Documentation ¶
Index ¶
- func Middleware(f http.HandlerFunc) http.HandlerFunc
- func PubkeyHashToByteString(pubkeyhash string) string
- func RouteUnmatched(w http.ResponseWriter, r *http.Request)
- func SetDebug(enabled bool)
- func StrictECModN(key *Key, sig []byte) []byte
- type GenericOperation
- func (op *GenericOperation) Kind() uint8
- func (op *GenericOperation) TransactionAmount() *big.Int
- func (op *GenericOperation) TransactionCounter() *big.Int
- func (op *GenericOperation) TransactionDestination() string
- func (op *GenericOperation) TransactionFee() *big.Int
- func (op *GenericOperation) TransactionGasLimit() *big.Int
- func (op *GenericOperation) TransactionSource() string
- func (op *GenericOperation) TransactionStorageLimit() *big.Int
- func (op *GenericOperation) TransactionValue() *big.Int
- type Key
- type Operation
- type OperationFilter
- type PKCS11Signer
- type Server
- func (server *Server) RouteAuthorizedKeys(w http.ResponseWriter, r *http.Request)
- func (server *Server) RouteKeys(w http.ResponseWriter, r *http.Request)
- func (server *Server) RouteKeysGET(w http.ResponseWriter, r *http.Request, key *Key)
- func (server *Server) RouteKeysPOST(w http.ResponseWriter, r *http.Request, key *Key)
- func (server *Server) Serve()
- type Signer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Middleware ¶
func Middleware(f http.HandlerFunc) http.HandlerFunc
Middleware sets content type and log path for all requests
func PubkeyHashToByteString ¶
PubkeyHashToByteString strips the prefix and checksum bytes, returning only the pubkeyhash bytes
func RouteUnmatched ¶
func RouteUnmatched(w http.ResponseWriter, r *http.Request)
RouteUnmatched handles all requests that aren't matched by the below routes
func StrictECModN ¶
StrictECModN ensures strict compliance with the EC spec by returning S mod n for the appropriate keys curve.
Details:
Step #6 of the ECDSA algorithm [x] defines an `S` value mod n[0], but most signers (OpenSSL, SoftHSM, YubiHSM) don't return a strict modulo. This variability was exploited with transaction malleability in Bitcoin, leading to BIP#62. BIP#62 Rule #5[1] requires that signatures return a strict S = ... mod n which this function forces implemented in btcd here [2] [0]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm [1]: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#new-rules [2]: https://github.com/btcsuite/btcd/blob/master/btcec/signature.go#L49
Types ¶
type GenericOperation ¶
type GenericOperation struct {
// contains filtered or unexported fields
}
GenericOperation parses an operation with a generic magic byte
func GetGenericOperation ¶
func GetGenericOperation(op *Operation) *GenericOperation
GetGenericOperation to parse specific Generic fields
func (*GenericOperation) Kind ¶
func (op *GenericOperation) Kind() uint8
Kind of the generic operation
func (*GenericOperation) TransactionAmount ¶
func (op *GenericOperation) TransactionAmount() *big.Int
TransactionAmount that's moving with this tx
func (*GenericOperation) TransactionCounter ¶
func (op *GenericOperation) TransactionCounter() *big.Int
TransactionCounter ensuring idempotency of this tx
func (*GenericOperation) TransactionDestination ¶
func (op *GenericOperation) TransactionDestination() string
TransactionDestination address we're sending funds to
func (*GenericOperation) TransactionFee ¶
func (op *GenericOperation) TransactionFee() *big.Int
TransactionFee that's being paid along with this tx
func (*GenericOperation) TransactionGasLimit ¶
func (op *GenericOperation) TransactionGasLimit() *big.Int
TransactionGasLimit of this tx
func (*GenericOperation) TransactionSource ¶
func (op *GenericOperation) TransactionSource() string
TransactionSource address that funds are being moved from
func (*GenericOperation) TransactionStorageLimit ¶
func (op *GenericOperation) TransactionStorageLimit() *big.Int
TransactionStorageLimit of this tx
func (*GenericOperation) TransactionValue ¶
func (op *GenericOperation) TransactionValue() *big.Int
TransactionValue is the total value of all XTZ that could be spent in this tx
type Key ¶
type Key struct { Name string `yaml:"Name"` PublicKeyHash string `yaml:"PublicKeyHash"` PublicKey string `yaml:"PublicKey"` HsmSlot uint `yaml:"HsmSlot"` HsmLabel string `yaml:"HsmLabel"` }
A Key identifies a key preloaded in your HSM
type Operation ¶
type Operation struct {
// contains filtered or unexported fields
}
Operation parses and validates an arbitrary tz request to sign some message before passing to the Signer
func ParseOperation ¶
ParseOperation parses a raw byte string into a meaningful tz operation and performs simple validation
func (*Operation) Level ¶
Level returns a copy of the level, if one can be parsed from this operation
type OperationFilter ¶
type OperationFilter struct { EnableGeneric bool EnableTx bool EnableVoting bool TxWhitelistAddresses []string TxDailyMax *big.Int // contains filtered or unexported fields }
OperationFilter controls what operations will be signed
func (*OperationFilter) IsAllowed ¶
func (filter *OperationFilter) IsAllowed(op *Operation) bool
IsAllowed by this filter?
type PKCS11Signer ¶
PKCS11Signer is responsible for signing an arbitrary byte slice with the given Key stored within the HSM
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server holds all configuration data from the signer
func NewServer ¶
func NewServer(signer Signer, keys []Key, bindString string, filter OperationFilter, watermark watermark.Watermark) *Server
NewServer returns a new server
func (*Server) RouteAuthorizedKeys ¶
func (server *Server) RouteAuthorizedKeys(w http.ResponseWriter, r *http.Request)
RouteAuthorizedKeys list all of they keys that we currently support. We choose to return an empty set to obscure our secrets.
func (*Server) RouteKeys ¶
func (server *Server) RouteKeys(w http.ResponseWriter, r *http.Request)
RouteKeys validates a /key/ request and routes based on HTTP Method
func (*Server) RouteKeysGET ¶
RouteKeysGET returns the corresponding public key to this public key *hash*
func (*Server) RouteKeysPOST ¶
RouteKeysPOST attempts to sign the provided message from the provided keys
type Signer ¶
Signer is a generic interface for a signer
func NewGoogleCloudKMSSigner ¶
func NewGoogleCloudKMSSigner(kmsClient *cloudkms.KeyManagementClient) Signer
NewGoogleCloudKMSSigner creates a signer backed by Google Cloud KMS
func NewInMemorySigner ¶
func NewInMemorySigner(privateKey ed25519.PrivateKey) Signer
NewInMemorySigner creates a signer from a key stored plaintext in memory. It is not suitable for production use.