cleanup `getPersistentNetKeys` for better reuse (#3859)

Allow using `getPersistentNetKeys` without passing a `config`, and reuse
local helpers in its implementation.
This commit is contained in:
Etan Kissling 2022-07-13 23:26:16 +02:00 committed by GitHub
parent 806536a040
commit ee4e4ddeab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 68 additions and 107 deletions

View File

@ -2034,129 +2034,90 @@ proc initAddress(T: type MultiAddress, str: string): T =
template tcpEndPoint(address, port): auto = template tcpEndPoint(address, port): auto =
MultiAddress.init(address, tcpProtocol, port) MultiAddress.init(address, tcpProtocol, port)
proc optimisticgetRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair = func initNetKeys(privKey: PrivateKey): NetKeyPair =
let res = PrivateKey.random(Secp256k1, rng) let pubKey = privKey.getPublicKey().expect("working public key from random")
if res.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
NetKeyPair(seckey: privKey, pubkey: pubKey) NetKeyPair(seckey: privKey, pubkey: pubKey)
proc getPersistentNetKeys*(rng: var HmacDrbgContext, proc getRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
config: BeaconNodeConf): NetKeyPair = let privKey = PrivateKey.random(Secp256k1, rng).valueOr:
case config.cmd fatal "Could not generate random network key file"
of BNStartUpCmd.noCommand, BNStartUpCmd.record: quit QuitFailure
if config.netKeyFile == "random": initNetKeys(privKey)
let res = PrivateKey.random(Secp256k1, rng)
if res.isErr(): proc getPersistentNetKeys(
fatal "Could not generate random network key file" rng: var HmacDrbgContext,
quit QuitFailure dataDir, netKeyFile: string,
let netKeyInsecurePassword: bool,
privKey = res.get() allowLoadExisting: bool): NetKeyPair =
pubKey = privKey.getPublicKey().expect("working public key from random") if netKeyFile == "random":
pres = PeerId.init(pubKey) let
if pres.isErr(): keys = rng.getRandomNetKeys()
pres = PeerId.init(keys.pubkey).valueOr:
fatal "Could not obtain PeerId from network key" fatal "Could not obtain PeerId from network key"
quit QuitFailure quit QuitFailure
info "Generating new networking key", network_public_key = pubKey, info "Generating new networking key",
network_peer_id = $pres.get() network_public_key = keys.pubkey, network_peer_id = $pres
NetKeyPair(seckey: privKey, pubkey: pubKey) keys
else: else:
let keyPath = let
if isAbsolute(config.netKeyFile): # Insecure password used only for automated testing.
config.netKeyFile insecurePassword =
if netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else: else:
config.dataDir / config.netKeyFile none[string]()
if fileAccessible(keyPath, {AccessFlags.Find}): keyPath =
info "Network key storage is present, unlocking", key_path = keyPath if isAbsolute(netKeyFile):
netKeyFile
else:
dataDir / netKeyFile
logScope: key_path = keyPath
# Insecure password used only for automated testing. if fileAccessible(keyPath, {AccessFlags.Find}) and allowLoadExisting:
let insecurePassword = info "Network key storage is present, unlocking"
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let res = loadNetKeystore(keyPath, insecurePassword) let
if res.isNone(): privKey = loadNetKeystore(keyPath, insecurePassword).valueOr:
fatal "Could not load network key file" fatal "Could not load network key file"
quit QuitFailure quit QuitFailure
let keys = initNetKeys(privKey)
privKey = res.get() info "Network key storage was successfully unlocked",
pubKey = privKey.getPublicKey().expect("working public key from file") network_public_key = keys.pubkey
info "Network key storage was successfully unlocked", keys
key_path = keyPath, network_public_key = pubKey else:
NetKeyPair(seckey: privKey, pubkey: pubKey) if allowLoadExisting:
else:
info "Network key storage is missing, creating a new one", info "Network key storage is missing, creating a new one",
key_path = keyPath key_path = keyPath
let rres = PrivateKey.random(Secp256k1, rng) let
if rres.isErr(): keys = rng.getRandomNetKeys()
fatal "Could not generate random network key file" sres = saveNetKeystore(rng, keyPath, keys.seckey, insecurePassword)
quit QuitFailure if sres.isErr():
fatal "Could not create network key file"
quit QuitFailure
let info "New network key storage was created",
privKey = rres.get() network_public_key = keys.pubkey
pubKey = privKey.getPublicKey().expect("working public key from random") keys
# Insecure password used only for automated testing. proc getPersistentNetKeys*(
let insecurePassword = rng: var HmacDrbgContext, config: BeaconNodeConf): NetKeyPair =
if config.netKeyInsecurePassword: case config.cmd
some(NetworkInsecureKeyPassword) of BNStartUpCmd.noCommand, BNStartUpCmd.record:
else: rng.getPersistentNetKeys(
none[string]() string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
allowLoadExisting = true)
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
if sres.isErr():
fatal "Could not create network key file", key_path = keyPath
quit QuitFailure
info "New network key storage was created", key_path = keyPath,
network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
of BNStartUpCmd.createTestnet: of BNStartUpCmd.createTestnet:
if config.netKeyFile == "random": if config.netKeyFile == "random":
fatal "Could not create testnet using `random` network key" fatal "Could not create testnet using `random` network key"
quit QuitFailure quit QuitFailure
let keyPath = rng.getPersistentNetKeys(
if isAbsolute(config.netKeyFile): string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
config.netKeyFile allowLoadExisting = false)
else:
config.dataDir / config.netKeyFile
let rres = PrivateKey.random(Secp256k1, rng)
if rres.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = rres.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
if sres.isErr():
fatal "Could not create network key file", key_path = keyPath
quit QuitFailure
info "New network key storage was created", key_path = keyPath,
network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
else: else:
optimisticgetRandomNetKeys(rng) rng.getRandomNetKeys()
func gossipId( func gossipId(
data: openArray[byte], altairPrefix, topic: string): seq[byte] = data: openArray[byte], altairPrefix, topic: string): seq[byte] =

View File

@ -75,7 +75,7 @@ programMain:
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
rng = keys.newRng() rng = keys.newRng()
netKeys = optimisticgetRandomNetKeys(rng[]) netKeys = getRandomNetKeys(rng[])
network = createEth2Node( network = createEth2Node(
rng, config, netKeys, cfg, rng, config, netKeys, cfg,
forkDigests, getBeaconTime, genesis_validators_root) forkDigests, getBeaconTime, genesis_validators_root)

View File

@ -639,7 +639,7 @@ proc mapErrTo*[T, E](r: Result[T, E], v: static KeystoreGenerationErrorKind):
KeystoreGenerationError(kind: v, error: $e)) KeystoreGenerationError(kind: v, error: $e))
proc loadNetKeystore*(keystorePath: string, proc loadNetKeystore*(keystorePath: string,
insecurePwd: Option[string]): Option[lcrypto.PrivateKey] = insecurePwd: Option[string]): Opt[lcrypto.PrivateKey] =
if not(checkSensitiveFilePermissions(keystorePath)): if not(checkSensitiveFilePermissions(keystorePath)):
error "Network keystorage file has insecure permissions", error "Network keystorage file has insecure permissions",
@ -662,7 +662,7 @@ proc loadNetKeystore*(keystorePath: string,
let decrypted = decryptNetKeystore(keyStore, let decrypted = decryptNetKeystore(keyStore,
KeystorePass.init(insecurePwd.get())) KeystorePass.init(insecurePwd.get()))
if decrypted.isOk: if decrypted.isOk:
return some(decrypted.get()) return ok(decrypted.get())
else: else:
error "Network keystore decryption failed", key_store = keystorePath error "Network keystore decryption failed", key_store = keystorePath
return return
@ -676,7 +676,7 @@ proc loadNetKeystore*(keystorePath: string,
decrypted decrypted
) )
if res.isOk(): if res.isOk():
some(res.get()) ok(res.get())
else: else:
return return