Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

merge crypto/keys/mintkey into crypto/ #5880

Merged
merged 2 commits into from
Mar 27, 2020
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ to now accept a `codec.JSONMarshaler` for modular serialization of genesis state
* (baseapp) [\#5837](https://github.com/cosmos/cosmos-sdk/issues/5837) Transaction simulation now returns a `SimulationResponse` which contains the `GasInfo` and
`Result` from the execution.
* (crypto/keys) [\#5866](https://github.com/cosmos/cosmos-sdk/pull/5866) Move `Keyring` and `Keybase` implementations and their associated types from `crypto/keys/` to `crypto/keybase/`.
* (crypto) [\#5880](https://github.com/cosmos/cosmos-sdk/pull/5880) Merge `crypto/keys/mintkey` into `crypto`.

### Features

Expand Down
2 changes: 1 addition & 1 deletion crypto/keys/mintkey/mintkey.go → crypto/armor.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package mintkey
package crypto

import (
"encoding/hex"
Expand Down
67 changes: 41 additions & 26 deletions crypto/keys/mintkey/mintkey_test.go → crypto/armor_test.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package mintkey_test
package crypto_test

import (
"bytes"
Expand All @@ -9,45 +9,45 @@ import (

"github.com/stretchr/testify/require"
"github.com/tendermint/crypto/bcrypt"
"github.com/tendermint/tendermint/crypto"
tmcrypto "github.com/tendermint/tendermint/crypto"
"github.com/tendermint/tendermint/crypto/armor"
cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
"github.com/tendermint/tendermint/crypto/secp256k1"
"github.com/tendermint/tendermint/crypto/xsalsa20symmetric"

"github.com/cosmos/cosmos-sdk/crypto"
"github.com/cosmos/cosmos-sdk/crypto/keyring"
"github.com/cosmos/cosmos-sdk/crypto/keys/mintkey"
)

func TestArmorUnarmorPrivKey(t *testing.T) {
priv := secp256k1.GenPrivKey()
armored := mintkey.EncryptArmorPrivKey(priv, "passphrase", "")
_, _, err := mintkey.UnarmorDecryptPrivKey(armored, "wrongpassphrase")
armored := crypto.EncryptArmorPrivKey(priv, "passphrase", "")
_, _, err := crypto.UnarmorDecryptPrivKey(armored, "wrongpassphrase")
require.Error(t, err)
decrypted, algo, err := mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
decrypted, algo, err := crypto.UnarmorDecryptPrivKey(armored, "passphrase")
require.NoError(t, err)
require.Equal(t, string(keyring.Secp256k1), algo)
require.True(t, priv.Equals(decrypted))

// empty string
decrypted, algo, err = mintkey.UnarmorDecryptPrivKey("", "passphrase")
decrypted, algo, err = crypto.UnarmorDecryptPrivKey("", "passphrase")
require.Error(t, err)
require.True(t, errors.Is(io.EOF, err))
require.Nil(t, decrypted)
require.Empty(t, algo)

// wrong key type
armored = mintkey.ArmorPubKeyBytes(priv.PubKey().Bytes(), "")
_, _, err = mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
armored = crypto.ArmorPubKeyBytes(priv.PubKey().Bytes(), "")
_, _, err = crypto.UnarmorDecryptPrivKey(armored, "passphrase")
require.Error(t, err)
require.Contains(t, err.Error(), "unrecognized armor type")

// armor key manually
encryptPrivKeyFn := func(privKey crypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
saltBytes = crypto.CRandBytes(16)
key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), mintkey.BcryptSecurityParameter)
encryptPrivKeyFn := func(privKey tmcrypto.PrivKey, passphrase string) (saltBytes []byte, encBytes []byte) {
saltBytes = tmcrypto.CRandBytes(16)
key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), crypto.BcryptSecurityParameter)
require.NoError(t, err)
key = crypto.Sha256(key) // get 32 bytes
key = tmcrypto.Sha256(key) // get 32 bytes
privKeyBytes := privKey.Bytes()
return saltBytes, xsalsa20symmetric.EncryptSymmetric(privKeyBytes, key)
}
Expand All @@ -60,7 +60,7 @@ func TestArmorUnarmorPrivKey(t *testing.T) {
"type": "secp256k",
}
armored = armor.EncodeArmor("TENDERMINT PRIVATE KEY", headerWrongKdf, encBytes)
_, _, err = mintkey.UnarmorDecryptPrivKey(armored, "passphrase")
_, _, err = crypto.UnarmorDecryptPrivKey(armored, "passphrase")
require.Error(t, err)
require.Equal(t, "unrecognized KDF type: wrong", err.Error())
}
Expand All @@ -72,16 +72,16 @@ func TestArmorUnarmorPubKey(t *testing.T) {
// Add keys and see they return in alphabetical order
info, _, err := cstore.CreateMnemonic("Bob", keyring.English, "passphrase", keyring.Secp256k1)
require.NoError(t, err)
armored := mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "")
pubBytes, algo, err := mintkey.UnarmorPubKeyBytes(armored)
armored := crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "")
pubBytes, algo, err := crypto.UnarmorPubKeyBytes(armored)
require.NoError(t, err)
pub, err := cryptoAmino.PubKeyFromBytes(pubBytes)
require.NoError(t, err)
require.Equal(t, string(keyring.Secp256k1), algo)
require.True(t, pub.Equals(info.GetPubKey()))

armored = mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "unknown")
pubBytes, algo, err = mintkey.UnarmorPubKeyBytes(armored)
armored = crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), "unknown")
pubBytes, algo, err = crypto.UnarmorPubKeyBytes(armored)
require.NoError(t, err)
pub, err = cryptoAmino.PubKeyFromBytes(pubBytes)
require.NoError(t, err)
Expand All @@ -90,7 +90,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {

armored, err = cstore.ExportPrivKey("Bob", "passphrase", "alessio")
require.NoError(t, err)
_, _, err = mintkey.UnarmorPubKeyBytes(armored)
_, _, err = crypto.UnarmorPubKeyBytes(armored)
require.Error(t, err)
require.Equal(t, `couldn't unarmor bytes: unrecognized armor type "TENDERMINT PRIVATE KEY", expected: "TENDERMINT PUBLIC KEY"`, err.Error())

Expand All @@ -100,7 +100,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
"type": "unknown",
}
armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
_, algo, err = mintkey.UnarmorPubKeyBytes(armored)
_, algo, err = crypto.UnarmorPubKeyBytes(armored)
require.NoError(t, err)
// return secp256k1 if version is 0.0.0
require.Equal(t, "secp256k1", algo)
Expand All @@ -110,7 +110,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
"type": "unknown",
}
armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
bz, algo, err := mintkey.UnarmorPubKeyBytes(armored)
bz, algo, err := crypto.UnarmorPubKeyBytes(armored)
require.Nil(t, bz)
require.Empty(t, algo)
require.Error(t, err)
Expand All @@ -122,7 +122,7 @@ func TestArmorUnarmorPubKey(t *testing.T) {
"version": "unknown",
}
armored = armor.EncodeArmor("TENDERMINT PUBLIC KEY", header, pubBytes)
bz, algo, err = mintkey.UnarmorPubKeyBytes(armored)
bz, algo, err = crypto.UnarmorPubKeyBytes(armored)
require.Nil(t, bz)
require.Empty(t, algo)
require.Error(t, err)
Expand All @@ -131,14 +131,14 @@ func TestArmorUnarmorPubKey(t *testing.T) {

func TestArmorInfoBytes(t *testing.T) {
bs := []byte("test")
armoredString := mintkey.ArmorInfoBytes(bs)
unarmoredBytes, err := mintkey.UnarmorInfoBytes(armoredString)
armoredString := crypto.ArmorInfoBytes(bs)
unarmoredBytes, err := crypto.UnarmorInfoBytes(armoredString)
require.NoError(t, err)
require.True(t, bytes.Equal(bs, unarmoredBytes))
}

func TestUnarmorInfoBytesErrors(t *testing.T) {
unarmoredBytes, err := mintkey.UnarmorInfoBytes("")
unarmoredBytes, err := crypto.UnarmorInfoBytes("")
require.Error(t, err)
require.True(t, errors.Is(io.EOF, err))
require.Nil(t, unarmoredBytes)
Expand All @@ -147,9 +147,24 @@ func TestUnarmorInfoBytesErrors(t *testing.T) {
"type": "Info",
"version": "0.0.1",
}
unarmoredBytes, err = mintkey.UnarmorInfoBytes(armor.EncodeArmor(
unarmoredBytes, err = crypto.UnarmorInfoBytes(armor.EncodeArmor(
"TENDERMINT KEY INFO", header, []byte("plain-text")))
require.Error(t, err)
require.Equal(t, "unrecognized version: 0.0.1", err.Error())
require.Nil(t, unarmoredBytes)
}

func BenchmarkBcryptGenerateFromPassword(b *testing.B) {
passphrase := []byte("passphrase")
for securityParam := 9; securityParam < 16; securityParam++ {
param := securityParam
b.Run(fmt.Sprintf("benchmark-security-param-%d", param), func(b *testing.B) {
saltBytes := tmcrypto.CRandBytes(16)
b.ResetTimer()
for i := 0; i < b.N; i++ {
_, err := bcrypt.GenerateFromPassword(saltBytes, passphrase, param)
require.Nil(b, err)
}
})
}
}
File renamed without changes.
24 changes: 12 additions & 12 deletions crypto/keyring/db_keybase.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ import (
cryptoAmino "github.com/tendermint/tendermint/crypto/encoding/amino"
dbm "github.com/tendermint/tm-db"

"github.com/cosmos/cosmos-sdk/crypto/keys/mintkey"
"github.com/cosmos/cosmos-sdk/crypto"
"github.com/cosmos/cosmos-sdk/types"
sdkerrors "github.com/cosmos/cosmos-sdk/types/errors"
)
Expand Down Expand Up @@ -160,7 +160,7 @@ func (kb dbKeybase) Sign(name, passphrase string, msg []byte) (sig []byte, pub t
return
}

priv, _, err = mintkey.UnarmorDecryptPrivKey(i.PrivKeyArmor, passphrase)
priv, _, err = crypto.UnarmorDecryptPrivKey(i.PrivKeyArmor, passphrase)
if err != nil {
return nil, nil, err
}
Expand Down Expand Up @@ -199,7 +199,7 @@ func (kb dbKeybase) ExportPrivateKeyObject(name string, passphrase string) (tmcr
return nil, err
}

priv, _, err = mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase)
priv, _, err = crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase)
if err != nil {
return nil, err
}
Expand All @@ -221,7 +221,7 @@ func (kb dbKeybase) Export(name string) (armor string, err error) {
return "", fmt.Errorf("no key to export with name %s", name)
}

return mintkey.ArmorInfoBytes(bz), nil
return crypto.ArmorInfoBytes(bz), nil
}

// ExportPubKey returns public keys in ASCII armored format. It retrieves a Info
Expand All @@ -241,7 +241,7 @@ func (kb dbKeybase) ExportPubKey(name string) (armor string, err error) {
return
}

return mintkey.ArmorPubKeyBytes(info.GetPubKey().Bytes(), string(info.GetAlgo())), nil
return crypto.ArmorPubKeyBytes(info.GetPubKey().Bytes(), string(info.GetAlgo())), nil
}

// ExportPrivKey returns a private key in ASCII armored format.
Expand All @@ -259,7 +259,7 @@ func (kb dbKeybase) ExportPrivKey(name string, decryptPassphrase string,
return "", err
}

return mintkey.EncryptArmorPrivKey(priv, encryptPassphrase, string(info.GetAlgo())), nil
return crypto.EncryptArmorPrivKey(priv, encryptPassphrase, string(info.GetAlgo())), nil
}

// ImportPrivKey imports a private key in ASCII armor format. It returns an
Expand All @@ -270,7 +270,7 @@ func (kb dbKeybase) ImportPrivKey(name string, armor string, passphrase string)
return errors.New("Cannot overwrite key " + name)
}

privKey, algo, err := mintkey.UnarmorDecryptPrivKey(armor, passphrase)
privKey, algo, err := crypto.UnarmorDecryptPrivKey(armor, passphrase)
if err != nil {
return errors.Wrap(err, "couldn't import private key")
}
Expand All @@ -289,7 +289,7 @@ func (kb dbKeybase) Import(name string, armor string) (err error) {
return errors.New("cannot overwrite data for name " + name)
}

infoBytes, err := mintkey.UnarmorInfoBytes(armor)
infoBytes, err := crypto.UnarmorInfoBytes(armor)
if err != nil {
return
}
Expand All @@ -310,7 +310,7 @@ func (kb dbKeybase) ImportPubKey(name string, armor string) (err error) {
return errors.New("cannot overwrite data for name " + name)
}

pubBytes, algo, err := mintkey.UnarmorPubKeyBytes(armor)
pubBytes, algo, err := crypto.UnarmorPubKeyBytes(armor)
if err != nil {
return
}
Expand All @@ -336,7 +336,7 @@ func (kb dbKeybase) Delete(name, passphrase string, skipPass bool) error {
}

if linfo, ok := info.(localInfo); ok && !skipPass {
if _, _, err = mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase); err != nil {
if _, _, err = crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, passphrase); err != nil {
return err
}
}
Expand Down Expand Up @@ -366,7 +366,7 @@ func (kb dbKeybase) Update(name, oldpass string, getNewpass func() (string, erro
case localInfo:
linfo := i

key, _, err := mintkey.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, oldpass)
key, _, err := crypto.UnarmorDecryptPrivKey(linfo.PrivKeyArmor, oldpass)
if err != nil {
return err
}
Expand Down Expand Up @@ -396,7 +396,7 @@ func (kb dbKeybase) SupportedAlgosLedger() []SigningAlgo {

func (kb dbKeybase) writeLocalKey(name string, priv tmcrypto.PrivKey, passphrase string, algo SigningAlgo) Info {
// encrypt private key using passphrase
privArmor := mintkey.EncryptArmorPrivKey(priv, passphrase, string(algo))
privArmor := crypto.EncryptArmorPrivKey(priv, passphrase, string(algo))

// make Info
pub := priv.PubKey()
Expand Down
Loading