Client: add encrypted signature scheme

This commit is contained in:
Vincent Bernardoff 2018-02-08 19:00:01 +01:00 committed by Benjamin Canou
parent 67019246e9
commit 54e96092b4
18 changed files with 375 additions and 153 deletions

View File

@ -286,146 +286,151 @@ opam:14:tezos-stdlib-unix:
variables: variables:
package: tezos-stdlib-unix package: tezos-stdlib-unix
opam:15:tezos-rpc-http: opam:15:bip39:
<<: *opam_definition
variables:
package: bip39
opam:16:tezos-rpc-http:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-rpc-http package: tezos-rpc-http
opam:16:tezos-shell-services: opam:17:tezos-shell-services:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-shell-services package: tezos-shell-services
opam:17:tezos-storage: opam:18:tezos-storage:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-storage package: tezos-storage
opam:18:tezos-protocol-compiler: opam:19:tezos-protocol-compiler:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-protocol-compiler package: tezos-protocol-compiler
opam:19:tezos-client-base: opam:20:tezos-client-base:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-client-base package: tezos-client-base
opam:20:tezos-protocol-alpha: opam:21:tezos-protocol-alpha:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-protocol-alpha package: tezos-protocol-alpha
opam:21:tezos-protocol-environment-client: opam:22:tezos-protocol-environment-client:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-protocol-environment-client package: tezos-protocol-environment-client
opam:22:tezos-protocol-genesis: opam:23:tezos-client-alpha:
<<: *opam_definition
variables:
package: tezos-protocol-genesis
opam:23:tezos-protocol-updater:
<<: *opam_definition
variables:
package: tezos-protocol-updater
opam:24:tezos-p2p:
<<: *opam_definition
variables:
package: tezos-p2p
opam:25:tezos-client-alpha:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-client-alpha package: tezos-client-alpha
opam:26:tezos-client-commands: opam:24:tezos-client-commands:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-client-commands package: tezos-client-commands
opam:27:ocplib-resto-json: opam:25:tezos-baking-alpha:
<<: *opam_definition
variables:
package: ocplib-resto-json
opam:28:tezos-client-genesis:
<<: *opam_definition
variables:
package: tezos-client-genesis
opam:29:tezos-embedded-protocol-alpha:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-alpha
opam:30:tezos-embedded-protocol-demo:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-demo
opam:31:tezos-embedded-protocol-genesis:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-genesis
opam:32:tezos-shell:
<<: *opam_definition
variables:
package: tezos-shell
opam:33:tezos-baking-alpha:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-baking-alpha package: tezos-baking-alpha
opam:34:ocplib-ezresto: opam:26:tezos-protocol-genesis:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: ocplib-ezresto package: tezos-protocol-genesis
opam:35:tezos-client: opam:27:tezos-protocol-updater:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-client package: tezos-protocol-updater
opam:36:tezos-node: opam:28:tezos-p2p:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-node package: tezos-p2p
opam:37:tezos-baking-alpha-commands: opam:29:ocplib-resto-json:
<<: *opam_definition
variables:
package: ocplib-resto-json
opam:30:tezos-baking-alpha-commands:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-baking-alpha-commands package: tezos-baking-alpha-commands
opam:38:ocplib-ezresto-directory: opam:31:tezos-client-alpha-commands:
<<: *opam_definition
variables:
package: ocplib-ezresto-directory
opam:39:tezos-client-alpha-commands:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-client-alpha-commands package: tezos-client-alpha-commands
opam:40:tezos-baker-alpha: opam:32:tezos-client-base-unix:
<<: *opam_definition
variables:
package: tezos-client-base-unix
opam:33:tezos-client-genesis:
<<: *opam_definition
variables:
package: tezos-client-genesis
opam:34:tezos-embedded-protocol-alpha:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-alpha
opam:35:tezos-embedded-protocol-demo:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-demo
opam:36:tezos-embedded-protocol-genesis:
<<: *opam_definition
variables:
package: tezos-embedded-protocol-genesis
opam:37:tezos-shell:
<<: *opam_definition
variables:
package: tezos-shell
opam:38:ocplib-ezresto:
<<: *opam_definition
variables:
package: ocplib-ezresto
opam:39:tezos-client:
<<: *opam_definition
variables:
package: tezos-client
opam:40:tezos-node:
<<: *opam_definition
variables:
package: tezos-node
opam:41:ocplib-ezresto-directory:
<<: *opam_definition
variables:
package: ocplib-ezresto-directory
opam:42:tezos-baker-alpha:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-baker-alpha package: tezos-baker-alpha
opam:41:tezos-protocol-demo: opam:43:tezos-protocol-demo:
<<: *opam_definition <<: *opam_definition
variables: variables:
package: tezos-protocol-demo package: tezos-protocol-demo
opam:42:tezos-client-base-unix:
<<: *opam_definition
variables:
package: tezos-client-base-unix
##END_OPAM## ##END_OPAM##

View File

@ -117,12 +117,9 @@ module type SIGNER = sig
val scheme : string val scheme : string
val title : string val title : string
val description : string val description : string
val sk_locator_of_human_input : val init : #Client_context.io_wallet -> unit tzresult Lwt.t
Client_context.logging_wallet -> val sk_locator_of_human_input : #Client_context.io_wallet -> string list -> sk_locator tzresult Lwt.t
string list -> sk_locator tzresult Lwt.t val pk_locator_of_human_input : #Client_context.io_wallet -> string list -> pk_locator tzresult Lwt.t
val pk_locator_of_human_input :
Client_context.logging_wallet ->
string list -> pk_locator tzresult Lwt.t
val sk_of_locator : sk_locator -> secret_key tzresult Lwt.t val sk_of_locator : sk_locator -> secret_key tzresult Lwt.t
val pk_of_locator : pk_locator -> public_key tzresult Lwt.t val pk_of_locator : pk_locator -> public_key tzresult Lwt.t
val sk_to_locator : secret_key -> sk_locator Lwt.t val sk_to_locator : secret_key -> sk_locator Lwt.t
@ -133,30 +130,35 @@ module type SIGNER = sig
val sign : secret_key -> MBytes.t -> Ed25519.Signature.t tzresult Lwt.t val sign : secret_key -> MBytes.t -> Ed25519.Signature.t tzresult Lwt.t
end end
let signers_table : (string, (module SIGNER)) Hashtbl.t = Hashtbl.create 13 let signers_table : (string, (module SIGNER) * bool) Hashtbl.t = Hashtbl.create 13
let register_signer signer = let register_signer signer =
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Hashtbl.replace signers_table Signer.scheme signer Hashtbl.replace signers_table Signer.scheme (signer, false)
let find_signer_for_key ~scheme = let find_signer_for_key cctxt ~scheme =
match Hashtbl.find signers_table scheme with match Hashtbl.find signers_table scheme with
| exception Not_found -> error (Unregistered_key_scheme scheme) | exception Not_found -> fail (Unregistered_key_scheme scheme)
| signer -> ok signer | signer, false ->
let module Signer = (val signer : SIGNER) in
Signer.init cctxt >>=? fun () ->
return signer
| signer, true -> return signer
let registered_signers () : (string * (module SIGNER)) list = let registered_signers () : (string * (module SIGNER)) list =
Hashtbl.fold (fun k v acc -> (k, v) :: acc) signers_table [] Hashtbl.fold (fun k (v, _) acc -> (k, v) :: acc) signers_table []
let sign ((Sk_locator { scheme }) as skloc) buf = let sign cctxt ((Sk_locator { scheme }) as skloc) buf =
Lwt.return (find_signer_for_key ~scheme) >>=? fun signer -> find_signer_for_key cctxt ~scheme >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.sk_of_locator skloc >>=? fun t -> Signer.sk_of_locator skloc >>=? fun t ->
Signer.sign t buf Signer.sign t buf
let append loc buf = let append cctxt loc buf =
sign loc buf >>|? fun signature -> sign cctxt loc buf >>|? fun signature ->
MBytes.concat buf (Ed25519.Signature.to_bytes signature) MBytes.concat buf (Ed25519.Signature.to_bytes signature)
let gen_keys ?(force=false) ?seed (cctxt : #Client_context.wallet) name = let gen_keys ?(force=false) ?seed (cctxt : #Client_context.io_wallet) name =
let seed = let seed =
match seed with match seed with
| None -> Ed25519.Seed.generate () | None -> Ed25519.Seed.generate ()
@ -232,21 +234,20 @@ let get_key (cctxt : #Client_context.wallet) pkh =
Public_key.find cctxt n >>=? fun pk -> Public_key.find cctxt n >>=? fun pk ->
Secret_key.find cctxt n >>=? fun sk -> Secret_key.find cctxt n >>=? fun sk ->
let scheme = Secret_key_locator.scheme sk in let scheme = Secret_key_locator.scheme sk in
Lwt.return (find_signer_for_key ~scheme) >>=? fun signer -> find_signer_for_key cctxt ~scheme >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.pk_of_locator pk >>=? fun pk -> Signer.pk_of_locator pk >>=? fun pk ->
Signer.public_key pk >>= fun pk -> Signer.public_key pk >>= fun pk ->
return (n, pk, sk) return (n, pk, sk)
let get_keys (wallet : #Client_context.wallet) = let get_keys (wallet : #Client_context.io_wallet) =
Secret_key.load wallet >>=? fun sks -> Secret_key.load wallet >>=? fun sks ->
Lwt_list.filter_map_s begin fun (name, sk) -> Lwt_list.filter_map_s begin fun (name, sk) ->
begin begin
Public_key.find wallet name >>=? fun pk -> Public_key.find wallet name >>=? fun pk ->
Public_key_hash.find wallet name >>=? fun pkh -> Public_key_hash.find wallet name >>=? fun pkh ->
let scheme = Public_key_locator.scheme pk in let scheme = Public_key_locator.scheme pk in
Lwt.return find_signer_for_key wallet ~scheme >>=? fun signer ->
(find_signer_for_key ~scheme) >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.pk_of_locator pk >>=? fun pk -> Signer.pk_of_locator pk >>=? fun pk ->
Signer.public_key pk >>= fun pk -> Signer.public_key pk >>= fun pk ->

View File

@ -52,16 +52,19 @@ module type SIGNER = sig
(** [description] is a multi-line human readable description of the (** [description] is a multi-line human readable description of the
signer, that should include the format of key specifications. *) signer, that should include the format of key specifications. *)
val init :
#Client_context.io_wallet -> unit tzresult Lwt.t
(** [init wallet] initialized the signer module (plugin
dependent). *)
val sk_locator_of_human_input : val sk_locator_of_human_input :
Client_context.logging_wallet -> #Client_context.io_wallet -> string list -> sk_locator tzresult Lwt.t
string list -> sk_locator tzresult Lwt.t
(** [sk_locator_of_human_input wallet spec] is the [sk_locator] (** [sk_locator_of_human_input wallet spec] is the [sk_locator]
corresponding to the human readable specification [spec] (plugin corresponding to the human readable specification [spec] (plugin
dependent). *) dependent). *)
val pk_locator_of_human_input : val pk_locator_of_human_input :
Client_context.logging_wallet -> #Client_context.io_wallet -> string list -> pk_locator tzresult Lwt.t
string list -> pk_locator tzresult Lwt.t
(** [pk_locator_of_human_input wallet spec] is the [pk_locator] (** [pk_locator_of_human_input wallet spec] is the [pk_locator]
corresponding to the human readable specification [spec] (plugin corresponding to the human readable specification [spec] (plugin
dependent). *) dependent). *)
@ -93,20 +96,24 @@ module type SIGNER = sig
end end
val register_signer : (module SIGNER) -> unit val register_signer : (module SIGNER) -> unit
(** [register_signer signer] sets first-class module [signer] as (** [register_signer signer] registers first-class module [signer] as
signer for keys with scheme [(val signer : SIGNER).scheme]. *) signer for keys with scheme [(val signer : SIGNER).scheme]. *)
val find_signer_for_key : scheme:string -> (module SIGNER) tzresult
val registered_signers : unit -> (string * (module SIGNER)) list val registered_signers : unit -> (string * (module SIGNER)) list
val sign : sk_locator -> MBytes.t -> Ed25519.Signature.t tzresult Lwt.t val find_signer_for_key :
val append : sk_locator -> MBytes.t -> MBytes.t tzresult Lwt.t #Client_context.io_wallet -> scheme:string -> (module SIGNER) tzresult Lwt.t
val sign :
#Client_context.io_wallet ->
sk_locator -> MBytes.t -> Ed25519.Signature.t tzresult Lwt.t
val append :
#Client_context.io_wallet ->
sk_locator -> MBytes.t -> MBytes.t tzresult Lwt.t
val gen_keys : val gen_keys :
?force:bool -> ?force:bool ->
?seed:Ed25519.Seed.t -> ?seed:Ed25519.Seed.t ->
#Client_context.wallet -> string -> unit tzresult Lwt.t #Client_context.io_wallet -> string -> unit tzresult Lwt.t
val gen_keys_containing : val gen_keys_containing :
?prefix:bool -> ?prefix:bool ->
@ -124,12 +131,12 @@ val alias_keys :
(Public_key_hash.t * pk_locator option * sk_locator option) option tzresult Lwt.t (Public_key_hash.t * pk_locator option * sk_locator option) option tzresult Lwt.t
val get_key: val get_key:
#Client_context.wallet -> #Client_context.io_wallet ->
Public_key_hash.t -> Public_key_hash.t ->
(string * Ed25519.Public_key.t * sk_locator) tzresult Lwt.t (string * Ed25519.Public_key.t * sk_locator) tzresult Lwt.t
val get_keys: val get_keys:
#Client_context.wallet -> #Client_context.io_wallet ->
(string * Public_key_hash.t * Ed25519.Public_key.t * sk_locator) list tzresult Lwt.t (string * Public_key_hash.t * Ed25519.Public_key.t * sk_locator) list tzresult Lwt.t
val force_switch : unit -> (bool, #Client_context.full_context) Cli_entries.arg val force_switch : unit -> (bool, #Client_context.full_context) Cli_entries.arg

View File

@ -4,8 +4,9 @@
((name tezos_client_base) ((name tezos_client_base)
(public_name tezos-client-base) (public_name tezos-client-base)
(libraries (tezos-base (libraries (tezos-base
tezos-rpc tezos-stdlib-unix
tezos-shell-services)) tezos-shell-services
tezos-rpc))
(library_flags (:standard -linkall)) (library_flags (:standard -linkall))
(flags (:standard -w -9+27-30-32-40@8 (flags (:standard -w -9+27-30-32-40@8
-safe-string -safe-string

View File

@ -15,6 +15,8 @@ depends: [
"tezos-storage" "tezos-storage"
"tezos-rpc-http" "tezos-rpc-http"
"cmdliner" "cmdliner"
"pbkdf"
"bip39"
] ]
build: [ build: [
[ "jbuilder" "build" "-p" name "-j" jobs ] [ "jbuilder" "build" "-p" name "-j" jobs ]

View File

@ -0,0 +1,203 @@
(**************************************************************************)
(* *)
(* Copyright (c) 2014 - 2017. *)
(* Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)
(* *)
(* All rights reserved. No warranty, explicit or implicit, provided. *)
(* *)
(**************************************************************************)
open Client_keys
module Encrypted_signer : SIGNER = struct
let scheme = "encrypted"
let title =
"Built-in signer using encrypted keys."
let description =
"If you try to import a secret key without additional argument, you will \
be asked to either generate a new key, or to import the elements \
from your fundraiser paper wallet.\n\
If you add an argument when importing a secret key, \
the format is the raw Base58-encoded key (starting with 'edsk').\n\
The format for importing public keys is the raw Base58-encoded \
key (starting with 'edpk')."
type secret_key = Ed25519.Secret_key.t
type public_key = Ed25519.Public_key.t
(* https://tools.ietf.org/html/rfc2898#section-4.1 *)
let salt_len = 8
(* Fixed zero nonce *)
let nonce = Crypto_box.zero_nonce
(* skloc -> Ed25519.Secret_key.t *)
let decrypted_sks = Hashtbl.create 13
let pbkdf ~salt ~password =
let open Cstruct in
let salt = of_bigarray salt in
let password = of_bigarray password in
to_bigarray
(Pbkdf.pbkdf2 ~prf:`SHA512 ~count:2048 ~dk_len:32l ~salt ~password)
let rec decrypt_sk sk salt = function
| [] -> None
| password :: pws ->
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in
match Crypto_box.Secretbox.box_open key sk nonce with
| None -> decrypt_sk sk salt pws
| Some sk -> Some sk
let salt_skenc_of_skloc skloc =
let open Cstruct in
let skloc = of_string skloc in
let len = len skloc in
let salt = sub skloc 0 salt_len in
let skenc = sub skloc salt_len (len - salt_len) in
to_bigarray salt, to_bigarray skenc
let rec passwd_ask_loop (cctxt : #Client_context.io_wallet) ~name ~salt ~skenc =
cctxt#prompt_password "Enter password for encrypted key %s: " name >>= fun password ->
let password = MBytes.of_string password in
let key = pbkdf ~salt ~password in
let key = Crypto_box.Secretbox.of_bytes_exn key in
match Crypto_box.Secretbox.box_open key skenc nonce with
| None -> passwd_ask_loop cctxt ~name ~salt ~skenc
| Some decrypted_sk ->
Lwt.return (password, (Ed25519.Secret_key.of_bytes_exn decrypted_sk))
let ask_all_passwords (cctxt : #Client_context.io_wallet) sks =
Lwt_list.fold_left_s begin fun a (name, skloc) ->
if Secret_key_locator.scheme skloc <> scheme then
Lwt.return a
else
match Base58.safe_decode (Secret_key_locator.location skloc) with
| None -> Lwt.fail Exit
| Some loc ->
let salt, skenc = salt_skenc_of_skloc loc in
match decrypt_sk skenc salt a with
| Some sk ->
Hashtbl.replace decrypted_sks loc
(Ed25519.Secret_key.of_bytes_exn sk) ;
Lwt.return a
| None ->
passwd_ask_loop
cctxt ~name ~salt ~skenc >>= fun (passwd, decrypted_sk) ->
Hashtbl.replace decrypted_sks loc decrypted_sk ;
Lwt.return (passwd :: a)
end [] sks
let init cctxt =
Secret_key.load cctxt >>=? fun sks ->
Lwt.try_bind
(fun () -> ask_all_passwords cctxt sks)
(fun _ -> return ())
(fun _ -> failwith "Corrupted secret key database. Aborting.")
let input_new_passphrase (cctxt : #Client_context.io_wallet) =
cctxt#prompt_password "Enter passphrase to encrypt your key: " >>= fun password ->
cctxt#prompt_password "Confirm passphrase: " >>= fun confirm ->
if password <> confirm then
failwith "Passphrases do not match."
else return password
let encrypt_sk cctxt sk =
input_new_passphrase cctxt >>=? fun password ->
let password = MBytes.of_string password in
let salt = Rand.generate salt_len in
let key = Crypto_box.Secretbox.of_bytes_exn (pbkdf ~password ~salt) in
let msg = Ed25519.Secret_key.to_bytes sk in
let encrypted_passwd = Crypto_box.Secretbox.box key msg nonce in
let payload = MBytes.(to_string (concat salt encrypted_passwd)) in
let location = Base58.safe_encode payload in
Hashtbl.replace decrypted_sks location sk ;
return (Secret_key_locator.create ~scheme ~location)
let rec get_boolean_answer (cctxt : #Client_context.io_wallet) ~default ~msg =
let prompt = if default then "(Y/n/q)" else "(y/N/q)" in
cctxt#prompt "%s %s: " msg prompt >>= fun gen ->
match default, String.lowercase_ascii gen with
| default, "" -> return default
| _, "y" -> return true
| _, "n" -> return false
| _, "q" -> failwith "Exit by user request."
| _ -> get_boolean_answer cctxt ~msg ~default
let rec sk_of_mnemonic (cctxt : #Client_context.io_wallet) =
cctxt#prompt "Enter the e-mail used for the paper wallet: " >>= fun email ->
let rec loop_words acc i =
if i > 14 then Lwt.return (List.rev acc) else
cctxt#prompt_password "Enter word %d: " i >>= fun word ->
match Bip39.index_of_word word with
| None -> loop_words acc i
| Some wordidx -> loop_words (wordidx :: acc) (succ i) in
loop_words [] 0 >>= fun words ->
match Bip39.of_indices words with
| None -> assert false
| Some t ->
cctxt#prompt_password
"Enter the password used for the paper wallet: " >>= fun password ->
let sk = Bip39.to_seed ~passphrase:(password ^ email) t in
let sk = Cstruct.(to_bigarray (sub sk 0 32)) in
let sk = Ed25519.Secret_key.of_bytes_exn sk in
let pk = Ed25519.Secret_key.to_public_key sk in
let pkh = Ed25519.Public_key.hash pk in
let msg = Format.asprintf
"Your public Tezos address is %a is that correct?"
Ed25519.Public_key_hash.pp pkh in
get_boolean_answer cctxt ~msg ~default:true >>=? function
| true -> return sk
| false -> sk_of_mnemonic cctxt
let sk_locator_of_human_input cctxt = function
| sk :: _ ->
Lwt.return (Ed25519.Secret_key.of_b58check sk) >>=? fun sk ->
encrypt_sk cctxt sk
| [] -> begin
get_boolean_answer
cctxt ~msg:"Generate a new key" ~default:true >>=? function
| true ->
let _, _, sk = Ed25519.generate_key () in
encrypt_sk cctxt sk
| false ->
get_boolean_answer cctxt
~msg:"Import key from fundraiser" ~default:true >>=? function
| false -> failwith "Goodbye."
| true ->
sk_of_mnemonic cctxt >>=? fun sk ->
encrypt_sk cctxt sk
end
let pk_locator_of_human_input _cctxt = function
| [] -> failwith "Missing public key argument."
| pk :: _ -> return (Public_key_locator.create ~scheme ~location:pk)
let sk_of_locator (Sk_locator { location }) =
match Hashtbl.find decrypted_sks location with
| exception Not_found -> failwith "Unknown secret key location."
| sk -> return sk
let pk_of_locator (Pk_locator { location }) =
Lwt.return (Ed25519.Public_key.of_b58check location)
let sk_to_locator sk =
Secret_key_locator.create
~scheme ~location:(Ed25519.Secret_key.to_b58check sk) |>
Lwt.return
let pk_to_locator pk =
Public_key_locator.create
~scheme ~location:(Ed25519.Public_key.to_b58check pk) |>
Lwt.return
let neuterize x = Lwt.return (Ed25519.Secret_key.to_public_key x)
let public_key x = Lwt.return x
let public_key_hash x = Lwt.return (Ed25519.Public_key.hash x)
let sign t buf = return (Ed25519.sign t buf)
end
let () =
register_signer (module Encrypted_signer)

View File

@ -26,6 +26,8 @@ module Unencrypted_signer : SIGNER = struct
type secret_key = Ed25519.Secret_key.t type secret_key = Ed25519.Secret_key.t
type public_key = Ed25519.Public_key.t type public_key = Ed25519.Public_key.t
let init _wallet = return ()
let sk_locator_of_human_input _cctxt = function let sk_locator_of_human_input _cctxt = function
| sk :: _ -> | sk :: _ ->
return (Secret_key_locator.create ~scheme ~location:sk) return (Secret_key_locator.create ~scheme ~location:sk)

View File

@ -8,6 +8,8 @@
tezos-client-commands tezos-client-commands
tezos-stdlib-unix tezos-stdlib-unix
tezos-rpc-http tezos-rpc-http
pbkdf
bip39
tezos-shell-services)) tezos-shell-services))
(flags (:standard -w -9+27-30-32-40@8 (flags (:standard -w -9+27-30-32-40@8
-safe-string -safe-string

View File

@ -89,10 +89,10 @@ let commands () =
information.")) information."))
(fun force scheme name spec cctxt -> (fun force scheme name spec cctxt ->
Secret_key.of_fresh cctxt force name >>=? fun name -> Secret_key.of_fresh cctxt force name >>=? fun name ->
Lwt.return (find_signer_for_key ~scheme) >>=? fun signer -> find_signer_for_key ~scheme cctxt >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.sk_locator_of_human_input Signer.sk_locator_of_human_input
(cctxt :> Client_context.logging_wallet) spec >>=? fun skloc -> (cctxt :> Client_context.io_wallet) spec >>=? fun skloc ->
Signer.sk_of_locator skloc >>=? fun sk -> Signer.sk_of_locator skloc >>=? fun sk ->
Signer.neuterize sk >>= fun pk -> Signer.neuterize sk >>= fun pk ->
Signer.pk_to_locator pk >>= fun pkloc -> Signer.pk_to_locator pk >>= fun pkloc ->
@ -128,10 +128,10 @@ let commands () =
information.")) information."))
(fun force scheme name location cctxt -> (fun force scheme name location cctxt ->
Public_key.of_fresh cctxt force name >>=? fun name -> Public_key.of_fresh cctxt force name >>=? fun name ->
Lwt.return (find_signer_for_key ~scheme) >>=? fun signer -> find_signer_for_key ~scheme cctxt >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.pk_locator_of_human_input Signer.pk_locator_of_human_input
(cctxt :> Client_context.logging_wallet) location >>=? fun pkloc -> (cctxt :> Client_context.io_wallet) location >>=? fun pkloc ->
Signer.pk_of_locator pkloc >>=? fun pk -> Signer.pk_of_locator pkloc >>=? fun pk ->
Signer.public_key_hash pk >>= fun pkh -> Signer.public_key_hash pk >>= fun pkh ->
Public_key_hash.add ~force cctxt name pkh >>=? fun () -> Public_key_hash.add ~force cctxt name pkh >>=? fun () ->
@ -180,7 +180,7 @@ let commands () =
match pk with match pk with
| None -> return () | None -> return ()
| Some (Pk_locator { scheme } as pkloc) -> | Some (Pk_locator { scheme } as pkloc) ->
Lwt.return (find_signer_for_key ~scheme) >>=? fun signer -> find_signer_for_key ~scheme cctxt >>=? fun signer ->
let module Signer = (val signer : SIGNER) in let module Signer = (val signer : SIGNER) in
Signer.pk_of_locator pkloc >>=? fun pk -> Signer.pk_of_locator pkloc >>=? fun pk ->
Signer.public_key pk >>= fun pk -> Signer.public_key pk >>= fun pk ->

View File

@ -103,7 +103,7 @@ let inject_endorsement (cctxt : #Proto_alpha.full_context)
~block:bi.hash ~block:bi.hash
~slot:slot ~slot:slot
() >>=? fun bytes -> () >>=? fun bytes ->
Client_keys.append src_sk bytes >>=? fun signed_bytes -> Client_keys.append cctxt src_sk bytes >>=? fun signed_bytes ->
Shell_services.inject_operation Shell_services.inject_operation
cctxt ?async ~chain_id:bi.chain_id signed_bytes >>=? fun oph -> cctxt ?async ~chain_id:bi.chain_id signed_bytes >>=? fun oph ->
State.record_endorsement cctxt level bi.hash slot oph >>=? fun () -> State.record_endorsement cctxt level bi.hash slot oph >>=? fun () ->

View File

@ -30,7 +30,7 @@ let forge_block_header
let unsigned_header = let unsigned_header =
Alpha_context.Block_header.forge_unsigned Alpha_context.Block_header.forge_unsigned
shell { priority ; seed_nonce_hash ; proof_of_work_nonce } in shell { priority ; seed_nonce_hash ; proof_of_work_nonce } in
Client_keys.append delegate_sk unsigned_header >>=? fun signed_header -> Client_keys.append cctxt delegate_sk unsigned_header >>=? fun signed_header ->
let block_hash = Block_hash.hash_bytes [signed_header] in let block_hash = Block_hash.hash_bytes [signed_header] in
if Baking.check_hash block_hash stamp_threshold then if Baking.check_hash block_hash stamp_threshold then
return signed_header return signed_header

View File

@ -17,7 +17,7 @@ val generate_seed_nonce: unit -> Nonce.t
reveal the aforementionned nonce during the next cycle. *) reveal the aforementionned nonce during the next cycle. *)
val inject_block: val inject_block:
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
?force:bool -> ?force:bool ->
?chain_id:Chain_id.t -> ?chain_id:Chain_id.t ->
shell_header:Block_header.shell_header -> shell_header:Block_header.shell_header ->
@ -36,7 +36,7 @@ type error +=
| Failed_to_preapply of Tezos_base.Operation.t * error list | Failed_to_preapply of Tezos_base.Operation.t * error list
val forge_block: val forge_block:
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
Block_services.block -> Block_services.block ->
?force:bool -> ?force:bool ->
?operations:Operation.raw list -> ?operations:Operation.raw list ->

View File

@ -44,10 +44,10 @@ let parse_expression arg =
(Micheline_parser.no_parsing_error (Micheline_parser.no_parsing_error
(Michelson_v1_parser.parse_expression arg)) (Michelson_v1_parser.parse_expression arg))
let transfer rpc_config let transfer cctxt
block ?branch block ?branch
~source ~src_pk ~src_sk ~destination ?arg ~amount ~fee () = ~source ~src_pk ~src_sk ~destination ?arg ~amount ~fee () =
get_branch rpc_config block branch >>=? fun (chain_id, branch) -> get_branch cctxt block branch >>=? fun (chain_id, branch) ->
begin match arg with begin match arg with
| Some arg -> | Some arg ->
parse_expression arg >>=? fun { expanded = arg } -> parse_expression arg >>=? fun { expanded = arg } ->
@ -55,21 +55,21 @@ let transfer rpc_config
| None -> return None | None -> return None
end >>=? fun parameters -> end >>=? fun parameters ->
Alpha_services.Contract.counter Alpha_services.Contract.counter
rpc_config block source >>=? fun pcounter -> cctxt block source >>=? fun pcounter ->
let counter = Int32.succ pcounter in let counter = Int32.succ pcounter in
Alpha_services.Forge.Manager.transaction Alpha_services.Forge.Manager.transaction
rpc_config block cctxt block
~branch ~source ~sourcePubKey:src_pk ~counter ~amount ~branch ~source ~sourcePubKey:src_pk ~counter ~amount
~destination ?parameters ~fee () >>=? fun bytes -> ~destination ?parameters ~fee () >>=? fun bytes ->
Block_services.predecessor rpc_config block >>=? fun predecessor -> Block_services.predecessor cctxt block >>=? fun predecessor ->
Client_keys.sign src_sk bytes >>=? fun signature -> Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
let signed_bytes = let signed_bytes =
MBytes.concat bytes (Ed25519.Signature.to_bytes signature) in MBytes.concat bytes (Ed25519.Signature.to_bytes signature) in
let oph = Operation_hash.hash_bytes [ signed_bytes ] in let oph = Operation_hash.hash_bytes [ signed_bytes ] in
Alpha_services.Helpers.apply_operation rpc_config block Alpha_services.Helpers.apply_operation cctxt block
predecessor oph bytes (Some signature) >>=? fun contracts -> predecessor oph bytes (Some signature) >>=? fun contracts ->
Shell_services.inject_operation Shell_services.inject_operation
rpc_config ~chain_id signed_bytes >>=? fun injected_oph -> cctxt ~chain_id signed_bytes >>=? fun injected_oph ->
assert (Operation_hash.equal oph injected_oph) ; assert (Operation_hash.equal oph injected_oph) ;
return (oph, contracts) return (oph, contracts)
@ -104,17 +104,17 @@ let operation_submitted_message (cctxt : #Client_context.logger) ?(contracts = [
let originate_account ?branch let originate_account ?branch
~source ~src_pk ~src_sk ~manager_pkh ~source ~src_pk ~src_sk ~manager_pkh
?delegatable ?delegate ~balance ~fee block rpc_config () = ?delegatable ?delegate ~balance ~fee block cctxt () =
get_branch rpc_config block branch >>=? fun (chain_id, branch) -> get_branch cctxt block branch >>=? fun (chain_id, branch) ->
Alpha_services.Contract.counter Alpha_services.Contract.counter
rpc_config block source >>=? fun pcounter -> cctxt block source >>=? fun pcounter ->
let counter = Int32.succ pcounter in let counter = Int32.succ pcounter in
Alpha_services.Forge.Manager.origination rpc_config block Alpha_services.Forge.Manager.origination cctxt block
~branch ~source ~sourcePubKey:src_pk ~managerPubKey:manager_pkh ~branch ~source ~sourcePubKey:src_pk ~managerPubKey:manager_pkh
~counter ~balance ~spendable:true ~counter ~balance ~spendable:true
?delegatable ?delegatePubKey:delegate ~fee () >>=? fun bytes -> ?delegatable ?delegatePubKey:delegate ~fee () >>=? fun bytes ->
Client_keys.sign src_sk bytes >>=? fun signature -> Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
originate rpc_config ~block ~chain_id ~signature bytes originate cctxt ~block ~chain_id ~signature bytes
let faucet ?branch ~manager_pkh block rpc_config () = let faucet ?branch ~manager_pkh block rpc_config () =
get_branch rpc_config block branch >>=? fun (chain_id, branch) -> get_branch rpc_config block branch >>=? fun (chain_id, branch) ->
@ -123,22 +123,22 @@ let faucet ?branch ~manager_pkh block rpc_config () =
rpc_config block ~branch ~id:manager_pkh ~nonce () >>=? fun bytes -> rpc_config block ~branch ~id:manager_pkh ~nonce () >>=? fun bytes ->
originate rpc_config ~chain_id ~block bytes originate rpc_config ~chain_id ~block bytes
let delegate_contract rpc_config let delegate_contract cctxt
block ?branch block ?branch
~source ?src_pk ~manager_sk ~source ?src_pk ~manager_sk
~fee delegate_opt = ~fee delegate_opt =
get_branch rpc_config block branch >>=? fun (chain_id, branch) -> get_branch cctxt block branch >>=? fun (chain_id, branch) ->
Alpha_services.Contract.counter Alpha_services.Contract.counter
rpc_config block source >>=? fun pcounter -> cctxt block source >>=? fun pcounter ->
let counter = Int32.succ pcounter in let counter = Int32.succ pcounter in
Alpha_services.Forge.Manager.delegation rpc_config block Alpha_services.Forge.Manager.delegation cctxt block
~branch ~source ?sourcePubKey:src_pk ~counter ~fee delegate_opt ~branch ~source ?sourcePubKey:src_pk ~counter ~fee delegate_opt
>>=? fun bytes -> >>=? fun bytes ->
Client_keys.sign manager_sk bytes >>=? fun signature -> Client_keys.sign cctxt manager_sk bytes >>=? fun signature ->
let signed_bytes = Ed25519.Signature.concat bytes signature in let signed_bytes = Ed25519.Signature.concat bytes signature in
let oph = Operation_hash.hash_bytes [ signed_bytes ] in let oph = Operation_hash.hash_bytes [ signed_bytes ] in
Shell_services.inject_operation Shell_services.inject_operation
rpc_config ~chain_id signed_bytes >>=? fun injected_oph -> cctxt ~chain_id signed_bytes >>=? fun injected_oph ->
assert (Operation_hash.equal oph injected_oph) ; assert (Operation_hash.equal oph injected_oph) ;
return oph return oph
@ -191,10 +191,9 @@ let dictate rpc_config block command seckey =
assert (Operation_hash.equal oph injected_oph) ; assert (Operation_hash.equal oph injected_oph) ;
return oph return oph
let set_delegate (cctxt : #RPC_context.simple) block ~fee contract ~src_pk ~manager_sk opt_delegate = let set_delegate cctxt block ~fee contract ~src_pk ~manager_sk opt_delegate =
delegate_contract delegate_contract
cctxt block ~source:contract cctxt block ~source:contract ~src_pk ~manager_sk ~fee opt_delegate
~src_pk ~manager_sk ~fee opt_delegate
let source_to_keys (wallet : #Proto_alpha.full_context) block source = let source_to_keys (wallet : #Proto_alpha.full_context) block source =
get_manager wallet block source >>=? fun (_src_name, _src_pkh, src_pk, src_sk) -> get_manager wallet block source >>=? fun (_src_name, _src_pkh, src_pk, src_sk) ->
@ -231,5 +230,5 @@ let originate_contract
~counter ~balance ~spendable:spendable ~counter ~balance ~spendable:spendable
~delegatable ?delegatePubKey:delegate ~delegatable ?delegatePubKey:delegate
~script:{ code ; storage } ~fee () >>=? fun bytes -> ~script:{ code ; storage } ~fee () >>=? fun bytes ->
Client_keys.sign src_sk bytes >>=? fun signature -> Client_keys.sign cctxt src_sk bytes >>=? fun signature ->
originate cctxt ~block ~signature bytes originate cctxt ~block ~signature bytes

View File

@ -35,7 +35,7 @@ val get_balance:
Tez.t tzresult Lwt.t Tez.t tzresult Lwt.t
val set_delegate : val set_delegate :
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
Block_services.block -> Block_services.block ->
fee:Tez.tez -> fee:Tez.tez ->
Contract.t -> Contract.t ->
@ -66,7 +66,7 @@ val originate_account :
balance:Tez.tez -> balance:Tez.tez ->
fee:Tez.tez -> fee:Tez.tez ->
Block_services.block -> Block_services.block ->
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
unit -> (Operation_list_hash.elt * Contract.t) tzresult Lwt.t unit -> (Operation_list_hash.elt * Contract.t) tzresult Lwt.t
val save_contract : val save_contract :
@ -105,7 +105,7 @@ val faucet :
unit -> (Operation_list_hash.elt * Contract.t) tzresult Lwt.t unit -> (Operation_list_hash.elt * Contract.t) tzresult Lwt.t
val transfer : val transfer :
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
Block_services.block -> Block_services.block ->
?branch:int -> ?branch:int ->
source:Contract.t -> source:Contract.t ->

View File

@ -108,7 +108,7 @@ let trace
let hash_and_sign (data : Michelson_v1_parser.parsed) (typ : Michelson_v1_parser.parsed) sk block cctxt = let hash_and_sign (data : Michelson_v1_parser.parsed) (typ : Michelson_v1_parser.parsed) sk block cctxt =
Alpha_services.Helpers.hash_data cctxt block (data.expanded, typ.expanded) >>=? fun hash -> Alpha_services.Helpers.hash_data cctxt block (data.expanded, typ.expanded) >>=? fun hash ->
Client_keys.sign sk (MBytes.of_string hash) >>=? fun signature -> Client_keys.sign cctxt sk (MBytes.of_string hash) >>=? fun signature ->
return (hash, return (hash,
signature |> signature |>
Data_encoding.Binary.to_bytes Ed25519.Signature.encoding |> Data_encoding.Binary.to_bytes Ed25519.Signature.encoding |>

View File

@ -53,7 +53,7 @@ val hash_and_sign :
Michelson_v1_parser.parsed -> Michelson_v1_parser.parsed ->
Client_keys.sk_locator -> Client_keys.sk_locator ->
Block_services.block -> Block_services.block ->
#Proto_alpha.rpc_context -> #Proto_alpha.full_context ->
(string * string) tzresult Lwt.t (string * string) tzresult Lwt.t
val typecheck_data : val typecheck_data :

View File

@ -13,16 +13,16 @@ let protocol =
Protocol_hash.of_b58check_exn Protocol_hash.of_b58check_exn
"ProtoGenesisGenesisGenesisGenesisGenesisGenesk612im" "ProtoGenesisGenesisGenesisGenesisGenesisGenesk612im"
let bake rpc_config ?(timestamp = Time.now ()) block command sk = let bake cctxt ?(timestamp = Time.now ()) block command sk =
let block = Block_services.last_baked_block block in let block = Block_services.last_baked_block block in
let proto_header = Data_encoding.Binary.to_bytes Data.Command.encoding command in let proto_header = Data_encoding.Binary.to_bytes Data.Command.encoding command in
Block_services.preapply Block_services.preapply
rpc_config block ~timestamp ~proto_header [] >>=? fun { shell_header } -> cctxt block ~timestamp ~proto_header [] >>=? fun { shell_header } ->
let blk = let blk =
Data_encoding.Binary.to_bytes Block_header.encoding Data_encoding.Binary.to_bytes Block_header.encoding
{ shell = shell_header ; proto = proto_header } in { shell = shell_header ; proto = proto_header } in
Client_keys.append sk blk >>=? fun signed_blk -> Client_keys.append cctxt sk blk >>=? fun signed_blk ->
Shell_services.inject_block rpc_config signed_blk [] Shell_services.inject_block cctxt signed_blk []
let int64_parameter = let int64_parameter =
(Cli_entries.parameter (fun _ p -> (Cli_entries.parameter (fun _ p ->

View File

@ -10,7 +10,7 @@
open Proto_genesis open Proto_genesis
val bake: val bake:
#RPC_context.simple -> #Client_context.full_context ->
?timestamp: Time.t -> ?timestamp: Time.t ->
Block_services.block -> Block_services.block ->
Data.Command.t -> Data.Command.t ->