signer

package
v0.0.0-...-2bf11dd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2019 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Middleware

func Middleware(f http.HandlerFunc) http.HandlerFunc

Middleware sets content type and log path for all requests

func PubkeyHashToByteString

func PubkeyHashToByteString(pubkeyhash string) string

PubkeyHashToByteString strips the prefix and checksum bytes, returning only the pubkeyhash bytes

func RouteUnmatched

func RouteUnmatched(w http.ResponseWriter, r *http.Request)

RouteUnmatched handles all requests that aren't matched by the below routes

func SetDebug

func SetDebug(enabled bool)

SetDebug enabled or disabled

func StrictECModN

func StrictECModN(key *Key, sig []byte) []byte

StrictECModN ensures strict compliance with the EC spec by returning S mod n for the appropriate keys curve.

Details:

Step #6 of the ECDSA algorithm [x] defines an `S` value mod n[0],
but most signers (OpenSSL, SoftHSM, YubiHSM) don't return a strict modulo.
This variability was exploited with transaction malleability in Bitcoin,
leading to BIP#62.  BIP#62 Rule #5[1] requires that signatures return a
strict S = ... mod n which this function forces implemented in btcd here [2]
[0]: https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm
[1]: https://github.com/bitcoin/bips/blob/master/bip-0062.mediawiki#new-rules
[2]: https://github.com/btcsuite/btcd/blob/master/btcec/signature.go#L49

Types

type GenericOperation

type GenericOperation struct {
	// contains filtered or unexported fields
}

GenericOperation parses an operation with a generic magic byte

func GetGenericOperation

func GetGenericOperation(op *Operation) *GenericOperation

GetGenericOperation to parse specific Generic fields

func (*GenericOperation) Kind

func (op *GenericOperation) Kind() uint8

Kind of the generic operation

func (*GenericOperation) TransactionAmount

func (op *GenericOperation) TransactionAmount() *big.Int

TransactionAmount that's moving with this tx

func (*GenericOperation) TransactionCounter

func (op *GenericOperation) TransactionCounter() *big.Int

TransactionCounter ensuring idempotency of this tx

func (*GenericOperation) TransactionDestination

func (op *GenericOperation) TransactionDestination() string

TransactionDestination address we're sending funds to

func (*GenericOperation) TransactionFee

func (op *GenericOperation) TransactionFee() *big.Int

TransactionFee that's being paid along with this tx

func (*GenericOperation) TransactionGasLimit

func (op *GenericOperation) TransactionGasLimit() *big.Int

TransactionGasLimit of this tx

func (*GenericOperation) TransactionSource

func (op *GenericOperation) TransactionSource() string

TransactionSource address that funds are being moved from

func (*GenericOperation) TransactionStorageLimit

func (op *GenericOperation) TransactionStorageLimit() *big.Int

TransactionStorageLimit of this tx

func (*GenericOperation) TransactionValue

func (op *GenericOperation) TransactionValue() *big.Int

TransactionValue is the total value of all XTZ that could be spent in this tx

type Key

type Key struct {
	Name          string `yaml:"Name"`
	PublicKeyHash string `yaml:"PublicKeyHash"`
	PublicKey     string `yaml:"PublicKey"`
	HsmSlot       uint   `yaml:"HsmSlot"`
	HsmLabel      string `yaml:"HsmLabel"`
}

A Key identifies a key preloaded in your HSM

func LoadKeyFile

func LoadKeyFile(keyfile string) []Key

LoadKeyFile loads keys from a file

func (*Key) Curve

func (key *Key) Curve() int

Curve represented by this key

func (*Key) IsECDSA

func (key *Key) IsECDSA() bool

IsECDSA Curve or EdDSA Curve

type Operation

type Operation struct {
	// contains filtered or unexported fields
}

Operation parses and validates an arbitrary tz request to sign some message before passing to the Signer

func ParseOperation

func ParseOperation(opBytes []byte) (*Operation, error)

ParseOperation parses a raw byte string into a meaningful tz operation and performs simple validation

func (*Operation) ChainID

func (op *Operation) ChainID() string

ChainID to determine what we're running on

func (*Operation) Hex

func (op *Operation) Hex() []byte

Hex returns a copy of the parsed hex bytes of the operation

func (*Operation) Level

func (op *Operation) Level() *big.Int

Level returns a copy of the level, if one can be parsed from this operation

func (*Operation) MagicByte

func (op *Operation) MagicByte() uint8

MagicByte of this tezos operation included in the operation

func (*Operation) TzSign

func (op *Operation) TzSign(ctx context.Context, signer Signer, key *Key) (string, error)

TzSign this operation with the provided Signer and Key

type OperationFilter

type OperationFilter struct {
	EnableGeneric        bool
	EnableTx             bool
	EnableVoting         bool
	TxWhitelistAddresses []string
	TxDailyMax           *big.Int
	// contains filtered or unexported fields
}

OperationFilter controls what operations will be signed

func (*OperationFilter) IsAllowed

func (filter *OperationFilter) IsAllowed(op *Operation) bool

IsAllowed by this filter?

type PKCS11Signer

type PKCS11Signer struct {
	UserPin string `yaml:"UserPin"`
	LibPath string `yaml:"LibPath"`
}

PKCS11Signer is responsible for signing an arbitrary byte slice with the given Key stored within the HSM

func (*PKCS11Signer) Sign

func (hsm *PKCS11Signer) Sign(_ context.Context, message []byte, key *Key) ([]byte, error)

Sign a transaction request

type Server

type Server struct {
	// contains filtered or unexported fields
}

Server holds all configuration data from the signer

func NewServer

func NewServer(signer Signer, keys []Key, bindString string, filter OperationFilter, watermark watermark.Watermark) *Server

NewServer returns a new server

func (*Server) RouteAuthorizedKeys

func (server *Server) RouteAuthorizedKeys(w http.ResponseWriter, r *http.Request)

RouteAuthorizedKeys list all of they keys that we currently support. We choose to return an empty set to obscure our secrets.

func (*Server) RouteKeys

func (server *Server) RouteKeys(w http.ResponseWriter, r *http.Request)

RouteKeys validates a /key/ request and routes based on HTTP Method

func (*Server) RouteKeysGET

func (server *Server) RouteKeysGET(w http.ResponseWriter, r *http.Request, key *Key)

RouteKeysGET returns the corresponding public key to this public key *hash*

func (*Server) RouteKeysPOST

func (server *Server) RouteKeysPOST(w http.ResponseWriter, r *http.Request, key *Key)

RouteKeysPOST attempts to sign the provided message from the provided keys

func (*Server) Serve

func (server *Server) Serve()

Serve our routes

type Signer

type Signer interface {
	Sign(ctx context.Context, message []byte, key *Key) ([]byte, error)
}

Signer is a generic interface for a signer

func NewGoogleCloudKMSSigner

func NewGoogleCloudKMSSigner(kmsClient *cloudkms.KeyManagementClient) Signer

NewGoogleCloudKMSSigner creates a signer backed by Google Cloud KMS

func NewInMemorySigner

func NewInMemorySigner(privateKey ed25519.PrivateKey) Signer

NewInMemorySigner creates a signer from a key stored plaintext in memory. It is not suitable for production use.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL