cleanup `getPersistentNetKeys` for better reuse (#3859)

Allow using `getPersistentNetKeys` without passing a `config`, and reuse
local helpers in its implementation.
This commit is contained in:
Etan Kissling 2022-07-13 23:26:16 +02:00 committed by GitHub
parent 806536a040
commit ee4e4ddeab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 68 additions and 107 deletions

View File

@ -2034,129 +2034,90 @@ proc initAddress(T: type MultiAddress, str: string): T =
template tcpEndPoint(address, port): auto = template tcpEndPoint(address, port): auto =
MultiAddress.init(address, tcpProtocol, port) MultiAddress.init(address, tcpProtocol, port)
proc optimisticgetRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair = func initNetKeys(privKey: PrivateKey): NetKeyPair =
let res = PrivateKey.random(Secp256k1, rng) let pubKey = privKey.getPublicKey().expect("working public key from random")
if res.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
NetKeyPair(seckey: privKey, pubkey: pubKey) NetKeyPair(seckey: privKey, pubkey: pubKey)
proc getPersistentNetKeys*(rng: var HmacDrbgContext, proc getRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
config: BeaconNodeConf): NetKeyPair = let privKey = PrivateKey.random(Secp256k1, rng).valueOr:
case config.cmd
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
if config.netKeyFile == "random":
let res = PrivateKey.random(Secp256k1, rng)
if res.isErr():
fatal "Could not generate random network key file" fatal "Could not generate random network key file"
quit QuitFailure quit QuitFailure
initNetKeys(privKey)
proc getPersistentNetKeys(
rng: var HmacDrbgContext,
dataDir, netKeyFile: string,
netKeyInsecurePassword: bool,
allowLoadExisting: bool): NetKeyPair =
if netKeyFile == "random":
let let
privKey = res.get() keys = rng.getRandomNetKeys()
pubKey = privKey.getPublicKey().expect("working public key from random") pres = PeerId.init(keys.pubkey).valueOr:
pres = PeerId.init(pubKey)
if pres.isErr():
fatal "Could not obtain PeerId from network key" fatal "Could not obtain PeerId from network key"
quit QuitFailure quit QuitFailure
info "Generating new networking key", network_public_key = pubKey, info "Generating new networking key",
network_peer_id = $pres.get() network_public_key = keys.pubkey, network_peer_id = $pres
NetKeyPair(seckey: privKey, pubkey: pubKey) keys
else: else:
let keyPath = let
if isAbsolute(config.netKeyFile):
config.netKeyFile
else:
config.dataDir / config.netKeyFile
if fileAccessible(keyPath, {AccessFlags.Find}):
info "Network key storage is present, unlocking", key_path = keyPath
# Insecure password used only for automated testing. # Insecure password used only for automated testing.
let insecurePassword = insecurePassword =
if config.netKeyInsecurePassword: if netKeyInsecurePassword:
some(NetworkInsecureKeyPassword) some(NetworkInsecureKeyPassword)
else: else:
none[string]() none[string]()
let res = loadNetKeystore(keyPath, insecurePassword) keyPath =
if res.isNone(): if isAbsolute(netKeyFile):
netKeyFile
else:
dataDir / netKeyFile
logScope: key_path = keyPath
if fileAccessible(keyPath, {AccessFlags.Find}) and allowLoadExisting:
info "Network key storage is present, unlocking"
let
privKey = loadNetKeystore(keyPath, insecurePassword).valueOr:
fatal "Could not load network key file" fatal "Could not load network key file"
quit QuitFailure quit QuitFailure
let keys = initNetKeys(privKey)
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from file")
info "Network key storage was successfully unlocked", info "Network key storage was successfully unlocked",
key_path = keyPath, network_public_key = pubKey network_public_key = keys.pubkey
NetKeyPair(seckey: privKey, pubkey: pubKey) keys
else: else:
if allowLoadExisting:
info "Network key storage is missing, creating a new one", info "Network key storage is missing, creating a new one",
key_path = keyPath key_path = keyPath
let rres = PrivateKey.random(Secp256k1, rng)
if rres.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let let
privKey = rres.get() keys = rng.getRandomNetKeys()
pubKey = privKey.getPublicKey().expect("working public key from random") sres = saveNetKeystore(rng, keyPath, keys.seckey, insecurePassword)
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
if sres.isErr(): if sres.isErr():
fatal "Could not create network key file", key_path = keyPath fatal "Could not create network key file"
quit QuitFailure quit QuitFailure
info "New network key storage was created", key_path = keyPath, info "New network key storage was created",
network_public_key = pubKey network_public_key = keys.pubkey
NetKeyPair(seckey: privKey, pubkey: pubKey) keys
proc getPersistentNetKeys*(
rng: var HmacDrbgContext, config: BeaconNodeConf): NetKeyPair =
case config.cmd
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
rng.getPersistentNetKeys(
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
allowLoadExisting = true)
of BNStartUpCmd.createTestnet: of BNStartUpCmd.createTestnet:
if config.netKeyFile == "random": if config.netKeyFile == "random":
fatal "Could not create testnet using `random` network key" fatal "Could not create testnet using `random` network key"
quit QuitFailure quit QuitFailure
let keyPath = rng.getPersistentNetKeys(
if isAbsolute(config.netKeyFile): string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
config.netKeyFile allowLoadExisting = false)
else: else:
config.dataDir / config.netKeyFile rng.getRandomNetKeys()
let rres = PrivateKey.random(Secp256k1, rng)
if rres.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = rres.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
if sres.isErr():
fatal "Could not create network key file", key_path = keyPath
quit QuitFailure
info "New network key storage was created", key_path = keyPath,
network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
else:
optimisticgetRandomNetKeys(rng)
func gossipId( func gossipId(
data: openArray[byte], altairPrefix, topic: string): seq[byte] = data: openArray[byte], altairPrefix, topic: string): seq[byte] =

View File

@ -75,7 +75,7 @@ programMain:
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
rng = keys.newRng() rng = keys.newRng()
netKeys = optimisticgetRandomNetKeys(rng[]) netKeys = getRandomNetKeys(rng[])
network = createEth2Node( network = createEth2Node(
rng, config, netKeys, cfg, rng, config, netKeys, cfg,
forkDigests, getBeaconTime, genesis_validators_root) forkDigests, getBeaconTime, genesis_validators_root)

View File

@ -639,7 +639,7 @@ proc mapErrTo*[T, E](r: Result[T, E], v: static KeystoreGenerationErrorKind):
KeystoreGenerationError(kind: v, error: $e)) KeystoreGenerationError(kind: v, error: $e))
proc loadNetKeystore*(keystorePath: string, proc loadNetKeystore*(keystorePath: string,
insecurePwd: Option[string]): Option[lcrypto.PrivateKey] = insecurePwd: Option[string]): Opt[lcrypto.PrivateKey] =
if not(checkSensitiveFilePermissions(keystorePath)): if not(checkSensitiveFilePermissions(keystorePath)):
error "Network keystorage file has insecure permissions", error "Network keystorage file has insecure permissions",
@ -662,7 +662,7 @@ proc loadNetKeystore*(keystorePath: string,
let decrypted = decryptNetKeystore(keyStore, let decrypted = decryptNetKeystore(keyStore,
KeystorePass.init(insecurePwd.get())) KeystorePass.init(insecurePwd.get()))
if decrypted.isOk: if decrypted.isOk:
return some(decrypted.get()) return ok(decrypted.get())
else: else:
error "Network keystore decryption failed", key_store = keystorePath error "Network keystore decryption failed", key_store = keystorePath
return return
@ -676,7 +676,7 @@ proc loadNetKeystore*(keystorePath: string,
decrypted decrypted
) )
if res.isOk(): if res.isOk():
some(res.get()) ok(res.get())
else: else:
return return