Decrypt staking keys in consensus.

MissKrabtri · Jun 22, 2022 · 3a50672 · 3a50672
1 parent 517b5e4
commit 3a50672
Show file tree

Hide file tree

Showing 6 changed files with 16 additions and 8 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/massa-consensus-exports/Cargo.toml b/massa-consensus-exports/Cargo.toml
@@ -16,6 +16,7 @@ tokio = { version = "1.15", features = ["full"] }
 tracing = "0.1"
 tempfile = "3.2"
 # custom modules
+massa_cipher = { path = "../massa-cipher" }
 massa_execution_exports = { path = "../massa-execution-exports" }
 massa_graph = { path = "../massa-graph" }
 massa_logging = { path = "../massa-logging" }
@@ -40,7 +41,5 @@ instrument = [
     "massa_protocol_exports/instrument",
     "massa_time/instrument",
 ]
-sandbox = [
-    "massa_proof_of_stake_exports/sandbox",
-]
+sandbox = ["massa_proof_of_stake_exports/sandbox"]
 testing = ["massa_models/testing", "massa_execution_exports/testing"]
diff --git a/massa-consensus-exports/src/error.rs b/massa-consensus-exports/src/error.rs
@@ -62,6 +62,8 @@ pub enum ConsensusError {
     ProofOfStakeError(#[from] ProofOfStakeError),
     /// slot overflow
     SlotOverflowError,
+    /// `MassaCipher` error: {0}
+    MassaCipherError(#[from] massa_cipher::CipherError),
 }
 
 impl std::convert::From<massa_protocol_exports::ProtocolError> for ConsensusError {

diff --git a/massa-consensus-worker/Cargo.toml b/massa-consensus-worker/Cargo.toml
@@ -12,6 +12,7 @@ tokio = { version = "1.15", features = ["full"] }
 tracing = "0.1"
 # custom modules
 massa_consensus_exports = { path = "../massa-consensus-exports" }
+massa_cipher = { path = "../massa-cipher" }
 massa_graph = { path = "../massa-graph" }
 massa_hash = { path = "../massa-hash" }
 massa_logging = { path = "../massa-logging" }

diff --git a/massa-consensus-worker/src/consensus_worker.rs b/massa-consensus-worker/src/consensus_worker.rs
@@ -1,4 +1,5 @@
 // Copyright (c) 2022 MASSA LABS <[email protected]>
+use massa_cipher::encrypt;
 use massa_consensus_exports::{
     commands::ConsensusCommand,
     error::{ConsensusError, ConsensusResult as Result},
@@ -962,6 +963,7 @@ impl ConsensusWorker {
             }
         };
 
+        // HERE ENCRYPT
         if let Err(e) = tokio::fs::write(self.cfg.staking_keys_path.clone(), json).await {
             warn!("Error while dumping staking keys {}", e);
         }

diff --git a/massa-consensus-worker/src/tools.rs b/massa-consensus-worker/src/tools.rs
@@ -1,21 +1,22 @@
+use massa_cipher::decrypt;
+use massa_consensus_exports::settings::ConsensusConfig;
 use massa_consensus_exports::{
     commands::{ConsensusCommand, ConsensusManagementCommand},
     error::{ConsensusError, ConsensusResult as Result},
     events::ConsensusEvent,
     settings::{ConsensusChannels, ConsensusWorkerChannels},
     ConsensusCommandSender, ConsensusEventReceiver, ConsensusManager,
 };
-use tracing::{debug, error, info};
-
-use crate::consensus_worker::ConsensusWorker;
-use massa_consensus_exports::settings::ConsensusConfig;
 use massa_graph::{settings::GraphConfig, BlockGraph, BootstrapableGraph};
 use massa_models::{constants::CHANNEL_SIZE, prehash::Map, Address};
 use massa_proof_of_stake_exports::{ExportProofOfStake, ProofOfStake, ProofOfStakeConfig};
 use massa_signature::{derive_public_key, PrivateKey, PublicKey};
 use massa_storage::Storage;
 use std::path::Path;
 use tokio::sync::mpsc;
+use tracing::{debug, error, info};
+
+use crate::consensus_worker::ConsensusWorker;
 
 /// Load staking keys from file
 /// and derive public keys and addresses
@@ -28,7 +29,8 @@ async fn load_initial_staking_keys(path: &Path) -> Result<Map<Address, (PublicKe
     if !std::path::Path::is_file(path) {
         return Ok(Map::default());
     }
-    serde_json::from_str::<Vec<PrivateKey>>(&tokio::fs::read_to_string(path).await?)?
+    // HERE DECRYPT
+    serde_json::from_slice::<Vec<PrivateKey>>(&decrypt("PASSWORD", &tokio::fs::read(path).await?)?)?
         .iter()
         .map(|private_key| {
             let public_key = derive_public_key(private_key);