[PRODCRE-1746] Move keys from core to corekeys. (#1837)

* Minor.

* Minor.

* Minor.

* Minor.

* Minor.

* chore: trigger pipeline

* Minor.

* Minor.

* Minor.

* Minor.

* Minor.

Author: pavel-raykov

go.md

@@ -16,6 +16,8 @@ flowchart LR
 	chainlink-common --> libocr
 	click chainlink-common href "https://github.com/smartcontractkit/chainlink-common"
 	chainlink-common/keystore --> chainlink-common
+	chainlink-common/keystore --> smdkg
+	chainlink-common/keystore --> wsrpc
 	click chainlink-common/keystore href "https://github.com/smartcontractkit/chainlink-common"
 	chainlink-common/pkg/chipingress
 	click chainlink-common/pkg/chipingress href "https://github.com/smartcontractkit/chainlink-common"
@@ -37,10 +39,19 @@ flowchart LR
 	click chainlink-protos/workflows/go href "https://github.com/smartcontractkit/chainlink-protos"
 	freeport
 	click freeport href "https://github.com/smartcontractkit/freeport"
+	go-sumtype2
+	click go-sumtype2 href "https://github.com/smartcontractkit/go-sumtype2"
 	grpc-proxy
 	click grpc-proxy href "https://github.com/smartcontractkit/grpc-proxy"
-	libocr
+	libocr --> go-sumtype2
 	click libocr href "https://github.com/smartcontractkit/libocr"
+	smdkg --> libocr
+	smdkg --> tdh2/go/tdh2
+	click smdkg href "https://github.com/smartcontractkit/smdkg"
+	tdh2/go/tdh2
+	click tdh2/go/tdh2 href "https://github.com/smartcontractkit/tdh2"
+	wsrpc
+	click wsrpc href "https://github.com/smartcontractkit/wsrpc"
 
 	subgraph chainlink-common-repo[chainlink-common]
 		 chainlink-common

keystore/corekeys/aptoskey/export.go

@@ -0,0 +1,48 @@
+package aptoskey
+
+import (
+	"encoding/hex"
+
+	"github.com/ethereum/go-ethereum/accounts/keystore"
+
+	commonkeystore "github.com/smartcontractkit/chainlink-common/keystore"
+	"github.com/smartcontractkit/chainlink-common/keystore/internal"
+)
+
+const keyTypeIdentifier = "Aptos"
+
+// FromEncryptedJSON gets key from json and password
+func FromEncryptedJSON(keyJSON []byte, password string) (Key, error) {
+	return internal.FromEncryptedJSON(
+		keyTypeIdentifier,
+		keyJSON,
+		password,
+		adulteratedPassword,
+		func(_ internal.EncryptedKeyExport, rawPrivKey internal.Raw) (Key, error) {
+			return KeyFor(rawPrivKey), nil
+		},
+	)
+}
+
+// ToEncryptedJSON returns encrypted JSON representing key
+func (key Key) ToEncryptedJSON(password string, scryptParams commonkeystore.ScryptParams) (export []byte, err error) {
+	return internal.ToEncryptedJSON(
+		keyTypeIdentifier,
+		key,
+		password,
+		scryptParams.N,
+		scryptParams.P,
+		adulteratedPassword,
+		func(id string, key Key, cryptoJSON keystore.CryptoJSON) internal.EncryptedKeyExport {
+			return internal.EncryptedKeyExport{
+				KeyType:   id,
+				PublicKey: hex.EncodeToString(key.pubKey),
+				Crypto:    cryptoJSON,
+			}
+		},
+	)
+}
+
+func adulteratedPassword(password string) string {
+	return "aptoskey" + password
+}

keystore/corekeys/aptoskey/export_test.go

@@ -0,0 +1,19 @@
+package aptoskey
+
+import (
+	"testing"
+
+	"github.com/smartcontractkit/chainlink-common/keystore/corekeys"
+)
+
+func TestAptosKeys_ExportImport(t *testing.T) {
+	corekeys.RunKeyExportImportTestcase(t, createKey, decryptKey)
+}
+
+func createKey() (corekeys.KeyType, error) {
+	return New()
+}
+
+func decryptKey(keyJSON []byte, password string) (corekeys.KeyType, error) {
+	return FromEncryptedJSON(keyJSON, password)
+}

keystore/corekeys/aptoskey/key.go

@@ -0,0 +1,87 @@
+package aptoskey
+
+import (
+	"crypto"
+	"crypto/ed25519"
+	crypto_rand "crypto/rand"
+	"fmt"
+	"io"
+
+	"golang.org/x/crypto/sha3"
+
+	"github.com/smartcontractkit/chainlink-common/keystore/internal"
+)
+
+// Key represents Aptos key
+type Key struct {
+	// TODO: store initial Account() derivation to support key rotation
+	raw    internal.Raw
+	signFn func(io.Reader, []byte, crypto.SignerOpts) ([]byte, error)
+	pubKey ed25519.PublicKey
+}
+
+func KeyFor(raw internal.Raw) Key {
+	privKey := ed25519.NewKeyFromSeed(internal.Bytes(raw))
+	pubKey := privKey.Public().(ed25519.PublicKey)
+	return Key{
+		raw:    raw,
+		signFn: privKey.Sign,
+		pubKey: pubKey,
+	}
+}
+
+// New creates new Key
+func New() (Key, error) {
+	return newFrom(crypto_rand.Reader)
+}
+
+// MustNewInsecure return Key if no error
+func MustNewInsecure(reader io.Reader) Key {
+	key, err := newFrom(reader)
+	if err != nil {
+		panic(err)
+	}
+	return key
+}
+
+// newFrom creates new Key from a provided random reader
+func newFrom(reader io.Reader) (Key, error) {
+	pub, priv, err := ed25519.GenerateKey(reader)
+	if err != nil {
+		return Key{}, err
+	}
+	return Key{
+		raw:    internal.NewRaw(priv.Seed()),
+		signFn: priv.Sign,
+		pubKey: pub,
+	}, nil
+}
+
+// ID gets Key ID
+func (key Key) ID() string {
+	return key.PublicKeyStr()
+}
+
+// https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-40.md#long
+func (key Key) Account() string {
+	authKey := sha3.Sum256(append([]byte(key.pubKey), 0x00))
+	return fmt.Sprintf("%064x", authKey)
+}
+
+// GetPublic get Key's public key
+func (key Key) GetPublic() ed25519.PublicKey {
+	return key.pubKey
+}
+
+// PublicKeyStr returns hex encoded public key
+func (key Key) PublicKeyStr() string {
+	return fmt.Sprintf("%064x", key.pubKey)
+}
+
+// Raw returns the seed from private key
+func (key Key) Raw() internal.Raw { return key.raw }
+
+// Sign is used to sign a message
+func (key Key) Sign(msg []byte) ([]byte, error) {
+	return key.signFn(crypto_rand.Reader, msg, crypto.Hash(0)) // no specific hash function used
+}

keystore/corekeys/aptoskey/key_test.go

@@ -0,0 +1,19 @@
+package aptoskey
+
+import (
+	"encoding/hex"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+
+	"github.com/smartcontractkit/chainlink-common/keystore/internal"
+)
+
+func TestAptosKey(t *testing.T) {
+	bytes, err := hex.DecodeString("f0d07ab448018b2754475f9a3b580218b0675a1456aad96ad607c7bbd7d9237b")
+	require.NoError(t, err)
+	k := KeyFor(internal.NewRaw(bytes))
+	assert.Equal(t, "2acd605efc181e2af8a0b8c0686a5e12578efa1253d15a235fa5e5ad970c4b29", k.PublicKeyStr())
+	assert.Equal(t, "69d8b07f5945185873c622ea66873b0e1fb921de7b94d904d3ef9be80770682e", k.Account())
+}

keystore/corekeys/cosmoskey/export.go

@@ -0,0 +1,48 @@
+package cosmoskey
+
+import (
+	"encoding/hex"
+
+	"github.com/ethereum/go-ethereum/accounts/keystore"
+
+	commonkeystore "github.com/smartcontractkit/chainlink-common/keystore"
+	"github.com/smartcontractkit/chainlink-common/keystore/internal"
+)
+
+const keyTypeIdentifier = "Cosmos"
+
+// FromEncryptedJSON gets key from json and password
+func FromEncryptedJSON(keyJSON []byte, password string) (Key, error) {
+	return internal.FromEncryptedJSON(
+		keyTypeIdentifier,
+		keyJSON,
+		password,
+		adulteratedPassword,
+		func(_ internal.EncryptedKeyExport, rawPrivKey internal.Raw) (Key, error) {
+			return KeyFor(rawPrivKey), nil
+		},
+	)
+}
+
+// ToEncryptedJSON returns encrypted JSON representing key
+func (key Key) ToEncryptedJSON(password string, scryptParams commonkeystore.ScryptParams) (export []byte, err error) {
+	return internal.ToEncryptedJSON(
+		keyTypeIdentifier,
+		key,
+		password,
+		scryptParams.N,
+		scryptParams.P,
+		adulteratedPassword,
+		func(id string, key Key, cryptoJSON keystore.CryptoJSON) internal.EncryptedKeyExport {
+			return internal.EncryptedKeyExport{
+				KeyType:   id,
+				PublicKey: hex.EncodeToString(key.PublicKey().Bytes()),
+				Crypto:    cryptoJSON,
+			}
+		},
+	)
+}
+
+func adulteratedPassword(password string) string {
+	return "cosmoskey" + password
+}

keystore/corekeys/cosmoskey/export_test.go

@@ -0,0 +1,19 @@
+package cosmoskey
+
+import (
+	"testing"
+
+	"github.com/smartcontractkit/chainlink-common/keystore/corekeys"
+)
+
+func TestCosmosKeys_ExportImport(t *testing.T) {
+	corekeys.RunKeyExportImportTestcase(t, createKey, decryptKey)
+}
+
+func createKey() (corekeys.KeyType, error) {
+	return New(), nil
+}
+
+func decryptKey(keyJSON []byte, password string) (corekeys.KeyType, error) {
+	return FromEncryptedJSON(keyJSON, password)
+}

keystore/corekeys/cosmoskey/key.go

@@ -0,0 +1,78 @@
+package cosmoskey
+
+import (
+	"crypto/ecdsa"
+	cryptorand "crypto/rand"
+	"fmt"
+	"io"
+	"math/big"
+
+	"github.com/cosmos/cosmos-sdk/crypto/hd"
+	"github.com/cosmos/cosmos-sdk/crypto/keyring"
+	"github.com/ethereum/go-ethereum/crypto"
+
+	cryptotypes "github.com/cosmos/cosmos-sdk/crypto/types"
+
+	"github.com/smartcontractkit/chainlink-common/keystore/internal"
+)
+
+var secpSigningAlgo, _ = keyring.NewSigningAlgoFromString(string(hd.Secp256k1Type), []keyring.SignatureAlgo{hd.Secp256k1})
+
+func KeyFor(raw internal.Raw) Key {
+	d := big.NewInt(0).SetBytes(internal.Bytes(raw))
+	privKey := secpSigningAlgo.Generate()(d.Bytes())
+	return Key{
+		raw:    raw,
+		signFn: privKey.Sign,
+		pubKey: privKey.PubKey(),
+	}
+}
+
+// Key represents Cosmos key
+type Key struct {
+	raw    internal.Raw
+	signFn func([]byte) ([]byte, error)
+	pubKey cryptotypes.PubKey
+}
+
+// New creates new Key
+func New() Key {
+	return newFrom(cryptorand.Reader)
+}
+
+// MustNewInsecure return Key
+func MustNewInsecure(reader io.Reader) Key {
+	return newFrom(reader)
+}
+
+func newFrom(reader io.Reader) Key {
+	rawKey, err := ecdsa.GenerateKey(crypto.S256(), reader)
+	if err != nil {
+		panic(err)
+	}
+	privKey := secpSigningAlgo.Generate()(rawKey.D.Bytes())
+
+	return Key{
+		raw:    internal.NewRaw(rawKey.D.Bytes()),
+		signFn: privKey.Sign,
+		pubKey: privKey.PubKey(),
+	}
+}
+
+func (key Key) ID() string {
+	return key.PublicKeyStr()
+}
+
+func (key Key) PublicKey() (pubKey cryptotypes.PubKey) {
+	return key.pubKey
+}
+
+func (key Key) PublicKeyStr() string {
+	return fmt.Sprintf("%X", key.pubKey.Bytes())
+}
+
+func (key Key) Raw() internal.Raw { return key.raw }
+
+func (key Key) Sign(data []byte) ([]byte, error) {
+	return key.signFn(data)
+}