lotus/tvx/drivers/key_manager.go

package drivers

import (
	"fmt"
	"math/rand"

	"github.com/minio/blake2b-simd"

	"github.com/filecoin-project/go-address"
	"github.com/filecoin-project/go-crypto"
	acrypto "github.com/filecoin-project/specs-actors/actors/crypto"

	"github.com/filecoin-project/lotus/chain/wallet"

	"github.com/filecoin-project/lotus/chain/types"
)

type KeyManager struct {
	// Private keys by address
	keys map[address.Address]*wallet.Key

	// Seed for deterministic secp key generation.
	secpSeed int64
	// Seed for deterministic bls key generation.
	blsSeed int64 // nolint: structcheck
}

func newKeyManager() *KeyManager {
	return &KeyManager{
		keys:     make(map[address.Address]*wallet.Key),
		secpSeed: 0,
	}
}

func (k *KeyManager) NewSECP256k1AccountAddress() address.Address {
	secpKey := k.newSecp256k1Key()
	k.keys[secpKey.Address] = secpKey
	return secpKey.Address
}

func (k *KeyManager) NewBLSAccountAddress() address.Address {
	blsKey := k.newBLSKey()
	k.keys[blsKey.Address] = blsKey
	return blsKey.Address
}

func (k *KeyManager) Sign(addr address.Address, data []byte) (acrypto.Signature, error) {
	ki, ok := k.keys[addr]
	if !ok {
		return acrypto.Signature{}, fmt.Errorf("unknown address %v", addr)
	}
	var sigType acrypto.SigType
	if ki.Type == wallet.KTSecp256k1 {
		sigType = acrypto.SigTypeBLS
		hashed := blake2b.Sum256(data)
		sig, err := crypto.Sign(ki.PrivateKey, hashed[:])
		if err != nil {
			return acrypto.Signature{}, err
		}

		return acrypto.Signature{
			Type: sigType,
			Data: sig,
		}, nil
	} else if ki.Type == wallet.KTBLS {
		panic("lotus validator cannot sign BLS messages")
	} else {
		panic("unknown signature type")
	}

}

func (k *KeyManager) newSecp256k1Key() *wallet.Key {
	randSrc := rand.New(rand.NewSource(k.secpSeed))
	prv, err := crypto.GenerateKeyFromSeed(randSrc)
	if err != nil {
		panic(err)
	}
	k.secpSeed++
	key, err := wallet.NewKey(types.KeyInfo{
		Type:       wallet.KTSecp256k1,
		PrivateKey: prv,
	})
	if err != nil {
		panic(err)
	}
	return key
}

func (k *KeyManager) newBLSKey() *wallet.Key {
	// FIXME: bls needs deterministic key generation
	//sk := ffi.PrivateKeyGenerate(s.blsSeed)
	// s.blsSeed++
	sk := [32]byte{}
	sk[0] = uint8(k.blsSeed) // hack to keep gas values determinist
	k.blsSeed++
	key, err := wallet.NewKey(types.KeyInfo{
		Type:       wallet.KTBLS,
		PrivateKey: sk[:],
	})
	if err != nil {
		panic(err)
	}
	return key
}
generate test-vectors based on tests from chain-validation project (#181) * Read a subset of filecoin state over the full node API * wip * import export wip * extract actors from message * generate car for any state * library for providing a pruned statetree * test vector schema draft + example 'message' class test vector. * message => messages test vector class. * fixup * wip * use lb.NewBlockstore with ID * fixup lotus-soup, and generate * fix deals * magic params * work on schema / export of test vector * fixup * wip deserialise state tree * pass at building a test case from a message * progress loading / serializing * recreation of ipld nodes * generation of vector creates json * kick off tvx tool. * wip * wip * retain init actor state. * initial test with printed out state * remove testing.T, but keep require and assert libraries * wip refactor state tree plucking. * simplified * removed factories * remove builder.Build ; remove interface - use concrete iface * comment out validateState * remove Validator * remove TestDriverBuilder * remove client * remove box * remove gen * remove factories * remove KeyManager interfafce * moved stuff around * remove ValidationConfig * extract randomness * extract config and key_manager * extract statewrapper * extract applier * rename factories to various * flatten chain-validation package * initial marshal of test vector * do not require schema package * fixup * run all messages tests * better names * run all messages tests * remove Indent setting from JSON encoder for now * refactor, and actually running successfully ;-) * remove irrelevant files; rename extract-msg command. * remove root CID from state_tree object in schema. * add tvx/lotus package; adjust .gitignore. * tidy up command flag management. * add comment. * remove validateState and trackState * remove xerrors * remove NewVM * remove commented out RootCID sets * enable more tests * add all `message_application` tests * delete all.json * update Message struct * fix message serialization * support multiple messages * gofmt * remove custom Message and SignedMessage types * update tests with gzip and adhere to new schema for compressed CAR * improved iface for Marshal * update Validation * remove test-suites and utils * better names for chain. methods * go mod tidy * remove top-level dummyT Co-authored-by: Will Scott <will@cypherpunk.email> Co-authored-by: Raúl Kripalani <raul@protocol.ai> 2020-08-05 17:40:09 +00:00			`package drivers`

			`import (`
			`"fmt"`
			`"math/rand"`

			`"github.com/minio/blake2b-simd"`

			`"github.com/filecoin-project/go-address"`
			`"github.com/filecoin-project/go-crypto"`
			`acrypto "github.com/filecoin-project/specs-actors/actors/crypto"`

			`"github.com/filecoin-project/lotus/chain/wallet"`

			`"github.com/filecoin-project/lotus/chain/types"`
			`)`

			`type KeyManager struct {`
			`// Private keys by address`
			`keys map[address.Address]*wallet.Key`

			`// Seed for deterministic secp key generation.`
			`secpSeed int64`
			`// Seed for deterministic bls key generation.`
			`blsSeed int64 // nolint: structcheck`
			`}`

			`func newKeyManager() *KeyManager {`
			`return &KeyManager{`
			`keys: make(map[address.Address]*wallet.Key),`
			`secpSeed: 0,`
			`}`
			`}`

			`func (k *KeyManager) NewSECP256k1AccountAddress() address.Address {`
			`secpKey := k.newSecp256k1Key()`
			`k.keys[secpKey.Address] = secpKey`
			`return secpKey.Address`
			`}`

			`func (k *KeyManager) NewBLSAccountAddress() address.Address {`
			`blsKey := k.newBLSKey()`
			`k.keys[blsKey.Address] = blsKey`
			`return blsKey.Address`
			`}`

			`func (k *KeyManager) Sign(addr address.Address, data []byte) (acrypto.Signature, error) {`
			`ki, ok := k.keys[addr]`
			`if !ok {`
			`return acrypto.Signature{}, fmt.Errorf("unknown address %v", addr)`
			`}`
			`var sigType acrypto.SigType`
			`if ki.Type == wallet.KTSecp256k1 {`
			`sigType = acrypto.SigTypeBLS`
			`hashed := blake2b.Sum256(data)`
			`sig, err := crypto.Sign(ki.PrivateKey, hashed[:])`
			`if err != nil {`
			`return acrypto.Signature{}, err`
			`}`

			`return acrypto.Signature{`
			`Type: sigType,`
			`Data: sig,`
			`}, nil`
			`} else if ki.Type == wallet.KTBLS {`
			`panic("lotus validator cannot sign BLS messages")`
			`} else {`
			`panic("unknown signature type")`
			`}`

			`}`

			`func (k KeyManager) newSecp256k1Key() wallet.Key {`
			`randSrc := rand.New(rand.NewSource(k.secpSeed))`
			`prv, err := crypto.GenerateKeyFromSeed(randSrc)`
			`if err != nil {`
			`panic(err)`
			`}`
			`k.secpSeed++`
			`key, err := wallet.NewKey(types.KeyInfo{`
			`Type: wallet.KTSecp256k1,`
			`PrivateKey: prv,`
			`})`
			`if err != nil {`
			`panic(err)`
			`}`
			`return key`
			`}`

			`func (k KeyManager) newBLSKey() wallet.Key {`
			`// FIXME: bls needs deterministic key generation`
			`//sk := ffi.PrivateKeyGenerate(s.blsSeed)`
			`// s.blsSeed++`
			`sk := [32]byte{}`
			`sk[0] = uint8(k.blsSeed) // hack to keep gas values determinist`
			`k.blsSeed++`
			`key, err := wallet.NewKey(types.KeyInfo{`
			`Type: wallet.KTBLS,`
			`PrivateKey: sk[:],`
			`})`
			`if err != nil {`
			`panic(err)`
			`}`
			`return key`
			`}`