Improve bls::SecretKey privacy (#1164)

* Improve bls::SecretKey privacy * Add missed file * Remove more methods from bls::SecretKey * Add as_bytes() to SecretKey, remove as_raw * Remove as_raw * Add back as_raw * Address review comments
2026-03-03 00:31:50 +00:00 · 2020-05-19 11:23:08 +10:00
parent 314fae41fe
commit c93f9c351b
26 changed files with 102 additions and 295 deletions
--- a/common/validator_dir/src/unencrypted_keys.rs
+++ b/common/validator_dir/src/unencrypted_keys.rs
@@ -3,9 +3,8 @@
 //! we're confident that no-one is using these keypairs anymore (hopefully mid-June 2020).
 #![cfg(feature = "unencrypted_keys")]

+use bls::{BLS_PUBLIC_KEY_BYTE_SIZE as PK_LEN, BLS_SECRET_KEY_BYTE_SIZE as SK_LEN};
 use eth2_keystore::PlainText;
-use ssz::Decode;
-use ssz_derive::{Decode, Encode};
 use std::fs::File;
 use std::io::Read;
 use std::path::Path;
@@ -32,35 +31,18 @@ pub fn load_unencrypted_keypair<P: AsRef<Path>>(path: P) -> Result<Keypair, Stri

    let bytes: PlainText = bytes.into();

-    SszEncodableKeypair::from_ssz_bytes(bytes.as_bytes())
-        .map(Into::into)
-        .map_err(|e| format!("Unable to decode keypair: {:?}", e))
-}
-
-/// A helper struct to allow SSZ enc/dec for a `Keypair`.
-///
-/// This only exists as compatibility with the old scheme and should not be implemented on any new
-/// features.
-#[derive(Encode, Decode)]
-pub struct SszEncodableKeypair {
-    pk: PublicKey,
-    sk: SecretKey,
-}
-
-impl Into<Keypair> for SszEncodableKeypair {
-    fn into(self) -> Keypair {
-        Keypair {
-            sk: self.sk,
-            pk: self.pk,
-        }
+    if bytes.len() != PK_LEN + SK_LEN {
+        return Err(format!("Invalid keypair byte length: {}", bytes.len()));
    }
-}

-impl From<Keypair> for SszEncodableKeypair {
-    fn from(kp: Keypair) -> Self {
-        Self {
-            sk: kp.sk,
-            pk: kp.pk,
-        }
-    }
+    let pk_bytes = &bytes.as_bytes()[..PK_LEN];
+    let sk_bytes = &bytes.as_bytes()[PK_LEN..];
+
+    let pk = PublicKey::from_bytes(pk_bytes)
+        .map_err(|e| format!("Unable to decode public key: {:?}", e))?;
+
+    let sk = SecretKey::from_bytes(sk_bytes)
+        .map_err(|e| format!("Unable to decode secret key: {:?}", e))?;
+
+    Ok(Keypair { pk, sk })
 }