a9f26dcd0d
In order to avoid disk thrashing for Accounts and HasAccount, address->key file mappings are now cached in memory. This makes it no longer necessary to keep the key address in the file name. The address of each key is derived from file content instead. There are minor user-visible changes: - "geth account list" now reports key file paths alongside the address. - If multiple keys are present for an address, unlocking by address is not possible. Users are directed to remove the duplicate files instead. Unlocking by index is still possible. - Key files are overwritten written in place when updating the password.
134 lines
4.0 KiB
Go
134 lines
4.0 KiB
Go
// Copyright 2016 The go-ethereum Authors
|
|
// This file is part of the go-ethereum library.
|
|
//
|
|
// The go-ethereum library is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Lesser General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// The go-ethereum library is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Lesser General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Lesser General Public License
|
|
// along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
package accounts
|
|
|
|
import (
|
|
"crypto/aes"
|
|
"crypto/cipher"
|
|
"crypto/sha256"
|
|
"encoding/hex"
|
|
"encoding/json"
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/ethereum/go-ethereum/crypto"
|
|
"github.com/pborman/uuid"
|
|
"golang.org/x/crypto/pbkdf2"
|
|
)
|
|
|
|
// creates a Key and stores that in the given KeyStore by decrypting a presale key JSON
|
|
func importPreSaleKey(keyStore keyStore, keyJSON []byte, password string) (Account, *Key, error) {
|
|
key, err := decryptPreSaleKey(keyJSON, password)
|
|
if err != nil {
|
|
return Account{}, nil, err
|
|
}
|
|
key.Id = uuid.NewRandom()
|
|
a := Account{Address: key.Address, File: keyStore.JoinPath(keyFileName(key.Address))}
|
|
err = keyStore.StoreKey(a.File, key, password)
|
|
return a, key, err
|
|
}
|
|
|
|
func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) {
|
|
preSaleKeyStruct := struct {
|
|
EncSeed string
|
|
EthAddr string
|
|
Email string
|
|
BtcAddr string
|
|
}{}
|
|
err = json.Unmarshal(fileContent, &preSaleKeyStruct)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed)
|
|
iv := encSeedBytes[:16]
|
|
cipherText := encSeedBytes[16:]
|
|
/*
|
|
See https://github.com/ethereum/pyethsaletool
|
|
|
|
pyethsaletool generates the encryption key from password by
|
|
2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:().
|
|
16 byte key length within PBKDF2 and resulting key is used as AES key
|
|
*/
|
|
passBytes := []byte(password)
|
|
derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
|
|
plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
ethPriv := crypto.Keccak256(plainText)
|
|
ecKey := crypto.ToECDSA(ethPriv)
|
|
key = &Key{
|
|
Id: nil,
|
|
Address: crypto.PubkeyToAddress(ecKey.PublicKey),
|
|
PrivateKey: ecKey,
|
|
}
|
|
derivedAddr := hex.EncodeToString(key.Address.Bytes()) // needed because .Hex() gives leading "0x"
|
|
expectedAddr := preSaleKeyStruct.EthAddr
|
|
if derivedAddr != expectedAddr {
|
|
err = fmt.Errorf("decrypted addr '%s' not equal to expected addr '%s'", derivedAddr, expectedAddr)
|
|
}
|
|
return key, err
|
|
}
|
|
|
|
func aesCTRXOR(key, inText, iv []byte) ([]byte, error) {
|
|
// AES-128 is selected due to size of encryptKey.
|
|
aesBlock, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
stream := cipher.NewCTR(aesBlock, iv)
|
|
outText := make([]byte, len(inText))
|
|
stream.XORKeyStream(outText, inText)
|
|
return outText, err
|
|
}
|
|
|
|
func aesCBCDecrypt(key, cipherText, iv []byte) ([]byte, error) {
|
|
aesBlock, err := aes.NewCipher(key)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
decrypter := cipher.NewCBCDecrypter(aesBlock, iv)
|
|
paddedPlaintext := make([]byte, len(cipherText))
|
|
decrypter.CryptBlocks(paddedPlaintext, cipherText)
|
|
plaintext := pkcs7Unpad(paddedPlaintext)
|
|
if plaintext == nil {
|
|
err = errors.New("Decryption failed: PKCS7Unpad failed after AES decryption")
|
|
}
|
|
return plaintext, err
|
|
}
|
|
|
|
// From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes
|
|
func pkcs7Unpad(in []byte) []byte {
|
|
if len(in) == 0 {
|
|
return nil
|
|
}
|
|
|
|
padding := in[len(in)-1]
|
|
if int(padding) > len(in) || padding > aes.BlockSize {
|
|
return nil
|
|
} else if padding == 0 {
|
|
return nil
|
|
}
|
|
|
|
for i := len(in) - 1; i > len(in)-int(padding)-1; i-- {
|
|
if in[i] != padding {
|
|
return nil
|
|
}
|
|
}
|
|
return in[:len(in)-int(padding)]
|
|
}
|