github.com/flashbots/go-ethereum@v1.9.7/accounts/keystore/presale.go (about) 1 // Copyright 2016 The go-ethereum Authors 2 // This file is part of the go-ethereum library. 3 // 4 // The go-ethereum library is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU Lesser General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // The go-ethereum library is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU Lesser General Public License for more details. 13 // 14 // You should have received a copy of the GNU Lesser General Public License 15 // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. 16 17 package keystore 18 19 import ( 20 "crypto/aes" 21 "crypto/cipher" 22 "crypto/sha256" 23 "encoding/hex" 24 "encoding/json" 25 "errors" 26 "fmt" 27 28 "github.com/ethereum/go-ethereum/accounts" 29 "github.com/ethereum/go-ethereum/crypto" 30 "github.com/pborman/uuid" 31 "golang.org/x/crypto/pbkdf2" 32 ) 33 34 // creates a Key and stores that in the given KeyStore by decrypting a presale key JSON 35 func importPreSaleKey(keyStore keyStore, keyJSON []byte, password string) (accounts.Account, *Key, error) { 36 key, err := decryptPreSaleKey(keyJSON, password) 37 if err != nil { 38 return accounts.Account{}, nil, err 39 } 40 key.Id = uuid.NewRandom() 41 a := accounts.Account{ 42 Address: key.Address, 43 URL: accounts.URL{ 44 Scheme: KeyStoreScheme, 45 Path: keyStore.JoinPath(keyFileName(key.Address)), 46 }, 47 } 48 err = keyStore.StoreKey(a.URL.Path, key, password) 49 return a, key, err 50 } 51 52 func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) { 53 preSaleKeyStruct := struct { 54 EncSeed string 55 EthAddr string 56 Email string 57 BtcAddr string 58 }{} 59 err = json.Unmarshal(fileContent, &preSaleKeyStruct) 60 if err != nil { 61 return nil, err 62 } 63 encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed) 64 if err != nil { 65 return nil, errors.New("invalid hex in encSeed") 66 } 67 if len(encSeedBytes) < 16 { 68 return nil, errors.New("invalid encSeed, too short") 69 } 70 iv := encSeedBytes[:16] 71 cipherText := encSeedBytes[16:] 72 /* 73 See https://github.com/ethereum/pyethsaletool 74 75 pyethsaletool generates the encryption key from password by 76 2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:(). 77 16 byte key length within PBKDF2 and resulting key is used as AES key 78 */ 79 passBytes := []byte(password) 80 derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New) 81 plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv) 82 if err != nil { 83 return nil, err 84 } 85 ethPriv := crypto.Keccak256(plainText) 86 ecKey := crypto.ToECDSAUnsafe(ethPriv) 87 88 key = &Key{ 89 Id: nil, 90 Address: crypto.PubkeyToAddress(ecKey.PublicKey), 91 PrivateKey: ecKey, 92 } 93 derivedAddr := hex.EncodeToString(key.Address.Bytes()) // needed because .Hex() gives leading "0x" 94 expectedAddr := preSaleKeyStruct.EthAddr 95 if derivedAddr != expectedAddr { 96 err = fmt.Errorf("decrypted addr '%s' not equal to expected addr '%s'", derivedAddr, expectedAddr) 97 } 98 return key, err 99 } 100 101 func aesCTRXOR(key, inText, iv []byte) ([]byte, error) { 102 // AES-128 is selected due to size of encryptKey. 103 aesBlock, err := aes.NewCipher(key) 104 if err != nil { 105 return nil, err 106 } 107 stream := cipher.NewCTR(aesBlock, iv) 108 outText := make([]byte, len(inText)) 109 stream.XORKeyStream(outText, inText) 110 return outText, err 111 } 112 113 func aesCBCDecrypt(key, cipherText, iv []byte) ([]byte, error) { 114 aesBlock, err := aes.NewCipher(key) 115 if err != nil { 116 return nil, err 117 } 118 decrypter := cipher.NewCBCDecrypter(aesBlock, iv) 119 paddedPlaintext := make([]byte, len(cipherText)) 120 decrypter.CryptBlocks(paddedPlaintext, cipherText) 121 plaintext := pkcs7Unpad(paddedPlaintext) 122 if plaintext == nil { 123 return nil, ErrDecrypt 124 } 125 return plaintext, err 126 } 127 128 // From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes 129 func pkcs7Unpad(in []byte) []byte { 130 if len(in) == 0 { 131 return nil 132 } 133 134 padding := in[len(in)-1] 135 if int(padding) > len(in) || padding > aes.BlockSize { 136 return nil 137 } else if padding == 0 { 138 return nil 139 } 140 141 for i := len(in) - 1; i > len(in)-int(padding)-1; i-- { 142 if in[i] != padding { 143 return nil 144 } 145 } 146 return in[:len(in)-int(padding)] 147 }