Fixing secretstore TODOs - part 1 (openethereum#5386)

* ECDKG protocol prototype * added test for enc/dec math * get rid of decryption_session * added licenses * fix after merge * get rid of unused serde dependency * doc * decryption session [without commutative enc] * failed_dec_session * fixed tests * added commen * added more decryption session tests * helper to localize an issue * more computations to localize error * decryption_session::SessionParams * added tests for EC math to localize problem * secretstore network transport * encryption_session_works_over_network * network errors processing * connecting to KeyServer * licenses * get rid of debug println-s * fixed secretstore args * encryption results are stored in KS database * decryption protocol works over network * enc/dec Session traits * fixing warnings * fix after merge * on-chain ACL checker proto * fixed compilation * fixed compilation * finally fixed <odd>-of-N-scheme * temporary commented test * 1-of-N works in math * scheme 1-of-N works * updated AclStorage with real contract ABI * remove unnecessary unsafety * fixed grumbles * wakeup on access denied * encrypt secretstore messages * 'shadow' decryption * fix grumbles * lost files * secretstore cli-options * decryption seccion when ACL check failed on master * disallow regenerating key for existing document * removed obsolete TODO * fix after merge * switched to tokio_io * fix after merge * fix after merge * fix after merge * fix after merge * fix after merge * fixed test * fix after merge
3X3Q · Apr 8, 2017 · 93a6047 · 93a6047
1 parent d0e057c
commit 93a6047
Show file tree

Hide file tree

Showing 33 changed files with 1,095 additions and 668 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/ethkey/src/extended.rs b/ethkey/src/extended.rs
@@ -214,10 +214,10 @@ mod derivation {
 	use rcrypto::sha2::Sha512;
 	use bigint::hash::{H512, H256};
 	use bigint::prelude::{U256, U512, Uint};
-	use secp256k1;
 	use secp256k1::key::{SecretKey, PublicKey};
 	use SECP256K1;
 	use keccak;
+	use math::curve_order;
 	use super::{Label, Derivation};
 
 	#[derive(Debug)]
@@ -233,7 +233,7 @@ mod derivation {
 	// For hardened derivation, pass u32 index at least 2^31 or custom Derivation::Hard(T) enum
 	//
 	// Can panic if passed `private_key` is not a valid secp256k1 private key
-	// (outside of (0..curve_n()]) field
+	// (outside of (0..curve_order()]) field
 	pub fn private<T>(private_key: H256, chain_code: H256, index: Derivation<T>) -> (H256, H256) where T: Label {
 		match index {
 			Derivation::Soft(index) => private_soft(private_key, chain_code, index),
@@ -260,7 +260,7 @@ mod derivation {
 	}
 
 	// Can panic if passed `private_key` is not a valid secp256k1 private key
-	// (outside of (0..curve_n()]) field
+	// (outside of (0..curve_order()]) field
 	fn private_soft<T>(private_key: H256, chain_code: H256, index: T) -> (H256, H256) where T: Label {
 		let mut data = vec![0u8; 33 + T::len()];
 
@@ -295,7 +295,7 @@ mod derivation {
 
 	fn private_add(k1: U256, k2: U256) -> U256 {
 		let sum = U512::from(k1) + U512::from(k2);
-		modulo(sum, curve_n())
+		modulo(sum, curve_order())
 	}
 
 	// todo: surely can be optimized
@@ -305,12 +305,6 @@ mod derivation {
 		md.into()
 	}
 
-	// returns n (for mod(n)) for the secp256k1 elliptic curve
-	// todo: maybe lazy static
-	fn curve_n() -> U256 {
-		H256::from_slice(&secp256k1::constants::CURVE_ORDER).into()
-	}
-
 	pub fn public<T>(public_key: H512, chain_code: H256, derivation: Derivation<T>) -> Result<(H512, H256), Error> where T: Label {
 		let index = match derivation {
 			Derivation::Soft(index) => index,
@@ -339,7 +333,7 @@ mod derivation {
 		let new_chain_code = H256::from(&i_512[32..64]);
 
 		// Generated private key can (extremely rarely) be out of secp256k1 key field
-		if curve_n() <= new_private.clone().into() { return Err(Error::MissingIndex); }
+		if curve_order() <= new_private.clone().into() { return Err(Error::MissingIndex); }
 		let new_private_sec = SecretKey::from_slice(&SECP256K1, &*new_private)
 			.expect("Private key belongs to the field [0..CURVE_ORDER) (checked above); So initializing can never fail; qed");
 		let mut new_public = PublicKey::from_secret_key(&SECP256K1, &new_private_sec)

diff --git a/ethkey/src/keypair.rs b/ethkey/src/keypair.rs
@@ -27,7 +27,7 @@ pub fn public_to_address(public: &Public) -> Address {
 	result
 }
 
-#[derive(Clone)]
+#[derive(Debug, Clone, PartialEq)]
 /// secp256k1 key pair
 pub struct KeyPair {
 	secret: Secret,

diff --git a/ethkey/src/math.rs b/ethkey/src/math.rs
@@ -16,7 +16,9 @@
 
 use super::{SECP256K1, Public, Secret, Error};
 use secp256k1::key;
-use secp256k1::constants::{GENERATOR_X, GENERATOR_Y};
+use secp256k1::constants::{GENERATOR_X, GENERATOR_Y, CURVE_ORDER};
+use bigint::prelude::U256;
+use bigint::hash::H256;
 
 /// Inplace multiply public key by secret key (EC point * scalar)
 pub fn public_mul_secret(public: &mut Public, secret: &Secret) -> Result<(), Error> {
@@ -47,6 +49,14 @@ pub fn public_sub(public: &mut Public, other: &Public) -> Result<(), Error> {
 	Ok(())
 }
 
+/// Replace public key with its negation (EC point = - EC point)
+pub fn public_negate(public: &mut Public) -> Result<(), Error> {
+	let mut key_public = to_secp256k1_public(public)?;
+	key_public.mul_assign(&SECP256K1, &key::MINUS_ONE_KEY)?;
+	set_public(public, &key_public);
+	Ok(())
+}
+
 /// Return base point of secp256k1
 pub fn generation_point() -> Public {
 	let mut public_sec_raw = [0u8; 65];
@@ -61,6 +71,11 @@ pub fn generation_point() -> Public {
 	public
 }
 
+/// Return secp256k1 elliptic curve order
+pub fn curve_order() -> U256 {
+	H256::from_slice(&CURVE_ORDER).into()
+}
+
 fn to_secp256k1_public(public: &Public) -> Result<key::PublicKey, Error> {
 	let public_data = {
 		let mut temp = [4u8; 65];

diff --git a/ethkey/src/secret.rs b/ethkey/src/secret.rs
@@ -67,6 +67,15 @@ impl Secret {
 		Ok(())
 	}
 
+	/// Inplace decrease secret key (scalar - 1)
+	pub fn dec(&mut self) -> Result<(), Error> {
+		let mut key_secret = self.to_secp256k1_secret()?;
+		key_secret.add_assign(&SECP256K1, &key::MINUS_ONE_KEY)?;
+
+		*self = key_secret.into();
+		Ok(())
+	}
+
 	/// Inplace multiply one secret key to another (scalar * scalar)
 	pub fn mul(&mut self, other: &Secret) -> Result<(), Error> {
 		let mut key_secret = self.to_secp256k1_secret()?;

diff --git a/parity/cli/config.full.toml b/parity/cli/config.full.toml
@@ -69,8 +69,11 @@ pass = "test_pass"
 
 [secretstore]
 disable = false
-port = 8082
+nodes = []
+http_interface = "local"
+http_port = 8082
 interface = "local"
+port = 8083
 path = "$HOME/.parity/secretstore"
 
 [ipfs]

diff --git a/parity/cli/config.toml b/parity/cli/config.toml
@@ -38,7 +38,8 @@ user = "username"
 pass = "password"
 
 [secretstore]
-port = 8082
+http_port = 8082
+port = 8083
 
 [ipfs]
 enable = false

diff --git a/parity/cli/mod.rs b/parity/cli/mod.rs
@@ -187,10 +187,18 @@ usage! {
 		// Secret Store
 		flag_no_secretstore: bool = false,
 			or |c: &Config| otry!(c.secretstore).disable.clone(),
-		flag_secretstore_port: u16 = 8082u16,
-			or |c: &Config| otry!(c.secretstore).port.clone(),
+		flag_secretstore_secret: Option<String> = None,
+			or |c: &Config| otry!(c.secretstore).self_secret.clone().map(Some),
+		flag_secretstore_nodes: String = "",
+			or |c: &Config| otry!(c.secretstore).nodes.as_ref().map(|vec| vec.join(",")),
 		flag_secretstore_interface: String = "local",
 			or |c: &Config| otry!(c.secretstore).interface.clone(),
+		flag_secretstore_port: u16 = 8083u16,
+			or |c: &Config| otry!(c.secretstore).port.clone(),
+		flag_secretstore_http_interface: String = "local",
+			or |c: &Config| otry!(c.secretstore).http_interface.clone(),
+		flag_secretstore_http_port: u16 = 8082u16,
+			or |c: &Config| otry!(c.secretstore).http_port.clone(),
 		flag_secretstore_path: String = "$BASE/secretstore",
 			or |c: &Config| otry!(c.secretstore).path.clone(),
 
@@ -454,8 +462,12 @@ struct Dapps {
 #[derive(Default, Debug, PartialEq, RustcDecodable)]
 struct SecretStore {
 	disable: Option<bool>,
-	port: Option<u16>,
+	self_secret: Option<String>,
+	nodes: Option<Vec<String>>,
 	interface: Option<String>,
+	port: Option<u16>,
+	http_interface: Option<String>,
+	http_port: Option<u16>,
 	path: Option<String>,
 }
 
@@ -697,8 +709,12 @@ mod tests {
 			flag_no_dapps: false,
 
 			flag_no_secretstore: false,
-			flag_secretstore_port: 8082u16,
+			flag_secretstore_secret: None,
+			flag_secretstore_nodes: "".into(),
 			flag_secretstore_interface: "local".into(),
+			flag_secretstore_port: 8083u16,
+			flag_secretstore_http_interface: "local".into(),
+			flag_secretstore_http_port: 8082u16,
 			flag_secretstore_path: "$HOME/.parity/secretstore".into(),
 
 			// IPFS
@@ -909,8 +925,12 @@ mod tests {
 			}),
 			secretstore: Some(SecretStore {
 				disable: None,
-				port: Some(8082),
+				self_secret: None,
+				nodes: None,
 				interface: None,
+				port: Some(8083),
+				http_interface: None,
+				http_port: Some(8082),
 				path: None,
 			}),
 			ipfs: Some(Ipfs {