cerc-io/lighthouse
16
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
ba10c80633
lighthouse/common/eth2_wallet_manager/src/wallet_manager.rs

381 lines
11 KiB
Rust
Raw Normal View History

Wallet-based, encrypted key management (#1138) * Update hashmap hashset to stable futures * Adds panic test to hashset delay * Port remote_beacon_node to stable futures * Fix lcli merge conflicts * Non rpc stuff compiles * Remove padding * Add error enum, zeroize more things * Fix comment * protocol.rs compiles * Port websockets, timer and notifier to stable futures (#1035) * Fix lcli * Port timer to stable futures * Fix timer * Port websocket_server to stable futures * Port notifier to stable futures * Add TODOS * Port remote_beacon_node to stable futures * Partial eth2-libp2p stable future upgrade * Finished first round of fighting RPC types * Further progress towards porting eth2-libp2p adds caching to discovery * Update behaviour * Add keystore builder * Remove keystore stuff from val client * Add more tests, comments * RPC handler to stable futures * Update RPC to master libp2p * Add more comments, test vectors * Network service additions * Progress on improving JSON validation * More JSON verification * Start moving JSON into own mod * Remove old code * Add more tests, reader/writers * Tidy * Move keystore into own file * Move more logic into keystore file * Tidy * Tidy * Fix the fallback transport construction (#1102) * Allow for odd-character hex * Correct warning * Remove hashmap delay * Compiling version of eth2-libp2p * Update all crates versions * Fix conversion function and add tests (#1113) * Add more json missing field checks * Use scrypt by default * Tidy, address comments * Test path and uuid in vectors * Fix comment * Add checks for kdf params * Enforce empty kdf message * Port validator_client to stable futures (#1114) * Add PH & MS slot clock changes * Account for genesis time * Add progress on duties refactor * Add simple is_aggregator bool to val subscription * Start work on attestation_verification.rs * Add progress on ObservedAttestations * Progress with ObservedAttestations * Fix tests * Add observed attestations to the beacon chain * Add attestation observation to processing code * Add progress on attestation verification * Add first draft of ObservedAttesters * Add more tests * Add observed attesters to beacon chain * Add observers to attestation processing * Add more attestation verification * Create ObservedAggregators map * Remove commented-out code * Add observed aggregators into chain * Add progress * Finish adding features to attestation verification * Ensure beacon chain compiles * Link attn verification into chain * Integrate new attn verification in chain * Remove old attestation processing code * Start trying to fix beacon_chain tests * Split adding into pools into two functions * Add aggregation to harness * Get test harness working again * Adjust the number of aggregators for test harness * Fix edge-case in harness * Integrate new attn processing in network * Fix compile bug in validator_client * Update validator API endpoints * Fix aggreagation in test harness * Fix enum thing * Fix attestation observation bug: * Patch failing API tests * Start adding comments to attestation verification * Remove unused attestation field * Unify "is block known" logic * Update comments * Supress fork choice errors for network processing * Add todos * Tidy * Add gossip attn tests * Disallow test harness to produce old attns * Comment out in-progress tests * Partially address pruning tests * Fix failing store test * Add aggregate tests * Add comments about which spec conditions we check * Dont re-aggregate * Split apart test harness attn production * Fix compile error in network * Make progress on commented-out test * Fix skipping attestation test * Add fork choice verification tests * Tidy attn tests, remove dead code * Remove some accidentally added code * Fix clippy lint * Rename test file * Add block tests, add cheap block proposer check * Rename block testing file * Add observed_block_producers * Tidy * Switch around block signature verification * Finish block testing * Remove gossip from signature tests * First pass of self review * Fix deviation in spec * Update test spec tags * Start moving over to hashset * Finish moving observed attesters to hashmap * Move aggregation pool over to hashmap * Make fc attn borrow again * Fix rest_api compile error * Fix missing comments * Fix monster test * Uncomment increasing slots test * Address remaining comments * Remove unsafe, use cfg test * Remove cfg test flag * Fix dodgy comment * Revert "Update hashmap hashset to stable futures" This reverts commit d432378a3cc5cd67fc29c0b15b96b886c1323554. * Revert "Adds panic test to hashset delay" This reverts commit 281502396fc5b90d9c421a309c2c056982c9525b. * Ported attestation_service * Ported duties_service * Ported fork_service * More ports * Port block_service * Minor fixes * VC compiles * Update TODOS * Borrow self where possible * Ignore aggregates that are already known. * Unify aggregator modulo logic * Fix typo in logs * Refactor validator subscription logic * Avoid reproducing selection proof * Skip HTTP call if no subscriptions * Rename DutyAndState -> DutyAndProof * Tidy logs * Print root as dbg * Fix compile errors in tests * Fix compile error in test * Re-Fix attestation and duties service * Minor fixes Co-authored-by: Paul Hauner <paul@paulhauner.com> * Expose json_keystore mod * First commits on path derivation * Progress with implementation * More progress * Passing intermediate test vectors * Tidy, add comments * Add DerivedKey structs * Move key derivation into own crate * Add zeroize structs * Return error for empty seed * Add tests * Tidy * First commits on path derivation * Progress with implementation * Move key derivation into own crate * Start defining JSON wallet * Add progress * Split out encrypt/decrypt * First commits on path derivation * Progress with implementation * More progress * Passing intermediate test vectors * Tidy, add comments * Add DerivedKey structs * Move key derivation into own crate * Add zeroize structs * Return error for empty seed * Add tests * Tidy * Add progress * Replace some password usage with slice * First commits on path derivation * Progress with implementation * More progress * Passing intermediate test vectors * Tidy, add comments * Add DerivedKey structs * Move key derivation into own crate * Add zeroize structs * Return error for empty seed * Add tests * Tidy * Add progress * Expose PlainText struct * First commits on path derivation * Progress with implementation * More progress * Passing intermediate test vectors * Tidy, add comments * Add DerivedKey structs * Move key derivation into own crate * Add zeroize structs * Return error for empty seed * Add tests * Tidy * Add builder * Expose consts, remove Password * Minor progress * Expose SALT_SIZE * First compiling version * Add test vectors * Network crate update to stable futures * Move dbg assert statement * Port account_manager to stable futures (#1121) * Port account_manager to stable futures * Run async fns in tokio environment * Port rest_api crate to stable futures (#1118) * Port rest_api lib to stable futures * Reduce tokio features * Update notifier to stable futures * Builder update * Further updates * Add mnemonic, tidy * Convert self referential async functions * Tidy * Add testing * Add first attempt at validator_dir * Present pubkey field * stable futures fixes (#1124) * Fix eth1 update functions * Fix genesis and client * Fix beacon node lib * Return appropriate runtimes from environment * Fix test rig * Refactor eth1 service update * Upgrade simulator to stable futures * Lighthouse compiles on stable futures * Add first pass of wallet manager * Progress with CLI * Remove println debugging statement * Tidy output * Tidy 600 perms * Update libp2p service, start rpc test upgrade * Add validator creation flow * Update network crate for new libp2p * Start tidying, adding comments * Update tokio::codec to futures_codec (#1128) * Further work towards RPC corrections * Correct http timeout and network service select * Add wallet mgr testing * Shift LockedWallet into own file * Add comments to fs * Start integration into VC * Use tokio runtime for libp2p * Revert "Update tokio::codec to futures_codec (#1128)" This reverts commit e57aea924acf5cbabdcea18895ac07e38a425ed7. * Upgrade RPC libp2p tests * Upgrade secio fallback test * Add lcli keypair upgrade command * Upgrade gossipsub examples * Clean up RPC protocol * Test fixes (#1133) * Correct websocket timeout and run on os thread * Fix network test * Add --secrets-dir to VC * Remove --legacy-keys from VC * Clean up PR * Correct tokio tcp move attestation service tests * Upgrade attestation service tests * Fix sim * Correct network test * Correct genesis test * Start docs * Add progress for validator generation * Tidy error messages * Test corrections * Log info when block is received * Modify logs and update attester service events * Stable futures: fixes to vc, eth1 and account manager (#1142) * Add local testnet scripts * Remove whiteblock script * Rename local testnet script * Move spawns onto handle * Fix VC panic * Initial fix to block production issue * Tidy block producer fix * Tidy further * Add local testnet clean script * Run cargo fmt * Tidy duties service * Tidy fork service * Tidy ForkService * Tidy AttestationService * Tidy notifier * Ensure await is not suppressed in eth1 * Ensure await is not suppressed in account_manager * Use .ok() instead of .unwrap_or(()) * RPC decoding test for proto * Update discv5 and eth2-libp2p deps * Run cargo fmt * Pre-build keystores for sim * Fix lcli double runtime issue (#1144) * Handle stream termination and dialing peer errors * Correct peer_info variant types * Add progress on new deposit flow * Remove unnecessary warnings * Handle subnet unsubscription removal and improve logigng * Add logs around ping * Upgrade discv5 and improve logging * Handle peer connection status for multiple connections * Improve network service logging * Add more incomplete progress * Improve logging around peer manager * Upgrade swarm poll centralise peer management * Identify clients on error * Fix `remove_peer` in sync (#1150) * remove_peer removes from all chains * Remove logs * Fix early return from loop * Improved logging, fix panic * Partially correct tests * Add deposit command * Remove old validator directory * Start adding AM tests * Stable futures: Vc sync (#1149) * Improve syncing heuristic * Add comments * Use safer method for tolerance * Fix tests * Binary testing progress * Progress with CLI tests * Use constants for flags * More account manager testing * Improve CLI tests * Move upgrade-legacy-keypairs into account man * Use rayon for VC key generation * Add comments to `validator_dir` * Add testing to validator_dir * Add fix to eth1-sim * Check errors in eth1-sim * Fix mutability issue * Ensure password file ends in .pass * Add more tests to wallet manager * Tidy deposit * Tidy account manager * Tidy account manager * Remove panic * Generate keypairs earlier in sim * Tidy eth1-sime * Try to fix eth1 sim * Address review comments * Fix typo in CLI command * Update docs * Disable eth1 sim * Remove eth1 sim completely Co-authored-by: Age Manning <Age@AgeManning.com> Co-authored-by: pawanjay176 <pawandhananjay@gmail.com>
2020-05-18 09:01:45 +00:00
use crate::{
filesystem::{create, Error as FilesystemError},
LockedWallet,
};
use eth2_wallet::{bip39::Mnemonic, Error as WalletError, Uuid, Wallet, WalletBuilder};
use std::collections::HashMap;
use std::ffi::OsString;
use std::fs::{create_dir_all, read_dir, OpenOptions};
use std::io;
use std::path::{Path, PathBuf};
#[derive(Debug)]
pub enum Error {
DirectoryDoesNotExist(PathBuf),
WalletError(WalletError),
FilesystemError(FilesystemError),
UnableToReadDir(io::Error),
UnableToReadWallet(io::Error),
UnableToReadFilename(OsString),
NameAlreadyTaken(String),
WalletNameUnknown(String),
WalletDirExists(PathBuf),
IoError(io::Error),
WalletIsLocked(PathBuf),
MissingWalletDir(PathBuf),
UnableToCreateLockfile(io::Error),
UuidMismatch((Uuid, Uuid)),
}
impl From<io::Error> for Error {
fn from(e: io::Error) -> Error {
Error::IoError(e)
}
}
impl From<WalletError> for Error {
fn from(e: WalletError) -> Error {
Error::WalletError(e)
}
}
impl From<FilesystemError> for Error {
fn from(e: FilesystemError) -> Error {
Error::FilesystemError(e)
}
}
/// Defines the type of an EIP-2386 wallet.
///
/// Presently only `Hd` wallets are supported.
pub enum WalletType {
/// Hierarchical-deterministic.
Hd,
}
/// Manages a directory containing EIP-2386 wallets.
///
/// Each wallet is stored in a directory with the name of the wallet UUID. Inside each directory a
/// EIP-2386 JSON wallet is also stored using the UUID as the filename.
///
/// In each wallet directory an optional `.lock` exists to prevent concurrent reads and writes from
/// the same wallet.
///
/// Example:
///
/// ```ignore
/// wallets
/// ├── 35c07717-c6f3-45e8-976f-ef5d267e86c9
/// │   └── 35c07717-c6f3-45e8-976f-ef5d267e86c9
/// └── 747ad9dc-e1a1-4804-ada4-0dc124e46c49
/// └── .lock
/// └── 747ad9dc-e1a1-4804-ada4-0dc124e46c49
/// ```
pub struct WalletManager {
dir: PathBuf,
}
impl WalletManager {
/// Open a directory containing multiple wallets.
///
/// Pass the `wallets` directory as `dir` (see struct-level example).
pub fn open<P: AsRef<Path>>(dir: P) -> Result<Self, Error> {
let dir: PathBuf = dir.as_ref().into();
if dir.exists() {
Ok(Self { dir })
} else {
Err(Error::DirectoryDoesNotExist(dir))
}
}
/// Searches all wallets in `self.dir` and returns the wallet with this name.
///
/// ## Errors
///
/// - If there is no wallet with this name.
/// - If there is a file-system or parsing error.
pub fn wallet_by_name(&self, name: &str) -> Result<LockedWallet, Error> {
LockedWallet::open(
self.dir.clone(),
self.wallets()?
.get(name)
.ok_or_else(|| Error::WalletNameUnknown(name.into()))?,
)
}
/// Creates a new wallet with the given `name` in `self.dir` with the given `mnemonic` as a
/// seed, encrypted with `password`.
///
/// ## Errors
///
/// - If a wallet with this name already exists.
/// - If there is a file-system or parsing error.
pub fn create_wallet(
&self,
name: String,
_wallet_type: WalletType,
mnemonic: &Mnemonic,
password: &[u8],
) -> Result<LockedWallet, Error> {
if self.wallets()?.contains_key(&name) {
return Err(Error::NameAlreadyTaken(name));
}
let wallet = WalletBuilder::from_mnemonic(mnemonic, password, name)?.build()?;
let uuid = wallet.uuid().clone();
let wallet_dir = self.dir.join(format!("{}", uuid));
if wallet_dir.exists() {
return Err(Error::WalletDirExists(wallet_dir));
}
create_dir_all(&wallet_dir)?;
create(&wallet_dir, &wallet)?;
drop(wallet);
LockedWallet::open(&self.dir, &uuid)
}
/// Iterates all wallets in `self.dir` and returns a mapping of their name to their UUID.
///
/// Ignores any items in `self.dir` that:
///
/// - Are files.
/// - Are directories, but their file-name does not parse as a UUID.
///
/// This function is fairly strict, it will fail if any directory is found that does not obey
/// the expected structure (e.g., there is a UUID directory that does not contain a valid JSON
/// keystore with the same UUID).
pub fn wallets(&self) -> Result<HashMap<String, Uuid>, Error> {
let mut wallets = HashMap::new();
for f in read_dir(&self.dir).map_err(Error::UnableToReadDir)? {
let f = f?;
// Ignore any non-directory objects in the root wallet dir.
if f.file_type()?.is_dir() {
let file_name = f
.file_name()
.into_string()
.map_err(Error::UnableToReadFilename)?;
// Ignore any paths that don't parse as a UUID.
if let Ok(uuid) = Uuid::parse_str(&file_name) {
let wallet_path = f.path().join(format!("{}", uuid));
let wallet = OpenOptions::new()
.read(true)
.create(false)
.open(wallet_path)
.map_err(Error::UnableToReadWallet)
.and_then(|f| Wallet::from_json_reader(f).map_err(Error::WalletError))?;
if *wallet.uuid() != uuid {
return Err(Error::UuidMismatch((uuid, *wallet.uuid())));
}
wallets.insert(wallet.name().into(), *wallet.uuid());
}
}
}
Ok(wallets)
}
}
#[cfg(test)]
// These tests are very slow in debug, only test in release.
#[cfg(not(debug_assertions))]
mod tests {
use super::*;
use crate::{filesystem::read, locked_wallet::LOCK_FILE};
use eth2_wallet::bip39::{Language, Mnemonic};
use tempfile::tempdir;
const MNEMONIC: &str =
"enemy fog enlist laundry nurse hungry discover turkey holiday resemble glad discover";
const WALLET_PASSWORD: &[u8] = &[43; 43];
fn get_mnemonic() -> Mnemonic {
Mnemonic::from_phrase(MNEMONIC, Language::English).unwrap()
}
fn create_wallet(mgr: &WalletManager, id: usize) -> LockedWallet {
let wallet = mgr
.create_wallet(
format!("{}", id),
WalletType::Hd,
&get_mnemonic(),
WALLET_PASSWORD,
)
.expect("should create wallet");
assert!(
wallet_dir_path(&mgr.dir, wallet.wallet().uuid()).exists(),
"should have created wallet dir"
);
assert!(
json_path(&mgr.dir, wallet.wallet().uuid()).exists(),
"should have created json file"
);
assert!(
lockfile_path(&mgr.dir, wallet.wallet().uuid()).exists(),
"should have created lockfile"
);
wallet
}
fn load_wallet_raw<P: AsRef<Path>>(base_dir: P, uuid: &Uuid) -> Wallet {
read(wallet_dir_path(base_dir, uuid), uuid).expect("should load raw json")
}
fn wallet_dir_path<P: AsRef<Path>>(base_dir: P, uuid: &Uuid) -> PathBuf {
let s = format!("{}", uuid);
base_dir.as_ref().join(&s)
}
fn lockfile_path<P: AsRef<Path>>(base_dir: P, uuid: &Uuid) -> PathBuf {
let s = format!("{}", uuid);
base_dir.as_ref().join(&s).join(LOCK_FILE)
}
fn json_path<P: AsRef<Path>>(base_dir: P, uuid: &Uuid) -> PathBuf {
let s = format!("{}", uuid);
base_dir.as_ref().join(&s).join(&s)
}
#[test]
fn duplicate_names() {
let dir = tempdir().unwrap();
let base_dir = dir.path();
let mgr = WalletManager::open(base_dir).unwrap();
let name = "cats".to_string();
mgr.create_wallet(
name.clone(),
WalletType::Hd,
&get_mnemonic(),
WALLET_PASSWORD,
)
.expect("should create first wallet");
match mgr.create_wallet(
name.clone(),
WalletType::Hd,
&get_mnemonic(),
WALLET_PASSWORD,
) {
Err(Error::NameAlreadyTaken(_)) => {}
_ => panic!("expected name error"),
}
}
#[test]
fn keystore_generation() {
let dir = tempdir().unwrap();
let base_dir = dir.path();
let mgr = WalletManager::open(base_dir).unwrap();
let name = "cats".to_string();
let mut w = mgr
.create_wallet(
name.clone(),
WalletType::Hd,
&get_mnemonic(),
WALLET_PASSWORD,
)
.expect("should create first wallet");
let uuid = w.wallet().uuid().clone();
assert_eq!(
load_wallet_raw(&base_dir, &uuid).nextaccount(),
0,
"should start wallet with nextaccount 0"
);
for i in 1..3 {
w.next_validator(WALLET_PASSWORD, &[1], &[0])
.expect("should create validator");
assert_eq!(
load_wallet_raw(&base_dir, &uuid).nextaccount(),
i,
"should update wallet with nextaccount {}",
i
);
}
drop(w);
// Check that we can open the wallet by name.
let by_name = mgr.wallet_by_name(&name).unwrap();
assert_eq!(by_name.wallet().name(), name);
drop(by_name);
let wallets = mgr.wallets().unwrap().into_iter().collect::<Vec<_>>();
assert_eq!(wallets, vec![(name, uuid)]);
}
#[test]
fn locked_wallet_lockfile() {
let dir = tempdir().unwrap();
let base_dir = dir.path();
let mgr = WalletManager::open(base_dir).unwrap();
let uuid_a = create_wallet(&mgr, 0).wallet().uuid().clone();
let uuid_b = create_wallet(&mgr, 1).wallet().uuid().clone();
let locked_a = LockedWallet::open(&base_dir, &uuid_a).expect("should open wallet a");
assert!(
lockfile_path(&base_dir, &uuid_a).exists(),
"lockfile should exist"
);
drop(locked_a);
assert!(
!lockfile_path(&base_dir, &uuid_a).exists(),
"lockfile have been cleaned up"
);
let locked_a = LockedWallet::open(&base_dir, &uuid_a).expect("should open wallet a");
let locked_b = LockedWallet::open(&base_dir, &uuid_b).expect("should open wallet b");
assert!(
lockfile_path(&base_dir, &uuid_a).exists(),
"lockfile a should exist"
);
assert!(
lockfile_path(&base_dir, &uuid_b).exists(),
"lockfile b should exist"
);
match LockedWallet::open(&base_dir, &uuid_a) {
Err(Error::WalletIsLocked(_)) => {}
_ => panic!("did not get locked error"),
};
drop(locked_a);
LockedWallet::open(&base_dir, &uuid_a)
.expect("should open wallet a after previous instance is dropped");
match LockedWallet::open(&base_dir, &uuid_b) {
Err(Error::WalletIsLocked(_)) => {}
_ => panic!("did not get locked error"),
};
drop(locked_b);
LockedWallet::open(&base_dir, &uuid_b)
.expect("should open wallet a after previous instance is dropped");
}
}
Reference in New Issue Copy Permalink