Improve bls::SecretKey privacy (#1164)

* Improve bls::SecretKey privacy * Add missed file * Remove more methods from bls::SecretKey * Add as_bytes() to SecretKey, remove as_raw * Remove as_raw * Add back as_raw * Address review comments
2026-03-03 00:31:50 +00:00 · 2020-05-19 11:23:08 +10:00
parent 314fae41fe
commit c93f9c351b
26 changed files with 102 additions and 295 deletions
--- a/validator_client/src/validator_store.rs
+++ b/validator_client/src/validator_store.rs
@@ -15,12 +15,31 @@ use types::{
 };
 use validator_dir::{Manager as ValidatorManager, ValidatorDir};

-#[derive(PartialEq)]
 struct LocalValidator {
    validator_dir: ValidatorDir,
    voting_keypair: Keypair,
 }

+/// We derive our own `PartialEq` to avoid doing equality checks between secret keys.
+///
+/// It's nice to avoid secret key comparisons from a security perspective, but it's also a little
+/// risky when it comes to `HashMap` integrity (that's why we need `PartialEq`).
+///
+/// Currently, we obtain keypairs from keystores where we derive the `PublicKey` from a `SecretKey`
+/// via a hash function. In order to have two equal `PublicKey` with different `SecretKey` we would
+/// need to have either:
+///
+/// - A serious upstream integrity error.
+/// - A hash collision.
+///
+/// It seems reasonable to make these two assumptions in order to avoid the equality checks.
+impl PartialEq for LocalValidator {
+    fn eq(&self, other: &Self) -> bool {
+        self.validator_dir == other.validator_dir
+            && self.voting_keypair.pk == other.voting_keypair.pk
+    }
+}
+
 #[derive(Clone)]
 pub struct ValidatorStore<T, E: EthSpec> {
    validators: Arc<RwLock<HashMap<PublicKey, LocalValidator>>>,