accounts/keystore, crypto: enforce 256 bit keys on import
This commit is contained in:
parent
3556962053
commit
aa73420207
@ -124,14 +124,13 @@ func (k *Key) UnmarshalJSON(j []byte) (err error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
privkey, err := crypto.HexToECDSA(keyJSON.PrivateKey)
|
||||||
privkey, err := hex.DecodeString(keyJSON.PrivateKey)
|
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
k.Address = common.BytesToAddress(addr)
|
k.Address = common.BytesToAddress(addr)
|
||||||
k.PrivateKey = crypto.ToECDSA(privkey)
|
k.PrivateKey = privkey
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
@ -450,7 +450,6 @@ func (ks *KeyStore) ImportECDSA(priv *ecdsa.PrivateKey, passphrase string) (acco
|
|||||||
if ks.cache.hasAddress(key.Address) {
|
if ks.cache.hasAddress(key.Address) {
|
||||||
return accounts.Account{}, fmt.Errorf("account already exists")
|
return accounts.Account{}, fmt.Errorf("account already exists")
|
||||||
}
|
}
|
||||||
|
|
||||||
return ks.importKey(key, passphrase)
|
return ks.importKey(key, passphrase)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,7 +182,10 @@ func DecryptKey(keyjson []byte, auth string) (*Key, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
key := crypto.ToECDSA(keyBytes)
|
key, err := crypto.ToECDSA(keyBytes)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
return &Key{
|
return &Key{
|
||||||
Id: uuid.UUID(keyId),
|
Id: uuid.UUID(keyId),
|
||||||
Address: crypto.PubkeyToAddress(key.PublicKey),
|
Address: crypto.PubkeyToAddress(key.PublicKey),
|
||||||
|
@ -46,7 +46,7 @@ func TestKeyEncryptDecrypt(t *testing.T) {
|
|||||||
// Decrypt with the correct password
|
// Decrypt with the correct password
|
||||||
key, err := DecryptKey(keyjson, password)
|
key, err := DecryptKey(keyjson, password)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Errorf("test %d: json key failed to decrypt: %v", i, err)
|
t.Fatalf("test %d: json key failed to decrypt: %v", i, err)
|
||||||
}
|
}
|
||||||
if key.Address != address {
|
if key.Address != address {
|
||||||
t.Errorf("test %d: key address mismatch: have %x, want %x", i, key.Address, address)
|
t.Errorf("test %d: key address mismatch: have %x, want %x", i, key.Address, address)
|
||||||
|
@ -74,7 +74,10 @@ func decryptPreSaleKey(fileContent []byte, password string) (key *Key, err error
|
|||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
ethPriv := crypto.Keccak256(plainText)
|
ethPriv := crypto.Keccak256(plainText)
|
||||||
ecKey := crypto.ToECDSA(ethPriv)
|
ecKey, err := crypto.ToECDSA(ethPriv)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
key = &Key{
|
key = &Key{
|
||||||
Id: nil,
|
Id: nil,
|
||||||
Address: crypto.PubkeyToAddress(ecKey.PublicKey),
|
Address: crypto.PubkeyToAddress(ecKey.PublicKey),
|
||||||
|
@ -79,7 +79,7 @@ func decodeTx(data []byte) (*Transaction, error) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func defaultTestKey() (*ecdsa.PrivateKey, common.Address) {
|
func defaultTestKey() (*ecdsa.PrivateKey, common.Address) {
|
||||||
key := crypto.ToECDSA(common.Hex2Bytes("45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8"))
|
key, _ := crypto.HexToECDSA("45a915e4d060149eb4365960e6a7a45f334393093061116b197e3240065ff2d8")
|
||||||
addr := crypto.PubkeyToAddress(key.PublicKey)
|
addr := crypto.PubkeyToAddress(key.PublicKey)
|
||||||
return key, addr
|
return key, addr
|
||||||
}
|
}
|
||||||
|
@ -22,12 +22,14 @@ import (
|
|||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"encoding/hex"
|
"encoding/hex"
|
||||||
"errors"
|
"errors"
|
||||||
|
"fmt"
|
||||||
"io"
|
"io"
|
||||||
"io/ioutil"
|
"io/ioutil"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
|
|
||||||
"github.com/ethereum/go-ethereum/common"
|
"github.com/ethereum/go-ethereum/common"
|
||||||
|
"github.com/ethereum/go-ethereum/common/math"
|
||||||
"github.com/ethereum/go-ethereum/crypto/sha3"
|
"github.com/ethereum/go-ethereum/crypto/sha3"
|
||||||
"github.com/ethereum/go-ethereum/rlp"
|
"github.com/ethereum/go-ethereum/rlp"
|
||||||
)
|
)
|
||||||
@ -76,23 +78,22 @@ func CreateAddress(b common.Address, nonce uint64) common.Address {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// ToECDSA creates a private key with the given D value.
|
// ToECDSA creates a private key with the given D value.
|
||||||
func ToECDSA(prv []byte) *ecdsa.PrivateKey {
|
func ToECDSA(d []byte) (*ecdsa.PrivateKey, error) {
|
||||||
if len(prv) == 0 {
|
|
||||||
return nil
|
|
||||||
}
|
|
||||||
|
|
||||||
priv := new(ecdsa.PrivateKey)
|
priv := new(ecdsa.PrivateKey)
|
||||||
priv.PublicKey.Curve = S256()
|
priv.PublicKey.Curve = S256()
|
||||||
priv.D = new(big.Int).SetBytes(prv)
|
if 8*len(d) != priv.Params().BitSize {
|
||||||
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(prv)
|
return nil, fmt.Errorf("invalid length, need %d bits", priv.Params().BitSize)
|
||||||
return priv
|
}
|
||||||
|
priv.D = new(big.Int).SetBytes(d)
|
||||||
|
priv.PublicKey.X, priv.PublicKey.Y = priv.PublicKey.Curve.ScalarBaseMult(d)
|
||||||
|
return priv, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func FromECDSA(prv *ecdsa.PrivateKey) []byte {
|
func FromECDSA(prv *ecdsa.PrivateKey) []byte {
|
||||||
if prv == nil {
|
if prv == nil {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
return prv.D.Bytes()
|
return math.PaddedBigBytes(prv.D, 32)
|
||||||
}
|
}
|
||||||
|
|
||||||
func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
|
func ToECDSAPub(pub []byte) *ecdsa.PublicKey {
|
||||||
@ -116,10 +117,7 @@ func HexToECDSA(hexkey string) (*ecdsa.PrivateKey, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, errors.New("invalid hex string")
|
return nil, errors.New("invalid hex string")
|
||||||
}
|
}
|
||||||
if len(b) != 32 {
|
return ToECDSA(b)
|
||||||
return nil, errors.New("invalid length, need 256 bits")
|
|
||||||
}
|
|
||||||
return ToECDSA(b), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// LoadECDSA loads a secp256k1 private key from the given file.
|
// LoadECDSA loads a secp256k1 private key from the given file.
|
||||||
@ -139,8 +137,7 @@ func LoadECDSA(file string) (*ecdsa.PrivateKey, error) {
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
return ToECDSA(key)
|
||||||
return ToECDSA(key), nil
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// SaveECDSA saves a secp256k1 private key to the given file with
|
// SaveECDSA saves a secp256k1 private key to the given file with
|
||||||
|
@ -19,7 +19,6 @@ package ethapi
|
|||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"context"
|
"context"
|
||||||
"encoding/hex"
|
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
@ -283,12 +282,11 @@ func fetchKeystore(am *accounts.Manager) *keystore.KeyStore {
|
|||||||
// ImportRawKey stores the given hex encoded ECDSA key into the key directory,
|
// ImportRawKey stores the given hex encoded ECDSA key into the key directory,
|
||||||
// encrypting it with the passphrase.
|
// encrypting it with the passphrase.
|
||||||
func (s *PrivateAccountAPI) ImportRawKey(privkey string, password string) (common.Address, error) {
|
func (s *PrivateAccountAPI) ImportRawKey(privkey string, password string) (common.Address, error) {
|
||||||
hexkey, err := hex.DecodeString(privkey)
|
key, err := crypto.HexToECDSA(privkey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return common.Address{}, err
|
return common.Address{}, err
|
||||||
}
|
}
|
||||||
|
acc, err := fetchKeystore(s.am).ImportECDSA(key, password)
|
||||||
acc, err := fetchKeystore(s.am).ImportECDSA(crypto.ToECDSA(hexkey), password)
|
|
||||||
return acc.Address, err
|
return acc.Address, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -96,7 +96,10 @@ func TestConfigWriteRead(t *testing.T) {
|
|||||||
}
|
}
|
||||||
defer os.RemoveAll(tmp)
|
defer os.RemoveAll(tmp)
|
||||||
|
|
||||||
prvkey := crypto.ToECDSA(common.Hex2Bytes(hexprvkey))
|
prvkey, err := crypto.HexToECDSA(hexprvkey)
|
||||||
|
if err != nil {
|
||||||
|
t.Fatalf("failed to load private key: %v", err)
|
||||||
|
}
|
||||||
orig, err := NewConfig(tmp, common.Address{}, prvkey, 323)
|
orig, err := NewConfig(tmp, common.Address{}, prvkey, 323)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Fatalf("expected no error, got %v", err)
|
t.Fatalf("expected no error, got %v", err)
|
||||||
|
@ -18,7 +18,6 @@ package tests
|
|||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
"bytes"
|
||||||
"encoding/hex"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"math/big"
|
"math/big"
|
||||||
"os"
|
"os"
|
||||||
@ -161,8 +160,8 @@ func NewEVMEnvironment(vmTest bool, chainConfig *params.ChainConfig, statedb *st
|
|||||||
|
|
||||||
origin := common.HexToAddress(tx["caller"])
|
origin := common.HexToAddress(tx["caller"])
|
||||||
if len(tx["secretKey"]) > 0 {
|
if len(tx["secretKey"]) > 0 {
|
||||||
key, _ := hex.DecodeString(tx["secretKey"])
|
key, _ := crypto.HexToECDSA(tx["secretKey"])
|
||||||
origin = crypto.PubkeyToAddress(crypto.ToECDSA(key).PublicKey)
|
origin = crypto.PubkeyToAddress(key.PublicKey)
|
||||||
}
|
}
|
||||||
|
|
||||||
var to *common.Address
|
var to *common.Address
|
||||||
|
Loading…
Reference in New Issue
Block a user