signer

package
v0.0.0-...-257b748 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2020 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Middleware 

func Middleware(f http.HandlerFunc) http.HandlerFunc

Middleware sets content type and log path for all requests

func PubkeyHashToByteString 

func PubkeyHashToByteString(pubkeyhash string) string

PubkeyHashToByteString strips the prefix and checksum bytes, returning only the pubkeyhash bytes

func RouteUnmatched 

func RouteUnmatched(w http.ResponseWriter, r *http.Request)

RouteUnmatched handles all requests that aren't matched by the below routes

func StrictECModN 

func StrictECModN(key *Key, sig []byte) []byte

StrictECModN ensures strict compliance with the EC spec by returning S mod n for the appropriate keys curve.

Details: 

Step #6 of the ECDSA algorithm [x] defines an `S` value mod n[0],
but most signers (OpenSSL, SoftHSM, YubiHSM) don't return a strict modulo.
This variability was exploited with transaction malleability in Bitcoin,
leading to BIP#62.  BIP#62 Rule #5[1] requires that signatures return a
strict S = ... mod n which this function forces implemented in btcd here [2]
[0]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
[1]: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#new-rules
[2]: https://github.com/btcsuite/btcd/blob/master/btcec/signature.go#L49

Types

type GenericOperation 

type GenericOperation struct {
	// contains filtered or unexported fields
}

GenericOperation parses an operation with a generic magic byte

func GetGenericOperation 

func GetGenericOperation(op *Operation) *GenericOperation

GetGenericOperation to parse specific Generic fields

func (*GenericOperation) Kind 

func (op *GenericOperation) Kind() uint8

Kind of the generic operation

func (*GenericOperation) TransactionAmount 

func (op *GenericOperation) TransactionAmount() *big.Int

TransactionAmount that's moving with this tx

func (*GenericOperation) TransactionCounter 

func (op *GenericOperation) TransactionCounter() *big.Int

TransactionCounter ensuring idempotency of this tx

func (*GenericOperation) TransactionDestination 

func (op *GenericOperation) TransactionDestination() string

TransactionDestination address we're sending funds to

func (*GenericOperation) TransactionFee 

func (op *GenericOperation) TransactionFee() *big.Int

TransactionFee that's being paid along with this tx

func (*GenericOperation) TransactionGasLimit 

func (op *GenericOperation) TransactionGasLimit() *big.Int

TransactionGasLimit of this tx

func (*GenericOperation) TransactionSource 

func (op *GenericOperation) TransactionSource() string

TransactionSource address that funds are being moved from

func (*GenericOperation) TransactionStorageLimit 

func (op *GenericOperation) TransactionStorageLimit() *big.Int

TransactionStorageLimit of this tx

func (*GenericOperation) TransactionValue 

func (op *GenericOperation) TransactionValue() *big.Int

TransactionValue is the total value of all XTZ that could be spent in this tx

type Key 

type Key struct {
	Name          string `yaml:"Name"`
	PublicKeyHash string `yaml:"PublicKeyHash"`
	PublicKey     string `yaml:"PublicKey"`
	HsmSlot       uint   `yaml:"HsmSlot"`
	HsmLabel      string `yaml:"HsmLabel"`
}

A Key identifies a key preloaded in your HSM

func LoadKeyFile 

func LoadKeyFile(keyfile string) []Key

LoadKeyFile loads keys from a file

func (*Key) Curve 

func (key *Key) Curve() int

Curve represented by this key

func (*Key) IsECDSA 

func (key *Key) IsECDSA() bool

IsECDSA Curve or EdDSA Curve

type Operation 

type Operation struct {
	// contains filtered or unexported fields
}

Operation parses and validates an arbitrary tz request to sign some message before passing to the Signer

func ParseOperation 

func ParseOperation(opBytes []byte) (*Operation, error)

ParseOperation parses a raw byte string into a meaningful tz operation and performs simple validation

func (*Operation) ChainID 

func (op *Operation) ChainID() string

ChainID to determine what we're running on

func (*Operation) Hex 

func (op *Operation) Hex() []byte

Hex returns a copy of the parsed hex bytes of the operation

func (*Operation) Level 

func (op *Operation) Level() *big.Int

Level returns a copy of the level, if one can be parsed from this operation

func (*Operation) MagicByte 

func (op *Operation) MagicByte() uint8

MagicByte of this tezos operation included in the operation

func (*Operation) TzSign 

func (op *Operation) TzSign(ctx context.Context, signer Signer, key *Key) (string, error)

TzSign this operation with the provided Signer and Key

type OperationFilter 

type OperationFilter struct {
	EnableGeneric        bool
	EnableTx             bool
	EnableVoting         bool
	TxWhitelistAddresses []string
	TxDailyMax           *big.Int
	// contains filtered or unexported fields
}

OperationFilter controls what operations will be signed

func (*OperationFilter) IsAllowed 

func (filter *OperationFilter) IsAllowed(op *Operation) bool

IsAllowed by this filter?

type PKCS11Signer 

type PKCS11Signer struct {
	UserPin string `yaml:"UserPin"`
	LibPath string `yaml:"LibPath"`
}

PKCS11Signer is responsible for signing an arbitrary byte slice with the given Key stored within the HSM

func (*PKCS11Signer) Sign 

func (hsm *PKCS11Signer) Sign(_ context.Context, message []byte, key *Key) ([]byte, error)

Sign a transaction request

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server holds all configuration data from the signer

func NewServer 

func NewServer(signer Signer, keys []Key, bindString string, filter OperationFilter, watermark watermark.Watermark) *Server

NewServer returns a new server

func (*Server) RouteAuthorizedKeys 

func (server *Server) RouteAuthorizedKeys(w http.ResponseWriter, r *http.Request)

RouteAuthorizedKeys list all of they keys that we currently support. We choose to return an empty set to obscure our secrets.

func (*Server) RouteKeys 

func (server *Server) RouteKeys(w http.ResponseWriter, r *http.Request)

RouteKeys validates a /key/ request and routes based on HTTP Method

func (*Server) RouteKeysGET 

func (server *Server) RouteKeysGET(w http.ResponseWriter, r *http.Request, key *Key)

RouteKeysGET returns the corresponding public key to this public key *hash*

func (*Server) RouteKeysPOST 

func (server *Server) RouteKeysPOST(w http.ResponseWriter, r *http.Request, key *Key)

RouteKeysPOST attempts to sign the provided message from the provided keys

func (*Server) Serve 

func (server *Server) Serve()

Serve our routes

type Signer 

type Signer interface {
	Sign(ctx context.Context, message []byte, key *Key) ([]byte, error)
}

Signer is a generic interface for a signer

func NewGoogleCloudKMSSigner 

func NewGoogleCloudKMSSigner(kmsClient *cloudkms.KeyManagementClient) Signer

NewGoogleCloudKMSSigner creates a signer backed by Google Cloud KMS

func NewInMemorySigner 

func NewInMemorySigner(privateKey ed25519.PrivateKey) Signer

NewInMemorySigner creates a signer from a key stored plaintext in memory. It is not suitable for production use.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.