Merge pull request #263 from filecoin-project/feat/libp2p-in-kstore
Store libp2p key in keystore
This commit is contained in:
commit
77835636b0
@ -27,7 +27,7 @@ type paramFile struct {
|
||||
}
|
||||
|
||||
func GetParams(storage bool) error {
|
||||
if err := os.Mkdir(paramdir, 0755); err != nil {
|
||||
if err := os.Mkdir(paramdir, 0755); err != nil && !os.IsExist(err) {
|
||||
return err
|
||||
}
|
||||
|
||||
|
@ -2,6 +2,8 @@ package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"github.com/libp2p/go-libp2p-core/crypto"
|
||||
|
||||
"github.com/ipfs/go-datastore"
|
||||
"github.com/libp2p/go-libp2p-core/peer"
|
||||
@ -101,7 +103,7 @@ var initCmd = &cli.Command{
|
||||
|
||||
log.Info("Initializing libp2p identity")
|
||||
|
||||
p2pSk, err := lr.Libp2pIdentity()
|
||||
p2pSk, err := makeHostKey(lr)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@ -147,6 +149,32 @@ var initCmd = &cli.Command{
|
||||
},
|
||||
}
|
||||
|
||||
func makeHostKey(lr repo.LockedRepo) (crypto.PrivKey, error) {
|
||||
pk, _, err := crypto.GenerateEd25519Key(rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
ks, err := lr.KeyStore()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
kbytes, err := pk.Bytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := ks.Put("libp2p-host", types.KeyInfo{
|
||||
Type: "libp2p-host",
|
||||
PrivateKey: kbytes,
|
||||
}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return pk, nil
|
||||
}
|
||||
|
||||
func configureStorageMiner(ctx context.Context, api api.FullNode, addr address.Address, peerid peer.ID, genmine bool) error {
|
||||
if genmine {
|
||||
log.Warn("Starting genesis mining. This shouldn't happen when connecting to the real network.")
|
||||
|
@ -302,10 +302,6 @@ func Repo(r repo.Repo) Option {
|
||||
if err != nil {
|
||||
return Error(err)
|
||||
}
|
||||
pk, err := lr.Libp2pIdentity()
|
||||
if err != nil {
|
||||
return Error(err)
|
||||
}
|
||||
|
||||
return Options(
|
||||
Config(cfg),
|
||||
@ -318,7 +314,7 @@ func Repo(r repo.Repo) Option {
|
||||
Override(new(dtypes.ClientBlockstore), modules.ClientBlockstore),
|
||||
Override(new(dtypes.ClientDAG), modules.ClientDAG),
|
||||
|
||||
Override(new(ci.PrivKey), pk),
|
||||
Override(new(ci.PrivKey), lp2p.PrivKey),
|
||||
Override(new(ci.PubKey), ci.PrivKey.GetPublic),
|
||||
Override(new(peer.ID), peer.IDFromPublicKey),
|
||||
|
||||
|
@ -1,6 +1,10 @@
|
||||
package lp2p
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"github.com/filecoin-project/go-lotus/chain/types"
|
||||
"github.com/filecoin-project/go-lotus/node/repo"
|
||||
"golang.org/x/xerrors"
|
||||
"time"
|
||||
|
||||
logging "github.com/ipfs/go-log"
|
||||
@ -14,12 +18,49 @@ import (
|
||||
|
||||
var log = logging.Logger("p2pnode")
|
||||
|
||||
const kstorePrivkey = "libp2p-host"
|
||||
|
||||
type Libp2pOpts struct {
|
||||
fx.Out
|
||||
|
||||
Opts []libp2p.Option `group:"libp2p"`
|
||||
}
|
||||
|
||||
func PrivKey(ks types.KeyStore) (crypto.PrivKey, error) {
|
||||
k, err := ks.Get(kstorePrivkey)
|
||||
if err == nil {
|
||||
return crypto.UnmarshalPrivateKey(k.PrivateKey)
|
||||
}
|
||||
if !xerrors.Is(err, repo.ErrKeyNotFound) {
|
||||
return nil, err
|
||||
}
|
||||
pk, err := genLibp2pKey()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
kbytes, err := pk.Bytes()
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if err := ks.Put(kstorePrivkey, types.KeyInfo{
|
||||
Type: kstorePrivkey,
|
||||
PrivateKey: kbytes,
|
||||
}); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
return pk, nil
|
||||
}
|
||||
|
||||
func genLibp2pKey() (crypto.PrivKey, error) {
|
||||
pk, _, err := crypto.GenerateEd25519Key(rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return pk, nil
|
||||
}
|
||||
|
||||
// Misc options
|
||||
|
||||
func ConnectionManager(low, high int, grace time.Duration) func() (opts Libp2pOpts, err error) {
|
||||
|
@ -3,6 +3,8 @@ package node_test
|
||||
import (
|
||||
"bytes"
|
||||
"context"
|
||||
"crypto/rand"
|
||||
"github.com/libp2p/go-libp2p-core/crypto"
|
||||
"io/ioutil"
|
||||
"net/http/httptest"
|
||||
"os"
|
||||
@ -34,7 +36,19 @@ func testStorageNode(ctx context.Context, t *testing.T, waddr address.Address, a
|
||||
lr, err := r.Lock()
|
||||
require.NoError(t, err)
|
||||
|
||||
p2pSk, err := lr.Libp2pIdentity()
|
||||
pk, _, err := crypto.GenerateEd25519Key(rand.Reader)
|
||||
require.NoError(t, err)
|
||||
|
||||
ks, err := lr.KeyStore()
|
||||
require.NoError(t, err)
|
||||
|
||||
kbytes, err := pk.Bytes()
|
||||
require.NoError(t, err)
|
||||
|
||||
err = ks.Put("libp2p-host", types.KeyInfo{
|
||||
Type: "libp2p-host",
|
||||
PrivateKey: kbytes,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
ds, err := lr.Datastore("/metadata")
|
||||
@ -45,7 +59,7 @@ func testStorageNode(ctx context.Context, t *testing.T, waddr address.Address, a
|
||||
err = lr.Close()
|
||||
require.NoError(t, err)
|
||||
|
||||
peerid, err := peer.IDFromPrivateKey(p2pSk)
|
||||
peerid, err := peer.IDFromPrivateKey(pk)
|
||||
require.NoError(t, err)
|
||||
|
||||
enc, err := actors.SerializeParams(&actors.UpdatePeerIDParams{PeerID: peerid})
|
||||
|
@ -14,7 +14,6 @@ import (
|
||||
badger "github.com/ipfs/go-ds-badger"
|
||||
fslock "github.com/ipfs/go-fs-lock"
|
||||
logging "github.com/ipfs/go-log"
|
||||
"github.com/libp2p/go-libp2p-core/crypto"
|
||||
"github.com/mitchellh/go-homedir"
|
||||
"github.com/multiformats/go-base32"
|
||||
"github.com/multiformats/go-multiaddr"
|
||||
@ -224,58 +223,6 @@ func (fsr *fsLockedRepo) Config() (*config.Root, error) {
|
||||
return config.FromFile(fsr.join(fsConfig))
|
||||
}
|
||||
|
||||
func (fsr *fsLockedRepo) Libp2pIdentity() (crypto.PrivKey, error) {
|
||||
if err := fsr.stillValid(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
kpath := fsr.join(fsLibp2pKey)
|
||||
stat, err := os.Stat(kpath)
|
||||
|
||||
if os.IsNotExist(err) {
|
||||
pk, err := genLibp2pKey()
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not generate private key: %w", err)
|
||||
}
|
||||
pkb, err := pk.Bytes()
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not serialize private key: %w", err)
|
||||
}
|
||||
err = ioutil.WriteFile(kpath, pkb, 0600)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not write private key: %w", err)
|
||||
}
|
||||
} else if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
stat, err = os.Stat(kpath)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
if stat.Mode()&0066 != 0 {
|
||||
return nil, xerrors.New("libp2p identity has too wide access permissions, " +
|
||||
fsLibp2pKey + " should have permission 0600")
|
||||
}
|
||||
|
||||
f, err := os.Open(kpath)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not open private key file: %w", err)
|
||||
}
|
||||
defer f.Close() //nolint: errcheck // read-only op
|
||||
|
||||
pkbytes, err := ioutil.ReadAll(f)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not read private key file: %w", err)
|
||||
}
|
||||
|
||||
pk, err := crypto.UnmarshalPrivateKey(pkbytes)
|
||||
if err != nil {
|
||||
return nil, xerrors.Errorf("could not unmarshal private key: %w", err)
|
||||
}
|
||||
return pk, nil
|
||||
}
|
||||
|
||||
func (fsr *fsLockedRepo) SetAPIEndpoint(ma multiaddr.Multiaddr) error {
|
||||
if err := fsr.stillValid(); err != nil {
|
||||
return err
|
||||
|
@ -4,7 +4,6 @@ import (
|
||||
"errors"
|
||||
|
||||
"github.com/ipfs/go-datastore"
|
||||
"github.com/libp2p/go-libp2p-core/crypto"
|
||||
"github.com/multiformats/go-multiaddr"
|
||||
|
||||
"github.com/filecoin-project/go-lotus/chain/types"
|
||||
@ -42,9 +41,6 @@ type LockedRepo interface {
|
||||
// Returns config in this repo
|
||||
Config() (*config.Root, error)
|
||||
|
||||
// Libp2pIdentity returns private key for libp2p indentity
|
||||
Libp2pIdentity() (crypto.PrivKey, error)
|
||||
|
||||
// SetAPIEndpoint sets the endpoint of the current API
|
||||
// so it can be read by API clients
|
||||
SetAPIEndpoint(multiaddr.Multiaddr) error
|
||||
|
@ -1,13 +1,11 @@
|
||||
package repo
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"sync"
|
||||
|
||||
"github.com/ipfs/go-datastore"
|
||||
"github.com/ipfs/go-datastore/namespace"
|
||||
dssync "github.com/ipfs/go-datastore/sync"
|
||||
"github.com/libp2p/go-libp2p-core/crypto"
|
||||
"github.com/multiformats/go-multiaddr"
|
||||
"golang.org/x/xerrors"
|
||||
|
||||
@ -27,7 +25,6 @@ type MemRepo struct {
|
||||
|
||||
datastore datastore.Datastore
|
||||
configF func() *config.Root
|
||||
libp2pKey crypto.PrivKey
|
||||
keystore map[string]types.KeyInfo
|
||||
}
|
||||
|
||||
@ -48,18 +45,9 @@ var _ Repo = &MemRepo{}
|
||||
type MemRepoOptions struct {
|
||||
Ds datastore.Datastore
|
||||
ConfigF func() *config.Root
|
||||
Libp2pKey crypto.PrivKey
|
||||
KeyStore map[string]types.KeyInfo
|
||||
}
|
||||
|
||||
func genLibp2pKey() (crypto.PrivKey, error) {
|
||||
pk, _, err := crypto.GenerateEd25519Key(rand.Reader)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return pk, nil
|
||||
}
|
||||
|
||||
// NewMemory creates new memory based repo with provided options.
|
||||
// opts can be nil, it will be replaced with defaults.
|
||||
// Any field in opts can be nil, they will be replaced by defaults.
|
||||
@ -73,13 +61,6 @@ func NewMemory(opts *MemRepoOptions) *MemRepo {
|
||||
if opts.Ds == nil {
|
||||
opts.Ds = dssync.MutexWrap(datastore.NewMapDatastore())
|
||||
}
|
||||
if opts.Libp2pKey == nil {
|
||||
pk, err := genLibp2pKey()
|
||||
if err != nil {
|
||||
panic(err)
|
||||
}
|
||||
opts.Libp2pKey = pk
|
||||
}
|
||||
if opts.KeyStore == nil {
|
||||
opts.KeyStore = make(map[string]types.KeyInfo)
|
||||
}
|
||||
@ -89,7 +70,6 @@ func NewMemory(opts *MemRepoOptions) *MemRepo {
|
||||
|
||||
datastore: opts.Ds,
|
||||
configF: opts.ConfigF,
|
||||
libp2pKey: opts.Libp2pKey,
|
||||
keystore: opts.KeyStore,
|
||||
}
|
||||
}
|
||||
@ -170,13 +150,6 @@ func (lmem *lockedMemRepo) Config() (*config.Root, error) {
|
||||
return lmem.mem.configF(), nil
|
||||
}
|
||||
|
||||
func (lmem *lockedMemRepo) Libp2pIdentity() (crypto.PrivKey, error) {
|
||||
if err := lmem.checkToken(); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
return lmem.mem.libp2pKey, nil
|
||||
}
|
||||
|
||||
func (lmem *lockedMemRepo) SetAPIEndpoint(ma multiaddr.Multiaddr) error {
|
||||
if err := lmem.checkToken(); err != nil {
|
||||
return err
|
||||
|
@ -47,10 +47,6 @@ func basicTest(t *testing.T, repo Repo) {
|
||||
assert.NoError(t, err, "setting multiaddr shouldn't error")
|
||||
assert.Equal(t, ma, apima, "returned API multiaddr should be the same")
|
||||
|
||||
iden, err := lrepo.Libp2pIdentity()
|
||||
assert.NotNil(t, iden, "identity is not nil")
|
||||
assert.NoError(t, err, "identity should not error")
|
||||
|
||||
cfg, err := lrepo.Config()
|
||||
assert.Equal(t, config.Default(), cfg, "there should be a default config")
|
||||
assert.NoError(t, err, "config should not error")
|
||||
|
Loading…
Reference in New Issue
Block a user