Persisting rln credentials

[kgrgpg]

This code implements the persistence of MembershipKeyPair and MembershipIndex to the RLN membership contract. This is done by storing raw unencrypted JSON text in the files keyPair.txt and rlnIndex.txt when the first registration takes place. At a later stage, these credentials need to be stored in an encrypted format. One of the ways to implement that encryption could be similar to how keystore is implemented in Nimbus. But for now this should serve the purpose of credentials persistence saving user funds.

[kaiserd]

🎉 on your first nwaku PR :).

What are the security implications of printing / persisting the membership key in the clear?

Also, I left some nit comments inline.

[kgrgpg]

@kaiserd Since the files are stored as a raw text file, it is highly susceptible to theft. The files needs some encryption to resolve this.

With regards to printing the keys, it is purely for debugging purposes so that the user becomes explicitly aware of the current keys in use when nwaku is started. Note that this is only until the RLN contract being used is the one deployed on Goerli testnet. These prints need to omitted once RLN contract is deployed on Ethereum mainnet and using valuable funds for staking.

[kaiserd]

Thank you for the clarification :).
I'd add comments in the code explaining the reason for both

• storing the raw key on disc
• printing the raw key

[kgrgpg]

Security warning incorporated as comments within code base.

[s1fr0]

Congrats for your first nwaku PR! Overall good, I left some comments.

[jm-clius]

Thanks, @kgrgpg! Left some comments on Nim styling and abstracting the file-specific logic and magic constants - if this is to be short-lived until we have a proper keystore, the reading/writing and file types should not be in line with the main logic of the code but abstracted to modular procs.

[jm-clius]

Where is the Exception raised from? Couldn't we find the exact type of Exception being raised and catch it here? Now we have a list of Defect, CatchableError and Exception which just means "everything". I know it's not always easy to catch specific exceptions from submodules. Also see: https://status-im.github.io/nim-style-guide/errors.exceptions.html

[kgrgpg]

This has been opened as a new issue. See #1045

So far it seems like an OSError but raising it is still giving error that appropriate exception is not raised.

[staheri14]

There are a few function calls in this proc that can potentially raise an exception, i.e., readFile, parseJson and
to(jsonObject, R andlnMembershipCredentials), have you inspected those to see what they raise?

[kgrgpg]

Moving all discussions related to Exception handling to the new issue. Review this PR on persistence primarily. @staheri14 Your comment is linked in new issue. #1045 (comment)

[jm-clius]

I may not understand the exact context, but if the idea is simply for this "write to cleartext file" to be a temporary stopgap until we have an integrated keystore, the logic should be abstracted to separate functions with no magic references to the .txt files in the main logic.

In other words, instead of having an elif fileExists(... here, it should be something like elif usePersistentKeys() where usePersistentKeys() are implemented elsewhere. And instead of having the logic to read the keys from the files here it should be abstracted to a readKeys() proc, etc.

[kgrgpg]

Suggestion incorporated. Refer to 6236dd6

[status-im-auto]

Jenkins Builds

Click to see older builds (6)

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	dc61be0	#1	2022-07-22 04:15:04	~27 min	macos	📦bin
❌	dc61be0	#1	2022-07-22 10:16:51	~32 min	windows	📄log
✔️	dc61be0	#1	2022-07-22 12:10:07	~19 min	linux	📦bin
✔️	7162bfa	#2	2022-07-24 16:13:34	~26 min	macos	📦bin
❌	7162bfa	#2	2022-07-24 22:11:03	~26 min	windows	📄log
❌	135b72a	#3	2022-07-31 04:08:04	~20 min	macos	📄log

❔	Commit	#️⃣	Finished (UTC)	Duration	Platform	Result
✔️	08ab7a1	#4	2022-08-02 04:08:54	~21 min	macos	📦bin
✔️	1ad6b4d	#2	2022-08-28 15:59:08	~19 min	linux	📦bin

[s1fr0]

@kgrgpg Note that tests fail and there exist some conflicts that has to be addressed before merging

/home/runner/work/nwaku/nwaku/waku/v2/protocol/waku_rln_relay/waku_rln_relay_utils.nim(840) readPersistentRlnCredentials
/home/runner/work/nwaku/nwaku/vendor/nimbus-build-system/vendor/Nim/lib/system/io.nim(693) readFile

    Unhandled exception: cannot open: testPath.txt [IOError]
  [FAILED] Read Persistent RLN credentials

Please ping reviewers when ready.

[kgrgpg]

@s1fr0 Usage of writePersistentRlnCredentials in the test is resulting in an IOError while reading.
Even though usage of this write abstract function works correctly within waku_rln_relay_utils.nim.

When I reverted to a direct call to writeFile within the test, the reading becomes successful. Refer f10d873

Now I am perplexed, why this is the case. I read at https://nim-lang.org/docs/io.html#writeFile%2Cstring%2Cstring that writeFile closes the file after the operation is complete. I am wondering if this is failing for some reason when contained inside the abstracted function writePersistentRlnCredentials as readPersistentRlnCredentials gets called right away in the test. Do you have any clue with regards to this?

[s1fr0]

Do not push commits related to vendor (so revert this). Regularly run make update to update submodules.

[kgrgpg]

Do not push commits related to vendor (so revert this). Regularly run make update to update submodules.

Thanks for this info. Make update resulted in new checkout for dnsclient. Concerned commit reverted.

[kgrgpg]

The abstract proc writePersistentRlnCredentials is reverted in commit 08ab7a1. The reason for this is explained in #1037. Since this abstract proc is not necessary for the "persistence" implementation of the RLN credentials and the test associated with it are valid and pass without this abstraction, this is now opened as a new issue #1053 (comment)

[LNSD]

I would prefer that we do not dump the content of the credentials through the stdout

[kgrgpg]

Refer to #1037 (comment)

[LNSD]

LGTM ✅

Congrats on you first contribution 😁

[LNSD]

IMHO We need to do an overall code review for the RLN part before it becomes hard to maintain (e.g. @s1fr0 has already experienced issues with the Zerokit integration).

Right now I am fully focused on the Waku Store issue, but let's see if we can find a slot after the next nwaku's release to improve the code maintainability.

cc @staheri14 @kgrgpg @s1fr0

[kgrgpg]

@LNSD Thanks but technically this is my second PR :D
First one is the tutorial at #1031
And agree, always up to improve code readability and maintainability.

[s1fr0]

All comments where addressed except abstraction of writePersistentRlnCredentials and byte serialization/storage. These changes are tracked in #1053 and #1041 (encryption somehow implies byte serialization).

[LNSD]

@kgrgpg If the work in this PR is finished, could you rebase, solve the conflicts and merge the PR into master branch?