signer

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 8, 2021 License: BlueOak-1.0.0 Imports: 42 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CanonicalVoteToStep 

func CanonicalVoteToStep(vote *tmProto.CanonicalVote) int8

func ProposalToStep 

func ProposalToStep(_ *tmProto.Proposal) int8

func ReadMsg 

func ReadMsg(reader io.Reader) (msg tmProtoPrivval.Message, err error)

ReadMsg reads a message from an io.Reader

func ReadPrivValidatorFile 

func ReadPrivValidatorFile(priv string) (out privval.FilePVKey, err error)

ReadPrivValidatorFile reads in a privval.FilePVKey from a given file

func UnpackHRS 

func UnpackHRS(signBytes []byte) (height int64, round int64, step int8, err error)

UnpackHRS deserializes sign bytes and gets the height, round, and step

func VoteToStep 

func VoteToStep(vote *tmProto.Vote) int8

func WriteCosignerShareFile 

func WriteCosignerShareFile(cosigner CosignerKey, file string) error

WriteCosignerShareFile writes a cosigner key to a given file name

func WriteMsg 

func WriteMsg(writer io.Writer, msg tmProtoPrivval.Message) (err error)

WriteMsg writes a message to an io.Writer

Types

type Config 

type Config struct {
	Mode              string           `toml:"mode"`
	PrivValKeyFile    string           `toml:"key_file"`
	PrivValStateDir   string           `toml:"state_dir"`
	ChainID           string           `toml:"chain_id"`
	CosignerThreshold int              `toml:"cosigner_threshold"`
	ListenAddress     string           `toml:"cosigner_listen_address"`
	Nodes             []NodeConfig     `toml:"node"`
	Cosigners         []CosignerConfig `toml:"cosigner"`
}

func LoadConfigFromFile 

func LoadConfigFromFile(file string) (Config, error)

type Cosigner 

type Cosigner interface {
	// Get the ID of the cosigner
	// The ID is the shamir index: 1, 2, etc...
	GetID() int

	// Get the ephemeral secret part for an ephemeral share
	// The ephemeral secret part is encrypted for the receiver
	GetEphemeralSecretPart(req CosignerGetEphemeralSecretPartRequest) (CosignerGetEphemeralSecretPartResponse, error)

	// Store an ephemeral secret share part provided by another cosigner
	SetEphemeralSecretPart(req CosignerSetEphemeralSecretPartRequest) error

	// Query whether the cosigner has an ehpemeral secret part set
	HasEphemeralSecretPart(req CosignerHasEphemeralSecretPartRequest) (CosignerHasEphemeralSecretPartResponse, error)

	// Sign the requested bytes
	Sign(req CosignerSignRequest) (CosignerSignResponse, error)
}

Cosigner interface is a set of methods for an m-of-n threshold signature. This interface abstracts the underlying key storage and management

type CosignerConfig 

type CosignerConfig struct {
	ID      int    `toml:"id"`
	Address string `toml:"remote_address"`
}

type CosignerGetEphemeralSecretPartRequest 

type CosignerGetEphemeralSecretPartRequest struct {
	ID     int
	Height int64
	Round  int64
	Step   int8
}

type CosignerGetEphemeralSecretPartResponse 

type CosignerGetEphemeralSecretPartResponse struct {
	SourceID                       int
	SourceEphemeralSecretPublicKey []byte
	EncryptedSharePart             []byte
	SourceSig                      []byte
}

type CosignerHasEphemeralSecretPartRequest 

type CosignerHasEphemeralSecretPartRequest struct {
	ID     int
	Height int64
	Round  int64
	Step   int8
}

type CosignerHasEphemeralSecretPartResponse 

type CosignerHasEphemeralSecretPartResponse struct {
	Exists                   bool
	EphemeralSecretPublicKey []byte
}

type CosignerKey 

type CosignerKey struct {
	PubKey       tmCrypto.PubKey  `json:"pub_key"`
	ShareKey     []byte           `json:"secret_share"`
	RSAKey       rsa.PrivateKey   `json:"rsa_key"`
	ID           int              `json:"id"`
	CosignerKeys []*rsa.PublicKey `json:"rsa_pubs"`
}

CosignerKey is a single key for an m-of-n threshold signer.

func CreateCosignerShares 

func CreateCosignerShares(pv privval.FilePVKey, threshold, shares int64) (out []CosignerKey, err error)

CreateCosignerShares creates cosigner key objects from a privval.FilePVKey

func CreateCosignerSharesFromFile 

func CreateCosignerSharesFromFile(priv string, threshold, shares int64) ([]CosignerKey, error)

CreateCosignerSharesFromFile creates cosigner key objects from a priv_validator_key.json file

func LoadCosignerKey 

func LoadCosignerKey(file string) (CosignerKey, error)

LoadCosignerKey loads a CosignerKey from file.

func (*CosignerKey) MarshalJSON 

func (cosignerKey *CosignerKey) MarshalJSON() ([]byte, error)

func (*CosignerKey) UnmarshalJSON 

func (cosignerKey *CosignerKey) UnmarshalJSON(data []byte) error

type CosignerPeer 

type CosignerPeer struct {
	ID        int
	PublicKey rsa.PublicKey
}

type CosignerRpcServer 

type CosignerRpcServer struct {
	service.BaseService
	// contains filtered or unexported fields
}

CosignerRpcServer responds to rpc sign requests using a cosigner instance

func NewCosignerRpcServer 

func NewCosignerRpcServer(config *CosignerRpcServerConfig) *CosignerRpcServer

NewCosignerRpcServer instantiates a local cosigner with the specified key and sign state

func (*CosignerRpcServer) Addr 

func (rpcServer *CosignerRpcServer) Addr() net.Addr

func (*CosignerRpcServer) OnStart 

func (rpcServer *CosignerRpcServer) OnStart() error

OnStart starts the rpm server to respond to remote CosignerSignRequests

type CosignerRpcServerConfig 

type CosignerRpcServerConfig struct {
	Logger        log.Logger
	ListenAddress string
	Cosigner      Cosigner
	Peers         []RemoteCosigner
}

type CosignerSetEphemeralSecretPartRequest 

type CosignerSetEphemeralSecretPartRequest struct {
	SourceID                       int
	SourceEphemeralSecretPublicKey []byte
	Height                         int64
	Round                          int64
	Step                           int8
	EncryptedSharePart             []byte
	SourceSig                      []byte
}

type CosignerSignRequest 

type CosignerSignRequest struct {
	SignBytes []byte
}

CosignerSignRequest is sent to a co-signer to obtain their signature for the SignBytes The SignBytes should be a serialized block

type CosignerSignResponse 

type CosignerSignResponse struct {
	EphemeralPublic []byte
	Timestamp       time.Time
	Signature       []byte
}

type HRSKey 

type HRSKey struct {
	Height int64
	Round  int64
	Step   int8
}

func (*HRSKey) Less 

func (hrsKey *HRSKey) Less(other HRSKey) bool

return true if we are less than the other key

type HrsMetadata 

type HrsMetadata struct {
	// need to be _total_ entries per player
	Secret      []byte
	DealtShares []tsed25519.Scalar
	Peers       []PeerMetadata
}

type LocalCosigner 

type LocalCosigner struct {
	// contains filtered or unexported fields
}

LocalCosigner responds to sign requests using their share key The cosigner maintains a watermark to avoid double-signing

LocalCosigner signing is thread saafe

func NewLocalCosigner 

func NewLocalCosigner(cfg LocalCosignerConfig) *LocalCosigner

func (*LocalCosigner) GetEphemeralSecretPart 

func (cosigner *LocalCosigner) GetEphemeralSecretPart(req CosignerGetEphemeralSecretPartRequest) (CosignerGetEphemeralSecretPartResponse, error)

Get the ephemeral secret part for an ephemeral share The ephemeral secret part is encrypted for the receiver

func (*LocalCosigner) GetID 

func (cosigner *LocalCosigner) GetID() int

GetID returns the id of the cosigner Implements Cosigner interface

func (*LocalCosigner) HasEphemeralSecretPart 

func (cosigner *LocalCosigner) HasEphemeralSecretPart(req CosignerHasEphemeralSecretPartRequest) (CosignerHasEphemeralSecretPartResponse, error)

func (*LocalCosigner) SetEphemeralSecretPart 

func (cosigner *LocalCosigner) SetEphemeralSecretPart(req CosignerSetEphemeralSecretPartRequest) error

Store an ephemeral secret share part provided by another cosigner

func (*LocalCosigner) Sign 

func (cosigner *LocalCosigner) Sign(req CosignerSignRequest) (CosignerSignResponse, error)

Sign the sign request using the cosigner's share Return the signed bytes or an error Implements Cosigner interface

type LocalCosignerConfig 

type LocalCosignerConfig struct {
	CosignerKey CosignerKey
	SignState   *SignState
	RsaKey      rsa.PrivateKey
	Peers       []CosignerPeer
	Total       uint8
	Threshold   uint8
}

type NodeConfig 

type NodeConfig struct {
	Address string `toml:"address"`
}

type PeerMetadata 

type PeerMetadata struct {
	Share                    []byte
	EphemeralSecretPublicKey []byte
}

type PvGuard 

type PvGuard struct {
	PrivValidator tm.PrivValidator
	// contains filtered or unexported fields
}

PvGuard guards access to an underlying PrivValidator by using mutexes for each of the PrivValidator interface functions

func (*PvGuard) GetPubKey 

func (pv *PvGuard) GetPubKey() (crypto.PubKey, error)

GetPubKey implementes types.PrivValidator

func (*PvGuard) SignProposal 

func (pv *PvGuard) SignProposal(chainID string, proposal *tmProto.Proposal) error

SignProposal implementes types.PrivValidator

func (*PvGuard) SignVote 

func (pv *PvGuard) SignVote(chainID string, vote *tmProto.Vote) error

SignVote implementes types.PrivValidator

type ReconnRemoteSigner 

type ReconnRemoteSigner struct {
	tmService.BaseService
	// contains filtered or unexported fields
}

ReconnRemoteSigner dials using its dialer and responds to any signature requests using its privVal.

func NewReconnRemoteSigner 

func NewReconnRemoteSigner(
	address string,
	logger tmLog.Logger,
	chainID string,
	privVal tm.PrivValidator,
	dialer net.Dialer,
) *ReconnRemoteSigner

NewReconnRemoteSigner return a ReconnRemoteSigner that will dial using the given dialer and respond to any signature requests over the connection using the given privVal.

If the connection is broken, the ReconnRemoteSigner will attempt to reconnect.

func (*ReconnRemoteSigner) OnStart 

func (rs *ReconnRemoteSigner) OnStart() error

OnStart implements cmn.Service.

type RemoteCosigner 

type RemoteCosigner struct {
	// contains filtered or unexported fields
}

RemoteCosigner uses tendermint rpc to request signing from a remote cosigner

func NewRemoteCosigner 

func NewRemoteCosigner(id int, address string) *RemoteCosigner

NewRemoteCosigner returns a newly initialized RemoteCosigner

func (*RemoteCosigner) GetEphemeralSecretPart 

func (cosigner *RemoteCosigner) GetEphemeralSecretPart(req CosignerGetEphemeralSecretPartRequest) (CosignerGetEphemeralSecretPartResponse, error)

func (*RemoteCosigner) GetID 

func (cosigner *RemoteCosigner) GetID() int

GetID returns the ID of the remote cosigner Implements the cosigner interface

func (*RemoteCosigner) HasEphemeralSecretPart 

func (cosigner *RemoteCosigner) HasEphemeralSecretPart(req CosignerHasEphemeralSecretPartRequest) (CosignerHasEphemeralSecretPartResponse, error)

func (*RemoteCosigner) SetEphemeralSecretPart 

func (cosigner *RemoteCosigner) SetEphemeralSecretPart(req CosignerSetEphemeralSecretPartRequest) error

func (*RemoteCosigner) Sign 

func (cosigner *RemoteCosigner) Sign(signReq CosignerSignRequest) (CosignerSignResponse, error)

Sign the sign request using the cosigner's share Return the signed bytes or an error

type RpcGetEphemeralSecretPartRequest 

type RpcGetEphemeralSecretPartRequest struct {
	ID     int
	Height int64
	Round  int64
	Step   int8
}

type RpcGetEphemeralSecretPartResponse 

type RpcGetEphemeralSecretPartResponse struct {
	SourceID                       int
	SourceEphemeralSecretPublicKey []byte
	EncryptedSharePart             []byte
	SourceSig                      []byte
}

type RpcSignRequest 

type RpcSignRequest struct {
	SignBytes []byte
}

type RpcSignResponse 

type RpcSignResponse struct {
	Timestamp time.Time
	Signature []byte
}

type SignState 

type SignState struct {
	Height          int64            `json:"height"`
	Round           int64            `json:"round"`
	Step            int8             `json:"step"`
	EphemeralPublic []byte           `json:"ephemeral_public"`
	Signature       []byte           `json:"signature,omitempty"`
	SignBytes       tmBytes.HexBytes `json:"signbytes,omitempty"`
	// contains filtered or unexported fields
}

SignState stores signing information for high level watermark management.

func LoadOrCreateSignState 

func LoadOrCreateSignState(filepath string) (SignState, error)

LoadOrCreateSignState loads the sign state from filepath If the sign state could not be loaded, an empty sign state is initialized and saved to filepath.

func LoadSignState 

func LoadSignState(filepath string) (SignState, error)

LoadSignState loads a sign state from disk.

func (*SignState) CheckHRS 

func (signState *SignState) CheckHRS(height int64, round int64, step int8) (bool, error)

CheckHRS checks the given height, round, step (HRS) against that of the SignState. It returns an error if the arguments constitute a regression, or if they match but the SignBytes are empty. Returns true if the HRS matches the arguments and the SignBytes are not empty (indicating we have already signed for this HRS, and can reuse the existing signature). It panics if the HRS matches the arguments, there's a SignBytes, but no Signature.

func (*SignState) OnlyDifferByTimestamp 

func (signState *SignState) OnlyDifferByTimestamp(signBytes []byte) (time.Time, bool)

OnlyDifferByTimestamp returns true if the sign bytes of the sign state are the same as the new sign bytes excluding the timestamp.

func (*SignState) Save 

func (signState *SignState) Save()

Save persists the FilePvLastSignState to its filePath.

type ThresholdValidator 

type ThresholdValidator struct {
	// contains filtered or unexported fields
}

func NewThresholdValidator 

func NewThresholdValidator(opt *ThresholdValidatorOpt) *ThresholdValidator

NewThresholdValidator creates and returns a new ThresholdValidator

func (*ThresholdValidator) GetPubKey 

func (pv *ThresholdValidator) GetPubKey() (crypto.PubKey, error)

GetPubKey returns the public key of the validator. Implements PrivValidator.

func (*ThresholdValidator) SignProposal 

func (pv *ThresholdValidator) SignProposal(chainID string, proposal *tmProto.Proposal) error

SignProposal signs a canonical representation of the proposal, along with the chainID. Implements PrivValidator.

func (*ThresholdValidator) SignVote 

func (pv *ThresholdValidator) SignVote(chainID string, vote *tmProto.Vote) error

SignVote signs a canonical representation of the vote, along with the chainID. Implements PrivValidator.

type ThresholdValidatorOpt 

type ThresholdValidatorOpt struct {
	Pubkey    crypto.PubKey
	Threshold int
	SignState SignState
	Cosigner  Cosigner
	Peers     []Cosigner
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.