2019-08-27 13:29:42 +00:00
|
|
|
package keys
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
|
2020-03-03 14:21:42 +00:00
|
|
|
"github.com/nspcc-dev/neo-go/pkg/crypto/hash"
|
|
|
|
"github.com/nspcc-dev/neo-go/pkg/encoding/base58"
|
2018-03-02 15:24:09 +00:00
|
|
|
"golang.org/x/crypto/scrypt"
|
|
|
|
"golang.org/x/text/unicode/norm"
|
|
|
|
)
|
|
|
|
|
2019-08-27 14:47:07 +00:00
|
|
|
// NEP-2 standard implementation for encrypting and decrypting private keys.
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
// NEP-2 specified parameters used for cryptography.
|
|
|
|
const (
|
|
|
|
n = 16384
|
|
|
|
r = 8
|
|
|
|
p = 8
|
|
|
|
keyLen = 64
|
|
|
|
nepFlag = 0xe0
|
|
|
|
)
|
|
|
|
|
|
|
|
var nepHeader = []byte{0x01, 0x42}
|
|
|
|
|
2019-09-03 14:51:37 +00:00
|
|
|
// ScryptParams is a json-serializable container for scrypt KDF parameters.
|
2019-08-27 13:29:42 +00:00
|
|
|
type ScryptParams struct {
|
2018-03-02 15:24:09 +00:00
|
|
|
N int `json:"n"`
|
|
|
|
R int `json:"r"`
|
|
|
|
P int `json:"p"`
|
|
|
|
}
|
|
|
|
|
2019-09-03 14:51:37 +00:00
|
|
|
// NEP2ScryptParams returns scrypt parameters specified in the NEP-2.
|
2019-08-27 13:29:42 +00:00
|
|
|
func NEP2ScryptParams() ScryptParams {
|
|
|
|
return ScryptParams{
|
2018-03-02 15:24:09 +00:00
|
|
|
N: n,
|
|
|
|
R: r,
|
|
|
|
P: p,
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2022-04-20 18:30:09 +00:00
|
|
|
// NEP2Encrypt encrypts a the PrivateKey using the given passphrase
|
2018-03-02 15:24:09 +00:00
|
|
|
// under the NEP-2 standard.
|
2021-06-04 11:27:22 +00:00
|
|
|
func NEP2Encrypt(priv *PrivateKey, passphrase string, params ScryptParams) (s string, err error) {
|
2019-09-05 06:35:02 +00:00
|
|
|
address := priv.Address()
|
2018-03-02 15:24:09 +00:00
|
|
|
|
2019-08-23 15:50:45 +00:00
|
|
|
addrHash := hash.Checksum([]byte(address))
|
2018-03-02 15:24:09 +00:00
|
|
|
// Normalize the passphrase according to the NFC standard.
|
|
|
|
phraseNorm := norm.NFC.Bytes([]byte(passphrase))
|
2021-06-04 11:27:22 +00:00
|
|
|
derivedKey, err := scrypt.Key(phraseNorm, addrHash, params.N, params.R, params.P, keyLen)
|
2018-03-02 15:24:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return s, err
|
|
|
|
}
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(derivedKey)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
derivedKey1 := derivedKey[:32]
|
|
|
|
derivedKey2 := derivedKey[32:]
|
2022-09-01 19:06:18 +00:00
|
|
|
|
|
|
|
privBytes := priv.Bytes()
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(privBytes)
|
2022-09-01 19:06:18 +00:00
|
|
|
xr := xor(privBytes, derivedKey1)
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(xr)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
2019-12-25 08:25:05 +00:00
|
|
|
encrypted, err := aesEncrypt(xr, derivedKey2)
|
2018-03-02 15:24:09 +00:00
|
|
|
if err != nil {
|
|
|
|
return s, err
|
|
|
|
}
|
|
|
|
|
2024-08-26 18:11:40 +00:00
|
|
|
var buf = make([]byte, 0, len(nepHeader)+1+len(addrHash)+len(encrypted))
|
|
|
|
buf = append(buf, nepHeader...)
|
|
|
|
buf = append(buf, nepFlag)
|
|
|
|
buf = append(buf, addrHash...)
|
|
|
|
buf = append(buf, encrypted...)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
2024-08-26 18:11:40 +00:00
|
|
|
return base58.CheckEncode(buf), nil
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
2022-04-20 18:30:09 +00:00
|
|
|
// NEP2Decrypt decrypts an encrypted key using the given passphrase
|
2018-03-02 15:24:09 +00:00
|
|
|
// under the NEP-2 standard.
|
2021-06-04 11:27:22 +00:00
|
|
|
func NEP2Decrypt(key, passphrase string, params ScryptParams) (*PrivateKey, error) {
|
2019-12-25 12:05:54 +00:00
|
|
|
b, err := base58.CheckDecode(key)
|
2018-03-02 15:24:09 +00:00
|
|
|
if err != nil {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, err
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
if err := validateNEP2Format(b); err != nil {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, err
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
addrHash := b[3:7]
|
|
|
|
// Normalize the passphrase according to the NFC standard.
|
|
|
|
phraseNorm := norm.NFC.Bytes([]byte(passphrase))
|
2021-06-04 11:27:22 +00:00
|
|
|
derivedKey, err := scrypt.Key(phraseNorm, addrHash, params.N, params.R, params.P, keyLen)
|
2018-03-02 15:24:09 +00:00
|
|
|
if err != nil {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, err
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(derivedKey)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
derivedKey1 := derivedKey[:32]
|
|
|
|
derivedKey2 := derivedKey[32:]
|
|
|
|
encryptedBytes := b[7:]
|
|
|
|
|
2019-12-25 08:25:05 +00:00
|
|
|
decrypted, err := aesDecrypt(encryptedBytes, derivedKey2)
|
2018-03-02 15:24:09 +00:00
|
|
|
if err != nil {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, err
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(decrypted)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
privBytes := xor(decrypted, derivedKey1)
|
2024-08-23 19:31:03 +00:00
|
|
|
defer clear(privBytes)
|
2018-03-02 15:24:09 +00:00
|
|
|
|
|
|
|
// Rebuild the private key.
|
|
|
|
privKey, err := NewPrivateKeyFromBytes(privBytes)
|
|
|
|
if err != nil {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, err
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !compareAddressHash(privKey, addrHash) {
|
2020-01-09 14:27:12 +00:00
|
|
|
return nil, errors.New("password mismatch")
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
2020-01-09 14:27:12 +00:00
|
|
|
return privKey, nil
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
2019-08-23 15:50:45 +00:00
|
|
|
func compareAddressHash(priv *PrivateKey, inhash []byte) bool {
|
2019-09-05 06:35:02 +00:00
|
|
|
address := priv.Address()
|
2019-08-23 15:50:45 +00:00
|
|
|
addrHash := hash.Checksum([]byte(address))
|
|
|
|
return bytes.Equal(addrHash, inhash)
|
2018-03-02 15:24:09 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func validateNEP2Format(b []byte) error {
|
|
|
|
if len(b) != 39 {
|
|
|
|
return fmt.Errorf("invalid length: expecting 39 got %d", len(b))
|
|
|
|
}
|
|
|
|
if b[0] != 0x01 {
|
|
|
|
return fmt.Errorf("invalid byte sequence: expecting 0x01 got 0x%02x", b[0])
|
|
|
|
}
|
|
|
|
if b[1] != 0x42 {
|
|
|
|
return fmt.Errorf("invalid byte sequence: expecting 0x42 got 0x%02x", b[1])
|
|
|
|
}
|
|
|
|
if b[2] != 0xe0 {
|
|
|
|
return fmt.Errorf("invalid byte sequence: expecting 0xe0 got 0x%02x", b[2])
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func xor(a, b []byte) []byte {
|
|
|
|
if len(a) != len(b) {
|
|
|
|
panic("cannot XOR non equal length arrays")
|
|
|
|
}
|
|
|
|
dst := make([]byte, len(a))
|
2024-08-30 18:41:02 +00:00
|
|
|
for i := range dst {
|
2018-03-02 15:24:09 +00:00
|
|
|
dst[i] = a[i] ^ b[i]
|
|
|
|
}
|
|
|
|
return dst
|
|
|
|
}
|