Merge branch 'master' into kad-in-subst-timeout-upstream

Author: teor2345

Cargo.lock

@@ -84,7 +84,7 @@ libp2p-dns = { version = "0.43.0", path = "transports/dns" }
 libp2p-floodsub = { version = "0.46.1", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.49.0", path = "protocols/gossipsub" }
 libp2p-identify = { version = "0.47.0", path = "protocols/identify" }
-libp2p-identity = { version = "0.2.10" }
+libp2p-identity = { version = "0.2.11" }
 libp2p-kad = { version = "0.47.1", path = "protocols/kad" }
 libp2p-mdns = { version = "0.47.0", path = "protocols/mdns" }
 libp2p-memory-connection-limits = { version = "0.4.0", path = "misc/memory-connection-limits" }

Cargo.toml

@@ -1,3 +1,8 @@
+## 0.2.11
+
+- Switch from `libsecp256` to `k256` for secp256k1 support.
+  See [PR 5892](https://github.com/libp2p/rust-libp2p/pull/5892)
+
 ## 0.2.10
 
 - Deprecate `void` crate.

identity/CHANGELOG.md

@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-identity"
-version = "0.2.10"
+version = "0.2.11"
 edition = "2021" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
 description = "Data structures and algorithms for identifying peers in libp2p."
 rust-version = "1.73.0" # MUST NOT inherit from workspace because we don't want to publish breaking changes to `libp2p-identity`.
@@ -16,7 +16,7 @@ asn1_der = { version = "0.7.6", optional = true }
 bs58 = { version = "0.5.1", optional = true }
 ed25519-dalek = { version = "2.1", optional = true }
 hkdf = { version = "0.12.4", optional = true }
-libsecp256k1 = { version = "0.7.0", optional = true }
+k256 = { version = "0.13.4", optional = true, features = ["ecdsa", "arithmetic"] }
 tracing = { workspace = true }
 multihash = { version = "0.19.1", optional = true }
 p256 = { version = "0.13", default-features = false, features = ["ecdsa", "std", "pem"], optional = true }
@@ -32,7 +32,7 @@ zeroize = { version = "1.8", optional = true }
 ring = { workspace = true, features = ["alloc", "std"], optional = true }
 
 [features]
-secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:sha2", "dep:hkdf", "dep:zeroize"]
+secp256k1 = ["dep:k256", "dep:asn1_der", "dep:sha2", "dep:hkdf", "dep:zeroize"]
 ecdsa = ["dep:p256", "dep:zeroize", "dep:sec1", "dep:sha2", "dep:hkdf"]
 rsa = ["dep:ring", "dep:asn1_der", "dep:rand", "dep:zeroize"]
 ed25519 = ["dep:ed25519-dalek", "dep:zeroize", "dep:sha2", "dep:hkdf"]

identity/Cargo.toml

@@ -23,8 +23,11 @@
 use core::{cmp, fmt, hash};
 
 use asn1_der::typed::{DerDecodable, Sequence};
-use libsecp256k1::{Message, Signature};
-use sha2::{Digest as ShaDigestTrait, Sha256};
+use k256::{
+    ecdsa::Signature,
+    sha2::{Digest as ShaDigestTrait, Sha256},
+    ProjectivePoint,
+};
 use zeroize::Zeroize;
 
 use super::error::DecodingError;
@@ -65,7 +68,7 @@ impl fmt::Debug for Keypair {
 /// Promote a Secp256k1 secret key into a keypair.
 impl From<SecretKey> for Keypair {
     fn from(secret: SecretKey) -> Keypair {
-        let public = PublicKey(libsecp256k1::PublicKey::from_secret_key(&secret.0));
+        let public = PublicKey(*secret.0.verifying_key());
         Keypair { secret, public }
     }
 }
@@ -79,7 +82,7 @@ impl From<Keypair> for SecretKey {
 
 /// A Secp256k1 secret key.
 #[derive(Clone)]
-pub struct SecretKey(libsecp256k1::SecretKey);
+pub struct SecretKey(k256::ecdsa::SigningKey);
 
 impl fmt::Debug for SecretKey {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
@@ -91,7 +94,7 @@ impl SecretKey {
     /// Generate a new random Secp256k1 secret key.
     #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
-        SecretKey(libsecp256k1::SecretKey::random(&mut rand::thread_rng()))
+        SecretKey(k256::ecdsa::SigningKey::random(&mut rand::thread_rng()))
     }
 
     /// Create a secret key from a byte slice, zeroing the slice on success.
@@ -101,7 +104,7 @@ impl SecretKey {
     /// Note that the expected binary format is the same as `libsecp256k1`'s.
     pub fn try_from_bytes(mut sk: impl AsMut<[u8]>) -> Result<SecretKey, DecodingError> {
         let sk_bytes = sk.as_mut();
-        let secret = libsecp256k1::SecretKey::parse_slice(&*sk_bytes)
+        let secret = k256::ecdsa::SigningKey::from_slice(sk_bytes)
             .map_err(|e| DecodingError::failed_to_parse("parse secp256k1 secret key", e))?;
         sk_bytes.zeroize();
         Ok(SecretKey(secret))
@@ -131,30 +134,23 @@ impl SecretKey {
     ///
     /// [RFC3278]: https://tools.ietf.org/html/rfc3278#section-8.2
     pub fn sign(&self, msg: &[u8]) -> Vec<u8> {
-        let generic_array = Sha256::digest(msg);
+        use k256::ecdsa::signature::Signer;
 
-        // FIXME: Once `generic-array` hits 1.0, we should be able to just use `Into` here.
-        let mut array = [0u8; 32];
-        array.copy_from_slice(generic_array.as_slice());
-
-        let message = Message::parse(&array);
-
-        libsecp256k1::sign(&message, &self.0)
-            .0
-            .serialize_der()
-            .as_ref()
-            .into()
+        Signer::<k256::ecdsa::Signature>::sign(&self.0, msg)
+            .to_der()
+            .to_bytes()
+            .into_vec()
     }
 
     /// Returns the raw bytes of the secret key.
     pub fn to_bytes(&self) -> [u8; 32] {
-        self.0.serialize()
+        self.0.to_bytes().into()
     }
 }
 
 /// A Secp256k1 public key.
 #[derive(Eq, Clone)]
-pub struct PublicKey(libsecp256k1::PublicKey);
+pub struct PublicKey(k256::ecdsa::VerifyingKey);
 
 impl fmt::Debug for PublicKey {
     fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
@@ -193,31 +189,46 @@ impl cmp::Ord for PublicKey {
 impl PublicKey {
     /// Verify the Secp256k1 signature on a message using the public key.
     pub fn verify(&self, msg: &[u8], sig: &[u8]) -> bool {
-        self.verify_hash(Sha256::digest(msg).as_ref(), sig)
+        let digest = Sha256::new_with_prefix(msg);
+        self.verify_hash(digest.finalize().as_slice(), sig)
     }
 
-    /// Verify the Secp256k1 DER-encoded signature on a raw 256-bit message using the public key.
+    /// Verify the Secp256k1 DER-encoded signature on a raw 256-bit message using the public key.  
+    /// Will return false if the hash is not 32 bytes long, or the signature cannot be parsed.
     pub fn verify_hash(&self, msg: &[u8], sig: &[u8]) -> bool {
-        Message::parse_slice(msg)
-            .and_then(|m| Signature::parse_der(sig).map(|s| libsecp256k1::verify(&m, &s, &self.0)))
-            .unwrap_or(false)
+        Signature::from_der(sig).is_ok_and(|s| {
+            k256::ecdsa::hazmat::verify_prehashed(
+                &ProjectivePoint::from(self.0.as_affine()),
+                msg.into(),
+                &s,
+            )
+            .is_ok()
+        })
     }
 
     /// Convert the public key to a byte buffer in compressed form, i.e. with one coordinate
     /// represented by a single bit.
     pub fn to_bytes(&self) -> [u8; 33] {
-        self.0.serialize_compressed()
+        let encoded_point = self.0.to_encoded_point(true);
+        debug_assert!(encoded_point.as_bytes().len() == 33);
+        let mut array: [u8; 33] = [0u8; 33];
+        array.copy_from_slice(encoded_point.as_bytes());
+        array
     }
 
     /// Convert the public key to a byte buffer in uncompressed form.
     pub fn to_bytes_uncompressed(&self) -> [u8; 65] {
-        self.0.serialize()
+        let encoded_point = self.0.to_encoded_point(false);
+        debug_assert!(encoded_point.as_bytes().len() == 65);
+        let mut array: [u8; 65] = [0u8; 65];
+        array.copy_from_slice(encoded_point.as_bytes());
+        array
     }
 
     /// Decode a public key from a byte slice in the format produced
     /// by `encode`.
     pub fn try_from_bytes(k: &[u8]) -> Result<PublicKey, DecodingError> {
-        libsecp256k1::PublicKey::parse_slice(k, Some(libsecp256k1::PublicKeyFormat::Compressed))
+        k256::ecdsa::VerifyingKey::from_sec1_bytes(k)
             .map_err(|e| DecodingError::failed_to_parse("secp256k1 public key", e))
             .map(PublicKey)
     }
@@ -232,9 +243,9 @@ mod tests {
     fn secp256k1_secret_from_bytes() {
         let sk1 = SecretKey::generate();
         let mut sk_bytes = [0; 32];
-        sk_bytes.copy_from_slice(&sk1.0.serialize()[..]);
+        sk_bytes.copy_from_slice(&sk1.to_bytes()[..]);
         let sk2 = SecretKey::try_from_bytes(&mut sk_bytes).unwrap();
-        assert_eq!(sk1.0.serialize(), sk2.0.serialize());
+        assert_eq!(sk1.to_bytes(), sk2.to_bytes());
         assert_eq!(sk_bytes, [0; 32]);
     }
 }

identity/src/secp256k1.rs

@@ -15,7 +15,7 @@ use std::{
 };
 
 use libp2p_core::{Multiaddr, PeerId};
-use libp2p_swarm::{DialError, FromSwarm};
+use libp2p_swarm::{behaviour::ConnectionEstablished, DialError, FromSwarm};
 use lru::LruCache;
 
 use super::Store;
@@ -191,21 +191,23 @@ impl<T> Store for MemoryStore<T> {
                     self.push_event_and_wake(crate::store::Event::RecordUpdated(info.peer_id));
                 }
             }
-            FromSwarm::ConnectionEstablished(info) => {
+            FromSwarm::ConnectionEstablished(ConnectionEstablished {
+                peer_id,
+                failed_addresses,
+                endpoint,
+                ..
+            }) if endpoint.is_dialer() => {
                 let mut is_record_updated = false;
                 if self.config.remove_addr_on_dial_error {
-                    for failed_addr in info.failed_addresses {
+                    for failed_addr in *failed_addresses {
                         is_record_updated |=
-                            self.remove_address_silent(&info.peer_id, failed_addr, false);
+                            self.remove_address_silent(peer_id, failed_addr, false);
                     }
                 }
-                is_record_updated |= self.update_address_silent(
-                    &info.peer_id,
-                    info.endpoint.get_remote_address(),
-                    false,
-                );
+                is_record_updated |=
+                    self.update_address_silent(peer_id, endpoint.get_remote_address(), false);
                 if is_record_updated {
-                    self.push_event_and_wake(crate::store::Event::RecordUpdated(info.peer_id));
+                    self.push_event_and_wake(crate::store::Event::RecordUpdated(*peer_id));
                 }
             }
             FromSwarm::DialFailure(info) => {
@@ -302,9 +304,7 @@ impl Config {
     }
     /// If set to `true`, the store will remove addresses if the swarm indicates a dial failure.
     /// More specifically:
-    /// - Failed dials indicated in
-    ///   [`ConnectionEstablished`](libp2p_swarm::behaviour::ConnectionEstablished)'s
-    ///   `failed_addresses` will be removed.
+    /// - Failed dials indicated in [`ConnectionEstablished`]'s `failed_addresses` will be removed.
     /// - [`DialError::LocalPeerId`] causes the full peer entry to be removed.
     /// - On [`DialError::WrongPeerId`], the address will be removed from the incorrect peer's
     ///   record and re-added to the correct peer's record.
@@ -499,6 +499,7 @@ mod test {
         rt.block_on(async {
             let (listen_addr, _) = swarm1.listen().with_memory_addr_external().await;
             let swarm1_peer_id = *swarm1.local_peer_id();
+            let swarm2_peer_id = *swarm2.local_peer_id();
             swarm2.dial(listen_addr.clone()).expect("dial to succeed");
             let handle = spawn_wait_conn_established(swarm1);
             swarm2
@@ -508,12 +509,17 @@ mod test {
                 })
                 .await;
             let mut swarm1 = handle.await.expect("future to complete");
+            expect_record_update(&mut swarm2, swarm1_peer_id).await;
             assert!(swarm2
                 .behaviour()
                 .address_of_peer(&swarm1_peer_id)
                 .expect("swarm should be connected and record about it should be created")
                 .any(|addr| *addr == listen_addr));
-            expect_record_update(&mut swarm1, *swarm2.local_peer_id()).await;
+            // Address from connection is not stored on the listener side.
+            assert!(swarm1
+                .behaviour()
+                .address_of_peer(&swarm2_peer_id)
+                .is_none());
             let (new_listen_addr, _) = swarm1.listen().with_memory_addr_external().await;
             let handle = spawn_wait_conn_established(swarm1);
             swarm2
@@ -590,15 +596,18 @@ mod test {
                 .await
                 .expect("future to complete");
             let mut swarm1 = handle.await.expect("future to complete");
-            // expexting update from direct connection.
             expect_record_update(&mut swarm2, swarm1_peer_id).await;
             assert!(swarm2
                 .behaviour()
                 .peer_store
                 .address_of_peer(&swarm1_peer_id)
                 .expect("swarm should be connected and record about it should be created")
                 .any(|addr| *addr == listen_addr));
-            expect_record_update(&mut swarm1, *swarm2.local_peer_id()).await;
+            assert!(swarm1
+                .behaviour()
+                .peer_store
+                .address_of_peer(&swarm2_peer_id)
+                .is_none());
             swarm1.next_swarm_event().await; // skip `identify::Event::Sent`
             swarm1.next_swarm_event().await; // skip `identify::Event::Received`
             let (new_listen_addr, _) = swarm1.listen().with_memory_addr_external().await;

misc/peer-store/src/memory_store.rs

@@ -6,6 +6,9 @@
 - feat: add `Behaviour::send_request_with_addresses()`
   See [PR 5938](https://github.com/libp2p/rust-libp2p/issues/5938).
 
+- fix: don't fail outbound request on `DialError::DialPeerConditionFalse`.
+  See [PR 6000](https://github.com/libp2p/rust-libp2p/pull/6000)
+
 ## 0.28.0
 
 - Deprecate `void` crate.

protocols/request-response/CHANGELOG.md

@@ -90,7 +90,7 @@ use libp2p_identity::PeerId;
 use libp2p_swarm::{
     behaviour::{AddressChange, ConnectionClosed, DialFailure, FromSwarm},
     dial_opts::DialOpts,
-    ConnectionDenied, ConnectionHandler, ConnectionId, NetworkBehaviour, NotifyHandler,
+    ConnectionDenied, ConnectionHandler, ConnectionId, DialError, NetworkBehaviour, NotifyHandler,
     PeerAddresses, THandler, THandlerInEvent, THandlerOutEvent, ToSwarm,
 };
 use smallvec::SmallVec;
@@ -706,9 +706,13 @@ where
         DialFailure {
             peer_id,
             connection_id,
-            ..
+            error,
         }: DialFailure,
     ) {
+        if let DialError::DialPeerConditionFalse(_) = error {
+            // Dial-condition fails because there is already another ongoing dial.
+            return;
+        }
         if let Some(peer) = peer_id {
             // If there are pending outgoing requests when a dial failure occurs,
             // it is implied that we are not connected to the peer, since pending