cleanup `getPersistentNetKeys` for better reuse (#3859)
Allow using `getPersistentNetKeys` without passing a `config`, and reuse local helpers in its implementation.
This commit is contained in:
parent
806536a040
commit
ee4e4ddeab
|
@ -2034,129 +2034,90 @@ proc initAddress(T: type MultiAddress, str: string): T =
|
||||||
template tcpEndPoint(address, port): auto =
|
template tcpEndPoint(address, port): auto =
|
||||||
MultiAddress.init(address, tcpProtocol, port)
|
MultiAddress.init(address, tcpProtocol, port)
|
||||||
|
|
||||||
proc optimisticgetRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
|
func initNetKeys(privKey: PrivateKey): NetKeyPair =
|
||||||
let res = PrivateKey.random(Secp256k1, rng)
|
let pubKey = privKey.getPublicKey().expect("working public key from random")
|
||||||
if res.isErr():
|
|
||||||
fatal "Could not generate random network key file"
|
|
||||||
quit QuitFailure
|
|
||||||
|
|
||||||
let
|
|
||||||
privKey = res.get()
|
|
||||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
|
||||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
||||||
|
|
||||||
proc getPersistentNetKeys*(rng: var HmacDrbgContext,
|
proc getRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
|
||||||
config: BeaconNodeConf): NetKeyPair =
|
let privKey = PrivateKey.random(Secp256k1, rng).valueOr:
|
||||||
case config.cmd
|
fatal "Could not generate random network key file"
|
||||||
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
|
quit QuitFailure
|
||||||
if config.netKeyFile == "random":
|
initNetKeys(privKey)
|
||||||
let res = PrivateKey.random(Secp256k1, rng)
|
|
||||||
if res.isErr():
|
proc getPersistentNetKeys(
|
||||||
fatal "Could not generate random network key file"
|
rng: var HmacDrbgContext,
|
||||||
quit QuitFailure
|
dataDir, netKeyFile: string,
|
||||||
let
|
netKeyInsecurePassword: bool,
|
||||||
privKey = res.get()
|
allowLoadExisting: bool): NetKeyPair =
|
||||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
if netKeyFile == "random":
|
||||||
pres = PeerId.init(pubKey)
|
let
|
||||||
if pres.isErr():
|
keys = rng.getRandomNetKeys()
|
||||||
|
pres = PeerId.init(keys.pubkey).valueOr:
|
||||||
fatal "Could not obtain PeerId from network key"
|
fatal "Could not obtain PeerId from network key"
|
||||||
quit QuitFailure
|
quit QuitFailure
|
||||||
info "Generating new networking key", network_public_key = pubKey,
|
info "Generating new networking key",
|
||||||
network_peer_id = $pres.get()
|
network_public_key = keys.pubkey, network_peer_id = $pres
|
||||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
keys
|
||||||
else:
|
else:
|
||||||
let keyPath =
|
let
|
||||||
if isAbsolute(config.netKeyFile):
|
# Insecure password used only for automated testing.
|
||||||
config.netKeyFile
|
insecurePassword =
|
||||||
|
if netKeyInsecurePassword:
|
||||||
|
some(NetworkInsecureKeyPassword)
|
||||||
else:
|
else:
|
||||||
config.dataDir / config.netKeyFile
|
none[string]()
|
||||||
|
|
||||||
if fileAccessible(keyPath, {AccessFlags.Find}):
|
keyPath =
|
||||||
info "Network key storage is present, unlocking", key_path = keyPath
|
if isAbsolute(netKeyFile):
|
||||||
|
netKeyFile
|
||||||
|
else:
|
||||||
|
dataDir / netKeyFile
|
||||||
|
logScope: key_path = keyPath
|
||||||
|
|
||||||
# Insecure password used only for automated testing.
|
if fileAccessible(keyPath, {AccessFlags.Find}) and allowLoadExisting:
|
||||||
let insecurePassword =
|
info "Network key storage is present, unlocking"
|
||||||
if config.netKeyInsecurePassword:
|
|
||||||
some(NetworkInsecureKeyPassword)
|
|
||||||
else:
|
|
||||||
none[string]()
|
|
||||||
|
|
||||||
let res = loadNetKeystore(keyPath, insecurePassword)
|
let
|
||||||
if res.isNone():
|
privKey = loadNetKeystore(keyPath, insecurePassword).valueOr:
|
||||||
fatal "Could not load network key file"
|
fatal "Could not load network key file"
|
||||||
quit QuitFailure
|
quit QuitFailure
|
||||||
let
|
keys = initNetKeys(privKey)
|
||||||
privKey = res.get()
|
info "Network key storage was successfully unlocked",
|
||||||
pubKey = privKey.getPublicKey().expect("working public key from file")
|
network_public_key = keys.pubkey
|
||||||
info "Network key storage was successfully unlocked",
|
keys
|
||||||
key_path = keyPath, network_public_key = pubKey
|
else:
|
||||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
if allowLoadExisting:
|
||||||
else:
|
|
||||||
info "Network key storage is missing, creating a new one",
|
info "Network key storage is missing, creating a new one",
|
||||||
key_path = keyPath
|
key_path = keyPath
|
||||||
let rres = PrivateKey.random(Secp256k1, rng)
|
let
|
||||||
if rres.isErr():
|
keys = rng.getRandomNetKeys()
|
||||||
fatal "Could not generate random network key file"
|
sres = saveNetKeystore(rng, keyPath, keys.seckey, insecurePassword)
|
||||||
quit QuitFailure
|
if sres.isErr():
|
||||||
|
fatal "Could not create network key file"
|
||||||
|
quit QuitFailure
|
||||||
|
|
||||||
let
|
info "New network key storage was created",
|
||||||
privKey = rres.get()
|
network_public_key = keys.pubkey
|
||||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
keys
|
||||||
|
|
||||||
# Insecure password used only for automated testing.
|
proc getPersistentNetKeys*(
|
||||||
let insecurePassword =
|
rng: var HmacDrbgContext, config: BeaconNodeConf): NetKeyPair =
|
||||||
if config.netKeyInsecurePassword:
|
case config.cmd
|
||||||
some(NetworkInsecureKeyPassword)
|
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
|
||||||
else:
|
rng.getPersistentNetKeys(
|
||||||
none[string]()
|
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
|
||||||
|
allowLoadExisting = true)
|
||||||
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
|
|
||||||
if sres.isErr():
|
|
||||||
fatal "Could not create network key file", key_path = keyPath
|
|
||||||
quit QuitFailure
|
|
||||||
|
|
||||||
info "New network key storage was created", key_path = keyPath,
|
|
||||||
network_public_key = pubKey
|
|
||||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
|
||||||
|
|
||||||
of BNStartUpCmd.createTestnet:
|
of BNStartUpCmd.createTestnet:
|
||||||
if config.netKeyFile == "random":
|
if config.netKeyFile == "random":
|
||||||
fatal "Could not create testnet using `random` network key"
|
fatal "Could not create testnet using `random` network key"
|
||||||
quit QuitFailure
|
quit QuitFailure
|
||||||
|
|
||||||
let keyPath =
|
rng.getPersistentNetKeys(
|
||||||
if isAbsolute(config.netKeyFile):
|
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
|
||||||
config.netKeyFile
|
allowLoadExisting = false)
|
||||||
else:
|
|
||||||
config.dataDir / config.netKeyFile
|
|
||||||
|
|
||||||
let rres = PrivateKey.random(Secp256k1, rng)
|
|
||||||
if rres.isErr():
|
|
||||||
fatal "Could not generate random network key file"
|
|
||||||
quit QuitFailure
|
|
||||||
|
|
||||||
let
|
|
||||||
privKey = rres.get()
|
|
||||||
pubKey = privKey.getPublicKey().expect("working public key from random")
|
|
||||||
|
|
||||||
# Insecure password used only for automated testing.
|
|
||||||
let insecurePassword =
|
|
||||||
if config.netKeyInsecurePassword:
|
|
||||||
some(NetworkInsecureKeyPassword)
|
|
||||||
else:
|
|
||||||
none[string]()
|
|
||||||
|
|
||||||
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
|
|
||||||
if sres.isErr():
|
|
||||||
fatal "Could not create network key file", key_path = keyPath
|
|
||||||
quit QuitFailure
|
|
||||||
|
|
||||||
info "New network key storage was created", key_path = keyPath,
|
|
||||||
network_public_key = pubKey
|
|
||||||
|
|
||||||
NetKeyPair(seckey: privKey, pubkey: pubKey)
|
|
||||||
else:
|
else:
|
||||||
optimisticgetRandomNetKeys(rng)
|
rng.getRandomNetKeys()
|
||||||
|
|
||||||
func gossipId(
|
func gossipId(
|
||||||
data: openArray[byte], altairPrefix, topic: string): seq[byte] =
|
data: openArray[byte], altairPrefix, topic: string): seq[byte] =
|
||||||
|
|
|
@ -75,7 +75,7 @@ programMain:
|
||||||
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
|
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
|
||||||
|
|
||||||
rng = keys.newRng()
|
rng = keys.newRng()
|
||||||
netKeys = optimisticgetRandomNetKeys(rng[])
|
netKeys = getRandomNetKeys(rng[])
|
||||||
network = createEth2Node(
|
network = createEth2Node(
|
||||||
rng, config, netKeys, cfg,
|
rng, config, netKeys, cfg,
|
||||||
forkDigests, getBeaconTime, genesis_validators_root)
|
forkDigests, getBeaconTime, genesis_validators_root)
|
||||||
|
|
|
@ -639,7 +639,7 @@ proc mapErrTo*[T, E](r: Result[T, E], v: static KeystoreGenerationErrorKind):
|
||||||
KeystoreGenerationError(kind: v, error: $e))
|
KeystoreGenerationError(kind: v, error: $e))
|
||||||
|
|
||||||
proc loadNetKeystore*(keystorePath: string,
|
proc loadNetKeystore*(keystorePath: string,
|
||||||
insecurePwd: Option[string]): Option[lcrypto.PrivateKey] =
|
insecurePwd: Option[string]): Opt[lcrypto.PrivateKey] =
|
||||||
|
|
||||||
if not(checkSensitiveFilePermissions(keystorePath)):
|
if not(checkSensitiveFilePermissions(keystorePath)):
|
||||||
error "Network keystorage file has insecure permissions",
|
error "Network keystorage file has insecure permissions",
|
||||||
|
@ -662,7 +662,7 @@ proc loadNetKeystore*(keystorePath: string,
|
||||||
let decrypted = decryptNetKeystore(keyStore,
|
let decrypted = decryptNetKeystore(keyStore,
|
||||||
KeystorePass.init(insecurePwd.get()))
|
KeystorePass.init(insecurePwd.get()))
|
||||||
if decrypted.isOk:
|
if decrypted.isOk:
|
||||||
return some(decrypted.get())
|
return ok(decrypted.get())
|
||||||
else:
|
else:
|
||||||
error "Network keystore decryption failed", key_store = keystorePath
|
error "Network keystore decryption failed", key_store = keystorePath
|
||||||
return
|
return
|
||||||
|
@ -676,7 +676,7 @@ proc loadNetKeystore*(keystorePath: string,
|
||||||
decrypted
|
decrypted
|
||||||
)
|
)
|
||||||
if res.isOk():
|
if res.isOk():
|
||||||
some(res.get())
|
ok(res.get())
|
||||||
else:
|
else:
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue