-
Notifications
You must be signed in to change notification settings - Fork 3.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(crypto/keyring): add Linux's keyctl support (#21653)
Signed-off-by: Alessio Treglia <al@essio.dev> Co-authored-by: Alessio Treglia <alessio@jur.io> Co-authored-by: Matt Kocubinski <mkocubinski@gmail.com> Co-authored-by: Julien Robert <julien@rbrt.fr> Co-authored-by: Marko <marko@baricevic.me>
- Loading branch information
1 parent
924798f
commit c0eced8
Showing
6 changed files
with
175 additions
and
18 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
//go:build linux | ||
// +build linux | ||
|
||
package keyring | ||
|
||
import ( | ||
"fmt" | ||
"io" | ||
|
||
"github.com/99designs/keyring" | ||
|
||
"github.com/cosmos/cosmos-sdk/codec" | ||
"github.com/cosmos/cosmos-sdk/crypto/ledger" | ||
"github.com/cosmos/cosmos-sdk/crypto/types" | ||
) | ||
|
||
// Linux-only backend options. | ||
const BackendKeyctl = "keyctl" | ||
|
||
func KeyctlScopeUser(options *Options) { setKeyctlScope(options, "user") } | ||
func KeyctlScopeUserSession(options *Options) { setKeyctlScope(options, "usersession") } | ||
func KeyctlScopeSession(options *Options) { setKeyctlScope(options, "session") } | ||
func KeyctlScopeProcess(options *Options) { setKeyctlScope(options, "process") } | ||
func KeyctlScopeThread(options *Options) { setKeyctlScope(options, "thread") } | ||
|
||
// Options define the options of the Keyring. | ||
type Options struct { | ||
// supported signing algorithms for keyring | ||
SupportedAlgos SigningAlgoList | ||
// supported signing algorithms for Ledger | ||
SupportedAlgosLedger SigningAlgoList | ||
// define Ledger Derivation function | ||
LedgerDerivation func() (ledger.SECP256K1, error) | ||
// define Ledger key generation function | ||
LedgerCreateKey func([]byte) types.PubKey | ||
// define Ledger app name | ||
LedgerAppName string | ||
// indicate whether Ledger should skip DER Conversion on signature, | ||
// depending on which format (DER or BER) the Ledger app returns signatures | ||
LedgerSigSkipDERConv bool | ||
// KeyctlScope defines the scope of the keyctl's keyring. | ||
KeyctlScope string | ||
} | ||
|
||
func newKeyctlBackendConfig(appName, _ string, _ io.Reader, opts ...Option) keyring.Config { | ||
options := Options{ | ||
KeyctlScope: keyctlDefaultScope, // currently "process" | ||
} | ||
|
||
for _, optionFn := range opts { | ||
optionFn(&options) | ||
} | ||
|
||
return keyring.Config{ | ||
AllowedBackends: []keyring.BackendType{keyring.KeyCtlBackend}, | ||
ServiceName: appName, | ||
KeyCtlScope: options.KeyctlScope, | ||
} | ||
} | ||
|
||
// New creates a new instance of a keyring. | ||
// Keyring options can be applied when generating the new instance. | ||
// Available backends are "os", "file", "kwallet", "memory", "pass", "test", "keyctl". | ||
func New( | ||
appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option, | ||
) (Keyring, error) { | ||
if backend != BackendKeyctl { | ||
return newKeyringGeneric(appName, backend, rootDir, userInput, cdc, opts...) | ||
} | ||
|
||
db, err := keyring.Open(newKeyctlBackendConfig(appName, "", userInput, opts...)) | ||
if err != nil { | ||
return nil, fmt.Errorf("couldn't open keyring for %q: %w", appName, err) | ||
} | ||
|
||
return newKeystore(db, cdc, backend, opts...), nil | ||
} | ||
|
||
func setKeyctlScope(options *Options, scope string) { options.KeyctlScope = scope } | ||
|
||
// this is private as it is meant to be here for SDK devs convenience | ||
// as the user does not need to pick any default when he wants to | ||
// initialize keyctl with the default scope. | ||
const keyctlDefaultScope = "process" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
//go:build linux | ||
// +build linux | ||
|
||
package keyring | ||
|
||
import ( | ||
"errors" | ||
"io" | ||
"strings" | ||
"testing" | ||
|
||
"github.com/stretchr/testify/require" | ||
|
||
"github.com/cosmos/cosmos-sdk/codec" | ||
) | ||
|
||
func TestNewKeyctlKeyring(t *testing.T) { | ||
cdc := getCodec() | ||
|
||
tests := []struct { | ||
name string | ||
appName string | ||
backend string | ||
dir string | ||
userInput io.Reader | ||
cdc codec.Codec | ||
expectedErr error | ||
}{ | ||
{ | ||
name: "keyctl backend", | ||
appName: "cosmos", | ||
backend: BackendKeyctl, | ||
dir: t.TempDir(), | ||
userInput: strings.NewReader(""), | ||
cdc: cdc, | ||
expectedErr: nil, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
kr, err := New(tt.appName, tt.backend, tt.dir, tt.userInput, tt.cdc) | ||
if tt.expectedErr == nil { | ||
require.NoError(t, err) | ||
} else { | ||
require.Error(t, err) | ||
require.Nil(t, kr) | ||
require.True(t, errors.Is(err, tt.expectedErr)) | ||
} | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
//go:build !linux | ||
// +build !linux | ||
|
||
package keyring | ||
|
||
import ( | ||
"io" | ||
|
||
"github.com/cosmos/cosmos-sdk/codec" | ||
"github.com/cosmos/cosmos-sdk/crypto/ledger" | ||
"github.com/cosmos/cosmos-sdk/crypto/types" | ||
) | ||
|
||
// Options define the options of the Keyring. | ||
type Options struct { | ||
// supported signing algorithms for keyring | ||
SupportedAlgos SigningAlgoList | ||
// supported signing algorithms for Ledger | ||
SupportedAlgosLedger SigningAlgoList | ||
// define Ledger Derivation function | ||
LedgerDerivation func() (ledger.SECP256K1, error) | ||
// define Ledger key generation function | ||
LedgerCreateKey func([]byte) types.PubKey | ||
// define Ledger app name | ||
LedgerAppName string | ||
// indicate whether Ledger should skip DER Conversion on signature, | ||
// depending on which format (DER or BER) the Ledger app returns signatures | ||
LedgerSigSkipDERConv bool | ||
} | ||
|
||
func New( | ||
appName, backend, rootDir string, userInput io.Reader, cdc codec.Codec, opts ...Option, | ||
) (Keyring, error) { | ||
return newKeyringGeneric(appName, backend, rootDir, userInput, cdc, opts...) | ||
} |