| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | // Copyright 2016 The go-ethereum Authors | 
					
						
							|  |  |  | // This file is part of the go-ethereum library. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // The go-ethereum library is free software: you can redistribute it and/or modify | 
					
						
							|  |  |  | // it under the terms of the GNU Lesser General Public License as published by | 
					
						
							|  |  |  | // the Free Software Foundation, either version 3 of the License, or | 
					
						
							|  |  |  | // (at your option) any later version. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // The go-ethereum library is distributed in the hope that it will be useful, | 
					
						
							|  |  |  | // but WITHOUT ANY WARRANTY; without even the implied warranty of | 
					
						
							|  |  |  | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | 
					
						
							|  |  |  | // GNU Lesser General Public License for more details. | 
					
						
							|  |  |  | // | 
					
						
							|  |  |  | // You should have received a copy of the GNU Lesser General Public License | 
					
						
							|  |  |  | // along with the go-ethereum library. If not, see <http://www.gnu.org/licenses/>. | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-24 11:49:20 +02:00
										 |  |  | package keystore | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 
 | 
					
						
							|  |  |  | import ( | 
					
						
							|  |  |  | 	"crypto/aes" | 
					
						
							|  |  |  | 	"crypto/cipher" | 
					
						
							|  |  |  | 	"crypto/sha256" | 
					
						
							|  |  |  | 	"encoding/hex" | 
					
						
							|  |  |  | 	"encoding/json" | 
					
						
							| 
									
										
										
										
											2017-01-09 11:16:06 +01:00
										 |  |  | 	"errors" | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	"fmt" | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-01-24 11:49:20 +02:00
										 |  |  | 	"github.com/ethereum/go-ethereum/accounts" | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	"github.com/ethereum/go-ethereum/crypto" | 
					
						
							|  |  |  | 	"github.com/pborman/uuid" | 
					
						
							|  |  |  | 	"golang.org/x/crypto/pbkdf2" | 
					
						
							|  |  |  | ) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // creates a Key and stores that in the given KeyStore by decrypting a presale key JSON | 
					
						
							| 
									
										
										
										
											2017-01-24 11:49:20 +02:00
										 |  |  | func importPreSaleKey(keyStore keyStore, keyJSON []byte, password string) (accounts.Account, *Key, error) { | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	key, err := decryptPreSaleKey(keyJSON, password) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							| 
									
										
										
										
											2017-01-24 11:49:20 +02:00
										 |  |  | 		return accounts.Account{}, nil, err | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | 	key.Id = uuid.NewRandom() | 
					
						
							| 
									
										
										
										
											2017-02-08 15:53:02 +02:00
										 |  |  | 	a := accounts.Account{Address: key.Address, URL: accounts.URL{Scheme: KeyStoreScheme, Path: keyStore.JoinPath(keyFileName(key.Address))}} | 
					
						
							|  |  |  | 	err = keyStore.StoreKey(a.URL.Path, key, password) | 
					
						
							| 
									
										
										
										
											2016-03-03 01:15:42 +01:00
										 |  |  | 	return a, key, err | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) { | 
					
						
							|  |  |  | 	preSaleKeyStruct := struct { | 
					
						
							|  |  |  | 		EncSeed string | 
					
						
							|  |  |  | 		EthAddr string | 
					
						
							|  |  |  | 		Email   string | 
					
						
							|  |  |  | 		BtcAddr string | 
					
						
							|  |  |  | 	}{} | 
					
						
							|  |  |  | 	err = json.Unmarshal(fileContent, &preSaleKeyStruct) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed) | 
					
						
							| 
									
										
										
										
											2017-01-09 11:16:06 +01:00
										 |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, errors.New("invalid hex in encSeed") | 
					
						
							|  |  |  | 	} | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	iv := encSeedBytes[:16] | 
					
						
							|  |  |  | 	cipherText := encSeedBytes[16:] | 
					
						
							|  |  |  | 	/* | 
					
						
							|  |  |  | 		See https://github.com/ethereum/pyethsaletool | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 		pyethsaletool generates the encryption key from password by | 
					
						
							|  |  |  | 		2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:(). | 
					
						
							|  |  |  | 		16 byte key length within PBKDF2 and resulting key is used as AES key | 
					
						
							|  |  |  | 	*/ | 
					
						
							|  |  |  | 	passBytes := []byte(password) | 
					
						
							|  |  |  | 	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New) | 
					
						
							|  |  |  | 	plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	ethPriv := crypto.Keccak256(plainText) | 
					
						
							|  |  |  | 	ecKey := crypto.ToECDSA(ethPriv) | 
					
						
							|  |  |  | 	key = &Key{ | 
					
						
							|  |  |  | 		Id:         nil, | 
					
						
							|  |  |  | 		Address:    crypto.PubkeyToAddress(ecKey.PublicKey), | 
					
						
							|  |  |  | 		PrivateKey: ecKey, | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	derivedAddr := hex.EncodeToString(key.Address.Bytes()) // needed because .Hex() gives leading "0x" | 
					
						
							|  |  |  | 	expectedAddr := preSaleKeyStruct.EthAddr | 
					
						
							|  |  |  | 	if derivedAddr != expectedAddr { | 
					
						
							|  |  |  | 		err = fmt.Errorf("decrypted addr '%s' not equal to expected addr '%s'", derivedAddr, expectedAddr) | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return key, err | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func aesCTRXOR(key, inText, iv []byte) ([]byte, error) { | 
					
						
							|  |  |  | 	// AES-128 is selected due to size of encryptKey. | 
					
						
							|  |  |  | 	aesBlock, err := aes.NewCipher(key) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	stream := cipher.NewCTR(aesBlock, iv) | 
					
						
							|  |  |  | 	outText := make([]byte, len(inText)) | 
					
						
							|  |  |  | 	stream.XORKeyStream(outText, inText) | 
					
						
							|  |  |  | 	return outText, err | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | func aesCBCDecrypt(key, cipherText, iv []byte) ([]byte, error) { | 
					
						
							|  |  |  | 	aesBlock, err := aes.NewCipher(key) | 
					
						
							|  |  |  | 	if err != nil { | 
					
						
							|  |  |  | 		return nil, err | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	decrypter := cipher.NewCBCDecrypter(aesBlock, iv) | 
					
						
							|  |  |  | 	paddedPlaintext := make([]byte, len(cipherText)) | 
					
						
							|  |  |  | 	decrypter.CryptBlocks(paddedPlaintext, cipherText) | 
					
						
							|  |  |  | 	plaintext := pkcs7Unpad(paddedPlaintext) | 
					
						
							|  |  |  | 	if plaintext == nil { | 
					
						
							| 
									
										
										
										
											2016-04-01 22:41:47 +02:00
										 |  |  | 		return nil, ErrDecrypt | 
					
						
							| 
									
										
										
										
											2016-03-02 13:57:15 +01:00
										 |  |  | 	} | 
					
						
							|  |  |  | 	return plaintext, err | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | // From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes | 
					
						
							|  |  |  | func pkcs7Unpad(in []byte) []byte { | 
					
						
							|  |  |  | 	if len(in) == 0 { | 
					
						
							|  |  |  | 		return nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	padding := in[len(in)-1] | 
					
						
							|  |  |  | 	if int(padding) > len(in) || padding > aes.BlockSize { | 
					
						
							|  |  |  | 		return nil | 
					
						
							|  |  |  | 	} else if padding == 0 { | 
					
						
							|  |  |  | 		return nil | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 	for i := len(in) - 1; i > len(in)-int(padding)-1; i-- { | 
					
						
							|  |  |  | 		if in[i] != padding { | 
					
						
							|  |  |  | 			return nil | 
					
						
							|  |  |  | 		} | 
					
						
							|  |  |  | 	} | 
					
						
							|  |  |  | 	return in[:len(in)-int(padding)] | 
					
						
							|  |  |  | } |