diff --git a/crypto/key_store_passphrase.go b/crypto/key_store_passphrase.go index 2700b0f1cc..19e77de917 100644 --- a/crypto/key_store_passphrase.go +++ b/crypto/key_store_passphrase.go @@ -61,12 +61,10 @@ type keyStorePassphrase struct { keysDirPath string scryptN int scryptP int - scryptR int - scryptDKLen int } func NewKeyStorePassphrase(path string, scryptN int, scryptP int) KeyStore { - return &keyStorePassphrase{path, scryptN, scryptP, scryptR, scryptDKLen} + return &keyStorePassphrase{path, scryptN, scryptP} } func (ks keyStorePassphrase) GenerateNewKey(rand io.Reader, auth string) (key *Key, err error) { @@ -85,29 +83,38 @@ func (ks keyStorePassphrase) GetKeyAddresses() (addresses []common.Address, err return getKeyAddresses(ks.keysDirPath) } -func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { - authArray := []byte(auth) - salt := randentropy.GetEntropyCSPRNG(32) - derivedKey, err := scrypt.Key(authArray, salt, ks.scryptN, ks.scryptR, ks.scryptP, ks.scryptDKLen) +func (ks keyStorePassphrase) StoreKey(key *Key, auth string) error { + keyjson, err := EncryptKey(key, auth, ks.scryptN, ks.scryptP) if err != nil { return err } + return writeKeyFile(key.Address, ks.keysDirPath, keyjson) +} + +// EncryptKey encrypts a key using the specified scrypt parameters into a json +// blob that can be decrypted later on. +func EncryptKey(key *Key, auth string, scryptN, scryptP int) ([]byte, error) { + authArray := []byte(auth) + salt := randentropy.GetEntropyCSPRNG(32) + derivedKey, err := scrypt.Key(authArray, salt, scryptN, scryptR, scryptP, scryptDKLen) + if err != nil { + return nil, err + } encryptKey := derivedKey[:16] keyBytes := FromECDSA(key.PrivateKey) iv := randentropy.GetEntropyCSPRNG(aes.BlockSize) // 16 cipherText, err := aesCTRXOR(encryptKey, keyBytes, iv) if err != nil { - return err + return nil, err } - mac := Keccak256(derivedKey[16:32], cipherText) scryptParamsJSON := make(map[string]interface{}, 5) - scryptParamsJSON["n"] = ks.scryptN - scryptParamsJSON["r"] = ks.scryptR - scryptParamsJSON["p"] = ks.scryptP - scryptParamsJSON["dklen"] = ks.scryptDKLen + scryptParamsJSON["n"] = scryptN + scryptParamsJSON["r"] = scryptR + scryptParamsJSON["p"] = scryptP + scryptParamsJSON["dklen"] = scryptDKLen scryptParamsJSON["salt"] = hex.EncodeToString(salt) cipherParamsJSON := cipherparamsJSON{ @@ -128,12 +135,7 @@ func (ks keyStorePassphrase) StoreKey(key *Key, auth string) (err error) { key.Id.String(), version, } - keyJSON, err := json.Marshal(encryptedKeyJSONV3) - if err != nil { - return err - } - - return writeKeyFile(key.Address, ks.keysDirPath, keyJSON) + return json.Marshal(encryptedKeyJSONV3) } func (ks keyStorePassphrase) DeleteKey(keyAddr common.Address, auth string) error { diff --git a/crypto/key_store_passphrase_test.go b/crypto/key_store_passphrase_test.go new file mode 100644 index 0000000000..bcdd58ad99 --- /dev/null +++ b/crypto/key_store_passphrase_test.go @@ -0,0 +1,51 @@ +// Copyright 2016 The go-ethereum Authors +// This file is part of the go-ethereum library. +// +// The go-ethereum library is free software: you can redistribute it and/or modify +// it under the terms of the GNU Lesser General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// The go-ethereum library is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Lesser General Public License for more details. +// +// You should have received a copy of the GNU Lesser General Public License +// along with the go-ethereum library. If not, see . + +package crypto + +import ( + "testing" + + "github.com/ethereum/go-ethereum/common" +) + +// Tests that a json key file can be decrypted and encrypted in multiple rounds. +func TestKeyEncryptDecrypt(t *testing.T) { + address := common.HexToAddress("f626acac23772cbe04dd578bee681b06bdefb9fa") + keyjson := []byte("{\"address\":\"f626acac23772cbe04dd578bee681b06bdefb9fa\",\"crypto\":{\"cipher\":\"aes-128-ctr\",\"ciphertext\":\"1bcf0ab9b14459795ce59f63e63255ffd84dc38d31614a5a78e37144d7e4a17f\",\"cipherparams\":{\"iv\":\"df4c7e225ee2d81adef522013e3fbe24\"},\"kdf\":\"scrypt\",\"kdfparams\":{\"dklen\":32,\"n\":262144,\"p\":1,\"r\":8,\"salt\":\"2909a99dd2bfa7079a4b40991773b1083f8512c0c55b9b63402ab0e3dc8db8b3\"},\"mac\":\"4ecf6a4ad92ae2c016cb7c44abade74799480c3303eb024661270dfefdbc7510\"},\"id\":\"b4718210-9a30-4883-b8a6-dbdd08bd0ceb\",\"version\":3}") + password := "" + + // Do a few rounds of decryption and encryption + for i := 0; i < 3; i++ { + // Try a bad password first + if _, err := DecryptKey(keyjson, password+"bad"); err == nil { + t.Error("test %d: json key decrypted with bad password", i) + } + // Decrypt with the correct password + key, err := DecryptKey(keyjson, password) + if err != nil { + t.Errorf("test %d: json key failed to decrypt: %v", i, err) + } + if key.Address != address { + t.Errorf("test %d: key address mismatch: have %x, want %x", i, key.Address, address) + } + // Recrypt with a new password and start over + password += "new data appended" + if keyjson, err = EncryptKey(key, password, LightScryptN, LightScryptP); err != nil { + t.Errorf("test %d: failed to recrypt key %v", err) + } + } +}