github.hscsec.cn/scroll-tech/go-ethereum@v1.9.7/cmd/clef/main.go (about) 1 // Copyright 2018 The go-ethereum Authors 2 // This file is part of go-ethereum. 3 // 4 // go-ethereum is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // go-ethereum is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with go-ethereum. If not, see <http://www.gnu.org/licenses/>. 16 17 package main 18 19 import ( 20 "bufio" 21 "context" 22 "crypto/rand" 23 "crypto/sha256" 24 "encoding/hex" 25 "encoding/json" 26 "fmt" 27 "io" 28 "io/ioutil" 29 "math/big" 30 "os" 31 "os/signal" 32 "os/user" 33 "path/filepath" 34 "runtime" 35 "strings" 36 "time" 37 38 "github.com/ethereum/go-ethereum/accounts" 39 "github.com/ethereum/go-ethereum/accounts/keystore" 40 "github.com/ethereum/go-ethereum/cmd/utils" 41 "github.com/ethereum/go-ethereum/common" 42 "github.com/ethereum/go-ethereum/common/hexutil" 43 "github.com/ethereum/go-ethereum/console" 44 "github.com/ethereum/go-ethereum/core/types" 45 "github.com/ethereum/go-ethereum/crypto" 46 "github.com/ethereum/go-ethereum/internal/ethapi" 47 "github.com/ethereum/go-ethereum/log" 48 "github.com/ethereum/go-ethereum/node" 49 "github.com/ethereum/go-ethereum/params" 50 "github.com/ethereum/go-ethereum/rlp" 51 "github.com/ethereum/go-ethereum/rpc" 52 "github.com/ethereum/go-ethereum/signer/core" 53 "github.com/ethereum/go-ethereum/signer/fourbyte" 54 "github.com/ethereum/go-ethereum/signer/rules" 55 "github.com/ethereum/go-ethereum/signer/storage" 56 colorable "github.com/mattn/go-colorable" 57 "github.com/mattn/go-isatty" 58 "gopkg.in/urfave/cli.v1" 59 ) 60 61 const legalWarning = ` 62 WARNING! 63 64 Clef is an account management tool. It may, like any software, contain bugs. 65 66 Please take care to 67 - backup your keystore files, 68 - verify that the keystore(s) can be opened with your password. 69 70 Clef is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; 71 without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR 72 PURPOSE. See the GNU General Public License for more details. 73 ` 74 75 var ( 76 logLevelFlag = cli.IntFlag{ 77 Name: "loglevel", 78 Value: 4, 79 Usage: "log level to emit to the screen", 80 } 81 advancedMode = cli.BoolFlag{ 82 Name: "advanced", 83 Usage: "If enabled, issues warnings instead of rejections for suspicious requests. Default off", 84 } 85 keystoreFlag = cli.StringFlag{ 86 Name: "keystore", 87 Value: filepath.Join(node.DefaultDataDir(), "keystore"), 88 Usage: "Directory for the keystore", 89 } 90 configdirFlag = cli.StringFlag{ 91 Name: "configdir", 92 Value: DefaultConfigDir(), 93 Usage: "Directory for Clef configuration", 94 } 95 chainIdFlag = cli.Int64Flag{ 96 Name: "chainid", 97 Value: params.MainnetChainConfig.ChainID.Int64(), 98 Usage: "Chain id to use for signing (1=mainnet, 3=Ropsten, 4=Rinkeby, 5=Goerli)", 99 } 100 rpcPortFlag = cli.IntFlag{ 101 Name: "rpcport", 102 Usage: "HTTP-RPC server listening port", 103 Value: node.DefaultHTTPPort + 5, 104 } 105 signerSecretFlag = cli.StringFlag{ 106 Name: "signersecret", 107 Usage: "A file containing the (encrypted) master seed to encrypt Clef data, e.g. keystore credentials and ruleset hash", 108 } 109 customDBFlag = cli.StringFlag{ 110 Name: "4bytedb-custom", 111 Usage: "File used for writing new 4byte-identifiers submitted via API", 112 Value: "./4byte-custom.json", 113 } 114 auditLogFlag = cli.StringFlag{ 115 Name: "auditlog", 116 Usage: "File used to emit audit logs. Set to \"\" to disable", 117 Value: "audit.log", 118 } 119 ruleFlag = cli.StringFlag{ 120 Name: "rules", 121 Usage: "Path to the rule file to auto-authorize requests with", 122 } 123 stdiouiFlag = cli.BoolFlag{ 124 Name: "stdio-ui", 125 Usage: "Use STDIN/STDOUT as a channel for an external UI. " + 126 "This means that an STDIN/STDOUT is used for RPC-communication with a e.g. a graphical user " + 127 "interface, and can be used when Clef is started by an external process.", 128 } 129 testFlag = cli.BoolFlag{ 130 Name: "stdio-ui-test", 131 Usage: "Mechanism to test interface between Clef and UI. Requires 'stdio-ui'.", 132 } 133 app = cli.NewApp() 134 initCommand = cli.Command{ 135 Action: utils.MigrateFlags(initializeSecrets), 136 Name: "init", 137 Usage: "Initialize the signer, generate secret storage", 138 ArgsUsage: "", 139 Flags: []cli.Flag{ 140 logLevelFlag, 141 configdirFlag, 142 }, 143 Description: ` 144 The init command generates a master seed which Clef can use to store credentials and data needed for 145 the rule-engine to work.`, 146 } 147 attestCommand = cli.Command{ 148 Action: utils.MigrateFlags(attestFile), 149 Name: "attest", 150 Usage: "Attest that a js-file is to be used", 151 ArgsUsage: "<sha256sum>", 152 Flags: []cli.Flag{ 153 logLevelFlag, 154 configdirFlag, 155 signerSecretFlag, 156 }, 157 Description: ` 158 The attest command stores the sha256 of the rule.js-file that you want to use for automatic processing of 159 incoming requests. 160 161 Whenever you make an edit to the rule file, you need to use attestation to tell 162 Clef that the file is 'safe' to execute.`, 163 } 164 setCredentialCommand = cli.Command{ 165 Action: utils.MigrateFlags(setCredential), 166 Name: "setpw", 167 Usage: "Store a credential for a keystore file", 168 ArgsUsage: "<address>", 169 Flags: []cli.Flag{ 170 logLevelFlag, 171 configdirFlag, 172 signerSecretFlag, 173 }, 174 Description: ` 175 The setpw command stores a password for a given address (keyfile). 176 `} 177 delCredentialCommand = cli.Command{ 178 Action: utils.MigrateFlags(removeCredential), 179 Name: "delpw", 180 Usage: "Remove a credential for a keystore file", 181 ArgsUsage: "<address>", 182 Flags: []cli.Flag{ 183 logLevelFlag, 184 configdirFlag, 185 signerSecretFlag, 186 }, 187 Description: ` 188 The delpw command removes a password for a given address (keyfile). 189 `} 190 gendocCommand = cli.Command{ 191 Action: GenDoc, 192 Name: "gendoc", 193 Usage: "Generate documentation about json-rpc format", 194 Description: ` 195 The gendoc generates example structures of the json-rpc communication types. 196 `} 197 ) 198 199 func init() { 200 app.Name = "Clef" 201 app.Usage = "Manage Ethereum account operations" 202 app.Flags = []cli.Flag{ 203 logLevelFlag, 204 keystoreFlag, 205 configdirFlag, 206 chainIdFlag, 207 utils.LightKDFFlag, 208 utils.NoUSBFlag, 209 utils.SmartCardDaemonPathFlag, 210 utils.RPCListenAddrFlag, 211 utils.RPCVirtualHostsFlag, 212 utils.IPCDisabledFlag, 213 utils.IPCPathFlag, 214 utils.RPCEnabledFlag, 215 rpcPortFlag, 216 signerSecretFlag, 217 customDBFlag, 218 auditLogFlag, 219 ruleFlag, 220 stdiouiFlag, 221 testFlag, 222 advancedMode, 223 } 224 app.Action = signer 225 app.Commands = []cli.Command{initCommand, attestCommand, setCredentialCommand, delCredentialCommand, gendocCommand} 226 } 227 228 func main() { 229 if err := app.Run(os.Args); err != nil { 230 fmt.Fprintln(os.Stderr, err) 231 os.Exit(1) 232 } 233 } 234 235 func initializeSecrets(c *cli.Context) error { 236 // Get past the legal message 237 if err := initialize(c); err != nil { 238 return err 239 } 240 // Ensure the master key does not yet exist, we're not willing to overwrite 241 configDir := c.GlobalString(configdirFlag.Name) 242 if err := os.Mkdir(configDir, 0700); err != nil && !os.IsExist(err) { 243 return err 244 } 245 location := filepath.Join(configDir, "masterseed.json") 246 if _, err := os.Stat(location); err == nil { 247 return fmt.Errorf("master key %v already exists, will not overwrite", location) 248 } 249 // Key file does not exist yet, generate a new one and encrypt it 250 masterSeed := make([]byte, 256) 251 num, err := io.ReadFull(rand.Reader, masterSeed) 252 if err != nil { 253 return err 254 } 255 if num != len(masterSeed) { 256 return fmt.Errorf("failed to read enough random") 257 } 258 n, p := keystore.StandardScryptN, keystore.StandardScryptP 259 if c.GlobalBool(utils.LightKDFFlag.Name) { 260 n, p = keystore.LightScryptN, keystore.LightScryptP 261 } 262 text := "The master seed of clef will be locked with a password.\nPlease specify a password. Do not forget this password!" 263 var password string 264 for { 265 password = getPassPhrase(text, true) 266 if err := core.ValidatePasswordFormat(password); err != nil { 267 fmt.Printf("invalid password: %v\n", err) 268 } else { 269 fmt.Println() 270 break 271 } 272 } 273 cipherSeed, err := encryptSeed(masterSeed, []byte(password), n, p) 274 if err != nil { 275 return fmt.Errorf("failed to encrypt master seed: %v", err) 276 } 277 // Double check the master key path to ensure nothing wrote there in between 278 if err = os.Mkdir(configDir, 0700); err != nil && !os.IsExist(err) { 279 return err 280 } 281 if _, err := os.Stat(location); err == nil { 282 return fmt.Errorf("master key %v already exists, will not overwrite", location) 283 } 284 // Write the file and print the usual warning message 285 if err = ioutil.WriteFile(location, cipherSeed, 0400); err != nil { 286 return err 287 } 288 fmt.Printf("A master seed has been generated into %s\n", location) 289 fmt.Printf(` 290 This is required to be able to store credentials, such as: 291 * Passwords for keystores (used by rule engine) 292 * Storage for JavaScript auto-signing rules 293 * Hash of JavaScript rule-file 294 295 You should treat 'masterseed.json' with utmost secrecy and make a backup of it! 296 * The password is necessary but not enough, you need to back up the master seed too! 297 * The master seed does not contain your accounts, those need to be backed up separately! 298 299 `) 300 return nil 301 } 302 func attestFile(ctx *cli.Context) error { 303 if len(ctx.Args()) < 1 { 304 utils.Fatalf("This command requires an argument.") 305 } 306 if err := initialize(ctx); err != nil { 307 return err 308 } 309 310 stretchedKey, err := readMasterKey(ctx, nil) 311 if err != nil { 312 utils.Fatalf(err.Error()) 313 } 314 configDir := ctx.GlobalString(configdirFlag.Name) 315 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 316 confKey := crypto.Keccak256([]byte("config"), stretchedKey) 317 318 // Initialize the encrypted storages 319 configStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "config.json"), confKey) 320 val := ctx.Args().First() 321 configStorage.Put("ruleset_sha256", val) 322 log.Info("Ruleset attestation updated", "sha256", val) 323 return nil 324 } 325 326 func setCredential(ctx *cli.Context) error { 327 if len(ctx.Args()) < 1 { 328 utils.Fatalf("This command requires an address to be passed as an argument") 329 } 330 if err := initialize(ctx); err != nil { 331 return err 332 } 333 addr := ctx.Args().First() 334 if !common.IsHexAddress(addr) { 335 utils.Fatalf("Invalid address specified: %s", addr) 336 } 337 address := common.HexToAddress(addr) 338 password := getPassPhrase("Please enter a password to store for this address:", true) 339 fmt.Println() 340 341 stretchedKey, err := readMasterKey(ctx, nil) 342 if err != nil { 343 utils.Fatalf(err.Error()) 344 } 345 configDir := ctx.GlobalString(configdirFlag.Name) 346 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 347 pwkey := crypto.Keccak256([]byte("credentials"), stretchedKey) 348 349 pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) 350 pwStorage.Put(address.Hex(), password) 351 352 log.Info("Credential store updated", "set", address) 353 return nil 354 } 355 356 func removeCredential(ctx *cli.Context) error { 357 if len(ctx.Args()) < 1 { 358 utils.Fatalf("This command requires an address to be passed as an argument") 359 } 360 if err := initialize(ctx); err != nil { 361 return err 362 } 363 addr := ctx.Args().First() 364 if !common.IsHexAddress(addr) { 365 utils.Fatalf("Invalid address specified: %s", addr) 366 } 367 address := common.HexToAddress(addr) 368 369 stretchedKey, err := readMasterKey(ctx, nil) 370 if err != nil { 371 utils.Fatalf(err.Error()) 372 } 373 configDir := ctx.GlobalString(configdirFlag.Name) 374 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 375 pwkey := crypto.Keccak256([]byte("credentials"), stretchedKey) 376 377 pwStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) 378 pwStorage.Del(address.Hex()) 379 380 log.Info("Credential store updated", "unset", address) 381 return nil 382 } 383 384 func initialize(c *cli.Context) error { 385 // Set up the logger to print everything 386 logOutput := os.Stdout 387 if c.GlobalBool(stdiouiFlag.Name) { 388 logOutput = os.Stderr 389 // If using the stdioui, we can't do the 'confirm'-flow 390 fmt.Fprintf(logOutput, legalWarning) 391 } else { 392 if !confirm(legalWarning) { 393 return fmt.Errorf("aborted by user") 394 } 395 fmt.Println() 396 } 397 usecolor := (isatty.IsTerminal(os.Stderr.Fd()) || isatty.IsCygwinTerminal(os.Stderr.Fd())) && os.Getenv("TERM") != "dumb" 398 output := io.Writer(logOutput) 399 if usecolor { 400 output = colorable.NewColorable(logOutput) 401 } 402 log.Root().SetHandler(log.LvlFilterHandler(log.Lvl(c.Int(logLevelFlag.Name)), log.StreamHandler(output, log.TerminalFormat(usecolor)))) 403 404 return nil 405 } 406 407 // ipcEndpoint resolves an IPC endpoint based on a configured value, taking into 408 // account the set data folders as well as the designated platform we're currently 409 // running on. 410 func ipcEndpoint(ipcPath, datadir string) string { 411 // On windows we can only use plain top-level pipes 412 if runtime.GOOS == "windows" { 413 if strings.HasPrefix(ipcPath, `\\.\pipe\`) { 414 return ipcPath 415 } 416 return `\\.\pipe\` + ipcPath 417 } 418 // Resolve names into the data directory full paths otherwise 419 if filepath.Base(ipcPath) == ipcPath { 420 if datadir == "" { 421 return filepath.Join(os.TempDir(), ipcPath) 422 } 423 return filepath.Join(datadir, ipcPath) 424 } 425 return ipcPath 426 } 427 428 func signer(c *cli.Context) error { 429 // If we have some unrecognized command, bail out 430 if args := c.Args(); len(args) > 0 { 431 return fmt.Errorf("invalid command: %q", args[0]) 432 } 433 if err := initialize(c); err != nil { 434 return err 435 } 436 var ( 437 ui core.UIClientAPI 438 ) 439 if c.GlobalBool(stdiouiFlag.Name) { 440 log.Info("Using stdin/stdout as UI-channel") 441 ui = core.NewStdIOUI() 442 } else { 443 log.Info("Using CLI as UI-channel") 444 ui = core.NewCommandlineUI() 445 } 446 // 4bytedb data 447 fourByteLocal := c.GlobalString(customDBFlag.Name) 448 db, err := fourbyte.NewWithFile(fourByteLocal) 449 if err != nil { 450 utils.Fatalf(err.Error()) 451 } 452 embeds, locals := db.Size() 453 log.Info("Loaded 4byte database", "embeds", embeds, "locals", locals, "local", fourByteLocal) 454 455 var ( 456 api core.ExternalAPI 457 pwStorage storage.Storage = &storage.NoStorage{} 458 ) 459 460 configDir := c.GlobalString(configdirFlag.Name) 461 if stretchedKey, err := readMasterKey(c, ui); err != nil { 462 log.Warn("Failed to open master, rules disabled", "err", err) 463 } else { 464 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), stretchedKey)[:10])) 465 466 // Generate domain specific keys 467 pwkey := crypto.Keccak256([]byte("credentials"), stretchedKey) 468 jskey := crypto.Keccak256([]byte("jsstorage"), stretchedKey) 469 confkey := crypto.Keccak256([]byte("config"), stretchedKey) 470 471 // Initialize the encrypted storages 472 pwStorage = storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "credentials.json"), pwkey) 473 jsStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "jsstorage.json"), jskey) 474 configStorage := storage.NewAESEncryptedStorage(filepath.Join(vaultLocation, "config.json"), confkey) 475 476 // Do we have a rule-file? 477 if ruleFile := c.GlobalString(ruleFlag.Name); ruleFile != "" { 478 ruleJS, err := ioutil.ReadFile(ruleFile) 479 if err != nil { 480 log.Warn("Could not load rules, disabling", "file", ruleFile, "err", err) 481 } else { 482 shasum := sha256.Sum256(ruleJS) 483 foundShaSum := hex.EncodeToString(shasum[:]) 484 storedShasum, _ := configStorage.Get("ruleset_sha256") 485 if storedShasum != foundShaSum { 486 log.Warn("Rule hash not attested, disabling", "hash", foundShaSum, "attested", storedShasum) 487 } else { 488 // Initialize rules 489 ruleEngine, err := rules.NewRuleEvaluator(ui, jsStorage) 490 if err != nil { 491 utils.Fatalf(err.Error()) 492 } 493 ruleEngine.Init(string(ruleJS)) 494 ui = ruleEngine 495 log.Info("Rule engine configured", "file", c.String(ruleFlag.Name)) 496 } 497 } 498 } 499 } 500 var ( 501 chainId = c.GlobalInt64(chainIdFlag.Name) 502 ksLoc = c.GlobalString(keystoreFlag.Name) 503 lightKdf = c.GlobalBool(utils.LightKDFFlag.Name) 504 advanced = c.GlobalBool(advancedMode.Name) 505 nousb = c.GlobalBool(utils.NoUSBFlag.Name) 506 scpath = c.GlobalString(utils.SmartCardDaemonPathFlag.Name) 507 ) 508 log.Info("Starting signer", "chainid", chainId, "keystore", ksLoc, 509 "light-kdf", lightKdf, "advanced", advanced) 510 am := core.StartClefAccountManager(ksLoc, nousb, lightKdf, scpath) 511 apiImpl := core.NewSignerAPI(am, chainId, nousb, ui, db, advanced, pwStorage) 512 513 // Establish the bidirectional communication, by creating a new UI backend and registering 514 // it with the UI. 515 ui.RegisterUIServer(core.NewUIServerAPI(apiImpl)) 516 api = apiImpl 517 // Audit logging 518 if logfile := c.GlobalString(auditLogFlag.Name); logfile != "" { 519 api, err = core.NewAuditLogger(logfile, api) 520 if err != nil { 521 utils.Fatalf(err.Error()) 522 } 523 log.Info("Audit logs configured", "file", logfile) 524 } 525 // register signer API with server 526 var ( 527 extapiURL = "n/a" 528 ipcapiURL = "n/a" 529 ) 530 rpcAPI := []rpc.API{ 531 { 532 Namespace: "account", 533 Public: true, 534 Service: api, 535 Version: "1.0"}, 536 } 537 if c.GlobalBool(utils.RPCEnabledFlag.Name) { 538 vhosts := splitAndTrim(c.GlobalString(utils.RPCVirtualHostsFlag.Name)) 539 cors := splitAndTrim(c.GlobalString(utils.RPCCORSDomainFlag.Name)) 540 541 // start http server 542 httpEndpoint := fmt.Sprintf("%s:%d", c.GlobalString(utils.RPCListenAddrFlag.Name), c.Int(rpcPortFlag.Name)) 543 listener, _, err := rpc.StartHTTPEndpoint(httpEndpoint, rpcAPI, []string{"account"}, cors, vhosts, rpc.DefaultHTTPTimeouts) 544 if err != nil { 545 utils.Fatalf("Could not start RPC api: %v", err) 546 } 547 extapiURL = fmt.Sprintf("http://%s", httpEndpoint) 548 log.Info("HTTP endpoint opened", "url", extapiURL) 549 550 defer func() { 551 listener.Close() 552 log.Info("HTTP endpoint closed", "url", httpEndpoint) 553 }() 554 } 555 if !c.GlobalBool(utils.IPCDisabledFlag.Name) { 556 givenPath := c.GlobalString(utils.IPCPathFlag.Name) 557 ipcapiURL = ipcEndpoint(filepath.Join(givenPath, "clef.ipc"), configDir) 558 listener, _, err := rpc.StartIPCEndpoint(ipcapiURL, rpcAPI) 559 if err != nil { 560 utils.Fatalf("Could not start IPC api: %v", err) 561 } 562 log.Info("IPC endpoint opened", "url", ipcapiURL) 563 defer func() { 564 listener.Close() 565 log.Info("IPC endpoint closed", "url", ipcapiURL) 566 }() 567 } 568 569 if c.GlobalBool(testFlag.Name) { 570 log.Info("Performing UI test") 571 go testExternalUI(apiImpl) 572 } 573 ui.OnSignerStartup(core.StartupInfo{ 574 Info: map[string]interface{}{ 575 "intapi_version": core.InternalAPIVersion, 576 "extapi_version": core.ExternalAPIVersion, 577 "extapi_http": extapiURL, 578 "extapi_ipc": ipcapiURL, 579 }, 580 }) 581 582 abortChan := make(chan os.Signal) 583 signal.Notify(abortChan, os.Interrupt) 584 585 sig := <-abortChan 586 log.Info("Exiting...", "signal", sig) 587 588 return nil 589 } 590 591 // splitAndTrim splits input separated by a comma 592 // and trims excessive white space from the substrings. 593 func splitAndTrim(input string) []string { 594 result := strings.Split(input, ",") 595 for i, r := range result { 596 result[i] = strings.TrimSpace(r) 597 } 598 return result 599 } 600 601 // DefaultConfigDir is the default config directory to use for the vaults and other 602 // persistence requirements. 603 func DefaultConfigDir() string { 604 // Try to place the data folder in the user's home dir 605 home := homeDir() 606 if home != "" { 607 if runtime.GOOS == "darwin" { 608 return filepath.Join(home, "Library", "Signer") 609 } else if runtime.GOOS == "windows" { 610 appdata := os.Getenv("APPDATA") 611 if appdata != "" { 612 return filepath.Join(appdata, "Signer") 613 } else { 614 return filepath.Join(home, "AppData", "Roaming", "Signer") 615 } 616 } else { 617 return filepath.Join(home, ".clef") 618 } 619 } 620 // As we cannot guess a stable location, return empty and handle later 621 return "" 622 } 623 624 func homeDir() string { 625 if home := os.Getenv("HOME"); home != "" { 626 return home 627 } 628 if usr, err := user.Current(); err == nil { 629 return usr.HomeDir 630 } 631 return "" 632 } 633 func readMasterKey(ctx *cli.Context, ui core.UIClientAPI) ([]byte, error) { 634 var ( 635 file string 636 configDir = ctx.GlobalString(configdirFlag.Name) 637 ) 638 if ctx.GlobalIsSet(signerSecretFlag.Name) { 639 file = ctx.GlobalString(signerSecretFlag.Name) 640 } else { 641 file = filepath.Join(configDir, "masterseed.json") 642 } 643 if err := checkFile(file); err != nil { 644 return nil, err 645 } 646 cipherKey, err := ioutil.ReadFile(file) 647 if err != nil { 648 return nil, err 649 } 650 var password string 651 // If ui is not nil, get the password from ui. 652 if ui != nil { 653 resp, err := ui.OnInputRequired(core.UserInputRequest{ 654 Title: "Master Password", 655 Prompt: "Please enter the password to decrypt the master seed", 656 IsPassword: true}) 657 if err != nil { 658 return nil, err 659 } 660 password = resp.Text 661 } else { 662 password = getPassPhrase("Decrypt master seed of clef", false) 663 } 664 masterSeed, err := decryptSeed(cipherKey, password) 665 if err != nil { 666 return nil, fmt.Errorf("failed to decrypt the master seed of clef") 667 } 668 if len(masterSeed) < 256 { 669 return nil, fmt.Errorf("master seed of insufficient length, expected >255 bytes, got %d", len(masterSeed)) 670 } 671 // Create vault location 672 vaultLocation := filepath.Join(configDir, common.Bytes2Hex(crypto.Keccak256([]byte("vault"), masterSeed)[:10])) 673 err = os.Mkdir(vaultLocation, 0700) 674 if err != nil && !os.IsExist(err) { 675 return nil, err 676 } 677 return masterSeed, nil 678 } 679 680 // checkFile is a convenience function to check if a file 681 // * exists 682 // * is mode 0400 683 func checkFile(filename string) error { 684 info, err := os.Stat(filename) 685 if err != nil { 686 return fmt.Errorf("failed stat on %s: %v", filename, err) 687 } 688 // Check the unix permission bits 689 if info.Mode().Perm()&0377 != 0 { 690 return fmt.Errorf("file (%v) has insecure file permissions (%v)", filename, info.Mode().String()) 691 } 692 return nil 693 } 694 695 // confirm displays a text and asks for user confirmation 696 func confirm(text string) bool { 697 fmt.Printf(text) 698 fmt.Printf("\nEnter 'ok' to proceed:\n> ") 699 700 text, err := bufio.NewReader(os.Stdin).ReadString('\n') 701 if err != nil { 702 log.Crit("Failed to read user input", "err", err) 703 } 704 if text := strings.TrimSpace(text); text == "ok" { 705 return true 706 } 707 return false 708 } 709 710 func testExternalUI(api *core.SignerAPI) { 711 712 ctx := context.WithValue(context.Background(), "remote", "clef binary") 713 ctx = context.WithValue(ctx, "scheme", "in-proc") 714 ctx = context.WithValue(ctx, "local", "main") 715 errs := make([]string, 0) 716 717 a := common.HexToAddress("0xdeadbeef000000000000000000000000deadbeef") 718 addErr := func(errStr string) { 719 log.Info("Test error", "err", errStr) 720 errs = append(errs, errStr) 721 } 722 723 queryUser := func(q string) string { 724 resp, err := api.UI.OnInputRequired(core.UserInputRequest{ 725 Title: "Testing", 726 Prompt: q, 727 }) 728 if err != nil { 729 addErr(err.Error()) 730 } 731 return resp.Text 732 } 733 expectResponse := func(testcase, question, expect string) { 734 if got := queryUser(question); got != expect { 735 addErr(fmt.Sprintf("%s: got %v, expected %v", testcase, got, expect)) 736 } 737 } 738 expectApprove := func(testcase string, err error) { 739 if err == nil || err == accounts.ErrUnknownAccount { 740 return 741 } 742 addErr(fmt.Sprintf("%v: expected no error, got %v", testcase, err.Error())) 743 } 744 expectDeny := func(testcase string, err error) { 745 if err == nil || err != core.ErrRequestDenied { 746 addErr(fmt.Sprintf("%v: expected ErrRequestDenied, got %v", testcase, err)) 747 } 748 } 749 var delay = 1 * time.Second 750 // Test display of info and error 751 { 752 api.UI.ShowInfo("If you see this message, enter 'yes' to next question") 753 time.Sleep(delay) 754 expectResponse("showinfo", "Did you see the message? [yes/no]", "yes") 755 api.UI.ShowError("If you see this message, enter 'yes' to the next question") 756 time.Sleep(delay) 757 expectResponse("showerror", "Did you see the message? [yes/no]", "yes") 758 } 759 { // Sign data test - clique header 760 api.UI.ShowInfo("Please approve the next request for signing a clique header") 761 time.Sleep(delay) 762 cliqueHeader := types.Header{ 763 common.HexToHash("0000H45H"), 764 common.HexToHash("0000H45H"), 765 common.HexToAddress("0000H45H"), 766 common.HexToHash("0000H00H"), 767 common.HexToHash("0000H45H"), 768 common.HexToHash("0000H45H"), 769 types.Bloom{}, 770 big.NewInt(1337), 771 big.NewInt(1337), 772 1338, 773 1338, 774 1338, 775 []byte("Extra data Extra data Extra data Extra data Extra data Extra data Extra data Extra data"), 776 common.HexToHash("0x0000H45H"), 777 types.BlockNonce{}, 778 } 779 cliqueRlp, err := rlp.EncodeToBytes(cliqueHeader) 780 if err != nil { 781 utils.Fatalf("Should not error: %v", err) 782 } 783 addr, _ := common.NewMixedcaseAddressFromString("0x0011223344556677889900112233445566778899") 784 _, err = api.SignData(ctx, accounts.MimetypeClique, *addr, hexutil.Encode(cliqueRlp)) 785 expectApprove("signdata - clique header", err) 786 } 787 { // Sign data test - typed data 788 api.UI.ShowInfo("Please approve the next request for signing EIP-712 typed data") 789 time.Sleep(delay) 790 addr, _ := common.NewMixedcaseAddressFromString("0x0011223344556677889900112233445566778899") 791 data := `{"types":{"EIP712Domain":[{"name":"name","type":"string"},{"name":"version","type":"string"},{"name":"chainId","type":"uint256"},{"name":"verifyingContract","type":"address"}],"Person":[{"name":"name","type":"string"},{"name":"test","type":"uint8"},{"name":"wallet","type":"address"}],"Mail":[{"name":"from","type":"Person"},{"name":"to","type":"Person"},{"name":"contents","type":"string"}]},"primaryType":"Mail","domain":{"name":"Ether Mail","version":"1","chainId":"1","verifyingContract":"0xCCCcccccCCCCcCCCCCCcCcCccCcCCCcCcccccccC"},"message":{"from":{"name":"Cow","test":"3","wallet":"0xcD2a3d9F938E13CD947Ec05AbC7FE734Df8DD826"},"to":{"name":"Bob","wallet":"0xbBbBBBBbbBBBbbbBbbBbbbbBBbBbbbbBbBbbBBbB","test":"2"},"contents":"Hello, Bob!"}}` 792 //_, err := api.SignData(ctx, accounts.MimetypeTypedData, *addr, hexutil.Encode([]byte(data))) 793 var typedData core.TypedData 794 json.Unmarshal([]byte(data), &typedData) 795 _, err := api.SignTypedData(ctx, *addr, typedData) 796 expectApprove("sign 712 typed data", err) 797 } 798 { // Sign data test - plain text 799 api.UI.ShowInfo("Please approve the next request for signing text") 800 time.Sleep(delay) 801 addr, _ := common.NewMixedcaseAddressFromString("0x0011223344556677889900112233445566778899") 802 _, err := api.SignData(ctx, accounts.MimetypeTextPlain, *addr, hexutil.Encode([]byte("hello world"))) 803 expectApprove("signdata - text", err) 804 } 805 { // Sign data test - plain text reject 806 api.UI.ShowInfo("Please deny the next request for signing text") 807 time.Sleep(delay) 808 addr, _ := common.NewMixedcaseAddressFromString("0x0011223344556677889900112233445566778899") 809 _, err := api.SignData(ctx, accounts.MimetypeTextPlain, *addr, hexutil.Encode([]byte("hello world"))) 810 expectDeny("signdata - text", err) 811 } 812 { // Sign transaction 813 814 api.UI.ShowInfo("Please reject next transaction") 815 time.Sleep(delay) 816 data := hexutil.Bytes([]byte{}) 817 to := common.NewMixedcaseAddress(a) 818 tx := core.SendTxArgs{ 819 Data: &data, 820 Nonce: 0x1, 821 Value: hexutil.Big(*big.NewInt(6)), 822 From: common.NewMixedcaseAddress(a), 823 To: &to, 824 GasPrice: hexutil.Big(*big.NewInt(5)), 825 Gas: 1000, 826 Input: nil, 827 } 828 _, err := api.SignTransaction(ctx, tx, nil) 829 expectDeny("signtransaction [1]", err) 830 expectResponse("signtransaction [2]", "Did you see any warnings for the last transaction? (yes/no)", "no") 831 } 832 { // Listing 833 api.UI.ShowInfo("Please reject listing-request") 834 time.Sleep(delay) 835 _, err := api.List(ctx) 836 expectDeny("list", err) 837 } 838 { // Import 839 api.UI.ShowInfo("Please reject new account-request") 840 time.Sleep(delay) 841 _, err := api.New(ctx) 842 expectDeny("newaccount", err) 843 } 844 { // Metadata 845 api.UI.ShowInfo("Please check if you see the Origin in next listing (approve or deny)") 846 time.Sleep(delay) 847 api.List(context.WithValue(ctx, "Origin", "origin.com")) 848 expectResponse("metadata - origin", "Did you see origin (origin.com)? [yes/no] ", "yes") 849 } 850 851 for _, e := range errs { 852 log.Error(e) 853 } 854 result := fmt.Sprintf("Tests completed. %d errors:\n%s\n", len(errs), strings.Join(errs, "\n")) 855 api.UI.ShowInfo(result) 856 857 } 858 859 // getPassPhrase retrieves the password associated with clef, either fetched 860 // from a list of preloaded passphrases, or requested interactively from the user. 861 // TODO: there are many `getPassPhrase` functions, it will be better to abstract them into one. 862 func getPassPhrase(prompt string, confirmation bool) string { 863 fmt.Println(prompt) 864 password, err := console.Stdin.PromptPassword("Password: ") 865 if err != nil { 866 utils.Fatalf("Failed to read password: %v", err) 867 } 868 if confirmation { 869 confirm, err := console.Stdin.PromptPassword("Repeat password: ") 870 if err != nil { 871 utils.Fatalf("Failed to read password confirmation: %v", err) 872 } 873 if password != confirm { 874 utils.Fatalf("Passwords do not match") 875 } 876 } 877 return password 878 } 879 880 type encryptedSeedStorage struct { 881 Description string `json:"description"` 882 Version int `json:"version"` 883 Params keystore.CryptoJSON `json:"params"` 884 } 885 886 // encryptSeed uses a similar scheme as the keystore uses, but with a different wrapping, 887 // to encrypt the master seed 888 func encryptSeed(seed []byte, auth []byte, scryptN, scryptP int) ([]byte, error) { 889 cryptoStruct, err := keystore.EncryptDataV3(seed, auth, scryptN, scryptP) 890 if err != nil { 891 return nil, err 892 } 893 return json.Marshal(&encryptedSeedStorage{"Clef seed", 1, cryptoStruct}) 894 } 895 896 // decryptSeed decrypts the master seed 897 func decryptSeed(keyjson []byte, auth string) ([]byte, error) { 898 var encSeed encryptedSeedStorage 899 if err := json.Unmarshal(keyjson, &encSeed); err != nil { 900 return nil, err 901 } 902 if encSeed.Version != 1 { 903 log.Warn(fmt.Sprintf("unsupported encryption format of seed: %d, operation will likely fail", encSeed.Version)) 904 } 905 seed, err := keystore.DecryptDataV3(encSeed.Params, auth) 906 if err != nil { 907 return nil, err 908 } 909 return seed, err 910 } 911 912 // GenDoc outputs examples of all structures used in json-rpc communication 913 func GenDoc(ctx *cli.Context) { 914 915 var ( 916 a = common.HexToAddress("0xdeadbeef000000000000000000000000deadbeef") 917 b = common.HexToAddress("0x1111111122222222222233333333334444444444") 918 meta = core.Metadata{ 919 Scheme: "http", 920 Local: "localhost:8545", 921 Origin: "www.malicious.ru", 922 Remote: "localhost:9999", 923 UserAgent: "Firefox 3.2", 924 } 925 output []string 926 add = func(name, desc string, v interface{}) { 927 if data, err := json.MarshalIndent(v, "", " "); err == nil { 928 output = append(output, fmt.Sprintf("### %s\n\n%s\n\nExample:\n```json\n%s\n```", name, desc, data)) 929 } else { 930 log.Error("Error generating output", err) 931 } 932 } 933 ) 934 935 { // Sign plain text request 936 desc := "SignDataRequest contains information about a pending request to sign some data. " + 937 "The data to be signed can be of various types, defined by content-type. Clef has done most " + 938 "of the work in canonicalizing and making sense of the data, and it's up to the UI to present" + 939 "the user with the contents of the `message`" 940 sighash, msg := accounts.TextAndHash([]byte("hello world")) 941 messages := []*core.NameValueType{{"message", msg, accounts.MimetypeTextPlain}} 942 943 add("SignDataRequest", desc, &core.SignDataRequest{ 944 Address: common.NewMixedcaseAddress(a), 945 Meta: meta, 946 ContentType: accounts.MimetypeTextPlain, 947 Rawdata: []byte(msg), 948 Messages: messages, 949 Hash: sighash}) 950 } 951 { // Sign plain text response 952 add("SignDataResponse - approve", "Response to SignDataRequest", 953 &core.SignDataResponse{Approved: true}) 954 add("SignDataResponse - deny", "Response to SignDataRequest", 955 &core.SignDataResponse{}) 956 } 957 { // Sign transaction request 958 desc := "SignTxRequest contains information about a pending request to sign a transaction. " + 959 "Aside from the transaction itself, there is also a `call_info`-struct. That struct contains " + 960 "messages of various types, that the user should be informed of." + 961 "\n\n" + 962 "As in any request, it's important to consider that the `meta` info also contains untrusted data." + 963 "\n\n" + 964 "The `transaction` (on input into clef) can have either `data` or `input` -- if both are set, " + 965 "they must be identical, otherwise an error is generated. " + 966 "However, Clef will always use `data` when passing this struct on (if Clef does otherwise, please file a ticket)" 967 968 data := hexutil.Bytes([]byte{0x01, 0x02, 0x03, 0x04}) 969 add("SignTxRequest", desc, &core.SignTxRequest{ 970 Meta: meta, 971 Callinfo: []core.ValidationInfo{ 972 {"Warning", "Something looks odd, show this message as a warning"}, 973 {"Info", "User should see this aswell"}, 974 }, 975 Transaction: core.SendTxArgs{ 976 Data: &data, 977 Nonce: 0x1, 978 Value: hexutil.Big(*big.NewInt(6)), 979 From: common.NewMixedcaseAddress(a), 980 To: nil, 981 GasPrice: hexutil.Big(*big.NewInt(5)), 982 Gas: 1000, 983 Input: nil, 984 }}) 985 } 986 { // Sign tx response 987 data := hexutil.Bytes([]byte{0x04, 0x03, 0x02, 0x01}) 988 add("SignTxResponse - approve", "Response to request to sign a transaction. This response needs to contain the `transaction`"+ 989 ", because the UI is free to make modifications to the transaction.", 990 &core.SignTxResponse{Approved: true, 991 Transaction: core.SendTxArgs{ 992 Data: &data, 993 Nonce: 0x4, 994 Value: hexutil.Big(*big.NewInt(6)), 995 From: common.NewMixedcaseAddress(a), 996 To: nil, 997 GasPrice: hexutil.Big(*big.NewInt(5)), 998 Gas: 1000, 999 Input: nil, 1000 }}) 1001 add("SignTxResponse - deny", "Response to SignTxRequest. When denying a request, there's no need to "+ 1002 "provide the transaction in return", 1003 &core.SignTxResponse{}) 1004 } 1005 { // WHen a signed tx is ready to go out 1006 desc := "SignTransactionResult is used in the call `clef` -> `OnApprovedTx(result)`" + 1007 "\n\n" + 1008 "This occurs _after_ successful completion of the entire signing procedure, but right before the signed " + 1009 "transaction is passed to the external caller. This method (and data) can be used by the UI to signal " + 1010 "to the user that the transaction was signed, but it is primarily useful for ruleset implementations." + 1011 "\n\n" + 1012 "A ruleset that implements a rate limitation needs to know what transactions are sent out to the external " + 1013 "interface. By hooking into this methods, the ruleset can maintain track of that count." + 1014 "\n\n" + 1015 "**OBS:** Note that if an attacker can restore your `clef` data to a previous point in time" + 1016 " (e.g through a backup), the attacker can reset such windows, even if he/she is unable to decrypt the content. " + 1017 "\n\n" + 1018 "The `OnApproved` method cannot be responded to, it's purely informative" 1019 1020 rlpdata := common.FromHex("0xf85d640101948a8eafb1cf62bfbeb1741769dae1a9dd47996192018026a0716bd90515acb1e68e5ac5867aa11a1e65399c3349d479f5fb698554ebc6f293a04e8a4ebfff434e971e0ef12c5bf3a881b06fd04fc3f8b8a7291fb67a26a1d4ed") 1021 var tx types.Transaction 1022 rlp.DecodeBytes(rlpdata, &tx) 1023 add("OnApproved - SignTransactionResult", desc, ðapi.SignTransactionResult{Raw: rlpdata, Tx: &tx}) 1024 1025 } 1026 { // User input 1027 add("UserInputRequest", "Sent when clef needs the user to provide data. If 'password' is true, the input field should be treated accordingly (echo-free)", 1028 &core.UserInputRequest{IsPassword: true, Title: "The title here", Prompt: "The question to ask the user"}) 1029 add("UserInputResponse", "Response to UserInputRequest", 1030 &core.UserInputResponse{Text: "The textual response from user"}) 1031 } 1032 { // List request 1033 add("ListRequest", "Sent when a request has been made to list addresses. The UI is provided with the "+ 1034 "full `account`s, including local directory names. Note: this information is not passed back to the external caller, "+ 1035 "who only sees the `address`es. ", 1036 &core.ListRequest{ 1037 Meta: meta, 1038 Accounts: []accounts.Account{ 1039 {a, accounts.URL{Scheme: "keystore", Path: "/path/to/keyfile/a"}}, 1040 {b, accounts.URL{Scheme: "keystore", Path: "/path/to/keyfile/b"}}}, 1041 }) 1042 1043 add("ListResponse", "Response to list request. The response contains a list of all addresses to show to the caller. "+ 1044 "Note: the UI is free to respond with any address the caller, regardless of whether it exists or not", 1045 &core.ListResponse{ 1046 Accounts: []accounts.Account{ 1047 {common.HexToAddress("0xcowbeef000000cowbeef00000000000000000c0w"), accounts.URL{Path: ".. ignored .."}}, 1048 {common.HexToAddress("0xffffffffffffffffffffffffffffffffffffffff"), accounts.URL{}}, 1049 }}) 1050 } 1051 1052 fmt.Println(`## UI Client interface 1053 1054 These data types are defined in the channel between clef and the UI`) 1055 for _, elem := range output { 1056 fmt.Println(elem) 1057 } 1058 }