accounts/keystore, crypto: enforce 256 bit keys on import

This commit is contained in:
Péter Szilágyi 2017-05-23 14:58:03 +03:00
parent 3556962053
commit aa73420207
No known key found for this signature in database
GPG Key ID: E9AE538CEDF8293D
10 changed files with 32 additions and 31 deletions

@ -124,14 +124,13 @@ func (k *Key) UnmarshalJSON(j []byte) (err error) {
if err != nil { if err != nil {
return err return err
} }
privkey, err := crypto.HexToECDSA(keyJSON.PrivateKey)
privkey, err := hex.DecodeString(keyJSON.PrivateKey)
if err != nil { if err != nil {
return err return err
} }
k.Address = common.BytesToAddress(addr) k.Address = common.BytesToAddress(addr)
k.PrivateKey = crypto.ToECDSA(privkey) k.PrivateKey = privkey
return nil return nil
} }

@ -450,7 +450,6 @@ func (ks *KeyStore) ImportECDSA(priv *ecdsa.PrivateKey, passphrase string) (acco
if ks.cache.hasAddress(key.Address) { if ks.cache.hasAddress(key.Address) {
return accounts.Account{}, fmt.Errorf("account already exists") return accounts.Account{}, fmt.Errorf("account already exists")
} }
return ks.importKey(key, passphrase) return ks.importKey(key, passphrase)
} }

@ -182,7 +182,10 @@ func DecryptKey(keyjson []byte, auth string) (*Key, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
key := crypto.ToECDSA(keyBytes) key, err := crypto.ToECDSA(keyBytes)
if err != nil {
return nil, err
}
return &Key{ return &Key{
Id: uuid.UUID(keyId), Id: uuid.UUID(keyId),
Address: crypto.PubkeyToAddress(key.PublicKey), Address: crypto.PubkeyToAddress(key.PublicKey),

@ -46,7 +46,7 @@ func TestKeyEncryptDecrypt(t *testing.T) {
// Decrypt with the correct password // Decrypt with the correct password
key, err := DecryptKey(keyjson, password) key, err := DecryptKey(keyjson, password)
if err != nil { if err != nil {
t.Errorf("test %d: json key failed to decrypt: %v", i, err) t.Fatalf("test %d: json key failed to decrypt: %v", i, err)
} }
if key.Address != address { if key.Address != address {
t.Errorf("test %d: key address mismatch: have %x, want %x", i, key.Address, address) t.Errorf("test %d: key address mismatch: have %x, want %x", i, key.Address, address)

@ -74,7 +74,10 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
return nil, err return nil, err
} }
ethPriv := crypto.Keccak256(plainText) ethPriv := crypto.Keccak256(plainText)
ecKey := crypto.ToECDSA(ethPriv) ecKey, err := crypto.ToECDSA(ethPriv)
if err != nil {
return nil, err
}
key = &Key{ key = &Key{
Id: nil, Id: nil,
Address: crypto.PubkeyToAddress(ecKey.PublicKey), Address: crypto.PubkeyToAddress(ecKey.PublicKey),

@ -79,7 +79,7 @@ func decodeTx(data []byte) (*Transaction, error) {
} }
func defaultTestKey() (*ecdsa.PrivateKey, common.Address) { func defaultTestKey() (*ecdsa.PrivateKey, common.Address) {
key := crypto.ToECDSA(common.Hex2Bytes("45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8")) key, _ := crypto.HexToECDSA("45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8")
addr := crypto.PubkeyToAddress(key.PublicKey) addr := crypto.PubkeyToAddress(key.PublicKey)
return key, addr return key, addr
} }

@ -22,12 +22,14 @@ import (
"crypto/rand" "crypto/rand"
"encoding/hex" "encoding/hex"
"errors" "errors"
"fmt"
"io" "io"
"io/ioutil" "io/ioutil"
"math/big" "math/big"
"os" "os"
"github.com/ethereum/go-ethereum/common" "github.com/ethereum/go-ethereum/common"
"github.com/ethereum/go-ethereum/common/math"
"github.com/ethereum/go-ethereum/crypto/sha3" "github.com/ethereum/go-ethereum/crypto/sha3"
"github.com/ethereum/go-ethereum/rlp" "github.com/ethereum/go-ethereum/rlp"
) )
@ -76,23 +78,22 @@ func CreateAddress(b common.Address, nonce uint64) common.Address {
} }
// ToECDSA creates a private key with the given D value. // ToECDSA creates a private key with the given D value.
func ToECDSA(prv []byte) *ecdsa.PrivateKey { func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
if len(prv) == 0 {
return nil
}
priv := new(ecdsa.PrivateKey) priv := new(ecdsa.PrivateKey)
priv.PublicKey.Curve = S256() priv.PublicKey.Curve = S256()
priv.D = new(big.Int).SetBytes(prv) if 8*len(d) != priv.Params().BitSize {
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(prv) return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
return priv }
priv.D = new(big.Int).SetBytes(d)
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
return priv, nil
} }
func FromECDSA(prv *ecdsa.PrivateKey) []byte { func FromECDSA(prv *ecdsa.PrivateKey) []byte {
if prv == nil { if prv == nil {
return nil return nil
} }
return prv.D.Bytes() return math.PaddedBigBytes(prv.D, 32)
} }
func ToECDSAPub(pub []byte) *ecdsa.PublicKey { func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
@ -116,10 +117,7 @@ func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
if err != nil { if err != nil {
return nil, errors.New("invalid hex string") return nil, errors.New("invalid hex string")
} }
if len(b) != 32 { return ToECDSA(b)
return nil, errors.New("invalid length, need 256 bits")
}
return ToECDSA(b), nil
} }
// LoadECDSA loads a secp256k1 private key from the given file. // LoadECDSA loads a secp256k1 private key from the given file.
@ -139,8 +137,7 @@ func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
if err != nil { if err != nil {
return nil, err return nil, err
} }
return ToECDSA(key)
return ToECDSA(key), nil
} }
// SaveECDSA saves a secp256k1 private key to the given file with // SaveECDSA saves a secp256k1 private key to the given file with

@ -19,7 +19,6 @@ package ethapi
import ( import (
"bytes" "bytes"
"context" "context"
"encoding/hex"
"errors" "errors"
"fmt" "fmt"
"math/big" "math/big"
@ -283,12 +282,11 @@ func fetchKeystore(am *accounts.Manager) *keystore.KeyStore {
// ImportRawKey stores the given hex encoded ECDSA key into the key directory, // ImportRawKey stores the given hex encoded ECDSA key into the key directory,
// encrypting it with the passphrase. // encrypting it with the passphrase.
func (s *PrivateAccountAPI) ImportRawKey(privkey string, password string) (common.Address, error) { func (s *PrivateAccountAPI) ImportRawKey(privkey string, password string) (common.Address, error) {
hexkey, err := hex.DecodeString(privkey) key, err := crypto.HexToECDSA(privkey)
if err != nil { if err != nil {
return common.Address{}, err return common.Address{}, err
} }
acc, err := fetchKeystore(s.am).ImportECDSA(key, password)
acc, err := fetchKeystore(s.am).ImportECDSA(crypto.ToECDSA(hexkey), password)
return acc.Address, err return acc.Address, err
} }

@ -96,7 +96,10 @@ func TestConfigWriteRead(t *testing.T) {
} }
defer os.RemoveAll(tmp) defer os.RemoveAll(tmp)
prvkey := crypto.ToECDSA(common.Hex2Bytes(hexprvkey)) prvkey, err := crypto.HexToECDSA(hexprvkey)
if err != nil {
t.Fatalf("failed to load private key: %v", err)
}
orig, err := NewConfig(tmp, common.Address{}, prvkey, 323) orig, err := NewConfig(tmp, common.Address{}, prvkey, 323)
if err != nil { if err != nil {
t.Fatalf("expected no error, got %v", err) t.Fatalf("expected no error, got %v", err)

@ -18,7 +18,6 @@ package tests
import ( import (
"bytes" "bytes"
"encoding/hex"
"fmt" "fmt"
"math/big" "math/big"
"os" "os"
@ -161,8 +160,8 @@ func NewEVMEnvironment(vmTest bool, chainConfig *params.ChainConfig, statedb *st
origin := common.HexToAddress(tx["caller"]) origin := common.HexToAddress(tx["caller"])
if len(tx["secretKey"]) > 0 { if len(tx["secretKey"]) > 0 {
key, _ := hex.DecodeString(tx["secretKey"]) key, _ := crypto.HexToECDSA(tx["secretKey"])
origin = crypto.PubkeyToAddress(crypto.ToECDSA(key).PublicKey) origin = crypto.PubkeyToAddress(key.PublicKey)
} }
var to *common.Address var to *common.Address