openethereum/parity/secretstore.rs

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

334 lines
12 KiB
Rust
Raw Normal View History

// Copyright 2015-2019 Parity Technologies (UK) Ltd.
// This file is part of Parity Ethereum.
// Parity Ethereum is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
// Parity Ethereum is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with Parity Ethereum. If not, see <http://www.gnu.org/licenses/>.
use account_utils::AccountProvider;
use dir::{default_data_path, helpers::replace_home};
use ethcore::{client::Client, miner::Miner};
use ethereum_types::Address;
use ethkey::{Password, Public, Secret};
use parity_runtime::Executor;
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
use std::{collections::BTreeMap, sync::Arc};
2018-04-10 12:13:49 +02:00
use sync::SyncProvider;
2017-07-25 09:19:48 +02:00
/// This node secret key.
#[derive(Debug, PartialEq, Clone)]
2017-07-25 09:19:48 +02:00
pub enum NodeSecretKey {
/// Stored as plain text in configuration file.
Plain(Secret),
2017-07-25 15:30:24 +02:00
/// Stored as account in key store.
#[cfg(feature = "accounts")]
2017-07-25 15:30:24 +02:00
KeyStore(Address),
2017-07-25 09:19:48 +02:00
}
/// Secret store service contract address.
#[derive(Debug, PartialEq, Clone)]
pub enum ContractAddress {
/// Contract address is read from registry.
Registry,
/// Contract address is specified.
Address(Address),
}
#[derive(Debug, PartialEq, Clone)]
/// Secret store configuration
pub struct Configuration {
/// Is secret store functionality enabled?
pub enabled: bool,
2017-07-27 12:29:09 +02:00
/// Is HTTP API enabled?
pub http_enabled: bool,
/// Is auto migrate enabled.
pub auto_migrate_enabled: bool,
/// ACL check contract address.
pub acl_check_contract_address: Option<ContractAddress>,
/// Service contract address.
pub service_contract_address: Option<ContractAddress>,
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
/// Server key generation service contract address.
pub service_contract_srv_gen_address: Option<ContractAddress>,
/// Server key retrieval service contract address.
pub service_contract_srv_retr_address: Option<ContractAddress>,
/// Document key store service contract address.
pub service_contract_doc_store_address: Option<ContractAddress>,
/// Document key shadow retrieval service contract address.
pub service_contract_doc_sretr_address: Option<ContractAddress>,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
/// This node secret.
2017-07-25 09:19:48 +02:00
pub self_secret: Option<NodeSecretKey>,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
/// Other nodes IDs + addresses.
pub nodes: BTreeMap<Public, (String, u16)>,
/// Key Server Set contract address. If None, 'nodes' map is used.
pub key_server_set_contract_address: Option<ContractAddress>,
/// Interface to listen to
pub interface: String,
/// Port to listen to
pub port: u16,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
/// Interface to listen to
pub http_interface: String,
/// Port to listen to
pub http_port: u16,
/// Data directory path for secret store
pub data_path: String,
SecretStore: administrative sessions prototypes (#6605) * generate random channel encryption key on restart * session-level nonces * fixed warning after rebase * session_nonce -> nonce * full_generation_math_session_with_refreshing_shares && full_generation_math_session_with_adding_new_node * add serveral secret shares at once * SecretStore: initial ShareAdd session prototype * SecretStore: ServersSetChange jobs * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: known_sessions iterator * SecretStore: implemented SessionsQueue * SecretStore: UnknownSessionsJobTransport * SecretStore: node_added_using_servers_set_change almost done * SecretStore: continue adding tests * SecretStore: node_added_using_servers_set_change + node_added_using_share_add * SecretStore: node_added_using_server_set_change_from_this_node * SecretStore: node_moved_using_share_move * SecretStore: node_moved_using_servers_set_change * SecretStore: node_removed_using_share_remove * SecretStore: node_removed_using_servers_set_change * SecretStore: different folders for client && admin sessions * SecretStore: started adding share change consensus (flush) * SecretStore: fixed spurious tests failures * enum JobPartialRequestAction * SecretStore: started adding consensus layer to ShareAdd session * SecretStore: starting external consensus for ShareAdd * SecretStore: started restoring node_added_using_servers_set_change * SecretStore: node_added_using_servers_set_change works with external consensus * SecretStore: node_added_using_server_set_change_from_this_node works with external consensus * removed debug comments/printlns * SecretStore: share move session supports consensus * SecretStore: share remove with external consensus * SecretStore: started adding basic ShareAdd tests * SecretStore: added ShareAdd tests * SecretStore: added ShareAdd session to cluster * SecretStore: added share move && remove sessions to cluster * SecretStore: ShareMove session tests cleanup * SecretStore: ShareRemove session tests cleanup * SecretStore: added check_secret_is_preserved check * SecretStore: added servers set change to cluster * SecretStore: cleaned up ServersSetChange session tests * SecretStore: cleaning + added tests for ShareRemove * SecretStore: cleaning up * SecretStore: propagated admin_public * SecretStore: fixed persistent_key_storage test * SecretStore: upgrade_db_from_1 * SecretStore: fixed ServersSetChange session completion * SecretStore: check polynom1 in ShareAdd sessions (error for pre-v2 shares) * SecretStore: fixing TODOs * SecretStore: fixing TODOs * SecretStore: check share change plan on 'old' slave nodes * SecretStore: fixing TODOs * SecretStore: store all admin sessions in single container to avoid overlaps * SecretStore: do not update nodes set during admin sessions * SecretStore: moved TODOs to appropriate methods * SecretStore: TODOs * SecretStore: added admin_public arg && fixed warnigs * SecretStore: added shares_to_move_reversed to ShareMove session * SecretStore: additional checks during consensus establishing * license * SecretStore: added TODO about starting ServersSetChange session * SecretStore: redundant clones + docs + lsot unimplemented-s * SecretStore: generation_session_completion_signalled_if_failed_on_master * SecretStore: updated obsolete comment * SecretStore: added type alias for current DocumentKeyShare serialization format * SecretStore: fixed typo * SecretStore; fixed warnings for futures 0.1.15 * fixed warning
2017-10-02 15:27:31 +02:00
/// Administrator public key.
pub admin_public: Option<Public>,
}
/// Secret store dependencies
2017-07-25 15:30:24 +02:00
pub struct Dependencies<'a> {
/// Blockchain client.
pub client: Arc<Client>,
/// Sync provider.
2020-07-29 10:36:15 +02:00
pub sync: Arc<dyn SyncProvider>,
/// Miner service.
pub miner: Arc<Miner>,
2017-07-25 15:30:24 +02:00
/// Account provider.
pub account_provider: Arc<AccountProvider>,
/// Passed accounts passwords.
pub accounts_passwords: &'a [Password],
}
#[cfg(not(feature = "secretstore"))]
mod server {
use super::{Configuration, Dependencies, Executor};
/// Noop key server implementation
pub struct KeyServer;
impl KeyServer {
/// Create new noop key server
pub fn new(
_conf: Configuration,
_deps: Dependencies,
_executor: Executor,
) -> Result<Self, String> {
Ok(KeyServer)
}
2020-08-05 06:08:03 +02:00
}
}
#[cfg(feature = "secretstore")]
mod server {
use super::{Configuration, ContractAddress, Dependencies, Executor, NodeSecretKey};
use ansi_term::Colour::{Red, White};
2020-08-05 06:08:03 +02:00
use db;
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
use ethcore_secretstore;
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
use ethkey::KeyPair;
2017-07-25 08:56:23 +02:00
use std::sync::Arc;
2020-08-05 06:08:03 +02:00
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
fn into_service_contract_address(
address: ContractAddress,
) -> ethcore_secretstore::ContractAddress {
match address {
ContractAddress::Registry => ethcore_secretstore::ContractAddress::Registry,
ContractAddress::Address(address) => {
ethcore_secretstore::ContractAddress::Address(address)
2020-08-05 06:08:03 +02:00
}
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
}
}
2020-08-05 06:08:03 +02:00
/// Key server
pub struct KeyServer {
2020-07-29 10:36:15 +02:00
_key_server: Box<dyn ethcore_secretstore::KeyServer>,
}
2020-08-05 06:08:03 +02:00
impl KeyServer {
/// Create new key server
pub fn new(
mut conf: Configuration,
deps: Dependencies,
executor: Executor,
) -> Result<Self, String> {
2020-07-29 10:36:15 +02:00
let self_secret: Arc<dyn ethcore_secretstore::NodeKeyPair> =
match conf.self_secret.take() {
Some(NodeSecretKey::Plain(secret)) => {
Arc::new(ethcore_secretstore::PlainNodeKeyPair::new(
KeyPair::from_secret(secret)
.map_err(|e| format!("invalid secret: {}", e))?,
))
2017-07-25 15:30:24 +02:00
}
2020-07-29 10:36:15 +02:00
#[cfg(feature = "accounts")]
Some(NodeSecretKey::KeyStore(account)) => {
// Check if account exists
if !deps.account_provider.has_account(account.clone()) {
return Err(format!(
"Account {} passed as secret store node key is not found",
account
));
}
2020-08-05 06:08:03 +02:00
2020-07-29 10:36:15 +02:00
// Check if any passwords have been read from the password file(s)
if deps.accounts_passwords.is_empty() {
return Err(format!(
"No password found for the secret store node account {}",
2017-12-21 14:50:58 +01:00
account
2020-07-29 10:36:15 +02:00
));
}
// Attempt to sign in the engine signer.
let password = deps
.accounts_passwords
.iter()
.find(|p| {
deps.account_provider
.sign(account.clone(), Some((*p).clone()), Default::default())
.is_ok()
})
.ok_or_else(|| {
format!(
"No valid password for the secret store node account {}",
account
)
})?;
Arc::new(
ethcore_secretstore::KeyStoreNodeKeyPair::new(
deps.account_provider,
account,
password.clone(),
2020-08-05 06:08:03 +02:00
)
2020-07-29 10:36:15 +02:00
.map_err(|e| format!("{}", e))?,
2017-07-25 15:30:24 +02:00
)
2020-07-29 10:36:15 +02:00
}
None => return Err("self secret is required when using secretstore".into()),
};
2020-08-05 06:08:03 +02:00
info!(
"Starting SecretStore node: {}",
White.bold().paint(format!("{:?}", self_secret.public()))
);
if conf.acl_check_contract_address.is_none() {
warn!(
"Running SecretStore with disabled ACL check: {}",
Red.bold().paint("everyone has access to stored keys")
);
}
2020-08-05 06:08:03 +02:00
2017-07-27 10:33:09 +02:00
let key_server_name = format!("{}:{}", conf.interface, conf.port);
let mut cconf = ethcore_secretstore::ServiceConfiguration {
2017-07-27 12:29:09 +02:00
listener_address: if conf.http_enabled {
Some(ethcore_secretstore::NodeAddress {
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
address: conf.http_interface.clone(),
port: conf.http_port,
2017-07-27 12:29:09 +02:00
})
} else {
None
},
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
service_contract_address: conf
.service_contract_address
.map(into_service_contract_address),
service_contract_srv_gen_address: conf
.service_contract_srv_gen_address
.map(into_service_contract_address),
service_contract_srv_retr_address: conf
.service_contract_srv_retr_address
.map(into_service_contract_address),
service_contract_doc_store_address: conf
.service_contract_doc_store_address
.map(into_service_contract_address),
service_contract_doc_sretr_address: conf
.service_contract_doc_sretr_address
.map(into_service_contract_address),
acl_check_contract_address: conf
.acl_check_contract_address
.map(into_service_contract_address),
cluster_config: ethcore_secretstore::ClusterConfiguration {
listener_address: ethcore_secretstore::NodeAddress {
address: conf.interface.clone(),
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
port: conf.port,
},
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
nodes: conf
.nodes
.into_iter()
.map(|(p, (ip, port))| {
(
p,
ethcore_secretstore::NodeAddress {
address: ip,
port: port,
2020-08-05 06:08:03 +02:00
},
)
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
})
.collect(),
key_server_set_contract_address: conf
.key_server_set_contract_address
.map(into_service_contract_address),
allow_connecting_to_higher_nodes: true,
SecretStore: administrative sessions prototypes (#6605) * generate random channel encryption key on restart * session-level nonces * fixed warning after rebase * session_nonce -> nonce * full_generation_math_session_with_refreshing_shares && full_generation_math_session_with_adding_new_node * add serveral secret shares at once * SecretStore: initial ShareAdd session prototype * SecretStore: ServersSetChange jobs * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: known_sessions iterator * SecretStore: implemented SessionsQueue * SecretStore: UnknownSessionsJobTransport * SecretStore: node_added_using_servers_set_change almost done * SecretStore: continue adding tests * SecretStore: node_added_using_servers_set_change + node_added_using_share_add * SecretStore: node_added_using_server_set_change_from_this_node * SecretStore: node_moved_using_share_move * SecretStore: node_moved_using_servers_set_change * SecretStore: node_removed_using_share_remove * SecretStore: node_removed_using_servers_set_change * SecretStore: different folders for client && admin sessions * SecretStore: started adding share change consensus (flush) * SecretStore: fixed spurious tests failures * enum JobPartialRequestAction * SecretStore: started adding consensus layer to ShareAdd session * SecretStore: starting external consensus for ShareAdd * SecretStore: started restoring node_added_using_servers_set_change * SecretStore: node_added_using_servers_set_change works with external consensus * SecretStore: node_added_using_server_set_change_from_this_node works with external consensus * removed debug comments/printlns * SecretStore: share move session supports consensus * SecretStore: share remove with external consensus * SecretStore: started adding basic ShareAdd tests * SecretStore: added ShareAdd tests * SecretStore: added ShareAdd session to cluster * SecretStore: added share move && remove sessions to cluster * SecretStore: ShareMove session tests cleanup * SecretStore: ShareRemove session tests cleanup * SecretStore: added check_secret_is_preserved check * SecretStore: added servers set change to cluster * SecretStore: cleaned up ServersSetChange session tests * SecretStore: cleaning + added tests for ShareRemove * SecretStore: cleaning up * SecretStore: propagated admin_public * SecretStore: fixed persistent_key_storage test * SecretStore: upgrade_db_from_1 * SecretStore: fixed ServersSetChange session completion * SecretStore: check polynom1 in ShareAdd sessions (error for pre-v2 shares) * SecretStore: fixing TODOs * SecretStore: fixing TODOs * SecretStore: check share change plan on 'old' slave nodes * SecretStore: fixing TODOs * SecretStore: store all admin sessions in single container to avoid overlaps * SecretStore: do not update nodes set during admin sessions * SecretStore: moved TODOs to appropriate methods * SecretStore: TODOs * SecretStore: added admin_public arg && fixed warnigs * SecretStore: added shares_to_move_reversed to ShareMove session * SecretStore: additional checks during consensus establishing * license * SecretStore: added TODO about starting ServersSetChange session * SecretStore: redundant clones + docs + lsot unimplemented-s * SecretStore: generation_session_completion_signalled_if_failed_on_master * SecretStore: updated obsolete comment * SecretStore: added type alias for current DocumentKeyShare serialization format * SecretStore: fixed typo * SecretStore; fixed warnings for futures 0.1.15 * fixed warning
2017-10-02 15:27:31 +02:00
admin_public: conf.admin_public,
auto_migrate_enabled: conf.auto_migrate_enabled,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
},
};
2020-08-05 06:08:03 +02:00
2017-07-27 10:33:09 +02:00
cconf.cluster_config.nodes.insert(
self_secret.public().clone(),
cconf.cluster_config.listener_address.clone(),
);
2020-08-05 06:08:03 +02:00
let db = db::open_secretstore_db(&conf.data_path)?;
let key_server = ethcore_secretstore::start(
deps.client,
deps.sync,
deps.miner,
self_secret,
cconf,
db,
executor,
)
2017-07-27 10:33:09 +02:00
.map_err(|e| format!("Error starting KeyServer {}: {}", key_server_name, e))?;
2020-08-05 06:08:03 +02:00
Ok(KeyServer {
_key_server: key_server,
})
}
2020-08-05 06:08:03 +02:00
}
}
pub use self::server::KeyServer;
impl Default for Configuration {
fn default() -> Self {
let data_dir = default_data_path();
Configuration {
enabled: true,
2017-07-27 12:29:09 +02:00
http_enabled: true,
auto_migrate_enabled: true,
acl_check_contract_address: Some(ContractAddress::Registry),
service_contract_address: None,
SecretStore: generating and retrieving decryption keys via service contract (#8029) * SecretStore: started document keys generation via contract * fixed Cargo.lock * SecretStore: doc key contract gen tests * SecretStore: fixed log parsing * SecretStore: flush * SecretStore: secretstore_generateDocumentKey RPC * SecretStore: return encrypted_key from secretstore_generateDocumentKey * prepare to GenerateDocKey -> StoreDocKey * SecretStore: ability to identify requester via Public/Address * SecretStore: store author address instead of public in db * flush * SecretStore: flush * SecretStore: fixed test * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: flush * SecretStore: start async generation session * SecretStore: process StoreDocumentKey service tasks * SecretStore: flush * SecretStore: update service contact ABI * SecretStore: flush * SecretStore: flush * SecretStore: fixed event * SecretStore: flush * SecretStore: fixed tests * SecretStore: fix broadcast shadows decryption * SecretStore: finally decryption via service contract works * SecretStore: fix for updated contract * SecretStore: restored pending requests reqding * SecretStore: fixed some TODOs * SecretStore: OnChainServiceContractAggregate * SecretStore: different names for different contracts types * SecretStore: updated contracts interfaces * SecretStore: utilize aggregate service contract * fixed compilation * SecretStore: fixes for updated contract * SecretStore: service fixes after testing * fixed cli test compilation * SecretStore: decryption_session_origin_is_known_to_all_initialized_nodes * SecretStore: added new contract listener tests * SecretStore: session_listener_works * removed optional TODO * SecretStore: fixed KeyServer shutdown * fixed warn + grumble * const durations
2018-04-03 16:54:34 +02:00
service_contract_srv_gen_address: None,
service_contract_srv_retr_address: None,
service_contract_doc_store_address: None,
service_contract_doc_sretr_address: None,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
self_secret: None,
SecretStore: administrative sessions prototypes (#6605) * generate random channel encryption key on restart * session-level nonces * fixed warning after rebase * session_nonce -> nonce * full_generation_math_session_with_refreshing_shares && full_generation_math_session_with_adding_new_node * add serveral secret shares at once * SecretStore: initial ShareAdd session prototype * SecretStore: ServersSetChange jobs * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: servers set change session continued * SecretStore: known_sessions iterator * SecretStore: implemented SessionsQueue * SecretStore: UnknownSessionsJobTransport * SecretStore: node_added_using_servers_set_change almost done * SecretStore: continue adding tests * SecretStore: node_added_using_servers_set_change + node_added_using_share_add * SecretStore: node_added_using_server_set_change_from_this_node * SecretStore: node_moved_using_share_move * SecretStore: node_moved_using_servers_set_change * SecretStore: node_removed_using_share_remove * SecretStore: node_removed_using_servers_set_change * SecretStore: different folders for client && admin sessions * SecretStore: started adding share change consensus (flush) * SecretStore: fixed spurious tests failures * enum JobPartialRequestAction * SecretStore: started adding consensus layer to ShareAdd session * SecretStore: starting external consensus for ShareAdd * SecretStore: started restoring node_added_using_servers_set_change * SecretStore: node_added_using_servers_set_change works with external consensus * SecretStore: node_added_using_server_set_change_from_this_node works with external consensus * removed debug comments/printlns * SecretStore: share move session supports consensus * SecretStore: share remove with external consensus * SecretStore: started adding basic ShareAdd tests * SecretStore: added ShareAdd tests * SecretStore: added ShareAdd session to cluster * SecretStore: added share move && remove sessions to cluster * SecretStore: ShareMove session tests cleanup * SecretStore: ShareRemove session tests cleanup * SecretStore: added check_secret_is_preserved check * SecretStore: added servers set change to cluster * SecretStore: cleaned up ServersSetChange session tests * SecretStore: cleaning + added tests for ShareRemove * SecretStore: cleaning up * SecretStore: propagated admin_public * SecretStore: fixed persistent_key_storage test * SecretStore: upgrade_db_from_1 * SecretStore: fixed ServersSetChange session completion * SecretStore: check polynom1 in ShareAdd sessions (error for pre-v2 shares) * SecretStore: fixing TODOs * SecretStore: fixing TODOs * SecretStore: check share change plan on 'old' slave nodes * SecretStore: fixing TODOs * SecretStore: store all admin sessions in single container to avoid overlaps * SecretStore: do not update nodes set during admin sessions * SecretStore: moved TODOs to appropriate methods * SecretStore: TODOs * SecretStore: added admin_public arg && fixed warnigs * SecretStore: added shares_to_move_reversed to ShareMove session * SecretStore: additional checks during consensus establishing * license * SecretStore: added TODO about starting ServersSetChange session * SecretStore: redundant clones + docs + lsot unimplemented-s * SecretStore: generation_session_completion_signalled_if_failed_on_master * SecretStore: updated obsolete comment * SecretStore: added type alias for current DocumentKeyShare serialization format * SecretStore: fixed typo * SecretStore; fixed warnings for futures 0.1.15 * fixed warning
2017-10-02 15:27:31 +02:00
admin_public: None,
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
nodes: BTreeMap::new(),
key_server_set_contract_address: Some(ContractAddress::Registry),
interface: "127.0.0.1".to_owned(),
Fixing secretstore TODOs - part 1 (#5386) * ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
2017-04-08 11:26:16 +02:00
port: 8083,
http_interface: "127.0.0.1".to_owned(),
http_port: 8082,
data_path: replace_home(&data_dir, "$BASE/secretstore"),
}
}
}
/// Start secret store-related functionality
pub fn start(
conf: Configuration,
deps: Dependencies,
executor: Executor,
) -> Result<Option<KeyServer>, String> {
if !conf.enabled {
return Ok(None);
}
KeyServer::new(conf, deps, executor).map(|s| Some(s))
}