keystore

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 31, 2021 License: MIT Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrAttemptToDeleteNonExistentKeyFromDB = errors.New("key is not present in DB")

ErrAttemptToDeleteNonExistentKeyFromDB is returned when Delete is asked to delete a key it can't find in the DB.

View Source 
var ErrKeyStoreLocked = errors.New("keystore is locked (HINT: did you forget to call keystore.Unlock?)")

ErrKeyStoreLocked is returned if you call a method that requires unlocked keys before you unlocked the keystore

View Source 
var ErrMatchingVRFKey = errors.New(
	`key with matching public key already stored in DB`)

ErrMatchingVRFKey is returned when Import attempts to import key with a PublicKey matching one already in the database

Functions

func NewCSAORM 

func NewCSAORM(db *gorm.DB) csaORM

Types

type CSA 

type CSA struct {
	// contains filtered or unexported fields
}

func (*CSA) CountCSAKeys 

func (ks *CSA) CountCSAKeys() (int64, error)

CountCSAKeys counts the total number of CSA keys.

func (*CSA) CreateCSAKey 

func (ks *CSA) CreateCSAKey() (*csakey.Key, error)

CreateCSAKey creates a new CSA key

func (*CSA) ListCSAKeys 

func (ks *CSA) ListCSAKeys() ([]csakey.Key, error)

ListCSAKeys lists all CSA keys.

func (*CSA) Unlock 

func (ks *CSA) Unlock(password string) error

type Eth 

type Eth struct {
	// contains filtered or unexported fields
}

EthKeyStore manages an in-memory key list backed by a database table It never exposes private keys to consumers

func (*Eth) AddKey 

func (ks *Eth) AddKey(key *ethkey.Key) error

AddKey inserts the key to the database and adds it to the keystore's memory keys It modifies the given key (adding created_at etc)

func (*Eth) AllKeys 

func (ks *Eth) AllKeys() (keys []ethkey.Key, err error)

AllKeys returns all keys

func (*Eth) CreateNewKey 

func (ks *Eth) CreateNewKey() (k ethkey.Key, err error)

CreateNewKey adds an account to the underlying geth keystore (which writes the file to disk) and inserts the new key to the database

func (*Eth) EnsureFundingKey 

func (ks *Eth) EnsureFundingKey() (k ethkey.Key, didExist bool, err error)

EnsureFundingKey ensures that a funding account exists, and returns it

func (*Eth) ExportKey 

func (ks *Eth) ExportKey(address common.Address, newPassword string) ([]byte, error)

ExportKey exports as a JSON key, encrypted with newPassword

func (*Eth) FundingKeys 

func (ks *Eth) FundingKeys() (keys []ethkey.Key, err error)

FundingKeys will return only the keys that are is_funding=true

func (*Eth) GetKeyByAddress 

func (ks *Eth) GetKeyByAddress(address common.Address) (ethkey.Key, error)

GetKeyByAddress returns the account matching the address provided, or an error if it is missing

func (*Eth) GetRoundRobinAddress 

func (ks *Eth) GetRoundRobinAddress(whitelist ...common.Address) (address common.Address, err error)

GetRoundRobinAddress gets the address of the "next" available sending key (i.e. the least recently used key) This takes an optional param for a slice of addresses it should pick from. Leave empty to pick from all addresses in the keystore.

func (*Eth) HasDBSendingKeys 

func (ks *Eth) HasDBSendingKeys() (exists bool, err error)

HasDBSendingKeys returns true if any key in the database is a sending key

func (*Eth) HasSendingKeyWithAddress 

func (ks *Eth) HasSendingKeyWithAddress(address common.Address) (bool, error)

HasSendingKeyWithAddress returns true if keystore has an account with the given address

func (*Eth) ImportKey 

func (ks *Eth) ImportKey(keyJSON []byte, oldPassword string) (key ethkey.Key, err error)

ImportKey adds a new key to the keystore and inserts to DB

func (*Eth) ImportKeyFileToDB 

func (ks *Eth) ImportKeyFileToDB(keyPath string) (k ethkey.Key, err error)

ImportKeyFileToDB reads a file and writes the key to the database

func (*Eth) KeyByAddress 

func (ks *Eth) KeyByAddress(address common.Address) (ethkey.Key, error)

KeyByAddress returns the key matching provided address

func (*Eth) RemoveKey 

func (ks *Eth) RemoveKey(address common.Address, hardDelete bool) (removedKey ethkey.Key, err error)

RemoveKey removes a key from the keystore If hard delete is set to true, removes the key from the database. If false, the key has its deleted_at set to a non-null value.

func (*Eth) SendingKeys 

func (ks *Eth) SendingKeys() (keys []ethkey.Key, err error)

SendingKeys will return only the keys that are is_funding=false

func (*Eth) SignTx 

func (ks *Eth) SignTx(fromAddress common.Address, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

SignTx uses the unlocked account to sign the given transaction.

func (*Eth) SubscribeToKeyChanges 

func (ks *Eth) SubscribeToKeyChanges() (ch chan struct{}, unsubscribe func())

SubscribeToKeyChanges returns a channel that will fire if a key is added or removed Consumers should call unsubscribe when they are done to close the channel

func (*Eth) Unlock 

func (ks *Eth) Unlock(password string) (merr error)

Unlock loads keys from the database, and uses the given password to try to unlock all of them If any key fails to decrypt, returns an error Trying to unlock the keystore multiple times with different passwords will panic

type EthKeyStoreInterface 

type EthKeyStoreInterface interface {
	Unlock(password string) error

	// Requires Unlock
	CreateNewKey() (ethkey.Key, error)
	EnsureFundingKey() (key ethkey.Key, didExist bool, err error)
	ImportKey(keyJSON []byte, oldPassword string) (ethkey.Key, error)
	ExportKey(address common.Address, newPassword string) ([]byte, error)
	AddKey(key *ethkey.Key) error
	RemoveKey(address common.Address, hardDelete bool) (deletedKey ethkey.Key, err error)
	SubscribeToKeyChanges() (ch chan struct{}, unsub func())

	SignTx(fromAddress common.Address, tx *types.Transaction, chainID *big.Int) (*types.Transaction, error)

	AllKeys() (keys []ethkey.Key, err error)
	SendingKeys() (keys []ethkey.Key, err error)
	FundingKeys() (keys []ethkey.Key, err error)
	KeyByAddress(address common.Address) (ethkey.Key, error)
	HasSendingKeyWithAddress(address common.Address) (bool, error)
	GetRoundRobinAddress(addresses ...common.Address) (address common.Address, err error)

	// Does not require Unlock
	HasDBSendingKeys() (bool, error)
	ImportKeyFileToDB(keyPath string) (ethkey.Key, error)
}

EthKeyStoreInterface is the external interface for EthKeyStore

type InMemoryKeyStore 

type InMemoryKeyStore = map[secp256k1.PublicKey]vrfkey.PrivateKey

type Master 

type Master struct {
	// contains filtered or unexported fields
}

func New 

func New(db *gorm.DB, scryptParams utils.ScryptParams) *Master

func (*Master) CSA 

func (m *Master) CSA() *CSA

func (*Master) Eth 

func (m *Master) Eth() *Eth

func (*Master) OCR 

func (m *Master) OCR() *OCR

func (*Master) VRF 

func (m *Master) VRF() *VRF

type OCR 

type OCR struct {
	*gorm.DB
	// contains filtered or unexported fields
}

func (OCR) ArchiveEncryptedOCRKeyBundle 

func (ks OCR) ArchiveEncryptedOCRKeyBundle(key *ocrkey.EncryptedKeyBundle) error

ArchiveEncryptedOCRKeyBundle deletes the provided encrypted OCR key bundle

func (OCR) ArchiveEncryptedP2PKey 

func (ks OCR) ArchiveEncryptedP2PKey(key *p2pkey.EncryptedP2PKey) error

func (OCR) CreateEncryptedOCRKeyBundle 

func (ks OCR) CreateEncryptedOCRKeyBundle(encryptedKey *ocrkey.EncryptedKeyBundle) error

CreateEncryptedOCRKeyBundle creates an encrypted OCR private key record

func (OCR) DecryptedOCRKey 

func (ks OCR) DecryptedOCRKey(hash models.Sha256Hash) (ocrkey.KeyBundle, bool)

func (OCR) DecryptedP2PKey 

func (ks OCR) DecryptedP2PKey(peerID p2ppeer.ID) (p2pkey.Key, bool)

func (OCR) DecryptedP2PKeys 

func (ks OCR) DecryptedP2PKeys() (keys []p2pkey.Key)

func (OCR) DeleteEncryptedOCRKeyBundle 

func (ks OCR) DeleteEncryptedOCRKeyBundle(key *ocrkey.EncryptedKeyBundle) error

DeleteEncryptedOCRKeyBundle deletes the provided encrypted OCR key bundle

func (OCR) DeleteEncryptedP2PKey 

func (ks OCR) DeleteEncryptedP2PKey(key *p2pkey.EncryptedP2PKey) error

func (OCR) ExportOCRKeyBundle 

func (ks OCR) ExportOCRKeyBundle(id models.Sha256Hash, newPassword string) ([]byte, error)

ExportOCRKeyBundle exports an OCR key bundle from the database

func (OCR) ExportP2PKey 

func (ks OCR) ExportP2PKey(ID int32, newPassword string) ([]byte, error)

ExportP2PKey exports a p2p key from the database

func (OCR) FindEncryptedOCRKeyBundleByID 

func (ks OCR) FindEncryptedOCRKeyBundleByID(id models.Sha256Hash) (ocrkey.EncryptedKeyBundle, error)

FindEncryptedOCRKeyBundleByID finds an EncryptedKeyBundle bundle by its ID

func (OCR) FindEncryptedOCRKeyBundles 

func (ks OCR) FindEncryptedOCRKeyBundles() (keys []ocrkey.EncryptedKeyBundle, err error)

FindEncryptedOCRKeyBundles finds all the encrypted OCR key records

func (OCR) FindEncryptedP2PKeyByID 

func (ks OCR) FindEncryptedP2PKeyByID(id int32) (*p2pkey.EncryptedP2PKey, error)

func (OCR) FindEncryptedP2PKeys 

func (ks OCR) FindEncryptedP2PKeys() (keys []p2pkey.EncryptedP2PKey, err error)

func (OCR) GenerateEncryptedOCRKeyBundle 

func (ks OCR) GenerateEncryptedOCRKeyBundle() (ocrkey.KeyBundle, ocrkey.EncryptedKeyBundle, error)

func (OCR) GenerateEncryptedP2PKey 

func (ks OCR) GenerateEncryptedP2PKey() (p2pkey.Key, p2pkey.EncryptedP2PKey, error)

func (OCR) ImportOCRKeyBundle 

func (ks OCR) ImportOCRKeyBundle(keyJSON []byte, oldPassword string) (*ocrkey.EncryptedKeyBundle, error)

ImportOCRKeyBundle imports an OCR key bundle to the database

func (OCR) ImportP2PKey 

func (ks OCR) ImportP2PKey(keyJSON []byte, oldPassword string) (*p2pkey.EncryptedP2PKey, error)

ImportP2PKey imports a p2p key to the database

func (*OCR) Unlock 

func (ks *OCR) Unlock(password string) error

func (OCR) UpsertEncryptedOCRKeyBundle 

func (ks OCR) UpsertEncryptedOCRKeyBundle(encryptedKey *ocrkey.EncryptedKeyBundle) error

func (OCR) UpsertEncryptedP2PKey 

func (ks OCR) UpsertEncryptedP2PKey(k *p2pkey.EncryptedP2PKey) error

type VRF 

type VRF struct {
	// contains filtered or unexported fields
}

The VRF keystore tracks auxiliary VRF secret keys, and generates their VRF proofs

VRF proofs need access to the actual secret key, which geth does not expose. Similar to the way geth's KeyStore exposes signing capability, VRF exposes VRF proof generation without the caller needing explicit knowledge of the secret key.

func (*VRF) Archive 

func (ks *VRF) Archive(key secp256k1.PublicKey) (err error)

Archive soft-deletes keys with this public key from the keystore and the DB, if present.

func (*VRF) CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly 

func (ks *VRF) CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly(phrase string) (*vrfkey.EncryptedVRFKey, error)

CreateAndUnlockWeakInMemoryEncryptedKeyXXXTestingOnly is for testing only! It returns an encrypted key which is fast to unlock, but correspondingly easy to brute force. It is not persisted to the DB, because no one should be keeping such keys lying around.

func (*VRF) CreateKey 

func (ks *VRF) CreateKey() (secp256k1.PublicKey, error)

CreateKey returns a public key which is immediately unlocked in memory, and saved in DB encrypted with the password.

func (*VRF) Delete 

func (ks *VRF) Delete(key secp256k1.PublicKey) (err error)

Delete removes keys with this public key from the keystore and the DB, if present.

func (*VRF) Export 

func (ks *VRF) Export(pk secp256k1.PublicKey, newPassword string) ([]byte, error)

func (*VRF) Forget 

func (ks *VRF) Forget(k secp256k1.PublicKey) error

func (*VRF) GenerateProof 

func (ks *VRF) GenerateProof(k secp256k1.PublicKey, seed *big.Int) (
	vrfkey.Proof, error)

GenerateProof is marshaled randomness proof given k and VRF input seed computed from the SeedData

Key must have already been unlocked in ks, as constructing the VRF proof requires the secret key.

func (*VRF) Get 

func (ks *VRF) Get(k ...secp256k1.PublicKey) ([]*vrfkey.EncryptedVRFKey, error)

Get retrieves all vrfkey.EncryptedVRFKey's associated with k, or all encrypted keys if k is nil, or errors

func (*VRF) GetSpecificKey 

func (ks *VRF) GetSpecificKey(
	k secp256k1.PublicKey) (*vrfkey.EncryptedVRFKey, error)

func (*VRF) Import 

func (ks *VRF) Import(keyjson []byte, auth string) (vrfkey.EncryptedVRFKey, error)

Import adds this encrypted key to the DB and unlocks it in in-memory store with passphrase auth, and returns any resulting errors

func (*VRF) ListKeys 

func (ks *VRF) ListKeys() (publicKeys []*secp256k1.PublicKey, err error)

ListKeys lists the public keys contained in the db

func (*VRF) ListKeysIncludingArchived 

func (ks *VRF) ListKeysIncludingArchived() (publicKeys []*secp256k1.PublicKey, err error)

ListKeysIncludingArchived lists the public keys contained in the db

func (*VRF) Store 

func (ks *VRF) Store(key *vrfkey.PrivateKey, phrase string, scryptParams utils.ScryptParams) error

Store saves key to ks (in memory), and to the DB, encrypted with phrase

func (*VRF) StoreInMemoryXXXTestingOnly 

func (ks *VRF) StoreInMemoryXXXTestingOnly(key *vrfkey.PrivateKey)

StoreInMemoryXXXTestingOnly memorizes key, only in in-memory store.

func (*VRF) Unlock 

func (ks *VRF) Unlock(password string) (keysUnlocked []secp256k1.PublicKey,
	merr error)

Unlock tries to unlock each vrf key in the db, using the given pass phrase, and returns any keys it manages to unlock, and any errors which result.

type VRFORM 

type VRFORM interface {
	FirstOrCreateEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	ArchiveEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	DeleteEncryptedSecretVRFKey(k *vrfkey.EncryptedVRFKey) error
	FindEncryptedSecretVRFKeys(where ...vrfkey.EncryptedVRFKey) ([]*vrfkey.EncryptedVRFKey, error)
	FindEncryptedSecretVRFKeysIncludingArchived(where ...vrfkey.EncryptedVRFKey) ([]*vrfkey.EncryptedVRFKey, error)
}

func NewVRFORM 

func NewVRFORM(db *gorm.DB) VRFORM

Source Files

View all Source files

Directories

Path Synopsis
keys
csakey
ethkey
ocrkey
p2pkey
vrfkey
Package vrfkey tracks the secret keys associated with VRF proofs.
 Package vrfkey tracks the secret keys associated with VRF proofs.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.