2019-01-07 11:33:07 +01:00
|
|
|
// Copyright 2015-2019 Parity Technologies (UK) Ltd.
|
|
|
|
|
// This file is part of Parity Ethereum.
|
2017-02-20 16:13:21 +01:00
|
|
|
|
2019-01-07 11:33:07 +01:00
|
|
|
// Parity Ethereum is free software: you can redistribute it and/or modify
|
2017-02-20 16:13:21 +01:00
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
|
2019-01-07 11:33:07 +01:00
|
|
|
// Parity Ethereum is distributed in the hope that it will be useful,
|
2017-02-20 16:13:21 +01:00
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
2019-01-07 11:33:07 +01:00
|
|
|
// along with Parity Ethereum. If not, see <http://www.gnu.org/licenses/>.
|
2017-02-20 16:13:21 +01:00
|
|
|
|
2017-11-16 17:34:23 +01:00
|
|
|
use std::collections::BTreeSet;
|
2019-06-06 12:35:06 +02:00
|
|
|
use futures::Future;
|
2018-05-01 15:02:14 +02:00
|
|
|
use types::{Error, Public, ServerKeyId, MessageHash, EncryptedMessageSignature, RequestSignature, Requester,
|
2018-04-03 16:54:34 +02:00
|
|
|
EncryptedDocumentKey, EncryptedDocumentKeyShadow, NodeId};
|
2017-02-20 16:13:21 +01:00
|
|
|
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Server key (SK) generator.
|
|
|
|
|
pub trait ServerKeyGenerator {
|
|
|
|
|
/// Generate new SK.
|
|
|
|
|
/// `key_id` is the caller-provided identifier of generated SK.
|
2018-04-03 16:54:34 +02:00
|
|
|
/// `author` is the author of key entry.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// `threshold + 1` is the minimal number of nodes, required to restore private key.
|
|
|
|
|
/// Result is a public portion of SK.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn generate_key(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
author: Requester,
|
|
|
|
|
threshold: usize,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=Public, Error=Error> + Send>;
|
2019-06-05 14:04:00 +02:00
|
|
|
/// Retrieve public portion of previously generated SK.
|
|
|
|
|
/// `key_id` is identifier of previously generated SK.
|
|
|
|
|
/// `author` is the same author, that has created the server key.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn restore_key_public(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
author: Requester,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=Public, Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Document key (DK) server.
|
|
|
|
|
pub trait DocumentKeyServer: ServerKeyGenerator {
|
|
|
|
|
/// Store externally generated DK.
|
|
|
|
|
/// `key_id` is identifier of previously generated SK.
|
2018-04-03 16:54:34 +02:00
|
|
|
/// `author` is the same author, that has created the server key.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// `common_point` is a result of `k * T` expression, where `T` is generation point and `k` is random scalar in EC field.
|
|
|
|
|
/// `encrypted_document_key` is a result of `M + k * y` expression, where `M` is unencrypted document key (point on EC),
|
|
|
|
|
/// `k` is the same scalar used in `common_point` calculation and `y` is previously generated public part of SK.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn store_document_key(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
author: Requester,
|
|
|
|
|
common_point: Public,
|
|
|
|
|
encrypted_document_key: Public,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=(), Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Generate and store both SK and DK. This is a shortcut for consequent calls of `generate_key` and `store_document_key`.
|
|
|
|
|
/// The only difference is that DK is generated by DocumentKeyServer (which might be considered unsafe).
|
|
|
|
|
/// `key_id` is the caller-provided identifier of generated SK.
|
2018-04-03 16:54:34 +02:00
|
|
|
/// `author` is the author of server && document key entry.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// `threshold + 1` is the minimal number of nodes, required to restore private key.
|
|
|
|
|
/// Result is a DK, encrypted with caller public key.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn generate_document_key(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
author: Requester,
|
|
|
|
|
threshold: usize,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=EncryptedDocumentKey, Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Restore previously stored DK.
|
|
|
|
|
/// DK is decrypted on the key server (which might be considered unsafe), and then encrypted with caller public key.
|
|
|
|
|
/// `key_id` is identifier of previously generated SK.
|
2018-04-03 16:54:34 +02:00
|
|
|
/// `requester` is the one who requests access to document key. Caller must be on ACL for this function to succeed.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Result is a DK, encrypted with caller public key.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn restore_document_key(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
requester: Requester,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=EncryptedDocumentKey, Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Restore previously stored DK.
|
|
|
|
|
/// To decrypt DK on client:
|
2017-04-08 11:26:16 +02:00
|
|
|
/// 1) use requestor secret key to decrypt secret coefficients from result.decrypt_shadows
|
|
|
|
|
/// 2) calculate decrypt_shadows_sum = sum of all secrets from (1)
|
|
|
|
|
/// 3) calculate decrypt_shadow_point: decrypt_shadows_sum * result.common_point
|
|
|
|
|
/// 4) calculate decrypted_secret: result.decrypted_secret + decrypt_shadow_point
|
2017-07-06 14:02:10 +02:00
|
|
|
/// Result is a DK shadow.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn restore_document_key_shadow(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
requester: Requester,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=EncryptedDocumentKeyShadow, Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// Message signer.
|
|
|
|
|
pub trait MessageSigner: ServerKeyGenerator {
|
2018-03-01 09:59:21 +01:00
|
|
|
/// Generate Schnorr signature for message with previously generated SK.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// `key_id` is the caller-provided identifier of generated SK.
|
2018-04-03 16:54:34 +02:00
|
|
|
/// `requester` is the one who requests access to server key private.
|
2017-07-06 14:02:10 +02:00
|
|
|
/// `message` is the message to be signed.
|
|
|
|
|
/// Result is a signed message, encrypted with caller public key.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn sign_message_schnorr(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
requester: Requester,
|
|
|
|
|
message: MessageHash,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=EncryptedMessageSignature, Error=Error> + Send>;
|
2018-03-01 09:59:21 +01:00
|
|
|
/// Generate ECDSA signature for message with previously generated SK.
|
|
|
|
|
/// WARNING: only possible when SK was generated using t <= 2 * N.
|
|
|
|
|
/// `key_id` is the caller-provided identifier of generated SK.
|
|
|
|
|
/// `signature` is `key_id`, signed with caller public key.
|
|
|
|
|
/// `message` is the message to be signed.
|
|
|
|
|
/// Result is a signed message, encrypted with caller public key.
|
2019-06-06 12:35:06 +02:00
|
|
|
fn sign_message_ecdsa(
|
|
|
|
|
&self,
|
|
|
|
|
key_id: ServerKeyId,
|
|
|
|
|
signature: Requester,
|
|
|
|
|
message: MessageHash,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=EncryptedMessageSignature, Error=Error> + Send>;
|
2017-07-06 14:02:10 +02:00
|
|
|
}
|
|
|
|
|
|
2017-11-16 17:34:23 +01:00
|
|
|
/// Administrative sessions server.
|
|
|
|
|
pub trait AdminSessionsServer {
|
|
|
|
|
/// Change servers set so that nodes in new_servers_set became owners of shares for all keys.
|
2018-05-16 20:09:59 +02:00
|
|
|
/// And old nodes (i.e. cluster nodes except new_servers_set) have clear databases.
|
2017-11-16 17:34:23 +01:00
|
|
|
/// WARNING: newly generated keys will be distributed among all cluster nodes. So this session
|
|
|
|
|
/// must be followed with cluster nodes change (either via contract, or config files).
|
2019-06-06 12:35:06 +02:00
|
|
|
fn change_servers_set(
|
|
|
|
|
&self,
|
|
|
|
|
old_set_signature: RequestSignature,
|
|
|
|
|
new_set_signature: RequestSignature,
|
|
|
|
|
new_servers_set: BTreeSet<NodeId>,
|
2019-10-02 10:55:31 +02:00
|
|
|
) -> Box<dyn Future<Item=(), Error=Error> + Send>;
|
2017-11-16 17:34:23 +01:00
|
|
|
}
|
2017-07-06 14:02:10 +02:00
|
|
|
|
|
|
|
|
/// Key server.
|
2017-11-16 17:34:23 +01:00
|
|
|
pub trait KeyServer: AdminSessionsServer + DocumentKeyServer + MessageSigner + Send + Sync {
|
2017-02-20 16:13:21 +01:00
|
|
|
}
|
