Update local testnet scripts, fix eth1 sim (#1184)

* Update local testnet scripts * Add logs when decrypting validators * Update comment * Update account manager * Make random key generation explicit * Remove unnecessary clap constraint * Only decrypt voting keypair for eth1 deposit * Use insecure kdf for insecure keypairs * Simplify local testnet keygen * Update local testnet * Fix eth1 sim * Add eth1 sim to CI again * Remove old local testnet docs * Tidy * Remove checks for existing validators * Tidy * Fix typos
2026-03-23 06:44:35 +00:00 · 2020-05-26 18:30:44 +10:00
parent d41a9f7aa6
commit 8bc82c573d
25 changed files with 599 additions and 338 deletions
--- a/common/validator_dir/src/insecure_keys.rs
+++ b/common/validator_dir/src/insecure_keys.rs
@@ -5,7 +5,10 @@
 #![cfg(feature = "insecure_keys")]

 use crate::{Builder, BuilderError};
-use eth2_keystore::{Keystore, KeystoreBuilder, PlainText};
+use eth2_keystore::{
+    json_keystore::{Kdf, Scrypt},
+    Keystore, KeystoreBuilder, PlainText, DKLEN,
+};
 use std::path::PathBuf;
 use types::test_utils::generate_deterministic_keypair;

@@ -13,19 +16,17 @@ use types::test_utils::generate_deterministic_keypair;
 pub const INSECURE_PASSWORD: &[u8] = &[30; 32];

 impl<'a> Builder<'a> {
-    /// Generate the voting and withdrawal keystores using deterministic, well-known, **unsafe**
-    /// keypairs.
+    /// Generate the voting keystore using a deterministic, well-known, **unsafe** keypair.
    ///
    /// **NEVER** use these keys in production!
-    pub fn insecure_keys(mut self, deterministic_key_index: usize) -> Result<Self, BuilderError> {
+    pub fn insecure_voting_keypair(
+        mut self,
+        deterministic_key_index: usize,
+    ) -> Result<Self, BuilderError> {
        self.voting_keystore = Some(
            generate_deterministic_keystore(deterministic_key_index)
                .map_err(BuilderError::InsecureKeysError)?,
        );
-        self.withdrawal_keystore = Some(
-            generate_deterministic_keystore(deterministic_key_index)
-                .map_err(BuilderError::InsecureKeysError)?,
-        );
        Ok(self)
    }
 }
@@ -39,12 +40,29 @@ pub fn generate_deterministic_keystore(i: usize) -> Result<(Keystore, PlainText)

    let keystore = KeystoreBuilder::new(&keypair, INSECURE_PASSWORD, "".into())
        .map_err(|e| format!("Unable to create keystore builder: {:?}", e))?
+        .kdf(insecure_kdf())
        .build()
        .map_err(|e| format!("Unable to build keystore: {:?}", e))?;

    Ok((keystore, INSECURE_PASSWORD.to_vec().into()))
 }

+/// Returns an INSECURE key derivation function.
+///
+/// **NEVER** use this KDF in production!
+fn insecure_kdf() -> Kdf {
+    Kdf::Scrypt(Scrypt {
+        dklen: DKLEN,
+        // `n` is set very low, making it cheap to encrypt/decrypt keystores.
+        //
+        // This is very insecure, only use during testing.
+        n: 2,
+        p: 1,
+        r: 8,
+        salt: vec![1, 3, 3, 5].into(),
+    })
+}
+
 /// A helper function to use the `Builder` to generate deterministic, well-known, **unsafe**
 /// validator directories for the given validator `indices`.
 ///
@@ -56,7 +74,7 @@ pub fn build_deterministic_validator_dirs(
 ) -> Result<(), String> {
    for &i in indices {
        Builder::new(validators_dir.clone(), password_dir.clone())
-            .insecure_keys(i)
+            .insecure_voting_keypair(i)
            .map_err(|e| format!("Unable to generate insecure keypair: {:?}", e))?
            .store_withdrawal_keystore(false)
            .build()