prysm-pulse/validator/keymanager/v2/derived/derived_test.go
Raul Jordan 3023f5dbd3
Accounts V2: Derived Keymanager Sign (#6667)
* amend derived with secret keys cache
* all tests for sign
* Merge branch 'master' into sign-derived
* formatting
* Merge branch 'sign-derived' of github.com:prysmaticlabs/prysm into sign-derived
* initialize
* use seed
* fix build
* Merge refs/heads/master into sign-derived
* Merge refs/heads/master into sign-derived
* Update validator/keymanager/v2/derived/derived.go
2020-07-21 21:15:47 +00:00

223 lines
7.7 KiB
Go

package derived
import (
"context"
"encoding/hex"
"encoding/json"
"fmt"
"io/ioutil"
"strings"
"testing"
validatorpb "github.com/prysmaticlabs/prysm/proto/validator/accounts/v2"
"github.com/prysmaticlabs/prysm/shared/bls"
"github.com/prysmaticlabs/prysm/shared/bytesutil"
"github.com/prysmaticlabs/prysm/shared/testutil"
"github.com/prysmaticlabs/prysm/shared/testutil/assert"
"github.com/prysmaticlabs/prysm/shared/testutil/require"
mock "github.com/prysmaticlabs/prysm/validator/accounts/v2/testing"
v2keymanager "github.com/prysmaticlabs/prysm/validator/keymanager/v2"
logTest "github.com/sirupsen/logrus/hooks/test"
keystorev4 "github.com/wealdtech/go-eth2-wallet-encryptor-keystorev4"
)
func TestDerivedKeymanager_CreateAccount(t *testing.T) {
hook := logTest.NewGlobal()
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
seed := make([]byte, 32)
copy(seed, "hello world")
dr := &Keymanager{
wallet: wallet,
seed: seed,
seedCfg: &SeedConfig{
NextAccount: 0,
},
}
ctx := context.Background()
password := "secretPassw0rd$1999"
accountName, err := dr.CreateAccount(ctx, password)
require.NoError(t, err)
assert.Equal(t, "0", accountName)
// Ensure the keystore file was written to the wallet
// and ensure we can decrypt it using the EIP-2335 standard.
validatingAccount0 := fmt.Sprintf(ValidatingKeyDerivationPathTemplate, 0)
encodedKeystore, ok := wallet.Files[validatingAccount0][KeystoreFileName]
require.Equal(t, ok, true, fmt.Sprintf("Expected to have stored %s in wallet", KeystoreFileName))
keystoreFile := &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
// We extract the validator signing private key from the keystore
// by utilizing the password and initialize a new BLS secret key from
// its raw bytes.
decryptor := keystorev4.New()
rawValidatingKey, err := decryptor.Decrypt(keystoreFile.Crypto, []byte(password))
require.NoError(t, err, "Could not decrypt validator signing key")
validatingKey, err := bls.SecretKeyFromBytes(rawValidatingKey)
require.NoError(t, err, "Could not instantiate bls secret key from bytes")
// Ensure the keystore file was written to the wallet
// and ensure we can decrypt it using the EIP-2335 standard.
withdrawalAccount0 := fmt.Sprintf(WithdrawalKeyDerivationPathTemplate, 0)
encodedKeystore, ok = wallet.Files[withdrawalAccount0][KeystoreFileName]
require.Equal(t, ok, true, fmt.Sprintf("Expected to have stored %s in wallet", KeystoreFileName))
keystoreFile = &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(encodedKeystore, keystoreFile))
// We extract the validator signing private key from the keystore
// by utilizing the password and initialize a new BLS secret key from
// its raw bytes.
rawWithdrawalKey, err := decryptor.Decrypt(keystoreFile.Crypto, []byte(password))
require.NoError(t, err, "Could not decrypt validator withdrawal key")
withdrawalKey, err := bls.SecretKeyFromBytes(rawWithdrawalKey)
require.NoError(t, err, "Could not instantiate bls secret key from bytes")
// Assert the new value for next account increased and also
// check the config file was updated on disk with this new value.
assert.Equal(t, uint64(1), dr.seedCfg.NextAccount, "Wrong value for next account")
encryptedSeedFile, err := wallet.ReadEncryptedSeedFromDisk(ctx)
require.NoError(t, err)
enc, err := ioutil.ReadAll(encryptedSeedFile)
require.NoError(t, err)
defer func() {
assert.NoError(t, encryptedSeedFile.Close())
}()
seedConfig := &SeedConfig{}
require.NoError(t, json.Unmarshal(enc, seedConfig))
assert.Equal(t, uint64(1), seedConfig.NextAccount, "Wrong value for next account")
// Ensure the new account information is displayed to stdout.
testutil.AssertLogsContain(t, hook, "Successfully created new validator account")
testutil.AssertLogsContain(t, hook, fmt.Sprintf("%#x", validatingKey.PublicKey().Marshal()))
testutil.AssertLogsContain(t, hook, fmt.Sprintf("%#x", withdrawalKey.PublicKey().Marshal()))
}
func TestDerivedKeymanager_FetchValidatingPublicKeys(t *testing.T) {
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
dr := &Keymanager{
wallet: wallet,
keysCache: make(map[[48]byte]bls.SecretKey),
seedCfg: &SeedConfig{
NextAccount: 0,
},
seed: make([]byte, 32),
}
// First, generate accounts and their keystore.json files.
ctx := context.Background()
numAccounts := 20
password := "hello world"
wantedPublicKeys := make([][48]byte, numAccounts)
var err error
var accountName string
for i := 0; i < numAccounts; i++ {
accountName, err = dr.CreateAccount(ctx, password)
require.NoError(t, err)
validatingKeyPath := fmt.Sprintf(ValidatingKeyDerivationPathTemplate, i)
enc, err := wallet.ReadFileAtPath(ctx, validatingKeyPath, KeystoreFileName)
require.NoError(t, err)
keystore := &v2keymanager.Keystore{}
require.NoError(t, json.Unmarshal(enc, keystore))
pubKey, err := hex.DecodeString(keystore.Pubkey)
require.NoError(t, err)
wantedPublicKeys[i] = bytesutil.ToBytes48(pubKey)
}
assert.Equal(t, fmt.Sprintf("%d", numAccounts-1), accountName)
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// The results are not guaranteed to be ordered, so we ensure each
// key we expect exists in the results via a map.
keysMap := make(map[[48]byte]bool)
for _, key := range publicKeys {
keysMap[key] = true
}
for _, wanted := range wantedPublicKeys {
if _, ok := keysMap[wanted]; !ok {
t.Errorf("Could not find expected public key %#x in results", wanted)
}
}
}
func TestDerivedKeymanager_Sign(t *testing.T) {
wallet := &mock.Wallet{
Files: make(map[string]map[string][]byte),
AccountPasswords: make(map[string]string),
}
seed := make([]byte, 32)
copy(seed, "hello world")
dr := &Keymanager{
wallet: wallet,
seed: seed,
keysCache: make(map[[48]byte]bls.SecretKey),
seedCfg: &SeedConfig{
NextAccount: 0,
},
}
// First, generate some accounts.
numAccounts := 2
ctx := context.Background()
password := "hello world"
var err error
var accountName string
for i := 0; i < numAccounts; i++ {
accountName, err = dr.CreateAccount(ctx, password)
require.NoError(t, err)
}
assert.Equal(t, fmt.Sprintf("%d", numAccounts-1), accountName)
// Initialize the secret keys cache for the keymanager.
require.NoError(t, dr.initializeSecretKeysCache())
publicKeys, err := dr.FetchValidatingPublicKeys(ctx)
require.NoError(t, err)
// We prepare naive data to sign.
data := []byte("eth2data")
signRequest := &validatorpb.SignRequest{
PublicKey: publicKeys[0][:],
SigningRoot: data,
}
sig, err := dr.Sign(ctx, signRequest)
require.NoError(t, err)
pubKey, err := bls.PublicKeyFromBytes(publicKeys[0][:])
require.NoError(t, err)
wrongPubKey, err := bls.PublicKeyFromBytes(publicKeys[1][:])
require.NoError(t, err)
// Check if the signature verifies.
assert.Equal(t, true, sig.Verify(pubKey, data))
// Check if the bad signature fails.
assert.Equal(t, false, sig.Verify(wrongPubKey, data))
}
func TestDerivedKeymanager_Sign_NoPublicKeySpecified(t *testing.T) {
req := &validatorpb.SignRequest{
PublicKey: nil,
}
dr := &Keymanager{}
_, err := dr.Sign(context.Background(), req)
assert.NotNil(t, err)
assert.Equal(t, strings.Contains(err.Error(), "nil public key"), true)
}
func TestDerivedKeymanager_Sign_NoPublicKeyInCache(t *testing.T) {
req := &validatorpb.SignRequest{
PublicKey: []byte("hello world"),
}
dr := &Keymanager{
keysCache: make(map[[48]byte]bls.SecretKey),
}
_, err := dr.Sign(context.Background(), req)
assert.NotNil(t, err)
assert.Equal(t, strings.Contains(err.Error(), "no signing key found"), true)
}