fix(config): panic when loading invalid node key file (#888)

* fix(config): panic when loading invalid node key file * chore: verify node key id matches pubkey * test(config): TestLoadNodeKeyID
dashpay · Aug 29, 2024 · 7d40ae5 · 7d40ae5
1 parent ad4f911
commit 7d40ae5
Show file tree

Hide file tree

Showing 3 changed files with 57 additions and 0 deletions.
diff --git a/config/config.go b/config/config.go
@@ -300,6 +300,11 @@ func (cfg BaseConfig) LoadNodeKeyID() (types.NodeID, error) {
 	if err != nil {
 		return "", err
 	}
+
+	if err = nodeKey.Validate(); err != nil {
+		return "", fmt.Errorf("invalid node key file %s: %w", cfg.NodeKeyFile(), err)
+	}
+
 	nodeKey.ID = types.NodeIDFromPubKey(nodeKey.PubKey())
 	return nodeKey.ID, nil
 }

diff --git a/config/config_test.go b/config/config_test.go
@@ -1,6 +1,7 @@
 package config
 
 import (
+	"os"
 	"reflect"
 	"testing"
 	"time"
@@ -223,3 +224,39 @@ func TestP2PConfigValidateBasic(t *testing.T) {
 		reflect.ValueOf(cfg).Elem().FieldByName(fieldName).SetInt(0)
 	}
 }
+
+// Given some invalid node key file, when I try to load it, I get an error
+func TestLoadNodeKeyID(t *testing.T) {
+
+	testCases := []string{
+		`{
+  "type": "tendermint/PrivKeyEd25519",
+  "value": "wIVaBy3v4bKcrBxGsgFen9qJeqXiK4h18iWCM2LSYxMyH8PomXsANUb3KoucY9EBDj0NQi4LqrmG8DyT5D6xWQ=="
+}`,
+		`{
+	"id":"0d846d89021b617026c3a3d4051ebcf4cdd09f7c",
+	"priv_key":{
+		"type":"tendermint/PrivKeyEd25519",
+		"value":"J5EWnwSixAZuuw2Gf5nbXXNbyliaURFgBawfwN+zU/N7ucjnxu0GLcVi107XEj2Myq95101jcPPcJE+dCncY1A=="
+	}
+}`,
+	}
+
+	for _, tc := range testCases {
+		t.Run("", func(t *testing.T) {
+			cfg := DefaultBaseConfig()
+			tmpDir := t.TempDir()
+
+			// create invalid node key file
+			cfg.NodeKey = tmpDir + "/node_key.json"
+			err := os.WriteFile(cfg.NodeKey, []byte(tc), 0600)
+			require.NoError(t, err)
+
+			// when I try to load the node key
+			_, err = cfg.LoadNodeKeyID()
+
+			// then I get an error
+			assert.Error(t, err)
+		})
+	}
+}
diff --git a/types/node_key.go b/types/node_key.go
@@ -2,6 +2,7 @@ package types
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 
 	"github.com/dashpay/tenderdash/crypto"
@@ -38,6 +39,20 @@ func (nk NodeKey) MarshalJSON() ([]byte, error) {
 	})
 }
 
+func (nk *NodeKey) Validate() error {
+	if nk.PrivKey == nil {
+		return fmt.Errorf("invalid or empty private key")
+	}
+	if err := nk.ID.Validate(); err != nil {
+		return fmt.Errorf("invalid node ID: %w", err)
+	}
+	keyID := NodeIDFromPubKey(nk.PrivKey.PubKey())
+	if nk.ID != keyID {
+		return fmt.Errorf("saved node ID %s does not match public key %s", nk.ID, keyID)
+	}
+	return nil
+}
+
 func (nk *NodeKey) UnmarshalJSON(data []byte) error {
 	var nkjson nodeKeyJSON
 	if err := json.Unmarshal(data, &nkjson); err != nil {