Browse Source
Merge pull request #23 from tendermint/feature/short-recover-text
Shorter recovery seedpull/1782/head
Ethan Frey
7 years ago
committed by
GitHub
GitHub
18 changed files with 186 additions and 488 deletions
Split View
Diff Options
-
+13 -11glide.lock
-
+1 -0glide.yaml
-
+6 -3keys/cryptostore/encoder_test.go
-
+19 -8keys/cryptostore/generator.go
-
+19 -4keys/cryptostore/holder.go
-
+5 -1keys/cryptostore/storage_test.go
-
+73 -6keys/ecc.go
-
+13 -16keys/ecc_test.go
-
+0 -10keys/tx/docs.go
-
+0 -67keys/tx/multi.go
-
+0 -78keys/tx/multi_test.go
-
+0 -57keys/tx/one.go
-
+0 -74keys/tx/one_test.go
-
+0 -76keys/tx/reader.go
-
+0 -72keys/tx/reader_test.go
-
+2 -1keys/wordcodec.go
-
+1 -1keys/wordcodec_test.go
-
+34 -3tests/keys.sh
+ 13
- 11
glide.lock
View File
+ 1
- 0
glide.yaml
View File
+ 6
- 3
keys/cryptostore/encoder_test.go
View File
+ 19
- 8
keys/cryptostore/generator.go
View File
+ 19
- 4
keys/cryptostore/holder.go
View File
+ 5
- 1
keys/cryptostore/storage_test.go
View File
+ 73
- 6
keys/ecc.go
View File
+ 13
- 16
keys/ecc_test.go
View File
+ 0
- 10
keys/tx/docs.go
View File
| @ -1,10 +0,0 @@ | |||
| /* | |||
| package tx contains generic Signable implementations that can be used | |||
| by your application or tests to handle authentication needs. | |||
| It currently supports transaction data as opaque bytes and either single | |||
| or multiple private key signatures using straightforward algorithms. | |||
| It currently does not support N-of-M key share signing of other more | |||
| complex algorithms (although it would be great to add them) | |||
| */ | |||
| package tx | |||
+ 0
- 67
keys/tx/multi.go
View File
| @ -1,67 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| "github.com/pkg/errors" | |||
| crypto "github.com/tendermint/go-crypto" | |||
| data "github.com/tendermint/go-wire/data" | |||
| ) | |||
| // MultiSig lets us wrap arbitrary data with a go-crypto signature | |||
| // | |||
| // TODO: rethink how we want to integrate this with KeyStore so it makes | |||
| // more sense (particularly the verify method) | |||
| type MultiSig struct { | |||
| Data data.Bytes | |||
| Sigs []Signed | |||
| } | |||
| type Signed struct { | |||
| Sig crypto.Signature | |||
| Pubkey crypto.PubKey | |||
| } | |||
| var _ SigInner = &MultiSig{} | |||
| func NewMulti(data []byte) Sig { | |||
| return Sig{&MultiSig{Data: data}} | |||
| } | |||
| // SignBytes returns the original data passed into `NewSig` | |||
| func (s *MultiSig) SignBytes() []byte { | |||
| return s.Data | |||
| } | |||
| // Sign will add a signature and pubkey. | |||
| // | |||
| // Depending on the Signable, one may be able to call this multiple times for multisig | |||
| // Returns error if called with invalid data or too many times | |||
| func (s *MultiSig) Sign(pubkey crypto.PubKey, sig crypto.Signature) error { | |||
| if pubkey.Empty() || sig.Empty() { | |||
| return errors.New("Signature or Key missing") | |||
| } | |||
| // set the value once we are happy | |||
| x := Signed{sig, pubkey} | |||
| s.Sigs = append(s.Sigs, x) | |||
| return nil | |||
| } | |||
| // Signers will return the public key(s) that signed if the signature | |||
| // is valid, or an error if there is any issue with the signature, | |||
| // including if there are no signatures | |||
| func (s *MultiSig) Signers() ([]crypto.PubKey, error) { | |||
| if len(s.Sigs) == 0 { | |||
| return nil, errors.New("Never signed") | |||
| } | |||
| keys := make([]crypto.PubKey, len(s.Sigs)) | |||
| for i := range s.Sigs { | |||
| ms := s.Sigs[i] | |||
| if !ms.Pubkey.VerifyBytes(s.Data, ms.Sig) { | |||
| return nil, errors.Errorf("Signature %d doesn't match (key: %X)", i, ms.Pubkey.Bytes()) | |||
| } | |||
| keys[i] = ms.Pubkey | |||
| } | |||
| return keys, nil | |||
| } | |||
+ 0
- 78
keys/tx/multi_test.go
View File
| @ -1,78 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| "testing" | |||
| "github.com/stretchr/testify/assert" | |||
| "github.com/stretchr/testify/require" | |||
| crypto "github.com/tendermint/go-crypto" | |||
| keys "github.com/tendermint/go-crypto/keys" | |||
| "github.com/tendermint/go-crypto/keys/cryptostore" | |||
| "github.com/tendermint/go-crypto/keys/storage/memstorage" | |||
| ) | |||
| func TestMultiSig(t *testing.T) { | |||
| assert, require := assert.New(t), require.New(t) | |||
| algo := crypto.NameEd25519 | |||
| cstore := cryptostore.New( | |||
| cryptostore.SecretBox, | |||
| memstorage.New(), | |||
| keys.MustLoadCodec("english"), | |||
| ) | |||
| n, p := "foo", "bar" | |||
| n2, p2 := "other", "thing" | |||
| acct, _, err := cstore.Create(n, p, algo) | |||
| require.Nil(err, "%+v", err) | |||
| acct2, _, err := cstore.Create(n2, p2, algo) | |||
| require.Nil(err, "%+v", err) | |||
| type signer struct { | |||
| key keys.Info | |||
| name, pass string | |||
| } | |||
| cases := []struct { | |||
| data string | |||
| signers []signer | |||
| }{ | |||
| {"one", []signer{{acct, n, p}}}, | |||
| {"two", []signer{{acct2, n2, p2}}}, | |||
| {"both", []signer{{acct, n, p}, {acct2, n2, p2}}}, | |||
| } | |||
| for _, tc := range cases { | |||
| tx := NewMulti([]byte(tc.data)) | |||
| // unsigned version | |||
| _, err = tx.Signers() | |||
| assert.NotNil(err) | |||
| orig, err := tx.TxBytes() | |||
| require.Nil(err, "%+v", err) | |||
| data := tx.SignBytes() | |||
| assert.Equal(tc.data, string(data)) | |||
| // sign it | |||
| for _, s := range tc.signers { | |||
| err = cstore.Sign(s.name, s.pass, tx) | |||
| require.Nil(err, "%+v", err) | |||
| } | |||
| // make sure it is proper now | |||
| sigs, err := tx.Signers() | |||
| require.Nil(err, "%+v", err) | |||
| if assert.Equal(len(tc.signers), len(sigs)) { | |||
| for i := range sigs { | |||
| // This must be refactored... | |||
| assert.Equal(tc.signers[i].key.PubKey, sigs[i]) | |||
| } | |||
| } | |||
| // the tx bytes should change after this | |||
| after, err := tx.TxBytes() | |||
| require.Nil(err, "%+v", err) | |||
| assert.NotEqual(orig, after, "%X != %X", orig, after) | |||
| // sign bytes are the same | |||
| data = tx.SignBytes() | |||
| assert.Equal(tc.data, string(data)) | |||
| } | |||
| } | |||
+ 0
- 57
keys/tx/one.go
View File
| @ -1,57 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| "github.com/pkg/errors" | |||
| crypto "github.com/tendermint/go-crypto" | |||
| data "github.com/tendermint/go-wire/data" | |||
| ) | |||
| // OneSig lets us wrap arbitrary data with a go-crypto signature | |||
| // | |||
| // TODO: rethink how we want to integrate this with KeyStore so it makes | |||
| // more sense (particularly the verify method) | |||
| type OneSig struct { | |||
| Data data.Bytes | |||
| Signed | |||
| } | |||
| var _ SigInner = &OneSig{} | |||
| func New(data []byte) Sig { | |||
| return WrapSig(&OneSig{Data: data}) | |||
| } | |||
| // SignBytes returns the original data passed into `NewSig` | |||
| func (s *OneSig) SignBytes() []byte { | |||
| return s.Data | |||
| } | |||
| // Sign will add a signature and pubkey. | |||
| // | |||
| // Depending on the Signable, one may be able to call this multiple times for multisig | |||
| // Returns error if called with invalid data or too many times | |||
| func (s *OneSig) Sign(pubkey crypto.PubKey, sig crypto.Signature) error { | |||
| if pubkey.Empty() || sig.Empty() { | |||
| return errors.New("Signature or Key missing") | |||
| } | |||
| if !s.Sig.Empty() { | |||
| return errors.New("Transaction can only be signed once") | |||
| } | |||
| // set the value once we are happy | |||
| s.Signed = Signed{sig, pubkey} | |||
| return nil | |||
| } | |||
| // Signers will return the public key(s) that signed if the signature | |||
| // is valid, or an error if there is any issue with the signature, | |||
| // including if there are no signatures | |||
| func (s *OneSig) Signers() ([]crypto.PubKey, error) { | |||
| if s.Pubkey.Empty() || s.Sig.Empty() { | |||
| return nil, errors.New("Never signed") | |||
| } | |||
| if !s.Pubkey.VerifyBytes(s.Data, s.Sig) { | |||
| return nil, errors.New("Signature doesn't match") | |||
| } | |||
| return []crypto.PubKey{s.Pubkey}, nil | |||
| } | |||
+ 0
- 74
keys/tx/one_test.go
View File
| @ -1,74 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| "testing" | |||
| "github.com/stretchr/testify/assert" | |||
| "github.com/stretchr/testify/require" | |||
| crypto "github.com/tendermint/go-crypto" | |||
| keys "github.com/tendermint/go-crypto/keys" | |||
| "github.com/tendermint/go-crypto/keys/cryptostore" | |||
| "github.com/tendermint/go-crypto/keys/storage/memstorage" | |||
| ) | |||
| func TestOneSig(t *testing.T) { | |||
| assert, require := assert.New(t), require.New(t) | |||
| algo := crypto.NameEd25519 | |||
| cstore := cryptostore.New( | |||
| cryptostore.SecretBox, | |||
| memstorage.New(), | |||
| keys.MustLoadCodec("english"), | |||
| ) | |||
| n, p := "foo", "bar" | |||
| n2, p2 := "other", "thing" | |||
| acct, _, err := cstore.Create(n, p, algo) | |||
| require.Nil(err, "%+v", err) | |||
| acct2, _, err := cstore.Create(n2, p2, algo) | |||
| require.Nil(err, "%+v", err) | |||
| cases := []struct { | |||
| data string | |||
| key keys.Info | |||
| name, pass string | |||
| }{ | |||
| {"first", acct, n, p}, | |||
| {"kehfkhefy8y", acct, n, p}, | |||
| {"second", acct2, n2, p2}, | |||
| } | |||
| for _, tc := range cases { | |||
| tx := New([]byte(tc.data)) | |||
| // unsigned version | |||
| _, err = tx.Signers() | |||
| assert.NotNil(err) | |||
| orig, err := tx.TxBytes() | |||
| require.Nil(err, "%+v", err) | |||
| data := tx.SignBytes() | |||
| assert.Equal(tc.data, string(data)) | |||
| // sign it | |||
| err = cstore.Sign(tc.name, tc.pass, tx) | |||
| require.Nil(err, "%+v", err) | |||
| // but not twice | |||
| err = cstore.Sign(tc.name, tc.pass, tx) | |||
| require.NotNil(err) | |||
| // make sure it is proper now | |||
| sigs, err := tx.Signers() | |||
| require.Nil(err, "%+v", err) | |||
| if assert.Equal(1, len(sigs)) { | |||
| // This must be refactored... | |||
| assert.Equal(tc.key.PubKey, sigs[0]) | |||
| } | |||
| // the tx bytes should change after this | |||
| after, err := tx.TxBytes() | |||
| require.Nil(err, "%+v", err) | |||
| assert.NotEqual(orig, after, "%X != %X", orig, after) | |||
| // sign bytes are the same | |||
| data = tx.SignBytes() | |||
| assert.Equal(tc.data, string(data)) | |||
| } | |||
| } | |||
+ 0
- 76
keys/tx/reader.go
View File
| @ -1,76 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| crypto "github.com/tendermint/go-crypto" | |||
| keys "github.com/tendermint/go-crypto/keys" | |||
| data "github.com/tendermint/go-wire/data" | |||
| ) | |||
| const ( | |||
| typeOneSig = byte(0x01) | |||
| typeMultiSig = byte(0x02) | |||
| nameOneSig = "sig" | |||
| nameMultiSig = "multi" | |||
| ) | |||
| var _ keys.Signable = Sig{} | |||
| var TxMapper data.Mapper | |||
| func init() { | |||
| TxMapper = data.NewMapper(Sig{}). | |||
| RegisterImplementation(&OneSig{}, nameOneSig, typeOneSig). | |||
| RegisterImplementation(&MultiSig{}, nameMultiSig, typeMultiSig) | |||
| } | |||
| /* | |||
| DO NOT USE this interface. | |||
| It is public by necessity but should never be used directly | |||
| outside of this package. | |||
| Only use Sig, never SigInner | |||
| */ | |||
| type SigInner interface { | |||
| SignBytes() []byte | |||
| Sign(pubkey crypto.PubKey, sig crypto.Signature) error | |||
| Signers() ([]crypto.PubKey, error) | |||
| } | |||
| // Sig is what is exported, and handles serialization | |||
| type Sig struct { | |||
| SigInner | |||
| } | |||
| // TxBytes | |||
| func (s Sig) TxBytes() ([]byte, error) { | |||
| return data.ToWire(s) | |||
| } | |||
| // WrapSig goes from concrete implementation to "interface" struct | |||
| func WrapSig(pk SigInner) Sig { | |||
| if wrap, ok := pk.(Sig); ok { | |||
| pk = wrap.Unwrap() | |||
| } | |||
| return Sig{pk} | |||
| } | |||
| // Unwrap recovers the concrete interface safely (regardless of levels of embeds) | |||
| func (p Sig) Unwrap() SigInner { | |||
| pk := p.SigInner | |||
| for wrap, ok := pk.(Sig); ok; wrap, ok = pk.(Sig) { | |||
| pk = wrap.SigInner | |||
| } | |||
| return pk | |||
| } | |||
| func (p Sig) MarshalJSON() ([]byte, error) { | |||
| return TxMapper.ToJSON(p.Unwrap()) | |||
| } | |||
| func (p *Sig) UnmarshalJSON(data []byte) (err error) { | |||
| parsed, err := TxMapper.FromJSON(data) | |||
| if err == nil && parsed != nil { | |||
| p.SigInner = parsed.(SigInner) | |||
| } | |||
| return | |||
| } | |||
+ 0
- 72
keys/tx/reader_test.go
View File
| @ -1,72 +0,0 @@ | |||
| package tx | |||
| import ( | |||
| "testing" | |||
| "github.com/stretchr/testify/assert" | |||
| "github.com/stretchr/testify/require" | |||
| crypto "github.com/tendermint/go-crypto" | |||
| "github.com/tendermint/go-crypto/keys" | |||
| "github.com/tendermint/go-crypto/keys/cryptostore" | |||
| "github.com/tendermint/go-crypto/keys/storage/memstorage" | |||
| data "github.com/tendermint/go-wire/data" | |||
| ) | |||
| func TestReader(t *testing.T) { | |||
| assert, require := assert.New(t), require.New(t) | |||
| algo := crypto.NameEd25519 | |||
| cstore := cryptostore.New( | |||
| cryptostore.SecretBox, | |||
| memstorage.New(), | |||
| keys.MustLoadCodec("english"), | |||
| ) | |||
| type sigs struct{ name, pass string } | |||
| u := sigs{"alice", "1234"} | |||
| u2 := sigs{"bob", "foobar"} | |||
| _, _, err := cstore.Create(u.name, u.pass, algo) | |||
| require.Nil(err, "%+v", err) | |||
| _, _, err = cstore.Create(u2.name, u2.pass, algo) | |||
| require.Nil(err, "%+v", err) | |||
| cases := []struct { | |||
| tx Sig | |||
| sigs []sigs | |||
| }{ | |||
| {New([]byte("first")), nil}, | |||
| {New([]byte("second")), []sigs{u}}, | |||
| {New([]byte("other")), []sigs{u2}}, | |||
| {NewMulti([]byte("m-first")), nil}, | |||
| {NewMulti([]byte("m-second")), []sigs{u}}, | |||
| {NewMulti([]byte("m-other")), []sigs{u, u2}}, | |||
| } | |||
| for _, tc := range cases { | |||
| tx := tc.tx | |||
| // make sure json serialization and loading works w/o sigs | |||
| var pre Sig | |||
| pjs, err := data.ToJSON(tx) | |||
| require.Nil(err, "%+v", err) | |||
| err = data.FromJSON(pjs, &pre) | |||
| require.Nil(err, "%+v", err) | |||
| assert.Equal(tx, pre) | |||
| for _, s := range tc.sigs { | |||
| err = cstore.Sign(s.name, s.pass, tx) | |||
| require.Nil(err, "%+v", err) | |||
| } | |||
| var post Sig | |||
| sjs, err := data.ToJSON(tx) | |||
| require.Nil(err, "%+v", err) | |||
| err = data.FromJSON(sjs, &post) | |||
| require.Nil(err, "%+v\n%s", err, string(sjs)) | |||
| assert.Equal(tx, post) | |||
| if len(tc.sigs) > 0 { | |||
| assert.NotEqual(pjs, sjs, "%s\n ------ %s", string(pjs), string(sjs)) | |||
| } | |||
| } | |||
| } | |||