Merge pull request cosmos#37 from tendermint/nano

Nano Support

Author: ethanfrey

Makefile

@@ -10,7 +10,7 @@ REPO:=github.com/tendermint/go-crypto
 all: get_vendor_deps metalinter_test test
 
 test:
-	go test `glide novendor`
+	go test -p 1 `glide novendor`
 
 get_vendor_deps: ensure_tools
 	@rm -rf vendor/

glide.lock

@@ -30,6 +30,7 @@ import:
 - package: github.com/spf13/viper
 - package: gopkg.in/go-playground/validator.v9
 - package: github.com/howeyc/crc16
+- package: github.com/ethanfrey/ledger
 testImport:
 - package: github.com/mndrix/btcutil
 - package: github.com/stretchr/testify

glide.yaml

@@ -43,7 +43,8 @@ func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string)
 	privKeyBytes := encBytes
 	// NOTE: Some keys weren't encrypted with a passphrase and hence we have the conditional
 	if passphrase != "" {
-		key, err := bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
+		var key []byte
+		key, err = bcrypt.GenerateFromPassword(saltBytes, []byte(passphrase), 14) // TODO parameterize.  14 is good today (2016)
 		if err != nil {
 			return crypto.PrivKey{}, errors.Wrap(err, "Invalid Passphrase")
 		}
@@ -55,7 +56,7 @@ func (e secretbox) Decrypt(saltBytes []byte, encBytes []byte, passphrase string)
 	}
 	privKey, err = crypto.PrivKeyFromBytes(privKeyBytes)
 	if err != nil {
-		return crypto.PrivKey{}, errors.Wrap(err, "Couldn't get privKey from bytes")
+		return crypto.PrivKey{}, errors.Wrap(err, "Private Key")
 	}
 	return privKey, nil
 }

keys/cryptostore/encoder.go

@@ -15,8 +15,10 @@ func TestNoopEncoder(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)
 	noop := cryptostore.Noop
 
-	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
-	key2 := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
+	key, err := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
+	require.NoError(err)
+	key2, err := cryptostore.GenSecp256k1.Generate(cmn.RandBytes(16))
+	require.NoError(err)
 
 	_, b, err := noop.Encrypt(key, "encode")
 	require.Nil(err)
@@ -43,7 +45,8 @@ func TestSecretBox(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)
 	enc := cryptostore.SecretBox
 
-	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
+	key, err := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
+	require.NoError(err)
 	pass := "some-special-secret"
 
 	s, b, err := enc.Encrypt(key, pass)
@@ -65,7 +68,8 @@ func TestSecretBoxNoPass(t *testing.T) {
 	assert, require := assert.New(t), require.New(t)
 	enc := cryptostore.SecretBox
 
-	key := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
+	key, rerr := cryptostore.GenEd25519.Generate(cmn.RandBytes(16))
+	require.NoError(rerr)
 
 	cases := []struct {
 		encode string
@@ -95,7 +99,7 @@ func TestSecretBoxNoPass(t *testing.T) {
 
 	// now let's make sure raw bytes also work...
 	b := key.Bytes()
-	pk, err := enc.Decrypt(nil, b, "")
-	require.Nil(err, "%+v", err)
+	pk, rerr := enc.Decrypt(nil, b, "")
+	require.NoError(rerr)
 	assert.Equal(key, pk)
 }

keys/cryptostore/encoder_test.go

@@ -4,53 +4,86 @@ import (
 	"github.com/pkg/errors"
 
 	crypto "github.com/tendermint/go-crypto"
+	"github.com/tendermint/go-crypto/nano"
 )
 
 var (
 	// GenEd25519 produces Ed25519 private keys
 	GenEd25519 Generator = GenFunc(genEd25519)
 	// GenSecp256k1 produces Secp256k1 private keys
 	GenSecp256k1 Generator = GenFunc(genSecp256)
+	// GenLedgerEd25519 used Ed25519 keys stored on nano ledger s with cosmos app
+	GenLedgerEd25519 Generator = GenFunc(genLedgerEd25519)
 )
 
 // Generator determines the type of private key the keystore creates
 type Generator interface {
-	Generate(secret []byte) crypto.PrivKey
+	Generate(secret []byte) (crypto.PrivKey, error)
 }
 
 // GenFunc is a helper to transform a function into a Generator
-type GenFunc func(secret []byte) crypto.PrivKey
+type GenFunc func(secret []byte) (crypto.PrivKey, error)
 
-func (f GenFunc) Generate(secret []byte) crypto.PrivKey {
+func (f GenFunc) Generate(secret []byte) (crypto.PrivKey, error) {
 	return f(secret)
 }
 
-func genEd25519(secret []byte) crypto.PrivKey {
-	return crypto.GenPrivKeyEd25519FromSecret(secret).Wrap()
+func genEd25519(secret []byte) (crypto.PrivKey, error) {
+	key := crypto.GenPrivKeyEd25519FromSecret(secret).Wrap()
+	return key, nil
 }
 
-func genSecp256(secret []byte) crypto.PrivKey {
-	return crypto.GenPrivKeySecp256k1FromSecret(secret).Wrap()
+func genSecp256(secret []byte) (crypto.PrivKey, error) {
+	key := crypto.GenPrivKeySecp256k1FromSecret(secret).Wrap()
+	return key, nil
 }
 
-func getGenerator(algo string) (Generator, error) {
+// secret is completely ignored for the ledger...
+// just for interface compatibility
+func genLedgerEd25519(secret []byte) (crypto.PrivKey, error) {
+	return nano.NewPrivKeyLedgerEd25519Ed25519()
+}
+
+type genInvalidByte struct {
+	typ byte
+}
+
+func (g genInvalidByte) Generate(secret []byte) (crypto.PrivKey, error) {
+	err := errors.Errorf("Cannot generate keys for algorithm: %X", g.typ)
+	return crypto.PrivKey{}, err
+}
+
+type genInvalidAlgo struct {
+	algo string
+}
+
+func (g genInvalidAlgo) Generate(secret []byte) (crypto.PrivKey, error) {
+	err := errors.Errorf("Cannot generate keys for algorithm: %s", g.algo)
+	return crypto.PrivKey{}, err
+}
+
+func getGenerator(algo string) Generator {
 	switch algo {
 	case crypto.NameEd25519:
-		return GenEd25519, nil
+		return GenEd25519
 	case crypto.NameSecp256k1:
-		return GenSecp256k1, nil
+		return GenSecp256k1
+	case nano.NameLedgerEd25519:
+		return GenLedgerEd25519
 	default:
-		return nil, errors.Errorf("Cannot generate keys for algorithm: %s", algo)
+		return genInvalidAlgo{algo}
 	}
 }
 
-func getGeneratorByType(typ byte) (Generator, error) {
+func getGeneratorByType(typ byte) Generator {
 	switch typ {
 	case crypto.TypeEd25519:
-		return GenEd25519, nil
+		return GenEd25519
 	case crypto.TypeSecp256k1:
-		return GenSecp256k1, nil
+		return GenSecp256k1
+	case nano.TypeLedgerEd25519:
+		return GenLedgerEd25519
 	default:
-		return nil, errors.Errorf("Cannot generate keys for algorithm: %X", typ)
+		return genInvalidByte{typ}
 	}
 }

keys/cryptostore/generator.go

@@ -33,14 +33,15 @@ var _ keys.Manager = Manager{}
 //
 // algo must be a supported go-crypto algorithm: ed25519, secp256k1
 func (s Manager) Create(name, passphrase, algo string) (keys.Info, string, error) {
-	gen, err := getGenerator(algo)
+	// 128-bits are the all the randomness we can make use of
+	secret := crypto.CRandBytes(16)
+	gen := getGenerator(algo)
+
+	key, err := gen.Generate(secret)
 	if err != nil {
 		return keys.Info{}, "", err
 	}
 
-	// 128-bits are the all the randomness we can make use of
-	secret := crypto.CRandBytes(16)
-	key := gen.Generate(secret)
 	err = s.es.Put(name, passphrase, key)
 	if err != nil {
 		return keys.Info{}, "", err
@@ -74,11 +75,11 @@ func (s Manager) Recover(name, passphrase, seedphrase string) (keys.Info, error)
 	l := len(secret)
 	secret, typ := secret[:l-1], secret[l-1]
 
-	gen, err := getGeneratorByType(typ)
+	gen := getGeneratorByType(typ)
+	key, err := gen.Generate(secret)
 	if err != nil {
 		return keys.Info{}, err
 	}
-	key := gen.Generate(secret)
 
 	// d00d, it worked!  create the bugger....
 	err = s.es.Put(name, passphrase, key)