zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
218 Commits
183 Branches
291 MiB
Tree: 156416fe27
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '156416fe27'
${ noResults }
tendermint/keys/keybase.go

247 lines
7.2 KiB
Raw Normal View History

Fixed imports
7 years ago
Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
go build compiles
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Handle generating keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Draft of suggested changes
7 years ago
Handle generating keys
7 years ago
keys/words
7 years ago
Handle generating keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
keys/words
7 years ago
Import keystore logic from light-client
8 years ago
keys/words
7 years ago
Draft of suggested changes
7 years ago
Fix errors except for es missing
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
linting: fixup some stuffs
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Generate/recover can return error, not panic on ledger
7 years ago
Handle generating keys
7 years ago
Set key algorithm on key creation
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Set key algorithm on key creation
8 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
keys/keybase.go: comments and fixes
7 years ago
go build compiles
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Updated Manager interface to return seed on create, fix server tests
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Draft of suggested changes
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Recovery also works with secp256 keys
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Recovery also works with secp256 keys
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Recovery also works with secp256 keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Add Address type which is HexBytes
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Fix errors except for es missing
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
Revert "Upgrade keys to use bcrypt with salts (#38)" This reverts commit 8e7f0e7701f92206679ad093d013b9b162427631.
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Revert "Upgrade keys to use bcrypt with salts (#38)" This reverts commit 8e7f0e7701f92206679ad093d013b9b162427631.
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
keys/keybase.go: comments and fixes
7 years ago
go build compiles
7 years ago
keys/keybase.go: comments and fixes
7 years ago
go build compiles
7 years ago
keys/keybase.go: comments and fixes
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Handle generating keys
7 years ago
keys/keybase.go: comments and fixes
7 years ago
Handle generating keys
7 years ago
keys/words
7 years ago
Handle generating keys
7 years ago
go build compiles
7 years ago
Fix errors except for es missing
7 years ago
 
  1. package keys
  2. 

  3. import (
  4. 	"fmt"
  5. 	"strings"
  6. 

  7. 	"github.com/pkg/errors"
  8. 	crypto "github.com/tendermint/go-crypto"
  9. 	dbm "github.com/tendermint/tmlibs/db"
  10. 

  11. 	"github.com/tendermint/go-crypto/keys/words"
  12. 	"github.com/tendermint/go-crypto/nano"
  13. )
  14. 

  15. // XXX Lets use go-crypto/bcrypt and ascii encoding directly in here without

  16. // further wrappers around a store or DB.

  17. // Copy functions from: https://github.com/tendermint/mintkey/blob/master/cmd/mintkey/common.go

  18. //

  19. // dbKeybase combines encyption and storage implementation to provide

  20. // a full-featured key manager

  21. type dbKeybase struct {
  22. 	db    dbm.DB
  23. 	codec words.Codec
  24. }
  25. 

  26. func New(db dbm.DB, codec words.Codec) dbKeybase {
  27. 	return dbKeybase{
  28. 		db:    db,
  29. 		codec: codec,
  30. 	}
  31. }
  32. 

  33. var _ Keybase = dbKeybase{}
  34. 

  35. // Create generates a new key and persists it storage, encrypted using the passphrase.

  36. // It returns the generated seedphrase (mnemonic) and the key Info.

  37. // It returns an error if it fails to generate a key for the given algo type,

  38. // or if another key is already stored under the same name.

  39. func (kb dbKeybase) Create(name, passphrase, algo string) (string, Info, error) {
  40. 	// NOTE: secret is SHA256 hashed by secp256k1 and ed25519.

  41. 	// 16 byte secret corresponds to 12 BIP39 words.

  42. 	// XXX: Ledgers use 24 words now - should we ?

  43. 	secret := crypto.CRandBytes(16)
  44. 	key, err := generate(algo, secret)
  45. 	if err != nil {
  46. 		return "", Info{}, err
  47. 	}
  48. 

  49. 	// encrypt and persist the key

  50. 	public := kb.writeKey(key, name, passphrase)
  51. 

  52. 	// return the mnemonic phrase

  53. 	words, err := kb.codec.BytesToWords(secret)
  54. 	seedphrase := strings.Join(words, " ")
  55. 	return seedphrase, public, err
  56. }
  57. 

  58. // Recover converts a seedphrase to a private key and persists it, encrypted with the given passphrase.

  59. // Functions like Create, but seedphrase is input not output.

  60. func (kb dbKeybase) Recover(name, passphrase, algo string, seedphrase string) (Info, error) {
  61. 

  62. 	key, err := kb.SeedToPrivKey(algo, seedphrase)
  63. 	if err != nil {
  64. 		return Info{}, err
  65. 	}
  66. 

  67. 	// Valid seedphrase. Encrypt key and persist to disk.

  68. 	public := kb.writeKey(key, name, passphrase)
  69. 	return public, nil
  70. }
  71. 

  72. // SeedToPrivKey returns the private key corresponding to a seedphrase

  73. // without persisting the private key.

  74. // TODO: enable the keybase to just hold these in memory so we can sign without persisting (?)

  75. func (kb dbKeybase) SeedToPrivKey(algo, seedphrase string) (crypto.PrivKey, error) {
  76. 	words := strings.Split(strings.TrimSpace(seedphrase), " ")
  77. 	secret, err := kb.codec.WordsToBytes(words)
  78. 	if err != nil {
  79. 		return crypto.PrivKey{}, err
  80. 	}
  81. 

  82. 	key, err := generate(algo, secret)
  83. 	if err != nil {
  84. 		return crypto.PrivKey{}, err
  85. 	}
  86. 	return key, nil
  87. }
  88. 

  89. // List returns the keys from storage in alphabetical order.

  90. func (kb dbKeybase) List() ([]Info, error) {
  91. 	var res []Info
  92. 	iter := kb.db.Iterator(nil, nil)
  93. 	defer iter.Close()
  94. 	for ; iter.Valid(); iter.Next() {
  95. 		key := iter.Key()
  96. 		if isPub(key) {
  97. 			info, err := readInfo(iter.Value())
  98. 			if err != nil {
  99. 				return nil, err
  100. 			}
  101. 			res = append(res, info)
  102. 		}
  103. 	}
  104. 	return res, nil
  105. }
  106. 

  107. // Get returns the public information about one key.

  108. func (kb dbKeybase) Get(name string) (Info, error) {
  109. 	bs := kb.db.Get(pubName(name))
  110. 	return readInfo(bs)
  111. }
  112. 

  113. // Sign signs the msg with the named key.

  114. // It returns an error if the key doesn't exist or the decryption fails.

  115. // TODO: what if leddger fails ?

  116. func (kb dbKeybase) Sign(name, passphrase string, msg []byte) (sig crypto.Signature, pk crypto.PubKey, err error) {
  117. 	var key crypto.PrivKey
  118. 	armorStr := kb.db.Get(privName(name))
  119. 	key, err = unarmorDecryptPrivKey(string(armorStr), passphrase)
  120. 	if err != nil {
  121. 		return
  122. 	}
  123. 

  124. 	sig = key.Sign(msg)
  125. 	pk = key.PubKey()
  126. 	return
  127. }
  128. 

  129. // Export decodes the private key with the current password, encrypts

  130. // it with a secure one-time password and generates an armored private key

  131. // that can be Imported by another dbKeybase.

  132. //

  133. // This is designed to copy from one device to another, or provide backups

  134. // during version updates.

  135. func (kb dbKeybase) Export(name, oldpass, transferpass string) ([]byte, error) {
  136. 	armorStr := kb.db.Get(privName(name))
  137. 	key, err := unarmorDecryptPrivKey(string(armorStr), oldpass)
  138. 	if err != nil {
  139. 		return nil, err
  140. 	}
  141. 

  142. 	if transferpass == "" {
  143. 		return key.Bytes(), nil
  144. 	}
  145. 	armorBytes := encryptArmorPrivKey(key, transferpass)
  146. 	return []byte(armorBytes), nil
  147. }
  148. 

  149. // Import accepts bytes generated by Export along with the same transferpass.

  150. // If they are valid, it stores the password under the given name with the

  151. // new passphrase.

  152. func (kb dbKeybase) Import(name, newpass, transferpass string, data []byte) (err error) {
  153. 	var key crypto.PrivKey
  154. 	if transferpass == "" {
  155. 		key, err = crypto.PrivKeyFromBytes(data)
  156. 	} else {
  157. 		key, err = unarmorDecryptPrivKey(string(data), transferpass)
  158. 	}
  159. 	if err != nil {
  160. 		return err
  161. 	}
  162. 

  163. 	kb.writeKey(key, name, newpass)
  164. 	return nil
  165. }
  166. 

  167. // Delete removes key forever, but we must present the

  168. // proper passphrase before deleting it (for security).

  169. func (kb dbKeybase) Delete(name, passphrase string) error {
  170. 	// verify we have the proper password before deleting

  171. 	bs := kb.db.Get(privName(name))
  172. 	_, err := unarmorDecryptPrivKey(string(bs), passphrase)
  173. 	if err != nil {
  174. 		return err
  175. 	}
  176. 	kb.db.DeleteSync(pubName(name))
  177. 	kb.db.DeleteSync(privName(name))
  178. 	return nil
  179. }
  180. 

  181. // Update changes the passphrase with which an already stored key is encrypted.

  182. //

  183. // oldpass must be the current passphrase used for encryption, newpass will be

  184. // the only valid passphrase from this time forward.

  185. func (kb dbKeybase) Update(name, oldpass, newpass string) error {
  186. 	bs := kb.db.Get(privName(name))
  187. 	key, err := unarmorDecryptPrivKey(string(bs), oldpass)
  188. 	if err != nil {
  189. 		return err
  190. 	}
  191. 

  192. 	// Generate the public bytes and the encrypted privkey

  193. 	public := info(name, key)
  194. 	private := encryptArmorPrivKey(key, newpass)
  195. 

  196. 	// We must delete first, as Putting over an existing name returns an error.

  197. 	// Must be done atomically with the write or we could lose the key.

  198. 	batch := kb.db.NewBatch()
  199. 	batch.Delete(pubName(name))
  200. 	batch.Delete(privName(name))
  201. 	batch.Set(pubName(name), public.bytes())
  202. 	batch.Set(privName(name), []byte(private))
  203. 	batch.Write()
  204. 

  205. 	return nil
  206. }
  207. 

  208. //---------------------------------------------------------------------------------------

  209. 

  210. func (kb dbKeybase) writeKey(priv crypto.PrivKey, name, passphrase string) Info {
  211. 	// Generate the public bytes and the encrypted privkey

  212. 	public := info(name, priv)
  213. 	private := encryptArmorPrivKey(priv, passphrase)
  214. 

  215. 	// Write them both

  216. 	kb.db.SetSync(pubName(name), public.bytes())
  217. 	kb.db.SetSync(privName(name), []byte(private))
  218. 

  219. 	return public
  220. }
  221. 

  222. // TODO: use a `type TypeKeyAlgo string` (?)

  223. func generate(algo string, secret []byte) (crypto.PrivKey, error) {
  224. 	switch algo {
  225. 	case crypto.NameEd25519:
  226. 		return crypto.GenPrivKeyEd25519FromSecret(secret).Wrap(), nil
  227. 	case crypto.NameSecp256k1:
  228. 		return crypto.GenPrivKeySecp256k1FromSecret(secret).Wrap(), nil
  229. 	case nano.NameLedgerEd25519:
  230. 		return nano.NewPrivKeyLedgerEd25519()
  231. 	default:
  232. 		err := errors.Errorf("Cannot generate keys for algorithm: %s", algo)
  233. 		return crypto.PrivKey{}, err
  234. 	}
  235. }
  236. 

  237. func pubName(name string) []byte {
  238. 	return []byte(fmt.Sprintf("%s.pub", name))
  239. }
  240. 

  241. func privName(name string) []byte {
  242. 	return []byte(fmt.Sprintf("%s.priv", name))
  243. }
  244. 

  245. func isPub(name []byte) bool {
  246. 	return strings.HasSuffix(string(name), ".pub")
  247. }