aboutsummaryrefslogtreecommitdiffstats
path: root/crypto/key_store_passphrase.go
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/key_store_passphrase.go')
-rw-r--r--crypto/key_store_passphrase.go92
1 files changed, 27 insertions, 65 deletions
diff --git a/crypto/key_store_passphrase.go b/crypto/key_store_passphrase.go
index e30a0a785..0862b7886 100644
--- a/crypto/key_store_passphrase.go
+++ b/crypto/key_store_passphrase.go
@@ -69,6 +69,7 @@ import (
"crypto/aes"
"crypto/cipher"
crand "crypto/rand"
+ "encoding/hex"
"encoding/json"
"errors"
"io"
@@ -96,21 +97,26 @@ func (ks keyStorePassphrase) GenerateNewKey(rand io.Reader, auth string) (key *K
return GenerateNewKeyDefault(ks, rand, auth)
}
-func (ks keyStorePassphrase) GetKey(keyId *uuid.UUID, auth string) (key *Key, err error) {
- keyBytes, err := DecryptKey(ks, keyId, auth)
+func (ks keyStorePassphrase) GetKey(keyAddr []byte, auth string) (key *Key, err error) {
+ keyBytes, keyId, err := DecryptKey(ks, keyAddr, auth)
if err != nil {
return nil, err
}
key = &Key{
- Id: keyId,
+ Id: uuid.UUID(keyId),
+ Address: keyAddr,
PrivateKey: ToECDSA(keyBytes),
}
return key, err
}
+func (ks keyStorePassphrase) GetKeyAddresses() (addresses [][]byte, err error) {
+ return GetKeyAddresses(ks.keysDirPath)
+}
+
func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
authArray := []byte(auth)
- salt := getEntropyCSPRNG(32)
+ salt := GetEntropyCSPRNG(32)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
if err != nil {
return err
@@ -125,7 +131,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
return err
}
- iv := getEntropyCSPRNG(aes.BlockSize) // 16
+ iv := GetEntropyCSPRNG(aes.BlockSize) // 16
AES256CBCEncrypter := cipher.NewCBCEncrypter(AES256Block, iv)
cipherText := make([]byte, len(toEncrypt))
AES256CBCEncrypter.CryptBlocks(cipherText, toEncrypt)
@@ -136,7 +142,8 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
cipherText,
}
keyStruct := encryptedKeyJSON{
- *key.Id,
+ key.Id,
+ key.Address,
cipherStruct,
}
keyJSON, err := json.Marshal(keyStruct)
@@ -144,66 +151,53 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) {
return err
}
- return WriteKeyFile(key.Id.String(), ks.keysDirPath, keyJSON)
+ return WriteKeyFile(key.Address, ks.keysDirPath, keyJSON)
}
-func (ks keyStorePassphrase) DeleteKey(keyId *uuid.UUID, auth string) (err error) {
+func (ks keyStorePassphrase) DeleteKey(keyAddr []byte, auth string) (err error) {
// only delete if correct passphrase is given
- _, err = DecryptKey(ks, keyId, auth)
+ _, _, err = DecryptKey(ks, keyAddr, auth)
if err != nil {
return err
}
- keyDirPath := path.Join(ks.keysDirPath, keyId.String())
+ keyDirPath := path.Join(ks.keysDirPath, hex.EncodeToString(keyAddr))
return os.RemoveAll(keyDirPath)
}
-func DecryptKey(ks keyStorePassphrase, keyId *uuid.UUID, auth string) (keyBytes []byte, err error) {
- fileContent, err := GetKeyFile(ks.keysDirPath, keyId)
+func DecryptKey(ks keyStorePassphrase, keyAddr []byte, auth string) (keyBytes []byte, keyId []byte, err error) {
+ fileContent, err := GetKeyFile(ks.keysDirPath, keyAddr)
if err != nil {
- return nil, err
+ return nil, nil, err
}
keyProtected := new(encryptedKeyJSON)
err = json.Unmarshal(fileContent, keyProtected)
+ keyId = keyProtected.Id
salt := keyProtected.Crypto.Salt
-
iv := keyProtected.Crypto.IV
-
cipherText := keyProtected.Crypto.CipherText
authArray := []byte(auth)
derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptr, scryptp, scryptdkLen)
if err != nil {
- return nil, err
+ return nil, nil, err
}
-
- AES256Block, err := aes.NewCipher(derivedKey)
+ plainText, err := aesCBCDecrypt(derivedKey, cipherText, iv)
if err != nil {
- return nil, err
- }
-
- AES256CBCDecrypter := cipher.NewCBCDecrypter(AES256Block, iv)
- paddedPlainText := make([]byte, len(cipherText))
- AES256CBCDecrypter.CryptBlocks(paddedPlainText, cipherText)
-
- plainText := PKCS7Unpad(paddedPlainText)
- if plainText == nil {
- err = errors.New("Decryption failed: PKCS7Unpad failed after decryption")
- return nil, err
+ return nil, nil, err
}
-
keyBytes = plainText[:len(plainText)-32]
keyBytesHash := plainText[len(plainText)-32:]
if !bytes.Equal(Sha3(keyBytes), keyBytesHash) {
err = errors.New("Decryption failed: checksum mismatch")
- return nil, err
+ return nil, nil, err
}
- return keyBytes, err
+ return keyBytes, keyId, err
}
-func getEntropyCSPRNG(n int) []byte {
+func GetEntropyCSPRNG(n int) []byte {
mainBuff := make([]byte, n)
_, err := io.ReadFull(crand.Reader, mainBuff)
if err != nil {
@@ -211,35 +205,3 @@ func getEntropyCSPRNG(n int) []byte {
}
return mainBuff
}
-
-// From https://leanpub.com/gocrypto/read#leanpub-auto-block-cipher-modes
-func PKCS7Pad(in []byte) []byte {
- padding := 16 - (len(in) % 16)
- if padding == 0 {
- padding = 16
- }
- for i := 0; i < padding; i++ {
- in = append(in, byte(padding))
- }
- return in
-}
-
-func PKCS7Unpad(in []byte) []byte {
- if len(in) == 0 {
- return nil
- }
-
- padding := in[len(in)-1]
- if int(padding) > len(in) || padding > aes.BlockSize {
- return nil
- } else if padding == 0 {
- return nil
- }
-
- for i := len(in) - 1; i > len(in)-int(padding)-1; i-- {
- if in[i] != padding {
- return nil
- }
- }
- return in[:len(in)-int(padding)]
-}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-18 08:37:34 +0800