SecretStore: servers set change session api (#6925)

* SecretStore: first key versions flush * SecretStore: key versions in encryption session * SecretStore: flush key versions negotiation session * SecretStore: connected key version negotiation session to cluster * SecretStore: cluster sessions container refactoring * SecretStore: flush * SecretStore: flush key versions * SecretStore: flush * SecretStore: delegation proto * SecretStore: decryption_session_is_delegated_when_node_does_not_have_key_share * SecretStore: fixed version in decryption session * SecretStore: signing_session_is_delegated_when_node_does_not_have_key_share * SecretStore: started restoring admin sessions * SecretStore: restoring admin sessions * SecretStore: removed obsolete ShareRemove && ShareMove sessions * SecretStore: ShareAdd math tests only require old_t+1 nodes * SecretStore: ShareAdd revamp using new math backend * SecretStore: do not include isolated nodes into consensus_group * SecretStore: ServersSetChange + ShareAdd revamp * removed debug printlns * SecretStore: key version negotiation tests * SecretStore: removed debug/merge artifacts * SecretStore: fixed master node selection * SecretStore: cleanup + tests + fixes * SecretStore: uncommented tests * SecretStore: cleaning up * SecretStore: cleaning up + tests * SecretStore: cleaning up * SecretStore: cleaning up && tests * SecretStore: fixing TODOs * SecretStore: fixing TODOs + cleanup * SecretStore: fixing TODOs * SecretStore: nodes_add_to_the_node_with_obsolete_version * SecretStore: nodes_add_fails_when_not_enough_share_owners_are_connected * SecretStore: tests * SecretStore: signing && delegation tests * SecretStore: signing && decryption tests when some nodes are isolated * SecretStore: sessions_are_removed_when_initialization_fails * SecretStore: ceaning up * SecretStore: removed obsolete comments * SecretStore: signing_session_completes_if_node_does_not_have_a_share * SecretStore: initial ServersSetChange API * SecretStore: added secretstore_signServersSet RPC * SecretStore: ChangeServersSet parse tests * SecretStore: fixes after manual ServersSetChange tests * lost file * fixed network ports overlap in tests * lost files
openethereum · Nov 16, 2017 · e16f6fb · e16f6fb
1 parent 605cd5c
commit e16f6fb
Show file tree

Hide file tree

Showing 17 changed files with 268 additions and 56 deletions.
diff --git a/Cargo.lock b/Cargo.lock
diff --git a/rpc/Cargo.toml b/rpc/Cargo.toml
@@ -24,6 +24,7 @@ serde = "1.0"
 serde_derive = "1.0"
 serde_json = "1.0"
 time = "0.1"
+tiny-keccak = "1.3"
 tokio-timer = "0.1"
 transient-hashmap = "0.4"
 itertools = "0.5"

diff --git a/rpc/src/lib.rs b/rpc/src/lib.rs
@@ -37,6 +37,7 @@ extern crate semver;
 extern crate serde;
 extern crate serde_json;
 extern crate time;
+extern crate tiny_keccak;
 extern crate tokio_timer;
 extern crate transient_hashmap;
 

diff --git a/rpc/src/v1/helpers/secretstore.rs b/rpc/src/v1/helpers/secretstore.rs
@@ -14,12 +14,15 @@
 // You should have received a copy of the GNU General Public License
 // along with Parity.  If not, see <http://www.gnu.org/licenses/>.
 
+use std::collections::BTreeSet;
 use rand::{Rng, OsRng};
 use ethkey::{Public, Secret, math};
 use crypto;
 use bytes::Bytes;
 use jsonrpc_core::Error;
 use v1::helpers::errors;
+use v1::types::{H256, H512};
+use tiny_keccak::Keccak;
 
 /// Initialization vector length.
 const INIT_VEC_LEN: usize = 16;
@@ -61,11 +64,25 @@ pub fn decrypt_document(key: Bytes, mut encrypted_document: Bytes) -> Result<Byt
 	Ok(document)
 }
 
+/// Decrypt document given secret shadow.
 pub fn decrypt_document_with_shadow(decrypted_secret: Public, common_point: Public, shadows: Vec<Secret>, encrypted_document: Bytes) -> Result<Bytes, Error> {
 	let key = decrypt_with_shadow_coefficients(decrypted_secret, common_point, shadows)?;
 	decrypt_document(key.to_vec(), encrypted_document)
 }
 
+/// Calculate Keccak(ordered servers set)
+pub fn ordered_servers_keccak(servers_set: BTreeSet<H512>) -> H256 {
+	let mut servers_set_keccak = Keccak::new_keccak256();
+	for server in servers_set {
+		servers_set_keccak.update(&server.0);
+	}
+
+	let mut servers_set_keccak_value = [0u8; 32];
+	servers_set_keccak.finalize(&mut servers_set_keccak_value);
+
+	servers_set_keccak_value.into()
+}
+
 fn into_document_key(key: Bytes) -> Result<Bytes, Error> {
 	// key is a previously distributely generated Public
 	if key.len() != 64 {

diff --git a/rpc/src/v1/impls/secretstore.rs b/rpc/src/v1/impls/secretstore.rs
@@ -16,6 +16,7 @@
 
 //! SecretStore-specific rpc implementation.
 
+use std::collections::BTreeSet;
 use std::sync::Arc;
 
 use crypto::DEFAULT_MAC;
@@ -25,7 +26,7 @@ use ethcore::account_provider::AccountProvider;
 use jsonrpc_core::Result;
 use v1::helpers::errors;
 use v1::helpers::accounts::unwrap_provider;
-use v1::helpers::secretstore::{encrypt_document, decrypt_document, decrypt_document_with_shadow};
+use v1::helpers::secretstore::{encrypt_document, decrypt_document, decrypt_document_with_shadow, ordered_servers_keccak};
 use v1::traits::SecretStore;
 use v1::types::{H160, H512, Bytes};
 
@@ -82,4 +83,13 @@ impl SecretStore for SecretStoreClient {
 		decrypt_document_with_shadow(decrypted_secret.into(), common_point.into(), shadows, data.0)
 			.map(Into::into)
 	}
+
+	fn sign_servers_set(&self, address: H160, password: String, servers_set: BTreeSet<H512>) -> Result<Bytes> {
+		let servers_set_keccak_value = ordered_servers_keccak(servers_set);
+		let store = self.account_provider()?;
+		store
+			.sign(address.into(), Some(password), servers_set_keccak_value.into())
+			.map(|s| Bytes::new((*s).to_vec()))
+			.map_err(|e| errors::account("Could not sign servers set.", e))
+	}
 }
diff --git a/rpc/src/v1/tests/mocked/secretstore.rs b/rpc/src/v1/tests/mocked/secretstore.rs
@@ -17,12 +17,14 @@
 use std::sync::Arc;
 
 use ethcore::account_provider::AccountProvider;
+use ethkey::{KeyPair, Signature, verify_public};
 
 use serde_json;
 use jsonrpc_core::{IoHandler, Success};
 use v1::metadata::Metadata;
 use v1::SecretStoreClient;
 use v1::traits::secretstore::SecretStore;
+use v1::helpers::secretstore::ordered_servers_keccak;
 
 struct Dependencies {
 	pub accounts: Arc<AccountProvider>,
@@ -51,7 +53,7 @@ fn rpc_secretstore_encrypt_and_decrypt() {
 	let deps = Dependencies::new();
 	let io = deps.default_client();
 
-	// insert new account && unlock it
+	// insert new account
 	let secret = "c1f1cfe279a5c350d13795bce162941967340c8a228e6ba175489afc564a5bef".parse().unwrap();
 	deps.accounts.insert_account(secret, "password").unwrap();
 
@@ -81,7 +83,7 @@ fn rpc_secretstore_shadow_decrypt() {
 	let deps = Dependencies::new();
 	let io = deps.default_client();
 
-	// insert new account && unlock it
+	// insert new account
 	let secret = "82758356bf46b42710d3946a8efa612b7bf5e125e4d49f28facf1139db4a46f4".parse().unwrap();
 	deps.accounts.insert_account(secret, "password").unwrap();
 
@@ -96,3 +98,31 @@ fn rpc_secretstore_shadow_decrypt() {
 	let decryption_response = io.handle_request_sync(&decryption_request).unwrap();
 	assert_eq!(decryption_response, r#"{"jsonrpc":"2.0","result":"0xdeadbeef","id":1}"#);
 }
+
+#[test]
+fn rpc_secretstore_sign_servers_set() {
+	let deps = Dependencies::new();
+	let io = deps.default_client();
+
+	// insert new account
+	let secret = "82758356bf46b42710d3946a8efa612b7bf5e125e4d49f28facf1139db4a46f4".parse().unwrap();
+	let key_pair = KeyPair::from_secret(secret).unwrap();
+	deps.accounts.insert_account(key_pair.secret().clone(), "password").unwrap();
+
+	// execute signing request
+	let signing_request = r#"{"jsonrpc": "2.0", "method": "secretstore_signServersSet", "params":[
+		"0x00dfE63B22312ab4329aD0d28CaD8Af987A01932", "password",
+		["0x843645726384530ffb0c52f175278143b5a93959af7864460f5a4fec9afd1450cfb8aef63dec90657f43f55b13e0a73c7524d4e9a13c051b4e5f1e53f39ecd91",
+		 "0x07230e34ebfe41337d3ed53b186b3861751f2401ee74b988bba55694e2a6f60c757677e194be2e53c3523cc8548694e636e6acb35c4e8fdc5e29d28679b9b2f3"]
+	], "id": 1}"#;
+	let signing_response = io.handle_request_sync(&signing_request).unwrap();
+	let signing_response = signing_response.replace(r#"{"jsonrpc":"2.0","result":"0x"#, "");
+	let signing_response = signing_response.replace(r#"","id":1}"#, "");
+	let signature: Signature = signing_response.parse().unwrap();
+
+	let servers_set_keccak = ordered_servers_keccak(vec![
+		"843645726384530ffb0c52f175278143b5a93959af7864460f5a4fec9afd1450cfb8aef63dec90657f43f55b13e0a73c7524d4e9a13c051b4e5f1e53f39ecd91".parse().unwrap(),
+		"07230e34ebfe41337d3ed53b186b3861751f2401ee74b988bba55694e2a6f60c757677e194be2e53c3523cc8548694e636e6acb35c4e8fdc5e29d28679b9b2f3".parse().unwrap()
+	].into_iter().collect());
+	assert!(verify_public(key_pair.public(), &signature, &servers_set_keccak.into()).unwrap());
+}
diff --git a/rpc/src/v1/traits/secretstore.rs b/rpc/src/v1/traits/secretstore.rs
@@ -16,6 +16,7 @@
 
 //! SecretStore-specific rpc interface.
 
+use std::collections::BTreeSet;
 use jsonrpc_core::Result;
 
 use v1::types::{H160, H512, Bytes};
@@ -37,5 +38,10 @@ build_rpc_trait! {
 		/// Arguments: `account`, `password`, `decrypted_secret`, `common_point`, `decrypt_shadows`, `data`.
 		#[rpc(name = "secretstore_shadowDecrypt")]
 		fn shadow_decrypt(&self, H160, String, H512, H512, Vec<Bytes>, Bytes) -> Result<Bytes>;
+
+		/// Sign servers set for use in ServersSetChange session.
+		/// Arguments: `account`, `password`, `servers_set`.
+		#[rpc(name = "secretstore_signServersSet")]
+		fn sign_servers_set(&self, H160, String, BTreeSet<H512>) -> Result<Bytes>;
 	}
 }