smartcontractkit
diff --git a/‎keystore/README.md‎
Lines changed: 2 additions & 2 deletions b/‎keystore/README.md‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎keystore/admin.go‎
Lines changed: 34 additions & 40 deletions b/‎keystore/admin.go‎
Lines changed: 34 additions & 40 deletions
diff --git a/‎keystore/admin_reader_test.go‎
Lines changed: 12 additions & 7 deletions b/‎keystore/admin_reader_test.go‎
Lines changed: 12 additions & 7 deletions
diff --git a/‎keystore/encryptor.go‎
Lines changed: 11 additions & 0 deletions b/‎keystore/encryptor.go‎
Lines changed: 11 additions & 0 deletions
@@ -4,8 +4,8 @@ Design principles:
 to wrap via a network layer if needed.
 - Storage abstract. Keystore interfaces can be implemented with memory, file, database, etc. for storage to be useable in a variety of 
 contexts. Use write through caching to maintain synchronization between in memory keys and stored keys.
-- Only the Admin interface mutates the keystore, all other interfaces
-are read only. 
+- Only the Admin interface mutates the keystore, all other interfaces are read only. Admin interface
+is plural/batched to support atomic batched mutations.
 - Client side key naming. Keystore itself doesn't impose certain key algorithims/curves be used for specific contexts, it just supports a the minimum viable set of algorithms/curves for chainlink wide use cases. Clients define a name for each key which represents
 the context in which they wish to use it. 
 - Common serialization/encryption for all storage types. Protobuf serialization (compact, versioned) for key material and then key material encrypted before persistence with a passphase.
 
@@ -20,56 +20,37 @@ import (
 type CreateKeysRequest struct {
 	Keys []CreateKeyRequest
 }
-
 type CreateKeyRequest struct {
-	Name    string
+	KeyName string
 	KeyType KeyType
 }
-
 type CreateKeysResponse struct {
 	Keys []CreateKeyResponse
 }
-
 type CreateKeyResponse struct {
 	KeyInfo KeyInfo
 }
-
 type DeleteKeysRequest struct {
-	Names []string
+	KeyNames []string
 }
 
 type DeleteKeysResponse struct{}
-
 type ImportKeysRequest struct {
 	Keys []ImportKeyRequest
 }
-
 type ImportKeyRequest struct {
-	Name    string
+	KeyName string
 	KeyType KeyType
 	Data    []byte
 }
 
-type ImportKeysResponse struct {
-	Keys []ImportKeyResponse
-}
-
-type ImportKeyResponse struct {
-	PublicKey []byte
-}
-
+type ImportKeysResponse struct{}
 type ExportKeysRequest struct {
-	Names []string
+	KeyNames []string
 }
-
 type ExportKeysResponse struct {
 	Keys []ExportKeyResponse
 }
-
-type ExportKeyRequest struct {
-	Name string
-}
-
 type ExportKeyResponse struct {
 	KeyInfo KeyInfo
 	Data    []byte
@@ -78,14 +59,12 @@ type ExportKeyResponse struct {
 type SetMetadataRequest struct {
 	Updates []SetMetadataUpdate
 }
-
 type SetMetadataUpdate struct {
 	KeyName  string
 	Metadata []byte
 }
 
 type SetMetadataResponse struct{}
-
 type Admin interface {
 	CreateKeys(ctx context.Context, req CreateKeysRequest) (CreateKeysResponse, error)
 	DeleteKeys(ctx context.Context, req DeleteKeysRequest) (DeleteKeysResponse, error)
@@ -110,32 +89,47 @@ func (ks *keystore) CreateKeys(ctx context.Context, req CreateKeysRequest) (Crea
 			if err != nil {
 				return CreateKeysResponse{}, fmt.Errorf("failed to generate Ed25519 key: %w", err)
 			}
-			ksCopy[keyReq.Name] = key{
+			publicKey, err := publicKeyFromPrivateKey(internal.NewRaw(privateKey), keyReq.KeyType)
+			if err != nil {
+				return CreateKeysResponse{}, fmt.Errorf("failed to get public key from private key: %w", err)
+			}
+			ksCopy[keyReq.KeyName] = key{
 				keyType:    keyReq.KeyType,
 				privateKey: internal.NewRaw(privateKey),
+				publicKey:  publicKey,
 				createdAt:  time.Now(),
 				metadata:   []byte{},
 			}
 		case EcdsaSecp256k1:
-			privateKeyECDSA, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader)
+			privateKey, err := ecdsa.GenerateKey(crypto.S256(), rand.Reader)
 			if err != nil {
 				return CreateKeysResponse{}, fmt.Errorf("failed to generate EcdsaSecp256k1 key: %w", err)
 			}
-			ksCopy[keyReq.Name] = key{
+			publicKey, err := publicKeyFromPrivateKey(internal.NewRaw(privateKey.D.Bytes()), keyReq.KeyType)
+			if err != nil {
+				return CreateKeysResponse{}, fmt.Errorf("failed to get public key from private key: %w", err)
+			}
+			ksCopy[keyReq.KeyName] = key{
 				keyType:    keyReq.KeyType,
-				privateKey: internal.NewRaw(privateKeyECDSA.D.Bytes()),
+				privateKey: internal.NewRaw(privateKey.D.Bytes()),
+				publicKey:  publicKey,
 				createdAt:  time.Now(),
 				metadata:   []byte{},
 			}
 		case X25519:
-			encryptionKey := [curve25519.ScalarSize]byte{}
-			_, err := rand.Read(encryptionKey[:])
+			privateKey := [curve25519.ScalarSize]byte{}
+			_, err := rand.Read(privateKey[:])
 			if err != nil {
 				return CreateKeysResponse{}, fmt.Errorf("failed to generate Curve25519 key: %w", err)
 			}
-			ksCopy[keyReq.Name] = key{
+			publicKey, err := publicKeyFromPrivateKey(internal.NewRaw(privateKey[:]), keyReq.KeyType)
+			if err != nil {
+				return CreateKeysResponse{}, fmt.Errorf("failed to get public key from private key: %w", err)
+			}
+			ksCopy[keyReq.KeyName] = key{
 				keyType:    keyReq.KeyType,
-				privateKey: internal.NewRaw(encryptionKey[:]),
+				privateKey: internal.NewRaw(privateKey[:]),
+				publicKey:  publicKey,
 				createdAt:  time.Now(),
 				metadata:   []byte{},
 			}
@@ -145,10 +139,10 @@ func (ks *keystore) CreateKeys(ctx context.Context, req CreateKeysRequest) (Crea
 
 		responses = append(responses, CreateKeyResponse{
 			KeyInfo: KeyInfo{
-				Name:      keyReq.Name,
+				Name:      keyReq.KeyName,
 				KeyType:   keyReq.KeyType,
-				PublicKey: ksCopy[keyReq.Name].publicKey(),
-				Metadata:  ksCopy[keyReq.Name].metadata,
+				PublicKey: ksCopy[keyReq.KeyName].publicKey,
+				Metadata:  ksCopy[keyReq.KeyName].metadata,
 			},
 		})
 	}
@@ -167,7 +161,7 @@ func (k *keystore) DeleteKeys(ctx context.Context, req DeleteKeysRequest) (Delet
 	defer k.mu.Unlock()
 
 	ksCopy := maps.Clone(k.keystore)
-	for _, name := range req.Names {
+	for _, name := range req.KeyNames {
 		delete(ksCopy, name)
 	}
 	if err := save(k.storage, k.password, ksCopy); err != nil {
@@ -184,7 +178,7 @@ func (k *keystore) ImportKeys(ctx context.Context, req ImportKeysRequest) (Impor
 func (k *keystore) ExportKeys(ctx context.Context, req ExportKeysRequest) (ExportKeysResponse, error) {
 	var responses []ExportKeyResponse
 
-	for _, name := range req.Names {
+	for _, name := range req.KeyNames {
 		key, ok := k.keystore[name]
 		if !ok {
 			return ExportKeysResponse{}, fmt.Errorf("key not found: %s", name)
@@ -201,7 +195,7 @@ func (k *keystore) ExportKeys(ctx context.Context, req ExportKeysRequest) (Expor
 			KeyInfo: KeyInfo{
 				Name:      name,
 				KeyType:   key.keyType,
-				PublicKey: key.publicKey(),
+				PublicKey: key.publicKey,
 				Metadata:  key.metadata,
 			},
 			Data: exportedKeyData,
 
@@ -14,12 +14,17 @@ func TestKeystore_AdminReader(t *testing.T) {
 	ks, err := keystore.NewKeystore(storage, "test-password")
 	require.NoError(t, err)
 	ctx := context.Background()
+	var (
+		testKeyEd25519        = "test-ed25519"
+		testKeyEcdsaSecp256k1 = "test-ecdsa-secp256k1"
+		testKeyX25519         = "test-x25519"
+	)
 
 	req := keystore.CreateKeysRequest{
 		Keys: []keystore.CreateKeyRequest{
-			{Name: "test-ed25519", KeyType: keystore.Ed25519},
-			{Name: "test-secp256k1", KeyType: keystore.EcdsaSecp256k1},
-			{Name: "test-x25519", KeyType: keystore.X25519},
+			{KeyName: testKeyEd25519, KeyType: keystore.Ed25519},
+			{KeyName: testKeyEcdsaSecp256k1, KeyType: keystore.EcdsaSecp256k1},
+			{KeyName: testKeyX25519, KeyType: keystore.X25519},
 		},
 	}
 
@@ -30,12 +35,12 @@ func TestKeystore_AdminReader(t *testing.T) {
 	expectedTypes := []keystore.KeyType{keystore.Ed25519, keystore.EcdsaSecp256k1, keystore.X25519}
 	for i, key := range resp.Keys {
 		require.Equal(t, expectedTypes[i], key.KeyInfo.KeyType)
-		require.Equal(t, req.Keys[i].Name, key.KeyInfo.Name)
+		require.Equal(t, req.Keys[i].KeyName, key.KeyInfo.Name)
 		require.NotEmpty(t, key.KeyInfo.PublicKey, "Expected non-empty public key for %s", key.KeyInfo.Name)
 	}
 
 	getReq := keystore.GetKeysRequest{
-		Names: []string{"test-ed25519", "test-secp256k1"},
+		KeyNames: []string{testKeyEd25519, testKeyEcdsaSecp256k1},
 	}
 
 	getResp, err := ks.GetKeys(ctx, getReq)
@@ -48,13 +53,13 @@ func TestKeystore_AdminReader(t *testing.T) {
 	require.Len(t, allKeysResp.Keys, 3)
 
 	deleteReq := keystore.DeleteKeysRequest{
-		Names: []string{"test-x25519"},
+		KeyNames: []string{testKeyX25519},
 	}
 
 	_, err = ks.DeleteKeys(ctx, deleteReq)
 	require.NoError(t, err)
 
-	deleteVerifyReq := keystore.GetKeysRequest{Names: []string{"test-x25519"}}
+	deleteVerifyReq := keystore.GetKeysRequest{KeyNames: []string{testKeyX25519}}
 	_, err = ks.GetKeys(ctx, deleteVerifyReq)
 	require.Error(t, err)
 
 
@@ -43,3 +43,14 @@ type Encryptor interface {
 }
 
 // TODO: Encryptor implementation.
+func (k *keystore) Encrypt(ctx context.Context, req EncryptRequest) (EncryptResponse, error) {
+	return EncryptResponse{}, nil
+}
+
+func (k *keystore) Decrypt(ctx context.Context, req DecryptRequest) (DecryptResponse, error) {
+	return DecryptResponse{}, nil
+}
+
+func (k *keystore) DeriveSharedSecret(ctx context.Context, req DeriveSharedSecretRequest) (DeriveSharedSecretResponse, error) {
+	return DeriveSharedSecretResponse{}, nil
+}