if err := bcr.hsm.XDelete(x.XPub, x.Password); err != nil {
return resWrapper(nil, err)
}
-
return resWrapper(nil)
}
func (bcr *BlockchainReactor) pseudohsmSignTemplates(ctx context.Context, x struct {
- Auth string `json:"auth"`
- Txs txbuilder.Template `json:"transaction"`
+ Password []string `json:"password"`
+ Txs txbuilder.Template `json:"transaction"`
}) Response {
- var err error
- if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Auth, bcr.pseudohsmSignTemplate); err != nil {
+ if err := txbuilder.Sign(ctx, &x.Txs, nil, x.Password, bcr.pseudohsmSignTemplate); err != nil {
log.WithField("build err", err).Error("fail on sign transaction.")
return resWrapper(nil, err)
}
-
log.Info("Sign Transaction complete.")
return resWrapper(&x.Txs)
}
func (bcr *BlockchainReactor) pseudohsmSignTemplate(ctx context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) {
- sigBytes, err := bcr.hsm.XSign(xpub, path, data[:], password)
- if err == pseudohsm.ErrNoKey {
- log.Error(err)
- return nil, nil
- }
- return sigBytes, err
+ return bcr.hsm.XSign(xpub, path, data[:], password)
}
func (bcr *BlockchainReactor) pseudohsmResetPassword(ctx context.Context, x struct {
}
//go accounts.ProcessBlocks(ctx)
- err = txbuilder.Sign(ctx, tmpl, nil, "password", func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) {
+ err = txbuilder.Sign(ctx, tmpl, nil, []string{"password"}, func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) {
sigBytes, err := hsm.XSign(xpub, path, data[:], password)
if err != nil {
return nil, nil
}
}
if (xpub.XPub == chainkd.XPub{}) {
- return XPub{}, ErrNoKey
+ return XPub{}, ErrLoadKey
}
}
switch len(matches) {
case 1:
return matches[0], nil
case 0:
- return XPub{}, ErrNoKey
+ return XPub{}, ErrLoadKey
default:
err := &AmbiguousKeyError{Pubkey: hex.EncodeToString(xpub.XPub[:]), Matches: make([]XPub, len(matches))}
copy(err.Matches, matches)
},
},
// no match error
- {Query: nomatchKey, WantError: ErrNoKey},
- {Query: XPub{File: nomatchKey.File}, WantError: ErrNoKey},
- {Query: XPub{File: filepath.Base(nomatchKey.File)}, WantError: ErrNoKey},
- {Query: XPub{XPub: nomatchKey.XPub}, WantError: ErrNoKey},
+ {Query: nomatchKey, WantError: ErrLoadKey},
+ {Query: XPub{File: nomatchKey.File}, WantError: ErrLoadKey},
+ {Query: XPub{File: filepath.Base(nomatchKey.File)}, WantError: ErrLoadKey},
+ {Query: XPub{XPub: nomatchKey.XPub}, WantError: ErrLoadKey},
}
for i, test := range tests {
a, err := cache.find(test.Query)
ErrDuplicateKeyAlias = errors.New("duplicate key alias")
ErrDuplicateKey = errors.New("duplicate key")
ErrInvalidAfter = errors.New("invalid after")
- ErrNoKey = errors.New("key not found")
+ ErrLoadKey = errors.New("key not found or wrong password ")
ErrInvalidKeySize = errors.New("key invalid size")
ErrTooManyAliasesToList = errors.New("requested aliases exceeds limit")
ErrAmbiguousAlias = errors.New("multiple keys match alias")
cacheMu sync.Mutex
keyStore keyStore
cache *keyCache
- kdCache map[chainkd.XPub]chainkd.XPrv
+ //kdCache map[chainkd.XPub]chainkd.XPrv
}
// XPub type for pubkey for anyone can see
return &HSM{
keyStore: &keyStorePassphrase{keydir, LightScryptN, LightScryptP},
cache: newKeyCache(keydir),
- kdCache: make(map[chainkd.XPub]chainkd.XPrv),
+ //kdCache: make(map[chainkd.XPub]chainkd.XPrv),
}, nil
}
h.cacheMu.Lock()
defer h.cacheMu.Unlock()
- if xprv, ok := h.kdCache[xpub]; ok {
- return xprv, nil
- }
+ //if xprv, ok := h.kdCache[xpub]; ok {
+ // return xprv, nil
+ //}
- xpb, xkey, err := h.loadDecryptedKey(xpub, auth)
+ _, xkey, err := h.loadDecryptedKey(xpub, auth)
if err != nil {
- return xprv, ErrNoKey
+ return xprv, ErrLoadKey
}
- h.kdCache[xpb.XPub] = xkey.XPrv
+ //h.kdCache[xpb.XPub] = xkey.XPrv
return xkey.XPrv, nil
}
return err
}
+ h.cacheMu.Lock()
// The order is crucial here. The key is dropped from the
// cache after the file is gone so that a reload happening in
// between won't insert it into the cache again.
if err == nil {
h.cache.delete(xpb)
}
- h.cacheMu.Lock()
- delete(h.kdCache, xpub)
h.cacheMu.Unlock()
return err
}
// POST /sign-submit-transaction
func (bcr *BlockchainReactor) signSubmit(ctx context.Context, x struct {
- Auth string `json:"auth"`
+ Password []string `json:"password"`
Txs txbuilder.Template `json:"transaction"`
}) Response {
var err error
- if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Auth, bcr.pseudohsmSignTemplate); err != nil {
+ if err = txbuilder.Sign(ctx, &x.Txs, nil, x.Password, bcr.pseudohsmSignTemplate); err != nil {
log.WithField("build err", err).Error("fail on sign transaction.")
return resWrapper(nil, err)
}
Sigs []chainjson.HexBytes `json:"signatures"`
}
-func (sw *RawTxSigWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth string, signFn SignFunc) error {
+func (sw *RawTxSigWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error {
if len(sw.Sigs) < len(sw.Keys) {
// Each key in sw.Keys may produce a signature in sw.Sigs. Make
// sure there are enough slots in sw.Sigs and that we preserve any
for i, p := range keyID.DerivationPath {
path[i] = p
}
- sigBytes, err := signFn(ctx, keyID.XPub, path, tpl.Hash(index).Byte32(), auth)
+ sigBytes, err := signFn(ctx, keyID.XPub, path, tpl.Hash(index).Byte32(), auth[i])
if err != nil {
return errors.WithDetailf(err, "computing signature %d", i)
}
// - the mintime and maxtime of the transaction (if non-zero)
// - the outputID and (if non-empty) reference data of the current input
// - the assetID, amount, control program, and (if non-empty) reference data of each output.
-func (sw *SignatureWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth string, signFn SignFunc) error {
+func (sw *SignatureWitness) sign(ctx context.Context, tpl *Template, index uint32, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error {
// Compute the predicate to sign. This is either a
// txsighash program if tpl.AllowAdditional is false (i.e., the tx is complete
// and no further changes are allowed) or a program enforcing
for i, p := range keyID.DerivationPath {
path[i] = p
}
- sigBytes, err := signFn(ctx, keyID.XPub, path, h, auth)
+ sigBytes, err := signFn(ctx, keyID.XPub, path, h, auth[i])
if err != nil {
return errors.WithDetailf(err, "computing signature %d", i)
}
return tpl, nil
}
-func Sign(ctx context.Context, tpl *Template, xpubs []chainkd.XPub, auth string, signFn SignFunc) error {
+func Sign(ctx context.Context, tpl *Template, xpubs []chainkd.XPub, auth []string, signFn SignFunc) error {
for i, sigInst := range tpl.SigningInstructions {
for j, wc := range sigInst.WitnessComponents {
switch sw := wc.(type) {
}
func MockSign(tpl *txbuilder.Template, hsm *pseudohsm.HSM) error {
- return txbuilder.Sign(nil, tpl, nil, "password", func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) {
+ return txbuilder.Sign(nil, tpl, nil, []string{"password", "password"}, func(_ context.Context, xpub chainkd.XPub, path [][]byte, data [32]byte, password string) ([]byte, error) {
sigBytes, err := hsm.XSign(xpub, path, data[:], password)
- if err != nil {
- return nil, nil
- }
return sigBytes, err
})
}