opensource/kubo
1
0
Fork 0
mirror of https://github.com/ipfs/kubo.git synced 2025-08-24 10:32:01 +08:00
Code Issues Projects Releases Wiki Activity
Files
kubo/core/coreapi/key.go

345 lines
7.4 KiB
Go
Raw Permalink Blame History

package coreapi
import (
"context"
"crypto/rand"
"errors"
"fmt"
"sort"
"github.com/ipfs/boxo/ipns"
"github.com/ipfs/boxo/path"
coreiface "github.com/ipfs/kubo/core/coreiface"
caopts "github.com/ipfs/kubo/core/coreiface/options"
"github.com/ipfs/kubo/tracing"
crypto "github.com/libp2p/go-libp2p/core/crypto"
peer "github.com/libp2p/go-libp2p/core/peer"
"go.opentelemetry.io/otel/attribute"
"go.opentelemetry.io/otel/trace"
)
type KeyAPI CoreAPI
type key struct {
name string
peerID peer.ID
path path.Path
}
func newKey(name string, pid peer.ID) (*key, error) {
p, err := path.NewPath("/ipns/" + ipns.NameFromPeer(pid).String())
if err != nil {
return nil, err
}
return &key{
name: name,
peerID: pid,
path: p,
}, nil
}
// Name returns the key name
func (k *key) Name() string {
return k.name
}
// Path returns the path of the key.
func (k *key) Path() path.Path {
return k.path
}
// ID returns key PeerID
func (k *key) ID() peer.ID {
return k.peerID
}
// Generate generates new key, stores it in the keystore under the specified
// name and returns a base58 encoded multihash of its public key.
func (api *KeyAPI) Generate(ctx context.Context, name string, opts ...caopts.KeyGenerateOption) (coreiface.Key, error) {
_, span := tracing.Span(ctx, "CoreAPI.KeyAPI", "Generate", trace.WithAttributes(attribute.String("name", name)))
defer span.End()
options, err := caopts.KeyGenerateOptions(opts...)
if err != nil {
return nil, err
}
if name == "self" {
return nil, errors.New("cannot create key with name 'self'")
}
_, err = api.repo.Keystore().Get(name)
if err == nil {
return nil, fmt.Errorf("key with name '%s' already exists", name)
}
var sk crypto.PrivKey
var pk crypto.PubKey
switch options.Algorithm {
case "rsa":
if options.Size == -1 {
options.Size = caopts.DefaultRSALen
}
priv, pub, err := crypto.GenerateKeyPairWithReader(crypto.RSA, options.Size, rand.Reader)
if err != nil {
return nil, err
}
sk = priv
pk = pub
case "ed25519":
priv, pub, err := crypto.GenerateEd25519Key(rand.Reader)
if err != nil {
return nil, err
}
sk = priv
pk = pub
default:
return nil, fmt.Errorf("unrecognized key type: %s", options.Algorithm)
}
err = api.repo.Keystore().Put(name, sk)
if err != nil {
return nil, err
}
pid, err := peer.IDFromPublicKey(pk)
if err != nil {
return nil, err
}
return newKey(name, pid)
}
// List returns a list keys stored in keystore.
func (api *KeyAPI) List(ctx context.Context) ([]coreiface.Key, error) {
_, span := tracing.Span(ctx, "CoreAPI.KeyAPI", "List")
defer span.End()
keys, err := api.repo.Keystore().List()
if err != nil {
return nil, err
}
sort.Strings(keys)
out := make([]coreiface.Key, len(keys)+1)
out[0], err = newKey("self", api.identity)
if err != nil {
return nil, err
}
for n, k := range keys {
privKey, err := api.repo.Keystore().Get(k)
if err != nil {
return nil, err
}
pubKey := privKey.GetPublic()
pid, err := peer.IDFromPublicKey(pubKey)
if err != nil {
return nil, err
}
out[n+1], err = newKey(k, pid)
if err != nil {
return nil, err
}
}
return out, nil
}
// Rename renames `oldName` to `newName`. Returns the key and whether another
// key was overwritten, or an error.
func (api *KeyAPI) Rename(ctx context.Context, oldName string, newName string, opts ...caopts.KeyRenameOption) (coreiface.Key, bool, error) {
_, span := tracing.Span(ctx, "CoreAPI.KeyAPI", "Rename", trace.WithAttributes(attribute.String("oldname", oldName), attribute.String("newname", newName)))
defer span.End()
options, err := caopts.KeyRenameOptions(opts...)
if err != nil {
return nil, false, err
}
span.SetAttributes(attribute.Bool("force", options.Force))
ks := api.repo.Keystore()
if oldName == "self" {
return nil, false, errors.New("cannot rename key with name 'self'")
}
if newName == "self" {
return nil, false, errors.New("cannot overwrite key with name 'self'")
}
oldKey, err := ks.Get(oldName)
if err != nil {
return nil, false, fmt.Errorf("no key named %s was found", oldName)
}
pubKey := oldKey.GetPublic()
pid, err := peer.IDFromPublicKey(pubKey)
if err != nil {
return nil, false, err
}
// This is important, because future code will delete key `oldName`
// even if it is the same as newName.
if newName == oldName {
k, err := newKey(oldName, pid)
return k, false, err
}
overwrite := false
if options.Force {
exist, err := ks.Has(newName)
if err != nil {
return nil, false, err
}
if exist {
overwrite = true
err := ks.Delete(newName)
if err != nil {
return nil, false, err
}
}
}
err = ks.Put(newName, oldKey)
if err != nil {
return nil, false, err
}
err = ks.Delete(oldName)
if err != nil {
return nil, false, err
}
k, err := newKey(newName, pid)
return k, overwrite, err
}
// Remove removes keys from keystore. Returns ipns path of the removed key.
func (api *KeyAPI) Remove(ctx context.Context, name string) (coreiface.Key, error) {
_, span := tracing.Span(ctx, "CoreAPI.KeyAPI", "Remove", trace.WithAttributes(attribute.String("name", name)))
defer span.End()
ks := api.repo.Keystore()
if name == "self" {
return nil, errors.New("cannot remove key with name 'self'")
}
removed, err := ks.Get(name)
if err != nil {
return nil, fmt.Errorf("no key named %s was found", name)
}
pubKey := removed.GetPublic()
pid, err := peer.IDFromPublicKey(pubKey)
if err != nil {
return nil, err
}
err = ks.Delete(name)
if err != nil {
return nil, err
}
return newKey("", pid)
}
func (api *KeyAPI) Self(ctx context.Context) (coreiface.Key, error) {
if api.identity == "" {
return nil, errors.New("identity not loaded")
}
return newKey("self", api.identity)
}
const signedMessagePrefix = "libp2p-key signed message:"
func (api *KeyAPI) Sign(ctx context.Context, name string, data []byte) (coreiface.Key, []byte, error) {
var (
sk crypto.PrivKey
err error
)
if name == "" || name == "self" {
name = "self"
sk = api.privateKey
} else {
sk, err = api.repo.Keystore().Get(name)
}
if err != nil {
return nil, nil, err
}
pid, err := peer.IDFromPrivateKey(sk)
if err != nil {
return nil, nil, err
}
key, err := newKey(name, pid)
if err != nil {
return nil, nil, err
}
data = append([]byte(signedMessagePrefix), data...)
sig, err := sk.Sign(data)
if err != nil {
return nil, nil, err
}
return key, sig, nil
}
func (api *KeyAPI) Verify(ctx context.Context, keyOrName string, signature, data []byte) (coreiface.Key, bool, error) {
var (
name string
pk crypto.PubKey
err error
)
if keyOrName == "" || keyOrName == "self" {
name = "self"
pk = api.privateKey.GetPublic()
} else if sk, err := api.repo.Keystore().Get(keyOrName); err == nil {
name = keyOrName
pk = sk.GetPublic()
} else if ipnsName, err := ipns.NameFromString(keyOrName); err == nil {
// This works for both IPNS names and Peer IDs.
name = ""
pk, err = ipnsName.Peer().ExtractPublicKey()
if err != nil {
return nil, false, err
}
} else {
return nil, false, fmt.Errorf("'%q' is not a known key, an IPNS Name, or a valid PeerID", keyOrName)
}
pid, err := peer.IDFromPublicKey(pk)
if err != nil {
return nil, false, err
}
key, err := newKey(name, pid)
if err != nil {
return nil, false, err
}
data = append([]byte(signedMessagePrefix), data...)
valid, err := pk.Verify(data, signature)
if err != nil {
return nil, false, err
}
return key, valid, nil
}
Reference in New Issue View Git Blame Copy Permalink