merge crypto/keys/mintkey into crypto/ (#5880)

crypto/keys/mintkey provides only armoring functions. It makes very little sense to keep it standalone and under a name which does not really seem consistent with the features it provides.
cosmos · Mar 27, 2020 · 5db6d54 · 5db6d54
1 parent ad8652d
commit 5db6d54
Show file tree

Hide file tree

Showing 8 changed files with 94 additions and 105 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -75,6 +75,7 @@ to now accept a `codec.JSONMarshaler` for modular serialization of genesis state
 * (baseapp) [\#5837](https://github.com/cosmos/cosmos-sdk/issues/5837) Transaction simulation now returns a `SimulationResponse` which contains the `GasInfo` and
 `Result` from the execution.
 * (crypto/keys) [\#5866](https://github.com/cosmos/cosmos-sdk/pull/5866) Move `Keyring` and `Keybase` implementations and their associated types from `crypto/keys/` to `crypto/keybase/`.
+* (crypto) [\#5880](https://github.com/cosmos/cosmos-sdk/pull/5880) Merge `crypto/keys/mintkey` into `crypto`.
 
 ### Features
 

diff --git a/crypto/keys/mintkey/mintkey.go → crypto/armor.go b/crypto/keys/mintkey/mintkey.go → crypto/armor.go
@@ -1,4 +1,4 @@
-package mintkey
+package crypto
 
 import (
 	"encoding/hex"

diff --git a/crypto/keys/mintkey/mintkey_test.go → crypto/armor_test.go b/crypto/keys/mintkey/mintkey_test.go → crypto/armor_test.go
@@ -1,4 +1,4 @@
-package mintkey_test
+package crypto_test
 
 import (
 	"bytes"
@@ -9,45 +9,45 @@ import (
 
 	"github.com/stretchr/testify/require"
 	"github.com/tendermint/crypto/bcrypt"
-	"github.com/tendermint/tendermint/crypto"
+	tmcrypto "github.com/tendermint/tendermint/crypto"
 	"github.com/tendermint/tendermint/crypto/armor"
 	cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
 	"github.com/tendermint/tendermint/crypto/secp256k1"
 	"github.com/tendermint/tendermint/crypto/xsalsa20symmetric"
 
+	"github.com/cosmos/cosmos-sdk/crypto"
 	"github.com/cosmos/cosmos-sdk/crypto/keyring"
-	"github.com/cosmos/cosmos-sdk/crypto/keys/mintkey"
 )
 
 func TestArmorUnarmorPrivKey(t *testing.T) {
 	priv := secp256k1.GenPrivKey()
-	armored := mintkey.EncryptArmorPrivKey(priv, "passphrase", "")
-	_, _, err := mintkey.UnarmorDecryptPrivKey(armored, "wrongpassphrase")
+	armored := crypto.EncryptArmorPrivKey(priv, "passphrase", "")
+	_, _, err := crypto.UnarmorDecryptPrivKey(armored, "wrongpassphrase")
 	require.Error(t, err)
-	decrypted, algo, err := mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
+	decrypted, algo, err := crypto.UnarmorDecryptPrivKey(armored, "passphrase")
 	require.NoError(t, err)
 	require.Equal(t, string(keyring.Secp256k1), algo)
 	require.True(t, priv.Equals(decrypted))
 
 	// empty string
-	decrypted, algo, err = mintkey.UnarmorDecryptPrivKey("", "passphrase")
+	decrypted, algo, err = crypto.UnarmorDecryptPrivKey("", "passphrase")
 	require.Error(t, err)
 	require.True(t, errors.Is(io.EOF, err))
 	require.Nil(t, decrypted)
 	require.Empty(t, algo)
 
 	// wrong key type
-	armored = mintkey.ArmorPubKeyBytes(priv.PubKey().Bytes(), "")
-	_, _, err = mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
+	armored = crypto.ArmorPubKeyBytes(priv.PubKey().Bytes(), "")
+	_, _, err = crypto.UnarmorDecryptPrivKey(armored, "passphrase")
 	require.Error(t, err)
 	require.Contains(t, err.Error(), "unrecognized armor type")
 
 	// armor key manually
-	encryptPrivKeyFn := func(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
-		saltBytes = crypto.CRandBytes(16)
-		key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), mintkey.BcryptSecurityParameter)
+	encryptPrivKeyFn := func(privKey tmcrypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
+		saltBytes = tmcrypto.CRandBytes(16)
+		key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), crypto.BcryptSecurityParameter)
 		require.NoError(t, err)
-		key = crypto.Sha256(key) // get 32 bytes
+		key = tmcrypto.Sha256(key) // get 32 bytes
 		privKeyBytes := privKey.Bytes()
 		return saltBytes, xsalsa20symmetric.EncryptSymmetric(privKeyBytes, key)
 	}
@@ -60,7 +60,7 @@ func TestArmorUnarmorPrivKey(t *testing.T) {
 		"type": "secp256k",
 	}
 	armored = armor.EncodeArmor("TENDERMINT PRIVATE KEY", headerWrongKdf, encBytes)
-	_, _, err = mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
+	_, _, err = crypto.UnarmorDecryptPrivKey(armored, "passphrase")
 	require.Error(t, err)
 	require.Equal(t, "unrecognized KDF type: wrong", err.Error())
 }
@@ -72,16 +72,16 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 	// Add keys and see they return in alphabetical order
 	info, _, err := cstore.CreateMnemonic("Bob", keyring.English, "passphrase", keyring.Secp256k1)
 	require.NoError(t, err)
-	armored := mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "")
-	pubBytes, algo, err := mintkey.UnarmorPubKeyBytes(armored)
+	armored := crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "")
+	pubBytes, algo, err := crypto.UnarmorPubKeyBytes(armored)
 	require.NoError(t, err)
 	pub, err := cryptoAmino.PubKeyFromBytes(pubBytes)
 	require.NoError(t, err)
 	require.Equal(t, string(keyring.Secp256k1), algo)
 	require.True(t, pub.Equals(info.GetPubKey()))
 
-	armored = mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "unknown")
-	pubBytes, algo, err = mintkey.UnarmorPubKeyBytes(armored)
+	armored = crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "unknown")
+	pubBytes, algo, err = crypto.UnarmorPubKeyBytes(armored)
 	require.NoError(t, err)
 	pub, err = cryptoAmino.PubKeyFromBytes(pubBytes)
 	require.NoError(t, err)
@@ -90,7 +90,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 
 	armored, err = cstore.ExportPrivKey("Bob", "passphrase", "alessio")
 	require.NoError(t, err)
-	_, _, err = mintkey.UnarmorPubKeyBytes(armored)
+	_, _, err = crypto.UnarmorPubKeyBytes(armored)
 	require.Error(t, err)
 	require.Equal(t, `couldn't unarmor bytes: unrecognized armor type "TENDERMINT PRIVATE KEY", expected: "TENDERMINT PUBLIC KEY"`, err.Error())
 
@@ -100,7 +100,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 		"type":    "unknown",
 	}
 	armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
-	_, algo, err = mintkey.UnarmorPubKeyBytes(armored)
+	_, algo, err = crypto.UnarmorPubKeyBytes(armored)
 	require.NoError(t, err)
 	// return secp256k1 if version is 0.0.0
 	require.Equal(t, "secp256k1", algo)
@@ -110,7 +110,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 		"type": "unknown",
 	}
 	armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
-	bz, algo, err := mintkey.UnarmorPubKeyBytes(armored)
+	bz, algo, err := crypto.UnarmorPubKeyBytes(armored)
 	require.Nil(t, bz)
 	require.Empty(t, algo)
 	require.Error(t, err)
@@ -122,7 +122,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 		"version": "unknown",
 	}
 	armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
-	bz, algo, err = mintkey.UnarmorPubKeyBytes(armored)
+	bz, algo, err = crypto.UnarmorPubKeyBytes(armored)
 	require.Nil(t, bz)
 	require.Empty(t, algo)
 	require.Error(t, err)
@@ -131,14 +131,14 @@ func TestArmorUnarmorPubKey(t *testing.T) {
 
 func TestArmorInfoBytes(t *testing.T) {
 	bs := []byte("test")
-	armoredString := mintkey.ArmorInfoBytes(bs)
-	unarmoredBytes, err := mintkey.UnarmorInfoBytes(armoredString)
+	armoredString := crypto.ArmorInfoBytes(bs)
+	unarmoredBytes, err := crypto.UnarmorInfoBytes(armoredString)
 	require.NoError(t, err)
 	require.True(t, bytes.Equal(bs, unarmoredBytes))
 }
 
 func TestUnarmorInfoBytesErrors(t *testing.T) {
-	unarmoredBytes, err := mintkey.UnarmorInfoBytes("")
+	unarmoredBytes, err := crypto.UnarmorInfoBytes("")
 	require.Error(t, err)
 	require.True(t, errors.Is(io.EOF, err))
 	require.Nil(t, unarmoredBytes)
@@ -147,9 +147,24 @@ func TestUnarmorInfoBytesErrors(t *testing.T) {
 		"type":    "Info",
 		"version": "0.0.1",
 	}
-	unarmoredBytes, err = mintkey.UnarmorInfoBytes(armor.EncodeArmor(
+	unarmoredBytes, err = crypto.UnarmorInfoBytes(armor.EncodeArmor(
 		"TENDERMINT KEY INFO", header, []byte("plain-text")))
 	require.Error(t, err)
 	require.Equal(t, "unrecognized version: 0.0.1", err.Error())
 	require.Nil(t, unarmoredBytes)
 }
+
+func BenchmarkBcryptGenerateFromPassword(b *testing.B) {
+	passphrase := []byte("passphrase")
+	for securityParam := 9; securityParam < 16; securityParam++ {
+		param := securityParam
+		b.Run(fmt.Sprintf("benchmark-security-param-%d", param), func(b *testing.B) {
+			saltBytes := tmcrypto.CRandBytes(16)
+			b.ResetTimer()
+			for i := 0; i < b.N; i++ {
+				_, err := bcrypt.GenerateFromPassword(saltBytes, passphrase, param)
+				require.Nil(b, err)
+			}
+		})
+	}
+}
diff --git a/crypto/keys/mintkey/README.md → crypto/bcrypt_readme.md b/crypto/keys/mintkey/README.md → crypto/bcrypt_readme.md
diff --git a/crypto/keyring/db_keybase.go b/crypto/keyring/db_keybase.go
@@ -10,7 +10,7 @@ import (
 	cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
 	dbm "github.com/tendermint/tm-db"
 
-	"github.com/cosmos/cosmos-sdk/crypto/keys/mintkey"
+	"github.com/cosmos/cosmos-sdk/crypto"
 	"github.com/cosmos/cosmos-sdk/types"
 	sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
 )
@@ -160,7 +160,7 @@ func (kb dbKeybase) Sign(name, passphrase string, msg []byte) (sig []byte, pub t
 			return
 		}
 
-		priv, _, err = mintkey.UnarmorDecryptPrivKey(i.PrivKeyArmor, passphrase)
+		priv, _, err = crypto.UnarmorDecryptPrivKey(i.PrivKeyArmor, passphrase)
 		if err != nil {
 			return nil, nil, err
 		}
@@ -199,7 +199,7 @@ func (kb dbKeybase) ExportPrivateKeyObject(name string, passphrase string) (tmcr
 			return nil, err
 		}
 
-		priv, _, err = mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase)
+		priv, _, err = crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase)
 		if err != nil {
 			return nil, err
 		}
@@ -221,7 +221,7 @@ func (kb dbKeybase) Export(name string) (armor string, err error) {
 		return "", fmt.Errorf("no key to export with name %s", name)
 	}
 
-	return mintkey.ArmorInfoBytes(bz), nil
+	return crypto.ArmorInfoBytes(bz), nil
 }
 
 // ExportPubKey returns public keys in ASCII armored format. It retrieves a Info
@@ -241,7 +241,7 @@ func (kb dbKeybase) ExportPubKey(name string) (armor string, err error) {
 		return
 	}
 
-	return mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), string(info.GetAlgo())), nil
+	return crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), string(info.GetAlgo())), nil
 }
 
 // ExportPrivKey returns a private key in ASCII armored format.
@@ -259,7 +259,7 @@ func (kb dbKeybase) ExportPrivKey(name string, decryptPassphrase string,
 		return "", err
 	}
 
-	return mintkey.EncryptArmorPrivKey(priv, encryptPassphrase, string(info.GetAlgo())), nil
+	return crypto.EncryptArmorPrivKey(priv, encryptPassphrase, string(info.GetAlgo())), nil
 }
 
 // ImportPrivKey imports a private key in ASCII armor format. It returns an
@@ -270,7 +270,7 @@ func (kb dbKeybase) ImportPrivKey(name string, armor string, passphrase string)
 		return errors.New("Cannot overwrite key " + name)
 	}
 
-	privKey, algo, err := mintkey.UnarmorDecryptPrivKey(armor, passphrase)
+	privKey, algo, err := crypto.UnarmorDecryptPrivKey(armor, passphrase)
 	if err != nil {
 		return errors.Wrap(err, "couldn't import private key")
 	}
@@ -289,7 +289,7 @@ func (kb dbKeybase) Import(name string, armor string) (err error) {
 		return errors.New("cannot overwrite data for name " + name)
 	}
 
-	infoBytes, err := mintkey.UnarmorInfoBytes(armor)
+	infoBytes, err := crypto.UnarmorInfoBytes(armor)
 	if err != nil {
 		return
 	}
@@ -310,7 +310,7 @@ func (kb dbKeybase) ImportPubKey(name string, armor string) (err error) {
 		return errors.New("cannot overwrite data for name " + name)
 	}
 
-	pubBytes, algo, err := mintkey.UnarmorPubKeyBytes(armor)
+	pubBytes, algo, err := crypto.UnarmorPubKeyBytes(armor)
 	if err != nil {
 		return
 	}
@@ -336,7 +336,7 @@ func (kb dbKeybase) Delete(name, passphrase string, skipPass bool) error {
 	}
 
 	if linfo, ok := info.(localInfo); ok && !skipPass {
-		if _, _, err = mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase); err != nil {
+		if _, _, err = crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase); err != nil {
 			return err
 		}
 	}
@@ -366,7 +366,7 @@ func (kb dbKeybase) Update(name, oldpass string, getNewpass func() (string, erro
 	case localInfo:
 		linfo := i
 
-		key, _, err := mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, oldpass)
+		key, _, err := crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, oldpass)
 		if err != nil {
 			return err
 		}
@@ -396,7 +396,7 @@ func (kb dbKeybase) SupportedAlgosLedger() []SigningAlgo {
 
 func (kb dbKeybase) writeLocalKey(name string, priv tmcrypto.PrivKey, passphrase string, algo SigningAlgo) Info {
 	// encrypt private key using passphrase
-	privArmor := mintkey.EncryptArmorPrivKey(priv, passphrase, string(algo))
+	privArmor := crypto.EncryptArmorPrivKey(priv, passphrase, string(algo))
 
 	// make Info
 	pub := priv.PubKey()