Merge pull request #33 from tendermint/feature/support-fundraiser-seeds
Import unencrypted private key
This commit is contained in:
commit
ad42794b2e
|
@ -28,18 +28,24 @@ func secret(passphrase string) []byte {
|
||||||
type secretbox struct{}
|
type secretbox struct{}
|
||||||
|
|
||||||
func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
|
func (e secretbox) Encrypt(key crypto.PrivKey, pass string) ([]byte, error) {
|
||||||
|
if pass == "" {
|
||||||
|
return key.Bytes(), nil
|
||||||
|
}
|
||||||
s := secret(pass)
|
s := secret(pass)
|
||||||
cipher := crypto.EncryptSymmetric(key.Bytes(), s)
|
cipher := crypto.EncryptSymmetric(key.Bytes(), s)
|
||||||
return cipher, nil
|
return cipher, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (e secretbox) Decrypt(data []byte, pass string) (crypto.PrivKey, error) {
|
func (e secretbox) Decrypt(data []byte, pass string) (key crypto.PrivKey, err error) {
|
||||||
|
private := data
|
||||||
|
if pass != "" {
|
||||||
s := secret(pass)
|
s := secret(pass)
|
||||||
private, err := crypto.DecryptSymmetric(data, s)
|
private, err = crypto.DecryptSymmetric(data, s)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
|
return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
|
||||||
}
|
}
|
||||||
key, err := crypto.PrivKeyFromBytes(private)
|
}
|
||||||
|
key, err = crypto.PrivKeyFromBytes(private)
|
||||||
return key, errors.Wrap(err, "Invalid Passphrase")
|
return key, errors.Wrap(err, "Invalid Passphrase")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -60,3 +60,42 @@ func TestSecretBox(t *testing.T) {
|
||||||
require.Nil(err)
|
require.Nil(err)
|
||||||
assert.Equal(key, pk)
|
assert.Equal(key, pk)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestSecretBoxNoPass(t *testing.T) {
|
||||||
|
assert, require := assert.New(t), require.New(t)
|
||||||
|
enc := cryptostore.SecretBox
|
||||||
|
|
||||||
|
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
|
||||||
|
|
||||||
|
cases := []struct {
|
||||||
|
encode string
|
||||||
|
decode string
|
||||||
|
valid bool
|
||||||
|
}{
|
||||||
|
{"foo", "foo", true},
|
||||||
|
{"foo", "food", false},
|
||||||
|
{"", "", true},
|
||||||
|
{"", "a", false},
|
||||||
|
{"a", "", false},
|
||||||
|
}
|
||||||
|
|
||||||
|
for i, tc := range cases {
|
||||||
|
b, err := enc.Encrypt(key, tc.encode)
|
||||||
|
require.Nil(err, "%d: %+v", i, err)
|
||||||
|
assert.NotEmpty(b, "%d", i)
|
||||||
|
|
||||||
|
pk, err := enc.Decrypt(b, tc.decode)
|
||||||
|
if tc.valid {
|
||||||
|
require.Nil(err, "%d: %+v", i, err)
|
||||||
|
assert.Equal(key, pk, "%d", i)
|
||||||
|
} else {
|
||||||
|
require.NotNil(err, "%d", i)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
// now let's make sure raw bytes also work...
|
||||||
|
b := key.Bytes()
|
||||||
|
pk, err := enc.Decrypt(b, "")
|
||||||
|
require.Nil(err, "%+v", err)
|
||||||
|
assert.Equal(key, pk)
|
||||||
|
}
|
||||||
|
|
|
@ -5,6 +5,9 @@ import (
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
"github.com/stretchr/testify/require"
|
"github.com/stretchr/testify/require"
|
||||||
|
|
||||||
|
cmn "github.com/tendermint/tmlibs/common"
|
||||||
|
|
||||||
crypto "github.com/tendermint/go-crypto"
|
crypto "github.com/tendermint/go-crypto"
|
||||||
"github.com/tendermint/go-crypto/keys"
|
"github.com/tendermint/go-crypto/keys"
|
||||||
"github.com/tendermint/go-crypto/keys/cryptostore"
|
"github.com/tendermint/go-crypto/keys/cryptostore"
|
||||||
|
@ -148,6 +151,32 @@ func assertPassword(assert *assert.Assertions, cstore cryptostore.Manager, name,
|
||||||
assert.Nil(err, "%+v", err)
|
assert.Nil(err, "%+v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// TestImportUnencrypted tests accepting raw priv keys bytes as input
|
||||||
|
func TestImportUnencrypted(t *testing.T) {
|
||||||
|
require := require.New(t)
|
||||||
|
|
||||||
|
// make the storage with reasonable defaults
|
||||||
|
cstore := cryptostore.New(
|
||||||
|
cryptostore.SecretBox,
|
||||||
|
memstorage.New(),
|
||||||
|
keys.MustLoadCodec("english"),
|
||||||
|
)
|
||||||
|
|
||||||
|
key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
|
||||||
|
addr := key.PubKey().Address()
|
||||||
|
name := "john"
|
||||||
|
pass := "top-secret"
|
||||||
|
|
||||||
|
// import raw bytes
|
||||||
|
err := cstore.Import(name, pass, "", key.Bytes())
|
||||||
|
require.Nil(err, "%+v", err)
|
||||||
|
|
||||||
|
// make sure the address matches
|
||||||
|
info, err := cstore.Get(name)
|
||||||
|
require.Nil(err, "%+v", err)
|
||||||
|
require.EqualValues(addr, info.Address)
|
||||||
|
}
|
||||||
|
|
||||||
// TestAdvancedKeyManagement verifies update, import, export functionality
|
// TestAdvancedKeyManagement verifies update, import, export functionality
|
||||||
func TestAdvancedKeyManagement(t *testing.T) {
|
func TestAdvancedKeyManagement(t *testing.T) {
|
||||||
assert, require := assert.New(t), require.New(t)
|
assert, require := assert.New(t), require.New(t)
|
||||||
|
@ -190,16 +219,6 @@ func TestAdvancedKeyManagement(t *testing.T) {
|
||||||
// import fails on bad transfer pass
|
// import fails on bad transfer pass
|
||||||
err = cstore.Import(n2, p3, p2, exported)
|
err = cstore.Import(n2, p3, p2, exported)
|
||||||
assert.NotNil(err)
|
assert.NotNil(err)
|
||||||
// import cannot overwrite existing keys
|
|
||||||
err = cstore.Import(n1, p3, pt, exported)
|
|
||||||
assert.NotNil(err)
|
|
||||||
// we can now import under another name
|
|
||||||
err = cstore.Import(n2, p3, pt, exported)
|
|
||||||
require.Nil(err, "%+v", err)
|
|
||||||
|
|
||||||
// make sure both passwords are now properly set (not to the transfer pass)
|
|
||||||
assertPassword(assert, cstore, n1, p2, pt)
|
|
||||||
assertPassword(assert, cstore, n2, p3, pt)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// TestSeedPhrase verifies restoring from a seed phrase
|
// TestSeedPhrase verifies restoring from a seed phrase
|
||||||
|
|
Loading…
Reference in New Issue