ligo/src/bin_signer/handler.ml

181 lines
8.0 KiB
OCaml
Raw Normal View History

2018-06-29 16:08:08 +04:00
(*****************************************************************************)
(* *)
(* Open Source License *)
(* Copyright (c) 2018 Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
(* *)
(* Permission is hereby granted, free of charge, to any person obtaining a *)
(* copy of this software and associated documentation files (the "Software"),*)
(* to deal in the Software without restriction, including without limitation *)
(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *)
(* and/or sell copies of the Software, and to permit persons to whom the *)
(* Software is furnished to do so, subject to the following conditions: *)
(* *)
(* The above copyright notice and this permission notice shall be included *)
(* in all copies or substantial portions of the Software. *)
(* *)
(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)
(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *)
(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *)
(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)
(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *)
(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *)
(* DEALINGS IN THE SOFTWARE. *)
(* *)
(*****************************************************************************)
open Signer_logging
let log = lwt_log_notice
module High_watermark = struct
let encoding =
let open Data_encoding in
let raw_hash =
conv Blake2B.to_bytes Blake2B.of_bytes_exn bytes in
conv
(List.map (fun (chain_id, marks) -> Chain_id.to_b58check chain_id, marks))
(List.map (fun (chain_id, marks) -> Chain_id.of_b58check_exn chain_id, marks)) @@
assoc @@
conv
(List.map (fun (pkh, mark) -> Signature.Public_key_hash.to_b58check pkh, mark))
(List.map (fun (pkh, mark) -> Signature.Public_key_hash.of_b58check_exn pkh, mark)) @@
assoc @@
2018-10-22 01:22:28 +04:00
obj3
(req "level" int32)
(req "hash" raw_hash)
2018-10-22 01:22:28 +04:00
(opt "signature" Signature.encoding)
2018-10-22 01:22:28 +04:00
let mark_if_block_or_endorsement (cctxt : #Client_context.wallet) pkh bytes sign =
let mark art name get_level =
let file = name ^ "_high_watermark" in
cctxt#with_lock @@ fun () ->
cctxt#load file ~default:[] encoding >>=? fun all ->
if MBytes.length bytes < 9 then
failwith "byte sequence too short to be %s %s" art name
else
let hash = Blake2B.hash_bytes [ bytes ] in
let chain_id = Chain_id.of_bytes_exn (MBytes.sub bytes 1 4) in
let level = get_level () in
begin match List.assoc_opt chain_id all with
| None -> return_none
| Some marks ->
match List.assoc_opt pkh marks with
| None -> return_none
2018-10-22 01:22:28 +04:00
| Some (previous_level, _, None) ->
if previous_level >= level then
failwith "%s level %ld not above high watermark %ld" name level previous_level
else
return_none
2018-10-22 01:22:28 +04:00
| Some (previous_level, previous_hash, Some signature) ->
if previous_level > level then
failwith "%s level %ld below high watermark %ld" name level previous_level
else if previous_level = level then
if previous_hash <> hash then
failwith "%s level %ld already signed with different data" name level
else
return_some signature
else return_none
2018-10-22 01:22:28 +04:00
end >>=? function
| Some signature -> return signature
| None ->
sign bytes >>=? fun signature ->
let rec update = function
| [] -> [ chain_id, [ pkh, (level, hash, Some signature) ] ]
| (e_chain_id, marks) :: rest ->
if chain_id = e_chain_id then
let marks = (pkh, (level, hash, Some signature)) :: List.filter (fun (pkh', _) -> pkh <> pkh') marks in
(e_chain_id, marks) :: rest
else
2018-10-22 01:22:28 +04:00
(e_chain_id, marks) :: update rest in
cctxt#write file (update all) encoding >>=? fun () ->
return signature in
if MBytes.length bytes > 0 && MBytes.get_uint8 bytes 0 = 0x01 then
mark "a" "block" (fun () -> MBytes.get_int32 bytes 5)
else if MBytes.length bytes > 0 && MBytes.get_uint8 bytes 0 = 0x02 then
mark "an" "endorsement" (fun () -> MBytes.get_int32 bytes (MBytes.length bytes - 4))
2018-10-22 01:22:28 +04:00
else sign bytes
end
2018-06-06 12:49:53 +04:00
module Authorized_key =
Client_aliases.Alias (struct
include Signature.Public_key
let name = "authorized_key"
let to_source s = return (to_b58check s)
let of_source t = Lwt.return (of_b58check t)
end)
2018-06-08 19:56:05 +04:00
let check_magic_byte magic_bytes data =
match magic_bytes with
2018-06-26 13:07:12 +04:00
| None -> return_unit
2018-06-08 19:56:05 +04:00
| Some magic_bytes ->
let byte = MBytes.get_uint8 data 0 in
if MBytes.length data > 1
&& (List.mem byte magic_bytes) then
2018-06-26 13:07:12 +04:00
return_unit
2018-06-08 19:56:05 +04:00
else
failwith "magic byte 0x%02X not allowed" byte
2018-06-06 12:49:53 +04:00
let sign
(cctxt : #Client_context.wallet)
2018-06-08 19:56:05 +04:00
Signer_messages.Sign.Request.{ pkh ; data ; signature }
?magic_bytes ~check_high_watermark ~require_auth =
log Tag.DSL.(fun f ->
f "Request for signing %d bytes of data for key %a, magic byte = %02X"
-% t event "request_for_signing"
-% s num_bytes (MBytes.length data)
-% a Signature.Public_key_hash.Logging.tag pkh
-% s magic_byte (MBytes.get_uint8 data 0)) >>= fun () ->
2018-06-08 19:56:05 +04:00
check_magic_byte magic_bytes data >>=? fun () ->
2018-06-06 12:49:53 +04:00
begin match require_auth, signature with
2018-06-26 13:07:12 +04:00
| false, _ -> return_unit
2018-06-06 12:49:53 +04:00
| true, None -> failwith "missing authentication signature field"
| true, Some signature ->
let to_sign = Signer_messages.Sign.Request.to_sign ~pkh ~data in
Authorized_key.load cctxt >>=? fun keys ->
if List.fold_left
(fun acc (_, key) -> acc || Signature.check key signature to_sign)
false keys
then
2018-06-26 13:07:12 +04:00
return_unit
2018-06-06 12:49:53 +04:00
else
failwith "invalid authentication signature"
end >>=? fun () ->
Client_keys.get_key cctxt pkh >>=? fun (name, _pkh, sk_uri) ->
log Tag.DSL.(fun f ->
f "Signing data for key %s"
-% t event "signing_data"
-% s Client_keys.Logging.tag name) >>= fun () ->
2018-10-22 01:22:28 +04:00
let sign = Client_keys.sign cctxt sk_uri in
if check_high_watermark then
High_watermark.mark_if_block_or_endorsement cctxt pkh data sign
else
sign data
let public_key (cctxt : #Client_context.wallet) pkh =
log Tag.DSL.(fun f ->
f "Request for public key %a"
-% t event "request_for_public_key"
-% a Signature.Public_key_hash.Logging.tag pkh) >>= fun () ->
Client_keys.list_keys cctxt >>=? fun all_keys ->
match List.find_opt (fun (_, h, _, _) -> Signature.Public_key_hash.equal h pkh) all_keys with
| None ->
log Tag.DSL.(fun f ->
f "No public key found for hash %a"
-% t event "not_found_public_key"
-% a Signature.Public_key_hash.Logging.tag pkh) >>= fun () ->
Lwt.fail Not_found
| Some (_, _, None, _) ->
log Tag.DSL.(fun f ->
f "No public key found for hash %a"
-% t event "not_found_public_key"
-% a Signature.Public_key_hash.Logging.tag pkh) >>= fun () ->
Lwt.fail Not_found
| Some (name, _, Some pk, _) ->
log Tag.DSL.(fun f ->
f "Found public key for hash %a (name: %s)"
-% t event "found_public_key"
-% a Signature.Public_key_hash.Logging.tag pkh
-% s Client_keys.Logging.tag name) >>= fun () ->
return pk