-
Notifications
You must be signed in to change notification settings - Fork 48
/
secure_store.go
91 lines (77 loc) · 2.29 KB
/
secure_store.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package secstore
import (
"encoding/hex"
"fmt"
"github.com/awnumar/memguard"
"github.com/idena-network/idena-go/blockchain/types"
"github.com/idena-network/idena-go/common"
"github.com/idena-network/idena-go/crypto"
"github.com/idena-network/idena-go/crypto/ecies"
"github.com/idena-network/idena-go/crypto/vrf/p256"
"os"
)
type SecStore struct {
buffer *memguard.LockedBuffer
}
func NewSecStore() *SecStore {
s := &SecStore{}
memguard.CatchSignal(func(signal os.Signal) {
fmt.Println("Memguard: interrupt signal received. Exiting...")
s.Destroy()
}, os.Interrupt)
return s
}
func (s *SecStore) AddKey(secret []byte) {
buffer := memguard.NewBufferFromBytes(secret)
s.buffer = buffer
}
func (s *SecStore) SignTx(tx *types.Transaction) (*types.Transaction, error) {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return types.SignTx(tx, sec)
}
func (s *SecStore) SignFlipKey(fk *types.PublicFlipKey) (*types.PublicFlipKey, error) {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return types.SignFlipKey(fk, sec)
}
func (s *SecStore) SignFlipKeysPackage(fk *types.PrivateFlipKeysPackage) (*types.PrivateFlipKeysPackage, error) {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return types.SignFlipKeysPackage(fk, sec)
}
func (s *SecStore) GetAddress() common.Address {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return crypto.PubkeyToAddress(sec.PublicKey)
}
func (s *SecStore) GetPubKey() []byte {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return crypto.FromECDSAPub(&sec.PublicKey)
}
func (s *SecStore) VrfEvaluate(data []byte) (index [32]byte, proof []byte) {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
signer, err := p256.NewVRFSigner(sec)
if err != nil {
panic(err)
}
return signer.Evaluate(data)
}
func (s *SecStore) Sign(data []byte) []byte {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
sig, _ := crypto.Sign(data, sec)
return sig
}
func (s *SecStore) Destroy() {
if s.buffer != nil {
s.buffer.Destroy()
}
}
func (s *SecStore) ExportKey(password string) (string, error) {
key := s.buffer.Bytes()
encrypted, err := crypto.Encrypt(key, password)
if err != nil {
return "", err
}
return hex.EncodeToString(encrypted), nil
}
func (s *SecStore) DecryptMessage(data []byte) ([]byte, error) {
sec, _ := crypto.ToECDSA(s.buffer.Bytes())
return ecies.ImportECDSA(sec).Decrypt(data, nil, nil)
}