feat(identity): make rand optional

Some restricted environments lack proper random source, and `getrandom` crate fails to compile. However, random sources is needed only for random key generation which is not always required. This change introduces `rand` feature flag that is gate to all the functionality that requires `rand` crate. Pull-Request: #4349.
libp2p · Oct 18, 2023 · 17c166a · 17c166a
1 parent c442df8
commit 17c166a
Show file tree

Hide file tree

Showing 30 changed files with 63 additions and 28 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -83,7 +83,7 @@ libp2p-dns = { version = "0.40.1", path = "transports/dns" }
 libp2p-floodsub = { version = "0.43.0", path = "protocols/floodsub" }
 libp2p-gossipsub = { version = "0.45.2", path = "protocols/gossipsub" }
 libp2p-identify = { version = "0.43.1", path = "protocols/identify" }
-libp2p-identity = { version = "0.2.6" }
+libp2p-identity = { version = "0.2.7" }
 libp2p-kad = { version = "0.44.6", path = "protocols/kad" }
 libp2p-mdns = { version = "0.44.0", path = "protocols/mdns" }
 libp2p-memory-connection-limits = { version = "0.1.0", path = "misc/memory-connection-limits" }

diff --git a/core/Cargo.toml b/core/Cargo.toml
@@ -39,7 +39,7 @@ libp2p-mplex = { path = "../muxers/mplex" }                    # Using `path` he
 libp2p-noise = { path = "../transports/noise" }                # Using `path` here because this is a cyclic dev-dependency which otherwise breaks releasing.
 multihash = { workspace = true, features = ["arb"] }
 quickcheck = { workspace = true }
-libp2p-identity = { workspace = true, features = ["ed25519"] }
+libp2p-identity = { workspace = true, features = ["ed25519", "rand"] }
 
 [features]
 serde = ["multihash/serde-codec", "dep:serde", "libp2p-identity/serde"]

diff --git a/identity/CHANGELOG.md b/identity/CHANGELOG.md
@@ -1,3 +1,9 @@
+## 0.2.7
+
+- Add `rand` feature to gate methods requiring a random number generator, enabling use in restricted environments (e.g. smartcontracts).
+  This feature is not enabled by default.
+  See [PR 4349](https://github.com/libp2p/rust-libp2p/pull/4349).
+
 ## 0.2.6
 
 - Make `PeerId::to_bytes` and `PeerId::to_base58` take `self` by value to follow Rust convention of `Copy` types.

diff --git a/identity/Cargo.toml b/identity/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "libp2p-identity"
-version = "0.2.6"
+version = "0.2.7"
 edition = "2021"
 description = "Data structures and algorithms for identifying peers in libp2p."
 rust-version = { workspace = true }
@@ -14,7 +14,7 @@ categories = ["cryptography"]
 [dependencies]
 asn1_der = { version = "0.7.6", optional = true }
 bs58 = { version = "0.5.0", optional = true }
-ed25519-dalek = { version = "2.0", optional = true, features = ["rand_core"] }
+ed25519-dalek = { version = "2.0", optional = true }
 hkdf = { version = "0.12.3", optional = true }
 libsecp256k1 = { version = "0.7.0", optional = true }
 log = "0.4"
@@ -33,11 +33,12 @@ zeroize = { version = "1.6", optional = true }
 ring = { version = "0.16.9", features = [ "alloc", "std"], default-features = false, optional = true }
 
 [features]
-secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:rand", "dep:sha2", "dep:hkdf", "dep:zeroize"]
-ecdsa = ["dep:p256", "dep:rand", "dep:void", "dep:zeroize", "dep:sec1", "dep:sha2", "dep:hkdf"]
+secp256k1 = ["dep:libsecp256k1", "dep:asn1_der", "dep:sha2", "dep:hkdf", "dep:zeroize"]
+ecdsa = ["dep:p256", "dep:void", "dep:zeroize", "dep:sec1", "dep:sha2", "dep:hkdf"]
 rsa = ["dep:ring", "dep:asn1_der", "dep:rand", "dep:zeroize"]
-ed25519 = ["dep:ed25519-dalek", "dep:rand", "dep:zeroize", "dep:sha2", "dep:hkdf"]
-peerid = ["dep:multihash", "dep:bs58", "dep:rand", "dep:thiserror", "dep:sha2", "dep:hkdf" ]
+ed25519 = ["dep:ed25519-dalek", "dep:zeroize", "dep:sha2", "dep:hkdf"]
+peerid = ["dep:multihash", "dep:bs58", "dep:thiserror", "dep:sha2", "dep:hkdf"]
+rand = ["dep:rand", "ed25519-dalek?/rand_core"]
 
 [dev-dependencies]
 quickcheck = { workspace = true }

diff --git a/identity/src/ecdsa.rs b/identity/src/ecdsa.rs
@@ -44,6 +44,7 @@ pub struct Keypair {
 
 impl Keypair {
     /// Generate a new random ECDSA keypair.
+    #[cfg(feature = "rand")]
     pub fn generate() -> Keypair {
         Keypair::from(SecretKey::generate())
     }
@@ -265,6 +266,7 @@ mod tests {
     use super::*;
 
     #[test]
+    #[cfg(feature = "rand")]
     fn sign_verify() {
         let pair = Keypair::generate();
         let pk = pair.public();

diff --git a/identity/src/ed25519.rs b/identity/src/ed25519.rs
@@ -34,6 +34,7 @@ pub struct Keypair(ed25519::SigningKey);
 
 impl Keypair {
     /// Generate a new random Ed25519 keypair.
+    #[cfg(feature = "rand")]
     pub fn generate() -> Keypair {
         Keypair::from(SecretKey::generate())
     }
@@ -181,6 +182,7 @@ impl fmt::Debug for SecretKey {
 
 impl SecretKey {
     /// Generate a new Ed25519 secret key.
+    #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
         let signing = ed25519::SigningKey::generate(&mut rand::rngs::OsRng);
         SecretKey(signing.to_bytes())
@@ -213,6 +215,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_keypair_encode_decode() {
         fn prop() -> bool {
             let kp1 = Keypair::generate();
@@ -224,6 +227,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_keypair_from_secret() {
         fn prop() -> bool {
             let kp1 = Keypair::generate();
@@ -235,6 +239,7 @@ mod tests {
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn ed25519_signature() {
         let kp = Keypair::generate();
         let pk = kp.public();

diff --git a/identity/src/keypair.rs b/identity/src/keypair.rs
@@ -102,23 +102,23 @@ enum KeyPairInner {
 
 impl Keypair {
     /// Generate a new Ed25519 keypair.
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     pub fn generate_ed25519() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Ed25519(ed25519::Keypair::generate()),
         }
     }
 
     /// Generate a new Secp256k1 keypair.
-    #[cfg(feature = "secp256k1")]
+    #[cfg(all(feature = "secp256k1", feature = "rand"))]
     pub fn generate_secp256k1() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Secp256k1(secp256k1::Keypair::generate()),
         }
     }
 
     /// Generate a new ECDSA keypair.
-    #[cfg(feature = "ecdsa")]
+    #[cfg(all(feature = "ecdsa", feature = "rand"))]
     pub fn generate_ecdsa() -> Keypair {
         Keypair {
             keypair: KeyPairInner::Ecdsa(ecdsa::Keypair::generate()),
@@ -352,7 +352,6 @@ impl Keypair {
     /// ```
     /// # fn main() {
     /// # use libp2p_identity as identity;
-    ///
     /// let key = identity::Keypair::generate_ed25519();
     ///
     /// let new_key = key.derive_secret(b"my encryption key").expect("can derive secret for ed25519");
@@ -926,7 +925,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn test_publickey_from_ed25519_public_key() {
         let pubkey = Keypair::generate_ed25519().public();
         let ed25519_pubkey = pubkey
@@ -941,7 +940,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "secp256k1")]
+    #[cfg(all(feature = "secp256k1", feature = "rand"))]
     fn test_publickey_from_secp256k1_public_key() {
         let pubkey = Keypair::generate_secp256k1().public();
         let secp256k1_pubkey = pubkey
@@ -955,7 +954,7 @@ mod tests {
     }
 
     #[test]
-    #[cfg(feature = "ecdsa")]
+    #[cfg(all(feature = "ecdsa", feature = "rand"))]
     fn test_publickey_from_ecdsa_public_key() {
         let pubkey = Keypair::generate_ecdsa().public();
         let ecdsa_pubkey = pubkey.clone().try_into_ecdsa().expect("A ecdsa keypair");

diff --git a/identity/src/peer_id.rs b/identity/src/peer_id.rs
@@ -18,6 +18,7 @@
 // FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 // DEALINGS IN THE SOFTWARE.
 
+#[cfg(feature = "rand")]
 use rand::Rng;
 use sha2::Digest as _;
 use std::{convert::TryFrom, fmt, str::FromStr};
@@ -101,6 +102,7 @@ impl PeerId {
     /// Generates a random peer ID from a cryptographically secure PRNG.
     ///
     /// This is useful for randomly walking on a DHT, or for testing purposes.
+    #[cfg(feature = "rand")]
     pub fn random() -> PeerId {
         let peer_id = rand::thread_rng().gen::<[u8; 32]>();
         PeerId {
@@ -247,22 +249,23 @@ mod tests {
     use super::*;
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn peer_id_into_bytes_then_from_bytes() {
         let peer_id = crate::Keypair::generate_ed25519().public().to_peer_id();
         let second = PeerId::from_bytes(&peer_id.to_bytes()).unwrap();
         assert_eq!(peer_id, second);
     }
 
     #[test]
-    #[cfg(feature = "ed25519")]
+    #[cfg(all(feature = "ed25519", feature = "rand"))]
     fn peer_id_to_base58_then_back() {
         let peer_id = crate::Keypair::generate_ed25519().public().to_peer_id();
         let second: PeerId = peer_id.to_base58().parse().unwrap();
         assert_eq!(peer_id, second);
     }
 
     #[test]
+    #[cfg(feature = "rand")]
     fn random_peer_id_is_valid() {
         for _ in 0..5000 {
             let peer_id = PeerId::random();

diff --git a/identity/src/secp256k1.rs b/identity/src/secp256k1.rs
@@ -38,6 +38,7 @@ pub struct Keypair {
 
 impl Keypair {
     /// Generate a new sec256k1 `Keypair`.
+    #[cfg(feature = "rand")]
     pub fn generate() -> Keypair {
         Keypair::from(SecretKey::generate())
     }
@@ -88,6 +89,7 @@ impl fmt::Debug for SecretKey {
 
 impl SecretKey {
     /// Generate a new random Secp256k1 secret key.
+    #[cfg(feature = "rand")]
     pub fn generate() -> SecretKey {
         SecretKey(libsecp256k1::SecretKey::random(&mut rand::thread_rng()))
     }
@@ -226,6 +228,7 @@ mod tests {
     use super::*;
 
     #[test]
+    #[cfg(feature = "rand")]
     fn secp256k1_secret_from_bytes() {
         let sk1 = SecretKey::generate();
         let mut sk_bytes = [0; 32];

diff --git a/libp2p/CHANGELOG.md b/libp2p/CHANGELOG.md
@@ -8,8 +8,13 @@
   See `libp2p::SwarmBuilder` docs on how to use the new builder.
   Also see [PR 4120].
 
+- Update `libp2p-identity` version to 0.2.6.
+  Under the hood, we feature-flagged `libp2p-identity`'s `rand` dependency but it is enabled by default when using `libp2p`.
+  See [PR 4349].
+
 [PR 3679]: https://github.com/libp2p/rust-libp2p/pull/3679
 [PR 4120]: https://github.com/libp2p/rust-libp2p/pull/4120
+[PR 4349]: https://github.com/libp2p/rust-libp2p/pull/4349
 
 ## 0.52.3
 

diff --git a/libp2p/Cargo.toml b/libp2p/Cargo.toml
@@ -113,7 +113,7 @@ libp2p-dcutr = { workspace = true, optional = true }
 libp2p-floodsub = { workspace = true, optional = true }
 libp2p-gossipsub = { workspace = true, optional = true }
 libp2p-identify = { workspace = true, optional = true }
-libp2p-identity = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-kad = { workspace = true, optional = true }
 libp2p-metrics = { workspace = true, optional = true }
 libp2p-noise = { workspace = true, optional = true }

diff --git a/misc/metrics/Cargo.toml b/misc/metrics/Cargo.toml
@@ -32,6 +32,9 @@ libp2p-swarm = { workspace = true }
 once_cell = "1.18.0"
 prometheus-client = { version = "0.21.2"}
 
+[dev-dependencies]
+libp2p-identity = { workspace = true, features = ["rand"] }
+
 # Passing arguments to the docsrs builder in order to properly document cfg's.
 # More information: https://docs.rs/about/builds#cross-compiling
 [package.metadata.docs.rs]

diff --git a/muxers/mplex/Cargo.toml b/muxers/mplex/Cargo.toml
@@ -28,6 +28,7 @@ async-std = { version = "1.7.0", features = ["attributes"] }
 criterion = "0.5"
 env_logger = "0.10"
 futures = "0.3"
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-muxer-test-harness = { path = "../test-harness" }
 libp2p-plaintext = { workspace = true }
 libp2p-tcp = { workspace = true, features = ["async-io"] }

diff --git a/protocols/gossipsub/Cargo.toml b/protocols/gossipsub/Cargo.toml
@@ -26,7 +26,7 @@ getrandom = "0.2.9"
 hex_fmt = "0.3.0"
 instant = "0.1.12"
 libp2p-core = { workspace = true }
-libp2p-identity = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-swarm = { workspace = true }
 log = "0.4.20"
 quick-protobuf = "0.8"

diff --git a/protocols/kad/Cargo.toml b/protocols/kad/Cargo.toml
@@ -22,7 +22,7 @@ libp2p-core = { workspace = true }
 libp2p-swarm = { workspace = true }
 quick-protobuf = "0.8"
 quick-protobuf-codec = { workspace = true }
-libp2p-identity = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 rand = "0.8"
 sha2 = "0.10.8"
 smallvec = "1.11.1"

diff --git a/protocols/perf/Cargo.toml b/protocols/perf/Cargo.toml
@@ -19,7 +19,7 @@ futures = "0.3.28"
 instant = "0.1.12"
 libp2p-core = { workspace = true }
 libp2p-dns = { workspace = true, features = ["tokio"] }
-libp2p-identity = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-tls = { workspace = true }
 libp2p-quic = { workspace = true, features = ["tokio"] }
 libp2p-request-response = { workspace = true }

diff --git a/protocols/relay/Cargo.toml b/protocols/relay/Cargo.toml
@@ -31,6 +31,7 @@ void = "1"
 
 [dev-dependencies]
 env_logger = "0.10.0"
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-ping = { workspace = true }
 libp2p-plaintext = { workspace = true }
 libp2p-swarm = { workspace = true, features = ["macros", "async-std"] }

diff --git a/swarm-test/Cargo.toml b/swarm-test/Cargo.toml
@@ -14,7 +14,7 @@ categories = ["network-programming", "asynchronous"]
 [dependencies]
 async-trait = "0.1.73"
 libp2p-core = { workspace = true }
-libp2p-identity = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-plaintext = { workspace = true }
 libp2p-swarm = { workspace = true, features = ["async-std"] }
 libp2p-tcp = { workspace = true, features = ["async-io"] }

diff --git a/transports/dns/Cargo.toml b/transports/dns/Cargo.toml
@@ -23,6 +23,7 @@ smallvec = "1.11.1"
 
 [dev-dependencies]
 env_logger = "0.10"
+libp2p-identity = { workspace = true, features = ["rand"] }
 tokio-crate = { package = "tokio", version = "1.0", default-features = false, features = ["rt", "time"] }
 async-std-crate = { package = "async-std", version = "1.6" }
 

diff --git a/transports/noise/Cargo.toml b/transports/noise/Cargo.toml
@@ -36,6 +36,7 @@ snow = { version = "0.9.2", features = ["default-resolver"], default-features =
 env_logger = "0.10.0"
 futures_ringbuf = "0.4.0"
 quickcheck = { workspace = true }
+libp2p-identity = { workspace = true, features = ["rand"] }
 
 # Passing arguments to the docsrs builder in order to properly document cfg's.
 # More information: https://docs.rs/about/builds#cross-compiling

diff --git a/transports/plaintext/Cargo.toml b/transports/plaintext/Cargo.toml
@@ -22,7 +22,7 @@ unsigned-varint = { version = "0.7", features = ["asynchronous_codec"] }
 
 [dev-dependencies]
 env_logger = "0.10.0"
-libp2p-identity = { workspace = true, features = ["ed25519"] }
+libp2p-identity = { workspace = true, features = ["ed25519", "rand"] }
 quickcheck = { workspace = true }
 rand = "0.8"
 futures_ringbuf = "0.4.0"

diff --git a/transports/pnet/Cargo.toml b/transports/pnet/Cargo.toml
@@ -20,7 +20,7 @@ pin-project = "1.1.3"
 
 [dev-dependencies]
 libp2p-core = { workspace = true }
-libp2p-identity = { workspace = true, features = ["ed25519", "rsa", "ecdsa","secp256k1"] }
+libp2p-identity = { workspace = true, features = ["ed25519", "rsa", "ecdsa","secp256k1", "rand"] }
 libp2p-noise = { workspace = true }
 libp2p-swarm = { workspace = true, features = ["tokio"] }
 libp2p-tcp = { workspace = true, features = ["tokio"] }

diff --git a/transports/quic/Cargo.toml b/transports/quic/Cargo.toml
@@ -41,6 +41,7 @@ rustc-args = ["--cfg", "docsrs"]
 [dev-dependencies]
 async-std = { version = "1.12.0", features = ["attributes"] }
 env_logger = "0.10.0"
+libp2p-identity = { workspace = true, features = ["rand"] }
 libp2p-muxer-test-harness = { path = "../../muxers/test-harness" }
 libp2p-noise = { workspace = true }
 libp2p-tcp = { workspace = true, features = ["async-io"] }

diff --git a/transports/tcp/Cargo.toml b/transports/tcp/Cargo.toml
@@ -28,6 +28,7 @@ async-io = ["dep:async-io", "if-watch/smol"]
 
 [dev-dependencies]
 async-std = { version = "1.6.5", features = ["attributes"] }
+libp2p-identity = { workspace = true, features = ["rand"] }
 tokio = { version = "1.33.0", default-features = false, features = ["full"] }
 env_logger = "0.10.0"
 

diff --git a/transports/tls/Cargo.toml b/transports/tls/Cargo.toml
@@ -30,7 +30,7 @@ features = ["dangerous_configuration"] # Must enable this to allow for custom ve
 hex = "0.4.3"
 hex-literal = "0.4.1"
 libp2p-core = { workspace = true }
-libp2p-identity = { workspace = true, features = ["ed25519", "rsa", "secp256k1", "ecdsa"] }
+libp2p-identity = { workspace = true, features = ["ed25519", "rsa", "secp256k1", "ecdsa", "rand"] }
 libp2p-swarm = { workspace = true, features = ["tokio"] }
 libp2p-yamux = { workspace = true }
 tokio = { version = "1.33.0", features = ["full"] }