grassrootseconomics/openethereum
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Consolidate crypto functionality in ethcore-crypto. (#8432)

Browse Source 
* Consolidate crypto functionality in `ethcore-crypto`.

- Move `ecdh`/`ecies` modules to `ethkey`.
- Refactor `ethcore-crypto` to use file per module.
- Replace `subtle` with `ethcore_crypto::is_equal`.
- Add `aes_gcm` module to `ethcore-crypto`.

* Rename `aes::{encrypt,decrypt,decrypt_cbc}` ...

... to `aes::{encrypt_128_ctr,decrypt_128_ctr,decrypt_128_cbc}`.
This commit is contained in:
Toralf Wittner
2018-05-05 11:02:33 +02:00
committed by Marek Kotewicz
parent a4c7843a07
commit e30839e85f
50 changed files with 1003 additions and 542 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
secret_store/src/key_server.rs
View File

@@ -21,7 +21,8 @@ use std::sync::mpsc;
use futures::{self, Future};
use parking_lot::Mutex;
use tokio_core::reactor::Core;
use crypto;
use crypto::DEFAULT_MAC;
use ethkey::crypto;
use super::acl_storage::AclStorage;
use super::key_storage::KeyStorage;
use super::key_server_set::KeyServerSet;
@@ -105,7 +106,7 @@ impl DocumentKeyServer for KeyServerImpl {
self.store_document_key(key_id, author, encrypted_document_key.common_point, encrypted_document_key.encrypted_point)?;
// encrypt document key with requestor public key
let document_key = crypto::ecies::encrypt(&public, &crypto::DEFAULT_MAC, &document_key)
let document_key = crypto::ecies::encrypt(&public, &DEFAULT_MAC, &document_key)
.map_err(|err| Error::Internal(format!("Error encrypting document key: {}", err)))?;
Ok(document_key)
}
@@ -122,7 +123,7 @@ impl DocumentKeyServer for KeyServerImpl {
.decrypted_secret;
// encrypt document key with requestor public key
let document_key = crypto::ecies::encrypt(&public, &crypto::DEFAULT_MAC, &document_key)
let document_key = crypto::ecies::encrypt(&public, &DEFAULT_MAC, &document_key)
.map_err(|err| Error::Internal(format!("Error encrypting document key: {}", err)))?;
Ok(document_key)
}
@@ -152,7 +153,7 @@ impl MessageSigner for KeyServerImpl {
combined_signature[32..].clone_from_slice(&**message_signature.1);
// encrypt combined signature with requestor public key
let message_signature = crypto::ecies::encrypt(&public, &crypto::DEFAULT_MAC, &combined_signature)
let message_signature = crypto::ecies::encrypt(&public, &DEFAULT_MAC, &combined_signature)
.map_err(|err| Error::Internal(format!("Error encrypting message signature: {}", err)))?;
Ok(message_signature)
}
@@ -167,7 +168,7 @@ impl MessageSigner for KeyServerImpl {
let message_signature = signing_session.wait()?;
// encrypt combined signature with requestor public key
let message_signature = crypto::ecies::encrypt(&public, &crypto::DEFAULT_MAC, &*message_signature)
let message_signature = crypto::ecies::encrypt(&public, &DEFAULT_MAC, &*message_signature)
.map_err(|err| Error::Internal(format!("Error encrypting message signature: {}", err)))?;
Ok(message_signature)
}
@@ -229,8 +230,8 @@ pub mod tests {
use std::sync::Arc;
use std::net::SocketAddr;
use std::collections::BTreeMap;
use crypto;
use ethkey::{self, Secret, Random, Generator, verify_public};
use crypto::DEFAULT_MAC;
use ethkey::{self, crypto, Secret, Random, Generator, verify_public};
use acl_storage::DummyAclStorage;
use key_storage::KeyStorage;
use key_storage::tests::DummyKeyStorage;
@@ -358,12 +359,12 @@ pub mod tests {
let secret = Random.generate().unwrap().secret().clone();
let signature = ethkey::sign(&secret, &document).unwrap();
let generated_key = key_servers[0].generate_document_key(&document, &signature.clone().into(), threshold).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &generated_key).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &generated_key).unwrap();
// now let's try to retrieve key back
for key_server in key_servers.iter() {
let retrieved_key = key_server.restore_document_key(&document, &signature.clone().into()).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &retrieved_key).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &retrieved_key).unwrap();
assert_eq!(retrieved_key, generated_key);
}
}
@@ -380,12 +381,12 @@ pub mod tests {
let secret = Random.generate().unwrap().secret().clone();
let signature = ethkey::sign(&secret, &document).unwrap();
let generated_key = key_servers[0].generate_document_key(&document, &signature.clone().into(), *threshold).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &generated_key).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &generated_key).unwrap();
// now let's try to retrieve key back
for (i, key_server) in key_servers.iter().enumerate() {
let retrieved_key = key_server.restore_document_key(&document, &signature.clone().into()).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &retrieved_key).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &retrieved_key).unwrap();
assert_eq!(retrieved_key, generated_key);
let key_share = key_storages[i].get(&document).unwrap().unwrap();
@@ -419,7 +420,7 @@ pub mod tests {
// now let's try to retrieve key back
for key_server in key_servers.iter() {
let retrieved_key = key_server.restore_document_key(&server_key_id, &signature.clone().into()).unwrap();
let retrieved_key = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &retrieved_key).unwrap();
let retrieved_key = crypto::ecies::decrypt(&requestor_secret, &DEFAULT_MAC, &retrieved_key).unwrap();
let retrieved_key = Public::from_slice(&retrieved_key);
assert_eq!(retrieved_key, generated_key);
}
@@ -442,7 +443,7 @@ pub mod tests {
// sign message
let message_hash = H256::from(42);
let combined_signature = key_servers[0].sign_message_schnorr(&server_key_id, &signature.into(), message_hash.clone()).unwrap();
let combined_signature = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &combined_signature).unwrap();
let combined_signature = crypto::ecies::decrypt(&requestor_secret, &DEFAULT_MAC, &combined_signature).unwrap();
let signature_c = Secret::from_slice(&combined_signature[..32]).unwrap();
let signature_s = Secret::from_slice(&combined_signature[32..]).unwrap();
@@ -462,14 +463,14 @@ pub mod tests {
let secret = Random.generate().unwrap().secret().clone();
let signature = ethkey::sign(&secret, &document).unwrap();
let generated_key = key_servers[0].generate_document_key(&document, &signature.clone().into(), threshold).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &generated_key).unwrap();
let generated_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &generated_key).unwrap();
// remove key from node0
key_servers[0].cluster().key_storage().remove(&document).unwrap();
// now let's try to retrieve key back by requesting it from node0, so that session must be delegated
let retrieved_key = key_servers[0].restore_document_key(&document, &signature.into()).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &crypto::DEFAULT_MAC, &retrieved_key).unwrap();
let retrieved_key = crypto::ecies::decrypt(&secret, &DEFAULT_MAC, &retrieved_key).unwrap();
assert_eq!(retrieved_key, generated_key);
}
@@ -491,7 +492,7 @@ pub mod tests {
// sign message
let message_hash = H256::from(42);
let combined_signature = key_servers[0].sign_message_schnorr(&server_key_id, &signature.into(), message_hash.clone()).unwrap();
let combined_signature = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &combined_signature).unwrap();
let combined_signature = crypto::ecies::decrypt(&requestor_secret, &DEFAULT_MAC, &combined_signature).unwrap();
let signature_c = Secret::from_slice(&combined_signature[..32]).unwrap();
let signature_s = Secret::from_slice(&combined_signature[32..]).unwrap();
@@ -517,7 +518,7 @@ pub mod tests {
// sign message
let message_hash = H256::random();
let signature = key_servers[0].sign_message_ecdsa(&server_key_id, &signature.into(), message_hash.clone()).unwrap();
let signature = crypto::ecies::decrypt(&requestor_secret, &crypto::DEFAULT_MAC, &signature).unwrap();
let signature = crypto::ecies::decrypt(&requestor_secret, &DEFAULT_MAC, &signature).unwrap();
let signature: H520 = signature[0..65].into();
// check signature

4
secret_store/src/key_server_cluster/client_sessions/decryption_session.rs
View File

@@ -1279,7 +1279,7 @@ mod tests {
assert!(decrypted_secret.decrypt_shadows.is_some());
// check that KS client is able to restore original secret
use crypto::DEFAULT_MAC;
use crypto::ecies::decrypt;
use ethkey::crypto::ecies::decrypt;
let decrypt_shadows: Vec<_> = decrypted_secret.decrypt_shadows.unwrap().into_iter()
.map(|c| Secret::from_slice(&decrypt(key_pair.secret(), &DEFAULT_MAC, &c).unwrap()).unwrap())
.collect();
@@ -1423,7 +1423,7 @@ mod tests {
// 4 nodes must be able to recover original secret
use crypto::DEFAULT_MAC;
use crypto::ecies::decrypt;
use ethkey::crypto::ecies::decrypt;
let result = sessions[0].decrypted_secret().unwrap().unwrap();
assert_eq!(3, sessions.iter().skip(1).filter(|s| s.decrypted_secret() == Some(Ok(result.clone()))).count());
let decrypt_shadows: Vec<_> = result.decrypt_shadows.unwrap().into_iter()

2
secret_store/src/key_server_cluster/io/handshake.rs
View File

@@ -37,7 +37,7 @@ use std::sync::Arc;
use std::collections::BTreeSet;
use futures::{Future, Poll, Async};
use tokio_io::{AsyncRead, AsyncWrite};
use crypto::ecdh::agree;
use ethkey::crypto::ecdh::agree;
use ethkey::{Random, Generator, KeyPair, Public, Signature, verify_public, sign, recover};
use ethereum_types::H256;
use key_server_cluster::{NodeId, Error, NodeKeyPair};

4
secret_store/src/key_server_cluster/io/message.rs
View File

@@ -19,7 +19,7 @@ use std::u16;
use std::ops::Deref;
use byteorder::{LittleEndian, ReadBytesExt, WriteBytesExt};
use serde_json;
use crypto::ecies;
use ethkey::crypto::ecies;
use ethkey::{Secret, KeyPair};
use ethkey::math::curve_order;
use ethereum_types::{H256, U256};
@@ -306,7 +306,7 @@ pub mod tests {
use futures::Poll;
use tokio_io::{AsyncRead, AsyncWrite};
use ethkey::{Random, Generator, KeyPair};
use crypto::ecdh::agree;
use ethkey::crypto::ecdh::agree;
use key_server_cluster::Error;
use key_server_cluster::message::Message;
use super::{MESSAGE_HEADER_SIZE, CURRENT_HEADER_VERSION, MessageHeader, fix_shared_key, encrypt_message,

2
secret_store/src/key_server_cluster/jobs/decryption_job.rs
View File

@@ -17,8 +17,8 @@
use std::collections::{BTreeSet, BTreeMap};
use ethereum_types::H256;
use ethkey::{Public, Secret};
use crypto::ecies::encrypt;
use crypto::DEFAULT_MAC;
use ethkey::crypto::ecies::encrypt;
use key_server_cluster::{Error, NodeId, DocumentKeyShare, EncryptedDocumentKeyShadow};
use key_server_cluster::math;
use key_server_cluster::jobs::job_session::{JobPartialRequestAction, JobPartialResponseAction, JobExecutor};

5
secret_store/src/node_key_pair.rs
View File

@@ -15,7 +15,7 @@
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
use std::sync::Arc;
use crypto::ecdh::agree;
use ethkey::crypto::ecdh::agree;
use ethkey::{KeyPair, Public, Signature, Error as EthKeyError, sign, public_to_address};
use ethcore::account_provider::AccountProvider;
use ethereum_types::{H256, Address};
@@ -54,7 +54,8 @@ impl NodeKeyPair for PlainNodeKeyPair {
}
fn compute_shared_key(&self, peer_public: &Public) -> Result<KeyPair, EthKeyError> {
agree(self.key_pair.secret(), peer_public).map_err(|e| EthKeyError::Custom(e.into()))
agree(self.key_pair.secret(), peer_public)
.map_err(|e| EthKeyError::Custom(e.to_string()))
.and_then(KeyPair::from_secret)
}
}

8
secret_store/src/types/error.rs
View File

@@ -168,6 +168,12 @@ impl From<ethkey::Error> for Error {
}
}
impl From<ethkey::crypto::Error> for Error {
fn from(err: ethkey::crypto::Error) -> Self {
Error::EthKey(err.to_string())
}
}
impl From<kvdb::Error> for Error {
fn from(err: kvdb::Error) -> Self {
Error::Database(err.to_string())
@@ -176,7 +182,7 @@ impl From<kvdb::Error> for Error {
impl From<crypto::Error> for Error {
fn from(err: crypto::Error) -> Self {
Error::EthKey(err.into())
Error::EthKey(err.to_string())
}
}