From c1be9d0329284f89b227c2aa0beacd3bc1e25f86 Mon Sep 17 00:00:00 2001 From: Sebastien Mondet Date: Mon, 12 Aug 2019 13:49:34 -0400 Subject: [PATCH] Signer: Remove ?interactive, add `import_secret_key` --- src/lib_client_base/client_keys.ml | 22 ++++++++----- src/lib_client_base/client_keys.mli | 31 ++++++++++--------- .../client_keys_commands.ml | 4 +-- src/lib_signer_backends/encrypted.ml | 2 ++ src/lib_signer_backends/http_gen.ml | 8 +++-- src/lib_signer_backends/unencrypted.ml | 8 +++-- src/lib_signer_backends/unix/ledger.ml | 23 +++++++++----- src/lib_signer_backends/unix/remote.ml | 8 ++--- src/lib_signer_backends/unix/socket.ml | 14 ++++++--- 9 files changed, 73 insertions(+), 47 deletions(-) diff --git a/src/lib_client_base/client_keys.ml b/src/lib_client_base/client_keys.ml index c1144c033c55..771c9dc165a2 100644 --- a/src/lib_client_base/client_keys.ml +++ b/src/lib_client_base/client_keys.ml @@ -171,13 +171,15 @@ module type SIGNER = sig val neuterize : sk_uri -> pk_uri tzresult Lwt.t - val public_key : - ?interactive:Client_context.io_wallet -> + val import_secret_key : + io:Client_context.io_wallet -> pk_uri -> - Signature.Public_key.t tzresult Lwt.t + (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult + Lwt.t + + val public_key : pk_uri -> Signature.Public_key.t tzresult Lwt.t val public_key_hash : - ?interactive:Client_context.io_wallet -> pk_uri -> (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult Lwt.t @@ -240,13 +242,17 @@ let neuterize sk_uri = with_scheme_signer sk_uri (fun (module Signer : SIGNER) -> Signer.neuterize sk_uri) -let public_key ?interactive pk_uri = +let public_key pk_uri = + with_scheme_signer pk_uri (fun (module Signer : SIGNER) -> + Signer.public_key pk_uri) + +let public_key_hash pk_uri = with_scheme_signer pk_uri (fun (module Signer : SIGNER) -> - Signer.public_key ?interactive pk_uri) + Signer.public_key_hash pk_uri) -let public_key_hash ?interactive pk_uri = +let import_secret_key ~io pk_uri = with_scheme_signer pk_uri (fun (module Signer : SIGNER) -> - Signer.public_key_hash ?interactive pk_uri) + Signer.import_secret_key ~io pk_uri) let sign cctxt ?watermark sk_uri buf = with_scheme_signer sk_uri (fun (module Signer : SIGNER) -> diff --git a/src/lib_client_base/client_keys.mli b/src/lib_client_base/client_keys.mli index 8a4a76e3ca0f..08a73aa16024 100644 --- a/src/lib_client_base/client_keys.mli +++ b/src/lib_client_base/client_keys.mli @@ -78,24 +78,26 @@ module type SIGNER = sig (** [neuterize sk] is the corresponding [pk]. *) val neuterize : sk_uri -> pk_uri tzresult Lwt.t - (** [public_key pk] is the Ed25519 version of [pk]. + (** [import_secret_key ~io pk] is the function to be called when + interactively importing a key-pair and returning the public key + and its hash. Some signer implementations improve long-term security by requiring human/manual validation while importing keys, the - [?interactive] argument can be used to prompt the user in such - case. *) - val public_key : - ?interactive:Client_context.io_wallet -> + [~io] argument can be used to prompt the user in such case. *) + val import_secret_key : + io:Client_context.io_wallet -> pk_uri -> - Signature.Public_key.t tzresult Lwt.t + (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult + Lwt.t + + (** [public_key pk] is the Ed25519 version of [pk].*) + val public_key : pk_uri -> Signature.Public_key.t tzresult Lwt.t (** [public_key_hash pk] is the hash of [pk]. As some signers will query the full public key to obtain the hash, - it can be optionally returned to reduce the amount of queries. - - See {!public_key} for the [?interactive] argument. *) + it can be optionally returned to reduce the amount of queries. *) val public_key_hash : - ?interactive:Client_context.io_wallet -> pk_uri -> (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult Lwt.t @@ -127,13 +129,14 @@ val register_signer : (module SIGNER) -> unit val registered_signers : unit -> (string * (module SIGNER)) list -val public_key : - ?interactive:Client_context.io_wallet -> +val import_secret_key : + io:Client_context.io_wallet -> pk_uri -> - Signature.Public_key.t tzresult Lwt.t + (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult Lwt.t + +val public_key : pk_uri -> Signature.Public_key.t tzresult Lwt.t val public_key_hash : - ?interactive:Client_context.io_wallet -> pk_uri -> (Signature.Public_key_hash.t * Signature.Public_key.t option) tzresult Lwt.t diff --git a/src/lib_client_commands/client_keys_commands.ml b/src/lib_client_commands/client_keys_commands.ml index 23e5637dcb11..6beae74873b7 100644 --- a/src/lib_client_commands/client_keys_commands.ml +++ b/src/lib_client_commands/client_keys_commands.ml @@ -406,8 +406,8 @@ let commands version : Client_context.full Clic.command list = don't use --force" name)) >>=? fun () -> - Client_keys.public_key_hash - ~interactive:(cctxt :> Client_context.io_wallet) + Client_keys.import_secret_key + ~io:(cctxt :> Client_context.io_wallet) pk_uri >>=? fun (pkh, public_key) -> cctxt#message diff --git a/src/lib_signer_backends/encrypted.ml b/src/lib_signer_backends/encrypted.ml index a64ddaefb8fd..af1b5e2c17a8 100644 --- a/src/lib_signer_backends/encrypted.ml +++ b/src/lib_signer_backends/encrypted.ml @@ -284,6 +284,8 @@ struct let public_key_hash = Unencrypted.public_key_hash + let import_secret_key = Unencrypted.import_secret_key + let neuterize sk_uri = decrypt C.cctxt sk_uri >>=? fun sk -> diff --git a/src/lib_signer_backends/http_gen.ml b/src/lib_signer_backends/http_gen.ml index 328f78d76efd..e1e0102a5e00 100644 --- a/src/lib_signer_backends/http_gen.ml +++ b/src/lib_signer_backends/http_gen.ml @@ -110,7 +110,7 @@ struct Lwt.return (Signature.Public_key_hash.of_b58check pkh) >>=? fun pkh -> return (base, pkh) - let public_key ?interactive:_ uri = + let public_key uri = parse (uri : pk_uri :> Uri.t) >>=? fun (base, pkh) -> RPC_client.call_service @@ -126,10 +126,12 @@ struct let neuterize uri = return (Client_keys.make_pk_uri (uri : sk_uri :> Uri.t)) - let public_key_hash ?interactive uri = - public_key ?interactive uri + let public_key_hash uri = + public_key uri >>=? fun pk -> return (Signature.Public_key.hash pk, Some pk) + let import_secret_key ~io:_ = public_key_hash + let get_signature base pkh msg = RPC_client.call_service ~logger:P.logger diff --git a/src/lib_signer_backends/unencrypted.ml b/src/lib_signer_backends/unencrypted.ml index bd5d91886995..3b03fb049de6 100644 --- a/src/lib_signer_backends/unencrypted.ml +++ b/src/lib_signer_backends/unencrypted.ml @@ -46,7 +46,7 @@ let make_sk sk = Client_keys.make_sk_uri (Uri.make ~scheme ~path:(Signature.Secret_key.to_b58check sk) ()) -let public_key ?interactive:_ pk_uri = +let public_key pk_uri = Lwt.return (Signature.Public_key.of_b58check (Uri.path (pk_uri : pk_uri :> Uri.t))) @@ -58,10 +58,12 @@ let neuterize sk_uri = secret_key sk_uri >>=? fun sk -> return (make_pk (Signature.Secret_key.to_public_key sk)) -let public_key_hash ?interactive pk_uri = - public_key ?interactive pk_uri +let public_key_hash pk_uri = + public_key pk_uri >>=? fun pk -> return (Signature.Public_key.hash pk, Some pk) +let import_secret_key ~io:_ = public_key_hash + let sign ?watermark sk_uri buf = secret_key sk_uri >>=? fun sk -> return (Signature.sign ?watermark sk buf) diff --git a/src/lib_signer_backends/unix/ledger.ml b/src/lib_signer_backends/unix/ledger.ml index 27cf069b3922..b95b0ef7fc32 100644 --- a/src/lib_signer_backends/unix/ledger.ml +++ b/src/lib_signer_backends/unix/ledger.ml @@ -245,9 +245,9 @@ module Ledger_commands = struct let pkh_of_pk = Signature.Public_key.hash - let public_key ?(interactive : Client_context.io_wallet option) hid curve + let public_key ?(first_import : Client_context.io_wallet option) hid curve path = - match interactive with + match first_import with | Some cctxt -> get_public_key ~prompt:false hid curve path >>=? fun pk -> @@ -261,8 +261,8 @@ module Ledger_commands = struct | None -> get_public_key ~prompt:false hid curve path - let public_key_hash ?interactive hid curve path = - public_key ?interactive hid curve path + let public_key_hash ?first_import hid curve path = + public_key ?first_import hid curve path >>=? fun pk -> return (pkh_of_pk pk, pk) let get_authorized_path hid version = @@ -741,7 +741,7 @@ module Signer_implementation : Client_keys.SIGNER = struct let pkh_of_pk = Signature.Public_key.hash - let public_key ?(interactive : Client_context.io_wallet option) + let public_key_maybe_prompt ?(first_import : Client_context.io_wallet option) (pk_uri : pk_uri) = match Global_cache.get pk_uri with | Some (_, pk) -> @@ -754,7 +754,7 @@ module Signer_implementation : Client_keys.SIGNER = struct use_ledger_or_fail ~ledger_uri (fun hidapi (_version, _git_commit) _device_info _ledger_id -> - Ledger_commands.public_key ?interactive hidapi curve path + Ledger_commands.public_key ?first_import hidapi curve path >>=? fun pk -> let pkh = pkh_of_pk pk in Global_cache.record pk_uri ~pkh ~pk ; @@ -762,14 +762,21 @@ module Signer_implementation : Client_keys.SIGNER = struct >>= function | Error err -> failwith "%a" pp_print_error err | Ok v -> return v ) - let public_key_hash ?interactive pk_uri = + let public_key_hash_maybe_prompt ?first_import pk_uri = match Global_cache.get pk_uri with | Some (pkh, pk) -> return (pkh, Some pk) | None -> - public_key ?interactive pk_uri + public_key_maybe_prompt ?first_import pk_uri >>=? fun pk -> return (pkh_of_pk pk, Some pk) + let public_key = public_key_maybe_prompt ?first_import:None + + let public_key_hash = public_key_hash_maybe_prompt ?first_import:None + + let import_secret_key ~io pk_uri = + public_key_hash_maybe_prompt ~first_import:io pk_uri + let sign ?watermark (sk_uri : sk_uri) msg = Ledger_uri.parse (sk_uri :> Uri.t) >>=? fun ledger_uri -> diff --git a/src/lib_signer_backends/unix/remote.ml b/src/lib_signer_backends/unix/remote.ml index 08df5d214296..3ccf7cb2b2be 100644 --- a/src/lib_signer_backends/unix/remote.ml +++ b/src/lib_signer_backends/unix/remote.ml @@ -94,16 +94,16 @@ struct | _ -> assert false - let public_key ?interactive pk_uri = + let public_key pk_uri = Remote.public_key - ?interactive (Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t))) - let public_key_hash ?interactive pk_uri = + let public_key_hash pk_uri = Remote.public_key_hash - ?interactive (Client_keys.make_pk_uri (key (pk_uri : pk_uri :> Uri.t))) + let import_secret_key ~io:_ = public_key_hash + let neuterize sk_uri = return (Client_keys.make_pk_uri (sk_uri : sk_uri :> Uri.t)) diff --git a/src/lib_signer_backends/unix/socket.ml b/src/lib_signer_backends/unix/socket.ml index 9241696f0164..0ba1ae4edd49 100644 --- a/src/lib_signer_backends/unix/socket.ml +++ b/src/lib_signer_backends/unix/socket.ml @@ -155,16 +155,18 @@ struct >>=? fun key -> return (Lwt_utils_unix.Socket.Unix (Uri.path uri), key) - let public_key ?interactive:_ uri = + let public_key uri = parse (uri : pk_uri :> Uri.t) >>=? fun (path, pkh) -> public_key path pkh let neuterize uri = return (Client_keys.make_pk_uri (uri : sk_uri :> Uri.t)) - let public_key_hash ?interactive:_ uri = + let public_key_hash uri = public_key uri >>=? fun pk -> return (Signature.Public_key.hash pk, Some pk) + let import_secret_key ~io:_ = public_key_hash + let sign ?watermark uri msg = parse (uri : sk_uri :> Uri.t) >>=? fun (path, pkh) -> sign ?watermark path pkh msg @@ -210,16 +212,18 @@ struct (path, string_of_int port, [Lwt_unix.AI_SOCKTYPE SOCK_STREAM]), pkh ) - let public_key ?interactive:_ uri = + let public_key uri = parse (uri : pk_uri :> Uri.t) >>=? fun (path, pkh) -> public_key path pkh let neuterize uri = return (Client_keys.make_pk_uri (uri : sk_uri :> Uri.t)) - let public_key_hash ?interactive uri = - public_key ?interactive uri + let public_key_hash uri = + public_key uri >>=? fun pk -> return (Signature.Public_key.hash pk, Some pk) + let import_secret_key ~io:_ = public_key_hash + let sign ?watermark uri msg = parse (uri : sk_uri :> Uri.t) >>=? fun (path, pkh) -> sign ?watermark path pkh msg -- GitLab