Browse Source

Use 16 random bytes for seed and key, crc16 by default

pull/1782/head
Ethan Frey 7 years ago
parent
commit
4ff889a236
6 changed files with 36 additions and 21 deletions
  1. +6
    -3
      keys/cryptostore/encoder_test.go
  2. +8
    -8
      keys/cryptostore/generator.go
  3. +14
    -7
      keys/cryptostore/holder.go
  4. +5
    -1
      keys/cryptostore/storage_test.go
  5. +2
    -1
      keys/wordcodec.go
  6. +1
    -1
      keys/wordcodec_test.go

+ 6
- 3
keys/cryptostore/encoder_test.go View File

@ -5,6 +5,9 @@ import (
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
cmn "github.com/tendermint/tmlibs/common"
"github.com/tendermint/go-crypto/keys/cryptostore" "github.com/tendermint/go-crypto/keys/cryptostore"
) )
@ -12,8 +15,8 @@ func TestNoopEncoder(t *testing.T) {
assert, require := assert.New(t), require.New(t) assert, require := assert.New(t), require.New(t)
noop := cryptostore.Noop noop := cryptostore.Noop
key := cryptostore.GenEd25519.Generate()
key2 := cryptostore.GenSecp256k1.Generate()
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
b, err := noop.Encrypt(key, "encode") b, err := noop.Encrypt(key, "encode")
require.Nil(err) require.Nil(err)
@ -40,7 +43,7 @@ func TestSecretBox(t *testing.T) {
assert, require := assert.New(t), require.New(t) assert, require := assert.New(t), require.New(t)
enc := cryptostore.SecretBox enc := cryptostore.SecretBox
key := cryptostore.GenEd25519.Generate()
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
pass := "some-special-secret" pass := "some-special-secret"
b, err := enc.Encrypt(key, pass) b, err := enc.Encrypt(key, pass)


+ 8
- 8
keys/cryptostore/generator.go View File

@ -14,22 +14,22 @@ var (
// Generator determines the type of private key the keystore creates // Generator determines the type of private key the keystore creates
type Generator interface { type Generator interface {
Generate() crypto.PrivKey
Generate(secret []byte) crypto.PrivKey
} }
// GenFunc is a helper to transform a function into a Generator // GenFunc is a helper to transform a function into a Generator
type GenFunc func() crypto.PrivKey
type GenFunc func(secret []byte) crypto.PrivKey
func (f GenFunc) Generate() crypto.PrivKey {
return f()
func (f GenFunc) Generate(secret []byte) crypto.PrivKey {
return f(secret)
} }
func genEd25519() crypto.PrivKey {
return crypto.GenPrivKeyEd25519().Wrap()
func genEd25519(secret []byte) crypto.PrivKey {
return crypto.GenPrivKeyEd25519FromSecret(secret).Wrap()
} }
func genSecp256() crypto.PrivKey {
return crypto.GenPrivKeySecp256k1().Wrap()
func genSecp256(secret []byte) crypto.PrivKey {
return crypto.GenPrivKeySecp256k1FromSecret(secret).Wrap()
} }
func getGenerator(algo string) (Generator, error) { func getGenerator(algo string) (Generator, error) {


+ 14
- 7
keys/cryptostore/holder.go View File

@ -43,12 +43,16 @@ func (s Manager) Create(name, passphrase, algo string) (keys.Info, string, error
if err != nil { if err != nil {
return keys.Info{}, "", err return keys.Info{}, "", err
} }
key := gen.Generate()
// 128-bits the the all the randomness we can make use of
secret := crypto.CRandBytes(16)
key := gen.Generate(secret)
err = s.es.Put(name, passphrase, key) err = s.es.Put(name, passphrase, key)
if err != nil { if err != nil {
return keys.Info{}, "", err return keys.Info{}, "", err
} }
seed, err := s.codec.BytesToWords(key.Bytes())
seed, err := s.codec.BytesToWords(secret)
phrase := strings.Join(seed, " ") phrase := strings.Join(seed, " ")
return info(name, key), phrase, err return info(name, key), phrase, err
} }
@ -61,15 +65,18 @@ func (s Manager) Create(name, passphrase, algo string) (keys.Info, string, error
// Result similar to New(), except it doesn't return the seed again... // Result similar to New(), except it doesn't return the seed again...
func (s Manager) Recover(name, passphrase, seedphrase string) (keys.Info, error) { func (s Manager) Recover(name, passphrase, seedphrase string) (keys.Info, error) {
words := strings.Split(strings.TrimSpace(seedphrase), " ") words := strings.Split(strings.TrimSpace(seedphrase), " ")
data, err := s.codec.WordsToBytes(words)
secret, err := s.codec.WordsToBytes(words)
if err != nil { if err != nil {
return keys.Info{}, err return keys.Info{}, err
} }
key, err := crypto.PrivKeyFromBytes(data)
if err != nil {
return keys.Info{}, err
}
// TODO: flag this???
gen := GenEd25519
// gen, err := getGenerator(algo)
// if err != nil {
// return keys.Info{}, "", err
// }
key := gen.Generate(secret)
// d00d, it worked! create the bugger.... // d00d, it worked! create the bugger....
err = s.es.Put(name, passphrase, key) err = s.es.Put(name, passphrase, key)


+ 5
- 1
keys/cryptostore/storage_test.go View File

@ -4,13 +4,17 @@ import (
"testing" "testing"
"github.com/stretchr/testify/assert" "github.com/stretchr/testify/assert"
crypto "github.com/tendermint/go-crypto"
cmn "github.com/tendermint/tmlibs/common"
keys "github.com/tendermint/go-crypto/keys" keys "github.com/tendermint/go-crypto/keys"
) )
func TestSortKeys(t *testing.T) { func TestSortKeys(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)
gen := GenEd25519.Generate
gen := func() crypto.PrivKey { return GenEd25519.Generate(cmn.RandBytes(16)) }
assert.NotEqual(gen(), gen()) assert.NotEqual(gen(), gen())
// alphabetical order is n3, n1, n2 // alphabetical order is n3, n1, n2


+ 2
- 1
keys/wordcodec.go View File

@ -34,7 +34,8 @@ func NewCodec(words []string) (codec *WordCodec, err error) {
res := &WordCodec{ res := &WordCodec{
words: words, words: words,
// TODO: configure this outside??? // TODO: configure this outside???
check: NewIEEECRC32(),
// check: NewIEEECRC32(),
check: NewIBMCRC16(),
} }
return res, nil return res, nil


+ 1
- 1
keys/wordcodec_test.go View File

@ -152,7 +152,7 @@ func TestCheckTypoDetection(t *testing.T) {
codec, err := LoadCodec(bank) codec, err := LoadCodec(bank)
require.Nil(err, "%s: %+v", bank, err) require.Nil(err, "%s: %+v", bank, err)
for i := 0; i < 1000; i++ { for i := 0; i < 1000; i++ {
numBytes := cmn.RandInt()%60 + 1
numBytes := cmn.RandInt()%60 + 4
data := cmn.RandBytes(numBytes) data := cmn.RandBytes(numBytes)
words, err := codec.BytesToWords(data) words, err := codec.BytesToWords(data)


Loading…
Cancel
Save