nim-eth/eth/keyfile/keyfile.nim

503 lines
15 KiB
Nim

#
# Ethereum KeyFile
# (c) Copyright 2018
# Status Research & Development GmbH
#
# Licensed under either of
# Apache License, version 2.0, (LICENSE-APACHEv2)
# MIT license (LICENSE-MIT)
{.push raises: [].}
import
std/[strutils, json],
nimcrypto/[bcmode, hmac, rijndael, pbkdf2, sha2, sysrand, utils, keccak, scrypt],
results,
".."/common/[addresses, keys],
./uuid
export results
const
# Version 3 constants
SaltSize = 16
DKLen = 32
MaxDKLen = 128
ScryptR = 1
ScryptP = 8
Pbkdf2WorkFactor = 1_000_000
ScryptWorkFactor = 262_144
type
KeyFileError* = enum
RandomError = "kf: Random generator error"
UuidError = "kf: UUID generator error"
BufferOverrun = "kf: Supplied buffer is too small"
IncorrectDKLen = "kf: `dklen` parameter is 0 or more then MaxDKLen"
MalformedError = "kf: JSON has incorrect structure"
NotImplemented = "kf: Feature is not implemented"
NotSupported = "kf: Feature is not supported"
EmptyMac = "kf: `mac` parameter is zero length or not in hexadecimal form"
EmptyCiphertext = "kf: `ciphertext` parameter is zero length or not in hexadecimal format"
EmptySalt = "kf: `salt` parameter is zero length or not in hexadecimal format"
EmptyIV = "kf: `cipherparams.iv` parameter is zero length or not in hexadecimal format"
IncorrectIV = "kf: Size of IV vector is not equal to cipher block size"
PrfNotSupported = "kf: PRF algorithm for PBKDF2 is not supported"
KdfNotSupported = "kf: KDF algorithm is not supported"
CipherNotSupported = "kf: `cipher` parameter is not supported"
IncorrectMac = "kf: `mac` verification failed"
IncorrectPrivateKey = "kf: incorrect private key"
ScryptBadParam = "kf: bad scrypt's parameters"
OsError = "kf: OS specific error"
JsonError = "kf: JSON encoder/decoder error"
KdfKind* = enum
PBKDF2, ## PBKDF2
SCRYPT ## SCRYPT
HashKind* = enum
HashNoSupport, HashSHA2_224, HashSHA2_256, HashSHA2_384, HashSHA2_512,
HashKECCAK224, HashKECCAK256, HashKECCAK384, HashKECCAK512,
HashSHA3_224, HashSHA3_256, HashSHA3_384, HashSHA3_512
CryptKind* = enum
CipherNoSupport, ## Cipher not supported
AES128CTR ## AES-128-CTR
CipherParams = object
iv: seq[byte]
Cipher = object
kind: CryptKind
params: CipherParams
text: seq[byte]
Crypto = object
kind: KdfKind
cipher: Cipher
kdfParams: JsonNode
mac: seq[byte]
ScryptParams* = object
dklen: int
n, p, r: int
salt: string
Pbkdf2Params* = object
dklen: int
c: int
prf: HashKind
salt: string
DKey = array[DKLen, byte]
KfResult*[T] = Result[T, KeyFileError]
proc mapErrTo[T, E](r: Result[T, E], v: static KeyFileError): KfResult[T] =
r.mapErr(proc (e: E): KeyFileError = v)
const
SupportedHashes = [
"sha224", "sha256", "sha384", "sha512",
"keccak224", "keccak256", "keccak384", "keccak512",
"sha3_224", "sha3_256", "sha3_384", "sha3_512"
]
SupportedHashesKinds = [
HashSHA2_224, HashSHA2_256, HashSHA2_384, HashSHA2_512,
HashKECCAK224, HashKECCAK256, HashKECCAK384, HashKECCAK512,
HashSHA3_224, HashSHA3_256, HashSHA3_384, HashSHA3_512
]
proc `$`(k: KdfKind): string =
case k
of SCRYPT:
result = "scrypt"
else:
result = "pbkdf2"
proc `$`(k: CryptKind): string =
case k
of AES128CTR:
result = "aes-128-ctr"
else:
result = "aes-128-ctr"
proc getPrfHash(prf: string): HashKind =
result = HashNoSupport
let p = prf.toLowerAscii()
if p.startsWith("hmac-"):
var hash = p[5..^1]
var res = SupportedHashes.find(hash)
if res >= 0:
result = SupportedHashesKinds[res]
else:
result = HashNoSupport
proc getCipher(c: string): CryptKind =
var cl = c.toLowerAscii()
if cl == "aes-128-ctr":
result = AES128CTR
else:
result = CipherNoSupport
proc deriveKey(password: string,
salt: string,
kdfkind: KdfKind,
hashkind: HashKind,
workfactor: int): KfResult[DKey] =
if kdfkind == PBKDF2:
var output: DKey
var c = if workfactor == 0: Pbkdf2WorkFactor else: workfactor
case hashkind
of HashSHA2_224:
var ctx: HMAC[sha224]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA2_256:
var ctx: HMAC[sha256]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA2_384:
var ctx: HMAC[sha384]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA2_512:
var ctx: HMAC[sha512]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashKECCAK224:
var ctx: HMAC[keccak224]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashKECCAK256:
var ctx: HMAC[keccak.keccak256]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashKECCAK384:
var ctx: HMAC[keccak384]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashKECCAK512:
var ctx: HMAC[keccak512]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA3_224:
var ctx: HMAC[sha3_224]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA3_256:
var ctx: HMAC[sha3_256]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA3_384:
var ctx: HMAC[sha3_384]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
of HashSHA3_512:
var ctx: HMAC[sha3_512]
discard ctx.pbkdf2(password, salt, c, output)
ok(output)
else:
err(PrfNotSupported)
else:
err(NotImplemented)
func scrypt[T, M](password: openArray[T], salt: openArray[M],
N, r, p: int, output: var openArray[byte]): int =
let (xyvLen, bLen) = scryptCalc(N, r, p)
var xyv = newSeq[uint32](xyvLen)
var b = newSeq[byte](bLen)
scrypt(password, salt, N, r, p, xyv, b, output)
proc deriveKey(password: string, salt: string,
workFactor, r, p: int): KfResult[DKey] =
let wf = if workFactor == 0: ScryptWorkFactor else: workFactor
var output: DKey
if scrypt(password, salt, wf, r, p, output) == 0:
return err(ScryptBadParam)
result = ok(output)
proc encryptKey(seckey: PrivateKey,
cryptkind: CryptKind,
key: openArray[byte],
iv: openArray[byte]): KfResult[array[KeyLength, byte]] =
if cryptkind == AES128CTR:
var crypttext: array[KeyLength, byte]
var ctx: CTR[aes128]
ctx.init(toOpenArray(key, 0, 15), iv)
ctx.encrypt(seckey.toRaw(), crypttext)
ctx.clear()
ok(crypttext)
else:
err(NotImplemented)
proc decryptKey(ciphertext: openArray[byte],
cryptkind: CryptKind,
key: openArray[byte],
iv: openArray[byte]): KfResult[array[KeyLength, byte]] =
if cryptkind == AES128CTR:
if len(iv) != aes128.sizeBlock:
return err(IncorrectIV)
var plaintext: array[KeyLength, byte]
var ctx: CTR[aes128]
ctx.init(toOpenArray(key, 0, 15), iv)
ctx.decrypt(ciphertext, plaintext)
ctx.clear()
ok(plaintext)
else:
err(NotImplemented)
proc kdfParams(kdfkind: KdfKind, salt: string, workfactor: int): KfResult[JsonNode] =
if kdfkind == SCRYPT:
let wf = if workfactor == 0: ScryptWorkFactor else: workfactor
ok(%*
{
"dklen": DKLen,
"n": wf,
"r": ScryptR,
"p": ScryptP,
"salt": salt
}
)
elif kdfkind == PBKDF2:
let wf = if workfactor == 0: Pbkdf2WorkFactor else: workfactor
ok(%*
{
"dklen": DKLen,
"c": wf,
"prf": "hmac-sha256",
"salt": salt
}
)
else:
err(NotImplemented)
proc decodeHex(m: string): seq[byte] =
if len(m) > 0:
try:
result = utils.fromHex(m)
except CatchableError:
result = newSeq[byte]()
else:
result = newSeq[byte]()
proc decodeSalt(m: string): string =
var sarr: seq[byte]
if len(m) > 0:
try:
sarr = utils.fromHex(m)
result = newString(len(sarr))
copyMem(addr result[0], addr sarr[0], len(sarr))
except CatchableError:
result = ""
else:
result = ""
proc compareMac(m1: openArray[byte], m2: openArray[byte]): bool =
if len(m1) == len(m2) and len(m1) > 0:
result = equalMem(unsafeAddr m1[0], unsafeAddr m2[0], len(m1))
proc createKeyFileJson*(seckey: PrivateKey,
password: string,
version: int = 3,
cryptkind: CryptKind = AES128CTR,
kdfkind: KdfKind = PBKDF2,
workfactor: int = 0): KfResult[JsonNode] =
## Create JSON object with keyfile structure.
##
## ``seckey`` - private key, which will be stored
## ``password`` - encryption password
## ``outjson`` - result JSON object
## ``version`` - version of keyfile format (default is 3)
## ``cryptkind`` - algorithm for private key encryption
## (default is AES128-CTR)
## ``kdfkind`` - algorithm for key derivation function (default is PBKDF2)
## ``workfactor`` - Key deriviation function work factor, 0 is to use
## default workfactor.
var iv: array[aes128.sizeBlock, byte]
var salt: array[SaltSize, byte]
var saltstr = newString(SaltSize)
if randomBytes(iv) != aes128.sizeBlock:
return err(RandomError)
if randomBytes(salt) != SaltSize:
return err(RandomError)
copyMem(addr saltstr[0], addr salt[0], SaltSize)
let u = ? uuidGenerate().mapErrTo(UuidError)
let
dkey = case kdfkind
of PBKDF2: ? deriveKey(password, saltstr, kdfkind, HashSHA2_256, workfactor)
of SCRYPT: ? deriveKey(password, saltstr, workfactor, ScryptR, ScryptP)
ciphertext = ? encryptKey(seckey, cryptkind, dkey, iv)
var ctx: keccak256
ctx.init()
ctx.update(toOpenArray(dkey, 16, 31))
ctx.update(ciphertext)
var mac = ctx.finish()
ctx.clear()
let params = ? kdfParams(kdfkind, toHex(salt, true), workfactor)
ok(%*
{
"address": seckey.toPublicKey().to(Address).toHex(),
"crypto": {
"cipher": $cryptkind,
"cipherparams": {
"iv": toHex(iv, true)
},
"ciphertext": toHex(ciphertext, true),
"kdf": $kdfkind,
"kdfparams": params,
"mac": toHex(mac.data, true),
},
"id": $u,
"version": version
}
)
proc decodeCrypto(n: JsonNode): KfResult[Crypto] =
var crypto = n.getOrDefault("crypto")
if isNil(crypto):
return err(MalformedError)
var kdf = crypto.getOrDefault("kdf")
if isNil(kdf):
return err(MalformedError)
var c: Crypto
case kdf.getStr()
of "pbkdf2": c.kind = PBKDF2
of "scrypt": c.kind = SCRYPT
else: return err(KdfNotSupported)
var cipherparams = crypto.getOrDefault("cipherparams")
if isNil(cipherparams):
return err(MalformedError)
c.cipher.kind = getCipher(crypto.getOrDefault("cipher").getStr())
c.cipher.params.iv = decodeHex(cipherparams.getOrDefault("iv").getStr())
c.cipher.text = decodeHex(crypto.getOrDefault("ciphertext").getStr())
c.mac = decodeHex(crypto.getOrDefault("mac").getStr())
c.kdfParams = crypto.getOrDefault("kdfparams")
if c.cipher.kind == CipherNoSupport:
return err(CipherNotSupported)
if len(c.cipher.text) == 0:
return err(EmptyCiphertext)
if len(c.cipher.text) != KeyLength:
return err(IncorrectPrivateKey)
if len(c.mac) == 0:
return err(EmptyMac)
if isNil(c.kdfParams):
return err(MalformedError)
result = ok(c)
proc decodePbkdf2Params(params: JsonNode): KfResult[Pbkdf2Params] =
var p: Pbkdf2Params
p.salt = decodeSalt(params.getOrDefault("salt").getStr())
if len(p.salt) == 0:
return err(EmptySalt)
p.dklen = params.getOrDefault("dklen").getInt()
p.c = params.getOrDefault("c").getInt()
p.prf = getPrfHash(params.getOrDefault("prf").getStr())
if p.prf == HashNoSupport:
return err(PrfNotSupported)
if p.dklen == 0 or p.dklen > MaxDKLen:
return err(IncorrectDKLen)
result = ok(p)
proc decodeScryptParams(params: JsonNode): KfResult[ScryptParams] =
var p: ScryptParams
p.salt = decodeSalt(params.getOrDefault("salt").getStr())
if len(p.salt) == 0:
return err(EmptySalt)
p.dklen = params.getOrDefault("dklen").getInt()
p.n = params.getOrDefault("n").getInt()
p.p = params.getOrDefault("p").getInt()
p.r = params.getOrDefault("r").getInt()
if p.dklen == 0 or p.dklen > MaxDKLen:
return err(IncorrectDKLen)
result = ok(p)
func decryptPrivateKey(crypto: Crypto, dkey: DKey): KfResult[PrivateKey] =
var ctx: keccak256
ctx.init()
ctx.update(toOpenArray(dkey, 16, 31))
ctx.update(crypto.cipher.text)
var mac = ctx.finish()
if not compareMac(mac.data, crypto.mac):
return err(IncorrectMac)
let plaintext = ? decryptKey(crypto.cipher.text, crypto.cipher.kind, dkey, crypto.cipher.params.iv)
PrivateKey.fromRaw(plaintext).mapErrTo(IncorrectPrivateKey)
proc decodeKeyFileJson*(j: JsonNode,
password: string): KfResult[PrivateKey] =
## Decode private key into ``seckey`` from keyfile json object ``j`` using
## password string ``password``.
let res = decodeCrypto(j)
if res.isErr:
return err(res.error)
let crypto = res.get()
case crypto.kind
of PBKDF2:
let res = decodePbkdf2Params(crypto.kdfParams)
if res.isErr:
return err(res.error)
let params = res.get()
let dkey = ? deriveKey(password, params.salt, PBKDF2, params.prf, params.c)
result = decryptPrivateKey(crypto, dkey)
of SCRYPT:
let res = decodeScryptParams(crypto.kdfParams)
if res.isErr:
return err(res.error)
let params = res.get()
let dkey = ? deriveKey(password, params.salt, params.n, params.r, params.p)
result = decryptPrivateKey(crypto, dkey)
proc loadKeyFile*(pathname: string,
password: string): KfResult[PrivateKey] =
## Load and decode private key ``seckey`` from file with pathname
## ``pathname``, using password string ``password``.
var data: JsonNode
try:
data = json.parseFile(pathname)
except JsonParsingError:
return err(JsonError)
except Exception:
# json parseFile also raises IOError, ValueError and raw Exception
return err(OsError)
decodeKeyFileJson(data, password)
proc saveKeyFile*(pathname: string,
jobject: JsonNode): KfResult[void] =
## Save JSON object ``jobject`` to file with pathname ``pathname``.
var
f: File
if not f.open(pathname, fmWrite):
return err(OsError)
try:
f.write($jobject)
ok()
except CatchableError:
err(OsError)
finally:
f.close()