github.com/alexdevranger/node-1.8.27@v0.0.0-20221128213301-aa5841e41d2d/accounts/keystore/passphrase.go (about)

     1  // Copyright 2014 The go-ethereum Authors
     2  // This file is part of the go-dubxcoin library.
     3  //
     4  // The go-dubxcoin library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-dubxcoin library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-dubxcoin library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  /*
    18  
    19  This key store behaves as KeyStorePlain with the difference that
    20  the private key is encrypted and on disk uses another JSON encoding.
    21  
    22  The crypto is documented at https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition
    23  
    24  */
    25  
    26  package keystore
    27  
    28  import (
    29  	"bytes"
    30  	"crypto/aes"
    31  	"crypto/rand"
    32  	"crypto/sha256"
    33  	"encoding/hex"
    34  	"encoding/json"
    35  	"fmt"
    36  	"io"
    37  	"io/ioutil"
    38  	"os"
    39  	"path/filepath"
    40  
    41  	"github.com/alexdevranger/node-1.8.27/common"
    42  	"github.com/alexdevranger/node-1.8.27/common/math"
    43  	"github.com/alexdevranger/node-1.8.27/crypto"
    44  	"github.com/pborman/uuid"
    45  	"golang.org/x/crypto/pbkdf2"
    46  	"golang.org/x/crypto/scrypt"
    47  )
    48  
    49  const (
    50  	keyHeaderKDF = "scrypt"
    51  
    52  	// StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB
    53  	// memory and taking approximately 1s CPU time on a modern processor.
    54  	StandardScryptN = 1 << 18
    55  
    56  	// StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB
    57  	// memory and taking approximately 1s CPU time on a modern processor.
    58  	StandardScryptP = 1
    59  
    60  	// LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB
    61  	// memory and taking approximately 100ms CPU time on a modern processor.
    62  	LightScryptN = 1 << 12
    63  
    64  	// LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB
    65  	// memory and taking approximately 100ms CPU time on a modern processor.
    66  	LightScryptP = 6
    67  
    68  	scryptR     = 8
    69  	scryptDKLen = 32
    70  )
    71  
    72  type keyStorePassphrase struct {
    73  	keysDirPath string
    74  	scryptN     int
    75  	scryptP     int
    76  	// skipKeyFileVerification disables the security-feature which does
    77  	// reads and decrypts any newly created keyfiles. This should be 'false' in all
    78  	// cases except tests -- setting this to 'true' is not recommended.
    79  	skipKeyFileVerification bool
    80  }
    81  
    82  func (ks keyStorePassphrase) GetKey(addr common.Address, filename, auth string) (*Key, error) {
    83  	// Load the key from the keystore and decrypt its contents
    84  	keyjson, err := ioutil.ReadFile(filename)
    85  	if err != nil {
    86  		return nil, err
    87  	}
    88  	key, err := DecryptKey(keyjson, auth)
    89  	if err != nil {
    90  		return nil, err
    91  	}
    92  	// Make sure we're really operating on the requested key (no swap attacks)
    93  	if key.Address != addr {
    94  		return nil, fmt.Errorf("key content mismatch: have account %x, want %x", key.Address, addr)
    95  	}
    96  	return key, nil
    97  }
    98  
    99  // StoreKey generates a key, encrypts with 'auth' and stores in the given directory
   100  func StoreKey(dir, auth string, scryptN, scryptP int) (common.Address, error) {
   101  	_, a, err := storeNewKey(&keyStorePassphrase{dir, scryptN, scryptP, false}, rand.Reader, auth)
   102  	return a.Address, err
   103  }
   104  
   105  func (ks keyStorePassphrase) StoreKey(filename string, key *Key, auth string) error {
   106  	keyjson, err := EncryptKey(key, auth, ks.scryptN, ks.scryptP)
   107  	if err != nil {
   108  		return err
   109  	}
   110  	// Write into temporary file
   111  	tmpName, err := writeTemporaryKeyFile(filename, keyjson)
   112  	if err != nil {
   113  		return err
   114  	}
   115  	if !ks.skipKeyFileVerification {
   116  		// Verify that we can decrypt the file with the given password.
   117  		_, err = ks.GetKey(key.Address, tmpName, auth)
   118  		if err != nil {
   119  			msg := "An error was encountered when saving and verifying the keystore file. \n" +
   120  				"This indicates that the keystore is corrupted. \n" +
   121  				"The corrupted file is stored at \n%v\n" +
   122  				"Please file a ticket at:\n\n" +
   123  				"https://github.com/alexdevranger/node-1.8.27/issues." +
   124  				"The error was : %s"
   125  			return fmt.Errorf(msg, tmpName, err)
   126  		}
   127  	}
   128  	return os.Rename(tmpName, filename)
   129  }
   130  
   131  func (ks keyStorePassphrase) JoinPath(filename string) string {
   132  	if filepath.IsAbs(filename) {
   133  		return filename
   134  	}
   135  	return filepath.Join(ks.keysDirPath, filename)
   136  }
   137  
   138  // Encryptdata encrypts the data given as 'data' with the password 'auth'.
   139  func EncryptDataV3(data, auth []byte, scryptN, scryptP int) (CryptoJSON, error) {
   140  
   141  	salt := make([]byte, 32)
   142  	if _, err := io.ReadFull(rand.Reader, salt); err != nil {
   143  		panic("reading from crypto/rand failed: " + err.Error())
   144  	}
   145  	derivedKey, err := scrypt.Key(auth, salt, scryptN, scryptR, scryptP, scryptDKLen)
   146  	if err != nil {
   147  		return CryptoJSON{}, err
   148  	}
   149  	encryptKey := derivedKey[:16]
   150  
   151  	iv := make([]byte, aes.BlockSize) // 16
   152  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   153  		panic("reading from crypto/rand failed: " + err.Error())
   154  	}
   155  	cipherText, err := aesCTRXOR(encryptKey, data, iv)
   156  	if err != nil {
   157  		return CryptoJSON{}, err
   158  	}
   159  	mac := crypto.Keccak256(derivedKey[16:32], cipherText)
   160  
   161  	scryptParamsJSON := make(map[string]interface{}, 5)
   162  	scryptParamsJSON["n"] = scryptN
   163  	scryptParamsJSON["r"] = scryptR
   164  	scryptParamsJSON["p"] = scryptP
   165  	scryptParamsJSON["dklen"] = scryptDKLen
   166  	scryptParamsJSON["salt"] = hex.EncodeToString(salt)
   167  	cipherParamsJSON := cipherparamsJSON{
   168  		IV: hex.EncodeToString(iv),
   169  	}
   170  
   171  	cryptoStruct := CryptoJSON{
   172  		Cipher:       "aes-128-ctr",
   173  		CipherText:   hex.EncodeToString(cipherText),
   174  		CipherParams: cipherParamsJSON,
   175  		KDF:          keyHeaderKDF,
   176  		KDFParams:    scryptParamsJSON,
   177  		MAC:          hex.EncodeToString(mac),
   178  	}
   179  	return cryptoStruct, nil
   180  }
   181  
   182  // EncryptKey encrypts a key using the specified scrypt parameters into a json
   183  // blob that can be decrypted later on.
   184  func EncryptKey(key *Key, auth string, scryptN, scryptP int) ([]byte, error) {
   185  	keyBytes := math.PaddedBigBytes(key.PrivateKey.D, 32)
   186  	cryptoStruct, err := EncryptDataV3(keyBytes, []byte(auth), scryptN, scryptP)
   187  	if err != nil {
   188  		return nil, err
   189  	}
   190  	encryptedKeyJSONV3 := encryptedKeyJSONV3{
   191  		hex.EncodeToString(key.Address[:]),
   192  		cryptoStruct,
   193  		key.Id.String(),
   194  		version,
   195  	}
   196  	return json.Marshal(encryptedKeyJSONV3)
   197  }
   198  
   199  // DecryptKey decrypts a key from a json blob, returning the private key itself.
   200  func DecryptKey(keyjson []byte, auth string) (*Key, error) {
   201  	// Parse the json into a simple map to fetch the key version
   202  	m := make(map[string]interface{})
   203  	if err := json.Unmarshal(keyjson, &m); err != nil {
   204  		return nil, err
   205  	}
   206  	// Depending on the version try to parse one way or another
   207  	var (
   208  		keyBytes, keyId []byte
   209  		err             error
   210  	)
   211  	if version, ok := m["version"].(string); ok && version == "1" {
   212  		k := new(encryptedKeyJSONV1)
   213  		if err := json.Unmarshal(keyjson, k); err != nil {
   214  			return nil, err
   215  		}
   216  		keyBytes, keyId, err = decryptKeyV1(k, auth)
   217  	} else {
   218  		k := new(encryptedKeyJSONV3)
   219  		if err := json.Unmarshal(keyjson, k); err != nil {
   220  			return nil, err
   221  		}
   222  		keyBytes, keyId, err = decryptKeyV3(k, auth)
   223  	}
   224  	// Handle any decryption errors and return the key
   225  	if err != nil {
   226  		return nil, err
   227  	}
   228  	key := crypto.ToECDSAUnsafe(keyBytes)
   229  
   230  	return &Key{
   231  		Id:         uuid.UUID(keyId),
   232  		Address:    crypto.PubkeyToAddress(key.PublicKey),
   233  		PrivateKey: key,
   234  	}, nil
   235  }
   236  
   237  func DecryptDataV3(cryptoJson CryptoJSON, auth string) ([]byte, error) {
   238  	if cryptoJson.Cipher != "aes-128-ctr" {
   239  		return nil, fmt.Errorf("Cipher not supported: %v", cryptoJson.Cipher)
   240  	}
   241  	mac, err := hex.DecodeString(cryptoJson.MAC)
   242  	if err != nil {
   243  		return nil, err
   244  	}
   245  
   246  	iv, err := hex.DecodeString(cryptoJson.CipherParams.IV)
   247  	if err != nil {
   248  		return nil, err
   249  	}
   250  
   251  	cipherText, err := hex.DecodeString(cryptoJson.CipherText)
   252  	if err != nil {
   253  		return nil, err
   254  	}
   255  
   256  	derivedKey, err := getKDFKey(cryptoJson, auth)
   257  	if err != nil {
   258  		return nil, err
   259  	}
   260  
   261  	calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)
   262  	if !bytes.Equal(calculatedMAC, mac) {
   263  		return nil, ErrDecrypt
   264  	}
   265  
   266  	plainText, err := aesCTRXOR(derivedKey[:16], cipherText, iv)
   267  	if err != nil {
   268  		return nil, err
   269  	}
   270  	return plainText, err
   271  }
   272  
   273  func decryptKeyV3(keyProtected *encryptedKeyJSONV3, auth string) (keyBytes []byte, keyId []byte, err error) {
   274  	if keyProtected.Version != version {
   275  		return nil, nil, fmt.Errorf("Version not supported: %v", keyProtected.Version)
   276  	}
   277  	keyId = uuid.Parse(keyProtected.Id)
   278  	plainText, err := DecryptDataV3(keyProtected.Crypto, auth)
   279  	if err != nil {
   280  		return nil, nil, err
   281  	}
   282  	return plainText, keyId, err
   283  }
   284  
   285  func decryptKeyV1(keyProtected *encryptedKeyJSONV1, auth string) (keyBytes []byte, keyId []byte, err error) {
   286  	keyId = uuid.Parse(keyProtected.Id)
   287  	mac, err := hex.DecodeString(keyProtected.Crypto.MAC)
   288  	if err != nil {
   289  		return nil, nil, err
   290  	}
   291  
   292  	iv, err := hex.DecodeString(keyProtected.Crypto.CipherParams.IV)
   293  	if err != nil {
   294  		return nil, nil, err
   295  	}
   296  
   297  	cipherText, err := hex.DecodeString(keyProtected.Crypto.CipherText)
   298  	if err != nil {
   299  		return nil, nil, err
   300  	}
   301  
   302  	derivedKey, err := getKDFKey(keyProtected.Crypto, auth)
   303  	if err != nil {
   304  		return nil, nil, err
   305  	}
   306  
   307  	calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)
   308  	if !bytes.Equal(calculatedMAC, mac) {
   309  		return nil, nil, ErrDecrypt
   310  	}
   311  
   312  	plainText, err := aesCBCDecrypt(crypto.Keccak256(derivedKey[:16])[:16], cipherText, iv)
   313  	if err != nil {
   314  		return nil, nil, err
   315  	}
   316  	return plainText, keyId, err
   317  }
   318  
   319  func getKDFKey(cryptoJSON CryptoJSON, auth string) ([]byte, error) {
   320  	authArray := []byte(auth)
   321  	salt, err := hex.DecodeString(cryptoJSON.KDFParams["salt"].(string))
   322  	if err != nil {
   323  		return nil, err
   324  	}
   325  	dkLen := ensureInt(cryptoJSON.KDFParams["dklen"])
   326  
   327  	if cryptoJSON.KDF == keyHeaderKDF {
   328  		n := ensureInt(cryptoJSON.KDFParams["n"])
   329  		r := ensureInt(cryptoJSON.KDFParams["r"])
   330  		p := ensureInt(cryptoJSON.KDFParams["p"])
   331  		return scrypt.Key(authArray, salt, n, r, p, dkLen)
   332  
   333  	} else if cryptoJSON.KDF == "pbkdf2" {
   334  		c := ensureInt(cryptoJSON.KDFParams["c"])
   335  		prf := cryptoJSON.KDFParams["prf"].(string)
   336  		if prf != "hmac-sha256" {
   337  			return nil, fmt.Errorf("Unsupported PBKDF2 PRF: %s", prf)
   338  		}
   339  		key := pbkdf2.Key(authArray, salt, c, dkLen, sha256.New)
   340  		return key, nil
   341  	}
   342  
   343  	return nil, fmt.Errorf("Unsupported KDF: %s", cryptoJSON.KDF)
   344  }
   345  
   346  // TODO: can we do without this when unmarshalling dynamic JSON?
   347  // why do integers in KDF params end up as float64 and not int after
   348  // unmarshal?
   349  func ensureInt(x interface{}) int {
   350  	res, ok := x.(int)
   351  	if !ok {
   352  		res = int(x.(float64))
   353  	}
   354  	return res
   355  }