keystore

package
v1.10.16 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 18, 2021 License: MIT Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrAttemptToDeleteNonExistentKeyFromDB = errors.New("key is not present in DB")

ErrAttemptToDeleteNonExistentKeyFromDB is returned when Delete is asked to delete a key it can't find in the DB.

View Source
var (
	ErrCSAKeyExists = errors.New("a csa key already exists")
)
View Source
var ErrKeyStoreLocked = errors.New("keystore is locked (HINT: did you forget to call keystore.Unlock?)")

ErrKeyStoreLocked is returned if you call a method that requires unlocked keys before you unlocked the keystore

View Source
var ErrMatchingVRFKey = errors.New(
	`key with matching public key already stored in DB`)

ErrMatchingVRFKey is returned when Import attempts to import key with a PublicKey matching one already in the database

Functions

func NewCSAORM

func NewCSAORM(db *gorm.DB) csaORM

Types

type CSA

type CSA struct {
	// contains filtered or unexported fields
}

func (*CSA) CountCSAKeys

func (ks *CSA) CountCSAKeys() (int64, error)

CountCSAKeys counts the total number of CSA keys.

func (*CSA) CreateCSAKey

func (ks *CSA) CreateCSAKey() (*csakey.Key, error)

CreateCSAKey creates a new CSA key

func (*CSA) ListCSAKeys

func (ks *CSA) ListCSAKeys() ([]csakey.Key, error)

ListCSAKeys lists all CSA keys.

func (*CSA) Unlock

func (ks *CSA) Unlock(password string) error

func (*CSA) Unsafe_GetUnlockedPrivateKey

func (ks *CSA) Unsafe_GetUnlockedPrivateKey(pubkey crypto.PublicKey) ([]byte, error)

Unsafe_GetUnlockedKey gets the unlocked private key in the keystore.

Ideally we do not want to expose private keys outside of the keystore, however we need to pass this priv key to the wsrpc library in order to dial the server. When wsrpc is updated to allow an interface to be passed in, we can implement that interface here to provide the private key.

type CSAKeystoreInterface

type CSAKeystoreInterface interface {
	CreateCSAKey() (*csakey.Key, error)
	ListCSAKeys() ([]csakey.Key, error)
	Unsafe_GetUnlockedPrivateKey(pubkey crypto.PublicKey) ([]byte, error)
}

type Eth

type Eth struct {
	// contains filtered or unexported fields
}

EthKeyStore manages an in-memory key list backed by a database table It never exposes private keys to consumers

func (*Eth) AddKey

func (ks *Eth) AddKey(key *ethkey.Key) error

AddKey inserts the key to the database and adds it to the keystore's memory keys It modifies the given key (adding created_at etc)

func (*Eth) AllKeys

func (ks *Eth) AllKeys() (keys []ethkey.Key, err error)

AllKeys returns all keys

func (*Eth) CreateNewKey

func (ks *Eth) CreateNewKey() (k ethkey.Key, err error)

CreateNewKey adds an account to the underlying geth keystore (which writes the file to disk) and inserts the new key to the database

func (*Eth) EnsureFundingKey

func (ks *Eth) EnsureFundingKey() (k ethkey.Key, didExist bool, err error)

EnsureFundingKey ensures that a funding account exists, and returns it

func (*Eth) ExportKey

func (ks *Eth) ExportKey(address common.Address, newPassword string) ([]byte, error)

ExportKey exports as a JSON key, encrypted with newPassword

func (*Eth) FundingKeys

func (ks *Eth) FundingKeys() (keys []ethkey.Key, err error)

FundingKeys will return only the keys that are is_funding=true

func (*Eth) GetKeyByAddress

func (ks *Eth) GetKeyByAddress(address common.Address) (ethkey.Key, error)

GetKeyByAddress returns the account matching the address provided, or an error if it is missing

func (*Eth) GetRoundRobinAddress

func (ks *Eth) GetRoundRobinAddress(whitelist ...common.Address) (address common.Address, err error)

GetRoundRobinAddress gets the address of the "next" available sending key (i.e. the least recently used key) This takes an optional param for a slice of addresses it should pick from. Leave empty to pick from all addresses in the keystore.

func (*Eth) HasDBSendingKeys

func (ks *Eth) HasDBSendingKeys() (exists bool, err error)

HasDBSendingKeys returns true if any key in the database is a sending key

func (*Eth) HasSendingKeyWithAddress

func (ks *Eth) HasSendingKeyWithAddress(address common.Address) (bool, error)

HasSendingKeyWithAddress returns true if keystore has an account with the given address

func (*Eth) ImportKey

func (ks *Eth) ImportKey(keyJSON []byte, oldPassword string) (key ethkey.Key, err error)

ImportKey adds a new key to the keystore and inserts to DB

func (*Eth) ImportKeyFileToDB

func (ks *Eth) ImportKeyFileToDB(keyPath string) (k ethkey.Key, err error)

ImportKeyFileToDB reads a file and writes the key to the database

func (*Eth) KeyByAddress

func (ks *Eth) KeyByAddress(address common.Address) (ethkey.Key, error)

KeyByAddress returns the key matching provided address

func (*Eth) RemoveKey

func (ks *Eth) RemoveKey(address common.Address, hardDelete bool) (removedKey ethkey.Key, err error)

RemoveKey removes a key from the keystore If hard delete is set to true, removes the key from the database. If false, the key has its deleted_at set to a non-null value.

func (*Eth) SendingKeys

func (ks *Eth) SendingKeys() (keys []ethkey.Key, err error)

SendingKeys will return only the keys that are is_funding=false

func (*Eth) SignTx

func (ks *Eth) SignTx(fromAddress common.Address, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

SignTx uses the unlocked account to sign the given transaction.

func (*Eth) SubscribeToKeyChanges

func (ks *Eth) SubscribeToKeyChanges() (ch chan struct{}, unsubscribe func())

SubscribeToKeyChanges returns a channel that will fire if a key is added or removed Consumers should call unsubscribe when they are done to close the channel

func (*Eth) Unlock

func (ks *Eth) Unlock(password string) (merr error)

Unlock loads keys from the database, and uses the given password to try to unlock all of them If any key fails to decrypt, returns an error Trying to unlock the keystore multiple times with different passwords will panic

type EthKeyStoreInterface

type EthKeyStoreInterface interface {
	Unlock(password string) error

	// Requires Unlock
	CreateNewKey() (ethkey.Key, error)
	EnsureFundingKey() (key ethkey.Key, didExist bool, err error)
	ImportKey(keyJSON []byte, oldPassword string) (ethkey.Key, error)
	ExportKey(address common.Address, newPassword string) ([]byte, error)
	AddKey(key *ethkey.Key) error
	RemoveKey(address common.Address, hardDelete bool) (deletedKey ethkey.Key, err error)
	SubscribeToKeyChanges() (ch chan struct{}, unsub func())

	SignTx(fromAddress common.Address, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

	AllKeys() (keys []ethkey.Key, err error)
	SendingKeys() (keys []ethkey.Key, err error)
	FundingKeys() (keys []ethkey.Key, err error)
	KeyByAddress(address common.Address) (ethkey.Key, error)
	HasSendingKeyWithAddress(address common.Address) (bool, error)
	GetRoundRobinAddress(addresses ...common.Address) (address common.Address, err error)

	// Does not require Unlock
	HasDBSendingKeys() (bool, error)
	ImportKeyFileToDB(keyPath string) (ethkey.Key, error)
}

EthKeyStoreInterface is the external interface for EthKeyStore

type InMemoryKeyStore

type InMemoryKeyStore = map[secp256k1.PublicKey]vrfkey.PrivateKey

type Master

type Master struct {
	// contains filtered or unexported fields
}

func New

func New(db *gorm.DB, scryptParams utils.ScryptParams) *Master

func (*Master) CSA

func (m *Master) CSA() *CSA

func (*Master) Eth

func (m *Master) Eth() *Eth

func (*Master) OCR

func (m *Master) OCR() *OCR

func (*Master) VRF

func (m *Master) VRF() *VRF

type OCR

type OCR struct {
	*gorm.DB
	// contains filtered or unexported fields
}

func (OCR) ArchiveEncryptedOCRKeyBundle

func (ks OCR) ArchiveEncryptedOCRKeyBundle(key *ocrkey.EncryptedKeyBundle) error

ArchiveEncryptedOCRKeyBundle deletes the provided encrypted OCR key bundle

func (OCR) ArchiveEncryptedP2PKey

func (ks OCR) ArchiveEncryptedP2PKey(key *p2pkey.EncryptedP2PKey) error

func (OCR) CreateEncryptedOCRKeyBundle

func (ks OCR) CreateEncryptedOCRKeyBundle(encryptedKey *ocrkey.EncryptedKeyBundle) error

CreateEncryptedOCRKeyBundle creates an encrypted OCR private key record

func (OCR) DecryptedOCRKey

func (ks OCR) DecryptedOCRKey(hash models.Sha256Hash) (ocrkey.KeyBundle, bool)

func (OCR) DecryptedP2PKey

func (ks OCR) DecryptedP2PKey(peerID p2ppeer.ID) (p2pkey.Key, bool)

func (OCR) DecryptedP2PKeys

func (ks OCR) DecryptedP2PKeys() (keys []p2pkey.Key)

func (OCR) DeleteEncryptedOCRKeyBundle

func (ks OCR) DeleteEncryptedOCRKeyBundle(key *ocrkey.EncryptedKeyBundle) error

DeleteEncryptedOCRKeyBundle deletes the provided encrypted OCR key bundle

func (OCR) DeleteEncryptedP2PKey

func (ks OCR) DeleteEncryptedP2PKey(key *p2pkey.EncryptedP2PKey) error

func (OCR) ExportOCRKeyBundle

func (ks OCR) ExportOCRKeyBundle(id models.Sha256Hash, newPassword string) ([]byte, error)

ExportOCRKeyBundle exports an OCR key bundle from the database

func (OCR) ExportP2PKey

func (ks OCR) ExportP2PKey(ID int32, newPassword string) ([]byte, error)

ExportP2PKey exports a p2p key from the database

func (OCR) FindEncryptedOCRKeyBundleByID

func (ks OCR) FindEncryptedOCRKeyBundleByID(id models.Sha256Hash) (ocrkey.EncryptedKeyBundle, error)

FindEncryptedOCRKeyBundleByID finds an EncryptedKeyBundle bundle by its ID

func (OCR) FindEncryptedOCRKeyBundles

func (ks OCR) FindEncryptedOCRKeyBundles() (keys []ocrkey.EncryptedKeyBundle, err error)

FindEncryptedOCRKeyBundles finds all the encrypted OCR key records

func (OCR) FindEncryptedP2PKeyByID

func (ks OCR) FindEncryptedP2PKeyByID(id int32) (*p2pkey.EncryptedP2PKey, error)

func (OCR) FindEncryptedP2PKeys

func (ks OCR) FindEncryptedP2PKeys() (keys []p2pkey.EncryptedP2PKey, err error)

func (OCR) GenerateEncryptedOCRKeyBundle

func (ks OCR) GenerateEncryptedOCRKeyBundle() (ocrkey.KeyBundle, ocrkey.EncryptedKeyBundle, error)

func (OCR) GenerateEncryptedP2PKey

func (ks OCR) GenerateEncryptedP2PKey() (p2pkey.Key, p2pkey.EncryptedP2PKey, error)

func (OCR) ImportOCRKeyBundle

func (ks OCR) ImportOCRKeyBundle(keyJSON []byte, oldPassword string) (*ocrkey.EncryptedKeyBundle, error)

ImportOCRKeyBundle imports an OCR key bundle to the database

func (OCR) ImportP2PKey

func (ks OCR) ImportP2PKey(keyJSON []byte, oldPassword string) (*p2pkey.EncryptedP2PKey, error)

ImportP2PKey imports a p2p key to the database

func (*OCR) Unlock

func (ks *OCR) Unlock(password string) error

func (OCR) UpsertEncryptedOCRKeyBundle

func (ks OCR) UpsertEncryptedOCRKeyBundle(encryptedKey *ocrkey.EncryptedKeyBundle) error

func (OCR) UpsertEncryptedP2PKey

func (ks OCR) UpsertEncryptedP2PKey(k *p2pkey.EncryptedP2PKey) error

type VRF

type VRF struct {
	// contains filtered or unexported fields
}

The VRF keystore tracks auxiliary VRF secret keys, and generates their VRF proofs

VRF proofs need access to the actual secret key, which geth does not expose. Similar to the way geth's KeyStore exposes signing capability, VRF exposes VRF proof generation without the caller needing explicit knowledge of the secret key.

func (*VRF) Archive

func (ks *VRF) Archive(key secp256k1.PublicKey) (err error)

Archive soft-deletes keys with this public key from the keystore and the DB, if present.

func (*VRF) CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly

func (ks *VRF) CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly(phrase string) (*vrfkey.EncryptedVRFKey, error)

CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly is for testing only! It returns an encrypted key which is fast to unlock, but correspondingly easy to brute force. It is not persisted to the DB, because no one should be keeping such keys lying around.

func (*VRF) CreateKey

func (ks *VRF) CreateKey() (secp256k1.PublicKey, error)

CreateKey returns a public key which is immediately unlocked in memory, and saved in DB encrypted with the password.

func (*VRF) Delete

func (ks *VRF) Delete(key secp256k1.PublicKey) (err error)

Delete removes keys with this public key from the keystore and the DB, if present.

func (*VRF) Export

func (ks *VRF) Export(pk secp256k1.PublicKey, newPassword string) ([]byte, error)

func (*VRF) Forget

func (ks *VRF) Forget(k secp256k1.PublicKey) error

func (*VRF) GenerateProof

func (ks *VRF) GenerateProof(k secp256k1.PublicKey, seed *big.Int) (
	vrfkey.Proof, error)

GenerateProof is marshaled randomness proof given k and VRF input seed computed from the SeedData

Key must have already been unlocked in ks, as constructing the VRF proof requires the secret key.

func (*VRF) Get

func (ks *VRF) Get(k ...secp256k1.PublicKey) ([]*vrfkey.EncryptedVRFKey, error)

Get retrieves all vrfkey.EncryptedVRFKey's associated with k, or all encrypted keys if k is nil, or errors

func (*VRF) GetSpecificKey

func (ks *VRF) GetSpecificKey(
	k secp256k1.PublicKey) (*vrfkey.EncryptedVRFKey, error)

func (*VRF) Import

func (ks *VRF) Import(keyjson []byte, auth string) (vrfkey.EncryptedVRFKey, error)

Import adds this encrypted key to the DB and unlocks it in in-memory store with passphrase auth, and returns any resulting errors

func (*VRF) ListKeys

func (ks *VRF) ListKeys() (publicKeys []*secp256k1.PublicKey, err error)

ListKeys lists the public keys contained in the db

func (*VRF) ListKeysIncludingArchived

func (ks *VRF) ListKeysIncludingArchived() (publicKeys []*secp256k1.PublicKey, err error)

ListKeysIncludingArchived lists the public keys contained in the db

func (*VRF) Store

func (ks *VRF) Store(key *vrfkey.PrivateKey, phrase string, scryptParams utils.ScryptParams) error

Store saves key to ks (in memory), and to the DB, encrypted with phrase

func (*VRF) StoreInMemoryXXXTestingOnly

func (ks *VRF) StoreInMemoryXXXTestingOnly(key *vrfkey.PrivateKey)

StoreInMemoryXXXTestingOnly memorizes key, only in in-memory store.

func (*VRF) Unlock

func (ks *VRF) Unlock(password string) (keysUnlocked []secp256k1.PublicKey,
	merr error)

Unlock tries to unlock each vrf key in the db, using the given pass phrase, and returns any keys it manages to unlock, and any errors which result.

type VRFORM

type VRFORM interface {
	FirstOrCreateEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	ArchiveEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	DeleteEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	FindEncryptedSecretVRFKeys(where ...vrfkey.EncryptedVRFKey) ([]*vrfkey.EncryptedVRFKey, error)
	FindEncryptedSecretVRFKeysIncludingArchived(where ...vrfkey.EncryptedVRFKey) ([]*vrfkey.EncryptedVRFKey, error)
}

func NewVRFORM

func NewVRFORM(db *gorm.DB) VRFORM

Directories

Path Synopsis
keys
vrfkey
Package vrfkey tracks the secret keys associated with VRF proofs.
Package vrfkey tracks the secret keys associated with VRF proofs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL