Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Source file encrypted.ml
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601(*****************************************************************************)(* *)(* Open Source License *)(* Copyright (c) 2018 Dynamic Ledger Solutions, Inc. <contact@tezos.com> *)(* Copyright (c) 2018 Nomadic Labs, <contact@nomadic-labs.com> *)(* *)(* Permission is hereby granted, free of charge, to any person obtaining a *)(* copy of this software and associated documentation files (the "Software"),*)(* to deal in the Software without restriction, including without limitation *)(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *)(* and/or sell copies of the Software, and to permit persons to whom the *)(* Software is furnished to do so, subject to the following conditions: *)(* *)(* The above copyright notice and this permission notice shall be included *)(* in all copies or substantial portions of the Software. *)(* *)(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *)(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *)(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *)(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *)(* DEALINGS IN THE SOFTWARE. *)(* *)(*****************************************************************************)typeTezos_crypto.Base58.data+=Encrypted_ed25519ofBytes.ttypeTezos_crypto.Base58.data+=Encrypted_secp256k1ofBytes.ttypeTezos_crypto.Base58.data+=Encrypted_p256ofBytes.ttypeTezos_crypto.Base58.data+=Encrypted_secp256k1_elementofBytes.ttypeTezos_crypto.Base58.data+=Encrypted_bls12_381ofBytes.ttypeencrypted_sk=Encrypted_aggregate_sk|Encrypted_skofSignature.algotypedecrypted_sk=|Decrypted_aggregate_skofTezos_crypto.Aggregate_signature.Secret_key.t|Decrypted_skofSignature.Secret_key.topenClient_keysletscheme="encrypted"letaggregate_scheme="aggregate_encrypted"moduleRaw=struct(* https://tools.ietf.org/html/rfc2898#section-4.1 *)letsalt_len=8(* Fixed zero nonce *)letnonce=Tezos_crypto.Crypto_box.zero_nonce(* Secret keys for Ed25519, secp256k1, P256 have the same size. *)letencrypted_size=Tezos_crypto.Crypto_box.tag_length+Tezos_crypto.Hacl.Ed25519.sk_sizeletpbkdf~salt~password=Pbkdf.SHA512.pbkdf2~count:32768~dk_len:32l~salt~passwordletencrypt~passwordsk=letsalt=Tezos_crypto.Hacl.Rand.gensalt_leninletkey=Tezos_crypto.Crypto_box.Secretbox.unsafe_of_bytes(pbkdf~salt~password)inletmsg=match(sk:decrypted_sk)with|Decrypted_sk(Ed25519sk)->Data_encoding.Binary.to_bytes_exnSignature.Ed25519.Secret_key.encodingsk|Decrypted_sk(Secp256k1sk)->Data_encoding.Binary.to_bytes_exnSignature.Secp256k1.Secret_key.encodingsk|Decrypted_sk(P256sk)->Data_encoding.Binary.to_bytes_exnSignature.P256.Secret_key.encodingsk|Decrypted_sk(Blssk)|Decrypted_aggregate_sk(Bls12_381sk)->Data_encoding.Binary.to_bytes_exnSignature.Bls.Secret_key.encodingskinBytes.catsalt(Tezos_crypto.Crypto_box.Secretbox.secretboxkeymsgnonce)letdecryptalgo~password~encrypted_sk=letopenLwt_result_syntaxinletsalt=Bytes.subencrypted_sk0salt_leninletencrypted_sk=Bytes.subencrypted_sksalt_lenencrypted_sizeinletkey=Tezos_crypto.Crypto_box.Secretbox.unsafe_of_bytes(pbkdf~salt~password)inmatch(Tezos_crypto.Crypto_box.Secretbox.secretbox_openkeyencrypted_sknonce,algo)with|None,_->return_none|Somebytes,Encrypted_skSignature.Ed25519->(matchData_encoding.Binary.of_bytes_optSignature.Ed25519.Secret_key.encodingbyteswith|Somesk->return_some(Decrypted_sk(Ed25519sk:Signature.Secret_key.t))|None->failwith"Corrupted wallet, deciphered key is not a valid Ed25519 secret \
key")|Somebytes,Encrypted_skSignature.Secp256k1->(matchData_encoding.Binary.of_bytes_optSignature.Secp256k1.Secret_key.encodingbyteswith|Somesk->return_some(Decrypted_sk(Secp256k1sk:Signature.Secret_key.t))|None->failwith"Corrupted wallet, deciphered key is not a valid Secp256k1 \
secret key")|Somebytes,Encrypted_skSignature.P256->(matchData_encoding.Binary.of_bytes_optSignature.P256.Secret_key.encodingbyteswith|Somesk->return_some(Decrypted_sk(P256sk:Signature.Secret_key.t))|None->failwith"Corrupted wallet, deciphered key is not a valid P256 secret key")|Somebytes,(Encrypted_aggregate_sk|Encrypted_skSignature.Bls)->(matchData_encoding.Binary.of_bytes_optSignature.Bls.Secret_key.encodingbyteswith|Somesk->return_some(Decrypted_aggregate_sk(Bls12_381sk:Tezos_crypto.Aggregate_signature.Secret_key.t))|None->failwith"Corrupted wallet, deciphered key is not a valid BLS12_381 \
secret key")endmoduleEncodings=structleted25519=letlength=Tezos_crypto.Hacl.Ed25519.sk_size+Tezos_crypto.Crypto_box.tag_length+Raw.salt_leninTezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.ed25519_encrypted_seed~length~to_raw:(funsk->Bytes.to_stringsk)~of_raw:(funbuf->ifString.lengthbuf<>lengththenNoneelseSome(Bytes.of_stringbuf))~wrap:(funsk->Encrypted_ed25519sk)letsecp256k1=letopenLibsecp256k1.Externalinletlength=Key.secret_bytes+Tezos_crypto.Crypto_box.tag_length+Raw.salt_leninTezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.secp256k1_encrypted_secret_key~length~to_raw:(funsk->Bytes.to_stringsk)~of_raw:(funbuf->ifString.lengthbuf<>lengththenNoneelseSome(Bytes.of_stringbuf))~wrap:(funsk->Encrypted_secp256k1sk)letp256=letlength=Tezos_crypto.Hacl.P256.sk_size+Tezos_crypto.Crypto_box.tag_length+Raw.salt_leninTezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.p256_encrypted_secret_key~length~to_raw:(funsk->Bytes.to_stringsk)~of_raw:(funbuf->ifString.lengthbuf<>lengththenNoneelseSome(Bytes.of_stringbuf))~wrap:(funsk->Encrypted_p256sk)letbls12_381=letlength=(* 32 + 16 + 8 = 56 *)Bls12_381_signature.sk_size_in_bytes+Tezos_crypto.Crypto_box.tag_length+Raw.salt_leninTezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.bls12_381_encrypted_secret_key~length~to_raw:(funsk->Bytes.to_stringsk)~of_raw:(funbuf->ifString.lengthbuf<>lengththenNoneelseSome(Bytes.of_stringbuf))~wrap:(funsk->Encrypted_bls12_381sk)letsecp256k1_scalar=letlength=36+Tezos_crypto.Crypto_box.tag_length+Raw.salt_leninTezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.secp256k1_encrypted_scalar~length~to_raw:(funsk->Bytes.to_stringsk)~of_raw:(funbuf->ifString.lengthbuf<>lengththenNoneelseSome(Bytes.of_stringbuf))~wrap:(funsk->Encrypted_secp256k1_elementsk)let()=Tezos_crypto.Base58.check_encoded_prefixed25519"edesk"88;Tezos_crypto.Base58.check_encoded_prefixsecp256k1"spesk"88;Tezos_crypto.Base58.check_encoded_prefixp256"p2esk"88;Tezos_crypto.Base58.check_encoded_prefixbls12_381"BLesk"88;Tezos_crypto.Base58.check_encoded_prefixsecp256k1_scalar"seesk"93end(* we cache the password in this list to avoid
asking the user all the time *)letpasswords=ref[](* Loop asking the user to give their password. Fails if a wrong password is
given more than `retries_left` *)letinteractive_decrypt_loop(cctxt:#Client_context.io)?name~retries_left~encrypted_skalgo=letopenLwt_result_syntaxinletrecinteractive_decrypt_loop(cctxt:#Client_context.io)name~current_retries~retries~encrypted_skalgo=matchcurrent_retrieswith|nwhenn>=retries->failwith"%d incorrect password attempts"current_retries|_->(let*password=cctxt#prompt_password"Enter password for encrypted key%s: "nameinlet*o=Raw.decryptalgo~password~encrypted_skinmatchowith|Somesk->passwords:=password::!passwords;returnsk|None->let*!()=ifretries_left==1thenLwt.return_unitelsecctxt#message"Sorry, try again."ininteractive_decrypt_loopcctxtname~current_retries:(current_retries+1)~retries~encrypted_skalgo)inletname=Option.foldname~some:(funs->Format.sprintf" \"%s\""s)~none:""ininteractive_decrypt_loopcctxtname~current_retries:0~retries:retries_left~encrypted_skalgo(* add all passwords obtained by [ctxt#load_passwords] to the list of known passwords *)letpassword_file_loadctxt=letopenLwt_syntaxinmatchctxt#load_passwordswith|Somestream->let*()=Lwt_stream.iter(funp->passwords:=Bytes.of_stringp::!passwords)streaminreturn_ok_unit|None->return_ok_unitletrecnoninteractive_decrypt_loopalgo~encrypted_sk=letopenLwt_result_syntaxinfunction|[]->return_none|password::passwords->(let*o=Raw.decryptalgo~password~encrypted_skinmatchowith|None->noninteractive_decrypt_loopalgo~encrypted_skpasswords|Somesk->return_somesk)letdecrypt_payloadcctxt?nameencrypted_sk=letopenLwt_result_syntaxinlet*algo,encrypted_sk=matchTezos_crypto.Base58.decodeencrypted_skwith|Some(Encrypted_ed25519encrypted_sk)->return(Encrypted_skSignature.Ed25519,encrypted_sk)|Some(Encrypted_secp256k1encrypted_sk)->return(Encrypted_skSignature.Secp256k1,encrypted_sk)|Some(Encrypted_p256encrypted_sk)->return(Encrypted_skSignature.P256,encrypted_sk)|Some(Encrypted_bls12_381encrypted_sk)->return(Encrypted_aggregate_sk,encrypted_sk)|_->failwith"Not a Base58Check-encoded encrypted key"inlet*o=noninteractive_decrypt_loopalgo~encrypted_sk!passwordsinmatchowith|Somesk->returnsk|None->letretries_left=ifcctxt#multiple_password_retriesthen3else1ininteractive_decrypt_loopcctxt?name~retries_left~encrypted_skalgoletinternal_decrypt_simple(cctxt:#Client_context.prompter)?namesk_uri=letopenLwt_result_syntaxinletpayload=Uri.path(sk_uri:sk_uri:>Uri.t)inlet*decrypted_sk=decrypt_payloadcctxt?namepayloadinmatchdecrypted_skwith|Decrypted_sksk->returnsk|Decrypted_aggregate_sk_sk->failwith"Found an aggregate secret key where a non-aggregate one was expected."letinternal_decrypt_aggregate(cctxt:#Client_context.prompter)?nameaggregate_sk_uri=letopenLwt_result_syntaxinletpayload=Uri.path(aggregate_sk_uri:aggregate_sk_uri:>Uri.t)inlet*decrypted_sk=decrypt_payloadcctxt?namepayloadinmatchdecrypted_skwith|Decrypted_aggregate_sksk->returnsk|Decrypted_sk_sk->failwith"Found a non-aggregate secret key where an aggregate one was expected."letdecrypt(cctxt:#Client_context.prompter)?namesk_uri=letopenLwt_result_syntaxinlet*()=password_file_loadcctxtininternal_decrypt_simple(cctxt:#Client_context.prompter)?namesk_uriletdecrypt_aggregate(cctxt:#Client_context.prompter)?nameaggregate_sk_uri=letopenLwt_result_syntaxinlet*()=password_file_loadcctxtininternal_decrypt_aggregate(cctxt:#Client_context.prompter)?nameaggregate_sk_uriletdecrypt_all(cctxt:#Client_context.io_wallet)=letopenLwt_result_syntaxinlet*sks=Secret_key.loadcctxtinlet*()=password_file_loadcctxtinList.iter_es(fun(name,sk_uri)->ifUri.scheme(sk_uri:sk_uri:>Uri.t)<>Someschemethenreturn_unitelselet*_=internal_decrypt_simplecctxt~namesk_uriinreturn_unit)sksletdecrypt_list(cctxt:#Client_context.io_wallet)keys=letopenLwt_result_syntaxinlet*sks=Secret_key.loadcctxtinlet*()=password_file_loadcctxtinList.iter_es(fun(name,sk_uri)->ifUri.scheme(sk_uri:sk_uri:>Uri.t)=Somescheme&&(keys=[]||List.mem~equal:String.equalnamekeys)thenlet*_=internal_decrypt_simplecctxt~namesk_uriinreturn_unitelsereturn_unit)sksletrecread_password(cctxt:#Client_context.io)=letopenLwt_result_syntaxinlet*password=cctxt#prompt_password"Enter password to encrypt your key: "inlet*confirm=cctxt#prompt_password"Confirm password: "inifnot(Bytes.equalpasswordconfirm)thenlet*!()=cctxt#message"Passwords do not match."inread_passwordcctxtelsereturnpasswordletcommon_encryptskpassword=letpayload=Raw.encrypt~passwordskinletencoding=matchskwith|Decrypted_sk(Ed25519_)->Encodings.ed25519|Decrypted_sk(Secp256k1_)->Encodings.secp256k1|Decrypted_sk(P256_)->Encodings.p256|Decrypted_sk(Bls_)|Decrypted_aggregate_sk(Bls12_381_)->Encodings.bls12_381inTezos_crypto.Base58.simple_encodeencodingpayloadletinternal_encrypt_simpleskpassword=letopenLwt_result_syntaxinletpath=common_encryptskpasswordinlet*?v=Client_keys.make_sk_uri(Uri.make~scheme~path())inreturnvletinternal_encrypt_aggregateskpassword=letopenLwt_result_syntaxinletpath=common_encryptskpasswordinlet*?v=Client_keys.make_aggregate_sk_uri(Uri.make~scheme:aggregate_scheme~path())inreturnvletencryptskpassword=internal_encrypt_simple(Decrypted_sksk)passwordletencrypt_aggregateskpassword=internal_encrypt_aggregate(Decrypted_aggregate_sksk)passwordletprompt_twice_and_encryptcctxtsk=letopenLwt_result_syntaxinlet*password=read_passwordcctxtinencryptskpasswordletprompt_twice_and_encrypt_aggregatecctxtsk=letopenLwt_result_syntaxinlet*password=read_passwordcctxtinencrypt_aggregateskpasswordmoduleSapling_raw=structletsalt_len=8(* 193 *)letencrypted_size=Tezos_crypto.Crypto_box.tag_length+salt_len+169letnonce=Tezos_crypto.Crypto_box.zero_nonceletpbkdf~salt~password=Pbkdf.SHA512.pbkdf2~count:32768~dk_len:32l~salt~passwordletencrypt~passwordmsg=letmsg=Tezos_sapling.Core.Wallet.Spending_key.to_bytesmsginletsalt=Tezos_crypto.Hacl.Rand.gensalt_leninletkey=Tezos_crypto.Crypto_box.Secretbox.unsafe_of_bytes(pbkdf~salt~password)inBytes.(to_string(catsalt(Tezos_crypto.Crypto_box.Secretbox.secretboxkeymsgnonce)))letdecrypt~passwordpayload=letebytes=Bytes.of_stringpayloadinletsalt=Bytes.subebytes0salt_leninletencrypted_sk=Bytes.subebytessalt_len(encrypted_size-salt_len)inletkey=Tezos_crypto.Crypto_box.Secretbox.unsafe_of_bytes(pbkdf~salt~password)inOption.bind(Tezos_crypto.Crypto_box.Secretbox.secretbox_openkeyencrypted_sknonce)Tezos_sapling.Core.Wallet.Spending_key.of_bytestypeTezos_crypto.Base58.data+=|DataofTezos_sapling.Core.Wallet.Spending_key.tletencrypted_b58_encodingpassword=Tezos_crypto.Base58.register_encoding~prefix:Tezos_crypto.Base58.Prefix.sapling_spending_key~length:encrypted_size~to_raw:(encrypt~password)~of_raw:(decrypt~password)~wrap:(funx->Datax)endletencrypt_sapling_keycctxtsk=letopenLwt_result_syntaxinlet*password=read_passwordcctxtinletpath=Tezos_crypto.Base58.simple_encode(Sapling_raw.encrypted_b58_encodingpassword)skinlet*?v=Client_keys.make_sapling_uri(Uri.make~scheme~path())inreturnvletdecrypt_sapling_key(cctxt:#Client_context.io)(sk_uri:sapling_uri)=letopenLwt_result_syntaxinleturi=(sk_uri:>Uri.t)inletpayload=Uri.pathuriinifUri.schemeuri=Someschemethenlet*password=cctxt#prompt_password"Enter password to decrypt your key: "inmatchTezos_crypto.Base58.simple_decode(Sapling_raw.encrypted_b58_encodingpassword)payloadwith|None->failwith"Password incorrect or corrupted wallet, could not decipher \
encrypted Sapling spending key."|Somesapling_key->returnsapling_keyelsematchTezos_crypto.Base58.simple_decodeTezos_sapling.Core.Wallet.Spending_key.b58check_encodingpayloadwith|None->failwith"Corrupted wallet, could not read unencrypted Sapling spending key."|Somesapling_key->returnsapling_keymoduleMake(C:sigvalcctxt:Client_context.io_walletend)=structletscheme="encrypted"lettitle="Built-in signer using encrypted keys."letdescription="Valid secret key URIs are of the form\n\
\ - encrypted:<encrypted_key>\n\
where <encrypted_key> is the encrypted (password protected using Nacl's \
cryptobox and pbkdf) secret key, formatted in unprefixed \
Tezos_crypto.Base58.\n\
Valid public key URIs are of the form\n\
\ - encrypted:<public_key>\n\
where <public_key> is the public key in Tezos_crypto.Base58."includeClient_keys.Signature_typeletpublic_key=Unencrypted.public_keyletpublic_key_hash=Unencrypted.public_key_hashletimport_secret_key=Unencrypted.import_secret_keyletneuterizesk_uri=letopenLwt_result_syntaxinlet*sk=decryptC.cctxtsk_uriinlet*?v=Unencrypted.make_pk(Signature.Secret_key.to_public_keysk)inreturnvletsign?watermarksk_uribuf=letopenLwt_result_syntaxinlet*sk=decryptC.cctxtsk_uriinreturn(Signature.sign?watermarkskbuf)letdeterministic_noncesk_uribuf=letopenLwt_result_syntaxinlet*sk=decryptC.cctxtsk_uriinreturn(Signature.deterministic_nonceskbuf)letdeterministic_nonce_hashsk_uribuf=letopenLwt_result_syntaxinlet*sk=decryptC.cctxtsk_uriinreturn(Signature.deterministic_nonce_hashskbuf)letsupports_deterministic_nonces_=Lwt_result_syntax.return_trueendmoduleMake_aggregate(C:sigvalcctxt:Client_context.io_walletend)=structletscheme="aggregate_encrypted"lettitle="Built-in signer using encrypted aggregate keys."letdescription="Valid aggregate secret key URIs are of the form\n\
\ - aggregate_encrypted:<encrypted_aggregate_key>\n\
where <encrypted_key> is the encrypted (password protected using Nacl's \
cryptobox and pbkdf) secret key, formatted in unprefixed \
Tezos_crypto.Base58.\n\
Valid aggregate public key URIs are of the form\n\
\ - aggregate_encrypted:<public_aggregate_key>\n\
where <public_aggregate_key> is the public key in Tezos_crypto.Base58."includeClient_keys.Aggregate_typeletpublic_key=Unencrypted.Aggregate.public_keyletpublic_key_hash=Unencrypted.Aggregate.public_key_hashletimport_secret_key=Unencrypted.Aggregate.import_secret_keyletneuterizesk_uri=letopenLwt_result_syntaxinlet*sk=decrypt_aggregateC.cctxtsk_uriinlet*?v=Unencrypted.Aggregate.make_pk(Tezos_crypto.Aggregate_signature.Secret_key.to_public_keysk)inreturnvletsignsk_uribuf=letopenLwt_result_syntaxinlet*sk=decrypt_aggregateC.cctxtsk_uriinreturn(Tezos_crypto.Aggregate_signature.signskbuf)end