/* This file is part of cpp-ethereum. cpp-ethereum is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. cpp-ethereum is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with cpp-ethereum. If not, see <http://www.gnu.org/licenses/>. */ /** @file SecretStore.h * @author Gav Wood <i@gavwood.com> * @date 2014 */ #pragma once #include <functional> #include <mutex> #include <libdevcore/FixedHash.h> #include <libdevcore/FileSystem.h> #include "Common.h" namespace dev { enum class KDF { PBKDF2_SHA256, Scrypt, }; /** * Manages encrypted keys stored in a certain directory on disk. The keys are read into memory * and changes to the keys are automatically synced to the directory. * Each file stores exactly one key in a specific JSON format whose file name is derived from the * UUID of the key. * @note that most of the functions here affect the filesystem and throw exceptions on failure, * and they also throw exceptions upon rare malfunction in the cryptographic functions. */ class SecretStore { public: /// Construct a new SecretStore and read all keys in the given directory. SecretStore(std::string const& _path = defaultPath()); /// @returns the secret key stored by the given @a _uuid. /// @param _pass function that returns the password for the key. /// @param _useCache if true, allow previously decrypted keys to be returned directly. bytes secret(h128 const& _uuid, std::function<std::string()> const& _pass, bool _useCache = true) const; /// Imports the (encrypted) key stored in the file @a _file and copies it to the managed directory. h128 importKey(std::string const& _file) { auto ret = readKey(_file, false); if (ret) save(); return ret; } /// Imports the (encrypted) key contained in the json formatted @a _content and stores it in /// the managed directory. h128 importKeyContent(std::string const& _content) { auto ret = readKeyContent(_content, std::string()); if (ret) save(); return ret; } /// Imports the decrypted key given by @a _s and stores it, encrypted with /// (a key derived from) the password @a _pass. h128 importSecret(bytes const& _s, std::string const& _pass); /// Decrypts and re-encrypts the key identified by @a _uuid. bool recode(h128 const& _uuid, std::string const& _newPass, std::function<std::string()> const& _pass, KDF _kdf = KDF::Scrypt); /// Removes the key specified by @a _uuid from both memory and disk. void kill(h128 const& _uuid); /// Returns the uuids of all stored keys. std::vector<h128> keys() const { return keysOf(m_keys); } /// Clears all cached decrypted keys. The passwords have to be supplied in order to retrieve /// secrets again after calling this function. void clearCache() const; /// Import the key from the file @a _file, but do not copy it to the managed directory yet. /// @param _takeFileOwnership if true, deletes the file if it is not the canonical file for the /// key (derived from its uuid). h128 readKey(std::string const& _file, bool _takeFileOwnership); /// Import the key contained in the json-encoded @a _content, but do not store it in the /// managed directory. /// @param _file if given, assume this file contains @a _content and delete it later, if it is /// not the canonical file for the key (derived from the uuid). h128 readKeyContent(std::string const& _content, std::string const& _file = std::string()); /// Store all keys in the directory @a _keysPath. void save(std::string const& _keysPath); /// Store all keys in the managed directory. void save() { save(m_path); } /// @returns the default path for the managed directory. static std::string defaultPath() { return getDataDir("web3") + "/keys"; } private: struct EncryptedKey { std::string encryptedKey; std::string filename; }; /// Loads all keys in the given directory. void load(std::string const& _keysPath); void load() { load(m_path); } /// Encrypts @a _v with a key derived from @a _pass or the empty string on error. static std::string encrypt(bytes const& _v, std::string const& _pass, KDF _kdf = KDF::Scrypt); /// Decrypts @a _v with a key derived from @a _pass or the empty byte array on error. static bytes decrypt(std::string const& _v, std::string const& _pass); /// Stores decrypted keys by uuid. mutable std::unordered_map<h128, bytes> m_cached; /// Stores encrypted keys together with the file they were loaded from by uuid. std::unordered_map<h128, EncryptedKey> m_keys; std::string m_path; }; }