Add insecure password for automated testing.

Fix checkDataDir to run before setupLogging.

beacon_chain/beacon_node.nim

@@ -900,7 +900,7 @@ proc createPidFile(filename: string) =
 
 proc checkDataDir(conf: BeaconNodeConf) =
   ## Checks `conf.dataDir`.
-  ## If folder exists, prcoedure will check it for access and
+  ## If folder exists, procedure will check it for access and
   ## permissions `0750 (rwxr-x---)`, if folder do not exists it will be created
   ## with permissions `0750 (rwxr-x---)`.
   let dataDir = string(conf.dataDir)
@@ -1136,6 +1136,8 @@ programMain:
     # This is ref so we can mutate it (to erase it) after the initial loading.
     stateSnapshotContents: ref string
 
+  checkDataDir(config)
+
   setupLogging(config.logLevel, config.logFile)
 
   if config.eth2Network.isSome:
@@ -1173,8 +1175,6 @@ programMain:
 
   case config.cmd
   of createTestnet:
-    checkDataDir(config)
-
     let launchPadDeposits = try:
       Json.loadFile(config.testnetDepositsFile.string, seq[LaunchPadDeposit])
     except SerializationError as err:
@@ -1235,8 +1235,6 @@ programMain:
           cmdParams = commandLineParams(),
           config
 
-    checkDataDir(config)
-
     createPidFile(config.dataDir.string / "beacon_node.pid")
 
     config.createDumpDirs()

beacon_chain/conf.nim

@@ -224,6 +224,12 @@ type
               "(random|<path>) (default: random)"
         name: "netkey-file" }: string
 
+      netKeyInsecurePassword* {.
+        defaultValue: false,
+        desc: "Use pre-generated INSECURE password for network private key " &
+              "file (default: false)"
+        name: "insecure-netkey-password" }: bool
+
     of createTestnet:
       testnetDepositsFile* {.
         desc: "A LaunchPad deposits file for the genesis state validators"
@@ -275,6 +281,12 @@ type
         desc: "Output file with network private key for the network"
         name: "netkey-file" }: OutFile
 
+      outputNetKeyInsecurePassword* {.
+        defaultValue: false,
+        desc: "Use pre-generated INSECURE password for network private key " &
+              "file (default: false)"
+        name: "insecure-netkey-password" }: bool
+
     of wallets:
       case walletsCmd* {.command.}: WalletsCmd
       of WalletsCmd.create:

beacon_chain/eth2_network.nim

@@ -272,6 +272,9 @@ const
 when libp2p_pki_schemes != "secp256k1":
   {.fatal: "Incorrect building process, please use -d:\"libp2p_pki_schemes=secp256k1\"".}
 
+const
+  NetworkInsecureKeyPassword = "INSECUREPASSWORD"
+
 template libp2pProtocol*(name: string, version: int) {.pragma.}
 
 func shortLog*(peer: Peer): string = shortLog(peer.info.peerId)
@@ -1221,7 +1224,15 @@ proc getPersistentNetKeys*(rng: var BrHmacDrbgContext,
 
       if fileAccessible(keyPath, {AccessFlags.Find}):
         info "Network key storage is present, unlocking", key_path = keyPath
-        let res = loadNetKeystore(keyPath)
+
+        # Insecure password used only for automated testing.
+        let insecurePassword =
+          if conf.netKeyInsecurePassword:
+            some(NetworkInsecureKeyPassword)
+          else:
+            none[string]()
+
+        let res = loadNetKeystore(keyPath, insecurePassword)
         if res.isNone():
           fatal "Could not load network key file"
           quit QuitFailure
@@ -1242,7 +1253,14 @@ proc getPersistentNetKeys*(rng: var BrHmacDrbgContext,
         let privKey = rres.get()
         let pubKey = privKey.getKey().tryGet()
 
-        let sres = saveNetKeystore(rng, keyPath, privKey)
+        # Insecure password used only for automated testing.
+        let insecurePassword =
+          if conf.netKeyInsecurePassword:
+            some(NetworkInsecureKeyPassword)
+          else:
+            none[string]()
+
+        let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
         if sres.isErr():
           fatal "Could not create network key file", key_path = keyPath
           quit QuitFailure
@@ -1267,7 +1285,14 @@ proc getPersistentNetKeys*(rng: var BrHmacDrbgContext,
     let privKey = rres.get()
     let pubKey = privKey.getKey().tryGet()
 
-    let sres = saveNetKeystore(rng, keyPath, privKey)
+    # Insecure password used only for automated testing.
+    let insecurePassword =
+      if conf.outputNetKeyInsecurePassword:
+        some(NetworkInsecureKeyPassword)
+      else:
+        none[string]()
+
+    let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
     if sres.isErr():
       fatal "Could not create network key file"
       quit QuitFailure

beacon_chain/keystore_management.nim

@@ -131,7 +131,8 @@ type
     FailedToCreateSecretFile
     FailedToCreateKeystoreFile
 
-proc loadNetKeystore*(keyStorePath: string): Option[lcrypto.PrivateKey] =
+proc loadNetKeystore*(keyStorePath: string,
+                      insecurePwd: Option[string]): Option[lcrypto.PrivateKey] =
   when defined(windows):
     # Windows do not support per-user permissions, skiping verification part.
     discard
@@ -167,60 +168,75 @@ proc loadNetKeystore*(keyStorePath: string): Option[lcrypto.PrivateKey] =
       error "Invalid network keystore", err = err.formatMsg(keystorePath)
       return
 
-  var remainingAttempts = 3
+  if insecurePwd.isSome():
-  var counter = 0
+    warn "Using insecure password to unlock networking key"
-  var prompt = "Please enter passphrase to unlock networking key: "
+    let decrypted = decryptNetKeystore(keystore, KeystorePass insecurePwd.get())
-  while remainingAttempts > 0:
-    let passphrase = KeystorePass:
-      try:
-        readPasswordFromStdin(prompt)
-      except IOError:
-        error "Could not read password from stdin"
-        return
-
-    let decrypted = decryptNetKeystore(keystore, passphrase)
     if decrypted.isOk:
       return some(decrypted.get())
     else:
-      dec remainingAttempts
-      inc counter
-      os.sleep(1000 * counter)
       error "Network keystore decryption failed", key_store = keyStorePath
+      return
+  else:
+    var remainingAttempts = 3
+    var counter = 0
+    var prompt = "Please enter passphrase to unlock networking key: "
+    while remainingAttempts > 0:
+      let passphrase = KeystorePass:
+        try:
+          readPasswordFromStdin(prompt)
+        except IOError:
+          error "Could not read password from stdin"
+          return
+
+      let decrypted = decryptNetKeystore(keystore, passphrase)
+      if decrypted.isOk:
+        return some(decrypted.get())
+      else:
+        dec remainingAttempts
+        inc counter
+        os.sleep(1000 * counter)
+        error "Network keystore decryption failed", key_store = keyStorePath
 
 proc saveNetKeystore*(rng: var BrHmacDrbgContext, keyStorePath: string,
-            netKey: lcrypto.PrivateKey): Result[void, KeystoreGenerationError] =
+                      netKey: lcrypto.PrivateKey, insecurePwd: Option[string]
+                     ): Result[void, KeystoreGenerationError] =
   var password, confirmedPassword: TaintedString
-  while true:
+  if insecurePwd.isSome():
-    let prompt = "Please enter NEW password to lock network key storage: "
+    warn "Using insecure password to lock networking key"
+    password = insecurePwd.get()
+  else:
+    while true:
+      let prompt = "Please enter NEW password to lock network key storage: "
 
-    password =
+      password =
-      try:
+        try:
-        readPasswordFromStdin(prompt)
+          readPasswordFromStdin(prompt)
-      except IOError:
+        except IOError:
-        error "Could not read password from stdin"
+          error "Could not read password from stdin"
-        return err(FailedToCreateKeystoreFile)
+          return err(FailedToCreateKeystoreFile)
 
-    if len(password) < minPasswordLen:
+      if len(password) < minPasswordLen:
-      echo "The entered password should be at least ", minPasswordLen,
+        echo "The entered password should be at least ", minPasswordLen,
-           " characters"
+             " characters"
-      continue
+        continue
-    elif password in mostCommonPasswords:
+      elif password in mostCommonPasswords:
-      echo80 "The entered password is too commonly used and it would be easy " &
+        echo80 "The entered password is too commonly used and it would be " &
-             "to brute-force with automated tools."
+               "easy to brute-force with automated tools."
-      continue
+        continue
 
-    confirmedPassword =
+      confirmedPassword =
-      try:
+        try:
-        readPasswordFromStdin("Please confirm, network key storage password: ")
+          readPasswordFromStdin("Please confirm, network key storage " &
-      except IOError:
+                                "password: ")
-        error "Could not read password from stdin"
+        except IOError:
-        return err(FailedToCreateKeystoreFile)
+          error "Could not read password from stdin"
+          return err(FailedToCreateKeystoreFile)
 
-    if password != confirmedPassword:
+      if password != confirmedPassword:
-      echo "Passwords don't match, please try again"
+        echo "Passwords don't match, please try again"
-      continue
+        continue
 
-    break
+      break
 
   let keyStore = createNetKeystore(kdfScrypt, rng, netKey,
                                    KeystorePass password)