2016-06-20 10:06:49 +02:00
|
|
|
// Copyright 2015, 2016 Ethcore (UK) Ltd.
|
|
|
|
// This file is part of Parity.
|
|
|
|
|
|
|
|
// Parity is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
|
|
|
|
// Parity is distributed in the hope that it will be useful,
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
// along with Parity. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
2016-06-20 00:10:34 +02:00
|
|
|
use ethkey::{KeyPair, sign, Address, Secret, Signature, Message};
|
|
|
|
use {json, Error, crypto};
|
2016-09-28 15:47:52 +02:00
|
|
|
use crypto::Keccak256;
|
2016-06-20 00:10:34 +02:00
|
|
|
use random::Random;
|
|
|
|
use account::{Version, Cipher, Kdf, Aes128Ctr, Pbkdf2, Prf};
|
|
|
|
|
|
|
|
#[derive(Debug, PartialEq, Clone)]
|
|
|
|
pub struct Crypto {
|
|
|
|
pub cipher: Cipher,
|
2016-09-28 15:47:52 +02:00
|
|
|
pub ciphertext: Vec<u8>,
|
2016-06-20 00:10:34 +02:00
|
|
|
pub kdf: Kdf,
|
|
|
|
pub mac: [u8; 32],
|
|
|
|
}
|
|
|
|
|
|
|
|
#[derive(Debug, PartialEq, Clone)]
|
|
|
|
pub struct SafeAccount {
|
|
|
|
pub id: [u8; 16],
|
|
|
|
pub version: Version,
|
|
|
|
pub address: Address,
|
|
|
|
pub crypto: Crypto,
|
2016-08-03 17:58:22 +02:00
|
|
|
pub filename: Option<String>,
|
2016-07-24 17:38:21 +02:00
|
|
|
pub name: String,
|
|
|
|
pub meta: String,
|
2016-06-20 00:10:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
impl From<json::Crypto> for Crypto {
|
|
|
|
fn from(json: json::Crypto) -> Self {
|
|
|
|
Crypto {
|
2016-07-25 10:45:45 +02:00
|
|
|
cipher: json.cipher.into(),
|
2016-06-20 00:10:34 +02:00
|
|
|
ciphertext: json.ciphertext.into(),
|
2016-07-25 10:45:45 +02:00
|
|
|
kdf: json.kdf.into(),
|
2016-06-20 00:10:34 +02:00
|
|
|
mac: json.mac.into(),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Into<json::Crypto> for Crypto {
|
|
|
|
fn into(self) -> json::Crypto {
|
|
|
|
json::Crypto {
|
|
|
|
cipher: self.cipher.into(),
|
2016-07-25 10:45:45 +02:00
|
|
|
ciphertext: self.ciphertext.into(),
|
2016-06-20 00:10:34 +02:00
|
|
|
kdf: self.kdf.into(),
|
2016-07-25 10:45:45 +02:00
|
|
|
mac: self.mac.into(),
|
2016-06-20 00:10:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Into<json::KeyFile> for SafeAccount {
|
|
|
|
fn into(self) -> json::KeyFile {
|
|
|
|
json::KeyFile {
|
|
|
|
id: From::from(self.id),
|
|
|
|
version: self.version.into(),
|
2016-08-10 17:57:40 +02:00
|
|
|
address: self.address.into(),
|
2016-06-20 00:10:34 +02:00
|
|
|
crypto: self.crypto.into(),
|
2016-07-24 17:38:21 +02:00
|
|
|
name: Some(self.name.into()),
|
|
|
|
meta: Some(self.meta.into()),
|
2016-06-20 00:10:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl Crypto {
|
|
|
|
pub fn create(secret: &Secret, password: &str, iterations: u32) -> Self {
|
|
|
|
let salt: [u8; 32] = Random::random();
|
|
|
|
let iv: [u8; 16] = Random::random();
|
|
|
|
|
|
|
|
// two parts of derived key
|
|
|
|
// DK = [ DK[0..15] DK[16..31] ] = [derived_left_bits, derived_right_bits]
|
|
|
|
let (derived_left_bits, derived_right_bits) = crypto::derive_key_iterations(password, &salt, iterations);
|
|
|
|
|
|
|
|
let mut ciphertext = [0u8; 32];
|
|
|
|
|
|
|
|
// aes-128-ctr with initial vector of iv
|
2016-08-10 16:29:40 +02:00
|
|
|
crypto::aes::encrypt(&derived_left_bits, &iv, &**secret, &mut ciphertext);
|
2016-06-20 00:10:34 +02:00
|
|
|
|
|
|
|
// KECCAK(DK[16..31] ++ <ciphertext>), where DK[16..31] - derived_right_bits
|
|
|
|
let mac = crypto::derive_mac(&derived_right_bits, &ciphertext).keccak256();
|
|
|
|
|
|
|
|
Crypto {
|
|
|
|
cipher: Cipher::Aes128Ctr(Aes128Ctr {
|
|
|
|
iv: iv,
|
|
|
|
}),
|
2016-09-28 15:47:52 +02:00
|
|
|
ciphertext: ciphertext.to_vec(),
|
2016-06-20 00:10:34 +02:00
|
|
|
kdf: Kdf::Pbkdf2(Pbkdf2 {
|
|
|
|
dklen: crypto::KEY_LENGTH as u32,
|
|
|
|
salt: salt,
|
|
|
|
c: iterations,
|
|
|
|
prf: Prf::HmacSha256,
|
|
|
|
}),
|
|
|
|
mac: mac,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn secret(&self, password: &str) -> Result<Secret, Error> {
|
2016-09-28 15:47:52 +02:00
|
|
|
if self.ciphertext.len() > 32 {
|
|
|
|
return Err(Error::InvalidSecret);
|
|
|
|
}
|
|
|
|
|
2016-06-20 00:10:34 +02:00
|
|
|
let (derived_left_bits, derived_right_bits) = match self.kdf {
|
|
|
|
Kdf::Pbkdf2(ref params) => crypto::derive_key_iterations(password, ¶ms.salt, params.c),
|
|
|
|
Kdf::Scrypt(ref params) => crypto::derive_key_scrypt(password, ¶ms.salt, params.n, params.p, params.r),
|
|
|
|
};
|
|
|
|
|
|
|
|
let mac = crypto::derive_mac(&derived_right_bits, &self.ciphertext).keccak256();
|
|
|
|
|
|
|
|
if mac != self.mac {
|
|
|
|
return Err(Error::InvalidPassword);
|
|
|
|
}
|
|
|
|
|
|
|
|
let mut secret = Secret::default();
|
|
|
|
|
|
|
|
match self.cipher {
|
|
|
|
Cipher::Aes128Ctr(ref params) => {
|
2016-09-28 15:47:52 +02:00
|
|
|
let from = 32 - self.ciphertext.len();
|
|
|
|
crypto::aes::decrypt(&derived_left_bits, ¶ms.iv, &self.ciphertext, &mut (&mut *secret)[from..])
|
2016-06-20 00:10:34 +02:00
|
|
|
},
|
|
|
|
}
|
|
|
|
|
|
|
|
Ok(secret)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
impl SafeAccount {
|
2016-08-03 17:58:22 +02:00
|
|
|
pub fn create(
|
|
|
|
keypair: &KeyPair,
|
|
|
|
id: [u8; 16],
|
|
|
|
password: &str,
|
|
|
|
iterations: u32,
|
|
|
|
name: String,
|
|
|
|
meta: String
|
|
|
|
) -> Self {
|
2016-06-20 00:10:34 +02:00
|
|
|
SafeAccount {
|
|
|
|
id: id,
|
|
|
|
version: Version::V3,
|
|
|
|
crypto: Crypto::create(keypair.secret(), password, iterations),
|
|
|
|
address: keypair.address(),
|
2016-08-03 17:58:22 +02:00
|
|
|
filename: None,
|
2016-07-24 17:38:21 +02:00
|
|
|
name: name,
|
|
|
|
meta: meta,
|
2016-06-20 00:10:34 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-08-10 17:57:40 +02:00
|
|
|
/// Create a new `SafeAccount` from the given `json`; if it was read from a
|
|
|
|
/// file, the `filename` should be `Some` name. If it is as yet anonymous, then it
|
|
|
|
/// can be left `None`.
|
|
|
|
pub fn from_file(json: json::KeyFile, filename: Option<String>) -> Self {
|
2016-07-25 10:45:45 +02:00
|
|
|
SafeAccount {
|
|
|
|
id: json.id.into(),
|
|
|
|
version: json.version.into(),
|
|
|
|
address: json.address.into(),
|
|
|
|
crypto: json.crypto.into(),
|
2016-08-10 17:57:40 +02:00
|
|
|
filename: filename,
|
2016-07-25 10:45:45 +02:00
|
|
|
name: json.name.unwrap_or(String::new()),
|
|
|
|
meta: json.meta.unwrap_or("{}".to_owned()),
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-06-20 00:10:34 +02:00
|
|
|
pub fn sign(&self, password: &str, message: &Message) -> Result<Signature, Error> {
|
|
|
|
let secret = try!(self.crypto.secret(password));
|
|
|
|
sign(&secret, message).map_err(From::from)
|
|
|
|
}
|
|
|
|
|
2016-09-22 14:48:22 +02:00
|
|
|
pub fn decrypt(&self, password: &str, shared_mac: &[u8], message: &[u8]) -> Result<Vec<u8>, Error> {
|
|
|
|
let secret = try!(self.crypto.secret(password));
|
|
|
|
crypto::ecies::decrypt(&secret, shared_mac, message).map_err(From::from)
|
|
|
|
}
|
|
|
|
|
2016-06-20 00:10:34 +02:00
|
|
|
pub fn change_password(&self, old_password: &str, new_password: &str, iterations: u32) -> Result<Self, Error> {
|
|
|
|
let secret = try!(self.crypto.secret(old_password));
|
|
|
|
let result = SafeAccount {
|
|
|
|
id: self.id.clone(),
|
|
|
|
version: self.version.clone(),
|
|
|
|
crypto: Crypto::create(&secret, new_password, iterations),
|
|
|
|
address: self.address.clone(),
|
2016-08-03 17:58:22 +02:00
|
|
|
filename: self.filename.clone(),
|
2016-07-24 17:38:21 +02:00
|
|
|
name: self.name.clone(),
|
|
|
|
meta: self.meta.clone(),
|
2016-06-20 00:10:34 +02:00
|
|
|
};
|
|
|
|
Ok(result)
|
|
|
|
}
|
|
|
|
|
|
|
|
pub fn check_password(&self, password: &str) -> bool {
|
|
|
|
self.crypto.secret(password).is_ok()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#[cfg(test)]
|
|
|
|
mod tests {
|
2016-06-20 10:02:02 +02:00
|
|
|
use ethkey::{Generator, Random, verify_public, Message};
|
2016-06-20 00:10:34 +02:00
|
|
|
use super::{Crypto, SafeAccount};
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn crypto_create() {
|
|
|
|
let keypair = Random.generate().unwrap();
|
|
|
|
let crypto = Crypto::create(keypair.secret(), "this is sparta", 10240);
|
|
|
|
let secret = crypto.secret("this is sparta").unwrap();
|
|
|
|
assert_eq!(keypair.secret(), &secret);
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
#[should_panic]
|
|
|
|
fn crypto_invalid_password() {
|
|
|
|
let keypair = Random.generate().unwrap();
|
|
|
|
let crypto = Crypto::create(keypair.secret(), "this is sparta", 10240);
|
|
|
|
let _ = crypto.secret("this is sparta!").unwrap();
|
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
2016-06-20 10:02:02 +02:00
|
|
|
fn sign_and_verify_public() {
|
2016-06-20 00:10:34 +02:00
|
|
|
let keypair = Random.generate().unwrap();
|
|
|
|
let password = "hello world";
|
|
|
|
let message = Message::default();
|
2016-07-24 17:38:21 +02:00
|
|
|
let account = SafeAccount::create(&keypair, [0u8; 16], password, 10240, "Test".to_owned(), "{}".to_owned());
|
2016-06-20 00:10:34 +02:00
|
|
|
let signature = account.sign(password, &message).unwrap();
|
2016-06-20 10:02:02 +02:00
|
|
|
assert!(verify_public(keypair.public(), &signature, &message).unwrap());
|
2016-06-20 00:10:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
#[test]
|
|
|
|
fn change_password() {
|
|
|
|
let keypair = Random.generate().unwrap();
|
|
|
|
let first_password = "hello world";
|
|
|
|
let sec_password = "this is sparta";
|
|
|
|
let i = 10240;
|
|
|
|
let message = Message::default();
|
2016-07-24 17:38:21 +02:00
|
|
|
let account = SafeAccount::create(&keypair, [0u8; 16], first_password, i, "Test".to_owned(), "{}".to_owned());
|
2016-06-20 00:10:34 +02:00
|
|
|
let new_account = account.change_password(first_password, sec_password, i).unwrap();
|
|
|
|
assert!(account.sign(first_password, &message).is_ok());
|
|
|
|
assert!(account.sign(sec_password, &message).is_err());
|
|
|
|
assert!(new_account.sign(first_password, &message).is_err());
|
|
|
|
assert!(new_account.sign(sec_password, &message).is_ok());
|
|
|
|
}
|
|
|
|
}
|