From 1f8290ca44df31cc4c4b68b30eef412476ed24e0 Mon Sep 17 00:00:00 2001
From: Gustav Simonsson <gustav.simonsson@gmail.com>
Date: Tue, 20 Jan 2015 23:55:13 +0100
Subject: Add ImportPreSaleKey

* ImportPreSaleKey takes a KeyStore, a presale key JSON (e.g. file content)
  and a password string. It stores the key in the given key store.
* Refactored common AES decryption and moved some functions to crypto.go
---
 crypto/crypto.go | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 104 insertions(+)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index ac84c6204..066d23dcb 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -1,12 +1,19 @@
 package crypto
 
 import (
+	"crypto/aes"
+	"crypto/cipher"
 	"crypto/ecdsa"
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha256"
+	"errors"
 
+	"code.google.com/p/go-uuid/uuid"
+	"code.google.com/p/go.crypto/pbkdf2"
 	"code.google.com/p/go.crypto/ripemd160"
+	"encoding/hex"
+	"encoding/json"
 	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/ethutil"
@@ -113,3 +120,100 @@ func Decrypt(prv *ecdsa.PrivateKey, ct []byte) ([]byte, error) {
 	key := ecies.ImportECDSA(prv)
 	return key.Decrypt(rand.Reader, ct, nil, nil)
 }
+
+// creates a Key and stores that in the given KeyStore by decrypting a presale key JSON
+func ImportPreSaleKey(keyStore KeyStore2, keyJSON []byte, password string) (*Key, error) {
+	key, err := decryptPreSaleKey(keyJSON, password)
+	if err != nil {
+		return nil, err
+	}
+	id := uuid.NewRandom()
+	key.Id = &id
+	err = keyStore.StoreKey(key, password)
+	return key, err
+}
+
+func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) {
+	preSaleKeyStruct := struct {
+		EncSeed string
+		EthAddr string
+		Email   string
+		BtcAddr string
+	}{}
+	err = json.Unmarshal(fileContent, &preSaleKeyStruct)
+	if err != nil {
+		return nil, err
+	}
+	encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed)
+	iv := encSeedBytes[:16]
+	cipherText := encSeedBytes[16:]
+	/*
+		See https://github.com/ethereum/pyethsaletool
+
+		pyethsaletool generates the encryption key from password by
+		2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:().
+		16 byte key length within PBKDF2 and resulting key is used as AES key
+	*/
+	passBytes := []byte(password)
+	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
+	plainText, err := aes_cbc_decrypt(derivedKey, cipherText, iv)
+	ethPriv := Sha3(plainText)
+	ecKey := ToECDSA(ethPriv)
+	key = &Key{
+		Id:         nil,
+		PrivateKey: ecKey,
+	}
+	derivedAddr := ethutil.Bytes2Hex(key.Address())
+	expectedAddr := preSaleKeyStruct.EthAddr
+	if derivedAddr != expectedAddr {
+		err = errors.New("decrypted addr not equal to expected addr")
+	}
+	return key, err
+}
+
+func aes_cbc_decrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) {
+	aesBlock, err := aes.NewCipher(key)
+	if err != nil {
+		return plainText, err
+	}
+	decrypter := cipher.NewCBCDecrypter(aesBlock, iv)
+	paddedPlainText := make([]byte, len(cipherText))
+	decrypter.CryptBlocks(paddedPlainText, cipherText)
+	plainText = PKCS7Unpad(paddedPlainText)
+	if plainText == nil {
+		err = errors.New("Decryption failed: PKCS7Unpad failed after decryption")
+	}
+	return plainText, err
+}
+
+// From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes
+func PKCS7Pad(in []byte) []byte {
+	padding := 16 - (len(in) % 16)
+	if padding == 0 {
+		padding = 16
+	}
+	for i := 0; i < padding; i++ {
+		in = append(in, byte(padding))
+	}
+	return in
+}
+
+func PKCS7Unpad(in []byte) []byte {
+	if len(in) == 0 {
+		return nil
+	}
+
+	padding := in[len(in)-1]
+	if int(padding) > len(in) || padding > aes.BlockSize {
+		return nil
+	} else if padding == 0 {
+		return nil
+	}
+
+	for i := len(in) - 1; i > len(in)-int(padding)-1; i-- {
+		if in[i] != padding {
+			return nil
+		}
+	}
+	return in[:len(in)-int(padding)]
+}
-- 
cgit v1.2.3


From 8af42d42da1d428025622d3b76982798ec9436bd Mon Sep 17 00:00:00 2001
From: Gustav Simonsson <gustav.simonsson@gmail.com>
Date: Wed, 21 Jan 2015 19:08:05 +0100
Subject: CamelCase aesCBCDecrypt

---
 crypto/crypto.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 066d23dcb..55d6f47e7 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -156,7 +156,7 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
 	*/
 	passBytes := []byte(password)
 	derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New)
-	plainText, err := aes_cbc_decrypt(derivedKey, cipherText, iv)
+	plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
 	ethPriv := Sha3(plainText)
 	ecKey := ToECDSA(ethPriv)
 	key = &Key{
@@ -171,7 +171,7 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
 	return key, err
 }
 
-func aes_cbc_decrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) {
+func aesCBCDecrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) {
 	aesBlock, err := aes.NewCipher(key)
 	if err != nil {
 		return plainText, err
-- 
cgit v1.2.3


From 6eaa404187953777e8dc866e4e3db089e4ad0501 Mon Sep 17 00:00:00 2001
From: obscuren <geffobscura@gmail.com>
Date: Thu, 22 Jan 2015 00:25:00 +0100
Subject: Moved sha3 from `obscuren`

---
 crypto/crypto.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index b8fd78fa2..2c5f30905 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -7,10 +7,10 @@ import (
 	"crypto/sha256"
 
 	"code.google.com/p/go.crypto/ripemd160"
+	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/ethutil"
 	"github.com/obscuren/ecies"
 	"github.com/obscuren/secp256k1-go"
-	"github.com/obscuren/sha3"
 )
 
 func init() {
-- 
cgit v1.2.3


From 67f9783e6a0fa5613a031e05549b92adbee57399 Mon Sep 17 00:00:00 2001
From: obscuren <geffobscura@gmail.com>
Date: Thu, 22 Jan 2015 00:35:00 +0100
Subject: Moved `obscuren` secp256k1-go

---
 crypto/crypto.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 2c5f30905..ac84c6204 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -7,10 +7,10 @@ import (
 	"crypto/sha256"
 
 	"code.google.com/p/go.crypto/ripemd160"
+	"github.com/ethereum/go-ethereum/crypto/secp256k1"
 	"github.com/ethereum/go-ethereum/crypto/sha3"
 	"github.com/ethereum/go-ethereum/ethutil"
 	"github.com/obscuren/ecies"
-	"github.com/obscuren/secp256k1-go"
 )
 
 func init() {
-- 
cgit v1.2.3


From d4cc2d3503ce7497ef0cb39456a332b25e0999b9 Mon Sep 17 00:00:00 2001
From: obscuren <geffobscura@gmail.com>
Date: Thu, 22 Jan 2015 18:12:05 +0100
Subject: Pad private key when signing & length check for hashes in sign

---
 crypto/crypto.go | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index ac84c6204..3da69ea94 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -5,6 +5,7 @@ import (
 	"crypto/elliptic"
 	"crypto/rand"
 	"crypto/sha256"
+	"fmt"
 
 	"code.google.com/p/go.crypto/ripemd160"
 	"github.com/ethereum/go-ethereum/crypto/secp256k1"
@@ -101,7 +102,11 @@ func SigToPub(hash, sig []byte) *ecdsa.PublicKey {
 }
 
 func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
-	sig, err = secp256k1.Sign(hash, prv.D.Bytes())
+	if len(hash) != 32 {
+		return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
+	}
+
+	sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), 32))
 	return
 }
 
-- 
cgit v1.2.3


From 0dfe5113709d2981ef2ec8885d831a38cf2e4f91 Mon Sep 17 00:00:00 2001
From: obscuren <geffobscura@gmail.com>
Date: Thu, 22 Jan 2015 18:15:11 +0100
Subject: Use curve params instead of hardcoded 32 bytes

---
 crypto/crypto.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'crypto/crypto.go')

diff --git a/crypto/crypto.go b/crypto/crypto.go
index 3da69ea94..93453b91c 100644
--- a/crypto/crypto.go
+++ b/crypto/crypto.go
@@ -106,7 +106,7 @@ func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) {
 		return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash))
 	}
 
-	sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), 32))
+	sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), prv.Params().BitSize/8))
 	return
 }
 
-- 
cgit v1.2.3