lighthouse/crypto/eth2_keystore/tests/tests.rs

#![cfg(test)]
#![cfg(not(debug_assertions))]

use bls::Keypair;
use eth2_keystore::{
    default_kdf,
    json_keystore::{Kdf, Pbkdf2, Prf, Scrypt},
    Error, Keystore, KeystoreBuilder, DKLEN,
};
use std::fs::OpenOptions;
use tempfile::tempdir;

const GOOD_PASSWORD: &[u8] = &[42, 42, 42];
const BAD_PASSWORD: &[u8] = &[43, 43, 43];

#[test]
fn empty_password() {
    assert_eq!(
        KeystoreBuilder::new(&Keypair::random(), "".as_bytes(), "".into())
            .err()
            .unwrap(),
        Error::EmptyPassword
    );
}

#[test]
fn string_round_trip() {
    let keypair = Keypair::random();

    let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())
        .unwrap()
        .build()
        .unwrap();

    let json = keystore.to_json_string().unwrap();
    let decoded = Keystore::from_json_str(&json).unwrap();

    assert_eq!(
        decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),
        Error::InvalidPassword,
        "should not decrypt with bad password"
    );

    assert_eq!(
        decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,
        keypair.pk,
        "should decrypt with good password"
    );
}

#[test]
fn file() {
    let keypair = Keypair::random();
    let dir = tempdir().unwrap();
    let path = dir.path().join("keystore.json");

    let get_file = || {
        OpenOptions::new()
            .write(true)
            .read(true)
            .create(true)
            .open(path.clone())
            .expect("should create file")
    };

    let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())
        .unwrap()
        .build()
        .unwrap();

    keystore
        .to_json_writer(&mut get_file())
        .expect("should write to file");

    let decoded = Keystore::from_json_reader(&mut get_file()).expect("should read from file");

    assert_eq!(
        decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),
        Error::InvalidPassword,
        "should not decrypt with bad password"
    );

    assert_eq!(
        decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,
        keypair.pk,
        "should decrypt with good password"
    );
}

#[test]
fn scrypt_params() {
    let keypair = Keypair::random();

    let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())
        .unwrap()
        .build()
        .unwrap();

    let json = keystore.to_json_string().unwrap();
    let decoded = Keystore::from_json_str(&json).unwrap();

    assert_eq!(
        decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),
        Error::InvalidPassword,
        "should not decrypt with bad password"
    );

    assert_eq!(
        decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,
        keypair.pk,
        "should decrypt with good password"
    );
}

#[test]
fn custom_scrypt_kdf() {
    let keypair = Keypair::random();

    let salt = vec![42];

    let my_kdf = Kdf::Scrypt(Scrypt {
        dklen: DKLEN,
        n: 2,
        p: 1,
        r: 8,
        salt: salt.clone().into(),
    });

    assert!(my_kdf != default_kdf(salt));

    let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())
        .unwrap()
        .kdf(my_kdf.clone())
        .build()
        .unwrap();

    assert_eq!(keystore.kdf(), &my_kdf);
}

#[test]
fn custom_pbkdf2_kdf() {
    let keypair = Keypair::random();

    let salt = vec![42];

    let my_kdf = Kdf::Pbkdf2(Pbkdf2 {
        dklen: DKLEN,
        c: 2,
        prf: Prf::HmacSha256,
        salt: salt.clone().into(),
    });

    assert!(my_kdf != default_kdf(salt));

    let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())
        .unwrap()
        .kdf(my_kdf.clone())
        .build()
        .unwrap();

    assert_eq!(keystore.kdf(), &my_kdf);
}
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00			`#![cfg(test)]`
Switch to ring for hkdf (#1134) * Switch to ring for hkdf * Remove comments * Make some keystore tests release only 2020-05-12 05:48:39 +00:00			`#![cfg(not(debug_assertions))]`
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00
			`use bls::Keypair;`
Update local testnet scripts, fix eth1 sim (#1184) * Update local testnet scripts * Add logs when decrypting validators * Update comment * Update account manager * Make random key generation explicit * Remove unnecessary clap constraint * Only decrypt voting keypair for eth1 deposit * Use insecure kdf for insecure keypairs * Simplify local testnet keygen * Update local testnet * Fix eth1 sim * Add eth1 sim to CI again * Remove old local testnet docs * Tidy * Remove checks for existing validators * Tidy * Fix typos 2020-05-26 08:30:44 +00:00			`use eth2_keystore::{`
			`default_kdf,`
			`json_keystore::{Kdf, Pbkdf2, Prf, Scrypt},`
			`Error, Keystore, KeystoreBuilder, DKLEN,`
			`};`
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00			`use std::fs::OpenOptions;`
			`use tempfile::tempdir;`

			`const GOOD_PASSWORD: &[u8] = &[42, 42, 42];`
			`const BAD_PASSWORD: &[u8] = &[43, 43, 43];`

			`#[test]`
			`fn empty_password() {`
			`assert_eq!(`
			`KeystoreBuilder::new(&Keypair::random(), "".as_bytes(), "".into())`
			`.err()`
			`.unwrap(),`
			`Error::EmptyPassword`
			`);`
			`}`

			`#[test]`
			`fn string_round_trip() {`
			`let keypair = Keypair::random();`

			`let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())`
			`.unwrap()`
			`.build()`
			`.unwrap();`

			`let json = keystore.to_json_string().unwrap();`
			`let decoded = Keystore::from_json_str(&json).unwrap();`

			`assert_eq!(`
			`decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),`
			`Error::InvalidPassword,`
			`"should not decrypt with bad password"`
			`);`

			`assert_eq!(`
Improve bls::SecretKey privacy (#1164) * Improve bls::SecretKey privacy * Add missed file * Remove more methods from bls::SecretKey * Add as_bytes() to SecretKey, remove as_raw * Remove as_raw * Add back as_raw * Address review comments 2020-05-19 01:23:08 +00:00			`decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,`
			`keypair.pk,`
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00			`"should decrypt with good password"`
			`);`
			`}`

			`#[test]`
			`fn file() {`
			`let keypair = Keypair::random();`
			`let dir = tempdir().unwrap();`
			`let path = dir.path().join("keystore.json");`

			`let get_file = \|\| {`
			`OpenOptions::new()`
			`.write(true)`
			`.read(true)`
			`.create(true)`
			`.open(path.clone())`
			`.expect("should create file")`
			`};`

			`let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())`
			`.unwrap()`
			`.build()`
			`.unwrap();`

			`keystore`
			`.to_json_writer(&mut get_file())`
			`.expect("should write to file");`

			`let decoded = Keystore::from_json_reader(&mut get_file()).expect("should read from file");`

			`assert_eq!(`
			`decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),`
			`Error::InvalidPassword,`
			`"should not decrypt with bad password"`
			`);`

			`assert_eq!(`
Improve bls::SecretKey privacy (#1164) * Improve bls::SecretKey privacy * Add missed file * Remove more methods from bls::SecretKey * Add as_bytes() to SecretKey, remove as_raw * Remove as_raw * Add back as_raw * Address review comments 2020-05-19 01:23:08 +00:00			`decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,`
			`keypair.pk,`
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00			`"should decrypt with good password"`
			`);`
			`}`

			`#[test]`
			`fn scrypt_params() {`
			`let keypair = Keypair::random();`

			`let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())`
			`.unwrap()`
			`.build()`
			`.unwrap();`

			`let json = keystore.to_json_string().unwrap();`
			`let decoded = Keystore::from_json_str(&json).unwrap();`

			`assert_eq!(`
			`decoded.decrypt_keypair(BAD_PASSWORD).err().unwrap(),`
			`Error::InvalidPassword,`
			`"should not decrypt with bad password"`
			`);`

			`assert_eq!(`
Improve bls::SecretKey privacy (#1164) * Improve bls::SecretKey privacy * Add missed file * Remove more methods from bls::SecretKey * Add as_bytes() to SecretKey, remove as_raw * Remove as_raw * Add back as_raw * Address review comments 2020-05-19 01:23:08 +00:00			`decoded.decrypt_keypair(GOOD_PASSWORD).unwrap().pk,`
			`keypair.pk,`
EIP-2335: Keystore (#1071) * Add test to understand flow of key storage * First commit * Committing to save trait stuff * Working naive design * Add keystore struct * Move keystore files into their own module * Add serde (de)serialize_with magic * Add keystore test * Fix tests * Add comments and minor fixes * Pass optional params to `to_keystore` function * Add `path` field to keystore * Add function to read Keystore from file * Add test vectors and fix Version serialization * Checksum params is empty object * Add public key to Keystore * Add function for saving keystore into file * Deleted account_manager main.rs * Move keystore module to validator_client * Add save_keystore method to validator_directory * Add load_keystore function. Minor refactorings * Fixed dependencies * Address some review comments * Add Password newtype; derive Zeroize * Fix test * Move keystore into own crate * Remove padding * Add error enum, zeroize more things * Fix comment * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * Add more comments, test vectors * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Allow for odd-character hex * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Expose json_keystore mod * Split out encrypt/decrypt * Replace some password usage with slice * Expose PlainText struct * Expose consts, remove Password * Expose SALT_SIZE * Move dbg assert statement * Fix dodgy json test * Protect against n == 1 * Return error if n is not power of 2 * Add dklen checks * Add note about panics Co-authored-by: pawan <pawandhananjay@gmail.com> 2020-05-11 07:45:06 +00:00			`"should decrypt with good password"`
			`);`
			`}`
Update local testnet scripts, fix eth1 sim (#1184) * Update local testnet scripts * Add logs when decrypting validators * Update comment * Update account manager * Make random key generation explicit * Remove unnecessary clap constraint * Only decrypt voting keypair for eth1 deposit * Use insecure kdf for insecure keypairs * Simplify local testnet keygen * Update local testnet * Fix eth1 sim * Add eth1 sim to CI again * Remove old local testnet docs * Tidy * Remove checks for existing validators * Tidy * Fix typos 2020-05-26 08:30:44 +00:00
			`#[test]`
			`fn custom_scrypt_kdf() {`
			`let keypair = Keypair::random();`

			`let salt = vec![42];`

			`let my_kdf = Kdf::Scrypt(Scrypt {`
			`dklen: DKLEN,`
			`n: 2,`
			`p: 1,`
			`r: 8,`
			`salt: salt.clone().into(),`
			`});`

			`assert!(my_kdf != default_kdf(salt));`

			`let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())`
			`.unwrap()`
			`.kdf(my_kdf.clone())`
			`.build()`
			`.unwrap();`

			`assert_eq!(keystore.kdf(), &my_kdf);`
			`}`

			`#[test]`
			`fn custom_pbkdf2_kdf() {`
			`let keypair = Keypair::random();`

			`let salt = vec![42];`

			`let my_kdf = Kdf::Pbkdf2(Pbkdf2 {`
			`dklen: DKLEN,`
			`c: 2,`
			`prf: Prf::HmacSha256,`
			`salt: salt.clone().into(),`
			`});`

			`assert!(my_kdf != default_kdf(salt));`

			`let keystore = KeystoreBuilder::new(&keypair, GOOD_PASSWORD, "".into())`
			`.unwrap()`
			`.kdf(my_kdf.clone())`
			`.build()`
			`.unwrap();`

			`assert_eq!(keystore.kdf(), &my_kdf);`
			`}`