zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
155 Commits
183 Branches
291 MiB
Tree: 7c5a10a7d4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7c5a10a7d4'
${ noResults }
tendermint/keys/cryptostore/encoder.go

71 lines
2.4 KiB
Raw Normal View History

Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
encoder accepts empty string as unencoded bytes
7 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
encoder accepts empty string as unencoded bytes
7 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
Upgrade keys to use bcrypt with salts (#38) This commit adds salts to the library using bcrypt.
7 years ago
Import keystore logic from light-client
8 years ago
 
  1. package cryptostore
  2. 

  3. import (
  4. 	"github.com/pkg/errors"
  5. 

  6. 	crypto "github.com/tendermint/go-crypto"
  7. 	"github.com/tendermint/go-crypto/bcrypt"
  8. )
  9. 

  10. var (
  11. 	// SecretBox uses the algorithm from NaCL to store secrets securely

  12. 	SecretBox Encoder = secretbox{}
  13. 	// Noop doesn't do any encryption, should only be used in test code

  14. 	Noop Encoder = noop{}
  15. )
  16. 

  17. // Encoder is used to encrypt any key with a passphrase for storage.

  18. //

  19. // This should use a well-designed symetric encryption algorithm

  20. type Encoder interface {
  21. 	Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error)
  22. 	Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error)
  23. }
  24. 

  25. type secretbox struct{}
  26. 

  27. func (e secretbox) Encrypt(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error) {
  28. 	if passphrase == "" {
  29. 		return nil, privKey.Bytes(), nil
  30. 	}
  31. 

  32. 	saltBytes = crypto.CRandBytes(16)
  33. 	key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)

  34. 	if err != nil {
  35. 		return nil, nil, errors.Wrap(err, "Couldn't generate bcrypt key from passphrase.")
  36. 	}
  37. 	key = crypto.Sha256(key) // Get 32 bytes

  38. 	privKeyBytes := privKey.Bytes()
  39. 	return saltBytes, crypto.EncryptSymmetric(privKeyBytes, key), nil
  40. }
  41. 

  42. func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error) {
  43. 	privKeyBytes := encBytes
  44. 	// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional

  45. 	if passphrase != "" {
  46. 		key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)

  47. 		if err != nil {
  48. 			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
  49. 		}
  50. 		key = crypto.Sha256(key) // Get 32 bytes

  51. 		privKeyBytes, err = crypto.DecryptSymmetric(encBytes, key)
  52. 		if err != nil {
  53. 			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
  54. 		}
  55. 	}
  56. 	privKey, err = crypto.PrivKeyFromBytes(privKeyBytes)
  57. 	if err != nil {
  58. 		return crypto.PrivKey{}, errors.Wrap(err, "Couldn't get privKey from bytes")
  59. 	}
  60. 	return privKey, nil
  61. }
  62. 

  63. type noop struct{}
  64. 

  65. func (n noop) Encrypt(key crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte, err error) {
  66. 	return []byte{}, key.Bytes(), nil
  67. }
  68. 

  69. func (n noop) Decrypt(saltBytes []byte, encBytes []byte, passphrase string) (privKey crypto.PrivKey, err error) {
  70. 	return crypto.PrivKeyFromBytes(encBytes)
  71. }