diff --git a/commonspace/object/accountdata/accountdata.go b/commonspace/object/accountdata/accountdata.go index 279a6cbd..5cbd8ab3 100644 --- a/commonspace/object/accountdata/accountdata.go +++ b/commonspace/object/accountdata/accountdata.go @@ -6,16 +6,18 @@ import ( ) type AccountKeys struct { - PeerKey crypto.PrivKey - SignKey crypto.PrivKey - PeerId string + PeerKey crypto.PrivKey + SignKey crypto.PrivKey + MasterKey crypto.PrivKey + PeerId string } -func New(peerKey crypto.PrivKey, signKey crypto.PrivKey) *AccountKeys { +func New(peerKey, signKey, masterKey crypto.PrivKey) *AccountKeys { return &AccountKeys{ - PeerKey: peerKey, - SignKey: signKey, - PeerId: peerKey.GetPublic().PeerId(), + PeerKey: peerKey, + SignKey: signKey, + MasterKey: masterKey, + PeerId: peerKey.GetPublic().PeerId(), } } @@ -28,9 +30,14 @@ func NewRandom() (*AccountKeys, error) { if err != nil { return nil, err } + masterKey, _, err := crypto.GenerateEd25519Key(rand.Reader) + if err != nil { + return nil, err + } return &AccountKeys{ - PeerKey: peerKey, - SignKey: signKey, - PeerId: peerKey.GetPublic().PeerId(), + PeerKey: peerKey, + SignKey: signKey, + MasterKey: masterKey, + PeerId: peerKey.GetPublic().PeerId(), }, nil } diff --git a/commonspace/object/acl/aclrecordproto/aclrecord.pb.go b/commonspace/object/acl/aclrecordproto/aclrecord.pb.go index c00b712f..6842e829 100644 --- a/commonspace/object/acl/aclrecordproto/aclrecord.pb.go +++ b/commonspace/object/acl/aclrecordproto/aclrecord.pb.go @@ -247,11 +247,12 @@ func (m *AclRecord) GetTimestamp() int64 { } type AclRoot struct { - Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` - SpaceId string `protobuf:"bytes,2,opt,name=spaceId,proto3" json:"spaceId,omitempty"` - EncryptedReadKey []byte `protobuf:"bytes,3,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"` - DerivationParams []byte `protobuf:"bytes,4,opt,name=derivationParams,proto3" json:"derivationParams,omitempty"` - Timestamp int64 `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + Identity []byte `protobuf:"bytes,1,opt,name=identity,proto3" json:"identity,omitempty"` + MasterKey []byte `protobuf:"bytes,2,opt,name=masterKey,proto3" json:"masterKey,omitempty"` + SpaceId string `protobuf:"bytes,3,opt,name=spaceId,proto3" json:"spaceId,omitempty"` + EncryptedReadKey []byte `protobuf:"bytes,4,opt,name=encryptedReadKey,proto3" json:"encryptedReadKey,omitempty"` + Timestamp int64 `protobuf:"varint,5,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + IdentitySignature []byte `protobuf:"bytes,6,opt,name=identitySignature,proto3" json:"identitySignature,omitempty"` } func (m *AclRoot) Reset() { *m = AclRoot{} } @@ -294,6 +295,13 @@ func (m *AclRoot) GetIdentity() []byte { return nil } +func (m *AclRoot) GetMasterKey() []byte { + if m != nil { + return m.MasterKey + } + return nil +} + func (m *AclRoot) GetSpaceId() string { if m != nil { return m.SpaceId @@ -308,13 +316,6 @@ func (m *AclRoot) GetEncryptedReadKey() []byte { return nil } -func (m *AclRoot) GetDerivationParams() []byte { - if m != nil { - return m.DerivationParams - } - return nil -} - func (m *AclRoot) GetTimestamp() int64 { if m != nil { return m.Timestamp @@ -322,6 +323,13 @@ func (m *AclRoot) GetTimestamp() int64 { return 0 } +func (m *AclRoot) GetIdentitySignature() []byte { + if m != nil { + return m.IdentitySignature + } + return nil +} + type AclContentValue struct { // Types that are valid to be assigned to Value: // @@ -1136,64 +1144,65 @@ func init() { } var fileDescriptor_c8e9f754f34e929b = []byte{ - // 907 bytes of a gzipped FileDescriptorProto + // 914 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xbc, 0x56, 0x4f, 0x6f, 0x1b, 0x45, - 0x14, 0xf7, 0xd8, 0x49, 0x1c, 0x3f, 0x9b, 0xc4, 0x19, 0xa0, 0x5d, 0x45, 0xc5, 0x8a, 0x56, 0x42, - 0x8a, 0xaa, 0x2a, 0x11, 0x06, 0x29, 0x55, 0x84, 0xa8, 0xdc, 0x52, 0x64, 0xb7, 0x42, 0x8a, 0x26, - 0x40, 0x51, 0x39, 0x4d, 0x66, 0x47, 0xe9, 0xd0, 0xf5, 0xee, 0x6a, 0x66, 0x6c, 0xe4, 0x4f, 0x01, - 0x37, 0xae, 0x5c, 0x90, 0xf8, 0x02, 0x7c, 0x07, 0x8e, 0xb9, 0x20, 0x71, 0x44, 0xc9, 0x67, 0xe0, - 0x8e, 0x66, 0xc6, 0xfb, 0xdf, 0x31, 0x70, 0xa0, 0x87, 0xc4, 0x3b, 0xef, 0xfd, 0xe6, 0xcd, 0xef, - 0xfd, 0xe6, 0xbd, 0xb7, 0x0b, 0x1f, 0xb3, 0x78, 0x3a, 0x8d, 0x23, 0x95, 0x50, 0xc6, 0x8f, 0xe3, - 0x8b, 0x6f, 0x39, 0xd3, 0xc7, 0x94, 0x85, 0xe6, 0x4f, 0x72, 0x16, 0xcb, 0x20, 0x91, 0xb1, 0x8e, - 0x8f, 0xed, 0x7f, 0x95, 0x5b, 0x8f, 0xac, 0x01, 0x77, 0x32, 0x83, 0xff, 0x13, 0x82, 0x1e, 0xa1, - 0xdf, 0x8d, 0x58, 0x48, 0xac, 0x01, 0x7b, 0xd0, 0x4e, 0xe8, 0x22, 0x8c, 0x69, 0xe0, 0xa1, 0x03, - 0x74, 0xd8, 0x23, 0xe9, 0x12, 0xdf, 0x83, 0x8e, 0x12, 0x97, 0x11, 0xd5, 0x33, 0xc9, 0xbd, 0xa6, - 0xf5, 0xe5, 0x06, 0x7c, 0x1f, 0xfa, 0x94, 0x31, 0x9e, 0xe8, 0x58, 0x4e, 0x02, 0x1e, 0x69, 0xa1, - 0x17, 0x5e, 0xcb, 0x82, 0x6a, 0x76, 0xfc, 0x00, 0xf6, 0x52, 0xdb, 0x79, 0x16, 0x71, 0xc3, 0x82, - 0xeb, 0x0e, 0xff, 0x13, 0xc0, 0x45, 0x86, 0x2f, 0x84, 0x7e, 0x35, 0x59, 0xc7, 0x73, 0x07, 0x9a, - 0x22, 0xb0, 0x04, 0x3b, 0xa4, 0x29, 0x02, 0xff, 0x7b, 0x04, 0x9d, 0x3c, 0xbf, 0x3b, 0xb0, 0x95, - 0x48, 0x3e, 0x9f, 0xb8, 0x6d, 0x1d, 0xb2, 0x5c, 0xe1, 0x7d, 0xd8, 0x16, 0x29, 0x6f, 0x97, 0x5c, - 0xb6, 0xc6, 0x18, 0x36, 0x02, 0xaa, 0xe9, 0x32, 0x1f, 0xfb, 0x6c, 0xd4, 0x90, 0x9c, 0x06, 0xcf, - 0xf9, 0x62, 0x12, 0x58, 0xee, 0x1d, 0x92, 0x1b, 0x8c, 0x57, 0x8b, 0x29, 0x57, 0x9a, 0x4e, 0x13, - 0x6f, 0xf3, 0x00, 0x1d, 0xb6, 0x48, 0x6e, 0xf0, 0x7f, 0x45, 0xd0, 0x36, 0x8c, 0xe2, 0x58, 0x97, - 0xce, 0x45, 0x95, 0x73, 0x3d, 0x68, 0xdb, 0x1b, 0x9e, 0xa4, 0xe9, 0xa4, 0x4b, 0xa3, 0x36, 0x8f, - 0x98, 0x5c, 0x24, 0x9a, 0x07, 0xc4, 0x9d, 0x9a, 0xaa, 0x5d, 0xb5, 0x1b, 0x6c, 0xc0, 0xa5, 0x98, - 0x53, 0x2d, 0xe2, 0xe8, 0x8c, 0x4a, 0x3a, 0x55, 0x4b, 0xb1, 0x6b, 0xf6, 0x7f, 0xe0, 0xfd, 0x7b, - 0x13, 0x76, 0x47, 0x2c, 0x7c, 0x12, 0x47, 0x9a, 0x47, 0xfa, 0x2b, 0x1a, 0xce, 0x38, 0xfe, 0x00, - 0xda, 0x33, 0xc5, 0xe5, 0x28, 0x70, 0x82, 0x76, 0x87, 0xef, 0x1e, 0xe5, 0xe5, 0x36, 0x62, 0xe1, - 0x97, 0xce, 0x39, 0x6e, 0x90, 0x14, 0x87, 0x4f, 0x01, 0xcc, 0x23, 0xe1, 0xd3, 0x78, 0xee, 0x2a, - 0xa9, 0x3b, 0xf4, 0xea, 0xbb, 0x9c, 0x7f, 0xdc, 0x20, 0x05, 0x34, 0xfe, 0x1a, 0xde, 0x31, 0xab, - 0x33, 0x2e, 0xa7, 0x42, 0x29, 0x11, 0x47, 0x4f, 0x5e, 0xd1, 0xe8, 0x92, 0xdb, 0xe4, 0xbb, 0x43, - 0xbf, 0x1e, 0xa5, 0x8a, 0x1c, 0x37, 0xc8, 0xca, 0x08, 0x29, 0xab, 0x49, 0x34, 0x17, 0xda, 0x55, - 0xe3, 0x4a, 0x56, 0xce, 0x9f, 0xb2, 0x72, 0x2b, 0xfc, 0x11, 0x6c, 0x9b, 0xd5, 0xb3, 0x58, 0x44, - 0x56, 0xb5, 0xee, 0xf0, 0x4e, 0x7d, 0xa7, 0xf1, 0x8e, 0x1b, 0x24, 0x43, 0x3e, 0x6e, 0xc3, 0xe6, - 0xdc, 0x68, 0xe8, 0x3f, 0xb5, 0xe5, 0xf0, 0xa9, 0x29, 0xab, 0x53, 0x00, 0x9a, 0x29, 0xec, 0xa1, - 0x83, 0xd6, 0x61, 0x77, 0xb8, 0x5f, 0x8e, 0x55, 0x94, 0x9f, 0x14, 0xd0, 0xfe, 0x5f, 0x08, 0xb6, - 0x47, 0x2c, 0x3c, 0xd7, 0x54, 0x73, 0x3c, 0x00, 0xc8, 0xca, 0x51, 0xd9, 0x40, 0x1d, 0x52, 0xb0, - 0xe0, 0x13, 0x97, 0xae, 0x05, 0x2b, 0xaf, 0x69, 0x0f, 0xba, 0x5b, 0x27, 0x6d, 0xfd, 0xa4, 0x00, - 0xc5, 0xa7, 0xd0, 0x16, 0x36, 0x6b, 0xe5, 0xb5, 0xec, 0xae, 0x83, 0xf2, 0x2e, 0x0b, 0x3b, 0x72, - 0xc2, 0xa8, 0xa7, 0x91, 0x96, 0x0b, 0x92, 0x6e, 0xd8, 0xff, 0x02, 0x7a, 0x45, 0x07, 0xee, 0x43, - 0xeb, 0x35, 0x5f, 0x2c, 0x3b, 0xd1, 0x3c, 0xe2, 0xa3, 0xa5, 0x26, 0xb7, 0x97, 0x85, 0x0b, 0x40, - 0x1c, 0xec, 0xb4, 0xf9, 0x10, 0xf9, 0xaf, 0xa1, 0x57, 0x64, 0xbb, 0xb6, 0xa5, 0x1e, 0x41, 0x37, - 0xc9, 0x6e, 0x5e, 0xd9, 0x53, 0x76, 0x86, 0xef, 0xad, 0x2b, 0x1b, 0x45, 0x8a, 0x3b, 0xfc, 0x1f, - 0x11, 0x40, 0x5e, 0xd6, 0x6b, 0xcf, 0x7a, 0x00, 0x7b, 0xd5, 0x66, 0x74, 0x4a, 0xf7, 0x48, 0xdd, - 0x51, 0x65, 0xd6, 0xfa, 0xcf, 0xcc, 0x7e, 0x41, 0xf0, 0x56, 0x49, 0x23, 0x7c, 0x08, 0xbb, 0x6e, - 0x9c, 0x9e, 0xcd, 0x2e, 0x42, 0xc1, 0x9e, 0xf3, 0x94, 0x63, 0xd5, 0xfc, 0xa6, 0xa9, 0xfe, 0x8c, - 0xa0, 0x5b, 0xe8, 0x8a, 0xb5, 0x2a, 0x66, 0x49, 0x9c, 0x57, 0x5e, 0x3e, 0x55, 0x33, 0xf6, 0xa1, - 0x97, 0xe5, 0x95, 0x0f, 0xc4, 0x92, 0x6d, 0x75, 0xa2, 0x1b, 0xb7, 0x24, 0xea, 0xab, 0x4c, 0xd1, - 0xe5, 0xf8, 0x59, 0x47, 0xf4, 0x33, 0xd8, 0x5d, 0xf6, 0x17, 0xe1, 0x49, 0x48, 0x59, 0xd6, 0x56, - 0xf7, 0xca, 0xca, 0x90, 0x12, 0x88, 0x54, 0x37, 0xf9, 0xdf, 0xc0, 0x5e, 0x0d, 0xb5, 0xf6, 0xe0, - 0x55, 0x2f, 0x83, 0xe6, 0xea, 0x97, 0x81, 0x3f, 0x87, 0xbb, 0xb7, 0x0c, 0xc6, 0xff, 0xb7, 0x6d, - 0x9e, 0xc1, 0x8e, 0x99, 0x0d, 0x8b, 0x88, 0x7d, 0xce, 0x95, 0xa2, 0x97, 0x1c, 0x3f, 0x84, 0x36, - 0xcb, 0xc6, 0x9c, 0xe9, 0xf5, 0x41, 0x65, 0x8e, 0x2c, 0x22, 0x56, 0x1a, 0x75, 0x29, 0xdc, 0x7f, - 0x09, 0x6f, 0xaf, 0xf0, 0xdb, 0xd1, 0x19, 0x04, 0xee, 0x35, 0xaf, 0x96, 0x31, 0x2b, 0xf3, 0x63, - 0x94, 0xf9, 0xcd, 0x00, 0xcf, 0xd1, 0xf9, 0x28, 0x1e, 0xdb, 0x1b, 0xcf, 0x71, 0xf8, 0x04, 0xda, - 0x32, 0x0b, 0x69, 0x6e, 0xb3, 0x98, 0x75, 0xfd, 0xbb, 0x84, 0xa4, 0xe8, 0xfb, 0x27, 0x80, 0xeb, - 0xa2, 0xe0, 0x0e, 0x6c, 0x8e, 0x82, 0xa9, 0x88, 0xfa, 0x0d, 0x0c, 0xb0, 0xf5, 0x42, 0x0a, 0xcd, - 0x65, 0x1f, 0x99, 0x67, 0x73, 0x43, 0x5c, 0xf6, 0x9b, 0x8f, 0x1f, 0xfd, 0x76, 0x3d, 0x40, 0x57, - 0xd7, 0x03, 0xf4, 0xe7, 0xf5, 0x00, 0xfd, 0x70, 0x33, 0x68, 0x5c, 0xdd, 0x0c, 0x1a, 0x7f, 0xdc, - 0x0c, 0x1a, 0x2f, 0xdf, 0xff, 0x57, 0x5f, 0x7d, 0x17, 0x5b, 0xf6, 0xe7, 0xc3, 0xbf, 0x03, 0x00, - 0x00, 0xff, 0xff, 0xd0, 0x3a, 0xc4, 0x88, 0x25, 0x0a, 0x00, 0x00, + 0x14, 0xf7, 0xd8, 0x49, 0x9c, 0x7d, 0x36, 0x89, 0x33, 0x40, 0xbb, 0x8a, 0x82, 0x15, 0xad, 0x84, + 0x14, 0x55, 0x55, 0x22, 0x0c, 0x52, 0xaa, 0x08, 0x51, 0xb9, 0xa5, 0xc8, 0x6e, 0x84, 0x54, 0x4d, + 0x80, 0xa2, 0x72, 0x9a, 0xcc, 0x8e, 0xd2, 0xa5, 0xeb, 0xdd, 0xd5, 0xcc, 0xd8, 0xc8, 0x9f, 0x02, + 0x6e, 0x5c, 0xb9, 0x20, 0xf1, 0x51, 0x38, 0xf6, 0x12, 0x89, 0x23, 0x4a, 0x3e, 0x03, 0x77, 0x34, + 0x33, 0xde, 0xff, 0xce, 0x0a, 0x0e, 0x70, 0x48, 0xbc, 0xf3, 0xde, 0x6f, 0x66, 0x7e, 0xef, 0xf7, + 0xfe, 0xec, 0xc2, 0xa7, 0x2c, 0x9e, 0xcd, 0xe2, 0x48, 0x26, 0x94, 0xf1, 0x93, 0xf8, 0xf2, 0x7b, + 0xce, 0xd4, 0x09, 0x65, 0xa1, 0xfe, 0x13, 0x9c, 0xc5, 0xc2, 0x4f, 0x44, 0xac, 0xe2, 0x13, 0xf3, + 0x5f, 0xe6, 0xd6, 0x63, 0x63, 0xc0, 0x4e, 0x66, 0xf0, 0x7e, 0x41, 0xd0, 0x27, 0xf4, 0x87, 0x31, + 0x0b, 0x89, 0x31, 0x60, 0x17, 0xba, 0x09, 0x5d, 0x86, 0x31, 0xf5, 0x5d, 0x74, 0x88, 0x8e, 0xfa, + 0x24, 0x5d, 0xe2, 0x03, 0x70, 0x64, 0x70, 0x15, 0x51, 0x35, 0x17, 0xdc, 0x6d, 0x1b, 0x5f, 0x6e, + 0xc0, 0x0f, 0x60, 0x40, 0x19, 0xe3, 0x89, 0x8a, 0xc5, 0xd4, 0xe7, 0x91, 0x0a, 0xd4, 0xd2, 0xed, + 0x18, 0x50, 0xcd, 0x8e, 0x1f, 0xc2, 0x5e, 0x6a, 0xbb, 0xc8, 0x4e, 0xdc, 0x30, 0xe0, 0xba, 0xc3, + 0xfb, 0x0c, 0x70, 0x91, 0xe1, 0xcb, 0x40, 0xbd, 0x9e, 0x36, 0xf1, 0xdc, 0x81, 0x76, 0xe0, 0x1b, + 0x82, 0x0e, 0x69, 0x07, 0xbe, 0xf7, 0x23, 0x02, 0x27, 0x8f, 0xef, 0x1e, 0x6c, 0x25, 0x82, 0x2f, + 0xa6, 0x76, 0x9b, 0x43, 0x56, 0x2b, 0xbc, 0x0f, 0xdb, 0x41, 0xca, 0xdb, 0x06, 0x97, 0xad, 0x31, + 0x86, 0x0d, 0x9f, 0x2a, 0xba, 0x8a, 0xc7, 0x3c, 0x6b, 0x35, 0x04, 0xa7, 0xfe, 0x39, 0x5f, 0x4e, + 0x7d, 0xc3, 0xdd, 0x21, 0xb9, 0x41, 0x7b, 0x55, 0x30, 0xe3, 0x52, 0xd1, 0x59, 0xe2, 0x6e, 0x1e, + 0xa2, 0xa3, 0x0e, 0xc9, 0x0d, 0xde, 0x35, 0x82, 0xae, 0x66, 0x14, 0xc7, 0xaa, 0x74, 0x2f, 0xaa, + 0xdc, 0x7b, 0x00, 0xce, 0x8c, 0x4a, 0xc5, 0xc5, 0x39, 0x4f, 0x49, 0xe5, 0x06, 0xad, 0x80, 0xc9, + 0xff, 0xd4, 0x37, 0xc4, 0x1c, 0x92, 0x2e, 0x75, 0x2e, 0x78, 0xc4, 0xc4, 0x32, 0x51, 0xdc, 0x27, + 0x96, 0xd3, 0x4a, 0xde, 0x9a, 0xbd, 0x99, 0xa9, 0xce, 0x54, 0xca, 0x26, 0xcf, 0xd4, 0x96, 0xcd, + 0x54, 0xcd, 0xe1, 0x5d, 0xb7, 0x61, 0x77, 0xcc, 0xc2, 0xa7, 0x71, 0xa4, 0x78, 0xa4, 0xbe, 0xa1, + 0xe1, 0x9c, 0xe3, 0x8f, 0xa0, 0x3b, 0x97, 0x5c, 0x8c, 0x7d, 0x2b, 0x78, 0x6f, 0xf4, 0xfe, 0x71, + 0x5e, 0x8e, 0x63, 0x16, 0x7e, 0x6d, 0x9d, 0x93, 0x16, 0x49, 0x71, 0xf8, 0x0c, 0x40, 0x3f, 0x12, + 0x3e, 0x8b, 0x17, 0xb6, 0xd2, 0x7a, 0x23, 0xb7, 0xbe, 0xcb, 0xfa, 0x27, 0x2d, 0x52, 0x40, 0xe3, + 0x6f, 0xe1, 0x3d, 0xbd, 0x7a, 0xc1, 0xc5, 0x2c, 0x90, 0x32, 0x88, 0xa3, 0xa7, 0xaf, 0x69, 0x74, + 0xc5, 0x8d, 0x42, 0xbd, 0x91, 0x57, 0x3f, 0xa5, 0x8a, 0x9c, 0xb4, 0xc8, 0xda, 0x13, 0x52, 0x56, + 0xd3, 0x68, 0x11, 0x28, 0x5b, 0xad, 0x6b, 0x59, 0x59, 0x7f, 0xca, 0xca, 0xae, 0xf0, 0x27, 0xb0, + 0xad, 0x57, 0xcf, 0xe3, 0x20, 0x32, 0x1a, 0xf7, 0x46, 0xf7, 0xea, 0x3b, 0xb5, 0x77, 0xd2, 0x22, + 0x19, 0xf2, 0x49, 0x17, 0x36, 0x17, 0x5a, 0x43, 0xef, 0x99, 0x29, 0x97, 0xcf, 0x75, 0xd9, 0x9d, + 0x01, 0xd0, 0x4c, 0x61, 0x17, 0x1d, 0x76, 0x8e, 0x7a, 0xa3, 0xfd, 0xf2, 0x59, 0x45, 0xf9, 0x49, + 0x01, 0xed, 0xfd, 0x85, 0x60, 0x7b, 0xcc, 0xc2, 0x0b, 0x45, 0x15, 0xc7, 0x43, 0x80, 0xac, 0x5c, + 0xa5, 0x39, 0xc8, 0x21, 0x05, 0x0b, 0x3e, 0xb5, 0xe1, 0x1a, 0xb0, 0x74, 0xdb, 0xe6, 0xa2, 0xfb, + 0x75, 0xd2, 0xc6, 0x4f, 0x0a, 0x50, 0x7c, 0x06, 0xdd, 0xc0, 0x44, 0x2d, 0xdd, 0x8e, 0xd9, 0x75, + 0x58, 0xde, 0x65, 0x60, 0xc7, 0x56, 0x18, 0xf9, 0x2c, 0x52, 0x62, 0x49, 0xd2, 0x0d, 0xfb, 0x5f, + 0x41, 0xbf, 0xe8, 0xc0, 0x03, 0xe8, 0xbc, 0xe1, 0xcb, 0x55, 0xa7, 0xea, 0x47, 0x7c, 0xbc, 0xd2, + 0xe4, 0xee, 0xb2, 0xb0, 0x07, 0x10, 0x0b, 0x3b, 0x6b, 0x3f, 0x42, 0xde, 0x1b, 0xe8, 0x17, 0xd9, + 0x36, 0xb6, 0xdc, 0x63, 0xe8, 0x25, 0x59, 0xe6, 0xa5, 0xb9, 0x65, 0x67, 0xf4, 0x41, 0x53, 0xd9, + 0x48, 0x52, 0xdc, 0xe1, 0xfd, 0x8c, 0x00, 0xf2, 0xb2, 0x6e, 0xbc, 0xeb, 0x21, 0xec, 0x55, 0xdb, + 0xd1, 0x2a, 0xdd, 0x27, 0x75, 0x47, 0x95, 0x59, 0xe7, 0x5f, 0x33, 0xfb, 0x0d, 0xc1, 0x3b, 0x25, + 0x8d, 0xf0, 0x11, 0xec, 0xda, 0x71, 0xfb, 0x62, 0x7e, 0x19, 0x06, 0xec, 0x9c, 0xa7, 0x1c, 0xab, + 0xe6, 0xff, 0x9b, 0xea, 0xaf, 0x08, 0x7a, 0x85, 0xae, 0x68, 0x54, 0x31, 0x0b, 0xe2, 0xa2, 0xf2, + 0x72, 0xaa, 0x9a, 0xb1, 0x07, 0xfd, 0x2c, 0x2e, 0x1d, 0xab, 0x1d, 0xe7, 0x25, 0xdb, 0xfa, 0x40, + 0x37, 0xee, 0x08, 0xd4, 0x93, 0x99, 0xa2, 0xab, 0xf1, 0xd3, 0x44, 0xf4, 0x0b, 0xd8, 0x5d, 0xf5, + 0x17, 0xe1, 0x49, 0x48, 0x59, 0xd6, 0x56, 0x07, 0x65, 0x65, 0x48, 0x09, 0x44, 0xaa, 0x9b, 0xbc, + 0xef, 0x60, 0xaf, 0x86, 0x6a, 0xbc, 0x78, 0xdd, 0xeb, 0xa0, 0xbd, 0xfe, 0x75, 0xe0, 0x2d, 0xe0, + 0xfe, 0x1d, 0x83, 0xf1, 0xbf, 0x6d, 0x9b, 0xe7, 0xb0, 0xa3, 0x67, 0xc3, 0x32, 0x62, 0x5f, 0x72, + 0x29, 0xe9, 0x15, 0xc7, 0x8f, 0xa0, 0xcb, 0xb2, 0x31, 0xa7, 0x7b, 0x7d, 0x58, 0x99, 0x23, 0xcb, + 0x88, 0x95, 0x46, 0x5d, 0x0a, 0xf7, 0x5e, 0xc1, 0xbb, 0x6b, 0xfc, 0x66, 0x74, 0xfa, 0xbe, 0xfd, + 0x0c, 0x90, 0xab, 0x33, 0x2b, 0xf3, 0x63, 0x9c, 0xf9, 0xf5, 0x00, 0xcf, 0xd1, 0xf9, 0x28, 0x9e, + 0x98, 0x8c, 0xe7, 0x38, 0x7c, 0x0a, 0x5d, 0x91, 0x1d, 0xa9, 0xb3, 0x59, 0x8c, 0xba, 0xfe, 0xdd, + 0x42, 0x52, 0xf4, 0x83, 0x53, 0xc0, 0x75, 0x51, 0xb0, 0x03, 0x9b, 0x63, 0x7f, 0x16, 0x44, 0x83, + 0x16, 0x06, 0xd8, 0x7a, 0x29, 0x02, 0xc5, 0xc5, 0x00, 0xe9, 0x67, 0x9d, 0x21, 0x2e, 0x06, 0xed, + 0x27, 0x8f, 0x7f, 0xbf, 0x19, 0xa2, 0xb7, 0x37, 0x43, 0xf4, 0xe7, 0xcd, 0x10, 0xfd, 0x74, 0x3b, + 0x6c, 0xbd, 0xbd, 0x1d, 0xb6, 0xfe, 0xb8, 0x1d, 0xb6, 0x5e, 0x7d, 0xf8, 0x8f, 0xbe, 0x0a, 0x2f, + 0xb7, 0xcc, 0xcf, 0xc7, 0x7f, 0x07, 0x00, 0x00, 0xff, 0xff, 0x2e, 0x3b, 0x3f, 0x0a, 0x45, 0x0a, + 0x00, 0x00, } func (m *RawAclRecord) Marshal() (dAtA []byte, err error) { @@ -1360,30 +1369,37 @@ func (m *AclRoot) MarshalToSizedBuffer(dAtA []byte) (int, error) { _ = i var l int _ = l + if len(m.IdentitySignature) > 0 { + i -= len(m.IdentitySignature) + copy(dAtA[i:], m.IdentitySignature) + i = encodeVarintAclrecord(dAtA, i, uint64(len(m.IdentitySignature))) + i-- + dAtA[i] = 0x32 + } if m.Timestamp != 0 { i = encodeVarintAclrecord(dAtA, i, uint64(m.Timestamp)) i-- dAtA[i] = 0x28 } - if len(m.DerivationParams) > 0 { - i -= len(m.DerivationParams) - copy(dAtA[i:], m.DerivationParams) - i = encodeVarintAclrecord(dAtA, i, uint64(len(m.DerivationParams))) - i-- - dAtA[i] = 0x22 - } if len(m.EncryptedReadKey) > 0 { i -= len(m.EncryptedReadKey) copy(dAtA[i:], m.EncryptedReadKey) i = encodeVarintAclrecord(dAtA, i, uint64(len(m.EncryptedReadKey))) i-- - dAtA[i] = 0x1a + dAtA[i] = 0x22 } if len(m.SpaceId) > 0 { i -= len(m.SpaceId) copy(dAtA[i:], m.SpaceId) i = encodeVarintAclrecord(dAtA, i, uint64(len(m.SpaceId))) i-- + dAtA[i] = 0x1a + } + if len(m.MasterKey) > 0 { + i -= len(m.MasterKey) + copy(dAtA[i:], m.MasterKey) + i = encodeVarintAclrecord(dAtA, i, uint64(len(m.MasterKey))) + i-- dAtA[i] = 0x12 } if len(m.Identity) > 0 { @@ -2150,6 +2166,10 @@ func (m *AclRoot) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } + l = len(m.MasterKey) + if l > 0 { + n += 1 + l + sovAclrecord(uint64(l)) + } l = len(m.SpaceId) if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) @@ -2158,13 +2178,13 @@ func (m *AclRoot) Size() (n int) { if l > 0 { n += 1 + l + sovAclrecord(uint64(l)) } - l = len(m.DerivationParams) - if l > 0 { - n += 1 + l + sovAclrecord(uint64(l)) - } if m.Timestamp != 0 { n += 1 + sovAclrecord(uint64(m.Timestamp)) } + l = len(m.IdentitySignature) + if l > 0 { + n += 1 + l + sovAclrecord(uint64(l)) + } return n } @@ -3053,6 +3073,40 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MasterKey", wireType) + } + var byteLen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + byteLen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if byteLen < 0 { + return ErrInvalidLengthAclrecord + } + postIndex := iNdEx + byteLen + if postIndex < 0 { + return ErrInvalidLengthAclrecord + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.MasterKey = append(m.MasterKey[:0], dAtA[iNdEx:postIndex]...) + if m.MasterKey == nil { + m.MasterKey = []byte{} + } + iNdEx = postIndex + case 3: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field SpaceId", wireType) } @@ -3084,7 +3138,7 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error { } m.SpaceId = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex - case 3: + case 4: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field EncryptedReadKey", wireType) } @@ -3118,9 +3172,28 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error { m.EncryptedReadKey = []byte{} } iNdEx = postIndex - case 4: + case 5: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType) + } + m.Timestamp = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAclrecord + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.Timestamp |= int64(b&0x7F) << shift + if b < 0x80 { + break + } + } + case 6: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DerivationParams", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field IdentitySignature", wireType) } var byteLen int for shift := uint(0); ; shift += 7 { @@ -3147,30 +3220,11 @@ func (m *AclRoot) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.DerivationParams = append(m.DerivationParams[:0], dAtA[iNdEx:postIndex]...) - if m.DerivationParams == nil { - m.DerivationParams = []byte{} + m.IdentitySignature = append(m.IdentitySignature[:0], dAtA[iNdEx:postIndex]...) + if m.IdentitySignature == nil { + m.IdentitySignature = []byte{} } iNdEx = postIndex - case 5: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Timestamp", wireType) - } - m.Timestamp = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowAclrecord - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Timestamp |= int64(b&0x7F) << shift - if b < 0x80 { - break - } - } default: iNdEx = preIndex skippy, err := skipAclrecord(dAtA[iNdEx:]) diff --git a/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto b/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto index f64b9697..c90cf116 100644 --- a/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto +++ b/commonspace/object/acl/aclrecordproto/protos/aclrecord.proto @@ -24,10 +24,11 @@ message AclRecord { message AclRoot { bytes identity = 1; - string spaceId = 2; - bytes encryptedReadKey = 3; - bytes derivationParams = 4; + bytes masterKey = 2; + string spaceId = 3; + bytes encryptedReadKey = 4; int64 timestamp = 5; + bytes identitySignature = 6; } message AclContentValue { diff --git a/commonspace/object/acl/list/aclrecordbuilder.go b/commonspace/object/acl/list/aclrecordbuilder.go index 8ea77746..2e02bef0 100644 --- a/commonspace/object/acl/list/aclrecordbuilder.go +++ b/commonspace/object/acl/list/aclrecordbuilder.go @@ -4,14 +4,14 @@ import ( "github.com/anytypeio/any-sync/commonspace/object/acl/aclrecordproto" "github.com/anytypeio/any-sync/util/cidutil" "github.com/anytypeio/any-sync/util/crypto" - "github.com/anytypeio/any-sync/util/crypto/cryptoproto" "github.com/gogo/protobuf/proto" + "time" ) type RootContent struct { PrivKey crypto.PrivKey + MasterKey crypto.PrivKey SpaceId string - DerivationPath string EncryptedReadKey []byte } @@ -89,22 +89,25 @@ func (a *aclRecordBuilder) BuildRoot(content RootContent) (rec *aclrecordproto.R if err != nil { return } - var derivationParams []byte - if content.DerivationPath != "" { - keyDerivation := &cryptoproto.KeyDerivation{ - Method: cryptoproto.DerivationMethod_Slip21, - DerivationPath: content.DerivationPath, - } - derivationParams, err = keyDerivation.Marshal() - if err != nil { - return - } + masterKey, err := content.MasterKey.GetPublic().Marshall() + if err != nil { + return + } + identitySignature, err := content.MasterKey.Sign(identity) + if err != nil { + return + } + var timestamp int64 + if content.EncryptedReadKey != nil { + timestamp = time.Now().Unix() } aclRoot := &aclrecordproto.AclRoot{ - Identity: identity, - SpaceId: content.SpaceId, - EncryptedReadKey: content.EncryptedReadKey, - DerivationParams: derivationParams, + Identity: identity, + SpaceId: content.SpaceId, + EncryptedReadKey: content.EncryptedReadKey, + MasterKey: masterKey, + IdentitySignature: identitySignature, + Timestamp: timestamp, } return marshalAclRoot(aclRoot, content.PrivKey) } diff --git a/commonspace/object/acl/list/aclstate.go b/commonspace/object/acl/list/aclstate.go index c1ab749e..6bdd30aa 100644 --- a/commonspace/object/acl/list/aclstate.go +++ b/commonspace/object/acl/list/aclstate.go @@ -3,8 +3,6 @@ package list import ( "errors" "fmt" - "github.com/anytypeio/any-sync/util/crypto/cryptoproto" - "github.com/anytypeio/any-sync/app/logger" "github.com/anytypeio/any-sync/commonspace/object/acl/aclrecordproto" "github.com/anytypeio/any-sync/util/crypto" @@ -172,8 +170,8 @@ func (st *AclState) saveReadKeyFromRoot(record *AclRecord) (err error) { if !ok { return ErrIncorrectRoot } - if root.DerivationParams != nil { - readKey, err = st.deriveKey(root.DerivationParams) + if root.EncryptedReadKey == nil { + readKey, err = st.deriveKey() if err != nil { return } @@ -315,17 +313,12 @@ func (st *AclState) LastRecordId() string { return st.lastRecordId } -func (st *AclState) deriveKey(params []byte) (crypto.SymKey, error) { - keyDerivation := &cryptoproto.KeyDerivation{} - err := proto.Unmarshal(params, keyDerivation) - if err != nil { - return nil, err - } +func (st *AclState) deriveKey() (crypto.SymKey, error) { keyBytes, err := st.key.Raw() if err != nil { return nil, err } - return crypto.DeriveSymmetricKey(keyBytes, keyDerivation.DerivationPath) + return crypto.DeriveSymmetricKey(keyBytes, crypto.AnysyncSpacePath) } func mapKeyFromPubKey(pubKey crypto.PubKey) string { diff --git a/commonspace/object/acl/list/listutils.go b/commonspace/object/acl/list/listutils.go index e9a92553..f2597ca2 100644 --- a/commonspace/object/acl/list/listutils.go +++ b/commonspace/object/acl/list/listutils.go @@ -10,9 +10,9 @@ import ( func NewTestDerivedAcl(spaceId string, keys *accountdata.AccountKeys) (AclList, error) { builder := NewAclRecordBuilder("", crypto.NewKeyStorage()) root, err := builder.BuildRoot(RootContent{ - PrivKey: keys.SignKey, - SpaceId: spaceId, - DerivationPath: crypto.AnytypeAccountPath, + PrivKey: keys.SignKey, + SpaceId: spaceId, + MasterKey: keys.MasterKey, }) if err != nil { return nil, err diff --git a/commonspace/payloads.go b/commonspace/payloads.go index 00075379..46d2515d 100644 --- a/commonspace/payloads.go +++ b/commonspace/payloads.go @@ -66,6 +66,7 @@ func storagePayloadForSpaceCreate(payload SpaceCreatePayload) (storagePayload sp aclBuilder := list.NewAclRecordBuilder("", keyStorage) aclRoot, err := aclBuilder.BuildRoot(list.RootContent{ PrivKey: payload.SigningKey, + MasterKey: payload.MasterKey, SpaceId: spaceId, EncryptedReadKey: readKey, }) @@ -151,9 +152,9 @@ func storagePayloadForSpaceDerive(payload SpaceDerivePayload) (storagePayload sp keyStorage := crypto.NewKeyStorage() aclBuilder := list.NewAclRecordBuilder("", keyStorage) aclRoot, err := aclBuilder.BuildRoot(list.RootContent{ - PrivKey: payload.SigningKey, - SpaceId: spaceId, - DerivationPath: crypto.AnytypeAccountPath, + PrivKey: payload.SigningKey, + MasterKey: payload.MasterKey, + SpaceId: spaceId, }) if err != nil { return diff --git a/commonspace/space.go b/commonspace/space.go index ece13042..8b4375fb 100644 --- a/commonspace/space.go +++ b/commonspace/space.go @@ -50,6 +50,8 @@ type SpaceCreatePayload struct { ReplicationKey uint64 // SpacePayload is an arbitrary payload related to space type SpacePayload []byte + // MasterKey is the master key of the owner + MasterKey crypto.PrivKey } type HandleMessage struct { @@ -61,6 +63,7 @@ type HandleMessage struct { type SpaceDerivePayload struct { SigningKey crypto.PrivKey + MasterKey crypto.PrivKey SpaceType string SpacePayload []byte } diff --git a/util/crypto/cryptoproto/crypto.pb.go b/util/crypto/cryptoproto/crypto.pb.go index 0f1120cc..338c1dd9 100644 --- a/util/crypto/cryptoproto/crypto.pb.go +++ b/util/crypto/cryptoproto/crypto.pb.go @@ -50,28 +50,6 @@ func (KeyType) EnumDescriptor() ([]byte, []int) { return fileDescriptor_ddfeb19e486561de, []int{0} } -type DerivationMethod int32 - -const ( - DerivationMethod_Slip21 DerivationMethod = 0 -) - -var DerivationMethod_name = map[int32]string{ - 0: "Slip21", -} - -var DerivationMethod_value = map[string]int32{ - "Slip21": 0, -} - -func (x DerivationMethod) String() string { - return proto.EnumName(DerivationMethod_name, int32(x)) -} - -func (DerivationMethod) EnumDescriptor() ([]byte, []int) { - return fileDescriptor_ddfeb19e486561de, []int{1} -} - type Key struct { Type KeyType `protobuf:"varint,1,opt,name=Type,proto3,enum=crypto.KeyType" json:"Type,omitempty"` Data []byte `protobuf:"bytes,2,opt,name=Data,proto3" json:"Data,omitempty"` @@ -124,63 +102,9 @@ func (m *Key) GetData() []byte { return nil } -type KeyDerivation struct { - Method DerivationMethod `protobuf:"varint,1,opt,name=method,proto3,enum=crypto.DerivationMethod" json:"method,omitempty"` - DerivationPath string `protobuf:"bytes,2,opt,name=derivationPath,proto3" json:"derivationPath,omitempty"` -} - -func (m *KeyDerivation) Reset() { *m = KeyDerivation{} } -func (m *KeyDerivation) String() string { return proto.CompactTextString(m) } -func (*KeyDerivation) ProtoMessage() {} -func (*KeyDerivation) Descriptor() ([]byte, []int) { - return fileDescriptor_ddfeb19e486561de, []int{1} -} -func (m *KeyDerivation) XXX_Unmarshal(b []byte) error { - return m.Unmarshal(b) -} -func (m *KeyDerivation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { - if deterministic { - return xxx_messageInfo_KeyDerivation.Marshal(b, m, deterministic) - } else { - b = b[:cap(b)] - n, err := m.MarshalToSizedBuffer(b) - if err != nil { - return nil, err - } - return b[:n], nil - } -} -func (m *KeyDerivation) XXX_Merge(src proto.Message) { - xxx_messageInfo_KeyDerivation.Merge(m, src) -} -func (m *KeyDerivation) XXX_Size() int { - return m.Size() -} -func (m *KeyDerivation) XXX_DiscardUnknown() { - xxx_messageInfo_KeyDerivation.DiscardUnknown(m) -} - -var xxx_messageInfo_KeyDerivation proto.InternalMessageInfo - -func (m *KeyDerivation) GetMethod() DerivationMethod { - if m != nil { - return m.Method - } - return DerivationMethod_Slip21 -} - -func (m *KeyDerivation) GetDerivationPath() string { - if m != nil { - return m.DerivationPath - } - return "" -} - func init() { proto.RegisterEnum("crypto.KeyType", KeyType_name, KeyType_value) - proto.RegisterEnum("crypto.DerivationMethod", DerivationMethod_name, DerivationMethod_value) proto.RegisterType((*Key)(nil), "crypto.Key") - proto.RegisterType((*KeyDerivation)(nil), "crypto.KeyDerivation") } func init() { @@ -188,24 +112,19 @@ func init() { } var fileDescriptor_ddfeb19e486561de = []byte{ - // 263 bytes of a gzipped FileDescriptorProto + // 191 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xd2, 0x2e, 0x2d, 0xc9, 0xcc, 0xd1, 0x4f, 0x2e, 0xaa, 0x2c, 0x28, 0xc9, 0x87, 0x52, 0x05, 0x45, 0xf9, 0x25, 0xf9, 0xfa, 0x60, 0xb2, 0x18, 0x2a, 0xa4, 0x07, 0xe6, 0x09, 0xb1, 0x41, 0x78, 0x4a, 0x76, 0x5c, 0xcc, 0xde, 0xa9, 0x95, 0x42, 0xca, 0x5c, 0x2c, 0x21, 0x95, 0x05, 0xa9, 0x12, 0x8c, 0x0a, 0x8c, 0x1a, 0x7c, 0x46, 0xfc, 0x7a, 0x50, 0xb5, 0xde, 0xa9, 0x95, 0x20, 0xe1, 0x20, 0xb0, 0xa4, 0x90, 0x10, 0x17, 0x8b, - 0x4b, 0x62, 0x49, 0xa2, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0x94, 0xc9, 0xc5, - 0xeb, 0x9d, 0x5a, 0xe9, 0x92, 0x5a, 0x94, 0x59, 0x96, 0x58, 0x92, 0x99, 0x9f, 0x27, 0x64, 0xc0, - 0xc5, 0x96, 0x9b, 0x5a, 0x92, 0x91, 0x9f, 0x02, 0x35, 0x4b, 0x02, 0x66, 0x16, 0x42, 0x8d, 0x2f, - 0x58, 0x3e, 0x08, 0xaa, 0x4e, 0x48, 0x8d, 0x8b, 0x2f, 0x05, 0x2e, 0x17, 0x90, 0x58, 0x92, 0x01, - 0xb6, 0x80, 0x33, 0x08, 0x4d, 0x54, 0xcb, 0x92, 0x8b, 0x1d, 0xea, 0x1e, 0x21, 0x41, 0x2e, 0x5e, - 0xd7, 0x14, 0x23, 0x53, 0x53, 0x43, 0xcb, 0x80, 0xd2, 0xa4, 0x9c, 0xcc, 0x64, 0x01, 0x06, 0x21, - 0x21, 0x2e, 0x3e, 0x98, 0x10, 0x58, 0x57, 0xaa, 0x00, 0xa3, 0x10, 0x3b, 0x17, 0xb3, 0xa3, 0x6b, - 0xb0, 0x00, 0x93, 0x96, 0x1c, 0x97, 0x00, 0xba, 0xf5, 0x42, 0x5c, 0x5c, 0x6c, 0xc1, 0x39, 0x99, - 0x05, 0x46, 0x86, 0x02, 0x0c, 0x4e, 0x86, 0x27, 0x1e, 0xc9, 0x31, 0x5e, 0x78, 0x24, 0xc7, 0xf8, - 0xe0, 0x91, 0x1c, 0xe3, 0x84, 0xc7, 0x72, 0x0c, 0x17, 0x1e, 0xcb, 0x31, 0xdc, 0x78, 0x2c, 0xc7, - 0x10, 0x25, 0x8e, 0x23, 0x50, 0x93, 0xd8, 0xc0, 0x94, 0x31, 0x20, 0x00, 0x00, 0xff, 0xff, 0x65, - 0xdf, 0xa5, 0x11, 0x76, 0x01, 0x00, 0x00, + 0x4b, 0x62, 0x49, 0xa2, 0x04, 0x93, 0x02, 0xa3, 0x06, 0x4f, 0x10, 0x98, 0xad, 0x65, 0xc9, 0xc5, + 0x0e, 0x55, 0x24, 0x24, 0xc8, 0xc5, 0xeb, 0x9a, 0x62, 0x64, 0x6a, 0x6a, 0x68, 0x19, 0x50, 0x9a, + 0x94, 0x93, 0x99, 0x2c, 0xc0, 0x20, 0x24, 0xc4, 0xc5, 0x07, 0x13, 0x2a, 0xca, 0x2c, 0x4b, 0x2c, + 0x49, 0x15, 0x60, 0x14, 0x62, 0xe7, 0x62, 0x76, 0x74, 0x0d, 0x16, 0x60, 0x72, 0x32, 0x3c, 0xf1, + 0x48, 0x8e, 0xf1, 0xc2, 0x23, 0x39, 0xc6, 0x07, 0x8f, 0xe4, 0x18, 0x27, 0x3c, 0x96, 0x63, 0xb8, + 0xf0, 0x58, 0x8e, 0xe1, 0xc6, 0x63, 0x39, 0x86, 0x28, 0x71, 0x1c, 0x3e, 0x49, 0x62, 0x03, 0x53, + 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x27, 0xb9, 0xba, 0xd8, 0xeb, 0x00, 0x00, 0x00, } func (m *Key) Marshal() (dAtA []byte, err error) { @@ -243,41 +162,6 @@ func (m *Key) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *KeyDerivation) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalToSizedBuffer(dAtA[:size]) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *KeyDerivation) MarshalTo(dAtA []byte) (int, error) { - size := m.Size() - return m.MarshalToSizedBuffer(dAtA[:size]) -} - -func (m *KeyDerivation) MarshalToSizedBuffer(dAtA []byte) (int, error) { - i := len(dAtA) - _ = i - var l int - _ = l - if len(m.DerivationPath) > 0 { - i -= len(m.DerivationPath) - copy(dAtA[i:], m.DerivationPath) - i = encodeVarintCrypto(dAtA, i, uint64(len(m.DerivationPath))) - i-- - dAtA[i] = 0x12 - } - if m.Method != 0 { - i = encodeVarintCrypto(dAtA, i, uint64(m.Method)) - i-- - dAtA[i] = 0x8 - } - return len(dAtA) - i, nil -} - func encodeVarintCrypto(dAtA []byte, offset int, v uint64) int { offset -= sovCrypto(v) base := offset @@ -305,22 +189,6 @@ func (m *Key) Size() (n int) { return n } -func (m *KeyDerivation) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Method != 0 { - n += 1 + sovCrypto(uint64(m.Method)) - } - l = len(m.DerivationPath) - if l > 0 { - n += 1 + l + sovCrypto(uint64(l)) - } - return n -} - func sovCrypto(x uint64) (n int) { return (math_bits.Len64(x|1) + 6) / 7 } @@ -430,107 +298,6 @@ func (m *Key) Unmarshal(dAtA []byte) error { } return nil } -func (m *KeyDerivation) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCrypto - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: KeyDerivation: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: KeyDerivation: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field Method", wireType) - } - m.Method = 0 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCrypto - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - m.Method |= DerivationMethod(b&0x7F) << shift - if b < 0x80 { - break - } - } - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field DerivationPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowCrypto - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= uint64(b&0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthCrypto - } - postIndex := iNdEx + intStringLen - if postIndex < 0 { - return ErrInvalidLengthCrypto - } - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.DerivationPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipCrypto(dAtA[iNdEx:]) - if err != nil { - return err - } - if (skippy < 0) || (iNdEx+skippy) < 0 { - return ErrInvalidLengthCrypto - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} func skipCrypto(dAtA []byte) (n int, err error) { l := len(dAtA) iNdEx := 0 diff --git a/util/crypto/cryptoproto/protos/crypto.proto b/util/crypto/cryptoproto/protos/crypto.proto index d74f0b61..dea6164b 100644 --- a/util/crypto/cryptoproto/protos/crypto.proto +++ b/util/crypto/cryptoproto/protos/crypto.proto @@ -8,16 +8,7 @@ enum KeyType { AES = 2; } -enum DerivationMethod { - Slip21 = 0; -} - message Key { KeyType Type = 1; bytes Data = 2; } - -message KeyDerivation { - DerivationMethod method = 1; - string derivationPath = 2; -} \ No newline at end of file diff --git a/util/crypto/derived.go b/util/crypto/derived.go index 596e4560..5821ea5f 100644 --- a/util/crypto/derived.go +++ b/util/crypto/derived.go @@ -5,9 +5,8 @@ import ( ) const ( - AnytypeAccountPath = "m/SLIP-0021/anytype/account" - AnysyncTreePath = "m/SLIP-0021/anysync/tree/%s" - AnytypeAccountPrefix = "m/44'/607'" + AnysyncSpacePath = "m/SLIP-0021/anysync/space" + AnysyncTreePath = "m/SLIP-0021/anysync/tree/%s" ) // DeriveSymmetricKey derives a symmetric key from seed and path using slip-21 diff --git a/util/crypto/derived_test.go b/util/crypto/derived_test.go index 24fd75df..2418e9b4 100644 --- a/util/crypto/derived_test.go +++ b/util/crypto/derived_test.go @@ -10,7 +10,7 @@ func TestDerivedKey(t *testing.T) { seed := make([]byte, 32) _, err := rand.Read(seed) require.NoError(t, err) - key, err := DeriveSymmetricKey(seed, AnytypeAccountPath) + key, err := DeriveSymmetricKey(seed, AnysyncSpacePath) require.NoError(t, err) _, err = rand.Read(seed) require.NoError(t, err) diff --git a/util/crypto/mnemonic.go b/util/crypto/mnemonic.go index 3b388bcc..07fe0260 100644 --- a/util/crypto/mnemonic.go +++ b/util/crypto/mnemonic.go @@ -12,6 +12,19 @@ var ( ErrInvalidMnemonic = errors.New("error invalid mnemonic") ) +const ( + anytypeAccountOldPrefix = "m/44'/607'" + // TODO: actually approve this + anytypeAccountNewPrefix = "m/44'/123456'" +) + +type DerivationResult struct { + MasterKey PrivKey + Identity PrivKey + OldAccountKey PrivKey + MasterNode slip10.Node +} + type MnemonicGenerator struct { mnemonic string } @@ -61,7 +74,47 @@ func (g MnemonicGenerator) WithEntropy(b []byte) (Mnemonic, error) { return Mnemonic(mnemonic), nil } -func (m Mnemonic) DeriveEd25519Key(index int) (PrivKey, error) { +func (m Mnemonic) deriveForPath(onlyMaster bool, index uint32, path string) (res DerivationResult, err error) { + seed, err := m.Seed() + if err != nil { + return + } + prefixNode, err := slip10.DeriveForPath(path, seed) + if err != nil { + return + } + // m/44'/code'/index' + res.MasterNode, err = prefixNode.Derive(slip10.FirstHardenedIndex + index) + if err != nil { + return + } + res.MasterKey, err = genKey(res.MasterNode) + if err != nil || onlyMaster { + return + } + // m/44'/code'/index'/0' + identityNode, err := res.MasterNode.Derive(slip10.FirstHardenedIndex) + if err != nil { + return + } + res.Identity, err = genKey(identityNode) + return +} + +func (m Mnemonic) DeriveKeys(index uint32) (res DerivationResult, err error) { + oldRes, err := m.deriveForPath(true, index, anytypeAccountOldPrefix) + if err != nil { + return + } + res, err = m.deriveForPath(false, index, anytypeAccountNewPrefix) + if err != nil { + return + } + res.OldAccountKey = oldRes.MasterKey + return +} + +func (m Mnemonic) Seed() ([]byte, error) { seed, err := bip39.NewSeedWithErrorChecking(string(m), "") if err != nil { if err == bip39.ErrInvalidMnemonic { @@ -69,22 +122,15 @@ func (m Mnemonic) DeriveEd25519Key(index int) (PrivKey, error) { } return nil, err } - masterKey, err := slip10.DeriveForPath(AnytypeAccountPrefix, seed) - if err != nil { - return nil, err - } - - key, err := masterKey.Derive(slip10.FirstHardenedIndex + uint32(index)) - if err != nil { - return nil, err - } - - reader := bytes.NewReader(key.RawSeed()) - privKey, _, err := GenerateEd25519Key(reader) - - return privKey, err + return seed, nil } func (m Mnemonic) Bytes() ([]byte, error) { return bip39.MnemonicToByteArray(string(m), true) } + +func genKey(node slip10.Node) (key PrivKey, err error) { + reader := bytes.NewReader(node.RawSeed()) + key, _, err = GenerateEd25519Key(reader) + return +} diff --git a/util/crypto/mnemonic_test.go b/util/crypto/mnemonic_test.go index 176dabbf..ae4e86bb 100644 --- a/util/crypto/mnemonic_test.go +++ b/util/crypto/mnemonic_test.go @@ -2,6 +2,7 @@ package crypto import ( "crypto/rand" + "github.com/anytypeio/go-slip10" "github.com/stretchr/testify/require" "strings" "testing" @@ -12,14 +13,31 @@ func TestMnemonic(t *testing.T) { require.NoError(t, err) parts := strings.Split(string(phrase), " ") require.Equal(t, 12, len(parts)) - key, err := phrase.DeriveEd25519Key(0) + res, err := phrase.DeriveKeys(0) require.NoError(t, err) bytes := make([]byte, 64) _, err = rand.Read(bytes) require.NoError(t, err) - sign, err := key.Sign(bytes) + + // testing signing with keys + for _, k := range []PrivKey{res.MasterKey, res.Identity, res.OldAccountKey} { + sign, err := k.Sign(bytes) + require.NoError(t, err) + res, err := k.GetPublic().Verify(bytes, sign) + require.NoError(t, err) + require.True(t, res) + } + + // testing derivation + masterKey, err := genKey(res.MasterNode) require.NoError(t, err) - res, err := key.GetPublic().Verify(bytes, sign) + require.True(t, res.MasterKey.Equals(masterKey)) + identityNode, err := res.MasterNode.Derive(slip10.FirstHardenedIndex) require.NoError(t, err) - require.True(t, res) + identityKey, err := genKey(identityNode) + require.NoError(t, err) + require.True(t, res.Identity.Equals(identityKey)) + oldAccountRes, err := phrase.deriveForPath(true, 0, anytypeAccountOldPrefix) + require.NoError(t, err) + require.True(t, res.OldAccountKey.Equals(oldAccountRes.MasterKey)) }