bridge: use GPG-armored binary protobufs for keys
This commit is contained in:
parent
0152a00114
commit
471417cd6e
|
@ -11,7 +11,8 @@ import (
|
||||||
|
|
||||||
ethcrypto "github.com/ethereum/go-ethereum/crypto"
|
ethcrypto "github.com/ethereum/go-ethereum/crypto"
|
||||||
"github.com/spf13/cobra"
|
"github.com/spf13/cobra"
|
||||||
"google.golang.org/protobuf/encoding/prototext"
|
"golang.org/x/crypto/openpgp/armor"
|
||||||
|
"google.golang.org/protobuf/proto"
|
||||||
|
|
||||||
"github.com/certusone/wormhole/bridge/pkg/devnet"
|
"github.com/certusone/wormhole/bridge/pkg/devnet"
|
||||||
nodev1 "github.com/certusone/wormhole/bridge/pkg/proto/node/v1"
|
nodev1 "github.com/certusone/wormhole/bridge/pkg/proto/node/v1"
|
||||||
|
@ -19,6 +20,10 @@ import (
|
||||||
|
|
||||||
var keyDescription *string
|
var keyDescription *string
|
||||||
|
|
||||||
|
const (
|
||||||
|
GuardianKeyArmoredBlock = "WORMHOLE GUARDIAN PRIVATE KEY"
|
||||||
|
)
|
||||||
|
|
||||||
func init() {
|
func init() {
|
||||||
keyDescription = KeygenCmd.Flags().String("desc", "", "Human-readable key description (optional)")
|
keyDescription = KeygenCmd.Flags().String("desc", "", "Human-readable key description (optional)")
|
||||||
}
|
}
|
||||||
|
@ -49,20 +54,34 @@ func runKeygen(cmd *cobra.Command, args []string) {
|
||||||
|
|
||||||
// loadGuardianKey loads a serialized guardian key from disk.
|
// loadGuardianKey loads a serialized guardian key from disk.
|
||||||
func loadGuardianKey(filename string) (*ecdsa.PrivateKey, error) {
|
func loadGuardianKey(filename string) (*ecdsa.PrivateKey, error) {
|
||||||
b, err := ioutil.ReadFile(filename)
|
f, err := os.Open(filename)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to read guardian private key from disk: %w", err)
|
return nil, fmt.Errorf("failed to open file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
p, err := armor.Decode(f)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to read armored file: %w", err)
|
||||||
|
}
|
||||||
|
|
||||||
|
if p.Type != GuardianKeyArmoredBlock {
|
||||||
|
return nil, fmt.Errorf("invalid block type: %s", p.Type)
|
||||||
|
}
|
||||||
|
|
||||||
|
b, err := ioutil.ReadAll(p.Body)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to read file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
var m nodev1.GuardianKey
|
var m nodev1.GuardianKey
|
||||||
err = prototext.Unmarshal(b, &m)
|
err = proto.Unmarshal(b, &m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to deserialize private key from disk: %w", err)
|
return nil, fmt.Errorf("failed to deserialize protobuf: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
gk, err := ethcrypto.ToECDSA(m.Data)
|
gk, err := ethcrypto.ToECDSA(m.Data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to deserialize key data: %w", err)
|
return nil, fmt.Errorf("failed to deserialize raw key data: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return gk, nil
|
return gk, nil
|
||||||
|
@ -75,21 +94,37 @@ func writeGuardianKey(key *ecdsa.PrivateKey, description string, filename string
|
||||||
}
|
}
|
||||||
|
|
||||||
m := &nodev1.GuardianKey{
|
m := &nodev1.GuardianKey{
|
||||||
Description: description,
|
|
||||||
Data: ethcrypto.FromECDSA(key),
|
Data: ethcrypto.FromECDSA(key),
|
||||||
Pubkey: ethcrypto.PubkeyToAddress(key.PublicKey).String(),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
b, err := prototext.MarshalOptions{Multiline: true, EmitASCII: true}.Marshal(m)
|
// The private key is a really long-lived piece of data, and we really want to use the stable binary
|
||||||
|
// protobuf encoding with field tags to make sure that we can safely evolve it in the future.
|
||||||
|
b, err := proto.Marshal(m)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := ioutil.WriteFile(filename, b, 0600); err != nil {
|
f, err := os.OpenFile(filename, os.O_RDWR|os.O_CREATE, 0600)
|
||||||
return err
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to open file: %w", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
a, err := armor.Encode(f, GuardianKeyArmoredBlock, map[string]string{
|
||||||
|
"Description": description,
|
||||||
|
"PublicKey": ethcrypto.PubkeyToAddress(key.PublicKey).String(),
|
||||||
|
})
|
||||||
|
if err != nil {
|
||||||
|
panic(err)
|
||||||
|
}
|
||||||
|
_, err = a.Write(b)
|
||||||
|
if err != nil {
|
||||||
|
return fmt.Errorf("failed to write to file: %w", err)
|
||||||
|
}
|
||||||
|
err = a.Close()
|
||||||
|
if err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
return f.Close()
|
||||||
}
|
}
|
||||||
|
|
||||||
// generateDevnetGuardianKey returns a deterministic testnet key.
|
// generateDevnetGuardianKey returns a deterministic testnet key.
|
||||||
|
|
|
@ -59,12 +59,6 @@ message SubmitGuardianSetVAAResponse {
|
||||||
|
|
||||||
// GuardianKey specifies the on-disk format for a node's guardian key.
|
// GuardianKey specifies the on-disk format for a node's guardian key.
|
||||||
message GuardianKey {
|
message GuardianKey {
|
||||||
// description is an optional, free-form description text set by the operator.
|
|
||||||
string description = 1;
|
|
||||||
|
|
||||||
// data is the binary representation of the secp256k1 private key.
|
// data is the binary representation of the secp256k1 private key.
|
||||||
bytes data = 2;
|
bytes data = 1;
|
||||||
|
|
||||||
// pubkey is a human-readable representation of the key, included for operator convenience.
|
|
||||||
string pubkey = 3;
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue