2018-05-26 14:03:12 +04:00
|
|
|
(**************************************************************************)
|
|
|
|
|
(* *)
|
|
|
|
|
(* Copyright (c) 2014 - 2018. *)
|
|
|
|
|
(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
|
|
|
|
|
(* *)
|
|
|
|
|
(* All rights reserved. No warranty, explicit or implicit, provided. *)
|
|
|
|
|
(* *)
|
|
|
|
|
(**************************************************************************)
|
|
|
|
|
|
2018-06-01 01:05:00 +04:00
|
|
|
let log = Signer_logging.lwt_log_notice
|
2018-05-26 14:03:12 +04:00
|
|
|
|
2018-06-06 12:49:53 +04:00
|
|
|
module Authorized_key =
|
|
|
|
|
Client_aliases.Alias (struct
|
|
|
|
|
include Signature.Public_key
|
|
|
|
|
let name = "authorized_key"
|
|
|
|
|
let to_source s = return (to_b58check s)
|
|
|
|
|
let of_source t = Lwt.return (of_b58check t)
|
|
|
|
|
end)
|
|
|
|
|
|
2018-06-08 19:56:05 +04:00
|
|
|
let check_magic_byte magic_bytes data =
|
|
|
|
|
match magic_bytes with
|
|
|
|
|
| None -> return ()
|
|
|
|
|
| Some magic_bytes ->
|
|
|
|
|
let byte = MBytes.get_uint8 data 0 in
|
|
|
|
|
if MBytes.length data > 1
|
|
|
|
|
&& (List.mem byte magic_bytes) then
|
|
|
|
|
return ()
|
|
|
|
|
else
|
|
|
|
|
failwith "magic byte 0x%02X not allowed" byte
|
|
|
|
|
|
2018-06-06 12:49:53 +04:00
|
|
|
let sign
|
|
|
|
|
(cctxt : #Client_context.wallet)
|
2018-06-08 19:56:05 +04:00
|
|
|
Signer_messages.Sign.Request.{ pkh ; data ; signature }
|
|
|
|
|
?magic_bytes ~require_auth =
|
2018-05-26 14:51:51 +04:00
|
|
|
log "Request for signing %d bytes of data for key %a, magic byte = %02X"
|
2018-05-26 14:03:12 +04:00
|
|
|
(MBytes.length data)
|
2018-05-26 14:51:51 +04:00
|
|
|
Signature.Public_key_hash.pp pkh
|
2018-05-26 14:03:12 +04:00
|
|
|
(MBytes.get_uint8 data 0) >>= fun () ->
|
2018-06-08 19:56:05 +04:00
|
|
|
check_magic_byte magic_bytes data >>=? fun () ->
|
2018-06-06 12:49:53 +04:00
|
|
|
begin match require_auth, signature with
|
|
|
|
|
| false, _ -> return ()
|
|
|
|
|
| true, None -> failwith "missing authentication signature field"
|
|
|
|
|
| true, Some signature ->
|
|
|
|
|
let to_sign = Signer_messages.Sign.Request.to_sign ~pkh ~data in
|
|
|
|
|
Authorized_key.load cctxt >>=? fun keys ->
|
|
|
|
|
if List.fold_left
|
|
|
|
|
(fun acc (_, key) -> acc || Signature.check key signature to_sign)
|
|
|
|
|
false keys
|
|
|
|
|
then
|
|
|
|
|
return ()
|
|
|
|
|
else
|
|
|
|
|
failwith "invalid authentication signature"
|
|
|
|
|
end >>=? fun () ->
|
2018-05-26 14:51:51 +04:00
|
|
|
Client_keys.get_key cctxt pkh >>=? fun (name, _pkh, sk_uri) ->
|
|
|
|
|
log "Signing data for key %s" name >>= fun () ->
|
2018-05-26 15:22:47 +04:00
|
|
|
Client_keys.sign sk_uri data >>=? fun signature ->
|
2018-05-26 14:51:51 +04:00
|
|
|
return signature
|
2018-05-26 14:03:12 +04:00
|
|
|
|
2018-05-26 14:51:51 +04:00
|
|
|
let public_key (cctxt : #Client_context.wallet) pkh =
|
|
|
|
|
log "Request for public key %a"
|
|
|
|
|
Signature.Public_key_hash.pp pkh >>= fun () ->
|
2018-06-14 01:05:36 +04:00
|
|
|
Client_keys.list_keys cctxt >>=? fun all_keys ->
|
|
|
|
|
match List.find (fun (_, h, _, _) -> Signature.Public_key_hash.equal h pkh) all_keys with
|
|
|
|
|
| exception Not_found ->
|
|
|
|
|
log "No public key found for hash %a"
|
|
|
|
|
Signature.Public_key_hash.pp pkh >>= fun () ->
|
|
|
|
|
Lwt.fail Not_found
|
|
|
|
|
| (_, _, None, _) ->
|
|
|
|
|
log "No public key found for hash %a"
|
|
|
|
|
Signature.Public_key_hash.pp pkh >>= fun () ->
|
|
|
|
|
Lwt.fail Not_found
|
|
|
|
|
| (name, _, Some pk, _) ->
|
|
|
|
|
log "Found public key for hash %a (name: %s)"
|
|
|
|
|
Signature.Public_key_hash.pp pkh name >>= fun () ->
|
|
|
|
|
return pk
|
