/
key.go
154 lines (136 loc) · 3.53 KB
/
key.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
package operator
import (
"crypto/ecdsa"
"encoding/hex"
"errors"
"os"
"github.com/edgelesssys/ego/ecrypto"
"github.com/gcash/bchd/bchec"
"github.com/gcash/bchutil"
log "github.com/sirupsen/logrus"
"github.com/smartbch/cc-operator/utils"
)
func loadOrGenKey(signerKeyWIF string) (privKey *bchec.PrivateKey, pbkBytes []byte, err error) {
if signerKeyWIF != "" {
if integrationTestMode {
privKey, err = loadKeyFromWIF(signerKeyWIF)
} else {
err = errors.New("can not load private key from WIF, not in integration-test mode")
}
} else if sgxMode {
privKey, err = loadOrGenKeyInEnclave()
} else {
privKey, err = loadOrGenKeyNonEnclave()
}
if err != nil {
return nil, nil, err
}
pbkBytes = privKey.PubKey().SerializeCompressed()
log.Info("pubkey:", hex.EncodeToString(pbkBytes))
return
}
// only used for testing
func loadKeyFromWIF(wifStr string) (*bchec.PrivateKey, error) {
log.Info("load private key from WIF")
wif, err := bchutil.DecodeWIF(wifStr)
if err != nil {
return nil, err
}
return wif.PrivKey, nil
}
// only used for testing
func loadOrGenKeyNonEnclave() (*bchec.PrivateKey, error) {
log.Info("load private key from file:", keyFile)
fileData, err := os.ReadFile(keyFile)
if err == nil {
privKey, _ := bchec.PrivKeyFromBytes(bchec.S256(), fileData)
return privKey, nil
}
if os.IsNotExist(err) {
privKey, err := genNewPrivKey()
if err == nil {
err = os.WriteFile(keyFile, privKey.Serialize(), 0600)
}
return privKey, err
}
return nil, err
}
func loadOrGenKeyInEnclave() (privKey *bchec.PrivateKey, err error) {
log.Info("load sealed private key from file:", keyFile)
fileData, _err := os.ReadFile(keyFile)
if _err != nil {
log.Error("read file failed", _err.Error())
if os.IsNotExist(_err) {
// maybe it's first time to run this enclave app
privKey, err = genAndSealPrivKey()
if err != nil {
return
}
} else {
err = _err
return
}
} else {
privKey = unsealPrivKeyFromFile(fileData)
}
return
}
func genAndSealPrivKey() (*bchec.PrivateKey, error) {
privKey, err := genNewPrivKey()
if err != nil {
return nil, err
}
err = sealPrivKeyToFile(privKey)
if err != nil {
return nil, err
}
return privKey, nil
}
func genNewPrivKey() (*bchec.PrivateKey, error) {
log.Info("generate new private key")
key, err := ecdsa.GenerateKey(bchec.S256(), &utils.RandReader{})
if err != nil {
return nil, err
}
privKey := (*bchec.PrivateKey)(key)
log.Info("generated new private key")
return privKey, nil
}
func sealPrivKeyToFile(privKey *bchec.PrivateKey) error {
log.Info("seal private key to file:", keyFile)
out, err := ecrypto.SealWithUniqueKey(privKey.Serialize(), nil)
if err != nil {
return err
}
err = os.WriteFile(keyFile, out, 0600)
if err != nil {
return err
}
log.Info("saved key to file")
return nil
}
func unsealPrivKeyFromFile(fileData []byte) *bchec.PrivateKey {
log.Info("unseal private key")
rawData, err := ecrypto.Unseal(fileData, nil)
if err != nil {
log.Error("unseal file data failed", err.Error())
return nil
}
privKey, _ := bchec.PrivKeyFromBytes(bchec.S256(), rawData)
log.Info("loaded key from file")
return privKey
}
//
//func signSigHashECDSA(sigHashHex string) ([]byte, error) {
// sigHashBytes := gethcmn.FromHex(sigHashHex)
// return covenant.SignRedeemTxSigHashECDSA(privKey, sigHashBytes)
//}
//func signSigHashSchnorr(sigHashHex string) ([]byte, error) {
// sigHashBytes := gethcmn.FromHex(sigHashHex)
// sig, err := privKey.SignSchnorr(sigHashBytes)
// if err != nil {
// return nil, err
// }
//
// return sig.Serialize(), nil
//}