From 1f8290ca44df31cc4c4b68b30eef412476ed24e0 Mon Sep 17 00:00:00 2001 From: Gustav Simonsson Date: Tue, 20 Jan 2015 23:55:13 +0100 Subject: Add ImportPreSaleKey * ImportPreSaleKey takes a KeyStore, a presale key JSON (e.g. file content) and a password string. It stores the key in the given key store. * Refactored common AES decryption and moved some functions to crypto.go --- crypto/crypto.go | 104 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 104 insertions(+) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index ac84c6204..066d23dcb 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -1,12 +1,19 @@ package crypto import ( + "crypto/aes" + "crypto/cipher" "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/sha256" + "errors" + "code.google.com/p/go-uuid/uuid" + "code.google.com/p/go.crypto/pbkdf2" "code.google.com/p/go.crypto/ripemd160" + "encoding/hex" + "encoding/json" "github.com/ethereum/go-ethereum/crypto/secp256k1" "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/ethutil" @@ -113,3 +120,100 @@ func Decrypt(prv *ecdsa.PrivateKey, ct []byte) ([]byte, error) { key := ecies.ImportECDSA(prv) return key.Decrypt(rand.Reader, ct, nil, nil) } + +// creates a Key and stores that in the given KeyStore by decrypting a presale key JSON +func ImportPreSaleKey(keyStore KeyStore2, keyJSON []byte, password string) (*Key, error) { + key, err := decryptPreSaleKey(keyJSON, password) + if err != nil { + return nil, err + } + id := uuid.NewRandom() + key.Id = &id + err = keyStore.StoreKey(key, password) + return key, err +} + +func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error) { + preSaleKeyStruct := struct { + EncSeed string + EthAddr string + Email string + BtcAddr string + }{} + err = json.Unmarshal(fileContent, &preSaleKeyStruct) + if err != nil { + return nil, err + } + encSeedBytes, err := hex.DecodeString(preSaleKeyStruct.EncSeed) + iv := encSeedBytes[:16] + cipherText := encSeedBytes[16:] + /* + See https://github.com/ethereum/pyethsaletool + + pyethsaletool generates the encryption key from password by + 2000 rounds of PBKDF2 with HMAC-SHA-256 using password as salt (:(). + 16 byte key length within PBKDF2 and resulting key is used as AES key + */ + passBytes := []byte(password) + derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New) + plainText, err := aes_cbc_decrypt(derivedKey, cipherText, iv) + ethPriv := Sha3(plainText) + ecKey := ToECDSA(ethPriv) + key = &Key{ + Id: nil, + PrivateKey: ecKey, + } + derivedAddr := ethutil.Bytes2Hex(key.Address()) + expectedAddr := preSaleKeyStruct.EthAddr + if derivedAddr != expectedAddr { + err = errors.New("decrypted addr not equal to expected addr") + } + return key, err +} + +func aes_cbc_decrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) { + aesBlock, err := aes.NewCipher(key) + if err != nil { + return plainText, err + } + decrypter := cipher.NewCBCDecrypter(aesBlock, iv) + paddedPlainText := make([]byte, len(cipherText)) + decrypter.CryptBlocks(paddedPlainText, cipherText) + plainText = PKCS7Unpad(paddedPlainText) + if plainText == nil { + err = errors.New("Decryption failed: PKCS7Unpad failed after decryption") + } + return plainText, err +} + +// From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes +func PKCS7Pad(in []byte) []byte { + padding := 16 - (len(in) % 16) + if padding == 0 { + padding = 16 + } + for i := 0; i < padding; i++ { + in = append(in, byte(padding)) + } + return in +} + +func PKCS7Unpad(in []byte) []byte { + if len(in) == 0 { + return nil + } + + padding := in[len(in)-1] + if int(padding) > len(in) || padding > aes.BlockSize { + return nil + } else if padding == 0 { + return nil + } + + for i := len(in) - 1; i > len(in)-int(padding)-1; i-- { + if in[i] != padding { + return nil + } + } + return in[:len(in)-int(padding)] +} -- cgit v1.2.3 From 8af42d42da1d428025622d3b76982798ec9436bd Mon Sep 17 00:00:00 2001 From: Gustav Simonsson Date: Wed, 21 Jan 2015 19:08:05 +0100 Subject: CamelCase aesCBCDecrypt --- crypto/crypto.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 066d23dcb..55d6f47e7 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -156,7 +156,7 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error */ passBytes := []byte(password) derivedKey := pbkdf2.Key(passBytes, passBytes, 2000, 16, sha256.New) - plainText, err := aes_cbc_decrypt(derivedKey, cipherText, iv) + plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv) ethPriv := Sha3(plainText) ecKey := ToECDSA(ethPriv) key = &Key{ @@ -171,7 +171,7 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error return key, err } -func aes_cbc_decrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) { +func aesCBCDecrypt(key []byte, cipherText []byte, iv []byte) (plainText []byte, err error) { aesBlock, err := aes.NewCipher(key) if err != nil { return plainText, err -- cgit v1.2.3 From 6eaa404187953777e8dc866e4e3db089e4ad0501 Mon Sep 17 00:00:00 2001 From: obscuren Date: Thu, 22 Jan 2015 00:25:00 +0100 Subject: Moved sha3 from `obscuren` --- crypto/crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index b8fd78fa2..2c5f30905 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -7,10 +7,10 @@ import ( "crypto/sha256" "code.google.com/p/go.crypto/ripemd160" + "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/ethutil" "github.com/obscuren/ecies" "github.com/obscuren/secp256k1-go" - "github.com/obscuren/sha3" ) func init() { -- cgit v1.2.3 From 67f9783e6a0fa5613a031e05549b92adbee57399 Mon Sep 17 00:00:00 2001 From: obscuren Date: Thu, 22 Jan 2015 00:35:00 +0100 Subject: Moved `obscuren` secp256k1-go --- crypto/crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 2c5f30905..ac84c6204 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -7,10 +7,10 @@ import ( "crypto/sha256" "code.google.com/p/go.crypto/ripemd160" + "github.com/ethereum/go-ethereum/crypto/secp256k1" "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/ethutil" "github.com/obscuren/ecies" - "github.com/obscuren/secp256k1-go" ) func init() { -- cgit v1.2.3 From d4cc2d3503ce7497ef0cb39456a332b25e0999b9 Mon Sep 17 00:00:00 2001 From: obscuren Date: Thu, 22 Jan 2015 18:12:05 +0100 Subject: Pad private key when signing & length check for hashes in sign --- crypto/crypto.go | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index ac84c6204..3da69ea94 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -5,6 +5,7 @@ import ( "crypto/elliptic" "crypto/rand" "crypto/sha256" + "fmt" "code.google.com/p/go.crypto/ripemd160" "github.com/ethereum/go-ethereum/crypto/secp256k1" @@ -101,7 +102,11 @@ func SigToPub(hash, sig []byte) *ecdsa.PublicKey { } func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) { - sig, err = secp256k1.Sign(hash, prv.D.Bytes()) + if len(hash) != 32 { + return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) + } + + sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), 32)) return } -- cgit v1.2.3 From 0dfe5113709d2981ef2ec8885d831a38cf2e4f91 Mon Sep 17 00:00:00 2001 From: obscuren Date: Thu, 22 Jan 2015 18:15:11 +0100 Subject: Use curve params instead of hardcoded 32 bytes --- crypto/crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 3da69ea94..93453b91c 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -106,7 +106,7 @@ func Sign(hash []byte, prv *ecdsa.PrivateKey) (sig []byte, err error) { return nil, fmt.Errorf("hash is required to be exactly 32 bytes (%d)", len(hash)) } - sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), 32)) + sig, err = secp256k1.Sign(hash, ethutil.LeftPadBytes(prv.D.Bytes(), prv.Params().BitSize/8)) return } -- cgit v1.2.3 From 512ffa2bf4308b44aa6f43f25238b375b58d7dbc Mon Sep 17 00:00:00 2001 From: Gustav Simonsson Date: Sun, 25 Jan 2015 02:07:20 +0100 Subject: Add accounts package and refactor key stores * Add initial UserAccount and AccountManager structs * Add NewAccount, Sign and Accounts functions * Refactor key stores to use key address as main identifier while keeping the UUID. * Use key address as file/dir names instead of UUID --- crypto/crypto.go | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 4b2cc7bb4..f8d6139a8 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -134,7 +134,7 @@ func ImportPreSaleKey(keyStore KeyStore2, keyJSON []byte, password string) (*Key return nil, err } id := uuid.NewRandom() - key.Id = &id + key.Id = id err = keyStore.StoreKey(key, password) return key, err } @@ -167,9 +167,10 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error ecKey := ToECDSA(ethPriv) key = &Key{ Id: nil, + Address: pubkeyToAddress(ecKey.PublicKey), PrivateKey: ecKey, } - derivedAddr := ethutil.Bytes2Hex(key.Address()) + derivedAddr := ethutil.Bytes2Hex(key.Address) expectedAddr := preSaleKeyStruct.EthAddr if derivedAddr != expectedAddr { err = errors.New("decrypted addr not equal to expected addr") @@ -223,3 +224,8 @@ func PKCS7Unpad(in []byte) []byte { } return in[:len(in)-int(padding)] } + +func pubkeyToAddress(p ecdsa.PublicKey) []byte { + pubBytes := FromECDSAPub(&p) + return Sha3(pubBytes[1:])[12:] +} -- cgit v1.2.3 From 8d9752a557e33341a5fb73239dbae664b2f8aaa0 Mon Sep 17 00:00:00 2001 From: Gustav Simonsson Date: Wed, 28 Jan 2015 05:12:57 +0100 Subject: Address pull request comments * Use crypto.Sign instead of directly calling secp256k1 lib * Rename UserAccount to Account and Addr to Address (for consistency) * Change AccountManager.Sign to take ptr to Account instead of address byte array * Simplify copying of Accounts in Accounts() * PubkeyToAddress and GetEntropyCSPRNG now exported --- crypto/crypto.go | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index f8d6139a8..effa703d0 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -133,8 +133,7 @@ func ImportPreSaleKey(keyStore KeyStore2, keyJSON []byte, password string) (*Key if err != nil { return nil, err } - id := uuid.NewRandom() - key.Id = id + key.Id = uuid.NewRandom() err = keyStore.StoreKey(key, password) return key, err } @@ -167,7 +166,7 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error ecKey := ToECDSA(ethPriv) key = &Key{ Id: nil, - Address: pubkeyToAddress(ecKey.PublicKey), + Address: PubkeyToAddress(ecKey.PublicKey), PrivateKey: ecKey, } derivedAddr := ethutil.Bytes2Hex(key.Address) @@ -225,7 +224,7 @@ func PKCS7Unpad(in []byte) []byte { return in[:len(in)-int(padding)] } -func pubkeyToAddress(p ecdsa.PublicKey) []byte { +func PubkeyToAddress(p ecdsa.PublicKey) []byte { pubBytes := FromECDSAPub(&p) return Sha3(pubBytes[1:])[12:] } -- cgit v1.2.3 From c48644490f039fb9756b4cd1fedf11fbb1c4a16f Mon Sep 17 00:00:00 2001 From: obscuren Date: Fri, 30 Jan 2015 13:24:20 +0100 Subject: Fixed whisper pub key bug * Unrecoverable messages would cause segfault when recovering invalid pub key --- crypto/crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index effa703d0..d56b9112f 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -92,7 +92,7 @@ func ToECDSAPub(pub []byte) *ecdsa.PublicKey { } func FromECDSAPub(pub *ecdsa.PublicKey) []byte { - if pub == nil { + if pub == nil || pub.X == nil || pub.Y == nil { return nil } return elliptic.Marshal(S256(), pub.X, pub.Y) -- cgit v1.2.3 From 410b35e9135baa86e92bc07e0ef85d04e3ac0561 Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Tue, 27 Jan 2015 14:29:33 +0100 Subject: crypto: make it easier to run Sha3 on multiple inputs crypto.Sha3(append(foo, bar)) --> crypto.Sha3(foo, bar) crypto.Sha3([]byte{}) --> crypto.Sha3() --- crypto/crypto.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index d56b9112f..42e6036b5 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -27,10 +27,11 @@ func init() { ecies.AddParamsForCurve(S256(), ecies.ECIES_AES128_SHA256) } -func Sha3(data []byte) []byte { +func Sha3(data ...[]byte) []byte { d := sha3.NewKeccak256() - d.Write(data) - + for _, b := range data { + d.Write(b) + } return d.Sum(nil) } -- cgit v1.2.3 From 0c7df37351ab85c577fe815d6d22f4627832b0c3 Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Tue, 10 Feb 2015 12:29:50 +0100 Subject: crypto: add key loading functions --- crypto/crypto.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 42e6036b5..2c8f82977 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -8,6 +8,8 @@ import ( "crypto/rand" "crypto/sha256" "fmt" + "io" + "os" "encoding/hex" "encoding/json" @@ -99,6 +101,32 @@ func FromECDSAPub(pub *ecdsa.PublicKey) []byte { return elliptic.Marshal(S256(), pub.X, pub.Y) } +// HexToECDSA parses a secp256k1 private key. +func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) { + b, err := hex.DecodeString(hexkey) + if err != nil { + return nil, errors.New("invalid hex string") + } + if len(b) != 32 { + return nil, errors.New("invalid length, need 256 bits") + } + return ToECDSA(b), nil +} + +// LoadECDSA loads a secp256k1 private key from the given file. +func LoadECDSA(file string) (*ecdsa.PrivateKey, error) { + buf := make([]byte, 32) + fd, err := os.Open(file) + if err != nil { + return nil, err + } + defer fd.Close() + if _, err := io.ReadFull(fd, buf); err != nil { + return nil, err + } + return ToECDSA(buf), nil +} + func GenerateKey() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(S256(), rand.Reader) } -- cgit v1.2.3 From 84f7c966f725ef0f5c62b4427857d112c0d1e828 Mon Sep 17 00:00:00 2001 From: obscuren Date: Sat, 14 Feb 2015 00:25:47 +0100 Subject: Moved ECIES to repo & added secondary title for webview * ECIES moved from obscuren to ethereum * Added html META[name=badge] to reflect menuItem.secondaryTitle --- crypto/crypto.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index 2c8f82977..e59250eb2 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -18,10 +18,10 @@ import ( "code.google.com/p/go-uuid/uuid" "code.google.com/p/go.crypto/pbkdf2" "code.google.com/p/go.crypto/ripemd160" + "github.com/ethereum/go-ethereum/crypto/ecies" "github.com/ethereum/go-ethereum/crypto/secp256k1" "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/ethutil" - "github.com/obscuren/ecies" ) func init() { -- cgit v1.2.3 From 119bea22aaf061d5b3e6a9abee9b1b95655b9fbe Mon Sep 17 00:00:00 2001 From: Felix Lange Date: Tue, 17 Feb 2015 13:05:58 +0100 Subject: crypto: switch to golang.org/x/crypto code.google.com/p/go.crypto is deprecated and will cause problems in future versions of Go. --- crypto/crypto.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'crypto/crypto.go') diff --git a/crypto/crypto.go b/crypto/crypto.go index e59250eb2..90e2c8939 100644 --- a/crypto/crypto.go +++ b/crypto/crypto.go @@ -16,12 +16,12 @@ import ( "errors" "code.google.com/p/go-uuid/uuid" - "code.google.com/p/go.crypto/pbkdf2" - "code.google.com/p/go.crypto/ripemd160" "github.com/ethereum/go-ethereum/crypto/ecies" "github.com/ethereum/go-ethereum/crypto/secp256k1" "github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/ethutil" + "golang.org/x/crypto/pbkdf2" + "golang.org/x/crypto/ripemd160" ) func init() { -- cgit v1.2.3