From: Blockmeta-εŒΊε—ε…ƒ Date: Tue, 23 Jan 2018 02:38:01 +0000 (+0800) Subject: Add passwords and Remove xprv cache (#267) X-Git-Tag: v1.0.5~341 X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=6d33b639ec3ff3dce1f286902f30cdd215c6faf0;p=bytom%2Fbytom.git Add passwords and Remove xprv cache (#267) * Fix Key not Found Problem Remove XPrv cache Change password string to array * Add password array fix test bug * Truncate useless codes Return error ,no more "if" --- diff --git a/blockchain/hsm.go b/blockchain/hsm.go index 3cafdae5..b1872284 100644 --- a/blockchain/hsm.go +++ b/blockchain/hsm.go @@ -47,31 +47,23 @@ func (bcr *BlockchainReactor) pseudohsmDeleteKey(ctx context.Context, x struct { if err := bcr.hsm.XDelete(x.XPub, x.Password); err != nil { return resWrapper(nil, err) } - return resWrapper(nil) } func (bcr *BlockchainReactor) pseudohsmSignTemplates(ctx context.Context, x struct { - Auth string `json:"auth"` - Txs txbuilder.Template `json:"transaction"` + Password []string `json:"password"` + Txs txbuilder.Template `json:"transaction"` }) Response { - var err error - if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Auth, bcr.pseudohsmSignTemplate); err != nil { + if err := txbuilder.Sign(ctx, &x.Txs, nil, x.Password, bcr.pseudohsmSignTemplate); err != nil { log.WithField("build err", err).Error("fail on sign transaction.") return resWrapper(nil, err) } - log.Info("Sign Transaction complete.") return resWrapper(&x.Txs) } func (bcr *BlockchainReactor) pseudohsmSignTemplate(ctx context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) { - sigBytes, err := bcr.hsm.XSign(xpub, path, data[:], password) - if err == pseudohsm.ErrNoKey { - log.Error(err) - return nil, nil - } - return sigBytes, err + return bcr.hsm.XSign(xpub, path, data[:], password) } func (bcr *BlockchainReactor) pseudohsmResetPassword(ctx context.Context, x struct { diff --git a/blockchain/hsm_test.go b/blockchain/hsm_test.go index c3e5a687..2449ab96 100755 --- a/blockchain/hsm_test.go +++ b/blockchain/hsm_test.go @@ -91,7 +91,7 @@ func TestHSM(t *testing.T) { } //go accounts.ProcessBlocks(ctx) - err = txbuilder.Sign(ctx, tmpl, nil, "password", func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) { + err = txbuilder.Sign(ctx, tmpl, nil, []string{"password"}, func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) { sigBytes, err := hsm.XSign(xpub, path, data[:], password) if err != nil { return nil, nil diff --git a/blockchain/pseudohsm/keycache.go b/blockchain/pseudohsm/keycache.go index bb8191a0..44239982 100644 --- a/blockchain/pseudohsm/keycache.go +++ b/blockchain/pseudohsm/keycache.go @@ -147,14 +147,14 @@ func (kc *keyCache) find(xpub XPub) (XPub, error) { } } if (xpub.XPub == chainkd.XPub{}) { - return XPub{}, ErrNoKey + return XPub{}, ErrLoadKey } } switch len(matches) { case 1: return matches[0], nil case 0: - return XPub{}, ErrNoKey + return XPub{}, ErrLoadKey default: err := &AmbiguousKeyError{Pubkey: hex.EncodeToString(xpub.XPub[:]), Matches: make([]XPub, len(matches))} copy(err.Matches, matches) diff --git a/blockchain/pseudohsm/keycache_test.go b/blockchain/pseudohsm/keycache_test.go index 5c0c5042..a32f422f 100644 --- a/blockchain/pseudohsm/keycache_test.go +++ b/blockchain/pseudohsm/keycache_test.go @@ -270,10 +270,10 @@ func TestCacheFind(t *testing.T) { }, }, // no match error - {Query: nomatchKey, WantError: ErrNoKey}, - {Query: XPub{File: nomatchKey.File}, WantError: ErrNoKey}, - {Query: XPub{File: filepath.Base(nomatchKey.File)}, WantError: ErrNoKey}, - {Query: XPub{XPub: nomatchKey.XPub}, WantError: ErrNoKey}, + {Query: nomatchKey, WantError: ErrLoadKey}, + {Query: XPub{File: nomatchKey.File}, WantError: ErrLoadKey}, + {Query: XPub{File: filepath.Base(nomatchKey.File)}, WantError: ErrLoadKey}, + {Query: XPub{XPub: nomatchKey.XPub}, WantError: ErrLoadKey}, } for i, test := range tests { a, err := cache.find(test.Query) diff --git a/blockchain/pseudohsm/pseudohsm.go b/blockchain/pseudohsm/pseudohsm.go index e870638f..19e01332 100644 --- a/blockchain/pseudohsm/pseudohsm.go +++ b/blockchain/pseudohsm/pseudohsm.go @@ -19,7 +19,7 @@ var ( ErrDuplicateKeyAlias = errors.New("duplicate key alias") ErrDuplicateKey = errors.New("duplicate key") ErrInvalidAfter = errors.New("invalid after") - ErrNoKey = errors.New("key not found") + ErrLoadKey = errors.New("key not found or wrong password ") ErrInvalidKeySize = errors.New("key invalid size") ErrTooManyAliasesToList = errors.New("requested aliases exceeds limit") ErrAmbiguousAlias = errors.New("multiple keys match alias") @@ -32,7 +32,7 @@ type HSM struct { cacheMu sync.Mutex keyStore keyStore cache *keyCache - kdCache map[chainkd.XPub]chainkd.XPrv + //kdCache map[chainkd.XPub]chainkd.XPrv } // XPub type for pubkey for anyone can see @@ -48,7 +48,7 @@ func New(keypath string) (*HSM, error) { return &HSM{ keyStore: &keyStorePassphrase{keydir, LightScryptN, LightScryptP}, cache: newKeyCache(keydir), - kdCache: make(map[chainkd.XPub]chainkd.XPrv), + //kdCache: make(map[chainkd.XPub]chainkd.XPrv), }, nil } @@ -110,15 +110,15 @@ func (h *HSM) LoadChainKDKey(xpub chainkd.XPub, auth string) (xprv chainkd.XPrv, h.cacheMu.Lock() defer h.cacheMu.Unlock() - if xprv, ok := h.kdCache[xpub]; ok { - return xprv, nil - } + //if xprv, ok := h.kdCache[xpub]; ok { + // return xprv, nil + //} - xpb, xkey, err := h.loadDecryptedKey(xpub, auth) + _, xkey, err := h.loadDecryptedKey(xpub, auth) if err != nil { - return xprv, ErrNoKey + return xprv, ErrLoadKey } - h.kdCache[xpb.XPub] = xkey.XPrv + //h.kdCache[xpb.XPub] = xkey.XPrv return xkey.XPrv, nil } @@ -137,6 +137,7 @@ func (h *HSM) XDelete(xpub chainkd.XPub, auth string) error { return err } + h.cacheMu.Lock() // The order is crucial here. The key is dropped from the // cache after the file is gone so that a reload happening in // between won't insert it into the cache again. @@ -144,8 +145,6 @@ func (h *HSM) XDelete(xpub chainkd.XPub, auth string) error { if err == nil { h.cache.delete(xpb) } - h.cacheMu.Lock() - delete(h.kdCache, xpub) h.cacheMu.Unlock() return err } diff --git a/blockchain/transact.go b/blockchain/transact.go index 5e55ebea..153a9e83 100644 --- a/blockchain/transact.go +++ b/blockchain/transact.go @@ -236,12 +236,12 @@ func (bcr *BlockchainReactor) submit(ctx context.Context, tpl *txbuilder.Templat // POST /sign-submit-transaction func (bcr *BlockchainReactor) signSubmit(ctx context.Context, x struct { - Auth string `json:"auth"` + Password []string `json:"password"` Txs txbuilder.Template `json:"transaction"` }) Response { var err error - if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Auth, bcr.pseudohsmSignTemplate); err != nil { + if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Password, bcr.pseudohsmSignTemplate); err != nil { log.WithField("build err", err).Error("fail on sign transaction.") return resWrapper(nil, err) } diff --git a/blockchain/txbuilder/rawtxsig_witness.go b/blockchain/txbuilder/rawtxsig_witness.go index 7cf15733..a616a296 100755 --- a/blockchain/txbuilder/rawtxsig_witness.go +++ b/blockchain/txbuilder/rawtxsig_witness.go @@ -20,7 +20,7 @@ type RawTxSigWitness struct { Sigs []chainjson.HexBytes `json:"signatures"` } -func (sw *RawTxSigWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth string, signFn SignFunc) error { +func (sw *RawTxSigWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error { if len(sw.Sigs) < len(sw.Keys) { // Each key in sw.Keys may produce a signature in sw.Sigs. Make // sure there are enough slots in sw.Sigs and that we preserve any @@ -48,7 +48,7 @@ func (sw *RawTxSigWitness) sign(ctx context.Context, tpl *Template, index uint32 for i, p := range keyID.DerivationPath { path[i] = p } - sigBytes, err := signFn(ctx, keyID.XPub, path, tpl.Hash(index).Byte32(), auth) + sigBytes, err := signFn(ctx, keyID.XPub, path, tpl.Hash(index).Byte32(), auth[i]) if err != nil { return errors.WithDetailf(err, "computing signature %d", i) } diff --git a/blockchain/txbuilder/signature_witness.go b/blockchain/txbuilder/signature_witness.go index 0f28216e..6b5e0733 100755 --- a/blockchain/txbuilder/signature_witness.go +++ b/blockchain/txbuilder/signature_witness.go @@ -47,7 +47,7 @@ var ErrEmptyProgram = errors.New("empty signature program") // - the mintime and maxtime of the transaction (if non-zero) // - the outputID and (if non-empty) reference data of the current input // - the assetID, amount, control program, and (if non-empty) reference data of each output. -func (sw *SignatureWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth string, signFn SignFunc) error { +func (sw *SignatureWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error { // Compute the predicate to sign. This is either a // txsighash program if tpl.AllowAdditional is false (i.e., the tx is complete // and no further changes are allowed) or a program enforcing @@ -91,7 +91,7 @@ func (sw *SignatureWitness) sign(ctx context.Context, tpl *Template, index uint3 for i, p := range keyID.DerivationPath { path[i] = p } - sigBytes, err := signFn(ctx, keyID.XPub, path, h, auth) + sigBytes, err := signFn(ctx, keyID.XPub, path, h, auth[i]) if err != nil { return errors.WithDetailf(err, "computing signature %d", i) } diff --git a/blockchain/txbuilder/txbuilder.go b/blockchain/txbuilder/txbuilder.go index 8ae2cc39..fa0c5e60 100755 --- a/blockchain/txbuilder/txbuilder.go +++ b/blockchain/txbuilder/txbuilder.go @@ -71,7 +71,7 @@ func Build(ctx context.Context, tx *legacy.TxData, actions []Action, maxTime tim return tpl, nil } -func Sign(ctx context.Context, tpl *Template, xpubs []chainkd.XPub, auth string, signFn SignFunc) error { +func Sign(ctx context.Context, tpl *Template, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error { for i, sigInst := range tpl.SigningInstructions { for j, wc := range sigInst.WitnessComponents { switch sw := wc.(type) { diff --git a/test/util.go b/test/util.go index e0b2eed2..b8d88b5b 100644 --- a/test/util.go +++ b/test/util.go @@ -63,11 +63,8 @@ func MockTx(utxo *account.UTXO, testAccount *account.Account) (*txbuilder.Templa } func MockSign(tpl *txbuilder.Template, hsm *pseudohsm.HSM) error { - return txbuilder.Sign(nil, tpl, nil, "password", func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) { + return txbuilder.Sign(nil, tpl, nil, []string{"password", "password"}, func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) { sigBytes, err := hsm.XSign(xpub, path, data[:], password) - if err != nil { - return nil, nil - } return sigBytes, err }) }