nimbus-eth2/tests/test_keystore.nim

# beacon_chain
# Copyright (c) 2018 Status Research & Development GmbH
# Licensed and distributed under either of
#   * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
#   * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
# at your option. This file may not be copied, modified, or distributed except according to those terms.

{.used.}

import
  unittest, ./testutil, json,
  stew/byteutils, blscurve, eth/keys,
  ../beacon_chain/spec/[crypto, keystore]

from strutils import replace

template `==`*(a, b: ValidatorPrivKey): bool =
  blscurve.SecretKey(a) == blscurve.SecretKey(b)

const
  scryptVector = """{
    "crypto": {
        "kdf": {
            "function": "scrypt",
            "params": {
                "dklen": 32,
                "n": 262144,
                "p": 1,
                "r": 8,
                "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"
            },
            "message": ""
        },
        "checksum": {
            "function": "sha256",
            "params": {},
            "message": "149aafa27b041f3523c53d7acba1905fa6b1c90f9fef137568101f44b531a3cb"
        },
        "cipher": {
            "function": "aes-128-ctr",
            "params": {
                "iv": "264daa3f303d7259501c93d997d84fe6"
            },
            "message": "54ecc8863c0550351eee5720f3be6a5d4a016025aa91cd6436cfec938d6a8d30"
        }
    },
    "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07",
    "path": "m/12381/60/3141592653/589793238",
    "uuid": "1d85ae20-35c5-4611-98e8-aa14a633906f",
    "version": 4
}""" #"

  pbkdf2Vector = """{
    "crypto": {
        "kdf": {
            "function": "pbkdf2",
            "params": {
                "dklen": 32,
                "c": 262144,
                "prf": "hmac-sha256",
                "salt": "d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3"
            },
            "message": ""
        },
        "checksum": {
            "function": "sha256",
            "params": {},
            "message": "18b148af8e52920318084560fd766f9d09587b4915258dec0676cba5b0da09d8"
        },
        "cipher": {
            "function": "aes-128-ctr",
            "params": {
                "iv": "264daa3f303d7259501c93d997d84fe6"
            },
            "message": "a9249e0ca7315836356e4c7440361ff22b9fe71e2e2ed34fc1eb03976924ed48"
        }
    },
    "pubkey": "9612d7a727c9d0a22e185a1c768478dfe919cada9266988cb32359c11f2b7b27f4ae4040902382ae2910c15e2b420d07",
    "path": "m/12381/60/0/0",
    "uuid": "64625def-3331-4eea-ab6f-782f3ed16a83",
    "version": 4
}""" #"

  password = "testpassword"
  secretBytes = hexToSeqByte("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f")
  salt = hexToSeqByte("d4e56740f876aef8c010b86a40d5f56745a118d0906a34e69aec8c0db1cb8fa3")
  iv = hexToSeqByte("264daa3f303d7259501c93d997d84fe6")

let
  rng = newRng()

suiteReport "Keystore":
  setup:
    let secret = ValidatorPrivKey.fromRaw(secretBytes).get

  timedTest "Pbkdf2 decryption":
    let decrypt = decryptKeystore(KeyStoreContent pbkdf2Vector,
                                  KeyStorePass password)
    check decrypt.isOk
    check secret == decrypt.get()

  timedTest "Pbkdf2 encryption":
    let encrypt = encryptKeystore(KdfPbkdf2, rng[], secret,
                                  KeyStorePass password,
                                  salt=salt, iv=iv,
                                  path = validateKeyPath "m/12381/60/0/0")
    var
      encryptJson = parseJson(encrypt.string)
      pbkdf2Json = parseJson(pbkdf2Vector)
    encryptJson{"uuid"} = %""
    pbkdf2Json{"uuid"} = %""

    check encryptJson == pbkdf2Json

  timedTest "Pbkdf2 errors":
    expect Defect:
      echo encryptKeystore(KdfPbkdf2, rng[], secret, salt = [byte 1]).string

    expect Defect:
      echo encryptKeystore(KdfPbkdf2, rng[], secret, iv = [byte 1]).string

    check decryptKeystore(KeyStoreContent pbkdf2Vector,
                          KeyStorePass "wrong pass").isErr

    check decryptKeystore(KeyStoreContent pbkdf2Vector,
                          KeyStorePass "").isErr

    check decryptKeystore(KeyStoreContent "{\"a\": 0}",
                          KeyStorePass "").isErr

    check decryptKeystore(KeyStoreContent "",
                          KeyStorePass "").isErr

    template checkVariant(remove): untyped =
      check decryptKeystore(KeyStoreContent pbkdf2Vector.replace(remove, ""),
                            KeyStorePass password).isErr

    checkVariant "d4e5" # salt
    checkVariant "18b1" # checksum
    checkVariant "264d" # iv
    checkVariant "a924" # cipher

    var badKdf = parseJson(pbkdf2Vector)
    badKdf{"crypto", "kdf", "function"} = %"invalid"

    check decryptKeystore(KeyStoreContent $badKdf,
                          KeyStorePass password).iserr