zolfa
/
tendermint
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 221 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
202 Commits
183 Branches
291 MiB
Tree: 9d78be41b5
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9d78be41b5'
${ noResults }
tendermint/keys/keybase.go

246 lines
6.8 KiB
Raw Normal View History

Fixed imports
7 years ago
Import keystore logic from light-client
8 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
go build compiles
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Handle generating keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Draft of suggested changes
7 years ago
Handle generating keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
Fix errors except for es missing
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
linting: fixup some stuffs
7 years ago
Import keystore logic from light-client
8 years ago
Set key algorithm on key creation
8 years ago
Code cleanup from review comments
8 years ago
Draft of suggested changes
7 years ago
Generate/recover can return error, not panic on ledger
7 years ago
Handle generating keys
7 years ago
Set key algorithm on key creation
8 years ago
Draft of suggested changes
7 years ago
Set key algorithm on key creation
8 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
go build compiles
7 years ago
Use 16 random bytes for seed and key, crc16 by default
7 years ago
Code cleanup ala Emmanuel
7 years ago
Recovery also works with secp256 keys
7 years ago
Draft of suggested changes
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
go build compiles
7 years ago
Updated Manager interface to return seed on create, fix server tests
8 years ago
Code cleanup from review comments
8 years ago
Fix errors except for es missing
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Draft of suggested changes
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Draft of suggested changes
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
Code cleanup ala Emmanuel
7 years ago
Recovery also works with secp256 keys
7 years ago
Handle generating keys
7 years ago
Recovery also works with secp256 keys
7 years ago
Draft of suggested changes
7 years ago
Recovery also works with secp256 keys
7 years ago
Add codec to keys.Manager, recovery test passes
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Update tmlibs to sdk-develop, fix broken test
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
Draft of suggested changes
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Revert "Upgrade keys to use bcrypt with salts (#38)" This reverts commit 8e7f0e7701f92206679ad093d013b9b162427631.
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Revert "Upgrade keys to use bcrypt with salts (#38)" This reverts commit 8e7f0e7701f92206679ad093d013b9b162427631.
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
go build compiles
7 years ago
Import keystore logic from light-client
8 years ago
Handle generating keys
7 years ago
Fix errors except for es missing
7 years ago
go build compiles
7 years ago
Fix errors except for es missing
7 years ago
 
  1. package keys
  2. 

  3. import (
  4. 	"fmt"
  5. 	"strings"
  6. 

  7. 	"github.com/pkg/errors"
  8. 	crypto "github.com/tendermint/go-crypto"
  9. 	dbm "github.com/tendermint/tmlibs/db"
  10. 

  11. 	"github.com/tendermint/go-crypto/nano"
  12. )
  13. 

  14. // XXX Lets use go-crypto/bcrypt and ascii encoding directly in here without

  15. // further wrappers around a store or DB.

  16. // Copy functions from: https://github.com/tendermint/mintkey/blob/master/cmd/mintkey/common.go

  17. //

  18. // dbKeybase combines encyption and storage implementation to provide

  19. // a full-featured key manager

  20. type dbKeybase struct {
  21. 	db    dbm.DB
  22. 	codec Codec
  23. }
  24. 

  25. func New(db dbm.DB, codec Codec) dbKeybase {
  26. 	return dbKeybase{
  27. 		db:    db,
  28. 		codec: codec,
  29. 	}
  30. }
  31. 

  32. var _ Keybase = dbKeybase{}
  33. 

  34. // Create adds a new key to the storage engine, returning error if

  35. // another key already stored under this name

  36. //

  37. // algo must be a supported go-crypto algorithm: ed25519, secp256k1

  38. func (kb dbKeybase) Create(name, passphrase, algo string) (Info, string, error) {
  39. 	// 128-bits are the all the randomness we can make use of

  40. 	secret := crypto.CRandBytes(16)
  41. 	key, err := generate(algo, secret)
  42. 	if err != nil {
  43. 		return Info{}, "", err
  44. 	}
  45. 

  46. 	public := kb.writeKey(key, name, passphrase)
  47. 

  48. 	// we append the type byte to the serialized secret to help with recovery

  49. 	// ie [secret] = [secret] + [type]

  50. 	typ := key.Bytes()[0]
  51. 	secret = append(secret, typ)
  52. 

  53. 	seed, err := kb.codec.BytesToWords(secret)
  54. 	phrase := strings.Join(seed, " ")
  55. 	return public, phrase, err
  56. }
  57. 

  58. // Recover takes a seed phrase and tries to recover the private key.

  59. //

  60. // If the seed phrase is valid, it will create the private key and store

  61. // it under name, protected by passphrase.

  62. //

  63. // Result similar to New(), except it doesn't return the seed again...

  64. func (kb dbKeybase) Recover(name, passphrase, seedphrase string) (Info, error) {
  65. 	words := strings.Split(strings.TrimSpace(seedphrase), " ")
  66. 	secret, err := kb.codec.WordsToBytes(words)
  67. 	if err != nil {
  68. 		return Info{}, err
  69. 	}
  70. 

  71. 	// secret is comprised of the actual secret with the type appended

  72. 	// ie [secret] = [secret] + [type]

  73. 	l := len(secret)
  74. 	secret, typ := secret[:l-1], secret[l-1]
  75. 

  76. 	key, err := generateByType(typ, secret)
  77. 	if err != nil {
  78. 		return Info{}, err
  79. 	}
  80. 

  81. 	// d00d, it worked!  create the bugger....

  82. 	public := kb.writeKey(key, name, passphrase)
  83. 	return public, err
  84. }
  85. 

  86. // List loads the keys from the storage and enforces alphabetical order

  87. func (kb dbKeybase) List() ([]Info, error) {
  88. 	var res []Info
  89. 	for iter := kb.db.Iterator(); iter.Valid(); iter.Next() {
  90. 		key := iter.Key()
  91. 		if isPub(key) {
  92. 			info, err := readInfo(iter.Value())
  93. 			if err != nil {
  94. 				return nil, err
  95. 			}
  96. 			res = append(res, info)
  97. 		}
  98. 	}
  99. 	return res, nil
  100. }
  101. 

  102. // Get returns the public information about one key

  103. func (kb dbKeybase) Get(name string) (Info, error) {
  104. 	bs := kb.db.Get(pubName(name))
  105. 	return readInfo(bs)
  106. }
  107. 

  108. // Sign will modify the Signable in order to attach a valid signature with

  109. // this public key

  110. //

  111. // If no key for this name, or the passphrase doesn't match, returns an error

  112. func (kb dbKeybase) Sign(name, passphrase string, msg []byte) (sig crypto.Signature, pk crypto.PubKey, err error) {
  113. 	var key crypto.PrivKey
  114. 	bs := kb.db.Get(privName(name))
  115. 	key, err = unarmorDecryptPrivKey(string(bs), passphrase)
  116. 	if err != nil {
  117. 		return
  118. 	}
  119. 

  120. 	sig = key.Sign(msg)
  121. 	pk = key.PubKey()
  122. 	return
  123. }
  124. 

  125. // Export decodes the private key with the current password, encodes

  126. // it with a secure one-time password and generates a sequence that can be

  127. // Imported by another dbKeybase

  128. //

  129. // This is designed to copy from one device to another, or provide backups

  130. // during version updates.

  131. func (kb dbKeybase) Export(name, oldpass, transferpass string) ([]byte, error) {
  132. 	bs := kb.db.Get(privName(name))
  133. 	key, err := unarmorDecryptPrivKey(string(bs), oldpass)
  134. 	if err != nil {
  135. 		return nil, err
  136. 	}
  137. 

  138. 	if transferpass == "" {
  139. 		return key.Bytes(), nil
  140. 	}
  141. 	res := encryptArmorPrivKey(key, transferpass)
  142. 	return []byte(res), nil
  143. }
  144. 

  145. // Import accepts bytes generated by Export along with the same transferpass

  146. // If they are valid, it stores the password under the given name with the

  147. // new passphrase.

  148. func (kb dbKeybase) Import(name, newpass, transferpass string, data []byte) (err error) {
  149. 	var key crypto.PrivKey
  150. 	if transferpass == "" {
  151. 		key, err = crypto.PrivKeyFromBytes(data)
  152. 	} else {
  153. 		key, err = unarmorDecryptPrivKey(string(data), transferpass)
  154. 	}
  155. 	if err != nil {
  156. 		return err
  157. 	}
  158. 

  159. 	kb.writeKey(key, name, newpass)
  160. 	return nil
  161. }
  162. 

  163. // Delete removes key forever, but we must present the

  164. // proper passphrase before deleting it (for security)

  165. func (kb dbKeybase) Delete(name, passphrase string) error {
  166. 	// verify we have the proper password before deleting

  167. 	bs := kb.db.Get(privName(name))
  168. 	_, err := unarmorDecryptPrivKey(string(bs), passphrase)
  169. 	if err != nil {
  170. 		return err
  171. 	}
  172. 	kb.db.DeleteSync(pubName(name))
  173. 	kb.db.DeleteSync(privName(name))
  174. 	return nil
  175. }
  176. 

  177. // Update changes the passphrase with which a already stored key is encoded.

  178. //

  179. // oldpass must be the current passphrase used for encoding, newpass will be

  180. // the only valid passphrase from this time forward

  181. func (kb dbKeybase) Update(name, oldpass, newpass string) error {
  182. 	bs := kb.db.Get(privName(name))
  183. 	key, err := unarmorDecryptPrivKey(string(bs), oldpass)
  184. 	if err != nil {
  185. 		return err
  186. 	}
  187. 

  188. 	// we must delete first, as Putting over an existing name returns an error

  189. 	kb.db.DeleteSync(pubName(name))
  190. 	kb.db.DeleteSync(privName(name))
  191. 	kb.writeKey(key, name, newpass)
  192. 	return nil
  193. }
  194. 

  195. func (kb dbKeybase) writeKey(priv crypto.PrivKey, name, passphrase string) Info {
  196. 	// generate the public bytes

  197. 	public := info(name, priv)
  198. 	// generate the encrypted privkey

  199. 	private := encryptArmorPrivKey(priv, passphrase)
  200. 

  201. 	// write them both

  202. 	kb.db.SetSync(pubName(name), public.bytes())
  203. 	kb.db.SetSync(privName(name), []byte(private))
  204. 

  205. 	return public
  206. }
  207. 

  208. func generate(algo string, secret []byte) (crypto.PrivKey, error) {
  209. 	switch algo {
  210. 	case crypto.NameEd25519:
  211. 		return crypto.GenPrivKeyEd25519FromSecret(secret).Wrap(), nil
  212. 	case crypto.NameSecp256k1:
  213. 		return crypto.GenPrivKeySecp256k1FromSecret(secret).Wrap(), nil
  214. 	case nano.NameLedgerEd25519:
  215. 		return nano.NewPrivKeyLedgerEd25519Ed25519()
  216. 	default:
  217. 		err := errors.Errorf("Cannot generate keys for algorithm: %s", algo)
  218. 		return crypto.PrivKey{}, err
  219. 	}
  220. }
  221. 

  222. func generateByType(typ byte, secret []byte) (crypto.PrivKey, error) {
  223. 	switch typ {
  224. 	case crypto.TypeEd25519:
  225. 		return generate(crypto.NameEd25519, secret)
  226. 	case crypto.TypeSecp256k1:
  227. 		return generate(crypto.NameSecp256k1, secret)
  228. 	case nano.TypeLedgerEd25519:
  229. 		return generate(nano.NameLedgerEd25519, secret)
  230. 	default:
  231. 		err := errors.Errorf("Cannot generate keys for algorithm: %X", typ)
  232. 		return crypto.PrivKey{}, err
  233. 	}
  234. }
  235. 

  236. func pubName(name string) []byte {
  237. 	return []byte(fmt.Sprintf("%s.pub", name))
  238. }
  239. 

  240. func privName(name string) []byte {
  241. 	return []byte(fmt.Sprintf("%s.priv", name))
  242. }
  243. 

  244. func isPub(name []byte) bool {
  245. 	return strings.HasSuffix(string(name), ".pub")
  246. }