feat: hide genesis keypair

maidsafe · May 16, 2024 · e52a1dd · e52a1dd
1 parent be20068
commit e52a1dd
Show file tree

Hide file tree

Showing 11 changed files with 51 additions and 35 deletions.
diff --git a/.github/workflows/benchmark-prs.yml b/.github/workflows/benchmark-prs.yml
@@ -7,6 +7,7 @@ env:
   RUST_BACKTRACE: 1
   CLIENT_DATA_PATH: /home/runner/.local/share/safe/client
   NODE_DATA_PATH: /home/runner/.local/share/safe/node
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4 
 
 jobs:
   benchmark-cli:

diff --git a/.github/workflows/generate-benchmark-charts.yml b/.github/workflows/generate-benchmark-charts.yml
@@ -17,6 +17,7 @@ env:
   RUST_BACKTRACE: 1
   CLIENT_DATA_PATH: /home/runner/.local/share/safe/client
   NODE_DATA_PATH: /home/runner/.local/share/safe/node
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   benchmark-cli:

diff --git a/.github/workflows/memcheck.yml b/.github/workflows/memcheck.yml
@@ -16,6 +16,7 @@ env:
   BOOTSTRAP_NODE_DATA_PATH: /home/runner/.local/share/safe/bootstrap_node
   RESTART_TEST_NODE_DATA_PATH: /home/runner/.local/share/safe/restart_node
   FAUCET_LOG_PATH: /home/runner/.local/share/safe/test_faucet/logs
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   memory-check:

diff --git a/.github/workflows/merge.yml b/.github/workflows/merge.yml
@@ -12,6 +12,7 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WINSW_URL: https://github.com/winsw/winsw/releases/download/v3.0.0-alpha.11/WinSW-x64.exe
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   cargo-udeps:

diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
@@ -8,6 +8,7 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   e2e:

diff --git a/.github/workflows/nightly_wan.yml b/.github/workflows/nightly_wan.yml
@@ -8,6 +8,7 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   e2e:

diff --git a/.github/workflows/nightly_wan_churn.yml b/.github/workflows/nightly_wan_churn.yml
@@ -9,6 +9,7 @@ on:
 env:
   CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
   WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
+  GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
 
 jobs:
   e2e:

diff --git a/sn_client/src/audit/tests/setup.rs b/sn_client/src/audit/tests/setup.rs
@@ -11,8 +11,8 @@ use std::collections::{BTreeMap, BTreeSet};
 use bls::SecretKey;
 use eyre::{eyre, Result};
 use sn_transfers::{
-    CashNote, DerivationIndex, MainPubkey, MainSecretKey, NanoTokens, OfflineTransfer, SignedSpend,
-    SpendAddress, SpendReason, GENESIS_CASHNOTE, GENESIS_CASHNOTE_SK,
+    get_genesis_sk, CashNote, DerivationIndex, MainPubkey, MainSecretKey, NanoTokens,
+    OfflineTransfer, SignedSpend, SpendAddress, SpendReason, GENESIS_CASHNOTE, GENESIS_PK,
 };
 use xor_name::XorName;
 
@@ -39,15 +39,11 @@ impl MockNetwork {
 
         // create genesis wallet
         let genesis_cn = GENESIS_CASHNOTE.clone();
-        let genesis_sk = MainSecretKey::new(
-            SecretKey::from_hex(GENESIS_CASHNOTE_SK)
-                .map_err(|e| eyre!("failed to parse genesis pk: {e}"))?,
-        );
-        let genesis_pk = genesis_sk.main_pubkey();
+        let genesis_pk = *GENESIS_PK;
         net.wallets.insert(
             genesis_pk,
             MockWallet {
-                sk: genesis_sk,
+                sk: get_genesis_sk(),
                 cn: vec![genesis_cn],
             },
         );

diff --git a/sn_node/tests/double_spend.rs b/sn_node/tests/double_spend.rs
@@ -14,8 +14,8 @@ use common::client::{get_client_and_funded_wallet, get_wallet};
 use eyre::Result;
 use sn_logging::LogBuilder;
 use sn_transfers::{
-    rng, DerivationIndex, HotWallet, MainSecretKey, NanoTokens, OfflineTransfer, SpendReason,
-    WalletError, GENESIS_CASHNOTE, GENESIS_CASHNOTE_SK,
+    get_genesis_sk, rng, DerivationIndex, HotWallet, NanoTokens, OfflineTransfer, SpendReason,
+    WalletError, GENESIS_CASHNOTE,
 };
 use tracing::info;
 
@@ -95,9 +95,7 @@ async fn genesis_double_spend_fail() -> Result<()> {
 
     // create a new genesis wallet with the intention to spend genesis again
     let second_wallet_dir = TempDir::new()?;
-    let secret_key = bls::SecretKey::from_hex(GENESIS_CASHNOTE_SK)?;
-    let main_key = MainSecretKey::new(secret_key);
-    let mut second_wallet = HotWallet::create_from_key(&second_wallet_dir, main_key)?;
+    let mut second_wallet = HotWallet::create_from_key(&second_wallet_dir, get_genesis_sk())?;
     second_wallet.deposit_and_store_to_disk(&vec![GENESIS_CASHNOTE.clone()])?;
     let genesis_amount = GENESIS_CASHNOTE.value()?;
     let second_wallet_addr = second_wallet.address();

diff --git a/sn_transfers/src/genesis.rs b/sn_transfers/src/genesis.rs
@@ -9,8 +9,9 @@
 use super::wallet::HotWallet;
 
 use crate::{
-    wallet::Result as WalletResult, CashNote, DerivationIndex, Input, MainSecretKey, NanoTokens,
-    SignedSpend, SpendReason, Transaction, TransactionBuilder, TransferError as CashNoteError,
+    wallet::Result as WalletResult, CashNote, DerivationIndex, Input, MainPubkey, MainSecretKey,
+    NanoTokens, SignedSpend, SpendReason, Transaction, TransactionBuilder,
+    TransferError as CashNoteError,
 };
 
 use bls::SecretKey;
@@ -38,13 +39,6 @@ pub(super) type GenesisResult<T> = Result<T, Error>;
 /// Total supply of tokens that will eventually exist in the network: 4,294,967,295 * 10^9 = 4,294,967,295,000,000,000.
 pub const TOTAL_SUPPLY: u64 = u32::MAX as u64 * u64::pow(10, 9);
 
-/// The secret key for the genesis CashNote.
-///
-/// This key is public for auditing purposes. Hard coding its value means all nodes will be able to
-/// validate it.
-pub const GENESIS_CASHNOTE_SK: &str =
-    "5f15ae2ea589007e1474e049bbc32904d583265f12ce1f8153f955076a9af49b";
-
 /// Main error type for the crate.
 #[derive(Error, Debug, Clone)]
 pub enum Error {
@@ -59,23 +53,48 @@ pub enum Error {
     WalletError(String),
 }
 
+lazy_static! {
+    /// This key is public for auditing purposes.
+    /// The hard coded value is for production release, allows all nodes to validate it.
+    /// The env set value is only used for testing purpose.
+    pub static ref GENESIS_PK: MainPubkey = {
+        let pk_str = std::env::var("GENESIS_PK").unwrap_or("96d3f6fb55ab504307d56f4085856dc61806ca5285eba1d8b9d1ce83db2604b41de9f2f50a0ea3dd160b65c1e8798b43".to_string());
+
+        match MainPubkey::from_hex(pk_str) {
+            Ok(pk) => pk,
+            Err(err) => panic!("Failed to parse genesis PK: {err:?}"),
+        }
+    };
+}
+
+lazy_static! {
+    /// Unlike the `GENESIS_PK`, the hard coded secret_key is for testing purpose.
+    /// The one for live network shall be passed in via env set.
+    static ref GENESIS_SK_STR: String = {
+        std::env::var("GENESIS_SK").unwrap_or("141a4ccbce0ef0992c3db01ad2215f89ff5249c0d6749d979f37745c3c0170c9".to_string())
+    };
+}
+
 lazy_static! {
     /// Load the genesis CashNote.
     /// The genesis CashNote is the first CashNote in the network. It is created without
     /// a source transaction, as there was nothing before it.
     pub static ref GENESIS_CASHNOTE: CashNote = {
-        let main_key = match SecretKey::from_hex(GENESIS_CASHNOTE_SK) {
-            Ok(sk) => MainSecretKey::new(sk),
-            Err(err) => panic!("Failed to parse hard-coded genesis CashNote SK: {err:?}"),
-        };
-
-        match create_first_cash_note_from_key(&main_key) {
+        match create_first_cash_note_from_key(&get_genesis_sk()) {
             Ok(cash_note) => cash_note,
             Err(err) => panic!("Failed to create genesis CashNote: {err:?}"),
         }
     };
 }
 
+/// Returns genesis SK (normally for testing purpose).
+pub fn get_genesis_sk() -> MainSecretKey {
+    match SecretKey::from_hex(&GENESIS_SK_STR) {
+        Ok(sk) => MainSecretKey::new(sk),
+        Err(err) => panic!("Failed to parse genesis SK: {err:?}"),
+    }
+}
+
 /// Return if provided Transaction is genesis parent tx.
 pub fn is_genesis_parent_tx(parent_tx: &Transaction) -> bool {
     parent_tx == &GENESIS_CASHNOTE.parent_tx
@@ -120,11 +139,7 @@ fn create_genesis_wallet() -> HotWallet {
     let wallet_dir = root_dir.join("wallet");
     std::fs::create_dir_all(&wallet_dir).expect("Genesis wallet path to be successfully created.");
 
-    let secret_key = bls::SecretKey::from_hex(GENESIS_CASHNOTE_SK)
-        .expect("Genesis key hex shall be successfully parsed.");
-    debug!("genesis wallet pubkey: {:?}", secret_key.public_key());
-    let main_key = MainSecretKey::new(secret_key);
-    crate::wallet::store_new_keypair(&wallet_dir, &main_key)
+    crate::wallet::store_new_keypair(&wallet_dir, &get_genesis_sk())
         .expect("Genesis key shall be successfully stored.");
 
     HotWallet::load_from(&root_dir)

diff --git a/sn_transfers/src/lib.rs b/sn_transfers/src/lib.rs
@@ -28,9 +28,9 @@ pub use cashnotes::{
 pub use error::{Result, TransferError};
 /// Utilities exposed
 pub use genesis::{
-    calculate_royalties_fee, create_first_cash_note_from_key, get_faucet_data_dir,
+    calculate_royalties_fee, create_first_cash_note_from_key, get_faucet_data_dir, get_genesis_sk,
     is_genesis_parent_tx, is_genesis_spend, load_genesis_wallet, Error as GenesisError,
-    GENESIS_CASHNOTE, GENESIS_CASHNOTE_SK, TOTAL_SUPPLY,
+    GENESIS_CASHNOTE, GENESIS_PK, TOTAL_SUPPLY,
 };
 pub use transfers::{CashNoteRedemption, OfflineTransfer, Transfer};
 pub use wallet::{
-Original file line number
+Diff line change
@@ Expand Up / @@ -8,6 +8,7 @@ on: @@
     env:
       CARGO_INCREMENTAL: 0 # bookkeeping for incremental builds has overhead, not useful in CI.
       WORKFLOW_URL: https://github.com/maidsafe/stableset_net/actions/runs
+      GENESIS_PK: ac0a1cabf8721856b15cfac1a90fea229988007c2859b4fcbece975943bbafcd5ae4b884b29c56f06b73d06f6fa73eb4
     jobs:
       e2e:
@@ Expand Down @@