SecretStore: generating and retrieving decryption keys via service contract

parity/cli/mod.rs

@@ -565,7 +565,23 @@ usage! {
 
 			ARG arg_secretstore_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract.clone(),
 			"--secretstore-contract=[SOURCE]",
-			"Secret Store Service contract address source: none, registry (contract address is read from registry) or address.",
+			"Secret Store Service contract address source: none, registry (contract address is read from secretstore_service entry in registry) or address.",
+
+			ARG arg_secretstore_srv_gen_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_gen.clone(),
+			"--secretstore-srv-gen-contract=[SOURCE]",
+			"Secret Store Service server key generation contract address source: none, registry (contract address is read from secretstore_service_srv_gen entry in registry) or address.",
+
+			ARG arg_secretstore_srv_retr_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_srv_retr.clone(),
+			"--secretstore-srv-retr-contract=[SOURCE]",
+			"Secret Store Service server key retrieval contract address source: none, registry (contract address is read from secretstore_service_srv_retr entry in registry) or address.",
+
+			ARG arg_secretstore_doc_store_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_store.clone(),
+			"--secretstore-doc-store-contract=[SOURCE]",
+			"Secret Store Service document key store contract address source: none, registry (contract address is read from secretstore_service_doc_store entry in registry) or address.",
+
+			ARG arg_secretstore_doc_sretr_contract: (String) = "none", or |c: &Config| c.secretstore.as_ref()?.service_contract_doc_sretr.clone(),
+			"--secretstore-doc-sretr-contract=[SOURCE]",
+			"Secret Store Service document key shadow retrieval contract address source: none, registry (contract address is read from secretstore_service_doc_sretr entry in registry) or address.",
 
 			ARG arg_secretstore_nodes: (String) = "", or |c: &Config| c.secretstore.as_ref()?.nodes.as_ref().map(|vec| vec.join(",")),
 			"--secretstore-nodes=[NODES]",
@@ -1123,6 +1139,10 @@ struct SecretStore {
 	disable_acl_check: Option<bool>,
 	disable_auto_migrate: Option<bool>,
 	service_contract: Option<String>,
+	service_contract_srv_gen: Option<String>,
+	service_contract_srv_retr: Option<String>,
+	service_contract_doc_store: Option<String>,
+	service_contract_doc_sretr: Option<String>,
 	self_secret: Option<String>,
 	admin_public: Option<String>,
 	nodes: Option<Vec<String>>,
@@ -1542,6 +1562,10 @@ mod tests {
 			flag_no_secretstore_acl_check: false,
 			flag_no_secretstore_auto_migrate: false,
 			arg_secretstore_contract: "none".into(),
+			arg_secretstore_srv_gen_contract: "none".into(),
+			arg_secretstore_srv_retr_contract: "none".into(),
+			arg_secretstore_doc_store_contract: "none".into(),
+			arg_secretstore_doc_sretr_contract: "none".into(),
 			arg_secretstore_secret: None,
 			arg_secretstore_admin_public: None,
 			arg_secretstore_nodes: "".into(),
@@ -1798,6 +1822,10 @@ mod tests {
 				disable_acl_check: None,
 				disable_auto_migrate: None,
 				service_contract: None,
+				service_contract_srv_gen: None,
+				service_contract_srv_retr: None,
+				service_contract_doc_store: None,
+				service_contract_doc_sretr: None,
 				self_secret: None,
 				admin_public: None,
 				nodes: None,

parity/cli/tests/config.full.toml

@@ -81,6 +81,10 @@ disable = false
 disable_http = false
 disable_acl_check = false
 service_contract = "none"
+service_contract_srv_gen = "none"
+service_contract_srv_retr = "none"
+service_contract_doc_store = "none"
+service_contract_doc_sretr = "none"
 nodes = []
 http_interface = "local"
 http_port = 8082

parity/configuration.rs

@@ -629,6 +629,10 @@ impl Configuration {
 			acl_check_enabled: self.secretstore_acl_check_enabled(),
 			auto_migrate_enabled: self.secretstore_auto_migrate_enabled(),
 			service_contract_address: self.secretstore_service_contract_address()?,
+			service_contract_srv_gen_address: self.secretstore_service_contract_srv_gen_address()?,
+			service_contract_srv_retr_address: self.secretstore_service_contract_srv_retr_address()?,
+			service_contract_doc_store_address: self.secretstore_service_contract_doc_store_address()?,
+			service_contract_doc_sretr_address: self.secretstore_service_contract_doc_sretr_address()?,
 			self_secret: self.secretstore_self_secret()?,
 			nodes: self.secretstore_nodes()?,
 			interface: self.secretstore_interface(),
@@ -1119,11 +1123,23 @@ impl Configuration {
 	}
 
 	fn secretstore_service_contract_address(&self) -> Result<Option<SecretStoreContractAddress>, String> {
-		Ok(match self.args.arg_secretstore_contract.as_ref() {
-			"none" => None,
-			"registry" => Some(SecretStoreContractAddress::Registry),
-			a => Some(SecretStoreContractAddress::Address(a.parse().map_err(|e| format!("{}", e))?)),
-		})
+		into_secretstore_service_contract_address(self.args.arg_secretstore_contract.as_ref())
+	}
+
+	fn secretstore_service_contract_srv_gen_address(&self) -> Result<Option<SecretStoreContractAddress>, String> {
+		into_secretstore_service_contract_address(self.args.arg_secretstore_srv_gen_contract.as_ref())
+	}
+
+	fn secretstore_service_contract_srv_retr_address(&self) -> Result<Option<SecretStoreContractAddress>, String> {
+		into_secretstore_service_contract_address(self.args.arg_secretstore_srv_retr_contract.as_ref())
+	}
+
+	fn secretstore_service_contract_doc_store_address(&self) -> Result<Option<SecretStoreContractAddress>, String> {
+		into_secretstore_service_contract_address(self.args.arg_secretstore_doc_store_contract.as_ref())
+	}
+
+	fn secretstore_service_contract_doc_sretr_address(&self) -> Result<Option<SecretStoreContractAddress>, String> {
+		into_secretstore_service_contract_address(self.args.arg_secretstore_doc_sretr_contract.as_ref())
 	}
 
 	fn ui_enabled(&self) -> bool {
@@ -1156,6 +1172,14 @@ impl Configuration {
 	}
 }
 
+fn into_secretstore_service_contract_address(s: &str) -> Result<Option<SecretStoreContractAddress>, String> {
+	match s {
+		"none" => Ok(None),
+		"registry" => Ok(Some(SecretStoreContractAddress::Registry)),
+		a => Ok(Some(SecretStoreContractAddress::Address(a.parse().map_err(|e| format!("{}", e))?))),
+	}
+}
+
 #[cfg(test)]
 mod tests {
 	use std::io::Write;

parity/secretstore.rs

@@ -55,6 +55,14 @@ pub struct Configuration {
 	pub auto_migrate_enabled: bool,
 	/// Service contract address.
 	pub service_contract_address: Option<ContractAddress>,
+	/// Server key generation service contract address.
+	pub service_contract_srv_gen_address: Option<ContractAddress>,
+	/// Server key retrieval service contract address.
+	pub service_contract_srv_retr_address: Option<ContractAddress>,
+	/// Document key store service contract address.
+	pub service_contract_doc_store_address: Option<ContractAddress>,
+	/// Document key shadow retrieval service contract address.
+	pub service_contract_doc_sretr_address: Option<ContractAddress>,
 	/// This node secret.
 	pub self_secret: Option<NodeSecretKey>,
 	/// Other nodes IDs + addresses.
@@ -108,6 +116,13 @@ mod server {
 	use ansi_term::Colour::Red;
 	use super::{Configuration, Dependencies, NodeSecretKey, ContractAddress};
 
+	fn into_service_contract_address(address: ContractAddress) -> ethcore_secretstore::ContractAddress {
+		match address {
+			ContractAddress::Registry => ethcore_secretstore::ContractAddress::Registry,
+			ContractAddress::Address(address) => ethcore_secretstore::ContractAddress::Address(address),
+		}
+	}
+
 	/// Key server
 	pub struct KeyServer {
 		_key_server: Box<ethcore_secretstore::KeyServer>,
@@ -150,10 +165,11 @@ mod server {
 					address: conf.http_interface.clone(),
 					port: conf.http_port,
 				}) } else { None },
-				service_contract_address: conf.service_contract_address.map(|c| match c {
-					ContractAddress::Registry => ethcore_secretstore::ContractAddress::Registry,
-					ContractAddress::Address(address) => ethcore_secretstore::ContractAddress::Address(address),
-				}),
+				service_contract_address: conf.service_contract_address.map(into_service_contract_address),
+				service_contract_srv_gen_address: conf.service_contract_srv_gen_address.map(into_service_contract_address),
+				service_contract_srv_retr_address: conf.service_contract_srv_retr_address.map(into_service_contract_address),
+				service_contract_doc_store_address: conf.service_contract_doc_store_address.map(into_service_contract_address),
+				service_contract_doc_sretr_address: conf.service_contract_doc_sretr_address.map(into_service_contract_address),
 				data_path: conf.data_path.clone(),
 				acl_check_enabled: conf.acl_check_enabled,
 				cluster_config: ethcore_secretstore::ClusterConfiguration {
@@ -195,6 +211,10 @@ impl Default for Configuration {
 			acl_check_enabled: true,
 			auto_migrate_enabled: true,
 			service_contract_address: None,
+			service_contract_srv_gen_address: None,
+			service_contract_srv_retr_address: None,
+			service_contract_doc_store_address: None,
+			service_contract_doc_sretr_address: None,
 			self_secret: None,
 			admin_public: None,
 			nodes: BTreeMap::new(),

secret_store/res/key_server_set.json

@@ -1 +1,24 @@
-[{"constant":true,"inputs":[],"name":"getMigrationMaster","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getMigrationKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"id","type":"bytes32"}],"name":"startMigration","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getMigrationKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getMigrationId","outputs":[{"name":"","type":"bytes32"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getNewKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":false,"inputs":[{"name":"id","type":"bytes32"}],"name":"confirmMigration","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},{"constant":true,"inputs":[],"name":"getMigrationKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"isMigrationConfirmed","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[],"name":"getCurrentKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getCurrentKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getNewKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getCurrentKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getNewKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerAdded","type":"event"},{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerRemoved","type":"event"},{"anonymous":false,"inputs":[],"name":"MigrationStarted","type":"event"},{"anonymous":false,"inputs":[],"name":"MigrationCompleted","type":"event"}]
+[
+	{"constant":true,"inputs":[],"name":"getMigrationMaster","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getMigrationKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":false,"inputs":[{"name":"id","type":"bytes32"}],"name":"startMigration","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getCurrentKeyServerIndex","outputs":[{"name":"","type":"uint8"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getMigrationKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[],"name":"getMigrationId","outputs":[{"name":"","type":"bytes32"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[],"name":"getNewKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":false,"inputs":[{"name":"id","type":"bytes32"}],"name":"confirmMigration","outputs":[],"payable":false,"stateMutability":"nonpayable","type":"function"},
+	{"constant":true,"inputs":[],"name":"getMigrationKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"isMigrationConfirmed","outputs":[{"name":"","type":"bool"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[],"name":"getCurrentKeyServersCount","outputs":[{"name":"","type":"uint8"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[],"name":"getCurrentKeyServers","outputs":[{"name":"","type":"address[]"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[],"name":"getCurrentLastChange","outputs":[{"name":"","type":"uint256"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getCurrentKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getNewKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getCurrentKeyServerAddress","outputs":[{"name":"","type":"string"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"keyServer","type":"address"}],"name":"getNewKeyServerPublic","outputs":[{"name":"","type":"bytes"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"constant":true,"inputs":[{"name":"index","type":"uint8"}],"name":"getCurrentKeyServer","outputs":[{"name":"","type":"address"}],"payable":false,"stateMutability":"view","type":"function"},
+	{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerAdded","type":"event"},
+	{"anonymous":false,"inputs":[{"indexed":false,"name":"keyServer","type":"address"}],"name":"KeyServerRemoved","type":"event"},
+	{"anonymous":false,"inputs":[],"name":"MigrationStarted","type":"event"},
+	{"anonymous":false,"inputs":[],"name":"MigrationCompleted","type":"event"}
+]