Remove ZeroizeString in favour of Zeroizing<String> (#6661)

* Remove ZeroizeString in favour of Zeroizing<String> * cargo fmt * remove unrelated line that slipped in * Update beacon_node/store/Cargo.toml thanks michael! Co-authored-by: Michael Sproul <micsproul@gmail.com> * Merge branch 'unstable' into remove-zeroizedstring
2026-03-22 06:14:38 +00:00 · 2024-12-12 00:51:20 +01:00
parent c5a48a9dff
commit a2b00090fd
27 changed files with 99 additions and 217 deletions
--- a/validator_manager/src/common.rs
+++ b/validator_manager/src/common.rs
@@ -1,5 +1,5 @@
+use account_utils::strip_off_newlines;
 pub use account_utils::STDIN_INPUTS_FLAG;
-use account_utils::{strip_off_newlines, ZeroizeString};
 use eth2::lighthouse_vc::std_types::{InterchangeJsonStr, KeystoreJsonStr};
 use eth2::{
    lighthouse_vc::{
@@ -14,6 +14,7 @@ use std::fs;
 use std::path::{Path, PathBuf};
 use tree_hash::TreeHash;
 use types::*;
+use zeroize::Zeroizing;

 pub const IGNORE_DUPLICATES_FLAG: &str = "ignore-duplicates";
 pub const COUNT_FLAG: &str = "count";
@@ -41,7 +42,7 @@ pub enum UploadError {
 #[derive(Clone, Serialize, Deserialize)]
 pub struct ValidatorSpecification {
    pub voting_keystore: KeystoreJsonStr,
-    pub voting_keystore_password: ZeroizeString,
+    pub voting_keystore_password: Zeroizing<String>,
    pub slashing_protection: Option<InterchangeJsonStr>,
    pub fee_recipient: Option<Address>,
    pub gas_limit: Option<u64>,
--- a/validator_manager/src/import_validators.rs
+++ b/validator_manager/src/import_validators.rs
@@ -1,6 +1,6 @@
 use super::common::*;
 use crate::DumpConfig;
-use account_utils::{eth2_keystore::Keystore, ZeroizeString};
+use account_utils::eth2_keystore::Keystore;
 use clap::{Arg, ArgAction, ArgMatches, Command};
 use clap_utils::FLAG_HEADER;
 use derivative::Derivative;
@@ -10,6 +10,7 @@ use serde::{Deserialize, Serialize};
 use std::fs;
 use std::path::PathBuf;
 use types::Address;
+use zeroize::Zeroizing;

 pub const CMD: &str = "import";
 pub const VALIDATORS_FILE_FLAG: &str = "validators-file";
@@ -167,7 +168,7 @@ pub struct ImportConfig {
    pub vc_token_path: PathBuf,
    pub ignore_duplicates: bool,
    #[derivative(Debug = "ignore")]
-    pub password: Option<ZeroizeString>,
+    pub password: Option<Zeroizing<String>>,
    pub fee_recipient: Option<Address>,
    pub gas_limit: Option<u64>,
    pub builder_proposals: Option<bool>,
@@ -184,7 +185,7 @@ impl ImportConfig {
            vc_url: clap_utils::parse_required(matches, VC_URL_FLAG)?,
            vc_token_path: clap_utils::parse_required(matches, VC_TOKEN_FLAG)?,
            ignore_duplicates: matches.get_flag(IGNORE_DUPLICATES_FLAG),
-            password: clap_utils::parse_optional(matches, PASSWORD)?,
+            password: clap_utils::parse_optional(matches, PASSWORD)?.map(Zeroizing::new),
            fee_recipient: clap_utils::parse_optional(matches, FEE_RECIPIENT)?,
            gas_limit: clap_utils::parse_optional(matches, GAS_LIMIT)?,
            builder_proposals: clap_utils::parse_optional(matches, BUILDER_PROPOSALS)?,
@@ -382,10 +383,7 @@ async fn run<'a>(config: ImportConfig) -> Result<(), String> {
 pub mod tests {
    use super::*;
    use crate::create_validators::tests::TestBuilder as CreateTestBuilder;
-    use std::{
-        fs::{self, File},
-        str::FromStr,
-    };
+    use std::fs::{self, File};
    use tempfile::{tempdir, TempDir};
    use validator_http_api::{test_utils::ApiTester, Config as HttpConfig};

@@ -419,7 +417,7 @@ pub mod tests {
                    vc_url: vc.url.clone(),
                    vc_token_path,
                    ignore_duplicates: false,
-                    password: Some(ZeroizeString::from_str("password").unwrap()),
+                    password: Some(Zeroizing::new("password".into())),
                    fee_recipient: None,
                    builder_boost_factor: None,
                    gas_limit: None,
--- a/validator_manager/src/move_validators.rs
+++ b/validator_manager/src/move_validators.rs
@@ -1,6 +1,6 @@
 use super::common::*;
 use crate::DumpConfig;
-use account_utils::{read_password_from_user, ZeroizeString};
+use account_utils::read_password_from_user;
 use clap::{Arg, ArgAction, ArgMatches, Command};
 use eth2::{
    lighthouse_vc::{
@@ -19,6 +19,7 @@ use std::str::FromStr;
 use std::time::Duration;
 use tokio::time::sleep;
 use types::{Address, PublicKeyBytes};
+use zeroize::Zeroizing;

 pub const MOVE_DIR_NAME: &str = "lighthouse-validator-move";
 pub const VALIDATOR_SPECIFICATION_FILE: &str = "validator-specification.json";
@@ -48,7 +49,7 @@ pub enum PasswordSource {
 }

 impl PasswordSource {
-    fn read_password(&mut self, pubkey: &PublicKeyBytes) -> Result<ZeroizeString, String> {
+    fn read_password(&mut self, pubkey: &PublicKeyBytes) -> Result<Zeroizing<String>, String> {
        match self {
            PasswordSource::Interactive { stdin_inputs } => {
                eprintln!("Please enter a password for keystore {:?}:", pubkey);