add a peer into permissioned network

binny1024 commented 1 year ago

Description

As an [Actor], I want [feature] so that [why].

org.hyperledger.besu.ethereum.p2p.rlpx.handshake.HandshakeException: Unable to create ECDH Key agreement due to Crypto engine failure
        at org.hyperledger.besu.ethereum.p2p.rlpx.handshake.ecies.ECIESHandshaker.handleMessage(ECIESHandshaker.java:214)
        at org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.HandshakeHandlerInbound.nextHandshakeMessage(HandshakeHandlerInbound.java:60)
        at org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.AbstractHandshakeHandler.channelRead0(AbstractHandshakeHandler.java:92)
        at org.hyperledger.besu.ethereum.p2p.rlpx.connections.netty.AbstractHandshakeHandler.channelRead0(AbstractHandshakeHandler.java:44)
        at io.netty.channel.SimpleChannelInboundHandler.channelRead(SimpleChannelInboundHandler.java:99)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
        at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
        at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
        at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
        at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
        at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
        at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
        at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
        at java.base/java.lang.Thread.run(Thread.java:1589)
Caused by: org.hyperledger.besu.plugin.services.securitymodule.SecurityModuleException: Unexpected error while calculating ECDH Key Agreement: Invalid point coordinates
        at org.hyperledger.besu.crypto.KeyPairSecurityModule.calculateECDHKeyAgreement(KeyPairSecurityModule.java:79)
        at org.hyperledger.besu.crypto.NodeKey.calculateECDHKeyAgreement(NodeKey.java:44)
        at org.hyperledger.besu.ethereum.p2p.rlpx.handshake.ecies.ECIESEncryptionEngine.forDecryption(ECIESEncryptionEngine.java:102)
        at org.hyperledger.besu.ethereum.p2p.rlpx.handshake.ecies.EncryptedMessage.decryptMsg(EncryptedMessage.java:68)
        at org.hyperledger.besu.ethereum.p2p.rlpx.handshake.ecies.ECIESHandshaker.handleMessage(ECIESHandshaker.java:206)
        ... 20 more
Caused by: java.lang.IllegalArgumentException: Invalid point coordinates
        at org.bouncycastle.math.ec.ECCurve.validatePoint(ECCurve.java:125)
        at org.bouncycastle.math.ec.ECCurve.decodePoint(ECCurve.java:420)
        at org.hyperledger.besu.crypto.SECPPublicKey.asEcPoint(SECPPublicKey.java:96)
        at org.hyperledger.besu.crypto.AbstractSECP256.publicKeyAsEcPoint(AbstractSECP256.java:174)
        at org.hyperledger.besu.crypto.NodeKey.lambda$calculateECDHKeyAgreement$0(NodeKey.java:45)
        at org.hyperledger.besu.crypto.KeyPairSecurityModule.calculateECDHKeyAgreement(KeyPairSecurityModule.java:73)
        ... 24 more

Acceptance Criteria

[Criteria 1]

Steps to Reproduce (Bug)

[Step 1]
[Step 2]
[Step ...]

Expected behavior: [What you expect to happen] sync block Actual behavior: [What actually happens]

Frequency: [What percentage of the time does it occur?] always

Versions (Add all that apply)

Software version: [besu --version] besu/v22.10.0/linux-x86_64/oracle-java-19
Java version: [java -version] besu/v22.10.0/linux-x86_64/oracle-java-19

OS Name & Version: [cat /etc/*release]

DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=20.04
DISTRIB_CODENAME=focal
DISTRIB_DESCRIPTION="Ubuntu 20.04.5 LTS"
NAME="Ubuntu"
VERSION="20.04.5 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.5 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal

Kernel Version: [uname -a]

Linux company-portal 5.4.0-125-generic #141-Ubuntu SMP Wed Aug 10 13:42:03 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Virtual Machine software & version: [vmware -v]
Docker Version: [docker version]
Cloud VM, type, size: [Amazon Web Services I3-large]

Smart contract information (If you're reporting an issue arising from deploying or calling a smart contract, please supply related information)

Solidity version [solc --version]
Repo with minimal set of deployable/reproducible contract code - please provide a link
Please include specifics on how you are deploying/calling the contract
Have you reproduced the issue on other eth clients

Additional Information (Add any of the following or anything else that may be relevant)

Besu setup info - genesis file, config options
System info - memory, CPU

rootmout commented 1 year ago

Do you find the solution? I'm facing the same issue :disappointed: (java.lang.IllegalArgumentException: Invalid point coordinates)

EDIT: was in my case a mismatch between public key (as announced in static-nodes file) and the private key stored by the node itself.

darkFunction commented 1 year ago

I'm seeing the same issue, but my private/public keys are correct

non-fungible-nelson commented 1 year ago

@macfarla - any ideas here?

macfarla commented 1 year ago

@pinges can you take a look at this one / suggest some troubleshooting steps?

nhorelik commented 1 year ago

seeing this issue as well. how would i verify if my private/public keys are correct?

pinges commented 1 year ago

I have written a quick shell script that allows you to generate the public key for a given private key for the secp256k1 curve. The format of the private key is the same as needed by besu: a file containing the hex string (leading 0x or not) that is 32 bytes (64 characters) long. You need to have openssl in the PATH. The output has the following format:

Private-Key: (256 bit)
priv:
    00:90:bc:42:59:e1:0c:21:5e:e7:81:a6:74:c1:72:
    8b:40:fd:8f:37:3a:54:22:f5:9d:0f:30:e6:98:e3:
    b9:9a:a7
pub:
    04:35:48:c8:7b:99:20:ff:16:aa:4b:dc:f0:1c:85:
    f2:51:17:a2:9a:e1:57:4d:75:9b:ad:48:cc:94:63:
    d8:e9:f7:c3:c1:d1:e9:fb:0d:28:e7:38:98:95:1f:
    90:e0:27:14:ab:b7:70:fd:6d:22:e9:03:71:88:2a:
    45:65:88:00:e9
ASN1 OID: secp256k1

where

priv: private key (32 bytes, or 64 hex characters)
pub: the public key (64 bytes, or 128 hex characters) prefixed with "04" (which means it is uncompressed)
ASN1 OID: string representation of the ASN1 Object Identifier of the secp256k1 curve.

The public key printed should be the same that you have passed into Besu, minus the leading "04".

Here is the script:

#!/bin/sh

temp_file1=$(mktemp)
cat "$1"  | tr -d '\n' | tail -c 64 > temp_file1
temp_file2=$(mktemp)
xxd -r -p -c 32 temp_file1 temp_file2
(printf '\x30\x3e\x02\x01\x00\x30\x10\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x05\x2b\x81\x04\x00\x0a\x04\x27\x30\x25\x02\x01\x01\x04\x20';  cat temp_file2;) > temp_file1
openssl pkey -inform der -in temp_file1 -noout -text
rm temp_file1 temp_file2

pinges commented 1 year ago

@binny1024 Looking at your stacktrace I can see that the public key that Besu is complaining about is from a message sent by another node. What kind of network are you running? Is that other node a Besu node as well? These keys are ephemeral keys and they are generated for a message. They have nothing to do with your node key.

hyperledger / besu