mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-06-28 06:21:05 +00:00
Benjamin Kampmann
15ae7cfef6
Went through the TODOs, removed a bunch, which are outdated or nothing more than a regular comment, documented a bunch more as actual tickets and made them FIXMEs and unified their structure (`FIXME #TICKETNO DESC` for local tickets, `FIXME: DESC LINK` for external tickets) for easier in-editor support. Further more remove unnecessary remarks and related old code that I noticed in that instance.
288 lines
8.6 KiB
Rust
288 lines
8.6 KiB
Rust
// Copyright 2017-2018 Parity Technologies (UK) Ltd.
|
|
// This file is part of Substrate.
|
|
|
|
// Substrate is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
|
|
// Substrate is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU General Public License for more details.
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
// along with Substrate. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
//! Keystore (and session key management) for ed25519 based chains like Polkadot.
|
|
|
|
// Silence: `use of deprecated item 'std::error::Error::cause': replaced by Error::source, which can support downcasting`
|
|
// https://github.com/paritytech/substrate/issues/1547
|
|
#![allow(deprecated)]
|
|
|
|
use std::collections::HashMap;
|
|
use std::path::PathBuf;
|
|
use std::fs::{self, File};
|
|
use std::io::{self, Write};
|
|
|
|
use serde_derive::{Serialize, Deserialize};
|
|
use error_chain::{error_chain, error_chain_processing, impl_error_chain_processed,
|
|
impl_extract_backtrace, impl_error_chain_kind};
|
|
|
|
use substrate_primitives::{hashing::blake2_256, ed25519::{Pair, Public, PKCS_LEN}};
|
|
|
|
pub use crypto::KEY_ITERATIONS;
|
|
|
|
error_chain! {
|
|
foreign_links {
|
|
Io(io::Error);
|
|
Json(serde_json::Error);
|
|
}
|
|
|
|
errors {
|
|
InvalidPassword {
|
|
description("Invalid password"),
|
|
display("Invalid password"),
|
|
}
|
|
InvalidPKCS8 {
|
|
description("Invalid PKCS#8 data"),
|
|
display("Invalid PKCS#8 data"),
|
|
}
|
|
}
|
|
}
|
|
|
|
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
|
|
pub struct InvalidPassword;
|
|
|
|
#[derive(Serialize, Deserialize)]
|
|
struct EncryptedKey {
|
|
mac: [u8; 32],
|
|
salt: [u8; 32],
|
|
ciphertext: Vec<u8>, // FIXME: switch to fixed-size when serde supports
|
|
iv: [u8; 16],
|
|
iterations: u32,
|
|
}
|
|
|
|
impl EncryptedKey {
|
|
fn encrypt(plain: &[u8; PKCS_LEN], password: &str, iterations: u32) -> Self {
|
|
use rand::{Rng, rngs::OsRng};
|
|
|
|
let mut rng = OsRng::new().expect("OS Randomness available on all supported platforms; qed");
|
|
|
|
let salt: [u8; 32] = rng.gen();
|
|
let iv: [u8; 16] = rng.gen();
|
|
|
|
// two parts of derived key
|
|
// DK = [ DK[0..15] DK[16..31] ] = [derived_left_bits, derived_right_bits]
|
|
let (derived_left_bits, derived_right_bits) = crypto::derive_key_iterations(password.as_bytes(), &salt, iterations);
|
|
|
|
// preallocated (on-stack in case of `Secret`) buffer to hold cipher
|
|
// length = length(plain) as we are using CTR-approach
|
|
let mut ciphertext = vec![0; PKCS_LEN];
|
|
|
|
// aes-128-ctr with initial vector of iv
|
|
crypto::aes::encrypt_128_ctr(&derived_left_bits, &iv, plain, &mut *ciphertext)
|
|
.expect("input lengths of key and iv are both 16; qed");
|
|
|
|
// Blake2_256(DK[16..31] ++ <ciphertext>), where DK[16..31] - derived_right_bits
|
|
let mac = blake2_256(&crypto::derive_mac(&derived_right_bits, &*ciphertext));
|
|
|
|
EncryptedKey {
|
|
salt,
|
|
iv,
|
|
mac,
|
|
iterations,
|
|
ciphertext,
|
|
}
|
|
}
|
|
|
|
fn decrypt(&self, password: &str) -> Result<[u8; PKCS_LEN]> {
|
|
let (derived_left_bits, derived_right_bits) =
|
|
crypto::derive_key_iterations(password.as_bytes(), &self.salt, self.iterations);
|
|
|
|
let mac = blake2_256(&crypto::derive_mac(&derived_right_bits, &self.ciphertext));
|
|
|
|
if subtle::ConstantTimeEq::ct_eq(&mac[..], &self.mac[..]).unwrap_u8() != 1 {
|
|
return Err(ErrorKind::InvalidPassword.into());
|
|
}
|
|
|
|
let mut plain = [0; PKCS_LEN];
|
|
crypto::aes::decrypt_128_ctr(&derived_left_bits, &self.iv, &self.ciphertext, &mut plain[..])
|
|
.expect("input lengths of key and iv are both 16; qed");
|
|
Ok(plain)
|
|
}
|
|
}
|
|
|
|
type Seed = [u8; 32];
|
|
|
|
/// Key store.
|
|
pub struct Store {
|
|
path: PathBuf,
|
|
additional: HashMap<Public, Seed>,
|
|
}
|
|
|
|
pub fn pad_seed(seed: &str) -> Seed {
|
|
let mut s: [u8; 32] = [' ' as u8; 32];
|
|
|
|
let was_hex = if seed.len() == 66 && &seed[0..2] == "0x" {
|
|
if let Ok(d) = hex::decode(&seed[2..]) {
|
|
s.copy_from_slice(&d);
|
|
true
|
|
} else { false }
|
|
} else { false };
|
|
|
|
if !was_hex {
|
|
let len = ::std::cmp::min(32, seed.len());
|
|
&mut s[..len].copy_from_slice(&seed.as_bytes()[..len]);
|
|
}
|
|
|
|
s
|
|
}
|
|
|
|
impl Store {
|
|
/// Create a new store at the given path.
|
|
pub fn open(path: PathBuf) -> Result<Self> {
|
|
fs::create_dir_all(&path)?;
|
|
Ok(Store { path, additional: HashMap::new() })
|
|
}
|
|
|
|
/// Generate a new key, placing it into the store.
|
|
pub fn generate(&self, password: &str) -> Result<Pair> {
|
|
let (pair, pkcs_bytes) = Pair::generate_with_pkcs8();
|
|
let key_file = EncryptedKey::encrypt(&pkcs_bytes, password, KEY_ITERATIONS as u32);
|
|
|
|
let mut file = File::create(self.key_file_path(&pair.public()))?;
|
|
::serde_json::to_writer(&file, &key_file)?;
|
|
|
|
file.flush()?;
|
|
|
|
Ok(pair)
|
|
}
|
|
|
|
/// Create a new key from seed. Do not place it into the store.
|
|
/// Only the first 32 bytes of the sead are used. This is meant to be used for testing only.
|
|
// FIXME: remove this - https://github.com/paritytech/substrate/issues/1063
|
|
pub fn generate_from_seed(&mut self, seed: &str) -> Result<Pair> {
|
|
let padded_seed = pad_seed(seed);
|
|
let pair = Pair::from_seed(&padded_seed);
|
|
self.additional.insert(pair.public(), padded_seed);
|
|
Ok(pair)
|
|
}
|
|
|
|
/// Load a key file with given public key.
|
|
pub fn load(&self, public: &Public, password: &str) -> Result<Pair> {
|
|
if let Some(ref seed) = self.additional.get(public) {
|
|
let pair = Pair::from_seed(seed);
|
|
return Ok(pair);
|
|
}
|
|
let path = self.key_file_path(public);
|
|
let file = File::open(path)?;
|
|
|
|
let encrypted_key: EncryptedKey = ::serde_json::from_reader(&file)?;
|
|
let pkcs_bytes = encrypted_key.decrypt(password)?;
|
|
|
|
Pair::from_pkcs8(&pkcs_bytes[..]).map_err(|_| ErrorKind::InvalidPKCS8.into())
|
|
}
|
|
|
|
/// Get public keys of all stored keys.
|
|
pub fn contents(&self) -> Result<Vec<Public>> {
|
|
let mut public_keys: Vec<Public> = self.additional.keys().cloned().collect();
|
|
for entry in fs::read_dir(&self.path)? {
|
|
let entry = entry?;
|
|
let path = entry.path();
|
|
|
|
// skip directories and non-unicode file names (hex is unicode)
|
|
if let Some(name) = path.file_name().and_then(|n| n.to_str()) {
|
|
if name.len() != 64 { continue }
|
|
|
|
match hex::decode(name) {
|
|
Ok(ref hex) if hex.len() == 32 => {
|
|
let mut buf = [0; 32];
|
|
buf.copy_from_slice(&hex[..]);
|
|
|
|
public_keys.push(Public(buf));
|
|
}
|
|
_ => continue,
|
|
}
|
|
}
|
|
}
|
|
|
|
Ok(public_keys)
|
|
}
|
|
|
|
fn key_file_path(&self, public: &Public) -> PathBuf {
|
|
let mut buf = self.path.clone();
|
|
buf.push(hex::encode(public.as_slice()));
|
|
buf
|
|
}
|
|
}
|
|
|
|
#[cfg(test)]
|
|
mod tests {
|
|
use super::*;
|
|
use tempdir::TempDir;
|
|
|
|
#[test]
|
|
fn encrypt_and_decrypt() {
|
|
let plain = [1; PKCS_LEN];
|
|
let encrypted_key = EncryptedKey::encrypt(&plain, "thepassword", KEY_ITERATIONS as u32);
|
|
|
|
let decrypted_key = encrypted_key.decrypt("thepassword").unwrap();
|
|
|
|
assert_eq!(&plain[..], &decrypted_key[..]);
|
|
}
|
|
|
|
#[test]
|
|
fn decrypt_wrong_password_fails() {
|
|
let plain = [1; PKCS_LEN];
|
|
let encrypted_key = EncryptedKey::encrypt(&plain, "thepassword", KEY_ITERATIONS as u32);
|
|
|
|
assert!(encrypted_key.decrypt("thepassword2").is_err());
|
|
}
|
|
|
|
#[test]
|
|
fn decrypt_wrong_iterations_fails() {
|
|
let plain = [1; PKCS_LEN];
|
|
let mut encrypted_key = EncryptedKey::encrypt(&plain, "thepassword", KEY_ITERATIONS as u32);
|
|
|
|
encrypted_key.iterations -= 64;
|
|
|
|
assert!(encrypted_key.decrypt("thepassword").is_err());
|
|
}
|
|
|
|
#[test]
|
|
fn basic_store() {
|
|
let temp_dir = TempDir::new("keystore").unwrap();
|
|
let store = Store::open(temp_dir.path().to_owned()).unwrap();
|
|
|
|
assert!(store.contents().unwrap().is_empty());
|
|
|
|
let key = store.generate("thepassword").unwrap();
|
|
let key2 = store.load(&key.public(), "thepassword").unwrap();
|
|
|
|
assert!(store.load(&key.public(), "notthepassword").is_err());
|
|
|
|
assert_eq!(key.public(), key2.public());
|
|
|
|
assert_eq!(store.contents().unwrap()[0], key.public());
|
|
}
|
|
|
|
#[test]
|
|
fn test_generate_from_seed() {
|
|
let temp_dir = TempDir::new("keystore").unwrap();
|
|
let mut store = Store::open(temp_dir.path().to_owned()).unwrap();
|
|
|
|
let pair = store.generate_from_seed("0x1").unwrap();
|
|
assert_eq!("5GqhgbUd2S9uc5Tm7hWhw29Tw2jBnuHshmTV1fDF4V1w3G2z", pair.public().to_ss58check());
|
|
|
|
let pair = store.generate_from_seed("0x3d97c819d68f9bafa7d6e79cb991eebcd77d966c5334c0b94d9e1fa7ad0869dc").unwrap();
|
|
assert_eq!("5DKUrgFqCPV8iAXx9sjy1nyBygQCeiUYRFWurZGhnrn3HBL8", pair.public().to_ss58check());
|
|
|
|
let pair = store.generate_from_seed("12345678901234567890123456789022").unwrap();
|
|
assert_eq!("5DscZvfjnM5im7oKRXXP9xtCG1SEwfMb8J5eGLmw5EHhoHR3", pair.public().to_ss58check());
|
|
|
|
let pair = store.generate_from_seed("1").unwrap();
|
|
assert_eq!("5DYnksEZFc7kgtfyNM1xK2eBtW142gZ3Ho3NQubrF2S6B2fq", pair.public().to_ss58check());
|
|
}
|
|
}
|