From 8097f56e0da429af676abd3447e46f2a0c2b4c8c Mon Sep 17 00:00:00 2001 From: kevinssgh Date: Fri, 12 Jan 2024 14:31:17 -0500 Subject: [PATCH 1/5] added password to storage module, saved keygen state in memory to avoid excessive reads. --- storage/localstate_mgr.go | 24 +++++++++++++++--------- storage/localstate_mgr_test.go | 8 ++++---- tss/tss.go | 3 ++- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/storage/localstate_mgr.go b/storage/localstate_mgr.go index 2d045f1..4d73847 100644 --- a/storage/localstate_mgr.go +++ b/storage/localstate_mgr.go @@ -48,11 +48,12 @@ type FileStateMgr struct { folder string writeLock *sync.RWMutex encryptMode bool - key []byte + passkey []byte + keyGen *KeygenLocalState } // NewFileStateMgr create a new instance of the FileStateMgr which implements LocalStateManager -func NewFileStateMgr(folder string) (*FileStateMgr, error) { +func NewFileStateMgr(folder string, password string) (*FileStateMgr, error) { if len(folder) > 0 { _, err := os.Stat(folder) if err != nil && os.IsNotExist(err) { @@ -62,7 +63,7 @@ func NewFileStateMgr(folder string) (*FileStateMgr, error) { } } encryptMode := true - key, err := getFragmentSeed() + key, err := getFragmentSeed(password) if err != nil { encryptMode = false } @@ -70,7 +71,8 @@ func NewFileStateMgr(folder string) (*FileStateMgr, error) { folder: folder, writeLock: &sync.RWMutex{}, encryptMode: encryptMode, - key: key, + passkey: key, + keyGen: nil, }, nil } @@ -109,6 +111,9 @@ func (fsm *FileStateMgr) SaveLocalState(state KeygenLocalState) error { // GetLocalState read the local state from file system func (fsm *FileStateMgr) GetLocalState(pubKey string) (KeygenLocalState, error) { + if fsm.keyGen != nil { + return *fsm.keyGen, nil + } if len(pubKey) == 0 { return KeygenLocalState{}, errors.New("pub key is empty") } @@ -133,6 +138,7 @@ func (fsm *FileStateMgr) GetLocalState(pubKey string) (KeygenLocalState, error) if err := json.Unmarshal(pt, &localState); nil != err { return KeygenLocalState{}, fmt.Errorf("fail to unmarshal KeygenLocalState:%x %w", pt, err) } + fsm.keyGen = &localState return localState, nil } @@ -199,7 +205,7 @@ func (fsm *FileStateMgr) encryptFragment(plainText []byte) ([]byte, error) { if !fsm.encryptMode { return plainText, nil } - block, err := aes.NewCipher(fsm.key) + block, err := aes.NewCipher(fsm.passkey) if err != nil { return nil, err } @@ -221,7 +227,7 @@ func (fsm *FileStateMgr) decryptFragment(buf []byte) ([]byte, error) { if !fsm.encryptMode { return buf, nil } - block, err := aes.NewCipher(fsm.key) + block, err := aes.NewCipher(fsm.passkey) if err != nil { return nil, err } @@ -240,10 +246,10 @@ func (fsm *FileStateMgr) decryptFragment(buf []byte) ([]byte, error) { return plainText, nil } -func getFragmentSeed() ([]byte, error) { - seedStr := os.Getenv(keyFragmentSeed) +func getFragmentSeed(password string) ([]byte, error) { + seedStr := os.Getenv(password) if seedStr == "" { - return nil, errors.New("empty fragment seed, please populate env variable: " + keyFragmentSeed) + return nil, errors.New("empty fragment seed, please check password: " + password) } h := sha256.New() h.Write([]byte(seedStr)) diff --git a/storage/localstate_mgr_test.go b/storage/localstate_mgr_test.go index 567cef6..27b8199 100644 --- a/storage/localstate_mgr_test.go +++ b/storage/localstate_mgr_test.go @@ -34,7 +34,7 @@ func (s *FileStateMgrTestSuite) TestNewFileStateMgr(c *C) { err := os.RemoveAll(f) c.Assert(err, IsNil) }() - fsm, err := NewFileStateMgr(f) + fsm, err := NewFileStateMgr(f, "password") c.Assert(err, IsNil) c.Assert(fsm, NotNil) _, err = os.Stat(f) @@ -61,7 +61,7 @@ func (s *FileStateMgrTestSuite) TestSaveLocalState(c *C) { err := os.RemoveAll(f) c.Assert(err, IsNil) }() - fsm, err := NewFileStateMgr(f) + fsm, err := NewFileStateMgr(f, "password") c.Assert(err, IsNil) c.Assert(fsm, NotNil) c.Assert(fsm.SaveLocalState(stateItem), NotNil) @@ -93,7 +93,7 @@ func (s *FileStateMgrTestSuite) TestSaveAddressBook(c *C) { err := os.RemoveAll(f) c.Assert(err, IsNil) }() - fsm, err := NewFileStateMgr(f) + fsm, err := NewFileStateMgr(f, "password") c.Assert(err, IsNil) c.Assert(fsm, NotNil) c.Assert(fsm.SaveAddressBook(testAddresses), IsNil) @@ -112,7 +112,7 @@ func (s *FileStateMgrTestSuite) TestEncryption(c *C) { err := os.RemoveAll(f) c.Assert(err, IsNil) }() - fsm, err := NewFileStateMgr(f) + fsm, err := NewFileStateMgr(f, "password") c.Assert(err, IsNil) c.Assert(fsm, NotNil) diff --git a/tss/tss.go b/tss/tss.go index 9ab15b8..aabfeb2 100644 --- a/tss/tss.go +++ b/tss/tss.go @@ -51,6 +51,7 @@ func NewTss( conf common.TssConfig, preParams *bkeygen.LocalPreParams, externalIP string, + tssPassword string, ) (*TssServer, error) { pk := coskey.PubKey{ Key: priKey.PubKey().Bytes()[:], @@ -61,7 +62,7 @@ func NewTss( return nil, fmt.Errorf("fail to genearte the key: %w", err) } - stateManager, err := storage.NewFileStateMgr(baseFolder) + stateManager, err := storage.NewFileStateMgr(baseFolder, tssPassword) if err != nil { return nil, fmt.Errorf("fail to create file state manager") } From a5b80e5da933e9e96de4fc093dcfa22907a74464 Mon Sep 17 00:00:00 2001 From: kevinssgh Date: Mon, 15 Jan 2024 15:34:00 -0500 Subject: [PATCH 2/5] fix hash of password --- storage/localstate_mgr.go | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/storage/localstate_mgr.go b/storage/localstate_mgr.go index 4d73847..de646c5 100644 --- a/storage/localstate_mgr.go +++ b/storage/localstate_mgr.go @@ -247,12 +247,11 @@ func (fsm *FileStateMgr) decryptFragment(buf []byte) ([]byte, error) { } func getFragmentSeed(password string) ([]byte, error) { - seedStr := os.Getenv(password) - if seedStr == "" { + if password == "" { return nil, errors.New("empty fragment seed, please check password: " + password) } h := sha256.New() - h.Write([]byte(seedStr)) + h.Write([]byte(password)) seed := h.Sum(nil) return seed, nil } From 9cf01f70b69dd7eedc9eed9a0c57ffb30a459b25 Mon Sep 17 00:00:00 2001 From: kevinssgh Date: Thu, 8 Feb 2024 12:58:37 -0500 Subject: [PATCH 3/5] make backward compatible with env variable --- storage/localstate_mgr.go | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/storage/localstate_mgr.go b/storage/localstate_mgr.go index de646c5..e2b4d62 100644 --- a/storage/localstate_mgr.go +++ b/storage/localstate_mgr.go @@ -247,11 +247,17 @@ func (fsm *FileStateMgr) decryptFragment(buf []byte) ([]byte, error) { } func getFragmentSeed(password string) ([]byte, error) { - if password == "" { - return nil, errors.New("empty fragment seed, please check password: " + password) + seedStr := os.Getenv(keyFragmentSeed) + if seedStr == "" { + if password == "" { + return nil, errors.New("empty fragment seed, please check password: " + password) + } + fmt.Println("using provided password !!!") + seedStr = password } + h := sha256.New() - h.Write([]byte(password)) + h.Write([]byte(seedStr)) seed := h.Sum(nil) return seed, nil } From 866e4a3bb5c206c1a9d6128cac8fd3f3281c0dee Mon Sep 17 00:00:00 2001 From: kevinssgh Date: Thu, 8 Feb 2024 15:48:15 -0500 Subject: [PATCH 4/5] add logging --- storage/localstate_mgr.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/storage/localstate_mgr.go b/storage/localstate_mgr.go index e2b4d62..afbd342 100644 --- a/storage/localstate_mgr.go +++ b/storage/localstate_mgr.go @@ -252,7 +252,7 @@ func getFragmentSeed(password string) ([]byte, error) { if password == "" { return nil, errors.New("empty fragment seed, please check password: " + password) } - fmt.Println("using provided password !!!") + fmt.Println("using provided password !!!", password, len(password)) seedStr = password } From 1c75fbcfba300c01b1c2389340ed700a4a300538 Mon Sep 17 00:00:00 2001 From: kevinssgh Date: Thu, 8 Feb 2024 16:49:41 -0500 Subject: [PATCH 5/5] cleanup logging --- storage/localstate_mgr.go | 1 - 1 file changed, 1 deletion(-) diff --git a/storage/localstate_mgr.go b/storage/localstate_mgr.go index afbd342..9c077c5 100644 --- a/storage/localstate_mgr.go +++ b/storage/localstate_mgr.go @@ -252,7 +252,6 @@ func getFragmentSeed(password string) ([]byte, error) { if password == "" { return nil, errors.New("empty fragment seed, please check password: " + password) } - fmt.Println("using provided password !!!", password, len(password)) seedStr = password }