secret store separated from util (#1304)

* bump rust-crypto

* initial version of account provider utilizing secret store

* update lazy_static to latest version

* AccountProvider accounts method

* new AccountProvider tests in progress

* basic tests for new AccountProvider

* ethcore compiles with new account provider and secret store

* ethcore-rpc build now compiling with new AccountProvider

* most rpc tests passing with new accounts_provider

* fixed basic_authority tests

* fixed eth_transaction_count rpc test

* fixed mocked/eth.rs tests

* fixed personal tests

* fixed personal signer rpc tests

* removed warnings

* parity compiling fine with new sstore

* fixed import direction

* do not unlock temporarily when we have the password

* removed TODO in account import

* display warning on auto account import failure

* fixed compiling of ethstore on windows

* ethstore as a part of parity repo

* added ethkey

ethstore/.editorconfig

@@ -0,0 +1,11 @@
+root = true
+[*]
+indent_style=tab
+indent_size=tab
+tab_width=4
+end_of_line=lf
+charset=utf-8
+trim_trailing_whitespace=true
+max_line_length=120
+insert_final_newline=true
+

ethstore/.gitignore

@@ -0,0 +1,2 @@
+target
+*.swp

ethstore/.travis.yml

@@ -0,0 +1,23 @@
+sudo: false
+language: rust
+branches:
+  only:
+  - master
+matrix:
+  fast_finish: false
+  include:
+  - rust: stable
+  - rust: beta
+  - rust: nightly
+after_success: |
+  [ $TRAVIS_BRANCH = master ] &&
+  [ $TRAVIS_PULL_REQUEST = false ] &&
+  [ $TRAVIS_RUST_VERSION = stable ] &&
+  cargo doc --no-deps --verbose &&
+  echo '<meta http-equiv=refresh content=0;url=ethkey/index.html>' > target/doc/index.html &&
+  pip install --user ghp-import &&
+  /home/travis/.local/bin/ghp-import -n target/doc &&
+  git push -fq https://${GH_TOKEN}@github.com/${TRAVIS_REPO_SLUG}.git gh-pages
+env:
+  global:
+  - secure: C4l7WR0jS84WNmd3MvmpPXQz4wRh4CLDS6bP3BqSHXadz8FPKejtMJZscLYAk5kIkDcVsTAYb88RsEFRrYOA4wkS6vhZBtryYRaJ68MlkyEU/77SYwm86rkQINIDw65O73dUD5LbWWCUoYkenGu26u/UnfayHfJBAyKw5IHkVKf6eDqu7E8ojKSEOXbWgBHjq6uixI8IESb15UjIE0AQ1Od+6cqhsz/caPhTMT3CJGjoCoVGWChwWSQZ+Ppb+xB83C/1h58UVwE9sZEyIPKwVP6socnHPmtR+VEUI6a7YIsOk6ZadKLtyy4523w4HqHNx1/dYjmsknbGpkF4D0DRp5L3D4t4J6URCkJIHfSRrBF5l2QbLMMuSf+KWMWuFOrOF5DBryobRKAVmIL5AjfvFsxtBNzYLPyVBs0ntbPuN5WeUPhadam00za9Z1ZvOUJxfNfyy9R67u6FdD9xkw2m/9hO7KJLDeZ4TSCRFrzfl/7WQprfjCwhZ+reKPgHH0Ufy1/Kh/WEuEBfZDa+z3mWWHlslqH2uBPH3+pvhzdVQGLB/5GZdJNeg/nJYJDCqHyWUKxkw+OMSvI0J8W0GiHV4TuY9V3p+rYjU2Zj69u3/xO/IvKrFtB9xdeJMrLiFQ2cD5vgzQOLCKo80f53NitUjdVSoWrY/NcYopBU4VHZMlk=

ethstore/Cargo.toml

@@ -0,0 +1,30 @@
+[package]
+name = "ethstore"
+version = "0.1.0"
+authors = ["debris <marek.kotewicz@gmail.com>"]
+build = "build.rs"
+
+[dependencies]
+libc = "0.2.11"
+rand = "0.3.14"
+ethkey = { path = "../ethkey" }
+serde = "0.7"
+serde_json = "0.7"
+serde_macros = { version = "0.7", optional = true }
+rustc-serialize = "0.3"
+rust-crypto = "0.2.36"
+tiny-keccak = "1.0"
+docopt = { version = "0.6", optional = true }
+
+[build-dependencies]
+serde_codegen = { version = "0.7", optional = true }
+syntex = "0.33.0"
+
+[features]
+default = ["cli", "serde_codegen"]
+nightly = ["serde_macros"]
+cli = ["docopt"]
+
+[[bin]]
+name = "ethstore"
+doc = false

ethstore/README.md

@@ -0,0 +1,162 @@
+# ethstore
+
+[![Build Status][travis-image]][travis-url]
+
+[travis-image]: https://travis-ci.org/ethcore/ethstore.svg?branch=master
+[travis-url]: https://travis-ci.org/ethcore/ethstore
+
+Ethereum key management.
+
+[Documentation](http://ethcore.github.io/ethstore/ethstore/index.html)
+
+### Usage
+
+```
+Ethereum key management.
+  Copyright 2016 Ethcore (UK) Limited
+
+Usage:
+    ethstore insert <secret> <password> [--dir DIR]
+    ethstore change-pwd <address> <old-pwd> <new-pwd> [--dir DIR]
+    ethstore list [--dir DIR]
+    ethstore import [--src DIR] [--dir DIR]
+    ethstore remove <address> <password> [--dir DIR]
+    ethstore sign <address> <password> <message> [--dir DIR]
+    ethstore [-h | --help]
+
+Options:
+    -h, --help         Display this message and exit.
+    --dir DIR          Specify the secret store directory. It may be either
+                       parity, parity-test, geth, geth-test
+                       or a path [default: parity].
+    --src DIR          Specify import source. It may be either
+                       parity, parity-test, get, geth-test
+                       or a path [default: geth].
+
+Commands:
+    insert             Save account with password.
+    change-pwd         Change account password.
+    list               List accounts.
+    import             Import accounts from src.
+    remove             Remove account.
+    sign               Sign message.
+```
+
+### Examples
+
+#### `insert <secret> <password> [--dir DIR]`
+*Encrypt secret with a password and save it in secret store.*
+
+- `<secret>` - ethereum secret, 32 bytes long
+- `<password>` - account password, any string
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ethstore insert 7d29fab185a33e2cd955812397354c472d2b84615b645aa135ff539f6b0d70d5 "this is sparta"
+```
+
+```
+a8fa5dd30a87bb9e3288d604eb74949c515ab66e
+```
+
+--
+
+```
+ethstore insert `ethkey generate random -s` "this is sparta"
+```
+
+```
+24edfff680d536a5f6fe862d36df6f8f6f40f115
+```
+
+--
+
+#### `change-pwd <address> <old-pwd> <new-pwd> [--dir DIR]`
+*Change account password.*
+
+- `<address>` - ethereum address, 20 bytes long
+- `<old-pwd>` - old account password, any string
+- `<new-pwd>` - new account password, any string
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ethstore change-pwd a8fa5dd30a87bb9e3288d604eb74949c515ab66e "this is sparta" "hello world"
+```
+
+```
+true
+```
+
+--
+
+#### `list [--dir DIR]`
+*List secret store accounts.*
+
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ethstore list
+```
+
+```
+ 0: 24edfff680d536a5f6fe862d36df6f8f6f40f115
+ 1: 6edddfc6349aff20bc6467ccf276c5b52487f7a8
+ 2: e6a3d25a7cb7cd21cb720df5b5e8afd154af1bbb
+```
+
+--
+
+#### `import [--src DIR] [--dir DIR]`
+*Import accounts from src.*
+
+- `[--src DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: geth
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ 0: e6a3d25a7cb7cd21cb720df5b5e8afd154af1bbb
+ 1: 6edddfc6349aff20bc6467ccf276c5b52487f7a8
+```
+
+--
+
+#### `remove <address> <password> [--dir DIR]`
+*Remove account from secret store.*
+
+- `<address>` - ethereum address, 20 bytes long
+- `<password>` - account password, any string
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ethstore remove a8fa5dd30a87bb9e3288d604eb74949c515ab66e "hello world"
+```
+
+```
+true
+```
+
+--
+
+#### `sign <address> <password> <message> [--dir DIR]`
+*Sign message with account's secret.*
+
+- `<address>` - ethereum address, 20 bytes long
+- `<password>` - account password, any string
+- `<message>` - message to sign, 32 bytes long
+- `[--dir DIR]` - secret store directory, It may be either parity, parity-test, geth, geth-test or a path. default: parity
+
+```
+ethstore sign 24edfff680d536a5f6fe862d36df6f8f6f40f115 "this is sparta" 7d29fab185a33e2cd955812397354c472d2b84615b645aa135ff539f6b0d70d5
+```
+
+```
+c6649f9555232d90ff716d7e552a744c5af771574425a74860e12f763479eb1b708c1f3a7dc0a0a7f7a81e0a0ca88c6deacf469222bb3d9c5bf0847f98bae54901
+```
+
+--
+
+# Ethcore toolchain
+*this project is a part of the ethcore toolchain*
+
+- [**ethkey**](https://github.com/ethcore/ethkey) - Ethereum keys generator and signer.
+- [**ethstore**](https://github.com/ethcore/ethstore) - Ethereum key management.
+- [**ethabi**](https://github.com/ethcore/ethabi) - Ethereum function calls encoding.

ethstore/build.rs

@@ -0,0 +1,29 @@
+#[cfg(not(feature = "serde_macros"))]
+mod inner {
+    extern crate syntex;
+    extern crate serde_codegen;
+
+    use std::env;
+    use std::path::Path;
+
+    pub fn main() {
+        let out_dir = env::var_os("OUT_DIR").unwrap();
+
+        let src = Path::new("src/json/mod.rs.in");
+        let dst = Path::new(&out_dir).join("mod.rs");
+
+        let mut registry = syntex::Registry::new();
+
+        serde_codegen::register(&mut registry);
+        registry.expand("", &src, &dst).unwrap();
+    }
+}
+
+#[cfg(feature = "serde_macros")]
+mod inner {
+    pub fn main() {}
+}
+
+fn main() {
+    inner::main();
+}

ethstore/src/account/cipher.rs

@@ -0,0 +1,43 @@
+use json;
+
+#[derive(Debug, PartialEq, Clone)]
+pub struct Aes128Ctr {
+	pub iv: [u8; 16],
+}
+
+#[derive(Debug, PartialEq, Clone)]
+pub enum Cipher {
+	Aes128Ctr(Aes128Ctr),
+}
+
+impl From<json::Aes128Ctr> for Aes128Ctr {
+	fn from(json: json::Aes128Ctr) -> Self {
+		Aes128Ctr {
+			iv: json.iv.into()
+		}
+	}
+}
+
+impl Into<json::Aes128Ctr> for Aes128Ctr {
+	fn into(self) -> json::Aes128Ctr {
+		json::Aes128Ctr {
+			iv: From::from(self.iv)
+		}
+	}
+}
+
+impl From<json::Cipher> for Cipher {
+	fn from(json: json::Cipher) -> Self {
+		match json {
+			json::Cipher::Aes128Ctr(params) => Cipher::Aes128Ctr(From::from(params)),
+		}
+	}
+}
+
+impl Into<json::Cipher> for Cipher {
+	fn into(self) -> json::Cipher {
+		match self {
+			Cipher::Aes128Ctr(params) => json::Cipher::Aes128Ctr(params.into()),
+		}
+	}
+}

ethstore/src/account/kdf.rs

@@ -0,0 +1,109 @@
+use json;
+
+#[derive(Debug, PartialEq, Clone)]
+pub enum Prf {
+	HmacSha256,
+}
+
+#[derive(Debug, PartialEq, Clone)]
+pub struct Pbkdf2 {
+	pub c: u32,
+	pub dklen: u32,
+	pub prf: Prf,
+	pub salt: [u8; 32],
+}
+
+#[derive(Debug, PartialEq, Clone)]
+pub struct Scrypt {
+	pub dklen: u32,
+	pub p: u32,
+	pub n: u32,
+	pub r: u32,
+	pub salt: [u8; 32],
+}
+
+#[derive(Debug, PartialEq, Clone)]
+pub enum Kdf {
+	Pbkdf2(Pbkdf2),
+	Scrypt(Scrypt),
+}
+
+impl From<json::Prf> for Prf {
+	fn from(json: json::Prf) -> Self {
+		match json {
+			json::Prf::HmacSha256 => Prf::HmacSha256,
+		}
+	}
+}
+
+impl Into<json::Prf> for Prf {
+	fn into(self) -> json::Prf {
+		match self {
+			Prf::HmacSha256 => json::Prf::HmacSha256,
+		}
+	}
+}
+
+impl From<json::Pbkdf2> for Pbkdf2 {
+	fn from(json: json::Pbkdf2) -> Self {
+		Pbkdf2 {
+			c: json.c,
+			dklen: json.dklen,
+			prf: From::from(json.prf),
+			salt: json.salt.into(),
+		}
+	}
+}
+
+impl Into<json::Pbkdf2> for Pbkdf2 {
+	fn into(self) -> json::Pbkdf2 {
+		json::Pbkdf2 {
+			c: self.c,
+			dklen: self.dklen,
+			prf: self.prf.into(),
+			salt: From::from(self.salt),
+		}
+	}
+}
+
+impl From<json::Scrypt> for Scrypt {
+	fn from(json: json::Scrypt) -> Self {
+		Scrypt {
+			dklen: json.dklen,
+			p: json.p,
+			n: json.n,
+			r: json.r,
+			salt: json.salt.into(),
+		}
+	}
+}
+
+impl Into<json::Scrypt> for Scrypt {
+	fn into(self) -> json::Scrypt {
+		json::Scrypt {
+			dklen: self.dklen,
+			p: self.p,
+			n: self.n,
+			r: self.r,
+			salt: From::from(self.salt),
+		}
+	}
+}
+
+impl From<json::Kdf> for Kdf {
+	fn from(json: json::Kdf) -> Self {
+		match json {
+			json::Kdf::Pbkdf2(params) => Kdf::Pbkdf2(From::from(params)),
+			json::Kdf::Scrypt(params) => Kdf::Scrypt(From::from(params)),
+		}
+	}
+}
+
+impl Into<json::Kdf> for Kdf {
+	fn into(self) -> json::Kdf {
+		match self {
+			Kdf::Pbkdf2(params) => json::Kdf::Pbkdf2(params.into()),
+			Kdf::Scrypt(params) => json::Kdf::Scrypt(params.into()),
+		}
+	}
+}

ethstore/src/account/mod.rs

@@ -0,0 +1,9 @@
+mod cipher;
+mod kdf;
+mod safe_account;
+mod version;
+
+pub use self::cipher::{Cipher, Aes128Ctr};
+pub use self::kdf::{Kdf, Pbkdf2, Scrypt, Prf};
+pub use self::safe_account::{SafeAccount, Crypto};
+pub use self::version::Version;

ethstore/src/account/safe_account.rs

@@ -0,0 +1,200 @@
+use std::ops::{Deref, DerefMut};
+use ethkey::{KeyPair, sign, Address, Secret, Signature, Message};
+use {json, Error, crypto};
+use crypto::Keccak256;
+use random::Random;
+use account::{Version, Cipher, Kdf, Aes128Ctr, Pbkdf2, Prf};
+
+#[derive(Debug, PartialEq, Clone)]
+pub struct Crypto {
+	pub cipher: Cipher,
+	pub ciphertext: [u8; 32],
+	pub kdf: Kdf,
+	pub mac: [u8; 32],
+}
+
+#[derive(Debug, PartialEq, Clone)]
+pub struct SafeAccount {
+	pub id: [u8; 16],
+	pub version: Version,
+	pub address: Address,
+	pub crypto: Crypto,
+}
+
+impl From<json::Crypto> for Crypto {
+	fn from(json: json::Crypto) -> Self {
+		Crypto {
+			cipher: From::from(json.cipher),
+			ciphertext: json.ciphertext.into(),
+			kdf: From::from(json.kdf),
+			mac: json.mac.into(),
+		}
+	}
+}
+
+impl Into<json::Crypto> for Crypto {
+	fn into(self) -> json::Crypto {
+		json::Crypto {
+			cipher: self.cipher.into(),
+			ciphertext: From::from(self.ciphertext),
+			kdf: self.kdf.into(),
+			mac: From::from(self.mac),
+		}
+	}
+}
+
+impl From<json::KeyFile> for SafeAccount {
+	fn from(json: json::KeyFile) -> Self {
+		SafeAccount {
+			id: json.id.into(),
+			version: From::from(json.version),
+			address: From::from(json.address), //json.address.into(),
+			crypto: From::from(json.crypto),
+		}
+	}
+}
+
+impl Into<json::KeyFile> for SafeAccount {
+	fn into(self) -> json::KeyFile {
+		json::KeyFile {
+			id: From::from(self.id),
+			version: self.version.into(),
+			address: self.address.into(), //From::from(self.address),
+			crypto: self.crypto.into(),
+		}
+	}
+}
+
+impl Crypto {
+	pub fn create(secret: &Secret, password: &str, iterations: u32) -> Self {
+		let salt: [u8; 32] = Random::random();
+		let iv: [u8; 16] = Random::random();
+
+		// two parts of derived key
+		// DK = [ DK[0..15] DK[16..31] ] = [derived_left_bits, derived_right_bits]
+		let (derived_left_bits, derived_right_bits) = crypto::derive_key_iterations(password, &salt, iterations);
+
+		let mut ciphertext = [0u8; 32];
+
+		// aes-128-ctr with initial vector of iv
+		crypto::aes::encrypt(&derived_left_bits, &iv, secret.deref(), &mut ciphertext);
+
+		// KECCAK(DK[16..31] ++ <ciphertext>), where DK[16..31] - derived_right_bits
+		let mac = crypto::derive_mac(&derived_right_bits, &ciphertext).keccak256();
+
+		Crypto {
+			cipher: Cipher::Aes128Ctr(Aes128Ctr {
+				iv: iv,
+			}),
+			ciphertext: ciphertext,
+			kdf: Kdf::Pbkdf2(Pbkdf2 {
+				dklen: crypto::KEY_LENGTH as u32,
+				salt: salt,
+				c: iterations,
+				prf: Prf::HmacSha256,
+			}),
+			mac: mac,
+		}
+	}
+
+	pub fn secret(&self, password: &str) -> Result<Secret, Error> {
+		let (derived_left_bits, derived_right_bits) = match self.kdf {
+			Kdf::Pbkdf2(ref params) => crypto::derive_key_iterations(password, &params.salt, params.c),
+			Kdf::Scrypt(ref params) => crypto::derive_key_scrypt(password, &params.salt, params.n, params.p, params.r),
+		};
+
+		let mac = crypto::derive_mac(&derived_right_bits, &self.ciphertext).keccak256();
+
+		if mac != self.mac {
+			return Err(Error::InvalidPassword);
+		}
+
+		let mut secret = Secret::default();
+
+		match self.cipher {
+			Cipher::Aes128Ctr(ref params) => {
+				crypto::aes::decrypt(&derived_left_bits, &params.iv, &self.ciphertext, secret.deref_mut())
+			},
+		}
+
+		Ok(secret)
+	}
+}
+
+impl SafeAccount {
+	pub fn create(keypair: &KeyPair, id: [u8; 16], password: &str, iterations: u32) -> Self {
+		SafeAccount {
+			id: id,
+			version: Version::V3,
+			crypto: Crypto::create(keypair.secret(), password, iterations),
+			address: keypair.address(),
+		}
+	}
+
+	pub fn sign(&self, password: &str, message: &Message) -> Result<Signature, Error> {
+		let secret = try!(self.crypto.secret(password));
+		sign(&secret, message).map_err(From::from)
+	}
+
+	pub fn change_password(&self, old_password: &str, new_password: &str, iterations: u32) -> Result<Self, Error> {
+		let secret = try!(self.crypto.secret(old_password));
+		let result = SafeAccount {
+			id: self.id.clone(),
+			version: self.version.clone(),
+			crypto: Crypto::create(&secret, new_password, iterations),
+			address: self.address.clone(),
+		};
+		Ok(result)
+	}
+
+	pub fn check_password(&self, password: &str) -> bool {
+		self.crypto.secret(password).is_ok()
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	use ethkey::{Generator, Random, verify, Message};
+	use super::{Crypto, SafeAccount};
+
+	#[test]
+	fn crypto_create() {
+		let keypair = Random.generate().unwrap();
+		let crypto = Crypto::create(keypair.secret(), "this is sparta", 10240);
+		let secret = crypto.secret("this is sparta").unwrap();
+		assert_eq!(keypair.secret(), &secret);
+	}
+
+	#[test]
+	#[should_panic]
+	fn crypto_invalid_password() {
+		let keypair = Random.generate().unwrap();
+		let crypto = Crypto::create(keypair.secret(), "this is sparta", 10240);
+		let _ = crypto.secret("this is sparta!").unwrap();
+	}
+
+	#[test]
+	fn sign_and_verify() {
+		let keypair = Random.generate().unwrap();
+		let password = "hello world";
+		let message = Message::default();
+		let account = SafeAccount::create(&keypair, [0u8; 16], password, 10240);
+		let signature = account.sign(password, &message).unwrap();
+		assert!(verify(keypair.public(), &signature, &message).unwrap());
+	}
+
+	#[test]
+	fn change_password() {
+		let keypair = Random.generate().unwrap();
+		let first_password = "hello world";
+		let sec_password = "this is sparta";
+		let i = 10240;
+		let message = Message::default();
+		let account = SafeAccount::create(&keypair, [0u8; 16], first_password, i);
+		let new_account = account.change_password(first_password, sec_password, i).unwrap();
+		assert!(account.sign(first_password, &message).is_ok());
+		assert!(account.sign(sec_password, &message).is_err());
+		assert!(new_account.sign(first_password, &message).is_err());
+		assert!(new_account.sign(sec_password, &message).is_ok());
+	}
+}

ethstore/src/account/version.rs

@@ -0,0 +1,22 @@
+use json;
+
+#[derive(Debug, PartialEq, Clone)]
+pub enum Version {
+	V3,
+}
+
+impl From<json::Version> for Version {
+	fn from(json: json::Version) -> Self {
+		match json {
+			json::Version::V3 => Version::V3,
+		}
+	}
+}
+
+impl Into<json::Version> for Version {
+	fn into(self) -> json::Version {
+		match self {
+			Version::V3 => json::Version::V3,
+		}
+	}
+}

ethstore/src/bin/ethstore.rs

@@ -0,0 +1,128 @@
+extern crate rustc_serialize;
+extern crate docopt;
+extern crate ethstore;
+
+use std::{env, process};
+use std::ops::Deref;
+use std::str::FromStr;
+use docopt::Docopt;
+use ethstore::ethkey::{Secret, Address, Message};
+use ethstore::dir::{KeyDirectory, ParityDirectory, DiskDirectory, GethDirectory, DirectoryType};
+use ethstore::{EthStore, SecretStore, import_accounts, Error};
+
+pub const USAGE: &'static str = r#"
+Ethereum key management.
+  Copyright 2016 Ethcore (UK) Limited
+
+Usage:
+    ethstore insert <secret> <password> [--dir DIR]
+    ethstore change-pwd <address> <old-pwd> <new-pwd> [--dir DIR]
+    ethstore list [--dir DIR]
+    ethstore import [--src DIR] [--dir DIR]
+    ethstore remove <address> <password> [--dir DIR]
+    ethstore sign <address> <password> <message> [--dir DIR]
+    ethstore [-h | --help]
+
+Options:
+    -h, --help         Display this message and exit.
+    --dir DIR          Specify the secret store directory. It may be either
+                       parity, parity-test, geth, geth-test
+                       or a path [default: parity].
+    --src DIR          Specify import source. It may be either
+                       parity, parity-test, get, geth-test
+                       or a path [default: geth].
+
+Commands:
+    insert             Save account with password.
+    change-pwd         Change password.
+    list               List accounts.
+    import             Import accounts from src.
+    remove             Remove account.
+    sign               Sign message.
+"#;
+
+#[derive(Debug, RustcDecodable)]
+struct Args {
+	cmd_insert: bool,
+	cmd_change_pwd: bool,
+	cmd_list: bool,
+	cmd_import: bool,
+	cmd_remove: bool,
+	cmd_sign: bool,
+	arg_secret: String,
+	arg_password: String,
+	arg_old_pwd: String,
+	arg_new_pwd: String,
+	arg_address: String,
+	arg_message: String,
+	flag_src: String,
+	flag_dir: String,
+}
+
+fn main() {
+	match execute(env::args()) {
+		Ok(result) => println!("{}", result),
+		Err(err) => {
+			println!("{}", err);
+			process::exit(1);
+		}
+	}
+}
+
+fn key_dir(location: &str) -> Result<Box<KeyDirectory>, Error> {
+	let dir: Box<KeyDirectory> = match location {
+		"parity" => Box::new(try!(ParityDirectory::create(DirectoryType::Main))),
+		"parity-test" => Box::new(try!(ParityDirectory::create(DirectoryType::Testnet))),
+		"geth" => Box::new(try!(GethDirectory::create(DirectoryType::Main))),
+		"geth-test" => Box::new(try!(GethDirectory::create(DirectoryType::Testnet))),
+		path => Box::new(try!(DiskDirectory::create(path))),
+	};
+
+	Ok(dir)
+}
+
+fn format_accounts(accounts: &[Address]) -> String {
+	accounts.iter()
+		.enumerate()
+		.map(|(i, a)| format!("{:2}: {}", i, a))
+		.collect::<Vec<String>>()
+		.join("\n")
+}
+
+fn execute<S, I>(command: I) -> Result<String, Error> where I: IntoIterator<Item=S>, S: AsRef<str> {
+	let args: Args = Docopt::new(USAGE)
+		.and_then(|d| d.argv(command).decode())
+		.unwrap_or_else(|e| e.exit());
+
+	let store = try!(EthStore::open(try!(key_dir(&args.flag_dir))));
+
+	return if args.cmd_insert {
+		let secret = try!(Secret::from_str(&args.arg_secret));
+		let address = try!(store.insert_account(secret, &args.arg_password));
+		Ok(format!("{}", address))
+	} else if args.cmd_change_pwd {
+		let address = try!(Address::from_str(&args.arg_address));
+		let ok = store.change_password(&address, &args.arg_old_pwd, &args.arg_new_pwd).is_ok();
+		Ok(format!("{}", ok))
+	} else if args.cmd_list {
+		let accounts = store.accounts();
+		Ok(format_accounts(&accounts))
+	} else if args.cmd_import {
+		let src = try!(key_dir(&args.flag_src));
+		let dst = try!(key_dir(&args.flag_dir));
+		let accounts = try!(import_accounts(src.deref(), dst.deref()));
+		Ok(format_accounts(&accounts))
+	} else if args.cmd_remove {
+		let address = try!(Address::from_str(&args.arg_address));
+		let ok = store.remove_account(&address, &args.arg_password).is_ok();
+		Ok(format!("{}", ok))
+	} else if args.cmd_sign {
+		let address = try!(Address::from_str(&args.arg_address));
+		let message = try!(Message::from_str(&args.arg_message));
+		let signature = try!(store.sign(&address, &args.arg_password, &message));
+		Ok(format!("{}", signature))
+	} else {
+		unreachable!();
+	}
+}
+

ethstore/src/bin/main.rs

@@ -0,0 +1,5 @@
+#[cfg(feature = "cli")]
+include!("ethstore.rs");
+
+#[cfg(not(feature = "cli"))]
+fn main() {}

ethstore/src/crypto.rs

@@ -0,0 +1,69 @@
+use tiny_keccak::Keccak;
+use rcrypto::pbkdf2::pbkdf2;
+use rcrypto::scrypt::{scrypt, ScryptParams};
+use rcrypto::sha2::Sha256;
+use rcrypto::hmac::Hmac;
+
+pub const KEY_LENGTH: usize = 32;
+pub const KEY_ITERATIONS: usize = 10240;
+pub const KEY_LENGTH_AES: usize = KEY_LENGTH / 2;
+
+pub fn derive_key_iterations(password: &str, salt: &[u8; 32], c: u32) -> (Vec<u8>, Vec<u8>) {
+	let mut h_mac = Hmac::new(Sha256::new(), password.as_bytes());
+	let mut derived_key = vec![0u8; KEY_LENGTH];
+	pbkdf2(&mut h_mac, salt, c, &mut derived_key);
+	let derived_right_bits = &derived_key[0..KEY_LENGTH_AES];
+	let derived_left_bits = &derived_key[KEY_LENGTH_AES..KEY_LENGTH];
+	(derived_right_bits.to_vec(), derived_left_bits.to_vec())
+}
+
+pub fn derive_key_scrypt(password: &str, salt: &[u8; 32], n: u32, p: u32, r: u32) -> (Vec<u8>, Vec<u8>) {
+	let mut derived_key = vec![0u8; KEY_LENGTH];
+	let scrypt_params = ScryptParams::new(n.trailing_zeros() as u8, r, p);
+	scrypt(password.as_bytes(), salt, &scrypt_params, &mut derived_key);
+	let derived_right_bits = &derived_key[0..KEY_LENGTH_AES];
+	let derived_left_bits = &derived_key[KEY_LENGTH_AES..KEY_LENGTH];
+	(derived_right_bits.to_vec(), derived_left_bits.to_vec())
+}
+
+pub fn derive_mac(derived_left_bits: &[u8], cipher_text: &[u8]) -> Vec<u8> {
+	let mut mac = vec![0u8; KEY_LENGTH_AES + cipher_text.len()];
+	mac[0..KEY_LENGTH_AES].copy_from_slice(derived_left_bits);
+	mac[KEY_LENGTH_AES..cipher_text.len() + KEY_LENGTH_AES].copy_from_slice(cipher_text);
+	mac
+}
+
+pub trait Keccak256<T> {
+	fn keccak256(&self) -> T where T: Sized;
+}
+
+impl Keccak256<[u8; 32]> for [u8] {
+	fn keccak256(&self) -> [u8; 32] {
+		let mut keccak = Keccak::new_keccak256();
+		let mut result = [0u8; 32];
+		keccak.update(self);
+		keccak.finalize(&mut result);
+		result
+	}
+}
+
+/// AES encryption
+pub mod aes {
+	use rcrypto::blockmodes::CtrMode;
+	use rcrypto::aessafe::AesSafe128Encryptor;
+	use rcrypto::symmetriccipher::{Encryptor, Decryptor};
+	use rcrypto::buffer::{RefReadBuffer, RefWriteBuffer};
+
+	/// Encrypt a message
+	pub fn encrypt(k: &[u8], iv: &[u8], plain: &[u8], dest: &mut [u8]) {
+		let mut encryptor = CtrMode::new(AesSafe128Encryptor::new(k), iv.to_vec());
+		encryptor.encrypt(&mut RefReadBuffer::new(plain), &mut RefWriteBuffer::new(dest), true).expect("Invalid length or padding");
+	}
+
+	/// Decrypt a message
+	pub fn decrypt(k: &[u8], iv: &[u8], encrypted: &[u8], dest: &mut [u8]) {
+		let mut encryptor = CtrMode::new(AesSafe128Encryptor::new(k), iv.to_vec());
+		encryptor.decrypt(&mut RefReadBuffer::new(encrypted), &mut RefWriteBuffer::new(dest), true).expect("Invalid length or padding");
+	}
+}
+

ethstore/src/dir/disk.rs

@@ -0,0 +1,109 @@
+use std::{fs, ffi, io};
+use std::path::{PathBuf, Path};
+use std::collections::HashMap;
+use ethkey::Address;
+use {libc, json, SafeAccount, Error};
+use super::KeyDirectory;
+
+#[cfg(not(windows))]
+fn restrict_permissions_to_owner(file_path: &Path) -> Result<(), i32>  {
+	let cstr = ffi::CString::new(file_path.to_str().unwrap()).unwrap();
+	match unsafe { libc::chmod(cstr.as_ptr(), libc::S_IWUSR | libc::S_IRUSR) } {
+		0 => Ok(()),
+		x => Err(x),
+	}
+}
+
+#[cfg(windows)]
+fn restrict_permissions_to_owner(file_path: &Path) -> Result<(), i32> {
+	Ok(())
+}
+
+pub struct DiskDirectory {
+	path: PathBuf,
+}
+
+impl DiskDirectory {
+	pub fn create<P>(path: P) -> Result<Self, Error> where P: AsRef<Path> {
+		try!(fs::create_dir_all(&path));
+		Ok(Self::at(path))
+	}
+
+	pub fn at<P>(path: P) -> Self where P: AsRef<Path> {
+		DiskDirectory {
+			path: path.as_ref().to_path_buf(),
+		}
+	}
+
+	/// all accounts found in keys directory
+	fn files(&self) -> Result<HashMap<PathBuf, SafeAccount>, Error> {
+		// it's not done using one iterator cause
+		// there is an issue with rustc and it takes tooo much time to compile
+		let paths = try!(fs::read_dir(&self.path))
+			.flat_map(Result::ok)
+			.filter(|entry| {
+				let metadata = entry.metadata();
+				metadata.is_ok() && !metadata.unwrap().is_dir()
+			})
+			.map(|entry| entry.path())
+			.collect::<Vec<PathBuf>>();
+
+		let files: Result<Vec<_>, _> = paths.iter()
+			.map(fs::File::open)
+			.collect();
+
+		let files = try!(files);
+
+		let accounts = files.into_iter()
+			.map(json::KeyFile::load)
+			.zip(paths.into_iter())
+			.filter_map(|(file, path)| file.ok().map(|file| (path, SafeAccount::from(file))))
+			.collect();
+
+		Ok(accounts)
+	}
+}
+
+impl KeyDirectory for DiskDirectory {
+	fn load(&self) -> Result<Vec<SafeAccount>, Error> {
+		let accounts = try!(self.files())
+			.into_iter()
+			.map(|(_, account)| account)
+			.collect();
+		Ok(accounts)
+	}
+
+	fn insert(&self, account: SafeAccount) -> Result<(), Error> {
+		// transform account into key file
+		let keyfile: json::KeyFile = account.into();
+
+		// build file path
+		let mut keyfile_path = self.path.clone();
+		keyfile_path.push(format!("{}", keyfile.id));
+
+		// save the file
+		let mut file = try!(fs::File::create(&keyfile_path));
+		try!(keyfile.write(&mut file).map_err(|e| Error::Custom(format!("{:?}", e))));
+
+		if let Err(_) = restrict_permissions_to_owner(&keyfile_path) {
+			fs::remove_file(&keyfile_path).expect("Expected to remove recently created file");
+			return Err(Error::Io(io::Error::last_os_error()));
+		}
+
+		Ok(())
+	}
+
+	fn remove(&self, address: &Address) -> Result<(), Error> {
+		// enumerate all entries in keystore
+		// and find entry with given address
+		let to_remove = try!(self.files())
+			.into_iter()
+			.find(|&(_, ref account)| &account.address == address);
+
+		// remove it
+		match to_remove {
+			None => Err(Error::InvalidAccount),
+			Some((path, _)) => fs::remove_file(path).map_err(From::from)
+		}
+	}
+}

ethstore/src/dir/geth.rs

@@ -0,0 +1,79 @@
+use std::env;
+use std::path::PathBuf;
+use ethkey::Address;
+use {SafeAccount, Error};
+use super::{KeyDirectory, DiskDirectory, DirectoryType};
+
+#[cfg(target_os = "macos")]
+fn geth_dir_path() -> PathBuf {
+	let mut home = env::home_dir().expect("Failed to get home dir");
+	home.push("Library");
+	home.push("Ethereum");
+	home
+}
+
+#[cfg(windows)]
+/// Default path for ethereum installation on Windows
+pub fn geth_dir_path() -> PathBuf {
+	let mut home = env::home_dir().expect("Failed to get home dir");
+	home.push("AppData");
+	home.push("Roaming");
+	home.push("Ethereum");
+	home
+}
+
+#[cfg(not(any(target_os = "macos", windows)))]
+/// Default path for ethereum installation on posix system which is not Mac OS
+pub fn geth_dir_path() -> PathBuf {
+	let mut home = env::home_dir().expect("Failed to get home dir");
+	home.push(".ethereum");
+	home
+}
+
+fn geth_keystore(t: DirectoryType) -> PathBuf {
+	let mut dir = geth_dir_path();
+	match t {
+		DirectoryType::Testnet => {
+			dir.push("testnet");
+			dir.push("keystore");
+		},
+		DirectoryType::Main => {
+			dir.push("keystore");
+		}
+	}
+	dir
+}
+
+pub struct GethDirectory {
+	dir: DiskDirectory,
+}
+
+impl GethDirectory {
+	pub fn create(t: DirectoryType) -> Result<Self, Error> {
+		let result = GethDirectory {
+			dir: try!(DiskDirectory::create(geth_keystore(t))),
+		};
+
+		Ok(result)
+	}
+
+	pub fn open(t: DirectoryType) -> Self {
+		GethDirectory {
+			dir: DiskDirectory::at(geth_keystore(t)),
+		}
+	}
+}
+
+impl KeyDirectory for GethDirectory {
+	fn load(&self) -> Result<Vec<SafeAccount>, Error> {
+		self.dir.load()
+	}
+
+	fn insert(&self, account: SafeAccount) -> Result<(), Error> {
+		self.dir.insert(account)
+	}
+
+	fn remove(&self, address: &Address) -> Result<(), Error> {
+		self.dir.remove(address)
+	}
+}

ethstore/src/dir/mod.rs

@@ -0,0 +1,21 @@
+use ethkey::Address;
+use {SafeAccount, Error};
+
+mod disk;
+mod geth;
+mod parity;
+
+pub enum DirectoryType {
+	Testnet,
+	Main,
+}
+
+pub trait KeyDirectory: Send + Sync {
+	fn load(&self) -> Result<Vec<SafeAccount>, Error>;
+	fn insert(&self, account: SafeAccount) -> Result<(), Error>;
+	fn remove(&self, address: &Address) -> Result<(), Error>;
+}
+
+pub use self::disk::DiskDirectory;
+pub use self::geth::GethDirectory;
+pub use self::parity::ParityDirectory;

ethstore/src/dir/parity.rs

@@ -0,0 +1,58 @@
+use std::env;
+use std::path::PathBuf;
+use ethkey::Address;
+use {SafeAccount, Error};
+use super::{KeyDirectory, DiskDirectory, DirectoryType};
+
+fn parity_dir_path() -> PathBuf {
+	let mut home = env::home_dir().expect("Failed to get home dir");
+	home.push(".parity");
+	home
+}
+
+fn parity_keystore(t: DirectoryType) -> PathBuf {
+	let mut dir = parity_dir_path();
+	match t {
+		DirectoryType::Testnet => {
+			dir.push("testnet_keys");
+		},
+		DirectoryType::Main => {
+			dir.push("keys");
+		}
+	}
+	dir
+}
+
+pub struct ParityDirectory {
+	dir: DiskDirectory,
+}
+
+impl ParityDirectory {
+	pub fn create(t: DirectoryType) -> Result<Self, Error> {
+		let result = ParityDirectory {
+			dir: try!(DiskDirectory::create(parity_keystore(t))),
+		};
+
+		Ok(result)
+	}
+
+	pub fn open(t: DirectoryType) -> Self {
+		ParityDirectory {
+			dir: DiskDirectory::at(parity_keystore(t)),
+		}
+	}
+}
+
+impl KeyDirectory for ParityDirectory {
+	fn load(&self) -> Result<Vec<SafeAccount>, Error> {
+		self.dir.load()
+	}
+
+	fn insert(&self, account: SafeAccount) -> Result<(), Error> {
+		self.dir.insert(account)
+	}
+
+	fn remove(&self, address: &Address) -> Result<(), Error> {
+		self.dir.remove(address)
+	}
+}

ethstore/src/error.rs

@@ -0,0 +1,42 @@
+use std::fmt;
+use std::io::Error as IoError;
+use ethkey::Error as EthKeyError;
+
+#[derive(Debug)]
+pub enum Error {
+	Io(IoError),
+	InvalidPassword,
+	InvalidSecret,
+	InvalidAccount,
+	CreationFailed,
+	EthKey(EthKeyError),
+	Custom(String),
+}
+
+impl fmt::Display for Error {
+	fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+		let s = match *self {
+			Error::Io(ref err) => format!("{}", err),
+			Error::InvalidPassword => "Invalid password".into(),
+			Error::InvalidSecret => "Invalid secret".into(),
+			Error::InvalidAccount => "Invalid account".into(),
+			Error::CreationFailed => "Account creation failed".into(),
+			Error::EthKey(ref err) => format!("{}", err),
+			Error::Custom(ref s) => s.clone(),
+		};
+
+		write!(f, "{}", s)
+	}
+}
+
+impl From<IoError> for Error {
+	fn from(err: IoError) -> Self {
+		Error::Io(err)
+	}
+}
+
+impl From<EthKeyError> for Error {
+	fn from(err: EthKeyError) -> Self {
+		Error::EthKey(err)
+	}
+}

ethstore/src/ethkey.rs

@@ -0,0 +1,17 @@
+//! ethkey reexport to make documentation look pretty.
+pub use _ethkey::{Address, Message, Signature, Public, Secret, Generator, sign, verify, Error, KeyPair, Random, Prefix};
+use json;
+
+impl Into<json::H160> for Address {
+	fn into(self) -> json::H160 {
+		let a: [u8; 20] = self.into();
+		From::from(a)
+	}
+}
+
+impl From<json::H160> for Address {
+	fn from(json: json::H160) -> Self {
+		let a: [u8; 20] = json.into();
+		From::from(a)
+	}
+}

ethstore/src/ethstore.rs

@@ -0,0 +1,92 @@
+use std::collections::BTreeMap;
+use std::sync::RwLock;
+use ethkey::KeyPair;
+use crypto::KEY_ITERATIONS;
+use random::Random;
+use ethkey::{Signature, Address, Message, Secret};
+use dir::KeyDirectory;
+use account::SafeAccount;
+use {Error, SecretStore};
+
+pub struct EthStore {
+	dir: Box<KeyDirectory>,
+	iterations: u32,
+	cache: RwLock<BTreeMap<Address, SafeAccount>>,
+}
+
+impl EthStore {
+	pub fn open(directory: Box<KeyDirectory>) -> Result<Self, Error> {
+		Self::open_with_iterations(directory, KEY_ITERATIONS as u32)
+	}
+
+	pub fn open_with_iterations(directory: Box<KeyDirectory>, iterations: u32) -> Result<Self, Error> {
+		let accounts = try!(directory.load());
+		let cache = accounts.into_iter().map(|account| (account.address.clone(), account)).collect();
+		let store = EthStore {
+			dir: directory,
+			iterations: iterations,
+			cache: RwLock::new(cache),
+		};
+		Ok(store)
+	}
+
+	fn save(&self, account: SafeAccount) -> Result<(), Error> {
+		// save to file
+		try!(self.dir.insert(account.clone()));
+
+		// update cache
+		let mut cache = self.cache.write().unwrap();
+		cache.insert(account.address.clone(), account);
+		Ok(())
+	}
+}
+
+impl SecretStore for EthStore {
+	fn insert_account(&self, secret: Secret, password: &str) -> Result<Address, Error> {
+		let keypair = try!(KeyPair::from_secret(secret).map_err(|_| Error::CreationFailed));
+		let id: [u8; 16] = Random::random();
+		let account = SafeAccount::create(&keypair, id, password, self.iterations);
+		let address = account.address.clone();
+		try!(self.save(account));
+		Ok(address)
+	}
+
+	fn accounts(&self) -> Vec<Address> {
+		self.cache.read().unwrap().keys().cloned().collect()
+	}
+
+	fn change_password(&self, address: &Address, old_password: &str, new_password: &str) -> Result<(), Error> {
+		// change password
+		let account = {
+			let cache = self.cache.read().unwrap();
+			let account = try!(cache.get(address).ok_or(Error::InvalidAccount));
+			try!(account.change_password(old_password, new_password, self.iterations))
+		};
+
+		// save to file
+		self.save(account)
+	}
+
+	fn remove_account(&self, address: &Address, password: &str) -> Result<(), Error> {
+		let can_remove = {
+			let cache = self.cache.read().unwrap();
+			let account = try!(cache.get(address).ok_or(Error::InvalidAccount));
+			account.check_password(password)
+		};
+
+		if can_remove {
+			try!(self.dir.remove(address));
+			let mut cache = self.cache.write().unwrap();
+			cache.remove(address);
+			Ok(())
+		} else {
+			Err(Error::InvalidPassword)
+		}
+	}
+
+	fn sign(&self, account: &Address, password: &str, message: &Message) -> Result<Signature, Error> {
+		let cache = self.cache.read().unwrap();
+		let account = try!(cache.get(account).ok_or(Error::InvalidAccount));
+		account.sign(password, message)
+	}
+}

ethstore/src/import.rs

@@ -0,0 +1,12 @@
+use ethkey::Address;
+use dir::KeyDirectory;
+use Error;
+
+pub fn import_accounts(src: &KeyDirectory, dst: &KeyDirectory) -> Result<Vec<Address>, Error> {
+	let accounts = try!(src.load());
+	accounts.into_iter().map(|a| {
+		let address = a.address.clone();
+		try!(dst.insert(a));
+		Ok(address)
+	}).collect()
+}

ethstore/src/json/cipher.rs

@@ -0,0 +1,75 @@
+use serde::{Serialize, Serializer, Deserialize, Deserializer, Error as SerdeError};
+use serde::de::Visitor;
+use super::{Error, H128};
+
+#[derive(Debug, PartialEq)]
+pub enum CipherSer {
+	Aes128Ctr,
+}
+
+impl Serialize for CipherSer {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error> 
+	where S: Serializer {
+		match *self {
+			CipherSer::Aes128Ctr => serializer.serialize_str("aes-128-ctr"),
+		}
+	}
+}
+
+impl Deserialize for CipherSer {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		deserializer.deserialize(CipherSerVisitor)
+	}
+}
+
+struct CipherSerVisitor;
+
+impl Visitor for CipherSerVisitor {
+	type Value = CipherSer;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E> where E: SerdeError {
+		match value {
+			"aes-128-ctr" => Ok(CipherSer::Aes128Ctr),
+			_ => Err(SerdeError::custom(Error::UnsupportedCipher))
+		}
+	}
+
+	fn visit_string<E>(&mut self, value: String) -> Result<Self::Value, E> where E: SerdeError {
+		self.visit_str(value.as_ref())
+	}
+}
+
+#[derive(Debug, PartialEq, Serialize, Deserialize)]
+pub struct Aes128Ctr {
+	pub iv: H128,
+}
+
+#[derive(Debug, PartialEq)]
+pub enum CipherSerParams {
+	Aes128Ctr(Aes128Ctr),
+}
+
+impl Serialize for CipherSerParams {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error> 
+	where S: Serializer {
+		match *self {
+			CipherSerParams::Aes128Ctr(ref params) => params.serialize(serializer),
+		}
+	}
+}
+
+impl Deserialize for CipherSerParams {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		Aes128Ctr::deserialize(deserializer)
+			.map(CipherSerParams::Aes128Ctr)
+			.map_err(|_| Error::InvalidCipherParams)
+			.map_err(SerdeError::custom)
+	}
+}
+
+#[derive(Debug, PartialEq)]
+pub enum Cipher {
+	Aes128Ctr(Aes128Ctr),
+}

ethstore/src/json/crypto.rs

@@ -0,0 +1,184 @@
+use serde::{Deserialize, Deserializer, Serialize, Serializer, Error};
+use serde::de::{Visitor, MapVisitor};
+use serde::ser;
+use super::{Cipher, CipherSer, CipherSerParams, Kdf, KdfSer, KdfSerParams, H256};
+
+#[derive(Debug, PartialEq)]
+pub struct Crypto {
+	pub cipher: Cipher,
+	pub ciphertext: H256,
+	pub kdf: Kdf,
+	pub mac: H256,
+}
+
+enum CryptoField {
+	Cipher,
+	CipherParams,
+	CipherText,
+	Kdf,
+	KdfParams,
+	Mac,
+}
+
+impl Deserialize for CryptoField {
+	fn deserialize<D>(deserializer: &mut D) -> Result<CryptoField, D::Error>
+		where D: Deserializer
+	{
+		deserializer.deserialize(CryptoFieldVisitor)
+	}
+}
+
+struct CryptoFieldVisitor;
+
+impl Visitor for CryptoFieldVisitor {
+	type Value = CryptoField;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E>
+		where E: Error
+	{
+		match value {
+			"cipher" => Ok(CryptoField::Cipher),
+			"cipherparams" => Ok(CryptoField::CipherParams),
+			"ciphertext" => Ok(CryptoField::CipherText),
+			"kdf" => Ok(CryptoField::Kdf),
+			"kdfparams" => Ok(CryptoField::KdfParams),
+			"mac" => Ok(CryptoField::Mac),
+			_ => Err(Error::custom(format!("Unknown field: '{}'", value))),
+		}
+	}
+}
+
+impl Deserialize for Crypto {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Crypto, D::Error>
+		where D: Deserializer
+	{
+		static FIELDS: &'static [&'static str] = &["id", "version", "crypto", "Crypto", "address"];
+		deserializer.deserialize_struct("Crypto", FIELDS, CryptoVisitor)
+	}
+}
+
+struct CryptoVisitor;
+
+impl Visitor for CryptoVisitor {
+	type Value = Crypto;
+
+	fn visit_map<V>(&mut self, mut visitor: V) -> Result<Self::Value, V::Error>
+		where V: MapVisitor
+	{
+		let mut cipher = None;
+		let mut cipherparams = None;
+		let mut ciphertext = None;
+		let mut kdf = None;
+		let mut kdfparams = None;
+		let mut mac = None;
+
+		loop {
+			match try!(visitor.visit_key()) {
+				Some(CryptoField::Cipher) => { cipher = Some(try!(visitor.visit_value())); }
+				Some(CryptoField::CipherParams) => { cipherparams = Some(try!(visitor.visit_value())); }
+				Some(CryptoField::CipherText) => { ciphertext = Some(try!(visitor.visit_value())); }
+				Some(CryptoField::Kdf) => { kdf = Some(try!(visitor.visit_value())); }
+				Some(CryptoField::KdfParams) => { kdfparams = Some(try!(visitor.visit_value())); }
+				Some(CryptoField::Mac) => { mac = Some(try!(visitor.visit_value())); }
+				None => { break; }
+			}
+		}
+
+		let cipher = match (cipher, cipherparams) {
+			(Some(CipherSer::Aes128Ctr), Some(CipherSerParams::Aes128Ctr(params))) => Cipher::Aes128Ctr(params),
+			(None, _) => return Err(Error::missing_field("cipher")),
+			(Some(_), None) => return Err(Error::missing_field("cipherparams")),
+		};
+
+		let ciphertext = match ciphertext {
+			Some(ciphertext) => ciphertext,
+			None => try!(visitor.missing_field("ciphertext")),
+		};
+
+		let kdf = match (kdf, kdfparams) {
+			(Some(KdfSer::Pbkdf2), Some(KdfSerParams::Pbkdf2(params))) => Kdf::Pbkdf2(params),
+			(Some(KdfSer::Scrypt), Some(KdfSerParams::Scrypt(params))) => Kdf::Scrypt(params),
+			(Some(_), Some(_)) => return Err(Error::custom("Invalid cipherparams")),
+			(None, _) => return Err(Error::missing_field("kdf")),
+			(Some(_), None) => return Err(Error::missing_field("kdfparams")),
+		};
+
+		let mac = match mac {
+			Some(mac) => mac,
+			None => try!(visitor.missing_field("mac")),
+		};
+
+		try!(visitor.end());
+
+		let result = Crypto {
+			cipher: cipher,
+			ciphertext: ciphertext,
+			kdf: kdf,
+			mac: mac,
+		};
+
+		Ok(result)
+	}
+}
+
+impl Serialize for Crypto {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+		where S: Serializer
+	{
+		serializer.serialize_struct("Crypto", CryptoMapVisitor {
+			value: self,
+			state: 0,
+		})
+	}
+}
+
+struct CryptoMapVisitor<'a> {
+	value: &'a Crypto,
+	state: u8,
+}
+
+impl<'a> ser::MapVisitor for CryptoMapVisitor<'a> {
+	fn visit<S>(&mut self, serializer: &mut S) -> Result<Option<()>, S::Error>
+		where S: Serializer
+	{
+		match self.state {
+			0 => {
+				self.state += 1;
+				match self.value.cipher {
+					Cipher::Aes128Ctr(_) => Ok(Some(try!(serializer.serialize_struct_elt("cipher", &CipherSer::Aes128Ctr)))),
+				}
+			},
+			1 => {
+				self.state += 1;
+				match self.value.cipher {
+					Cipher::Aes128Ctr(ref params) => Ok(Some(try!(serializer.serialize_struct_elt("cipherparams", params)))),
+				}
+			},
+			2 => {
+				self.state += 1;
+				Ok(Some(try!(serializer.serialize_struct_elt("ciphertext", &self.value.ciphertext))))
+			},
+			3 => {
+				self.state += 1;
+				match self.value.kdf {
+					Kdf::Pbkdf2(_) => Ok(Some(try!(serializer.serialize_struct_elt("kdf", &KdfSer::Pbkdf2)))),
+					Kdf::Scrypt(_) => Ok(Some(try!(serializer.serialize_struct_elt("kdf", &KdfSer::Scrypt)))),
+				}
+			},
+			4 => {
+				self.state += 1;
+				match self.value.kdf {
+					Kdf::Pbkdf2(ref params) => Ok(Some(try!(serializer.serialize_struct_elt("kdfparams", params)))),
+					Kdf::Scrypt(ref params) => Ok(Some(try!(serializer.serialize_struct_elt("kdfparams", params)))),
+				}
+			},
+			5 => {
+				self.state += 1;
+				Ok(Some(try!(serializer.serialize_struct_elt("mac", &self.value.mac))))
+			},
+			_ => {
+				Ok(None)
+			}
+		}
+	}
+}

ethstore/src/json/error.rs

@@ -0,0 +1,34 @@
+use std::fmt;
+
+#[derive(Debug, PartialEq)]
+pub enum Error {
+	UnsupportedCipher,
+	InvalidCipherParams,
+	UnsupportedKdf,
+	InvalidUUID,
+	UnsupportedVersion,
+	InvalidCiphertext,
+	InvalidH256,
+	InvalidPrf,
+}
+
+impl fmt::Display for Error {
+	fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+		match *self {
+			Error::InvalidUUID => write!(f, "Invalid UUID"),
+			Error::UnsupportedVersion => write!(f, "Unsupported version"),
+			Error::UnsupportedKdf => write!(f, "Unsupported kdf"),
+			Error::InvalidCiphertext => write!(f, "Invalid ciphertext"),
+			Error::UnsupportedCipher => write!(f, "Unsupported cipher"),
+			Error::InvalidCipherParams => write!(f, "Invalid cipher params"),
+			Error::InvalidH256 => write!(f, "Invalid hash"),
+			Error::InvalidPrf => write!(f, "Invalid prf"),
+		}
+	}
+}
+
+impl Into<String> for Error {
+	fn into(self) -> String {
+		format!("{}", self)
+	}
+}

ethstore/src/json/hash.rs

@@ -0,0 +1,71 @@
+use std::str::FromStr;
+use rustc_serialize::hex::{FromHex, ToHex};
+use serde::{Serialize, Serializer, Deserialize, Deserializer, Error as SerdeError};
+use serde::de::Visitor;
+use super::Error;
+
+macro_rules! impl_hash {
+	($name: ident, $size: expr) => {
+		#[derive(Debug, PartialEq)]
+		pub struct $name([u8; $size]);
+
+		impl Serialize for $name {
+			fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+			where S: Serializer {
+				serializer.serialize_str(&self.0.to_hex())
+			}
+		}
+
+		impl Deserialize for $name {
+			fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+			where D: Deserializer {
+				struct HashVisitor;
+
+				impl Visitor for HashVisitor {
+					type Value = $name;
+
+					fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E> where E: SerdeError {
+						FromStr::from_str(value).map_err(SerdeError::custom)
+					}
+
+					fn visit_string<E>(&mut self, value: String) -> Result<Self::Value, E> where E: SerdeError {
+						self.visit_str(value.as_ref())
+					}
+				}
+
+				deserializer.deserialize(HashVisitor)
+			}
+		}
+
+		impl FromStr for $name {
+			type Err = Error;
+
+			fn from_str(value: &str) -> Result<Self, Self::Err> {
+				match value.from_hex() {
+					Ok(ref hex) if hex.len() == $size => {
+						let mut hash = [0u8; $size];
+						hash.clone_from_slice(hex);
+						Ok($name(hash))
+					}
+					_ => Err(Error::InvalidH256),
+				}
+			}
+		}
+
+		impl From<[u8; $size]> for $name {
+			fn from(bytes: [u8; $size]) -> Self {
+				$name(bytes)
+			}
+		}
+
+		impl Into<[u8; $size]> for $name {
+			fn into(self) -> [u8; $size] {
+				self.0
+			}
+		}
+	}
+}
+
+impl_hash!(H128, 16);
+impl_hash!(H160, 20);
+impl_hash!(H256, 32);

ethstore/src/json/id.rs

@@ -0,0 +1,129 @@
+//! Universaly unique identifier.
+use std::str::FromStr;
+use std::fmt;
+use rustc_serialize::hex::{ToHex, FromHex};
+use serde::{Deserialize, Serialize, Deserializer, Serializer, Error as SerdeError};
+use serde::de::Visitor;
+use super::Error;
+
+/// Universaly unique identifier.
+#[derive(Debug, PartialEq)]
+pub struct UUID([u8; 16]);
+
+impl From<[u8; 16]> for UUID {
+	fn from(uuid: [u8; 16]) -> Self {
+		UUID(uuid)
+	}
+}
+
+impl<'a> Into<String> for &'a UUID {
+	fn into(self) -> String {
+		let d1 = &self.0[0..4];
+		let d2 = &self.0[4..6];
+		let d3 = &self.0[6..8];
+		let d4 = &self.0[8..10];
+		let d5 = &self.0[10..16];
+		[d1, d2, d3, d4, d5].into_iter().map(|d| d.to_hex()).collect::<Vec<String>>().join("-")
+	}
+}
+
+impl Into<String> for UUID {
+	fn into(self) -> String {
+		Into::into(&self)
+	}
+}
+
+impl Into<[u8; 16]> for UUID {
+	fn into(self) -> [u8; 16] {
+		self.0
+	}
+}
+
+impl fmt::Display for UUID {
+	fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
+		let s: String = (self as &UUID).into();
+		write!(f, "{}", s)
+	}
+}
+
+fn copy_into(from: &str, into: &mut [u8]) -> Result<(), Error> {
+	let from = try!(from.from_hex().map_err(|_| Error::InvalidUUID));
+
+	if from.len() != into.len() {
+		return Err(Error::InvalidUUID);
+	}
+
+	into.copy_from_slice(&from);
+	Ok(())
+}
+
+impl FromStr for UUID {
+	type Err = Error;
+
+	fn from_str(s: &str) -> Result<Self, Self::Err> {
+		let parts: Vec<&str> = s.split("-").collect();
+
+		if parts.len() != 5 {
+			return Err(Error::InvalidUUID);
+		}
+
+		let mut uuid = [0u8; 16];
+
+		try!(copy_into(parts[0], &mut uuid[0..4]));
+		try!(copy_into(parts[1], &mut uuid[4..6]));
+		try!(copy_into(parts[2], &mut uuid[6..8]));
+		try!(copy_into(parts[3], &mut uuid[8..10]));
+		try!(copy_into(parts[4], &mut uuid[10..16]));
+
+		Ok(UUID(uuid))
+	}
+}
+
+impl Serialize for UUID {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+	where S: Serializer {
+		let s: String = self.into();
+		serializer.serialize_str(&s)
+	}
+}
+
+impl Deserialize for UUID {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		deserializer.deserialize(UUIDVisitor)
+	}
+}
+
+struct UUIDVisitor;
+
+impl Visitor for UUIDVisitor {
+	type Value = UUID;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E> where E: SerdeError {
+		UUID::from_str(value).map_err(SerdeError::custom)
+	}
+
+	fn visit_string<E>(&mut self, value: String) -> Result<Self::Value, E> where E: SerdeError {
+		self.visit_str(value.as_ref())
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	use std::str::FromStr;
+	use super::UUID;
+
+	#[test]
+	fn uuid_from_str() {
+		let uuid = UUID::from_str("3198bc9c-6672-5ab3-d995-4942343ae5b6").unwrap();
+		assert_eq!(uuid, UUID::from([0x31, 0x98, 0xbc, 0x9c, 0x66, 0x72, 0x5a, 0xb3, 0xd9, 0x95, 0x49, 0x42, 0x34, 0x3a, 0xe5, 0xb6]));
+	}
+
+	#[test]
+	fn uuid_from_and_to_str() {
+		let from = "3198bc9c-6672-5ab3-d995-4942343ae5b6";
+		let uuid = UUID::from_str(from).unwrap();
+		let to: String = uuid.into();
+		assert_eq!(from, &to);
+	}
+}

ethstore/src/json/kdf.rs

@@ -0,0 +1,133 @@
+use serde::{Serialize, Serializer, Deserialize, Deserializer, Error as SerdeError};
+use serde::de::Visitor;
+use serde_json::{Value, value};
+use super::{Error, H256};
+
+#[derive(Debug, PartialEq)]
+pub enum KdfSer {
+	Pbkdf2,
+	Scrypt,
+}
+
+impl Serialize for KdfSer {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+	where S: Serializer {
+		match *self {
+			KdfSer::Pbkdf2 => serializer.serialize_str("pbkdf2"),
+			KdfSer::Scrypt => serializer.serialize_str("scrypt"),
+		}
+	}
+}
+
+impl Deserialize for KdfSer {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		deserializer.deserialize(KdfSerVisitor)
+	}
+}
+
+struct KdfSerVisitor;
+
+impl Visitor for KdfSerVisitor {
+	type Value = KdfSer;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E> where E: SerdeError {
+		match value {
+			"pbkdf2" => Ok(KdfSer::Pbkdf2),
+			"scrypt" => Ok(KdfSer::Scrypt),
+			_ => Err(SerdeError::custom(Error::UnsupportedKdf))
+		}
+	}
+
+	fn visit_string<E>(&mut self, value: String) -> Result<Self::Value, E> where E: SerdeError {
+		self.visit_str(value.as_ref())
+	}
+}
+
+#[derive(Debug, PartialEq)]
+pub enum Prf {
+	HmacSha256,
+}
+
+impl Serialize for Prf {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+	where S: Serializer {
+		match *self {
+			Prf::HmacSha256 => serializer.serialize_str("hmac-sha256"),
+		}
+	}
+}
+
+impl Deserialize for Prf {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		deserializer.deserialize(PrfVisitor)
+	}
+}
+
+struct PrfVisitor;
+
+impl Visitor for PrfVisitor {
+	type Value = Prf;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E> where E: SerdeError {
+		match value {
+			"hmac-sha256" => Ok(Prf::HmacSha256),
+			_ => Err(SerdeError::custom(Error::InvalidPrf)),
+		}
+	}
+
+	fn visit_string<E>(&mut self, value: String) -> Result<Self::Value, E> where E: SerdeError {
+		self.visit_str(value.as_ref())
+	}
+}
+
+#[derive(Debug, PartialEq, Serialize, Deserialize)]
+pub struct Pbkdf2 {
+	pub c: u32,
+	pub dklen: u32,
+	pub prf: Prf,
+	pub salt: H256,
+}
+
+#[derive(Debug, PartialEq, Serialize, Deserialize)]
+pub struct Scrypt {
+	pub dklen: u32,
+	pub p: u32,
+	pub n: u32,
+	pub r: u32,
+	pub salt: H256,
+}
+
+#[derive(Debug, PartialEq)]
+pub enum KdfSerParams {
+	Pbkdf2(Pbkdf2),
+	Scrypt(Scrypt),
+}
+
+impl Serialize for KdfSerParams {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error>
+	where S: Serializer {
+		match *self {
+			KdfSerParams::Pbkdf2(ref params) => params.serialize(serializer),
+			KdfSerParams::Scrypt(ref params) => params.serialize(serializer),
+		}
+	}
+}
+
+impl Deserialize for KdfSerParams {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Self, D::Error>
+	where D: Deserializer {
+		let v = try!(Value::deserialize(deserializer));
+
+		Deserialize::deserialize(&mut value::Deserializer::new(v.clone())).map(KdfSerParams::Pbkdf2)
+			.or_else(|_| Deserialize::deserialize(&mut value::Deserializer::new(v)).map(KdfSerParams::Scrypt))
+			.map_err(|e| D::Error::custom(format!("{}", e)))
+	}
+}
+
+#[derive(Debug, PartialEq)]
+pub enum Kdf {
+	Pbkdf2(Pbkdf2),
+	Scrypt(Scrypt),
+}

ethstore/src/json/key_file.rs

@@ -0,0 +1,255 @@
+use std::io::{Read, Write};
+use serde::{Deserialize, Deserializer, Error};
+use serde::de::{Visitor, MapVisitor};
+use serde_json;
+use super::{UUID, Version, Crypto, H160};
+
+#[derive(Debug, PartialEq, Serialize)]
+pub struct KeyFile {
+	pub id: UUID,
+	pub version: Version,
+	pub crypto: Crypto,
+	pub address: H160,
+}
+
+enum KeyFileField {
+	ID,
+	Version,
+	Crypto,
+	Address,
+}
+
+impl Deserialize for KeyFileField {
+	fn deserialize<D>(deserializer: &mut D) -> Result<KeyFileField, D::Error>
+		where D: Deserializer
+	{
+		deserializer.deserialize(KeyFileFieldVisitor)
+	}
+}
+
+struct KeyFileFieldVisitor;
+
+impl Visitor for KeyFileFieldVisitor {
+	type Value = KeyFileField;
+
+	fn visit_str<E>(&mut self, value: &str) -> Result<Self::Value, E>
+		where E: Error
+	{
+		match value {
+			"id" => Ok(KeyFileField::ID),
+			"version" => Ok(KeyFileField::Version),
+			"crypto" => Ok(KeyFileField::Crypto),
+			"Crypto" => Ok(KeyFileField::Crypto),
+			"address" => Ok(KeyFileField::Address),
+			_ => Err(Error::custom(format!("Unknown field: '{}'", value))),
+		}
+	}
+}
+
+impl Deserialize for KeyFile {
+	fn deserialize<D>(deserializer: &mut D) -> Result<KeyFile, D::Error>
+		where D: Deserializer
+	{
+		static FIELDS: &'static [&'static str] = &["id", "version", "crypto", "Crypto", "address"];
+		deserializer.deserialize_struct("KeyFile", FIELDS, KeyFileVisitor)
+	}
+}
+
+struct KeyFileVisitor;
+
+impl Visitor for KeyFileVisitor {
+	type Value = KeyFile;
+
+	fn visit_map<V>(&mut self, mut visitor: V) -> Result<Self::Value, V::Error>
+		where V: MapVisitor
+	{
+		let mut id = None;
+		let mut version = None;
+		let mut crypto = None;
+		let mut address = None;
+
+		loop {
+			match try!(visitor.visit_key()) {
+				Some(KeyFileField::ID) => { id = Some(try!(visitor.visit_value())); }
+				Some(KeyFileField::Version) => { version = Some(try!(visitor.visit_value())); }
+				Some(KeyFileField::Crypto) => { crypto = Some(try!(visitor.visit_value())); }
+				Some(KeyFileField::Address) => { address = Some(try!(visitor.visit_value())); }
+				None => { break; }
+			}
+		}
+
+		let id = match id {
+			Some(id) => id,
+			None => try!(visitor.missing_field("id")),
+		};
+
+		let version = match version {
+			Some(version) => version,
+			None => try!(visitor.missing_field("version")),
+		};
+
+		let crypto = match crypto {
+			Some(crypto) => crypto,
+			None => try!(visitor.missing_field("crypto")),
+		};
+
+		let address = match address {
+			Some(address) => address,
+			None => try!(visitor.missing_field("address")),
+		};
+
+		try!(visitor.end());
+
+		let result = KeyFile {
+			id: id,
+			version: version,
+			crypto: crypto,
+			address: address,
+		};
+
+		Ok(result)
+	}
+}
+
+impl KeyFile {
+	pub fn load<R>(reader: R) -> Result<Self, serde_json::Error> where R: Read {
+		serde_json::from_reader(reader)
+	}
+
+	pub fn write<W>(&self, writer: &mut W) -> Result<(), serde_json::Error> where W: Write {
+		serde_json::to_writer(writer, self)
+	}
+}
+
+#[cfg(test)]
+mod tests {
+	use std::str::FromStr;
+	use serde_json;
+	use json::{KeyFile, UUID, Version, Crypto, Cipher, Aes128Ctr, Kdf, Scrypt, H128, H160, H256};
+
+	#[test]
+	fn basic_keyfile() {
+		let json = r#"
+		{
+			"address": "6edddfc6349aff20bc6467ccf276c5b52487f7a8",
+			"crypto": {
+				"cipher": "aes-128-ctr",
+				"ciphertext": "7203da0676d141b138cd7f8e1a4365f59cc1aa6978dc5443f364ca943d7cb4bc",
+				"cipherparams": {
+					"iv": "b5a7ec855ec9e2c405371356855fec83"
+				},
+				"kdf": "scrypt",
+				"kdfparams": {
+					"dklen": 32,
+					"n": 262144,
+					"p": 1,
+					"r": 8,
+					"salt": "1e8642fdf1f87172492c1412fc62f8db75d796cdfa9c53c3f2b11e44a2a1b209"
+				},
+				"mac": "46325c5d4e8c991ad2683d525c7854da387138b6ca45068985aa4959fa2b8c8f"
+			},
+			"id": "8777d9f6-7860-4b9b-88b7-0b57ee6b3a73",
+			"version": 3
+		}"#;
+
+		let expected = KeyFile {
+			id: UUID::from_str("8777d9f6-7860-4b9b-88b7-0b57ee6b3a73").unwrap(),
+			version: Version::V3,
+			address: H160::from_str("6edddfc6349aff20bc6467ccf276c5b52487f7a8").unwrap(),
+			crypto: Crypto {
+				cipher: Cipher::Aes128Ctr(Aes128Ctr {
+					iv: H128::from_str("b5a7ec855ec9e2c405371356855fec83").unwrap(),
+				}),
+				ciphertext: H256::from_str("7203da0676d141b138cd7f8e1a4365f59cc1aa6978dc5443f364ca943d7cb4bc").unwrap(),
+				kdf: Kdf::Scrypt(Scrypt {
+					n: 262144,
+					dklen: 32,
+					p: 1,
+					r: 8,
+					salt: H256::from_str("1e8642fdf1f87172492c1412fc62f8db75d796cdfa9c53c3f2b11e44a2a1b209").unwrap(),
+				}),
+				mac: H256::from_str("46325c5d4e8c991ad2683d525c7854da387138b6ca45068985aa4959fa2b8c8f").unwrap(),
+			},
+		};
+
+		let keyfile: KeyFile = serde_json::from_str(json).unwrap();
+		assert_eq!(keyfile, expected);
+	}
+
+	#[test]
+	fn capital_crypto_keyfile() {
+		let json = r#"
+		{
+			"address": "6edddfc6349aff20bc6467ccf276c5b52487f7a8",
+			"Crypto": {
+				"cipher": "aes-128-ctr",
+				"ciphertext": "7203da0676d141b138cd7f8e1a4365f59cc1aa6978dc5443f364ca943d7cb4bc",
+				"cipherparams": {
+					"iv": "b5a7ec855ec9e2c405371356855fec83"
+				},
+				"kdf": "scrypt",
+				"kdfparams": {
+					"dklen": 32,
+					"n": 262144,
+					"p": 1,
+					"r": 8,
+					"salt": "1e8642fdf1f87172492c1412fc62f8db75d796cdfa9c53c3f2b11e44a2a1b209"
+				},
+				"mac": "46325c5d4e8c991ad2683d525c7854da387138b6ca45068985aa4959fa2b8c8f"
+			},
+			"id": "8777d9f6-7860-4b9b-88b7-0b57ee6b3a73",
+			"version": 3
+		}"#;
+
+		let expected = KeyFile {
+			id: UUID::from_str("8777d9f6-7860-4b9b-88b7-0b57ee6b3a73").unwrap(),
+			version: Version::V3,
+			address: H160::from_str("6edddfc6349aff20bc6467ccf276c5b52487f7a8").unwrap(),
+			crypto: Crypto {
+				cipher: Cipher::Aes128Ctr(Aes128Ctr {
+					iv: H128::from_str("b5a7ec855ec9e2c405371356855fec83").unwrap(),
+				}),
+				ciphertext: H256::from_str("7203da0676d141b138cd7f8e1a4365f59cc1aa6978dc5443f364ca943d7cb4bc").unwrap(),
+				kdf: Kdf::Scrypt(Scrypt {
+					n: 262144,
+					dklen: 32,
+					p: 1,
+					r: 8,
+					salt: H256::from_str("1e8642fdf1f87172492c1412fc62f8db75d796cdfa9c53c3f2b11e44a2a1b209").unwrap(),
+				}),
+				mac: H256::from_str("46325c5d4e8c991ad2683d525c7854da387138b6ca45068985aa4959fa2b8c8f").unwrap(),
+			},
+		};
+
+		let keyfile: KeyFile = serde_json::from_str(json).unwrap();
+		assert_eq!(keyfile, expected);
+	}
+
+	#[test]
+	fn to_and_from_json() {
+		let file = KeyFile {
+			id: UUID::from_str("8777d9f6-7860-4b9b-88b7-0b57ee6b3a73").unwrap(),
+			version: Version::V3,
+			address: H160::from_str("6edddfc6349aff20bc6467ccf276c5b52487f7a8").unwrap(),
+			crypto: Crypto {
+				cipher: Cipher::Aes128Ctr(Aes128Ctr {
+					iv: H128::from_str("b5a7ec855ec9e2c405371356855fec83").unwrap(),
+				}),
+				ciphertext: H256::from_str("7203da0676d141b138cd7f8e1a4365f59cc1aa6978dc5443f364ca943d7cb4bc").unwrap(),
+				kdf: Kdf::Scrypt(Scrypt {
+					n: 262144,
+					dklen: 32,
+					p: 1,
+					r: 8,
+					salt: H256::from_str("1e8642fdf1f87172492c1412fc62f8db75d796cdfa9c53c3f2b11e44a2a1b209").unwrap(),
+				}),
+				mac: H256::from_str("46325c5d4e8c991ad2683d525c7854da387138b6ca45068985aa4959fa2b8c8f").unwrap(),
+			},
+		};
+
+		let serialized = serde_json::to_string(&file).unwrap();
+		let deserialized = serde_json::from_str(&serialized).unwrap();
+
+		assert_eq!(file, deserialized);
+	}
+}

ethstore/src/json/mod.rs

@@ -0,0 +1,8 @@
+//! Contract interface specification.
+
+#[cfg(feature = "serde_macros")]
+include!("mod.rs.in");
+
+#[cfg(not(feature = "serde_macros"))]
+include!(concat!(env!("OUT_DIR"), "/mod.rs"));
+

ethstore/src/json/mod.rs.in

@@ -0,0 +1,18 @@
+mod cipher;
+mod crypto;
+mod error;
+mod hash;
+mod id;
+mod kdf;
+mod key_file;
+mod version;
+
+pub use self::cipher::{Cipher, CipherSer, CipherSerParams, Aes128Ctr};
+pub use self::crypto::Crypto;
+pub use self::error::Error;
+pub use self::hash::{H128, H160, H256};
+pub use self::id::UUID;
+pub use self::kdf::{Kdf, KdfSer, Prf, Pbkdf2, Scrypt, KdfSerParams};
+pub use self::key_file::KeyFile;
+pub use self::version::Version;
+

ethstore/src/json/version.rs

@@ -0,0 +1,38 @@
+use serde::{Serialize, Serializer, Deserialize, Deserializer, Error as SerdeError};
+use serde::de::Visitor;
+use super::Error;
+
+#[derive(Debug, PartialEq)]
+pub enum Version {
+	V3,
+}
+
+impl Serialize for Version {
+	fn serialize<S>(&self, serializer: &mut S) -> Result<(), S::Error> 
+	where S: Serializer {
+		match *self {
+			Version::V3 => serializer.serialize_u64(3)
+		}
+	}
+}
+
+impl Deserialize for Version {
+	fn deserialize<D>(deserializer: &mut D) -> Result<Version, D::Error>
+	where D: Deserializer {
+		deserializer.deserialize(VersionVisitor)
+	}
+}
+
+struct VersionVisitor;
+
+impl Visitor for VersionVisitor {
+	type Value = Version;
+
+	fn visit_u64<E>(&mut self, value: u64) -> Result<Self::Value, E> where E: SerdeError {
+		match value {
+			3 => Ok(Version::V3),
+			_ => Err(SerdeError::custom(Error::UnsupportedVersion))
+		}
+	}
+}
+

ethstore/src/lib.rs

@@ -0,0 +1,32 @@
+#![cfg_attr(feature="nightly", feature(custom_derive, plugin))]
+#![cfg_attr(feature="nightly", plugin(serde_macros))]
+
+extern crate libc;
+extern crate rand;
+extern crate serde;
+extern crate serde_json;
+extern crate rustc_serialize;
+extern crate crypto as rcrypto;
+extern crate tiny_keccak;
+// reexport it nicely
+extern crate ethkey as _ethkey;
+
+pub mod dir;
+pub mod ethkey;
+
+mod account;
+mod json;
+mod crypto;
+
+mod error;
+mod ethstore;
+mod import;
+mod random;
+mod secret_store;
+
+pub use self::account::SafeAccount;
+pub use self::error::Error;
+pub use self::ethstore::EthStore;
+pub use self::import::import_accounts;
+pub use self::secret_store::SecretStore;
+

ethstore/src/random.rs

@@ -0,0 +1,23 @@
+use rand::{Rng, OsRng};
+
+pub trait Random {
+	fn random() -> Self where Self: Sized;
+}
+
+impl Random for [u8; 16] {
+	fn random() -> Self {
+		let mut result = [0u8; 16];
+		let mut rng = OsRng::new().unwrap();
+		rng.fill_bytes(&mut result);
+		result
+	}
+}
+
+impl Random for [u8; 32] {
+	fn random() -> Self {
+		let mut result = [0u8; 32];
+		let mut rng = OsRng::new().unwrap();
+		rng.fill_bytes(&mut result);
+		result
+	}
+}

ethstore/src/secret_store.rs

@@ -0,0 +1,15 @@
+use ethkey::{Address, Message, Signature, Secret};
+use Error;
+
+pub trait SecretStore: Send + Sync {
+	fn insert_account(&self, secret: Secret, password: &str) -> Result<Address, Error>;
+
+	fn accounts(&self) -> Vec<Address>;
+
+	fn change_password(&self, account: &Address, old_password: &str, new_password: &str) -> Result<(), Error>;
+
+	fn remove_account(&self, account: &Address, password: &str) -> Result<(), Error>;
+
+	fn sign(&self, account: &Address, password: &str, message: &Message) -> Result<Signature, Error>;
+}
+

ethstore/tests/api.rs

@@ -0,0 +1,72 @@
+extern crate rand;
+extern crate ethstore;
+
+mod util;
+
+use ethstore::{SecretStore, EthStore};
+use ethstore::ethkey::{Random, Generator, Secret};
+use util::TransientDir;
+
+#[test]
+fn secret_store_create() {
+	let dir = TransientDir::create().unwrap();
+	let _ = EthStore::open(Box::new(dir)).unwrap();
+}
+
+#[test]
+#[should_panic]
+fn secret_store_open_not_existing() {
+	let dir = TransientDir::open();
+	let _ = EthStore::open(Box::new(dir)).unwrap();
+}
+
+fn random_secret() -> Secret {
+	Random.generate().unwrap().secret().clone()
+}
+
+#[test]
+fn secret_store_create_account() {
+	let dir = TransientDir::create().unwrap();
+	let store = EthStore::open(Box::new(dir)).unwrap();
+	assert_eq!(store.accounts().len(), 0);
+	assert!(store.insert_account(random_secret(), "").is_ok());
+	assert_eq!(store.accounts().len(), 1);
+	assert!(store.insert_account(random_secret(), "").is_ok());
+	assert_eq!(store.accounts().len(), 2);
+}
+
+#[test]
+fn secret_store_sign() {
+	let dir = TransientDir::create().unwrap();
+	let store = EthStore::open(Box::new(dir)).unwrap();
+	assert!(store.insert_account(random_secret(), "").is_ok());
+	let accounts = store.accounts();
+	assert_eq!(accounts.len(), 1);
+	assert!(store.sign(&accounts[0], "", &Default::default()).is_ok());
+	assert!(store.sign(&accounts[0], "1", &Default::default()).is_err());
+}
+
+#[test]
+fn secret_store_change_password() {
+	let dir = TransientDir::create().unwrap();
+	let store = EthStore::open(Box::new(dir)).unwrap();
+	assert!(store.insert_account(random_secret(), "").is_ok());
+	let accounts = store.accounts();
+	assert_eq!(accounts.len(), 1);
+	assert!(store.sign(&accounts[0], "", &Default::default()).is_ok());
+	assert!(store.change_password(&accounts[0], "", "1").is_ok());
+	assert!(store.sign(&accounts[0], "", &Default::default()).is_err());
+	assert!(store.sign(&accounts[0], "1", &Default::default()).is_ok());
+}
+
+#[test]
+fn secret_store_remove_account() {
+	let dir = TransientDir::create().unwrap();
+	let store = EthStore::open(Box::new(dir)).unwrap();
+	assert!(store.insert_account(random_secret(), "").is_ok());
+	let accounts = store.accounts();
+	assert_eq!(accounts.len(), 1);
+	assert!(store.remove_account(&accounts[0], "").is_ok());
+	assert_eq!(store.accounts().len(), 0);
+	assert!(store.remove_account(&accounts[0], "").is_err());
+}

ethstore/tests/util/mod.rs

@@ -0,0 +1,3 @@
+mod transient_dir;
+
+pub use self::transient_dir::TransientDir;

ethstore/tests/util/transient_dir.rs

@@ -0,0 +1,58 @@
+use std::path::PathBuf;
+use std::{env, fs};
+use rand::{Rng, OsRng};
+use ethstore::dir::{KeyDirectory, DiskDirectory};
+use ethstore::ethkey::Address;
+use ethstore::{Error, SafeAccount};
+
+pub fn random_dir() -> PathBuf {
+	let mut rng = OsRng::new().unwrap();
+	let mut dir = env::temp_dir();
+	dir.push(format!("{:x}-{:x}", rng.next_u64(), rng.next_u64()));
+	dir
+}
+
+pub struct TransientDir {
+	dir: DiskDirectory,
+	path: PathBuf,
+}
+
+impl TransientDir {
+	pub fn create() -> Result<Self, Error> {
+		let path = random_dir();
+		let result = TransientDir {
+			dir: try!(DiskDirectory::create(&path)),
+			path: path,
+		};
+
+		Ok(result)
+	}
+
+	pub fn open() -> Self {
+		let path = random_dir();
+		TransientDir {
+			dir: DiskDirectory::at(&path),
+			path: path,
+		}
+	}
+}
+
+impl Drop for TransientDir {
+	fn drop(&mut self) {
+		fs::remove_dir_all(&self.path).expect("Expected to remove temp dir");
+	}
+}
+
+impl KeyDirectory for TransientDir {
+	fn load(&self) -> Result<Vec<SafeAccount>, Error> {
+		self.dir.load()
+	}
+
+	fn insert(&self, account: SafeAccount) -> Result<(), Error> {
+		self.dir.insert(account)
+	}
+
+	fn remove(&self, address: &Address) -> Result<(), Error> {
+		self.dir.remove(address)
+	}
+}