|
|
|
|
@ -53,17 +53,24 @@ type Account struct { |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
type AccountManager struct { |
|
|
|
|
keyStore crypto.KeyStore2 |
|
|
|
|
unlockedKeys map[string]crypto.Key |
|
|
|
|
unlockTime time.Duration |
|
|
|
|
mutex sync.RWMutex |
|
|
|
|
keyStore crypto.KeyStore2 |
|
|
|
|
unlocked map[string]*unlocked |
|
|
|
|
unlockTime time.Duration |
|
|
|
|
mutex sync.RWMutex |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
type unlocked struct { |
|
|
|
|
addr []byte |
|
|
|
|
abort chan struct{} |
|
|
|
|
|
|
|
|
|
*crypto.Key |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func NewAccountManager(keyStore crypto.KeyStore2, unlockTime time.Duration) *AccountManager { |
|
|
|
|
return &AccountManager{ |
|
|
|
|
keyStore: keyStore, |
|
|
|
|
unlockedKeys: make(map[string]crypto.Key), |
|
|
|
|
unlockTime: unlockTime, |
|
|
|
|
keyStore: keyStore, |
|
|
|
|
unlocked: make(map[string]*unlocked), |
|
|
|
|
unlockTime: unlockTime, |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@ -97,9 +104,9 @@ func (am *AccountManager) DeleteAccount(address []byte, auth string) error { |
|
|
|
|
|
|
|
|
|
func (am *AccountManager) Sign(a Account, toSign []byte) (signature []byte, err error) { |
|
|
|
|
am.mutex.RLock() |
|
|
|
|
unlockedKey := am.unlockedKeys[string(a.Address)] |
|
|
|
|
unlockedKey, found := am.unlocked[string(a.Address)] |
|
|
|
|
am.mutex.RUnlock() |
|
|
|
|
if unlockedKey.Address == nil { |
|
|
|
|
if !found { |
|
|
|
|
return nil, ErrLocked |
|
|
|
|
} |
|
|
|
|
signature, err = crypto.Sign(toSign, unlockedKey.PrivateKey) |
|
|
|
|
@ -111,10 +118,8 @@ func (am *AccountManager) SignLocked(a Account, keyAuth string, toSign []byte) ( |
|
|
|
|
if err != nil { |
|
|
|
|
return nil, err |
|
|
|
|
} |
|
|
|
|
am.mutex.Lock() |
|
|
|
|
am.unlockedKeys[string(a.Address)] = *key |
|
|
|
|
am.mutex.Unlock() |
|
|
|
|
go unlockLater(am, a.Address) |
|
|
|
|
u := am.addUnlocked(a.Address, key) |
|
|
|
|
go am.dropLater(u) |
|
|
|
|
signature, err = crypto.Sign(toSign, key.PrivateKey) |
|
|
|
|
return signature, err |
|
|
|
|
} |
|
|
|
|
@ -143,14 +148,40 @@ func (am *AccountManager) Accounts() ([]Account, error) { |
|
|
|
|
return accounts, err |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func unlockLater(am *AccountManager, addr []byte) { |
|
|
|
|
select { |
|
|
|
|
case <-time.After(am.unlockTime): |
|
|
|
|
} |
|
|
|
|
func (am *AccountManager) addUnlocked(addr []byte, key *crypto.Key) *unlocked { |
|
|
|
|
u := &unlocked{addr: addr, abort: make(chan struct{}), Key: key} |
|
|
|
|
am.mutex.Lock() |
|
|
|
|
// TODO: how do we know the key is actually gone from memory?
|
|
|
|
|
delete(am.unlockedKeys, string(addr)) |
|
|
|
|
prev, found := am.unlocked[string(addr)] |
|
|
|
|
if found { |
|
|
|
|
// terminate dropLater for this key to avoid unexpected drops.
|
|
|
|
|
close(prev.abort) |
|
|
|
|
zeroKey(prev.PrivateKey) |
|
|
|
|
} |
|
|
|
|
am.unlocked[string(addr)] = u |
|
|
|
|
am.mutex.Unlock() |
|
|
|
|
return u |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
func (am *AccountManager) dropLater(u *unlocked) { |
|
|
|
|
t := time.NewTimer(am.unlockTime) |
|
|
|
|
defer t.Stop() |
|
|
|
|
select { |
|
|
|
|
case <-u.abort: |
|
|
|
|
// just quit
|
|
|
|
|
case <-t.C: |
|
|
|
|
am.mutex.Lock() |
|
|
|
|
if am.unlocked[string(u.addr)] == u { |
|
|
|
|
zeroKey(u.PrivateKey) |
|
|
|
|
delete(am.unlocked, string(u.addr)) |
|
|
|
|
} |
|
|
|
|
am.mutex.Unlock() |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
// zeroKey zeroes a private key in memory.
|
|
|
|
|
func zeroKey(k *ecdsa.PrivateKey) { |
|
|
|
|
b := k.D.Bits() |
|
|
|
|
for i := range b { |
|
|
|
|
b[i] = 0 |
|
|
|
|
} |
|
|
|
|
} |
|
|
|
|
|
Felix Lange
10 years ago