cleanup `getPersistentNetKeys` for better reuse (#3859)

Allow using `getPersistentNetKeys` without passing a `config`, and reuse
local helpers in its implementation.
This commit is contained in:
Etan Kissling 2022-07-13 23:26:16 +02:00 committed by GitHub
parent 806536a040
commit ee4e4ddeab
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 68 additions and 107 deletions

View File

@ -2034,129 +2034,90 @@ proc initAddress(T: type MultiAddress, str: string): T =
template tcpEndPoint(address, port): auto =
MultiAddress.init(address, tcpProtocol, port)
proc optimisticgetRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
let res = PrivateKey.random(Secp256k1, rng)
if res.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
func initNetKeys(privKey: PrivateKey): NetKeyPair =
let pubKey = privKey.getPublicKey().expect("working public key from random")
NetKeyPair(seckey: privKey, pubkey: pubKey)
proc getPersistentNetKeys*(rng: var HmacDrbgContext,
config: BeaconNodeConf): NetKeyPair =
case config.cmd
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
if config.netKeyFile == "random":
let res = PrivateKey.random(Secp256k1, rng)
if res.isErr():
proc getRandomNetKeys*(rng: var HmacDrbgContext): NetKeyPair =
let privKey = PrivateKey.random(Secp256k1, rng).valueOr:
fatal "Could not generate random network key file"
quit QuitFailure
initNetKeys(privKey)
proc getPersistentNetKeys(
rng: var HmacDrbgContext,
dataDir, netKeyFile: string,
netKeyInsecurePassword: bool,
allowLoadExisting: bool): NetKeyPair =
if netKeyFile == "random":
let
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
pres = PeerId.init(pubKey)
if pres.isErr():
keys = rng.getRandomNetKeys()
pres = PeerId.init(keys.pubkey).valueOr:
fatal "Could not obtain PeerId from network key"
quit QuitFailure
info "Generating new networking key", network_public_key = pubKey,
network_peer_id = $pres.get()
NetKeyPair(seckey: privKey, pubkey: pubKey)
info "Generating new networking key",
network_public_key = keys.pubkey, network_peer_id = $pres
keys
else:
let keyPath =
if isAbsolute(config.netKeyFile):
config.netKeyFile
else:
config.dataDir / config.netKeyFile
if fileAccessible(keyPath, {AccessFlags.Find}):
info "Network key storage is present, unlocking", key_path = keyPath
let
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
insecurePassword =
if netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let res = loadNetKeystore(keyPath, insecurePassword)
if res.isNone():
keyPath =
if isAbsolute(netKeyFile):
netKeyFile
else:
dataDir / netKeyFile
logScope: key_path = keyPath
if fileAccessible(keyPath, {AccessFlags.Find}) and allowLoadExisting:
info "Network key storage is present, unlocking"
let
privKey = loadNetKeystore(keyPath, insecurePassword).valueOr:
fatal "Could not load network key file"
quit QuitFailure
let
privKey = res.get()
pubKey = privKey.getPublicKey().expect("working public key from file")
keys = initNetKeys(privKey)
info "Network key storage was successfully unlocked",
key_path = keyPath, network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
network_public_key = keys.pubkey
keys
else:
if allowLoadExisting:
info "Network key storage is missing, creating a new one",
key_path = keyPath
let rres = PrivateKey.random(Secp256k1, rng)
if rres.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = rres.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
keys = rng.getRandomNetKeys()
sres = saveNetKeystore(rng, keyPath, keys.seckey, insecurePassword)
if sres.isErr():
fatal "Could not create network key file", key_path = keyPath
fatal "Could not create network key file"
quit QuitFailure
info "New network key storage was created", key_path = keyPath,
network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
info "New network key storage was created",
network_public_key = keys.pubkey
keys
proc getPersistentNetKeys*(
rng: var HmacDrbgContext, config: BeaconNodeConf): NetKeyPair =
case config.cmd
of BNStartUpCmd.noCommand, BNStartUpCmd.record:
rng.getPersistentNetKeys(
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
allowLoadExisting = true)
of BNStartUpCmd.createTestnet:
if config.netKeyFile == "random":
fatal "Could not create testnet using `random` network key"
quit QuitFailure
let keyPath =
if isAbsolute(config.netKeyFile):
config.netKeyFile
rng.getPersistentNetKeys(
string(config.dataDir), config.netKeyFile, config.netKeyInsecurePassword,
allowLoadExisting = false)
else:
config.dataDir / config.netKeyFile
let rres = PrivateKey.random(Secp256k1, rng)
if rres.isErr():
fatal "Could not generate random network key file"
quit QuitFailure
let
privKey = rres.get()
pubKey = privKey.getPublicKey().expect("working public key from random")
# Insecure password used only for automated testing.
let insecurePassword =
if config.netKeyInsecurePassword:
some(NetworkInsecureKeyPassword)
else:
none[string]()
let sres = saveNetKeystore(rng, keyPath, privKey, insecurePassword)
if sres.isErr():
fatal "Could not create network key file", key_path = keyPath
quit QuitFailure
info "New network key storage was created", key_path = keyPath,
network_public_key = pubKey
NetKeyPair(seckey: privKey, pubkey: pubKey)
else:
optimisticgetRandomNetKeys(rng)
rng.getRandomNetKeys()
func gossipId(
data: openArray[byte], altairPrefix, topic: string): seq[byte] =

View File

@ -75,7 +75,7 @@ programMain:
genesisBlockRoot = get_initial_beacon_block(genesisState[]).root
rng = keys.newRng()
netKeys = optimisticgetRandomNetKeys(rng[])
netKeys = getRandomNetKeys(rng[])
network = createEth2Node(
rng, config, netKeys, cfg,
forkDigests, getBeaconTime, genesis_validators_root)

View File

@ -639,7 +639,7 @@ proc mapErrTo*[T, E](r: Result[T, E], v: static KeystoreGenerationErrorKind):
KeystoreGenerationError(kind: v, error: $e))
proc loadNetKeystore*(keystorePath: string,
insecurePwd: Option[string]): Option[lcrypto.PrivateKey] =
insecurePwd: Option[string]): Opt[lcrypto.PrivateKey] =
if not(checkSensitiveFilePermissions(keystorePath)):
error "Network keystorage file has insecure permissions",
@ -662,7 +662,7 @@ proc loadNetKeystore*(keystorePath: string,
let decrypted = decryptNetKeystore(keyStore,
KeystorePass.init(insecurePwd.get()))
if decrypted.isOk:
return some(decrypted.get())
return ok(decrypted.get())
else:
error "Network keystore decryption failed", key_store = keystorePath
return
@ -676,7 +676,7 @@ proc loadNetKeystore*(keystorePath: string,
decrypted
)
if res.isOk():
some(res.get())
ok(res.get())
else:
return