hoprd_keypair/

key_pair.rs

// use hex;
use std::fmt::Debug;

use hopr_crypto_random::{Randomizable, random_bytes};
use hopr_crypto_types::{
    crypto_traits::{Digest, KeyIvInit, StreamCipher, Update},
    prelude::*,
};
use hopr_platform::file::native::{metadata, read_to_string, write};
use hopr_primitive_types::prelude::*;
use scrypt::{Params as ScryptParams, scrypt};
use serde::{Serialize, Serializer, ser::SerializeStruct};
use serde_json::{from_str as from_json_string, to_string as to_json_string};
use tracing::{info, warn};
use typenum::Unsigned;
use uuid::Uuid;

use crate::{
    errors::{KeyPairError, Result},
    keystore::{CipherparamsJson, CryptoJson, EthKeystore, KdfType, KdfparamsType, PrivateKeys},
};

const HOPR_CIPHER: &str = "aes-128-ctr";
const HOPR_KEY_SIZE: usize = 32usize;
const HOPR_IV_SIZE: usize = 16usize;
const HOPR_KDF_PARAMS_DKLEN: u8 = 32u8;
const HOPR_KDF_PARAMS_LOG_N: u8 = 13u8;
const HOPR_KDF_PARAMS_R: u32 = 8u32;
const HOPR_KDF_PARAMS_P: u32 = 1u32;

const PACKET_KEY_LENGTH: usize = <OffchainKeypair as Keypair>::SecretLen::USIZE;
const CHAIN_KEY_LENGTH: usize = <ChainKeypair as Keypair>::SecretLen::USIZE;

const V1_PRIVKEY_LENGTH: usize = 32;
const V2_PRIVKEYS_LENGTH: usize = 172;

// Current version, deviates from pre 2.0
const VERSION: u32 = 2;

#[cfg(any(debug_assertions, test))]
const USE_WEAK_CRYPTO: bool = true;

#[cfg(all(not(debug_assertions), not(test)))]
const USE_WEAK_CRYPTO: bool = false;

pub enum IdentityRetrievalModes<'a> {
    /// hoprd starts with a previously generated identitiy file.
    /// If none is present, create a new one
    FromFile {
        /// Used encrypt / decrypt identity file
        password: &'a str,
        /// path to store / load identity file
        id_path: &'a str,
    },
    /// hoprd receives at startup a private which it will use
    /// for the entire runtime. The private stays in memory and
    /// thus remains fluent
    FromPrivateKey {
        /// hex string containing the private key
        private_key: &'a str,
    },
    /// takes a private key and create an identity file at the
    /// provided file destination
    #[cfg(any(feature = "hopli", test))]
    FromIdIntoFile {
        /// identifier of this keypair
        id: Uuid,
        /// Used encrypt / decrypt identity file
        password: &'a str,
        /// path to store / load identity file
        id_path: &'a str,
    },
}

pub struct HoprKeys {
    pub packet_key: OffchainKeypair,
    pub chain_key: ChainKeypair,
    id: Uuid,
}

impl TryFrom<IdentityRetrievalModes<'_>> for HoprKeys {
    type Error = KeyPairError;

    fn try_from(value: IdentityRetrievalModes) -> std::result::Result<Self, Self::Error> {
        Self::init(value)
    }
}

impl Serialize for HoprKeys {
    /// Serialize without private keys
    fn serialize<S>(&self, serializer: S) -> std::result::Result<S::Ok, S::Error>
    where
        S: Serializer,
    {
        let mut s = serializer.serialize_struct("HoprKeys", 3)?;
        s.serialize_field("peer_id", self.packet_key.public().to_peerid_str().as_str())?;
        s.serialize_field("packet_key", self.packet_key.public().to_hex().as_str())?;
        s.serialize_field("chain_key", &self.chain_key.public().to_hex().as_str())?;
        s.serialize_field("native_address", &self.chain_key.public().to_address().to_string())?;
        s.serialize_field("uuid", &self.id)?;
        s.end()
    }
}

impl std::fmt::Display for HoprKeys {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.write_str(
            format!(
                "packet_key: {}, chain_key: {} (Ethereum address: {})\nUUID: {}",
                self.packet_key.public().to_peerid_str(),
                self.chain_key.public().to_hex(),
                self.chain_key.public().0.to_address(),
                self.id
            )
            .as_str(),
        )
    }
}

impl TryFrom<&str> for HoprKeys {
    type Error = KeyPairError;

    /// Deserializes HoprKeys from string
    ///
    /// ```rust
    /// use hoprd_keypair::key_pair::HoprKeys;
    ///
    /// let priv_keys = "0x56b29cefcdf576eea306ba2fd5f32e651c09e0abbc018c47bdc6ef44f6b7506f1050f95137770478f50b456267f761f1b8b341a13da68bc32e5c96984fcd52ae";
    /// assert!(HoprKeys::try_from(priv_keys).is_ok());
    /// ```
    fn try_from(s: &str) -> std::result::Result<Self, Self::Error> {
        let maybe_priv_key = s.strip_prefix("0x").unwrap_or(s);

        if maybe_priv_key.len() != 2 * (PACKET_KEY_LENGTH + CHAIN_KEY_LENGTH) {
            return Err(KeyPairError::InvalidPrivateKeySize {
                actual: maybe_priv_key.len(),
                expected: 2 * (PACKET_KEY_LENGTH + CHAIN_KEY_LENGTH),
            });
        }

        let mut priv_key_raw = [0u8; PACKET_KEY_LENGTH + CHAIN_KEY_LENGTH];
        hex::decode_to_slice(maybe_priv_key, &mut priv_key_raw[..])?;

        priv_key_raw.try_into()
    }
}

impl TryFrom<[u8; PACKET_KEY_LENGTH + CHAIN_KEY_LENGTH]> for HoprKeys {
    type Error = KeyPairError;

    /// Deserializes HoprKeys from binary string
    ///
    /// ```rust
    /// use hoprd_keypair::key_pair::HoprKeys;
    ///
    /// let priv_keys = [
    ///     0x56, 0xb2, 0x9c, 0xef, 0xcd, 0xf5, 0x76, 0xee, 0xa3, 0x06, 0xba, 0x2f, 0xd5, 0xf3, 0x2e, 0x65, 0x1c, 0x09,
    ///     0xe0, 0xab, 0xbc, 0x01, 0x8c, 0x47, 0xbd, 0xc6, 0xef, 0x44, 0xf6, 0xb7, 0x50, 0x6f, 0x10, 0x50, 0xf9, 0x51,
    ///     0x37, 0x77, 0x04, 0x78, 0xf5, 0x0b, 0x45, 0x62, 0x67, 0xf7, 0x61, 0xf1, 0xb8, 0xb3, 0x41, 0xa1, 0x3d, 0xa6,
    ///     0x8b, 0xc3, 0x2e, 0x5c, 0x96, 0x98, 0x4f, 0xcd, 0x52, 0xae,
    /// ];
    /// assert!(HoprKeys::try_from(priv_keys).is_ok());
    /// ```
    fn try_from(value: [u8; CHAIN_KEY_LENGTH + PACKET_KEY_LENGTH]) -> std::result::Result<Self, Self::Error> {
        let mut packet_key = [0u8; PACKET_KEY_LENGTH];
        packet_key.copy_from_slice(&value[0..32]);
        let mut chain_key = [0u8; CHAIN_KEY_LENGTH];
        chain_key.copy_from_slice(&value[32..64]);

        (packet_key, chain_key).try_into()
    }
}

impl TryFrom<([u8; PACKET_KEY_LENGTH], [u8; CHAIN_KEY_LENGTH])> for HoprKeys {
    type Error = KeyPairError;

    /// Deserializes HoprKeys from tuple of two binary private keys
    ///
    /// ```rust
    /// use hoprd_keypair::key_pair::HoprKeys;
    ///
    /// let priv_keys = (
    ///     [
    ///         0x56, 0xb2, 0x9c, 0xef, 0xcd, 0xf5, 0x76, 0xee, 0xa3, 0x06, 0xba, 0x2f, 0xd5, 0xf3, 0x2e, 0x65, 0x1c, 0x09,
    ///         0xe0, 0xab, 0xbc, 0x01, 0x8c, 0x47, 0xbd, 0xc6, 0xef, 0x44, 0xf6, 0xb7, 0x50, 0x6f,
    ///     ],
    ///     [
    ///         0x10, 0x50, 0xf9, 0x51, 0x37, 0x77, 0x04, 0x78, 0xf5, 0x0b, 0x45, 0x62, 0x67, 0xf7, 0x61, 0xf1, 0xb8, 0xb3,
    ///         0x41, 0xa1, 0x3d, 0xa6, 0x8b, 0xc3, 0x2e, 0x5c, 0x96, 0x98, 0x4f, 0xcd, 0x52, 0xae,
    ///     ],
    /// );
    /// assert!(HoprKeys::try_from(priv_keys).is_ok());
    /// ```
    fn try_from(value: ([u8; PACKET_KEY_LENGTH], [u8; CHAIN_KEY_LENGTH])) -> std::result::Result<Self, Self::Error> {
        Ok(HoprKeys {
            packet_key: OffchainKeypair::from_secret(&value.0)?,
            chain_key: ChainKeypair::from_secret(&value.1)?,
            id: Uuid::new_v4(),
        })
    }
}

impl PartialEq for HoprKeys {
    fn eq(&self, other: &Self) -> bool {
        self.packet_key.public().eq(other.packet_key.public()) && self.chain_key.public().eq(other.chain_key.public())
    }
}

impl Randomizable for HoprKeys {
    /// Creates two new keypairs, one for off-chain affairs and
    /// another one to be used within the smart contract
    fn random() -> Self {
        Self {
            packet_key: OffchainKeypair::random(),
            chain_key: ChainKeypair::random(),
            id: Uuid::new_v4(),
        }
    }
}

impl HoprKeys {
    /// Initializes HoprKeys using the provided retrieval mode
    fn init(retrieval_mode: IdentityRetrievalModes) -> Result<Self> {
        match retrieval_mode {
            IdentityRetrievalModes::FromFile { password, id_path } => {
                let identity_file_exists = metadata(id_path).is_ok();

                if identity_file_exists {
                    info!(file_path = %id_path, "found existing identity file");

                    match HoprKeys::read_eth_keystore(id_path, password) {
                        Ok((keys, needs_migration)) => {
                            info!(needs_migration, "status");
                            if needs_migration {
                                keys.write_eth_keystore(id_path, password)?
                            }
                            Ok(keys)
                        }
                        Err(e) => Err(KeyPairError::GeneralError(format!(
                            "An identity file is present at {id_path} but the provided password <REDACTED> is not \
                             sufficient to decrypt it {e}"
                        ))),
                    }
                } else {
                    let keys = HoprKeys::random();

                    info!(file_path = %id_path, %keys, "created new keypairs");

                    keys.write_eth_keystore(id_path, password)?;
                    Ok(keys)
                }
            }
            IdentityRetrievalModes::FromPrivateKey { private_key } => {
                info!("initializing HoprKeys with provided private keys <REDACTED>");

                private_key.try_into()
            }
            #[cfg(any(feature = "hopli", test))]
            IdentityRetrievalModes::FromIdIntoFile { id, password, id_path } => {
                let identity_file_exists = metadata(id_path).is_ok();

                if identity_file_exists {
                    info!(file_path = %id_path, "found an existing identity file");

                    Err(KeyPairError::GeneralError(format!(
                        "Cannot create identity file at {} because the file already exists.",
                        id_path
                    )))
                } else {
                    let keys: HoprKeys = HoprKeys {
                        id,
                        packet_key: OffchainKeypair::random(),
                        chain_key: ChainKeypair::random(),
                    };

                    keys.write_eth_keystore(id_path, password)?;

                    Ok(keys)
                }
            }
        }
    }

    /// Reads a keystore file using custom FS operations
    ///
    /// Highly inspired by `<https://github.com/roynalnaruto/eth-keystore-rs>`
    pub fn read_eth_keystore(path: &str, password: &str) -> Result<(Self, bool)> {
        let json_string = read_to_string(path)?;
        let keystore: EthKeystore = from_json_string(&json_string)?;

        let key = match keystore.crypto.kdfparams {
            KdfparamsType::Scrypt { dklen, n, p, r, salt } => {
                let mut key = vec![0u8; dklen as usize];
                let log_n = (n as f32).log2() as u8;
                let scrypt_params = ScryptParams::new(log_n, r, p, dklen.into())
                    .map_err(|err| KeyPairError::KeyDerivationError(err.to_string()))?;
                // derive "master key" and store it in `key`
                scrypt(password.as_ref(), &salt, &scrypt_params, &mut key)
                    .map_err(|err| KeyPairError::KeyDerivationError(err.to_string()))?;
                key
            }
            _ => panic!("HOPR only supports scrypt"),
        };

        // Derive the MAC from the derived key and ciphertext.
        let derived_mac = Keccak256::new()
            .chain(&key[16..32])
            .chain(&keystore.crypto.ciphertext)
            .finalize();

        if *derived_mac != *keystore.crypto.mac {
            return Err(KeyPairError::MacMismatch);
        }

        // Decrypt the private key bytes using AES-128-CTR
        let mut decryptor = Aes128Ctr::new_from_slices(&key[..16], &keystore.crypto.cipherparams.iv[..16])
            .map_err(|_| KeyPairError::KeyDerivationError("invalid key or iv length".into()))?;

        let mut pk = keystore.crypto.ciphertext;

        match pk.len() {
            V1_PRIVKEY_LENGTH => {
                decryptor.apply_keystream(&mut pk);

                let packet_key: [u8; PACKET_KEY_LENGTH] = random_bytes();

                let mut chain_key = [0u8; CHAIN_KEY_LENGTH];
                chain_key.clone_from_slice(&pk.as_slice()[0..CHAIN_KEY_LENGTH]);

                let ret: HoprKeys = (packet_key, chain_key)
                    .try_into()
                    .map_err(|_| KeyPairError::GeneralError("cannot instantiate hopr keys".into()))?;

                Ok((ret, true))
            }
            V2_PRIVKEYS_LENGTH => {
                decryptor.apply_keystream(&mut pk);

                let private_keys = serde_json::from_slice::<PrivateKeys>(&pk)?;

                if private_keys.packet_key.len() != PACKET_KEY_LENGTH {
                    return Err(KeyPairError::InvalidEncryptedKeyLength {
                        actual: private_keys.packet_key.len(),
                        expected: PACKET_KEY_LENGTH,
                    });
                }

                if private_keys.chain_key.len() != CHAIN_KEY_LENGTH {
                    return Err(KeyPairError::InvalidEncryptedKeyLength {
                        actual: private_keys.chain_key.len(),
                        expected: CHAIN_KEY_LENGTH,
                    });
                }

                let mut packet_key = [0u8; PACKET_KEY_LENGTH];
                packet_key.clone_from_slice(private_keys.packet_key.as_slice());

                let mut chain_key = [0u8; CHAIN_KEY_LENGTH];
                chain_key.clone_from_slice(private_keys.chain_key.as_slice());

                Ok((
                    HoprKeys {
                        packet_key: OffchainKeypair::from_secret(&packet_key)?,
                        chain_key: ChainKeypair::from_secret(&chain_key)?,
                        id: keystore.id,
                    },
                    false,
                ))
            }
            _ => Err(KeyPairError::InvalidEncryptedKeyLength {
                actual: pk.len(),
                expected: V2_PRIVKEYS_LENGTH,
            }),
        }
    }

    /// Writes a keystore file using custom FS operation and custom entropy source
    ///
    /// Highly inspired by `<https://github.com/roynalnaruto/eth-keystore-rs>`
    pub fn write_eth_keystore(&self, path: &str, password: &str) -> Result<()> {
        if USE_WEAK_CRYPTO {
            warn!("USING WEAK CRYPTO -> this build is not meant for production!");
        }
        // Generate a random salt.
        let salt: [u8; HOPR_KEY_SIZE] = random_bytes();

        // Derive the key.
        let mut key = [0u8; HOPR_KDF_PARAMS_DKLEN as usize];
        let scrypt_params = ScryptParams::new(
            if USE_WEAK_CRYPTO { 1 } else { HOPR_KDF_PARAMS_LOG_N },
            HOPR_KDF_PARAMS_R,
            HOPR_KDF_PARAMS_P,
            HOPR_KDF_PARAMS_DKLEN.into(),
        )
        .map_err(|e| KeyPairError::KeyDerivationError(e.to_string()))?;

        // derive "master key" and store it in `key`
        scrypt(password.as_ref(), &salt, &scrypt_params, &mut key)
            .map_err(|e| KeyPairError::KeyDerivationError(e.to_string()))?;

        // Encrypt the private key using AES-128-CTR.
        let iv: [u8; HOPR_IV_SIZE] = random_bytes();

        let mut encryptor = Aes128Ctr::new_from_slices(&key[..16], &iv[..16])
            .map_err(|_| KeyPairError::KeyDerivationError("invalid key or iv".into()))?;

        let private_keys = PrivateKeys {
            chain_key: self.chain_key.secret().as_ref().to_vec(),
            packet_key: self.packet_key.secret().as_ref().to_vec(),
            version: VERSION,
        };

        let mut ciphertext = serde_json::to_vec(&private_keys)?;
        encryptor.apply_keystream(&mut ciphertext);

        // Calculate the MAC.
        let mac = Keccak256::new().chain(&key[16..32]).chain(&ciphertext).finalize();

        // Construct and serialize the encrypted JSON keystore.
        let keystore = EthKeystore {
            id: self.id,
            version: 3,
            crypto: CryptoJson {
                cipher: String::from(HOPR_CIPHER),
                cipherparams: CipherparamsJson { iv: iv.to_vec() },
                ciphertext,
                kdf: KdfType::Scrypt,
                kdfparams: KdfparamsType::Scrypt {
                    dklen: HOPR_KDF_PARAMS_DKLEN,
                    n: 2u32.pow(if USE_WEAK_CRYPTO { 1 } else { HOPR_KDF_PARAMS_LOG_N } as u32),
                    p: HOPR_KDF_PARAMS_P,
                    r: HOPR_KDF_PARAMS_R,
                    salt: salt.to_vec(),
                },
                mac: mac.to_vec(),
            },
        };

        let serialized = to_json_string(&keystore)?;

        write(path, serialized).map_err(|e| e.into())
    }

    pub fn id(&self) -> &Uuid {
        &self.id
    }
}

impl Debug for HoprKeys {
    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
        f.debug_struct("HoprKeys")
            .field(
                "packet_key",
                &format_args!("(priv_key: <REDACTED>, pub_key: {}", self.packet_key.public().to_hex()),
            )
            .field(
                "chain_key",
                &format_args!("(priv_key: <REDACTED>, pub_key: {}", self.chain_key.public().to_hex()),
            )
            .finish()
    }
}

#[cfg(test)]
mod tests {
    use std::fs;

    use anyhow::Context;
    use hopr_crypto_random::Randomizable;
    use hopr_crypto_types::prelude::*;
    use tempfile::tempdir;
    use uuid::Uuid;

    use super::HoprKeys;

    const DEFAULT_PASSWORD: &str = "dummy password for unit testing";

    #[test]
    fn create_keys() {
        println!("{:?}", super::HoprKeys::random())
    }

    #[test]
    fn store_keys_and_read_them() -> anyhow::Result<()> {
        let tmp = tempdir()?;

        let identity_dir = tmp.path().join("hopr-unit-test-identity");

        let keys = super::HoprKeys::random();

        keys.write_eth_keystore(
            identity_dir.to_str().context("should be convertible to string")?,
            DEFAULT_PASSWORD,
        )?;

        let (deserialized, needs_migration) = super::HoprKeys::read_eth_keystore(
            identity_dir.to_str().context("should be convertible to string")?,
            DEFAULT_PASSWORD,
        )?;

        assert!(!needs_migration);
        assert_eq!(deserialized, keys);

        Ok(())
    }

    #[test]
    fn test_migration() -> anyhow::Result<()> {
        let tmp = tempdir()?;

        let identity_dir = tmp.path().join("hopr-unit-test-identity");

        let old_keystore_file = r#"{"id":"8e5fe142-6ef9-4fbb-aae8-5de32b680e31","version":3,"crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"04141354edb9dfb0c65e6905a3a0b9dd"},"ciphertext":"74f12f72cf2d3d73ff09f783cb9b57995b3808f7d3f71aa1fa1968696aedfbdd","kdf":"scrypt","kdfparams":{"salt":"f5e3f04eaa0c9efffcb5168c6735d7e1fe4d96f48a636c4f00107e7c34722f45","n":1,"dklen":32,"p":1,"r":8},"mac":"d0daf0e5d14a2841f0f7221014d805addfb7609d85329d4c6424a098e50b6fbe"}}"#;

        fs::write(
            identity_dir.to_str().context("should be convertible to string")?,
            old_keystore_file.as_bytes(),
        )?;

        let (deserialized, needs_migration) = super::HoprKeys::read_eth_keystore(
            identity_dir.to_str().context("should be convertible to string")?,
            "local",
        )?;

        assert!(needs_migration);
        assert_eq!(
            deserialized.chain_key.public().0.to_address().to_string(),
            "0x826a1bf3d51fa7f402a1e01d1b2c8a8bac28e666"
        );

        Ok(())
    }

    #[test]
    fn test_auto_migration() -> anyhow::Result<()> {
        let tmp = tempdir()?;
        let identity_dir = tmp.path().join("hopr-unit-test-identity");
        let identity_path: &str = identity_dir.to_str().context("should be convertible to string")?;

        let old_keystore_file = r#"{"id":"8e5fe142-6ef9-4fbb-aae8-5de32b680e31","version":3,"crypto":{"cipher":"aes-128-ctr","cipherparams":{"iv":"04141354edb9dfb0c65e6905a3a0b9dd"},"ciphertext":"74f12f72cf2d3d73ff09f783cb9b57995b3808f7d3f71aa1fa1968696aedfbdd","kdf":"scrypt","kdfparams":{"salt":"f5e3f04eaa0c9efffcb5168c6735d7e1fe4d96f48a636c4f00107e7c34722f45","n":1,"dklen":32,"p":1,"r":8},"mac":"d0daf0e5d14a2841f0f7221014d805addfb7609d85329d4c6424a098e50b6fbe"}}"#;
        fs::write(identity_path, old_keystore_file.as_bytes()).unwrap();

        assert!(
            super::HoprKeys::init(super::IdentityRetrievalModes::FromFile {
                password: "local",
                id_path: identity_path
            })
            .is_ok()
        );

        let (deserialized, needs_migration) = super::HoprKeys::read_eth_keystore(identity_path, "local").unwrap();

        assert!(!needs_migration);
        assert_eq!(
            deserialized.chain_key.public().0.to_address().to_string(),
            "0x826a1bf3d51fa7f402a1e01d1b2c8a8bac28e666"
        );

        Ok(())
    }

    #[test]
    fn test_should_not_overwrite_existing() -> anyhow::Result<()> {
        let tmp = tempdir()?;
        let identity_dir = tmp.path().join("hopr-unit-test-identity");
        let identity_path: &str = identity_dir.to_str().context("should be convertible to string")?;

        fs::write(identity_path, "".as_bytes())?;

        // Overwriting existing keys must not be possible
        assert!(
            super::HoprKeys::init(super::IdentityRetrievalModes::FromFile {
                password: "local",
                id_path: identity_path
            })
            .is_err()
        );

        Ok(())
    }

    #[test]
    fn test_from_privatekey() {
        let private_key = "0x56b29cefcdf576eea306ba2fd5f32e651c09e0abbc018c47bdc6ef44f6b7506f1050f95137770478f50b456267f761f1b8b341a13da68bc32e5c96984fcd52ae";

        let from_private_key = HoprKeys::init(super::IdentityRetrievalModes::FromPrivateKey { private_key }).unwrap();

        let private_key_without_prefix = "56b29cefcdf576eea306ba2fd5f32e651c09e0abbc018c47bdc6ef44f6b7506f1050f95137770478f50b456267f761f1b8b341a13da68bc32e5c96984fcd52ae";

        let from_private_key_without_prefix = HoprKeys::init(super::IdentityRetrievalModes::FromPrivateKey {
            private_key: private_key_without_prefix,
        })
        .unwrap();

        // both ways should work
        assert_eq!(from_private_key, from_private_key_without_prefix);

        let too_short_private_key = "0xb29cefcdf576eea306ba2fd5f32e651c09e0abbc018c47bdc6ef44f6b7506f1050f95137770478f50b456267f761f1b8b341a13da68bc32e5c96984fcd52ae";

        assert!(
            HoprKeys::init(super::IdentityRetrievalModes::FromPrivateKey {
                private_key: too_short_private_key
            })
            .is_err()
        );

        let too_long_private_key = "0x56b29cefcdf576eea306ba2fd5f32e651c09e0abbc018c47bdc6ef44f6b7506f1050f95137770478f50b456267f761f1b8b341a13da68bc32e5c96984fcd52aeae";

        assert!(
            HoprKeys::init(super::IdentityRetrievalModes::FromPrivateKey {
                private_key: too_long_private_key
            })
            .is_err()
        );

        let non_hex_private = "this is the story of hopr: in 2018 ...";
        assert!(
            HoprKeys::init(super::IdentityRetrievalModes::FromPrivateKey {
                private_key: non_hex_private
            })
            .is_err()
        );
    }

    #[test]
    fn test_from_privatekey_into_file() -> anyhow::Result<()> {
        let tmp = tempdir()?;
        let identity_dir = tmp.path().join("hopr-unit-test-identity");
        let identity_path = identity_dir.to_str().context("should be convertible to string")?;
        let id = Uuid::new_v4();

        let keys = HoprKeys::init(super::IdentityRetrievalModes::FromIdIntoFile {
            password: "local",
            id_path: identity_path,
            id,
        })
        .expect("should initialize new key");

        let (deserialized, needs_migration) = super::HoprKeys::read_eth_keystore(identity_path, "local").unwrap();

        assert!(!needs_migration);
        assert_eq!(
            deserialized.chain_key.public().to_address(),
            keys.chain_key.public().to_address()
        );

        // Overwriting existing keys must not be possible
        assert!(
            super::HoprKeys::init(super::IdentityRetrievalModes::FromIdIntoFile {
                password: "local",
                id_path: identity_path,
                id
            })
            .is_err()
        );

        Ok(())
    }
}