github.com/skoak/go-ethereum@v1.9.7/accounts/keystore/passphrase.go (about)

     1  // Copyright 2014 The go-ethereum Authors
     2  // This file is part of the go-ethereum library.
     3  //
     4  // The go-ethereum library is free software: you can redistribute it and/or modify
     5  // it under the terms of the GNU Lesser General Public License as published by
     6  // the Free Software Foundation, either version 3 of the License, or
     7  // (at your option) any later version.
     8  //
     9  // The go-ethereum library is distributed in the hope that it will be useful,
    10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
    12  // GNU Lesser General Public License for more details.
    13  //
    14  // You should have received a copy of the GNU Lesser General Public License
    15  // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
    16  
    17  /*
    18  
    19  This key store behaves as KeyStorePlain with the difference that
    20  the private key is encrypted and on disk uses another JSON encoding.
    21  
    22  The crypto is documented at https://github.com/ethereum/wiki/wiki/Web3-Secret-Storage-Definition
    23  
    24  */
    25  
    26  package keystore
    27  
    28  import (
    29  	"bytes"
    30  	"crypto/aes"
    31  	"crypto/rand"
    32  	"crypto/sha256"
    33  	"encoding/hex"
    34  	"encoding/json"
    35  	"fmt"
    36  	"io"
    37  	"io/ioutil"
    38  	"os"
    39  	"path/filepath"
    40  
    41  	"github.com/ethereum/go-ethereum/accounts"
    42  	"github.com/ethereum/go-ethereum/common"
    43  	"github.com/ethereum/go-ethereum/common/math"
    44  	"github.com/ethereum/go-ethereum/crypto"
    45  	"github.com/pborman/uuid"
    46  	"golang.org/x/crypto/pbkdf2"
    47  	"golang.org/x/crypto/scrypt"
    48  )
    49  
    50  const (
    51  	keyHeaderKDF = "scrypt"
    52  
    53  	// StandardScryptN is the N parameter of Scrypt encryption algorithm, using 256MB
    54  	// memory and taking approximately 1s CPU time on a modern processor.
    55  	StandardScryptN = 1 << 18
    56  
    57  	// StandardScryptP is the P parameter of Scrypt encryption algorithm, using 256MB
    58  	// memory and taking approximately 1s CPU time on a modern processor.
    59  	StandardScryptP = 1
    60  
    61  	// LightScryptN is the N parameter of Scrypt encryption algorithm, using 4MB
    62  	// memory and taking approximately 100ms CPU time on a modern processor.
    63  	LightScryptN = 1 << 12
    64  
    65  	// LightScryptP is the P parameter of Scrypt encryption algorithm, using 4MB
    66  	// memory and taking approximately 100ms CPU time on a modern processor.
    67  	LightScryptP = 6
    68  
    69  	scryptR     = 8
    70  	scryptDKLen = 32
    71  )
    72  
    73  type keyStorePassphrase struct {
    74  	keysDirPath string
    75  	scryptN     int
    76  	scryptP     int
    77  	// skipKeyFileVerification disables the security-feature which does
    78  	// reads and decrypts any newly created keyfiles. This should be 'false' in all
    79  	// cases except tests -- setting this to 'true' is not recommended.
    80  	skipKeyFileVerification bool
    81  }
    82  
    83  func (ks keyStorePassphrase) GetKey(addr common.Address, filename, auth string) (*Key, error) {
    84  	// Load the key from the keystore and decrypt its contents
    85  	keyjson, err := ioutil.ReadFile(filename)
    86  	if err != nil {
    87  		return nil, err
    88  	}
    89  	key, err := DecryptKey(keyjson, auth)
    90  	if err != nil {
    91  		return nil, err
    92  	}
    93  	// Make sure we're really operating on the requested key (no swap attacks)
    94  	if key.Address != addr {
    95  		return nil, fmt.Errorf("key content mismatch: have account %x, want %x", key.Address, addr)
    96  	}
    97  	return key, nil
    98  }
    99  
   100  // StoreKey generates a key, encrypts with 'auth' and stores in the given directory
   101  func StoreKey(dir, auth string, scryptN, scryptP int) (accounts.Account, error) {
   102  	_, a, err := storeNewKey(&keyStorePassphrase{dir, scryptN, scryptP, false}, rand.Reader, auth)
   103  	return a, err
   104  }
   105  
   106  func (ks keyStorePassphrase) StoreKey(filename string, key *Key, auth string) error {
   107  	keyjson, err := EncryptKey(key, auth, ks.scryptN, ks.scryptP)
   108  	if err != nil {
   109  		return err
   110  	}
   111  	// Write into temporary file
   112  	tmpName, err := writeTemporaryKeyFile(filename, keyjson)
   113  	if err != nil {
   114  		return err
   115  	}
   116  	if !ks.skipKeyFileVerification {
   117  		// Verify that we can decrypt the file with the given password.
   118  		_, err = ks.GetKey(key.Address, tmpName, auth)
   119  		if err != nil {
   120  			msg := "An error was encountered when saving and verifying the keystore file. \n" +
   121  				"This indicates that the keystore is corrupted. \n" +
   122  				"The corrupted file is stored at \n%v\n" +
   123  				"Please file a ticket at:\n\n" +
   124  				"https://github.com/ethereum/go-ethereum/issues." +
   125  				"The error was : %s"
   126  			return fmt.Errorf(msg, tmpName, err)
   127  		}
   128  	}
   129  	return os.Rename(tmpName, filename)
   130  }
   131  
   132  func (ks keyStorePassphrase) JoinPath(filename string) string {
   133  	if filepath.IsAbs(filename) {
   134  		return filename
   135  	}
   136  	return filepath.Join(ks.keysDirPath, filename)
   137  }
   138  
   139  // Encryptdata encrypts the data given as 'data' with the password 'auth'.
   140  func EncryptDataV3(data, auth []byte, scryptN, scryptP int) (CryptoJSON, error) {
   141  
   142  	salt := make([]byte, 32)
   143  	if _, err := io.ReadFull(rand.Reader, salt); err != nil {
   144  		panic("reading from crypto/rand failed: " + err.Error())
   145  	}
   146  	derivedKey, err := scrypt.Key(auth, salt, scryptN, scryptR, scryptP, scryptDKLen)
   147  	if err != nil {
   148  		return CryptoJSON{}, err
   149  	}
   150  	encryptKey := derivedKey[:16]
   151  
   152  	iv := make([]byte, aes.BlockSize) // 16
   153  	if _, err := io.ReadFull(rand.Reader, iv); err != nil {
   154  		panic("reading from crypto/rand failed: " + err.Error())
   155  	}
   156  	cipherText, err := aesCTRXOR(encryptKey, data, iv)
   157  	if err != nil {
   158  		return CryptoJSON{}, err
   159  	}
   160  	mac := crypto.Keccak256(derivedKey[16:32], cipherText)
   161  
   162  	scryptParamsJSON := make(map[string]interface{}, 5)
   163  	scryptParamsJSON["n"] = scryptN
   164  	scryptParamsJSON["r"] = scryptR
   165  	scryptParamsJSON["p"] = scryptP
   166  	scryptParamsJSON["dklen"] = scryptDKLen
   167  	scryptParamsJSON["salt"] = hex.EncodeToString(salt)
   168  	cipherParamsJSON := cipherparamsJSON{
   169  		IV: hex.EncodeToString(iv),
   170  	}
   171  
   172  	cryptoStruct := CryptoJSON{
   173  		Cipher:       "aes-128-ctr",
   174  		CipherText:   hex.EncodeToString(cipherText),
   175  		CipherParams: cipherParamsJSON,
   176  		KDF:          keyHeaderKDF,
   177  		KDFParams:    scryptParamsJSON,
   178  		MAC:          hex.EncodeToString(mac),
   179  	}
   180  	return cryptoStruct, nil
   181  }
   182  
   183  // EncryptKey encrypts a key using the specified scrypt parameters into a json
   184  // blob that can be decrypted later on.
   185  func EncryptKey(key *Key, auth string, scryptN, scryptP int) ([]byte, error) {
   186  	keyBytes := math.PaddedBigBytes(key.PrivateKey.D, 32)
   187  	cryptoStruct, err := EncryptDataV3(keyBytes, []byte(auth), scryptN, scryptP)
   188  	if err != nil {
   189  		return nil, err
   190  	}
   191  	encryptedKeyJSONV3 := encryptedKeyJSONV3{
   192  		hex.EncodeToString(key.Address[:]),
   193  		cryptoStruct,
   194  		key.Id.String(),
   195  		version,
   196  	}
   197  	return json.Marshal(encryptedKeyJSONV3)
   198  }
   199  
   200  // DecryptKey decrypts a key from a json blob, returning the private key itself.
   201  func DecryptKey(keyjson []byte, auth string) (*Key, error) {
   202  	// Parse the json into a simple map to fetch the key version
   203  	m := make(map[string]interface{})
   204  	if err := json.Unmarshal(keyjson, &m); err != nil {
   205  		return nil, err
   206  	}
   207  	// Depending on the version try to parse one way or another
   208  	var (
   209  		keyBytes, keyId []byte
   210  		err             error
   211  	)
   212  	if version, ok := m["version"].(string); ok && version == "1" {
   213  		k := new(encryptedKeyJSONV1)
   214  		if err := json.Unmarshal(keyjson, k); err != nil {
   215  			return nil, err
   216  		}
   217  		keyBytes, keyId, err = decryptKeyV1(k, auth)
   218  	} else {
   219  		k := new(encryptedKeyJSONV3)
   220  		if err := json.Unmarshal(keyjson, k); err != nil {
   221  			return nil, err
   222  		}
   223  		keyBytes, keyId, err = decryptKeyV3(k, auth)
   224  	}
   225  	// Handle any decryption errors and return the key
   226  	if err != nil {
   227  		return nil, err
   228  	}
   229  	key := crypto.ToECDSAUnsafe(keyBytes)
   230  
   231  	return &Key{
   232  		Id:         uuid.UUID(keyId),
   233  		Address:    crypto.PubkeyToAddress(key.PublicKey),
   234  		PrivateKey: key,
   235  	}, nil
   236  }
   237  
   238  func DecryptDataV3(cryptoJson CryptoJSON, auth string) ([]byte, error) {
   239  	if cryptoJson.Cipher != "aes-128-ctr" {
   240  		return nil, fmt.Errorf("Cipher not supported: %v", cryptoJson.Cipher)
   241  	}
   242  	mac, err := hex.DecodeString(cryptoJson.MAC)
   243  	if err != nil {
   244  		return nil, err
   245  	}
   246  
   247  	iv, err := hex.DecodeString(cryptoJson.CipherParams.IV)
   248  	if err != nil {
   249  		return nil, err
   250  	}
   251  
   252  	cipherText, err := hex.DecodeString(cryptoJson.CipherText)
   253  	if err != nil {
   254  		return nil, err
   255  	}
   256  
   257  	derivedKey, err := getKDFKey(cryptoJson, auth)
   258  	if err != nil {
   259  		return nil, err
   260  	}
   261  
   262  	calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)
   263  	if !bytes.Equal(calculatedMAC, mac) {
   264  		return nil, ErrDecrypt
   265  	}
   266  
   267  	plainText, err := aesCTRXOR(derivedKey[:16], cipherText, iv)
   268  	if err != nil {
   269  		return nil, err
   270  	}
   271  	return plainText, err
   272  }
   273  
   274  func decryptKeyV3(keyProtected *encryptedKeyJSONV3, auth string) (keyBytes []byte, keyId []byte, err error) {
   275  	if keyProtected.Version != version {
   276  		return nil, nil, fmt.Errorf("Version not supported: %v", keyProtected.Version)
   277  	}
   278  	keyId = uuid.Parse(keyProtected.Id)
   279  	plainText, err := DecryptDataV3(keyProtected.Crypto, auth)
   280  	if err != nil {
   281  		return nil, nil, err
   282  	}
   283  	return plainText, keyId, err
   284  }
   285  
   286  func decryptKeyV1(keyProtected *encryptedKeyJSONV1, auth string) (keyBytes []byte, keyId []byte, err error) {
   287  	keyId = uuid.Parse(keyProtected.Id)
   288  	mac, err := hex.DecodeString(keyProtected.Crypto.MAC)
   289  	if err != nil {
   290  		return nil, nil, err
   291  	}
   292  
   293  	iv, err := hex.DecodeString(keyProtected.Crypto.CipherParams.IV)
   294  	if err != nil {
   295  		return nil, nil, err
   296  	}
   297  
   298  	cipherText, err := hex.DecodeString(keyProtected.Crypto.CipherText)
   299  	if err != nil {
   300  		return nil, nil, err
   301  	}
   302  
   303  	derivedKey, err := getKDFKey(keyProtected.Crypto, auth)
   304  	if err != nil {
   305  		return nil, nil, err
   306  	}
   307  
   308  	calculatedMAC := crypto.Keccak256(derivedKey[16:32], cipherText)
   309  	if !bytes.Equal(calculatedMAC, mac) {
   310  		return nil, nil, ErrDecrypt
   311  	}
   312  
   313  	plainText, err := aesCBCDecrypt(crypto.Keccak256(derivedKey[:16])[:16], cipherText, iv)
   314  	if err != nil {
   315  		return nil, nil, err
   316  	}
   317  	return plainText, keyId, err
   318  }
   319  
   320  func getKDFKey(cryptoJSON CryptoJSON, auth string) ([]byte, error) {
   321  	authArray := []byte(auth)
   322  	salt, err := hex.DecodeString(cryptoJSON.KDFParams["salt"].(string))
   323  	if err != nil {
   324  		return nil, err
   325  	}
   326  	dkLen := ensureInt(cryptoJSON.KDFParams["dklen"])
   327  
   328  	if cryptoJSON.KDF == keyHeaderKDF {
   329  		n := ensureInt(cryptoJSON.KDFParams["n"])
   330  		r := ensureInt(cryptoJSON.KDFParams["r"])
   331  		p := ensureInt(cryptoJSON.KDFParams["p"])
   332  		return scrypt.Key(authArray, salt, n, r, p, dkLen)
   333  
   334  	} else if cryptoJSON.KDF == "pbkdf2" {
   335  		c := ensureInt(cryptoJSON.KDFParams["c"])
   336  		prf := cryptoJSON.KDFParams["prf"].(string)
   337  		if prf != "hmac-sha256" {
   338  			return nil, fmt.Errorf("Unsupported PBKDF2 PRF: %s", prf)
   339  		}
   340  		key := pbkdf2.Key(authArray, salt, c, dkLen, sha256.New)
   341  		return key, nil
   342  	}
   343  
   344  	return nil, fmt.Errorf("Unsupported KDF: %s", cryptoJSON.KDF)
   345  }
   346  
   347  // TODO: can we do without this when unmarshalling dynamic JSON?
   348  // why do integers in KDF params end up as float64 and not int after
   349  // unmarshal?
   350  func ensureInt(x interface{}) int {
   351  	res, ok := x.(int)
   352  	if !ok {
   353  		res = int(x.(float64))
   354  	}
   355  	return res
   356  }