123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 |
- // Copyright 2016 The go-ethereum Authors
- // This file is part of the go-ethereum library.
- //
- // The go-ethereum library is free software: you can redistribute it and/or modify
- // it under the terms of the GNU Lesser General Public License as published by
- // the Free Software Foundation, either version 3 of the License, or
- // (at your option) any later version.
- //
- // The go-ethereum library is distributed in the hope that it will be useful,
- // but WITHOUT ANY WARRANTY; without even the implied warranty of
- // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- // GNU Lesser General Public License for more details.
- //
- // You should have received a copy of the GNU Lesser General Public License
- // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
- package keystore
- import (
- "crypto/aes"
- "crypto/cipher"
- "crypto/sha256"
- "encoding/hex"
- "encoding/json"
- "errors"
- "fmt"
- "github.com/ethereum/go-ethereum/accounts"
- "github.com/ethereum/go-ethereum/crypto"
- "github.com/google/uuid"
- "golang.org/x/crypto/pbkdf2"
- )
- // creates a Key and stores that in the given KeyStore by decrypting a presale key JSON
- func importPreSaleKey(keyStore keyStore, keyJSON []byte, password string) (accounts.Account, *Key, error) {
- key, err := decryptPreSaleKey(keyJSON, password)
- if err != nil {
- return accounts.Account{}, nil, err
- }
- key.Id, err = uuid.NewRandom()
- if err != nil {
- return accounts.Account{}, nil, err
- }
- a := accounts.Account{
- Address: key.Address,
- URL: accounts.URL{
- Scheme: KeyStoreScheme,
- Path: keyStore.JoinPath(keyFileName(key.Address)),
- },
- }
- err = keyStore.StoreKey(a.URL.Path, key, password)
- return a, key, err
- }
- func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) {
- preSaleKeyStruct := struct {
- EncSeed string
- EthAddr string
- Email string
- BtcAddr string
- }{}
- err = json.Unmarshal(fileContent, &preSaleKeyStruct)
- if err != nil {
- return nil, err
- }
- encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed)
- if err != nil {
- return nil, errors.New("invalid hex in encSeed")
- }
- if len(encSeedBytes) < 16 {
- return nil, errors.New("invalid encSeed, too short")
- }
- iv := encSeedBytes[:16]
- cipherText := encSeedBytes[16:]
- /*
- See https://github.com/ethereum/pyethsaletool
- pyethsaletool generates the encryption key from password by
- 2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:().
- 16 byte key length within PBKDF2 and resulting key is used as AES key
- */
- passBytes := []byte(password)
- derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
- plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
- if err != nil {
- return nil, err
- }
- ethPriv := crypto.Keccak256(plainText)
- ecKey := crypto.ToECDSAUnsafe(ethPriv)
- key = &Key{
- Id: uuid.UUID{},
- Address: crypto.PubkeyToAddress(ecKey.PublicKey),
- PrivateKey: ecKey,
- }
- derivedAddr := hex.EncodeToString(key.Address.Bytes()) // needed because .Hex() gives leading "0x"
- expectedAddr := preSaleKeyStruct.EthAddr
- if derivedAddr != expectedAddr {
- err = fmt.Errorf("decrypted addr '%s' not equal to expected addr '%s'", derivedAddr, expectedAddr)
- }
- return key, err
- }
- func aesCTRXOR(key, inText, iv []byte) ([]byte, error) {
- // AES-128 is selected due to size of encryptKey.
- aesBlock, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- stream := cipher.NewCTR(aesBlock, iv)
- outText := make([]byte, len(inText))
- stream.XORKeyStream(outText, inText)
- return outText, err
- }
- func aesCBCDecrypt(key, cipherText, iv []byte) ([]byte, error) {
- aesBlock, err := aes.NewCipher(key)
- if err != nil {
- return nil, err
- }
- decrypter := cipher.NewCBCDecrypter(aesBlock, iv)
- paddedPlaintext := make([]byte, len(cipherText))
- decrypter.CryptBlocks(paddedPlaintext, cipherText)
- plaintext := pkcs7Unpad(paddedPlaintext)
- if plaintext == nil {
- return nil, ErrDecrypt
- }
- return plaintext, err
- }
- // From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes
- func pkcs7Unpad(in []byte) []byte {
- if len(in) == 0 {
- return nil
- }
- padding := in[len(in)-1]
- if int(padding) > len(in) || padding > aes.BlockSize {
- return nil
- } else if padding == 0 {
- return nil
- }
- for i := len(in) - 1; i > len(in)-int(padding)-1; i-- {
- if in[i] != padding {
- return nil
- }
- }
- return in[:len(in)-int(padding)]
- }
|