zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
134 Commits
183 Branches
291 MiB
Tree: 50e7c07817
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '50e7c07817'
${ noResults }
tendermint/keys/cryptostore/holder.go

174 lines
4.8 KiB
Raw Normal View History

Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Set key algorithm on key creation
8 years ago
Code cleanup from review comments
7 years ago
Updated Manager interface to return seed on create, fix server tests
7 years ago
Set key algorithm on key creation
8 years ago
Updated Manager interface to return seed on create, fix server tests
7 years ago
Set key algorithm on key creation
8 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Code cleanup ala Emmanuel
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Set key algorithm on key creation
8 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Code cleanup ala Emmanuel
7 years ago
Recovery also works with secp256 keys
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Updated Manager interface to return seed on create, fix server tests
7 years ago
Code cleanup from review comments
7 years ago
Updated Manager interface to return seed on create, fix server tests
7 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Code cleanup ala Emmanuel
7 years ago
Recovery also works with secp256 keys
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Add codec to keys.Manager, recovery test passes
7 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
Expose new and list via cli
8 years ago
Import keystore logic from light-client
8 years ago
 
  1. package cryptostore
  2. 

  3. import (
  4. 	"strings"
  5. 

  6. 	crypto "github.com/tendermint/go-crypto"
  7. 	keys "github.com/tendermint/go-crypto/keys"
  8. )
  9. 

  10. // Manager combines encyption and storage implementation to provide

  11. // a full-featured key manager

  12. type Manager struct {
  13. 	es    encryptedStorage
  14. 	codec keys.Codec
  15. }
  16. 

  17. func New(coder Encoder, store keys.Storage, codec keys.Codec) Manager {
  18. 	return Manager{
  19. 		es: encryptedStorage{
  20. 			coder: coder,
  21. 			store: store,
  22. 		},
  23. 		codec: codec,
  24. 	}
  25. }
  26. 

  27. // exists just to make sure we fulfill the Signer interface

  28. func (s Manager) assertSigner() keys.Signer {
  29. 	return s
  30. }
  31. 

  32. // exists just to make sure we fulfill the Manager interface

  33. func (s Manager) assertKeyManager() keys.Manager {
  34. 	return s
  35. }
  36. 

  37. // Create adds a new key to the storage engine, returning error if

  38. // another key already stored under this name

  39. //

  40. // algo must be a supported go-crypto algorithm: ed25519, secp256k1

  41. func (s Manager) Create(name, passphrase, algo string) (keys.Info, string, error) {
  42. 	gen, err := getGenerator(algo)
  43. 	if err != nil {
  44. 		return keys.Info{}, "", err
  45. 	}
  46. 

  47. 	// 128-bits are the all the randomness we can make use of

  48. 	secret := crypto.CRandBytes(16)
  49. 	key := gen.Generate(secret)
  50. 	err = s.es.Put(name, passphrase, key)
  51. 	if err != nil {
  52. 		return keys.Info{}, "", err
  53. 	}
  54. 

  55. 	// we append the type byte to the serialized secret to help with recovery

  56. 	// ie [secret] = [secret] + [type]

  57. 	typ := key.Bytes()[0]
  58. 	secret = append(secret, typ)
  59. 

  60. 	seed, err := s.codec.BytesToWords(secret)
  61. 	phrase := strings.Join(seed, " ")
  62. 	return info(name, key), phrase, err
  63. }
  64. 

  65. // Recover takes a seed phrase and tries to recover the private key.

  66. //

  67. // If the seed phrase is valid, it will create the private key and store

  68. // it under name, protected by passphrase.

  69. //

  70. // Result similar to New(), except it doesn't return the seed again...

  71. func (s Manager) Recover(name, passphrase, seedphrase string) (keys.Info, error) {
  72. 	words := strings.Split(strings.TrimSpace(seedphrase), " ")
  73. 	secret, err := s.codec.WordsToBytes(words)
  74. 	if err != nil {
  75. 		return keys.Info{}, err
  76. 	}
  77. 

  78. 	// secret is comprised of the actual secret with the type appended

  79. 	// ie [secret] = [secret] + [type]

  80. 	l := len(secret)
  81. 	secret, typ := secret[:l-1], secret[l-1]
  82. 

  83. 	gen, err := getGeneratorByType(typ)
  84. 	if err != nil {
  85. 		return keys.Info{}, err
  86. 	}
  87. 	key := gen.Generate(secret)
  88. 

  89. 	// d00d, it worked!  create the bugger....

  90. 	err = s.es.Put(name, passphrase, key)
  91. 	return info(name, key), err
  92. }
  93. 

  94. // List loads the keys from the storage and enforces alphabetical order

  95. func (s Manager) List() (keys.Infos, error) {
  96. 	res, err := s.es.List()
  97. 	res.Sort()
  98. 	return res, err
  99. }
  100. 

  101. // Get returns the public information about one key

  102. func (s Manager) Get(name string) (keys.Info, error) {
  103. 	_, info, err := s.es.store.Get(name)
  104. 	return info, err
  105. }
  106. 

  107. // Sign will modify the Signable in order to attach a valid signature with

  108. // this public key

  109. //

  110. // If no key for this name, or the passphrase doesn't match, returns an error

  111. func (s Manager) Sign(name, passphrase string, tx keys.Signable) error {
  112. 	key, _, err := s.es.Get(name, passphrase)
  113. 	if err != nil {
  114. 		return err
  115. 	}
  116. 	sig := key.Sign(tx.SignBytes())
  117. 	pubkey := key.PubKey()
  118. 	return tx.Sign(pubkey, sig)
  119. }
  120. 

  121. // Export decodes the private key with the current password, encodes

  122. // it with a secure one-time password and generates a sequence that can be

  123. // Imported by another Manager

  124. //

  125. // This is designed to copy from one device to another, or provide backups

  126. // during version updates.

  127. func (s Manager) Export(name, oldpass, transferpass string) ([]byte, error) {
  128. 	key, _, err := s.es.Get(name, oldpass)
  129. 	if err != nil {
  130. 		return nil, err
  131. 	}
  132. 

  133. 	res, err := s.es.coder.Encrypt(key, transferpass)
  134. 	return res, err
  135. }
  136. 

  137. // Import accepts bytes generated by Export along with the same transferpass

  138. // If they are valid, it stores the password under the given name with the

  139. // new passphrase.

  140. func (s Manager) Import(name, newpass, transferpass string, data []byte) error {
  141. 	key, err := s.es.coder.Decrypt(data, transferpass)
  142. 	if err != nil {
  143. 		return err
  144. 	}
  145. 

  146. 	return s.es.Put(name, newpass, key)
  147. }
  148. 

  149. // Delete removes key forever, but we must present the

  150. // proper passphrase before deleting it (for security)

  151. func (s Manager) Delete(name, passphrase string) error {
  152. 	// verify we have the proper password before deleting

  153. 	_, _, err := s.es.Get(name, passphrase)
  154. 	if err != nil {
  155. 		return err
  156. 	}
  157. 	return s.es.Delete(name)
  158. }
  159. 

  160. // Update changes the passphrase with which a already stored key is encoded.

  161. //

  162. // oldpass must be the current passphrase used for encoding, newpass will be

  163. // the only valid passphrase from this time forward

  164. func (s Manager) Update(name, oldpass, newpass string) error {
  165. 	key, _, err := s.es.Get(name, oldpass)
  166. 	if err != nil {
  167. 		return err
  168. 	}
  169. 

  170. 	// we must delete first, as Putting over an existing name returns an error

  171. 	s.Delete(name, oldpass)
  172. 

  173. 	return s.es.Put(name, newpass, key)
  174. }