+```
+
+Generate an [Secp256k1](https://en.bitcoin.it/wiki/Secp256k1) nodekey from a private key (in hex format).
+
+```bash
+polycli nodekey --private-key 2a4ae8c4c250917781d38d95dafbb0abe87ae2c9aea02ed7c7524685358e49c2 --key-type secp256k1 | jq
+```
+
+```json
+{
+  "address": "99AA9FC116C1E5E741E9EC18BD1FD232130A5C44",
+  "pub_key": {
+    "type": "comet/PubKeySecp256k1Uncompressed",
+    "value": "BBNYN0nMJsgo0Fp3kVW85PRGBNe7Gdz1XBFuTWQ7D8FnKRb2JYO3i3FK2UiA5+gTSxYu1K66KdYjQYP1mOkH09g="
+  },
+  "priv_key": {
+    "type": "comet/PrivKeySecp256k1Uncompressed",
+    "value": "OP72E0D7GEi/4VySpolVudLW7uPJm+6PWEtFKJmvp1M="
+  }
+}
+```