grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Deprecate account management (#10213)

Browse Source 
* Extract accounts from ethcore.

* Fix ethcore.

* Get rid of AccountProvider in test_helpers

* Fix rest of the code.

* Re-use EngineSigner, fix tests.

* Simplify EngineSigner to always have an Address.

* Fix RPC tests.

* Add deprecation notice to RPCs.

* Feature to disable accounts.

* extract accounts in RPC

* Run with accounts in tests.

* Fix RPC compilation and tests.

* Fix compilation of the binary.

* Fix compilation of the binary.

* Fix compilation with accounts enabled.

* Fix tests.

* Update submodule.

* Remove android.

* Use derive for Default

* Don't build secretstore by default.

* Add link to issue.

* Refresh Cargo.lock.

* Fix miner tests.

* Update rpc/Cargo.toml

Co-Authored-By: tomusdrw <tomusdrw@users.noreply.github.com>

* Fix private tests.
This commit is contained in:
Tomasz Drwięga
2019-02-07 14:34:24 +01:00
committed by Afri Schoedon
parent 8fa56add47
commit d5c19f8719
102 changed files with 3222 additions and 2393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
ethcore/private-tx/src/encryptor.rs
View File

@@ -18,22 +18,22 @@
use std::io::Read;
use std::str::FromStr;
use std::sync::Arc;
use std::iter::repeat;
use std::time::{Instant, Duration};
use std::collections::HashMap;
use std::collections::hash_map::Entry;
use parking_lot::Mutex;
use ethcore::account_provider::AccountProvider;
use ethereum_types::{H128, H256, Address};
use ethjson;
use ethkey::{Signature, Password, Public};
use ethkey::{Signature, Public};
use crypto;
use futures::Future;
use fetch::{Fetch, Client as FetchClient, Method, BodyReader, Request};
use bytes::{Bytes, ToPretty};
use error::{Error, ErrorKind};
use url::Url;
use super::find_account_password;
use super::Signer;
use super::key_server_keys::address_to_key;
/// Initialization vector length.
@@ -48,7 +48,6 @@ pub trait Encryptor: Send + Sync + 'static {
fn encrypt(
&self,
contract_address: &Address,
accounts: &AccountProvider,
initialisation_vector: &H128,
plain_data: &[u8],
) -> Result<Bytes, Error>;
@@ -57,7 +56,6 @@ pub trait Encryptor: Send + Sync + 'static {
fn decrypt(
&self,
contract_address: &Address,
accounts: &AccountProvider,
cypher: &[u8],
) -> Result<Bytes, Error>;
}
@@ -71,8 +69,6 @@ pub struct EncryptorConfig {
pub threshold: u32,
/// Account used for signing requests to key server
pub key_server_account: Option<Address>,
/// Passwords used to unlock accounts
pub passwords: Vec<Password>,
}
struct EncryptionSession {
@@ -85,14 +81,20 @@ pub struct SecretStoreEncryptor {
config: EncryptorConfig,
client: FetchClient,
sessions: Mutex<HashMap<Address, EncryptionSession>>,
signer: Arc<Signer>,
}
impl SecretStoreEncryptor {
/// Create new encryptor
pub fn new(config: EncryptorConfig, client: FetchClient) -> Result<Self, Error> {
pub fn new(
config: EncryptorConfig,
client: FetchClient,
signer: Arc<Signer>,
) -> Result<Self, Error> {
Ok(SecretStoreEncryptor {
config,
client,
signer,
sessions: Mutex::default(),
})
}
@@ -103,13 +105,12 @@ impl SecretStoreEncryptor {
url_suffix: &str,
use_post: bool,
contract_address: &Address,
accounts: &AccountProvider,
) -> Result<Bytes, Error> {
// check if the key was already cached
if let Some(key) = self.obtained_key(contract_address) {
return Ok(key);
}
let contract_address_signature = self.sign_contract_address(contract_address, accounts)?;
let contract_address_signature = self.sign_contract_address(contract_address)?;
let requester = self.config.key_server_account.ok_or_else(|| ErrorKind::KeyServerAccountNotSet)?;
// key id in SS is H256 && we have H160 here => expand with assitional zeros
@@ -149,10 +150,9 @@ impl SecretStoreEncryptor {
// response is JSON string (which is, in turn, hex-encoded, encrypted Public)
let encrypted_bytes: ethjson::bytes::Bytes = result.trim_matches('\"').parse().map_err(|e| ErrorKind::Encrypt(e))?;
let password = find_account_password(&self.config.passwords, &*accounts, &requester);
// decrypt Public
let decrypted_bytes = accounts.decrypt(requester, password, &crypto::DEFAULT_MAC, &encrypted_bytes)?;
let decrypted_bytes = self.signer.decrypt(requester, &crypto::DEFAULT_MAC, &encrypted_bytes)?;
let decrypted_key = Public::from_slice(&decrypted_bytes);
// and now take x coordinate of Public as a key
@@ -188,10 +188,9 @@ impl SecretStoreEncryptor {
}
}
fn sign_contract_address(&self, contract_address: &Address, accounts: &AccountProvider) -> Result<Signature, Error> {
fn sign_contract_address(&self, contract_address: &Address) -> Result<Signature, Error> {
let key_server_account = self.config.key_server_account.ok_or_else(|| ErrorKind::KeyServerAccountNotSet)?;
let password = find_account_password(&self.config.passwords, accounts, &key_server_account);
Ok(accounts.sign(key_server_account, password, address_to_key(contract_address))?)
Ok(self.signer.sign(key_server_account, address_to_key(contract_address))?)
}
}
@@ -199,16 +198,15 @@ impl Encryptor for SecretStoreEncryptor {
fn encrypt(
&self,
contract_address: &Address,
accounts: &AccountProvider,
initialisation_vector: &H128,
plain_data: &[u8],
) -> Result<Bytes, Error> {
// retrieve the key, try to generate it if it doesn't exist yet
let key = match self.retrieve_key("", false, contract_address, &*accounts) {
let key = match self.retrieve_key("", false, contract_address) {
Ok(key) => Ok(key),
Err(Error(ErrorKind::EncryptionKeyNotFound(_), _)) => {
trace!(target: "privatetx", "Key for account wasnt found in sstore. Creating. Address: {:?}", contract_address);
self.retrieve_key(&format!("/{}", self.config.threshold), true, contract_address, &*accounts)
self.retrieve_key(&format!("/{}", self.config.threshold), true, contract_address)
}
Err(err) => Err(err),
}?;
@@ -227,7 +225,6 @@ impl Encryptor for SecretStoreEncryptor {
fn decrypt(
&self,
contract_address: &Address,
accounts: &AccountProvider,
cypher: &[u8],
) -> Result<Bytes, Error> {
// initialization vector takes INIT_VEC_LEN bytes
@@ -237,7 +234,7 @@ impl Encryptor for SecretStoreEncryptor {
}
// retrieve existing key
let key = self.retrieve_key("", false, contract_address, accounts)?;
let key = self.retrieve_key("", false, contract_address)?;
// use symmetric decryption to decrypt document
let (cypher, iv) = cypher.split_at(cypher_len - INIT_VEC_LEN);
@@ -257,7 +254,6 @@ impl Encryptor for NoopEncryptor {
fn encrypt(
&self,
_contract_address: &Address,
_accounts: &AccountProvider,
_initialisation_vector: &H128,
data: &[u8],
) -> Result<Bytes, Error> {
@@ -267,7 +263,6 @@ impl Encryptor for NoopEncryptor {
fn decrypt(
&self,
_contract_address: &Address,
_accounts: &AccountProvider,
data: &[u8],
) -> Result<Bytes, Error> {
Ok(data.to_vec())

15
ethcore/private-tx/src/error.rs
View File

@@ -17,10 +17,10 @@
use ethereum_types::Address;
use rlp::DecoderError;
use ethtrie::TrieError;
use ethcore::account_provider::SignError;
use ethcore::error::{Error as EthcoreError, ExecutionError};
use types::transaction::Error as TransactionError;
use ethkey::Error as KeyError;
use ethkey::crypto::Error as CryptoError;
use txpool::Error as TxPoolError;
error_chain! {
@@ -29,6 +29,7 @@ error_chain! {
Decoder(DecoderError) #[doc = "RLP decoding error."];
Trie(TrieError) #[doc = "Error concerning TrieDBs."];
Txpool(TxPoolError) #[doc = "Tx pool error."];
Crypto(CryptoError) #[doc = "Crypto error."];
}
errors {
@@ -152,12 +153,6 @@ error_chain! {
display("General signing error {}", err),
}
#[doc = "Account provider signing error."]
Sign(err: SignError) {
description("Account provider signing error."),
display("Account provider signing error {}", err),
}
#[doc = "Error of transactions processing."]
Transaction(err: TransactionError) {
description("Error of transactions processing."),
@@ -172,12 +167,6 @@ error_chain! {
}
}
impl From<SignError> for Error {
fn from(err: SignError) -> Self {
ErrorKind::Sign(err).into()
}
}
impl From<KeyError> for Error {
fn from(err: KeyError) -> Self {
ErrorKind::Key(err).into()

78
ethcore/private-tx/src/lib.rs
View File

@@ -87,13 +87,11 @@ use ethcore::client::{
Client, ChainNotify, NewBlocks, ChainMessageType, ClientIoMessage, BlockId,
Call, BlockInfo
};
use ethcore::account_provider::AccountProvider;
use ethcore::miner::{self, Miner, MinerService, pool_client::NonceCache};
use ethcore::{state, state_db};
use ethcore::trace::{Tracer, VMTracer};
use call_contract::CallContract;
use rustc_hex::FromHex;
use ethkey::Password;
use ethabi::FunctionOutputDecoder;
// Source avaiable at https://github.com/parity-contracts/private-tx/blob/master/contracts/PrivateContract.sol
@@ -120,8 +118,6 @@ pub struct ProviderConfig {
pub validator_accounts: Vec<Address>,
/// Account used for signing public transactions created from private transactions
pub signer_account: Option<Address>,
/// Passwords used to unlock accounts
pub passwords: Vec<Password>,
}
#[derive(Debug)]
@@ -135,18 +131,51 @@ pub struct Receipt {
pub status_code: u8,
}
/// Payload signing and decrypting capabilities.
pub trait Signer: Send + Sync {
/// Decrypt payload using private key of given address.
fn decrypt(&self, account: Address, shared_mac: &[u8], payload: &[u8]) -> Result<Vec<u8>, Error>;
/// Sign given hash using provided account.
fn sign(&self, account: Address, hash: ethkey::Message) -> Result<Signature, Error>;
}
/// Signer implementation that errors on any request.
pub struct DummySigner;
impl Signer for DummySigner {
fn decrypt(&self, _account: Address, _shared_mac: &[u8], _payload: &[u8]) -> Result<Vec<u8>, Error> {
Err("Decrypting is not supported.".to_owned())?
}
fn sign(&self, _account: Address, _hash: ethkey::Message) -> Result<Signature, Error> {
Err("Signing is not supported.".to_owned())?
}
}
/// Signer implementation using multiple keypairs
pub struct KeyPairSigner(pub Vec<ethkey::KeyPair>);
impl Signer for KeyPairSigner {
fn decrypt(&self, account: Address, shared_mac: &[u8], payload: &[u8]) -> Result<Vec<u8>, Error> {
let kp = self.0.iter().find(|k| k.address() == account).ok_or(ethkey::Error::InvalidAddress)?;
Ok(ethkey::crypto::ecies::decrypt(kp.secret(), shared_mac, payload)?)
}
fn sign(&self, account: Address, hash: ethkey::Message) -> Result<Signature, Error> {
let kp = self.0.iter().find(|k| k.address() == account).ok_or(ethkey::Error::InvalidAddress)?;
Ok(ethkey::sign(kp.secret(), &hash)?)
}
}
/// Manager of private transactions
pub struct Provider {
encryptor: Box<Encryptor>,
validator_accounts: HashSet<Address>,
signer_account: Option<Address>,
passwords: Vec<Password>,
notify: RwLock<Vec<Weak<ChainNotify>>>,
transactions_for_signing: RwLock<SigningStore>,
transactions_for_verification: VerificationStore,
client: Arc<Client>,
miner: Arc<Miner>,
accounts: Arc<AccountProvider>,
accounts: Arc<Signer>,
channel: IoChannel<ClientIoMessage>,
keys_provider: Arc<KeyProvider>,
}
@@ -159,12 +188,12 @@ pub struct PrivateExecutionResult<T, V> where T: Tracer, V: VMTracer {
result: Executed<T::Output, V::Output>,
}
impl Provider where {
impl Provider {
/// Create a new provider.
pub fn new(
client: Arc<Client>,
miner: Arc<Miner>,
accounts: Arc<AccountProvider>,
accounts: Arc<Signer>,
encryptor: Box<Encryptor>,
config: ProviderConfig,
channel: IoChannel<ClientIoMessage>,
@@ -175,7 +204,6 @@ impl Provider where {
encryptor,
validator_accounts: config.validator_accounts.into_iter().collect(),
signer_account: config.signer_account,
passwords: config.passwords,
notify: RwLock::default(),
transactions_for_signing: RwLock::default(),
transactions_for_verification: VerificationStore::default(),
@@ -248,21 +276,20 @@ impl Provider where {
keccak(&state_buf.as_ref())
}
fn pool_client<'a>(&'a self, nonce_cache: &'a NonceCache) -> miner::pool_client::PoolClient<'a, Client> {
fn pool_client<'a>(&'a self, nonce_cache: &'a NonceCache, local_accounts: &'a HashSet<Address>) -> miner::pool_client::PoolClient<'a, Client> {
let engine = self.client.engine();
let refuse_service_transactions = true;
miner::pool_client::PoolClient::new(
&*self.client,
nonce_cache,
engine,
Some(&*self.accounts),
local_accounts,
refuse_service_transactions,
)
}
/// Retrieve and verify the first available private transaction for every sender
fn process_verification_queue(&self) -> Result<(), Error> {
let nonce_cache = NonceCache::new(NONCE_CACHE_SIZE);
let process_transaction = |transaction: &VerifiedPrivateTransaction| -> Result<_, String> {
let private_hash = transaction.private_transaction.hash();
match transaction.validator_account {
@@ -292,8 +319,7 @@ impl Provider where {
let private_state = private_state.expect("Error was checked before");
let private_state_hash = self.calculate_state_hash(&private_state, contract_nonce);
trace!(target: "privatetx", "Hashed effective private state for validator: {:?}", private_state_hash);
let password = find_account_password(&self.passwords, &*self.accounts, &validator_account);
let signed_state = self.accounts.sign(validator_account, password, private_state_hash);
let signed_state = self.accounts.sign(validator_account, private_state_hash);
if let Err(e) = signed_state {
bail!("Cannot sign the state: {:?}", e);
}
@@ -305,7 +331,9 @@ impl Provider where {
}
Ok(())
};
let ready_transactions = self.transactions_for_verification.drain(self.pool_client(&nonce_cache));
let nonce_cache = NonceCache::new(NONCE_CACHE_SIZE);
let local_accounts = HashSet::new();
let ready_transactions = self.transactions_for_verification.drain(self.pool_client(&nonce_cache, &local_accounts));
for transaction in ready_transactions {
if let Err(e) = process_transaction(&transaction) {
warn!(target: "privatetx", "Error: {:?}", e);
@@ -346,8 +374,7 @@ impl Provider where {
let chain_id = desc.original_transaction.chain_id();
let hash = public_tx.hash(chain_id);
let signer_account = self.signer_account.ok_or_else(|| ErrorKind::SignerAccountNotSet)?;
let password = find_account_password(&self.passwords, &*self.accounts, &signer_account);
let signature = self.accounts.sign(signer_account, password, hash)?;
let signature = self.accounts.sign(signer_account, hash)?;
let signed = SignedTransaction::new(public_tx.with_signature(signature, chain_id))?;
match self.miner.import_own_transaction(&*self.client, signed.into()) {
Ok(_) => trace!(target: "privatetx", "Public transaction added to queue"),
@@ -442,12 +469,12 @@ impl Provider where {
fn encrypt(&self, contract_address: &Address, initialisation_vector: &H128, data: &[u8]) -> Result<Bytes, Error> {
trace!(target: "privatetx", "Encrypt data using key(address): {:?}", contract_address);
Ok(self.encryptor.encrypt(contract_address, &*self.accounts, initialisation_vector, data)?)
Ok(self.encryptor.encrypt(contract_address, initialisation_vector, data)?)
}
fn decrypt(&self, contract_address: &Address, data: &[u8]) -> Result<Bytes, Error> {
trace!(target: "privatetx", "Decrypt data using key(address): {:?}", contract_address);
Ok(self.encryptor.decrypt(contract_address, &*self.accounts, data)?)
Ok(self.encryptor.decrypt(contract_address, data)?)
}
fn get_decrypted_state(&self, address: &Address, block: BlockId) -> Result<Bytes, Error> {
@@ -702,12 +729,13 @@ impl Importer for Arc<Provider> {
let transaction_bytes = self.decrypt(&contract, &encrypted_data)?;
let original_tx: UnverifiedTransaction = Rlp::new(&transaction_bytes).as_val()?;
let nonce_cache = NonceCache::new(NONCE_CACHE_SIZE);
let local_accounts = HashSet::new();
// Add to the queue for further verification
self.transactions_for_verification.add_transaction(
original_tx,
validation_account.map(|&account| account),
private_tx,
self.pool_client(&nonce_cache),
self.pool_client(&nonce_cache, &local_accounts),
)?;
let provider = Arc::downgrade(self);
let result = self.channel.send(ClientIoMessage::execute(move |_| {
@@ -742,16 +770,6 @@ impl Importer for Arc<Provider> {
}
}
/// Try to unlock account using stored password, return found password if any
fn find_account_password(passwords: &Vec<Password>, account_provider: &AccountProvider, account: &Address) -> Option<Password> {
for password in passwords {
if let Ok(true) = account_provider.test_password(account, password) {
return Some(password.clone());
}
}
None
}
impl ChainNotify for Provider {
fn new_blocks(&self, new_blocks: NewBlocks) {
if new_blocks.imported.is_empty() || new_blocks.has_more_blocks_to_import { return }